From ee7fc79d49cd6d8f2985809585d1675c8e2ed376 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Piotr=20M=C5=9Bcichowski?= Date: Wed, 20 Apr 2022 01:53:46 +0200 Subject: [PATCH 001/411] feat: add support for netID provider (#2394) --- embedx/config.schema.json | 3 +- selfservice/strategy/oidc/provider_config.go | 2 + selfservice/strategy/oidc/provider_netid.go | 96 +++++++++++++++++++ .../oidc/provider_private_net_test.go | 1 + 4 files changed, 101 insertions(+), 1 deletion(-) create mode 100644 selfservice/strategy/oidc/provider_netid.go diff --git a/embedx/config.schema.json b/embedx/config.schema.json index d9b3129d9ee3..270936e4b932 100644 --- a/embedx/config.schema.json +++ b/embedx/config.schema.json @@ -339,7 +339,8 @@ "vk", "yandex", "apple", - "spotify" + "spotify", + "netid" ], "examples": [ "google" diff --git a/selfservice/strategy/oidc/provider_config.go b/selfservice/strategy/oidc/provider_config.go index f0f48660e76e..a321a3870e92 100644 --- a/selfservice/strategy/oidc/provider_config.go +++ b/selfservice/strategy/oidc/provider_config.go @@ -150,6 +150,8 @@ func (c ConfigurationCollection) Provider(id string, reg dependencies) (Provider return NewProviderApple(&p, reg), nil case addProviderName("spotify"): return NewProviderSpotify(&p, reg), nil + case addProviderName("netid"): + return NewProviderNetID(&p, reg), nil } return nil, errors.Errorf("provider type %s is not supported, supported are: %v", p.Provider, providerNames) } diff --git a/selfservice/strategy/oidc/provider_netid.go b/selfservice/strategy/oidc/provider_netid.go new file mode 100644 index 000000000000..3587ef158243 --- /dev/null +++ b/selfservice/strategy/oidc/provider_netid.go @@ -0,0 +1,96 @@ +package oidc + +import ( + "context" + "encoding/json" + "net/url" + + "github.com/hashicorp/go-retryablehttp" + "github.com/pkg/errors" + "golang.org/x/oauth2" + + "github.com/ory/x/urlx" + + "github.com/ory/herodot" + "github.com/ory/x/httpx" +) + +const ( + defaultBrokerScheme = "https" + defaultBrokerHost = "broker.netid.de" +) + +type ProviderNetID struct { + *ProviderGenericOIDC +} + +func NewProviderNetID( + config *Configuration, + reg dependencies, +) *ProviderNetID { + return &ProviderNetID{ + ProviderGenericOIDC: &ProviderGenericOIDC{ + config: config, + reg: reg, + }, + } +} + +func (n *ProviderNetID) OAuth2(ctx context.Context) (*oauth2.Config, error) { + return n.oAuth2(ctx) +} + +func (n *ProviderNetID) oAuth2(ctx context.Context) (*oauth2.Config, error) { + u := n.brokerURL() + + authURL := urlx.AppendPaths(u, "/authorize") + tokenURL := urlx.AppendPaths(u, "/token") + + return &oauth2.Config{ + ClientID: n.config.ClientID, + ClientSecret: n.config.ClientSecret, + Endpoint: oauth2.Endpoint{ + AuthURL: authURL.String(), + TokenURL: tokenURL.String(), + }, + Scopes: n.config.Scope, + RedirectURL: n.config.Redir(n.reg.Config(ctx).OIDCRedirectURIBase()), + }, nil + +} + +func (n *ProviderNetID) Claims(ctx context.Context, exchange *oauth2.Token) (*Claims, error) { + o, err := n.OAuth2(ctx) + if err != nil { + return nil, errors.WithStack(herodot.ErrInternalServerError.WithReasonf("%s", err)) + } + + client := n.reg.HTTPClient(ctx, httpx.ResilientClientDisallowInternalIPs(), httpx.ResilientClientWithClient(o.Client(ctx, exchange))) + + u := n.brokerURL() + if err != nil { + return nil, errors.WithStack(herodot.ErrInternalServerError.WithReasonf("%s", err)) + } + userInfoURL := urlx.AppendPaths(u, "/userinfo") + req, err := retryablehttp.NewRequest("GET", userInfoURL.String(), nil) + if err != nil { + return nil, errors.WithStack(herodot.ErrInternalServerError.WithReasonf("%s", err)) + } + + resp, err := client.Do(req) + if err != nil { + return nil, errors.WithStack(herodot.ErrInternalServerError.WithReasonf("%s", err)) + } + defer resp.Body.Close() + + var claims Claims + if err := json.NewDecoder(resp.Body).Decode(&claims); err != nil { + return nil, errors.WithStack(herodot.ErrInternalServerError.WithReasonf("%s", err)) + } + + return &claims, nil +} + +func (n *ProviderNetID) brokerURL() *url.URL { + return &url.URL{Scheme: defaultBrokerScheme, Host: defaultBrokerHost} +} diff --git a/selfservice/strategy/oidc/provider_private_net_test.go b/selfservice/strategy/oidc/provider_private_net_test.go index a18e0bd991bc..caa4d0ff961a 100644 --- a/selfservice/strategy/oidc/provider_private_net_test.go +++ b/selfservice/strategy/oidc/provider_private_net_test.go @@ -71,6 +71,7 @@ func TestProviderPrivateIP(t *testing.T) { // Spotify uses a fixed token URL and does not use the issuer. // VK uses a fixed token URL and does not use the issuer. // Yandex uses a fixed token URL and does not use the issuer. + // NetID uses a fixed token URL and does not use the issuer. } { t.Run(fmt.Sprintf("case=%d", k), func(t *testing.T) { p := tc.p(tc.c) From 16056034982557fd3eecbe7e2fdebfdc69af51aa Mon Sep 17 00:00:00 2001 From: Antoine Beyet Date: Wed, 20 Apr 2022 15:35:44 +0200 Subject: [PATCH 002/411] chore: Fix typo in README (#2411) --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 999c5b71679f..759b46af1db2 100644 --- a/README.md +++ b/README.md @@ -33,7 +33,7 @@ Ory Cloud has easy examples, administrative user interfaces, hosted pages (e.g. ### :mega: Community gets Ory Cloud for Free! :mega: -Ory community members get the Ory Cloud Start Up plan **free for six months**, with all quality-of-life features available, such as custom domains and giving your team members access. [Sign up with your GitHub account](https://console.ory.sh/registration?preferred_plan=start-up&utm_source=github&utm_medium=banner&utm_campaign=kratos-readme-first900) and use the coupon code **`FIRST900`** on the *"Start-Up Plan"* checkout page to calim your free project now! Make sure to be signed up to the [Ory Community Slack](https://slack.ory.sh) when using the code! +Ory community members get the Ory Cloud Start Up plan **free for six months**, with all quality-of-life features available, such as custom domains and giving your team members access. [Sign up with your GitHub account](https://console.ory.sh/registration?preferred_plan=start-up&utm_source=github&utm_medium=banner&utm_campaign=kratos-readme-first900) and use the coupon code **`FIRST900`** on the *"Start-Up Plan"* checkout page to claim your free project now! Make sure to be signed up to the [Ory Community Slack](https://slack.ory.sh) when using the code! From 638d45caf480b7287c9762cbf3c593217f40e3e8 Mon Sep 17 00:00:00 2001 From: hackerman <3372410+aeneasr@users.noreply.github.com> Date: Wed, 20 Apr 2022 12:20:14 -0500 Subject: [PATCH 003/411] fix: remove required legacy field (#2410) --- selfservice/strategy/password/types.go | 2 -- 1 file changed, 2 deletions(-) diff --git a/selfservice/strategy/password/types.go b/selfservice/strategy/password/types.go index 49209c0dbbaf..69e7606ca0c3 100644 --- a/selfservice/strategy/password/types.go +++ b/selfservice/strategy/password/types.go @@ -23,8 +23,6 @@ type submitSelfServiceLoginFlowWithPasswordMethodBody struct { // Identifier is the email or username of the user trying to log in. // This field is deprecated! - // - // required: true LegacyIdentifier string `json:"password_identifier"` // Identifier is the email or username of the user trying to log in. From db638cd3bb1fdb5688d1acc44045dd94595d5e77 Mon Sep 17 00:00:00 2001 From: ory-bot <60093411+ory-bot@users.noreply.github.com> Date: Wed, 20 Apr 2022 17:21:48 +0000 Subject: [PATCH 004/411] autogen(openapi): regenerate swagger spec and internal client [skip ci] --- internal/httpclient/api/openapi.yaml | 1 - .../docs/SubmitSelfServiceLoginFlowBody.md | 9 +++-- ...fServiceLoginFlowWithPasswordMethodBody.md | 9 +++-- ...ce_login_flow_with_password_method_body.go | 33 +++++++++++-------- spec/api.json | 1 - spec/swagger.json | 1 - 6 files changed, 34 insertions(+), 20 deletions(-) diff --git a/internal/httpclient/api/openapi.yaml b/internal/httpclient/api/openapi.yaml index 4a3feb650f3b..e0561cbb757a 100644 --- a/internal/httpclient/api/openapi.yaml +++ b/internal/httpclient/api/openapi.yaml @@ -4348,7 +4348,6 @@ components: - identifier - method - password - - password_identifier title: submitSelfServiceLoginFlowWithPasswordMethodBody is used to decode the login form payload. type: object diff --git a/internal/httpclient/docs/SubmitSelfServiceLoginFlowBody.md b/internal/httpclient/docs/SubmitSelfServiceLoginFlowBody.md index a47b6ae06629..7a9425d96449 100644 --- a/internal/httpclient/docs/SubmitSelfServiceLoginFlowBody.md +++ b/internal/httpclient/docs/SubmitSelfServiceLoginFlowBody.md @@ -8,7 +8,7 @@ Name | Type | Description | Notes **Identifier** | **string** | Identifier is the email or username of the user trying to log in. This field is only required when using WebAuthn for passwordless login. When using WebAuthn for multi-factor authentication, it is not needed. | **Method** | **string** | Method should be set to \"lookup_secret\" when logging in using the lookup_secret strategy. | **Password** | **string** | The user's password. | -**PasswordIdentifier** | **string** | Identifier is the email or username of the user trying to log in. This field is deprecated! | +**PasswordIdentifier** | Pointer to **string** | Identifier is the email or username of the user trying to log in. This field is deprecated! | [optional] **Provider** | **string** | The provider to register with | **Traits** | Pointer to **map[string]interface{}** | The identity traits. This is a placeholder for the registration flow. | [optional] **TotpCode** | **string** | The TOTP code. | @@ -19,7 +19,7 @@ Name | Type | Description | Notes ### NewSubmitSelfServiceLoginFlowBody -`func NewSubmitSelfServiceLoginFlowBody(identifier string, method string, password string, passwordIdentifier string, provider string, totpCode string, lookupSecret string, ) *SubmitSelfServiceLoginFlowBody` +`func NewSubmitSelfServiceLoginFlowBody(identifier string, method string, password string, provider string, totpCode string, lookupSecret string, ) *SubmitSelfServiceLoginFlowBody` NewSubmitSelfServiceLoginFlowBody instantiates a new SubmitSelfServiceLoginFlowBody object This constructor will assign default values to properties that have it defined, @@ -138,6 +138,11 @@ and a boolean to check if the value has been set. SetPasswordIdentifier sets PasswordIdentifier field to given value. +### HasPasswordIdentifier + +`func (o *SubmitSelfServiceLoginFlowBody) HasPasswordIdentifier() bool` + +HasPasswordIdentifier returns a boolean if a field has been set. ### GetProvider diff --git a/internal/httpclient/docs/SubmitSelfServiceLoginFlowWithPasswordMethodBody.md b/internal/httpclient/docs/SubmitSelfServiceLoginFlowWithPasswordMethodBody.md index 8a5d910e2abb..4b411eb38166 100644 --- a/internal/httpclient/docs/SubmitSelfServiceLoginFlowWithPasswordMethodBody.md +++ b/internal/httpclient/docs/SubmitSelfServiceLoginFlowWithPasswordMethodBody.md @@ -8,13 +8,13 @@ Name | Type | Description | Notes **Identifier** | **string** | Identifier is the email or username of the user trying to log in. | **Method** | **string** | Method should be set to \"password\" when logging in using the identifier and password strategy. | **Password** | **string** | The user's password. | -**PasswordIdentifier** | **string** | Identifier is the email or username of the user trying to log in. This field is deprecated! | +**PasswordIdentifier** | Pointer to **string** | Identifier is the email or username of the user trying to log in. This field is deprecated! | [optional] ## Methods ### NewSubmitSelfServiceLoginFlowWithPasswordMethodBody -`func NewSubmitSelfServiceLoginFlowWithPasswordMethodBody(identifier string, method string, password string, passwordIdentifier string, ) *SubmitSelfServiceLoginFlowWithPasswordMethodBody` +`func NewSubmitSelfServiceLoginFlowWithPasswordMethodBody(identifier string, method string, password string, ) *SubmitSelfServiceLoginFlowWithPasswordMethodBody` NewSubmitSelfServiceLoginFlowWithPasswordMethodBody instantiates a new SubmitSelfServiceLoginFlowWithPasswordMethodBody object This constructor will assign default values to properties that have it defined, @@ -133,6 +133,11 @@ and a boolean to check if the value has been set. SetPasswordIdentifier sets PasswordIdentifier field to given value. +### HasPasswordIdentifier + +`func (o *SubmitSelfServiceLoginFlowWithPasswordMethodBody) HasPasswordIdentifier() bool` + +HasPasswordIdentifier returns a boolean if a field has been set. [[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md) diff --git a/internal/httpclient/model_submit_self_service_login_flow_with_password_method_body.go b/internal/httpclient/model_submit_self_service_login_flow_with_password_method_body.go index 1a96f996a022..a320e310972a 100644 --- a/internal/httpclient/model_submit_self_service_login_flow_with_password_method_body.go +++ b/internal/httpclient/model_submit_self_service_login_flow_with_password_method_body.go @@ -26,19 +26,18 @@ type SubmitSelfServiceLoginFlowWithPasswordMethodBody struct { // The user's password. Password string `json:"password"` // Identifier is the email or username of the user trying to log in. This field is deprecated! - PasswordIdentifier string `json:"password_identifier"` + PasswordIdentifier *string `json:"password_identifier,omitempty"` } // NewSubmitSelfServiceLoginFlowWithPasswordMethodBody instantiates a new SubmitSelfServiceLoginFlowWithPasswordMethodBody object // This constructor will assign default values to properties that have it defined, // and makes sure properties required by API are set, but the set of arguments // will change when the set of required properties is changed -func NewSubmitSelfServiceLoginFlowWithPasswordMethodBody(identifier string, method string, password string, passwordIdentifier string) *SubmitSelfServiceLoginFlowWithPasswordMethodBody { +func NewSubmitSelfServiceLoginFlowWithPasswordMethodBody(identifier string, method string, password string) *SubmitSelfServiceLoginFlowWithPasswordMethodBody { this := SubmitSelfServiceLoginFlowWithPasswordMethodBody{} this.Identifier = identifier this.Method = method this.Password = password - this.PasswordIdentifier = passwordIdentifier return &this } @@ -154,28 +153,36 @@ func (o *SubmitSelfServiceLoginFlowWithPasswordMethodBody) SetPassword(v string) o.Password = v } -// GetPasswordIdentifier returns the PasswordIdentifier field value +// GetPasswordIdentifier returns the PasswordIdentifier field value if set, zero value otherwise. func (o *SubmitSelfServiceLoginFlowWithPasswordMethodBody) GetPasswordIdentifier() string { - if o == nil { + if o == nil || o.PasswordIdentifier == nil { var ret string return ret } - - return o.PasswordIdentifier + return *o.PasswordIdentifier } -// GetPasswordIdentifierOk returns a tuple with the PasswordIdentifier field value +// GetPasswordIdentifierOk returns a tuple with the PasswordIdentifier field value if set, nil otherwise // and a boolean to check if the value has been set. func (o *SubmitSelfServiceLoginFlowWithPasswordMethodBody) GetPasswordIdentifierOk() (*string, bool) { - if o == nil { + if o == nil || o.PasswordIdentifier == nil { return nil, false } - return &o.PasswordIdentifier, true + return o.PasswordIdentifier, true +} + +// HasPasswordIdentifier returns a boolean if a field has been set. +func (o *SubmitSelfServiceLoginFlowWithPasswordMethodBody) HasPasswordIdentifier() bool { + if o != nil && o.PasswordIdentifier != nil { + return true + } + + return false } -// SetPasswordIdentifier sets field value +// SetPasswordIdentifier gets a reference to the given string and assigns it to the PasswordIdentifier field. func (o *SubmitSelfServiceLoginFlowWithPasswordMethodBody) SetPasswordIdentifier(v string) { - o.PasswordIdentifier = v + o.PasswordIdentifier = &v } func (o SubmitSelfServiceLoginFlowWithPasswordMethodBody) MarshalJSON() ([]byte, error) { @@ -192,7 +199,7 @@ func (o SubmitSelfServiceLoginFlowWithPasswordMethodBody) MarshalJSON() ([]byte, if true { toSerialize["password"] = o.Password } - if true { + if o.PasswordIdentifier != nil { toSerialize["password_identifier"] = o.PasswordIdentifier } return json.Marshal(toSerialize) diff --git a/spec/api.json b/spec/api.json index f1589876deeb..37e5a6e2c415 100755 --- a/spec/api.json +++ b/spec/api.json @@ -1329,7 +1329,6 @@ "required": [ "method", "password", - "password_identifier", "identifier" ], "title": "submitSelfServiceLoginFlowWithPasswordMethodBody is used to decode the login form payload.", diff --git a/spec/swagger.json b/spec/swagger.json index 559aa3492daf..f4fc78a0e191 100755 --- a/spec/swagger.json +++ b/spec/swagger.json @@ -3579,7 +3579,6 @@ "required": [ "method", "password", - "password_identifier", "identifier" ], "properties": { From 5ed4ca476469a5616a695395dd756ff86694c09c Mon Sep 17 00:00:00 2001 From: ory-bot <60093411+ory-bot@users.noreply.github.com> Date: Wed, 20 Apr 2022 18:00:54 +0000 Subject: [PATCH 005/411] autogen(docs): regenerate and update changelog [skip ci] --- CHANGELOG.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 4b0c00bde5cc..152e09f39e94 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,7 +4,7 @@ **Table of Contents** -- [ (2022-04-16)](#2022-04-16) +- [ (2022-04-20)](#2022-04-20) - [Breaking Changes](#breaking-changes) - [Bug Fixes](#bug-fixes) - [Code Refactoring](#code-refactoring) @@ -250,7 +250,7 @@ -# [](https://github.com/ory/kratos/compare/v0.9.0-alpha.3...v) (2022-04-16) +# [](https://github.com/ory/kratos/compare/v0.9.0-alpha.3...v) (2022-04-20) ## Breaking Changes This patch moves several CLI command to comply with the Ory CLI command structure: @@ -293,6 +293,7 @@ This patch moves several CLI command to comply with the Ory CLI command structur * **Dockerfile:** Use existing builder base image ([#2390](https://github.com/ory/kratos/issues/2390)) ([37de25a](https://github.com/ory/kratos/commit/37de25a541a24e03407ecf344fb750775e48c782)) * Load return_to and append to errors ([#2333](https://github.com/ory/kratos/issues/2333)) ([5efe4a3](https://github.com/ory/kratos/commit/5efe4a33e35e74d248d4eec43dc901b7b6334037)), closes [#2275](https://github.com/ory/kratos/issues/2275) [#2279](https://github.com/ory/kratos/issues/2279) [#2285](https://github.com/ory/kratos/issues/2285) * Refresh is always false when session exists ([d3436d7](https://github.com/ory/kratos/commit/d3436d7fa17589d91e25c9f0bd66bc3bb5b150fa)), closes [#2341](https://github.com/ory/kratos/issues/2341) +* Remove required legacy field ([#2410](https://github.com/ory/kratos/issues/2410)) ([638d45c](https://github.com/ory/kratos/commit/638d45caf480b7287c9762cbf3c593217f40e3e8)) * **sdk:** Improved OpenAPI specifications for UI nodes ([#2375](https://github.com/ory/kratos/issues/2375)) ([a42a0f7](https://github.com/ory/kratos/commit/a42a0f772af3625c457032d6dcc34289a62acc61)), closes [#2357](https://github.com/ory/kratos/issues/2357) * Serve.admin.request_log.disable_for_health behaviour ([#2399](https://github.com/ory/kratos/issues/2399)) ([0a381fa](https://github.com/ory/kratos/commit/0a381fa3d702f77e614d0492dafa3ac2cd102c7e)) * Use `path` instead of `filepath` to join http route paths ([16b1244](https://github.com/ory/kratos/commit/16b12449c841bf7a237fe436b884b4b5012cd022)), closes [#2292](https://github.com/ory/kratos/issues/2292) @@ -305,6 +306,7 @@ This patch moves several CLI command to comply with the Ory CLI command structur * Add certificate based authentication for smtp client ([#2351](https://github.com/ory/kratos/issues/2351)) ([7200037](https://github.com/ory/kratos/commit/72000375c028f5f7f9cb0d0b1b02f8aa09503e4f)) * Add session renew capabilities ([#2146](https://github.com/ory/kratos/issues/2146)) ([4348b86](https://github.com/ory/kratos/commit/4348b8640a282cd61fe30961faba5753e2af8bb0)), closes [#615](https://github.com/ory/kratos/issues/615) +* Add support for netID provider ([#2394](https://github.com/ory/kratos/issues/2394)) ([ee7fc79](https://github.com/ory/kratos/commit/ee7fc79d49cd6d8f2985809585d1675c8e2ed376)) * Read subject id from https://graph.microsoft.com/v1.0/me for microsoft ([#2347](https://github.com/ory/kratos/issues/2347)) ([852f24f](https://github.com/ory/kratos/commit/852f24fb5cd8576f3f6d35017ce85e4fa1c51c95)): Adds the ability to read the OIDC subject ID from the `https://graph.microsoft.com/v1.0/me` endpoint. This introduces a new field `subject_source` to the OIDC configuration. From 47799098b35ea1cf5a1163f57d872a5bb2242d97 Mon Sep 17 00:00:00 2001 From: JiggyDown <84430646+JiggyDown@users.noreply.github.com> Date: Fri, 22 Apr 2022 00:13:45 +0100 Subject: [PATCH 006/411] fix: get user first name and last name from Apple (#2331) --- selfservice/strategy/oidc/provider.go | 3 +- selfservice/strategy/oidc/provider_apple.go | 51 +++++++++++++++++-- .../strategy/oidc/provider_apple_test.go | 36 +++++++++++++ selfservice/strategy/oidc/provider_auth0.go | 2 +- selfservice/strategy/oidc/provider_discord.go | 3 +- .../strategy/oidc/provider_facebook.go | 2 +- .../strategy/oidc/provider_generic_oidc.go | 3 +- selfservice/strategy/oidc/provider_github.go | 3 +- .../strategy/oidc/provider_github_app.go | 3 +- selfservice/strategy/oidc/provider_gitlab.go | 2 +- .../strategy/oidc/provider_microsoft.go | 3 +- .../oidc/provider_private_net_test.go | 3 +- selfservice/strategy/oidc/provider_slack.go | 3 +- selfservice/strategy/oidc/provider_spotify.go | 3 +- selfservice/strategy/oidc/provider_vk.go | 3 +- selfservice/strategy/oidc/provider_yandex.go | 3 +- selfservice/strategy/oidc/strategy.go | 2 +- 17 files changed, 108 insertions(+), 20 deletions(-) create mode 100644 selfservice/strategy/oidc/provider_apple_test.go diff --git a/selfservice/strategy/oidc/provider.go b/selfservice/strategy/oidc/provider.go index 49e74d6488dc..3750417dacd9 100644 --- a/selfservice/strategy/oidc/provider.go +++ b/selfservice/strategy/oidc/provider.go @@ -2,6 +2,7 @@ package oidc import ( "context" + "net/url" "golang.org/x/oauth2" @@ -11,7 +12,7 @@ import ( type Provider interface { Config() *Configuration OAuth2(ctx context.Context) (*oauth2.Config, error) - Claims(ctx context.Context, exchange *oauth2.Token) (*Claims, error) + Claims(ctx context.Context, exchange *oauth2.Token, query url.Values) (*Claims, error) AuthCodeURLOptions(r ider) []oauth2.AuthCodeOption } diff --git a/selfservice/strategy/oidc/provider_apple.go b/selfservice/strategy/oidc/provider_apple.go index f566d03192ec..aa1e395ad3de 100644 --- a/selfservice/strategy/oidc/provider_apple.go +++ b/selfservice/strategy/oidc/provider_apple.go @@ -4,10 +4,13 @@ import ( "context" "crypto/ecdsa" "crypto/x509" + "encoding/json" "encoding/pem" + "net/url" "time" - "github.com/form3tech-oss/jwt-go" + "github.com/golang-jwt/jwt/v4" + "github.com/pkg/errors" "golang.org/x/oauth2" @@ -49,10 +52,10 @@ func (a *ProviderApple) newClientSecret() (string, error) { expirationTime := time.Now().Add(5 * time.Minute) appleToken := jwt.NewWithClaims(jwt.SigningMethodES256, - jwt.StandardClaims{ - Audience: []string{a.config.IssuerURL}, - ExpiresAt: expirationTime.Unix(), - IssuedAt: now.Unix(), + jwt.RegisteredClaims{ + Audience: []string{"https://appleid.apple.com"}, + ExpiresAt: jwt.NewNumericDate(expirationTime), + IssuedAt: jwt.NewNumericDate(now), Issuer: a.config.TeamId, Subject: a.config.ClientID, }) @@ -101,3 +104,41 @@ func (a *ProviderApple) AuthCodeURLOptions(r ider) []oauth2.AuthCodeOption { return options } + +func (a *ProviderApple) Claims(ctx context.Context, exchange *oauth2.Token, query url.Values) (*Claims, error) { + claims, err := a.ProviderGenericOIDC.Claims(ctx, exchange, query) + if err != nil { + return claims, err + } + decodeQuery(query, claims) + + return claims, nil +} + +// decodeQuery decodes extra user info from Apple into the given `Claims`. +// The info is sent as an extra query parameter to the redirect URL. +// See https://developer.apple.com/documentation/sign_in_with_apple/sign_in_with_apple_js/configuring_your_webpage_for_sign_in_with_apple#3331292 +// Note that there's no way to make sure the info hasn't been tampered with. +func decodeQuery(query url.Values, claims *Claims) { + var user struct { + Name *struct { + FirstName *string `json:"firstName"` + LastName *string `json:"lastName"` + } `json:"name"` + } + if err := json.Unmarshal([]byte(query.Get("user")), &user); err == nil { + if name := user.Name; name != nil { + if firstName := name.FirstName; firstName != nil { + if claims.GivenName == "" { + claims.GivenName = *firstName + } + if claims.FamilyName == "" { + claims.FamilyName = *firstName + } + } + if lastName := name.LastName; lastName != nil && claims.LastName == "" { + claims.LastName = *lastName + } + } + } +} diff --git a/selfservice/strategy/oidc/provider_apple_test.go b/selfservice/strategy/oidc/provider_apple_test.go new file mode 100644 index 000000000000..cc56077ea443 --- /dev/null +++ b/selfservice/strategy/oidc/provider_apple_test.go @@ -0,0 +1,36 @@ +package oidc + +import ( + "fmt" + "github.com/stretchr/testify/assert" + "net/url" + "testing" +) + +func TestDecodeQuery(t *testing.T) { + query := url.Values{ + "user": []string{`{"name": {"firstName": "first", "lastName": "last"}, "email": "email@email.com"}`}, + } + + for k, tc := range []struct { + claims *Claims + familyName string + givenName string + lastName string + }{ + {claims: &Claims{}, familyName: "first", givenName: "first", lastName: "last"}, + {claims: &Claims{FamilyName: "fam"}, familyName: "fam", givenName: "first", lastName: "last"}, + {claims: &Claims{FamilyName: "fam", GivenName: "giv"}, familyName: "fam", givenName: "giv", lastName: "last"}, + {claims: &Claims{FamilyName: "fam", GivenName: "giv", LastName: "las"}, familyName: "fam", givenName: "giv", lastName: "las"}, + } { + t.Run(fmt.Sprintf("case=%d", k), func(t *testing.T) { + decodeQuery(query, tc.claims) + assert.Equal(t, tc.familyName, tc.claims.FamilyName) + assert.Equal(t, tc.givenName, tc.claims.GivenName) + assert.Equal(t, tc.lastName, tc.claims.LastName) + // Never extract email from the query, as the same info can be extracted and verified from the ID token. + assert.Empty(t, tc.claims.Email) + }) + } + +} diff --git a/selfservice/strategy/oidc/provider_auth0.go b/selfservice/strategy/oidc/provider_auth0.go index e930f9627f0c..2a8e9984ddf8 100644 --- a/selfservice/strategy/oidc/provider_auth0.go +++ b/selfservice/strategy/oidc/provider_auth0.go @@ -66,7 +66,7 @@ func (g *ProviderAuth0) OAuth2(ctx context.Context) (*oauth2.Config, error) { return g.oauth2(ctx) } -func (g *ProviderAuth0) Claims(ctx context.Context, exchange *oauth2.Token) (*Claims, error) { +func (g *ProviderAuth0) Claims(ctx context.Context, exchange *oauth2.Token, query url.Values) (*Claims, error) { o, err := g.OAuth2(ctx) if err != nil { return nil, errors.WithStack(herodot.ErrInternalServerError.WithReasonf("%s", err)) diff --git a/selfservice/strategy/oidc/provider_discord.go b/selfservice/strategy/oidc/provider_discord.go index 4fe18e87b215..7776e72b0fb0 100644 --- a/selfservice/strategy/oidc/provider_discord.go +++ b/selfservice/strategy/oidc/provider_discord.go @@ -3,6 +3,7 @@ package oidc import ( "context" "fmt" + "net/url" "github.com/ory/kratos/x" @@ -62,7 +63,7 @@ func (d *ProviderDiscord) AuthCodeURLOptions(r ider) []oauth2.AuthCodeOption { } } -func (d *ProviderDiscord) Claims(ctx context.Context, exchange *oauth2.Token) (*Claims, error) { +func (d *ProviderDiscord) Claims(ctx context.Context, exchange *oauth2.Token, query url.Values) (*Claims, error) { grantedScopes := stringsx.Splitx(fmt.Sprintf("%s", exchange.Extra("scope")), " ") for _, check := range d.Config().Scope { if !stringslice.Has(grantedScopes, check) { diff --git a/selfservice/strategy/oidc/provider_facebook.go b/selfservice/strategy/oidc/provider_facebook.go index 34984484bbd7..15e45cc78555 100644 --- a/selfservice/strategy/oidc/provider_facebook.go +++ b/selfservice/strategy/oidc/provider_facebook.go @@ -46,7 +46,7 @@ func (g *ProviderFacebook) OAuth2(ctx context.Context) (*oauth2.Config, error) { return g.oauth2ConfigFromEndpoint(ctx, endpoint), nil } -func (g *ProviderFacebook) Claims(ctx context.Context, exchange *oauth2.Token) (*Claims, error) { +func (g *ProviderFacebook) Claims(ctx context.Context, exchange *oauth2.Token, query url.Values) (*Claims, error) { o, err := g.OAuth2(ctx) if err != nil { return nil, errors.WithStack(herodot.ErrInternalServerError.WithReasonf("%s", err)) diff --git a/selfservice/strategy/oidc/provider_generic_oidc.go b/selfservice/strategy/oidc/provider_generic_oidc.go index 371d89682cb6..db71b95ad668 100644 --- a/selfservice/strategy/oidc/provider_generic_oidc.go +++ b/selfservice/strategy/oidc/provider_generic_oidc.go @@ -2,6 +2,7 @@ package oidc import ( "context" + "net/url" "github.com/pkg/errors" "golang.org/x/oauth2" @@ -97,7 +98,7 @@ func (g *ProviderGenericOIDC) verifyAndDecodeClaimsWithProvider(ctx context.Cont return &claims, nil } -func (g *ProviderGenericOIDC) Claims(ctx context.Context, exchange *oauth2.Token) (*Claims, error) { +func (g *ProviderGenericOIDC) Claims(ctx context.Context, exchange *oauth2.Token, query url.Values) (*Claims, error) { raw, ok := exchange.Extra("id_token").(string) if !ok || len(raw) == 0 { return nil, errors.WithStack(ErrIDTokenMissing) diff --git a/selfservice/strategy/oidc/provider_github.go b/selfservice/strategy/oidc/provider_github.go index 3efd08f98da3..05c79847d8ad 100644 --- a/selfservice/strategy/oidc/provider_github.go +++ b/selfservice/strategy/oidc/provider_github.go @@ -3,6 +3,7 @@ package oidc import ( "context" "fmt" + "net/url" "github.com/ory/kratos/x" @@ -55,7 +56,7 @@ func (g *ProviderGitHub) AuthCodeURLOptions(r ider) []oauth2.AuthCodeOption { return []oauth2.AuthCodeOption{} } -func (g *ProviderGitHub) Claims(ctx context.Context, exchange *oauth2.Token) (*Claims, error) { +func (g *ProviderGitHub) Claims(ctx context.Context, exchange *oauth2.Token, query url.Values) (*Claims, error) { grantedScopes := stringsx.Splitx(fmt.Sprintf("%s", exchange.Extra("scope")), ",") for _, check := range g.Config().Scope { if !stringslice.Has(grantedScopes, check) { diff --git a/selfservice/strategy/oidc/provider_github_app.go b/selfservice/strategy/oidc/provider_github_app.go index 3fd10b6917f7..9553852a3614 100644 --- a/selfservice/strategy/oidc/provider_github_app.go +++ b/selfservice/strategy/oidc/provider_github_app.go @@ -3,6 +3,7 @@ package oidc import ( "context" "fmt" + "net/url" "github.com/ory/kratos/x" @@ -52,7 +53,7 @@ func (g *ProviderGitHubApp) AuthCodeURLOptions(r ider) []oauth2.AuthCodeOption { return []oauth2.AuthCodeOption{} } -func (g *ProviderGitHubApp) Claims(ctx context.Context, exchange *oauth2.Token) (*Claims, error) { +func (g *ProviderGitHubApp) Claims(ctx context.Context, exchange *oauth2.Token, query url.Values) (*Claims, error) { gh := ghapi.NewClient(g.oauth2(ctx).Client(ctx, exchange)) user, _, err := gh.Users.Get(ctx, "") diff --git a/selfservice/strategy/oidc/provider_gitlab.go b/selfservice/strategy/oidc/provider_gitlab.go index 803b8043f6b4..169afe6df893 100644 --- a/selfservice/strategy/oidc/provider_gitlab.go +++ b/selfservice/strategy/oidc/provider_gitlab.go @@ -64,7 +64,7 @@ func (g *ProviderGitLab) OAuth2(ctx context.Context) (*oauth2.Config, error) { return g.oauth2(ctx) } -func (g *ProviderGitLab) Claims(ctx context.Context, exchange *oauth2.Token) (*Claims, error) { +func (g *ProviderGitLab) Claims(ctx context.Context, exchange *oauth2.Token, query url.Values) (*Claims, error) { o, err := g.OAuth2(ctx) if err != nil { return nil, errors.WithStack(herodot.ErrInternalServerError.WithReasonf("%s", err)) diff --git a/selfservice/strategy/oidc/provider_microsoft.go b/selfservice/strategy/oidc/provider_microsoft.go index e375180a3402..9f8edfc36fc2 100644 --- a/selfservice/strategy/oidc/provider_microsoft.go +++ b/selfservice/strategy/oidc/provider_microsoft.go @@ -3,6 +3,7 @@ package oidc import ( "context" "encoding/json" + "net/url" "strings" "github.com/hashicorp/go-retryablehttp" @@ -49,7 +50,7 @@ func (m *ProviderMicrosoft) OAuth2(ctx context.Context) (*oauth2.Config, error) return m.oauth2ConfigFromEndpoint(ctx, endpoint), nil } -func (m *ProviderMicrosoft) Claims(ctx context.Context, exchange *oauth2.Token) (*Claims, error) { +func (m *ProviderMicrosoft) Claims(ctx context.Context, exchange *oauth2.Token, query url.Values) (*Claims, error) { raw, ok := exchange.Extra("id_token").(string) if !ok || len(raw) == 0 { return nil, errors.WithStack(ErrIDTokenMissing) diff --git a/selfservice/strategy/oidc/provider_private_net_test.go b/selfservice/strategy/oidc/provider_private_net_test.go index caa4d0ff961a..583be20f229c 100644 --- a/selfservice/strategy/oidc/provider_private_net_test.go +++ b/selfservice/strategy/oidc/provider_private_net_test.go @@ -3,6 +3,7 @@ package oidc_test import ( "context" "fmt" + "net/url" "testing" "time" @@ -77,7 +78,7 @@ func TestProviderPrivateIP(t *testing.T) { p := tc.p(tc.c) _, err := p.Claims(context.Background(), (&oauth2.Token{RefreshToken: "foo", Expiry: time.Now().Add(-time.Hour)}).WithExtra(map[string]interface{}{ "id_token": tc.id, - })) + }), url.Values{}) require.Error(t, err) assert.Contains(t, fmt.Sprintf("%+v", err), tc.e) }) diff --git a/selfservice/strategy/oidc/provider_slack.go b/selfservice/strategy/oidc/provider_slack.go index c6e99f2edc5f..1845cfea2255 100644 --- a/selfservice/strategy/oidc/provider_slack.go +++ b/selfservice/strategy/oidc/provider_slack.go @@ -3,6 +3,7 @@ package oidc import ( "context" "fmt" + "net/url" "github.com/ory/herodot" @@ -57,7 +58,7 @@ func (d *ProviderSlack) AuthCodeURLOptions(r ider) []oauth2.AuthCodeOption { return []oauth2.AuthCodeOption{} } -func (d *ProviderSlack) Claims(ctx context.Context, exchange *oauth2.Token) (*Claims, error) { +func (d *ProviderSlack) Claims(ctx context.Context, exchange *oauth2.Token, query url.Values) (*Claims, error) { grantedScopes := stringsx.Splitx(fmt.Sprintf("%s", exchange.Extra("scope")), ",") for _, check := range d.Config().Scope { if !stringslice.Has(grantedScopes, check) { diff --git a/selfservice/strategy/oidc/provider_spotify.go b/selfservice/strategy/oidc/provider_spotify.go index 85c8b4749448..4b42c774c10c 100644 --- a/selfservice/strategy/oidc/provider_spotify.go +++ b/selfservice/strategy/oidc/provider_spotify.go @@ -3,6 +3,7 @@ package oidc import ( "context" "fmt" + "net/url" "golang.org/x/oauth2/spotify" @@ -55,7 +56,7 @@ func (g *ProviderSpotify) AuthCodeURLOptions(r ider) []oauth2.AuthCodeOption { return []oauth2.AuthCodeOption{} } -func (g *ProviderSpotify) Claims(ctx context.Context, exchange *oauth2.Token) (*Claims, error) { +func (g *ProviderSpotify) Claims(ctx context.Context, exchange *oauth2.Token, query url.Values) (*Claims, error) { grantedScopes := stringsx.Splitx(fmt.Sprintf("%s", exchange.Extra("scope")), " ") for _, check := range g.Config().Scope { if !stringslice.Has(grantedScopes, check) { diff --git a/selfservice/strategy/oidc/provider_vk.go b/selfservice/strategy/oidc/provider_vk.go index fd2b5f3ef9c4..fed90d8e9c48 100644 --- a/selfservice/strategy/oidc/provider_vk.go +++ b/selfservice/strategy/oidc/provider_vk.go @@ -3,6 +3,7 @@ package oidc import ( "context" "encoding/json" + "net/url" "strconv" "github.com/hashicorp/go-retryablehttp" @@ -55,7 +56,7 @@ func (g *ProviderVK) OAuth2(ctx context.Context) (*oauth2.Config, error) { return g.oauth2(ctx), nil } -func (g *ProviderVK) Claims(ctx context.Context, exchange *oauth2.Token) (*Claims, error) { +func (g *ProviderVK) Claims(ctx context.Context, exchange *oauth2.Token, query url.Values) (*Claims, error) { o, err := g.OAuth2(ctx) if err != nil { diff --git a/selfservice/strategy/oidc/provider_yandex.go b/selfservice/strategy/oidc/provider_yandex.go index 1c627183bd87..6b78a9dda733 100644 --- a/selfservice/strategy/oidc/provider_yandex.go +++ b/selfservice/strategy/oidc/provider_yandex.go @@ -3,6 +3,7 @@ package oidc import ( "context" "encoding/json" + "net/url" "github.com/hashicorp/go-retryablehttp" "github.com/pkg/errors" @@ -53,7 +54,7 @@ func (g *ProviderYandex) OAuth2(ctx context.Context) (*oauth2.Config, error) { return g.oauth2(ctx), nil } -func (g *ProviderYandex) Claims(ctx context.Context, exchange *oauth2.Token) (*Claims, error) { +func (g *ProviderYandex) Claims(ctx context.Context, exchange *oauth2.Token, query url.Values) (*Claims, error) { o, err := g.OAuth2(ctx) if err != nil { return nil, errors.WithStack(herodot.ErrInternalServerError.WithReasonf("%s", err)) diff --git a/selfservice/strategy/oidc/strategy.go b/selfservice/strategy/oidc/strategy.go index 176e25944340..e6081af9b137 100644 --- a/selfservice/strategy/oidc/strategy.go +++ b/selfservice/strategy/oidc/strategy.go @@ -327,7 +327,7 @@ func (s *Strategy) handleCallback(w http.ResponseWriter, r *http.Request, ps htt return } - claims, err := provider.Claims(r.Context(), token) + claims, err := provider.Claims(r.Context(), token, r.URL.Query()) if err != nil { s.forwardError(w, r, req, s.handleError(w, r, req, pid, nil, err)) return From a2009ff6283bfe31381cefa85f9f82575434c6d3 Mon Sep 17 00:00:00 2001 From: ory-bot <60093411+ory-bot@users.noreply.github.com> Date: Thu, 21 Apr 2022 23:15:08 +0000 Subject: [PATCH 007/411] autogen(openapi): regenerate swagger spec and internal client [skip ci] --- selfservice/strategy/oidc/provider_apple_test.go | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/selfservice/strategy/oidc/provider_apple_test.go b/selfservice/strategy/oidc/provider_apple_test.go index cc56077ea443..2cfbf7547846 100644 --- a/selfservice/strategy/oidc/provider_apple_test.go +++ b/selfservice/strategy/oidc/provider_apple_test.go @@ -2,9 +2,10 @@ package oidc import ( "fmt" - "github.com/stretchr/testify/assert" "net/url" "testing" + + "github.com/stretchr/testify/assert" ) func TestDecodeQuery(t *testing.T) { From e38ecbc8437ad8c0e2dd483adccd17ab019560ac Mon Sep 17 00:00:00 2001 From: aeneasr <3372410+aeneasr@users.noreply.github.com> Date: Wed, 20 Apr 2022 21:29:32 +0200 Subject: [PATCH 008/411] chore: bump SQLite for better JSON support --- go.mod | 3 +-- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 4 deletions(-) diff --git a/go.mod b/go.mod index b2feabd10c09..accb5e093cb9 100644 --- a/go.mod +++ b/go.mod @@ -9,7 +9,7 @@ replace ( github.com/knadh/koanf => github.com/aeneasr/koanf v0.14.1-0.20211230115640-aa3902b3267a github.com/luna-duclos/instrumentedsql => github.com/ory/instrumentedsql v1.2.0 github.com/luna-duclos/instrumentedsql/opentracing => github.com/ory/instrumentedsql/opentracing v0.0.0-20210903114257-c8963b546c5c - github.com/mattn/go-sqlite3 => github.com/mattn/go-sqlite3 v1.14.7-0.20210414154423-1157a4212dcb + github.com/mattn/go-sqlite3 => github.com/mattn/go-sqlite3 v1.14.12 github.com/oleiade/reflections => github.com/oleiade/reflections v1.0.1 // Use the internal httpclient which can be generated in this codebase but mark it as the // official SDK, allowing for the Ory CLI to consume Ory Kratos' CLI commands. @@ -136,7 +136,6 @@ require ( github.com/cortesi/moddwatch v0.0.0-20210222043437-a6aaad86a36e // indirect github.com/cortesi/termlog v0.0.0-20210222042314-a1eec763abec // indirect github.com/cpuguy83/go-md2man/v2 v2.0.1 // indirect - github.com/dgraph-io/ristretto v0.1.0 // indirect github.com/docker/cli v20.10.11+incompatible // indirect github.com/docker/distribution v2.8.1+incompatible // indirect github.com/docker/docker v20.10.9+incompatible // indirect diff --git a/go.sum b/go.sum index cd7fe819dc58..199ba4677abb 100644 --- a/go.sum +++ b/go.sum @@ -1264,8 +1264,8 @@ github.com/mattn/go-runewidth v0.0.12 h1:Y41i/hVW3Pgwr8gV+J23B9YEY0zxjptBuCWEaxm github.com/mattn/go-runewidth v0.0.12/go.mod h1:RAqKPSqVFrSLVXbA8x7dzmKdmGzieGRCM46jaSJTDAk= github.com/mattn/go-shellwords v1.0.3/go.mod h1:3xCvwCdWdlDJUrvuMn7Wuy9eWs4pE8vqg+NOMyg4B2o= github.com/mattn/go-shellwords v1.0.10/go.mod h1:EZzvwXDESEeg03EKmM+RmDnNOPKG4lLtQsUlTZDWQ8Y= -github.com/mattn/go-sqlite3 v1.14.7-0.20210414154423-1157a4212dcb h1:ax2vG2unlxsjwS7PMRo4FECIfAdQLowd6ejWYwPQhBo= -github.com/mattn/go-sqlite3 v1.14.7-0.20210414154423-1157a4212dcb/go.mod h1:NyWgC/yNuGj7Q9rpYnZvas74GogHl5/Z4A/KQRfk6bU= +github.com/mattn/go-sqlite3 v1.14.12 h1:TJ1bhYJPV44phC+IMu1u2K/i5RriLTPe+yc68XDJ1Z0= +github.com/mattn/go-sqlite3 v1.14.12/go.mod h1:NyWgC/yNuGj7Q9rpYnZvas74GogHl5/Z4A/KQRfk6bU= github.com/mattn/go-zglob v0.0.1/go.mod h1:9fxibJccNxU2cnpIKLRRFA7zX7qhkJIQWBb449FYHOo= github.com/mattn/goveralls v0.0.7 h1:vzy0i4a2iDzEFMdXIxcanRadkr0FBvSBKUmj0P8SPlQ= github.com/mattn/goveralls v0.0.7/go.mod h1:h8b4ow6FxSPMQHF6o2ve3qsclnffZjYTNEKmLesRwqw= From 562e340fe980e7c65ab3fc41f82a2a8899a33bfa Mon Sep 17 00:00:00 2001 From: aeneasr <3372410+aeneasr@users.noreply.github.com> Date: Wed, 20 Apr 2022 22:17:56 +0200 Subject: [PATCH 009/411] feat(identity): add admin and public metadata fields This patch adds two new keys to identities, `metadata_public` and `metadata_admin` that can be used to store additional metadata about identities in Ory. Closes #2388 Closes #47 --- .schema/openapi/patches/identity.yaml | 10 + cmd/identities/get_test.go | 8 +- cmd/identities/helpers_test.go | 3 +- ...tUpgradeCredentials-empty_credentials.json | 1 + ...radeCredentials-type=webauthn-from=v0.json | 1 + ...radeCredentials-type=webauthn-from=v1.json | 1 + credentialmigrate/migrate_test.go | 6 +- ...to_import_users-with_argon2i_password.json | 4 +- ...o_import_users-with_argon2id_password.json | 4 +- ...to_import_users-with_bcrypt2_password.json | 4 +- ...eartext_password_and_oidc_credentials.json | 4 +- ..._to_import_users-with_pkbdf2_password.json | 4 +- ..._import_users-without_any_credentials.json | 4 +- .../TestMarshalIdentityWithAll.json | 12 ++ identity/handler.go | 26 ++- identity/handler_test.go | 43 +++-- identity/identity.go | 17 +- identity/identity_test.go | 57 +++++- internal/httpclient/api/openapi.yaml | 181 +++++++++++------- .../docs/AdminCreateIdentityBody.md | 72 +++++++ .../docs/AdminUpdateIdentityBody.md | 72 +++++++ internal/httpclient/docs/Identity.md | 72 +++++++ .../model_admin_create_identity_body.go | 76 ++++++++ .../model_admin_update_identity_body.go | 76 ++++++++ internal/httpclient/model_identity.go | 76 ++++++++ .../196d8c1e-4f04-40f0-94b3-5ec43996b28a.json | 2 + .../2ae6a5a7-2983-49e7-a4d8-7740b37c88cb.json | 2 + .../308929d3-41a2-43fe-a33c-75308539d841.json | 17 ++ .../359963ec-b09b-4ea0-aece-fb4dd95f304a.json | 2 + .../5ff66179-c240-4703-b0d8-494592cefff5.json | 2 + .../a251ebc2-880c-4f76-a8f3-38e6940eab0e.json | 2 + .../d7b9addb-ac15-4bc2-9fa5-562e0bf48755.json | 2 + .../ed253b2c-48ed-4c58-9b6f-1dc963c30a66.json | 2 + .../7458af86-c1d8-401c-978a-8da89133f78b.json | 1 + .../8571e374-38f2-4f46-8ad3-b9d914e174d3.json | 1 + .../dcde5aaa-f789-4d3d-ae1f-76da8d57e67c.json | 1 + .../f38cdebe-e567-42c9-a562-1bd4dee40998.json | 1 + .../194c5b05-0487-4a11-bcbc-f301c9ff9678.json | 1 + .../19ede218-928c-4e02-ab49-b76e12b34f31.json | 1 + .../21c5f714-3089-49d2-b387-f244d4dd9e00.json | 1 + .../74fd6c53-7651-453e-90b8-2c5adbf911bb.json | 1 + .../77fe4fb3-2d4e-4532-b568-c44b0aece0aa.json | 1 + .../8248bb5d-8ef7-45e3-8e07-9e2003dd5352.json | 1 + .../90b4f970-b9ae-42bc-a0a7-73ec750e0aa1.json | 1 + .../a79bfcf1-68ae-49de-8b23-4f96921b8341.json | 1 + .../aeba85bd-1a8c-44bf-8fc3-3be83c01a3dc.json | 1 + .../cdfd1eed-34a4-491d-ad0a-7579d3a0a7ba.json | 1 + persistence/sql/migratest/migration_test.go | 2 +- .../testdata/20220420102701_testdata.sql | 1 + ...420102701000000_identity_metadata.down.sql | 2 + ...02701000000_identity_metadata.mysql.up.sql | 2 + ...20420102701000000_identity_metadata.up.sql | 2 + session/handler_test.go | 22 ++- spec/api.json | 21 ++ spec/swagger.json | 26 +++ 55 files changed, 849 insertions(+), 108 deletions(-) create mode 100644 identity/.snapshots/TestMarshalIdentityWithAll.json create mode 100644 persistence/sql/migratest/fixtures/identity/308929d3-41a2-43fe-a33c-75308539d841.json create mode 100644 persistence/sql/migratest/testdata/20220420102701_testdata.sql create mode 100644 persistence/sql/migrations/sql/20220420102701000000_identity_metadata.down.sql create mode 100644 persistence/sql/migrations/sql/20220420102701000000_identity_metadata.mysql.up.sql create mode 100644 persistence/sql/migrations/sql/20220420102701000000_identity_metadata.up.sql diff --git a/.schema/openapi/patches/identity.yaml b/.schema/openapi/patches/identity.yaml index 6c035e5c86bf..0ae45623bd2e 100644 --- a/.schema/openapi/patches/identity.yaml +++ b/.schema/openapi/patches/identity.yaml @@ -11,3 +11,13 @@ - oidc - webauthn - lookup_secret +- op: remove + path: /components/schemas/AdminUpdateIdentityBody/properties/metadata_admin/type +- op: remove + path: /components/schemas/AdminUpdateIdentityBody/properties/metadata_public/type +- op: remove + path: /components/schemas/adminCreateIdentityBody/properties/metadata_admin/type +- op: remove + path: /components/schemas/adminCreateIdentityBody/properties/metadata_public/type +- op: remove + path: /components/schemas/nullJsonRawMessage/type diff --git a/cmd/identities/get_test.go b/cmd/identities/get_test.go index 93959bddbeae..7f4d153ce3e2 100644 --- a/cmd/identities/get_test.go +++ b/cmd/identities/get_test.go @@ -26,11 +26,13 @@ func TestGetCmd(t *testing.T) { t.Run("case=gets a single identity", func(t *testing.T) { i := identity.NewIdentity(config.DefaultIdentityTraitsSchemaID) + i.MetadataPublic = []byte(`"public"`) + i.MetadataAdmin = []byte(`"admin"`) require.NoError(t, reg.Persister().CreateIdentity(context.Background(), i)) stdOut := execNoErr(t, c, i.ID.String()) - ij, err := json.Marshal(i) + ij, err := json.Marshal(identity.WithCredentialsMetadataAndAdminMetadataInJSON(*i)) require.NoError(t, err) assertx.EqualAsJSONExcept(t, json.RawMessage(ij), json.RawMessage(stdOut), []string{"created_at", "updated_at"}) @@ -88,6 +90,8 @@ func TestGetCmd(t *testing.T) { } } i := identity.NewIdentity(config.DefaultIdentityTraitsSchemaID) + i.MetadataPublic = []byte(`"public"`) + i.MetadataAdmin = []byte(`"admin"`) i.SetCredentials(identity.CredentialsTypeOIDC, applyCredentials("uniqueIdentifier", "accessBar", "refreshBar", "idBar", true)) // duplicate identity with decrypted tokens di := i.CopyWithoutCredentials() @@ -97,7 +101,7 @@ func TestGetCmd(t *testing.T) { require.NoError(t, reg.Persister().CreateIdentity(context.Background(), i)) stdOut := execNoErr(t, c, i.ID.String()) - ij, err := json.Marshal(identity.WithCredentialsInJSON(*di)) + ij, err := json.Marshal(identity.WithCredentialsAndAdminMetadataInJSON(*di)) require.NoError(t, err) ii := []string{"schema_url", "state_changed_at", "created_at", "updated_at", "credentials.oidc.created_at", "credentials.oidc.updated_at", "credentials.oidc.version"} diff --git a/cmd/identities/helpers_test.go b/cmd/identities/helpers_test.go index f916e7f50e66..2947856e5787 100644 --- a/cmd/identities/helpers_test.go +++ b/cmd/identities/helpers_test.go @@ -50,7 +50,7 @@ func exec(cmd *cobra.Command, stdIn io.Reader, args ...string) (string, string, func execNoErr(t *testing.T, cmd *cobra.Command, args ...string) string { stdOut, stdErr, err := exec(cmd, nil, args...) - require.NoError(t, err) + require.NoError(t, err, "stdout: %s\nstderr: %s", stdOut, stdErr) require.Len(t, stdErr, 0, stdOut) return stdOut } @@ -65,6 +65,7 @@ func execErr(t *testing.T, cmd *cobra.Command, args ...string) string { func makeIdentities(t *testing.T, reg driver.Registry, n int) (is []*identity.Identity, ids []string) { for j := 0; j < n; j++ { i := identity.NewIdentity(config.DefaultIdentityTraitsSchemaID) + i.MetadataPublic = []byte(`{"foo":"bar"}`) require.NoError(t, reg.Persister().CreateIdentity(context.Background(), i)) is = append(is, i) ids = append(ids, i.ID.String()) diff --git a/credentialmigrate/.snapshots/TestUpgradeCredentials-empty_credentials.json b/credentialmigrate/.snapshots/TestUpgradeCredentials-empty_credentials.json index 21cd2aa56a03..8226d7ef009d 100644 --- a/credentialmigrate/.snapshots/TestUpgradeCredentials-empty_credentials.json +++ b/credentialmigrate/.snapshots/TestUpgradeCredentials-empty_credentials.json @@ -4,6 +4,7 @@ "schema_url": "", "state": "", "traits": null, + "metadata_public": null, "created_at": "0001-01-01T00:00:00Z", "updated_at": "0001-01-01T00:00:00Z" } diff --git a/credentialmigrate/.snapshots/TestUpgradeCredentials-type=webauthn-from=v0.json b/credentialmigrate/.snapshots/TestUpgradeCredentials-type=webauthn-from=v0.json index 1ce5969a9a93..4c05bac5cb73 100644 --- a/credentialmigrate/.snapshots/TestUpgradeCredentials-type=webauthn-from=v0.json +++ b/credentialmigrate/.snapshots/TestUpgradeCredentials-type=webauthn-from=v0.json @@ -33,6 +33,7 @@ "schema_url": "", "state": "", "traits": null, + "metadata_public": null, "created_at": "0001-01-01T00:00:00Z", "updated_at": "0001-01-01T00:00:00Z" } diff --git a/credentialmigrate/.snapshots/TestUpgradeCredentials-type=webauthn-from=v1.json b/credentialmigrate/.snapshots/TestUpgradeCredentials-type=webauthn-from=v1.json index f66490c6e508..57614f591497 100644 --- a/credentialmigrate/.snapshots/TestUpgradeCredentials-type=webauthn-from=v1.json +++ b/credentialmigrate/.snapshots/TestUpgradeCredentials-type=webauthn-from=v1.json @@ -31,6 +31,7 @@ "schema_url": "", "state": "", "traits": null, + "metadata_public": null, "created_at": "0001-01-01T00:00:00Z", "updated_at": "0001-01-01T00:00:00Z" } diff --git a/credentialmigrate/migrate_test.go b/credentialmigrate/migrate_test.go index 4358a607b828..2d490eb5705e 100644 --- a/credentialmigrate/migrate_test.go +++ b/credentialmigrate/migrate_test.go @@ -24,7 +24,7 @@ func TestUpgradeCredentials(t *testing.T) { err := UpgradeCredentials(i) require.NoError(t, err) - wc := identity.WithCredentialsInJSON(*i) + wc := identity.WithCredentialsAndAdminMetadataInJSON(*i) snapshotx.SnapshotTExcept(t, &wc, nil) }) @@ -43,7 +43,7 @@ func TestUpgradeCredentials(t *testing.T) { } require.NoError(t, UpgradeCredentials(i)) - wc := identity.WithCredentialsInJSON(*i) + wc := identity.WithCredentialsAndAdminMetadataInJSON(*i) snapshotx.SnapshotTExcept(t, &wc, nil) assert.Equal(t, 1, i.Credentials[identity.CredentialsTypeWebAuthn].Version) @@ -61,7 +61,7 @@ func TestUpgradeCredentials(t *testing.T) { } require.NoError(t, UpgradeCredentials(i)) - wc := identity.WithCredentialsInJSON(*i) + wc := identity.WithCredentialsAndAdminMetadataInJSON(*i) snapshotx.SnapshotTExcept(t, &wc, nil) assert.Equal(t, 1, i.Credentials[identity.CredentialsTypeWebAuthn].Version) diff --git a/identity/.snapshots/TestHandler-case=should_be_able_to_import_users-with_argon2i_password.json b/identity/.snapshots/TestHandler-case=should_be_able_to_import_users-with_argon2i_password.json index f873ba6f921f..a857d84e05ec 100644 --- a/identity/.snapshots/TestHandler-case=should_be_able_to_import_users-with_argon2i_password.json +++ b/identity/.snapshots/TestHandler-case=should_be_able_to_import_users-with_argon2i_password.json @@ -14,5 +14,7 @@ "state": "active", "traits": { "email": "import-5@ory.sh" - } + }, + "metadata_public": null, + "metadata_admin": null } diff --git a/identity/.snapshots/TestHandler-case=should_be_able_to_import_users-with_argon2id_password.json b/identity/.snapshots/TestHandler-case=should_be_able_to_import_users-with_argon2id_password.json index 302a70401d6d..ea898583bfa5 100644 --- a/identity/.snapshots/TestHandler-case=should_be_able_to_import_users-with_argon2id_password.json +++ b/identity/.snapshots/TestHandler-case=should_be_able_to_import_users-with_argon2id_password.json @@ -14,5 +14,7 @@ "state": "active", "traits": { "email": "import-6@ory.sh" - } + }, + "metadata_public": null, + "metadata_admin": null } diff --git a/identity/.snapshots/TestHandler-case=should_be_able_to_import_users-with_bcrypt2_password.json b/identity/.snapshots/TestHandler-case=should_be_able_to_import_users-with_bcrypt2_password.json index e60b6eaccdec..f4b2e9ca7d66 100644 --- a/identity/.snapshots/TestHandler-case=should_be_able_to_import_users-with_bcrypt2_password.json +++ b/identity/.snapshots/TestHandler-case=should_be_able_to_import_users-with_bcrypt2_password.json @@ -14,5 +14,7 @@ "state": "active", "traits": { "email": "import-4@ory.sh" - } + }, + "metadata_public": null, + "metadata_admin": null } diff --git a/identity/.snapshots/TestHandler-case=should_be_able_to_import_users-with_cleartext_password_and_oidc_credentials.json b/identity/.snapshots/TestHandler-case=should_be_able_to_import_users-with_cleartext_password_and_oidc_credentials.json index 77852db60e40..156a9b518d42 100644 --- a/identity/.snapshots/TestHandler-case=should_be_able_to_import_users-with_cleartext_password_and_oidc_credentials.json +++ b/identity/.snapshots/TestHandler-case=should_be_able_to_import_users-with_cleartext_password_and_oidc_credentials.json @@ -40,5 +40,7 @@ "state": "active", "traits": { "email": "import-2@ory.sh" - } + }, + "metadata_public": null, + "metadata_admin": null } diff --git a/identity/.snapshots/TestHandler-case=should_be_able_to_import_users-with_pkbdf2_password.json b/identity/.snapshots/TestHandler-case=should_be_able_to_import_users-with_pkbdf2_password.json index e5369fa29b14..28212bed3c03 100644 --- a/identity/.snapshots/TestHandler-case=should_be_able_to_import_users-with_pkbdf2_password.json +++ b/identity/.snapshots/TestHandler-case=should_be_able_to_import_users-with_pkbdf2_password.json @@ -14,5 +14,7 @@ "state": "active", "traits": { "email": "import-3@ory.sh" - } + }, + "metadata_public": null, + "metadata_admin": null } diff --git a/identity/.snapshots/TestHandler-case=should_be_able_to_import_users-without_any_credentials.json b/identity/.snapshots/TestHandler-case=should_be_able_to_import_users-without_any_credentials.json index a95355965bc9..a6faeb36232a 100644 --- a/identity/.snapshots/TestHandler-case=should_be_able_to_import_users-without_any_credentials.json +++ b/identity/.snapshots/TestHandler-case=should_be_able_to_import_users-without_any_credentials.json @@ -13,5 +13,7 @@ "state": "active", "traits": { "email": "import-1@ory.sh" - } + }, + "metadata_public": null, + "metadata_admin": null } diff --git a/identity/.snapshots/TestMarshalIdentityWithAll.json b/identity/.snapshots/TestMarshalIdentityWithAll.json new file mode 100644 index 000000000000..e659f278b4fb --- /dev/null +++ b/identity/.snapshots/TestMarshalIdentityWithAll.json @@ -0,0 +1,12 @@ +{ + "password": { + "type": "password", + "identifiers": null, + "config": { + "some": "secret" + }, + "version": 0, + "created_at": "0001-01-01T00:00:00Z", + "updated_at": "0001-01-01T00:00:00Z" + } +} diff --git a/identity/handler.go b/identity/handler.go index 0a49377a32da..53100a429ca7 100644 --- a/identity/handler.go +++ b/identity/handler.go @@ -183,7 +183,7 @@ func (h *Handler) get(w http.ResponseWriter, r *http.Request, ps httprouter.Para h.r.Writer().WriteError(w, r, err) return } - h.r.Writer().Write(w, r, WithCredentialsInJSON(*emit)) + h.r.Writer().Write(w, r, WithCredentialsAndAdminMetadataInJSON(*emit)) return } else if len(declassify) > 0 { h.r.Writer().WriteError(w, r, errors.WithStack(herodot.ErrBadRequest.WithReasonf("Invalid value `%s` for parameter `include_credential`.", declassify))) @@ -191,7 +191,7 @@ func (h *Handler) get(w http.ResponseWriter, r *http.Request, ps httprouter.Para } - h.r.Writer().Write(w, r, WithCredentialsMetadataInJSON(*i)) + h.r.Writer().Write(w, r, WithCredentialsMetadataAndAdminMetadataInJSON(*i)) } // swagger:parameters adminCreateIdentity @@ -234,6 +234,13 @@ type AdminCreateIdentityBody struct { // on the next identity update. RecoveryAddresses []RecoveryAddress `json:"recovery_addresses"` + // Store metadata about the identity which the identity itself can see when calling for example the + // session endpoint. Do not store sensitive information (e.g. credit score) about the identity in this field. + MetadataPublic json.RawMessage `json:"metadata_public"` + + // Store metadata about the user which is only accessible through admin APIs such as `GET /admin/identities/`. + MetadataAdmin json.RawMessage `json:"metadata_admin,omitempty"` + // State is the identity's state. // // required: false @@ -340,6 +347,8 @@ func (h *Handler) create(w http.ResponseWriter, r *http.Request, _ httprouter.Pa StateChangedAt: &stateChangedAt, VerifiableAddresses: cr.VerifiableAddresses, RecoveryAddresses: cr.RecoveryAddresses, + MetadataAdmin: []byte(cr.MetadataAdmin), + MetadataPublic: []byte(cr.MetadataPublic), } if err := h.importCredentials(r.Context(), i, cr.Credentials); err != nil { @@ -358,7 +367,7 @@ func (h *Handler) create(w http.ResponseWriter, r *http.Request, _ httprouter.Pa "identities", i.ID.String(), ).String(), - i, + WithCredentialsMetadataAndAdminMetadataInJSON(*i), ) } @@ -389,6 +398,13 @@ type AdminUpdateIdentityBody struct { // required: true Traits json.RawMessage `json:"traits"` + // Store metadata about the identity which the identity itself can see when calling for example the + // session endpoint. Do not store sensitive information (e.g. credit score) about the identity in this field. + MetadataPublic json.RawMessage `json:"metadata_public"` + + // Store metadata about the user which is only accessible through admin APIs such as `GET /admin/identities/`. + MetadataAdmin json.RawMessage `json:"metadata_admin,omitempty"` + // State is the identity's state. // // required: true @@ -454,6 +470,8 @@ func (h *Handler) update(w http.ResponseWriter, r *http.Request, ps httprouter.P } identity.Traits = []byte(ur.Traits) + identity.MetadataPublic = []byte(ur.MetadataPublic) + identity.MetadataAdmin = []byte(ur.MetadataAdmin) if err := h.r.IdentityManager().Update( r.Context(), identity, @@ -463,7 +481,7 @@ func (h *Handler) update(w http.ResponseWriter, r *http.Request, ps httprouter.P return } - h.r.Writer().Write(w, r, identity) + h.r.Writer().Write(w, r, WithCredentialsMetadataAndAdminMetadataInJSON(*identity)) } // swagger:parameters adminDeleteIdentity diff --git a/identity/handler_test.go b/identity/handler_test.go index 1cd3f4bf2c51..7b33eb344231 100644 --- a/identity/handler_test.go +++ b/identity/handler_test.go @@ -133,7 +133,6 @@ func TestHandler(t *testing.T) { t.Run("endpoint="+name, func(t *testing.T) { res := send(t, ts, "POST", "/identities", http.StatusBadRequest, json.RawMessage(`{"schema_url":"12345","traits":{}}`)) assert.Contains(t, res.Get("error.message").String(), "schema_url") - }) } }) @@ -151,6 +150,20 @@ func TestHandler(t *testing.T) { } }) + t.Run("case=should create an identity with metadata", func(t *testing.T) { + for name, ts := range map[string]*httptest.Server{"public": publicTS, "admin": adminTS} { + t.Run("endpoint="+name, func(t *testing.T) { + var i identity.AdminCreateIdentityBody + i.Traits = []byte(`{"bar":"baz"}`) + i.MetadataPublic = []byte(`{"public":"baz"}`) + i.MetadataAdmin = []byte(`{"admin":"baz"}`) + res := send(t, ts, "POST", "/identities", http.StatusCreated, &i) + assert.EqualValues(t, "baz", res.Get("metadata_admin.admin").String(), "%s", res.Raw) + assert.EqualValues(t, "baz", res.Get("metadata_public.public").String(), "%s", res.Raw) + }) + } + }) + t.Run("case=should be able to import users", func(t *testing.T) { ignoreDefault := []string{"id", "schema_url", "state_changed_at", "created_at", "updated_at"} t.Run("without any credentials", func(t *testing.T) { @@ -158,7 +171,7 @@ func TestHandler(t *testing.T) { actual, err := reg.PrivilegedIdentityPool().GetIdentityConfidential(ctx, uuid.FromStringOrNil(res.Get("id").String())) require.NoError(t, err) - snapshotx.SnapshotTExceptMatchingKeys(t, identity.WithCredentialsInJSON(*actual), ignoreDefault) + snapshotx.SnapshotTExceptMatchingKeys(t, identity.WithCredentialsAndAdminMetadataInJSON(*actual), ignoreDefault) }) t.Run("with cleartext password and oidc credentials", func(t *testing.T) { @@ -183,7 +196,7 @@ func TestHandler(t *testing.T) { actual, err := reg.PrivilegedIdentityPool().GetIdentityConfidential(ctx, uuid.FromStringOrNil(res.Get("id").String())) require.NoError(t, err) - snapshotx.SnapshotTExceptMatchingKeys(t, identity.WithCredentialsInJSON(*actual), append(ignoreDefault, "hashed_password")) + snapshotx.SnapshotTExceptMatchingKeys(t, identity.WithCredentialsAndAdminMetadataInJSON(*actual), append(ignoreDefault, "hashed_password")) require.NoError(t, hash.Compare(ctx, []byte("123456"), []byte(gjson.GetBytes(actual.Credentials[identity.CredentialsTypePassword].Config, "hashed_password").String()))) }) @@ -195,7 +208,7 @@ func TestHandler(t *testing.T) { actual, err := reg.PrivilegedIdentityPool().GetIdentityConfidential(ctx, uuid.FromStringOrNil(res.Get("id").String())) require.NoError(t, err) - snapshotx.SnapshotTExceptMatchingKeys(t, identity.WithCredentialsInJSON(*actual), append(ignoreDefault, "hashed_password")) + snapshotx.SnapshotTExceptMatchingKeys(t, identity.WithCredentialsAndAdminMetadataInJSON(*actual), append(ignoreDefault, "hashed_password")) require.NoError(t, hash.Compare(ctx, []byte("123456"), []byte(gjson.GetBytes(actual.Credentials[identity.CredentialsTypePassword].Config, "hashed_password").String()))) }) @@ -207,7 +220,7 @@ func TestHandler(t *testing.T) { actual, err := reg.PrivilegedIdentityPool().GetIdentityConfidential(ctx, uuid.FromStringOrNil(res.Get("id").String())) require.NoError(t, err) - snapshotx.SnapshotTExceptMatchingKeys(t, identity.WithCredentialsInJSON(*actual), append(ignoreDefault, "hashed_password")) + snapshotx.SnapshotTExceptMatchingKeys(t, identity.WithCredentialsAndAdminMetadataInJSON(*actual), append(ignoreDefault, "hashed_password")) require.NoError(t, hash.Compare(ctx, []byte("123456"), []byte(gjson.GetBytes(actual.Credentials[identity.CredentialsTypePassword].Config, "hashed_password").String()))) }) @@ -219,7 +232,7 @@ func TestHandler(t *testing.T) { actual, err := reg.PrivilegedIdentityPool().GetIdentityConfidential(ctx, uuid.FromStringOrNil(res.Get("id").String())) require.NoError(t, err) - snapshotx.SnapshotTExceptMatchingKeys(t, identity.WithCredentialsInJSON(*actual), append(ignoreDefault, "hashed_password")) + snapshotx.SnapshotTExceptMatchingKeys(t, identity.WithCredentialsAndAdminMetadataInJSON(*actual), append(ignoreDefault, "hashed_password")) require.NoError(t, hash.Compare(ctx, []byte("123456"), []byte(gjson.GetBytes(actual.Credentials[identity.CredentialsTypePassword].Config, "hashed_password").String()))) }) @@ -231,7 +244,7 @@ func TestHandler(t *testing.T) { actual, err := reg.PrivilegedIdentityPool().GetIdentityConfidential(ctx, uuid.FromStringOrNil(res.Get("id").String())) require.NoError(t, err) - snapshotx.SnapshotTExceptMatchingKeys(t, identity.WithCredentialsInJSON(*actual), append(ignoreDefault, "hashed_password")) + snapshotx.SnapshotTExceptMatchingKeys(t, identity.WithCredentialsAndAdminMetadataInJSON(*actual), append(ignoreDefault, "hashed_password")) require.NoError(t, hash.Compare(ctx, []byte("123456"), []byte(gjson.GetBytes(actual.Credentials[identity.CredentialsTypePassword].Config, "hashed_password").String()))) }) @@ -326,7 +339,6 @@ func TestHandler(t *testing.T) { }) t.Run("case=should be able to get the identity", func(t *testing.T) { - t.Logf("create oidc identity") for name, ts := range map[string]*httptest.Server{"public": publicTS, "admin": adminTS} { t.Run("endpoint="+name, func(t *testing.T) { res := get(t, ts, "/identities/"+i.ID.String(), http.StatusOK) @@ -414,23 +426,32 @@ func TestHandler(t *testing.T) { }) t.Run("case=should update an identity and persist the changes", func(t *testing.T) { + i := &identity.Identity{Traits: identity.Traits(fmt.Sprintf(`{"subject":"%s"}`, x.NewUUID().String()))} + require.NoError(t, reg.PrivilegedIdentityPool().CreateIdentity(context.Background(), i)) + for name, ts := range map[string]*httptest.Server{"public": publicTS, "admin": adminTS} { t.Run("endpoint="+name, func(t *testing.T) { ur := identity.AdminUpdateIdentityBody{ - Traits: []byte(`{"bar":"baz","foo":"baz"}`), - SchemaID: i.SchemaID, - State: identity.StateInactive, + Traits: []byte(`{"bar":"baz","foo":"baz"}`), + SchemaID: i.SchemaID, + State: identity.StateInactive, + MetadataPublic: []byte(`{"public":"metadata"}`), + MetadataAdmin: []byte(`{"admin":"metadata"}`), } res := send(t, ts, "PUT", "/identities/"+i.ID.String(), http.StatusOK, &ur) assert.EqualValues(t, "baz", res.Get("traits.bar").String(), "%s", res.Raw) assert.EqualValues(t, "baz", res.Get("traits.foo").String(), "%s", res.Raw) + assert.EqualValues(t, "metadata", res.Get("metadata_admin.admin").String(), "%s", res.Raw) + assert.EqualValues(t, "metadata", res.Get("metadata_public.public").String(), "%s", res.Raw) assert.EqualValues(t, identity.StateInactive, res.Get("state").String(), "%s", res.Raw) assert.NotEqualValues(t, i.StateChangedAt, sqlxx.NullTime(res.Get("state_changed_at").Time()), "%s", res.Raw) res = get(t, ts, "/identities/"+i.ID.String(), http.StatusOK) assert.EqualValues(t, i.ID.String(), res.Get("id").String(), "%s", res.Raw) assert.EqualValues(t, "baz", res.Get("traits.bar").String(), "%s", res.Raw) + assert.EqualValues(t, "metadata", res.Get("metadata_admin.admin").String(), "%s", res.Raw) + assert.EqualValues(t, "metadata", res.Get("metadata_public.public").String(), "%s", res.Raw) assert.EqualValues(t, identity.StateInactive, res.Get("state").String(), "%s", res.Raw) assert.NotEqualValues(t, i.StateChangedAt, sqlxx.NullTime(res.Get("state_changed_at").Time()), "%s", res.Raw) }) diff --git a/identity/identity.go b/identity/identity.go index d74c14a4a940..6169810f4162 100644 --- a/identity/identity.go +++ b/identity/identity.go @@ -119,6 +119,13 @@ type Identity struct { // --- RecoveryAddresses []RecoveryAddress `json:"recovery_addresses,omitempty" faker:"-" has_many:"identity_recovery_addresses" fk_id:"identity_id"` + // Store metadata about the identity which the identity itself can see when calling for example the + // session endpoint. Do not store sensitive information (e.g. credit score) about the identity in this field. + MetadataPublic sqlxx.NullJSONRawMessage `json:"metadata_public" faker:"-" db:"metadata_public"` + + // Store metadata about the user which is only accessible through admin APIs such as `GET /admin/identities/`. + MetadataAdmin sqlxx.NullJSONRawMessage `json:"metadata_admin,omitempty" faker:"-" db:"metadata_admin"` + // CreatedAt is a helper struct field for gobuffalo.pop. CreatedAt time.Time `json:"created_at" db:"created_at"` @@ -298,6 +305,7 @@ func (i Identity) GetNID() uuid.UUID { func (i Identity) MarshalJSON() ([]byte, error) { type localIdentity Identity i.Credentials = nil + i.MetadataAdmin = nil result, err := json.Marshal(localIdentity(i)) if err != nil { return nil, err @@ -309,19 +317,20 @@ func (i *Identity) UnmarshalJSON(b []byte) error { type localIdentity Identity err := json.Unmarshal(b, (*localIdentity)(i)) i.Credentials = nil + i.MetadataAdmin = nil return err } -type WithCredentialsInJSON Identity +type WithCredentialsAndAdminMetadataInJSON Identity -func (i WithCredentialsInJSON) MarshalJSON() ([]byte, error) { +func (i WithCredentialsAndAdminMetadataInJSON) MarshalJSON() ([]byte, error) { type localIdentity Identity return json.Marshal(localIdentity(i)) } -type WithCredentialsMetadataInJSON Identity +type WithCredentialsMetadataAndAdminMetadataInJSON Identity -func (i WithCredentialsMetadataInJSON) MarshalJSON() ([]byte, error) { +func (i WithCredentialsMetadataAndAdminMetadataInJSON) MarshalJSON() ([]byte, error) { type localIdentity Identity for k, v := range i.Credentials { v.Config = nil diff --git a/identity/identity_test.go b/identity/identity_test.go index 4ffa51da4ce0..1837ca925923 100644 --- a/identity/identity_test.go +++ b/identity/identity_test.go @@ -6,6 +6,8 @@ import ( "fmt" "testing" + "github.com/ory/x/snapshotx" + "github.com/ory/kratos/x" "github.com/stretchr/testify/require" @@ -122,6 +124,22 @@ func TestMarshalExcludesCredentialsByReference(t *testing.T) { require.NotEmpty(t, i.Credentials) } +func TestMarshalIgnoresAdminMetadata(t *testing.T) { + i := NewIdentity(config.DefaultIdentityTraitsSchemaID) + i.MetadataAdmin = []byte(`{"admin":"bar"}`) + i.MetadataPublic = []byte(`{"public":"bar"}`) + + var b bytes.Buffer + require.Nil(t, json.NewEncoder(&b).Encode(&i)) + + assert.False(t, gjson.Get(b.String(), "metadata_admin.admin").Exists(), "Admin metadata should not be rendered to json but got: %s", b.String()) + assert.Equal(t, "bar", gjson.Get(b.String(), "metadata_public.public").String(), "Public metadata should be rendered to json") + + // To ensure the original identity is not changed / Unmarshal has no side effects: + require.NotEmpty(t, i.MetadataAdmin) + require.NotEmpty(t, i.MetadataPublic) +} + func TestUnMarshallIgnoresCredentials(t *testing.T) { jsonText := "{\"id\":\"3234ad11-49c6-49e2-bfac-537f3e06cd85\",\"schema_id\":\"default\",\"schema_url\":\"\",\"traits\":{}, \"credentials\" : {\"password\":{\"type\":\"\",\"identifiers\":null,\"config\":null,\"updatedAt\":\"0001-01-01T00:00:00Z\"}}}" var i Identity @@ -132,17 +150,26 @@ func TestUnMarshallIgnoresCredentials(t *testing.T) { assert.Equal(t, "3234ad11-49c6-49e2-bfac-537f3e06cd85", i.ID.String()) } +func TestUnMarshallIgnoresAdminMetadata(t *testing.T) { + jsonText := "{\"id\":\"3234ad11-49c6-49e2-bfac-537f3e06cd85\",\"schema_id\":\"default\",\"schema_url\":\"\",\"traits\":{}, \"admin_metadata\" : {\"foo\":\"bar\"}}" + var i Identity + err := json.Unmarshal([]byte(jsonText), &i) + assert.Nil(t, err) + + assert.Nil(t, i.MetadataAdmin) +} + func TestMarshalIdentityWithCredentialsWhenCredentialsNil(t *testing.T) { i := NewIdentity(config.DefaultIdentityTraitsSchemaID) i.Credentials = nil var b bytes.Buffer - require.Nil(t, json.NewEncoder(&b).Encode(WithCredentialsMetadataInJSON(*i))) + require.Nil(t, json.NewEncoder(&b).Encode(WithCredentialsMetadataAndAdminMetadataInJSON(*i))) assert.False(t, gjson.Get(b.String(), "credentials").Exists()) } -func TestMarshalIdentityWithCredentials(t *testing.T) { +func TestMarshalIdentityWithCredentialsMetadata(t *testing.T) { i := NewIdentity(config.DefaultIdentityTraitsSchemaID) credentials := map[CredentialsType]Credentials{ CredentialsTypePassword: { @@ -151,15 +178,39 @@ func TestMarshalIdentityWithCredentials(t *testing.T) { }, } i.Credentials = credentials + i.MetadataAdmin = []byte(`{"some":"metadata"}`) var b bytes.Buffer - require.Nil(t, json.NewEncoder(&b).Encode(WithCredentialsMetadataInJSON(*i))) + require.Nil(t, json.NewEncoder(&b).Encode(WithCredentialsMetadataAndAdminMetadataInJSON(*i))) credentialsInJson := gjson.Get(b.String(), "credentials") assert.True(t, credentialsInJson.Exists()) assert.JSONEq(t, "{\"password\":{\"type\":\"password\",\"identifiers\":null,\"updated_at\":\"0001-01-01T00:00:00Z\",\"created_at\":\"0001-01-01T00:00:00Z\",\"version\":0}}", credentialsInJson.Raw) assert.Equal(t, credentials, i.Credentials, "Original credentials should not be touched by marshalling") + assert.Equal(t, "metadata", gjson.GetBytes(i.MetadataAdmin, "some").String(), "Original credentials should not be touched by marshalling") +} + +func TestMarshalIdentityWithAll(t *testing.T) { + i := NewIdentity(config.DefaultIdentityTraitsSchemaID) + credentials := map[CredentialsType]Credentials{ + CredentialsTypePassword: { + Type: CredentialsTypePassword, + Config: sqlxx.JSONRawMessage("{\"some\" : \"secret\"}"), + }, + } + i.Credentials = credentials + i.MetadataAdmin = []byte(`{"some":"metadata"}`) + + var b bytes.Buffer + require.Nil(t, json.NewEncoder(&b).Encode(WithCredentialsAndAdminMetadataInJSON(*i))) + + credentialsInJson := gjson.Get(b.String(), "credentials") + assert.True(t, credentialsInJson.Exists()) + + snapshotx.SnapshotTExcept(t, json.RawMessage(credentialsInJson.Raw), nil) + assert.Equal(t, credentials, i.Credentials, "Original credentials should not be touched by marshalling") + assert.Equal(t, "metadata", gjson.GetBytes(i.MetadataAdmin, "some").String(), "Original credentials should not be touched by marshalling") } func TestValidateNID(t *testing.T) { diff --git a/internal/httpclient/api/openapi.yaml b/internal/httpclient/api/openapi.yaml index e0561cbb757a..a056db676e08 100644 --- a/internal/httpclient/api/openapi.yaml +++ b/internal/httpclient/api/openapi.yaml @@ -2649,9 +2649,18 @@ components: schemas: AdminUpdateIdentityBody: example: + metadata_admin: "" traits: '{}' schema_id: schema_id + metadata_public: "" properties: + metadata_admin: + description: Store metadata about the user which is only accessible through + admin APIs such as `GET /admin/identities/`. + metadata_public: + description: |- + Store metadata about the identity which the identity itself can see when calling for example the + session endpoint. Do not store sensitive information (e.g. credit score) about the identity in this field. schema_id: description: |- SchemaID is the ID of the JSON Schema to be used for validating the identity's traits. If set @@ -2721,6 +2730,13 @@ components: properties: credentials: $ref: '#/components/schemas/adminIdentityImportCredentials' + metadata_admin: + description: Store metadata about the user which is only accessible through + admin APIs such as `GET /admin/identities/`. + metadata_public: + description: |- + Store metadata about the identity which the identity itself can see when calling for example the + session endpoint. Do not store sensitive information (e.g. credit score) about the identity in this field. recovery_addresses: description: |- RecoveryAddresses contains all the addresses that can be used to recover an identity. @@ -2965,6 +2981,18 @@ components: An identity can be a real human, a service, an IoT device - everything that can be described as an "actor" in a system. example: + traits: "" + credentials: + key: + updated_at: 2000-01-23T04:56:07.000+00:00 + identifiers: + - identifiers + - identifiers + created_at: 2000-01-23T04:56:07.000+00:00 + config: '{}' + version: 0 + state_changed_at: 2000-01-23T04:56:07.000+00:00 + created_at: 2000-01-23T04:56:07.000+00:00 recovery_addresses: - updated_at: 2000-01-23T04:56:07.000+00:00 created_at: 2000-01-23T04:56:07.000+00:00 @@ -2976,17 +3004,8 @@ components: id: id value: value via: via - traits: "" + metadata_admin: "" updated_at: 2000-01-23T04:56:07.000+00:00 - credentials: - key: - updated_at: 2000-01-23T04:56:07.000+00:00 - identifiers: - - identifiers - - identifiers - created_at: 2000-01-23T04:56:07.000+00:00 - config: '{}' - version: 0 verifiable_addresses: - updated_at: 2014-01-01T23:28:56.782Z verified_at: 2000-01-23T04:56:07.000+00:00 @@ -3005,10 +3024,9 @@ components: status: status via: via schema_id: schema_id - state_changed_at: 2000-01-23T04:56:07.000+00:00 - created_at: 2000-01-23T04:56:07.000+00:00 schema_url: schema_url id: id + metadata_public: "" properties: created_at: description: CreatedAt is a helper struct field for gobuffalo.pop. @@ -3023,6 +3041,12 @@ components: id: format: uuid4 type: string + metadata_admin: + description: NullJSONRawMessage represents a json.RawMessage that works + well with JSON, SQL, and Swagger and is NULLable- + metadata_public: + description: NullJSONRawMessage represents a json.RawMessage that works + well with JSON, SQL, and Swagger and is NULLable- recovery_addresses: description: RecoveryAddresses contains all the addresses that can be used to recover an identity. @@ -3260,6 +3284,9 @@ components: title: Is sent when a privileged session is required to perform the settings update. type: object + nullJsonRawMessage: + description: NullJSONRawMessage represents a json.RawMessage that works well + with JSON, SQL, and Swagger and is NULLable- nullTime: format: date-time title: NullTime implements sql.NullTime functionality. @@ -3857,6 +3884,18 @@ components: text: text type: type identity: + traits: "" + credentials: + key: + updated_at: 2000-01-23T04:56:07.000+00:00 + identifiers: + - identifiers + - identifiers + created_at: 2000-01-23T04:56:07.000+00:00 + config: '{}' + version: 0 + state_changed_at: 2000-01-23T04:56:07.000+00:00 + created_at: 2000-01-23T04:56:07.000+00:00 recovery_addresses: - updated_at: 2000-01-23T04:56:07.000+00:00 created_at: 2000-01-23T04:56:07.000+00:00 @@ -3868,17 +3907,8 @@ components: id: id value: value via: via - traits: "" + metadata_admin: "" updated_at: 2000-01-23T04:56:07.000+00:00 - credentials: - key: - updated_at: 2000-01-23T04:56:07.000+00:00 - identifiers: - - identifiers - - identifiers - created_at: 2000-01-23T04:56:07.000+00:00 - config: '{}' - version: 0 verifiable_addresses: - updated_at: 2014-01-01T23:28:56.782Z verified_at: 2000-01-23T04:56:07.000+00:00 @@ -3897,10 +3927,9 @@ components: status: status via: via schema_id: schema_id - state_changed_at: 2000-01-23T04:56:07.000+00:00 - created_at: 2000-01-23T04:56:07.000+00:00 schema_url: schema_url id: id + metadata_public: "" active: active return_to: return_to id: id @@ -4092,6 +4121,18 @@ components: - completed_at: 2000-01-23T04:56:07.000+00:00 method: link_recovery identity: + traits: "" + credentials: + key: + updated_at: 2000-01-23T04:56:07.000+00:00 + identifiers: + - identifiers + - identifiers + created_at: 2000-01-23T04:56:07.000+00:00 + config: '{}' + version: 0 + state_changed_at: 2000-01-23T04:56:07.000+00:00 + created_at: 2000-01-23T04:56:07.000+00:00 recovery_addresses: - updated_at: 2000-01-23T04:56:07.000+00:00 created_at: 2000-01-23T04:56:07.000+00:00 @@ -4103,17 +4144,8 @@ components: id: id value: value via: via - traits: "" + metadata_admin: "" updated_at: 2000-01-23T04:56:07.000+00:00 - credentials: - key: - updated_at: 2000-01-23T04:56:07.000+00:00 - identifiers: - - identifiers - - identifiers - created_at: 2000-01-23T04:56:07.000+00:00 - config: '{}' - version: 0 verifiable_addresses: - updated_at: 2014-01-01T23:28:56.782Z verified_at: 2000-01-23T04:56:07.000+00:00 @@ -4132,10 +4164,9 @@ components: status: status via: via schema_id: schema_id - state_changed_at: 2000-01-23T04:56:07.000+00:00 - created_at: 2000-01-23T04:56:07.000+00:00 schema_url: schema_url id: id + metadata_public: "" authenticated_at: 2000-01-23T04:56:07.000+00:00 active: true id: id @@ -4755,6 +4786,18 @@ components: - completed_at: 2000-01-23T04:56:07.000+00:00 method: link_recovery identity: + traits: "" + credentials: + key: + updated_at: 2000-01-23T04:56:07.000+00:00 + identifiers: + - identifiers + - identifiers + created_at: 2000-01-23T04:56:07.000+00:00 + config: '{}' + version: 0 + state_changed_at: 2000-01-23T04:56:07.000+00:00 + created_at: 2000-01-23T04:56:07.000+00:00 recovery_addresses: - updated_at: 2000-01-23T04:56:07.000+00:00 created_at: 2000-01-23T04:56:07.000+00:00 @@ -4766,17 +4809,8 @@ components: id: id value: value via: via - traits: "" + metadata_admin: "" updated_at: 2000-01-23T04:56:07.000+00:00 - credentials: - key: - updated_at: 2000-01-23T04:56:07.000+00:00 - identifiers: - - identifiers - - identifiers - created_at: 2000-01-23T04:56:07.000+00:00 - config: '{}' - version: 0 verifiable_addresses: - updated_at: 2014-01-01T23:28:56.782Z verified_at: 2000-01-23T04:56:07.000+00:00 @@ -4795,10 +4829,9 @@ components: status: status via: via schema_id: schema_id - state_changed_at: 2000-01-23T04:56:07.000+00:00 - created_at: 2000-01-23T04:56:07.000+00:00 schema_url: schema_url id: id + metadata_public: "" authenticated_at: 2000-01-23T04:56:07.000+00:00 active: true id: id @@ -4825,6 +4858,18 @@ components: example: session_token: session_token identity: + traits: "" + credentials: + key: + updated_at: 2000-01-23T04:56:07.000+00:00 + identifiers: + - identifiers + - identifiers + created_at: 2000-01-23T04:56:07.000+00:00 + config: '{}' + version: 0 + state_changed_at: 2000-01-23T04:56:07.000+00:00 + created_at: 2000-01-23T04:56:07.000+00:00 recovery_addresses: - updated_at: 2000-01-23T04:56:07.000+00:00 created_at: 2000-01-23T04:56:07.000+00:00 @@ -4836,17 +4881,8 @@ components: id: id value: value via: via - traits: "" + metadata_admin: "" updated_at: 2000-01-23T04:56:07.000+00:00 - credentials: - key: - updated_at: 2000-01-23T04:56:07.000+00:00 - identifiers: - - identifiers - - identifiers - created_at: 2000-01-23T04:56:07.000+00:00 - config: '{}' - version: 0 verifiable_addresses: - updated_at: 2014-01-01T23:28:56.782Z verified_at: 2000-01-23T04:56:07.000+00:00 @@ -4865,10 +4901,9 @@ components: status: status via: via schema_id: schema_id - state_changed_at: 2000-01-23T04:56:07.000+00:00 - created_at: 2000-01-23T04:56:07.000+00:00 schema_url: schema_url id: id + metadata_public: "" session: expires_at: 2000-01-23T04:56:07.000+00:00 authentication_methods: @@ -4877,6 +4912,18 @@ components: - completed_at: 2000-01-23T04:56:07.000+00:00 method: link_recovery identity: + traits: "" + credentials: + key: + updated_at: 2000-01-23T04:56:07.000+00:00 + identifiers: + - identifiers + - identifiers + created_at: 2000-01-23T04:56:07.000+00:00 + config: '{}' + version: 0 + state_changed_at: 2000-01-23T04:56:07.000+00:00 + created_at: 2000-01-23T04:56:07.000+00:00 recovery_addresses: - updated_at: 2000-01-23T04:56:07.000+00:00 created_at: 2000-01-23T04:56:07.000+00:00 @@ -4888,17 +4935,8 @@ components: id: id value: value via: via - traits: "" + metadata_admin: "" updated_at: 2000-01-23T04:56:07.000+00:00 - credentials: - key: - updated_at: 2000-01-23T04:56:07.000+00:00 - identifiers: - - identifiers - - identifiers - created_at: 2000-01-23T04:56:07.000+00:00 - config: '{}' - version: 0 verifiable_addresses: - updated_at: 2014-01-01T23:28:56.782Z verified_at: 2000-01-23T04:56:07.000+00:00 @@ -4917,10 +4955,9 @@ components: status: status via: via schema_id: schema_id - state_changed_at: 2000-01-23T04:56:07.000+00:00 - created_at: 2000-01-23T04:56:07.000+00:00 schema_url: schema_url id: id + metadata_public: "" authenticated_at: 2000-01-23T04:56:07.000+00:00 active: true id: id diff --git a/internal/httpclient/docs/AdminCreateIdentityBody.md b/internal/httpclient/docs/AdminCreateIdentityBody.md index 5cdefd177537..165f9fb4a72f 100644 --- a/internal/httpclient/docs/AdminCreateIdentityBody.md +++ b/internal/httpclient/docs/AdminCreateIdentityBody.md @@ -5,6 +5,8 @@ Name | Type | Description | Notes ------------ | ------------- | ------------- | ------------- **Credentials** | Pointer to [**AdminIdentityImportCredentials**](AdminIdentityImportCredentials.md) | | [optional] +**MetadataAdmin** | Pointer to **interface{}** | Store metadata about the user which is only accessible through admin APIs such as `GET /admin/identities/<id>`. | [optional] +**MetadataPublic** | Pointer to **interface{}** | Store metadata about the identity which the identity itself can see when calling for example the session endpoint. Do not store sensitive information (e.g. credit score) about the identity in this field. | [optional] **RecoveryAddresses** | Pointer to [**[]RecoveryAddress**](RecoveryAddress.md) | RecoveryAddresses contains all the addresses that can be used to recover an identity. Use this structure to import recovery addresses for an identity. Please keep in mind that the address needs to be represented in the Identity Schema or this field will be overwritten on the next identity update. | [optional] **SchemaId** | **string** | SchemaID is the ID of the JSON Schema to be used for validating the identity's traits. | **State** | Pointer to [**IdentityState**](IdentityState.md) | | [optional] @@ -55,6 +57,76 @@ SetCredentials sets Credentials field to given value. HasCredentials returns a boolean if a field has been set. +### GetMetadataAdmin + +`func (o *AdminCreateIdentityBody) GetMetadataAdmin() interface{}` + +GetMetadataAdmin returns the MetadataAdmin field if non-nil, zero value otherwise. + +### GetMetadataAdminOk + +`func (o *AdminCreateIdentityBody) GetMetadataAdminOk() (*interface{}, bool)` + +GetMetadataAdminOk returns a tuple with the MetadataAdmin field if it's non-nil, zero value otherwise +and a boolean to check if the value has been set. + +### SetMetadataAdmin + +`func (o *AdminCreateIdentityBody) SetMetadataAdmin(v interface{})` + +SetMetadataAdmin sets MetadataAdmin field to given value. + +### HasMetadataAdmin + +`func (o *AdminCreateIdentityBody) HasMetadataAdmin() bool` + +HasMetadataAdmin returns a boolean if a field has been set. + +### SetMetadataAdminNil + +`func (o *AdminCreateIdentityBody) SetMetadataAdminNil(b bool)` + + SetMetadataAdminNil sets the value for MetadataAdmin to be an explicit nil + +### UnsetMetadataAdmin +`func (o *AdminCreateIdentityBody) UnsetMetadataAdmin()` + +UnsetMetadataAdmin ensures that no value is present for MetadataAdmin, not even an explicit nil +### GetMetadataPublic + +`func (o *AdminCreateIdentityBody) GetMetadataPublic() interface{}` + +GetMetadataPublic returns the MetadataPublic field if non-nil, zero value otherwise. + +### GetMetadataPublicOk + +`func (o *AdminCreateIdentityBody) GetMetadataPublicOk() (*interface{}, bool)` + +GetMetadataPublicOk returns a tuple with the MetadataPublic field if it's non-nil, zero value otherwise +and a boolean to check if the value has been set. + +### SetMetadataPublic + +`func (o *AdminCreateIdentityBody) SetMetadataPublic(v interface{})` + +SetMetadataPublic sets MetadataPublic field to given value. + +### HasMetadataPublic + +`func (o *AdminCreateIdentityBody) HasMetadataPublic() bool` + +HasMetadataPublic returns a boolean if a field has been set. + +### SetMetadataPublicNil + +`func (o *AdminCreateIdentityBody) SetMetadataPublicNil(b bool)` + + SetMetadataPublicNil sets the value for MetadataPublic to be an explicit nil + +### UnsetMetadataPublic +`func (o *AdminCreateIdentityBody) UnsetMetadataPublic()` + +UnsetMetadataPublic ensures that no value is present for MetadataPublic, not even an explicit nil ### GetRecoveryAddresses `func (o *AdminCreateIdentityBody) GetRecoveryAddresses() []RecoveryAddress` diff --git a/internal/httpclient/docs/AdminUpdateIdentityBody.md b/internal/httpclient/docs/AdminUpdateIdentityBody.md index 58d6b3ebbe43..9da33c1a41e1 100644 --- a/internal/httpclient/docs/AdminUpdateIdentityBody.md +++ b/internal/httpclient/docs/AdminUpdateIdentityBody.md @@ -4,6 +4,8 @@ Name | Type | Description | Notes ------------ | ------------- | ------------- | ------------- +**MetadataAdmin** | Pointer to **interface{}** | Store metadata about the user which is only accessible through admin APIs such as `GET /admin/identities/<id>`. | [optional] +**MetadataPublic** | Pointer to **interface{}** | Store metadata about the identity which the identity itself can see when calling for example the session endpoint. Do not store sensitive information (e.g. credit score) about the identity in this field. | [optional] **SchemaId** | **string** | SchemaID is the ID of the JSON Schema to be used for validating the identity's traits. If set will update the Identity's SchemaID. | **State** | [**IdentityState**](IdentityState.md) | | **Traits** | **map[string]interface{}** | Traits represent an identity's traits. The identity is able to create, modify, and delete traits in a self-service manner. The input will always be validated against the JSON Schema defined in `schema_id`. | @@ -27,6 +29,76 @@ NewAdminUpdateIdentityBodyWithDefaults instantiates a new AdminUpdateIdentityBod This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set +### GetMetadataAdmin + +`func (o *AdminUpdateIdentityBody) GetMetadataAdmin() interface{}` + +GetMetadataAdmin returns the MetadataAdmin field if non-nil, zero value otherwise. + +### GetMetadataAdminOk + +`func (o *AdminUpdateIdentityBody) GetMetadataAdminOk() (*interface{}, bool)` + +GetMetadataAdminOk returns a tuple with the MetadataAdmin field if it's non-nil, zero value otherwise +and a boolean to check if the value has been set. + +### SetMetadataAdmin + +`func (o *AdminUpdateIdentityBody) SetMetadataAdmin(v interface{})` + +SetMetadataAdmin sets MetadataAdmin field to given value. + +### HasMetadataAdmin + +`func (o *AdminUpdateIdentityBody) HasMetadataAdmin() bool` + +HasMetadataAdmin returns a boolean if a field has been set. + +### SetMetadataAdminNil + +`func (o *AdminUpdateIdentityBody) SetMetadataAdminNil(b bool)` + + SetMetadataAdminNil sets the value for MetadataAdmin to be an explicit nil + +### UnsetMetadataAdmin +`func (o *AdminUpdateIdentityBody) UnsetMetadataAdmin()` + +UnsetMetadataAdmin ensures that no value is present for MetadataAdmin, not even an explicit nil +### GetMetadataPublic + +`func (o *AdminUpdateIdentityBody) GetMetadataPublic() interface{}` + +GetMetadataPublic returns the MetadataPublic field if non-nil, zero value otherwise. + +### GetMetadataPublicOk + +`func (o *AdminUpdateIdentityBody) GetMetadataPublicOk() (*interface{}, bool)` + +GetMetadataPublicOk returns a tuple with the MetadataPublic field if it's non-nil, zero value otherwise +and a boolean to check if the value has been set. + +### SetMetadataPublic + +`func (o *AdminUpdateIdentityBody) SetMetadataPublic(v interface{})` + +SetMetadataPublic sets MetadataPublic field to given value. + +### HasMetadataPublic + +`func (o *AdminUpdateIdentityBody) HasMetadataPublic() bool` + +HasMetadataPublic returns a boolean if a field has been set. + +### SetMetadataPublicNil + +`func (o *AdminUpdateIdentityBody) SetMetadataPublicNil(b bool)` + + SetMetadataPublicNil sets the value for MetadataPublic to be an explicit nil + +### UnsetMetadataPublic +`func (o *AdminUpdateIdentityBody) UnsetMetadataPublic()` + +UnsetMetadataPublic ensures that no value is present for MetadataPublic, not even an explicit nil ### GetSchemaId `func (o *AdminUpdateIdentityBody) GetSchemaId() string` diff --git a/internal/httpclient/docs/Identity.md b/internal/httpclient/docs/Identity.md index 87108c79dd93..7040cdab5aaa 100644 --- a/internal/httpclient/docs/Identity.md +++ b/internal/httpclient/docs/Identity.md @@ -7,6 +7,8 @@ Name | Type | Description | Notes **CreatedAt** | Pointer to **time.Time** | CreatedAt is a helper struct field for gobuffalo.pop. | [optional] **Credentials** | Pointer to [**map[string]IdentityCredentials**](IdentityCredentials.md) | Credentials represents all credentials that can be used for authenticating this identity. | [optional] **Id** | **string** | | +**MetadataAdmin** | Pointer to **interface{}** | NullJSONRawMessage represents a json.RawMessage that works well with JSON, SQL, and Swagger and is NULLable- | [optional] +**MetadataPublic** | Pointer to **interface{}** | NullJSONRawMessage represents a json.RawMessage that works well with JSON, SQL, and Swagger and is NULLable- | [optional] **RecoveryAddresses** | Pointer to [**[]RecoveryAddress**](RecoveryAddress.md) | RecoveryAddresses contains all the addresses that can be used to recover an identity. | [optional] **SchemaId** | **string** | SchemaID is the ID of the JSON Schema to be used for validating the identity's traits. | **SchemaUrl** | **string** | SchemaURL is the URL of the endpoint where the identity's traits schema can be fetched from. format: url | @@ -105,6 +107,76 @@ and a boolean to check if the value has been set. SetId sets Id field to given value. +### GetMetadataAdmin + +`func (o *Identity) GetMetadataAdmin() interface{}` + +GetMetadataAdmin returns the MetadataAdmin field if non-nil, zero value otherwise. + +### GetMetadataAdminOk + +`func (o *Identity) GetMetadataAdminOk() (*interface{}, bool)` + +GetMetadataAdminOk returns a tuple with the MetadataAdmin field if it's non-nil, zero value otherwise +and a boolean to check if the value has been set. + +### SetMetadataAdmin + +`func (o *Identity) SetMetadataAdmin(v interface{})` + +SetMetadataAdmin sets MetadataAdmin field to given value. + +### HasMetadataAdmin + +`func (o *Identity) HasMetadataAdmin() bool` + +HasMetadataAdmin returns a boolean if a field has been set. + +### SetMetadataAdminNil + +`func (o *Identity) SetMetadataAdminNil(b bool)` + + SetMetadataAdminNil sets the value for MetadataAdmin to be an explicit nil + +### UnsetMetadataAdmin +`func (o *Identity) UnsetMetadataAdmin()` + +UnsetMetadataAdmin ensures that no value is present for MetadataAdmin, not even an explicit nil +### GetMetadataPublic + +`func (o *Identity) GetMetadataPublic() interface{}` + +GetMetadataPublic returns the MetadataPublic field if non-nil, zero value otherwise. + +### GetMetadataPublicOk + +`func (o *Identity) GetMetadataPublicOk() (*interface{}, bool)` + +GetMetadataPublicOk returns a tuple with the MetadataPublic field if it's non-nil, zero value otherwise +and a boolean to check if the value has been set. + +### SetMetadataPublic + +`func (o *Identity) SetMetadataPublic(v interface{})` + +SetMetadataPublic sets MetadataPublic field to given value. + +### HasMetadataPublic + +`func (o *Identity) HasMetadataPublic() bool` + +HasMetadataPublic returns a boolean if a field has been set. + +### SetMetadataPublicNil + +`func (o *Identity) SetMetadataPublicNil(b bool)` + + SetMetadataPublicNil sets the value for MetadataPublic to be an explicit nil + +### UnsetMetadataPublic +`func (o *Identity) UnsetMetadataPublic()` + +UnsetMetadataPublic ensures that no value is present for MetadataPublic, not even an explicit nil ### GetRecoveryAddresses `func (o *Identity) GetRecoveryAddresses() []RecoveryAddress` diff --git a/internal/httpclient/model_admin_create_identity_body.go b/internal/httpclient/model_admin_create_identity_body.go index 9eb26ba681bc..b0aa0fbfab29 100644 --- a/internal/httpclient/model_admin_create_identity_body.go +++ b/internal/httpclient/model_admin_create_identity_body.go @@ -18,6 +18,10 @@ import ( // AdminCreateIdentityBody struct for AdminCreateIdentityBody type AdminCreateIdentityBody struct { Credentials *AdminIdentityImportCredentials `json:"credentials,omitempty"` + // Store metadata about the user which is only accessible through admin APIs such as `GET /admin/identities/`. + MetadataAdmin interface{} `json:"metadata_admin,omitempty"` + // Store metadata about the identity which the identity itself can see when calling for example the session endpoint. Do not store sensitive information (e.g. credit score) about the identity in this field. + MetadataPublic interface{} `json:"metadata_public,omitempty"` // RecoveryAddresses contains all the addresses that can be used to recover an identity. Use this structure to import recovery addresses for an identity. Please keep in mind that the address needs to be represented in the Identity Schema or this field will be overwritten on the next identity update. RecoveryAddresses []RecoveryAddress `json:"recovery_addresses,omitempty"` // SchemaID is the ID of the JSON Schema to be used for validating the identity's traits. @@ -80,6 +84,72 @@ func (o *AdminCreateIdentityBody) SetCredentials(v AdminIdentityImportCredential o.Credentials = &v } +// GetMetadataAdmin returns the MetadataAdmin field value if set, zero value otherwise (both if not set or set to explicit null). +func (o *AdminCreateIdentityBody) GetMetadataAdmin() interface{} { + if o == nil { + var ret interface{} + return ret + } + return o.MetadataAdmin +} + +// GetMetadataAdminOk returns a tuple with the MetadataAdmin field value if set, nil otherwise +// and a boolean to check if the value has been set. +// NOTE: If the value is an explicit nil, `nil, true` will be returned +func (o *AdminCreateIdentityBody) GetMetadataAdminOk() (*interface{}, bool) { + if o == nil || o.MetadataAdmin == nil { + return nil, false + } + return &o.MetadataAdmin, true +} + +// HasMetadataAdmin returns a boolean if a field has been set. +func (o *AdminCreateIdentityBody) HasMetadataAdmin() bool { + if o != nil && o.MetadataAdmin != nil { + return true + } + + return false +} + +// SetMetadataAdmin gets a reference to the given interface{} and assigns it to the MetadataAdmin field. +func (o *AdminCreateIdentityBody) SetMetadataAdmin(v interface{}) { + o.MetadataAdmin = v +} + +// GetMetadataPublic returns the MetadataPublic field value if set, zero value otherwise (both if not set or set to explicit null). +func (o *AdminCreateIdentityBody) GetMetadataPublic() interface{} { + if o == nil { + var ret interface{} + return ret + } + return o.MetadataPublic +} + +// GetMetadataPublicOk returns a tuple with the MetadataPublic field value if set, nil otherwise +// and a boolean to check if the value has been set. +// NOTE: If the value is an explicit nil, `nil, true` will be returned +func (o *AdminCreateIdentityBody) GetMetadataPublicOk() (*interface{}, bool) { + if o == nil || o.MetadataPublic == nil { + return nil, false + } + return &o.MetadataPublic, true +} + +// HasMetadataPublic returns a boolean if a field has been set. +func (o *AdminCreateIdentityBody) HasMetadataPublic() bool { + if o != nil && o.MetadataPublic != nil { + return true + } + + return false +} + +// SetMetadataPublic gets a reference to the given interface{} and assigns it to the MetadataPublic field. +func (o *AdminCreateIdentityBody) SetMetadataPublic(v interface{}) { + o.MetadataPublic = v +} + // GetRecoveryAddresses returns the RecoveryAddresses field value if set, zero value otherwise. func (o *AdminCreateIdentityBody) GetRecoveryAddresses() []RecoveryAddress { if o == nil || o.RecoveryAddresses == nil { @@ -229,6 +299,12 @@ func (o AdminCreateIdentityBody) MarshalJSON() ([]byte, error) { if o.Credentials != nil { toSerialize["credentials"] = o.Credentials } + if o.MetadataAdmin != nil { + toSerialize["metadata_admin"] = o.MetadataAdmin + } + if o.MetadataPublic != nil { + toSerialize["metadata_public"] = o.MetadataPublic + } if o.RecoveryAddresses != nil { toSerialize["recovery_addresses"] = o.RecoveryAddresses } diff --git a/internal/httpclient/model_admin_update_identity_body.go b/internal/httpclient/model_admin_update_identity_body.go index ceb665030246..152fe5b0661e 100644 --- a/internal/httpclient/model_admin_update_identity_body.go +++ b/internal/httpclient/model_admin_update_identity_body.go @@ -17,6 +17,10 @@ import ( // AdminUpdateIdentityBody struct for AdminUpdateIdentityBody type AdminUpdateIdentityBody struct { + // Store metadata about the user which is only accessible through admin APIs such as `GET /admin/identities/`. + MetadataAdmin interface{} `json:"metadata_admin,omitempty"` + // Store metadata about the identity which the identity itself can see when calling for example the session endpoint. Do not store sensitive information (e.g. credit score) about the identity in this field. + MetadataPublic interface{} `json:"metadata_public,omitempty"` // SchemaID is the ID of the JSON Schema to be used for validating the identity's traits. If set will update the Identity's SchemaID. SchemaId string `json:"schema_id"` State IdentityState `json:"state"` @@ -44,6 +48,72 @@ func NewAdminUpdateIdentityBodyWithDefaults() *AdminUpdateIdentityBody { return &this } +// GetMetadataAdmin returns the MetadataAdmin field value if set, zero value otherwise (both if not set or set to explicit null). +func (o *AdminUpdateIdentityBody) GetMetadataAdmin() interface{} { + if o == nil { + var ret interface{} + return ret + } + return o.MetadataAdmin +} + +// GetMetadataAdminOk returns a tuple with the MetadataAdmin field value if set, nil otherwise +// and a boolean to check if the value has been set. +// NOTE: If the value is an explicit nil, `nil, true` will be returned +func (o *AdminUpdateIdentityBody) GetMetadataAdminOk() (*interface{}, bool) { + if o == nil || o.MetadataAdmin == nil { + return nil, false + } + return &o.MetadataAdmin, true +} + +// HasMetadataAdmin returns a boolean if a field has been set. +func (o *AdminUpdateIdentityBody) HasMetadataAdmin() bool { + if o != nil && o.MetadataAdmin != nil { + return true + } + + return false +} + +// SetMetadataAdmin gets a reference to the given interface{} and assigns it to the MetadataAdmin field. +func (o *AdminUpdateIdentityBody) SetMetadataAdmin(v interface{}) { + o.MetadataAdmin = v +} + +// GetMetadataPublic returns the MetadataPublic field value if set, zero value otherwise (both if not set or set to explicit null). +func (o *AdminUpdateIdentityBody) GetMetadataPublic() interface{} { + if o == nil { + var ret interface{} + return ret + } + return o.MetadataPublic +} + +// GetMetadataPublicOk returns a tuple with the MetadataPublic field value if set, nil otherwise +// and a boolean to check if the value has been set. +// NOTE: If the value is an explicit nil, `nil, true` will be returned +func (o *AdminUpdateIdentityBody) GetMetadataPublicOk() (*interface{}, bool) { + if o == nil || o.MetadataPublic == nil { + return nil, false + } + return &o.MetadataPublic, true +} + +// HasMetadataPublic returns a boolean if a field has been set. +func (o *AdminUpdateIdentityBody) HasMetadataPublic() bool { + if o != nil && o.MetadataPublic != nil { + return true + } + + return false +} + +// SetMetadataPublic gets a reference to the given interface{} and assigns it to the MetadataPublic field. +func (o *AdminUpdateIdentityBody) SetMetadataPublic(v interface{}) { + o.MetadataPublic = v +} + // GetSchemaId returns the SchemaId field value func (o *AdminUpdateIdentityBody) GetSchemaId() string { if o == nil { @@ -118,6 +188,12 @@ func (o *AdminUpdateIdentityBody) SetTraits(v map[string]interface{}) { func (o AdminUpdateIdentityBody) MarshalJSON() ([]byte, error) { toSerialize := map[string]interface{}{} + if o.MetadataAdmin != nil { + toSerialize["metadata_admin"] = o.MetadataAdmin + } + if o.MetadataPublic != nil { + toSerialize["metadata_public"] = o.MetadataPublic + } if true { toSerialize["schema_id"] = o.SchemaId } diff --git a/internal/httpclient/model_identity.go b/internal/httpclient/model_identity.go index 597d6338dd4d..d0ae329b604a 100644 --- a/internal/httpclient/model_identity.go +++ b/internal/httpclient/model_identity.go @@ -23,6 +23,10 @@ type Identity struct { // Credentials represents all credentials that can be used for authenticating this identity. Credentials *map[string]IdentityCredentials `json:"credentials,omitempty"` Id string `json:"id"` + // NullJSONRawMessage represents a json.RawMessage that works well with JSON, SQL, and Swagger and is NULLable- + MetadataAdmin interface{} `json:"metadata_admin,omitempty"` + // NullJSONRawMessage represents a json.RawMessage that works well with JSON, SQL, and Swagger and is NULLable- + MetadataPublic interface{} `json:"metadata_public,omitempty"` // RecoveryAddresses contains all the addresses that can be used to recover an identity. RecoveryAddresses []RecoveryAddress `json:"recovery_addresses,omitempty"` // SchemaID is the ID of the JSON Schema to be used for validating the identity's traits. @@ -148,6 +152,72 @@ func (o *Identity) SetId(v string) { o.Id = v } +// GetMetadataAdmin returns the MetadataAdmin field value if set, zero value otherwise (both if not set or set to explicit null). +func (o *Identity) GetMetadataAdmin() interface{} { + if o == nil { + var ret interface{} + return ret + } + return o.MetadataAdmin +} + +// GetMetadataAdminOk returns a tuple with the MetadataAdmin field value if set, nil otherwise +// and a boolean to check if the value has been set. +// NOTE: If the value is an explicit nil, `nil, true` will be returned +func (o *Identity) GetMetadataAdminOk() (*interface{}, bool) { + if o == nil || o.MetadataAdmin == nil { + return nil, false + } + return &o.MetadataAdmin, true +} + +// HasMetadataAdmin returns a boolean if a field has been set. +func (o *Identity) HasMetadataAdmin() bool { + if o != nil && o.MetadataAdmin != nil { + return true + } + + return false +} + +// SetMetadataAdmin gets a reference to the given interface{} and assigns it to the MetadataAdmin field. +func (o *Identity) SetMetadataAdmin(v interface{}) { + o.MetadataAdmin = v +} + +// GetMetadataPublic returns the MetadataPublic field value if set, zero value otherwise (both if not set or set to explicit null). +func (o *Identity) GetMetadataPublic() interface{} { + if o == nil { + var ret interface{} + return ret + } + return o.MetadataPublic +} + +// GetMetadataPublicOk returns a tuple with the MetadataPublic field value if set, nil otherwise +// and a boolean to check if the value has been set. +// NOTE: If the value is an explicit nil, `nil, true` will be returned +func (o *Identity) GetMetadataPublicOk() (*interface{}, bool) { + if o == nil || o.MetadataPublic == nil { + return nil, false + } + return &o.MetadataPublic, true +} + +// HasMetadataPublic returns a boolean if a field has been set. +func (o *Identity) HasMetadataPublic() bool { + if o != nil && o.MetadataPublic != nil { + return true + } + + return false +} + +// SetMetadataPublic gets a reference to the given interface{} and assigns it to the MetadataPublic field. +func (o *Identity) SetMetadataPublic(v interface{}) { + o.MetadataPublic = v +} + // GetRecoveryAddresses returns the RecoveryAddresses field value if set, zero value otherwise. func (o *Identity) GetRecoveryAddresses() []RecoveryAddress { if o == nil || o.RecoveryAddresses == nil { @@ -393,6 +463,12 @@ func (o Identity) MarshalJSON() ([]byte, error) { if true { toSerialize["id"] = o.Id } + if o.MetadataAdmin != nil { + toSerialize["metadata_admin"] = o.MetadataAdmin + } + if o.MetadataPublic != nil { + toSerialize["metadata_public"] = o.MetadataPublic + } if o.RecoveryAddresses != nil { toSerialize["recovery_addresses"] = o.RecoveryAddresses } diff --git a/persistence/sql/migratest/fixtures/identity/196d8c1e-4f04-40f0-94b3-5ec43996b28a.json b/persistence/sql/migratest/fixtures/identity/196d8c1e-4f04-40f0-94b3-5ec43996b28a.json index b7f4f31b6adf..86d19547ca63 100644 --- a/persistence/sql/migratest/fixtures/identity/196d8c1e-4f04-40f0-94b3-5ec43996b28a.json +++ b/persistence/sql/migratest/fixtures/identity/196d8c1e-4f04-40f0-94b3-5ec43996b28a.json @@ -6,6 +6,8 @@ "traits": { "email": "foobar@ory.sh" }, + "metadata_public": null, + "metadata_admin": null, "created_at": "2013-10-07T08:23:19Z", "updated_at": "2013-10-07T08:23:19Z" } diff --git a/persistence/sql/migratest/fixtures/identity/2ae6a5a7-2983-49e7-a4d8-7740b37c88cb.json b/persistence/sql/migratest/fixtures/identity/2ae6a5a7-2983-49e7-a4d8-7740b37c88cb.json index 106bc39c7859..c4e285232067 100644 --- a/persistence/sql/migratest/fixtures/identity/2ae6a5a7-2983-49e7-a4d8-7740b37c88cb.json +++ b/persistence/sql/migratest/fixtures/identity/2ae6a5a7-2983-49e7-a4d8-7740b37c88cb.json @@ -6,6 +6,8 @@ "traits": { "email": "d7b10@ory.sh" }, + "metadata_public": null, + "metadata_admin": null, "created_at": "2013-10-07T08:23:19Z", "updated_at": "2013-10-07T08:23:19Z" } diff --git a/persistence/sql/migratest/fixtures/identity/308929d3-41a2-43fe-a33c-75308539d841.json b/persistence/sql/migratest/fixtures/identity/308929d3-41a2-43fe-a33c-75308539d841.json new file mode 100644 index 000000000000..fe14d9ad2f99 --- /dev/null +++ b/persistence/sql/migratest/fixtures/identity/308929d3-41a2-43fe-a33c-75308539d841.json @@ -0,0 +1,17 @@ +{ + "id": "308929d3-41a2-43fe-a33c-75308539d841", + "schema_id": "default", + "schema_url": "https://www.ory.sh/schemas/ZGVmYXVsdA", + "state": "active", + "traits": { + "email": "bazbar@ory.sh" + }, + "metadata_public": { + "foo": "bar" + }, + "metadata_admin": { + "baz": "bar" + }, + "created_at": "2013-10-07T08:23:19Z", + "updated_at": "2013-10-07T08:23:19Z" +} diff --git a/persistence/sql/migratest/fixtures/identity/359963ec-b09b-4ea0-aece-fb4dd95f304a.json b/persistence/sql/migratest/fixtures/identity/359963ec-b09b-4ea0-aece-fb4dd95f304a.json index 120e8ea08afe..93d23ad3c0f8 100644 --- a/persistence/sql/migratest/fixtures/identity/359963ec-b09b-4ea0-aece-fb4dd95f304a.json +++ b/persistence/sql/migratest/fixtures/identity/359963ec-b09b-4ea0-aece-fb4dd95f304a.json @@ -6,6 +6,8 @@ "traits": { "email": "d7b11@ory.sh" }, + "metadata_public": null, + "metadata_admin": null, "created_at": "2013-10-07T08:23:19Z", "updated_at": "2013-10-07T08:23:19Z" } diff --git a/persistence/sql/migratest/fixtures/identity/5ff66179-c240-4703-b0d8-494592cefff5.json b/persistence/sql/migratest/fixtures/identity/5ff66179-c240-4703-b0d8-494592cefff5.json index d0df2ec4c9ff..f80eed09a37e 100644 --- a/persistence/sql/migratest/fixtures/identity/5ff66179-c240-4703-b0d8-494592cefff5.json +++ b/persistence/sql/migratest/fixtures/identity/5ff66179-c240-4703-b0d8-494592cefff5.json @@ -20,6 +20,8 @@ "traits": { "email": "bazbar@ory.sh" }, + "metadata_public": null, + "metadata_admin": null, "created_at": "2013-10-07T08:23:19Z", "updated_at": "2013-10-07T08:23:19Z" } diff --git a/persistence/sql/migratest/fixtures/identity/a251ebc2-880c-4f76-a8f3-38e6940eab0e.json b/persistence/sql/migratest/fixtures/identity/a251ebc2-880c-4f76-a8f3-38e6940eab0e.json index 0bfad18235e4..93d23658cb05 100644 --- a/persistence/sql/migratest/fixtures/identity/a251ebc2-880c-4f76-a8f3-38e6940eab0e.json +++ b/persistence/sql/migratest/fixtures/identity/a251ebc2-880c-4f76-a8f3-38e6940eab0e.json @@ -20,6 +20,8 @@ "traits": { "email": "foobar@ory.sh" }, + "metadata_public": null, + "metadata_admin": null, "created_at": "2013-10-07T08:23:19Z", "updated_at": "2013-10-07T08:23:19Z" } diff --git a/persistence/sql/migratest/fixtures/identity/d7b9addb-ac15-4bc2-9fa5-562e0bf48755.json b/persistence/sql/migratest/fixtures/identity/d7b9addb-ac15-4bc2-9fa5-562e0bf48755.json index bc860b29d0bc..71f79d95eb9a 100644 --- a/persistence/sql/migratest/fixtures/identity/d7b9addb-ac15-4bc2-9fa5-562e0bf48755.json +++ b/persistence/sql/migratest/fixtures/identity/d7b9addb-ac15-4bc2-9fa5-562e0bf48755.json @@ -6,6 +6,8 @@ "traits": { "email": "d7b9@ory.sh" }, + "metadata_public": null, + "metadata_admin": null, "created_at": "2013-10-07T08:23:19Z", "updated_at": "2013-10-07T08:23:19Z" } diff --git a/persistence/sql/migratest/fixtures/identity/ed253b2c-48ed-4c58-9b6f-1dc963c30a66.json b/persistence/sql/migratest/fixtures/identity/ed253b2c-48ed-4c58-9b6f-1dc963c30a66.json index 4ccac7db35f8..6f4d055e1c7a 100644 --- a/persistence/sql/migratest/fixtures/identity/ed253b2c-48ed-4c58-9b6f-1dc963c30a66.json +++ b/persistence/sql/migratest/fixtures/identity/ed253b2c-48ed-4c58-9b6f-1dc963c30a66.json @@ -6,6 +6,8 @@ "traits": { "email": "bazbar@ory.sh" }, + "metadata_public": null, + "metadata_admin": null, "created_at": "2013-10-07T08:23:19Z", "updated_at": "2013-10-07T08:23:19Z" } diff --git a/persistence/sql/migratest/fixtures/session/7458af86-c1d8-401c-978a-8da89133f78b.json b/persistence/sql/migratest/fixtures/session/7458af86-c1d8-401c-978a-8da89133f78b.json index ba9eb8685b8c..467fbad037aa 100644 --- a/persistence/sql/migratest/fixtures/session/7458af86-c1d8-401c-978a-8da89133f78b.json +++ b/persistence/sql/migratest/fixtures/session/7458af86-c1d8-401c-978a-8da89133f78b.json @@ -36,6 +36,7 @@ "updated_at": "2013-10-07T08:23:19Z" } ], + "metadata_public": null, "created_at": "2013-10-07T08:23:19Z", "updated_at": "2013-10-07T08:23:19Z" } diff --git a/persistence/sql/migratest/fixtures/session/8571e374-38f2-4f46-8ad3-b9d914e174d3.json b/persistence/sql/migratest/fixtures/session/8571e374-38f2-4f46-8ad3-b9d914e174d3.json index 781af442a4bb..d22479db856a 100644 --- a/persistence/sql/migratest/fixtures/session/8571e374-38f2-4f46-8ad3-b9d914e174d3.json +++ b/persistence/sql/migratest/fixtures/session/8571e374-38f2-4f46-8ad3-b9d914e174d3.json @@ -31,6 +31,7 @@ "updated_at": "2013-10-07T08:23:19Z" } ], + "metadata_public": null, "created_at": "2013-10-07T08:23:19Z", "updated_at": "2013-10-07T08:23:19Z" } diff --git a/persistence/sql/migratest/fixtures/session/dcde5aaa-f789-4d3d-ae1f-76da8d57e67c.json b/persistence/sql/migratest/fixtures/session/dcde5aaa-f789-4d3d-ae1f-76da8d57e67c.json index 9428633842dc..1d660b99d580 100644 --- a/persistence/sql/migratest/fixtures/session/dcde5aaa-f789-4d3d-ae1f-76da8d57e67c.json +++ b/persistence/sql/migratest/fixtures/session/dcde5aaa-f789-4d3d-ae1f-76da8d57e67c.json @@ -31,6 +31,7 @@ "updated_at": "2013-10-07T08:23:19Z" } ], + "metadata_public": null, "created_at": "2013-10-07T08:23:19Z", "updated_at": "2013-10-07T08:23:19Z" } diff --git a/persistence/sql/migratest/fixtures/session/f38cdebe-e567-42c9-a562-1bd4dee40998.json b/persistence/sql/migratest/fixtures/session/f38cdebe-e567-42c9-a562-1bd4dee40998.json index fce5377b160d..13f1c2a6fdac 100644 --- a/persistence/sql/migratest/fixtures/session/f38cdebe-e567-42c9-a562-1bd4dee40998.json +++ b/persistence/sql/migratest/fixtures/session/f38cdebe-e567-42c9-a562-1bd4dee40998.json @@ -31,6 +31,7 @@ "updated_at": "2013-10-07T08:23:19Z" } ], + "metadata_public": null, "created_at": "2013-10-07T08:23:19Z", "updated_at": "2013-10-07T08:23:19Z" } diff --git a/persistence/sql/migratest/fixtures/settings_flow/194c5b05-0487-4a11-bcbc-f301c9ff9678.json b/persistence/sql/migratest/fixtures/settings_flow/194c5b05-0487-4a11-bcbc-f301c9ff9678.json index 7f2f9f2f213b..7733d6357033 100644 --- a/persistence/sql/migratest/fixtures/settings_flow/194c5b05-0487-4a11-bcbc-f301c9ff9678.json +++ b/persistence/sql/migratest/fixtures/settings_flow/194c5b05-0487-4a11-bcbc-f301c9ff9678.json @@ -55,6 +55,7 @@ "updated_at": "2013-10-07T08:23:19Z" } ], + "metadata_public": null, "created_at": "2013-10-07T08:23:19Z", "updated_at": "2013-10-07T08:23:19Z" }, diff --git a/persistence/sql/migratest/fixtures/settings_flow/19ede218-928c-4e02-ab49-b76e12b34f31.json b/persistence/sql/migratest/fixtures/settings_flow/19ede218-928c-4e02-ab49-b76e12b34f31.json index 0e0f30c76887..3b7d3348a868 100644 --- a/persistence/sql/migratest/fixtures/settings_flow/19ede218-928c-4e02-ab49-b76e12b34f31.json +++ b/persistence/sql/migratest/fixtures/settings_flow/19ede218-928c-4e02-ab49-b76e12b34f31.json @@ -56,6 +56,7 @@ "updated_at": "2013-10-07T08:23:19Z" } ], + "metadata_public": null, "created_at": "2013-10-07T08:23:19Z", "updated_at": "2013-10-07T08:23:19Z" }, diff --git a/persistence/sql/migratest/fixtures/settings_flow/21c5f714-3089-49d2-b387-f244d4dd9e00.json b/persistence/sql/migratest/fixtures/settings_flow/21c5f714-3089-49d2-b387-f244d4dd9e00.json index 4a07c3a40eee..a66391f475fa 100644 --- a/persistence/sql/migratest/fixtures/settings_flow/21c5f714-3089-49d2-b387-f244d4dd9e00.json +++ b/persistence/sql/migratest/fixtures/settings_flow/21c5f714-3089-49d2-b387-f244d4dd9e00.json @@ -56,6 +56,7 @@ "updated_at": "2013-10-07T08:23:19Z" } ], + "metadata_public": null, "created_at": "2013-10-07T08:23:19Z", "updated_at": "2013-10-07T08:23:19Z" }, diff --git a/persistence/sql/migratest/fixtures/settings_flow/74fd6c53-7651-453e-90b8-2c5adbf911bb.json b/persistence/sql/migratest/fixtures/settings_flow/74fd6c53-7651-453e-90b8-2c5adbf911bb.json index 71c6c2d761ac..a1499fa10e1c 100644 --- a/persistence/sql/migratest/fixtures/settings_flow/74fd6c53-7651-453e-90b8-2c5adbf911bb.json +++ b/persistence/sql/migratest/fixtures/settings_flow/74fd6c53-7651-453e-90b8-2c5adbf911bb.json @@ -28,6 +28,7 @@ "updated_at": "2013-10-07T08:23:19Z" } ], + "metadata_public": null, "created_at": "2013-10-07T08:23:19Z", "updated_at": "2013-10-07T08:23:19Z" }, diff --git a/persistence/sql/migratest/fixtures/settings_flow/77fe4fb3-2d4e-4532-b568-c44b0aece0aa.json b/persistence/sql/migratest/fixtures/settings_flow/77fe4fb3-2d4e-4532-b568-c44b0aece0aa.json index ea1be0f89479..0d7893fdd23c 100644 --- a/persistence/sql/migratest/fixtures/settings_flow/77fe4fb3-2d4e-4532-b568-c44b0aece0aa.json +++ b/persistence/sql/migratest/fixtures/settings_flow/77fe4fb3-2d4e-4532-b568-c44b0aece0aa.json @@ -56,6 +56,7 @@ "updated_at": "2013-10-07T08:23:19Z" } ], + "metadata_public": null, "created_at": "2013-10-07T08:23:19Z", "updated_at": "2013-10-07T08:23:19Z" }, diff --git a/persistence/sql/migratest/fixtures/settings_flow/8248bb5d-8ef7-45e3-8e07-9e2003dd5352.json b/persistence/sql/migratest/fixtures/settings_flow/8248bb5d-8ef7-45e3-8e07-9e2003dd5352.json index 2e781c81dfb7..2f3a9a21496c 100644 --- a/persistence/sql/migratest/fixtures/settings_flow/8248bb5d-8ef7-45e3-8e07-9e2003dd5352.json +++ b/persistence/sql/migratest/fixtures/settings_flow/8248bb5d-8ef7-45e3-8e07-9e2003dd5352.json @@ -56,6 +56,7 @@ "updated_at": "2013-10-07T08:23:19Z" } ], + "metadata_public": null, "created_at": "2013-10-07T08:23:19Z", "updated_at": "2013-10-07T08:23:19Z" }, diff --git a/persistence/sql/migratest/fixtures/settings_flow/90b4f970-b9ae-42bc-a0a7-73ec750e0aa1.json b/persistence/sql/migratest/fixtures/settings_flow/90b4f970-b9ae-42bc-a0a7-73ec750e0aa1.json index 3d6d58ba6cc7..b13dadb6aba2 100644 --- a/persistence/sql/migratest/fixtures/settings_flow/90b4f970-b9ae-42bc-a0a7-73ec750e0aa1.json +++ b/persistence/sql/migratest/fixtures/settings_flow/90b4f970-b9ae-42bc-a0a7-73ec750e0aa1.json @@ -56,6 +56,7 @@ "updated_at": "2013-10-07T08:23:19Z" } ], + "metadata_public": null, "created_at": "2013-10-07T08:23:19Z", "updated_at": "2013-10-07T08:23:19Z" }, diff --git a/persistence/sql/migratest/fixtures/settings_flow/a79bfcf1-68ae-49de-8b23-4f96921b8341.json b/persistence/sql/migratest/fixtures/settings_flow/a79bfcf1-68ae-49de-8b23-4f96921b8341.json index 02c81d878a85..cc80b32fb4ae 100644 --- a/persistence/sql/migratest/fixtures/settings_flow/a79bfcf1-68ae-49de-8b23-4f96921b8341.json +++ b/persistence/sql/migratest/fixtures/settings_flow/a79bfcf1-68ae-49de-8b23-4f96921b8341.json @@ -56,6 +56,7 @@ "updated_at": "2013-10-07T08:23:19Z" } ], + "metadata_public": null, "created_at": "2013-10-07T08:23:19Z", "updated_at": "2013-10-07T08:23:19Z" }, diff --git a/persistence/sql/migratest/fixtures/settings_flow/aeba85bd-1a8c-44bf-8fc3-3be83c01a3dc.json b/persistence/sql/migratest/fixtures/settings_flow/aeba85bd-1a8c-44bf-8fc3-3be83c01a3dc.json index bd847b0de810..d2409100456c 100644 --- a/persistence/sql/migratest/fixtures/settings_flow/aeba85bd-1a8c-44bf-8fc3-3be83c01a3dc.json +++ b/persistence/sql/migratest/fixtures/settings_flow/aeba85bd-1a8c-44bf-8fc3-3be83c01a3dc.json @@ -56,6 +56,7 @@ "updated_at": "2013-10-07T08:23:19Z" } ], + "metadata_public": null, "created_at": "2013-10-07T08:23:19Z", "updated_at": "2013-10-07T08:23:19Z" }, diff --git a/persistence/sql/migratest/fixtures/settings_flow/cdfd1eed-34a4-491d-ad0a-7579d3a0a7ba.json b/persistence/sql/migratest/fixtures/settings_flow/cdfd1eed-34a4-491d-ad0a-7579d3a0a7ba.json index 9273d7707333..4fdbab4b561e 100644 --- a/persistence/sql/migratest/fixtures/settings_flow/cdfd1eed-34a4-491d-ad0a-7579d3a0a7ba.json +++ b/persistence/sql/migratest/fixtures/settings_flow/cdfd1eed-34a4-491d-ad0a-7579d3a0a7ba.json @@ -56,6 +56,7 @@ "updated_at": "2013-10-07T08:23:19Z" } ], + "metadata_public": null, "created_at": "2013-10-07T08:23:19Z", "updated_at": "2013-10-07T08:23:19Z" }, diff --git a/persistence/sql/migratest/migration_test.go b/persistence/sql/migratest/migration_test.go index 97d8cb33c069..83d593a8a263 100644 --- a/persistence/sql/migratest/migration_test.go +++ b/persistence/sql/migratest/migration_test.go @@ -151,7 +151,7 @@ func TestMigrations(t *testing.T) { // Prevents ordering to get in the way. actual.VerifiableAddresses = nil actual.RecoveryAddresses = nil - CompareWithFixture(t, identity.WithCredentialsInJSON(*actual), "identity", id.ID.String()) + CompareWithFixture(t, identity.WithCredentialsAndAdminMetadataInJSON(*actual), "identity", id.ID.String()) } migratest.ContainsExpectedIds(t, filepath.Join("fixtures", "identity"), found) diff --git a/persistence/sql/migratest/testdata/20220420102701_testdata.sql b/persistence/sql/migratest/testdata/20220420102701_testdata.sql new file mode 100644 index 000000000000..90faae42ed69 --- /dev/null +++ b/persistence/sql/migratest/testdata/20220420102701_testdata.sql @@ -0,0 +1 @@ +INSERT INTO identities (id, nid, schema_id, traits, created_at, updated_at, metadata_public, metadata_admin) VALUES ('308929d3-41a2-43fe-a33c-75308539d841', '884f556e-eb3a-4b9f-bee3-11345642c6c0', 'default', '{"email":"bazbar@ory.sh"}', '2013-10-07 08:23:19', '2013-10-07 08:23:19', '{"foo":"bar"}', '{"baz":"bar"}'); diff --git a/persistence/sql/migrations/sql/20220420102701000000_identity_metadata.down.sql b/persistence/sql/migrations/sql/20220420102701000000_identity_metadata.down.sql new file mode 100644 index 000000000000..19c17d6e5ede --- /dev/null +++ b/persistence/sql/migrations/sql/20220420102701000000_identity_metadata.down.sql @@ -0,0 +1,2 @@ +ALTER TABLE identities DROP COLUMN metadata_public; +ALTER TABLE identities DROP COLUMN metadata_admin; diff --git a/persistence/sql/migrations/sql/20220420102701000000_identity_metadata.mysql.up.sql b/persistence/sql/migrations/sql/20220420102701000000_identity_metadata.mysql.up.sql new file mode 100644 index 000000000000..e50ac1b1c87f --- /dev/null +++ b/persistence/sql/migrations/sql/20220420102701000000_identity_metadata.mysql.up.sql @@ -0,0 +1,2 @@ +ALTER TABLE identities ADD metadata_public JSON NULL; +ALTER TABLE identities ADD metadata_admin JSON NULL; diff --git a/persistence/sql/migrations/sql/20220420102701000000_identity_metadata.up.sql b/persistence/sql/migrations/sql/20220420102701000000_identity_metadata.up.sql new file mode 100644 index 000000000000..880a363cb72f --- /dev/null +++ b/persistence/sql/migrations/sql/20220420102701000000_identity_metadata.up.sql @@ -0,0 +1,2 @@ +ALTER TABLE identities ADD metadata_public jsonb NULL; +ALTER TABLE identities ADD metadata_admin jsonb NULL; diff --git a/session/handler_test.go b/session/handler_test.go index 40245dae7033..8ad1b82c2b64 100644 --- a/session/handler_test.go +++ b/session/handler_test.go @@ -74,7 +74,21 @@ func TestSessionWhoAmI(t *testing.T) { // set this intermediate because kratos needs some valid url for CRUDE operations conf.MustSet(config.ViperKeyPublicBaseURL, "http://example.com") - h, _ := testhelpers.MockSessionCreateHandler(t, reg) + i := &identity.Identity{ + ID: x.NewUUID(), + State: identity.StateActive, + Credentials: map[identity.CredentialsType]identity.Credentials{ + identity.CredentialsTypePassword: {Type: identity.CredentialsTypePassword, + Identifiers: []string{x.NewUUID().String()}, + Config: []byte(`{"hashed_password":"$argon2id$v=19$m=32,t=2,p=4$cm94YnRVOW5jZzFzcVE4bQ$MNzk5BtR2vUhrp6qQEjRNw"}`), + }, + }, + Traits: identity.Traits(`{"baz":"bar","foo":true,"bar":2.5}`), + MetadataAdmin: []byte(`{"admin":"ma"}`), + MetadataPublic: []byte(`{"public":"mp"}`), + } + h, _ := testhelpers.MockSessionCreateHandlerWithIdentity(t, reg, i) + r.GET("/set", h) conf.MustSet(config.ViperKeyPublicBaseURL, ts.URL) @@ -151,10 +165,16 @@ func TestSessionWhoAmI(t *testing.T) { res, err = client.Do(req) require.NoError(t, err) + body, err := ioutil.ReadAll(res.Body) + require.NoError(t, err) assertNoCSRFCookieInResponse(t, ts, client, res) // Test that no CSRF cookie is ever set here. assert.EqualValues(t, http.StatusOK, res.StatusCode) assert.NotEmpty(t, res.Header.Get("X-Kratos-Authenticated-Identity-Id")) + + assert.Empty(t, gjson.GetBytes(body, "identity.credentials")) + assert.Equal(t, "mp", gjson.GetBytes(body, "identity.metadata_public.public").String(), "%s", body) + assert.False(t, gjson.GetBytes(body, "identity.metadata_admin").Exists()) }) } }) diff --git a/spec/api.json b/spec/api.json index 37e5a6e2c415..35f88af7a9d4 100755 --- a/spec/api.json +++ b/spec/api.json @@ -8,6 +8,12 @@ "schemas": { "AdminUpdateIdentityBody": { "properties": { + "metadata_admin": { + "description": "Store metadata about the user which is only accessible through admin APIs such as `GET /admin/identities/\u003cid\u003e`." + }, + "metadata_public": { + "description": "Store metadata about the identity which the identity itself can see when calling for example the\nsession endpoint. Do not store sensitive information (e.g. credit score) about the identity in this field." + }, "schema_id": { "description": "SchemaID is the ID of the JSON Schema to be used for validating the identity's traits. If set\nwill update the Identity's SchemaID.", "type": "string" @@ -81,6 +87,12 @@ "credentials": { "$ref": "#/components/schemas/adminIdentityImportCredentials" }, + "metadata_admin": { + "description": "Store metadata about the user which is only accessible through admin APIs such as `GET /admin/identities/\u003cid\u003e`." + }, + "metadata_public": { + "description": "Store metadata about the identity which the identity itself can see when calling for example the\nsession endpoint. Do not store sensitive information (e.g. credit score) about the identity in this field." + }, "recovery_addresses": { "description": "RecoveryAddresses contains all the addresses that can be used to recover an identity.\n\nUse this structure to import recovery addresses for an identity. Please keep in mind\nthat the address needs to be represented in the Identity Schema or this field will be overwritten\non the next identity update.", "items": { @@ -351,6 +363,12 @@ "id": { "$ref": "#/components/schemas/UUID" }, + "metadata_admin": { + "$ref": "#/components/schemas/nullJsonRawMessage" + }, + "metadata_public": { + "$ref": "#/components/schemas/nullJsonRawMessage" + }, "recovery_addresses": { "description": "RecoveryAddresses contains all the addresses that can be used to recover an identity.", "items": { @@ -606,6 +624,9 @@ "title": "Is sent when a privileged session is required to perform the settings update.", "type": "object" }, + "nullJsonRawMessage": { + "description": "NullJSONRawMessage represents a json.RawMessage that works well with JSON, SQL, and Swagger and is NULLable-" + }, "nullTime": { "format": "date-time", "title": "NullTime implements sql.NullTime functionality.", diff --git a/spec/swagger.json b/spec/swagger.json index f4fc78a0e191..8a5aae5c4c22 100755 --- a/spec/swagger.json +++ b/spec/swagger.json @@ -2352,6 +2352,14 @@ "state" ], "properties": { + "metadata_admin": { + "description": "Store metadata about the user which is only accessible through admin APIs such as `GET /admin/identities/\u003cid\u003e`.", + "type": "object" + }, + "metadata_public": { + "description": "Store metadata about the identity which the identity itself can see when calling for example the\nsession endpoint. Do not store sensitive information (e.g. credit score) about the identity in this field.", + "type": "object" + }, "schema_id": { "description": "SchemaID is the ID of the JSON Schema to be used for validating the identity's traits. If set\nwill update the Identity's SchemaID.", "type": "string" @@ -2421,6 +2429,14 @@ "credentials": { "$ref": "#/definitions/adminIdentityImportCredentials" }, + "metadata_admin": { + "description": "Store metadata about the user which is only accessible through admin APIs such as `GET /admin/identities/\u003cid\u003e`.", + "type": "object" + }, + "metadata_public": { + "description": "Store metadata about the identity which the identity itself can see when calling for example the\nsession endpoint. Do not store sensitive information (e.g. credit score) about the identity in this field.", + "type": "object" + }, "recovery_addresses": { "description": "RecoveryAddresses contains all the addresses that can be used to recover an identity.\n\nUse this structure to import recovery addresses for an identity. Please keep in mind\nthat the address needs to be represented in the Identity Schema or this field will be overwritten\non the next identity update.", "type": "array", @@ -2688,6 +2704,12 @@ "id": { "$ref": "#/definitions/UUID" }, + "metadata_admin": { + "$ref": "#/definitions/nullJsonRawMessage" + }, + "metadata_public": { + "$ref": "#/definitions/nullJsonRawMessage" + }, "recovery_addresses": { "description": "RecoveryAddresses contains all the addresses that can be used to recover an identity.", "type": "array", @@ -2925,6 +2947,10 @@ } } }, + "nullJsonRawMessage": { + "description": "NullJSONRawMessage represents a json.RawMessage that works well with JSON, SQL, and Swagger and is NULLable-", + "type": "object" + }, "nullTime": { "type": "string", "format": "date-time", From b80ed6955518003ae6b7f647dffd2d49cc999fbc Mon Sep 17 00:00:00 2001 From: Vincent Date: Fri, 22 Apr 2022 16:36:43 +0200 Subject: [PATCH 010/411] docs: remove notice importing credentials not possible (#2418) --- identity/handler.go | 10 ++-------- 1 file changed, 2 insertions(+), 8 deletions(-) diff --git a/identity/handler.go b/identity/handler.go index 53100a429ca7..7769dbc2335a 100644 --- a/identity/handler.go +++ b/identity/handler.go @@ -302,10 +302,7 @@ type AdminCreateIdentityImportCredentialsOidcProvider struct { // // Create an Identity // -// This endpoint creates an identity. It is NOT possible to set an identity's credentials (password, ...) -// using this method! A way to achieve that will be introduced in the future. -// -// Learn how identities work in [Ory Kratos' User And Identity Model Documentation](https://www.ory.sh/docs/next/kratos/concepts/identity-user-model). +// This endpoint creates an identity. Learn how identities work in [Ory Kratos' User And Identity Model Documentation](https://www.ory.sh/docs/next/kratos/concepts/identity-user-model). // // Consumes: // - application/json @@ -415,10 +412,7 @@ type AdminUpdateIdentityBody struct { // // Update an Identity // -// This endpoint updates an identity. It is NOT possible to set an identity's credentials (password, ...) -// using this method! A way to achieve that will be introduced in the future. -// -// The full identity payload (except credentials) is expected. This endpoint does not support patching. +// This endpoint updates an identity. The full identity payload (except credentials) is expected. This endpoint does not support patching. // // Learn how identities work in [Ory Kratos' User And Identity Model Documentation](https://www.ory.sh/docs/next/kratos/concepts/identity-user-model). // From d3df7196f47b8e610b7e9e0c6d1d10e5fe0a9573 Mon Sep 17 00:00:00 2001 From: ory-bot <60093411+ory-bot@users.noreply.github.com> Date: Fri, 22 Apr 2022 14:39:01 +0000 Subject: [PATCH 011/411] autogen(openapi): regenerate swagger spec and internal client [skip ci] --- internal/httpclient/api/openapi.yaml | 12 +++-------- internal/httpclient/api_v0alpha2.go | 30 +++++++++------------------- spec/api.json | 4 ++-- spec/swagger.json | 4 ++-- 4 files changed, 16 insertions(+), 34 deletions(-) diff --git a/internal/httpclient/api/openapi.yaml b/internal/httpclient/api/openapi.yaml index a056db676e08..68ae6e705d7b 100644 --- a/internal/httpclient/api/openapi.yaml +++ b/internal/httpclient/api/openapi.yaml @@ -90,11 +90,8 @@ paths: tags: - v0alpha2 post: - description: |- - This endpoint creates an identity. It is NOT possible to set an identity's credentials (password, ...) - using this method! A way to achieve that will be introduced in the future. - - Learn how identities work in [Ory Kratos' User And Identity Model Documentation](https://www.ory.sh/docs/next/kratos/concepts/identity-user-model). + description: This endpoint creates an identity. Learn how identities work in + [Ory Kratos' User And Identity Model Documentation](https://www.ory.sh/docs/next/kratos/concepts/identity-user-model). operationId: adminCreateIdentity requestBody: content: @@ -224,10 +221,7 @@ paths: - v0alpha2 put: description: |- - This endpoint updates an identity. It is NOT possible to set an identity's credentials (password, ...) - using this method! A way to achieve that will be introduced in the future. - - The full identity payload (except credentials) is expected. This endpoint does not support patching. + This endpoint updates an identity. The full identity payload (except credentials) is expected. This endpoint does not support patching. Learn how identities work in [Ory Kratos' User And Identity Model Documentation](https://www.ory.sh/docs/next/kratos/concepts/identity-user-model). operationId: adminUpdateIdentity diff --git a/internal/httpclient/api_v0alpha2.go b/internal/httpclient/api_v0alpha2.go index 75ef8bfe5f1e..6bdfd8d7b685 100644 --- a/internal/httpclient/api_v0alpha2.go +++ b/internal/httpclient/api_v0alpha2.go @@ -29,14 +29,11 @@ var ( type V0alpha2Api interface { /* - * AdminCreateIdentity Create an Identity - * This endpoint creates an identity. It is NOT possible to set an identity's credentials (password, ...) - using this method! A way to achieve that will be introduced in the future. - - Learn how identities work in [Ory Kratos' User And Identity Model Documentation](https://www.ory.sh/docs/next/kratos/concepts/identity-user-model). - * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - * @return V0alpha2ApiApiAdminCreateIdentityRequest - */ + * AdminCreateIdentity Create an Identity + * This endpoint creates an identity. Learn how identities work in [Ory Kratos' User And Identity Model Documentation](https://www.ory.sh/docs/next/kratos/concepts/identity-user-model). + * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + * @return V0alpha2ApiApiAdminCreateIdentityRequest + */ AdminCreateIdentity(ctx context.Context) V0alpha2ApiApiAdminCreateIdentityRequest /* @@ -159,10 +156,7 @@ type V0alpha2Api interface { /* * AdminUpdateIdentity Update an Identity - * This endpoint updates an identity. It is NOT possible to set an identity's credentials (password, ...) - using this method! A way to achieve that will be introduced in the future. - - The full identity payload (except credentials) is expected. This endpoint does not support patching. + * This endpoint updates an identity. The full identity payload (except credentials) is expected. This endpoint does not support patching. Learn how identities work in [Ory Kratos' User And Identity Model Documentation](https://www.ory.sh/docs/next/kratos/concepts/identity-user-model). * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). @@ -1117,13 +1111,10 @@ func (r V0alpha2ApiApiAdminCreateIdentityRequest) Execute() (*Identity, *http.Re /* * AdminCreateIdentity Create an Identity - * This endpoint creates an identity. It is NOT possible to set an identity's credentials (password, ...) -using this method! A way to achieve that will be introduced in the future. - -Learn how identities work in [Ory Kratos' User And Identity Model Documentation](https://www.ory.sh/docs/next/kratos/concepts/identity-user-model). + * This endpoint creates an identity. Learn how identities work in [Ory Kratos' User And Identity Model Documentation](https://www.ory.sh/docs/next/kratos/concepts/identity-user-model). * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). * @return V0alpha2ApiApiAdminCreateIdentityRequest -*/ + */ func (a *V0alpha2ApiService) AdminCreateIdentity(ctx context.Context) V0alpha2ApiApiAdminCreateIdentityRequest { return V0alpha2ApiApiAdminCreateIdentityRequest{ ApiService: a, @@ -2323,10 +2314,7 @@ func (r V0alpha2ApiApiAdminUpdateIdentityRequest) Execute() (*Identity, *http.Re /* * AdminUpdateIdentity Update an Identity - * This endpoint updates an identity. It is NOT possible to set an identity's credentials (password, ...) -using this method! A way to achieve that will be introduced in the future. - -The full identity payload (except credentials) is expected. This endpoint does not support patching. + * This endpoint updates an identity. The full identity payload (except credentials) is expected. This endpoint does not support patching. Learn how identities work in [Ory Kratos' User And Identity Model Documentation](https://www.ory.sh/docs/next/kratos/concepts/identity-user-model). * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). diff --git a/spec/api.json b/spec/api.json index 35f88af7a9d4..3bb775b9de8c 100755 --- a/spec/api.json +++ b/spec/api.json @@ -2351,7 +2351,7 @@ ] }, "post": { - "description": "This endpoint creates an identity. It is NOT possible to set an identity's credentials (password, ...)\nusing this method! A way to achieve that will be introduced in the future.\n\nLearn how identities work in [Ory Kratos' User And Identity Model Documentation](https://www.ory.sh/docs/next/kratos/concepts/identity-user-model).", + "description": "This endpoint creates an identity. Learn how identities work in [Ory Kratos' User And Identity Model Documentation](https://www.ory.sh/docs/next/kratos/concepts/identity-user-model).", "operationId": "adminCreateIdentity", "requestBody": { "content": { @@ -2534,7 +2534,7 @@ ] }, "put": { - "description": "This endpoint updates an identity. It is NOT possible to set an identity's credentials (password, ...)\nusing this method! A way to achieve that will be introduced in the future.\n\nThe full identity payload (except credentials) is expected. This endpoint does not support patching.\n\nLearn how identities work in [Ory Kratos' User And Identity Model Documentation](https://www.ory.sh/docs/next/kratos/concepts/identity-user-model).", + "description": "This endpoint updates an identity. The full identity payload (except credentials) is expected. This endpoint does not support patching.\n\nLearn how identities work in [Ory Kratos' User And Identity Model Documentation](https://www.ory.sh/docs/next/kratos/concepts/identity-user-model).", "operationId": "adminUpdateIdentity", "parameters": [ { diff --git a/spec/swagger.json b/spec/swagger.json index 8a5aae5c4c22..0b07a3bf30d3 100755 --- a/spec/swagger.json +++ b/spec/swagger.json @@ -105,7 +105,7 @@ "oryAccessToken": [] } ], - "description": "This endpoint creates an identity. It is NOT possible to set an identity's credentials (password, ...)\nusing this method! A way to achieve that will be introduced in the future.\n\nLearn how identities work in [Ory Kratos' User And Identity Model Documentation](https://www.ory.sh/docs/next/kratos/concepts/identity-user-model).", + "description": "This endpoint creates an identity. Learn how identities work in [Ory Kratos' User And Identity Model Documentation](https://www.ory.sh/docs/next/kratos/concepts/identity-user-model).", "consumes": [ "application/json" ], @@ -226,7 +226,7 @@ "oryAccessToken": [] } ], - "description": "This endpoint updates an identity. It is NOT possible to set an identity's credentials (password, ...)\nusing this method! A way to achieve that will be introduced in the future.\n\nThe full identity payload (except credentials) is expected. This endpoint does not support patching.\n\nLearn how identities work in [Ory Kratos' User And Identity Model Documentation](https://www.ory.sh/docs/next/kratos/concepts/identity-user-model).", + "description": "This endpoint updates an identity. The full identity payload (except credentials) is expected. This endpoint does not support patching.\n\nLearn how identities work in [Ory Kratos' User And Identity Model Documentation](https://www.ory.sh/docs/next/kratos/concepts/identity-user-model).", "consumes": [ "application/json" ], From 85a90c892d785b834cbdf8d029315550210444e2 Mon Sep 17 00:00:00 2001 From: hackerman <3372410+aeneasr@users.noreply.github.com> Date: Fri, 22 Apr 2022 13:14:59 -0500 Subject: [PATCH 012/411] fix: compile issues from merge conflict (#2419) --- selfservice/strategy/oidc/provider_netid.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/selfservice/strategy/oidc/provider_netid.go b/selfservice/strategy/oidc/provider_netid.go index 3587ef158243..501252dbc406 100644 --- a/selfservice/strategy/oidc/provider_netid.go +++ b/selfservice/strategy/oidc/provider_netid.go @@ -59,7 +59,7 @@ func (n *ProviderNetID) oAuth2(ctx context.Context) (*oauth2.Config, error) { } -func (n *ProviderNetID) Claims(ctx context.Context, exchange *oauth2.Token) (*Claims, error) { +func (n *ProviderNetID) Claims(ctx context.Context, exchange *oauth2.Token, _ url.Values) (*Claims, error) { o, err := n.OAuth2(ctx) if err != nil { return nil, errors.WithStack(herodot.ErrInternalServerError.WithReasonf("%s", err)) From 61f12e7579c7c337d0f415ac2b4029790c659c3d Mon Sep 17 00:00:00 2001 From: Mitsuo Heijo <25817501+johejo@users.noreply.github.com> Date: Mon, 25 Apr 2022 05:21:44 +0900 Subject: [PATCH 013/411] fix: use pointer of string for PasswordIdentifier in example code (#2421) --- examples/go/selfservice/login/main.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/examples/go/selfservice/login/main.go b/examples/go/selfservice/login/main.go index a104cae26232..56ef6b3d7bef 100644 --- a/examples/go/selfservice/login/main.go +++ b/examples/go/selfservice/login/main.go @@ -33,7 +33,7 @@ func performLogin() *ory.SuccessfulSelfServiceLoginWithoutBrowser { ory.SubmitSelfServiceLoginFlowWithPasswordMethodBodyAsSubmitSelfServiceLoginFlowBody(&ory.SubmitSelfServiceLoginFlowWithPasswordMethodBody{ Method: "password", Password: password, - PasswordIdentifier: email, + PasswordIdentifier: &email, }), ).Execute() pkg.SDKExitOnError(err, res) From ca1dab8906daf4e1622343af47014eb838c7cee1 Mon Sep 17 00:00:00 2001 From: ory-bot <60093411+ory-bot@users.noreply.github.com> Date: Sun, 24 Apr 2022 21:04:40 +0000 Subject: [PATCH 014/411] autogen(docs): regenerate and update changelog [skip ci] --- CHANGELOG.md | 74 ++++++++++++++++++++++++++++++---------------------- 1 file changed, 43 insertions(+), 31 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 152e09f39e94..8e9dde13bc69 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,17 +4,18 @@ **Table of Contents** -- [ (2022-04-20)](#2022-04-20) +- [ (2022-04-24)](#2022-04-24) - [Breaking Changes](#breaking-changes) - [Bug Fixes](#bug-fixes) - [Code Refactoring](#code-refactoring) + - [Documentation](#documentation) - [Features](#features) - [Tests](#tests) - [0.9.0-alpha.3 (2022-03-25)](#090-alpha3-2022-03-25) - [Breaking Changes](#breaking-changes-1) - [Bug Fixes](#bug-fixes-1) - [Code Generation](#code-generation) - - [Documentation](#documentation) + - [Documentation](#documentation-1) - [0.9.0-alpha.2 (2022-03-22)](#090-alpha2-2022-03-22) - [Bug Fixes](#bug-fixes-2) - [Code Generation](#code-generation-1) @@ -23,19 +24,19 @@ - [Bug Fixes](#bug-fixes-3) - [Code Generation](#code-generation-2) - [Code Refactoring](#code-refactoring-1) - - [Documentation](#documentation-1) + - [Documentation](#documentation-2) - [Features](#features-1) - [Tests](#tests-1) - [Unclassified](#unclassified) - [0.8.2-alpha.1 (2021-12-17)](#082-alpha1-2021-12-17) - [Bug Fixes](#bug-fixes-4) - [Code Generation](#code-generation-3) - - [Documentation](#documentation-2) + - [Documentation](#documentation-3) - [0.8.1-alpha.1 (2021-12-13)](#081-alpha1-2021-12-13) - [Breaking Changes](#breaking-changes-3) - [Bug Fixes](#bug-fixes-5) - [Code Generation](#code-generation-4) - - [Documentation](#documentation-3) + - [Documentation](#documentation-4) - [Features](#features-2) - [Tests](#tests-2) - [0.8.0-alpha.3 (2021-10-28)](#080-alpha3-2021-10-28) @@ -48,7 +49,7 @@ - [Bug Fixes](#bug-fixes-7) - [Code Generation](#code-generation-7) - [Code Refactoring](#code-refactoring-2) - - [Documentation](#documentation-4) + - [Documentation](#documentation-5) - [Features](#features-3) - [Reverts](#reverts) - [Tests](#tests-3) @@ -60,25 +61,25 @@ - [0.7.4-alpha.1 (2021-09-09)](#074-alpha1-2021-09-09) - [Bug Fixes](#bug-fixes-8) - [Code Generation](#code-generation-10) - - [Documentation](#documentation-5) + - [Documentation](#documentation-6) - [Features](#features-4) - [Tests](#tests-4) - [0.7.3-alpha.1 (2021-08-28)](#073-alpha1-2021-08-28) - [Bug Fixes](#bug-fixes-9) - [Code Generation](#code-generation-11) - - [Documentation](#documentation-6) + - [Documentation](#documentation-7) - [Features](#features-5) - [0.7.1-alpha.1 (2021-07-22)](#071-alpha1-2021-07-22) - [Bug Fixes](#bug-fixes-10) - [Code Generation](#code-generation-12) - - [Documentation](#documentation-7) + - [Documentation](#documentation-8) - [Tests](#tests-5) - [0.7.0-alpha.1 (2021-07-13)](#070-alpha1-2021-07-13) - [Breaking Changes](#breaking-changes-5) - [Bug Fixes](#bug-fixes-11) - [Code Generation](#code-generation-13) - [Code Refactoring](#code-refactoring-3) - - [Documentation](#documentation-8) + - [Documentation](#documentation-9) - [Features](#features-6) - [Tests](#tests-6) - [Unclassified](#unclassified-2) @@ -89,7 +90,7 @@ - [Code Refactoring](#code-refactoring-4) - [0.6.2-alpha.1 (2021-05-14)](#062-alpha1-2021-05-14) - [Code Generation](#code-generation-15) - - [Documentation](#documentation-9) + - [Documentation](#documentation-10) - [0.6.1-alpha.1 (2021-05-11)](#061-alpha1-2021-05-11) - [Code Generation](#code-generation-16) - [Features](#features-7) @@ -102,14 +103,14 @@ - [Bug Fixes](#bug-fixes-14) - [Code Generation](#code-generation-18) - [Code Refactoring](#code-refactoring-5) - - [Documentation](#documentation-10) + - [Documentation](#documentation-11) - [Features](#features-9) - [Tests](#tests-7) - [Unclassified](#unclassified-3) - [0.5.5-alpha.1 (2020-12-09)](#055-alpha1-2020-12-09) - [Bug Fixes](#bug-fixes-15) - [Code Generation](#code-generation-19) - - [Documentation](#documentation-11) + - [Documentation](#documentation-12) - [Features](#features-10) - [Tests](#tests-8) - [Unclassified](#unclassified-4) @@ -117,23 +118,23 @@ - [Bug Fixes](#bug-fixes-16) - [Code Generation](#code-generation-20) - [Code Refactoring](#code-refactoring-6) - - [Documentation](#documentation-12) + - [Documentation](#documentation-13) - [Features](#features-11) - [0.5.3-alpha.1 (2020-10-27)](#053-alpha1-2020-10-27) - [Bug Fixes](#bug-fixes-17) - [Code Generation](#code-generation-21) - - [Documentation](#documentation-13) + - [Documentation](#documentation-14) - [Features](#features-12) - [Tests](#tests-9) - [0.5.2-alpha.1 (2020-10-22)](#052-alpha1-2020-10-22) - [Bug Fixes](#bug-fixes-18) - [Code Generation](#code-generation-22) - - [Documentation](#documentation-14) + - [Documentation](#documentation-15) - [Tests](#tests-10) - [0.5.1-alpha.1 (2020-10-20)](#051-alpha1-2020-10-20) - [Bug Fixes](#bug-fixes-19) - [Code Generation](#code-generation-23) - - [Documentation](#documentation-15) + - [Documentation](#documentation-16) - [Features](#features-13) - [Tests](#tests-11) - [Unclassified](#unclassified-5) @@ -142,7 +143,7 @@ - [Bug Fixes](#bug-fixes-20) - [Code Generation](#code-generation-24) - [Code Refactoring](#code-refactoring-7) - - [Documentation](#documentation-16) + - [Documentation](#documentation-17) - [Features](#features-14) - [Tests](#tests-12) - [Unclassified](#unclassified-6) @@ -155,7 +156,7 @@ - [0.4.4-alpha.1 (2020-07-10)](#044-alpha1-2020-07-10) - [Bug Fixes](#bug-fixes-23) - [Code Generation](#code-generation-27) - - [Documentation](#documentation-17) + - [Documentation](#documentation-18) - [0.4.3-alpha.1 (2020-07-08)](#043-alpha1-2020-07-08) - [Bug Fixes](#bug-fixes-24) - [Code Generation](#code-generation-28) @@ -167,7 +168,7 @@ - [Bug Fixes](#bug-fixes-26) - [Code Generation](#code-generation-30) - [Code Refactoring](#code-refactoring-8) - - [Documentation](#documentation-18) + - [Documentation](#documentation-19) - [Features](#features-15) - [Unclassified](#unclassified-7) - [0.3.0-alpha.1 (2020-05-15)](#030-alpha1-2020-05-15) @@ -175,44 +176,44 @@ - [Bug Fixes](#bug-fixes-27) - [Chores](#chores) - [Code Refactoring](#code-refactoring-9) - - [Documentation](#documentation-19) + - [Documentation](#documentation-20) - [Features](#features-16) - [Unclassified](#unclassified-8) - [0.2.1-alpha.1 (2020-05-05)](#021-alpha1-2020-05-05) - [Chores](#chores-1) - - [Documentation](#documentation-20) + - [Documentation](#documentation-21) - [0.2.0-alpha.2 (2020-05-04)](#020-alpha2-2020-05-04) - [Breaking Changes](#breaking-changes-11) - [Bug Fixes](#bug-fixes-28) - [Chores](#chores-2) - [Code Refactoring](#code-refactoring-10) - - [Documentation](#documentation-21) + - [Documentation](#documentation-22) - [Features](#features-17) - [Unclassified](#unclassified-9) - [0.1.1-alpha.1 (2020-02-18)](#011-alpha1-2020-02-18) - [Bug Fixes](#bug-fixes-29) - [Code Refactoring](#code-refactoring-11) - - [Documentation](#documentation-22) + - [Documentation](#documentation-23) - [0.1.0-alpha.6 (2020-02-16)](#010-alpha6-2020-02-16) - [Bug Fixes](#bug-fixes-30) - [Code Refactoring](#code-refactoring-12) - - [Documentation](#documentation-23) + - [Documentation](#documentation-24) - [Features](#features-18) - [0.1.0-alpha.5 (2020-02-06)](#010-alpha5-2020-02-06) - - [Documentation](#documentation-24) + - [Documentation](#documentation-25) - [Features](#features-19) - [0.1.0-alpha.4 (2020-02-06)](#010-alpha4-2020-02-06) - [Continuous Integration](#continuous-integration) - - [Documentation](#documentation-25) + - [Documentation](#documentation-26) - [0.1.0-alpha.3 (2020-02-06)](#010-alpha3-2020-02-06) - [Continuous Integration](#continuous-integration-1) - [0.1.0-alpha.2 (2020-02-03)](#010-alpha2-2020-02-03) - [Bug Fixes](#bug-fixes-31) - - [Documentation](#documentation-26) + - [Documentation](#documentation-27) - [Features](#features-20) - [Unclassified](#unclassified-10) - [0.1.0-alpha.1 (2020-01-31)](#010-alpha1-2020-01-31) - - [Documentation](#documentation-27) + - [Documentation](#documentation-28) - [0.0.3-alpha.15 (2020-01-31)](#003-alpha15-2020-01-31) - [Unclassified](#unclassified-11) - [0.0.3-alpha.14 (2020-01-31)](#003-alpha14-2020-01-31) @@ -245,12 +246,12 @@ - [Unclassified](#unclassified-22) - [0.0.1-alpha.3 (2020-01-28)](#001-alpha3-2020-01-28) - [Continuous Integration](#continuous-integration-6) - - [Documentation](#documentation-28) + - [Documentation](#documentation-29) - [Unclassified](#unclassified-23) -# [](https://github.com/ory/kratos/compare/v0.9.0-alpha.3...v) (2022-04-20) +# [](https://github.com/ory/kratos/compare/v0.9.0-alpha.3...v) (2022-04-24) ## Breaking Changes This patch moves several CLI command to comply with the Ory CLI command structure: @@ -288,25 +289,36 @@ This patch moves several CLI command to comply with the Ory CLI command structur The default mode is 0644, which is allows broader access than necessary. +* Compile issues from merge conflict ([#2419](https://github.com/ory/kratos/issues/2419)) ([85a90c8](https://github.com/ory/kratos/commit/85a90c892d785b834cbdf8d029315550210444e2)) * **courier:** Add ability to specify backoff ([#2349](https://github.com/ory/kratos/issues/2349)) ([bf970f3](https://github.com/ory/kratos/commit/bf970f32f571164b8081f09f602a3473e079194e)) * Do not expose debug in a response when a schema is not found ([#2348](https://github.com/ory/kratos/issues/2348)) ([aee2b1e](https://github.com/ory/kratos/commit/aee2b1ed1189b57fcbb1aaa456444d5121be94b1)) * **Dockerfile:** Use existing builder base image ([#2390](https://github.com/ory/kratos/issues/2390)) ([37de25a](https://github.com/ory/kratos/commit/37de25a541a24e03407ecf344fb750775e48c782)) +* Get user first name and last name from Apple ([#2331](https://github.com/ory/kratos/issues/2331)) ([4779909](https://github.com/ory/kratos/commit/47799098b35ea1cf5a1163f57d872a5bb2242d97)) * Load return_to and append to errors ([#2333](https://github.com/ory/kratos/issues/2333)) ([5efe4a3](https://github.com/ory/kratos/commit/5efe4a33e35e74d248d4eec43dc901b7b6334037)), closes [#2275](https://github.com/ory/kratos/issues/2275) [#2279](https://github.com/ory/kratos/issues/2279) [#2285](https://github.com/ory/kratos/issues/2285) * Refresh is always false when session exists ([d3436d7](https://github.com/ory/kratos/commit/d3436d7fa17589d91e25c9f0bd66bc3bb5b150fa)), closes [#2341](https://github.com/ory/kratos/issues/2341) * Remove required legacy field ([#2410](https://github.com/ory/kratos/issues/2410)) ([638d45c](https://github.com/ory/kratos/commit/638d45caf480b7287c9762cbf3c593217f40e3e8)) * **sdk:** Improved OpenAPI specifications for UI nodes ([#2375](https://github.com/ory/kratos/issues/2375)) ([a42a0f7](https://github.com/ory/kratos/commit/a42a0f772af3625c457032d6dcc34289a62acc61)), closes [#2357](https://github.com/ory/kratos/issues/2357) * Serve.admin.request_log.disable_for_health behaviour ([#2399](https://github.com/ory/kratos/issues/2399)) ([0a381fa](https://github.com/ory/kratos/commit/0a381fa3d702f77e614d0492dafa3ac2cd102c7e)) * Use `path` instead of `filepath` to join http route paths ([16b1244](https://github.com/ory/kratos/commit/16b12449c841bf7a237fe436b884b4b5012cd022)), closes [#2292](https://github.com/ory/kratos/issues/2292) +* Use pointer of string for PasswordIdentifier in example code ([#2421](https://github.com/ory/kratos/issues/2421)) ([61f12e7](https://github.com/ory/kratos/commit/61f12e7579c7c337d0f415ac2b4029790c659c3d)) ### Code Refactoring * Move CLI commands to match Ory CLI structure ([73910a3](https://github.com/ory/kratos/commit/73910a329b1ee46de2607c7ab1958ef2fb6de5f4)) +### Documentation + +* Remove notice importing credentials not possible ([#2418](https://github.com/ory/kratos/issues/2418)) ([b80ed69](https://github.com/ory/kratos/commit/b80ed6955518003ae6b7f647dffd2d49cc999fbc)) + ### Features * Add certificate based authentication for smtp client ([#2351](https://github.com/ory/kratos/issues/2351)) ([7200037](https://github.com/ory/kratos/commit/72000375c028f5f7f9cb0d0b1b02f8aa09503e4f)) * Add session renew capabilities ([#2146](https://github.com/ory/kratos/issues/2146)) ([4348b86](https://github.com/ory/kratos/commit/4348b8640a282cd61fe30961faba5753e2af8bb0)), closes [#615](https://github.com/ory/kratos/issues/615) * Add support for netID provider ([#2394](https://github.com/ory/kratos/issues/2394)) ([ee7fc79](https://github.com/ory/kratos/commit/ee7fc79d49cd6d8f2985809585d1675c8e2ed376)) +* **identity:** Add admin and public metadata fields ([562e340](https://github.com/ory/kratos/commit/562e340fe980e7c65ab3fc41f82a2a8899a33bfa)), closes [#2388](https://github.com/ory/kratos/issues/2388) [#47](https://github.com/ory/kratos/issues/47): + + This patch adds two new keys to identities, `metadata_public` and `metadata_admin` that can be used to store additional metadata about identities in Ory. + * Read subject id from https://graph.microsoft.com/v1.0/me for microsoft ([#2347](https://github.com/ory/kratos/issues/2347)) ([852f24f](https://github.com/ory/kratos/commit/852f24fb5cd8576f3f6d35017ce85e4fa1c51c95)): Adds the ability to read the OIDC subject ID from the `https://graph.microsoft.com/v1.0/me` endpoint. This introduces a new field `subject_source` to the OIDC configuration. From 5a50231b553aaa64bd90a3d2cd1be9d2e3aba9ac Mon Sep 17 00:00:00 2001 From: VeenaInd <104088519+VeenaInd@users.noreply.github.com> Date: Tue, 26 Apr 2022 17:44:15 +0530 Subject: [PATCH 015/411] fix: Internal Server Error on Empty PUT /identities/id body (#2417) --- identity/handler.go | 12 +++++++++--- identity/handler_test.go | 20 +++++++++++++++++++- 2 files changed, 28 insertions(+), 4 deletions(-) diff --git a/identity/handler.go b/identity/handler.go index 7769dbc2335a..0b28459a0b5a 100644 --- a/identity/handler.go +++ b/identity/handler.go @@ -17,6 +17,7 @@ import ( "github.com/julienschmidt/httprouter" "github.com/pkg/errors" + "github.com/ory/x/decoderx" "github.com/ory/x/jsonx" "github.com/ory/x/sqlxx" "github.com/ory/x/urlx" @@ -42,7 +43,8 @@ type ( IdentityHandler() *Handler } Handler struct { - r handlerDependencies + r handlerDependencies + dx *decoderx.HTTP } ) @@ -51,7 +53,10 @@ func (h *Handler) Config(ctx context.Context) *config.Config { } func NewHandler(r handlerDependencies) *Handler { - return &Handler{r: r} + return &Handler{ + r: r, + dx: decoderx.NewHTTP(), + } } func (h *Handler) RegisterPublicRoutes(public *x.RouterPublic) { @@ -435,7 +440,8 @@ type AdminUpdateIdentityBody struct { // 500: jsonError func (h *Handler) update(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { var ur AdminUpdateIdentityBody - if err := errors.WithStack(jsonx.NewStrictDecoder(r.Body).Decode(&ur)); err != nil { + if err := h.dx.Decode(r, &ur, + decoderx.HTTPJSONDecoder()); err != nil { h.r.Writer().WriteError(w, r, err) return } diff --git a/identity/handler_test.go b/identity/handler_test.go index 7b33eb344231..74abadba0d76 100644 --- a/identity/handler_test.go +++ b/identity/handler_test.go @@ -73,7 +73,9 @@ func TestHandler(t *testing.T) { var send = func(t *testing.T, base *httptest.Server, method, href string, expectCode int, send interface{}) gjson.Result { var b bytes.Buffer - require.NoError(t, json.NewEncoder(&b).Encode(send)) + if send != nil { + require.NoError(t, json.NewEncoder(&b).Encode(send)) + } req, err := http.NewRequest(method, base.URL+href, &b) require.NoError(t, err) req.Header.Set("Content-Type", "application/json") @@ -673,6 +675,22 @@ func TestHandler(t *testing.T) { } }) + t.Run("case=should fail to update identity if input json is empty or json file does not exist", func(t *testing.T) { + for name, ts := range map[string]*httptest.Server{"public": publicTS, "admin": adminTS} { + t.Run("endpoint="+name, func(t *testing.T) { + var cr identity.AdminCreateIdentityBody + cr.SchemaID = "employee" + cr.Traits = []byte(`{"email":"` + x.NewUUID().String() + `@ory.sh", "department": "ory"}`) + res := send(t, ts, "POST", "/identities", http.StatusCreated, &cr) + + id := res.Get("id").String() + res = send(t, ts, "PUT", "/identities/"+id, http.StatusBadRequest, nil) + assert.Contains(t, res.Get("error.reason").String(), `Unable to decode HTTP Request Body because its HTTP `+ + `Header "Content-Length" is zero`, "%s", res.Raw) + }) + } + }) + t.Run("case=should list all identities", func(t *testing.T) { for name, ts := range map[string]*httptest.Server{"public": publicTS, "admin": adminTS} { t.Run("endpoint="+name, func(t *testing.T) { From 77f5bbd6cf6383c14de1e4666a180d9ce5d2e0b3 Mon Sep 17 00:00:00 2001 From: ory-bot <60093411+ory-bot@users.noreply.github.com> Date: Tue, 26 Apr 2022 13:00:03 +0000 Subject: [PATCH 016/411] autogen(docs): regenerate and update changelog [skip ci] --- CHANGELOG.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 8e9dde13bc69..73ca4dd0a8c8 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,7 +4,7 @@ **Table of Contents** -- [ (2022-04-24)](#2022-04-24) +- [ (2022-04-26)](#2022-04-26) - [Breaking Changes](#breaking-changes) - [Bug Fixes](#bug-fixes) - [Code Refactoring](#code-refactoring) @@ -251,7 +251,7 @@ -# [](https://github.com/ory/kratos/compare/v0.9.0-alpha.3...v) (2022-04-24) +# [](https://github.com/ory/kratos/compare/v0.9.0-alpha.3...v) (2022-04-26) ## Breaking Changes This patch moves several CLI command to comply with the Ory CLI command structure: @@ -294,6 +294,7 @@ This patch moves several CLI command to comply with the Ory CLI command structur * Do not expose debug in a response when a schema is not found ([#2348](https://github.com/ory/kratos/issues/2348)) ([aee2b1e](https://github.com/ory/kratos/commit/aee2b1ed1189b57fcbb1aaa456444d5121be94b1)) * **Dockerfile:** Use existing builder base image ([#2390](https://github.com/ory/kratos/issues/2390)) ([37de25a](https://github.com/ory/kratos/commit/37de25a541a24e03407ecf344fb750775e48c782)) * Get user first name and last name from Apple ([#2331](https://github.com/ory/kratos/issues/2331)) ([4779909](https://github.com/ory/kratos/commit/47799098b35ea1cf5a1163f57d872a5bb2242d97)) +* Internal Server Error on Empty PUT /identities/id body ([#2417](https://github.com/ory/kratos/issues/2417)) ([5a50231](https://github.com/ory/kratos/commit/5a50231b553aaa64bd90a3d2cd1be9d2e3aba9ac)) * Load return_to and append to errors ([#2333](https://github.com/ory/kratos/issues/2333)) ([5efe4a3](https://github.com/ory/kratos/commit/5efe4a33e35e74d248d4eec43dc901b7b6334037)), closes [#2275](https://github.com/ory/kratos/issues/2275) [#2279](https://github.com/ory/kratos/issues/2279) [#2285](https://github.com/ory/kratos/issues/2285) * Refresh is always false when session exists ([d3436d7](https://github.com/ory/kratos/commit/d3436d7fa17589d91e25c9f0bd66bc3bb5b150fa)), closes [#2341](https://github.com/ory/kratos/issues/2341) * Remove required legacy field ([#2410](https://github.com/ory/kratos/issues/2410)) ([638d45c](https://github.com/ory/kratos/commit/638d45caf480b7287c9762cbf3c593217f40e3e8)) From 121a4d3fc0f396e8da50ad1985cacf68a5c85a12 Mon Sep 17 00:00:00 2001 From: Anirudh Oppiliappan Date: Fri, 29 Apr 2022 16:13:59 +0530 Subject: [PATCH 017/411] feat: switch to opentelemetry tracing (#2318) Co-authored-by: ory-bot <60093411+ory-bot@users.noreply.github.com> --- .github/workflows/ci.yaml | 2 +- .orycli.yml | 1 + .schemastore/README.md | 3 + .schemastore/config.schema.json | 2350 ++++++++++++++++++++++++ cmd/courier/watch.go | 10 +- cmd/daemon/serve.go | 21 +- driver/config/config.go | 4 +- driver/registry.go | 4 +- driver/registry_default.go | 13 +- embedx/config.schema.json | 155 +- embedx/embedx.go | 6 + go.mod | 109 +- go.sum | 270 +-- persistence/sql/persister_hmac_test.go | 5 +- quickstart-tracing.yml | 34 - script/render-schemas.sh | 13 + x/provider.go | 5 +- 17 files changed, 2543 insertions(+), 462 deletions(-) create mode 100644 .schemastore/README.md create mode 100644 .schemastore/config.schema.json create mode 100755 script/render-schemas.sh diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index ddc482f7fbe2..e93192a9b15f 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -259,7 +259,7 @@ jobs: - uses: ory/ci/releaser/render-version-schema@master with: token: ${{ secrets.ORY_BOT_PAT }} - schema-path: embedx/config.schema.json + schema-path: .schemastore/config.schema.json newsletter-draft: name: Draft newsletter diff --git a/.orycli.yml b/.orycli.yml index 49a0827e4888..f5518b78aa8e 100644 --- a/.orycli.yml +++ b/.orycli.yml @@ -2,3 +2,4 @@ project: kratos pre_release_hooks: - make sdk + - ./scripts/render-schemas.sh diff --git a/.schemastore/README.md b/.schemastore/README.md new file mode 100644 index 000000000000..6c96b02fb79d --- /dev/null +++ b/.schemastore/README.md @@ -0,0 +1,3 @@ +The config schema is generated from the internal one at +`embedx/config.schema.json`, so in case of changes to the config schema, +please edit that internal schema instead. diff --git a/.schemastore/config.schema.json b/.schemastore/config.schema.json new file mode 100644 index 000000000000..f24258a24753 --- /dev/null +++ b/.schemastore/config.schema.json @@ -0,0 +1,2350 @@ +{ + "$id": "https://github.com/ory/kratos/embedx/config.schema.json", + "$schema": "http://json-schema.org/draft-07/schema#", + "title": "Ory Kratos Configuration", + "type": "object", + "definitions": { + "baseUrl": { + "title": "Base URL", + "description": "The URL where the endpoint is exposed at. This domain is used to generate redirects, form URLs, and more.", + "type": "string", + "format": "uri-reference", + "examples": [ + "https://my-app.com/", + "https://my-app.com/.ory/kratos/public" + ] + }, + "socket": { + "type": "object", + "additionalProperties": false, + "description": "Sets the permissions of the unix socket", + "properties": { + "owner": { + "type": "string", + "description": "Owner of unix socket. If empty, the owner will be the user running Kratos.", + "default": "" + }, + "group": { + "type": "string", + "description": "Group of unix socket. If empty, the group will be the primary group of the user running Kratos.", + "default": "" + }, + "mode": { + "type": "integer", + "description": "Mode of unix socket in numeric form", + "default": 493, + "minimum": 0, + "maximum": 511 + } + } + }, + "defaultReturnTo": { + "title": "Redirect browsers to set URL per default", + "description": "Ory Kratos redirects to this URL per default on completion of self-service flows and other browser interaction. Read this [article for more information on browser redirects](https://www.ory.sh/kratos/docs/concepts/browser-redirect-flow-completion).", + "type": "string", + "format": "uri-reference", + "examples": [ + "https://my-app.com/dashboard", + "/dashboard" + ] + }, + "selfServiceSessionRevokerHook": { + "type": "object", + "properties": { + "hook": { + "const": "revoke_active_sessions" + } + }, + "additionalProperties": false, + "required": [ + "hook" + ] + }, + "selfServiceSessionIssuerHook": { + "type": "object", + "properties": { + "hook": { + "const": "session" + } + }, + "additionalProperties": false, + "required": [ + "hook" + ] + }, + "selfServiceRequireVerifiedAddressHook": { + "type": "object", + "properties": { + "hook": { + "const": "require_verified_address" + } + }, + "additionalProperties": false, + "required": [ + "hook" + ] + }, + "webHookAuthBasicAuthProperties": { + "properties": { + "type": { + "const": "basic_auth" + }, + "config": { + "type": "object", + "properties": { + "user": { + "type": "string", + "description": "user name for basic auth" + }, + "password": { + "type": "string", + "description": "password for basic auth" + } + }, + "additionalProperties": false, + "required": [ + "user", + "password" + ] + } + }, + "additionalProperties": false, + "required": [ + "type", + "config" + ] + }, + "webHookAuthApiKeyProperties": { + "properties": { + "type": { + "const": "api_key" + }, + "config": { + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "The name of the api key" + }, + "value": { + "type": "string", + "description": "The value of the api key" + }, + "in": { + "type": "string", + "description": "How the api key should be transferred", + "enum": [ + "header", + "cookie" + ] + } + }, + "additionalProperties": false, + "required": [ + "name", + "value", + "in" + ] + } + }, + "additionalProperties": false, + "required": [ + "type", + "config" + ] + }, + "selfServiceWebHook": { + "type": "object", + "properties": { + "hook": { + "const": "web_hook" + }, + "config": { + "type": "object", + "title": "Web-Hook Configuration", + "description": "Define what the hook should do", + "properties": { + "response": { + "title": "Response Handling", + "description": "How the web hook should handle the response", + "type": "object", + "additionalProperties": false, + "properties": { + "ignore": { + "type": "boolean", + "description": "Ignore the response from the web hook. If enabled the request will be made asynchronously which can be useful if you only wish to notify another system but do not parse the response.", + "default": false + } + } + }, + "url": { + "type": "string", + "description": "The URL the Web-Hook should call", + "format": "uri" + }, + "method": { + "type": "string", + "description": "The HTTP method to use (GET, POST, etc)." + }, + "body": { + "type": "string", + "oneOf": [ + { + "format": "uri", + "pattern": "^(http|https|file|base64)://", + "description": "URI pointing to the jsonnet template used for payload generation. Only used for those HTTP methods, which support HTTP body payloads", + "examples": [ + "file:///path/to/body.jsonnet", + "file://./body.jsonnet", + "base64://ZnVuY3Rpb24oY3R4KSB7CiAgaWRlbnRpdHlfaWQ6IGlmIGN0eFsiaWRlbnRpdHkiXSAhPSBudWxsIHRoZW4gY3R4LmlkZW50aXR5LmlkLAp9=", + "https://oryapis.com/default_body.jsonnet" + ] + }, + { + "description": "DEPRECATED: please use a URI instead (i.e. prefix your filepath with 'file://')", + "not": { + "pattern": "^(http|https|file|base64)://" + } + } + ] + }, + "auth": { + "type": "object", + "title": "Auth mechanisms", + "description": "Define which auth mechanism the Web-Hook should use", + "oneOf": [ + { + "$ref": "#/definitions/webHookAuthApiKeyProperties" + }, + { + "$ref": "#/definitions/webHookAuthBasicAuthProperties" + } + ] + }, + "additionalProperties": false + }, + "additionalProperties": false, + "required": [ + "url", + "method" + ] + } + }, + "additionalProperties": false, + "required": [ + "hook", + "config" + ] + }, + "OIDCClaims": { + "title": "OpenID Connect claims", + "description": "The OpenID Connect claims and optionally their properties which should be included in the id_token or returned from the UserInfo Endpoint.", + "type": "object", + "examples": [ + { + "id_token": { + "email": null, + "email_verified": null + } + }, + { + "userinfo": { + "given_name": { + "essential": true + }, + "nickname": null, + "email": { + "essential": true + }, + "email_verified": { + "essential": true + }, + "picture": null, + "http://example.info/claims/groups": null + }, + "id_token": { + "auth_time": { + "essential": true + }, + "acr": { + "values": [ + "urn:mace:incommon:iap:silver" + ] + } + } + } + ], + "patternProperties": { + "^userinfo$|^id_token$": { + "type": "object", + "additionalProperties": false, + "patternProperties": { + ".*": { + "oneOf": [ + { + "const": null, + "description": "Indicates that this Claim is being requested in the default manner." + }, + { + "type": "object", + "additionalProperties": false, + "properties": { + "essential": { + "description": "Indicates whether the Claim being requested is an Essential Claim.", + "type": "boolean" + }, + "value": { + "description": "Requests that the Claim be returned with a particular value.", + "$comment": "There seem to be no constrains on value" + }, + "values": { + "description": "Requests that the Claim be returned with one of a set of values, with the values appearing in order of preference.", + "type": "array", + "items": { + "$comment": "There seem to be no constrains on individual items" + } + } + } + } + ] + } + } + } + } + }, + "selfServiceOIDCProvider": { + "type": "object", + "properties": { + "id": { + "type": "string", + "examples": [ + "google" + ] + }, + "provider": { + "title": "Provider", + "description": "Can be one of github, github-app, gitlab, generic, google, microsoft, discord, slack, facebook, auth0, vk, yandex, spotify.", + "type": "string", + "enum": [ + "github", + "github-app", + "gitlab", + "generic", + "google", + "microsoft", + "discord", + "slack", + "facebook", + "auth0", + "vk", + "yandex", + "apple", + "spotify" + ], + "examples": [ + "google" + ] + }, + "label": { + "title": "Optional string which will be used when generating labels for UI buttons.", + "type": "string" + }, + "client_id": { + "type": "string" + }, + "client_secret": { + "type": "string" + }, + "issuer_url": { + "type": "string", + "format": "uri", + "examples": [ + "https://accounts.google.com" + ] + }, + "auth_url": { + "type": "string", + "format": "uri", + "examples": [ + "https://accounts.google.com/o/oauth2/v2/auth" + ] + }, + "token_url": { + "type": "string", + "format": "uri", + "examples": [ + "https://www.googleapis.com/oauth2/v4/token" + ] + }, + "mapper_url": { + "title": "Jsonnet Mapper URL", + "description": "The URL where the jsonnet source is located for mapping the provider's data to Ory Kratos data.", + "type": "string", + "format": "uri", + "examples": [ + "file://path/to/oidc.jsonnet", + "https://foo.bar.com/path/to/oidc.jsonnet", + "base64://bG9jYWwgc3ViamVjdCA9I..." + ] + }, + "scope": { + "type": "array", + "items": { + "type": "string", + "examples": [ + "offline_access", + "profile" + ] + } + }, + "microsoft_tenant": { + "title": "Azure AD Tenant", + "description": "The Azure AD Tenant to use for authentication.", + "type": "string", + "examples": [ + "common", + "organizations", + "consumers", + "8eaef023-2b34-4da1-9baa-8bc8c9d6a490", + "contoso.onmicrosoft.com" + ] + }, + "subject_source": { + "title": "Microsoft subject source", + "description": "Controls which source the subject identifier is taken from by microsoft provider. If set to `userinfo` (the default) then the identifier is taken from the `sub` field of OIDC ID token or data received from `/userinfo` standard OIDC endpoint. If set to `me` then the `id` field of data structure received from `https://graph.microsoft.com/v1.0/me` is taken as an identifier.", + "type": "string", + "enum": [ + "userinfo", + "me" + ], + "default": "userinfo", + "examples": [ + "userinfo" + ] + }, + "apple_team_id": { + "title": "Apple Developer Team ID", + "description": "Apple Developer Team ID needed for generating a JWT token for client secret", + "type": "string", + "examples": [ + "KP76DQS54M" + ] + }, + "apple_private_key_id": { + "title": "Apple Private Key Identifier", + "description": "Sign In with Apple Private Key Identifier needed for generating a JWT token for client secret", + "type": "string", + "examples": [ + "UX56C66723" + ] + }, + "apple_private_key": { + "title": "Apple Private Key", + "description": "Sign In with Apple Private Key needed for generating a JWT token for client secret", + "type": "string", + "examples": [ + "-----BEGIN PRIVATE KEY-----\n........\n-----END PRIVATE KEY-----" + ] + }, + "requested_claims": { + "$ref": "#/definitions/OIDCClaims" + } + }, + "additionalProperties": false, + "required": [ + "id", + "provider", + "client_id", + "mapper_url" + ], + "allOf": [ + { + "if": { + "properties": { + "provider": { + "const": "microsoft" + } + }, + "required": [ + "provider" + ] + }, + "then": { + "required": [ + "microsoft_tenant" + ] + }, + "else": { + "not": { + "properties": { + "microsoft_tenant": {} + }, + "required": [ + "microsoft_tenant" + ] + } + } + }, + { + "if": { + "properties": { + "provider": { + "const": "apple" + } + }, + "required": [ + "provider" + ] + }, + "then": { + "not": { + "properties": { + "client_secret": { + "type": "string", + "minLength": 1 + } + }, + "required": [ + "client_secret" + ] + }, + "required": [ + "apple_private_key_id", + "apple_private_key", + "apple_team_id" + ] + }, + "else": { + "required": [ + "client_secret" + ], + "allOf": [ + { + "not": { + "properties": { + "apple_team_id": { + "type": "string", + "minLength": 1 + } + }, + "required": [ + "apple_team_id" + ] + } + }, + { + "not": { + "properties": { + "apple_private_key_id": { + "type": "string", + "minLength": 1 + } + }, + "required": [ + "apple_private_key_id" + ] + } + }, + { + "not": { + "properties": { + "apple_private_key": { + "type": "string", + "minLength": 1 + } + }, + "required": [ + "apple_private_key" + ] + } + } + ] + } + } + ] + }, + "selfServiceHooks": { + "type": "array", + "items": { + "anyOf": [ + { + "$ref": "#/definitions/selfServiceWebHook" + } + ] + }, + "uniqueItems": true, + "additionalItems": false + }, + "selfServiceAfterRecoveryHooks": { + "type": "array", + "items": { + "anyOf": [ + { + "$ref": "#/definitions/selfServiceWebHook" + }, + { + "$ref": "#/definitions/selfServiceSessionRevokerHook" + } + ] + }, + "uniqueItems": true, + "additionalItems": false + }, + "selfServiceAfterSettingsMethod": { + "type": "object", + "additionalProperties": false, + "properties": { + "default_browser_return_url": { + "$ref": "#/definitions/defaultReturnTo" + }, + "hooks": { + "type": "array", + "items": { + "anyOf": [ + { + "$ref": "#/definitions/selfServiceWebHook" + } + ] + }, + "uniqueItems": true, + "additionalItems": false + } + } + }, + "selfServiceAfterDefaultLoginMethod": { + "type": "object", + "additionalProperties": false, + "properties": { + "default_browser_return_url": { + "$ref": "#/definitions/defaultReturnTo" + }, + "hooks": { + "type": "array", + "items": { + "anyOf": [ + { + "$ref": "#/definitions/selfServiceSessionRevokerHook" + }, + { + "$ref": "#/definitions/selfServiceRequireVerifiedAddressHook" + }, + { + "$ref": "#/definitions/selfServiceWebHook" + } + ] + }, + "uniqueItems": true, + "additionalItems": false + } + } + }, + "selfServiceAfterOIDCLoginMethod": { + "type": "object", + "additionalProperties": false, + "properties": { + "default_browser_return_url": { + "$ref": "#/definitions/defaultReturnTo" + }, + "hooks": { + "type": "array", + "items": { + "anyOf": [ + { + "$ref": "#/definitions/selfServiceSessionRevokerHook" + }, + { + "$ref": "#/definitions/selfServiceWebHook" + } + ] + }, + "uniqueItems": true, + "additionalItems": false + } + } + }, + "selfServiceAfterRegistrationMethod": { + "type": "object", + "additionalProperties": false, + "properties": { + "default_browser_return_url": { + "$ref": "#/definitions/defaultReturnTo" + }, + "hooks": { + "type": "array", + "items": { + "anyOf": [ + { + "$ref": "#/definitions/selfServiceSessionIssuerHook" + }, + { + "$ref": "#/definitions/selfServiceWebHook" + } + ] + }, + "uniqueItems": true, + "additionalItems": false + } + } + }, + "featureRequiredAal": { + "title": "Required Authenticator Assurance Level", + "description": "Sets what Authenticator Assurance Level (used for 2FA) is required to access this feature. If set to `highest_available` then this endpoint requires the highest AAL the identity has set up. If set to `aal1` then the identity can access this feature without 2FA.", + "type": "string", + "enum": [ + "aal1", + "highest_available" + ], + "default": "highest_available" + }, + "selfServiceAfterSettings": { + "type": "object", + "additionalProperties": false, + "properties": { + "default_browser_return_url": { + "$ref": "#/definitions/defaultReturnTo" + }, + "password": { + "$ref": "#/definitions/selfServiceAfterSettingsMethod" + }, + "profile": { + "$ref": "#/definitions/selfServiceAfterSettingsMethod" + }, + "hooks": { + "$ref": "#/definitions/selfServiceHooks" + } + } + }, + "selfServiceBeforeLogin": { + "type": "object", + "additionalProperties": false, + "properties": { + "hooks": { + "$ref": "#/definitions/selfServiceHooks" + } + } + }, + "selfServiceAfterLogin": { + "type": "object", + "additionalProperties": false, + "properties": { + "default_browser_return_url": { + "$ref": "#/definitions/defaultReturnTo" + }, + "password": { + "$ref": "#/definitions/selfServiceAfterDefaultLoginMethod" + }, + "webauthn": { + "$ref": "#/definitions/selfServiceAfterDefaultLoginMethod" + }, + "oidc": { + "$ref": "#/definitions/selfServiceAfterOIDCLoginMethod" + }, + "hooks": { + "$ref": "#/definitions/selfServiceHooks" + } + } + }, + "selfServiceBeforeRegistration": { + "type": "object", + "additionalProperties": false, + "properties": { + "hooks": { + "$ref": "#/definitions/selfServiceHooks" + } + } + }, + "selfServiceAfterRegistration": { + "type": "object", + "additionalProperties": false, + "properties": { + "default_browser_return_url": { + "$ref": "#/definitions/defaultReturnTo" + }, + "password": { + "$ref": "#/definitions/selfServiceAfterRegistrationMethod" + }, + "webauthn": { + "$ref": "#/definitions/selfServiceAfterRegistrationMethod" + }, + "oidc": { + "$ref": "#/definitions/selfServiceAfterRegistrationMethod" + }, + "hooks": { + "$ref": "#/definitions/selfServiceHooks" + } + } + }, + "selfServiceAfterVerification": { + "type": "object", + "additionalProperties": false, + "properties": { + "default_browser_return_url": { + "$ref": "#/definitions/defaultReturnTo" + }, + "hooks": { + "$ref": "#/definitions/selfServiceHooks" + } + } + }, + "selfServiceAfterRecovery": { + "type": "object", + "properties": { + "default_browser_return_url": { + "$ref": "#/definitions/defaultReturnTo" + }, + "hooks": { + "$ref": "#/definitions/selfServiceAfterRecoveryHooks" + } + }, + "additionalProperties": false + }, + "tlsxSource": { + "type": "object", + "additionalProperties": false, + "properties": { + "path": { + "title": "Path to PEM-encoded Fle", + "type": "string", + "examples": [ + "path/to/file.pem" + ] + }, + "base64": { + "title": "Base64 Encoded Inline", + "description": "The base64 string of the PEM-encoded file content. Can be generated using for example `base64 -i path/to/file.pem`.", + "type": "string", + "examples": [ + "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tXG5NSUlEWlRDQ0FrMmdBd0lCQWdJRVY1eE90REFOQmdr..." + ] + } + } + }, + "tlsx": { + "title": "HTTPS", + "description": "Configure HTTP over TLS (HTTPS). All options can also be set using environment variables by replacing dots (`.`) with underscores (`_`) and uppercasing the key. For example, `some.prefix.tls.key.path` becomes `export SOME_PREFIX_TLS_KEY_PATH`. If all keys are left undefined, TLS will be disabled.", + "type": "object", + "additionalProperties": false, + "properties": { + "key": { + "title": "Private Key (PEM)", + "allOf": [ + { + "$ref": "#/definitions/tlsxSource" + } + ] + }, + "cert": { + "title": "TLS Certificate (PEM)", + "allOf": [ + { + "$ref": "#/definitions/tlsxSource" + } + ] + } + } + }, + "courierTemplates": { + "additionalProperties": false, + "type": "object", + "properties": { + "invalid": { + "additionalProperties": false, + "type": "object", + "properties": { + "email": { + "$ref": "#/definitions/emailCourierTemplate" + } + }, + "required": [ + "email" + ] + }, + "valid": { + "additionalProperties": false, + "type": "object", + "properties": { + "email": { + "$ref": "#/definitions/emailCourierTemplate" + } + }, + "required": [ + "email" + ] + } + } + }, + "emailCourierTemplate": { + "additionalProperties": false, + "type": "object", + "properties": { + "body": { + "additionalProperties": false, + "type": "object", + "properties": { + "plaintext": { + "type": "string", + "description": "The fallback template for email clients that do not support html.", + "format": "uri", + "examples": [ + "file://path/to/body.plaintext.gotmpl", + "https://foo.bar.com/path/to/body.plaintext.gotmpl", + "base64://e3sgZGVmaW5lIGFmLVpBIH19CkhhbGxvLAoKSGVyc3RlbCBqb3UgcmVrZW5pbmcgZGV1ciBoaWVyZGllIHNrYWtlbCB0ZSB2b2xnOgp7ey0gZW5kIC19fQoKe3sgZGVmaW5lIGVuLVVTIH19CkhpLAoKcGxlYXNlIHJlY292ZXIgYWNjZXNzIHRvIHlvdXIgYWNjb3VudCBieSBjbGlja2luZyB0aGUgZm9sbG93aW5nIGxpbms6Cnt7LSBlbmQgLX19Cgp7ey0gaWYgZXEgLmxhbmcgImFmLVpBIiAtfX0KCnt7IHRlbXBsYXRlICJhZi1aQSIgLiB9fQoKe3stIGVsc2UgLX19Cgp7eyB0ZW1wbGF0ZSAiZW4tVVMiIH19Cgp7ey0gZW5kIC19fQp7eyAuUmVjb3ZlcnlVUkwgfX0K" + ] + }, + "html": { + "type": "string", + "description": "The default template used for sending out emails. The template can contain HTML ", + "format": "uri", + "examples": [ + "file://path/to/body.html.gotmpl", + "https://foo.bar.com/path/to/body.html.gotmpl", + "base64://e3sgZGVmaW5lIGFmLVpBIH19CkhhbGxvLAoKSGVyc3RlbCBqb3UgcmVrZW5pbmcgZGV1ciBoaWVyZGllIHNrYWtlbCB0ZSB2b2xnOgp7ey0gZW5kIC19fQoKe3sgZGVmaW5lIGVuLVVTIH19CkhpLAoKcGxlYXNlIHJlY292ZXIgYWNjZXNzIHRvIHlvdXIgYWNjb3VudCBieSBjbGlja2luZyB0aGUgZm9sbG93aW5nIGxpbms6Cnt7LSBlbmQgLX19Cgp7ey0gaWYgZXEgLmxhbmcgImFmLVpBIiAtfX0KCnt7IHRlbXBsYXRlICJhZi1aQSIgLiB9fQoKe3stIGVsc2UgLX19Cgp7eyB0ZW1wbGF0ZSAiZW4tVVMiIH19Cgp7ey0gZW5kIC19fQo8YSBocmVmPSJ7eyAuUmVjb3ZlcnlVUkwgfX0iPnt7IC5SZWNvdmVyeVVSTCB9fTwvYT4" + ] + } + } + }, + "subject": { + "type": "string", + "format": "uri", + "examples": [ + "file://path/to/subject.gotmpl", + "https://foo.bar.com/path/to/subject.gotmpl", + "base64://e3sgZGVmaW5lIGFmLVpBIH19CkhhbGxvLAoKSGVyc3RlbCBqb3UgcmVrZW5pbmcgZGV1ciBoaWVyZGllIHNrYWtlbCB0ZSB2b2xnOgp7ey0gZW5kIC19fQoKe3sgZGVmaW5lIGVuLVVTIH19CkhpLAoKcGxlYXNlIHJlY292ZXIgYWNjZXNzIHRvIHlvdXIgYWNjb3VudCBieSBjbGlja2luZyB0aGUgZm9sbG93aW5nIGxpbms6Cnt7LSBlbmQgLX19Cgp7ey0gaWYgZXEgLmxhbmcgImFmLVpBIiAtfX0KCnt7IHRlbXBsYXRlICJhZi1aQSIgLiB9fQoKe3stIGVsc2UgLX19Cgp7eyB0ZW1wbGF0ZSAiZW4tVVMiIH19Cgp7ey0gZW5kIC19fQo8YSBocmVmPSJ7eyAuUmVjb3ZlcnlVUkwgfX0iPnt7IC5SZWNvdmVyeVVSTCB9fTwvYT4" + ] + } + } + } + }, + "properties": { + "selfservice": { + "type": "object", + "additionalProperties": false, + "required": [ + "default_browser_return_url" + ], + "properties": { + "default_browser_return_url": { + "$ref": "#/definitions/defaultReturnTo" + }, + "allowed_return_urls": { + "title": "Allowed Return To URLs", + "description": "List of URLs that are allowed to be redirected to. A redirection request is made by appending `?return_to=...` to Login, Registration, and other self-service flows.", + "type": "array", + "items": { + "type": "string", + "format": "uri-reference" + }, + "examples": [ + [ + "https://app.my-app.com/dashboard", + "/dashboard", + "https://www.my-app.com/" + ] + ], + "uniqueItems": true + }, + "flows": { + "type": "object", + "additionalProperties": false, + "properties": { + "settings": { + "type": "object", + "additionalProperties": false, + "properties": { + "ui_url": { + "title": "URL of the Settings page.", + "description": "URL where the Settings UI is hosted. Check the [reference implementation](https://github.com/ory/kratos-selfservice-ui-node).", + "type": "string", + "format": "uri-reference", + "examples": [ + "https://my-app.com/user/settings" + ], + "default": "https://www.ory.sh/kratos/docs/fallback/settings" + }, + "lifespan": { + "type": "string", + "pattern": "^([0-9]+(ns|us|ms|s|m|h))+$", + "default": "1h", + "examples": [ + "1h", + "1m", + "1s" + ] + }, + "privileged_session_max_age": { + "type": "string", + "pattern": "^([0-9]+(ns|us|ms|s|m|h))+$", + "default": "1h", + "examples": [ + "1h", + "1m", + "1s" + ] + }, + "required_aal": { + "$ref": "#/definitions/featureRequiredAal" + }, + "after": { + "$ref": "#/definitions/selfServiceAfterSettings" + } + } + }, + "logout": { + "type": "object", + "additionalProperties": false, + "properties": { + "after": { + "type": "object", + "additionalProperties": false, + "properties": { + "default_browser_return_url": { + "$ref": "#/definitions/defaultReturnTo" + } + } + } + } + }, + "registration": { + "type": "object", + "additionalProperties": false, + "properties": { + "enabled": { + "type": "boolean", + "title": "Enable User Registration", + "description": "If set to true will enable [User Registration](https://www.ory.sh/kratos/docs/self-service/flows/user-registration/).", + "default": true + }, + "ui_url": { + "title": "Registration UI URL", + "description": "URL where the Registration UI is hosted. Check the [reference implementation](https://github.com/ory/kratos-selfservice-ui-node).", + "type": "string", + "format": "uri-reference", + "examples": [ + "https://my-app.com/signup" + ], + "default": "https://www.ory.sh/kratos/docs/fallback/registration" + }, + "lifespan": { + "type": "string", + "pattern": "^([0-9]+(ns|us|ms|s|m|h))+$", + "default": "1h", + "examples": [ + "1h", + "1m", + "1s" + ] + }, + "before": { + "$ref": "#/definitions/selfServiceBeforeRegistration" + }, + "after": { + "$ref": "#/definitions/selfServiceAfterRegistration" + } + } + }, + "login": { + "type": "object", + "additionalProperties": false, + "properties": { + "ui_url": { + "title": "Login UI URL", + "description": "URL where the Login UI is hosted. Check the [reference implementation](https://github.com/ory/kratos-selfservice-ui-node).", + "type": "string", + "format": "uri-reference", + "examples": [ + "https://my-app.com/login" + ], + "default": "https://www.ory.sh/kratos/docs/fallback/login" + }, + "lifespan": { + "type": "string", + "pattern": "^([0-9]+(ns|us|ms|s|m|h))+$", + "default": "1h", + "examples": [ + "1h", + "1m", + "1s" + ] + }, + "before": { + "$ref": "#/definitions/selfServiceBeforeLogin" + }, + "after": { + "$ref": "#/definitions/selfServiceAfterLogin" + } + } + }, + "verification": { + "title": "Email and Phone Verification and Account Activation Configuration", + "type": "object", + "additionalProperties": false, + "properties": { + "enabled": { + "type": "boolean", + "title": "Enable Email/Phone Verification", + "description": "If set to true will enable [Email and Phone Verification and Account Activation](https://www.ory.sh/kratos/docs/self-service/flows/verify-email-account-activation/).", + "default": false + }, + "ui_url": { + "title": "Verify UI URL", + "description": "URL where the Ory Verify UI is hosted. This is the page where users activate and / or verify their email or telephone number. Check the [reference implementation](https://github.com/ory/kratos-selfservice-ui-node).", + "type": "string", + "format": "uri-reference", + "examples": [ + "https://my-app.com/verify" + ], + "default": "https://www.ory.sh/kratos/docs/fallback/verification" + }, + "after": { + "$ref": "#/definitions/selfServiceAfterVerification" + }, + "lifespan": { + "title": "Self-Service Verification Request Lifespan", + "description": "Sets how long the verification request (for the UI interaction) is valid.", + "type": "string", + "pattern": "^([0-9]+(ns|us|ms|s|m|h))+$", + "default": "1h", + "examples": [ + "1h", + "1m", + "1s" + ] + } + } + }, + "recovery": { + "title": "Account Recovery Configuration", + "type": "object", + "additionalProperties": false, + "properties": { + "enabled": { + "type": "boolean", + "title": "Enable Account Recovery", + "description": "If set to true will enable [Account Recovery](https://www.ory.sh/kratos/docs/self-service/flows/password-reset-account-recovery/).", + "default": false + }, + "ui_url": { + "title": "Recovery UI URL", + "description": "URL where the Ory Recovery UI is hosted. This is the page where users request and complete account recovery. Check the [reference implementation](https://github.com/ory/kratos-selfservice-ui-node).", + "type": "string", + "format": "uri-reference", + "examples": [ + "https://my-app.com/verify" + ], + "default": "https://www.ory.sh/kratos/docs/fallback/recovery" + }, + "after": { + "$ref": "#/definitions/selfServiceAfterRecovery" + }, + "lifespan": { + "title": "Self-Service Recovery Request Lifespan", + "description": "Sets how long the recovery request is valid. If expired, the user has to redo the flow.", + "type": "string", + "pattern": "^([0-9]+(ns|us|ms|s|m|h))+$", + "default": "1h", + "examples": [ + "1h", + "1m", + "1s" + ] + } + } + }, + "error": { + "type": "object", + "additionalProperties": false, + "properties": { + "ui_url": { + "title": "Ory Kratos Error UI URL", + "description": "URL where the Ory Kratos Error UI is hosted. Check the [reference implementation](https://github.com/ory/kratos-selfservice-ui-node).", + "type": "string", + "format": "uri-reference", + "examples": [ + "https://my-app.com/kratos-error" + ], + "default": "https://www.ory.sh/kratos/docs/fallback/error" + } + } + } + } + }, + "methods": { + "type": "object", + "additionalProperties": false, + "properties": { + "profile": { + "type": "object", + "additionalProperties": false, + "properties": { + "enabled": { + "type": "boolean", + "title": "Enables Profile Management Method", + "default": true + } + } + }, + "link": { + "type": "object", + "additionalProperties": false, + "properties": { + "enabled": { + "type": "boolean", + "title": "Enables Link Method", + "default": true + }, + "config": { + "type": "object", + "title": "Link Configuration", + "description": "Additional configuration for the link strategy.", + "properties": { + "base_url": { + "title": "Override the base URL which should be used as the base for recovery and verification links.", + "type": "string", + "examples": [ + "https://my-app.com" + ] + }, + "lifespan": { + "title": "How long a link is valid for", + "type": "string", + "pattern": "^([0-9]+(ns|us|ms|s|m|h))+$", + "default": "1h", + "examples": [ + "1h", + "1m", + "1s" + ] + } + } + } + } + }, + "password": { + "type": "object", + "additionalProperties": false, + "properties": { + "enabled": { + "type": "boolean", + "title": "Enables Username/Email and Password Method", + "default": true + }, + "config": { + "type": "object", + "title": "Password Configuration", + "description": "Define how passwords are validated.", + "properties": { + "haveibeenpwned_host": { + "title": "Custom haveibeenpwned host", + "description": "Allows changing the default HIBP host to a self hosted version.", + "type": "string", + "default": "api.pwnedpasswords.com" + }, + "haveibeenpwned_enabled": { + "title": "Enable the HaveIBeenPwned API", + "description": "If set to false the password validation does not utilize the Have I Been Pwnd API.", + "type": "boolean", + "default": true + }, + "max_breaches": { + "title": "Allow Password Breaches", + "description": "Defines how often a password may have been breached before it is rejected.", + "type": "integer", + "minimum": 0, + "maximum": 100, + "default": 0 + }, + "ignore_network_errors": { + "title": "Ignore Lookup Network Errors", + "description": "If set to false the password validation fails when the network or the Have I Been Pwnd API is down.", + "type": "boolean", + "default": true + }, + "min_password_length": { + "title": "Minimum Password Length", + "description": "Defines the minimum length of the password.", + "type": "integer", + "default": 8, + "minimum": 6 + }, + "identifier_similarity_check_enabled": { + "title": "Enable password-identifier similarity check", + "description": "If set to false the password validation does not check for similarity between the password and the user identifier.", + "type": "boolean", + "default": true + } + }, + "additionalProperties": false + } + } + }, + "totp": { + "type": "object", + "additionalProperties": false, + "properties": { + "enabled": { + "type": "boolean", + "title": "Enables the TOTP method", + "default": false + }, + "config": { + "type": "object", + "title": "TOTP Configuration", + "properties": { + "issuer": { + "title": "TOTP Issuer", + "description": "The issuer (e.g. a domain name) will be shown in the TOTP app (e.g. Google Authenticator). It helps the user differentiate between different codes.", + "type": "string" + } + }, + "additionalProperties": false + } + } + }, + "lookup_secret": { + "type": "object", + "additionalProperties": false, + "properties": { + "enabled": { + "type": "boolean", + "title": "Enables the lookup secret method", + "default": false + } + } + }, + "webauthn": { + "type": "object", + "additionalProperties": false, + "properties": { + "enabled": { + "type": "boolean", + "title": "Enables the WebAuthn method", + "default": false + }, + "config": { + "type": "object", + "title": "WebAuthn Configuration", + "properties": { + "passwordless": { + "type": "boolean", + "title": "Use For Passwordless Flows", + "description": "If enabled will have the effect that WebAuthn is used for passwordless flows (as a first factor) and not for multi-factor set ups. With this set to true, users will see an option to sign up with WebAuthn on the registration screen." + }, + "rp": { + "title": "Relying Party (RP) Config", + "required": [ + "id", + "display_name" + ], + "properties": { + "display_name": { + "type": "string", + "title": "Relying Party Display Name", + "description": "An name to help the user identify this RP.", + "examples": [ + "Ory Foundation" + ] + }, + "id": { + "type": "string", + "title": "Relying Party Identifier", + "description": "The id must be a subset of the domain currently in the browser.", + "examples": [ + "ory.sh" + ] + }, + "origin": { + "type": "string", + "title": "Relying Party Origin", + "description": "An explicit RP origin. If left empty, this defaults to `id`.", + "format": "uri", + "examples": [ + "https://www.ory.sh/login" + ] + }, + "icon": { + "type": "string", + "title": "Relying Party Icon", + "description": "An icon to help the user identify this RP.", + "format": "uri", + "examples": [ + "https://www.ory.sh/an-icon.png" + ] + } + }, + "type": "object" + } + }, + "additionalProperties": false + } + }, + "if": { + "properties": { + "enabled": { + "const": true + } + }, + "required": [ + "enabled" + ] + }, + "then": { + "required": [ + "config" + ] + } + }, + "oidc": { + "type": "object", + "title": "Specify OpenID Connect and OAuth2 Configuration", + "showEnvVarBlockForObject": true, + "additionalProperties": false, + "properties": { + "enabled": { + "type": "boolean", + "title": "Enables OpenID Connect Method", + "default": false + }, + "config": { + "type": "object", + "additionalProperties": false, + "properties": { + "base_redirect_uri": { + "type": "string", + "title": "Base URL for OAuth2 Redirect URIs", + "description": "Can be used to modify the base URL for OAuth2 Redirect URLs. If unset, the Public Base URL will be used.", + "format": "uri", + "examples": [ + "https://auth.myexample.org/" + ] + }, + "providers": { + "title": "OpenID Connect and OAuth2 Providers", + "description": "A list and configuration of OAuth2 and OpenID Connect providers Ory Kratos should integrate with.", + "type": "array", + "items": { + "$ref": "#/definitions/selfServiceOIDCProvider" + } + } + } + } + } + } + } + } + } + }, + "dsn": { + "type": "string", + "title": "Data Source Name", + "description": "DSN is used to specify the database credentials as a connection URI.", + "examples": [ + "postgres://user: password@postgresd:5432/database?sslmode=disable&max_conns=20&max_idle_conns=4", + "mysql://user:secret@tcp(mysqld:3306)/database?max_conns=20&max_idle_conns=4", + "cockroach://user@cockroachdb:26257/database?sslmode=disable&max_conns=20&max_idle_conns=4", + "sqlite:///var/lib/sqlite/db.sqlite?_fk=true&mode=rwc" + ] + }, + "courier": { + "type": "object", + "title": "Courier configuration", + "description": "The courier is responsible for sending and delivering messages over email, sms, and other means.", + "properties": { + "templates": { + "additionalProperties": false, + "type": "object", + "properties": { + "recovery": { + "$ref": "#/definitions/courierTemplates" + }, + "verification": { + "$ref": "#/definitions/courierTemplates" + } + } + }, + "template_override_path": { + "type": "string", + "title": "Override message templates", + "description": "You can override certain or all message templates by pointing this key to the path where the templates are located.", + "examples": [ + "/conf/courier-templates" + ] + }, + "message_ttl": { + "description": "Defines a Time-To-Live for courier messages that could not be delivered. After the defined TTL has expired for a message that message is abandoned.", + "type": "string", + "pattern": "^([0-9]+(ns|us|ms|s|m|h))+$", + "default": "1h", + "examples": [ + "1h", + "1m", + "1s" + ] + }, + "smtp": { + "title": "SMTP Configuration", + "description": "Configures outgoing emails using the SMTP protocol.", + "type": "object", + "properties": { + "connection_uri": { + "title": "SMTP connection string", + "description": "This URI will be used to connect to the SMTP server. Use the scheme smtps for implicit TLS sessions or smtp for explicit StartTLS/cleartext sessions. Please note that TLS is always enforced with certificate trust verification by default for security reasons on both schemes. With the smtp scheme you can use the query parameter (`?disable_starttls=true`) to allow cleartext sessions or (`?disable_starttls=false`) to enforce StartTLS (default behaviour). Additionally, use the query parameter to allow (`?skip_ssl_verify=true`) or disallow (`?skip_ssl_verify=false`) self-signed TLS certificates (default behaviour) on both implicit and explicit TLS sessions.", + "examples": [ + "smtps://foo:bar@my-mailserver:1234/?skip_ssl_verify=false", + "smtp://foo:bar@my-mailserver:1234/?disable_starttls=true (NOT RECOMMENDED: Cleartext smtp for devel and legacy infrastructure only)", + "smtp://foo:bar@my-mailserver:1234/ (Explicit StartTLS with certificate trust verification)", + "smtp://foo:bar@my-mailserver:1234/?skip_ssl_verify=true (NOT RECOMMENDED: Explicit StartTLS without certificate trust verification)", + "smtps://foo:bar@my-mailserver:1234/ (Implicit TLS with certificate trust verification)", + "smtps://foo:bar@my-mailserver:1234/?skip_ssl_verify=true (NOT RECOMMENDED: Implicit TLS without certificate trust verification)" + ], + "type": "string", + "pattern": "^smtps?:\\/\\/.*" + }, + "from_address": { + "title": "SMTP Sender Address", + "description": "The recipient of an email will see this as the sender address.", + "type": "string", + "format": "email", + "default": "no-reply@ory.kratos.sh" + }, + "from_name": { + "title": "SMTP Sender Name", + "description": "The recipient of an email will see this as the sender name.", + "type": "string", + "examples": [ + "Bob" + ] + }, + "headers": { + "title": "SMTP Headers", + "description": "These headers will be passed in the SMTP conversation -- e.g. when using the AWS SES SMTP interface for cross-account sending.", + "type": "object", + "examples": [ + { + "X-SES-SOURCE-ARN": "arn:aws:ses:us-west-2:123456789012:identity/example.com", + "X-SES-FROM-ARN": "arn:aws:ses:us-west-2:123456789012:identity/example.com", + "X-SES-RETURN-PATH-ARN": "arn:aws:ses:us-west-2:123456789012:identity/example.com" + } + ] + } + }, + "required": [ + "connection_uri" + ], + "additionalProperties": false + }, + "sms": { + "title": "SMS sender configuration", + "description": "Configures outgoing sms messages using HTTP protocol with generic SMS provider", + "type": "object", + "properties": { + "enabled": { + "description": "Determines if SMS functionality is enabled", + "type": "boolean", + "default": false + }, + "from": { + "title": "SMS Sender Address", + "description": "The recipient of a sms will see this as the sender address.", + "type": "string", + "default": "Ory Kratos" + }, + "request_config": { + "type": "object", + "properties": { + "url": { + "title": "HTTP address of API endpoint", + "description": "This URL will be used to connect to the SMS provider.", + "examples": [ + "https://api.twillio.com/sms/send" + ], + "type": "string", + "pattern": "^https?:\\/\\/.*" + }, + "method": { + "type": "string", + "description": "The HTTP method to use (GET, POST, etc)." + }, + "header": { + "type": "object", + "description": "The HTTP headers that must be applied to request", + "additionalProperties": { + "type": "string" + } + }, + "body": { + "type": "string", + "format": "uri", + "pattern": "^(http|https|file|base64)://", + "description": "URI pointing to the jsonnet template used for payload generation. Only used for those HTTP methods, which support HTTP body payloads", + "examples": [ + "file:///path/to/body.jsonnet", + "file://./body.jsonnet", + "base64://ZnVuY3Rpb24oY3R4KSB7CiAgaWRlbnRpdHlfaWQ6IGlmIGN0eFsiaWRlbnRpdHkiXSAhPSBudWxsIHRoZW4gY3R4LmlkZW50aXR5LmlkLAp9=", + "https://oryapis.com/default_body.jsonnet" + ] + }, + "auth": { + "type": "object", + "title": "Auth mechanisms", + "description": "Define which auth mechanism to use for auth with the SMS provider", + "oneOf": [ + { + "$ref": "#/definitions/webHookAuthApiKeyProperties" + }, + { + "$ref": "#/definitions/webHookAuthBasicAuthProperties" + } + ] + }, + "additionalProperties": false + }, + "required": [ + "url", + "method" + ], + "additionalProperties": false + } + }, + "additionalProperties": false + } + }, + "required": [ + "smtp" + ], + "additionalProperties": false + }, + "serve": { + "type": "object", + "properties": { + "admin": { + "type": "object", + "properties": { + "request_log": { + "type": "object", + "properties": { + "disable_for_health": { + "title": "Disable health endpoints request logging", + "description": "Disable request logging for /health/alive and /health/ready endpoints", + "type": "boolean", + "default": false + } + }, + "additionalProperties": false + }, + "base_url": { + "title": "Admin Base URL", + "description": "The URL where the admin endpoint is exposed at.", + "type": "string", + "format": "uri", + "examples": [ + "https://kratos.private-network:4434/" + ] + }, + "host": { + "title": "Admin Host", + "description": "The host (interface) kratos' admin endpoint listens on.", + "type": "string", + "default": "0.0.0.0" + }, + "port": { + "title": "Admin Port", + "description": "The port kratos' admin endpoint listens on.", + "type": "integer", + "minimum": 1, + "maximum": 65535, + "examples": [ + 4434 + ], + "default": 4434 + }, + "socket": { + "$ref": "#/definitions/socket" + }, + "tls": { + "$ref": "#/definitions/tlsx" + } + }, + "additionalProperties": false + }, + "public": { + "type": "object", + "properties": { + "request_log": { + "type": "object", + "properties": { + "disable_for_health": { + "title": "Disable health endpoints request logging", + "description": "Disable request logging for /health/alive and /health/ready endpoints", + "type": "boolean", + "default": false + } + }, + "additionalProperties": false + }, + "cors": { + "type": "object", + "additionalProperties": false, + "description": "Configures Cross Origin Resource Sharing for public endpoints.", + "properties": { + "enabled": { + "type": "boolean", + "description": "Sets whether CORS is enabled.", + "default": false + }, + "allowed_origins": { + "type": "array", + "description": "A list of origins a cross-domain request can be executed from. If the special * value is present in the list, all origins will be allowed. An origin may contain a wildcard (*) to replace 0 or more characters (i.e.: http://*.domain.com). Only one wildcard can be used per origin.", + "items": { + "type": "string", + "minLength": 1, + "not": { + "type": "string", + "description": "does match all strings that contain two or more (*)", + "pattern": ".*\\*.*\\*.*" + }, + "anyOf": [ + { + "type": "string", + "format": "uri" + }, + { + "const": "*" + } + ] + }, + "uniqueItems": true, + "default": [ + "*" + ], + "examples": [ + [ + "https://example.com", + "https://*.example.com", + "https://*.foo.example.com" + ] + ] + }, + "allowed_methods": { + "type": "array", + "description": "A list of HTTP methods the user agent is allowed to use with cross-domain requests.", + "default": [ + "POST", + "GET", + "PUT", + "PATCH", + "DELETE" + ], + "items": { + "type": "string", + "enum": [ + "POST", + "GET", + "PUT", + "PATCH", + "DELETE", + "CONNECT", + "HEAD", + "OPTIONS", + "TRACE" + ] + } + }, + "allowed_headers": { + "type": "array", + "description": "A list of non simple headers the client is allowed to use with cross-domain requests.", + "default": [ + "Authorization", + "Content-Type", + "X-Session-Token" + ], + "items": { + "type": "string" + } + }, + "exposed_headers": { + "type": "array", + "description": "Sets which headers are safe to expose to the API of a CORS API specification.", + "default": [ + "Content-Type" + ], + "items": { + "type": "string" + } + }, + "allow_credentials": { + "type": "boolean", + "description": "Sets whether the request can include user credentials like cookies, HTTP authentication or client side SSL certificates.", + "default": true + }, + "options_passthrough": { + "type": "boolean", + "description": "TODO", + "default": false + }, + "max_age": { + "type": "integer", + "description": "Sets how long (in seconds) the results of a preflight request can be cached. If set to 0, every request is preceded by a preflight request.", + "default": 0, + "minimum": 0 + }, + "debug": { + "type": "boolean", + "description": "Adds additional log output to debug server side CORS issues.", + "default": false + } + } + }, + "base_url": { + "$ref": "#/definitions/baseUrl" + }, + "host": { + "title": "Public Host", + "description": "The host (interface) kratos' public endpoint listens on.", + "type": "string", + "default": "0.0.0.0" + }, + "port": { + "title": "Public Port", + "description": "The port kratos' public endpoint listens on.", + "type": "integer", + "minimum": 1, + "maximum": 65535, + "examples": [ + 4433 + ], + "default": 4433 + }, + "socket": { + "$ref": "#/definitions/socket" + }, + "tls": { + "$ref": "#/definitions/tlsx" + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + }, + "tracing": { + "$ref": "https://raw.githubusercontent.com/ory/x/v0.0.370/otelx/config.schema.json" + }, + "log": { + "title": "Log", + "description": "Configure logging using the following options. Logging will always be sent to stdout and stderr.", + "type": "object", + "properties": { + "level": { + "description": "Debug enables stack traces on errors. Can also be set using environment variable LOG_LEVEL.", + "type": "string", + "default": "info", + "enum": [ + "trace", + "debug", + "info", + "warning", + "error", + "fatal", + "panic" + ] + }, + "leak_sensitive_values": { + "type": "boolean", + "title": "Leak Sensitive Log Values", + "description": "If set will leak sensitive values (e.g. emails) in the logs." + }, + "redaction_text": { + "type": "string", + "title": "Sensitive log value redaction text", + "description": "Text to use, when redacting sensitive log value." + }, + "format": { + "description": "The log format can either be text or JSON.", + "type": "string", + "enum": [ + "json", + "text" + ] + } + }, + "additionalProperties": false + }, + "identity": { + "type": "object", + "properties": { + "default_schema_id": { + "title": "The default Identity Schema", + "description": "This Identity Schema will be used as the default for self-service flows. Its ID needs to exist in the \"schemas\" list.", + "type": "string", + "default": "default" + }, + "schemas": { + "type": "array", + "title": "All JSON Schemas for Identity Traits", + "examples": [ + [ + { + "id": "customer", + "url": "base64://ewogICIkc2NoZW1hIjogImh0dHA6Ly9qc29uLXNjaGVtYS5vcmcvZHJhZnQtMDcvc2NoZW1hIyIsCiAgInR5cGUiOiAib2JqZWN0IiwKICAicHJvcGVydGllcyI6IHsKICAgICJiYXIiOiB7CiAgICAgICJ0eXBlIjogInN0cmluZyIKICAgIH0KICB9LAogICJyZXF1aXJlZCI6IFsKICAgICJiYXIiCiAgXQp9" + }, + { + "id": "employee", + "url": "https://foo.bar.com/path/to/employee.traits.schema.json" + }, + { + "id": "employee-v2", + "url": "file://path/to/employee.v2.traits.schema.json" + } + ] + ], + "minItems": 1, + "items": { + "type": "object", + "properties": { + "id": { + "title": "The schema's ID.", + "type": "string", + "examples": [ + "employee" + ] + }, + "url": { + "type": "string", + "title": "JSON Schema URL for identity traits schema", + "description": "URL for JSON Schema which describes a identity's traits. Can be a file path, a https URL, or a base64 encoded string.", + "format": "uri", + "examples": [ + "file://path/to/identity.traits.schema.json", + "https://foo.bar.com/path/to/identity.traits.schema.json", + "base64://ewogICIkc2NoZW1hIjogImh0dHA6Ly9qc29uLXNjaGVtYS5vcmcvZHJhZnQtMDcvc2NoZW1hIyIsCiAgInR5cGUiOiAib2JqZWN0IiwKICAicHJvcGVydGllcyI6IHsKICAgICJiYXIiOiB7CiAgICAgICJ0eXBlIjogInN0cmluZyIKICAgIH0KICB9LAogICJyZXF1aXJlZCI6IFsKICAgICJiYXIiCiAgXQp9" + ] + } + }, + "required": [ + "id", + "url" + ] + } + } + }, + "required": [ + "schemas" + ], + "additionalProperties": false + }, + "secrets": { + "type": "object", + "properties": { + "default": { + "type": "array", + "title": "Default Encryption Signing Secrets", + "description": "The first secret in the array is used for signing and encrypting things while all other keys are used to verify and decrypt older things that were signed with that old secret.", + "items": { + "type": "string", + "minLength": 16 + }, + "uniqueItems": true + }, + "cookie": { + "type": "array", + "title": "Signing Keys for Cookies", + "description": "The first secret in the array is used for encrypting cookies while all other keys are used to decrypt older cookies that were signed with that old secret.", + "items": { + "type": "string", + "minLength": 16 + }, + "uniqueItems": true + }, + "cipher": { + "type": "array", + "title": "Secrets to use for encryption by cipher", + "description": "The first secret in the array is used for encryption data while all other keys are used to decrypt older data that were signed with.", + "items": { + "type": "string", + "minLength": 32, + "maxLength": 32 + }, + "minItems": 1 + } + }, + "additionalProperties": false + }, + "hashers": { + "title": "Hashing Algorithm Configuration", + "type": "object", + "properties": { + "algorithm": { + "title": "Password hashing algorithm", + "description": "One of the values: argon2, bcrypt.\nAny other hashes will be migrated to the set algorithm once an identity authenticates using their password.", + "type": "string", + "default": "bcrypt", + "enum": [ + "argon2", + "bcrypt" + ] + }, + "argon2": { + "title": "Configuration for the Argon2id hasher.", + "type": "object", + "properties": { + "memory": { + "type": "string", + "pattern": "^[0-9]+(B|KB|MB|GB|TB|PB|EB)", + "default": "128MB" + }, + "iterations": { + "type": "integer", + "minimum": 1, + "default": 1 + }, + "parallelism": { + "type": "integer", + "minimum": 1, + "description": "Number of parallel workers, defaults to 2*runtime.NumCPU()." + }, + "salt_length": { + "type": "integer", + "minimum": 16, + "default": 16 + }, + "key_length": { + "type": "integer", + "minimum": 16, + "default": 32 + }, + "expected_duration": { + "description": "The time a hashing operation (~login latency) should take.", + "type": "string", + "pattern": "^([0-9]+(ns|us|ms|s|m|h))+$", + "default": "500ms" + }, + "expected_deviation": { + "description": "The standard deviation expected for hashing operations. If this value is exceeded you will be warned in the logs to adjust the parameters.", + "type": "string", + "pattern": "^([0-9]+(ns|us|ms|s|m|h))+$", + "default": "500ms" + }, + "dedicated_memory": { + "description": "The memory dedicated for Kratos. As password hashing is very resource intense, Kratos will monitor the memory consumption and warn about high values.", + "type": "string", + "pattern": "^[0-9]+(B|KB|MB|GB|TB|PB|EB)", + "default": "1GB" + } + }, + "additionalProperties": false + }, + "bcrypt": { + "title": "Configuration for the Bcrypt hasher. Minimum is 4 when --dev flag is used and 12 otherwise.", + "type": "object", + "additionalProperties": false, + "required": [ + "cost" + ], + "properties": { + "cost": { + "type": "integer", + "minimum": 4, + "maximum": 31, + "default": 12 + } + } + } + }, + "additionalProperties": false + }, + "ciphers": { + "title": "Cipher Algorithm Configuration", + "type": "object", + "properties": { + "algorithm": { + "title": "ciphering algorithm", + "description": "One of the values: noop, aes, xchacha20-poly1305", + "type": "string", + "default": "noop", + "enum": [ + "noop", + "aes", + "xchacha20-poly1305" + ] + } + } + }, + "cookies": { + "type": "object", + "title": "HTTP Cookie Configuration", + "description": "Configure the HTTP Cookies. Applies to both CSRF and session cookies.", + "properties": { + "domain": { + "title": "HTTP Cookie Domain", + "description": "Sets the cookie domain for session and CSRF cookies. Useful when dealing with subdomains. Use with care!", + "type": "string" + }, + "path": { + "title": "HTTP Cookie Path", + "description": "Sets the session and CSRF cookie path. Use with care!", + "type": "string", + "default": "/" + }, + "same_site": { + "title": "HTTP Cookie Same Site Configuration", + "description": "Sets the session and CSRF cookie SameSite.", + "type": "string", + "enum": [ + "Strict", + "Lax", + "None" + ], + "default": "Lax" + } + }, + "additionalProperties": false + }, + "session": { + "type": "object", + "additionalProperties": false, + "properties": { + "whoami": { + "title": "WhoAmI / ToSession Settings", + "description": "Control how the `/sessions/whoami` endpoint is behaving.", + "type": "object", + "properties": { + "required_aal": { + "$ref": "#/definitions/featureRequiredAal" + } + }, + "additionalProperties": false + }, + "lifespan": { + "title": "Session Lifespan", + "description": "Defines how long a session is active. Once that lifespan has been reached, the user needs to sign in again.", + "type": "string", + "pattern": "^([0-9]+(ns|us|ms|s|m|h))+$", + "default": "24h", + "examples": [ + "1h", + "1m", + "1s" + ] + }, + "cookie": { + "type": "object", + "properties": { + "domain": { + "title": "Session Cookie Domain", + "description": "Sets the session cookie domain. Useful when dealing with subdomains. Use with care! Overrides `cookies.domain`.", + "type": "string" + }, + "name": { + "title": "Session Cookie Name", + "description": "Sets the session cookie name. Use with care!", + "type": "string", + "default": "ory_kratos_session" + }, + "persistent": { + "title": "Make Session Cookie Persistent", + "description": "If set to true will persist the cookie in the end-user's browser using the `max-age` parameter which is set to the `session.lifespan` value. Persistent cookies are not deleted when the browser is closed (e.g. on reboot or alt+f4).", + "type": "boolean", + "default": true + }, + "path": { + "title": "Session Cookie Path", + "description": "Sets the session cookie path. Use with care! Overrides `cookies.path`.", + "type": "string" + }, + "same_site": { + "title": "Session Cookie SameSite Configuration", + "description": "Sets the session cookie SameSite. Overrides `cookies.same_site`.", + "type": "string", + "enum": [ + "Strict", + "Lax", + "None" + ] + } + }, + "additionalProperties": false + }, + "earliest_possible_extend": { + "title": "Earliest Possible Session Extension", + "description": "Sets when a session can be extended. Settings this value to `24h` will prevent the session from being extended before until 24 hours before it expires. This setting prevents excessive writes to the database. We highly recommend setting this value.", + "type": "string", + "pattern": "^([0-9]+(ns|us|ms|s|m|h))+$", + "default": "24h", + "examples": [ + "1h", + "1m", + "1s" + ] + } + } + }, + "version": { + "title": "The kratos version this config is written for.", + "description": "SemVer according to https://semver.org/ prefixed with `v` as in our releases.", + "type": "string", + "pattern": "^(v(0|[1-9]\\d*)\\.(0|[1-9]\\d*)\\.(0|[1-9]\\d*)(?:-((?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\\.(?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\\+([0-9a-zA-Z-]+(?:\\.[0-9a-zA-Z-]+)*))?)|$", + "examples": [ + "v0.5.0-alpha.1" + ] + }, + "dev": { + "type": "boolean" + }, + "help": { + "type": "boolean" + }, + "sqa-opt-out": { + "type": "boolean", + "default": false, + "description": "This is a CLI flag and environment variable and can not be set using the config file." + }, + "watch-courier": { + "type": "boolean", + "default": false, + "description": "This is a CLI flag and environment variable and can not be set using the config file." + }, + "expose-metrics-port": { + "title": "Metrics port", + "description": "The port the courier's metrics endpoint listens on (0/disabled by default). This is a CLI flag and environment variable and can not be set using the config file.", + "type": "integer", + "minimum": 0, + "maximum": 65535, + "examples": [ + 4434 + ], + "default": 0 + }, + "config": { + "type": "array", + "items": { + "type": "string" + }, + "description": "This is a CLI flag and environment variable and can not be set using the config file." + }, + "clients": { + "title": "Global outgoing network settings", + "description": "Configure how outgoing network calls behave.", + "type": "object", + "properties": { + "http": { + "title": "Global HTTP client configuration", + "description": "Configure how outgoing HTTP calls behave.", + "type": "object", + "properties": { + "disallow_private_ip_ranges": { + "title": "Disallow private IP ranges", + "description": "Disallow all outgoing HTTP calls to private IP ranges. This feature can help protect against SSRF attacks.", + "type": "boolean", + "default": false + } + } + } + } + } + }, + "allOf": [ + { + "if": { + "properties": { + "selfservice": { + "properties": { + "flows": { + "oneOf": [ + { + "properties": { + "verification": { + "properties": { + "enabled": { + "const": true + } + }, + "required": [ + "enabled" + ] + } + }, + "required": [ + "verification" + ] + }, + { + "properties": { + "recovery": { + "properties": { + "enabled": { + "const": true + } + }, + "required": [ + "enabled" + ] + } + }, + "required": [ + "recovery" + ] + } + ] + } + }, + "required": [ + "flows" + ] + } + }, + "required": [ + "selfservice" + ] + }, + "then": { + "required": [ + "courier" + ] + } + }, + { + "if": { + "properties": { + "ciphers": { + "properties": { + "algorithm": { + "oneOf": [ + { + "const": "aes" + }, + { + "const": "xchacha20-poly1305" + } + ] + } + }, + "required": [ + "algorithm" + ] + } + }, + "required": [ + "ciphers" + ] + }, + "then": { + "required": [ + "secrets" + ], + "properties": { + "secrets": { + "required": [ + "cipher" + ] + } + } + } + } + ], + "required": [ + "identity", + "dsn", + "selfservice" + ], + "additionalProperties": false +} diff --git a/cmd/courier/watch.go b/cmd/courier/watch.go index 2776e44b7b34..852d4778eb5e 100644 --- a/cmd/courier/watch.go +++ b/cmd/courier/watch.go @@ -11,6 +11,7 @@ import ( "github.com/ory/kratos/driver" "github.com/ory/kratos/x" "github.com/ory/x/configx" + "github.com/ory/x/otelx" "github.com/ory/x/reqlog" ) @@ -47,15 +48,16 @@ func ServeMetrics(ctx cx.Context, r driver.Registry) { n.Use(reqlog.NewMiddlewareFromLogger(l, "admin#"+c.SelfPublicURL().String())) n.Use(r.PrometheusManager()) + n.UseHandler(router) + + var handler http.Handler = n if tracer := r.Tracer(ctx); tracer.IsLoaded() { - n.Use(tracer) + handler = otelx.NewHandler(n, "cmd.courier.ServeMetrics") } - n.UseHandler(router) - server := graceful.WithDefaults(&http.Server{ Addr: c.MetricsListenOn(), - Handler: n, + Handler: handler, }) l.Printf("Starting the metrics httpd on: %s", server.Addr) diff --git a/cmd/daemon/serve.go b/cmd/daemon/serve.go index 888de92341a5..ec39f82361c2 100644 --- a/cmd/daemon/serve.go +++ b/cmd/daemon/serve.go @@ -9,6 +9,7 @@ import ( "github.com/ory/kratos/selfservice/flow/recovery" + "github.com/ory/x/otelx" "github.com/ory/x/reqlog" "github.com/ory/kratos/cmd/courier" @@ -94,9 +95,7 @@ func ServePublic(r driver.Registry, wg *sync.WaitGroup, cmd *cobra.Command, args n.Use(publicLogger) n.Use(x.HTTPLoaderContextMiddleware(r)) n.Use(sqa(ctx, cmd, r)) - if tracer := r.Tracer(ctx); tracer.IsLoaded() { - n.Use(tracer) - } + n.Use(r.PrometheusManager()) router := x.NewRouterPublic() @@ -122,6 +121,11 @@ func ServePublic(r driver.Registry, wg *sync.WaitGroup, cmd *cobra.Command, args } certs := c.GetTSLCertificatesForPublic() + + if tracer := r.Tracer(ctx); tracer.IsLoaded() { + handler = otelx.NewHandler(n, "cmd.daemon.ServePublic") + } + server := graceful.WithDefaults(&http.Server{ Handler: handler, TLSConfig: &tls.Config{Certificates: certs, MinVersion: tls.VersionTLS12}, @@ -174,16 +178,19 @@ func ServeAdmin(r driver.Registry, wg *sync.WaitGroup, cmd *cobra.Command, args r.RegisterAdminRoutes(ctx, router) r.PrometheusManager().RegisterRouter(router.Router) + n.UseHandler(router) + certs := c.GetTSLCertificatesForAdmin() + + var handler http.Handler = n if tracer := r.Tracer(ctx); tracer.IsLoaded() { - n.Use(tracer) + handler = otelx.NewHandler(n, "cmd.daemon.ServeAdmin") } - n.UseHandler(router) - certs := c.GetTSLCertificatesForAdmin() server := graceful.WithDefaults(&http.Server{ - Handler: n, + Handler: handler, TLSConfig: &tls.Config{Certificates: certs, MinVersion: tls.VersionTLS12}, }) + addr := c.AdminListenOn() l.Printf("Starting the admin httpd on: %s", addr) diff --git a/driver/config/config.go b/driver/config/config.go index 51ce7d670838..667aa97dd7d2 100644 --- a/driver/config/config.go +++ b/driver/config/config.go @@ -17,6 +17,7 @@ import ( "github.com/ory/jsonschema/v3/httploader" "github.com/ory/x/httpx" + "github.com/ory/x/otelx" "golang.org/x/net/publicsuffix" @@ -49,7 +50,6 @@ import ( "github.com/ory/x/jsonx" "github.com/ory/x/logrusx" "github.com/ory/x/stringsx" - "github.com/ory/x/tracing" ) const ( @@ -1028,7 +1028,7 @@ func (p *Config) ParseURI(rawUrl string) (*url.URL, error) { return parsed, nil } -func (p *Config) Tracing() *tracing.Config { +func (p *Config) Tracing() *otelx.Config { return p.p.TracingConfig("Ory Kratos") } diff --git a/driver/registry.go b/driver/registry.go index 61baf7839fd6..d63c9c9c0002 100644 --- a/driver/registry.go +++ b/driver/registry.go @@ -3,8 +3,8 @@ package driver import ( "context" + "github.com/ory/x/otelx" prometheus "github.com/ory/x/prometheusx" - "github.com/ory/x/tracing" "github.com/gorilla/sessions" "github.com/pkg/errors" @@ -59,7 +59,7 @@ type Registry interface { RegisterPublicRoutes(ctx context.Context, public *x.RouterPublic) RegisterAdminRoutes(ctx context.Context, admin *x.RouterAdmin) PrometheusManager() *prometheus.MetricsManager - Tracer(context.Context) *tracing.Tracer + Tracer(context.Context) *otelx.Tracer config.Provider CourierConfig(ctx context.Context) config.CourierConfigs diff --git a/driver/registry_default.go b/driver/registry_default.go index c474d098f734..4fcea7adf980 100644 --- a/driver/registry_default.go +++ b/driver/registry_default.go @@ -11,6 +11,8 @@ import ( "github.com/hashicorp/go-retryablehttp" "github.com/ory/x/httpx" + "github.com/ory/x/otelx" + otelsql "github.com/ory/x/otelx/sql" "github.com/gobuffalo/pop/v6" @@ -23,7 +25,6 @@ import ( "github.com/ory/kratos/selfservice/strategy/totp" "github.com/luna-duclos/instrumentedsql" - "github.com/luna-duclos/instrumentedsql/opentracing" "github.com/ory/kratos/corp" @@ -49,8 +50,6 @@ import ( "github.com/ory/x/healthx" "github.com/ory/x/sqlcon" - "github.com/ory/x/tracing" - "github.com/ory/x/logrusx" "github.com/ory/kratos/courier" @@ -78,7 +77,7 @@ type RegistryDefault struct { injectedSelfserviceHooks map[string]func(config.SelfServiceHook) interface{} nosurf nosurf.Handler - trc *tracing.Tracer + trc *otelx.Tracer pmm *prometheus.MetricsManager writer herodot.Writer healthxHandler *healthx.Handler @@ -469,10 +468,10 @@ func (m *RegistryDefault) ContinuityCookieManager(ctx context.Context) sessions. return cs } -func (m *RegistryDefault) Tracer(ctx context.Context) *tracing.Tracer { +func (m *RegistryDefault) Tracer(ctx context.Context) *otelx.Tracer { if m.trc == nil { // Tracing is initialized only once so it can not be hot reloaded or context-aware. - t, err := tracing.New(m.l, m.Config(ctx).Tracing()) + t, err := otelx.New("Ory Kratos", m.l, m.Config(ctx).Tracing()) if err != nil { m.Logger().WithError(err).Fatalf("Unable to initialize Tracer.") } @@ -528,7 +527,7 @@ func (m *RegistryDefault) Init(ctx context.Context, opts ...RegistryOption) erro var opts []instrumentedsql.Opt if m.Tracer(ctx).IsLoaded() { opts = []instrumentedsql.Opt{ - instrumentedsql.WithTracer(opentracing.NewTracer(true)), + instrumentedsql.WithTracer(otelsql.NewTracer()), } } diff --git a/embedx/config.schema.json b/embedx/config.schema.json index 270936e4b932..ec7751da6328 100644 --- a/embedx/config.schema.json +++ b/embedx/config.schema.json @@ -1841,160 +1841,7 @@ "additionalProperties": false }, "tracing": { - "type": "object", - "additionalProperties": false, - "description": "Ory Kratos supports distributed tracing.", - "properties": { - "provider": { - "type": "string", - "description": "Set this to the tracing backend you wish to use. Supports Jaeger, Zipkin, DataDog, elastic-apm and instana. If omitted or empty, tracing will be disabled. Use environment variables to configure DataDog (see https://docs.datadoghq.com/tracing/setup/go/#configuration).", - "enum": [ - "jaeger", - "zipkin", - "datadog", - "elastic-apm", - "instana" - ], - "examples": [ - "jaeger" - ] - }, - "service_name": { - "type": "string", - "description": "Specifies the service name to use on the tracer.", - "examples": [ - "Ory Kratos" - ] - }, - "providers": { - "type": "object", - "additionalProperties": false, - "properties": { - "jaeger": { - "type": "object", - "additionalProperties": false, - "description": "Configures the jaeger tracing backend.", - "properties": { - "local_agent_address": { - "type": "string", - "description": "The address of the jaeger-agent where spans should be sent to.", - "oneOf": [ - { - "pattern": "^\\[(([0-9a-fA-F]{1,4}:){7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:)|fe80:(:[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|::(ffff(:0{1,4}){0,1}:){0,1}((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])|([0-9a-fA-F]{1,4}:){1,4}:((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9]))]:([0-9]*)$" - }, - { - "pattern": "^([0-9]{1,3}\\.){3}[0-9]{1,3}:([0-9]*)$" - }, - { - "format": "uri" - } - ], - "examples": [ - "127.0.0.1:6831" - ] - }, - "propagation": { - "type": "string", - "description": "The tracing header format", - "examples": [ - "jaeger" - ] - }, - "sampling": { - "type": "object", - "propertyNames": { - "enum": [ - "type", - "value", - "server_url" - ] - }, - "allOf": [ - { - "oneOf": [ - { - "properties": { - "type": { - "description": "The type of the sampler you want to use.", - "const": "const" - }, - "value": { - "type": "integer", - "description": "The value passed to the sampler type that has been configured.", - "minimum": 0, - "maximum": 1 - } - } - }, - { - "properties": { - "type": { - "description": "The type of the sampler you want to use.", - "const": "rateLimiting" - }, - "value": { - "type": "integer", - "description": "The value passed to the sampler type that has been configured.", - "minimum": 0 - } - } - }, - { - "properties": { - "type": { - "description": "The type of the sampler you want to use.", - "const": "probabilistic" - }, - "value": { - "type": "number", - "description": "The value passed to the sampler type that has been configured.", - "minimum": 0, - "maximum": 1 - } - } - } - ] - }, - { - "properties": { - "server_url": { - "type": "string", - "description": "The address of jaeger-agent's HTTP sampling server", - "format": "uri" - } - } - } - ], - "examples": [ - { - "type": "const", - "value": 1, - "server_url": "http://localhost:5778/sampling" - } - ] - } - } - }, - "zipkin": { - "type": "object", - "additionalProperties": false, - "description": "Configures the zipkin tracing backend.", - "properties": { - "server_url": { - "type": "string", - "description": "The address of Zipkin server where spans should be sent to.", - "format": "uri" - } - }, - "examples": [ - { - "server_url": "http://localhost:9411/api/v2/spans" - } - ] - } - } - } - } + "$ref": "ory://tracing-config" }, "log": { "title": "Log", diff --git a/embedx/embedx.go b/embedx/embedx.go index b780eeed3334..74bab20a93a4 100644 --- a/embedx/embedx.go +++ b/embedx/embedx.go @@ -6,6 +6,8 @@ import ( "github.com/pkg/errors" + "github.com/ory/x/otelx" + "github.com/tidwall/gjson" _ "embed" @@ -88,6 +90,10 @@ func AddSchemaResources(c interface { return err } + if err := otelx.AddConfigSchema(c); err != nil { + return err + } + return nil } diff --git a/go.mod b/go.mod index accb5e093cb9..8d7fa0588cd1 100644 --- a/go.mod +++ b/go.mod @@ -7,9 +7,10 @@ replace ( github.com/gorilla/sessions => github.com/ory/sessions v1.2.2-0.20220110165800-b09c17334dc2 github.com/jackc/pgconn => github.com/jackc/pgconn v1.10.1-0.20211002123621-290ee79d1e8d github.com/knadh/koanf => github.com/aeneasr/koanf v0.14.1-0.20211230115640-aa3902b3267a - github.com/luna-duclos/instrumentedsql => github.com/ory/instrumentedsql v1.2.0 - github.com/luna-duclos/instrumentedsql/opentracing => github.com/ory/instrumentedsql/opentracing v0.0.0-20210903114257-c8963b546c5c - github.com/mattn/go-sqlite3 => github.com/mattn/go-sqlite3 v1.14.12 + // github.com/luna-duclos/instrumentedsql => github.com/ory/instrumentedsql v1.2.0 + // github.com/luna-duclos/instrumentedsql/opentracing => github.com/ory/instrumentedsql/opentracing v0.0.0-20210903114257-c8963b546c5c + github.com/mattn/go-sqlite3 => github.com/mattn/go-sqlite3 v1.14.7-0.20210414154423-1157a4212dcb + github.com/oleiade/reflections => github.com/oleiade/reflections v1.0.1 // Use the internal httpclient which can be generated in this codebase but mark it as the // official SDK, allowing for the Ory CLI to consume Ory Kratos' CLI commands. @@ -34,7 +35,6 @@ require ( github.com/dgraph-io/ristretto v0.1.0 github.com/duo-labs/webauthn v0.0.0-20220330035159-03696f3d4499 github.com/fatih/color v1.13.0 - github.com/form3tech-oss/jwt-go v3.2.3+incompatible github.com/ghodss/yaml v1.0.0 github.com/go-errors/errors v1.0.1 github.com/go-openapi/strfmt v0.20.3 @@ -62,7 +62,6 @@ require ( github.com/julienschmidt/httprouter v1.3.0 github.com/knadh/koanf v1.4.0 github.com/luna-duclos/instrumentedsql v1.1.3 - github.com/luna-duclos/instrumentedsql/opentracing v0.0.0-20201103091713-40d03108b6f4 github.com/mattn/goveralls v0.0.7 github.com/mikefarah/yq/v4 v4.19.1 github.com/mohae/deepcopy v0.0.0-20170929034955-c48cc78d4826 @@ -77,19 +76,19 @@ require ( github.com/ory/kratos-client-go v0.6.3-alpha.1 github.com/ory/mail/v3 v3.0.0 github.com/ory/nosurf v1.2.7 - github.com/ory/x v0.0.358 + github.com/ory/x v0.0.375 github.com/phayes/freeport v0.0.0-20180830031419-95f893ade6f2 github.com/pkg/errors v0.9.1 github.com/pquerna/otp v1.3.0 github.com/rs/cors v1.8.0 github.com/sirupsen/logrus v1.8.1 github.com/slack-go/slack v0.7.4 - github.com/spf13/cobra v1.3.0 + github.com/spf13/cobra v1.4.0 github.com/spf13/pflag v1.0.5 github.com/sqs/goreturns v0.0.0-20181028201513-538ac6014518 - github.com/stretchr/testify v1.7.0 - github.com/tidwall/gjson v1.9.4 - github.com/tidwall/sjson v1.2.2 + github.com/stretchr/testify v1.7.1 + github.com/tidwall/gjson v1.14.0 + github.com/tidwall/sjson v1.2.4 github.com/urfave/negroni v1.0.0 github.com/zmb3/spotify/v2 v2.0.0 golang.org/x/crypto v0.0.0-20210921155107-089bfa567519 @@ -101,8 +100,7 @@ require ( require ( cloud.google.com/go v0.99.0 // indirect - github.com/Azure/go-ansiterm v0.0.0-20170929234023-d6e3b3328b78 // indirect - github.com/DataDog/datadog-go v4.0.0+incompatible // indirect + github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1 // indirect github.com/Masterminds/goutils v1.1.0 // indirect github.com/Masterminds/semver v1.5.0 // indirect github.com/Masterminds/semver/v3 v3.1.1 // indirect @@ -115,8 +113,7 @@ require ( github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751 // indirect github.com/alecthomas/units v0.0.0-20210208195552-ff826a37aa15 // indirect github.com/armon/go-metrics v0.3.10 // indirect - github.com/armon/go-radix v1.0.0 // indirect - github.com/asaskevich/govalidator v0.0.0-20200907205600-7a23bdc65eef // indirect + github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d // indirect github.com/aymerick/douceur v0.2.0 // indirect github.com/beorn7/perks v1.0.1 // indirect github.com/bgentry/speakeasy v0.1.0 // indirect @@ -130,7 +127,7 @@ require ( github.com/cncf/xds/go v0.0.0-20211130200136-a8f946100490 // indirect github.com/cockroachdb/cockroach-go/v2 v2.2.7 // indirect github.com/containerd/containerd v1.5.7 // indirect - github.com/containerd/continuity v0.1.0 // indirect + github.com/containerd/continuity v0.2.1 // indirect github.com/coreos/go-semver v0.3.0 // indirect github.com/coreos/go-systemd/v22 v22.3.2 // indirect github.com/cortesi/moddwatch v0.0.0-20210222043437-a6aaad86a36e // indirect @@ -142,34 +139,32 @@ require ( github.com/docker/go-connections v0.4.0 // indirect github.com/docker/go-units v0.4.0 // indirect github.com/dustin/go-humanize v1.0.0 // indirect - github.com/elastic/go-licenser v0.3.1 // indirect - github.com/elastic/go-sysinfo v1.1.1 // indirect - github.com/elastic/go-windows v1.0.0 // indirect github.com/elliotchance/orderedmap v1.4.0 // indirect github.com/envoyproxy/go-control-plane v0.10.1 // indirect github.com/envoyproxy/protoc-gen-validate v0.6.2 // indirect github.com/evanphx/json-patch v4.11.0+incompatible // indirect github.com/fatih/structs v1.1.0 // indirect - github.com/felixge/httpsnoop v1.0.1 // indirect + github.com/felixge/httpsnoop v1.0.2 // indirect + github.com/form3tech-oss/jwt-go v3.2.3+incompatible // indirect github.com/fsnotify/fsnotify v1.5.1 // indirect github.com/fullstorydev/grpcurl v1.8.1 // indirect github.com/fxamacker/cbor/v2 v2.4.0 // indirect - github.com/go-logr/logr v1.2.1 // indirect - github.com/go-logr/stdr v1.2.0 // indirect + github.com/go-logr/logr v1.2.3 // indirect + github.com/go-logr/stdr v1.2.2 // indirect github.com/go-openapi/analysis v0.19.16 // indirect - github.com/go-openapi/errors v0.20.0 // indirect + github.com/go-openapi/errors v0.20.1 // indirect github.com/go-openapi/inflect v0.19.0 // indirect github.com/go-openapi/jsonpointer v0.19.5 // indirect github.com/go-openapi/jsonreference v0.19.5 // indirect github.com/go-openapi/loads v0.20.1 // indirect github.com/go-openapi/runtime v0.20.0 // indirect github.com/go-openapi/spec v0.20.2 // indirect - github.com/go-openapi/swag v0.19.13 // indirect + github.com/go-openapi/swag v0.19.15 // indirect github.com/go-openapi/validate v0.20.1 // indirect github.com/go-playground/locales v0.13.0 // indirect github.com/go-playground/universal-translator v0.17.0 // indirect github.com/go-sql-driver/mysql v1.6.0 // indirect - github.com/go-stack/stack v1.8.0 // indirect + github.com/go-stack/stack v1.8.1 // indirect github.com/gobuffalo/envy v1.10.1 // indirect github.com/gobuffalo/flect v0.2.4 // indirect github.com/gobuffalo/github_flavored_markdown v1.1.1 // indirect @@ -181,7 +176,7 @@ require ( github.com/goccy/go-yaml v1.9.5 // indirect github.com/gofrs/flock v0.8.1 // indirect github.com/gogo/protobuf v1.3.2 // indirect - github.com/golang/glog v0.0.0-20210429001901-424d2337a529 // indirect + github.com/golang/glog v1.0.0 // indirect github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect github.com/golang/protobuf v1.5.2 // indirect github.com/google/btree v1.0.1 // indirect @@ -203,22 +198,19 @@ require ( github.com/hashicorp/serf v0.9.6 // indirect github.com/huandu/xstrings v1.2.0 // indirect github.com/inconshreveable/mousetrap v1.0.0 // indirect - github.com/instana/go-sensor v1.34.0 // indirect github.com/jackc/chunkreader/v2 v2.0.1 // indirect github.com/jackc/pgconn v1.10.1 // indirect github.com/jackc/pgio v1.0.0 // indirect github.com/jackc/pgpassfile v1.0.0 // indirect - github.com/jackc/pgproto3/v2 v2.1.1 // indirect + github.com/jackc/pgproto3/v2 v2.2.0 // indirect github.com/jackc/pgservicefile v0.0.0-20200714003250-2b9c44734f2b // indirect - github.com/jackc/pgtype v1.8.1 // indirect - github.com/jackc/pgx/v4 v4.13.0 // indirect + github.com/jackc/pgtype v1.9.0 // indirect + github.com/jackc/pgx/v4 v4.14.0 // indirect github.com/jandelgado/gcov2lcov v1.0.5 // indirect - github.com/jcchavezs/porto v0.1.0 // indirect github.com/jessevdk/go-flags v1.4.0 // indirect github.com/jhump/protoreflect v1.8.2 // indirect github.com/jinzhu/copier v0.3.5 // indirect github.com/jmoiron/sqlx v1.3.4 // indirect - github.com/joeshaw/multierror v0.0.0-20140124173710-69b34d4ec901 // indirect github.com/joho/godotenv v1.4.0 // indirect github.com/jonboulle/clockwork v0.2.2 // indirect github.com/josharian/intern v1.0.0 // indirect @@ -228,9 +220,8 @@ require ( github.com/kr/text v0.2.0 // indirect github.com/leodido/go-urn v1.2.0 // indirect github.com/lib/pq v1.10.4 // indirect - github.com/looplab/fsm v0.1.0 // indirect github.com/magiconair/properties v1.8.5 // indirect - github.com/mailru/easyjson v0.7.6 // indirect + github.com/mailru/easyjson v0.7.7 // indirect github.com/markbates/hmax v1.0.0 // indirect github.com/mattn/go-colorable v0.1.12 // indirect github.com/mattn/go-isatty v0.0.14 // indirect @@ -242,7 +233,7 @@ require ( github.com/mitchellh/go-homedir v1.1.0 // indirect github.com/mitchellh/mapstructure v1.4.3 // indirect github.com/mitchellh/reflectwalk v1.0.2 // indirect - github.com/moby/term v0.0.0-20201216013528-df9cb8a40635 // indirect + github.com/moby/term v0.0.0-20210619224110-3f7ff695adc6 // indirect github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect github.com/modern-go/reflect2 v1.0.2 // indirect github.com/nyaruka/phonenumbers v1.0.73 // indirect @@ -251,26 +242,20 @@ require ( github.com/opencontainers/go-digest v1.0.0 // indirect github.com/opencontainers/image-spec v1.0.2 // indirect github.com/opencontainers/runc v1.0.2 // indirect - github.com/opentracing-contrib/go-observer v0.0.0-20170622124052-a52f23424492 // indirect - github.com/opentracing/opentracing-go v1.2.0 // indirect - github.com/openzipkin-contrib/zipkin-go-opentracing v0.4.5 // indirect - github.com/openzipkin/zipkin-go v0.2.5 // indirect github.com/ory/viper v1.7.5 // indirect github.com/pborman/uuid v1.2.1 // indirect github.com/pelletier/go-toml v1.9.4 // indirect - github.com/philhofer/fwd v1.1.1 // indirect github.com/pkg/profile v1.6.0 // indirect github.com/pmezard/go-difflib v1.0.0 // indirect github.com/pquerna/cachecontrol v0.0.0-20200921180117-858c6e7e6b7e // indirect github.com/prometheus/client_golang v1.11.0 // indirect github.com/prometheus/client_model v0.2.0 // indirect github.com/prometheus/common v0.32.1 // indirect - github.com/prometheus/procfs v0.6.0 // indirect + github.com/prometheus/procfs v0.7.3 // indirect github.com/rivo/uniseg v0.2.0 // indirect github.com/rjeczalik/notify v0.0.0-20181126183243-629144ba06a1 // indirect github.com/rogpeppe/go-internal v1.8.0 // indirect github.com/russross/blackfriday/v2 v2.1.0 // indirect - github.com/santhosh-tekuri/jsonschema v1.2.4 // indirect github.com/seatgeek/logrus-gelf-formatter v0.0.0-20210414080842-5b05eb8ff761 // indirect github.com/segmentio/backo-go v0.0.0-20200129164019-23eae7c10bd3 // indirect github.com/sergi/go-diff v1.2.0 // indirect @@ -286,22 +271,15 @@ require ( github.com/tidwall/pretty v1.2.0 // indirect github.com/timtadh/data-structures v0.5.3 // indirect github.com/timtadh/lexmachine v0.2.2 // indirect - github.com/tinylib/msgp v1.1.2 // indirect github.com/tmc/grpc-websocket-proxy v0.0.0-20201229170055-e5319fda7802 // indirect github.com/toqueteos/webbrowser v1.2.0 // indirect - github.com/uber/jaeger-client-go v2.29.1+incompatible // indirect - github.com/uber/jaeger-lib v2.4.1+incompatible // indirect github.com/urfave/cli v1.22.5 // indirect github.com/x448/float16 v0.8.4 // indirect - github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f // indirect + github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb // indirect github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect github.com/xeipuuv/gojsonschema v1.2.0 // indirect github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2 // indirect github.com/xtgo/uuid v0.0.0-20140804021211-a0b114877d4c // indirect - go.elastic.co/apm v1.14.0 // indirect - go.elastic.co/apm/module/apmhttp v1.14.0 // indirect - go.elastic.co/apm/module/apmot v1.14.0 // indirect - go.elastic.co/fastjson v1.1.0 // indirect go.etcd.io/bbolt v1.3.5 // indirect go.etcd.io/etcd/api/v3 v3.5.1 // indirect go.etcd.io/etcd/client/pkg/v3 v3.5.1 // indirect @@ -313,31 +291,31 @@ require ( go.etcd.io/etcd/server/v3 v3.5.0-alpha.0 // indirect go.etcd.io/etcd/tests/v3 v3.5.0-alpha.0 // indirect go.etcd.io/etcd/v3 v3.5.0-alpha.0 // indirect - go.mongodb.org/mongo-driver v1.5.1 // indirect + go.mongodb.org/mongo-driver v1.7.3 // indirect go.opentelemetry.io/contrib/instrumentation/net/http/httptrace/otelhttptrace v0.25.0 // indirect - go.opentelemetry.io/otel v1.3.0 // indirect - go.opentelemetry.io/otel/bridge/opentracing v1.2.0 // indirect - go.opentelemetry.io/otel/exporters/otlp/internal/retry v1.3.0 // indirect - go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.3.0 // indirect - go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.3.0 // indirect - go.opentelemetry.io/otel/sdk v1.3.0 // indirect - go.opentelemetry.io/otel/trace v1.3.0 // indirect - go.opentelemetry.io/proto/otlp v0.11.0 // indirect - go.uber.org/atomic v1.7.0 // indirect + go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.29.0 // indirect + go.opentelemetry.io/contrib/propagators/b3 v1.4.0 // indirect + go.opentelemetry.io/contrib/propagators/jaeger v1.4.0 // indirect + go.opentelemetry.io/contrib/samplers/jaegerremote v0.0.0-20220314184135-32895002a444 // indirect + go.opentelemetry.io/otel v1.6.3 // indirect + go.opentelemetry.io/otel/exporters/jaeger v1.5.0 // indirect + go.opentelemetry.io/otel/internal/metric v0.27.0 // indirect + go.opentelemetry.io/otel/metric v0.27.0 // indirect + go.opentelemetry.io/otel/sdk v1.6.3 // indirect + go.opentelemetry.io/otel/trace v1.6.3 // indirect + go.uber.org/atomic v1.9.0 // indirect go.uber.org/multierr v1.7.0 // indirect go.uber.org/zap v1.17.0 // indirect - golang.org/x/lint v0.0.0-20210508222113-6edffad5e616 // indirect golang.org/x/mod v0.6.0-dev.0.20211013180041-c96bc1413d57 // indirect - golang.org/x/sys v0.0.0-20211205182925-97ca703d548d // indirect + golang.org/x/sys v0.0.0-20220227234510-4e6760a101f9 // indirect golang.org/x/term v0.0.0-20210927222741-03fcf44c2211 // indirect golang.org/x/text v0.3.7 // indirect - golang.org/x/time v0.0.0-20210220033141-f8bda1e9f3ba // indirect + golang.org/x/time v0.0.0-20211116232009-f0f3c7e86c11 // indirect golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 // indirect google.golang.org/appengine v1.6.7 // indirect google.golang.org/genproto v0.0.0-20211208223120-3a66f561d7aa // indirect - google.golang.org/grpc v1.43.0 // indirect - google.golang.org/protobuf v1.27.1 // indirect - gopkg.in/DataDog/dd-trace-go.v1 v1.33.0 // indirect + google.golang.org/grpc v1.45.0 // indirect + google.golang.org/protobuf v1.28.0 // indirect gopkg.in/alecthomas/kingpin.v2 v2.2.6 // indirect gopkg.in/alexcesaro/quotedprintable.v3 v3.0.0-20150716171945-2caba252f4dc // indirect gopkg.in/cheggaaa/pb.v1 v1.0.28 // indirect @@ -346,7 +324,6 @@ require ( gopkg.in/square/go-jose.v2 v2.6.0 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b // indirect - howett.net/plist v0.0.0-20181124034731-591f970eefbb // indirect mvdan.cc/sh/v3 v3.3.0-0.dev.0.20210224101809-fb5052e7a010 // indirect sigs.k8s.io/yaml v1.2.0 // indirect ) diff --git a/go.sum b/go.sum index 199ba4677abb..ac74b02dadd0 100644 --- a/go.sum +++ b/go.sum @@ -1,5 +1,6 @@ bazil.org/fuse v0.0.0-20160811212531-371fbbdaa898/go.mod h1:Xbm+BRKSBEpa4q4hTSxohYNQpsxXPbPry4JJWOB3LB8= bazil.org/fuse v0.0.0-20180421153158-65cc252bf669/go.mod h1:Xbm+BRKSBEpa4q4hTSxohYNQpsxXPbPry4JJWOB3LB8= +bazil.org/fuse v0.0.0-20200407214033-5883e5a4b512/go.mod h1:FbcW6z/2VytnFDhZfumh8Ss8zxHE6qpMP5sHTRe0EaM= bitbucket.org/creachadair/shell v0.0.6/go.mod h1:8Qqi/cYk7vPnsOePHroKXDJYmb5x7ENhtiFtfZq8K+M= bitbucket.org/liamstask/goose v0.0.0-20150115234039-8488cc47d90c/go.mod h1:hSVuE3qU7grINVSwrmzHfpg9k87ALBk+XaualNyUzI4= cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= @@ -31,7 +32,6 @@ cloud.google.com/go v0.90.0/go.mod h1:kRX0mNRHe0e2rC6oNakvwQqzyDmg57xJ+SZU1eT2aD cloud.google.com/go v0.93.3/go.mod h1:8utlLll2EF5XMAV15woO4lSbWQlk8rer9aLOfLh7+YI= cloud.google.com/go v0.94.1/go.mod h1:qAlAugsXlC+JWO+Bke5vCtc9ONxjQT3drlTTnAplMW4= cloud.google.com/go v0.97.0/go.mod h1:GF7l59pYBVlXQIBLx3a761cZ41F9bBH3JUlihCt2Udc= -cloud.google.com/go v0.98.0/go.mod h1:ua6Ush4NALrHk5QXDWnjvZHN93OuF0HfuEPq9I1X0cM= cloud.google.com/go v0.99.0 h1:y/cM2iqGgGi5D5DQZl6D9STN/3dR/Vx5Mp8s752oJTY= cloud.google.com/go v0.99.0/go.mod h1:w0Xx2nLzqWJPuozYQX+hFfCSI8WioryfRDzkoI/Y2ZA= cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o= @@ -43,7 +43,6 @@ cloud.google.com/go/bigquery v1.8.0/go.mod h1:J5hqkt3O0uAFnINi6JXValWIb1v0goeZM7 cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE= cloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1b3c64qFpCk= cloud.google.com/go/firestore v1.1.0/go.mod h1:ulACoGHTpvq5r8rxGJ4ddJZBZqakUQqClKRT5SZwBmk= -cloud.google.com/go/firestore v1.6.1/go.mod h1:asNXNOzBdyVQmEU+ggO8UPodTkEVFW5Qx+rwHnAz+EY= cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I= cloud.google.com/go/pubsub v1.1.0/go.mod h1:EwwdRX2sKPjnvnqCa270oGRyludottCI76h+R3AArQw= cloud.google.com/go/pubsub v1.2.0/go.mod h1:jhfEVHT8odbXTkndysNHCcx0awwzvfOlguIAii9o8iA= @@ -62,7 +61,6 @@ contrib.go.opencensus.io/exporter/stackdriver v0.13.5/go.mod h1:aXENhDJ1Y4lIg4EU contrib.go.opencensus.io/integrations/ocsql v0.1.4/go.mod h1:8DsSdjz3F+APR+0z0WkU1aRorQCFfRxvqjUUPMbF3fE= contrib.go.opencensus.io/resource v0.1.1/go.mod h1:F361eGI91LCmW1I/Saf+rX0+OFcigGlFvXwEGEnkRLA= dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU= -gioui.org v0.0.0-20210308172011-57750fc8a0a6/go.mod h1:RSH6KIUZ0p2xy5zHDxgAM4zumjgTw83q2ge/PI+yyw8= github.com/Azure/azure-amqp-common-go/v2 v2.1.0/go.mod h1:R8rea+gJRuJR6QxTir/XuEd+YuKoUiazDC/N96FiDEU= github.com/Azure/azure-pipeline-go v0.2.1/go.mod h1:UGSo8XybXnIGZ3epmeBw7Jdz+HiUVpqIlpz/HKHylF4= github.com/Azure/azure-sdk-for-go v16.2.1+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= @@ -70,8 +68,9 @@ github.com/Azure/azure-sdk-for-go v29.0.0+incompatible/go.mod h1:9XXNKU+eRnpl9mo github.com/Azure/azure-sdk-for-go v30.1.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= github.com/Azure/azure-service-bus-go v0.9.1/go.mod h1:yzBx6/BUGfjfeqbRZny9AQIbIe3AcV9WZbAdpkoXOa0= github.com/Azure/azure-storage-blob-go v0.8.0/go.mod h1:lPI3aLPpuLTeUwh1sViKXFxwl2B6teiRqI0deQUvsw0= -github.com/Azure/go-ansiterm v0.0.0-20170929234023-d6e3b3328b78 h1:w+iIsaOQNcT7OZ575w+acHgRric5iCyQh+xv+KJ4HB8= github.com/Azure/go-ansiterm v0.0.0-20170929234023-d6e3b3328b78/go.mod h1:LmzpDX56iTiv29bbRTIsUNlaFfuhWRQBWjQdVyAevI8= +github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1 h1:UQHMgLO+TxOElx5B5HZ4hJQsoJ/PvUvKRhJHDQXO8P8= +github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E= github.com/Azure/go-autorest v10.8.1+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24= github.com/Azure/go-autorest v12.0.0+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24= github.com/Azure/go-autorest v14.2.0+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24= @@ -86,13 +85,9 @@ github.com/Azure/go-autorest/tracing v0.6.0/go.mod h1:+vhtPC754Xsa23ID7GlGsrdKBp github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo= github.com/DataDog/datadog-go v3.2.0+incompatible/go.mod h1:LButxg5PwREeZtORoXG3tL4fMGNddJ+vMq1mwgfaqoQ= -github.com/DataDog/datadog-go v4.0.0+incompatible h1:Dq8Dr+4sV1gBO1sHDWdW+4G+PdsA+YSJOK925MxrrCY= -github.com/DataDog/datadog-go v4.0.0+incompatible/go.mod h1:LButxg5PwREeZtORoXG3tL4fMGNddJ+vMq1mwgfaqoQ= github.com/GeertJohan/go.incremental v1.0.0/go.mod h1:6fAjUhbVuX1KcMD3c8TEgVUqmo4seqhv0i0kdATSkM0= github.com/GeertJohan/go.rice v1.0.2/go.mod h1:af5vUNlDNkCjOZeSGFgIJxDje9qdjsO6hshx0gTmZt4= github.com/GoogleCloudPlatform/cloudsql-proxy v0.0.0-20191009163259-e802c2cb94ae/go.mod h1:mjwGPas4yKduTyubHvD1Atl9r1rUq8DfVy+gkVvZ+oo= -github.com/HdrHistogram/hdrhistogram-go v1.1.2 h1:5IcZpTvzydCQeHzK4Ef/D5rrSqwxob0t8PQPMybUNFM= -github.com/HdrHistogram/hdrhistogram-go v1.1.2/go.mod h1:yDgFjdqOqDEKOvasDdhWNXYg9BVp4O+o5f6V/ehm6Oo= github.com/Knetic/govaluate v3.0.1-0.20171022003610-9aa49832a739+incompatible/go.mod h1:r7JcOSlj0wfOMncg0iLm8Leh48TZaKVeNIfJntJ2wa0= github.com/Masterminds/goutils v1.1.0 h1:zukEsf/1JZwCMgHiK3GZftabmxiCw4apj3a28RPBiVg= github.com/Masterminds/goutils v1.1.0/go.mod h1:8cTjp+g8YejhMuvIA5y2vz3BpJxksy863GQaJW2MFNU= @@ -151,8 +146,6 @@ github.com/afex/hystrix-go v0.0.0-20180502004556-fa1af6a1f4f5/go.mod h1:SkGFH1ia github.com/agnivade/levenshtein v1.0.1/go.mod h1:CURSv5d9Uaml+FovSIICkLbAUZ9S4RqaHDIsdSBg7lM= github.com/ajg/form v0.0.0-20160822230020-523a5da1a92f h1:zvClvFQwU++UpIUBGC8YmDlfhUrweEy1R1Fj1gu5iIM= github.com/ajg/form v0.0.0-20160822230020-523a5da1a92f/go.mod h1:uL1WgH+h2mgNtvBq0339dVnzXdBETtL2LeUXaIv25UY= -github.com/ajstarks/svgo v0.0.0-20180226025133-644b8db467af/go.mod h1:K08gAheRH3/J6wwsYMMT4xOr94bZjxIelGM0+d/wbFw= -github.com/ajstarks/svgo v0.0.0-20210923152817-c3b6e2f0c527/go.mod h1:K08gAheRH3/J6wwsYMMT4xOr94bZjxIelGM0+d/wbFw= github.com/akavel/rsrc v0.8.0/go.mod h1:uLoCtb9J+EyAqh+26kdrTgmzRBFPGOolLWKpdxkKq+c= github.com/alcortesm/tgz v0.0.0-20161220082320-9c5fe88206d7/go.mod h1:6zEj6s6u/ghQa61ZWa/C2Aw3RkjiTBOix7dkqa1VLIs= github.com/alecthomas/kingpin v2.2.6+incompatible/go.mod h1:59OFYbFVLKQKq+mqrL6Rw5bR0c3ACQaawgXx0QYndlE= @@ -184,7 +177,6 @@ github.com/armon/go-metrics v0.0.0-20180917152333-f0300d1749da/go.mod h1:Q73ZrmV github.com/armon/go-metrics v0.3.10 h1:FR+drcQStOe+32sYyJYyZ7FIdgoGGBnwLl+flodp8Uo= github.com/armon/go-metrics v0.3.10/go.mod h1:4O98XIr/9W0sxpJ8UaYkvjk10Iff7SnFrb4QAOwNTFc= github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8= -github.com/armon/go-radix v1.0.0 h1:F4z6KzEeeQIMeLFa97iZU6vupzoecKdU5TX24SNppXI= github.com/armon/go-radix v1.0.0/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8= github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs= github.com/aryann/difflib v0.0.0-20170710044230-e206f873d14a/go.mod h1:DAHtR1m6lCRdSC2Tm3DSWRPvIPr6xNKyeHdqDQSQT+A= @@ -192,8 +184,9 @@ github.com/asaskevich/govalidator v0.0.0-20180720115003-f9ffefc3facf/go.mod h1:l github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a/go.mod h1:lB+ZfQJz7igIIfQNfa7Ml4HSf2uFQQRzpGGRXenZAgY= github.com/asaskevich/govalidator v0.0.0-20200108200545-475eaeb16496/go.mod h1:oGkLhpf+kjZl6xBf758TQhh5XrAeiJv/7FRz/2spLIg= github.com/asaskevich/govalidator v0.0.0-20200428143746-21a406dcc535/go.mod h1:oGkLhpf+kjZl6xBf758TQhh5XrAeiJv/7FRz/2spLIg= -github.com/asaskevich/govalidator v0.0.0-20200907205600-7a23bdc65eef h1:46PFijGLmAjMPwCCCo7Jf0W6f9slllCkkv7vyc1yOSg= github.com/asaskevich/govalidator v0.0.0-20200907205600-7a23bdc65eef/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw= +github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d h1:Byv0BzEl3/e6D5CLfI0j/7hiIEtvGVFPCZ7Ei2oq8iQ= +github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw= github.com/avast/retry-go/v3 v3.1.1 h1:49Scxf4v8PmiQ/nY0aY3p0hDueqSmc7++cBbtiDGu2g= github.com/avast/retry-go/v3 v3.1.1/go.mod h1:6cXRK369RpzFL3UQGqIUp9Q7GDrams+KsYWrfNA1/nQ= github.com/aws/aws-lambda-go v1.13.3/go.mod h1:4UKl9IzQMoD+QF79YdCuzCwp8VbmG4VAQwij/eHl5CU= @@ -236,10 +229,8 @@ github.com/blang/semver v3.1.0+incompatible/go.mod h1:kRBLl5iJ+tD4TcOOxsy/0fnweb github.com/blang/semver v3.5.1+incompatible/go.mod h1:kRBLl5iJ+tD4TcOOxsy/0fnwebNt5EWlYSAyrTnjyyk= github.com/bmatcuk/doublestar v1.3.4 h1:gPypJ5xD31uhX6Tf54sDPUOBXTqKH4c9aPY66CyQrS0= github.com/bmatcuk/doublestar v1.3.4/go.mod h1:wiQtGV+rzVYxB7WIlirSN++5HPtPlXEo9MEoZQC/PmE= -github.com/bmatcuk/doublestar/v2 v2.0.4/go.mod h1:QMmcs3H2AUQICWhfzLXz+IYln8lRQmTZRptLie8RgRw= github.com/bmizerany/assert v0.0.0-20160611221934-b7ed37b82869 h1:DDGfHa7BWjL4YnC6+E63dPcxHo2sUxDIu8g3QgEJdRY= github.com/bmizerany/assert v0.0.0-20160611221934-b7ed37b82869/go.mod h1:Ekp36dRnpXw/yCqJaO+ZrUyxD+3VXMFFr56k5XYrpB4= -github.com/boombuler/barcode v1.0.0/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl3JlRe0mD8= github.com/boombuler/barcode v1.0.1-0.20190219062509-6c824513bacc/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl3JlRe0mD8= github.com/boombuler/barcode v1.0.1 h1:NDBbPmhS+EqABEs5Kg3n/5ZNjy73Pz7SIV+KCeqyXcs= github.com/boombuler/barcode v1.0.1/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl3JlRe0mD8= @@ -355,8 +346,9 @@ github.com/containerd/continuity v0.0.0-20191127005431-f65d91d395eb/go.mod h1:GL github.com/containerd/continuity v0.0.0-20200710164510-efbc4488d8fe/go.mod h1:cECdGN1O8G9bgKTlLhuPJimka6Xb/Gg7vYzCTNVxhvo= github.com/containerd/continuity v0.0.0-20201208142359-180525291bb7/go.mod h1:kR3BEg7bDFaEddKm54WSmrol1fKWDU1nKYkgrcgZT7Y= github.com/containerd/continuity v0.0.0-20210208174643-50096c924a4e/go.mod h1:EXlVlkqNba9rJe3j7w3Xa924itAMLgZH4UD/Q4PExuQ= -github.com/containerd/continuity v0.1.0 h1:UFRRY5JemiAhPZrr/uE0n8fMTLcZsUvySPr1+D7pgr8= github.com/containerd/continuity v0.1.0/go.mod h1:ICJu0PwR54nI0yPEnJ6jcS+J7CZAUXrLh8lPo2knzsM= +github.com/containerd/continuity v0.2.1 h1:/EeEo2EtN3umhbbgCveyjifoMYg0pS+nMMEemaYw634= +github.com/containerd/continuity v0.2.1/go.mod h1:wCYX+dRqZdImhGucXOqTQn05AhX6EUDaGEMUzTFFpLg= github.com/containerd/fifo v0.0.0-20180307165137-3d5202aec260/go.mod h1:ODA38xgv3Kuk8dQz2ZQXpnv/UZZUHUCL7pnLehbXgQI= github.com/containerd/fifo v0.0.0-20190226154929-a9fb20d87448/go.mod h1:ODA38xgv3Kuk8dQz2ZQXpnv/UZZUHUCL7pnLehbXgQI= github.com/containerd/fifo v0.0.0-20200410184934-f15a3290365b/go.mod h1:jPQ2IAeZRCYxpS/Cm1495vGFww6ecHmMk1YJH2Q5ln0= @@ -494,12 +486,6 @@ github.com/eapache/go-resiliency v1.1.0/go.mod h1:kFI+JgMyC7bLPUVY133qvEBtVayf5m github.com/eapache/go-xerial-snappy v0.0.0-20180814174437-776d5712da21/go.mod h1:+020luEh2TKB4/GOp8oxxtq0Daoen/Cii55CzbTV6DU= github.com/eapache/queue v1.1.0/go.mod h1:6eCeP0CKFpHLu8blIFXhExK/dRa7WDZfr6jVFPTqq+I= github.com/edsrzf/mmap-go v1.0.0/go.mod h1:YO35OhQPt3KJa3ryjFM5Bs14WD66h8eGKpfaBNrHW5M= -github.com/elastic/go-licenser v0.3.1 h1:RmRukU/JUmts+rpexAw0Fvt2ly7VVu6mw8z4HrEzObU= -github.com/elastic/go-licenser v0.3.1/go.mod h1:D8eNQk70FOCVBl3smCGQt/lv7meBeQno2eI1S5apiHQ= -github.com/elastic/go-sysinfo v1.1.1 h1:ZVlaLDyhVkDfjwPGU55CQRCRolNpc7P0BbyhhQZQmMI= -github.com/elastic/go-sysinfo v1.1.1/go.mod h1:i1ZYdU10oLNfRzq4vq62BEwD2fH8KaWh6eh0ikPT9F0= -github.com/elastic/go-windows v1.0.0 h1:qLURgZFkkrYyTTkvYpsZIgf83AUsdIHfvlJaqaZ7aSY= -github.com/elastic/go-windows v1.0.0/go.mod h1:TsU0Nrp7/y3+VwE82FoZF8gC/XFg/Elz6CcloAxnPgU= github.com/elazarl/goproxy v0.0.0-20180725130230-947c36da3153/go.mod h1:/Zj4wYkgs4iZTTu3o/KG3Itv/qCCa8VVMlb3i9OVuzc= github.com/elliotchance/orderedmap v1.4.0 h1:wZtfeEONCbx6in1CZyE6bELEt/vFayMvsxqI5SgsR+A= github.com/elliotchance/orderedmap v1.4.0/go.mod h1:wsDwEaX5jEoyhbs7x93zk2H/qv0zwuhg4inXhDkYqys= @@ -533,11 +519,10 @@ github.com/fatih/color v1.13.0 h1:8LOYc1KYPPmyKMuN8QV2DNRWNbLo6LZ0iLs8+mlH53w= github.com/fatih/color v1.13.0/go.mod h1:kLAiJbzzSOZDVNGyDpeOxJ47H46qBXwg5ILebYFFOfk= github.com/fatih/structs v1.1.0 h1:Q7juDM0QtcnhCpeyLGQKyg4TOIghuNXrkL32pHAUMxo= github.com/fatih/structs v1.1.0/go.mod h1:9NiDSp5zOcgEDl+j00MP/WkGVPOlPRLejGD8Ga6PJ7M= -github.com/felixge/httpsnoop v1.0.1 h1:lvB5Jl89CsZtGIWuTcDM1E/vkVs49/Ml7JJe07l8SPQ= github.com/felixge/httpsnoop v1.0.1/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U= +github.com/felixge/httpsnoop v1.0.2 h1:+nS9g82KMXccJ/wp0zyRW9ZBHFETmMGtkk+2CTTrW4o= +github.com/felixge/httpsnoop v1.0.2/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U= github.com/flynn/go-shlex v0.0.0-20150515145356-3f9db97f8568/go.mod h1:xEzjJPgXI435gkrCt3MPfRiAkVrwSbHsst4LCFVfpJc= -github.com/fogleman/gg v1.2.1-0.20190220221249-0403632d5b90/go.mod h1:R/bRT+9gY/C5z7JzPU0zXsXHKM4/ayA+zqcVNZzPa1k= -github.com/fogleman/gg v1.3.0/go.mod h1:R/bRT+9gY/C5z7JzPU0zXsXHKM4/ayA+zqcVNZzPa1k= github.com/form3tech-oss/jwt-go v3.2.2+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k= github.com/form3tech-oss/jwt-go v3.2.3+incompatible h1:7ZaBxOI7TMoYBfyA3cQHErNNyAWIKUMIwqxEtgHOs5c= github.com/form3tech-oss/jwt-go v3.2.3+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k= @@ -567,14 +552,8 @@ github.com/gin-gonic/gin v1.5.0/go.mod h1:Nd6IXA8m5kNZdNEHMBd93KT+mdY3+bewLgRvmC github.com/gliderlabs/ssh v0.2.2/go.mod h1:U7qILu1NlMHj9FlMhZLlkCdDnU1DBEAqr0aevW3Awn0= github.com/globalsign/mgo v0.0.0-20180905125535-1ca0a4f7cbcb/go.mod h1:xkRDCp4j0OGD1HRkm4kmhM+pmpv3AKq5SU7GMg4oO/Q= github.com/globalsign/mgo v0.0.0-20181015135952-eeefdecb41b8/go.mod h1:xkRDCp4j0OGD1HRkm4kmhM+pmpv3AKq5SU7GMg4oO/Q= -github.com/go-bindata/go-bindata v3.1.2+incompatible/go.mod h1:xK8Dsgwmeed+BBsSy2XTopBn/8uK2HWuGSnA11C3Joo= github.com/go-errors/errors v1.0.1 h1:LUHzmkK3GUKUrL/1gfBUxAHzcev3apQlezX/+O7ma6w= github.com/go-errors/errors v1.0.1/go.mod h1:f4zRHt4oKfwPJE5k8C9vpYG+aDHdBFUsgrm6/TyX73Q= -github.com/go-fonts/dejavu v0.1.0/go.mod h1:4Wt4I4OU2Nq9asgDCteaAaWZOV24E+0/Pwo0gppep4g= -github.com/go-fonts/latin-modern v0.2.0/go.mod h1:rQVLdDMK+mK1xscDwsqM5J8U2jrRa3T0ecnM9pNujks= -github.com/go-fonts/liberation v0.1.1/go.mod h1:K6qoJYypsmfVjWg8KOVDQhLc8UDgIK2HYqyqAO9z7GY= -github.com/go-fonts/liberation v0.2.0/go.mod h1:K6qoJYypsmfVjWg8KOVDQhLc8UDgIK2HYqyqAO9z7GY= -github.com/go-fonts/stix v0.1.0/go.mod h1:w/c1f0ldAUlJmLBvlbkvVXLAD+tAMqobIIQpmnUIzUY= github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU= github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= @@ -583,19 +562,17 @@ github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2 github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= github.com/go-kit/kit v0.10.0/go.mod h1:xUsJbQ/Fp4kEt7AFgCuvyX4a71u8h9jB8tj/ORgOZ7o= github.com/go-kit/log v0.1.0/go.mod h1:zbhenjAZHb184qTLMA9ZjW7ThYL0H2mk7Q6pNt4vbaY= -github.com/go-latex/latex v0.0.0-20210118124228-b3d85cf34e07/go.mod h1:CO1AlKB2CSIqUrmQPqA0gdRIlnLEY0gK5JGjh37zN5U= -github.com/go-latex/latex v0.0.0-20210823091927-c0d11ff05a81/go.mod h1:SX0U8uGpxhq9o2S/CELCSUxEWWAuoCUcVCQWv7G2OCk= github.com/go-ldap/ldap v3.0.2+incompatible/go.mod h1:qfd9rJvER9Q0/D/Sqn1DfHRoBp40uXYvFoEVrNEPqRc= github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE= github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk= github.com/go-logfmt/logfmt v0.5.0/go.mod h1:wCYkCAKZfumFQihp8CzCvQ3paCTfi41vtzG1KdI/P7A= github.com/go-logr/logr v0.1.0/go.mod h1:ixOQHD9gLJUVQQ2ZOR7zLEifBX6tGkNJF4QyIY7sIas= github.com/go-logr/logr v0.2.0/go.mod h1:z6/tIYblkpsD+a4lm/fGIIU9mZ+XfAiaFtq7xTgseGU= -github.com/go-logr/logr v1.2.0/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= -github.com/go-logr/logr v1.2.1 h1:DX7uPQ4WgAWfoh+NGGlbJQswnYIVvz0SRlLS3rPZQDA= -github.com/go-logr/logr v1.2.1/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= -github.com/go-logr/stdr v1.2.0 h1:j4LrlVXgrbIWO83mmQUnK0Hi+YnbD+vzrE1z/EphbFE= -github.com/go-logr/stdr v1.2.0/go.mod h1:YkVgnZu1ZjjL7xTxrfm/LLZBfkhTqSR1ydtm6jTKKwI= +github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= +github.com/go-logr/logr v1.2.3 h1:2DntVwHkVopvECVRSlL5PSo9eG+cAkDCuckLubN+rq0= +github.com/go-logr/logr v1.2.3/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= +github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag= +github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE= github.com/go-openapi/analysis v0.0.0-20180825180245-b006789cd277/go.mod h1:k70tL6pCuVxPJOHXQ+wIac1FUrvNkHolPie/cLEU6hI= github.com/go-openapi/analysis v0.17.0/go.mod h1:IowGgpVeD0vNm45So8nr+IcQ3pxVtpRoBWb8PVZO0ik= github.com/go-openapi/analysis v0.18.0/go.mod h1:IowGgpVeD0vNm45So8nr+IcQ3pxVtpRoBWb8PVZO0ik= @@ -613,8 +590,8 @@ github.com/go-openapi/errors v0.19.6/go.mod h1:cM//ZKUKyO06HSwqAelJ5NsEMMcpa6VpX github.com/go-openapi/errors v0.19.7/go.mod h1:cM//ZKUKyO06HSwqAelJ5NsEMMcpa6VpXe8DOa1Mi1M= github.com/go-openapi/errors v0.19.8/go.mod h1:cM//ZKUKyO06HSwqAelJ5NsEMMcpa6VpXe8DOa1Mi1M= github.com/go-openapi/errors v0.19.9/go.mod h1:cM//ZKUKyO06HSwqAelJ5NsEMMcpa6VpXe8DOa1Mi1M= -github.com/go-openapi/errors v0.20.0 h1:Sxpo9PjEHDzhs3FbnGNonvDgWcMW2U7wGTcDDSFSceM= -github.com/go-openapi/errors v0.20.0/go.mod h1:cM//ZKUKyO06HSwqAelJ5NsEMMcpa6VpXe8DOa1Mi1M= +github.com/go-openapi/errors v0.20.1 h1:j23mMDtRxMwIobkpId7sWh7Ddcx4ivaoqUbfXx5P+a8= +github.com/go-openapi/errors v0.20.1/go.mod h1:cM//ZKUKyO06HSwqAelJ5NsEMMcpa6VpXe8DOa1Mi1M= github.com/go-openapi/inflect v0.19.0 h1:9jCH9scKIbHeV9m12SmPilScz6krDxKRasNNSNPXu/4= github.com/go-openapi/inflect v0.19.0/go.mod h1:lHpZVlpIQqLyKwJ4N+YSc9hchQy/i12fJykb83CRBH4= github.com/go-openapi/jsonpointer v0.17.0/go.mod h1:cOnomiV+CVVwFLk0A/MExoFMjwdsUdVpsRhURCKh+3M= @@ -678,8 +655,9 @@ github.com/go-openapi/swag v0.19.5/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh github.com/go-openapi/swag v0.19.7/go.mod h1:ao+8BpOPyKdpQz3AOJfbeEVpLmWAvlT1IfTe5McPyhY= github.com/go-openapi/swag v0.19.9/go.mod h1:ao+8BpOPyKdpQz3AOJfbeEVpLmWAvlT1IfTe5McPyhY= github.com/go-openapi/swag v0.19.12/go.mod h1:eFdyEBkTdoAf/9RXBvj4cr1nH7GD8Kzo5HTt47gr72M= -github.com/go-openapi/swag v0.19.13 h1:233UVgMy1DlmCYYfOiFpta6e2urloh+sEs5id6lyzog= github.com/go-openapi/swag v0.19.13/go.mod h1:QYRuS/SOXUCsnplDa677K7+DxSOj6IPNl/eQntq43wQ= +github.com/go-openapi/swag v0.19.15 h1:D2NRCBzS9/pEY3gP9Nl8aDqGUcPFrwG2p+CNFrLyrCM= +github.com/go-openapi/swag v0.19.15/go.mod h1:QYRuS/SOXUCsnplDa677K7+DxSOj6IPNl/eQntq43wQ= github.com/go-openapi/validate v0.18.0/go.mod h1:Uh4HdOzKt19xGIGm1qHf/ofbX1YQ4Y+MYsct2VUrAJ4= github.com/go-openapi/validate v0.19.2/go.mod h1:1tRCw7m3jtI8eNWEEliiAqUIcBztB2KDnRCRMUi7GTA= github.com/go-openapi/validate v0.19.3/go.mod h1:90Vh6jjkTn+OT1Eefm0ZixWNFjhtOH7vS9k0lo6zwJo= @@ -688,7 +666,6 @@ github.com/go-openapi/validate v0.19.12/go.mod h1:Rzou8hA/CBw8donlS6WNEUQupNvUZ0 github.com/go-openapi/validate v0.19.15/go.mod h1:tbn/fdOwYHgrhPBzidZfJC2MIVvs9GA7monOmWBbeCI= github.com/go-openapi/validate v0.20.1 h1:QGQ5CvK74E28t3DkegGweKR+auemUi5IdpMc4x3UW6s= github.com/go-openapi/validate v0.20.1/go.mod h1:b60iJT+xNNLfaQJUqLI7946tYiFEOuE9E4k54HpKcJ0= -github.com/go-pdf/fpdf v0.5.0/go.mod h1:HzcnA+A23uwogo0tp9yU+l3V+KXhiESpt1PMayhOh5M= github.com/go-playground/assert/v2 v2.0.1 h1:MsBgLAaY856+nPRTKrp3/OZK38U/wa0CcBYNjji3q3A= github.com/go-playground/assert/v2 v2.0.1/go.mod h1:VDjEfimB/XKnb+ZQfWdccd7VUvScMdVu0Titje2rxJ4= github.com/go-playground/locales v0.12.1/go.mod h1:IUMDtCfWo/w/mtMfIE/IG2K+Ey3ygWanZIBtBW0W2TM= @@ -705,8 +682,9 @@ github.com/go-sql-driver/mysql v1.4.1/go.mod h1:zAC/RDZ24gD3HViQzih4MyKcchzm+sOG github.com/go-sql-driver/mysql v1.5.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg= github.com/go-sql-driver/mysql v1.6.0 h1:BCTh4TKNUYmOmMUcQ3IipzF5prigylS7XXjEkfCHuOE= github.com/go-sql-driver/mysql v1.6.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg= -github.com/go-stack/stack v1.8.0 h1:5SgMzNM5HxrEjV0ww2lTmX6E2Izsfxas4+YHWRs3Lsk= github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY= +github.com/go-stack/stack v1.8.1 h1:ntEHSVwIt7PNXNpgPmVfMrNhLtgjlmnZha2kOpuRiDw= +github.com/go-stack/stack v1.8.1/go.mod h1:dcoOX6HbPZSZptuspn9bctJ+N/CnF5gGygcUP3XYfe4= github.com/go-swagger/go-swagger v0.26.1 h1:1XUWLnH6hKxHzeKjJfA2gHkSqcT1Zgi4q/PZp2hDdN8= github.com/go-swagger/go-swagger v0.26.1/go.mod h1:zlf/LHplZpdtU2mYXg9Ajd3+9TgHYltv5f/pEM6LjnI= github.com/go-swagger/scan-repo-boundary v0.0.0-20180623220736-973b3573c013 h1:l9rI6sNaZgNC0LnF3MiE+qTmyBA/tZAg1rtyrGbUMK0= @@ -747,7 +725,6 @@ github.com/gobuffalo/helpers v0.6.0/go.mod h1:pncVrer7x/KRvnL5aJABLAuT/RhKRR9klL github.com/gobuffalo/helpers v0.6.4 h1:N9is8xgaotJzGIge1GoLYiWRpKZPqnS9RSty72OhIn8= github.com/gobuffalo/helpers v0.6.4/go.mod h1:m2aOKsTl3KB0RUwwpxf3tykaaitujQ3irivqrlNAcJ0= github.com/gobuffalo/here v0.6.0 h1:hYrd0a6gDmWxBM4TnrGw8mQg24iSVoIkHEk7FodQcBI= -github.com/gobuffalo/here v0.6.0/go.mod h1:wAG085dHOYqUpf+Ap+WOdrPTp5IYcDAs/x7PLa8Y5fM= github.com/gobuffalo/httptest v1.0.2 h1:LWp2khlgA697h4BIYWW2aRxvB93jMnBrbakQ/r2KLzs= github.com/gobuffalo/httptest v1.0.2/go.mod h1:7T1IbSrg60ankme0aDLVnEY0h056g9M1/ZvpVThtB7E= github.com/gobuffalo/logger v0.0.0-20190315122211-86e12af44bc2/go.mod h1:QdxcLw541hSGtBnhUc4gaNIXRjiDppFGaDqzbrBd3v8= @@ -800,12 +777,12 @@ github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= github.com/golang-jwt/jwt/v4 v4.1.0 h1:XUgk2Ex5veyVFVeLm0xhusUTQybEbexJXrvPNOKkSY0= github.com/golang-jwt/jwt/v4 v4.1.0/go.mod h1:/xlHOz8bRuivTWchD4jCa+NbatV+wEUSzwAxVc6locg= -github.com/golang/freetype v0.0.0-20170609003504-e2365dfdc4a0/go.mod h1:E/TSTwGwJL78qG/PmXZO1EjYhfJinVAhrmmHX6Z8B9k= github.com/golang/gddo v0.0.0-20190904175337-72a348e765d2 h1:xisWqjiKEff2B0KfFYGpCqc3M3zdTz+OHQHRc09FeYk= github.com/golang/gddo v0.0.0-20190904175337-72a348e765d2/go.mod h1:xEhNfoBDX1hzLm2Nf80qUvZ2sVwoMZ8d6IE2SrsQfh4= github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= -github.com/golang/glog v0.0.0-20210429001901-424d2337a529 h1:2voWjNECnrZRbfwXxHB1/j8wa6xdKn85B5NzgVL/pTU= github.com/golang/glog v0.0.0-20210429001901-424d2337a529/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= +github.com/golang/glog v1.0.0 h1:nfP3RFugxnNRyKgeWd4oI1nYvXpxrx8ck8ZrcizshdQ= +github.com/golang/glog v1.0.0/go.mod h1:EWib/APOK0SL3dFbYqvxE3UYd8E6s1ouQ7iEp/0LWV4= github.com/golang/groupcache v0.0.0-20160516000752-02826c3e7903/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/groupcache v0.0.0-20190129154638-5b532d6fd5ef/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= @@ -863,14 +840,14 @@ github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/ github.com/google/go-cmp v0.5.3/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.5.6 h1:BKbKCqvP6I+rmFHt06ZmyQtvB8xAkWdhFyr0ZUNZcxQ= github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= +github.com/google/go-cmp v0.5.7 h1:81/ik6ipDQS2aGcBfIN5dHDB36BwrStyeAQquSYCV4o= +github.com/google/go-cmp v0.5.7/go.mod h1:n+brtR0CgQNWTVd5ZUFpTBC8YFBDLK/h/bpaJ8/DtOE= github.com/google/go-github/v27 v27.0.1 h1:sSMFSShNn4VnqCqs+qhab6TS3uQc+uVR6TD1bW6MavM= github.com/google/go-github/v27 v27.0.1/go.mod h1:/0Gr8pJ55COkmv+S/yPKCczSkUPIM/LnFyubufRNIS0= github.com/google/go-github/v28 v28.1.1/go.mod h1:bsqJWQX05omyWVmc00nEUql9mhQyv38lDZ8kPZcQVoM= github.com/google/go-github/v38 v38.1.0 h1:C6h1FkaITcBFK7gAmq4eFzt6gbhEhk7L5z6R3Uva+po= github.com/google/go-github/v38 v38.1.0/go.mod h1:cStvrz/7nFr0FoENgG6GLbp53WaelXucT+BBz/3VKx4= -github.com/google/go-jsonnet v0.17.0/go.mod h1:sOcuej3UW1vpPTZOr8L7RQimqai1a57bt5j22LzGZCw= github.com/google/go-jsonnet v0.18.0 h1:/6pTy6g+Jh1a1I2UMoAODkqELFiVIdOxbNwv0DDzoOg= github.com/google/go-jsonnet v0.18.0/go.mod h1:C3fTzyVJDslXdiTqw/bTFk7vSGyCtH3MGRbDfvEwGd0= github.com/google/go-licenses v0.0.0-20210329231322-ce1d9163b77d/go.mod h1:+TYOmkVoJOpwnS0wfdsJCV9CoD5nJYsHoFk/0CrTK4M= @@ -1054,10 +1031,6 @@ github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANyt github.com/influxdata/influxdb1-client v0.0.0-20191209144304-8bf82d3c094d/go.mod h1:qj24IKcXYK6Iy9ceXlo3Tc+vtHo9lIhSX5JddghvEPo= github.com/inhies/go-bytesize v0.0.0-20210819104631-275770b98743 h1:X3Xxno5Ji8idrNiUoFc7QyXpqhSYlDRYQmc7mlpMBzU= github.com/inhies/go-bytesize v0.0.0-20210819104631-275770b98743/go.mod h1:KrtyD5PFj++GKkFS/7/RRrfnRhAMGQwy75GLCHWrCNs= -github.com/instana/go-sensor v1.34.0 h1:mUacyQZV7Ip+Z0JU8S6HFjA7HkrMq+ZXjKb1YJsvrmA= -github.com/instana/go-sensor v1.34.0/go.mod h1:Uh9j3eF2mBw/FLk2MxISmVDIj8mtJBFRj2S19M6CVyQ= -github.com/instana/testify v1.6.2-0.20200721153833-94b1851f4d65 h1:T25FL3WEzgmKB0m6XCJNZ65nw09/QIp3T1yXr487D+A= -github.com/instana/testify v1.6.2-0.20200721153833-94b1851f4d65/go.mod h1:nYhEREG/B7HUY7P+LKOrqy53TpIqmJ9JyUShcaEKtGw= github.com/j-keck/arping v0.0.0-20160618110441-2cf9dc699c56/go.mod h1:ymszkNOg6tORTn+6F6j+Jc8TOr5osrynvN6ivFWZ2GA= github.com/jackc/chunkreader v1.0.0/go.mod h1:RT6O25fNZIuasFJRyZ4R/Y2BbhasbmZXF9QQ7T3kePo= github.com/jackc/chunkreader/v2 v2.0.0/go.mod h1:odVSm741yZoC3dpHEUXIqA9tQRhFrgOHwnPIn9lDKlk= @@ -1076,8 +1049,9 @@ github.com/jackc/pgproto3/v2 v2.0.0-alpha1.0.20190420180111-c116219b62db/go.mod github.com/jackc/pgproto3/v2 v2.0.0-alpha1.0.20190609003834-432c2951c711/go.mod h1:uH0AWtUmuShn0bcesswc4aBTWGvw0cAxIJp+6OB//Wg= github.com/jackc/pgproto3/v2 v2.0.1/go.mod h1:WfJCnwN3HIg9Ish/j3sgWXnAfK8A9Y0bwXYU5xKaEdA= github.com/jackc/pgproto3/v2 v2.0.6/go.mod h1:WfJCnwN3HIg9Ish/j3sgWXnAfK8A9Y0bwXYU5xKaEdA= -github.com/jackc/pgproto3/v2 v2.1.1 h1:7PQ/4gLoqnl87ZxL7xjO0DR5gYuviDCZxQJsUlFW1eI= github.com/jackc/pgproto3/v2 v2.1.1/go.mod h1:WfJCnwN3HIg9Ish/j3sgWXnAfK8A9Y0bwXYU5xKaEdA= +github.com/jackc/pgproto3/v2 v2.2.0 h1:r7JypeP2D3onoQTCxWdTpCtJ4D+qpKr0TxvoyMhZ5ns= +github.com/jackc/pgproto3/v2 v2.2.0/go.mod h1:WfJCnwN3HIg9Ish/j3sgWXnAfK8A9Y0bwXYU5xKaEdA= github.com/jackc/pgservicefile v0.0.0-20200714003250-2b9c44734f2b h1:C8S2+VttkHFdOOCXJe+YGfa4vHYwlt4Zx+IVXQ97jYg= github.com/jackc/pgservicefile v0.0.0-20200714003250-2b9c44734f2b/go.mod h1:vsD4gTJCa9TptPL8sPkXrLZ+hDuNrZCnj29CQpr4X1E= github.com/jackc/pgtype v0.0.0-20190421001408-4ed0de4755e0/go.mod h1:hdSHsc1V01CGwFsrv11mJRHWJ6aifDLfdV3aVjFF0zg= @@ -1087,8 +1061,9 @@ github.com/jackc/pgtype v1.3.1-0.20200510190516-8cd94a14c75a/go.mod h1:vaogEUkAL github.com/jackc/pgtype v1.3.1-0.20200606141011-f6355165a91c/go.mod h1:cvk9Bgu/VzJ9/lxTO5R5sf80p0DiucVtN7ZxvaC4GmQ= github.com/jackc/pgtype v1.6.2/go.mod h1:JCULISAZBFGrHaOXIIFiyfzW5VY0GRitRr8NeJsrdig= github.com/jackc/pgtype v1.8.1-0.20210724151600-32e20a603178/go.mod h1:C516IlIV9NKqfsMCXTdChteoXmwgUceqaLfjg2e3NlM= -github.com/jackc/pgtype v1.8.1 h1:9k0IXtdJXHJbyAWQgbWr1lU+MEhPXZz6RIXxfR5oxXs= github.com/jackc/pgtype v1.8.1/go.mod h1:LUMuVrfsFfdKGLw+AFFVv6KtHOFMwRgDDzBt76IqCA4= +github.com/jackc/pgtype v1.9.0 h1:/SH1RxEtltvJgsDqp3TbiTFApD3mey3iygpuEGeuBXk= +github.com/jackc/pgtype v1.9.0/go.mod h1:LUMuVrfsFfdKGLw+AFFVv6KtHOFMwRgDDzBt76IqCA4= github.com/jackc/pgx/v4 v4.0.0-20190420224344-cc3461e65d96/go.mod h1:mdxmSJJuR08CZQyj1PVQBHy9XOp5p8/SHH6a0psbY9Y= github.com/jackc/pgx/v4 v4.0.0-20190421002000-1b8f0016e912/go.mod h1:no/Y67Jkk/9WuGR0JG/JseM9irFbnEPbuWV2EELPNuM= github.com/jackc/pgx/v4 v4.0.0-pre1.0.20190824185557-6972a5742186/go.mod h1:X+GQnOEnf1dqHGpw7JmHqHc1NxDoalibchSk9/RWuDc= @@ -1097,20 +1072,20 @@ github.com/jackc/pgx/v4 v4.6.1-0.20200510190926-94ba730bb1e9/go.mod h1:t3/cdRQl6 github.com/jackc/pgx/v4 v4.6.1-0.20200606145419-4e5062306904/go.mod h1:ZDaNWkt9sW1JMiNn0kdYBaLelIhw7Pg4qd+Vk6tw7Hg= github.com/jackc/pgx/v4 v4.10.1/go.mod h1:QlrWebbs3kqEZPHCTGyxecvzG6tvIsYu+A5b1raylkA= github.com/jackc/pgx/v4 v4.12.1-0.20210724153913-640aa07df17c/go.mod h1:1QD0+tgSXP7iUjYm9C1NxKhny7lq6ee99u/z+IHFcgs= -github.com/jackc/pgx/v4 v4.13.0 h1:JCjhT5vmhMAf/YwBHLvrBn4OGdIQBiFG6ym8Zmdx570= github.com/jackc/pgx/v4 v4.13.0/go.mod h1:9P4X524sErlaxj0XSGZk7s+LD0eOyu1ZDUrrpznYDF0= +github.com/jackc/pgx/v4 v4.14.0 h1:TgdrmgnM7VY72EuSQzBbBd4JA1RLqJolrw9nQVZABVc= +github.com/jackc/pgx/v4 v4.14.0/go.mod h1:jT3ibf/A0ZVCp89rtCIN0zCJxcE74ypROmHEZYsG/j8= github.com/jackc/puddle v0.0.0-20190413234325-e4ced69a3a2b/go.mod h1:m4B5Dj62Y0fbyuIc15OsIqK0+JU8nkqQjsgx7dvjSWk= github.com/jackc/puddle v0.0.0-20190608224051-11cab39313c9/go.mod h1:m4B5Dj62Y0fbyuIc15OsIqK0+JU8nkqQjsgx7dvjSWk= github.com/jackc/puddle v1.1.0/go.mod h1:m4B5Dj62Y0fbyuIc15OsIqK0+JU8nkqQjsgx7dvjSWk= github.com/jackc/puddle v1.1.1/go.mod h1:m4B5Dj62Y0fbyuIc15OsIqK0+JU8nkqQjsgx7dvjSWk= github.com/jackc/puddle v1.1.3/go.mod h1:m4B5Dj62Y0fbyuIc15OsIqK0+JU8nkqQjsgx7dvjSWk= +github.com/jackc/puddle v1.2.0/go.mod h1:m4B5Dj62Y0fbyuIc15OsIqK0+JU8nkqQjsgx7dvjSWk= github.com/jandelgado/gcov2lcov v1.0.4/go.mod h1:NnSxK6TMlg1oGDBfGelGbjgorT5/L3cchlbtgFYZSss= github.com/jandelgado/gcov2lcov v1.0.5 h1:rkBt40h0CVK4oCb8Dps950gvfd1rYvQ8+cWa346lVU0= github.com/jandelgado/gcov2lcov v1.0.5/go.mod h1:NnSxK6TMlg1oGDBfGelGbjgorT5/L3cchlbtgFYZSss= github.com/jarcoal/httpmock v1.0.5/go.mod h1:ATjnClrvW/3tijVmpL/va5Z3aAyGvqU3gCT8nX0Txik= github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99/go.mod h1:1lJo3i6rXxKeerYnT8Nvf0QmHCRC1n8sfWVwXF2Frvo= -github.com/jcchavezs/porto v0.1.0 h1:Xmxxn25zQMmgE7/yHYmh19KcItG81hIwfbEEFnd6w/Q= -github.com/jcchavezs/porto v0.1.0/go.mod h1:fESH0gzDHiutHRdX2hv27ojnOVFco37hg1W6E9EZF4A= github.com/jessevdk/go-flags v1.4.0 h1:4IU2WS7AumrZ/40jfhf4QVDMsQwqA7VEHozFRrGARJA= github.com/jessevdk/go-flags v1.4.0/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI= github.com/jhump/protoreflect v1.6.1/go.mod h1:RZQ/lnuN+zqeRVpQigTwO6o0AJUkxbnSnpuG7toUTG4= @@ -1130,8 +1105,6 @@ github.com/jmoiron/sqlx v1.3.1/go.mod h1:2BljVx/86SuTyjE+aPYlHCTNvZrnJXghYGpNiXL github.com/jmoiron/sqlx v1.3.3/go.mod h1:2BljVx/86SuTyjE+aPYlHCTNvZrnJXghYGpNiXLBMCQ= github.com/jmoiron/sqlx v1.3.4 h1:wv+0IJZfL5z0uZoUjlpKgHkgaFSYD+r9CfrXjEXsO7w= github.com/jmoiron/sqlx v1.3.4/go.mod h1:2BljVx/86SuTyjE+aPYlHCTNvZrnJXghYGpNiXLBMCQ= -github.com/joeshaw/multierror v0.0.0-20140124173710-69b34d4ec901 h1:rp+c0RAYOWj8l6qbCUTSiRLG/iKnW3K3/QfPPuSsBt4= -github.com/joeshaw/multierror v0.0.0-20140124173710-69b34d4ec901/go.mod h1:Z86h9688Y0wesXCyonoVr47MasHilkuLMqGhRZ4Hpak= github.com/joho/godotenv v1.3.0/go.mod h1:7hK45KPybAkOC6peb+G5yklZfMxEjkZhHbwpqxOKXbg= github.com/joho/godotenv v1.4.0 h1:3l4+N6zfMWnkbPEXKng2o2/MR5mSwTrBih4ZEkkz1lg= github.com/joho/godotenv v1.4.0/go.mod h1:f4LDr5Voq0i2e/R5DDNOoa2zzDfwtkZa6DnEwAbqwq4= @@ -1159,8 +1132,6 @@ github.com/juju/ratelimit v1.0.1/go.mod h1:qapgC/Gy+xNh9UxzV13HGGl/6UXNN+ct+vwSg github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w= github.com/julienschmidt/httprouter v1.3.0 h1:U0609e9tgbseu3rBINet9P48AI/D3oJs4dN7jwJOQ1U= github.com/julienschmidt/httprouter v1.3.0/go.mod h1:JR6WtHb+2LUe8TCKY3cZOxFyyO8IZAc4RVcycCCAKdM= -github.com/jung-kurt/gofpdf v1.0.0/go.mod h1:7Id9E/uU8ce6rXgefFLlgrJj/GYY22cpxn+r32jIOes= -github.com/jung-kurt/gofpdf v1.0.3-0.20190309125859-24315acbbda5/go.mod h1:7Id9E/uU8ce6rXgefFLlgrJj/GYY22cpxn+r32jIOes= github.com/karrick/godirwalk v1.8.0/go.mod h1:H5KPZjojv4lE+QYImBI8xVtrBRgYrIVsaRPx4tDPEn4= github.com/karrick/godirwalk v1.10.3/go.mod h1:RoGL9dQei4vP9ilrpETWE8CLOZ1kiN0LhBygSwrAsHA= github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51 h1:Z9n2FFNUXsshfwJMBgNA0RU6/i7WVaAegv3PtuIHPMs= @@ -1210,8 +1181,8 @@ github.com/lib/pq v1.10.4 h1:SO9z7FRPzA03QhHKJrH5BXA6HU1rS4V2nIVrrNC1iYk= github.com/lib/pq v1.10.4/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o= github.com/lightstep/lightstep-tracer-common/golang/gogo v0.0.0-20190605223551-bc2310a04743/go.mod h1:qklhhLq1aX+mtWk9cPHPzaBjWImj5ULL6C7HFJtXQMM= github.com/lightstep/lightstep-tracer-go v0.18.1/go.mod h1:jlF1pusYV4pidLvZ+XD0UBX0ZE6WURAspgAczcDHrL4= -github.com/looplab/fsm v0.1.0 h1:Qte7Zdn/5hBNbXzP7yxVU4OIFHWXBovyTT2LaBTyC20= -github.com/looplab/fsm v0.1.0/go.mod h1:m2VaOfDHxqXBBMgc26m6yUOwkFn8H2AlJDE+jd/uafI= +github.com/luna-duclos/instrumentedsql v1.1.3 h1:t7mvC0z1jUt5A0UQ6I/0H31ryymuQRnJcWCiqV3lSAA= +github.com/luna-duclos/instrumentedsql v1.1.3/go.mod h1:9J1njvFds+zN7y85EDhN9XNQLANWwZt2ULeIC8yMNYs= github.com/lyft/protoc-gen-star v0.5.1/go.mod h1:9toiA3cC7z5uVbODF7kEQ91Xn7XNFkVUl+SrEe+ZORU= github.com/lyft/protoc-gen-star v0.5.3/go.mod h1:V0xaHgaf5oCCqmcxYcWiDfTiKsZsRc87/1qhoTACD8w= github.com/lyft/protoc-gen-validate v0.0.13/go.mod h1:XbGvPuh87YZc5TdIa2/I4pLk0QoUACkjt2znoq26NVQ= @@ -1226,14 +1197,14 @@ github.com/mailru/easyjson v0.0.0-20190614124828-94de47d64c63/go.mod h1:C1wdFJiN github.com/mailru/easyjson v0.0.0-20190626092158-b2ccc519800e/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc= github.com/mailru/easyjson v0.7.0/go.mod h1:KAzv3t3aY1NaHWoQz1+4F1ccyAH66Jk7yos7ldAVICs= github.com/mailru/easyjson v0.7.1/go.mod h1:KAzv3t3aY1NaHWoQz1+4F1ccyAH66Jk7yos7ldAVICs= -github.com/mailru/easyjson v0.7.6 h1:8yTIVnZgCoiM1TgqoeTl+LfU5Jg6/xL3QhGQnimLYnA= github.com/mailru/easyjson v0.7.6/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc= +github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0= +github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc= github.com/markbates/hmax v1.0.0 h1:yo2N0gBoCnUMKhV/VRLHomT6Y9wUm+oQQENuWJqCdlM= github.com/markbates/hmax v1.0.0/go.mod h1:cOkR9dktiESxIMu+65oc/r/bdY4bE8zZw3OLhLx0X2c= github.com/markbates/oncer v0.0.0-20181203154359-bf2de49a0be2/go.mod h1:Ld9puTsIW75CHf65OeIOkyKbteujpZVXDpWK6YGZbxE= github.com/markbates/oncer v1.0.0/go.mod h1:Z59JA581E9GP6w96jai+TGqafHPW+cPfRxz2aSZ0mcI= github.com/markbates/pkger v0.17.1 h1:/MKEtWqtc0mZvu9OinB9UzVN9iYCwLWuyUv4Bw+PCno= -github.com/markbates/pkger v0.17.1/go.mod h1:0JoVlrol20BSywW79rN3kdFFsE5xYM+rSCQDXbLhiuI= github.com/markbates/safe v1.0.1/go.mod h1:nAqgmRi7cY2nqMc92/bSEeQA+R4OheNU2T1kNSCBdG0= github.com/marstr/guid v1.1.0/go.mod h1:74gB1z2wpxxInTG6yaqA7KrtM0NZ+RbrcqDvYHefzho= github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU= @@ -1264,8 +1235,8 @@ github.com/mattn/go-runewidth v0.0.12 h1:Y41i/hVW3Pgwr8gV+J23B9YEY0zxjptBuCWEaxm github.com/mattn/go-runewidth v0.0.12/go.mod h1:RAqKPSqVFrSLVXbA8x7dzmKdmGzieGRCM46jaSJTDAk= github.com/mattn/go-shellwords v1.0.3/go.mod h1:3xCvwCdWdlDJUrvuMn7Wuy9eWs4pE8vqg+NOMyg4B2o= github.com/mattn/go-shellwords v1.0.10/go.mod h1:EZzvwXDESEeg03EKmM+RmDnNOPKG4lLtQsUlTZDWQ8Y= -github.com/mattn/go-sqlite3 v1.14.12 h1:TJ1bhYJPV44phC+IMu1u2K/i5RriLTPe+yc68XDJ1Z0= -github.com/mattn/go-sqlite3 v1.14.12/go.mod h1:NyWgC/yNuGj7Q9rpYnZvas74GogHl5/Z4A/KQRfk6bU= +github.com/mattn/go-sqlite3 v1.14.7-0.20210414154423-1157a4212dcb h1:ax2vG2unlxsjwS7PMRo4FECIfAdQLowd6ejWYwPQhBo= +github.com/mattn/go-sqlite3 v1.14.7-0.20210414154423-1157a4212dcb/go.mod h1:NyWgC/yNuGj7Q9rpYnZvas74GogHl5/Z4A/KQRfk6bU= github.com/mattn/go-zglob v0.0.1/go.mod h1:9fxibJccNxU2cnpIKLRRFA7zX7qhkJIQWBb449FYHOo= github.com/mattn/goveralls v0.0.7 h1:vzy0i4a2iDzEFMdXIxcanRadkr0FBvSBKUmj0P8SPlQ= github.com/mattn/goveralls v0.0.7/go.mod h1:h8b4ow6FxSPMQHF6o2ve3qsclnffZjYTNEKmLesRwqw= @@ -1317,8 +1288,9 @@ github.com/moby/sys/mountinfo v0.4.0/go.mod h1:rEr8tzG/lsIZHBtN/JjGG+LMYx9eXgW2J github.com/moby/sys/mountinfo v0.4.1/go.mod h1:rEr8tzG/lsIZHBtN/JjGG+LMYx9eXgW2JI+6q0qou+A= github.com/moby/sys/symlink v0.1.0/go.mod h1:GGDODQmbFOjFsXvfLVn3+ZRxkch54RkSiGqsZeMYowQ= github.com/moby/term v0.0.0-20200312100748-672ec06f55cd/go.mod h1:DdlQx2hp0Ss5/fLikoLlEeIYiATotOjgB//nb973jeo= -github.com/moby/term v0.0.0-20201216013528-df9cb8a40635 h1:rzf0wL0CHVc8CEsgyygG0Mn9CNCCPZqOPaz8RiiHYQk= github.com/moby/term v0.0.0-20201216013528-df9cb8a40635/go.mod h1:FBS0z0QWA44HXygs7VXDUOGoN/1TV3RuWkLO04am3wc= +github.com/moby/term v0.0.0-20210619224110-3f7ff695adc6 h1:dcztxKSvZ4Id8iPpHERQBbIJfabdt4wUm5qy3wOL2Zc= +github.com/moby/term v0.0.0-20210619224110-3f7ff695adc6/go.mod h1:E2VnQOmVuvZB6UYnnDB0qG5Nq/1tD9acaOpo6xmt0Kw= github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg= github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= @@ -1331,7 +1303,6 @@ github.com/mohae/deepcopy v0.0.0-20170929034955-c48cc78d4826/go.mod h1:TaXosZuwd github.com/montanaflynn/stats v0.0.0-20171201202039-1bf9dbcd8cbe h1:iruDEfMl2E6fbMZ9s0scYfZQ84/6SPL6zC8ACM2oIL0= github.com/montanaflynn/stats v0.0.0-20171201202039-1bf9dbcd8cbe/go.mod h1:wL8QJuTMNUDYhXwkmfOly8iTdp5TEcJFWZD2D7SIkUc= github.com/morikuni/aec v1.0.0 h1:nP9CBfwrvYnBRgY6qfDQkygYDmYwOilePFkwzv4dU8A= -github.com/morikuni/aec v1.0.0/go.mod h1:BbKIizmSmc5MMPqRYbxO4ZU0S0+P200+tUnFx7PXmsc= github.com/mreiferson/go-httpclient v0.0.0-20160630210159-31f0106b4474/go.mod h1:OQA4XLvDbMgS8P0CevmM4m9Q3Jq4phKUzcocxuGJ5m8= github.com/mrunalp/fileutils v0.5.0/go.mod h1:M1WthSahJixYnrXQl/DFQuteStB1weuxD2QJNHXfbSQ= github.com/munnerz/goautoneg v0.0.0-20120707110453-a547fc61f48d/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= @@ -1407,20 +1378,15 @@ github.com/opencontainers/runtime-tools v0.0.0-20181011054405-1d69bd0f9c39/go.mo github.com/opencontainers/selinux v1.6.0/go.mod h1:VVGKuOLlE7v4PJyT6h7mNWvq1rzqiriPsEqVhc+svHE= github.com/opencontainers/selinux v1.8.0/go.mod h1:RScLhm78qiWa2gbVCcGkC7tCGdgk3ogry1nUQF8Evvo= github.com/opencontainers/selinux v1.8.2/go.mod h1:MUIHuUEvKB1wtJjQdOyYRgOnLD2xAPP8dBsCoU0KuF8= -github.com/opentracing-contrib/go-observer v0.0.0-20170622124052-a52f23424492 h1:lM6RxxfUMrYL/f8bWEUqdXrANWtrL7Nndbm9iFN0DlU= github.com/opentracing-contrib/go-observer v0.0.0-20170622124052-a52f23424492/go.mod h1:Ngi6UdF0k5OKD5t5wlmGhe/EDKPoUM3BXZSSfIuJbis= github.com/opentracing/basictracer-go v1.0.0/go.mod h1:QfBfYuafItcjQuMwinw9GhYKwFXS9KnPs5lxoYwgW74= github.com/opentracing/opentracing-go v1.0.2/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFStlNbqXla1AfSYxPUl2o= github.com/opentracing/opentracing-go v1.1.0/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFStlNbqXla1AfSYxPUl2o= -github.com/opentracing/opentracing-go v1.2.0 h1:uEJPy/1a5RIPAJ0Ov+OIO8OxWu77jEv+1B0VhjKrZUs= github.com/opentracing/opentracing-go v1.2.0/go.mod h1:GxEUsuufX4nBwe+T+Wl9TAgYrxe9dPLANfrWvHYVTgc= -github.com/openzipkin-contrib/zipkin-go-opentracing v0.4.5 h1:ZCnq+JUrvXcDVhX/xRolRBZifmabN1HcS1wrPSvxhrU= github.com/openzipkin-contrib/zipkin-go-opentracing v0.4.5/go.mod h1:/wsWhb9smxSfWAKL3wpBW7V8scJMt8N8gnaMCS9E/cA= github.com/openzipkin/zipkin-go v0.1.6/go.mod h1:QgAqvLzwWbR/WpD4A3cGpPtJrZXNIiJc5AZX7/PBEpw= github.com/openzipkin/zipkin-go v0.2.1/go.mod h1:NaW6tEwdmWMaCDZzg8sh+IBNOxHMPnhQw8ySjnjRyN4= github.com/openzipkin/zipkin-go v0.2.2/go.mod h1:NaW6tEwdmWMaCDZzg8sh+IBNOxHMPnhQw8ySjnjRyN4= -github.com/openzipkin/zipkin-go v0.2.5 h1:UwtQQx2pyPIgWYHRg+epgdx1/HnBQTgN3/oIYEJTQzU= -github.com/openzipkin/zipkin-go v0.2.5/go.mod h1:KpXfKdgRDnnhsxw4pNIH9Md5lyFqKUa4YDFlwRYAMyE= github.com/ory/analytics-go/v4 v4.0.3 h1:2zNBQLlm3UiD8U7DdUGLLUBm62ZA5GtbEJ3S5U+xEOI= github.com/ory/analytics-go/v4 v4.0.3/go.mod h1:A3Chm/3TmM8jw4nqRss+gFhAYHRI5j/HFYH3C1FRahU= github.com/ory/dockertest/v3 v3.8.1 h1:vU/8d1We4qIad2YM0kOwRVtnyue7ExvacPiw1yDm17g= @@ -1433,10 +1399,6 @@ github.com/ory/graceful v0.1.1 h1:zx+8tDObLPrG+7Tc8jKYlXsqWnLtOQA1IZ/FAAKHMXU= github.com/ory/graceful v0.1.1/go.mod h1:zqu70l95WrKHF4AZ6tXHvAqAvpY6M7g6ttaAVcMm7KU= github.com/ory/herodot v0.9.13 h1:cN/Z4eOkErl/9W7hDIDLb79IO/bfsH+8yscBjRpB4IU= github.com/ory/herodot v0.9.13/go.mod h1:IWDs9kSvFQqw/cQ8zi5ksyYvITiUU4dI7glUrhZcJYo= -github.com/ory/instrumentedsql v1.2.0 h1:7VqI6sVRAEVmIp+mVbeICMTi27EJQuq5k9crlt3rs10= -github.com/ory/instrumentedsql v1.2.0/go.mod h1:wT//5kSu12gfOhU8yDf6IC69yQ+Tc8MufpwzYliRRx8= -github.com/ory/instrumentedsql/opentracing v0.0.0-20210903114257-c8963b546c5c h1:eek/2FXUZEnRXaRQtqw8MQMxcPX7Qr3tACKI5pe71n0= -github.com/ory/instrumentedsql/opentracing v0.0.0-20210903114257-c8963b546c5c/go.mod h1:61Z4zNpOoshtEmLmp6T13G9adSk66/dYTfTBEnCLwVQ= github.com/ory/jsonschema/v3 v3.0.7 h1:GQ9qfZDiJqs4l2d3p56dozCChvejQFZyLKGHYzDzOSo= github.com/ory/jsonschema/v3 v3.0.7/go.mod h1:g8c8YOtN4TrR2wYeMdT02GDmzJDI0fEW2nI26BECafY= github.com/ory/mail v2.3.1+incompatible/go.mod h1:87D9/1gB6ewElQoN0lXJ0ayfqcj3cW3qCTXh+5E9mfU= @@ -1448,8 +1410,8 @@ github.com/ory/sessions v1.2.2-0.20220110165800-b09c17334dc2 h1:zm6sDvHy/U9XrGpi github.com/ory/sessions v1.2.2-0.20220110165800-b09c17334dc2/go.mod h1:dk2InVEVJ0sfLlnXv9EAgkf6ecYs/i80K/zI+bUmuGM= github.com/ory/viper v1.7.5 h1:+xVdq7SU3e1vNaCsk/ixsfxE4zylk1TJUiJrY647jUE= github.com/ory/viper v1.7.5/go.mod h1:ypOuyJmEUb3oENywQZRgeAMwqgOyDqwboO1tj3DjTaM= -github.com/ory/x v0.0.358 h1:WazMAyWp5tB8G3aCAbmTbDLez+W/M+iOhZttv+3oxFo= -github.com/ory/x v0.0.358/go.mod h1:FwkxlbYT2eIBdVqx1340PfG0CPjMTBDdzX6KYociqO8= +github.com/ory/x v0.0.375 h1:isMWH0/n+y5f0QETLOqBAHt0Gl6bo1kK70TkxYKv4iY= +github.com/ory/x v0.0.375/go.mod h1:JHPSavhYHgzlh9teE1vGY+1tecUo2CzfLqHex42jNSQ= github.com/otiai10/copy v1.2.0/go.mod h1:rrF5dJ5F0t/EWSYODDu4j9/vEeYHMkc8jt0zJChqQWw= github.com/otiai10/curr v0.0.0-20150429015615-9b4961190c95/go.mod h1:9qAhocn7zKJG+0mI8eUu6xqkFDYS2kb2saOteoSB3cE= github.com/otiai10/curr v1.0.0/go.mod h1:LskTG5wDwr8Rs+nNQ+1LlxRjAtTZZjtJW4rMXl6j4vs= @@ -1474,11 +1436,6 @@ github.com/performancecopilot/speed v3.0.0+incompatible/go.mod h1:/CLtqpZ5gBg1M9 github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR/tNboyR3/BZd58JJSHlUSCU= github.com/phayes/freeport v0.0.0-20180830031419-95f893ade6f2 h1:JhzVVoYvbOACxoUmOs6V/G4D5nPVUW73rKvXxP4XUJc= github.com/phayes/freeport v0.0.0-20180830031419-95f893ade6f2/go.mod h1:iIss55rKnNBTvrwdmkUpLnDpZoAHvWaiq5+iMmen4AE= -github.com/philhofer/fwd v1.1.1 h1:GdGcTjf5RNAxwS4QLsiMzJYj5KEvPJD3Abr261yRQXQ= -github.com/philhofer/fwd v1.1.1/go.mod h1:gk3iGcWd9+svBvR0sR+KPcfE+RNWozjowpeBVG3ZVNU= -github.com/phpdave11/gofpdf v1.4.2/go.mod h1:zpO6xFn9yxo3YLyMvW8HcKWVdbNqgIfOOp2dXMnm1mY= -github.com/phpdave11/gofpdi v1.0.12/go.mod h1:vBmVV0Do6hSBHC8uKUQ71JGW+ZGQq74llk/7bXwjDoI= -github.com/phpdave11/gofpdi v1.0.13/go.mod h1:vBmVV0Do6hSBHC8uKUQ71JGW+ZGQq74llk/7bXwjDoI= github.com/pierrec/lz4 v1.0.2-0.20190131084431-473cd7ce01a1/go.mod h1:3/3N9NVKO0jef7pBehbT1qWhCMrIgbYNnFAZCqQ5LRc= github.com/pierrec/lz4 v2.0.5+incompatible/go.mod h1:pdkljMzZIN41W+lC3N2tnIh5sFi+IEE17M5jbnwPHcY= github.com/pkg/diff v0.0.0-20200914180035-5b29258ca4f7/go.mod h1:zO8QMzTeZd5cpnIkz/Gn6iK0jDfGicM1nynOkkPIl28= @@ -1541,7 +1498,6 @@ github.com/prometheus/common v0.32.1/go.mod h1:vu+V0TpY+O6vW9J44gczi3Ap/oXXR10b+ github.com/prometheus/procfs v0.0.0-20180125133057-cb4147076ac7/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= github.com/prometheus/procfs v0.0.0-20190117184657-bf6a532e95b1/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= -github.com/prometheus/procfs v0.0.0-20190425082905-87a4384529e0/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= github.com/prometheus/procfs v0.0.0-20190507164030-5867b95ac084/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= github.com/prometheus/procfs v0.0.0-20190522114515-bc1a522cf7b1/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= @@ -1550,8 +1506,9 @@ github.com/prometheus/procfs v0.0.5/go.mod h1:4A/X28fw3Fc593LaREMrKMqOKvUAntwMDa github.com/prometheus/procfs v0.0.8/go.mod h1:7Qr8sr6344vo1JqZ6HhLceV9o3AJ1Ff+GxbHq6oeK9A= github.com/prometheus/procfs v0.1.3/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4OA4YeYWdaU= github.com/prometheus/procfs v0.2.0/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4OA4YeYWdaU= -github.com/prometheus/procfs v0.6.0 h1:mxy4L2jP6qMonqmq+aTtOx1ifVWUgG/TAmntgbh3xv4= github.com/prometheus/procfs v0.6.0/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA= +github.com/prometheus/procfs v0.7.3 h1:4jVXhlkAyzOScmCkXBTOLRLTz8EeU+eyjrwB/EPq0VU= +github.com/prometheus/procfs v0.7.3/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA= github.com/prometheus/tsdb v0.7.1/go.mod h1:qhTCs0VvXwvX/y3TZrWD7rabWM+ijKTux40TwIPHuXU= github.com/pseudomuto/protoc-gen-doc v1.4.1/go.mod h1:exDTOVwqpp30eV/EDPFLZy3Pwr2sn6hBC1WIYH/UbIg= github.com/pseudomuto/protokit v0.2.0/go.mod h1:2PdH30hxVHsup8KpBTOXTBeMVhJZVio3Q8ViKSAXT0Q= @@ -1582,16 +1539,11 @@ github.com/russross/blackfriday v1.5.2/go.mod h1:JO/DiYxRf+HjHt06OyowR9PTA263kcR github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= github.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf35Ld67mk= github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= -github.com/ruudk/golang-pdf417 v0.0.0-20181029194003-1af4ab5afa58/go.mod h1:6lfFZQK844Gfx8o5WFuvpxWRwnSoipWe/p622j1v06w= -github.com/ruudk/golang-pdf417 v0.0.0-20201230142125-a7e3863a1245/go.mod h1:pQAZKsJ8yyVxGRWYNEm9oFB8ieLgKFnamEyDmSA0BRk= github.com/ryanuber/columnize v0.0.0-20160712163229-9b3edd62028f/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts= github.com/ryanuber/columnize v2.1.0+incompatible/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts= github.com/ryanuber/go-glob v1.0.0/go.mod h1:807d1WSdnB0XRJzKNil9Om6lcp/3a0v4qIHxIXzX/Yc= github.com/safchain/ethtool v0.0.0-20190326074333-42ed695e3de8/go.mod h1:Z0q5wiBQGYcxhMZ6gUqHn6pYNLypFAvaL3UvgZLR0U4= -github.com/sagikazarmark/crypt v0.3.0/go.mod h1:uD/D+6UF4SrIR1uGEv7bBNkNqLGqUr43MRiaGWX1Nig= github.com/samuel/go-zookeeper v0.0.0-20190923202752-2cc03de413da/go.mod h1:gi+0XIa01GRL2eRQVjQkKGqKF3SF9vZR/HnPullcV2E= -github.com/santhosh-tekuri/jsonschema v1.2.4 h1:hNhW8e7t+H1vgY+1QeEQpveR6D4+OwKPXCfD2aieJis= -github.com/santhosh-tekuri/jsonschema v1.2.4/go.mod h1:TEAUOeZSmIxTTuHatJzrvARHiuO9LYd+cIxzgEHCQI4= github.com/sassoftware/go-rpmutils v0.0.0-20190420191620-a8f1baeba37b/go.mod h1:am+Fp8Bt506lA3Rk3QCmSqmYmLMnPDhdDUcosQCAx+I= github.com/satori/go.uuid v1.2.0/go.mod h1:dA0hQrYB0VpLJoorglMZABFdXlWrHn1NEOzdhQKdks0= github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529 h1:nn5Wsu0esKSJiIVhscUtVbo7ada43DJhG55ua/hjS5I= @@ -1663,8 +1615,8 @@ github.com/spf13/cobra v1.0.0/go.mod h1:/6GTrnGXV9HjY+aR4k0oJ5tcvakLuG6EuKReYlHN github.com/spf13/cobra v1.1.1/go.mod h1:WnodtKOvamDL/PwE2M4iKs8aMDBZ5Q5klgD3qfVJQMI= github.com/spf13/cobra v1.1.3/go.mod h1:pGADOWyqRD/YMrPZigI/zbliZ2wVD/23d+is3pSWzOo= github.com/spf13/cobra v1.2.1/go.mod h1:ExllRjgxM/piMAM+3tAZvg8fsklGAf3tPfi+i8t68Nk= -github.com/spf13/cobra v1.3.0 h1:R7cSvGu+Vv+qX0gW5R/85dx2kmmJT5z5NM8ifdYjdn0= -github.com/spf13/cobra v1.3.0/go.mod h1:BrRVncBjOJa/eUcVVm9CE+oC6as8k+VYr4NY7WCi9V4= +github.com/spf13/cobra v1.4.0 h1:y+wJpx64xcgO1V+RcnwW0LEHxTKRi2ZDPSBjWnrg88Q= +github.com/spf13/cobra v1.4.0/go.mod h1:Wo4iy3BUC+X2Fybo0PDqwJIv3dNRiZLHQymsfxlB84g= github.com/spf13/jwalterweatherman v1.0.0/go.mod h1:cQK4TGJAtQXfYWX+Ddv3mKDzgVb68N+wFjFa4jdeBTo= github.com/spf13/jwalterweatherman v1.1.0 h1:ue6voC5bR5F8YxI5S67j9i582FU4Qvo2bmqnqMYADFk= github.com/spf13/jwalterweatherman v1.1.0/go.mod h1:aNWZUN0dPAAO/Ljvb5BEdw96iTZ0EXowPYD95IqWIGo= @@ -1683,7 +1635,6 @@ github.com/spf13/viper v1.10.0 h1:mXH0UwHS4D2HwWZa75im4xIQynLfblmWV7qcWpfv0yk= github.com/spf13/viper v1.10.0/go.mod h1:SoyBPwAtKDzypXNDFKN5kzH7ppppbGZtls1UpIy5AsM= github.com/sqs/goreturns v0.0.0-20181028201513-538ac6014518 h1:iD+PFTQwKEmbwSdwfvP5ld2WEI/g7qbdhmHJ2ASfYGs= github.com/sqs/goreturns v0.0.0-20181028201513-538ac6014518/go.mod h1:CKI4AZ4XmGV240rTHfO0hfE83S6/a3/Q1siZJ/vXf7A= -github.com/square/go-jose/v3 v3.0.0-20200630053402-0a67ce9b0693/go.mod h1:6hSY48PjDm4UObWmGLyJE9DxYVKTgR9kbCspXXJEhcU= github.com/src-d/gcfg v1.4.0/go.mod h1:p/UMsR43ujA89BJY9duynAwIpvqEujIH/jFlfL7jWoI= github.com/stefanberger/go-pkcs11uri v0.0.0-20201008174630-78d3cae3a980/go.mod h1:AO3tvPzVZ/ayst6UlUKUv6rcPQInYe3IknH3jYhAKu8= github.com/streadway/amqp v0.0.0-20190404075320-75d898a42a94/go.mod h1:AZpEONHx3DKn8O/DFsRAY58/XVQiIPMTMB1SddzLXVw= @@ -1701,31 +1652,29 @@ github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UV github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA= github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= -github.com/stretchr/testify v1.7.0 h1:nwc3DEeHmmLAfoZucVR881uASk0Mfjw8xYJ99tb5CcY= github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= +github.com/stretchr/testify v1.7.1 h1:5TQK59W5E3v0r2duFAb7P95B6hEeOyEnHRa8MjYSMTY= +github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/subosito/gotenv v1.2.0 h1:Slr1R9HxAlEKefgq5jn9U+DnETlIUa6HfgEzj0g5d7s= github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69rRypqCw= github.com/syndtr/gocapability v0.0.0-20170704070218-db04d3cc01c8/go.mod h1:hkRG7XYTFWNJGYcbNJQlaLq0fg1yr4J4t/NcTQtrfww= github.com/syndtr/gocapability v0.0.0-20180916011248-d98352740cb2/go.mod h1:hkRG7XYTFWNJGYcbNJQlaLq0fg1yr4J4t/NcTQtrfww= github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635/go.mod h1:hkRG7XYTFWNJGYcbNJQlaLq0fg1yr4J4t/NcTQtrfww= github.com/tchap/go-patricia v2.2.6+incompatible/go.mod h1:bmLyhP68RS6kStMGxByiQ23RP/odRBOTVjwp2cDyi6I= -github.com/tidwall/gjson v1.9.1/go.mod h1:jydLKE7s8J0+1/5jC4eXcuFlzKizGrCKvLmBVX/5oXc= -github.com/tidwall/gjson v1.9.4 h1:oNis7dk9Rs3dKJNNigXZT1MTOiJeBtpurn+IpCB75MY= -github.com/tidwall/gjson v1.9.4/go.mod h1:/wbyibRr2FHMks5tjHJ5F8dMZh3AcwJEMf5vlfC0lxk= -github.com/tidwall/match v1.0.3/go.mod h1:eRSPERbgtNPcGhD8UCthc6PmLEQXEWd3PRB5JTxsfmM= +github.com/tidwall/gjson v1.12.1/go.mod h1:/wbyibRr2FHMks5tjHJ5F8dMZh3AcwJEMf5vlfC0lxk= +github.com/tidwall/gjson v1.14.0 h1:6aeJ0bzojgWLa82gDQHcx3S0Lr/O51I9bJ5nv6JFx5w= +github.com/tidwall/gjson v1.14.0/go.mod h1:/wbyibRr2FHMks5tjHJ5F8dMZh3AcwJEMf5vlfC0lxk= github.com/tidwall/match v1.1.1 h1:+Ho715JplO36QYgwN9PGYNhgZvoUSc9X2c80KVTi+GA= github.com/tidwall/match v1.1.1/go.mod h1:eRSPERbgtNPcGhD8UCthc6PmLEQXEWd3PRB5JTxsfmM= github.com/tidwall/pretty v1.0.0/go.mod h1:XNkn88O1ChpSDQmQeStsy+sBenx6DDtFZJxhVysOjyk= github.com/tidwall/pretty v1.2.0 h1:RWIZEg2iJ8/g6fDDYzMpobmaoGh5OLl4AXtGUGPcqCs= github.com/tidwall/pretty v1.2.0/go.mod h1:ITEVvHYasfjBbM0u2Pg8T2nJnzm8xPwvNhhsoaGGjNU= -github.com/tidwall/sjson v1.2.2 h1:H1Llj/C9G+BoUN2DsybLHjWvr9dx4Uazavf0sXQ+rOs= -github.com/tidwall/sjson v1.2.2/go.mod h1:jmW2RZpbKuExPFUHeFSBMiovT9ZyOziEHDRkbsdp0B0= +github.com/tidwall/sjson v1.2.4 h1:cuiLzLnaMeBhRmEv00Lpk3tkYrcxpmbU81tAY4Dw0tc= +github.com/tidwall/sjson v1.2.4/go.mod h1:098SZ494YoMWPmMO6ct4dcFnqxwj9r/gF0Etp19pSNM= github.com/timtadh/data-structures v0.5.3 h1:F2tEjoG9qWIyUjbvXVgJqEOGJPMIiYn7U5W5mE+i/vQ= github.com/timtadh/data-structures v0.5.3/go.mod h1:9R4XODhJ8JdWFEI8P/HJKqxuJctfBQw6fDibMQny2oU= github.com/timtadh/lexmachine v0.2.2 h1:g55RnjdYazm5wnKv59pwFcBJHOyvTPfDEoz21s4PHmY= github.com/timtadh/lexmachine v0.2.2/go.mod h1:GBJvD5OAfRn/gnp92zb9KTgHLB7akKyxmVivoYCcjQI= -github.com/tinylib/msgp v1.1.2 h1:gWmO7n0Ys2RBEb7GPYB9Ujq8Mk5p2U08lRnmMcGy6BQ= -github.com/tinylib/msgp v1.1.2/go.mod h1:+d+yLhGm8mzTaHzB+wgMYrodPfmZrzkirds8fDWklFE= github.com/tj/assert v0.0.0-20171129193455-018094318fb0/go.mod h1:mZ9/Rh9oLWpLLDRpvE+3b7gP/C2YyLFYxNmcLnPTMe0= github.com/tj/go-elastic v0.0.0-20171221160941-36157cbbebc2/go.mod h1:WjeM0Oo1eNAjXGDx2yma7uG2XoyRZTq1uv3M/o7imD0= github.com/tj/go-kinesis v0.0.0-20171128231115-08b17f58cb1b/go.mod h1:/yhzCV0xPfx6jb1bBgRFjl5lytqVqZXEaeqWP8lTEao= @@ -1739,10 +1688,7 @@ github.com/tomasen/realip v0.0.0-20180522021738-f0c99a92ddce/go.mod h1:o8v6yHRoi github.com/toqueteos/webbrowser v1.2.0 h1:tVP/gpK69Fx+qMJKsLE7TD8LuGWPnEV71wBN9rrstGQ= github.com/toqueteos/webbrowser v1.2.0/go.mod h1:XWoZq4cyp9WeUeak7w7LXRUQf1F1ATJMir8RTqb4ayM= github.com/tv42/httpunix v0.0.0-20150427012821-b75d8614f926/go.mod h1:9ESjWnEqriFuLhtthL60Sar/7RFoluCcXsuvEwTV5KM= -github.com/uber/jaeger-client-go v2.29.1+incompatible h1:R9ec3zO3sGpzs0abd43Y+fBZRJ9uiH6lXyR/+u6brW4= -github.com/uber/jaeger-client-go v2.29.1+incompatible/go.mod h1:WVhlPFC8FDjOFMMWRy2pZqQJSXxYSwNYOkTr/Z6d3Kk= -github.com/uber/jaeger-lib v2.4.1+incompatible h1:td4jdvLcExb4cBISKIpHuGoVXh+dVKhn2Um6rjCsSsg= -github.com/uber/jaeger-lib v2.4.1+incompatible/go.mod h1:ComeNDZlWwrWnDv8aPp0Ba6+uUTzImX/AauajbLI56U= +github.com/tv42/httpunix v0.0.0-20191220191345-2ba4b9c3382c/go.mod h1:hzIxponao9Kjc7aWznkXaL4U4TWaDSs8zcsY4Ka08nM= github.com/ugorji/go v1.1.4/go.mod h1:uQMGLiO92mf5W77hV/PUCpI3pbzQx3CRekS0kk+RGrc= github.com/ugorji/go v1.1.7/go.mod h1:kZn38zHttfInRq0xu/PH0az30d+z6vm202qpg1oXVMw= github.com/ugorji/go/codec v0.0.0-20181204163529-d75b2dcb6bc8/go.mod h1:VFNgLljTbGfSG7qAOspJ7OScBnGdDN/yBr0sguwnwf0= @@ -1777,8 +1723,9 @@ github.com/xanzy/go-gitlab v0.31.0/go.mod h1:sPLojNBn68fMUWSxIJtdVVIP8uSBYqesTfD github.com/xanzy/ssh-agent v0.2.1/go.mod h1:mLlQY/MoOhWBj+gOGMQkOeiEvkx+8pJSI+0Bx9h2kr4= github.com/xdg/scram v0.0.0-20180814205039-7eeb5667e42c/go.mod h1:lB8K/P019DLNhemzwFU4jHLhdvlE6uDZjXFejJXr49I= github.com/xdg/stringprep v0.0.0-20180714160509-73f8eece6fdc/go.mod h1:Jhud4/sHMO4oL310DaZAKk9ZaJ08SJfe+sJh0HrGL1Y= -github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f h1:J9EGpcZtP0E/raorCMxlFGSTBrsSlaDGf3jU/qvAE2c= github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU= +github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb h1:zGWFAtiMcyryUHoUjUJX0/lt1H2+i2Ka2n+D3DImSNo= +github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU= github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 h1:EzJWgHovont7NscjpAxXsDA8S8BMYve8Y5+7cuRE7R0= github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415/go.mod h1:GwrjFmJcFw6At/Gs6z4yjiIwzuJ1/+UwLxMQDVQXShQ= github.com/xeipuuv/gojsonschema v0.0.0-20180618132009-1d523034197f/go.mod h1:5yf86TLmAcydyeJq5YvxkGPE2fm/u4myDekKRoLuqhs= @@ -1808,14 +1755,6 @@ github.com/zmap/zcrypto v0.0.0-20210511125630-18f1e0152cfc/go.mod h1:FM4U1E3NzlN github.com/zmap/zlint/v3 v3.1.0/go.mod h1:L7t8s3sEKkb0A2BxGy1IWrxt1ZATa1R4QfJZaQOD3zU= github.com/zmb3/spotify/v2 v2.0.0 h1:NHW9btztNZTrJ0+3yMNyfY5qcu1ck9s36wwzc7zrCic= github.com/zmb3/spotify/v2 v2.0.0/go.mod h1:+LVh9CafHu7SedyqYmEf12Rd01dIVlEL845yNhksW0E= -go.elastic.co/apm v1.14.0 h1:9yilcTbWpqhfyunUj6/SDpZbR4FOVB50xQgODe0TW/0= -go.elastic.co/apm v1.14.0/go.mod h1:dylGv2HKR0tiCV+wliJz1KHtDyuD8SPe69oV7VyK6WY= -go.elastic.co/apm/module/apmhttp v1.14.0 h1:uDSIPr1BJOt1A/T5J9Beq9VtMtQHqOdqQUXCPRQF4C4= -go.elastic.co/apm/module/apmhttp v1.14.0/go.mod h1:PY8hyV0X3eKqXYYoN0pyu1pWcvFCwGmh5eUFuS39Zmo= -go.elastic.co/apm/module/apmot v1.14.0 h1:gJqHVjZ8WkCAMgYfUZ8MD8gpPSes3PQCrZifRhYICpQ= -go.elastic.co/apm/module/apmot v1.14.0/go.mod h1:KbJVuKsIJzXjA0XsmO+0YcQDOsIMwtSSesQFUn6Fyy0= -go.elastic.co/fastjson v1.1.0 h1:3MrGBWWVIxe/xvsbpghtkFoPciPhOCmjsR/HfwEeQR4= -go.elastic.co/fastjson v1.1.0/go.mod h1:boNGISWMjQsUPy/t6yqt2/1Wx4YNPSe+mZjlyw9vKKI= go.etcd.io/bbolt v1.3.2/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU= go.etcd.io/bbolt v1.3.3/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU= go.etcd.io/bbolt v1.3.5 h1:XAzx9gjCb0Rxj7EoqcClPD1d5ZBxZJk0jbuoPHenBt0= @@ -1862,33 +1801,44 @@ go.opencensus.io v0.22.5/go.mod h1:5pWMHQbX5EPX2/62yrJeAkowc+lfs/XD7Uxpq3pI6kk= go.opencensus.io v0.23.0/go.mod h1:XItmlyltB5F7CS4xOC1DcqMoFqwtC6OG2xF7mCv7P7E= go.opentelemetry.io/contrib/instrumentation/net/http/httptrace/otelhttptrace v0.25.0 h1:H6bZI2q89Q1RR/mQgrWIVtOTh711dJd0oA7Kxk4ujy8= go.opentelemetry.io/contrib/instrumentation/net/http/httptrace/otelhttptrace v0.25.0/go.mod h1:0MPbX5HgESa5d3UZXbz8pmKoWVrCZwt1N6JmmY206IQ= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.29.0 h1:SLme4Porm+UwX0DdHMxlwRt7FzPSE0sys81bet2o0pU= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.29.0/go.mod h1:tLYsuf2v8fZreBVwp9gVMhefZlLFZaUiNVSq8QxXRII= +go.opentelemetry.io/contrib/propagators/b3 v1.4.0 h1:wDb2ct7xMzossYpx44w81skxkEyeT2IRnBgYKqyEork= +go.opentelemetry.io/contrib/propagators/b3 v1.4.0/go.mod h1:K399DN23drp0RQGXCbSPOt9075HopQigMgUL99oR8hc= +go.opentelemetry.io/contrib/propagators/jaeger v1.4.0 h1:nZZrtAz9Z0bXXJPB/p0uHIuk4am7LvkUUiuhulrhnjI= +go.opentelemetry.io/contrib/propagators/jaeger v1.4.0/go.mod h1:C6Tffii02q1NrEzJxpawJH1pyU3ZQ1520gCrxpNg7X4= +go.opentelemetry.io/contrib/samplers/jaegerremote v0.0.0-20220314184135-32895002a444 h1:bpPIQ4lcXFubX82lvMN/3hvu/mI/qCrQMEhQiW1glu4= +go.opentelemetry.io/contrib/samplers/jaegerremote v0.0.0-20220314184135-32895002a444/go.mod h1:e0xV/IXUqN67FXhxQ/IEaZ1nRIxU4pML/ptX4DTqfkM= go.opentelemetry.io/otel v1.0.1/go.mod h1:OPEOD4jIT2SlZPMmwT6FqZz2C0ZNdQqiWcoK6M0SNFU= -go.opentelemetry.io/otel v1.2.0/go.mod h1:aT17Fk0Z1Nor9e0uisf98LrntPGMnk4frBO9+dkf69I= -go.opentelemetry.io/otel v1.3.0 h1:APxLf0eiBwLl+SOXiJJCVYzA1OOJNyAoV8C5RNRyy7Y= -go.opentelemetry.io/otel v1.3.0/go.mod h1:PWIKzi6JCp7sM0k9yZ43VX+T345uNbAkDKwHVjb2PTs= -go.opentelemetry.io/otel/bridge/opentracing v1.2.0 h1:c0R64SxYD5erTgWqpjSD9owpBCGy4w5LQi7NkeSCKU0= -go.opentelemetry.io/otel/bridge/opentracing v1.2.0/go.mod h1:EyVJNmSj/3xsOQxezXM58bmoiv+ZOGKVcInF9TZGXCg= -go.opentelemetry.io/otel/exporters/otlp/internal/retry v1.3.0 h1:R/OBkMoGgfy2fLhs2QhkCI1w4HLEQX92GCcJB6SSdNk= -go.opentelemetry.io/otel/exporters/otlp/internal/retry v1.3.0/go.mod h1:VpP4/RMn8bv8gNo9uK7/IMY4mtWLELsS+JIP0inH0h4= -go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.3.0 h1:giGm8w67Ja7amYNfYMdme7xSp2pIxThWopw8+QP51Yk= -go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.3.0/go.mod h1:hO1KLR7jcKaDDKDkvI9dP/FIhpmna5lkqPUQdEjFAM8= -go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.3.0 h1:Ydage/P0fRrSPpZeCVxzjqGcI6iVmG2xb43+IR8cjqM= -go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.3.0/go.mod h1:QNX1aly8ehqqX1LEa6YniTU7VY9I6R3X/oPxhGdTceE= -go.opentelemetry.io/otel/sdk v1.3.0 h1:3278edCoH89MEJ0Ky8WQXVmDQv3FX4ZJ3Pp+9fJreAI= -go.opentelemetry.io/otel/sdk v1.3.0/go.mod h1:rIo4suHNhQwBIPg9axF8V9CA72Wz2mKF1teNrup8yzs= +go.opentelemetry.io/otel v1.4.0/go.mod h1:jeAqMFKy2uLIxCtKxoFj0FAL5zAPKQagc3+GtBWakzk= +go.opentelemetry.io/otel v1.4.1/go.mod h1:StM6F/0fSwpd8dKWDCdRr7uRvEPYdW0hBSlbdTiUde4= +go.opentelemetry.io/otel v1.5.0/go.mod h1:Jm/m+rNp/z0eqJc74H7LPwQ3G87qkU/AnnAydAjSAHk= +go.opentelemetry.io/otel v1.6.3 h1:FLOfo8f9JzFVFVyU+MSRJc2HdEAXQgm7pIv2uFKRSZE= +go.opentelemetry.io/otel v1.6.3/go.mod h1:7BgNga5fNlF/iZjG06hM3yofffp0ofKCDwSXx1GC4dI= +go.opentelemetry.io/otel/exporters/jaeger v1.5.0 h1:ZR7nhLSfLufS5AHk/iN11Q+W9XYwsJrVZ1Frb833d+Y= +go.opentelemetry.io/otel/exporters/jaeger v1.5.0/go.mod h1:rSeUArMBRe1eQLo1T0WxOazohN1M2mYThWJQmn1BjRQ= +go.opentelemetry.io/otel/internal/metric v0.27.0 h1:9dAVGAfFiiEq5NVB9FUJ5et+btbDQAUIJehJ+ikyryk= +go.opentelemetry.io/otel/internal/metric v0.27.0/go.mod h1:n1CVxRqKqYZtqyTh9U/onvKapPGv7y/rpyOTI+LFNzw= +go.opentelemetry.io/otel/metric v0.27.0 h1:HhJPsGhJoKRSegPQILFbODU56NS/L1UE4fS1sC5kIwQ= +go.opentelemetry.io/otel/metric v0.27.0/go.mod h1:raXDJ7uP2/Jc0nVZWQjJtzoyssOYWu/+pjZqRzfvZ7g= +go.opentelemetry.io/otel/sdk v1.4.1/go.mod h1:NBwHDgDIBYjwK2WNu1OPgsIc2IJzmBXNnvIJxJc8BpE= +go.opentelemetry.io/otel/sdk v1.5.0/go.mod h1:CU4J1v+7iEljnm1G14QjdFWOXUyYLHVh0Lh+/BTYyFg= +go.opentelemetry.io/otel/sdk v1.6.3 h1:prSHYdwCQOX5DrsEzxowH3nLhoAzEBdZhvrR79scfLs= +go.opentelemetry.io/otel/sdk v1.6.3/go.mod h1:A4iWF7HTXa+GWL/AaqESz28VuSBIcZ+0CV+IzJ5NMiQ= go.opentelemetry.io/otel/trace v1.0.1/go.mod h1:5g4i4fKLaX2BQpSBsxw8YYcgKpMMSW3x7ZTuYBr3sUk= -go.opentelemetry.io/otel/trace v1.2.0/go.mod h1:N5FLswTubnxKxOJHM7XZC074qpeEdLy3CgAVsdMucK0= -go.opentelemetry.io/otel/trace v1.3.0 h1:doy8Hzb1RJ+I3yFhtDmwNc7tIyw1tNMOIsyPzp1NOGY= -go.opentelemetry.io/otel/trace v1.3.0/go.mod h1:c/VDhno8888bvQYmbYLqe41/Ldmr/KKunbvWM4/fEjk= +go.opentelemetry.io/otel/trace v1.4.0/go.mod h1:uc3eRsqDfWs9R7b92xbQbU42/eTNz4N+gLP8qJCi4aE= +go.opentelemetry.io/otel/trace v1.4.1/go.mod h1:iYEVbroFCNut9QkwEczV9vMRPHNKSSwYZjulEtsmhFc= +go.opentelemetry.io/otel/trace v1.5.0/go.mod h1:sq55kfhjXYr1zVSyexg0w1mpa03AYXR5eyTkB9NPPdE= +go.opentelemetry.io/otel/trace v1.6.3 h1:IqN4L+5b0mPNjdXIiZ90Ni4Bl5BRkDQywePLWemd9bc= +go.opentelemetry.io/otel/trace v1.6.3/go.mod h1:GNJQusJlUgZl9/TQBPKU/Y/ty+0iVB5fjhKeJGZPGFs= go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqeYNgFYFoEGnI= -go.opentelemetry.io/proto/otlp v0.11.0 h1:cLDgIBTf4lLOlztkhzAEdQsJ4Lj+i5Wc9k6Nn0K1VyU= -go.opentelemetry.io/proto/otlp v0.11.0/go.mod h1:QpEjXPrNQzrFDZgoTo49dgHR9RYRSrg3NAKnUGl9YpQ= go.uber.org/atomic v1.3.2/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE= go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE= go.uber.org/atomic v1.5.0/go.mod h1:sABNBOSYdrvTF6hTgEIbc7YasKWGhgEQZyfxyTvoXHQ= go.uber.org/atomic v1.6.0/go.mod h1:sABNBOSYdrvTF6hTgEIbc7YasKWGhgEQZyfxyTvoXHQ= -go.uber.org/atomic v1.7.0 h1:ADUqmZGgLDDfbSL9ZmPxKTybcoEYHgpYfELNoN+7hsw= go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc= +go.uber.org/atomic v1.9.0 h1:ECmE8Bn/WFTYwEW/bpKD3M8VtR/zQVbavAoalC1PYyE= +go.uber.org/atomic v1.9.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc= go.uber.org/multierr v1.1.0/go.mod h1:wR5kodmAFQ0UK8QlbwjlSNy0Z68gJhDJUG5sjR94q/0= go.uber.org/multierr v1.3.0/go.mod h1:VgVr7evmIr6uPjLBxg28wmKNXyqE9akIJ5XnfpiKl+4= go.uber.org/multierr v1.5.0/go.mod h1:FeouvMocqHpRaaGuG9EjoKcStLC43Zu/fmqdUMPcKYU= @@ -1936,17 +1886,12 @@ golang.org/x/crypto v0.0.0-20210220033148-5ea612d1eb83/go.mod h1:jdWPYTVW3xRLrWP golang.org/x/crypto v0.0.0-20210322153248-0c34fe9e7dc2/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4= golang.org/x/crypto v0.0.0-20210506145944-38f3c27a63bf/go.mod h1:P+XmwS30IXTQdn5tA2iutPOUgjI07+tq3H3K9MVA1s8= golang.org/x/crypto v0.0.0-20210711020723-a769d52b0f97/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= -golang.org/x/crypto v0.0.0-20210817164053-32db794688a5/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.0.0-20210921155107-089bfa567519 h1:7I4JAnoQBe7ZtJcBaYHi5UtiO8tQHbUSXxL+pnGRANg= golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= -golang.org/x/exp v0.0.0-20180321215751-8460e604b9de/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= -golang.org/x/exp v0.0.0-20180807140117-3d87b88a115f/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= -golang.org/x/exp v0.0.0-20190125153040-c74c464bbbf2/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= golang.org/x/exp v0.0.0-20190829153037-c13cbed26979/go.mod h1:86+5VVa7VpoJ4kLfm080zCjGlMRFzhUhsZKEZO7MGek= -golang.org/x/exp v0.0.0-20191002040644-a1355ae1e2c3/go.mod h1:NOZ3BPKG0ec/BKJQgnvsSFpcKLM5xXVWnvZS97DWHgE= golang.org/x/exp v0.0.0-20191030013958-a1ab85dbe136/go.mod h1:JXzH8nQsPlswgeRAPE3MuO9GYsAcnJvJ4vnMwN/5qkY= golang.org/x/exp v0.0.0-20191129062945-2f5052295587/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= @@ -1954,17 +1899,8 @@ golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u0 golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM= golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU= golang.org/x/exp v0.0.0-20200331195152-e8c3332aa8e5/go.mod h1:4M0jN8W1tt0AVLNr8HDosyJCDCDuyL9N9+3m7wDWgKw= -golang.org/x/image v0.0.0-20180708004352-c73c2afc3b81/go.mod h1:ux5Hcp/YLpHSI86hEcLt0YII63i6oz57MZXIpbrjZUs= golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js= golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= -golang.org/x/image v0.0.0-20190910094157-69e4b8554b2a/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= -golang.org/x/image v0.0.0-20200119044424-58c23975cae1/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= -golang.org/x/image v0.0.0-20200430140353-33d19683fad8/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= -golang.org/x/image v0.0.0-20200618115811-c13761719519/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= -golang.org/x/image v0.0.0-20201208152932-35266b937fa6/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= -golang.org/x/image v0.0.0-20210216034530-4410531fe030/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= -golang.org/x/image v0.0.0-20210607152325-775e3b0c77b9/go.mod h1:023OzeP/+EPmXeapQh35lcL3II3LrY8Ic+EFFKVhULM= -golang.org/x/image v0.0.0-20210628002857-a66eb6448b8d/go.mod h1:023OzeP/+EPmXeapQh35lcL3II3LrY8Ic+EFFKVhULM= golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU= golang.org/x/lint v0.0.0-20190301231843-5614ed5bae6f/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= @@ -1976,7 +1912,6 @@ golang.org/x/lint v0.0.0-20191125180803-fdd1cda4f05f/go.mod h1:5qLYkcX4OjUUV8bRu golang.org/x/lint v0.0.0-20200130185559-910be7a94367/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= golang.org/x/lint v0.0.0-20200302205851-738671d3881b/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= golang.org/x/lint v0.0.0-20201208152925-83fdc39ff7b5/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= -golang.org/x/lint v0.0.0-20210508222113-6edffad5e616 h1:VLliZ0d+/avPrXXH+OakdXhpJuEoBZuwh1m2j7U6Iug= golang.org/x/lint v0.0.0-20210508222113-6edffad5e616/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= golang.org/x/mobile v0.0.0-20190312151609-d3739f865fa6/go.mod h1:z+o9i4GpDbdi3rU15maQ/Ox0txvL9dWGYEHz965HBQE= golang.org/x/mobile v0.0.0-20190719004257-d2bd2a29d028/go.mod h1:E/iHnbuqvinMTCcRqshq8CkpyQDoeVncDDYHnLhea+o= @@ -1990,7 +1925,6 @@ golang.org/x/mod v0.4.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.5.0/go.mod h1:5OXOZSfqPIIbmVBIIKWRFfZjPR0E5r58TLhUjH0a2Ro= -golang.org/x/mod v0.5.1/go.mod h1:5OXOZSfqPIIbmVBIIKWRFfZjPR0E5r58TLhUjH0a2Ro= golang.org/x/mod v0.6.0-dev.0.20211013180041-c96bc1413d57 h1:LQmS1nU0twXLA96Kt7U9qtHJEbBk3z6Q0V4UXjZkpr4= golang.org/x/mod v0.6.0-dev.0.20211013180041-c96bc1413d57/go.mod h1:3p9vT2HGsQu2K1YbXdKPJLVgG5VJdoTa1poYQBtP1AY= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -2084,7 +2018,6 @@ golang.org/x/oauth2 v0.0.0-20210628180205-a41e5a781914/go.mod h1:KelEdhl1UZF7XfJ golang.org/x/oauth2 v0.0.0-20210805134026-6f1e6394065a/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20210810183815-faf39c7919d5/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20210819190943-2bc19b11175f/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/oauth2 v0.0.0-20211005180243-6b3c2da341f1/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20211104180415-d3ed0bb246c8 h1:RerP+noqYHUQ8CMRcPlC2nvTa4dcBIjegkuWdcUDuqg= golang.org/x/oauth2 v0.0.0-20211104180415-d3ed0bb246c8/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -2125,16 +2058,15 @@ golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxb golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20200630173020-3af7569d3a1e/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -golang.org/x/time v0.0.0-20210220033141-f8bda1e9f3ba h1:O8mE0/t419eoIwhTFpKVkHiTs/Igowgfkj25AcZrtiE= golang.org/x/time v0.0.0-20210220033141-f8bda1e9f3ba/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= +golang.org/x/time v0.0.0-20211116232009-f0f3c7e86c11 h1:GZokNIeuVkl3aZHJchRrr13WCsols02MLUcz1U9is6M= +golang.org/x/time v0.0.0-20211116232009-f0f3c7e86c11/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/tools v0.0.0-20180221164845-07fd8470d635/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= -golang.org/x/tools v0.0.0-20180525024113-a5b4c53f6e8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20180828015842-6cd1fcedba52/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20181030221726-6c7e314b6563/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190125232054-d66bd3c5d5a6/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= -golang.org/x/tools v0.0.0-20190206041539-40960b6deb8e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY= golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= golang.org/x/tools v0.0.0-20190312151545-0bb0c0a6e846/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= @@ -2160,7 +2092,6 @@ golang.org/x/tools v0.0.0-20190816200558-6889da9d5479/go.mod h1:b+2E5dAYhXwXZwtn golang.org/x/tools v0.0.0-20190823170909-c4a336ef6a2f/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20190907020128-2ca718005c18/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20190911174233-4f2ddba30aff/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20190927191325-030b2cf1153e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191010075000-0337d82405ff/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191012152004-8de300cfc20a/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191029041327-9cc4af7d6b2c/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= @@ -2188,7 +2119,6 @@ golang.org/x/tools v0.0.0-20200312045724-11d5b4c81c7d/go.mod h1:o4KQGtdN14AW+yjs golang.org/x/tools v0.0.0-20200331025713-a30bf2db82d4/go.mod h1:Sl4aGygMT6LrqrWclx+PTx3U+LnKx/seiNR+3G19Ar8= golang.org/x/tools v0.0.0-20200426102838-f3a5411a4c3b/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20200501065659-ab2804fb9c9d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= -golang.org/x/tools v0.0.0-20200509030707-2212a7e161a5/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20200512131952-2bc93b1c0c88/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20200515010526-7d3b6ebf133d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20200522201501-cb1345f3a375/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= @@ -2221,13 +2151,6 @@ golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8T golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 h1:go1bK/D/BFZV2I8cIQd1NKEZ+0owSTG1fDTci4IqFcE= golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -gonum.org/v1/gonum v0.0.0-20180816165407-929014505bf4/go.mod h1:Y+Yx5eoAFn32cQvJDxZx5Dpnq+c3wtXuadVZAcxbbBo= -gonum.org/v1/gonum v0.8.2/go.mod h1:oe/vMfY3deqTw+1EZJhuvEW2iwGF1bW9wwu7XCu0+v0= -gonum.org/v1/gonum v0.9.3/go.mod h1:TZumC3NeyVQskjXqmyWt4S3bINhy7B4eYwW69EbyX+0= -gonum.org/v1/netlib v0.0.0-20190313105609-8cb42192e0e0/go.mod h1:wa6Ws7BG/ESfp6dHfk7C6KdzKA7wR7u/rKwOGE66zvw= -gonum.org/v1/plot v0.0.0-20190515093506-e2840ee46a6b/go.mod h1:Wt8AAjI+ypCyYX3nZBvf6cAIx93T+c/OS2HFAYskSZc= -gonum.org/v1/plot v0.9.0/go.mod h1:3Pcqqmp6RHvJI72kgb8fThyUnav364FOsdDo2aGW5lY= -gonum.org/v1/plot v0.10.0/go.mod h1:JWIHJ7U20drSQb/aDpTetJzfC1KlAPldJLpkSy88dvQ= google.golang.org/api v0.0.0-20160322025152-9bf6e6e569ff/go.mod h1:4mhQ8q/RsB7i+udVvVy5NUi08OU8ZlA0gRVgrF7VFY0= google.golang.org/api v0.3.1/go.mod h1:6wY9I6uQWHQ8EM57III9mq/AjF+i8G65rmVagqKMtkk= google.golang.org/api v0.4.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE= @@ -2264,9 +2187,7 @@ google.golang.org/api v0.54.0/go.mod h1:7C4bFFOvVDGXjfDTAsgGwDgAxRDeQ4X8NvUedIt6 google.golang.org/api v0.55.0/go.mod h1:38yMfeP1kfjsl8isn0tliTjIb1rJXcQi4UXlbqivdVE= google.golang.org/api v0.56.0/go.mod h1:38yMfeP1kfjsl8isn0tliTjIb1rJXcQi4UXlbqivdVE= google.golang.org/api v0.57.0/go.mod h1:dVPlbZyBo2/OjBpmvNdpn2GRm6rPy75jyU7bmhdrMgI= -google.golang.org/api v0.59.0/go.mod h1:sT2boj7M9YJxZzgeZqXogmhfmRWDtPzT31xkieUbuZU= google.golang.org/api v0.61.0/go.mod h1:xQRti5UdCmoCEqFxcz93fTl338AVqDgyaDRuOZ3hg9I= -google.golang.org/api v0.62.0/go.mod h1:dKmwPCydfsad4qCH08MSdgWjfHOyfpd4VtDGgRFdavw= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.2.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.3.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= @@ -2349,12 +2270,8 @@ google.golang.org/genproto v0.0.0-20210831024726-fe130286e0e2/go.mod h1:eFjDcFEc google.golang.org/genproto v0.0.0-20210903162649-d08c68adba83/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY= google.golang.org/genproto v0.0.0-20210909211513-a8c4777a87af/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY= google.golang.org/genproto v0.0.0-20210924002016-3dee208752a0/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= -google.golang.org/genproto v0.0.0-20211008145708-270636b82663/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= google.golang.org/genproto v0.0.0-20211020151524-b7c3a969101a/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= -google.golang.org/genproto v0.0.0-20211028162531-8db9c33dc351/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= google.golang.org/genproto v0.0.0-20211118181313-81c1377c94b1/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= -google.golang.org/genproto v0.0.0-20211129164237-f09f9a12af12/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= -google.golang.org/genproto v0.0.0-20211203200212-54befc351ae9/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= google.golang.org/genproto v0.0.0-20211206160659-862468c7d6e0/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= google.golang.org/genproto v0.0.0-20211208223120-3a66f561d7aa h1:I0YcKz0I7OAhddo7ya8kMnvprhcWM045PmkBdMO9zN0= google.golang.org/genproto v0.0.0-20211208223120-3a66f561d7aa/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= @@ -2394,10 +2311,9 @@ google.golang.org/grpc v1.38.0/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQ google.golang.org/grpc v1.39.0/go.mod h1:PImNr+rS9TWYb2O4/emRugxiyHZ5JyHW5F+RPnDzfrE= google.golang.org/grpc v1.39.1/go.mod h1:PImNr+rS9TWYb2O4/emRugxiyHZ5JyHW5F+RPnDzfrE= google.golang.org/grpc v1.40.0/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9KAK34= -google.golang.org/grpc v1.40.1/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9KAK34= google.golang.org/grpc v1.42.0/go.mod h1:k+4IHHFw41K8+bbowsex27ge2rCb65oeWqe4jJ590SU= -google.golang.org/grpc v1.43.0 h1:Eeu7bZtDZ2DpRCsLhUlcrLnvYaMK1Gz86a+hMVvELmM= -google.golang.org/grpc v1.43.0/go.mod h1:k+4IHHFw41K8+bbowsex27ge2rCb65oeWqe4jJ590SU= +google.golang.org/grpc v1.45.0 h1:NEpgUqV3Z+ZjkqMsxMg11IaDrXY4RY6CQukSGK0uI1M= +google.golang.org/grpc v1.45.0/go.mod h1:lN7owxKUQEqMfSyQikvvk5tf/6zMPsrK+ONuO11+0rQ= google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.1.0/go.mod h1:6Kw0yEErY5E/yWrBtf03jp27GLLJujG4z/JK95pnjjw= google.golang.org/grpc/examples v0.0.0-20210304020650-930c79186c99 h1:qA8rMbz1wQ4DOFfM2ouD29DG9aHWBm6ZOy9BGxiUMmY= google.golang.org/grpc/examples v0.0.0-20210304020650-930c79186c99/go.mod h1:Ly7ZA/ARzg8fnPU9TyZIxoz33sEUuWX7txiqs8lPTgE= @@ -2414,10 +2330,9 @@ google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlba google.golang.org/protobuf v1.25.1-0.20200805231151-a709e31e5d12/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c= google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= -google.golang.org/protobuf v1.27.1 h1:SnqbnDw1V7RiZcXPx5MEeqPv2s79L9i7BJUlG/+RurQ= google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= -gopkg.in/DataDog/dd-trace-go.v1 v1.27.1-0.20201005154917-54b73b3e126a h1:es0hQ3lli77HG43FpTtj59jbpJlku7rLVA0iecbpn5A= -gopkg.in/DataDog/dd-trace-go.v1 v1.27.1-0.20201005154917-54b73b3e126a/go.mod h1:Sp1lku8WJMvNV0kjDI4Ni/T7J/U3BO5ct5kEaoVU8+I= +google.golang.org/protobuf v1.28.0 h1:w43yiav+6bVFTBQFZX0r7ipe9JQ1QsbMgHwbBziscLw= +google.golang.org/protobuf v1.28.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= gopkg.in/airbrake/gobrake.v2 v2.0.9/go.mod h1:/h5ZAUhDkGaJfjzjKLSjv6zCL6O0LLBxU4K+aSYdM/U= gopkg.in/alecthomas/kingpin.v2 v2.2.6 h1:jMFz6MfLP0/4fUyZle81rXUoxOBFi19VUFKVDOQfozc= gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw= @@ -2497,8 +2412,6 @@ honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= honnef.co/go/tools v0.1.4/go.mod h1:NgwopIslSNH47DimFoV78dnkksY2EFtX0ajyb3K/las= -howett.net/plist v0.0.0-20181124034731-591f970eefbb h1:jhnBjNi9UFpfpl8YZhA9CrOqpnJdvzuiHsl/dnxl11M= -howett.net/plist v0.0.0-20181124034731-591f970eefbb/go.mod h1:vMygbs4qMhSZSc4lCUl2OEE+rDiIIJAIdR4m7MiMcm0= k8s.io/api v0.20.1/go.mod h1:KqwcCVogGxQY3nBlRpwt+wpAMF/KjaCc7RpywacvqUo= k8s.io/api v0.20.4/go.mod h1:++lNL1AJMkDymriNniQsWRkMDzRaX2Y/POTUi8yvqYQ= k8s.io/api v0.20.6/go.mod h1:X9e8Qag6JV/bL5G6bU8sdVRltWKmdHsFUGS3eVndqE8= @@ -2529,7 +2442,6 @@ mvdan.cc/sh/v3 v3.3.0-0.dev.0.20210224101809-fb5052e7a010 h1:0xJA1YM0Ppa63jEfcdP mvdan.cc/sh/v3 v3.3.0-0.dev.0.20210224101809-fb5052e7a010/go.mod h1:fPQmabBpREM/XQ9YXSU5ZFZ/Sm+PmKP9/vkFHgYKJEI= pack.ag/amqp v0.11.2/go.mod h1:4/cbmt4EJXSKlG6LCfWHoqmN0uFdy5i/+YFz+fTfhV4= rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= -rsc.io/pdf v0.1.1/go.mod h1:n8OzWcQ6Sp37PL01nO98y4iUCRdTGarVfzxY20ICaU4= rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0= rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA= sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.14/go.mod h1:LEScyzhFmoF5pso/YSeBstl57mOzx9xlU9n85RGrDQg= diff --git a/persistence/sql/persister_hmac_test.go b/persistence/sql/persister_hmac_test.go index 9caf547225af..31ee89725b3d 100644 --- a/persistence/sql/persister_hmac_test.go +++ b/persistence/sql/persister_hmac_test.go @@ -5,9 +5,8 @@ import ( "os" "testing" - "github.com/ory/x/tracing" - "github.com/ory/x/configx" + "github.com/ory/x/otelx" "github.com/ory/kratos/identity" "github.com/ory/kratos/schema" @@ -49,7 +48,7 @@ func (l *logRegistryOnly) Audit() *logrusx.Logger { panic("implement me") } -func (l *logRegistryOnly) Tracer(ctx context.Context) *tracing.Tracer { +func (l *logRegistryOnly) Tracer(ctx context.Context) *otelx.Tracer { return nil } diff --git a/quickstart-tracing.yml b/quickstart-tracing.yml index 5c570562ef10..74e84074519f 100644 --- a/quickstart-tracing.yml +++ b/quickstart-tracing.yml @@ -17,32 +17,11 @@ services: kratos: depends_on: - jaeger - # - zipkin - # - datadog environment: - TRACING_PROVIDER=jaeger - # - TRACING_PROVIDER=zipkin - # - TRACING_PROVIDER=datadog - # - TRACING_PROVIDER=elastic-apm ### Jaeger ### - TRACING_PROVIDERS_JAEGER_SAMPLING_SERVER_URL=http://jaeger:5778/sampling - TRACING_PROVIDERS_JAEGER_LOCAL_AGENT_ADDRESS=jaeger:6831 - - TRACING_PROVIDERS_JAEGER_SAMPLING_TYPE=const - - TRACING_PROVIDERS_JAEGER_SAMPLING_VALUE=1 - ### Zipkin ### - # - TRACING_PROVIDERS_ZIPKIN_SERVER_URL=http://zipkin:9411/api/v2/spans - ### DataDog ### - ### See env vars here: https://docs.datadoghq.com/tracing/setup/go/#configuration) ### - # - DD_SERVICE=Hydra - ### Elastic APM ### - ### See env vars here: https://www.elastic.co/guide/en/apm/agent/go/1.x/configuration.html) ### - # - ELASTIC_APM_SERVER_URL="http://apm-server:8200" - # - ELASTIC_APM_SERVICE_NAME="ORY Hydra" - # - ELASTIC_APM_SERVICE_VERSION="1.9.0" - # - ELASTIC_APM_ENVIRONMENT="devel" - ### Opentelemetry ### - ### See env vars here: https://github.com/open-telemetry/opentelemetry-specification/blob/main/specification/sdk-environment-variables.md ### - # - OTEL_SERVICE_NAME="ORY Hydra" jaeger: image: jaegertracing/all-in-one:1.19.2 ports: @@ -50,16 +29,3 @@ services: networks: - intranet -# zipkin: -# image: openzipkin/zipkin:2 -# environment: -# - STORAGE_TYPE=mem -# ports: -# - "9411:9411" # The UI/API port - -# datadog: -# image: datadog/agent:7 -# environment: -# - DD_API_KEY= # Replace it with your DataDog API key -# - DD_APM_ENABLED=true -# - DD_APM_NON_LOCAL_TRAFFIC=true diff --git a/script/render-schemas.sh b/script/render-schemas.sh new file mode 100755 index 000000000000..0566081a3ec4 --- /dev/null +++ b/script/render-schemas.sh @@ -0,0 +1,13 @@ +#!/bin/sh + +set -euxo pipefail + +ory_x_version="$(go list -f '{{.Version}}' -m github.com/ory/x)" + +sed "s!ory://tracing-config!https://raw.githubusercontent.com/ory/x/$ory_x_version/otelx/config.schema.json!g;" embedx/config.schema.json > .schemastore/config.schema.json + +git config user.email "60093411+ory-bot@users.noreply.github.com" +git config user.name "ory-bot" + +git add .schema/config.schema.json +git commit -m "autogen: render config schema" diff --git a/x/provider.go b/x/provider.go index cc3d41b41424..44cb0499a872 100644 --- a/x/provider.go +++ b/x/provider.go @@ -3,12 +3,11 @@ package x import ( "context" - "github.com/ory/x/tracing" - "github.com/gorilla/sessions" "github.com/ory/herodot" "github.com/ory/x/logrusx" + "github.com/ory/x/otelx" ) type LoggingProvider interface { @@ -26,7 +25,7 @@ type CookieProvider interface { } type TracingProvider interface { - Tracer(ctx context.Context) *tracing.Tracer + Tracer(ctx context.Context) *otelx.Tracer } type SimpleLogger struct { From d8727cb6b174e95a4696cd9dedbfa5233dd389a3 Mon Sep 17 00:00:00 2001 From: ory-bot <60093411+ory-bot@users.noreply.github.com> Date: Fri, 29 Apr 2022 11:24:55 +0000 Subject: [PATCH 018/411] autogen(docs): regenerate and update changelog [skip ci] --- CHANGELOG.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 73ca4dd0a8c8..2cc4138db0ea 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,7 +4,7 @@ **Table of Contents** -- [ (2022-04-26)](#2022-04-26) +- [ (2022-04-29)](#2022-04-29) - [Breaking Changes](#breaking-changes) - [Bug Fixes](#bug-fixes) - [Code Refactoring](#code-refactoring) @@ -251,7 +251,7 @@ -# [](https://github.com/ory/kratos/compare/v0.9.0-alpha.3...v) (2022-04-26) +# [](https://github.com/ory/kratos/compare/v0.9.0-alpha.3...v) (2022-04-29) ## Breaking Changes This patch moves several CLI command to comply with the Ory CLI command structure: @@ -329,6 +329,7 @@ This patch moves several CLI command to comply with the Ory CLI command structur * Support argon2i password ([#2395](https://github.com/ory/kratos/issues/2395)) ([8fdadf9](https://github.com/ory/kratos/commit/8fdadf9d1724d28ae11996304703e06671549660)) +* Switch to opentelemetry tracing ([#2318](https://github.com/ory/kratos/issues/2318)) ([121a4d3](https://github.com/ory/kratos/commit/121a4d3fc0f396e8da50ad1985cacf68a5c85a12)) * Upgrade to Go 1.18 ([725d202](https://github.com/ory/kratos/commit/725d202e6ae15b3b5c3282e03c03a40480a2e310)) ### Tests From 7165fa04fa1c9442cad8da5c5814453e1ca0ba7b Mon Sep 17 00:00:00 2001 From: aeneasr <3372410+aeneasr@users.noreply.github.com> Date: Fri, 29 Apr 2022 13:54:37 +0200 Subject: [PATCH 019/411] BREAKING CHANGES: This patch group updates the tracing provider from OpenTracing to OpenTelemetry. Due to these changes, tracing providers Zipkin, DataDog, Elastic APM have been deactivated temporarily. The best way to re-add support for them is to make a pull request at https://github.com/ory/x/tree/master/otelx and check the status of https://github.com/ory/x/issues/499 The configuration has not changed, and thus no changes to your system are required if you use Jaeger. From 75d0826d37f537d522a67e547f8abf6589c871c7 Mon Sep 17 00:00:00 2001 From: ory-bot <60093411+ory-bot@users.noreply.github.com> Date: Fri, 29 Apr 2022 12:34:23 +0000 Subject: [PATCH 020/411] autogen(docs): regenerate and update changelog [skip ci] --- CHANGELOG.md | 56 ++++++++++++++++++++++++++++++---------------------- 1 file changed, 32 insertions(+), 24 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 2cc4138db0ea..034ffc782148 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -11,6 +11,7 @@ - [Documentation](#documentation) - [Features](#features) - [Tests](#tests) + - [Unclassified](#unclassified) - [0.9.0-alpha.3 (2022-03-25)](#090-alpha3-2022-03-25) - [Breaking Changes](#breaking-changes-1) - [Bug Fixes](#bug-fixes-1) @@ -27,7 +28,7 @@ - [Documentation](#documentation-2) - [Features](#features-1) - [Tests](#tests-1) - - [Unclassified](#unclassified) + - [Unclassified](#unclassified-1) - [0.8.2-alpha.1 (2021-12-17)](#082-alpha1-2021-12-17) - [Bug Fixes](#bug-fixes-4) - [Code Generation](#code-generation-3) @@ -53,7 +54,7 @@ - [Features](#features-3) - [Reverts](#reverts) - [Tests](#tests-3) - - [Unclassified](#unclassified-1) + - [Unclassified](#unclassified-2) - [0.7.6-alpha.1 (2021-09-12)](#076-alpha1-2021-09-12) - [Code Generation](#code-generation-8) - [0.7.5-alpha.1 (2021-09-11)](#075-alpha1-2021-09-11) @@ -82,7 +83,7 @@ - [Documentation](#documentation-9) - [Features](#features-6) - [Tests](#tests-6) - - [Unclassified](#unclassified-2) + - [Unclassified](#unclassified-3) - [0.6.3-alpha.1 (2021-05-17)](#063-alpha1-2021-05-17) - [Breaking Changes](#breaking-changes-6) - [Bug Fixes](#bug-fixes-12) @@ -106,14 +107,14 @@ - [Documentation](#documentation-11) - [Features](#features-9) - [Tests](#tests-7) - - [Unclassified](#unclassified-3) + - [Unclassified](#unclassified-4) - [0.5.5-alpha.1 (2020-12-09)](#055-alpha1-2020-12-09) - [Bug Fixes](#bug-fixes-15) - [Code Generation](#code-generation-19) - [Documentation](#documentation-12) - [Features](#features-10) - [Tests](#tests-8) - - [Unclassified](#unclassified-4) + - [Unclassified](#unclassified-5) - [0.5.4-alpha.1 (2020-11-11)](#054-alpha1-2020-11-11) - [Bug Fixes](#bug-fixes-16) - [Code Generation](#code-generation-20) @@ -137,7 +138,7 @@ - [Documentation](#documentation-16) - [Features](#features-13) - [Tests](#tests-11) - - [Unclassified](#unclassified-5) + - [Unclassified](#unclassified-6) - [0.5.0-alpha.1 (2020-10-15)](#050-alpha1-2020-10-15) - [Breaking Changes](#breaking-changes-8) - [Bug Fixes](#bug-fixes-20) @@ -146,7 +147,7 @@ - [Documentation](#documentation-17) - [Features](#features-14) - [Tests](#tests-12) - - [Unclassified](#unclassified-6) + - [Unclassified](#unclassified-7) - [0.4.6-alpha.1 (2020-07-13)](#046-alpha1-2020-07-13) - [Bug Fixes](#bug-fixes-21) - [Code Generation](#code-generation-25) @@ -170,7 +171,7 @@ - [Code Refactoring](#code-refactoring-8) - [Documentation](#documentation-19) - [Features](#features-15) - - [Unclassified](#unclassified-7) + - [Unclassified](#unclassified-8) - [0.3.0-alpha.1 (2020-05-15)](#030-alpha1-2020-05-15) - [Breaking Changes](#breaking-changes-10) - [Bug Fixes](#bug-fixes-27) @@ -178,7 +179,7 @@ - [Code Refactoring](#code-refactoring-9) - [Documentation](#documentation-20) - [Features](#features-16) - - [Unclassified](#unclassified-8) + - [Unclassified](#unclassified-9) - [0.2.1-alpha.1 (2020-05-05)](#021-alpha1-2020-05-05) - [Chores](#chores-1) - [Documentation](#documentation-21) @@ -189,7 +190,7 @@ - [Code Refactoring](#code-refactoring-10) - [Documentation](#documentation-22) - [Features](#features-17) - - [Unclassified](#unclassified-9) + - [Unclassified](#unclassified-10) - [0.1.1-alpha.1 (2020-02-18)](#011-alpha1-2020-02-18) - [Bug Fixes](#bug-fixes-29) - [Code Refactoring](#code-refactoring-11) @@ -211,43 +212,43 @@ - [Bug Fixes](#bug-fixes-31) - [Documentation](#documentation-27) - [Features](#features-20) - - [Unclassified](#unclassified-10) + - [Unclassified](#unclassified-11) - [0.1.0-alpha.1 (2020-01-31)](#010-alpha1-2020-01-31) - [Documentation](#documentation-28) - [0.0.3-alpha.15 (2020-01-31)](#003-alpha15-2020-01-31) - - [Unclassified](#unclassified-11) -- [0.0.3-alpha.14 (2020-01-31)](#003-alpha14-2020-01-31) - [Unclassified](#unclassified-12) -- [0.0.3-alpha.13 (2020-01-31)](#003-alpha13-2020-01-31) +- [0.0.3-alpha.14 (2020-01-31)](#003-alpha14-2020-01-31) - [Unclassified](#unclassified-13) -- [0.0.3-alpha.11 (2020-01-31)](#003-alpha11-2020-01-31) +- [0.0.3-alpha.13 (2020-01-31)](#003-alpha13-2020-01-31) - [Unclassified](#unclassified-14) -- [0.0.3-alpha.10 (2020-01-31)](#003-alpha10-2020-01-31) +- [0.0.3-alpha.11 (2020-01-31)](#003-alpha11-2020-01-31) - [Unclassified](#unclassified-15) -- [0.0.3-alpha.7 (2020-01-30)](#003-alpha7-2020-01-30) +- [0.0.3-alpha.10 (2020-01-31)](#003-alpha10-2020-01-31) - [Unclassified](#unclassified-16) +- [0.0.3-alpha.7 (2020-01-30)](#003-alpha7-2020-01-30) + - [Unclassified](#unclassified-17) - [0.0.3-alpha.5 (2020-01-30)](#003-alpha5-2020-01-30) - [Continuous Integration](#continuous-integration-2) - - [Unclassified](#unclassified-17) -- [0.0.3-alpha.4 (2020-01-30)](#003-alpha4-2020-01-30) - [Unclassified](#unclassified-18) -- [0.0.3-alpha.2 (2020-01-30)](#003-alpha2-2020-01-30) +- [0.0.3-alpha.4 (2020-01-30)](#003-alpha4-2020-01-30) - [Unclassified](#unclassified-19) -- [0.0.3-alpha.1 (2020-01-30)](#003-alpha1-2020-01-30) +- [0.0.3-alpha.2 (2020-01-30)](#003-alpha2-2020-01-30) - [Unclassified](#unclassified-20) +- [0.0.3-alpha.1 (2020-01-30)](#003-alpha1-2020-01-30) + - [Unclassified](#unclassified-21) - [0.0.1-alpha.9 (2020-01-29)](#001-alpha9-2020-01-29) - [Continuous Integration](#continuous-integration-3) - [0.0.2-alpha.1 (2020-01-29)](#002-alpha1-2020-01-29) - - [Unclassified](#unclassified-21) + - [Unclassified](#unclassified-22) - [0.0.1-alpha.6 (2020-01-29)](#001-alpha6-2020-01-29) - [Continuous Integration](#continuous-integration-4) - [0.0.1-alpha.5 (2020-01-29)](#001-alpha5-2020-01-29) - [Continuous Integration](#continuous-integration-5) - - [Unclassified](#unclassified-22) + - [Unclassified](#unclassified-23) - [0.0.1-alpha.3 (2020-01-28)](#001-alpha3-2020-01-28) - [Continuous Integration](#continuous-integration-6) - [Documentation](#documentation-29) - - [Unclassified](#unclassified-23) + - [Unclassified](#unclassified-24) @@ -336,6 +337,13 @@ This patch moves several CLI command to comply with the Ory CLI command structur * Fix incorrect assertion ([b5b1361](https://github.com/ory/kratos/commit/b5b1361defa8faa6ea36d50a8d940c76f70c4ddd)) +### Unclassified + +* BREAKING CHANGES: This patch group updates the tracing provider from OpenTracing to OpenTelemetry. Due to these changes, tracing providers Zipkin, DataDog, Elastic APM have been deactivated temporarily. The best way to re-add support for them is to make a pull request at https://github.com/ory/x/tree/master/otelx and check the status of https://github.com/ory/x/issues/499 ([7165fa0](https://github.com/ory/kratos/commit/7165fa04fa1c9442cad8da5c5814453e1ca0ba7b)): + + The configuration has not changed, and thus no changes to your system are required if you use Jaeger. + + # [0.9.0-alpha.3](https://github.com/ory/kratos/compare/v0.9.0-alpha.2...v0.9.0-alpha.3) (2022-03-25) From 51a13f712d38a942772b3f4c014971ecb4658d7a Mon Sep 17 00:00:00 2001 From: hackerman <3372410+aeneasr@users.noreply.github.com> Date: Fri, 29 Apr 2022 16:07:53 +0200 Subject: [PATCH 021/411] fix: use predictable SQLite in memory DSNs (#2415) Closes #2059 --- driver/config/config.go | 3 +-- driver/registry_default.go | 2 +- internal/driver.go | 4 ++-- persistence/sql/persister_test.go | 2 +- 4 files changed, 5 insertions(+), 6 deletions(-) diff --git a/driver/config/config.go b/driver/config/config.go index 667aa97dd7d2..47bf8578821e 100644 --- a/driver/config/config.go +++ b/driver/config/config.go @@ -46,7 +46,6 @@ import ( "github.com/tidwall/gjson" "github.com/ory/x/configx" - "github.com/ory/x/dbal" "github.com/ory/x/jsonx" "github.com/ory/x/logrusx" "github.com/ory/x/stringsx" @@ -55,7 +54,7 @@ import ( const ( DefaultIdentityTraitsSchemaID = "default" DefaultBrowserReturnURL = "default_browser_return_url" - DefaultSQLiteMemoryDSN = dbal.SQLiteInMemory + DefaultSQLiteMemoryDSN = "sqlite://file::memory:?_fk=true&cache=shared" DefaultPasswordHashingAlgorithm = "argon2" DefaultCipherAlgorithm = "noop" UnknownVersion = "unknown version" diff --git a/driver/registry_default.go b/driver/registry_default.go index 4fcea7adf980..acf0580d5a28 100644 --- a/driver/registry_default.go +++ b/driver/registry_default.go @@ -569,7 +569,7 @@ func (m *RegistryDefault) Init(ctx context.Context, opts ...RegistryOption) erro } // if dsn is memory we have to run the migrations on every start - if dbal.IsMemorySQLite(m.Config(ctx).DSN()) || m.Config(ctx).DSN() == dbal.SQLiteInMemory || m.Config(ctx).DSN() == dbal.SQLiteSharedInMemory || m.Config(ctx).DSN() == "memory" { + if dbal.IsMemorySQLite(m.Config(ctx).DSN()) || m.Config(ctx).DSN() == "memory" { m.Logger().Infoln("Ory Kratos is running migrations on every startup as DSN is memory. This means your data is lost when Kratos terminates.") if err := p.MigrateUp(ctx); err != nil { m.Logger().WithError(err).Warnf("Unable to run migrations, retrying.") diff --git a/internal/driver.go b/internal/driver.go index 9a52bba439d2..fc6eaa73074c 100644 --- a/internal/driver.go +++ b/internal/driver.go @@ -35,7 +35,7 @@ func NewConfigurationWithDefaults(t *testing.T) *config.Config { os.Stderr, configx.WithValues(map[string]interface{}{ "log.level": "trace", - config.ViperKeyDSN: dbal.SQLiteInMemory, + config.ViperKeyDSN: dbal.NewSQLiteTestDatabase(t), config.ViperKeyHasherArgon2ConfigMemory: 16384, config.ViperKeyHasherArgon2ConfigIterations: 1, config.ViperKeyHasherArgon2ConfigParallelism: 1, @@ -71,7 +71,7 @@ func NewFastRegistryWithMocks(t *testing.T) (*config.Config, *driver.RegistryDef // NewRegistryDefaultWithDSN returns a more standard registry without mocks. Good for e2e and advanced integration testing! func NewRegistryDefaultWithDSN(t *testing.T, dsn string) (*config.Config, *driver.RegistryDefault) { c := NewConfigurationWithDefaults(t) - c.MustSet(config.ViperKeyDSN, stringsx.Coalesce(dsn, dbal.SQLiteInMemory)) + c.MustSet(config.ViperKeyDSN, stringsx.Coalesce(dsn, dbal.NewSQLiteTestDatabase(t))) reg, err := driver.NewRegistryFromDSN(c, logrusx.New("", "")) require.NoError(t, err) diff --git a/persistence/sql/persister_test.go b/persistence/sql/persister_test.go index a5981de9add7..4873724482b9 100644 --- a/persistence/sql/persister_test.go +++ b/persistence/sql/persister_test.go @@ -95,7 +95,7 @@ func pl(t *testing.T) func(lvl logging.Level, s string, args ...interface{}) { } func createCleanDatabases(t *testing.T) map[string]*driver.RegistryDefault { - conns := map[string]string{"sqlite": dbal.SQLiteSharedInMemory} + conns := map[string]string{"sqlite": dbal.NewSQLiteTestDatabase(t)} var l sync.Mutex if !testing.Short() { From e6b38c253466f9f724d2762b01c18485ed96f648 Mon Sep 17 00:00:00 2001 From: ory-bot <60093411+ory-bot@users.noreply.github.com> Date: Fri, 29 Apr 2022 14:50:45 +0000 Subject: [PATCH 022/411] autogen(docs): regenerate and update changelog [skip ci] --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 034ffc782148..7a573bfcbf10 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -303,6 +303,7 @@ This patch moves several CLI command to comply with the Ory CLI command structur * Serve.admin.request_log.disable_for_health behaviour ([#2399](https://github.com/ory/kratos/issues/2399)) ([0a381fa](https://github.com/ory/kratos/commit/0a381fa3d702f77e614d0492dafa3ac2cd102c7e)) * Use `path` instead of `filepath` to join http route paths ([16b1244](https://github.com/ory/kratos/commit/16b12449c841bf7a237fe436b884b4b5012cd022)), closes [#2292](https://github.com/ory/kratos/issues/2292) * Use pointer of string for PasswordIdentifier in example code ([#2421](https://github.com/ory/kratos/issues/2421)) ([61f12e7](https://github.com/ory/kratos/commit/61f12e7579c7c337d0f415ac2b4029790c659c3d)) +* Use predictable SQLite in memory DSNs ([#2415](https://github.com/ory/kratos/issues/2415)) ([51a13f7](https://github.com/ory/kratos/commit/51a13f712d38a942772b3f4c014971ecb4658d7a)), closes [#2059](https://github.com/ory/kratos/issues/2059) ### Code Refactoring From d11a9a9dafdebb53ed9a8359496eb70b8adb99dd Mon Sep 17 00:00:00 2001 From: aeneasr <3372410+aeneasr@users.noreply.github.com> Date: Sun, 1 May 2022 23:07:24 +0200 Subject: [PATCH 023/411] refactor: move CLI commands to match Ory CLI structure BREAKING CHANGE: This patch moves several CLI command to comply with the Ory CLI command structure: ```patch - ory identities get ... + ory get identity ... - ory identities delete ... + ory delete identity ... - ory identities import ... + ory import identity ... - ory identities list ... + ory list identities ... - ory identities validate ... + ory validate identity ... - ory jsonnet format ... + ory format jsonnet ... - ory jsonnet lint ... + ory lint jsonnet ... ``` --- cmd/cliclient/client.go | 23 +++++++++++++---------- cmd/identities/delete.go | 5 ++++- cmd/identities/get.go | 5 ++++- cmd/identities/import.go | 5 ++++- cmd/identities/list.go | 8 ++++++-- cmd/identities/validate.go | 5 ++++- cmd/remote/status.go | 9 +++++---- cmd/remote/version.go | 9 ++++++--- 8 files changed, 46 insertions(+), 23 deletions(-) diff --git a/cmd/cliclient/client.go b/cmd/cliclient/client.go index b0176791b495..b1361e16d890 100644 --- a/cmd/cliclient/client.go +++ b/cmd/cliclient/client.go @@ -6,6 +6,8 @@ import ( "os" "time" + "github.com/pkg/errors" + "github.com/hashicorp/go-retryablehttp" "github.com/spf13/cobra" @@ -13,7 +15,6 @@ import ( "github.com/spf13/pflag" kratos "github.com/ory/kratos-client-go" - "github.com/ory/x/cmdx" ) const ( @@ -27,34 +28,36 @@ const ( ClientContextKey ContextKey = iota + 1 ) -func NewClient(cmd *cobra.Command) *kratos.APIClient { - if f, ok := cmd.Context().Value(ClientContextKey).(func(cmd *cobra.Command) *kratos.APIClient); ok { +func NewClient(cmd *cobra.Command) (*kratos.APIClient, error) { + if f, ok := cmd.Context().Value(ClientContextKey).(func(cmd *cobra.Command) (*kratos.APIClient, error)); ok { return f(cmd) } else if f != nil { - panic(fmt.Sprintf("ClientContextKey was expected to be *client.OryKratos but it contained an invalid type %T ", f)) + return nil, errors.Errorf("ClientContextKey was expected to be *client.OryKratos but it contained an invalid type %T ", f) } endpoint, err := cmd.Flags().GetString(FlagEndpoint) - cmdx.Must(err, "flag access error: %s", err) + if err != nil { + return nil, errors.WithStack(err) + } if endpoint == "" { endpoint = os.Getenv(envKeyEndpoint) } if endpoint == "" { - // no endpoint is set - _, _ = fmt.Fprintln(os.Stderr, "You have to set the remote endpoint, try --help for details.") - os.Exit(1) + return nil, errors.Errorf("you have to set the remote endpoint, try --help for details") } u, err := url.Parse(endpoint) - cmdx.Must(err, `Could not parse the endpoint URL "%s".`, endpoint) + if err != nil { + return nil, errors.Wrapf(err, `could not parse the endpoint URL "%s"`, endpoint) + } conf := kratos.NewConfiguration() conf.HTTPClient = retryablehttp.NewClient().StandardClient() conf.HTTPClient.Timeout = time.Second * 10 conf.Servers = kratos.ServerConfigurations{{URL: u.String()}} - return kratos.NewAPIClient(conf) + return kratos.NewAPIClient(conf), nil } func RegisterClientFlags(flags *pflag.FlagSet) { diff --git a/cmd/identities/delete.go b/cmd/identities/delete.go index 81a205303b36..8d9417fb4310 100644 --- a/cmd/identities/delete.go +++ b/cmd/identities/delete.go @@ -33,7 +33,10 @@ func NewDeleteIdentityCmd(root *cobra.Command) *cobra.Command { %[1]s delete identity $(%[1]s list identities --format json | jq -r 'map(select(.recovery_addresses[].value == "foo@bar.com")) | .[].id')`, root.Use), Args: cobra.MinimumNArgs(1), RunE: func(cmd *cobra.Command, args []string) error { - c := cliclient.NewClient(cmd) + c, err := cliclient.NewClient(cmd) + if err != nil { + return err + } var ( deleted = make([]string, 0, len(args)) diff --git a/cmd/identities/get.go b/cmd/identities/get.go index 34efe0c44b08..0c2ba37866dc 100644 --- a/cmd/identities/get.go +++ b/cmd/identities/get.go @@ -46,7 +46,10 @@ func NewGetIdentityCmd(root *cobra.Command) *cobra.Command { %s get identity $(%[1]s ls identities --format json | jq -r 'map(select(.recovery_addresses[].value | endswith("@ory.sh"))) | .[].id')`, root.Use), Args: cobra.MinimumNArgs(1), RunE: func(cmd *cobra.Command, args []string) error { - c := cliclient.NewClient(cmd) + c, err := cliclient.NewClient(cmd) + if err != nil { + return err + } // we check includeCreds argument is valid for _, opt := range includeCreds { diff --git a/cmd/identities/import.go b/cmd/identities/import.go index f846dee32e95..1e0aeebcda8a 100644 --- a/cmd/identities/import.go +++ b/cmd/identities/import.go @@ -53,7 +53,10 @@ Files can contain only a single or an array of identities. The validity of files WARNING: Importing credentials is not yet supported.`, RunE: func(cmd *cobra.Command, args []string) error { - c := cliclient.NewClient(cmd) + c, err := cliclient.NewClient(cmd) + if err != nil { + return err + } imported := make([]kratos.Identity, 0, len(args)) failed := make(map[string]error) diff --git a/cmd/identities/list.go b/cmd/identities/list.go index 196ab5d07cec..273d665348ab 100644 --- a/cmd/identities/list.go +++ b/cmd/identities/list.go @@ -38,7 +38,11 @@ func NewListIdentitiesCmd(root *cobra.Command) *cobra.Command { }, Aliases: []string{"ls"}, RunE: func(cmd *cobra.Command, args []string) error { - c := cliclient.NewClient(cmd) + c, err := cliclient.NewClient(cmd) + if err != nil { + return err + } + req := c.V0alpha2Api.AdminListIdentities(cmd.Context()) if len(args) == 2 { @@ -59,7 +63,7 @@ func NewListIdentitiesCmd(root *cobra.Command) *cobra.Command { identities, _, err := req.Execute() if err != nil { - _, _ = fmt.Fprintf(cmd.ErrOrStderr(), "Could not get the identities: %+v\n", err) + _, _ = fmt.Fprintf(cmd.ErrOrStderr(), "Could not list identities: %+v\n", err) return cmdx.FailSilently(cmd) } diff --git a/cmd/identities/validate.go b/cmd/identities/validate.go index fb5d604c71e4..9fecda24cf82 100644 --- a/cmd/identities/validate.go +++ b/cmd/identities/validate.go @@ -41,7 +41,10 @@ func NewValidateIdentityCmd() *cobra.Command { It validates against the payload of the API and the identity schema as configured in Ory Kratos. Identities can be supplied via STD_IN or JSON files containing a single or an array of identities.`, RunE: func(cmd *cobra.Command, args []string) error { - c := cliclient.NewClient(cmd) + c, err := cliclient.NewClient(cmd) + if err != nil { + return err + } is, err := readIdentities(cmd, args) if err != nil { diff --git a/cmd/remote/status.go b/cmd/remote/status.go index 65d9b80009bd..73fb402ac3f6 100644 --- a/cmd/remote/status.go +++ b/cmd/remote/status.go @@ -39,23 +39,24 @@ var statusCmd = &cobra.Command{ Use: "status", Short: "Print the alive and readiness status of a Ory Kratos instance", Args: cobra.NoArgs, - Run: func(cmd *cobra.Command, args []string) { - c := cliclient.NewClient(cmd) + RunE: func(cmd *cobra.Command, args []string) error { + c, err := cliclient.NewClient(cmd) state := &statusState{} defer cmdx.PrintRow(cmd, state) alive, _, err := c.MetadataApi.IsAlive(cmd.Context()).Execute() if err != nil { - return + return err } state.Alive = alive.Status == "ok" ready, _, err := c.MetadataApi.IsReady(cmd.Context()).Execute() if err != nil { - return + return err } state.Ready = ready.Status == "ok" + return nil }, } diff --git a/cmd/remote/version.go b/cmd/remote/version.go index 0569c91cb30f..ba5115ceeec5 100644 --- a/cmd/remote/version.go +++ b/cmd/remote/version.go @@ -27,12 +27,15 @@ var versionCmd = &cobra.Command{ Use: "version", Short: "Print the version of an Ory Kratos instance", Args: cobra.NoArgs, - Run: func(cmd *cobra.Command, args []string) { - c := cliclient.NewClient(cmd) + RunE: func(cmd *cobra.Command, args []string) error { + c, err := cliclient.NewClient(cmd) resp, _, err := c.MetadataApi.GetVersion(cmd.Context()).Execute() - cmdx.Must(err, "Could not get version: %s", err) + if err != nil { + return err + } cmdx.PrintRow(cmd, &versionValue{Version: resp.Version}) + return nil }, } From 8a1009b16653df13485bab8e33926967c449bf4e Mon Sep 17 00:00:00 2001 From: aeneasr <3372410+aeneasr@users.noreply.github.com> Date: Mon, 2 May 2022 00:11:45 +0200 Subject: [PATCH 024/411] fix: improve error reporting from OpenAPI --- cmd/identities/delete.go | 4 +- cmd/identities/get.go | 4 +- cmd/identities/import.go | 13 +--- cmd/identities/list.go | 5 +- go.mod | 28 ++++++- go.sum | 153 +++++++++++++++++++++++++++++++-------- 6 files changed, 160 insertions(+), 47 deletions(-) diff --git a/cmd/identities/delete.go b/cmd/identities/delete.go index 8d9417fb4310..27beb74ece00 100644 --- a/cmd/identities/delete.go +++ b/cmd/identities/delete.go @@ -3,6 +3,8 @@ package identities import ( "fmt" + "github.com/ory/x/cloudx" + "github.com/spf13/cobra" "github.com/ory/kratos/cmd/cliclient" @@ -46,7 +48,7 @@ func NewDeleteIdentityCmd(root *cobra.Command) *cobra.Command { for _, a := range args { _, err := c.V0alpha2Api.AdminDeleteIdentity(cmd.Context(), a).Execute() if err != nil { - errs = append(errs, err) + errs = append(errs, cloudx.PrintOpenAPIError(cmd, err)) continue } deleted = append(deleted, a) diff --git a/cmd/identities/get.go b/cmd/identities/get.go index 0c2ba37866dc..d6f617faeda5 100644 --- a/cmd/identities/get.go +++ b/cmd/identities/get.go @@ -3,6 +3,8 @@ package identities import ( "fmt" + "github.com/ory/x/cloudx" + kratos "github.com/ory/kratos-client-go" "github.com/ory/kratos/x" "github.com/ory/x/cmdx" @@ -69,7 +71,7 @@ func NewGetIdentityCmd(root *cobra.Command) *cobra.Command { Execute() if x.SDKError(err) != nil { - failed[id] = err + failed[id] = cloudx.PrintOpenAPIError(cmd, err) continue } diff --git a/cmd/identities/import.go b/cmd/identities/import.go index 1e0aeebcda8a..a78a5bc62484 100644 --- a/cmd/identities/import.go +++ b/cmd/identities/import.go @@ -1,13 +1,12 @@ package identities import ( - "context" "encoding/json" "fmt" - "net/http" kratos "github.com/ory/kratos-client-go" + "github.com/ory/x/cloudx" "github.com/ory/x/cmdx" "github.com/spf13/cobra" @@ -67,13 +66,6 @@ WARNING: Importing credentials is not yet supported.`, } for src, i := range is { - err = ValidateIdentity(cmd, src, i, func(ctx context.Context, id string) (map[string]interface{}, *http.Response, error) { - return c.V0alpha2Api.GetJsonSchema(ctx, id).Execute() - }) - if err != nil { - return err - } - var params kratos.AdminCreateIdentityBody err = json.Unmarshal([]byte(i), ¶ms) if err != nil { @@ -83,11 +75,12 @@ WARNING: Importing credentials is not yet supported.`, ident, _, err := c.V0alpha2Api.AdminCreateIdentity(cmd.Context()).AdminCreateIdentityBody(params).Execute() if err != nil { - failed[src] = err + failed[src] = cloudx.PrintOpenAPIError(cmd, err) } else { imported = append(imported, *ident) } } + if len(imported) == 1 { cmdx.PrintRow(cmd, (*outputIdentity)(&imported[0])) } else { diff --git a/cmd/identities/list.go b/cmd/identities/list.go index 273d665348ab..e1f8ac744468 100644 --- a/cmd/identities/list.go +++ b/cmd/identities/list.go @@ -4,6 +4,8 @@ import ( "fmt" "strconv" + "github.com/ory/x/cloudx" + "github.com/ory/x/cmdx" "github.com/spf13/cobra" @@ -63,8 +65,7 @@ func NewListIdentitiesCmd(root *cobra.Command) *cobra.Command { identities, _, err := req.Execute() if err != nil { - _, _ = fmt.Fprintf(cmd.ErrOrStderr(), "Could not list identities: %+v\n", err) - return cmdx.FailSilently(cmd) + return cloudx.PrintOpenAPIError(cmd, err) } cmdx.PrintTable(cmd, &outputIdentityCollection{ diff --git a/go.mod b/go.mod index 8d7fa0588cd1..6c6d1673fc0f 100644 --- a/go.mod +++ b/go.mod @@ -76,7 +76,7 @@ require ( github.com/ory/kratos-client-go v0.6.3-alpha.1 github.com/ory/mail/v3 v3.0.0 github.com/ory/nosurf v1.2.7 - github.com/ory/x v0.0.375 + github.com/ory/x v0.0.380 github.com/phayes/freeport v0.0.0-20180830031419-95f893ade6f2 github.com/pkg/errors v0.9.1 github.com/pquerna/otp v1.3.0 @@ -100,7 +100,8 @@ require ( require ( cloud.google.com/go v0.99.0 // indirect - github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1 // indirect + github.com/Azure/go-ansiterm v0.0.0-20170929234023-d6e3b3328b78 // indirect + github.com/DataDog/datadog-go v4.8.2+incompatible // indirect github.com/Masterminds/goutils v1.1.0 // indirect github.com/Masterminds/semver v1.5.0 // indirect github.com/Masterminds/semver/v3 v3.1.1 // indirect @@ -175,6 +176,7 @@ require ( github.com/gobuffalo/validate/v3 v3.3.1 // indirect github.com/goccy/go-yaml v1.9.5 // indirect github.com/gofrs/flock v0.8.1 // indirect + github.com/gofrs/uuid/v3 v3.1.2 // indirect github.com/gogo/protobuf v1.3.2 // indirect github.com/golang/glog v1.0.0 // indirect github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect @@ -190,6 +192,7 @@ require ( github.com/grpc-ecosystem/go-grpc-middleware v1.3.0 // indirect github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0 // indirect github.com/grpc-ecosystem/grpc-gateway v1.16.0 // indirect + github.com/grpc-ecosystem/grpc-gateway/v2 v2.7.0 // indirect github.com/hashicorp/go-cleanhttp v0.5.2 // indirect github.com/hashicorp/go-hclog v1.0.0 // indirect github.com/hashicorp/go-immutable-radix v1.3.1 // indirect @@ -198,6 +201,7 @@ require ( github.com/hashicorp/serf v0.9.6 // indirect github.com/huandu/xstrings v1.2.0 // indirect github.com/inconshreveable/mousetrap v1.0.0 // indirect + github.com/instana/go-sensor v1.41.1 // indirect github.com/jackc/chunkreader/v2 v2.0.1 // indirect github.com/jackc/pgconn v1.10.1 // indirect github.com/jackc/pgio v1.0.0 // indirect @@ -242,6 +246,11 @@ require ( github.com/opencontainers/go-digest v1.0.0 // indirect github.com/opencontainers/image-spec v1.0.2 // indirect github.com/opencontainers/runc v1.0.2 // indirect + github.com/opentracing-contrib/go-observer v0.0.0-20170622124052-a52f23424492 // indirect + github.com/opentracing/opentracing-go v1.2.0 // indirect + github.com/openzipkin-contrib/zipkin-go-opentracing v0.4.5 // indirect + github.com/openzipkin/zipkin-go v0.4.0 // indirect + github.com/ory/client-go v0.0.1-alpha.138 // indirect github.com/ory/viper v1.7.5 // indirect github.com/pborman/uuid v1.2.1 // indirect github.com/pelletier/go-toml v1.9.4 // indirect @@ -266,6 +275,7 @@ require ( github.com/spf13/cast v1.4.1 // indirect github.com/spf13/jwalterweatherman v1.1.0 // indirect github.com/spf13/viper v1.10.0 // indirect + github.com/square/go-jose/v3 v3.0.0-20200630053402-0a67ce9b0693 // indirect github.com/subosito/gotenv v1.2.0 // indirect github.com/tidwall/match v1.1.1 // indirect github.com/tidwall/pretty v1.2.0 // indirect @@ -273,6 +283,8 @@ require ( github.com/timtadh/lexmachine v0.2.2 // indirect github.com/tmc/grpc-websocket-proxy v0.0.0-20201229170055-e5319fda7802 // indirect github.com/toqueteos/webbrowser v1.2.0 // indirect + github.com/uber/jaeger-client-go v2.30.0+incompatible // indirect + github.com/uber/jaeger-lib v2.4.1+incompatible // indirect github.com/urfave/cli v1.22.5 // indirect github.com/x448/float16 v0.8.4 // indirect github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb // indirect @@ -280,6 +292,10 @@ require ( github.com/xeipuuv/gojsonschema v1.2.0 // indirect github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2 // indirect github.com/xtgo/uuid v0.0.0-20140804021211-a0b114877d4c // indirect + go.elastic.co/apm v1.15.0 // indirect + go.elastic.co/apm/module/apmhttp v1.15.0 // indirect + go.elastic.co/apm/module/apmot v1.15.0 // indirect + go.elastic.co/fastjson v1.1.0 // indirect go.etcd.io/bbolt v1.3.5 // indirect go.etcd.io/etcd/api/v3 v3.5.1 // indirect go.etcd.io/etcd/client/pkg/v3 v3.5.1 // indirect @@ -298,12 +314,17 @@ require ( go.opentelemetry.io/contrib/propagators/jaeger v1.4.0 // indirect go.opentelemetry.io/contrib/samplers/jaegerremote v0.0.0-20220314184135-32895002a444 // indirect go.opentelemetry.io/otel v1.6.3 // indirect + go.opentelemetry.io/otel/bridge/opentracing v1.6.3 // indirect go.opentelemetry.io/otel/exporters/jaeger v1.5.0 // indirect + go.opentelemetry.io/otel/exporters/otlp/internal/retry v1.6.3 // indirect + go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.6.3 // indirect + go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.6.3 // indirect go.opentelemetry.io/otel/internal/metric v0.27.0 // indirect go.opentelemetry.io/otel/metric v0.27.0 // indirect go.opentelemetry.io/otel/sdk v1.6.3 // indirect go.opentelemetry.io/otel/trace v1.6.3 // indirect - go.uber.org/atomic v1.9.0 // indirect + go.opentelemetry.io/proto/otlp v0.15.0 // indirect + go.uber.org/atomic v1.7.0 // indirect go.uber.org/multierr v1.7.0 // indirect go.uber.org/zap v1.17.0 // indirect golang.org/x/mod v0.6.0-dev.0.20211013180041-c96bc1413d57 // indirect @@ -316,6 +337,7 @@ require ( google.golang.org/genproto v0.0.0-20211208223120-3a66f561d7aa // indirect google.golang.org/grpc v1.45.0 // indirect google.golang.org/protobuf v1.28.0 // indirect + gopkg.in/DataDog/dd-trace-go.v1 v1.38.0 // indirect gopkg.in/alecthomas/kingpin.v2 v2.2.6 // indirect gopkg.in/alexcesaro/quotedprintable.v3 v3.0.0-20150716171945-2caba252f4dc // indirect gopkg.in/cheggaaa/pb.v1 v1.0.28 // indirect diff --git a/go.sum b/go.sum index ac74b02dadd0..2e29a665a570 100644 --- a/go.sum +++ b/go.sum @@ -1,6 +1,5 @@ bazil.org/fuse v0.0.0-20160811212531-371fbbdaa898/go.mod h1:Xbm+BRKSBEpa4q4hTSxohYNQpsxXPbPry4JJWOB3LB8= bazil.org/fuse v0.0.0-20180421153158-65cc252bf669/go.mod h1:Xbm+BRKSBEpa4q4hTSxohYNQpsxXPbPry4JJWOB3LB8= -bazil.org/fuse v0.0.0-20200407214033-5883e5a4b512/go.mod h1:FbcW6z/2VytnFDhZfumh8Ss8zxHE6qpMP5sHTRe0EaM= bitbucket.org/creachadair/shell v0.0.6/go.mod h1:8Qqi/cYk7vPnsOePHroKXDJYmb5x7ENhtiFtfZq8K+M= bitbucket.org/liamstask/goose v0.0.0-20150115234039-8488cc47d90c/go.mod h1:hSVuE3qU7grINVSwrmzHfpg9k87ALBk+XaualNyUzI4= cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= @@ -68,9 +67,8 @@ github.com/Azure/azure-sdk-for-go v29.0.0+incompatible/go.mod h1:9XXNKU+eRnpl9mo github.com/Azure/azure-sdk-for-go v30.1.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= github.com/Azure/azure-service-bus-go v0.9.1/go.mod h1:yzBx6/BUGfjfeqbRZny9AQIbIe3AcV9WZbAdpkoXOa0= github.com/Azure/azure-storage-blob-go v0.8.0/go.mod h1:lPI3aLPpuLTeUwh1sViKXFxwl2B6teiRqI0deQUvsw0= +github.com/Azure/go-ansiterm v0.0.0-20170929234023-d6e3b3328b78 h1:w+iIsaOQNcT7OZ575w+acHgRric5iCyQh+xv+KJ4HB8= github.com/Azure/go-ansiterm v0.0.0-20170929234023-d6e3b3328b78/go.mod h1:LmzpDX56iTiv29bbRTIsUNlaFfuhWRQBWjQdVyAevI8= -github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1 h1:UQHMgLO+TxOElx5B5HZ4hJQsoJ/PvUvKRhJHDQXO8P8= -github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E= github.com/Azure/go-autorest v10.8.1+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24= github.com/Azure/go-autorest v12.0.0+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24= github.com/Azure/go-autorest v14.2.0+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24= @@ -85,9 +83,12 @@ github.com/Azure/go-autorest/tracing v0.6.0/go.mod h1:+vhtPC754Xsa23ID7GlGsrdKBp github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo= github.com/DataDog/datadog-go v3.2.0+incompatible/go.mod h1:LButxg5PwREeZtORoXG3tL4fMGNddJ+vMq1mwgfaqoQ= +github.com/DataDog/datadog-go v4.8.2+incompatible h1:qbcKSx29aBLD+5QLvlQZlGmRMF/FfGqFLFev/1TDzRo= +github.com/DataDog/datadog-go v4.8.2+incompatible/go.mod h1:LButxg5PwREeZtORoXG3tL4fMGNddJ+vMq1mwgfaqoQ= github.com/GeertJohan/go.incremental v1.0.0/go.mod h1:6fAjUhbVuX1KcMD3c8TEgVUqmo4seqhv0i0kdATSkM0= github.com/GeertJohan/go.rice v1.0.2/go.mod h1:af5vUNlDNkCjOZeSGFgIJxDje9qdjsO6hshx0gTmZt4= github.com/GoogleCloudPlatform/cloudsql-proxy v0.0.0-20191009163259-e802c2cb94ae/go.mod h1:mjwGPas4yKduTyubHvD1Atl9r1rUq8DfVy+gkVvZ+oo= +github.com/HdrHistogram/hdrhistogram-go v1.1.2 h1:5IcZpTvzydCQeHzK4Ef/D5rrSqwxob0t8PQPMybUNFM= github.com/Knetic/govaluate v3.0.1-0.20171022003610-9aa49832a739+incompatible/go.mod h1:r7JcOSlj0wfOMncg0iLm8Leh48TZaKVeNIfJntJ2wa0= github.com/Masterminds/goutils v1.1.0 h1:zukEsf/1JZwCMgHiK3GZftabmxiCw4apj3a28RPBiVg= github.com/Masterminds/goutils v1.1.0/go.mod h1:8cTjp+g8YejhMuvIA5y2vz3BpJxksy863GQaJW2MFNU= @@ -134,7 +135,9 @@ github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578 h1:d+Bc7a5rLufV github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE= github.com/Shopify/logrus-bugsnag v0.0.0-20171204204709-577dee27f20d/go.mod h1:HI8ITrYtUY+O+ZhtlqUnD8+KwNPOyugEhfP9fdUIaEQ= github.com/Shopify/sarama v1.19.0/go.mod h1:FVkBWblsNy7DGZRfXLU0O9RCGt5g3g3yEuWXgklEdEo= +github.com/Shopify/sarama v1.30.0/go.mod h1:zujlQQx1kzHsh4jfV1USnptCQrHAEZ2Hk8fTKCulPVs= github.com/Shopify/toxiproxy v2.1.4+incompatible/go.mod h1:OXgGpZ6Cli1/URJOF1DMxUHB2q5Ap20/P/eIdh4G0pI= +github.com/Shopify/toxiproxy/v2 v2.1.6-0.20210914104332-15ea381dcdae/go.mod h1:/cvHQkZ1fst0EmZnA5dFtiQdWCNCFYzb+uE2vqVgvx0= github.com/VividCortex/gohistogram v1.0.0/go.mod h1:Pf5mBqqDxYaXu3hDrrU+w6nw50o/4+TcAqDqk/vUH7g= github.com/a8m/envsubst v1.3.0 h1:GmXKmVssap0YtlU3E230W98RWtWCyIZzjtf1apWWyAg= github.com/a8m/envsubst v1.3.0/go.mod h1:MVUTQNGQ3tsjOOtKCNd+fl8RzhsXcDvvAEzkhGtlsbY= @@ -177,6 +180,7 @@ github.com/armon/go-metrics v0.0.0-20180917152333-f0300d1749da/go.mod h1:Q73ZrmV github.com/armon/go-metrics v0.3.10 h1:FR+drcQStOe+32sYyJYyZ7FIdgoGGBnwLl+flodp8Uo= github.com/armon/go-metrics v0.3.10/go.mod h1:4O98XIr/9W0sxpJ8UaYkvjk10Iff7SnFrb4QAOwNTFc= github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8= +github.com/armon/go-radix v1.0.0 h1:F4z6KzEeeQIMeLFa97iZU6vupzoecKdU5TX24SNppXI= github.com/armon/go-radix v1.0.0/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8= github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs= github.com/aryann/difflib v0.0.0-20170710044230-e206f873d14a/go.mod h1:DAHtR1m6lCRdSC2Tm3DSWRPvIPr6xNKyeHdqDQSQT+A= @@ -184,9 +188,8 @@ github.com/asaskevich/govalidator v0.0.0-20180720115003-f9ffefc3facf/go.mod h1:l github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a/go.mod h1:lB+ZfQJz7igIIfQNfa7Ml4HSf2uFQQRzpGGRXenZAgY= github.com/asaskevich/govalidator v0.0.0-20200108200545-475eaeb16496/go.mod h1:oGkLhpf+kjZl6xBf758TQhh5XrAeiJv/7FRz/2spLIg= github.com/asaskevich/govalidator v0.0.0-20200428143746-21a406dcc535/go.mod h1:oGkLhpf+kjZl6xBf758TQhh5XrAeiJv/7FRz/2spLIg= +github.com/asaskevich/govalidator v0.0.0-20200907205600-7a23bdc65eef h1:46PFijGLmAjMPwCCCo7Jf0W6f9slllCkkv7vyc1yOSg= github.com/asaskevich/govalidator v0.0.0-20200907205600-7a23bdc65eef/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw= -github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d h1:Byv0BzEl3/e6D5CLfI0j/7hiIEtvGVFPCZ7Ei2oq8iQ= -github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw= github.com/avast/retry-go/v3 v3.1.1 h1:49Scxf4v8PmiQ/nY0aY3p0hDueqSmc7++cBbtiDGu2g= github.com/avast/retry-go/v3 v3.1.1/go.mod h1:6cXRK369RpzFL3UQGqIUp9Q7GDrams+KsYWrfNA1/nQ= github.com/aws/aws-lambda-go v1.13.3/go.mod h1:4UKl9IzQMoD+QF79YdCuzCwp8VbmG4VAQwij/eHl5CU= @@ -346,9 +349,8 @@ github.com/containerd/continuity v0.0.0-20191127005431-f65d91d395eb/go.mod h1:GL github.com/containerd/continuity v0.0.0-20200710164510-efbc4488d8fe/go.mod h1:cECdGN1O8G9bgKTlLhuPJimka6Xb/Gg7vYzCTNVxhvo= github.com/containerd/continuity v0.0.0-20201208142359-180525291bb7/go.mod h1:kR3BEg7bDFaEddKm54WSmrol1fKWDU1nKYkgrcgZT7Y= github.com/containerd/continuity v0.0.0-20210208174643-50096c924a4e/go.mod h1:EXlVlkqNba9rJe3j7w3Xa924itAMLgZH4UD/Q4PExuQ= +github.com/containerd/continuity v0.1.0 h1:UFRRY5JemiAhPZrr/uE0n8fMTLcZsUvySPr1+D7pgr8= github.com/containerd/continuity v0.1.0/go.mod h1:ICJu0PwR54nI0yPEnJ6jcS+J7CZAUXrLh8lPo2knzsM= -github.com/containerd/continuity v0.2.1 h1:/EeEo2EtN3umhbbgCveyjifoMYg0pS+nMMEemaYw634= -github.com/containerd/continuity v0.2.1/go.mod h1:wCYX+dRqZdImhGucXOqTQn05AhX6EUDaGEMUzTFFpLg= github.com/containerd/fifo v0.0.0-20180307165137-3d5202aec260/go.mod h1:ODA38xgv3Kuk8dQz2ZQXpnv/UZZUHUCL7pnLehbXgQI= github.com/containerd/fifo v0.0.0-20190226154929-a9fb20d87448/go.mod h1:ODA38xgv3Kuk8dQz2ZQXpnv/UZZUHUCL7pnLehbXgQI= github.com/containerd/fifo v0.0.0-20200410184934-f15a3290365b/go.mod h1:jPQ2IAeZRCYxpS/Cm1495vGFww6ecHmMk1YJH2Q5ln0= @@ -483,9 +485,16 @@ github.com/dustin/go-humanize v0.0.0-20171111073723-bb3d318650d4/go.mod h1:Htrtb github.com/dustin/go-humanize v1.0.0 h1:VSnTsYCnlFHaM2/igO1h6X3HA71jcobQuxemgkq4zYo= github.com/dustin/go-humanize v1.0.0/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk= github.com/eapache/go-resiliency v1.1.0/go.mod h1:kFI+JgMyC7bLPUVY133qvEBtVayf5mFgVsvEsIPBvNs= +github.com/eapache/go-resiliency v1.2.0/go.mod h1:kFI+JgMyC7bLPUVY133qvEBtVayf5mFgVsvEsIPBvNs= github.com/eapache/go-xerial-snappy v0.0.0-20180814174437-776d5712da21/go.mod h1:+020luEh2TKB4/GOp8oxxtq0Daoen/Cii55CzbTV6DU= github.com/eapache/queue v1.1.0/go.mod h1:6eCeP0CKFpHLu8blIFXhExK/dRa7WDZfr6jVFPTqq+I= github.com/edsrzf/mmap-go v1.0.0/go.mod h1:YO35OhQPt3KJa3ryjFM5Bs14WD66h8eGKpfaBNrHW5M= +github.com/elastic/go-licenser v0.3.1 h1:RmRukU/JUmts+rpexAw0Fvt2ly7VVu6mw8z4HrEzObU= +github.com/elastic/go-licenser v0.3.1/go.mod h1:D8eNQk70FOCVBl3smCGQt/lv7meBeQno2eI1S5apiHQ= +github.com/elastic/go-sysinfo v1.1.1 h1:ZVlaLDyhVkDfjwPGU55CQRCRolNpc7P0BbyhhQZQmMI= +github.com/elastic/go-sysinfo v1.1.1/go.mod h1:i1ZYdU10oLNfRzq4vq62BEwD2fH8KaWh6eh0ikPT9F0= +github.com/elastic/go-windows v1.0.0 h1:qLURgZFkkrYyTTkvYpsZIgf83AUsdIHfvlJaqaZ7aSY= +github.com/elastic/go-windows v1.0.0/go.mod h1:TsU0Nrp7/y3+VwE82FoZF8gC/XFg/Elz6CcloAxnPgU= github.com/elazarl/goproxy v0.0.0-20180725130230-947c36da3153/go.mod h1:/Zj4wYkgs4iZTTu3o/KG3Itv/qCCa8VVMlb3i9OVuzc= github.com/elliotchance/orderedmap v1.4.0 h1:wZtfeEONCbx6in1CZyE6bELEt/vFayMvsxqI5SgsR+A= github.com/elliotchance/orderedmap v1.4.0/go.mod h1:wsDwEaX5jEoyhbs7x93zk2H/qv0zwuhg4inXhDkYqys= @@ -590,8 +599,8 @@ github.com/go-openapi/errors v0.19.6/go.mod h1:cM//ZKUKyO06HSwqAelJ5NsEMMcpa6VpX github.com/go-openapi/errors v0.19.7/go.mod h1:cM//ZKUKyO06HSwqAelJ5NsEMMcpa6VpXe8DOa1Mi1M= github.com/go-openapi/errors v0.19.8/go.mod h1:cM//ZKUKyO06HSwqAelJ5NsEMMcpa6VpXe8DOa1Mi1M= github.com/go-openapi/errors v0.19.9/go.mod h1:cM//ZKUKyO06HSwqAelJ5NsEMMcpa6VpXe8DOa1Mi1M= -github.com/go-openapi/errors v0.20.1 h1:j23mMDtRxMwIobkpId7sWh7Ddcx4ivaoqUbfXx5P+a8= -github.com/go-openapi/errors v0.20.1/go.mod h1:cM//ZKUKyO06HSwqAelJ5NsEMMcpa6VpXe8DOa1Mi1M= +github.com/go-openapi/errors v0.20.0 h1:Sxpo9PjEHDzhs3FbnGNonvDgWcMW2U7wGTcDDSFSceM= +github.com/go-openapi/errors v0.20.0/go.mod h1:cM//ZKUKyO06HSwqAelJ5NsEMMcpa6VpXe8DOa1Mi1M= github.com/go-openapi/inflect v0.19.0 h1:9jCH9scKIbHeV9m12SmPilScz6krDxKRasNNSNPXu/4= github.com/go-openapi/inflect v0.19.0/go.mod h1:lHpZVlpIQqLyKwJ4N+YSc9hchQy/i12fJykb83CRBH4= github.com/go-openapi/jsonpointer v0.17.0/go.mod h1:cOnomiV+CVVwFLk0A/MExoFMjwdsUdVpsRhURCKh+3M= @@ -655,9 +664,8 @@ github.com/go-openapi/swag v0.19.5/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh github.com/go-openapi/swag v0.19.7/go.mod h1:ao+8BpOPyKdpQz3AOJfbeEVpLmWAvlT1IfTe5McPyhY= github.com/go-openapi/swag v0.19.9/go.mod h1:ao+8BpOPyKdpQz3AOJfbeEVpLmWAvlT1IfTe5McPyhY= github.com/go-openapi/swag v0.19.12/go.mod h1:eFdyEBkTdoAf/9RXBvj4cr1nH7GD8Kzo5HTt47gr72M= +github.com/go-openapi/swag v0.19.13 h1:233UVgMy1DlmCYYfOiFpta6e2urloh+sEs5id6lyzog= github.com/go-openapi/swag v0.19.13/go.mod h1:QYRuS/SOXUCsnplDa677K7+DxSOj6IPNl/eQntq43wQ= -github.com/go-openapi/swag v0.19.15 h1:D2NRCBzS9/pEY3gP9Nl8aDqGUcPFrwG2p+CNFrLyrCM= -github.com/go-openapi/swag v0.19.15/go.mod h1:QYRuS/SOXUCsnplDa677K7+DxSOj6IPNl/eQntq43wQ= github.com/go-openapi/validate v0.18.0/go.mod h1:Uh4HdOzKt19xGIGm1qHf/ofbX1YQ4Y+MYsct2VUrAJ4= github.com/go-openapi/validate v0.19.2/go.mod h1:1tRCw7m3jtI8eNWEEliiAqUIcBztB2KDnRCRMUi7GTA= github.com/go-openapi/validate v0.19.3/go.mod h1:90Vh6jjkTn+OT1Eefm0ZixWNFjhtOH7vS9k0lo6zwJo= @@ -682,13 +690,13 @@ github.com/go-sql-driver/mysql v1.4.1/go.mod h1:zAC/RDZ24gD3HViQzih4MyKcchzm+sOG github.com/go-sql-driver/mysql v1.5.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg= github.com/go-sql-driver/mysql v1.6.0 h1:BCTh4TKNUYmOmMUcQ3IipzF5prigylS7XXjEkfCHuOE= github.com/go-sql-driver/mysql v1.6.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg= +github.com/go-stack/stack v1.8.0 h1:5SgMzNM5HxrEjV0ww2lTmX6E2Izsfxas4+YHWRs3Lsk= github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY= -github.com/go-stack/stack v1.8.1 h1:ntEHSVwIt7PNXNpgPmVfMrNhLtgjlmnZha2kOpuRiDw= -github.com/go-stack/stack v1.8.1/go.mod h1:dcoOX6HbPZSZptuspn9bctJ+N/CnF5gGygcUP3XYfe4= github.com/go-swagger/go-swagger v0.26.1 h1:1XUWLnH6hKxHzeKjJfA2gHkSqcT1Zgi4q/PZp2hDdN8= github.com/go-swagger/go-swagger v0.26.1/go.mod h1:zlf/LHplZpdtU2mYXg9Ajd3+9TgHYltv5f/pEM6LjnI= github.com/go-swagger/scan-repo-boundary v0.0.0-20180623220736-973b3573c013 h1:l9rI6sNaZgNC0LnF3MiE+qTmyBA/tZAg1rtyrGbUMK0= github.com/go-swagger/scan-repo-boundary v0.0.0-20180623220736-973b3573c013/go.mod h1:b65mBPzqzZWxOZGxSWrqs4GInLIn+u99Q9q7p+GKni0= +github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0/go.mod h1:fyg7847qk6SyHyPtNmDHnmrv/HOrqktSC+C9fM+CJOE= github.com/go-test/deep v1.0.2-0.20181118220953-042da051cf31/go.mod h1:wGDj63lr65AM2AQyKZd/NYHGb0R+1RLqB8NKt3aSFNA= github.com/go-test/deep v1.0.4 h1:u2CU3YKy9I2pmu9pX0eq50wCgjfGIt539SqR7FbHiho= github.com/go-test/deep v1.0.4/go.mod h1:wGDj63lr65AM2AQyKZd/NYHGb0R+1RLqB8NKt3aSFNA= @@ -764,6 +772,8 @@ github.com/gofrs/uuid v3.2.0+incompatible/go.mod h1:b2aQJv3Z4Fp6yNu3cdSllBxTCLRx github.com/gofrs/uuid v4.0.0+incompatible/go.mod h1:b2aQJv3Z4Fp6yNu3cdSllBxTCLRxnplIgP/c0N/04lM= github.com/gofrs/uuid v4.1.0+incompatible h1:sIa2eCvUTwgjbqXrPLfNwUf9S3i3mpH1O1atV+iL/Wk= github.com/gofrs/uuid v4.1.0+incompatible/go.mod h1:b2aQJv3Z4Fp6yNu3cdSllBxTCLRxnplIgP/c0N/04lM= +github.com/gofrs/uuid/v3 v3.1.2 h1:V3IBv1oU82x6YIr5txe3azVHgmOKYdyKQTowm9moBlY= +github.com/gofrs/uuid/v3 v3.1.2/go.mod h1:xPwMqoocQ1L5G6pXX5BcE7N5jlzn2o19oqAKxwZW/kI= github.com/gogo/googleapis v1.1.0/go.mod h1:gf4bu3Q80BeJ6H1S1vYPm8/ELATdvryBaNFGgqEef3s= github.com/gogo/googleapis v1.2.0/go.mod h1:Njal3psf3qN6dwBtQfUmBZh2ybovJ0tlu3o/AC7HYjU= github.com/gogo/googleapis v1.4.0/go.mod h1:5YRNX2z1oM5gXdAkurHa942MDgEJyk02w4OecKY87+c= @@ -821,6 +831,7 @@ github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiu github.com/golang/snappy v0.0.0-20180518054509-2e65f85255db/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= github.com/golang/snappy v0.0.1/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= github.com/golang/snappy v0.0.3/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= +github.com/golang/snappy v0.0.4/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= github.com/google/btree v1.0.1 h1:gK4Kx5IaGY9CD5sPJ36FHiBJ6ZXl0kilRiiCj+jdYp4= @@ -910,8 +921,9 @@ github.com/gorilla/handlers v1.5.1 h1:9lRY6j8DEeeBT10CvO9hGW0gmky0BprnvDI5vfhUHH github.com/gorilla/handlers v1.5.1/go.mod h1:t8XrUpc4KVXb7HGyJ4/cEnwQiaxrX/hz1Zv/4g96P1Q= github.com/gorilla/mux v1.6.2/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs= github.com/gorilla/mux v1.7.2/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs= -github.com/gorilla/mux v1.7.3 h1:gnP5JzjVOuiZD07fKKToCAOjS0yOpj/qPETTXCCS6hw= github.com/gorilla/mux v1.7.3/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs= +github.com/gorilla/mux v1.8.0 h1:i40aqfkR1h2SlN9hojwV5ZA91wcXFOvkdNIeFDP5koI= +github.com/gorilla/mux v1.8.0/go.mod h1:DVbg23sWSpFRCP0SfiEN6jmj59UnW/n46BH5rLB71So= github.com/gorilla/securecookie v1.1.1 h1:miw7JPhV+b/lAHSXz4qd/nN9jRiAFV5FwjeKyCS8BvQ= github.com/gorilla/securecookie v1.1.1/go.mod h1:ra0sb63/xPlUeL+yeDciTfxMRAA+MP+HVt/4epWDjd4= github.com/gorilla/websocket v0.0.0-20170926233335-4201258b820c/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ= @@ -933,6 +945,8 @@ github.com/grpc-ecosystem/grpc-gateway v1.9.5/go.mod h1:vNeuVxBJEsws4ogUvrchl83t github.com/grpc-ecosystem/grpc-gateway v1.14.6/go.mod h1:zdiPV4Yse/1gnckTHtghG4GkDEdKCRJduHpTxT3/jcw= github.com/grpc-ecosystem/grpc-gateway v1.16.0 h1:gmcG1KaJ57LophUzW0Hy8NmPhnMZb4M0+kPpLofRdBo= github.com/grpc-ecosystem/grpc-gateway v1.16.0/go.mod h1:BDjrQk3hbvj6Nolgz8mAMFbcEtjT1g+wF4CSlocrBnw= +github.com/grpc-ecosystem/grpc-gateway/v2 v2.7.0 h1:BZHcxBETFHIdVyhyEfOvn/RdU/QGdLI4y34qQGjGWO0= +github.com/grpc-ecosystem/grpc-gateway/v2 v2.7.0/go.mod h1:hgWBS7lorOAVIJEQMi4ZsPv9hVvWI6+ch50m39Pf2Ks= github.com/gtank/cryptopasta v0.0.0-20170601214702-1f550f6f2f69 h1:7xsUJsB2NrdcttQPa7JLEaGzvdbk7KvfrjgHZXOQRo0= github.com/gtank/cryptopasta v0.0.0-20170601214702-1f550f6f2f69/go.mod h1:YLEMZOtU+AZ7dhN9T/IpGhXVGly2bvkJQ+zxj3WeVQo= github.com/hashicorp/consul/api v1.1.0/go.mod h1:VmuI/Lkw1nC05EYQWNKwWGbkg+FbDBtguAZLlVdkD9Q= @@ -981,8 +995,9 @@ github.com/hashicorp/go-sockaddr v1.0.2 h1:ztczhD1jLxIRjVejw8gFomI1BQZOe2WoVOu0S github.com/hashicorp/go-sockaddr v1.0.2/go.mod h1:rB4wwRAUzs07qva3c5SdrY/NEtAUjGlgmH/UkBUC97A= github.com/hashicorp/go-syslog v1.0.0/go.mod h1:qPfqrKkXGihmCqbJM2mZgkZGvKG1dFdvsLplgctolz4= github.com/hashicorp/go-uuid v1.0.0/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= -github.com/hashicorp/go-uuid v1.0.1 h1:fv1ep09latC32wFoVwnqcnKJGnMSdBanPczbHAYm1BE= github.com/hashicorp/go-uuid v1.0.1/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= +github.com/hashicorp/go-uuid v1.0.2 h1:cfejS+Tpcp13yd5nYHWDI6qVCny6wyX2Mt5SGur2IGE= +github.com/hashicorp/go-uuid v1.0.2/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= github.com/hashicorp/go-version v1.1.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA= github.com/hashicorp/go-version v1.2.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA= github.com/hashicorp/go.net v0.0.1/go.mod h1:hjKkEWcCURg++eb33jQU7oqQcI9XDCnUzHA0oac0k90= @@ -1031,6 +1046,10 @@ github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANyt github.com/influxdata/influxdb1-client v0.0.0-20191209144304-8bf82d3c094d/go.mod h1:qj24IKcXYK6Iy9ceXlo3Tc+vtHo9lIhSX5JddghvEPo= github.com/inhies/go-bytesize v0.0.0-20210819104631-275770b98743 h1:X3Xxno5Ji8idrNiUoFc7QyXpqhSYlDRYQmc7mlpMBzU= github.com/inhies/go-bytesize v0.0.0-20210819104631-275770b98743/go.mod h1:KrtyD5PFj++GKkFS/7/RRrfnRhAMGQwy75GLCHWrCNs= +github.com/instana/go-sensor v1.41.1 h1:duCCYLzwVRjgptqwc0doWfJb1oT6w1CzTRQDRNrQ6zw= +github.com/instana/go-sensor v1.41.1/go.mod h1:E42MelHWFz11qqaLwvgt0j98v2s2O/bq22UDkGaG0Gg= +github.com/instana/testify v1.6.2-0.20200721153833-94b1851f4d65 h1:T25FL3WEzgmKB0m6XCJNZ65nw09/QIp3T1yXr487D+A= +github.com/instana/testify v1.6.2-0.20200721153833-94b1851f4d65/go.mod h1:nYhEREG/B7HUY7P+LKOrqy53TpIqmJ9JyUShcaEKtGw= github.com/j-keck/arping v0.0.0-20160618110441-2cf9dc699c56/go.mod h1:ymszkNOg6tORTn+6F6j+Jc8TOr5osrynvN6ivFWZ2GA= github.com/jackc/chunkreader v1.0.0/go.mod h1:RT6O25fNZIuasFJRyZ4R/Y2BbhasbmZXF9QQ7T3kePo= github.com/jackc/chunkreader/v2 v2.0.0/go.mod h1:odVSm741yZoC3dpHEUXIqA9tQRhFrgOHwnPIn9lDKlk= @@ -1086,6 +1105,14 @@ github.com/jandelgado/gcov2lcov v1.0.5 h1:rkBt40h0CVK4oCb8Dps950gvfd1rYvQ8+cWa34 github.com/jandelgado/gcov2lcov v1.0.5/go.mod h1:NnSxK6TMlg1oGDBfGelGbjgorT5/L3cchlbtgFYZSss= github.com/jarcoal/httpmock v1.0.5/go.mod h1:ATjnClrvW/3tijVmpL/va5Z3aAyGvqU3gCT8nX0Txik= github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99/go.mod h1:1lJo3i6rXxKeerYnT8Nvf0QmHCRC1n8sfWVwXF2Frvo= +github.com/jcchavezs/porto v0.1.0 h1:Xmxxn25zQMmgE7/yHYmh19KcItG81hIwfbEEFnd6w/Q= +github.com/jcchavezs/porto v0.1.0/go.mod h1:fESH0gzDHiutHRdX2hv27ojnOVFco37hg1W6E9EZF4A= +github.com/jcmturner/aescts/v2 v2.0.0/go.mod h1:AiaICIRyfYg35RUkr8yESTqvSy7csK90qZ5xfvvsoNs= +github.com/jcmturner/dnsutils/v2 v2.0.0/go.mod h1:b0TnjGOvI/n42bZa+hmXL+kFJZsFT7G4t3HTlQ184QM= +github.com/jcmturner/gofork v1.0.0/go.mod h1:MK8+TM0La+2rjBD4jE12Kj1pCCxK7d2LK/UM3ncEo0o= +github.com/jcmturner/goidentity/v6 v6.0.1/go.mod h1:X1YW3bgtvwAXju7V3LCIMpY0Gbxyjn/mY9zx4tFonSg= +github.com/jcmturner/gokrb5/v8 v8.4.2/go.mod h1:sb+Xq/fTY5yktf/VxLsE3wlfPqQjp0aWNYyvBVK62bc= +github.com/jcmturner/rpc/v2 v2.0.3/go.mod h1:VUJYCIDm3PVOEHw8sgt091/20OJjskO/YJki3ELg/Hc= github.com/jessevdk/go-flags v1.4.0 h1:4IU2WS7AumrZ/40jfhf4QVDMsQwqA7VEHozFRrGARJA= github.com/jessevdk/go-flags v1.4.0/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI= github.com/jhump/protoreflect v1.6.1/go.mod h1:RZQ/lnuN+zqeRVpQigTwO6o0AJUkxbnSnpuG7toUTG4= @@ -1105,6 +1132,8 @@ github.com/jmoiron/sqlx v1.3.1/go.mod h1:2BljVx/86SuTyjE+aPYlHCTNvZrnJXghYGpNiXL github.com/jmoiron/sqlx v1.3.3/go.mod h1:2BljVx/86SuTyjE+aPYlHCTNvZrnJXghYGpNiXLBMCQ= github.com/jmoiron/sqlx v1.3.4 h1:wv+0IJZfL5z0uZoUjlpKgHkgaFSYD+r9CfrXjEXsO7w= github.com/jmoiron/sqlx v1.3.4/go.mod h1:2BljVx/86SuTyjE+aPYlHCTNvZrnJXghYGpNiXLBMCQ= +github.com/joeshaw/multierror v0.0.0-20140124173710-69b34d4ec901 h1:rp+c0RAYOWj8l6qbCUTSiRLG/iKnW3K3/QfPPuSsBt4= +github.com/joeshaw/multierror v0.0.0-20140124173710-69b34d4ec901/go.mod h1:Z86h9688Y0wesXCyonoVr47MasHilkuLMqGhRZ4Hpak= github.com/joho/godotenv v1.3.0/go.mod h1:7hK45KPybAkOC6peb+G5yklZfMxEjkZhHbwpqxOKXbg= github.com/joho/godotenv v1.4.0 h1:3l4+N6zfMWnkbPEXKng2o2/MR5mSwTrBih4ZEkkz1lg= github.com/joho/godotenv v1.4.0/go.mod h1:f4LDr5Voq0i2e/R5DDNOoa2zzDfwtkZa6DnEwAbqwq4= @@ -1146,6 +1175,7 @@ github.com/kisom/goutils v1.4.3/go.mod h1:Lp5qrquG7yhYnWzZCI/68Pa/GpFynw//od6EkG github.com/klauspost/compress v1.9.5/go.mod h1:RyIbtBH6LamlWaDj8nUwkbUhJ87Yi3uG0guNDohfE1A= github.com/klauspost/compress v1.11.3/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs= github.com/klauspost/compress v1.11.13/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs= +github.com/klauspost/compress v1.13.6/go.mod h1:/3/Vjq9QcHkK5uEr5lBEmyoZ1iFhe47etQ6QUkpK6sk= github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= github.com/konsorten/go-windows-terminal-sequences v1.0.2/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= github.com/konsorten/go-windows-terminal-sequences v1.0.3/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= @@ -1181,8 +1211,8 @@ github.com/lib/pq v1.10.4 h1:SO9z7FRPzA03QhHKJrH5BXA6HU1rS4V2nIVrrNC1iYk= github.com/lib/pq v1.10.4/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o= github.com/lightstep/lightstep-tracer-common/golang/gogo v0.0.0-20190605223551-bc2310a04743/go.mod h1:qklhhLq1aX+mtWk9cPHPzaBjWImj5ULL6C7HFJtXQMM= github.com/lightstep/lightstep-tracer-go v0.18.1/go.mod h1:jlF1pusYV4pidLvZ+XD0UBX0ZE6WURAspgAczcDHrL4= -github.com/luna-duclos/instrumentedsql v1.1.3 h1:t7mvC0z1jUt5A0UQ6I/0H31ryymuQRnJcWCiqV3lSAA= -github.com/luna-duclos/instrumentedsql v1.1.3/go.mod h1:9J1njvFds+zN7y85EDhN9XNQLANWwZt2ULeIC8yMNYs= +github.com/looplab/fsm v0.1.0 h1:Qte7Zdn/5hBNbXzP7yxVU4OIFHWXBovyTT2LaBTyC20= +github.com/looplab/fsm v0.1.0/go.mod h1:m2VaOfDHxqXBBMgc26m6yUOwkFn8H2AlJDE+jd/uafI= github.com/lyft/protoc-gen-star v0.5.1/go.mod h1:9toiA3cC7z5uVbODF7kEQ91Xn7XNFkVUl+SrEe+ZORU= github.com/lyft/protoc-gen-star v0.5.3/go.mod h1:V0xaHgaf5oCCqmcxYcWiDfTiKsZsRc87/1qhoTACD8w= github.com/lyft/protoc-gen-validate v0.0.13/go.mod h1:XbGvPuh87YZc5TdIa2/I4pLk0QoUACkjt2znoq26NVQ= @@ -1235,8 +1265,8 @@ github.com/mattn/go-runewidth v0.0.12 h1:Y41i/hVW3Pgwr8gV+J23B9YEY0zxjptBuCWEaxm github.com/mattn/go-runewidth v0.0.12/go.mod h1:RAqKPSqVFrSLVXbA8x7dzmKdmGzieGRCM46jaSJTDAk= github.com/mattn/go-shellwords v1.0.3/go.mod h1:3xCvwCdWdlDJUrvuMn7Wuy9eWs4pE8vqg+NOMyg4B2o= github.com/mattn/go-shellwords v1.0.10/go.mod h1:EZzvwXDESEeg03EKmM+RmDnNOPKG4lLtQsUlTZDWQ8Y= -github.com/mattn/go-sqlite3 v1.14.7-0.20210414154423-1157a4212dcb h1:ax2vG2unlxsjwS7PMRo4FECIfAdQLowd6ejWYwPQhBo= -github.com/mattn/go-sqlite3 v1.14.7-0.20210414154423-1157a4212dcb/go.mod h1:NyWgC/yNuGj7Q9rpYnZvas74GogHl5/Z4A/KQRfk6bU= +github.com/mattn/go-sqlite3 v1.14.12 h1:TJ1bhYJPV44phC+IMu1u2K/i5RriLTPe+yc68XDJ1Z0= +github.com/mattn/go-sqlite3 v1.14.12/go.mod h1:NyWgC/yNuGj7Q9rpYnZvas74GogHl5/Z4A/KQRfk6bU= github.com/mattn/go-zglob v0.0.1/go.mod h1:9fxibJccNxU2cnpIKLRRFA7zX7qhkJIQWBb449FYHOo= github.com/mattn/goveralls v0.0.7 h1:vzy0i4a2iDzEFMdXIxcanRadkr0FBvSBKUmj0P8SPlQ= github.com/mattn/goveralls v0.0.7/go.mod h1:h8b4ow6FxSPMQHF6o2ve3qsclnffZjYTNEKmLesRwqw= @@ -1288,9 +1318,8 @@ github.com/moby/sys/mountinfo v0.4.0/go.mod h1:rEr8tzG/lsIZHBtN/JjGG+LMYx9eXgW2J github.com/moby/sys/mountinfo v0.4.1/go.mod h1:rEr8tzG/lsIZHBtN/JjGG+LMYx9eXgW2JI+6q0qou+A= github.com/moby/sys/symlink v0.1.0/go.mod h1:GGDODQmbFOjFsXvfLVn3+ZRxkch54RkSiGqsZeMYowQ= github.com/moby/term v0.0.0-20200312100748-672ec06f55cd/go.mod h1:DdlQx2hp0Ss5/fLikoLlEeIYiATotOjgB//nb973jeo= +github.com/moby/term v0.0.0-20201216013528-df9cb8a40635 h1:rzf0wL0CHVc8CEsgyygG0Mn9CNCCPZqOPaz8RiiHYQk= github.com/moby/term v0.0.0-20201216013528-df9cb8a40635/go.mod h1:FBS0z0QWA44HXygs7VXDUOGoN/1TV3RuWkLO04am3wc= -github.com/moby/term v0.0.0-20210619224110-3f7ff695adc6 h1:dcztxKSvZ4Id8iPpHERQBbIJfabdt4wUm5qy3wOL2Zc= -github.com/moby/term v0.0.0-20210619224110-3f7ff695adc6/go.mod h1:E2VnQOmVuvZB6UYnnDB0qG5Nq/1tD9acaOpo6xmt0Kw= github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg= github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= @@ -1325,6 +1354,7 @@ github.com/nishanths/predeclared v0.0.0-20200524104333-86fad755b4d3/go.mod h1:nt github.com/nkovacs/streamquote v1.0.0/go.mod h1:BN+NaZ2CmdKqUuTUXUEm9j95B2TRbpOWpxbJYzzgUsc= github.com/npillmayer/nestext v0.1.3/go.mod h1:h2lrijH8jpicr25dFY+oAJLyzlya6jhnuG+zWp9L0Uk= github.com/nxadm/tail v1.4.4/go.mod h1:kenIhsEOeOJmVchQTgglprH7qJGnHDVpk1VPCcaMI8A= +github.com/nxadm/tail v1.4.8/go.mod h1:+ncqLTQzXmGhMZNUePPaPqPvBxHAIsmXswZKocGu+AU= github.com/nyaruka/phonenumbers v1.0.73 h1:bP2WN8/NUP8tQebR+WCIejFaibwYMHOaB7MQVayclUo= github.com/nyaruka/phonenumbers v1.0.73/go.mod h1:3aiS+PS3DuYwkbK3xdcmRwMiPNECZ0oENH8qUT1lY7Q= github.com/oklog/oklog v0.3.2/go.mod h1:FCV+B7mhrz4o+ueLpx+KqkyXRGMWOYEvfiXtdGtbWGs= @@ -1343,13 +1373,17 @@ github.com/onsi/ginkgo v1.10.1/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+ github.com/onsi/ginkgo v1.10.3/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= github.com/onsi/ginkgo v1.11.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= github.com/onsi/ginkgo v1.12.1/go.mod h1:zj2OWP4+oCPe1qIXoGWkgMRwljMUYCdkwsT2108oapk= +github.com/onsi/ginkgo v1.16.4/go.mod h1:dX+/inL/fNMqNlz0e9LfyB9TswhZpCVdJM/Z6Vvnwo0= +github.com/onsi/ginkgo v1.16.5/go.mod h1:+E8gABHa3K6zRBolWtd+ROzc/U5bkGt0FwiG042wbpU= github.com/onsi/gomega v0.0.0-20151007035656-2152b45fa28a/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA= github.com/onsi/gomega v0.0.0-20170829124025-dcabb60a477c/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA= github.com/onsi/gomega v1.4.3/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY= github.com/onsi/gomega v1.5.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY= github.com/onsi/gomega v1.7.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY= github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY= +github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo= github.com/onsi/gomega v1.10.3/go.mod h1:V9xEwhxec5O8UDM77eCW8vLymOMltsqPVYWrpDsH8xc= +github.com/onsi/gomega v1.16.0/go.mod h1:HnhC7FXeEQY45zxNK3PPoIUhzk/80Xly9PcubAlGdZY= github.com/op/go-logging v0.0.0-20160315200505-970db520ece7/go.mod h1:HzydrMdWErDVzsI23lYNej1Htcns9BCg93Dk0bBINWk= github.com/opencontainers/go-digest v0.0.0-20170106003457-a6d0ee40d420/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s= github.com/opencontainers/go-digest v0.0.0-20180430190053-c9281466c8b2/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s= @@ -1378,17 +1412,24 @@ github.com/opencontainers/runtime-tools v0.0.0-20181011054405-1d69bd0f9c39/go.mo github.com/opencontainers/selinux v1.6.0/go.mod h1:VVGKuOLlE7v4PJyT6h7mNWvq1rzqiriPsEqVhc+svHE= github.com/opencontainers/selinux v1.8.0/go.mod h1:RScLhm78qiWa2gbVCcGkC7tCGdgk3ogry1nUQF8Evvo= github.com/opencontainers/selinux v1.8.2/go.mod h1:MUIHuUEvKB1wtJjQdOyYRgOnLD2xAPP8dBsCoU0KuF8= +github.com/opentracing-contrib/go-observer v0.0.0-20170622124052-a52f23424492 h1:lM6RxxfUMrYL/f8bWEUqdXrANWtrL7Nndbm9iFN0DlU= github.com/opentracing-contrib/go-observer v0.0.0-20170622124052-a52f23424492/go.mod h1:Ngi6UdF0k5OKD5t5wlmGhe/EDKPoUM3BXZSSfIuJbis= github.com/opentracing/basictracer-go v1.0.0/go.mod h1:QfBfYuafItcjQuMwinw9GhYKwFXS9KnPs5lxoYwgW74= github.com/opentracing/opentracing-go v1.0.2/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFStlNbqXla1AfSYxPUl2o= github.com/opentracing/opentracing-go v1.1.0/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFStlNbqXla1AfSYxPUl2o= +github.com/opentracing/opentracing-go v1.2.0 h1:uEJPy/1a5RIPAJ0Ov+OIO8OxWu77jEv+1B0VhjKrZUs= github.com/opentracing/opentracing-go v1.2.0/go.mod h1:GxEUsuufX4nBwe+T+Wl9TAgYrxe9dPLANfrWvHYVTgc= +github.com/openzipkin-contrib/zipkin-go-opentracing v0.4.5 h1:ZCnq+JUrvXcDVhX/xRolRBZifmabN1HcS1wrPSvxhrU= github.com/openzipkin-contrib/zipkin-go-opentracing v0.4.5/go.mod h1:/wsWhb9smxSfWAKL3wpBW7V8scJMt8N8gnaMCS9E/cA= github.com/openzipkin/zipkin-go v0.1.6/go.mod h1:QgAqvLzwWbR/WpD4A3cGpPtJrZXNIiJc5AZX7/PBEpw= github.com/openzipkin/zipkin-go v0.2.1/go.mod h1:NaW6tEwdmWMaCDZzg8sh+IBNOxHMPnhQw8ySjnjRyN4= github.com/openzipkin/zipkin-go v0.2.2/go.mod h1:NaW6tEwdmWMaCDZzg8sh+IBNOxHMPnhQw8ySjnjRyN4= +github.com/openzipkin/zipkin-go v0.4.0 h1:CtfRrOVZtbDj8rt1WXjklw0kqqJQwICrCKmlfUuBUUw= +github.com/openzipkin/zipkin-go v0.4.0/go.mod h1:4c3sLeE8xjNqehmF5RpAFLPLJxXscc0R4l6Zg0P1tTQ= github.com/ory/analytics-go/v4 v4.0.3 h1:2zNBQLlm3UiD8U7DdUGLLUBm62ZA5GtbEJ3S5U+xEOI= github.com/ory/analytics-go/v4 v4.0.3/go.mod h1:A3Chm/3TmM8jw4nqRss+gFhAYHRI5j/HFYH3C1FRahU= +github.com/ory/client-go v0.0.1-alpha.138 h1:1Mq+PJz7Q1NA8N+Nntlw6DCq4piMdXFexJ1gAR7d2vE= +github.com/ory/client-go v0.0.1-alpha.138/go.mod h1:dWbi9DBEjiDXwyuJ1+A2WT1/bIp9HwvVxZxzHzp4YHU= github.com/ory/dockertest/v3 v3.8.1 h1:vU/8d1We4qIad2YM0kOwRVtnyue7ExvacPiw1yDm17g= github.com/ory/dockertest/v3 v3.8.1/go.mod h1:wSRQ3wmkz+uSARYMk7kVJFDBGm8x5gSxIhI7NDc+BAQ= github.com/ory/go-acc v0.2.6 h1:YfI+L9dxI7QCtWn2RbawqO0vXhiThdXu/RgizJBbaq0= @@ -1399,6 +1440,10 @@ github.com/ory/graceful v0.1.1 h1:zx+8tDObLPrG+7Tc8jKYlXsqWnLtOQA1IZ/FAAKHMXU= github.com/ory/graceful v0.1.1/go.mod h1:zqu70l95WrKHF4AZ6tXHvAqAvpY6M7g6ttaAVcMm7KU= github.com/ory/herodot v0.9.13 h1:cN/Z4eOkErl/9W7hDIDLb79IO/bfsH+8yscBjRpB4IU= github.com/ory/herodot v0.9.13/go.mod h1:IWDs9kSvFQqw/cQ8zi5ksyYvITiUU4dI7glUrhZcJYo= +github.com/ory/instrumentedsql v1.2.0 h1:7VqI6sVRAEVmIp+mVbeICMTi27EJQuq5k9crlt3rs10= +github.com/ory/instrumentedsql v1.2.0/go.mod h1:wT//5kSu12gfOhU8yDf6IC69yQ+Tc8MufpwzYliRRx8= +github.com/ory/instrumentedsql/opentracing v0.0.0-20210903114257-c8963b546c5c h1:eek/2FXUZEnRXaRQtqw8MQMxcPX7Qr3tACKI5pe71n0= +github.com/ory/instrumentedsql/opentracing v0.0.0-20210903114257-c8963b546c5c/go.mod h1:61Z4zNpOoshtEmLmp6T13G9adSk66/dYTfTBEnCLwVQ= github.com/ory/jsonschema/v3 v3.0.7 h1:GQ9qfZDiJqs4l2d3p56dozCChvejQFZyLKGHYzDzOSo= github.com/ory/jsonschema/v3 v3.0.7/go.mod h1:g8c8YOtN4TrR2wYeMdT02GDmzJDI0fEW2nI26BECafY= github.com/ory/mail v2.3.1+incompatible/go.mod h1:87D9/1gB6ewElQoN0lXJ0ayfqcj3cW3qCTXh+5E9mfU= @@ -1410,8 +1455,8 @@ github.com/ory/sessions v1.2.2-0.20220110165800-b09c17334dc2 h1:zm6sDvHy/U9XrGpi github.com/ory/sessions v1.2.2-0.20220110165800-b09c17334dc2/go.mod h1:dk2InVEVJ0sfLlnXv9EAgkf6ecYs/i80K/zI+bUmuGM= github.com/ory/viper v1.7.5 h1:+xVdq7SU3e1vNaCsk/ixsfxE4zylk1TJUiJrY647jUE= github.com/ory/viper v1.7.5/go.mod h1:ypOuyJmEUb3oENywQZRgeAMwqgOyDqwboO1tj3DjTaM= -github.com/ory/x v0.0.375 h1:isMWH0/n+y5f0QETLOqBAHt0Gl6bo1kK70TkxYKv4iY= -github.com/ory/x v0.0.375/go.mod h1:JHPSavhYHgzlh9teE1vGY+1tecUo2CzfLqHex42jNSQ= +github.com/ory/x v0.0.380 h1:A7QYsVQQQ0CgW9Do0+Z8QkeFNaKgXsfQ/MChQm00s9U= +github.com/ory/x v0.0.380/go.mod h1:JHPSavhYHgzlh9teE1vGY+1tecUo2CzfLqHex42jNSQ= github.com/otiai10/copy v1.2.0/go.mod h1:rrF5dJ5F0t/EWSYODDu4j9/vEeYHMkc8jt0zJChqQWw= github.com/otiai10/curr v0.0.0-20150429015615-9b4961190c95/go.mod h1:9qAhocn7zKJG+0mI8eUu6xqkFDYS2kb2saOteoSB3cE= github.com/otiai10/curr v1.0.0/go.mod h1:LskTG5wDwr8Rs+nNQ+1LlxRjAtTZZjtJW4rMXl6j4vs= @@ -1436,8 +1481,11 @@ github.com/performancecopilot/speed v3.0.0+incompatible/go.mod h1:/CLtqpZ5gBg1M9 github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR/tNboyR3/BZd58JJSHlUSCU= github.com/phayes/freeport v0.0.0-20180830031419-95f893ade6f2 h1:JhzVVoYvbOACxoUmOs6V/G4D5nPVUW73rKvXxP4XUJc= github.com/phayes/freeport v0.0.0-20180830031419-95f893ade6f2/go.mod h1:iIss55rKnNBTvrwdmkUpLnDpZoAHvWaiq5+iMmen4AE= +github.com/philhofer/fwd v1.1.1 h1:GdGcTjf5RNAxwS4QLsiMzJYj5KEvPJD3Abr261yRQXQ= +github.com/philhofer/fwd v1.1.1/go.mod h1:gk3iGcWd9+svBvR0sR+KPcfE+RNWozjowpeBVG3ZVNU= github.com/pierrec/lz4 v1.0.2-0.20190131084431-473cd7ce01a1/go.mod h1:3/3N9NVKO0jef7pBehbT1qWhCMrIgbYNnFAZCqQ5LRc= github.com/pierrec/lz4 v2.0.5+incompatible/go.mod h1:pdkljMzZIN41W+lC3N2tnIh5sFi+IEE17M5jbnwPHcY= +github.com/pierrec/lz4 v2.6.1+incompatible/go.mod h1:pdkljMzZIN41W+lC3N2tnIh5sFi+IEE17M5jbnwPHcY= github.com/pkg/diff v0.0.0-20200914180035-5b29258ca4f7/go.mod h1:zO8QMzTeZd5cpnIkz/Gn6iK0jDfGicM1nynOkkPIl28= github.com/pkg/diff v0.0.0-20210226163009-20ebb0f2a09e h1:aoZm08cpOy4WuID//EZDgcC4zIxODThtZNPirFr42+A= github.com/pkg/diff v0.0.0-20210226163009-20ebb0f2a09e/go.mod h1:pJLUxLENpZxwdsKMEsNbx1VGcRFpLqf3715MtcvvzbA= @@ -1498,6 +1546,7 @@ github.com/prometheus/common v0.32.1/go.mod h1:vu+V0TpY+O6vW9J44gczi3Ap/oXXR10b+ github.com/prometheus/procfs v0.0.0-20180125133057-cb4147076ac7/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= github.com/prometheus/procfs v0.0.0-20190117184657-bf6a532e95b1/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= +github.com/prometheus/procfs v0.0.0-20190425082905-87a4384529e0/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= github.com/prometheus/procfs v0.0.0-20190507164030-5867b95ac084/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= github.com/prometheus/procfs v0.0.0-20190522114515-bc1a522cf7b1/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= @@ -1506,13 +1555,14 @@ github.com/prometheus/procfs v0.0.5/go.mod h1:4A/X28fw3Fc593LaREMrKMqOKvUAntwMDa github.com/prometheus/procfs v0.0.8/go.mod h1:7Qr8sr6344vo1JqZ6HhLceV9o3AJ1Ff+GxbHq6oeK9A= github.com/prometheus/procfs v0.1.3/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4OA4YeYWdaU= github.com/prometheus/procfs v0.2.0/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4OA4YeYWdaU= +github.com/prometheus/procfs v0.6.0 h1:mxy4L2jP6qMonqmq+aTtOx1ifVWUgG/TAmntgbh3xv4= github.com/prometheus/procfs v0.6.0/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA= -github.com/prometheus/procfs v0.7.3 h1:4jVXhlkAyzOScmCkXBTOLRLTz8EeU+eyjrwB/EPq0VU= -github.com/prometheus/procfs v0.7.3/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA= github.com/prometheus/tsdb v0.7.1/go.mod h1:qhTCs0VvXwvX/y3TZrWD7rabWM+ijKTux40TwIPHuXU= github.com/pseudomuto/protoc-gen-doc v1.4.1/go.mod h1:exDTOVwqpp30eV/EDPFLZy3Pwr2sn6hBC1WIYH/UbIg= github.com/pseudomuto/protokit v0.2.0/go.mod h1:2PdH30hxVHsup8KpBTOXTBeMVhJZVio3Q8ViKSAXT0Q= +github.com/rabbitmq/amqp091-go v1.1.0/go.mod h1:ogQDLSOACsLPsIq0NpbtiifNZi2YOz0VTJ0kHRghqbM= github.com/rcrowley/go-metrics v0.0.0-20181016184325-3113b8401b8a/go.mod h1:bCqnVzQkZxMG4s8nGwiZ5l3QUCyqpo9Y+/ZMZ9VjZe4= +github.com/rcrowley/go-metrics v0.0.0-20201227073835-cf1acfcdf475/go.mod h1:bCqnVzQkZxMG4s8nGwiZ5l3QUCyqpo9Y+/ZMZ9VjZe4= github.com/rhnvrm/simples3 v0.6.1/go.mod h1:Y+3vYm2V7Y4VijFoJHHTrja6OgPrJ2cBti8dPGkC3sA= github.com/rivo/uniseg v0.1.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc= github.com/rivo/uniseg v0.2.0 h1:S1pD9weZBuJdFmowNwbpi7BJ8TNftyUImj/0WQi72jY= @@ -1544,6 +1594,8 @@ github.com/ryanuber/columnize v2.1.0+incompatible/go.mod h1:sm1tb6uqfes/u+d4ooFo github.com/ryanuber/go-glob v1.0.0/go.mod h1:807d1WSdnB0XRJzKNil9Om6lcp/3a0v4qIHxIXzX/Yc= github.com/safchain/ethtool v0.0.0-20190326074333-42ed695e3de8/go.mod h1:Z0q5wiBQGYcxhMZ6gUqHn6pYNLypFAvaL3UvgZLR0U4= github.com/samuel/go-zookeeper v0.0.0-20190923202752-2cc03de413da/go.mod h1:gi+0XIa01GRL2eRQVjQkKGqKF3SF9vZR/HnPullcV2E= +github.com/santhosh-tekuri/jsonschema v1.2.4 h1:hNhW8e7t+H1vgY+1QeEQpveR6D4+OwKPXCfD2aieJis= +github.com/santhosh-tekuri/jsonschema v1.2.4/go.mod h1:TEAUOeZSmIxTTuHatJzrvARHiuO9LYd+cIxzgEHCQI4= github.com/sassoftware/go-rpmutils v0.0.0-20190420191620-a8f1baeba37b/go.mod h1:am+Fp8Bt506lA3Rk3QCmSqmYmLMnPDhdDUcosQCAx+I= github.com/satori/go.uuid v1.2.0/go.mod h1:dA0hQrYB0VpLJoorglMZABFdXlWrHn1NEOzdhQKdks0= github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529 h1:nn5Wsu0esKSJiIVhscUtVbo7ada43DJhG55ua/hjS5I= @@ -1635,6 +1687,8 @@ github.com/spf13/viper v1.10.0 h1:mXH0UwHS4D2HwWZa75im4xIQynLfblmWV7qcWpfv0yk= github.com/spf13/viper v1.10.0/go.mod h1:SoyBPwAtKDzypXNDFKN5kzH7ppppbGZtls1UpIy5AsM= github.com/sqs/goreturns v0.0.0-20181028201513-538ac6014518 h1:iD+PFTQwKEmbwSdwfvP5ld2WEI/g7qbdhmHJ2ASfYGs= github.com/sqs/goreturns v0.0.0-20181028201513-538ac6014518/go.mod h1:CKI4AZ4XmGV240rTHfO0hfE83S6/a3/Q1siZJ/vXf7A= +github.com/square/go-jose/v3 v3.0.0-20200630053402-0a67ce9b0693 h1:wD1IWQwAhdWclCwaf6DdzgCAe9Bfz1M+4AHRd7N786Y= +github.com/square/go-jose/v3 v3.0.0-20200630053402-0a67ce9b0693/go.mod h1:6hSY48PjDm4UObWmGLyJE9DxYVKTgR9kbCspXXJEhcU= github.com/src-d/gcfg v1.4.0/go.mod h1:p/UMsR43ujA89BJY9duynAwIpvqEujIH/jFlfL7jWoI= github.com/stefanberger/go-pkcs11uri v0.0.0-20201008174630-78d3cae3a980/go.mod h1:AO3tvPzVZ/ayst6UlUKUv6rcPQInYe3IknH3jYhAKu8= github.com/streadway/amqp v0.0.0-20190404075320-75d898a42a94/go.mod h1:AZpEONHx3DKn8O/DFsRAY58/XVQiIPMTMB1SddzLXVw= @@ -1675,6 +1729,8 @@ github.com/timtadh/data-structures v0.5.3 h1:F2tEjoG9qWIyUjbvXVgJqEOGJPMIiYn7U5W github.com/timtadh/data-structures v0.5.3/go.mod h1:9R4XODhJ8JdWFEI8P/HJKqxuJctfBQw6fDibMQny2oU= github.com/timtadh/lexmachine v0.2.2 h1:g55RnjdYazm5wnKv59pwFcBJHOyvTPfDEoz21s4PHmY= github.com/timtadh/lexmachine v0.2.2/go.mod h1:GBJvD5OAfRn/gnp92zb9KTgHLB7akKyxmVivoYCcjQI= +github.com/tinylib/msgp v1.1.2 h1:gWmO7n0Ys2RBEb7GPYB9Ujq8Mk5p2U08lRnmMcGy6BQ= +github.com/tinylib/msgp v1.1.2/go.mod h1:+d+yLhGm8mzTaHzB+wgMYrodPfmZrzkirds8fDWklFE= github.com/tj/assert v0.0.0-20171129193455-018094318fb0/go.mod h1:mZ9/Rh9oLWpLLDRpvE+3b7gP/C2YyLFYxNmcLnPTMe0= github.com/tj/go-elastic v0.0.0-20171221160941-36157cbbebc2/go.mod h1:WjeM0Oo1eNAjXGDx2yma7uG2XoyRZTq1uv3M/o7imD0= github.com/tj/go-kinesis v0.0.0-20171128231115-08b17f58cb1b/go.mod h1:/yhzCV0xPfx6jb1bBgRFjl5lytqVqZXEaeqWP8lTEao= @@ -1688,7 +1744,10 @@ github.com/tomasen/realip v0.0.0-20180522021738-f0c99a92ddce/go.mod h1:o8v6yHRoi github.com/toqueteos/webbrowser v1.2.0 h1:tVP/gpK69Fx+qMJKsLE7TD8LuGWPnEV71wBN9rrstGQ= github.com/toqueteos/webbrowser v1.2.0/go.mod h1:XWoZq4cyp9WeUeak7w7LXRUQf1F1ATJMir8RTqb4ayM= github.com/tv42/httpunix v0.0.0-20150427012821-b75d8614f926/go.mod h1:9ESjWnEqriFuLhtthL60Sar/7RFoluCcXsuvEwTV5KM= -github.com/tv42/httpunix v0.0.0-20191220191345-2ba4b9c3382c/go.mod h1:hzIxponao9Kjc7aWznkXaL4U4TWaDSs8zcsY4Ka08nM= +github.com/uber/jaeger-client-go v2.30.0+incompatible h1:D6wyKGCecFaSRUpo8lCVbaOOb6ThwMmTEbhRwtKR97o= +github.com/uber/jaeger-client-go v2.30.0+incompatible/go.mod h1:WVhlPFC8FDjOFMMWRy2pZqQJSXxYSwNYOkTr/Z6d3Kk= +github.com/uber/jaeger-lib v2.4.1+incompatible h1:td4jdvLcExb4cBISKIpHuGoVXh+dVKhn2Um6rjCsSsg= +github.com/uber/jaeger-lib v2.4.1+incompatible/go.mod h1:ComeNDZlWwrWnDv8aPp0Ba6+uUTzImX/AauajbLI56U= github.com/ugorji/go v1.1.4/go.mod h1:uQMGLiO92mf5W77hV/PUCpI3pbzQx3CRekS0kk+RGrc= github.com/ugorji/go v1.1.7/go.mod h1:kZn38zHttfInRq0xu/PH0az30d+z6vm202qpg1oXVMw= github.com/ugorji/go/codec v0.0.0-20181204163529-d75b2dcb6bc8/go.mod h1:VFNgLljTbGfSG7qAOspJ7OScBnGdDN/yBr0sguwnwf0= @@ -1702,6 +1761,7 @@ github.com/urfave/cli v1.22.2/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtX github.com/urfave/cli v1.22.4/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0= github.com/urfave/cli v1.22.5 h1:lNq9sAHXK2qfdI8W+GRItjCEkI+2oR4d+MEHy1CKXoU= github.com/urfave/cli v1.22.5/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0= +github.com/urfave/cli/v2 v2.3.0/go.mod h1:LJmUH05zAU44vOAcrfzZQKsZbVcdbOG8rtL3/XcUArI= github.com/urfave/negroni v1.0.0 h1:kIimOitoypq34K7TG7DUaJ9kq/N4Ofuwi1sjz0KipXc= github.com/urfave/negroni v1.0.0/go.mod h1:Meg73S6kFm/4PpbYdq35yYWoCZ9mS/YSx+lKnmiohz4= github.com/valyala/bytebufferpool v1.0.0/go.mod h1:6bBcMArwyJ5K/AmCkWv1jt77kVWyCJ6HpOuEn7z0Csc= @@ -1721,11 +1781,13 @@ github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM= github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg= github.com/xanzy/go-gitlab v0.31.0/go.mod h1:sPLojNBn68fMUWSxIJtdVVIP8uSBYqesTfDUseX11Ug= github.com/xanzy/ssh-agent v0.2.1/go.mod h1:mLlQY/MoOhWBj+gOGMQkOeiEvkx+8pJSI+0Bx9h2kr4= +github.com/xdg-go/pbkdf2 v1.0.0/go.mod h1:jrpuAogTd400dnrH08LKmI/xc1MbPOebTwRqcT5RDeI= +github.com/xdg-go/scram v1.0.2/go.mod h1:1WAq6h33pAW+iRreB34OORO2Nf7qel3VV3fjBj+hCSs= +github.com/xdg-go/stringprep v1.0.2/go.mod h1:8F9zXuvzgwmyT5DUm4GUfZGDdT3W+LCvS6+da4O5kxM= github.com/xdg/scram v0.0.0-20180814205039-7eeb5667e42c/go.mod h1:lB8K/P019DLNhemzwFU4jHLhdvlE6uDZjXFejJXr49I= github.com/xdg/stringprep v0.0.0-20180714160509-73f8eece6fdc/go.mod h1:Jhud4/sHMO4oL310DaZAKk9ZaJ08SJfe+sJh0HrGL1Y= +github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f h1:J9EGpcZtP0E/raorCMxlFGSTBrsSlaDGf3jU/qvAE2c= github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU= -github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb h1:zGWFAtiMcyryUHoUjUJX0/lt1H2+i2Ka2n+D3DImSNo= -github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU= github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 h1:EzJWgHovont7NscjpAxXsDA8S8BMYve8Y5+7cuRE7R0= github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415/go.mod h1:GwrjFmJcFw6At/Gs6z4yjiIwzuJ1/+UwLxMQDVQXShQ= github.com/xeipuuv/gojsonschema v0.0.0-20180618132009-1d523034197f/go.mod h1:5yf86TLmAcydyeJq5YvxkGPE2fm/u4myDekKRoLuqhs= @@ -1755,6 +1817,14 @@ github.com/zmap/zcrypto v0.0.0-20210511125630-18f1e0152cfc/go.mod h1:FM4U1E3NzlN github.com/zmap/zlint/v3 v3.1.0/go.mod h1:L7t8s3sEKkb0A2BxGy1IWrxt1ZATa1R4QfJZaQOD3zU= github.com/zmb3/spotify/v2 v2.0.0 h1:NHW9btztNZTrJ0+3yMNyfY5qcu1ck9s36wwzc7zrCic= github.com/zmb3/spotify/v2 v2.0.0/go.mod h1:+LVh9CafHu7SedyqYmEf12Rd01dIVlEL845yNhksW0E= +go.elastic.co/apm v1.15.0 h1:uPk2g/whK7c7XiZyz/YCUnAUBNPiyNeE3ARX3G6Gx7Q= +go.elastic.co/apm v1.15.0/go.mod h1:dylGv2HKR0tiCV+wliJz1KHtDyuD8SPe69oV7VyK6WY= +go.elastic.co/apm/module/apmhttp v1.15.0 h1:Le/DhI0Cqpr9wG/NIGOkbz7+rOMqJrfE4MRG6q/+leU= +go.elastic.co/apm/module/apmhttp v1.15.0/go.mod h1:NruY6Jq8ALLzWUVUQ7t4wIzn+onKoiP5woJJdTV7GMg= +go.elastic.co/apm/module/apmot v1.15.0 h1:yqarZ4HCIb6dLAzEVSWdppAuRhfrCfm2Z6UL+ubai2A= +go.elastic.co/apm/module/apmot v1.15.0/go.mod h1:BjFz2KOlnjXdnSo0p6nhDDaIEYYX8c6uVHwvkZiLqtQ= +go.elastic.co/fastjson v1.1.0 h1:3MrGBWWVIxe/xvsbpghtkFoPciPhOCmjsR/HfwEeQR4= +go.elastic.co/fastjson v1.1.0/go.mod h1:boNGISWMjQsUPy/t6yqt2/1Wx4YNPSe+mZjlyw9vKKI= go.etcd.io/bbolt v1.3.2/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU= go.etcd.io/bbolt v1.3.3/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU= go.etcd.io/bbolt v1.3.5 h1:XAzx9gjCb0Rxj7EoqcClPD1d5ZBxZJk0jbuoPHenBt0= @@ -1815,8 +1885,16 @@ go.opentelemetry.io/otel v1.4.1/go.mod h1:StM6F/0fSwpd8dKWDCdRr7uRvEPYdW0hBSlbdT go.opentelemetry.io/otel v1.5.0/go.mod h1:Jm/m+rNp/z0eqJc74H7LPwQ3G87qkU/AnnAydAjSAHk= go.opentelemetry.io/otel v1.6.3 h1:FLOfo8f9JzFVFVyU+MSRJc2HdEAXQgm7pIv2uFKRSZE= go.opentelemetry.io/otel v1.6.3/go.mod h1:7BgNga5fNlF/iZjG06hM3yofffp0ofKCDwSXx1GC4dI= +go.opentelemetry.io/otel/bridge/opentracing v1.6.3 h1:2IZRuUKsBCKJZ49f6vPMrPk2MiEYjzysRGK3HbzveJE= +go.opentelemetry.io/otel/bridge/opentracing v1.6.3/go.mod h1:3SVwOElsIpFiclDeQ4aB7EO/Y1Lm0IXUsLh5TYjHTxo= go.opentelemetry.io/otel/exporters/jaeger v1.5.0 h1:ZR7nhLSfLufS5AHk/iN11Q+W9XYwsJrVZ1Frb833d+Y= go.opentelemetry.io/otel/exporters/jaeger v1.5.0/go.mod h1:rSeUArMBRe1eQLo1T0WxOazohN1M2mYThWJQmn1BjRQ= +go.opentelemetry.io/otel/exporters/otlp/internal/retry v1.6.3 h1:nAmg1WgsUXoXf46dJG9eS/AzOcvkCTK4xJSUYpWyHYg= +go.opentelemetry.io/otel/exporters/otlp/internal/retry v1.6.3/go.mod h1:NEu79Xo32iVb+0gVNV8PMd7GoWqnyDXRlj04yFjqz40= +go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.6.3 h1:4/UjHWMVVc5VwX/KAtqJOHErKigMCH8NexChMuanb/o= +go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.6.3/go.mod h1:UJmXdiVVBaZ63umRUTwJuCMAV//GCMvDiQwn703/GoY= +go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.6.3 h1:ufVuVt/g16GZ/yDOyp+AcCGebGX8u4z7kDRuwEX0DkA= +go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.6.3/go.mod h1:S18p8VK4KRHHyAg5rH3iUnJUcRvIUg9xwIWtq1MWibM= go.opentelemetry.io/otel/internal/metric v0.27.0 h1:9dAVGAfFiiEq5NVB9FUJ5et+btbDQAUIJehJ+ikyryk= go.opentelemetry.io/otel/internal/metric v0.27.0/go.mod h1:n1CVxRqKqYZtqyTh9U/onvKapPGv7y/rpyOTI+LFNzw= go.opentelemetry.io/otel/metric v0.27.0 h1:HhJPsGhJoKRSegPQILFbODU56NS/L1UE4fS1sC5kIwQ= @@ -1832,13 +1910,14 @@ go.opentelemetry.io/otel/trace v1.5.0/go.mod h1:sq55kfhjXYr1zVSyexg0w1mpa03AYXR5 go.opentelemetry.io/otel/trace v1.6.3 h1:IqN4L+5b0mPNjdXIiZ90Ni4Bl5BRkDQywePLWemd9bc= go.opentelemetry.io/otel/trace v1.6.3/go.mod h1:GNJQusJlUgZl9/TQBPKU/Y/ty+0iVB5fjhKeJGZPGFs= go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqeYNgFYFoEGnI= +go.opentelemetry.io/proto/otlp v0.15.0 h1:h0bKrvdrT/9sBwEJ6iWUqT/N/xPcS66bL4u3isneJ6w= +go.opentelemetry.io/proto/otlp v0.15.0/go.mod h1:H7XAot3MsfNsj7EXtrA2q5xSNQ10UqI405h3+duxN4U= go.uber.org/atomic v1.3.2/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE= go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE= go.uber.org/atomic v1.5.0/go.mod h1:sABNBOSYdrvTF6hTgEIbc7YasKWGhgEQZyfxyTvoXHQ= go.uber.org/atomic v1.6.0/go.mod h1:sABNBOSYdrvTF6hTgEIbc7YasKWGhgEQZyfxyTvoXHQ= +go.uber.org/atomic v1.7.0 h1:ADUqmZGgLDDfbSL9ZmPxKTybcoEYHgpYfELNoN+7hsw= go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc= -go.uber.org/atomic v1.9.0 h1:ECmE8Bn/WFTYwEW/bpKD3M8VtR/zQVbavAoalC1PYyE= -go.uber.org/atomic v1.9.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc= go.uber.org/multierr v1.1.0/go.mod h1:wR5kodmAFQ0UK8QlbwjlSNy0Z68gJhDJUG5sjR94q/0= go.uber.org/multierr v1.3.0/go.mod h1:VgVr7evmIr6uPjLBxg28wmKNXyqE9akIJ5XnfpiKl+4= go.uber.org/multierr v1.5.0/go.mod h1:FeouvMocqHpRaaGuG9EjoKcStLC43Zu/fmqdUMPcKYU= @@ -1881,11 +1960,13 @@ golang.org/x/crypto v0.0.0-20200510223506-06a226fb4e37/go.mod h1:LzIPMQfyMNhhGPh golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20200728195943-123391ffb6de/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20201002170205-7f63de1d35b0/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= +golang.org/x/crypto v0.0.0-20201112155050-0c6587e931a9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20201124201722-c8d3bf9c5392/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I= golang.org/x/crypto v0.0.0-20210220033148-5ea612d1eb83/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I= golang.org/x/crypto v0.0.0-20210322153248-0c34fe9e7dc2/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4= golang.org/x/crypto v0.0.0-20210506145944-38f3c27a63bf/go.mod h1:P+XmwS30IXTQdn5tA2iutPOUgjI07+tq3H3K9MVA1s8= golang.org/x/crypto v0.0.0-20210711020723-a769d52b0f97/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= +golang.org/x/crypto v0.0.0-20210920023735-84f357641f63/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.0.0-20210921155107-089bfa567519 h1:7I4JAnoQBe7ZtJcBaYHi5UtiO8tQHbUSXxL+pnGRANg= golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= @@ -1912,6 +1993,7 @@ golang.org/x/lint v0.0.0-20191125180803-fdd1cda4f05f/go.mod h1:5qLYkcX4OjUUV8bRu golang.org/x/lint v0.0.0-20200130185559-910be7a94367/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= golang.org/x/lint v0.0.0-20200302205851-738671d3881b/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= golang.org/x/lint v0.0.0-20201208152925-83fdc39ff7b5/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= +golang.org/x/lint v0.0.0-20210508222113-6edffad5e616 h1:VLliZ0d+/avPrXXH+OakdXhpJuEoBZuwh1m2j7U6Iug= golang.org/x/lint v0.0.0-20210508222113-6edffad5e616/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= golang.org/x/mobile v0.0.0-20190312151609-d3739f865fa6/go.mod h1:z+o9i4GpDbdi3rU15maQ/Ox0txvL9dWGYEHz965HBQE= golang.org/x/mobile v0.0.0-20190719004257-d2bd2a29d028/go.mod h1:E/iHnbuqvinMTCcRqshq8CkpyQDoeVncDDYHnLhea+o= @@ -1969,6 +2051,7 @@ golang.org/x/net v0.0.0-20200421231249-e086a090c8fd/go.mod h1:qpuaurCH72eLCgpAm/ golang.org/x/net v0.0.0-20200501053045-e0ff5e5a1de5/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= golang.org/x/net v0.0.0-20200506145744-7e3656a0809f/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= golang.org/x/net v0.0.0-20200513185701-a91f0712d120/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= +golang.org/x/net v0.0.0-20200520004742-59133d7f0dd7/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= golang.org/x/net v0.0.0-20200520182314-0ba52f642ac2/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= golang.org/x/net v0.0.0-20200602114024-627f9648deb9/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= golang.org/x/net v0.0.0-20200625001655-4c5254603344/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= @@ -1988,12 +2071,14 @@ golang.org/x/net v0.0.0-20210316092652-d523dce5a7f4/go.mod h1:RBQZq4jEuRlivfhVLd golang.org/x/net v0.0.0-20210323141857-08027d57d8cf/go.mod h1:RBQZq4jEuRlivfhVLdyRGr576XBO4/greRjx4P4O3yc= golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM= golang.org/x/net v0.0.0-20210410081132-afb366fc7cd1/go.mod h1:9tjilg8BloeKEkVJvy7fQ90B1CfIiPueXVOjqfkSzI8= +golang.org/x/net v0.0.0-20210428140749-89ef3d95e781/go.mod h1:OJAsFXCWl8Ukc7SiCT/9KSuxbyM7479/AVlXFRxuMCk= golang.org/x/net v0.0.0-20210503060351-7fd8e65b6420/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20210510120150-4163338589ed/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20210614182718-04defd469f4e/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20210805182204-aaa1db679c0d/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20210813160813-60bc85c4be6d/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= +golang.org/x/net v0.0.0-20210917221730-978cfadd31cf/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20211015210444-4f30a5c0130f/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20211020060615-d418f374d309 h1:A0lJIi+hcTR6aajJH4YqKWwohY4aW9RO7oRMcdv+HKI= golang.org/x/net v0.0.0-20211020060615-d418f374d309/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= @@ -2010,6 +2095,7 @@ golang.org/x/oauth2 v0.0.0-20201208152858-08078c50e5b5/go.mod h1:KelEdhl1UZF7XfJ golang.org/x/oauth2 v0.0.0-20210218202405-ba52d332ba99/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20210220000619-9bb904979d93/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20210313182246-cd4f82c27b84/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= +golang.org/x/oauth2 v0.0.0-20210323180902-22b0adad7558/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20210402161424-2e8d93401602/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20210413134643-5e61552d6c78/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20210427180440-81ed05c6b58c/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= @@ -2119,6 +2205,7 @@ golang.org/x/tools v0.0.0-20200312045724-11d5b4c81c7d/go.mod h1:o4KQGtdN14AW+yjs golang.org/x/tools v0.0.0-20200331025713-a30bf2db82d4/go.mod h1:Sl4aGygMT6LrqrWclx+PTx3U+LnKx/seiNR+3G19Ar8= golang.org/x/tools v0.0.0-20200426102838-f3a5411a4c3b/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20200501065659-ab2804fb9c9d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= +golang.org/x/tools v0.0.0-20200509030707-2212a7e161a5/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20200512131952-2bc93b1c0c88/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20200515010526-7d3b6ebf133d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20200522201501-cb1345f3a375/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= @@ -2134,6 +2221,7 @@ golang.org/x/tools v0.0.0-20201110124207-079ba7bd75cd/go.mod h1:emZCQorbCU4vsT4f golang.org/x/tools v0.0.0-20201125231158-b5590deeca9b/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.0.0-20201201161351-ac6f37ff4c2a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.0.0-20201208233053-a543418bbed2/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= +golang.org/x/tools v0.0.0-20201224043029-2b0845dc783e/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.0.0-20210105154028-b0ab187a4818/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0= @@ -2311,6 +2399,7 @@ google.golang.org/grpc v1.38.0/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQ google.golang.org/grpc v1.39.0/go.mod h1:PImNr+rS9TWYb2O4/emRugxiyHZ5JyHW5F+RPnDzfrE= google.golang.org/grpc v1.39.1/go.mod h1:PImNr+rS9TWYb2O4/emRugxiyHZ5JyHW5F+RPnDzfrE= google.golang.org/grpc v1.40.0/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9KAK34= +google.golang.org/grpc v1.41.0/go.mod h1:U3l9uK9J0sini8mHphKoXyaqDA/8VyGnDee1zzIUK6k= google.golang.org/grpc v1.42.0/go.mod h1:k+4IHHFw41K8+bbowsex27ge2rCb65oeWqe4jJ590SU= google.golang.org/grpc v1.45.0 h1:NEpgUqV3Z+ZjkqMsxMg11IaDrXY4RY6CQukSGK0uI1M= google.golang.org/grpc v1.45.0/go.mod h1:lN7owxKUQEqMfSyQikvvk5tf/6zMPsrK+ONuO11+0rQ= @@ -2333,6 +2422,8 @@ google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQ google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= google.golang.org/protobuf v1.28.0 h1:w43yiav+6bVFTBQFZX0r7ipe9JQ1QsbMgHwbBziscLw= google.golang.org/protobuf v1.28.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= +gopkg.in/DataDog/dd-trace-go.v1 v1.27.1-0.20201005154917-54b73b3e126a h1:es0hQ3lli77HG43FpTtj59jbpJlku7rLVA0iecbpn5A= +gopkg.in/DataDog/dd-trace-go.v1 v1.27.1-0.20201005154917-54b73b3e126a/go.mod h1:Sp1lku8WJMvNV0kjDI4Ni/T7J/U3BO5ct5kEaoVU8+I= gopkg.in/airbrake/gobrake.v2 v2.0.9/go.mod h1:/h5ZAUhDkGaJfjzjKLSjv6zCL6O0LLBxU4K+aSYdM/U= gopkg.in/alecthomas/kingpin.v2 v2.2.6 h1:jMFz6MfLP0/4fUyZle81rXUoxOBFi19VUFKVDOQfozc= gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw= @@ -2412,6 +2503,8 @@ honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= honnef.co/go/tools v0.1.4/go.mod h1:NgwopIslSNH47DimFoV78dnkksY2EFtX0ajyb3K/las= +howett.net/plist v0.0.0-20181124034731-591f970eefbb h1:jhnBjNi9UFpfpl8YZhA9CrOqpnJdvzuiHsl/dnxl11M= +howett.net/plist v0.0.0-20181124034731-591f970eefbb/go.mod h1:vMygbs4qMhSZSc4lCUl2OEE+rDiIIJAIdR4m7MiMcm0= k8s.io/api v0.20.1/go.mod h1:KqwcCVogGxQY3nBlRpwt+wpAMF/KjaCc7RpywacvqUo= k8s.io/api v0.20.4/go.mod h1:++lNL1AJMkDymriNniQsWRkMDzRaX2Y/POTUi8yvqYQ= k8s.io/api v0.20.6/go.mod h1:X9e8Qag6JV/bL5G6bU8sdVRltWKmdHsFUGS3eVndqE8= From f04a58e0cd1eb201a675f8e2cd9c6894aa511b58 Mon Sep 17 00:00:00 2001 From: aeneasr <3372410+aeneasr@users.noreply.github.com> Date: Mon, 2 May 2022 12:35:36 +0200 Subject: [PATCH 025/411] chore: go mod tidy --- go.mod | 23 ++-------- go.sum | 133 +++++++++++---------------------------------------------- 2 files changed, 27 insertions(+), 129 deletions(-) diff --git a/go.mod b/go.mod index 6c6d1673fc0f..aaee750ce886 100644 --- a/go.mod +++ b/go.mod @@ -100,8 +100,7 @@ require ( require ( cloud.google.com/go v0.99.0 // indirect - github.com/Azure/go-ansiterm v0.0.0-20170929234023-d6e3b3328b78 // indirect - github.com/DataDog/datadog-go v4.8.2+incompatible // indirect + github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1 // indirect github.com/Masterminds/goutils v1.1.0 // indirect github.com/Masterminds/semver v1.5.0 // indirect github.com/Masterminds/semver/v3 v3.1.1 // indirect @@ -187,21 +186,21 @@ require ( github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect github.com/gorilla/css v1.0.0 // indirect github.com/gorilla/handlers v1.5.1 // indirect + github.com/gorilla/mux v1.8.0 // indirect github.com/gorilla/securecookie v1.1.1 // indirect github.com/gorilla/websocket v1.4.2 // indirect github.com/grpc-ecosystem/go-grpc-middleware v1.3.0 // indirect github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0 // indirect github.com/grpc-ecosystem/grpc-gateway v1.16.0 // indirect - github.com/grpc-ecosystem/grpc-gateway/v2 v2.7.0 // indirect github.com/hashicorp/go-cleanhttp v0.5.2 // indirect github.com/hashicorp/go-hclog v1.0.0 // indirect github.com/hashicorp/go-immutable-radix v1.3.1 // indirect github.com/hashicorp/go-rootcerts v1.0.2 // indirect + github.com/hashicorp/go-uuid v1.0.2 // indirect github.com/hashicorp/hcl v1.0.0 // indirect github.com/hashicorp/serf v0.9.6 // indirect github.com/huandu/xstrings v1.2.0 // indirect github.com/inconshreveable/mousetrap v1.0.0 // indirect - github.com/instana/go-sensor v1.41.1 // indirect github.com/jackc/chunkreader/v2 v2.0.1 // indirect github.com/jackc/pgconn v1.10.1 // indirect github.com/jackc/pgio v1.0.0 // indirect @@ -246,10 +245,6 @@ require ( github.com/opencontainers/go-digest v1.0.0 // indirect github.com/opencontainers/image-spec v1.0.2 // indirect github.com/opencontainers/runc v1.0.2 // indirect - github.com/opentracing-contrib/go-observer v0.0.0-20170622124052-a52f23424492 // indirect - github.com/opentracing/opentracing-go v1.2.0 // indirect - github.com/openzipkin-contrib/zipkin-go-opentracing v0.4.5 // indirect - github.com/openzipkin/zipkin-go v0.4.0 // indirect github.com/ory/client-go v0.0.1-alpha.138 // indirect github.com/ory/viper v1.7.5 // indirect github.com/pborman/uuid v1.2.1 // indirect @@ -283,8 +278,6 @@ require ( github.com/timtadh/lexmachine v0.2.2 // indirect github.com/tmc/grpc-websocket-proxy v0.0.0-20201229170055-e5319fda7802 // indirect github.com/toqueteos/webbrowser v1.2.0 // indirect - github.com/uber/jaeger-client-go v2.30.0+incompatible // indirect - github.com/uber/jaeger-lib v2.4.1+incompatible // indirect github.com/urfave/cli v1.22.5 // indirect github.com/x448/float16 v0.8.4 // indirect github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb // indirect @@ -292,10 +285,6 @@ require ( github.com/xeipuuv/gojsonschema v1.2.0 // indirect github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2 // indirect github.com/xtgo/uuid v0.0.0-20140804021211-a0b114877d4c // indirect - go.elastic.co/apm v1.15.0 // indirect - go.elastic.co/apm/module/apmhttp v1.15.0 // indirect - go.elastic.co/apm/module/apmot v1.15.0 // indirect - go.elastic.co/fastjson v1.1.0 // indirect go.etcd.io/bbolt v1.3.5 // indirect go.etcd.io/etcd/api/v3 v3.5.1 // indirect go.etcd.io/etcd/client/pkg/v3 v3.5.1 // indirect @@ -314,16 +303,11 @@ require ( go.opentelemetry.io/contrib/propagators/jaeger v1.4.0 // indirect go.opentelemetry.io/contrib/samplers/jaegerremote v0.0.0-20220314184135-32895002a444 // indirect go.opentelemetry.io/otel v1.6.3 // indirect - go.opentelemetry.io/otel/bridge/opentracing v1.6.3 // indirect go.opentelemetry.io/otel/exporters/jaeger v1.5.0 // indirect - go.opentelemetry.io/otel/exporters/otlp/internal/retry v1.6.3 // indirect - go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.6.3 // indirect - go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.6.3 // indirect go.opentelemetry.io/otel/internal/metric v0.27.0 // indirect go.opentelemetry.io/otel/metric v0.27.0 // indirect go.opentelemetry.io/otel/sdk v1.6.3 // indirect go.opentelemetry.io/otel/trace v1.6.3 // indirect - go.opentelemetry.io/proto/otlp v0.15.0 // indirect go.uber.org/atomic v1.7.0 // indirect go.uber.org/multierr v1.7.0 // indirect go.uber.org/zap v1.17.0 // indirect @@ -337,7 +321,6 @@ require ( google.golang.org/genproto v0.0.0-20211208223120-3a66f561d7aa // indirect google.golang.org/grpc v1.45.0 // indirect google.golang.org/protobuf v1.28.0 // indirect - gopkg.in/DataDog/dd-trace-go.v1 v1.38.0 // indirect gopkg.in/alecthomas/kingpin.v2 v2.2.6 // indirect gopkg.in/alexcesaro/quotedprintable.v3 v3.0.0-20150716171945-2caba252f4dc // indirect gopkg.in/cheggaaa/pb.v1 v1.0.28 // indirect diff --git a/go.sum b/go.sum index 2e29a665a570..3d04d7cd7776 100644 --- a/go.sum +++ b/go.sum @@ -1,5 +1,6 @@ bazil.org/fuse v0.0.0-20160811212531-371fbbdaa898/go.mod h1:Xbm+BRKSBEpa4q4hTSxohYNQpsxXPbPry4JJWOB3LB8= bazil.org/fuse v0.0.0-20180421153158-65cc252bf669/go.mod h1:Xbm+BRKSBEpa4q4hTSxohYNQpsxXPbPry4JJWOB3LB8= +bazil.org/fuse v0.0.0-20200407214033-5883e5a4b512/go.mod h1:FbcW6z/2VytnFDhZfumh8Ss8zxHE6qpMP5sHTRe0EaM= bitbucket.org/creachadair/shell v0.0.6/go.mod h1:8Qqi/cYk7vPnsOePHroKXDJYmb5x7ENhtiFtfZq8K+M= bitbucket.org/liamstask/goose v0.0.0-20150115234039-8488cc47d90c/go.mod h1:hSVuE3qU7grINVSwrmzHfpg9k87ALBk+XaualNyUzI4= cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= @@ -67,8 +68,9 @@ github.com/Azure/azure-sdk-for-go v29.0.0+incompatible/go.mod h1:9XXNKU+eRnpl9mo github.com/Azure/azure-sdk-for-go v30.1.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= github.com/Azure/azure-service-bus-go v0.9.1/go.mod h1:yzBx6/BUGfjfeqbRZny9AQIbIe3AcV9WZbAdpkoXOa0= github.com/Azure/azure-storage-blob-go v0.8.0/go.mod h1:lPI3aLPpuLTeUwh1sViKXFxwl2B6teiRqI0deQUvsw0= -github.com/Azure/go-ansiterm v0.0.0-20170929234023-d6e3b3328b78 h1:w+iIsaOQNcT7OZ575w+acHgRric5iCyQh+xv+KJ4HB8= github.com/Azure/go-ansiterm v0.0.0-20170929234023-d6e3b3328b78/go.mod h1:LmzpDX56iTiv29bbRTIsUNlaFfuhWRQBWjQdVyAevI8= +github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1 h1:UQHMgLO+TxOElx5B5HZ4hJQsoJ/PvUvKRhJHDQXO8P8= +github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E= github.com/Azure/go-autorest v10.8.1+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24= github.com/Azure/go-autorest v12.0.0+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24= github.com/Azure/go-autorest v14.2.0+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24= @@ -83,12 +85,9 @@ github.com/Azure/go-autorest/tracing v0.6.0/go.mod h1:+vhtPC754Xsa23ID7GlGsrdKBp github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo= github.com/DataDog/datadog-go v3.2.0+incompatible/go.mod h1:LButxg5PwREeZtORoXG3tL4fMGNddJ+vMq1mwgfaqoQ= -github.com/DataDog/datadog-go v4.8.2+incompatible h1:qbcKSx29aBLD+5QLvlQZlGmRMF/FfGqFLFev/1TDzRo= -github.com/DataDog/datadog-go v4.8.2+incompatible/go.mod h1:LButxg5PwREeZtORoXG3tL4fMGNddJ+vMq1mwgfaqoQ= github.com/GeertJohan/go.incremental v1.0.0/go.mod h1:6fAjUhbVuX1KcMD3c8TEgVUqmo4seqhv0i0kdATSkM0= github.com/GeertJohan/go.rice v1.0.2/go.mod h1:af5vUNlDNkCjOZeSGFgIJxDje9qdjsO6hshx0gTmZt4= github.com/GoogleCloudPlatform/cloudsql-proxy v0.0.0-20191009163259-e802c2cb94ae/go.mod h1:mjwGPas4yKduTyubHvD1Atl9r1rUq8DfVy+gkVvZ+oo= -github.com/HdrHistogram/hdrhistogram-go v1.1.2 h1:5IcZpTvzydCQeHzK4Ef/D5rrSqwxob0t8PQPMybUNFM= github.com/Knetic/govaluate v3.0.1-0.20171022003610-9aa49832a739+incompatible/go.mod h1:r7JcOSlj0wfOMncg0iLm8Leh48TZaKVeNIfJntJ2wa0= github.com/Masterminds/goutils v1.1.0 h1:zukEsf/1JZwCMgHiK3GZftabmxiCw4apj3a28RPBiVg= github.com/Masterminds/goutils v1.1.0/go.mod h1:8cTjp+g8YejhMuvIA5y2vz3BpJxksy863GQaJW2MFNU= @@ -135,9 +134,7 @@ github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578 h1:d+Bc7a5rLufV github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE= github.com/Shopify/logrus-bugsnag v0.0.0-20171204204709-577dee27f20d/go.mod h1:HI8ITrYtUY+O+ZhtlqUnD8+KwNPOyugEhfP9fdUIaEQ= github.com/Shopify/sarama v1.19.0/go.mod h1:FVkBWblsNy7DGZRfXLU0O9RCGt5g3g3yEuWXgklEdEo= -github.com/Shopify/sarama v1.30.0/go.mod h1:zujlQQx1kzHsh4jfV1USnptCQrHAEZ2Hk8fTKCulPVs= github.com/Shopify/toxiproxy v2.1.4+incompatible/go.mod h1:OXgGpZ6Cli1/URJOF1DMxUHB2q5Ap20/P/eIdh4G0pI= -github.com/Shopify/toxiproxy/v2 v2.1.6-0.20210914104332-15ea381dcdae/go.mod h1:/cvHQkZ1fst0EmZnA5dFtiQdWCNCFYzb+uE2vqVgvx0= github.com/VividCortex/gohistogram v1.0.0/go.mod h1:Pf5mBqqDxYaXu3hDrrU+w6nw50o/4+TcAqDqk/vUH7g= github.com/a8m/envsubst v1.3.0 h1:GmXKmVssap0YtlU3E230W98RWtWCyIZzjtf1apWWyAg= github.com/a8m/envsubst v1.3.0/go.mod h1:MVUTQNGQ3tsjOOtKCNd+fl8RzhsXcDvvAEzkhGtlsbY= @@ -180,7 +177,6 @@ github.com/armon/go-metrics v0.0.0-20180917152333-f0300d1749da/go.mod h1:Q73ZrmV github.com/armon/go-metrics v0.3.10 h1:FR+drcQStOe+32sYyJYyZ7FIdgoGGBnwLl+flodp8Uo= github.com/armon/go-metrics v0.3.10/go.mod h1:4O98XIr/9W0sxpJ8UaYkvjk10Iff7SnFrb4QAOwNTFc= github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8= -github.com/armon/go-radix v1.0.0 h1:F4z6KzEeeQIMeLFa97iZU6vupzoecKdU5TX24SNppXI= github.com/armon/go-radix v1.0.0/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8= github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs= github.com/aryann/difflib v0.0.0-20170710044230-e206f873d14a/go.mod h1:DAHtR1m6lCRdSC2Tm3DSWRPvIPr6xNKyeHdqDQSQT+A= @@ -188,8 +184,9 @@ github.com/asaskevich/govalidator v0.0.0-20180720115003-f9ffefc3facf/go.mod h1:l github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a/go.mod h1:lB+ZfQJz7igIIfQNfa7Ml4HSf2uFQQRzpGGRXenZAgY= github.com/asaskevich/govalidator v0.0.0-20200108200545-475eaeb16496/go.mod h1:oGkLhpf+kjZl6xBf758TQhh5XrAeiJv/7FRz/2spLIg= github.com/asaskevich/govalidator v0.0.0-20200428143746-21a406dcc535/go.mod h1:oGkLhpf+kjZl6xBf758TQhh5XrAeiJv/7FRz/2spLIg= -github.com/asaskevich/govalidator v0.0.0-20200907205600-7a23bdc65eef h1:46PFijGLmAjMPwCCCo7Jf0W6f9slllCkkv7vyc1yOSg= github.com/asaskevich/govalidator v0.0.0-20200907205600-7a23bdc65eef/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw= +github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d h1:Byv0BzEl3/e6D5CLfI0j/7hiIEtvGVFPCZ7Ei2oq8iQ= +github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw= github.com/avast/retry-go/v3 v3.1.1 h1:49Scxf4v8PmiQ/nY0aY3p0hDueqSmc7++cBbtiDGu2g= github.com/avast/retry-go/v3 v3.1.1/go.mod h1:6cXRK369RpzFL3UQGqIUp9Q7GDrams+KsYWrfNA1/nQ= github.com/aws/aws-lambda-go v1.13.3/go.mod h1:4UKl9IzQMoD+QF79YdCuzCwp8VbmG4VAQwij/eHl5CU= @@ -349,8 +346,9 @@ github.com/containerd/continuity v0.0.0-20191127005431-f65d91d395eb/go.mod h1:GL github.com/containerd/continuity v0.0.0-20200710164510-efbc4488d8fe/go.mod h1:cECdGN1O8G9bgKTlLhuPJimka6Xb/Gg7vYzCTNVxhvo= github.com/containerd/continuity v0.0.0-20201208142359-180525291bb7/go.mod h1:kR3BEg7bDFaEddKm54WSmrol1fKWDU1nKYkgrcgZT7Y= github.com/containerd/continuity v0.0.0-20210208174643-50096c924a4e/go.mod h1:EXlVlkqNba9rJe3j7w3Xa924itAMLgZH4UD/Q4PExuQ= -github.com/containerd/continuity v0.1.0 h1:UFRRY5JemiAhPZrr/uE0n8fMTLcZsUvySPr1+D7pgr8= github.com/containerd/continuity v0.1.0/go.mod h1:ICJu0PwR54nI0yPEnJ6jcS+J7CZAUXrLh8lPo2knzsM= +github.com/containerd/continuity v0.2.1 h1:/EeEo2EtN3umhbbgCveyjifoMYg0pS+nMMEemaYw634= +github.com/containerd/continuity v0.2.1/go.mod h1:wCYX+dRqZdImhGucXOqTQn05AhX6EUDaGEMUzTFFpLg= github.com/containerd/fifo v0.0.0-20180307165137-3d5202aec260/go.mod h1:ODA38xgv3Kuk8dQz2ZQXpnv/UZZUHUCL7pnLehbXgQI= github.com/containerd/fifo v0.0.0-20190226154929-a9fb20d87448/go.mod h1:ODA38xgv3Kuk8dQz2ZQXpnv/UZZUHUCL7pnLehbXgQI= github.com/containerd/fifo v0.0.0-20200410184934-f15a3290365b/go.mod h1:jPQ2IAeZRCYxpS/Cm1495vGFww6ecHmMk1YJH2Q5ln0= @@ -485,16 +483,9 @@ github.com/dustin/go-humanize v0.0.0-20171111073723-bb3d318650d4/go.mod h1:Htrtb github.com/dustin/go-humanize v1.0.0 h1:VSnTsYCnlFHaM2/igO1h6X3HA71jcobQuxemgkq4zYo= github.com/dustin/go-humanize v1.0.0/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk= github.com/eapache/go-resiliency v1.1.0/go.mod h1:kFI+JgMyC7bLPUVY133qvEBtVayf5mFgVsvEsIPBvNs= -github.com/eapache/go-resiliency v1.2.0/go.mod h1:kFI+JgMyC7bLPUVY133qvEBtVayf5mFgVsvEsIPBvNs= github.com/eapache/go-xerial-snappy v0.0.0-20180814174437-776d5712da21/go.mod h1:+020luEh2TKB4/GOp8oxxtq0Daoen/Cii55CzbTV6DU= github.com/eapache/queue v1.1.0/go.mod h1:6eCeP0CKFpHLu8blIFXhExK/dRa7WDZfr6jVFPTqq+I= github.com/edsrzf/mmap-go v1.0.0/go.mod h1:YO35OhQPt3KJa3ryjFM5Bs14WD66h8eGKpfaBNrHW5M= -github.com/elastic/go-licenser v0.3.1 h1:RmRukU/JUmts+rpexAw0Fvt2ly7VVu6mw8z4HrEzObU= -github.com/elastic/go-licenser v0.3.1/go.mod h1:D8eNQk70FOCVBl3smCGQt/lv7meBeQno2eI1S5apiHQ= -github.com/elastic/go-sysinfo v1.1.1 h1:ZVlaLDyhVkDfjwPGU55CQRCRolNpc7P0BbyhhQZQmMI= -github.com/elastic/go-sysinfo v1.1.1/go.mod h1:i1ZYdU10oLNfRzq4vq62BEwD2fH8KaWh6eh0ikPT9F0= -github.com/elastic/go-windows v1.0.0 h1:qLURgZFkkrYyTTkvYpsZIgf83AUsdIHfvlJaqaZ7aSY= -github.com/elastic/go-windows v1.0.0/go.mod h1:TsU0Nrp7/y3+VwE82FoZF8gC/XFg/Elz6CcloAxnPgU= github.com/elazarl/goproxy v0.0.0-20180725130230-947c36da3153/go.mod h1:/Zj4wYkgs4iZTTu3o/KG3Itv/qCCa8VVMlb3i9OVuzc= github.com/elliotchance/orderedmap v1.4.0 h1:wZtfeEONCbx6in1CZyE6bELEt/vFayMvsxqI5SgsR+A= github.com/elliotchance/orderedmap v1.4.0/go.mod h1:wsDwEaX5jEoyhbs7x93zk2H/qv0zwuhg4inXhDkYqys= @@ -599,8 +590,8 @@ github.com/go-openapi/errors v0.19.6/go.mod h1:cM//ZKUKyO06HSwqAelJ5NsEMMcpa6VpX github.com/go-openapi/errors v0.19.7/go.mod h1:cM//ZKUKyO06HSwqAelJ5NsEMMcpa6VpXe8DOa1Mi1M= github.com/go-openapi/errors v0.19.8/go.mod h1:cM//ZKUKyO06HSwqAelJ5NsEMMcpa6VpXe8DOa1Mi1M= github.com/go-openapi/errors v0.19.9/go.mod h1:cM//ZKUKyO06HSwqAelJ5NsEMMcpa6VpXe8DOa1Mi1M= -github.com/go-openapi/errors v0.20.0 h1:Sxpo9PjEHDzhs3FbnGNonvDgWcMW2U7wGTcDDSFSceM= -github.com/go-openapi/errors v0.20.0/go.mod h1:cM//ZKUKyO06HSwqAelJ5NsEMMcpa6VpXe8DOa1Mi1M= +github.com/go-openapi/errors v0.20.1 h1:j23mMDtRxMwIobkpId7sWh7Ddcx4ivaoqUbfXx5P+a8= +github.com/go-openapi/errors v0.20.1/go.mod h1:cM//ZKUKyO06HSwqAelJ5NsEMMcpa6VpXe8DOa1Mi1M= github.com/go-openapi/inflect v0.19.0 h1:9jCH9scKIbHeV9m12SmPilScz6krDxKRasNNSNPXu/4= github.com/go-openapi/inflect v0.19.0/go.mod h1:lHpZVlpIQqLyKwJ4N+YSc9hchQy/i12fJykb83CRBH4= github.com/go-openapi/jsonpointer v0.17.0/go.mod h1:cOnomiV+CVVwFLk0A/MExoFMjwdsUdVpsRhURCKh+3M= @@ -664,8 +655,9 @@ github.com/go-openapi/swag v0.19.5/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh github.com/go-openapi/swag v0.19.7/go.mod h1:ao+8BpOPyKdpQz3AOJfbeEVpLmWAvlT1IfTe5McPyhY= github.com/go-openapi/swag v0.19.9/go.mod h1:ao+8BpOPyKdpQz3AOJfbeEVpLmWAvlT1IfTe5McPyhY= github.com/go-openapi/swag v0.19.12/go.mod h1:eFdyEBkTdoAf/9RXBvj4cr1nH7GD8Kzo5HTt47gr72M= -github.com/go-openapi/swag v0.19.13 h1:233UVgMy1DlmCYYfOiFpta6e2urloh+sEs5id6lyzog= github.com/go-openapi/swag v0.19.13/go.mod h1:QYRuS/SOXUCsnplDa677K7+DxSOj6IPNl/eQntq43wQ= +github.com/go-openapi/swag v0.19.15 h1:D2NRCBzS9/pEY3gP9Nl8aDqGUcPFrwG2p+CNFrLyrCM= +github.com/go-openapi/swag v0.19.15/go.mod h1:QYRuS/SOXUCsnplDa677K7+DxSOj6IPNl/eQntq43wQ= github.com/go-openapi/validate v0.18.0/go.mod h1:Uh4HdOzKt19xGIGm1qHf/ofbX1YQ4Y+MYsct2VUrAJ4= github.com/go-openapi/validate v0.19.2/go.mod h1:1tRCw7m3jtI8eNWEEliiAqUIcBztB2KDnRCRMUi7GTA= github.com/go-openapi/validate v0.19.3/go.mod h1:90Vh6jjkTn+OT1Eefm0ZixWNFjhtOH7vS9k0lo6zwJo= @@ -690,13 +682,13 @@ github.com/go-sql-driver/mysql v1.4.1/go.mod h1:zAC/RDZ24gD3HViQzih4MyKcchzm+sOG github.com/go-sql-driver/mysql v1.5.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg= github.com/go-sql-driver/mysql v1.6.0 h1:BCTh4TKNUYmOmMUcQ3IipzF5prigylS7XXjEkfCHuOE= github.com/go-sql-driver/mysql v1.6.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg= -github.com/go-stack/stack v1.8.0 h1:5SgMzNM5HxrEjV0ww2lTmX6E2Izsfxas4+YHWRs3Lsk= github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY= +github.com/go-stack/stack v1.8.1 h1:ntEHSVwIt7PNXNpgPmVfMrNhLtgjlmnZha2kOpuRiDw= +github.com/go-stack/stack v1.8.1/go.mod h1:dcoOX6HbPZSZptuspn9bctJ+N/CnF5gGygcUP3XYfe4= github.com/go-swagger/go-swagger v0.26.1 h1:1XUWLnH6hKxHzeKjJfA2gHkSqcT1Zgi4q/PZp2hDdN8= github.com/go-swagger/go-swagger v0.26.1/go.mod h1:zlf/LHplZpdtU2mYXg9Ajd3+9TgHYltv5f/pEM6LjnI= github.com/go-swagger/scan-repo-boundary v0.0.0-20180623220736-973b3573c013 h1:l9rI6sNaZgNC0LnF3MiE+qTmyBA/tZAg1rtyrGbUMK0= github.com/go-swagger/scan-repo-boundary v0.0.0-20180623220736-973b3573c013/go.mod h1:b65mBPzqzZWxOZGxSWrqs4GInLIn+u99Q9q7p+GKni0= -github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0/go.mod h1:fyg7847qk6SyHyPtNmDHnmrv/HOrqktSC+C9fM+CJOE= github.com/go-test/deep v1.0.2-0.20181118220953-042da051cf31/go.mod h1:wGDj63lr65AM2AQyKZd/NYHGb0R+1RLqB8NKt3aSFNA= github.com/go-test/deep v1.0.4 h1:u2CU3YKy9I2pmu9pX0eq50wCgjfGIt539SqR7FbHiho= github.com/go-test/deep v1.0.4/go.mod h1:wGDj63lr65AM2AQyKZd/NYHGb0R+1RLqB8NKt3aSFNA= @@ -831,7 +823,6 @@ github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiu github.com/golang/snappy v0.0.0-20180518054509-2e65f85255db/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= github.com/golang/snappy v0.0.1/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= github.com/golang/snappy v0.0.3/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= -github.com/golang/snappy v0.0.4/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= github.com/google/btree v1.0.1 h1:gK4Kx5IaGY9CD5sPJ36FHiBJ6ZXl0kilRiiCj+jdYp4= @@ -945,8 +936,6 @@ github.com/grpc-ecosystem/grpc-gateway v1.9.5/go.mod h1:vNeuVxBJEsws4ogUvrchl83t github.com/grpc-ecosystem/grpc-gateway v1.14.6/go.mod h1:zdiPV4Yse/1gnckTHtghG4GkDEdKCRJduHpTxT3/jcw= github.com/grpc-ecosystem/grpc-gateway v1.16.0 h1:gmcG1KaJ57LophUzW0Hy8NmPhnMZb4M0+kPpLofRdBo= github.com/grpc-ecosystem/grpc-gateway v1.16.0/go.mod h1:BDjrQk3hbvj6Nolgz8mAMFbcEtjT1g+wF4CSlocrBnw= -github.com/grpc-ecosystem/grpc-gateway/v2 v2.7.0 h1:BZHcxBETFHIdVyhyEfOvn/RdU/QGdLI4y34qQGjGWO0= -github.com/grpc-ecosystem/grpc-gateway/v2 v2.7.0/go.mod h1:hgWBS7lorOAVIJEQMi4ZsPv9hVvWI6+ch50m39Pf2Ks= github.com/gtank/cryptopasta v0.0.0-20170601214702-1f550f6f2f69 h1:7xsUJsB2NrdcttQPa7JLEaGzvdbk7KvfrjgHZXOQRo0= github.com/gtank/cryptopasta v0.0.0-20170601214702-1f550f6f2f69/go.mod h1:YLEMZOtU+AZ7dhN9T/IpGhXVGly2bvkJQ+zxj3WeVQo= github.com/hashicorp/consul/api v1.1.0/go.mod h1:VmuI/Lkw1nC05EYQWNKwWGbkg+FbDBtguAZLlVdkD9Q= @@ -1046,10 +1035,6 @@ github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANyt github.com/influxdata/influxdb1-client v0.0.0-20191209144304-8bf82d3c094d/go.mod h1:qj24IKcXYK6Iy9ceXlo3Tc+vtHo9lIhSX5JddghvEPo= github.com/inhies/go-bytesize v0.0.0-20210819104631-275770b98743 h1:X3Xxno5Ji8idrNiUoFc7QyXpqhSYlDRYQmc7mlpMBzU= github.com/inhies/go-bytesize v0.0.0-20210819104631-275770b98743/go.mod h1:KrtyD5PFj++GKkFS/7/RRrfnRhAMGQwy75GLCHWrCNs= -github.com/instana/go-sensor v1.41.1 h1:duCCYLzwVRjgptqwc0doWfJb1oT6w1CzTRQDRNrQ6zw= -github.com/instana/go-sensor v1.41.1/go.mod h1:E42MelHWFz11qqaLwvgt0j98v2s2O/bq22UDkGaG0Gg= -github.com/instana/testify v1.6.2-0.20200721153833-94b1851f4d65 h1:T25FL3WEzgmKB0m6XCJNZ65nw09/QIp3T1yXr487D+A= -github.com/instana/testify v1.6.2-0.20200721153833-94b1851f4d65/go.mod h1:nYhEREG/B7HUY7P+LKOrqy53TpIqmJ9JyUShcaEKtGw= github.com/j-keck/arping v0.0.0-20160618110441-2cf9dc699c56/go.mod h1:ymszkNOg6tORTn+6F6j+Jc8TOr5osrynvN6ivFWZ2GA= github.com/jackc/chunkreader v1.0.0/go.mod h1:RT6O25fNZIuasFJRyZ4R/Y2BbhasbmZXF9QQ7T3kePo= github.com/jackc/chunkreader/v2 v2.0.0/go.mod h1:odVSm741yZoC3dpHEUXIqA9tQRhFrgOHwnPIn9lDKlk= @@ -1105,14 +1090,6 @@ github.com/jandelgado/gcov2lcov v1.0.5 h1:rkBt40h0CVK4oCb8Dps950gvfd1rYvQ8+cWa34 github.com/jandelgado/gcov2lcov v1.0.5/go.mod h1:NnSxK6TMlg1oGDBfGelGbjgorT5/L3cchlbtgFYZSss= github.com/jarcoal/httpmock v1.0.5/go.mod h1:ATjnClrvW/3tijVmpL/va5Z3aAyGvqU3gCT8nX0Txik= github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99/go.mod h1:1lJo3i6rXxKeerYnT8Nvf0QmHCRC1n8sfWVwXF2Frvo= -github.com/jcchavezs/porto v0.1.0 h1:Xmxxn25zQMmgE7/yHYmh19KcItG81hIwfbEEFnd6w/Q= -github.com/jcchavezs/porto v0.1.0/go.mod h1:fESH0gzDHiutHRdX2hv27ojnOVFco37hg1W6E9EZF4A= -github.com/jcmturner/aescts/v2 v2.0.0/go.mod h1:AiaICIRyfYg35RUkr8yESTqvSy7csK90qZ5xfvvsoNs= -github.com/jcmturner/dnsutils/v2 v2.0.0/go.mod h1:b0TnjGOvI/n42bZa+hmXL+kFJZsFT7G4t3HTlQ184QM= -github.com/jcmturner/gofork v1.0.0/go.mod h1:MK8+TM0La+2rjBD4jE12Kj1pCCxK7d2LK/UM3ncEo0o= -github.com/jcmturner/goidentity/v6 v6.0.1/go.mod h1:X1YW3bgtvwAXju7V3LCIMpY0Gbxyjn/mY9zx4tFonSg= -github.com/jcmturner/gokrb5/v8 v8.4.2/go.mod h1:sb+Xq/fTY5yktf/VxLsE3wlfPqQjp0aWNYyvBVK62bc= -github.com/jcmturner/rpc/v2 v2.0.3/go.mod h1:VUJYCIDm3PVOEHw8sgt091/20OJjskO/YJki3ELg/Hc= github.com/jessevdk/go-flags v1.4.0 h1:4IU2WS7AumrZ/40jfhf4QVDMsQwqA7VEHozFRrGARJA= github.com/jessevdk/go-flags v1.4.0/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI= github.com/jhump/protoreflect v1.6.1/go.mod h1:RZQ/lnuN+zqeRVpQigTwO6o0AJUkxbnSnpuG7toUTG4= @@ -1132,8 +1109,6 @@ github.com/jmoiron/sqlx v1.3.1/go.mod h1:2BljVx/86SuTyjE+aPYlHCTNvZrnJXghYGpNiXL github.com/jmoiron/sqlx v1.3.3/go.mod h1:2BljVx/86SuTyjE+aPYlHCTNvZrnJXghYGpNiXLBMCQ= github.com/jmoiron/sqlx v1.3.4 h1:wv+0IJZfL5z0uZoUjlpKgHkgaFSYD+r9CfrXjEXsO7w= github.com/jmoiron/sqlx v1.3.4/go.mod h1:2BljVx/86SuTyjE+aPYlHCTNvZrnJXghYGpNiXLBMCQ= -github.com/joeshaw/multierror v0.0.0-20140124173710-69b34d4ec901 h1:rp+c0RAYOWj8l6qbCUTSiRLG/iKnW3K3/QfPPuSsBt4= -github.com/joeshaw/multierror v0.0.0-20140124173710-69b34d4ec901/go.mod h1:Z86h9688Y0wesXCyonoVr47MasHilkuLMqGhRZ4Hpak= github.com/joho/godotenv v1.3.0/go.mod h1:7hK45KPybAkOC6peb+G5yklZfMxEjkZhHbwpqxOKXbg= github.com/joho/godotenv v1.4.0 h1:3l4+N6zfMWnkbPEXKng2o2/MR5mSwTrBih4ZEkkz1lg= github.com/joho/godotenv v1.4.0/go.mod h1:f4LDr5Voq0i2e/R5DDNOoa2zzDfwtkZa6DnEwAbqwq4= @@ -1175,7 +1150,6 @@ github.com/kisom/goutils v1.4.3/go.mod h1:Lp5qrquG7yhYnWzZCI/68Pa/GpFynw//od6EkG github.com/klauspost/compress v1.9.5/go.mod h1:RyIbtBH6LamlWaDj8nUwkbUhJ87Yi3uG0guNDohfE1A= github.com/klauspost/compress v1.11.3/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs= github.com/klauspost/compress v1.11.13/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs= -github.com/klauspost/compress v1.13.6/go.mod h1:/3/Vjq9QcHkK5uEr5lBEmyoZ1iFhe47etQ6QUkpK6sk= github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= github.com/konsorten/go-windows-terminal-sequences v1.0.2/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= github.com/konsorten/go-windows-terminal-sequences v1.0.3/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= @@ -1211,8 +1185,8 @@ github.com/lib/pq v1.10.4 h1:SO9z7FRPzA03QhHKJrH5BXA6HU1rS4V2nIVrrNC1iYk= github.com/lib/pq v1.10.4/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o= github.com/lightstep/lightstep-tracer-common/golang/gogo v0.0.0-20190605223551-bc2310a04743/go.mod h1:qklhhLq1aX+mtWk9cPHPzaBjWImj5ULL6C7HFJtXQMM= github.com/lightstep/lightstep-tracer-go v0.18.1/go.mod h1:jlF1pusYV4pidLvZ+XD0UBX0ZE6WURAspgAczcDHrL4= -github.com/looplab/fsm v0.1.0 h1:Qte7Zdn/5hBNbXzP7yxVU4OIFHWXBovyTT2LaBTyC20= -github.com/looplab/fsm v0.1.0/go.mod h1:m2VaOfDHxqXBBMgc26m6yUOwkFn8H2AlJDE+jd/uafI= +github.com/luna-duclos/instrumentedsql v1.1.3 h1:t7mvC0z1jUt5A0UQ6I/0H31ryymuQRnJcWCiqV3lSAA= +github.com/luna-duclos/instrumentedsql v1.1.3/go.mod h1:9J1njvFds+zN7y85EDhN9XNQLANWwZt2ULeIC8yMNYs= github.com/lyft/protoc-gen-star v0.5.1/go.mod h1:9toiA3cC7z5uVbODF7kEQ91Xn7XNFkVUl+SrEe+ZORU= github.com/lyft/protoc-gen-star v0.5.3/go.mod h1:V0xaHgaf5oCCqmcxYcWiDfTiKsZsRc87/1qhoTACD8w= github.com/lyft/protoc-gen-validate v0.0.13/go.mod h1:XbGvPuh87YZc5TdIa2/I4pLk0QoUACkjt2znoq26NVQ= @@ -1265,8 +1239,8 @@ github.com/mattn/go-runewidth v0.0.12 h1:Y41i/hVW3Pgwr8gV+J23B9YEY0zxjptBuCWEaxm github.com/mattn/go-runewidth v0.0.12/go.mod h1:RAqKPSqVFrSLVXbA8x7dzmKdmGzieGRCM46jaSJTDAk= github.com/mattn/go-shellwords v1.0.3/go.mod h1:3xCvwCdWdlDJUrvuMn7Wuy9eWs4pE8vqg+NOMyg4B2o= github.com/mattn/go-shellwords v1.0.10/go.mod h1:EZzvwXDESEeg03EKmM+RmDnNOPKG4lLtQsUlTZDWQ8Y= -github.com/mattn/go-sqlite3 v1.14.12 h1:TJ1bhYJPV44phC+IMu1u2K/i5RriLTPe+yc68XDJ1Z0= -github.com/mattn/go-sqlite3 v1.14.12/go.mod h1:NyWgC/yNuGj7Q9rpYnZvas74GogHl5/Z4A/KQRfk6bU= +github.com/mattn/go-sqlite3 v1.14.7-0.20210414154423-1157a4212dcb h1:ax2vG2unlxsjwS7PMRo4FECIfAdQLowd6ejWYwPQhBo= +github.com/mattn/go-sqlite3 v1.14.7-0.20210414154423-1157a4212dcb/go.mod h1:NyWgC/yNuGj7Q9rpYnZvas74GogHl5/Z4A/KQRfk6bU= github.com/mattn/go-zglob v0.0.1/go.mod h1:9fxibJccNxU2cnpIKLRRFA7zX7qhkJIQWBb449FYHOo= github.com/mattn/goveralls v0.0.7 h1:vzy0i4a2iDzEFMdXIxcanRadkr0FBvSBKUmj0P8SPlQ= github.com/mattn/goveralls v0.0.7/go.mod h1:h8b4ow6FxSPMQHF6o2ve3qsclnffZjYTNEKmLesRwqw= @@ -1318,8 +1292,9 @@ github.com/moby/sys/mountinfo v0.4.0/go.mod h1:rEr8tzG/lsIZHBtN/JjGG+LMYx9eXgW2J github.com/moby/sys/mountinfo v0.4.1/go.mod h1:rEr8tzG/lsIZHBtN/JjGG+LMYx9eXgW2JI+6q0qou+A= github.com/moby/sys/symlink v0.1.0/go.mod h1:GGDODQmbFOjFsXvfLVn3+ZRxkch54RkSiGqsZeMYowQ= github.com/moby/term v0.0.0-20200312100748-672ec06f55cd/go.mod h1:DdlQx2hp0Ss5/fLikoLlEeIYiATotOjgB//nb973jeo= -github.com/moby/term v0.0.0-20201216013528-df9cb8a40635 h1:rzf0wL0CHVc8CEsgyygG0Mn9CNCCPZqOPaz8RiiHYQk= github.com/moby/term v0.0.0-20201216013528-df9cb8a40635/go.mod h1:FBS0z0QWA44HXygs7VXDUOGoN/1TV3RuWkLO04am3wc= +github.com/moby/term v0.0.0-20210619224110-3f7ff695adc6 h1:dcztxKSvZ4Id8iPpHERQBbIJfabdt4wUm5qy3wOL2Zc= +github.com/moby/term v0.0.0-20210619224110-3f7ff695adc6/go.mod h1:E2VnQOmVuvZB6UYnnDB0qG5Nq/1tD9acaOpo6xmt0Kw= github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg= github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= @@ -1354,7 +1329,6 @@ github.com/nishanths/predeclared v0.0.0-20200524104333-86fad755b4d3/go.mod h1:nt github.com/nkovacs/streamquote v1.0.0/go.mod h1:BN+NaZ2CmdKqUuTUXUEm9j95B2TRbpOWpxbJYzzgUsc= github.com/npillmayer/nestext v0.1.3/go.mod h1:h2lrijH8jpicr25dFY+oAJLyzlya6jhnuG+zWp9L0Uk= github.com/nxadm/tail v1.4.4/go.mod h1:kenIhsEOeOJmVchQTgglprH7qJGnHDVpk1VPCcaMI8A= -github.com/nxadm/tail v1.4.8/go.mod h1:+ncqLTQzXmGhMZNUePPaPqPvBxHAIsmXswZKocGu+AU= github.com/nyaruka/phonenumbers v1.0.73 h1:bP2WN8/NUP8tQebR+WCIejFaibwYMHOaB7MQVayclUo= github.com/nyaruka/phonenumbers v1.0.73/go.mod h1:3aiS+PS3DuYwkbK3xdcmRwMiPNECZ0oENH8qUT1lY7Q= github.com/oklog/oklog v0.3.2/go.mod h1:FCV+B7mhrz4o+ueLpx+KqkyXRGMWOYEvfiXtdGtbWGs= @@ -1373,17 +1347,13 @@ github.com/onsi/ginkgo v1.10.1/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+ github.com/onsi/ginkgo v1.10.3/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= github.com/onsi/ginkgo v1.11.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= github.com/onsi/ginkgo v1.12.1/go.mod h1:zj2OWP4+oCPe1qIXoGWkgMRwljMUYCdkwsT2108oapk= -github.com/onsi/ginkgo v1.16.4/go.mod h1:dX+/inL/fNMqNlz0e9LfyB9TswhZpCVdJM/Z6Vvnwo0= -github.com/onsi/ginkgo v1.16.5/go.mod h1:+E8gABHa3K6zRBolWtd+ROzc/U5bkGt0FwiG042wbpU= github.com/onsi/gomega v0.0.0-20151007035656-2152b45fa28a/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA= github.com/onsi/gomega v0.0.0-20170829124025-dcabb60a477c/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA= github.com/onsi/gomega v1.4.3/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY= github.com/onsi/gomega v1.5.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY= github.com/onsi/gomega v1.7.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY= github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY= -github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo= github.com/onsi/gomega v1.10.3/go.mod h1:V9xEwhxec5O8UDM77eCW8vLymOMltsqPVYWrpDsH8xc= -github.com/onsi/gomega v1.16.0/go.mod h1:HnhC7FXeEQY45zxNK3PPoIUhzk/80Xly9PcubAlGdZY= github.com/op/go-logging v0.0.0-20160315200505-970db520ece7/go.mod h1:HzydrMdWErDVzsI23lYNej1Htcns9BCg93Dk0bBINWk= github.com/opencontainers/go-digest v0.0.0-20170106003457-a6d0ee40d420/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s= github.com/opencontainers/go-digest v0.0.0-20180430190053-c9281466c8b2/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s= @@ -1412,20 +1382,15 @@ github.com/opencontainers/runtime-tools v0.0.0-20181011054405-1d69bd0f9c39/go.mo github.com/opencontainers/selinux v1.6.0/go.mod h1:VVGKuOLlE7v4PJyT6h7mNWvq1rzqiriPsEqVhc+svHE= github.com/opencontainers/selinux v1.8.0/go.mod h1:RScLhm78qiWa2gbVCcGkC7tCGdgk3ogry1nUQF8Evvo= github.com/opencontainers/selinux v1.8.2/go.mod h1:MUIHuUEvKB1wtJjQdOyYRgOnLD2xAPP8dBsCoU0KuF8= -github.com/opentracing-contrib/go-observer v0.0.0-20170622124052-a52f23424492 h1:lM6RxxfUMrYL/f8bWEUqdXrANWtrL7Nndbm9iFN0DlU= github.com/opentracing-contrib/go-observer v0.0.0-20170622124052-a52f23424492/go.mod h1:Ngi6UdF0k5OKD5t5wlmGhe/EDKPoUM3BXZSSfIuJbis= github.com/opentracing/basictracer-go v1.0.0/go.mod h1:QfBfYuafItcjQuMwinw9GhYKwFXS9KnPs5lxoYwgW74= github.com/opentracing/opentracing-go v1.0.2/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFStlNbqXla1AfSYxPUl2o= github.com/opentracing/opentracing-go v1.1.0/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFStlNbqXla1AfSYxPUl2o= -github.com/opentracing/opentracing-go v1.2.0 h1:uEJPy/1a5RIPAJ0Ov+OIO8OxWu77jEv+1B0VhjKrZUs= github.com/opentracing/opentracing-go v1.2.0/go.mod h1:GxEUsuufX4nBwe+T+Wl9TAgYrxe9dPLANfrWvHYVTgc= -github.com/openzipkin-contrib/zipkin-go-opentracing v0.4.5 h1:ZCnq+JUrvXcDVhX/xRolRBZifmabN1HcS1wrPSvxhrU= github.com/openzipkin-contrib/zipkin-go-opentracing v0.4.5/go.mod h1:/wsWhb9smxSfWAKL3wpBW7V8scJMt8N8gnaMCS9E/cA= github.com/openzipkin/zipkin-go v0.1.6/go.mod h1:QgAqvLzwWbR/WpD4A3cGpPtJrZXNIiJc5AZX7/PBEpw= github.com/openzipkin/zipkin-go v0.2.1/go.mod h1:NaW6tEwdmWMaCDZzg8sh+IBNOxHMPnhQw8ySjnjRyN4= github.com/openzipkin/zipkin-go v0.2.2/go.mod h1:NaW6tEwdmWMaCDZzg8sh+IBNOxHMPnhQw8ySjnjRyN4= -github.com/openzipkin/zipkin-go v0.4.0 h1:CtfRrOVZtbDj8rt1WXjklw0kqqJQwICrCKmlfUuBUUw= -github.com/openzipkin/zipkin-go v0.4.0/go.mod h1:4c3sLeE8xjNqehmF5RpAFLPLJxXscc0R4l6Zg0P1tTQ= github.com/ory/analytics-go/v4 v4.0.3 h1:2zNBQLlm3UiD8U7DdUGLLUBm62ZA5GtbEJ3S5U+xEOI= github.com/ory/analytics-go/v4 v4.0.3/go.mod h1:A3Chm/3TmM8jw4nqRss+gFhAYHRI5j/HFYH3C1FRahU= github.com/ory/client-go v0.0.1-alpha.138 h1:1Mq+PJz7Q1NA8N+Nntlw6DCq4piMdXFexJ1gAR7d2vE= @@ -1440,10 +1405,6 @@ github.com/ory/graceful v0.1.1 h1:zx+8tDObLPrG+7Tc8jKYlXsqWnLtOQA1IZ/FAAKHMXU= github.com/ory/graceful v0.1.1/go.mod h1:zqu70l95WrKHF4AZ6tXHvAqAvpY6M7g6ttaAVcMm7KU= github.com/ory/herodot v0.9.13 h1:cN/Z4eOkErl/9W7hDIDLb79IO/bfsH+8yscBjRpB4IU= github.com/ory/herodot v0.9.13/go.mod h1:IWDs9kSvFQqw/cQ8zi5ksyYvITiUU4dI7glUrhZcJYo= -github.com/ory/instrumentedsql v1.2.0 h1:7VqI6sVRAEVmIp+mVbeICMTi27EJQuq5k9crlt3rs10= -github.com/ory/instrumentedsql v1.2.0/go.mod h1:wT//5kSu12gfOhU8yDf6IC69yQ+Tc8MufpwzYliRRx8= -github.com/ory/instrumentedsql/opentracing v0.0.0-20210903114257-c8963b546c5c h1:eek/2FXUZEnRXaRQtqw8MQMxcPX7Qr3tACKI5pe71n0= -github.com/ory/instrumentedsql/opentracing v0.0.0-20210903114257-c8963b546c5c/go.mod h1:61Z4zNpOoshtEmLmp6T13G9adSk66/dYTfTBEnCLwVQ= github.com/ory/jsonschema/v3 v3.0.7 h1:GQ9qfZDiJqs4l2d3p56dozCChvejQFZyLKGHYzDzOSo= github.com/ory/jsonschema/v3 v3.0.7/go.mod h1:g8c8YOtN4TrR2wYeMdT02GDmzJDI0fEW2nI26BECafY= github.com/ory/mail v2.3.1+incompatible/go.mod h1:87D9/1gB6ewElQoN0lXJ0ayfqcj3cW3qCTXh+5E9mfU= @@ -1481,11 +1442,8 @@ github.com/performancecopilot/speed v3.0.0+incompatible/go.mod h1:/CLtqpZ5gBg1M9 github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR/tNboyR3/BZd58JJSHlUSCU= github.com/phayes/freeport v0.0.0-20180830031419-95f893ade6f2 h1:JhzVVoYvbOACxoUmOs6V/G4D5nPVUW73rKvXxP4XUJc= github.com/phayes/freeport v0.0.0-20180830031419-95f893ade6f2/go.mod h1:iIss55rKnNBTvrwdmkUpLnDpZoAHvWaiq5+iMmen4AE= -github.com/philhofer/fwd v1.1.1 h1:GdGcTjf5RNAxwS4QLsiMzJYj5KEvPJD3Abr261yRQXQ= -github.com/philhofer/fwd v1.1.1/go.mod h1:gk3iGcWd9+svBvR0sR+KPcfE+RNWozjowpeBVG3ZVNU= github.com/pierrec/lz4 v1.0.2-0.20190131084431-473cd7ce01a1/go.mod h1:3/3N9NVKO0jef7pBehbT1qWhCMrIgbYNnFAZCqQ5LRc= github.com/pierrec/lz4 v2.0.5+incompatible/go.mod h1:pdkljMzZIN41W+lC3N2tnIh5sFi+IEE17M5jbnwPHcY= -github.com/pierrec/lz4 v2.6.1+incompatible/go.mod h1:pdkljMzZIN41W+lC3N2tnIh5sFi+IEE17M5jbnwPHcY= github.com/pkg/diff v0.0.0-20200914180035-5b29258ca4f7/go.mod h1:zO8QMzTeZd5cpnIkz/Gn6iK0jDfGicM1nynOkkPIl28= github.com/pkg/diff v0.0.0-20210226163009-20ebb0f2a09e h1:aoZm08cpOy4WuID//EZDgcC4zIxODThtZNPirFr42+A= github.com/pkg/diff v0.0.0-20210226163009-20ebb0f2a09e/go.mod h1:pJLUxLENpZxwdsKMEsNbx1VGcRFpLqf3715MtcvvzbA= @@ -1546,7 +1504,6 @@ github.com/prometheus/common v0.32.1/go.mod h1:vu+V0TpY+O6vW9J44gczi3Ap/oXXR10b+ github.com/prometheus/procfs v0.0.0-20180125133057-cb4147076ac7/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= github.com/prometheus/procfs v0.0.0-20190117184657-bf6a532e95b1/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= -github.com/prometheus/procfs v0.0.0-20190425082905-87a4384529e0/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= github.com/prometheus/procfs v0.0.0-20190507164030-5867b95ac084/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= github.com/prometheus/procfs v0.0.0-20190522114515-bc1a522cf7b1/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= @@ -1555,14 +1512,13 @@ github.com/prometheus/procfs v0.0.5/go.mod h1:4A/X28fw3Fc593LaREMrKMqOKvUAntwMDa github.com/prometheus/procfs v0.0.8/go.mod h1:7Qr8sr6344vo1JqZ6HhLceV9o3AJ1Ff+GxbHq6oeK9A= github.com/prometheus/procfs v0.1.3/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4OA4YeYWdaU= github.com/prometheus/procfs v0.2.0/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4OA4YeYWdaU= -github.com/prometheus/procfs v0.6.0 h1:mxy4L2jP6qMonqmq+aTtOx1ifVWUgG/TAmntgbh3xv4= github.com/prometheus/procfs v0.6.0/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA= +github.com/prometheus/procfs v0.7.3 h1:4jVXhlkAyzOScmCkXBTOLRLTz8EeU+eyjrwB/EPq0VU= +github.com/prometheus/procfs v0.7.3/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA= github.com/prometheus/tsdb v0.7.1/go.mod h1:qhTCs0VvXwvX/y3TZrWD7rabWM+ijKTux40TwIPHuXU= github.com/pseudomuto/protoc-gen-doc v1.4.1/go.mod h1:exDTOVwqpp30eV/EDPFLZy3Pwr2sn6hBC1WIYH/UbIg= github.com/pseudomuto/protokit v0.2.0/go.mod h1:2PdH30hxVHsup8KpBTOXTBeMVhJZVio3Q8ViKSAXT0Q= -github.com/rabbitmq/amqp091-go v1.1.0/go.mod h1:ogQDLSOACsLPsIq0NpbtiifNZi2YOz0VTJ0kHRghqbM= github.com/rcrowley/go-metrics v0.0.0-20181016184325-3113b8401b8a/go.mod h1:bCqnVzQkZxMG4s8nGwiZ5l3QUCyqpo9Y+/ZMZ9VjZe4= -github.com/rcrowley/go-metrics v0.0.0-20201227073835-cf1acfcdf475/go.mod h1:bCqnVzQkZxMG4s8nGwiZ5l3QUCyqpo9Y+/ZMZ9VjZe4= github.com/rhnvrm/simples3 v0.6.1/go.mod h1:Y+3vYm2V7Y4VijFoJHHTrja6OgPrJ2cBti8dPGkC3sA= github.com/rivo/uniseg v0.1.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc= github.com/rivo/uniseg v0.2.0 h1:S1pD9weZBuJdFmowNwbpi7BJ8TNftyUImj/0WQi72jY= @@ -1594,8 +1550,6 @@ github.com/ryanuber/columnize v2.1.0+incompatible/go.mod h1:sm1tb6uqfes/u+d4ooFo github.com/ryanuber/go-glob v1.0.0/go.mod h1:807d1WSdnB0XRJzKNil9Om6lcp/3a0v4qIHxIXzX/Yc= github.com/safchain/ethtool v0.0.0-20190326074333-42ed695e3de8/go.mod h1:Z0q5wiBQGYcxhMZ6gUqHn6pYNLypFAvaL3UvgZLR0U4= github.com/samuel/go-zookeeper v0.0.0-20190923202752-2cc03de413da/go.mod h1:gi+0XIa01GRL2eRQVjQkKGqKF3SF9vZR/HnPullcV2E= -github.com/santhosh-tekuri/jsonschema v1.2.4 h1:hNhW8e7t+H1vgY+1QeEQpveR6D4+OwKPXCfD2aieJis= -github.com/santhosh-tekuri/jsonschema v1.2.4/go.mod h1:TEAUOeZSmIxTTuHatJzrvARHiuO9LYd+cIxzgEHCQI4= github.com/sassoftware/go-rpmutils v0.0.0-20190420191620-a8f1baeba37b/go.mod h1:am+Fp8Bt506lA3Rk3QCmSqmYmLMnPDhdDUcosQCAx+I= github.com/satori/go.uuid v1.2.0/go.mod h1:dA0hQrYB0VpLJoorglMZABFdXlWrHn1NEOzdhQKdks0= github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529 h1:nn5Wsu0esKSJiIVhscUtVbo7ada43DJhG55ua/hjS5I= @@ -1729,8 +1683,6 @@ github.com/timtadh/data-structures v0.5.3 h1:F2tEjoG9qWIyUjbvXVgJqEOGJPMIiYn7U5W github.com/timtadh/data-structures v0.5.3/go.mod h1:9R4XODhJ8JdWFEI8P/HJKqxuJctfBQw6fDibMQny2oU= github.com/timtadh/lexmachine v0.2.2 h1:g55RnjdYazm5wnKv59pwFcBJHOyvTPfDEoz21s4PHmY= github.com/timtadh/lexmachine v0.2.2/go.mod h1:GBJvD5OAfRn/gnp92zb9KTgHLB7akKyxmVivoYCcjQI= -github.com/tinylib/msgp v1.1.2 h1:gWmO7n0Ys2RBEb7GPYB9Ujq8Mk5p2U08lRnmMcGy6BQ= -github.com/tinylib/msgp v1.1.2/go.mod h1:+d+yLhGm8mzTaHzB+wgMYrodPfmZrzkirds8fDWklFE= github.com/tj/assert v0.0.0-20171129193455-018094318fb0/go.mod h1:mZ9/Rh9oLWpLLDRpvE+3b7gP/C2YyLFYxNmcLnPTMe0= github.com/tj/go-elastic v0.0.0-20171221160941-36157cbbebc2/go.mod h1:WjeM0Oo1eNAjXGDx2yma7uG2XoyRZTq1uv3M/o7imD0= github.com/tj/go-kinesis v0.0.0-20171128231115-08b17f58cb1b/go.mod h1:/yhzCV0xPfx6jb1bBgRFjl5lytqVqZXEaeqWP8lTEao= @@ -1744,10 +1696,7 @@ github.com/tomasen/realip v0.0.0-20180522021738-f0c99a92ddce/go.mod h1:o8v6yHRoi github.com/toqueteos/webbrowser v1.2.0 h1:tVP/gpK69Fx+qMJKsLE7TD8LuGWPnEV71wBN9rrstGQ= github.com/toqueteos/webbrowser v1.2.0/go.mod h1:XWoZq4cyp9WeUeak7w7LXRUQf1F1ATJMir8RTqb4ayM= github.com/tv42/httpunix v0.0.0-20150427012821-b75d8614f926/go.mod h1:9ESjWnEqriFuLhtthL60Sar/7RFoluCcXsuvEwTV5KM= -github.com/uber/jaeger-client-go v2.30.0+incompatible h1:D6wyKGCecFaSRUpo8lCVbaOOb6ThwMmTEbhRwtKR97o= -github.com/uber/jaeger-client-go v2.30.0+incompatible/go.mod h1:WVhlPFC8FDjOFMMWRy2pZqQJSXxYSwNYOkTr/Z6d3Kk= -github.com/uber/jaeger-lib v2.4.1+incompatible h1:td4jdvLcExb4cBISKIpHuGoVXh+dVKhn2Um6rjCsSsg= -github.com/uber/jaeger-lib v2.4.1+incompatible/go.mod h1:ComeNDZlWwrWnDv8aPp0Ba6+uUTzImX/AauajbLI56U= +github.com/tv42/httpunix v0.0.0-20191220191345-2ba4b9c3382c/go.mod h1:hzIxponao9Kjc7aWznkXaL4U4TWaDSs8zcsY4Ka08nM= github.com/ugorji/go v1.1.4/go.mod h1:uQMGLiO92mf5W77hV/PUCpI3pbzQx3CRekS0kk+RGrc= github.com/ugorji/go v1.1.7/go.mod h1:kZn38zHttfInRq0xu/PH0az30d+z6vm202qpg1oXVMw= github.com/ugorji/go/codec v0.0.0-20181204163529-d75b2dcb6bc8/go.mod h1:VFNgLljTbGfSG7qAOspJ7OScBnGdDN/yBr0sguwnwf0= @@ -1761,7 +1710,6 @@ github.com/urfave/cli v1.22.2/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtX github.com/urfave/cli v1.22.4/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0= github.com/urfave/cli v1.22.5 h1:lNq9sAHXK2qfdI8W+GRItjCEkI+2oR4d+MEHy1CKXoU= github.com/urfave/cli v1.22.5/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0= -github.com/urfave/cli/v2 v2.3.0/go.mod h1:LJmUH05zAU44vOAcrfzZQKsZbVcdbOG8rtL3/XcUArI= github.com/urfave/negroni v1.0.0 h1:kIimOitoypq34K7TG7DUaJ9kq/N4Ofuwi1sjz0KipXc= github.com/urfave/negroni v1.0.0/go.mod h1:Meg73S6kFm/4PpbYdq35yYWoCZ9mS/YSx+lKnmiohz4= github.com/valyala/bytebufferpool v1.0.0/go.mod h1:6bBcMArwyJ5K/AmCkWv1jt77kVWyCJ6HpOuEn7z0Csc= @@ -1781,13 +1729,11 @@ github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM= github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg= github.com/xanzy/go-gitlab v0.31.0/go.mod h1:sPLojNBn68fMUWSxIJtdVVIP8uSBYqesTfDUseX11Ug= github.com/xanzy/ssh-agent v0.2.1/go.mod h1:mLlQY/MoOhWBj+gOGMQkOeiEvkx+8pJSI+0Bx9h2kr4= -github.com/xdg-go/pbkdf2 v1.0.0/go.mod h1:jrpuAogTd400dnrH08LKmI/xc1MbPOebTwRqcT5RDeI= -github.com/xdg-go/scram v1.0.2/go.mod h1:1WAq6h33pAW+iRreB34OORO2Nf7qel3VV3fjBj+hCSs= -github.com/xdg-go/stringprep v1.0.2/go.mod h1:8F9zXuvzgwmyT5DUm4GUfZGDdT3W+LCvS6+da4O5kxM= github.com/xdg/scram v0.0.0-20180814205039-7eeb5667e42c/go.mod h1:lB8K/P019DLNhemzwFU4jHLhdvlE6uDZjXFejJXr49I= github.com/xdg/stringprep v0.0.0-20180714160509-73f8eece6fdc/go.mod h1:Jhud4/sHMO4oL310DaZAKk9ZaJ08SJfe+sJh0HrGL1Y= -github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f h1:J9EGpcZtP0E/raorCMxlFGSTBrsSlaDGf3jU/qvAE2c= github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU= +github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb h1:zGWFAtiMcyryUHoUjUJX0/lt1H2+i2Ka2n+D3DImSNo= +github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU= github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 h1:EzJWgHovont7NscjpAxXsDA8S8BMYve8Y5+7cuRE7R0= github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415/go.mod h1:GwrjFmJcFw6At/Gs6z4yjiIwzuJ1/+UwLxMQDVQXShQ= github.com/xeipuuv/gojsonschema v0.0.0-20180618132009-1d523034197f/go.mod h1:5yf86TLmAcydyeJq5YvxkGPE2fm/u4myDekKRoLuqhs= @@ -1817,14 +1763,6 @@ github.com/zmap/zcrypto v0.0.0-20210511125630-18f1e0152cfc/go.mod h1:FM4U1E3NzlN github.com/zmap/zlint/v3 v3.1.0/go.mod h1:L7t8s3sEKkb0A2BxGy1IWrxt1ZATa1R4QfJZaQOD3zU= github.com/zmb3/spotify/v2 v2.0.0 h1:NHW9btztNZTrJ0+3yMNyfY5qcu1ck9s36wwzc7zrCic= github.com/zmb3/spotify/v2 v2.0.0/go.mod h1:+LVh9CafHu7SedyqYmEf12Rd01dIVlEL845yNhksW0E= -go.elastic.co/apm v1.15.0 h1:uPk2g/whK7c7XiZyz/YCUnAUBNPiyNeE3ARX3G6Gx7Q= -go.elastic.co/apm v1.15.0/go.mod h1:dylGv2HKR0tiCV+wliJz1KHtDyuD8SPe69oV7VyK6WY= -go.elastic.co/apm/module/apmhttp v1.15.0 h1:Le/DhI0Cqpr9wG/NIGOkbz7+rOMqJrfE4MRG6q/+leU= -go.elastic.co/apm/module/apmhttp v1.15.0/go.mod h1:NruY6Jq8ALLzWUVUQ7t4wIzn+onKoiP5woJJdTV7GMg= -go.elastic.co/apm/module/apmot v1.15.0 h1:yqarZ4HCIb6dLAzEVSWdppAuRhfrCfm2Z6UL+ubai2A= -go.elastic.co/apm/module/apmot v1.15.0/go.mod h1:BjFz2KOlnjXdnSo0p6nhDDaIEYYX8c6uVHwvkZiLqtQ= -go.elastic.co/fastjson v1.1.0 h1:3MrGBWWVIxe/xvsbpghtkFoPciPhOCmjsR/HfwEeQR4= -go.elastic.co/fastjson v1.1.0/go.mod h1:boNGISWMjQsUPy/t6yqt2/1Wx4YNPSe+mZjlyw9vKKI= go.etcd.io/bbolt v1.3.2/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU= go.etcd.io/bbolt v1.3.3/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU= go.etcd.io/bbolt v1.3.5 h1:XAzx9gjCb0Rxj7EoqcClPD1d5ZBxZJk0jbuoPHenBt0= @@ -1885,16 +1823,8 @@ go.opentelemetry.io/otel v1.4.1/go.mod h1:StM6F/0fSwpd8dKWDCdRr7uRvEPYdW0hBSlbdT go.opentelemetry.io/otel v1.5.0/go.mod h1:Jm/m+rNp/z0eqJc74H7LPwQ3G87qkU/AnnAydAjSAHk= go.opentelemetry.io/otel v1.6.3 h1:FLOfo8f9JzFVFVyU+MSRJc2HdEAXQgm7pIv2uFKRSZE= go.opentelemetry.io/otel v1.6.3/go.mod h1:7BgNga5fNlF/iZjG06hM3yofffp0ofKCDwSXx1GC4dI= -go.opentelemetry.io/otel/bridge/opentracing v1.6.3 h1:2IZRuUKsBCKJZ49f6vPMrPk2MiEYjzysRGK3HbzveJE= -go.opentelemetry.io/otel/bridge/opentracing v1.6.3/go.mod h1:3SVwOElsIpFiclDeQ4aB7EO/Y1Lm0IXUsLh5TYjHTxo= go.opentelemetry.io/otel/exporters/jaeger v1.5.0 h1:ZR7nhLSfLufS5AHk/iN11Q+W9XYwsJrVZ1Frb833d+Y= go.opentelemetry.io/otel/exporters/jaeger v1.5.0/go.mod h1:rSeUArMBRe1eQLo1T0WxOazohN1M2mYThWJQmn1BjRQ= -go.opentelemetry.io/otel/exporters/otlp/internal/retry v1.6.3 h1:nAmg1WgsUXoXf46dJG9eS/AzOcvkCTK4xJSUYpWyHYg= -go.opentelemetry.io/otel/exporters/otlp/internal/retry v1.6.3/go.mod h1:NEu79Xo32iVb+0gVNV8PMd7GoWqnyDXRlj04yFjqz40= -go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.6.3 h1:4/UjHWMVVc5VwX/KAtqJOHErKigMCH8NexChMuanb/o= -go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.6.3/go.mod h1:UJmXdiVVBaZ63umRUTwJuCMAV//GCMvDiQwn703/GoY= -go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.6.3 h1:ufVuVt/g16GZ/yDOyp+AcCGebGX8u4z7kDRuwEX0DkA= -go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.6.3/go.mod h1:S18p8VK4KRHHyAg5rH3iUnJUcRvIUg9xwIWtq1MWibM= go.opentelemetry.io/otel/internal/metric v0.27.0 h1:9dAVGAfFiiEq5NVB9FUJ5et+btbDQAUIJehJ+ikyryk= go.opentelemetry.io/otel/internal/metric v0.27.0/go.mod h1:n1CVxRqKqYZtqyTh9U/onvKapPGv7y/rpyOTI+LFNzw= go.opentelemetry.io/otel/metric v0.27.0 h1:HhJPsGhJoKRSegPQILFbODU56NS/L1UE4fS1sC5kIwQ= @@ -1910,8 +1840,6 @@ go.opentelemetry.io/otel/trace v1.5.0/go.mod h1:sq55kfhjXYr1zVSyexg0w1mpa03AYXR5 go.opentelemetry.io/otel/trace v1.6.3 h1:IqN4L+5b0mPNjdXIiZ90Ni4Bl5BRkDQywePLWemd9bc= go.opentelemetry.io/otel/trace v1.6.3/go.mod h1:GNJQusJlUgZl9/TQBPKU/Y/ty+0iVB5fjhKeJGZPGFs= go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqeYNgFYFoEGnI= -go.opentelemetry.io/proto/otlp v0.15.0 h1:h0bKrvdrT/9sBwEJ6iWUqT/N/xPcS66bL4u3isneJ6w= -go.opentelemetry.io/proto/otlp v0.15.0/go.mod h1:H7XAot3MsfNsj7EXtrA2q5xSNQ10UqI405h3+duxN4U= go.uber.org/atomic v1.3.2/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE= go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE= go.uber.org/atomic v1.5.0/go.mod h1:sABNBOSYdrvTF6hTgEIbc7YasKWGhgEQZyfxyTvoXHQ= @@ -1960,13 +1888,11 @@ golang.org/x/crypto v0.0.0-20200510223506-06a226fb4e37/go.mod h1:LzIPMQfyMNhhGPh golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20200728195943-123391ffb6de/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20201002170205-7f63de1d35b0/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= -golang.org/x/crypto v0.0.0-20201112155050-0c6587e931a9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20201124201722-c8d3bf9c5392/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I= golang.org/x/crypto v0.0.0-20210220033148-5ea612d1eb83/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I= golang.org/x/crypto v0.0.0-20210322153248-0c34fe9e7dc2/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4= golang.org/x/crypto v0.0.0-20210506145944-38f3c27a63bf/go.mod h1:P+XmwS30IXTQdn5tA2iutPOUgjI07+tq3H3K9MVA1s8= golang.org/x/crypto v0.0.0-20210711020723-a769d52b0f97/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= -golang.org/x/crypto v0.0.0-20210920023735-84f357641f63/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.0.0-20210921155107-089bfa567519 h1:7I4JAnoQBe7ZtJcBaYHi5UtiO8tQHbUSXxL+pnGRANg= golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= @@ -1993,7 +1919,6 @@ golang.org/x/lint v0.0.0-20191125180803-fdd1cda4f05f/go.mod h1:5qLYkcX4OjUUV8bRu golang.org/x/lint v0.0.0-20200130185559-910be7a94367/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= golang.org/x/lint v0.0.0-20200302205851-738671d3881b/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= golang.org/x/lint v0.0.0-20201208152925-83fdc39ff7b5/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= -golang.org/x/lint v0.0.0-20210508222113-6edffad5e616 h1:VLliZ0d+/avPrXXH+OakdXhpJuEoBZuwh1m2j7U6Iug= golang.org/x/lint v0.0.0-20210508222113-6edffad5e616/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= golang.org/x/mobile v0.0.0-20190312151609-d3739f865fa6/go.mod h1:z+o9i4GpDbdi3rU15maQ/Ox0txvL9dWGYEHz965HBQE= golang.org/x/mobile v0.0.0-20190719004257-d2bd2a29d028/go.mod h1:E/iHnbuqvinMTCcRqshq8CkpyQDoeVncDDYHnLhea+o= @@ -2051,7 +1976,6 @@ golang.org/x/net v0.0.0-20200421231249-e086a090c8fd/go.mod h1:qpuaurCH72eLCgpAm/ golang.org/x/net v0.0.0-20200501053045-e0ff5e5a1de5/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= golang.org/x/net v0.0.0-20200506145744-7e3656a0809f/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= golang.org/x/net v0.0.0-20200513185701-a91f0712d120/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= -golang.org/x/net v0.0.0-20200520004742-59133d7f0dd7/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= golang.org/x/net v0.0.0-20200520182314-0ba52f642ac2/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= golang.org/x/net v0.0.0-20200602114024-627f9648deb9/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= golang.org/x/net v0.0.0-20200625001655-4c5254603344/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= @@ -2071,14 +1995,12 @@ golang.org/x/net v0.0.0-20210316092652-d523dce5a7f4/go.mod h1:RBQZq4jEuRlivfhVLd golang.org/x/net v0.0.0-20210323141857-08027d57d8cf/go.mod h1:RBQZq4jEuRlivfhVLdyRGr576XBO4/greRjx4P4O3yc= golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM= golang.org/x/net v0.0.0-20210410081132-afb366fc7cd1/go.mod h1:9tjilg8BloeKEkVJvy7fQ90B1CfIiPueXVOjqfkSzI8= -golang.org/x/net v0.0.0-20210428140749-89ef3d95e781/go.mod h1:OJAsFXCWl8Ukc7SiCT/9KSuxbyM7479/AVlXFRxuMCk= golang.org/x/net v0.0.0-20210503060351-7fd8e65b6420/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20210510120150-4163338589ed/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20210614182718-04defd469f4e/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20210805182204-aaa1db679c0d/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20210813160813-60bc85c4be6d/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= -golang.org/x/net v0.0.0-20210917221730-978cfadd31cf/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20211015210444-4f30a5c0130f/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20211020060615-d418f374d309 h1:A0lJIi+hcTR6aajJH4YqKWwohY4aW9RO7oRMcdv+HKI= golang.org/x/net v0.0.0-20211020060615-d418f374d309/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= @@ -2205,7 +2127,6 @@ golang.org/x/tools v0.0.0-20200312045724-11d5b4c81c7d/go.mod h1:o4KQGtdN14AW+yjs golang.org/x/tools v0.0.0-20200331025713-a30bf2db82d4/go.mod h1:Sl4aGygMT6LrqrWclx+PTx3U+LnKx/seiNR+3G19Ar8= golang.org/x/tools v0.0.0-20200426102838-f3a5411a4c3b/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20200501065659-ab2804fb9c9d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= -golang.org/x/tools v0.0.0-20200509030707-2212a7e161a5/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20200512131952-2bc93b1c0c88/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20200515010526-7d3b6ebf133d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20200522201501-cb1345f3a375/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= @@ -2221,7 +2142,6 @@ golang.org/x/tools v0.0.0-20201110124207-079ba7bd75cd/go.mod h1:emZCQorbCU4vsT4f golang.org/x/tools v0.0.0-20201125231158-b5590deeca9b/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.0.0-20201201161351-ac6f37ff4c2a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.0.0-20201208233053-a543418bbed2/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= -golang.org/x/tools v0.0.0-20201224043029-2b0845dc783e/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.0.0-20210105154028-b0ab187a4818/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0= @@ -2399,7 +2319,6 @@ google.golang.org/grpc v1.38.0/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQ google.golang.org/grpc v1.39.0/go.mod h1:PImNr+rS9TWYb2O4/emRugxiyHZ5JyHW5F+RPnDzfrE= google.golang.org/grpc v1.39.1/go.mod h1:PImNr+rS9TWYb2O4/emRugxiyHZ5JyHW5F+RPnDzfrE= google.golang.org/grpc v1.40.0/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9KAK34= -google.golang.org/grpc v1.41.0/go.mod h1:U3l9uK9J0sini8mHphKoXyaqDA/8VyGnDee1zzIUK6k= google.golang.org/grpc v1.42.0/go.mod h1:k+4IHHFw41K8+bbowsex27ge2rCb65oeWqe4jJ590SU= google.golang.org/grpc v1.45.0 h1:NEpgUqV3Z+ZjkqMsxMg11IaDrXY4RY6CQukSGK0uI1M= google.golang.org/grpc v1.45.0/go.mod h1:lN7owxKUQEqMfSyQikvvk5tf/6zMPsrK+ONuO11+0rQ= @@ -2422,8 +2341,6 @@ google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQ google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= google.golang.org/protobuf v1.28.0 h1:w43yiav+6bVFTBQFZX0r7ipe9JQ1QsbMgHwbBziscLw= google.golang.org/protobuf v1.28.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= -gopkg.in/DataDog/dd-trace-go.v1 v1.27.1-0.20201005154917-54b73b3e126a h1:es0hQ3lli77HG43FpTtj59jbpJlku7rLVA0iecbpn5A= -gopkg.in/DataDog/dd-trace-go.v1 v1.27.1-0.20201005154917-54b73b3e126a/go.mod h1:Sp1lku8WJMvNV0kjDI4Ni/T7J/U3BO5ct5kEaoVU8+I= gopkg.in/airbrake/gobrake.v2 v2.0.9/go.mod h1:/h5ZAUhDkGaJfjzjKLSjv6zCL6O0LLBxU4K+aSYdM/U= gopkg.in/alecthomas/kingpin.v2 v2.2.6 h1:jMFz6MfLP0/4fUyZle81rXUoxOBFi19VUFKVDOQfozc= gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw= @@ -2503,8 +2420,6 @@ honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= honnef.co/go/tools v0.1.4/go.mod h1:NgwopIslSNH47DimFoV78dnkksY2EFtX0ajyb3K/las= -howett.net/plist v0.0.0-20181124034731-591f970eefbb h1:jhnBjNi9UFpfpl8YZhA9CrOqpnJdvzuiHsl/dnxl11M= -howett.net/plist v0.0.0-20181124034731-591f970eefbb/go.mod h1:vMygbs4qMhSZSc4lCUl2OEE+rDiIIJAIdR4m7MiMcm0= k8s.io/api v0.20.1/go.mod h1:KqwcCVogGxQY3nBlRpwt+wpAMF/KjaCc7RpywacvqUo= k8s.io/api v0.20.4/go.mod h1:++lNL1AJMkDymriNniQsWRkMDzRaX2Y/POTUi8yvqYQ= k8s.io/api v0.20.6/go.mod h1:X9e8Qag6JV/bL5G6bU8sdVRltWKmdHsFUGS3eVndqE8= From dd44593a51a9277c717170360f9794837e4f910c Mon Sep 17 00:00:00 2001 From: aeneasr <3372410+aeneasr@users.noreply.github.com> Date: Mon, 2 May 2022 12:47:34 +0200 Subject: [PATCH 026/411] test: resolve regressions --- cmd/identities/delete_test.go | 2 +- cmd/identities/get_test.go | 2 +- cmd/identities/import_test.go | 10 ---------- 3 files changed, 2 insertions(+), 12 deletions(-) diff --git a/cmd/identities/delete_test.go b/cmd/identities/delete_test.go index abc4c11182b0..4596108bb366 100644 --- a/cmd/identities/delete_test.go +++ b/cmd/identities/delete_test.go @@ -54,6 +54,6 @@ func TestDeleteCmd(t *testing.T) { t.Run("case=fails with unknown ID", func(t *testing.T) { stdErr := execErr(t, c, x.NewUUID().String()) - assert.Contains(t, stdErr, "404 Not Found", stdErr) + assert.Contains(t, stdErr, "Unable to locate the resource", stdErr) }) } diff --git a/cmd/identities/get_test.go b/cmd/identities/get_test.go index 7f4d153ce3e2..5ffcc5dbbdd6 100644 --- a/cmd/identities/get_test.go +++ b/cmd/identities/get_test.go @@ -52,7 +52,7 @@ func TestGetCmd(t *testing.T) { t.Run("case=fails with unknown ID", func(t *testing.T) { stdErr := execErr(t, c, x.NewUUID().String()) - assert.Contains(t, stdErr, "404 Not Found", stdErr) + assert.Contains(t, stdErr, "Unable to locate the resource", stdErr) }) t.Run("case=gets a single identity with oidc credentials", func(t *testing.T) { diff --git a/cmd/identities/import_test.go b/cmd/identities/import_test.go index 00e10f5c85a0..b835c017df10 100644 --- a/cmd/identities/import_test.go +++ b/cmd/identities/import_test.go @@ -4,7 +4,6 @@ import ( "bytes" "context" "encoding/json" - "errors" "io/ioutil" "testing" @@ -19,7 +18,6 @@ import ( kratos "github.com/ory/kratos-client-go" "github.com/ory/kratos/driver/config" - "github.com/ory/x/cmdx" ) func TestImportCmd(t *testing.T) { @@ -123,12 +121,4 @@ func TestImportCmd(t *testing.T) { _, err = reg.Persister().GetIdentity(context.Background(), id) assert.NoError(t, err) }) - - t.Run("case=fails to import invalid identity", func(t *testing.T) { - // validation is further tested with the validate command - stdOut, stdErr, err := exec(c, bytes.NewBufferString("{}")) - assert.True(t, errors.Is(err, cmdx.ErrNoPrintButFail)) - assert.Contains(t, stdErr, "STD_IN[0]: not valid") - assert.Len(t, stdOut, 0) - }) } From 0005f357a049ecbf94d76a1e73434837753a04ea Mon Sep 17 00:00:00 2001 From: aeneasr <3372410+aeneasr@users.noreply.github.com> Date: Mon, 2 May 2022 13:56:58 +0200 Subject: [PATCH 027/411] fix: make delete formattable --- cmd/identities/definitions.go | 36 +++++++++++++++++++++++++++++++++++ cmd/identities/delete.go | 22 ++++++++++----------- cmd/identities/delete_test.go | 6 ++++-- 3 files changed, 51 insertions(+), 13 deletions(-) diff --git a/cmd/identities/definitions.go b/cmd/identities/definitions.go index f25d0d055926..b48c6c93d30f 100644 --- a/cmd/identities/definitions.go +++ b/cmd/identities/definitions.go @@ -9,10 +9,14 @@ import ( ) type ( + outputIder string outputIdentity kratos.Identity outputIdentityCollection struct { identities []kratos.Identity } + outputIderCollection struct { + ids []outputIder + } ) func (_ *outputIdentity) Header() []string { @@ -53,6 +57,18 @@ func (i *outputIdentity) Interface() interface{} { return i } +func (_ outputIder) Header() []string { + return []string{"ID"} +} + +func (i outputIder) Columns() []string { + return []string{string(i)} +} + +func (i outputIder) Interface() interface{} { + return i +} + func (_ *outputIdentityCollection) Header() []string { return []string{"ID", "VERIFIED ADDRESS 1", "RECOVERY ADDRESS 1", "SCHEMA ID", "SCHEMA URL"} } @@ -91,3 +107,23 @@ func (c *outputIdentityCollection) Interface() interface{} { func (c *outputIdentityCollection) Len() int { return len(c.identities) } + +func (_ *outputIderCollection) Header() []string { + return []string{"ID"} +} + +func (c *outputIderCollection) Table() [][]string { + rows := make([][]string, len(c.ids)) + for i, ident := range c.ids { + rows[i] = []string{string(ident)} + } + return rows +} + +func (c *outputIderCollection) Interface() interface{} { + return c.ids +} + +func (c *outputIderCollection) Len() int { + return len(c.ids) +} diff --git a/cmd/identities/delete.go b/cmd/identities/delete.go index 27beb74ece00..c3bcd33e2b7e 100644 --- a/cmd/identities/delete.go +++ b/cmd/identities/delete.go @@ -41,30 +41,30 @@ func NewDeleteIdentityCmd(root *cobra.Command) *cobra.Command { } var ( - deleted = make([]string, 0, len(args)) - errs []error + deleted = make([]outputIder, 0, len(args)) + failed = make(map[string]error) ) for _, a := range args { _, err := c.V0alpha2Api.AdminDeleteIdentity(cmd.Context(), a).Execute() if err != nil { - errs = append(errs, cloudx.PrintOpenAPIError(cmd, err)) + failed[a] = cloudx.PrintOpenAPIError(cmd, err) continue } - deleted = append(deleted, a) + deleted = append(deleted, outputIder(a)) } - for _, d := range deleted { - _, _ = fmt.Fprintln(cmd.OutOrStdout(), d) + if len(deleted) == 1 { + cmdx.PrintRow(cmd, &deleted[0]) + } else if len(deleted) > 1 { + cmdx.PrintTable(cmd, &outputIderCollection{deleted}) } - for _, err := range errs { - _, _ = fmt.Fprintf(cmd.ErrOrStderr(), "%+v\n", err) - } - - if len(errs) != 0 { + cmdx.PrintErrors(cmd, failed) + if len(failed) != 0 { return cmdx.FailSilently(cmd) } + return nil }, } diff --git a/cmd/identities/delete_test.go b/cmd/identities/delete_test.go index 4596108bb366..034fd280a558 100644 --- a/cmd/identities/delete_test.go +++ b/cmd/identities/delete_test.go @@ -6,6 +6,8 @@ import ( "strings" "testing" + "github.com/tidwall/gjson" + "github.com/spf13/cobra" "github.com/ory/kratos/cmd/identities" @@ -31,7 +33,7 @@ func TestDeleteCmd(t *testing.T) { stdOut := execNoErr(t, c, i.ID.String()) // expect ID and no error - assert.Equal(t, i.ID.String()+"\n", stdOut) + assert.Equal(t, i.ID.String(), gjson.Parse(stdOut).String()) // expect identity to be deleted _, err := reg.Persister().GetIdentity(context.Background(), i.ID) @@ -43,7 +45,7 @@ func TestDeleteCmd(t *testing.T) { stdOut := execNoErr(t, c, ids...) - assert.Equal(t, strings.Join(ids, "\n")+"\n", stdOut) + assert.Equal(t, `["`+strings.Join(ids, "\",\"")+"\"]\n", stdOut) for _, i := range is { _, err := reg.Persister().GetIdentity(context.Background(), i.ID) From b9ad684311ee8c654b2fa382010315e892581f5c Mon Sep 17 00:00:00 2001 From: aeneasr <3372410+aeneasr@users.noreply.github.com> Date: Sun, 8 May 2022 12:25:00 +0200 Subject: [PATCH 028/411] fix: new issue templates --- .github/ISSUE_TEMPLATE/bug_report.md | 51 +++++++++++++++++++++++ .github/ISSUE_TEMPLATE/feature_request.md | 22 ++++++++++ 2 files changed, 73 insertions(+) create mode 100644 .github/ISSUE_TEMPLATE/bug_report.md create mode 100644 .github/ISSUE_TEMPLATE/feature_request.md diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md new file mode 100644 index 000000000000..0593c86a9e6b --- /dev/null +++ b/.github/ISSUE_TEMPLATE/bug_report.md @@ -0,0 +1,51 @@ +--- +name: Bug report +about: Create a report to help us improve +--- + +**Describe the bug** + +A clear and concise description of what the bug is. + +**Reproducing the bug** + +Steps to reproduce the behavior: + + + +_Server logs_ + + + +_Server configuration_ + + + +**Expected behavior** + +A clear and concise description of what you expected to happen. + +**Environment** + +- Version: v1.2.3, git sha hash +- Environment: Debian, Docker, ... + +**Additional context** + +Add any other context about the problem here. diff --git a/.github/ISSUE_TEMPLATE/feature_request.md b/.github/ISSUE_TEMPLATE/feature_request.md new file mode 100644 index 000000000000..13448cf5bb45 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/feature_request.md @@ -0,0 +1,22 @@ +--- +name: Feature request +about: Suggest an idea for this project +--- + +**Is your feature request related to a problem? Please describe.** + +A clear and concise description of what the problem is. Ex. I'm always +frustrated when [...] + +**Describe the solution you'd like** + +A clear and concise description of what you want to happen. + +**Describe alternatives you've considered** + +A clear and concise description of any alternative solutions or features you've +considered. + +**Additional context** + +Add any other context or screenshots about the feature request here. From 4fe2d25dd68033a8d7b3dd5f62d87b23a7ba361d Mon Sep 17 00:00:00 2001 From: aeneasr <3372410+aeneasr@users.noreply.github.com> Date: Sun, 8 May 2022 12:26:31 +0200 Subject: [PATCH 029/411] fix: remove wrong templates --- .github/ISSUE_TEMPLATE/bug_report.md | 51 ----------------------- .github/ISSUE_TEMPLATE/feature_request.md | 22 ---------- 2 files changed, 73 deletions(-) delete mode 100644 .github/ISSUE_TEMPLATE/bug_report.md delete mode 100644 .github/ISSUE_TEMPLATE/feature_request.md diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md deleted file mode 100644 index 0593c86a9e6b..000000000000 --- a/.github/ISSUE_TEMPLATE/bug_report.md +++ /dev/null @@ -1,51 +0,0 @@ ---- -name: Bug report -about: Create a report to help us improve ---- - -**Describe the bug** - -A clear and concise description of what the bug is. - -**Reproducing the bug** - -Steps to reproduce the behavior: - - - -_Server logs_ - - - -_Server configuration_ - - - -**Expected behavior** - -A clear and concise description of what you expected to happen. - -**Environment** - -- Version: v1.2.3, git sha hash -- Environment: Debian, Docker, ... - -**Additional context** - -Add any other context about the problem here. diff --git a/.github/ISSUE_TEMPLATE/feature_request.md b/.github/ISSUE_TEMPLATE/feature_request.md deleted file mode 100644 index 13448cf5bb45..000000000000 --- a/.github/ISSUE_TEMPLATE/feature_request.md +++ /dev/null @@ -1,22 +0,0 @@ ---- -name: Feature request -about: Suggest an idea for this project ---- - -**Is your feature request related to a problem? Please describe.** - -A clear and concise description of what the problem is. Ex. I'm always -frustrated when [...] - -**Describe the solution you'd like** - -A clear and concise description of what you want to happen. - -**Describe alternatives you've considered** - -A clear and concise description of any alternative solutions or features you've -considered. - -**Additional context** - -Add any other context or screenshots about the feature request here. From b682689dd781d52d164b0c6edaf77ab15c9ef154 Mon Sep 17 00:00:00 2001 From: ory-bot <60093411+ory-bot@users.noreply.github.com> Date: Sun, 8 May 2022 11:08:11 +0000 Subject: [PATCH 030/411] autogen(docs): regenerate and update changelog [skip ci] --- CHANGELOG.md | 35 +++++++++++++++++++++++++++++++++-- 1 file changed, 33 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 7a573bfcbf10..63f90e2c63bf 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,7 +4,7 @@ **Table of Contents** -- [ (2022-04-29)](#2022-04-29) +- [ (2022-05-08)](#2022-05-08) - [Breaking Changes](#breaking-changes) - [Bug Fixes](#bug-fixes) - [Code Refactoring](#code-refactoring) @@ -252,7 +252,7 @@ -# [](https://github.com/ory/kratos/compare/v0.9.0-alpha.3...v) (2022-04-29) +# [](https://github.com/ory/kratos/compare/v0.9.0-alpha.3...v) (2022-05-08) ## Breaking Changes This patch moves several CLI command to comply with the Ory CLI command structure: @@ -280,6 +280,31 @@ This patch moves several CLI command to comply with the Ory CLI command structur + ory lint jsonnet ... ``` +This patch moves several CLI command to comply with the Ory CLI command structure: + +```patch +- ory identities get ... ++ ory get identity ... + +- ory identities delete ... ++ ory delete identity ... + +- ory identities import ... ++ ory import identity ... + +- ory identities list ... ++ ory list identities ... + +- ory identities validate ... ++ ory validate identity ... + +- ory jsonnet format ... ++ ory format jsonnet ... + +- ory jsonnet lint ... ++ ory lint jsonnet ... +``` + ### Bug Fixes @@ -295,10 +320,14 @@ This patch moves several CLI command to comply with the Ory CLI command structur * Do not expose debug in a response when a schema is not found ([#2348](https://github.com/ory/kratos/issues/2348)) ([aee2b1e](https://github.com/ory/kratos/commit/aee2b1ed1189b57fcbb1aaa456444d5121be94b1)) * **Dockerfile:** Use existing builder base image ([#2390](https://github.com/ory/kratos/issues/2390)) ([37de25a](https://github.com/ory/kratos/commit/37de25a541a24e03407ecf344fb750775e48c782)) * Get user first name and last name from Apple ([#2331](https://github.com/ory/kratos/issues/2331)) ([4779909](https://github.com/ory/kratos/commit/47799098b35ea1cf5a1163f57d872a5bb2242d97)) +* Improve error reporting from OpenAPI ([8a1009b](https://github.com/ory/kratos/commit/8a1009b16653df13485bab8e33926967c449bf4e)) * Internal Server Error on Empty PUT /identities/id body ([#2417](https://github.com/ory/kratos/issues/2417)) ([5a50231](https://github.com/ory/kratos/commit/5a50231b553aaa64bd90a3d2cd1be9d2e3aba9ac)) * Load return_to and append to errors ([#2333](https://github.com/ory/kratos/issues/2333)) ([5efe4a3](https://github.com/ory/kratos/commit/5efe4a33e35e74d248d4eec43dc901b7b6334037)), closes [#2275](https://github.com/ory/kratos/issues/2275) [#2279](https://github.com/ory/kratos/issues/2279) [#2285](https://github.com/ory/kratos/issues/2285) +* Make delete formattable ([0005f35](https://github.com/ory/kratos/commit/0005f357a049ecbf94d76a1e73434837753a04ea)) +* New issue templates ([b9ad684](https://github.com/ory/kratos/commit/b9ad684311ee8c654b2fa382010315e892581f5c)) * Refresh is always false when session exists ([d3436d7](https://github.com/ory/kratos/commit/d3436d7fa17589d91e25c9f0bd66bc3bb5b150fa)), closes [#2341](https://github.com/ory/kratos/issues/2341) * Remove required legacy field ([#2410](https://github.com/ory/kratos/issues/2410)) ([638d45c](https://github.com/ory/kratos/commit/638d45caf480b7287c9762cbf3c593217f40e3e8)) +* Remove wrong templates ([4fe2d25](https://github.com/ory/kratos/commit/4fe2d25dd68033a8d7b3dd5f62d87b23a7ba361d)) * **sdk:** Improved OpenAPI specifications for UI nodes ([#2375](https://github.com/ory/kratos/issues/2375)) ([a42a0f7](https://github.com/ory/kratos/commit/a42a0f772af3625c457032d6dcc34289a62acc61)), closes [#2357](https://github.com/ory/kratos/issues/2357) * Serve.admin.request_log.disable_for_health behaviour ([#2399](https://github.com/ory/kratos/issues/2399)) ([0a381fa](https://github.com/ory/kratos/commit/0a381fa3d702f77e614d0492dafa3ac2cd102c7e)) * Use `path` instead of `filepath` to join http route paths ([16b1244](https://github.com/ory/kratos/commit/16b12449c841bf7a237fe436b884b4b5012cd022)), closes [#2292](https://github.com/ory/kratos/issues/2292) @@ -307,6 +336,7 @@ This patch moves several CLI command to comply with the Ory CLI command structur ### Code Refactoring +* Move CLI commands to match Ory CLI structure ([d11a9a9](https://github.com/ory/kratos/commit/d11a9a9dafdebb53ed9a8359496eb70b8adb99dd)) * Move CLI commands to match Ory CLI structure ([73910a3](https://github.com/ory/kratos/commit/73910a329b1ee46de2607c7ab1958ef2fb6de5f4)) ### Documentation @@ -337,6 +367,7 @@ This patch moves several CLI command to comply with the Ory CLI command structur ### Tests * Fix incorrect assertion ([b5b1361](https://github.com/ory/kratos/commit/b5b1361defa8faa6ea36d50a8d940c76f70c4ddd)) +* Resolve regressions ([dd44593](https://github.com/ory/kratos/commit/dd44593a51a9277c717170360f9794837e4f910c)) ### Unclassified From 854e5cba80cad52b58571587980c00c038ff6596 Mon Sep 17 00:00:00 2001 From: aeneasr <3372410+aeneasr@users.noreply.github.com> Date: Thu, 12 May 2022 15:59:30 +0200 Subject: [PATCH 031/411] fix(sql): add additional join argument to resolve MySQL query issue Closes #2262 --- persistence/sql/persister_identity.go | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/persistence/sql/persister_identity.go b/persistence/sql/persister_identity.go index b552f8beafcd..b78b6936f129 100644 --- a/persistence/sql/persister_identity.go +++ b/persistence/sql/persister_identity.go @@ -73,11 +73,6 @@ func (p *Persister) normalizeIdentifier(ct identity.CredentialsType, match strin func (p *Persister) FindByCredentialsIdentifier(ctx context.Context, ct identity.CredentialsType, match string) (*identity.Identity, *identity.Credentials, error) { nid := corp.ContextualizeNID(ctx, p.nid) - var cts []identity.CredentialsTypeTable - if err := p.GetConnection(ctx).All(&cts); err != nil { - return nil, nil, sqlcon.HandleError(err) - } - var find struct { IdentityID uuid.UUID `db:"identity_id"` } @@ -90,7 +85,7 @@ func (p *Persister) FindByCredentialsIdentifier(ctx context.Context, ct identity ic.identity_id FROM %s ic INNER JOIN %s ict on ic.identity_credential_type_id = ict.id - INNER JOIN %s ici on ic.id = ici.identity_credential_id + INNER JOIN %s ici on ic.id = ici.identity_credential_id AND ici.identity_credential_type_id = ict.id WHERE ici.identifier = ? AND ic.nid = ? AND ici.nid = ? From af28de267f21cd72953f3f353d8fd587937b2249 Mon Sep 17 00:00:00 2001 From: aeneasr <3372410+aeneasr@users.noreply.github.com> Date: Thu, 12 May 2022 18:29:19 +0200 Subject: [PATCH 032/411] fix: improve performance of identity schema call --- driver/config/config.go | 19 ++++--------------- 1 file changed, 4 insertions(+), 15 deletions(-) diff --git a/driver/config/config.go b/driver/config/config.go index 47bf8578821e..538e991bd5c7 100644 --- a/driver/config/config.go +++ b/driver/config/config.go @@ -209,8 +209,8 @@ type ( Config json.RawMessage `json:"config"` } Schema struct { - ID string `json:"id"` - URL string `json:"url"` + ID string `json:"id" koanf:"id"` + URL string `json:"url" koanf:"url"` } PasswordPolicy struct { HaveIBeenPwnedHost string `json:"haveibeenpwned_host"` @@ -517,19 +517,8 @@ func (p *Config) OIDCRedirectURIBase() *url.URL { return p.Source().URIF(ViperKeyOIDCBaseRedirectURL, p.SelfPublicURL()) } -func (p *Config) IdentityTraitsSchemas() (Schemas, error) { - var ss Schemas - out, err := p.p.Marshal(kjson.Parser()) - if err != nil { - return ss, nil - } - - config := gjson.GetBytes(out, ViperKeyIdentitySchemas).Raw - if len(config) == 0 { - return ss, nil - } - - if err := json.NewDecoder(bytes.NewBufferString(config)).Decode(&ss); err != nil { +func (p *Config) IdentityTraitsSchemas() (ss Schemas, err error) { + if err = p.Source().Koanf.Unmarshal(ViperKeyIdentitySchemas, &ss); err != nil { return ss, nil } From e0cdbc9ab3389de0f65b37758d86bea56d294d64 Mon Sep 17 00:00:00 2001 From: aeneasr <3372410+aeneasr@users.noreply.github.com> Date: Thu, 12 May 2022 18:29:33 +0200 Subject: [PATCH 033/411] fix: add indices for slow queries --- ...20512102703000000_missing_indices.down.sql | 67 ++++++++++++++++++ ...02703000000_missing_indices.mysql.down.sql | 67 ++++++++++++++++++ ...2102703000000_missing_indices.mysql.up.sql | 70 +++++++++++++++++++ ...2102703000000_missing_indices.up.mysql.sql | 70 +++++++++++++++++++ 4 files changed, 274 insertions(+) create mode 100644 persistence/sql/migrations/sql/20220512102703000000_missing_indices.down.sql create mode 100644 persistence/sql/migrations/sql/20220512102703000000_missing_indices.mysql.down.sql create mode 100644 persistence/sql/migrations/sql/20220512102703000000_missing_indices.mysql.up.sql create mode 100644 persistence/sql/migrations/sql/20220512102703000000_missing_indices.up.mysql.sql diff --git a/persistence/sql/migrations/sql/20220512102703000000_missing_indices.down.sql b/persistence/sql/migrations/sql/20220512102703000000_missing_indices.down.sql new file mode 100644 index 000000000000..b004605865e9 --- /dev/null +++ b/persistence/sql/migrations/sql/20220512102703000000_missing_indices.down.sql @@ -0,0 +1,67 @@ +DROP INDEX `sessions_identity_id_nid_idx`; +DROP INDEX `identities_id_nid_idx`; +DROP INDEX `identities_nid_id_idx`; +DROP INDEX `continuity_containers_nid_id_idx`; +DROP INDEX `continuity_containers_id_nid_idx`; +DROP INDEX `courier_message_nid_id_idx`; +DROP INDEX `courier_message_id_nid_idx`; +DROP INDEX `courier_message_nid_id_idx`; +DROP INDEX `courier_message_id_nid_idx`; +DROP INDEX `identity_credential_identifiers_nid_id_idx`; +DROP INDEX `identity_credential_identifiers_id_nid_idx`; +DROP INDEX `identity_credentials_nid_id_idx`; +DROP INDEX `identity_credentials_id_nid_idx`; +DROP INDEX `identity_recovery_addresses_nid_id_idx`; +DROP INDEX `identity_recovery_addresses_id_nid_idx`; +DROP INDEX `identity_recovery_tokens_nid_id_idx`; +DROP INDEX `identity_recovery_tokens_id_nid_idx`; +DROP INDEX `identity_recovery_tokens_selfservice_recovery_flow_id_idx`; +DROP INDEX `identity_recovery_tokens_identity_recovery_address_id_idx`; +DROP INDEX `identity_verification_tokens_nid_id_idx`; +DROP INDEX `identity_verification_tokens_id_nid_idx`; +DROP INDEX `identity_verification_tokens_token_nid_used_idx`; +DROP INDEX `identity_recovery_addresses_nid_id_idx`; +DROP INDEX `identity_recovery_addresses_id_nid_idx`; +DROP INDEX `selfservice_login_flows_nid_id_idx`; +DROP INDEX `selfservice_login_flows_id_nid_idx`; +DROP INDEX `selfservice_recovery_flows_nid_id_idx`; +DROP INDEX `selfservice_recovery_flows_id_nid_idx`; +DROP INDEX `selfservice_registration_flows_nid_id_idx`; +DROP INDEX `selfservice_registration_flows_id_nid_idx`; +DROP INDEX `selfservice_settings_flows_nid_id_idx`; +DROP INDEX `selfservice_settings_flows_id_nid_idx`; +DROP INDEX `selfservice_verification_flows_nid_id_idx`; +DROP INDEX `selfservice_verification_flows_id_nid_idx`; +DROP INDEX `sessions_nid_id_identity_id_idx`; +DROP INDEX `sessions_id_nid_idx`; +DROP INDEX `sessions_token_nid_idx`; + +CREATE INDEX identities_nid_idx ON identities (id, nid); + +CREATE INDEX continuity_containers_nid_idx ON continuity_containers (id, nid); + +CREATE INDEX courier_messages_nid_idx ON courier_messages (id, nid); + +CREATE INDEX identity_credential_identifiers_nid_idx ON identity_credential_identifiers (id, nid); + +CREATE INDEX identity_credentials_nid_idx ON identity_credentials (id, nid); + +CREATE INDEX identity_recovery_addresses_nid_idx ON identity_recovery_addresses (id, nid); + +CREATE INDEX identity_recovery_tokens_nid_idx ON identity_recovery_tokens (id, nid); +CREATE INDEX identity_recovery_addresses_code_idx ON identity_recovery_tokens (token); + +CREATE INDEX identity_verifiable_addresses_nid_idx ON identity_verifiable_addresses (id, nid); + +CREATE INDEX identity_verification_tokens_nid_idx ON identity_verification_tokens (id, nid); +CREATE INDEX identity_verification_tokens_token_idx ON identity_verification_tokens (token); + +CREATE INDEX selfservice_login_flows_nid_idx ON selfservice_login_flows (id,nid); +CREATE INDEX selfservice_recovery_flows_nid_idx ON selfservice_recovery_flows (id,nid); +CREATE INDEX selfservice_registration_flows_nid_idx ON selfservice_registration_flows (id,nid); +CREATE INDEX selfservice_settings_flows_nid_idx ON selfservice_settings_flows (id,nid); +CREATE INDEX selfservice_verification_flows_nid_idx ON selfservice_verification_flows (id,nid); + +CREATE INDEX sessions_nid_idx ON sessions (id, nid); +CREATE INDEX sessions_token_idx ON sessions (token); +CREATE INDEX sessions_logout_token_idx ON sessions (logout_token); diff --git a/persistence/sql/migrations/sql/20220512102703000000_missing_indices.mysql.down.sql b/persistence/sql/migrations/sql/20220512102703000000_missing_indices.mysql.down.sql new file mode 100644 index 000000000000..4f29a180e35a --- /dev/null +++ b/persistence/sql/migrations/sql/20220512102703000000_missing_indices.mysql.down.sql @@ -0,0 +1,67 @@ +DROP INDEX `sessions_identity_id_nid_idx` ON sessions; +DROP INDEX `identities_id_nid_idx` ON identities; +DROP INDEX `identities_nid_id_idx` ON identities; +DROP INDEX `continuity_containers_nid_id_idx` ON continuity_containers; +DROP INDEX `continuity_containers_id_nid_idx` ON continuity_containers; +DROP INDEX `courier_message_nid_id_idx` ON courier_message; +DROP INDEX `courier_message_id_nid_idx` ON courier_message; +DROP INDEX `courier_message_nid_id_idx` ON courier_message; +DROP INDEX `courier_message_id_nid_idx` ON courier_message; +DROP INDEX `identity_credential_identifiers_nid_id_idx` ON identity_credential_identifiers; +DROP INDEX `identity_credential_identifiers_id_nid_idx` ON identity_credential_identifiers; +DROP INDEX `identity_credentials_nid_id_idx`ON identity_credentials; +DROP INDEX `identity_credentials_id_nid_idx`ON identity_credentials; +DROP INDEX `identity_recovery_addresses_nid_id_idx` ON identity_recovery_addresses; +DROP INDEX `identity_recovery_addresses_id_nid_idx` ON identity_recovery_addresses; +DROP INDEX `identity_recovery_tokens_nid_id_idx` ON identity_recovery_tokens; +DROP INDEX `identity_recovery_tokens_id_nid_idx` ON identity_recovery_tokens; +DROP INDEX `identity_recovery_tokens_selfservice_recovery_flow_id_idx` ON identity_recovery_tokens; +DROP INDEX `identity_recovery_tokens_identity_recovery_address_id_idx` ON identity_recovery_tokens; +DROP INDEX `identity_verification_tokens_nid_id_idx` ON identity_verification_tokens; +DROP INDEX `identity_verification_tokens_id_nid_idx` ON identity_verification_tokens; +DROP INDEX `identity_verification_tokens_token_nid_used_idx` ON identity_verification_tokens; +DROP INDEX `identity_recovery_addresses_nid_id_idx` ON identity_recovery_addresses; +DROP INDEX `identity_recovery_addresses_id_nid_idx` ON identity_recovery_addresses; +DROP INDEX `selfservice_login_flows_nid_id_idx` ON selfservice_login_flows; +DROP INDEX `selfservice_login_flows_id_nid_idx` ON selfservice_login_flows; +DROP INDEX `selfservice_recovery_flows_nid_id_idx` ON selfservice_recovery_flows; +DROP INDEX `selfservice_recovery_flows_id_nid_idx` ON selfservice_recovery_flows; +DROP INDEX `selfservice_registration_flows_nid_id_idx` ON selfservice_registration_flows; +DROP INDEX `selfservice_registration_flows_id_nid_idx` ON selfservice_registration_flows; +DROP INDEX `selfservice_settings_flows_nid_id_idx` ON selfservice_settings_flows; +DROP INDEX `selfservice_settings_flows_id_nid_idx` ON selfservice_settings_flows; +DROP INDEX `selfservice_verification_flows_nid_id_idx` ON selfservice_verification_flows; +DROP INDEX `selfservice_verification_flows_id_nid_idx` ON selfservice_verification_flows; +DROP INDEX `sessions_nid_id_identity_id_idx` ON sessions; +DROP INDEX `sessions_id_nid_idx` ON sessions; +DROP INDEX `sessions_token_nid_idx` ON sessions; + +CREATE INDEX identities_nid_idx ON identities (id, nid); + +CREATE INDEX continuity_containers_nid_idx ON continuity_containers (id, nid); + +CREATE INDEX courier_messages_nid_idx ON courier_messages (id, nid); + +CREATE INDEX identity_credential_identifiers_nid_idx ON identity_credential_identifiers (id, nid); + +CREATE INDEX identity_credentials_nid_idx ON identity_credentials (id, nid); + +CREATE INDEX identity_recovery_addresses_nid_idx ON identity_recovery_addresses (id, nid); + +CREATE INDEX identity_recovery_tokens_nid_idx ON identity_recovery_tokens (id, nid); +CREATE INDEX identity_recovery_addresses_code_idx ON identity_recovery_tokens (token); + +CREATE INDEX identity_verifiable_addresses_nid_idx ON identity_verifiable_addresses (id, nid); + +CREATE INDEX identity_verification_tokens_nid_idx ON identity_verification_tokens (id, nid); +CREATE INDEX identity_verification_tokens_token_idx ON identity_verification_tokens (token); + +CREATE INDEX selfservice_login_flows_nid_idx ON selfservice_login_flows (id,nid); +CREATE INDEX selfservice_recovery_flows_nid_idx ON selfservice_recovery_flows (id,nid); +CREATE INDEX selfservice_registration_flows_nid_idx ON selfservice_registration_flows (id,nid); +CREATE INDEX selfservice_settings_flows_nid_idx ON selfservice_settings_flows (id,nid); +CREATE INDEX selfservice_verification_flows_nid_idx ON selfservice_verification_flows (id,nid); + +CREATE INDEX sessions_nid_idx ON sessions (id, nid); +CREATE INDEX sessions_token_idx ON sessions (token); +CREATE INDEX sessions_logout_token_idx ON sessions (logout_token); diff --git a/persistence/sql/migrations/sql/20220512102703000000_missing_indices.mysql.up.sql b/persistence/sql/migrations/sql/20220512102703000000_missing_indices.mysql.up.sql new file mode 100644 index 000000000000..9e6a75d1f8f4 --- /dev/null +++ b/persistence/sql/migrations/sql/20220512102703000000_missing_indices.mysql.up.sql @@ -0,0 +1,70 @@ +CREATE INDEX `sessions_identity_id_nid_idx` ON `sessions` (identity_id, nid); + +DROP INDEX `identities_nid_idx`; +CREATE INDEX `identities_id_nid_idx` ON `identities` (id, nid); +CREATE INDEX `identities_nid_id_idx` ON `identities` (nid, id); + +DROP INDEX `continuity_containers_nid_idx`; +CREATE INDEX `continuity_containers_nid_id_idx` ON `continuity_containers` (nid, id); +CREATE INDEX `continuity_containers_id_nid_idx` ON `continuity_containers` (id, nid); + +DROP INDEX `courier_message_nid_idx`; +CREATE INDEX `courier_message_nid_id_idx` ON `courier_message` (nid, id); +CREATE INDEX `courier_message_id_nid_idx` ON `courier_message` (id, nid); + +DROP INDEX `identity_credential_identifiers_nid_idx`; +CREATE INDEX `identity_credential_identifiers_nid_id_idx` ON `identity_credential_identifiers` (nid, id); +CREATE INDEX `identity_credential_identifiers_id_nid_idx` ON `identity_credential_identifiers` (id, nid); + +DROP INDEX `identity_credentials_nid_idx`; +CREATE INDEX `identity_credentials_nid_id_idx` ON `identity_credentials` (nid, id); +CREATE INDEX `identity_credentials_id_nid_idx` ON `identity_credentials` (id, nid); + +DROP INDEX `identity_recovery_addresses_nid_idx`; +CREATE INDEX `identity_recovery_addresses_nid_id_idx` ON `identity_recovery_addresses` (nid, id); +CREATE INDEX `identity_recovery_addresses_id_nid_idx` ON `identity_recovery_addresses` (id, nid); + +DROP INDEX `identity_recovery_tokens_nid_idx`; +CREATE INDEX `identity_recovery_tokens_nid_id_idx` ON `identity_recovery_tokens` (nid, id); +CREATE INDEX `identity_recovery_tokens_id_nid_idx` ON `identity_recovery_tokens` (id, nid); +CREATE INDEX `identity_recovery_tokens_selfservice_recovery_flow_id_idx` ON `identity_recovery_tokens` (selfservice_recovery_flow_id); +CREATE INDEX `identity_recovery_tokens_identity_recovery_address_id_idx` ON `identity_recovery_tokens` (identity_recovery_address_id); +CREATE INDEX `identity_recovery_tokens_token_nid_used_idx` ON `identity_recovery_tokens` (nid, token, used); +DROP INDEX `identity_recovery_addresses_code_idx`; + +DROP INDEX `identity_verifiable_addresses_nid_idx`; +CREATE INDEX `identity_verifiable_addresses_nid_id_idx` ON `identity_verifiable_addresses` (nid, id); +CREATE INDEX `identity_verifiable_addresses_id_nid_idx` ON `identity_verifiable_addresses` (id, nid); + +DROP INDEX `identity_verification_tokens_nid_idx`; +DROP INDEX `identity_verification_tokens_token_idx`; +CREATE INDEX `identity_verification_tokens_nid_id_idx` ON `identity_verification_tokens` (nid, id); +CREATE INDEX `identity_verification_tokens_id_nid_idx` ON `identity_verification_tokens` (id, nid); +CREATE INDEX `identity_verification_tokens_token_nid_used_idx` ON `identity_verification_tokens` (nid, token, used); + +DROP INDEX `selfservice_login_flows_nid_idx`; +CREATE INDEX `selfservice_login_flows_nid_id_idx` ON `selfservice_login_flows` (nid, id); +CREATE INDEX `selfservice_login_flows_id_nid_idx` ON `selfservice_login_flows` (id, nid); + +DROP INDEX `selfservice_recovery_flows_nid_idx`; +CREATE INDEX `selfservice_recovery_flows_nid_id_idx` ON `selfservice_recovery_flows` (nid, id); +CREATE INDEX `selfservice_recovery_flows_id_nid_idx` ON `selfservice_recovery_flows` (id, nid); + +DROP INDEX `selfservice_registration_flows_nid_idx`; +CREATE INDEX `selfservice_registration_flows_nid_id_idx` ON `selfservice_registration_flows` (nid, id); +CREATE INDEX `selfservice_registration_flows_id_nid_idx` ON `selfservice_registration_flows` (id, nid); + +DROP INDEX `selfservice_settings_flows_nid_idx`; +CREATE INDEX `selfservice_settings_flows_nid_id_idx` ON `selfservice_settings_flows` (nid, id); +CREATE INDEX `selfservice_settings_flows_id_nid_idx` ON `selfservice_settings_flows` (id, nid); + +DROP INDEX `selfservice_verification_flows_nid_idx`; +CREATE INDEX `selfservice_verification_flows_nid_id_idx` ON `selfservice_verification_flows` (nid, id); +CREATE INDEX `selfservice_verification_flows_id_nid_idx` ON `selfservice_verification_flows` (id, nid); + +DROP INDEX `sessions_nid_idx`; +DROP INDEX sessions_token_idx; +DROP INDEX sessions_logout_token_idx; +CREATE INDEX `sessions_nid_id_identity_id_idx` ON `sessions` (nid, identity_id, id); +CREATE INDEX `sessions_id_nid_idx` ON `sessions` (id, nid); +CREATE INDEX `sessions_token_nid_idx` ON `sessions` (nid, token); diff --git a/persistence/sql/migrations/sql/20220512102703000000_missing_indices.up.mysql.sql b/persistence/sql/migrations/sql/20220512102703000000_missing_indices.up.mysql.sql new file mode 100644 index 000000000000..488aee9e63c8 --- /dev/null +++ b/persistence/sql/migrations/sql/20220512102703000000_missing_indices.up.mysql.sql @@ -0,0 +1,70 @@ +CREATE INDEX `sessions_identity_id_nid_idx` ON `sessions` (identity_id, nid); + +DROP INDEX `identities_nid_idx` ON `identities`; +CREATE INDEX `identities_id_nid_idx` ON `identities` (id, nid); +CREATE INDEX `identities_nid_id_idx` ON `identities` (nid, id); + +DROP INDEX `continuity_containers_nid_idx` ON `continuity_containers`; +CREATE INDEX `continuity_containers_nid_id_idx` ON `continuity_containers` (nid, id); +CREATE INDEX `continuity_containers_id_nid_idx` ON `continuity_containers` (id, nid); + +DROP INDEX `courier_message_nid_idx` ON `courier_message`; +CREATE INDEX `courier_message_nid_id_idx` ON `courier_message` (nid, id); +CREATE INDEX `courier_message_id_nid_idx` ON `courier_message` (id, nid); + +DROP INDEX `identity_credential_identifiers_nid_idx` ON `identity_credential_identifiers`; +CREATE INDEX `identity_credential_identifiers_nid_id_idx` ON `identity_credential_identifiers` (nid, id); +CREATE INDEX `identity_credential_identifiers_id_nid_idx` ON `identity_credential_identifiers` (id, nid); + +DROP INDEX `identity_credentials_nid_idx` ON `identity_credentials`; +CREATE INDEX `identity_credentials_nid_id_idx` ON `identity_credentials` (nid, id); +CREATE INDEX `identity_credentials_id_nid_idx` ON `identity_credentials` (id, nid); + +DROP INDEX `identity_recovery_addresses_nid_idx` ON `identity_recovery_addresses`; +CREATE INDEX `identity_recovery_addresses_nid_id_idx` ON `identity_recovery_addresses` (nid, id); +CREATE INDEX `identity_recovery_addresses_id_nid_idx` ON `identity_recovery_addresses` (id, nid); + +DROP INDEX `identity_recovery_tokens_nid_idx` ON `identity_recovery_tokens`; +DROP INDEX `identity_recovery_addresses_code_idx` ON `identity_recovery_tokens`; +CREATE INDEX `identity_recovery_tokens_nid_id_idx` ON `identity_recovery_tokens` (nid, id); +CREATE INDEX `identity_recovery_tokens_id_nid_idx` ON `identity_recovery_tokens` (id, nid); +CREATE INDEX `identity_recovery_tokens_selfservice_recovery_flow_id_idx` ON `identity_recovery_tokens` (selfservice_recovery_flow_id); +CREATE INDEX `identity_recovery_tokens_identity_recovery_address_id_idx` ON `identity_recovery_tokens` (identity_recovery_address_id); +CREATE INDEX `identity_recovery_tokens_token_nid_used_idx` ON `identity_recovery_tokens` (nid, token, used); + +DROP INDEX `identity_verifiable_addresses_nid_idx` ON `identity_verifiable_addresses`; +CREATE INDEX `identity_verifiable_addresses_nid_id_idx` ON `identity_verifiable_addresses` (nid, id); +CREATE INDEX `identity_verifiable_addresses_id_nid_idx` ON `identity_verifiable_addresses` (id, nid); + +DROP INDEX `identity_verification_tokens_nid_idx` ON `identity_verification_tokens`; +DROP INDEX `identity_verification_tokens_token_idx` ON `identity_verification_tokens`; +CREATE INDEX `identity_verification_tokens_nid_id_idx` ON `identity_verification_tokens` (nid, id); +CREATE INDEX `identity_verification_tokens_id_nid_idx` ON `identity_verification_tokens` (id, nid); +CREATE INDEX `identity_verification_tokens_token_nid_used_idx` ON `identity_verification_tokens` (nid, token, used); + +DROP INDEX `selfservice_login_flows_nid_idx` ON `selfservice_login_flows`; +CREATE INDEX `selfservice_login_flows_nid_id_idx` ON `selfservice_login_flows` (nid, id); +CREATE INDEX `selfservice_login_flows_id_nid_idx` ON `selfservice_login_flows` (id, nid); + +DROP INDEX `selfservice_recovery_flows_nid_idx` ON `selfservice_recovery_flows`; +CREATE INDEX `selfservice_recovery_flows_nid_id_idx` ON `selfservice_recovery_flows` (nid, id); +CREATE INDEX `selfservice_recovery_flows_id_nid_idx` ON `selfservice_recovery_flows` (id, nid); + +DROP INDEX `selfservice_registration_flows_nid_idx` ON `selfservice_registration_flows`; +CREATE INDEX `selfservice_registration_flows_nid_id_idx` ON `selfservice_registration_flows` (nid, id); +CREATE INDEX `selfservice_registration_flows_id_nid_idx` ON `selfservice_registration_flows` (id, nid); + +DROP INDEX `selfservice_settings_flows_nid_idx` ON `selfservice_settings_flows`; +CREATE INDEX `selfservice_settings_flows_nid_id_idx` ON `selfservice_settings_flows` (nid, id); +CREATE INDEX `selfservice_settings_flows_id_nid_idx` ON `selfservice_settings_flows` (id, nid); + +DROP INDEX `selfservice_verification_flows_nid_idx` ON `selfservice_verification_flows`; +CREATE INDEX `selfservice_verification_flows_nid_id_idx` ON `selfservice_verification_flows` (nid, id); +CREATE INDEX `selfservice_verification_flows_id_nid_idx` ON `selfservice_verification_flows` (id, nid); + +DROP INDEX `sessions_nid_idx` ON `sessions`; +DROP INDEX sessions_token_idx ON `sessions`; +DROP INDEX sessions_logout_token_idx ON `sessions`; +CREATE INDEX `sessions_nid_id_identity_id_idx` ON `sessions` (nid, identity_id, id); +CREATE INDEX `sessions_id_nid_idx` ON `sessions` (id, nid); +CREATE INDEX `sessions_token_nid_idx` ON `sessions` (nid, token); From 5277668b1324173df95db5e9e4b96ed841ff088b Mon Sep 17 00:00:00 2001 From: aeneasr <3372410+aeneasr@users.noreply.github.com> Date: Thu, 12 May 2022 18:29:44 +0200 Subject: [PATCH 034/411] refactor: deprecate fizz renderer --- Makefile | 12 ------------ persistence/sql/migrations/templates/README.md | 1 + 2 files changed, 1 insertion(+), 12 deletions(-) create mode 100644 persistence/sql/migrations/templates/README.md diff --git a/Makefile b/Makefile index a1ab49a47908..fe31379ebca6 100644 --- a/Makefile +++ b/Makefile @@ -159,18 +159,6 @@ test-e2e: node_modules test-resetdb migrations-sync: .bin/ory ory dev pop migration sync persistence/sql/migrations/templates persistence/sql/migratest/testdata -.PHONY: migrations-render -migrations-render: .bin/ory - ory dev pop migration render persistence/sql/migrations/templates persistence/sql/migrations/sql - -.PHONY: migrations-render-replace -migrations-render-replace: .bin/ory - ory dev pop migration render -r persistence/sql/migrations/templates persistence/sql/migrations/sql - -.PHONY: migratest-refresh -migratest-refresh: - cd persistence/sql/migratest; UPDATE_SNAPSHOTS=true go test -p 1 -tags sqlite -short . - .PHONY: test-update-snapshots test-update-snapshots: UPDATE_SNAPSHOTS=true go test -p 4 -tags sqlite -short ./... diff --git a/persistence/sql/migrations/templates/README.md b/persistence/sql/migrations/templates/README.md new file mode 100644 index 000000000000..33915334ce47 --- /dev/null +++ b/persistence/sql/migrations/templates/README.md @@ -0,0 +1 @@ +# The fizz templates are frozen at this point. Add SQL migrations right in `./sql` From 0998cfb2fdda27ba8baeebcc603aae5fbe5c901f Mon Sep 17 00:00:00 2001 From: aeneasr <3372410+aeneasr@users.noreply.github.com> Date: Thu, 12 May 2022 18:31:12 +0200 Subject: [PATCH 035/411] fix: use JOIN instead of iterative queries See #2402 --- persistence/sql/persister_identity.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/persistence/sql/persister_identity.go b/persistence/sql/persister_identity.go index b78b6936f129..470b71f48936 100644 --- a/persistence/sql/persister_identity.go +++ b/persistence/sql/persister_identity.go @@ -347,7 +347,7 @@ func (p *Persister) DeleteIdentity(ctx context.Context, id uuid.UUID) error { func (p *Persister) GetIdentity(ctx context.Context, id uuid.UUID) (*identity.Identity, error) { var i identity.Identity - if err := p.GetConnection(ctx).Where("id = ? AND nid = ?", id, corp.ContextualizeNID(ctx, p.nid)).First(&i); err != nil { + if err := p.GetConnection(ctx).EagerPreload("VerifiableAddresses", "RecoveryAddresses").Where("id = ? AND nid = ?", id, corp.ContextualizeNID(ctx, p.nid)).First(&i); err != nil { return nil, sqlcon.HandleError(err) } From 391c54eb3ba721e4912a7a4676acc2f630be2a72 Mon Sep 17 00:00:00 2001 From: aeneasr <3372410+aeneasr@users.noreply.github.com> Date: Thu, 12 May 2022 18:31:24 +0200 Subject: [PATCH 036/411] feat: add tracing to persister --- persistence/sql/persister.go | 9 ++++ persistence/sql/persister_continuity.go | 9 ++++ persistence/sql/persister_courier.go | 12 +++++ persistence/sql/persister_errorx.go | 16 +++++- persistence/sql/persister_hmac.go | 8 +-- persistence/sql/persister_identity.go | 65 +++++++++++++++++++++++ persistence/sql/persister_login.go | 12 +++++ persistence/sql/persister_recovery.go | 26 +++++++-- persistence/sql/persister_registration.go | 9 ++++ persistence/sql/persister_session.go | 30 +++++++++++ persistence/sql/persister_settings.go | 9 ++++ persistence/sql/persister_verification.go | 26 +++++++-- 12 files changed, 218 insertions(+), 13 deletions(-) diff --git a/persistence/sql/persister.go b/persistence/sql/persister.go index a0b620603956..55801ec3b216 100644 --- a/persistence/sql/persister.go +++ b/persistence/sql/persister.go @@ -85,6 +85,9 @@ func (p *Persister) Connection(ctx context.Context) *pop.Connection { } func (p *Persister) MigrationStatus(ctx context.Context) (popx.MigrationStatuses, error) { + ctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, "persistence.sql.MigrationStatus") + defer span.End() + if p.mbs != nil { return p.mbs, nil } @@ -136,6 +139,9 @@ type node interface { } func (p *Persister) update(ctx context.Context, v node, columnNames ...string) error { + ctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, "persistence.sql.update") + defer span.End() + c := p.GetConnection(ctx) quoter, ok := c.Dialect.(quotable) if !ok { @@ -184,6 +190,9 @@ func (p *Persister) update(ctx context.Context, v node, columnNames ...string) e } func (p *Persister) delete(ctx context.Context, v interface{}, id uuid.UUID) error { + ctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, "persistence.sql.delete") + defer span.End() + nid := corp.ContextualizeNID(ctx, p.nid) tabler, ok := v.(interface { diff --git a/persistence/sql/persister_continuity.go b/persistence/sql/persister_continuity.go index 04cf60c6e43c..f752f60987ed 100644 --- a/persistence/sql/persister_continuity.go +++ b/persistence/sql/persister_continuity.go @@ -18,11 +18,17 @@ import ( var _ continuity.Persister = new(Persister) func (p *Persister) SaveContinuitySession(ctx context.Context, c *continuity.Container) error { + ctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, "persistence.sql.SaveContinuitySession") + defer span.End() + c.NID = corp.ContextualizeNID(ctx, p.nid) return sqlcon.HandleError(p.GetConnection(ctx).Create(c)) } func (p *Persister) GetContinuitySession(ctx context.Context, id uuid.UUID) (*continuity.Container, error) { + ctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, "persistence.sql.GetContinuitySession") + defer span.End() + var c continuity.Container if err := p.GetConnection(ctx).Where("id = ? AND nid = ?", id, corp.ContextualizeNID(ctx, p.nid)).First(&c); err != nil { return nil, sqlcon.HandleError(err) @@ -31,6 +37,9 @@ func (p *Persister) GetContinuitySession(ctx context.Context, id uuid.UUID) (*co } func (p *Persister) DeleteContinuitySession(ctx context.Context, id uuid.UUID) error { + ctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, "persistence.sql.DeleteContinuitySession") + defer span.End() + if count, err := p.GetConnection(ctx).RawQuery( // #nosec fmt.Sprintf("DELETE FROM %s WHERE id=? AND nid=?", diff --git a/persistence/sql/persister_courier.go b/persistence/sql/persister_courier.go index cedeb1a4a22c..2450276ffd5e 100644 --- a/persistence/sql/persister_courier.go +++ b/persistence/sql/persister_courier.go @@ -19,12 +19,18 @@ import ( var _ courier.Persister = new(Persister) func (p *Persister) AddMessage(ctx context.Context, m *courier.Message) error { + ctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, "persistence.sql.AddMessage") + defer span.End() + m.NID = corp.ContextualizeNID(ctx, p.nid) m.Status = courier.MessageStatusQueued return sqlcon.HandleError(p.GetConnection(ctx).Create(m)) // do not create eager to avoid identity injection. } func (p *Persister) NextMessages(ctx context.Context, limit uint8) (messages []courier.Message, err error) { + ctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, "persistence.sql.NextMessages") + defer span.End() + if err := p.Transaction(ctx, func(ctx context.Context, tx *pop.Connection) error { var m []courier.Message if err := tx. @@ -67,6 +73,9 @@ func (p *Persister) NextMessages(ctx context.Context, limit uint8) (messages []c } func (p *Persister) LatestQueuedMessage(ctx context.Context) (*courier.Message, error) { + ctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, "persistence.sql.LatestQueuedMessage") + defer span.End() + var m courier.Message if err := p.GetConnection(ctx). Where("nid = ? AND status = ?", @@ -85,6 +94,9 @@ func (p *Persister) LatestQueuedMessage(ctx context.Context) (*courier.Message, } func (p *Persister) SetMessageStatus(ctx context.Context, id uuid.UUID, ms courier.MessageStatus) error { + ctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, "persistence.sql.SetMessageStatus") + defer span.End() + count, err := p.GetConnection(ctx).RawQuery( // #nosec G201 fmt.Sprintf( diff --git a/persistence/sql/persister_errorx.go b/persistence/sql/persister_errorx.go index ea77c059966d..58438c0f628a 100644 --- a/persistence/sql/persister_errorx.go +++ b/persistence/sql/persister_errorx.go @@ -25,7 +25,10 @@ import ( var _ errorx.Persister = new(Persister) func (p *Persister) Add(ctx context.Context, csrfToken string, errs error) (uuid.UUID, error) { - buf, err := p.encodeSelfServiceErrors(errs) + ctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, "persistence.sql.Add") + defer span.End() + + buf, err := p.encodeSelfServiceErrors(ctx, errs) if err != nil { return uuid.Nil, err } @@ -46,6 +49,9 @@ func (p *Persister) Add(ctx context.Context, csrfToken string, errs error) (uuid } func (p *Persister) Read(ctx context.Context, id uuid.UUID) (*errorx.ErrorContainer, error) { + ctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, "persistence.sql.Read") + defer span.End() + var ec errorx.ErrorContainer if err := p.GetConnection(ctx).Where("id = ? AND nid = ?", id, corp.ContextualizeNID(ctx, p.nid)).First(&ec); err != nil { return nil, sqlcon.HandleError(err) @@ -62,6 +68,9 @@ func (p *Persister) Read(ctx context.Context, id uuid.UUID) (*errorx.ErrorContai } func (p *Persister) Clear(ctx context.Context, olderThan time.Duration, force bool) (err error) { + ctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, "persistence.sql.Clear") + defer span.End() + if force { // #nosec G201 err = p.GetConnection(ctx).RawQuery( @@ -77,7 +86,10 @@ func (p *Persister) Clear(ctx context.Context, olderThan time.Duration, force bo return sqlcon.HandleError(err) } -func (p *Persister) encodeSelfServiceErrors(e error) (*bytes.Buffer, error) { +func (p *Persister) encodeSelfServiceErrors(ctx context.Context, e error) (*bytes.Buffer, error) { + ctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, "persistence.sql.encodeSelfServiceErrors") + defer span.End() + if e == nil { return nil, errors.WithStack(herodot.ErrInternalServerError.WithDebug("A nil error was passed to the error manager which is most likely a code bug.")) } diff --git a/persistence/sql/persister_hmac.go b/persistence/sql/persister_hmac.go index 46cc3f55c74c..c2c01a9b34c7 100644 --- a/persistence/sql/persister_hmac.go +++ b/persistence/sql/persister_hmac.go @@ -9,10 +9,12 @@ import ( ) func (p *Persister) hmacValue(ctx context.Context, value string) string { - return p.hmacValueWithSecret(value, p.r.Config(ctx).SecretsSession()[0]) + return p.hmacValueWithSecret(ctx, value, p.r.Config(ctx).SecretsSession()[0]) } -func (p *Persister) hmacValueWithSecret(value string, secret []byte) string { +func (p *Persister) hmacValueWithSecret(ctx context.Context, value string, secret []byte) string { + ctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, "persistence.sql.hmacValueWithSecret") + defer span.End() h := hmac.New(sha512.New512_256, secret) _, _ = h.Write([]byte(value)) return fmt.Sprintf("%x", h.Sum(nil)) @@ -20,7 +22,7 @@ func (p *Persister) hmacValueWithSecret(value string, secret []byte) string { func (p *Persister) hmacConstantCompare(ctx context.Context, value, hash string) bool { for _, secret := range p.r.Config(ctx).SecretsSession() { - if subtle.ConstantTimeCompare([]byte(p.hmacValueWithSecret(value, secret)), []byte(hash)) == 1 { + if subtle.ConstantTimeCompare([]byte(p.hmacValueWithSecret(ctx, value, secret)), []byte(hash)) == 1 { return true } } diff --git a/persistence/sql/persister_identity.go b/persistence/sql/persister_identity.go index 470b71f48936..91ffae4d3a1a 100644 --- a/persistence/sql/persister_identity.go +++ b/persistence/sql/persister_identity.go @@ -32,6 +32,9 @@ var _ identity.Pool = new(Persister) var _ identity.PrivilegedPool = new(Persister) func (p *Persister) ListVerifiableAddresses(ctx context.Context, page, itemsPerPage int) (a []identity.VerifiableAddress, err error) { + ctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, "persistence.sql.ListVerifiableAddresses") + defer span.End() + if err := p.GetConnection(ctx).Where("nid = ?", corp.ContextualizeNID(ctx, p.nid)).Order("id DESC").Paginate(page, x.MaxItemsPerPage(itemsPerPage)).All(&a); err != nil { return nil, sqlcon.HandleError(err) } @@ -40,6 +43,9 @@ func (p *Persister) ListVerifiableAddresses(ctx context.Context, page, itemsPerP } func (p *Persister) ListRecoveryAddresses(ctx context.Context, page, itemsPerPage int) (a []identity.RecoveryAddress, err error) { + ctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, "persistence.sql.ListRecoveryAddresses") + defer span.End() + if err := p.GetConnection(ctx).Where("nid = ?", corp.ContextualizeNID(ctx, p.nid)).Order("id DESC").Paginate(page, x.MaxItemsPerPage(itemsPerPage)).All(&a); err != nil { return nil, sqlcon.HandleError(err) } @@ -71,6 +77,9 @@ func (p *Persister) normalizeIdentifier(ct identity.CredentialsType, match strin } func (p *Persister) FindByCredentialsIdentifier(ctx context.Context, ct identity.CredentialsType, match string) (*identity.Identity, *identity.Credentials, error) { + ctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, "persistence.sql.FindByCredentialsIdentifier") + defer span.End() + nid := corp.ContextualizeNID(ctx, p.nid) var find struct { @@ -120,6 +129,9 @@ WHERE ici.identifier = ? } func (p *Persister) findIdentityCredentialsType(ctx context.Context, ct identity.CredentialsType) (*identity.CredentialsTypeTable, error) { + ctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, "persistence.sql.findIdentityCredentialsType") + defer span.End() + var m identity.CredentialsTypeTable if err := p.GetConnection(ctx).Where("name = ?", ct).First(&m); err != nil { return nil, sqlcon.HandleError(err) @@ -128,6 +140,9 @@ func (p *Persister) findIdentityCredentialsType(ctx context.Context, ct identity } func (p *Persister) createIdentityCredentials(ctx context.Context, i *identity.Identity) error { + ctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, "persistence.sql.createIdentityCredentials") + defer span.End() + c := p.GetConnection(ctx) nid := corp.ContextualizeNID(ctx, p.nid) @@ -175,6 +190,9 @@ func (p *Persister) createIdentityCredentials(ctx context.Context, i *identity.I } func (p *Persister) createVerifiableAddresses(ctx context.Context, i *identity.Identity) error { + ctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, "persistence.sql.createVerifiableAddresses") + defer span.End() + for k := range i.VerifiableAddresses { i.VerifiableAddresses[k].IdentityID = i.ID i.VerifiableAddresses[k].NID = corp.ContextualizeNID(ctx, p.nid) @@ -187,6 +205,9 @@ func (p *Persister) createVerifiableAddresses(ctx context.Context, i *identity.I } func (p *Persister) createRecoveryAddresses(ctx context.Context, i *identity.Identity) error { + ctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, "persistence.sql.createRecoveryAddresses") + defer span.End() + for k := range i.RecoveryAddresses { i.RecoveryAddresses[k].IdentityID = i.ID i.RecoveryAddresses[k].NID = corp.ContextualizeNID(ctx, p.nid) @@ -199,6 +220,9 @@ func (p *Persister) createRecoveryAddresses(ctx context.Context, i *identity.Ide } func (p *Persister) findVerifiableAddresses(ctx context.Context, i *identity.Identity) error { + ctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, "persistence.sql.findVerifiableAddresses") + defer span.End() + var addresses []identity.VerifiableAddress if err := p.GetConnection(ctx).Where("identity_id = ? AND nid = ?", i.ID, corp.ContextualizeNID(ctx, p.nid)).Order("id ASC").All(&addresses); err != nil { return err @@ -208,6 +232,9 @@ func (p *Persister) findVerifiableAddresses(ctx context.Context, i *identity.Ide } func (p *Persister) findRecoveryAddresses(ctx context.Context, i *identity.Identity) error { + ctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, "persistence.sql.findRecoveryAddresses") + defer span.End() + var addresses []identity.RecoveryAddress if err := p.GetConnection(ctx).Where("identity_id = ? AND nid = ?", i.ID, corp.ContextualizeNID(ctx, p.nid)).Order("id ASC").All(&addresses); err != nil { return err @@ -217,6 +244,9 @@ func (p *Persister) findRecoveryAddresses(ctx context.Context, i *identity.Ident } func (p *Persister) CountIdentities(ctx context.Context) (int64, error) { + ctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, "persistence.sql.CountIdentities") + defer span.End() + count, err := p.c.WithContext(ctx).Where("nid = ?", corp.ContextualizeNID(ctx, p.nid)).Count(new(identity.Identity)) if err != nil { return 0, sqlcon.HandleError(err) @@ -225,6 +255,9 @@ func (p *Persister) CountIdentities(ctx context.Context) (int64, error) { } func (p *Persister) CreateIdentity(ctx context.Context, i *identity.Identity) error { + ctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, "persistence.sql.CreateIdentity") + defer span.End() + i.NID = corp.ContextualizeNID(ctx, p.nid) if i.SchemaID == "" { @@ -267,6 +300,9 @@ func (p *Persister) CreateIdentity(ctx context.Context, i *identity.Identity) er } func (p *Persister) ListIdentities(ctx context.Context, page, perPage int) ([]identity.Identity, error) { + ctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, "persistence.sql.ListIdentities") + defer span.End() + is := make([]identity.Identity, 0) /* #nosec G201 TableName is static */ @@ -301,6 +337,9 @@ func (p *Persister) ListIdentities(ctx context.Context, page, perPage int) ([]id } func (p *Persister) UpdateIdentity(ctx context.Context, i *identity.Identity) error { + ctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, "persistence.sql.UpdateIdentity") + defer span.End() + if err := p.validateIdentity(ctx, i); err != nil { return err } @@ -342,10 +381,16 @@ func (p *Persister) UpdateIdentity(ctx context.Context, i *identity.Identity) er } func (p *Persister) DeleteIdentity(ctx context.Context, id uuid.UUID) error { + ctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, "persistence.sql.DeleteIdentity") + defer span.End() + return p.delete(ctx, new(identity.Identity), id) } func (p *Persister) GetIdentity(ctx context.Context, id uuid.UUID) (*identity.Identity, error) { + ctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, "persistence.sql.GetIdentity") + defer span.End() + var i identity.Identity if err := p.GetConnection(ctx).EagerPreload("VerifiableAddresses", "RecoveryAddresses").Where("id = ? AND nid = ?", id, corp.ContextualizeNID(ctx, p.nid)).First(&i); err != nil { return nil, sqlcon.HandleError(err) @@ -369,6 +414,9 @@ func (p *Persister) GetIdentity(ctx context.Context, id uuid.UUID) (*identity.Id } func (p *Persister) GetIdentityConfidential(ctx context.Context, id uuid.UUID) (*identity.Identity, error) { + ctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, "persistence.sql.GetIdentityConfidential") + defer span.End() + var i identity.Identity nid := corp.ContextualizeNID(ctx, p.nid) @@ -423,6 +471,9 @@ func (p *Persister) GetIdentityConfidential(ctx context.Context, id uuid.UUID) ( } func (p *Persister) FindVerifiableAddressByValue(ctx context.Context, via identity.VerifiableAddressType, value string) (*identity.VerifiableAddress, error) { + ctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, "persistence.sql.FindVerifiableAddressByValue") + defer span.End() + var address identity.VerifiableAddress if err := p.GetConnection(ctx).Where("nid = ? AND via = ? AND value = ?", corp.ContextualizeNID(ctx, p.nid), via, stringToLowerTrim(value)).First(&address); err != nil { return nil, sqlcon.HandleError(err) @@ -432,6 +483,9 @@ func (p *Persister) FindVerifiableAddressByValue(ctx context.Context, via identi } func (p *Persister) FindRecoveryAddressByValue(ctx context.Context, via identity.RecoveryAddressType, value string) (*identity.RecoveryAddress, error) { + ctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, "persistence.sql.FindRecoveryAddressByValue") + defer span.End() + var address identity.RecoveryAddress if err := p.GetConnection(ctx).Where("nid = ? AND via = ? AND value = ?", corp.ContextualizeNID(ctx, p.nid), via, stringToLowerTrim(value)).First(&address); err != nil { return nil, sqlcon.HandleError(err) @@ -441,6 +495,8 @@ func (p *Persister) FindRecoveryAddressByValue(ctx context.Context, via identity } func (p *Persister) VerifyAddress(ctx context.Context, code string) error { + ctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, "persistence.sql.VerifyAddress") + defer span.End() newCode, err := otp.New() if err != nil { return err @@ -471,12 +527,18 @@ func (p *Persister) VerifyAddress(ctx context.Context, code string) error { } func (p *Persister) UpdateVerifiableAddress(ctx context.Context, address *identity.VerifiableAddress) error { + ctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, "persistence.sql.UpdateVerifiableAddress") + defer span.End() + address.NID = corp.ContextualizeNID(ctx, p.nid) address.Value = stringToLowerTrim(address.Value) return p.update(ctx, address) } func (p *Persister) validateIdentity(ctx context.Context, i *identity.Identity) error { + ctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, "persistence.sql.validateIdentity") + defer span.End() + if err := p.r.IdentityValidator().ValidateWithRunner(ctx, i); err != nil { if _, ok := errorsx.Cause(err).(*jsonschema.ValidationError); ok { return errors.WithStack(herodot.ErrBadRequest.WithReasonf("%s", err)) @@ -488,6 +550,9 @@ func (p *Persister) validateIdentity(ctx context.Context, i *identity.Identity) } func (p *Persister) injectTraitsSchemaURL(ctx context.Context, i *identity.Identity) error { + ctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, "persistence.sql.injectTraitsSchemaURL") + defer span.End() + ss, err := p.r.IdentityTraitsSchemas(ctx) if err != nil { return err diff --git a/persistence/sql/persister_login.go b/persistence/sql/persister_login.go index 96016d99ec50..2d2ce9bc74d5 100644 --- a/persistence/sql/persister_login.go +++ b/persistence/sql/persister_login.go @@ -17,12 +17,18 @@ import ( var _ login.FlowPersister = new(Persister) func (p *Persister) CreateLoginFlow(ctx context.Context, r *login.Flow) error { + ctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, "persistence.sql.CreateLoginFlow") + defer span.End() + r.NID = corp.ContextualizeNID(ctx, p.nid) r.EnsureInternalContext() return p.GetConnection(ctx).Create(r) } func (p *Persister) UpdateLoginFlow(ctx context.Context, r *login.Flow) error { + ctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, "persistence.sql.UpdateLoginFlow") + defer span.End() + r.EnsureInternalContext() cp := *r cp.NID = corp.ContextualizeNID(ctx, p.nid) @@ -30,6 +36,9 @@ func (p *Persister) UpdateLoginFlow(ctx context.Context, r *login.Flow) error { } func (p *Persister) GetLoginFlow(ctx context.Context, id uuid.UUID) (*login.Flow, error) { + ctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, "persistence.sql.GetLoginFlow") + defer span.End() + conn := p.GetConnection(ctx) var r login.Flow @@ -41,6 +50,9 @@ func (p *Persister) GetLoginFlow(ctx context.Context, id uuid.UUID) (*login.Flow } func (p *Persister) ForceLoginFlow(ctx context.Context, id uuid.UUID) error { + ctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, "persistence.sql.ForceLoginFlow") + defer span.End() + return p.Transaction(ctx, func(ctx context.Context, tx *pop.Connection) error { lr, err := p.GetLoginFlow(ctx, id) if err != nil { diff --git a/persistence/sql/persister_recovery.go b/persistence/sql/persister_recovery.go index 9ff3a2b4fae6..b378743dd559 100644 --- a/persistence/sql/persister_recovery.go +++ b/persistence/sql/persister_recovery.go @@ -19,12 +19,18 @@ import ( var _ recovery.FlowPersister = new(Persister) var _ link.RecoveryTokenPersister = new(Persister) -func (p Persister) CreateRecoveryFlow(ctx context.Context, r *recovery.Flow) error { +func (p *Persister) CreateRecoveryFlow(ctx context.Context, r *recovery.Flow) error { + ctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, "persistence.sql.CreateRecoveryFlow") + defer span.End() + r.NID = corp.ContextualizeNID(ctx, p.nid) return p.GetConnection(ctx).Create(r) } -func (p Persister) GetRecoveryFlow(ctx context.Context, id uuid.UUID) (*recovery.Flow, error) { +func (p *Persister) GetRecoveryFlow(ctx context.Context, id uuid.UUID) (*recovery.Flow, error) { + ctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, "persistence.sql.GetRecoveryFlow") + defer span.End() + var r recovery.Flow if err := p.GetConnection(ctx).Where("id = ? AND nid = ?", id, corp.ContextualizeNID(ctx, p.nid)).First(&r); err != nil { return nil, sqlcon.HandleError(err) @@ -33,13 +39,19 @@ func (p Persister) GetRecoveryFlow(ctx context.Context, id uuid.UUID) (*recovery return &r, nil } -func (p Persister) UpdateRecoveryFlow(ctx context.Context, r *recovery.Flow) error { +func (p *Persister) UpdateRecoveryFlow(ctx context.Context, r *recovery.Flow) error { + ctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, "persistence.sql.UpdateRecoveryFlow") + defer span.End() + cp := *r cp.NID = corp.ContextualizeNID(ctx, p.nid) return p.update(ctx, cp) } func (p *Persister) CreateRecoveryToken(ctx context.Context, token *link.RecoveryToken) error { + ctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, "persistence.sql.CreateRecoveryToken") + defer span.End() + t := token.Token token.Token = p.hmacValue(ctx, t) token.NID = corp.ContextualizeNID(ctx, p.nid) @@ -55,12 +67,15 @@ func (p *Persister) CreateRecoveryToken(ctx context.Context, token *link.Recover } func (p *Persister) UseRecoveryToken(ctx context.Context, token string) (*link.RecoveryToken, error) { + ctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, "persistence.sql.UseRecoveryToken") + defer span.End() + var rt link.RecoveryToken nid := corp.ContextualizeNID(ctx, p.nid) if err := sqlcon.HandleError(p.Transaction(ctx, func(ctx context.Context, tx *pop.Connection) (err error) { for _, secret := range p.r.Config(ctx).SecretsSession() { - if err = tx.Where("token = ? AND nid = ? AND NOT used", p.hmacValueWithSecret(token, secret), nid).First(&rt); err != nil { + if err = tx.Where("token = ? AND nid = ? AND NOT used", p.hmacValueWithSecret(ctx, token, secret), nid).First(&rt); err != nil { if !errors.Is(sqlcon.HandleError(err), sqlcon.ErrNoRows) { return err } @@ -90,6 +105,9 @@ func (p *Persister) UseRecoveryToken(ctx context.Context, token string) (*link.R } func (p *Persister) DeleteRecoveryToken(ctx context.Context, token string) error { + ctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, "persistence.sql.DeleteRecoveryToken") + defer span.End() + /* #nosec G201 TableName is static */ return p.GetConnection(ctx).RawQuery(fmt.Sprintf("DELETE FROM %s WHERE token=? AND nid = ?", new(link.RecoveryToken).TableName(ctx)), token, corp.ContextualizeNID(ctx, p.nid)).Exec() } diff --git a/persistence/sql/persister_registration.go b/persistence/sql/persister_registration.go index 0895f0791e9f..6cea6a11d737 100644 --- a/persistence/sql/persister_registration.go +++ b/persistence/sql/persister_registration.go @@ -13,12 +13,18 @@ import ( ) func (p *Persister) CreateRegistrationFlow(ctx context.Context, r *registration.Flow) error { + ctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, "persistence.sql.CreateRegistrationFlow") + defer span.End() + r.NID = corp.ContextualizeNID(ctx, p.nid) r.EnsureInternalContext() return p.GetConnection(ctx).Create(r) } func (p *Persister) UpdateRegistrationFlow(ctx context.Context, r *registration.Flow) error { + ctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, "persistence.sql.UpdateRegistrationFlow") + defer span.End() + r.EnsureInternalContext() cp := *r cp.NID = corp.ContextualizeNID(ctx, p.nid) @@ -26,6 +32,9 @@ func (p *Persister) UpdateRegistrationFlow(ctx context.Context, r *registration. } func (p *Persister) GetRegistrationFlow(ctx context.Context, id uuid.UUID) (*registration.Flow, error) { + ctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, "persistence.sql.GetRegistrationFlow") + defer span.End() + var r registration.Flow if err := p.GetConnection(ctx).Where("id = ? AND nid = ?", id, corp.ContextualizeNID(ctx, p.nid)).First(&r); err != nil { diff --git a/persistence/sql/persister_session.go b/persistence/sql/persister_session.go index 27243c19acfb..321ea9280e82 100644 --- a/persistence/sql/persister_session.go +++ b/persistence/sql/persister_session.go @@ -21,6 +21,9 @@ import ( var _ session.Persister = new(Persister) func (p *Persister) GetSession(ctx context.Context, sid uuid.UUID) (*session.Session, error) { + ctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, "persistence.sql.GetSession") + defer span.End() + var s session.Session nid := corp.ContextualizeNID(ctx, p.nid) if err := p.GetConnection(ctx).Where("id = ? AND nid = ?", sid, nid).First(&s); err != nil { @@ -40,6 +43,9 @@ func (p *Persister) GetSession(ctx context.Context, sid uuid.UUID) (*session.Ses // ListSessionsByIdentity retrieves sessions for an identity from the store. func (p *Persister) ListSessionsByIdentity(ctx context.Context, iID uuid.UUID, active *bool, page, perPage int, except uuid.UUID) ([]*session.Session, error) { + ctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, "persistence.sql.ListSessionsByIdentity") + defer span.End() + var s []*session.Session nid := corp.ContextualizeNID(ctx, p.nid) @@ -72,6 +78,9 @@ func (p *Persister) ListSessionsByIdentity(ctx context.Context, iID uuid.UUID, a } func (p *Persister) UpsertSession(ctx context.Context, s *session.Session) error { + ctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, "persistence.sql.UpsertSession") + defer span.End() + s.NID = corp.ContextualizeNID(ctx, p.nid) if err := p.Connection(ctx).Find(new(session.Session), s.ID); errors.Is(err, sql.ErrNoRows) { @@ -86,10 +95,16 @@ func (p *Persister) UpsertSession(ctx context.Context, s *session.Session) error } func (p *Persister) DeleteSession(ctx context.Context, sid uuid.UUID) error { + ctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, "persistence.sql.DeleteSession") + defer span.End() + return p.delete(ctx, new(session.Session), sid) } func (p *Persister) DeleteSessionsByIdentity(ctx context.Context, identityID uuid.UUID) error { + ctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, "persistence.sql.DeleteSessionsByIdentity") + defer span.End() + // #nosec G201 count, err := p.GetConnection(ctx).RawQuery(fmt.Sprintf( "DELETE FROM %s WHERE identity_id = ? AND nid = ?", @@ -108,6 +123,9 @@ func (p *Persister) DeleteSessionsByIdentity(ctx context.Context, identityID uui } func (p *Persister) GetSessionByToken(ctx context.Context, token string) (*session.Session, error) { + ctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, "persistence.sql.GetSessionByToken") + defer span.End() + var s session.Session if err := p.GetConnection(ctx).Where("token = ? AND nid = ?", token, @@ -127,6 +145,9 @@ func (p *Persister) GetSessionByToken(ctx context.Context, token string) (*sessi } func (p *Persister) DeleteSessionByToken(ctx context.Context, token string) error { + ctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, "persistence.sql.DeleteSessionByToken") + defer span.End() + // #nosec G201 count, err := p.GetConnection(ctx).RawQuery(fmt.Sprintf( "DELETE FROM %s WHERE token = ? AND nid = ?", @@ -145,6 +166,9 @@ func (p *Persister) DeleteSessionByToken(ctx context.Context, token string) erro } func (p *Persister) RevokeSessionByToken(ctx context.Context, token string) error { + ctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, "persistence.sql.RevokeSessionByToken") + defer span.End() + // #nosec G201 count, err := p.GetConnection(ctx).RawQuery(fmt.Sprintf( "UPDATE %s SET active = false WHERE token = ? AND nid = ?", @@ -165,6 +189,9 @@ func (p *Persister) RevokeSessionByToken(ctx context.Context, token string) erro // RevokeSession revokes a given session. If the session does not exist or was not modified, // it effectively has been revoked already, and therefore that case does not return an error. func (p *Persister) RevokeSession(ctx context.Context, iID, sID uuid.UUID) error { + ctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, "persistence.sql.RevokeSession") + defer span.End() + // #nosec G201 err := p.GetConnection(ctx).RawQuery(fmt.Sprintf( "UPDATE %s SET active = false WHERE id = ? AND identity_id = ? AND nid = ?", @@ -182,6 +209,9 @@ func (p *Persister) RevokeSession(ctx context.Context, iID, sID uuid.UUID) error // RevokeSessionsIdentityExcept marks all except the given session of an identity inactive. func (p *Persister) RevokeSessionsIdentityExcept(ctx context.Context, iID, sID uuid.UUID) (int, error) { + ctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, "persistence.sql.RevokeSessionsIdentityExcept") + defer span.End() + // #nosec G201 count, err := p.GetConnection(ctx).RawQuery(fmt.Sprintf( "UPDATE %s SET active = false WHERE identity_id = ? AND id != ? AND nid = ?", diff --git a/persistence/sql/persister_settings.go b/persistence/sql/persister_settings.go index 5bb3c2593a9e..97893d54c2c4 100644 --- a/persistence/sql/persister_settings.go +++ b/persistence/sql/persister_settings.go @@ -15,12 +15,18 @@ import ( var _ settings.FlowPersister = new(Persister) func (p *Persister) CreateSettingsFlow(ctx context.Context, r *settings.Flow) error { + ctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, "persistence.sql.CreateSettingsFlow") + defer span.End() + r.NID = corp.ContextualizeNID(ctx, p.nid) r.EnsureInternalContext() return sqlcon.HandleError(p.GetConnection(ctx).Create(r)) } func (p *Persister) GetSettingsFlow(ctx context.Context, id uuid.UUID) (*settings.Flow, error) { + ctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, "persistence.sql.GetSettingsFlow") + defer span.End() + var r settings.Flow err := p.GetConnection(ctx).Where("id = ? AND nid = ?", id, corp.ContextualizeNID(ctx, p.nid)).First(&r) @@ -37,6 +43,9 @@ func (p *Persister) GetSettingsFlow(ctx context.Context, id uuid.UUID) (*setting } func (p *Persister) UpdateSettingsFlow(ctx context.Context, r *settings.Flow) error { + ctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, "persistence.sql.UpdateSettingsFlow") + defer span.End() + r.EnsureInternalContext() cp := *r cp.NID = corp.ContextualizeNID(ctx, p.nid) diff --git a/persistence/sql/persister_verification.go b/persistence/sql/persister_verification.go index 06a6e3030854..f6b7c393a350 100644 --- a/persistence/sql/persister_verification.go +++ b/persistence/sql/persister_verification.go @@ -20,14 +20,20 @@ import ( var _ verification.FlowPersister = new(Persister) -func (p Persister) CreateVerificationFlow(ctx context.Context, r *verification.Flow) error { +func (p *Persister) CreateVerificationFlow(ctx context.Context, r *verification.Flow) error { + ctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, "persistence.sql.CreateVerificationFlow") + defer span.End() + r.NID = corp.ContextualizeNID(ctx, p.nid) // This should not create the request eagerly because otherwise we might accidentally create an address // that isn't supposed to be in the database. return p.GetConnection(ctx).Create(r) } -func (p Persister) GetVerificationFlow(ctx context.Context, id uuid.UUID) (*verification.Flow, error) { +func (p *Persister) GetVerificationFlow(ctx context.Context, id uuid.UUID) (*verification.Flow, error) { + ctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, "persistence.sql.GetVerificationFlow") + defer span.End() + var r verification.Flow if err := p.GetConnection(ctx).Where("id = ? AND nid = ?", id, corp.ContextualizeNID(ctx, p.nid)).First(&r); err != nil { return nil, sqlcon.HandleError(err) @@ -36,13 +42,19 @@ func (p Persister) GetVerificationFlow(ctx context.Context, id uuid.UUID) (*veri return &r, nil } -func (p Persister) UpdateVerificationFlow(ctx context.Context, r *verification.Flow) error { +func (p *Persister) UpdateVerificationFlow(ctx context.Context, r *verification.Flow) error { + ctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, "persistence.sql.UpdateVerificationFlow") + defer span.End() + cp := *r cp.NID = corp.ContextualizeNID(ctx, p.nid) return p.update(ctx, cp) } func (p *Persister) CreateVerificationToken(ctx context.Context, token *link.VerificationToken) error { + ctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, "persistence.sql.CreateVerificationToken") + defer span.End() + t := token.Token token.Token = p.hmacValue(ctx, t) token.NID = corp.ContextualizeNID(ctx, p.nid) @@ -57,12 +69,15 @@ func (p *Persister) CreateVerificationToken(ctx context.Context, token *link.Ver } func (p *Persister) UseVerificationToken(ctx context.Context, token string) (*link.VerificationToken, error) { + ctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, "persistence.sql.UseVerificationToken") + defer span.End() + var rt link.VerificationToken nid := corp.ContextualizeNID(ctx, p.nid) if err := sqlcon.HandleError(p.Transaction(ctx, func(ctx context.Context, tx *pop.Connection) (err error) { for _, secret := range p.r.Config(ctx).SecretsSession() { - if err = tx.Where("token = ? AND nid = ? AND NOT used", p.hmacValueWithSecret(token, secret), nid).First(&rt); err != nil { + if err = tx.Where("token = ? AND nid = ? AND NOT used", p.hmacValueWithSecret(ctx, token, secret), nid).First(&rt); err != nil { if !errors.Is(sqlcon.HandleError(err), sqlcon.ErrNoRows) { return err } @@ -91,6 +106,9 @@ func (p *Persister) UseVerificationToken(ctx context.Context, token string) (*li } func (p *Persister) DeleteVerificationToken(ctx context.Context, token string) error { + ctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, "persistence.sql.DeleteVerificationToken") + defer span.End() + nid := corp.ContextualizeNID(ctx, p.nid) /* #nosec G201 TableName is static */ return p.GetConnection(ctx).RawQuery(fmt.Sprintf("DELETE FROM %s WHERE token=? AND nid = ?", new(link.VerificationToken).TableName(ctx)), token, nid).Exec() From 6613a02b8fd5f6f06e9b6301bdc39037771b3d9b Mon Sep 17 00:00:00 2001 From: aeneasr <3372410+aeneasr@users.noreply.github.com> Date: Thu, 12 May 2022 19:53:19 +0200 Subject: [PATCH 037/411] fix: resolve otelx panics --- driver/registry_default.go | 1 + go.mod | 19 +-- go.sum | 167 ++++++++++++++++++++++++- persistence/sql/persister_hmac_test.go | 2 +- 4 files changed, 176 insertions(+), 13 deletions(-) diff --git a/driver/registry_default.go b/driver/registry_default.go index acf0580d5a28..f7c192ec90bf 100644 --- a/driver/registry_default.go +++ b/driver/registry_default.go @@ -474,6 +474,7 @@ func (m *RegistryDefault) Tracer(ctx context.Context) *otelx.Tracer { t, err := otelx.New("Ory Kratos", m.l, m.Config(ctx).Tracing()) if err != nil { m.Logger().WithError(err).Fatalf("Unable to initialize Tracer.") + t = otelx.NewNoop(m.l, m.Config(ctx).Tracing()) } m.trc = t } diff --git a/go.mod b/go.mod index aaee750ce886..f8158cc3595d 100644 --- a/go.mod +++ b/go.mod @@ -1,6 +1,6 @@ module github.com/ory/kratos -go 1.18 +go 1.17 replace ( github.com/bradleyjkemp/cupaloy/v2 => github.com/aeneasr/cupaloy/v2 v2.6.1-0.20210924214125-3dfdd01210a3 @@ -76,7 +76,7 @@ require ( github.com/ory/kratos-client-go v0.6.3-alpha.1 github.com/ory/mail/v3 v3.0.0 github.com/ory/nosurf v1.2.7 - github.com/ory/x v0.0.380 + github.com/ory/x v0.0.384 github.com/phayes/freeport v0.0.0-20180830031419-95f893ade6f2 github.com/pkg/errors v0.9.1 github.com/pquerna/otp v1.3.0 @@ -186,17 +186,16 @@ require ( github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect github.com/gorilla/css v1.0.0 // indirect github.com/gorilla/handlers v1.5.1 // indirect - github.com/gorilla/mux v1.8.0 // indirect github.com/gorilla/securecookie v1.1.1 // indirect github.com/gorilla/websocket v1.4.2 // indirect github.com/grpc-ecosystem/go-grpc-middleware v1.3.0 // indirect github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0 // indirect github.com/grpc-ecosystem/grpc-gateway v1.16.0 // indirect + github.com/grpc-ecosystem/grpc-gateway/v2 v2.7.0 // indirect github.com/hashicorp/go-cleanhttp v0.5.2 // indirect github.com/hashicorp/go-hclog v1.0.0 // indirect github.com/hashicorp/go-immutable-radix v1.3.1 // indirect github.com/hashicorp/go-rootcerts v1.0.2 // indirect - github.com/hashicorp/go-uuid v1.0.2 // indirect github.com/hashicorp/hcl v1.0.0 // indirect github.com/hashicorp/serf v0.9.6 // indirect github.com/huandu/xstrings v1.2.0 // indirect @@ -245,6 +244,7 @@ require ( github.com/opencontainers/go-digest v1.0.0 // indirect github.com/opencontainers/image-spec v1.0.2 // indirect github.com/opencontainers/runc v1.0.2 // indirect + github.com/openzipkin/zipkin-go v0.4.0 // indirect github.com/ory/client-go v0.0.1-alpha.138 // indirect github.com/ory/viper v1.7.5 // indirect github.com/pborman/uuid v1.2.1 // indirect @@ -302,12 +302,17 @@ require ( go.opentelemetry.io/contrib/propagators/b3 v1.4.0 // indirect go.opentelemetry.io/contrib/propagators/jaeger v1.4.0 // indirect go.opentelemetry.io/contrib/samplers/jaegerremote v0.0.0-20220314184135-32895002a444 // indirect - go.opentelemetry.io/otel v1.6.3 // indirect + go.opentelemetry.io/otel v1.7.0 // indirect go.opentelemetry.io/otel/exporters/jaeger v1.5.0 // indirect + go.opentelemetry.io/otel/exporters/otlp/internal/retry v1.6.3 // indirect + go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.6.3 // indirect + go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.6.3 // indirect + go.opentelemetry.io/otel/exporters/zipkin v1.7.0 // indirect go.opentelemetry.io/otel/internal/metric v0.27.0 // indirect go.opentelemetry.io/otel/metric v0.27.0 // indirect - go.opentelemetry.io/otel/sdk v1.6.3 // indirect - go.opentelemetry.io/otel/trace v1.6.3 // indirect + go.opentelemetry.io/otel/sdk v1.7.0 // indirect + go.opentelemetry.io/otel/trace v1.7.0 // indirect + go.opentelemetry.io/proto/otlp v0.15.0 // indirect go.uber.org/atomic v1.7.0 // indirect go.uber.org/multierr v1.7.0 // indirect go.uber.org/zap v1.17.0 // indirect diff --git a/go.sum b/go.sum index 3d04d7cd7776..d2f30a2ac2e8 100644 --- a/go.sum +++ b/go.sum @@ -32,6 +32,7 @@ cloud.google.com/go v0.90.0/go.mod h1:kRX0mNRHe0e2rC6oNakvwQqzyDmg57xJ+SZU1eT2aD cloud.google.com/go v0.93.3/go.mod h1:8utlLll2EF5XMAV15woO4lSbWQlk8rer9aLOfLh7+YI= cloud.google.com/go v0.94.1/go.mod h1:qAlAugsXlC+JWO+Bke5vCtc9ONxjQT3drlTTnAplMW4= cloud.google.com/go v0.97.0/go.mod h1:GF7l59pYBVlXQIBLx3a761cZ41F9bBH3JUlihCt2Udc= +cloud.google.com/go v0.98.0/go.mod h1:ua6Ush4NALrHk5QXDWnjvZHN93OuF0HfuEPq9I1X0cM= cloud.google.com/go v0.99.0 h1:y/cM2iqGgGi5D5DQZl6D9STN/3dR/Vx5Mp8s752oJTY= cloud.google.com/go v0.99.0/go.mod h1:w0Xx2nLzqWJPuozYQX+hFfCSI8WioryfRDzkoI/Y2ZA= cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o= @@ -43,6 +44,7 @@ cloud.google.com/go/bigquery v1.8.0/go.mod h1:J5hqkt3O0uAFnINi6JXValWIb1v0goeZM7 cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE= cloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1b3c64qFpCk= cloud.google.com/go/firestore v1.1.0/go.mod h1:ulACoGHTpvq5r8rxGJ4ddJZBZqakUQqClKRT5SZwBmk= +cloud.google.com/go/firestore v1.6.1/go.mod h1:asNXNOzBdyVQmEU+ggO8UPodTkEVFW5Qx+rwHnAz+EY= cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I= cloud.google.com/go/pubsub v1.1.0/go.mod h1:EwwdRX2sKPjnvnqCa270oGRyludottCI76h+R3AArQw= cloud.google.com/go/pubsub v1.2.0/go.mod h1:jhfEVHT8odbXTkndysNHCcx0awwzvfOlguIAii9o8iA= @@ -61,6 +63,7 @@ contrib.go.opencensus.io/exporter/stackdriver v0.13.5/go.mod h1:aXENhDJ1Y4lIg4EU contrib.go.opencensus.io/integrations/ocsql v0.1.4/go.mod h1:8DsSdjz3F+APR+0z0WkU1aRorQCFfRxvqjUUPMbF3fE= contrib.go.opencensus.io/resource v0.1.1/go.mod h1:F361eGI91LCmW1I/Saf+rX0+OFcigGlFvXwEGEnkRLA= dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU= +gioui.org v0.0.0-20210308172011-57750fc8a0a6/go.mod h1:RSH6KIUZ0p2xy5zHDxgAM4zumjgTw83q2ge/PI+yyw8= github.com/Azure/azure-amqp-common-go/v2 v2.1.0/go.mod h1:R8rea+gJRuJR6QxTir/XuEd+YuKoUiazDC/N96FiDEU= github.com/Azure/azure-pipeline-go v0.2.1/go.mod h1:UGSo8XybXnIGZ3epmeBw7Jdz+HiUVpqIlpz/HKHylF4= github.com/Azure/azure-sdk-for-go v16.2.1+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= @@ -84,10 +87,15 @@ github.com/Azure/go-autorest/logger v0.2.0/go.mod h1:T9E3cAhj2VqvPOtCYAvby9aBXkZ github.com/Azure/go-autorest/tracing v0.6.0/go.mod h1:+vhtPC754Xsa23ID7GlGsrdKBpUA79WCAKPPZVC2DeU= github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo= +github.com/DataDog/datadog-agent/pkg/obfuscate v0.0.0-20211129110424-6491aa3bf583/go.mod h1:EP9f4GqaDJyP1F5jTNMtzdIpw3JpNs3rMSJOnYywCiw= github.com/DataDog/datadog-go v3.2.0+incompatible/go.mod h1:LButxg5PwREeZtORoXG3tL4fMGNddJ+vMq1mwgfaqoQ= +github.com/DataDog/datadog-go v4.8.2+incompatible/go.mod h1:LButxg5PwREeZtORoXG3tL4fMGNddJ+vMq1mwgfaqoQ= +github.com/DataDog/datadog-go/v5 v5.0.2/go.mod h1:ZI9JFB4ewXbw1sBnF4sxsR2k1H3xjV+PUAOUsHvKpcU= +github.com/DataDog/sketches-go v1.0.0/go.mod h1:O+XkJHWk9w4hDwY2ZUDU31ZC9sNYlYo8DiFsxjYeo1k= github.com/GeertJohan/go.incremental v1.0.0/go.mod h1:6fAjUhbVuX1KcMD3c8TEgVUqmo4seqhv0i0kdATSkM0= github.com/GeertJohan/go.rice v1.0.2/go.mod h1:af5vUNlDNkCjOZeSGFgIJxDje9qdjsO6hshx0gTmZt4= github.com/GoogleCloudPlatform/cloudsql-proxy v0.0.0-20191009163259-e802c2cb94ae/go.mod h1:mjwGPas4yKduTyubHvD1Atl9r1rUq8DfVy+gkVvZ+oo= +github.com/HdrHistogram/hdrhistogram-go v1.1.2/go.mod h1:yDgFjdqOqDEKOvasDdhWNXYg9BVp4O+o5f6V/ehm6Oo= github.com/Knetic/govaluate v3.0.1-0.20171022003610-9aa49832a739+incompatible/go.mod h1:r7JcOSlj0wfOMncg0iLm8Leh48TZaKVeNIfJntJ2wa0= github.com/Masterminds/goutils v1.1.0 h1:zukEsf/1JZwCMgHiK3GZftabmxiCw4apj3a28RPBiVg= github.com/Masterminds/goutils v1.1.0/go.mod h1:8cTjp+g8YejhMuvIA5y2vz3BpJxksy863GQaJW2MFNU= @@ -100,6 +108,7 @@ github.com/Masterminds/semver/v3 v3.1.0/go.mod h1:VPu/7SZ7ePZ3QOrcuXROw5FAcLl4a0 github.com/Masterminds/semver/v3 v3.1.1 h1:hLg3sBzpNErnxhQtUy/mmLR2I9foDujNK030IGemrRc= github.com/Masterminds/semver/v3 v3.1.1/go.mod h1:VPu/7SZ7ePZ3QOrcuXROw5FAcLl4a0cBrbBpGY/8hQs= github.com/Masterminds/sprig v2.15.0+incompatible/go.mod h1:y6hNFY5UBTIWBxnzTeuNhlNS5hqE0NB0E6fgfo2Br3o= +github.com/Masterminds/sprig v2.22.0+incompatible h1:z4yfnGrZ7netVz+0EDJ0Wi+5VZCSYp4Z0m2dk6cEM60= github.com/Masterminds/sprig v2.22.0+incompatible/go.mod h1:y6hNFY5UBTIWBxnzTeuNhlNS5hqE0NB0E6fgfo2Br3o= github.com/Masterminds/sprig/v3 v3.0.0 h1:KSQz7Nb08/3VU9E4ns29dDxcczhOD1q7O1UfM4G3t3g= github.com/Masterminds/sprig/v3 v3.0.0/go.mod h1:NEUY/Qq8Gdm2xgYA+NwJM6wmfdRV9xkh8h/Rld20R0U= @@ -111,6 +120,7 @@ github.com/Microsoft/go-winio v0.4.16/go.mod h1:XB6nPKklQyQ7GC9LdcBEcBl8PF76WugX github.com/Microsoft/go-winio v0.4.17-0.20210211115548-6eac466e5fa3/go.mod h1:JPGBdM1cNvN/6ISo+n8V5iA4v8pBzdOpzfwIujj1a84= github.com/Microsoft/go-winio v0.4.17-0.20210324224401-5516f17a5958/go.mod h1:JPGBdM1cNvN/6ISo+n8V5iA4v8pBzdOpzfwIujj1a84= github.com/Microsoft/go-winio v0.4.17/go.mod h1:JPGBdM1cNvN/6ISo+n8V5iA4v8pBzdOpzfwIujj1a84= +github.com/Microsoft/go-winio v0.5.0/go.mod h1:JPGBdM1cNvN/6ISo+n8V5iA4v8pBzdOpzfwIujj1a84= github.com/Microsoft/go-winio v0.5.1 h1:aPJp2QD7OOrhO5tQXqQoGSJc+DjDtWTGLOmNyAm6FgY= github.com/Microsoft/go-winio v0.5.1/go.mod h1:JPGBdM1cNvN/6ISo+n8V5iA4v8pBzdOpzfwIujj1a84= github.com/Microsoft/hcsshim v0.8.6/go.mod h1:Op3hHsoHPAvb6lceZHDtd9OkTew38wNoXnJs8iY7rUg= @@ -134,7 +144,9 @@ github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578 h1:d+Bc7a5rLufV github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE= github.com/Shopify/logrus-bugsnag v0.0.0-20171204204709-577dee27f20d/go.mod h1:HI8ITrYtUY+O+ZhtlqUnD8+KwNPOyugEhfP9fdUIaEQ= github.com/Shopify/sarama v1.19.0/go.mod h1:FVkBWblsNy7DGZRfXLU0O9RCGt5g3g3yEuWXgklEdEo= +github.com/Shopify/sarama v1.30.0/go.mod h1:zujlQQx1kzHsh4jfV1USnptCQrHAEZ2Hk8fTKCulPVs= github.com/Shopify/toxiproxy v2.1.4+incompatible/go.mod h1:OXgGpZ6Cli1/URJOF1DMxUHB2q5Ap20/P/eIdh4G0pI= +github.com/Shopify/toxiproxy/v2 v2.1.6-0.20210914104332-15ea381dcdae/go.mod h1:/cvHQkZ1fst0EmZnA5dFtiQdWCNCFYzb+uE2vqVgvx0= github.com/VividCortex/gohistogram v1.0.0/go.mod h1:Pf5mBqqDxYaXu3hDrrU+w6nw50o/4+TcAqDqk/vUH7g= github.com/a8m/envsubst v1.3.0 h1:GmXKmVssap0YtlU3E230W98RWtWCyIZzjtf1apWWyAg= github.com/a8m/envsubst v1.3.0/go.mod h1:MVUTQNGQ3tsjOOtKCNd+fl8RzhsXcDvvAEzkhGtlsbY= @@ -146,6 +158,8 @@ github.com/afex/hystrix-go v0.0.0-20180502004556-fa1af6a1f4f5/go.mod h1:SkGFH1ia github.com/agnivade/levenshtein v1.0.1/go.mod h1:CURSv5d9Uaml+FovSIICkLbAUZ9S4RqaHDIsdSBg7lM= github.com/ajg/form v0.0.0-20160822230020-523a5da1a92f h1:zvClvFQwU++UpIUBGC8YmDlfhUrweEy1R1Fj1gu5iIM= github.com/ajg/form v0.0.0-20160822230020-523a5da1a92f/go.mod h1:uL1WgH+h2mgNtvBq0339dVnzXdBETtL2LeUXaIv25UY= +github.com/ajstarks/svgo v0.0.0-20180226025133-644b8db467af/go.mod h1:K08gAheRH3/J6wwsYMMT4xOr94bZjxIelGM0+d/wbFw= +github.com/ajstarks/svgo v0.0.0-20210923152817-c3b6e2f0c527/go.mod h1:K08gAheRH3/J6wwsYMMT4xOr94bZjxIelGM0+d/wbFw= github.com/akavel/rsrc v0.8.0/go.mod h1:uLoCtb9J+EyAqh+26kdrTgmzRBFPGOolLWKpdxkKq+c= github.com/alcortesm/tgz v0.0.0-20161220082320-9c5fe88206d7/go.mod h1:6zEj6s6u/ghQa61ZWa/C2Aw3RkjiTBOix7dkqa1VLIs= github.com/alecthomas/kingpin v2.2.6+incompatible/go.mod h1:59OFYbFVLKQKq+mqrL6Rw5bR0c3ACQaawgXx0QYndlE= @@ -229,8 +243,10 @@ github.com/blang/semver v3.1.0+incompatible/go.mod h1:kRBLl5iJ+tD4TcOOxsy/0fnweb github.com/blang/semver v3.5.1+incompatible/go.mod h1:kRBLl5iJ+tD4TcOOxsy/0fnwebNt5EWlYSAyrTnjyyk= github.com/bmatcuk/doublestar v1.3.4 h1:gPypJ5xD31uhX6Tf54sDPUOBXTqKH4c9aPY66CyQrS0= github.com/bmatcuk/doublestar v1.3.4/go.mod h1:wiQtGV+rzVYxB7WIlirSN++5HPtPlXEo9MEoZQC/PmE= +github.com/bmatcuk/doublestar/v2 v2.0.4/go.mod h1:QMmcs3H2AUQICWhfzLXz+IYln8lRQmTZRptLie8RgRw= github.com/bmizerany/assert v0.0.0-20160611221934-b7ed37b82869 h1:DDGfHa7BWjL4YnC6+E63dPcxHo2sUxDIu8g3QgEJdRY= github.com/bmizerany/assert v0.0.0-20160611221934-b7ed37b82869/go.mod h1:Ekp36dRnpXw/yCqJaO+ZrUyxD+3VXMFFr56k5XYrpB4= +github.com/boombuler/barcode v1.0.0/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl3JlRe0mD8= github.com/boombuler/barcode v1.0.1-0.20190219062509-6c824513bacc/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl3JlRe0mD8= github.com/boombuler/barcode v1.0.1 h1:NDBbPmhS+EqABEs5Kg3n/5ZNjy73Pz7SIV+KCeqyXcs= github.com/boombuler/barcode v1.0.1/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl3JlRe0mD8= @@ -258,6 +274,7 @@ github.com/census-instrumentation/opencensus-proto v0.3.0/go.mod h1:f6KPmirojxKA github.com/certifi/gocertifi v0.0.0-20191021191039-0944d244cd40/go.mod h1:sGbDF6GwGcLpkNXPUTkMRoywsNa/ol15pxFe6ERfguA= github.com/certifi/gocertifi v0.0.0-20210507211836-431795d63e8d h1:S2NE3iHSwP0XV47EEXL8mWmRdEfGscSJ+7EgePNgt0s= github.com/certifi/gocertifi v0.0.0-20210507211836-431795d63e8d/go.mod h1:sGbDF6GwGcLpkNXPUTkMRoywsNa/ol15pxFe6ERfguA= +github.com/cespare/xxhash v1.1.0 h1:a6HrQnmkObjyL+Gs60czilIUGqrzKutQD6XZog3p+ko= github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc= github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= github.com/cespare/xxhash/v2 v2.1.2 h1:YRXhKfTDauu4ajMg1TPgFO5jnlC2HCbmLXMcTG5cbYE= @@ -406,6 +423,7 @@ github.com/coreos/go-semver v0.3.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3Ee github.com/coreos/go-systemd v0.0.0-20161114122254-48702e0da86b/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4= github.com/coreos/go-systemd v0.0.0-20180511133405-39ca1b05acc7/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4= github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4= +github.com/coreos/go-systemd v0.0.0-20190719114852-fd7a80b32e1f h1:JOrtw2xFKzlg+cbHpyrpLDmnN1HqhBfnX7WDiW7eG2c= github.com/coreos/go-systemd v0.0.0-20190719114852-fd7a80b32e1f/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4= github.com/coreos/go-systemd/v22 v22.0.0/go.mod h1:xO0FLkIi5MaZafQlIrOotqXZ90ih+1atmu1JpKERPPk= github.com/coreos/go-systemd/v22 v22.1.0/go.mod h1:xO0FLkIi5MaZafQlIrOotqXZ90ih+1atmu1JpKERPPk= @@ -419,6 +437,7 @@ github.com/cortesi/moddwatch v0.0.0-20210222043437-a6aaad86a36e h1:vNbhR09qtq9EL github.com/cortesi/moddwatch v0.0.0-20210222043437-a6aaad86a36e/go.mod h1:MUkYRZrwFTHATqCI5tDJRPqmBt9xf3q4+Avfut7kCCE= github.com/cortesi/termlog v0.0.0-20210222042314-a1eec763abec h1:v7D8uHsIKsyjfyhhNdY4qivqN558Ejiq+CDXiUljZ+4= github.com/cortesi/termlog v0.0.0-20210222042314-a1eec763abec/go.mod h1:10Fm2kasJmcKf1FSMQGSWb976sfR29hejNtfS9AydB4= +github.com/cpuguy83/go-md2man v1.0.10 h1:BSKMNlYxDvnunlTymqtgONjNnaRV1sTpcovwwjF22jk= github.com/cpuguy83/go-md2man v1.0.10/go.mod h1:SmD6nW6nTyfqj6ABTjUi3V3JVMnlJmwcJI5acqYI6dE= github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU= github.com/cpuguy83/go-md2man/v2 v2.0.0/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU= @@ -483,9 +502,13 @@ github.com/dustin/go-humanize v0.0.0-20171111073723-bb3d318650d4/go.mod h1:Htrtb github.com/dustin/go-humanize v1.0.0 h1:VSnTsYCnlFHaM2/igO1h6X3HA71jcobQuxemgkq4zYo= github.com/dustin/go-humanize v1.0.0/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk= github.com/eapache/go-resiliency v1.1.0/go.mod h1:kFI+JgMyC7bLPUVY133qvEBtVayf5mFgVsvEsIPBvNs= +github.com/eapache/go-resiliency v1.2.0/go.mod h1:kFI+JgMyC7bLPUVY133qvEBtVayf5mFgVsvEsIPBvNs= github.com/eapache/go-xerial-snappy v0.0.0-20180814174437-776d5712da21/go.mod h1:+020luEh2TKB4/GOp8oxxtq0Daoen/Cii55CzbTV6DU= github.com/eapache/queue v1.1.0/go.mod h1:6eCeP0CKFpHLu8blIFXhExK/dRa7WDZfr6jVFPTqq+I= github.com/edsrzf/mmap-go v1.0.0/go.mod h1:YO35OhQPt3KJa3ryjFM5Bs14WD66h8eGKpfaBNrHW5M= +github.com/elastic/go-licenser v0.3.1/go.mod h1:D8eNQk70FOCVBl3smCGQt/lv7meBeQno2eI1S5apiHQ= +github.com/elastic/go-sysinfo v1.1.1/go.mod h1:i1ZYdU10oLNfRzq4vq62BEwD2fH8KaWh6eh0ikPT9F0= +github.com/elastic/go-windows v1.0.0/go.mod h1:TsU0Nrp7/y3+VwE82FoZF8gC/XFg/Elz6CcloAxnPgU= github.com/elazarl/goproxy v0.0.0-20180725130230-947c36da3153/go.mod h1:/Zj4wYkgs4iZTTu3o/KG3Itv/qCCa8VVMlb3i9OVuzc= github.com/elliotchance/orderedmap v1.4.0 h1:wZtfeEONCbx6in1CZyE6bELEt/vFayMvsxqI5SgsR+A= github.com/elliotchance/orderedmap v1.4.0/go.mod h1:wsDwEaX5jEoyhbs7x93zk2H/qv0zwuhg4inXhDkYqys= @@ -523,6 +546,8 @@ github.com/felixge/httpsnoop v1.0.1/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSw github.com/felixge/httpsnoop v1.0.2 h1:+nS9g82KMXccJ/wp0zyRW9ZBHFETmMGtkk+2CTTrW4o= github.com/felixge/httpsnoop v1.0.2/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U= github.com/flynn/go-shlex v0.0.0-20150515145356-3f9db97f8568/go.mod h1:xEzjJPgXI435gkrCt3MPfRiAkVrwSbHsst4LCFVfpJc= +github.com/fogleman/gg v1.2.1-0.20190220221249-0403632d5b90/go.mod h1:R/bRT+9gY/C5z7JzPU0zXsXHKM4/ayA+zqcVNZzPa1k= +github.com/fogleman/gg v1.3.0/go.mod h1:R/bRT+9gY/C5z7JzPU0zXsXHKM4/ayA+zqcVNZzPa1k= github.com/form3tech-oss/jwt-go v3.2.2+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k= github.com/form3tech-oss/jwt-go v3.2.3+incompatible h1:7ZaBxOI7TMoYBfyA3cQHErNNyAWIKUMIwqxEtgHOs5c= github.com/form3tech-oss/jwt-go v3.2.3+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k= @@ -552,8 +577,14 @@ github.com/gin-gonic/gin v1.5.0/go.mod h1:Nd6IXA8m5kNZdNEHMBd93KT+mdY3+bewLgRvmC github.com/gliderlabs/ssh v0.2.2/go.mod h1:U7qILu1NlMHj9FlMhZLlkCdDnU1DBEAqr0aevW3Awn0= github.com/globalsign/mgo v0.0.0-20180905125535-1ca0a4f7cbcb/go.mod h1:xkRDCp4j0OGD1HRkm4kmhM+pmpv3AKq5SU7GMg4oO/Q= github.com/globalsign/mgo v0.0.0-20181015135952-eeefdecb41b8/go.mod h1:xkRDCp4j0OGD1HRkm4kmhM+pmpv3AKq5SU7GMg4oO/Q= +github.com/go-bindata/go-bindata v3.1.2+incompatible/go.mod h1:xK8Dsgwmeed+BBsSy2XTopBn/8uK2HWuGSnA11C3Joo= github.com/go-errors/errors v1.0.1 h1:LUHzmkK3GUKUrL/1gfBUxAHzcev3apQlezX/+O7ma6w= github.com/go-errors/errors v1.0.1/go.mod h1:f4zRHt4oKfwPJE5k8C9vpYG+aDHdBFUsgrm6/TyX73Q= +github.com/go-fonts/dejavu v0.1.0/go.mod h1:4Wt4I4OU2Nq9asgDCteaAaWZOV24E+0/Pwo0gppep4g= +github.com/go-fonts/latin-modern v0.2.0/go.mod h1:rQVLdDMK+mK1xscDwsqM5J8U2jrRa3T0ecnM9pNujks= +github.com/go-fonts/liberation v0.1.1/go.mod h1:K6qoJYypsmfVjWg8KOVDQhLc8UDgIK2HYqyqAO9z7GY= +github.com/go-fonts/liberation v0.2.0/go.mod h1:K6qoJYypsmfVjWg8KOVDQhLc8UDgIK2HYqyqAO9z7GY= +github.com/go-fonts/stix v0.1.0/go.mod h1:w/c1f0ldAUlJmLBvlbkvVXLAD+tAMqobIIQpmnUIzUY= github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU= github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= @@ -562,6 +593,8 @@ github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2 github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= github.com/go-kit/kit v0.10.0/go.mod h1:xUsJbQ/Fp4kEt7AFgCuvyX4a71u8h9jB8tj/ORgOZ7o= github.com/go-kit/log v0.1.0/go.mod h1:zbhenjAZHb184qTLMA9ZjW7ThYL0H2mk7Q6pNt4vbaY= +github.com/go-latex/latex v0.0.0-20210118124228-b3d85cf34e07/go.mod h1:CO1AlKB2CSIqUrmQPqA0gdRIlnLEY0gK5JGjh37zN5U= +github.com/go-latex/latex v0.0.0-20210823091927-c0d11ff05a81/go.mod h1:SX0U8uGpxhq9o2S/CELCSUxEWWAuoCUcVCQWv7G2OCk= github.com/go-ldap/ldap v3.0.2+incompatible/go.mod h1:qfd9rJvER9Q0/D/Sqn1DfHRoBp40uXYvFoEVrNEPqRc= github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE= github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk= @@ -590,6 +623,7 @@ github.com/go-openapi/errors v0.19.6/go.mod h1:cM//ZKUKyO06HSwqAelJ5NsEMMcpa6VpX github.com/go-openapi/errors v0.19.7/go.mod h1:cM//ZKUKyO06HSwqAelJ5NsEMMcpa6VpXe8DOa1Mi1M= github.com/go-openapi/errors v0.19.8/go.mod h1:cM//ZKUKyO06HSwqAelJ5NsEMMcpa6VpXe8DOa1Mi1M= github.com/go-openapi/errors v0.19.9/go.mod h1:cM//ZKUKyO06HSwqAelJ5NsEMMcpa6VpXe8DOa1Mi1M= +github.com/go-openapi/errors v0.20.0/go.mod h1:cM//ZKUKyO06HSwqAelJ5NsEMMcpa6VpXe8DOa1Mi1M= github.com/go-openapi/errors v0.20.1 h1:j23mMDtRxMwIobkpId7sWh7Ddcx4ivaoqUbfXx5P+a8= github.com/go-openapi/errors v0.20.1/go.mod h1:cM//ZKUKyO06HSwqAelJ5NsEMMcpa6VpXe8DOa1Mi1M= github.com/go-openapi/inflect v0.19.0 h1:9jCH9scKIbHeV9m12SmPilScz6krDxKRasNNSNPXu/4= @@ -666,6 +700,7 @@ github.com/go-openapi/validate v0.19.12/go.mod h1:Rzou8hA/CBw8donlS6WNEUQupNvUZ0 github.com/go-openapi/validate v0.19.15/go.mod h1:tbn/fdOwYHgrhPBzidZfJC2MIVvs9GA7monOmWBbeCI= github.com/go-openapi/validate v0.20.1 h1:QGQ5CvK74E28t3DkegGweKR+auemUi5IdpMc4x3UW6s= github.com/go-openapi/validate v0.20.1/go.mod h1:b60iJT+xNNLfaQJUqLI7946tYiFEOuE9E4k54HpKcJ0= +github.com/go-pdf/fpdf v0.5.0/go.mod h1:HzcnA+A23uwogo0tp9yU+l3V+KXhiESpt1PMayhOh5M= github.com/go-playground/assert/v2 v2.0.1 h1:MsBgLAaY856+nPRTKrp3/OZK38U/wa0CcBYNjji3q3A= github.com/go-playground/assert/v2 v2.0.1/go.mod h1:VDjEfimB/XKnb+ZQfWdccd7VUvScMdVu0Titje2rxJ4= github.com/go-playground/locales v0.12.1/go.mod h1:IUMDtCfWo/w/mtMfIE/IG2K+Ey3ygWanZIBtBW0W2TM= @@ -689,6 +724,7 @@ github.com/go-swagger/go-swagger v0.26.1 h1:1XUWLnH6hKxHzeKjJfA2gHkSqcT1Zgi4q/PZ github.com/go-swagger/go-swagger v0.26.1/go.mod h1:zlf/LHplZpdtU2mYXg9Ajd3+9TgHYltv5f/pEM6LjnI= github.com/go-swagger/scan-repo-boundary v0.0.0-20180623220736-973b3573c013 h1:l9rI6sNaZgNC0LnF3MiE+qTmyBA/tZAg1rtyrGbUMK0= github.com/go-swagger/scan-repo-boundary v0.0.0-20180623220736-973b3573c013/go.mod h1:b65mBPzqzZWxOZGxSWrqs4GInLIn+u99Q9q7p+GKni0= +github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0/go.mod h1:fyg7847qk6SyHyPtNmDHnmrv/HOrqktSC+C9fM+CJOE= github.com/go-test/deep v1.0.2-0.20181118220953-042da051cf31/go.mod h1:wGDj63lr65AM2AQyKZd/NYHGb0R+1RLqB8NKt3aSFNA= github.com/go-test/deep v1.0.4 h1:u2CU3YKy9I2pmu9pX0eq50wCgjfGIt539SqR7FbHiho= github.com/go-test/deep v1.0.4/go.mod h1:wGDj63lr65AM2AQyKZd/NYHGb0R+1RLqB8NKt3aSFNA= @@ -725,6 +761,7 @@ github.com/gobuffalo/helpers v0.6.0/go.mod h1:pncVrer7x/KRvnL5aJABLAuT/RhKRR9klL github.com/gobuffalo/helpers v0.6.4 h1:N9is8xgaotJzGIge1GoLYiWRpKZPqnS9RSty72OhIn8= github.com/gobuffalo/helpers v0.6.4/go.mod h1:m2aOKsTl3KB0RUwwpxf3tykaaitujQ3irivqrlNAcJ0= github.com/gobuffalo/here v0.6.0 h1:hYrd0a6gDmWxBM4TnrGw8mQg24iSVoIkHEk7FodQcBI= +github.com/gobuffalo/here v0.6.0/go.mod h1:wAG085dHOYqUpf+Ap+WOdrPTp5IYcDAs/x7PLa8Y5fM= github.com/gobuffalo/httptest v1.0.2 h1:LWp2khlgA697h4BIYWW2aRxvB93jMnBrbakQ/r2KLzs= github.com/gobuffalo/httptest v1.0.2/go.mod h1:7T1IbSrg60ankme0aDLVnEY0h056g9M1/ZvpVThtB7E= github.com/gobuffalo/logger v0.0.0-20190315122211-86e12af44bc2/go.mod h1:QdxcLw541hSGtBnhUc4gaNIXRjiDppFGaDqzbrBd3v8= @@ -779,6 +816,7 @@ github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= github.com/golang-jwt/jwt/v4 v4.1.0 h1:XUgk2Ex5veyVFVeLm0xhusUTQybEbexJXrvPNOKkSY0= github.com/golang-jwt/jwt/v4 v4.1.0/go.mod h1:/xlHOz8bRuivTWchD4jCa+NbatV+wEUSzwAxVc6locg= +github.com/golang/freetype v0.0.0-20170609003504-e2365dfdc4a0/go.mod h1:E/TSTwGwJL78qG/PmXZO1EjYhfJinVAhrmmHX6Z8B9k= github.com/golang/gddo v0.0.0-20190904175337-72a348e765d2 h1:xisWqjiKEff2B0KfFYGpCqc3M3zdTz+OHQHRc09FeYk= github.com/golang/gddo v0.0.0-20190904175337-72a348e765d2/go.mod h1:xEhNfoBDX1hzLm2Nf80qUvZ2sVwoMZ8d6IE2SrsQfh4= github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= @@ -823,6 +861,7 @@ github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiu github.com/golang/snappy v0.0.0-20180518054509-2e65f85255db/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= github.com/golang/snappy v0.0.1/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= github.com/golang/snappy v0.0.3/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= +github.com/golang/snappy v0.0.4/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= github.com/google/btree v1.0.1 h1:gK4Kx5IaGY9CD5sPJ36FHiBJ6ZXl0kilRiiCj+jdYp4= @@ -850,6 +889,7 @@ github.com/google/go-github/v27 v27.0.1/go.mod h1:/0Gr8pJ55COkmv+S/yPKCczSkUPIM/ github.com/google/go-github/v28 v28.1.1/go.mod h1:bsqJWQX05omyWVmc00nEUql9mhQyv38lDZ8kPZcQVoM= github.com/google/go-github/v38 v38.1.0 h1:C6h1FkaITcBFK7gAmq4eFzt6gbhEhk7L5z6R3Uva+po= github.com/google/go-github/v38 v38.1.0/go.mod h1:cStvrz/7nFr0FoENgG6GLbp53WaelXucT+BBz/3VKx4= +github.com/google/go-jsonnet v0.17.0/go.mod h1:sOcuej3UW1vpPTZOr8L7RQimqai1a57bt5j22LzGZCw= github.com/google/go-jsonnet v0.18.0 h1:/6pTy6g+Jh1a1I2UMoAODkqELFiVIdOxbNwv0DDzoOg= github.com/google/go-jsonnet v0.18.0/go.mod h1:C3fTzyVJDslXdiTqw/bTFk7vSGyCtH3MGRbDfvEwGd0= github.com/google/go-licenses v0.0.0-20210329231322-ce1d9163b77d/go.mod h1:+TYOmkVoJOpwnS0wfdsJCV9CoD5nJYsHoFk/0CrTK4M= @@ -859,6 +899,7 @@ github.com/google/go-replayers/grpcreplay v0.1.0/go.mod h1:8Ig2Idjpr6gifRd6pNVgg github.com/google/go-replayers/httpreplay v0.1.0/go.mod h1:YKZViNhiGgqdBlUbI2MwGpq4pXxNmhJLPHQ7cv2b5no= github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/gofuzz v1.1.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= +github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/licenseclassifier v0.0.0-20210325184830-bb04aff29e72/go.mod h1:qsqn2hxC+vURpyBRygGUuinTO42MFRLcsmQ/P8v94+M= github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs= github.com/google/martian v2.1.1-0.20190517191504-25dcb96d9e51+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs= @@ -936,6 +977,8 @@ github.com/grpc-ecosystem/grpc-gateway v1.9.5/go.mod h1:vNeuVxBJEsws4ogUvrchl83t github.com/grpc-ecosystem/grpc-gateway v1.14.6/go.mod h1:zdiPV4Yse/1gnckTHtghG4GkDEdKCRJduHpTxT3/jcw= github.com/grpc-ecosystem/grpc-gateway v1.16.0 h1:gmcG1KaJ57LophUzW0Hy8NmPhnMZb4M0+kPpLofRdBo= github.com/grpc-ecosystem/grpc-gateway v1.16.0/go.mod h1:BDjrQk3hbvj6Nolgz8mAMFbcEtjT1g+wF4CSlocrBnw= +github.com/grpc-ecosystem/grpc-gateway/v2 v2.7.0 h1:BZHcxBETFHIdVyhyEfOvn/RdU/QGdLI4y34qQGjGWO0= +github.com/grpc-ecosystem/grpc-gateway/v2 v2.7.0/go.mod h1:hgWBS7lorOAVIJEQMi4ZsPv9hVvWI6+ch50m39Pf2Ks= github.com/gtank/cryptopasta v0.0.0-20170601214702-1f550f6f2f69 h1:7xsUJsB2NrdcttQPa7JLEaGzvdbk7KvfrjgHZXOQRo0= github.com/gtank/cryptopasta v0.0.0-20170601214702-1f550f6f2f69/go.mod h1:YLEMZOtU+AZ7dhN9T/IpGhXVGly2bvkJQ+zxj3WeVQo= github.com/hashicorp/consul/api v1.1.0/go.mod h1:VmuI/Lkw1nC05EYQWNKwWGbkg+FbDBtguAZLlVdkD9Q= @@ -1035,7 +1078,11 @@ github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANyt github.com/influxdata/influxdb1-client v0.0.0-20191209144304-8bf82d3c094d/go.mod h1:qj24IKcXYK6Iy9ceXlo3Tc+vtHo9lIhSX5JddghvEPo= github.com/inhies/go-bytesize v0.0.0-20210819104631-275770b98743 h1:X3Xxno5Ji8idrNiUoFc7QyXpqhSYlDRYQmc7mlpMBzU= github.com/inhies/go-bytesize v0.0.0-20210819104631-275770b98743/go.mod h1:KrtyD5PFj++GKkFS/7/RRrfnRhAMGQwy75GLCHWrCNs= +github.com/instana/go-sensor v1.41.1/go.mod h1:E42MelHWFz11qqaLwvgt0j98v2s2O/bq22UDkGaG0Gg= +github.com/instana/testify v1.6.2-0.20200721153833-94b1851f4d65 h1:T25FL3WEzgmKB0m6XCJNZ65nw09/QIp3T1yXr487D+A= +github.com/instana/testify v1.6.2-0.20200721153833-94b1851f4d65/go.mod h1:nYhEREG/B7HUY7P+LKOrqy53TpIqmJ9JyUShcaEKtGw= github.com/j-keck/arping v0.0.0-20160618110441-2cf9dc699c56/go.mod h1:ymszkNOg6tORTn+6F6j+Jc8TOr5osrynvN6ivFWZ2GA= +github.com/jackc/chunkreader v1.0.0 h1:4s39bBR8ByfqH+DKm8rQA3E1LHZWB9XWcrz8fqaZbe0= github.com/jackc/chunkreader v1.0.0/go.mod h1:RT6O25fNZIuasFJRyZ4R/Y2BbhasbmZXF9QQ7T3kePo= github.com/jackc/chunkreader/v2 v2.0.0/go.mod h1:odVSm741yZoC3dpHEUXIqA9tQRhFrgOHwnPIn9lDKlk= github.com/jackc/chunkreader/v2 v2.0.1 h1:i+RDz65UE+mmpjTfyz0MoVTnzeYxroil2G82ki7MGG8= @@ -1048,6 +1095,7 @@ github.com/jackc/pgmock v0.0.0-20210724152146-4ad1a8207f65 h1:DadwsjnMwFjfWc9y5W github.com/jackc/pgmock v0.0.0-20210724152146-4ad1a8207f65/go.mod h1:5R2h2EEX+qri8jOWMbJCtaPWkrrNc7OHwsp2TCqp7ak= github.com/jackc/pgpassfile v1.0.0 h1:/6Hmqy13Ss2zCq62VdNG8tM1wchn8zjSGOBJ6icpsIM= github.com/jackc/pgpassfile v1.0.0/go.mod h1:CEx0iS5ambNFdcRtxPj5JhEz+xB6uRky5eyVu/W2HEg= +github.com/jackc/pgproto3 v1.1.0 h1:FYYE4yRw+AgI8wXIinMlNjBbp/UitDJwfj5LqqewP1A= github.com/jackc/pgproto3 v1.1.0/go.mod h1:eR5FA3leWg7p9aeAqi37XOTgTIbkABlvcPB3E5rlc78= github.com/jackc/pgproto3/v2 v2.0.0-alpha1.0.20190420180111-c116219b62db/go.mod h1:bhq50y+xrl9n5mRYyCBFKkpRVTLYJVWeCc+mEAI3yXA= github.com/jackc/pgproto3/v2 v2.0.0-alpha1.0.20190609003834-432c2951c711/go.mod h1:uH0AWtUmuShn0bcesswc4aBTWGvw0cAxIJp+6OB//Wg= @@ -1090,6 +1138,13 @@ github.com/jandelgado/gcov2lcov v1.0.5 h1:rkBt40h0CVK4oCb8Dps950gvfd1rYvQ8+cWa34 github.com/jandelgado/gcov2lcov v1.0.5/go.mod h1:NnSxK6TMlg1oGDBfGelGbjgorT5/L3cchlbtgFYZSss= github.com/jarcoal/httpmock v1.0.5/go.mod h1:ATjnClrvW/3tijVmpL/va5Z3aAyGvqU3gCT8nX0Txik= github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99/go.mod h1:1lJo3i6rXxKeerYnT8Nvf0QmHCRC1n8sfWVwXF2Frvo= +github.com/jcchavezs/porto v0.1.0/go.mod h1:fESH0gzDHiutHRdX2hv27ojnOVFco37hg1W6E9EZF4A= +github.com/jcmturner/aescts/v2 v2.0.0/go.mod h1:AiaICIRyfYg35RUkr8yESTqvSy7csK90qZ5xfvvsoNs= +github.com/jcmturner/dnsutils/v2 v2.0.0/go.mod h1:b0TnjGOvI/n42bZa+hmXL+kFJZsFT7G4t3HTlQ184QM= +github.com/jcmturner/gofork v1.0.0/go.mod h1:MK8+TM0La+2rjBD4jE12Kj1pCCxK7d2LK/UM3ncEo0o= +github.com/jcmturner/goidentity/v6 v6.0.1/go.mod h1:X1YW3bgtvwAXju7V3LCIMpY0Gbxyjn/mY9zx4tFonSg= +github.com/jcmturner/gokrb5/v8 v8.4.2/go.mod h1:sb+Xq/fTY5yktf/VxLsE3wlfPqQjp0aWNYyvBVK62bc= +github.com/jcmturner/rpc/v2 v2.0.3/go.mod h1:VUJYCIDm3PVOEHw8sgt091/20OJjskO/YJki3ELg/Hc= github.com/jessevdk/go-flags v1.4.0 h1:4IU2WS7AumrZ/40jfhf4QVDMsQwqA7VEHozFRrGARJA= github.com/jessevdk/go-flags v1.4.0/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI= github.com/jhump/protoreflect v1.6.1/go.mod h1:RZQ/lnuN+zqeRVpQigTwO6o0AJUkxbnSnpuG7toUTG4= @@ -1109,6 +1164,7 @@ github.com/jmoiron/sqlx v1.3.1/go.mod h1:2BljVx/86SuTyjE+aPYlHCTNvZrnJXghYGpNiXL github.com/jmoiron/sqlx v1.3.3/go.mod h1:2BljVx/86SuTyjE+aPYlHCTNvZrnJXghYGpNiXLBMCQ= github.com/jmoiron/sqlx v1.3.4 h1:wv+0IJZfL5z0uZoUjlpKgHkgaFSYD+r9CfrXjEXsO7w= github.com/jmoiron/sqlx v1.3.4/go.mod h1:2BljVx/86SuTyjE+aPYlHCTNvZrnJXghYGpNiXLBMCQ= +github.com/joeshaw/multierror v0.0.0-20140124173710-69b34d4ec901/go.mod h1:Z86h9688Y0wesXCyonoVr47MasHilkuLMqGhRZ4Hpak= github.com/joho/godotenv v1.3.0/go.mod h1:7hK45KPybAkOC6peb+G5yklZfMxEjkZhHbwpqxOKXbg= github.com/joho/godotenv v1.4.0 h1:3l4+N6zfMWnkbPEXKng2o2/MR5mSwTrBih4ZEkkz1lg= github.com/joho/godotenv v1.4.0/go.mod h1:f4LDr5Voq0i2e/R5DDNOoa2zzDfwtkZa6DnEwAbqwq4= @@ -1136,6 +1192,8 @@ github.com/juju/ratelimit v1.0.1/go.mod h1:qapgC/Gy+xNh9UxzV13HGGl/6UXNN+ct+vwSg github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w= github.com/julienschmidt/httprouter v1.3.0 h1:U0609e9tgbseu3rBINet9P48AI/D3oJs4dN7jwJOQ1U= github.com/julienschmidt/httprouter v1.3.0/go.mod h1:JR6WtHb+2LUe8TCKY3cZOxFyyO8IZAc4RVcycCCAKdM= +github.com/jung-kurt/gofpdf v1.0.0/go.mod h1:7Id9E/uU8ce6rXgefFLlgrJj/GYY22cpxn+r32jIOes= +github.com/jung-kurt/gofpdf v1.0.3-0.20190309125859-24315acbbda5/go.mod h1:7Id9E/uU8ce6rXgefFLlgrJj/GYY22cpxn+r32jIOes= github.com/karrick/godirwalk v1.8.0/go.mod h1:H5KPZjojv4lE+QYImBI8xVtrBRgYrIVsaRPx4tDPEn4= github.com/karrick/godirwalk v1.10.3/go.mod h1:RoGL9dQei4vP9ilrpETWE8CLOZ1kiN0LhBygSwrAsHA= github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51 h1:Z9n2FFNUXsshfwJMBgNA0RU6/i7WVaAegv3PtuIHPMs= @@ -1150,6 +1208,7 @@ github.com/kisom/goutils v1.4.3/go.mod h1:Lp5qrquG7yhYnWzZCI/68Pa/GpFynw//od6EkG github.com/klauspost/compress v1.9.5/go.mod h1:RyIbtBH6LamlWaDj8nUwkbUhJ87Yi3uG0guNDohfE1A= github.com/klauspost/compress v1.11.3/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs= github.com/klauspost/compress v1.11.13/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs= +github.com/klauspost/compress v1.13.6/go.mod h1:/3/Vjq9QcHkK5uEr5lBEmyoZ1iFhe47etQ6QUkpK6sk= github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= github.com/konsorten/go-windows-terminal-sequences v1.0.2/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= github.com/konsorten/go-windows-terminal-sequences v1.0.3/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= @@ -1185,6 +1244,7 @@ github.com/lib/pq v1.10.4 h1:SO9z7FRPzA03QhHKJrH5BXA6HU1rS4V2nIVrrNC1iYk= github.com/lib/pq v1.10.4/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o= github.com/lightstep/lightstep-tracer-common/golang/gogo v0.0.0-20190605223551-bc2310a04743/go.mod h1:qklhhLq1aX+mtWk9cPHPzaBjWImj5ULL6C7HFJtXQMM= github.com/lightstep/lightstep-tracer-go v0.18.1/go.mod h1:jlF1pusYV4pidLvZ+XD0UBX0ZE6WURAspgAczcDHrL4= +github.com/looplab/fsm v0.1.0/go.mod h1:m2VaOfDHxqXBBMgc26m6yUOwkFn8H2AlJDE+jd/uafI= github.com/luna-duclos/instrumentedsql v1.1.3 h1:t7mvC0z1jUt5A0UQ6I/0H31ryymuQRnJcWCiqV3lSAA= github.com/luna-duclos/instrumentedsql v1.1.3/go.mod h1:9J1njvFds+zN7y85EDhN9XNQLANWwZt2ULeIC8yMNYs= github.com/lyft/protoc-gen-star v0.5.1/go.mod h1:9toiA3cC7z5uVbODF7kEQ91Xn7XNFkVUl+SrEe+ZORU= @@ -1209,6 +1269,7 @@ github.com/markbates/hmax v1.0.0/go.mod h1:cOkR9dktiESxIMu+65oc/r/bdY4bE8zZw3OLh github.com/markbates/oncer v0.0.0-20181203154359-bf2de49a0be2/go.mod h1:Ld9puTsIW75CHf65OeIOkyKbteujpZVXDpWK6YGZbxE= github.com/markbates/oncer v1.0.0/go.mod h1:Z59JA581E9GP6w96jai+TGqafHPW+cPfRxz2aSZ0mcI= github.com/markbates/pkger v0.17.1 h1:/MKEtWqtc0mZvu9OinB9UzVN9iYCwLWuyUv4Bw+PCno= +github.com/markbates/pkger v0.17.1/go.mod h1:0JoVlrol20BSywW79rN3kdFFsE5xYM+rSCQDXbLhiuI= github.com/markbates/safe v1.0.1/go.mod h1:nAqgmRi7cY2nqMc92/bSEeQA+R4OheNU2T1kNSCBdG0= github.com/marstr/guid v1.1.0/go.mod h1:74gB1z2wpxxInTG6yaqA7KrtM0NZ+RbrcqDvYHefzho= github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU= @@ -1218,6 +1279,7 @@ github.com/mattn/go-colorable v0.1.4/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVc github.com/mattn/go-colorable v0.1.6/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc= github.com/mattn/go-colorable v0.1.8/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc= github.com/mattn/go-colorable v0.1.9/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc= +github.com/mattn/go-colorable v0.1.11/go.mod h1:u5H1YNBxpqRaxsYJYSkiCWKzEfiAb1Gb520KVy5xxl4= github.com/mattn/go-colorable v0.1.12 h1:jF+Du6AlPIjs2BiUiQlKOX0rt3SujHxPnksPKZbaA40= github.com/mattn/go-colorable v0.1.12/go.mod h1:u5H1YNBxpqRaxsYJYSkiCWKzEfiAb1Gb520KVy5xxl4= github.com/mattn/go-ieproxy v0.0.0-20190610004146-91bb50d98149/go.mod h1:31jz6HNzdxOmlERGGEc4v/dMssOfmp2p5bT/okiKFFc= @@ -1280,6 +1342,7 @@ github.com/mitchellh/mapstructure v1.3.2/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RR github.com/mitchellh/mapstructure v1.3.3/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= github.com/mitchellh/mapstructure v1.4.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= github.com/mitchellh/mapstructure v1.4.1/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= +github.com/mitchellh/mapstructure v1.4.2/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= github.com/mitchellh/mapstructure v1.4.3 h1:OVowDSCllw/YjdLkam3/sm7wEtOy59d8ndGgCcyj8cs= github.com/mitchellh/mapstructure v1.4.3/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= github.com/mitchellh/osext v0.0.0-20151018003038-5e2d6d41470f/go.mod h1:OkQIRizQZAeMln+1tSwduZz7+Af5oFlKirV/MSYes2A= @@ -1307,6 +1370,7 @@ github.com/mohae/deepcopy v0.0.0-20170929034955-c48cc78d4826/go.mod h1:TaXosZuwd github.com/montanaflynn/stats v0.0.0-20171201202039-1bf9dbcd8cbe h1:iruDEfMl2E6fbMZ9s0scYfZQ84/6SPL6zC8ACM2oIL0= github.com/montanaflynn/stats v0.0.0-20171201202039-1bf9dbcd8cbe/go.mod h1:wL8QJuTMNUDYhXwkmfOly8iTdp5TEcJFWZD2D7SIkUc= github.com/morikuni/aec v1.0.0 h1:nP9CBfwrvYnBRgY6qfDQkygYDmYwOilePFkwzv4dU8A= +github.com/morikuni/aec v1.0.0/go.mod h1:BbKIizmSmc5MMPqRYbxO4ZU0S0+P200+tUnFx7PXmsc= github.com/mreiferson/go-httpclient v0.0.0-20160630210159-31f0106b4474/go.mod h1:OQA4XLvDbMgS8P0CevmM4m9Q3Jq4phKUzcocxuGJ5m8= github.com/mrunalp/fileutils v0.5.0/go.mod h1:M1WthSahJixYnrXQl/DFQuteStB1weuxD2QJNHXfbSQ= github.com/munnerz/goautoneg v0.0.0-20120707110453-a547fc61f48d/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= @@ -1329,6 +1393,7 @@ github.com/nishanths/predeclared v0.0.0-20200524104333-86fad755b4d3/go.mod h1:nt github.com/nkovacs/streamquote v1.0.0/go.mod h1:BN+NaZ2CmdKqUuTUXUEm9j95B2TRbpOWpxbJYzzgUsc= github.com/npillmayer/nestext v0.1.3/go.mod h1:h2lrijH8jpicr25dFY+oAJLyzlya6jhnuG+zWp9L0Uk= github.com/nxadm/tail v1.4.4/go.mod h1:kenIhsEOeOJmVchQTgglprH7qJGnHDVpk1VPCcaMI8A= +github.com/nxadm/tail v1.4.8/go.mod h1:+ncqLTQzXmGhMZNUePPaPqPvBxHAIsmXswZKocGu+AU= github.com/nyaruka/phonenumbers v1.0.73 h1:bP2WN8/NUP8tQebR+WCIejFaibwYMHOaB7MQVayclUo= github.com/nyaruka/phonenumbers v1.0.73/go.mod h1:3aiS+PS3DuYwkbK3xdcmRwMiPNECZ0oENH8qUT1lY7Q= github.com/oklog/oklog v0.3.2/go.mod h1:FCV+B7mhrz4o+ueLpx+KqkyXRGMWOYEvfiXtdGtbWGs= @@ -1347,13 +1412,17 @@ github.com/onsi/ginkgo v1.10.1/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+ github.com/onsi/ginkgo v1.10.3/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= github.com/onsi/ginkgo v1.11.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= github.com/onsi/ginkgo v1.12.1/go.mod h1:zj2OWP4+oCPe1qIXoGWkgMRwljMUYCdkwsT2108oapk= +github.com/onsi/ginkgo v1.16.4/go.mod h1:dX+/inL/fNMqNlz0e9LfyB9TswhZpCVdJM/Z6Vvnwo0= +github.com/onsi/ginkgo v1.16.5/go.mod h1:+E8gABHa3K6zRBolWtd+ROzc/U5bkGt0FwiG042wbpU= github.com/onsi/gomega v0.0.0-20151007035656-2152b45fa28a/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA= github.com/onsi/gomega v0.0.0-20170829124025-dcabb60a477c/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA= github.com/onsi/gomega v1.4.3/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY= github.com/onsi/gomega v1.5.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY= github.com/onsi/gomega v1.7.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY= github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY= +github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo= github.com/onsi/gomega v1.10.3/go.mod h1:V9xEwhxec5O8UDM77eCW8vLymOMltsqPVYWrpDsH8xc= +github.com/onsi/gomega v1.16.0/go.mod h1:HnhC7FXeEQY45zxNK3PPoIUhzk/80Xly9PcubAlGdZY= github.com/op/go-logging v0.0.0-20160315200505-970db520ece7/go.mod h1:HzydrMdWErDVzsI23lYNej1Htcns9BCg93Dk0bBINWk= github.com/opencontainers/go-digest v0.0.0-20170106003457-a6d0ee40d420/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s= github.com/opencontainers/go-digest v0.0.0-20180430190053-c9281466c8b2/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s= @@ -1391,6 +1460,8 @@ github.com/openzipkin-contrib/zipkin-go-opentracing v0.4.5/go.mod h1:/wsWhb9smxS github.com/openzipkin/zipkin-go v0.1.6/go.mod h1:QgAqvLzwWbR/WpD4A3cGpPtJrZXNIiJc5AZX7/PBEpw= github.com/openzipkin/zipkin-go v0.2.1/go.mod h1:NaW6tEwdmWMaCDZzg8sh+IBNOxHMPnhQw8ySjnjRyN4= github.com/openzipkin/zipkin-go v0.2.2/go.mod h1:NaW6tEwdmWMaCDZzg8sh+IBNOxHMPnhQw8ySjnjRyN4= +github.com/openzipkin/zipkin-go v0.4.0 h1:CtfRrOVZtbDj8rt1WXjklw0kqqJQwICrCKmlfUuBUUw= +github.com/openzipkin/zipkin-go v0.4.0/go.mod h1:4c3sLeE8xjNqehmF5RpAFLPLJxXscc0R4l6Zg0P1tTQ= github.com/ory/analytics-go/v4 v4.0.3 h1:2zNBQLlm3UiD8U7DdUGLLUBm62ZA5GtbEJ3S5U+xEOI= github.com/ory/analytics-go/v4 v4.0.3/go.mod h1:A3Chm/3TmM8jw4nqRss+gFhAYHRI5j/HFYH3C1FRahU= github.com/ory/client-go v0.0.1-alpha.138 h1:1Mq+PJz7Q1NA8N+Nntlw6DCq4piMdXFexJ1gAR7d2vE= @@ -1407,6 +1478,7 @@ github.com/ory/herodot v0.9.13 h1:cN/Z4eOkErl/9W7hDIDLb79IO/bfsH+8yscBjRpB4IU= github.com/ory/herodot v0.9.13/go.mod h1:IWDs9kSvFQqw/cQ8zi5ksyYvITiUU4dI7glUrhZcJYo= github.com/ory/jsonschema/v3 v3.0.7 h1:GQ9qfZDiJqs4l2d3p56dozCChvejQFZyLKGHYzDzOSo= github.com/ory/jsonschema/v3 v3.0.7/go.mod h1:g8c8YOtN4TrR2wYeMdT02GDmzJDI0fEW2nI26BECafY= +github.com/ory/mail v2.3.1+incompatible h1:vHntHDHtQXamt2T+iwTTlCoBkDvILUeujE9Ocwe9md4= github.com/ory/mail v2.3.1+incompatible/go.mod h1:87D9/1gB6ewElQoN0lXJ0ayfqcj3cW3qCTXh+5E9mfU= github.com/ory/mail/v3 v3.0.0 h1:8LFMRj473vGahFD/ntiotWEd4S80FKYFtiZTDfOQ+sM= github.com/ory/mail/v3 v3.0.0/go.mod h1:JGAVeZF8YAlxbaFDUHqRZAKBCSeW2w1vuxf28hFbZAw= @@ -1416,8 +1488,8 @@ github.com/ory/sessions v1.2.2-0.20220110165800-b09c17334dc2 h1:zm6sDvHy/U9XrGpi github.com/ory/sessions v1.2.2-0.20220110165800-b09c17334dc2/go.mod h1:dk2InVEVJ0sfLlnXv9EAgkf6ecYs/i80K/zI+bUmuGM= github.com/ory/viper v1.7.5 h1:+xVdq7SU3e1vNaCsk/ixsfxE4zylk1TJUiJrY647jUE= github.com/ory/viper v1.7.5/go.mod h1:ypOuyJmEUb3oENywQZRgeAMwqgOyDqwboO1tj3DjTaM= -github.com/ory/x v0.0.380 h1:A7QYsVQQQ0CgW9Do0+Z8QkeFNaKgXsfQ/MChQm00s9U= -github.com/ory/x v0.0.380/go.mod h1:JHPSavhYHgzlh9teE1vGY+1tecUo2CzfLqHex42jNSQ= +github.com/ory/x v0.0.384 h1:/zP9ijaLTfK7ExQ+NNLbXi0+M1IqDVDFpvpnb544xuY= +github.com/ory/x v0.0.384/go.mod h1:w+51WCfsZYoUf6WesKN3nFBYk2d2PUZhS5Pvo0xhHF8= github.com/otiai10/copy v1.2.0/go.mod h1:rrF5dJ5F0t/EWSYODDu4j9/vEeYHMkc8jt0zJChqQWw= github.com/otiai10/curr v0.0.0-20150429015615-9b4961190c95/go.mod h1:9qAhocn7zKJG+0mI8eUu6xqkFDYS2kb2saOteoSB3cE= github.com/otiai10/curr v1.0.0/go.mod h1:LskTG5wDwr8Rs+nNQ+1LlxRjAtTZZjtJW4rMXl6j4vs= @@ -1442,8 +1514,13 @@ github.com/performancecopilot/speed v3.0.0+incompatible/go.mod h1:/CLtqpZ5gBg1M9 github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR/tNboyR3/BZd58JJSHlUSCU= github.com/phayes/freeport v0.0.0-20180830031419-95f893ade6f2 h1:JhzVVoYvbOACxoUmOs6V/G4D5nPVUW73rKvXxP4XUJc= github.com/phayes/freeport v0.0.0-20180830031419-95f893ade6f2/go.mod h1:iIss55rKnNBTvrwdmkUpLnDpZoAHvWaiq5+iMmen4AE= +github.com/philhofer/fwd v1.1.1/go.mod h1:gk3iGcWd9+svBvR0sR+KPcfE+RNWozjowpeBVG3ZVNU= +github.com/phpdave11/gofpdf v1.4.2/go.mod h1:zpO6xFn9yxo3YLyMvW8HcKWVdbNqgIfOOp2dXMnm1mY= +github.com/phpdave11/gofpdi v1.0.12/go.mod h1:vBmVV0Do6hSBHC8uKUQ71JGW+ZGQq74llk/7bXwjDoI= +github.com/phpdave11/gofpdi v1.0.13/go.mod h1:vBmVV0Do6hSBHC8uKUQ71JGW+ZGQq74llk/7bXwjDoI= github.com/pierrec/lz4 v1.0.2-0.20190131084431-473cd7ce01a1/go.mod h1:3/3N9NVKO0jef7pBehbT1qWhCMrIgbYNnFAZCqQ5LRc= github.com/pierrec/lz4 v2.0.5+incompatible/go.mod h1:pdkljMzZIN41W+lC3N2tnIh5sFi+IEE17M5jbnwPHcY= +github.com/pierrec/lz4 v2.6.1+incompatible/go.mod h1:pdkljMzZIN41W+lC3N2tnIh5sFi+IEE17M5jbnwPHcY= github.com/pkg/diff v0.0.0-20200914180035-5b29258ca4f7/go.mod h1:zO8QMzTeZd5cpnIkz/Gn6iK0jDfGicM1nynOkkPIl28= github.com/pkg/diff v0.0.0-20210226163009-20ebb0f2a09e h1:aoZm08cpOy4WuID//EZDgcC4zIxODThtZNPirFr42+A= github.com/pkg/diff v0.0.0-20210226163009-20ebb0f2a09e/go.mod h1:pJLUxLENpZxwdsKMEsNbx1VGcRFpLqf3715MtcvvzbA= @@ -1504,6 +1581,7 @@ github.com/prometheus/common v0.32.1/go.mod h1:vu+V0TpY+O6vW9J44gczi3Ap/oXXR10b+ github.com/prometheus/procfs v0.0.0-20180125133057-cb4147076ac7/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= github.com/prometheus/procfs v0.0.0-20190117184657-bf6a532e95b1/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= +github.com/prometheus/procfs v0.0.0-20190425082905-87a4384529e0/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= github.com/prometheus/procfs v0.0.0-20190507164030-5867b95ac084/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= github.com/prometheus/procfs v0.0.0-20190522114515-bc1a522cf7b1/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= @@ -1518,7 +1596,9 @@ github.com/prometheus/procfs v0.7.3/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1 github.com/prometheus/tsdb v0.7.1/go.mod h1:qhTCs0VvXwvX/y3TZrWD7rabWM+ijKTux40TwIPHuXU= github.com/pseudomuto/protoc-gen-doc v1.4.1/go.mod h1:exDTOVwqpp30eV/EDPFLZy3Pwr2sn6hBC1WIYH/UbIg= github.com/pseudomuto/protokit v0.2.0/go.mod h1:2PdH30hxVHsup8KpBTOXTBeMVhJZVio3Q8ViKSAXT0Q= +github.com/rabbitmq/amqp091-go v1.1.0/go.mod h1:ogQDLSOACsLPsIq0NpbtiifNZi2YOz0VTJ0kHRghqbM= github.com/rcrowley/go-metrics v0.0.0-20181016184325-3113b8401b8a/go.mod h1:bCqnVzQkZxMG4s8nGwiZ5l3QUCyqpo9Y+/ZMZ9VjZe4= +github.com/rcrowley/go-metrics v0.0.0-20201227073835-cf1acfcdf475/go.mod h1:bCqnVzQkZxMG4s8nGwiZ5l3QUCyqpo9Y+/ZMZ9VjZe4= github.com/rhnvrm/simples3 v0.6.1/go.mod h1:Y+3vYm2V7Y4VijFoJHHTrja6OgPrJ2cBti8dPGkC3sA= github.com/rivo/uniseg v0.1.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc= github.com/rivo/uniseg v0.2.0 h1:S1pD9weZBuJdFmowNwbpi7BJ8TNftyUImj/0WQi72jY= @@ -1541,15 +1621,20 @@ github.com/rs/cors v1.8.0/go.mod h1:EBwu+T5AvHOcXwvZIkQFjUN6s8Czyqw12GL/Y0tUyRM= github.com/rs/xid v1.2.1/go.mod h1:+uKXf+4Djp6Md1KODXJxgGQPKngRmWyn10oCKFzNHOQ= github.com/rs/zerolog v1.13.0/go.mod h1:YbFCdg8HfsridGWAh22vktObvhZbQsZXe4/zB0OKkWU= github.com/rs/zerolog v1.15.0/go.mod h1:xYTKnLHcpfU2225ny5qZjxnj9NvkumZYjJHlAThCjNc= +github.com/russross/blackfriday v1.5.2 h1:HyvC0ARfnZBqnXwABFeSZHpKvJHJJfPz81GNueLj0oo= github.com/russross/blackfriday v1.5.2/go.mod h1:JO/DiYxRf+HjHt06OyowR9PTA263kcR/rfWxYHBV53g= github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= github.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf35Ld67mk= github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= +github.com/ruudk/golang-pdf417 v0.0.0-20181029194003-1af4ab5afa58/go.mod h1:6lfFZQK844Gfx8o5WFuvpxWRwnSoipWe/p622j1v06w= +github.com/ruudk/golang-pdf417 v0.0.0-20201230142125-a7e3863a1245/go.mod h1:pQAZKsJ8yyVxGRWYNEm9oFB8ieLgKFnamEyDmSA0BRk= github.com/ryanuber/columnize v0.0.0-20160712163229-9b3edd62028f/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts= github.com/ryanuber/columnize v2.1.0+incompatible/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts= github.com/ryanuber/go-glob v1.0.0/go.mod h1:807d1WSdnB0XRJzKNil9Om6lcp/3a0v4qIHxIXzX/Yc= github.com/safchain/ethtool v0.0.0-20190326074333-42ed695e3de8/go.mod h1:Z0q5wiBQGYcxhMZ6gUqHn6pYNLypFAvaL3UvgZLR0U4= +github.com/sagikazarmark/crypt v0.3.0/go.mod h1:uD/D+6UF4SrIR1uGEv7bBNkNqLGqUr43MRiaGWX1Nig= github.com/samuel/go-zookeeper v0.0.0-20190923202752-2cc03de413da/go.mod h1:gi+0XIa01GRL2eRQVjQkKGqKF3SF9vZR/HnPullcV2E= +github.com/santhosh-tekuri/jsonschema v1.2.4/go.mod h1:TEAUOeZSmIxTTuHatJzrvARHiuO9LYd+cIxzgEHCQI4= github.com/sassoftware/go-rpmutils v0.0.0-20190420191620-a8f1baeba37b/go.mod h1:am+Fp8Bt506lA3Rk3QCmSqmYmLMnPDhdDUcosQCAx+I= github.com/satori/go.uuid v1.2.0/go.mod h1:dA0hQrYB0VpLJoorglMZABFdXlWrHn1NEOzdhQKdks0= github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529 h1:nn5Wsu0esKSJiIVhscUtVbo7ada43DJhG55ua/hjS5I= @@ -1621,6 +1706,7 @@ github.com/spf13/cobra v1.0.0/go.mod h1:/6GTrnGXV9HjY+aR4k0oJ5tcvakLuG6EuKReYlHN github.com/spf13/cobra v1.1.1/go.mod h1:WnodtKOvamDL/PwE2M4iKs8aMDBZ5Q5klgD3qfVJQMI= github.com/spf13/cobra v1.1.3/go.mod h1:pGADOWyqRD/YMrPZigI/zbliZ2wVD/23d+is3pSWzOo= github.com/spf13/cobra v1.2.1/go.mod h1:ExllRjgxM/piMAM+3tAZvg8fsklGAf3tPfi+i8t68Nk= +github.com/spf13/cobra v1.3.0/go.mod h1:BrRVncBjOJa/eUcVVm9CE+oC6as8k+VYr4NY7WCi9V4= github.com/spf13/cobra v1.4.0 h1:y+wJpx64xcgO1V+RcnwW0LEHxTKRi2ZDPSBjWnrg88Q= github.com/spf13/cobra v1.4.0/go.mod h1:Wo4iy3BUC+X2Fybo0PDqwJIv3dNRiZLHQymsfxlB84g= github.com/spf13/jwalterweatherman v1.0.0/go.mod h1:cQK4TGJAtQXfYWX+Ddv3mKDzgVb68N+wFjFa4jdeBTo= @@ -1683,6 +1769,7 @@ github.com/timtadh/data-structures v0.5.3 h1:F2tEjoG9qWIyUjbvXVgJqEOGJPMIiYn7U5W github.com/timtadh/data-structures v0.5.3/go.mod h1:9R4XODhJ8JdWFEI8P/HJKqxuJctfBQw6fDibMQny2oU= github.com/timtadh/lexmachine v0.2.2 h1:g55RnjdYazm5wnKv59pwFcBJHOyvTPfDEoz21s4PHmY= github.com/timtadh/lexmachine v0.2.2/go.mod h1:GBJvD5OAfRn/gnp92zb9KTgHLB7akKyxmVivoYCcjQI= +github.com/tinylib/msgp v1.1.2/go.mod h1:+d+yLhGm8mzTaHzB+wgMYrodPfmZrzkirds8fDWklFE= github.com/tj/assert v0.0.0-20171129193455-018094318fb0/go.mod h1:mZ9/Rh9oLWpLLDRpvE+3b7gP/C2YyLFYxNmcLnPTMe0= github.com/tj/go-elastic v0.0.0-20171221160941-36157cbbebc2/go.mod h1:WjeM0Oo1eNAjXGDx2yma7uG2XoyRZTq1uv3M/o7imD0= github.com/tj/go-kinesis v0.0.0-20171128231115-08b17f58cb1b/go.mod h1:/yhzCV0xPfx6jb1bBgRFjl5lytqVqZXEaeqWP8lTEao= @@ -1697,6 +1784,8 @@ github.com/toqueteos/webbrowser v1.2.0 h1:tVP/gpK69Fx+qMJKsLE7TD8LuGWPnEV71wBN9r github.com/toqueteos/webbrowser v1.2.0/go.mod h1:XWoZq4cyp9WeUeak7w7LXRUQf1F1ATJMir8RTqb4ayM= github.com/tv42/httpunix v0.0.0-20150427012821-b75d8614f926/go.mod h1:9ESjWnEqriFuLhtthL60Sar/7RFoluCcXsuvEwTV5KM= github.com/tv42/httpunix v0.0.0-20191220191345-2ba4b9c3382c/go.mod h1:hzIxponao9Kjc7aWznkXaL4U4TWaDSs8zcsY4Ka08nM= +github.com/uber/jaeger-client-go v2.30.0+incompatible/go.mod h1:WVhlPFC8FDjOFMMWRy2pZqQJSXxYSwNYOkTr/Z6d3Kk= +github.com/uber/jaeger-lib v2.4.1+incompatible/go.mod h1:ComeNDZlWwrWnDv8aPp0Ba6+uUTzImX/AauajbLI56U= github.com/ugorji/go v1.1.4/go.mod h1:uQMGLiO92mf5W77hV/PUCpI3pbzQx3CRekS0kk+RGrc= github.com/ugorji/go v1.1.7/go.mod h1:kZn38zHttfInRq0xu/PH0az30d+z6vm202qpg1oXVMw= github.com/ugorji/go/codec v0.0.0-20181204163529-d75b2dcb6bc8/go.mod h1:VFNgLljTbGfSG7qAOspJ7OScBnGdDN/yBr0sguwnwf0= @@ -1710,6 +1799,7 @@ github.com/urfave/cli v1.22.2/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtX github.com/urfave/cli v1.22.4/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0= github.com/urfave/cli v1.22.5 h1:lNq9sAHXK2qfdI8W+GRItjCEkI+2oR4d+MEHy1CKXoU= github.com/urfave/cli v1.22.5/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0= +github.com/urfave/cli/v2 v2.3.0/go.mod h1:LJmUH05zAU44vOAcrfzZQKsZbVcdbOG8rtL3/XcUArI= github.com/urfave/negroni v1.0.0 h1:kIimOitoypq34K7TG7DUaJ9kq/N4Ofuwi1sjz0KipXc= github.com/urfave/negroni v1.0.0/go.mod h1:Meg73S6kFm/4PpbYdq35yYWoCZ9mS/YSx+lKnmiohz4= github.com/valyala/bytebufferpool v1.0.0/go.mod h1:6bBcMArwyJ5K/AmCkWv1jt77kVWyCJ6HpOuEn7z0Csc= @@ -1729,6 +1819,9 @@ github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM= github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg= github.com/xanzy/go-gitlab v0.31.0/go.mod h1:sPLojNBn68fMUWSxIJtdVVIP8uSBYqesTfDUseX11Ug= github.com/xanzy/ssh-agent v0.2.1/go.mod h1:mLlQY/MoOhWBj+gOGMQkOeiEvkx+8pJSI+0Bx9h2kr4= +github.com/xdg-go/pbkdf2 v1.0.0/go.mod h1:jrpuAogTd400dnrH08LKmI/xc1MbPOebTwRqcT5RDeI= +github.com/xdg-go/scram v1.0.2/go.mod h1:1WAq6h33pAW+iRreB34OORO2Nf7qel3VV3fjBj+hCSs= +github.com/xdg-go/stringprep v1.0.2/go.mod h1:8F9zXuvzgwmyT5DUm4GUfZGDdT3W+LCvS6+da4O5kxM= github.com/xdg/scram v0.0.0-20180814205039-7eeb5667e42c/go.mod h1:lB8K/P019DLNhemzwFU4jHLhdvlE6uDZjXFejJXr49I= github.com/xdg/stringprep v0.0.0-20180714160509-73f8eece6fdc/go.mod h1:Jhud4/sHMO4oL310DaZAKk9ZaJ08SJfe+sJh0HrGL1Y= github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU= @@ -1751,6 +1844,7 @@ github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9de github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= github.com/yuin/goldmark v1.4.0/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= +github.com/yuin/goldmark v1.4.1/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= github.com/yvasiyarov/go-metrics v0.0.0-20140926110328-57bccd1ccd43/go.mod h1:aX5oPXxHm3bOH+xeAttToC8pqch2ScQN/JoXYupl6xs= github.com/yvasiyarov/gorelic v0.0.0-20141212073537-a9bba5b9ab50/go.mod h1:NUSPSUX/bi6SeDMUh6brw0nXpxHnc96TguQh0+r/ssA= github.com/yvasiyarov/newrelic_platform_go v0.0.0-20140908184405-b21fdbd4370f/go.mod h1:GlGEuHIJweS1mbCqG+7vt2nvWLzLLnRHbXz5JKd/Qbg= @@ -1763,11 +1857,16 @@ github.com/zmap/zcrypto v0.0.0-20210511125630-18f1e0152cfc/go.mod h1:FM4U1E3NzlN github.com/zmap/zlint/v3 v3.1.0/go.mod h1:L7t8s3sEKkb0A2BxGy1IWrxt1ZATa1R4QfJZaQOD3zU= github.com/zmb3/spotify/v2 v2.0.0 h1:NHW9btztNZTrJ0+3yMNyfY5qcu1ck9s36wwzc7zrCic= github.com/zmb3/spotify/v2 v2.0.0/go.mod h1:+LVh9CafHu7SedyqYmEf12Rd01dIVlEL845yNhksW0E= +go.elastic.co/apm v1.15.0/go.mod h1:dylGv2HKR0tiCV+wliJz1KHtDyuD8SPe69oV7VyK6WY= +go.elastic.co/apm/module/apmhttp v1.15.0/go.mod h1:NruY6Jq8ALLzWUVUQ7t4wIzn+onKoiP5woJJdTV7GMg= +go.elastic.co/apm/module/apmot v1.15.0/go.mod h1:BjFz2KOlnjXdnSo0p6nhDDaIEYYX8c6uVHwvkZiLqtQ= +go.elastic.co/fastjson v1.1.0/go.mod h1:boNGISWMjQsUPy/t6yqt2/1Wx4YNPSe+mZjlyw9vKKI= go.etcd.io/bbolt v1.3.2/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU= go.etcd.io/bbolt v1.3.3/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU= go.etcd.io/bbolt v1.3.5 h1:XAzx9gjCb0Rxj7EoqcClPD1d5ZBxZJk0jbuoPHenBt0= go.etcd.io/bbolt v1.3.5/go.mod h1:G5EMThwa9y8QZGBClrRx5EY+Yw9kAhnjy3bSjsnlVTQ= go.etcd.io/etcd v0.0.0-20191023171146-3cf2f69b5738/go.mod h1:dnLIgRNXwCJa5e+c6mIZCrds/GIG4ncV9HhK5PX7jPg= +go.etcd.io/etcd v0.5.0-alpha.5.0.20200910180754-dd1b699fc489 h1:1JFLBqwIgdyHN1ZtgjTBwO+blA6gVOmZurpiMEsETKo= go.etcd.io/etcd v0.5.0-alpha.5.0.20200910180754-dd1b699fc489/go.mod h1:yVHk9ub3CSBatqGNg7GRmsnfLWtoW60w4eDYfh7vHDg= go.etcd.io/etcd/api/v3 v3.5.0-alpha.0/go.mod h1:mPcW6aZJukV6Aa81LSKpBjQXTWlXB5r74ymPoSWa3Sw= go.etcd.io/etcd/api/v3 v3.5.0/go.mod h1:cbVKeC6lCfl7j/8jBhAK6aIYO9XOjdptoxU/nLQcPvs= @@ -1821,25 +1920,39 @@ go.opentelemetry.io/otel v1.0.1/go.mod h1:OPEOD4jIT2SlZPMmwT6FqZz2C0ZNdQqiWcoK6M go.opentelemetry.io/otel v1.4.0/go.mod h1:jeAqMFKy2uLIxCtKxoFj0FAL5zAPKQagc3+GtBWakzk= go.opentelemetry.io/otel v1.4.1/go.mod h1:StM6F/0fSwpd8dKWDCdRr7uRvEPYdW0hBSlbdTiUde4= go.opentelemetry.io/otel v1.5.0/go.mod h1:Jm/m+rNp/z0eqJc74H7LPwQ3G87qkU/AnnAydAjSAHk= -go.opentelemetry.io/otel v1.6.3 h1:FLOfo8f9JzFVFVyU+MSRJc2HdEAXQgm7pIv2uFKRSZE= go.opentelemetry.io/otel v1.6.3/go.mod h1:7BgNga5fNlF/iZjG06hM3yofffp0ofKCDwSXx1GC4dI= +go.opentelemetry.io/otel v1.7.0 h1:Z2lA3Tdch0iDcrhJXDIlC94XE+bxok1F9B+4Lz/lGsM= +go.opentelemetry.io/otel v1.7.0/go.mod h1:5BdUoMIz5WEs0vt0CUEMtSSaTSHBBVwrhnz7+nrD5xk= +go.opentelemetry.io/otel/bridge/opentracing v1.6.3/go.mod h1:3SVwOElsIpFiclDeQ4aB7EO/Y1Lm0IXUsLh5TYjHTxo= go.opentelemetry.io/otel/exporters/jaeger v1.5.0 h1:ZR7nhLSfLufS5AHk/iN11Q+W9XYwsJrVZ1Frb833d+Y= go.opentelemetry.io/otel/exporters/jaeger v1.5.0/go.mod h1:rSeUArMBRe1eQLo1T0WxOazohN1M2mYThWJQmn1BjRQ= +go.opentelemetry.io/otel/exporters/otlp/internal/retry v1.6.3 h1:nAmg1WgsUXoXf46dJG9eS/AzOcvkCTK4xJSUYpWyHYg= +go.opentelemetry.io/otel/exporters/otlp/internal/retry v1.6.3/go.mod h1:NEu79Xo32iVb+0gVNV8PMd7GoWqnyDXRlj04yFjqz40= +go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.6.3 h1:4/UjHWMVVc5VwX/KAtqJOHErKigMCH8NexChMuanb/o= +go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.6.3/go.mod h1:UJmXdiVVBaZ63umRUTwJuCMAV//GCMvDiQwn703/GoY= +go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.6.3 h1:ufVuVt/g16GZ/yDOyp+AcCGebGX8u4z7kDRuwEX0DkA= +go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.6.3/go.mod h1:S18p8VK4KRHHyAg5rH3iUnJUcRvIUg9xwIWtq1MWibM= +go.opentelemetry.io/otel/exporters/zipkin v1.7.0 h1:X0FZj+kaIdLi29UiyrEGDhRTYsEXj9GdEW5Y39UQFEE= +go.opentelemetry.io/otel/exporters/zipkin v1.7.0/go.mod h1:9YBXeOMFLQGwNEjsxMRiWPGoJX83usGMhbCmxUbNe5I= go.opentelemetry.io/otel/internal/metric v0.27.0 h1:9dAVGAfFiiEq5NVB9FUJ5et+btbDQAUIJehJ+ikyryk= go.opentelemetry.io/otel/internal/metric v0.27.0/go.mod h1:n1CVxRqKqYZtqyTh9U/onvKapPGv7y/rpyOTI+LFNzw= go.opentelemetry.io/otel/metric v0.27.0 h1:HhJPsGhJoKRSegPQILFbODU56NS/L1UE4fS1sC5kIwQ= go.opentelemetry.io/otel/metric v0.27.0/go.mod h1:raXDJ7uP2/Jc0nVZWQjJtzoyssOYWu/+pjZqRzfvZ7g= go.opentelemetry.io/otel/sdk v1.4.1/go.mod h1:NBwHDgDIBYjwK2WNu1OPgsIc2IJzmBXNnvIJxJc8BpE= go.opentelemetry.io/otel/sdk v1.5.0/go.mod h1:CU4J1v+7iEljnm1G14QjdFWOXUyYLHVh0Lh+/BTYyFg= -go.opentelemetry.io/otel/sdk v1.6.3 h1:prSHYdwCQOX5DrsEzxowH3nLhoAzEBdZhvrR79scfLs= go.opentelemetry.io/otel/sdk v1.6.3/go.mod h1:A4iWF7HTXa+GWL/AaqESz28VuSBIcZ+0CV+IzJ5NMiQ= +go.opentelemetry.io/otel/sdk v1.7.0 h1:4OmStpcKVOfvDOgCt7UriAPtKolwIhxpnSNI/yK+1B0= +go.opentelemetry.io/otel/sdk v1.7.0/go.mod h1:uTEOTwaqIVuTGiJN7ii13Ibp75wJmYUDe374q6cZwUU= go.opentelemetry.io/otel/trace v1.0.1/go.mod h1:5g4i4fKLaX2BQpSBsxw8YYcgKpMMSW3x7ZTuYBr3sUk= go.opentelemetry.io/otel/trace v1.4.0/go.mod h1:uc3eRsqDfWs9R7b92xbQbU42/eTNz4N+gLP8qJCi4aE= go.opentelemetry.io/otel/trace v1.4.1/go.mod h1:iYEVbroFCNut9QkwEczV9vMRPHNKSSwYZjulEtsmhFc= go.opentelemetry.io/otel/trace v1.5.0/go.mod h1:sq55kfhjXYr1zVSyexg0w1mpa03AYXR5eyTkB9NPPdE= -go.opentelemetry.io/otel/trace v1.6.3 h1:IqN4L+5b0mPNjdXIiZ90Ni4Bl5BRkDQywePLWemd9bc= go.opentelemetry.io/otel/trace v1.6.3/go.mod h1:GNJQusJlUgZl9/TQBPKU/Y/ty+0iVB5fjhKeJGZPGFs= +go.opentelemetry.io/otel/trace v1.7.0 h1:O37Iogk1lEkMRXewVtZ1BBTVn5JEp8GrJvP92bJqC6o= +go.opentelemetry.io/otel/trace v1.7.0/go.mod h1:fzLSB9nqR2eXzxPXb2JW9IKE+ScyXA48yyE4TNvoHqU= go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqeYNgFYFoEGnI= +go.opentelemetry.io/proto/otlp v0.15.0 h1:h0bKrvdrT/9sBwEJ6iWUqT/N/xPcS66bL4u3isneJ6w= +go.opentelemetry.io/proto/otlp v0.15.0/go.mod h1:H7XAot3MsfNsj7EXtrA2q5xSNQ10UqI405h3+duxN4U= go.uber.org/atomic v1.3.2/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE= go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE= go.uber.org/atomic v1.5.0/go.mod h1:sABNBOSYdrvTF6hTgEIbc7YasKWGhgEQZyfxyTvoXHQ= @@ -1888,17 +2001,24 @@ golang.org/x/crypto v0.0.0-20200510223506-06a226fb4e37/go.mod h1:LzIPMQfyMNhhGPh golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20200728195943-123391ffb6de/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20201002170205-7f63de1d35b0/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= +golang.org/x/crypto v0.0.0-20201112155050-0c6587e931a9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20201124201722-c8d3bf9c5392/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I= golang.org/x/crypto v0.0.0-20210220033148-5ea612d1eb83/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I= golang.org/x/crypto v0.0.0-20210322153248-0c34fe9e7dc2/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4= golang.org/x/crypto v0.0.0-20210506145944-38f3c27a63bf/go.mod h1:P+XmwS30IXTQdn5tA2iutPOUgjI07+tq3H3K9MVA1s8= golang.org/x/crypto v0.0.0-20210711020723-a769d52b0f97/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= +golang.org/x/crypto v0.0.0-20210817164053-32db794688a5/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= +golang.org/x/crypto v0.0.0-20210920023735-84f357641f63/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.0.0-20210921155107-089bfa567519 h1:7I4JAnoQBe7ZtJcBaYHi5UtiO8tQHbUSXxL+pnGRANg= golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= +golang.org/x/exp v0.0.0-20180321215751-8460e604b9de/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= +golang.org/x/exp v0.0.0-20180807140117-3d87b88a115f/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= +golang.org/x/exp v0.0.0-20190125153040-c74c464bbbf2/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= golang.org/x/exp v0.0.0-20190829153037-c13cbed26979/go.mod h1:86+5VVa7VpoJ4kLfm080zCjGlMRFzhUhsZKEZO7MGek= +golang.org/x/exp v0.0.0-20191002040644-a1355ae1e2c3/go.mod h1:NOZ3BPKG0ec/BKJQgnvsSFpcKLM5xXVWnvZS97DWHgE= golang.org/x/exp v0.0.0-20191030013958-a1ab85dbe136/go.mod h1:JXzH8nQsPlswgeRAPE3MuO9GYsAcnJvJ4vnMwN/5qkY= golang.org/x/exp v0.0.0-20191129062945-2f5052295587/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= @@ -1906,8 +2026,17 @@ golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u0 golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM= golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU= golang.org/x/exp v0.0.0-20200331195152-e8c3332aa8e5/go.mod h1:4M0jN8W1tt0AVLNr8HDosyJCDCDuyL9N9+3m7wDWgKw= +golang.org/x/image v0.0.0-20180708004352-c73c2afc3b81/go.mod h1:ux5Hcp/YLpHSI86hEcLt0YII63i6oz57MZXIpbrjZUs= golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js= golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= +golang.org/x/image v0.0.0-20190910094157-69e4b8554b2a/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= +golang.org/x/image v0.0.0-20200119044424-58c23975cae1/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= +golang.org/x/image v0.0.0-20200430140353-33d19683fad8/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= +golang.org/x/image v0.0.0-20200618115811-c13761719519/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= +golang.org/x/image v0.0.0-20201208152932-35266b937fa6/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= +golang.org/x/image v0.0.0-20210216034530-4410531fe030/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= +golang.org/x/image v0.0.0-20210607152325-775e3b0c77b9/go.mod h1:023OzeP/+EPmXeapQh35lcL3II3LrY8Ic+EFFKVhULM= +golang.org/x/image v0.0.0-20210628002857-a66eb6448b8d/go.mod h1:023OzeP/+EPmXeapQh35lcL3II3LrY8Ic+EFFKVhULM= golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU= golang.org/x/lint v0.0.0-20190301231843-5614ed5bae6f/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= @@ -1932,6 +2061,7 @@ golang.org/x/mod v0.4.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.5.0/go.mod h1:5OXOZSfqPIIbmVBIIKWRFfZjPR0E5r58TLhUjH0a2Ro= +golang.org/x/mod v0.5.1/go.mod h1:5OXOZSfqPIIbmVBIIKWRFfZjPR0E5r58TLhUjH0a2Ro= golang.org/x/mod v0.6.0-dev.0.20211013180041-c96bc1413d57 h1:LQmS1nU0twXLA96Kt7U9qtHJEbBk3z6Q0V4UXjZkpr4= golang.org/x/mod v0.6.0-dev.0.20211013180041-c96bc1413d57/go.mod h1:3p9vT2HGsQu2K1YbXdKPJLVgG5VJdoTa1poYQBtP1AY= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -1976,6 +2106,7 @@ golang.org/x/net v0.0.0-20200421231249-e086a090c8fd/go.mod h1:qpuaurCH72eLCgpAm/ golang.org/x/net v0.0.0-20200501053045-e0ff5e5a1de5/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= golang.org/x/net v0.0.0-20200506145744-7e3656a0809f/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= golang.org/x/net v0.0.0-20200513185701-a91f0712d120/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= +golang.org/x/net v0.0.0-20200520004742-59133d7f0dd7/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= golang.org/x/net v0.0.0-20200520182314-0ba52f642ac2/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= golang.org/x/net v0.0.0-20200602114024-627f9648deb9/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= golang.org/x/net v0.0.0-20200625001655-4c5254603344/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= @@ -1995,12 +2126,14 @@ golang.org/x/net v0.0.0-20210316092652-d523dce5a7f4/go.mod h1:RBQZq4jEuRlivfhVLd golang.org/x/net v0.0.0-20210323141857-08027d57d8cf/go.mod h1:RBQZq4jEuRlivfhVLdyRGr576XBO4/greRjx4P4O3yc= golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM= golang.org/x/net v0.0.0-20210410081132-afb366fc7cd1/go.mod h1:9tjilg8BloeKEkVJvy7fQ90B1CfIiPueXVOjqfkSzI8= +golang.org/x/net v0.0.0-20210428140749-89ef3d95e781/go.mod h1:OJAsFXCWl8Ukc7SiCT/9KSuxbyM7479/AVlXFRxuMCk= golang.org/x/net v0.0.0-20210503060351-7fd8e65b6420/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20210510120150-4163338589ed/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20210614182718-04defd469f4e/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20210805182204-aaa1db679c0d/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20210813160813-60bc85c4be6d/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= +golang.org/x/net v0.0.0-20210917221730-978cfadd31cf/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20211015210444-4f30a5c0130f/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20211020060615-d418f374d309 h1:A0lJIi+hcTR6aajJH4YqKWwohY4aW9RO7oRMcdv+HKI= golang.org/x/net v0.0.0-20211020060615-d418f374d309/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= @@ -2026,6 +2159,7 @@ golang.org/x/oauth2 v0.0.0-20210628180205-a41e5a781914/go.mod h1:KelEdhl1UZF7XfJ golang.org/x/oauth2 v0.0.0-20210805134026-6f1e6394065a/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20210810183815-faf39c7919d5/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20210819190943-2bc19b11175f/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= +golang.org/x/oauth2 v0.0.0-20211005180243-6b3c2da341f1/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20211104180415-d3ed0bb246c8 h1:RerP+noqYHUQ8CMRcPlC2nvTa4dcBIjegkuWdcUDuqg= golang.org/x/oauth2 v0.0.0-20211104180415-d3ed0bb246c8/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -2070,11 +2204,13 @@ golang.org/x/time v0.0.0-20210220033141-f8bda1e9f3ba/go.mod h1:tRJNPiyCQ0inRvYxb golang.org/x/time v0.0.0-20211116232009-f0f3c7e86c11 h1:GZokNIeuVkl3aZHJchRrr13WCsols02MLUcz1U9is6M= golang.org/x/time v0.0.0-20211116232009-f0f3c7e86c11/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/tools v0.0.0-20180221164845-07fd8470d635/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= +golang.org/x/tools v0.0.0-20180525024113-a5b4c53f6e8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20180828015842-6cd1fcedba52/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20181030221726-6c7e314b6563/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190125232054-d66bd3c5d5a6/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= +golang.org/x/tools v0.0.0-20190206041539-40960b6deb8e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY= golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= golang.org/x/tools v0.0.0-20190312151545-0bb0c0a6e846/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= @@ -2100,6 +2236,7 @@ golang.org/x/tools v0.0.0-20190816200558-6889da9d5479/go.mod h1:b+2E5dAYhXwXZwtn golang.org/x/tools v0.0.0-20190823170909-c4a336ef6a2f/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20190907020128-2ca718005c18/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20190911174233-4f2ddba30aff/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= +golang.org/x/tools v0.0.0-20190927191325-030b2cf1153e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191010075000-0337d82405ff/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191012152004-8de300cfc20a/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191029041327-9cc4af7d6b2c/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= @@ -2127,6 +2264,7 @@ golang.org/x/tools v0.0.0-20200312045724-11d5b4c81c7d/go.mod h1:o4KQGtdN14AW+yjs golang.org/x/tools v0.0.0-20200331025713-a30bf2db82d4/go.mod h1:Sl4aGygMT6LrqrWclx+PTx3U+LnKx/seiNR+3G19Ar8= golang.org/x/tools v0.0.0-20200426102838-f3a5411a4c3b/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20200501065659-ab2804fb9c9d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= +golang.org/x/tools v0.0.0-20200509030707-2212a7e161a5/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20200512131952-2bc93b1c0c88/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20200515010526-7d3b6ebf133d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20200522201501-cb1345f3a375/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= @@ -2142,6 +2280,7 @@ golang.org/x/tools v0.0.0-20201110124207-079ba7bd75cd/go.mod h1:emZCQorbCU4vsT4f golang.org/x/tools v0.0.0-20201125231158-b5590deeca9b/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.0.0-20201201161351-ac6f37ff4c2a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.0.0-20201208233053-a543418bbed2/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= +golang.org/x/tools v0.0.0-20201224043029-2b0845dc783e/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.0.0-20210105154028-b0ab187a4818/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0= @@ -2159,6 +2298,13 @@ golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8T golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 h1:go1bK/D/BFZV2I8cIQd1NKEZ+0owSTG1fDTci4IqFcE= golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +gonum.org/v1/gonum v0.0.0-20180816165407-929014505bf4/go.mod h1:Y+Yx5eoAFn32cQvJDxZx5Dpnq+c3wtXuadVZAcxbbBo= +gonum.org/v1/gonum v0.8.2/go.mod h1:oe/vMfY3deqTw+1EZJhuvEW2iwGF1bW9wwu7XCu0+v0= +gonum.org/v1/gonum v0.9.3/go.mod h1:TZumC3NeyVQskjXqmyWt4S3bINhy7B4eYwW69EbyX+0= +gonum.org/v1/netlib v0.0.0-20190313105609-8cb42192e0e0/go.mod h1:wa6Ws7BG/ESfp6dHfk7C6KdzKA7wR7u/rKwOGE66zvw= +gonum.org/v1/plot v0.0.0-20190515093506-e2840ee46a6b/go.mod h1:Wt8AAjI+ypCyYX3nZBvf6cAIx93T+c/OS2HFAYskSZc= +gonum.org/v1/plot v0.9.0/go.mod h1:3Pcqqmp6RHvJI72kgb8fThyUnav364FOsdDo2aGW5lY= +gonum.org/v1/plot v0.10.0/go.mod h1:JWIHJ7U20drSQb/aDpTetJzfC1KlAPldJLpkSy88dvQ= google.golang.org/api v0.0.0-20160322025152-9bf6e6e569ff/go.mod h1:4mhQ8q/RsB7i+udVvVy5NUi08OU8ZlA0gRVgrF7VFY0= google.golang.org/api v0.3.1/go.mod h1:6wY9I6uQWHQ8EM57III9mq/AjF+i8G65rmVagqKMtkk= google.golang.org/api v0.4.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE= @@ -2195,7 +2341,9 @@ google.golang.org/api v0.54.0/go.mod h1:7C4bFFOvVDGXjfDTAsgGwDgAxRDeQ4X8NvUedIt6 google.golang.org/api v0.55.0/go.mod h1:38yMfeP1kfjsl8isn0tliTjIb1rJXcQi4UXlbqivdVE= google.golang.org/api v0.56.0/go.mod h1:38yMfeP1kfjsl8isn0tliTjIb1rJXcQi4UXlbqivdVE= google.golang.org/api v0.57.0/go.mod h1:dVPlbZyBo2/OjBpmvNdpn2GRm6rPy75jyU7bmhdrMgI= +google.golang.org/api v0.59.0/go.mod h1:sT2boj7M9YJxZzgeZqXogmhfmRWDtPzT31xkieUbuZU= google.golang.org/api v0.61.0/go.mod h1:xQRti5UdCmoCEqFxcz93fTl338AVqDgyaDRuOZ3hg9I= +google.golang.org/api v0.62.0/go.mod h1:dKmwPCydfsad4qCH08MSdgWjfHOyfpd4VtDGgRFdavw= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.2.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.3.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= @@ -2278,8 +2426,12 @@ google.golang.org/genproto v0.0.0-20210831024726-fe130286e0e2/go.mod h1:eFjDcFEc google.golang.org/genproto v0.0.0-20210903162649-d08c68adba83/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY= google.golang.org/genproto v0.0.0-20210909211513-a8c4777a87af/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY= google.golang.org/genproto v0.0.0-20210924002016-3dee208752a0/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= +google.golang.org/genproto v0.0.0-20211008145708-270636b82663/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= google.golang.org/genproto v0.0.0-20211020151524-b7c3a969101a/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= +google.golang.org/genproto v0.0.0-20211028162531-8db9c33dc351/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= google.golang.org/genproto v0.0.0-20211118181313-81c1377c94b1/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= +google.golang.org/genproto v0.0.0-20211129164237-f09f9a12af12/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= +google.golang.org/genproto v0.0.0-20211203200212-54befc351ae9/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= google.golang.org/genproto v0.0.0-20211206160659-862468c7d6e0/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= google.golang.org/genproto v0.0.0-20211208223120-3a66f561d7aa h1:I0YcKz0I7OAhddo7ya8kMnvprhcWM045PmkBdMO9zN0= google.golang.org/genproto v0.0.0-20211208223120-3a66f561d7aa/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= @@ -2319,6 +2471,8 @@ google.golang.org/grpc v1.38.0/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQ google.golang.org/grpc v1.39.0/go.mod h1:PImNr+rS9TWYb2O4/emRugxiyHZ5JyHW5F+RPnDzfrE= google.golang.org/grpc v1.39.1/go.mod h1:PImNr+rS9TWYb2O4/emRugxiyHZ5JyHW5F+RPnDzfrE= google.golang.org/grpc v1.40.0/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9KAK34= +google.golang.org/grpc v1.40.1/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9KAK34= +google.golang.org/grpc v1.41.0/go.mod h1:U3l9uK9J0sini8mHphKoXyaqDA/8VyGnDee1zzIUK6k= google.golang.org/grpc v1.42.0/go.mod h1:k+4IHHFw41K8+bbowsex27ge2rCb65oeWqe4jJ590SU= google.golang.org/grpc v1.45.0 h1:NEpgUqV3Z+ZjkqMsxMg11IaDrXY4RY6CQukSGK0uI1M= google.golang.org/grpc v1.45.0/go.mod h1:lN7owxKUQEqMfSyQikvvk5tf/6zMPsrK+ONuO11+0rQ= @@ -2341,6 +2495,7 @@ google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQ google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= google.golang.org/protobuf v1.28.0 h1:w43yiav+6bVFTBQFZX0r7ipe9JQ1QsbMgHwbBziscLw= google.golang.org/protobuf v1.28.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= +gopkg.in/DataDog/dd-trace-go.v1 v1.27.1-0.20201005154917-54b73b3e126a/go.mod h1:Sp1lku8WJMvNV0kjDI4Ni/T7J/U3BO5ct5kEaoVU8+I= gopkg.in/airbrake/gobrake.v2 v2.0.9/go.mod h1:/h5ZAUhDkGaJfjzjKLSjv6zCL6O0LLBxU4K+aSYdM/U= gopkg.in/alecthomas/kingpin.v2 v2.2.6 h1:jMFz6MfLP0/4fUyZle81rXUoxOBFi19VUFKVDOQfozc= gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw= @@ -2420,6 +2575,7 @@ honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= honnef.co/go/tools v0.1.4/go.mod h1:NgwopIslSNH47DimFoV78dnkksY2EFtX0ajyb3K/las= +howett.net/plist v0.0.0-20181124034731-591f970eefbb/go.mod h1:vMygbs4qMhSZSc4lCUl2OEE+rDiIIJAIdR4m7MiMcm0= k8s.io/api v0.20.1/go.mod h1:KqwcCVogGxQY3nBlRpwt+wpAMF/KjaCc7RpywacvqUo= k8s.io/api v0.20.4/go.mod h1:++lNL1AJMkDymriNniQsWRkMDzRaX2Y/POTUi8yvqYQ= k8s.io/api v0.20.6/go.mod h1:X9e8Qag6JV/bL5G6bU8sdVRltWKmdHsFUGS3eVndqE8= @@ -2450,6 +2606,7 @@ mvdan.cc/sh/v3 v3.3.0-0.dev.0.20210224101809-fb5052e7a010 h1:0xJA1YM0Ppa63jEfcdP mvdan.cc/sh/v3 v3.3.0-0.dev.0.20210224101809-fb5052e7a010/go.mod h1:fPQmabBpREM/XQ9YXSU5ZFZ/Sm+PmKP9/vkFHgYKJEI= pack.ag/amqp v0.11.2/go.mod h1:4/cbmt4EJXSKlG6LCfWHoqmN0uFdy5i/+YFz+fTfhV4= rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= +rsc.io/pdf v0.1.1/go.mod h1:n8OzWcQ6Sp37PL01nO98y4iUCRdTGarVfzxY20ICaU4= rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0= rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA= sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.14/go.mod h1:LEScyzhFmoF5pso/YSeBstl57mOzx9xlU9n85RGrDQg= diff --git a/persistence/sql/persister_hmac_test.go b/persistence/sql/persister_hmac_test.go index 31ee89725b3d..7f345d1237f9 100644 --- a/persistence/sql/persister_hmac_test.go +++ b/persistence/sql/persister_hmac_test.go @@ -49,7 +49,7 @@ func (l *logRegistryOnly) Audit() *logrusx.Logger { } func (l *logRegistryOnly) Tracer(ctx context.Context) *otelx.Tracer { - return nil + return otelx.NewNoop(l.l, new(otelx.Config)) } var _ persisterDependencies = &logRegistryOnly{} From d5550b5ddc4e1677e4c4f808578f573760c6581e Mon Sep 17 00:00:00 2001 From: aeneasr <3372410+aeneasr@users.noreply.github.com> Date: Thu, 12 May 2022 20:00:15 +0200 Subject: [PATCH 038/411] fix: resolve index naming issues --- ...20512102703000000_missing_indices.down.sql | 79 ++++++------- ...02703000000_missing_indices.mysql.down.sql | 78 ++++++------- ...2102703000000_missing_indices.mysql.up.sql | 110 +++++++++--------- ...2102703000000_missing_indices.up.mysql.sql | 70 ----------- ...0220512102703000000_missing_indices.up.sql | 70 +++++++++++ 5 files changed, 200 insertions(+), 207 deletions(-) delete mode 100644 persistence/sql/migrations/sql/20220512102703000000_missing_indices.up.mysql.sql create mode 100644 persistence/sql/migrations/sql/20220512102703000000_missing_indices.up.sql diff --git a/persistence/sql/migrations/sql/20220512102703000000_missing_indices.down.sql b/persistence/sql/migrations/sql/20220512102703000000_missing_indices.down.sql index b004605865e9..dd728cfd6555 100644 --- a/persistence/sql/migrations/sql/20220512102703000000_missing_indices.down.sql +++ b/persistence/sql/migrations/sql/20220512102703000000_missing_indices.down.sql @@ -1,40 +1,41 @@ -DROP INDEX `sessions_identity_id_nid_idx`; -DROP INDEX `identities_id_nid_idx`; -DROP INDEX `identities_nid_id_idx`; -DROP INDEX `continuity_containers_nid_id_idx`; -DROP INDEX `continuity_containers_id_nid_idx`; -DROP INDEX `courier_message_nid_id_idx`; -DROP INDEX `courier_message_id_nid_idx`; -DROP INDEX `courier_message_nid_id_idx`; -DROP INDEX `courier_message_id_nid_idx`; -DROP INDEX `identity_credential_identifiers_nid_id_idx`; -DROP INDEX `identity_credential_identifiers_id_nid_idx`; -DROP INDEX `identity_credentials_nid_id_idx`; -DROP INDEX `identity_credentials_id_nid_idx`; -DROP INDEX `identity_recovery_addresses_nid_id_idx`; -DROP INDEX `identity_recovery_addresses_id_nid_idx`; -DROP INDEX `identity_recovery_tokens_nid_id_idx`; -DROP INDEX `identity_recovery_tokens_id_nid_idx`; -DROP INDEX `identity_recovery_tokens_selfservice_recovery_flow_id_idx`; -DROP INDEX `identity_recovery_tokens_identity_recovery_address_id_idx`; -DROP INDEX `identity_verification_tokens_nid_id_idx`; -DROP INDEX `identity_verification_tokens_id_nid_idx`; -DROP INDEX `identity_verification_tokens_token_nid_used_idx`; -DROP INDEX `identity_recovery_addresses_nid_id_idx`; -DROP INDEX `identity_recovery_addresses_id_nid_idx`; -DROP INDEX `selfservice_login_flows_nid_id_idx`; -DROP INDEX `selfservice_login_flows_id_nid_idx`; -DROP INDEX `selfservice_recovery_flows_nid_id_idx`; -DROP INDEX `selfservice_recovery_flows_id_nid_idx`; -DROP INDEX `selfservice_registration_flows_nid_id_idx`; -DROP INDEX `selfservice_registration_flows_id_nid_idx`; -DROP INDEX `selfservice_settings_flows_nid_id_idx`; -DROP INDEX `selfservice_settings_flows_id_nid_idx`; -DROP INDEX `selfservice_verification_flows_nid_id_idx`; -DROP INDEX `selfservice_verification_flows_id_nid_idx`; -DROP INDEX `sessions_nid_id_identity_id_idx`; -DROP INDEX `sessions_id_nid_idx`; -DROP INDEX `sessions_token_nid_idx`; +CREATE INDEX sessions_nid_idx ON sessions (id, nid); +CREATE INDEX sessions_token_idx ON sessions (token); +CREATE INDEX sessions_logout_token_idx ON sessions (logout_token); + +DROP INDEX sessions_identity_id_nid_idx; +DROP INDEX sessions_nid_id_identity_id_idx; +DROP INDEX sessions_id_nid_idx; +DROP INDEX sessions_token_nid_idx; + +DROP INDEX identities_id_nid_idx; +DROP INDEX identities_nid_id_idx; +DROP INDEX continuity_containers_nid_id_idx; +DROP INDEX continuity_containers_id_nid_idx; +DROP INDEX courier_messages_nid_id_idx; +DROP INDEX courier_messages_id_nid_idx; +DROP INDEX identity_credential_identifiers_nid_id_idx; +DROP INDEX identity_credential_identifiers_id_nid_idx; +DROP INDEX identity_credentials_nid_id_idx; +DROP INDEX identity_credentials_id_nid_idx; +DROP INDEX identity_recovery_addresses_nid_id_idx; +DROP INDEX identity_recovery_addresses_id_nid_idx; +DROP INDEX identity_recovery_tokens_nid_id_idx; +DROP INDEX identity_recovery_tokens_id_nid_idx; +DROP INDEX identity_recovery_tokens_selfservice_recovery_flow_id_idx; +DROP INDEX identity_recovery_tokens_identity_recovery_address_id_idx; +DROP INDEX identity_verification_tokens_nid_id_idx; +DROP INDEX identity_verification_tokens_id_nid_idx; +DROP INDEX identity_verification_tokens_token_nid_used_idx; +DROP INDEX selfservice_login_flows_nid_id_idx; +DROP INDEX selfservice_login_flows_id_nid_idx; +DROP INDEX selfservice_recovery_flows_nid_id_idx; +DROP INDEX selfservice_recovery_flows_id_nid_idx; +DROP INDEX selfservice_registration_flows_nid_id_idx; +DROP INDEX selfservice_registration_flows_id_nid_idx; +DROP INDEX selfservice_settings_flows_nid_id_idx; +DROP INDEX selfservice_settings_flows_id_nid_idx; +DROP INDEX selfservice_verification_flows_nid_id_idx; +DROP INDEX selfservice_verification_flows_id_nid_idx; CREATE INDEX identities_nid_idx ON identities (id, nid); @@ -61,7 +62,3 @@ CREATE INDEX selfservice_recovery_flows_nid_idx ON selfservice_recovery_flows (i CREATE INDEX selfservice_registration_flows_nid_idx ON selfservice_registration_flows (id,nid); CREATE INDEX selfservice_settings_flows_nid_idx ON selfservice_settings_flows (id,nid); CREATE INDEX selfservice_verification_flows_nid_idx ON selfservice_verification_flows (id,nid); - -CREATE INDEX sessions_nid_idx ON sessions (id, nid); -CREATE INDEX sessions_token_idx ON sessions (token); -CREATE INDEX sessions_logout_token_idx ON sessions (logout_token); diff --git a/persistence/sql/migrations/sql/20220512102703000000_missing_indices.mysql.down.sql b/persistence/sql/migrations/sql/20220512102703000000_missing_indices.mysql.down.sql index 4f29a180e35a..30847728b259 100644 --- a/persistence/sql/migrations/sql/20220512102703000000_missing_indices.mysql.down.sql +++ b/persistence/sql/migrations/sql/20220512102703000000_missing_indices.mysql.down.sql @@ -1,40 +1,40 @@ -DROP INDEX `sessions_identity_id_nid_idx` ON sessions; -DROP INDEX `identities_id_nid_idx` ON identities; -DROP INDEX `identities_nid_id_idx` ON identities; -DROP INDEX `continuity_containers_nid_id_idx` ON continuity_containers; -DROP INDEX `continuity_containers_id_nid_idx` ON continuity_containers; -DROP INDEX `courier_message_nid_id_idx` ON courier_message; -DROP INDEX `courier_message_id_nid_idx` ON courier_message; -DROP INDEX `courier_message_nid_id_idx` ON courier_message; -DROP INDEX `courier_message_id_nid_idx` ON courier_message; -DROP INDEX `identity_credential_identifiers_nid_id_idx` ON identity_credential_identifiers; -DROP INDEX `identity_credential_identifiers_id_nid_idx` ON identity_credential_identifiers; -DROP INDEX `identity_credentials_nid_id_idx`ON identity_credentials; -DROP INDEX `identity_credentials_id_nid_idx`ON identity_credentials; -DROP INDEX `identity_recovery_addresses_nid_id_idx` ON identity_recovery_addresses; -DROP INDEX `identity_recovery_addresses_id_nid_idx` ON identity_recovery_addresses; -DROP INDEX `identity_recovery_tokens_nid_id_idx` ON identity_recovery_tokens; -DROP INDEX `identity_recovery_tokens_id_nid_idx` ON identity_recovery_tokens; -DROP INDEX `identity_recovery_tokens_selfservice_recovery_flow_id_idx` ON identity_recovery_tokens; -DROP INDEX `identity_recovery_tokens_identity_recovery_address_id_idx` ON identity_recovery_tokens; -DROP INDEX `identity_verification_tokens_nid_id_idx` ON identity_verification_tokens; -DROP INDEX `identity_verification_tokens_id_nid_idx` ON identity_verification_tokens; -DROP INDEX `identity_verification_tokens_token_nid_used_idx` ON identity_verification_tokens; -DROP INDEX `identity_recovery_addresses_nid_id_idx` ON identity_recovery_addresses; -DROP INDEX `identity_recovery_addresses_id_nid_idx` ON identity_recovery_addresses; -DROP INDEX `selfservice_login_flows_nid_id_idx` ON selfservice_login_flows; -DROP INDEX `selfservice_login_flows_id_nid_idx` ON selfservice_login_flows; -DROP INDEX `selfservice_recovery_flows_nid_id_idx` ON selfservice_recovery_flows; -DROP INDEX `selfservice_recovery_flows_id_nid_idx` ON selfservice_recovery_flows; -DROP INDEX `selfservice_registration_flows_nid_id_idx` ON selfservice_registration_flows; -DROP INDEX `selfservice_registration_flows_id_nid_idx` ON selfservice_registration_flows; -DROP INDEX `selfservice_settings_flows_nid_id_idx` ON selfservice_settings_flows; -DROP INDEX `selfservice_settings_flows_id_nid_idx` ON selfservice_settings_flows; -DROP INDEX `selfservice_verification_flows_nid_id_idx` ON selfservice_verification_flows; -DROP INDEX `selfservice_verification_flows_id_nid_idx` ON selfservice_verification_flows; -DROP INDEX `sessions_nid_id_identity_id_idx` ON sessions; -DROP INDEX `sessions_id_nid_idx` ON sessions; -DROP INDEX `sessions_token_nid_idx` ON sessions; +CREATE INDEX sessions_nid_idx ON sessions (id, nid); +CREATE INDEX sessions_token_idx ON sessions (token); +CREATE INDEX sessions_logout_token_idx ON sessions (logout_token); +DROP INDEX sessions_nid_id_identity_id_idx ON sessions; +DROP INDEX sessions_id_nid_idx ON sessions; +DROP INDEX sessions_token_nid_idx ON sessions; + +DROP INDEX sessions_identity_id_nid_idx ON sessions; +DROP INDEX identities_id_nid_idx ON identities; +DROP INDEX identities_nid_id_idx ON identities; +DROP INDEX continuity_containers_nid_id_idx ON continuity_containers; +DROP INDEX continuity_containers_id_nid_idx ON continuity_containers; +DROP INDEX courier_messages_nid_id_idx ON courier_message; +DROP INDEX courier_messages_id_nid_idx ON courier_message; +DROP INDEX identity_credential_identifiers_nid_id_idx ON identity_credential_identifiers; +DROP INDEX identity_credential_identifiers_id_nid_idx ON identity_credential_identifiers; +DROP INDEX identity_credentials_nid_id_idx ON identity_credentials; +DROP INDEX identity_credentials_id_nid_idx ON identity_credentials; +DROP INDEX identity_recovery_addresses_nid_id_idx ON identity_recovery_addresses; +DROP INDEX identity_recovery_addresses_id_nid_idx ON identity_recovery_addresses; +DROP INDEX identity_recovery_tokens_nid_id_idx ON identity_recovery_tokens; +DROP INDEX identity_recovery_tokens_id_nid_idx ON identity_recovery_tokens; +DROP INDEX identity_recovery_tokens_selfservice_recovery_flow_id_idx ON identity_recovery_tokens; +DROP INDEX identity_recovery_tokens_identity_recovery_address_id_idx ON identity_recovery_tokens; +DROP INDEX identity_verification_tokens_nid_id_idx ON identity_verification_tokens; +DROP INDEX identity_verification_tokens_id_nid_idx ON identity_verification_tokens; +DROP INDEX identity_verification_tokens_token_nid_used_idx ON identity_verification_tokens; +DROP INDEX selfservice_login_flows_nid_id_idx ON selfservice_login_flows; +DROP INDEX selfservice_login_flows_id_nid_idx ON selfservice_login_flows; +DROP INDEX selfservice_recovery_flows_nid_id_idx ON selfservice_recovery_flows; +DROP INDEX selfservice_recovery_flows_id_nid_idx ON selfservice_recovery_flows; +DROP INDEX selfservice_registration_flows_nid_id_idx ON selfservice_registration_flows; +DROP INDEX selfservice_registration_flows_id_nid_idx ON selfservice_registration_flows; +DROP INDEX selfservice_settings_flows_nid_id_idx ON selfservice_settings_flows; +DROP INDEX selfservice_settings_flows_id_nid_idx ON selfservice_settings_flows; +DROP INDEX selfservice_verification_flows_nid_id_idx ON selfservice_verification_flows; +DROP INDEX selfservice_verification_flows_id_nid_idx ON selfservice_verification_flows; CREATE INDEX identities_nid_idx ON identities (id, nid); @@ -61,7 +61,3 @@ CREATE INDEX selfservice_recovery_flows_nid_idx ON selfservice_recovery_flows (i CREATE INDEX selfservice_registration_flows_nid_idx ON selfservice_registration_flows (id,nid); CREATE INDEX selfservice_settings_flows_nid_idx ON selfservice_settings_flows (id,nid); CREATE INDEX selfservice_verification_flows_nid_idx ON selfservice_verification_flows (id,nid); - -CREATE INDEX sessions_nid_idx ON sessions (id, nid); -CREATE INDEX sessions_token_idx ON sessions (token); -CREATE INDEX sessions_logout_token_idx ON sessions (logout_token); diff --git a/persistence/sql/migrations/sql/20220512102703000000_missing_indices.mysql.up.sql b/persistence/sql/migrations/sql/20220512102703000000_missing_indices.mysql.up.sql index 9e6a75d1f8f4..46270d3d2465 100644 --- a/persistence/sql/migrations/sql/20220512102703000000_missing_indices.mysql.up.sql +++ b/persistence/sql/migrations/sql/20220512102703000000_missing_indices.mysql.up.sql @@ -1,70 +1,70 @@ -CREATE INDEX `sessions_identity_id_nid_idx` ON `sessions` (identity_id, nid); +CREATE INDEX sessions_identity_id_nid_idx ON sessions (identity_id, nid); -DROP INDEX `identities_nid_idx`; -CREATE INDEX `identities_id_nid_idx` ON `identities` (id, nid); -CREATE INDEX `identities_nid_id_idx` ON `identities` (nid, id); +DROP INDEX identities_nid_idx ON identities; +CREATE INDEX identities_id_nid_idx ON identities (id, nid); +CREATE INDEX identities_nid_id_idx ON identities (nid, id); -DROP INDEX `continuity_containers_nid_idx`; -CREATE INDEX `continuity_containers_nid_id_idx` ON `continuity_containers` (nid, id); -CREATE INDEX `continuity_containers_id_nid_idx` ON `continuity_containers` (id, nid); +DROP INDEX continuity_containers_nid_idx ON continuity_containers; +CREATE INDEX continuity_containers_nid_id_idx ON continuity_containers (nid, id); +CREATE INDEX continuity_containers_id_nid_idx ON continuity_containers (id, nid); -DROP INDEX `courier_message_nid_idx`; -CREATE INDEX `courier_message_nid_id_idx` ON `courier_message` (nid, id); -CREATE INDEX `courier_message_id_nid_idx` ON `courier_message` (id, nid); +DROP INDEX courier_messages_nid_idx ON courier_messages; +CREATE INDEX courier_messages_nid_id_idx ON courier_messages (nid, id); +CREATE INDEX courier_messages_id_nid_idx ON courier_messages (id, nid); -DROP INDEX `identity_credential_identifiers_nid_idx`; -CREATE INDEX `identity_credential_identifiers_nid_id_idx` ON `identity_credential_identifiers` (nid, id); -CREATE INDEX `identity_credential_identifiers_id_nid_idx` ON `identity_credential_identifiers` (id, nid); +DROP INDEX identity_credential_identifiers_nid_idx ON identity_credential_identifiers; +CREATE INDEX identity_credential_identifiers_nid_id_idx ON identity_credential_identifiers (nid, id); +CREATE INDEX identity_credential_identifiers_id_nid_idx ON identity_credential_identifiers (id, nid); -DROP INDEX `identity_credentials_nid_idx`; -CREATE INDEX `identity_credentials_nid_id_idx` ON `identity_credentials` (nid, id); -CREATE INDEX `identity_credentials_id_nid_idx` ON `identity_credentials` (id, nid); +DROP INDEX identity_credentials_nid_idx ON identity_credentials; +CREATE INDEX identity_credentials_nid_id_idx ON identity_credentials (nid, id); +CREATE INDEX identity_credentials_id_nid_idx ON identity_credentials (id, nid); -DROP INDEX `identity_recovery_addresses_nid_idx`; -CREATE INDEX `identity_recovery_addresses_nid_id_idx` ON `identity_recovery_addresses` (nid, id); -CREATE INDEX `identity_recovery_addresses_id_nid_idx` ON `identity_recovery_addresses` (id, nid); +DROP INDEX identity_recovery_addresses_nid_idx ON identity_recovery_addresses; +CREATE INDEX identity_recovery_addresses_nid_id_idx ON identity_recovery_addresses (nid, id); +CREATE INDEX identity_recovery_addresses_id_nid_idx ON identity_recovery_addresses (id, nid); -DROP INDEX `identity_recovery_tokens_nid_idx`; -CREATE INDEX `identity_recovery_tokens_nid_id_idx` ON `identity_recovery_tokens` (nid, id); -CREATE INDEX `identity_recovery_tokens_id_nid_idx` ON `identity_recovery_tokens` (id, nid); -CREATE INDEX `identity_recovery_tokens_selfservice_recovery_flow_id_idx` ON `identity_recovery_tokens` (selfservice_recovery_flow_id); -CREATE INDEX `identity_recovery_tokens_identity_recovery_address_id_idx` ON `identity_recovery_tokens` (identity_recovery_address_id); -CREATE INDEX `identity_recovery_tokens_token_nid_used_idx` ON `identity_recovery_tokens` (nid, token, used); -DROP INDEX `identity_recovery_addresses_code_idx`; +DROP INDEX identity_recovery_tokens_nid_idx ON identity_recovery_tokens; +DROP INDEX identity_recovery_addresses_code_idx ON identity_recovery_tokens; +CREATE INDEX identity_recovery_tokens_nid_id_idx ON identity_recovery_tokens (nid, id); +CREATE INDEX identity_recovery_tokens_id_nid_idx ON identity_recovery_tokens (id, nid); +CREATE INDEX identity_recovery_tokens_selfservice_recovery_flow_id_idx ON identity_recovery_tokens (selfservice_recovery_flow_id); +CREATE INDEX identity_recovery_tokens_identity_recovery_address_id_idx ON identity_recovery_tokens (identity_recovery_address_id); +CREATE INDEX identity_recovery_tokens_token_nid_used_idx ON identity_recovery_tokens (nid, token, used); -DROP INDEX `identity_verifiable_addresses_nid_idx`; -CREATE INDEX `identity_verifiable_addresses_nid_id_idx` ON `identity_verifiable_addresses` (nid, id); -CREATE INDEX `identity_verifiable_addresses_id_nid_idx` ON `identity_verifiable_addresses` (id, nid); +DROP INDEX identity_verifiable_addresses_nid_idx ON identity_verifiable_addresses; +CREATE INDEX identity_verifiable_addresses_nid_id_idx ON identity_verifiable_addresses (nid, id); +CREATE INDEX identity_verifiable_addresses_id_nid_idx ON identity_verifiable_addresses (id, nid); -DROP INDEX `identity_verification_tokens_nid_idx`; -DROP INDEX `identity_verification_tokens_token_idx`; -CREATE INDEX `identity_verification_tokens_nid_id_idx` ON `identity_verification_tokens` (nid, id); -CREATE INDEX `identity_verification_tokens_id_nid_idx` ON `identity_verification_tokens` (id, nid); -CREATE INDEX `identity_verification_tokens_token_nid_used_idx` ON `identity_verification_tokens` (nid, token, used); +DROP INDEX identity_verification_tokens_nid_idx ON identity_verification_tokens; +DROP INDEX identity_verification_tokens_token_idx ON identity_verification_tokens; +CREATE INDEX identity_verification_tokens_nid_id_idx ON identity_verification_tokens (nid, id); +CREATE INDEX identity_verification_tokens_id_nid_idx ON identity_verification_tokens (id, nid); +CREATE INDEX identity_verification_tokens_token_nid_used_idx ON identity_verification_tokens (nid, token, used); -DROP INDEX `selfservice_login_flows_nid_idx`; -CREATE INDEX `selfservice_login_flows_nid_id_idx` ON `selfservice_login_flows` (nid, id); -CREATE INDEX `selfservice_login_flows_id_nid_idx` ON `selfservice_login_flows` (id, nid); +DROP INDEX selfservice_login_flows_nid_idx ON selfservice_login_flows; +CREATE INDEX selfservice_login_flows_nid_id_idx ON selfservice_login_flows (nid, id); +CREATE INDEX selfservice_login_flows_id_nid_idx ON selfservice_login_flows (id, nid); -DROP INDEX `selfservice_recovery_flows_nid_idx`; -CREATE INDEX `selfservice_recovery_flows_nid_id_idx` ON `selfservice_recovery_flows` (nid, id); -CREATE INDEX `selfservice_recovery_flows_id_nid_idx` ON `selfservice_recovery_flows` (id, nid); +DROP INDEX selfservice_recovery_flows_nid_idx ON selfservice_recovery_flows; +CREATE INDEX selfservice_recovery_flows_nid_id_idx ON selfservice_recovery_flows (nid, id); +CREATE INDEX selfservice_recovery_flows_id_nid_idx ON selfservice_recovery_flows (id, nid); -DROP INDEX `selfservice_registration_flows_nid_idx`; -CREATE INDEX `selfservice_registration_flows_nid_id_idx` ON `selfservice_registration_flows` (nid, id); -CREATE INDEX `selfservice_registration_flows_id_nid_idx` ON `selfservice_registration_flows` (id, nid); +DROP INDEX selfservice_registration_flows_nid_idx ON selfservice_registration_flows; +CREATE INDEX selfservice_registration_flows_nid_id_idx ON selfservice_registration_flows (nid, id); +CREATE INDEX selfservice_registration_flows_id_nid_idx ON selfservice_registration_flows (id, nid); -DROP INDEX `selfservice_settings_flows_nid_idx`; -CREATE INDEX `selfservice_settings_flows_nid_id_idx` ON `selfservice_settings_flows` (nid, id); -CREATE INDEX `selfservice_settings_flows_id_nid_idx` ON `selfservice_settings_flows` (id, nid); +DROP INDEX selfservice_settings_flows_nid_idx ON selfservice_settings_flows; +CREATE INDEX selfservice_settings_flows_nid_id_idx ON selfservice_settings_flows (nid, id); +CREATE INDEX selfservice_settings_flows_id_nid_idx ON selfservice_settings_flows (id, nid); -DROP INDEX `selfservice_verification_flows_nid_idx`; -CREATE INDEX `selfservice_verification_flows_nid_id_idx` ON `selfservice_verification_flows` (nid, id); -CREATE INDEX `selfservice_verification_flows_id_nid_idx` ON `selfservice_verification_flows` (id, nid); +DROP INDEX selfservice_verification_flows_nid_idx ON selfservice_verification_flows; +CREATE INDEX selfservice_verification_flows_nid_id_idx ON selfservice_verification_flows (nid, id); +CREATE INDEX selfservice_verification_flows_id_nid_idx ON selfservice_verification_flows (id, nid); -DROP INDEX `sessions_nid_idx`; -DROP INDEX sessions_token_idx; -DROP INDEX sessions_logout_token_idx; -CREATE INDEX `sessions_nid_id_identity_id_idx` ON `sessions` (nid, identity_id, id); -CREATE INDEX `sessions_id_nid_idx` ON `sessions` (id, nid); -CREATE INDEX `sessions_token_nid_idx` ON `sessions` (nid, token); +DROP INDEX sessions_nid_idx ON sessions; +DROP INDEX sessions_token_idx ON sessions; +DROP INDEX sessions_logout_token_idx ON sessions; +CREATE INDEX sessions_nid_id_identity_id_idx ON sessions (nid, identity_id, id); +CREATE INDEX sessions_id_nid_idx ON sessions (id, nid); +CREATE INDEX sessions_token_nid_idx ON sessions (nid, token); diff --git a/persistence/sql/migrations/sql/20220512102703000000_missing_indices.up.mysql.sql b/persistence/sql/migrations/sql/20220512102703000000_missing_indices.up.mysql.sql deleted file mode 100644 index 488aee9e63c8..000000000000 --- a/persistence/sql/migrations/sql/20220512102703000000_missing_indices.up.mysql.sql +++ /dev/null @@ -1,70 +0,0 @@ -CREATE INDEX `sessions_identity_id_nid_idx` ON `sessions` (identity_id, nid); - -DROP INDEX `identities_nid_idx` ON `identities`; -CREATE INDEX `identities_id_nid_idx` ON `identities` (id, nid); -CREATE INDEX `identities_nid_id_idx` ON `identities` (nid, id); - -DROP INDEX `continuity_containers_nid_idx` ON `continuity_containers`; -CREATE INDEX `continuity_containers_nid_id_idx` ON `continuity_containers` (nid, id); -CREATE INDEX `continuity_containers_id_nid_idx` ON `continuity_containers` (id, nid); - -DROP INDEX `courier_message_nid_idx` ON `courier_message`; -CREATE INDEX `courier_message_nid_id_idx` ON `courier_message` (nid, id); -CREATE INDEX `courier_message_id_nid_idx` ON `courier_message` (id, nid); - -DROP INDEX `identity_credential_identifiers_nid_idx` ON `identity_credential_identifiers`; -CREATE INDEX `identity_credential_identifiers_nid_id_idx` ON `identity_credential_identifiers` (nid, id); -CREATE INDEX `identity_credential_identifiers_id_nid_idx` ON `identity_credential_identifiers` (id, nid); - -DROP INDEX `identity_credentials_nid_idx` ON `identity_credentials`; -CREATE INDEX `identity_credentials_nid_id_idx` ON `identity_credentials` (nid, id); -CREATE INDEX `identity_credentials_id_nid_idx` ON `identity_credentials` (id, nid); - -DROP INDEX `identity_recovery_addresses_nid_idx` ON `identity_recovery_addresses`; -CREATE INDEX `identity_recovery_addresses_nid_id_idx` ON `identity_recovery_addresses` (nid, id); -CREATE INDEX `identity_recovery_addresses_id_nid_idx` ON `identity_recovery_addresses` (id, nid); - -DROP INDEX `identity_recovery_tokens_nid_idx` ON `identity_recovery_tokens`; -DROP INDEX `identity_recovery_addresses_code_idx` ON `identity_recovery_tokens`; -CREATE INDEX `identity_recovery_tokens_nid_id_idx` ON `identity_recovery_tokens` (nid, id); -CREATE INDEX `identity_recovery_tokens_id_nid_idx` ON `identity_recovery_tokens` (id, nid); -CREATE INDEX `identity_recovery_tokens_selfservice_recovery_flow_id_idx` ON `identity_recovery_tokens` (selfservice_recovery_flow_id); -CREATE INDEX `identity_recovery_tokens_identity_recovery_address_id_idx` ON `identity_recovery_tokens` (identity_recovery_address_id); -CREATE INDEX `identity_recovery_tokens_token_nid_used_idx` ON `identity_recovery_tokens` (nid, token, used); - -DROP INDEX `identity_verifiable_addresses_nid_idx` ON `identity_verifiable_addresses`; -CREATE INDEX `identity_verifiable_addresses_nid_id_idx` ON `identity_verifiable_addresses` (nid, id); -CREATE INDEX `identity_verifiable_addresses_id_nid_idx` ON `identity_verifiable_addresses` (id, nid); - -DROP INDEX `identity_verification_tokens_nid_idx` ON `identity_verification_tokens`; -DROP INDEX `identity_verification_tokens_token_idx` ON `identity_verification_tokens`; -CREATE INDEX `identity_verification_tokens_nid_id_idx` ON `identity_verification_tokens` (nid, id); -CREATE INDEX `identity_verification_tokens_id_nid_idx` ON `identity_verification_tokens` (id, nid); -CREATE INDEX `identity_verification_tokens_token_nid_used_idx` ON `identity_verification_tokens` (nid, token, used); - -DROP INDEX `selfservice_login_flows_nid_idx` ON `selfservice_login_flows`; -CREATE INDEX `selfservice_login_flows_nid_id_idx` ON `selfservice_login_flows` (nid, id); -CREATE INDEX `selfservice_login_flows_id_nid_idx` ON `selfservice_login_flows` (id, nid); - -DROP INDEX `selfservice_recovery_flows_nid_idx` ON `selfservice_recovery_flows`; -CREATE INDEX `selfservice_recovery_flows_nid_id_idx` ON `selfservice_recovery_flows` (nid, id); -CREATE INDEX `selfservice_recovery_flows_id_nid_idx` ON `selfservice_recovery_flows` (id, nid); - -DROP INDEX `selfservice_registration_flows_nid_idx` ON `selfservice_registration_flows`; -CREATE INDEX `selfservice_registration_flows_nid_id_idx` ON `selfservice_registration_flows` (nid, id); -CREATE INDEX `selfservice_registration_flows_id_nid_idx` ON `selfservice_registration_flows` (id, nid); - -DROP INDEX `selfservice_settings_flows_nid_idx` ON `selfservice_settings_flows`; -CREATE INDEX `selfservice_settings_flows_nid_id_idx` ON `selfservice_settings_flows` (nid, id); -CREATE INDEX `selfservice_settings_flows_id_nid_idx` ON `selfservice_settings_flows` (id, nid); - -DROP INDEX `selfservice_verification_flows_nid_idx` ON `selfservice_verification_flows`; -CREATE INDEX `selfservice_verification_flows_nid_id_idx` ON `selfservice_verification_flows` (nid, id); -CREATE INDEX `selfservice_verification_flows_id_nid_idx` ON `selfservice_verification_flows` (id, nid); - -DROP INDEX `sessions_nid_idx` ON `sessions`; -DROP INDEX sessions_token_idx ON `sessions`; -DROP INDEX sessions_logout_token_idx ON `sessions`; -CREATE INDEX `sessions_nid_id_identity_id_idx` ON `sessions` (nid, identity_id, id); -CREATE INDEX `sessions_id_nid_idx` ON `sessions` (id, nid); -CREATE INDEX `sessions_token_nid_idx` ON `sessions` (nid, token); diff --git a/persistence/sql/migrations/sql/20220512102703000000_missing_indices.up.sql b/persistence/sql/migrations/sql/20220512102703000000_missing_indices.up.sql new file mode 100644 index 000000000000..550699f068a0 --- /dev/null +++ b/persistence/sql/migrations/sql/20220512102703000000_missing_indices.up.sql @@ -0,0 +1,70 @@ +CREATE INDEX sessions_identity_id_nid_idx ON sessions (identity_id, nid); + +DROP INDEX identities_nid_idx; +CREATE INDEX identities_id_nid_idx ON identities (id, nid); +CREATE INDEX identities_nid_id_idx ON identities (nid, id); + +DROP INDEX continuity_containers_nid_idx; +CREATE INDEX continuity_containers_nid_id_idx ON continuity_containers (nid, id); +CREATE INDEX continuity_containers_id_nid_idx ON continuity_containers (id, nid); + +DROP INDEX courier_messages_nid_idx; +CREATE INDEX courier_messages_nid_id_idx ON courier_messages (nid, id); +CREATE INDEX courier_messages_id_nid_idx ON courier_messages (id, nid); + +DROP INDEX identity_credential_identifiers_nid_idx; +CREATE INDEX identity_credential_identifiers_nid_id_idx ON identity_credential_identifiers (nid, id); +CREATE INDEX identity_credential_identifiers_id_nid_idx ON identity_credential_identifiers (id, nid); + +DROP INDEX identity_credentials_nid_idx; +CREATE INDEX identity_credentials_nid_id_idx ON identity_credentials (nid, id); +CREATE INDEX identity_credentials_id_nid_idx ON identity_credentials (id, nid); + +DROP INDEX identity_recovery_addresses_nid_idx; +CREATE INDEX identity_recovery_addresses_nid_id_idx ON identity_recovery_addresses (nid, id); +CREATE INDEX identity_recovery_addresses_id_nid_idx ON identity_recovery_addresses (id, nid); + +DROP INDEX identity_recovery_tokens_nid_idx; +CREATE INDEX identity_recovery_tokens_nid_id_idx ON identity_recovery_tokens (nid, id); +CREATE INDEX identity_recovery_tokens_id_nid_idx ON identity_recovery_tokens (id, nid); +CREATE INDEX identity_recovery_tokens_selfservice_recovery_flow_id_idx ON identity_recovery_tokens (selfservice_recovery_flow_id); +CREATE INDEX identity_recovery_tokens_identity_recovery_address_id_idx ON identity_recovery_tokens (identity_recovery_address_id); +CREATE INDEX identity_recovery_tokens_token_nid_used_idx ON identity_recovery_tokens (nid, token, used); +DROP INDEX identity_recovery_addresses_code_idx; + +DROP INDEX identity_verifiable_addresses_nid_idx; +CREATE INDEX identity_verifiable_addresses_nid_id_idx ON identity_verifiable_addresses (nid, id); +CREATE INDEX identity_verifiable_addresses_id_nid_idx ON identity_verifiable_addresses (id, nid); + +DROP INDEX identity_verification_tokens_nid_idx; +DROP INDEX identity_verification_tokens_token_idx; +CREATE INDEX identity_verification_tokens_nid_id_idx ON identity_verification_tokens (nid, id); +CREATE INDEX identity_verification_tokens_id_nid_idx ON identity_verification_tokens (id, nid); +CREATE INDEX identity_verification_tokens_token_nid_used_idx ON identity_verification_tokens (nid, token, used); + +DROP INDEX selfservice_login_flows_nid_idx; +CREATE INDEX selfservice_login_flows_nid_id_idx ON selfservice_login_flows (nid, id); +CREATE INDEX selfservice_login_flows_id_nid_idx ON selfservice_login_flows (id, nid); + +DROP INDEX selfservice_recovery_flows_nid_idx; +CREATE INDEX selfservice_recovery_flows_nid_id_idx ON selfservice_recovery_flows (nid, id); +CREATE INDEX selfservice_recovery_flows_id_nid_idx ON selfservice_recovery_flows (id, nid); + +DROP INDEX selfservice_registration_flows_nid_idx; +CREATE INDEX selfservice_registration_flows_nid_id_idx ON selfservice_registration_flows (nid, id); +CREATE INDEX selfservice_registration_flows_id_nid_idx ON selfservice_registration_flows (id, nid); + +DROP INDEX selfservice_settings_flows_nid_idx; +CREATE INDEX selfservice_settings_flows_nid_id_idx ON selfservice_settings_flows (nid, id); +CREATE INDEX selfservice_settings_flows_id_nid_idx ON selfservice_settings_flows (id, nid); + +DROP INDEX selfservice_verification_flows_nid_idx; +CREATE INDEX selfservice_verification_flows_nid_id_idx ON selfservice_verification_flows (nid, id); +CREATE INDEX selfservice_verification_flows_id_nid_idx ON selfservice_verification_flows (id, nid); + +DROP INDEX sessions_nid_idx; +DROP INDEX sessions_token_idx; +DROP INDEX sessions_logout_token_idx; +CREATE INDEX sessions_nid_id_identity_id_idx ON sessions (nid, identity_id, id); +CREATE INDEX sessions_id_nid_idx ON sessions (id, nid); +CREATE INDEX sessions_token_nid_idx ON sessions (nid, token); From 10badccf0052d5249c47503343494392ec5a5310 Mon Sep 17 00:00:00 2001 From: aeneasr <3372410+aeneasr@users.noreply.github.com> Date: Thu, 12 May 2022 22:36:04 +0200 Subject: [PATCH 039/411] chore: resolve lint and formatting issues --- cmd/remote/status.go | 4 ++++ cmd/remote/version.go | 3 +++ persistence/sql/persister.go | 2 +- persistence/sql/persister_errorx.go | 2 +- persistence/sql/persister_hmac.go | 2 +- 5 files changed, 10 insertions(+), 3 deletions(-) diff --git a/cmd/remote/status.go b/cmd/remote/status.go index 73fb402ac3f6..0674dd51fc59 100644 --- a/cmd/remote/status.go +++ b/cmd/remote/status.go @@ -41,6 +41,10 @@ var statusCmd = &cobra.Command{ Args: cobra.NoArgs, RunE: func(cmd *cobra.Command, args []string) error { c, err := cliclient.NewClient(cmd) + if err != nil { + return err + } + state := &statusState{} defer cmdx.PrintRow(cmd, state) diff --git a/cmd/remote/version.go b/cmd/remote/version.go index ba5115ceeec5..b8de4856eb85 100644 --- a/cmd/remote/version.go +++ b/cmd/remote/version.go @@ -29,6 +29,9 @@ var versionCmd = &cobra.Command{ Args: cobra.NoArgs, RunE: func(cmd *cobra.Command, args []string) error { c, err := cliclient.NewClient(cmd) + if err != nil { + return err + } resp, _, err := c.MetadataApi.GetVersion(cmd.Context()).Execute() if err != nil { diff --git a/persistence/sql/persister.go b/persistence/sql/persister.go index 55801ec3b216..8cfc5607f57f 100644 --- a/persistence/sql/persister.go +++ b/persistence/sql/persister.go @@ -87,7 +87,7 @@ func (p *Persister) Connection(ctx context.Context) *pop.Connection { func (p *Persister) MigrationStatus(ctx context.Context) (popx.MigrationStatuses, error) { ctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, "persistence.sql.MigrationStatus") defer span.End() - + if p.mbs != nil { return p.mbs, nil } diff --git a/persistence/sql/persister_errorx.go b/persistence/sql/persister_errorx.go index 58438c0f628a..8b3e6d866c5b 100644 --- a/persistence/sql/persister_errorx.go +++ b/persistence/sql/persister_errorx.go @@ -87,7 +87,7 @@ func (p *Persister) Clear(ctx context.Context, olderThan time.Duration, force bo } func (p *Persister) encodeSelfServiceErrors(ctx context.Context, e error) (*bytes.Buffer, error) { - ctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, "persistence.sql.encodeSelfServiceErrors") + _, span := p.r.Tracer(ctx).Tracer().Start(ctx, "persistence.sql.encodeSelfServiceErrors") defer span.End() if e == nil { diff --git a/persistence/sql/persister_hmac.go b/persistence/sql/persister_hmac.go index c2c01a9b34c7..bab8257af759 100644 --- a/persistence/sql/persister_hmac.go +++ b/persistence/sql/persister_hmac.go @@ -13,7 +13,7 @@ func (p *Persister) hmacValue(ctx context.Context, value string) string { } func (p *Persister) hmacValueWithSecret(ctx context.Context, value string, secret []byte) string { - ctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, "persistence.sql.hmacValueWithSecret") + _, span := p.r.Tracer(ctx).Tracer().Start(ctx, "persistence.sql.hmacValueWithSecret") defer span.End() h := hmac.New(sha512.New512_256, secret) _, _ = h.Write([]byte(value)) From 78ca4c6ca5a49b0800d9c34954638a926d80078b Mon Sep 17 00:00:00 2001 From: aeneasr <3372410+aeneasr@users.noreply.github.com> Date: Thu, 12 May 2022 23:02:17 +0200 Subject: [PATCH 040/411] fix: reorder transactions --- ...20512102703000000_missing_indices.down.sql | 52 +++++++++--------- ...02703000000_missing_indices.mysql.down.sql | 53 ++++++++++--------- 2 files changed, 53 insertions(+), 52 deletions(-) diff --git a/persistence/sql/migrations/sql/20220512102703000000_missing_indices.down.sql b/persistence/sql/migrations/sql/20220512102703000000_missing_indices.down.sql index dd728cfd6555..3c2c6de47769 100644 --- a/persistence/sql/migrations/sql/20220512102703000000_missing_indices.down.sql +++ b/persistence/sql/migrations/sql/20220512102703000000_missing_indices.down.sql @@ -2,6 +2,32 @@ CREATE INDEX sessions_nid_idx ON sessions (id, nid); CREATE INDEX sessions_token_idx ON sessions (token); CREATE INDEX sessions_logout_token_idx ON sessions (logout_token); +CREATE INDEX identities_nid_idx ON identities (id, nid); + +CREATE INDEX continuity_containers_nid_idx ON continuity_containers (id, nid); + +CREATE INDEX courier_messages_nid_idx ON courier_messages (id, nid); + +CREATE INDEX identity_credential_identifiers_nid_idx ON identity_credential_identifiers (id, nid); + +CREATE INDEX identity_credentials_nid_idx ON identity_credentials (id, nid); + +CREATE INDEX identity_recovery_addresses_nid_idx ON identity_recovery_addresses (id, nid); + +CREATE INDEX identity_recovery_tokens_nid_idx ON identity_recovery_tokens (id, nid); +CREATE INDEX identity_recovery_addresses_code_idx ON identity_recovery_tokens (token); + +CREATE INDEX identity_verifiable_addresses_nid_idx ON identity_verifiable_addresses (id, nid); + +CREATE INDEX identity_verification_tokens_nid_idx ON identity_verification_tokens (id, nid); +CREATE INDEX identity_verification_tokens_token_idx ON identity_verification_tokens (token); + +CREATE INDEX selfservice_login_flows_nid_idx ON selfservice_login_flows (id,nid); +CREATE INDEX selfservice_recovery_flows_nid_idx ON selfservice_recovery_flows (id,nid); +CREATE INDEX selfservice_registration_flows_nid_idx ON selfservice_registration_flows (id,nid); +CREATE INDEX selfservice_settings_flows_nid_idx ON selfservice_settings_flows (id,nid); +CREATE INDEX selfservice_verification_flows_nid_idx ON selfservice_verification_flows (id,nid); + DROP INDEX sessions_identity_id_nid_idx; DROP INDEX sessions_nid_id_identity_id_idx; DROP INDEX sessions_id_nid_idx; @@ -36,29 +62,3 @@ DROP INDEX selfservice_settings_flows_nid_id_idx; DROP INDEX selfservice_settings_flows_id_nid_idx; DROP INDEX selfservice_verification_flows_nid_id_idx; DROP INDEX selfservice_verification_flows_id_nid_idx; - -CREATE INDEX identities_nid_idx ON identities (id, nid); - -CREATE INDEX continuity_containers_nid_idx ON continuity_containers (id, nid); - -CREATE INDEX courier_messages_nid_idx ON courier_messages (id, nid); - -CREATE INDEX identity_credential_identifiers_nid_idx ON identity_credential_identifiers (id, nid); - -CREATE INDEX identity_credentials_nid_idx ON identity_credentials (id, nid); - -CREATE INDEX identity_recovery_addresses_nid_idx ON identity_recovery_addresses (id, nid); - -CREATE INDEX identity_recovery_tokens_nid_idx ON identity_recovery_tokens (id, nid); -CREATE INDEX identity_recovery_addresses_code_idx ON identity_recovery_tokens (token); - -CREATE INDEX identity_verifiable_addresses_nid_idx ON identity_verifiable_addresses (id, nid); - -CREATE INDEX identity_verification_tokens_nid_idx ON identity_verification_tokens (id, nid); -CREATE INDEX identity_verification_tokens_token_idx ON identity_verification_tokens (token); - -CREATE INDEX selfservice_login_flows_nid_idx ON selfservice_login_flows (id,nid); -CREATE INDEX selfservice_recovery_flows_nid_idx ON selfservice_recovery_flows (id,nid); -CREATE INDEX selfservice_registration_flows_nid_idx ON selfservice_registration_flows (id,nid); -CREATE INDEX selfservice_settings_flows_nid_idx ON selfservice_settings_flows (id,nid); -CREATE INDEX selfservice_verification_flows_nid_idx ON selfservice_verification_flows (id,nid); diff --git a/persistence/sql/migrations/sql/20220512102703000000_missing_indices.mysql.down.sql b/persistence/sql/migrations/sql/20220512102703000000_missing_indices.mysql.down.sql index 30847728b259..37aeb43b1b03 100644 --- a/persistence/sql/migrations/sql/20220512102703000000_missing_indices.mysql.down.sql +++ b/persistence/sql/migrations/sql/20220512102703000000_missing_indices.mysql.down.sql @@ -1,6 +1,33 @@ CREATE INDEX sessions_nid_idx ON sessions (id, nid); CREATE INDEX sessions_token_idx ON sessions (token); CREATE INDEX sessions_logout_token_idx ON sessions (logout_token); + +CREATE INDEX identities_nid_idx ON identities (id, nid); + +CREATE INDEX continuity_containers_nid_idx ON continuity_containers (id, nid); + +CREATE INDEX courier_messages_nid_idx ON courier_messages (id, nid); + +CREATE INDEX identity_credential_identifiers_nid_idx ON identity_credential_identifiers (id, nid); + +CREATE INDEX identity_credentials_nid_idx ON identity_credentials (id, nid); + +CREATE INDEX identity_recovery_addresses_nid_idx ON identity_recovery_addresses (id, nid); + +CREATE INDEX identity_recovery_tokens_nid_idx ON identity_recovery_tokens (id, nid); +CREATE INDEX identity_recovery_addresses_code_idx ON identity_recovery_tokens (token); + +CREATE INDEX identity_verifiable_addresses_nid_idx ON identity_verifiable_addresses (id, nid); + +CREATE INDEX identity_verification_tokens_nid_idx ON identity_verification_tokens (id, nid); +CREATE INDEX identity_verification_tokens_token_idx ON identity_verification_tokens (token); + +CREATE INDEX selfservice_login_flows_nid_idx ON selfservice_login_flows (id,nid); +CREATE INDEX selfservice_recovery_flows_nid_idx ON selfservice_recovery_flows (id,nid); +CREATE INDEX selfservice_registration_flows_nid_idx ON selfservice_registration_flows (id,nid); +CREATE INDEX selfservice_settings_flows_nid_idx ON selfservice_settings_flows (id,nid); +CREATE INDEX selfservice_verification_flows_nid_idx ON selfservice_verification_flows (id,nid); + DROP INDEX sessions_nid_id_identity_id_idx ON sessions; DROP INDEX sessions_id_nid_idx ON sessions; DROP INDEX sessions_token_nid_idx ON sessions; @@ -35,29 +62,3 @@ DROP INDEX selfservice_settings_flows_nid_id_idx ON selfservice_settings_flows; DROP INDEX selfservice_settings_flows_id_nid_idx ON selfservice_settings_flows; DROP INDEX selfservice_verification_flows_nid_id_idx ON selfservice_verification_flows; DROP INDEX selfservice_verification_flows_id_nid_idx ON selfservice_verification_flows; - -CREATE INDEX identities_nid_idx ON identities (id, nid); - -CREATE INDEX continuity_containers_nid_idx ON continuity_containers (id, nid); - -CREATE INDEX courier_messages_nid_idx ON courier_messages (id, nid); - -CREATE INDEX identity_credential_identifiers_nid_idx ON identity_credential_identifiers (id, nid); - -CREATE INDEX identity_credentials_nid_idx ON identity_credentials (id, nid); - -CREATE INDEX identity_recovery_addresses_nid_idx ON identity_recovery_addresses (id, nid); - -CREATE INDEX identity_recovery_tokens_nid_idx ON identity_recovery_tokens (id, nid); -CREATE INDEX identity_recovery_addresses_code_idx ON identity_recovery_tokens (token); - -CREATE INDEX identity_verifiable_addresses_nid_idx ON identity_verifiable_addresses (id, nid); - -CREATE INDEX identity_verification_tokens_nid_idx ON identity_verification_tokens (id, nid); -CREATE INDEX identity_verification_tokens_token_idx ON identity_verification_tokens (token); - -CREATE INDEX selfservice_login_flows_nid_idx ON selfservice_login_flows (id,nid); -CREATE INDEX selfservice_recovery_flows_nid_idx ON selfservice_recovery_flows (id,nid); -CREATE INDEX selfservice_registration_flows_nid_idx ON selfservice_registration_flows (id,nid); -CREATE INDEX selfservice_settings_flows_nid_idx ON selfservice_settings_flows (id,nid); -CREATE INDEX selfservice_verification_flows_nid_idx ON selfservice_verification_flows (id,nid); From 50bdba9f1117c60e80e153416bc997187b4a60b7 Mon Sep 17 00:00:00 2001 From: aeneasr <3372410+aeneasr@users.noreply.github.com> Date: Thu, 12 May 2022 23:32:08 +0200 Subject: [PATCH 041/411] fix: resolve MySQL index issues --- ...02703000000_missing_indices.mysql.down.sql | 40 +++++++++++++++---- ...2102703000000_missing_indices.mysql.up.sql | 38 +++++++++--------- ...0220512102703000000_missing_indices.up.sql | 37 ++++++++--------- 3 files changed, 71 insertions(+), 44 deletions(-) diff --git a/persistence/sql/migrations/sql/20220512102703000000_missing_indices.mysql.down.sql b/persistence/sql/migrations/sql/20220512102703000000_missing_indices.mysql.down.sql index 37aeb43b1b03..a869c0d90a34 100644 --- a/persistence/sql/migrations/sql/20220512102703000000_missing_indices.mysql.down.sql +++ b/persistence/sql/migrations/sql/20220512102703000000_missing_indices.mysql.down.sql @@ -1,32 +1,58 @@ +-- This file has a couple more indexes added which MySQL needs for its FK constraints. Other +-- databases generate those indices automatically. CREATE INDEX sessions_nid_idx ON sessions (id, nid); +CREATE INDEX sessions_nid_mysqlfk_idx ON sessions (nid); + CREATE INDEX sessions_token_idx ON sessions (token); +CREATE INDEX sessions_mysql_identity_id_idx ON sessions (identity_id); CREATE INDEX sessions_logout_token_idx ON sessions (logout_token); CREATE INDEX identities_nid_idx ON identities (id, nid); +CREATE INDEX identities_nid_mysqlfk_idx ON identities (nid); CREATE INDEX continuity_containers_nid_idx ON continuity_containers (id, nid); +CREATE INDEX continuity_containers_mysqlfk_idx ON continuity_containers (nid); CREATE INDEX courier_messages_nid_idx ON courier_messages (id, nid); +CREATE INDEX courier_messages_mysqlfk_idx ON courier_messages (nid); CREATE INDEX identity_credential_identifiers_nid_idx ON identity_credential_identifiers (id, nid); +CREATE INDEX identity_credential_identifiers_mysqlfk_idx ON identity_credential_identifiers (nid); CREATE INDEX identity_credentials_nid_idx ON identity_credentials (id, nid); +CREATE INDEX identity_credentials_mysqlfk_idx ON identity_credentials (nid); CREATE INDEX identity_recovery_addresses_nid_idx ON identity_recovery_addresses (id, nid); +CREATE INDEX identity_recovery_addresses_nid_mysqlfk_idx ON identity_recovery_addresses (nid); CREATE INDEX identity_recovery_tokens_nid_idx ON identity_recovery_tokens (id, nid); +CREATE INDEX identity_recovery_tokens_nid_mysqlfk_idx ON identity_recovery_tokens (nid); CREATE INDEX identity_recovery_addresses_code_idx ON identity_recovery_tokens (token); +CREATE INDEX identity_recovery_tokens_srf_id_mysqlfk_idx ON identity_recovery_tokens (selfservice_recovery_flow_id); +CREATE INDEX identity_recovery_tokens_ira_id_mysqlfk_idx ON identity_recovery_tokens (identity_recovery_address_id); CREATE INDEX identity_verifiable_addresses_nid_idx ON identity_verifiable_addresses (id, nid); +CREATE INDEX identity_verifiable_addresses_nid_mysqlfk_idx ON identity_verifiable_addresses (nid); CREATE INDEX identity_verification_tokens_nid_idx ON identity_verification_tokens (id, nid); +CREATE INDEX identity_verification_tokens_nid_mysqlfk_idx ON identity_verification_tokens (nid); CREATE INDEX identity_verification_tokens_token_idx ON identity_verification_tokens (token); -CREATE INDEX selfservice_login_flows_nid_idx ON selfservice_login_flows (id,nid); -CREATE INDEX selfservice_recovery_flows_nid_idx ON selfservice_recovery_flows (id,nid); -CREATE INDEX selfservice_registration_flows_nid_idx ON selfservice_registration_flows (id,nid); -CREATE INDEX selfservice_settings_flows_nid_idx ON selfservice_settings_flows (id,nid); -CREATE INDEX selfservice_verification_flows_nid_idx ON selfservice_verification_flows (id,nid); +CREATE INDEX selfservice_login_flows_nid_idx ON selfservice_login_flows (id, nid); +CREATE INDEX selfservice_login_flows_nid_mysqlfk_idx ON selfservice_login_flows (nid); + +CREATE INDEX selfservice_recovery_flows_nid_idx ON selfservice_recovery_flows (id, nid); +CREATE INDEX selfservice_recovery_flows_nid_mysqlfk_idx ON selfservice_recovery_flows (nid); + +CREATE INDEX selfservice_registration_flows_nid_idx ON selfservice_registration_flows (id, nid); +CREATE INDEX selfservice_registration_flows_nid_mysqlfk_idx ON selfservice_registration_flows (nid); + +CREATE INDEX selfservice_settings_flows_nid_idx ON selfservice_settings_flows (id, nid); +CREATE INDEX selfservice_settings_flows_nid_mysqlfk_idx ON selfservice_settings_flows (nid); + +CREATE INDEX selfservice_verification_flows_nid_idx ON selfservice_verification_flows (id, nid); +CREATE INDEX selfservice_verification_flows_nid_mysqlfk_idx ON selfservice_verification_flows (nid); + DROP INDEX sessions_nid_id_identity_id_idx ON sessions; DROP INDEX sessions_id_nid_idx ON sessions; @@ -37,8 +63,8 @@ DROP INDEX identities_id_nid_idx ON identities; DROP INDEX identities_nid_id_idx ON identities; DROP INDEX continuity_containers_nid_id_idx ON continuity_containers; DROP INDEX continuity_containers_id_nid_idx ON continuity_containers; -DROP INDEX courier_messages_nid_id_idx ON courier_message; -DROP INDEX courier_messages_id_nid_idx ON courier_message; +DROP INDEX courier_messages_nid_id_idx ON courier_messages; +DROP INDEX courier_messages_id_nid_idx ON courier_messages; DROP INDEX identity_credential_identifiers_nid_id_idx ON identity_credential_identifiers; DROP INDEX identity_credential_identifiers_id_nid_idx ON identity_credential_identifiers; DROP INDEX identity_credentials_nid_id_idx ON identity_credentials; diff --git a/persistence/sql/migrations/sql/20220512102703000000_missing_indices.mysql.up.sql b/persistence/sql/migrations/sql/20220512102703000000_missing_indices.mysql.up.sql index 46270d3d2465..3cd3befc42e9 100644 --- a/persistence/sql/migrations/sql/20220512102703000000_missing_indices.mysql.up.sql +++ b/persistence/sql/migrations/sql/20220512102703000000_missing_indices.mysql.up.sql @@ -1,70 +1,70 @@ CREATE INDEX sessions_identity_id_nid_idx ON sessions (identity_id, nid); -DROP INDEX identities_nid_idx ON identities; CREATE INDEX identities_id_nid_idx ON identities (id, nid); CREATE INDEX identities_nid_id_idx ON identities (nid, id); +DROP INDEX identities_nid_idx ON identities; -DROP INDEX continuity_containers_nid_idx ON continuity_containers; CREATE INDEX continuity_containers_nid_id_idx ON continuity_containers (nid, id); CREATE INDEX continuity_containers_id_nid_idx ON continuity_containers (id, nid); +DROP INDEX continuity_containers_nid_idx ON continuity_containers; -DROP INDEX courier_messages_nid_idx ON courier_messages; CREATE INDEX courier_messages_nid_id_idx ON courier_messages (nid, id); CREATE INDEX courier_messages_id_nid_idx ON courier_messages (id, nid); +DROP INDEX courier_messages_nid_idx ON courier_messages; -DROP INDEX identity_credential_identifiers_nid_idx ON identity_credential_identifiers; CREATE INDEX identity_credential_identifiers_nid_id_idx ON identity_credential_identifiers (nid, id); CREATE INDEX identity_credential_identifiers_id_nid_idx ON identity_credential_identifiers (id, nid); +DROP INDEX identity_credential_identifiers_nid_idx ON identity_credential_identifiers; -DROP INDEX identity_credentials_nid_idx ON identity_credentials; CREATE INDEX identity_credentials_nid_id_idx ON identity_credentials (nid, id); CREATE INDEX identity_credentials_id_nid_idx ON identity_credentials (id, nid); +DROP INDEX identity_credentials_nid_idx ON identity_credentials; -DROP INDEX identity_recovery_addresses_nid_idx ON identity_recovery_addresses; CREATE INDEX identity_recovery_addresses_nid_id_idx ON identity_recovery_addresses (nid, id); CREATE INDEX identity_recovery_addresses_id_nid_idx ON identity_recovery_addresses (id, nid); +DROP INDEX identity_recovery_addresses_nid_idx ON identity_recovery_addresses; -DROP INDEX identity_recovery_tokens_nid_idx ON identity_recovery_tokens; -DROP INDEX identity_recovery_addresses_code_idx ON identity_recovery_tokens; CREATE INDEX identity_recovery_tokens_nid_id_idx ON identity_recovery_tokens (nid, id); CREATE INDEX identity_recovery_tokens_id_nid_idx ON identity_recovery_tokens (id, nid); CREATE INDEX identity_recovery_tokens_selfservice_recovery_flow_id_idx ON identity_recovery_tokens (selfservice_recovery_flow_id); CREATE INDEX identity_recovery_tokens_identity_recovery_address_id_idx ON identity_recovery_tokens (identity_recovery_address_id); CREATE INDEX identity_recovery_tokens_token_nid_used_idx ON identity_recovery_tokens (nid, token, used); +DROP INDEX identity_recovery_tokens_nid_idx ON identity_recovery_tokens; +DROP INDEX identity_recovery_addresses_code_idx ON identity_recovery_tokens; -DROP INDEX identity_verifiable_addresses_nid_idx ON identity_verifiable_addresses; CREATE INDEX identity_verifiable_addresses_nid_id_idx ON identity_verifiable_addresses (nid, id); CREATE INDEX identity_verifiable_addresses_id_nid_idx ON identity_verifiable_addresses (id, nid); +DROP INDEX identity_verifiable_addresses_nid_idx ON identity_verifiable_addresses; -DROP INDEX identity_verification_tokens_nid_idx ON identity_verification_tokens; -DROP INDEX identity_verification_tokens_token_idx ON identity_verification_tokens; CREATE INDEX identity_verification_tokens_nid_id_idx ON identity_verification_tokens (nid, id); CREATE INDEX identity_verification_tokens_id_nid_idx ON identity_verification_tokens (id, nid); CREATE INDEX identity_verification_tokens_token_nid_used_idx ON identity_verification_tokens (nid, token, used); +DROP INDEX identity_verification_tokens_nid_idx ON identity_verification_tokens; +DROP INDEX identity_verification_tokens_token_idx ON identity_verification_tokens; -DROP INDEX selfservice_login_flows_nid_idx ON selfservice_login_flows; CREATE INDEX selfservice_login_flows_nid_id_idx ON selfservice_login_flows (nid, id); CREATE INDEX selfservice_login_flows_id_nid_idx ON selfservice_login_flows (id, nid); +DROP INDEX selfservice_login_flows_nid_idx ON selfservice_login_flows; -DROP INDEX selfservice_recovery_flows_nid_idx ON selfservice_recovery_flows; CREATE INDEX selfservice_recovery_flows_nid_id_idx ON selfservice_recovery_flows (nid, id); CREATE INDEX selfservice_recovery_flows_id_nid_idx ON selfservice_recovery_flows (id, nid); +DROP INDEX selfservice_recovery_flows_nid_idx ON selfservice_recovery_flows; -DROP INDEX selfservice_registration_flows_nid_idx ON selfservice_registration_flows; CREATE INDEX selfservice_registration_flows_nid_id_idx ON selfservice_registration_flows (nid, id); CREATE INDEX selfservice_registration_flows_id_nid_idx ON selfservice_registration_flows (id, nid); +DROP INDEX selfservice_registration_flows_nid_idx ON selfservice_registration_flows; -DROP INDEX selfservice_settings_flows_nid_idx ON selfservice_settings_flows; CREATE INDEX selfservice_settings_flows_nid_id_idx ON selfservice_settings_flows (nid, id); CREATE INDEX selfservice_settings_flows_id_nid_idx ON selfservice_settings_flows (id, nid); +DROP INDEX selfservice_settings_flows_nid_idx ON selfservice_settings_flows; -DROP INDEX selfservice_verification_flows_nid_idx ON selfservice_verification_flows; CREATE INDEX selfservice_verification_flows_nid_id_idx ON selfservice_verification_flows (nid, id); CREATE INDEX selfservice_verification_flows_id_nid_idx ON selfservice_verification_flows (id, nid); +DROP INDEX selfservice_verification_flows_nid_idx ON selfservice_verification_flows; -DROP INDEX sessions_nid_idx ON sessions; -DROP INDEX sessions_token_idx ON sessions; -DROP INDEX sessions_logout_token_idx ON sessions; CREATE INDEX sessions_nid_id_identity_id_idx ON sessions (nid, identity_id, id); CREATE INDEX sessions_id_nid_idx ON sessions (id, nid); CREATE INDEX sessions_token_nid_idx ON sessions (nid, token); +DROP INDEX sessions_nid_idx ON sessions; +DROP INDEX sessions_token_idx ON sessions; +DROP INDEX sessions_logout_token_idx ON sessions; diff --git a/persistence/sql/migrations/sql/20220512102703000000_missing_indices.up.sql b/persistence/sql/migrations/sql/20220512102703000000_missing_indices.up.sql index 550699f068a0..1c7268ce397b 100644 --- a/persistence/sql/migrations/sql/20220512102703000000_missing_indices.up.sql +++ b/persistence/sql/migrations/sql/20220512102703000000_missing_indices.up.sql @@ -1,70 +1,71 @@ CREATE INDEX sessions_identity_id_nid_idx ON sessions (identity_id, nid); -DROP INDEX identities_nid_idx; CREATE INDEX identities_id_nid_idx ON identities (id, nid); CREATE INDEX identities_nid_id_idx ON identities (nid, id); +DROP INDEX identities_nid_idx; -DROP INDEX continuity_containers_nid_idx; CREATE INDEX continuity_containers_nid_id_idx ON continuity_containers (nid, id); CREATE INDEX continuity_containers_id_nid_idx ON continuity_containers (id, nid); +DROP INDEX continuity_containers_nid_idx; -DROP INDEX courier_messages_nid_idx; CREATE INDEX courier_messages_nid_id_idx ON courier_messages (nid, id); CREATE INDEX courier_messages_id_nid_idx ON courier_messages (id, nid); +DROP INDEX courier_messages_nid_idx; -DROP INDEX identity_credential_identifiers_nid_idx; CREATE INDEX identity_credential_identifiers_nid_id_idx ON identity_credential_identifiers (nid, id); CREATE INDEX identity_credential_identifiers_id_nid_idx ON identity_credential_identifiers (id, nid); +DROP INDEX identity_credential_identifiers_nid_idx; -DROP INDEX identity_credentials_nid_idx; CREATE INDEX identity_credentials_nid_id_idx ON identity_credentials (nid, id); CREATE INDEX identity_credentials_id_nid_idx ON identity_credentials (id, nid); +DROP INDEX identity_credentials_nid_idx; -DROP INDEX identity_recovery_addresses_nid_idx; CREATE INDEX identity_recovery_addresses_nid_id_idx ON identity_recovery_addresses (nid, id); CREATE INDEX identity_recovery_addresses_id_nid_idx ON identity_recovery_addresses (id, nid); +DROP INDEX identity_recovery_addresses_nid_idx; -DROP INDEX identity_recovery_tokens_nid_idx; CREATE INDEX identity_recovery_tokens_nid_id_idx ON identity_recovery_tokens (nid, id); CREATE INDEX identity_recovery_tokens_id_nid_idx ON identity_recovery_tokens (id, nid); CREATE INDEX identity_recovery_tokens_selfservice_recovery_flow_id_idx ON identity_recovery_tokens (selfservice_recovery_flow_id); CREATE INDEX identity_recovery_tokens_identity_recovery_address_id_idx ON identity_recovery_tokens (identity_recovery_address_id); CREATE INDEX identity_recovery_tokens_token_nid_used_idx ON identity_recovery_tokens (nid, token, used); DROP INDEX identity_recovery_addresses_code_idx; +DROP INDEX identity_recovery_tokens_nid_idx; -DROP INDEX identity_verifiable_addresses_nid_idx; CREATE INDEX identity_verifiable_addresses_nid_id_idx ON identity_verifiable_addresses (nid, id); CREATE INDEX identity_verifiable_addresses_id_nid_idx ON identity_verifiable_addresses (id, nid); +DROP INDEX identity_verifiable_addresses_nid_idx; -DROP INDEX identity_verification_tokens_nid_idx; -DROP INDEX identity_verification_tokens_token_idx; CREATE INDEX identity_verification_tokens_nid_id_idx ON identity_verification_tokens (nid, id); CREATE INDEX identity_verification_tokens_id_nid_idx ON identity_verification_tokens (id, nid); CREATE INDEX identity_verification_tokens_token_nid_used_idx ON identity_verification_tokens (nid, token, used); +DROP INDEX identity_verification_tokens_nid_idx; +DROP INDEX identity_verification_tokens_token_idx; -DROP INDEX selfservice_login_flows_nid_idx; CREATE INDEX selfservice_login_flows_nid_id_idx ON selfservice_login_flows (nid, id); CREATE INDEX selfservice_login_flows_id_nid_idx ON selfservice_login_flows (id, nid); +DROP INDEX selfservice_login_flows_nid_idx; -DROP INDEX selfservice_recovery_flows_nid_idx; CREATE INDEX selfservice_recovery_flows_nid_id_idx ON selfservice_recovery_flows (nid, id); CREATE INDEX selfservice_recovery_flows_id_nid_idx ON selfservice_recovery_flows (id, nid); +DROP INDEX selfservice_recovery_flows_nid_idx; -DROP INDEX selfservice_registration_flows_nid_idx; CREATE INDEX selfservice_registration_flows_nid_id_idx ON selfservice_registration_flows (nid, id); CREATE INDEX selfservice_registration_flows_id_nid_idx ON selfservice_registration_flows (id, nid); +DROP INDEX selfservice_registration_flows_nid_idx; -DROP INDEX selfservice_settings_flows_nid_idx; CREATE INDEX selfservice_settings_flows_nid_id_idx ON selfservice_settings_flows (nid, id); CREATE INDEX selfservice_settings_flows_id_nid_idx ON selfservice_settings_flows (id, nid); +DROP INDEX selfservice_settings_flows_nid_idx; -DROP INDEX selfservice_verification_flows_nid_idx; CREATE INDEX selfservice_verification_flows_nid_id_idx ON selfservice_verification_flows (nid, id); CREATE INDEX selfservice_verification_flows_id_nid_idx ON selfservice_verification_flows (id, nid); +DROP INDEX selfservice_verification_flows_nid_idx; -DROP INDEX sessions_nid_idx; -DROP INDEX sessions_token_idx; -DROP INDEX sessions_logout_token_idx; CREATE INDEX sessions_nid_id_identity_id_idx ON sessions (nid, identity_id, id); CREATE INDEX sessions_id_nid_idx ON sessions (id, nid); CREATE INDEX sessions_token_nid_idx ON sessions (nid, token); + +DROP INDEX sessions_nid_idx; +DROP INDEX sessions_token_idx; +DROP INDEX sessions_logout_token_idx; From 5093cd47f22311c2e1fdbffd82f0494806076f08 Mon Sep 17 00:00:00 2001 From: Ole Petersen <56505957+peteole@users.noreply.github.com> Date: Fri, 13 May 2022 16:45:18 +0200 Subject: [PATCH 042/411] docs: add docs about change in default schema (#2447) --- embedx/config.schema.json | 1 + 1 file changed, 1 insertion(+) diff --git a/embedx/config.schema.json b/embedx/config.schema.json index ec7751da6328..9e72a15135a9 100644 --- a/embedx/config.schema.json +++ b/embedx/config.schema.json @@ -1895,6 +1895,7 @@ "schemas": { "type": "array", "title": "All JSON Schemas for Identity Traits", + "description": "Note that identities that used the \"default_schema_url\" field in older kratos versions will be corrupted unless you specify their schema url with the id \"default\" in this list.", "examples": [ [ { From 27336b63b0c11c1667d5a07230bed82283475aa4 Mon Sep 17 00:00:00 2001 From: Steffen Heidel Date: Fri, 13 May 2022 17:06:13 +0200 Subject: [PATCH 043/411] feat: add localName to smtp config (#2445) Closes #2425 --- courier/smtp.go | 10 ++++++---- driver/config/config.go | 6 ++++++ embedx/config.schema.json | 6 ++++++ 3 files changed, 18 insertions(+), 4 deletions(-) diff --git a/courier/smtp.go b/courier/smtp.go index 2c49e1c2edbf..7b0f0834a8ff 100644 --- a/courier/smtp.go +++ b/courier/smtp.go @@ -43,14 +43,16 @@ func newSMTP(ctx context.Context, deps Dependencies) *smtpClient { } } + localName := deps.CourierConfig(ctx).CourierSMTPLocalName() password, _ := uri.User.Password() port, _ := strconv.ParseInt(uri.Port(), 10, 0) dialer := &gomail.Dialer{ - Host: uri.Hostname(), - Port: int(port), - Username: uri.User.Username(), - Password: password, + Host: uri.Hostname(), + Port: int(port), + Username: uri.User.Username(), + Password: password, + LocalName: localName, Timeout: time.Second * 10, RetryFailure: true, diff --git a/driver/config/config.go b/driver/config/config.go index 538e991bd5c7..a795f5d71bf3 100644 --- a/driver/config/config.go +++ b/driver/config/config.go @@ -70,6 +70,7 @@ const ( ViperKeyCourierSMTPFrom = "courier.smtp.from_address" ViperKeyCourierSMTPFromName = "courier.smtp.from_name" ViperKeyCourierSMTPHeaders = "courier.smtp.headers" + ViperKeyCourierSMTPLocalName = "courier.smtp.local_name" ViperKeyCourierSMSRequestConfig = "courier.sms.request_config" ViperKeyCourierSMSEnabled = "courier.sms.enabled" ViperKeyCourierSMSFrom = "courier.sms.from" @@ -245,6 +246,7 @@ type ( CourierSMTPFrom() string CourierSMTPFromName() string CourierSMTPHeaders() map[string]string + CourierSMTPLocalName() string CourierSMSEnabled() bool CourierSMSFrom() string CourierSMSRequestConfig() json.RawMessage @@ -879,6 +881,10 @@ func (p *Config) CourierSMTPFromName() string { return p.p.StringF(ViperKeyCourierSMTPFromName, "") } +func (p *Config) CourierSMTPLocalName() string { + return p.p.StringF(ViperKeyCourierSMTPLocalName, "localhost") +} + func (p *Config) CourierTemplatesRoot() string { return p.p.StringF(ViperKeyCourierTemplatesPath, "courier/builtin/templates") } diff --git a/embedx/config.schema.json b/embedx/config.schema.json index 9e72a15135a9..bc10ad755b69 100644 --- a/embedx/config.schema.json +++ b/embedx/config.schema.json @@ -1539,6 +1539,12 @@ "X-SES-RETURN-PATH-ARN": "arn:aws:ses:us-west-2:123456789012:identity/example.com" } ] + }, + "local_name": { + "title": "SMTP HELO/EHLO name", + "description": "Identifier used in the SMTP HELO/EHLO command. Some SMTP relays require a unique identifier.", + "type": "string", + "default": "localhost" } }, "required": [ From 37a3369cea8ed5af34e8324a291a7d7dba0eb43a Mon Sep 17 00:00:00 2001 From: hackerman <3372410+aeneasr@users.noreply.github.com> Date: Fri, 13 May 2022 17:21:35 +0200 Subject: [PATCH 044/411] fix: openapi regression (#2465) Co-authored-by: Patrik --- internal/httpclient/api/openapi.yaml | 30 ------------------- spec/api.json | 35 ---------------------- spec/swagger.json | 45 ++++------------------------ ui/node/attributes.go | 30 +++++++++---------- ui/node/node.go | 20 ++++++------- 5 files changed, 30 insertions(+), 130 deletions(-) diff --git a/internal/httpclient/api/openapi.yaml b/internal/httpclient/api/openapi.yaml index 68ae6e705d7b..b9e242f4a40e 100644 --- a/internal/httpclient/api/openapi.yaml +++ b/internal/httpclient/api/openapi.yaml @@ -5124,12 +5124,6 @@ components: description: |- NodeType represents this node's types. It is a mirror of `node.type` and is primarily used to allow compatibility with OpenAPI 3.0. - enum: - - text - - input - - img - - a - - script type: string title: $ref: '#/components/schemas/uiText' @@ -5169,12 +5163,6 @@ components: description: |- NodeType represents this node's types. It is a mirror of `node.type` and is primarily used to allow compatibility with OpenAPI 3.0. - enum: - - text - - input - - img - - a - - script type: string src: description: |- @@ -5211,12 +5199,6 @@ components: description: |- NodeType represents this node's types. It is a mirror of `node.type` and is primarily used to allow compatibility with OpenAPI 3.0. - enum: - - text - - input - - img - - a - - script type: string onclick: description: |- @@ -5273,12 +5255,6 @@ components: description: |- NodeType represents this node's types. It is a mirror of `node.type` and is primarily used to allow compatibility with OpenAPI 3.0. - enum: - - text - - input - - img - - a - - script type: string nonce: description: |- @@ -5318,12 +5294,6 @@ components: description: |- NodeType represents this node's types. It is a mirror of `node.type` and is primarily used to allow compatibility with OpenAPI 3.0. - enum: - - text - - input - - img - - a - - script type: string text: $ref: '#/components/schemas/uiText' diff --git a/spec/api.json b/spec/api.json index 3bb775b9de8c..f44119102bb5 100755 --- a/spec/api.json +++ b/spec/api.json @@ -1899,13 +1899,6 @@ }, "node_type": { "description": "NodeType represents this node's types. It is a mirror of `node.type` and\nis primarily used to allow compatibility with OpenAPI 3.0.", - "enum": [ - "text", - "input", - "img", - "a", - "script" - ], "type": "string" }, "title": { @@ -1964,13 +1957,6 @@ }, "node_type": { "description": "NodeType represents this node's types. It is a mirror of `node.type` and\nis primarily used to allow compatibility with OpenAPI 3.0.", - "enum": [ - "text", - "input", - "img", - "a", - "script" - ], "type": "string" }, "src": { @@ -2012,13 +1998,6 @@ }, "node_type": { "description": "NodeType represents this node's types. It is a mirror of `node.type` and\nis primarily used to allow compatibility with OpenAPI 3.0.", - "enum": [ - "text", - "input", - "img", - "a", - "script" - ], "type": "string" }, "onclick": { @@ -2079,13 +2058,6 @@ }, "node_type": { "description": "NodeType represents this node's types. It is a mirror of `node.type` and\nis primarily used to allow compatibility with OpenAPI 3.0.", - "enum": [ - "text", - "input", - "img", - "a", - "script" - ], "type": "string" }, "nonce": { @@ -2127,13 +2099,6 @@ }, "node_type": { "description": "NodeType represents this node's types. It is a mirror of `node.type` and\nis primarily used to allow compatibility with OpenAPI 3.0.", - "enum": [ - "text", - "input", - "img", - "a", - "script" - ], "type": "string" }, "text": { diff --git a/spec/swagger.json b/spec/swagger.json index 0b07a3bf30d3..07efd53d9bb2 100755 --- a/spec/swagger.json +++ b/spec/swagger.json @@ -4111,14 +4111,7 @@ }, "node_type": { "description": "NodeType represents this node's types. It is a mirror of `node.type` and\nis primarily used to allow compatibility with OpenAPI 3.0.", - "type": "string", - "enum": [ - "text", - "input", - "img", - "a", - "script" - ] + "type": "string" }, "title": { "$ref": "#/definitions/uiText" @@ -4151,14 +4144,7 @@ }, "node_type": { "description": "NodeType represents this node's types. It is a mirror of `node.type` and\nis primarily used to allow compatibility with OpenAPI 3.0.", - "type": "string", - "enum": [ - "text", - "input", - "img", - "a", - "script" - ] + "type": "string" }, "src": { "description": "The image's source URL.\n\nformat: uri", @@ -4197,14 +4183,7 @@ }, "node_type": { "description": "NodeType represents this node's types. It is a mirror of `node.type` and\nis primarily used to allow compatibility with OpenAPI 3.0.", - "type": "string", - "enum": [ - "text", - "input", - "img", - "a", - "script" - ] + "type": "string" }, "onclick": { "description": "OnClick may contain javascript which should be executed on click. This is primarily\nused for WebAuthn.", @@ -4270,14 +4249,7 @@ }, "node_type": { "description": "NodeType represents this node's types. It is a mirror of `node.type` and\nis primarily used to allow compatibility with OpenAPI 3.0.", - "type": "string", - "enum": [ - "text", - "input", - "img", - "a", - "script" - ] + "type": "string" }, "nonce": { "description": "Nonce for CSP\n\nA nonce you may want to use to improve your Content Security Policy.\nYou do not have to use this value but if you want to improve your CSP\npolicies you may use it. You can also choose to use your own nonce value!", @@ -4312,14 +4284,7 @@ }, "node_type": { "description": "NodeType represents this node's types. It is a mirror of `node.type` and\nis primarily used to allow compatibility with OpenAPI 3.0.", - "type": "string", - "enum": [ - "text", - "input", - "img", - "a", - "script" - ] + "type": "string" }, "text": { "$ref": "#/definitions/uiText" diff --git a/ui/node/attributes.go b/ui/node/attributes.go index f59135f50f51..a1e96416e31b 100644 --- a/ui/node/attributes.go +++ b/ui/node/attributes.go @@ -75,10 +75,10 @@ type InputAttributes struct { OnClick string `json:"onclick,omitempty"` // NodeType represents this node's types. It is a mirror of `node.type` and - // is primarily used to allow compatibility with OpenAPI 3.0. + // is primarily used to allow compatibility with OpenAPI 3.0. In this struct it technically always is "input". // // required: true - NodeType UiNodeType `json:"node_type"` + NodeType string `json:"node_type"` } // ImageAttributes represents the attributes of an image node. @@ -107,10 +107,10 @@ type ImageAttributes struct { Height int `json:"height"` // NodeType represents this node's types. It is a mirror of `node.type` and - // is primarily used to allow compatibility with OpenAPI 3.0. + // is primarily used to allow compatibility with OpenAPI 3.0. In this struct it technically always is "img". // // required: true - NodeType UiNodeType `json:"node_type"` + NodeType string `json:"node_type"` } // AnchorAttributes represents the attributes of an anchor node. @@ -134,10 +134,10 @@ type AnchorAttributes struct { Identifier string `json:"id"` // NodeType represents this node's types. It is a mirror of `node.type` and - // is primarily used to allow compatibility with OpenAPI 3.0. + // is primarily used to allow compatibility with OpenAPI 3.0. In this struct it technically always is "a". // // required: true - NodeType UiNodeType `json:"node_type"` + NodeType string `json:"node_type"` } // TextAttributes represents the attributes of a text node. @@ -156,10 +156,10 @@ type TextAttributes struct { Identifier string `json:"id"` // NodeType represents this node's types. It is a mirror of `node.type` and - // is primarily used to allow compatibility with OpenAPI 3.0. + // is primarily used to allow compatibility with OpenAPI 3.0. In this struct it technically always is "text". // // required: true - NodeType UiNodeType `json:"node_type"` + NodeType string `json:"node_type"` } // ScriptAttributes represent script nodes which load javascript. @@ -211,10 +211,10 @@ type ScriptAttributes struct { Nonce string `json:"nonce"` // NodeType represents this node's types. It is a mirror of `node.type` and - // is primarily used to allow compatibility with OpenAPI 3.0. + // is primarily used to allow compatibility with OpenAPI 3.0. In this struct it technically always is "script". // // required: true - NodeType UiNodeType `json:"node_type"` + NodeType string `json:"node_type"` } var ( @@ -302,21 +302,21 @@ func (a *ScriptAttributes) Reset() { } func (a *InputAttributes) GetNodeType() UiNodeType { - return a.NodeType + return UiNodeType(a.NodeType) } func (a *ImageAttributes) GetNodeType() UiNodeType { - return a.NodeType + return UiNodeType(a.NodeType) } func (a *AnchorAttributes) GetNodeType() UiNodeType { - return a.NodeType + return UiNodeType(a.NodeType) } func (a *TextAttributes) GetNodeType() UiNodeType { - return a.NodeType + return UiNodeType(a.NodeType) } func (a *ScriptAttributes) GetNodeType() UiNodeType { - return a.NodeType + return UiNodeType(a.NodeType) } diff --git a/ui/node/node.go b/ui/node/node.go index edc38c6c2488..4856f6d8e9e7 100644 --- a/ui/node/node.go +++ b/ui/node/node.go @@ -353,23 +353,23 @@ func (n *Node) UnmarshalJSON(data []byte) error { switch t := gjson.GetBytes(data, "type").String(); UiNodeType(t) { case Text: attr = &TextAttributes{ - NodeType: Text, + NodeType: string(Text), } case Input: attr = &InputAttributes{ - NodeType: Input, + NodeType: string(Input), } case Anchor: attr = &AnchorAttributes{ - NodeType: Anchor, + NodeType: string(Anchor), } case Image: attr = &ImageAttributes{ - NodeType: Image, + NodeType: string(Image), } case Script: attr = &ScriptAttributes{ - NodeType: Script, + NodeType: string(Script), } default: return fmt.Errorf("unexpected node type: %s", t) @@ -396,19 +396,19 @@ func (n *Node) MarshalJSON() ([]byte, error) { switch attr := n.Attributes.(type) { case *TextAttributes: t = Text - attr.NodeType = Text + attr.NodeType = string(Text) case *InputAttributes: t = Input - attr.NodeType = Input + attr.NodeType = string(Input) case *AnchorAttributes: t = Anchor - attr.NodeType = Anchor + attr.NodeType = string(Anchor) case *ImageAttributes: t = Image - attr.NodeType = Image + attr.NodeType = string(Image) case *ScriptAttributes: t = Script - attr.NodeType = Script + attr.NodeType = string(Script) default: return nil, errors.WithStack(fmt.Errorf("unknown node type: %T", n.Attributes)) } From 2e26ddeee0d2feac2e8bed6a409bdaf73404d8c0 Mon Sep 17 00:00:00 2001 From: ory-bot <60093411+ory-bot@users.noreply.github.com> Date: Fri, 13 May 2022 15:23:42 +0000 Subject: [PATCH 045/411] autogen(openapi): regenerate swagger spec and internal client [skip ci] --- internal/httpclient/api/openapi.yaml | 10 +++++----- internal/httpclient/docs/UiNodeAnchorAttributes.md | 2 +- internal/httpclient/docs/UiNodeAttributes.md | 2 +- internal/httpclient/docs/UiNodeImageAttributes.md | 2 +- internal/httpclient/docs/UiNodeInputAttributes.md | 2 +- internal/httpclient/docs/UiNodeScriptAttributes.md | 2 +- internal/httpclient/docs/UiNodeTextAttributes.md | 2 +- internal/httpclient/model_ui_node_anchor_attributes.go | 2 +- internal/httpclient/model_ui_node_image_attributes.go | 2 +- internal/httpclient/model_ui_node_input_attributes.go | 2 +- internal/httpclient/model_ui_node_script_attributes.go | 2 +- internal/httpclient/model_ui_node_text_attributes.go | 2 +- spec/api.json | 10 +++++----- spec/swagger.json | 10 +++++----- 14 files changed, 26 insertions(+), 26 deletions(-) diff --git a/internal/httpclient/api/openapi.yaml b/internal/httpclient/api/openapi.yaml index b9e242f4a40e..9ab87e06d2fe 100644 --- a/internal/httpclient/api/openapi.yaml +++ b/internal/httpclient/api/openapi.yaml @@ -5123,7 +5123,7 @@ components: node_type: description: |- NodeType represents this node's types. It is a mirror of `node.type` and - is primarily used to allow compatibility with OpenAPI 3.0. + is primarily used to allow compatibility with OpenAPI 3.0. In this struct it technically always is "a". type: string title: $ref: '#/components/schemas/uiText' @@ -5162,7 +5162,7 @@ components: node_type: description: |- NodeType represents this node's types. It is a mirror of `node.type` and - is primarily used to allow compatibility with OpenAPI 3.0. + is primarily used to allow compatibility with OpenAPI 3.0. In this struct it technically always is "img". type: string src: description: |- @@ -5198,7 +5198,7 @@ components: node_type: description: |- NodeType represents this node's types. It is a mirror of `node.type` and - is primarily used to allow compatibility with OpenAPI 3.0. + is primarily used to allow compatibility with OpenAPI 3.0. In this struct it technically always is "input". type: string onclick: description: |- @@ -5254,7 +5254,7 @@ components: node_type: description: |- NodeType represents this node's types. It is a mirror of `node.type` and - is primarily used to allow compatibility with OpenAPI 3.0. + is primarily used to allow compatibility with OpenAPI 3.0. In this struct it technically always is "script". type: string nonce: description: |- @@ -5293,7 +5293,7 @@ components: node_type: description: |- NodeType represents this node's types. It is a mirror of `node.type` and - is primarily used to allow compatibility with OpenAPI 3.0. + is primarily used to allow compatibility with OpenAPI 3.0. In this struct it technically always is "text". type: string text: $ref: '#/components/schemas/uiText' diff --git a/internal/httpclient/docs/UiNodeAnchorAttributes.md b/internal/httpclient/docs/UiNodeAnchorAttributes.md index 44099ac60ccc..1498fa2f3922 100644 --- a/internal/httpclient/docs/UiNodeAnchorAttributes.md +++ b/internal/httpclient/docs/UiNodeAnchorAttributes.md @@ -6,7 +6,7 @@ Name | Type | Description | Notes ------------ | ------------- | ------------- | ------------- **Href** | **string** | The link's href (destination) URL. format: uri | **Id** | **string** | A unique identifier | -**NodeType** | **string** | NodeType represents this node's types. It is a mirror of `node.type` and is primarily used to allow compatibility with OpenAPI 3.0. | +**NodeType** | **string** | NodeType represents this node's types. It is a mirror of `node.type` and is primarily used to allow compatibility with OpenAPI 3.0. In this struct it technically always is \"a\". | **Title** | [**UiText**](UiText.md) | | ## Methods diff --git a/internal/httpclient/docs/UiNodeAttributes.md b/internal/httpclient/docs/UiNodeAttributes.md index 03760d3ecc68..640e32e5f992 100644 --- a/internal/httpclient/docs/UiNodeAttributes.md +++ b/internal/httpclient/docs/UiNodeAttributes.md @@ -7,7 +7,7 @@ Name | Type | Description | Notes **Disabled** | **bool** | Sets the input's disabled field to true or false. | **Label** | Pointer to [**UiText**](UiText.md) | | [optional] **Name** | **string** | The input's element name. | -**NodeType** | **string** | NodeType represents this node's types. It is a mirror of `node.type` and is primarily used to allow compatibility with OpenAPI 3.0. | +**NodeType** | **string** | NodeType represents this node's types. It is a mirror of `node.type` and is primarily used to allow compatibility with OpenAPI 3.0. In this struct it technically always is \"script\". | **Onclick** | Pointer to **string** | OnClick may contain javascript which should be executed on click. This is primarily used for WebAuthn. | [optional] **Pattern** | Pointer to **string** | The input's pattern. | [optional] **Required** | Pointer to **bool** | Mark this input field as required. | [optional] diff --git a/internal/httpclient/docs/UiNodeImageAttributes.md b/internal/httpclient/docs/UiNodeImageAttributes.md index f79dc91c4e8c..2ef9a3771ff7 100644 --- a/internal/httpclient/docs/UiNodeImageAttributes.md +++ b/internal/httpclient/docs/UiNodeImageAttributes.md @@ -6,7 +6,7 @@ Name | Type | Description | Notes ------------ | ------------- | ------------- | ------------- **Height** | **int64** | Height of the image | **Id** | **string** | A unique identifier | -**NodeType** | **string** | NodeType represents this node's types. It is a mirror of `node.type` and is primarily used to allow compatibility with OpenAPI 3.0. | +**NodeType** | **string** | NodeType represents this node's types. It is a mirror of `node.type` and is primarily used to allow compatibility with OpenAPI 3.0. In this struct it technically always is \"img\". | **Src** | **string** | The image's source URL. format: uri | **Width** | **int64** | Width of the image | diff --git a/internal/httpclient/docs/UiNodeInputAttributes.md b/internal/httpclient/docs/UiNodeInputAttributes.md index d684252a73c2..fc1b1fe2a445 100644 --- a/internal/httpclient/docs/UiNodeInputAttributes.md +++ b/internal/httpclient/docs/UiNodeInputAttributes.md @@ -7,7 +7,7 @@ Name | Type | Description | Notes **Disabled** | **bool** | Sets the input's disabled field to true or false. | **Label** | Pointer to [**UiText**](UiText.md) | | [optional] **Name** | **string** | The input's element name. | -**NodeType** | **string** | NodeType represents this node's types. It is a mirror of `node.type` and is primarily used to allow compatibility with OpenAPI 3.0. | +**NodeType** | **string** | NodeType represents this node's types. It is a mirror of `node.type` and is primarily used to allow compatibility with OpenAPI 3.0. In this struct it technically always is \"input\". | **Onclick** | Pointer to **string** | OnClick may contain javascript which should be executed on click. This is primarily used for WebAuthn. | [optional] **Pattern** | Pointer to **string** | The input's pattern. | [optional] **Required** | Pointer to **bool** | Mark this input field as required. | [optional] diff --git a/internal/httpclient/docs/UiNodeScriptAttributes.md b/internal/httpclient/docs/UiNodeScriptAttributes.md index 54dd12571580..5b24760f03e3 100644 --- a/internal/httpclient/docs/UiNodeScriptAttributes.md +++ b/internal/httpclient/docs/UiNodeScriptAttributes.md @@ -8,7 +8,7 @@ Name | Type | Description | Notes **Crossorigin** | **string** | The script cross origin policy | **Id** | **string** | A unique identifier | **Integrity** | **string** | The script's integrity hash | -**NodeType** | **string** | NodeType represents this node's types. It is a mirror of `node.type` and is primarily used to allow compatibility with OpenAPI 3.0. | +**NodeType** | **string** | NodeType represents this node's types. It is a mirror of `node.type` and is primarily used to allow compatibility with OpenAPI 3.0. In this struct it technically always is \"script\". | **Nonce** | **string** | Nonce for CSP A nonce you may want to use to improve your Content Security Policy. You do not have to use this value but if you want to improve your CSP policies you may use it. You can also choose to use your own nonce value! | **Referrerpolicy** | **string** | The script referrer policy | **Src** | **string** | The script source | diff --git a/internal/httpclient/docs/UiNodeTextAttributes.md b/internal/httpclient/docs/UiNodeTextAttributes.md index 6139132c1116..cd6c39c3a8fe 100644 --- a/internal/httpclient/docs/UiNodeTextAttributes.md +++ b/internal/httpclient/docs/UiNodeTextAttributes.md @@ -5,7 +5,7 @@ Name | Type | Description | Notes ------------ | ------------- | ------------- | ------------- **Id** | **string** | A unique identifier | -**NodeType** | **string** | NodeType represents this node's types. It is a mirror of `node.type` and is primarily used to allow compatibility with OpenAPI 3.0. | +**NodeType** | **string** | NodeType represents this node's types. It is a mirror of `node.type` and is primarily used to allow compatibility with OpenAPI 3.0. In this struct it technically always is \"text\". | **Text** | [**UiText**](UiText.md) | | ## Methods diff --git a/internal/httpclient/model_ui_node_anchor_attributes.go b/internal/httpclient/model_ui_node_anchor_attributes.go index e995d86cbdba..2c89a7c65e52 100644 --- a/internal/httpclient/model_ui_node_anchor_attributes.go +++ b/internal/httpclient/model_ui_node_anchor_attributes.go @@ -21,7 +21,7 @@ type UiNodeAnchorAttributes struct { Href string `json:"href"` // A unique identifier Id string `json:"id"` - // NodeType represents this node's types. It is a mirror of `node.type` and is primarily used to allow compatibility with OpenAPI 3.0. + // NodeType represents this node's types. It is a mirror of `node.type` and is primarily used to allow compatibility with OpenAPI 3.0. In this struct it technically always is \"a\". NodeType string `json:"node_type"` Title UiText `json:"title"` } diff --git a/internal/httpclient/model_ui_node_image_attributes.go b/internal/httpclient/model_ui_node_image_attributes.go index be775ff2146c..a0cedb751d36 100644 --- a/internal/httpclient/model_ui_node_image_attributes.go +++ b/internal/httpclient/model_ui_node_image_attributes.go @@ -21,7 +21,7 @@ type UiNodeImageAttributes struct { Height int64 `json:"height"` // A unique identifier Id string `json:"id"` - // NodeType represents this node's types. It is a mirror of `node.type` and is primarily used to allow compatibility with OpenAPI 3.0. + // NodeType represents this node's types. It is a mirror of `node.type` and is primarily used to allow compatibility with OpenAPI 3.0. In this struct it technically always is \"img\". NodeType string `json:"node_type"` // The image's source URL. format: uri Src string `json:"src"` diff --git a/internal/httpclient/model_ui_node_input_attributes.go b/internal/httpclient/model_ui_node_input_attributes.go index ff7360de828a..c609923e406b 100644 --- a/internal/httpclient/model_ui_node_input_attributes.go +++ b/internal/httpclient/model_ui_node_input_attributes.go @@ -22,7 +22,7 @@ type UiNodeInputAttributes struct { Label *UiText `json:"label,omitempty"` // The input's element name. Name string `json:"name"` - // NodeType represents this node's types. It is a mirror of `node.type` and is primarily used to allow compatibility with OpenAPI 3.0. + // NodeType represents this node's types. It is a mirror of `node.type` and is primarily used to allow compatibility with OpenAPI 3.0. In this struct it technically always is \"input\". NodeType string `json:"node_type"` // OnClick may contain javascript which should be executed on click. This is primarily used for WebAuthn. Onclick *string `json:"onclick,omitempty"` diff --git a/internal/httpclient/model_ui_node_script_attributes.go b/internal/httpclient/model_ui_node_script_attributes.go index d2d668bb165c..6961bceab972 100644 --- a/internal/httpclient/model_ui_node_script_attributes.go +++ b/internal/httpclient/model_ui_node_script_attributes.go @@ -25,7 +25,7 @@ type UiNodeScriptAttributes struct { Id string `json:"id"` // The script's integrity hash Integrity string `json:"integrity"` - // NodeType represents this node's types. It is a mirror of `node.type` and is primarily used to allow compatibility with OpenAPI 3.0. + // NodeType represents this node's types. It is a mirror of `node.type` and is primarily used to allow compatibility with OpenAPI 3.0. In this struct it technically always is \"script\". NodeType string `json:"node_type"` // Nonce for CSP A nonce you may want to use to improve your Content Security Policy. You do not have to use this value but if you want to improve your CSP policies you may use it. You can also choose to use your own nonce value! Nonce string `json:"nonce"` diff --git a/internal/httpclient/model_ui_node_text_attributes.go b/internal/httpclient/model_ui_node_text_attributes.go index b2d0066aeba2..de3e7c548526 100644 --- a/internal/httpclient/model_ui_node_text_attributes.go +++ b/internal/httpclient/model_ui_node_text_attributes.go @@ -19,7 +19,7 @@ import ( type UiNodeTextAttributes struct { // A unique identifier Id string `json:"id"` - // NodeType represents this node's types. It is a mirror of `node.type` and is primarily used to allow compatibility with OpenAPI 3.0. + // NodeType represents this node's types. It is a mirror of `node.type` and is primarily used to allow compatibility with OpenAPI 3.0. In this struct it technically always is \"text\". NodeType string `json:"node_type"` Text UiText `json:"text"` } diff --git a/spec/api.json b/spec/api.json index f44119102bb5..cdd8ce37489a 100755 --- a/spec/api.json +++ b/spec/api.json @@ -1898,7 +1898,7 @@ "type": "string" }, "node_type": { - "description": "NodeType represents this node's types. It is a mirror of `node.type` and\nis primarily used to allow compatibility with OpenAPI 3.0.", + "description": "NodeType represents this node's types. It is a mirror of `node.type` and\nis primarily used to allow compatibility with OpenAPI 3.0. In this struct it technically always is \"a\".", "type": "string" }, "title": { @@ -1956,7 +1956,7 @@ "type": "string" }, "node_type": { - "description": "NodeType represents this node's types. It is a mirror of `node.type` and\nis primarily used to allow compatibility with OpenAPI 3.0.", + "description": "NodeType represents this node's types. It is a mirror of `node.type` and\nis primarily used to allow compatibility with OpenAPI 3.0. In this struct it technically always is \"img\".", "type": "string" }, "src": { @@ -1997,7 +1997,7 @@ "type": "string" }, "node_type": { - "description": "NodeType represents this node's types. It is a mirror of `node.type` and\nis primarily used to allow compatibility with OpenAPI 3.0.", + "description": "NodeType represents this node's types. It is a mirror of `node.type` and\nis primarily used to allow compatibility with OpenAPI 3.0. In this struct it technically always is \"input\".", "type": "string" }, "onclick": { @@ -2057,7 +2057,7 @@ "type": "string" }, "node_type": { - "description": "NodeType represents this node's types. It is a mirror of `node.type` and\nis primarily used to allow compatibility with OpenAPI 3.0.", + "description": "NodeType represents this node's types. It is a mirror of `node.type` and\nis primarily used to allow compatibility with OpenAPI 3.0. In this struct it technically always is \"script\".", "type": "string" }, "nonce": { @@ -2098,7 +2098,7 @@ "type": "string" }, "node_type": { - "description": "NodeType represents this node's types. It is a mirror of `node.type` and\nis primarily used to allow compatibility with OpenAPI 3.0.", + "description": "NodeType represents this node's types. It is a mirror of `node.type` and\nis primarily used to allow compatibility with OpenAPI 3.0. In this struct it technically always is \"text\".", "type": "string" }, "text": { diff --git a/spec/swagger.json b/spec/swagger.json index 07efd53d9bb2..790c79424b20 100755 --- a/spec/swagger.json +++ b/spec/swagger.json @@ -4110,7 +4110,7 @@ "type": "string" }, "node_type": { - "description": "NodeType represents this node's types. It is a mirror of `node.type` and\nis primarily used to allow compatibility with OpenAPI 3.0.", + "description": "NodeType represents this node's types. It is a mirror of `node.type` and\nis primarily used to allow compatibility with OpenAPI 3.0. In this struct it technically always is \"a\".", "type": "string" }, "title": { @@ -4143,7 +4143,7 @@ "type": "string" }, "node_type": { - "description": "NodeType represents this node's types. It is a mirror of `node.type` and\nis primarily used to allow compatibility with OpenAPI 3.0.", + "description": "NodeType represents this node's types. It is a mirror of `node.type` and\nis primarily used to allow compatibility with OpenAPI 3.0. In this struct it technically always is \"img\".", "type": "string" }, "src": { @@ -4182,7 +4182,7 @@ "type": "string" }, "node_type": { - "description": "NodeType represents this node's types. It is a mirror of `node.type` and\nis primarily used to allow compatibility with OpenAPI 3.0.", + "description": "NodeType represents this node's types. It is a mirror of `node.type` and\nis primarily used to allow compatibility with OpenAPI 3.0. In this struct it technically always is \"input\".", "type": "string" }, "onclick": { @@ -4248,7 +4248,7 @@ "type": "string" }, "node_type": { - "description": "NodeType represents this node's types. It is a mirror of `node.type` and\nis primarily used to allow compatibility with OpenAPI 3.0.", + "description": "NodeType represents this node's types. It is a mirror of `node.type` and\nis primarily used to allow compatibility with OpenAPI 3.0. In this struct it technically always is \"script\".", "type": "string" }, "nonce": { @@ -4283,7 +4283,7 @@ "type": "string" }, "node_type": { - "description": "NodeType represents this node's types. It is a mirror of `node.type` and\nis primarily used to allow compatibility with OpenAPI 3.0.", + "description": "NodeType represents this node's types. It is a mirror of `node.type` and\nis primarily used to allow compatibility with OpenAPI 3.0. In this struct it technically always is \"text\".", "type": "string" }, "text": { From 2bffee81f0e8a98851a3e11b4fc4969d95e9b445 Mon Sep 17 00:00:00 2001 From: Viz Date: Fri, 13 May 2022 23:39:35 +0800 Subject: [PATCH 046/411] feat(sdk): add csrf cookie for login flow submission (#2454) --- internal/httpclient/api/openapi.yaml | 11 +++++++++++ internal/httpclient/api_v0alpha2.go | 8 ++++++++ internal/httpclient/docs/V0alpha2Api.md | 6 ++++-- selfservice/flow/login/handler.go | 8 ++++++++ spec/api.json | 8 ++++++++ spec/swagger.json | 6 ++++++ 6 files changed, 45 insertions(+), 2 deletions(-) diff --git a/internal/httpclient/api/openapi.yaml b/internal/httpclient/api/openapi.yaml index 9ab87e06d2fe..bf68ff52623f 100644 --- a/internal/httpclient/api/openapi.yaml +++ b/internal/httpclient/api/openapi.yaml @@ -740,6 +740,17 @@ paths: schema: type: string style: simple + - description: |- + CSRF Cookie + + The CSRF cookie for browsers flow. + explode: false + in: header + name: cookie + required: false + schema: + type: string + style: simple requestBody: content: application/json: diff --git a/internal/httpclient/api_v0alpha2.go b/internal/httpclient/api_v0alpha2.go index 6bdfd8d7b685..9a14b8da6b0e 100644 --- a/internal/httpclient/api_v0alpha2.go +++ b/internal/httpclient/api_v0alpha2.go @@ -5914,6 +5914,7 @@ type V0alpha2ApiApiSubmitSelfServiceLoginFlowRequest struct { ApiService V0alpha2Api flow *string xSessionToken *string + cookie *string submitSelfServiceLoginFlowBody *SubmitSelfServiceLoginFlowBody } @@ -5925,6 +5926,10 @@ func (r V0alpha2ApiApiSubmitSelfServiceLoginFlowRequest) XSessionToken(xSessionT r.xSessionToken = &xSessionToken return r } +func (r V0alpha2ApiApiSubmitSelfServiceLoginFlowRequest) Cookie(cookie string) V0alpha2ApiApiSubmitSelfServiceLoginFlowRequest { + r.cookie = &cookie + return r +} func (r V0alpha2ApiApiSubmitSelfServiceLoginFlowRequest) SubmitSelfServiceLoginFlowBody(submitSelfServiceLoginFlowBody SubmitSelfServiceLoginFlowBody) V0alpha2ApiApiSubmitSelfServiceLoginFlowRequest { r.submitSelfServiceLoginFlowBody = &submitSelfServiceLoginFlowBody return r @@ -6028,6 +6033,9 @@ func (a *V0alpha2ApiService) SubmitSelfServiceLoginFlowExecute(r V0alpha2ApiApiS if r.xSessionToken != nil { localVarHeaderParams["X-Session-Token"] = parameterToString(*r.xSessionToken, "") } + if r.cookie != nil { + localVarHeaderParams["cookie"] = parameterToString(*r.cookie, "") + } // body params localVarPostBody = r.submitSelfServiceLoginFlowBody req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, localVarFormFileName, localVarFileName, localVarFileBytes) diff --git a/internal/httpclient/docs/V0alpha2Api.md b/internal/httpclient/docs/V0alpha2Api.md index cc1ce80bdf1b..945ffd168b86 100644 --- a/internal/httpclient/docs/V0alpha2Api.md +++ b/internal/httpclient/docs/V0alpha2Api.md @@ -2209,7 +2209,7 @@ No authorization required ## SubmitSelfServiceLoginFlow -> SuccessfulSelfServiceLoginWithoutBrowser SubmitSelfServiceLoginFlow(ctx).Flow(flow).XSessionToken(xSessionToken).SubmitSelfServiceLoginFlowBody(submitSelfServiceLoginFlowBody).Execute() +> SuccessfulSelfServiceLoginWithoutBrowser SubmitSelfServiceLoginFlow(ctx).Flow(flow).XSessionToken(xSessionToken).Cookie(cookie).SubmitSelfServiceLoginFlowBody(submitSelfServiceLoginFlowBody).Execute() Submit a Login Flow @@ -2230,11 +2230,12 @@ import ( func main() { flow := "flow_example" // string | The Login Flow ID The value for this parameter comes from `flow` URL Query parameter sent to your application (e.g. `/login?flow=abcde`). xSessionToken := "xSessionToken_example" // string | The Session Token of the Identity performing the settings flow. (optional) + cookie := "cookie_example" // string | CSRF Cookie The CSRF cookie for browsers flow. (optional) submitSelfServiceLoginFlowBody := openapiclient.submitSelfServiceLoginFlowBody{SubmitSelfServiceLoginFlowWithLookupSecretMethodBody: openapiclient.NewSubmitSelfServiceLoginFlowWithLookupSecretMethodBody("LookupSecret_example", "Method_example")} // SubmitSelfServiceLoginFlowBody | (optional) configuration := openapiclient.NewConfiguration() apiClient := openapiclient.NewAPIClient(configuration) - resp, r, err := apiClient.V0alpha2Api.SubmitSelfServiceLoginFlow(context.Background()).Flow(flow).XSessionToken(xSessionToken).SubmitSelfServiceLoginFlowBody(submitSelfServiceLoginFlowBody).Execute() + resp, r, err := apiClient.V0alpha2Api.SubmitSelfServiceLoginFlow(context.Background()).Flow(flow).XSessionToken(xSessionToken).Cookie(cookie).SubmitSelfServiceLoginFlowBody(submitSelfServiceLoginFlowBody).Execute() if err != nil { fmt.Fprintf(os.Stderr, "Error when calling `V0alpha2Api.SubmitSelfServiceLoginFlow``: %v\n", err) fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r) @@ -2257,6 +2258,7 @@ Name | Type | Description | Notes ------------- | ------------- | ------------- | ------------- **flow** | **string** | The Login Flow ID The value for this parameter comes from `flow` URL Query parameter sent to your application (e.g. `/login?flow=abcde`). | **xSessionToken** | **string** | The Session Token of the Identity performing the settings flow. | + **cookie** | **string** | CSRF Cookie The CSRF cookie for browsers flow. | **submitSelfServiceLoginFlowBody** | [**SubmitSelfServiceLoginFlowBody**](SubmitSelfServiceLoginFlowBody.md) | | ### Return type diff --git a/selfservice/flow/login/handler.go b/selfservice/flow/login/handler.go index 1fa96cd34c6c..feaec1d4fd3b 100644 --- a/selfservice/flow/login/handler.go +++ b/selfservice/flow/login/handler.go @@ -461,6 +461,14 @@ type submitSelfServiceLoginFlow struct { // // in: header SessionToken string `json:"X-Session-Token"` + + // CSRF Cookie + // + // The CSRF cookie for browsers flow. + // + // in: header + // name: Cookie + Cookies string `json:"cookie"` } // swagger:model submitSelfServiceLoginFlowBody diff --git a/spec/api.json b/spec/api.json index cdd8ce37489a..87bedb3521df 100755 --- a/spec/api.json +++ b/spec/api.json @@ -3179,6 +3179,14 @@ "schema": { "type": "string" } + }, + { + "description": "CSRF Cookie\n\nThe CSRF cookie for browsers flow.", + "in": "header", + "name": "cookie", + "schema": { + "type": "string" + } } ], "requestBody": { diff --git a/spec/swagger.json b/spec/swagger.json index 790c79424b20..9ac9b7f41208 100755 --- a/spec/swagger.json +++ b/spec/swagger.json @@ -830,6 +830,12 @@ "description": "The Session Token of the Identity performing the settings flow.", "name": "X-Session-Token", "in": "header" + }, + { + "type": "string", + "description": "CSRF Cookie\n\nThe CSRF cookie for browsers flow.", + "name": "cookie", + "in": "header" } ], "responses": { From 9a969fd927ae8436a863e91ecb6574cb3bb1c3a6 Mon Sep 17 00:00:00 2001 From: hackerman <3372410+aeneasr@users.noreply.github.com> Date: Fri, 13 May 2022 18:19:13 +0200 Subject: [PATCH 047/411] feat(sdk): add cookie headers to all form submissions (#2467) Closes #2003 Closes #2454 --- internal/httpclient/api/openapi.yaml | 80 +++++++++++++++++++----- internal/httpclient/api_v0alpha2.go | 42 +++++++++++-- internal/httpclient/docs/V0alpha2Api.md | 44 +++++++------ selfservice/flow/login/handler.go | 13 ++-- selfservice/flow/recovery/handler.go | 15 ++++- selfservice/flow/registration/handler.go | 15 ++++- selfservice/flow/settings/handler.go | 16 +++-- selfservice/flow/verification/handler.go | 9 +++ spec/api.json | 52 ++++++++++++--- spec/swagger.json | 44 ++++++++++--- 10 files changed, 255 insertions(+), 75 deletions(-) diff --git a/internal/httpclient/api/openapi.yaml b/internal/httpclient/api/openapi.yaml index bf68ff52623f..849f80596595 100644 --- a/internal/httpclient/api/openapi.yaml +++ b/internal/httpclient/api/openapi.yaml @@ -741,12 +741,13 @@ paths: type: string style: simple - description: |- - CSRF Cookie + HTTP Cookies - The CSRF cookie for browsers flow. + When using the SDK in a browser app, on the server side you must include the HTTP Cookie Header + sent by the client to your server here. This ensures that CSRF and session cookies are respected. explode: false in: header - name: cookie + name: Cookie required: false schema: type: string @@ -1006,11 +1007,11 @@ paths: - description: |- HTTP Cookies - When using the SDK on the server side you must include the HTTP Cookie Header - originally sent to your HTTP handler here. + When using the SDK in a browser app, on the server side you must include the HTTP Cookie Header + sent by the client to your server here. This ensures that CSRF and session cookies are respected. explode: false in: header - name: cookie + name: Cookie required: false schema: type: string @@ -1237,6 +1238,18 @@ paths: schema: type: string style: form + - description: |- + HTTP Cookies + + When using the SDK in a browser app, on the server side you must include the HTTP Cookie Header + sent by the client to your server here. This ensures that CSRF and session cookies are respected. + explode: false + in: header + name: Cookie + required: false + schema: + type: string + style: simple requestBody: content: application/json: @@ -1403,11 +1416,11 @@ paths: - description: |- HTTP Cookies - When using the SDK on the server side you must include the HTTP Cookie Header - originally sent to your HTTP handler here. + When using the SDK in a browser app, on the server side you must include the HTTP Cookie Header + sent by the client to your server here. This ensures that CSRF and session cookies are respected. explode: false in: header - name: cookie + name: Cookie required: false schema: type: string @@ -1485,6 +1498,18 @@ paths: schema: type: string style: form + - description: |- + HTTP Cookies + + When using the SDK in a browser app, on the server side you must include the HTTP Cookie Header + sent by the client to your server here. This ensures that CSRF and session cookies are respected. + explode: false + in: header + name: Cookie + required: false + schema: + type: string + style: simple requestBody: content: application/json: @@ -1676,11 +1701,11 @@ paths: - description: |- HTTP Cookies - When using the SDK on the server side you must include the HTTP Cookie Header - originally sent to your HTTP handler here. + When using the SDK in a browser app, on the server side you must include the HTTP Cookie Header + sent by the client to your server here. This ensures that CSRF and session cookies are respected. explode: false in: header - name: cookie + name: Cookie required: false schema: type: string @@ -1787,6 +1812,18 @@ paths: schema: type: string style: simple + - description: |- + HTTP Cookies + + When using the SDK in a browser app, on the server side you must include the HTTP Cookie Header + sent by the client to your server here. This ensures that CSRF and session cookies are respected. + explode: false + in: header + name: Cookie + required: false + schema: + type: string + style: simple requestBody: content: application/json: @@ -2031,12 +2068,11 @@ paths: - description: |- HTTP Cookies - When using the SDK on the server side you must include the HTTP Cookie Header - originally sent to your HTTP handler here. You only need to do this for browser- - based flows. + When using the SDK in a browser app, on the server side you must include the HTTP Cookie Header + sent by the client to your server here. This ensures that CSRF and session cookies are respected. explode: false in: header - name: cookie + name: Cookie required: false schema: type: string @@ -2128,6 +2164,18 @@ paths: schema: type: string style: form + - description: |- + HTTP Cookies + + When using the SDK in a browser app, on the server side you must include the HTTP Cookie Header + sent by the client to your server here. This ensures that CSRF and session cookies are respected. + explode: false + in: header + name: Cookie + required: false + schema: + type: string + style: simple requestBody: content: application/json: diff --git a/internal/httpclient/api_v0alpha2.go b/internal/httpclient/api_v0alpha2.go index 9a14b8da6b0e..774e3c4c2857 100644 --- a/internal/httpclient/api_v0alpha2.go +++ b/internal/httpclient/api_v0alpha2.go @@ -2974,7 +2974,7 @@ func (a *V0alpha2ApiService) GetSelfServiceLoginFlowExecute(r V0alpha2ApiApiGetS localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept } if r.cookie != nil { - localVarHeaderParams["cookie"] = parameterToString(*r.cookie, "") + localVarHeaderParams["Cookie"] = parameterToString(*r.cookie, "") } req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, localVarFormFileName, localVarFileName, localVarFileBytes) if err != nil { @@ -3149,7 +3149,7 @@ func (a *V0alpha2ApiService) GetSelfServiceRecoveryFlowExecute(r V0alpha2ApiApiG localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept } if r.cookie != nil { - localVarHeaderParams["cookie"] = parameterToString(*r.cookie, "") + localVarHeaderParams["Cookie"] = parameterToString(*r.cookie, "") } req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, localVarFormFileName, localVarFileName, localVarFileBytes) if err != nil { @@ -3319,7 +3319,7 @@ func (a *V0alpha2ApiService) GetSelfServiceRegistrationFlowExecute(r V0alpha2Api localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept } if r.cookie != nil { - localVarHeaderParams["cookie"] = parameterToString(*r.cookie, "") + localVarHeaderParams["Cookie"] = parameterToString(*r.cookie, "") } req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, localVarFormFileName, localVarFileName, localVarFileBytes) if err != nil { @@ -3503,7 +3503,7 @@ func (a *V0alpha2ApiService) GetSelfServiceSettingsFlowExecute(r V0alpha2ApiApiG localVarHeaderParams["X-Session-Token"] = parameterToString(*r.xSessionToken, "") } if r.cookie != nil { - localVarHeaderParams["cookie"] = parameterToString(*r.cookie, "") + localVarHeaderParams["Cookie"] = parameterToString(*r.cookie, "") } req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, localVarFormFileName, localVarFileName, localVarFileBytes) if err != nil { @@ -6034,7 +6034,7 @@ func (a *V0alpha2ApiService) SubmitSelfServiceLoginFlowExecute(r V0alpha2ApiApiS localVarHeaderParams["X-Session-Token"] = parameterToString(*r.xSessionToken, "") } if r.cookie != nil { - localVarHeaderParams["cookie"] = parameterToString(*r.cookie, "") + localVarHeaderParams["Cookie"] = parameterToString(*r.cookie, "") } // body params localVarPostBody = r.submitSelfServiceLoginFlowBody @@ -6374,6 +6374,7 @@ type V0alpha2ApiApiSubmitSelfServiceRecoveryFlowRequest struct { ApiService V0alpha2Api flow *string token *string + cookie *string submitSelfServiceRecoveryFlowBody *SubmitSelfServiceRecoveryFlowBody } @@ -6385,6 +6386,10 @@ func (r V0alpha2ApiApiSubmitSelfServiceRecoveryFlowRequest) Token(token string) r.token = &token return r } +func (r V0alpha2ApiApiSubmitSelfServiceRecoveryFlowRequest) Cookie(cookie string) V0alpha2ApiApiSubmitSelfServiceRecoveryFlowRequest { + r.cookie = &cookie + return r +} func (r V0alpha2ApiApiSubmitSelfServiceRecoveryFlowRequest) SubmitSelfServiceRecoveryFlowBody(submitSelfServiceRecoveryFlowBody SubmitSelfServiceRecoveryFlowBody) V0alpha2ApiApiSubmitSelfServiceRecoveryFlowRequest { r.submitSelfServiceRecoveryFlowBody = &submitSelfServiceRecoveryFlowBody return r @@ -6471,6 +6476,9 @@ func (a *V0alpha2ApiService) SubmitSelfServiceRecoveryFlowExecute(r V0alpha2ApiA if localVarHTTPHeaderAccept != "" { localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept } + if r.cookie != nil { + localVarHeaderParams["Cookie"] = parameterToString(*r.cookie, "") + } // body params localVarPostBody = r.submitSelfServiceRecoveryFlowBody req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, localVarFormFileName, localVarFileName, localVarFileBytes) @@ -6543,6 +6551,7 @@ type V0alpha2ApiApiSubmitSelfServiceRegistrationFlowRequest struct { ctx context.Context ApiService V0alpha2Api flow *string + cookie *string submitSelfServiceRegistrationFlowBody *SubmitSelfServiceRegistrationFlowBody } @@ -6550,6 +6559,10 @@ func (r V0alpha2ApiApiSubmitSelfServiceRegistrationFlowRequest) Flow(flow string r.flow = &flow return r } +func (r V0alpha2ApiApiSubmitSelfServiceRegistrationFlowRequest) Cookie(cookie string) V0alpha2ApiApiSubmitSelfServiceRegistrationFlowRequest { + r.cookie = &cookie + return r +} func (r V0alpha2ApiApiSubmitSelfServiceRegistrationFlowRequest) SubmitSelfServiceRegistrationFlowBody(submitSelfServiceRegistrationFlowBody SubmitSelfServiceRegistrationFlowBody) V0alpha2ApiApiSubmitSelfServiceRegistrationFlowRequest { r.submitSelfServiceRegistrationFlowBody = &submitSelfServiceRegistrationFlowBody return r @@ -6645,6 +6658,9 @@ func (a *V0alpha2ApiService) SubmitSelfServiceRegistrationFlowExecute(r V0alpha2 if localVarHTTPHeaderAccept != "" { localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept } + if r.cookie != nil { + localVarHeaderParams["Cookie"] = parameterToString(*r.cookie, "") + } // body params localVarPostBody = r.submitSelfServiceRegistrationFlowBody req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, localVarFormFileName, localVarFileName, localVarFileBytes) @@ -6728,6 +6744,7 @@ type V0alpha2ApiApiSubmitSelfServiceSettingsFlowRequest struct { ApiService V0alpha2Api flow *string xSessionToken *string + cookie *string submitSelfServiceSettingsFlowBody *SubmitSelfServiceSettingsFlowBody } @@ -6739,6 +6756,10 @@ func (r V0alpha2ApiApiSubmitSelfServiceSettingsFlowRequest) XSessionToken(xSessi r.xSessionToken = &xSessionToken return r } +func (r V0alpha2ApiApiSubmitSelfServiceSettingsFlowRequest) Cookie(cookie string) V0alpha2ApiApiSubmitSelfServiceSettingsFlowRequest { + r.cookie = &cookie + return r +} func (r V0alpha2ApiApiSubmitSelfServiceSettingsFlowRequest) SubmitSelfServiceSettingsFlowBody(submitSelfServiceSettingsFlowBody SubmitSelfServiceSettingsFlowBody) V0alpha2ApiApiSubmitSelfServiceSettingsFlowRequest { r.submitSelfServiceSettingsFlowBody = &submitSelfServiceSettingsFlowBody return r @@ -6852,6 +6873,9 @@ func (a *V0alpha2ApiService) SubmitSelfServiceSettingsFlowExecute(r V0alpha2ApiA if r.xSessionToken != nil { localVarHeaderParams["X-Session-Token"] = parameterToString(*r.xSessionToken, "") } + if r.cookie != nil { + localVarHeaderParams["Cookie"] = parameterToString(*r.cookie, "") + } // body params localVarPostBody = r.submitSelfServiceSettingsFlowBody req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, localVarFormFileName, localVarFileName, localVarFileBytes) @@ -6955,6 +6979,7 @@ type V0alpha2ApiApiSubmitSelfServiceVerificationFlowRequest struct { ApiService V0alpha2Api flow *string token *string + cookie *string submitSelfServiceVerificationFlowBody *SubmitSelfServiceVerificationFlowBody } @@ -6966,6 +6991,10 @@ func (r V0alpha2ApiApiSubmitSelfServiceVerificationFlowRequest) Token(token stri r.token = &token return r } +func (r V0alpha2ApiApiSubmitSelfServiceVerificationFlowRequest) Cookie(cookie string) V0alpha2ApiApiSubmitSelfServiceVerificationFlowRequest { + r.cookie = &cookie + return r +} func (r V0alpha2ApiApiSubmitSelfServiceVerificationFlowRequest) SubmitSelfServiceVerificationFlowBody(submitSelfServiceVerificationFlowBody SubmitSelfServiceVerificationFlowBody) V0alpha2ApiApiSubmitSelfServiceVerificationFlowRequest { r.submitSelfServiceVerificationFlowBody = &submitSelfServiceVerificationFlowBody return r @@ -7052,6 +7081,9 @@ func (a *V0alpha2ApiService) SubmitSelfServiceVerificationFlowExecute(r V0alpha2 if localVarHTTPHeaderAccept != "" { localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept } + if r.cookie != nil { + localVarHeaderParams["Cookie"] = parameterToString(*r.cookie, "") + } // body params localVarPostBody = r.submitSelfServiceVerificationFlowBody req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, localVarFormFileName, localVarFileName, localVarFileBytes) diff --git a/internal/httpclient/docs/V0alpha2Api.md b/internal/httpclient/docs/V0alpha2Api.md index 945ffd168b86..437a3067bb92 100644 --- a/internal/httpclient/docs/V0alpha2Api.md +++ b/internal/httpclient/docs/V0alpha2Api.md @@ -897,7 +897,7 @@ import ( func main() { id := "id_example" // string | The Login Flow ID The value for this parameter comes from `flow` URL Query parameter sent to your application (e.g. `/login?flow=abcde`). - cookie := "cookie_example" // string | HTTP Cookies When using the SDK on the server side you must include the HTTP Cookie Header originally sent to your HTTP handler here. (optional) + cookie := "cookie_example" // string | HTTP Cookies When using the SDK in a browser app, on the server side you must include the HTTP Cookie Header sent by the client to your server here. This ensures that CSRF and session cookies are respected. (optional) configuration := openapiclient.NewConfiguration() apiClient := openapiclient.NewAPIClient(configuration) @@ -923,7 +923,7 @@ Other parameters are passed through a pointer to a apiGetSelfServiceLoginFlowReq Name | Type | Description | Notes ------------- | ------------- | ------------- | ------------- **id** | **string** | The Login Flow ID The value for this parameter comes from `flow` URL Query parameter sent to your application (e.g. `/login?flow=abcde`). | - **cookie** | **string** | HTTP Cookies When using the SDK on the server side you must include the HTTP Cookie Header originally sent to your HTTP handler here. | + **cookie** | **string** | HTTP Cookies When using the SDK in a browser app, on the server side you must include the HTTP Cookie Header sent by the client to your server here. This ensures that CSRF and session cookies are respected. | ### Return type @@ -965,7 +965,7 @@ import ( func main() { id := "id_example" // string | The Flow ID The value for this parameter comes from `request` URL Query parameter sent to your application (e.g. `/recovery?flow=abcde`). - cookie := "cookie_example" // string | HTTP Cookies When using the SDK on the server side you must include the HTTP Cookie Header originally sent to your HTTP handler here. (optional) + cookie := "cookie_example" // string | HTTP Cookies When using the SDK in a browser app, on the server side you must include the HTTP Cookie Header sent by the client to your server here. This ensures that CSRF and session cookies are respected. (optional) configuration := openapiclient.NewConfiguration() apiClient := openapiclient.NewAPIClient(configuration) @@ -991,7 +991,7 @@ Other parameters are passed through a pointer to a apiGetSelfServiceRecoveryFlow Name | Type | Description | Notes ------------- | ------------- | ------------- | ------------- **id** | **string** | The Flow ID The value for this parameter comes from `request` URL Query parameter sent to your application (e.g. `/recovery?flow=abcde`). | - **cookie** | **string** | HTTP Cookies When using the SDK on the server side you must include the HTTP Cookie Header originally sent to your HTTP handler here. | + **cookie** | **string** | HTTP Cookies When using the SDK in a browser app, on the server side you must include the HTTP Cookie Header sent by the client to your server here. This ensures that CSRF and session cookies are respected. | ### Return type @@ -1033,7 +1033,7 @@ import ( func main() { id := "id_example" // string | The Registration Flow ID The value for this parameter comes from `flow` URL Query parameter sent to your application (e.g. `/registration?flow=abcde`). - cookie := "cookie_example" // string | HTTP Cookies When using the SDK on the server side you must include the HTTP Cookie Header originally sent to your HTTP handler here. (optional) + cookie := "cookie_example" // string | HTTP Cookies When using the SDK in a browser app, on the server side you must include the HTTP Cookie Header sent by the client to your server here. This ensures that CSRF and session cookies are respected. (optional) configuration := openapiclient.NewConfiguration() apiClient := openapiclient.NewAPIClient(configuration) @@ -1059,7 +1059,7 @@ Other parameters are passed through a pointer to a apiGetSelfServiceRegistration Name | Type | Description | Notes ------------- | ------------- | ------------- | ------------- **id** | **string** | The Registration Flow ID The value for this parameter comes from `flow` URL Query parameter sent to your application (e.g. `/registration?flow=abcde`). | - **cookie** | **string** | HTTP Cookies When using the SDK on the server side you must include the HTTP Cookie Header originally sent to your HTTP handler here. | + **cookie** | **string** | HTTP Cookies When using the SDK in a browser app, on the server side you must include the HTTP Cookie Header sent by the client to your server here. This ensures that CSRF and session cookies are respected. | ### Return type @@ -1102,7 +1102,7 @@ import ( func main() { id := "id_example" // string | ID is the Settings Flow ID The value for this parameter comes from `flow` URL Query parameter sent to your application (e.g. `/settings?flow=abcde`). xSessionToken := "xSessionToken_example" // string | The Session Token When using the SDK in an app without a browser, please include the session token here. (optional) - cookie := "cookie_example" // string | HTTP Cookies When using the SDK on the server side you must include the HTTP Cookie Header originally sent to your HTTP handler here. You only need to do this for browser- based flows. (optional) + cookie := "cookie_example" // string | HTTP Cookies When using the SDK in a browser app, on the server side you must include the HTTP Cookie Header sent by the client to your server here. This ensures that CSRF and session cookies are respected. (optional) configuration := openapiclient.NewConfiguration() apiClient := openapiclient.NewAPIClient(configuration) @@ -1129,7 +1129,7 @@ Name | Type | Description | Notes ------------- | ------------- | ------------- | ------------- **id** | **string** | ID is the Settings Flow ID The value for this parameter comes from `flow` URL Query parameter sent to your application (e.g. `/settings?flow=abcde`). | **xSessionToken** | **string** | The Session Token When using the SDK in an app without a browser, please include the session token here. | - **cookie** | **string** | HTTP Cookies When using the SDK on the server side you must include the HTTP Cookie Header originally sent to your HTTP handler here. You only need to do this for browser- based flows. | + **cookie** | **string** | HTTP Cookies When using the SDK in a browser app, on the server side you must include the HTTP Cookie Header sent by the client to your server here. This ensures that CSRF and session cookies are respected. | ### Return type @@ -2230,7 +2230,7 @@ import ( func main() { flow := "flow_example" // string | The Login Flow ID The value for this parameter comes from `flow` URL Query parameter sent to your application (e.g. `/login?flow=abcde`). xSessionToken := "xSessionToken_example" // string | The Session Token of the Identity performing the settings flow. (optional) - cookie := "cookie_example" // string | CSRF Cookie The CSRF cookie for browsers flow. (optional) + cookie := "cookie_example" // string | HTTP Cookies When using the SDK in a browser app, on the server side you must include the HTTP Cookie Header sent by the client to your server here. This ensures that CSRF and session cookies are respected. (optional) submitSelfServiceLoginFlowBody := openapiclient.submitSelfServiceLoginFlowBody{SubmitSelfServiceLoginFlowWithLookupSecretMethodBody: openapiclient.NewSubmitSelfServiceLoginFlowWithLookupSecretMethodBody("LookupSecret_example", "Method_example")} // SubmitSelfServiceLoginFlowBody | (optional) configuration := openapiclient.NewConfiguration() @@ -2258,7 +2258,7 @@ Name | Type | Description | Notes ------------- | ------------- | ------------- | ------------- **flow** | **string** | The Login Flow ID The value for this parameter comes from `flow` URL Query parameter sent to your application (e.g. `/login?flow=abcde`). | **xSessionToken** | **string** | The Session Token of the Identity performing the settings flow. | - **cookie** | **string** | CSRF Cookie The CSRF cookie for browsers flow. | + **cookie** | **string** | HTTP Cookies When using the SDK in a browser app, on the server side you must include the HTTP Cookie Header sent by the client to your server here. This ensures that CSRF and session cookies are respected. | **submitSelfServiceLoginFlowBody** | [**SubmitSelfServiceLoginFlowBody**](SubmitSelfServiceLoginFlowBody.md) | | ### Return type @@ -2411,7 +2411,7 @@ No authorization required ## SubmitSelfServiceRecoveryFlow -> SelfServiceRecoveryFlow SubmitSelfServiceRecoveryFlow(ctx).Flow(flow).Token(token).SubmitSelfServiceRecoveryFlowBody(submitSelfServiceRecoveryFlowBody).Execute() +> SelfServiceRecoveryFlow SubmitSelfServiceRecoveryFlow(ctx).Flow(flow).Token(token).Cookie(cookie).SubmitSelfServiceRecoveryFlowBody(submitSelfServiceRecoveryFlowBody).Execute() Complete Recovery Flow @@ -2432,11 +2432,12 @@ import ( func main() { flow := "flow_example" // string | The Recovery Flow ID The value for this parameter comes from `flow` URL Query parameter sent to your application (e.g. `/recovery?flow=abcde`). token := "token_example" // string | Recovery Token The recovery token which completes the recovery request. If the token is invalid (e.g. expired) an error will be shown to the end-user. This parameter is usually set in a link and not used by any direct API call. (optional) + cookie := "cookie_example" // string | HTTP Cookies When using the SDK in a browser app, on the server side you must include the HTTP Cookie Header sent by the client to your server here. This ensures that CSRF and session cookies are respected. (optional) submitSelfServiceRecoveryFlowBody := openapiclient.submitSelfServiceRecoveryFlowBody{SubmitSelfServiceRecoveryFlowWithLinkMethodBody: openapiclient.NewSubmitSelfServiceRecoveryFlowWithLinkMethodBody("Email_example", "Method_example")} // SubmitSelfServiceRecoveryFlowBody | (optional) configuration := openapiclient.NewConfiguration() apiClient := openapiclient.NewAPIClient(configuration) - resp, r, err := apiClient.V0alpha2Api.SubmitSelfServiceRecoveryFlow(context.Background()).Flow(flow).Token(token).SubmitSelfServiceRecoveryFlowBody(submitSelfServiceRecoveryFlowBody).Execute() + resp, r, err := apiClient.V0alpha2Api.SubmitSelfServiceRecoveryFlow(context.Background()).Flow(flow).Token(token).Cookie(cookie).SubmitSelfServiceRecoveryFlowBody(submitSelfServiceRecoveryFlowBody).Execute() if err != nil { fmt.Fprintf(os.Stderr, "Error when calling `V0alpha2Api.SubmitSelfServiceRecoveryFlow``: %v\n", err) fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r) @@ -2459,6 +2460,7 @@ Name | Type | Description | Notes ------------- | ------------- | ------------- | ------------- **flow** | **string** | The Recovery Flow ID The value for this parameter comes from `flow` URL Query parameter sent to your application (e.g. `/recovery?flow=abcde`). | **token** | **string** | Recovery Token The recovery token which completes the recovery request. If the token is invalid (e.g. expired) an error will be shown to the end-user. This parameter is usually set in a link and not used by any direct API call. | + **cookie** | **string** | HTTP Cookies When using the SDK in a browser app, on the server side you must include the HTTP Cookie Header sent by the client to your server here. This ensures that CSRF and session cookies are respected. | **submitSelfServiceRecoveryFlowBody** | [**SubmitSelfServiceRecoveryFlowBody**](SubmitSelfServiceRecoveryFlowBody.md) | | ### Return type @@ -2481,7 +2483,7 @@ No authorization required ## SubmitSelfServiceRegistrationFlow -> SuccessfulSelfServiceRegistrationWithoutBrowser SubmitSelfServiceRegistrationFlow(ctx).Flow(flow).SubmitSelfServiceRegistrationFlowBody(submitSelfServiceRegistrationFlowBody).Execute() +> SuccessfulSelfServiceRegistrationWithoutBrowser SubmitSelfServiceRegistrationFlow(ctx).Flow(flow).Cookie(cookie).SubmitSelfServiceRegistrationFlowBody(submitSelfServiceRegistrationFlowBody).Execute() Submit a Registration Flow @@ -2501,11 +2503,12 @@ import ( func main() { flow := "flow_example" // string | The Registration Flow ID The value for this parameter comes from `flow` URL Query parameter sent to your application (e.g. `/registration?flow=abcde`). + cookie := "cookie_example" // string | HTTP Cookies When using the SDK in a browser app, on the server side you must include the HTTP Cookie Header sent by the client to your server here. This ensures that CSRF and session cookies are respected. (optional) submitSelfServiceRegistrationFlowBody := openapiclient.submitSelfServiceRegistrationFlowBody{SubmitSelfServiceRegistrationFlowWithOidcMethodBody: openapiclient.NewSubmitSelfServiceRegistrationFlowWithOidcMethodBody("Method_example", "Provider_example")} // SubmitSelfServiceRegistrationFlowBody | (optional) configuration := openapiclient.NewConfiguration() apiClient := openapiclient.NewAPIClient(configuration) - resp, r, err := apiClient.V0alpha2Api.SubmitSelfServiceRegistrationFlow(context.Background()).Flow(flow).SubmitSelfServiceRegistrationFlowBody(submitSelfServiceRegistrationFlowBody).Execute() + resp, r, err := apiClient.V0alpha2Api.SubmitSelfServiceRegistrationFlow(context.Background()).Flow(flow).Cookie(cookie).SubmitSelfServiceRegistrationFlowBody(submitSelfServiceRegistrationFlowBody).Execute() if err != nil { fmt.Fprintf(os.Stderr, "Error when calling `V0alpha2Api.SubmitSelfServiceRegistrationFlow``: %v\n", err) fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r) @@ -2527,6 +2530,7 @@ Other parameters are passed through a pointer to a apiSubmitSelfServiceRegistrat Name | Type | Description | Notes ------------- | ------------- | ------------- | ------------- **flow** | **string** | The Registration Flow ID The value for this parameter comes from `flow` URL Query parameter sent to your application (e.g. `/registration?flow=abcde`). | + **cookie** | **string** | HTTP Cookies When using the SDK in a browser app, on the server side you must include the HTTP Cookie Header sent by the client to your server here. This ensures that CSRF and session cookies are respected. | **submitSelfServiceRegistrationFlowBody** | [**SubmitSelfServiceRegistrationFlowBody**](SubmitSelfServiceRegistrationFlowBody.md) | | ### Return type @@ -2549,7 +2553,7 @@ No authorization required ## SubmitSelfServiceSettingsFlow -> SelfServiceSettingsFlow SubmitSelfServiceSettingsFlow(ctx).Flow(flow).XSessionToken(xSessionToken).SubmitSelfServiceSettingsFlowBody(submitSelfServiceSettingsFlowBody).Execute() +> SelfServiceSettingsFlow SubmitSelfServiceSettingsFlow(ctx).Flow(flow).XSessionToken(xSessionToken).Cookie(cookie).SubmitSelfServiceSettingsFlowBody(submitSelfServiceSettingsFlowBody).Execute() Complete Settings Flow @@ -2570,11 +2574,12 @@ import ( func main() { flow := "flow_example" // string | The Settings Flow ID The value for this parameter comes from `flow` URL Query parameter sent to your application (e.g. `/settings?flow=abcde`). xSessionToken := "xSessionToken_example" // string | The Session Token of the Identity performing the settings flow. (optional) + cookie := "cookie_example" // string | HTTP Cookies When using the SDK in a browser app, on the server side you must include the HTTP Cookie Header sent by the client to your server here. This ensures that CSRF and session cookies are respected. (optional) submitSelfServiceSettingsFlowBody := openapiclient.submitSelfServiceSettingsFlowBody{SubmitSelfServiceSettingsFlowWithLookupMethodBody: openapiclient.NewSubmitSelfServiceSettingsFlowWithLookupMethodBody("Method_example")} // SubmitSelfServiceSettingsFlowBody | (optional) configuration := openapiclient.NewConfiguration() apiClient := openapiclient.NewAPIClient(configuration) - resp, r, err := apiClient.V0alpha2Api.SubmitSelfServiceSettingsFlow(context.Background()).Flow(flow).XSessionToken(xSessionToken).SubmitSelfServiceSettingsFlowBody(submitSelfServiceSettingsFlowBody).Execute() + resp, r, err := apiClient.V0alpha2Api.SubmitSelfServiceSettingsFlow(context.Background()).Flow(flow).XSessionToken(xSessionToken).Cookie(cookie).SubmitSelfServiceSettingsFlowBody(submitSelfServiceSettingsFlowBody).Execute() if err != nil { fmt.Fprintf(os.Stderr, "Error when calling `V0alpha2Api.SubmitSelfServiceSettingsFlow``: %v\n", err) fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r) @@ -2597,6 +2602,7 @@ Name | Type | Description | Notes ------------- | ------------- | ------------- | ------------- **flow** | **string** | The Settings Flow ID The value for this parameter comes from `flow` URL Query parameter sent to your application (e.g. `/settings?flow=abcde`). | **xSessionToken** | **string** | The Session Token of the Identity performing the settings flow. | + **cookie** | **string** | HTTP Cookies When using the SDK in a browser app, on the server side you must include the HTTP Cookie Header sent by the client to your server here. This ensures that CSRF and session cookies are respected. | **submitSelfServiceSettingsFlowBody** | [**SubmitSelfServiceSettingsFlowBody**](SubmitSelfServiceSettingsFlowBody.md) | | ### Return type @@ -2619,7 +2625,7 @@ No authorization required ## SubmitSelfServiceVerificationFlow -> SelfServiceVerificationFlow SubmitSelfServiceVerificationFlow(ctx).Flow(flow).Token(token).SubmitSelfServiceVerificationFlowBody(submitSelfServiceVerificationFlowBody).Execute() +> SelfServiceVerificationFlow SubmitSelfServiceVerificationFlow(ctx).Flow(flow).Token(token).Cookie(cookie).SubmitSelfServiceVerificationFlowBody(submitSelfServiceVerificationFlowBody).Execute() Complete Verification Flow @@ -2640,11 +2646,12 @@ import ( func main() { flow := "flow_example" // string | The Verification Flow ID The value for this parameter comes from `flow` URL Query parameter sent to your application (e.g. `/verification?flow=abcde`). token := "token_example" // string | Verification Token The verification token which completes the verification request. If the token is invalid (e.g. expired) an error will be shown to the end-user. This parameter is usually set in a link and not used by any direct API call. (optional) + cookie := "cookie_example" // string | HTTP Cookies When using the SDK in a browser app, on the server side you must include the HTTP Cookie Header sent by the client to your server here. This ensures that CSRF and session cookies are respected. (optional) submitSelfServiceVerificationFlowBody := openapiclient.submitSelfServiceVerificationFlowBody{SubmitSelfServiceVerificationFlowWithLinkMethodBody: openapiclient.NewSubmitSelfServiceVerificationFlowWithLinkMethodBody("Email_example", "Method_example")} // SubmitSelfServiceVerificationFlowBody | (optional) configuration := openapiclient.NewConfiguration() apiClient := openapiclient.NewAPIClient(configuration) - resp, r, err := apiClient.V0alpha2Api.SubmitSelfServiceVerificationFlow(context.Background()).Flow(flow).Token(token).SubmitSelfServiceVerificationFlowBody(submitSelfServiceVerificationFlowBody).Execute() + resp, r, err := apiClient.V0alpha2Api.SubmitSelfServiceVerificationFlow(context.Background()).Flow(flow).Token(token).Cookie(cookie).SubmitSelfServiceVerificationFlowBody(submitSelfServiceVerificationFlowBody).Execute() if err != nil { fmt.Fprintf(os.Stderr, "Error when calling `V0alpha2Api.SubmitSelfServiceVerificationFlow``: %v\n", err) fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r) @@ -2667,6 +2674,7 @@ Name | Type | Description | Notes ------------- | ------------- | ------------- | ------------- **flow** | **string** | The Verification Flow ID The value for this parameter comes from `flow` URL Query parameter sent to your application (e.g. `/verification?flow=abcde`). | **token** | **string** | Verification Token The verification token which completes the verification request. If the token is invalid (e.g. expired) an error will be shown to the end-user. This parameter is usually set in a link and not used by any direct API call. | + **cookie** | **string** | HTTP Cookies When using the SDK in a browser app, on the server side you must include the HTTP Cookie Header sent by the client to your server here. This ensures that CSRF and session cookies are respected. | **submitSelfServiceVerificationFlowBody** | [**SubmitSelfServiceVerificationFlowBody**](SubmitSelfServiceVerificationFlowBody.md) | | ### Return type diff --git a/selfservice/flow/login/handler.go b/selfservice/flow/login/handler.go index feaec1d4fd3b..22287d373cc6 100644 --- a/selfservice/flow/login/handler.go +++ b/selfservice/flow/login/handler.go @@ -361,12 +361,12 @@ type getSelfServiceLoginFlow struct { // HTTP Cookies // - // When using the SDK on the server side you must include the HTTP Cookie Header - // originally sent to your HTTP handler here. + // When using the SDK in a browser app, on the server side you must include the HTTP Cookie Header + // sent by the client to your server here. This ensures that CSRF and session cookies are respected. // // in: header // name: Cookie - Cookies string `json:"cookie"` + Cookies string `json:"Cookie"` } // swagger:route GET /self-service/login/flows v0alpha2 getSelfServiceLoginFlow @@ -462,13 +462,14 @@ type submitSelfServiceLoginFlow struct { // in: header SessionToken string `json:"X-Session-Token"` - // CSRF Cookie + // HTTP Cookies // - // The CSRF cookie for browsers flow. + // When using the SDK in a browser app, on the server side you must include the HTTP Cookie Header + // sent by the client to your server here. This ensures that CSRF and session cookies are respected. // // in: header // name: Cookie - Cookies string `json:"cookie"` + Cookies string `json:"Cookie"` } // swagger:model submitSelfServiceLoginFlowBody diff --git a/selfservice/flow/recovery/handler.go b/selfservice/flow/recovery/handler.go index d998de2f5229..837f619a71f3 100644 --- a/selfservice/flow/recovery/handler.go +++ b/selfservice/flow/recovery/handler.go @@ -202,12 +202,12 @@ type getSelfServiceRecoveryFlow struct { // HTTP Cookies // - // When using the SDK on the server side you must include the HTTP Cookie Header - // originally sent to your HTTP handler here. + // When using the SDK in a browser app, on the server side you must include the HTTP Cookie Header + // sent by the client to your server here. This ensures that CSRF and session cookies are respected. // // in: header // name: Cookie - Cookies string `json:"cookie"` + Cookies string `json:"Cookie"` } // swagger:route GET /self-service/recovery/flows v0alpha2 getSelfServiceRecoveryFlow @@ -307,6 +307,15 @@ type submitSelfServiceRecoveryFlow struct { // in: body Body submitSelfServiceRecoveryFlowBody + + // HTTP Cookies + // + // When using the SDK in a browser app, on the server side you must include the HTTP Cookie Header + // sent by the client to your server here. This ensures that CSRF and session cookies are respected. + // + // in: header + // name: Cookie + Cookies string `json:"Cookie"` } // swagger:model submitSelfServiceRecoveryFlowBody diff --git a/selfservice/flow/registration/handler.go b/selfservice/flow/registration/handler.go index 89f03bfc1e70..af6bd3fa67a9 100644 --- a/selfservice/flow/registration/handler.go +++ b/selfservice/flow/registration/handler.go @@ -261,12 +261,12 @@ type getSelfServiceRegistrationFlow struct { // HTTP Cookies // - // When using the SDK on the server side you must include the HTTP Cookie Header - // originally sent to your HTTP handler here. + // When using the SDK in a browser app, on the server side you must include the HTTP Cookie Header + // sent by the client to your server here. This ensures that CSRF and session cookies are respected. // // in: header // name: Cookie - Cookies string `json:"cookie"` + Cookies string `json:"Cookie"` } // swagger:route GET /self-service/registration/flows v0alpha2 getSelfServiceRegistrationFlow @@ -362,6 +362,15 @@ type submitSelfServiceRegistrationFlow struct { // in: body Body submitSelfServiceRegistrationFlowBody + + // HTTP Cookies + // + // When using the SDK in a browser app, on the server side you must include the HTTP Cookie Header + // sent by the client to your server here. This ensures that CSRF and session cookies are respected. + // + // in: header + // name: Cookie + Cookies string `json:"Cookie"` } // swagger:model submitSelfServiceRegistrationFlowBody diff --git a/selfservice/flow/settings/handler.go b/selfservice/flow/settings/handler.go index 36a4a6111ddb..a685d67acf98 100644 --- a/selfservice/flow/settings/handler.go +++ b/selfservice/flow/settings/handler.go @@ -303,13 +303,12 @@ type getSelfServiceSettingsFlow struct { // HTTP Cookies // - // When using the SDK on the server side you must include the HTTP Cookie Header - // originally sent to your HTTP handler here. You only need to do this for browser- - // based flows. + // When using the SDK in a browser app, on the server side you must include the HTTP Cookie Header + // sent by the client to your server here. This ensures that CSRF and session cookies are respected. // // in: header // name: Cookie - Cookies string `json:"cookie"` + Cookies string `json:"Cookie"` } // swagger:route GET /self-service/settings/flows v0alpha2 getSelfServiceSettingsFlow @@ -414,6 +413,15 @@ type submitSelfServiceSettingsFlow struct { // // in: header SessionToken string `json:"X-Session-Token"` + + // HTTP Cookies + // + // When using the SDK in a browser app, on the server side you must include the HTTP Cookie Header + // sent by the client to your server here. This ensures that CSRF and session cookies are respected. + // + // in: header + // name: Cookie + Cookies string `json:"Cookie"` } // swagger:model submitSelfServiceSettingsFlowBody diff --git a/selfservice/flow/verification/handler.go b/selfservice/flow/verification/handler.go index 41b816bb2851..a8decc539444 100644 --- a/selfservice/flow/verification/handler.go +++ b/selfservice/flow/verification/handler.go @@ -289,6 +289,15 @@ type submitSelfServiceVerificationFlow struct { // in: body Body submitSelfServiceVerificationFlowBody + + // HTTP Cookies + // + // When using the SDK in a browser app, on the server side you must include the HTTP Cookie Header + // sent by the client to your server here. This ensures that CSRF and session cookies are respected. + // + // in: header + // name: Cookie + Cookies string `json:"Cookie"` } // nolint:deadcode,unused diff --git a/spec/api.json b/spec/api.json index 87bedb3521df..ce940acadb8d 100755 --- a/spec/api.json +++ b/spec/api.json @@ -3181,9 +3181,9 @@ } }, { - "description": "CSRF Cookie\n\nThe CSRF cookie for browsers flow.", + "description": "HTTP Cookies\n\nWhen using the SDK in a browser app, on the server side you must include the HTTP Cookie Header\nsent by the client to your server here. This ensures that CSRF and session cookies are respected.", "in": "header", - "name": "cookie", + "name": "Cookie", "schema": { "type": "string" } @@ -3419,9 +3419,9 @@ } }, { - "description": "HTTP Cookies\n\nWhen using the SDK on the server side you must include the HTTP Cookie Header\noriginally sent to your HTTP handler here.", + "description": "HTTP Cookies\n\nWhen using the SDK in a browser app, on the server side you must include the HTTP Cookie Header\nsent by the client to your server here. This ensures that CSRF and session cookies are respected.", "in": "header", - "name": "cookie", + "name": "Cookie", "schema": { "type": "string" } @@ -3650,6 +3650,14 @@ "schema": { "type": "string" } + }, + { + "description": "HTTP Cookies\n\nWhen using the SDK in a browser app, on the server side you must include the HTTP Cookie Header\nsent by the client to your server here. This ensures that CSRF and session cookies are respected.", + "in": "header", + "name": "Cookie", + "schema": { + "type": "string" + } } ], "requestBody": { @@ -3830,9 +3838,9 @@ } }, { - "description": "HTTP Cookies\n\nWhen using the SDK on the server side you must include the HTTP Cookie Header\noriginally sent to your HTTP handler here.", + "description": "HTTP Cookies\n\nWhen using the SDK in a browser app, on the server side you must include the HTTP Cookie Header\nsent by the client to your server here. This ensures that CSRF and session cookies are respected.", "in": "header", - "name": "cookie", + "name": "Cookie", "schema": { "type": "string" } @@ -3899,6 +3907,14 @@ "schema": { "type": "string" } + }, + { + "description": "HTTP Cookies\n\nWhen using the SDK in a browser app, on the server side you must include the HTTP Cookie Header\nsent by the client to your server here. This ensures that CSRF and session cookies are respected.", + "in": "header", + "name": "Cookie", + "schema": { + "type": "string" + } } ], "requestBody": { @@ -4079,9 +4095,9 @@ } }, { - "description": "HTTP Cookies\n\nWhen using the SDK on the server side you must include the HTTP Cookie Header\noriginally sent to your HTTP handler here.", + "description": "HTTP Cookies\n\nWhen using the SDK in a browser app, on the server side you must include the HTTP Cookie Header\nsent by the client to your server here. This ensures that CSRF and session cookies are respected.", "in": "header", - "name": "cookie", + "name": "Cookie", "schema": { "type": "string" } @@ -4166,6 +4182,14 @@ "schema": { "type": "string" } + }, + { + "description": "HTTP Cookies\n\nWhen using the SDK in a browser app, on the server side you must include the HTTP Cookie Header\nsent by the client to your server here. This ensures that CSRF and session cookies are respected.", + "in": "header", + "name": "Cookie", + "schema": { + "type": "string" + } } ], "requestBody": { @@ -4419,9 +4443,9 @@ } }, { - "description": "HTTP Cookies\n\nWhen using the SDK on the server side you must include the HTTP Cookie Header\noriginally sent to your HTTP handler here. You only need to do this for browser-\nbased flows.", + "description": "HTTP Cookies\n\nWhen using the SDK in a browser app, on the server side you must include the HTTP Cookie Header\nsent by the client to your server here. This ensures that CSRF and session cookies are respected.", "in": "header", - "name": "cookie", + "name": "Cookie", "schema": { "type": "string" } @@ -4516,6 +4540,14 @@ "schema": { "type": "string" } + }, + { + "description": "HTTP Cookies\n\nWhen using the SDK in a browser app, on the server side you must include the HTTP Cookie Header\nsent by the client to your server here. This ensures that CSRF and session cookies are respected.", + "in": "header", + "name": "Cookie", + "schema": { + "type": "string" + } } ], "requestBody": { diff --git a/spec/swagger.json b/spec/swagger.json index 9ac9b7f41208..d6f9b50d300e 100755 --- a/spec/swagger.json +++ b/spec/swagger.json @@ -833,8 +833,8 @@ }, { "type": "string", - "description": "CSRF Cookie\n\nThe CSRF cookie for browsers flow.", - "name": "cookie", + "description": "HTTP Cookies\n\nWhen using the SDK in a browser app, on the server side you must include the HTTP Cookie Header\nsent by the client to your server here. This ensures that CSRF and session cookies are respected.", + "name": "Cookie", "in": "header" } ], @@ -1017,8 +1017,8 @@ }, { "type": "string", - "description": "HTTP Cookies\n\nWhen using the SDK on the server side you must include the HTTP Cookie Header\noriginally sent to your HTTP handler here.", - "name": "cookie", + "description": "HTTP Cookies\n\nWhen using the SDK in a browser app, on the server side you must include the HTTP Cookie Header\nsent by the client to your server here. This ensures that CSRF and session cookies are respected.", + "name": "Cookie", "in": "header" } ], @@ -1232,6 +1232,12 @@ "schema": { "$ref": "#/definitions/submitSelfServiceRecoveryFlowBody" } + }, + { + "type": "string", + "description": "HTTP Cookies\n\nWhen using the SDK in a browser app, on the server side you must include the HTTP Cookie Header\nsent by the client to your server here. This ensures that CSRF and session cookies are respected.", + "name": "Cookie", + "in": "header" } ], "responses": { @@ -1369,8 +1375,8 @@ }, { "type": "string", - "description": "HTTP Cookies\n\nWhen using the SDK on the server side you must include the HTTP Cookie Header\noriginally sent to your HTTP handler here.", - "name": "cookie", + "description": "HTTP Cookies\n\nWhen using the SDK in a browser app, on the server side you must include the HTTP Cookie Header\nsent by the client to your server here. This ensures that CSRF and session cookies are respected.", + "name": "Cookie", "in": "header" } ], @@ -1435,6 +1441,12 @@ "schema": { "$ref": "#/definitions/submitSelfServiceRegistrationFlowBody" } + }, + { + "type": "string", + "description": "HTTP Cookies\n\nWhen using the SDK in a browser app, on the server side you must include the HTTP Cookie Header\nsent by the client to your server here. This ensures that CSRF and session cookies are respected.", + "name": "Cookie", + "in": "header" } ], "responses": { @@ -1575,8 +1587,8 @@ }, { "type": "string", - "description": "HTTP Cookies\n\nWhen using the SDK on the server side you must include the HTTP Cookie Header\noriginally sent to your HTTP handler here.", - "name": "cookie", + "description": "HTTP Cookies\n\nWhen using the SDK in a browser app, on the server side you must include the HTTP Cookie Header\nsent by the client to your server here. This ensures that CSRF and session cookies are respected.", + "name": "Cookie", "in": "header" } ], @@ -1658,6 +1670,12 @@ "description": "The Session Token of the Identity performing the settings flow.", "name": "X-Session-Token", "in": "header" + }, + { + "type": "string", + "description": "HTTP Cookies\n\nWhen using the SDK in a browser app, on the server side you must include the HTTP Cookie Header\nsent by the client to your server here. This ensures that CSRF and session cookies are respected.", + "name": "Cookie", + "in": "header" } ], "responses": { @@ -1839,8 +1857,8 @@ }, { "type": "string", - "description": "HTTP Cookies\n\nWhen using the SDK on the server side you must include the HTTP Cookie Header\noriginally sent to your HTTP handler here. You only need to do this for browser-\nbased flows.", - "name": "cookie", + "description": "HTTP Cookies\n\nWhen using the SDK in a browser app, on the server side you must include the HTTP Cookie Header\nsent by the client to your server here. This ensures that CSRF and session cookies are respected.", + "name": "Cookie", "in": "header" } ], @@ -1923,6 +1941,12 @@ "schema": { "$ref": "#/definitions/submitSelfServiceVerificationFlowBody" } + }, + { + "type": "string", + "description": "HTTP Cookies\n\nWhen using the SDK in a browser app, on the server side you must include the HTTP Cookie Header\nsent by the client to your server here. This ensures that CSRF and session cookies are respected.", + "name": "Cookie", + "in": "header" } ], "responses": { From 1090a82b9eae662543393c7bff9a180a10c5df7a Mon Sep 17 00:00:00 2001 From: Patrik Date: Mon, 16 May 2022 12:13:46 +0200 Subject: [PATCH 048/411] chore(deps): bump `ory/x` --- cmd/identities/delete.go | 4 +--- cmd/identities/get.go | 4 +--- cmd/identities/import.go | 3 +-- cmd/identities/list.go | 4 +--- go.mod | 5 +---- go.sum | 10 ++-------- 6 files changed, 7 insertions(+), 23 deletions(-) diff --git a/cmd/identities/delete.go b/cmd/identities/delete.go index c3bcd33e2b7e..9b2b23e2d3f4 100644 --- a/cmd/identities/delete.go +++ b/cmd/identities/delete.go @@ -3,8 +3,6 @@ package identities import ( "fmt" - "github.com/ory/x/cloudx" - "github.com/spf13/cobra" "github.com/ory/kratos/cmd/cliclient" @@ -48,7 +46,7 @@ func NewDeleteIdentityCmd(root *cobra.Command) *cobra.Command { for _, a := range args { _, err := c.V0alpha2Api.AdminDeleteIdentity(cmd.Context(), a).Execute() if err != nil { - failed[a] = cloudx.PrintOpenAPIError(cmd, err) + failed[a] = cmdx.PrintOpenAPIError(cmd, err) continue } deleted = append(deleted, outputIder(a)) diff --git a/cmd/identities/get.go b/cmd/identities/get.go index d6f617faeda5..ed34feb30775 100644 --- a/cmd/identities/get.go +++ b/cmd/identities/get.go @@ -3,8 +3,6 @@ package identities import ( "fmt" - "github.com/ory/x/cloudx" - kratos "github.com/ory/kratos-client-go" "github.com/ory/kratos/x" "github.com/ory/x/cmdx" @@ -71,7 +69,7 @@ func NewGetIdentityCmd(root *cobra.Command) *cobra.Command { Execute() if x.SDKError(err) != nil { - failed[id] = cloudx.PrintOpenAPIError(cmd, err) + failed[id] = cmdx.PrintOpenAPIError(cmd, err) continue } diff --git a/cmd/identities/import.go b/cmd/identities/import.go index a78a5bc62484..dba55d0de5f8 100644 --- a/cmd/identities/import.go +++ b/cmd/identities/import.go @@ -6,7 +6,6 @@ import ( kratos "github.com/ory/kratos-client-go" - "github.com/ory/x/cloudx" "github.com/ory/x/cmdx" "github.com/spf13/cobra" @@ -75,7 +74,7 @@ WARNING: Importing credentials is not yet supported.`, ident, _, err := c.V0alpha2Api.AdminCreateIdentity(cmd.Context()).AdminCreateIdentityBody(params).Execute() if err != nil { - failed[src] = cloudx.PrintOpenAPIError(cmd, err) + failed[src] = cmdx.PrintOpenAPIError(cmd, err) } else { imported = append(imported, *ident) } diff --git a/cmd/identities/list.go b/cmd/identities/list.go index e1f8ac744468..fde22ed4946a 100644 --- a/cmd/identities/list.go +++ b/cmd/identities/list.go @@ -4,8 +4,6 @@ import ( "fmt" "strconv" - "github.com/ory/x/cloudx" - "github.com/ory/x/cmdx" "github.com/spf13/cobra" @@ -65,7 +63,7 @@ func NewListIdentitiesCmd(root *cobra.Command) *cobra.Command { identities, _, err := req.Execute() if err != nil { - return cloudx.PrintOpenAPIError(cmd, err) + return cmdx.PrintOpenAPIError(cmd, err) } cmdx.PrintTable(cmd, &outputIdentityCollection{ diff --git a/go.mod b/go.mod index f8158cc3595d..c079bcbf3bdb 100644 --- a/go.mod +++ b/go.mod @@ -76,7 +76,7 @@ require ( github.com/ory/kratos-client-go v0.6.3-alpha.1 github.com/ory/mail/v3 v3.0.0 github.com/ory/nosurf v1.2.7 - github.com/ory/x v0.0.384 + github.com/ory/x v0.0.386 github.com/phayes/freeport v0.0.0-20180830031419-95f893ade6f2 github.com/pkg/errors v0.9.1 github.com/pquerna/otp v1.3.0 @@ -175,7 +175,6 @@ require ( github.com/gobuffalo/validate/v3 v3.3.1 // indirect github.com/goccy/go-yaml v1.9.5 // indirect github.com/gofrs/flock v0.8.1 // indirect - github.com/gofrs/uuid/v3 v3.1.2 // indirect github.com/gogo/protobuf v1.3.2 // indirect github.com/golang/glog v1.0.0 // indirect github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect @@ -245,7 +244,6 @@ require ( github.com/opencontainers/image-spec v1.0.2 // indirect github.com/opencontainers/runc v1.0.2 // indirect github.com/openzipkin/zipkin-go v0.4.0 // indirect - github.com/ory/client-go v0.0.1-alpha.138 // indirect github.com/ory/viper v1.7.5 // indirect github.com/pborman/uuid v1.2.1 // indirect github.com/pelletier/go-toml v1.9.4 // indirect @@ -270,7 +268,6 @@ require ( github.com/spf13/cast v1.4.1 // indirect github.com/spf13/jwalterweatherman v1.1.0 // indirect github.com/spf13/viper v1.10.0 // indirect - github.com/square/go-jose/v3 v3.0.0-20200630053402-0a67ce9b0693 // indirect github.com/subosito/gotenv v1.2.0 // indirect github.com/tidwall/match v1.1.1 // indirect github.com/tidwall/pretty v1.2.0 // indirect diff --git a/go.sum b/go.sum index d2f30a2ac2e8..44d0d2e8aaee 100644 --- a/go.sum +++ b/go.sum @@ -801,8 +801,6 @@ github.com/gofrs/uuid v3.2.0+incompatible/go.mod h1:b2aQJv3Z4Fp6yNu3cdSllBxTCLRx github.com/gofrs/uuid v4.0.0+incompatible/go.mod h1:b2aQJv3Z4Fp6yNu3cdSllBxTCLRxnplIgP/c0N/04lM= github.com/gofrs/uuid v4.1.0+incompatible h1:sIa2eCvUTwgjbqXrPLfNwUf9S3i3mpH1O1atV+iL/Wk= github.com/gofrs/uuid v4.1.0+incompatible/go.mod h1:b2aQJv3Z4Fp6yNu3cdSllBxTCLRxnplIgP/c0N/04lM= -github.com/gofrs/uuid/v3 v3.1.2 h1:V3IBv1oU82x6YIr5txe3azVHgmOKYdyKQTowm9moBlY= -github.com/gofrs/uuid/v3 v3.1.2/go.mod h1:xPwMqoocQ1L5G6pXX5BcE7N5jlzn2o19oqAKxwZW/kI= github.com/gogo/googleapis v1.1.0/go.mod h1:gf4bu3Q80BeJ6H1S1vYPm8/ELATdvryBaNFGgqEef3s= github.com/gogo/googleapis v1.2.0/go.mod h1:Njal3psf3qN6dwBtQfUmBZh2ybovJ0tlu3o/AC7HYjU= github.com/gogo/googleapis v1.4.0/go.mod h1:5YRNX2z1oM5gXdAkurHa942MDgEJyk02w4OecKY87+c= @@ -1464,8 +1462,6 @@ github.com/openzipkin/zipkin-go v0.4.0 h1:CtfRrOVZtbDj8rt1WXjklw0kqqJQwICrCKmlfU github.com/openzipkin/zipkin-go v0.4.0/go.mod h1:4c3sLeE8xjNqehmF5RpAFLPLJxXscc0R4l6Zg0P1tTQ= github.com/ory/analytics-go/v4 v4.0.3 h1:2zNBQLlm3UiD8U7DdUGLLUBm62ZA5GtbEJ3S5U+xEOI= github.com/ory/analytics-go/v4 v4.0.3/go.mod h1:A3Chm/3TmM8jw4nqRss+gFhAYHRI5j/HFYH3C1FRahU= -github.com/ory/client-go v0.0.1-alpha.138 h1:1Mq+PJz7Q1NA8N+Nntlw6DCq4piMdXFexJ1gAR7d2vE= -github.com/ory/client-go v0.0.1-alpha.138/go.mod h1:dWbi9DBEjiDXwyuJ1+A2WT1/bIp9HwvVxZxzHzp4YHU= github.com/ory/dockertest/v3 v3.8.1 h1:vU/8d1We4qIad2YM0kOwRVtnyue7ExvacPiw1yDm17g= github.com/ory/dockertest/v3 v3.8.1/go.mod h1:wSRQ3wmkz+uSARYMk7kVJFDBGm8x5gSxIhI7NDc+BAQ= github.com/ory/go-acc v0.2.6 h1:YfI+L9dxI7QCtWn2RbawqO0vXhiThdXu/RgizJBbaq0= @@ -1488,8 +1484,8 @@ github.com/ory/sessions v1.2.2-0.20220110165800-b09c17334dc2 h1:zm6sDvHy/U9XrGpi github.com/ory/sessions v1.2.2-0.20220110165800-b09c17334dc2/go.mod h1:dk2InVEVJ0sfLlnXv9EAgkf6ecYs/i80K/zI+bUmuGM= github.com/ory/viper v1.7.5 h1:+xVdq7SU3e1vNaCsk/ixsfxE4zylk1TJUiJrY647jUE= github.com/ory/viper v1.7.5/go.mod h1:ypOuyJmEUb3oENywQZRgeAMwqgOyDqwboO1tj3DjTaM= -github.com/ory/x v0.0.384 h1:/zP9ijaLTfK7ExQ+NNLbXi0+M1IqDVDFpvpnb544xuY= -github.com/ory/x v0.0.384/go.mod h1:w+51WCfsZYoUf6WesKN3nFBYk2d2PUZhS5Pvo0xhHF8= +github.com/ory/x v0.0.386 h1:XQS2VAMvbWlpNUSEqitlx5FkNBdOfUMuJ/1SlUUM5j0= +github.com/ory/x v0.0.386/go.mod h1:FRfCy/kGTj71VVJ8BpA8IX11H6hYqcHaJNyYnbZavjg= github.com/otiai10/copy v1.2.0/go.mod h1:rrF5dJ5F0t/EWSYODDu4j9/vEeYHMkc8jt0zJChqQWw= github.com/otiai10/curr v0.0.0-20150429015615-9b4961190c95/go.mod h1:9qAhocn7zKJG+0mI8eUu6xqkFDYS2kb2saOteoSB3cE= github.com/otiai10/curr v1.0.0/go.mod h1:LskTG5wDwr8Rs+nNQ+1LlxRjAtTZZjtJW4rMXl6j4vs= @@ -1727,7 +1723,6 @@ github.com/spf13/viper v1.10.0 h1:mXH0UwHS4D2HwWZa75im4xIQynLfblmWV7qcWpfv0yk= github.com/spf13/viper v1.10.0/go.mod h1:SoyBPwAtKDzypXNDFKN5kzH7ppppbGZtls1UpIy5AsM= github.com/sqs/goreturns v0.0.0-20181028201513-538ac6014518 h1:iD+PFTQwKEmbwSdwfvP5ld2WEI/g7qbdhmHJ2ASfYGs= github.com/sqs/goreturns v0.0.0-20181028201513-538ac6014518/go.mod h1:CKI4AZ4XmGV240rTHfO0hfE83S6/a3/Q1siZJ/vXf7A= -github.com/square/go-jose/v3 v3.0.0-20200630053402-0a67ce9b0693 h1:wD1IWQwAhdWclCwaf6DdzgCAe9Bfz1M+4AHRd7N786Y= github.com/square/go-jose/v3 v3.0.0-20200630053402-0a67ce9b0693/go.mod h1:6hSY48PjDm4UObWmGLyJE9DxYVKTgR9kbCspXXJEhcU= github.com/src-d/gcfg v1.4.0/go.mod h1:p/UMsR43ujA89BJY9duynAwIpvqEujIH/jFlfL7jWoI= github.com/stefanberger/go-pkcs11uri v0.0.0-20201008174630-78d3cae3a980/go.mod h1:AO3tvPzVZ/ayst6UlUKUv6rcPQInYe3IknH3jYhAKu8= @@ -2150,7 +2145,6 @@ golang.org/x/oauth2 v0.0.0-20201208152858-08078c50e5b5/go.mod h1:KelEdhl1UZF7XfJ golang.org/x/oauth2 v0.0.0-20210218202405-ba52d332ba99/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20210220000619-9bb904979d93/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20210313182246-cd4f82c27b84/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/oauth2 v0.0.0-20210323180902-22b0adad7558/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20210402161424-2e8d93401602/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20210413134643-5e61552d6c78/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20210427180440-81ed05c6b58c/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= From 96bcba06f672ed2903b98332a8221fbbf792b31c Mon Sep 17 00:00:00 2001 From: ory-bot <60093411+ory-bot@users.noreply.github.com> Date: Mon, 16 May 2022 12:00:57 +0000 Subject: [PATCH 049/411] autogen(docs): regenerate and update changelog [skip ci] --- CHANGELOG.md | 19 +++++++++++++++++-- 1 file changed, 17 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 63f90e2c63bf..22d73f6c38ef 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,7 +4,7 @@ **Table of Contents** -- [ (2022-05-08)](#2022-05-08) +- [ (2022-05-16)](#2022-05-16) - [Breaking Changes](#breaking-changes) - [Bug Fixes](#bug-fixes) - [Code Refactoring](#code-refactoring) @@ -252,7 +252,7 @@ -# [](https://github.com/ory/kratos/compare/v0.9.0-alpha.3...v) (2022-05-08) +# [](https://github.com/ory/kratos/compare/v0.9.0-alpha.3...v) (2022-05-16) ## Breaking Changes This patch moves several CLI command to comply with the Ory CLI command structure: @@ -309,6 +309,7 @@ This patch moves several CLI command to comply with the Ory CLI command structur ### Bug Fixes +* Add indices for slow queries ([e0cdbc9](https://github.com/ory/kratos/commit/e0cdbc9ab3389de0f65b37758d86bea56d294d64)) * Add legacy session value ([ecfd052](https://github.com/ory/kratos/commit/ecfd05216f5ebb70f1617595d2d398cf1fa3c660)), closes [#2398](https://github.com/ory/kratos/issues/2398) * Avoid excessive memory allocations in HIBP cache ([#2389](https://github.com/ory/kratos/issues/2389)) ([ee2d410](https://github.com/ory/kratos/commit/ee2d41057a7e6cb2c57c6304c2e7bbf5ad7c56da)), closes [#2354](https://github.com/ory/kratos/issues/2354) * Change SQLite database mode to 0600 ([#2344](https://github.com/ory/kratos/issues/2344)) ([0e5d3b7](https://github.com/ory/kratos/commit/0e5d3b7726a8923fbc2a4c10ec18f0ba97ffbcff)): @@ -321,33 +322,45 @@ This patch moves several CLI command to comply with the Ory CLI command structur * **Dockerfile:** Use existing builder base image ([#2390](https://github.com/ory/kratos/issues/2390)) ([37de25a](https://github.com/ory/kratos/commit/37de25a541a24e03407ecf344fb750775e48c782)) * Get user first name and last name from Apple ([#2331](https://github.com/ory/kratos/issues/2331)) ([4779909](https://github.com/ory/kratos/commit/47799098b35ea1cf5a1163f57d872a5bb2242d97)) * Improve error reporting from OpenAPI ([8a1009b](https://github.com/ory/kratos/commit/8a1009b16653df13485bab8e33926967c449bf4e)) +* Improve performance of identity schema call ([af28de2](https://github.com/ory/kratos/commit/af28de267f21cd72953f3f353d8fd587937b2249)) * Internal Server Error on Empty PUT /identities/id body ([#2417](https://github.com/ory/kratos/issues/2417)) ([5a50231](https://github.com/ory/kratos/commit/5a50231b553aaa64bd90a3d2cd1be9d2e3aba9ac)) * Load return_to and append to errors ([#2333](https://github.com/ory/kratos/issues/2333)) ([5efe4a3](https://github.com/ory/kratos/commit/5efe4a33e35e74d248d4eec43dc901b7b6334037)), closes [#2275](https://github.com/ory/kratos/issues/2275) [#2279](https://github.com/ory/kratos/issues/2279) [#2285](https://github.com/ory/kratos/issues/2285) * Make delete formattable ([0005f35](https://github.com/ory/kratos/commit/0005f357a049ecbf94d76a1e73434837753a04ea)) * New issue templates ([b9ad684](https://github.com/ory/kratos/commit/b9ad684311ee8c654b2fa382010315e892581f5c)) +* Openapi regression ([#2465](https://github.com/ory/kratos/issues/2465)) ([37a3369](https://github.com/ory/kratos/commit/37a3369cea8ed5af34e8324a291a7d7dba0eb43a)) * Refresh is always false when session exists ([d3436d7](https://github.com/ory/kratos/commit/d3436d7fa17589d91e25c9f0bd66bc3bb5b150fa)), closes [#2341](https://github.com/ory/kratos/issues/2341) * Remove required legacy field ([#2410](https://github.com/ory/kratos/issues/2410)) ([638d45c](https://github.com/ory/kratos/commit/638d45caf480b7287c9762cbf3c593217f40e3e8)) * Remove wrong templates ([4fe2d25](https://github.com/ory/kratos/commit/4fe2d25dd68033a8d7b3dd5f62d87b23a7ba361d)) +* Reorder transactions ([78ca4c6](https://github.com/ory/kratos/commit/78ca4c6ca5a49b0800d9c34954638a926d80078b)) +* Resolve index naming issues ([d5550b5](https://github.com/ory/kratos/commit/d5550b5ddc4e1677e4c4f808578f573760c6581e)) +* Resolve MySQL index issues ([50bdba9](https://github.com/ory/kratos/commit/50bdba9f1117c60e80e153416bc997187b4a60b7)) +* Resolve otelx panics ([6613a02](https://github.com/ory/kratos/commit/6613a02b8fd5f6f06e9b6301bdc39037771b3d9b)) * **sdk:** Improved OpenAPI specifications for UI nodes ([#2375](https://github.com/ory/kratos/issues/2375)) ([a42a0f7](https://github.com/ory/kratos/commit/a42a0f772af3625c457032d6dcc34289a62acc61)), closes [#2357](https://github.com/ory/kratos/issues/2357) * Serve.admin.request_log.disable_for_health behaviour ([#2399](https://github.com/ory/kratos/issues/2399)) ([0a381fa](https://github.com/ory/kratos/commit/0a381fa3d702f77e614d0492dafa3ac2cd102c7e)) +* **sql:** Add additional join argument to resolve MySQL query issue ([854e5cb](https://github.com/ory/kratos/commit/854e5cba80cad52b58571587980c00c038ff6596)), closes [#2262](https://github.com/ory/kratos/issues/2262) * Use `path` instead of `filepath` to join http route paths ([16b1244](https://github.com/ory/kratos/commit/16b12449c841bf7a237fe436b884b4b5012cd022)), closes [#2292](https://github.com/ory/kratos/issues/2292) +* Use JOIN instead of iterative queries ([0998cfb](https://github.com/ory/kratos/commit/0998cfb2fdda27ba8baeebcc603aae5fbe5c901f)), closes [#2402](https://github.com/ory/kratos/issues/2402) * Use pointer of string for PasswordIdentifier in example code ([#2421](https://github.com/ory/kratos/issues/2421)) ([61f12e7](https://github.com/ory/kratos/commit/61f12e7579c7c337d0f415ac2b4029790c659c3d)) * Use predictable SQLite in memory DSNs ([#2415](https://github.com/ory/kratos/issues/2415)) ([51a13f7](https://github.com/ory/kratos/commit/51a13f712d38a942772b3f4c014971ecb4658d7a)), closes [#2059](https://github.com/ory/kratos/issues/2059) ### Code Refactoring +* Deprecate fizz renderer ([5277668](https://github.com/ory/kratos/commit/5277668b1324173df95db5e9e4b96ed841ff088b)) * Move CLI commands to match Ory CLI structure ([d11a9a9](https://github.com/ory/kratos/commit/d11a9a9dafdebb53ed9a8359496eb70b8adb99dd)) * Move CLI commands to match Ory CLI structure ([73910a3](https://github.com/ory/kratos/commit/73910a329b1ee46de2607c7ab1958ef2fb6de5f4)) ### Documentation +* Add docs about change in default schema ([#2447](https://github.com/ory/kratos/issues/2447)) ([5093cd4](https://github.com/ory/kratos/commit/5093cd47f22311c2e1fdbffd82f0494806076f08)) * Remove notice importing credentials not possible ([#2418](https://github.com/ory/kratos/issues/2418)) ([b80ed69](https://github.com/ory/kratos/commit/b80ed6955518003ae6b7f647dffd2d49cc999fbc)) ### Features * Add certificate based authentication for smtp client ([#2351](https://github.com/ory/kratos/issues/2351)) ([7200037](https://github.com/ory/kratos/commit/72000375c028f5f7f9cb0d0b1b02f8aa09503e4f)) +* Add localName to smtp config ([#2445](https://github.com/ory/kratos/issues/2445)) ([27336b6](https://github.com/ory/kratos/commit/27336b63b0c11c1667d5a07230bed82283475aa4)), closes [#2425](https://github.com/ory/kratos/issues/2425) * Add session renew capabilities ([#2146](https://github.com/ory/kratos/issues/2146)) ([4348b86](https://github.com/ory/kratos/commit/4348b8640a282cd61fe30961faba5753e2af8bb0)), closes [#615](https://github.com/ory/kratos/issues/615) * Add support for netID provider ([#2394](https://github.com/ory/kratos/issues/2394)) ([ee7fc79](https://github.com/ory/kratos/commit/ee7fc79d49cd6d8f2985809585d1675c8e2ed376)) +* Add tracing to persister ([391c54e](https://github.com/ory/kratos/commit/391c54eb3ba721e4912a7a4676acc2f630be2a72)) * **identity:** Add admin and public metadata fields ([562e340](https://github.com/ory/kratos/commit/562e340fe980e7c65ab3fc41f82a2a8899a33bfa)), closes [#2388](https://github.com/ory/kratos/issues/2388) [#47](https://github.com/ory/kratos/issues/47): This patch adds two new keys to identities, `metadata_public` and `metadata_admin` that can be used to store additional metadata about identities in Ory. @@ -360,6 +373,8 @@ This patch moves several CLI command to comply with the Ory CLI command structur +* **sdk:** Add cookie headers to all form submissions ([#2467](https://github.com/ory/kratos/issues/2467)) ([9a969fd](https://github.com/ory/kratos/commit/9a969fd927ae8436a863e91ecb6574cb3bb1c3a6)), closes [#2003](https://github.com/ory/kratos/issues/2003) [#2454](https://github.com/ory/kratos/issues/2454) +* **sdk:** Add csrf cookie for login flow submission ([#2454](https://github.com/ory/kratos/issues/2454)) ([2bffee8](https://github.com/ory/kratos/commit/2bffee81f0e8a98851a3e11b4fc4969d95e9b445)) * Support argon2i password ([#2395](https://github.com/ory/kratos/issues/2395)) ([8fdadf9](https://github.com/ory/kratos/commit/8fdadf9d1724d28ae11996304703e06671549660)) * Switch to opentelemetry tracing ([#2318](https://github.com/ory/kratos/issues/2318)) ([121a4d3](https://github.com/ory/kratos/commit/121a4d3fc0f396e8da50ad1985cacf68a5c85a12)) * Upgrade to Go 1.18 ([725d202](https://github.com/ory/kratos/commit/725d202e6ae15b3b5c3282e03c03a40480a2e310)) From 93bf1e2cd53f3a4de3ff414017c17813d36b56da Mon Sep 17 00:00:00 2001 From: Patrik Date: Mon, 16 May 2022 18:03:02 +0200 Subject: [PATCH 050/411] fix: unreliable HIBP caching strategy (#2468) --- selfservice/strategy/password/validator.go | 35 +++-- .../strategy/password/validator_test.go | 134 ++++++++++++------ 2 files changed, 110 insertions(+), 59 deletions(-) diff --git a/selfservice/strategy/password/validator.go b/selfservice/strategy/password/validator.go index ba7d71f37345..06adbbf6ea61 100644 --- a/selfservice/strategy/password/validator.go +++ b/selfservice/strategy/password/validator.go @@ -3,6 +3,7 @@ package password import ( "bufio" "context" + stderrs "errors" /* #nosec G505 sha1 is used for k-anonymity */ "crypto/sha1" @@ -37,9 +38,12 @@ type ValidationProvider interface { PasswordValidator() Validator } -var _ Validator = new(DefaultPasswordValidator) -var ErrNetworkFailure = errors.New("unable to check if password has been leaked because an unexpected network error occurred") -var ErrUnexpectedStatusCode = errors.New("unexpected status code") +var ( + _ Validator = new(DefaultPasswordValidator) + ErrNetworkFailure = stderrs.New("unable to check if password has been leaked because an unexpected network error occurred") + ErrUnexpectedStatusCode = stderrs.New("unexpected status code") + ErrTooManyBreaches = stderrs.New("the password has been found in data breaches and must no longer be used") +) // DefaultPasswordValidator implements Validator. It is based on best // practices as defined in the following blog posts: @@ -107,20 +111,20 @@ func lcsLength(a, b string) int { return greatestLength } -func (s *DefaultPasswordValidator) fetch(hpw []byte, apiDNSName string) error { +func (s *DefaultPasswordValidator) fetch(hpw []byte, apiDNSName string) (int64, error) { prefix := fmt.Sprintf("%X", hpw)[0:5] loc := fmt.Sprintf("https://%s/range/%s", apiDNSName, prefix) res, err := s.Client.Get(loc) if err != nil { - return errors.Wrapf(ErrNetworkFailure, "%s", err) + return 0, errors.Wrapf(ErrNetworkFailure, "%s", err) } defer res.Body.Close() if res.StatusCode != http.StatusOK { - return errors.Wrapf(ErrUnexpectedStatusCode, "%d", res.StatusCode) + return 0, errors.Wrapf(ErrUnexpectedStatusCode, "%d", res.StatusCode) } - s.hashes.SetWithTTL(b20(hpw), 0, 1, hashCacheItemTTL) + var thisCount int64 sc := bufio.NewScanner(res.Body) for sc.Scan() { @@ -135,18 +139,22 @@ func (s *DefaultPasswordValidator) fetch(hpw []byte, apiDNSName string) error { if len(result) == 2 { count, err = strconv.ParseInt(result[1], 10, 64) if err != nil { - return errors.WithStack(herodot.ErrInternalServerError.WithReasonf("Expected password hash to contain a count formatted as int but got: %s", result[1])) + return 0, errors.WithStack(herodot.ErrInternalServerError.WithReasonf("Expected password hash to contain a count formatted as int but got: %s", result[1])) } } s.hashes.SetWithTTL(prefix+result[0], count, 1, hashCacheItemTTL) + if prefix+result[0] == b20(hpw) { + thisCount = count + } } if err := sc.Err(); err != nil { - return errors.WithStack(herodot.ErrInternalServerError.WithReasonf("Unable to initialize string scanner: %s", err)) + return 0, errors.WithStack(herodot.ErrInternalServerError.WithReasonf("Unable to initialize string scanner: %s", err)) } - return nil + s.hashes.SetWithTTL(b20(hpw), thisCount, 1, hashCacheItemTTL) + return thisCount, nil } func (s *DefaultPasswordValidator) Validate(ctx context.Context, identifier, password string) error { @@ -178,19 +186,18 @@ func (s *DefaultPasswordValidator) Validate(ctx context.Context, identifier, pas c, ok := s.hashes.Get(b20(hpw)) if !ok { - err := s.fetch(hpw, passwordPolicyConfig.HaveIBeenPwnedHost) + var err error + c, err = s.fetch(hpw, passwordPolicyConfig.HaveIBeenPwnedHost) if (errors.Is(err, ErrNetworkFailure) || errors.Is(err, ErrUnexpectedStatusCode)) && passwordPolicyConfig.IgnoreNetworkErrors { return nil } else if err != nil { return err } - - return s.Validate(ctx, identifier, password) } v, ok := c.(int64) if ok && v > int64(s.reg.Config(ctx).PasswordPolicyConfig().MaxBreaches) { - return errors.New("the password has been found in data breaches and must no longer be used") + return errors.WithStack(ErrTooManyBreaches) } return nil diff --git a/selfservice/strategy/password/validator_test.go b/selfservice/strategy/password/validator_test.go index 1430ca00d76b..f44782cfdf1f 100644 --- a/selfservice/strategy/password/validator_test.go +++ b/selfservice/strategy/password/validator_test.go @@ -3,6 +3,8 @@ package password_test import ( "bytes" "context" + "crypto/rand" + "crypto/sha1" "errors" "fmt" "io/ioutil" @@ -12,6 +14,10 @@ import ( "testing" "time" + "github.com/stretchr/testify/assert" + + "github.com/ory/herodot" + "github.com/stretchr/testify/require" "github.com/ory/x/httpx" @@ -117,73 +123,111 @@ func TestDefaultPasswordValidationStrategy(t *testing.T) { t.Run("max breaches", func(t *testing.T) { conf, reg := internal.NewFastRegistryWithMocks(t) - s, _ := password.NewDefaultPasswordValidatorStrategy(reg) + s, err := password.NewDefaultPasswordValidatorStrategy(reg) + require.NoError(t, err) + + hibpResp := make(chan string, 1) fakeClient := NewFakeHTTPClient() + fakeClient.responder = func(req *http.Request) (*http.Response, error) { + buffer := bytes.NewBufferString(<-hibpResp) + return &http.Response{ + StatusCode: http.StatusOK, + Body: ioutil.NopCloser(buffer), + ContentLength: int64(buffer.Len()), + Request: req, + }, nil + } s.Client = httpx.NewResilientClient(httpx.ResilientClientWithClient(&fakeClient.Client), httpx.ResilientClientWithMaxRetry(1), httpx.ResilientClientWithConnectionTimeout(time.Millisecond)) + var hashPw = func(t *testing.T, pw string) string { + /* #nosec G401 sha1 is used for k-anonymity */ + h := sha1.New() + _, err := h.Write([]byte(pw)) + require.NoError(t, err) + hpw := h.Sum(nil) + return fmt.Sprintf("%X", hpw)[5:] + } + randomPassword := func(t *testing.T) string { + pw := make([]byte, 10) + _, err := rand.Read(pw) + require.NoError(t, err) + return fmt.Sprintf("%x", pw) + } + conf.MustSet(config.ViperKeyPasswordMaxBreaches, 5) for _, tc := range []struct { - cs string - pw string - res string - pass bool + name string + res func(t *testing.T, hash string) string + expectErr error }{ { - cs: "contains invalid data which is ignored", - pw: "lufsokpugo", - res: "0225BDB8F106B1B4A5DF4C31B80AC695874:2\ninvalid", - pass: true, + name: "contains invalid data which is ignored", + res: func(t *testing.T, hash string) string { + return fmt.Sprintf("%s:2\ninvalid", hash) + }, }, { - cs: "is missing a colon", - pw: "lufsokpugo", - res: "0225BDB8F106B1B4A5DF4C31B80AC695874", - pass: true, + name: "is missing a colon", + res: func(t *testing.T, hash string) string { + return hash + }, }, { - cs: "contains invalid hash count", - pw: "gimekvizec", - res: "0248B3D6077106761CC84F4B9CF680C6D84:text\n1A34C526A9D14832C6ACFEAE90261ED78F8:2", - pass: false, + name: "contains invalid hash count", + res: func(t *testing.T, hash string) string { + return fmt.Sprintf("%s:text\n%s:2", hashPw(t, randomPassword(t)), hash) + }, + expectErr: herodot.ErrInternalServerError, }, { - cs: "is missing hash count", - pw: "bofulosasm", - res: "1D29CF237A57F6FEA8F29E8D907DCF1EBBA\n026364A8EE59DEDCF9E2DC80B9D7BAB7389:2", - pass: true, + name: "is missing hash count", + res: func(t *testing.T, hash string) string { + return fmt.Sprintf("%s\n%s:2", hash, hashPw(t, randomPassword(t))) + }, }, { - cs: "response contains no matches", - pw: "lizrafakha", - res: "0D6CF6289C9CA71B47D2167EB7FE89690E7:57", - pass: true, + name: "response contains no matches", + res: func(t *testing.T, hash string) string { + return fmt.Sprintf("%s:57", hashPw(t, randomPassword(t))) + }, }, { - cs: "contains less than maxBreachesThreshold", - pw: "tafpabdopa", - res: fmt.Sprintf("280915F3B572F94217D86F1D63BED53F66A:%d\n0F76A7D21E7C3E653E98236897AD7888937:%d", conf.PasswordPolicyConfig().MaxBreaches, conf.PasswordPolicyConfig().MaxBreaches+1), - pass: true, + name: "contains less than maxBreachesThreshold", + res: func(t *testing.T, hash string) string { + return fmt.Sprintf( + "%s:%d\n%s:%d", + hash, + conf.PasswordPolicyConfig().MaxBreaches, + hashPw(t, randomPassword(t)), + conf.PasswordPolicyConfig().MaxBreaches+1, + ) + }, }, { - cs: "contains more than maxBreachesThreshold", - pw: "hicudsumla", - res: fmt.Sprintf("5656812AA72561AAA6663E486A46D5711BE:%d", conf.PasswordPolicyConfig().MaxBreaches+1), - pass: false, + name: "contains more than maxBreachesThreshold", + res: func(t *testing.T, hash string) string { + return fmt.Sprintf("%s:%d", hash, conf.PasswordPolicyConfig().MaxBreaches+1) + }, + expectErr: password.ErrTooManyBreaches, }, } { - fakeClient.RespondWith(http.StatusOK, tc.res) - format := "case=should not fail if response %s" - if !tc.pass { - format = "case=should fail if response %s" - } - t.Run(fmt.Sprintf(format, tc.cs), func(t *testing.T) { - err := s.Validate(context.Background(), "", tc.pw) - if tc.pass { - require.NoError(t, err) - } else { - require.Error(t, err) - } + t.Run(fmt.Sprintf("case=%s/expected err=%s", tc.name, tc.expectErr), func(t *testing.T) { + pw := randomPassword(t) + hash := hashPw(t, pw) + hibpResp <- tc.res(t, hash) + + err := s.Validate(context.Background(), "", pw) + assert.ErrorIs(t, err, tc.expectErr) }) + + // verify the fetch was done, i.e. channel is empty + select { + case r := <-hibpResp: + t.Logf("expected the validate step to fetch the response, but I still got %s", r) + t.FailNow() + default: + // continue + } } }) } From c9ae1175340993cfc93db436c06462c80935ea2a Mon Sep 17 00:00:00 2001 From: hackerman <3372410+aeneasr@users.noreply.github.com> Date: Thu, 19 May 2022 18:40:58 +0200 Subject: [PATCH 051/411] fix: mark body as required (#2479) BREAKING CHANGE: Please be aware that the SDK method signatures for `submitSelfServiceRecoveryFlow`, `submitSelfServiceRegistrationFlow`, `submitSelfServiceLoginFlow`, `submitSelfServiceSettingsFlow`, `submitSelfServiceVerificationFlow` might have changed in your SDK. --- internal/httpclient/api/openapi.yaml | 5 ++ internal/httpclient/api_v0alpha2.go | 65 +++++++++++++++--------- internal/httpclient/docs/V0alpha2Api.md | 40 +++++++-------- selfservice/flow/login/handler.go | 1 + selfservice/flow/recovery/handler.go | 1 + selfservice/flow/registration/handler.go | 1 + selfservice/flow/settings/handler.go | 1 + selfservice/flow/verification/handler.go | 1 + spec/api.json | 5 ++ spec/swagger.json | 5 ++ 10 files changed, 80 insertions(+), 45 deletions(-) diff --git a/internal/httpclient/api/openapi.yaml b/internal/httpclient/api/openapi.yaml index 849f80596595..0f1ce4025a25 100644 --- a/internal/httpclient/api/openapi.yaml +++ b/internal/httpclient/api/openapi.yaml @@ -760,6 +760,7 @@ paths: application/x-www-form-urlencoded: schema: $ref: '#/components/schemas/submitSelfServiceLoginFlowBody' + required: true x-originalParamName: Body responses: "200": @@ -1258,6 +1259,7 @@ paths: application/x-www-form-urlencoded: schema: $ref: '#/components/schemas/submitSelfServiceRecoveryFlowBody' + required: true x-originalParamName: Body responses: "200": @@ -1518,6 +1520,7 @@ paths: application/x-www-form-urlencoded: schema: $ref: '#/components/schemas/submitSelfServiceRegistrationFlowBody' + required: true x-originalParamName: Body responses: "200": @@ -1832,6 +1835,7 @@ paths: application/x-www-form-urlencoded: schema: $ref: '#/components/schemas/submitSelfServiceSettingsFlowBody' + required: true x-originalParamName: Body responses: "200": @@ -2184,6 +2188,7 @@ paths: application/x-www-form-urlencoded: schema: $ref: '#/components/schemas/submitSelfServiceVerificationFlowBody' + required: true x-originalParamName: Body responses: "200": diff --git a/internal/httpclient/api_v0alpha2.go b/internal/httpclient/api_v0alpha2.go index 774e3c4c2857..44c4ddec7067 100644 --- a/internal/httpclient/api_v0alpha2.go +++ b/internal/httpclient/api_v0alpha2.go @@ -5913,15 +5913,19 @@ type V0alpha2ApiApiSubmitSelfServiceLoginFlowRequest struct { ctx context.Context ApiService V0alpha2Api flow *string + submitSelfServiceLoginFlowBody *SubmitSelfServiceLoginFlowBody xSessionToken *string cookie *string - submitSelfServiceLoginFlowBody *SubmitSelfServiceLoginFlowBody } func (r V0alpha2ApiApiSubmitSelfServiceLoginFlowRequest) Flow(flow string) V0alpha2ApiApiSubmitSelfServiceLoginFlowRequest { r.flow = &flow return r } +func (r V0alpha2ApiApiSubmitSelfServiceLoginFlowRequest) SubmitSelfServiceLoginFlowBody(submitSelfServiceLoginFlowBody SubmitSelfServiceLoginFlowBody) V0alpha2ApiApiSubmitSelfServiceLoginFlowRequest { + r.submitSelfServiceLoginFlowBody = &submitSelfServiceLoginFlowBody + return r +} func (r V0alpha2ApiApiSubmitSelfServiceLoginFlowRequest) XSessionToken(xSessionToken string) V0alpha2ApiApiSubmitSelfServiceLoginFlowRequest { r.xSessionToken = &xSessionToken return r @@ -5930,10 +5934,6 @@ func (r V0alpha2ApiApiSubmitSelfServiceLoginFlowRequest) Cookie(cookie string) V r.cookie = &cookie return r } -func (r V0alpha2ApiApiSubmitSelfServiceLoginFlowRequest) SubmitSelfServiceLoginFlowBody(submitSelfServiceLoginFlowBody SubmitSelfServiceLoginFlowBody) V0alpha2ApiApiSubmitSelfServiceLoginFlowRequest { - r.submitSelfServiceLoginFlowBody = &submitSelfServiceLoginFlowBody - return r -} func (r V0alpha2ApiApiSubmitSelfServiceLoginFlowRequest) Execute() (*SuccessfulSelfServiceLoginWithoutBrowser, *http.Response, error) { return r.ApiService.SubmitSelfServiceLoginFlowExecute(r) @@ -6011,6 +6011,9 @@ func (a *V0alpha2ApiService) SubmitSelfServiceLoginFlowExecute(r V0alpha2ApiApiS if r.flow == nil { return localVarReturnValue, nil, reportError("flow is required and must be specified") } + if r.submitSelfServiceLoginFlowBody == nil { + return localVarReturnValue, nil, reportError("submitSelfServiceLoginFlowBody is required and must be specified") + } localVarQueryParams.Add("flow", parameterToString(*r.flow, "")) // to determine the Content-Type header @@ -6373,15 +6376,19 @@ type V0alpha2ApiApiSubmitSelfServiceRecoveryFlowRequest struct { ctx context.Context ApiService V0alpha2Api flow *string + submitSelfServiceRecoveryFlowBody *SubmitSelfServiceRecoveryFlowBody token *string cookie *string - submitSelfServiceRecoveryFlowBody *SubmitSelfServiceRecoveryFlowBody } func (r V0alpha2ApiApiSubmitSelfServiceRecoveryFlowRequest) Flow(flow string) V0alpha2ApiApiSubmitSelfServiceRecoveryFlowRequest { r.flow = &flow return r } +func (r V0alpha2ApiApiSubmitSelfServiceRecoveryFlowRequest) SubmitSelfServiceRecoveryFlowBody(submitSelfServiceRecoveryFlowBody SubmitSelfServiceRecoveryFlowBody) V0alpha2ApiApiSubmitSelfServiceRecoveryFlowRequest { + r.submitSelfServiceRecoveryFlowBody = &submitSelfServiceRecoveryFlowBody + return r +} func (r V0alpha2ApiApiSubmitSelfServiceRecoveryFlowRequest) Token(token string) V0alpha2ApiApiSubmitSelfServiceRecoveryFlowRequest { r.token = &token return r @@ -6390,10 +6397,6 @@ func (r V0alpha2ApiApiSubmitSelfServiceRecoveryFlowRequest) Cookie(cookie string r.cookie = &cookie return r } -func (r V0alpha2ApiApiSubmitSelfServiceRecoveryFlowRequest) SubmitSelfServiceRecoveryFlowBody(submitSelfServiceRecoveryFlowBody SubmitSelfServiceRecoveryFlowBody) V0alpha2ApiApiSubmitSelfServiceRecoveryFlowRequest { - r.submitSelfServiceRecoveryFlowBody = &submitSelfServiceRecoveryFlowBody - return r -} func (r V0alpha2ApiApiSubmitSelfServiceRecoveryFlowRequest) Execute() (*SelfServiceRecoveryFlow, *http.Response, error) { return r.ApiService.SubmitSelfServiceRecoveryFlowExecute(r) @@ -6454,6 +6457,9 @@ func (a *V0alpha2ApiService) SubmitSelfServiceRecoveryFlowExecute(r V0alpha2ApiA if r.flow == nil { return localVarReturnValue, nil, reportError("flow is required and must be specified") } + if r.submitSelfServiceRecoveryFlowBody == nil { + return localVarReturnValue, nil, reportError("submitSelfServiceRecoveryFlowBody is required and must be specified") + } localVarQueryParams.Add("flow", parameterToString(*r.flow, "")) if r.token != nil { @@ -6551,22 +6557,22 @@ type V0alpha2ApiApiSubmitSelfServiceRegistrationFlowRequest struct { ctx context.Context ApiService V0alpha2Api flow *string - cookie *string submitSelfServiceRegistrationFlowBody *SubmitSelfServiceRegistrationFlowBody + cookie *string } func (r V0alpha2ApiApiSubmitSelfServiceRegistrationFlowRequest) Flow(flow string) V0alpha2ApiApiSubmitSelfServiceRegistrationFlowRequest { r.flow = &flow return r } -func (r V0alpha2ApiApiSubmitSelfServiceRegistrationFlowRequest) Cookie(cookie string) V0alpha2ApiApiSubmitSelfServiceRegistrationFlowRequest { - r.cookie = &cookie - return r -} func (r V0alpha2ApiApiSubmitSelfServiceRegistrationFlowRequest) SubmitSelfServiceRegistrationFlowBody(submitSelfServiceRegistrationFlowBody SubmitSelfServiceRegistrationFlowBody) V0alpha2ApiApiSubmitSelfServiceRegistrationFlowRequest { r.submitSelfServiceRegistrationFlowBody = &submitSelfServiceRegistrationFlowBody return r } +func (r V0alpha2ApiApiSubmitSelfServiceRegistrationFlowRequest) Cookie(cookie string) V0alpha2ApiApiSubmitSelfServiceRegistrationFlowRequest { + r.cookie = &cookie + return r +} func (r V0alpha2ApiApiSubmitSelfServiceRegistrationFlowRequest) Execute() (*SuccessfulSelfServiceRegistrationWithoutBrowser, *http.Response, error) { return r.ApiService.SubmitSelfServiceRegistrationFlowExecute(r) @@ -6639,6 +6645,9 @@ func (a *V0alpha2ApiService) SubmitSelfServiceRegistrationFlowExecute(r V0alpha2 if r.flow == nil { return localVarReturnValue, nil, reportError("flow is required and must be specified") } + if r.submitSelfServiceRegistrationFlowBody == nil { + return localVarReturnValue, nil, reportError("submitSelfServiceRegistrationFlowBody is required and must be specified") + } localVarQueryParams.Add("flow", parameterToString(*r.flow, "")) // to determine the Content-Type header @@ -6743,15 +6752,19 @@ type V0alpha2ApiApiSubmitSelfServiceSettingsFlowRequest struct { ctx context.Context ApiService V0alpha2Api flow *string + submitSelfServiceSettingsFlowBody *SubmitSelfServiceSettingsFlowBody xSessionToken *string cookie *string - submitSelfServiceSettingsFlowBody *SubmitSelfServiceSettingsFlowBody } func (r V0alpha2ApiApiSubmitSelfServiceSettingsFlowRequest) Flow(flow string) V0alpha2ApiApiSubmitSelfServiceSettingsFlowRequest { r.flow = &flow return r } +func (r V0alpha2ApiApiSubmitSelfServiceSettingsFlowRequest) SubmitSelfServiceSettingsFlowBody(submitSelfServiceSettingsFlowBody SubmitSelfServiceSettingsFlowBody) V0alpha2ApiApiSubmitSelfServiceSettingsFlowRequest { + r.submitSelfServiceSettingsFlowBody = &submitSelfServiceSettingsFlowBody + return r +} func (r V0alpha2ApiApiSubmitSelfServiceSettingsFlowRequest) XSessionToken(xSessionToken string) V0alpha2ApiApiSubmitSelfServiceSettingsFlowRequest { r.xSessionToken = &xSessionToken return r @@ -6760,10 +6773,6 @@ func (r V0alpha2ApiApiSubmitSelfServiceSettingsFlowRequest) Cookie(cookie string r.cookie = &cookie return r } -func (r V0alpha2ApiApiSubmitSelfServiceSettingsFlowRequest) SubmitSelfServiceSettingsFlowBody(submitSelfServiceSettingsFlowBody SubmitSelfServiceSettingsFlowBody) V0alpha2ApiApiSubmitSelfServiceSettingsFlowRequest { - r.submitSelfServiceSettingsFlowBody = &submitSelfServiceSettingsFlowBody - return r -} func (r V0alpha2ApiApiSubmitSelfServiceSettingsFlowRequest) Execute() (*SelfServiceSettingsFlow, *http.Response, error) { return r.ApiService.SubmitSelfServiceSettingsFlowExecute(r) @@ -6851,6 +6860,9 @@ func (a *V0alpha2ApiService) SubmitSelfServiceSettingsFlowExecute(r V0alpha2ApiA if r.flow == nil { return localVarReturnValue, nil, reportError("flow is required and must be specified") } + if r.submitSelfServiceSettingsFlowBody == nil { + return localVarReturnValue, nil, reportError("submitSelfServiceSettingsFlowBody is required and must be specified") + } localVarQueryParams.Add("flow", parameterToString(*r.flow, "")) // to determine the Content-Type header @@ -6978,15 +6990,19 @@ type V0alpha2ApiApiSubmitSelfServiceVerificationFlowRequest struct { ctx context.Context ApiService V0alpha2Api flow *string + submitSelfServiceVerificationFlowBody *SubmitSelfServiceVerificationFlowBody token *string cookie *string - submitSelfServiceVerificationFlowBody *SubmitSelfServiceVerificationFlowBody } func (r V0alpha2ApiApiSubmitSelfServiceVerificationFlowRequest) Flow(flow string) V0alpha2ApiApiSubmitSelfServiceVerificationFlowRequest { r.flow = &flow return r } +func (r V0alpha2ApiApiSubmitSelfServiceVerificationFlowRequest) SubmitSelfServiceVerificationFlowBody(submitSelfServiceVerificationFlowBody SubmitSelfServiceVerificationFlowBody) V0alpha2ApiApiSubmitSelfServiceVerificationFlowRequest { + r.submitSelfServiceVerificationFlowBody = &submitSelfServiceVerificationFlowBody + return r +} func (r V0alpha2ApiApiSubmitSelfServiceVerificationFlowRequest) Token(token string) V0alpha2ApiApiSubmitSelfServiceVerificationFlowRequest { r.token = &token return r @@ -6995,10 +7011,6 @@ func (r V0alpha2ApiApiSubmitSelfServiceVerificationFlowRequest) Cookie(cookie st r.cookie = &cookie return r } -func (r V0alpha2ApiApiSubmitSelfServiceVerificationFlowRequest) SubmitSelfServiceVerificationFlowBody(submitSelfServiceVerificationFlowBody SubmitSelfServiceVerificationFlowBody) V0alpha2ApiApiSubmitSelfServiceVerificationFlowRequest { - r.submitSelfServiceVerificationFlowBody = &submitSelfServiceVerificationFlowBody - return r -} func (r V0alpha2ApiApiSubmitSelfServiceVerificationFlowRequest) Execute() (*SelfServiceVerificationFlow, *http.Response, error) { return r.ApiService.SubmitSelfServiceVerificationFlowExecute(r) @@ -7059,6 +7071,9 @@ func (a *V0alpha2ApiService) SubmitSelfServiceVerificationFlowExecute(r V0alpha2 if r.flow == nil { return localVarReturnValue, nil, reportError("flow is required and must be specified") } + if r.submitSelfServiceVerificationFlowBody == nil { + return localVarReturnValue, nil, reportError("submitSelfServiceVerificationFlowBody is required and must be specified") + } localVarQueryParams.Add("flow", parameterToString(*r.flow, "")) if r.token != nil { diff --git a/internal/httpclient/docs/V0alpha2Api.md b/internal/httpclient/docs/V0alpha2Api.md index 437a3067bb92..5a4007eeca0e 100644 --- a/internal/httpclient/docs/V0alpha2Api.md +++ b/internal/httpclient/docs/V0alpha2Api.md @@ -2209,7 +2209,7 @@ No authorization required ## SubmitSelfServiceLoginFlow -> SuccessfulSelfServiceLoginWithoutBrowser SubmitSelfServiceLoginFlow(ctx).Flow(flow).XSessionToken(xSessionToken).Cookie(cookie).SubmitSelfServiceLoginFlowBody(submitSelfServiceLoginFlowBody).Execute() +> SuccessfulSelfServiceLoginWithoutBrowser SubmitSelfServiceLoginFlow(ctx).Flow(flow).SubmitSelfServiceLoginFlowBody(submitSelfServiceLoginFlowBody).XSessionToken(xSessionToken).Cookie(cookie).Execute() Submit a Login Flow @@ -2229,13 +2229,13 @@ import ( func main() { flow := "flow_example" // string | The Login Flow ID The value for this parameter comes from `flow` URL Query parameter sent to your application (e.g. `/login?flow=abcde`). + submitSelfServiceLoginFlowBody := openapiclient.submitSelfServiceLoginFlowBody{SubmitSelfServiceLoginFlowWithLookupSecretMethodBody: openapiclient.NewSubmitSelfServiceLoginFlowWithLookupSecretMethodBody("LookupSecret_example", "Method_example")} // SubmitSelfServiceLoginFlowBody | xSessionToken := "xSessionToken_example" // string | The Session Token of the Identity performing the settings flow. (optional) cookie := "cookie_example" // string | HTTP Cookies When using the SDK in a browser app, on the server side you must include the HTTP Cookie Header sent by the client to your server here. This ensures that CSRF and session cookies are respected. (optional) - submitSelfServiceLoginFlowBody := openapiclient.submitSelfServiceLoginFlowBody{SubmitSelfServiceLoginFlowWithLookupSecretMethodBody: openapiclient.NewSubmitSelfServiceLoginFlowWithLookupSecretMethodBody("LookupSecret_example", "Method_example")} // SubmitSelfServiceLoginFlowBody | (optional) configuration := openapiclient.NewConfiguration() apiClient := openapiclient.NewAPIClient(configuration) - resp, r, err := apiClient.V0alpha2Api.SubmitSelfServiceLoginFlow(context.Background()).Flow(flow).XSessionToken(xSessionToken).Cookie(cookie).SubmitSelfServiceLoginFlowBody(submitSelfServiceLoginFlowBody).Execute() + resp, r, err := apiClient.V0alpha2Api.SubmitSelfServiceLoginFlow(context.Background()).Flow(flow).SubmitSelfServiceLoginFlowBody(submitSelfServiceLoginFlowBody).XSessionToken(xSessionToken).Cookie(cookie).Execute() if err != nil { fmt.Fprintf(os.Stderr, "Error when calling `V0alpha2Api.SubmitSelfServiceLoginFlow``: %v\n", err) fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r) @@ -2257,9 +2257,9 @@ Other parameters are passed through a pointer to a apiSubmitSelfServiceLoginFlow Name | Type | Description | Notes ------------- | ------------- | ------------- | ------------- **flow** | **string** | The Login Flow ID The value for this parameter comes from `flow` URL Query parameter sent to your application (e.g. `/login?flow=abcde`). | + **submitSelfServiceLoginFlowBody** | [**SubmitSelfServiceLoginFlowBody**](SubmitSelfServiceLoginFlowBody.md) | | **xSessionToken** | **string** | The Session Token of the Identity performing the settings flow. | **cookie** | **string** | HTTP Cookies When using the SDK in a browser app, on the server side you must include the HTTP Cookie Header sent by the client to your server here. This ensures that CSRF and session cookies are respected. | - **submitSelfServiceLoginFlowBody** | [**SubmitSelfServiceLoginFlowBody**](SubmitSelfServiceLoginFlowBody.md) | | ### Return type @@ -2411,7 +2411,7 @@ No authorization required ## SubmitSelfServiceRecoveryFlow -> SelfServiceRecoveryFlow SubmitSelfServiceRecoveryFlow(ctx).Flow(flow).Token(token).Cookie(cookie).SubmitSelfServiceRecoveryFlowBody(submitSelfServiceRecoveryFlowBody).Execute() +> SelfServiceRecoveryFlow SubmitSelfServiceRecoveryFlow(ctx).Flow(flow).SubmitSelfServiceRecoveryFlowBody(submitSelfServiceRecoveryFlowBody).Token(token).Cookie(cookie).Execute() Complete Recovery Flow @@ -2431,13 +2431,13 @@ import ( func main() { flow := "flow_example" // string | The Recovery Flow ID The value for this parameter comes from `flow` URL Query parameter sent to your application (e.g. `/recovery?flow=abcde`). + submitSelfServiceRecoveryFlowBody := openapiclient.submitSelfServiceRecoveryFlowBody{SubmitSelfServiceRecoveryFlowWithLinkMethodBody: openapiclient.NewSubmitSelfServiceRecoveryFlowWithLinkMethodBody("Email_example", "Method_example")} // SubmitSelfServiceRecoveryFlowBody | token := "token_example" // string | Recovery Token The recovery token which completes the recovery request. If the token is invalid (e.g. expired) an error will be shown to the end-user. This parameter is usually set in a link and not used by any direct API call. (optional) cookie := "cookie_example" // string | HTTP Cookies When using the SDK in a browser app, on the server side you must include the HTTP Cookie Header sent by the client to your server here. This ensures that CSRF and session cookies are respected. (optional) - submitSelfServiceRecoveryFlowBody := openapiclient.submitSelfServiceRecoveryFlowBody{SubmitSelfServiceRecoveryFlowWithLinkMethodBody: openapiclient.NewSubmitSelfServiceRecoveryFlowWithLinkMethodBody("Email_example", "Method_example")} // SubmitSelfServiceRecoveryFlowBody | (optional) configuration := openapiclient.NewConfiguration() apiClient := openapiclient.NewAPIClient(configuration) - resp, r, err := apiClient.V0alpha2Api.SubmitSelfServiceRecoveryFlow(context.Background()).Flow(flow).Token(token).Cookie(cookie).SubmitSelfServiceRecoveryFlowBody(submitSelfServiceRecoveryFlowBody).Execute() + resp, r, err := apiClient.V0alpha2Api.SubmitSelfServiceRecoveryFlow(context.Background()).Flow(flow).SubmitSelfServiceRecoveryFlowBody(submitSelfServiceRecoveryFlowBody).Token(token).Cookie(cookie).Execute() if err != nil { fmt.Fprintf(os.Stderr, "Error when calling `V0alpha2Api.SubmitSelfServiceRecoveryFlow``: %v\n", err) fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r) @@ -2459,9 +2459,9 @@ Other parameters are passed through a pointer to a apiSubmitSelfServiceRecoveryF Name | Type | Description | Notes ------------- | ------------- | ------------- | ------------- **flow** | **string** | The Recovery Flow ID The value for this parameter comes from `flow` URL Query parameter sent to your application (e.g. `/recovery?flow=abcde`). | + **submitSelfServiceRecoveryFlowBody** | [**SubmitSelfServiceRecoveryFlowBody**](SubmitSelfServiceRecoveryFlowBody.md) | | **token** | **string** | Recovery Token The recovery token which completes the recovery request. If the token is invalid (e.g. expired) an error will be shown to the end-user. This parameter is usually set in a link and not used by any direct API call. | **cookie** | **string** | HTTP Cookies When using the SDK in a browser app, on the server side you must include the HTTP Cookie Header sent by the client to your server here. This ensures that CSRF and session cookies are respected. | - **submitSelfServiceRecoveryFlowBody** | [**SubmitSelfServiceRecoveryFlowBody**](SubmitSelfServiceRecoveryFlowBody.md) | | ### Return type @@ -2483,7 +2483,7 @@ No authorization required ## SubmitSelfServiceRegistrationFlow -> SuccessfulSelfServiceRegistrationWithoutBrowser SubmitSelfServiceRegistrationFlow(ctx).Flow(flow).Cookie(cookie).SubmitSelfServiceRegistrationFlowBody(submitSelfServiceRegistrationFlowBody).Execute() +> SuccessfulSelfServiceRegistrationWithoutBrowser SubmitSelfServiceRegistrationFlow(ctx).Flow(flow).SubmitSelfServiceRegistrationFlowBody(submitSelfServiceRegistrationFlowBody).Cookie(cookie).Execute() Submit a Registration Flow @@ -2503,12 +2503,12 @@ import ( func main() { flow := "flow_example" // string | The Registration Flow ID The value for this parameter comes from `flow` URL Query parameter sent to your application (e.g. `/registration?flow=abcde`). + submitSelfServiceRegistrationFlowBody := openapiclient.submitSelfServiceRegistrationFlowBody{SubmitSelfServiceRegistrationFlowWithOidcMethodBody: openapiclient.NewSubmitSelfServiceRegistrationFlowWithOidcMethodBody("Method_example", "Provider_example")} // SubmitSelfServiceRegistrationFlowBody | cookie := "cookie_example" // string | HTTP Cookies When using the SDK in a browser app, on the server side you must include the HTTP Cookie Header sent by the client to your server here. This ensures that CSRF and session cookies are respected. (optional) - submitSelfServiceRegistrationFlowBody := openapiclient.submitSelfServiceRegistrationFlowBody{SubmitSelfServiceRegistrationFlowWithOidcMethodBody: openapiclient.NewSubmitSelfServiceRegistrationFlowWithOidcMethodBody("Method_example", "Provider_example")} // SubmitSelfServiceRegistrationFlowBody | (optional) configuration := openapiclient.NewConfiguration() apiClient := openapiclient.NewAPIClient(configuration) - resp, r, err := apiClient.V0alpha2Api.SubmitSelfServiceRegistrationFlow(context.Background()).Flow(flow).Cookie(cookie).SubmitSelfServiceRegistrationFlowBody(submitSelfServiceRegistrationFlowBody).Execute() + resp, r, err := apiClient.V0alpha2Api.SubmitSelfServiceRegistrationFlow(context.Background()).Flow(flow).SubmitSelfServiceRegistrationFlowBody(submitSelfServiceRegistrationFlowBody).Cookie(cookie).Execute() if err != nil { fmt.Fprintf(os.Stderr, "Error when calling `V0alpha2Api.SubmitSelfServiceRegistrationFlow``: %v\n", err) fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r) @@ -2530,8 +2530,8 @@ Other parameters are passed through a pointer to a apiSubmitSelfServiceRegistrat Name | Type | Description | Notes ------------- | ------------- | ------------- | ------------- **flow** | **string** | The Registration Flow ID The value for this parameter comes from `flow` URL Query parameter sent to your application (e.g. `/registration?flow=abcde`). | - **cookie** | **string** | HTTP Cookies When using the SDK in a browser app, on the server side you must include the HTTP Cookie Header sent by the client to your server here. This ensures that CSRF and session cookies are respected. | **submitSelfServiceRegistrationFlowBody** | [**SubmitSelfServiceRegistrationFlowBody**](SubmitSelfServiceRegistrationFlowBody.md) | | + **cookie** | **string** | HTTP Cookies When using the SDK in a browser app, on the server side you must include the HTTP Cookie Header sent by the client to your server here. This ensures that CSRF and session cookies are respected. | ### Return type @@ -2553,7 +2553,7 @@ No authorization required ## SubmitSelfServiceSettingsFlow -> SelfServiceSettingsFlow SubmitSelfServiceSettingsFlow(ctx).Flow(flow).XSessionToken(xSessionToken).Cookie(cookie).SubmitSelfServiceSettingsFlowBody(submitSelfServiceSettingsFlowBody).Execute() +> SelfServiceSettingsFlow SubmitSelfServiceSettingsFlow(ctx).Flow(flow).SubmitSelfServiceSettingsFlowBody(submitSelfServiceSettingsFlowBody).XSessionToken(xSessionToken).Cookie(cookie).Execute() Complete Settings Flow @@ -2573,13 +2573,13 @@ import ( func main() { flow := "flow_example" // string | The Settings Flow ID The value for this parameter comes from `flow` URL Query parameter sent to your application (e.g. `/settings?flow=abcde`). + submitSelfServiceSettingsFlowBody := openapiclient.submitSelfServiceSettingsFlowBody{SubmitSelfServiceSettingsFlowWithLookupMethodBody: openapiclient.NewSubmitSelfServiceSettingsFlowWithLookupMethodBody("Method_example")} // SubmitSelfServiceSettingsFlowBody | xSessionToken := "xSessionToken_example" // string | The Session Token of the Identity performing the settings flow. (optional) cookie := "cookie_example" // string | HTTP Cookies When using the SDK in a browser app, on the server side you must include the HTTP Cookie Header sent by the client to your server here. This ensures that CSRF and session cookies are respected. (optional) - submitSelfServiceSettingsFlowBody := openapiclient.submitSelfServiceSettingsFlowBody{SubmitSelfServiceSettingsFlowWithLookupMethodBody: openapiclient.NewSubmitSelfServiceSettingsFlowWithLookupMethodBody("Method_example")} // SubmitSelfServiceSettingsFlowBody | (optional) configuration := openapiclient.NewConfiguration() apiClient := openapiclient.NewAPIClient(configuration) - resp, r, err := apiClient.V0alpha2Api.SubmitSelfServiceSettingsFlow(context.Background()).Flow(flow).XSessionToken(xSessionToken).Cookie(cookie).SubmitSelfServiceSettingsFlowBody(submitSelfServiceSettingsFlowBody).Execute() + resp, r, err := apiClient.V0alpha2Api.SubmitSelfServiceSettingsFlow(context.Background()).Flow(flow).SubmitSelfServiceSettingsFlowBody(submitSelfServiceSettingsFlowBody).XSessionToken(xSessionToken).Cookie(cookie).Execute() if err != nil { fmt.Fprintf(os.Stderr, "Error when calling `V0alpha2Api.SubmitSelfServiceSettingsFlow``: %v\n", err) fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r) @@ -2601,9 +2601,9 @@ Other parameters are passed through a pointer to a apiSubmitSelfServiceSettingsF Name | Type | Description | Notes ------------- | ------------- | ------------- | ------------- **flow** | **string** | The Settings Flow ID The value for this parameter comes from `flow` URL Query parameter sent to your application (e.g. `/settings?flow=abcde`). | + **submitSelfServiceSettingsFlowBody** | [**SubmitSelfServiceSettingsFlowBody**](SubmitSelfServiceSettingsFlowBody.md) | | **xSessionToken** | **string** | The Session Token of the Identity performing the settings flow. | **cookie** | **string** | HTTP Cookies When using the SDK in a browser app, on the server side you must include the HTTP Cookie Header sent by the client to your server here. This ensures that CSRF and session cookies are respected. | - **submitSelfServiceSettingsFlowBody** | [**SubmitSelfServiceSettingsFlowBody**](SubmitSelfServiceSettingsFlowBody.md) | | ### Return type @@ -2625,7 +2625,7 @@ No authorization required ## SubmitSelfServiceVerificationFlow -> SelfServiceVerificationFlow SubmitSelfServiceVerificationFlow(ctx).Flow(flow).Token(token).Cookie(cookie).SubmitSelfServiceVerificationFlowBody(submitSelfServiceVerificationFlowBody).Execute() +> SelfServiceVerificationFlow SubmitSelfServiceVerificationFlow(ctx).Flow(flow).SubmitSelfServiceVerificationFlowBody(submitSelfServiceVerificationFlowBody).Token(token).Cookie(cookie).Execute() Complete Verification Flow @@ -2645,13 +2645,13 @@ import ( func main() { flow := "flow_example" // string | The Verification Flow ID The value for this parameter comes from `flow` URL Query parameter sent to your application (e.g. `/verification?flow=abcde`). + submitSelfServiceVerificationFlowBody := openapiclient.submitSelfServiceVerificationFlowBody{SubmitSelfServiceVerificationFlowWithLinkMethodBody: openapiclient.NewSubmitSelfServiceVerificationFlowWithLinkMethodBody("Email_example", "Method_example")} // SubmitSelfServiceVerificationFlowBody | token := "token_example" // string | Verification Token The verification token which completes the verification request. If the token is invalid (e.g. expired) an error will be shown to the end-user. This parameter is usually set in a link and not used by any direct API call. (optional) cookie := "cookie_example" // string | HTTP Cookies When using the SDK in a browser app, on the server side you must include the HTTP Cookie Header sent by the client to your server here. This ensures that CSRF and session cookies are respected. (optional) - submitSelfServiceVerificationFlowBody := openapiclient.submitSelfServiceVerificationFlowBody{SubmitSelfServiceVerificationFlowWithLinkMethodBody: openapiclient.NewSubmitSelfServiceVerificationFlowWithLinkMethodBody("Email_example", "Method_example")} // SubmitSelfServiceVerificationFlowBody | (optional) configuration := openapiclient.NewConfiguration() apiClient := openapiclient.NewAPIClient(configuration) - resp, r, err := apiClient.V0alpha2Api.SubmitSelfServiceVerificationFlow(context.Background()).Flow(flow).Token(token).Cookie(cookie).SubmitSelfServiceVerificationFlowBody(submitSelfServiceVerificationFlowBody).Execute() + resp, r, err := apiClient.V0alpha2Api.SubmitSelfServiceVerificationFlow(context.Background()).Flow(flow).SubmitSelfServiceVerificationFlowBody(submitSelfServiceVerificationFlowBody).Token(token).Cookie(cookie).Execute() if err != nil { fmt.Fprintf(os.Stderr, "Error when calling `V0alpha2Api.SubmitSelfServiceVerificationFlow``: %v\n", err) fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r) @@ -2673,9 +2673,9 @@ Other parameters are passed through a pointer to a apiSubmitSelfServiceVerificat Name | Type | Description | Notes ------------- | ------------- | ------------- | ------------- **flow** | **string** | The Verification Flow ID The value for this parameter comes from `flow` URL Query parameter sent to your application (e.g. `/verification?flow=abcde`). | + **submitSelfServiceVerificationFlowBody** | [**SubmitSelfServiceVerificationFlowBody**](SubmitSelfServiceVerificationFlowBody.md) | | **token** | **string** | Verification Token The verification token which completes the verification request. If the token is invalid (e.g. expired) an error will be shown to the end-user. This parameter is usually set in a link and not used by any direct API call. | **cookie** | **string** | HTTP Cookies When using the SDK in a browser app, on the server side you must include the HTTP Cookie Header sent by the client to your server here. This ensures that CSRF and session cookies are respected. | - **submitSelfServiceVerificationFlowBody** | [**SubmitSelfServiceVerificationFlowBody**](SubmitSelfServiceVerificationFlowBody.md) | | ### Return type diff --git a/selfservice/flow/login/handler.go b/selfservice/flow/login/handler.go index 22287d373cc6..33f937f74e21 100644 --- a/selfservice/flow/login/handler.go +++ b/selfservice/flow/login/handler.go @@ -455,6 +455,7 @@ type submitSelfServiceLoginFlow struct { Flow string `json:"flow"` // in: body + // required: true Body submitSelfServiceLoginFlowBody // The Session Token of the Identity performing the settings flow. diff --git a/selfservice/flow/recovery/handler.go b/selfservice/flow/recovery/handler.go index 837f619a71f3..f7fae3a10cb6 100644 --- a/selfservice/flow/recovery/handler.go +++ b/selfservice/flow/recovery/handler.go @@ -306,6 +306,7 @@ type submitSelfServiceRecoveryFlow struct { Token string `json:"token" form:"token"` // in: body + // required: true Body submitSelfServiceRecoveryFlowBody // HTTP Cookies diff --git a/selfservice/flow/registration/handler.go b/selfservice/flow/registration/handler.go index af6bd3fa67a9..0f22c21f2fe1 100644 --- a/selfservice/flow/registration/handler.go +++ b/selfservice/flow/registration/handler.go @@ -361,6 +361,7 @@ type submitSelfServiceRegistrationFlow struct { Flow string `json:"flow"` // in: body + // required: true Body submitSelfServiceRegistrationFlowBody // HTTP Cookies diff --git a/selfservice/flow/settings/handler.go b/selfservice/flow/settings/handler.go index a685d67acf98..a2bbc1c640e4 100644 --- a/selfservice/flow/settings/handler.go +++ b/selfservice/flow/settings/handler.go @@ -407,6 +407,7 @@ type submitSelfServiceSettingsFlow struct { Flow string `json:"flow"` // in: body + // required: true Body submitSelfServiceSettingsFlowBody // The Session Token of the Identity performing the settings flow. diff --git a/selfservice/flow/verification/handler.go b/selfservice/flow/verification/handler.go index a8decc539444..717a4314ffdf 100644 --- a/selfservice/flow/verification/handler.go +++ b/selfservice/flow/verification/handler.go @@ -288,6 +288,7 @@ type submitSelfServiceVerificationFlow struct { Token string `json:"token" form:"token"` // in: body + // required: true Body submitSelfServiceVerificationFlowBody // HTTP Cookies diff --git a/spec/api.json b/spec/api.json index ce940acadb8d..8b82834223ca 100755 --- a/spec/api.json +++ b/spec/api.json @@ -3202,6 +3202,7 @@ } } }, + "required": true, "x-originalParamName": "Body" }, "responses": { @@ -3673,6 +3674,7 @@ } } }, + "required": true, "x-originalParamName": "Body" }, "responses": { @@ -3930,6 +3932,7 @@ } } }, + "required": true, "x-originalParamName": "Body" }, "responses": { @@ -4205,6 +4208,7 @@ } } }, + "required": true, "x-originalParamName": "Body" }, "responses": { @@ -4563,6 +4567,7 @@ } } }, + "required": true, "x-originalParamName": "Body" }, "responses": { diff --git a/spec/swagger.json b/spec/swagger.json index d6f9b50d300e..ea93495e05b0 100755 --- a/spec/swagger.json +++ b/spec/swagger.json @@ -821,6 +821,7 @@ { "name": "Body", "in": "body", + "required": true, "schema": { "$ref": "#/definitions/submitSelfServiceLoginFlowBody" } @@ -1229,6 +1230,7 @@ { "name": "Body", "in": "body", + "required": true, "schema": { "$ref": "#/definitions/submitSelfServiceRecoveryFlowBody" } @@ -1438,6 +1440,7 @@ { "name": "Body", "in": "body", + "required": true, "schema": { "$ref": "#/definitions/submitSelfServiceRegistrationFlowBody" } @@ -1661,6 +1664,7 @@ { "name": "Body", "in": "body", + "required": true, "schema": { "$ref": "#/definitions/submitSelfServiceSettingsFlowBody" } @@ -1938,6 +1942,7 @@ { "name": "Body", "in": "body", + "required": true, "schema": { "$ref": "#/definitions/submitSelfServiceVerificationFlowBody" } From 72c17ac9211519d601abb58e92061a6db07cda51 Mon Sep 17 00:00:00 2001 From: ory-bot <60093411+ory-bot@users.noreply.github.com> Date: Thu, 19 May 2022 17:22:23 +0000 Subject: [PATCH 052/411] autogen(docs): regenerate and update changelog [skip ci] --- CHANGELOG.md | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 22d73f6c38ef..2f7f9322dddd 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,7 +4,7 @@ **Table of Contents** -- [ (2022-05-16)](#2022-05-16) +- [ (2022-05-19)](#2022-05-19) - [Breaking Changes](#breaking-changes) - [Bug Fixes](#bug-fixes) - [Code Refactoring](#code-refactoring) @@ -252,9 +252,11 @@ -# [](https://github.com/ory/kratos/compare/v0.9.0-alpha.3...v) (2022-05-16) +# [](https://github.com/ory/kratos/compare/v0.9.0-alpha.3...v) (2022-05-19) ## Breaking Changes +Please be aware that the SDK method signatures for `submitSelfServiceRecoveryFlow`, `submitSelfServiceRegistrationFlow`, `submitSelfServiceLoginFlow`, `submitSelfServiceSettingsFlow`, `submitSelfServiceVerificationFlow` might have changed in your SDK. + This patch moves several CLI command to comply with the Ory CLI command structure: ```patch @@ -326,6 +328,7 @@ This patch moves several CLI command to comply with the Ory CLI command structur * Internal Server Error on Empty PUT /identities/id body ([#2417](https://github.com/ory/kratos/issues/2417)) ([5a50231](https://github.com/ory/kratos/commit/5a50231b553aaa64bd90a3d2cd1be9d2e3aba9ac)) * Load return_to and append to errors ([#2333](https://github.com/ory/kratos/issues/2333)) ([5efe4a3](https://github.com/ory/kratos/commit/5efe4a33e35e74d248d4eec43dc901b7b6334037)), closes [#2275](https://github.com/ory/kratos/issues/2275) [#2279](https://github.com/ory/kratos/issues/2279) [#2285](https://github.com/ory/kratos/issues/2285) * Make delete formattable ([0005f35](https://github.com/ory/kratos/commit/0005f357a049ecbf94d76a1e73434837753a04ea)) +* Mark body as required ([#2479](https://github.com/ory/kratos/issues/2479)) ([c9ae117](https://github.com/ory/kratos/commit/c9ae1175340993cfc93db436c06462c80935ea2a)) * New issue templates ([b9ad684](https://github.com/ory/kratos/commit/b9ad684311ee8c654b2fa382010315e892581f5c)) * Openapi regression ([#2465](https://github.com/ory/kratos/issues/2465)) ([37a3369](https://github.com/ory/kratos/commit/37a3369cea8ed5af34e8324a291a7d7dba0eb43a)) * Refresh is always false when session exists ([d3436d7](https://github.com/ory/kratos/commit/d3436d7fa17589d91e25c9f0bd66bc3bb5b150fa)), closes [#2341](https://github.com/ory/kratos/issues/2341) @@ -338,6 +341,7 @@ This patch moves several CLI command to comply with the Ory CLI command structur * **sdk:** Improved OpenAPI specifications for UI nodes ([#2375](https://github.com/ory/kratos/issues/2375)) ([a42a0f7](https://github.com/ory/kratos/commit/a42a0f772af3625c457032d6dcc34289a62acc61)), closes [#2357](https://github.com/ory/kratos/issues/2357) * Serve.admin.request_log.disable_for_health behaviour ([#2399](https://github.com/ory/kratos/issues/2399)) ([0a381fa](https://github.com/ory/kratos/commit/0a381fa3d702f77e614d0492dafa3ac2cd102c7e)) * **sql:** Add additional join argument to resolve MySQL query issue ([854e5cb](https://github.com/ory/kratos/commit/854e5cba80cad52b58571587980c00c038ff6596)), closes [#2262](https://github.com/ory/kratos/issues/2262) +* Unreliable HIBP caching strategy ([#2468](https://github.com/ory/kratos/issues/2468)) ([93bf1e2](https://github.com/ory/kratos/commit/93bf1e2cd53f3a4de3ff414017c17813d36b56da)) * Use `path` instead of `filepath` to join http route paths ([16b1244](https://github.com/ory/kratos/commit/16b12449c841bf7a237fe436b884b4b5012cd022)), closes [#2292](https://github.com/ory/kratos/issues/2292) * Use JOIN instead of iterative queries ([0998cfb](https://github.com/ory/kratos/commit/0998cfb2fdda27ba8baeebcc603aae5fbe5c901f)), closes [#2402](https://github.com/ory/kratos/issues/2402) * Use pointer of string for PasswordIdentifier in example code ([#2421](https://github.com/ory/kratos/issues/2421)) ([61f12e7](https://github.com/ory/kratos/commit/61f12e7579c7c337d0f415ac2b4029790c659c3d)) From 1ff1d79f4a57b5c70eb9bc99710f9f5420f9f13d Mon Sep 17 00:00:00 2001 From: Henning Perl Date: Thu, 19 May 2022 20:43:53 +0200 Subject: [PATCH 053/411] chore: add missing down migrations (#2476) In order for the migration box to work correctly, every up migration must have a corresponding down migration. We just add empty files in this case. Co-authored-by: hperl <34397+hperl@users.noreply.github.com> --- Makefile | 1 + .../20191100000011_courier_body_type.down.sql | 0 ...30130643_add_verification_methods.down.sql | 0 ...30130644_add_verification_methods.down.sql | 0 ...30130645_add_verification_methods.down.sql | 0 ...30130646_add_verification_methods.down.sql | 0 script/add-down-migrations.sh | 20 +++++++++++++++++++ 7 files changed, 21 insertions(+) create mode 100644 persistence/sql/migrations/legacy/20191100000011_courier_body_type.down.sql create mode 100644 persistence/sql/migrations/legacy/20200830130643_add_verification_methods.down.sql create mode 100644 persistence/sql/migrations/legacy/20200830130644_add_verification_methods.down.sql create mode 100644 persistence/sql/migrations/legacy/20200830130645_add_verification_methods.down.sql create mode 100644 persistence/sql/migrations/legacy/20200830130646_add_verification_methods.down.sql create mode 100755 script/add-down-migrations.sh diff --git a/Makefile b/Makefile index fe31379ebca6..8ee3e8884b1c 100644 --- a/Makefile +++ b/Makefile @@ -158,6 +158,7 @@ test-e2e: node_modules test-resetdb .PHONY: migrations-sync migrations-sync: .bin/ory ory dev pop migration sync persistence/sql/migrations/templates persistence/sql/migratest/testdata + script/add-down-migrations.sh .PHONY: test-update-snapshots test-update-snapshots: diff --git a/persistence/sql/migrations/legacy/20191100000011_courier_body_type.down.sql b/persistence/sql/migrations/legacy/20191100000011_courier_body_type.down.sql new file mode 100644 index 000000000000..e69de29bb2d1 diff --git a/persistence/sql/migrations/legacy/20200830130643_add_verification_methods.down.sql b/persistence/sql/migrations/legacy/20200830130643_add_verification_methods.down.sql new file mode 100644 index 000000000000..e69de29bb2d1 diff --git a/persistence/sql/migrations/legacy/20200830130644_add_verification_methods.down.sql b/persistence/sql/migrations/legacy/20200830130644_add_verification_methods.down.sql new file mode 100644 index 000000000000..e69de29bb2d1 diff --git a/persistence/sql/migrations/legacy/20200830130645_add_verification_methods.down.sql b/persistence/sql/migrations/legacy/20200830130645_add_verification_methods.down.sql new file mode 100644 index 000000000000..e69de29bb2d1 diff --git a/persistence/sql/migrations/legacy/20200830130646_add_verification_methods.down.sql b/persistence/sql/migrations/legacy/20200830130646_add_verification_methods.down.sql new file mode 100644 index 000000000000..e69de29bb2d1 diff --git a/script/add-down-migrations.sh b/script/add-down-migrations.sh new file mode 100755 index 000000000000..57bf58254f66 --- /dev/null +++ b/script/add-down-migrations.sh @@ -0,0 +1,20 @@ +#!/bin/bash + +# This script adds empty down migrations for any migration that misses them. +# Adding them is necessary because if the down migration is missing, the +# migration will only be applied once, even if the database is completely +# rolled back. +# In newer versions of ory/x/popx, the migration box enforces that all up +# migrations have a down migration. Use this script to add them. + +set -Eeuo pipefail + +for f in $(find . -name "*.up.sql"); do + base=$(basename $f) + dir=$(dirname $f) + migra_name=$(echo $base | sed -e "s/\..*\.up\.sql//" | sed -e "s/\.up\.sql//") + if ! compgen -G "$dir/$migra_name*.down.sql" > /dev/null; then + echo "Adding empty down migration for $f" + touch $dir/$migra_name.down.sql + fi +done \ No newline at end of file From b90a5582284f1ceb0e97575e3b3562603b65ec5f Mon Sep 17 00:00:00 2001 From: Anirudh Oppiliappan Date: Fri, 20 May 2022 13:05:51 +0530 Subject: [PATCH 054/411] feat(tracing): improved tracing for requests (#2475) --- cmd/daemon/serve.go | 5 ++-- driver/registry_default.go | 4 +++ go.mod | 36 +++++++++++------------ go.sum | 56 +++++++++++++++++++++++++----------- hash/hasher.go | 6 +++- hash/hasher_argon2.go | 8 ++++++ hash/hasher_bcrypt.go | 15 +++++++++- hash/hasher_pbkdf2.go | 9 +++++- selfservice/hook/web_hook.go | 36 ++++++++++++++++++----- x/tracing.go | 14 +++++++++ 10 files changed, 141 insertions(+), 48 deletions(-) create mode 100644 x/tracing.go diff --git a/cmd/daemon/serve.go b/cmd/daemon/serve.go index ec39f82361c2..2242647becc9 100644 --- a/cmd/daemon/serve.go +++ b/cmd/daemon/serve.go @@ -9,7 +9,6 @@ import ( "github.com/ory/kratos/selfservice/flow/recovery" - "github.com/ory/x/otelx" "github.com/ory/x/reqlog" "github.com/ory/kratos/cmd/courier" @@ -123,7 +122,7 @@ func ServePublic(r driver.Registry, wg *sync.WaitGroup, cmd *cobra.Command, args certs := c.GetTSLCertificatesForPublic() if tracer := r.Tracer(ctx); tracer.IsLoaded() { - handler = otelx.NewHandler(n, "cmd.daemon.ServePublic") + handler = x.TraceHandler(handler) } server := graceful.WithDefaults(&http.Server{ @@ -183,7 +182,7 @@ func ServeAdmin(r driver.Registry, wg *sync.WaitGroup, cmd *cobra.Command, args var handler http.Handler = n if tracer := r.Tracer(ctx); tracer.IsLoaded() { - handler = otelx.NewHandler(n, "cmd.daemon.ServeAdmin") + handler = x.TraceHandler(n) } server := graceful.WithDefaults(&http.Server{ diff --git a/driver/registry_default.go b/driver/registry_default.go index f7c192ec90bf..219d5ea01c38 100644 --- a/driver/registry_default.go +++ b/driver/registry_default.go @@ -479,6 +479,10 @@ func (m *RegistryDefault) Tracer(ctx context.Context) *otelx.Tracer { m.trc = t } + if m.trc.Tracer() == nil { + m.trc = otelx.NewNoop(m.l, m.Config(ctx).Tracing()) + } + return m.trc } diff --git a/go.mod b/go.mod index c079bcbf3bdb..db50ded5817e 100644 --- a/go.mod +++ b/go.mod @@ -10,11 +10,11 @@ replace ( // github.com/luna-duclos/instrumentedsql => github.com/ory/instrumentedsql v1.2.0 // github.com/luna-duclos/instrumentedsql/opentracing => github.com/ory/instrumentedsql/opentracing v0.0.0-20210903114257-c8963b546c5c github.com/mattn/go-sqlite3 => github.com/mattn/go-sqlite3 v1.14.7-0.20210414154423-1157a4212dcb - github.com/oleiade/reflections => github.com/oleiade/reflections v1.0.1 // Use the internal httpclient which can be generated in this codebase but mark it as the // official SDK, allowing for the Ory CLI to consume Ory Kratos' CLI commands. github.com/ory/kratos-client-go => ./internal/httpclient + go.mongodb.org/mongo-driver => go.mongodb.org/mongo-driver v1.4.6 golang.org/x/sys => golang.org/x/sys v0.0.0-20220319134239-a9b59b0215f8 gopkg.in/DataDog/dd-trace-go.v1 => gopkg.in/DataDog/dd-trace-go.v1 v1.27.1-0.20201005154917-54b73b3e126a @@ -68,7 +68,7 @@ require ( github.com/montanaflynn/stats v0.0.0-20171201202039-1bf9dbcd8cbe github.com/ory/analytics-go/v4 v4.0.3 github.com/ory/dockertest/v3 v3.8.1 - github.com/ory/go-acc v0.2.6 + github.com/ory/go-acc v0.2.8 github.com/ory/go-convenience v0.1.0 github.com/ory/graceful v0.1.1 github.com/ory/herodot v0.9.13 @@ -76,7 +76,7 @@ require ( github.com/ory/kratos-client-go v0.6.3-alpha.1 github.com/ory/mail/v3 v3.0.0 github.com/ory/nosurf v1.2.7 - github.com/ory/x v0.0.386 + github.com/ory/x v0.0.392 github.com/phayes/freeport v0.0.0-20180830031419-95f893ade6f2 github.com/pkg/errors v0.9.1 github.com/pquerna/otp v1.3.0 @@ -91,11 +91,13 @@ require ( github.com/tidwall/sjson v1.2.4 github.com/urfave/negroni v1.0.0 github.com/zmb3/spotify/v2 v2.0.0 - golang.org/x/crypto v0.0.0-20210921155107-089bfa567519 + go.opentelemetry.io/otel v1.7.0 + go.opentelemetry.io/otel/trace v1.7.0 + golang.org/x/crypto v0.0.0-20211108221036-ceb1ce70b4fa golang.org/x/net v0.0.0-20211020060615-d418f374d309 golang.org/x/oauth2 v0.0.0-20211104180415-d3ed0bb246c8 golang.org/x/sync v0.0.0-20210220032951-036812b2e83c - golang.org/x/tools v0.1.8-0.20211029000441-d6a9af8af023 + golang.org/x/tools v0.1.10 ) require ( @@ -146,7 +148,7 @@ require ( github.com/fatih/structs v1.1.0 // indirect github.com/felixge/httpsnoop v1.0.2 // indirect github.com/form3tech-oss/jwt-go v3.2.3+incompatible // indirect - github.com/fsnotify/fsnotify v1.5.1 // indirect + github.com/fsnotify/fsnotify v1.5.4 // indirect github.com/fullstorydev/grpcurl v1.8.1 // indirect github.com/fxamacker/cbor/v2 v2.4.0 // indirect github.com/go-logr/logr v1.2.3 // indirect @@ -186,7 +188,7 @@ require ( github.com/gorilla/css v1.0.0 // indirect github.com/gorilla/handlers v1.5.1 // indirect github.com/gorilla/securecookie v1.1.1 // indirect - github.com/gorilla/websocket v1.4.2 // indirect + github.com/gorilla/websocket v1.5.0 // indirect github.com/grpc-ecosystem/go-grpc-middleware v1.3.0 // indirect github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0 // indirect github.com/grpc-ecosystem/grpc-gateway v1.16.0 // indirect @@ -221,7 +223,7 @@ require ( github.com/kr/text v0.2.0 // indirect github.com/leodido/go-urn v1.2.0 // indirect github.com/lib/pq v1.10.4 // indirect - github.com/magiconair/properties v1.8.5 // indirect + github.com/magiconair/properties v1.8.6 // indirect github.com/mailru/easyjson v0.7.7 // indirect github.com/markbates/hmax v1.0.0 // indirect github.com/mattn/go-colorable v0.1.12 // indirect @@ -232,7 +234,7 @@ require ( github.com/microcosm-cc/bluemonday v1.0.16 // indirect github.com/mitchellh/copystructure v1.2.0 // indirect github.com/mitchellh/go-homedir v1.1.0 // indirect - github.com/mitchellh/mapstructure v1.4.3 // indirect + github.com/mitchellh/mapstructure v1.5.0 // indirect github.com/mitchellh/reflectwalk v1.0.2 // indirect github.com/moby/term v0.0.0-20210619224110-3f7ff695adc6 // indirect github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect @@ -246,7 +248,7 @@ require ( github.com/openzipkin/zipkin-go v0.4.0 // indirect github.com/ory/viper v1.7.5 // indirect github.com/pborman/uuid v1.2.1 // indirect - github.com/pelletier/go-toml v1.9.4 // indirect + github.com/pelletier/go-toml v1.9.5 // indirect github.com/pkg/profile v1.6.0 // indirect github.com/pmezard/go-difflib v1.0.0 // indirect github.com/pquerna/cachecontrol v0.0.0-20200921180117-858c6e7e6b7e // indirect @@ -264,8 +266,8 @@ require ( github.com/soheilhy/cmux v0.1.5 // indirect github.com/sourcegraph/annotate v0.0.0-20160123013949-f4cad6c6324d // indirect github.com/sourcegraph/syntaxhighlight v0.0.0-20170531221838-bd320f5d308e // indirect - github.com/spf13/afero v1.6.0 // indirect - github.com/spf13/cast v1.4.1 // indirect + github.com/spf13/afero v1.8.2 // indirect + github.com/spf13/cast v1.5.0 // indirect github.com/spf13/jwalterweatherman v1.1.0 // indirect github.com/spf13/viper v1.10.0 // indirect github.com/subosito/gotenv v1.2.0 // indirect @@ -299,7 +301,6 @@ require ( go.opentelemetry.io/contrib/propagators/b3 v1.4.0 // indirect go.opentelemetry.io/contrib/propagators/jaeger v1.4.0 // indirect go.opentelemetry.io/contrib/samplers/jaegerremote v0.0.0-20220314184135-32895002a444 // indirect - go.opentelemetry.io/otel v1.7.0 // indirect go.opentelemetry.io/otel/exporters/jaeger v1.5.0 // indirect go.opentelemetry.io/otel/exporters/otlp/internal/retry v1.6.3 // indirect go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.6.3 // indirect @@ -308,17 +309,16 @@ require ( go.opentelemetry.io/otel/internal/metric v0.27.0 // indirect go.opentelemetry.io/otel/metric v0.27.0 // indirect go.opentelemetry.io/otel/sdk v1.7.0 // indirect - go.opentelemetry.io/otel/trace v1.7.0 // indirect go.opentelemetry.io/proto/otlp v0.15.0 // indirect go.uber.org/atomic v1.7.0 // indirect go.uber.org/multierr v1.7.0 // indirect go.uber.org/zap v1.17.0 // indirect - golang.org/x/mod v0.6.0-dev.0.20211013180041-c96bc1413d57 // indirect - golang.org/x/sys v0.0.0-20220227234510-4e6760a101f9 // indirect + golang.org/x/mod v0.6.0-dev.0.20220106191415-9b9b3d81d5e3 // indirect + golang.org/x/sys v0.0.0-20220517195934-5e4e11fc645e // indirect golang.org/x/term v0.0.0-20210927222741-03fcf44c2211 // indirect golang.org/x/text v0.3.7 // indirect golang.org/x/time v0.0.0-20211116232009-f0f3c7e86c11 // indirect - golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 // indirect + golang.org/x/xerrors v0.0.0-20220517211312-f3a8303e98df // indirect google.golang.org/appengine v1.6.7 // indirect google.golang.org/genproto v0.0.0-20211208223120-3a66f561d7aa // indirect google.golang.org/grpc v1.45.0 // indirect @@ -326,7 +326,7 @@ require ( gopkg.in/alecthomas/kingpin.v2 v2.2.6 // indirect gopkg.in/alexcesaro/quotedprintable.v3 v3.0.0-20150716171945-2caba252f4dc // indirect gopkg.in/cheggaaa/pb.v1 v1.0.28 // indirect - gopkg.in/ini.v1 v1.66.2 // indirect + gopkg.in/ini.v1 v1.66.4 // indirect gopkg.in/op/go-logging.v1 v1.0.0-20160211212156-b2cb9fa56473 // indirect gopkg.in/square/go-jose.v2 v2.6.0 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect diff --git a/go.sum b/go.sum index 44d0d2e8aaee..e2ba2e6c1705 100644 --- a/go.sum +++ b/go.sum @@ -22,6 +22,7 @@ cloud.google.com/go v0.62.0/go.mod h1:jmCYTdRCQuc1PHIIJ/maLInMho30T/Y0M4hTdTShOY cloud.google.com/go v0.65.0/go.mod h1:O5N8zS7uWy9vkA9vayVHs65eM1ubvY4h553ofrNHObY= cloud.google.com/go v0.72.0/go.mod h1:M+5Vjvlc2wnp6tjzE102Dw08nGShTscUx2nZMufOKPI= cloud.google.com/go v0.74.0/go.mod h1:VV1xSbzvo+9QJOxLDaJfTjx5e+MePCpCWwvftOeQmWk= +cloud.google.com/go v0.75.0/go.mod h1:VGuuCn7PG0dwsd5XPVm2Mm3wlh3EL55/79EKB6hlPTY= cloud.google.com/go v0.78.0/go.mod h1:QjdrLG0uq+YwhjoVOLsS1t7TW8fs36kLs4XO5R5ECHg= cloud.google.com/go v0.79.0/go.mod h1:3bzgcEeQlzbuEAYu4mrWhKqWjmpprinYgKJLgKHnbb8= cloud.google.com/go v0.81.0/go.mod h1:mk/AM35KwGk/Nm2YSeZbxXdrNK3KZOYHmLkOqC2V6E0= @@ -55,6 +56,7 @@ cloud.google.com/go/storage v1.5.0/go.mod h1:tpKbwo567HUNpVclU5sGELwQWBDZ8gh0Zeo cloud.google.com/go/storage v1.6.0/go.mod h1:N7U0C8pVQ/+NIKOBQyamJIeKQKkZ+mxpohlUTyfDhBk= cloud.google.com/go/storage v1.8.0/go.mod h1:Wv1Oy7z6Yz3DshWRJFhqM/UCfaWIRTdp0RXyy7KQOVs= cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9ullr3+Kg0= +cloud.google.com/go/storage v1.14.0/go.mod h1:GrKmX003DSIwi9o29oFT7YDnHYwZoctc3fOKtUw0Xmo= code.gitea.io/sdk/gitea v0.11.3/go.mod h1:z3uwDV/b9Ls47NGukYM9XhnHtqPh/J+t40lsUrR6JDY= contrib.go.opencensus.io/exporter/aws v0.0.0-20181029163544-2befc13012d0/go.mod h1:uu1P0UCM/6RbsMrgPa98ll8ZcHM858i/AD06a9aLRCA= contrib.go.opencensus.io/exporter/ocagent v0.5.0/go.mod h1:ImxhfLRpxoYiSq891pBrLVhN+qmP8BTVvdH2YLs7Gl0= @@ -556,10 +558,13 @@ github.com/fortytw2/leaktest v1.3.0/go.mod h1:jDsjWgpAGjm2CA7WthBh/CdZYEPF31XHqu github.com/franela/goblin v0.0.0-20200105215937-c9ffbefa60db/go.mod h1:7dvUGVsVBjqR7JHJk0brhHOZYGmfBYOrK0ZhYMEtBr4= github.com/franela/goreq v0.0.0-20171204163338-bcd34c9993f8/go.mod h1:ZhphrRTfi2rbfLwlschooIH4+wKKDR4Pdxhh+TRoA20= github.com/frankban/quicktest v1.11.3/go.mod h1:wRf/ReqHper53s+kmmSZizM8NamnL3IM0I9ntUbOk+k= +github.com/frankban/quicktest v1.14.3 h1:FJKSZTDHjyhriyC81FLQ0LY93eSai0ZyR/ZIkd3ZUKE= +github.com/frankban/quicktest v1.14.3/go.mod h1:mgiwOwqx65TmIk1wJ6Q7wvnVMocbUorkibMOrVTHZps= github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo= github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ= -github.com/fsnotify/fsnotify v1.5.1 h1:mZcQUHVQUQWoPXXtuf9yuEXKudkV2sx1E06UadKWpgI= github.com/fsnotify/fsnotify v1.5.1/go.mod h1:T3375wBYaZdLLcVNkcVbzGHY7f1l/uK5T5Ai1i3InKU= +github.com/fsnotify/fsnotify v1.5.4 h1:jRbGcIw6P2Meqdwuo0H1p6JVLbL5DHKAKlYndzMwVZI= +github.com/fsnotify/fsnotify v1.5.4/go.mod h1:OVB6XrOHzAwXMpEM7uPOzcehqUV2UqJxmVXmkdnm1bU= github.com/fullsailor/pkcs7 v0.0.0-20190404230743-d7302db945fa/go.mod h1:KnogPXtdwXqoenmZCw6S+25EAm2MkxbG0deNDu4cbSA= github.com/fullstorydev/grpcurl v1.8.0/go.mod h1:Mn2jWbdMrQGJQ8UD62uNyMumT2acsZUCkZIqFxsQf1o= github.com/fullstorydev/grpcurl v1.8.1 h1:Pp648wlTTg3OKySeqxM5pzh8XF6vLqrm8wRq66+5Xo0= @@ -913,6 +918,7 @@ github.com/google/pprof v0.0.0-20200430221834-fc25d7d30c6d/go.mod h1:ZgVRPoUq/hf github.com/google/pprof v0.0.0-20200708004538-1a94d8640e99/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= github.com/google/pprof v0.0.0-20201023163331-3e6fc7fc9c4c/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20201203190320-1bf35d6f28c2/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= +github.com/google/pprof v0.0.0-20201218002935-b9804c9f04c2/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20210122040257-d980be63207e/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20210226084205-cbba55b83ad5/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20210601050228-01bbb1931b22/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= @@ -939,6 +945,7 @@ github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5m github.com/googleapis/gax-go/v2 v2.1.0/go.mod h1:Q3nei7sK6ybPYH7twZdmQpAd1MKb7pfu6SK+H1/DsU0= github.com/googleapis/gax-go/v2 v2.1.1/go.mod h1:hddJymUZASv3XPyGkUpKj8pPO47Rmb0eJc8R6ouapiM= github.com/googleapis/gnostic v0.4.1/go.mod h1:LRhVm6pbyptWbWbuZ38d1eyptfvIytN3ir6b65WBswg= +github.com/googleapis/google-cloud-go-testing v0.0.0-20200911160855-bcd43fbb19e8/go.mod h1:dvDLG8qkwmyD9a/MJJN3XJcT3xFxOKAvTZGvuZmac9g= github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY= github.com/gordonklaus/ineffassign v0.0.0-20200309095847-7953dde2c7bf/go.mod h1:cuNKsD1zp2v6XfE/orVX2QE1LC+i254ceGcVeDT3pTU= github.com/goreleaser/goreleaser v0.134.0/go.mod h1:ZT6Y2rSYa6NxQzIsdfWWNWAlYGXGbreo66NmE+3X3WQ= @@ -958,8 +965,9 @@ github.com/gorilla/securecookie v1.1.1 h1:miw7JPhV+b/lAHSXz4qd/nN9jRiAFV5FwjeKyC github.com/gorilla/securecookie v1.1.1/go.mod h1:ra0sb63/xPlUeL+yeDciTfxMRAA+MP+HVt/4epWDjd4= github.com/gorilla/websocket v0.0.0-20170926233335-4201258b820c/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ= github.com/gorilla/websocket v1.4.0/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ= -github.com/gorilla/websocket v1.4.2 h1:+/TMaTYc4QFitKJxsQ7Yye35DkWvkdLcvGKqM+x0Ufc= github.com/gorilla/websocket v1.4.2/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE= +github.com/gorilla/websocket v1.5.0 h1:PPwGk2jz7EePpoHN/+ClbZu8SPxiqlu12wZP/3sWmnc= +github.com/gorilla/websocket v1.5.0/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE= github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7/go.mod h1:FecbI9+v66THATjSRHfNgh1IVFe/9kFxbXtjV0ctIMA= github.com/grpc-ecosystem/go-grpc-middleware v1.0.0/go.mod h1:FiyG127CGDf3tlThmgyCl78X/SZQqEOJBCDaAfeWzPs= github.com/grpc-ecosystem/go-grpc-middleware v1.0.1-0.20190118093823-f849b5445de4/go.mod h1:FiyG127CGDf3tlThmgyCl78X/SZQqEOJBCDaAfeWzPs= @@ -1251,8 +1259,9 @@ github.com/lyft/protoc-gen-validate v0.0.13/go.mod h1:XbGvPuh87YZc5TdIa2/I4pLk0Q github.com/magiconair/properties v1.8.0/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ= github.com/magiconair/properties v1.8.1/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ= github.com/magiconair/properties v1.8.4/go.mod h1:y3VJvCyxH9uVvJTWEGAELF3aiYNyPKd5NZ3oSwXrF60= -github.com/magiconair/properties v1.8.5 h1:b6kJs+EmPFMYGkow9GiUyCyOvIwYetYJ3fSaWak/Gls= github.com/magiconair/properties v1.8.5/go.mod h1:y3VJvCyxH9uVvJTWEGAELF3aiYNyPKd5NZ3oSwXrF60= +github.com/magiconair/properties v1.8.6 h1:5ibWZ6iY0NctNGWo87LalDlEZ6R41TqbbDamhfG/Qzo= +github.com/magiconair/properties v1.8.6/go.mod h1:y3VJvCyxH9uVvJTWEGAELF3aiYNyPKd5NZ3oSwXrF60= github.com/mailru/easyjson v0.0.0-20180823135443-60711f1a8329/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc= github.com/mailru/easyjson v0.0.0-20190312143242-1de009706dbe/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc= github.com/mailru/easyjson v0.0.0-20190614124828-94de47d64c63/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc= @@ -1341,8 +1350,9 @@ github.com/mitchellh/mapstructure v1.3.3/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RR github.com/mitchellh/mapstructure v1.4.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= github.com/mitchellh/mapstructure v1.4.1/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= github.com/mitchellh/mapstructure v1.4.2/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= -github.com/mitchellh/mapstructure v1.4.3 h1:OVowDSCllw/YjdLkam3/sm7wEtOy59d8ndGgCcyj8cs= github.com/mitchellh/mapstructure v1.4.3/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= +github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyuac5Z2hdY= +github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= github.com/mitchellh/osext v0.0.0-20151018003038-5e2d6d41470f/go.mod h1:OkQIRizQZAeMln+1tSwduZz7+Af5oFlKirV/MSYes2A= github.com/mitchellh/reflectwalk v1.0.0/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw= github.com/mitchellh/reflectwalk v1.0.1/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw= @@ -1464,8 +1474,9 @@ github.com/ory/analytics-go/v4 v4.0.3 h1:2zNBQLlm3UiD8U7DdUGLLUBm62ZA5GtbEJ3S5U+ github.com/ory/analytics-go/v4 v4.0.3/go.mod h1:A3Chm/3TmM8jw4nqRss+gFhAYHRI5j/HFYH3C1FRahU= github.com/ory/dockertest/v3 v3.8.1 h1:vU/8d1We4qIad2YM0kOwRVtnyue7ExvacPiw1yDm17g= github.com/ory/dockertest/v3 v3.8.1/go.mod h1:wSRQ3wmkz+uSARYMk7kVJFDBGm8x5gSxIhI7NDc+BAQ= -github.com/ory/go-acc v0.2.6 h1:YfI+L9dxI7QCtWn2RbawqO0vXhiThdXu/RgizJBbaq0= github.com/ory/go-acc v0.2.6/go.mod h1:4Kb/UnPcT8qRAk3IAxta+hvVapdxTLWtrr7bFLlEgpw= +github.com/ory/go-acc v0.2.8 h1:rOHHAPQjf0u7eHFGWpiXK+gIu/e0GRSJNr9pDukdNC4= +github.com/ory/go-acc v0.2.8/go.mod h1:iCRZUdGb/7nqvSn8xWZkhfVrtXRZ9Wru2E5rabCjFPI= github.com/ory/go-convenience v0.1.0 h1:zouLKfF2GoSGnJwGq+PE/nJAE6dj2Zj5QlTgmMTsTS8= github.com/ory/go-convenience v0.1.0/go.mod h1:uEY/a60PL5c12nYz4V5cHY03IBmwIAEm8TWB0yn9KNs= github.com/ory/graceful v0.1.1 h1:zx+8tDObLPrG+7Tc8jKYlXsqWnLtOQA1IZ/FAAKHMXU= @@ -1484,8 +1495,8 @@ github.com/ory/sessions v1.2.2-0.20220110165800-b09c17334dc2 h1:zm6sDvHy/U9XrGpi github.com/ory/sessions v1.2.2-0.20220110165800-b09c17334dc2/go.mod h1:dk2InVEVJ0sfLlnXv9EAgkf6ecYs/i80K/zI+bUmuGM= github.com/ory/viper v1.7.5 h1:+xVdq7SU3e1vNaCsk/ixsfxE4zylk1TJUiJrY647jUE= github.com/ory/viper v1.7.5/go.mod h1:ypOuyJmEUb3oENywQZRgeAMwqgOyDqwboO1tj3DjTaM= -github.com/ory/x v0.0.386 h1:XQS2VAMvbWlpNUSEqitlx5FkNBdOfUMuJ/1SlUUM5j0= -github.com/ory/x v0.0.386/go.mod h1:FRfCy/kGTj71VVJ8BpA8IX11H6hYqcHaJNyYnbZavjg= +github.com/ory/x v0.0.392 h1:Cqm5wEXMT328/VJbZZftQosBS6x+V+s0RaHAWYpxlhM= +github.com/ory/x v0.0.392/go.mod h1:FRfCy/kGTj71VVJ8BpA8IX11H6hYqcHaJNyYnbZavjg= github.com/otiai10/copy v1.2.0/go.mod h1:rrF5dJ5F0t/EWSYODDu4j9/vEeYHMkc8jt0zJChqQWw= github.com/otiai10/curr v0.0.0-20150429015615-9b4961190c95/go.mod h1:9qAhocn7zKJG+0mI8eUu6xqkFDYS2kb2saOteoSB3cE= github.com/otiai10/curr v1.0.0/go.mod h1:LskTG5wDwr8Rs+nNQ+1LlxRjAtTZZjtJW4rMXl6j4vs= @@ -1504,8 +1515,9 @@ github.com/pelletier/go-toml v1.7.0/go.mod h1:vwGMzjaWMwyfHwgIBhI2YUM4fB6nL6lVAv github.com/pelletier/go-toml v1.8.0/go.mod h1:D6yutnOGMveHEPV7VQOuvI/gXY61bv+9bAOTRnLElKs= github.com/pelletier/go-toml v1.8.1/go.mod h1:T2/BmBdy8dvIRq1a/8aqjN41wvWlN4lrapLU/GW4pbc= github.com/pelletier/go-toml v1.9.3/go.mod h1:u1nR/EPcESfeI/szUZKdtJ0xRNbUoANCkoOuaOx1Y+c= -github.com/pelletier/go-toml v1.9.4 h1:tjENF6MfZAg8e4ZmZTeWaWiT2vXtsoO6+iuOjFhECwM= github.com/pelletier/go-toml v1.9.4/go.mod h1:u1nR/EPcESfeI/szUZKdtJ0xRNbUoANCkoOuaOx1Y+c= +github.com/pelletier/go-toml v1.9.5 h1:4yBQzkHv+7BHq2PQUZF3Mx0IYxG7LsP222s7Agd3ve8= +github.com/pelletier/go-toml v1.9.5/go.mod h1:u1nR/EPcESfeI/szUZKdtJ0xRNbUoANCkoOuaOx1Y+c= github.com/performancecopilot/speed v3.0.0+incompatible/go.mod h1:/CLtqpZ5gBg1M9iaPbIdPPGyKcA8hKdoy6hAWba7Yac= github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR/tNboyR3/BZd58JJSHlUSCU= github.com/phayes/freeport v0.0.0-20180830031419-95f893ade6f2 h1:JhzVVoYvbOACxoUmOs6V/G4D5nPVUW73rKvXxP4XUJc= @@ -1529,6 +1541,7 @@ github.com/pkg/profile v1.2.1/go.mod h1:hJw3o1OdXxsrSjjVksARp5W95eeEaEfptyVZyv6J github.com/pkg/profile v1.6.0 h1:hUDfIISABYI59DyeB3OTay/HxSRwTQ8rB/H83k6r5dM= github.com/pkg/profile v1.6.0/go.mod h1:qBsxPvzyUincmltOk6iyRVxHYg4adc0OFOv72ZdLa18= github.com/pkg/sftp v1.10.1/go.mod h1:lYOWFsE0bwd1+KfKJaKeuokY15vzFx25BLbzYYoAxZI= +github.com/pkg/sftp v1.13.1/go.mod h1:3HaPG6Dq1ILlpPZRO0HVMrsydcdLt6HRDccSgb87qRg= github.com/pmezard/go-difflib v0.0.0-20151028094244-d8ed2627bdf0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= @@ -1688,13 +1701,15 @@ github.com/spf13/afero v1.3.3/go.mod h1:5KUK8ByomD5Ti5Artl0RtHeI5pTF7MIDuXL3yY52 github.com/spf13/afero v1.3.4/go.mod h1:Ai8FlHk4v/PARR026UzYexafAt9roJ7LcLMAmO6Z93I= github.com/spf13/afero v1.4.1/go.mod h1:Ai8FlHk4v/PARR026UzYexafAt9roJ7LcLMAmO6Z93I= github.com/spf13/afero v1.5.1/go.mod h1:Ai8FlHk4v/PARR026UzYexafAt9roJ7LcLMAmO6Z93I= -github.com/spf13/afero v1.6.0 h1:xoax2sJ2DT8S8xA2paPFjDCScCNeWsg75VG0DLRreiY= github.com/spf13/afero v1.6.0/go.mod h1:Ai8FlHk4v/PARR026UzYexafAt9roJ7LcLMAmO6Z93I= +github.com/spf13/afero v1.8.2 h1:xehSyVa0YnHWsJ49JFljMpg1HX19V6NDZ1fkm1Xznbo= +github.com/spf13/afero v1.8.2/go.mod h1:CtAatgMJh6bJEIs48Ay/FOnkljP3WeGUG0MC1RfAqwo= github.com/spf13/cast v1.3.0/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE= github.com/spf13/cast v1.3.1/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE= github.com/spf13/cast v1.3.2-0.20200723214538-8d17101741c8/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE= -github.com/spf13/cast v1.4.1 h1:s0hze+J0196ZfEMTs80N7UlFt0BDuQ7Q+JDnHiMWKdA= github.com/spf13/cast v1.4.1/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE= +github.com/spf13/cast v1.5.0 h1:rj3WzYc11XZaIZMPKmwP96zkFEnnAmV8s6XbB2aY32w= +github.com/spf13/cast v1.5.0/go.mod h1:SpXXQ5YoyJw6s3/6cMTQuxvgRl3PCJiyaX9p6b155UU= github.com/spf13/cobra v0.0.2-0.20171109065643-2da4a54c5cee/go.mod h1:1l0Ry5zgKvJasoi3XT1TypsSe7PqH0Sj9dhYf7v3XqQ= github.com/spf13/cobra v0.0.3/go.mod h1:1l0Ry5zgKvJasoi3XT1TypsSe7PqH0Sj9dhYf7v3XqQ= github.com/spf13/cobra v0.0.5/go.mod h1:3K3wKZymM7VvHMDS9+Akkh4K60UwM26emMESw8tLCHU= @@ -2000,12 +2015,14 @@ golang.org/x/crypto v0.0.0-20201112155050-0c6587e931a9/go.mod h1:LzIPMQfyMNhhGPh golang.org/x/crypto v0.0.0-20201124201722-c8d3bf9c5392/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I= golang.org/x/crypto v0.0.0-20210220033148-5ea612d1eb83/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I= golang.org/x/crypto v0.0.0-20210322153248-0c34fe9e7dc2/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4= +golang.org/x/crypto v0.0.0-20210421170649-83a5a9bb288b/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4= golang.org/x/crypto v0.0.0-20210506145944-38f3c27a63bf/go.mod h1:P+XmwS30IXTQdn5tA2iutPOUgjI07+tq3H3K9MVA1s8= golang.org/x/crypto v0.0.0-20210711020723-a769d52b0f97/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.0.0-20210817164053-32db794688a5/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.0.0-20210920023735-84f357641f63/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= -golang.org/x/crypto v0.0.0-20210921155107-089bfa567519 h1:7I4JAnoQBe7ZtJcBaYHi5UtiO8tQHbUSXxL+pnGRANg= golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= +golang.org/x/crypto v0.0.0-20211108221036-ceb1ce70b4fa h1:idItI2DDfCokpg0N51B2VtiLdJ4vAuXC9fnCb2gACo4= +golang.org/x/crypto v0.0.0-20211108221036-ceb1ce70b4fa/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/exp v0.0.0-20180321215751-8460e604b9de/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20180807140117-3d87b88a115f/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= @@ -2057,8 +2074,8 @@ golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.5.0/go.mod h1:5OXOZSfqPIIbmVBIIKWRFfZjPR0E5r58TLhUjH0a2Ro= golang.org/x/mod v0.5.1/go.mod h1:5OXOZSfqPIIbmVBIIKWRFfZjPR0E5r58TLhUjH0a2Ro= -golang.org/x/mod v0.6.0-dev.0.20211013180041-c96bc1413d57 h1:LQmS1nU0twXLA96Kt7U9qtHJEbBk3z6Q0V4UXjZkpr4= -golang.org/x/mod v0.6.0-dev.0.20211013180041-c96bc1413d57/go.mod h1:3p9vT2HGsQu2K1YbXdKPJLVgG5VJdoTa1poYQBtP1AY= +golang.org/x/mod v0.6.0-dev.0.20220106191415-9b9b3d81d5e3 h1:kQgndtyPBW/JIYERgdxfwMYh3AVStj88WQTlNDi2a+o= +golang.org/x/mod v0.6.0-dev.0.20220106191415-9b9b3d81d5e3/go.mod h1:3p9vT2HGsQu2K1YbXdKPJLVgG5VJdoTa1poYQBtP1AY= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -2277,6 +2294,7 @@ golang.org/x/tools v0.0.0-20201208233053-a543418bbed2/go.mod h1:emZCQorbCU4vsT4f golang.org/x/tools v0.0.0-20201224043029-2b0845dc783e/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.0.0-20210105154028-b0ab187a4818/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= +golang.org/x/tools v0.0.0-20210108195828-e2f9c7f1fc8e/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0= golang.org/x/tools v0.1.1/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.2/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= @@ -2284,14 +2302,15 @@ golang.org/x/tools v0.1.3/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.4/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.7/go.mod h1:LGqMHiF4EqQNHR1JncWGqT5BVaXmza+X+BDGol+dOxo= -golang.org/x/tools v0.1.8-0.20211029000441-d6a9af8af023 h1:0c3L82FDQ5rt1bjTBlchS8t6RQ6299/+5bWMnRLh+uI= -golang.org/x/tools v0.1.8-0.20211029000441-d6a9af8af023/go.mod h1:nABZi5QlRsZVlzPpHl034qft6wpY4eDcsTt5AaioBiU= +golang.org/x/tools v0.1.10 h1:QjFRCZxdOhBJ/UNgnBZLbNV13DlbnK0quyivTnXJM20= +golang.org/x/tools v0.1.10/go.mod h1:Uh6Zz+xoGYZom868N8YTex3t7RhtHDBrE8Gzo9bV56E= golang.org/x/xerrors v0.0.0-20190410155217-1f06c39b4373/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 h1:go1bK/D/BFZV2I8cIQd1NKEZ+0owSTG1fDTci4IqFcE= golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +golang.org/x/xerrors v0.0.0-20220517211312-f3a8303e98df h1:5Pf6pFKu98ODmgnpvkJ3kFUOQGGLIzLIkbzUHp47618= +golang.org/x/xerrors v0.0.0-20220517211312-f3a8303e98df/go.mod h1:K8+ghG5WaK9qNqU5K3HdILfMLy1f3aNYFI/wnl100a8= gonum.org/v1/gonum v0.0.0-20180816165407-929014505bf4/go.mod h1:Y+Yx5eoAFn32cQvJDxZx5Dpnq+c3wtXuadVZAcxbbBo= gonum.org/v1/gonum v0.8.2/go.mod h1:oe/vMfY3deqTw+1EZJhuvEW2iwGF1bW9wwu7XCu0+v0= gonum.org/v1/gonum v0.9.3/go.mod h1:TZumC3NeyVQskjXqmyWt4S3bINhy7B4eYwW69EbyX+0= @@ -2396,7 +2415,9 @@ google.golang.org/genproto v0.0.0-20201110150050-8816d57aaa9a/go.mod h1:FWY/as6D google.golang.org/genproto v0.0.0-20201201144952-b05cb90ed32e/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20201210142538-e3217bee35cc/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20201214200347-8c77b98c765d/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= +google.golang.org/genproto v0.0.0-20210108203827-ffc7fda8c3d7/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20210222152913-aa3ee6e6a81c/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= +google.golang.org/genproto v0.0.0-20210226172003-ab064af71705/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20210303154014-9728d6b83eeb/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20210310155132-4ce2db91004e/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20210319143718-93e7006c17a6/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= @@ -2518,8 +2539,9 @@ gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= gopkg.in/ini.v1 v1.51.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= gopkg.in/ini.v1 v1.57.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= gopkg.in/ini.v1 v1.62.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= -gopkg.in/ini.v1 v1.66.2 h1:XfR1dOYubytKy4Shzc2LHrrGhU0lDCfDGG1yLPmpgsI= gopkg.in/ini.v1 v1.66.2/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= +gopkg.in/ini.v1 v1.66.4 h1:SsAcf+mM7mRZo2nJNGt8mZCjG8ZRaNGMURJw7BsIST4= +gopkg.in/ini.v1 v1.66.4/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= gopkg.in/mail.v2 v2.3.1/go.mod h1:htwXN1Qh09vZJ1NVKxQqHPBaCBbzKhp5GzuJEA4VJWw= gopkg.in/natefinch/lumberjack.v2 v2.0.0/go.mod h1:l0ndWWf7gzL7RNwBG7wST/UCcT4T24xpD6X8LsfU/+k= gopkg.in/op/go-logging.v1 v1.0.0-20160211212156-b2cb9fa56473 h1:6D+BvnJ/j6e222UW8s2qTSe3wGBtvo0MbVQG/c5k8RE= diff --git a/hash/hasher.go b/hash/hasher.go index 8398ae293393..a936f9155095 100644 --- a/hash/hasher.go +++ b/hash/hasher.go @@ -1,6 +1,8 @@ package hash -import "context" +import ( + "context" +) // Hasher provides methods for generating and comparing password hashes. type Hasher interface { @@ -14,3 +16,5 @@ type Hasher interface { type HashProvider interface { Hasher() Hasher } + +const tracingComponent = "github.com/ory/kratos/hash" diff --git a/hash/hasher_argon2.go b/hash/hasher_argon2.go index 6280518df860..a05c3b02f547 100644 --- a/hash/hasher_argon2.go +++ b/hash/hasher_argon2.go @@ -8,6 +8,9 @@ import ( "fmt" "github.com/inhies/go-bytesize" + "go.opentelemetry.io/otel" + "go.opentelemetry.io/otel/attribute" + "go.opentelemetry.io/otel/codes" "github.com/pkg/errors" "golang.org/x/crypto/argon2" @@ -38,7 +41,10 @@ func toKB(mem bytesize.ByteSize) uint32 { } func (h *Argon2) Generate(ctx context.Context, password []byte) ([]byte, error) { + ctx, span := otel.GetTracerProvider().Tracer(tracingComponent).Start(ctx, "hash.Argon2.Generate") + defer span.End() p := h.c.Config(ctx).HasherArgon2() + span.SetAttributes(attribute.String("argon2.config", fmt.Sprintf("#%v", p))) salt := make([]byte, p.SaltLength) if _, err := rand.Read(salt); err != nil { @@ -58,6 +64,8 @@ func (h *Argon2) Generate(ctx context.Context, password []byte) ([]byte, error) base64.RawStdEncoding.EncodeToString(salt), base64.RawStdEncoding.EncodeToString(hash), ); err != nil { + span.RecordError(err) + span.SetStatus(codes.Error, err.Error()) return nil, errors.WithStack(err) } diff --git a/hash/hasher_bcrypt.go b/hash/hasher_bcrypt.go index 4f23a58e4246..3aa397a8ba97 100644 --- a/hash/hasher_bcrypt.go +++ b/hash/hasher_bcrypt.go @@ -3,6 +3,10 @@ package hash import ( "context" + "go.opentelemetry.io/otel" + "go.opentelemetry.io/otel/attribute" + "go.opentelemetry.io/otel/codes" + "github.com/ory/kratos/schema" "golang.org/x/crypto/bcrypt" @@ -23,12 +27,21 @@ func NewHasherBcrypt(c BcryptConfiguration) *Bcrypt { } func (h *Bcrypt) Generate(ctx context.Context, password []byte) ([]byte, error) { + ctx, span := otel.GetTracerProvider().Tracer(tracingComponent).Start(ctx, "hash.Bcrypt.Generate") + defer span.End() + if err := validateBcryptPasswordLength(password); err != nil { + span.RecordError(err) + span.SetStatus(codes.Error, err.Error()) return nil, err } - hash, err := bcrypt.GenerateFromPassword(password, int(h.c.Config(ctx).HasherBcrypt().Cost)) + cost := int(h.c.Config(ctx).HasherBcrypt().Cost) + span.SetAttributes(attribute.Int("bcrypt.cost", cost)) + hash, err := bcrypt.GenerateFromPassword(password, cost) if err != nil { + span.RecordError(err) + span.SetStatus(codes.Error, err.Error()) return nil, err } diff --git a/hash/hasher_pbkdf2.go b/hash/hasher_pbkdf2.go index 5de4cd8b3ddb..c8ca2463cc94 100644 --- a/hash/hasher_pbkdf2.go +++ b/hash/hasher_pbkdf2.go @@ -12,6 +12,8 @@ import ( "hash" "github.com/pkg/errors" + "go.opentelemetry.io/otel" + "go.opentelemetry.io/otel/codes" "golang.org/x/crypto/pbkdf2" "golang.org/x/crypto/sha3" ) @@ -23,7 +25,10 @@ type Pbkdf2 struct { KeyLength uint32 } -func (h *Pbkdf2) Generate(_ context.Context, password []byte) ([]byte, error) { +func (h *Pbkdf2) Generate(ctx context.Context, password []byte) ([]byte, error) { + _, span := otel.GetTracerProvider().Tracer("").Start(ctx, "hash.Pbkdf2.Generate") + defer span.End() + salt := make([]byte, h.SaltLength) if _, err := rand.Read(salt); err != nil { return nil, err @@ -41,6 +46,8 @@ func (h *Pbkdf2) Generate(_ context.Context, password []byte) ([]byte, error) { base64.RawStdEncoding.EncodeToString(salt), base64.RawStdEncoding.EncodeToString(key), ); err != nil { + span.RecordError(err) + span.SetStatus(codes.Error, err.Error()) return nil, errors.WithStack(err) } diff --git a/selfservice/hook/web_hook.go b/selfservice/hook/web_hook.go index fb87a0c181f5..fb104ccf024f 100644 --- a/selfservice/hook/web_hook.go +++ b/selfservice/hook/web_hook.go @@ -8,6 +8,8 @@ import ( "github.com/pkg/errors" "github.com/tidwall/gjson" + "go.opentelemetry.io/otel/codes" + "go.opentelemetry.io/otel/trace" "github.com/ory/kratos/identity" "github.com/ory/kratos/request" @@ -19,6 +21,7 @@ import ( "github.com/ory/kratos/selfservice/flow/verification" "github.com/ory/kratos/session" "github.com/ory/kratos/x" + "github.com/ory/x/otelx" ) var _ registration.PostHookPostPersistExecutor = new(WebHook) @@ -29,6 +32,7 @@ type ( webHookDependencies interface { x.LoggingProvider x.HTTPClientProvider + x.TracingProvider } templateContext struct { @@ -50,7 +54,8 @@ func NewWebHook(r webHookDependencies, c json.RawMessage) *WebHook { } func (e *WebHook) ExecuteLoginPreHook(_ http.ResponseWriter, req *http.Request, flow *login.Flow) error { - return e.execute(req.Context(), &templateContext{ + ctx, _ := e.deps.Tracer(req.Context()).Tracer().Start(req.Context(), "selfservice.hook.ExecutePreLoginHook") + return e.execute(ctx, &templateContext{ Flow: flow, RequestHeaders: req.Header, RequestMethod: req.Method, @@ -59,7 +64,8 @@ func (e *WebHook) ExecuteLoginPreHook(_ http.ResponseWriter, req *http.Request, } func (e *WebHook) ExecuteLoginPostHook(_ http.ResponseWriter, req *http.Request, flow *login.Flow, session *session.Session) error { - return e.execute(req.Context(), &templateContext{ + ctx, _ := e.deps.Tracer(req.Context()).Tracer().Start(req.Context(), "selfservice.hook.ExecutePostLoginHook") + return e.execute(ctx, &templateContext{ Flow: flow, RequestHeaders: req.Header, RequestMethod: req.Method, @@ -69,7 +75,8 @@ func (e *WebHook) ExecuteLoginPostHook(_ http.ResponseWriter, req *http.Request, } func (e *WebHook) ExecutePostVerificationHook(_ http.ResponseWriter, req *http.Request, flow *verification.Flow, identity *identity.Identity) error { - return e.execute(req.Context(), &templateContext{ + ctx, _ := e.deps.Tracer(req.Context()).Tracer().Start(req.Context(), "selfservice.hook.ExecutePostVerificationHook") + return e.execute(ctx, &templateContext{ Flow: flow, RequestHeaders: req.Header, RequestMethod: req.Method, @@ -79,7 +86,8 @@ func (e *WebHook) ExecutePostVerificationHook(_ http.ResponseWriter, req *http.R } func (e *WebHook) ExecutePostRecoveryHook(_ http.ResponseWriter, req *http.Request, flow *recovery.Flow, session *session.Session) error { - return e.execute(req.Context(), &templateContext{ + ctx, _ := e.deps.Tracer(req.Context()).Tracer().Start(req.Context(), "selfservice.hook.ExecutePostRecoveryHook") + return e.execute(ctx, &templateContext{ Flow: flow, RequestHeaders: req.Header, RequestMethod: req.Method, @@ -89,7 +97,8 @@ func (e *WebHook) ExecutePostRecoveryHook(_ http.ResponseWriter, req *http.Reque } func (e *WebHook) ExecuteRegistrationPreHook(_ http.ResponseWriter, req *http.Request, flow *registration.Flow) error { - return e.execute(req.Context(), &templateContext{ + ctx, _ := e.deps.Tracer(req.Context()).Tracer().Start(req.Context(), "selfservice.hook.ExecuteRegistrationPreHook") + return e.execute(ctx, &templateContext{ Flow: flow, RequestHeaders: req.Header, RequestMethod: req.Method, @@ -98,7 +107,8 @@ func (e *WebHook) ExecuteRegistrationPreHook(_ http.ResponseWriter, req *http.Re } func (e *WebHook) ExecutePostRegistrationPostPersistHook(_ http.ResponseWriter, req *http.Request, flow *registration.Flow, session *session.Session) error { - return e.execute(req.Context(), &templateContext{ + ctx, _ := e.deps.Tracer(req.Context()).Tracer().Start(req.Context(), "selfservice.hook.ExecutePostRegistrationPostPersistHook") + return e.execute(ctx, &templateContext{ Flow: flow, RequestHeaders: req.Header, RequestMethod: req.Method, @@ -108,7 +118,8 @@ func (e *WebHook) ExecutePostRegistrationPostPersistHook(_ http.ResponseWriter, } func (e *WebHook) ExecuteSettingsPostPersistHook(_ http.ResponseWriter, req *http.Request, flow *settings.Flow, identity *identity.Identity) error { - return e.execute(req.Context(), &templateContext{ + ctx, _ := e.deps.Tracer(req.Context()).Tracer().Start(req.Context(), "selfservice.hook.ExecuteSettingsPostPersistHook") + return e.execute(ctx, &templateContext{ Flow: flow, RequestHeaders: req.Header, RequestMethod: req.Method, @@ -118,6 +129,16 @@ func (e *WebHook) ExecuteSettingsPostPersistHook(_ http.ResponseWriter, req *htt } func (e *WebHook) execute(ctx context.Context, data *templateContext) error { + span := trace.SpanFromContext(ctx) + attrs := map[string]string{ + "webhook.http.method": data.RequestMethod, + "webhook.http.url": data.RequestUrl, + "webhook.http.headers": fmt.Sprintf("%#v", data.RequestHeaders), + "webhook.identity": fmt.Sprintf("%#v", data.Identity), + } + span.SetAttributes(otelx.StringAttrs(attrs)...) + defer span.End() + builder, err := request.NewBuilder(e.conf, e.deps.HTTPClient(ctx), e.deps.Logger()) if err != nil { return err @@ -142,6 +163,7 @@ func (e *WebHook) execute(ctx context.Context, data *templateContext) error { if resp.StatusCode >= http.StatusBadRequest { errChan <- fmt.Errorf("web hook failed with status code %v", resp.StatusCode) + span.SetStatus(codes.Error, fmt.Sprintf("web hook failed with status code %v", resp.StatusCode)) return } diff --git a/x/tracing.go b/x/tracing.go new file mode 100644 index 000000000000..7707a982bb21 --- /dev/null +++ b/x/tracing.go @@ -0,0 +1,14 @@ +package x + +import ( + "net/http" + + "github.com/ory/x/otelx" +) + +// TraceHandler wraps otelx.NewHandler, passing the URL path as the span name. +func TraceHandler(h http.Handler) http.Handler { + return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + otelx.NewHandler(h, r.URL.Path).ServeHTTP(w, r) + }) +} From d2b729a8d3998d2ac0565d0877fbc70c4fc3efdf Mon Sep 17 00:00:00 2001 From: ory-bot <60093411+ory-bot@users.noreply.github.com> Date: Fri, 20 May 2022 08:18:52 +0000 Subject: [PATCH 055/411] autogen(docs): regenerate and update changelog [skip ci] --- CHANGELOG.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 2f7f9322dddd..b0ad3564b3d8 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,7 +4,7 @@ **Table of Contents** -- [ (2022-05-19)](#2022-05-19) +- [ (2022-05-20)](#2022-05-20) - [Breaking Changes](#breaking-changes) - [Bug Fixes](#bug-fixes) - [Code Refactoring](#code-refactoring) @@ -252,7 +252,7 @@ -# [](https://github.com/ory/kratos/compare/v0.9.0-alpha.3...v) (2022-05-19) +# [](https://github.com/ory/kratos/compare/v0.9.0-alpha.3...v) (2022-05-20) ## Breaking Changes Please be aware that the SDK method signatures for `submitSelfServiceRecoveryFlow`, `submitSelfServiceRegistrationFlow`, `submitSelfServiceLoginFlow`, `submitSelfServiceSettingsFlow`, `submitSelfServiceVerificationFlow` might have changed in your SDK. @@ -381,6 +381,7 @@ This patch moves several CLI command to comply with the Ory CLI command structur * **sdk:** Add csrf cookie for login flow submission ([#2454](https://github.com/ory/kratos/issues/2454)) ([2bffee8](https://github.com/ory/kratos/commit/2bffee81f0e8a98851a3e11b4fc4969d95e9b445)) * Support argon2i password ([#2395](https://github.com/ory/kratos/issues/2395)) ([8fdadf9](https://github.com/ory/kratos/commit/8fdadf9d1724d28ae11996304703e06671549660)) * Switch to opentelemetry tracing ([#2318](https://github.com/ory/kratos/issues/2318)) ([121a4d3](https://github.com/ory/kratos/commit/121a4d3fc0f396e8da50ad1985cacf68a5c85a12)) +* **tracing:** Improved tracing for requests ([#2475](https://github.com/ory/kratos/issues/2475)) ([b90a558](https://github.com/ory/kratos/commit/b90a5582284f1ceb0e97575e3b3562603b65ec5f)) * Upgrade to Go 1.18 ([725d202](https://github.com/ory/kratos/commit/725d202e6ae15b3b5c3282e03c03a40480a2e310)) ### Tests From 29e4a51cc5344dcb44839f8aa57197c41aeeb78d Mon Sep 17 00:00:00 2001 From: kszafran Date: Sun, 22 May 2022 09:16:37 +0200 Subject: [PATCH 056/411] feat: add ID to the recovery error when already logged in (#2483) --- selfservice/flow/recovery/error.go | 2 +- selfservice/flow/recovery/handler_test.go | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/selfservice/flow/recovery/error.go b/selfservice/flow/recovery/error.go index 826528e9b726..a560fc4081cb 100644 --- a/selfservice/flow/recovery/error.go +++ b/selfservice/flow/recovery/error.go @@ -22,7 +22,7 @@ import ( var ( ErrHookAbortFlow = errors.New("aborted recovery hook execution") - ErrAlreadyLoggedIn = herodot.ErrBadRequest.WithReason("A valid session was detected and thus recovery is not possible.") + ErrAlreadyLoggedIn = herodot.ErrBadRequest.WithID(text.ErrIDAlreadyLoggedIn).WithReason("A valid session was detected and thus recovery is not possible.") ) type ( diff --git a/selfservice/flow/recovery/handler_test.go b/selfservice/flow/recovery/handler_test.go index 16a98c55864c..66ed8c9f94d1 100644 --- a/selfservice/flow/recovery/handler_test.go +++ b/selfservice/flow/recovery/handler_test.go @@ -25,6 +25,7 @@ import ( "github.com/ory/kratos/internal" "github.com/ory/kratos/internal/testhelpers" "github.com/ory/kratos/selfservice/flow/recovery" + "github.com/ory/kratos/text" "github.com/ory/kratos/x" ) @@ -51,6 +52,7 @@ func TestHandlerRedirectOnAuthenticated(t *testing.T) { t.Run("does redirect to default on authenticated request", func(t *testing.T) { body, res := testhelpers.MockMakeAuthenticatedRequest(t, reg, conf, router.Router, x.NewTestHTTPRequest(t, "GET", ts.URL+recovery.RouteInitAPIFlow, nil)) assert.Contains(t, res.Request.URL.String(), recovery.RouteInitAPIFlow) + assert.EqualValues(t, text.ErrIDAlreadyLoggedIn, gjson.GetBytes(body, "error.id").Str) assertx.EqualAsJSON(t, recovery.ErrAlreadyLoggedIn, json.RawMessage(gjson.GetBytes(body, "error").Raw)) }) } From 083e67f694eaaf9796bfa8a0f8eefdf4e61c4674 Mon Sep 17 00:00:00 2001 From: ory-bot <60093411+ory-bot@users.noreply.github.com> Date: Sun, 22 May 2022 07:54:21 +0000 Subject: [PATCH 057/411] autogen(docs): regenerate and update changelog [skip ci] --- CHANGELOG.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index b0ad3564b3d8..559781573b22 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,7 +4,7 @@ **Table of Contents** -- [ (2022-05-20)](#2022-05-20) +- [ (2022-05-22)](#2022-05-22) - [Breaking Changes](#breaking-changes) - [Bug Fixes](#bug-fixes) - [Code Refactoring](#code-refactoring) @@ -252,7 +252,7 @@ -# [](https://github.com/ory/kratos/compare/v0.9.0-alpha.3...v) (2022-05-20) +# [](https://github.com/ory/kratos/compare/v0.9.0-alpha.3...v) (2022-05-22) ## Breaking Changes Please be aware that the SDK method signatures for `submitSelfServiceRecoveryFlow`, `submitSelfServiceRegistrationFlow`, `submitSelfServiceLoginFlow`, `submitSelfServiceSettingsFlow`, `submitSelfServiceVerificationFlow` might have changed in your SDK. @@ -361,6 +361,7 @@ This patch moves several CLI command to comply with the Ory CLI command structur ### Features * Add certificate based authentication for smtp client ([#2351](https://github.com/ory/kratos/issues/2351)) ([7200037](https://github.com/ory/kratos/commit/72000375c028f5f7f9cb0d0b1b02f8aa09503e4f)) +* Add ID to the recovery error when already logged in ([#2483](https://github.com/ory/kratos/issues/2483)) ([29e4a51](https://github.com/ory/kratos/commit/29e4a51cc5344dcb44839f8aa57197c41aeeb78d)) * Add localName to smtp config ([#2445](https://github.com/ory/kratos/issues/2445)) ([27336b6](https://github.com/ory/kratos/commit/27336b63b0c11c1667d5a07230bed82283475aa4)), closes [#2425](https://github.com/ory/kratos/issues/2425) * Add session renew capabilities ([#2146](https://github.com/ory/kratos/issues/2146)) ([4348b86](https://github.com/ory/kratos/commit/4348b8640a282cd61fe30961faba5753e2af8bb0)), closes [#615](https://github.com/ory/kratos/issues/615) * Add support for netID provider ([#2394](https://github.com/ory/kratos/issues/2394)) ([ee7fc79](https://github.com/ory/kratos/commit/ee7fc79d49cd6d8f2985809585d1675c8e2ed376)) From c2b1c2303cd0587b9419d500f2e3d5f9c9c80ad4 Mon Sep 17 00:00:00 2001 From: Jhonatan Hulse Date: Mon, 23 May 2022 16:46:46 -0300 Subject: [PATCH 058/411] fix: add flow id when return_to is passed to the verification (#2482) --- selfservice/flow/verification/flow.go | 4 +++- selfservice/strategy/link/strategy_verification.go | 2 +- selfservice/strategy/link/strategy_verification_test.go | 3 +-- test/e2e/cypress/support/commands.ts | 4 +++- 4 files changed, 8 insertions(+), 5 deletions(-) diff --git a/selfservice/flow/verification/flow.go b/selfservice/flow/verification/flow.go index aadde59034bd..ed101f9d9564 100644 --- a/selfservice/flow/verification/flow.go +++ b/selfservice/flow/verification/flow.go @@ -175,7 +175,9 @@ func (f *Flow) Valid() error { } func (f *Flow) AppendTo(src *url.URL) *url.URL { - return urlx.CopyWithQuery(src, url.Values{"flow": {f.ID.String()}}) + values := src.Query() + values.Set("flow", f.ID.String()) + return urlx.CopyWithQuery(src, values) } func (f Flow) GetID() uuid.UUID { diff --git a/selfservice/strategy/link/strategy_verification.go b/selfservice/strategy/link/strategy_verification.go index 552f44e063f4..f5d1d9999e73 100644 --- a/selfservice/strategy/link/strategy_verification.go +++ b/selfservice/strategy/link/strategy_verification.go @@ -265,7 +265,7 @@ func (s *Strategy) verificationUseToken(w http.ResponseWriter, r *http.Request, return errors.WithStack(flow.ErrCompletedByStrategy) } - http.Redirect(w, r, returnTo.String(), http.StatusSeeOther) + http.Redirect(w, r, f.AppendTo(returnTo).String(), http.StatusSeeOther) return errors.WithStack(flow.ErrCompletedByStrategy) } diff --git a/selfservice/strategy/link/strategy_verification_test.go b/selfservice/strategy/link/strategy_verification_test.go index d1d064a90898..f599528cf512 100644 --- a/selfservice/strategy/link/strategy_verification_test.go +++ b/selfservice/strategy/link/strategy_verification_test.go @@ -380,7 +380,6 @@ func TestVerification(t *testing.T) { assert.Equal(t, http.StatusSeeOther, res.StatusCode) redirectURL, err := res.Location() require.NoError(t, err) - assert.Equal(t, returnToURL, redirectURL.String()) - + assert.Equal(t, returnToURL + "?flow=" + flow.ID.String(), redirectURL.String()) }) } diff --git a/test/e2e/cypress/support/commands.ts b/test/e2e/cypress/support/commands.ts index 24138e381795..c15cef3b6f92 100644 --- a/test/e2e/cypress/support/commands.ts +++ b/test/e2e/cypress/support/commands.ts @@ -873,6 +873,8 @@ Cypress.Commands.add( expect(message.toAddresses[0].trim()).to.equal(email) const link = parseHtml(message.body).querySelector('a') + const flow = new URL(link.href).searchParams.get('flow') + expect(link).to.not.be.null expect(link.href).to.contain(APP_URL) @@ -880,7 +882,7 @@ Cypress.Commands.add( (response) => { expect(response.status).to.eq(303) if (redirectTo) { - expect(response.redirectedToUrl).to.eq(redirectTo) + expect(response.redirectedToUrl).to.eq(`${redirectTo}?flow=${flow}`) } else { expect(response.redirectedToUrl).to.not.contain('verification') } From 7d66e5c117d86f27481818e28ab6b337be10607d Mon Sep 17 00:00:00 2001 From: ory-bot <60093411+ory-bot@users.noreply.github.com> Date: Mon, 23 May 2022 19:48:24 +0000 Subject: [PATCH 059/411] autogen(openapi): regenerate swagger spec and internal client [skip ci] --- selfservice/strategy/link/strategy_verification_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/selfservice/strategy/link/strategy_verification_test.go b/selfservice/strategy/link/strategy_verification_test.go index f599528cf512..63bc355ed9d0 100644 --- a/selfservice/strategy/link/strategy_verification_test.go +++ b/selfservice/strategy/link/strategy_verification_test.go @@ -380,6 +380,6 @@ func TestVerification(t *testing.T) { assert.Equal(t, http.StatusSeeOther, res.StatusCode) redirectURL, err := res.Location() require.NoError(t, err) - assert.Equal(t, returnToURL + "?flow=" + flow.ID.String(), redirectURL.String()) + assert.Equal(t, returnToURL+"?flow="+flow.ID.String(), redirectURL.String()) }) } From 2c07b171a92a370e58c4355e9fd742bb10485c04 Mon Sep 17 00:00:00 2001 From: ory-bot <60093411+ory-bot@users.noreply.github.com> Date: Mon, 23 May 2022 20:29:05 +0000 Subject: [PATCH 060/411] autogen(docs): regenerate and update changelog [skip ci] --- CHANGELOG.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 559781573b22..004bbdaf53bf 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,7 +4,7 @@ **Table of Contents** -- [ (2022-05-22)](#2022-05-22) +- [ (2022-05-23)](#2022-05-23) - [Breaking Changes](#breaking-changes) - [Bug Fixes](#bug-fixes) - [Code Refactoring](#code-refactoring) @@ -252,7 +252,7 @@ -# [](https://github.com/ory/kratos/compare/v0.9.0-alpha.3...v) (2022-05-22) +# [](https://github.com/ory/kratos/compare/v0.9.0-alpha.3...v) (2022-05-23) ## Breaking Changes Please be aware that the SDK method signatures for `submitSelfServiceRecoveryFlow`, `submitSelfServiceRegistrationFlow`, `submitSelfServiceLoginFlow`, `submitSelfServiceSettingsFlow`, `submitSelfServiceVerificationFlow` might have changed in your SDK. @@ -311,6 +311,7 @@ This patch moves several CLI command to comply with the Ory CLI command structur ### Bug Fixes +* Add flow id when return_to is passed to the verification ([#2482](https://github.com/ory/kratos/issues/2482)) ([c2b1c23](https://github.com/ory/kratos/commit/c2b1c2303cd0587b9419d500f2e3d5f9c9c80ad4)) * Add indices for slow queries ([e0cdbc9](https://github.com/ory/kratos/commit/e0cdbc9ab3389de0f65b37758d86bea56d294d64)) * Add legacy session value ([ecfd052](https://github.com/ory/kratos/commit/ecfd05216f5ebb70f1617595d2d398cf1fa3c660)), closes [#2398](https://github.com/ory/kratos/issues/2398) * Avoid excessive memory allocations in HIBP cache ([#2389](https://github.com/ory/kratos/issues/2389)) ([ee2d410](https://github.com/ory/kratos/commit/ee2d41057a7e6cb2c57c6304c2e7bbf5ad7c56da)), closes [#2354](https://github.com/ory/kratos/issues/2354) From 97177629c715028affbc294bdd432fd6c954d5ad Mon Sep 17 00:00:00 2001 From: hackerman <3372410+aeneasr@users.noreply.github.com> Date: Wed, 25 May 2022 13:49:33 +0200 Subject: [PATCH 061/411] fix: quickstart docker-compose (#2490) Closes #2488 --- Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Makefile b/Makefile index 8ee3e8884b1c..45e3845231c1 100644 --- a/Makefile +++ b/Makefile @@ -124,12 +124,12 @@ sdk: .bin/swagger .bin/ory node_modules quickstart: docker pull oryd/kratos:latest docker pull oryd/kratos-selfservice-ui-node:latest - quickstart -f quickstart.yml -f quickstart-standalone.yml up --build --force-recreate + docker-compose -f quickstart.yml -f quickstart-standalone.yml up --build --force-recreate .PHONY: quickstart-dev quickstart-dev: docker build -f .docker/Dockerfile-build -t oryd/kratos:latest . - quickstart -f quickstart.yml -f quickstart-standalone.yml -f quickstart-latest.yml $(QUICKSTART_OPTIONS) up --build --force-recreate + docker-compose -f quickstart.yml -f quickstart-standalone.yml -f quickstart-latest.yml $(QUICKSTART_OPTIONS) up --build --force-recreate # Formats the code .PHONY: format From 2db9377642a9cf160bd1799d717409a870242e8d Mon Sep 17 00:00:00 2001 From: ory-bot <60093411+ory-bot@users.noreply.github.com> Date: Wed, 25 May 2022 12:29:53 +0000 Subject: [PATCH 062/411] autogen(docs): regenerate and update changelog [skip ci] --- CHANGELOG.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 004bbdaf53bf..09e14f1807c8 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,7 +4,7 @@ **Table of Contents** -- [ (2022-05-23)](#2022-05-23) +- [ (2022-05-25)](#2022-05-25) - [Breaking Changes](#breaking-changes) - [Bug Fixes](#bug-fixes) - [Code Refactoring](#code-refactoring) @@ -252,7 +252,7 @@ -# [](https://github.com/ory/kratos/compare/v0.9.0-alpha.3...v) (2022-05-23) +# [](https://github.com/ory/kratos/compare/v0.9.0-alpha.3...v) (2022-05-25) ## Breaking Changes Please be aware that the SDK method signatures for `submitSelfServiceRecoveryFlow`, `submitSelfServiceRegistrationFlow`, `submitSelfServiceLoginFlow`, `submitSelfServiceSettingsFlow`, `submitSelfServiceVerificationFlow` might have changed in your SDK. @@ -332,6 +332,7 @@ This patch moves several CLI command to comply with the Ory CLI command structur * Mark body as required ([#2479](https://github.com/ory/kratos/issues/2479)) ([c9ae117](https://github.com/ory/kratos/commit/c9ae1175340993cfc93db436c06462c80935ea2a)) * New issue templates ([b9ad684](https://github.com/ory/kratos/commit/b9ad684311ee8c654b2fa382010315e892581f5c)) * Openapi regression ([#2465](https://github.com/ory/kratos/issues/2465)) ([37a3369](https://github.com/ory/kratos/commit/37a3369cea8ed5af34e8324a291a7d7dba0eb43a)) +* Quickstart docker-compose ([#2490](https://github.com/ory/kratos/issues/2490)) ([9717762](https://github.com/ory/kratos/commit/97177629c715028affbc294bdd432fd6c954d5ad)), closes [#2488](https://github.com/ory/kratos/issues/2488) * Refresh is always false when session exists ([d3436d7](https://github.com/ory/kratos/commit/d3436d7fa17589d91e25c9f0bd66bc3bb5b150fa)), closes [#2341](https://github.com/ory/kratos/issues/2341) * Remove required legacy field ([#2410](https://github.com/ory/kratos/issues/2410)) ([638d45c](https://github.com/ory/kratos/commit/638d45caf480b7287c9762cbf3c593217f40e3e8)) * Remove wrong templates ([4fe2d25](https://github.com/ory/kratos/commit/4fe2d25dd68033a8d7b3dd5f62d87b23a7ba361d)) From 617949cb87e9c96755cc4cff2b831e53ed8ee3f4 Mon Sep 17 00:00:00 2001 From: aeneasr <3372410+aeneasr@users.noreply.github.com> Date: Thu, 26 May 2022 15:04:55 +0000 Subject: [PATCH 063/411] chore: update repository templates [skip ci] - updated repository templates to https://github.com/ory/meta/commit/16893bf8acc2edabdc122ff25fe5a7a69aba7981 --- .github/pull_request_template.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md index 2d4ff45ce3ea..8125a1915dac 100644 --- a/.github/pull_request_template.md +++ b/.github/pull_request_template.md @@ -50,7 +50,7 @@ If you're unsure about any of them, don't hesitate to ask. We're here to help! the changes. - [ ] I have added tests that prove my fix is effective or that my feature works. -- [ ] I have added or changed [the documentation](docs/docs). +- [ ] I have added or changed [the documentation](https://github.com/ory/docs). ## Further Comments From 52a965dc7e4ac868d21261cb44576846426bffa5 Mon Sep 17 00:00:00 2001 From: hackerman <3372410+aeneasr@users.noreply.github.com> Date: Fri, 27 May 2022 23:27:16 +0200 Subject: [PATCH 064/411] fix(auth0): created_at workaround (#2492) Closes #2485 --- selfservice/strategy/oidc/provider_auth0.go | 64 +++++++------------ .../strategy/oidc/provider_auth0_test.go | 30 +++++++++ 2 files changed, 54 insertions(+), 40 deletions(-) create mode 100644 selfservice/strategy/oidc/provider_auth0_test.go diff --git a/selfservice/strategy/oidc/provider_auth0.go b/selfservice/strategy/oidc/provider_auth0.go index 2a8e9984ddf8..0e2ba1a3f91b 100644 --- a/selfservice/strategy/oidc/provider_auth0.go +++ b/selfservice/strategy/oidc/provider_auth0.go @@ -6,9 +6,10 @@ import ( "io/ioutil" "net/url" "path" - "strconv" "time" + "github.com/tidwall/sjson" + "github.com/hashicorp/go-retryablehttp" "github.com/ory/x/httpx" @@ -92,51 +93,15 @@ func (g *ProviderAuth0) Claims(ctx context.Context, exchange *oauth2.Token, quer } defer resp.Body.Close() - // There is a bug in the response from Auth0. The updated_at field may be a string and not an int64. - // https://community.auth0.com/t/oidc-id-token-claim-updated-at-violates-oidc-specification-breaks-rp-implementations/24098 - // We work around this by reading the json generically (as map[string]inteface{} and looking at the updated_at field - // if it exists. If it's the wrong type (string), we fill out the claims by hand. - // Once auth0 fixes this bug, all this workaround can be removed. b, err := ioutil.ReadAll(resp.Body) if err != nil { return nil, errors.WithStack(herodot.ErrInternalServerError.WithReasonf("%s", err)) } - // Force updatedAt to be an int if given as a string in the response. - if updatedAtField := gjson.GetBytes(b, "updated_at"); updatedAtField.Exists() { - v := updatedAtField.Value() - switch v.(type) { - case string: - t, err := time.Parse(time.RFC3339, updatedAtField.String()) - if err != nil { - return nil, errors.WithStack(herodot.ErrInternalServerError.WithReasonf("bad time format in updated_at")) - } - updatedAt := t.Unix() - - // Unmarshal into generic map, replace the updated_at value with the correct type, then re-marshal. - var data map[string]interface{} - err = json.Unmarshal(b, &data) - if err != nil { - return nil, errors.WithStack(herodot.ErrInternalServerError.WithReasonf("bad type in response")) - } - - // convert the correct int64 type back to a string, so we can Marshal it. - data["updated_at"] = strconv.FormatInt(updatedAt, 10) - - // now remarshal so the unmarshal into Claims works. - b, err = json.Marshal(data) - if err != nil { - return nil, errors.WithStack(herodot.ErrInternalServerError.WithReasonf("%s", err)) - } - - case float64: - // nothing to do - break - - default: - return nil, errors.WithStack(herodot.ErrInternalServerError.WithReasonf("bad updated_at type")) - } + b, err = authZeroUpdatedAtWorkaround(b) + if err != nil { + return nil, errors.WithStack(herodot.ErrInternalServerError.WithReasonf("%s", err)) } // Once we get here, we know that if there is an updated_at field in the json, it is the correct type. @@ -147,3 +112,22 @@ func (g *ProviderAuth0) Claims(ctx context.Context, exchange *oauth2.Token, quer return &claims, nil } + +// There is a bug in the response from Auth0. The updated_at field may be a string and not an int64. +// https://community.auth0.com/t/oidc-id-token-claim-updated-at-violates-oidc-specification-breaks-rp-implementations/24098 +// We work around this by reading the json generically (as map[string]inteface{} and looking at the updated_at field +// if it exists. If it's the wrong type (string), we fill out the claims by hand. +func authZeroUpdatedAtWorkaround(body []byte) ([]byte, error) { + // Force updatedAt to be an int if given as a string in the response. + if updatedAtField := gjson.GetBytes(body, "updated_at"); updatedAtField.Exists() && updatedAtField.Type == gjson.String { + t, err := time.Parse(time.RFC3339, updatedAtField.String()) + if err != nil { + return nil, errors.WithStack(herodot.ErrInternalServerError.WithReasonf("bad time format in updated_at")) + } + body, err = sjson.SetBytes(body, "updated_at", t.Unix()) + if err != nil { + return nil, errors.WithStack(herodot.ErrInternalServerError.WithReasonf("%s", err)) + } + } + return body, nil +} diff --git a/selfservice/strategy/oidc/provider_auth0_test.go b/selfservice/strategy/oidc/provider_auth0_test.go new file mode 100644 index 000000000000..f52d3fb59cf9 --- /dev/null +++ b/selfservice/strategy/oidc/provider_auth0_test.go @@ -0,0 +1,30 @@ +package oidc + +import ( + "encoding/json" + "fmt" + "testing" + "time" + + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" +) + +func TestAuthZeroUpdatedAtWorkaround(t *testing.T) { + actual, err := authZeroUpdatedAtWorkaround([]byte("{}")) + require.NoError(t, err) + assert.Equal(t, "{}", string(actual)) + + actual, err = authZeroUpdatedAtWorkaround([]byte(`{"updated_at":1234}`)) + require.NoError(t, err) + assert.Equal(t, `{"updated_at":1234}`, string(actual)) + + timestamp := time.Date(2020, time.January, 1, 0, 0, 0, 0, time.UTC) + input, err := json.Marshal(map[string]interface{}{ + "updated_at": timestamp, + }) + require.NoError(t, err) + actual, err = authZeroUpdatedAtWorkaround(input) + require.NoError(t, err) + assert.Equal(t, fmt.Sprintf(`{"updated_at":%d}`, timestamp.Unix()), string(actual)) +} From 37cb4ce1f9d309eeddcf1ddb01b9528e48a48433 Mon Sep 17 00:00:00 2001 From: hackerman <3372410+aeneasr@users.noreply.github.com> Date: Fri, 27 May 2022 23:55:41 +0200 Subject: [PATCH 065/411] ci: add codeball --- .github/workflows/codeball.yaml | 14 ++++++++++++++ 1 file changed, 14 insertions(+) create mode 100644 .github/workflows/codeball.yaml diff --git a/.github/workflows/codeball.yaml b/.github/workflows/codeball.yaml new file mode 100644 index 000000000000..7f8fdace3ef4 --- /dev/null +++ b/.github/workflows/codeball.yaml @@ -0,0 +1,14 @@ +name: Codeball +on: [pull_request] + +jobs: + codeball_job: + runs-on: ubuntu-latest + name: Run Codeball + steps: + - name: Codeball AI Actions + uses: sturdy-dev/codeball-action@v1 + # with: + # do-label: "true" # Configure if the action should label approved contributions + # label-name: "codeball:approved" # Configure the label name to set if Codeball approves the contribution + # do-approve: "true" # Configure if the action should approve PRs that have been approved by Codeball From d1375ea8ecf3c903df8730f7a82bf568e7fe8c2c Mon Sep 17 00:00:00 2001 From: ory-bot <60093411+ory-bot@users.noreply.github.com> Date: Fri, 27 May 2022 22:42:05 +0000 Subject: [PATCH 066/411] autogen(docs): regenerate and update changelog [skip ci] --- CHANGELOG.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 09e14f1807c8..bd9c0691592b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,7 +4,7 @@ **Table of Contents** -- [ (2022-05-25)](#2022-05-25) +- [ (2022-05-27)](#2022-05-27) - [Breaking Changes](#breaking-changes) - [Bug Fixes](#bug-fixes) - [Code Refactoring](#code-refactoring) @@ -252,7 +252,7 @@ -# [](https://github.com/ory/kratos/compare/v0.9.0-alpha.3...v) (2022-05-25) +# [](https://github.com/ory/kratos/compare/v0.9.0-alpha.3...v) (2022-05-27) ## Breaking Changes Please be aware that the SDK method signatures for `submitSelfServiceRecoveryFlow`, `submitSelfServiceRegistrationFlow`, `submitSelfServiceLoginFlow`, `submitSelfServiceSettingsFlow`, `submitSelfServiceVerificationFlow` might have changed in your SDK. @@ -314,6 +314,7 @@ This patch moves several CLI command to comply with the Ory CLI command structur * Add flow id when return_to is passed to the verification ([#2482](https://github.com/ory/kratos/issues/2482)) ([c2b1c23](https://github.com/ory/kratos/commit/c2b1c2303cd0587b9419d500f2e3d5f9c9c80ad4)) * Add indices for slow queries ([e0cdbc9](https://github.com/ory/kratos/commit/e0cdbc9ab3389de0f65b37758d86bea56d294d64)) * Add legacy session value ([ecfd052](https://github.com/ory/kratos/commit/ecfd05216f5ebb70f1617595d2d398cf1fa3c660)), closes [#2398](https://github.com/ory/kratos/issues/2398) +* **auth0:** Created_at workaround ([#2492](https://github.com/ory/kratos/issues/2492)) ([52a965d](https://github.com/ory/kratos/commit/52a965dc7e4ac868d21261cb44576846426bffa5)), closes [#2485](https://github.com/ory/kratos/issues/2485) * Avoid excessive memory allocations in HIBP cache ([#2389](https://github.com/ory/kratos/issues/2389)) ([ee2d410](https://github.com/ory/kratos/commit/ee2d41057a7e6cb2c57c6304c2e7bbf5ad7c56da)), closes [#2354](https://github.com/ory/kratos/issues/2354) * Change SQLite database mode to 0600 ([#2344](https://github.com/ory/kratos/issues/2344)) ([0e5d3b7](https://github.com/ory/kratos/commit/0e5d3b7726a8923fbc2a4c10ec18f0ba97ffbcff)): From a0c006e40fb00608d682b74f44725883b9c7bf4f Mon Sep 17 00:00:00 2001 From: aeneasr <3372410+aeneasr@users.noreply.github.com> Date: Mon, 30 May 2022 12:16:56 +0200 Subject: [PATCH 067/411] feat: add render-schema script --- scripts/render-schemas.sh | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) create mode 100644 scripts/render-schemas.sh diff --git a/scripts/render-schemas.sh b/scripts/render-schemas.sh new file mode 100644 index 000000000000..85efadb7da83 --- /dev/null +++ b/scripts/render-schemas.sh @@ -0,0 +1,16 @@ +#!/bin/bash + +set -euxo pipefail + +ory_x_version="$(go list -f '{{.Version}}' -m github.com/ory/x)" + +sed "s!ory://tracing-config!https://raw.githubusercontent.com/ory/x/$ory_x_version/tracing/config.schema.json!g; +s!ory://logging-config!https://raw.githubusercontent.com/ory/x/$ory_x_version/logrusx/config.schema.json!g" embedx/config.schema.json > .schema/config.schema.json + +git add .schema/config.schema.json + +if ! git diff --exit-code .schema/config.schema.json +then + git commit -m "autogen: render config schema" + git push +fi From b249aaad97eabc88c269265359a33cea920ef7f2 Mon Sep 17 00:00:00 2001 From: aeneasr <3372410+aeneasr@users.noreply.github.com> Date: Mon, 30 May 2022 12:18:42 +0200 Subject: [PATCH 068/411] fix: correct location --- .orycli.yml | 2 +- scripts/render-schemas.sh | 16 ---------------- 2 files changed, 1 insertion(+), 17 deletions(-) delete mode 100644 scripts/render-schemas.sh diff --git a/.orycli.yml b/.orycli.yml index f5518b78aa8e..fa7e100f8e55 100644 --- a/.orycli.yml +++ b/.orycli.yml @@ -2,4 +2,4 @@ project: kratos pre_release_hooks: - make sdk - - ./scripts/render-schemas.sh + - ./script/render-schemas.sh diff --git a/scripts/render-schemas.sh b/scripts/render-schemas.sh deleted file mode 100644 index 85efadb7da83..000000000000 --- a/scripts/render-schemas.sh +++ /dev/null @@ -1,16 +0,0 @@ -#!/bin/bash - -set -euxo pipefail - -ory_x_version="$(go list -f '{{.Version}}' -m github.com/ory/x)" - -sed "s!ory://tracing-config!https://raw.githubusercontent.com/ory/x/$ory_x_version/tracing/config.schema.json!g; -s!ory://logging-config!https://raw.githubusercontent.com/ory/x/$ory_x_version/logrusx/config.schema.json!g" embedx/config.schema.json > .schema/config.schema.json - -git add .schema/config.schema.json - -if ! git diff --exit-code .schema/config.schema.json -then - git commit -m "autogen: render config schema" - git push -fi From b797bba5910dfd925a11fb86e2dbd14b5dd839d9 Mon Sep 17 00:00:00 2001 From: ory-bot <60093411+ory-bot@users.noreply.github.com> Date: Mon, 30 May 2022 12:20:04 +0200 Subject: [PATCH 069/411] fix: embed schema --- .schemastore/config.schema.json | 27 ++++++++++++++++++++++++--- script/render-schemas.sh | 2 +- 2 files changed, 25 insertions(+), 4 deletions(-) diff --git a/.schemastore/config.schema.json b/.schemastore/config.schema.json index f24258a24753..4ddec4c7b6c3 100644 --- a/.schemastore/config.schema.json +++ b/.schemastore/config.schema.json @@ -339,7 +339,8 @@ "vk", "yandex", "apple", - "spotify" + "spotify", + "netid" ], "examples": [ "google" @@ -1494,11 +1495,24 @@ "smtp://foo:bar@my-mailserver:1234/ (Explicit StartTLS with certificate trust verification)", "smtp://foo:bar@my-mailserver:1234/?skip_ssl_verify=true (NOT RECOMMENDED: Explicit StartTLS without certificate trust verification)", "smtps://foo:bar@my-mailserver:1234/ (Implicit TLS with certificate trust verification)", - "smtps://foo:bar@my-mailserver:1234/?skip_ssl_verify=true (NOT RECOMMENDED: Implicit TLS without certificate trust verification)" + "smtps://foo:bar@my-mailserver:1234/?skip_ssl_verify=true (NOT RECOMMENDED: Implicit TLS without certificate trust verification)", + "smtps://subdomain.my-mailserver:1234/?server_name=my-mailserver (allows TLS to work if the server is hosted on a sudomain that uses a non-wildcard domain certificate)" ], "type": "string", "pattern": "^smtps?:\\/\\/.*" }, + "client_cert_path": { + "title": "SMTP Client certificate path", + "description": "Path of the client X.509 certificate, in case of certificate based client authentication to the SMTP server.", + "type": "string", + "default": "" + }, + "client_key_path": { + "title": "SMTP Client private key path", + "description": "Path of the client certificate private key, in case of certificate based client authentication to the SMTP server", + "type": "string", + "default": "" + }, "from_address": { "title": "SMTP Sender Address", "description": "The recipient of an email will see this as the sender address.", @@ -1525,6 +1539,12 @@ "X-SES-RETURN-PATH-ARN": "arn:aws:ses:us-west-2:123456789012:identity/example.com" } ] + }, + "local_name": { + "title": "SMTP HELO/EHLO name", + "description": "Identifier used in the SMTP HELO/EHLO command. Some SMTP relays require a unique identifier.", + "type": "string", + "default": "localhost" } }, "required": [ @@ -1827,7 +1847,7 @@ "additionalProperties": false }, "tracing": { - "$ref": "https://raw.githubusercontent.com/ory/x/v0.0.370/otelx/config.schema.json" + "$ref": "https://raw.githubusercontent.com/ory/x/v0.0.392/otelx/config.schema.json" }, "log": { "title": "Log", @@ -1881,6 +1901,7 @@ "schemas": { "type": "array", "title": "All JSON Schemas for Identity Traits", + "description": "Note that identities that used the \"default_schema_url\" field in older kratos versions will be corrupted unless you specify their schema url with the id \"default\" in this list.", "examples": [ [ { diff --git a/script/render-schemas.sh b/script/render-schemas.sh index 0566081a3ec4..86d7d8f4533a 100755 --- a/script/render-schemas.sh +++ b/script/render-schemas.sh @@ -9,5 +9,5 @@ sed "s!ory://tracing-config!https://raw.githubusercontent.com/ory/x/$ory_x_versi git config user.email "60093411+ory-bot@users.noreply.github.com" git config user.name "ory-bot" -git add .schema/config.schema.json +git add embedx/config.schema.json git commit -m "autogen: render config schema" From 114c93eb48c242702b72d7785da70bd31d858214 Mon Sep 17 00:00:00 2001 From: ory-bot <60093411+ory-bot@users.noreply.github.com> Date: Mon, 30 May 2022 12:22:04 +0200 Subject: [PATCH 070/411] fix: do not fail release if no changes needed --- script/render-schemas.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/script/render-schemas.sh b/script/render-schemas.sh index 86d7d8f4533a..d8b36a00096f 100755 --- a/script/render-schemas.sh +++ b/script/render-schemas.sh @@ -10,4 +10,4 @@ git config user.email "60093411+ory-bot@users.noreply.github.com" git config user.name "ory-bot" git add embedx/config.schema.json -git commit -m "autogen: render config schema" +git commit -m "autogen: render config schema" || true From 1fea8021ef9360c804fb27b59ecd78185062f273 Mon Sep 17 00:00:00 2001 From: ory-bot <60093411+ory-bot@users.noreply.github.com> Date: Mon, 30 May 2022 12:22:25 +0200 Subject: [PATCH 071/411] autogen: pin v0.10.0-pre.0 release commit From d1f5748f371910403f1db6466d8965d973ff030f Mon Sep 17 00:00:00 2001 From: ory-bot <60093411+ory-bot@users.noreply.github.com> Date: Mon, 30 May 2022 11:03:29 +0000 Subject: [PATCH 072/411] autogen(docs): regenerate and update changelog [skip ci] --- CHANGELOG.md | 85 ++++++++++++++++++++++++++++++++-------------------- 1 file changed, 52 insertions(+), 33 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index bd9c0691592b..ea097fcc3185 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,9 +4,11 @@ **Table of Contents** -- [ (2022-05-27)](#2022-05-27) +- [ (2022-05-30)](#2022-05-30) +- [0.10.0-pre.0 (2022-05-30)](#0100-pre0-2022-05-30) - [Breaking Changes](#breaking-changes) - [Bug Fixes](#bug-fixes) + - [Code Generation](#code-generation) - [Code Refactoring](#code-refactoring) - [Documentation](#documentation) - [Features](#features) @@ -15,15 +17,15 @@ - [0.9.0-alpha.3 (2022-03-25)](#090-alpha3-2022-03-25) - [Breaking Changes](#breaking-changes-1) - [Bug Fixes](#bug-fixes-1) - - [Code Generation](#code-generation) + - [Code Generation](#code-generation-1) - [Documentation](#documentation-1) - [0.9.0-alpha.2 (2022-03-22)](#090-alpha2-2022-03-22) - [Bug Fixes](#bug-fixes-2) - - [Code Generation](#code-generation-1) + - [Code Generation](#code-generation-2) - [0.9.0-alpha.1 (2022-03-21)](#090-alpha1-2022-03-21) - [Breaking Changes](#breaking-changes-2) - [Bug Fixes](#bug-fixes-3) - - [Code Generation](#code-generation-2) + - [Code Generation](#code-generation-3) - [Code Refactoring](#code-refactoring-1) - [Documentation](#documentation-2) - [Features](#features-1) @@ -31,24 +33,24 @@ - [Unclassified](#unclassified-1) - [0.8.2-alpha.1 (2021-12-17)](#082-alpha1-2021-12-17) - [Bug Fixes](#bug-fixes-4) - - [Code Generation](#code-generation-3) + - [Code Generation](#code-generation-4) - [Documentation](#documentation-3) - [0.8.1-alpha.1 (2021-12-13)](#081-alpha1-2021-12-13) - [Breaking Changes](#breaking-changes-3) - [Bug Fixes](#bug-fixes-5) - - [Code Generation](#code-generation-4) + - [Code Generation](#code-generation-5) - [Documentation](#documentation-4) - [Features](#features-2) - [Tests](#tests-2) - [0.8.0-alpha.3 (2021-10-28)](#080-alpha3-2021-10-28) - [Bug Fixes](#bug-fixes-6) - - [Code Generation](#code-generation-5) -- [0.8.0-alpha.2 (2021-10-28)](#080-alpha2-2021-10-28) - [Code Generation](#code-generation-6) +- [0.8.0-alpha.2 (2021-10-28)](#080-alpha2-2021-10-28) + - [Code Generation](#code-generation-7) - [0.8.0-alpha.1 (2021-10-27)](#080-alpha1-2021-10-27) - [Breaking Changes](#breaking-changes-4) - [Bug Fixes](#bug-fixes-7) - - [Code Generation](#code-generation-7) + - [Code Generation](#code-generation-8) - [Code Refactoring](#code-refactoring-2) - [Documentation](#documentation-5) - [Features](#features-3) @@ -56,29 +58,29 @@ - [Tests](#tests-3) - [Unclassified](#unclassified-2) - [0.7.6-alpha.1 (2021-09-12)](#076-alpha1-2021-09-12) - - [Code Generation](#code-generation-8) -- [0.7.5-alpha.1 (2021-09-11)](#075-alpha1-2021-09-11) - [Code Generation](#code-generation-9) +- [0.7.5-alpha.1 (2021-09-11)](#075-alpha1-2021-09-11) + - [Code Generation](#code-generation-10) - [0.7.4-alpha.1 (2021-09-09)](#074-alpha1-2021-09-09) - [Bug Fixes](#bug-fixes-8) - - [Code Generation](#code-generation-10) + - [Code Generation](#code-generation-11) - [Documentation](#documentation-6) - [Features](#features-4) - [Tests](#tests-4) - [0.7.3-alpha.1 (2021-08-28)](#073-alpha1-2021-08-28) - [Bug Fixes](#bug-fixes-9) - - [Code Generation](#code-generation-11) + - [Code Generation](#code-generation-12) - [Documentation](#documentation-7) - [Features](#features-5) - [0.7.1-alpha.1 (2021-07-22)](#071-alpha1-2021-07-22) - [Bug Fixes](#bug-fixes-10) - - [Code Generation](#code-generation-12) + - [Code Generation](#code-generation-13) - [Documentation](#documentation-8) - [Tests](#tests-5) - [0.7.0-alpha.1 (2021-07-13)](#070-alpha1-2021-07-13) - [Breaking Changes](#breaking-changes-5) - [Bug Fixes](#bug-fixes-11) - - [Code Generation](#code-generation-13) + - [Code Generation](#code-generation-14) - [Code Refactoring](#code-refactoring-3) - [Documentation](#documentation-9) - [Features](#features-6) @@ -87,22 +89,22 @@ - [0.6.3-alpha.1 (2021-05-17)](#063-alpha1-2021-05-17) - [Breaking Changes](#breaking-changes-6) - [Bug Fixes](#bug-fixes-12) - - [Code Generation](#code-generation-14) + - [Code Generation](#code-generation-15) - [Code Refactoring](#code-refactoring-4) - [0.6.2-alpha.1 (2021-05-14)](#062-alpha1-2021-05-14) - - [Code Generation](#code-generation-15) + - [Code Generation](#code-generation-16) - [Documentation](#documentation-10) - [0.6.1-alpha.1 (2021-05-11)](#061-alpha1-2021-05-11) - - [Code Generation](#code-generation-16) + - [Code Generation](#code-generation-17) - [Features](#features-7) - [0.6.0-alpha.2 (2021-05-07)](#060-alpha2-2021-05-07) - [Bug Fixes](#bug-fixes-13) - - [Code Generation](#code-generation-17) + - [Code Generation](#code-generation-18) - [Features](#features-8) - [0.6.0-alpha.1 (2021-05-05)](#060-alpha1-2021-05-05) - [Breaking Changes](#breaking-changes-7) - [Bug Fixes](#bug-fixes-14) - - [Code Generation](#code-generation-18) + - [Code Generation](#code-generation-19) - [Code Refactoring](#code-refactoring-5) - [Documentation](#documentation-11) - [Features](#features-9) @@ -110,31 +112,31 @@ - [Unclassified](#unclassified-4) - [0.5.5-alpha.1 (2020-12-09)](#055-alpha1-2020-12-09) - [Bug Fixes](#bug-fixes-15) - - [Code Generation](#code-generation-19) + - [Code Generation](#code-generation-20) - [Documentation](#documentation-12) - [Features](#features-10) - [Tests](#tests-8) - [Unclassified](#unclassified-5) - [0.5.4-alpha.1 (2020-11-11)](#054-alpha1-2020-11-11) - [Bug Fixes](#bug-fixes-16) - - [Code Generation](#code-generation-20) + - [Code Generation](#code-generation-21) - [Code Refactoring](#code-refactoring-6) - [Documentation](#documentation-13) - [Features](#features-11) - [0.5.3-alpha.1 (2020-10-27)](#053-alpha1-2020-10-27) - [Bug Fixes](#bug-fixes-17) - - [Code Generation](#code-generation-21) + - [Code Generation](#code-generation-22) - [Documentation](#documentation-14) - [Features](#features-12) - [Tests](#tests-9) - [0.5.2-alpha.1 (2020-10-22)](#052-alpha1-2020-10-22) - [Bug Fixes](#bug-fixes-18) - - [Code Generation](#code-generation-22) + - [Code Generation](#code-generation-23) - [Documentation](#documentation-15) - [Tests](#tests-10) - [0.5.1-alpha.1 (2020-10-20)](#051-alpha1-2020-10-20) - [Bug Fixes](#bug-fixes-19) - - [Code Generation](#code-generation-23) + - [Code Generation](#code-generation-24) - [Documentation](#documentation-16) - [Features](#features-13) - [Tests](#tests-11) @@ -142,7 +144,7 @@ - [0.5.0-alpha.1 (2020-10-15)](#050-alpha1-2020-10-15) - [Breaking Changes](#breaking-changes-8) - [Bug Fixes](#bug-fixes-20) - - [Code Generation](#code-generation-24) + - [Code Generation](#code-generation-25) - [Code Refactoring](#code-refactoring-7) - [Documentation](#documentation-17) - [Features](#features-14) @@ -150,24 +152,24 @@ - [Unclassified](#unclassified-7) - [0.4.6-alpha.1 (2020-07-13)](#046-alpha1-2020-07-13) - [Bug Fixes](#bug-fixes-21) - - [Code Generation](#code-generation-25) + - [Code Generation](#code-generation-26) - [0.4.5-alpha.1 (2020-07-13)](#045-alpha1-2020-07-13) - [Bug Fixes](#bug-fixes-22) - - [Code Generation](#code-generation-26) + - [Code Generation](#code-generation-27) - [0.4.4-alpha.1 (2020-07-10)](#044-alpha1-2020-07-10) - [Bug Fixes](#bug-fixes-23) - - [Code Generation](#code-generation-27) + - [Code Generation](#code-generation-28) - [Documentation](#documentation-18) - [0.4.3-alpha.1 (2020-07-08)](#043-alpha1-2020-07-08) - [Bug Fixes](#bug-fixes-24) - - [Code Generation](#code-generation-28) + - [Code Generation](#code-generation-29) - [0.4.2-alpha.1 (2020-07-08)](#042-alpha1-2020-07-08) - [Bug Fixes](#bug-fixes-25) - - [Code Generation](#code-generation-29) + - [Code Generation](#code-generation-30) - [0.4.0-alpha.1 (2020-07-08)](#040-alpha1-2020-07-08) - [Breaking Changes](#breaking-changes-9) - [Bug Fixes](#bug-fixes-26) - - [Code Generation](#code-generation-30) + - [Code Generation](#code-generation-31) - [Code Refactoring](#code-refactoring-8) - [Documentation](#documentation-19) - [Features](#features-15) @@ -252,7 +254,16 @@ -# [](https://github.com/ory/kratos/compare/v0.9.0-alpha.3...v) (2022-05-27) +# [](https://github.com/ory/kratos/compare/v0.10.0-pre.0...v) (2022-05-30) + + + +# [0.10.0-pre.0](https://github.com/ory/kratos/compare/v0.9.0-alpha.3...v0.10.0-pre.0) (2022-05-30) + +autogen: pin v0.10.0-pre.0 release commit + + + ## Breaking Changes Please be aware that the SDK method signatures for `submitSelfServiceRecoveryFlow`, `submitSelfServiceRegistrationFlow`, `submitSelfServiceLoginFlow`, `submitSelfServiceSettingsFlow`, `submitSelfServiceVerificationFlow` might have changed in your SDK. @@ -321,9 +332,12 @@ This patch moves several CLI command to comply with the Ory CLI command structur The default mode is 0644, which is allows broader access than necessary. * Compile issues from merge conflict ([#2419](https://github.com/ory/kratos/issues/2419)) ([85a90c8](https://github.com/ory/kratos/commit/85a90c892d785b834cbdf8d029315550210444e2)) +* Correct location ([b249aaa](https://github.com/ory/kratos/commit/b249aaad97eabc88c269265359a33cea920ef7f2)) * **courier:** Add ability to specify backoff ([#2349](https://github.com/ory/kratos/issues/2349)) ([bf970f3](https://github.com/ory/kratos/commit/bf970f32f571164b8081f09f602a3473e079194e)) * Do not expose debug in a response when a schema is not found ([#2348](https://github.com/ory/kratos/issues/2348)) ([aee2b1e](https://github.com/ory/kratos/commit/aee2b1ed1189b57fcbb1aaa456444d5121be94b1)) +* Do not fail release if no changes needed ([114c93e](https://github.com/ory/kratos/commit/114c93eb48c242702b72d7785da70bd31d858214)) * **Dockerfile:** Use existing builder base image ([#2390](https://github.com/ory/kratos/issues/2390)) ([37de25a](https://github.com/ory/kratos/commit/37de25a541a24e03407ecf344fb750775e48c782)) +* Embed schema ([b797bba](https://github.com/ory/kratos/commit/b797bba5910dfd925a11fb86e2dbd14b5dd839d9)) * Get user first name and last name from Apple ([#2331](https://github.com/ory/kratos/issues/2331)) ([4779909](https://github.com/ory/kratos/commit/47799098b35ea1cf5a1163f57d872a5bb2242d97)) * Improve error reporting from OpenAPI ([8a1009b](https://github.com/ory/kratos/commit/8a1009b16653df13485bab8e33926967c449bf4e)) * Improve performance of identity schema call ([af28de2](https://github.com/ory/kratos/commit/af28de267f21cd72953f3f353d8fd587937b2249)) @@ -350,6 +364,10 @@ This patch moves several CLI command to comply with the Ory CLI command structur * Use pointer of string for PasswordIdentifier in example code ([#2421](https://github.com/ory/kratos/issues/2421)) ([61f12e7](https://github.com/ory/kratos/commit/61f12e7579c7c337d0f415ac2b4029790c659c3d)) * Use predictable SQLite in memory DSNs ([#2415](https://github.com/ory/kratos/issues/2415)) ([51a13f7](https://github.com/ory/kratos/commit/51a13f712d38a942772b3f4c014971ecb4658d7a)), closes [#2059](https://github.com/ory/kratos/issues/2059) +### Code Generation + +* Pin v0.10.0-pre.0 release commit ([1fea802](https://github.com/ory/kratos/commit/1fea8021ef9360c804fb27b59ecd78185062f273)) + ### Code Refactoring * Deprecate fizz renderer ([5277668](https://github.com/ory/kratos/commit/5277668b1324173df95db5e9e4b96ed841ff088b)) @@ -366,6 +384,7 @@ This patch moves several CLI command to comply with the Ory CLI command structur * Add certificate based authentication for smtp client ([#2351](https://github.com/ory/kratos/issues/2351)) ([7200037](https://github.com/ory/kratos/commit/72000375c028f5f7f9cb0d0b1b02f8aa09503e4f)) * Add ID to the recovery error when already logged in ([#2483](https://github.com/ory/kratos/issues/2483)) ([29e4a51](https://github.com/ory/kratos/commit/29e4a51cc5344dcb44839f8aa57197c41aeeb78d)) * Add localName to smtp config ([#2445](https://github.com/ory/kratos/issues/2445)) ([27336b6](https://github.com/ory/kratos/commit/27336b63b0c11c1667d5a07230bed82283475aa4)), closes [#2425](https://github.com/ory/kratos/issues/2425) +* Add render-schema script ([a0c006e](https://github.com/ory/kratos/commit/a0c006e40fb00608d682b74f44725883b9c7bf4f)) * Add session renew capabilities ([#2146](https://github.com/ory/kratos/issues/2146)) ([4348b86](https://github.com/ory/kratos/commit/4348b8640a282cd61fe30961faba5753e2af8bb0)), closes [#615](https://github.com/ory/kratos/issues/615) * Add support for netID provider ([#2394](https://github.com/ory/kratos/issues/2394)) ([ee7fc79](https://github.com/ory/kratos/commit/ee7fc79d49cd6d8f2985809585d1675c8e2ed376)) * Add tracing to persister ([391c54e](https://github.com/ory/kratos/commit/391c54eb3ba721e4912a7a4676acc2f630be2a72)) From 87e0de7a10b2a7478d8113ca028bfdb6525bc8e5 Mon Sep 17 00:00:00 2001 From: ory-bot <60093411+ory-bot@users.noreply.github.com> Date: Mon, 30 May 2022 13:45:13 +0200 Subject: [PATCH 073/411] autogen: pin v0.10.0 release commit From fb2ddf37c817d5c9e7bf51ebc51f97114003382d Mon Sep 17 00:00:00 2001 From: ory-bot <60093411+ory-bot@users.noreply.github.com> Date: Mon, 30 May 2022 12:25:54 +0000 Subject: [PATCH 074/411] autogen(docs): regenerate and update changelog [skip ci] --- CHANGELOG.md | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index ea097fcc3185..6db11b6c9e75 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,7 +5,7 @@ **Table of Contents** - [ (2022-05-30)](#2022-05-30) -- [0.10.0-pre.0 (2022-05-30)](#0100-pre0-2022-05-30) +- [0.10.0 (2022-05-30)](#0100-2022-05-30) - [Breaking Changes](#breaking-changes) - [Bug Fixes](#bug-fixes) - [Code Generation](#code-generation) @@ -254,13 +254,15 @@ -# [](https://github.com/ory/kratos/compare/v0.10.0-pre.0...v) (2022-05-30) +# [](https://github.com/ory/kratos/compare/v0.10.0...v) (2022-05-30) -# [0.10.0-pre.0](https://github.com/ory/kratos/compare/v0.9.0-alpha.3...v0.10.0-pre.0) (2022-05-30) +# [0.10.0](https://github.com/ory/kratos/compare/v0.9.0-alpha.3...v0.10.0) (2022-05-30) -autogen: pin v0.10.0-pre.0 release commit +We achieved a major milestone - Ory Kratos is out of alpha! Ory Kratos had no major changes in the APIs for the last months and feel confident that no large breaking changes will need to be introduced in the near future. + +This release focuses on quality-of-live improvements, resolves several bugs, irons out developer experience issues, and introduces session renew capabilities! @@ -366,7 +368,7 @@ This patch moves several CLI command to comply with the Ory CLI command structur ### Code Generation -* Pin v0.10.0-pre.0 release commit ([1fea802](https://github.com/ory/kratos/commit/1fea8021ef9360c804fb27b59ecd78185062f273)) +* Pin v0.10.0 release commit ([87e0de7](https://github.com/ory/kratos/commit/87e0de7a10b2a7478d8113ca028bfdb6525bc8e5)) ### Code Refactoring From 290dbd7a1d9b6334456e015df80757b91219b60e Mon Sep 17 00:00:00 2001 From: ory-bot <60093411+ory-bot@users.noreply.github.com> Date: Mon, 30 May 2022 13:10:12 +0000 Subject: [PATCH 075/411] autogen(docs): generate and bump docs [skip ci] --- quickstart.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/quickstart.yml b/quickstart.yml index fc83974495f3..cfa5174d40f4 100644 --- a/quickstart.yml +++ b/quickstart.yml @@ -1,7 +1,7 @@ version: '3.7' services: kratos-migrate: - image: oryd/kratos:v0.9.0-alpha.3 + image: oryd/kratos:v0.10.0 environment: - DSN=sqlite:///var/lib/sqlite/db.sqlite?_fk=true&mode=rwc volumes: @@ -17,7 +17,7 @@ services: networks: - intranet kratos-selfservice-ui-node: - image: oryd/kratos-selfservice-ui-node:v0.9.0-alpha.3 + image: oryd/kratos-selfservice-ui-node:v0.10.0 environment: - KRATOS_PUBLIC_URL=http://kratos:4433/ - KRATOS_BROWSER_URL=http://127.0.0.1:4433/ @@ -27,7 +27,7 @@ services: kratos: depends_on: - kratos-migrate - image: oryd/kratos:v0.9.0-alpha.3 + image: oryd/kratos:v0.10.0 ports: - '4433:4433' # public - '4434:4434' # admin From 94c620d2a0666b22c56a04da3b3e6cdb6d97b674 Mon Sep 17 00:00:00 2001 From: ory-bot <60093411+ory-bot@users.noreply.github.com> Date: Mon, 30 May 2022 13:10:41 +0000 Subject: [PATCH 076/411] autogen: add v0.10.0 to version.schema.json [skip ci] --- .schema/version.schema.json | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/.schema/version.schema.json b/.schema/version.schema.json index 1f1a91427a63..ed02ec134723 100644 --- a/.schema/version.schema.json +++ b/.schema/version.schema.json @@ -2,6 +2,23 @@ "$id": "https://github.com/ory/kratos/.schema/versions.config.schema.json", "$schema": "http://json-schema.org/draft-07/schema#", "oneOf": [ + { + "allOf": [ + { + "properties": { + "version": { + "const": "v0.10.0" + } + }, + "required": [ + "version" + ] + }, + { + "$ref": "https://raw.githubusercontent.com/ory/kratos/v0.10.0/.schemastore/config.schema.json" + } + ] + }, { "allOf": [ { From 12ceae005749c5dd01959720925418d643f13070 Mon Sep 17 00:00:00 2001 From: ory-bot <60093411+ory-bot@users.noreply.github.com> Date: Mon, 30 May 2022 15:26:43 +0200 Subject: [PATCH 077/411] fix: bump ory cli --- Makefile | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/Makefile b/Makefile index 45e3845231c1..f137692c7039 100644 --- a/Makefile +++ b/Makefile @@ -48,20 +48,18 @@ docs/swagger: npx @redocly/openapi-cli preview-docs spec/swagger.json .bin/ory: Makefile - bash <(curl https://raw.githubusercontent.com/ory/meta/master/install.sh) -d -b .bin ory v0.1.14 + bash <(curl https://raw.githubusercontent.com/ory/meta/master/install.sh) -d -b .bin ory v0.1.33 touch -a -m .bin/ory node_modules: package.json Makefile npm ci - .bin/golangci-lint: Makefile bash <(curl -sfL https://install.goreleaser.com/github.com/golangci/golangci-lint.sh) -d -b .bin v1.44.2 .bin/hydra: Makefile bash <(curl https://raw.githubusercontent.com/ory/meta/master/install.sh) -d -b .bin hydra v1.11.0 - .PHONY: lint lint: .bin/golangci-lint golangci-lint run -v --timeout 10m ./... From 0290986ecdbb81bb07db474ff6c4e92e94973213 Mon Sep 17 00:00:00 2001 From: ory-bot <60093411+ory-bot@users.noreply.github.com> Date: Mon, 30 May 2022 14:06:10 +0000 Subject: [PATCH 078/411] autogen(docs): regenerate and update changelog [skip ci] --- CHANGELOG.md | 69 ++++++++++++++++++++++++++++------------------------ 1 file changed, 37 insertions(+), 32 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 6db11b6c9e75..4cf8838e19d2 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,9 +5,10 @@ **Table of Contents** - [ (2022-05-30)](#2022-05-30) + - [Bug Fixes](#bug-fixes) - [0.10.0 (2022-05-30)](#0100-2022-05-30) - [Breaking Changes](#breaking-changes) - - [Bug Fixes](#bug-fixes) + - [Bug Fixes](#bug-fixes-1) - [Code Generation](#code-generation) - [Code Refactoring](#code-refactoring) - [Documentation](#documentation) @@ -16,15 +17,15 @@ - [Unclassified](#unclassified) - [0.9.0-alpha.3 (2022-03-25)](#090-alpha3-2022-03-25) - [Breaking Changes](#breaking-changes-1) - - [Bug Fixes](#bug-fixes-1) + - [Bug Fixes](#bug-fixes-2) - [Code Generation](#code-generation-1) - [Documentation](#documentation-1) - [0.9.0-alpha.2 (2022-03-22)](#090-alpha2-2022-03-22) - - [Bug Fixes](#bug-fixes-2) + - [Bug Fixes](#bug-fixes-3) - [Code Generation](#code-generation-2) - [0.9.0-alpha.1 (2022-03-21)](#090-alpha1-2022-03-21) - [Breaking Changes](#breaking-changes-2) - - [Bug Fixes](#bug-fixes-3) + - [Bug Fixes](#bug-fixes-4) - [Code Generation](#code-generation-3) - [Code Refactoring](#code-refactoring-1) - [Documentation](#documentation-2) @@ -32,24 +33,24 @@ - [Tests](#tests-1) - [Unclassified](#unclassified-1) - [0.8.2-alpha.1 (2021-12-17)](#082-alpha1-2021-12-17) - - [Bug Fixes](#bug-fixes-4) + - [Bug Fixes](#bug-fixes-5) - [Code Generation](#code-generation-4) - [Documentation](#documentation-3) - [0.8.1-alpha.1 (2021-12-13)](#081-alpha1-2021-12-13) - [Breaking Changes](#breaking-changes-3) - - [Bug Fixes](#bug-fixes-5) + - [Bug Fixes](#bug-fixes-6) - [Code Generation](#code-generation-5) - [Documentation](#documentation-4) - [Features](#features-2) - [Tests](#tests-2) - [0.8.0-alpha.3 (2021-10-28)](#080-alpha3-2021-10-28) - - [Bug Fixes](#bug-fixes-6) + - [Bug Fixes](#bug-fixes-7) - [Code Generation](#code-generation-6) - [0.8.0-alpha.2 (2021-10-28)](#080-alpha2-2021-10-28) - [Code Generation](#code-generation-7) - [0.8.0-alpha.1 (2021-10-27)](#080-alpha1-2021-10-27) - [Breaking Changes](#breaking-changes-4) - - [Bug Fixes](#bug-fixes-7) + - [Bug Fixes](#bug-fixes-8) - [Code Generation](#code-generation-8) - [Code Refactoring](#code-refactoring-2) - [Documentation](#documentation-5) @@ -62,24 +63,24 @@ - [0.7.5-alpha.1 (2021-09-11)](#075-alpha1-2021-09-11) - [Code Generation](#code-generation-10) - [0.7.4-alpha.1 (2021-09-09)](#074-alpha1-2021-09-09) - - [Bug Fixes](#bug-fixes-8) + - [Bug Fixes](#bug-fixes-9) - [Code Generation](#code-generation-11) - [Documentation](#documentation-6) - [Features](#features-4) - [Tests](#tests-4) - [0.7.3-alpha.1 (2021-08-28)](#073-alpha1-2021-08-28) - - [Bug Fixes](#bug-fixes-9) + - [Bug Fixes](#bug-fixes-10) - [Code Generation](#code-generation-12) - [Documentation](#documentation-7) - [Features](#features-5) - [0.7.1-alpha.1 (2021-07-22)](#071-alpha1-2021-07-22) - - [Bug Fixes](#bug-fixes-10) + - [Bug Fixes](#bug-fixes-11) - [Code Generation](#code-generation-13) - [Documentation](#documentation-8) - [Tests](#tests-5) - [0.7.0-alpha.1 (2021-07-13)](#070-alpha1-2021-07-13) - [Breaking Changes](#breaking-changes-5) - - [Bug Fixes](#bug-fixes-11) + - [Bug Fixes](#bug-fixes-12) - [Code Generation](#code-generation-14) - [Code Refactoring](#code-refactoring-3) - [Documentation](#documentation-9) @@ -88,7 +89,7 @@ - [Unclassified](#unclassified-3) - [0.6.3-alpha.1 (2021-05-17)](#063-alpha1-2021-05-17) - [Breaking Changes](#breaking-changes-6) - - [Bug Fixes](#bug-fixes-12) + - [Bug Fixes](#bug-fixes-13) - [Code Generation](#code-generation-15) - [Code Refactoring](#code-refactoring-4) - [0.6.2-alpha.1 (2021-05-14)](#062-alpha1-2021-05-14) @@ -98,12 +99,12 @@ - [Code Generation](#code-generation-17) - [Features](#features-7) - [0.6.0-alpha.2 (2021-05-07)](#060-alpha2-2021-05-07) - - [Bug Fixes](#bug-fixes-13) + - [Bug Fixes](#bug-fixes-14) - [Code Generation](#code-generation-18) - [Features](#features-8) - [0.6.0-alpha.1 (2021-05-05)](#060-alpha1-2021-05-05) - [Breaking Changes](#breaking-changes-7) - - [Bug Fixes](#bug-fixes-14) + - [Bug Fixes](#bug-fixes-15) - [Code Generation](#code-generation-19) - [Code Refactoring](#code-refactoring-5) - [Documentation](#documentation-11) @@ -111,31 +112,31 @@ - [Tests](#tests-7) - [Unclassified](#unclassified-4) - [0.5.5-alpha.1 (2020-12-09)](#055-alpha1-2020-12-09) - - [Bug Fixes](#bug-fixes-15) + - [Bug Fixes](#bug-fixes-16) - [Code Generation](#code-generation-20) - [Documentation](#documentation-12) - [Features](#features-10) - [Tests](#tests-8) - [Unclassified](#unclassified-5) - [0.5.4-alpha.1 (2020-11-11)](#054-alpha1-2020-11-11) - - [Bug Fixes](#bug-fixes-16) + - [Bug Fixes](#bug-fixes-17) - [Code Generation](#code-generation-21) - [Code Refactoring](#code-refactoring-6) - [Documentation](#documentation-13) - [Features](#features-11) - [0.5.3-alpha.1 (2020-10-27)](#053-alpha1-2020-10-27) - - [Bug Fixes](#bug-fixes-17) + - [Bug Fixes](#bug-fixes-18) - [Code Generation](#code-generation-22) - [Documentation](#documentation-14) - [Features](#features-12) - [Tests](#tests-9) - [0.5.2-alpha.1 (2020-10-22)](#052-alpha1-2020-10-22) - - [Bug Fixes](#bug-fixes-18) + - [Bug Fixes](#bug-fixes-19) - [Code Generation](#code-generation-23) - [Documentation](#documentation-15) - [Tests](#tests-10) - [0.5.1-alpha.1 (2020-10-20)](#051-alpha1-2020-10-20) - - [Bug Fixes](#bug-fixes-19) + - [Bug Fixes](#bug-fixes-20) - [Code Generation](#code-generation-24) - [Documentation](#documentation-16) - [Features](#features-13) @@ -143,7 +144,7 @@ - [Unclassified](#unclassified-6) - [0.5.0-alpha.1 (2020-10-15)](#050-alpha1-2020-10-15) - [Breaking Changes](#breaking-changes-8) - - [Bug Fixes](#bug-fixes-20) + - [Bug Fixes](#bug-fixes-21) - [Code Generation](#code-generation-25) - [Code Refactoring](#code-refactoring-7) - [Documentation](#documentation-17) @@ -151,24 +152,24 @@ - [Tests](#tests-12) - [Unclassified](#unclassified-7) - [0.4.6-alpha.1 (2020-07-13)](#046-alpha1-2020-07-13) - - [Bug Fixes](#bug-fixes-21) + - [Bug Fixes](#bug-fixes-22) - [Code Generation](#code-generation-26) - [0.4.5-alpha.1 (2020-07-13)](#045-alpha1-2020-07-13) - - [Bug Fixes](#bug-fixes-22) + - [Bug Fixes](#bug-fixes-23) - [Code Generation](#code-generation-27) - [0.4.4-alpha.1 (2020-07-10)](#044-alpha1-2020-07-10) - - [Bug Fixes](#bug-fixes-23) + - [Bug Fixes](#bug-fixes-24) - [Code Generation](#code-generation-28) - [Documentation](#documentation-18) - [0.4.3-alpha.1 (2020-07-08)](#043-alpha1-2020-07-08) - - [Bug Fixes](#bug-fixes-24) + - [Bug Fixes](#bug-fixes-25) - [Code Generation](#code-generation-29) - [0.4.2-alpha.1 (2020-07-08)](#042-alpha1-2020-07-08) - - [Bug Fixes](#bug-fixes-25) + - [Bug Fixes](#bug-fixes-26) - [Code Generation](#code-generation-30) - [0.4.0-alpha.1 (2020-07-08)](#040-alpha1-2020-07-08) - [Breaking Changes](#breaking-changes-9) - - [Bug Fixes](#bug-fixes-26) + - [Bug Fixes](#bug-fixes-27) - [Code Generation](#code-generation-31) - [Code Refactoring](#code-refactoring-8) - [Documentation](#documentation-19) @@ -176,7 +177,7 @@ - [Unclassified](#unclassified-8) - [0.3.0-alpha.1 (2020-05-15)](#030-alpha1-2020-05-15) - [Breaking Changes](#breaking-changes-10) - - [Bug Fixes](#bug-fixes-27) + - [Bug Fixes](#bug-fixes-28) - [Chores](#chores) - [Code Refactoring](#code-refactoring-9) - [Documentation](#documentation-20) @@ -187,18 +188,18 @@ - [Documentation](#documentation-21) - [0.2.0-alpha.2 (2020-05-04)](#020-alpha2-2020-05-04) - [Breaking Changes](#breaking-changes-11) - - [Bug Fixes](#bug-fixes-28) + - [Bug Fixes](#bug-fixes-29) - [Chores](#chores-2) - [Code Refactoring](#code-refactoring-10) - [Documentation](#documentation-22) - [Features](#features-17) - [Unclassified](#unclassified-10) - [0.1.1-alpha.1 (2020-02-18)](#011-alpha1-2020-02-18) - - [Bug Fixes](#bug-fixes-29) + - [Bug Fixes](#bug-fixes-30) - [Code Refactoring](#code-refactoring-11) - [Documentation](#documentation-23) - [0.1.0-alpha.6 (2020-02-16)](#010-alpha6-2020-02-16) - - [Bug Fixes](#bug-fixes-30) + - [Bug Fixes](#bug-fixes-31) - [Code Refactoring](#code-refactoring-12) - [Documentation](#documentation-24) - [Features](#features-18) @@ -211,7 +212,7 @@ - [0.1.0-alpha.3 (2020-02-06)](#010-alpha3-2020-02-06) - [Continuous Integration](#continuous-integration-1) - [0.1.0-alpha.2 (2020-02-03)](#010-alpha2-2020-02-03) - - [Bug Fixes](#bug-fixes-31) + - [Bug Fixes](#bug-fixes-32) - [Documentation](#documentation-27) - [Features](#features-20) - [Unclassified](#unclassified-11) @@ -257,6 +258,10 @@ # [](https://github.com/ory/kratos/compare/v0.10.0...v) (2022-05-30) +### Bug Fixes + +* Bump ory cli ([12ceae0](https://github.com/ory/kratos/commit/12ceae005749c5dd01959720925418d643f13070)) + # [0.10.0](https://github.com/ory/kratos/compare/v0.9.0-alpha.3...v0.10.0) (2022-05-30) From ab16580b4326250885b920198b280456eb873a6b Mon Sep 17 00:00:00 2001 From: ory-bot <60093411+ory-bot@users.noreply.github.com> Date: Wed, 1 Jun 2022 12:05:46 +0200 Subject: [PATCH 079/411] autogen: pin v0.10.1 release commit From 0815d43e1af90e8420380eee5b32b82f3187fa66 Mon Sep 17 00:00:00 2001 From: ory-bot <60093411+ory-bot@users.noreply.github.com> Date: Wed, 1 Jun 2022 10:44:06 +0000 Subject: [PATCH 080/411] autogen(docs): regenerate and update changelog [skip ci] --- CHANGELOG.md | 83 +++++++++++++++++++++++++++++++--------------------- 1 file changed, 49 insertions(+), 34 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 4cf8838e19d2..88dbf5ae93ca 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,12 +4,14 @@ **Table of Contents** -- [ (2022-05-30)](#2022-05-30) +- [ (2022-06-01)](#2022-06-01) +- [0.10.1 (2022-06-01)](#0101-2022-06-01) - [Bug Fixes](#bug-fixes) + - [Code Generation](#code-generation) - [0.10.0 (2022-05-30)](#0100-2022-05-30) - [Breaking Changes](#breaking-changes) - [Bug Fixes](#bug-fixes-1) - - [Code Generation](#code-generation) + - [Code Generation](#code-generation-1) - [Code Refactoring](#code-refactoring) - [Documentation](#documentation) - [Features](#features) @@ -18,15 +20,15 @@ - [0.9.0-alpha.3 (2022-03-25)](#090-alpha3-2022-03-25) - [Breaking Changes](#breaking-changes-1) - [Bug Fixes](#bug-fixes-2) - - [Code Generation](#code-generation-1) + - [Code Generation](#code-generation-2) - [Documentation](#documentation-1) - [0.9.0-alpha.2 (2022-03-22)](#090-alpha2-2022-03-22) - [Bug Fixes](#bug-fixes-3) - - [Code Generation](#code-generation-2) + - [Code Generation](#code-generation-3) - [0.9.0-alpha.1 (2022-03-21)](#090-alpha1-2022-03-21) - [Breaking Changes](#breaking-changes-2) - [Bug Fixes](#bug-fixes-4) - - [Code Generation](#code-generation-3) + - [Code Generation](#code-generation-4) - [Code Refactoring](#code-refactoring-1) - [Documentation](#documentation-2) - [Features](#features-1) @@ -34,24 +36,24 @@ - [Unclassified](#unclassified-1) - [0.8.2-alpha.1 (2021-12-17)](#082-alpha1-2021-12-17) - [Bug Fixes](#bug-fixes-5) - - [Code Generation](#code-generation-4) + - [Code Generation](#code-generation-5) - [Documentation](#documentation-3) - [0.8.1-alpha.1 (2021-12-13)](#081-alpha1-2021-12-13) - [Breaking Changes](#breaking-changes-3) - [Bug Fixes](#bug-fixes-6) - - [Code Generation](#code-generation-5) + - [Code Generation](#code-generation-6) - [Documentation](#documentation-4) - [Features](#features-2) - [Tests](#tests-2) - [0.8.0-alpha.3 (2021-10-28)](#080-alpha3-2021-10-28) - [Bug Fixes](#bug-fixes-7) - - [Code Generation](#code-generation-6) -- [0.8.0-alpha.2 (2021-10-28)](#080-alpha2-2021-10-28) - [Code Generation](#code-generation-7) +- [0.8.0-alpha.2 (2021-10-28)](#080-alpha2-2021-10-28) + - [Code Generation](#code-generation-8) - [0.8.0-alpha.1 (2021-10-27)](#080-alpha1-2021-10-27) - [Breaking Changes](#breaking-changes-4) - [Bug Fixes](#bug-fixes-8) - - [Code Generation](#code-generation-8) + - [Code Generation](#code-generation-9) - [Code Refactoring](#code-refactoring-2) - [Documentation](#documentation-5) - [Features](#features-3) @@ -59,29 +61,29 @@ - [Tests](#tests-3) - [Unclassified](#unclassified-2) - [0.7.6-alpha.1 (2021-09-12)](#076-alpha1-2021-09-12) - - [Code Generation](#code-generation-9) -- [0.7.5-alpha.1 (2021-09-11)](#075-alpha1-2021-09-11) - [Code Generation](#code-generation-10) +- [0.7.5-alpha.1 (2021-09-11)](#075-alpha1-2021-09-11) + - [Code Generation](#code-generation-11) - [0.7.4-alpha.1 (2021-09-09)](#074-alpha1-2021-09-09) - [Bug Fixes](#bug-fixes-9) - - [Code Generation](#code-generation-11) + - [Code Generation](#code-generation-12) - [Documentation](#documentation-6) - [Features](#features-4) - [Tests](#tests-4) - [0.7.3-alpha.1 (2021-08-28)](#073-alpha1-2021-08-28) - [Bug Fixes](#bug-fixes-10) - - [Code Generation](#code-generation-12) + - [Code Generation](#code-generation-13) - [Documentation](#documentation-7) - [Features](#features-5) - [0.7.1-alpha.1 (2021-07-22)](#071-alpha1-2021-07-22) - [Bug Fixes](#bug-fixes-11) - - [Code Generation](#code-generation-13) + - [Code Generation](#code-generation-14) - [Documentation](#documentation-8) - [Tests](#tests-5) - [0.7.0-alpha.1 (2021-07-13)](#070-alpha1-2021-07-13) - [Breaking Changes](#breaking-changes-5) - [Bug Fixes](#bug-fixes-12) - - [Code Generation](#code-generation-14) + - [Code Generation](#code-generation-15) - [Code Refactoring](#code-refactoring-3) - [Documentation](#documentation-9) - [Features](#features-6) @@ -90,22 +92,22 @@ - [0.6.3-alpha.1 (2021-05-17)](#063-alpha1-2021-05-17) - [Breaking Changes](#breaking-changes-6) - [Bug Fixes](#bug-fixes-13) - - [Code Generation](#code-generation-15) + - [Code Generation](#code-generation-16) - [Code Refactoring](#code-refactoring-4) - [0.6.2-alpha.1 (2021-05-14)](#062-alpha1-2021-05-14) - - [Code Generation](#code-generation-16) + - [Code Generation](#code-generation-17) - [Documentation](#documentation-10) - [0.6.1-alpha.1 (2021-05-11)](#061-alpha1-2021-05-11) - - [Code Generation](#code-generation-17) + - [Code Generation](#code-generation-18) - [Features](#features-7) - [0.6.0-alpha.2 (2021-05-07)](#060-alpha2-2021-05-07) - [Bug Fixes](#bug-fixes-14) - - [Code Generation](#code-generation-18) + - [Code Generation](#code-generation-19) - [Features](#features-8) - [0.6.0-alpha.1 (2021-05-05)](#060-alpha1-2021-05-05) - [Breaking Changes](#breaking-changes-7) - [Bug Fixes](#bug-fixes-15) - - [Code Generation](#code-generation-19) + - [Code Generation](#code-generation-20) - [Code Refactoring](#code-refactoring-5) - [Documentation](#documentation-11) - [Features](#features-9) @@ -113,31 +115,31 @@ - [Unclassified](#unclassified-4) - [0.5.5-alpha.1 (2020-12-09)](#055-alpha1-2020-12-09) - [Bug Fixes](#bug-fixes-16) - - [Code Generation](#code-generation-20) + - [Code Generation](#code-generation-21) - [Documentation](#documentation-12) - [Features](#features-10) - [Tests](#tests-8) - [Unclassified](#unclassified-5) - [0.5.4-alpha.1 (2020-11-11)](#054-alpha1-2020-11-11) - [Bug Fixes](#bug-fixes-17) - - [Code Generation](#code-generation-21) + - [Code Generation](#code-generation-22) - [Code Refactoring](#code-refactoring-6) - [Documentation](#documentation-13) - [Features](#features-11) - [0.5.3-alpha.1 (2020-10-27)](#053-alpha1-2020-10-27) - [Bug Fixes](#bug-fixes-18) - - [Code Generation](#code-generation-22) + - [Code Generation](#code-generation-23) - [Documentation](#documentation-14) - [Features](#features-12) - [Tests](#tests-9) - [0.5.2-alpha.1 (2020-10-22)](#052-alpha1-2020-10-22) - [Bug Fixes](#bug-fixes-19) - - [Code Generation](#code-generation-23) + - [Code Generation](#code-generation-24) - [Documentation](#documentation-15) - [Tests](#tests-10) - [0.5.1-alpha.1 (2020-10-20)](#051-alpha1-2020-10-20) - [Bug Fixes](#bug-fixes-20) - - [Code Generation](#code-generation-24) + - [Code Generation](#code-generation-25) - [Documentation](#documentation-16) - [Features](#features-13) - [Tests](#tests-11) @@ -145,7 +147,7 @@ - [0.5.0-alpha.1 (2020-10-15)](#050-alpha1-2020-10-15) - [Breaking Changes](#breaking-changes-8) - [Bug Fixes](#bug-fixes-21) - - [Code Generation](#code-generation-25) + - [Code Generation](#code-generation-26) - [Code Refactoring](#code-refactoring-7) - [Documentation](#documentation-17) - [Features](#features-14) @@ -153,24 +155,24 @@ - [Unclassified](#unclassified-7) - [0.4.6-alpha.1 (2020-07-13)](#046-alpha1-2020-07-13) - [Bug Fixes](#bug-fixes-22) - - [Code Generation](#code-generation-26) + - [Code Generation](#code-generation-27) - [0.4.5-alpha.1 (2020-07-13)](#045-alpha1-2020-07-13) - [Bug Fixes](#bug-fixes-23) - - [Code Generation](#code-generation-27) + - [Code Generation](#code-generation-28) - [0.4.4-alpha.1 (2020-07-10)](#044-alpha1-2020-07-10) - [Bug Fixes](#bug-fixes-24) - - [Code Generation](#code-generation-28) + - [Code Generation](#code-generation-29) - [Documentation](#documentation-18) - [0.4.3-alpha.1 (2020-07-08)](#043-alpha1-2020-07-08) - [Bug Fixes](#bug-fixes-25) - - [Code Generation](#code-generation-29) + - [Code Generation](#code-generation-30) - [0.4.2-alpha.1 (2020-07-08)](#042-alpha1-2020-07-08) - [Bug Fixes](#bug-fixes-26) - - [Code Generation](#code-generation-30) + - [Code Generation](#code-generation-31) - [0.4.0-alpha.1 (2020-07-08)](#040-alpha1-2020-07-08) - [Breaking Changes](#breaking-changes-9) - [Bug Fixes](#bug-fixes-27) - - [Code Generation](#code-generation-31) + - [Code Generation](#code-generation-32) - [Code Refactoring](#code-refactoring-8) - [Documentation](#documentation-19) - [Features](#features-15) @@ -255,13 +257,26 @@ -# [](https://github.com/ory/kratos/compare/v0.10.0...v) (2022-05-30) +# [](https://github.com/ory/kratos/compare/v0.10.1...v) (2022-06-01) + + + +# [0.10.1](https://github.com/ory/kratos/compare/v0.10.0...v0.10.1) (2022-06-01) + +Re-release the SDK. + + + ### Bug Fixes * Bump ory cli ([12ceae0](https://github.com/ory/kratos/commit/12ceae005749c5dd01959720925418d643f13070)) +### Code Generation + +* Pin v0.10.1 release commit ([ab16580](https://github.com/ory/kratos/commit/ab16580b4326250885b920198b280456eb873a6b)) + # [0.10.0](https://github.com/ory/kratos/compare/v0.9.0-alpha.3...v0.10.0) (2022-05-30) From d74c3ffa5947335e1d9ddd35d114e2bc9f005ab0 Mon Sep 17 00:00:00 2001 From: ory-bot <60093411+ory-bot@users.noreply.github.com> Date: Wed, 1 Jun 2022 11:15:52 +0000 Subject: [PATCH 081/411] autogen(docs): generate and bump docs [skip ci] --- quickstart.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/quickstart.yml b/quickstart.yml index cfa5174d40f4..97ee08af94a0 100644 --- a/quickstart.yml +++ b/quickstart.yml @@ -1,7 +1,7 @@ version: '3.7' services: kratos-migrate: - image: oryd/kratos:v0.10.0 + image: oryd/kratos:v0.10.1 environment: - DSN=sqlite:///var/lib/sqlite/db.sqlite?_fk=true&mode=rwc volumes: @@ -17,7 +17,7 @@ services: networks: - intranet kratos-selfservice-ui-node: - image: oryd/kratos-selfservice-ui-node:v0.10.0 + image: oryd/kratos-selfservice-ui-node:v0.10.1 environment: - KRATOS_PUBLIC_URL=http://kratos:4433/ - KRATOS_BROWSER_URL=http://127.0.0.1:4433/ @@ -27,7 +27,7 @@ services: kratos: depends_on: - kratos-migrate - image: oryd/kratos:v0.10.0 + image: oryd/kratos:v0.10.1 ports: - '4433:4433' # public - '4434:4434' # admin From cf63a1c14bef86bbb0f0105453677c92cc9c947e Mon Sep 17 00:00:00 2001 From: ory-bot <60093411+ory-bot@users.noreply.github.com> Date: Wed, 1 Jun 2022 11:16:15 +0000 Subject: [PATCH 082/411] autogen: add v0.10.1 to version.schema.json [skip ci] --- .schema/version.schema.json | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/.schema/version.schema.json b/.schema/version.schema.json index ed02ec134723..47714b97dc92 100644 --- a/.schema/version.schema.json +++ b/.schema/version.schema.json @@ -2,6 +2,23 @@ "$id": "https://github.com/ory/kratos/.schema/versions.config.schema.json", "$schema": "http://json-schema.org/draft-07/schema#", "oneOf": [ + { + "allOf": [ + { + "properties": { + "version": { + "const": "v0.10.1" + } + }, + "required": [ + "version" + ] + }, + { + "$ref": "https://raw.githubusercontent.com/ory/kratos/v0.10.1/.schemastore/config.schema.json" + } + ] + }, { "allOf": [ { From 0844b47c30851c548d46273927afee103cdc0e97 Mon Sep 17 00:00:00 2001 From: Atreya <44151328+atreya2011@users.noreply.github.com> Date: Tue, 7 Jun 2022 18:58:28 +0900 Subject: [PATCH 083/411] fix: make ID field in VerifiableAddress struct optional (#2507) Closes #2506 --- identity/identity_verification.go | 1 - 1 file changed, 1 deletion(-) diff --git a/identity/identity_verification.go b/identity/identity_verification.go index c0e09fb404ad..f2d975b61cf9 100644 --- a/identity/identity_verification.go +++ b/identity/identity_verification.go @@ -35,7 +35,6 @@ type VerifiableAddressStatus string type VerifiableAddress struct { // The ID // - // required: true ID uuid.UUID `json:"id" db:"id" faker:"-"` // The address value From 1969b76ca8f2f69a47f6a0828afbb007af1053e8 Mon Sep 17 00:00:00 2001 From: ory-bot <60093411+ory-bot@users.noreply.github.com> Date: Tue, 7 Jun 2022 10:00:13 +0000 Subject: [PATCH 084/411] autogen(openapi): regenerate swagger spec and internal client [skip ci] --- internal/httpclient/api/openapi.yaml | 1 - .../docs/VerifiableIdentityAddress.md | 9 +++-- .../model_verifiable_identity_address.go | 33 +++++++++++-------- spec/api.json | 1 - spec/swagger.json | 1 - 5 files changed, 27 insertions(+), 18 deletions(-) diff --git a/internal/httpclient/api/openapi.yaml b/internal/httpclient/api/openapi.yaml index 0f1ce4025a25..b34e675714af 100644 --- a/internal/httpclient/api/openapi.yaml +++ b/internal/httpclient/api/openapi.yaml @@ -5448,7 +5448,6 @@ components: is the limitation in the SQL Schema type: string required: - - id - status - value - verified diff --git a/internal/httpclient/docs/VerifiableIdentityAddress.md b/internal/httpclient/docs/VerifiableIdentityAddress.md index c5f5d49d42d2..2d158f168dc9 100644 --- a/internal/httpclient/docs/VerifiableIdentityAddress.md +++ b/internal/httpclient/docs/VerifiableIdentityAddress.md @@ -5,7 +5,7 @@ Name | Type | Description | Notes ------------ | ------------- | ------------- | ------------- **CreatedAt** | Pointer to **time.Time** | When this entry was created | [optional] -**Id** | **string** | | +**Id** | Pointer to **string** | | [optional] **Status** | **string** | VerifiableAddressStatus must not exceed 16 characters as that is the limitation in the SQL Schema | **UpdatedAt** | Pointer to **time.Time** | When this entry was last updated | [optional] **Value** | **string** | The address value example foo@user.com | @@ -17,7 +17,7 @@ Name | Type | Description | Notes ### NewVerifiableIdentityAddress -`func NewVerifiableIdentityAddress(id string, status string, value string, verified bool, via string, ) *VerifiableIdentityAddress` +`func NewVerifiableIdentityAddress(status string, value string, verified bool, via string, ) *VerifiableIdentityAddress` NewVerifiableIdentityAddress instantiates a new VerifiableIdentityAddress object This constructor will assign default values to properties that have it defined, @@ -76,6 +76,11 @@ and a boolean to check if the value has been set. SetId sets Id field to given value. +### HasId + +`func (o *VerifiableIdentityAddress) HasId() bool` + +HasId returns a boolean if a field has been set. ### GetStatus diff --git a/internal/httpclient/model_verifiable_identity_address.go b/internal/httpclient/model_verifiable_identity_address.go index 701f9139d141..8ea75073ad21 100644 --- a/internal/httpclient/model_verifiable_identity_address.go +++ b/internal/httpclient/model_verifiable_identity_address.go @@ -20,7 +20,7 @@ import ( type VerifiableIdentityAddress struct { // When this entry was created CreatedAt *time.Time `json:"created_at,omitempty"` - Id string `json:"id"` + Id *string `json:"id,omitempty"` // VerifiableAddressStatus must not exceed 16 characters as that is the limitation in the SQL Schema Status string `json:"status"` // When this entry was last updated @@ -38,9 +38,8 @@ type VerifiableIdentityAddress struct { // This constructor will assign default values to properties that have it defined, // and makes sure properties required by API are set, but the set of arguments // will change when the set of required properties is changed -func NewVerifiableIdentityAddress(id string, status string, value string, verified bool, via string) *VerifiableIdentityAddress { +func NewVerifiableIdentityAddress(status string, value string, verified bool, via string) *VerifiableIdentityAddress { this := VerifiableIdentityAddress{} - this.Id = id this.Status = status this.Value = value this.Verified = verified @@ -88,28 +87,36 @@ func (o *VerifiableIdentityAddress) SetCreatedAt(v time.Time) { o.CreatedAt = &v } -// GetId returns the Id field value +// GetId returns the Id field value if set, zero value otherwise. func (o *VerifiableIdentityAddress) GetId() string { - if o == nil { + if o == nil || o.Id == nil { var ret string return ret } - - return o.Id + return *o.Id } -// GetIdOk returns a tuple with the Id field value +// GetIdOk returns a tuple with the Id field value if set, nil otherwise // and a boolean to check if the value has been set. func (o *VerifiableIdentityAddress) GetIdOk() (*string, bool) { - if o == nil { + if o == nil || o.Id == nil { return nil, false } - return &o.Id, true + return o.Id, true +} + +// HasId returns a boolean if a field has been set. +func (o *VerifiableIdentityAddress) HasId() bool { + if o != nil && o.Id != nil { + return true + } + + return false } -// SetId sets field value +// SetId gets a reference to the given string and assigns it to the Id field. func (o *VerifiableIdentityAddress) SetId(v string) { - o.Id = v + o.Id = &v } // GetStatus returns the Status field value @@ -277,7 +284,7 @@ func (o VerifiableIdentityAddress) MarshalJSON() ([]byte, error) { if o.CreatedAt != nil { toSerialize["created_at"] = o.CreatedAt } - if true { + if o.Id != nil { toSerialize["id"] = o.Id } if true { diff --git a/spec/api.json b/spec/api.json index 8b82834223ca..97cdeed46636 100755 --- a/spec/api.json +++ b/spec/api.json @@ -2190,7 +2190,6 @@ } }, "required": [ - "id", "value", "verified", "via", diff --git a/spec/swagger.json b/spec/swagger.json index ea93495e05b0..b4a2ec81b668 100755 --- a/spec/swagger.json +++ b/spec/swagger.json @@ -4369,7 +4369,6 @@ "description": "VerifiableAddress is an identity's verifiable address", "type": "object", "required": [ - "id", "value", "verified", "via", From 930a475249c9ebc3076fb87e6d521549b7928718 Mon Sep 17 00:00:00 2001 From: ory-bot <60093411+ory-bot@users.noreply.github.com> Date: Tue, 7 Jun 2022 10:42:28 +0000 Subject: [PATCH 085/411] autogen(docs): regenerate and update changelog [skip ci] --- CHANGELOG.md | 75 ++++++++++++++++++++++++++++------------------------ 1 file changed, 40 insertions(+), 35 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 88dbf5ae93ca..6bc490c15046 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,13 +4,14 @@ **Table of Contents** -- [ (2022-06-01)](#2022-06-01) -- [0.10.1 (2022-06-01)](#0101-2022-06-01) +- [ (2022-06-07)](#2022-06-07) - [Bug Fixes](#bug-fixes) +- [0.10.1 (2022-06-01)](#0101-2022-06-01) + - [Bug Fixes](#bug-fixes-1) - [Code Generation](#code-generation) - [0.10.0 (2022-05-30)](#0100-2022-05-30) - [Breaking Changes](#breaking-changes) - - [Bug Fixes](#bug-fixes-1) + - [Bug Fixes](#bug-fixes-2) - [Code Generation](#code-generation-1) - [Code Refactoring](#code-refactoring) - [Documentation](#documentation) @@ -19,15 +20,15 @@ - [Unclassified](#unclassified) - [0.9.0-alpha.3 (2022-03-25)](#090-alpha3-2022-03-25) - [Breaking Changes](#breaking-changes-1) - - [Bug Fixes](#bug-fixes-2) + - [Bug Fixes](#bug-fixes-3) - [Code Generation](#code-generation-2) - [Documentation](#documentation-1) - [0.9.0-alpha.2 (2022-03-22)](#090-alpha2-2022-03-22) - - [Bug Fixes](#bug-fixes-3) + - [Bug Fixes](#bug-fixes-4) - [Code Generation](#code-generation-3) - [0.9.0-alpha.1 (2022-03-21)](#090-alpha1-2022-03-21) - [Breaking Changes](#breaking-changes-2) - - [Bug Fixes](#bug-fixes-4) + - [Bug Fixes](#bug-fixes-5) - [Code Generation](#code-generation-4) - [Code Refactoring](#code-refactoring-1) - [Documentation](#documentation-2) @@ -35,24 +36,24 @@ - [Tests](#tests-1) - [Unclassified](#unclassified-1) - [0.8.2-alpha.1 (2021-12-17)](#082-alpha1-2021-12-17) - - [Bug Fixes](#bug-fixes-5) + - [Bug Fixes](#bug-fixes-6) - [Code Generation](#code-generation-5) - [Documentation](#documentation-3) - [0.8.1-alpha.1 (2021-12-13)](#081-alpha1-2021-12-13) - [Breaking Changes](#breaking-changes-3) - - [Bug Fixes](#bug-fixes-6) + - [Bug Fixes](#bug-fixes-7) - [Code Generation](#code-generation-6) - [Documentation](#documentation-4) - [Features](#features-2) - [Tests](#tests-2) - [0.8.0-alpha.3 (2021-10-28)](#080-alpha3-2021-10-28) - - [Bug Fixes](#bug-fixes-7) + - [Bug Fixes](#bug-fixes-8) - [Code Generation](#code-generation-7) - [0.8.0-alpha.2 (2021-10-28)](#080-alpha2-2021-10-28) - [Code Generation](#code-generation-8) - [0.8.0-alpha.1 (2021-10-27)](#080-alpha1-2021-10-27) - [Breaking Changes](#breaking-changes-4) - - [Bug Fixes](#bug-fixes-8) + - [Bug Fixes](#bug-fixes-9) - [Code Generation](#code-generation-9) - [Code Refactoring](#code-refactoring-2) - [Documentation](#documentation-5) @@ -65,24 +66,24 @@ - [0.7.5-alpha.1 (2021-09-11)](#075-alpha1-2021-09-11) - [Code Generation](#code-generation-11) - [0.7.4-alpha.1 (2021-09-09)](#074-alpha1-2021-09-09) - - [Bug Fixes](#bug-fixes-9) + - [Bug Fixes](#bug-fixes-10) - [Code Generation](#code-generation-12) - [Documentation](#documentation-6) - [Features](#features-4) - [Tests](#tests-4) - [0.7.3-alpha.1 (2021-08-28)](#073-alpha1-2021-08-28) - - [Bug Fixes](#bug-fixes-10) + - [Bug Fixes](#bug-fixes-11) - [Code Generation](#code-generation-13) - [Documentation](#documentation-7) - [Features](#features-5) - [0.7.1-alpha.1 (2021-07-22)](#071-alpha1-2021-07-22) - - [Bug Fixes](#bug-fixes-11) + - [Bug Fixes](#bug-fixes-12) - [Code Generation](#code-generation-14) - [Documentation](#documentation-8) - [Tests](#tests-5) - [0.7.0-alpha.1 (2021-07-13)](#070-alpha1-2021-07-13) - [Breaking Changes](#breaking-changes-5) - - [Bug Fixes](#bug-fixes-12) + - [Bug Fixes](#bug-fixes-13) - [Code Generation](#code-generation-15) - [Code Refactoring](#code-refactoring-3) - [Documentation](#documentation-9) @@ -91,7 +92,7 @@ - [Unclassified](#unclassified-3) - [0.6.3-alpha.1 (2021-05-17)](#063-alpha1-2021-05-17) - [Breaking Changes](#breaking-changes-6) - - [Bug Fixes](#bug-fixes-13) + - [Bug Fixes](#bug-fixes-14) - [Code Generation](#code-generation-16) - [Code Refactoring](#code-refactoring-4) - [0.6.2-alpha.1 (2021-05-14)](#062-alpha1-2021-05-14) @@ -101,12 +102,12 @@ - [Code Generation](#code-generation-18) - [Features](#features-7) - [0.6.0-alpha.2 (2021-05-07)](#060-alpha2-2021-05-07) - - [Bug Fixes](#bug-fixes-14) + - [Bug Fixes](#bug-fixes-15) - [Code Generation](#code-generation-19) - [Features](#features-8) - [0.6.0-alpha.1 (2021-05-05)](#060-alpha1-2021-05-05) - [Breaking Changes](#breaking-changes-7) - - [Bug Fixes](#bug-fixes-15) + - [Bug Fixes](#bug-fixes-16) - [Code Generation](#code-generation-20) - [Code Refactoring](#code-refactoring-5) - [Documentation](#documentation-11) @@ -114,31 +115,31 @@ - [Tests](#tests-7) - [Unclassified](#unclassified-4) - [0.5.5-alpha.1 (2020-12-09)](#055-alpha1-2020-12-09) - - [Bug Fixes](#bug-fixes-16) + - [Bug Fixes](#bug-fixes-17) - [Code Generation](#code-generation-21) - [Documentation](#documentation-12) - [Features](#features-10) - [Tests](#tests-8) - [Unclassified](#unclassified-5) - [0.5.4-alpha.1 (2020-11-11)](#054-alpha1-2020-11-11) - - [Bug Fixes](#bug-fixes-17) + - [Bug Fixes](#bug-fixes-18) - [Code Generation](#code-generation-22) - [Code Refactoring](#code-refactoring-6) - [Documentation](#documentation-13) - [Features](#features-11) - [0.5.3-alpha.1 (2020-10-27)](#053-alpha1-2020-10-27) - - [Bug Fixes](#bug-fixes-18) + - [Bug Fixes](#bug-fixes-19) - [Code Generation](#code-generation-23) - [Documentation](#documentation-14) - [Features](#features-12) - [Tests](#tests-9) - [0.5.2-alpha.1 (2020-10-22)](#052-alpha1-2020-10-22) - - [Bug Fixes](#bug-fixes-19) + - [Bug Fixes](#bug-fixes-20) - [Code Generation](#code-generation-24) - [Documentation](#documentation-15) - [Tests](#tests-10) - [0.5.1-alpha.1 (2020-10-20)](#051-alpha1-2020-10-20) - - [Bug Fixes](#bug-fixes-20) + - [Bug Fixes](#bug-fixes-21) - [Code Generation](#code-generation-25) - [Documentation](#documentation-16) - [Features](#features-13) @@ -146,7 +147,7 @@ - [Unclassified](#unclassified-6) - [0.5.0-alpha.1 (2020-10-15)](#050-alpha1-2020-10-15) - [Breaking Changes](#breaking-changes-8) - - [Bug Fixes](#bug-fixes-21) + - [Bug Fixes](#bug-fixes-22) - [Code Generation](#code-generation-26) - [Code Refactoring](#code-refactoring-7) - [Documentation](#documentation-17) @@ -154,24 +155,24 @@ - [Tests](#tests-12) - [Unclassified](#unclassified-7) - [0.4.6-alpha.1 (2020-07-13)](#046-alpha1-2020-07-13) - - [Bug Fixes](#bug-fixes-22) + - [Bug Fixes](#bug-fixes-23) - [Code Generation](#code-generation-27) - [0.4.5-alpha.1 (2020-07-13)](#045-alpha1-2020-07-13) - - [Bug Fixes](#bug-fixes-23) + - [Bug Fixes](#bug-fixes-24) - [Code Generation](#code-generation-28) - [0.4.4-alpha.1 (2020-07-10)](#044-alpha1-2020-07-10) - - [Bug Fixes](#bug-fixes-24) + - [Bug Fixes](#bug-fixes-25) - [Code Generation](#code-generation-29) - [Documentation](#documentation-18) - [0.4.3-alpha.1 (2020-07-08)](#043-alpha1-2020-07-08) - - [Bug Fixes](#bug-fixes-25) + - [Bug Fixes](#bug-fixes-26) - [Code Generation](#code-generation-30) - [0.4.2-alpha.1 (2020-07-08)](#042-alpha1-2020-07-08) - - [Bug Fixes](#bug-fixes-26) + - [Bug Fixes](#bug-fixes-27) - [Code Generation](#code-generation-31) - [0.4.0-alpha.1 (2020-07-08)](#040-alpha1-2020-07-08) - [Breaking Changes](#breaking-changes-9) - - [Bug Fixes](#bug-fixes-27) + - [Bug Fixes](#bug-fixes-28) - [Code Generation](#code-generation-32) - [Code Refactoring](#code-refactoring-8) - [Documentation](#documentation-19) @@ -179,7 +180,7 @@ - [Unclassified](#unclassified-8) - [0.3.0-alpha.1 (2020-05-15)](#030-alpha1-2020-05-15) - [Breaking Changes](#breaking-changes-10) - - [Bug Fixes](#bug-fixes-28) + - [Bug Fixes](#bug-fixes-29) - [Chores](#chores) - [Code Refactoring](#code-refactoring-9) - [Documentation](#documentation-20) @@ -190,18 +191,18 @@ - [Documentation](#documentation-21) - [0.2.0-alpha.2 (2020-05-04)](#020-alpha2-2020-05-04) - [Breaking Changes](#breaking-changes-11) - - [Bug Fixes](#bug-fixes-29) + - [Bug Fixes](#bug-fixes-30) - [Chores](#chores-2) - [Code Refactoring](#code-refactoring-10) - [Documentation](#documentation-22) - [Features](#features-17) - [Unclassified](#unclassified-10) - [0.1.1-alpha.1 (2020-02-18)](#011-alpha1-2020-02-18) - - [Bug Fixes](#bug-fixes-30) + - [Bug Fixes](#bug-fixes-31) - [Code Refactoring](#code-refactoring-11) - [Documentation](#documentation-23) - [0.1.0-alpha.6 (2020-02-16)](#010-alpha6-2020-02-16) - - [Bug Fixes](#bug-fixes-31) + - [Bug Fixes](#bug-fixes-32) - [Code Refactoring](#code-refactoring-12) - [Documentation](#documentation-24) - [Features](#features-18) @@ -214,7 +215,7 @@ - [0.1.0-alpha.3 (2020-02-06)](#010-alpha3-2020-02-06) - [Continuous Integration](#continuous-integration-1) - [0.1.0-alpha.2 (2020-02-03)](#010-alpha2-2020-02-03) - - [Bug Fixes](#bug-fixes-32) + - [Bug Fixes](#bug-fixes-33) - [Documentation](#documentation-27) - [Features](#features-20) - [Unclassified](#unclassified-11) @@ -257,8 +258,12 @@ -# [](https://github.com/ory/kratos/compare/v0.10.1...v) (2022-06-01) +# [](https://github.com/ory/kratos/compare/v0.10.1...v) (2022-06-07) + + +### Bug Fixes +* Make ID field in VerifiableAddress struct optional ([#2507](https://github.com/ory/kratos/issues/2507)) ([0844b47](https://github.com/ory/kratos/commit/0844b47c30851c548d46273927afee103cdc0e97)), closes [#2506](https://github.com/ory/kratos/issues/2506) # [0.10.1](https://github.com/ory/kratos/compare/v0.10.0...v0.10.1) (2022-06-01) From b7e28166f0821db86648cc5f9056a15b2466c3cd Mon Sep 17 00:00:00 2001 From: aeneasr <3372410+aeneasr@users.noreply.github.com> Date: Wed, 8 Jun 2022 10:32:00 +0000 Subject: [PATCH 086/411] chore: update repository templates [skip ci] - updated repository templates to https://github.com/ory/meta/commit/9a12e12742572ad435bbf4c3e8c631f9472681f1 --- .github/pull_request_template.md | 17 +-- CODE_OF_CONDUCT.md | 66 ++++------ CONTRIBUTING.md | 212 +++++++++++++------------------ README.md | 69 ++++------ SECURITY.md | 11 +- 5 files changed, 149 insertions(+), 226 deletions(-) diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md index 8125a1915dac..d8bcb167f09a 100644 --- a/.github/pull_request_template.md +++ b/.github/pull_request_template.md @@ -38,18 +38,13 @@ If you're unsure about any of them, don't hesitate to ask. We're here to help! --> - [ ] I have read the [contributing guidelines](../blob/master/CONTRIBUTING.md). -- [ ] I have referenced an issue containing the design document if my change - introduces a new feature. -- [ ] I am following the - [contributing code guidelines](../blob/master/CONTRIBUTING.md#contributing-code). +- [ ] I have referenced an issue containing the design document if my change introduces a new feature. +- [ ] I am following the [contributing code guidelines](../blob/master/CONTRIBUTING.md#contributing-code). - [ ] I have read the [security policy](../security/policy). -- [ ] I confirm that this pull request does not address a security - vulnerability. If this pull request addresses a security. vulnerability, I - confirm that I got green light (please contact - [security@ory.sh](mailto:security@ory.sh)) from the maintainers to push - the changes. -- [ ] I have added tests that prove my fix is effective or that my feature - works. +- [ ] I confirm that this pull request does not address a security vulnerability. If this pull request addresses a security. + vulnerability, I confirm that I got green light (please contact [security@ory.sh](mailto:security@ory.sh)) from the + maintainers to push the changes. +- [ ] I have added tests that prove my fix is effective or that my feature works. - [ ] I have added or changed [the documentation](https://github.com/ory/docs). ## Further Comments diff --git a/CODE_OF_CONDUCT.md b/CODE_OF_CONDUCT.md index 2351896e4f54..f9ab1ecc4db4 100644 --- a/CODE_OF_CONDUCT.md +++ b/CODE_OF_CONDUCT.md @@ -2,17 +2,14 @@ ## Our Pledge -In the interest of fostering an open and welcoming environment, we as -contributors and maintainers pledge to making participation in our project and -our community a harassment-free experience for everyone, regardless of age, body -size, disability, ethnicity, sex characteristics, gender identity and -expression, level of experience, education, socio-economic status, nationality, -personal appearance, race, religion, or sexual identity and orientation. +In the interest of fostering an open and welcoming environment, we as contributors and maintainers pledge to making participation +in our project and our community a harassment-free experience for everyone, regardless of age, body size, disability, ethnicity, +sex characteristics, gender identity and expression, level of experience, education, socio-economic status, nationality, personal +appearance, race, religion, or sexual identity and orientation. ## Our Standards -Examples of behavior that contributes to creating a positive environment -include: +Examples of behavior that contributes to creating a positive environment include: - Using welcoming and inclusive language - Being respectful of differing viewpoints and experiences @@ -22,56 +19,43 @@ include: Examples of unacceptable behavior by participants include: -- The use of sexualized language or imagery and unwelcome sexual attention or - advances +- The use of sexualized language or imagery and unwelcome sexual attention or advances - Trolling, insulting/derogatory comments, and personal or political attacks - Public or private harassment -- Publishing others' private information, such as a physical or electronic - address, without explicit permission -- Other conduct which could reasonably be considered inappropriate in a - professional setting +- Publishing others' private information, such as a physical or electronic address, without explicit permission +- Other conduct which could reasonably be considered inappropriate in a professional setting ## Our Responsibilities -Project maintainers are responsible for clarifying the standards of acceptable -behavior and are expected to take appropriate and fair corrective action in -response to any instances of unacceptable behavior. +Project maintainers are responsible for clarifying the standards of acceptable behavior and are expected to take appropriate and +fair corrective action in response to any instances of unacceptable behavior. -Project maintainers have the right and responsibility to remove, edit, or reject -comments, commits, code, wiki edits, issues, and other contributions that are -not aligned to this Code of Conduct, or to ban temporarily or permanently any -contributor for other behaviors that they deem inappropriate, threatening, -offensive, or harmful. +Project maintainers have the right and responsibility to remove, edit, or reject comments, commits, code, wiki edits, issues, and +other contributions that are not aligned to this Code of Conduct, or to ban temporarily or permanently any contributor for other +behaviors that they deem inappropriate, threatening, offensive, or harmful. ## Scope -This Code of Conduct applies both within project spaces and in public spaces -when an individual is representing the project or its community. Examples of -representing a project or community include using an official project e-mail -address, posting via an official social media account, or acting as an appointed -representative at an online or offline event. Representation of a project may be -further defined and clarified by project maintainers. +This Code of Conduct applies both within project spaces and in public spaces when an individual is representing the project or its +community. Examples of representing a project or community include using an official project e-mail address, posting via an +official social media account, or acting as an appointed representative at an online or offline event. Representation of a project +may be further defined and clarified by project maintainers. ## Enforcement -Instances of abusive, harassing, or otherwise unacceptable behavior may be -reported by contacting the project team at office@ory.sh. All complaints will be -reviewed and investigated and will result in a response that is deemed necessary -and appropriate to the circumstances. The project team is obligated to maintain -confidentiality with regard to the reporter of an incident. Further details of -specific enforcement policies may be posted separately. +Instances of abusive, harassing, or otherwise unacceptable behavior may be reported by contacting the project team at +office@ory.sh. All complaints will be reviewed and investigated and will result in a response that is deemed necessary and +appropriate to the circumstances. The project team is obligated to maintain confidentiality with regard to the reporter of an +incident. Further details of specific enforcement policies may be posted separately. -Project maintainers who do not follow or enforce the Code of Conduct in good -faith may face temporary or permanent repercussions as determined by other -members of the project's leadership. +Project maintainers who do not follow or enforce the Code of Conduct in good faith may face temporary or permanent repercussions +as determined by other members of the project's leadership. ## Attribution -This Code of Conduct is adapted from the [Contributor Covenant][homepage], -version 1.4, available at +This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4, available at https://www.contributor-covenant.org/version/1/4/code-of-conduct.html [homepage]: https://www.contributor-covenant.org -For answers to common questions about this code of conduct, see -https://www.contributor-covenant.org/faq +For answers to common questions about this code of conduct, see https://www.contributor-covenant.org/faq diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 0ffc441617af..2a84779fed3c 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -28,45 +28,37 @@ https://github.com/ory/meta/blob/master/templates/repository/common/CONTRIBUTING ## Introduction -There are many ways in which you can contribute, beyond writing code. The goal -of this document is to provide a high-level overview of how you can get -involved. - -_Please note_: We take Ory Kratos's security and our users' trust very -seriously. If you believe you have found a security issue in Ory Kratos, -please responsibly disclose by contacting us at security@ory.sh. - -First: As a potential contributor, your changes and ideas are welcome at any -hour of the day or night, weekdays, weekends, and holidays. Please do not ever -hesitate to ask a question or send a pull request. - -If you are unsure, just ask or submit the issue or pull request anyways. You -won't be yelled at for giving it your best effort. The worst that can happen is -that you'll be politely asked to change something. We appreciate any sort of -contributions, and don't want a wall of rules to get in the way of that. - -That said, if you want to ensure that a pull request is likely to be merged, -talk to us! You can find out our thoughts and ensure that your contribution -won't clash or be obviated by Ory +There are many ways in which you can contribute, beyond writing code. The goal of this document is to provide a high-level +overview of how you can get involved. + +_Please note_: We take Ory Kratos's security and our users' trust very seriously. If you believe you have found a security issue +in Ory Kratos, please responsibly disclose by contacting us at security@ory.sh. + +First: As a potential contributor, your changes and ideas are welcome at any hour of the day or night, weekdays, weekends, and +holidays. Please do not ever hesitate to ask a question or send a pull request. + +If you are unsure, just ask or submit the issue or pull request anyways. You won't be yelled at for giving it your best effort. +The worst that can happen is that you'll be politely asked to change something. We appreciate any sort of contributions, and don't +want a wall of rules to get in the way of that. + +That said, if you want to ensure that a pull request is likely to be merged, talk to us! You can find out our thoughts and ensure +that your contribution won't clash or be obviated by Ory Kratos's normal direction. A great way to do this is via -[Ory Kratos Discussions](https://github.com/ory/kratos/discussions) -or the [Ory Chat](https://www.ory.sh/chat). +[Ory Kratos Discussions](https://github.com/ory/kratos/discussions) or the +[Ory Chat](https://www.ory.sh/chat). ## FAQ - I am new to the community. Where can I find the [Ory Community Code of Conduct?](https://github.com/ory/kratos/blob/master/CODE_OF_CONDUCT.md) -- I have a question. Where can I get - [answers to questions regarding Ory Kratos?](#communication) +- I have a question. Where can I get [answers to questions regarding Ory Kratos?](#communication) -- I would like to contribute but I am not sure how. Are there - [easy ways to contribute?](#how-can-i-contribute) +- I would like to contribute but I am not sure how. Are there [easy ways to contribute?](#how-can-i-contribute) [Or good first issues?](https://github.com/search?l=&o=desc&q=label%3A%22help+wanted%22+label%3A%22good+first+issue%22+is%3Aopen+user%3Aory+user%3Aory-corp&s=updated&type=Issues) -- I want to talk to other Ory Kratos users. - [How can I become a part of the community?](#communication) +- I want to talk to other Ory Kratos users. [How can I become a part of the community?](#communication) - I would like to know what I am agreeing to when I contribute to Ory Kratos. @@ -81,80 +73,63 @@ or the [Ory Chat](https://www.ory.sh/chat). If you want to start contributing code right away, we have a [list of good first issues](https://github.com/ory/kratos/labels/good%20first%20issue). -There are many other ways you can contribute without writing any code. Here are -a few things you can do to help out: +There are many other ways you can contribute without writing any code. Here are a few things you can do to help out: -- **Give us a star.** It may not seem like much, but it really makes a - difference. This is something that everyone can do to help out Ory Kratos. - Github stars help the project gain visibility and stand out. +- **Give us a star.** It may not seem like much, but it really makes a difference. This is something that everyone can do to help + out Ory Kratos. Github stars help the project gain visibility and stand out. -- **Join the community.** Sometimes helping people can be as easy as listening - to their problems and offering a different perspective. Join our Slack, have a - look at discussions in the forum and take part in our weekly hangout. More - info on this in [Communication](#communication). +- **Join the community.** Sometimes helping people can be as easy as listening to their problems and offering a different + perspective. Join our Slack, have a look at discussions in the forum and take part in our weekly hangout. More info on this in + [Communication](#communication). -- **Helping with open issues.** We have a lot of open issues for Ory Kratos - and some of them may lack necessary information, some are duplicates of older - issues. You can help out by guiding people through the process of filling out - the issue template, asking for clarifying information, or pointing them to - existing issues that match their description of the problem. +- **Helping with open issues.** We have a lot of open issues for Ory Kratos and some of them may lack necessary information, + some are duplicates of older issues. You can help out by guiding people through the process of filling out the issue template, + asking for clarifying information, or pointing them to existing issues that match their description of the problem. -- **Reviewing documentation changes.** Most documentation just needs a review - for proper spelling and grammar. If you think a document can be improved in - any way, feel free to hit the `edit` button at the top of the page. More info - on contributing to documentation [here](#documentation). +- **Reviewing documentation changes.** Most documentation just needs a review for proper spelling and grammar. If you think a + document can be improved in any way, feel free to hit the `edit` button at the top of the page. More info on contributing to + documentation [here](#documentation). -- **Help with tests.** Some pull requests may lack proper tests or test plans. - These are needed for the change to be implemented safely. +- **Help with tests.** Some pull requests may lack proper tests or test plans. These are needed for the change to be implemented + safely. ## Communication -We use [Slack](https://www.ory.sh/chat). You are welcome to drop in and ask -questions, discuss bugs and feature requests, talk to other users of Ory, etc. +We use [Slack](https://www.ory.sh/chat). You are welcome to drop in and ask questions, discuss bugs and feature requests, talk to +other users of Ory, etc. -Check out [Ory Kratos Discussions](https://github.com/ory/kratos/discussions). This is a great place for -in-depth discussions and lots of code examples, logs and similar data. +Check out [Ory Kratos Discussions](https://github.com/ory/kratos/discussions). This is a great place for in-depth discussions and lots of code examples, logs +and similar data. -You can also join our community hangout, if you want to speak to the Ory team -directly or ask some questions. You can find more info on the hangouts in -[Slack](https://www.ory.sh/chat). +You can also join our community hangout, if you want to speak to the Ory team directly or ask some questions. You can find more +info on the hangouts in [Slack](https://www.ory.sh/chat). -If you want to receive regular notifications about updates to Ory Kratos, -consider joining the mailing list. We will _only_ send you vital information on -the projects that you are interested in. +If you want to receive regular notifications about updates to Ory Kratos, consider joining the mailing list. We will _only_ send +you vital information on the projects that you are interested in. Also [follow us on twitter](https://twitter.com/orycorp). ## Contributing Code -Unless you are fixing a known bug, we **strongly** recommend discussing it with -the core team via a GitHub issue or [in our chat](https://www.ory.sh/chat) -before getting started to ensure your work is consistent with Ory Kratos's -roadmap and architecture. +Unless you are fixing a known bug, we **strongly** recommend discussing it with the core team via a GitHub issue or +[in our chat](https://www.ory.sh/chat) before getting started to ensure your work is consistent with Ory Kratos's roadmap and +architecture. -All contributions are made via pull requests. To make a pull request, you will -need a GitHub account; if you are unclear on this process, see GitHub's -documentation on [forking](https://help.github.com/articles/fork-a-repo) and -[pull requests](https://help.github.com/articles/using-pull-requests). Pull -requests should be targeted at the `master` branch. Before creating a pull -request, go through this checklist: +All contributions are made via pull requests. To make a pull request, you will need a GitHub account; if you are unclear on this +process, see GitHub's documentation on [forking](https://help.github.com/articles/fork-a-repo) and +[pull requests](https://help.github.com/articles/using-pull-requests). Pull requests should be targeted at the `master` branch. +Before creating a pull request, go through this checklist: 1. Create a feature branch off of `master` so that changes do not get mixed up. -1. [Rebase](http://git-scm.com/book/en/Git-Branching-Rebasing) your local - changes against the `master` branch. -1. Run the full project test suite with the `go test -tags sqlite ./...` (or - equivalent) command and confirm that it passes. -1. Run `make format` if a `Makefile` is available, `gofmt -s` if the project is - written in Go, `npm run format` if the project is written for NodeJS. -1. Ensure that each commit has a descriptive prefix. This ensures a uniform - commit history and helps structure the changelog. - Please refer to this - [list of prefixes for Kratos](https://github.com/ory/kratos/blob/master/.github/semantic.yml) - for an overview. -1. Sign-up with CircleCI so that it has access to your repository with the - branch containing your PR. Simply creating a CircleCI account is sufficient - for the CI jobs to run, you do not need to setup a CircleCI project for the - branch. +1. [Rebase](http://git-scm.com/book/en/Git-Branching-Rebasing) your local changes against the `master` branch. +1. Run the full project test suite with the `go test -tags sqlite ./...` (or equivalent) command and confirm that it passes. +1. Run `make format` if a `Makefile` is available, `gofmt -s` if the project is written in Go, `npm run format` if the project is + written for NodeJS. +1. Ensure that each commit has a descriptive prefix. This ensures a uniform commit history and helps structure the changelog. + Please refer to this [list of prefixes for Kratos](https://github.com/ory/kratos/blob/master/.github/semantic.yml) for an + overview. +1. Sign-up with CircleCI so that it has access to your repository with the branch containing your PR. Simply creating a CircleCI + account is sufficient for the CI jobs to run, you do not need to setup a CircleCI project for the branch. If a pull request is not ready to be reviewed yet [it should be marked as a "Draft"](https://docs.github.com/en/github/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/changing-the-stage-of-a-pull-request). @@ -162,55 +137,46 @@ If a pull request is not ready to be reviewed yet Before your contributions can be reviewed you need to sign our [Contributor License Agreement](https://cla-assistant.io/ory/kratos). -This agreement defines the terms under which your code is contributed to Ory. -More specifically it declares that you have the right to, and actually do, grant -us the rights to use your contribution. You can see the Apache 2.0 license under -which our projects are published -[here](https://github.com/ory/meta/blob/master/LICENSE). +This agreement defines the terms under which your code is contributed to Ory. More specifically it declares that you have the +right to, and actually do, grant us the rights to use your contribution. You can see the Apache 2.0 license under which our +projects are published [here](https://github.com/ory/meta/blob/master/LICENSE). -When pull requests fail testing, authors are expected to update their pull -requests to address the failures until the tests pass. +When pull requests fail testing, authors are expected to update their pull requests to address the failures until the tests pass. Pull requests eligible for review 1. follow the repository's code formatting conventions; -2. include tests which prove that the change works as intended and does not add - regressions; +2. include tests which prove that the change works as intended and does not add regressions; 3. document the changes in the code and/or the project's documentation; 4. pass the CI pipeline; -5. have signed our - [Contributor License Agreement](https://cla-assistant.io/ory/kratos); +5. have signed our [Contributor License Agreement](https://cla-assistant.io/ory/kratos); 6. include a proper git commit message following the [Conventional Commit Specification](https://www.conventionalcommits.org/en/v1.0.0/). -If all of these items are checked, the pull request is ready to be reviewed and -you should change the status to "Ready for review" and +If all of these items are checked, the pull request is ready to be reviewed and you should change the status to "Ready for review" +and [request review from a maintainer](https://docs.github.com/en/github/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/requesting-a-pull-request-review). Reviewers will approve the pull request once they are satisfied with the patch. ## Documentation -Please provide documentation when changing, removing, or adding features. -Documentation resides in the project's -[docs](https://github.com/ory/kratos/tree/master/docs) folder. Generate API and -configuration reference documentation using `cd docs; npm run gen`. +Please provide documentation when changing, removing, or adding features. Documentation resides in the project's +[docs](https://github.com/ory/kratos/tree/master/docs) folder. Generate API and configuration reference documentation using +`cd docs; npm run gen`. -For further instructions please head over to -[docs/README.md](https://github.com/ory/kratos/blob/master/README.md). +For further instructions please head over to [docs/README.md](https://github.com/ory/kratos/blob/master/README.md). ## Disclosing vulnerabilities -Please disclose vulnerabilities exclusively to -[security@ory.sh](mailto:security@ory.sh). Do not use GitHub issues. +Please disclose vulnerabilities exclusively to [security@ory.sh](mailto:security@ory.sh). Do not use GitHub issues. ## Code Style Please follow these guidelines when formatting source code: - Go code should match the output of `gofmt -s` and pass `golangci-lint run`. -- NodeJS and JavaScript code should be prettified using `npm run format` where - appropriate. +- NodeJS and JavaScript code should be prettified using `npm run format` where appropriate. ### Working with Forks @@ -241,25 +207,19 @@ Now go to the project's GitHub Pull Request page and click "New pull request" ## Conduct -Whether you are a regular contributor or a newcomer, we care about making this -community a safe place for you and we've got your back. +Whether you are a regular contributor or a newcomer, we care about making this community a safe place for you and we've got your +back. -- We are committed to providing a friendly, safe and welcoming environment for - all, regardless of gender, sexual orientation, disability, ethnicity, - religion, or similar personal characteristic. -- Please avoid using nicknames that might detract from a friendly, safe and - welcoming environment for all. +- We are committed to providing a friendly, safe and welcoming environment for all, regardless of gender, sexual orientation, + disability, ethnicity, religion, or similar personal characteristic. +- Please avoid using nicknames that might detract from a friendly, safe and welcoming environment for all. - Be kind and courteous. There is no need to be mean or rude. -- We will exclude you from interaction if you insult, demean or harass anyone. - In particular, we do not tolerate behavior that excludes people in socially - marginalized groups. -- Private harassment is also unacceptable. No matter who you are, if you feel - you have been or are being harassed or made uncomfortable by a community - member, please contact one of the channel ops or a member of the Ory Kratos - core team immediately. -- Likewise any spamming, trolling, flaming, baiting or other attention-stealing - behaviour is not welcome. - -We welcome discussion about creating a welcoming, safe, and productive -environment for the community. If you have any questions, feedback, or concerns -[please let us know](https://www.ory.sh/chat). +- We will exclude you from interaction if you insult, demean or harass anyone. In particular, we do not tolerate behavior that + excludes people in socially marginalized groups. +- Private harassment is also unacceptable. No matter who you are, if you feel you have been or are being harassed or made + uncomfortable by a community member, please contact one of the channel ops or a member of the Ory Kratos core team + immediately. +- Likewise any spamming, trolling, flaming, baiting or other attention-stealing behaviour is not welcome. + +We welcome discussion about creating a welcoming, safe, and productive environment for the community. If you have any questions, +feedback, or concerns [please let us know](https://www.ory.sh/chat). diff --git a/README.md b/README.md index 759b46af1db2..da637a3d3cce 100644 --- a/README.md +++ b/README.md @@ -103,21 +103,17 @@ from other products. -The Ory community stands on the shoulders of individuals, companies, and -maintainers. We thank everyone involved - from submitting bug reports and -feature requests, to contributing patches, to sponsoring our work. Our community -is 1000+ strong and growing rapidly. The Ory stack protects 16.000.000.000+ API -requests every month with over 250.000+ active service nodes. We would have +The Ory community stands on the shoulders of individuals, companies, and maintainers. We thank everyone involved - from submitting +bug reports and feature requests, to contributing patches, to sponsoring our work. Our community is 1000+ strong and growing +rapidly. The Ory stack protects 16.000.000.000+ API requests every month with over 250.000+ active service nodes. We would have never been able to achieve this without each and everyone of you! -The following list represents companies that have accompanied us along the way -and that have made outstanding contributions to our ecosystem. _If you think -that your company deserves a spot here, reach out to +The following list represents companies that have accompanied us along the way and that have made outstanding contributions to our +ecosystem. _If you think that your company deserves a spot here, reach out to office-muc@ory.sh now_! -**Please consider giving back by becoming a sponsor of our open source work on -Patreon or -Open Collective.** +**Please consider giving back by becoming a sponsor of our open source work on Patreon +or Open Collective.** @@ -284,10 +280,8 @@ as well as all of our backers -and past & current supporters (in alphabetical order) on -[Patreon](https://www.patreon.com/_ory): Alexander Alimovs, Billy, Chancy -Kennedy, Drozzy, Edwin Trejos, Howard Edidin, Ken Adler Oz Haven, Stefan Hans, -TheCrealm. +and past & current supporters (in alphabetical order) on [Patreon](https://www.patreon.com/_ory): Alexander Alimovs, Billy, Chancy +Kennedy, Drozzy, Edwin Trejos, Howard Edidin, Ken Adler Oz Haven, Stefan Hans, TheCrealm. \* Uses one of Ory's major projects in production. @@ -328,51 +322,42 @@ Head over to the [Ory Developer Documentation](https://www.ory.sh/kratos/docs/in -We build Ory on several guiding principles when it comes to our architecture -design: +We build Ory on several guiding principles when it comes to our architecture design: - Minimal dependencies - Runs everywhere - Scales without effort - Minimize room for human and network errors -Ory's architecture is designed to run best on a Container Orchestration system -such as Kubernetes, CloudFoundry, OpenShift, and similar projects. Binaries are -small (5-15MB) and available for all popular processor types (ARM, AMD64, i386) -and operating systems (FreeBSD, Linux, macOS, Windows) without system -dependencies (Java, Node, Ruby, libxml, ...). +Ory's architecture is designed to run best on a Container Orchestration system such as Kubernetes, CloudFoundry, OpenShift, and +similar projects. Binaries are small (5-15MB) and available for all popular processor types (ARM, AMD64, i386) and operating +systems (FreeBSD, Linux, macOS, Windows) without system dependencies (Java, Node, Ruby, libxml, ...). ### Ory Kratos: Identity and User Infrastructure and Management -[Ory Kratos](https://github.com/ory/kratos) is an API-first Identity and User -Management system that is built according to -[cloud architecture best practices](https://www.ory.sh/docs/next/ecosystem/software-architecture-philosophy). -It implements core use cases that almost every software application needs to -deal with: Self-service Login and Registration, Multi-Factor Authentication -(MFA/2FA), Account Recovery and Verification, Profile, and Account Management. +[Ory Kratos](https://github.com/ory/kratos) is an API-first Identity and User Management system that is built according to +[cloud architecture best practices](https://www.ory.sh/docs/next/ecosystem/software-architecture-philosophy). It implements core +use cases that almost every software application needs to deal with: Self-service Login and Registration, Multi-Factor +Authentication (MFA/2FA), Account Recovery and Verification, Profile, and Account Management. ### Ory Hydra: OAuth2 & OpenID Connect Server -[Ory Hydra](https://github.com/ory/hydra) is an OpenID Certified™ OAuth2 and -OpenID Connect Provider which easily connects to any existing identity system by -writing a tiny "bridge" application. Gives absolute control over user interface -and user experience flows. +[Ory Hydra](https://github.com/ory/hydra) is an OpenID Certified™ OAuth2 and OpenID Connect Provider which easily connects to any +existing identity system by writing a tiny "bridge" application. Gives absolute control over user interface and user experience +flows. ### Ory Oathkeeper: Identity & Access Proxy -[Ory Oathkeeper](https://github.com/ory/oathkeeper) is a BeyondCorp/Zero Trust -Identity & Access Proxy (IAP) with configurable authentication, authorization, -and request mutation rules for your web services: Authenticate JWT, Access -Tokens, API Keys, mTLS; Check if the contained subject is allowed to perform the -request; Encode resulting content into custom headers (`X-User-ID`), JSON Web -Tokens and more! +[Ory Oathkeeper](https://github.com/ory/oathkeeper) is a BeyondCorp/Zero Trust Identity & Access Proxy (IAP) with configurable +authentication, authorization, and request mutation rules for your web services: Authenticate JWT, Access Tokens, API Keys, mTLS; +Check if the contained subject is allowed to perform the request; Encode resulting content into custom headers (`X-User-ID`), JSON +Web Tokens and more! ### Ory Keto: Access Control Policies as a Server -[Ory Keto](https://github.com/ory/keto) is a policy decision point. It uses a -set of access control policies, similar to AWS IAM Policies, in order to -determine whether a subject (user, application, service, car, ...) is authorized -to perform a certain action on a resource. +[Ory Keto](https://github.com/ory/keto) is a policy decision point. It uses a set of access control policies, similar to AWS IAM +Policies, in order to determine whether a subject (user, application, service, car, ...) is authorized to perform a certain action +on a resource. diff --git a/SECURITY.md b/SECURITY.md index 70f1ef4ddb7d..8152c97a5632 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -21,8 +21,8 @@ https://github.com/ory/meta/blob/master/templates/repository/SECURITY.md ## Supported Versions -We release patches for security vulnerabilities. Which versions are eligible -receiving such patches depend on the CVSS v3.0 Rating: +We release patches for security vulnerabilities. Which versions are eligible receiving such patches depend on the CVSS v3.0 +Rating: | CVSS v3.0 | Supported Versions | | --------- | ----------------------------------------- | @@ -31,7 +31,6 @@ receiving such patches depend on the CVSS v3.0 Rating: ## Reporting a Vulnerability -Please report (suspected) security vulnerabilities to -**[security@ory.sh](mailto:security@ory.sh)**. You will receive a response from -us within 48 hours. If the issue is confirmed, we will release a patch as soon -as possible depending on complexity but historically within a few days. +Please report (suspected) security vulnerabilities to **[security@ory.sh](mailto:security@ory.sh)**. You will receive a response +from us within 48 hours. If the issue is confirmed, we will release a patch as soon as possible depending on complexity but +historically within a few days. From 5da4c6b934b1b820d4a6ca67621855e87ecef773 Mon Sep 17 00:00:00 2001 From: ory-bot <60093411+ory-bot@users.noreply.github.com> Date: Thu, 9 Jun 2022 13:49:51 +0200 Subject: [PATCH 087/411] docs: update README --- README.md | 43 +++++++++++++++++++++++++++---------------- 1 file changed, 27 insertions(+), 16 deletions(-) diff --git a/README.md b/README.md index da637a3d3cce..2a3baf4f17ba 100644 --- a/README.md +++ b/README.md @@ -25,15 +25,30 @@ Ory Kratos is the first cloud native Identity and User Management System in the world. Finally, it is no longer necessary to implement a User Login process for the umpteenth time! -## Ory Cloud +## Ory Kratos in Ory Cloud -The easiest way to get started with Ory Software is in Ory Cloud! It is [**free for developers**](https://console.ory.sh/registration?utm_source=github&utm_medium=banner&utm_campaign=kratos-readme), forever, no credit card required! +The easiest way to get started with Ory Software is in Ory Cloud! +Ory Cloud is [**free forever for developers**](https://console.ory.sh/registration?utm_source=github&utm_medium=banner&utm_campaign=kratos-readme), no credit card required. -Ory Cloud has easy examples, administrative user interfaces, hosted pages (e.g. for login or registration), support for custom domains, collaborative features for your colleagues, and much more! +Install the [Ory CLI](https://www.ory.sh/docs/guides/cli/installation) and create a new project to get started with Ory Kratos right away: + +``` +# If you don't have Ory CLI installed yet: +bash <(curl https://raw.githubusercontent.com/ory/meta/master/install.sh) -b . ory +sudo mv ./ory /usr/local/bin/ + +# Sign up +ory auth + +# Create project +ory create project +``` + +Ory Cloud ships administrative user interfaces, hosted pages (e.g. for login or registration), support for custom domains, collaborative features for your colleagues, integration services, and much more! ### :mega: Community gets Ory Cloud for Free! :mega: -Ory community members get the Ory Cloud Start Up plan **free for six months**, with all quality-of-life features available, such as custom domains and giving your team members access. [Sign up with your GitHub account](https://console.ory.sh/registration?preferred_plan=start-up&utm_source=github&utm_medium=banner&utm_campaign=kratos-readme-first900) and use the coupon code **`FIRST900`** on the *"Start-Up Plan"* checkout page to claim your free project now! Make sure to be signed up to the [Ory Community Slack](https://slack.ory.sh) when using the code! +Ory community members get the Ory Cloud Start Up plan **free for half a year**, with all quality-of-life features available, such as custom domains and giving your team members access. [Sign up with your GitHub account](https://console.ory.sh/registration?preferred_plan=start-up&utm_source=github&utm_medium=banner&utm_campaign=kratos-readme-first900) and use the coupon code **`FIRST900`** on the *"Start-Up Plan"* checkout page to claim your free project now! Make sure to be signed up to the [Ory Community Slack](https://slack.ory.sh) when using the code! @@ -43,7 +58,6 @@ Ory community members get the Ory Cloud Start Up plan **free for six months**, w - [What is Ory Kratos?](#what-is-ory-kratos) - [Who is using it?](#who-is-using-it) - [Getting Started](#getting-started) - - [Quickstart](#quickstart) - [Installation](#installation) - [Ecosystem](#ecosystem) - [Ory Kratos: Identity and User Infrastructure and Management](#ory-kratos-identity-and-user-infrastructure-and-management) @@ -65,9 +79,11 @@ Ory community members get the Ory Cloud Start Up plan **free for six months**, w - [Running Tests](#running-tests) - [Short Tests](#short-tests) - [Regular Tests](#regular-tests) + - [Updating Test Fixtures](#updating-test-fixtures) - [End-to-End Tests](#end-to-end-tests) - [Build Docker](#build-docker) - [Documentation Tests](#documentation-tests) + - [Preview API documentation](#preview-api-documentation) @@ -172,7 +188,7 @@ or Open Collective.** - + @@ -190,13 +206,13 @@ or Open Collective.** - + - + @@ -214,7 +230,7 @@ or Open Collective.** - + @@ -238,7 +254,7 @@ or Open Collective.** - + @@ -307,12 +323,7 @@ Kennedy, Drozzy, Edwin Trejos, Howard Edidin, Ken Adler Oz Haven, Stefan Hans, T ## Getting Started -To get started, head over to the [Ory Kratos Documentation](https://www.ory.sh/kratos/docs). - -### Quickstart - -The **[Ory Kratos Quickstart](https://www.ory.sh/kratos/docs/quickstart)** teaches you Ory Kratos basics -and sets up an example based on Docker Compose in less than five minutes. +To get started with some easy examples, head over to the [Get Started Documentation](https://www.ory.sh/docs/guides/protect-page-login/). ### Installation From dbb7506ec1a5a2b5bef21cb7838b6c86e755f0f9 Mon Sep 17 00:00:00 2001 From: ory-bot <60093411+ory-bot@users.noreply.github.com> Date: Thu, 9 Jun 2022 13:59:44 +0200 Subject: [PATCH 088/411] docs: fix badge --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 2a3baf4f17ba..c9a3e15337b8 100644 --- a/README.md +++ b/README.md @@ -14,14 +14,14 @@ ---

- Build Status + CI Tasks for Ory Kratos Coverage Status Go Report Card CII Best Practices -

+ Ory Kratos is the first cloud native Identity and User Management System in the world. Finally, it is no longer necessary to implement a User Login process for the umpteenth time! From 90da0bb4aeb50ed697c998342300cc56de5d5e1c Mon Sep 17 00:00:00 2001 From: ory-bot <60093411+ory-bot@users.noreply.github.com> Date: Thu, 9 Jun 2022 14:12:02 +0200 Subject: [PATCH 089/411] feat: add codecov yaml --- codecov.yml | 6 ++++++ 1 file changed, 6 insertions(+) create mode 100644 codecov.yml diff --git a/codecov.yml b/codecov.yml new file mode 100644 index 000000000000..550fa06fdbf7 --- /dev/null +++ b/codecov.yml @@ -0,0 +1,6 @@ +codecov: + ignore: + - "test" + - "internal" + - "docs" + - "contrib" From 7136e94028dc64877e887776a1ccafb8826ce23c Mon Sep 17 00:00:00 2001 From: ory-bot <60093411+ory-bot@users.noreply.github.com> Date: Thu, 9 Jun 2022 14:12:10 +0200 Subject: [PATCH 090/411] docs: update readme badges --- README.md | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index c9a3e15337b8..f1b0f63ae8b6 100644 --- a/README.md +++ b/README.md @@ -14,9 +14,8 @@ ---

- CI Tasks for Ory Kratos - Coverage Status - Go Report Card + CI Tasks for Ory Kratos + CII Best Practices From d75927e04a529e0b1e54b60ea4f099c7ae19206f Mon Sep 17 00:00:00 2001 From: ory-bot <60093411+ory-bot@users.noreply.github.com> Date: Thu, 9 Jun 2022 12:55:09 +0000 Subject: [PATCH 091/411] autogen(docs): regenerate and update changelog [skip ci] --- CHANGELOG.md | 116 ++++++++++++++++++++++++++++----------------------- 1 file changed, 64 insertions(+), 52 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 6bc490c15046..e73e5172b392 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,8 +4,10 @@ **Table of Contents** -- [ (2022-06-07)](#2022-06-07) +- [ (2022-06-09)](#2022-06-09) - [Bug Fixes](#bug-fixes) + - [Documentation](#documentation) + - [Features](#features) - [0.10.1 (2022-06-01)](#0101-2022-06-01) - [Bug Fixes](#bug-fixes-1) - [Code Generation](#code-generation) @@ -14,15 +16,15 @@ - [Bug Fixes](#bug-fixes-2) - [Code Generation](#code-generation-1) - [Code Refactoring](#code-refactoring) - - [Documentation](#documentation) - - [Features](#features) + - [Documentation](#documentation-1) + - [Features](#features-1) - [Tests](#tests) - [Unclassified](#unclassified) - [0.9.0-alpha.3 (2022-03-25)](#090-alpha3-2022-03-25) - [Breaking Changes](#breaking-changes-1) - [Bug Fixes](#bug-fixes-3) - [Code Generation](#code-generation-2) - - [Documentation](#documentation-1) + - [Documentation](#documentation-2) - [0.9.0-alpha.2 (2022-03-22)](#090-alpha2-2022-03-22) - [Bug Fixes](#bug-fixes-4) - [Code Generation](#code-generation-3) @@ -31,20 +33,20 @@ - [Bug Fixes](#bug-fixes-5) - [Code Generation](#code-generation-4) - [Code Refactoring](#code-refactoring-1) - - [Documentation](#documentation-2) - - [Features](#features-1) + - [Documentation](#documentation-3) + - [Features](#features-2) - [Tests](#tests-1) - [Unclassified](#unclassified-1) - [0.8.2-alpha.1 (2021-12-17)](#082-alpha1-2021-12-17) - [Bug Fixes](#bug-fixes-6) - [Code Generation](#code-generation-5) - - [Documentation](#documentation-3) + - [Documentation](#documentation-4) - [0.8.1-alpha.1 (2021-12-13)](#081-alpha1-2021-12-13) - [Breaking Changes](#breaking-changes-3) - [Bug Fixes](#bug-fixes-7) - [Code Generation](#code-generation-6) - - [Documentation](#documentation-4) - - [Features](#features-2) + - [Documentation](#documentation-5) + - [Features](#features-3) - [Tests](#tests-2) - [0.8.0-alpha.3 (2021-10-28)](#080-alpha3-2021-10-28) - [Bug Fixes](#bug-fixes-8) @@ -56,8 +58,8 @@ - [Bug Fixes](#bug-fixes-9) - [Code Generation](#code-generation-9) - [Code Refactoring](#code-refactoring-2) - - [Documentation](#documentation-5) - - [Features](#features-3) + - [Documentation](#documentation-6) + - [Features](#features-4) - [Reverts](#reverts) - [Tests](#tests-3) - [Unclassified](#unclassified-2) @@ -68,26 +70,26 @@ - [0.7.4-alpha.1 (2021-09-09)](#074-alpha1-2021-09-09) - [Bug Fixes](#bug-fixes-10) - [Code Generation](#code-generation-12) - - [Documentation](#documentation-6) - - [Features](#features-4) + - [Documentation](#documentation-7) + - [Features](#features-5) - [Tests](#tests-4) - [0.7.3-alpha.1 (2021-08-28)](#073-alpha1-2021-08-28) - [Bug Fixes](#bug-fixes-11) - [Code Generation](#code-generation-13) - - [Documentation](#documentation-7) - - [Features](#features-5) + - [Documentation](#documentation-8) + - [Features](#features-6) - [0.7.1-alpha.1 (2021-07-22)](#071-alpha1-2021-07-22) - [Bug Fixes](#bug-fixes-12) - [Code Generation](#code-generation-14) - - [Documentation](#documentation-8) + - [Documentation](#documentation-9) - [Tests](#tests-5) - [0.7.0-alpha.1 (2021-07-13)](#070-alpha1-2021-07-13) - [Breaking Changes](#breaking-changes-5) - [Bug Fixes](#bug-fixes-13) - [Code Generation](#code-generation-15) - [Code Refactoring](#code-refactoring-3) - - [Documentation](#documentation-9) - - [Features](#features-6) + - [Documentation](#documentation-10) + - [Features](#features-7) - [Tests](#tests-6) - [Unclassified](#unclassified-3) - [0.6.3-alpha.1 (2021-05-17)](#063-alpha1-2021-05-17) @@ -97,52 +99,52 @@ - [Code Refactoring](#code-refactoring-4) - [0.6.2-alpha.1 (2021-05-14)](#062-alpha1-2021-05-14) - [Code Generation](#code-generation-17) - - [Documentation](#documentation-10) + - [Documentation](#documentation-11) - [0.6.1-alpha.1 (2021-05-11)](#061-alpha1-2021-05-11) - [Code Generation](#code-generation-18) - - [Features](#features-7) + - [Features](#features-8) - [0.6.0-alpha.2 (2021-05-07)](#060-alpha2-2021-05-07) - [Bug Fixes](#bug-fixes-15) - [Code Generation](#code-generation-19) - - [Features](#features-8) + - [Features](#features-9) - [0.6.0-alpha.1 (2021-05-05)](#060-alpha1-2021-05-05) - [Breaking Changes](#breaking-changes-7) - [Bug Fixes](#bug-fixes-16) - [Code Generation](#code-generation-20) - [Code Refactoring](#code-refactoring-5) - - [Documentation](#documentation-11) - - [Features](#features-9) + - [Documentation](#documentation-12) + - [Features](#features-10) - [Tests](#tests-7) - [Unclassified](#unclassified-4) - [0.5.5-alpha.1 (2020-12-09)](#055-alpha1-2020-12-09) - [Bug Fixes](#bug-fixes-17) - [Code Generation](#code-generation-21) - - [Documentation](#documentation-12) - - [Features](#features-10) + - [Documentation](#documentation-13) + - [Features](#features-11) - [Tests](#tests-8) - [Unclassified](#unclassified-5) - [0.5.4-alpha.1 (2020-11-11)](#054-alpha1-2020-11-11) - [Bug Fixes](#bug-fixes-18) - [Code Generation](#code-generation-22) - [Code Refactoring](#code-refactoring-6) - - [Documentation](#documentation-13) - - [Features](#features-11) + - [Documentation](#documentation-14) + - [Features](#features-12) - [0.5.3-alpha.1 (2020-10-27)](#053-alpha1-2020-10-27) - [Bug Fixes](#bug-fixes-19) - [Code Generation](#code-generation-23) - - [Documentation](#documentation-14) - - [Features](#features-12) + - [Documentation](#documentation-15) + - [Features](#features-13) - [Tests](#tests-9) - [0.5.2-alpha.1 (2020-10-22)](#052-alpha1-2020-10-22) - [Bug Fixes](#bug-fixes-20) - [Code Generation](#code-generation-24) - - [Documentation](#documentation-15) + - [Documentation](#documentation-16) - [Tests](#tests-10) - [0.5.1-alpha.1 (2020-10-20)](#051-alpha1-2020-10-20) - [Bug Fixes](#bug-fixes-21) - [Code Generation](#code-generation-25) - - [Documentation](#documentation-16) - - [Features](#features-13) + - [Documentation](#documentation-17) + - [Features](#features-14) - [Tests](#tests-11) - [Unclassified](#unclassified-6) - [0.5.0-alpha.1 (2020-10-15)](#050-alpha1-2020-10-15) @@ -150,8 +152,8 @@ - [Bug Fixes](#bug-fixes-22) - [Code Generation](#code-generation-26) - [Code Refactoring](#code-refactoring-7) - - [Documentation](#documentation-17) - - [Features](#features-14) + - [Documentation](#documentation-18) + - [Features](#features-15) - [Tests](#tests-12) - [Unclassified](#unclassified-7) - [0.4.6-alpha.1 (2020-07-13)](#046-alpha1-2020-07-13) @@ -163,7 +165,7 @@ - [0.4.4-alpha.1 (2020-07-10)](#044-alpha1-2020-07-10) - [Bug Fixes](#bug-fixes-25) - [Code Generation](#code-generation-29) - - [Documentation](#documentation-18) + - [Documentation](#documentation-19) - [0.4.3-alpha.1 (2020-07-08)](#043-alpha1-2020-07-08) - [Bug Fixes](#bug-fixes-26) - [Code Generation](#code-generation-30) @@ -175,52 +177,52 @@ - [Bug Fixes](#bug-fixes-28) - [Code Generation](#code-generation-32) - [Code Refactoring](#code-refactoring-8) - - [Documentation](#documentation-19) - - [Features](#features-15) + - [Documentation](#documentation-20) + - [Features](#features-16) - [Unclassified](#unclassified-8) - [0.3.0-alpha.1 (2020-05-15)](#030-alpha1-2020-05-15) - [Breaking Changes](#breaking-changes-10) - [Bug Fixes](#bug-fixes-29) - [Chores](#chores) - [Code Refactoring](#code-refactoring-9) - - [Documentation](#documentation-20) - - [Features](#features-16) + - [Documentation](#documentation-21) + - [Features](#features-17) - [Unclassified](#unclassified-9) - [0.2.1-alpha.1 (2020-05-05)](#021-alpha1-2020-05-05) - [Chores](#chores-1) - - [Documentation](#documentation-21) + - [Documentation](#documentation-22) - [0.2.0-alpha.2 (2020-05-04)](#020-alpha2-2020-05-04) - [Breaking Changes](#breaking-changes-11) - [Bug Fixes](#bug-fixes-30) - [Chores](#chores-2) - [Code Refactoring](#code-refactoring-10) - - [Documentation](#documentation-22) - - [Features](#features-17) + - [Documentation](#documentation-23) + - [Features](#features-18) - [Unclassified](#unclassified-10) - [0.1.1-alpha.1 (2020-02-18)](#011-alpha1-2020-02-18) - [Bug Fixes](#bug-fixes-31) - [Code Refactoring](#code-refactoring-11) - - [Documentation](#documentation-23) + - [Documentation](#documentation-24) - [0.1.0-alpha.6 (2020-02-16)](#010-alpha6-2020-02-16) - [Bug Fixes](#bug-fixes-32) - [Code Refactoring](#code-refactoring-12) - - [Documentation](#documentation-24) - - [Features](#features-18) -- [0.1.0-alpha.5 (2020-02-06)](#010-alpha5-2020-02-06) - [Documentation](#documentation-25) - [Features](#features-19) +- [0.1.0-alpha.5 (2020-02-06)](#010-alpha5-2020-02-06) + - [Documentation](#documentation-26) + - [Features](#features-20) - [0.1.0-alpha.4 (2020-02-06)](#010-alpha4-2020-02-06) - [Continuous Integration](#continuous-integration) - - [Documentation](#documentation-26) + - [Documentation](#documentation-27) - [0.1.0-alpha.3 (2020-02-06)](#010-alpha3-2020-02-06) - [Continuous Integration](#continuous-integration-1) - [0.1.0-alpha.2 (2020-02-03)](#010-alpha2-2020-02-03) - [Bug Fixes](#bug-fixes-33) - - [Documentation](#documentation-27) - - [Features](#features-20) + - [Documentation](#documentation-28) + - [Features](#features-21) - [Unclassified](#unclassified-11) - [0.1.0-alpha.1 (2020-01-31)](#010-alpha1-2020-01-31) - - [Documentation](#documentation-28) + - [Documentation](#documentation-29) - [0.0.3-alpha.15 (2020-01-31)](#003-alpha15-2020-01-31) - [Unclassified](#unclassified-12) - [0.0.3-alpha.14 (2020-01-31)](#003-alpha14-2020-01-31) @@ -253,18 +255,28 @@ - [Unclassified](#unclassified-23) - [0.0.1-alpha.3 (2020-01-28)](#001-alpha3-2020-01-28) - [Continuous Integration](#continuous-integration-6) - - [Documentation](#documentation-29) + - [Documentation](#documentation-30) - [Unclassified](#unclassified-24) -# [](https://github.com/ory/kratos/compare/v0.10.1...v) (2022-06-07) +# [](https://github.com/ory/kratos/compare/v0.10.1...v) (2022-06-09) ### Bug Fixes * Make ID field in VerifiableAddress struct optional ([#2507](https://github.com/ory/kratos/issues/2507)) ([0844b47](https://github.com/ory/kratos/commit/0844b47c30851c548d46273927afee103cdc0e97)), closes [#2506](https://github.com/ory/kratos/issues/2506) +### Documentation + +* Fix badge ([dbb7506](https://github.com/ory/kratos/commit/dbb7506ec1a5a2b5bef21cb7838b6c86e755f0f9)) +* Update README ([5da4c6b](https://github.com/ory/kratos/commit/5da4c6b934b1b820d4a6ca67621855e87ecef773)) +* Update readme badges ([7136e94](https://github.com/ory/kratos/commit/7136e94028dc64877e887776a1ccafb8826ce23c)) + +### Features + +* Add codecov yaml ([90da0bb](https://github.com/ory/kratos/commit/90da0bb4aeb50ed697c998342300cc56de5d5e1c)) + # [0.10.1](https://github.com/ory/kratos/compare/v0.10.0...v0.10.1) (2022-06-01) From 09c5cc9a6cdcf3423e76be8989ea1529e25ccf53 Mon Sep 17 00:00:00 2001 From: Kevin Goslar Date: Fri, 10 Jun 2022 02:05:32 -0500 Subject: [PATCH 092/411] ci: shorten label (#2514) --- .github/workflows/ci.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index e93192a9b15f..1e8dd81623ea 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -1,4 +1,4 @@ -name: CI Tasks for Ory Kratos +name: CI on: push: branches: From ba3cf2353c8e612a0d4db8bb479fd75730b95c92 Mon Sep 17 00:00:00 2001 From: ory-bot <60093411+ory-bot@users.noreply.github.com> Date: Fri, 10 Jun 2022 07:42:00 +0000 Subject: [PATCH 093/411] autogen(docs): regenerate and update changelog [skip ci] --- CHANGELOG.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index e73e5172b392..7ef7c467d0a5 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,7 +4,7 @@ **Table of Contents** -- [ (2022-06-09)](#2022-06-09) +- [ (2022-06-10)](#2022-06-10) - [Bug Fixes](#bug-fixes) - [Documentation](#documentation) - [Features](#features) @@ -260,7 +260,7 @@ -# [](https://github.com/ory/kratos/compare/v0.10.1...v) (2022-06-09) +# [](https://github.com/ory/kratos/compare/v0.10.1...v) (2022-06-10) ### Bug Fixes From bd86783231238831a68d0e6e4f3548d55d577951 Mon Sep 17 00:00:00 2001 From: aeneasr <3372410+aeneasr@users.noreply.github.com> Date: Fri, 10 Jun 2022 15:40:28 +0000 Subject: [PATCH 094/411] chore: update repository templates [skip ci] - updated repository templates to https://github.com/ory/meta/commit/9a12e12742572ad435bbf4c3e8c631f9472681f1 --- README.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index f1b0f63ae8b6..cbab0cf85d92 100644 --- a/README.md +++ b/README.md @@ -187,7 +187,7 @@ or Open Collective.**

- + @@ -205,13 +205,13 @@ or Open Collective.** - + - + @@ -229,7 +229,7 @@ or Open Collective.** - + @@ -253,7 +253,7 @@ or Open Collective.** - + From ac6c4ccfc1901d38855ecd9991ef8de80e9d7c40 Mon Sep 17 00:00:00 2001 From: hackerman <3372410+aeneasr@users.noreply.github.com> Date: Mon, 13 Jun 2022 10:41:57 +0200 Subject: [PATCH 095/411] docs(sdk): incorrect URL (#2521) Co-authored-by: ory-bot <60093411+ory-bot@users.noreply.github.com> --- selfservice/flow/logout/handler.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/selfservice/flow/logout/handler.go b/selfservice/flow/logout/handler.go index 6bb64f86b07d..5c6dd2197cd9 100644 --- a/selfservice/flow/logout/handler.go +++ b/selfservice/flow/logout/handler.go @@ -201,7 +201,7 @@ type submitSelfServiceLogoutFlow struct { // A Valid Logout Token // // If you do not have a logout token because you only have a session cookie, - // call `/self-service/logout/urls` to generate a URL for this endpoint. + // call `/self-service/logout/browser` to generate a URL for this endpoint. // // in: query Token string `json:"token"` From 037c0957cca2d6695b83b564efeaf17105d99b19 Mon Sep 17 00:00:00 2001 From: ory-bot <60093411+ory-bot@users.noreply.github.com> Date: Mon, 13 Jun 2022 08:43:36 +0000 Subject: [PATCH 096/411] autogen(openapi): regenerate swagger spec and internal client [skip ci] --- internal/httpclient/api/openapi.yaml | 2 +- internal/httpclient/docs/V0alpha2Api.md | 4 ++-- spec/api.json | 2 +- spec/swagger.json | 2 +- 4 files changed, 5 insertions(+), 5 deletions(-) diff --git a/internal/httpclient/api/openapi.yaml b/internal/httpclient/api/openapi.yaml index b34e675714af..915f447218f5 100644 --- a/internal/httpclient/api/openapi.yaml +++ b/internal/httpclient/api/openapi.yaml @@ -1073,7 +1073,7 @@ paths: A Valid Logout Token If you do not have a logout token because you only have a session cookie, - call `/self-service/logout/urls` to generate a URL for this endpoint. + call `/self-service/logout/browser` to generate a URL for this endpoint. explode: true in: query name: token diff --git a/internal/httpclient/docs/V0alpha2Api.md b/internal/httpclient/docs/V0alpha2Api.md index 5a4007eeca0e..ab31a1e2c483 100644 --- a/internal/httpclient/docs/V0alpha2Api.md +++ b/internal/httpclient/docs/V0alpha2Api.md @@ -2300,7 +2300,7 @@ import ( ) func main() { - token := "token_example" // string | A Valid Logout Token If you do not have a logout token because you only have a session cookie, call `/self-service/logout/urls` to generate a URL for this endpoint. (optional) + token := "token_example" // string | A Valid Logout Token If you do not have a logout token because you only have a session cookie, call `/self-service/logout/browser` to generate a URL for this endpoint. (optional) returnTo := "returnTo_example" // string | The URL to return to after the logout was completed. (optional) configuration := openapiclient.NewConfiguration() @@ -2324,7 +2324,7 @@ Other parameters are passed through a pointer to a apiSubmitSelfServiceLogoutFlo Name | Type | Description | Notes ------------- | ------------- | ------------- | ------------- - **token** | **string** | A Valid Logout Token If you do not have a logout token because you only have a session cookie, call `/self-service/logout/urls` to generate a URL for this endpoint. | + **token** | **string** | A Valid Logout Token If you do not have a logout token because you only have a session cookie, call `/self-service/logout/browser` to generate a URL for this endpoint. | **returnTo** | **string** | The URL to return to after the logout was completed. | ### Return type diff --git a/spec/api.json b/spec/api.json index 97cdeed46636..cbd27c72233c 100755 --- a/spec/api.json +++ b/spec/api.json @@ -3491,7 +3491,7 @@ "operationId": "submitSelfServiceLogoutFlow", "parameters": [ { - "description": "A Valid Logout Token\n\nIf you do not have a logout token because you only have a session cookie,\ncall `/self-service/logout/urls` to generate a URL for this endpoint.", + "description": "A Valid Logout Token\n\nIf you do not have a logout token because you only have a session cookie,\ncall `/self-service/logout/browser` to generate a URL for this endpoint.", "in": "query", "name": "token", "schema": { diff --git a/spec/swagger.json b/spec/swagger.json index b4a2ec81b668..13c5a0c1a231 100755 --- a/spec/swagger.json +++ b/spec/swagger.json @@ -1075,7 +1075,7 @@ "parameters": [ { "type": "string", - "description": "A Valid Logout Token\n\nIf you do not have a logout token because you only have a session cookie,\ncall `/self-service/logout/urls` to generate a URL for this endpoint.", + "description": "A Valid Logout Token\n\nIf you do not have a logout token because you only have a session cookie,\ncall `/self-service/logout/browser` to generate a URL for this endpoint.", "name": "token", "in": "query" }, From dd75378ea1bb13c52efb0b1286f5c790a50c739c Mon Sep 17 00:00:00 2001 From: aeneasr <3372410+aeneasr@users.noreply.github.com> Date: Thu, 16 Jun 2022 19:12:43 +0000 Subject: [PATCH 097/411] chore: update repository templates [skip ci] - updated repository templates to https://github.com/ory/meta/commit/344dea23911c67ead6b3088dc473545f84373cc0 --- package-lock.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package-lock.json b/package-lock.json index 6429c6d8531f..ee935ddb9bc7 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,5 +1,5 @@ { - "name": "kratos", + "name": "tmp.kCOt6mUI6M", "lockfileVersion": 2, "requires": true, "packages": { From e1e08d34917a427584386d40bc6b721c0d6c8e14 Mon Sep 17 00:00:00 2001 From: aeneasr <3372410+aeneasr@users.noreply.github.com> Date: Thu, 16 Jun 2022 19:23:19 +0000 Subject: [PATCH 098/411] chore: update repository templates [skip ci] - updated repository templates to https://github.com/ory/meta/commit/b7308052ea30fe45d46c47aae19285a2237fffb1 --- package-lock.json | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/package-lock.json b/package-lock.json index ee935ddb9bc7..d158f151b3bf 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,5 +1,5 @@ { - "name": "tmp.kCOt6mUI6M", + "name": "tmp.cNZ5rx4wG0", "lockfileVersion": 2, "requires": true, "packages": { @@ -5088,8 +5088,7 @@ "version": "7.5.7", "resolved": "https://registry.npmjs.org/ws/-/ws-7.5.7.tgz", "integrity": "sha512-KMvVuFzpKBuiIXW3E4u3mySRO2/mCHSyZDJQM5NQ9Q9KHWHWh0NHgfbRMLLrceUK5qAL4ytALJbpRMjixFZh8A==", - "dev": true, - "requires": {} + "dev": true }, "y18n": { "version": "5.0.8", From 7b966bd16333f419b2a57f2a0b8684d6d86b34e6 Mon Sep 17 00:00:00 2001 From: angryPopcorn Date: Fri, 17 Jun 2022 15:33:43 +0800 Subject: [PATCH 099/411] feat: add DingTalk social login (#2494) Co-authored-by: aeneasr <3372410+aeneasr@users.noreply.github.com> --- .schemastore/config.schema.json | 3 +- embedx/config.schema.json | 5 +- selfservice/strategy/oidc/provider.go | 4 + selfservice/strategy/oidc/provider_config.go | 3 + .../strategy/oidc/provider_dingtalk.go | 160 ++++++++++++++++++ selfservice/strategy/oidc/strategy.go | 18 +- 6 files changed, 183 insertions(+), 10 deletions(-) create mode 100644 selfservice/strategy/oidc/provider_dingtalk.go diff --git a/.schemastore/config.schema.json b/.schemastore/config.schema.json index 4ddec4c7b6c3..9bab217719d5 100644 --- a/.schemastore/config.schema.json +++ b/.schemastore/config.schema.json @@ -323,7 +323,7 @@ }, "provider": { "title": "Provider", - "description": "Can be one of github, github-app, gitlab, generic, google, microsoft, discord, slack, facebook, auth0, vk, yandex, spotify.", + "description": "Can be one of github, github-app, gitlab, generic, google, microsoft, discord, slack, facebook, auth0, vk, yandex, spotify, dingtalk.", "type": "string", "enum": [ "github", @@ -340,6 +340,7 @@ "yandex", "apple", "spotify", + "dingtalk", "netid" ], "examples": [ diff --git a/embedx/config.schema.json b/embedx/config.schema.json index bc10ad755b69..afde0dab18a8 100644 --- a/embedx/config.schema.json +++ b/embedx/config.schema.json @@ -323,7 +323,7 @@ }, "provider": { "title": "Provider", - "description": "Can be one of github, github-app, gitlab, generic, google, microsoft, discord, slack, facebook, auth0, vk, yandex, spotify.", + "description": "Can be one of github, github-app, gitlab, generic, google, microsoft, discord, slack, facebook, auth0, vk, yandex, spotify, dingtalk.", "type": "string", "enum": [ "github", @@ -340,7 +340,8 @@ "yandex", "apple", "spotify", - "netid" + "netid", + "dingtalk" ], "examples": [ "google" diff --git a/selfservice/strategy/oidc/provider.go b/selfservice/strategy/oidc/provider.go index 3750417dacd9..5804fd7a9a70 100644 --- a/selfservice/strategy/oidc/provider.go +++ b/selfservice/strategy/oidc/provider.go @@ -16,6 +16,10 @@ type Provider interface { AuthCodeURLOptions(r ider) []oauth2.AuthCodeOption } +type TokenExchanger interface { + Exchange(ctx context.Context, code string, opts ...oauth2.AuthCodeOption) (*oauth2.Token, error) +} + // ConvertibleBoolean is used as Apple casually sends the email_verified field as a string. type Claims struct { Issuer string `json:"iss,omitempty"` diff --git a/selfservice/strategy/oidc/provider_config.go b/selfservice/strategy/oidc/provider_config.go index a321a3870e92..d9db2b61d714 100644 --- a/selfservice/strategy/oidc/provider_config.go +++ b/selfservice/strategy/oidc/provider_config.go @@ -29,6 +29,7 @@ type Configuration struct { // - vk // - yandex // - apple + // - dingtalk Provider string `json:"provider"` // Label represents an optional label which can be used in the UI generation. @@ -152,6 +153,8 @@ func (c ConfigurationCollection) Provider(id string, reg dependencies) (Provider return NewProviderSpotify(&p, reg), nil case addProviderName("netid"): return NewProviderNetID(&p, reg), nil + case addProviderName("dingtalk"): + return NewProviderDingTalk(&p, reg), nil } return nil, errors.Errorf("provider type %s is not supported, supported are: %v", p.Provider, providerNames) } diff --git a/selfservice/strategy/oidc/provider_dingtalk.go b/selfservice/strategy/oidc/provider_dingtalk.go new file mode 100644 index 000000000000..30b2f00099bb --- /dev/null +++ b/selfservice/strategy/oidc/provider_dingtalk.go @@ -0,0 +1,160 @@ +package oidc + +import ( + "context" + "encoding/json" + "net/url" + "strings" + "time" + + "github.com/pkg/errors" + "golang.org/x/oauth2" + + "github.com/ory/x/httpx" + + "github.com/hashicorp/go-retryablehttp" + + "github.com/ory/herodot" +) + +type ProviderDingTalk struct { + config *Configuration + reg dependencies +} + +func NewProviderDingTalk( + config *Configuration, + reg dependencies, +) *ProviderDingTalk { + return &ProviderDingTalk{ + config: config, + reg: reg, + } +} + +func (g *ProviderDingTalk) Config() *Configuration { + return g.config +} + +func (g *ProviderDingTalk) oauth2(ctx context.Context) *oauth2.Config { + var endpoint = oauth2.Endpoint{ + AuthURL: "https://login.dingtalk.com/oauth2/auth", + TokenURL: "https://api.dingtalk.com/v1.0/oauth2/userAccessToken", + } + + return &oauth2.Config{ + ClientID: g.config.ClientID, + ClientSecret: g.config.ClientSecret, + Endpoint: endpoint, + // DingTalk only allow to set scopes: openid or openid corpid + Scopes: g.config.Scope, + RedirectURL: g.config.Redir(g.reg.Config(ctx).OIDCRedirectURIBase()), + } +} + +func (g *ProviderDingTalk) AuthCodeURLOptions(r ider) []oauth2.AuthCodeOption { + return []oauth2.AuthCodeOption{ + oauth2.SetAuthURLParam("prompt", "consent"), + } +} + +func (g *ProviderDingTalk) OAuth2(ctx context.Context) (*oauth2.Config, error) { + return g.oauth2(ctx), nil +} + +func (g *ProviderDingTalk) Exchange(ctx context.Context, code string, opts ...oauth2.AuthCodeOption) (*oauth2.Token, error) { + conf, err := g.OAuth2(ctx) + if err != nil { + return nil, errors.WithStack(herodot.ErrInternalServerError.WithReasonf("%s", err)) + } + + pTokenParams := &struct { + ClientId string `json:"clientId"` + ClientSecret string `json:"clientSecret"` + Code string `json:"code"` + GrantType string `json:"grantType"` + }{conf.ClientID, conf.ClientSecret, code, "authorization_code"} + bs, err := json.Marshal(pTokenParams) + if err != nil { + return nil, errors.WithStack(herodot.ErrInternalServerError.WithReasonf("%s", err)) + } + + r := strings.NewReader(string(bs)) + client := g.reg.HTTPClient(ctx, httpx.ResilientClientDisallowInternalIPs()) + req, err := retryablehttp.NewRequest("POST", conf.Endpoint.TokenURL, r) + if err != nil { + return nil, errors.WithStack(herodot.ErrInternalServerError.WithReasonf("%s", err)) + } + + req.Header.Add("Content-Type", "application/json;charset=UTF-8") + resp, err := client.Do(req) + if err != nil { + return nil, errors.WithStack(herodot.ErrInternalServerError.WithReasonf("%s", err)) + } + defer resp.Body.Close() + + var dToken struct { + ErrCode int `json:"code"` + ErrMsg string `json:"message"` + AccessToken string `json:"accessToken"` // Interface call credentials + ExpiresIn int64 `json:"expireIn"` // access_token interface call credential timeout time, unit (seconds) + } + + if err := json.NewDecoder(resp.Body).Decode(&dToken); err != nil { + return nil, errors.WithStack(herodot.ErrInternalServerError.WithReasonf("%s", err)) + } + + if dToken.ErrCode != 0 { + return nil, errors.WithStack(herodot.ErrInternalServerError.WithReasonf("dToken.ErrCode = %d, dToken.ErrMsg = %s", dToken.ErrCode, dToken.ErrMsg)) + } + + token := &oauth2.Token{ + AccessToken: dToken.AccessToken, + Expiry: time.Unix(time.Now().Unix()+int64(dToken.ExpiresIn), 0), + } + return token, nil +} + +func (g *ProviderDingTalk) Claims(ctx context.Context, exchange *oauth2.Token, _ url.Values) (*Claims, error) { + userInfoURL := "https://api.dingtalk.com/v1.0/contact/users/me" + accessToken := exchange.AccessToken + + client := g.reg.HTTPClient(ctx, httpx.ResilientClientDisallowInternalIPs()) + req, err := retryablehttp.NewRequest("GET", userInfoURL, nil) + if err != nil { + return nil, errors.WithStack(herodot.ErrInternalServerError.WithReasonf("%s", err)) + } + + req.Header.Add("x-acs-dingtalk-access-token", accessToken) + resp, err := client.Do(req) + if err != nil { + return nil, errors.WithStack(herodot.ErrInternalServerError.WithReasonf("%s", err)) + } + defer resp.Body.Close() + + var user struct { + Nick string `json:"nick"` + OpenId string `json:"openId"` + AvatarUrl string `json:"avatarUrl"` + Email string `json:"email"` + ErrMsg string `json:"message"` + ErrCode string `json:"code"` + } + + if err := json.NewDecoder(resp.Body).Decode(&user); err != nil { + return nil, errors.WithStack(herodot.ErrInternalServerError.WithReasonf("%s", err)) + } + + if user.ErrMsg != "" { + return nil, errors.WithStack(herodot.ErrInternalServerError.WithReasonf("userResp.ErrCode = %s, userResp.ErrMsg = %s", user.ErrCode, user.ErrMsg)) + } + + return &Claims{ + Issuer: userInfoURL, + Subject: user.OpenId, + Nickname: user.Nick, + Name: user.Nick, + Picture: user.AvatarUrl, + Email: user.Email, + }, nil +} diff --git a/selfservice/strategy/oidc/strategy.go b/selfservice/strategy/oidc/strategy.go index e6081af9b137..db79575d289e 100644 --- a/selfservice/strategy/oidc/strategy.go +++ b/selfservice/strategy/oidc/strategy.go @@ -14,6 +14,7 @@ import ( "github.com/ory/kratos/ui/container" "github.com/ory/x/decoderx" + "github.com/ory/x/stringsx" "github.com/ory/kratos/ui/node" @@ -242,7 +243,7 @@ func (s *Strategy) validateFlow(ctx context.Context, r *http.Request, rid uuid.U func (s *Strategy) validateCallback(w http.ResponseWriter, r *http.Request) (flow.Flow, *authCodeContainer, error) { var ( - code = r.URL.Query().Get("code") + code = stringsx.Coalesce(r.URL.Query().Get("code"), r.URL.Query().Get("authCode")) state = r.URL.Query().Get("state") ) @@ -291,7 +292,7 @@ func (s *Strategy) alreadyAuthenticated(w http.ResponseWriter, r *http.Request, func (s *Strategy) handleCallback(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { var ( - code = r.URL.Query().Get("code") + code = stringsx.Coalesce(r.URL.Query().Get("code"), r.URL.Query().Get("authCode")) pid = ps.ByName("provider") ) @@ -315,13 +316,16 @@ func (s *Strategy) handleCallback(w http.ResponseWriter, r *http.Request, ps htt return } - conf, err := provider.OAuth2(r.Context()) - if err != nil { - s.forwardError(w, r, req, s.handleError(w, r, req, pid, nil, err)) - return + te, ok := provider.(TokenExchanger) + if !ok { + te, err = provider.OAuth2(r.Context()) + if err != nil { + s.forwardError(w, r, req, s.handleError(w, r, req, pid, nil, err)) + return + } } - token, err := conf.Exchange(r.Context(), code) + token, err := te.Exchange(r.Context(), code) if err != nil { s.forwardError(w, r, req, s.handleError(w, r, req, pid, nil, err)) return From ac847bbf66d8340445cb6798fdebcb552075ac5f Mon Sep 17 00:00:00 2001 From: ory-bot <60093411+ory-bot@users.noreply.github.com> Date: Fri, 17 Jun 2022 08:10:57 +0000 Subject: [PATCH 100/411] autogen(docs): regenerate and update changelog [skip ci] --- CHANGELOG.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 7ef7c467d0a5..f8b3347672f1 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,7 +4,7 @@ **Table of Contents** -- [ (2022-06-10)](#2022-06-10) +- [ (2022-06-17)](#2022-06-17) - [Bug Fixes](#bug-fixes) - [Documentation](#documentation) - [Features](#features) @@ -260,7 +260,7 @@ -# [](https://github.com/ory/kratos/compare/v0.10.1...v) (2022-06-10) +# [](https://github.com/ory/kratos/compare/v0.10.1...v) (2022-06-17) ### Bug Fixes @@ -270,12 +270,14 @@ ### Documentation * Fix badge ([dbb7506](https://github.com/ory/kratos/commit/dbb7506ec1a5a2b5bef21cb7838b6c86e755f0f9)) +* **sdk:** Incorrect URL ([#2521](https://github.com/ory/kratos/issues/2521)) ([ac6c4cc](https://github.com/ory/kratos/commit/ac6c4ccfc1901d38855ecd9991ef8de80e9d7c40)) * Update README ([5da4c6b](https://github.com/ory/kratos/commit/5da4c6b934b1b820d4a6ca67621855e87ecef773)) * Update readme badges ([7136e94](https://github.com/ory/kratos/commit/7136e94028dc64877e887776a1ccafb8826ce23c)) ### Features * Add codecov yaml ([90da0bb](https://github.com/ory/kratos/commit/90da0bb4aeb50ed697c998342300cc56de5d5e1c)) +* Add DingTalk social login ([#2494](https://github.com/ory/kratos/issues/2494)) ([7b966bd](https://github.com/ory/kratos/commit/7b966bd16333f419b2a57f2a0b8684d6d86b34e6)) # [0.10.1](https://github.com/ory/kratos/compare/v0.10.0...v0.10.1) (2022-06-01) From 3d8cf38ef05c6ca5edf1161846c63bd3a23d9adc Mon Sep 17 00:00:00 2001 From: Mathias Polligkeit <13847569+woylie@users.noreply.github.com> Date: Sat, 18 Jun 2022 16:58:08 +0900 Subject: [PATCH 101/411] docs: write messages as single json document (#2519) Closes #2498 --- README.md | 9 +++++++++ cmd/clidoc/main.go | 46 ++++++++++++++++++++++++++++++++++++++-------- 2 files changed, 47 insertions(+), 8 deletions(-) diff --git a/README.md b/README.md index cbab0cf85d92..42d8c596856b 100644 --- a/README.md +++ b/README.md @@ -512,6 +512,15 @@ Some tests use fixtures. If payloads change, you can update them with: make test-update-snapshots ``` +This will only update the snapshots of the short tests. To update all snapshots, +run: + +```bash +UPDATE_SNAPSHOTS=true go test -p 4 -tags sqlite ./... +``` + +You can also run this command from a sub folder. + ##### End-to-End Tests We use [Cypress](https://www.cypress.io) to run our e2e tests. diff --git a/cmd/clidoc/main.go b/cmd/clidoc/main.go index 943d2ff9f89e..968ba312f5c7 100644 --- a/cmd/clidoc/main.go +++ b/cmd/clidoc/main.go @@ -136,11 +136,18 @@ func main() { os.Exit(1) } - if err := writeMessages(filepath.Join(os.Args[2], "concepts/ui-user-interface.mdx")); err != nil { + sortedMessages := sortMessages() + + if err := writeMessages(filepath.Join(os.Args[2], "concepts/ui-user-interface.mdx"), sortedMessages); err != nil { _, _ = fmt.Fprintf(os.Stderr, "Unable to generate message table: %+v\n", err) os.Exit(1) } + if err := writeMessagesJson(filepath.Join(os.Args[2], "concepts/messages.json"), sortedMessages); err != nil { + _, _ = fmt.Fprintf(os.Stderr, "Unable to generate messages.json: %+v\n", err) + os.Exit(1) + } + fmt.Println("All files have been generated and updated.") } @@ -154,12 +161,7 @@ func codeEncode(in interface{}) string { return string(out) } -func writeMessages(path string) error { - content, err := os.ReadFile(path) - if err != nil { - return err - } - +func sortMessages() []*text.Message { var toSort []*text.Message for _, m := range messages { toSort = append(toSort, m) @@ -172,8 +174,17 @@ func writeMessages(path string) error { return toSort[i].ID < toSort[j].ID }) + return toSort +} + +func writeMessages(path string, sortedMessages []*text.Message) error { + content, err := os.ReadFile(path) + if err != nil { + return err + } + var w bytes.Buffer - for _, m := range toSort { + for _, m := range sortedMessages { w.WriteString(fmt.Sprintf(`###### %s (%d) %s @@ -200,6 +211,25 @@ func writeMessages(path string) error { return nil } +func writeMessagesJson(path string, sortedMessages []*text.Message) error { + result := codeEncode(sortedMessages) + + f, err := os.OpenFile(path, os.O_RDWR|os.O_CREATE|os.O_TRUNC, 0755) + if err != nil { + return err + } + + if _, err := f.WriteString(result); err != nil { + return err + } + + if err := f.Close(); err != nil { + return err + } + + return nil +} + func validateAllMessages(path string) error { type message struct { ID, Name string From 6284a9a5152924018d85f306e5758e9d8d759283 Mon Sep 17 00:00:00 2001 From: Mathias Polligkeit <13847569+woylie@users.noreply.github.com> Date: Sat, 18 Jun 2022 17:07:00 +0900 Subject: [PATCH 102/411] feat: add autocomplete attributes (#2523) See #2396 --- internal/httpclient/api/openapi.yaml | 10 +++++ internal/httpclient/docs/UiNodeAttributes.md | 26 +++++++++++++ .../httpclient/docs/UiNodeInputAttributes.md | 26 +++++++++++++ .../model_ui_node_input_attributes.go | 37 +++++++++++++++++++ ..._on_linked_credentials-agent=githuber.json | 2 + ...on_linked_credentials-agent=multiuser.json | 2 + ...sed_on_linked_credentials-agent=oryer.json | 2 + ..._on_linked_credentials-agent=password.json | 2 + ...e=should_link_a_connection-flow=fetch.json | 2 + ...hould_link_a_connection-flow=original.json | 2 + ...hould_link_a_connection-flow=response.json | 2 + ...er_does_not_have_oidc_credentials_yet.json | 2 + ...ink_a_connection_which_already_exists.json | 2 + ...le_to_link_an_non-existing_connection.json | 2 + ..._connection_not_yet_linked-flow=fetch.json | 2 + ...a_connection_not_yet_linked-flow=json.json | 2 + ...an_non-existing_connection-flow=fetch.json | 2 + ..._an_non-existing_connection-flow=json.json | 2 + ..._last_remaining_connection-flow=fetch.json | 2 + ...e_last_remaining_connection-flow=json.json | 2 + selfservice/strategy/password/login.go | 2 +- selfservice/strategy/password/nodes.go | 7 +++- selfservice/strategy/password/registration.go | 2 +- .../strategy/password/registration_test.go | 4 +- selfservice/strategy/password/settings.go | 2 +- ...hydrate_the_proper_fields-type=api#01.json | 1 + ...on=hydrate_the_proper_fields-type=api.json | 1 + ...ydrate_the_proper_fields-type=browser.json | 1 + ...when_passwordless_is_disabled-browser.json | 1 + ...ist_when_passwordless_is_disabled-spa.json | 1 + ...n-case=webauthn_button_exists-browser.json | 1 + ...ation-case=webauthn_button_exists-spa.json | 1 + spec/api.json | 12 ++++++ spec/swagger.json | 12 ++++++ ui/node/attributes.go | 16 ++++++++ ui/node/attributes_input.go | 5 +++ ui/node/attributes_input_test.go | 6 +++ ui/node/fixtures/all_formats.schema.json | 12 +++++- 38 files changed, 210 insertions(+), 8 deletions(-) diff --git a/internal/httpclient/api/openapi.yaml b/internal/httpclient/api/openapi.yaml index 915f447218f5..b7a735423063 100644 --- a/internal/httpclient/api/openapi.yaml +++ b/internal/httpclient/api/openapi.yaml @@ -5251,6 +5251,16 @@ components: uiNodeInputAttributes: description: InputAttributes represents the attributes of an input node properties: + autocomplete: + description: The autocomplete attribute for the input. + enum: + - email + - tel + - url + - current-password + - new-password + - one-time-code + type: string disabled: description: Sets the input's disabled field to true or false. type: boolean diff --git a/internal/httpclient/docs/UiNodeAttributes.md b/internal/httpclient/docs/UiNodeAttributes.md index 640e32e5f992..611ba317f638 100644 --- a/internal/httpclient/docs/UiNodeAttributes.md +++ b/internal/httpclient/docs/UiNodeAttributes.md @@ -4,6 +4,7 @@ Name | Type | Description | Notes ------------ | ------------- | ------------- | ------------- +**Autocomplete** | Pointer to **string** | The autocomplete attribute for the input. | [optional] **Disabled** | **bool** | Sets the input's disabled field to true or false. | **Label** | Pointer to [**UiText**](UiText.md) | | [optional] **Name** | **string** | The input's element name. | @@ -45,6 +46,31 @@ NewUiNodeAttributesWithDefaults instantiates a new UiNodeAttributes object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set +### GetAutocomplete + +`func (o *UiNodeAttributes) GetAutocomplete() string` + +GetAutocomplete returns the Autocomplete field if non-nil, zero value otherwise. + +### GetAutocompleteOk + +`func (o *UiNodeAttributes) GetAutocompleteOk() (*string, bool)` + +GetAutocompleteOk returns a tuple with the Autocomplete field if it's non-nil, zero value otherwise +and a boolean to check if the value has been set. + +### SetAutocomplete + +`func (o *UiNodeAttributes) SetAutocomplete(v string)` + +SetAutocomplete sets Autocomplete field to given value. + +### HasAutocomplete + +`func (o *UiNodeAttributes) HasAutocomplete() bool` + +HasAutocomplete returns a boolean if a field has been set. + ### GetDisabled `func (o *UiNodeAttributes) GetDisabled() bool` diff --git a/internal/httpclient/docs/UiNodeInputAttributes.md b/internal/httpclient/docs/UiNodeInputAttributes.md index fc1b1fe2a445..473dfdb4ba7d 100644 --- a/internal/httpclient/docs/UiNodeInputAttributes.md +++ b/internal/httpclient/docs/UiNodeInputAttributes.md @@ -4,6 +4,7 @@ Name | Type | Description | Notes ------------ | ------------- | ------------- | ------------- +**Autocomplete** | Pointer to **string** | The autocomplete attribute for the input. | [optional] **Disabled** | **bool** | Sets the input's disabled field to true or false. | **Label** | Pointer to [**UiText**](UiText.md) | | [optional] **Name** | **string** | The input's element name. | @@ -33,6 +34,31 @@ NewUiNodeInputAttributesWithDefaults instantiates a new UiNodeInputAttributes ob This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set +### GetAutocomplete + +`func (o *UiNodeInputAttributes) GetAutocomplete() string` + +GetAutocomplete returns the Autocomplete field if non-nil, zero value otherwise. + +### GetAutocompleteOk + +`func (o *UiNodeInputAttributes) GetAutocompleteOk() (*string, bool)` + +GetAutocompleteOk returns a tuple with the Autocomplete field if it's non-nil, zero value otherwise +and a boolean to check if the value has been set. + +### SetAutocomplete + +`func (o *UiNodeInputAttributes) SetAutocomplete(v string)` + +SetAutocomplete sets Autocomplete field to given value. + +### HasAutocomplete + +`func (o *UiNodeInputAttributes) HasAutocomplete() bool` + +HasAutocomplete returns a boolean if a field has been set. + ### GetDisabled `func (o *UiNodeInputAttributes) GetDisabled() bool` diff --git a/internal/httpclient/model_ui_node_input_attributes.go b/internal/httpclient/model_ui_node_input_attributes.go index c609923e406b..ab320a0265f7 100644 --- a/internal/httpclient/model_ui_node_input_attributes.go +++ b/internal/httpclient/model_ui_node_input_attributes.go @@ -17,6 +17,8 @@ import ( // UiNodeInputAttributes InputAttributes represents the attributes of an input node type UiNodeInputAttributes struct { + // The autocomplete attribute for the input. + Autocomplete *string `json:"autocomplete,omitempty"` // Sets the input's disabled field to true or false. Disabled bool `json:"disabled"` Label *UiText `json:"label,omitempty"` @@ -56,6 +58,38 @@ func NewUiNodeInputAttributesWithDefaults() *UiNodeInputAttributes { return &this } +// GetAutocomplete returns the Autocomplete field value if set, zero value otherwise. +func (o *UiNodeInputAttributes) GetAutocomplete() string { + if o == nil || o.Autocomplete == nil { + var ret string + return ret + } + return *o.Autocomplete +} + +// GetAutocompleteOk returns a tuple with the Autocomplete field value if set, nil otherwise +// and a boolean to check if the value has been set. +func (o *UiNodeInputAttributes) GetAutocompleteOk() (*string, bool) { + if o == nil || o.Autocomplete == nil { + return nil, false + } + return o.Autocomplete, true +} + +// HasAutocomplete returns a boolean if a field has been set. +func (o *UiNodeInputAttributes) HasAutocomplete() bool { + if o != nil && o.Autocomplete != nil { + return true + } + + return false +} + +// SetAutocomplete gets a reference to the given string and assigns it to the Autocomplete field. +func (o *UiNodeInputAttributes) SetAutocomplete(v string) { + o.Autocomplete = &v +} + // GetDisabled returns the Disabled field value func (o *UiNodeInputAttributes) GetDisabled() bool { if o == nil { @@ -315,6 +349,9 @@ func (o *UiNodeInputAttributes) SetValue(v interface{}) { func (o UiNodeInputAttributes) MarshalJSON() ([]byte, error) { toSerialize := map[string]interface{}{} + if o.Autocomplete != nil { + toSerialize["autocomplete"] = o.Autocomplete + } if true { toSerialize["disabled"] = o.Disabled } diff --git a/selfservice/strategy/oidc/.snapshots/TestSettingsStrategy-case=should_adjust_linkable_providers_based_on_linked_credentials-agent=githuber.json b/selfservice/strategy/oidc/.snapshots/TestSettingsStrategy-case=should_adjust_linkable_providers_based_on_linked_credentials-agent=githuber.json index 1e697e3ed631..19da7fb7f971 100644 --- a/selfservice/strategy/oidc/.snapshots/TestSettingsStrategy-case=should_adjust_linkable_providers_based_on_linked_credentials-agent=githuber.json +++ b/selfservice/strategy/oidc/.snapshots/TestSettingsStrategy-case=should_adjust_linkable_providers_based_on_linked_credentials-agent=githuber.json @@ -14,6 +14,7 @@ }, { "attributes": { + "autocomplete": "email", "disabled": false, "name": "traits.email", "node_type": "input", @@ -58,6 +59,7 @@ }, { "attributes": { + "autocomplete": "new-password", "disabled": false, "name": "password", "node_type": "input", diff --git a/selfservice/strategy/oidc/.snapshots/TestSettingsStrategy-case=should_adjust_linkable_providers_based_on_linked_credentials-agent=multiuser.json b/selfservice/strategy/oidc/.snapshots/TestSettingsStrategy-case=should_adjust_linkable_providers_based_on_linked_credentials-agent=multiuser.json index 1bbf742f594e..dd0dc9e5f179 100644 --- a/selfservice/strategy/oidc/.snapshots/TestSettingsStrategy-case=should_adjust_linkable_providers_based_on_linked_credentials-agent=multiuser.json +++ b/selfservice/strategy/oidc/.snapshots/TestSettingsStrategy-case=should_adjust_linkable_providers_based_on_linked_credentials-agent=multiuser.json @@ -14,6 +14,7 @@ }, { "attributes": { + "autocomplete": "email", "disabled": false, "name": "traits.email", "node_type": "input", @@ -58,6 +59,7 @@ }, { "attributes": { + "autocomplete": "new-password", "disabled": false, "name": "password", "node_type": "input", diff --git a/selfservice/strategy/oidc/.snapshots/TestSettingsStrategy-case=should_adjust_linkable_providers_based_on_linked_credentials-agent=oryer.json b/selfservice/strategy/oidc/.snapshots/TestSettingsStrategy-case=should_adjust_linkable_providers_based_on_linked_credentials-agent=oryer.json index 050f2bcd0115..c9b0b11c8a33 100644 --- a/selfservice/strategy/oidc/.snapshots/TestSettingsStrategy-case=should_adjust_linkable_providers_based_on_linked_credentials-agent=oryer.json +++ b/selfservice/strategy/oidc/.snapshots/TestSettingsStrategy-case=should_adjust_linkable_providers_based_on_linked_credentials-agent=oryer.json @@ -14,6 +14,7 @@ }, { "attributes": { + "autocomplete": "email", "disabled": false, "name": "traits.email", "node_type": "input", @@ -58,6 +59,7 @@ }, { "attributes": { + "autocomplete": "new-password", "disabled": false, "name": "password", "node_type": "input", diff --git a/selfservice/strategy/oidc/.snapshots/TestSettingsStrategy-case=should_adjust_linkable_providers_based_on_linked_credentials-agent=password.json b/selfservice/strategy/oidc/.snapshots/TestSettingsStrategy-case=should_adjust_linkable_providers_based_on_linked_credentials-agent=password.json index cf8d10cedbe6..55909b7380a6 100644 --- a/selfservice/strategy/oidc/.snapshots/TestSettingsStrategy-case=should_adjust_linkable_providers_based_on_linked_credentials-agent=password.json +++ b/selfservice/strategy/oidc/.snapshots/TestSettingsStrategy-case=should_adjust_linkable_providers_based_on_linked_credentials-agent=password.json @@ -14,6 +14,7 @@ }, { "attributes": { + "autocomplete": "email", "disabled": false, "name": "traits.email", "node_type": "input", @@ -58,6 +59,7 @@ }, { "attributes": { + "autocomplete": "new-password", "disabled": false, "name": "password", "node_type": "input", diff --git a/selfservice/strategy/oidc/.snapshots/TestSettingsStrategy-suite=link-case=should_link_a_connection-flow=fetch.json b/selfservice/strategy/oidc/.snapshots/TestSettingsStrategy-suite=link-case=should_link_a_connection-flow=fetch.json index e75a00339437..b775cb07f8b3 100644 --- a/selfservice/strategy/oidc/.snapshots/TestSettingsStrategy-suite=link-case=should_link_a_connection-flow=fetch.json +++ b/selfservice/strategy/oidc/.snapshots/TestSettingsStrategy-suite=link-case=should_link_a_connection-flow=fetch.json @@ -14,6 +14,7 @@ }, { "attributes": { + "autocomplete": "email", "disabled": false, "name": "traits.email", "node_type": "input", @@ -58,6 +59,7 @@ }, { "attributes": { + "autocomplete": "new-password", "disabled": false, "name": "password", "node_type": "input", diff --git a/selfservice/strategy/oidc/.snapshots/TestSettingsStrategy-suite=link-case=should_link_a_connection-flow=original.json b/selfservice/strategy/oidc/.snapshots/TestSettingsStrategy-suite=link-case=should_link_a_connection-flow=original.json index 1e697e3ed631..19da7fb7f971 100644 --- a/selfservice/strategy/oidc/.snapshots/TestSettingsStrategy-suite=link-case=should_link_a_connection-flow=original.json +++ b/selfservice/strategy/oidc/.snapshots/TestSettingsStrategy-suite=link-case=should_link_a_connection-flow=original.json @@ -14,6 +14,7 @@ }, { "attributes": { + "autocomplete": "email", "disabled": false, "name": "traits.email", "node_type": "input", @@ -58,6 +59,7 @@ }, { "attributes": { + "autocomplete": "new-password", "disabled": false, "name": "password", "node_type": "input", diff --git a/selfservice/strategy/oidc/.snapshots/TestSettingsStrategy-suite=link-case=should_link_a_connection-flow=response.json b/selfservice/strategy/oidc/.snapshots/TestSettingsStrategy-suite=link-case=should_link_a_connection-flow=response.json index ae77a96873b9..cda03ca13acb 100644 --- a/selfservice/strategy/oidc/.snapshots/TestSettingsStrategy-suite=link-case=should_link_a_connection-flow=response.json +++ b/selfservice/strategy/oidc/.snapshots/TestSettingsStrategy-suite=link-case=should_link_a_connection-flow=response.json @@ -19,6 +19,7 @@ "name": "traits.email", "type": "email", "required": true, + "autocomplete": "email", "disabled": false, "node_type": "input" }, @@ -63,6 +64,7 @@ "name": "password", "type": "password", "required": true, + "autocomplete": "new-password", "disabled": false, "node_type": "input" }, diff --git a/selfservice/strategy/oidc/.snapshots/TestSettingsStrategy-suite=link-case=should_link_a_connection_even_if_user_does_not_have_oidc_credentials_yet.json b/selfservice/strategy/oidc/.snapshots/TestSettingsStrategy-suite=link-case=should_link_a_connection_even_if_user_does_not_have_oidc_credentials_yet.json index a968ff43a0da..1763aae80238 100644 --- a/selfservice/strategy/oidc/.snapshots/TestSettingsStrategy-suite=link-case=should_link_a_connection_even_if_user_does_not_have_oidc_credentials_yet.json +++ b/selfservice/strategy/oidc/.snapshots/TestSettingsStrategy-suite=link-case=should_link_a_connection_even_if_user_does_not_have_oidc_credentials_yet.json @@ -14,6 +14,7 @@ }, { "attributes": { + "autocomplete": "email", "disabled": false, "name": "traits.email", "node_type": "input", @@ -58,6 +59,7 @@ }, { "attributes": { + "autocomplete": "new-password", "disabled": false, "name": "password", "node_type": "input", diff --git a/selfservice/strategy/oidc/.snapshots/TestSettingsStrategy-suite=link-case=should_not_be_able_to_link_a_connection_which_already_exists.json b/selfservice/strategy/oidc/.snapshots/TestSettingsStrategy-suite=link-case=should_not_be_able_to_link_a_connection_which_already_exists.json index c2c452afe65c..a8b9407aab8a 100644 --- a/selfservice/strategy/oidc/.snapshots/TestSettingsStrategy-suite=link-case=should_not_be_able_to_link_a_connection_which_already_exists.json +++ b/selfservice/strategy/oidc/.snapshots/TestSettingsStrategy-suite=link-case=should_not_be_able_to_link_a_connection_which_already_exists.json @@ -19,6 +19,7 @@ "name": "traits.email", "type": "email", "required": true, + "autocomplete": "email", "disabled": false, "node_type": "input" }, @@ -63,6 +64,7 @@ "name": "password", "type": "password", "required": true, + "autocomplete": "new-password", "disabled": false, "node_type": "input" }, diff --git a/selfservice/strategy/oidc/.snapshots/TestSettingsStrategy-suite=link-case=should_not_be_able_to_link_an_non-existing_connection.json b/selfservice/strategy/oidc/.snapshots/TestSettingsStrategy-suite=link-case=should_not_be_able_to_link_an_non-existing_connection.json index 06e298e5ae0b..abb1fa20bd40 100644 --- a/selfservice/strategy/oidc/.snapshots/TestSettingsStrategy-suite=link-case=should_not_be_able_to_link_an_non-existing_connection.json +++ b/selfservice/strategy/oidc/.snapshots/TestSettingsStrategy-suite=link-case=should_not_be_able_to_link_an_non-existing_connection.json @@ -19,6 +19,7 @@ "name": "traits.email", "type": "email", "required": true, + "autocomplete": "email", "disabled": false, "node_type": "input" }, @@ -63,6 +64,7 @@ "name": "password", "type": "password", "required": true, + "autocomplete": "new-password", "disabled": false, "node_type": "input" }, diff --git a/selfservice/strategy/oidc/.snapshots/TestSettingsStrategy-suite=unlink-case=should_not_be_able_to_unlink_a_connection_not_yet_linked-flow=fetch.json b/selfservice/strategy/oidc/.snapshots/TestSettingsStrategy-suite=unlink-case=should_not_be_able_to_unlink_a_connection_not_yet_linked-flow=fetch.json index 1e697e3ed631..19da7fb7f971 100644 --- a/selfservice/strategy/oidc/.snapshots/TestSettingsStrategy-suite=unlink-case=should_not_be_able_to_unlink_a_connection_not_yet_linked-flow=fetch.json +++ b/selfservice/strategy/oidc/.snapshots/TestSettingsStrategy-suite=unlink-case=should_not_be_able_to_unlink_a_connection_not_yet_linked-flow=fetch.json @@ -14,6 +14,7 @@ }, { "attributes": { + "autocomplete": "email", "disabled": false, "name": "traits.email", "node_type": "input", @@ -58,6 +59,7 @@ }, { "attributes": { + "autocomplete": "new-password", "disabled": false, "name": "password", "node_type": "input", diff --git a/selfservice/strategy/oidc/.snapshots/TestSettingsStrategy-suite=unlink-case=should_not_be_able_to_unlink_a_connection_not_yet_linked-flow=json.json b/selfservice/strategy/oidc/.snapshots/TestSettingsStrategy-suite=unlink-case=should_not_be_able_to_unlink_a_connection_not_yet_linked-flow=json.json index c2c452afe65c..a8b9407aab8a 100644 --- a/selfservice/strategy/oidc/.snapshots/TestSettingsStrategy-suite=unlink-case=should_not_be_able_to_unlink_a_connection_not_yet_linked-flow=json.json +++ b/selfservice/strategy/oidc/.snapshots/TestSettingsStrategy-suite=unlink-case=should_not_be_able_to_unlink_a_connection_not_yet_linked-flow=json.json @@ -19,6 +19,7 @@ "name": "traits.email", "type": "email", "required": true, + "autocomplete": "email", "disabled": false, "node_type": "input" }, @@ -63,6 +64,7 @@ "name": "password", "type": "password", "required": true, + "autocomplete": "new-password", "disabled": false, "node_type": "input" }, diff --git a/selfservice/strategy/oidc/.snapshots/TestSettingsStrategy-suite=unlink-case=should_not_be_able_to_unlink_an_non-existing_connection-flow=fetch.json b/selfservice/strategy/oidc/.snapshots/TestSettingsStrategy-suite=unlink-case=should_not_be_able_to_unlink_an_non-existing_connection-flow=fetch.json index 050f2bcd0115..c9b0b11c8a33 100644 --- a/selfservice/strategy/oidc/.snapshots/TestSettingsStrategy-suite=unlink-case=should_not_be_able_to_unlink_an_non-existing_connection-flow=fetch.json +++ b/selfservice/strategy/oidc/.snapshots/TestSettingsStrategy-suite=unlink-case=should_not_be_able_to_unlink_an_non-existing_connection-flow=fetch.json @@ -14,6 +14,7 @@ }, { "attributes": { + "autocomplete": "email", "disabled": false, "name": "traits.email", "node_type": "input", @@ -58,6 +59,7 @@ }, { "attributes": { + "autocomplete": "new-password", "disabled": false, "name": "password", "node_type": "input", diff --git a/selfservice/strategy/oidc/.snapshots/TestSettingsStrategy-suite=unlink-case=should_not_be_able_to_unlink_an_non-existing_connection-flow=json.json b/selfservice/strategy/oidc/.snapshots/TestSettingsStrategy-suite=unlink-case=should_not_be_able_to_unlink_an_non-existing_connection-flow=json.json index 06e298e5ae0b..abb1fa20bd40 100644 --- a/selfservice/strategy/oidc/.snapshots/TestSettingsStrategy-suite=unlink-case=should_not_be_able_to_unlink_an_non-existing_connection-flow=json.json +++ b/selfservice/strategy/oidc/.snapshots/TestSettingsStrategy-suite=unlink-case=should_not_be_able_to_unlink_an_non-existing_connection-flow=json.json @@ -19,6 +19,7 @@ "name": "traits.email", "type": "email", "required": true, + "autocomplete": "email", "disabled": false, "node_type": "input" }, @@ -63,6 +64,7 @@ "name": "password", "type": "password", "required": true, + "autocomplete": "new-password", "disabled": false, "node_type": "input" }, diff --git a/selfservice/strategy/oidc/.snapshots/TestSettingsStrategy-suite=unlink-case=should_not_be_able_to_unlink_the_last_remaining_connection-flow=fetch.json b/selfservice/strategy/oidc/.snapshots/TestSettingsStrategy-suite=unlink-case=should_not_be_able_to_unlink_the_last_remaining_connection-flow=fetch.json index 050f2bcd0115..c9b0b11c8a33 100644 --- a/selfservice/strategy/oidc/.snapshots/TestSettingsStrategy-suite=unlink-case=should_not_be_able_to_unlink_the_last_remaining_connection-flow=fetch.json +++ b/selfservice/strategy/oidc/.snapshots/TestSettingsStrategy-suite=unlink-case=should_not_be_able_to_unlink_the_last_remaining_connection-flow=fetch.json @@ -14,6 +14,7 @@ }, { "attributes": { + "autocomplete": "email", "disabled": false, "name": "traits.email", "node_type": "input", @@ -58,6 +59,7 @@ }, { "attributes": { + "autocomplete": "new-password", "disabled": false, "name": "password", "node_type": "input", diff --git a/selfservice/strategy/oidc/.snapshots/TestSettingsStrategy-suite=unlink-case=should_not_be_able_to_unlink_the_last_remaining_connection-flow=json.json b/selfservice/strategy/oidc/.snapshots/TestSettingsStrategy-suite=unlink-case=should_not_be_able_to_unlink_the_last_remaining_connection-flow=json.json index 06e298e5ae0b..abb1fa20bd40 100644 --- a/selfservice/strategy/oidc/.snapshots/TestSettingsStrategy-suite=unlink-case=should_not_be_able_to_unlink_the_last_remaining_connection-flow=json.json +++ b/selfservice/strategy/oidc/.snapshots/TestSettingsStrategy-suite=unlink-case=should_not_be_able_to_unlink_the_last_remaining_connection-flow=json.json @@ -19,6 +19,7 @@ "name": "traits.email", "type": "email", "required": true, + "autocomplete": "email", "disabled": false, "node_type": "input" }, @@ -63,6 +64,7 @@ "name": "password", "type": "password", "required": true, + "autocomplete": "new-password", "disabled": false, "node_type": "input" }, diff --git a/selfservice/strategy/password/login.go b/selfservice/strategy/password/login.go index bc03024ac251..d3bbbd37c25d 100644 --- a/selfservice/strategy/password/login.go +++ b/selfservice/strategy/password/login.go @@ -150,7 +150,7 @@ func (s *Strategy) PopulateLoginMethod(r *http.Request, requestedAAL identity.Au } sr.UI.SetCSRF(s.d.GenerateCSRFToken(r)) - sr.UI.SetNode(NewPasswordNode("password")) + sr.UI.SetNode(NewPasswordNode("password", node.InputAttributeAutocompleteCurrentPassword)) sr.UI.GetNodes().Append(node.NewInputField("method", "password", node.PasswordGroup, node.InputAttributeTypeSubmit).WithMetaLabel(text.NewInfoLogin())) return nil diff --git a/selfservice/strategy/password/nodes.go b/selfservice/strategy/password/nodes.go index 3ca8fc38589e..344744448289 100644 --- a/selfservice/strategy/password/nodes.go +++ b/selfservice/strategy/password/nodes.go @@ -5,9 +5,12 @@ import ( "github.com/ory/kratos/ui/node" ) -func NewPasswordNode(name string) *node.Node { +func NewPasswordNode(name string, autocomplete node.InputAttributeAutocomplete) *node.Node { return node.NewInputField(name, nil, node.PasswordGroup, node.InputAttributeTypePassword, - node.WithRequiredInputAttribute). + node.WithRequiredInputAttribute, + node.WithInputAttributes(func(a *node.InputAttributes) { + a.Autocomplete = autocomplete + })). WithMetaLabel(text.NewInfoNodeInputPassword()) } diff --git a/selfservice/strategy/password/registration.go b/selfservice/strategy/password/registration.go index 57bbc7863420..4d5e0bfbce69 100644 --- a/selfservice/strategy/password/registration.go +++ b/selfservice/strategy/password/registration.go @@ -150,7 +150,7 @@ func (s *Strategy) PopulateRegistrationMethod(r *http.Request, f *registration.F } f.UI.SetCSRF(s.d.GenerateCSRFToken(r)) - f.UI.Nodes.Upsert(NewPasswordNode("password")) + f.UI.Nodes.Upsert(NewPasswordNode("password", node.InputAttributeAutocompleteNewPassword)) f.UI.Nodes.Append(node.NewInputField("method", "password", node.PasswordGroup, node.InputAttributeTypeSubmit).WithMetaLabel(text.NewInfoRegistration())) return nil diff --git a/selfservice/strategy/password/registration_test.go b/selfservice/strategy/password/registration_test.go index 68a56dbae9c1..4565c0382c19 100644 --- a/selfservice/strategy/password/registration_test.go +++ b/selfservice/strategy/password/registration_test.go @@ -487,7 +487,9 @@ func TestRegistration(t *testing.T) { Nodes: node.Nodes{ node.NewCSRFNode(x.FakeCSRFToken), node.NewInputField("traits.username", nil, node.PasswordGroup, node.InputAttributeTypeText), - node.NewInputField("password", nil, node.PasswordGroup, node.InputAttributeTypePassword, node.WithRequiredInputAttribute).WithMetaLabel(text.NewInfoNodeInputPassword()), + node.NewInputField("password", nil, node.PasswordGroup, node.InputAttributeTypePassword, node.WithRequiredInputAttribute, node.WithInputAttributes(func(a *node.InputAttributes) { + a.Autocomplete = node.InputAttributeAutocompleteNewPassword + })).WithMetaLabel(text.NewInfoNodeInputPassword()), node.NewInputField("traits.bar", nil, node.PasswordGroup, node.InputAttributeTypeText), node.NewInputField("method", "password", node.PasswordGroup, node.InputAttributeTypeSubmit).WithMetaLabel(text.NewInfoRegistration()), }, diff --git a/selfservice/strategy/password/settings.go b/selfservice/strategy/password/settings.go index e85ff96f9afa..c431ec1c488a 100644 --- a/selfservice/strategy/password/settings.go +++ b/selfservice/strategy/password/settings.go @@ -146,7 +146,7 @@ func (s *Strategy) continueSettingsFlow( func (s *Strategy) PopulateSettingsMethod(r *http.Request, _ *identity.Identity, f *settings.Flow) error { f.UI.SetCSRF(s.d.GenerateCSRFToken(r)) - f.UI.Nodes.Upsert(NewPasswordNode("password").WithMetaLabel(text.NewInfoNodeInputPassword())) + f.UI.Nodes.Upsert(NewPasswordNode("password", node.InputAttributeAutocompleteNewPassword).WithMetaLabel(text.NewInfoNodeInputPassword())) f.UI.Nodes.Append(node.NewInputField("method", "password", node.PasswordGroup, node.InputAttributeTypeSubmit).WithMetaLabel(text.NewInfoNodeLabelSave())) return nil diff --git a/selfservice/strategy/profile/.snapshots/TestStrategyTraits-description=hydrate_the_proper_fields-type=api#01.json b/selfservice/strategy/profile/.snapshots/TestStrategyTraits-description=hydrate_the_proper_fields-type=api#01.json index f5ae1f7327f3..d6665e756663 100644 --- a/selfservice/strategy/profile/.snapshots/TestStrategyTraits-description=hydrate_the_proper_fields-type=api#01.json +++ b/selfservice/strategy/profile/.snapshots/TestStrategyTraits-description=hydrate_the_proper_fields-type=api#01.json @@ -112,6 +112,7 @@ }, { "attributes": { + "autocomplete": "new-password", "disabled": false, "name": "password", "node_type": "input", diff --git a/selfservice/strategy/profile/.snapshots/TestStrategyTraits-description=hydrate_the_proper_fields-type=api.json b/selfservice/strategy/profile/.snapshots/TestStrategyTraits-description=hydrate_the_proper_fields-type=api.json index f5ae1f7327f3..d6665e756663 100644 --- a/selfservice/strategy/profile/.snapshots/TestStrategyTraits-description=hydrate_the_proper_fields-type=api.json +++ b/selfservice/strategy/profile/.snapshots/TestStrategyTraits-description=hydrate_the_proper_fields-type=api.json @@ -112,6 +112,7 @@ }, { "attributes": { + "autocomplete": "new-password", "disabled": false, "name": "password", "node_type": "input", diff --git a/selfservice/strategy/profile/.snapshots/TestStrategyTraits-description=hydrate_the_proper_fields-type=browser.json b/selfservice/strategy/profile/.snapshots/TestStrategyTraits-description=hydrate_the_proper_fields-type=browser.json index f5ae1f7327f3..d6665e756663 100644 --- a/selfservice/strategy/profile/.snapshots/TestStrategyTraits-description=hydrate_the_proper_fields-type=browser.json +++ b/selfservice/strategy/profile/.snapshots/TestStrategyTraits-description=hydrate_the_proper_fields-type=browser.json @@ -112,6 +112,7 @@ }, { "attributes": { + "autocomplete": "new-password", "disabled": false, "name": "password", "node_type": "input", diff --git a/selfservice/strategy/webauthn/.snapshots/TestRegistration-case=webauthn_button_does_not_exist_when_passwordless_is_disabled-browser.json b/selfservice/strategy/webauthn/.snapshots/TestRegistration-case=webauthn_button_does_not_exist_when_passwordless_is_disabled-browser.json index 39afd9d8e8eb..3d16974da7c4 100644 --- a/selfservice/strategy/webauthn/.snapshots/TestRegistration-case=webauthn_button_does_not_exist_when_passwordless_is_disabled-browser.json +++ b/selfservice/strategy/webauthn/.snapshots/TestRegistration-case=webauthn_button_does_not_exist_when_passwordless_is_disabled-browser.json @@ -27,6 +27,7 @@ }, { "attributes": { + "autocomplete": "new-password", "disabled": false, "name": "password", "node_type": "input", diff --git a/selfservice/strategy/webauthn/.snapshots/TestRegistration-case=webauthn_button_does_not_exist_when_passwordless_is_disabled-spa.json b/selfservice/strategy/webauthn/.snapshots/TestRegistration-case=webauthn_button_does_not_exist_when_passwordless_is_disabled-spa.json index 39afd9d8e8eb..3d16974da7c4 100644 --- a/selfservice/strategy/webauthn/.snapshots/TestRegistration-case=webauthn_button_does_not_exist_when_passwordless_is_disabled-spa.json +++ b/selfservice/strategy/webauthn/.snapshots/TestRegistration-case=webauthn_button_does_not_exist_when_passwordless_is_disabled-spa.json @@ -27,6 +27,7 @@ }, { "attributes": { + "autocomplete": "new-password", "disabled": false, "name": "password", "node_type": "input", diff --git a/selfservice/strategy/webauthn/.snapshots/TestRegistration-case=webauthn_button_exists-browser.json b/selfservice/strategy/webauthn/.snapshots/TestRegistration-case=webauthn_button_exists-browser.json index 1f5d2e17af95..f2f9e1cffe0d 100644 --- a/selfservice/strategy/webauthn/.snapshots/TestRegistration-case=webauthn_button_exists-browser.json +++ b/selfservice/strategy/webauthn/.snapshots/TestRegistration-case=webauthn_button_exists-browser.json @@ -106,6 +106,7 @@ }, { "attributes": { + "autocomplete": "new-password", "disabled": false, "name": "password", "node_type": "input", diff --git a/selfservice/strategy/webauthn/.snapshots/TestRegistration-case=webauthn_button_exists-spa.json b/selfservice/strategy/webauthn/.snapshots/TestRegistration-case=webauthn_button_exists-spa.json index 1f5d2e17af95..f2f9e1cffe0d 100644 --- a/selfservice/strategy/webauthn/.snapshots/TestRegistration-case=webauthn_button_exists-spa.json +++ b/selfservice/strategy/webauthn/.snapshots/TestRegistration-case=webauthn_button_exists-spa.json @@ -106,6 +106,7 @@ }, { "attributes": { + "autocomplete": "new-password", "disabled": false, "name": "password", "node_type": "input", diff --git a/spec/api.json b/spec/api.json index cbd27c72233c..d9920d82de64 100755 --- a/spec/api.json +++ b/spec/api.json @@ -1985,6 +1985,18 @@ "uiNodeInputAttributes": { "description": "InputAttributes represents the attributes of an input node", "properties": { + "autocomplete": { + "description": "The autocomplete attribute for the input.", + "enum": [ + "email", + "tel", + "url", + "current-password", + "new-password", + "one-time-code" + ], + "type": "string" + }, "disabled": { "description": "Sets the input's disabled field to true or false.", "type": "boolean" diff --git a/spec/swagger.json b/spec/swagger.json index 13c5a0c1a231..83fec0769aa2 100755 --- a/spec/swagger.json +++ b/spec/swagger.json @@ -4205,6 +4205,18 @@ "node_type" ], "properties": { + "autocomplete": { + "description": "The autocomplete attribute for the input.", + "type": "string", + "enum": [ + "email", + "tel", + "url", + "current-password", + "new-password", + "one-time-code" + ] + }, "disabled": { "description": "Sets the input's disabled field to true or false.", "type": "boolean" diff --git a/ui/node/attributes.go b/ui/node/attributes.go index a1e96416e31b..d57d7a7cfc35 100644 --- a/ui/node/attributes.go +++ b/ui/node/attributes.go @@ -9,6 +9,7 @@ const ( InputAttributeTypeCheckbox InputAttributeType = "checkbox" InputAttributeTypeHidden InputAttributeType = "hidden" InputAttributeTypeEmail InputAttributeType = "email" + InputAttributeTypeTel InputAttributeType = "tel" InputAttributeTypeSubmit InputAttributeType = "submit" InputAttributeTypeButton InputAttributeType = "button" InputAttributeTypeDateTimeLocal InputAttributeType = "datetime-local" @@ -16,9 +17,21 @@ const ( InputAttributeTypeURI InputAttributeType = "url" ) +const ( + InputAttributeAutocompleteEmail InputAttributeAutocomplete = "email" + InputAttributeAutocompleteTel InputAttributeAutocomplete = "tel" + InputAttributeAutocompleteUrl InputAttributeAutocomplete = "url" + InputAttributeAutocompleteCurrentPassword InputAttributeAutocomplete = "current-password" + InputAttributeAutocompleteNewPassword InputAttributeAutocomplete = "new-password" + InputAttributeAutocompleteOneTimeCode InputAttributeAutocomplete = "one-time-code" +) + // swagger:model uiNodeInputAttributeType type InputAttributeType string +// swagger:enum InputAttributeAutocomplete +type InputAttributeAutocomplete string + // Attributes represents a list of attributes (e.g. `href="foo"` for links). // // swagger:model uiNodeAttributes @@ -59,6 +72,9 @@ type InputAttributes struct { // Mark this input field as required. Required bool `json:"required,omitempty"` + // The autocomplete attribute for the input. + Autocomplete InputAttributeAutocomplete `json:"autocomplete,omitempty"` + // The input's label text. Label *text.Message `json:"label,omitempty"` diff --git a/ui/node/attributes_input.go b/ui/node/attributes_input.go index bfe3e78ecb7d..5e5e05882323 100644 --- a/ui/node/attributes_input.go +++ b/ui/node/attributes_input.go @@ -156,10 +156,15 @@ func NewInputFieldFromSchema(name string, group UiNodeGroup, p jsonschemax.Path, attr.Type = InputAttributeTypeDateTimeLocal case "email": attr.Type = InputAttributeTypeEmail + attr.Autocomplete = InputAttributeAutocompleteEmail + case "tel": + attr.Type = InputAttributeTypeTel + attr.Autocomplete = InputAttributeAutocompleteTel case "date": attr.Type = InputAttributeTypeDate case "uri": attr.Type = InputAttributeTypeURI + attr.Autocomplete = InputAttributeAutocompleteUrl case "regex": attr.Type = InputAttributeTypeText } diff --git a/ui/node/attributes_input_test.go b/ui/node/attributes_input_test.go index cef15c1451bd..6b614cd4c204 100644 --- a/ui/node/attributes_input_test.go +++ b/ui/node/attributes_input_test.go @@ -37,6 +37,12 @@ func TestFieldFromPath(t *testing.T) { assert.EqualValues(t, gjson.GetBytes(schema, fmt.Sprintf("properties.%s.test_expected_type", path.Name)).String(), attr.Type) assert.True(t, !gjson.GetBytes(schema, fmt.Sprintf("properties.%s.test_expected_pattern", path.Name)).Exists() || (gjson.GetBytes(schema, fmt.Sprintf("properties.%s.test_expected_pattern", path.Name)).Bool() && attr.Pattern != "")) + + expectedAutocomplete := gjson.GetBytes(schema, fmt.Sprintf("properties.%s.test_expected_autocomplete", path.Name)) + + if expectedAutocomplete.Exists() { + assert.EqualValues(t, expectedAutocomplete.String(), attr.Autocomplete) + } } }) } diff --git a/ui/node/fixtures/all_formats.schema.json b/ui/node/fixtures/all_formats.schema.json index 6333b70c84e9..5310ead51712 100644 --- a/ui/node/fixtures/all_formats.schema.json +++ b/ui/node/fixtures/all_formats.schema.json @@ -26,7 +26,14 @@ "emailString": { "type": "string", "format": "email", - "test_expected_type": "email" + "test_expected_type": "email", + "test_expected_autocomplete": "email" + }, + "phoneString": { + "type": "string", + "format": "tel", + "test_expected_type": "tel", + "test_expected_autocomplete": "tel" }, "dateTimeString": { "type": "string", @@ -46,7 +53,8 @@ "uriString": { "type": "string", "format": "uri", - "test_expected_type": "url" + "test_expected_type": "url", + "test_expected_autocomplete": "url" }, "patternString": { "type": "string", From 26d43c12d0ae07a4dc36dfff5887585380879fe4 Mon Sep 17 00:00:00 2001 From: ory-bot <60093411+ory-bot@users.noreply.github.com> Date: Sat, 18 Jun 2022 08:50:20 +0000 Subject: [PATCH 103/411] autogen(docs): regenerate and update changelog [skip ci] --- CHANGELOG.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index f8b3347672f1..86a889923854 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,7 +4,7 @@ **Table of Contents** -- [ (2022-06-17)](#2022-06-17) +- [ (2022-06-18)](#2022-06-18) - [Bug Fixes](#bug-fixes) - [Documentation](#documentation) - [Features](#features) @@ -260,7 +260,7 @@ -# [](https://github.com/ory/kratos/compare/v0.10.1...v) (2022-06-17) +# [](https://github.com/ory/kratos/compare/v0.10.1...v) (2022-06-18) ### Bug Fixes @@ -273,9 +273,11 @@ * **sdk:** Incorrect URL ([#2521](https://github.com/ory/kratos/issues/2521)) ([ac6c4cc](https://github.com/ory/kratos/commit/ac6c4ccfc1901d38855ecd9991ef8de80e9d7c40)) * Update README ([5da4c6b](https://github.com/ory/kratos/commit/5da4c6b934b1b820d4a6ca67621855e87ecef773)) * Update readme badges ([7136e94](https://github.com/ory/kratos/commit/7136e94028dc64877e887776a1ccafb8826ce23c)) +* Write messages as single json document ([#2519](https://github.com/ory/kratos/issues/2519)) ([3d8cf38](https://github.com/ory/kratos/commit/3d8cf38ef05c6ca5edf1161846c63bd3a23d9adc)), closes [#2498](https://github.com/ory/kratos/issues/2498) ### Features +* Add autocomplete attributes ([#2523](https://github.com/ory/kratos/issues/2523)) ([6284a9a](https://github.com/ory/kratos/commit/6284a9a5152924018d85f306e5758e9d8d759283)), closes [#2396](https://github.com/ory/kratos/issues/2396) * Add codecov yaml ([90da0bb](https://github.com/ory/kratos/commit/90da0bb4aeb50ed697c998342300cc56de5d5e1c)) * Add DingTalk social login ([#2494](https://github.com/ory/kratos/issues/2494)) ([7b966bd](https://github.com/ory/kratos/commit/7b966bd16333f419b2a57f2a0b8684d6d86b34e6)) From aa83e46458072b21e53fe9a9a3cc7d4806527fcd Mon Sep 17 00:00:00 2001 From: Vincent Date: Mon, 20 Jun 2022 10:44:29 +0200 Subject: [PATCH 104/411] chore: broken link in API docs (#2534) --- selfservice/flow/verification/handler.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/selfservice/flow/verification/handler.go b/selfservice/flow/verification/handler.go index 717a4314ffdf..dbd821288097 100644 --- a/selfservice/flow/verification/handler.go +++ b/selfservice/flow/verification/handler.go @@ -94,7 +94,7 @@ func (h *Handler) RegisterAdminRoutes(admin *x.RouterAdmin) { // // This endpoint MUST ONLY be used in scenarios such as native mobile apps (React Native, Objective C, Swift, Java, ...). // -// More information can be found at [Ory Kratos Email and Phone Verification Documentation](https://www.ory.sh/docs/kratos/selfservice/flows/verify-email-account-activation). +// More information can be found at [Ory Kratos Email and Phone Verification Documentation](https://www.ory.sh/docs/kratos/self-service/flows/verify-email-account-activation). // // Schemes: http, https // From f0bd67e7b4bd495283f0b9bfb0c342bb3e2e38d5 Mon Sep 17 00:00:00 2001 From: ory-bot <60093411+ory-bot@users.noreply.github.com> Date: Mon, 20 Jun 2022 08:45:57 +0000 Subject: [PATCH 105/411] autogen(openapi): regenerate swagger spec and internal client [skip ci] --- internal/httpclient/api/openapi.yaml | 2 +- internal/httpclient/api_v0alpha2.go | 4 ++-- spec/api.json | 2 +- spec/swagger.json | 2 +- 4 files changed, 5 insertions(+), 5 deletions(-) diff --git a/internal/httpclient/api/openapi.yaml b/internal/httpclient/api/openapi.yaml index b7a735423063..a6426639e920 100644 --- a/internal/httpclient/api/openapi.yaml +++ b/internal/httpclient/api/openapi.yaml @@ -2234,7 +2234,7 @@ paths: This endpoint MUST ONLY be used in scenarios such as native mobile apps (React Native, Objective C, Swift, Java, ...). - More information can be found at [Ory Kratos Email and Phone Verification Documentation](https://www.ory.sh/docs/kratos/selfservice/flows/verify-email-account-activation). + More information can be found at [Ory Kratos Email and Phone Verification Documentation](https://www.ory.sh/docs/kratos/self-service/flows/verify-email-account-activation). operationId: initializeSelfServiceVerificationFlowWithoutBrowser responses: "200": diff --git a/internal/httpclient/api_v0alpha2.go b/internal/httpclient/api_v0alpha2.go index 44c4ddec7067..3be942dc73b9 100644 --- a/internal/httpclient/api_v0alpha2.go +++ b/internal/httpclient/api_v0alpha2.go @@ -708,7 +708,7 @@ type V0alpha2Api interface { This endpoint MUST ONLY be used in scenarios such as native mobile apps (React Native, Objective C, Swift, Java, ...). - More information can be found at [Ory Kratos Email and Phone Verification Documentation](https://www.ory.sh/docs/kratos/selfservice/flows/verify-email-account-activation). + More information can be found at [Ory Kratos Email and Phone Verification Documentation](https://www.ory.sh/docs/kratos/self-service/flows/verify-email-account-activation). * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). * @return V0alpha2ApiApiInitializeSelfServiceVerificationFlowWithoutBrowserRequest */ @@ -5214,7 +5214,7 @@ you vulnerable to a variety of CSRF attacks. This endpoint MUST ONLY be used in scenarios such as native mobile apps (React Native, Objective C, Swift, Java, ...). -More information can be found at [Ory Kratos Email and Phone Verification Documentation](https://www.ory.sh/docs/kratos/selfservice/flows/verify-email-account-activation). +More information can be found at [Ory Kratos Email and Phone Verification Documentation](https://www.ory.sh/docs/kratos/self-service/flows/verify-email-account-activation). * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). * @return V0alpha2ApiApiInitializeSelfServiceVerificationFlowWithoutBrowserRequest */ diff --git a/spec/api.json b/spec/api.json index d9920d82de64..a29839998ea6 100755 --- a/spec/api.json +++ b/spec/api.json @@ -4634,7 +4634,7 @@ }, "/self-service/verification/api": { "get": { - "description": "This endpoint initiates a verification flow for API clients such as mobile devices, smart TVs, and so on.\n\nTo fetch an existing verification flow call `/self-service/verification/flows?flow=\u003cflow_id\u003e`.\n\nYou MUST NOT use this endpoint in client-side (Single Page Apps, ReactJS, AngularJS) nor server-side (Java Server\nPages, NodeJS, PHP, Golang, ...) browser applications. Using this endpoint in these applications will make\nyou vulnerable to a variety of CSRF attacks.\n\nThis endpoint MUST ONLY be used in scenarios such as native mobile apps (React Native, Objective C, Swift, Java, ...).\n\nMore information can be found at [Ory Kratos Email and Phone Verification Documentation](https://www.ory.sh/docs/kratos/selfservice/flows/verify-email-account-activation).", + "description": "This endpoint initiates a verification flow for API clients such as mobile devices, smart TVs, and so on.\n\nTo fetch an existing verification flow call `/self-service/verification/flows?flow=\u003cflow_id\u003e`.\n\nYou MUST NOT use this endpoint in client-side (Single Page Apps, ReactJS, AngularJS) nor server-side (Java Server\nPages, NodeJS, PHP, Golang, ...) browser applications. Using this endpoint in these applications will make\nyou vulnerable to a variety of CSRF attacks.\n\nThis endpoint MUST ONLY be used in scenarios such as native mobile apps (React Native, Objective C, Swift, Java, ...).\n\nMore information can be found at [Ory Kratos Email and Phone Verification Documentation](https://www.ory.sh/docs/kratos/self-service/flows/verify-email-account-activation).", "operationId": "initializeSelfServiceVerificationFlowWithoutBrowser", "responses": { "200": { diff --git a/spec/swagger.json b/spec/swagger.json index 83fec0769aa2..7b0dbfae032a 100755 --- a/spec/swagger.json +++ b/spec/swagger.json @@ -1987,7 +1987,7 @@ }, "/self-service/verification/api": { "get": { - "description": "This endpoint initiates a verification flow for API clients such as mobile devices, smart TVs, and so on.\n\nTo fetch an existing verification flow call `/self-service/verification/flows?flow=\u003cflow_id\u003e`.\n\nYou MUST NOT use this endpoint in client-side (Single Page Apps, ReactJS, AngularJS) nor server-side (Java Server\nPages, NodeJS, PHP, Golang, ...) browser applications. Using this endpoint in these applications will make\nyou vulnerable to a variety of CSRF attacks.\n\nThis endpoint MUST ONLY be used in scenarios such as native mobile apps (React Native, Objective C, Swift, Java, ...).\n\nMore information can be found at [Ory Kratos Email and Phone Verification Documentation](https://www.ory.sh/docs/kratos/selfservice/flows/verify-email-account-activation).", + "description": "This endpoint initiates a verification flow for API clients such as mobile devices, smart TVs, and so on.\n\nTo fetch an existing verification flow call `/self-service/verification/flows?flow=\u003cflow_id\u003e`.\n\nYou MUST NOT use this endpoint in client-side (Single Page Apps, ReactJS, AngularJS) nor server-side (Java Server\nPages, NodeJS, PHP, Golang, ...) browser applications. Using this endpoint in these applications will make\nyou vulnerable to a variety of CSRF attacks.\n\nThis endpoint MUST ONLY be used in scenarios such as native mobile apps (React Native, Objective C, Swift, Java, ...).\n\nMore information can be found at [Ory Kratos Email and Phone Verification Documentation](https://www.ory.sh/docs/kratos/self-service/flows/verify-email-account-activation).", "schemes": [ "http", "https" From 29d6376e22e4de617ec63ca0a5dcb4dbf34c7c37 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Przemys=C5=82aw=20Czaus?= Date: Mon, 20 Jun 2022 10:49:34 +0200 Subject: [PATCH 106/411] feat(cli): helper for cleaning up stale records (#2406) Closes #952 Co-authored-by: Patrik --- cmd/cleanup/root.go | 22 +++ cmd/cleanup/sql.go | 59 ++++++++ cmd/cleanup/sql_test.go | 24 ++++ cmd/cliclient/cleanup.go | 60 ++++++++ cmd/root.go | 3 + continuity/persistence.go | 2 + continuity/test/persistence.go | 23 ++++ driver/config/config.go | 10 ++ driver/config/config_test.go | 16 ++- embedx/config.schema.json | 43 ++++++ persistence/reference.go | 2 + persistence/sql/persister.go | 52 +++++++ persistence/sql/persister_cleanup_test.go | 138 +++++++++++++++++++ persistence/sql/persister_continuity.go | 18 +++ persistence/sql/persister_login.go | 19 +++ persistence/sql/persister_recovery.go | 17 +++ persistence/sql/persister_registration.go | 19 +++ persistence/sql/persister_session.go | 17 +++ persistence/sql/persister_settings.go | 19 +++ persistence/sql/persister_verification.go | 17 +++ selfservice/flow/login/persistence.go | 2 + selfservice/flow/recovery/persistence.go | 2 + selfservice/flow/registration/persistence.go | 2 + selfservice/flow/settings/persistence.go | 2 + selfservice/flow/verification/persistence.go | 2 + session/persistence.go | 4 + 26 files changed, 593 insertions(+), 1 deletion(-) create mode 100644 cmd/cleanup/root.go create mode 100644 cmd/cleanup/sql.go create mode 100644 cmd/cleanup/sql_test.go create mode 100644 cmd/cliclient/cleanup.go create mode 100644 persistence/sql/persister_cleanup_test.go diff --git a/cmd/cleanup/root.go b/cmd/cleanup/root.go new file mode 100644 index 000000000000..ac2f0b88797a --- /dev/null +++ b/cmd/cleanup/root.go @@ -0,0 +1,22 @@ +package cleanup + +import ( + "github.com/spf13/cobra" + + "github.com/ory/x/configx" +) + +func NewCleanupCmd() *cobra.Command { + c := &cobra.Command{ + Use: "cleanup", + Short: "Various cleanup helpers", + } + configx.RegisterFlags(c.PersistentFlags()) + return c +} + +func RegisterCommandRecursive(parent *cobra.Command) { + c := NewCleanupCmd() + parent.AddCommand(c) + c.AddCommand(NewCleanupSQLCmd()) +} diff --git a/cmd/cleanup/sql.go b/cmd/cleanup/sql.go new file mode 100644 index 000000000000..847d010a02cb --- /dev/null +++ b/cmd/cleanup/sql.go @@ -0,0 +1,59 @@ +/* +Copyright © 2019 NAME HERE +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + http://www.apache.org/licenses/LICENSE-2.0 +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ +package cleanup + +import ( + "fmt" + "time" + + "github.com/ory/x/cmdx" + + "github.com/spf13/cobra" + + "github.com/ory/kratos/driver/config" + + "github.com/ory/kratos/cmd/cliclient" + "github.com/ory/x/configx" +) + +// cleanupSqlCmd represents the sql command +func NewCleanupSQLCmd() *cobra.Command { + c := &cobra.Command{ + Use: "sql ", + Short: "Cleanup sql database from expired flows and sessions", + Long: `Run this command as frequently as you need. +It is recommended to run this command close to the SQL instance (e.g. same subnet) instead of over the public internet. +This decreases risk of failure and decreases time required. +You can read in the database URL using the -e flag, for example: + export DSN=... + kratos cleanup sql -e +### WARNING ### +Before running this command on an existing database, create a back up! +`, + RunE: func(cmd *cobra.Command, args []string) error { + err := cliclient.NewCleanupHandler().CleanupSQL(cmd, args) + if err != nil { + fmt.Fprintln(cmd.OutOrStdout(), err) + return cmdx.FailSilently(cmd) + } + return nil + }, + } + + configx.RegisterFlags(c.PersistentFlags()) + c.Flags().BoolP("read-from-env", "e", true, "If set, reads the database connection string from the environment variable DSN or config file key dsn.") + c.Flags().Duration(config.ViperKeyDatabaseCleanupSleepTables, time.Minute, "How long to wait between each table cleanup") + c.Flags().IntP(config.ViperKeyDatabaseCleanupBatchSize, "b", 100, "Set the number of records to be cleaned per run") + c.Flags().Duration("keep-last", 0, "Don't remove records younger than") + return c +} diff --git a/cmd/cleanup/sql_test.go b/cmd/cleanup/sql_test.go new file mode 100644 index 000000000000..4476467d63be --- /dev/null +++ b/cmd/cleanup/sql_test.go @@ -0,0 +1,24 @@ +package cleanup + +import ( + "bytes" + "io/ioutil" + "strings" + "testing" +) + +func Test_ExecuteCleanupFailedDSN(t *testing.T) { + cmd := NewCleanupSQLCmd() + b := bytes.NewBufferString("") + cmd.SetOut(b) + cmd.SetArgs([]string{"--read-from-env=false"}) + cmd.Execute() + out, err := ioutil.ReadAll(b) + if err != nil { + t.Fatal(err) + } + if !strings.Contains(string(out), "expected to get the DSN as an argument") { + t.Fatalf("expected \"%s\" got \"%s\"", "expected to get the DSN as an argument", string(out)) + } + cmd.Execute() +} diff --git a/cmd/cliclient/cleanup.go b/cmd/cliclient/cleanup.go new file mode 100644 index 000000000000..4cf9b95e0e70 --- /dev/null +++ b/cmd/cliclient/cleanup.go @@ -0,0 +1,60 @@ +package cliclient + +import ( + "github.com/pkg/errors" + + "github.com/ory/x/configx" + + "github.com/spf13/cobra" + + "github.com/ory/kratos/driver" + "github.com/ory/kratos/driver/config" + "github.com/ory/x/flagx" +) + +type CleanupHandler struct{} + +func NewCleanupHandler() *CleanupHandler { + return &CleanupHandler{} +} + +func (h *CleanupHandler) CleanupSQL(cmd *cobra.Command, args []string) error { + opts := []configx.OptionModifier{ + configx.WithFlags(cmd.Flags()), + configx.SkipValidation(), + } + + if !flagx.MustGetBool(cmd, "read-from-env") { + if len(args) != 1 { + return errors.New(`expected to get the DSN as an argument, or the "read-from-env" flag`) + } + opts = append(opts, configx.WithValue(config.ViperKeyDSN, args[0])) + } + + d := driver.NewWithoutInit( + cmd.Context(), + cmd.ErrOrStderr(), + opts..., + ) + if len(d.Config(cmd.Context()).DSN()) == 0 { + return errors.New(`required config value "dsn" was not set`) + } + + err := d.Init(cmd.Context(), driver.SkipNetworkInit) + if err != nil { + return errors.Wrap(err, "An error occurred initializing cleanup") + } + + keepLast := flagx.MustGetDuration(cmd, "keep-last") + + err = d.Persister().CleanupDatabase( + cmd.Context(), + d.Config(cmd.Context()).DatabaseCleanupSleepTables(), + keepLast, + d.Config(cmd.Context()).DatabaseCleanupBatchSize()) + if err != nil { + return errors.Wrap(err, "An error occurred while cleaning up expired data") + } + + return nil +} diff --git a/cmd/root.go b/cmd/root.go index ac744e5b3dc9..f3808a1402c8 100644 --- a/cmd/root.go +++ b/cmd/root.go @@ -5,6 +5,8 @@ import ( "fmt" "os" + "github.com/ory/kratos/cmd/cleanup" + "github.com/ory/kratos/driver/config" "github.com/ory/kratos/cmd/courier" @@ -36,6 +38,7 @@ func NewRootCmd() (cmd *cobra.Command) { cmd.AddCommand(identities.NewListCmd(cmd)) migrate.RegisterCommandRecursive(cmd) serve.RegisterCommandRecursive(cmd) + cleanup.RegisterCommandRecursive(cmd) remote.RegisterCommandRecursive(cmd) cmd.AddCommand(identities.NewValidateCmd()) cmd.AddCommand(cmdx.Version(&config.Version, &config.Commit, &config.Date)) diff --git a/continuity/persistence.go b/continuity/persistence.go index 5a2af3553d48..eff0e9f46e6e 100644 --- a/continuity/persistence.go +++ b/continuity/persistence.go @@ -2,6 +2,7 @@ package continuity import ( "context" + "time" "github.com/gofrs/uuid" ) @@ -14,4 +15,5 @@ type Persister interface { SaveContinuitySession(ctx context.Context, c *Container) error GetContinuitySession(ctx context.Context, id uuid.UUID) (*Container, error) DeleteContinuitySession(ctx context.Context, id uuid.UUID) error + DeleteExpiredContinuitySessions(ctx context.Context, deleteOlder time.Time, pageSize int) error } diff --git a/continuity/test/persistence.go b/continuity/test/persistence.go index 2eb4270e3be6..d48623462e93 100644 --- a/continuity/test/persistence.go +++ b/continuity/test/persistence.go @@ -94,5 +94,28 @@ func TestPersister(ctx context.Context, p interface { require.ErrorIs(t, err, sqlcon.ErrNoRows) }) }) + + t.Run("case=cleanup", func(t *testing.T) { + id := x.NewUUID() + yesterday := time.Now().Add(-24 * time.Hour).UTC().Truncate(time.Second) + m := sqlxx.NullJSONRawMessage(`{"foo": "bar"}`) + expected := continuity.Container{Name: "foo", IdentityID: x.PointToUUID(createIdentity(t).ID), + ExpiresAt: yesterday, + Payload: m, + } + expected.ID = id + + t.Run("can cleanup", func(t *testing.T) { + require.NoError(t, p.SaveContinuitySession(ctx, &expected)) + + assert.EqualValues(t, id, expected.ID) + assert.EqualValues(t, nid, expected.NID) + + require.NoError(t, p.DeleteExpiredContinuitySessions(ctx, time.Now(), 5)) + + _, err := p.GetContinuitySession(ctx, id) + require.Error(t, err) + }) + }) } } diff --git a/driver/config/config.go b/driver/config/config.go index a795f5d71bf3..c4dff6542a2a 100644 --- a/driver/config/config.go +++ b/driver/config/config.go @@ -153,6 +153,8 @@ const ( ViperKeyHasherArgon2ConfigDedicatedMemory = "hashers.argon2.dedicated_memory" ViperKeyHasherBcryptCost = "hashers.bcrypt.cost" ViperKeyCipherAlgorithm = "ciphers.algorithm" + ViperKeyDatabaseCleanupSleepTables = "database.cleanup.sleep.tables" + ViperKeyDatabaseCleanupBatchSize = "database.cleanup.batch_size" ViperKeyLinkLifespan = "selfservice.methods.link.config.lifespan" ViperKeyLinkBaseURL = "selfservice.methods.link.config.base_url" ViperKeyPasswordHaveIBeenPwnedHost = "selfservice.methods.password.config.haveibeenpwned_host" @@ -1074,6 +1076,14 @@ func (p *Config) SelfServiceLinkMethodBaseURL() *url.URL { return p.p.RequestURIF(ViperKeyLinkBaseURL, p.SelfPublicURL()) } +func (p *Config) DatabaseCleanupSleepTables() time.Duration { + return p.p.Duration(ViperKeyDatabaseCleanupSleepTables) +} + +func (p *Config) DatabaseCleanupBatchSize() int { + return p.p.Int(ViperKeyDatabaseCleanupBatchSize) +} + func (p *Config) SelfServiceFlowRecoveryAfterHooks(strategy string) []SelfServiceHook { return p.selfServiceHooks(HookStrategyKey(ViperKeySelfServiceRecoveryAfter, strategy)) } diff --git a/driver/config/config_test.go b/driver/config/config_test.go index 4dbe71136414..595dd61c02cd 100644 --- a/driver/config/config_test.go +++ b/driver/config/config_test.go @@ -48,7 +48,7 @@ func TestViperProvider(t *testing.T) { p := config.MustNew(t, logrusx.New("", ""), os.Stderr, configx.WithConfigFiles("stub/.kratos.yaml")) - t.Run("gourp=client config", func(t *testing.T) { + t.Run("group=client config", func(t *testing.T) { assert.False(t, p.ClientHTTPNoPrivateIPRanges(), "Should not have private IP ranges disabled per default") p.MustSet(config.ViperKeyClientHTTPNoPrivateIPRanges, true) assert.True(t, p.ClientHTTPNoPrivateIPRanges(), "Should disallow private IP ranges if set") @@ -1152,3 +1152,17 @@ func TestCourierTemplatesConfig(t *testing.T) { assert.Equal(t, courierTemplateConfig, c.CourierTemplatesHelper(config.ViperKeyCourierTemplatesRecoveryValidEmail)) }) } + +func TestCleanup(t *testing.T) { + p := config.MustNew(t, logrusx.New("", ""), os.Stderr, + configx.WithConfigFiles("stub/.kratos.yaml")) + + t.Run("group=cleanup config", func(t *testing.T) { + assert.Equal(t, p.DatabaseCleanupSleepTables(), 1*time.Minute) + p.MustSet(config.ViperKeyDatabaseCleanupSleepTables, "1s") + assert.Equal(t, p.DatabaseCleanupSleepTables(), time.Second) + assert.Equal(t, p.DatabaseCleanupBatchSize(), 100) + p.MustSet(config.ViperKeyDatabaseCleanupBatchSize, "1") + assert.Equal(t, p.DatabaseCleanupBatchSize(), 1) + }) +} diff --git a/embedx/config.schema.json b/embedx/config.schema.json index afde0dab18a8..f106b93dd80d 100644 --- a/embedx/config.schema.json +++ b/embedx/config.schema.json @@ -1435,6 +1435,49 @@ } } }, + "database": { + "type": "object", + "title": "Database related configuration", + "description": "Miscellaneous settings used in database related tasks (cleanup, etc.)", + "properties": { + "cleanup": { + "type": "object", + "title": "Database cleanup settings", + "description": "Settings that controls how the database cleanup process is configured (delays, batch size, etc.)", + "properties": { + "batch_size" : { + "type": "integer", + "title": "Number of records to clean in one iteration", + "description": "Controls how many records should be purged from one table during database cleanup task", + "minimum": 1, + "default": 100 + }, + "sleep": { + "type": "object", + "title": "Delays between various database cleanup phases", + "description": "Configures delays between each step of the cleanup process. It is useful to tune the process so it will be efficient and performant.", + "properties": { + "tables": { + "type": "string", + "title": "Delay between each table cleanups", + "description": "Controls the delay time between cleaning each table in one cleanup iteration", + "pattern": "^[0-9]+(ns|us|ms|s|m|h)$", + "default": "1m" + } + } + }, + "older_than": { + "type": "string", + "title": "Remove records older than", + "description": "Controls how old records do we want to leave", + "pattern": "^[0-9]+(ns|us|ms|s|m|h)$", + "default": "0s" + } + } + } + }, + "additionalProperties": false + }, "dsn": { "type": "string", "title": "Data Source Name", diff --git a/persistence/reference.go b/persistence/reference.go index 7afa06685c45..eb01d1d5c665 100644 --- a/persistence/reference.go +++ b/persistence/reference.go @@ -2,6 +2,7 @@ package persistence import ( "context" + "time" "github.com/ory/x/networkx" @@ -43,6 +44,7 @@ type Persister interface { link.RecoveryTokenPersister link.VerificationTokenPersister + CleanupDatabase(context.Context, time.Duration, time.Duration, int) error Close(context.Context) error Ping() error MigrationStatus(c context.Context) (popx.MigrationStatuses, error) diff --git a/persistence/sql/persister.go b/persistence/sql/persister.go index 8cfc5607f57f..5795d81164ad 100644 --- a/persistence/sql/persister.go +++ b/persistence/sql/persister.go @@ -4,6 +4,7 @@ import ( "context" "embed" "fmt" + "time" "github.com/ory/x/fsx" @@ -138,6 +139,57 @@ type node interface { GetNID() uuid.UUID } +func (p *Persister) CleanupDatabase(ctx context.Context, wait time.Duration, older time.Duration, batchSize int) error { + currentTime := time.Now().Add(-older) + p.r.Logger().Printf("Cleaning up records older than %s\n", currentTime) + + p.r.Logger().Println("Cleaning up expired sessions") + if err := p.DeleteExpiredSessions(ctx, currentTime, batchSize); err != nil { + return err + } + time.Sleep(wait) + + p.r.Logger().Println("Cleaning up expired continuity containers") + if err := p.DeleteExpiredContinuitySessions(ctx, currentTime, batchSize); err != nil { + return err + } + time.Sleep(wait) + + p.r.Logger().Println("Cleaning up expired login flows") + if err := p.DeleteExpiredLoginFlows(ctx, currentTime, batchSize); err != nil { + return err + } + time.Sleep(wait) + + p.r.Logger().Println("Cleaning up expired recovery flows") + if err := p.DeleteExpiredRecoveryFlows(ctx, currentTime, batchSize); err != nil { + return err + } + time.Sleep(wait) + + p.r.Logger().Println("Cleaning up expired registation flows") + if err := p.DeleteExpiredRegistrationFlows(ctx, currentTime, batchSize); err != nil { + return err + } + time.Sleep(wait) + + p.r.Logger().Println("Cleaning up expired settings flows") + if err := p.DeleteExpiredSettingsFlows(ctx, currentTime, batchSize); err != nil { + return err + } + time.Sleep(wait) + + p.r.Logger().Println("Cleaning up expired verification flows") + if err := p.DeleteExpiredVerificationFlows(ctx, currentTime, batchSize); err != nil { + return err + } + time.Sleep(wait) + + p.r.Logger().Println("Successfully cleaned up the latest batch of the SQL database! " + + "This should be re-run periodically, to be sure that all expired data is purged.") + return nil +} + func (p *Persister) update(ctx context.Context, v node, columnNames ...string) error { ctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, "persistence.sql.update") defer span.End() diff --git a/persistence/sql/persister_cleanup_test.go b/persistence/sql/persister_cleanup_test.go new file mode 100644 index 000000000000..bedf286bcbee --- /dev/null +++ b/persistence/sql/persister_cleanup_test.go @@ -0,0 +1,138 @@ +package sql_test + +import ( + "context" + "testing" + "time" + + "github.com/stretchr/testify/assert" + + "github.com/ory/kratos/internal" +) + +func TestPersister_Cleanup(t *testing.T) { + _, reg := internal.NewFastRegistryWithMocks(t) + p := reg.Persister() + ctx := context.Background() + + t.Run("case=should not throw error on cleanup", func(t *testing.T) { + assert.Nil(t, p.CleanupDatabase(ctx, 0, 0, reg.Config(context.Background()).DatabaseCleanupBatchSize())) + }) + + t.Run("case=should throw error on cleanup", func(t *testing.T) { + p.GetConnection(ctx).Close() + assert.Error(t, p.CleanupDatabase(ctx, 0, 0, reg.Config(context.Background()).DatabaseCleanupBatchSize())) + }) +} + +func TestPersister_Continuity_Cleanup(t *testing.T) { + _, reg := internal.NewFastRegistryWithMocks(t) + p := reg.Persister() + currentTime := time.Now() + ctx := context.Background() + + t.Run("case=should not throw error on cleanup continuity sessions", func(t *testing.T) { + assert.Nil(t, p.DeleteExpiredContinuitySessions(ctx, currentTime, reg.Config(context.Background()).DatabaseCleanupBatchSize())) + }) + + t.Run("case=should throw error on cleanup continuity sessions", func(t *testing.T) { + p.GetConnection(ctx).Close() + assert.Error(t, p.DeleteExpiredContinuitySessions(ctx, currentTime, reg.Config(context.Background()).DatabaseCleanupBatchSize())) + }) +} + +func TestPersister_Login_Cleanup(t *testing.T) { + _, reg := internal.NewFastRegistryWithMocks(t) + p := reg.Persister() + currentTime := time.Now() + ctx := context.Background() + + t.Run("case=should not throw error on cleanup login flows", func(t *testing.T) { + assert.Nil(t, p.DeleteExpiredLoginFlows(ctx, currentTime, reg.Config(context.Background()).DatabaseCleanupBatchSize())) + }) + + t.Run("case=should throw error on cleanup login flows", func(t *testing.T) { + p.GetConnection(ctx).Close() + assert.Error(t, p.DeleteExpiredLoginFlows(ctx, currentTime, reg.Config(context.Background()).DatabaseCleanupBatchSize())) + }) +} + +func TestPersister_Recovery_Cleanup(t *testing.T) { + _, reg := internal.NewFastRegistryWithMocks(t) + p := reg.Persister() + currentTime := time.Now() + ctx := context.Background() + + t.Run("case=should not throw error on cleanup recovery flows", func(t *testing.T) { + assert.Nil(t, p.DeleteExpiredRecoveryFlows(ctx, currentTime, reg.Config(context.Background()).DatabaseCleanupBatchSize())) + }) + + t.Run("case=should throw error on cleanup recovery flows", func(t *testing.T) { + p.GetConnection(ctx).Close() + assert.Error(t, p.DeleteExpiredRecoveryFlows(ctx, currentTime, reg.Config(context.Background()).DatabaseCleanupBatchSize())) + }) +} + +func TestPersister_Registration_Cleanup(t *testing.T) { + _, reg := internal.NewFastRegistryWithMocks(t) + p := reg.Persister() + currentTime := time.Now() + ctx := context.Background() + + t.Run("case=should not throw error on cleanup registration flows", func(t *testing.T) { + assert.Nil(t, p.DeleteExpiredRegistrationFlows(ctx, currentTime, reg.Config(context.Background()).DatabaseCleanupBatchSize())) + }) + + t.Run("case=should throw error on cleanup registration flows", func(t *testing.T) { + p.GetConnection(ctx).Close() + assert.Error(t, p.DeleteExpiredRegistrationFlows(ctx, currentTime, reg.Config(context.Background()).DatabaseCleanupBatchSize())) + }) +} + +func TestPersister_Session_Cleanup(t *testing.T) { + _, reg := internal.NewFastRegistryWithMocks(t) + p := reg.Persister() + currentTime := time.Now() + ctx := context.Background() + + t.Run("case=should not throw error on cleanup sessions", func(t *testing.T) { + assert.Nil(t, p.DeleteExpiredSessions(ctx, currentTime, reg.Config(context.Background()).DatabaseCleanupBatchSize())) + }) + + t.Run("case=should throw error on cleanup sessions", func(t *testing.T) { + p.GetConnection(ctx).Close() + assert.Error(t, p.DeleteExpiredSessions(ctx, currentTime, reg.Config(context.Background()).DatabaseCleanupBatchSize())) + }) +} + +func TestPersister_Settings_Cleanup(t *testing.T) { + _, reg := internal.NewFastRegistryWithMocks(t) + p := reg.Persister() + currentTime := time.Now() + ctx := context.Background() + + t.Run("case=should not throw error on cleanup setting flows", func(t *testing.T) { + assert.Nil(t, p.DeleteExpiredSettingsFlows(ctx, currentTime, reg.Config(context.Background()).DatabaseCleanupBatchSize())) + }) + + t.Run("case=should throw error on cleanup setting flows", func(t *testing.T) { + p.GetConnection(ctx).Close() + assert.Error(t, p.DeleteExpiredSettingsFlows(ctx, currentTime, reg.Config(context.Background()).DatabaseCleanupBatchSize())) + }) +} + +func TestPersister_Verification_Cleanup(t *testing.T) { + _, reg := internal.NewFastRegistryWithMocks(t) + p := reg.Persister() + currentTime := time.Now() + ctx := context.Background() + + t.Run("case=should not throw error on cleanup verification flows", func(t *testing.T) { + assert.Nil(t, p.DeleteExpiredVerificationFlows(ctx, currentTime, reg.Config(context.Background()).DatabaseCleanupBatchSize())) + }) + + t.Run("case=should throw error on cleanup verification flows", func(t *testing.T) { + p.GetConnection(ctx).Close() + assert.Error(t, p.DeleteExpiredVerificationFlows(ctx, currentTime, reg.Config(context.Background()).DatabaseCleanupBatchSize())) + }) +} diff --git a/persistence/sql/persister_continuity.go b/persistence/sql/persister_continuity.go index f752f60987ed..9151a4ba1dde 100644 --- a/persistence/sql/persister_continuity.go +++ b/persistence/sql/persister_continuity.go @@ -3,6 +3,7 @@ package sql import ( "context" "fmt" + "time" "github.com/pkg/errors" @@ -50,3 +51,20 @@ func (p *Persister) DeleteContinuitySession(ctx context.Context, id uuid.UUID) e } return nil } + +func (p *Persister) DeleteExpiredContinuitySessions(ctx context.Context, expiresAt time.Time, limit int) error { + // #nosec G201 + err := p.GetConnection(ctx).RawQuery(fmt.Sprintf( + "DELETE FROM %s WHERE id in (SELECT id FROM (SELECT id FROM %s c WHERE expires_at <= ? and nid = ? ORDER BY expires_at ASC LIMIT %d ) AS s )", + new(continuity.Container).TableName(ctx), + new(continuity.Container).TableName(ctx), + limit, + ), + expiresAt, + corp.ContextualizeNID(ctx, p.nid), + ).Exec() + if err != nil { + return sqlcon.HandleError(err) + } + return nil +} diff --git a/persistence/sql/persister_login.go b/persistence/sql/persister_login.go index 2d2ce9bc74d5..5ff446e51398 100644 --- a/persistence/sql/persister_login.go +++ b/persistence/sql/persister_login.go @@ -2,6 +2,8 @@ package sql import ( "context" + "fmt" + "time" "github.com/ory/kratos/corp" @@ -63,3 +65,20 @@ func (p *Persister) ForceLoginFlow(ctx context.Context, id uuid.UUID) error { return tx.Save(lr, "nid") }) } + +func (p *Persister) DeleteExpiredLoginFlows(ctx context.Context, expiresAt time.Time, limit int) error { + // #nosec G201 + err := p.GetConnection(ctx).RawQuery(fmt.Sprintf( + "DELETE FROM %s WHERE id in (SELECT id FROM (SELECT id FROM %s c WHERE expires_at <= ? and nid = ? ORDER BY expires_at ASC LIMIT %d ) AS s )", + new(login.Flow).TableName(ctx), + new(login.Flow).TableName(ctx), + limit, + ), + expiresAt, + corp.ContextualizeNID(ctx, p.nid), + ).Exec() + if err != nil { + return sqlcon.HandleError(err) + } + return nil +} diff --git a/persistence/sql/persister_recovery.go b/persistence/sql/persister_recovery.go index b378743dd559..1bb5b01e5a65 100644 --- a/persistence/sql/persister_recovery.go +++ b/persistence/sql/persister_recovery.go @@ -111,3 +111,20 @@ func (p *Persister) DeleteRecoveryToken(ctx context.Context, token string) error /* #nosec G201 TableName is static */ return p.GetConnection(ctx).RawQuery(fmt.Sprintf("DELETE FROM %s WHERE token=? AND nid = ?", new(link.RecoveryToken).TableName(ctx)), token, corp.ContextualizeNID(ctx, p.nid)).Exec() } + +func (p *Persister) DeleteExpiredRecoveryFlows(ctx context.Context, expiresAt time.Time, limit int) error { + // #nosec G201 + err := p.GetConnection(ctx).RawQuery(fmt.Sprintf( + "DELETE FROM %s WHERE id in (SELECT id FROM (SELECT id FROM %s c WHERE expires_at <= ? and nid = ? ORDER BY expires_at ASC LIMIT %d ) AS s )", + new(recovery.Flow).TableName(ctx), + new(recovery.Flow).TableName(ctx), + limit, + ), + expiresAt, + corp.ContextualizeNID(ctx, p.nid), + ).Exec() + if err != nil { + return sqlcon.HandleError(err) + } + return nil +} diff --git a/persistence/sql/persister_registration.go b/persistence/sql/persister_registration.go index 6cea6a11d737..6b242fabddce 100644 --- a/persistence/sql/persister_registration.go +++ b/persistence/sql/persister_registration.go @@ -2,6 +2,8 @@ package sql import ( "context" + "fmt" + "time" "github.com/ory/kratos/corp" @@ -43,3 +45,20 @@ func (p *Persister) GetRegistrationFlow(ctx context.Context, id uuid.UUID) (*reg return &r, nil } + +func (p *Persister) DeleteExpiredRegistrationFlows(ctx context.Context, expiresAt time.Time, limit int) error { + // #nosec G201 + err := p.GetConnection(ctx).RawQuery(fmt.Sprintf( + "DELETE FROM %s WHERE id in (SELECT id FROM (SELECT id FROM %s c WHERE expires_at <= ? and nid = ? ORDER BY expires_at ASC LIMIT %d ) AS s )", + new(registration.Flow).TableName(ctx), + new(registration.Flow).TableName(ctx), + limit, + ), + expiresAt, + corp.ContextualizeNID(ctx, p.nid), + ).Exec() + if err != nil { + return sqlcon.HandleError(err) + } + return nil +} diff --git a/persistence/sql/persister_session.go b/persistence/sql/persister_session.go index 321ea9280e82..be4088896aca 100644 --- a/persistence/sql/persister_session.go +++ b/persistence/sql/persister_session.go @@ -4,6 +4,7 @@ import ( "context" "database/sql" "fmt" + "time" "github.com/gobuffalo/pop/v6" @@ -226,3 +227,19 @@ func (p *Persister) RevokeSessionsIdentityExcept(ctx context.Context, iID, sID u } return count, nil } + +func (p *Persister) DeleteExpiredSessions(ctx context.Context, expiresAt time.Time, limit int) error { + err := p.GetConnection(ctx).RawQuery(fmt.Sprintf( + "DELETE FROM %s WHERE id in (SELECT id FROM (SELECT id FROM %s c WHERE expires_at <= ? and nid = ? ORDER BY expires_at ASC LIMIT %d ) AS s )", + corp.ContextualizeTableName(ctx, "sessions"), + corp.ContextualizeTableName(ctx, "sessions"), + limit, + ), + expiresAt, + corp.ContextualizeNID(ctx, p.nid), + ).Exec() + if err != nil { + return sqlcon.HandleError(err) + } + return nil +} diff --git a/persistence/sql/persister_settings.go b/persistence/sql/persister_settings.go index 97893d54c2c4..294ccde391a2 100644 --- a/persistence/sql/persister_settings.go +++ b/persistence/sql/persister_settings.go @@ -2,6 +2,8 @@ package sql import ( "context" + "fmt" + "time" "github.com/gofrs/uuid" @@ -51,3 +53,20 @@ func (p *Persister) UpdateSettingsFlow(ctx context.Context, r *settings.Flow) er cp.NID = corp.ContextualizeNID(ctx, p.nid) return p.update(ctx, cp) } + +func (p *Persister) DeleteExpiredSettingsFlows(ctx context.Context, expiresAt time.Time, limit int) error { + // #nosec G201 + err := p.GetConnection(ctx).RawQuery(fmt.Sprintf( + "DELETE FROM %s WHERE id in (SELECT id FROM (SELECT id FROM %s c WHERE expires_at <= ? and nid = ? ORDER BY expires_at ASC LIMIT %d ) AS s )", + new(settings.Flow).TableName(ctx), + new(settings.Flow).TableName(ctx), + limit, + ), + expiresAt, + corp.ContextualizeNID(ctx, p.nid), + ).Exec() + if err != nil { + return sqlcon.HandleError(err) + } + return nil +} diff --git a/persistence/sql/persister_verification.go b/persistence/sql/persister_verification.go index f6b7c393a350..5567d8e801de 100644 --- a/persistence/sql/persister_verification.go +++ b/persistence/sql/persister_verification.go @@ -113,3 +113,20 @@ func (p *Persister) DeleteVerificationToken(ctx context.Context, token string) e /* #nosec G201 TableName is static */ return p.GetConnection(ctx).RawQuery(fmt.Sprintf("DELETE FROM %s WHERE token=? AND nid = ?", new(link.VerificationToken).TableName(ctx)), token, nid).Exec() } + +func (p *Persister) DeleteExpiredVerificationFlows(ctx context.Context, expiresAt time.Time, limit int) error { + // #nosec G201 + err := p.GetConnection(ctx).RawQuery(fmt.Sprintf( + "DELETE FROM %s WHERE id in (SELECT id FROM (SELECT id FROM %s c WHERE expires_at <= ? and nid = ? ORDER BY expires_at ASC LIMIT %d ) AS s )", + new(verification.Flow).TableName(ctx), + new(verification.Flow).TableName(ctx), + limit, + ), + expiresAt, + corp.ContextualizeNID(ctx, p.nid), + ).Exec() + if err != nil { + return sqlcon.HandleError(err) + } + return nil +} diff --git a/selfservice/flow/login/persistence.go b/selfservice/flow/login/persistence.go index 68884a4dc0c5..fac9daab56ed 100644 --- a/selfservice/flow/login/persistence.go +++ b/selfservice/flow/login/persistence.go @@ -2,6 +2,7 @@ package login import ( "context" + "time" "github.com/gofrs/uuid" ) @@ -12,6 +13,7 @@ type ( CreateLoginFlow(context.Context, *Flow) error GetLoginFlow(context.Context, uuid.UUID) (*Flow, error) ForceLoginFlow(ctx context.Context, id uuid.UUID) error + DeleteExpiredLoginFlows(context.Context, time.Time, int) error } FlowPersistenceProvider interface { LoginFlowPersister() FlowPersister diff --git a/selfservice/flow/recovery/persistence.go b/selfservice/flow/recovery/persistence.go index d64dce3196b4..35f482cc329f 100644 --- a/selfservice/flow/recovery/persistence.go +++ b/selfservice/flow/recovery/persistence.go @@ -2,6 +2,7 @@ package recovery import ( "context" + "time" "github.com/gofrs/uuid" ) @@ -11,6 +12,7 @@ type ( CreateRecoveryFlow(context.Context, *Flow) error GetRecoveryFlow(ctx context.Context, id uuid.UUID) (*Flow, error) UpdateRecoveryFlow(context.Context, *Flow) error + DeleteExpiredRecoveryFlows(context.Context, time.Time, int) error } FlowPersistenceProvider interface { RecoveryFlowPersister() FlowPersister diff --git a/selfservice/flow/registration/persistence.go b/selfservice/flow/registration/persistence.go index 54af2006d1f4..f19965789a23 100644 --- a/selfservice/flow/registration/persistence.go +++ b/selfservice/flow/registration/persistence.go @@ -2,6 +2,7 @@ package registration import ( "context" + "time" "github.com/gofrs/uuid" ) @@ -10,6 +11,7 @@ type FlowPersister interface { UpdateRegistrationFlow(context.Context, *Flow) error CreateRegistrationFlow(context.Context, *Flow) error GetRegistrationFlow(context.Context, uuid.UUID) (*Flow, error) + DeleteExpiredRegistrationFlows(context.Context, time.Time, int) error } type FlowPersistenceProvider interface { diff --git a/selfservice/flow/settings/persistence.go b/selfservice/flow/settings/persistence.go index 167260ff2803..fe7d78108f6d 100644 --- a/selfservice/flow/settings/persistence.go +++ b/selfservice/flow/settings/persistence.go @@ -2,6 +2,7 @@ package settings import ( "context" + "time" "github.com/gofrs/uuid" ) @@ -11,6 +12,7 @@ type ( CreateSettingsFlow(context.Context, *Flow) error GetSettingsFlow(ctx context.Context, id uuid.UUID) (*Flow, error) UpdateSettingsFlow(context.Context, *Flow) error + DeleteExpiredSettingsFlows(context.Context, time.Time, int) error } FlowPersistenceProvider interface { SettingsFlowPersister() FlowPersister diff --git a/selfservice/flow/verification/persistence.go b/selfservice/flow/verification/persistence.go index 275f860ff2ae..f8898a1d71a4 100644 --- a/selfservice/flow/verification/persistence.go +++ b/selfservice/flow/verification/persistence.go @@ -2,6 +2,7 @@ package verification import ( "context" + "time" "github.com/gofrs/uuid" ) @@ -14,5 +15,6 @@ type ( CreateVerificationFlow(context.Context, *Flow) error GetVerificationFlow(ctx context.Context, id uuid.UUID) (*Flow, error) UpdateVerificationFlow(context.Context, *Flow) error + DeleteExpiredVerificationFlows(context.Context, time.Time, int) error } ) diff --git a/session/persistence.go b/session/persistence.go index 075209f7e866..48bb98c7d6e9 100644 --- a/session/persistence.go +++ b/session/persistence.go @@ -3,6 +3,7 @@ package session import ( "context" "testing" + "time" "github.com/bxcodec/faker/v3" "github.com/gofrs/uuid" @@ -40,6 +41,9 @@ type Persister interface { // instead of a session ID. GetSessionByToken(context.Context, string) (*Session, error) + // DeleteExpiredSessions deletes sessions that expired before the given time. + DeleteExpiredSessions(context.Context, time.Time, int) error + // DeleteSessionByToken deletes a session associated with the given token. // // Functionality is similar to DeleteSession but accepts a session token From 561187dafe2fea324d55c4efe3ffa6b65f9bed72 Mon Sep 17 00:00:00 2001 From: Tsirkin Evgeny Date: Mon, 20 Jun 2022 11:52:21 +0300 Subject: [PATCH 107/411] feat: handler for update API with credentials (#2423) Fix #2334 --- identity/handler.go | 16 +++++++++++++++ identity/handler_test.go | 43 ++++++++++++++++++++++++++++++++++++++++ 2 files changed, 59 insertions(+) diff --git a/identity/handler.go b/identity/handler.go index 0b28459a0b5a..03d96d2f6bad 100644 --- a/identity/handler.go +++ b/identity/handler.go @@ -400,6 +400,13 @@ type AdminUpdateIdentityBody struct { // required: true Traits json.RawMessage `json:"traits"` + // Credentials represents all credentials that can be used for authenticating this identity. + // + // Use this structure to import credentials for a user. + // Note: this wil override completely identity's credentials. If used incorrectly, this can cause a user to lose + // access to their account! + Credentials *AdminIdentityImportCredentials `json:"credentials"` + // Store metadata about the identity which the identity itself can see when calling for example the // session endpoint. Do not store sensitive information (e.g. credit score) about the identity in this field. MetadataPublic json.RawMessage `json:"metadata_public"` @@ -472,6 +479,15 @@ func (h *Handler) update(w http.ResponseWriter, r *http.Request, ps httprouter.P identity.Traits = []byte(ur.Traits) identity.MetadataPublic = []byte(ur.MetadataPublic) identity.MetadataAdmin = []byte(ur.MetadataAdmin) + + // Although this is PUT and not PATCH, if the Credentials are not supplied keep the old one + if ur.Credentials != nil { + if err := h.importCredentials(r.Context(), identity, ur.Credentials); err != nil { + h.r.Writer().WriteError(w, r, err) + return + } + } + if err := h.r.IdentityManager().Update( r.Context(), identity, diff --git a/identity/handler_test.go b/identity/handler_test.go index 74abadba0d76..659ab0ab4f46 100644 --- a/identity/handler_test.go +++ b/identity/handler_test.go @@ -459,6 +459,49 @@ func TestHandler(t *testing.T) { }) } }) + t.Run("case=should update an identity with credentials", func(t *testing.T) { + i := &identity.Identity{Traits: identity.Traits(fmt.Sprintf(`{"subject":"%s"}`, x.NewUUID().String()))} + require.NoError(t, reg.PrivilegedIdentityPool().CreateIdentity(context.Background(), i)) + + for name, ts := range map[string]*httptest.Server{"public": publicTS, "admin": adminTS} { + t.Run("endpoint="+name, func(t *testing.T) { + credentials := identity.AdminIdentityImportCredentials{ + Password: &identity.AdminIdentityImportCredentialsPassword{ + Config: identity.AdminIdentityImportCredentialsPasswordConfig{ + Password: "pswd1234", + }, + }, + } + ur := identity.AdminUpdateIdentityBody{ + Traits: []byte(`{"bar":"baz","foo":"baz"}`), + SchemaID: i.SchemaID, + State: identity.StateInactive, + MetadataPublic: []byte(`{"public":"metadata"}`), + MetadataAdmin: []byte(`{"admin":"metadata"}`), + Credentials: &credentials, + } + + res := send(t, ts, "PUT", "/identities/"+i.ID.String(), http.StatusOK, &ur) + assert.EqualValues(t, "baz", res.Get("traits.bar").String(), "%s", res.Raw) + assert.EqualValues(t, "baz", res.Get("traits.foo").String(), "%s", res.Raw) + assert.EqualValues(t, "metadata", res.Get("metadata_admin.admin").String(), "%s", res.Raw) + assert.EqualValues(t, "metadata", res.Get("metadata_public.public").String(), "%s", res.Raw) + assert.EqualValues(t, identity.StateInactive, res.Get("state").String(), "%s", res.Raw) + assert.NotEqualValues(t, i.StateChangedAt, sqlxx.NullTime(res.Get("state_changed_at").Time()), "%s", res.Raw) + + res = get(t, ts, "/identities/"+i.ID.String(), http.StatusOK) + assert.EqualValues(t, i.ID.String(), res.Get("id").String(), "%s", res.Raw) + assert.EqualValues(t, "baz", res.Get("traits.bar").String(), "%s", res.Raw) + assert.EqualValues(t, "metadata", res.Get("metadata_admin.admin").String(), "%s", res.Raw) + assert.EqualValues(t, "metadata", res.Get("metadata_public.public").String(), "%s", res.Raw) + assert.EqualValues(t, identity.StateInactive, res.Get("state").String(), "%s", res.Raw) + assert.NotEqualValues(t, i.StateChangedAt, sqlxx.NullTime(res.Get("state_changed_at").Time()), "%s", res.Raw) + actual, err := reg.PrivilegedIdentityPool().GetIdentityConfidential(context.Background(), i.ID) + require.NoError(t, err) + require.NoError(t, hash.Compare(ctx, []byte("pswd1234"), []byte(gjson.GetBytes(actual.Credentials[identity.CredentialsTypePassword].Config, "hashed_password").String()))) + }) + } + }) t.Run("case=should delete a user and no longer be able to retrieve it", func(t *testing.T) { for name, ts := range map[string]*httptest.Server{"public": publicTS, "admin": adminTS} { From 00cd0961e87e647f8f5ba716d4691d3e559da228 Mon Sep 17 00:00:00 2001 From: ory-bot <60093411+ory-bot@users.noreply.github.com> Date: Mon, 20 Jun 2022 08:54:18 +0000 Subject: [PATCH 108/411] autogen(openapi): regenerate swagger spec and internal client [skip ci] --- internal/httpclient/api/openapi.yaml | 61 +++++++++++++++++++ .../docs/AdminUpdateIdentityBody.md | 26 ++++++++ .../model_admin_update_identity_body.go | 36 +++++++++++ spec/api.json | 3 + spec/swagger.json | 3 + 5 files changed, 129 insertions(+) diff --git a/internal/httpclient/api/openapi.yaml b/internal/httpclient/api/openapi.yaml index a6426639e920..29f398d8cea7 100644 --- a/internal/httpclient/api/openapi.yaml +++ b/internal/httpclient/api/openapi.yaml @@ -2709,9 +2709,26 @@ components: example: metadata_admin: "" traits: '{}' + credentials: + password: + config: + hashed_password: hashed_password + password: password + oidc: + config: + config: + hashed_password: hashed_password + password: password + providers: + - provider: provider + subject: subject + - provider: provider + subject: subject schema_id: schema_id metadata_public: "" properties: + credentials: + $ref: '#/components/schemas/adminIdentityImportCredentials' metadata_admin: description: Store metadata about the user which is only accessible through admin APIs such as `GET /admin/identities/`. @@ -2832,11 +2849,30 @@ components: - traits type: object adminCreateIdentityImportCredentialsOidc: + example: + config: + config: + hashed_password: hashed_password + password: password + providers: + - provider: provider + subject: subject + - provider: provider + subject: subject properties: config: $ref: '#/components/schemas/adminCreateIdentityImportCredentialsOidcConfig' type: object adminCreateIdentityImportCredentialsOidcConfig: + example: + config: + hashed_password: hashed_password + password: password + providers: + - provider: provider + subject: subject + - provider: provider + subject: subject properties: config: $ref: '#/components/schemas/adminCreateIdentityImportCredentialsPasswordConfig' @@ -2847,6 +2883,9 @@ components: type: array type: object adminCreateIdentityImportCredentialsOidcProvider: + example: + provider: provider + subject: subject properties: provider: description: The OpenID Connect provider to link the subject to. Usually @@ -2861,11 +2900,18 @@ components: - subject type: object adminCreateIdentityImportCredentialsPassword: + example: + config: + hashed_password: hashed_password + password: password properties: config: $ref: '#/components/schemas/adminCreateIdentityImportCredentialsPasswordConfig' type: object adminCreateIdentityImportCredentialsPasswordConfig: + example: + hashed_password: hashed_password + password: password properties: hashed_password: description: The hashed password in [PHC format]( https://www.ory.sh/docs/kratos/concepts/credentials/username-email-password#hashed-password-format) @@ -2891,6 +2937,21 @@ components: - identity_id type: object adminIdentityImportCredentials: + example: + password: + config: + hashed_password: hashed_password + password: password + oidc: + config: + config: + hashed_password: hashed_password + password: password + providers: + - provider: provider + subject: subject + - provider: provider + subject: subject properties: oidc: $ref: '#/components/schemas/adminCreateIdentityImportCredentialsOidc' diff --git a/internal/httpclient/docs/AdminUpdateIdentityBody.md b/internal/httpclient/docs/AdminUpdateIdentityBody.md index 9da33c1a41e1..0bce941950c9 100644 --- a/internal/httpclient/docs/AdminUpdateIdentityBody.md +++ b/internal/httpclient/docs/AdminUpdateIdentityBody.md @@ -4,6 +4,7 @@ Name | Type | Description | Notes ------------ | ------------- | ------------- | ------------- +**Credentials** | Pointer to [**AdminIdentityImportCredentials**](AdminIdentityImportCredentials.md) | | [optional] **MetadataAdmin** | Pointer to **interface{}** | Store metadata about the user which is only accessible through admin APIs such as `GET /admin/identities/<id>`. | [optional] **MetadataPublic** | Pointer to **interface{}** | Store metadata about the identity which the identity itself can see when calling for example the session endpoint. Do not store sensitive information (e.g. credit score) about the identity in this field. | [optional] **SchemaId** | **string** | SchemaID is the ID of the JSON Schema to be used for validating the identity's traits. If set will update the Identity's SchemaID. | @@ -29,6 +30,31 @@ NewAdminUpdateIdentityBodyWithDefaults instantiates a new AdminUpdateIdentityBod This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set +### GetCredentials + +`func (o *AdminUpdateIdentityBody) GetCredentials() AdminIdentityImportCredentials` + +GetCredentials returns the Credentials field if non-nil, zero value otherwise. + +### GetCredentialsOk + +`func (o *AdminUpdateIdentityBody) GetCredentialsOk() (*AdminIdentityImportCredentials, bool)` + +GetCredentialsOk returns a tuple with the Credentials field if it's non-nil, zero value otherwise +and a boolean to check if the value has been set. + +### SetCredentials + +`func (o *AdminUpdateIdentityBody) SetCredentials(v AdminIdentityImportCredentials)` + +SetCredentials sets Credentials field to given value. + +### HasCredentials + +`func (o *AdminUpdateIdentityBody) HasCredentials() bool` + +HasCredentials returns a boolean if a field has been set. + ### GetMetadataAdmin `func (o *AdminUpdateIdentityBody) GetMetadataAdmin() interface{}` diff --git a/internal/httpclient/model_admin_update_identity_body.go b/internal/httpclient/model_admin_update_identity_body.go index 152fe5b0661e..98d7a7f5ffb9 100644 --- a/internal/httpclient/model_admin_update_identity_body.go +++ b/internal/httpclient/model_admin_update_identity_body.go @@ -17,6 +17,7 @@ import ( // AdminUpdateIdentityBody struct for AdminUpdateIdentityBody type AdminUpdateIdentityBody struct { + Credentials *AdminIdentityImportCredentials `json:"credentials,omitempty"` // Store metadata about the user which is only accessible through admin APIs such as `GET /admin/identities/`. MetadataAdmin interface{} `json:"metadata_admin,omitempty"` // Store metadata about the identity which the identity itself can see when calling for example the session endpoint. Do not store sensitive information (e.g. credit score) about the identity in this field. @@ -48,6 +49,38 @@ func NewAdminUpdateIdentityBodyWithDefaults() *AdminUpdateIdentityBody { return &this } +// GetCredentials returns the Credentials field value if set, zero value otherwise. +func (o *AdminUpdateIdentityBody) GetCredentials() AdminIdentityImportCredentials { + if o == nil || o.Credentials == nil { + var ret AdminIdentityImportCredentials + return ret + } + return *o.Credentials +} + +// GetCredentialsOk returns a tuple with the Credentials field value if set, nil otherwise +// and a boolean to check if the value has been set. +func (o *AdminUpdateIdentityBody) GetCredentialsOk() (*AdminIdentityImportCredentials, bool) { + if o == nil || o.Credentials == nil { + return nil, false + } + return o.Credentials, true +} + +// HasCredentials returns a boolean if a field has been set. +func (o *AdminUpdateIdentityBody) HasCredentials() bool { + if o != nil && o.Credentials != nil { + return true + } + + return false +} + +// SetCredentials gets a reference to the given AdminIdentityImportCredentials and assigns it to the Credentials field. +func (o *AdminUpdateIdentityBody) SetCredentials(v AdminIdentityImportCredentials) { + o.Credentials = &v +} + // GetMetadataAdmin returns the MetadataAdmin field value if set, zero value otherwise (both if not set or set to explicit null). func (o *AdminUpdateIdentityBody) GetMetadataAdmin() interface{} { if o == nil { @@ -188,6 +221,9 @@ func (o *AdminUpdateIdentityBody) SetTraits(v map[string]interface{}) { func (o AdminUpdateIdentityBody) MarshalJSON() ([]byte, error) { toSerialize := map[string]interface{}{} + if o.Credentials != nil { + toSerialize["credentials"] = o.Credentials + } if o.MetadataAdmin != nil { toSerialize["metadata_admin"] = o.MetadataAdmin } diff --git a/spec/api.json b/spec/api.json index a29839998ea6..4223de330915 100755 --- a/spec/api.json +++ b/spec/api.json @@ -8,6 +8,9 @@ "schemas": { "AdminUpdateIdentityBody": { "properties": { + "credentials": { + "$ref": "#/components/schemas/adminIdentityImportCredentials" + }, "metadata_admin": { "description": "Store metadata about the user which is only accessible through admin APIs such as `GET /admin/identities/\u003cid\u003e`." }, diff --git a/spec/swagger.json b/spec/swagger.json index 7b0dbfae032a..da091eb1eb87 100755 --- a/spec/swagger.json +++ b/spec/swagger.json @@ -2387,6 +2387,9 @@ "state" ], "properties": { + "credentials": { + "$ref": "#/definitions/adminIdentityImportCredentials" + }, "metadata_admin": { "description": "Store metadata about the user which is only accessible through admin APIs such as `GET /admin/identities/\u003cid\u003e`.", "type": "object" From bcf2bbd24eda74c19770eac8513c83d5ff2b27f8 Mon Sep 17 00:00:00 2001 From: ory-bot <60093411+ory-bot@users.noreply.github.com> Date: Mon, 20 Jun 2022 09:34:52 +0000 Subject: [PATCH 109/411] autogen(docs): regenerate and update changelog [skip ci] --- CHANGELOG.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 86a889923854..79b67e7dc68c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,7 +4,7 @@ **Table of Contents** -- [ (2022-06-18)](#2022-06-18) +- [ (2022-06-20)](#2022-06-20) - [Bug Fixes](#bug-fixes) - [Documentation](#documentation) - [Features](#features) @@ -260,7 +260,7 @@ -# [](https://github.com/ory/kratos/compare/v0.10.1...v) (2022-06-18) +# [](https://github.com/ory/kratos/compare/v0.10.1...v) (2022-06-20) ### Bug Fixes @@ -280,6 +280,8 @@ * Add autocomplete attributes ([#2523](https://github.com/ory/kratos/issues/2523)) ([6284a9a](https://github.com/ory/kratos/commit/6284a9a5152924018d85f306e5758e9d8d759283)), closes [#2396](https://github.com/ory/kratos/issues/2396) * Add codecov yaml ([90da0bb](https://github.com/ory/kratos/commit/90da0bb4aeb50ed697c998342300cc56de5d5e1c)) * Add DingTalk social login ([#2494](https://github.com/ory/kratos/issues/2494)) ([7b966bd](https://github.com/ory/kratos/commit/7b966bd16333f419b2a57f2a0b8684d6d86b34e6)) +* **cli:** Helper for cleaning up stale records ([#2406](https://github.com/ory/kratos/issues/2406)) ([29d6376](https://github.com/ory/kratos/commit/29d6376e22e4de617ec63ca0a5dcb4dbf34c7c37)), closes [#952](https://github.com/ory/kratos/issues/952) +* Handler for update API with credentials ([#2423](https://github.com/ory/kratos/issues/2423)) ([561187d](https://github.com/ory/kratos/commit/561187dafe2fea324d55c4efe3ffa6b65f9bed72)), closes [#2334](https://github.com/ory/kratos/issues/2334) # [0.10.1](https://github.com/ory/kratos/compare/v0.10.0...v0.10.1) (2022-06-01) From e57325545a3ffaec9ff8e65a9c6bc190cddc81eb Mon Sep 17 00:00:00 2001 From: aeneasr <3372410+aeneasr@users.noreply.github.com> Date: Wed, 22 Jun 2022 08:05:20 +0000 Subject: [PATCH 110/411] chore: update repository templates [skip ci] - updated repository templates to https://github.com/ory/meta/commit/0206ac31740d50920ac30c25209e5ecc20d11964 --- .github/ISSUE_TEMPLATE/BUG-REPORT.yml | 50 ++--- .github/ISSUE_TEMPLATE/DESIGN-DOC.yml | 32 ++-- .github/ISSUE_TEMPLATE/FEATURE-REQUEST.yml | 30 +-- .github/config.yml | 2 +- .github/pull_request_template.md | 6 +- .github/workflows/closed_references.yml | 6 +- .github/workflows/milestone.yml | 6 +- .github/workflows/stale.yml | 10 +- CODE_OF_CONDUCT.md | 66 ++++--- CONTRIBUTING.md | 212 ++++++++++++--------- README.md | 69 ++++--- SECURITY.md | 11 +- package-lock.json | 2 +- 13 files changed, 287 insertions(+), 215 deletions(-) diff --git a/.github/ISSUE_TEMPLATE/BUG-REPORT.yml b/.github/ISSUE_TEMPLATE/BUG-REPORT.yml index ad9a73f3fbb2..7536eaa976be 100644 --- a/.github/ISSUE_TEMPLATE/BUG-REPORT.yml +++ b/.github/ISSUE_TEMPLATE/BUG-REPORT.yml @@ -1,17 +1,17 @@ -description: 'Create a bug report' +description: "Create a bug report" labels: - bug -name: 'Bug Report' +name: "Bug Report" body: - attributes: value: "Thank you for taking the time to fill out this bug report!\n" type: markdown - attributes: - label: 'Preflight checklist' + label: "Preflight checklist" options: - label: - 'I could not find a solution in the existing issues, docs, nor - discussions.' + "I could not find a solution in the existing issues, docs, nor + discussions." required: true - label: "I agree to follow this project's [Code of @@ -22,18 +22,18 @@ body: Guidelines](https://github.com/ory/kratos/blob/master/CONTRIBUTING.md)." required: true - label: - 'This issue affects my [Ory Cloud](https://www.ory.sh/) project.' + "This issue affects my [Ory Cloud](https://www.ory.sh/) project." - label: - 'I have joined the [Ory Community Slack](https://slack.ory.sh).' + "I have joined the [Ory Community Slack](https://slack.ory.sh)." - label: - 'I am signed up to the [Ory Security Patch - Newsletter](https://ory.us10.list-manage.com/subscribe?u=ffb1a878e4ec6c0ed312a3480&id=f605a41b53).' + "I am signed up to the [Ory Security Patch + Newsletter](https://ory.us10.list-manage.com/subscribe?u=ffb1a878e4ec6c0ed312a3480&id=f605a41b53)." id: checklist type: checkboxes - attributes: - description: 'A clear and concise description of what the bug is.' - label: 'Describe the bug' - placeholder: 'Tell us what you see!' + description: "A clear and concise description of what the bug is." + label: "Describe the bug" + placeholder: "Tell us what you see!" id: describe-bug type: textarea validations: @@ -47,17 +47,17 @@ body: 1. Run `docker run ....` 2. Make API Request to with `curl ...` 3. Request fails with response: `{"some": "error"}` - label: 'Reproducing the bug' + label: "Reproducing the bug" id: reproduce-bug type: textarea validations: required: true - attributes: description: - 'Please copy and paste any relevant log output. This will be + "Please copy and paste any relevant log output. This will be automatically formatted into code, so no need for backticks. Please - redact any sensitive information' - label: 'Relevant log output' + redact any sensitive information" + label: "Relevant log output" render: shell placeholder: | log=error .... @@ -65,10 +65,10 @@ body: type: textarea - attributes: description: - 'Please copy and paste any relevant configuration. This will be + "Please copy and paste any relevant configuration. This will be automatically formatted into code, so no need for backticks. Please - redact any sensitive information!' - label: 'Relevant configuration' + redact any sensitive information!" + label: "Relevant configuration" render: yml placeholder: | server: @@ -77,14 +77,14 @@ body: id: config type: textarea - attributes: - description: 'What version of our software are you running?' + description: "What version of our software are you running?" label: Version id: version type: input validations: required: true - attributes: - label: 'On which operating system are you observing this issue?' + label: "On which operating system are you observing this issue?" options: - Ory Cloud - macOS @@ -95,19 +95,19 @@ body: id: operating-system type: dropdown - attributes: - label: 'In which environment are you deploying?' + label: "In which environment are you deploying?" options: - Ory Cloud - Docker - - 'Docker Compose' - - 'Kubernetes with Helm' + - "Docker Compose" + - "Kubernetes with Helm" - Kubernetes - Binary - Other id: deployment type: dropdown - attributes: - description: 'Add any other context about the problem here.' + description: "Add any other context about the problem here." label: Additional Context id: additional type: textarea diff --git a/.github/ISSUE_TEMPLATE/DESIGN-DOC.yml b/.github/ISSUE_TEMPLATE/DESIGN-DOC.yml index e48e0df13f3f..1dded7966f0b 100644 --- a/.github/ISSUE_TEMPLATE/DESIGN-DOC.yml +++ b/.github/ISSUE_TEMPLATE/DESIGN-DOC.yml @@ -1,8 +1,8 @@ description: - 'A design document is needed for non-trivial changes to the code base.' + "A design document is needed for non-trivial changes to the code base." labels: - rfc -name: 'Design Document' +name: "Design Document" body: - attributes: value: | @@ -18,11 +18,11 @@ body: after code reviews, and your pull requests will be merged faster. type: markdown - attributes: - label: 'Preflight checklist' + label: "Preflight checklist" options: - label: - 'I could not find a solution in the existing issues, docs, nor - discussions.' + "I could not find a solution in the existing issues, docs, nor + discussions." required: true - label: "I agree to follow this project's [Code of @@ -33,18 +33,18 @@ body: Guidelines](https://github.com/ory/kratos/blob/master/CONTRIBUTING.md)." required: true - label: - 'This issue affects my [Ory Cloud](https://www.ory.sh/) project.' + "This issue affects my [Ory Cloud](https://www.ory.sh/) project." - label: - 'I have joined the [Ory Community Slack](https://slack.ory.sh).' + "I have joined the [Ory Community Slack](https://slack.ory.sh)." - label: - 'I am signed up to the [Ory Security Patch - Newsletter](https://ory.us10.list-manage.com/subscribe?u=ffb1a878e4ec6c0ed312a3480&id=f605a41b53).' + "I am signed up to the [Ory Security Patch + Newsletter](https://ory.us10.list-manage.com/subscribe?u=ffb1a878e4ec6c0ed312a3480&id=f605a41b53)." id: checklist type: checkboxes - attributes: description: | This section gives the reader a very rough overview of the landscape in which the new system is being built and what is actually being built. This isn’t a requirements doc. Keep it succinct! The goal is that readers are brought up to speed but some previous knowledge can be assumed and detailed info can be linked to. This section should be entirely focused on objective background facts. - label: 'Context and scope' + label: "Context and scope" id: scope type: textarea validations: @@ -53,7 +53,7 @@ body: - attributes: description: | A short list of bullet points of what the goals of the system are, and, sometimes more importantly, what non-goals are. Note, that non-goals aren’t negated goals like “The system shouldn’t crash”, but rather things that could reasonably be goals, but are explicitly chosen not to be goals. A good example would be “ACID compliance”; when designing a database, you’d certainly want to know whether that is a goal or non-goal. And if it is a non-goal you might still select a solution that provides it, if it doesn’t introduce trade-offs that prevent achieving the goals. - label: 'Goals and non-goals' + label: "Goals and non-goals" id: goals type: textarea validations: @@ -65,7 +65,7 @@ body: The design doc is the place to write down the trade-offs you made in designing your software. Focus on those trade-offs to produce a useful document with long-term value. That is, given the context (facts), goals and non-goals (requirements), the design doc is the place to suggest solutions and show why a particular solution best satisfies those goals. The point of writing a document over a more formal medium is to provide the flexibility to express the problem set at hand in an appropriate manner. Because of this, there is no explicit guidance for how to actually describe the design. - label: 'The design' + label: "The design" id: design type: textarea validations: @@ -74,21 +74,21 @@ body: - attributes: description: | If the system under design exposes an API, then sketching out that API is usually a good idea. In most cases, however, one should withstand the temptation to copy-paste formal interface or data definitions into the doc as these are often verbose, contain unnecessary detail and quickly get out of date. Instead focus on the parts that are relevant to the design and its trade-offs. - label: 'APIs' + label: "APIs" id: apis type: textarea - attributes: description: | Systems that store data should likely discuss how and in what rough form this happens. Similar to the advice on APIs, and for the same reasons, copy-pasting complete schema definitions should be avoided. Instead focus on the parts that are relevant to the design and its trade-offs. - label: 'Data storage' + label: "Data storage" id: persistence type: textarea - attributes: description: | Design docs should rarely contain code, or pseudo-code except in situations where novel algorithms are described. As appropriate, link to prototypes that show the implementability of the design. - label: 'Code and pseudo-code' + label: "Code and pseudo-code" id: pseudocode type: textarea @@ -101,7 +101,7 @@ body: On the other end are systems where the possible solutions are very well defined, but it isn’t at all obvious how they could even be combined to achieve the goals. This may be a legacy system that is difficult to change and wasn’t designed to do what you want it to do or a library design that needs to operate within the constraints of the host programming language. In this situation you may be able to enumerate all the things you can do relatively easily, but you need to creatively put those things together to achieve the goals. There may be multiple solutions, and none of them are really great, and hence such a document should focus on selecting the best way given all identified trade-offs. - label: 'Degree of constraint' + label: "Degree of constraint" id: constrait type: textarea diff --git a/.github/ISSUE_TEMPLATE/FEATURE-REQUEST.yml b/.github/ISSUE_TEMPLATE/FEATURE-REQUEST.yml index 132862134e9e..af71f0896133 100644 --- a/.github/ISSUE_TEMPLATE/FEATURE-REQUEST.yml +++ b/.github/ISSUE_TEMPLATE/FEATURE-REQUEST.yml @@ -1,8 +1,8 @@ description: - 'Suggest an idea for this project without a plan for implementation' + "Suggest an idea for this project without a plan for implementation" labels: - feat -name: 'Feature Request' +name: "Feature Request" body: - attributes: value: | @@ -11,11 +11,11 @@ body: If you already have a plan to implement a feature or a change, please create a [design document](https://github.com/aeneasr/gh-template-test/issues/new?assignees=&labels=rfc&template=DESIGN-DOC.yml) instead if the change is non-trivial! type: markdown - attributes: - label: 'Preflight checklist' + label: "Preflight checklist" options: - label: - 'I could not find a solution in the existing issues, docs, nor - discussions.' + "I could not find a solution in the existing issues, docs, nor + discussions." required: true - label: "I agree to follow this project's [Code of @@ -26,18 +26,18 @@ body: Guidelines](https://github.com/ory/kratos/blob/master/CONTRIBUTING.md)." required: true - label: - 'This issue affects my [Ory Cloud](https://www.ory.sh/) project.' + "This issue affects my [Ory Cloud](https://www.ory.sh/) project." - label: - 'I have joined the [Ory Community Slack](https://slack.ory.sh).' + "I have joined the [Ory Community Slack](https://slack.ory.sh)." - label: - 'I am signed up to the [Ory Security Patch - Newsletter](https://ory.us10.list-manage.com/subscribe?u=ffb1a878e4ec6c0ed312a3480&id=f605a41b53).' + "I am signed up to the [Ory Security Patch + Newsletter](https://ory.us10.list-manage.com/subscribe?u=ffb1a878e4ec6c0ed312a3480&id=f605a41b53)." id: checklist type: checkboxes - attributes: description: - 'Is your feature request related to a problem? Please describe.' - label: 'Describe your problem' + "Is your feature request related to a problem? Please describe." + label: "Describe your problem" placeholder: "A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]" @@ -50,20 +50,20 @@ body: Describe the solution you'd like placeholder: | A clear and concise description of what you want to happen. - label: 'Describe your ideal solution' + label: "Describe your ideal solution" id: solution type: textarea validations: required: true - attributes: description: "Describe alternatives you've considered" - label: 'Workarounds or alternatives' + label: "Workarounds or alternatives" id: alternatives type: textarea validations: required: true - attributes: - description: 'What version of our software are you running?' + description: "What version of our software are you running?" label: Version id: version type: input @@ -71,7 +71,7 @@ body: required: true - attributes: description: - 'Add any other context or screenshots about the feature request here.' + "Add any other context or screenshots about the feature request here." label: Additional Context id: additional type: textarea diff --git a/.github/config.yml b/.github/config.yml index 0d121fe184f9..ea335697979b 100644 --- a/.github/config.yml +++ b/.github/config.yml @@ -1,3 +1,3 @@ todo: - keyword: '@todo' + keyword: "@todo" label: todo diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md index d8bcb167f09a..d22b92a3142f 100644 --- a/.github/pull_request_template.md +++ b/.github/pull_request_template.md @@ -41,9 +41,9 @@ If you're unsure about any of them, don't hesitate to ask. We're here to help! - [ ] I have referenced an issue containing the design document if my change introduces a new feature. - [ ] I am following the [contributing code guidelines](../blob/master/CONTRIBUTING.md#contributing-code). - [ ] I have read the [security policy](../security/policy). -- [ ] I confirm that this pull request does not address a security vulnerability. If this pull request addresses a security. - vulnerability, I confirm that I got green light (please contact [security@ory.sh](mailto:security@ory.sh)) from the - maintainers to push the changes. +- [ ] I confirm that this pull request does not address a security vulnerability. + If this pull request addresses a security. vulnerability, + I confirm that I got green light (please contact [security@ory.sh](mailto:security@ory.sh)) from the maintainers to push the changes. - [ ] I have added tests that prove my fix is effective or that my feature works. - [ ] I have added or changed [the documentation](https://github.com/ory/docs). diff --git a/.github/workflows/closed_references.yml b/.github/workflows/closed_references.yml index ebafc8a71af4..2789ac42c2c7 100644 --- a/.github/workflows/closed_references.yml +++ b/.github/workflows/closed_references.yml @@ -2,13 +2,13 @@ name: Closed Reference Notifier on: schedule: - - cron: '0 0 * * *' + - cron: "0 0 * * *" workflow_dispatch: inputs: issueLimit: description: Max. number of issues to create required: true - default: '5' + default: "5" jobs: find_closed_references: @@ -19,7 +19,7 @@ jobs: - uses: actions/checkout@v2 - uses: actions/setup-node@v2-beta with: - node-version: '14' + node-version: "14" - uses: ory/closed-reference-notifier@v1 with: token: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/milestone.yml b/.github/workflows/milestone.yml index b4a30699f010..fb47e4a78f0f 100644 --- a/.github/workflows/milestone.yml +++ b/.github/workflows/milestone.yml @@ -3,7 +3,7 @@ name: Generate and Publish Milestone Document on: workflow_dispatch: schedule: - - cron: '0 0 * * *' + - cron: "0 0 * * *" jobs: milestone: @@ -23,8 +23,8 @@ jobs: - name: Commit Milestone Documentation uses: EndBug/add-and-commit@v4.4.0 with: - message: 'autogen(docs): update milestone document' + message: "autogen(docs): update milestone document" author_name: aeneasr - author_email: '3372410+aeneasr@users.noreply.github.com' + author_email: "3372410+aeneasr@users.noreply.github.com" env: GITHUB_TOKEN: ${{ secrets.TOKEN_PRIVILEGED }} diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml index 395cb69206da..eb36db174bba 100644 --- a/.github/workflows/stale.yml +++ b/.github/workflows/stale.yml @@ -1,8 +1,8 @@ -name: 'Close Stale Issues' +name: "Close Stale Issues" on: workflow_dispatch: schedule: - - cron: '0 0 * * *' + - cron: "0 0 * * *" jobs: stale: @@ -35,10 +35,10 @@ jobs: Thank you for your understanding and to anyone who participated in the conversation! And as written above, please do participate in the conversation if this topic is important to you! Thank you 🙏✌️ - stale-issue-label: 'stale' - exempt-issue-labels: 'bug,blocking,docs,backlog' + stale-issue-label: "stale" + exempt-issue-labels: "bug,blocking,docs,backlog" days-before-stale: 365 days-before-close: 30 exempt-milestones: true exempt-assignees: true - only-pr-labels: 'stale' + only-pr-labels: "stale" diff --git a/CODE_OF_CONDUCT.md b/CODE_OF_CONDUCT.md index f9ab1ecc4db4..2351896e4f54 100644 --- a/CODE_OF_CONDUCT.md +++ b/CODE_OF_CONDUCT.md @@ -2,14 +2,17 @@ ## Our Pledge -In the interest of fostering an open and welcoming environment, we as contributors and maintainers pledge to making participation -in our project and our community a harassment-free experience for everyone, regardless of age, body size, disability, ethnicity, -sex characteristics, gender identity and expression, level of experience, education, socio-economic status, nationality, personal -appearance, race, religion, or sexual identity and orientation. +In the interest of fostering an open and welcoming environment, we as +contributors and maintainers pledge to making participation in our project and +our community a harassment-free experience for everyone, regardless of age, body +size, disability, ethnicity, sex characteristics, gender identity and +expression, level of experience, education, socio-economic status, nationality, +personal appearance, race, religion, or sexual identity and orientation. ## Our Standards -Examples of behavior that contributes to creating a positive environment include: +Examples of behavior that contributes to creating a positive environment +include: - Using welcoming and inclusive language - Being respectful of differing viewpoints and experiences @@ -19,43 +22,56 @@ Examples of behavior that contributes to creating a positive environment include Examples of unacceptable behavior by participants include: -- The use of sexualized language or imagery and unwelcome sexual attention or advances +- The use of sexualized language or imagery and unwelcome sexual attention or + advances - Trolling, insulting/derogatory comments, and personal or political attacks - Public or private harassment -- Publishing others' private information, such as a physical or electronic address, without explicit permission -- Other conduct which could reasonably be considered inappropriate in a professional setting +- Publishing others' private information, such as a physical or electronic + address, without explicit permission +- Other conduct which could reasonably be considered inappropriate in a + professional setting ## Our Responsibilities -Project maintainers are responsible for clarifying the standards of acceptable behavior and are expected to take appropriate and -fair corrective action in response to any instances of unacceptable behavior. +Project maintainers are responsible for clarifying the standards of acceptable +behavior and are expected to take appropriate and fair corrective action in +response to any instances of unacceptable behavior. -Project maintainers have the right and responsibility to remove, edit, or reject comments, commits, code, wiki edits, issues, and -other contributions that are not aligned to this Code of Conduct, or to ban temporarily or permanently any contributor for other -behaviors that they deem inappropriate, threatening, offensive, or harmful. +Project maintainers have the right and responsibility to remove, edit, or reject +comments, commits, code, wiki edits, issues, and other contributions that are +not aligned to this Code of Conduct, or to ban temporarily or permanently any +contributor for other behaviors that they deem inappropriate, threatening, +offensive, or harmful. ## Scope -This Code of Conduct applies both within project spaces and in public spaces when an individual is representing the project or its -community. Examples of representing a project or community include using an official project e-mail address, posting via an -official social media account, or acting as an appointed representative at an online or offline event. Representation of a project -may be further defined and clarified by project maintainers. +This Code of Conduct applies both within project spaces and in public spaces +when an individual is representing the project or its community. Examples of +representing a project or community include using an official project e-mail +address, posting via an official social media account, or acting as an appointed +representative at an online or offline event. Representation of a project may be +further defined and clarified by project maintainers. ## Enforcement -Instances of abusive, harassing, or otherwise unacceptable behavior may be reported by contacting the project team at -office@ory.sh. All complaints will be reviewed and investigated and will result in a response that is deemed necessary and -appropriate to the circumstances. The project team is obligated to maintain confidentiality with regard to the reporter of an -incident. Further details of specific enforcement policies may be posted separately. +Instances of abusive, harassing, or otherwise unacceptable behavior may be +reported by contacting the project team at office@ory.sh. All complaints will be +reviewed and investigated and will result in a response that is deemed necessary +and appropriate to the circumstances. The project team is obligated to maintain +confidentiality with regard to the reporter of an incident. Further details of +specific enforcement policies may be posted separately. -Project maintainers who do not follow or enforce the Code of Conduct in good faith may face temporary or permanent repercussions -as determined by other members of the project's leadership. +Project maintainers who do not follow or enforce the Code of Conduct in good +faith may face temporary or permanent repercussions as determined by other +members of the project's leadership. ## Attribution -This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4, available at +This Code of Conduct is adapted from the [Contributor Covenant][homepage], +version 1.4, available at https://www.contributor-covenant.org/version/1/4/code-of-conduct.html [homepage]: https://www.contributor-covenant.org -For answers to common questions about this code of conduct, see https://www.contributor-covenant.org/faq +For answers to common questions about this code of conduct, see +https://www.contributor-covenant.org/faq diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 2a84779fed3c..0ffc441617af 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -28,37 +28,45 @@ https://github.com/ory/meta/blob/master/templates/repository/common/CONTRIBUTING ## Introduction -There are many ways in which you can contribute, beyond writing code. The goal of this document is to provide a high-level -overview of how you can get involved. - -_Please note_: We take Ory Kratos's security and our users' trust very seriously. If you believe you have found a security issue -in Ory Kratos, please responsibly disclose by contacting us at security@ory.sh. - -First: As a potential contributor, your changes and ideas are welcome at any hour of the day or night, weekdays, weekends, and -holidays. Please do not ever hesitate to ask a question or send a pull request. - -If you are unsure, just ask or submit the issue or pull request anyways. You won't be yelled at for giving it your best effort. -The worst that can happen is that you'll be politely asked to change something. We appreciate any sort of contributions, and don't -want a wall of rules to get in the way of that. - -That said, if you want to ensure that a pull request is likely to be merged, talk to us! You can find out our thoughts and ensure -that your contribution won't clash or be obviated by Ory +There are many ways in which you can contribute, beyond writing code. The goal +of this document is to provide a high-level overview of how you can get +involved. + +_Please note_: We take Ory Kratos's security and our users' trust very +seriously. If you believe you have found a security issue in Ory Kratos, +please responsibly disclose by contacting us at security@ory.sh. + +First: As a potential contributor, your changes and ideas are welcome at any +hour of the day or night, weekdays, weekends, and holidays. Please do not ever +hesitate to ask a question or send a pull request. + +If you are unsure, just ask or submit the issue or pull request anyways. You +won't be yelled at for giving it your best effort. The worst that can happen is +that you'll be politely asked to change something. We appreciate any sort of +contributions, and don't want a wall of rules to get in the way of that. + +That said, if you want to ensure that a pull request is likely to be merged, +talk to us! You can find out our thoughts and ensure that your contribution +won't clash or be obviated by Ory Kratos's normal direction. A great way to do this is via -[Ory Kratos Discussions](https://github.com/ory/kratos/discussions) or the -[Ory Chat](https://www.ory.sh/chat). +[Ory Kratos Discussions](https://github.com/ory/kratos/discussions) +or the [Ory Chat](https://www.ory.sh/chat). ## FAQ - I am new to the community. Where can I find the [Ory Community Code of Conduct?](https://github.com/ory/kratos/blob/master/CODE_OF_CONDUCT.md) -- I have a question. Where can I get [answers to questions regarding Ory Kratos?](#communication) +- I have a question. Where can I get + [answers to questions regarding Ory Kratos?](#communication) -- I would like to contribute but I am not sure how. Are there [easy ways to contribute?](#how-can-i-contribute) +- I would like to contribute but I am not sure how. Are there + [easy ways to contribute?](#how-can-i-contribute) [Or good first issues?](https://github.com/search?l=&o=desc&q=label%3A%22help+wanted%22+label%3A%22good+first+issue%22+is%3Aopen+user%3Aory+user%3Aory-corp&s=updated&type=Issues) -- I want to talk to other Ory Kratos users. [How can I become a part of the community?](#communication) +- I want to talk to other Ory Kratos users. + [How can I become a part of the community?](#communication) - I would like to know what I am agreeing to when I contribute to Ory Kratos. @@ -73,63 +81,80 @@ do this is via If you want to start contributing code right away, we have a [list of good first issues](https://github.com/ory/kratos/labels/good%20first%20issue). -There are many other ways you can contribute without writing any code. Here are a few things you can do to help out: +There are many other ways you can contribute without writing any code. Here are +a few things you can do to help out: -- **Give us a star.** It may not seem like much, but it really makes a difference. This is something that everyone can do to help - out Ory Kratos. Github stars help the project gain visibility and stand out. +- **Give us a star.** It may not seem like much, but it really makes a + difference. This is something that everyone can do to help out Ory Kratos. + Github stars help the project gain visibility and stand out. -- **Join the community.** Sometimes helping people can be as easy as listening to their problems and offering a different - perspective. Join our Slack, have a look at discussions in the forum and take part in our weekly hangout. More info on this in - [Communication](#communication). +- **Join the community.** Sometimes helping people can be as easy as listening + to their problems and offering a different perspective. Join our Slack, have a + look at discussions in the forum and take part in our weekly hangout. More + info on this in [Communication](#communication). -- **Helping with open issues.** We have a lot of open issues for Ory Kratos and some of them may lack necessary information, - some are duplicates of older issues. You can help out by guiding people through the process of filling out the issue template, - asking for clarifying information, or pointing them to existing issues that match their description of the problem. +- **Helping with open issues.** We have a lot of open issues for Ory Kratos + and some of them may lack necessary information, some are duplicates of older + issues. You can help out by guiding people through the process of filling out + the issue template, asking for clarifying information, or pointing them to + existing issues that match their description of the problem. -- **Reviewing documentation changes.** Most documentation just needs a review for proper spelling and grammar. If you think a - document can be improved in any way, feel free to hit the `edit` button at the top of the page. More info on contributing to - documentation [here](#documentation). +- **Reviewing documentation changes.** Most documentation just needs a review + for proper spelling and grammar. If you think a document can be improved in + any way, feel free to hit the `edit` button at the top of the page. More info + on contributing to documentation [here](#documentation). -- **Help with tests.** Some pull requests may lack proper tests or test plans. These are needed for the change to be implemented - safely. +- **Help with tests.** Some pull requests may lack proper tests or test plans. + These are needed for the change to be implemented safely. ## Communication -We use [Slack](https://www.ory.sh/chat). You are welcome to drop in and ask questions, discuss bugs and feature requests, talk to -other users of Ory, etc. +We use [Slack](https://www.ory.sh/chat). You are welcome to drop in and ask +questions, discuss bugs and feature requests, talk to other users of Ory, etc. -Check out [Ory Kratos Discussions](https://github.com/ory/kratos/discussions). This is a great place for in-depth discussions and lots of code examples, logs -and similar data. +Check out [Ory Kratos Discussions](https://github.com/ory/kratos/discussions). This is a great place for +in-depth discussions and lots of code examples, logs and similar data. -You can also join our community hangout, if you want to speak to the Ory team directly or ask some questions. You can find more -info on the hangouts in [Slack](https://www.ory.sh/chat). +You can also join our community hangout, if you want to speak to the Ory team +directly or ask some questions. You can find more info on the hangouts in +[Slack](https://www.ory.sh/chat). -If you want to receive regular notifications about updates to Ory Kratos, consider joining the mailing list. We will _only_ send -you vital information on the projects that you are interested in. +If you want to receive regular notifications about updates to Ory Kratos, +consider joining the mailing list. We will _only_ send you vital information on +the projects that you are interested in. Also [follow us on twitter](https://twitter.com/orycorp). ## Contributing Code -Unless you are fixing a known bug, we **strongly** recommend discussing it with the core team via a GitHub issue or -[in our chat](https://www.ory.sh/chat) before getting started to ensure your work is consistent with Ory Kratos's roadmap and -architecture. +Unless you are fixing a known bug, we **strongly** recommend discussing it with +the core team via a GitHub issue or [in our chat](https://www.ory.sh/chat) +before getting started to ensure your work is consistent with Ory Kratos's +roadmap and architecture. -All contributions are made via pull requests. To make a pull request, you will need a GitHub account; if you are unclear on this -process, see GitHub's documentation on [forking](https://help.github.com/articles/fork-a-repo) and -[pull requests](https://help.github.com/articles/using-pull-requests). Pull requests should be targeted at the `master` branch. -Before creating a pull request, go through this checklist: +All contributions are made via pull requests. To make a pull request, you will +need a GitHub account; if you are unclear on this process, see GitHub's +documentation on [forking](https://help.github.com/articles/fork-a-repo) and +[pull requests](https://help.github.com/articles/using-pull-requests). Pull +requests should be targeted at the `master` branch. Before creating a pull +request, go through this checklist: 1. Create a feature branch off of `master` so that changes do not get mixed up. -1. [Rebase](http://git-scm.com/book/en/Git-Branching-Rebasing) your local changes against the `master` branch. -1. Run the full project test suite with the `go test -tags sqlite ./...` (or equivalent) command and confirm that it passes. -1. Run `make format` if a `Makefile` is available, `gofmt -s` if the project is written in Go, `npm run format` if the project is - written for NodeJS. -1. Ensure that each commit has a descriptive prefix. This ensures a uniform commit history and helps structure the changelog. - Please refer to this [list of prefixes for Kratos](https://github.com/ory/kratos/blob/master/.github/semantic.yml) for an - overview. -1. Sign-up with CircleCI so that it has access to your repository with the branch containing your PR. Simply creating a CircleCI - account is sufficient for the CI jobs to run, you do not need to setup a CircleCI project for the branch. +1. [Rebase](http://git-scm.com/book/en/Git-Branching-Rebasing) your local + changes against the `master` branch. +1. Run the full project test suite with the `go test -tags sqlite ./...` (or + equivalent) command and confirm that it passes. +1. Run `make format` if a `Makefile` is available, `gofmt -s` if the project is + written in Go, `npm run format` if the project is written for NodeJS. +1. Ensure that each commit has a descriptive prefix. This ensures a uniform + commit history and helps structure the changelog. + Please refer to this + [list of prefixes for Kratos](https://github.com/ory/kratos/blob/master/.github/semantic.yml) + for an overview. +1. Sign-up with CircleCI so that it has access to your repository with the + branch containing your PR. Simply creating a CircleCI account is sufficient + for the CI jobs to run, you do not need to setup a CircleCI project for the + branch. If a pull request is not ready to be reviewed yet [it should be marked as a "Draft"](https://docs.github.com/en/github/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/changing-the-stage-of-a-pull-request). @@ -137,46 +162,55 @@ If a pull request is not ready to be reviewed yet Before your contributions can be reviewed you need to sign our [Contributor License Agreement](https://cla-assistant.io/ory/kratos). -This agreement defines the terms under which your code is contributed to Ory. More specifically it declares that you have the -right to, and actually do, grant us the rights to use your contribution. You can see the Apache 2.0 license under which our -projects are published [here](https://github.com/ory/meta/blob/master/LICENSE). +This agreement defines the terms under which your code is contributed to Ory. +More specifically it declares that you have the right to, and actually do, grant +us the rights to use your contribution. You can see the Apache 2.0 license under +which our projects are published +[here](https://github.com/ory/meta/blob/master/LICENSE). -When pull requests fail testing, authors are expected to update their pull requests to address the failures until the tests pass. +When pull requests fail testing, authors are expected to update their pull +requests to address the failures until the tests pass. Pull requests eligible for review 1. follow the repository's code formatting conventions; -2. include tests which prove that the change works as intended and does not add regressions; +2. include tests which prove that the change works as intended and does not add + regressions; 3. document the changes in the code and/or the project's documentation; 4. pass the CI pipeline; -5. have signed our [Contributor License Agreement](https://cla-assistant.io/ory/kratos); +5. have signed our + [Contributor License Agreement](https://cla-assistant.io/ory/kratos); 6. include a proper git commit message following the [Conventional Commit Specification](https://www.conventionalcommits.org/en/v1.0.0/). -If all of these items are checked, the pull request is ready to be reviewed and you should change the status to "Ready for review" -and +If all of these items are checked, the pull request is ready to be reviewed and +you should change the status to "Ready for review" and [request review from a maintainer](https://docs.github.com/en/github/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/requesting-a-pull-request-review). Reviewers will approve the pull request once they are satisfied with the patch. ## Documentation -Please provide documentation when changing, removing, or adding features. Documentation resides in the project's -[docs](https://github.com/ory/kratos/tree/master/docs) folder. Generate API and configuration reference documentation using -`cd docs; npm run gen`. +Please provide documentation when changing, removing, or adding features. +Documentation resides in the project's +[docs](https://github.com/ory/kratos/tree/master/docs) folder. Generate API and +configuration reference documentation using `cd docs; npm run gen`. -For further instructions please head over to [docs/README.md](https://github.com/ory/kratos/blob/master/README.md). +For further instructions please head over to +[docs/README.md](https://github.com/ory/kratos/blob/master/README.md). ## Disclosing vulnerabilities -Please disclose vulnerabilities exclusively to [security@ory.sh](mailto:security@ory.sh). Do not use GitHub issues. +Please disclose vulnerabilities exclusively to +[security@ory.sh](mailto:security@ory.sh). Do not use GitHub issues. ## Code Style Please follow these guidelines when formatting source code: - Go code should match the output of `gofmt -s` and pass `golangci-lint run`. -- NodeJS and JavaScript code should be prettified using `npm run format` where appropriate. +- NodeJS and JavaScript code should be prettified using `npm run format` where + appropriate. ### Working with Forks @@ -207,19 +241,25 @@ Now go to the project's GitHub Pull Request page and click "New pull request" ## Conduct -Whether you are a regular contributor or a newcomer, we care about making this community a safe place for you and we've got your -back. +Whether you are a regular contributor or a newcomer, we care about making this +community a safe place for you and we've got your back. -- We are committed to providing a friendly, safe and welcoming environment for all, regardless of gender, sexual orientation, - disability, ethnicity, religion, or similar personal characteristic. -- Please avoid using nicknames that might detract from a friendly, safe and welcoming environment for all. +- We are committed to providing a friendly, safe and welcoming environment for + all, regardless of gender, sexual orientation, disability, ethnicity, + religion, or similar personal characteristic. +- Please avoid using nicknames that might detract from a friendly, safe and + welcoming environment for all. - Be kind and courteous. There is no need to be mean or rude. -- We will exclude you from interaction if you insult, demean or harass anyone. In particular, we do not tolerate behavior that - excludes people in socially marginalized groups. -- Private harassment is also unacceptable. No matter who you are, if you feel you have been or are being harassed or made - uncomfortable by a community member, please contact one of the channel ops or a member of the Ory Kratos core team - immediately. -- Likewise any spamming, trolling, flaming, baiting or other attention-stealing behaviour is not welcome. - -We welcome discussion about creating a welcoming, safe, and productive environment for the community. If you have any questions, -feedback, or concerns [please let us know](https://www.ory.sh/chat). +- We will exclude you from interaction if you insult, demean or harass anyone. + In particular, we do not tolerate behavior that excludes people in socially + marginalized groups. +- Private harassment is also unacceptable. No matter who you are, if you feel + you have been or are being harassed or made uncomfortable by a community + member, please contact one of the channel ops or a member of the Ory Kratos + core team immediately. +- Likewise any spamming, trolling, flaming, baiting or other attention-stealing + behaviour is not welcome. + +We welcome discussion about creating a welcoming, safe, and productive +environment for the community. If you have any questions, feedback, or concerns +[please let us know](https://www.ory.sh/chat). diff --git a/README.md b/README.md index 42d8c596856b..9977abcca3f4 100644 --- a/README.md +++ b/README.md @@ -118,17 +118,21 @@ from other products. -The Ory community stands on the shoulders of individuals, companies, and maintainers. We thank everyone involved - from submitting -bug reports and feature requests, to contributing patches, to sponsoring our work. Our community is 1000+ strong and growing -rapidly. The Ory stack protects 16.000.000.000+ API requests every month with over 250.000+ active service nodes. We would have +The Ory community stands on the shoulders of individuals, companies, and +maintainers. We thank everyone involved - from submitting bug reports and +feature requests, to contributing patches, to sponsoring our work. Our community +is 1000+ strong and growing rapidly. The Ory stack protects 16.000.000.000+ API +requests every month with over 250.000+ active service nodes. We would have never been able to achieve this without each and everyone of you! -The following list represents companies that have accompanied us along the way and that have made outstanding contributions to our -ecosystem. _If you think that your company deserves a spot here, reach out to +The following list represents companies that have accompanied us along the way +and that have made outstanding contributions to our ecosystem. _If you think +that your company deserves a spot here, reach out to office-muc@ory.sh now_! -**Please consider giving back by becoming a sponsor of our open source work on Patreon -or Open Collective.** +**Please consider giving back by becoming a sponsor of our open source work on +Patreon or +Open Collective.**
DataDetect Datadetect unifiedglobalarchiving.com/data-detect/
Adopter * Sainsbury'sReyah Reyah reyah.eu
Adopter * Zero Project Zero by Commit getzero.dev
Adopter * PadisSecurity Onion Solutions Security Onion Solutions securityonionsolutions.com
Adopter * FactlySpiri.bo Spiri.bo spiri.bo
Sponsor StrivacityDataDetect Datadetect unifiedglobalarchiving.com/data-detect/
Adopter * Sainsbury'sReyah Reyah reyah.eu
Adopter * Zero Project Zero by Commit getzero.dev
Adopter * PadisSecurity Onion Solutions Security Onion Solutions securityonionsolutions.com
Adopter * FactlySpiri.bo Spiri.bo spiri.bo
Sponsor Strivacity
@@ -295,8 +299,10 @@ as well as all of our backers -and past & current supporters (in alphabetical order) on [Patreon](https://www.patreon.com/_ory): Alexander Alimovs, Billy, Chancy -Kennedy, Drozzy, Edwin Trejos, Howard Edidin, Ken Adler Oz Haven, Stefan Hans, TheCrealm. +and past & current supporters (in alphabetical order) on +[Patreon](https://www.patreon.com/_ory): Alexander Alimovs, Billy, Chancy +Kennedy, Drozzy, Edwin Trejos, Howard Edidin, Ken Adler Oz Haven, Stefan Hans, +TheCrealm. \* Uses one of Ory's major projects in production. @@ -332,42 +338,51 @@ Head over to the [Ory Developer Documentation](https://www.ory.sh/kratos/docs/in -We build Ory on several guiding principles when it comes to our architecture design: +We build Ory on several guiding principles when it comes to our architecture +design: - Minimal dependencies - Runs everywhere - Scales without effort - Minimize room for human and network errors -Ory's architecture is designed to run best on a Container Orchestration system such as Kubernetes, CloudFoundry, OpenShift, and -similar projects. Binaries are small (5-15MB) and available for all popular processor types (ARM, AMD64, i386) and operating -systems (FreeBSD, Linux, macOS, Windows) without system dependencies (Java, Node, Ruby, libxml, ...). +Ory's architecture is designed to run best on a Container Orchestration system +such as Kubernetes, CloudFoundry, OpenShift, and similar projects. Binaries are +small (5-15MB) and available for all popular processor types (ARM, AMD64, i386) +and operating systems (FreeBSD, Linux, macOS, Windows) without system +dependencies (Java, Node, Ruby, libxml, ...). ### Ory Kratos: Identity and User Infrastructure and Management -[Ory Kratos](https://github.com/ory/kratos) is an API-first Identity and User Management system that is built according to -[cloud architecture best practices](https://www.ory.sh/docs/next/ecosystem/software-architecture-philosophy). It implements core -use cases that almost every software application needs to deal with: Self-service Login and Registration, Multi-Factor -Authentication (MFA/2FA), Account Recovery and Verification, Profile, and Account Management. +[Ory Kratos](https://github.com/ory/kratos) is an API-first Identity and User +Management system that is built according to +[cloud architecture best practices](https://www.ory.sh/docs/next/ecosystem/software-architecture-philosophy). +It implements core use cases that almost every software application needs to +deal with: Self-service Login and Registration, Multi-Factor Authentication +(MFA/2FA), Account Recovery and Verification, Profile, and Account Management. ### Ory Hydra: OAuth2 & OpenID Connect Server -[Ory Hydra](https://github.com/ory/hydra) is an OpenID Certified™ OAuth2 and OpenID Connect Provider which easily connects to any -existing identity system by writing a tiny "bridge" application. Gives absolute control over user interface and user experience -flows. +[Ory Hydra](https://github.com/ory/hydra) is an OpenID Certified™ OAuth2 and +OpenID Connect Provider which easily connects to any existing identity system by +writing a tiny "bridge" application. Gives absolute control over user interface +and user experience flows. ### Ory Oathkeeper: Identity & Access Proxy -[Ory Oathkeeper](https://github.com/ory/oathkeeper) is a BeyondCorp/Zero Trust Identity & Access Proxy (IAP) with configurable -authentication, authorization, and request mutation rules for your web services: Authenticate JWT, Access Tokens, API Keys, mTLS; -Check if the contained subject is allowed to perform the request; Encode resulting content into custom headers (`X-User-ID`), JSON -Web Tokens and more! +[Ory Oathkeeper](https://github.com/ory/oathkeeper) is a BeyondCorp/Zero Trust +Identity & Access Proxy (IAP) with configurable authentication, authorization, +and request mutation rules for your web services: Authenticate JWT, Access +Tokens, API Keys, mTLS; Check if the contained subject is allowed to perform the +request; Encode resulting content into custom headers (`X-User-ID`), JSON Web +Tokens and more! ### Ory Keto: Access Control Policies as a Server -[Ory Keto](https://github.com/ory/keto) is a policy decision point. It uses a set of access control policies, similar to AWS IAM -Policies, in order to determine whether a subject (user, application, service, car, ...) is authorized to perform a certain action -on a resource. +[Ory Keto](https://github.com/ory/keto) is a policy decision point. It uses a +set of access control policies, similar to AWS IAM Policies, in order to +determine whether a subject (user, application, service, car, ...) is authorized +to perform a certain action on a resource. diff --git a/SECURITY.md b/SECURITY.md index 8152c97a5632..70f1ef4ddb7d 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -21,8 +21,8 @@ https://github.com/ory/meta/blob/master/templates/repository/SECURITY.md ## Supported Versions -We release patches for security vulnerabilities. Which versions are eligible receiving such patches depend on the CVSS v3.0 -Rating: +We release patches for security vulnerabilities. Which versions are eligible +receiving such patches depend on the CVSS v3.0 Rating: | CVSS v3.0 | Supported Versions | | --------- | ----------------------------------------- | @@ -31,6 +31,7 @@ Rating: ## Reporting a Vulnerability -Please report (suspected) security vulnerabilities to **[security@ory.sh](mailto:security@ory.sh)**. You will receive a response -from us within 48 hours. If the issue is confirmed, we will release a patch as soon as possible depending on complexity but -historically within a few days. +Please report (suspected) security vulnerabilities to +**[security@ory.sh](mailto:security@ory.sh)**. You will receive a response from +us within 48 hours. If the issue is confirmed, we will release a patch as soon +as possible depending on complexity but historically within a few days. diff --git a/package-lock.json b/package-lock.json index d158f151b3bf..49f15898aa97 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,5 +1,5 @@ { - "name": "tmp.cNZ5rx4wG0", + "name": "tmp.02gikyAAyQ", "lockfileVersion": 2, "requires": true, "packages": { From 8dbf04d06e9fe61d0736514691c9956a4efce124 Mon Sep 17 00:00:00 2001 From: aeneasr <3372410+aeneasr@users.noreply.github.com> Date: Wed, 22 Jun 2022 15:14:06 +0000 Subject: [PATCH 111/411] chore: update repository templates [skip ci] - updated repository templates to https://github.com/ory/meta/commit/8a3d37122ffbfd7323a9189367d8616a69e82b01 --- CODE_OF_CONDUCT.md | 147 +++++++++++++++++++++++++++++++-------------- CONTRIBUTING.md | 140 +++++++++++++++++++++++------------------- package-lock.json | 2 +- 3 files changed, 181 insertions(+), 108 deletions(-) diff --git a/CODE_OF_CONDUCT.md b/CODE_OF_CONDUCT.md index 2351896e4f54..da4b27661c75 100644 --- a/CODE_OF_CONDUCT.md +++ b/CODE_OF_CONDUCT.md @@ -2,76 +2,131 @@ ## Our Pledge -In the interest of fostering an open and welcoming environment, we as -contributors and maintainers pledge to making participation in our project and -our community a harassment-free experience for everyone, regardless of age, body -size, disability, ethnicity, sex characteristics, gender identity and -expression, level of experience, education, socio-economic status, nationality, -personal appearance, race, religion, or sexual identity and orientation. +We as members, contributors, and leaders pledge to make participation in our +community a harassment-free experience for everyone, regardless of age, body +size, visible or invisible disability, ethnicity, sex characteristics, gender +identity and expression, level of experience, education, socio-economic status, +nationality, personal appearance, race, caste, color, religion, or sexual +identity and orientation. + +We pledge to act and interact in ways that contribute to an open, welcoming, +diverse, inclusive, and healthy community. ## Our Standards -Examples of behavior that contributes to creating a positive environment -include: +Examples of behavior that contributes to a positive environment for our +community include: -- Using welcoming and inclusive language -- Being respectful of differing viewpoints and experiences -- Gracefully accepting constructive criticism -- Focusing on what is best for the community -- Showing empathy towards other community members +- Demonstrating empathy and kindness toward other people +- Being respectful of differing opinions, viewpoints, and experiences +- Giving and gracefully accepting constructive feedback +- Accepting responsibility and apologizing to those affected by our mistakes, + and learning from the experience +- Focusing on what is best not just for us as individuals, but for the overall + community -Examples of unacceptable behavior by participants include: +Examples of unacceptable behavior include: -- The use of sexualized language or imagery and unwelcome sexual attention or - advances -- Trolling, insulting/derogatory comments, and personal or political attacks +- The use of sexualized language or imagery, and sexual attention or advances of + any kind +- Trolling, insulting or derogatory comments, and personal or political attacks - Public or private harassment -- Publishing others' private information, such as a physical or electronic - address, without explicit permission +- Publishing others' private information, such as a physical or email address, + without their explicit permission - Other conduct which could reasonably be considered inappropriate in a professional setting -## Our Responsibilities +## Enforcement Responsibilities -Project maintainers are responsible for clarifying the standards of acceptable -behavior and are expected to take appropriate and fair corrective action in -response to any instances of unacceptable behavior. +Community leaders are responsible for clarifying and enforcing our standards of +acceptable behavior and will take appropriate and fair corrective action in +response to any behavior that they deem inappropriate, threatening, offensive, +or harmful. -Project maintainers have the right and responsibility to remove, edit, or reject +Community leaders have the right and responsibility to remove, edit, or reject comments, commits, code, wiki edits, issues, and other contributions that are -not aligned to this Code of Conduct, or to ban temporarily or permanently any -contributor for other behaviors that they deem inappropriate, threatening, -offensive, or harmful. +not aligned to this Code of Conduct, and will communicate reasons for moderation +decisions when appropriate. ## Scope -This Code of Conduct applies both within project spaces and in public spaces -when an individual is representing the project or its community. Examples of -representing a project or community include using an official project e-mail -address, posting via an official social media account, or acting as an appointed -representative at an online or offline event. Representation of a project may be -further defined and clarified by project maintainers. +This Code of Conduct applies within all community spaces, and also applies when +an individual is officially representing the community in public spaces. +Examples of representing our community include using an official e-mail address, +posting via an official social media account, or acting as an appointed +representative at an online or offline event. ## Enforcement Instances of abusive, harassing, or otherwise unacceptable behavior may be -reported by contacting the project team at office@ory.sh. All complaints will be -reviewed and investigated and will result in a response that is deemed necessary -and appropriate to the circumstances. The project team is obligated to maintain -confidentiality with regard to the reporter of an incident. Further details of -specific enforcement policies may be posted separately. +reported to the community leaders responsible for enforcement at +[office@ory.sh](mailto:office@ory.sh). All complaints will be reviewed and +investigated promptly and fairly. + +All community leaders are obligated to respect the privacy and security of the +reporter of any incident. + +## Enforcement Guidelines + +Community leaders will follow these Community Impact Guidelines in determining +the consequences for any action they deem in violation of this Code of Conduct: + +### 1. Correction + +**Community Impact**: Use of inappropriate language or other behavior deemed +unprofessional or unwelcome in the community. + +**Consequence**: A private, written warning from community leaders, providing +clarity around the nature of the violation and an explanation of why the +behavior was inappropriate. A public apology may be requested. + +### 2. Warning + +**Community Impact**: A violation through a single incident or series of +actions. -Project maintainers who do not follow or enforce the Code of Conduct in good -faith may face temporary or permanent repercussions as determined by other -members of the project's leadership. +**Consequence**: A warning with consequences for continued behavior. No +interaction with the people involved, including unsolicited interaction with +those enforcing the Code of Conduct, for a specified period of time. This +includes avoiding interactions in community spaces as well as external channels +like social media. Violating these terms may lead to a temporary or permanent +ban. + +### 3. Temporary Ban + +**Community Impact**: A serious violation of community standards, including +sustained inappropriate behavior. + +**Consequence**: A temporary ban from any sort of interaction or public +communication with the community for a specified period of time. No public or +private interaction with the people involved, including unsolicited interaction +with those enforcing the Code of Conduct, is allowed during this period. +Violating these terms may lead to a permanent ban. + +### 4. Permanent Ban + +**Community Impact**: Demonstrating a pattern of violation of community +standards, including sustained inappropriate behavior, harassment of an +individual, or aggression toward or disparagement of classes of individuals. + +**Consequence**: A permanent ban from any sort of public interaction within the +community. ## Attribution This Code of Conduct is adapted from the [Contributor Covenant][homepage], -version 1.4, available at -https://www.contributor-covenant.org/version/1/4/code-of-conduct.html +version 2.1, available at +[https://www.contributor-covenant.org/version/2/1/code_of_conduct.html][v2.1]. -[homepage]: https://www.contributor-covenant.org +Community Impact Guidelines were inspired by [Mozilla's code of conduct +enforcement ladder][mozilla coc]. -For answers to common questions about this code of conduct, see -https://www.contributor-covenant.org/faq +For answers to common questions about this code of conduct, see the FAQ at +[https://www.contributor-covenant.org/faq][faq]. Translations are available at +[https://www.contributor-covenant.org/translations][translations]. + +[homepage]: https://www.contributor-covenant.org +[v2.1]: https://www.contributor-covenant.org/version/2/1/code_of_conduct.html +[mozilla coc]: https://github.com/mozilla/diversity +[faq]: https://www.contributor-covenant.org/faq +[translations]: https://www.contributor-covenant.org/translations diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 0ffc441617af..1bd379680b0e 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -8,7 +8,7 @@ https://github.com/ory/meta/blob/master/templates/repository/common/CONTRIBUTING --> -# Contributing to Ory Kratos +# Contribute to Ory Kratos @@ -17,28 +17,28 @@ https://github.com/ory/meta/blob/master/templates/repository/common/CONTRIBUTING - [FAQ](#faq) - [How can I contribute?](#how-can-i-contribute) - [Communication](#communication) -- [Contributing Code](#contributing-code) -- [Documentation](#documentation) +- [Contribute examples](#contribute-examples) +- [Contribute code](#contribute-code) +- [Contribute documentation](#contribute-documentation) - [Disclosing vulnerabilities](#disclosing-vulnerabilities) -- [Code Style](#code-style) - - [Working with Forks](#working-with-forks) +- [Code style](#code-style) + - [Working with forks](#working-with-forks) - [Conduct](#conduct) ## Introduction -There are many ways in which you can contribute, beyond writing code. The goal -of this document is to provide a high-level overview of how you can get -involved. - _Please note_: We take Ory Kratos's security and our users' trust very seriously. If you believe you have found a security issue in Ory Kratos, -please responsibly disclose by contacting us at security@ory.sh. +please disclose by contacting us at security@ory.sh. + +There are many ways in which you can contribute. The goal of this document is to +provide a high-level overview of how you can get involved in Ory. -First: As a potential contributor, your changes and ideas are welcome at any -hour of the day or night, weekdays, weekends, and holidays. Please do not ever -hesitate to ask a question or send a pull request. +As a potential contributor, your changes and ideas are welcome at any hour of +the day or night, weekdays, weekends, and holidays. Please do not ever hesitate +to ask a question or send a pull request. If you are unsure, just ask or submit the issue or pull request anyways. You won't be yelled at for giving it your best effort. The worst that can happen is @@ -47,8 +47,8 @@ contributions, and don't want a wall of rules to get in the way of that. That said, if you want to ensure that a pull request is likely to be merged, talk to us! You can find out our thoughts and ensure that your contribution -won't clash or be obviated by Ory -Kratos's normal direction. A great way to +won't clash with Ory +Kratos's direction. A great way to do this is via [Ory Kratos Discussions](https://github.com/ory/kratos/discussions) or the [Ory Chat](https://www.ory.sh/chat). @@ -78,11 +78,11 @@ or the [Ory Chat](https://www.ory.sh/chat). ## How can I contribute? -If you want to start contributing code right away, we have a +If you want to start to contribute code right away, take a look at the [list of good first issues](https://github.com/ory/kratos/labels/good%20first%20issue). -There are many other ways you can contribute without writing any code. Here are -a few things you can do to help out: +There are many other ways you can contribute. Here are a few things you can do +to help out: - **Give us a star.** It may not seem like much, but it really makes a difference. This is something that everyone can do to help out Ory Kratos. @@ -90,22 +90,29 @@ a few things you can do to help out: - **Join the community.** Sometimes helping people can be as easy as listening to their problems and offering a different perspective. Join our Slack, have a - look at discussions in the forum and take part in our weekly hangout. More - info on this in [Communication](#communication). - -- **Helping with open issues.** We have a lot of open issues for Ory Kratos - and some of them may lack necessary information, some are duplicates of older + look at discussions in the forum and take part in community events. More info + on this in [Communication](#communication). + +- **Answer discussions.** There are at all times a number of unanswered + discussions on GitHub, you can see an + [overview here](https://github.com/discussions?discussions_q=is%3Aunanswered+org%3Aory+sort%3Aupdated-desc). + If you think you know an answer or can provide some information that might + help, please share it! Bonus: You get GitHub achievements for answered + discussions. + +- **Help with open issues.** We have a lot of open issues for Ory Kratos and + some of them may lack necessary information, some are duplicates of older issues. You can help out by guiding people through the process of filling out the issue template, asking for clarifying information, or pointing them to existing issues that match their description of the problem. -- **Reviewing documentation changes.** Most documentation just needs a review - for proper spelling and grammar. If you think a document can be improved in - any way, feel free to hit the `edit` button at the top of the page. More info - on contributing to documentation [here](#documentation). +- **Review documentation changes.** Most documentation just needs a review for + proper spelling and grammar. If you think a document can be improved in any + way, feel free to hit the `edit` button at the top of the page. More info on + contributing to documentation [here](#contribute-documentation). -- **Help with tests.** Some pull requests may lack proper tests or test plans. - These are needed for the change to be implemented safely. +- **Help with tests.** Pull requests may lack proper tests or test plans. These + are needed for the change to be implemented safely. ## Communication @@ -115,9 +122,9 @@ questions, discuss bugs and feature requests, talk to other users of Ory, etc. Check out [Ory Kratos Discussions](https://github.com/ory/kratos/discussions). This is a great place for in-depth discussions and lots of code examples, logs and similar data. -You can also join our community hangout, if you want to speak to the Ory team -directly or ask some questions. You can find more info on the hangouts in -[Slack](https://www.ory.sh/chat). +You can also join our community calls, if you want to speak to the Ory team +directly or ask some questions. You can find more info and participate in +[Slack](https://www.ory.sh/chat) in the #community-call channel. If you want to receive regular notifications about updates to Ory Kratos, consider joining the mailing list. We will _only_ send you vital information on @@ -125,7 +132,34 @@ the projects that you are interested in. Also [follow us on twitter](https://twitter.com/orycorp). -## Contributing Code +## Contribute examples + +One of the most impactful ways to make a contribution is adding examples. You +can find an overview of examples using Ory services in the +[documentation examples page](https://www.ory.sh/docs/examples). Source code for +examples can be found in most cases in the +[ory/examples](https://github.com/ory/examples) repository. + +_If you would like to contribute a new example, we would love to hear from you!_ + +Please [open an issue](https://github.com/ory/examples/issues/new/choose) to +describe your example before you start working on it. We would love to provide +guidance to make for a pleasant contribution experience. Go through this +checklist to contribute an example: + +1. Create a github issue proposing a new example and make sure it's different + from an existing one. +1. Fork the repo and create a feature branch off of `master` so that changes do + not get mixed up. +1. Add a descriptive prefix to commits. This ensures a uniform commit history + and helps structure the changelog. Please refer to this + [list of prefixes for Kratos](https://github.com/ory/kratos/blob/master/.github/semantic.yml) + for an overview. +1. Create a `README.md` that explains how to use the example. (Use + [the README template](https://github.com/ory/examples/blob/master/_common/README)). +1. Open a pull request and maintainers will review and merge your example. + +## Contribute code Unless you are fixing a known bug, we **strongly** recommend discussing it with the core team via a GitHub issue or [in our chat](https://www.ory.sh/chat) @@ -146,8 +180,8 @@ request, go through this checklist: equivalent) command and confirm that it passes. 1. Run `make format` if a `Makefile` is available, `gofmt -s` if the project is written in Go, `npm run format` if the project is written for NodeJS. -1. Ensure that each commit has a descriptive prefix. This ensures a uniform - commit history and helps structure the changelog. +1. Add a descriptive prefix to commits. This ensures a uniform commit history + and helps structure the changelog. Please refer to this [list of prefixes for Kratos](https://github.com/ory/kratos/blob/master/.github/semantic.yml) for an overview. @@ -189,22 +223,20 @@ you should change the status to "Ready for review" and Reviewers will approve the pull request once they are satisfied with the patch. -## Documentation - -Please provide documentation when changing, removing, or adding features. -Documentation resides in the project's -[docs](https://github.com/ory/kratos/tree/master/docs) folder. Generate API and -configuration reference documentation using `cd docs; npm run gen`. +## Contribute documentation -For further instructions please head over to -[docs/README.md](https://github.com/ory/kratos/blob/master/README.md). +Please provide documentation when changing, removing, or adding features. All +Ory Documentation resides in the +[Ory documentation repository](https://github.com/ory/docs/). For further +instructions please head over to the Ory Documentation +[README.md](https://github.com/ory/docs/blob/master/README.md). ## Disclosing vulnerabilities Please disclose vulnerabilities exclusively to [security@ory.sh](mailto:security@ory.sh). Do not use GitHub issues. -## Code Style +## Code style Please follow these guidelines when formatting source code: @@ -212,9 +244,9 @@ Please follow these guidelines when formatting source code: - NodeJS and JavaScript code should be prettified using `npm run format` where appropriate. -### Working with Forks +### Working with forks -``` +```bash # First you clone the original repository git clone git@github.com:ory/ory/kratos.git @@ -244,21 +276,7 @@ Now go to the project's GitHub Pull Request page and click "New pull request" Whether you are a regular contributor or a newcomer, we care about making this community a safe place for you and we've got your back. -- We are committed to providing a friendly, safe and welcoming environment for - all, regardless of gender, sexual orientation, disability, ethnicity, - religion, or similar personal characteristic. -- Please avoid using nicknames that might detract from a friendly, safe and - welcoming environment for all. -- Be kind and courteous. There is no need to be mean or rude. -- We will exclude you from interaction if you insult, demean or harass anyone. - In particular, we do not tolerate behavior that excludes people in socially - marginalized groups. -- Private harassment is also unacceptable. No matter who you are, if you feel - you have been or are being harassed or made uncomfortable by a community - member, please contact one of the channel ops or a member of the Ory Kratos - core team immediately. -- Likewise any spamming, trolling, flaming, baiting or other attention-stealing - behaviour is not welcome. +[Ory Community Code of Conduct](https://github.com/ory/kratos/blob/master/CODE_OF_CONDUCT.md) We welcome discussion about creating a welcoming, safe, and productive environment for the community. If you have any questions, feedback, or concerns diff --git a/package-lock.json b/package-lock.json index 49f15898aa97..9082e2ed2f02 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,5 +1,5 @@ { - "name": "tmp.02gikyAAyQ", + "name": "tmp.ilZeb2fc5e", "lockfileVersion": 2, "requires": true, "packages": { From a46cef620378a4fd5e1e0fb07b823d7ecdf1e814 Mon Sep 17 00:00:00 2001 From: hackerman <3372410+aeneasr@users.noreply.github.com> Date: Fri, 24 Jun 2022 09:12:35 +0200 Subject: [PATCH 112/411] chore: dry up code (#2541) --- cmd/identities/definitions.go | 35 ++++++++--------------------------- 1 file changed, 8 insertions(+), 27 deletions(-) diff --git a/cmd/identities/definitions.go b/cmd/identities/definitions.go index b48c6c93d30f..98bf57e84cc6 100644 --- a/cmd/identities/definitions.go +++ b/cmd/identities/definitions.go @@ -19,11 +19,11 @@ type ( } ) -func (_ *outputIdentity) Header() []string { +func (_ outputIdentity) Header() []string { return []string{"ID", "VERIFIED ADDRESSES", "RECOVERY ADDRESSES", "SCHEMA ID", "SCHEMA URL"} } -func (i *outputIdentity) Columns() []string { +func (i outputIdentity) Columns() []string { data := [5]string{ i.Id, cmdx.None, @@ -53,7 +53,7 @@ func (i *outputIdentity) Columns() []string { return data[:] } -func (i *outputIdentity) Interface() interface{} { +func (i outputIdentity) Interface() interface{} { return i } @@ -69,38 +69,19 @@ func (i outputIder) Interface() interface{} { return i } -func (_ *outputIdentityCollection) Header() []string { - return []string{"ID", "VERIFIED ADDRESS 1", "RECOVERY ADDRESS 1", "SCHEMA ID", "SCHEMA URL"} +func (_ outputIdentityCollection) Header() []string { + return outputIdentity{}.Header() } -func (c *outputIdentityCollection) Table() [][]string { +func (c outputIdentityCollection) Table() [][]string { rows := make([][]string, len(c.identities)) for i, ident := range c.identities { - data := [5]string{ - ident.Id, - cmdx.None, - cmdx.None, - cmdx.None, - cmdx.None, - } - - if len(ident.VerifiableAddresses) != 0 { - data[1] = (ident.VerifiableAddresses)[0].Value - } - - if len(ident.RecoveryAddresses) != 0 { - data[2] = (ident.RecoveryAddresses)[0].Value - } - - data[3] = ident.SchemaId - data[4] = ident.SchemaUrl - - rows[i] = data[:] + rows[i] = outputIdentity(ident).Columns() } return rows } -func (c *outputIdentityCollection) Interface() interface{} { +func (c outputIdentityCollection) Interface() interface{} { return c.identities } From 6424352dd855b1e9cc3ba297a6fa6eb0e4cec896 Mon Sep 17 00:00:00 2001 From: ory-bot <60093411+ory-bot@users.noreply.github.com> Date: Fri, 24 Jun 2022 07:54:21 +0000 Subject: [PATCH 113/411] autogen(docs): regenerate and update changelog [skip ci] --- CHANGELOG.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 79b67e7dc68c..b374063e6664 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,7 +4,7 @@ **Table of Contents** -- [ (2022-06-20)](#2022-06-20) +- [ (2022-06-24)](#2022-06-24) - [Bug Fixes](#bug-fixes) - [Documentation](#documentation) - [Features](#features) @@ -260,7 +260,7 @@ -# [](https://github.com/ory/kratos/compare/v0.10.1...v) (2022-06-20) +# [](https://github.com/ory/kratos/compare/v0.10.1...v) (2022-06-24) ### Bug Fixes From e581ec675c63a5bacaf8e1af63cb327e6d9d6324 Mon Sep 17 00:00:00 2001 From: aeneasr <3372410+aeneasr@users.noreply.github.com> Date: Wed, 29 Jun 2022 16:06:32 +0000 Subject: [PATCH 114/411] chore: update repository templates [skip ci] - updated repository templates to https://github.com/ory/meta/commit/81cbfd3d9e49770d8701731420ef32045e1ce796 --- .github/workflows/conventional_commits.yml | 75 ++++++++++++++++++++++ package-lock.json | 2 +- 2 files changed, 76 insertions(+), 1 deletion(-) create mode 100644 .github/workflows/conventional_commits.yml diff --git a/.github/workflows/conventional_commits.yml b/.github/workflows/conventional_commits.yml new file mode 100644 index 000000000000..9d92dcb88846 --- /dev/null +++ b/.github/workflows/conventional_commits.yml @@ -0,0 +1,75 @@ +name: Conventional commits + +on: + pull_request_target: # enable Pull Requests from forks, uses config from master branch + types: [opened, edited, reopened, ready_for_review] + # pull_request: # for debugging, uses config in local branch but supports only Pull Requests from this repo + +jobs: + main: + name: Validate PR title + runs-on: ubuntu-latest + steps: + - uses: amannn/action-semantic-pull-request@v4 + id: check-title + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + with: + types: | + feat + fix + revert + docs + style + refactor + test + build + autogen + security + ci + chore + + scopes: | + blog + cms + deps + docs + home + hydra + keto + kratos + stats + + requireScope: false + + # Configure which scopes are disallowed in PR titles. For instance by setting + # the value below, `chore(release): ...` and `ci(e2e,release): ...` will be rejected. + # disallowScopes: | + # release + + # Configure additional validation for the subject based on a regex. + # This example ensures the subject doesn't start with an uppercase character. + subjectPattern: ^(?![A-Z]).+$ + + # If `subjectPattern` is configured, you can use this property to override + # the default error message that is shown when the pattern doesn't match. + # The variables `subject` and `title` can be used within the message. + subjectPatternError: | + The subject should start with a lowercase letter, yours is uppercase: + "{subject}" + + # If the PR contains one of these labels, the validation is skipped. + # Multiple labels can be separated by newlines. + # If you want to rerun the validation when labels change, you might want + # to use the `labeled` and `unlabeled` event triggers in your workflow. + # ignoreLabels: | + # bot + # ignore-semantic-pull-request + + # For work-in-progress PRs you can typically use draft pull requests + # from GitHub. However, private repositories on the free plan don't have + # this option and therefore this action allows you to opt-in to using the + # special "[WIP]" prefix to indicate this state. This will avoid the + # validation of the PR title and the pull request checks remain pending. + # Note that a second check will be reported if this is enabled. + # wip: true diff --git a/package-lock.json b/package-lock.json index 9082e2ed2f02..30008d72539e 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,5 +1,5 @@ { - "name": "tmp.ilZeb2fc5e", + "name": "tmp.ov3w04WRtE", "lockfileVersion": 2, "requires": true, "packages": { From e55d22f1601e343a7a910ce3a50874a2991cebef Mon Sep 17 00:00:00 2001 From: Kevin Goslar Date: Fri, 1 Jul 2022 00:27:31 -0500 Subject: [PATCH 115/411] chore: delete semantic.yml (#2554) Replaced by https://github.com/ory/meta/pull/154 --- semantic.yml | 17 ----------------- 1 file changed, 17 deletions(-) delete mode 100644 semantic.yml diff --git a/semantic.yml b/semantic.yml deleted file mode 100644 index 1f06deea9d49..000000000000 --- a/semantic.yml +++ /dev/null @@ -1,17 +0,0 @@ -types: - - feat - - fix - - improvement - - docs - - style - - refactor - - perf - - test - - build - - ci - - chore - - revert - -scopes: - - sql - - cli From 3b640ca985b1b22bd1145c7d6feeec5966c39ef3 Mon Sep 17 00:00:00 2001 From: ory-bot <60093411+ory-bot@users.noreply.github.com> Date: Fri, 1 Jul 2022 06:06:02 +0000 Subject: [PATCH 116/411] autogen(docs): regenerate and update changelog [skip ci] --- CHANGELOG.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index b374063e6664..4a43d510997e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,7 +4,7 @@ **Table of Contents** -- [ (2022-06-24)](#2022-06-24) +- [ (2022-07-01)](#2022-07-01) - [Bug Fixes](#bug-fixes) - [Documentation](#documentation) - [Features](#features) @@ -260,7 +260,7 @@ -# [](https://github.com/ory/kratos/compare/v0.10.1...v) (2022-06-24) +# [](https://github.com/ory/kratos/compare/v0.10.1...v) (2022-07-01) ### Bug Fixes From fffba473440fec3118a3951b697d5a0d2d4e30d6 Mon Sep 17 00:00:00 2001 From: kszafran Date: Mon, 4 Jul 2022 10:17:53 +0200 Subject: [PATCH 117/411] fix: return empty array not null when there are no sessions (#2548) --- persistence/sql/persister_session.go | 2 +- session/handler_test.go | 6 ++---- 2 files changed, 3 insertions(+), 5 deletions(-) diff --git a/persistence/sql/persister_session.go b/persistence/sql/persister_session.go index be4088896aca..2c036d2ab6d9 100644 --- a/persistence/sql/persister_session.go +++ b/persistence/sql/persister_session.go @@ -47,7 +47,7 @@ func (p *Persister) ListSessionsByIdentity(ctx context.Context, iID uuid.UUID, a ctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, "persistence.sql.ListSessionsByIdentity") defer span.End() - var s []*session.Session + s := make([]*session.Session, 0) nid := corp.ContextualizeNID(ctx, p.nid) if err := p.Transaction(ctx, func(ctx context.Context, c *pop.Connection) error { diff --git a/session/handler_test.go b/session/handler_test.go index 8ad1b82c2b64..a6332fb154ca 100644 --- a/session/handler_test.go +++ b/session/handler_test.go @@ -32,6 +32,7 @@ import ( "github.com/ory/kratos/internal/testhelpers" . "github.com/ory/kratos/session" "github.com/ory/kratos/x" + "github.com/ory/x/ioutilx" "github.com/ory/x/urlx" ) @@ -441,10 +442,7 @@ func TestHandlerAdminSessionManagement(t *testing.T) { res, err := client.Do(req) require.NoError(t, err) assert.Equal(t, http.StatusOK, res.StatusCode) - - var sessions []Session - require.NoError(t, json.NewDecoder(res.Body).Decode(&sessions)) - assert.Len(t, sessions, 0) + assert.JSONEq(t, "[]", string(ioutilx.MustReadAll(res.Body))) }) }) From 995bd0a48004c43d6b587f19ebb2593d82c3769b Mon Sep 17 00:00:00 2001 From: ory-bot <60093411+ory-bot@users.noreply.github.com> Date: Mon, 4 Jul 2022 08:53:55 +0000 Subject: [PATCH 118/411] autogen(docs): regenerate and update changelog [skip ci] --- CHANGELOG.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 4a43d510997e..b09c8dfb7f5d 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,7 +4,7 @@ **Table of Contents** -- [ (2022-07-01)](#2022-07-01) +- [ (2022-07-04)](#2022-07-04) - [Bug Fixes](#bug-fixes) - [Documentation](#documentation) - [Features](#features) @@ -260,12 +260,13 @@ -# [](https://github.com/ory/kratos/compare/v0.10.1...v) (2022-07-01) +# [](https://github.com/ory/kratos/compare/v0.10.1...v) (2022-07-04) ### Bug Fixes * Make ID field in VerifiableAddress struct optional ([#2507](https://github.com/ory/kratos/issues/2507)) ([0844b47](https://github.com/ory/kratos/commit/0844b47c30851c548d46273927afee103cdc0e97)), closes [#2506](https://github.com/ory/kratos/issues/2506) +* Return empty array not null when there are no sessions ([#2548](https://github.com/ory/kratos/issues/2548)) ([fffba47](https://github.com/ory/kratos/commit/fffba473440fec3118a3951b697d5a0d2d4e30d6)) ### Documentation From 2aeb0a210e6e6433f1a9d9e6a75b21b8e3083239 Mon Sep 17 00:00:00 2001 From: Theodor Brandt Date: Mon, 4 Jul 2022 14:47:01 +0200 Subject: [PATCH 119/411] fix: add issuerURL for apple id (#2565) No issuer url was specified when using the Apple ID provider, this forced usersers to manually enter it in the provider config. This PR adds the Apple ID issuer url to the provider simplifying the setup. --- selfservice/strategy/oidc/provider_apple.go | 1 + 1 file changed, 1 insertion(+) diff --git a/selfservice/strategy/oidc/provider_apple.go b/selfservice/strategy/oidc/provider_apple.go index aa1e395ad3de..4ea727516e47 100644 --- a/selfservice/strategy/oidc/provider_apple.go +++ b/selfservice/strategy/oidc/provider_apple.go @@ -24,6 +24,7 @@ func NewProviderApple( config *Configuration, reg dependencies, ) *ProviderApple { + config.IssuerURL = "https://appleid.apple.com" return &ProviderApple{ ProviderGenericOIDC: &ProviderGenericOIDC{ config: config, From 659cf57533bb914256d5e544c820c8a0853a9514 Mon Sep 17 00:00:00 2001 From: ory-bot <60093411+ory-bot@users.noreply.github.com> Date: Mon, 4 Jul 2022 13:24:52 +0000 Subject: [PATCH 120/411] autogen(docs): regenerate and update changelog [skip ci] --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index b09c8dfb7f5d..3a4a6a6474dc 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -265,6 +265,13 @@ ### Bug Fixes +* Add issuerURL for apple id ([#2565](https://github.com/ory/kratos/issues/2565)) ([2aeb0a2](https://github.com/ory/kratos/commit/2aeb0a210e6e6433f1a9d9e6a75b21b8e3083239)): + + No issuer url was specified when using the Apple ID provider, + this forced usersers to manually enter it in the provider config. + + This PR adds the Apple ID issuer url to the provider simplifying the setup. + * Make ID field in VerifiableAddress struct optional ([#2507](https://github.com/ory/kratos/issues/2507)) ([0844b47](https://github.com/ory/kratos/commit/0844b47c30851c548d46273927afee103cdc0e97)), closes [#2506](https://github.com/ory/kratos/issues/2506) * Return empty array not null when there are no sessions ([#2548](https://github.com/ory/kratos/issues/2548)) ([fffba47](https://github.com/ory/kratos/commit/fffba473440fec3118a3951b697d5a0d2d4e30d6)) From 1ba7c66fc4897b676690f0ac701a0b68aee4f151 Mon Sep 17 00:00:00 2001 From: Dejan Filipovic Date: Tue, 5 Jul 2022 17:57:55 +0200 Subject: [PATCH 121/411] fix: add support for verified Graph API calls for facebook oidc provider (#2547) Co-authored-by: aeneasr <3372410+aeneasr@users.noreply.github.com> --- go.mod | 1 + go.sum | 1 + .../strategy/oidc/provider_facebook.go | 16 +++- .../strategy/oidc/provider_facebook_test.go | 89 +++++++++++++++++++ .../strategy/oidc/stub/oidc.facebook.jsonnet | 13 +++ 5 files changed, 119 insertions(+), 1 deletion(-) create mode 100644 selfservice/strategy/oidc/provider_facebook_test.go create mode 100644 selfservice/strategy/oidc/stub/oidc.facebook.jsonnet diff --git a/go.mod b/go.mod index db50ded5817e..1669ac017013 100644 --- a/go.mod +++ b/go.mod @@ -58,6 +58,7 @@ require ( github.com/hashicorp/golang-lru v0.5.4 github.com/imdario/mergo v0.3.12 github.com/inhies/go-bytesize v0.0.0-20210819104631-275770b98743 + github.com/jarcoal/httpmock v1.0.5 github.com/jteeuwen/go-bindata v3.0.7+incompatible github.com/julienschmidt/httprouter v1.3.0 github.com/knadh/koanf v1.4.0 diff --git a/go.sum b/go.sum index e2ba2e6c1705..57e1e72adf6c 100644 --- a/go.sum +++ b/go.sum @@ -1142,6 +1142,7 @@ github.com/jackc/puddle v1.2.0/go.mod h1:m4B5Dj62Y0fbyuIc15OsIqK0+JU8nkqQjsgx7dv github.com/jandelgado/gcov2lcov v1.0.4/go.mod h1:NnSxK6TMlg1oGDBfGelGbjgorT5/L3cchlbtgFYZSss= github.com/jandelgado/gcov2lcov v1.0.5 h1:rkBt40h0CVK4oCb8Dps950gvfd1rYvQ8+cWa346lVU0= github.com/jandelgado/gcov2lcov v1.0.5/go.mod h1:NnSxK6TMlg1oGDBfGelGbjgorT5/L3cchlbtgFYZSss= +github.com/jarcoal/httpmock v1.0.5 h1:cHtVEcTxRSX4J0je7mWPfc9BpDpqzXSJ5HbymZmyHck= github.com/jarcoal/httpmock v1.0.5/go.mod h1:ATjnClrvW/3tijVmpL/va5Z3aAyGvqU3gCT8nX0Txik= github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99/go.mod h1:1lJo3i6rXxKeerYnT8Nvf0QmHCRC1n8sfWVwXF2Frvo= github.com/jcchavezs/porto v0.1.0/go.mod h1:fESH0gzDHiutHRdX2hv27ojnOVFco37hg1W6E9EZF4A= diff --git a/selfservice/strategy/oidc/provider_facebook.go b/selfservice/strategy/oidc/provider_facebook.go index 15e45cc78555..7dd133087348 100644 --- a/selfservice/strategy/oidc/provider_facebook.go +++ b/selfservice/strategy/oidc/provider_facebook.go @@ -2,7 +2,11 @@ package oidc import ( "context" + "crypto/hmac" + "crypto/sha256" + "encoding/hex" "encoding/json" + "fmt" "net/url" "github.com/hashicorp/go-retryablehttp" @@ -34,6 +38,15 @@ func NewProviderFacebook( } } +func (g *ProviderFacebook) generateAppSecretProof(ctx context.Context, exchange *oauth2.Token) string { + secret := g.config.ClientSecret + data := exchange.AccessToken + + h := hmac.New(sha256.New, []byte(secret)) + h.Write([]byte(data)) + return hex.EncodeToString(h.Sum(nil)) +} + func (g *ProviderFacebook) OAuth2(ctx context.Context) (*oauth2.Config, error) { p, err := g.provider(ctx) if err != nil { @@ -52,8 +65,9 @@ func (g *ProviderFacebook) Claims(ctx context.Context, exchange *oauth2.Token, q return nil, errors.WithStack(herodot.ErrInternalServerError.WithReasonf("%s", err)) } + appSecretProof := g.generateAppSecretProof(ctx, exchange) client := g.reg.HTTPClient(ctx, httpx.ResilientClientWithClient(o.Client(ctx, exchange))) - u, err := url.Parse("https://graph.facebook.com/me?fields=id,name,first_name,last_name,middle_name,email,picture,birthday,gender") + u, err := url.Parse(fmt.Sprintf("https://graph.facebook.com/me?fields=id,name,first_name,last_name,middle_name,email,picture,birthday,gender&appsecret_proof=%s", appSecretProof)) if err != nil { return nil, errors.WithStack(herodot.ErrInternalServerError.WithReasonf("%s", err)) } diff --git a/selfservice/strategy/oidc/provider_facebook_test.go b/selfservice/strategy/oidc/provider_facebook_test.go new file mode 100644 index 000000000000..99062edcaa60 --- /dev/null +++ b/selfservice/strategy/oidc/provider_facebook_test.go @@ -0,0 +1,89 @@ +package oidc_test + +import ( + "context" + "net/http" + "net/url" + "testing" + "time" + + "github.com/jarcoal/httpmock" + + "github.com/ory/kratos/internal" + "github.com/ory/kratos/selfservice/strategy/oidc" + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" + "golang.org/x/oauth2" +) + +const fakeIDToken = "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyLCJleHAiOjk5OTk5OTk5OTksImF1ZCI6ImFiY2QiLCJpc3MiOiJodHRwczovL3Jhdy5naXRodWJ1c2VyY29udGVudC5jb20vYWVuZWFzci9wcml2YXRlLW9pZGMvbWFzdGVyL3Rva2VuIn0.G9v8pJXJrEOgdJ5ecE6sIIcTH_p-RKkBaImfZY5DDVCl7h5GEis1n3GKKYbL_O3fj8Fu-WzI2mquI8S8BOVCQ6wN0XtrqJv22iX_nzeVHc4V_JWV1q7hg2gPpoFFcnF3KKtxZLvDOA8ujsDbAXmoBu0fEBdwCN56xLOOKQDzULyfijuAa8hrCwespZ9HaqcHzD3iHf_Utd4nHqlTM-6upWpKIMkplS_NGcxrfIRIWusZ0wob6ryy8jECD9QeZpdTGUozq-YM64lZfMOZzuLuqichH_PCMKFyB_tOZb6lDIiiSX4Irz7_YF-DP-LmfxgIW4934RqTCeFGGIP64h4xAA" + +func TestProviderFacebook_Claims(t *testing.T) { + httpmock.Activate() + defer httpmock.DeactivateAndReset() + + httpmock.RegisterResponder("GET", "https://graph.facebook.com/me", + func(req *http.Request) (*http.Response, error) { + if _, ok := req.URL.Query()["appsecret_proof"]; !ok { + resp, err := httpmock.NewJsonResponse(400, map[string]interface{}{ + "error": map[string]interface{}{ + "message": "API calls from the server require an appsecret_proof argument", + "type": "GraphMethodException", + "code": 100, + "fbtrace_id": "Ay8LR3n5BsHm809VYpJ3eDM", + }, + }) + return resp, err + } + resp, err := httpmock.NewJsonResponse(200, map[string]interface{}{ + "id": "123456789012345", + "name": "John Doe", + "first_name": "John", + "last_name": "Doe", + "email": "john.doe@example.com", + "birthday": "01/01/1990", + }) + return resp, err + }, + ) + + httpmock.RegisterResponder("GET", "https://www.facebook.com/.well-known/openid-configuration", + func(req *http.Request) (*http.Response, error) { + resp, err := httpmock.NewJsonResponse(200, map[string]interface{}{ + "issuer": "https://www.facebook.com", + }) + return resp, err + }, + ) + + _, reg := internal.NewFastRegistryWithMocks(t) + c := &oidc.Configuration{ + ID: "facebook", + Provider: "facebook", + ClientID: "abcd", + ClientSecret: "secret", + Mapper: "file://./stub/oidc.facebook.jsonnet", + Scope: []string{"email"}, + } + facebook := oidc.NewProviderFacebook(c, reg) + + actual, err := facebook.Claims( + context.Background(), + (&oauth2.Token{AccessToken: "foo", Expiry: time.Now().Add(time.Hour)}).WithExtra(map[string]interface{}{"id_token": fakeIDToken}), + url.Values{}, + ) + require.NoError(t, err) + + assert.Equal(t, &oidc.Claims{ + Issuer: "https://graph.facebook.com/me?fields=id,name,first_name,last_name,middle_name,email,picture,birthday,gender&appsecret_proof=773ba44693c7553d6ee20f61ea5d2757a9a4f4a44d2841ae4e95b52e4cd62db4", + Subject: "123456789012345", + Name: "John Doe", + GivenName: "John", + FamilyName: "Doe", + Nickname: "John Doe", + PreferredUsername: "John Doe", + Email: "john.doe@example.com", + EmailVerified: true, + Birthdate: "01/01/1990", + }, actual) +} diff --git a/selfservice/strategy/oidc/stub/oidc.facebook.jsonnet b/selfservice/strategy/oidc/stub/oidc.facebook.jsonnet new file mode 100644 index 000000000000..4a1c10265aa9 --- /dev/null +++ b/selfservice/strategy/oidc/stub/oidc.facebook.jsonnet @@ -0,0 +1,13 @@ +local claims = std.extVar('claims'); + +if std.length(claims.sub) == 0 then + error 'claim sub not set' +else + { + identity: { + traits: { + subject: claims.sub, + [if "email" in claims then "email" else null]: claims.email, + }, + }, + } From 2b8a4f503e0423328ebaeaaa2d215255017302ca Mon Sep 17 00:00:00 2001 From: ory-bot <60093411+ory-bot@users.noreply.github.com> Date: Tue, 5 Jul 2022 16:00:00 +0000 Subject: [PATCH 122/411] autogen(openapi): regenerate swagger spec and internal client [skip ci] --- selfservice/strategy/oidc/provider_facebook_test.go | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/selfservice/strategy/oidc/provider_facebook_test.go b/selfservice/strategy/oidc/provider_facebook_test.go index 99062edcaa60..b7f00921a3c7 100644 --- a/selfservice/strategy/oidc/provider_facebook_test.go +++ b/selfservice/strategy/oidc/provider_facebook_test.go @@ -9,11 +9,12 @@ import ( "github.com/jarcoal/httpmock" - "github.com/ory/kratos/internal" - "github.com/ory/kratos/selfservice/strategy/oidc" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" "golang.org/x/oauth2" + + "github.com/ory/kratos/internal" + "github.com/ory/kratos/selfservice/strategy/oidc" ) const fakeIDToken = "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyLCJleHAiOjk5OTk5OTk5OTksImF1ZCI6ImFiY2QiLCJpc3MiOiJodHRwczovL3Jhdy5naXRodWJ1c2VyY29udGVudC5jb20vYWVuZWFzci9wcml2YXRlLW9pZGMvbWFzdGVyL3Rva2VuIn0.G9v8pJXJrEOgdJ5ecE6sIIcTH_p-RKkBaImfZY5DDVCl7h5GEis1n3GKKYbL_O3fj8Fu-WzI2mquI8S8BOVCQ6wN0XtrqJv22iX_nzeVHc4V_JWV1q7hg2gPpoFFcnF3KKtxZLvDOA8ujsDbAXmoBu0fEBdwCN56xLOOKQDzULyfijuAa8hrCwespZ9HaqcHzD3iHf_Utd4nHqlTM-6upWpKIMkplS_NGcxrfIRIWusZ0wob6ryy8jECD9QeZpdTGUozq-YM64lZfMOZzuLuqichH_PCMKFyB_tOZb6lDIiiSX4Irz7_YF-DP-LmfxgIW4934RqTCeFGGIP64h4xAA" From c058e23599d994e12b676e87f7282c1f2b2e089c Mon Sep 17 00:00:00 2001 From: Felix Beuke Date: Tue, 5 Jul 2022 18:41:58 +0200 Subject: [PATCH 123/411] fix(identity): migrate identity_addresses to lower case (#2517) Closes #2426 --- ...20610155809000000_identity_address_casing.cockroach.down.sql | 0 ...0220610155809000000_identity_address_casing.cockroach.up.sql | 2 ++ .../20220610155809000000_identity_address_casing.mysql.down.sql | 0 .../20220610155809000000_identity_address_casing.mysql.up.sql | 2 ++ ...220610155809000000_identity_address_casing.postgres.down.sql | 0 ...20220610155809000000_identity_address_casing.postgres.up.sql | 2 ++ ...0220610155809000000_identity_address_casing.sqlite3.down.sql | 0 .../20220610155809000000_identity_address_casing.sqlite3.up.sql | 2 ++ .../20220301102702_identity_address_performance.up.sql | 2 +- 9 files changed, 9 insertions(+), 1 deletion(-) create mode 100644 persistence/sql/migrations/sql/20220610155809000000_identity_address_casing.cockroach.down.sql create mode 100644 persistence/sql/migrations/sql/20220610155809000000_identity_address_casing.cockroach.up.sql create mode 100644 persistence/sql/migrations/sql/20220610155809000000_identity_address_casing.mysql.down.sql create mode 100644 persistence/sql/migrations/sql/20220610155809000000_identity_address_casing.mysql.up.sql create mode 100644 persistence/sql/migrations/sql/20220610155809000000_identity_address_casing.postgres.down.sql create mode 100644 persistence/sql/migrations/sql/20220610155809000000_identity_address_casing.postgres.up.sql create mode 100644 persistence/sql/migrations/sql/20220610155809000000_identity_address_casing.sqlite3.down.sql create mode 100644 persistence/sql/migrations/sql/20220610155809000000_identity_address_casing.sqlite3.up.sql diff --git a/persistence/sql/migrations/sql/20220610155809000000_identity_address_casing.cockroach.down.sql b/persistence/sql/migrations/sql/20220610155809000000_identity_address_casing.cockroach.down.sql new file mode 100644 index 000000000000..e69de29bb2d1 diff --git a/persistence/sql/migrations/sql/20220610155809000000_identity_address_casing.cockroach.up.sql b/persistence/sql/migrations/sql/20220610155809000000_identity_address_casing.cockroach.up.sql new file mode 100644 index 000000000000..8fc16ef42053 --- /dev/null +++ b/persistence/sql/migrations/sql/20220610155809000000_identity_address_casing.cockroach.up.sql @@ -0,0 +1,2 @@ +UPDATE identity_recovery_addresses SET value = LOWER(value) WHERE TRUE; +UPDATE identity_verifiable_addresses SET value = LOWER(value) WHERE TRUE; diff --git a/persistence/sql/migrations/sql/20220610155809000000_identity_address_casing.mysql.down.sql b/persistence/sql/migrations/sql/20220610155809000000_identity_address_casing.mysql.down.sql new file mode 100644 index 000000000000..e69de29bb2d1 diff --git a/persistence/sql/migrations/sql/20220610155809000000_identity_address_casing.mysql.up.sql b/persistence/sql/migrations/sql/20220610155809000000_identity_address_casing.mysql.up.sql new file mode 100644 index 000000000000..8fc16ef42053 --- /dev/null +++ b/persistence/sql/migrations/sql/20220610155809000000_identity_address_casing.mysql.up.sql @@ -0,0 +1,2 @@ +UPDATE identity_recovery_addresses SET value = LOWER(value) WHERE TRUE; +UPDATE identity_verifiable_addresses SET value = LOWER(value) WHERE TRUE; diff --git a/persistence/sql/migrations/sql/20220610155809000000_identity_address_casing.postgres.down.sql b/persistence/sql/migrations/sql/20220610155809000000_identity_address_casing.postgres.down.sql new file mode 100644 index 000000000000..e69de29bb2d1 diff --git a/persistence/sql/migrations/sql/20220610155809000000_identity_address_casing.postgres.up.sql b/persistence/sql/migrations/sql/20220610155809000000_identity_address_casing.postgres.up.sql new file mode 100644 index 000000000000..8fc16ef42053 --- /dev/null +++ b/persistence/sql/migrations/sql/20220610155809000000_identity_address_casing.postgres.up.sql @@ -0,0 +1,2 @@ +UPDATE identity_recovery_addresses SET value = LOWER(value) WHERE TRUE; +UPDATE identity_verifiable_addresses SET value = LOWER(value) WHERE TRUE; diff --git a/persistence/sql/migrations/sql/20220610155809000000_identity_address_casing.sqlite3.down.sql b/persistence/sql/migrations/sql/20220610155809000000_identity_address_casing.sqlite3.down.sql new file mode 100644 index 000000000000..e69de29bb2d1 diff --git a/persistence/sql/migrations/sql/20220610155809000000_identity_address_casing.sqlite3.up.sql b/persistence/sql/migrations/sql/20220610155809000000_identity_address_casing.sqlite3.up.sql new file mode 100644 index 000000000000..8fc16ef42053 --- /dev/null +++ b/persistence/sql/migrations/sql/20220610155809000000_identity_address_casing.sqlite3.up.sql @@ -0,0 +1,2 @@ +UPDATE identity_recovery_addresses SET value = LOWER(value) WHERE TRUE; +UPDATE identity_verifiable_addresses SET value = LOWER(value) WHERE TRUE; diff --git a/persistence/sql/migrations/templates/20220301102702_identity_address_performance.up.sql b/persistence/sql/migrations/templates/20220301102702_identity_address_performance.up.sql index 640c32d6224a..8fc16ef42053 100644 --- a/persistence/sql/migrations/templates/20220301102702_identity_address_performance.up.sql +++ b/persistence/sql/migrations/templates/20220301102702_identity_address_performance.up.sql @@ -1,2 +1,2 @@ UPDATE identity_recovery_addresses SET value = LOWER(value) WHERE TRUE; -UPDATE identity_verification_addresses SET value = LOWER(value) WHERE TRUE; +UPDATE identity_verifiable_addresses SET value = LOWER(value) WHERE TRUE; From e746c3302ba0c1a3ee61b1f2968bcb8cc0691ed2 Mon Sep 17 00:00:00 2001 From: ory-bot <60093411+ory-bot@users.noreply.github.com> Date: Tue, 5 Jul 2022 17:23:30 +0000 Subject: [PATCH 124/411] autogen(docs): regenerate and update changelog [skip ci] --- CHANGELOG.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 3a4a6a6474dc..5c31afe41e11 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,7 +4,7 @@ **Table of Contents** -- [ (2022-07-04)](#2022-07-04) +- [ (2022-07-05)](#2022-07-05) - [Bug Fixes](#bug-fixes) - [Documentation](#documentation) - [Features](#features) @@ -260,7 +260,7 @@ -# [](https://github.com/ory/kratos/compare/v0.10.1...v) (2022-07-04) +# [](https://github.com/ory/kratos/compare/v0.10.1...v) (2022-07-05) ### Bug Fixes @@ -272,6 +272,8 @@ This PR adds the Apple ID issuer url to the provider simplifying the setup. +* Add support for verified Graph API calls for facebook oidc provider ([#2547](https://github.com/ory/kratos/issues/2547)) ([1ba7c66](https://github.com/ory/kratos/commit/1ba7c66fc4897b676690f0ac701a0b68aee4f151)) +* **identity:** Migrate identity_addresses to lower case ([#2517](https://github.com/ory/kratos/issues/2517)) ([c058e23](https://github.com/ory/kratos/commit/c058e23599d994e12b676e87f7282c1f2b2e089c)), closes [#2426](https://github.com/ory/kratos/issues/2426) * Make ID field in VerifiableAddress struct optional ([#2507](https://github.com/ory/kratos/issues/2507)) ([0844b47](https://github.com/ory/kratos/commit/0844b47c30851c548d46273927afee103cdc0e97)), closes [#2506](https://github.com/ory/kratos/issues/2506) * Return empty array not null when there are no sessions ([#2548](https://github.com/ory/kratos/issues/2548)) ([fffba47](https://github.com/ory/kratos/commit/fffba473440fec3118a3951b697d5a0d2d4e30d6)) From ca3d9c24e25ce501e9eae23547f87e1c35b2ea97 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mi=C5=82osz?= <12242002+mszekiel@users.noreply.github.com> Date: Wed, 6 Jul 2022 22:21:16 +0200 Subject: [PATCH 125/411] fix: remove newline sign from email subject (#2576) --- courier/template/email/recovery_invalid.go | 5 ++++- courier/template/email/recovery_valid.go | 5 ++++- courier/template/email/stub.go | 5 ++++- courier/template/email/verification_invalid.go | 5 ++++- courier/template/email/verification_valid.go | 5 ++++- .../profiles/recovery/recovery/errors.spec.ts | 6 ++---- .../profiles/verification/verify/errors.spec.ts | 4 +--- test/e2e/cypress/support/commands.ts | 12 ++++-------- 8 files changed, 27 insertions(+), 20 deletions(-) diff --git a/courier/template/email/recovery_invalid.go b/courier/template/email/recovery_invalid.go index 25c20c2095ef..0fe4dcaf5d04 100644 --- a/courier/template/email/recovery_invalid.go +++ b/courier/template/email/recovery_invalid.go @@ -4,6 +4,7 @@ import ( "context" "encoding/json" "os" + "strings" "github.com/ory/kratos/courier/template" ) @@ -27,7 +28,9 @@ func (t *RecoveryInvalid) EmailRecipient() (string, error) { } func (t *RecoveryInvalid) EmailSubject(ctx context.Context) (string, error) { - return template.LoadText(ctx, t.d, os.DirFS(t.d.CourierConfig(ctx).CourierTemplatesRoot()), "recovery/invalid/email.subject.gotmpl", "recovery/invalid/email.subject*", t.m, t.d.CourierConfig(ctx).CourierTemplatesRecoveryInvalid().Subject) + subject, err := template.LoadText(ctx, t.d, os.DirFS(t.d.CourierConfig(ctx).CourierTemplatesRoot()), "recovery/invalid/email.subject.gotmpl", "recovery/invalid/email.subject*", t.m, t.d.CourierConfig(ctx).CourierTemplatesRecoveryInvalid().Subject) + + return strings.TrimSpace(subject), err } func (t *RecoveryInvalid) EmailBody(ctx context.Context) (string, error) { diff --git a/courier/template/email/recovery_valid.go b/courier/template/email/recovery_valid.go index 65ce00f27c0e..686b498182b2 100644 --- a/courier/template/email/recovery_valid.go +++ b/courier/template/email/recovery_valid.go @@ -4,6 +4,7 @@ import ( "context" "encoding/json" "os" + "strings" "github.com/ory/kratos/courier/template" ) @@ -29,7 +30,9 @@ func (t *RecoveryValid) EmailRecipient() (string, error) { } func (t *RecoveryValid) EmailSubject(ctx context.Context) (string, error) { - return template.LoadText(ctx, t.d, os.DirFS(t.d.CourierConfig(ctx).CourierTemplatesRoot()), "recovery/valid/email.subject.gotmpl", "recovery/valid/email.subject*", t.m, t.d.CourierConfig(ctx).CourierTemplatesRecoveryValid().Subject) + subject, err := template.LoadText(ctx, t.d, os.DirFS(t.d.CourierConfig(ctx).CourierTemplatesRoot()), "recovery/valid/email.subject.gotmpl", "recovery/valid/email.subject*", t.m, t.d.CourierConfig(ctx).CourierTemplatesRecoveryValid().Subject) + + return strings.TrimSpace(subject), err } func (t *RecoveryValid) EmailBody(ctx context.Context) (string, error) { diff --git a/courier/template/email/stub.go b/courier/template/email/stub.go index e5cecaf657a8..eaba365441ab 100644 --- a/courier/template/email/stub.go +++ b/courier/template/email/stub.go @@ -4,6 +4,7 @@ import ( "context" "encoding/json" "os" + "strings" "github.com/ory/kratos/courier/template" ) @@ -29,7 +30,9 @@ func (t *TestStub) EmailRecipient() (string, error) { } func (t *TestStub) EmailSubject(ctx context.Context) (string, error) { - return template.LoadText(ctx, t.d, os.DirFS(t.d.CourierConfig(ctx).CourierTemplatesRoot()), "test_stub/email.subject.gotmpl", "test_stub/email.subject*", t.m, "") + subject, err := template.LoadText(ctx, t.d, os.DirFS(t.d.CourierConfig(ctx).CourierTemplatesRoot()), "test_stub/email.subject.gotmpl", "test_stub/email.subject*", t.m, "") + + return strings.TrimSpace(subject), err } func (t *TestStub) EmailBody(ctx context.Context) (string, error) { diff --git a/courier/template/email/verification_invalid.go b/courier/template/email/verification_invalid.go index f153c13aa922..2eae8483abb6 100644 --- a/courier/template/email/verification_invalid.go +++ b/courier/template/email/verification_invalid.go @@ -4,6 +4,7 @@ import ( "context" "encoding/json" "os" + "strings" "github.com/ory/kratos/courier/template" ) @@ -27,7 +28,9 @@ func (t *VerificationInvalid) EmailRecipient() (string, error) { } func (t *VerificationInvalid) EmailSubject(ctx context.Context) (string, error) { - return template.LoadText(ctx, t.d, os.DirFS(t.d.CourierConfig(ctx).CourierTemplatesRoot()), "verification/invalid/email.subject.gotmpl", "verification/invalid/email.subject*", t.m, t.d.CourierConfig(ctx).CourierTemplatesVerificationInvalid().Subject) + subject, err := template.LoadText(ctx, t.d, os.DirFS(t.d.CourierConfig(ctx).CourierTemplatesRoot()), "verification/invalid/email.subject.gotmpl", "verification/invalid/email.subject*", t.m, t.d.CourierConfig(ctx).CourierTemplatesVerificationInvalid().Subject) + + return strings.TrimSpace(subject), err } func (t *VerificationInvalid) EmailBody(ctx context.Context) (string, error) { diff --git a/courier/template/email/verification_valid.go b/courier/template/email/verification_valid.go index 3de84840bdbe..9a7b33dbb899 100644 --- a/courier/template/email/verification_valid.go +++ b/courier/template/email/verification_valid.go @@ -4,6 +4,7 @@ import ( "context" "encoding/json" "os" + "strings" "github.com/ory/kratos/courier/template" ) @@ -29,7 +30,9 @@ func (t *VerificationValid) EmailRecipient() (string, error) { } func (t *VerificationValid) EmailSubject(ctx context.Context) (string, error) { - return template.LoadText(ctx, t.d, os.DirFS(t.d.CourierConfig(ctx).CourierTemplatesRoot()), "verification/valid/email.subject.gotmpl", "verification/valid/email.subject*", t.m, t.d.CourierConfig(ctx).CourierTemplatesVerificationValid().Subject) + subject, err := template.LoadText(ctx, t.d, os.DirFS(t.d.CourierConfig(ctx).CourierTemplatesRoot()), "verification/valid/email.subject.gotmpl", "verification/valid/email.subject*", t.m, t.d.CourierConfig(ctx).CourierTemplatesVerificationValid().Subject) + + return strings.TrimSpace(subject), err } func (t *VerificationValid) EmailBody(ctx context.Context) (string, error) { diff --git a/test/e2e/cypress/integration/profiles/recovery/recovery/errors.spec.ts b/test/e2e/cypress/integration/profiles/recovery/recovery/errors.spec.ts index ecb91e788e2b..8678e44e5925 100644 --- a/test/e2e/cypress/integration/profiles/recovery/recovery/errors.spec.ts +++ b/test/e2e/cypress/integration/profiles/recovery/recovery/errors.spec.ts @@ -62,9 +62,7 @@ context('Account Recovery Errors', () => { cy.wait(1000) cy.getMail().should((message) => { - expect(message.subject.trim()).to.equal( - 'Recover access to your account' - ) + expect(message.subject).to.equal('Recover access to your account') expect(message.toAddresses[0].trim()).to.equal(identity.email) const link = parseHtml(message.body).querySelector('a') @@ -95,7 +93,7 @@ context('Account Recovery Errors', () => { cy.get('input[name="email"]').should('have.value', email) cy.getMail().should((message) => { - expect(message.subject.trim()).to.equal('Account access attempted') + expect(message.subject).to.equal('Account access attempted') expect(message.fromAddress.trim()).to.equal('no-reply@ory.kratos.sh') expect(message.toAddresses).to.have.length(1) expect(message.toAddresses[0].trim()).to.equal(email) diff --git a/test/e2e/cypress/integration/profiles/verification/verify/errors.spec.ts b/test/e2e/cypress/integration/profiles/verification/verify/errors.spec.ts index ef62e9722119..a9418784b6f7 100644 --- a/test/e2e/cypress/integration/profiles/verification/verify/errors.spec.ts +++ b/test/e2e/cypress/integration/profiles/verification/verify/errors.spec.ts @@ -57,9 +57,7 @@ context('Account Verification Error', () => { cy.shortVerificationLifespan() cy.getMail().then((message) => { - expect(message.subject.trim()).to.equal( - 'Please verify your email address' - ) + expect(message.subject).to.equal('Please verify your email address') expect(message.toAddresses[0].trim()).to.equal(identity.email) const link = parseHtml(message.body).querySelector('a') diff --git a/test/e2e/cypress/support/commands.ts b/test/e2e/cypress/support/commands.ts index c15cef3b6f92..3f3c78b3af6f 100644 --- a/test/e2e/cypress/support/commands.ts +++ b/test/e2e/cypress/support/commands.ts @@ -865,9 +865,7 @@ Cypress.Commands.add( expect: { email, redirectTo } = { email: undefined, redirectTo: undefined } } = {}) => cy.getMail().then((message) => { - expect(message.subject.trim()).to.equal( - 'Please verify your email address' - ) + expect(message.subject).to.equal('Please verify your email address') expect(message.fromAddress.trim()).to.equal('no-reply@ory.kratos.sh') expect(message.toAddresses).to.have.length(1) expect(message.toAddresses[0].trim()).to.equal(email) @@ -904,7 +902,7 @@ Cypress.Commands.add( // Uses the verification email but waits so that it expires Cypress.Commands.add('recoverEmailButExpired', ({ expect: { email } }) => { cy.getMail().should((message) => { - expect(message.subject.trim()).to.equal('Recover access to your account') + expect(message.subject).to.equal('Recover access to your account') expect(message.toAddresses[0].trim()).to.equal(email) const link = parseHtml(message.body).querySelector('a') @@ -919,7 +917,7 @@ Cypress.Commands.add( 'recoverEmail', ({ expect: { email }, shouldVisit = true }) => cy.getMail().should((message) => { - expect(message.subject.trim()).to.equal('Recover access to your account') + expect(message.subject).to.equal('Recover access to your account') expect(message.fromAddress.trim()).to.equal('no-reply@ory.kratos.sh') expect(message.toAddresses).to.have.length(1) expect(message.toAddresses[0].trim()).to.equal(email) @@ -940,9 +938,7 @@ Cypress.Commands.add( 'verifyEmailButExpired', ({ expect: { email, password } }) => cy.getMail().then((message) => { - expect(message.subject.trim()).to.equal( - 'Please verify your email address' - ) + expect(message.subject).to.equal('Please verify your email address') expect(message.fromAddress.trim()).to.equal('no-reply@ory.kratos.sh') expect(message.toAddresses).to.have.length(1) From 99a198d0ac49e72f41ed796d248221d9d96952bb Mon Sep 17 00:00:00 2001 From: ory-bot <60093411+ory-bot@users.noreply.github.com> Date: Wed, 6 Jul 2022 21:07:42 +0000 Subject: [PATCH 126/411] autogen(docs): regenerate and update changelog [skip ci] --- CHANGELOG.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 5c31afe41e11..c5a2fabd025c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,7 +4,7 @@ **Table of Contents** -- [ (2022-07-05)](#2022-07-05) +- [ (2022-07-06)](#2022-07-06) - [Bug Fixes](#bug-fixes) - [Documentation](#documentation) - [Features](#features) @@ -260,7 +260,7 @@ -# [](https://github.com/ory/kratos/compare/v0.10.1...v) (2022-07-05) +# [](https://github.com/ory/kratos/compare/v0.10.1...v) (2022-07-06) ### Bug Fixes @@ -275,6 +275,7 @@ * Add support for verified Graph API calls for facebook oidc provider ([#2547](https://github.com/ory/kratos/issues/2547)) ([1ba7c66](https://github.com/ory/kratos/commit/1ba7c66fc4897b676690f0ac701a0b68aee4f151)) * **identity:** Migrate identity_addresses to lower case ([#2517](https://github.com/ory/kratos/issues/2517)) ([c058e23](https://github.com/ory/kratos/commit/c058e23599d994e12b676e87f7282c1f2b2e089c)), closes [#2426](https://github.com/ory/kratos/issues/2426) * Make ID field in VerifiableAddress struct optional ([#2507](https://github.com/ory/kratos/issues/2507)) ([0844b47](https://github.com/ory/kratos/commit/0844b47c30851c548d46273927afee103cdc0e97)), closes [#2506](https://github.com/ory/kratos/issues/2506) +* Remove newline sign from email subject ([#2576](https://github.com/ory/kratos/issues/2576)) ([ca3d9c2](https://github.com/ory/kratos/commit/ca3d9c24e25ce501e9eae23547f87e1c35b2ea97)) * Return empty array not null when there are no sessions ([#2548](https://github.com/ory/kratos/issues/2548)) ([fffba47](https://github.com/ory/kratos/commit/fffba473440fec3118a3951b697d5a0d2d4e30d6)) ### Documentation From ff6190f31f538cf8ed735dfd1bb3b7afcd944c36 Mon Sep 17 00:00:00 2001 From: Patrik Date: Thu, 7 Jul 2022 12:29:48 +0200 Subject: [PATCH 127/411] fix(sdk): make InputAttributes.Type an enum --- internal/httpclient/api/openapi.yaml | 16 ++++++- .../httpclient/docs/UiNodeInputAttributes.md | 2 +- .../model_ui_node_input_attributes.go | 5 +- selfservice/strategy/password/nodes.go | 2 +- spec/api.json | 20 ++++++-- spec/swagger.json | 20 ++++++-- ui/node/attributes.go | 48 +++++++++---------- ui/node/attributes_input.go | 4 +- 8 files changed, 77 insertions(+), 40 deletions(-) diff --git a/internal/httpclient/api/openapi.yaml b/internal/httpclient/api/openapi.yaml index 29f398d8cea7..a7f0fcd85743 100644 --- a/internal/httpclient/api/openapi.yaml +++ b/internal/httpclient/api/openapi.yaml @@ -5307,8 +5307,6 @@ components: - width title: ImageAttributes represents the attributes of an image node. type: object - uiNodeInputAttributeType: - type: string uiNodeInputAttributes: description: InputAttributes represents the attributes of an input node properties: @@ -5347,6 +5345,20 @@ components: description: Mark this input field as required. type: boolean type: + description: The input's element type. + enum: + - text + - password + - number + - checkbox + - hidden + - email + - tel + - submit + - button + - datetime-local + - date + - url type: string value: description: The input's value. diff --git a/internal/httpclient/docs/UiNodeInputAttributes.md b/internal/httpclient/docs/UiNodeInputAttributes.md index 473dfdb4ba7d..2758b6bbaf83 100644 --- a/internal/httpclient/docs/UiNodeInputAttributes.md +++ b/internal/httpclient/docs/UiNodeInputAttributes.md @@ -12,7 +12,7 @@ Name | Type | Description | Notes **Onclick** | Pointer to **string** | OnClick may contain javascript which should be executed on click. This is primarily used for WebAuthn. | [optional] **Pattern** | Pointer to **string** | The input's pattern. | [optional] **Required** | Pointer to **bool** | Mark this input field as required. | [optional] -**Type** | **string** | | +**Type** | **string** | The input's element type. | **Value** | Pointer to **interface{}** | The input's value. | [optional] ## Methods diff --git a/internal/httpclient/model_ui_node_input_attributes.go b/internal/httpclient/model_ui_node_input_attributes.go index ab320a0265f7..c6def217c1d1 100644 --- a/internal/httpclient/model_ui_node_input_attributes.go +++ b/internal/httpclient/model_ui_node_input_attributes.go @@ -31,8 +31,9 @@ type UiNodeInputAttributes struct { // The input's pattern. Pattern *string `json:"pattern,omitempty"` // Mark this input field as required. - Required *bool `json:"required,omitempty"` - Type string `json:"type"` + Required *bool `json:"required,omitempty"` + // The input's element type. + Type string `json:"type"` // The input's value. Value interface{} `json:"value,omitempty"` } diff --git a/selfservice/strategy/password/nodes.go b/selfservice/strategy/password/nodes.go index 344744448289..1cca69e87efa 100644 --- a/selfservice/strategy/password/nodes.go +++ b/selfservice/strategy/password/nodes.go @@ -5,7 +5,7 @@ import ( "github.com/ory/kratos/ui/node" ) -func NewPasswordNode(name string, autocomplete node.InputAttributeAutocomplete) *node.Node { +func NewPasswordNode(name string, autocomplete node.UiNodeInputAttributeAutocomplete) *node.Node { return node.NewInputField(name, nil, node.PasswordGroup, node.InputAttributeTypePassword, node.WithRequiredInputAttribute, diff --git a/spec/api.json b/spec/api.json index 4223de330915..655b49d177d7 100755 --- a/spec/api.json +++ b/spec/api.json @@ -1982,9 +1982,6 @@ "title": "ImageAttributes represents the attributes of an image node.", "type": "object" }, - "uiNodeInputAttributeType": { - "type": "string" - }, "uiNodeInputAttributes": { "description": "InputAttributes represents the attributes of an input node", "properties": { @@ -2028,7 +2025,22 @@ "type": "boolean" }, "type": { - "$ref": "#/components/schemas/uiNodeInputAttributeType" + "description": "The input's element type.", + "enum": [ + "text", + "password", + "number", + "checkbox", + "hidden", + "email", + "tel", + "submit", + "button", + "datetime-local", + "date", + "url" + ], + "type": "string" }, "value": { "description": "The input's value.", diff --git a/spec/swagger.json b/spec/swagger.json index da091eb1eb87..c69f313284da 100755 --- a/spec/swagger.json +++ b/spec/swagger.json @@ -4195,9 +4195,6 @@ } } }, - "uiNodeInputAttributeType": { - "type": "string" - }, "uiNodeInputAttributes": { "description": "InputAttributes represents the attributes of an input node", "type": "object", @@ -4248,7 +4245,22 @@ "type": "boolean" }, "type": { - "$ref": "#/definitions/uiNodeInputAttributeType" + "description": "The input's element type.", + "type": "string", + "enum": [ + "text", + "password", + "number", + "checkbox", + "hidden", + "email", + "tel", + "submit", + "button", + "datetime-local", + "date", + "url" + ] }, "value": { "description": "The input's value.", diff --git a/ui/node/attributes.go b/ui/node/attributes.go index d57d7a7cfc35..4300d218f233 100644 --- a/ui/node/attributes.go +++ b/ui/node/attributes.go @@ -3,34 +3,34 @@ package node import "github.com/ory/kratos/text" const ( - InputAttributeTypeText InputAttributeType = "text" - InputAttributeTypePassword InputAttributeType = "password" - InputAttributeTypeNumber InputAttributeType = "number" - InputAttributeTypeCheckbox InputAttributeType = "checkbox" - InputAttributeTypeHidden InputAttributeType = "hidden" - InputAttributeTypeEmail InputAttributeType = "email" - InputAttributeTypeTel InputAttributeType = "tel" - InputAttributeTypeSubmit InputAttributeType = "submit" - InputAttributeTypeButton InputAttributeType = "button" - InputAttributeTypeDateTimeLocal InputAttributeType = "datetime-local" - InputAttributeTypeDate InputAttributeType = "date" - InputAttributeTypeURI InputAttributeType = "url" + InputAttributeTypeText UiNodeInputAttributeType = "text" + InputAttributeTypePassword UiNodeInputAttributeType = "password" + InputAttributeTypeNumber UiNodeInputAttributeType = "number" + InputAttributeTypeCheckbox UiNodeInputAttributeType = "checkbox" + InputAttributeTypeHidden UiNodeInputAttributeType = "hidden" + InputAttributeTypeEmail UiNodeInputAttributeType = "email" + InputAttributeTypeTel UiNodeInputAttributeType = "tel" + InputAttributeTypeSubmit UiNodeInputAttributeType = "submit" + InputAttributeTypeButton UiNodeInputAttributeType = "button" + InputAttributeTypeDateTimeLocal UiNodeInputAttributeType = "datetime-local" + InputAttributeTypeDate UiNodeInputAttributeType = "date" + InputAttributeTypeURI UiNodeInputAttributeType = "url" ) const ( - InputAttributeAutocompleteEmail InputAttributeAutocomplete = "email" - InputAttributeAutocompleteTel InputAttributeAutocomplete = "tel" - InputAttributeAutocompleteUrl InputAttributeAutocomplete = "url" - InputAttributeAutocompleteCurrentPassword InputAttributeAutocomplete = "current-password" - InputAttributeAutocompleteNewPassword InputAttributeAutocomplete = "new-password" - InputAttributeAutocompleteOneTimeCode InputAttributeAutocomplete = "one-time-code" + InputAttributeAutocompleteEmail UiNodeInputAttributeAutocomplete = "email" + InputAttributeAutocompleteTel UiNodeInputAttributeAutocomplete = "tel" + InputAttributeAutocompleteUrl UiNodeInputAttributeAutocomplete = "url" + InputAttributeAutocompleteCurrentPassword UiNodeInputAttributeAutocomplete = "current-password" + InputAttributeAutocompleteNewPassword UiNodeInputAttributeAutocomplete = "new-password" + InputAttributeAutocompleteOneTimeCode UiNodeInputAttributeAutocomplete = "one-time-code" ) -// swagger:model uiNodeInputAttributeType -type InputAttributeType string +// swagger:enum UiNodeInputAttributeType +type UiNodeInputAttributeType string -// swagger:enum InputAttributeAutocomplete -type InputAttributeAutocomplete string +// swagger:enum UiNodeInputAttributeAutocomplete +type UiNodeInputAttributeAutocomplete string // Attributes represents a list of attributes (e.g. `href="foo"` for links). // @@ -64,7 +64,7 @@ type InputAttributes struct { // The input's element type. // // required: true - Type InputAttributeType `json:"type" faker:"-"` + Type UiNodeInputAttributeType `json:"type" faker:"-"` // The input's value. FieldValue interface{} `json:"value,omitempty" faker:"string"` @@ -73,7 +73,7 @@ type InputAttributes struct { Required bool `json:"required,omitempty"` // The autocomplete attribute for the input. - Autocomplete InputAttributeAutocomplete `json:"autocomplete,omitempty"` + Autocomplete UiNodeInputAttributeAutocomplete `json:"autocomplete,omitempty"` // The input's label text. Label *text.Message `json:"label,omitempty"` diff --git a/ui/node/attributes_input.go b/ui/node/attributes_input.go index 5e5e05882323..27729897cf9e 100644 --- a/ui/node/attributes_input.go +++ b/ui/node/attributes_input.go @@ -10,7 +10,7 @@ import ( const DisableFormField = "disableFormField" -func toFormType(n string, i interface{}) InputAttributeType { +func toFormType(n string, i interface{}) UiNodeInputAttributeType { switch n { case x.CSRFTokenName: return InputAttributeTypeHidden @@ -89,7 +89,7 @@ func NewInputFieldFromJSON(name string, value interface{}, group UiNodeGroup, op } } -func NewInputField(name string, value interface{}, group UiNodeGroup, inputType InputAttributeType, opts ...InputAttributesModifier) *Node { +func NewInputField(name string, value interface{}, group UiNodeGroup, inputType UiNodeInputAttributeType, opts ...InputAttributesModifier) *Node { return &Node{ Type: Input, Group: group, From 01abc2c283412f930a54d7a730ab0e4a81a8455a Mon Sep 17 00:00:00 2001 From: Patrik Date: Thu, 7 Jul 2022 13:07:41 +0200 Subject: [PATCH 128/411] ci: add `sdk` scope to conventional commits --- .github/workflows/conventional_commits.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/conventional_commits.yml b/.github/workflows/conventional_commits.yml index 9d92dcb88846..58a6f83cb31a 100644 --- a/.github/workflows/conventional_commits.yml +++ b/.github/workflows/conventional_commits.yml @@ -39,6 +39,7 @@ jobs: keto kratos stats + sdk requireScope: false From d2d43219da706e2d905b972ef88601540231fd10 Mon Sep 17 00:00:00 2001 From: Patrik Date: Thu, 7 Jul 2022 13:08:07 +0200 Subject: [PATCH 129/411] ci: bump dockle action --- .github/workflows/cve-scan.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/cve-scan.yaml b/.github/workflows/cve-scan.yaml index 22a168af946d..b6f169ebc6b4 100644 --- a/.github/workflows/cve-scan.yaml +++ b/.github/workflows/cve-scan.yaml @@ -56,7 +56,7 @@ jobs: vuln-type: 'os,library' severity: 'CRITICAL,HIGH' - name: Dockle Linter - uses: erzz/dockle-action@v1.1.1 + uses: erzz/dockle-action@v1.3.1 if: ${{ always() }} with: image: oryd/kratos:${{ steps.vars.outputs.sha_short }} From 34543f3aafd41fdba0644e5452224fa46cc859c3 Mon Sep 17 00:00:00 2001 From: Patrik Date: Thu, 7 Jul 2022 13:41:56 +0200 Subject: [PATCH 130/411] ci: fix codecov config - properly ignore non-production code - set 1% failure threshold --- codecov.yml | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/codecov.yml b/codecov.yml index 550fa06fdbf7..6cff703b7547 100644 --- a/codecov.yml +++ b/codecov.yml @@ -1,6 +1,10 @@ -codecov: - ignore: - - "test" - - "internal" - - "docs" - - "contrib" +coverage: + status: + project: + default: + threshold: 1% +ignore: + - "test" + - "internal" + - "docs" + - "contrib" From c8805b640323118f94c81fb0fc152e8f95d628f5 Mon Sep 17 00:00:00 2001 From: ory-bot <60093411+ory-bot@users.noreply.github.com> Date: Thu, 7 Jul 2022 12:42:08 +0000 Subject: [PATCH 131/411] autogen(docs): regenerate and update changelog [skip ci] --- CHANGELOG.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index c5a2fabd025c..bbc9ded2fe29 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,7 +4,7 @@ **Table of Contents** -- [ (2022-07-06)](#2022-07-06) +- [ (2022-07-07)](#2022-07-07) - [Bug Fixes](#bug-fixes) - [Documentation](#documentation) - [Features](#features) @@ -260,7 +260,7 @@ -# [](https://github.com/ory/kratos/compare/v0.10.1...v) (2022-07-06) +# [](https://github.com/ory/kratos/compare/v0.10.1...v) (2022-07-07) ### Bug Fixes @@ -277,6 +277,7 @@ * Make ID field in VerifiableAddress struct optional ([#2507](https://github.com/ory/kratos/issues/2507)) ([0844b47](https://github.com/ory/kratos/commit/0844b47c30851c548d46273927afee103cdc0e97)), closes [#2506](https://github.com/ory/kratos/issues/2506) * Remove newline sign from email subject ([#2576](https://github.com/ory/kratos/issues/2576)) ([ca3d9c2](https://github.com/ory/kratos/commit/ca3d9c24e25ce501e9eae23547f87e1c35b2ea97)) * Return empty array not null when there are no sessions ([#2548](https://github.com/ory/kratos/issues/2548)) ([fffba47](https://github.com/ory/kratos/commit/fffba473440fec3118a3951b697d5a0d2d4e30d6)) +* **sdk:** Make InputAttributes.Type an enum ([ff6190f](https://github.com/ory/kratos/commit/ff6190f31f538cf8ed735dfd1bb3b7afcd944c36)) ### Documentation From 49540dd650dae3465fdc3b3fb9dd9d77eff2db34 Mon Sep 17 00:00:00 2001 From: aeneasr <3372410+aeneasr@users.noreply.github.com> Date: Mon, 11 Jul 2022 08:51:43 +0000 Subject: [PATCH 132/411] chore: update repository templates [skip ci] - updated repository templates to https://github.com/ory/meta/commit/44cf1a812de176ad5c6923a9cae7edc5195ced0d --- .github/workflows/conventional_commits.yml | 1 - README.md | 6 ++++++ package-lock.json | 2 +- 3 files changed, 7 insertions(+), 2 deletions(-) diff --git a/.github/workflows/conventional_commits.yml b/.github/workflows/conventional_commits.yml index 58a6f83cb31a..9d92dcb88846 100644 --- a/.github/workflows/conventional_commits.yml +++ b/.github/workflows/conventional_commits.yml @@ -39,7 +39,6 @@ jobs: keto kratos stats - sdk requireScope: false diff --git a/README.md b/README.md index 9977abcca3f4..9619c3dfe911 100644 --- a/README.md +++ b/README.md @@ -288,6 +288,12 @@ that your company deserves a spot here, reach out to + + + + + +
Buhta buhta.com
Adopter *ConnctdConnctdconnctd.com
diff --git a/package-lock.json b/package-lock.json index 30008d72539e..1f443c4dcdc8 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,5 +1,5 @@ { - "name": "tmp.ov3w04WRtE", + "name": "tmp.GfwTlCXnLq", "lockfileVersion": 2, "requires": true, "packages": { From f09b1b3701c6deda4d25cebb7ccf2e97089be32a Mon Sep 17 00:00:00 2001 From: Sergey Plaunov Date: Tue, 12 Jul 2022 09:47:09 +0300 Subject: [PATCH 133/411] feat: add identity id to "account disabled" error (#2557) --- selfservice/strategy/link/strategy_recovery_test.go | 4 ++-- session/session.go | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/selfservice/strategy/link/strategy_recovery_test.go b/selfservice/strategy/link/strategy_recovery_test.go index 8d47dc9036f6..ea902faa2591 100644 --- a/selfservice/strategy/link/strategy_recovery_test.go +++ b/selfservice/strategy/link/strategy_recovery_test.go @@ -402,11 +402,11 @@ func TestRecovery(t *testing.T) { if isAPI { assert.Equal(t, http.StatusUnauthorized, res.StatusCode) assert.Contains(t, res.Request.URL.String(), public.URL+recovery.RouteSubmitFlow) - assertx.EqualAsJSON(t, session.ErrIdentityDisabled, json.RawMessage(gjson.GetBytes(body, "error").Raw), "%s", body) + assertx.EqualAsJSON(t, session.ErrIdentityDisabled.WithDetail("identity_id", addr.IdentityID), json.RawMessage(gjson.GetBytes(body, "error").Raw), "%s", body) } else { assert.Equal(t, http.StatusOK, res.StatusCode) assert.Contains(t, res.Request.URL.String(), conf.SelfServiceFlowErrorURL().String()) - assertx.EqualAsJSON(t, session.ErrIdentityDisabled, json.RawMessage(body), "%s", body) + assertx.EqualAsJSON(t, session.ErrIdentityDisabled.WithDetail("identity_id", addr.IdentityID), json.RawMessage(body), "%s", body) } } diff --git a/session/session.go b/session/session.go index ee3e9b0d87ff..e65ade74a83d 100644 --- a/session/session.go +++ b/session/session.go @@ -170,7 +170,7 @@ func NewInactiveSession() *Session { func (s *Session) Activate(i *identity.Identity, c lifespanProvider, authenticatedAt time.Time) error { if i != nil && !i.IsActive() { - return ErrIdentityDisabled + return ErrIdentityDisabled.WithDetail("identity_id", i.ID) } s.Active = true From f43396bdc03f89812f026c2a94b0b50100134c23 Mon Sep 17 00:00:00 2001 From: Sergey Plaunov Date: Tue, 12 Jul 2022 11:03:14 +0300 Subject: [PATCH 134/411] fix: unable to find JSON Schema ID: default (#2393) --- identity/manager.go | 7 +++++++ identity/manager_test.go | 23 +++++++++++++++++++++++ 2 files changed, 30 insertions(+) diff --git a/identity/manager.go b/identity/manager.go index 0d0d6cb7e1e2..1401b3b137cf 100644 --- a/identity/manager.go +++ b/identity/manager.go @@ -4,6 +4,8 @@ import ( "context" "reflect" + "github.com/ory/kratos/driver/config" + "github.com/gofrs/uuid" "github.com/mohae/deepcopy" @@ -21,6 +23,7 @@ var ErrProtectedFieldModified = herodot.ErrForbidden. type ( managerDependencies interface { + config.Provider PoolProvider courier.Provider ValidationProvider @@ -62,6 +65,10 @@ func newManagerOptions(opts []ManagerOption) *managerOptions { } func (m *Manager) Create(ctx context.Context, i *Identity, opts ...ManagerOption) error { + if i.SchemaID == "" { + i.SchemaID = m.r.Config(ctx).DefaultIdentityTraitsSchemaID() + } + o := newManagerOptions(opts) if err := m.validate(ctx, i, o); err != nil { return err diff --git a/identity/manager_test.go b/identity/manager_test.go index 70037d24c408..776aa1bbd907 100644 --- a/identity/manager_test.go +++ b/identity/manager_test.go @@ -4,6 +4,9 @@ import ( "context" "fmt" "testing" + "time" + + "github.com/ory/x/sqlxx" "github.com/ory/kratos/internal/testhelpers" @@ -250,3 +253,23 @@ func TestManager(t *testing.T) { }) }) } + +func TestManagerNoDefaultNamedSchema(t *testing.T) { + conf, reg := internal.NewFastRegistryWithMocks(t) + conf.MustSet(config.ViperKeyDefaultIdentitySchemaID, "user_v0") + conf.MustSet(config.ViperKeyIdentitySchemas, config.Schemas{ + {ID: "user_v0", URL: "file://./stub/manager.schema.json"}, + }) + conf.MustSet(config.ViperKeyPublicBaseURL, "https://www.ory.sh/") + + t.Run("case=should create identity with default schema", func(t *testing.T) { + stateChangedAt := sqlxx.NullTime(time.Now().UTC()) + original := &identity.Identity{ + SchemaID: "", + Traits: []byte(identity.Traits(`{"email":"foo@ory.sh"}`)), + State: identity.StateActive, + StateChangedAt: &stateChangedAt, + } + require.NoError(t, reg.IdentityManager().Create(context.Background(), original)) + }) +} From 26f2618bf7b0d49491cbdfaffb816fec1509f6d4 Mon Sep 17 00:00:00 2001 From: ory-bot <60093411+ory-bot@users.noreply.github.com> Date: Tue, 12 Jul 2022 08:44:39 +0000 Subject: [PATCH 135/411] autogen(docs): regenerate and update changelog [skip ci] --- CHANGELOG.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index bbc9ded2fe29..2a64e83c0178 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,7 +4,7 @@ **Table of Contents** -- [ (2022-07-07)](#2022-07-07) +- [ (2022-07-12)](#2022-07-12) - [Bug Fixes](#bug-fixes) - [Documentation](#documentation) - [Features](#features) @@ -260,7 +260,7 @@ -# [](https://github.com/ory/kratos/compare/v0.10.1...v) (2022-07-07) +# [](https://github.com/ory/kratos/compare/v0.10.1...v) (2022-07-12) ### Bug Fixes @@ -278,6 +278,7 @@ * Remove newline sign from email subject ([#2576](https://github.com/ory/kratos/issues/2576)) ([ca3d9c2](https://github.com/ory/kratos/commit/ca3d9c24e25ce501e9eae23547f87e1c35b2ea97)) * Return empty array not null when there are no sessions ([#2548](https://github.com/ory/kratos/issues/2548)) ([fffba47](https://github.com/ory/kratos/commit/fffba473440fec3118a3951b697d5a0d2d4e30d6)) * **sdk:** Make InputAttributes.Type an enum ([ff6190f](https://github.com/ory/kratos/commit/ff6190f31f538cf8ed735dfd1bb3b7afcd944c36)) +* Unable to find JSON Schema ID: default ([#2393](https://github.com/ory/kratos/issues/2393)) ([f43396b](https://github.com/ory/kratos/commit/f43396bdc03f89812f026c2a94b0b50100134c23)) ### Documentation @@ -292,6 +293,7 @@ * Add autocomplete attributes ([#2523](https://github.com/ory/kratos/issues/2523)) ([6284a9a](https://github.com/ory/kratos/commit/6284a9a5152924018d85f306e5758e9d8d759283)), closes [#2396](https://github.com/ory/kratos/issues/2396) * Add codecov yaml ([90da0bb](https://github.com/ory/kratos/commit/90da0bb4aeb50ed697c998342300cc56de5d5e1c)) * Add DingTalk social login ([#2494](https://github.com/ory/kratos/issues/2494)) ([7b966bd](https://github.com/ory/kratos/commit/7b966bd16333f419b2a57f2a0b8684d6d86b34e6)) +* Add identity id to "account disabled" error ([#2557](https://github.com/ory/kratos/issues/2557)) ([f09b1b3](https://github.com/ory/kratos/commit/f09b1b3701c6deda4d25cebb7ccf2e97089be32a)) * **cli:** Helper for cleaning up stale records ([#2406](https://github.com/ory/kratos/issues/2406)) ([29d6376](https://github.com/ory/kratos/commit/29d6376e22e4de617ec63ca0a5dcb4dbf34c7c37)), closes [#952](https://github.com/ory/kratos/issues/952) * Handler for update API with credentials ([#2423](https://github.com/ory/kratos/issues/2423)) ([561187d](https://github.com/ory/kratos/commit/561187dafe2fea324d55c4efe3ffa6b65f9bed72)), closes [#2334](https://github.com/ory/kratos/issues/2334) From aa6eb13c1c42c11354074553fac9c90ee0a8999e Mon Sep 17 00:00:00 2001 From: JeffreyThijs Date: Wed, 13 Jul 2022 18:20:22 +0200 Subject: [PATCH 136/411] feat: allow setting public and admin metadata with the jsonnet data mapper (#2569) Closes #2552 Co-authored-by: aeneasr <3372410+aeneasr@users.noreply.github.com> --- .../strategy/oidc/strategy_helper_test.go | 21 ++- .../strategy/oidc/strategy_registration.go | 136 ++++++++++++------ .../strategy/oidc/strategy_settings_test.go | 4 +- selfservice/strategy/oidc/strategy_test.go | 25 ++-- .../strategy/oidc/stub/oidc.hydra.jsonnet | 6 + .../oidc/stub/registration.schema.json | 16 +++ 6 files changed, 148 insertions(+), 60 deletions(-) diff --git a/selfservice/strategy/oidc/strategy_helper_test.go b/selfservice/strategy/oidc/strategy_helper_test.go index 974d1e7d9ee4..6190b44eaf39 100644 --- a/selfservice/strategy/oidc/strategy_helper_test.go +++ b/selfservice/strategy/oidc/strategy_helper_test.go @@ -34,6 +34,18 @@ import ( "github.com/ory/x/urlx" ) +type idTokenClaims struct { + traits struct { + website string + } + metadataPublic struct { + picture string + } + metadataAdmin struct { + phoneNumber string + } +} + func createClient(t *testing.T, remote string, redir, id string) { require.NoError(t, resilience.Retry(logrusx.New("", ""), time.Second*10, time.Minute*2, func() error { if req, err := http.NewRequest("DELETE", remote+"/clients/"+id, nil); err != nil { @@ -72,7 +84,7 @@ func createClient(t *testing.T, remote string, redir, id string) { })) } -func newHydraIntegration(t *testing.T, remote *string, subject, website *string, scope *[]string, addr string) (*http.Server, string) { +func newHydraIntegration(t *testing.T, remote *string, subject *string, claims *idTokenClaims, scope *[]string, addr string) (*http.Server, string) { router := httprouter.New() type p struct { @@ -125,7 +137,8 @@ func newHydraIntegration(t *testing.T, remote *string, subject, website *string, require.NotEmpty(t, challenge) var b bytes.Buffer - require.NoError(t, json.NewEncoder(&b).Encode(&p{GrantScope: *scope, Session: json.RawMessage(`{"id_token":{"website":"` + *website + `"}}`)})) + var msg = `{"id_token":{"website":"` + claims.traits.website + `","picture":"` + *&claims.metadataPublic.picture + `","phone_number":"` + *&claims.metadataAdmin.phoneNumber + `"}}` + require.NoError(t, json.NewEncoder(&b).Encode(&p{GrantScope: *scope, Session: json.RawMessage(msg)})) href := urlx.MustJoin(*remote, "/oauth2/auth/requests/consent/accept") + "?consent_challenge=" + challenge do(w, r, href, &b) }) @@ -187,11 +200,11 @@ func newUI(t *testing.T, reg driver.Registry) *httptest.Server { return ts } -func newHydra(t *testing.T, subject, website *string, scope *[]string) (remoteAdmin, remotePublic, hydraIntegrationTSURL string) { +func newHydra(t *testing.T, subject *string, claims *idTokenClaims, scope *[]string) (remoteAdmin, remotePublic, hydraIntegrationTSURL string) { remoteAdmin = os.Getenv("TEST_SELFSERVICE_OIDC_HYDRA_ADMIN") remotePublic = os.Getenv("TEST_SELFSERVICE_OIDC_HYDRA_PUBLIC") - hydraIntegrationTS, hydraIntegrationTSURL := newHydraIntegration(t, &remoteAdmin, subject, website, scope, os.Getenv("TEST_SELFSERVICE_OIDC_HYDRA_INTEGRATION_ADDR")) + hydraIntegrationTS, hydraIntegrationTSURL := newHydraIntegration(t, &remoteAdmin, subject, claims, scope, os.Getenv("TEST_SELFSERVICE_OIDC_HYDRA_INTEGRATION_ADDR")) t.Cleanup(func() { require.NoError(t, hydraIntegrationTS.Close()) }) diff --git a/selfservice/strategy/oidc/strategy_registration.go b/selfservice/strategy/oidc/strategy_registration.go index ec4b63eb0d22..460f12248be7 100644 --- a/selfservice/strategy/oidc/strategy_registration.go +++ b/selfservice/strategy/oidc/strategy_registration.go @@ -6,8 +6,13 @@ import ( "net/http" "time" + "github.com/ory/herodot" + + "github.com/google/go-jsonnet" + "github.com/ory/x/fetcher" + "github.com/tidwall/gjson" "github.com/tidwall/sjson" "github.com/ory/x/decoderx" @@ -22,9 +27,6 @@ import ( "github.com/ory/kratos/continuity" - "github.com/google/go-jsonnet" - "github.com/tidwall/gjson" - "github.com/ory/kratos/identity" "github.com/ory/kratos/selfservice/flow" "github.com/ory/kratos/selfservice/flow/registration" @@ -33,6 +35,13 @@ import ( var _ registration.Strategy = new(Strategy) +type MetadataType string + +const ( + PublicMetadata MetadataType = "identity.metadata_public" + AdminMetadata MetadataType = "identity.metadata_admin" +) + func (s *Strategy) RegisterRegistrationRoutes(r *x.RouterPublic) { s.setRoutes(r) } @@ -186,29 +195,70 @@ func (s *Strategy) processRegistration(w http.ResponseWriter, r *http.Request, a return nil, s.handleError(w, r, a, provider.Config().ID, nil, err) } + i, err := s.createIdentity(w, r, a, claims, provider, container, jn) + if err != nil { + return nil, s.handleError(w, r, a, provider.Config().ID, i.Traits, err) + } + + // Validate the identity itself + if err := s.d.IdentityValidator().Validate(r.Context(), i); err != nil { + return nil, s.handleError(w, r, a, provider.Config().ID, i.Traits, err) + } + + var it string + if idToken, ok := token.Extra("id_token").(string); ok { + if it, err = s.d.Cipher().Encrypt(r.Context(), []byte(idToken)); err != nil { + return nil, s.handleError(w, r, a, provider.Config().ID, i.Traits, err) + } + } + + cat, err := s.d.Cipher().Encrypt(r.Context(), []byte(token.AccessToken)) + if err != nil { + return nil, s.handleError(w, r, a, provider.Config().ID, i.Traits, err) + } + + crt, err := s.d.Cipher().Encrypt(r.Context(), []byte(token.RefreshToken)) + if err != nil { + return nil, s.handleError(w, r, a, provider.Config().ID, i.Traits, err) + } + + creds, err := identity.NewCredentialsOIDC(it, cat, crt, provider.Config().ID, claims.Subject) + if err != nil { + return nil, s.handleError(w, r, a, provider.Config().ID, i.Traits, err) + } + + i.SetCredentials(s.ID(), *creds) + if err := s.d.RegistrationExecutor().PostRegistrationHook(w, r, identity.CredentialsTypeOIDC, a, i); err != nil { + return nil, s.handleError(w, r, a, provider.Config().ID, i.Traits, err) + } + + return nil, nil +} + +func (s *Strategy) createIdentity(w http.ResponseWriter, r *http.Request, a *registration.Flow, claims *Claims, provider Provider, container *authCodeContainer, jn *bytes.Buffer) (*identity.Identity, error) { var jsonClaims bytes.Buffer if err := json.NewEncoder(&jsonClaims).Encode(claims); err != nil { return nil, s.handleError(w, r, a, provider.Config().ID, nil, err) } - i := identity.NewIdentity(s.d.Config(r.Context()).DefaultIdentityTraitsSchemaID()) - vm := jsonnet.MakeVM() vm.ExtCode("claims", jsonClaims.String()) evaluated, err := vm.EvaluateAnonymousSnippet(provider.Config().Mapper, jn.String()) if err != nil { return nil, s.handleError(w, r, a, provider.Config().ID, nil, err) - } else if traits := gjson.Get(evaluated, "identity.traits"); !traits.IsObject() { - i.Traits = []byte{'{', '}'} - s.d.Logger(). - WithRequest(r). - WithField("oidc_provider", provider.Config().ID). - WithSensitiveField("oidc_claims", claims). - WithField("mapper_jsonnet_output", evaluated). - WithField("mapper_jsonnet_url", provider.Config().Mapper). - Error("OpenID Connect Jsonnet mapper did not return an object for key identity.traits. Please check your Jsonnet code!") - } else { - i.Traits = []byte(traits.Raw) + } + + i := identity.NewIdentity(s.d.Config(r.Context()).DefaultIdentityTraitsSchemaID()) + if err := s.setTraits(w, r, a, claims, provider, container, evaluated, i); err != nil { + return nil, s.handleError(w, r, a, provider.Config().ID, i.Traits, err) + } + + if err := s.setMetadata(evaluated, i, PublicMetadata); err != nil { + return nil, s.handleError(w, r, a, provider.Config().ID, i.Traits, err) + } + + if err := s.setMetadata(evaluated, i, AdminMetadata); err != nil { + return nil, s.handleError(w, r, a, provider.Config().ID, i.Traits, err) } s.d.Logger(). @@ -218,12 +268,21 @@ func (s *Strategy) processRegistration(w http.ResponseWriter, r *http.Request, a WithSensitiveField("mapper_jsonnet_output", evaluated). WithField("mapper_jsonnet_url", provider.Config().Mapper). Debug("OpenID Connect Jsonnet mapper completed.") + return i, nil +} - i.Traits, err = merge(container.Traits, json.RawMessage(i.Traits)) +func (s *Strategy) setTraits(w http.ResponseWriter, r *http.Request, a *registration.Flow, claims *Claims, provider Provider, container *authCodeContainer, evaluated string, i *identity.Identity) error { + jsonTraits := gjson.Get(evaluated, "identity.traits") + if !jsonTraits.IsObject() { + return errors.WithStack(herodot.ErrInternalServerError.WithReasonf("OpenID Connect Jsonnet mapper did not return an object for key identity.traits. Please check your Jsonnet code!")) + } + + traits, err := merge(container.Traits, json.RawMessage(jsonTraits.Raw)) if err != nil { - return nil, s.handleError(w, r, a, provider.Config().ID, nil, err) + return s.handleError(w, r, a, provider.Config().ID, nil, err) } + i.Traits = traits s.d.Logger(). WithRequest(r). WithField("oidc_provider", provider.Config().ID). @@ -231,38 +290,25 @@ func (s *Strategy) processRegistration(w http.ResponseWriter, r *http.Request, a WithSensitiveField("mapper_jsonnet_output", evaluated). WithField("mapper_jsonnet_url", provider.Config().Mapper). Debug("Merged form values and OpenID Connect Jsonnet output.") + return nil +} - // Validate the identity itself - if err := s.d.IdentityValidator().Validate(r.Context(), i); err != nil { - return nil, s.handleError(w, r, a, provider.Config().ID, i.Traits, err) - } - - var it string - if idToken, ok := token.Extra("id_token").(string); ok { - if it, err = s.d.Cipher().Encrypt(r.Context(), []byte(idToken)); err != nil { - return nil, s.handleError(w, r, a, provider.Config().ID, i.Traits, err) - } - } - - cat, err := s.d.Cipher().Encrypt(r.Context(), []byte(token.AccessToken)) - if err != nil { - return nil, s.handleError(w, r, a, provider.Config().ID, i.Traits, err) - } - - crt, err := s.d.Cipher().Encrypt(r.Context(), []byte(token.RefreshToken)) - if err != nil { - return nil, s.handleError(w, r, a, provider.Config().ID, i.Traits, err) +func (s *Strategy) setMetadata(evaluated string, i *identity.Identity, m MetadataType) error { + if m != PublicMetadata && m != AdminMetadata { + return errors.Errorf("undefined metadata type: %s", m) } - creds, err := identity.NewCredentialsOIDC(it, cat, crt, provider.Config().ID, claims.Subject) - if err != nil { - return nil, s.handleError(w, r, a, provider.Config().ID, i.Traits, err) + metadata := gjson.Get(evaluated, string(m)) + if !metadata.IsObject() { + return errors.WithStack(herodot.ErrInternalServerError.WithReasonf("OpenID Connect Jsonnet mapper did not return an object for key %s. Please check your Jsonnet code!", m)) } - i.SetCredentials(s.ID(), *creds) - if err := s.d.RegistrationExecutor().PostRegistrationHook(w, r, identity.CredentialsTypeOIDC, a, i); err != nil { - return nil, s.handleError(w, r, a, provider.Config().ID, i.Traits, err) + switch m { + case PublicMetadata: + i.MetadataPublic = []byte(metadata.Raw) + case AdminMetadata: + i.MetadataAdmin = []byte(metadata.Raw) } - return nil, nil + return nil } diff --git a/selfservice/strategy/oidc/strategy_settings_test.go b/selfservice/strategy/oidc/strategy_settings_test.go index f809d55009e8..0f2a2f98b989 100644 --- a/selfservice/strategy/oidc/strategy_settings_test.go +++ b/selfservice/strategy/oidc/strategy_settings_test.go @@ -49,11 +49,11 @@ func TestSettingsStrategy(t *testing.T) { var ( conf, reg = internal.NewFastRegistryWithMocks(t) subject string - website string + claims idTokenClaims scope []string ) - remoteAdmin, remotePublic, _ := newHydra(t, &subject, &website, &scope) + remoteAdmin, remotePublic, _ := newHydra(t, &subject, &claims, &scope) uiTS := newUI(t, reg) errTS := testhelpers.NewErrorTestServer(t, reg) publicTS, adminTS := testhelpers.NewKratosServers(t) diff --git a/selfservice/strategy/oidc/strategy_test.go b/selfservice/strategy/oidc/strategy_test.go index 737d135a7f12..bfc196492457 100644 --- a/selfservice/strategy/oidc/strategy_test.go +++ b/selfservice/strategy/oidc/strategy_test.go @@ -53,12 +53,13 @@ func TestStrategy(t *testing.T) { } var ( - conf, reg = internal.NewFastRegistryWithMocks(t) - subject, website string - scope []string + conf, reg = internal.NewFastRegistryWithMocks(t) + subject string + claims idTokenClaims + scope []string ) - remoteAdmin, remotePublic, hydraIntegrationTSURL := newHydra(t, &subject, &website, &scope) + remoteAdmin, remotePublic, hydraIntegrationTSURL := newHydra(t, &subject, &claims, &scope) returnTS := newReturnTs(t, reg) uiTS := newUI(t, reg) errTS := testhelpers.NewErrorTestServer(t, reg) @@ -176,6 +177,8 @@ func TestStrategy(t *testing.T) { var ai = func(t *testing.T, res *http.Response, body []byte) { assert.Contains(t, res.Request.URL.String(), returnTS.URL) assert.Equal(t, subject, gjson.GetBytes(body, "identity.traits.subject").String(), "%s", body) + assert.Equal(t, claims.traits.website, gjson.GetBytes(body, "identity.traits.website").String(), "%s", body) + assert.Equal(t, claims.metadataPublic.picture, gjson.GetBytes(body, "identity.metadata_public.picture").String(), "%s", body) } var newLoginFlow = func(t *testing.T, redirectTo string, exp time.Duration) (req *login.Flow) { @@ -386,7 +389,10 @@ func TestStrategy(t *testing.T) { t.Run("case=register, merge, and complete data", func(t *testing.T) { subject = "incomplete-data@ory.sh" scope = []string{"openid"} - website = "https://www.ory.sh/kratos" + claims = idTokenClaims{} + claims.traits.website = "https://www.ory.sh/kratos" + claims.metadataPublic.picture = "picture.png" + claims.metadataAdmin.phoneNumber = "911" t.Run("case=should fail registration on first attempt", func(t *testing.T) { r := newRegistrationFlow(t, returnTS.URL, time.Minute) @@ -649,13 +655,14 @@ func TestDisabledEndpoint(t *testing.T) { func TestPostEndpointRedirect(t *testing.T) { var ( - conf, reg = internal.NewFastRegistryWithMocks(t) - subject, website string - scope []string + conf, reg = internal.NewFastRegistryWithMocks(t) + subject string + claims idTokenClaims + scope []string ) testhelpers.StrategyEnable(t, conf, identity.CredentialsTypeOIDC.String(), true) - remoteAdmin, remotePublic, _ := newHydra(t, &subject, &website, &scope) + remoteAdmin, remotePublic, _ := newHydra(t, &subject, &claims, &scope) publicTS, adminTS := testhelpers.NewKratosServers(t) diff --git a/selfservice/strategy/oidc/stub/oidc.hydra.jsonnet b/selfservice/strategy/oidc/stub/oidc.hydra.jsonnet index ced6a0226319..fddb99eae77a 100644 --- a/selfservice/strategy/oidc/stub/oidc.hydra.jsonnet +++ b/selfservice/strategy/oidc/stub/oidc.hydra.jsonnet @@ -9,5 +9,11 @@ else subject: claims.sub, [if "website" in claims then "website" else null]: claims.website, }, + metadata_public: { + [if "picture" in claims then "picture" else null]: claims.picture, + }, + metadata_admin: { + [if "phone_number" in claims then "phone_number" else null]: claims.phone_number, + } }, } diff --git a/selfservice/strategy/oidc/stub/registration.schema.json b/selfservice/strategy/oidc/stub/registration.schema.json index f7a4929140b0..f97ef53f501e 100644 --- a/selfservice/strategy/oidc/stub/registration.schema.json +++ b/selfservice/strategy/oidc/stub/registration.schema.json @@ -30,6 +30,22 @@ "required": [ "subject" ] + }, + "metadata_public": { + "type": "object", + "properties": { + "picture": { + "type": "string" + } + } + }, + "metadata_admin": { + "type": "object", + "properties": { + "phone_number": { + "type": "string" + } + } } }, "additionalProperties": false From f89d2794d8a2122e3f86eeb8aa5d554da32e753e Mon Sep 17 00:00:00 2001 From: hackerman <3372410+aeneasr@users.noreply.github.com> Date: Sat, 16 Jul 2022 10:20:58 +0200 Subject: [PATCH 137/411] docs(sdk): identifier is actually required (#2593) --- selfservice/strategy/webauthn/login.go | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/selfservice/strategy/webauthn/login.go b/selfservice/strategy/webauthn/login.go index a61a51fff55c..f7188dfb2a6f 100644 --- a/selfservice/strategy/webauthn/login.go +++ b/selfservice/strategy/webauthn/login.go @@ -170,9 +170,9 @@ func (s *Strategy) handleLoginError(r *http.Request, f *login.Flow, err error) e // // swagger:model submitSelfServiceLoginFlowWithWebAuthnMethodBody type submitSelfServiceLoginFlowWithWebAuthnMethodBody struct { - // Identifier is the email or username of the user trying to log in. This field is - // only required when using WebAuthn for passwordless login. When using WebAuthn - // for multi-factor authentication, it is not needed. + // Identifier is the email or username of the user trying to log in. + // + // required: true Identifier string `json:"identifier"` // Method should be set to "webAuthn" when logging in using the WebAuthn strategy. From 0860ef366199cf70e074ec86420333eb112b4dda Mon Sep 17 00:00:00 2001 From: ory-bot <60093411+ory-bot@users.noreply.github.com> Date: Sat, 16 Jul 2022 08:22:34 +0000 Subject: [PATCH 138/411] autogen(openapi): regenerate swagger spec and internal client [skip ci] --- internal/httpclient/api/openapi.yaml | 7 ++-- .../docs/SubmitSelfServiceLoginFlowBody.md | 2 +- ...fServiceLoginFlowWithWebAuthnMethodBody.md | 9 ++--- ...e_login_flow_with_web_authn_method_body.go | 35 ++++++++----------- spec/api.json | 3 +- spec/swagger.json | 3 +- 6 files changed, 24 insertions(+), 35 deletions(-) diff --git a/internal/httpclient/api/openapi.yaml b/internal/httpclient/api/openapi.yaml index a7f0fcd85743..a2dd7ecd5053 100644 --- a/internal/httpclient/api/openapi.yaml +++ b/internal/httpclient/api/openapi.yaml @@ -4527,10 +4527,8 @@ components: flows. type: string identifier: - description: |- - Identifier is the email or username of the user trying to log in. This field is - only required when using WebAuthn for passwordless login. When using WebAuthn - for multi-factor authentication, it is not needed. + description: Identifier is the email or username of the user trying to log + in. type: string method: description: Method should be set to "webAuthn" when logging in using the @@ -4543,6 +4541,7 @@ components: This must contain the ID of the WebAuthN connection. type: string required: + - identifier - method title: submitSelfServiceLoginFlowWithWebAuthnMethodBody is used to decode the login form payload. diff --git a/internal/httpclient/docs/SubmitSelfServiceLoginFlowBody.md b/internal/httpclient/docs/SubmitSelfServiceLoginFlowBody.md index 7a9425d96449..ac84be1c558c 100644 --- a/internal/httpclient/docs/SubmitSelfServiceLoginFlowBody.md +++ b/internal/httpclient/docs/SubmitSelfServiceLoginFlowBody.md @@ -5,7 +5,7 @@ Name | Type | Description | Notes ------------ | ------------- | ------------- | ------------- **CsrfToken** | Pointer to **string** | Sending the anti-csrf token is only required for browser login flows. | [optional] -**Identifier** | **string** | Identifier is the email or username of the user trying to log in. This field is only required when using WebAuthn for passwordless login. When using WebAuthn for multi-factor authentication, it is not needed. | +**Identifier** | **string** | Identifier is the email or username of the user trying to log in. | **Method** | **string** | Method should be set to \"lookup_secret\" when logging in using the lookup_secret strategy. | **Password** | **string** | The user's password. | **PasswordIdentifier** | Pointer to **string** | Identifier is the email or username of the user trying to log in. This field is deprecated! | [optional] diff --git a/internal/httpclient/docs/SubmitSelfServiceLoginFlowWithWebAuthnMethodBody.md b/internal/httpclient/docs/SubmitSelfServiceLoginFlowWithWebAuthnMethodBody.md index 9eabeb917ff5..d7856ea4a453 100644 --- a/internal/httpclient/docs/SubmitSelfServiceLoginFlowWithWebAuthnMethodBody.md +++ b/internal/httpclient/docs/SubmitSelfServiceLoginFlowWithWebAuthnMethodBody.md @@ -5,7 +5,7 @@ Name | Type | Description | Notes ------------ | ------------- | ------------- | ------------- **CsrfToken** | Pointer to **string** | Sending the anti-csrf token is only required for browser login flows. | [optional] -**Identifier** | Pointer to **string** | Identifier is the email or username of the user trying to log in. This field is only required when using WebAuthn for passwordless login. When using WebAuthn for multi-factor authentication, it is not needed. | [optional] +**Identifier** | **string** | Identifier is the email or username of the user trying to log in. | **Method** | **string** | Method should be set to \"webAuthn\" when logging in using the WebAuthn strategy. | **WebauthnLogin** | Pointer to **string** | Login a WebAuthn Security Key This must contain the ID of the WebAuthN connection. | [optional] @@ -13,7 +13,7 @@ Name | Type | Description | Notes ### NewSubmitSelfServiceLoginFlowWithWebAuthnMethodBody -`func NewSubmitSelfServiceLoginFlowWithWebAuthnMethodBody(method string, ) *SubmitSelfServiceLoginFlowWithWebAuthnMethodBody` +`func NewSubmitSelfServiceLoginFlowWithWebAuthnMethodBody(identifier string, method string, ) *SubmitSelfServiceLoginFlowWithWebAuthnMethodBody` NewSubmitSelfServiceLoginFlowWithWebAuthnMethodBody instantiates a new SubmitSelfServiceLoginFlowWithWebAuthnMethodBody object This constructor will assign default values to properties that have it defined, @@ -72,11 +72,6 @@ and a boolean to check if the value has been set. SetIdentifier sets Identifier field to given value. -### HasIdentifier - -`func (o *SubmitSelfServiceLoginFlowWithWebAuthnMethodBody) HasIdentifier() bool` - -HasIdentifier returns a boolean if a field has been set. ### GetMethod diff --git a/internal/httpclient/model_submit_self_service_login_flow_with_web_authn_method_body.go b/internal/httpclient/model_submit_self_service_login_flow_with_web_authn_method_body.go index 2975a60a4e39..5dff1d8d80f6 100644 --- a/internal/httpclient/model_submit_self_service_login_flow_with_web_authn_method_body.go +++ b/internal/httpclient/model_submit_self_service_login_flow_with_web_authn_method_body.go @@ -19,8 +19,8 @@ import ( type SubmitSelfServiceLoginFlowWithWebAuthnMethodBody struct { // Sending the anti-csrf token is only required for browser login flows. CsrfToken *string `json:"csrf_token,omitempty"` - // Identifier is the email or username of the user trying to log in. This field is only required when using WebAuthn for passwordless login. When using WebAuthn for multi-factor authentication, it is not needed. - Identifier *string `json:"identifier,omitempty"` + // Identifier is the email or username of the user trying to log in. + Identifier string `json:"identifier"` // Method should be set to \"webAuthn\" when logging in using the WebAuthn strategy. Method string `json:"method"` // Login a WebAuthn Security Key This must contain the ID of the WebAuthN connection. @@ -31,8 +31,9 @@ type SubmitSelfServiceLoginFlowWithWebAuthnMethodBody struct { // This constructor will assign default values to properties that have it defined, // and makes sure properties required by API are set, but the set of arguments // will change when the set of required properties is changed -func NewSubmitSelfServiceLoginFlowWithWebAuthnMethodBody(method string) *SubmitSelfServiceLoginFlowWithWebAuthnMethodBody { +func NewSubmitSelfServiceLoginFlowWithWebAuthnMethodBody(identifier string, method string) *SubmitSelfServiceLoginFlowWithWebAuthnMethodBody { this := SubmitSelfServiceLoginFlowWithWebAuthnMethodBody{} + this.Identifier = identifier this.Method = method return &this } @@ -77,36 +78,28 @@ func (o *SubmitSelfServiceLoginFlowWithWebAuthnMethodBody) SetCsrfToken(v string o.CsrfToken = &v } -// GetIdentifier returns the Identifier field value if set, zero value otherwise. +// GetIdentifier returns the Identifier field value func (o *SubmitSelfServiceLoginFlowWithWebAuthnMethodBody) GetIdentifier() string { - if o == nil || o.Identifier == nil { + if o == nil { var ret string return ret } - return *o.Identifier + + return o.Identifier } -// GetIdentifierOk returns a tuple with the Identifier field value if set, nil otherwise +// GetIdentifierOk returns a tuple with the Identifier field value // and a boolean to check if the value has been set. func (o *SubmitSelfServiceLoginFlowWithWebAuthnMethodBody) GetIdentifierOk() (*string, bool) { - if o == nil || o.Identifier == nil { + if o == nil { return nil, false } - return o.Identifier, true -} - -// HasIdentifier returns a boolean if a field has been set. -func (o *SubmitSelfServiceLoginFlowWithWebAuthnMethodBody) HasIdentifier() bool { - if o != nil && o.Identifier != nil { - return true - } - - return false + return &o.Identifier, true } -// SetIdentifier gets a reference to the given string and assigns it to the Identifier field. +// SetIdentifier sets field value func (o *SubmitSelfServiceLoginFlowWithWebAuthnMethodBody) SetIdentifier(v string) { - o.Identifier = &v + o.Identifier = v } // GetMethod returns the Method field value @@ -170,7 +163,7 @@ func (o SubmitSelfServiceLoginFlowWithWebAuthnMethodBody) MarshalJSON() ([]byte, if o.CsrfToken != nil { toSerialize["csrf_token"] = o.CsrfToken } - if o.Identifier != nil { + if true { toSerialize["identifier"] = o.Identifier } if true { diff --git a/spec/api.json b/spec/api.json index 655b49d177d7..a09af86ba689 100755 --- a/spec/api.json +++ b/spec/api.json @@ -1387,7 +1387,7 @@ "type": "string" }, "identifier": { - "description": "Identifier is the email or username of the user trying to log in. This field is\nonly required when using WebAuthn for passwordless login. When using WebAuthn\nfor multi-factor authentication, it is not needed.", + "description": "Identifier is the email or username of the user trying to log in.", "type": "string" }, "method": { @@ -1400,6 +1400,7 @@ } }, "required": [ + "identifier", "method" ], "title": "submitSelfServiceLoginFlowWithWebAuthnMethodBody is used to decode the login form payload.", diff --git a/spec/swagger.json b/spec/swagger.json index c69f313284da..ce615a5de29c 100755 --- a/spec/swagger.json +++ b/spec/swagger.json @@ -3694,6 +3694,7 @@ "type": "object", "title": "submitSelfServiceLoginFlowWithWebAuthnMethodBody is used to decode the login form payload.", "required": [ + "identifier", "method" ], "properties": { @@ -3702,7 +3703,7 @@ "type": "string" }, "identifier": { - "description": "Identifier is the email or username of the user trying to log in. This field is\nonly required when using WebAuthn for passwordless login. When using WebAuthn\nfor multi-factor authentication, it is not needed.", + "description": "Identifier is the email or username of the user trying to log in.", "type": "string" }, "method": { From 071c885d8231a1a66051002ecfcff5c8e5237085 Mon Sep 17 00:00:00 2001 From: hackerman <3372410+aeneasr@users.noreply.github.com> Date: Sat, 16 Jul 2022 10:50:07 +0200 Subject: [PATCH 139/411] fix: bump docker image (#2594) --- .docker/Dockerfile-alpine | 4 ++-- .docker/Dockerfile-build | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.docker/Dockerfile-alpine b/.docker/Dockerfile-alpine index 958e1b923d47..deba158a833e 100644 --- a/.docker/Dockerfile-alpine +++ b/.docker/Dockerfile-alpine @@ -1,4 +1,4 @@ -FROM alpine:3.15.4 +FROM alpine:3.16 # Because this image supports SQLite, we create /home/ory and /home/ory/sqlite which is owned by the ory user # and declare /home/ory/sqlite a volume. @@ -10,7 +10,7 @@ FROM alpine:3.15.4 RUN addgroup -S ory; \ adduser -S ory -G ory -D -u 10000 -h /home/ory -s /bin/nologin; \ chown -R ory:ory /home/ory -RUN apk --no-cache --update-cache --upgrade --latest add ca-certificates +RUN apk --update upgrade && apk --no-cache --update-cache --upgrade --latest add ca-certificates WORKDIR /home/ory diff --git a/.docker/Dockerfile-build b/.docker/Dockerfile-build index 801d964c66fb..039cdae51600 100644 --- a/.docker/Dockerfile-build +++ b/.docker/Dockerfile-build @@ -1,7 +1,7 @@ # syntax = docker/dockerfile:1-experimental -FROM golang:1.18-alpine3.15 AS base +FROM golang:1.18-alpine3.16 AS base -RUN apk --no-cache --update-cache --upgrade --latest add build-base git gcc bash +RUN apk --update upgrade && apk --no-cache --update-cache --upgrade --latest add ca-certificates WORKDIR /go/src/github.com/ory/kratos From d1b6b40aa9dcc7a3ec9237eec28c4fa55f0b8627 Mon Sep 17 00:00:00 2001 From: hackerman <3372410+aeneasr@users.noreply.github.com> Date: Sat, 16 Jul 2022 10:50:24 +0200 Subject: [PATCH 140/411] fix(cli): dry up code (#2572) --- cmd/identities/definitions.go | 36 -------- cmd/identities/delete.go | 6 +- cmd/identities/list.go | 30 ++----- go.mod | 43 +++++----- go.sum | 153 ++++++++++++++-------------------- x/pagination.go | 5 ++ 6 files changed, 100 insertions(+), 173 deletions(-) diff --git a/cmd/identities/definitions.go b/cmd/identities/definitions.go index 98bf57e84cc6..d9dddedc2fb1 100644 --- a/cmd/identities/definitions.go +++ b/cmd/identities/definitions.go @@ -9,14 +9,10 @@ import ( ) type ( - outputIder string outputIdentity kratos.Identity outputIdentityCollection struct { identities []kratos.Identity } - outputIderCollection struct { - ids []outputIder - } ) func (_ outputIdentity) Header() []string { @@ -57,18 +53,6 @@ func (i outputIdentity) Interface() interface{} { return i } -func (_ outputIder) Header() []string { - return []string{"ID"} -} - -func (i outputIder) Columns() []string { - return []string{string(i)} -} - -func (i outputIder) Interface() interface{} { - return i -} - func (_ outputIdentityCollection) Header() []string { return outputIdentity{}.Header() } @@ -88,23 +72,3 @@ func (c outputIdentityCollection) Interface() interface{} { func (c *outputIdentityCollection) Len() int { return len(c.identities) } - -func (_ *outputIderCollection) Header() []string { - return []string{"ID"} -} - -func (c *outputIderCollection) Table() [][]string { - rows := make([][]string, len(c.ids)) - for i, ident := range c.ids { - rows[i] = []string{string(ident)} - } - return rows -} - -func (c *outputIderCollection) Interface() interface{} { - return c.ids -} - -func (c *outputIderCollection) Len() int { - return len(c.ids) -} diff --git a/cmd/identities/delete.go b/cmd/identities/delete.go index 9b2b23e2d3f4..e8514edff4c6 100644 --- a/cmd/identities/delete.go +++ b/cmd/identities/delete.go @@ -39,7 +39,7 @@ func NewDeleteIdentityCmd(root *cobra.Command) *cobra.Command { } var ( - deleted = make([]outputIder, 0, len(args)) + deleted = make([]cmdx.OutputIder, 0, len(args)) failed = make(map[string]error) ) @@ -49,13 +49,13 @@ func NewDeleteIdentityCmd(root *cobra.Command) *cobra.Command { failed[a] = cmdx.PrintOpenAPIError(cmd, err) continue } - deleted = append(deleted, outputIder(a)) + deleted = append(deleted, cmdx.OutputIder(a)) } if len(deleted) == 1 { cmdx.PrintRow(cmd, &deleted[0]) } else if len(deleted) > 1 { - cmdx.PrintTable(cmd, &outputIderCollection{deleted}) + cmdx.PrintTable(cmd, &cmdx.OutputIderCollection{Items: deleted}) } cmdx.PrintErrors(cmd, failed) diff --git a/cmd/identities/list.go b/cmd/identities/list.go index fde22ed4946a..67b416afef9a 100644 --- a/cmd/identities/list.go +++ b/cmd/identities/list.go @@ -2,13 +2,11 @@ package identities import ( "fmt" - "strconv" - - "github.com/ory/x/cmdx" "github.com/spf13/cobra" "github.com/ory/kratos/cmd/cliclient" + "github.com/ory/x/cmdx" ) func NewListCmd(root *cobra.Command) *cobra.Command { @@ -29,13 +27,7 @@ func NewListIdentitiesCmd(root *cobra.Command) *cobra.Command { Short: "List identities", Long: "List identities (paginated)", Example: fmt.Sprintf("%[1]s ls identities 100 1", root.Use), - Args: func(cmd *cobra.Command, args []string) error { - // zero or exactly two args - if len(args) != 0 && len(args) != 2 { - return fmt.Errorf("expected zero or two args, got %d: %+v", len(args), args) - } - return nil - }, + Args: cmdx.ZeroOrTwoArgs, Aliases: []string{"ls"}, RunE: func(cmd *cobra.Command, args []string) error { c, err := cliclient.NewClient(cmd) @@ -44,20 +36,13 @@ func NewListIdentitiesCmd(root *cobra.Command) *cobra.Command { } req := c.V0alpha2Api.AdminListIdentities(cmd.Context()) - if len(args) == 2 { - page, err := strconv.ParseInt(args[0], 0, 64) + page, perPage, err := cmdx.ParsePaginationArgs(cmd, args[0], args[1]) if err != nil { - _, _ = fmt.Fprintf(cmd.ErrOrStderr(), "Could not parse page argument\"%s\": %s", args[0], err) - return cmdx.FailSilently(cmd) + return err } - req = req.Page(page) - perPage, err := strconv.ParseInt(args[1], 0, 64) - if err != nil { - _, _ = fmt.Fprintf(cmd.ErrOrStderr(), "Could not parse per-page argument\"%s\": %s", args[1], err) - return cmdx.FailSilently(cmd) - } + req = req.Page(page) req = req.PerPage(perPage) } @@ -66,10 +51,7 @@ func NewListIdentitiesCmd(root *cobra.Command) *cobra.Command { return cmdx.PrintOpenAPIError(cmd, err) } - cmdx.PrintTable(cmd, &outputIdentityCollection{ - identities: identities, - }) - + cmdx.PrintTable(cmd, &outputIdentityCollection{identities: identities}) return nil }, } diff --git a/go.mod b/go.mod index 1669ac017013..a5d7e2d085ea 100644 --- a/go.mod +++ b/go.mod @@ -42,8 +42,8 @@ require ( github.com/go-swagger/go-swagger v0.26.1 github.com/gobuffalo/fizz v1.14.0 github.com/gobuffalo/httptest v1.0.2 - github.com/gobuffalo/pop/v6 v6.0.1 - github.com/gofrs/uuid v4.1.0+incompatible + github.com/gobuffalo/pop/v6 v6.0.4-0.20220524160009-195240e4a669 + github.com/gofrs/uuid v4.2.0+incompatible github.com/golang-jwt/jwt/v4 v4.1.0 github.com/golang/gddo v0.0.0-20190904175337-72a348e765d2 github.com/golang/mock v1.6.0 @@ -68,7 +68,7 @@ require ( github.com/mohae/deepcopy v0.0.0-20170929034955-c48cc78d4826 github.com/montanaflynn/stats v0.0.0-20171201202039-1bf9dbcd8cbe github.com/ory/analytics-go/v4 v4.0.3 - github.com/ory/dockertest/v3 v3.8.1 + github.com/ory/dockertest/v3 v3.9.0 github.com/ory/go-acc v0.2.8 github.com/ory/go-convenience v0.1.0 github.com/ory/graceful v0.1.1 @@ -77,11 +77,11 @@ require ( github.com/ory/kratos-client-go v0.6.3-alpha.1 github.com/ory/mail/v3 v3.0.0 github.com/ory/nosurf v1.2.7 - github.com/ory/x v0.0.392 + github.com/ory/x v0.0.435 github.com/phayes/freeport v0.0.0-20180830031419-95f893ade6f2 github.com/pkg/errors v0.9.1 github.com/pquerna/otp v1.3.0 - github.com/rs/cors v1.8.0 + github.com/rs/cors v1.8.2 github.com/sirupsen/logrus v1.8.1 github.com/slack-go/slack v0.7.4 github.com/spf13/cobra v1.4.0 @@ -94,8 +94,8 @@ require ( github.com/zmb3/spotify/v2 v2.0.0 go.opentelemetry.io/otel v1.7.0 go.opentelemetry.io/otel/trace v1.7.0 - golang.org/x/crypto v0.0.0-20211108221036-ceb1ce70b4fa - golang.org/x/net v0.0.0-20211020060615-d418f374d309 + golang.org/x/crypto v0.0.0-20220517005047-85d78b3ac167 + golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2 golang.org/x/oauth2 v0.0.0-20211104180415-d3ed0bb246c8 golang.org/x/sync v0.0.0-20210220032951-036812b2e83c golang.org/x/tools v0.1.10 @@ -107,7 +107,7 @@ require ( github.com/Masterminds/goutils v1.1.0 // indirect github.com/Masterminds/semver v1.5.0 // indirect github.com/Masterminds/semver/v3 v3.1.1 // indirect - github.com/Microsoft/go-winio v0.5.1 // indirect + github.com/Microsoft/go-winio v0.5.2 // indirect github.com/Nvveen/Gotty v0.0.0-20120604004816-cd527374f1e5 // indirect github.com/PuerkitoBio/purell v1.1.1 // indirect github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578 // indirect @@ -117,26 +117,27 @@ require ( github.com/alecthomas/units v0.0.0-20210208195552-ff826a37aa15 // indirect github.com/armon/go-metrics v0.3.10 // indirect github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d // indirect + github.com/avast/retry-go/v4 v4.0.5 // indirect github.com/aymerick/douceur v0.2.0 // indirect github.com/beorn7/perks v1.0.1 // indirect github.com/bgentry/speakeasy v0.1.0 // indirect github.com/bmatcuk/doublestar v1.3.4 // indirect github.com/boombuler/barcode v1.0.1 // indirect - github.com/cenkalti/backoff/v4 v4.1.2 // indirect + github.com/cenkalti/backoff/v4 v4.1.3 // indirect github.com/census-instrumentation/opencensus-proto v0.3.0 // indirect github.com/cespare/xxhash/v2 v2.1.2 // indirect github.com/cloudflare/cfssl v1.6.1 // indirect github.com/cncf/udpa/go v0.0.0-20210930031921-04548b0d99d4 // indirect github.com/cncf/xds/go v0.0.0-20211130200136-a8f946100490 // indirect - github.com/cockroachdb/cockroach-go/v2 v2.2.7 // indirect + github.com/cockroachdb/cockroach-go/v2 v2.2.10 // indirect github.com/containerd/containerd v1.5.7 // indirect - github.com/containerd/continuity v0.2.1 // indirect + github.com/containerd/continuity v0.3.0 // indirect github.com/coreos/go-semver v0.3.0 // indirect github.com/coreos/go-systemd/v22 v22.3.2 // indirect github.com/cortesi/moddwatch v0.0.0-20210222043437-a6aaad86a36e // indirect github.com/cortesi/termlog v0.0.0-20210222042314-a1eec763abec // indirect github.com/cpuguy83/go-md2man/v2 v2.0.1 // indirect - github.com/docker/cli v20.10.11+incompatible // indirect + github.com/docker/cli v20.10.14+incompatible // indirect github.com/docker/distribution v2.8.1+incompatible // indirect github.com/docker/docker v20.10.9+incompatible // indirect github.com/docker/go-connections v0.4.0 // indirect @@ -169,11 +170,11 @@ require ( github.com/go-sql-driver/mysql v1.6.0 // indirect github.com/go-stack/stack v1.8.1 // indirect github.com/gobuffalo/envy v1.10.1 // indirect - github.com/gobuffalo/flect v0.2.4 // indirect + github.com/gobuffalo/flect v0.2.5 // indirect github.com/gobuffalo/github_flavored_markdown v1.1.1 // indirect github.com/gobuffalo/helpers v0.6.4 // indirect github.com/gobuffalo/nulls v0.4.1 // indirect - github.com/gobuffalo/plush/v4 v4.1.9 // indirect + github.com/gobuffalo/plush/v4 v4.1.11 // indirect github.com/gobuffalo/tags/v3 v3.1.2 // indirect github.com/gobuffalo/validate/v3 v3.3.1 // indirect github.com/goccy/go-yaml v1.9.5 // indirect @@ -203,18 +204,18 @@ require ( github.com/huandu/xstrings v1.2.0 // indirect github.com/inconshreveable/mousetrap v1.0.0 // indirect github.com/jackc/chunkreader/v2 v2.0.1 // indirect - github.com/jackc/pgconn v1.10.1 // indirect + github.com/jackc/pgconn v1.12.1 // indirect github.com/jackc/pgio v1.0.0 // indirect github.com/jackc/pgpassfile v1.0.0 // indirect - github.com/jackc/pgproto3/v2 v2.2.0 // indirect + github.com/jackc/pgproto3/v2 v2.3.0 // indirect github.com/jackc/pgservicefile v0.0.0-20200714003250-2b9c44734f2b // indirect - github.com/jackc/pgtype v1.9.0 // indirect - github.com/jackc/pgx/v4 v4.14.0 // indirect + github.com/jackc/pgtype v1.11.0 // indirect + github.com/jackc/pgx/v4 v4.16.1 // indirect github.com/jandelgado/gcov2lcov v1.0.5 // indirect github.com/jessevdk/go-flags v1.4.0 // indirect github.com/jhump/protoreflect v1.8.2 // indirect github.com/jinzhu/copier v0.3.5 // indirect - github.com/jmoiron/sqlx v1.3.4 // indirect + github.com/jmoiron/sqlx v1.3.5 // indirect github.com/joho/godotenv v1.4.0 // indirect github.com/jonboulle/clockwork v0.2.2 // indirect github.com/josharian/intern v1.0.0 // indirect @@ -223,7 +224,7 @@ require ( github.com/kr/pretty v0.3.0 // indirect github.com/kr/text v0.2.0 // indirect github.com/leodido/go-urn v1.2.0 // indirect - github.com/lib/pq v1.10.4 // indirect + github.com/lib/pq v1.10.6 // indirect github.com/magiconair/properties v1.8.6 // indirect github.com/mailru/easyjson v0.7.7 // indirect github.com/markbates/hmax v1.0.0 // indirect @@ -245,7 +246,7 @@ require ( github.com/olekukonko/tablewriter v0.0.5 // indirect github.com/opencontainers/go-digest v1.0.0 // indirect github.com/opencontainers/image-spec v1.0.2 // indirect - github.com/opencontainers/runc v1.0.2 // indirect + github.com/opencontainers/runc v1.1.1 // indirect github.com/openzipkin/zipkin-go v0.4.0 // indirect github.com/ory/viper v1.7.5 // indirect github.com/pborman/uuid v1.2.1 // indirect diff --git a/go.sum b/go.sum index 57e1e72adf6c..aa7a15e8f1af 100644 --- a/go.sum +++ b/go.sum @@ -1,6 +1,5 @@ bazil.org/fuse v0.0.0-20160811212531-371fbbdaa898/go.mod h1:Xbm+BRKSBEpa4q4hTSxohYNQpsxXPbPry4JJWOB3LB8= bazil.org/fuse v0.0.0-20180421153158-65cc252bf669/go.mod h1:Xbm+BRKSBEpa4q4hTSxohYNQpsxXPbPry4JJWOB3LB8= -bazil.org/fuse v0.0.0-20200407214033-5883e5a4b512/go.mod h1:FbcW6z/2VytnFDhZfumh8Ss8zxHE6qpMP5sHTRe0EaM= bitbucket.org/creachadair/shell v0.0.6/go.mod h1:8Qqi/cYk7vPnsOePHroKXDJYmb5x7ENhtiFtfZq8K+M= bitbucket.org/liamstask/goose v0.0.0-20150115234039-8488cc47d90c/go.mod h1:hSVuE3qU7grINVSwrmzHfpg9k87ALBk+XaualNyUzI4= cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= @@ -123,8 +122,9 @@ github.com/Microsoft/go-winio v0.4.17-0.20210211115548-6eac466e5fa3/go.mod h1:JP github.com/Microsoft/go-winio v0.4.17-0.20210324224401-5516f17a5958/go.mod h1:JPGBdM1cNvN/6ISo+n8V5iA4v8pBzdOpzfwIujj1a84= github.com/Microsoft/go-winio v0.4.17/go.mod h1:JPGBdM1cNvN/6ISo+n8V5iA4v8pBzdOpzfwIujj1a84= github.com/Microsoft/go-winio v0.5.0/go.mod h1:JPGBdM1cNvN/6ISo+n8V5iA4v8pBzdOpzfwIujj1a84= -github.com/Microsoft/go-winio v0.5.1 h1:aPJp2QD7OOrhO5tQXqQoGSJc+DjDtWTGLOmNyAm6FgY= github.com/Microsoft/go-winio v0.5.1/go.mod h1:JPGBdM1cNvN/6ISo+n8V5iA4v8pBzdOpzfwIujj1a84= +github.com/Microsoft/go-winio v0.5.2 h1:a9IhgEQBCUEk6QCdml9CiJGhAws+YwffDHEMp1VMrpA= +github.com/Microsoft/go-winio v0.5.2/go.mod h1:WpS1mjBmmwHBEWmogvA2mj8546UReBk4v8QkMxJ6pZY= github.com/Microsoft/hcsshim v0.8.6/go.mod h1:Op3hHsoHPAvb6lceZHDtd9OkTew38wNoXnJs8iY7rUg= github.com/Microsoft/hcsshim v0.8.7-0.20190325164909-8abdbb8205e4/go.mod h1:Op3hHsoHPAvb6lceZHDtd9OkTew38wNoXnJs8iY7rUg= github.com/Microsoft/hcsshim v0.8.7/go.mod h1:OHd7sQqRFrYd3RmSgbgji+ctCwkbq2wbEYNSzOYtcBQ= @@ -205,6 +205,8 @@ github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d h1:Byv0BzEl github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw= github.com/avast/retry-go/v3 v3.1.1 h1:49Scxf4v8PmiQ/nY0aY3p0hDueqSmc7++cBbtiDGu2g= github.com/avast/retry-go/v3 v3.1.1/go.mod h1:6cXRK369RpzFL3UQGqIUp9Q7GDrams+KsYWrfNA1/nQ= +github.com/avast/retry-go/v4 v4.0.5 h1:C0Fm9MjPCmgLW6Jb1zBTVRx0ycr+VUaaUZO5wpqYjqg= +github.com/avast/retry-go/v4 v4.0.5/go.mod h1:HqmLvS2VLdStPCGDFjSuZ9pzlTqVRldCI4w2dO4m1Ms= github.com/aws/aws-lambda-go v1.13.3/go.mod h1:4UKl9IzQMoD+QF79YdCuzCwp8VbmG4VAQwij/eHl5CU= github.com/aws/aws-sdk-go v1.15.11/go.mod h1:mFuSZ37Z9YOHbQEwBWztmVzqXrEkub65tZoCYDt7FT0= github.com/aws/aws-sdk-go v1.15.27/go.mod h1:mFuSZ37Z9YOHbQEwBWztmVzqXrEkub65tZoCYDt7FT0= @@ -267,8 +269,9 @@ github.com/casbin/casbin/v2 v2.1.2/go.mod h1:YcPU1XXisHhLzuxH9coDNf2FbKpjGlbCg3n github.com/cavaliercoder/go-cpio v0.0.0-20180626203310-925f9528c45e/go.mod h1:oDpT4efm8tSYHXV5tHSdRvBet/b/QzxZ+XyyPehvm3A= github.com/cenkalti/backoff v2.2.1+incompatible h1:tNowT99t7UNflLxfYYSlKYsBpXdEet03Pg2g16Swow4= github.com/cenkalti/backoff v2.2.1+incompatible/go.mod h1:90ReRw6GdpyfrHakVjL/QHaoyV4aDUVVkXQJJJ3NXXM= -github.com/cenkalti/backoff/v4 v4.1.2 h1:6Yo7N8UP2K6LWZnW94DLVSSrbobcWdVzAYOisuDPIFo= github.com/cenkalti/backoff/v4 v4.1.2/go.mod h1:scbssz8iZGpm3xbr14ovlUdkxfGXNInqkPWOWmG2CLw= +github.com/cenkalti/backoff/v4 v4.1.3 h1:cFAlzYUlVYDysBEH2T5hyJZMh3+5+WCBvSnK6Q8UtC4= +github.com/cenkalti/backoff/v4 v4.1.3/go.mod h1:scbssz8iZGpm3xbr14ovlUdkxfGXNInqkPWOWmG2CLw= github.com/census-instrumentation/opencensus-proto v0.2.0/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= github.com/census-instrumentation/opencensus-proto v0.3.0 h1:t/LhUZLVitR1Ow2YOnduCsavhwFUklBMoGVYUCqmCqk= @@ -283,6 +286,7 @@ github.com/cespare/xxhash/v2 v2.1.2 h1:YRXhKfTDauu4ajMg1TPgFO5jnlC2HCbmLXMcTG5cb github.com/cespare/xxhash/v2 v2.1.2/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= github.com/checkpoint-restore/go-criu/v4 v4.1.0/go.mod h1:xUQBLp4RLc5zJtWY++yjOoMoB5lihDt7fai+75m+rGw= github.com/checkpoint-restore/go-criu/v5 v5.0.0/go.mod h1:cfwC0EG7HMUenopBsUf9d89JlCLQIfgVcNsNN0t6T2M= +github.com/checkpoint-restore/go-criu/v5 v5.3.0/go.mod h1:E/eQpaFtUKGOOSEBZgmKAcn+zUUwWxqcaKZlF54wK8E= github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI= github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI= github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU= @@ -291,6 +295,7 @@ github.com/cilium/ebpf v0.0.0-20200702112145-1c8d4c9ef775/go.mod h1:7cR51M8ViRLI github.com/cilium/ebpf v0.2.0/go.mod h1:To2CFviqOWL/M0gIMsvSMlqe7em/l1ALkX1PyjrX2Qs= github.com/cilium/ebpf v0.4.0/go.mod h1:4tRaxcgiL706VnOzHOdBlY8IEAIdxINsQBcU4xJJXRs= github.com/cilium/ebpf v0.6.2/go.mod h1:4tRaxcgiL706VnOzHOdBlY8IEAIdxINsQBcU4xJJXRs= +github.com/cilium/ebpf v0.7.0/go.mod h1:/oI2+1shJiTGAMgl6/RgJr36Eo1jzrRcAWbcXO2usCA= github.com/circonus-labs/circonus-gometrics v2.3.1+incompatible/go.mod h1:nmEj6Dob7S7YxXgwXpfOuvO54S+tGdZdw9fuRZt25Ag= github.com/circonus-labs/circonusllhist v0.1.3/go.mod h1:kMXHVDlOchFAehlya5ePtbp5jckzBHf4XRpQvBOLI+I= github.com/clbanning/x2j v0.0.0-20191024224557-825249438eec/go.mod h1:jMjuTZXRI4dUb/I5gc9Hdhagfvm9+RyrPryS/auMzxE= @@ -314,8 +319,8 @@ github.com/cncf/xds/go v0.0.0-20211130200136-a8f946100490 h1:KwaoQzs/WeUxxJqiJsZ github.com/cncf/xds/go v0.0.0-20211130200136-a8f946100490/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= github.com/cockroachdb/apd v1.1.0 h1:3LFP3629v+1aKXU5Q37mxmRxX/pIu1nijXydLShEq5I= github.com/cockroachdb/apd v1.1.0/go.mod h1:8Sl8LxpKi29FqWXR16WEFZRNSz3SoPzUzeMeY4+DwBQ= -github.com/cockroachdb/cockroach-go/v2 v2.2.7 h1:c+x0jUU71NxsD0ZEZk1Dt2Pl/gUFUPkubINx0GF0DsA= -github.com/cockroachdb/cockroach-go/v2 v2.2.7/go.mod h1:q4ZRgO6CQpwNyEvEwSxwNrOSVchsmzrBnAv3HuZ3Abc= +github.com/cockroachdb/cockroach-go/v2 v2.2.10 h1:O7Hl8m0rs/oJNBmRr14ED3Q3+AmugMK9DtJwRDHZ2DA= +github.com/cockroachdb/cockroach-go/v2 v2.2.10/go.mod h1:xZ2VHjUEb/cySv0scXBx7YsBnHtLHkR1+w/w73b5i3M= github.com/cockroachdb/datadriven v0.0.0-20190809214429-80d97fb3cbaa/go.mod h1:zn76sxSg3SzpJ0PPJaLDCu+Bu0Lg3sKTORVIj19EIF8= github.com/cockroachdb/datadriven v0.0.0-20200714090401-bf6692d28da5 h1:xD/lrqdvwsc+O2bjSSi3YqY73Ke3LAiSCx49aCesA0E= github.com/cockroachdb/datadriven v0.0.0-20200714090401-bf6692d28da5/go.mod h1:h6jFvWxBdQXxjopDMZyH2UVceIRfR84bdzbkoKrsWNo= @@ -343,6 +348,7 @@ github.com/containerd/console v0.0.0-20181022165439-0650fd9eeb50/go.mod h1:Tj/on github.com/containerd/console v0.0.0-20191206165004-02ecf6a7291e/go.mod h1:8Pf4gM6VEbTNRIT26AyyU7hxdQU3MvAvxVI0sc00XBE= github.com/containerd/console v1.0.1/go.mod h1:XUsP6YE/mKtz6bxc+I8UiKKTP04qjQL4qcS3XoQ5xkw= github.com/containerd/console v1.0.2/go.mod h1:ytZPjGgY2oeTkAONYafi2kSj0aYggsf8acV1PGKCbzQ= +github.com/containerd/console v1.0.3/go.mod h1:7LqA/THxQ86k76b8c/EMSiaJ3h1eZkMkXar0TQ1gf3U= github.com/containerd/containerd v1.2.10/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA= github.com/containerd/containerd v1.3.0-beta.2.0.20190828155532-0293cbd26c69/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA= github.com/containerd/containerd v1.3.0/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA= @@ -360,14 +366,13 @@ github.com/containerd/containerd v1.5.7 h1:rQyoYtj4KddB3bxG6SAqd4+08gePNyJjRqvOI github.com/containerd/containerd v1.5.7/go.mod h1:gyvv6+ugqY25TiXxcZC3L5yOeYgEw0QMhscqVp1AR9c= github.com/containerd/continuity v0.0.0-20190426062206-aaeac12a7ffc/go.mod h1:GL3xCUCBDV3CZiTSEKksMWbLE66hEyuu9qyDOOqM47Y= github.com/containerd/continuity v0.0.0-20190815185530-f2a389ac0a02/go.mod h1:GL3xCUCBDV3CZiTSEKksMWbLE66hEyuu9qyDOOqM47Y= -github.com/containerd/continuity v0.0.0-20190827140505-75bee3e2ccb6/go.mod h1:GL3xCUCBDV3CZiTSEKksMWbLE66hEyuu9qyDOOqM47Y= github.com/containerd/continuity v0.0.0-20191127005431-f65d91d395eb/go.mod h1:GL3xCUCBDV3CZiTSEKksMWbLE66hEyuu9qyDOOqM47Y= github.com/containerd/continuity v0.0.0-20200710164510-efbc4488d8fe/go.mod h1:cECdGN1O8G9bgKTlLhuPJimka6Xb/Gg7vYzCTNVxhvo= github.com/containerd/continuity v0.0.0-20201208142359-180525291bb7/go.mod h1:kR3BEg7bDFaEddKm54WSmrol1fKWDU1nKYkgrcgZT7Y= github.com/containerd/continuity v0.0.0-20210208174643-50096c924a4e/go.mod h1:EXlVlkqNba9rJe3j7w3Xa924itAMLgZH4UD/Q4PExuQ= github.com/containerd/continuity v0.1.0/go.mod h1:ICJu0PwR54nI0yPEnJ6jcS+J7CZAUXrLh8lPo2knzsM= -github.com/containerd/continuity v0.2.1 h1:/EeEo2EtN3umhbbgCveyjifoMYg0pS+nMMEemaYw634= -github.com/containerd/continuity v0.2.1/go.mod h1:wCYX+dRqZdImhGucXOqTQn05AhX6EUDaGEMUzTFFpLg= +github.com/containerd/continuity v0.3.0 h1:nisirsYROK15TAMVukJOUyGJjz4BNQJBVsNvAXZJ/eg= +github.com/containerd/continuity v0.3.0/go.mod h1:wJEAIwKOm/pBZuBd0JmeTvnLquTB1Ag8espWhkykbPM= github.com/containerd/fifo v0.0.0-20180307165137-3d5202aec260/go.mod h1:ODA38xgv3Kuk8dQz2ZQXpnv/UZZUHUCL7pnLehbXgQI= github.com/containerd/fifo v0.0.0-20190226154929-a9fb20d87448/go.mod h1:ODA38xgv3Kuk8dQz2ZQXpnv/UZZUHUCL7pnLehbXgQI= github.com/containerd/fifo v0.0.0-20200410184934-f15a3290365b/go.mod h1:jPQ2IAeZRCYxpS/Cm1495vGFww6ecHmMk1YJH2Q5ln0= @@ -424,9 +429,8 @@ github.com/coreos/go-semver v0.3.0 h1:wkHLiw0WNATZnSG7epLsujiMCgPAc9xhjJ4tgnAxmf github.com/coreos/go-semver v0.3.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk= github.com/coreos/go-systemd v0.0.0-20161114122254-48702e0da86b/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4= github.com/coreos/go-systemd v0.0.0-20180511133405-39ca1b05acc7/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4= +github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e h1:Wf6HqHfScWJN9/ZjdUKyjop4mf3Qdd+1TvvltAvM3m8= github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4= -github.com/coreos/go-systemd v0.0.0-20190719114852-fd7a80b32e1f h1:JOrtw2xFKzlg+cbHpyrpLDmnN1HqhBfnX7WDiW7eG2c= -github.com/coreos/go-systemd v0.0.0-20190719114852-fd7a80b32e1f/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4= github.com/coreos/go-systemd/v22 v22.0.0/go.mod h1:xO0FLkIi5MaZafQlIrOotqXZ90ih+1atmu1JpKERPPk= github.com/coreos/go-systemd/v22 v22.1.0/go.mod h1:xO0FLkIi5MaZafQlIrOotqXZ90ih+1atmu1JpKERPPk= github.com/coreos/go-systemd/v22 v22.3.2 h1:D9/bQk5vlXQFZ6Kwuu6zaiXJ9oTPe68++AzAJc1DzSI= @@ -450,6 +454,7 @@ github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ3 github.com/creack/pty v1.1.11 h1:07n33Z8lZxZ2qwegKbObQohDhXDQxiMMz1NOUGYlesw= github.com/creack/pty v1.1.11/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= github.com/cyphar/filepath-securejoin v0.2.2/go.mod h1:FpkQEhXnPnOthhzymB7CGsFk2G9VLXONKD9G7QGMM+4= +github.com/cyphar/filepath-securejoin v0.2.3/go.mod h1:aPGpWjXOXUn2NCNjFvBE6aRxGGx79pTxQpKOJNYHHl4= github.com/d2g/dhcp4 v0.0.0-20170904100407-a1d1b6c41b1c/go.mod h1:Ct2BUK8SB0YC1SMSibvLzxjeJLnrYEVLULFNiHY9YfQ= github.com/d2g/dhcp4client v1.0.0/go.mod h1:j0hNfjhrt2SxUOw55nL0ATM/z4Yt3t2Kd1mW34z5W5s= github.com/d2g/dhcp4server v0.0.0-20181031114812-7d4a0a7f59a5/go.mod h1:Eo87+Kg/IX2hfWJfwxMzLyuSZyxSoAug2nGa1G2QAi8= @@ -476,8 +481,8 @@ github.com/dgryski/go-farm v0.0.0-20190423205320-6a90982ecee2/go.mod h1:SqUrOPUn github.com/dgryski/go-sip13 v0.0.0-20181026042036-e10d5fee7954/go.mod h1:vAd38F8PWV+bWy6jNmig1y/TA+kYO4g3RSRF0IAv0no= github.com/dimchansky/utfbom v1.1.0/go.mod h1:rO41eb7gLfo8SF1jd9F8HplJm1Fewwi4mQvIirEdv+8= github.com/dnaeon/go-vcr v1.0.1/go.mod h1:aBB1+wY4s93YsC3HHjMBMrwTj2R9FHDzUr9KyGc8n1E= -github.com/docker/cli v20.10.11+incompatible h1:tXU1ezXcruZQRrMP8RN2z9N91h+6egZTS1gsPsKantc= -github.com/docker/cli v20.10.11+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8= +github.com/docker/cli v20.10.14+incompatible h1:dSBKJOVesDgHo7rbxlYjYsXe7gPzrTT+/cKQgpDAazg= +github.com/docker/cli v20.10.14+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8= github.com/docker/distribution v0.0.0-20190905152932-14b96e55d84c/go.mod h1:0+TTO4EOBfRPhZXAeF1Vu+W3hHZ8eLp8PgKVZlcvtFY= github.com/docker/distribution v2.7.1-0.20190205005809-0d3efadf0154+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= github.com/docker/distribution v2.7.1+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= @@ -577,8 +582,6 @@ github.com/getsentry/raven-go v0.2.0/go.mod h1:KungGk8q33+aIAZUIVWZDr2OfAEBsO49P github.com/ghodss/yaml v0.0.0-20150909031657-73d445a93680/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= github.com/ghodss/yaml v1.0.0 h1:wQHKEahhL6wmXdzwWG11gIVCkOv05bNOh+Rxn0yngAk= github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= -github.com/gin-contrib/sse v0.1.0/go.mod h1:RHrZQHXnP2xjPF+u1gW/2HnVO7nvIa9PG3Gm+fLHvGI= -github.com/gin-gonic/gin v1.5.0/go.mod h1:Nd6IXA8m5kNZdNEHMBd93KT+mdY3+bewLgRvmCsR2Do= github.com/gliderlabs/ssh v0.2.2/go.mod h1:U7qILu1NlMHj9FlMhZLlkCdDnU1DBEAqr0aevW3Awn0= github.com/globalsign/mgo v0.0.0-20180905125535-1ca0a4f7cbcb/go.mod h1:xkRDCp4j0OGD1HRkm4kmhM+pmpv3AKq5SU7GMg4oO/Q= github.com/globalsign/mgo v0.0.0-20181015135952-eeefdecb41b8/go.mod h1:xkRDCp4j0OGD1HRkm4kmhM+pmpv3AKq5SU7GMg4oO/Q= @@ -708,10 +711,8 @@ github.com/go-openapi/validate v0.20.1/go.mod h1:b60iJT+xNNLfaQJUqLI7946tYiFEOuE github.com/go-pdf/fpdf v0.5.0/go.mod h1:HzcnA+A23uwogo0tp9yU+l3V+KXhiESpt1PMayhOh5M= github.com/go-playground/assert/v2 v2.0.1 h1:MsBgLAaY856+nPRTKrp3/OZK38U/wa0CcBYNjji3q3A= github.com/go-playground/assert/v2 v2.0.1/go.mod h1:VDjEfimB/XKnb+ZQfWdccd7VUvScMdVu0Titje2rxJ4= -github.com/go-playground/locales v0.12.1/go.mod h1:IUMDtCfWo/w/mtMfIE/IG2K+Ey3ygWanZIBtBW0W2TM= github.com/go-playground/locales v0.13.0 h1:HyWk6mgj5qFqCT5fjGBuRArbVDfE4hi8+e8ceBS/t7Q= github.com/go-playground/locales v0.13.0/go.mod h1:taPMhCMXrRLJO55olJkUXHZBHCxTMfnGwq/HNwmWNS8= -github.com/go-playground/universal-translator v0.16.0/go.mod h1:1AnU7NaIRDWWzGEKwgtJRd2xk99HeFyHw3yid4rvQIY= github.com/go-playground/universal-translator v0.17.0 h1:icxd5fm+REJzpZx7ZfpaD876Lmtgy7VtROAbHHXk8no= github.com/go-playground/universal-translator v0.17.0/go.mod h1:UkSxE5sNxxRwHyU+Scu5vgOQjsIJAF8j9muTVoKLVtA= github.com/go-playground/validator/v10 v10.4.1 h1:pH2c5ADXtd66mxoE0Zm9SUhxE20r7aM3F26W0hOn+GE= @@ -748,13 +749,15 @@ github.com/gobuffalo/flect v0.1.0/go.mod h1:d2ehjJqGOH/Kjqcoz+F7jHTBbmDb38yXA598 github.com/gobuffalo/flect v0.1.1/go.mod h1:8JCgGVbRjJhVgD6399mQr4fx5rRfGKVzFjbj6RE/9UI= github.com/gobuffalo/flect v0.1.3/go.mod h1:8JCgGVbRjJhVgD6399mQr4fx5rRfGKVzFjbj6RE/9UI= github.com/gobuffalo/flect v0.2.0/go.mod h1:W3K3X9ksuZfir8f/LrfVtWmCDQFfayuylOJ7sz/Fj80= -github.com/gobuffalo/flect v0.2.4 h1:BSYA8+T60cdyq+vynaSUjqSVI9mDEg9ZfQUXKmfjo4I= github.com/gobuffalo/flect v0.2.4/go.mod h1:1ZyCLIbg0YD7sDkzvFdPoOydPtD8y9JQnrOROolUcM8= +github.com/gobuffalo/flect v0.2.5 h1:H6vvsv2an0lalEaCDRThvtBfmg44W/QHXBCYUXf/6S4= +github.com/gobuffalo/flect v0.2.5/go.mod h1:1ZyCLIbg0YD7sDkzvFdPoOydPtD8y9JQnrOROolUcM8= github.com/gobuffalo/genny v0.0.0-20190329151137-27723ad26ef9/go.mod h1:rWs4Z12d1Zbf19rlsn0nurr75KqhYp52EAGGxTbBhNk= github.com/gobuffalo/genny v0.0.0-20190403191548-3ca520ef0d9e/go.mod h1:80lIj3kVJWwOrXWWMRzzdhW3DsrdjILVil/SFKBzF28= github.com/gobuffalo/genny v0.1.0/go.mod h1:XidbUqzak3lHdS//TPu2OgiFB+51Ur5f7CSnXZ/JDvo= github.com/gobuffalo/genny v0.1.1/go.mod h1:5TExbEyY48pfunL4QSXxlDOmdsD44RRq4mVZ0Ex28Xk= github.com/gobuffalo/genny/v2 v2.0.8/go.mod h1:R45scCyQfff2HysNJHNanjrpvPw4Qu+rM1MOMDBB5oU= +github.com/gobuffalo/genny/v2 v2.0.9/go.mod h1:R45scCyQfff2HysNJHNanjrpvPw4Qu+rM1MOMDBB5oU= github.com/gobuffalo/gitgen v0.0.0-20190315122116-cc086187d211/go.mod h1:vEHJk/E9DmhejeLeNt7UVvlSGv3ziL+djtTr3yyzcOw= github.com/gobuffalo/github_flavored_markdown v1.1.0/go.mod h1:TSpTKWcRTI0+v7W3x8dkSKMLJSUpuVitlptCkpeY8ic= github.com/gobuffalo/github_flavored_markdown v1.1.1 h1:kUf8ginyBOTRXcKSTPsPAqlA25vQ80+xAspLIYaxmTU= @@ -781,11 +784,12 @@ github.com/gobuffalo/packd v1.0.1/go.mod h1:PP2POP3p3RXGz7Jh6eYEf93S7vA2za6xM7QT github.com/gobuffalo/packr/v2 v2.0.9/go.mod h1:emmyGweYTm6Kdper+iywB6YK5YzuKchGtJQZ0Odn4pQ= github.com/gobuffalo/packr/v2 v2.2.0/go.mod h1:CaAwI0GPIAv+5wKLtv8Afwl+Cm78K/I/VCm/3ptBN+0= github.com/gobuffalo/plush/v4 v4.0.0/go.mod h1:ErFS3UxKqEb8fpFJT7lYErfN/Nw6vHGiDMTjxpk5bQ0= -github.com/gobuffalo/plush/v4 v4.1.9 h1:u9rQBuYCeHC0ppKxsZljk5vb1oT8PQa5EMNTAN2337s= github.com/gobuffalo/plush/v4 v4.1.9/go.mod h1:9OOII9uAM5pZnhWu1OkQnboXJjaWMQ7kcTl3zNcxvTM= +github.com/gobuffalo/plush/v4 v4.1.11 h1:IOLBE07W0VkiraJf36x547l3q5Ek3osP9vHzN48wAh0= +github.com/gobuffalo/plush/v4 v4.1.11/go.mod h1:9OOII9uAM5pZnhWu1OkQnboXJjaWMQ7kcTl3zNcxvTM= github.com/gobuffalo/pop/v6 v6.0.0/go.mod h1:5rd3OnViLhjteR8+0i/mT9Q4CzkTzCoR7tm/9mmAic4= -github.com/gobuffalo/pop/v6 v6.0.1 h1:4YhzxW4hVvf0xLW9zVkhPZFuH5VmBc4ffIIP/C++SLQ= -github.com/gobuffalo/pop/v6 v6.0.1/go.mod h1:5NO7ehmyRjRctnbMDhIqKkkg6zvdueufYltxErfp9BU= +github.com/gobuffalo/pop/v6 v6.0.4-0.20220524160009-195240e4a669 h1:IVk9uuVEVLRo1VrNsj/A6eBMDs3xdAdZNPUhJqFybck= +github.com/gobuffalo/pop/v6 v6.0.4-0.20220524160009-195240e4a669/go.mod h1:dFcrMNPOwk+sl1Oa0lOb/jGbmjv+JV+5CZjMWNYR3KI= github.com/gobuffalo/syncx v0.0.0-20190224160051-33c29581e754/go.mod h1:HhnNqWY95UYwwW3uSASeV7vtgYkT2t16hJgV3AEPUpw= github.com/gobuffalo/tags/v3 v3.0.2/go.mod h1:ZQeN6TCTiwAFnS0dNcbDtSgZDwNKSpqajvVtt6mlYpA= github.com/gobuffalo/tags/v3 v3.1.2 h1:68sHcwFFDstXyfbk5ovbGcQFDsupgVLs+lw1XZinHJw= @@ -800,12 +804,14 @@ github.com/godbus/dbus v0.0.0-20180201030542-885f9cc04c9c/go.mod h1:/YcGZj5zSblf github.com/godbus/dbus v0.0.0-20190422162347-ade71ed3457e/go.mod h1:bBOAhwG1umN6/6ZUMtDFBMQR8jRg9O75tm9K00oMsK4= github.com/godbus/dbus/v5 v5.0.3/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA= github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA= +github.com/godbus/dbus/v5 v5.0.6/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA= github.com/gofrs/flock v0.8.1 h1:+gYjHKf32LDeiEEFhQaotPbLuUXjY5ZqxKgXy7n59aw= github.com/gofrs/flock v0.8.1/go.mod h1:F1TvTiK9OcQqauNUHlbJvyl9Qa1QvF/gOUDKA14jxHU= github.com/gofrs/uuid v3.2.0+incompatible/go.mod h1:b2aQJv3Z4Fp6yNu3cdSllBxTCLRxnplIgP/c0N/04lM= github.com/gofrs/uuid v4.0.0+incompatible/go.mod h1:b2aQJv3Z4Fp6yNu3cdSllBxTCLRxnplIgP/c0N/04lM= -github.com/gofrs/uuid v4.1.0+incompatible h1:sIa2eCvUTwgjbqXrPLfNwUf9S3i3mpH1O1atV+iL/Wk= github.com/gofrs/uuid v4.1.0+incompatible/go.mod h1:b2aQJv3Z4Fp6yNu3cdSllBxTCLRxnplIgP/c0N/04lM= +github.com/gofrs/uuid v4.2.0+incompatible h1:yyYWMnhkhrKwwr8gAOcOCYxOOscHgDS9yZgBrnJfGa0= +github.com/gofrs/uuid v4.2.0+incompatible/go.mod h1:b2aQJv3Z4Fp6yNu3cdSllBxTCLRxnplIgP/c0N/04lM= github.com/gogo/googleapis v1.1.0/go.mod h1:gf4bu3Q80BeJ6H1S1vYPm8/ELATdvryBaNFGgqEef3s= github.com/gogo/googleapis v1.2.0/go.mod h1:Njal3psf3qN6dwBtQfUmBZh2ybovJ0tlu3o/AC7HYjU= github.com/gogo/googleapis v1.4.0/go.mod h1:5YRNX2z1oM5gXdAkurHa942MDgEJyk02w4OecKY87+c= @@ -1088,8 +1094,6 @@ github.com/instana/go-sensor v1.41.1/go.mod h1:E42MelHWFz11qqaLwvgt0j98v2s2O/bq2 github.com/instana/testify v1.6.2-0.20200721153833-94b1851f4d65 h1:T25FL3WEzgmKB0m6XCJNZ65nw09/QIp3T1yXr487D+A= github.com/instana/testify v1.6.2-0.20200721153833-94b1851f4d65/go.mod h1:nYhEREG/B7HUY7P+LKOrqy53TpIqmJ9JyUShcaEKtGw= github.com/j-keck/arping v0.0.0-20160618110441-2cf9dc699c56/go.mod h1:ymszkNOg6tORTn+6F6j+Jc8TOr5osrynvN6ivFWZ2GA= -github.com/jackc/chunkreader v1.0.0 h1:4s39bBR8ByfqH+DKm8rQA3E1LHZWB9XWcrz8fqaZbe0= -github.com/jackc/chunkreader v1.0.0/go.mod h1:RT6O25fNZIuasFJRyZ4R/Y2BbhasbmZXF9QQ7T3kePo= github.com/jackc/chunkreader/v2 v2.0.0/go.mod h1:odVSm741yZoC3dpHEUXIqA9tQRhFrgOHwnPIn9lDKlk= github.com/jackc/chunkreader/v2 v2.0.1 h1:i+RDz65UE+mmpjTfyz0MoVTnzeYxroil2G82ki7MGG8= github.com/jackc/chunkreader/v2 v2.0.1/go.mod h1:odVSm741yZoC3dpHEUXIqA9tQRhFrgOHwnPIn9lDKlk= @@ -1101,44 +1105,22 @@ github.com/jackc/pgmock v0.0.0-20210724152146-4ad1a8207f65 h1:DadwsjnMwFjfWc9y5W github.com/jackc/pgmock v0.0.0-20210724152146-4ad1a8207f65/go.mod h1:5R2h2EEX+qri8jOWMbJCtaPWkrrNc7OHwsp2TCqp7ak= github.com/jackc/pgpassfile v1.0.0 h1:/6Hmqy13Ss2zCq62VdNG8tM1wchn8zjSGOBJ6icpsIM= github.com/jackc/pgpassfile v1.0.0/go.mod h1:CEx0iS5ambNFdcRtxPj5JhEz+xB6uRky5eyVu/W2HEg= -github.com/jackc/pgproto3 v1.1.0 h1:FYYE4yRw+AgI8wXIinMlNjBbp/UitDJwfj5LqqewP1A= -github.com/jackc/pgproto3 v1.1.0/go.mod h1:eR5FA3leWg7p9aeAqi37XOTgTIbkABlvcPB3E5rlc78= -github.com/jackc/pgproto3/v2 v2.0.0-alpha1.0.20190420180111-c116219b62db/go.mod h1:bhq50y+xrl9n5mRYyCBFKkpRVTLYJVWeCc+mEAI3yXA= -github.com/jackc/pgproto3/v2 v2.0.0-alpha1.0.20190609003834-432c2951c711/go.mod h1:uH0AWtUmuShn0bcesswc4aBTWGvw0cAxIJp+6OB//Wg= -github.com/jackc/pgproto3/v2 v2.0.1/go.mod h1:WfJCnwN3HIg9Ish/j3sgWXnAfK8A9Y0bwXYU5xKaEdA= -github.com/jackc/pgproto3/v2 v2.0.6/go.mod h1:WfJCnwN3HIg9Ish/j3sgWXnAfK8A9Y0bwXYU5xKaEdA= github.com/jackc/pgproto3/v2 v2.1.1/go.mod h1:WfJCnwN3HIg9Ish/j3sgWXnAfK8A9Y0bwXYU5xKaEdA= -github.com/jackc/pgproto3/v2 v2.2.0 h1:r7JypeP2D3onoQTCxWdTpCtJ4D+qpKr0TxvoyMhZ5ns= -github.com/jackc/pgproto3/v2 v2.2.0/go.mod h1:WfJCnwN3HIg9Ish/j3sgWXnAfK8A9Y0bwXYU5xKaEdA= +github.com/jackc/pgproto3/v2 v2.3.0 h1:brH0pCGBDkBW07HWlN/oSBXrmo3WB0UvZd1pIuDcL8Y= +github.com/jackc/pgproto3/v2 v2.3.0/go.mod h1:WfJCnwN3HIg9Ish/j3sgWXnAfK8A9Y0bwXYU5xKaEdA= github.com/jackc/pgservicefile v0.0.0-20200714003250-2b9c44734f2b h1:C8S2+VttkHFdOOCXJe+YGfa4vHYwlt4Zx+IVXQ97jYg= github.com/jackc/pgservicefile v0.0.0-20200714003250-2b9c44734f2b/go.mod h1:vsD4gTJCa9TptPL8sPkXrLZ+hDuNrZCnj29CQpr4X1E= -github.com/jackc/pgtype v0.0.0-20190421001408-4ed0de4755e0/go.mod h1:hdSHsc1V01CGwFsrv11mJRHWJ6aifDLfdV3aVjFF0zg= -github.com/jackc/pgtype v0.0.0-20190824184912-ab885b375b90/go.mod h1:KcahbBH1nCMSo2DXpzsoWOAfFkdEtEJpPbVLq8eE+mc= -github.com/jackc/pgtype v1.2.0/go.mod h1:5m2OfMh1wTK7x+Fk952IDmI4nw3nPrvtQdM0ZT4WpC0= -github.com/jackc/pgtype v1.3.1-0.20200510190516-8cd94a14c75a/go.mod h1:vaogEUkALtxZMCH411K+tKzNpwzCKU+AnPzBKZ+I+Po= -github.com/jackc/pgtype v1.3.1-0.20200606141011-f6355165a91c/go.mod h1:cvk9Bgu/VzJ9/lxTO5R5sf80p0DiucVtN7ZxvaC4GmQ= -github.com/jackc/pgtype v1.6.2/go.mod h1:JCULISAZBFGrHaOXIIFiyfzW5VY0GRitRr8NeJsrdig= github.com/jackc/pgtype v1.8.1-0.20210724151600-32e20a603178/go.mod h1:C516IlIV9NKqfsMCXTdChteoXmwgUceqaLfjg2e3NlM= github.com/jackc/pgtype v1.8.1/go.mod h1:LUMuVrfsFfdKGLw+AFFVv6KtHOFMwRgDDzBt76IqCA4= -github.com/jackc/pgtype v1.9.0 h1:/SH1RxEtltvJgsDqp3TbiTFApD3mey3iygpuEGeuBXk= -github.com/jackc/pgtype v1.9.0/go.mod h1:LUMuVrfsFfdKGLw+AFFVv6KtHOFMwRgDDzBt76IqCA4= -github.com/jackc/pgx/v4 v4.0.0-20190420224344-cc3461e65d96/go.mod h1:mdxmSJJuR08CZQyj1PVQBHy9XOp5p8/SHH6a0psbY9Y= -github.com/jackc/pgx/v4 v4.0.0-20190421002000-1b8f0016e912/go.mod h1:no/Y67Jkk/9WuGR0JG/JseM9irFbnEPbuWV2EELPNuM= -github.com/jackc/pgx/v4 v4.0.0-pre1.0.20190824185557-6972a5742186/go.mod h1:X+GQnOEnf1dqHGpw7JmHqHc1NxDoalibchSk9/RWuDc= -github.com/jackc/pgx/v4 v4.5.0/go.mod h1:EpAKPLdnTorwmPUUsqrPxy5fphV18j9q3wrfRXgo+kA= -github.com/jackc/pgx/v4 v4.6.1-0.20200510190926-94ba730bb1e9/go.mod h1:t3/cdRQl6fOLDxqtlyhe9UWgfIi9R8+8v8GKV5TRA/o= -github.com/jackc/pgx/v4 v4.6.1-0.20200606145419-4e5062306904/go.mod h1:ZDaNWkt9sW1JMiNn0kdYBaLelIhw7Pg4qd+Vk6tw7Hg= -github.com/jackc/pgx/v4 v4.10.1/go.mod h1:QlrWebbs3kqEZPHCTGyxecvzG6tvIsYu+A5b1raylkA= +github.com/jackc/pgtype v1.11.0 h1:u4uiGPz/1hryuXzyaBhSk6dnIyyG2683olG2OV+UUgs= +github.com/jackc/pgtype v1.11.0/go.mod h1:LUMuVrfsFfdKGLw+AFFVv6KtHOFMwRgDDzBt76IqCA4= github.com/jackc/pgx/v4 v4.12.1-0.20210724153913-640aa07df17c/go.mod h1:1QD0+tgSXP7iUjYm9C1NxKhny7lq6ee99u/z+IHFcgs= github.com/jackc/pgx/v4 v4.13.0/go.mod h1:9P4X524sErlaxj0XSGZk7s+LD0eOyu1ZDUrrpznYDF0= -github.com/jackc/pgx/v4 v4.14.0 h1:TgdrmgnM7VY72EuSQzBbBd4JA1RLqJolrw9nQVZABVc= -github.com/jackc/pgx/v4 v4.14.0/go.mod h1:jT3ibf/A0ZVCp89rtCIN0zCJxcE74ypROmHEZYsG/j8= -github.com/jackc/puddle v0.0.0-20190413234325-e4ced69a3a2b/go.mod h1:m4B5Dj62Y0fbyuIc15OsIqK0+JU8nkqQjsgx7dvjSWk= -github.com/jackc/puddle v0.0.0-20190608224051-11cab39313c9/go.mod h1:m4B5Dj62Y0fbyuIc15OsIqK0+JU8nkqQjsgx7dvjSWk= -github.com/jackc/puddle v1.1.0/go.mod h1:m4B5Dj62Y0fbyuIc15OsIqK0+JU8nkqQjsgx7dvjSWk= -github.com/jackc/puddle v1.1.1/go.mod h1:m4B5Dj62Y0fbyuIc15OsIqK0+JU8nkqQjsgx7dvjSWk= +github.com/jackc/pgx/v4 v4.16.0/go.mod h1:N0A9sFdWzkw/Jy1lwoiB64F2+ugFZi987zRxcPez/wI= +github.com/jackc/pgx/v4 v4.16.1 h1:JzTglcal01DrghUqt+PmzWsZx/Yh7SC/CTQmSBMTd0Y= +github.com/jackc/pgx/v4 v4.16.1/go.mod h1:SIhx0D5hoADaiXZVyv+3gSm3LCIIINTVO0PficsvWGQ= github.com/jackc/puddle v1.1.3/go.mod h1:m4B5Dj62Y0fbyuIc15OsIqK0+JU8nkqQjsgx7dvjSWk= -github.com/jackc/puddle v1.2.0/go.mod h1:m4B5Dj62Y0fbyuIc15OsIqK0+JU8nkqQjsgx7dvjSWk= +github.com/jackc/puddle v1.2.1/go.mod h1:m4B5Dj62Y0fbyuIc15OsIqK0+JU8nkqQjsgx7dvjSWk= github.com/jandelgado/gcov2lcov v1.0.4/go.mod h1:NnSxK6TMlg1oGDBfGelGbjgorT5/L3cchlbtgFYZSss= github.com/jandelgado/gcov2lcov v1.0.5 h1:rkBt40h0CVK4oCb8Dps950gvfd1rYvQ8+cWa346lVU0= github.com/jandelgado/gcov2lcov v1.0.5/go.mod h1:NnSxK6TMlg1oGDBfGelGbjgorT5/L3cchlbtgFYZSss= @@ -1160,17 +1142,17 @@ github.com/jhump/protoreflect v1.8.2/go.mod h1:7GcYQDdMU/O/BBrl/cX6PNHpXh6cenjd8 github.com/jinzhu/copier v0.3.5 h1:GlvfUwHk62RokgqVNvYsku0TATCF7bAHVwEXoBh3iJg= github.com/jinzhu/copier v0.3.5/go.mod h1:DfbEm0FYsaqBcKcFuvmOZb218JkPGtvSHsKg8S8hyyg= github.com/jinzhu/inflection v1.0.0/go.mod h1:h+uFLlag+Qp1Va5pdKtLDYj+kHp5pxUVkryuEj+Srlc= -github.com/jinzhu/now v1.1.1/go.mod h1:d3SSVoowX0Lcu0IBviAWJpolVfI5UJVZZ7cO71lE/z8= +github.com/jinzhu/now v1.1.4/go.mod h1:d3SSVoowX0Lcu0IBviAWJpolVfI5UJVZZ7cO71lE/z8= github.com/jmespath/go-jmespath v0.0.0-20160202185014-0b12d6b521d8/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k= github.com/jmespath/go-jmespath v0.0.0-20160803190731-bd40a432e4c7/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k= github.com/jmespath/go-jmespath v0.0.0-20180206201540-c2b33e8439af/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k= github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo= github.com/jmespath/go-jmespath/internal/testify v1.5.1/go.mod h1:L3OGu8Wl2/fWfCI6z80xFu9LTZmf1ZRjMHUOPmWr69U= github.com/jmhodges/clock v0.0.0-20160418191101-880ee4c33548/go.mod h1:hGT6jSUVzF6no3QaDSMLGLEHtHSBSefs+MgcDWnmhmo= -github.com/jmoiron/sqlx v1.3.1/go.mod h1:2BljVx/86SuTyjE+aPYlHCTNvZrnJXghYGpNiXLBMCQ= github.com/jmoiron/sqlx v1.3.3/go.mod h1:2BljVx/86SuTyjE+aPYlHCTNvZrnJXghYGpNiXLBMCQ= -github.com/jmoiron/sqlx v1.3.4 h1:wv+0IJZfL5z0uZoUjlpKgHkgaFSYD+r9CfrXjEXsO7w= github.com/jmoiron/sqlx v1.3.4/go.mod h1:2BljVx/86SuTyjE+aPYlHCTNvZrnJXghYGpNiXLBMCQ= +github.com/jmoiron/sqlx v1.3.5 h1:vFFPA71p1o5gAeqtEAwLU4dnX2napprKtHr7PYIcN3g= +github.com/jmoiron/sqlx v1.3.5/go.mod h1:nRVWtLre0KfCLJvgxzCsLVMogSvQ1zNJtpYr2Ccp0mQ= github.com/joeshaw/multierror v0.0.0-20140124173710-69b34d4ec901/go.mod h1:Z86h9688Y0wesXCyonoVr47MasHilkuLMqGhRZ4Hpak= github.com/joho/godotenv v1.3.0/go.mod h1:7hK45KPybAkOC6peb+G5yklZfMxEjkZhHbwpqxOKXbg= github.com/joho/godotenv v1.4.0 h1:3l4+N6zfMWnkbPEXKng2o2/MR5mSwTrBih4ZEkkz1lg= @@ -1234,21 +1216,17 @@ github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= github.com/kylelemons/go-gypsy v1.0.0/go.mod h1:chkXM0zjdpXOiqkCW1XcCHDfjfk14PH2KKkQWxfJUcU= github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+fNqagV/RAw= -github.com/leodido/go-urn v1.1.0/go.mod h1:+cyI34gQWZcE1eQU7NVgKkkzdXDQHr1dBMtdAPozLkw= github.com/leodido/go-urn v1.2.0 h1:hpXL4XnriNwQ/ABnpepYM/1vCLWNDfUNts8dX3xTG6Y= github.com/leodido/go-urn v1.2.0/go.mod h1:+8+nEpDfqqsY+g338gtMEUOtuK+4dEMhiQEgxpxOKII= github.com/letsencrypt/pkcs11key/v4 v4.0.0/go.mod h1:EFUvBDay26dErnNb70Nd0/VW3tJiIbETBPTl9ATXQag= github.com/lib/pq v0.0.0-20180327071824-d34b9ff171c2/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo= -github.com/lib/pq v1.0.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo= -github.com/lib/pq v1.1.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo= github.com/lib/pq v1.1.1/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo= github.com/lib/pq v1.2.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo= -github.com/lib/pq v1.3.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo= -github.com/lib/pq v1.10.0/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o= github.com/lib/pq v1.10.1/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o= github.com/lib/pq v1.10.2/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o= -github.com/lib/pq v1.10.4 h1:SO9z7FRPzA03QhHKJrH5BXA6HU1rS4V2nIVrrNC1iYk= github.com/lib/pq v1.10.4/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o= +github.com/lib/pq v1.10.6 h1:jbk+ZieJ0D7EVGJYpL9QTz7/YW6UHbmdnZWYyK5cdBs= +github.com/lib/pq v1.10.6/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o= github.com/lightstep/lightstep-tracer-common/golang/gogo v0.0.0-20190605223551-bc2310a04743/go.mod h1:qklhhLq1aX+mtWk9cPHPzaBjWImj5ULL6C7HFJtXQMM= github.com/lightstep/lightstep-tracer-go v0.18.1/go.mod h1:jlF1pusYV4pidLvZ+XD0UBX0ZE6WURAspgAczcDHrL4= github.com/looplab/fsm v0.1.0/go.mod h1:m2VaOfDHxqXBBMgc26m6yUOwkFn8H2AlJDE+jd/uafI= @@ -1294,9 +1272,7 @@ github.com/mattn/go-ieproxy v0.0.0-20190610004146-91bb50d98149/go.mod h1:31jz6HN github.com/mattn/go-isatty v0.0.3/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4= github.com/mattn/go-isatty v0.0.4/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4= github.com/mattn/go-isatty v0.0.5/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s= -github.com/mattn/go-isatty v0.0.7/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s= github.com/mattn/go-isatty v0.0.8/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s= -github.com/mattn/go-isatty v0.0.9/go.mod h1:YNRxwqDuOph6SZLI9vUUz6OYw3QyUt7WiY2yME+cCiQ= github.com/mattn/go-isatty v0.0.10/go.mod h1:qgIWMr58cqv1PHHyhnkY9lrL7etaEgOFcMEpPG5Rm84= github.com/mattn/go-isatty v0.0.11/go.mod h1:PhnuNfih5lzO57/f3n+odYbM4JtupLOxQOAqxQCu2WE= github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU= @@ -1362,6 +1338,7 @@ github.com/mitchellh/reflectwalk v1.0.2/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx github.com/moby/locker v1.0.1/go.mod h1:S7SDdo5zpBK84bzzVlKr2V0hz+7x9hWbYC/kq7oQppc= github.com/moby/sys/mountinfo v0.4.0/go.mod h1:rEr8tzG/lsIZHBtN/JjGG+LMYx9eXgW2JI+6q0qou+A= github.com/moby/sys/mountinfo v0.4.1/go.mod h1:rEr8tzG/lsIZHBtN/JjGG+LMYx9eXgW2JI+6q0qou+A= +github.com/moby/sys/mountinfo v0.5.0/go.mod h1:3bMD3Rg+zkqx8MRYPi7Pyb0Ie97QEBmdxbhnCLlSvSU= github.com/moby/sys/symlink v0.1.0/go.mod h1:GGDODQmbFOjFsXvfLVn3+ZRxkch54RkSiGqsZeMYowQ= github.com/moby/term v0.0.0-20200312100748-672ec06f55cd/go.mod h1:DdlQx2hp0Ss5/fLikoLlEeIYiATotOjgB//nb973jeo= github.com/moby/term v0.0.0-20201216013528-df9cb8a40635/go.mod h1:FBS0z0QWA44HXygs7VXDUOGoN/1TV3RuWkLO04am3wc= @@ -1448,8 +1425,9 @@ github.com/opencontainers/runc v0.1.1/go.mod h1:qT5XzbpPznkRYVz/mWwUaVBUv2rmF59P github.com/opencontainers/runc v1.0.0-rc8.0.20190926000215-3e425f80a8c9/go.mod h1:qT5XzbpPznkRYVz/mWwUaVBUv2rmF59PVA73FjuZG0U= github.com/opencontainers/runc v1.0.0-rc9/go.mod h1:qT5XzbpPznkRYVz/mWwUaVBUv2rmF59PVA73FjuZG0U= github.com/opencontainers/runc v1.0.0-rc93/go.mod h1:3NOsor4w32B2tC0Zbl8Knk4Wg84SM2ImC1fxBuqJ/H0= -github.com/opencontainers/runc v1.0.2 h1:opHZMaswlyxz1OuGpBE53Dwe4/xF7EZTY0A2L/FpCOg= github.com/opencontainers/runc v1.0.2/go.mod h1:aTaHFFwQXuA71CiyxOdFFIorAoemI04suvGRQFzWTD0= +github.com/opencontainers/runc v1.1.1 h1:PJ9DSs2sVwE0iVr++pAHE6QkS9tzcVWozlPifdwMgrU= +github.com/opencontainers/runc v1.1.1/go.mod h1:Tj1hFw6eFWp/o33uxGf5yF2BX5yz2Z6iptFpuvbbKqc= github.com/opencontainers/runtime-spec v0.1.2-0.20190507144316-5b71a03e2700/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= github.com/opencontainers/runtime-spec v1.0.1/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= github.com/opencontainers/runtime-spec v1.0.2-0.20190207185410-29686dbc5559/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= @@ -1460,6 +1438,7 @@ github.com/opencontainers/runtime-tools v0.0.0-20181011054405-1d69bd0f9c39/go.mo github.com/opencontainers/selinux v1.6.0/go.mod h1:VVGKuOLlE7v4PJyT6h7mNWvq1rzqiriPsEqVhc+svHE= github.com/opencontainers/selinux v1.8.0/go.mod h1:RScLhm78qiWa2gbVCcGkC7tCGdgk3ogry1nUQF8Evvo= github.com/opencontainers/selinux v1.8.2/go.mod h1:MUIHuUEvKB1wtJjQdOyYRgOnLD2xAPP8dBsCoU0KuF8= +github.com/opencontainers/selinux v1.10.0/go.mod h1:2i0OySw99QjzBBQByd1Gr9gSjvuho1lHsJxIJ3gGbJI= github.com/opentracing-contrib/go-observer v0.0.0-20170622124052-a52f23424492/go.mod h1:Ngi6UdF0k5OKD5t5wlmGhe/EDKPoUM3BXZSSfIuJbis= github.com/opentracing/basictracer-go v1.0.0/go.mod h1:QfBfYuafItcjQuMwinw9GhYKwFXS9KnPs5lxoYwgW74= github.com/opentracing/opentracing-go v1.0.2/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFStlNbqXla1AfSYxPUl2o= @@ -1473,8 +1452,8 @@ github.com/openzipkin/zipkin-go v0.4.0 h1:CtfRrOVZtbDj8rt1WXjklw0kqqJQwICrCKmlfU github.com/openzipkin/zipkin-go v0.4.0/go.mod h1:4c3sLeE8xjNqehmF5RpAFLPLJxXscc0R4l6Zg0P1tTQ= github.com/ory/analytics-go/v4 v4.0.3 h1:2zNBQLlm3UiD8U7DdUGLLUBm62ZA5GtbEJ3S5U+xEOI= github.com/ory/analytics-go/v4 v4.0.3/go.mod h1:A3Chm/3TmM8jw4nqRss+gFhAYHRI5j/HFYH3C1FRahU= -github.com/ory/dockertest/v3 v3.8.1 h1:vU/8d1We4qIad2YM0kOwRVtnyue7ExvacPiw1yDm17g= -github.com/ory/dockertest/v3 v3.8.1/go.mod h1:wSRQ3wmkz+uSARYMk7kVJFDBGm8x5gSxIhI7NDc+BAQ= +github.com/ory/dockertest/v3 v3.9.0 h1:U7M9FfYEwF4uqEE6WUSFs7K+Hvb31CsCX5uZUZD3olI= +github.com/ory/dockertest/v3 v3.9.0/go.mod h1:jgm0rnguArPXsVduy+oUjzFtD0Na+DDNbUl8W5v+ez8= github.com/ory/go-acc v0.2.6/go.mod h1:4Kb/UnPcT8qRAk3IAxta+hvVapdxTLWtrr7bFLlEgpw= github.com/ory/go-acc v0.2.8 h1:rOHHAPQjf0u7eHFGWpiXK+gIu/e0GRSJNr9pDukdNC4= github.com/ory/go-acc v0.2.8/go.mod h1:iCRZUdGb/7nqvSn8xWZkhfVrtXRZ9Wru2E5rabCjFPI= @@ -1496,8 +1475,8 @@ github.com/ory/sessions v1.2.2-0.20220110165800-b09c17334dc2 h1:zm6sDvHy/U9XrGpi github.com/ory/sessions v1.2.2-0.20220110165800-b09c17334dc2/go.mod h1:dk2InVEVJ0sfLlnXv9EAgkf6ecYs/i80K/zI+bUmuGM= github.com/ory/viper v1.7.5 h1:+xVdq7SU3e1vNaCsk/ixsfxE4zylk1TJUiJrY647jUE= github.com/ory/viper v1.7.5/go.mod h1:ypOuyJmEUb3oENywQZRgeAMwqgOyDqwboO1tj3DjTaM= -github.com/ory/x v0.0.392 h1:Cqm5wEXMT328/VJbZZftQosBS6x+V+s0RaHAWYpxlhM= -github.com/ory/x v0.0.392/go.mod h1:FRfCy/kGTj71VVJ8BpA8IX11H6hYqcHaJNyYnbZavjg= +github.com/ory/x v0.0.435 h1:I3GCfoU66VRkaNfX3l4eTF95MhFFkwTGd67ysBhaAHs= +github.com/ory/x v0.0.435/go.mod h1:x9jcXCDJ8nqeyWMT2FJIHKs1NOXfz3ikaArPKefFuus= github.com/otiai10/copy v1.2.0/go.mod h1:rrF5dJ5F0t/EWSYODDu4j9/vEeYHMkc8jt0zJChqQWw= github.com/otiai10/curr v0.0.0-20150429015615-9b4961190c95/go.mod h1:9qAhocn7zKJG+0mI8eUu6xqkFDYS2kb2saOteoSB3cE= github.com/otiai10/curr v1.0.0/go.mod h1:LskTG5wDwr8Rs+nNQ+1LlxRjAtTZZjtJW4rMXl6j4vs= @@ -1530,6 +1509,7 @@ github.com/phpdave11/gofpdi v1.0.13/go.mod h1:vBmVV0Do6hSBHC8uKUQ71JGW+ZGQq74llk github.com/pierrec/lz4 v1.0.2-0.20190131084431-473cd7ce01a1/go.mod h1:3/3N9NVKO0jef7pBehbT1qWhCMrIgbYNnFAZCqQ5LRc= github.com/pierrec/lz4 v2.0.5+incompatible/go.mod h1:pdkljMzZIN41W+lC3N2tnIh5sFi+IEE17M5jbnwPHcY= github.com/pierrec/lz4 v2.6.1+incompatible/go.mod h1:pdkljMzZIN41W+lC3N2tnIh5sFi+IEE17M5jbnwPHcY= +github.com/pierrre/gotestcover v0.0.0-20160517101806-924dca7d15f0/go.mod h1:4xpMLz7RBWyB+ElzHu8Llua96TRCB3YwX+l5EP1wmHk= github.com/pkg/diff v0.0.0-20200914180035-5b29258ca4f7/go.mod h1:zO8QMzTeZd5cpnIkz/Gn6iK0jDfGicM1nynOkkPIl28= github.com/pkg/diff v0.0.0-20210226163009-20ebb0f2a09e h1:aoZm08cpOy4WuID//EZDgcC4zIxODThtZNPirFr42+A= github.com/pkg/diff v0.0.0-20210226163009-20ebb0f2a09e/go.mod h1:pJLUxLENpZxwdsKMEsNbx1VGcRFpLqf3715MtcvvzbA= @@ -1615,6 +1595,7 @@ github.com/rivo/uniseg v0.2.0 h1:S1pD9weZBuJdFmowNwbpi7BJ8TNftyUImj/0WQi72jY= github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc= github.com/rjeczalik/notify v0.0.0-20181126183243-629144ba06a1 h1:FLWDC+iIP9BWgYKvWKKtOUZux35LIQNAuIzp/63RQJU= github.com/rjeczalik/notify v0.0.0-20181126183243-629144ba06a1/go.mod h1:aErll2f0sUX9PXZnVNyeiObbmTlk5jnMoCa4QEjJeqM= +github.com/robertkrimen/godocdown v0.0.0-20130622164427-0bfa04905481/go.mod h1:C9WhFzY47SzYBIvzFqSvHIR6ROgDo4TtdTuRaOMjF/s= github.com/rogpeppe/fastuuid v0.0.0-20150106093220-6724a57986af/go.mod h1:XWv6SoW27p1b0cqNHllgS5HIMJraePCO15w5zCzIWYg= github.com/rogpeppe/fastuuid v1.1.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ= github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ= @@ -1626,10 +1607,9 @@ github.com/rogpeppe/go-internal v1.6.2/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTE github.com/rogpeppe/go-internal v1.8.0 h1:FCbCCtXNOY3UtUuHUYaghJg4y7Fd14rXifAYUAtL9R8= github.com/rogpeppe/go-internal v1.8.0/go.mod h1:WmiCO8CzOY8rg0OYDC4/i/2WRWAB6poM+XZ2dLUbcbE= github.com/rs/cors v1.7.0/go.mod h1:gFx+x8UowdsKA9AchylcLynDq+nNFfI8FkUZdN/jGCU= -github.com/rs/cors v1.8.0 h1:P2KMzcFwrPoSjkF1WLRPsp3UMLyql8L4v9hQpVeK5so= -github.com/rs/cors v1.8.0/go.mod h1:EBwu+T5AvHOcXwvZIkQFjUN6s8Czyqw12GL/Y0tUyRM= +github.com/rs/cors v1.8.2 h1:KCooALfAYGs415Cwu5ABvv9n9509fSiG5SQJn/AQo4U= +github.com/rs/cors v1.8.2/go.mod h1:XyqrcTp5zjWr1wsJ8PIRZssZ8b/WMcMf71DJnit4EMU= github.com/rs/xid v1.2.1/go.mod h1:+uKXf+4Djp6Md1KODXJxgGQPKngRmWyn10oCKFzNHOQ= -github.com/rs/zerolog v1.13.0/go.mod h1:YbFCdg8HfsridGWAh22vktObvhZbQsZXe4/zB0OKkWU= github.com/rs/zerolog v1.15.0/go.mod h1:xYTKnLHcpfU2225ny5qZjxnj9NvkumZYjJHlAThCjNc= github.com/russross/blackfriday v1.5.2 h1:HyvC0ARfnZBqnXwABFeSZHpKvJHJJfPz81GNueLj0oo= github.com/russross/blackfriday v1.5.2/go.mod h1:JO/DiYxRf+HjHt06OyowR9PTA263kcR/rfWxYHBV53g= @@ -1652,6 +1632,7 @@ github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529/go.mod h1:DxrIzT+xaE7yg github.com/seatgeek/logrus-gelf-formatter v0.0.0-20210414080842-5b05eb8ff761 h1:0b8DF5kR0PhRoRXDiEEdzrgBc8UqVY4JWLkQJCRsLME= github.com/seatgeek/logrus-gelf-formatter v0.0.0-20210414080842-5b05eb8ff761/go.mod h1:/THDZYi7F/BsVEcYzYPqdcWFQ+1C2InkawTKfLOAnzg= github.com/seccomp/libseccomp-golang v0.9.1/go.mod h1:GbW5+tmTXfcxTToHLXlScSlAvWlF4P2Ca7zGrPiEpWo= +github.com/seccomp/libseccomp-golang v0.9.2-0.20210429002308-3879420cc921/go.mod h1:JA8cRccbGaA1s33RQf7Y1+q9gHmZX1yB/z9WDN1C6fg= github.com/segmentio/analytics-go v3.1.0+incompatible/go.mod h1:C7CYBtQWk4vRk2RyLu0qOcbHJ18E3F1HV2C/8JvKN48= github.com/segmentio/backo-go v0.0.0-20200129164019-23eae7c10bd3 h1:ZuhckGJ10ulaKkdvJtiAqsLTiPrLaXSdnVgXJKJkTxE= github.com/segmentio/backo-go v0.0.0-20200129164019-23eae7c10bd3/go.mod h1:9/Rh6yILuLysoQnZ2oNooD2g7aBnvM7r/fNVxRNWfBc= @@ -1662,10 +1643,9 @@ github.com/sergi/go-diff v1.0.0/go.mod h1:0CfEIISq7TuYL3j771MWULgwwjU+GofnZX9QAm github.com/sergi/go-diff v1.1.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNXdaHfM= github.com/sergi/go-diff v1.2.0 h1:XU+rvMAioB0UC3q1MFrIQy4Vo5/4VsRDQQXHsEya6xQ= github.com/sergi/go-diff v1.2.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNXdaHfM= -github.com/shopspring/decimal v0.0.0-20180709203117-cd690d0c9e24/go.mod h1:M+9NzErvs504Cn4c5DxATwIqPbtswREoFCre64PpcG4= -github.com/shopspring/decimal v0.0.0-20200227202807-02e2044944cc/go.mod h1:DKyhrW/HYNuLGql+MJL6WCR6knT2jwCFRcu2hWCYk4o= -github.com/shopspring/decimal v1.2.0 h1:abSATXmQEYyShuxI4/vyW3tV1MrKAJzCZ/0zLUXYbsQ= github.com/shopspring/decimal v1.2.0/go.mod h1:DKyhrW/HYNuLGql+MJL6WCR6knT2jwCFRcu2hWCYk4o= +github.com/shopspring/decimal v1.3.1 h1:2Usl1nmF/WZucqkFZhnfFYxxxu8LG21F6nPQBE5gKV8= +github.com/shopspring/decimal v1.3.1/go.mod h1:DKyhrW/HYNuLGql+MJL6WCR6knT2jwCFRcu2hWCYk4o= github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc= github.com/sirupsen/logrus v1.0.4-0.20170822132746-89742aefa4b2/go.mod h1:pMByvHTf9Beacp5x1UXfOR9xyW/9antXMhjMPG0dEzc= github.com/sirupsen/logrus v1.0.6/go.mod h1:pMByvHTf9Beacp5x1UXfOR9xyW/9antXMhjMPG0dEzc= @@ -1794,13 +1774,10 @@ github.com/tomasen/realip v0.0.0-20180522021738-f0c99a92ddce/go.mod h1:o8v6yHRoi github.com/toqueteos/webbrowser v1.2.0 h1:tVP/gpK69Fx+qMJKsLE7TD8LuGWPnEV71wBN9rrstGQ= github.com/toqueteos/webbrowser v1.2.0/go.mod h1:XWoZq4cyp9WeUeak7w7LXRUQf1F1ATJMir8RTqb4ayM= github.com/tv42/httpunix v0.0.0-20150427012821-b75d8614f926/go.mod h1:9ESjWnEqriFuLhtthL60Sar/7RFoluCcXsuvEwTV5KM= -github.com/tv42/httpunix v0.0.0-20191220191345-2ba4b9c3382c/go.mod h1:hzIxponao9Kjc7aWznkXaL4U4TWaDSs8zcsY4Ka08nM= github.com/uber/jaeger-client-go v2.30.0+incompatible/go.mod h1:WVhlPFC8FDjOFMMWRy2pZqQJSXxYSwNYOkTr/Z6d3Kk= github.com/uber/jaeger-lib v2.4.1+incompatible/go.mod h1:ComeNDZlWwrWnDv8aPp0Ba6+uUTzImX/AauajbLI56U= github.com/ugorji/go v1.1.4/go.mod h1:uQMGLiO92mf5W77hV/PUCpI3pbzQx3CRekS0kk+RGrc= -github.com/ugorji/go v1.1.7/go.mod h1:kZn38zHttfInRq0xu/PH0az30d+z6vm202qpg1oXVMw= github.com/ugorji/go/codec v0.0.0-20181204163529-d75b2dcb6bc8/go.mod h1:VFNgLljTbGfSG7qAOspJ7OScBnGdDN/yBr0sguwnwf0= -github.com/ugorji/go/codec v1.1.7/go.mod h1:Ax+UKWsSmolVDwsd+7N3ZtXu+yMGCf907BLYF3GoBXY= github.com/ulikunitz/xz v0.5.6/go.mod h1:2bypXElzHzzJZwzH67Y6wb67pO62Rzfn7BSiF4ABRW8= github.com/ulikunitz/xz v0.5.7/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14= github.com/urfave/cli v0.0.0-20171014202726-7bc6a0acffa5/go.mod h1:70zkFmudgCuE/ngEzBv17Jvp/497gISqfk5gWijbERA= @@ -1977,7 +1954,6 @@ go.uber.org/multierr v1.6.0/go.mod h1:cdWPpRnG4AhwMwsgIHip0KRBQjJy5kYEpYjJxpXp9i go.uber.org/multierr v1.7.0 h1:zaiO/rmgFjbmCXdSYJWQcdvOCsthmdaHfr3Gm2Kx4Ec= go.uber.org/multierr v1.7.0/go.mod h1:7EAYxJLBy9rStEaz58O2t4Uvip6FSURkq8/ppBp95ak= go.uber.org/tools v0.0.0-20190618225709-2cfd321de3ee/go.mod h1:vJERXedbb3MVM5f9Ejo0C68/HhF8uaILCdgjnY+goOA= -go.uber.org/zap v1.9.1/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q= go.uber.org/zap v1.10.0/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q= go.uber.org/zap v1.13.0/go.mod h1:zwrFLgMcdUuIBviXEYEH1YKNaOBnKXsx2IPda5bBwHM= go.uber.org/zap v1.16.0/go.mod h1:MA8QOfq0BHJwdXa996Y4dYkAqRKB8/1K1QMMZVaNZjQ= @@ -2022,8 +1998,9 @@ golang.org/x/crypto v0.0.0-20210711020723-a769d52b0f97/go.mod h1:GvvjBRRGRdwPK5y golang.org/x/crypto v0.0.0-20210817164053-32db794688a5/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.0.0-20210920023735-84f357641f63/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= -golang.org/x/crypto v0.0.0-20211108221036-ceb1ce70b4fa h1:idItI2DDfCokpg0N51B2VtiLdJ4vAuXC9fnCb2gACo4= golang.org/x/crypto v0.0.0-20211108221036-ceb1ce70b4fa/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= +golang.org/x/crypto v0.0.0-20220517005047-85d78b3ac167 h1:O8uGbHCqlTp2P6QJSLmCojM4mN6UemYv8K+dCnmHmu0= +golang.org/x/crypto v0.0.0-20220517005047-85d78b3ac167/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/exp v0.0.0-20180321215751-8460e604b9de/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20180807140117-3d87b88a115f/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= @@ -2148,8 +2125,8 @@ golang.org/x/net v0.0.0-20210805182204-aaa1db679c0d/go.mod h1:9nx3DQGgdP8bBQD5qx golang.org/x/net v0.0.0-20210813160813-60bc85c4be6d/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20210917221730-978cfadd31cf/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20211015210444-4f30a5c0130f/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= -golang.org/x/net v0.0.0-20211020060615-d418f374d309 h1:A0lJIi+hcTR6aajJH4YqKWwohY4aW9RO7oRMcdv+HKI= -golang.org/x/net v0.0.0-20211020060615-d418f374d309/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= +golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2 h1:CIJ76btIcR3eFI5EgSo6k1qKw9KJexJuRLI9G7Hp5wE= +golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20181106182150-f42d05182288/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= @@ -2245,7 +2222,6 @@ golang.org/x/tools v0.0.0-20190624222133-a101b041ded4/go.mod h1:/rFqwRUd4F7ZHNgw golang.org/x/tools v0.0.0-20190628153133-6cdbf07be9d0/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= golang.org/x/tools v0.0.0-20190729092621-ff9f1409240a/go.mod h1:jcCCGcm9btYwXyDqrUWc6MKQKKGJCWEQ3AfLSRIbEuI= golang.org/x/tools v0.0.0-20190816200558-6889da9d5479/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20190823170909-c4a336ef6a2f/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20190907020128-2ca718005c18/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20190911174233-4f2ddba30aff/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20190927191325-030b2cf1153e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= @@ -2305,7 +2281,6 @@ golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.7/go.mod h1:LGqMHiF4EqQNHR1JncWGqT5BVaXmza+X+BDGol+dOxo= golang.org/x/tools v0.1.10 h1:QjFRCZxdOhBJ/UNgnBZLbNV13DlbnK0quyivTnXJM20= golang.org/x/tools v0.1.10/go.mod h1:Uh6Zz+xoGYZom868N8YTex3t7RhtHDBrE8Gzo9bV56E= -golang.org/x/xerrors v0.0.0-20190410155217-1f06c39b4373/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= @@ -2534,7 +2509,6 @@ gopkg.in/gcfg.v1 v1.2.3/go.mod h1:yesOnuUOFQAhST5vPY4nbZsb/huCgGGXlipJsBn0b3o= gopkg.in/gemnasium/logrus-airbrake-hook.v2 v2.1.2/go.mod h1:Xk6kEKp8OKb+X14hQBKWaSkCsqBpgog8nAV2xsGOxlo= gopkg.in/go-playground/assert.v1 v1.2.1/go.mod h1:9RXL0bg/zibRAgZUYszZSwO/z8Y/a8bDuhia5mkpMnE= gopkg.in/go-playground/mold.v2 v2.2.0/go.mod h1:XMyyRsGtakkDPbxXbrA5VODo6bUXyvoDjLd5l3T0XoA= -gopkg.in/go-playground/validator.v9 v9.29.1/go.mod h1:+c9/zcJMFNgbLvly1L1V+PpxWdVbfP1avr/N00E2vyQ= gopkg.in/inconshreveable/log15.v2 v2.0.0-20180818164646-67afb5ed74ec/go.mod h1:aPpfJ7XW+gOuirDoZ8gHhLh3kZ1B08FtV2bbmy7Jv3s= gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= gopkg.in/ini.v1 v1.51.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= @@ -2575,14 +2549,15 @@ gopkg.in/yaml.v3 v3.0.0-20200605160147-a5ece683394c/go.mod h1:K4uyk7z7BCEPqu6E+C gopkg.in/yaml.v3 v3.0.0-20200615113413-eeeca48fe776/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b h1:h8qDotaEPuJATrMmW04NCwg7v22aHH28wwpauUhK9Oo= gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -gorm.io/driver/postgres v1.0.8/go.mod h1:4eOzrI1MUfm6ObJU/UcmbXyiHSs8jSwH95G5P5dxcAg= -gorm.io/gorm v1.20.12/go.mod h1:0HFTzE/SqkGTzK6TlDPPQbAYCluiVvhzoA1+aVyzenw= -gorm.io/gorm v1.21.4/go.mod h1:0HFTzE/SqkGTzK6TlDPPQbAYCluiVvhzoA1+aVyzenw= +gorm.io/driver/postgres v1.3.5/go.mod h1:EGCWefLFQSVFrHGy4J8EtiHCWX5Q8t0yz2Jt9aKkGzU= +gorm.io/gorm v1.23.4/go.mod h1:l2lP/RyAtc1ynaTjFksBde/O8v9oOGIApu2/xRitmZk= +gorm.io/gorm v1.23.5/go.mod h1:l2lP/RyAtc1ynaTjFksBde/O8v9oOGIApu2/xRitmZk= gotest.tools v2.2.0+incompatible h1:VsBPFP1AI068pPrMxtb/S8Zkgf9xEmTLJjfM+P5UIEo= gotest.tools v2.2.0+incompatible/go.mod h1:DsYFclhRJ6vuDpmuTbkuFWG+y2sxOXAzmJt81HFBacw= gotest.tools/v3 v3.0.2/go.mod h1:3SzNCllyD9/Y+b5r9JIKQ474KzkZyqLqEfYqMsX94Bk= -gotest.tools/v3 v3.0.3 h1:4AuOwCGf4lLR9u3YOe2awrHygurzhO/HeQ6laiA6Sx0= gotest.tools/v3 v3.0.3/go.mod h1:Z7Lb0S5l+klDB31fvDQX8ss/FlKDxtlFlw3Oa8Ymbl8= +gotest.tools/v3 v3.2.0 h1:I0DwBVMGAx26dttAj1BtJLAkVGncrkkUXfJLC4Flt/I= +gotest.tools/v3 v3.2.0/go.mod h1:Mcr9QNxkg0uMvy/YElmo4SpXgJKWgQvYrT7Kw5RzJ1A= honnef.co/go/tools v0.0.0-20180728063816-88497007e858/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= diff --git a/x/pagination.go b/x/pagination.go index 8acd01f26990..a0ccab0b01ec 100644 --- a/x/pagination.go +++ b/x/pagination.go @@ -22,6 +22,11 @@ type PaginationParams struct { // Pagination Page // + // This value is currently an integer, but it is not sequential. The value is not the page number, but a + // reference. The next page can be any number and some numbers might return an empty list. + // + // For example, page 2 might not follow after page 1. And even if page 3 and 5 exist, but page 4 might not exist. + // // required: false // in: query // default: 1 From 5cc3201b1fa527fe38905d013fba1e4e2b07ecf6 Mon Sep 17 00:00:00 2001 From: ory-bot <60093411+ory-bot@users.noreply.github.com> Date: Sat, 16 Jul 2022 08:52:01 +0000 Subject: [PATCH 141/411] autogen(openapi): regenerate swagger spec and internal client [skip ci] --- internal/httpclient/api/openapi.yaml | 40 +++++++++++++++++++++---- internal/httpclient/docs/Pagination.md | 2 +- internal/httpclient/docs/V0alpha2Api.md | 16 +++++----- internal/httpclient/model_pagination.go | 2 +- spec/api.json | 10 +++---- spec/swagger.json | 10 +++---- 6 files changed, 55 insertions(+), 25 deletions(-) diff --git a/internal/httpclient/api/openapi.yaml b/internal/httpclient/api/openapi.yaml index a2dd7ecd5053..f37e2b7c9b8b 100644 --- a/internal/httpclient/api/openapi.yaml +++ b/internal/httpclient/api/openapi.yaml @@ -60,7 +60,13 @@ paths: minimum: 1 type: integer style: form - - description: Pagination Page + - description: |- + Pagination Page + + This value is currently an integer, but it is not sequential. The value is not the page number, but a + reference. The next page can be any number and some numbers might return an empty list. + + For example, page 2 might not follow after page 1. And even if page 3 and 5 exist, but page 4 might not exist. explode: true in: query name: page @@ -356,7 +362,13 @@ paths: minimum: 1 type: integer style: form - - description: Pagination Page + - description: |- + Pagination Page + + This value is currently an integer, but it is not sequential. The value is not the page number, but a + reference. The next page can be any number and some numbers might return an empty list. + + For example, page 2 might not follow after page 1. And even if page 3 and 5 exist, but page 4 might not exist. explode: true in: query name: page @@ -574,7 +586,13 @@ paths: minimum: 1 type: integer style: form - - description: Pagination Page + - description: |- + Pagination Page + + This value is currently an integer, but it is not sequential. The value is not the page number, but a + reference. The next page can be any number and some numbers might return an empty list. + + For example, page 2 might not follow after page 1. And even if page 3 and 5 exist, but page 4 might not exist. explode: true in: query name: page @@ -2482,7 +2500,13 @@ paths: minimum: 1 type: integer style: form - - description: Pagination Page + - description: |- + Pagination Page + + This value is currently an integer, but it is not sequential. The value is not the page number, but a + reference. The next page can be any number and some numbers might return an empty list. + + For example, page 2 might not follow after page 1. And even if page 3 and 5 exist, but page 4 might not exist. explode: true in: query name: page @@ -3414,7 +3438,13 @@ components: properties: page: default: 1 - description: Pagination Page + description: |- + Pagination Page + + This value is currently an integer, but it is not sequential. The value is not the page number, but a + reference. The next page can be any number and some numbers might return an empty list. + + For example, page 2 might not follow after page 1. And even if page 3 and 5 exist, but page 4 might not exist. format: int64 minimum: 1 type: integer diff --git a/internal/httpclient/docs/Pagination.md b/internal/httpclient/docs/Pagination.md index 55f471f672ab..d7a5b5c4b032 100644 --- a/internal/httpclient/docs/Pagination.md +++ b/internal/httpclient/docs/Pagination.md @@ -4,7 +4,7 @@ Name | Type | Description | Notes ------------ | ------------- | ------------- | ------------- -**Page** | Pointer to **int64** | Pagination Page | [optional] [default to 1] +**Page** | Pointer to **int64** | Pagination Page This value is currently an integer, but it is not sequential. The value is not the page number, but a reference. The next page can be any number and some numbers might return an empty list. For example, page 2 might not follow after page 1. And even if page 3 and 5 exist, but page 4 might not exist. | [optional] [default to 1] **PerPage** | Pointer to **int64** | Items per Page This is the number of items per page. | [optional] [default to 250] ## Methods diff --git a/internal/httpclient/docs/V0alpha2Api.md b/internal/httpclient/docs/V0alpha2Api.md index ab31a1e2c483..8c5405f5db0a 100644 --- a/internal/httpclient/docs/V0alpha2Api.md +++ b/internal/httpclient/docs/V0alpha2Api.md @@ -479,7 +479,7 @@ import ( func main() { perPage := int64(789) // int64 | Items per Page This is the number of items per page. (optional) (default to 250) - page := int64(789) // int64 | Pagination Page (optional) (default to 1) + page := int64(789) // int64 | Pagination Page This value is currently an integer, but it is not sequential. The value is not the page number, but a reference. The next page can be any number and some numbers might return an empty list. For example, page 2 might not follow after page 1. And even if page 3 and 5 exist, but page 4 might not exist. (optional) (default to 1) configuration := openapiclient.NewConfiguration() apiClient := openapiclient.NewAPIClient(configuration) @@ -505,7 +505,7 @@ Other parameters are passed through a pointer to a apiAdminListIdentitiesRequest Name | Type | Description | Notes ------------- | ------------- | ------------- | ------------- **perPage** | **int64** | Items per Page This is the number of items per page. | [default to 250] - **page** | **int64** | Pagination Page | [default to 1] + **page** | **int64** | Pagination Page This value is currently an integer, but it is not sequential. The value is not the page number, but a reference. The next page can be any number and some numbers might return an empty list. For example, page 2 might not follow after page 1. And even if page 3 and 5 exist, but page 4 might not exist. | [default to 1] ### Return type @@ -548,7 +548,7 @@ import ( func main() { id := "id_example" // string | ID is the identity's ID. perPage := int64(789) // int64 | Items per Page This is the number of items per page. (optional) (default to 250) - page := int64(789) // int64 | Pagination Page (optional) (default to 1) + page := int64(789) // int64 | Pagination Page This value is currently an integer, but it is not sequential. The value is not the page number, but a reference. The next page can be any number and some numbers might return an empty list. For example, page 2 might not follow after page 1. And even if page 3 and 5 exist, but page 4 might not exist. (optional) (default to 1) active := true // bool | Active is a boolean flag that filters out sessions based on the state. If no value is provided, all sessions are returned. (optional) configuration := openapiclient.NewConfiguration() @@ -580,7 +580,7 @@ Name | Type | Description | Notes ------------- | ------------- | ------------- | ------------- **perPage** | **int64** | Items per Page This is the number of items per page. | [default to 250] - **page** | **int64** | Pagination Page | [default to 1] + **page** | **int64** | Pagination Page This value is currently an integer, but it is not sequential. The value is not the page number, but a reference. The next page can be any number and some numbers might return an empty list. For example, page 2 might not follow after page 1. And even if page 3 and 5 exist, but page 4 might not exist. | [default to 1] **active** | **bool** | Active is a boolean flag that filters out sessions based on the state. If no value is provided, all sessions are returned. | ### Return type @@ -1953,7 +1953,7 @@ import ( func main() { perPage := int64(789) // int64 | Items per Page This is the number of items per page. (optional) (default to 250) - page := int64(789) // int64 | Pagination Page (optional) (default to 1) + page := int64(789) // int64 | Pagination Page This value is currently an integer, but it is not sequential. The value is not the page number, but a reference. The next page can be any number and some numbers might return an empty list. For example, page 2 might not follow after page 1. And even if page 3 and 5 exist, but page 4 might not exist. (optional) (default to 1) configuration := openapiclient.NewConfiguration() apiClient := openapiclient.NewAPIClient(configuration) @@ -1979,7 +1979,7 @@ Other parameters are passed through a pointer to a apiListIdentitySchemasRequest Name | Type | Description | Notes ------------- | ------------- | ------------- | ------------- **perPage** | **int64** | Items per Page This is the number of items per page. | [default to 250] - **page** | **int64** | Pagination Page | [default to 1] + **page** | **int64** | Pagination Page This value is currently an integer, but it is not sequential. The value is not the page number, but a reference. The next page can be any number and some numbers might return an empty list. For example, page 2 might not follow after page 1. And even if page 3 and 5 exist, but page 4 might not exist. | [default to 1] ### Return type @@ -2023,7 +2023,7 @@ func main() { xSessionToken := "xSessionToken_example" // string | Set the Session Token when calling from non-browser clients. A session token has a format of `MP2YWEMeM8MxjkGKpH4dqOQ4Q4DlSPaj`. (optional) cookie := "cookie_example" // string | Set the Cookie Header. This is especially useful when calling this endpoint from a server-side application. In that scenario you must include the HTTP Cookie Header which originally was included in the request to your server. An example of a session in the HTTP Cookie Header is: `ory_kratos_session=a19iOVAbdzdgl70Rq1QZmrKmcjDtdsviCTZx7m9a9yHIUS8Wa9T7hvqyGTsLHi6Qifn2WUfpAKx9DWp0SJGleIn9vh2YF4A16id93kXFTgIgmwIOvbVAScyrx7yVl6bPZnCx27ec4WQDtaTewC1CpgudeDV2jQQnSaCP6ny3xa8qLH-QUgYqdQuoA_LF1phxgRCUfIrCLQOkolX5nv3ze_f==`. It is ok if more than one cookie are included here as all other cookies will be ignored. (optional) perPage := int64(789) // int64 | Items per Page This is the number of items per page. (optional) (default to 250) - page := int64(789) // int64 | Pagination Page (optional) (default to 1) + page := int64(789) // int64 | Pagination Page This value is currently an integer, but it is not sequential. The value is not the page number, but a reference. The next page can be any number and some numbers might return an empty list. For example, page 2 might not follow after page 1. And even if page 3 and 5 exist, but page 4 might not exist. (optional) (default to 1) configuration := openapiclient.NewConfiguration() apiClient := openapiclient.NewAPIClient(configuration) @@ -2051,7 +2051,7 @@ Name | Type | Description | Notes **xSessionToken** | **string** | Set the Session Token when calling from non-browser clients. A session token has a format of `MP2YWEMeM8MxjkGKpH4dqOQ4Q4DlSPaj`. | **cookie** | **string** | Set the Cookie Header. This is especially useful when calling this endpoint from a server-side application. In that scenario you must include the HTTP Cookie Header which originally was included in the request to your server. An example of a session in the HTTP Cookie Header is: `ory_kratos_session=a19iOVAbdzdgl70Rq1QZmrKmcjDtdsviCTZx7m9a9yHIUS8Wa9T7hvqyGTsLHi6Qifn2WUfpAKx9DWp0SJGleIn9vh2YF4A16id93kXFTgIgmwIOvbVAScyrx7yVl6bPZnCx27ec4WQDtaTewC1CpgudeDV2jQQnSaCP6ny3xa8qLH-QUgYqdQuoA_LF1phxgRCUfIrCLQOkolX5nv3ze_f==`. It is ok if more than one cookie are included here as all other cookies will be ignored. | **perPage** | **int64** | Items per Page This is the number of items per page. | [default to 250] - **page** | **int64** | Pagination Page | [default to 1] + **page** | **int64** | Pagination Page This value is currently an integer, but it is not sequential. The value is not the page number, but a reference. The next page can be any number and some numbers might return an empty list. For example, page 2 might not follow after page 1. And even if page 3 and 5 exist, but page 4 might not exist. | [default to 1] ### Return type diff --git a/internal/httpclient/model_pagination.go b/internal/httpclient/model_pagination.go index d880e74dd284..dc3ebf3ab413 100644 --- a/internal/httpclient/model_pagination.go +++ b/internal/httpclient/model_pagination.go @@ -17,7 +17,7 @@ import ( // Pagination struct for Pagination type Pagination struct { - // Pagination Page + // Pagination Page This value is currently an integer, but it is not sequential. The value is not the page number, but a reference. The next page can be any number and some numbers might return an empty list. For example, page 2 might not follow after page 1. And even if page 3 and 5 exist, but page 4 might not exist. Page *int64 `json:"page,omitempty"` // Items per Page This is the number of items per page. PerPage *int64 `json:"per_page,omitempty"` diff --git a/spec/api.json b/spec/api.json index a09af86ba689..19241a7c8969 100755 --- a/spec/api.json +++ b/spec/api.json @@ -639,7 +639,7 @@ "properties": { "page": { "default": 1, - "description": "Pagination Page", + "description": "Pagination Page\n\nThis value is currently an integer, but it is not sequential. The value is not the page number, but a\nreference. The next page can be any number and some numbers might return an empty list.\n\nFor example, page 2 might not follow after page 1. And even if page 3 and 5 exist, but page 4 might not exist.", "format": "int64", "minimum": 1, "type": "integer" @@ -2299,7 +2299,7 @@ } }, { - "description": "Pagination Page", + "description": "Pagination Page\n\nThis value is currently an integer, but it is not sequential. The value is not the page number, but a\nreference. The next page can be any number and some numbers might return an empty list.\n\nFor example, page 2 might not follow after page 1. And even if page 3 and 5 exist, but page 4 might not exist.", "in": "query", "name": "page", "schema": { @@ -2708,7 +2708,7 @@ } }, { - "description": "Pagination Page", + "description": "Pagination Page\n\nThis value is currently an integer, but it is not sequential. The value is not the page number, but a\nreference. The next page can be any number and some numbers might return an empty list.\n\nFor example, page 2 might not follow after page 1. And even if page 3 and 5 exist, but page 4 might not exist.", "in": "query", "name": "page", "schema": { @@ -3032,7 +3032,7 @@ } }, { - "description": "Pagination Page", + "description": "Pagination Page\n\nThis value is currently an integer, but it is not sequential. The value is not the page number, but a\nreference. The next page can be any number and some numbers might return an empty list.\n\nFor example, page 2 might not follow after page 1. And even if page 3 and 5 exist, but page 4 might not exist.", "in": "query", "name": "page", "schema": { @@ -4918,7 +4918,7 @@ } }, { - "description": "Pagination Page", + "description": "Pagination Page\n\nThis value is currently an integer, but it is not sequential. The value is not the page number, but a\nreference. The next page can be any number and some numbers might return an empty list.\n\nFor example, page 2 might not follow after page 1. And even if page 3 and 5 exist, but page 4 might not exist.", "in": "query", "name": "page", "schema": { diff --git a/spec/swagger.json b/spec/swagger.json index ce615a5de29c..d5eb0261603d 100755 --- a/spec/swagger.json +++ b/spec/swagger.json @@ -79,7 +79,7 @@ "type": "integer", "format": "int64", "default": 1, - "description": "Pagination Page", + "description": "Pagination Page\n\nThis value is currently an integer, but it is not sequential. The value is not the page number, but a\nreference. The next page can be any number and some numbers might return an empty list.\n\nFor example, page 2 might not follow after page 1. And even if page 3 and 5 exist, but page 4 might not exist.", "name": "page", "in": "query" } @@ -378,7 +378,7 @@ "type": "integer", "format": "int64", "default": 1, - "description": "Pagination Page", + "description": "Pagination Page\n\nThis value is currently an integer, but it is not sequential. The value is not the page number, but a\nreference. The next page can be any number and some numbers might return an empty list.\n\nFor example, page 2 might not follow after page 1. And even if page 3 and 5 exist, but page 4 might not exist.", "name": "page", "in": "query" }, @@ -671,7 +671,7 @@ "type": "integer", "format": "int64", "default": 1, - "description": "Pagination Page", + "description": "Pagination Page\n\nThis value is currently an integer, but it is not sequential. The value is not the page number, but a\nreference. The next page can be any number and some numbers might return an empty list.\n\nFor example, page 2 might not follow after page 1. And even if page 3 and 5 exist, but page 4 might not exist.", "name": "page", "in": "query" } @@ -2156,7 +2156,7 @@ "type": "integer", "format": "int64", "default": 1, - "description": "Pagination Page", + "description": "Pagination Page\n\nThis value is currently an integer, but it is not sequential. The value is not the page number, but a\nreference. The next page can be any number and some numbers might return an empty list.\n\nFor example, page 2 might not follow after page 1. And even if page 3 and 5 exist, but page 4 might not exist.", "name": "page", "in": "query" } @@ -2998,7 +2998,7 @@ "type": "object", "properties": { "page": { - "description": "Pagination Page", + "description": "Pagination Page\n\nThis value is currently an integer, but it is not sequential. The value is not the page number, but a\nreference. The next page can be any number and some numbers might return an empty list.\n\nFor example, page 2 might not follow after page 1. And even if page 3 and 5 exist, but page 4 might not exist.", "type": "integer", "format": "int64", "default": 1, From 0dcf07323a52ee8fc383ac39e2b93eb8439568c3 Mon Sep 17 00:00:00 2001 From: Vincent Date: Mon, 18 Jul 2022 17:01:43 +0200 Subject: [PATCH 142/411] chore: deprecate coupon (#2597) --- README.md | 5 ----- 1 file changed, 5 deletions(-) diff --git a/README.md b/README.md index 9619c3dfe911..6d722a839c0c 100644 --- a/README.md +++ b/README.md @@ -45,11 +45,6 @@ ory create project Ory Cloud ships administrative user interfaces, hosted pages (e.g. for login or registration), support for custom domains, collaborative features for your colleagues, integration services, and much more! -### :mega: Community gets Ory Cloud for Free! :mega: - -Ory community members get the Ory Cloud Start Up plan **free for half a year**, with all quality-of-life features available, such as custom domains and giving your team members access. [Sign up with your GitHub account](https://console.ory.sh/registration?preferred_plan=start-up&utm_source=github&utm_medium=banner&utm_campaign=kratos-readme-first900) and use the coupon code **`FIRST900`** on the *"Start-Up Plan"* checkout page to claim your free project now! Make sure to be signed up to the [Ory Community Slack](https://slack.ory.sh) when using the code! - - **Table of Contents** From b5f80c1198e4bb9ed392521daca934548eb21ee6 Mon Sep 17 00:00:00 2001 From: aeneasr <3372410+aeneasr@users.noreply.github.com> Date: Tue, 19 Jul 2022 15:12:36 +0200 Subject: [PATCH 143/411] fix(docker): update images --- .docker/Dockerfile-build | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.docker/Dockerfile-build b/.docker/Dockerfile-build index 039cdae51600..978312ae4767 100644 --- a/.docker/Dockerfile-build +++ b/.docker/Dockerfile-build @@ -25,7 +25,7 @@ RUN --mount=type=cache,target=/root/.cache/go-build go build -tags sqlite \ -ldflags="-X 'github.com/ory/kratos/driver/config.Version=${VERSION}' -X 'github.com/ory/kratos/driver/config.Date=${BUILD_DATE}' -X 'github.com/ory/kratos/driver/config.Commit=${COMMIT}'" \ -o /usr/bin/kratos -FROM alpine:3.15.4 +FROM alpine:3.16 RUN addgroup -S ory; \ adduser -S ory -G ory -D -u 10000 -h /home/ory -s /bin/nologin; \ From bad3418cf27233c03202aa9e84fd5d4df428c7a4 Mon Sep 17 00:00:00 2001 From: aeneasr <3372410+aeneasr@users.noreply.github.com> Date: Tue, 19 Jul 2022 15:12:43 +0200 Subject: [PATCH 144/411] ci: ignore busybox cve --- .grype.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.grype.yaml b/.grype.yaml index 7e6d0a9bafa2..a6ce446b593c 100644 --- a/.grype.yaml +++ b/.grype.yaml @@ -1,3 +1,4 @@ #only-fixed: true ignore: - - vulnerability: CVE-2015-5237 \ No newline at end of file + - vulnerability: CVE-2015-5237 + - vulnerability: CVE-2022-30065 From 9ce2d260338f020e2da077e81464e520883f582b Mon Sep 17 00:00:00 2001 From: aeneasr <3372410+aeneasr@users.noreply.github.com> Date: Tue, 19 Jul 2022 15:27:14 +0200 Subject: [PATCH 145/411] fix: bump graceful to deal with http header timeouts --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index a5d7e2d085ea..2bb1e694c485 100644 --- a/go.mod +++ b/go.mod @@ -71,7 +71,7 @@ require ( github.com/ory/dockertest/v3 v3.9.0 github.com/ory/go-acc v0.2.8 github.com/ory/go-convenience v0.1.0 - github.com/ory/graceful v0.1.1 + github.com/ory/graceful v0.1.3 github.com/ory/herodot v0.9.13 github.com/ory/jsonschema/v3 v3.0.7 github.com/ory/kratos-client-go v0.6.3-alpha.1 diff --git a/go.sum b/go.sum index aa7a15e8f1af..3bc5582f068c 100644 --- a/go.sum +++ b/go.sum @@ -1459,8 +1459,8 @@ github.com/ory/go-acc v0.2.8 h1:rOHHAPQjf0u7eHFGWpiXK+gIu/e0GRSJNr9pDukdNC4= github.com/ory/go-acc v0.2.8/go.mod h1:iCRZUdGb/7nqvSn8xWZkhfVrtXRZ9Wru2E5rabCjFPI= github.com/ory/go-convenience v0.1.0 h1:zouLKfF2GoSGnJwGq+PE/nJAE6dj2Zj5QlTgmMTsTS8= github.com/ory/go-convenience v0.1.0/go.mod h1:uEY/a60PL5c12nYz4V5cHY03IBmwIAEm8TWB0yn9KNs= -github.com/ory/graceful v0.1.1 h1:zx+8tDObLPrG+7Tc8jKYlXsqWnLtOQA1IZ/FAAKHMXU= -github.com/ory/graceful v0.1.1/go.mod h1:zqu70l95WrKHF4AZ6tXHvAqAvpY6M7g6ttaAVcMm7KU= +github.com/ory/graceful v0.1.3 h1:FaeXcHZh168WzS+bqruqWEw/HgXWLdNv2nJ+fbhxbhc= +github.com/ory/graceful v0.1.3/go.mod h1:4zFz687IAF7oNHHiB586U4iL+/4aV09o/PYLE34t2bA= github.com/ory/herodot v0.9.13 h1:cN/Z4eOkErl/9W7hDIDLb79IO/bfsH+8yscBjRpB4IU= github.com/ory/herodot v0.9.13/go.mod h1:IWDs9kSvFQqw/cQ8zi5ksyYvITiUU4dI7glUrhZcJYo= github.com/ory/jsonschema/v3 v3.0.7 h1:GQ9qfZDiJqs4l2d3p56dozCChvejQFZyLKGHYzDzOSo= From b2b0eb0955920eae64a874e91869a3b55d4e141d Mon Sep 17 00:00:00 2001 From: aeneasr <3372410+aeneasr@users.noreply.github.com> Date: Tue, 19 Jul 2022 15:32:40 +0200 Subject: [PATCH 146/411] ci: add CVE-2022-30065 to trivy ignore --- .trivyignore | 1 + 1 file changed, 1 insertion(+) create mode 100644 .trivyignore diff --git a/.trivyignore b/.trivyignore new file mode 100644 index 000000000000..ff3bc6108fc4 --- /dev/null +++ b/.trivyignore @@ -0,0 +1 @@ +CVE-2022-30065 From 13eaddb7babe630750361c6d8f3ffc736898ddec Mon Sep 17 00:00:00 2001 From: aeneasr <3372410+aeneasr@users.noreply.github.com> Date: Tue, 19 Jul 2022 16:36:31 +0200 Subject: [PATCH 147/411] fix: mark gosec false positives --- internal/testhelpers/selfservice_settings.go | 1 + selfservice/strategy/oidc/strategy_helper_test.go | 1 + test/e2e/hydra-login-consent/main.go | 1 + 3 files changed, 3 insertions(+) diff --git a/internal/testhelpers/selfservice_settings.go b/internal/testhelpers/selfservice_settings.go index 254485c53bf1..51e0a7ae88a4 100644 --- a/internal/testhelpers/selfservice_settings.go +++ b/internal/testhelpers/selfservice_settings.go @@ -190,6 +190,7 @@ func NewSettingsAPIServer(t *testing.T, reg *driver.RegistryDefault, ids map[str reg.Config(context.Background()).MustSet(config.ViperKeyPublicBaseURL, tsp.URL) reg.Config(context.Background()).MustSet(config.ViperKeyAdminBaseURL, tsa.URL) + // #nosec G112 return tsp, tsa, AddAndLoginIdentities(t, reg, &httptest.Server{Config: &http.Server{Handler: public}, URL: tsp.URL}, ids) } diff --git a/selfservice/strategy/oidc/strategy_helper_test.go b/selfservice/strategy/oidc/strategy_helper_test.go index 6190b44eaf39..8fd37ee5b838 100644 --- a/selfservice/strategy/oidc/strategy_helper_test.go +++ b/selfservice/strategy/oidc/strategy_helper_test.go @@ -152,6 +152,7 @@ func newHydraIntegration(t *testing.T, remote *string, subject *string, claims * parsed, err := url.ParseRequestURI(addr) require.NoError(t, err) + // #nosec G112 server := &http.Server{Addr: ":" + parsed.Port(), Handler: router} go func(t *testing.T) { if err := server.ListenAndServe(); err != http.ErrServerClosed { diff --git a/test/e2e/hydra-login-consent/main.go b/test/e2e/hydra-login-consent/main.go index 14d3f9885bce..facc10efadf7 100644 --- a/test/e2e/hydra-login-consent/main.go +++ b/test/e2e/hydra-login-consent/main.go @@ -158,6 +158,7 @@ func main() { }) addr := ":" + osx.GetenvDefault("PORT", "4446") + // #nosec G112 server := &http.Server{Addr: addr, Handler: router} fmt.Printf("Starting web server at %s\n", addr) check(server.ListenAndServe()) From c36ca53d4552596e62ec323795c3bf21438d4f26 Mon Sep 17 00:00:00 2001 From: aeneasr <3372410+aeneasr@users.noreply.github.com> Date: Tue, 19 Jul 2022 17:02:27 +0200 Subject: [PATCH 148/411] fix: use correct download location for golangci-lint --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index f137692c7039..1c6563d6c5c3 100644 --- a/Makefile +++ b/Makefile @@ -55,7 +55,7 @@ node_modules: package.json Makefile npm ci .bin/golangci-lint: Makefile - bash <(curl -sfL https://install.goreleaser.com/github.com/golangci/golangci-lint.sh) -d -b .bin v1.44.2 + curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -d -b .bin v1.47.0 .bin/hydra: Makefile bash <(curl https://raw.githubusercontent.com/ory/meta/master/install.sh) -d -b .bin hydra v1.11.0 From e3e7ed08f5ce47fc794bd5c093018cee51baf689 Mon Sep 17 00:00:00 2001 From: aeneasr <3372410+aeneasr@users.noreply.github.com> Date: Tue, 19 Jul 2022 17:02:43 +0200 Subject: [PATCH 149/411] fix: gosec false positives --- cmd/courier/watch.go | 1 + cmd/daemon/serve.go | 2 ++ 2 files changed, 3 insertions(+) diff --git a/cmd/courier/watch.go b/cmd/courier/watch.go index 852d4778eb5e..6a12e18c0416 100644 --- a/cmd/courier/watch.go +++ b/cmd/courier/watch.go @@ -55,6 +55,7 @@ func ServeMetrics(ctx cx.Context, r driver.Registry) { handler = otelx.NewHandler(n, "cmd.courier.ServeMetrics") } + // #nosec G112 - the correct settings are set by graceful.WithDefaults server := graceful.WithDefaults(&http.Server{ Addr: c.MetricsListenOn(), Handler: handler, diff --git a/cmd/daemon/serve.go b/cmd/daemon/serve.go index 2242647becc9..a59a7d51e9a6 100644 --- a/cmd/daemon/serve.go +++ b/cmd/daemon/serve.go @@ -125,6 +125,7 @@ func ServePublic(r driver.Registry, wg *sync.WaitGroup, cmd *cobra.Command, args handler = x.TraceHandler(handler) } + // #nosec G112 - the correct settings are set by graceful.WithDefaults server := graceful.WithDefaults(&http.Server{ Handler: handler, TLSConfig: &tls.Config{Certificates: certs, MinVersion: tls.VersionTLS12}, @@ -185,6 +186,7 @@ func ServeAdmin(r driver.Registry, wg *sync.WaitGroup, cmd *cobra.Command, args handler = x.TraceHandler(n) } + // #nosec G112 - the correct settings are set by graceful.WithDefaults server := graceful.WithDefaults(&http.Server{ Handler: handler, TLSConfig: &tls.Config{Certificates: certs, MinVersion: tls.VersionTLS12}, From 9d22035695b6a793ac4bc5e2bd0a68b3aeea039c Mon Sep 17 00:00:00 2001 From: hackerman <3372410+aeneasr@users.noreply.github.com> Date: Wed, 20 Jul 2022 14:47:16 +0200 Subject: [PATCH 150/411] fix: potentially resolve tx issue in crdb (#2595) --- .github/workflows/ci.yaml | 2 +- go.mod | 18 +++++------ go.sum | 36 ++++++++++++--------- identity/identity_recovery_test.go | 3 +- identity/identity_verification_test.go | 3 +- persistence/sql/migratest/migration_test.go | 17 +++++++--- script/testenv.sh | 6 ++-- x/xsql/sql.go | 2 +- 8 files changed, 52 insertions(+), 35 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 1e8dd81623ea..d09d798ad6aa 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -53,7 +53,7 @@ jobs: steps: - run: | docker create --name cockroach -p 26257:26257 \ - cockroachdb/cockroach:v20.2.5 start-single-node --insecure + cockroachdb/cockroach:v22.1.3 start-single-node --insecure docker start cockroach name: Start CockroachDB - run: | diff --git a/go.mod b/go.mod index 2bb1e694c485..6993aeb41db6 100644 --- a/go.mod +++ b/go.mod @@ -42,7 +42,7 @@ require ( github.com/go-swagger/go-swagger v0.26.1 github.com/gobuffalo/fizz v1.14.0 github.com/gobuffalo/httptest v1.0.2 - github.com/gobuffalo/pop/v6 v6.0.4-0.20220524160009-195240e4a669 + github.com/gobuffalo/pop/v6 v6.0.4-0.20220707121509-feb0eed33d86 github.com/gofrs/uuid v4.2.0+incompatible github.com/golang-jwt/jwt/v4 v4.1.0 github.com/golang/gddo v0.0.0-20190904175337-72a348e765d2 @@ -77,17 +77,17 @@ require ( github.com/ory/kratos-client-go v0.6.3-alpha.1 github.com/ory/mail/v3 v3.0.0 github.com/ory/nosurf v1.2.7 - github.com/ory/x v0.0.435 + github.com/ory/x v0.0.445 github.com/phayes/freeport v0.0.0-20180830031419-95f893ade6f2 github.com/pkg/errors v0.9.1 github.com/pquerna/otp v1.3.0 github.com/rs/cors v1.8.2 github.com/sirupsen/logrus v1.8.1 github.com/slack-go/slack v0.7.4 - github.com/spf13/cobra v1.4.0 + github.com/spf13/cobra v1.5.0 github.com/spf13/pflag v1.0.5 github.com/sqs/goreturns v0.0.0-20181028201513-538ac6014518 - github.com/stretchr/testify v1.7.1 + github.com/stretchr/testify v1.8.0 github.com/tidwall/gjson v1.14.0 github.com/tidwall/sjson v1.2.4 github.com/urfave/negroni v1.0.0 @@ -95,9 +95,9 @@ require ( go.opentelemetry.io/otel v1.7.0 go.opentelemetry.io/otel/trace v1.7.0 golang.org/x/crypto v0.0.0-20220517005047-85d78b3ac167 - golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2 + golang.org/x/net v0.0.0-20220225172249-27dd8689420f golang.org/x/oauth2 v0.0.0-20211104180415-d3ed0bb246c8 - golang.org/x/sync v0.0.0-20210220032951-036812b2e83c + golang.org/x/sync v0.0.0-20220601150217-0de741cfad7f golang.org/x/tools v0.1.10 ) @@ -136,7 +136,7 @@ require ( github.com/coreos/go-systemd/v22 v22.3.2 // indirect github.com/cortesi/moddwatch v0.0.0-20210222043437-a6aaad86a36e // indirect github.com/cortesi/termlog v0.0.0-20210222042314-a1eec763abec // indirect - github.com/cpuguy83/go-md2man/v2 v2.0.1 // indirect + github.com/cpuguy83/go-md2man/v2 v2.0.2 // indirect github.com/docker/cli v20.10.14+incompatible // indirect github.com/docker/distribution v2.8.1+incompatible // indirect github.com/docker/docker v20.10.9+incompatible // indirect @@ -174,7 +174,7 @@ require ( github.com/gobuffalo/github_flavored_markdown v1.1.1 // indirect github.com/gobuffalo/helpers v0.6.4 // indirect github.com/gobuffalo/nulls v0.4.1 // indirect - github.com/gobuffalo/plush/v4 v4.1.11 // indirect + github.com/gobuffalo/plush/v4 v4.1.12 // indirect github.com/gobuffalo/tags/v3 v3.1.2 // indirect github.com/gobuffalo/validate/v3 v3.3.1 // indirect github.com/goccy/go-yaml v1.9.5 // indirect @@ -332,7 +332,7 @@ require ( gopkg.in/op/go-logging.v1 v1.0.0-20160211212156-b2cb9fa56473 // indirect gopkg.in/square/go-jose.v2 v2.6.0 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect - gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b // indirect + gopkg.in/yaml.v3 v3.0.1 // indirect mvdan.cc/sh/v3 v3.3.0-0.dev.0.20210224101809-fb5052e7a010 // indirect sigs.k8s.io/yaml v1.2.0 // indirect ) diff --git a/go.sum b/go.sum index 3bc5582f068c..d16386942bbb 100644 --- a/go.sum +++ b/go.sum @@ -92,7 +92,7 @@ github.com/DataDog/datadog-agent/pkg/obfuscate v0.0.0-20211129110424-6491aa3bf58 github.com/DataDog/datadog-go v3.2.0+incompatible/go.mod h1:LButxg5PwREeZtORoXG3tL4fMGNddJ+vMq1mwgfaqoQ= github.com/DataDog/datadog-go v4.8.2+incompatible/go.mod h1:LButxg5PwREeZtORoXG3tL4fMGNddJ+vMq1mwgfaqoQ= github.com/DataDog/datadog-go/v5 v5.0.2/go.mod h1:ZI9JFB4ewXbw1sBnF4sxsR2k1H3xjV+PUAOUsHvKpcU= -github.com/DataDog/sketches-go v1.0.0/go.mod h1:O+XkJHWk9w4hDwY2ZUDU31ZC9sNYlYo8DiFsxjYeo1k= +github.com/DataDog/sketches-go v1.2.1/go.mod h1:1xYmPLY1So10AwxV6MJV0J53XVH+WL9Ad1KetxVivVI= github.com/GeertJohan/go.incremental v1.0.0/go.mod h1:6fAjUhbVuX1KcMD3c8TEgVUqmo4seqhv0i0kdATSkM0= github.com/GeertJohan/go.rice v1.0.2/go.mod h1:af5vUNlDNkCjOZeSGFgIJxDje9qdjsO6hshx0gTmZt4= github.com/GoogleCloudPlatform/cloudsql-proxy v0.0.0-20191009163259-e802c2cb94ae/go.mod h1:mjwGPas4yKduTyubHvD1Atl9r1rUq8DfVy+gkVvZ+oo= @@ -447,8 +447,9 @@ github.com/cpuguy83/go-md2man v1.0.10 h1:BSKMNlYxDvnunlTymqtgONjNnaRV1sTpcovwwjF github.com/cpuguy83/go-md2man v1.0.10/go.mod h1:SmD6nW6nTyfqj6ABTjUi3V3JVMnlJmwcJI5acqYI6dE= github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU= github.com/cpuguy83/go-md2man/v2 v2.0.0/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU= -github.com/cpuguy83/go-md2man/v2 v2.0.1 h1:r/myEWzV9lfsM1tFLgDyu0atFtJ1fXn261LKYj/3DxU= github.com/cpuguy83/go-md2man/v2 v2.0.1/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= +github.com/cpuguy83/go-md2man/v2 v2.0.2 h1:p1EgwI/C7NhT0JmVkwCD2ZBK8j4aeHQX2pMHHBfMQ6w= +github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= github.com/creack/pty v1.1.7/go.mod h1:lj5s0c3V2DBrqTV7llrYr5NG6My20zk30Fl46Y7DoTY= github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= github.com/creack/pty v1.1.11 h1:07n33Z8lZxZ2qwegKbObQohDhXDQxiMMz1NOUGYlesw= @@ -785,11 +786,11 @@ github.com/gobuffalo/packr/v2 v2.0.9/go.mod h1:emmyGweYTm6Kdper+iywB6YK5YzuKchGt github.com/gobuffalo/packr/v2 v2.2.0/go.mod h1:CaAwI0GPIAv+5wKLtv8Afwl+Cm78K/I/VCm/3ptBN+0= github.com/gobuffalo/plush/v4 v4.0.0/go.mod h1:ErFS3UxKqEb8fpFJT7lYErfN/Nw6vHGiDMTjxpk5bQ0= github.com/gobuffalo/plush/v4 v4.1.9/go.mod h1:9OOII9uAM5pZnhWu1OkQnboXJjaWMQ7kcTl3zNcxvTM= -github.com/gobuffalo/plush/v4 v4.1.11 h1:IOLBE07W0VkiraJf36x547l3q5Ek3osP9vHzN48wAh0= -github.com/gobuffalo/plush/v4 v4.1.11/go.mod h1:9OOII9uAM5pZnhWu1OkQnboXJjaWMQ7kcTl3zNcxvTM= +github.com/gobuffalo/plush/v4 v4.1.12 h1:zkkH7+yC/rbhDp88+PgF5I2pnaVC4cYbDekp1cI452c= +github.com/gobuffalo/plush/v4 v4.1.12/go.mod h1:Ke2mPa1ZuGXkyHnAeNcVTKC6s0Aa1H9DH6qJ2Tdkl4s= github.com/gobuffalo/pop/v6 v6.0.0/go.mod h1:5rd3OnViLhjteR8+0i/mT9Q4CzkTzCoR7tm/9mmAic4= -github.com/gobuffalo/pop/v6 v6.0.4-0.20220524160009-195240e4a669 h1:IVk9uuVEVLRo1VrNsj/A6eBMDs3xdAdZNPUhJqFybck= -github.com/gobuffalo/pop/v6 v6.0.4-0.20220524160009-195240e4a669/go.mod h1:dFcrMNPOwk+sl1Oa0lOb/jGbmjv+JV+5CZjMWNYR3KI= +github.com/gobuffalo/pop/v6 v6.0.4-0.20220707121509-feb0eed33d86 h1:fQz6sw44aXDrJS7BX91ZRbX86tIqz55go3EbgJ1crfY= +github.com/gobuffalo/pop/v6 v6.0.4-0.20220707121509-feb0eed33d86/go.mod h1:52Jl9aGbapxpS4ENiwdQeW8AWf2ixJYweszb0o3t/QU= github.com/gobuffalo/syncx v0.0.0-20190224160051-33c29581e754/go.mod h1:HhnNqWY95UYwwW3uSASeV7vtgYkT2t16hJgV3AEPUpw= github.com/gobuffalo/tags/v3 v3.0.2/go.mod h1:ZQeN6TCTiwAFnS0dNcbDtSgZDwNKSpqajvVtt6mlYpA= github.com/gobuffalo/tags/v3 v3.1.2 h1:68sHcwFFDstXyfbk5ovbGcQFDsupgVLs+lw1XZinHJw= @@ -1475,8 +1476,8 @@ github.com/ory/sessions v1.2.2-0.20220110165800-b09c17334dc2 h1:zm6sDvHy/U9XrGpi github.com/ory/sessions v1.2.2-0.20220110165800-b09c17334dc2/go.mod h1:dk2InVEVJ0sfLlnXv9EAgkf6ecYs/i80K/zI+bUmuGM= github.com/ory/viper v1.7.5 h1:+xVdq7SU3e1vNaCsk/ixsfxE4zylk1TJUiJrY647jUE= github.com/ory/viper v1.7.5/go.mod h1:ypOuyJmEUb3oENywQZRgeAMwqgOyDqwboO1tj3DjTaM= -github.com/ory/x v0.0.435 h1:I3GCfoU66VRkaNfX3l4eTF95MhFFkwTGd67ysBhaAHs= -github.com/ory/x v0.0.435/go.mod h1:x9jcXCDJ8nqeyWMT2FJIHKs1NOXfz3ikaArPKefFuus= +github.com/ory/x v0.0.445 h1:gKBFPOT8fbLt0i80z+siYlDunAbzpBX/hflhQbAdvBQ= +github.com/ory/x v0.0.445/go.mod h1:kB0Nf6sgWsDl7M0QjDmfyKheDc/LF999wzhKHQ2Kop0= github.com/otiai10/copy v1.2.0/go.mod h1:rrF5dJ5F0t/EWSYODDu4j9/vEeYHMkc8jt0zJChqQWw= github.com/otiai10/curr v0.0.0-20150429015615-9b4961190c95/go.mod h1:9qAhocn7zKJG+0mI8eUu6xqkFDYS2kb2saOteoSB3cE= github.com/otiai10/curr v1.0.0/go.mod h1:LskTG5wDwr8Rs+nNQ+1LlxRjAtTZZjtJW4rMXl6j4vs= @@ -1699,8 +1700,8 @@ github.com/spf13/cobra v1.1.1/go.mod h1:WnodtKOvamDL/PwE2M4iKs8aMDBZ5Q5klgD3qfVJ github.com/spf13/cobra v1.1.3/go.mod h1:pGADOWyqRD/YMrPZigI/zbliZ2wVD/23d+is3pSWzOo= github.com/spf13/cobra v1.2.1/go.mod h1:ExllRjgxM/piMAM+3tAZvg8fsklGAf3tPfi+i8t68Nk= github.com/spf13/cobra v1.3.0/go.mod h1:BrRVncBjOJa/eUcVVm9CE+oC6as8k+VYr4NY7WCi9V4= -github.com/spf13/cobra v1.4.0 h1:y+wJpx64xcgO1V+RcnwW0LEHxTKRi2ZDPSBjWnrg88Q= -github.com/spf13/cobra v1.4.0/go.mod h1:Wo4iy3BUC+X2Fybo0PDqwJIv3dNRiZLHQymsfxlB84g= +github.com/spf13/cobra v1.5.0 h1:X+jTBEBqF0bHN+9cSMgmfuvv2VHJ9ezmFNf9Y/XstYU= +github.com/spf13/cobra v1.5.0/go.mod h1:dWXEIy2H428czQCjInthrTRUg7yKbok+2Qi/yBIJoUM= github.com/spf13/jwalterweatherman v1.0.0/go.mod h1:cQK4TGJAtQXfYWX+Ddv3mKDzgVb68N+wFjFa4jdeBTo= github.com/spf13/jwalterweatherman v1.1.0 h1:ue6voC5bR5F8YxI5S67j9i582FU4Qvo2bmqnqMYADFk= github.com/spf13/jwalterweatherman v1.1.0/go.mod h1:aNWZUN0dPAAO/Ljvb5BEdw96iTZ0EXowPYD95IqWIGo= @@ -1728,8 +1729,9 @@ github.com/streadway/handy v0.0.0-20190108123426-d5acb3125c2a/go.mod h1:qNTQ5P5J github.com/stretchr/objx v0.0.0-20180129172003-8a3f7159479f/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= -github.com/stretchr/objx v0.2.0 h1:Hbg2NidpLE8veEBkEZTL3CvlkUIVzuU9jDplZO54c48= github.com/stretchr/objx v0.2.0/go.mod h1:qt09Ya8vawLte6SNmTgCsAVtYtaKzEcn8ATUoHMkEqE= +github.com/stretchr/objx v0.4.0 h1:M2gUjqZET1qApGOWNSnZ49BAIMX4F/1plDv3+l31EJ4= +github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw= github.com/stretchr/testify v0.0.0-20170130113145-4d4bfba8f1d1/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= github.com/stretchr/testify v0.0.0-20180303142811-b89eecf5ca5d/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= @@ -1738,8 +1740,9 @@ github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81P github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA= github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= -github.com/stretchr/testify v1.7.1 h1:5TQK59W5E3v0r2duFAb7P95B6hEeOyEnHRa8MjYSMTY= github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= +github.com/stretchr/testify v1.8.0 h1:pSgiaMZlXftHpm5L7V1+rVB+AZJydKsMxsQBIJw4PKk= +github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= github.com/subosito/gotenv v1.2.0 h1:Slr1R9HxAlEKefgq5jn9U+DnETlIUa6HfgEzj0g5d7s= github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69rRypqCw= github.com/syndtr/gocapability v0.0.0-20170704070218-db04d3cc01c8/go.mod h1:hkRG7XYTFWNJGYcbNJQlaLq0fg1yr4J4t/NcTQtrfww= @@ -2125,8 +2128,9 @@ golang.org/x/net v0.0.0-20210805182204-aaa1db679c0d/go.mod h1:9nx3DQGgdP8bBQD5qx golang.org/x/net v0.0.0-20210813160813-60bc85c4be6d/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20210917221730-978cfadd31cf/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20211015210444-4f30a5c0130f/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= -golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2 h1:CIJ76btIcR3eFI5EgSo6k1qKw9KJexJuRLI9G7Hp5wE= golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= +golang.org/x/net v0.0.0-20220225172249-27dd8689420f h1:oA4XRj0qtSt8Yo1Zms0CUlsT3KG69V2UGQWPBxujDmc= +golang.org/x/net v0.0.0-20220225172249-27dd8689420f/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20181106182150-f42d05182288/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= @@ -2162,8 +2166,9 @@ golang.org/x/sync v0.0.0-20200317015054-43a5402ce75a/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20210220032951-036812b2e83c h1:5KslGYwFpkhGh+Q16bwMP3cOontH8FOep7tGV86Y7SQ= golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20220601150217-0de741cfad7f h1:Ax0t5p6N38Ga0dThY21weqDEyz2oklo4IvDkpigvkD8= +golang.org/x/sync v0.0.0-20220601150217-0de741cfad7f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sys v0.0.0-20220319134239-a9b59b0215f8 h1:OH54vjqzRWmbJ62fjuhxy7AxFFgoHN0/DPc/UrL8cAs= golang.org/x/sys v0.0.0-20220319134239-a9b59b0215f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20191110171634-ad39bd3f0407/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw= @@ -2547,8 +2552,9 @@ gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.0-20200605160147-a5ece683394c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.0-20200615113413-eeeca48fe776/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b h1:h8qDotaEPuJATrMmW04NCwg7v22aHH28wwpauUhK9Oo= gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= +gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= +gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gorm.io/driver/postgres v1.3.5/go.mod h1:EGCWefLFQSVFrHGy4J8EtiHCWX5Q8t0yz2Jt9aKkGzU= gorm.io/gorm v1.23.4/go.mod h1:l2lP/RyAtc1ynaTjFksBde/O8v9oOGIApu2/xRitmZk= gorm.io/gorm v1.23.5/go.mod h1:l2lP/RyAtc1ynaTjFksBde/O8v9oOGIApu2/xRitmZk= diff --git a/identity/identity_recovery_test.go b/identity/identity_recovery_test.go index 8b7cb4954bdc..d7b9f8358eb6 100644 --- a/identity/identity_recovery_test.go +++ b/identity/identity_recovery_test.go @@ -1,6 +1,7 @@ package identity import ( + "github.com/gofrs/uuid" "testing" "github.com/stretchr/testify/assert" @@ -14,5 +15,5 @@ func TestNewRecoveryEmailAddress(t *testing.T) { assert.Equal(t, a.Value, "foo@ory.sh") assert.Equal(t, a.Via, RecoveryAddressTypeEmail) - assert.NotEmpty(t, a.ID) + assert.Equal(t, uuid.Nil, a.ID) } diff --git a/identity/identity_verification_test.go b/identity/identity_verification_test.go index 4d36b9949219..1aa9d00128eb 100644 --- a/identity/identity_verification_test.go +++ b/identity/identity_verification_test.go @@ -1,6 +1,7 @@ package identity import ( + "github.com/gofrs/uuid" "testing" "github.com/stretchr/testify/assert" @@ -20,5 +21,5 @@ func TestNewVerifiableEmailAddress(t *testing.T) { assert.Equal(t, a.Status, VerifiableAddressStatusPending) assert.Equal(t, a.Verified, false) assert.EqualValues(t, nullTime, a.VerifiedAt) - assert.NotEmpty(t, a.ID) + assert.Equal(t, uuid.Nil, a.ID) } diff --git a/persistence/sql/migratest/migration_test.go b/persistence/sql/migratest/migration_test.go index 83d593a8a263..5a01d9bd0373 100644 --- a/persistence/sql/migratest/migration_test.go +++ b/persistence/sql/migratest/migration_test.go @@ -5,9 +5,11 @@ import ( "encoding/json" "errors" "fmt" + "github.com/ory/x/fsx" "os" "path/filepath" "testing" + "time" "github.com/ory/kratos/identity" @@ -71,17 +73,19 @@ func TestMigrations(t *testing.T) { require.NoError(t, err) require.NoError(t, sqlite.Open()) - connections := map[string]*pop.Connection{"sqlite": sqlite} + connections := map[string]*pop.Connection{ + //"sqlite": sqlite, + } if !testing.Short() { dockertest.Parallel([]func(){ func() { - connections["postgres"] = dockertest.ConnectToTestPostgreSQLPop(t) + //connections["postgres"] = dockertest.ConnectToTestPostgreSQLPop(t) }, func() { connections["mysql"] = dockertest.ConnectToTestMySQLPop(t) }, func() { - connections["cockroach"] = dockertest.ConnectToTestCockroachDBPop(t) + //connections["cockroach"] = dockertest.ConnectToTestCockroachDBPop(t) }, }) } @@ -112,7 +116,12 @@ func TestMigrations(t *testing.T) { t.Logf("URL: %s", url) t.Run("suite=up", func(t *testing.T) { - tm := popx.NewTestMigrator(t, c, os.DirFS("../migrations/sql"), os.DirFS("./testdata"), l) + tm, err := popx.NewMigrationBox( + fsx.Merge(os.DirFS("../migrations/sql")), + popx.NewMigrator(c, logrusx.New("", "", logrusx.ForceLevel(logrus.DebugLevel)), nil, 1*time.Minute), + popx.WithTestdata(t, os.DirFS("./testdata")), + ) + require.NoError(t, err) require.NoError(t, tm.Up(ctx)) }) diff --git a/script/testenv.sh b/script/testenv.sh index c7c285b265d5..7e961cb74a75 100755 --- a/script/testenv.sh +++ b/script/testenv.sh @@ -1,9 +1,9 @@ #!/bin/bash docker rm -f kratos_test_database_mysql kratos_test_database_postgres kratos_test_database_cockroach kratos_test_hydra || true -docker run --name kratos_test_database_mysql -p 3444:3306 -e MYSQL_ROOT_PASSWORD=secret -d mysql:5.7 -docker run --name kratos_test_database_postgres -p 3445:5432 -e POSTGRES_PASSWORD=secret -e POSTGRES_DB=postgres -d postgres:9.6 postgres -c log_statement=all +docker run --platform linux/amd64 --name kratos_test_database_mysql -p 3444:3306 -e MYSQL_ROOT_PASSWORD=secret -d mysql:8.0.23 +docker run --platform linux/amd64 --name kratos_test_database_postgres -p 3445:5432 -e POSTGRES_PASSWORD=secret -e POSTGRES_DB=postgres -d postgres:11.8 postgres -c log_statement=all docker run --platform linux/amd64 --name kratos_test_database_cockroach -p 3446:26257 -p 3447:8080 -d cockroachdb/cockroach:v21.2.6 start-single-node --insecure -docker run --name kratos_test_hydra -p 4444:4444 -p 4445:4445 -d -e DSN=memory -e URLS_SELF_ISSUER=http://127.0.0.1:4444 -e URLS_LOGIN=http://127.0.0.1:4446/login -e URLS_CONSENT=http://127.0.0.1:4446/consent oryd/hydra:v1.9.2-sqlite serve all --dangerous-force-http +docker run --platform linux/amd64 --name kratos_test_hydra -p 4444:4444 -p 4445:4445 -d -e DSN=memory -e URLS_SELF_ISSUER=http://127.0.0.1:4444 -e URLS_LOGIN=http://127.0.0.1:4446/login -e URLS_CONSENT=http://127.0.0.1:4446/consent oryd/hydra:v1.9.2-sqlite serve all --dangerous-force-http source script/test-envs.sh diff --git a/x/xsql/sql.go b/x/xsql/sql.go index e00c8caf339d..bea6ac506dc1 100644 --- a/x/xsql/sql.go +++ b/x/xsql/sql.go @@ -26,6 +26,7 @@ func CleanSQL(t *testing.T, c *pop.Connection) { new(continuity.Container).TableName(ctx), new(courier.Message).TableName(ctx), + new(session.Session).TableName(ctx), new(login.Flow).TableName(ctx), new(registration.Flow).TableName(ctx), new(settings.Flow).TableName(ctx), @@ -39,7 +40,6 @@ func CleanSQL(t *testing.T, c *pop.Connection) { new(errorx.ErrorContainer).TableName(ctx), - new(session.Session).TableName(ctx), new(identity.CredentialIdentifierCollection).TableName(ctx), new(identity.CredentialsCollection).TableName(ctx), new(identity.VerifiableAddress).TableName(ctx), From b8b8cfcb9b4ab5df3f85a104c2394d5b076d0573 Mon Sep 17 00:00:00 2001 From: ory-bot <60093411+ory-bot@users.noreply.github.com> Date: Wed, 20 Jul 2022 12:49:28 +0000 Subject: [PATCH 151/411] autogen(openapi): regenerate swagger spec and internal client [skip ci] --- identity/identity_recovery_test.go | 3 ++- identity/identity_verification_test.go | 3 ++- persistence/sql/migratest/migration_test.go | 3 ++- 3 files changed, 6 insertions(+), 3 deletions(-) diff --git a/identity/identity_recovery_test.go b/identity/identity_recovery_test.go index d7b9f8358eb6..92bee6bcb848 100644 --- a/identity/identity_recovery_test.go +++ b/identity/identity_recovery_test.go @@ -1,9 +1,10 @@ package identity import ( - "github.com/gofrs/uuid" "testing" + "github.com/gofrs/uuid" + "github.com/stretchr/testify/assert" "github.com/ory/kratos/x" diff --git a/identity/identity_verification_test.go b/identity/identity_verification_test.go index 1aa9d00128eb..7e1c511bc2e0 100644 --- a/identity/identity_verification_test.go +++ b/identity/identity_verification_test.go @@ -1,9 +1,10 @@ package identity import ( - "github.com/gofrs/uuid" "testing" + "github.com/gofrs/uuid" + "github.com/stretchr/testify/assert" "github.com/ory/x/sqlxx" diff --git a/persistence/sql/migratest/migration_test.go b/persistence/sql/migratest/migration_test.go index 5a01d9bd0373..52168787a285 100644 --- a/persistence/sql/migratest/migration_test.go +++ b/persistence/sql/migratest/migration_test.go @@ -5,12 +5,13 @@ import ( "encoding/json" "errors" "fmt" - "github.com/ory/x/fsx" "os" "path/filepath" "testing" "time" + "github.com/ory/x/fsx" + "github.com/ory/kratos/identity" "github.com/bradleyjkemp/cupaloy/v2" From e5f131138243ad5806c7927dd5a642d029cfad6c Mon Sep 17 00:00:00 2001 From: aeneasr <3372410+aeneasr@users.noreply.github.com> Date: Wed, 20 Jul 2022 17:58:59 +0200 Subject: [PATCH 152/411] test: fix broken assertions --- selfservice/flow/login/flow_test.go | 3 ++- selfservice/flow/registration/flow_test.go | 3 ++- selfservice/flow/settings/flow_test.go | 3 ++- 3 files changed, 6 insertions(+), 3 deletions(-) diff --git a/selfservice/flow/login/flow_test.go b/selfservice/flow/login/flow_test.go index cd99c1592878..8c0766e13b89 100644 --- a/selfservice/flow/login/flow_test.go +++ b/selfservice/flow/login/flow_test.go @@ -3,6 +3,7 @@ package login_test import ( "crypto/tls" "fmt" + "github.com/gofrs/uuid" "net/http" "net/url" "testing" @@ -31,7 +32,7 @@ func TestFakeFlow(t *testing.T) { var r login.Flow require.NoError(t, faker.FakeData(&r)) - assert.NotEmpty(t, r.ID) + assert.Equal(t, uuid.Nil, r.ID) assert.NotEmpty(t, r.IssuedAt) assert.NotEmpty(t, r.ExpiresAt) assert.NotEmpty(t, r.RequestURL) diff --git a/selfservice/flow/registration/flow_test.go b/selfservice/flow/registration/flow_test.go index 8f3dc75041d0..8eb63a796142 100644 --- a/selfservice/flow/registration/flow_test.go +++ b/selfservice/flow/registration/flow_test.go @@ -3,6 +3,7 @@ package registration_test import ( "crypto/tls" "fmt" + "github.com/gofrs/uuid" "net/http" "net/url" "testing" @@ -29,7 +30,7 @@ func TestFakeFlow(t *testing.T) { var r registration.Flow require.NoError(t, faker.FakeData(&r)) - assert.NotEmpty(t, r.ID) + assert.Equal(t, uuid.Nil, r.ID) assert.NotEmpty(t, r.IssuedAt) assert.NotEmpty(t, r.ExpiresAt) assert.NotEmpty(t, r.RequestURL) diff --git a/selfservice/flow/settings/flow_test.go b/selfservice/flow/settings/flow_test.go index 14b002a8c0df..f5f1a0e53e71 100644 --- a/selfservice/flow/settings/flow_test.go +++ b/selfservice/flow/settings/flow_test.go @@ -3,6 +3,7 @@ package settings_test import ( "crypto/tls" "fmt" + "github.com/gofrs/uuid" "net/http" "net/url" "testing" @@ -33,7 +34,7 @@ func TestFakeFlow(t *testing.T) { var r settings.Flow require.NoError(t, faker.FakeData(&r)) - assert.NotEmpty(t, r.ID) + assert.Equal(t, uuid.Nil, r.ID) assert.NotEmpty(t, r.IssuedAt) assert.NotEmpty(t, r.ExpiresAt) assert.NotEmpty(t, r.RequestURL) From 02f7e9cfd17ab60c3f38aab3ae977c427b26990d Mon Sep 17 00:00:00 2001 From: aeneasr <3372410+aeneasr@users.noreply.github.com> Date: Wed, 20 Jul 2022 18:32:29 +0200 Subject: [PATCH 153/411] fix: use errors instead of fatal for serve cmd --- cmd/daemon/serve.go | 58 +++++++++++++++++++++++++++------------------ cmd/serve/root.go | 4 ++-- 2 files changed, 37 insertions(+), 25 deletions(-) diff --git a/cmd/daemon/serve.go b/cmd/daemon/serve.go index a59a7d51e9a6..c72d1cb13d40 100644 --- a/cmd/daemon/serve.go +++ b/cmd/daemon/serve.go @@ -2,10 +2,9 @@ package daemon import ( "crypto/tls" - "net/http" - "sync" - "github.com/ory/kratos/schema" + "golang.org/x/sync/errgroup" + "net/http" "github.com/ory/kratos/selfservice/flow/recovery" @@ -50,7 +49,7 @@ type options struct { ctx stdctx.Context } -func newOptions(ctx stdctx.Context, opts []Option) *options { +func NewOptions(ctx stdctx.Context, opts []Option) *options { o := new(options) o.ctx = ctx for _, f := range opts { @@ -73,9 +72,8 @@ func WithContext(ctx stdctx.Context) Option { } } -func ServePublic(r driver.Registry, wg *sync.WaitGroup, cmd *cobra.Command, args []string, opts ...Option) { - defer wg.Done() - modifiers := newOptions(cmd.Context(), opts) +func ServePublic(r driver.Registry, cmd *cobra.Command, args []string, opts ...Option) error { + modifiers := NewOptions(cmd.Context(), opts) ctx := modifiers.ctx c := r.Config(cmd.Context()) @@ -144,14 +142,15 @@ func ServePublic(r driver.Registry, wg *sync.WaitGroup, cmd *cobra.Command, args } return server.ServeTLS(listener, "", "") }, server.Shutdown); err != nil { - l.Fatalf("Failed to gracefully shutdown public httpd: %s", err) + l.Errorf("Failed to gracefully shutdown public httpd: %s", err) + return err } l.Println("Public httpd was shutdown gracefully") + return nil } -func ServeAdmin(r driver.Registry, wg *sync.WaitGroup, cmd *cobra.Command, args []string, opts ...Option) { - defer wg.Done() - modifiers := newOptions(cmd.Context(), opts) +func ServeAdmin(r driver.Registry, cmd *cobra.Command, args []string, opts ...Option) error { + modifiers := NewOptions(cmd.Context(), opts) ctx := modifiers.ctx c := r.Config(ctx) @@ -206,9 +205,11 @@ func ServeAdmin(r driver.Registry, wg *sync.WaitGroup, cmd *cobra.Command, args } return server.ServeTLS(listener, "", "") }, server.Shutdown); err != nil { - l.Fatalf("Failed to gracefully shutdown admin httpd: %s", err) + l.Errorf("Failed to gracefully shutdown admin httpd: %s", err) + return err } l.Println("Admin httpd was shutdown gracefully") + return nil } func sqa(ctx stdctx.Context, cmd *cobra.Command, d driver.Registry) *metricsx.Service { @@ -280,23 +281,34 @@ func sqa(ctx stdctx.Context, cmd *cobra.Command, d driver.Registry) *metricsx.Se ) } -func bgTasks(d driver.Registry, wg *sync.WaitGroup, cmd *cobra.Command, args []string, opts ...Option) { - defer wg.Done() - modifiers := newOptions(cmd.Context(), opts) +func bgTasks(d driver.Registry, cmd *cobra.Command, args []string, opts ...Option) error { + modifiers := NewOptions(cmd.Context(), opts) ctx := modifiers.ctx if d.Config(ctx).IsBackgroundCourierEnabled() { go courier.Watch(ctx, d) } + return nil } -func ServeAll(d driver.Registry, opts ...Option) func(cmd *cobra.Command, args []string) { - return func(cmd *cobra.Command, args []string) { - var wg sync.WaitGroup - wg.Add(3) - go ServePublic(d, &wg, cmd, args, opts...) - go ServeAdmin(d, &wg, cmd, args, opts...) - go bgTasks(d, &wg, cmd, args, opts...) - wg.Wait() +func ServeAll(d driver.Registry, opts ...Option) func(cmd *cobra.Command, args []string) error { + return func(cmd *cobra.Command, args []string) error { + mods := NewOptions(cmd.Context(), opts) + ctx := mods.ctx + + g, ctx := errgroup.WithContext(ctx) + cmd.SetContext(ctx) + opts = append(opts, WithContext(ctx)) + + g.Go(func() error { + return ServePublic(d, cmd, args, opts...) + }) + g.Go(func() error { + return ServeAdmin(d, cmd, args, opts...) + }) + g.Go(func() error { + return bgTasks(d, cmd, args, opts...) + }) + return g.Wait() } } diff --git a/cmd/serve/root.go b/cmd/serve/root.go index 4c5bf669f6bf..4415bbb4eab0 100644 --- a/cmd/serve/root.go +++ b/cmd/serve/root.go @@ -29,7 +29,7 @@ func NewServeCmd() (serveCmd *cobra.Command) { serveCmd = &cobra.Command{ Use: "serve", Short: "Run the Ory Kratos server", - Run: func(cmd *cobra.Command, args []string) { + RunE: func(cmd *cobra.Command, args []string) error { d := driver.New(cmd.Context(), cmd.ErrOrStderr(), configx.WithFlags(cmd.Flags())) if d.Config(cmd.Context()).IsInsecureDevMode() { @@ -50,7 +50,7 @@ DON'T DO THIS IN PRODUCTION! d.Logger().Warnf("Config version is '%s' but kratos runs on version '%s'", configVersion, config.Version) } - daemon.ServeAll(d)(cmd, args) + return daemon.ServeAll(d)(cmd, args) }, } configx.RegisterFlags(serveCmd.PersistentFlags()) From 3b5ac5ff03b653191c1979fe1e4e9a4ea3ed7d36 Mon Sep 17 00:00:00 2001 From: aeneasr <3372410+aeneasr@users.noreply.github.com> Date: Wed, 20 Jul 2022 18:32:40 +0200 Subject: [PATCH 154/411] test: try and recover from allocated port error --- internal/testhelpers/e2e_server.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/internal/testhelpers/e2e_server.go b/internal/testhelpers/e2e_server.go index 443fb14caf12..ff8f41e57b0c 100644 --- a/internal/testhelpers/e2e_server.go +++ b/internal/testhelpers/e2e_server.go @@ -101,7 +101,7 @@ func startE2EServerOnly(t *testing.T, configFile string, isTLS bool, configOptio err = waitTimeout(t, eg, time.Second) if err != nil && tries < 5 { - if !errors.Is(err, context.Canceled) || strings.Contains(err.Error(), "address already in use") { + if !errors.Is(err, context.Canceled) || strings.Contains(err.Error(), "address already in use") || strings.Contains(stdErr.String(), "address already in use") { t.Logf("Detected an instance with port reuse, retrying #%d...", tries) time.Sleep(time.Millisecond * 500) cancel() From 4a8f151e77a337850fa7770703a3ba330f9ebfd9 Mon Sep 17 00:00:00 2001 From: aeneasr <3372410+aeneasr@users.noreply.github.com> Date: Wed, 20 Jul 2022 18:33:01 +0200 Subject: [PATCH 155/411] chore: remove legacy codedoc --- driver/config/config.go | 2 -- 1 file changed, 2 deletions(-) diff --git a/driver/config/config.go b/driver/config/config.go index c4dff6542a2a..eff2e412ce2c 100644 --- a/driver/config/config.go +++ b/driver/config/config.go @@ -470,8 +470,6 @@ func (p *Config) HasherArgon2() *Argon2 { } func (p *Config) HasherBcrypt() *Bcrypt { - // warn about usage of default values and point to the docs - // warning will require https://github.com/ory/viper/issues/19 cost := uint32(p.p.IntF(ViperKeyHasherBcryptCost, int(BcryptDefaultCost))) if !p.IsInsecureDevMode() && cost < BcryptDefaultCost { cost = BcryptDefaultCost From cae5baaa2625c1e9e5c1f601667e25a5d2466a9d Mon Sep 17 00:00:00 2001 From: aeneasr <3372410+aeneasr@users.noreply.github.com> Date: Wed, 20 Jul 2022 18:33:26 +0200 Subject: [PATCH 156/411] chore: format --- cmd/daemon/serve.go | 6 ++++-- selfservice/flow/login/flow_test.go | 3 ++- selfservice/flow/registration/flow_test.go | 3 ++- selfservice/flow/settings/flow_test.go | 3 ++- 4 files changed, 10 insertions(+), 5 deletions(-) diff --git a/cmd/daemon/serve.go b/cmd/daemon/serve.go index c72d1cb13d40..c657badd3225 100644 --- a/cmd/daemon/serve.go +++ b/cmd/daemon/serve.go @@ -2,10 +2,12 @@ package daemon import ( "crypto/tls" - "github.com/ory/kratos/schema" - "golang.org/x/sync/errgroup" "net/http" + "golang.org/x/sync/errgroup" + + "github.com/ory/kratos/schema" + "github.com/ory/kratos/selfservice/flow/recovery" "github.com/ory/x/reqlog" diff --git a/selfservice/flow/login/flow_test.go b/selfservice/flow/login/flow_test.go index 8c0766e13b89..b8c549e85595 100644 --- a/selfservice/flow/login/flow_test.go +++ b/selfservice/flow/login/flow_test.go @@ -3,12 +3,13 @@ package login_test import ( "crypto/tls" "fmt" - "github.com/gofrs/uuid" "net/http" "net/url" "testing" "time" + "github.com/gofrs/uuid" + "github.com/tidwall/gjson" "github.com/ory/x/jsonx" diff --git a/selfservice/flow/registration/flow_test.go b/selfservice/flow/registration/flow_test.go index 8eb63a796142..c9970d6fc4ca 100644 --- a/selfservice/flow/registration/flow_test.go +++ b/selfservice/flow/registration/flow_test.go @@ -3,12 +3,13 @@ package registration_test import ( "crypto/tls" "fmt" - "github.com/gofrs/uuid" "net/http" "net/url" "testing" "time" + "github.com/gofrs/uuid" + "github.com/tidwall/gjson" "github.com/ory/x/jsonx" diff --git a/selfservice/flow/settings/flow_test.go b/selfservice/flow/settings/flow_test.go index f5f1a0e53e71..a5dd468d8609 100644 --- a/selfservice/flow/settings/flow_test.go +++ b/selfservice/flow/settings/flow_test.go @@ -3,12 +3,13 @@ package settings_test import ( "crypto/tls" "fmt" - "github.com/gofrs/uuid" "net/http" "net/url" "testing" "time" + "github.com/gofrs/uuid" + "github.com/ory/kratos/selfservice/flow/registration" "github.com/tidwall/gjson" From 317fab0fe76a2762a77b3d2f8a75735598cb1c0e Mon Sep 17 00:00:00 2001 From: aeneasr <3372410+aeneasr@users.noreply.github.com> Date: Wed, 20 Jul 2022 19:46:26 +0200 Subject: [PATCH 157/411] test(e2e): migrate to cypress 10.x --- package.json | 2 +- test/e2e/cypress.config.ts | 71 ++++++++++++++++++++++++++++++++++++++ test/e2e/cypress.json | 23 ------------ test/e2e/modd.conf | 2 +- test/e2e/package-lock.json | 44 +++++++++++------------ test/e2e/package.json | 4 +-- 6 files changed, 97 insertions(+), 49 deletions(-) create mode 100644 test/e2e/cypress.config.ts delete mode 100644 test/e2e/cypress.json diff --git a/package.json b/package.json index 38fb20bc579a..4d931468c412 100644 --- a/package.json +++ b/package.json @@ -2,7 +2,7 @@ "private": true, "prettier": "ory-prettier-styles", "config": { - "prettierTarget": "test/e2e/cypress/**/*{.ts,.js}" + "prettierTarget": "test/e2e/**/*{.ts,.js}" }, "scripts": { "format": "prettier --write ${npm_package_config_prettierTarget}", diff --git a/test/e2e/cypress.config.ts b/test/e2e/cypress.config.ts new file mode 100644 index 000000000000..b6ec6ecdebd1 --- /dev/null +++ b/test/e2e/cypress.config.ts @@ -0,0 +1,71 @@ +import { defineConfig } from 'cypress' +import got from 'got' +import CRI from 'chrome-remote-interface' +let criPort = 0, + criClient = null + +export default defineConfig({ + chromeWebSecurity: false, + retries: { + runMode: 6, + openMode: 1 + }, + defaultCommandTimeout: 10000, + requestTimeout: 10000, + projectId: 'bc48bg', + video: true, + videoCompression: false, + screenshotOnRunFailure: true, + e2e: { + videosFolder: 'cypress/videos', + screenshotsFolder: 'cypress/screenshots', + excludeSpecPattern: '**/*snapshots.js', + supportFile: 'cypress/support/index.js', + specPattern: '**/*.spec.{js,ts}', + baseUrl: 'http://localhost:4455/', + setupNodeEvents(on, config) { + on('before:browser:launch', (browser, args) => { + criPort = ensureRdpPort(args.args) + console.log('criPort is', criPort) + }) + + on('task', { + httpRequest(params) { + return got(params).then(({ body }) => body) + }, + // Reset chrome remote interface for clean state + async resetCRI() { + if (criClient) { + const c = criClient + criClient = null + await c.close() + } + + return Promise.resolve(true) + }, + // Execute CRI command + async sendCRI(args) { + if (!criClient) { + criClient = await CRI({ port: criPort }) + } + + return criClient.send(args.query, args.opts) + } + }) + } + } +}) + +function ensureRdpPort(args) { + const existing = args.find( + (arg) => arg.slice(0, 23) === '--remote-debugging-port' + ) + + if (existing) { + return Number(existing.split('=')[1]) + } + + const port = 40000 + Math.round(Math.random() * 25000) + args.push(`--remote-debugging-port=${port}`) + return port +} diff --git a/test/e2e/cypress.json b/test/e2e/cypress.json deleted file mode 100644 index ec68a352b4e9..000000000000 --- a/test/e2e/cypress.json +++ /dev/null @@ -1,23 +0,0 @@ -{ - "chromeWebSecurity": false, - "baseUrl": "http://localhost:4455/", - "fixturesFolder": "cypress/fixtures", - "integrationFolder": "cypress/integration", - "pluginsFile": "cypress/plugins/index.js", - "supportFile": "cypress/support/index.js", - "videosFolder": "cypress/videos", - "screenshotsFolder": "cypress/screenshots", - "retries": { - "runMode": 6, - "openMode": 1 - }, - "timeouts": { - "defaultCommandTimeout": 10000, - "requestTimeout": 10000 - }, - "projectId": "bc48bg", - "video": true, - "videoCompression": false, - "screenshotOnRunFailure": true, - "ignoreTestFiles": "snapshots.js" -} diff --git a/test/e2e/modd.conf b/test/e2e/modd.conf index fd249b3e557b..255374066547 100644 --- a/test/e2e/modd.conf +++ b/test/e2e/modd.conf @@ -1,5 +1,5 @@ **/*.go !**/*_test.go { - prep: go build -tags sqlite -o test/e2e/.bin/kratos . + prep: go build -tags sqlite,json1 -o test/e2e/.bin/kratos . prep: test/e2e/.bin/kratos migrate sql -e --yes daemon +sigterm: test/e2e/.bin/kratos serve --watch-courier --dev -c test/e2e/kratos.generated.yml } diff --git a/test/e2e/package-lock.json b/test/e2e/package-lock.json index b3abf04439d0..94d57292225a 100644 --- a/test/e2e/package-lock.json +++ b/test/e2e/package-lock.json @@ -12,11 +12,11 @@ "@types/node": "^16.9.6", "@types/yamljs": "^0.2.31", "chrome-remote-interface": "0.31.2", - "cypress": "^9.5.1", + "cypress": "^10.3.1", "dayjs": "^1.10.4", "got": "^11.8.2", "otplib": "^12.0.1", - "typescript": "^4.4.3", + "typescript": "^4.7.4", "wait-on": "5.3.0", "yamljs": "^0.3.0" } @@ -754,9 +754,9 @@ } }, "node_modules/cypress": { - "version": "9.5.1", - "resolved": "https://registry.npmjs.org/cypress/-/cypress-9.5.1.tgz", - "integrity": "sha512-H7lUWB3Svr44gz1rNnj941xmdsCljXoJa2cDneAltjI9leKLMQLm30x6jLlpQ730tiVtIbW5HdUmBzPzwzfUQg==", + "version": "10.3.1", + "resolved": "https://registry.npmjs.org/cypress/-/cypress-10.3.1.tgz", + "integrity": "sha512-As9HrExjAgpgjCnbiQCuPdw5sWKx5HUJcK2EOKziu642akwufr/GUeqL5UnCPYXTyyibvEdWT/pSC2qnGW/e5w==", "dev": true, "hasInstallScript": true, "dependencies": { @@ -792,7 +792,7 @@ "listr2": "^3.8.3", "lodash": "^4.17.21", "log-symbols": "^4.0.0", - "minimist": "^1.2.5", + "minimist": "^1.2.6", "ospath": "^1.2.2", "pretty-bytes": "^5.6.0", "proxy-from-env": "1.0.0", @@ -1184,9 +1184,9 @@ } }, "node_modules/got": { - "version": "11.8.3", - "resolved": "https://registry.npmjs.org/got/-/got-11.8.3.tgz", - "integrity": "sha512-7gtQ5KiPh1RtGS9/Jbv1ofDpBFuq42gyfEib+ejaRBJuj/3tQFeR5+gw57e4ipaU8c/rCjvX6fkQz2lyDlGAOg==", + "version": "11.8.5", + "resolved": "https://registry.npmjs.org/got/-/got-11.8.5.tgz", + "integrity": "sha512-o0Je4NvQObAuZPHLFoRSkdG2lTgtcynqymzg2Vupdx6PorhaT5MCbIyXG6d4D94kk8ZG57QeosgdiqfJWhEhlQ==", "dev": true, "dependencies": { "@sindresorhus/is": "^4.0.0", @@ -2188,9 +2188,9 @@ } }, "node_modules/typescript": { - "version": "4.6.2", - "resolved": "https://registry.npmjs.org/typescript/-/typescript-4.6.2.tgz", - "integrity": "sha512-HM/hFigTBHZhLXshn9sN37H085+hQGeJHJ/X7LpBWLID/fbc2acUMfU+lGD98X81sKP+pFa9f0DZmCwB9GnbAg==", + "version": "4.7.4", + "resolved": "https://registry.npmjs.org/typescript/-/typescript-4.7.4.tgz", + "integrity": "sha512-C0WQT0gezHuw6AdY1M2jxUO83Rjf0HP7Sk1DtXj6j1EwkQNZrHAg2XPWlq62oqEhYvONq5pkC2Y9oPljWToLmQ==", "dev": true, "bin": { "tsc": "bin/tsc", @@ -2960,9 +2960,9 @@ } }, "cypress": { - "version": "9.5.1", - "resolved": "https://registry.npmjs.org/cypress/-/cypress-9.5.1.tgz", - "integrity": "sha512-H7lUWB3Svr44gz1rNnj941xmdsCljXoJa2cDneAltjI9leKLMQLm30x6jLlpQ730tiVtIbW5HdUmBzPzwzfUQg==", + "version": "10.3.1", + "resolved": "https://registry.npmjs.org/cypress/-/cypress-10.3.1.tgz", + "integrity": "sha512-As9HrExjAgpgjCnbiQCuPdw5sWKx5HUJcK2EOKziu642akwufr/GUeqL5UnCPYXTyyibvEdWT/pSC2qnGW/e5w==", "dev": true, "requires": { "@cypress/request": "^2.88.10", @@ -2997,7 +2997,7 @@ "listr2": "^3.8.3", "lodash": "^4.17.21", "log-symbols": "^4.0.0", - "minimist": "^1.2.5", + "minimist": "^1.2.6", "ospath": "^1.2.2", "pretty-bytes": "^5.6.0", "proxy-from-env": "1.0.0", @@ -3282,9 +3282,9 @@ } }, "got": { - "version": "11.8.3", - "resolved": "https://registry.npmjs.org/got/-/got-11.8.3.tgz", - "integrity": "sha512-7gtQ5KiPh1RtGS9/Jbv1ofDpBFuq42gyfEib+ejaRBJuj/3tQFeR5+gw57e4ipaU8c/rCjvX6fkQz2lyDlGAOg==", + "version": "11.8.5", + "resolved": "https://registry.npmjs.org/got/-/got-11.8.5.tgz", + "integrity": "sha512-o0Je4NvQObAuZPHLFoRSkdG2lTgtcynqymzg2Vupdx6PorhaT5MCbIyXG6d4D94kk8ZG57QeosgdiqfJWhEhlQ==", "dev": true, "requires": { "@sindresorhus/is": "^4.0.0", @@ -4032,9 +4032,9 @@ "dev": true }, "typescript": { - "version": "4.6.2", - "resolved": "https://registry.npmjs.org/typescript/-/typescript-4.6.2.tgz", - "integrity": "sha512-HM/hFigTBHZhLXshn9sN37H085+hQGeJHJ/X7LpBWLID/fbc2acUMfU+lGD98X81sKP+pFa9f0DZmCwB9GnbAg==", + "version": "4.7.4", + "resolved": "https://registry.npmjs.org/typescript/-/typescript-4.7.4.tgz", + "integrity": "sha512-C0WQT0gezHuw6AdY1M2jxUO83Rjf0HP7Sk1DtXj6j1EwkQNZrHAg2XPWlq62oqEhYvONq5pkC2Y9oPljWToLmQ==", "dev": true }, "universalify": { diff --git a/test/e2e/package.json b/test/e2e/package.json index 9d5b327d4ae6..a2d09d3863cf 100644 --- a/test/e2e/package.json +++ b/test/e2e/package.json @@ -13,11 +13,11 @@ "@types/node": "^16.9.6", "@types/yamljs": "^0.2.31", "chrome-remote-interface": "0.31.2", - "cypress": "^9.5.1", + "cypress": "^10.3.1", "dayjs": "^1.10.4", "got": "^11.8.2", "otplib": "^12.0.1", - "typescript": "^4.4.3", + "typescript": "^4.7.4", "wait-on": "5.3.0", "yamljs": "^0.3.0" } From d8c82dabad4f04874647c48ecbf0eda91c7c90fa Mon Sep 17 00:00:00 2001 From: aeneasr <3372410+aeneasr@users.noreply.github.com> Date: Wed, 20 Jul 2022 19:46:38 +0200 Subject: [PATCH 158/411] test(e2e): resolve flaky hydra configuration --- test/e2e/hydra.yml | 13 +++++++++++++ test/e2e/run.sh | 36 ++++++++++++++++-------------------- 2 files changed, 29 insertions(+), 20 deletions(-) create mode 100644 test/e2e/hydra.yml diff --git a/test/e2e/hydra.yml b/test/e2e/hydra.yml new file mode 100644 index 000000000000..117c54897fe0 --- /dev/null +++ b/test/e2e/hydra.yml @@ -0,0 +1,13 @@ +version: v1.11.7 + +dsn: memory + +log: + level: trace + +urls: + self: + issuer: http://localhost:4444 + public: http://localhost:4444 + login: http://localhost:4446/login + consent: http://localhost:4446/consent diff --git a/test/e2e/run.sh b/test/e2e/run.sh index 6ca202b1966a..7209ceaaaa3a 100755 --- a/test/e2e/run.sh +++ b/test/e2e/run.sh @@ -12,9 +12,9 @@ export PATH=.bin:$PATH export KRATOS_PUBLIC_URL=http://localhost:4433/ export KRATOS_BROWSER_URL=http://localhost:4433/ export KRATOS_ADMIN_URL=http://localhost:4434/ -export KRATOS_UI_URL=http://127.0.0.1:4456/ -export KRATOS_UI_REACT_URL=http://127.0.0.1:4458/ -export KRATOS_UI_REACT_NATIVE_URL=http://127.0.0.1:4457/ +export KRATOS_UI_URL=http://localhost:4456/ +export KRATOS_UI_REACT_URL=http://localhost:4458/ +export KRATOS_UI_REACT_NATIVE_URL=http://localhost:4457/ export LOG_LEAK_SENSITIVE_VALUES=true export DEV_DISABLE_API_FLOW_ENFORCEMENT=true @@ -113,13 +113,9 @@ prepare() { >"${base}/test/e2e/rn-profile-app.e2e.log" 2>&1 & ) - DSN=memory URLS_SELF_ISSUER=http://localhost:4444 \ - LOG_LEVEL=trace \ - URLS_LOGIN=http://localhost:4446/login \ - URLS_CONSENT=http://localhost:4446/consent \ - hydra serve all --dangerous-force-http >"${base}/test/e2e/hydra.e2e.log" 2>&1 & + hydra serve all -c hydra.yml --dangerous-force-http >"${base}/test/e2e/hydra.e2e.log" 2>&1 & - (cd test/e2e; npm run wait-on -- -l -t 300000 http-get://127.0.0.1:4445/health/alive) + (cd test/e2e; npm run wait-on -- -l -t 300000 http-get://localhost:4445/health/alive) hydra clients delete \ --endpoint http://localhost:4445 \ @@ -211,22 +207,22 @@ run() { (modd -f test/e2e/modd.conf >"${base}/test/e2e/kratos.e2e.log" 2>&1 &) - npm run wait-on -- -v -l -t 300000 http-get://127.0.0.1:4434/health/ready \ - http-get://127.0.0.1:4455/health/ready \ - http-get://127.0.0.1:4445/health/ready \ - http-get://127.0.0.1:4446/ \ - http-get://127.0.0.1:4456/health/alive \ - http-get://127.0.0.1:4457/ \ - http-get://127.0.0.1:4437/mail \ - http-get://127.0.0.1:4458/ + npm run wait-on -- -v -l -t 300000 http-get://localhost:4434/health/ready \ + http-get://localhost:4455/health/ready \ + http-get://localhost:4445/health/ready \ + http-get://localhost:4446/ \ + http-get://localhost:4456/health/alive \ + http-get://localhost:4457/ \ + http-get://localhost:4437/mail \ + http-get://localhost:4458/ if [[ $dev == "yes" ]]; then - (cd test/e2e; npm run test:watch -- --config integrationFolder="cypress/integration") + (cd test/e2e; npm run test:watch --) else if [ -z ${CYPRESS_RECORD_KEY+x} ]; then - (cd test/e2e; npm run test -- --config integrationFolder="cypress/integration") + (cd test/e2e; npm run test --) else - (cd test/e2e; npm run test -- --record --config integrationFolder="cypress/integration") + (cd test/e2e; npm run test -- --record) fi fi } From 37018c0161d0affe88c9f2574d043f337579e4a9 Mon Sep 17 00:00:00 2001 From: aeneasr <3372410+aeneasr@users.noreply.github.com> Date: Wed, 20 Jul 2022 19:46:43 +0200 Subject: [PATCH 159/411] test(e2e): add typescript --- test/e2e/tsconfig.json | 8 ++++++++ 1 file changed, 8 insertions(+) create mode 100644 test/e2e/tsconfig.json diff --git a/test/e2e/tsconfig.json b/test/e2e/tsconfig.json new file mode 100644 index 000000000000..18edb199acdb --- /dev/null +++ b/test/e2e/tsconfig.json @@ -0,0 +1,8 @@ +{ + "compilerOptions": { + "target": "es5", + "lib": ["es5", "dom"], + "types": ["cypress", "node"] + }, + "include": ["**/*.ts"] +} From 21a8487f984168abbc7279c590c66822414c718e Mon Sep 17 00:00:00 2001 From: aeneasr <3372410+aeneasr@users.noreply.github.com> Date: Wed, 20 Jul 2022 19:46:59 +0200 Subject: [PATCH 160/411] test(e2e): fix flaky assertions --- .../profiles/email/login/success.spec.ts | 8 ++--- .../profiles/email/logout/success.spec.ts | 2 +- .../email/registration/success.spec.ts | 16 +++++----- .../integration/profiles/mfa/totp.spec.ts | 4 +-- .../profiles/oidc/login/success.spec.ts | 8 ++--- .../profiles/oidc/logout/success.spec.ts | 2 +- test/e2e/cypress/plugins/index.js | 28 ------------------ test/e2e/cypress/support/commands.ts | 5 +++- test/e2e/profiles/kratos.base.yml | 1 + test/e2e/proxy/proxy.js | 29 ++++++++++++------- 10 files changed, 43 insertions(+), 60 deletions(-) diff --git a/test/e2e/cypress/integration/profiles/email/login/success.spec.ts b/test/e2e/cypress/integration/profiles/email/login/success.spec.ts index c64874d868e8..4a8c5f846f6f 100644 --- a/test/e2e/cypress/integration/profiles/email/login/success.spec.ts +++ b/test/e2e/cypress/integration/profiles/email/login/success.spec.ts @@ -68,13 +68,13 @@ describe('Basic email profile with succeeding login flows', () => { it('should sign in and be redirected', () => { cy.browserReturnUrlOry() - cy.visit(route + '?return_to=https://www.ory.sh/') + cy.visit(route + '?return_to=https://www.example.org/') cy.get('input[name="identifier"]').type(email.toUpperCase()) cy.get('input[name="password"]').type(password) cy.submitPasswordForm() - cy.url().should('eq', 'https://www.ory.sh/') + cy.url().should('eq', 'https://www.example.org/') }) }) }) @@ -95,7 +95,7 @@ describe('Basic email profile with succeeding login flows', () => { cy.shortLoginLifespan() cy.wait(500) - cy.visit(express.login + '?return_to=https://www.ory.sh/') + cy.visit(express.login + '?return_to=https://www.example.org/') cy.longLoginLifespan() @@ -116,7 +116,7 @@ describe('Basic email profile with succeeding login flows', () => { cy.submitPasswordForm() // check that redirection has happened - cy.url().should('eq', 'https://www.ory.sh/') + cy.url().should('eq', 'https://www.example.org/') }) }) }) diff --git a/test/e2e/cypress/integration/profiles/email/logout/success.spec.ts b/test/e2e/cypress/integration/profiles/email/logout/success.spec.ts index 6ae293e305d3..32e7792f6e02 100644 --- a/test/e2e/cypress/integration/profiles/email/logout/success.spec.ts +++ b/test/e2e/cypress/integration/profiles/email/logout/success.spec.ts @@ -39,7 +39,7 @@ context('Testing logout flows', () => { it('should sign out and be able to sign in again', () => { cy.getSession() cy.getCookie('ory_kratos_session').should('not.be.null') - cy.get(`${appPrefix(app)} [data-testid="logout"]`).click() + cy.get(`${appPrefix(app)} [data-testid="logout"]:not(.disabled)`).click() cy.noSession() cy.url().should('include', '/login') cy.getCookie('ory_kratos_session').should('be.null') diff --git a/test/e2e/cypress/integration/profiles/email/registration/success.spec.ts b/test/e2e/cypress/integration/profiles/email/registration/success.spec.ts index 2730d75071dc..725c41b08b30 100644 --- a/test/e2e/cypress/integration/profiles/email/registration/success.spec.ts +++ b/test/e2e/cypress/integration/profiles/email/registration/success.spec.ts @@ -29,7 +29,7 @@ context('Registration success with email profile', () => { it('should sign up and be logged in', () => { const email = gen.email() const password = gen.password() - const website = 'https://www.ory.sh/' + const website = 'https://www.example.org/' const age = 30 cy.get(appPrefix(app) + 'input[name="traits"]').should('not.exist') @@ -62,7 +62,7 @@ context('Registration success with email profile', () => { cy.get('input[name="traits"]').should('not.exist') cy.get('input[name="traits.email"]').type(email) cy.get('input[name="password"]').type(password) - const website = 'https://www.ory.sh/' + const website = 'https://www.example.org/' cy.get('input[name="traits.website"]').type(website) cy.submitPasswordForm() @@ -83,18 +83,18 @@ context('Registration success with email profile', () => { it('should sign up and be redirected', () => { cy.browserReturnUrlOry() - cy.visit(route + '?return_to=https://www.ory.sh/') + cy.visit(route + '?return_to=https://www.example.org/') const email = gen.email() const password = gen.password() - const website = 'https://www.ory.sh/' + const website = 'https://www.example.org/' cy.get('input[name="traits"]').should('not.exist') cy.get('input[name="traits.email"]').type(email) cy.get('input[name="traits.website').type(website) cy.get('input[name="password"]').type(password) cy.submitPasswordForm() - cy.url().should('eq', 'https://www.ory.sh/') + cy.url().should('eq', 'https://www.example.org/') }) }) }) @@ -106,12 +106,12 @@ context('Registration success with email profile', () => { cy.shortRegisterLifespan() cy.browserReturnUrlOry() cy.proxy('express') - cy.visit(express.registration + '?return_to=https://www.ory.sh/') + cy.visit(express.registration + '?return_to=https://www.example.org/') cy.wait(105) const email = gen.email() const password = gen.password() - const website = 'https://www.ory.sh/' + const website = 'https://www.example.org/' cy.get(appPrefix('express') + 'input[name="traits"]').should('not.exist') cy.get('input[name="traits.email"]').type(email) @@ -133,7 +133,7 @@ context('Registration success with email profile', () => { cy.get('input[name="password"]').type(password) cy.submitPasswordForm() - cy.url().should('eq', 'https://www.ory.sh/') + cy.url().should('eq', 'https://www.example.org/') }) }) }) diff --git a/test/e2e/cypress/integration/profiles/mfa/totp.spec.ts b/test/e2e/cypress/integration/profiles/mfa/totp.spec.ts index 767b638d1e16..073f38e4b293 100644 --- a/test/e2e/cypress/integration/profiles/mfa/totp.spec.ts +++ b/test/e2e/cypress/integration/profiles/mfa/totp.spec.ts @@ -113,7 +113,7 @@ context('2FA lookup secrets', () => { }) cy.clearAllCookies() - cy.visit(`${login}?return_to=https://www.ory.sh/`) + cy.visit(`${login}?return_to=https://www.example.org/`) cy.get('input[name="identifier"]').type(email) cy.get('input[name="password"]').type(password) @@ -134,7 +134,7 @@ context('2FA lookup secrets', () => { cy.wrap($e).type(authenticator.generate(secret)) }) cy.get('*[name="method"][value="totp"]').click() - cy.url().should('eq', 'https://www.ory.sh/') + cy.url().should('eq', 'https://www.example.org/') }) it('should go through several totp lifecycles', () => { diff --git a/test/e2e/cypress/integration/profiles/oidc/login/success.spec.ts b/test/e2e/cypress/integration/profiles/oidc/login/success.spec.ts index 19b379f58b53..4abd1b77b60e 100644 --- a/test/e2e/cypress/integration/profiles/oidc/login/success.spec.ts +++ b/test/e2e/cypress/integration/profiles/oidc/login/success.spec.ts @@ -40,13 +40,13 @@ context('Social Sign In Successes', () => { cy.registerOidc({ email, website, - route: registration + '?return_to=https://example.org/' + route: registration + '?return_to=https://www.example.org/' }) - cy.location('href').should('eq', 'https://example.org/') + cy.location('href').should('eq', 'https://www.example.org/') cy.logout() cy.noSession() - cy.loginOidc({ url: login + '?return_to=https://example.org/' }) - cy.location('href').should('eq', 'https://example.org/') + cy.loginOidc({ url: login + '?return_to=https://www.example.org/' }) + cy.location('href').should('eq', 'https://www.example.org/') }) }) }) diff --git a/test/e2e/cypress/integration/profiles/oidc/logout/success.spec.ts b/test/e2e/cypress/integration/profiles/oidc/logout/success.spec.ts index 06d620ea39fc..26efcf214201 100644 --- a/test/e2e/cypress/integration/profiles/oidc/logout/success.spec.ts +++ b/test/e2e/cypress/integration/profiles/oidc/logout/success.spec.ts @@ -34,7 +34,7 @@ context('Social Sign Out Successes', () => { }) it('should sign out and be able to sign in again', () => { - cy.get(appPrefix(app) + '[data-testid=logout]').click() + cy.get(`${appPrefix(app)} [data-testid="logout"]:not(disabled)`).click() cy.noSession() cy.url().should('include', '/login') }) diff --git a/test/e2e/cypress/plugins/index.js b/test/e2e/cypress/plugins/index.js index 3cdc84edf96a..6f7c44ee22a2 100644 --- a/test/e2e/cypress/plugins/index.js +++ b/test/e2e/cypress/plugins/index.js @@ -11,34 +11,6 @@ let criPort = 0, module.exports = (on) => { // `on` is used to hook into various events Cypress emits // `config` is the resolved Cypress config - on('before:browser:launch', (browser, args) => { - criPort = ensureRdpPort(args.args) - console.log('criPort is', criPort) - }) - - on('task', { - httpRequest(params) { - return got(params).then(({ body }) => body) - }, - // Reset chrome remote interface for clean state - async resetCRI() { - if (criClient) { - const c = criClient - criClient = null - await c.close() - } - - return Promise.resolve(true) - }, - // Execute CRI command - async sendCRI(args) { - if (!criClient) { - criClient = await CRI({ port: criPort }) - } - - return criClient.send(args.query, args.opts) - } - }) } function ensureRdpPort(args) { diff --git a/test/e2e/cypress/support/commands.ts b/test/e2e/cypress/support/commands.ts index 3f3c78b3af6f..22814fac8a60 100644 --- a/test/e2e/cypress/support/commands.ts +++ b/test/e2e/cypress/support/commands.ts @@ -567,7 +567,10 @@ Cypress.Commands.add('longRegisterLifespan', ({} = {}) => { Cypress.Commands.add('browserReturnUrlOry', ({} = {}) => { updateConfigFile((config) => { - config.selfservice.allowed_return_urls = ['https://www.ory.sh/'] + config.selfservice.allowed_return_urls = [ + 'https://www.ory.sh/', + 'https://www.example.org/', + ] return config }) }) diff --git a/test/e2e/profiles/kratos.base.yml b/test/e2e/profiles/kratos.base.yml index 06a94597defd..849d22355ea0 100644 --- a/test/e2e/profiles/kratos.base.yml +++ b/test/e2e/profiles/kratos.base.yml @@ -12,6 +12,7 @@ selfservice: - http://localhost:4455 - https://www.ory.sh/ - https://example.org/ + - https://www.example.org/ methods: link: config: diff --git a/test/e2e/proxy/proxy.js b/test/e2e/proxy/proxy.js index 31b01cff8cfd..e7cab7ef7345 100644 --- a/test/e2e/proxy/proxy.js +++ b/test/e2e/proxy/proxy.js @@ -5,22 +5,29 @@ const fs = require('fs') const app = express() -const proxy = (base, prefix = null) => (req, res, next) => { - let url = urljoin(base, req.url) - if (prefix) { - url = urljoin(base, prefix, req.url) +const proxy = + (base, prefix = null) => + (req, res, next) => { + let url = urljoin(base, req.url) + if (prefix) { + url = urljoin(base, prefix, req.url) + } + req + .pipe(request(url, { followRedirect: false }).on('error', next)) + .pipe(res) } - req - .pipe(request(url, {followRedirect: false}).on('error', next)) - .pipe(res) -} -app.use('/self-service/', proxy(process.env.KRATOS_PUBLIC_URL, '/self-service/')) +app.use( + '/self-service/', + proxy(process.env.KRATOS_PUBLIC_URL, '/self-service/') +) app.use('/schemas/', proxy(process.env.KRATOS_PUBLIC_URL, '/schemas/')) app.use('/.well-known/', proxy(process.env.KRATOS_PUBLIC_URL, '/.well-known/')) app.use('/', (req, res, next) => { - const pc = JSON.parse(fs.readFileSync(require.resolve('../proxy.json')).toString()) + const pc = JSON.parse( + fs.readFileSync(require.resolve('../proxy.json')).toString() + ) switch (pc) { case 'react': proxy(process.env.KRATOS_UI_REACT_URL)(req, res, next) @@ -38,4 +45,4 @@ let listener = () => { console.log(`Listening on http://0.0.0.0:${port}`) } -app.listen(port, "0.0.0.0", listener) +app.listen(port, '0.0.0.0', listener) From 26001e7544b60ad0004153773a21c1d04abf9987 Mon Sep 17 00:00:00 2001 From: aeneasr <3372410+aeneasr@users.noreply.github.com> Date: Wed, 20 Jul 2022 19:49:28 +0200 Subject: [PATCH 161/411] test(e2e): fix webauthn regression --- test/e2e/cypress.config.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/e2e/cypress.config.ts b/test/e2e/cypress.config.ts index b6ec6ecdebd1..5ae1ff14e4ca 100644 --- a/test/e2e/cypress.config.ts +++ b/test/e2e/cypress.config.ts @@ -1,6 +1,6 @@ import { defineConfig } from 'cypress' import got from 'got' -import CRI from 'chrome-remote-interface' +const CRI = require('chrome-remote-interface') let criPort = 0, criClient = null From de777710abf20e2bd7e5831708dd497a03ac98ec Mon Sep 17 00:00:00 2001 From: aeneasr <3372410+aeneasr@users.noreply.github.com> Date: Wed, 20 Jul 2022 19:57:17 +0200 Subject: [PATCH 162/411] chore: format --- .../cypress/integration/profiles/email/logout/success.spec.ts | 4 +++- test/e2e/cypress/support/commands.ts | 2 +- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/test/e2e/cypress/integration/profiles/email/logout/success.spec.ts b/test/e2e/cypress/integration/profiles/email/logout/success.spec.ts index 32e7792f6e02..03c3a3ecb85b 100644 --- a/test/e2e/cypress/integration/profiles/email/logout/success.spec.ts +++ b/test/e2e/cypress/integration/profiles/email/logout/success.spec.ts @@ -39,7 +39,9 @@ context('Testing logout flows', () => { it('should sign out and be able to sign in again', () => { cy.getSession() cy.getCookie('ory_kratos_session').should('not.be.null') - cy.get(`${appPrefix(app)} [data-testid="logout"]:not(.disabled)`).click() + cy.get( + `${appPrefix(app)} [data-testid="logout"]:not(.disabled)` + ).click() cy.noSession() cy.url().should('include', '/login') cy.getCookie('ory_kratos_session').should('be.null') diff --git a/test/e2e/cypress/support/commands.ts b/test/e2e/cypress/support/commands.ts index 22814fac8a60..ab21496b785e 100644 --- a/test/e2e/cypress/support/commands.ts +++ b/test/e2e/cypress/support/commands.ts @@ -569,7 +569,7 @@ Cypress.Commands.add('browserReturnUrlOry', ({} = {}) => { updateConfigFile((config) => { config.selfservice.allowed_return_urls = [ 'https://www.ory.sh/', - 'https://www.example.org/', + 'https://www.example.org/' ] return config }) From 907dbe3f605d5be5038ddc06029082b2df0914e2 Mon Sep 17 00:00:00 2001 From: aeneasr <3372410+aeneasr@users.noreply.github.com> Date: Wed, 20 Jul 2022 20:38:28 +0200 Subject: [PATCH 163/411] test(e2e): use correct dir --- test/e2e/run.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/e2e/run.sh b/test/e2e/run.sh index 7209ceaaaa3a..7a15b34a2b01 100755 --- a/test/e2e/run.sh +++ b/test/e2e/run.sh @@ -113,7 +113,7 @@ prepare() { >"${base}/test/e2e/rn-profile-app.e2e.log" 2>&1 & ) - hydra serve all -c hydra.yml --dangerous-force-http >"${base}/test/e2e/hydra.e2e.log" 2>&1 & + hydra serve all -c test/e2e/hydra.yml --dangerous-force-http >"${base}/test/e2e/hydra.e2e.log" 2>&1 & (cd test/e2e; npm run wait-on -- -l -t 300000 http-get://localhost:4445/health/alive) From 4d323d01b53b9f7b0dc346211ac4fda0626d357a Mon Sep 17 00:00:00 2001 From: aeneasr <3372410+aeneasr@users.noreply.github.com> Date: Wed, 20 Jul 2022 21:20:59 +0200 Subject: [PATCH 164/411] test(e2e): improve webauthn test reliability --- test/e2e/cypress/integration/profiles/mfa/mix.spec.ts | 5 +---- test/e2e/cypress/integration/profiles/mfa/webauthn.spec.ts | 5 +---- test/e2e/package.json | 2 +- 3 files changed, 3 insertions(+), 9 deletions(-) diff --git a/test/e2e/cypress/integration/profiles/mfa/mix.spec.ts b/test/e2e/cypress/integration/profiles/mfa/mix.spec.ts index 2e585274a8e2..0e186c580d37 100644 --- a/test/e2e/cypress/integration/profiles/mfa/mix.spec.ts +++ b/test/e2e/cypress/integration/profiles/mfa/mix.spec.ts @@ -4,10 +4,7 @@ import { routes as react } from '../../../helpers/react' import { routes as express } from '../../../helpers/express' context('2FA with various methods', () => { - before(() => { - cy.task('resetCRI', {}) - }) - after(() => { + beforeEach(() => { cy.task('resetCRI', {}) }) ;[ diff --git a/test/e2e/cypress/integration/profiles/mfa/webauthn.spec.ts b/test/e2e/cypress/integration/profiles/mfa/webauthn.spec.ts index e12b177ed7ad..2be497f5d93d 100644 --- a/test/e2e/cypress/integration/profiles/mfa/webauthn.spec.ts +++ b/test/e2e/cypress/integration/profiles/mfa/webauthn.spec.ts @@ -3,10 +3,7 @@ import { routes as react } from '../../../helpers/react' import { routes as express } from '../../../helpers/express' context('2FA WebAuthn', () => { - before(() => { - cy.task('resetCRI', {}) - }) - after(() => { + beforeEach(() => { cy.task('resetCRI', {}) }) ;[ diff --git a/test/e2e/package.json b/test/e2e/package.json index a2d09d3863cf..556a716ace81 100644 --- a/test/e2e/package.json +++ b/test/e2e/package.json @@ -2,7 +2,7 @@ "name": "@ory/kratos-e2e-suite", "version": "0.0.1", "scripts": { - "test": "cypress run --browser chrome", + "test": "cypress run --browser chrome --e2e", "test:watch": "cypress open --browser chrome", "openapi-generator-cli": "openapi-generator-cli", "wait-on": "wait-on", From 70211a17a452d5ced8317822afda3f8e6185cc71 Mon Sep 17 00:00:00 2001 From: aeneasr <3372410+aeneasr@users.noreply.github.com> Date: Wed, 20 Jul 2022 23:24:02 +0200 Subject: [PATCH 165/411] fix: make hydra consistently localhost --- .github/workflows/ci.yaml | 6 +++--- script/test-envs.sh | 6 +++--- script/testenv.sh | 2 +- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index d09d798ad6aa..56076ba10d2a 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -44,8 +44,8 @@ jobs: env: TEST_MAILHOG_SMTP: "smtp://test:test@127.0.0.1:1025/?disable_starttls=true" TEST_MAILHOG_API: http://127.0.0.1:8025 - TEST_SELFSERVICE_OIDC_HYDRA_ADMIN: http://127.0.0.1:4445 - TEST_SELFSERVICE_OIDC_HYDRA_PUBLIC: http://127.0.0.1:4444 + TEST_SELFSERVICE_OIDC_HYDRA_ADMIN: http://localhost:4445 + TEST_SELFSERVICE_OIDC_HYDRA_PUBLIC: http://localhost:4444 TEST_SELFSERVICE_OIDC_HYDRA_INTEGRATION_ADDR: http://127.0.0.1:4499 TEST_DATABASE_POSTGRESQL: "postgres://test:test@localhost:5432/postgres?sslmode=disable" TEST_DATABASE_MYSQL: "mysql://root:test@(localhost:3306)/mysql?parseTime=true&multiStatements=true" @@ -65,7 +65,7 @@ jobs: - run: | docker create --name hydra -p 4445:4445 -p 4444:4444 \ -e DSN=memory \ - -e URLS_SELF_ISSUER=http://127.0.0.1:4444/ \ + -e URLS_SELF_ISSUER=http://localhost:4444/ \ -e URLS_LOGIN=http://127.0.0.1:4499/login \ -e URLS_CONSENT=http://127.0.0.1:4499/consent \ oryd/hydra:v1.4.10 serve all --dangerous-force-http diff --git a/script/test-envs.sh b/script/test-envs.sh index fb6b8d32e36f..426034b99a62 100755 --- a/script/test-envs.sh +++ b/script/test-envs.sh @@ -3,6 +3,6 @@ export TEST_DATABASE_MYSQL="mysql://root:secret@(127.0.0.1:3444)/mysql?parseTime=true&multiStatements=true" export TEST_DATABASE_POSTGRESQL="postgres://postgres:secret@127.0.0.1:3445/postgres?sslmode=disable" export TEST_DATABASE_COCKROACHDB="cockroach://root@127.0.0.1:3446/defaultdb?sslmode=disable" -export TEST_SELFSERVICE_OIDC_HYDRA_ADMIN=http://127.0.0.1:4445 -export TEST_SELFSERVICE_OIDC_HYDRA_PUBLIC=http://127.0.0.1:4444 -export TEST_SELFSERVICE_OIDC_HYDRA_INTEGRATION_ADDR=http://127.0.0.1:4446 +export TEST_SELFSERVICE_OIDC_HYDRA_ADMIN=http://localhost:4445 +export TEST_SELFSERVICE_OIDC_HYDRA_PUBLIC=http://localhost:4444 +export TEST_SELFSERVICE_OIDC_HYDRA_INTEGRATION_ADDR=http://localhost:4446 diff --git a/script/testenv.sh b/script/testenv.sh index 7e961cb74a75..80c33afa6215 100755 --- a/script/testenv.sh +++ b/script/testenv.sh @@ -4,6 +4,6 @@ docker rm -f kratos_test_database_mysql kratos_test_database_postgres kratos_tes docker run --platform linux/amd64 --name kratos_test_database_mysql -p 3444:3306 -e MYSQL_ROOT_PASSWORD=secret -d mysql:8.0.23 docker run --platform linux/amd64 --name kratos_test_database_postgres -p 3445:5432 -e POSTGRES_PASSWORD=secret -e POSTGRES_DB=postgres -d postgres:11.8 postgres -c log_statement=all docker run --platform linux/amd64 --name kratos_test_database_cockroach -p 3446:26257 -p 3447:8080 -d cockroachdb/cockroach:v21.2.6 start-single-node --insecure -docker run --platform linux/amd64 --name kratos_test_hydra -p 4444:4444 -p 4445:4445 -d -e DSN=memory -e URLS_SELF_ISSUER=http://127.0.0.1:4444 -e URLS_LOGIN=http://127.0.0.1:4446/login -e URLS_CONSENT=http://127.0.0.1:4446/consent oryd/hydra:v1.9.2-sqlite serve all --dangerous-force-http +docker run --platform linux/amd64 --name kratos_test_hydra -p 4444:4444 -p 4445:4445 -d -e DSN=memory -e URLS_SELF_ISSUER=http://localhost:4444 -e URLS_LOGIN=http://localhost:4446/login -e URLS_CONSENT=http://localhost:4446/consent oryd/hydra:v1.9.2-sqlite serve all --dangerous-force-http source script/test-envs.sh From 11822789c1561b27c2d769c9ea53a81835702f4a Mon Sep 17 00:00:00 2001 From: aeneasr <3372410+aeneasr@users.noreply.github.com> Date: Wed, 20 Jul 2022 23:24:36 +0200 Subject: [PATCH 166/411] fix: panic --- selfservice/strategy/oidc/strategy_registration.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/selfservice/strategy/oidc/strategy_registration.go b/selfservice/strategy/oidc/strategy_registration.go index 460f12248be7..794eaecde838 100644 --- a/selfservice/strategy/oidc/strategy_registration.go +++ b/selfservice/strategy/oidc/strategy_registration.go @@ -197,7 +197,7 @@ func (s *Strategy) processRegistration(w http.ResponseWriter, r *http.Request, a i, err := s.createIdentity(w, r, a, claims, provider, container, jn) if err != nil { - return nil, s.handleError(w, r, a, provider.Config().ID, i.Traits, err) + return nil, s.handleError(w, r, a, provider.Config().ID, nil, err) } // Validate the identity itself From 05afd68381abe58c5e7cdd51cbf0ae409f5f0eb0 Mon Sep 17 00:00:00 2001 From: aeneasr <3372410+aeneasr@users.noreply.github.com> Date: Wed, 20 Jul 2022 23:25:10 +0200 Subject: [PATCH 167/411] fix: metadata should not be required --- selfservice/strategy/oidc/strategy_registration.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/selfservice/strategy/oidc/strategy_registration.go b/selfservice/strategy/oidc/strategy_registration.go index 794eaecde838..9df483827abe 100644 --- a/selfservice/strategy/oidc/strategy_registration.go +++ b/selfservice/strategy/oidc/strategy_registration.go @@ -299,7 +299,7 @@ func (s *Strategy) setMetadata(evaluated string, i *identity.Identity, m Metadat } metadata := gjson.Get(evaluated, string(m)) - if !metadata.IsObject() { + if metadata.Exists() && !metadata.IsObject() { return errors.WithStack(herodot.ErrInternalServerError.WithReasonf("OpenID Connect Jsonnet mapper did not return an object for key %s. Please check your Jsonnet code!", m)) } From 28ccc011a69e4df392f01023e2e4de568ba4f047 Mon Sep 17 00:00:00 2001 From: aeneasr <3372410+aeneasr@users.noreply.github.com> Date: Thu, 21 Jul 2022 08:29:28 +0200 Subject: [PATCH 168/411] ci: bump hydra --- .github/workflows/ci.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 56076ba10d2a..4c63e4b64ba3 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -68,7 +68,7 @@ jobs: -e URLS_SELF_ISSUER=http://localhost:4444/ \ -e URLS_LOGIN=http://127.0.0.1:4499/login \ -e URLS_CONSENT=http://127.0.0.1:4499/consent \ - oryd/hydra:v1.4.10 serve all --dangerous-force-http + oryd/hydra:v1.9.2-sqlite serve all --dangerous-force-http docker start hydra docker logs -f hydra &> /tmp/hydra.log & name: Start Hydra From 6c14b682d0984175495051308985281d72c0988e Mon Sep 17 00:00:00 2001 From: aeneasr <3372410+aeneasr@users.noreply.github.com> Date: Thu, 21 Jul 2022 08:31:42 +0200 Subject: [PATCH 169/411] test: fix oidc test regression --- selfservice/strategy/oidc/strategy_test.go | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/selfservice/strategy/oidc/strategy_test.go b/selfservice/strategy/oidc/strategy_test.go index bfc196492457..405f2eb47cea 100644 --- a/selfservice/strategy/oidc/strategy_test.go +++ b/selfservice/strategy/oidc/strategy_test.go @@ -74,10 +74,11 @@ func TestStrategy(t *testing.T) { oidc.Configuration{ Provider: "generic", ID: "invalid-issuer", - ClientID: "client", + ClientID: "client-invalid", ClientSecret: "secret", - IssuerURL: strings.Replace(remotePublic, "127.0.0.1", "localhost", 1) + "/", - Mapper: "file://./stub/oidc.hydra.jsonnet", + // We replace this URL to cause an issuer validation mismatch. + IssuerURL: strings.Replace(remotePublic, "localhost", "127.0.0.1", 1) + "/", + Mapper: "file://./stub/oidc.hydra.jsonnet", }, ) From 43fcc51b9bf6996fc4f7b0ef797189eb8f3978dc Mon Sep 17 00:00:00 2001 From: Erol Keskin Date: Thu, 21 Jul 2022 11:18:36 +0300 Subject: [PATCH 170/411] fix: duplicate messages in recovery flow (#2592) --- selfservice/flow/recovery/error.go | 1 + .../profiles/recovery/recovery/errors.spec.ts | 16 ++++++++++++++++ 2 files changed, 17 insertions(+) diff --git a/selfservice/flow/recovery/error.go b/selfservice/flow/recovery/error.go index a560fc4081cb..c39b960dde74 100644 --- a/selfservice/flow/recovery/error.go +++ b/selfservice/flow/recovery/error.go @@ -95,6 +95,7 @@ func (s *ErrorHandler) WriteFlowError( return } + f.UI.ResetMessages() if err := f.UI.ParseError(group, err); err != nil { s.forward(w, r, f, err) return diff --git a/test/e2e/cypress/integration/profiles/recovery/recovery/errors.spec.ts b/test/e2e/cypress/integration/profiles/recovery/recovery/errors.spec.ts index 8678e44e5925..0d98f2563c2a 100644 --- a/test/e2e/cypress/integration/profiles/recovery/recovery/errors.spec.ts +++ b/test/e2e/cypress/integration/profiles/recovery/recovery/errors.spec.ts @@ -114,6 +114,22 @@ context('Account Recovery Errors', () => { cy.get('[name="method"][value="link"]').should('exist') }) + it('should cause non-repeating form errors after submitting empty form twice. see: #2512', () => { + cy.visit(recovery) + cy.get('button[value="link"]').click() + cy.location('pathname').should('eq', '/recovery') + + cy.get('button[value="link"]').click() + cy.get('[data-testid="ui/message/4000002"]').should( + 'contain.text', + 'Property email is missing.' + ) + cy.get('form') + .find('[data-testid="ui/message/4000002"]') + .should('have.length', 1) + cy.get('[name="method"][value="link"]').should('exist') + }) + it('is unable to recover the email address if the code is expired', () => { cy.shortLinkLifespan() const identity = gen.identityWithWebsite() From a4194f58dd4ccecca6698d5b43284d857a70a221 Mon Sep 17 00:00:00 2001 From: Theodor Brandt Date: Thu, 21 Jul 2022 10:21:53 +0200 Subject: [PATCH 171/411] fix: return browser to 'return_to' when logging in without registered account using oidc. (#2496) Close #2444 Co-authored-by: aeneasr <3372410+aeneasr@users.noreply.github.com> --- selfservice/flow/login/flow.go | 4 +++ selfservice/flow/login/flow_test.go | 10 ++++++++ selfservice/flow/login/handler.go | 13 +++++++++- selfservice/flow/login/hook.go | 1 + selfservice/flow/recovery/flow.go | 4 +++ selfservice/flow/recovery/flow_test.go | 10 ++++++++ selfservice/flow/registration/flow.go | 4 +++ selfservice/flow/registration/flow_test.go | 10 ++++++++ selfservice/flow/registration/handler.go | 12 ++++++++- selfservice/flow/registration/hook.go | 1 + selfservice/flow/settings/flow.go | 4 +++ selfservice/flow/settings/flow_test.go | 10 ++++++++ selfservice/strategy/oidc/strategy_login.go | 9 +++++-- .../strategy/oidc/strategy_registration.go | 8 +++++- selfservice/strategy/oidc/strategy_test.go | 25 ++++++++++++++++++- x/http_secure_redirect.go | 20 ++++++++++++--- 16 files changed, 135 insertions(+), 10 deletions(-) diff --git a/selfservice/flow/login/flow.go b/selfservice/flow/login/flow.go index 13eb1ae86104..ff631ddc0c26 100644 --- a/selfservice/flow/login/flow.go +++ b/selfservice/flow/login/flow.go @@ -192,6 +192,10 @@ func (f Flow) MarshalJSON() ([]byte, error) { } func (f *Flow) SetReturnTo() { + // Return to is already set, do not overwrite it. + if len(f.ReturnTo) > 0 { + return + } if u, err := url.Parse(f.RequestURL); err == nil { f.ReturnTo = u.Query().Get("return_to") } diff --git a/selfservice/flow/login/flow_test.go b/selfservice/flow/login/flow_test.go index b8c549e85595..d82a2b508bac 100644 --- a/selfservice/flow/login/flow_test.go +++ b/selfservice/flow/login/flow_test.go @@ -158,3 +158,13 @@ func TestFlowEncodeJSON(t *testing.T) { assert.EqualValues(t, "/bar", gjson.Get(jsonx.TestMarshalJSONString(t, &login.Flow{RequestURL: "https://foo.bar?return_to=/bar"}), "return_to").String()) assert.EqualValues(t, "/bar", gjson.Get(jsonx.TestMarshalJSONString(t, login.Flow{RequestURL: "https://foo.bar?return_to=/bar"}), "return_to").String()) } + +func TestFlowDontOverrideReturnTo(t *testing.T) { + f := &login.Flow{ReturnTo: "/foo"} + f.SetReturnTo() + assert.Equal(t, "/foo", f.ReturnTo) + + f = &login.Flow{RequestURL: "https://foo.bar?return_to=/bar"} + f.SetReturnTo() + assert.Equal(t, "/bar", f.ReturnTo) +} diff --git a/selfservice/flow/login/handler.go b/selfservice/flow/login/handler.go index 33f937f74e21..9e400f1e9c89 100644 --- a/selfservice/flow/login/handler.go +++ b/selfservice/flow/login/handler.go @@ -86,12 +86,23 @@ func (h *Handler) RegisterAdminRoutes(admin *x.RouterAdmin) { admin.GET(RouteSubmitFlow, x.RedirectToPublicRoute(h.d)) } -func (h *Handler) NewLoginFlow(w http.ResponseWriter, r *http.Request, ft flow.Type) (*Flow, error) { +type FlowOption func(f *Flow) + +func WithFlowReturnTo(returnTo string) FlowOption { + return func(f *Flow) { + f.ReturnTo = returnTo + } +} + +func (h *Handler) NewLoginFlow(w http.ResponseWriter, r *http.Request, ft flow.Type, opts ...FlowOption) (*Flow, error) { conf := h.d.Config(r.Context()) f, err := NewFlow(conf, conf.SelfServiceFlowLoginRequestLifespan(), h.d.GenerateCSRFToken(r), r, ft) if err != nil { return nil, err } + for _, o := range opts { + o(f) + } if f.RequestedAAL == "" { f.RequestedAAL = identity.AuthenticatorAssuranceLevel1 diff --git a/selfservice/flow/login/hook.go b/selfservice/flow/login/hook.go index 53bf0c37d141..8ecf6eae2cc9 100644 --- a/selfservice/flow/login/hook.go +++ b/selfservice/flow/login/hook.go @@ -82,6 +82,7 @@ func (e *HookExecutor) PostLoginHook(w http.ResponseWriter, r *http.Request, a * // Verify the redirect URL before we do any other processing. c := e.d.Config(r.Context()) returnTo, err := x.SecureRedirectTo(r, c.SelfServiceBrowserDefaultReturnTo(), + x.SecureRedirectReturnTo(a.ReturnTo), x.SecureRedirectUseSourceURL(a.RequestURL), x.SecureRedirectAllowURLs(c.SelfServiceBrowserAllowedReturnToDomains()), x.SecureRedirectAllowSelfServiceURLs(c.SelfPublicURL()), diff --git a/selfservice/flow/recovery/flow.go b/selfservice/flow/recovery/flow.go index 48d8f0de1e1b..5842708fa1d2 100644 --- a/selfservice/flow/recovery/flow.go +++ b/selfservice/flow/recovery/flow.go @@ -191,6 +191,10 @@ func (f Flow) MarshalJSON() ([]byte, error) { } func (f *Flow) SetReturnTo() { + // Return to is already set, do not overwrite it. + if len(f.ReturnTo) > 0 { + return + } if u, err := url.Parse(f.RequestURL); err == nil { f.ReturnTo = u.Query().Get("return_to") } diff --git a/selfservice/flow/recovery/flow_test.go b/selfservice/flow/recovery/flow_test.go index 3510a19371d8..ba08845fb295 100644 --- a/selfservice/flow/recovery/flow_test.go +++ b/selfservice/flow/recovery/flow_test.go @@ -101,3 +101,13 @@ func TestFromOldFlow(t *testing.T) { }) } } + +func TestFlowDontOverrideReturnTo(t *testing.T) { + f := &recovery.Flow{ReturnTo: "/foo"} + f.SetReturnTo() + assert.Equal(t, "/foo", f.ReturnTo) + + f = &recovery.Flow{RequestURL: "https://foo.bar?return_to=/bar"} + f.SetReturnTo() + assert.Equal(t, "/bar", f.ReturnTo) +} diff --git a/selfservice/flow/registration/flow.go b/selfservice/flow/registration/flow.go index b2d21cad4603..da7cff04d15f 100644 --- a/selfservice/flow/registration/flow.go +++ b/selfservice/flow/registration/flow.go @@ -159,6 +159,10 @@ func (f Flow) MarshalJSON() ([]byte, error) { } func (f *Flow) SetReturnTo() { + // Return to is already set, do not overwrite it. + if len(f.ReturnTo) > 0 { + return + } if u, err := url.Parse(f.RequestURL); err == nil { f.ReturnTo = u.Query().Get("return_to") } diff --git a/selfservice/flow/registration/flow_test.go b/selfservice/flow/registration/flow_test.go index c9970d6fc4ca..acda1c8ee780 100644 --- a/selfservice/flow/registration/flow_test.go +++ b/selfservice/flow/registration/flow_test.go @@ -125,3 +125,13 @@ func TestFlowEncodeJSON(t *testing.T) { assert.EqualValues(t, "/bar", gjson.Get(jsonx.TestMarshalJSONString(t, ®istration.Flow{RequestURL: "https://foo.bar?return_to=/bar"}), "return_to").String()) assert.EqualValues(t, "/bar", gjson.Get(jsonx.TestMarshalJSONString(t, registration.Flow{RequestURL: "https://foo.bar?return_to=/bar"}), "return_to").String()) } + +func TestFlowDontOverrideReturnTo(t *testing.T) { + f := ®istration.Flow{ReturnTo: "/foo"} + f.SetReturnTo() + assert.Equal(t, "/foo", f.ReturnTo) + + f = ®istration.Flow{RequestURL: "https://foo.bar?return_to=/bar"} + f.SetReturnTo() + assert.Equal(t, "/bar", f.ReturnTo) +} diff --git a/selfservice/flow/registration/handler.go b/selfservice/flow/registration/handler.go index 0f22c21f2fe1..490d6ea98974 100644 --- a/selfservice/flow/registration/handler.go +++ b/selfservice/flow/registration/handler.go @@ -91,8 +91,15 @@ func (h *Handler) RegisterAdminRoutes(admin *x.RouterAdmin) { admin.GET(RouteSubmitFlow, x.RedirectToPublicRoute(h.d)) } -func (h *Handler) NewRegistrationFlow(w http.ResponseWriter, r *http.Request, ft flow.Type) (*Flow, error) { +type FlowOption func(f *Flow) +func WithFlowReturnTo(returnTo string) FlowOption { + return func(f *Flow) { + f.ReturnTo = returnTo + } +} + +func (h *Handler) NewRegistrationFlow(w http.ResponseWriter, r *http.Request, ft flow.Type, opts ...FlowOption) (*Flow, error) { if !h.d.Config(r.Context()).SelfServiceFlowRegistrationEnabled() { return nil, errors.WithStack(ErrRegistrationDisabled) } @@ -101,6 +108,9 @@ func (h *Handler) NewRegistrationFlow(w http.ResponseWriter, r *http.Request, ft if err != nil { return nil, err } + for _, o := range opts { + o(f) + } for _, s := range h.d.RegistrationStrategies(r.Context()) { if err := s.PopulateRegistrationMethod(r, f); err != nil { diff --git a/selfservice/flow/registration/hook.go b/selfservice/flow/registration/hook.go index 2ab457c76232..e311ae1878fc 100644 --- a/selfservice/flow/registration/hook.go +++ b/selfservice/flow/registration/hook.go @@ -128,6 +128,7 @@ func (e *HookExecutor) PostRegistrationHook(w http.ResponseWriter, r *http.Reque // Verify the redirect URL before we do any other processing. c := e.d.Config(r.Context()) returnTo, err := x.SecureRedirectTo(r, c.SelfServiceBrowserDefaultReturnTo(), + x.SecureRedirectReturnTo(a.ReturnTo), x.SecureRedirectUseSourceURL(a.RequestURL), x.SecureRedirectAllowURLs(c.SelfServiceBrowserAllowedReturnToDomains()), x.SecureRedirectAllowSelfServiceURLs(c.SelfPublicURL()), diff --git a/selfservice/flow/settings/flow.go b/selfservice/flow/settings/flow.go index 7a3b783f6911..f3beff8b1792 100644 --- a/selfservice/flow/settings/flow.go +++ b/selfservice/flow/settings/flow.go @@ -203,6 +203,10 @@ func (f Flow) MarshalJSON() ([]byte, error) { } func (f *Flow) SetReturnTo() { + // Return to is already set, do not overwrite it. + if len(f.ReturnTo) > 0 { + return + } if u, err := url.Parse(f.RequestURL); err == nil { f.ReturnTo = u.Query().Get("return_to") } diff --git a/selfservice/flow/settings/flow_test.go b/selfservice/flow/settings/flow_test.go index a5dd468d8609..8935d0ca2378 100644 --- a/selfservice/flow/settings/flow_test.go +++ b/selfservice/flow/settings/flow_test.go @@ -166,3 +166,13 @@ func TestFlowEncodeJSON(t *testing.T) { assert.EqualValues(t, "/bar", gjson.Get(jsonx.TestMarshalJSONString(t, &settings.Flow{RequestURL: "https://foo.bar?return_to=/bar"}), "return_to").String()) assert.EqualValues(t, "/bar", gjson.Get(jsonx.TestMarshalJSONString(t, settings.Flow{RequestURL: "https://foo.bar?return_to=/bar"}), "return_to").String()) } + +func TestFlowDontOverrideReturnTo(t *testing.T) { + f := &settings.Flow{ReturnTo: "/foo"} + f.SetReturnTo() + assert.Equal(t, "/foo", f.ReturnTo) + + f = &settings.Flow{RequestURL: "https://foo.bar?return_to=/bar"} + f.SetReturnTo() + assert.Equal(t, "/bar", f.ReturnTo) +} diff --git a/selfservice/strategy/oidc/strategy_login.go b/selfservice/strategy/oidc/strategy_login.go index 8ddc7542203b..54b98e14342e 100644 --- a/selfservice/strategy/oidc/strategy_login.go +++ b/selfservice/strategy/oidc/strategy_login.go @@ -85,11 +85,16 @@ func (s *Strategy) processLogin(w http.ResponseWriter, r *http.Request, a *login // not need additional consent/login. // This is kinda hacky but the only way to ensure seamless login/registration flows when using OIDC. - s.d.Logger().WithField("provider", provider.Config().ID).WithField("subject", claims.Subject).Debug("Received successful OpenID Connect callback but user is not registered. Re-initializing registration flow now.") + // If return_to was set before, we need to preserve it. + var opts []registration.FlowOption + if len(a.ReturnTo) > 0 { + opts = append(opts, registration.WithFlowReturnTo(a.ReturnTo)) + } + // This flow only works for browsers anyways. - aa, err := s.d.RegistrationHandler().NewRegistrationFlow(w, r, flow.TypeBrowser) + aa, err := s.d.RegistrationHandler().NewRegistrationFlow(w, r, flow.TypeBrowser, opts...) if err != nil { return nil, s.handleError(w, r, a, provider.Config().ID, nil, err) } diff --git a/selfservice/strategy/oidc/strategy_registration.go b/selfservice/strategy/oidc/strategy_registration.go index 9df483827abe..18673a76a853 100644 --- a/selfservice/strategy/oidc/strategy_registration.go +++ b/selfservice/strategy/oidc/strategy_registration.go @@ -177,8 +177,14 @@ func (s *Strategy) processRegistration(w http.ResponseWriter, r *http.Request, a WithField("subject", claims.Subject). Debug("Received successful OpenID Connect callback but user is already registered. Re-initializing login flow now.") + // If return_to was set before, we need to preserve it. + var opts []login.FlowOption + if len(a.ReturnTo) > 0 { + opts = append(opts, login.WithFlowReturnTo(a.ReturnTo)) + } + // This endpoint only handles browser flow at the moment. - ar, err := s.d.LoginHandler().NewLoginFlow(w, r, flow.TypeBrowser) + ar, err := s.d.LoginHandler().NewLoginFlow(w, r, flow.TypeBrowser, opts...) if err != nil { return nil, s.handleError(w, r, a, provider.Config().ID, nil, err) } diff --git a/selfservice/strategy/oidc/strategy_test.go b/selfservice/strategy/oidc/strategy_test.go index 405f2eb47cea..b21e9628952e 100644 --- a/selfservice/strategy/oidc/strategy_test.go +++ b/selfservice/strategy/oidc/strategy_test.go @@ -58,9 +58,9 @@ func TestStrategy(t *testing.T) { claims idTokenClaims scope []string ) - remoteAdmin, remotePublic, hydraIntegrationTSURL := newHydra(t, &subject, &claims, &scope) returnTS := newReturnTs(t, reg) + conf.MustSet(config.ViperKeyURLsAllowedReturnToDomains, []string{returnTS.URL}) uiTS := newUI(t, reg) errTS := testhelpers.NewErrorTestServer(t, reg) routerP := x.NewRouterPublic() @@ -368,6 +368,20 @@ func TestStrategy(t *testing.T) { }) }) + t.Run("case=login without registered account with return_to", func(t *testing.T) { + subject = "login-without-register-return-to@ory.sh" + scope = []string{"openid"} + returnTo := "/foo" + + t.Run("case=should pass login", func(t *testing.T) { + r := newLoginFlow(t, fmt.Sprintf("%s?return_to=%s", returnTS.URL, returnTo), time.Minute) + action := afv(t, r.ID, "valid") + res, body := makeRequest(t, "valid", action, url.Values{}) + assert.True(t, strings.HasSuffix(res.Request.URL.String(), returnTo)) + ai(t, res, body) + }) + }) + t.Run("case=register and register again but login", func(t *testing.T) { subject = "register-twice@ory.sh" scope = []string{"openid"} @@ -385,6 +399,15 @@ func TestStrategy(t *testing.T) { res, body := makeRequest(t, "valid", action, url.Values{}) ai(t, res, body) }) + + t.Run("case=should pass third time registration with return to", func(t *testing.T) { + returnTo := "/foo" + r := newLoginFlow(t, fmt.Sprintf("%s?return_to=%s", returnTS.URL, returnTo), time.Minute) + action := afv(t, r.ID, "valid") + res, body := makeRequest(t, "valid", action, url.Values{}) + assert.True(t, strings.HasSuffix(res.Request.URL.String(), returnTo)) + ai(t, res, body) + }) }) t.Run("case=register, merge, and complete data", func(t *testing.T) { diff --git a/x/http_secure_redirect.go b/x/http_secure_redirect.go index 63fa88ddc592..6b46a9d7e192 100644 --- a/x/http_secure_redirect.go +++ b/x/http_secure_redirect.go @@ -20,6 +20,7 @@ import ( type secureRedirectOptions struct { allowlist []url.URL defaultReturnTo *url.URL + returnTo string sourceURL string } @@ -40,6 +41,13 @@ func SecureRedirectUseSourceURL(source string) SecureRedirectOption { } } +// SecureRedirectReturnTo uses the provided URL to redirect the user to it. +func SecureRedirectReturnTo(returnTo string) SecureRedirectOption { + return func(o *secureRedirectOptions) { + o.returnTo = returnTo + } +} + // SecureRedirectAllowSelfServiceURLs allows the caller to define `?return_to=` values // which contain the server's URL and `/self-service` path prefix. Useful for redirecting // to the login endpoint, for example. @@ -81,14 +89,18 @@ func SecureRedirectTo(r *http.Request, defaultReturnTo *url.URL, opts ...SecureR if o.sourceURL != "" { source, err = url.ParseRequestURI(o.sourceURL) if err != nil { - return nil, herodot.ErrInternalServerError.WithWrap(err).WithReasonf("Unable to parse the original request URL: %s", err) + return nil, errors.WithStack(herodot.ErrInternalServerError.WithWrap(err).WithReasonf("Unable to parse the original request URL: %s", err)) } } - if len(source.Query().Get("return_to")) == 0 { + rawReturnTo := stringsx.Coalesce(o.returnTo, source.Query().Get("return_to")) + if rawReturnTo == "" { return o.defaultReturnTo, nil - } else if returnTo, err = url.Parse(source.Query().Get("return_to")); err != nil { - return nil, herodot.ErrInternalServerError.WithWrap(err).WithReasonf("Unable to parse the return_to query parameter as an URL: %s", err) + } + + returnTo, err = url.Parse(rawReturnTo) + if err != nil { + return nil, errors.WithStack(herodot.ErrInternalServerError.WithWrap(err).WithReasonf("Unable to parse the return_to query parameter as an URL: %s", err)) } returnTo.Host = stringsx.Coalesce(returnTo.Host, o.defaultReturnTo.Host) From 94a37416011086582e309f62dc2c45ca84083a33 Mon Sep 17 00:00:00 2001 From: Jonas Hungershausen Date: Thu, 21 Jul 2022 10:56:13 +0200 Subject: [PATCH 172/411] feat: add PATCH to adminUpdateIdentity (#2380) (#2471) Closes #2380 Co-authored-by: aeneasr <3372410+aeneasr@users.noreply.github.com> --- .schema/openapi/patches/common.yaml | 2 + Makefile | 4 +- identity/handler.go | 91 +++++++- identity/handler_test.go | 148 ++++++++++++ identity/identity_recovery_test.go | 1 + identity/identity_verification_test.go | 1 + internal/httpclient/.openapi-generator/FILES | 6 + internal/httpclient/README.md | 4 + internal/httpclient/api/openapi.yaml | 134 +++++++++++ internal/httpclient/api_v0alpha2.go | 185 +++++++++++++++ internal/httpclient/docs/JsonPatch.md | 134 +++++++++++ internal/httpclient/docs/TokenPagination.md | 82 +++++++ .../httpclient/docs/TokenPaginationHeaders.md | 82 +++++++ internal/httpclient/docs/V0alpha2Api.md | 73 ++++++ internal/httpclient/model_json_patch.go | 213 ++++++++++++++++++ internal/httpclient/model_token_pagination.go | 160 +++++++++++++ .../model_token_pagination_headers.go | 152 +++++++++++++ spec/api.json | 154 +++++++++++++ spec/swagger.json | 140 ++++++++++++ 19 files changed, 1763 insertions(+), 3 deletions(-) create mode 100644 .schema/openapi/patches/common.yaml create mode 100644 internal/httpclient/docs/JsonPatch.md create mode 100644 internal/httpclient/docs/TokenPagination.md create mode 100644 internal/httpclient/docs/TokenPaginationHeaders.md create mode 100644 internal/httpclient/model_json_patch.go create mode 100644 internal/httpclient/model_token_pagination.go create mode 100644 internal/httpclient/model_token_pagination_headers.go diff --git a/.schema/openapi/patches/common.yaml b/.schema/openapi/patches/common.yaml new file mode 100644 index 000000000000..b0a4083c036e --- /dev/null +++ b/.schema/openapi/patches/common.yaml @@ -0,0 +1,2 @@ +- op: remove + path: /components/schemas/jsonPatch/properties/value/type \ No newline at end of file diff --git a/Makefile b/Makefile index 1c6563d6c5c3..0efcffb34ed3 100644 --- a/Makefile +++ b/Makefile @@ -89,7 +89,8 @@ test-coverage: .bin/go-acc .bin/goveralls sdk: .bin/swagger .bin/ory node_modules swagger generate spec -m -o spec/swagger.json \ -c github.com/ory/kratos \ - -c github.com/ory/x/healthx + -c github.com/ory/x/healthx \ + -c github.com/ory/x/openapix ory dev swagger sanitize ./spec/swagger.json swagger validate ./spec/swagger.json CIRCLE_PROJECT_USERNAME=ory CIRCLE_PROJECT_REPONAME=kratos \ @@ -103,6 +104,7 @@ sdk: .bin/swagger .bin/ory node_modules -p file://.schema/openapi/patches/session.yaml \ -p file://.schema/openapi/patches/identity.yaml \ -p file://.schema/openapi/patches/generic_error.yaml \ + -p file://.schema/openapi/patches/common.yaml \ spec/swagger.json spec/api.json rm -rf internal/httpclient diff --git a/identity/handler.go b/identity/handler.go index 03d96d2f6bad..472f12747936 100644 --- a/identity/handler.go +++ b/identity/handler.go @@ -3,11 +3,11 @@ package identity import ( "context" "encoding/json" + "io" "net/http" "time" "github.com/ory/kratos/hash" - "github.com/ory/kratos/x" "github.com/ory/kratos/cipher" @@ -19,6 +19,7 @@ import ( "github.com/ory/x/decoderx" "github.com/ory/x/jsonx" + "github.com/ory/x/openapix" "github.com/ory/x/sqlxx" "github.com/ory/x/urlx" @@ -70,18 +71,21 @@ func (h *Handler) RegisterPublicRoutes(public *x.RouterPublic) { public.DELETE(RouteItem, x.RedirectToAdminRoute(h.r)) public.POST(RouteCollection, x.RedirectToAdminRoute(h.r)) public.PUT(RouteItem, x.RedirectToAdminRoute(h.r)) + public.PATCH(RouteItem, x.RedirectToAdminRoute(h.r)) public.GET(x.AdminPrefix+RouteCollection, x.RedirectToAdminRoute(h.r)) public.GET(x.AdminPrefix+RouteItem, x.RedirectToAdminRoute(h.r)) public.DELETE(x.AdminPrefix+RouteItem, x.RedirectToAdminRoute(h.r)) public.POST(x.AdminPrefix+RouteCollection, x.RedirectToAdminRoute(h.r)) public.PUT(x.AdminPrefix+RouteItem, x.RedirectToAdminRoute(h.r)) + public.PATCH(x.AdminPrefix+RouteItem, x.RedirectToAdminRoute(h.r)) } func (h *Handler) RegisterAdminRoutes(admin *x.RouterAdmin) { admin.GET(RouteCollection, h.list) admin.GET(RouteItem, h.get) admin.DELETE(RouteItem, h.delete) + admin.PATCH(RouteItem, h.patch) admin.POST(RouteCollection, h.create) admin.PUT(RouteItem, h.update) @@ -443,7 +447,7 @@ type AdminUpdateIdentityBody struct { // 200: identity // 400: jsonError // 404: jsonError -// 409: jsonError +// 409: jsonError // 500: jsonError func (h *Handler) update(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { var ur AdminUpdateIdentityBody @@ -540,3 +544,86 @@ func (h *Handler) delete(w http.ResponseWriter, r *http.Request, ps httprouter.P w.WriteHeader(http.StatusNoContent) } + +// swagger:parameters adminPatchIdentity +// nolint:deadcode,unused +type adminPatchIdentity struct { + // ID must be set to the ID of identity you want to update + // + // required: true + // in: path + ID string `json:"id"` + + // in: body + Body openapix.JSONPatchDocument +} + +// swagger:route PATCH /admin/identities/{id} v0alpha2 adminPatchIdentity +// +// Partially updates an Identity's field using [JSON Patch](https://jsonpatch.com/) +// +// NOTE: The fields `id`, `stateChangedAt` and `credentials` are not updateable. +// +// Learn how identities work in [Ory Kratos' User And Identity Model Documentation](https://www.ory.sh/docs/next/kratos/concepts/identity-user-model). +// +// Consumes: +// - application/json +// +// Produces: +// - application/json +// +// Schemes: http, https +// +// Security: +// oryAccessToken: +// +// Responses: +// 200: identity +// 400: jsonError +// 404: jsonError +// 409: jsonError +// 500: jsonError +func (h *Handler) patch(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { + requestBody, err := io.ReadAll(r.Body) + if err != nil { + h.r.Writer().WriteError(w, r, err) + return + } + + id := x.ParseUUID(ps.ByName("id")) + identity, err := h.r.PrivilegedIdentityPool().GetIdentityConfidential(r.Context(), id) + if err != nil { + h.r.Writer().WriteError(w, r, err) + return + } + + oldState := identity.State + + if err := jsonx.ApplyJSONPatch(requestBody, identity, "/id", "/stateChangedAt", "/credentials"); err != nil { + h.r.Writer().WriteError(w, r, errors.WithStack(herodot.ErrBadRequest.WithReasonf("%s", err).WithWrap(err))) + return + } + + if oldState != identity.State { + // Check if the changed state was actually valid + if err := identity.State.IsValid(); err != nil { + h.r.Writer().WriteError(w, r, errors.WithStack(herodot.ErrBadRequest.WithReasonf("%s", err).WithWrap(err))) + return + } + + // If the state changed, we need to update the timestamp of it + stateChangedAt := sqlxx.NullTime(time.Now()) + identity.StateChangedAt = &stateChangedAt + } + + if err := h.r.IdentityManager().Update( + r.Context(), + identity, + ManagerAllowWriteProtectedTraits, + ); err != nil { + h.r.Writer().WriteError(w, r, err) + return + } + + h.r.Writer().Write(w, r, WithCredentialsMetadataAndAdminMetadataInJSON(*identity)) +} diff --git a/identity/handler_test.go b/identity/handler_test.go index 659ab0ab4f46..c7365b204846 100644 --- a/identity/handler_test.go +++ b/identity/handler_test.go @@ -51,6 +51,7 @@ func TestHandler(t *testing.T) { conf.MustSet(config.ViperKeyPublicBaseURL, mockServerURL.String()) var get = func(t *testing.T, base *httptest.Server, href string, expectCode int) gjson.Result { + t.Helper() res, err := base.Client().Get(base.URL + href) require.NoError(t, err) body, err := ioutil.ReadAll(res.Body) @@ -62,6 +63,7 @@ func TestHandler(t *testing.T) { } var remove = func(t *testing.T, base *httptest.Server, href string, expectCode int) { + t.Helper() req, err := http.NewRequest("DELETE", base.URL+href, nil) require.NoError(t, err) @@ -72,6 +74,7 @@ func TestHandler(t *testing.T) { } var send = func(t *testing.T, base *httptest.Server, method, href string, expectCode int, send interface{}) gjson.Result { + t.Helper() var b bytes.Buffer if send != nil { require.NoError(t, json.NewEncoder(&b).Encode(send)) @@ -89,6 +92,19 @@ func TestHandler(t *testing.T) { return gjson.ParseBytes(body) } + type patch map[string]interface{} + + var makePatch = func(t *testing.T, patches ...patch) []patch { + t.Helper() + result := make([]patch, 0, len(patches)) + + for _, patch := range patches { + result = append(result, patch) + } + + return result + } + t.Run("case=should return an empty list", func(t *testing.T) { for name, ts := range map[string]*httptest.Server{"public": publicTS, "admin": adminTS} { t.Run("endpoint="+name, func(t *testing.T) { @@ -503,6 +519,129 @@ func TestHandler(t *testing.T) { } }) + t.Run("case=PATCH update of state should update state changed at timestamp", func(t *testing.T) { + uuid := x.NewUUID().String() + i := &identity.Identity{Traits: identity.Traits(fmt.Sprintf(`{"subject":"%s"}`, uuid))} + require.NoError(t, reg.PrivilegedIdentityPool().CreateIdentity(context.Background(), i)) + + for name, ts := range map[string]*httptest.Server{"public": publicTS, "admin": adminTS} { + t.Run("endpoint="+name, func(t *testing.T) { + ur := makePatch(t, patch{ + "op": "replace", "path": "/state", "value": identity.StateInactive, + }) + + res := send(t, ts, "PATCH", "/identities/"+i.ID.String(), http.StatusOK, &ur) + assert.EqualValues(t, uuid, res.Get("traits.subject").String(), "%s", res.Raw) + assert.False(t, res.Get("metadata_admin.admin").Exists(), "%s", res.Raw) + assert.False(t, res.Get("metadata_public.public").Exists(), "%s", res.Raw) + assert.EqualValues(t, identity.StateInactive, res.Get("state").String(), "%s", res.Raw) + assert.NotEqualValues(t, i.StateChangedAt, sqlxx.NullTime(res.Get("state_changed_at").Time()), "%s", res.Raw) + + res = get(t, ts, "/identities/"+i.ID.String(), http.StatusOK) + assert.EqualValues(t, i.ID.String(), res.Get("id").String(), "%s", res.Raw) + assert.EqualValues(t, uuid, res.Get("traits.subject").String(), "%s", res.Raw) + assert.False(t, res.Get("metadata_admin.admin").Exists(), "%s", res.Raw) + assert.False(t, res.Get("metadata_public.public").Exists(), "%s", res.Raw) + assert.EqualValues(t, identity.StateInactive, res.Get("state").String(), "%s", res.Raw) + assert.NotEqualValues(t, i.StateChangedAt, sqlxx.NullTime(res.Get("state_changed_at").Time()), "%s", res.Raw) + }) + } + }) + + t.Run("case=PATCH update should not persist if schema id is invalid", func(t *testing.T) { + uuid := x.NewUUID().String() + i := &identity.Identity{Traits: identity.Traits(fmt.Sprintf(`{"subject":"%s"}`, uuid))} + require.NoError(t, reg.PrivilegedIdentityPool().CreateIdentity(context.Background(), i)) + + for name, ts := range map[string]*httptest.Server{"public": publicTS, "admin": adminTS} { + t.Run("endpoint="+name, func(t *testing.T) { + ur := makePatch(t, patch{ + "op": "replace", "path": "/schema_id", "value": "invalid-id", + }) + + res := send(t, ts, "PATCH", "/identities/"+i.ID.String(), http.StatusBadRequest, &ur) + assert.Contains(t, res.Get("error.reason").String(), "invalid-id", "%s", res.Raw) + + res = get(t, ts, "/identities/"+i.ID.String(), http.StatusOK) + // Assert that the schema ID is unchanged + assert.EqualValues(t, i.SchemaID, res.Get("schema_id").String(), "%s", res.Raw) + assert.EqualValues(t, uuid, res.Get("traits.subject").String(), "%s", res.Raw) + assert.False(t, res.Get("metadata_admin.admin").Exists(), "%s", res.Raw) + assert.False(t, res.Get("metadata_public.public").Exists(), "%s", res.Raw) + + }) + } + }) + + t.Run("case=PATCH update should not persist if invalid state is supplied", func(t *testing.T) { + uuid := x.NewUUID().String() + i := &identity.Identity{Traits: identity.Traits(fmt.Sprintf(`{"subject":"%s"}`, uuid))} + require.NoError(t, reg.PrivilegedIdentityPool().CreateIdentity(context.Background(), i)) + + for name, ts := range map[string]*httptest.Server{"public": publicTS, "admin": adminTS} { + t.Run("endpoint="+name, func(t *testing.T) { + ur := makePatch(t, patch{"op": "replace", "path": "/state", "value": "invalid-value"}) + + res := send(t, ts, "PATCH", "/identities/"+i.ID.String(), http.StatusBadRequest, &ur) + assert.EqualValues(t, "identity state is not valid", res.Get("error.reason").String(), "%s", res.Raw) + + res = get(t, ts, "/identities/"+i.ID.String(), http.StatusOK) + // Assert that the schema ID is unchanged + assert.EqualValues(t, i.SchemaID, res.Get("schema_id").String(), "%s", res.Raw) + assert.EqualValues(t, uuid, res.Get("traits.subject").String(), "%s", res.Raw) + assert.False(t, res.Get("metadata_admin.admin").Exists(), "%s", res.Raw) + assert.False(t, res.Get("metadata_public.public").Exists(), "%s", res.Raw) + assert.NotEqualValues(t, i.StateChangedAt, sqlxx.NullTime(res.Get("state_changed_at").Time()), "%s", res.Raw) + }) + } + }) + + t.Run("case=PATCH update should update nested fields", func(t *testing.T) { + uuid := x.NewUUID().String() + i := &identity.Identity{Traits: identity.Traits(fmt.Sprintf(`{"subject":"%s"}`, uuid))} + require.NoError(t, reg.PrivilegedIdentityPool().CreateIdentity(context.Background(), i)) + + for name, ts := range map[string]*httptest.Server{"public": publicTS, "admin": adminTS} { + t.Run("endpoint="+name, func(t *testing.T) { + ur := makePatch(t, patch{"op": "replace", "path": "/traits/subject", "value": "patched-subject"}) + + res := send(t, ts, "PATCH", "/identities/"+i.ID.String(), http.StatusOK, &ur) + assert.EqualValues(t, "patched-subject", res.Get("traits.subject").String(), "%s", res.Raw) + + res = get(t, ts, "/identities/"+i.ID.String(), http.StatusOK) + // Assert that the schema ID is unchanged + assert.EqualValues(t, i.SchemaID, res.Get("schema_id").String(), "%s", res.Raw) + assert.EqualValues(t, "patched-subject", res.Get("traits.subject").String(), "%s", res.Raw) + }) + } + }) + + t.Run("case=PATCH should fail if no JSON payload is sent", func(t *testing.T) { + for name, ts := range map[string]*httptest.Server{"public": publicTS, "admin": adminTS} { + t.Run("endpoint="+name, func(t *testing.T) { + res := send(t, ts, "PATCH", "/identities/"+i.ID.String(), http.StatusBadRequest, nil) + assert.Contains(t, res.Get("error.reason").String(), `unexpected end of JSON input`, res.Raw) + }) + } + }) + + t.Run("case=PATCH should fail if credentials are updated", func(t *testing.T) { + uuid := x.NewUUID().String() + i := &identity.Identity{Traits: identity.Traits(fmt.Sprintf(`{"subject":"%s"}`, uuid))} + require.NoError(t, reg.PrivilegedIdentityPool().CreateIdentity(context.Background(), i)) + + for name, ts := range map[string]*httptest.Server{"public": publicTS, "admin": adminTS} { + + t.Run("endpoint="+name, func(t *testing.T) { + ur := makePatch(t, patch{"op": "replace", "path": "/credentials", "value": "patched-credentials"}) + + res := send(t, ts, "PATCH", "/identities/"+i.ID.String(), http.StatusBadRequest, &ur) + + assert.EqualValues(t, "patch includes denied path: /credentials", res.Get("error.reason").String(), "%s", res.Raw) + }) + } + }) + t.Run("case=should delete a user and no longer be able to retrieve it", func(t *testing.T) { for name, ts := range map[string]*httptest.Server{"public": publicTS, "admin": adminTS} { t.Run("endpoint="+name, func(t *testing.T) { @@ -753,6 +892,15 @@ func TestHandler(t *testing.T) { } }) + t.Run("case=should not be able to patch an identity that does not exist yet", func(t *testing.T) { + for name, ts := range map[string]*httptest.Server{"public": publicTS, "admin": adminTS} { + t.Run("endpoint="+name, func(t *testing.T) { + res := send(t, ts, "PATCH", "/identities/not-found", http.StatusNotFound, json.RawMessage(`{"traits": {"bar":"baz"}}`)) + assert.Contains(t, res.Get("error.message").String(), "Unable to locate the resource", "%s", res.Raw) + }) + } + }) + t.Run("case=should return 404 for non-existing identities", func(t *testing.T) { for name, ts := range map[string]*httptest.Server{"public": publicTS, "admin": adminTS} { t.Run("endpoint="+name, func(t *testing.T) { diff --git a/identity/identity_recovery_test.go b/identity/identity_recovery_test.go index 92bee6bcb848..f3f2dd71de32 100644 --- a/identity/identity_recovery_test.go +++ b/identity/identity_recovery_test.go @@ -16,5 +16,6 @@ func TestNewRecoveryEmailAddress(t *testing.T) { assert.Equal(t, a.Value, "foo@ory.sh") assert.Equal(t, a.Via, RecoveryAddressTypeEmail) + assert.Equal(t, iid, a.IdentityID) assert.Equal(t, uuid.Nil, a.ID) } diff --git a/identity/identity_verification_test.go b/identity/identity_verification_test.go index 7e1c511bc2e0..e81901d88211 100644 --- a/identity/identity_verification_test.go +++ b/identity/identity_verification_test.go @@ -22,5 +22,6 @@ func TestNewVerifiableEmailAddress(t *testing.T) { assert.Equal(t, a.Status, VerifiableAddressStatusPending) assert.Equal(t, a.Verified, false) assert.EqualValues(t, nullTime, a.VerifiedAt) + assert.Equal(t, iid, a.IdentityID) assert.Equal(t, uuid.Nil, a.ID) } diff --git a/internal/httpclient/.openapi-generator/FILES b/internal/httpclient/.openapi-generator/FILES index 24b1600e0f74..7c425b3a629c 100644 --- a/internal/httpclient/.openapi-generator/FILES +++ b/internal/httpclient/.openapi-generator/FILES @@ -33,6 +33,7 @@ docs/InlineResponse200.md docs/InlineResponse2001.md docs/InlineResponse503.md docs/JsonError.md +docs/JsonPatch.md docs/MetadataApi.md docs/NeedsPrivilegedSessionError.md docs/Pagination.md @@ -80,6 +81,8 @@ docs/SubmitSelfServiceVerificationFlowBody.md docs/SubmitSelfServiceVerificationFlowWithLinkMethodBody.md docs/SuccessfulSelfServiceLoginWithoutBrowser.md docs/SuccessfulSelfServiceRegistrationWithoutBrowser.md +docs/TokenPagination.md +docs/TokenPaginationHeaders.md docs/UiContainer.md docs/UiNode.md docs/UiNodeAnchorAttributes.md @@ -122,6 +125,7 @@ model_inline_response_200.go model_inline_response_200_1.go model_inline_response_503.go model_json_error.go +model_json_patch.go model_needs_privileged_session_error.go model_pagination.go model_recovery_address.go @@ -168,6 +172,8 @@ model_submit_self_service_verification_flow_body.go model_submit_self_service_verification_flow_with_link_method_body.go model_successful_self_service_login_without_browser.go model_successful_self_service_registration_without_browser.go +model_token_pagination.go +model_token_pagination_headers.go model_ui_container.go model_ui_node.go model_ui_node_anchor_attributes.go diff --git a/internal/httpclient/README.md b/internal/httpclient/README.md index d7811eb31702..3f32f8f61454 100644 --- a/internal/httpclient/README.md +++ b/internal/httpclient/README.md @@ -94,6 +94,7 @@ Class | Method | HTTP request | Description *V0alpha2Api* | [**AdminGetIdentity**](docs/V0alpha2Api.md#admingetidentity) | **Get** /admin/identities/{id} | Get an Identity *V0alpha2Api* | [**AdminListIdentities**](docs/V0alpha2Api.md#adminlistidentities) | **Get** /admin/identities | List Identities *V0alpha2Api* | [**AdminListIdentitySessions**](docs/V0alpha2Api.md#adminlistidentitysessions) | **Get** /admin/identities/{id}/sessions | This endpoint returns all sessions that belong to the given Identity. +*V0alpha2Api* | [**AdminPatchIdentity**](docs/V0alpha2Api.md#adminpatchidentity) | **Patch** /admin/identities/{id} | Partially updates an Identity's field using [JSON Patch](https://jsonpatch.com/) *V0alpha2Api* | [**AdminUpdateIdentity**](docs/V0alpha2Api.md#adminupdateidentity) | **Put** /admin/identities/{id} | Update an Identity *V0alpha2Api* | [**CreateSelfServiceLogoutFlowUrlForBrowsers**](docs/V0alpha2Api.md#createselfservicelogoutflowurlforbrowsers) | **Get** /self-service/logout/browser | Create a Logout URL for Browsers *V0alpha2Api* | [**GetJsonSchema**](docs/V0alpha2Api.md#getjsonschema) | **Get** /schemas/{id} | @@ -156,6 +157,7 @@ Class | Method | HTTP request | Description - [InlineResponse2001](docs/InlineResponse2001.md) - [InlineResponse503](docs/InlineResponse503.md) - [JsonError](docs/JsonError.md) + - [JsonPatch](docs/JsonPatch.md) - [NeedsPrivilegedSessionError](docs/NeedsPrivilegedSessionError.md) - [Pagination](docs/Pagination.md) - [RecoveryAddress](docs/RecoveryAddress.md) @@ -202,6 +204,8 @@ Class | Method | HTTP request | Description - [SubmitSelfServiceVerificationFlowWithLinkMethodBody](docs/SubmitSelfServiceVerificationFlowWithLinkMethodBody.md) - [SuccessfulSelfServiceLoginWithoutBrowser](docs/SuccessfulSelfServiceLoginWithoutBrowser.md) - [SuccessfulSelfServiceRegistrationWithoutBrowser](docs/SuccessfulSelfServiceRegistrationWithoutBrowser.md) + - [TokenPagination](docs/TokenPagination.md) + - [TokenPaginationHeaders](docs/TokenPaginationHeaders.md) - [UiContainer](docs/UiContainer.md) - [UiNode](docs/UiNode.md) - [UiNodeAnchorAttributes](docs/UiNodeAnchorAttributes.md) diff --git a/internal/httpclient/api/openapi.yaml b/internal/httpclient/api/openapi.yaml index f37e2b7c9b8b..8d8422453c82 100644 --- a/internal/httpclient/api/openapi.yaml +++ b/internal/httpclient/api/openapi.yaml @@ -225,6 +225,63 @@ paths: summary: Get an Identity tags: - v0alpha2 + patch: + description: |- + NOTE: The fields `id`, `stateChangedAt` and `credentials` are not updateable. + + Learn how identities work in [Ory Kratos' User And Identity Model Documentation](https://www.ory.sh/docs/next/kratos/concepts/identity-user-model). + operationId: adminPatchIdentity + parameters: + - description: ID must be set to the ID of identity you want to update + explode: false + in: path + name: id + required: true + schema: + type: string + style: simple + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/jsonPatchDocument' + x-originalParamName: Body + responses: + "200": + content: + application/json: + schema: + $ref: '#/components/schemas/identity' + description: identity + "400": + content: + application/json: + schema: + $ref: '#/components/schemas/jsonError' + description: jsonError + "404": + content: + application/json: + schema: + $ref: '#/components/schemas/jsonError' + description: jsonError + "409": + content: + application/json: + schema: + $ref: '#/components/schemas/jsonError' + description: jsonError + "500": + content: + application/json: + schema: + $ref: '#/components/schemas/jsonError' + description: jsonError + security: + - oryAccessToken: [] + summary: Partially updates an Identity's field using [JSON Patch](https://jsonpatch.com/) + tags: + - v0alpha2 put: description: |- This endpoint updates an identity. The full identity payload (except credentials) is expected. This endpoint does not support patching. @@ -3367,6 +3424,43 @@ components: - error title: JSON API Error Response type: object + jsonPatch: + description: A JSONPatch document as defined by RFC 6902 + properties: + from: + description: |- + This field is used together with operation "move" and uses JSON Pointer notation. + + Learn more [about JSON Pointers](https://datatracker.ietf.org/doc/html/rfc6901#section-5). + example: /name + type: string + op: + description: The operation to be performed. One of "add", "remove", "replace", + "move", "copy", or "test". + example: replace + type: string + path: + description: |- + The path to the target path. Uses JSON pointer notation. + + Learn more [about JSON Pointers](https://datatracker.ietf.org/doc/html/rfc6901#section-5). + example: /name + type: string + value: + description: |- + The value to be used within the operations. + + Learn more [about JSON Pointers](https://datatracker.ietf.org/doc/html/rfc6901#section-5). + example: foobar + required: + - op + - path + type: object + jsonPatchDocument: + description: A JSONPatchDocument request + items: + $ref: '#/components/schemas/jsonPatch' + type: array jsonSchema: description: Raw JSON Schema type: object @@ -5131,6 +5225,46 @@ components: required: - identity type: object + tokenPagination: + properties: + page_size: + default: 250 + description: |- + Items per page + + This is the number of items per page to return. + For details on pagination please head over to the [pagination documentation](https://www.ory.sh/docs/ecosystem/api-design#pagination). + format: int64 + maximum: 1000 + minimum: 1 + type: integer + page_token: + default: "1" + description: |- + Next Page Token + + The next page token. + For details on pagination please head over to the [pagination documentation](https://www.ory.sh/docs/ecosystem/api-design#pagination). + minimum: 1 + type: string + type: object + tokenPaginationHeaders: + properties: + link: + description: |- + The link header contains pagination links. + + For details on pagination please head over to the [pagination documentation](https://www.ory.sh/docs/ecosystem/api-design#pagination). + + in: header + type: string + x-total-count: + description: |- + The total number of clients. + + in: header + type: string + type: object uiContainer: description: Container represents a HTML Form. The container can work with both HTTP Form and JSON requests diff --git a/internal/httpclient/api_v0alpha2.go b/internal/httpclient/api_v0alpha2.go index 3be942dc73b9..ed008fe45eff 100644 --- a/internal/httpclient/api_v0alpha2.go +++ b/internal/httpclient/api_v0alpha2.go @@ -154,6 +154,23 @@ type V0alpha2Api interface { */ AdminListIdentitySessionsExecute(r V0alpha2ApiApiAdminListIdentitySessionsRequest) ([]Session, *http.Response, error) + /* + * AdminPatchIdentity Partially updates an Identity's field using [JSON Patch](https://jsonpatch.com/) + * NOTE: The fields `id`, `stateChangedAt` and `credentials` are not updateable. + + Learn how identities work in [Ory Kratos' User And Identity Model Documentation](https://www.ory.sh/docs/next/kratos/concepts/identity-user-model). + * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + * @param id ID must be set to the ID of identity you want to update + * @return V0alpha2ApiApiAdminPatchIdentityRequest + */ + AdminPatchIdentity(ctx context.Context, id string) V0alpha2ApiApiAdminPatchIdentityRequest + + /* + * AdminPatchIdentityExecute executes the request + * @return Identity + */ + AdminPatchIdentityExecute(r V0alpha2ApiApiAdminPatchIdentityRequest) (*Identity, *http.Response, error) + /* * AdminUpdateIdentity Update an Identity * This endpoint updates an identity. The full identity payload (except credentials) is expected. This endpoint does not support patching. @@ -2296,6 +2313,174 @@ func (a *V0alpha2ApiService) AdminListIdentitySessionsExecute(r V0alpha2ApiApiAd return localVarReturnValue, localVarHTTPResponse, nil } +type V0alpha2ApiApiAdminPatchIdentityRequest struct { + ctx context.Context + ApiService V0alpha2Api + id string + jsonPatch *[]JsonPatch +} + +func (r V0alpha2ApiApiAdminPatchIdentityRequest) JsonPatch(jsonPatch []JsonPatch) V0alpha2ApiApiAdminPatchIdentityRequest { + r.jsonPatch = &jsonPatch + return r +} + +func (r V0alpha2ApiApiAdminPatchIdentityRequest) Execute() (*Identity, *http.Response, error) { + return r.ApiService.AdminPatchIdentityExecute(r) +} + +/* + * AdminPatchIdentity Partially updates an Identity's field using [JSON Patch](https://jsonpatch.com/) + * NOTE: The fields `id`, `stateChangedAt` and `credentials` are not updateable. + +Learn how identities work in [Ory Kratos' User And Identity Model Documentation](https://www.ory.sh/docs/next/kratos/concepts/identity-user-model). + * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + * @param id ID must be set to the ID of identity you want to update + * @return V0alpha2ApiApiAdminPatchIdentityRequest +*/ +func (a *V0alpha2ApiService) AdminPatchIdentity(ctx context.Context, id string) V0alpha2ApiApiAdminPatchIdentityRequest { + return V0alpha2ApiApiAdminPatchIdentityRequest{ + ApiService: a, + ctx: ctx, + id: id, + } +} + +/* + * Execute executes the request + * @return Identity + */ +func (a *V0alpha2ApiService) AdminPatchIdentityExecute(r V0alpha2ApiApiAdminPatchIdentityRequest) (*Identity, *http.Response, error) { + var ( + localVarHTTPMethod = http.MethodPatch + localVarPostBody interface{} + localVarFormFileName string + localVarFileName string + localVarFileBytes []byte + localVarReturnValue *Identity + ) + + localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "V0alpha2ApiService.AdminPatchIdentity") + if err != nil { + return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()} + } + + localVarPath := localBasePath + "/admin/identities/{id}" + localVarPath = strings.Replace(localVarPath, "{"+"id"+"}", url.PathEscape(parameterToString(r.id, "")), -1) + + localVarHeaderParams := make(map[string]string) + localVarQueryParams := url.Values{} + localVarFormParams := url.Values{} + + // to determine the Content-Type header + localVarHTTPContentTypes := []string{"application/json"} + + // set Content-Type header + localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes) + if localVarHTTPContentType != "" { + localVarHeaderParams["Content-Type"] = localVarHTTPContentType + } + + // to determine the Accept header + localVarHTTPHeaderAccepts := []string{"application/json"} + + // set Accept header + localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts) + if localVarHTTPHeaderAccept != "" { + localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept + } + // body params + localVarPostBody = r.jsonPatch + if r.ctx != nil { + // API Key Authentication + if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok { + if apiKey, ok := auth["oryAccessToken"]; ok { + var key string + if apiKey.Prefix != "" { + key = apiKey.Prefix + " " + apiKey.Key + } else { + key = apiKey.Key + } + localVarHeaderParams["Authorization"] = key + } + } + } + req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, localVarFormFileName, localVarFileName, localVarFileBytes) + if err != nil { + return localVarReturnValue, nil, err + } + + localVarHTTPResponse, err := a.client.callAPI(req) + if err != nil || localVarHTTPResponse == nil { + return localVarReturnValue, localVarHTTPResponse, err + } + + localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body) + localVarHTTPResponse.Body.Close() + localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody)) + if err != nil { + return localVarReturnValue, localVarHTTPResponse, err + } + + if localVarHTTPResponse.StatusCode >= 300 { + newErr := &GenericOpenAPIError{ + body: localVarBody, + error: localVarHTTPResponse.Status, + } + if localVarHTTPResponse.StatusCode == 400 { + var v JsonError + err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type")) + if err != nil { + newErr.error = err.Error() + return localVarReturnValue, localVarHTTPResponse, newErr + } + newErr.model = v + return localVarReturnValue, localVarHTTPResponse, newErr + } + if localVarHTTPResponse.StatusCode == 404 { + var v JsonError + err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type")) + if err != nil { + newErr.error = err.Error() + return localVarReturnValue, localVarHTTPResponse, newErr + } + newErr.model = v + return localVarReturnValue, localVarHTTPResponse, newErr + } + if localVarHTTPResponse.StatusCode == 409 { + var v JsonError + err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type")) + if err != nil { + newErr.error = err.Error() + return localVarReturnValue, localVarHTTPResponse, newErr + } + newErr.model = v + return localVarReturnValue, localVarHTTPResponse, newErr + } + if localVarHTTPResponse.StatusCode == 500 { + var v JsonError + err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type")) + if err != nil { + newErr.error = err.Error() + return localVarReturnValue, localVarHTTPResponse, newErr + } + newErr.model = v + } + return localVarReturnValue, localVarHTTPResponse, newErr + } + + err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type")) + if err != nil { + newErr := &GenericOpenAPIError{ + body: localVarBody, + error: err.Error(), + } + return localVarReturnValue, localVarHTTPResponse, newErr + } + + return localVarReturnValue, localVarHTTPResponse, nil +} + type V0alpha2ApiApiAdminUpdateIdentityRequest struct { ctx context.Context ApiService V0alpha2Api diff --git a/internal/httpclient/docs/JsonPatch.md b/internal/httpclient/docs/JsonPatch.md new file mode 100644 index 000000000000..b114e8e914cc --- /dev/null +++ b/internal/httpclient/docs/JsonPatch.md @@ -0,0 +1,134 @@ +# JsonPatch + +## Properties + +Name | Type | Description | Notes +------------ | ------------- | ------------- | ------------- +**From** | Pointer to **string** | This field is used together with operation \"move\" and uses JSON Pointer notation. Learn more [about JSON Pointers](https://datatracker.ietf.org/doc/html/rfc6901#section-5). | [optional] +**Op** | **string** | The operation to be performed. One of \"add\", \"remove\", \"replace\", \"move\", \"copy\", or \"test\". | +**Path** | **string** | The path to the target path. Uses JSON pointer notation. Learn more [about JSON Pointers](https://datatracker.ietf.org/doc/html/rfc6901#section-5). | +**Value** | Pointer to **interface{}** | The value to be used within the operations. Learn more [about JSON Pointers](https://datatracker.ietf.org/doc/html/rfc6901#section-5). | [optional] + +## Methods + +### NewJsonPatch + +`func NewJsonPatch(op string, path string, ) *JsonPatch` + +NewJsonPatch instantiates a new JsonPatch object +This constructor will assign default values to properties that have it defined, +and makes sure properties required by API are set, but the set of arguments +will change when the set of required properties is changed + +### NewJsonPatchWithDefaults + +`func NewJsonPatchWithDefaults() *JsonPatch` + +NewJsonPatchWithDefaults instantiates a new JsonPatch object +This constructor will only assign default values to properties that have it defined, +but it doesn't guarantee that properties required by API are set + +### GetFrom + +`func (o *JsonPatch) GetFrom() string` + +GetFrom returns the From field if non-nil, zero value otherwise. + +### GetFromOk + +`func (o *JsonPatch) GetFromOk() (*string, bool)` + +GetFromOk returns a tuple with the From field if it's non-nil, zero value otherwise +and a boolean to check if the value has been set. + +### SetFrom + +`func (o *JsonPatch) SetFrom(v string)` + +SetFrom sets From field to given value. + +### HasFrom + +`func (o *JsonPatch) HasFrom() bool` + +HasFrom returns a boolean if a field has been set. + +### GetOp + +`func (o *JsonPatch) GetOp() string` + +GetOp returns the Op field if non-nil, zero value otherwise. + +### GetOpOk + +`func (o *JsonPatch) GetOpOk() (*string, bool)` + +GetOpOk returns a tuple with the Op field if it's non-nil, zero value otherwise +and a boolean to check if the value has been set. + +### SetOp + +`func (o *JsonPatch) SetOp(v string)` + +SetOp sets Op field to given value. + + +### GetPath + +`func (o *JsonPatch) GetPath() string` + +GetPath returns the Path field if non-nil, zero value otherwise. + +### GetPathOk + +`func (o *JsonPatch) GetPathOk() (*string, bool)` + +GetPathOk returns a tuple with the Path field if it's non-nil, zero value otherwise +and a boolean to check if the value has been set. + +### SetPath + +`func (o *JsonPatch) SetPath(v string)` + +SetPath sets Path field to given value. + + +### GetValue + +`func (o *JsonPatch) GetValue() interface{}` + +GetValue returns the Value field if non-nil, zero value otherwise. + +### GetValueOk + +`func (o *JsonPatch) GetValueOk() (*interface{}, bool)` + +GetValueOk returns a tuple with the Value field if it's non-nil, zero value otherwise +and a boolean to check if the value has been set. + +### SetValue + +`func (o *JsonPatch) SetValue(v interface{})` + +SetValue sets Value field to given value. + +### HasValue + +`func (o *JsonPatch) HasValue() bool` + +HasValue returns a boolean if a field has been set. + +### SetValueNil + +`func (o *JsonPatch) SetValueNil(b bool)` + + SetValueNil sets the value for Value to be an explicit nil + +### UnsetValue +`func (o *JsonPatch) UnsetValue()` + +UnsetValue ensures that no value is present for Value, not even an explicit nil + +[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md) + + diff --git a/internal/httpclient/docs/TokenPagination.md b/internal/httpclient/docs/TokenPagination.md new file mode 100644 index 000000000000..289eeaf56167 --- /dev/null +++ b/internal/httpclient/docs/TokenPagination.md @@ -0,0 +1,82 @@ +# TokenPagination + +## Properties + +Name | Type | Description | Notes +------------ | ------------- | ------------- | ------------- +**PageSize** | Pointer to **int64** | Items per page This is the number of items per page to return. For details on pagination please head over to the [pagination documentation](https://www.ory.sh/docs/ecosystem/api-design#pagination). | [optional] [default to 250] +**PageToken** | Pointer to **string** | Next Page Token The next page token. For details on pagination please head over to the [pagination documentation](https://www.ory.sh/docs/ecosystem/api-design#pagination). | [optional] [default to "1"] + +## Methods + +### NewTokenPagination + +`func NewTokenPagination() *TokenPagination` + +NewTokenPagination instantiates a new TokenPagination object +This constructor will assign default values to properties that have it defined, +and makes sure properties required by API are set, but the set of arguments +will change when the set of required properties is changed + +### NewTokenPaginationWithDefaults + +`func NewTokenPaginationWithDefaults() *TokenPagination` + +NewTokenPaginationWithDefaults instantiates a new TokenPagination object +This constructor will only assign default values to properties that have it defined, +but it doesn't guarantee that properties required by API are set + +### GetPageSize + +`func (o *TokenPagination) GetPageSize() int64` + +GetPageSize returns the PageSize field if non-nil, zero value otherwise. + +### GetPageSizeOk + +`func (o *TokenPagination) GetPageSizeOk() (*int64, bool)` + +GetPageSizeOk returns a tuple with the PageSize field if it's non-nil, zero value otherwise +and a boolean to check if the value has been set. + +### SetPageSize + +`func (o *TokenPagination) SetPageSize(v int64)` + +SetPageSize sets PageSize field to given value. + +### HasPageSize + +`func (o *TokenPagination) HasPageSize() bool` + +HasPageSize returns a boolean if a field has been set. + +### GetPageToken + +`func (o *TokenPagination) GetPageToken() string` + +GetPageToken returns the PageToken field if non-nil, zero value otherwise. + +### GetPageTokenOk + +`func (o *TokenPagination) GetPageTokenOk() (*string, bool)` + +GetPageTokenOk returns a tuple with the PageToken field if it's non-nil, zero value otherwise +and a boolean to check if the value has been set. + +### SetPageToken + +`func (o *TokenPagination) SetPageToken(v string)` + +SetPageToken sets PageToken field to given value. + +### HasPageToken + +`func (o *TokenPagination) HasPageToken() bool` + +HasPageToken returns a boolean if a field has been set. + + +[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md) + + diff --git a/internal/httpclient/docs/TokenPaginationHeaders.md b/internal/httpclient/docs/TokenPaginationHeaders.md new file mode 100644 index 000000000000..3934d35bb5f2 --- /dev/null +++ b/internal/httpclient/docs/TokenPaginationHeaders.md @@ -0,0 +1,82 @@ +# TokenPaginationHeaders + +## Properties + +Name | Type | Description | Notes +------------ | ------------- | ------------- | ------------- +**Link** | Pointer to **string** | The link header contains pagination links. For details on pagination please head over to the [pagination documentation](https://www.ory.sh/docs/ecosystem/api-design#pagination). in: header | [optional] +**XTotalCount** | Pointer to **string** | The total number of clients. in: header | [optional] + +## Methods + +### NewTokenPaginationHeaders + +`func NewTokenPaginationHeaders() *TokenPaginationHeaders` + +NewTokenPaginationHeaders instantiates a new TokenPaginationHeaders object +This constructor will assign default values to properties that have it defined, +and makes sure properties required by API are set, but the set of arguments +will change when the set of required properties is changed + +### NewTokenPaginationHeadersWithDefaults + +`func NewTokenPaginationHeadersWithDefaults() *TokenPaginationHeaders` + +NewTokenPaginationHeadersWithDefaults instantiates a new TokenPaginationHeaders object +This constructor will only assign default values to properties that have it defined, +but it doesn't guarantee that properties required by API are set + +### GetLink + +`func (o *TokenPaginationHeaders) GetLink() string` + +GetLink returns the Link field if non-nil, zero value otherwise. + +### GetLinkOk + +`func (o *TokenPaginationHeaders) GetLinkOk() (*string, bool)` + +GetLinkOk returns a tuple with the Link field if it's non-nil, zero value otherwise +and a boolean to check if the value has been set. + +### SetLink + +`func (o *TokenPaginationHeaders) SetLink(v string)` + +SetLink sets Link field to given value. + +### HasLink + +`func (o *TokenPaginationHeaders) HasLink() bool` + +HasLink returns a boolean if a field has been set. + +### GetXTotalCount + +`func (o *TokenPaginationHeaders) GetXTotalCount() string` + +GetXTotalCount returns the XTotalCount field if non-nil, zero value otherwise. + +### GetXTotalCountOk + +`func (o *TokenPaginationHeaders) GetXTotalCountOk() (*string, bool)` + +GetXTotalCountOk returns a tuple with the XTotalCount field if it's non-nil, zero value otherwise +and a boolean to check if the value has been set. + +### SetXTotalCount + +`func (o *TokenPaginationHeaders) SetXTotalCount(v string)` + +SetXTotalCount sets XTotalCount field to given value. + +### HasXTotalCount + +`func (o *TokenPaginationHeaders) HasXTotalCount() bool` + +HasXTotalCount returns a boolean if a field has been set. + + +[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md) + + diff --git a/internal/httpclient/docs/V0alpha2Api.md b/internal/httpclient/docs/V0alpha2Api.md index 8c5405f5db0a..ee4fb2f078fa 100644 --- a/internal/httpclient/docs/V0alpha2Api.md +++ b/internal/httpclient/docs/V0alpha2Api.md @@ -12,6 +12,7 @@ Method | HTTP request | Description [**AdminGetIdentity**](V0alpha2Api.md#AdminGetIdentity) | **Get** /admin/identities/{id} | Get an Identity [**AdminListIdentities**](V0alpha2Api.md#AdminListIdentities) | **Get** /admin/identities | List Identities [**AdminListIdentitySessions**](V0alpha2Api.md#AdminListIdentitySessions) | **Get** /admin/identities/{id}/sessions | This endpoint returns all sessions that belong to the given Identity. +[**AdminPatchIdentity**](V0alpha2Api.md#AdminPatchIdentity) | **Patch** /admin/identities/{id} | Partially updates an Identity's field using [JSON Patch](https://jsonpatch.com/) [**AdminUpdateIdentity**](V0alpha2Api.md#AdminUpdateIdentity) | **Put** /admin/identities/{id} | Update an Identity [**CreateSelfServiceLogoutFlowUrlForBrowsers**](V0alpha2Api.md#CreateSelfServiceLogoutFlowUrlForBrowsers) | **Get** /self-service/logout/browser | Create a Logout URL for Browsers [**GetJsonSchema**](V0alpha2Api.md#GetJsonSchema) | **Get** /schemas/{id} | @@ -601,6 +602,78 @@ Name | Type | Description | Notes [[Back to README]](../README.md) +## AdminPatchIdentity + +> Identity AdminPatchIdentity(ctx, id).JsonPatch(jsonPatch).Execute() + +Partially updates an Identity's field using [JSON Patch](https://jsonpatch.com/) + + + +### Example + +```go +package main + +import ( + "context" + "fmt" + "os" + openapiclient "./openapi" +) + +func main() { + id := "id_example" // string | ID must be set to the ID of identity you want to update + jsonPatch := []openapiclient.JsonPatch{*openapiclient.NewJsonPatch("replace", "/name")} // []JsonPatch | (optional) + + configuration := openapiclient.NewConfiguration() + apiClient := openapiclient.NewAPIClient(configuration) + resp, r, err := apiClient.V0alpha2Api.AdminPatchIdentity(context.Background(), id).JsonPatch(jsonPatch).Execute() + if err != nil { + fmt.Fprintf(os.Stderr, "Error when calling `V0alpha2Api.AdminPatchIdentity``: %v\n", err) + fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r) + } + // response from `AdminPatchIdentity`: Identity + fmt.Fprintf(os.Stdout, "Response from `V0alpha2Api.AdminPatchIdentity`: %v\n", resp) +} +``` + +### Path Parameters + + +Name | Type | Description | Notes +------------- | ------------- | ------------- | ------------- +**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc. +**id** | **string** | ID must be set to the ID of identity you want to update | + +### Other Parameters + +Other parameters are passed through a pointer to a apiAdminPatchIdentityRequest struct via the builder pattern + + +Name | Type | Description | Notes +------------- | ------------- | ------------- | ------------- + + **jsonPatch** | [**[]JsonPatch**](JsonPatch.md) | | + +### Return type + +[**Identity**](Identity.md) + +### Authorization + +[oryAccessToken](../README.md#oryAccessToken) + +### HTTP request headers + +- **Content-Type**: application/json +- **Accept**: application/json + +[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints) +[[Back to Model list]](../README.md#documentation-for-models) +[[Back to README]](../README.md) + + ## AdminUpdateIdentity > Identity AdminUpdateIdentity(ctx, id).AdminUpdateIdentityBody(adminUpdateIdentityBody).Execute() diff --git a/internal/httpclient/model_json_patch.go b/internal/httpclient/model_json_patch.go new file mode 100644 index 000000000000..aee9a4b4a44a --- /dev/null +++ b/internal/httpclient/model_json_patch.go @@ -0,0 +1,213 @@ +/* + * Ory Kratos API + * + * Documentation for all public and administrative Ory Kratos APIs. Public and administrative APIs are exposed on different ports. Public APIs can face the public internet without any protection while administrative APIs should never be exposed without prior authorization. To protect the administative API port you should use something like Nginx, Ory Oathkeeper, or any other technology capable of authorizing incoming requests. + * + * API version: 1.0.0 + * Contact: hi@ory.sh + */ + +// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT. + +package client + +import ( + "encoding/json" +) + +// JsonPatch A JSONPatch document as defined by RFC 6902 +type JsonPatch struct { + // This field is used together with operation \"move\" and uses JSON Pointer notation. Learn more [about JSON Pointers](https://datatracker.ietf.org/doc/html/rfc6901#section-5). + From *string `json:"from,omitempty"` + // The operation to be performed. One of \"add\", \"remove\", \"replace\", \"move\", \"copy\", or \"test\". + Op string `json:"op"` + // The path to the target path. Uses JSON pointer notation. Learn more [about JSON Pointers](https://datatracker.ietf.org/doc/html/rfc6901#section-5). + Path string `json:"path"` + // The value to be used within the operations. Learn more [about JSON Pointers](https://datatracker.ietf.org/doc/html/rfc6901#section-5). + Value interface{} `json:"value,omitempty"` +} + +// NewJsonPatch instantiates a new JsonPatch object +// This constructor will assign default values to properties that have it defined, +// and makes sure properties required by API are set, but the set of arguments +// will change when the set of required properties is changed +func NewJsonPatch(op string, path string) *JsonPatch { + this := JsonPatch{} + this.Op = op + this.Path = path + return &this +} + +// NewJsonPatchWithDefaults instantiates a new JsonPatch object +// This constructor will only assign default values to properties that have it defined, +// but it doesn't guarantee that properties required by API are set +func NewJsonPatchWithDefaults() *JsonPatch { + this := JsonPatch{} + return &this +} + +// GetFrom returns the From field value if set, zero value otherwise. +func (o *JsonPatch) GetFrom() string { + if o == nil || o.From == nil { + var ret string + return ret + } + return *o.From +} + +// GetFromOk returns a tuple with the From field value if set, nil otherwise +// and a boolean to check if the value has been set. +func (o *JsonPatch) GetFromOk() (*string, bool) { + if o == nil || o.From == nil { + return nil, false + } + return o.From, true +} + +// HasFrom returns a boolean if a field has been set. +func (o *JsonPatch) HasFrom() bool { + if o != nil && o.From != nil { + return true + } + + return false +} + +// SetFrom gets a reference to the given string and assigns it to the From field. +func (o *JsonPatch) SetFrom(v string) { + o.From = &v +} + +// GetOp returns the Op field value +func (o *JsonPatch) GetOp() string { + if o == nil { + var ret string + return ret + } + + return o.Op +} + +// GetOpOk returns a tuple with the Op field value +// and a boolean to check if the value has been set. +func (o *JsonPatch) GetOpOk() (*string, bool) { + if o == nil { + return nil, false + } + return &o.Op, true +} + +// SetOp sets field value +func (o *JsonPatch) SetOp(v string) { + o.Op = v +} + +// GetPath returns the Path field value +func (o *JsonPatch) GetPath() string { + if o == nil { + var ret string + return ret + } + + return o.Path +} + +// GetPathOk returns a tuple with the Path field value +// and a boolean to check if the value has been set. +func (o *JsonPatch) GetPathOk() (*string, bool) { + if o == nil { + return nil, false + } + return &o.Path, true +} + +// SetPath sets field value +func (o *JsonPatch) SetPath(v string) { + o.Path = v +} + +// GetValue returns the Value field value if set, zero value otherwise (both if not set or set to explicit null). +func (o *JsonPatch) GetValue() interface{} { + if o == nil { + var ret interface{} + return ret + } + return o.Value +} + +// GetValueOk returns a tuple with the Value field value if set, nil otherwise +// and a boolean to check if the value has been set. +// NOTE: If the value is an explicit nil, `nil, true` will be returned +func (o *JsonPatch) GetValueOk() (*interface{}, bool) { + if o == nil || o.Value == nil { + return nil, false + } + return &o.Value, true +} + +// HasValue returns a boolean if a field has been set. +func (o *JsonPatch) HasValue() bool { + if o != nil && o.Value != nil { + return true + } + + return false +} + +// SetValue gets a reference to the given interface{} and assigns it to the Value field. +func (o *JsonPatch) SetValue(v interface{}) { + o.Value = v +} + +func (o JsonPatch) MarshalJSON() ([]byte, error) { + toSerialize := map[string]interface{}{} + if o.From != nil { + toSerialize["from"] = o.From + } + if true { + toSerialize["op"] = o.Op + } + if true { + toSerialize["path"] = o.Path + } + if o.Value != nil { + toSerialize["value"] = o.Value + } + return json.Marshal(toSerialize) +} + +type NullableJsonPatch struct { + value *JsonPatch + isSet bool +} + +func (v NullableJsonPatch) Get() *JsonPatch { + return v.value +} + +func (v *NullableJsonPatch) Set(val *JsonPatch) { + v.value = val + v.isSet = true +} + +func (v NullableJsonPatch) IsSet() bool { + return v.isSet +} + +func (v *NullableJsonPatch) Unset() { + v.value = nil + v.isSet = false +} + +func NewNullableJsonPatch(val *JsonPatch) *NullableJsonPatch { + return &NullableJsonPatch{value: val, isSet: true} +} + +func (v NullableJsonPatch) MarshalJSON() ([]byte, error) { + return json.Marshal(v.value) +} + +func (v *NullableJsonPatch) UnmarshalJSON(src []byte) error { + v.isSet = true + return json.Unmarshal(src, &v.value) +} diff --git a/internal/httpclient/model_token_pagination.go b/internal/httpclient/model_token_pagination.go new file mode 100644 index 000000000000..f7316ad36824 --- /dev/null +++ b/internal/httpclient/model_token_pagination.go @@ -0,0 +1,160 @@ +/* + * Ory Kratos API + * + * Documentation for all public and administrative Ory Kratos APIs. Public and administrative APIs are exposed on different ports. Public APIs can face the public internet without any protection while administrative APIs should never be exposed without prior authorization. To protect the administative API port you should use something like Nginx, Ory Oathkeeper, or any other technology capable of authorizing incoming requests. + * + * API version: 1.0.0 + * Contact: hi@ory.sh + */ + +// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT. + +package client + +import ( + "encoding/json" +) + +// TokenPagination struct for TokenPagination +type TokenPagination struct { + // Items per page This is the number of items per page to return. For details on pagination please head over to the [pagination documentation](https://www.ory.sh/docs/ecosystem/api-design#pagination). + PageSize *int64 `json:"page_size,omitempty"` + // Next Page Token The next page token. For details on pagination please head over to the [pagination documentation](https://www.ory.sh/docs/ecosystem/api-design#pagination). + PageToken *string `json:"page_token,omitempty"` +} + +// NewTokenPagination instantiates a new TokenPagination object +// This constructor will assign default values to properties that have it defined, +// and makes sure properties required by API are set, but the set of arguments +// will change when the set of required properties is changed +func NewTokenPagination() *TokenPagination { + this := TokenPagination{} + var pageSize int64 = 250 + this.PageSize = &pageSize + var pageToken string = "1" + this.PageToken = &pageToken + return &this +} + +// NewTokenPaginationWithDefaults instantiates a new TokenPagination object +// This constructor will only assign default values to properties that have it defined, +// but it doesn't guarantee that properties required by API are set +func NewTokenPaginationWithDefaults() *TokenPagination { + this := TokenPagination{} + var pageSize int64 = 250 + this.PageSize = &pageSize + var pageToken string = "1" + this.PageToken = &pageToken + return &this +} + +// GetPageSize returns the PageSize field value if set, zero value otherwise. +func (o *TokenPagination) GetPageSize() int64 { + if o == nil || o.PageSize == nil { + var ret int64 + return ret + } + return *o.PageSize +} + +// GetPageSizeOk returns a tuple with the PageSize field value if set, nil otherwise +// and a boolean to check if the value has been set. +func (o *TokenPagination) GetPageSizeOk() (*int64, bool) { + if o == nil || o.PageSize == nil { + return nil, false + } + return o.PageSize, true +} + +// HasPageSize returns a boolean if a field has been set. +func (o *TokenPagination) HasPageSize() bool { + if o != nil && o.PageSize != nil { + return true + } + + return false +} + +// SetPageSize gets a reference to the given int64 and assigns it to the PageSize field. +func (o *TokenPagination) SetPageSize(v int64) { + o.PageSize = &v +} + +// GetPageToken returns the PageToken field value if set, zero value otherwise. +func (o *TokenPagination) GetPageToken() string { + if o == nil || o.PageToken == nil { + var ret string + return ret + } + return *o.PageToken +} + +// GetPageTokenOk returns a tuple with the PageToken field value if set, nil otherwise +// and a boolean to check if the value has been set. +func (o *TokenPagination) GetPageTokenOk() (*string, bool) { + if o == nil || o.PageToken == nil { + return nil, false + } + return o.PageToken, true +} + +// HasPageToken returns a boolean if a field has been set. +func (o *TokenPagination) HasPageToken() bool { + if o != nil && o.PageToken != nil { + return true + } + + return false +} + +// SetPageToken gets a reference to the given string and assigns it to the PageToken field. +func (o *TokenPagination) SetPageToken(v string) { + o.PageToken = &v +} + +func (o TokenPagination) MarshalJSON() ([]byte, error) { + toSerialize := map[string]interface{}{} + if o.PageSize != nil { + toSerialize["page_size"] = o.PageSize + } + if o.PageToken != nil { + toSerialize["page_token"] = o.PageToken + } + return json.Marshal(toSerialize) +} + +type NullableTokenPagination struct { + value *TokenPagination + isSet bool +} + +func (v NullableTokenPagination) Get() *TokenPagination { + return v.value +} + +func (v *NullableTokenPagination) Set(val *TokenPagination) { + v.value = val + v.isSet = true +} + +func (v NullableTokenPagination) IsSet() bool { + return v.isSet +} + +func (v *NullableTokenPagination) Unset() { + v.value = nil + v.isSet = false +} + +func NewNullableTokenPagination(val *TokenPagination) *NullableTokenPagination { + return &NullableTokenPagination{value: val, isSet: true} +} + +func (v NullableTokenPagination) MarshalJSON() ([]byte, error) { + return json.Marshal(v.value) +} + +func (v *NullableTokenPagination) UnmarshalJSON(src []byte) error { + v.isSet = true + return json.Unmarshal(src, &v.value) +} diff --git a/internal/httpclient/model_token_pagination_headers.go b/internal/httpclient/model_token_pagination_headers.go new file mode 100644 index 000000000000..d532bacac55f --- /dev/null +++ b/internal/httpclient/model_token_pagination_headers.go @@ -0,0 +1,152 @@ +/* + * Ory Kratos API + * + * Documentation for all public and administrative Ory Kratos APIs. Public and administrative APIs are exposed on different ports. Public APIs can face the public internet without any protection while administrative APIs should never be exposed without prior authorization. To protect the administative API port you should use something like Nginx, Ory Oathkeeper, or any other technology capable of authorizing incoming requests. + * + * API version: 1.0.0 + * Contact: hi@ory.sh + */ + +// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT. + +package client + +import ( + "encoding/json" +) + +// TokenPaginationHeaders struct for TokenPaginationHeaders +type TokenPaginationHeaders struct { + // The link header contains pagination links. For details on pagination please head over to the [pagination documentation](https://www.ory.sh/docs/ecosystem/api-design#pagination). in: header + Link *string `json:"link,omitempty"` + // The total number of clients. in: header + XTotalCount *string `json:"x-total-count,omitempty"` +} + +// NewTokenPaginationHeaders instantiates a new TokenPaginationHeaders object +// This constructor will assign default values to properties that have it defined, +// and makes sure properties required by API are set, but the set of arguments +// will change when the set of required properties is changed +func NewTokenPaginationHeaders() *TokenPaginationHeaders { + this := TokenPaginationHeaders{} + return &this +} + +// NewTokenPaginationHeadersWithDefaults instantiates a new TokenPaginationHeaders object +// This constructor will only assign default values to properties that have it defined, +// but it doesn't guarantee that properties required by API are set +func NewTokenPaginationHeadersWithDefaults() *TokenPaginationHeaders { + this := TokenPaginationHeaders{} + return &this +} + +// GetLink returns the Link field value if set, zero value otherwise. +func (o *TokenPaginationHeaders) GetLink() string { + if o == nil || o.Link == nil { + var ret string + return ret + } + return *o.Link +} + +// GetLinkOk returns a tuple with the Link field value if set, nil otherwise +// and a boolean to check if the value has been set. +func (o *TokenPaginationHeaders) GetLinkOk() (*string, bool) { + if o == nil || o.Link == nil { + return nil, false + } + return o.Link, true +} + +// HasLink returns a boolean if a field has been set. +func (o *TokenPaginationHeaders) HasLink() bool { + if o != nil && o.Link != nil { + return true + } + + return false +} + +// SetLink gets a reference to the given string and assigns it to the Link field. +func (o *TokenPaginationHeaders) SetLink(v string) { + o.Link = &v +} + +// GetXTotalCount returns the XTotalCount field value if set, zero value otherwise. +func (o *TokenPaginationHeaders) GetXTotalCount() string { + if o == nil || o.XTotalCount == nil { + var ret string + return ret + } + return *o.XTotalCount +} + +// GetXTotalCountOk returns a tuple with the XTotalCount field value if set, nil otherwise +// and a boolean to check if the value has been set. +func (o *TokenPaginationHeaders) GetXTotalCountOk() (*string, bool) { + if o == nil || o.XTotalCount == nil { + return nil, false + } + return o.XTotalCount, true +} + +// HasXTotalCount returns a boolean if a field has been set. +func (o *TokenPaginationHeaders) HasXTotalCount() bool { + if o != nil && o.XTotalCount != nil { + return true + } + + return false +} + +// SetXTotalCount gets a reference to the given string and assigns it to the XTotalCount field. +func (o *TokenPaginationHeaders) SetXTotalCount(v string) { + o.XTotalCount = &v +} + +func (o TokenPaginationHeaders) MarshalJSON() ([]byte, error) { + toSerialize := map[string]interface{}{} + if o.Link != nil { + toSerialize["link"] = o.Link + } + if o.XTotalCount != nil { + toSerialize["x-total-count"] = o.XTotalCount + } + return json.Marshal(toSerialize) +} + +type NullableTokenPaginationHeaders struct { + value *TokenPaginationHeaders + isSet bool +} + +func (v NullableTokenPaginationHeaders) Get() *TokenPaginationHeaders { + return v.value +} + +func (v *NullableTokenPaginationHeaders) Set(val *TokenPaginationHeaders) { + v.value = val + v.isSet = true +} + +func (v NullableTokenPaginationHeaders) IsSet() bool { + return v.isSet +} + +func (v *NullableTokenPaginationHeaders) Unset() { + v.value = nil + v.isSet = false +} + +func NewNullableTokenPaginationHeaders(val *TokenPaginationHeaders) *NullableTokenPaginationHeaders { + return &NullableTokenPaginationHeaders{value: val, isSet: true} +} + +func (v NullableTokenPaginationHeaders) MarshalJSON() ([]byte, error) { + return json.Marshal(v.value) +} + +func (v *NullableTokenPaginationHeaders) UnmarshalJSON(src []byte) error { + v.isSet = true + return json.Unmarshal(src, &v.value) +} diff --git a/spec/api.json b/spec/api.json index 19241a7c8969..84ffab26d692 100755 --- a/spec/api.json +++ b/spec/api.json @@ -569,6 +569,42 @@ "title": "JSON API Error Response", "type": "object" }, + "jsonPatch": { + "description": "A JSONPatch document as defined by RFC 6902", + "properties": { + "from": { + "description": "This field is used together with operation \"move\" and uses JSON Pointer notation.\n\nLearn more [about JSON Pointers](https://datatracker.ietf.org/doc/html/rfc6901#section-5).", + "example": "/name", + "type": "string" + }, + "op": { + "description": "The operation to be performed. One of \"add\", \"remove\", \"replace\", \"move\", \"copy\", or \"test\".", + "example": "replace", + "type": "string" + }, + "path": { + "description": "The path to the target path. Uses JSON pointer notation.\n\nLearn more [about JSON Pointers](https://datatracker.ietf.org/doc/html/rfc6901#section-5).", + "example": "/name", + "type": "string" + }, + "value": { + "description": "The value to be used within the operations.\n\nLearn more [about JSON Pointers](https://datatracker.ietf.org/doc/html/rfc6901#section-5).", + "example": "foobar" + } + }, + "required": [ + "op", + "path" + ], + "type": "object" + }, + "jsonPatchDocument": { + "description": "A JSONPatchDocument request", + "items": { + "$ref": "#/components/schemas/jsonPatch" + }, + "type": "array" + }, "jsonSchema": { "description": "Raw JSON Schema", "type": "object" @@ -1818,6 +1854,38 @@ ], "type": "object" }, + "tokenPagination": { + "properties": { + "page_size": { + "default": 250, + "description": "Items per page\n\nThis is the number of items per page to return.\nFor details on pagination please head over to the [pagination documentation](https://www.ory.sh/docs/ecosystem/api-design#pagination).", + "format": "int64", + "maximum": 1000, + "minimum": 1, + "type": "integer" + }, + "page_token": { + "default": "1", + "description": "Next Page Token\n\nThe next page token.\nFor details on pagination please head over to the [pagination documentation](https://www.ory.sh/docs/ecosystem/api-design#pagination).", + "minimum": 1, + "type": "string" + } + }, + "type": "object" + }, + "tokenPaginationHeaders": { + "properties": { + "link": { + "description": "The link header contains pagination links.\n\nFor details on pagination please head over to the [pagination documentation](https://www.ory.sh/docs/ecosystem/api-design#pagination).\n\nin: header", + "type": "string" + }, + "x-total-count": { + "description": "The total number of clients.\n\nin: header", + "type": "string" + } + }, + "type": "object" + }, "uiContainer": { "description": "Container represents a HTML Form. The container can work with both HTTP Form and JSON requests", "properties": { @@ -2525,6 +2593,92 @@ "v0alpha2" ] }, + "patch": { + "description": "NOTE: The fields `id`, `stateChangedAt` and `credentials` are not updateable.\n\nLearn how identities work in [Ory Kratos' User And Identity Model Documentation](https://www.ory.sh/docs/next/kratos/concepts/identity-user-model).", + "operationId": "adminPatchIdentity", + "parameters": [ + { + "description": "ID must be set to the ID of identity you want to update", + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/jsonPatchDocument" + } + } + }, + "x-originalParamName": "Body" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/identity" + } + } + }, + "description": "identity" + }, + "400": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/jsonError" + } + } + }, + "description": "jsonError" + }, + "404": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/jsonError" + } + } + }, + "description": "jsonError" + }, + "409": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/jsonError" + } + } + }, + "description": "jsonError" + }, + "500": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/jsonError" + } + } + }, + "description": "jsonError" + } + }, + "security": [ + { + "oryAccessToken": [] + } + ], + "summary": "Partially updates an Identity's field using [JSON Patch](https://jsonpatch.com/)", + "tags": [ + "v0alpha2" + ] + }, "put": { "description": "This endpoint updates an identity. The full identity payload (except credentials) is expected. This endpoint does not support patching.\n\nLearn how identities work in [Ory Kratos' User And Identity Model Documentation](https://www.ory.sh/docs/next/kratos/concepts/identity-user-model).", "operationId": "adminUpdateIdentity", diff --git a/spec/swagger.json b/spec/swagger.json index d5eb0261603d..39db68328f68 100755 --- a/spec/swagger.json +++ b/spec/swagger.json @@ -336,6 +336,77 @@ } } } + }, + "patch": { + "security": [ + { + "oryAccessToken": [] + } + ], + "description": "NOTE: The fields `id`, `stateChangedAt` and `credentials` are not updateable.\n\nLearn how identities work in [Ory Kratos' User And Identity Model Documentation](https://www.ory.sh/docs/next/kratos/concepts/identity-user-model).", + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "schemes": [ + "http", + "https" + ], + "tags": [ + "v0alpha2" + ], + "summary": "Partially updates an Identity's field using [JSON Patch](https://jsonpatch.com/)", + "operationId": "adminPatchIdentity", + "parameters": [ + { + "type": "string", + "description": "ID must be set to the ID of identity you want to update", + "name": "id", + "in": "path", + "required": true + }, + { + "name": "Body", + "in": "body", + "schema": { + "$ref": "#/definitions/jsonPatchDocument" + } + } + ], + "responses": { + "200": { + "description": "identity", + "schema": { + "$ref": "#/definitions/identity" + } + }, + "400": { + "description": "jsonError", + "schema": { + "$ref": "#/definitions/jsonError" + } + }, + "404": { + "description": "jsonError", + "schema": { + "$ref": "#/definitions/jsonError" + } + }, + "409": { + "description": "jsonError", + "schema": { + "$ref": "#/definitions/jsonError" + } + }, + "500": { + "description": "jsonError", + "schema": { + "$ref": "#/definitions/jsonError" + } + } + } } }, "/admin/identities/{id}/sessions": { @@ -2927,6 +2998,43 @@ } } }, + "jsonPatch": { + "description": "A JSONPatch document as defined by RFC 6902", + "type": "object", + "required": [ + "op", + "path" + ], + "properties": { + "from": { + "description": "This field is used together with operation \"move\" and uses JSON Pointer notation.\n\nLearn more [about JSON Pointers](https://datatracker.ietf.org/doc/html/rfc6901#section-5).", + "type": "string", + "example": "/name" + }, + "op": { + "description": "The operation to be performed. One of \"add\", \"remove\", \"replace\", \"move\", \"copy\", or \"test\".", + "type": "string", + "example": "replace" + }, + "path": { + "description": "The path to the target path. Uses JSON pointer notation.\n\nLearn more [about JSON Pointers](https://datatracker.ietf.org/doc/html/rfc6901#section-5).", + "type": "string", + "example": "/name" + }, + "value": { + "description": "The value to be used within the operations.\n\nLearn more [about JSON Pointers](https://datatracker.ietf.org/doc/html/rfc6901#section-5).", + "type": "object", + "example": "foobar" + } + } + }, + "jsonPatchDocument": { + "description": "A JSONPatchDocument request", + "type": "array", + "items": { + "$ref": "#/definitions/jsonPatch" + } + }, "jsonSchema": { "description": "Raw JSON Schema", "type": "object" @@ -4057,6 +4165,38 @@ } } }, + "tokenPagination": { + "type": "object", + "properties": { + "page_size": { + "description": "Items per page\n\nThis is the number of items per page to return.\nFor details on pagination please head over to the [pagination documentation](https://www.ory.sh/docs/ecosystem/api-design#pagination).", + "type": "integer", + "format": "int64", + "default": 250, + "maximum": 1000, + "minimum": 1 + }, + "page_token": { + "description": "Next Page Token\n\nThe next page token.\nFor details on pagination please head over to the [pagination documentation](https://www.ory.sh/docs/ecosystem/api-design#pagination).", + "type": "string", + "default": "1", + "minimum": 1 + } + } + }, + "tokenPaginationHeaders": { + "type": "object", + "properties": { + "link": { + "description": "The link header contains pagination links.\n\nFor details on pagination please head over to the [pagination documentation](https://www.ory.sh/docs/ecosystem/api-design#pagination).\n\nin: header", + "type": "string" + }, + "x-total-count": { + "description": "The total number of clients.\n\nin: header", + "type": "string" + } + } + }, "uiContainer": { "description": "Container represents a HTML Form. The container can work with both HTTP Form and JSON requests", "type": "object", From 8dc2ecf4919c9a14ef0bd089677de66ab3cfed92 Mon Sep 17 00:00:00 2001 From: hackerman <3372410+aeneasr@users.noreply.github.com> Date: Thu, 21 Jul 2022 12:19:58 +0200 Subject: [PATCH 173/411] refactor(sdk): rename `getJsonSchema` to `getIdentitySchema` (#2606) BREAKING CHANGE: SDK Method `getJsonSchema` was renamed to `getIdentitySchema`. --- cmd/identities/validate.go | 2 +- internal/httpclient/.openapi-generator/FILES | 4 +- internal/httpclient/README.md | 4 +- internal/httpclient/api/openapi.yaml | 16 +++--- internal/httpclient/api_v0alpha2.go | 40 ++++++------- ...tySchema.md => IdentitySchemaContainer.md} | 32 +++++------ internal/httpclient/docs/V0alpha2Api.md | 22 ++++---- ....go => model_identity_schema_container.go} | 56 +++++++++---------- schema/handler.go | 28 +++++----- spec/api.json | 19 +++---- spec/swagger.json | 19 +++---- 11 files changed, 120 insertions(+), 122 deletions(-) rename internal/httpclient/docs/{IdentitySchema.md => IdentitySchemaContainer.md} (59%) rename internal/httpclient/{model_identity_schema.go => model_identity_schema_container.go} (61%) diff --git a/cmd/identities/validate.go b/cmd/identities/validate.go index 9fecda24cf82..7f14426357df 100644 --- a/cmd/identities/validate.go +++ b/cmd/identities/validate.go @@ -53,7 +53,7 @@ Identities can be supplied via STD_IN or JSON files containing a single or an ar for src, i := range is { err = ValidateIdentity(cmd, src, i, func(ctx context.Context, id string) (map[string]interface{}, *http.Response, error) { - return c.V0alpha2Api.GetJsonSchema(ctx, id).Execute() + return c.V0alpha2Api.GetIdentitySchema(ctx, id).Execute() }) if err != nil { return err diff --git a/internal/httpclient/.openapi-generator/FILES b/internal/httpclient/.openapi-generator/FILES index 7c425b3a629c..53993154b1db 100644 --- a/internal/httpclient/.openapi-generator/FILES +++ b/internal/httpclient/.openapi-generator/FILES @@ -27,7 +27,7 @@ docs/IdentityCredentialsOidc.md docs/IdentityCredentialsOidcProvider.md docs/IdentityCredentialsPassword.md docs/IdentityCredentialsType.md -docs/IdentitySchema.md +docs/IdentitySchemaContainer.md docs/IdentityState.md docs/InlineResponse200.md docs/InlineResponse2001.md @@ -119,7 +119,7 @@ model_identity_credentials_oidc.go model_identity_credentials_oidc_provider.go model_identity_credentials_password.go model_identity_credentials_type.go -model_identity_schema.go +model_identity_schema_container.go model_identity_state.go model_inline_response_200.go model_inline_response_200_1.go diff --git a/internal/httpclient/README.md b/internal/httpclient/README.md index 3f32f8f61454..37a9fb01a3a3 100644 --- a/internal/httpclient/README.md +++ b/internal/httpclient/README.md @@ -97,7 +97,7 @@ Class | Method | HTTP request | Description *V0alpha2Api* | [**AdminPatchIdentity**](docs/V0alpha2Api.md#adminpatchidentity) | **Patch** /admin/identities/{id} | Partially updates an Identity's field using [JSON Patch](https://jsonpatch.com/) *V0alpha2Api* | [**AdminUpdateIdentity**](docs/V0alpha2Api.md#adminupdateidentity) | **Put** /admin/identities/{id} | Update an Identity *V0alpha2Api* | [**CreateSelfServiceLogoutFlowUrlForBrowsers**](docs/V0alpha2Api.md#createselfservicelogoutflowurlforbrowsers) | **Get** /self-service/logout/browser | Create a Logout URL for Browsers -*V0alpha2Api* | [**GetJsonSchema**](docs/V0alpha2Api.md#getjsonschema) | **Get** /schemas/{id} | +*V0alpha2Api* | [**GetIdentitySchema**](docs/V0alpha2Api.md#getidentityschema) | **Get** /schemas/{id} | *V0alpha2Api* | [**GetSelfServiceError**](docs/V0alpha2Api.md#getselfserviceerror) | **Get** /self-service/errors | Get Self-Service Errors *V0alpha2Api* | [**GetSelfServiceLoginFlow**](docs/V0alpha2Api.md#getselfserviceloginflow) | **Get** /self-service/login/flows | Get Login Flow *V0alpha2Api* | [**GetSelfServiceRecoveryFlow**](docs/V0alpha2Api.md#getselfservicerecoveryflow) | **Get** /self-service/recovery/flows | Get Recovery Flow @@ -151,7 +151,7 @@ Class | Method | HTTP request | Description - [IdentityCredentialsOidcProvider](docs/IdentityCredentialsOidcProvider.md) - [IdentityCredentialsPassword](docs/IdentityCredentialsPassword.md) - [IdentityCredentialsType](docs/IdentityCredentialsType.md) - - [IdentitySchema](docs/IdentitySchema.md) + - [IdentitySchemaContainer](docs/IdentitySchemaContainer.md) - [IdentityState](docs/IdentityState.md) - [InlineResponse200](docs/InlineResponse200.md) - [InlineResponse2001](docs/InlineResponse2001.md) diff --git a/internal/httpclient/api/openapi.yaml b/internal/httpclient/api/openapi.yaml index 8d8422453c82..612b46960baa 100644 --- a/internal/httpclient/api/openapi.yaml +++ b/internal/httpclient/api/openapi.yaml @@ -678,7 +678,7 @@ paths: /schemas/{id}: get: description: Get a JSON Schema - operationId: getJsonSchema + operationId: getIdentitySchema parameters: - description: ID must be set to the ID of schema you want to get explode: false @@ -693,8 +693,8 @@ paths: content: application/json: schema: - $ref: '#/components/schemas/jsonSchema' - description: jsonSchema + $ref: '#/components/schemas/identitySchema' + description: identitySchema "404": content: application/json: @@ -3379,6 +3379,9 @@ components: title: A list of identities. type: array identitySchema: + description: Raw JSON Schema + type: object + identitySchemaContainer: example: schema: '{}' id: id @@ -3387,13 +3390,13 @@ components: description: The ID of the Identity JSON Schema type: string schema: - description: The actual Identity JSON Schema + description: Raw JSON Schema type: object type: object identitySchemas: description: Raw identity Schema list items: - $ref: '#/components/schemas/identitySchema' + $ref: '#/components/schemas/identitySchemaContainer' type: array identityState: description: The state can either be `active` or `inactive`. @@ -3461,9 +3464,6 @@ components: items: $ref: '#/components/schemas/jsonPatch' type: array - jsonSchema: - description: Raw JSON Schema - type: object needsPrivilegedSessionError: properties: code: diff --git a/internal/httpclient/api_v0alpha2.go b/internal/httpclient/api_v0alpha2.go index ed008fe45eff..119f75ed5d13 100644 --- a/internal/httpclient/api_v0alpha2.go +++ b/internal/httpclient/api_v0alpha2.go @@ -212,19 +212,19 @@ type V0alpha2Api interface { CreateSelfServiceLogoutFlowUrlForBrowsersExecute(r V0alpha2ApiApiCreateSelfServiceLogoutFlowUrlForBrowsersRequest) (*SelfServiceLogoutUrl, *http.Response, error) /* - * GetJsonSchema Method for GetJsonSchema + * GetIdentitySchema Method for GetIdentitySchema * Get a JSON Schema * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). * @param id ID must be set to the ID of schema you want to get - * @return V0alpha2ApiApiGetJsonSchemaRequest + * @return V0alpha2ApiApiGetIdentitySchemaRequest */ - GetJsonSchema(ctx context.Context, id string) V0alpha2ApiApiGetJsonSchemaRequest + GetIdentitySchema(ctx context.Context, id string) V0alpha2ApiApiGetIdentitySchemaRequest /* - * GetJsonSchemaExecute executes the request + * GetIdentitySchemaExecute executes the request * @return map[string]interface{} */ - GetJsonSchemaExecute(r V0alpha2ApiApiGetJsonSchemaRequest) (map[string]interface{}, *http.Response, error) + GetIdentitySchemaExecute(r V0alpha2ApiApiGetIdentitySchemaRequest) (map[string]interface{}, *http.Response, error) /* * GetSelfServiceError Get Self-Service Errors @@ -747,9 +747,9 @@ type V0alpha2Api interface { /* * ListIdentitySchemasExecute executes the request - * @return []IdentitySchema + * @return []IdentitySchemaContainer */ - ListIdentitySchemasExecute(r V0alpha2ApiApiListIdentitySchemasRequest) ([]IdentitySchema, *http.Response, error) + ListIdentitySchemasExecute(r V0alpha2ApiApiListIdentitySchemasRequest) ([]IdentitySchemaContainer, *http.Response, error) /* * ListSessions This endpoints returns all other active sessions that belong to the logged-in user. The current session can be retrieved by calling the `/sessions/whoami` endpoint. @@ -2787,25 +2787,25 @@ func (a *V0alpha2ApiService) CreateSelfServiceLogoutFlowUrlForBrowsersExecute(r return localVarReturnValue, localVarHTTPResponse, nil } -type V0alpha2ApiApiGetJsonSchemaRequest struct { +type V0alpha2ApiApiGetIdentitySchemaRequest struct { ctx context.Context ApiService V0alpha2Api id string } -func (r V0alpha2ApiApiGetJsonSchemaRequest) Execute() (map[string]interface{}, *http.Response, error) { - return r.ApiService.GetJsonSchemaExecute(r) +func (r V0alpha2ApiApiGetIdentitySchemaRequest) Execute() (map[string]interface{}, *http.Response, error) { + return r.ApiService.GetIdentitySchemaExecute(r) } /* - * GetJsonSchema Method for GetJsonSchema + * GetIdentitySchema Method for GetIdentitySchema * Get a JSON Schema * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). * @param id ID must be set to the ID of schema you want to get - * @return V0alpha2ApiApiGetJsonSchemaRequest + * @return V0alpha2ApiApiGetIdentitySchemaRequest */ -func (a *V0alpha2ApiService) GetJsonSchema(ctx context.Context, id string) V0alpha2ApiApiGetJsonSchemaRequest { - return V0alpha2ApiApiGetJsonSchemaRequest{ +func (a *V0alpha2ApiService) GetIdentitySchema(ctx context.Context, id string) V0alpha2ApiApiGetIdentitySchemaRequest { + return V0alpha2ApiApiGetIdentitySchemaRequest{ ApiService: a, ctx: ctx, id: id, @@ -2816,7 +2816,7 @@ func (a *V0alpha2ApiService) GetJsonSchema(ctx context.Context, id string) V0alp * Execute executes the request * @return map[string]interface{} */ -func (a *V0alpha2ApiService) GetJsonSchemaExecute(r V0alpha2ApiApiGetJsonSchemaRequest) (map[string]interface{}, *http.Response, error) { +func (a *V0alpha2ApiService) GetIdentitySchemaExecute(r V0alpha2ApiApiGetIdentitySchemaRequest) (map[string]interface{}, *http.Response, error) { var ( localVarHTTPMethod = http.MethodGet localVarPostBody interface{} @@ -2826,7 +2826,7 @@ func (a *V0alpha2ApiService) GetJsonSchemaExecute(r V0alpha2ApiApiGetJsonSchemaR localVarReturnValue map[string]interface{} ) - localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "V0alpha2ApiService.GetJsonSchema") + localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "V0alpha2ApiService.GetIdentitySchema") if err != nil { return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()} } @@ -5524,7 +5524,7 @@ func (r V0alpha2ApiApiListIdentitySchemasRequest) Page(page int64) V0alpha2ApiAp return r } -func (r V0alpha2ApiApiListIdentitySchemasRequest) Execute() ([]IdentitySchema, *http.Response, error) { +func (r V0alpha2ApiApiListIdentitySchemasRequest) Execute() ([]IdentitySchemaContainer, *http.Response, error) { return r.ApiService.ListIdentitySchemasExecute(r) } @@ -5543,16 +5543,16 @@ func (a *V0alpha2ApiService) ListIdentitySchemas(ctx context.Context) V0alpha2Ap /* * Execute executes the request - * @return []IdentitySchema + * @return []IdentitySchemaContainer */ -func (a *V0alpha2ApiService) ListIdentitySchemasExecute(r V0alpha2ApiApiListIdentitySchemasRequest) ([]IdentitySchema, *http.Response, error) { +func (a *V0alpha2ApiService) ListIdentitySchemasExecute(r V0alpha2ApiApiListIdentitySchemasRequest) ([]IdentitySchemaContainer, *http.Response, error) { var ( localVarHTTPMethod = http.MethodGet localVarPostBody interface{} localVarFormFileName string localVarFileName string localVarFileBytes []byte - localVarReturnValue []IdentitySchema + localVarReturnValue []IdentitySchemaContainer ) localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "V0alpha2ApiService.ListIdentitySchemas") diff --git a/internal/httpclient/docs/IdentitySchema.md b/internal/httpclient/docs/IdentitySchemaContainer.md similarity index 59% rename from internal/httpclient/docs/IdentitySchema.md rename to internal/httpclient/docs/IdentitySchemaContainer.md index 2163c7b42176..ede99869f34b 100644 --- a/internal/httpclient/docs/IdentitySchema.md +++ b/internal/httpclient/docs/IdentitySchemaContainer.md @@ -1,78 +1,78 @@ -# IdentitySchema +# IdentitySchemaContainer ## Properties Name | Type | Description | Notes ------------ | ------------- | ------------- | ------------- **Id** | Pointer to **string** | The ID of the Identity JSON Schema | [optional] -**Schema** | Pointer to **map[string]interface{}** | The actual Identity JSON Schema | [optional] +**Schema** | Pointer to **map[string]interface{}** | Raw JSON Schema | [optional] ## Methods -### NewIdentitySchema +### NewIdentitySchemaContainer -`func NewIdentitySchema() *IdentitySchema` +`func NewIdentitySchemaContainer() *IdentitySchemaContainer` -NewIdentitySchema instantiates a new IdentitySchema object +NewIdentitySchemaContainer instantiates a new IdentitySchemaContainer object This constructor will assign default values to properties that have it defined, and makes sure properties required by API are set, but the set of arguments will change when the set of required properties is changed -### NewIdentitySchemaWithDefaults +### NewIdentitySchemaContainerWithDefaults -`func NewIdentitySchemaWithDefaults() *IdentitySchema` +`func NewIdentitySchemaContainerWithDefaults() *IdentitySchemaContainer` -NewIdentitySchemaWithDefaults instantiates a new IdentitySchema object +NewIdentitySchemaContainerWithDefaults instantiates a new IdentitySchemaContainer object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set ### GetId -`func (o *IdentitySchema) GetId() string` +`func (o *IdentitySchemaContainer) GetId() string` GetId returns the Id field if non-nil, zero value otherwise. ### GetIdOk -`func (o *IdentitySchema) GetIdOk() (*string, bool)` +`func (o *IdentitySchemaContainer) GetIdOk() (*string, bool)` GetIdOk returns a tuple with the Id field if it's non-nil, zero value otherwise and a boolean to check if the value has been set. ### SetId -`func (o *IdentitySchema) SetId(v string)` +`func (o *IdentitySchemaContainer) SetId(v string)` SetId sets Id field to given value. ### HasId -`func (o *IdentitySchema) HasId() bool` +`func (o *IdentitySchemaContainer) HasId() bool` HasId returns a boolean if a field has been set. ### GetSchema -`func (o *IdentitySchema) GetSchema() map[string]interface{}` +`func (o *IdentitySchemaContainer) GetSchema() map[string]interface{}` GetSchema returns the Schema field if non-nil, zero value otherwise. ### GetSchemaOk -`func (o *IdentitySchema) GetSchemaOk() (*map[string]interface{}, bool)` +`func (o *IdentitySchemaContainer) GetSchemaOk() (*map[string]interface{}, bool)` GetSchemaOk returns a tuple with the Schema field if it's non-nil, zero value otherwise and a boolean to check if the value has been set. ### SetSchema -`func (o *IdentitySchema) SetSchema(v map[string]interface{})` +`func (o *IdentitySchemaContainer) SetSchema(v map[string]interface{})` SetSchema sets Schema field to given value. ### HasSchema -`func (o *IdentitySchema) HasSchema() bool` +`func (o *IdentitySchemaContainer) HasSchema() bool` HasSchema returns a boolean if a field has been set. diff --git a/internal/httpclient/docs/V0alpha2Api.md b/internal/httpclient/docs/V0alpha2Api.md index ee4fb2f078fa..1dbbfcc10d52 100644 --- a/internal/httpclient/docs/V0alpha2Api.md +++ b/internal/httpclient/docs/V0alpha2Api.md @@ -15,7 +15,7 @@ Method | HTTP request | Description [**AdminPatchIdentity**](V0alpha2Api.md#AdminPatchIdentity) | **Patch** /admin/identities/{id} | Partially updates an Identity's field using [JSON Patch](https://jsonpatch.com/) [**AdminUpdateIdentity**](V0alpha2Api.md#AdminUpdateIdentity) | **Put** /admin/identities/{id} | Update an Identity [**CreateSelfServiceLogoutFlowUrlForBrowsers**](V0alpha2Api.md#CreateSelfServiceLogoutFlowUrlForBrowsers) | **Get** /self-service/logout/browser | Create a Logout URL for Browsers -[**GetJsonSchema**](V0alpha2Api.md#GetJsonSchema) | **Get** /schemas/{id} | +[**GetIdentitySchema**](V0alpha2Api.md#GetIdentitySchema) | **Get** /schemas/{id} | [**GetSelfServiceError**](V0alpha2Api.md#GetSelfServiceError) | **Get** /self-service/errors | Get Self-Service Errors [**GetSelfServiceLoginFlow**](V0alpha2Api.md#GetSelfServiceLoginFlow) | **Get** /self-service/login/flows | Get Login Flow [**GetSelfServiceRecoveryFlow**](V0alpha2Api.md#GetSelfServiceRecoveryFlow) | **Get** /self-service/recovery/flows | Get Recovery Flow @@ -812,9 +812,9 @@ No authorization required [[Back to README]](../README.md) -## GetJsonSchema +## GetIdentitySchema -> map[string]interface{} GetJsonSchema(ctx, id).Execute() +> map[string]interface{} GetIdentitySchema(ctx, id).Execute() @@ -837,13 +837,13 @@ func main() { configuration := openapiclient.NewConfiguration() apiClient := openapiclient.NewAPIClient(configuration) - resp, r, err := apiClient.V0alpha2Api.GetJsonSchema(context.Background(), id).Execute() + resp, r, err := apiClient.V0alpha2Api.GetIdentitySchema(context.Background(), id).Execute() if err != nil { - fmt.Fprintf(os.Stderr, "Error when calling `V0alpha2Api.GetJsonSchema``: %v\n", err) + fmt.Fprintf(os.Stderr, "Error when calling `V0alpha2Api.GetIdentitySchema``: %v\n", err) fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r) } - // response from `GetJsonSchema`: map[string]interface{} - fmt.Fprintf(os.Stdout, "Response from `V0alpha2Api.GetJsonSchema`: %v\n", resp) + // response from `GetIdentitySchema`: map[string]interface{} + fmt.Fprintf(os.Stdout, "Response from `V0alpha2Api.GetIdentitySchema`: %v\n", resp) } ``` @@ -857,7 +857,7 @@ Name | Type | Description | Notes ### Other Parameters -Other parameters are passed through a pointer to a apiGetJsonSchemaRequest struct via the builder pattern +Other parameters are passed through a pointer to a apiGetIdentitySchemaRequest struct via the builder pattern Name | Type | Description | Notes @@ -2006,7 +2006,7 @@ No authorization required ## ListIdentitySchemas -> []IdentitySchema ListIdentitySchemas(ctx).PerPage(perPage).Page(page).Execute() +> []IdentitySchemaContainer ListIdentitySchemas(ctx).PerPage(perPage).Page(page).Execute() @@ -2035,7 +2035,7 @@ func main() { fmt.Fprintf(os.Stderr, "Error when calling `V0alpha2Api.ListIdentitySchemas``: %v\n", err) fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r) } - // response from `ListIdentitySchemas`: []IdentitySchema + // response from `ListIdentitySchemas`: []IdentitySchemaContainer fmt.Fprintf(os.Stdout, "Response from `V0alpha2Api.ListIdentitySchemas`: %v\n", resp) } ``` @@ -2056,7 +2056,7 @@ Name | Type | Description | Notes ### Return type -[**[]IdentitySchema**](IdentitySchema.md) +[**[]IdentitySchemaContainer**](IdentitySchemaContainer.md) ### Authorization diff --git a/internal/httpclient/model_identity_schema.go b/internal/httpclient/model_identity_schema_container.go similarity index 61% rename from internal/httpclient/model_identity_schema.go rename to internal/httpclient/model_identity_schema_container.go index 7640acdc9bbe..6d33b0b68920 100644 --- a/internal/httpclient/model_identity_schema.go +++ b/internal/httpclient/model_identity_schema_container.go @@ -15,33 +15,33 @@ import ( "encoding/json" ) -// IdentitySchema struct for IdentitySchema -type IdentitySchema struct { +// IdentitySchemaContainer struct for IdentitySchemaContainer +type IdentitySchemaContainer struct { // The ID of the Identity JSON Schema Id *string `json:"id,omitempty"` - // The actual Identity JSON Schema + // Raw JSON Schema Schema map[string]interface{} `json:"schema,omitempty"` } -// NewIdentitySchema instantiates a new IdentitySchema object +// NewIdentitySchemaContainer instantiates a new IdentitySchemaContainer object // This constructor will assign default values to properties that have it defined, // and makes sure properties required by API are set, but the set of arguments // will change when the set of required properties is changed -func NewIdentitySchema() *IdentitySchema { - this := IdentitySchema{} +func NewIdentitySchemaContainer() *IdentitySchemaContainer { + this := IdentitySchemaContainer{} return &this } -// NewIdentitySchemaWithDefaults instantiates a new IdentitySchema object +// NewIdentitySchemaContainerWithDefaults instantiates a new IdentitySchemaContainer object // This constructor will only assign default values to properties that have it defined, // but it doesn't guarantee that properties required by API are set -func NewIdentitySchemaWithDefaults() *IdentitySchema { - this := IdentitySchema{} +func NewIdentitySchemaContainerWithDefaults() *IdentitySchemaContainer { + this := IdentitySchemaContainer{} return &this } // GetId returns the Id field value if set, zero value otherwise. -func (o *IdentitySchema) GetId() string { +func (o *IdentitySchemaContainer) GetId() string { if o == nil || o.Id == nil { var ret string return ret @@ -51,7 +51,7 @@ func (o *IdentitySchema) GetId() string { // GetIdOk returns a tuple with the Id field value if set, nil otherwise // and a boolean to check if the value has been set. -func (o *IdentitySchema) GetIdOk() (*string, bool) { +func (o *IdentitySchemaContainer) GetIdOk() (*string, bool) { if o == nil || o.Id == nil { return nil, false } @@ -59,7 +59,7 @@ func (o *IdentitySchema) GetIdOk() (*string, bool) { } // HasId returns a boolean if a field has been set. -func (o *IdentitySchema) HasId() bool { +func (o *IdentitySchemaContainer) HasId() bool { if o != nil && o.Id != nil { return true } @@ -68,12 +68,12 @@ func (o *IdentitySchema) HasId() bool { } // SetId gets a reference to the given string and assigns it to the Id field. -func (o *IdentitySchema) SetId(v string) { +func (o *IdentitySchemaContainer) SetId(v string) { o.Id = &v } // GetSchema returns the Schema field value if set, zero value otherwise. -func (o *IdentitySchema) GetSchema() map[string]interface{} { +func (o *IdentitySchemaContainer) GetSchema() map[string]interface{} { if o == nil || o.Schema == nil { var ret map[string]interface{} return ret @@ -83,7 +83,7 @@ func (o *IdentitySchema) GetSchema() map[string]interface{} { // GetSchemaOk returns a tuple with the Schema field value if set, nil otherwise // and a boolean to check if the value has been set. -func (o *IdentitySchema) GetSchemaOk() (map[string]interface{}, bool) { +func (o *IdentitySchemaContainer) GetSchemaOk() (map[string]interface{}, bool) { if o == nil || o.Schema == nil { return nil, false } @@ -91,7 +91,7 @@ func (o *IdentitySchema) GetSchemaOk() (map[string]interface{}, bool) { } // HasSchema returns a boolean if a field has been set. -func (o *IdentitySchema) HasSchema() bool { +func (o *IdentitySchemaContainer) HasSchema() bool { if o != nil && o.Schema != nil { return true } @@ -100,11 +100,11 @@ func (o *IdentitySchema) HasSchema() bool { } // SetSchema gets a reference to the given map[string]interface{} and assigns it to the Schema field. -func (o *IdentitySchema) SetSchema(v map[string]interface{}) { +func (o *IdentitySchemaContainer) SetSchema(v map[string]interface{}) { o.Schema = v } -func (o IdentitySchema) MarshalJSON() ([]byte, error) { +func (o IdentitySchemaContainer) MarshalJSON() ([]byte, error) { toSerialize := map[string]interface{}{} if o.Id != nil { toSerialize["id"] = o.Id @@ -115,38 +115,38 @@ func (o IdentitySchema) MarshalJSON() ([]byte, error) { return json.Marshal(toSerialize) } -type NullableIdentitySchema struct { - value *IdentitySchema +type NullableIdentitySchemaContainer struct { + value *IdentitySchemaContainer isSet bool } -func (v NullableIdentitySchema) Get() *IdentitySchema { +func (v NullableIdentitySchemaContainer) Get() *IdentitySchemaContainer { return v.value } -func (v *NullableIdentitySchema) Set(val *IdentitySchema) { +func (v *NullableIdentitySchemaContainer) Set(val *IdentitySchemaContainer) { v.value = val v.isSet = true } -func (v NullableIdentitySchema) IsSet() bool { +func (v NullableIdentitySchemaContainer) IsSet() bool { return v.isSet } -func (v *NullableIdentitySchema) Unset() { +func (v *NullableIdentitySchemaContainer) Unset() { v.value = nil v.isSet = false } -func NewNullableIdentitySchema(val *IdentitySchema) *NullableIdentitySchema { - return &NullableIdentitySchema{value: val, isSet: true} +func NewNullableIdentitySchemaContainer(val *IdentitySchemaContainer) *NullableIdentitySchemaContainer { + return &NullableIdentitySchemaContainer{value: val, isSet: true} } -func (v NullableIdentitySchema) MarshalJSON() ([]byte, error) { +func (v NullableIdentitySchemaContainer) MarshalJSON() ([]byte, error) { return json.Marshal(v.value) } -func (v *NullableIdentitySchema) UnmarshalJSON(src []byte) error { +func (v *NullableIdentitySchemaContainer) UnmarshalJSON(src []byte) error { v.isSet = true return json.Unmarshal(src, &v.value) } diff --git a/schema/handler.go b/schema/handler.go index da53eb0d0fa1..99de0cc55fa3 100644 --- a/schema/handler.go +++ b/schema/handler.go @@ -49,9 +49,9 @@ func (h *Handler) RegisterPublicRoutes(public *x.RouterPublic) { "/"+SchemasPath+"/*", x.AdminPrefix+"/"+SchemasPath+"/*", ) - public.GET(fmt.Sprintf("/%s/:id", SchemasPath), h.getByID) + public.GET(fmt.Sprintf("/%s/:id", SchemasPath), h.getIdentitySchema) public.GET(fmt.Sprintf("/%s", SchemasPath), h.getAll) - public.GET(fmt.Sprintf("%s/%s/:id", x.AdminPrefix, SchemasPath), h.getByID) + public.GET(fmt.Sprintf("%s/%s/:id", x.AdminPrefix, SchemasPath), h.getIdentitySchema) public.GET(fmt.Sprintf("%s/%s", x.AdminPrefix, SchemasPath), h.getAll) } @@ -62,13 +62,13 @@ func (h *Handler) RegisterAdminRoutes(admin *x.RouterAdmin) { // Raw JSON Schema // -// swagger:model jsonSchema +// swagger:model identitySchema // nolint:deadcode,unused -type jsonSchema json.RawMessage +type identitySchema json.RawMessage // nolint:deadcode,unused -// swagger:parameters getJsonSchema -type getJsonSchema struct { +// swagger:parameters getIdentitySchema +type getIdentitySchema struct { // ID must be set to the ID of schema you want to get // // required: true @@ -76,7 +76,7 @@ type getJsonSchema struct { ID string `json:"id"` } -// swagger:route GET /schemas/{id} v0alpha2 getJsonSchema +// swagger:route GET /schemas/{id} v0alpha2 getIdentitySchema // // Get a JSON Schema // @@ -86,10 +86,10 @@ type getJsonSchema struct { // Schemes: http, https // // Responses: -// 200: jsonSchema +// 200: identitySchema // 404: jsonError // 500: jsonError -func (h *Handler) getByID(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { +func (h *Handler) getIdentitySchema(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { ss, err := h.r.IdentityTraitsSchemas(r.Context()) if err != nil { h.r.Writer().WriteError(w, r, errors.WithStack(herodot.ErrInternalServerError.WithWrap(err))) @@ -128,14 +128,14 @@ func (h *Handler) getByID(w http.ResponseWriter, r *http.Request, ps httprouter. // Raw identity Schema list // // swagger:model identitySchemas -type IdentitySchemas []identitySchema +type IdentitySchemas []identitySchemaContainer -// swagger:model identitySchema -type identitySchema struct { +// swagger:model identitySchemaContainer +type identitySchemaContainer struct { // The ID of the Identity JSON Schema ID string `json:"id"` // The actual Identity JSON Schema - Schema json.RawMessage `json:"schema"` + Schema identitySchema `json:"schema"` } // nolint:deadcode,unused @@ -183,7 +183,7 @@ func (h *Handler) getAll(w http.ResponseWriter, r *http.Request, ps httprouter.P return } - ss = append(ss, identitySchema{ + ss = append(ss, identitySchemaContainer{ ID: schema.ID, Schema: raw, }) diff --git a/spec/api.json b/spec/api.json index 84ffab26d692..2cfa9c4e6011 100755 --- a/spec/api.json +++ b/spec/api.json @@ -517,14 +517,17 @@ "type": "array" }, "identitySchema": { + "description": "Raw JSON Schema", + "type": "object" + }, + "identitySchemaContainer": { "properties": { "id": { "description": "The ID of the Identity JSON Schema", "type": "string" }, "schema": { - "description": "The actual Identity JSON Schema", - "type": "object" + "$ref": "#/components/schemas/identitySchema" } }, "type": "object" @@ -532,7 +535,7 @@ "identitySchemas": { "description": "Raw identity Schema list", "items": { - "$ref": "#/components/schemas/identitySchema" + "$ref": "#/components/schemas/identitySchemaContainer" }, "type": "array" }, @@ -605,10 +608,6 @@ }, "type": "array" }, - "jsonSchema": { - "description": "Raw JSON Schema", - "type": "object" - }, "needsPrivilegedSessionError": { "properties": { "code": { @@ -3227,7 +3226,7 @@ "/schemas/{id}": { "get": { "description": "Get a JSON Schema", - "operationId": "getJsonSchema", + "operationId": "getIdentitySchema", "parameters": [ { "description": "ID must be set to the ID of schema you want to get", @@ -3244,11 +3243,11 @@ "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/jsonSchema" + "$ref": "#/components/schemas/identitySchema" } } }, - "description": "jsonSchema" + "description": "identitySchema" }, "404": { "content": { diff --git a/spec/swagger.json b/spec/swagger.json index 39db68328f68..3bab3006bcd5 100755 --- a/spec/swagger.json +++ b/spec/swagger.json @@ -776,7 +776,7 @@ "tags": [ "v0alpha2" ], - "operationId": "getJsonSchema", + "operationId": "getIdentitySchema", "parameters": [ { "type": "string", @@ -788,9 +788,9 @@ ], "responses": { "200": { - "description": "jsonSchema", + "description": "identitySchema", "schema": { - "$ref": "#/definitions/jsonSchema" + "$ref": "#/definitions/identitySchema" } }, "404": { @@ -2949,6 +2949,10 @@ } }, "identitySchema": { + "description": "Raw JSON Schema", + "type": "object" + }, + "identitySchemaContainer": { "type": "object", "properties": { "id": { @@ -2956,8 +2960,7 @@ "type": "string" }, "schema": { - "description": "The actual Identity JSON Schema", - "type": "object" + "$ref": "#/definitions/identitySchema" } } }, @@ -2965,7 +2968,7 @@ "description": "Raw identity Schema list", "type": "array", "items": { - "$ref": "#/definitions/identitySchema" + "$ref": "#/definitions/identitySchemaContainer" } }, "identityState": { @@ -3035,10 +3038,6 @@ "$ref": "#/definitions/jsonPatch" } }, - "jsonSchema": { - "description": "Raw JSON Schema", - "type": "object" - }, "needsPrivilegedSessionError": { "type": "object", "title": "Is sent when a privileged session is required to perform the settings update.", From 0934defff7a0d56e712af98c1cec87c60b3c934b Mon Sep 17 00:00:00 2001 From: ory-bot <60093411+ory-bot@users.noreply.github.com> Date: Thu, 21 Jul 2022 15:47:24 +0200 Subject: [PATCH 174/411] fix: format --- .schema/openapi/patches/health.yaml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/.schema/openapi/patches/health.yaml b/.schema/openapi/patches/health.yaml index 1d42a1d63d6c..fb28cf66e4b6 100644 --- a/.schema/openapi/patches/health.yaml +++ b/.schema/openapi/patches/health.yaml @@ -15,13 +15,13 @@ responses: '200': content: - application/json: + 'application/json': schema: "$ref": "#/components/schemas/healthStatus" description: {{.ProjectHumanName}} is ready to accept connections. '500': content: - application/json: + 'application/json': schema: "$ref": "#/components/schemas/genericError" description: genericError @@ -44,7 +44,7 @@ responses: '200': content: - application/json: + 'application/json': schema: type: object properties: @@ -54,7 +54,7 @@ description: {{.ProjectHumanName}} is ready to accept requests. '503': content: - application/json: + 'application/json': schema: properties: errors: @@ -82,7 +82,7 @@ responses: '200': content: - application/json: + 'application/json': schema: type: object properties: From 1d7381acb3783fcf2f40d707eb87e60f3b45a7af Mon Sep 17 00:00:00 2001 From: ory-bot <60093411+ory-bot@users.noreply.github.com> Date: Thu, 21 Jul 2022 15:50:44 +0200 Subject: [PATCH 175/411] ci: add issues and PRs to board --- .github/workflows/pm.yml | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) create mode 100644 .github/workflows/pm.yml diff --git a/.github/workflows/pm.yml b/.github/workflows/pm.yml new file mode 100644 index 000000000000..cb7e4882a435 --- /dev/null +++ b/.github/workflows/pm.yml @@ -0,0 +1,19 @@ +name: Synchronize with product board + +on: + issues: + types: + - opened + pull_request: + types: + - opened + +jobs: + add-to-project: + name: Add issue to project + runs-on: ubuntu-latest + steps: + - uses: actions/add-to-project@v0.2 + with: + project-url: https://github.com/orgs/ory-corp/projects/5 + github-token: ${{ secrets.ORY_BOT_PAT }} From bf6f27e37b8aa342ae002e0a9f227a31e0f7c279 Mon Sep 17 00:00:00 2001 From: CaptainStandby <18215579+CaptainStandby@users.noreply.github.com> Date: Thu, 21 Jul 2022 16:14:03 +0200 Subject: [PATCH 176/411] fix: re-issue outdated cookie in /whoami (#2598) Closes #2562 Co-authored-by: aeneasr <3372410+aeneasr@users.noreply.github.com> Co-authored-by: ory-bot <60093411+ory-bot@users.noreply.github.com> --- session/handler.go | 6 +++++ session/handler_test.go | 48 +++++++++++++++++++++++++++++++++ session/manager.go | 3 +++ session/manager_http.go | 59 +++++++++++++++++++++++++++++++++++++---- 4 files changed, 111 insertions(+), 5 deletions(-) diff --git a/session/handler.go b/session/handler.go index 7146d0203419..20d75f42e770 100644 --- a/session/handler.go +++ b/session/handler.go @@ -199,6 +199,12 @@ func (h *Handler) whoami(w http.ResponseWriter, r *http.Request, ps httprouter.P // Set userId as the X-Kratos-Authenticated-Identity-Id header. w.Header().Set("X-Kratos-Authenticated-Identity-Id", s.Identity.ID.String()) + if err := h.r.SessionManager().RefreshCookie(r.Context(), w, r, s); err != nil { + h.r.Audit().WithRequest(r).WithError(err).Info("Could not re-issue cookie.") + h.r.Writer().WriteError(w, r, err) + return + } + h.r.Writer().Write(w, r, s) } diff --git a/session/handler_test.go b/session/handler_test.go index a6332fb154ca..06fd095e69dd 100644 --- a/session/handler_test.go +++ b/session/handler_test.go @@ -635,6 +635,54 @@ func TestHandlerSelfServiceSessionManagement(t *testing.T) { assert.Equal(t, http.StatusNoContent, resp.StatusCode, "case=%d", j) } }) + + t.Run("case=whoami should not issue cookie for up to date session", func(t *testing.T) { + client, _, _ := setup(t) + + req, _ := http.NewRequest("GET", ts.URL+"/sessions/whoami", nil) + resp, err := client.Do(req) + require.NoError(t, err) + assert.Equal(t, http.StatusOK, resp.StatusCode) + + assert.Empty(t, resp.Cookies()) + }) + + t.Run("case=whoami should reissue cookie for outdated session", func(t *testing.T) { + client, _, session := setup(t) + oldExpires := session.ExpiresAt + + session.ExpiresAt = time.Now().Add(time.Hour * 24 * 30).UTC().Round(time.Hour) + err := reg.SessionPersister().UpsertSession(context.Background(), session) + require.NoError(t, err) + + resp, err := client.Get(ts.URL + "/sessions/whoami") + require.NoError(t, err) + assert.Equal(t, http.StatusOK, resp.StatusCode) + + require.Len(t, resp.Cookies(), 1) + for _, c := range resp.Cookies() { + assert.WithinDuration(t, session.ExpiresAt, c.Expires, 5*time.Second, "Ensure the expiry does not deviate +- 5 seconds from the expiry of the session for cookie: %s", c.Name) + assert.NotEqual(t, oldExpires, c.Expires, "%s", c.Name) + } + }) + + t.Run("case=whoami should not issue cookie if request is token based", func(t *testing.T) { + _, _, session := setup(t) + + session.ExpiresAt = time.Now().Add(time.Hour * 24 * 30).UTC().Round(time.Hour) + err := reg.SessionPersister().UpsertSession(context.Background(), session) + require.NoError(t, err) + + req, err := http.NewRequest("GET", ts.URL+"/sessions/whoami", nil) + require.NoError(t, err) + req.Header.Set("Authorization", "Bearer "+session.Token) + + resp, err := http.DefaultClient.Do(req) + require.NoError(t, err) + assert.Equal(t, http.StatusOK, resp.StatusCode) + + require.Len(t, resp.Cookies(), 0) + }) } func TestHandlerRefreshSessionBySessionID(t *testing.T) { diff --git a/session/manager.go b/session/manager.go index d46307e44e43..2e5821c06e31 100644 --- a/session/manager.go +++ b/session/manager.go @@ -91,6 +91,9 @@ type Manager interface { // Also regenerates CSRF tokens due to assumed principal change. IssueCookie(context.Context, http.ResponseWriter, *http.Request, *Session) error + // RefreshCookie checks if the request uses an outdated cookie and refreshes the cookie if needed. + RefreshCookie(context.Context, http.ResponseWriter, *http.Request, *Session) error + // FetchFromRequest creates an HTTP session using cookies. FetchFromRequest(context.Context, *http.Request) (*Session, error) diff --git a/session/manager_http.go b/session/manager_http.go index 213065a551d5..c3d21fedbf7b 100644 --- a/session/manager_http.go +++ b/session/manager_http.go @@ -4,6 +4,9 @@ import ( "context" "net/http" "net/url" + "time" + + "github.com/gorilla/sessions" "github.com/ory/x/urlx" @@ -58,6 +61,29 @@ func (s *ManagerHTTP) UpsertAndIssueCookie(ctx context.Context, w http.ResponseW return nil } +func (s *ManagerHTTP) RefreshCookie(ctx context.Context, w http.ResponseWriter, r *http.Request, session *Session) error { + // If it is a session token there is nothing to do. + cookieHeader := r.Header.Get("X-Session-Cookie") + _, cookieErr := r.Cookie(s.cookieName(r.Context())) + if len(cookieHeader) == 0 && errors.Is(cookieErr, http.ErrNoCookie) { + return nil + } + + cookie, err := s.getCookie(r) + if err != nil { + return err + } + + expiresAt := getCookieExpiry(cookie) + if expiresAt == nil || expiresAt.Before(session.ExpiresAt) { + if err := s.IssueCookie(ctx, w, r, session); err != nil { + return err + } + } + + return nil +} + func (s *ManagerHTTP) IssueCookie(ctx context.Context, w http.ResponseWriter, r *http.Request, session *Session) error { cookie, err := s.r.CookieManager(r.Context()).Get(r, s.cookieName(ctx)) // Fix for https://github.com/ory/kratos/issues/1695 @@ -94,28 +120,51 @@ func (s *ManagerHTTP) IssueCookie(ctx context.Context, w http.ResponseWriter, r cookie.Options.MaxAge = 0 if s.r.Config(ctx).SessionPersistentCookie() { - cookie.Options.MaxAge = int(s.r.Config(ctx).SessionLifespan().Seconds()) + if session.ExpiresAt.IsZero() { + cookie.Options.MaxAge = int(s.r.Config(ctx).SessionLifespan().Seconds()) + } else { + cookie.Options.MaxAge = int(time.Until(session.ExpiresAt).Seconds()) + } } cookie.Values["session_token"] = session.Token + cookie.Values["expires_at"] = session.ExpiresAt.UTC().Format(time.RFC3339Nano) + if err := cookie.Save(r, w); err != nil { return errors.WithStack(err) } return nil } -func (s *ManagerHTTP) extractToken(r *http.Request) string { - if token := r.Header.Get("X-Session-Token"); len(token) > 0 { - return token +func getCookieExpiry(s *sessions.Session) *time.Time { + expiresAt, ok := s.Values["expires_at"].(string) + if !ok { + return nil } + n, err := time.Parse(time.RFC3339Nano, expiresAt) + if err != nil { + return nil + } + return &n +} + +func (s *ManagerHTTP) getCookie(r *http.Request) (*sessions.Session, error) { if cookie := r.Header.Get("X-Session-Cookie"); len(cookie) > 0 { rr := *r r = &rr r.Header = http.Header{"Cookie": []string{s.cookieName(r.Context()) + "=" + cookie}} } - cookie, err := s.r.CookieManager(r.Context()).Get(r, s.cookieName(r.Context())) + return s.r.CookieManager(r.Context()).Get(r, s.cookieName(r.Context())) +} + +func (s *ManagerHTTP) extractToken(r *http.Request) string { + if token := r.Header.Get("X-Session-Token"); len(token) > 0 { + return token + } + + cookie, err := s.getCookie(r) if err != nil { token, _ := bearerTokenFromRequest(r) return token From 169e410725e1b2c37e1cab68af7246a33086d26f Mon Sep 17 00:00:00 2001 From: hackerman <3372410+aeneasr@users.noreply.github.com> Date: Thu, 21 Jul 2022 16:23:09 +0200 Subject: [PATCH 177/411] ci: fix version --- .github/workflows/pm.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/pm.yml b/.github/workflows/pm.yml index cb7e4882a435..bcb6bb0237cf 100644 --- a/.github/workflows/pm.yml +++ b/.github/workflows/pm.yml @@ -13,7 +13,7 @@ jobs: name: Add issue to project runs-on: ubuntu-latest steps: - - uses: actions/add-to-project@v0.2 + - uses: actions/add-to-project@v0.2.0 with: project-url: https://github.com/orgs/ory-corp/projects/5 github-token: ${{ secrets.ORY_BOT_PAT }} From d8dea0138b09d4dff3c30aa14e0e99e423b355fe Mon Sep 17 00:00:00 2001 From: hackerman <3372410+aeneasr@users.noreply.github.com> Date: Thu, 21 Jul 2022 22:53:40 +0200 Subject: [PATCH 178/411] test: parallelize and speed up config tests (#2611) --- driver/config/config.go | 12 ++++++++++++ driver/config/config_test.go | 32 ++++++++++++++++++++++++++------ 2 files changed, 38 insertions(+), 6 deletions(-) diff --git a/driver/config/config.go b/driver/config/config.go index eff2e412ce2c..352698bc33d1 100644 --- a/driver/config/config.go +++ b/driver/config/config.go @@ -368,6 +368,14 @@ func (p *Config) getIdentitySchemaValidator(ctx context.Context) (*jsonschema.Sc return p.identitySchema, nil } +type validateIdentitySchemasContextKey int + +const validateIdentitySchemasClientKey validateIdentitySchemasContextKey = 1 + +func SetValidateIdentitySchemaResilientClientOptions(ctx context.Context, options []httpx.ResilientOptions) context.Context { + return context.WithValue(ctx, validateIdentitySchemasClientKey, options) +} + func (p *Config) validateIdentitySchemas(ctx context.Context) error { opts := []httpx.ResilientOptions{ httpx.ResilientClientWithLogger(p.l), @@ -375,6 +383,10 @@ func (p *Config) validateIdentitySchemas(ctx context.Context) error { httpx.ResilientClientWithConnectionTimeout(30 * time.Second), } + if o, ok := ctx.Value(validateIdentitySchemasClientKey).([]httpx.ResilientOptions); ok { + opts = o + } + if p.ClientHTTPNoPrivateIPRanges() { opts = append(opts, httpx.ResilientClientDisallowInternalIPs()) } diff --git a/driver/config/config_test.go b/driver/config/config_test.go index 595dd61c02cd..1e593d44c365 100644 --- a/driver/config/config_test.go +++ b/driver/config/config_test.go @@ -6,6 +6,7 @@ import ( "encoding/base64" "encoding/json" "fmt" + "github.com/ory/x/httpx" "io" "io/ioutil" "net/http" @@ -44,9 +45,15 @@ import ( ) func TestViperProvider(t *testing.T) { + ctx, cancel := context.WithCancel(context.Background()) + t.Cleanup(cancel) + t.Parallel() + t.Run("suite=loaders", func(t *testing.T) { p := config.MustNew(t, logrusx.New("", ""), os.Stderr, - configx.WithConfigFiles("stub/.kratos.yaml")) + configx.WithConfigFiles("stub/.kratos.yaml"), + configx.WithContext(ctx), + ) t.Run("group=client config", func(t *testing.T) { assert.False(t, p.ClientHTTPNoPrivateIPRanges(), "Should not have private IP ranges disabled per default") @@ -752,6 +759,8 @@ func TestViperProvider_HaveIBeenPwned(t *testing.T) { } func TestLoadingTLSConfig(t *testing.T) { + t.Parallel() + certPath := filepath.Join(os.TempDir(), "e2e_test_cert_"+x.NewUUID().String()+".pem") keyPath := filepath.Join(os.TempDir(), "e2e_test_key_"+x.NewUUID().String()+".pem") @@ -875,6 +884,12 @@ func TestLoadingTLSConfig(t *testing.T) { func TestIdentitySchemaValidation(t *testing.T) { files := []string{"stub/.identity.test.json", "stub/.identity.other.json"} + ctx := context.Background() + ctx = config.SetValidateIdentitySchemaResilientClientOptions(ctx, []httpx.ResilientOptions{ + httpx.ResilientClientWithMaxRetry(0), + httpx.ResilientClientWithConnectionTimeout(time.Millisecond * 100), + }) + type identity struct { Schemas []map[string]string `json:"schemas"` } @@ -947,7 +962,7 @@ func TestIdentitySchemaValidation(t *testing.T) { } t.Run("case=skip invalid schema validation", func(t *testing.T) { - ctx := context.Background() + ctx := ctx _, err := config.New(ctx, logrusx.New("", ""), os.Stderr, configx.WithConfigFiles("stub/.kratos.invalid.identities.yaml"), configx.SkipValidation()) @@ -955,7 +970,7 @@ func TestIdentitySchemaValidation(t *testing.T) { }) t.Run("case=invalid schema should throw error", func(t *testing.T) { - ctx := context.Background() + ctx := ctx var stdErr bytes.Buffer _, err := config.New(ctx, logrusx.New("", ""), &stdErr, configx.WithConfigFiles("stub/.kratos.invalid.identities.yaml")) @@ -965,7 +980,12 @@ func TestIdentitySchemaValidation(t *testing.T) { }) t.Run("case=must fail on loading unreachable schemas", func(t *testing.T) { - ctx, cancel := context.WithTimeout(context.Background(), time.Second*30) + ctx = config.SetValidateIdentitySchemaResilientClientOptions(ctx, []httpx.ResilientOptions{ + httpx.ResilientClientWithMaxRetry(0), + httpx.ResilientClientWithConnectionTimeout(time.Nanosecond), + }) + + ctx, cancel := context.WithTimeout(ctx, time.Second*30) t.Cleanup(cancel) err := make(chan error, 1) @@ -980,7 +1000,7 @@ func TestIdentitySchemaValidation(t *testing.T) { panic("the test could not complete as the context timed out before the identity schema loader timed out") case e := <-err: assert.Error(t, e) - assert.Contains(t, e.Error(), "no such host") + assert.Contains(t, e.Error(), "Client.Timeout") } }) @@ -996,7 +1016,7 @@ func TestIdentitySchemaValidation(t *testing.T) { for _, i := range identities { t.Run("test=identity file "+i.identityFileName, func(t *testing.T) { - ctx, cancel := context.WithTimeout(context.Background(), time.Second*30) + ctx, cancel := context.WithTimeout(ctx, time.Second*30) _, hook, tmpConfig, i, c := testWatch(t, ctx, &cobra.Command{}, i) // Change the identity config to an invalid file From 8b791b9b8d09b6b8159e5a0d4185a02418ef6693 Mon Sep 17 00:00:00 2001 From: ory-bot <60093411+ory-bot@users.noreply.github.com> Date: Thu, 21 Jul 2022 20:55:12 +0000 Subject: [PATCH 179/411] autogen(openapi): regenerate swagger spec and internal client [skip ci] --- driver/config/config_test.go | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/driver/config/config_test.go b/driver/config/config_test.go index 1e593d44c365..17d30dd88fb6 100644 --- a/driver/config/config_test.go +++ b/driver/config/config_test.go @@ -6,7 +6,6 @@ import ( "encoding/base64" "encoding/json" "fmt" - "github.com/ory/x/httpx" "io" "io/ioutil" "net/http" @@ -17,6 +16,8 @@ import ( "testing" "time" + "github.com/ory/x/httpx" + "github.com/ory/x/snapshotx" "github.com/ghodss/yaml" From e48e9fac7ab6a982e0e941bfea1d15569eb53582 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C5=81ukasz=20Harasimowicz?= Date: Fri, 22 Jul 2022 10:10:57 +0200 Subject: [PATCH 180/411] feat: implement blocking webhooks (#1585) feat: implement blocking webhooks (#1585) This feature allows webhooks to return validation errors in the registration and login flow from a webhook. This feature enables you to deny sign-ups from a specific domain, for example. A big thank you goes out to the team at Wikia / Fandom for implementing and contributing to this feature! Closes #1724 Closes #1483 --- embedx/config.schema.json | 35 +++ identity/credentials.go | 18 ++ schema/errors.go | 44 +++ schema/errors_test.go | 36 +++ selfservice/flow/error.go | 26 ++ selfservice/flow/error_test.go | 135 +++++++++ selfservice/flow/flow.go | 3 + selfservice/flow/login/flow.go | 4 + selfservice/flow/login/handler.go | 12 +- selfservice/flow/login/hook.go | 34 ++- selfservice/flow/login/hook_test.go | 21 +- selfservice/flow/recovery/flow.go | 4 + selfservice/flow/recovery/hook.go | 13 +- selfservice/flow/registration/flow.go | 4 + selfservice/flow/registration/hook.go | 15 +- selfservice/flow/registration/hook_test.go | 2 + selfservice/flow/settings/flow.go | 4 + selfservice/flow/settings/hook.go | 48 ++- selfservice/flow/verification/flow.go | 4 + selfservice/flow/verification/hook.go | 9 +- selfservice/hook/address_verifier.go | 4 +- selfservice/hook/address_verifier_test.go | 4 +- selfservice/hook/error.go | 8 +- selfservice/hook/session_destroyer.go | 3 +- selfservice/hook/session_destroyer_test.go | 2 + selfservice/hook/stub/test_body.jsonnet | 2 +- selfservice/hook/web_hook.go | 95 +++++- selfservice/hook/web_hook_integration_test.go | 282 +++++++++++++++++- selfservice/strategy/oidc/strategy_login.go | 3 +- test/e2e/cypress.config.ts | 8 +- test/e2e/cypress/helpers/index.ts | 3 + .../profiles/webhoooks/login/error.spec.ts | 39 +++ .../profiles/webhoooks/login/success.spec.ts | 45 +++ .../webhoooks/registration/errors.spec.ts | 41 +++ .../webhoooks/registration/success.spec.ts | 44 +++ test/e2e/mock/webhook/Dockerfile | 19 ++ test/e2e/mock/webhook/go.mod | 7 + test/e2e/mock/webhook/go.sum | 10 + test/e2e/mock/webhook/main.go | 153 ++++++++++ test/e2e/modd.conf | 6 + test/e2e/profiles/kratos.base.yml | 8 +- test/e2e/profiles/webhooks/.kratos.yml | 57 ++++ .../webhooks/identity.traits.schema.json | 36 +++ .../profiles/webhooks/webhook_body.jsonnet | 6 + test/e2e/run.sh | 5 +- ui/container/container.go | 18 ++ x/provider.go | 22 +- 47 files changed, 1333 insertions(+), 68 deletions(-) create mode 100644 schema/errors_test.go create mode 100644 selfservice/flow/error_test.go create mode 100644 test/e2e/cypress/integration/profiles/webhoooks/login/error.spec.ts create mode 100644 test/e2e/cypress/integration/profiles/webhoooks/login/success.spec.ts create mode 100644 test/e2e/cypress/integration/profiles/webhoooks/registration/errors.spec.ts create mode 100644 test/e2e/cypress/integration/profiles/webhoooks/registration/success.spec.ts create mode 100644 test/e2e/mock/webhook/Dockerfile create mode 100644 test/e2e/mock/webhook/go.mod create mode 100644 test/e2e/mock/webhook/go.sum create mode 100644 test/e2e/mock/webhook/main.go create mode 100644 test/e2e/profiles/webhooks/.kratos.yml create mode 100644 test/e2e/profiles/webhooks/identity.traits.schema.json create mode 100644 test/e2e/profiles/webhooks/webhook_body.jsonnet diff --git a/embedx/config.schema.json b/embedx/config.schema.json index f106b93dd80d..f552bf0082ce 100644 --- a/embedx/config.schema.json +++ b/embedx/config.schema.json @@ -208,6 +208,11 @@ } ] }, + "can_interrupt": { + "type": "boolean", + "default": false, + "description": "If enabled allows the web hook to interrupt / abort the self-service flow. It only applies to certain flows (registration/verification/login/settings) and requires a valid response format." + }, "auth": { "type": "object", "title": "Auth mechanisms", @@ -223,6 +228,36 @@ }, "additionalProperties": false }, + "anyOf": [ + { + "not": + { + "properties": { + "response": { + "properties": { + "ignore": { + "enum": [ + true + ] + } + }, + "required": ["ignore"] + } + }, + "required": ["response"] + } + }, + { + "properties": { + "can_interrupt": { + "enum": [ + false + ] + } + }, + "require": ["can_interrupt"] + } + ], "additionalProperties": false, "required": [ "url", diff --git a/identity/credentials.go b/identity/credentials.go index 466bb5c61c6d..025abd59480b 100644 --- a/identity/credentials.go +++ b/identity/credentials.go @@ -6,6 +6,7 @@ import ( "time" "github.com/ory/kratos/corp" + "github.com/ory/kratos/ui/node" "github.com/gofrs/uuid" @@ -42,6 +43,23 @@ func (c CredentialsType) String() string { return string(c) } +func (c CredentialsType) ToUiNodeGroup() node.UiNodeGroup { + switch c { + case CredentialsTypePassword: + return node.PasswordGroup + case CredentialsTypeOIDC: + return node.OpenIDConnectGroup + case CredentialsTypeTOTP: + return node.TOTPGroup + case CredentialsTypeWebAuthn: + return node.WebAuthnGroup + case CredentialsTypeLookup: + return node.LookupGroup + default: + return node.DefaultGroup + } +} + // Please make sure to add all of these values to the test that ensures they are created during migration const ( CredentialsTypePassword CredentialsType = "password" diff --git a/schema/errors.go b/schema/errors.go index cca3127c4442..acdae891d67b 100644 --- a/schema/errors.go +++ b/schema/errors.go @@ -247,6 +247,50 @@ func NewNoWebAuthnRegistered() error { }) } +func NewHookValidationError(instancePtr, message string, messages text.Messages) *ValidationError { + return &ValidationError{ + ValidationError: &jsonschema.ValidationError{ + Message: message, + InstancePtr: instancePtr, + }, + Messages: messages, + } +} + +type ValidationListError struct { + Validations []*ValidationError +} + +func (e ValidationListError) Error() string { + var detailError string + for pos, validationErr := range e.Validations { + detailError = detailError + fmt.Sprintf("\n(%d) %s", pos, validationErr.Error()) + } + return fmt.Sprintf("%d validation errors occurred:%s", len(e.Validations), detailError) +} + +func (e *ValidationListError) Add(v *ValidationError) { + e.Validations = append(e.Validations, v) +} + +func (e ValidationListError) HasErrors() bool { + return len(e.Validations) > 0 +} + +func (e *ValidationListError) WithError(instancePtr, message string, details text.Messages) { + e.Validations = append(e.Validations, &ValidationError{ + ValidationError: &jsonschema.ValidationError{ + Message: message, + InstancePtr: instancePtr, + }, + Messages: details, + }) +} + +func NewValidationListError(errs []*ValidationError) error { + return errors.WithStack(&ValidationListError{Validations: errs}) +} + func NewNoWebAuthnCredentials() error { return errors.WithStack(&ValidationError{ ValidationError: &jsonschema.ValidationError{ diff --git a/schema/errors_test.go b/schema/errors_test.go new file mode 100644 index 000000000000..6607dc39cca2 --- /dev/null +++ b/schema/errors_test.go @@ -0,0 +1,36 @@ +package schema + +import ( + "testing" + + "github.com/stretchr/testify/assert" + + "github.com/ory/jsonschema/v3" + + "github.com/ory/kratos/text" +) + +func TestListValidationErrors(t *testing.T) { + testErr := ValidationListError{} + + assert.False(t, testErr.HasErrors()) + + testErr.WithError("#/traits/password", "error message", new(text.Messages).Add(text.NewErrorValidationDuplicateCredentials())) + assert.True(t, testErr.HasErrors()) + assert.Len(t, testErr.Validations, 1) + + validationError := &ValidationError{ + ValidationError: &jsonschema.ValidationError{ + Message: `the provided credentials are invalid, check for spelling mistakes in your password or username, email address, or phone number`, + InstancePtr: "#/", + Context: &ValidationErrorContextPasswordPolicyViolation{}, + }, + Messages: new(text.Messages).Add(text.NewErrorValidationInvalidCredentials()), + } + testErr.Add(validationError) + assert.Len(t, testErr.Validations, 2) + assert.Equal(t, "2 validation errors occurred:"+ + "\n(0) I[#/traits/password] S[] error message"+ + "\n(1) I[#/] S[] the provided credentials are invalid, check for spelling mistakes in your password or username, email address, or phone number", + testErr.Error()) +} diff --git a/selfservice/flow/error.go b/selfservice/flow/error.go index 14388d909b68..970efec6be01 100644 --- a/selfservice/flow/error.go +++ b/selfservice/flow/error.go @@ -7,6 +7,9 @@ import ( "time" "github.com/ory/kratos/driver/config" + "github.com/ory/kratos/identity" + "github.com/ory/kratos/ui/container" + "github.com/ory/kratos/ui/node" "github.com/ory/kratos/x" "github.com/ory/x/urlx" @@ -90,6 +93,29 @@ func NewBrowserLocationChangeRequiredError(redirectTo string) *BrowserLocationCh } } +func HandleHookError(_ http.ResponseWriter, r *http.Request, f Flow, traits identity.Traits, group node.UiNodeGroup, flowError error, logger x.LoggingProvider, csrf x.CSRFTokenGeneratorProvider) error { + if f != nil { + if traits != nil { + cont, err := container.NewFromStruct("", group, traits, "traits") + if err != nil { + logger.Logger().WithError(err).Error("could not update flow UI") + return err + } + + for _, n := range cont.Nodes { + // we only set the value and not the whole field because we want to keep types from the initial form generation + f.GetUI().Nodes.SetValueAttribute(n.ID(), n.Attributes.GetValue()) + } + } + + if f.GetType() == TypeBrowser { + f.GetUI().SetCSRF(csrf.GenerateCSRFToken(r)) + } + } + + return flowError +} + func GetFlowExpiredRedirectURL(config *config.Config, route, returnTo string) *url.URL { redirectURL := urlx.AppendPaths(config.SelfPublicURL(), route) if returnTo != "" { diff --git a/selfservice/flow/error_test.go b/selfservice/flow/error_test.go new file mode 100644 index 000000000000..559cdbad2da4 --- /dev/null +++ b/selfservice/flow/error_test.go @@ -0,0 +1,135 @@ +package flow + +import ( + "encoding/json" + "net/http" + "net/url" + "testing" + + "github.com/gofrs/uuid" + "github.com/sirupsen/logrus" + "github.com/stretchr/testify/assert" + + "github.com/ory/kratos/identity" + "github.com/ory/kratos/schema" + "github.com/ory/kratos/text" + "github.com/ory/kratos/ui/container" + "github.com/ory/kratos/ui/node" + "github.com/ory/kratos/x" + "github.com/ory/x/httpx" + "github.com/ory/x/logrusx" + "github.com/ory/x/otelx" +) + +type testCSRFTokenGenerator struct{} + +func (t *testCSRFTokenGenerator) GenerateCSRFToken(_ *http.Request) string { + return "csrf_token_value" +} + +// testFlow is a minimalistic flow implementation to satisfy interface and is used only in tests. +type testFlow struct { + // ID represents the flow's unique ID. + // + // required: true + ID uuid.UUID `json:"id" faker:"-" db:"id" rw:"r"` + + // Type represents the flow's type which can be either "api" or "browser", depending on the flow interaction. + // + // required: true + Type Type `json:"type" db:"type" faker:"flow_type"` + + // RequestURL is the initial URL that was requested from Ory Kratos. It can be used + // to forward information contained in the URL's path or query for example. + // + // required: true + RequestURL string `json:"request_url" db:"request_url"` + + // UI contains data which must be shown in the user interface. + // + // required: true + UI *container.Container `json:"ui" db:"ui"` +} + +func (t *testFlow) GetID() uuid.UUID { + return t.ID +} + +func (t *testFlow) GetType() Type { + return t.Type +} + +func (t *testFlow) GetRequestURL() string { + return t.RequestURL +} + +func (t *testFlow) AppendTo(url *url.URL) *url.URL { + return AppendFlowTo(url, t.ID) +} + +func (t *testFlow) GetUI() *container.Container { + return t.UI +} + +func newTestFlow(r *http.Request, flowType Type) Flow { + id := x.NewUUID() + requestURL := x.RequestURL(r).String() + ui := &container.Container{ + Method: "POST", + Action: "/test", + } + + ui.Nodes.Append(node.NewInputField("traits.username", nil, node.PasswordGroup, node.InputAttributeTypeText, node.WithRequiredInputAttribute)) + ui.Nodes.Append(node.NewInputField("traits.password", nil, node.PasswordGroup, node.InputAttributeTypePassword, node.WithRequiredInputAttribute)) + + return &testFlow{ + ID: id, + UI: ui, + RequestURL: requestURL, + Type: flowType, + } +} + +func prepareTraits(username, password string) identity.Traits { + payload := struct { + Username string `json:"username"` + Password string `json:"password"` + }{username, password} + + data, _ := json.Marshal(payload) + return data +} + +func TestHandleHookError(t *testing.T) { + r := &http.Request{URL: &url.URL{RawQuery: ""}} + logger := logrusx.New("kratos", "test", logrusx.ForceLevel(logrus.FatalLevel)) + l := &x.SimpleLoggerWithClient{L: logger, C: httpx.NewResilientClient(), T: otelx.NewNoop(logger, &otelx.Config{ServiceName: "kratos"})} + csrf := testCSRFTokenGenerator{} + f := newTestFlow(r, TypeBrowser) + tr := prepareTraits("foo", "bar") + + t.Run("case=fill_in_traits", func(t *testing.T) { + ve := schema.NewValidationListError([]*schema.ValidationError{schema.NewHookValidationError("traits.username", "invalid username", text.Messages{})}) + + err := HandleHookError(nil, r, f, tr, node.PasswordGroup, ve, l, &csrf) + assert.ErrorIs(t, err, ve) + if assert.NotEmpty(t, f.GetUI()) { + ui := f.GetUI() + assert.Len(t, ui.Nodes, 3) + assert.ElementsMatch(t, ui.Nodes, + node.Nodes{ + &node.Node{Type: node.Input, Group: node.PasswordGroup, Attributes: &node.InputAttributes{Name: "traits.username", Type: node.InputAttributeTypeText, FieldValue: "foo", Required: true}, Meta: &node.Meta{}}, + &node.Node{Type: node.Input, Group: node.PasswordGroup, Attributes: &node.InputAttributes{Name: "traits.password", Type: node.InputAttributeTypePassword, FieldValue: "bar", Required: true}, Meta: &node.Meta{}}, + &node.Node{Type: node.Input, Group: node.DefaultGroup, Attributes: &node.InputAttributes{Name: "csrf_token", Type: node.InputAttributeTypeHidden, FieldValue: "csrf_token_value", Required: true}}, + }) + } + }) + + t.Run("case=unmarshal_fail", func(t *testing.T) { + ve := schema.NewValidationListError([]*schema.ValidationError{schema.NewHookValidationError("traits.username", "invalid username", text.Messages{})}) + + err := HandleHookError(nil, r, f, []byte("garbage"), node.PasswordGroup, ve, l, &csrf) + var jsonErr *json.SyntaxError + assert.ErrorAs(t, err, &jsonErr) + }) +} diff --git a/selfservice/flow/flow.go b/selfservice/flow/flow.go index d6fa91b7b5ee..d1e1916271fe 100644 --- a/selfservice/flow/flow.go +++ b/selfservice/flow/flow.go @@ -6,6 +6,8 @@ import ( "github.com/pkg/errors" + "github.com/ory/kratos/ui/container" + "github.com/ory/herodot" "github.com/ory/kratos/x" @@ -31,4 +33,5 @@ type Flow interface { GetType() Type GetRequestURL() string AppendTo(*url.URL) *url.URL + GetUI() *container.Container } diff --git a/selfservice/flow/login/flow.go b/selfservice/flow/login/flow.go index ff631ddc0c26..667cbca7130d 100644 --- a/selfservice/flow/login/flow.go +++ b/selfservice/flow/login/flow.go @@ -210,3 +210,7 @@ func (f *Flow) AfterSave(*pop.Connection) error { f.SetReturnTo() return nil } + +func (f *Flow) GetUI() *container.Container { + return f.UI +} diff --git a/selfservice/flow/login/handler.go b/selfservice/flow/login/handler.go index 9e400f1e9c89..4589e19c5065 100644 --- a/selfservice/flow/login/handler.go +++ b/selfservice/flow/login/handler.go @@ -167,7 +167,8 @@ preLoginHook: f.UI.Messages.Add(text.NewInfoLoginMFA()) } - for _, s := range h.d.LoginStrategies(r.Context()) { + var s Strategy + for _, s = range h.d.LoginStrategies(r.Context()) { if err := s.PopulateLoginMethod(r, f.RequestedAAL, f); err != nil { return nil, err } @@ -182,7 +183,8 @@ preLoginHook: } if err := h.d.LoginHookExecutor().PreLoginHook(w, r, f); err != nil { - return nil, err + h.d.LoginFlowErrorHandler().WriteFlowError(w, r, f, node.DefaultGroup, err) + return f, nil } if err := h.d.LoginFlowPersister().CreateLoginFlow(r.Context(), f); err != nil { @@ -599,14 +601,16 @@ continueLogin: } var i *identity.Identity + var group node.UiNodeGroup for _, ss := range h.d.AllLoginStrategies() { interim, err := ss.Login(w, r, f, sess) + group = ss.NodeGroup() if errors.Is(err, flow.ErrStrategyNotResponsible) { continue } else if errors.Is(err, flow.ErrCompletedByStrategy) { return } else if err != nil { - h.d.LoginFlowErrorHandler().WriteFlowError(w, r, f, ss.NodeGroup(), err) + h.d.LoginFlowErrorHandler().WriteFlowError(w, r, f, group, err) return } @@ -627,7 +631,7 @@ continueLogin: return } - if err := h.d.LoginHookExecutor().PostLoginHook(w, r, f, i, sess); err != nil { + if err := h.d.LoginHookExecutor().PostLoginHook(w, r, group, f, i, sess); err != nil { if errors.Is(err, ErrAddressNotVerified) { h.d.LoginFlowErrorHandler().WriteFlowError(w, r, f, node.DefaultGroup, errors.WithStack(schema.NewAddressNotVerifiedError())) return diff --git a/selfservice/flow/login/hook.go b/selfservice/flow/login/hook.go index 8ecf6eae2cc9..803d39d4b38f 100644 --- a/selfservice/flow/login/hook.go +++ b/selfservice/flow/login/hook.go @@ -12,6 +12,8 @@ import ( "github.com/ory/kratos/identity" "github.com/ory/kratos/selfservice/flow" "github.com/ory/kratos/session" + "github.com/ory/kratos/ui/container" + "github.com/ory/kratos/ui/node" "github.com/ory/kratos/x" ) @@ -21,7 +23,7 @@ type ( } PostHookExecutor interface { - ExecuteLoginPostHook(w http.ResponseWriter, r *http.Request, a *Flow, s *session.Session) error + ExecuteLoginPostHook(w http.ResponseWriter, r *http.Request, g node.UiNodeGroup, a *Flow, s *session.Session) error } HooksProvider interface { @@ -35,6 +37,7 @@ type ( config.Provider session.ManagementProvider session.PersistenceProvider + x.CSRFTokenGeneratorProvider x.WriterProvider x.LoggingProvider @@ -74,7 +77,30 @@ func (e *HookExecutor) requiresAAL2(r *http.Request, s *session.Session, a *Flow return aalErr, true } -func (e *HookExecutor) PostLoginHook(w http.ResponseWriter, r *http.Request, a *Flow, i *identity.Identity, s *session.Session) error { +func (e *HookExecutor) handleLoginError(_ http.ResponseWriter, r *http.Request, g node.UiNodeGroup, f *Flow, i *identity.Identity, flowError error) error { + if f != nil { + if i != nil { + cont, err := container.NewFromStruct("", g, i.Traits, "traits") + if err != nil { + e.d.Logger().WithError(err).Warn("could not update flow UI") + return err + } + + for _, n := range cont.Nodes { + // we only set the value and not the whole field because we want to keep types from the initial form generation + f.UI.Nodes.SetValueAttribute(n.ID(), n.Attributes.GetValue()) + } + } + + if f.Type == flow.TypeBrowser { + f.UI.SetCSRF(e.d.GenerateCSRFToken(r)) + } + } + + return flowError +} + +func (e *HookExecutor) PostLoginHook(w http.ResponseWriter, r *http.Request, g node.UiNodeGroup, a *Flow, i *identity.Identity, s *session.Session) error { if err := s.Activate(i, e.d.Config(r.Context()), time.Now().UTC()); err != nil { return err } @@ -100,7 +126,7 @@ func (e *HookExecutor) PostLoginHook(w http.ResponseWriter, r *http.Request, a * WithField("flow_method", a.Active). Debug("Running ExecuteLoginPostHook.") for k, executor := range e.d.PostLoginHooks(r.Context(), a.Active) { - if err := executor.ExecuteLoginPostHook(w, r, a, s); err != nil { + if err := executor.ExecuteLoginPostHook(w, r, g, a, s); err != nil { if errors.Is(err, ErrHookAbortFlow) { e.d.Logger(). WithRequest(r). @@ -112,7 +138,7 @@ func (e *HookExecutor) PostLoginHook(w http.ResponseWriter, r *http.Request, a * Debug("A ExecuteLoginPostHook hook aborted early.") return nil } - return err + return e.handleLoginError(w, r, g, a, i, err) } e.d.Logger(). diff --git a/selfservice/flow/login/hook_test.go b/selfservice/flow/login/hook_test.go index b8db229e3fcc..57e65b303ffb 100644 --- a/selfservice/flow/login/hook_test.go +++ b/selfservice/flow/login/hook_test.go @@ -26,11 +26,14 @@ import ( ) func TestLoginExecutor(t *testing.T) { - for _, strategy := range []string{ - identity.CredentialsTypePassword.String(), - identity.CredentialsTypeOIDC.String(), + for _, strategy := range []identity.CredentialsType{ + identity.CredentialsTypePassword, + identity.CredentialsTypeOIDC, + identity.CredentialsTypeTOTP, + identity.CredentialsTypeWebAuthn, + identity.CredentialsTypeLookup, } { - t.Run("strategy="+strategy, func(t *testing.T) { + t.Run("strategy="+strategy.String(), func(t *testing.T) { conf, reg := internal.NewFastRegistryWithMocks(t) testhelpers.SetDefaultIdentitySchema(conf, "file://./stub/login.schema.json") conf.MustSet(config.ViperKeySelfServiceBrowserDefaultReturnTo, "https://www.ory.sh/") @@ -58,7 +61,7 @@ func TestLoginExecutor(t *testing.T) { } testhelpers.SelfServiceHookLoginErrorHandler(t, w, r, - reg.LoginHookExecutor().PostLoginHook(w, r, a, useIdentity, sess)) + reg.LoginHookExecutor().PostLoginHook(w, r, strategy.ToUiNodeGroup(), a, useIdentity, sess)) }) ts := httptest.NewServer(router) @@ -81,7 +84,7 @@ func TestLoginExecutor(t *testing.T) { t.Run("case=pass if hooks pass", func(t *testing.T) { t.Cleanup(testhelpers.SelfServiceHookConfigReset(t, conf)) - viperSetPost(t, conf, strategy, []config.SelfServiceHook{{Name: "err", Config: []byte(`{}`)}}) + viperSetPost(t, conf, strategy.String(), []config.SelfServiceHook{{Name: "err", Config: []byte(`{}`)}}) res, _ := makeRequestPost(t, newServer(t, flow.TypeBrowser, nil), false, url.Values{}) assert.EqualValues(t, http.StatusOK, res.StatusCode) @@ -90,7 +93,7 @@ func TestLoginExecutor(t *testing.T) { t.Run("case=fail if hooks fail", func(t *testing.T) { t.Cleanup(testhelpers.SelfServiceHookConfigReset(t, conf)) - viperSetPost(t, conf, strategy, []config.SelfServiceHook{{Name: "err", Config: []byte(`{"ExecuteLoginPostHook": "abort"}`)}}) + viperSetPost(t, conf, strategy.String(), []config.SelfServiceHook{{Name: "err", Config: []byte(`{"ExecuteLoginPostHook": "abort"}`)}}) res, body := makeRequestPost(t, newServer(t, flow.TypeBrowser, nil), false, url.Values{}) assert.EqualValues(t, http.StatusOK, res.StatusCode) @@ -118,7 +121,7 @@ func TestLoginExecutor(t *testing.T) { t.Run("case=use nested config value", func(t *testing.T) { t.Cleanup(testhelpers.SelfServiceHookConfigReset(t, conf)) testhelpers.SelfServiceHookLoginSetDefaultRedirectTo(t, conf, "https://www.ory.sh/not-kratos") - testhelpers.SelfServiceHookLoginSetDefaultRedirectToStrategy(t, conf, strategy, "https://www.ory.sh/kratos") + testhelpers.SelfServiceHookLoginSetDefaultRedirectToStrategy(t, conf, strategy.String(), "https://www.ory.sh/kratos") res, _ := makeRequestPost(t, newServer(t, flow.TypeBrowser, nil), false, url.Values{}) assert.EqualValues(t, http.StatusOK, res.StatusCode) @@ -127,7 +130,7 @@ func TestLoginExecutor(t *testing.T) { t.Run("case=pass if hooks pass", func(t *testing.T) { t.Cleanup(testhelpers.SelfServiceHookConfigReset(t, conf)) - viperSetPost(t, conf, strategy, []config.SelfServiceHook{{Name: "err", Config: []byte(`{}`)}}) + viperSetPost(t, conf, strategy.String(), []config.SelfServiceHook{{Name: "err", Config: []byte(`{}`)}}) res, _ := makeRequestPost(t, newServer(t, flow.TypeBrowser, nil), false, url.Values{}) assert.EqualValues(t, http.StatusOK, res.StatusCode) diff --git a/selfservice/flow/recovery/flow.go b/selfservice/flow/recovery/flow.go index 5842708fa1d2..f3d648d166d9 100644 --- a/selfservice/flow/recovery/flow.go +++ b/selfservice/flow/recovery/flow.go @@ -209,3 +209,7 @@ func (f *Flow) AfterSave(*pop.Connection) error { f.SetReturnTo() return nil } + +func (f *Flow) GetUI() *container.Container { + return f.UI +} diff --git a/selfservice/flow/recovery/hook.go b/selfservice/flow/recovery/hook.go index d7074e2afa26..9fe1fb20d8e6 100644 --- a/selfservice/flow/recovery/hook.go +++ b/selfservice/flow/recovery/hook.go @@ -7,7 +7,9 @@ import ( "github.com/ory/kratos/driver/config" "github.com/ory/kratos/identity" + "github.com/ory/kratos/selfservice/flow" "github.com/ory/kratos/session" + "github.com/ory/kratos/ui/node" "github.com/ory/kratos/x" ) @@ -41,6 +43,7 @@ type ( identity.ValidationProvider session.PersistenceProvider HooksProvider + x.CSRFTokenGeneratorProvider x.LoggingProvider x.WriterProvider } @@ -67,7 +70,11 @@ func (e *HookExecutor) PostRecoveryHook(w http.ResponseWriter, r *http.Request, Debug("Running ExecutePostRecoveryHooks.") for k, executor := range e.d.PostRecoveryHooks(r.Context()) { if err := executor.ExecutePostRecoveryHook(w, r, a, s); err != nil { - return err + var traits identity.Traits + if s.Identity != nil { + traits = s.Identity.Traits + } + return flow.HandleHookError(w, r, a, traits, node.LinkGroup, err, e.d, e.d) } e.d.Logger().WithRequest(r). @@ -75,13 +82,13 @@ func (e *HookExecutor) PostRecoveryHook(w http.ResponseWriter, r *http.Request, WithField("executor_position", k). WithField("executors", PostHookRecoveryExecutorNames(e.d.PostRecoveryHooks(r.Context()))). WithField("identity_id", s.Identity.ID). - Debug("ExecutePostVerificationHook completed successfully.") + Debug("ExecutePostRecoveryHook completed successfully.") } e.d.Logger(). WithRequest(r). WithField("identity_id", s.Identity.ID). - Debug("Post verification execution hooks completed successfully.") + Debug("Post recovery execution hooks completed successfully.") return nil } diff --git a/selfservice/flow/registration/flow.go b/selfservice/flow/registration/flow.go index da7cff04d15f..20fd9e50c468 100644 --- a/selfservice/flow/registration/flow.go +++ b/selfservice/flow/registration/flow.go @@ -177,3 +177,7 @@ func (f *Flow) AfterSave(*pop.Connection) error { f.SetReturnTo() return nil } + +func (f *Flow) GetUI() *container.Container { + return f.UI +} diff --git a/selfservice/flow/registration/hook.go b/selfservice/flow/registration/hook.go index e311ae1878fc..b04a8a2e2f52 100644 --- a/selfservice/flow/registration/hook.go +++ b/selfservice/flow/registration/hook.go @@ -67,6 +67,7 @@ type ( session.PersistenceProvider session.ManagementProvider HooksProvider + x.CSRFTokenGeneratorProvider x.LoggingProvider x.WriterProvider } @@ -101,7 +102,12 @@ func (e *HookExecutor) PostRegistrationHook(w http.ResponseWriter, r *http.Reque Debug("A ExecutePostRegistrationPrePersistHook hook aborted early.") return nil } - return err + + var traits identity.Traits + if i != nil { + traits = i.Traits + } + return flow.HandleHookError(w, r, a, traits, ct.ToUiNodeGroup(), err, e.d, e.d) } e.d.Logger().WithRequest(r). @@ -166,7 +172,12 @@ func (e *HookExecutor) PostRegistrationHook(w http.ResponseWriter, r *http.Reque Debug("A ExecutePostRegistrationPostPersistHook hook aborted early.") return nil } - return err + + var traits identity.Traits + if i != nil { + traits = i.Traits + } + return flow.HandleHookError(w, r, a, traits, ct.ToUiNodeGroup(), err, e.d, e.d) } e.d.Logger().WithRequest(r). diff --git a/selfservice/flow/registration/hook_test.go b/selfservice/flow/registration/hook_test.go index 2aa4398949df..3917bc6db18d 100644 --- a/selfservice/flow/registration/hook_test.go +++ b/selfservice/flow/registration/hook_test.go @@ -26,6 +26,8 @@ func TestRegistrationExecutor(t *testing.T) { for _, strategy := range []string{ identity.CredentialsTypePassword.String(), identity.CredentialsTypeOIDC.String(), + identity.CredentialsTypeTOTP.String(), + identity.CredentialsTypeWebAuthn.String(), } { t.Run("strategy="+strategy, func(t *testing.T) { conf, reg := internal.NewFastRegistryWithMocks(t) diff --git a/selfservice/flow/settings/flow.go b/selfservice/flow/settings/flow.go index f3beff8b1792..15ec1f737795 100644 --- a/selfservice/flow/settings/flow.go +++ b/selfservice/flow/settings/flow.go @@ -221,3 +221,7 @@ func (f *Flow) AfterSave(*pop.Connection) error { f.SetReturnTo() return nil } + +func (f *Flow) GetUI() *container.Container { + return f.UI +} diff --git a/selfservice/flow/settings/hook.go b/selfservice/flow/settings/hook.go index f80d6825e281..e5b14e5c3319 100644 --- a/selfservice/flow/settings/hook.go +++ b/selfservice/flow/settings/hook.go @@ -7,6 +7,7 @@ import ( "time" "github.com/ory/kratos/text" + "github.com/ory/kratos/ui/container" "github.com/ory/kratos/ui/node" "github.com/ory/x/sqlcon" @@ -44,6 +45,7 @@ type ( HooksProvider FlowPersistenceProvider + x.CSRFTokenGeneratorProvider x.LoggingProvider x.WriterProvider } @@ -95,6 +97,37 @@ func WithCallback(cb func(ctxUpdate *UpdateContext) error) func(o *postSettingsH } } +func (e *HookExecutor) handleSettingsError(_ http.ResponseWriter, r *http.Request, settingsType string, f *Flow, i *identity.Identity, flowError error) error { + if f != nil { + if i != nil { + var group node.UiNodeGroup + switch settingsType { + case "password": + group = node.PasswordGroup + case "oidc": + group = node.OpenIDConnectGroup + } + + cont, err := container.NewFromStruct("", group, i.Traits, "traits") + if err != nil { + e.d.Logger().WithError(err).Error("could not update flow UI") + return err + } + + for _, n := range cont.Nodes { + // we only set the value and not the whole field because we want to keep types from the initial form generation + f.UI.Nodes.SetValueAttribute(n.ID(), n.Attributes.GetValue()) + } + } + + if f.Type == flow.TypeBrowser { + f.UI.SetCSRF(e.d.GenerateCSRFToken(r)) + } + } + + return flowError +} + func (e *HookExecutor) PostSettingsHook(w http.ResponseWriter, r *http.Request, settingsType string, ctxUpdate *UpdateContext, i *identity.Identity, opts ...PostSettingsHookOption) error { e.d.Logger(). WithRequest(r). @@ -136,7 +169,18 @@ func (e *HookExecutor) PostSettingsHook(w http.ResponseWriter, r *http.Request, Debug("A ExecuteSettingsPrePersistHook hook aborted early.") return nil } - return err + var group node.UiNodeGroup + switch settingsType { + case "password": + group = node.PasswordGroup + case "oidc": + group = node.OpenIDConnectGroup + } + var traits identity.Traits + if i != nil { + traits = i.Traits + } + return flow.HandleHookError(w, r, ctxUpdate.Flow, traits, group, err, e.d, e.d) } e.d.Logger().WithRequest(r).WithFields(logFields).Debug("ExecuteSettingsPrePersistHook completed successfully.") @@ -196,7 +240,7 @@ func (e *HookExecutor) PostSettingsHook(w http.ResponseWriter, r *http.Request, Debug("A ExecuteSettingsPostPersistHook hook aborted early.") return nil } - return err + return e.handleSettingsError(w, r, settingsType, ctxUpdate.Flow, i, err) } e.d.Logger().WithRequest(r). diff --git a/selfservice/flow/verification/flow.go b/selfservice/flow/verification/flow.go index ed101f9d9564..f8547cf48f87 100644 --- a/selfservice/flow/verification/flow.go +++ b/selfservice/flow/verification/flow.go @@ -214,3 +214,7 @@ func (f *Flow) AfterSave(*pop.Connection) error { f.SetReturnTo() return nil } + +func (f *Flow) GetUI() *container.Container { + return f.UI +} diff --git a/selfservice/flow/verification/hook.go b/selfservice/flow/verification/hook.go index d3f8601fd2ac..b7e90e3389e4 100644 --- a/selfservice/flow/verification/hook.go +++ b/selfservice/flow/verification/hook.go @@ -7,7 +7,9 @@ import ( "github.com/ory/kratos/driver/config" "github.com/ory/kratos/identity" + "github.com/ory/kratos/selfservice/flow" "github.com/ory/kratos/session" + "github.com/ory/kratos/ui/node" "github.com/ory/kratos/x" ) @@ -41,6 +43,7 @@ type ( identity.ValidationProvider session.PersistenceProvider HooksProvider + x.CSRFTokenGeneratorProvider x.LoggingProvider x.WriterProvider } @@ -67,7 +70,11 @@ func (e *HookExecutor) PostVerificationHook(w http.ResponseWriter, r *http.Reque Debug("Running ExecutePostVerificationHooks.") for k, executor := range e.d.PostVerificationHooks(r.Context()) { if err := executor.ExecutePostVerificationHook(w, r, a, i); err != nil { - return err + var traits identity.Traits + if i != nil { + traits = i.Traits + } + return flow.HandleHookError(w, r, a, traits, node.LinkGroup, err, e.d, e.d) } e.d.Logger().WithRequest(r). diff --git a/selfservice/hook/address_verifier.go b/selfservice/hook/address_verifier.go index f38713e46edd..3ec3b7b578bd 100644 --- a/selfservice/hook/address_verifier.go +++ b/selfservice/hook/address_verifier.go @@ -5,6 +5,8 @@ import ( "github.com/pkg/errors" + "github.com/ory/kratos/ui/node" + "github.com/ory/herodot" "github.com/ory/kratos/identity" @@ -20,7 +22,7 @@ func NewAddressVerifier() *AddressVerifier { return &AddressVerifier{} } -func (e *AddressVerifier) ExecuteLoginPostHook(_ http.ResponseWriter, _ *http.Request, f *login.Flow, s *session.Session) error { +func (e *AddressVerifier) ExecuteLoginPostHook(_ http.ResponseWriter, _ *http.Request, _ node.UiNodeGroup, f *login.Flow, s *session.Session) error { // if the login happens using the password method, there must be at least one verified address if f.Active != identity.CredentialsTypePassword { return nil diff --git a/selfservice/hook/address_verifier_test.go b/selfservice/hook/address_verifier_test.go index 63a689a26419..1dd007ead68e 100644 --- a/selfservice/hook/address_verifier_test.go +++ b/selfservice/hook/address_verifier_test.go @@ -6,6 +6,8 @@ import ( "github.com/gofrs/uuid" "github.com/stretchr/testify/assert" + "github.com/ory/kratos/ui/node" + "github.com/ory/herodot" "github.com/ory/kratos/identity" @@ -77,7 +79,7 @@ func TestAddressVerifier(t *testing.T) { Identity: &identity.Identity{ID: x.NewUUID(), VerifiableAddresses: uc.verifiableAddresses}, } - err := verifier.ExecuteLoginPostHook(nil, nil, tc.flow, sessions) + err := verifier.ExecuteLoginPostHook(nil, nil, node.DefaultGroup, tc.flow, sessions) if tc.neverError || uc.expectedError == nil { assert.NoError(t, err) diff --git a/selfservice/hook/error.go b/selfservice/hook/error.go index 7de9f7ac30f2..fc28d45b8e3c 100644 --- a/selfservice/hook/error.go +++ b/selfservice/hook/error.go @@ -5,11 +5,11 @@ import ( "errors" "net/http" - "github.com/ory/kratos/selfservice/flow/verification" + "github.com/tidwall/gjson" "github.com/ory/kratos/selfservice/flow/recovery" - - "github.com/tidwall/gjson" + "github.com/ory/kratos/selfservice/flow/verification" + "github.com/ory/kratos/ui/node" "github.com/ory/kratos/identity" "github.com/ory/kratos/selfservice/flow/login" @@ -52,7 +52,7 @@ func (e Error) ExecuteSettingsPostPersistHook(w http.ResponseWriter, r *http.Req return e.err("ExecuteSettingsPostPersistHook", settings.ErrHookAbortRequest) } -func (e Error) ExecuteLoginPostHook(w http.ResponseWriter, r *http.Request, a *login.Flow, s *session.Session) error { +func (e Error) ExecuteLoginPostHook(w http.ResponseWriter, r *http.Request, g node.UiNodeGroup, a *login.Flow, s *session.Session) error { return e.err("ExecuteLoginPostHook", login.ErrHookAbortFlow) } diff --git a/selfservice/hook/session_destroyer.go b/selfservice/hook/session_destroyer.go index 5efac7188223..0b7fd6df013f 100644 --- a/selfservice/hook/session_destroyer.go +++ b/selfservice/hook/session_destroyer.go @@ -7,6 +7,7 @@ import ( "github.com/ory/kratos/selfservice/flow/login" "github.com/ory/kratos/session" + "github.com/ory/kratos/ui/node" ) var _ login.PostHookExecutor = new(SessionDestroyer) @@ -26,7 +27,7 @@ func NewSessionDestroyer(r sessionDestroyerDependencies) *SessionDestroyer { return &SessionDestroyer{r: r} } -func (e *SessionDestroyer) ExecuteLoginPostHook(_ http.ResponseWriter, r *http.Request, _ *login.Flow, s *session.Session) error { +func (e *SessionDestroyer) ExecuteLoginPostHook(_ http.ResponseWriter, r *http.Request, _ node.UiNodeGroup, _ *login.Flow, s *session.Session) error { if _, err := e.r.SessionPersister().RevokeSessionsIdentityExcept(r.Context(), s.Identity.ID, s.ID); err != nil { return err } diff --git a/selfservice/hook/session_destroyer_test.go b/selfservice/hook/session_destroyer_test.go index 636cb32f0841..e74e673de617 100644 --- a/selfservice/hook/session_destroyer_test.go +++ b/selfservice/hook/session_destroyer_test.go @@ -8,6 +8,7 @@ import ( "github.com/ory/kratos/internal/testhelpers" "github.com/ory/kratos/corpx" + "github.com/ory/kratos/ui/node" "github.com/bxcodec/faker/v3" "github.com/gobuffalo/httptest" @@ -44,6 +45,7 @@ func TestSessionDestroyer(t *testing.T) { return h.ExecuteLoginPostHook( httptest.NewRecorder(), new(http.Request), + node.DefaultGroup, nil, &session.Session{Identity: i}, ) diff --git a/selfservice/hook/stub/test_body.jsonnet b/selfservice/hook/stub/test_body.jsonnet index 0b8d24119d6d..7df9528a83e0 100644 --- a/selfservice/hook/stub/test_body.jsonnet +++ b/selfservice/hook/stub/test_body.jsonnet @@ -1,6 +1,6 @@ function(ctx) { flow_id: ctx.flow.id, - identity_id: if ctx["identity"] != null then ctx.identity.id, + identity_id: if std.objectHas(ctx, "identity") then ctx.identity.id, headers: ctx.request_headers, url: ctx.request_url, method: ctx.request_method diff --git a/selfservice/hook/web_hook.go b/selfservice/hook/web_hook.go index fb104ccf024f..1e935912ecea 100644 --- a/selfservice/hook/web_hook.go +++ b/selfservice/hook/web_hook.go @@ -11,8 +11,11 @@ import ( "go.opentelemetry.io/otel/codes" "go.opentelemetry.io/otel/trace" + "github.com/ory/kratos/ui/node" + "github.com/ory/kratos/identity" "github.com/ory/kratos/request" + "github.com/ory/kratos/schema" "github.com/ory/kratos/selfservice/flow" "github.com/ory/kratos/selfservice/flow/login" "github.com/ory/kratos/selfservice/flow/recovery" @@ -20,13 +23,16 @@ import ( "github.com/ory/kratos/selfservice/flow/settings" "github.com/ory/kratos/selfservice/flow/verification" "github.com/ory/kratos/session" + "github.com/ory/kratos/text" "github.com/ory/kratos/x" "github.com/ory/x/otelx" ) var _ registration.PostHookPostPersistExecutor = new(WebHook) +var _ registration.PostHookPrePersistExecutor = new(WebHook) var _ verification.PostHookExecutor = new(WebHook) var _ recovery.PostHookExecutor = new(WebHook) +var _ settings.PostHookPostPersistExecutor = new(WebHook) type ( webHookDependencies interface { @@ -40,13 +46,29 @@ type ( RequestHeaders http.Header `json:"request_headers"` RequestMethod string `json:"request_method"` RequestUrl string `json:"request_url"` - Identity *identity.Identity `json:"identity"` + Identity *identity.Identity `json:"identity,omitempty"` } WebHook struct { deps webHookDependencies conf json.RawMessage } + + detailedMessage struct { + ID int `json:"id"` + Text string `json:"text"` + Type string `json:"type"` + Context json.RawMessage `json:"context,omitempty"` + } + + errorMessage struct { + InstancePtr string `json:"instance_ptr"` + DetailedMessages []detailedMessage `json:"messages"` + } + + rawHookResponse struct { + Messages []errorMessage `json:"messages"` + } ) func NewWebHook(r webHookDependencies, c json.RawMessage) *WebHook { @@ -63,7 +85,7 @@ func (e *WebHook) ExecuteLoginPreHook(_ http.ResponseWriter, req *http.Request, }) } -func (e *WebHook) ExecuteLoginPostHook(_ http.ResponseWriter, req *http.Request, flow *login.Flow, session *session.Session) error { +func (e *WebHook) ExecuteLoginPostHook(_ http.ResponseWriter, req *http.Request, _ node.UiNodeGroup, flow *login.Flow, session *session.Session) error { ctx, _ := e.deps.Tracer(req.Context()).Tracer().Start(req.Context(), "selfservice.hook.ExecutePostLoginHook") return e.execute(ctx, &templateContext{ Flow: flow, @@ -74,14 +96,14 @@ func (e *WebHook) ExecuteLoginPostHook(_ http.ResponseWriter, req *http.Request, }) } -func (e *WebHook) ExecutePostVerificationHook(_ http.ResponseWriter, req *http.Request, flow *verification.Flow, identity *identity.Identity) error { +func (e *WebHook) ExecutePostVerificationHook(_ http.ResponseWriter, req *http.Request, flow *verification.Flow, id *identity.Identity) error { ctx, _ := e.deps.Tracer(req.Context()).Tracer().Start(req.Context(), "selfservice.hook.ExecutePostVerificationHook") return e.execute(ctx, &templateContext{ Flow: flow, RequestHeaders: req.Header, RequestMethod: req.Method, RequestUrl: req.RequestURI, - Identity: identity, + Identity: id, }) } @@ -106,6 +128,17 @@ func (e *WebHook) ExecuteRegistrationPreHook(_ http.ResponseWriter, req *http.Re }) } +func (e *WebHook) ExecutePostRegistrationPrePersistHook(_ http.ResponseWriter, req *http.Request, flow *registration.Flow, id *identity.Identity) error { + ctx, _ := e.deps.Tracer(req.Context()).Tracer().Start(req.Context(), "selfservice.hook.ExecutePostRegistrationPrePersistHook") + return e.execute(ctx, &templateContext{ + Flow: flow, + RequestHeaders: req.Header, + RequestMethod: req.Method, + RequestUrl: req.RequestURI, + Identity: id, + }) +} + func (e *WebHook) ExecutePostRegistrationPostPersistHook(_ http.ResponseWriter, req *http.Request, flow *registration.Flow, session *session.Session) error { ctx, _ := e.deps.Tracer(req.Context()).Tracer().Start(req.Context(), "selfservice.hook.ExecutePostRegistrationPostPersistHook") return e.execute(ctx, &templateContext{ @@ -117,14 +150,14 @@ func (e *WebHook) ExecutePostRegistrationPostPersistHook(_ http.ResponseWriter, }) } -func (e *WebHook) ExecuteSettingsPostPersistHook(_ http.ResponseWriter, req *http.Request, flow *settings.Flow, identity *identity.Identity) error { +func (e *WebHook) ExecuteSettingsPostPersistHook(_ http.ResponseWriter, req *http.Request, flow *settings.Flow, id *identity.Identity) error { ctx, _ := e.deps.Tracer(req.Context()).Tracer().Start(req.Context(), "selfservice.hook.ExecuteSettingsPostPersistHook") return e.execute(ctx, &templateContext{ Flow: flow, RequestHeaders: req.Header, RequestMethod: req.Method, RequestUrl: req.RequestURI, - Identity: identity, + Identity: id, }) } @@ -134,8 +167,14 @@ func (e *WebHook) execute(ctx context.Context, data *templateContext) error { "webhook.http.method": data.RequestMethod, "webhook.http.url": data.RequestUrl, "webhook.http.headers": fmt.Sprintf("%#v", data.RequestHeaders), - "webhook.identity": fmt.Sprintf("%#v", data.Identity), } + + if data.Identity != nil { + attrs["webhook.identity.id"] = data.Identity.ID.String() + } else { + attrs["webhook.identity.id"] = "" + } + span.SetAttributes(otelx.StringAttrs(attrs)...) defer span.End() @@ -160,8 +199,14 @@ func (e *WebHook) execute(ctx context.Context, data *templateContext) error { errChan <- err return } + defer resp.Body.Close() if resp.StatusCode >= http.StatusBadRequest { + if gjson.GetBytes(e.conf, "can_interrupt").Bool() { + if err := parseWebhookResponse(resp); err != nil { + errChan <- err + } + } errChan <- fmt.Errorf("web hook failed with status code %v", resp.StatusCode) span.SetStatus(codes.Error, fmt.Sprintf("web hook failed with status code %v", resp.StatusCode)) return @@ -180,3 +225,39 @@ func (e *WebHook) execute(ctx context.Context, data *templateContext) error { return <-errChan } + +func parseWebhookResponse(resp *http.Response) (err error) { + if resp == nil { + return errors.Errorf("empty response provided from the webhook") + } + var hookResponse rawHookResponse + if err := json.NewDecoder(resp.Body).Decode(&hookResponse); err != nil { + return errors.Wrap(err, "hook response could not be unmarshalled properly from JSON") + } + + var validationErrs []*schema.ValidationError + for _, msg := range hookResponse.Messages { + messages := text.Messages{} + for _, detail := range msg.DetailedMessages { + var msgType text.Type + if detail.Type == "error" { + msgType = text.Error + } else { + msgType = text.Info + } + messages.Add(&text.Message{ + ID: text.ID(detail.ID), + Text: detail.Text, + Type: msgType, + Context: detail.Context, + }) + } + validationErrs = append(validationErrs, schema.NewHookValidationError(msg.InstancePtr, "a web-hook target returned an error", messages)) + } + + if len(validationErrs) == 0 { + return errors.New("error while parsing hook response: got no validation errors") + } + + return schema.NewValidationListError(validationErrs) +} diff --git a/selfservice/hook/web_hook_integration_test.go b/selfservice/hook/web_hook_integration_test.go index 2c4e55d4acb8..120864531335 100644 --- a/selfservice/hook/web_hook_integration_test.go +++ b/selfservice/hook/web_hook_integration_test.go @@ -1,6 +1,7 @@ package hook_test import ( + "context" _ "embed" "encoding/base64" "encoding/json" @@ -15,9 +16,15 @@ import ( "github.com/stretchr/testify/require" + "github.com/ory/kratos/schema" + "github.com/ory/kratos/text" + "github.com/ory/x/otelx" + "github.com/ory/kratos/driver/config" "github.com/ory/kratos/internal" "github.com/ory/kratos/selfservice/hook" + "github.com/ory/kratos/ui/node" + "github.com/ory/x/logrusx" "github.com/ory/kratos/selfservice/flow/recovery" "github.com/ory/kratos/selfservice/flow/registration" @@ -40,6 +47,8 @@ import ( func TestWebHooks(t *testing.T) { _, reg := internal.NewFastRegistryWithMocks(t) + logger := logrusx.New("kratos", "test") + whDeps := x.SimpleLoggerWithClient{L: logger, C: reg.HTTPClient(context.Background()), T: otelx.NewNoop(logger, &otelx.Config{ServiceName: "kratos"})} type WebHookRequest struct { Body string Headers http.Header @@ -65,6 +74,14 @@ func TestWebHooks(t *testing.T) { } } + webHookHttpCodeWithBodyEndPoint := func(t *testing.T, code int, body []byte) httprouter.Handle { + return func(w http.ResponseWriter, _ *http.Request, _ httprouter.Params) { + w.WriteHeader(code) + _, err := w.Write(body) + assert.NoError(t, err, "error while returning response from webHookHttpCodeWithBodyEndPoint") + } + } + path := "/web_hook" newServer := func(f httprouter.Handle) *httptest.Server { r := httprouter.New() @@ -125,7 +142,7 @@ func TestWebHooks(t *testing.T) { uc: "Post Login Hook", createFlow: func() flow.Flow { return &login.Flow{ID: x.NewUUID()} }, callWebHook: func(wh *hook.WebHook, req *http.Request, f flow.Flow, s *session.Session) error { - return wh.ExecuteLoginPostHook(nil, req, f.(*login.Flow), s) + return wh.ExecuteLoginPostHook(nil, req, node.PasswordGroup, f.(*login.Flow), s) }, expectedBody: func(req *http.Request, f flow.Flow, s *session.Session) string { return bodyWithFlowAndIdentity(req, f, s) @@ -258,9 +275,9 @@ func TestWebHooks(t *testing.T) { "method": "%s", "body": "%s", "auth": %s - }`, ts.URL+path, method, "./stub/test_body.jsonnet", auth.createAuthConfig())) + }`, ts.URL+path, method, "file://./stub/test_body.jsonnet", auth.createAuthConfig())) - wh := hook.NewWebHook(reg, conf) + wh := hook.NewWebHook(&whDeps, conf) err := tc.callWebHook(wh, req, f, s) if method == "GARBAGE" { @@ -295,6 +312,241 @@ func TestWebHooks(t *testing.T) { }) } + webHookResponse := []byte( + `{ + "messages": [{ + "instance_ptr": "#/traits/username", + "messages": [{ + "id": 1234, + "text": "error message", + "type": "info" + }] + }] + }`, + ) + + webhookError := schema.NewValidationListError([]*schema.ValidationError{schema.NewHookValidationError("#/traits/username", "a web-hook target returned an error", text.Messages{{ID: 1234, Type: "info", Text: "error message"}})}) + for _, tc := range []struct { + uc string + callWebHook func(wh *hook.WebHook, req *http.Request, f flow.Flow, s *session.Session) error + webHookResponse func() (int, []byte) + createFlow func() flow.Flow + expectedError error + }{ + { + uc: "Pre Login Hook - no block", + createFlow: func() flow.Flow { return &login.Flow{ID: x.NewUUID()} }, + callWebHook: func(wh *hook.WebHook, req *http.Request, f flow.Flow, _ *session.Session) error { + return wh.ExecuteLoginPreHook(nil, req, f.(*login.Flow)) + }, + webHookResponse: func() (int, []byte) { + return http.StatusOK, []byte{} + }, + expectedError: nil, + }, + { + uc: "Pre Login Hook - block", + createFlow: func() flow.Flow { return &login.Flow{ID: x.NewUUID()} }, + callWebHook: func(wh *hook.WebHook, req *http.Request, f flow.Flow, _ *session.Session) error { + return wh.ExecuteLoginPreHook(nil, req, f.(*login.Flow)) + }, + webHookResponse: func() (int, []byte) { + return http.StatusBadRequest, webHookResponse + }, + expectedError: webhookError, + }, + { + uc: "Post Login Hook - no block", + createFlow: func() flow.Flow { return &login.Flow{ID: x.NewUUID()} }, + callWebHook: func(wh *hook.WebHook, req *http.Request, f flow.Flow, s *session.Session) error { + return wh.ExecuteLoginPostHook(nil, req, node.PasswordGroup, f.(*login.Flow), s) + }, + webHookResponse: func() (int, []byte) { + return http.StatusOK, []byte{} + }, + expectedError: nil, + }, + { + uc: "Post Login Hook - block", + createFlow: func() flow.Flow { return &login.Flow{ID: x.NewUUID()} }, + callWebHook: func(wh *hook.WebHook, req *http.Request, f flow.Flow, s *session.Session) error { + return wh.ExecuteLoginPostHook(nil, req, node.PasswordGroup, f.(*login.Flow), s) + }, + webHookResponse: func() (int, []byte) { + return http.StatusBadRequest, webHookResponse + }, + expectedError: webhookError, + }, + { + uc: "Pre Registration Hook - no block", + createFlow: func() flow.Flow { return ®istration.Flow{ID: x.NewUUID()} }, + callWebHook: func(wh *hook.WebHook, req *http.Request, f flow.Flow, _ *session.Session) error { + return wh.ExecuteRegistrationPreHook(nil, req, f.(*registration.Flow)) + }, + webHookResponse: func() (int, []byte) { + return http.StatusOK, []byte{} + }, + expectedError: nil, + }, + { + uc: "Pre Registration Hook - block", + createFlow: func() flow.Flow { return ®istration.Flow{ID: x.NewUUID()} }, + callWebHook: func(wh *hook.WebHook, req *http.Request, f flow.Flow, _ *session.Session) error { + return wh.ExecuteRegistrationPreHook(nil, req, f.(*registration.Flow)) + }, + webHookResponse: func() (int, []byte) { + return http.StatusBadRequest, webHookResponse + }, + expectedError: webhookError, + }, + { + uc: "Post Registration Post Persist Hook - no block", + createFlow: func() flow.Flow { return ®istration.Flow{ID: x.NewUUID()} }, + callWebHook: func(wh *hook.WebHook, req *http.Request, f flow.Flow, s *session.Session) error { + return wh.ExecutePostRegistrationPostPersistHook(nil, req, f.(*registration.Flow), s) + }, + webHookResponse: func() (int, []byte) { + return http.StatusOK, []byte{} + }, + expectedError: nil, + }, + { + uc: "Post Registration Post Persists Hook - block", + createFlow: func() flow.Flow { return ®istration.Flow{ID: x.NewUUID()} }, + callWebHook: func(wh *hook.WebHook, req *http.Request, f flow.Flow, s *session.Session) error { + return wh.ExecutePostRegistrationPostPersistHook(nil, req, f.(*registration.Flow), s) + }, + webHookResponse: func() (int, []byte) { + return http.StatusBadRequest, webHookResponse + }, + expectedError: webhookError, + }, + { + uc: "Post Registration Pre Persist Hook - no block", + createFlow: func() flow.Flow { return ®istration.Flow{ID: x.NewUUID()} }, + callWebHook: func(wh *hook.WebHook, req *http.Request, f flow.Flow, s *session.Session) error { + return wh.ExecutePostRegistrationPrePersistHook(nil, req, f.(*registration.Flow), s.Identity) + }, + webHookResponse: func() (int, []byte) { + return http.StatusOK, []byte{} + }, + expectedError: nil, + }, + { + uc: "Post Registration Pre Persist Hook - block", + createFlow: func() flow.Flow { return ®istration.Flow{ID: x.NewUUID()} }, + callWebHook: func(wh *hook.WebHook, req *http.Request, f flow.Flow, s *session.Session) error { + return wh.ExecutePostRegistrationPrePersistHook(nil, req, f.(*registration.Flow), s.Identity) + }, + webHookResponse: func() (int, []byte) { + return http.StatusBadRequest, webHookResponse + }, + expectedError: webhookError, + }, + { + uc: "Post Recovery Hook - no block", + createFlow: func() flow.Flow { return &recovery.Flow{ID: x.NewUUID()} }, + callWebHook: func(wh *hook.WebHook, req *http.Request, f flow.Flow, s *session.Session) error { + return wh.ExecutePostRecoveryHook(nil, req, f.(*recovery.Flow), s) + }, + webHookResponse: func() (int, []byte) { + return http.StatusOK, []byte{} + }, + expectedError: nil, + }, + { + uc: "Post Recovery Hook - block", + createFlow: func() flow.Flow { return &recovery.Flow{ID: x.NewUUID()} }, + callWebHook: func(wh *hook.WebHook, req *http.Request, f flow.Flow, s *session.Session) error { + return wh.ExecutePostRecoveryHook(nil, req, f.(*recovery.Flow), s) + }, + webHookResponse: func() (int, []byte) { + return http.StatusBadRequest, webHookResponse + }, + expectedError: webhookError, + }, + { + uc: "Post Verification Hook - no block", + createFlow: func() flow.Flow { return &verification.Flow{ID: x.NewUUID()} }, + callWebHook: func(wh *hook.WebHook, req *http.Request, f flow.Flow, s *session.Session) error { + return wh.ExecutePostVerificationHook(nil, req, f.(*verification.Flow), s.Identity) + }, + webHookResponse: func() (int, []byte) { + return http.StatusOK, []byte{} + }, + expectedError: nil, + }, + { + uc: "Post Verification Hook - block", + createFlow: func() flow.Flow { return &verification.Flow{ID: x.NewUUID()} }, + callWebHook: func(wh *hook.WebHook, req *http.Request, f flow.Flow, s *session.Session) error { + return wh.ExecutePostVerificationHook(nil, req, f.(*verification.Flow), s.Identity) + }, + webHookResponse: func() (int, []byte) { + return http.StatusBadRequest, webHookResponse + }, + expectedError: webhookError, + }, + { + uc: "Post Settings Hook - no block", + createFlow: func() flow.Flow { return &settings.Flow{ID: x.NewUUID()} }, + callWebHook: func(wh *hook.WebHook, req *http.Request, f flow.Flow, s *session.Session) error { + return wh.ExecuteSettingsPostPersistHook(nil, req, f.(*settings.Flow), s.Identity) + }, + webHookResponse: func() (int, []byte) { + return http.StatusOK, []byte{} + }, + expectedError: nil, + }, + { + uc: "Post Settings Hook - block", + createFlow: func() flow.Flow { return &settings.Flow{ID: x.NewUUID()} }, + callWebHook: func(wh *hook.WebHook, req *http.Request, f flow.Flow, s *session.Session) error { + return wh.ExecuteSettingsPostPersistHook(nil, req, f.(*settings.Flow), s.Identity) + }, + webHookResponse: func() (int, []byte) { + return http.StatusBadRequest, webHookResponse + }, + expectedError: webhookError, + }, + } { + t.Run("uc="+tc.uc, func(t *testing.T) { + for _, method := range []string{"CONNECT", "DELETE", "GET", "OPTIONS", "PATCH", "POST", "PUT", "TRACE"} { + t.Run("method="+method, func(t *testing.T) { + f := tc.createFlow() + req := &http.Request{ + Header: map[string][]string{"Some-Header": {"Some-Value"}}, + RequestURI: "https://www.ory.sh/some_end_point", + Method: http.MethodPost, + } + s := &session.Session{ID: x.NewUUID(), Identity: &identity.Identity{ID: x.NewUUID()}} + code, res := tc.webHookResponse() + ts := newServer(webHookHttpCodeWithBodyEndPoint(t, code, res)) + conf := json.RawMessage(fmt.Sprintf(`{ + "url": "%s", + "method": "%s", + "body": "%s", + "can_interrupt": true + }`, ts.URL+path, method, "file://./stub/test_body.jsonnet")) + + wh := hook.NewWebHook(&whDeps, conf) + + err := tc.callWebHook(wh, req, f, s) + if tc.expectedError == nil { + assert.NoError(t, err) + return + } + + var validationError *schema.ValidationListError + var expectedError *schema.ValidationListError + if assert.ErrorAs(t, err, &validationError) && assert.ErrorAs(t, tc.expectedError, &expectedError) { + assert.Equal(t, expectedError, validationError) + } + }) + } + }) + } + t.Run("must error when config is erroneous", func(t *testing.T) { req := &http.Request{ Header: map[string][]string{"Some-Header": {"Some-Value"}}, @@ -303,7 +555,7 @@ func TestWebHooks(t *testing.T) { } f := &login.Flow{ID: x.NewUUID()} conf := json.RawMessage("not valid json") - wh := hook.NewWebHook(reg, conf) + wh := hook.NewWebHook(&whDeps, conf) err := wh.ExecuteLoginPreHook(nil, req, f) assert.Error(t, err) @@ -321,8 +573,8 @@ func TestWebHooks(t *testing.T) { "url": "%s", "method": "%s", "body": "%s" - }`, ts.URL+path, "POST", "./stub/bad_template.jsonnet")) - wh := hook.NewWebHook(reg, conf) + }`, ts.URL+path, "POST", "file://./stub/bad_template.jsonnet")) + wh := hook.NewWebHook(&whDeps, conf) err := wh.ExecuteLoginPreHook(nil, req, f) assert.Error(t, err) @@ -340,7 +592,7 @@ func TestWebHooks(t *testing.T) { "method": "POST", "body": "./stub/cancel_template.jsonnet" }`) - wh := hook.NewWebHook(reg, conf) + wh := hook.NewWebHook(&whDeps, conf) err := wh.ExecuteLoginPreHook(nil, req, f) assert.NoError(t, err) @@ -371,7 +623,7 @@ func TestWebHooks(t *testing.T) { } f := &login.Flow{ID: x.NewUUID()} conf := json.RawMessage(fmt.Sprintf(`{"url": "%s", "method": "GET", "body": "./stub/test_body.jsonnet", "response": {"ignore": true}}`, ts.URL+path)) - wh := hook.NewWebHook(reg, conf) + wh := hook.NewWebHook(&whDeps, conf) start := time.Now() err := wh.ExecuteLoginPreHook(nil, req, f) @@ -406,8 +658,8 @@ func TestWebHooks(t *testing.T) { "url": "%s", "method": "%s", "body": "%s" - }`, ts.URL+path, "POST", "./stub/test_body.jsonnet")) - wh := hook.NewWebHook(reg, conf) + }`, ts.URL+path, "POST", "file://./stub/test_body.jsonnet")) + wh := hook.NewWebHook(&whDeps, conf) err := wh.ExecuteLoginPreHook(nil, req, f) if tc.mustSuccess { @@ -422,6 +674,8 @@ func TestWebHooks(t *testing.T) { func TestDisallowPrivateIPRanges(t *testing.T) { conf, reg := internal.NewFastRegistryWithMocks(t) conf.MustSet(config.ViperKeyClientHTTPNoPrivateIPRanges, true) + logger := logrusx.New("kratos", "test") + whDeps := x.SimpleLoggerWithClient{L: logger, C: reg.HTTPClient(context.Background()), T: otelx.NewNoop(logger, conf.Tracing())} req := &http.Request{ Header: map[string][]string{"Some-Header": {"Some-Value"}}, @@ -432,12 +686,12 @@ func TestDisallowPrivateIPRanges(t *testing.T) { f := &login.Flow{ID: x.NewUUID()} t.Run("not allowed to call url", func(t *testing.T) { - wh := hook.NewWebHook(reg, json.RawMessage(`{ + wh := hook.NewWebHook(&whDeps, json.RawMessage(`{ "url": "https://localhost:1234/", "method": "GET", "body": "file://stub/test_body.jsonnet" }`)) - err := wh.ExecuteLoginPostHook(nil, req, f, s) + err := wh.ExecuteLoginPostHook(nil, req, node.DefaultGroup, f, s) require.Error(t, err) require.Contains(t, err.Error(), "ip 127.0.0.1 is in the 127.0.0.0/8 range") @@ -450,12 +704,12 @@ func TestDisallowPrivateIPRanges(t *testing.T) { } s := &session.Session{ID: x.NewUUID(), Identity: &identity.Identity{ID: x.NewUUID()}} f := &login.Flow{ID: x.NewUUID()} - wh := hook.NewWebHook(reg, json.RawMessage(`{ + wh := hook.NewWebHook(&whDeps, json.RawMessage(`{ "url": "https://www.google.com/", "method": "GET", "body": "http://192.168.178.0/test_body.jsonnet" }`)) - err := wh.ExecuteLoginPostHook(nil, req, f, s) + err := wh.ExecuteLoginPostHook(nil, req, node.DefaultGroup, f, s) require.Error(t, err) require.Contains(t, err.Error(), "ip 192.168.178.0 is in the 192.168.0.0/16 range") }) diff --git a/selfservice/strategy/oidc/strategy_login.go b/selfservice/strategy/oidc/strategy_login.go index 54b98e14342e..253380c6f0ab 100644 --- a/selfservice/strategy/oidc/strategy_login.go +++ b/selfservice/strategy/oidc/strategy_login.go @@ -10,6 +10,7 @@ import ( "github.com/ory/kratos/session" + "github.com/ory/kratos/ui/node" "github.com/ory/x/sqlcon" "github.com/ory/kratos/selfservice/flow/registration" @@ -118,7 +119,7 @@ func (s *Strategy) processLogin(w http.ResponseWriter, r *http.Request, a *login sess.CompletedLoginFor(s.ID(), identity.AuthenticatorAssuranceLevel1) for _, c := range o.Providers { if c.Subject == claims.Subject && c.Provider == provider.Config().ID { - if err = s.d.LoginHookExecutor().PostLoginHook(w, r, a, i, sess); err != nil { + if err = s.d.LoginHookExecutor().PostLoginHook(w, r, node.OpenIDConnectGroup, a, i, sess); err != nil { return nil, s.handleError(w, r, a, provider.Config().ID, nil, err) } return nil, nil diff --git a/test/e2e/cypress.config.ts b/test/e2e/cypress.config.ts index 5ae1ff14e4ca..a9a55def40b6 100644 --- a/test/e2e/cypress.config.ts +++ b/test/e2e/cypress.config.ts @@ -6,10 +6,6 @@ let criPort = 0, export default defineConfig({ chromeWebSecurity: false, - retries: { - runMode: 6, - openMode: 1 - }, defaultCommandTimeout: 10000, requestTimeout: 10000, projectId: 'bc48bg', @@ -17,6 +13,10 @@ export default defineConfig({ videoCompression: false, screenshotOnRunFailure: true, e2e: { + retries: { + runMode: 6, + openMode: 1 + }, videosFolder: 'cypress/videos', screenshotsFolder: 'cypress/screenshots', excludeSpecPattern: '**/*snapshots.js', diff --git a/test/e2e/cypress/helpers/index.ts b/test/e2e/cypress/helpers/index.ts index cf0ac0966c61..439ec483414b 100644 --- a/test/e2e/cypress/helpers/index.ts +++ b/test/e2e/cypress/helpers/index.ts @@ -1,4 +1,6 @@ export const email = () => Math.random().toString(36) + '@ory.sh' +export const blockedEmail = () => + Math.random().toString(36) + '_blocked' + '@ory.sh' export const password = () => Math.random().toString(36) @@ -65,6 +67,7 @@ export const website = 'https://www.ory.sh/' export const gen = { email, + blockedEmail, password, identity: () => ({ email: email(), password: password() }), identityWithWebsite: () => ({ diff --git a/test/e2e/cypress/integration/profiles/webhoooks/login/error.spec.ts b/test/e2e/cypress/integration/profiles/webhoooks/login/error.spec.ts new file mode 100644 index 000000000000..acd6b9b649a8 --- /dev/null +++ b/test/e2e/cypress/integration/profiles/webhoooks/login/error.spec.ts @@ -0,0 +1,39 @@ +import { gen } from '../../../../helpers' +import { routes as express } from '../../../../helpers/express' + +describe('Basic email profile with failing login flows with webhooks', () => { + ;[ + { + route: express.login, + app: 'express' as 'express', + profile: 'webhooks' + } + ].forEach(({ route, profile, app }) => { + describe(`for app ${app}`, () => { + before(() => { + cy.useConfigProfile(profile) + cy.proxy(app) + }) + + beforeEach(() => { + cy.clearAllCookies() + cy.visit(route) + }) + + it('should show fail to sign in when webhooks rejects login', () => { + const email = gen.blockedEmail() + const password = gen.password() + + cy.registerApi({ email, password, fields: {} }) + cy.get('input[name="identifier"]').type(email) + cy.get('input[name="password"]').type(password) + + cy.submitPasswordForm() + cy.get('*[data-testid="ui/message/1234"]').should( + 'contain.text', + 'email could not be validated' + ) + }) + }) + }) +}) diff --git a/test/e2e/cypress/integration/profiles/webhoooks/login/success.spec.ts b/test/e2e/cypress/integration/profiles/webhoooks/login/success.spec.ts new file mode 100644 index 000000000000..deb4a544df02 --- /dev/null +++ b/test/e2e/cypress/integration/profiles/webhoooks/login/success.spec.ts @@ -0,0 +1,45 @@ +import { APP_URL, appPrefix, gen, website } from '../../../../helpers' +import { routes as express } from '../../../../helpers/express' + +describe('Basic email profile with succeeding login flows with webhooks', () => { + const email = gen.email() + const password = gen.password() + + before(() => { + cy.registerApi({ email, password, fields: { 'traits.website': website } }) + }) + ;[ + { + route: express.login, + app: 'express' as 'express', + profile: 'webhooks' + } + ].forEach(({ route, profile, app }) => { + describe(`for app ${app}`, () => { + before(() => { + cy.proxy(app) + }) + + beforeEach(() => { + cy.useConfigProfile(profile) + cy.clearAllCookies() + cy.visit(route) + }) + + it('should sign in and be logged in', () => { + cy.get(`${appPrefix(app)}input[name="identifier"]`).type(email) + cy.get('input[name="password"]').type(password) + cy.submitPasswordForm() + cy.location('pathname').should('not.contain', '/login') + + cy.getSession().should((session) => { + const { identity } = session + expect(identity.id).to.not.be.empty + expect(identity.schema_id).to.equal('default') + expect(identity.schema_url).to.equal(`${APP_URL}/schemas/ZGVmYXVsdA`) + expect(identity.traits.email).to.equal(email) + }) + }) + }) + }) +}) diff --git a/test/e2e/cypress/integration/profiles/webhoooks/registration/errors.spec.ts b/test/e2e/cypress/integration/profiles/webhoooks/registration/errors.spec.ts new file mode 100644 index 000000000000..4bd2637a9134 --- /dev/null +++ b/test/e2e/cypress/integration/profiles/webhoooks/registration/errors.spec.ts @@ -0,0 +1,41 @@ +import { gen } from '../../../../helpers' +import { routes as express } from '../../../../helpers/express' + +describe('Registration failures with email profile with webhooks', () => { + ;[ + { + route: express.registration, + app: 'express' as 'express', + profile: 'webhooks' + } + ].forEach(({ route, profile, app }) => { + describe(`for app ${app}`, () => { + before(() => { + cy.useConfigProfile(profile) + cy.proxy(app) + }) + + beforeEach(() => { + cy.visit(route) + }) + + const blockedIdentity = gen.blockedEmail() + const password = gen.password() + + it('should show an error when the webhook is blocking registration', () => { + cy.get('input[name="traits.email"]').type(blockedIdentity) + cy.get('input[name="password"]').type(password) + + cy.submitPasswordForm() + cy.get('input[name="traits.email"]').should( + 'have.value', + blockedIdentity + ) + cy.get('*[data-testid="ui/message/1234"]').should( + 'contain.text', + 'email could not be validated' + ) + }) + }) + }) +}) diff --git a/test/e2e/cypress/integration/profiles/webhoooks/registration/success.spec.ts b/test/e2e/cypress/integration/profiles/webhoooks/registration/success.spec.ts new file mode 100644 index 000000000000..b9d8bc5f6a52 --- /dev/null +++ b/test/e2e/cypress/integration/profiles/webhoooks/registration/success.spec.ts @@ -0,0 +1,44 @@ +import { APP_URL, appPrefix, gen } from '../../../../helpers' +import { routes as express } from '../../../../helpers/express' + +context('Registration success with email profile with webhooks', () => { + ;[ + { + route: express.registration, + app: 'express' as 'express', + profile: 'webhooks' + } + ].forEach(({ route, profile, app }) => { + describe(`for app ${app}`, () => { + before(() => { + cy.useConfigProfile(profile) + cy.proxy(app) + }) + + beforeEach(() => { + cy.clearAllCookies() + cy.visit(route) + }) + + it('should sign up and be logged in', () => { + const email = gen.email() + const password = gen.password() + + cy.get(appPrefix(app) + 'input[name="traits"]').should('not.exist') + cy.get('input[name="traits.email"]').type(email) + cy.get('input[name="password"]').type(password) + + cy.submitPasswordForm() + cy.get('pre').should('contain.text', email) + + cy.getSession().should((session) => { + const { identity } = session + expect(identity.id).to.not.be.empty + expect(identity.schema_id).to.equal('default') + expect(identity.schema_url).to.equal(`${APP_URL}/schemas/ZGVmYXVsdA`) + expect(identity.traits.email).to.equal(email) + }) + }) + }) + }) +}) diff --git a/test/e2e/mock/webhook/Dockerfile b/test/e2e/mock/webhook/Dockerfile new file mode 100644 index 000000000000..5453e95f0ae1 --- /dev/null +++ b/test/e2e/mock/webhook/Dockerfile @@ -0,0 +1,19 @@ +FROM golang:1.18-alpine AS build + +WORKDIR /build + +ADD . . + +RUN cat go.* +RUN CGO_ENABLED=0 GOARCH=amd64 GOOS=linux go build -ldflags "-s -w -extldflags '-static'" -o ./app main.go + +FROM alpine + +WORKDIR /app + +COPY --from=build /build/app ./mock + +USER 65534:65534 + +EXPOSE 4459 +ENTRYPOINT ["/app/mock"] diff --git a/test/e2e/mock/webhook/go.mod b/test/e2e/mock/webhook/go.mod new file mode 100644 index 000000000000..caa97834c392 --- /dev/null +++ b/test/e2e/mock/webhook/go.mod @@ -0,0 +1,7 @@ +module github.com/ory/mock + +go 1.17 + +require github.com/sirupsen/logrus v1.8.1 + +require golang.org/x/sys v0.0.0-20191026070338-33540a1f6037 // indirect diff --git a/test/e2e/mock/webhook/go.sum b/test/e2e/mock/webhook/go.sum new file mode 100644 index 000000000000..59bd790e9378 --- /dev/null +++ b/test/e2e/mock/webhook/go.sum @@ -0,0 +1,10 @@ +github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= +github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= +github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= +github.com/sirupsen/logrus v1.8.1 h1:dJKuHgqk1NNQlqoA6BTlM1Wf9DOH3NBjQyu0h9+AZZE= +github.com/sirupsen/logrus v1.8.1/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0= +github.com/stretchr/testify v1.2.2 h1:bSDNvY7ZPG5RlJ8otE/7V6gMiyenm9RtJ7IUVIAoJ1w= +github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= +golang.org/x/sys v0.0.0-20191026070338-33540a1f6037 h1:YyJpGZS1sBuBCzLAR1VEpK193GlqGZbnPFnPV/5Rsb4= +golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= diff --git a/test/e2e/mock/webhook/main.go b/test/e2e/mock/webhook/main.go new file mode 100644 index 000000000000..e56a39099a45 --- /dev/null +++ b/test/e2e/mock/webhook/main.go @@ -0,0 +1,153 @@ +package main + +import ( + "bytes" + "encoding/json" + "fmt" + "net/http" + "strings" + + log "github.com/sirupsen/logrus" +) + +const AuthHeader = "X-Authorize-Request" + +type ( + // copied from selfservice/hook/web_hook.go + detailedMessage struct { + ID int `json:"id"` + Text string `json:"text"` + Type string `json:"type"` + Context json.RawMessage `json:"context,omitempty"` + } + + errorMessage struct { + InstancePtr string `json:"instance_ptr"` + Messages []detailedMessage `json:"messages"` + } + + rawHookResponse struct { + Messages []errorMessage `json:"messages"` + } + + logResponseWriter struct { + Status int + Size int + http.ResponseWriter + } +) + +// Header returns & satisfies the http.ResponseWriter interface +func (w *logResponseWriter) Header() http.Header { + return w.ResponseWriter.Header() +} + +// Write satisfies the http.ResponseWriter interface and +// captures data written, in bytes +func (w *logResponseWriter) Write(data []byte) (int, error) { + + written, err := w.ResponseWriter.Write(data) + w.Size += written + + return written, err +} + +// WriteHeader satisfies the http.ResponseWriter interface and +// allows us to catch the status code +func (w *logResponseWriter) WriteHeader(statusCode int) { + + w.Status = statusCode + w.ResponseWriter.WriteHeader(statusCode) +} + +func accessLog(next http.HandlerFunc) http.HandlerFunc { + fn := func(w http.ResponseWriter, r *http.Request) { + log.WithFields(log.Fields{"application": "webhooks", "method": r.Method, "path": r.URL.Path}).Info("incoming request") + responseWriter := logResponseWriter{http.StatusOK, 0, w} + next.ServeHTTP(&responseWriter, r) + log.WithFields(log.Fields{"application": "webhooks", "status": responseWriter.Status, "size": responseWriter.Size, "path": r.URL.Path}).Info("response generated") + } + + return fn +} + +func headerAuth(next http.HandlerFunc) http.HandlerFunc { + fn := func(w http.ResponseWriter, r *http.Request) { + if r.Header.Get(AuthHeader) != "1" { + w.WriteHeader(http.StatusUnauthorized) + } else { + next.ServeHTTP(w, r) + } + } + + return fn +} + +func healthCheck(w http.ResponseWriter, _ *http.Request) { + _, _ = w.Write([]byte("OK")) +} + +func webhookHandler(w http.ResponseWriter, r *http.Request) { + if r.Method != http.MethodPost { + w.WriteHeader(http.StatusBadRequest) + return + } + + payload := struct { + IdentityId string `json:"identity_id,omitempty"` + Email string `json:"email,omitempty"` + FlowId string `json:"flow_id"` + FlowType string `json:"flow_type"` + }{} + + encoder := json.NewDecoder(r.Body) + defer r.Body.Close() + if err := encoder.Decode(&payload); err != nil { + w.WriteHeader(http.StatusBadRequest) + log.WithError(err).Warn("could not unmarshal request JSON") + b := bytes.NewBufferString(fmt.Sprintf("error while parsing request JSON: %s", err)) + _, _ = w.Write(b.Bytes()) + return + } + + log.WithField("payload", payload).Info("unmarshalled request") + + if !strings.Contains(payload.Email, "_blocked@ory.sh") || payload.FlowType == "api" { + w.WriteHeader(http.StatusOK) + return + } + + w.WriteHeader(http.StatusConflict) + + detail := detailedMessage{ + ID: 1234, + Type: "error", + Text: "email could not be validated", + } + msg := errorMessage{InstancePtr: "#/traits/email", Messages: []detailedMessage{detail}} + resp := rawHookResponse{Messages: []errorMessage{msg}} + err := json.NewEncoder(w).Encode(&resp) + if err != nil { + w.WriteHeader(http.StatusInternalServerError) + buff := bytes.NewBufferString(err.Error()) + _, _ = w.Write(buff.Bytes()) + return + } +} + +func main() { + mux := http.NewServeMux() + + mux.HandleFunc("/health", healthCheck) + mux.HandleFunc("/webhook", accessLog(headerAuth(webhookHandler))) + + s := http.Server{ + Addr: ":4459", + Handler: mux, + } + + err := s.ListenAndServe() + if err != nil { + panic(err) + } +} diff --git a/test/e2e/modd.conf b/test/e2e/modd.conf index 255374066547..c0241db6a80f 100644 --- a/test/e2e/modd.conf +++ b/test/e2e/modd.conf @@ -1,3 +1,9 @@ +test/e2e/mock/webhook/*.go { + indir: ./test/e2e/mock/webhook + prep: go build -o ../../.bin/webhook . + daemon +sigterm: ../../.bin/webhook +} + **/*.go !**/*_test.go { prep: go build -tags sqlite,json1 -o test/e2e/.bin/kratos . prep: test/e2e/.bin/kratos migrate sql -e --yes diff --git a/test/e2e/profiles/kratos.base.yml b/test/e2e/profiles/kratos.base.yml index 849d22355ea0..0a7bc25becfe 100644 --- a/test/e2e/profiles/kratos.base.yml +++ b/test/e2e/profiles/kratos.base.yml @@ -36,9 +36,11 @@ serve: base_url: http://kratos:4434/ hashers: - algorithm: bcrypt - bcrypt: - cost: 4 + algorithm: argon2 + argon2: + memory: 1KB + iterations: 1 + parallelism: 1 courier: smtp: diff --git a/test/e2e/profiles/webhooks/.kratos.yml b/test/e2e/profiles/webhooks/.kratos.yml new file mode 100644 index 000000000000..f29486df20e3 --- /dev/null +++ b/test/e2e/profiles/webhooks/.kratos.yml @@ -0,0 +1,57 @@ +selfservice: + flows: + settings: + ui_url: http://localhost:4455/settings + privileged_session_max_age: 5m + + logout: + after: + default_browser_return_url: http://localhost:4455/login + + registration: + ui_url: http://localhost:4455/registration + after: + password: + hooks: + - hook: session + - hook: web_hook + config: + url: http://127.0.0.1:4459/webhook + method: POST + body: file://test/e2e/profiles/webhooks/webhook_body.jsonnet + can_interrupt: true + auth: + type: api_key + config: + name: X-Authorize-Request + value: "1" + in: header + + login: + ui_url: http://localhost:4455/login + after: + password: + hooks: + - hook: web_hook + config: + url: http://127.0.0.1:4459/webhook + method: POST + body: file://test/e2e/profiles/webhooks/webhook_body.jsonnet + can_interrupt: true + auth: + type: api_key + config: + name: X-Authorize-Request + value: "1" + in: header + error: + ui_url: http://localhost:4455/error + verification: + ui_url: http://localhost:4455/verify + recovery: + ui_url: http://localhost:4455/recovery + +identity: + schemas: + - id: default + url: file://test/e2e/profiles/webhooks/identity.traits.schema.json diff --git a/test/e2e/profiles/webhooks/identity.traits.schema.json b/test/e2e/profiles/webhooks/identity.traits.schema.json new file mode 100644 index 000000000000..818b6c0cbfe7 --- /dev/null +++ b/test/e2e/profiles/webhooks/identity.traits.schema.json @@ -0,0 +1,36 @@ +{ + "$id": "https://schemas.ory.sh/presets/kratos/quickstart/email-password/identity.schema.json", + "$schema": "http://json-schema.org/draft-07/schema#", + "title": "Person", + "type": "object", + "properties": { + "traits": { + "type": "object", + "properties": { + "email": { + "type": "string", + "format": "email", + "title": "Your E-Mail", + "minLength": 3, + "ory.sh/kratos": { + "credentials": { + "password": { + "identifier": true + } + } + } + } + }, + "website": { + "title": "Your website", + "type": "string", + "format": "uri", + "minLength": 10 + }, + "required": [ + "email" + ], + "additionalProperties": false + } + } +} diff --git a/test/e2e/profiles/webhooks/webhook_body.jsonnet b/test/e2e/profiles/webhooks/webhook_body.jsonnet new file mode 100644 index 000000000000..e7ec93d254ab --- /dev/null +++ b/test/e2e/profiles/webhooks/webhook_body.jsonnet @@ -0,0 +1,6 @@ +function(ctx) { + identity_id: if std.objectHas(ctx, "identity") then ctx.identity.id else null, + email: if std.objectHas(ctx, "identity") then ctx.identity.traits.email else null, + flow_id: ctx.flow.id, + flow_type: ctx.flow.type +} diff --git a/test/e2e/run.sh b/test/e2e/run.sh index 7a15b34a2b01..e8ec2cc0e9a1 100755 --- a/test/e2e/run.sh +++ b/test/e2e/run.sh @@ -200,7 +200,7 @@ run() { ! nc -zv localhost 4433 ls -la . - for profile in email mobile oidc recovery verification mfa spa network passwordless; do + for profile in email mobile oidc recovery verification mfa spa network passwordless webhooks; do yq ea '. as $item ireduce ({}; . * $item )' test/e2e/profiles/kratos.base.yml "test/e2e/profiles/${profile}/.kratos.yml" > test/e2e/kratos.${profile}.yml cp test/e2e/kratos.email.yml test/e2e/kratos.generated.yml done @@ -214,7 +214,8 @@ run() { http-get://localhost:4456/health/alive \ http-get://localhost:4457/ \ http-get://localhost:4437/mail \ - http-get://localhost:4458/ + http-get://localhost:4458/ \ + http-get://localhost:4459/health if [[ $dev == "yes" ]]; then (cd test/e2e; npm run test:watch --) diff --git a/ui/container/container.go b/ui/container/container.go index c64682ac15a4..8dfa31db119b 100644 --- a/ui/container/container.go +++ b/ui/container/container.go @@ -88,6 +88,17 @@ func NewFromJSON(action string, group node.UiNodeGroup, raw json.RawMessage, pre return c } +// NewFromStruct creates a UI Container based on serialized contents of the provided struct. +func NewFromStruct(action string, group node.UiNodeGroup, v interface{}, prefix string) (*Container, error) { + c := New(action) + data, err := json.Marshal(v) + if err != nil { + return nil, err + } + c.UpdateNodeValuesFromJSON(data, prefix, group) + return c, nil +} + // NewFromJSONSchema creates a new Container and populates the fields // using the provided JSON Schema. func NewFromJSONSchema(ctx context.Context, action string, group node.UiNodeGroup, jsonSchemaRef, prefix string, compiler *jsonschema.Compiler) (*Container, error) { @@ -190,6 +201,13 @@ func (c *Container) ParseError(group node.UiNodeGroup, err error) error { } } return nil + } else if e := new(schema.ValidationListError); errors.As(err, &e) { + for _, ee := range e.Validations { + if err := c.ParseError(group, ee); err != nil { + return err + } + } + return nil } return err } diff --git a/x/provider.go b/x/provider.go index 44cb0499a872..d6311c54adf3 100644 --- a/x/provider.go +++ b/x/provider.go @@ -4,8 +4,10 @@ import ( "context" "github.com/gorilla/sessions" + "github.com/hashicorp/go-retryablehttp" "github.com/ory/herodot" + "github.com/ory/x/httpx" "github.com/ory/x/logrusx" "github.com/ory/x/otelx" ) @@ -28,16 +30,28 @@ type TracingProvider interface { Tracer(ctx context.Context) *otelx.Tracer } -type SimpleLogger struct { +type SimpleLoggerWithClient struct { L *logrusx.Logger + C *retryablehttp.Client + T *otelx.Tracer } -func (s *SimpleLogger) Logger() *logrusx.Logger { +func (s *SimpleLoggerWithClient) Tracer(_ context.Context) *otelx.Tracer { + return s.T +} + +func (s *SimpleLoggerWithClient) Logger() *logrusx.Logger { return s.L } -func (s *SimpleLogger) Audit() *logrusx.Logger { +func (s *SimpleLoggerWithClient) Audit() *logrusx.Logger { return s.L } -var _ LoggingProvider = (*SimpleLogger)(nil) +func (s *SimpleLoggerWithClient) HTTPClient(_ context.Context, _ ...httpx.ResilientOptions) *retryablehttp.Client { + return s.C +} + +var _ LoggingProvider = (*SimpleLoggerWithClient)(nil) +var _ HTTPClientProvider = (*SimpleLoggerWithClient)(nil) +var _ TracingProvider = (*SimpleLoggerWithClient)(nil) From 98edbfbc15ab0a615dec775f2f45741b70f8eeea Mon Sep 17 00:00:00 2001 From: hackerman <3372410+aeneasr@users.noreply.github.com> Date: Sat, 23 Jul 2022 08:10:02 +0200 Subject: [PATCH 181/411] ci: update project action --- .github/workflows/pm.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/pm.yml b/.github/workflows/pm.yml index bcb6bb0237cf..d96056231364 100644 --- a/.github/workflows/pm.yml +++ b/.github/workflows/pm.yml @@ -13,7 +13,7 @@ jobs: name: Add issue to project runs-on: ubuntu-latest steps: - - uses: actions/add-to-project@v0.2.0 + - uses: actions/add-to-project@v0.3.0 with: project-url: https://github.com/orgs/ory-corp/projects/5 github-token: ${{ secrets.ORY_BOT_PAT }} From 73ed1923574ae6bc4249db7103dbddcc887a8df2 Mon Sep 17 00:00:00 2001 From: hackerman <3372410+aeneasr@users.noreply.github.com> Date: Sat, 23 Jul 2022 08:11:52 +0200 Subject: [PATCH 182/411] ci: ignore schema YAMLs --- .prettierignore | 1 + 1 file changed, 1 insertion(+) create mode 100644 .prettierignore diff --git a/.prettierignore b/.prettierignore new file mode 100644 index 000000000000..7ecf7b391740 --- /dev/null +++ b/.prettierignore @@ -0,0 +1 @@ +.schema/ From 4e5aac2b7793ac573d8ed3f6d1b5263ff2780490 Mon Sep 17 00:00:00 2001 From: ory-bot <60093411+ory-bot@users.noreply.github.com> Date: Sat, 23 Jul 2022 06:53:54 +0000 Subject: [PATCH 183/411] autogen(docs): regenerate and update changelog [skip ci] --- CHANGELOG.md | 10183 +++++++++++++++++++++++++++++++++---------------- 1 file changed, 6798 insertions(+), 3385 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 2a64e83c0178..bc12de4e429f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,24 +4,27 @@ **Table of Contents** -- [ (2022-07-12)](#2022-07-12) +- [ (2022-07-23)](#2022-07-23) + - [Breaking Changes](#breaking-changes) - [Bug Fixes](#bug-fixes) + - [Code Refactoring](#code-refactoring) - [Documentation](#documentation) - [Features](#features) + - [Tests](#tests) - [0.10.1 (2022-06-01)](#0101-2022-06-01) - [Bug Fixes](#bug-fixes-1) - [Code Generation](#code-generation) - [0.10.0 (2022-05-30)](#0100-2022-05-30) - - [Breaking Changes](#breaking-changes) + - [Breaking Changes](#breaking-changes-1) - [Bug Fixes](#bug-fixes-2) - [Code Generation](#code-generation-1) - - [Code Refactoring](#code-refactoring) + - [Code Refactoring](#code-refactoring-1) - [Documentation](#documentation-1) - [Features](#features-1) - - [Tests](#tests) + - [Tests](#tests-1) - [Unclassified](#unclassified) - [0.9.0-alpha.3 (2022-03-25)](#090-alpha3-2022-03-25) - - [Breaking Changes](#breaking-changes-1) + - [Breaking Changes](#breaking-changes-2) - [Bug Fixes](#bug-fixes-3) - [Code Generation](#code-generation-2) - [Documentation](#documentation-2) @@ -29,39 +32,39 @@ - [Bug Fixes](#bug-fixes-4) - [Code Generation](#code-generation-3) - [0.9.0-alpha.1 (2022-03-21)](#090-alpha1-2022-03-21) - - [Breaking Changes](#breaking-changes-2) + - [Breaking Changes](#breaking-changes-3) - [Bug Fixes](#bug-fixes-5) - [Code Generation](#code-generation-4) - - [Code Refactoring](#code-refactoring-1) + - [Code Refactoring](#code-refactoring-2) - [Documentation](#documentation-3) - [Features](#features-2) - - [Tests](#tests-1) + - [Tests](#tests-2) - [Unclassified](#unclassified-1) - [0.8.2-alpha.1 (2021-12-17)](#082-alpha1-2021-12-17) - [Bug Fixes](#bug-fixes-6) - [Code Generation](#code-generation-5) - [Documentation](#documentation-4) - [0.8.1-alpha.1 (2021-12-13)](#081-alpha1-2021-12-13) - - [Breaking Changes](#breaking-changes-3) + - [Breaking Changes](#breaking-changes-4) - [Bug Fixes](#bug-fixes-7) - [Code Generation](#code-generation-6) - [Documentation](#documentation-5) - [Features](#features-3) - - [Tests](#tests-2) + - [Tests](#tests-3) - [0.8.0-alpha.3 (2021-10-28)](#080-alpha3-2021-10-28) - [Bug Fixes](#bug-fixes-8) - [Code Generation](#code-generation-7) - [0.8.0-alpha.2 (2021-10-28)](#080-alpha2-2021-10-28) - [Code Generation](#code-generation-8) - [0.8.0-alpha.1 (2021-10-27)](#080-alpha1-2021-10-27) - - [Breaking Changes](#breaking-changes-4) + - [Breaking Changes](#breaking-changes-5) - [Bug Fixes](#bug-fixes-9) - [Code Generation](#code-generation-9) - - [Code Refactoring](#code-refactoring-2) + - [Code Refactoring](#code-refactoring-3) - [Documentation](#documentation-6) - [Features](#features-4) - [Reverts](#reverts) - - [Tests](#tests-3) + - [Tests](#tests-4) - [Unclassified](#unclassified-2) - [0.7.6-alpha.1 (2021-09-12)](#076-alpha1-2021-09-12) - [Code Generation](#code-generation-10) @@ -72,7 +75,7 @@ - [Code Generation](#code-generation-12) - [Documentation](#documentation-7) - [Features](#features-5) - - [Tests](#tests-4) + - [Tests](#tests-5) - [0.7.3-alpha.1 (2021-08-28)](#073-alpha1-2021-08-28) - [Bug Fixes](#bug-fixes-11) - [Code Generation](#code-generation-13) @@ -82,21 +85,21 @@ - [Bug Fixes](#bug-fixes-12) - [Code Generation](#code-generation-14) - [Documentation](#documentation-9) - - [Tests](#tests-5) + - [Tests](#tests-6) - [0.7.0-alpha.1 (2021-07-13)](#070-alpha1-2021-07-13) - - [Breaking Changes](#breaking-changes-5) + - [Breaking Changes](#breaking-changes-6) - [Bug Fixes](#bug-fixes-13) - [Code Generation](#code-generation-15) - - [Code Refactoring](#code-refactoring-3) + - [Code Refactoring](#code-refactoring-4) - [Documentation](#documentation-10) - [Features](#features-7) - - [Tests](#tests-6) + - [Tests](#tests-7) - [Unclassified](#unclassified-3) - [0.6.3-alpha.1 (2021-05-17)](#063-alpha1-2021-05-17) - - [Breaking Changes](#breaking-changes-6) + - [Breaking Changes](#breaking-changes-7) - [Bug Fixes](#bug-fixes-14) - [Code Generation](#code-generation-16) - - [Code Refactoring](#code-refactoring-4) + - [Code Refactoring](#code-refactoring-5) - [0.6.2-alpha.1 (2021-05-14)](#062-alpha1-2021-05-14) - [Code Generation](#code-generation-17) - [Documentation](#documentation-11) @@ -108,25 +111,25 @@ - [Code Generation](#code-generation-19) - [Features](#features-9) - [0.6.0-alpha.1 (2021-05-05)](#060-alpha1-2021-05-05) - - [Breaking Changes](#breaking-changes-7) + - [Breaking Changes](#breaking-changes-8) - [Bug Fixes](#bug-fixes-16) - [Code Generation](#code-generation-20) - - [Code Refactoring](#code-refactoring-5) + - [Code Refactoring](#code-refactoring-6) - [Documentation](#documentation-12) - [Features](#features-10) - - [Tests](#tests-7) + - [Tests](#tests-8) - [Unclassified](#unclassified-4) - [0.5.5-alpha.1 (2020-12-09)](#055-alpha1-2020-12-09) - [Bug Fixes](#bug-fixes-17) - [Code Generation](#code-generation-21) - [Documentation](#documentation-13) - [Features](#features-11) - - [Tests](#tests-8) + - [Tests](#tests-9) - [Unclassified](#unclassified-5) - [0.5.4-alpha.1 (2020-11-11)](#054-alpha1-2020-11-11) - [Bug Fixes](#bug-fixes-18) - [Code Generation](#code-generation-22) - - [Code Refactoring](#code-refactoring-6) + - [Code Refactoring](#code-refactoring-7) - [Documentation](#documentation-14) - [Features](#features-12) - [0.5.3-alpha.1 (2020-10-27)](#053-alpha1-2020-10-27) @@ -134,27 +137,27 @@ - [Code Generation](#code-generation-23) - [Documentation](#documentation-15) - [Features](#features-13) - - [Tests](#tests-9) + - [Tests](#tests-10) - [0.5.2-alpha.1 (2020-10-22)](#052-alpha1-2020-10-22) - [Bug Fixes](#bug-fixes-20) - [Code Generation](#code-generation-24) - [Documentation](#documentation-16) - - [Tests](#tests-10) + - [Tests](#tests-11) - [0.5.1-alpha.1 (2020-10-20)](#051-alpha1-2020-10-20) - [Bug Fixes](#bug-fixes-21) - [Code Generation](#code-generation-25) - [Documentation](#documentation-17) - [Features](#features-14) - - [Tests](#tests-11) + - [Tests](#tests-12) - [Unclassified](#unclassified-6) - [0.5.0-alpha.1 (2020-10-15)](#050-alpha1-2020-10-15) - - [Breaking Changes](#breaking-changes-8) + - [Breaking Changes](#breaking-changes-9) - [Bug Fixes](#bug-fixes-22) - [Code Generation](#code-generation-26) - - [Code Refactoring](#code-refactoring-7) + - [Code Refactoring](#code-refactoring-8) - [Documentation](#documentation-18) - [Features](#features-15) - - [Tests](#tests-12) + - [Tests](#tests-13) - [Unclassified](#unclassified-7) - [0.4.6-alpha.1 (2020-07-13)](#046-alpha1-2020-07-13) - [Bug Fixes](#bug-fixes-23) @@ -173,18 +176,18 @@ - [Bug Fixes](#bug-fixes-27) - [Code Generation](#code-generation-31) - [0.4.0-alpha.1 (2020-07-08)](#040-alpha1-2020-07-08) - - [Breaking Changes](#breaking-changes-9) + - [Breaking Changes](#breaking-changes-10) - [Bug Fixes](#bug-fixes-28) - [Code Generation](#code-generation-32) - - [Code Refactoring](#code-refactoring-8) + - [Code Refactoring](#code-refactoring-9) - [Documentation](#documentation-20) - [Features](#features-16) - [Unclassified](#unclassified-8) - [0.3.0-alpha.1 (2020-05-15)](#030-alpha1-2020-05-15) - - [Breaking Changes](#breaking-changes-10) + - [Breaking Changes](#breaking-changes-11) - [Bug Fixes](#bug-fixes-29) - [Chores](#chores) - - [Code Refactoring](#code-refactoring-9) + - [Code Refactoring](#code-refactoring-10) - [Documentation](#documentation-21) - [Features](#features-17) - [Unclassified](#unclassified-9) @@ -192,20 +195,20 @@ - [Chores](#chores-1) - [Documentation](#documentation-22) - [0.2.0-alpha.2 (2020-05-04)](#020-alpha2-2020-05-04) - - [Breaking Changes](#breaking-changes-11) + - [Breaking Changes](#breaking-changes-12) - [Bug Fixes](#bug-fixes-30) - [Chores](#chores-2) - - [Code Refactoring](#code-refactoring-10) + - [Code Refactoring](#code-refactoring-11) - [Documentation](#documentation-23) - [Features](#features-18) - [Unclassified](#unclassified-10) - [0.1.1-alpha.1 (2020-02-18)](#011-alpha1-2020-02-18) - [Bug Fixes](#bug-fixes-31) - - [Code Refactoring](#code-refactoring-11) + - [Code Refactoring](#code-refactoring-12) - [Documentation](#documentation-24) - [0.1.0-alpha.6 (2020-02-16)](#010-alpha6-2020-02-16) - [Bug Fixes](#bug-fixes-32) - - [Code Refactoring](#code-refactoring-12) + - [Code Refactoring](#code-refactoring-13) - [Documentation](#documentation-25) - [Features](#features-19) - [0.1.0-alpha.5 (2020-02-06)](#010-alpha5-2020-02-06) @@ -260,74 +263,202 @@ -# [](https://github.com/ory/kratos/compare/v0.10.1...v) (2022-07-12) +# [](https://github.com/ory/kratos/compare/v0.10.1...v) (2022-07-23) + +## Breaking Changes +SDK Method `getJsonSchema` was renamed to `getIdentitySchema`. ### Bug Fixes -* Add issuerURL for apple id ([#2565](https://github.com/ory/kratos/issues/2565)) ([2aeb0a2](https://github.com/ory/kratos/commit/2aeb0a210e6e6433f1a9d9e6a75b21b8e3083239)): +- Add issuerURL for apple id + ([#2565](https://github.com/ory/kratos/issues/2565)) + ([2aeb0a2](https://github.com/ory/kratos/commit/2aeb0a210e6e6433f1a9d9e6a75b21b8e3083239)): + + No issuer url was specified when using the Apple ID provider, this forced + usersers to manually enter it in the provider config. + + This PR adds the Apple ID issuer url to the provider simplifying the setup. + +- Add support for verified Graph API calls for facebook oidc provider + ([#2547](https://github.com/ory/kratos/issues/2547)) + ([1ba7c66](https://github.com/ory/kratos/commit/1ba7c66fc4897b676690f0ac701a0b68aee4f151)) +- Bump docker image ([#2594](https://github.com/ory/kratos/issues/2594)) + ([071c885](https://github.com/ory/kratos/commit/071c885d8231a1a66051002ecfcff5c8e5237085)) +- Bump graceful to deal with http header timeouts + ([9ce2d26](https://github.com/ory/kratos/commit/9ce2d260338f020e2da077e81464e520883f582b)) +- **cli:** Dry up code ([#2572](https://github.com/ory/kratos/issues/2572)) + ([d1b6b40](https://github.com/ory/kratos/commit/d1b6b40aa9dcc7a3ec9237eec28c4fa55f0b8627)) +- **docker:** Update images + ([b5f80c1](https://github.com/ory/kratos/commit/b5f80c1198e4bb9ed392521daca934548eb21ee6)) +- Duplicate messages in recovery flow + ([#2592](https://github.com/ory/kratos/issues/2592)) + ([43fcc51](https://github.com/ory/kratos/commit/43fcc51b9bf6996fc4f7b0ef797189eb8f3978dc)) +- Format + ([0934def](https://github.com/ory/kratos/commit/0934defff7a0d56e712af98c1cec87c60b3c934b)) +- Gosec false positives + ([e3e7ed0](https://github.com/ory/kratos/commit/e3e7ed08f5ce47fc794bd5c093018cee51baf689)) +- **identity:** Migrate identity_addresses to lower case + ([#2517](https://github.com/ory/kratos/issues/2517)) + ([c058e23](https://github.com/ory/kratos/commit/c058e23599d994e12b676e87f7282c1f2b2e089c)), + closes [#2426](https://github.com/ory/kratos/issues/2426) +- Make hydra consistently localhost + ([70211a1](https://github.com/ory/kratos/commit/70211a17a452d5ced8317822afda3f8e6185cc71)) +- Make ID field in VerifiableAddress struct optional + ([#2507](https://github.com/ory/kratos/issues/2507)) + ([0844b47](https://github.com/ory/kratos/commit/0844b47c30851c548d46273927afee103cdc0e97)), + closes [#2506](https://github.com/ory/kratos/issues/2506) +- Mark gosec false positives + ([13eaddb](https://github.com/ory/kratos/commit/13eaddb7babe630750361c6d8f3ffc736898ddec)) +- Metadata should not be required + ([05afd68](https://github.com/ory/kratos/commit/05afd68381abe58c5e7cdd51cbf0ae409f5f0eb0)) +- Panic + ([1182278](https://github.com/ory/kratos/commit/11822789c1561b27c2d769c9ea53a81835702f4a)) +- Potentially resolve tx issue in crdb + ([#2595](https://github.com/ory/kratos/issues/2595)) + ([9d22035](https://github.com/ory/kratos/commit/9d22035695b6a793ac4bc5e2bd0a68b3aeea039c)) +- Re-issue outdated cookie in /whoami + ([#2598](https://github.com/ory/kratos/issues/2598)) + ([bf6f27e](https://github.com/ory/kratos/commit/bf6f27e37b8aa342ae002e0a9f227a31e0f7c279)), + closes [#2562](https://github.com/ory/kratos/issues/2562) +- Remove newline sign from email subject + ([#2576](https://github.com/ory/kratos/issues/2576)) + ([ca3d9c2](https://github.com/ory/kratos/commit/ca3d9c24e25ce501e9eae23547f87e1c35b2ea97)) +- Return browser to 'return_to' when logging in without registered account using + oidc. ([#2496](https://github.com/ory/kratos/issues/2496)) + ([a4194f5](https://github.com/ory/kratos/commit/a4194f58dd4ccecca6698d5b43284d857a70a221)), + closes [#2444](https://github.com/ory/kratos/issues/2444) +- Return empty array not null when there are no sessions + ([#2548](https://github.com/ory/kratos/issues/2548)) + ([fffba47](https://github.com/ory/kratos/commit/fffba473440fec3118a3951b697d5a0d2d4e30d6)) +- **sdk:** Make InputAttributes.Type an enum + ([ff6190f](https://github.com/ory/kratos/commit/ff6190f31f538cf8ed735dfd1bb3b7afcd944c36)) +- Unable to find JSON Schema ID: default + ([#2393](https://github.com/ory/kratos/issues/2393)) + ([f43396b](https://github.com/ory/kratos/commit/f43396bdc03f89812f026c2a94b0b50100134c23)) +- Use correct download location for golangci-lint + ([c36ca53](https://github.com/ory/kratos/commit/c36ca53d4552596e62ec323795c3bf21438d4f26)) +- Use errors instead of fatal for serve cmd + ([02f7e9c](https://github.com/ory/kratos/commit/02f7e9cfd17ab60c3f38aab3ae977c427b26990d)) - No issuer url was specified when using the Apple ID provider, - this forced usersers to manually enter it in the provider config. - - This PR adds the Apple ID issuer url to the provider simplifying the setup. +### Code Refactoring -* Add support for verified Graph API calls for facebook oidc provider ([#2547](https://github.com/ory/kratos/issues/2547)) ([1ba7c66](https://github.com/ory/kratos/commit/1ba7c66fc4897b676690f0ac701a0b68aee4f151)) -* **identity:** Migrate identity_addresses to lower case ([#2517](https://github.com/ory/kratos/issues/2517)) ([c058e23](https://github.com/ory/kratos/commit/c058e23599d994e12b676e87f7282c1f2b2e089c)), closes [#2426](https://github.com/ory/kratos/issues/2426) -* Make ID field in VerifiableAddress struct optional ([#2507](https://github.com/ory/kratos/issues/2507)) ([0844b47](https://github.com/ory/kratos/commit/0844b47c30851c548d46273927afee103cdc0e97)), closes [#2506](https://github.com/ory/kratos/issues/2506) -* Remove newline sign from email subject ([#2576](https://github.com/ory/kratos/issues/2576)) ([ca3d9c2](https://github.com/ory/kratos/commit/ca3d9c24e25ce501e9eae23547f87e1c35b2ea97)) -* Return empty array not null when there are no sessions ([#2548](https://github.com/ory/kratos/issues/2548)) ([fffba47](https://github.com/ory/kratos/commit/fffba473440fec3118a3951b697d5a0d2d4e30d6)) -* **sdk:** Make InputAttributes.Type an enum ([ff6190f](https://github.com/ory/kratos/commit/ff6190f31f538cf8ed735dfd1bb3b7afcd944c36)) -* Unable to find JSON Schema ID: default ([#2393](https://github.com/ory/kratos/issues/2393)) ([f43396b](https://github.com/ory/kratos/commit/f43396bdc03f89812f026c2a94b0b50100134c23)) +- **sdk:** Rename `getJsonSchema` to `getIdentitySchema` + ([#2606](https://github.com/ory/kratos/issues/2606)) + ([8dc2ecf](https://github.com/ory/kratos/commit/8dc2ecf4919c9a14ef0bd089677de66ab3cfed92)) ### Documentation -* Fix badge ([dbb7506](https://github.com/ory/kratos/commit/dbb7506ec1a5a2b5bef21cb7838b6c86e755f0f9)) -* **sdk:** Incorrect URL ([#2521](https://github.com/ory/kratos/issues/2521)) ([ac6c4cc](https://github.com/ory/kratos/commit/ac6c4ccfc1901d38855ecd9991ef8de80e9d7c40)) -* Update README ([5da4c6b](https://github.com/ory/kratos/commit/5da4c6b934b1b820d4a6ca67621855e87ecef773)) -* Update readme badges ([7136e94](https://github.com/ory/kratos/commit/7136e94028dc64877e887776a1ccafb8826ce23c)) -* Write messages as single json document ([#2519](https://github.com/ory/kratos/issues/2519)) ([3d8cf38](https://github.com/ory/kratos/commit/3d8cf38ef05c6ca5edf1161846c63bd3a23d9adc)), closes [#2498](https://github.com/ory/kratos/issues/2498) +- Fix badge + ([dbb7506](https://github.com/ory/kratos/commit/dbb7506ec1a5a2b5bef21cb7838b6c86e755f0f9)) +- **sdk:** Identifier is actually required + ([#2593](https://github.com/ory/kratos/issues/2593)) + ([f89d279](https://github.com/ory/kratos/commit/f89d2794d8a2122e3f86eeb8aa5d554da32e753e)) +- **sdk:** Incorrect URL ([#2521](https://github.com/ory/kratos/issues/2521)) + ([ac6c4cc](https://github.com/ory/kratos/commit/ac6c4ccfc1901d38855ecd9991ef8de80e9d7c40)) +- Update README + ([5da4c6b](https://github.com/ory/kratos/commit/5da4c6b934b1b820d4a6ca67621855e87ecef773)) +- Update readme badges + ([7136e94](https://github.com/ory/kratos/commit/7136e94028dc64877e887776a1ccafb8826ce23c)) +- Write messages as single json document + ([#2519](https://github.com/ory/kratos/issues/2519)) + ([3d8cf38](https://github.com/ory/kratos/commit/3d8cf38ef05c6ca5edf1161846c63bd3a23d9adc)), + closes [#2498](https://github.com/ory/kratos/issues/2498) ### Features -* Add autocomplete attributes ([#2523](https://github.com/ory/kratos/issues/2523)) ([6284a9a](https://github.com/ory/kratos/commit/6284a9a5152924018d85f306e5758e9d8d759283)), closes [#2396](https://github.com/ory/kratos/issues/2396) -* Add codecov yaml ([90da0bb](https://github.com/ory/kratos/commit/90da0bb4aeb50ed697c998342300cc56de5d5e1c)) -* Add DingTalk social login ([#2494](https://github.com/ory/kratos/issues/2494)) ([7b966bd](https://github.com/ory/kratos/commit/7b966bd16333f419b2a57f2a0b8684d6d86b34e6)) -* Add identity id to "account disabled" error ([#2557](https://github.com/ory/kratos/issues/2557)) ([f09b1b3](https://github.com/ory/kratos/commit/f09b1b3701c6deda4d25cebb7ccf2e97089be32a)) -* **cli:** Helper for cleaning up stale records ([#2406](https://github.com/ory/kratos/issues/2406)) ([29d6376](https://github.com/ory/kratos/commit/29d6376e22e4de617ec63ca0a5dcb4dbf34c7c37)), closes [#952](https://github.com/ory/kratos/issues/952) -* Handler for update API with credentials ([#2423](https://github.com/ory/kratos/issues/2423)) ([561187d](https://github.com/ory/kratos/commit/561187dafe2fea324d55c4efe3ffa6b65f9bed72)), closes [#2334](https://github.com/ory/kratos/issues/2334) +- Add autocomplete attributes + ([#2523](https://github.com/ory/kratos/issues/2523)) + ([6284a9a](https://github.com/ory/kratos/commit/6284a9a5152924018d85f306e5758e9d8d759283)), + closes [#2396](https://github.com/ory/kratos/issues/2396) +- Add codecov yaml + ([90da0bb](https://github.com/ory/kratos/commit/90da0bb4aeb50ed697c998342300cc56de5d5e1c)) +- Add DingTalk social login ([#2494](https://github.com/ory/kratos/issues/2494)) + ([7b966bd](https://github.com/ory/kratos/commit/7b966bd16333f419b2a57f2a0b8684d6d86b34e6)) +- Add identity id to "account disabled" error + ([#2557](https://github.com/ory/kratos/issues/2557)) + ([f09b1b3](https://github.com/ory/kratos/commit/f09b1b3701c6deda4d25cebb7ccf2e97089be32a)) +- Add PATCH to adminUpdateIdentity + ([#2380](https://github.com/ory/kratos/issues/2380)) + ([#2471](https://github.com/ory/kratos/issues/2471)) + ([94a3741](https://github.com/ory/kratos/commit/94a37416011086582e309f62dc2c45ca84083a33)) +- Allow setting public and admin metadata with the jsonnet data mapper + ([#2569](https://github.com/ory/kratos/issues/2569)) + ([aa6eb13](https://github.com/ory/kratos/commit/aa6eb13c1c42c11354074553fac9c90ee0a8999e)), + closes [#2552](https://github.com/ory/kratos/issues/2552) +- **cli:** Helper for cleaning up stale records + ([#2406](https://github.com/ory/kratos/issues/2406)) + ([29d6376](https://github.com/ory/kratos/commit/29d6376e22e4de617ec63ca0a5dcb4dbf34c7c37)), + closes [#952](https://github.com/ory/kratos/issues/952) +- Handler for update API with credentials + ([#2423](https://github.com/ory/kratos/issues/2423)) + ([561187d](https://github.com/ory/kratos/commit/561187dafe2fea324d55c4efe3ffa6b65f9bed72)), + closes [#2334](https://github.com/ory/kratos/issues/2334) +- Implement blocking webhooks + ([#1585](https://github.com/ory/kratos/issues/1585)) + ([e48e9fa](https://github.com/ory/kratos/commit/e48e9fac7ab6a982e0e941bfea1d15569eb53582)), + closes [#1724](https://github.com/ory/kratos/issues/1724) + [#1483](https://github.com/ory/kratos/issues/1483) +### Tests + +- **e2e:** Add typescript + ([37018c0](https://github.com/ory/kratos/commit/37018c0161d0affe88c9f2574d043f337579e4a9)) +- **e2e:** Fix flaky assertions + ([21a8487](https://github.com/ory/kratos/commit/21a8487f984168abbc7279c590c66822414c718e)) +- **e2e:** Fix webauthn regression + ([26001e7](https://github.com/ory/kratos/commit/26001e7544b60ad0004153773a21c1d04abf9987)) +- **e2e:** Improve webauthn test reliability + ([4d323d0](https://github.com/ory/kratos/commit/4d323d01b53b9f7b0dc346211ac4fda0626d357a)) +- **e2e:** Migrate to cypress 10.x + ([317fab0](https://github.com/ory/kratos/commit/317fab0fe76a2762a77b3d2f8a75735598cb1c0e)) +- **e2e:** Resolve flaky hydra configuration + ([d8c82da](https://github.com/ory/kratos/commit/d8c82dabad4f04874647c48ecbf0eda91c7c90fa)) +- **e2e:** Use correct dir + ([907dbe3](https://github.com/ory/kratos/commit/907dbe3f605d5be5038ddc06029082b2df0914e2)) +- Fix broken assertions + ([e5f1311](https://github.com/ory/kratos/commit/e5f131138243ad5806c7927dd5a642d029cfad6c)) +- Fix oidc test regression + ([6c14b68](https://github.com/ory/kratos/commit/6c14b682d0984175495051308985281d72c0988e)) +- Parallelize and speed up config tests + ([#2611](https://github.com/ory/kratos/issues/2611)) + ([d8dea01](https://github.com/ory/kratos/commit/d8dea0138b09d4dff3c30aa14e0e99e423b355fe)) +- Try and recover from allocated port error + ([3b5ac5f](https://github.com/ory/kratos/commit/3b5ac5ff03b653191c1979fe1e4e9a4ea3ed7d36)) # [0.10.1](https://github.com/ory/kratos/compare/v0.10.0...v0.10.1) (2022-06-01) Re-release the SDK. - - - - ### Bug Fixes -* Bump ory cli ([12ceae0](https://github.com/ory/kratos/commit/12ceae005749c5dd01959720925418d643f13070)) +- Bump ory cli + ([12ceae0](https://github.com/ory/kratos/commit/12ceae005749c5dd01959720925418d643f13070)) ### Code Generation -* Pin v0.10.1 release commit ([ab16580](https://github.com/ory/kratos/commit/ab16580b4326250885b920198b280456eb873a6b)) - +- Pin v0.10.1 release commit + ([ab16580](https://github.com/ory/kratos/commit/ab16580b4326250885b920198b280456eb873a6b)) # [0.10.0](https://github.com/ory/kratos/compare/v0.9.0-alpha.3...v0.10.0) (2022-05-30) -We achieved a major milestone - Ory Kratos is out of alpha! Ory Kratos had no major changes in the APIs for the last months and feel confident that no large breaking changes will need to be introduced in the near future. - -This release focuses on quality-of-live improvements, resolves several bugs, irons out developer experience issues, and introduces session renew capabilities! - +We achieved a major milestone - Ory Kratos is out of alpha! Ory Kratos had no +major changes in the APIs for the last months and feel confident that no large +breaking changes will need to be introduced in the near future. +This release focuses on quality-of-live improvements, resolves several bugs, +irons out developer experience issues, and introduces session renew +capabilities! ## Breaking Changes -Please be aware that the SDK method signatures for `submitSelfServiceRecoveryFlow`, `submitSelfServiceRegistrationFlow`, `submitSelfServiceLoginFlow`, `submitSelfServiceSettingsFlow`, `submitSelfServiceVerificationFlow` might have changed in your SDK. +Please be aware that the SDK method signatures for +`submitSelfServiceRecoveryFlow`, `submitSelfServiceRegistrationFlow`, +`submitSelfServiceLoginFlow`, `submitSelfServiceSettingsFlow`, +`submitSelfServiceVerificationFlow` might have changed in your SDK. -This patch moves several CLI command to comply with the Ory CLI command structure: +This patch moves several CLI command to comply with the Ory CLI command +structure: ```patch - ory identities get ... @@ -352,7 +483,8 @@ This patch moves several CLI command to comply with the Ory CLI command structur + ory lint jsonnet ... ``` -This patch moves several CLI command to comply with the Ory CLI command structure: +This patch moves several CLI command to comply with the Ory CLI command +structure: ```patch - ory identities get ... @@ -377,206 +509,362 @@ This patch moves several CLI command to comply with the Ory CLI command structur + ory lint jsonnet ... ``` - - ### Bug Fixes -* Add flow id when return_to is passed to the verification ([#2482](https://github.com/ory/kratos/issues/2482)) ([c2b1c23](https://github.com/ory/kratos/commit/c2b1c2303cd0587b9419d500f2e3d5f9c9c80ad4)) -* Add indices for slow queries ([e0cdbc9](https://github.com/ory/kratos/commit/e0cdbc9ab3389de0f65b37758d86bea56d294d64)) -* Add legacy session value ([ecfd052](https://github.com/ory/kratos/commit/ecfd05216f5ebb70f1617595d2d398cf1fa3c660)), closes [#2398](https://github.com/ory/kratos/issues/2398) -* **auth0:** Created_at workaround ([#2492](https://github.com/ory/kratos/issues/2492)) ([52a965d](https://github.com/ory/kratos/commit/52a965dc7e4ac868d21261cb44576846426bffa5)), closes [#2485](https://github.com/ory/kratos/issues/2485) -* Avoid excessive memory allocations in HIBP cache ([#2389](https://github.com/ory/kratos/issues/2389)) ([ee2d410](https://github.com/ory/kratos/commit/ee2d41057a7e6cb2c57c6304c2e7bbf5ad7c56da)), closes [#2354](https://github.com/ory/kratos/issues/2354) -* Change SQLite database mode to 0600 ([#2344](https://github.com/ory/kratos/issues/2344)) ([0e5d3b7](https://github.com/ory/kratos/commit/0e5d3b7726a8923fbc2a4c10ec18f0ba97ffbcff)): - - The default mode is 0644, which is allows broader access than necessary. - -* Compile issues from merge conflict ([#2419](https://github.com/ory/kratos/issues/2419)) ([85a90c8](https://github.com/ory/kratos/commit/85a90c892d785b834cbdf8d029315550210444e2)) -* Correct location ([b249aaa](https://github.com/ory/kratos/commit/b249aaad97eabc88c269265359a33cea920ef7f2)) -* **courier:** Add ability to specify backoff ([#2349](https://github.com/ory/kratos/issues/2349)) ([bf970f3](https://github.com/ory/kratos/commit/bf970f32f571164b8081f09f602a3473e079194e)) -* Do not expose debug in a response when a schema is not found ([#2348](https://github.com/ory/kratos/issues/2348)) ([aee2b1e](https://github.com/ory/kratos/commit/aee2b1ed1189b57fcbb1aaa456444d5121be94b1)) -* Do not fail release if no changes needed ([114c93e](https://github.com/ory/kratos/commit/114c93eb48c242702b72d7785da70bd31d858214)) -* **Dockerfile:** Use existing builder base image ([#2390](https://github.com/ory/kratos/issues/2390)) ([37de25a](https://github.com/ory/kratos/commit/37de25a541a24e03407ecf344fb750775e48c782)) -* Embed schema ([b797bba](https://github.com/ory/kratos/commit/b797bba5910dfd925a11fb86e2dbd14b5dd839d9)) -* Get user first name and last name from Apple ([#2331](https://github.com/ory/kratos/issues/2331)) ([4779909](https://github.com/ory/kratos/commit/47799098b35ea1cf5a1163f57d872a5bb2242d97)) -* Improve error reporting from OpenAPI ([8a1009b](https://github.com/ory/kratos/commit/8a1009b16653df13485bab8e33926967c449bf4e)) -* Improve performance of identity schema call ([af28de2](https://github.com/ory/kratos/commit/af28de267f21cd72953f3f353d8fd587937b2249)) -* Internal Server Error on Empty PUT /identities/id body ([#2417](https://github.com/ory/kratos/issues/2417)) ([5a50231](https://github.com/ory/kratos/commit/5a50231b553aaa64bd90a3d2cd1be9d2e3aba9ac)) -* Load return_to and append to errors ([#2333](https://github.com/ory/kratos/issues/2333)) ([5efe4a3](https://github.com/ory/kratos/commit/5efe4a33e35e74d248d4eec43dc901b7b6334037)), closes [#2275](https://github.com/ory/kratos/issues/2275) [#2279](https://github.com/ory/kratos/issues/2279) [#2285](https://github.com/ory/kratos/issues/2285) -* Make delete formattable ([0005f35](https://github.com/ory/kratos/commit/0005f357a049ecbf94d76a1e73434837753a04ea)) -* Mark body as required ([#2479](https://github.com/ory/kratos/issues/2479)) ([c9ae117](https://github.com/ory/kratos/commit/c9ae1175340993cfc93db436c06462c80935ea2a)) -* New issue templates ([b9ad684](https://github.com/ory/kratos/commit/b9ad684311ee8c654b2fa382010315e892581f5c)) -* Openapi regression ([#2465](https://github.com/ory/kratos/issues/2465)) ([37a3369](https://github.com/ory/kratos/commit/37a3369cea8ed5af34e8324a291a7d7dba0eb43a)) -* Quickstart docker-compose ([#2490](https://github.com/ory/kratos/issues/2490)) ([9717762](https://github.com/ory/kratos/commit/97177629c715028affbc294bdd432fd6c954d5ad)), closes [#2488](https://github.com/ory/kratos/issues/2488) -* Refresh is always false when session exists ([d3436d7](https://github.com/ory/kratos/commit/d3436d7fa17589d91e25c9f0bd66bc3bb5b150fa)), closes [#2341](https://github.com/ory/kratos/issues/2341) -* Remove required legacy field ([#2410](https://github.com/ory/kratos/issues/2410)) ([638d45c](https://github.com/ory/kratos/commit/638d45caf480b7287c9762cbf3c593217f40e3e8)) -* Remove wrong templates ([4fe2d25](https://github.com/ory/kratos/commit/4fe2d25dd68033a8d7b3dd5f62d87b23a7ba361d)) -* Reorder transactions ([78ca4c6](https://github.com/ory/kratos/commit/78ca4c6ca5a49b0800d9c34954638a926d80078b)) -* Resolve index naming issues ([d5550b5](https://github.com/ory/kratos/commit/d5550b5ddc4e1677e4c4f808578f573760c6581e)) -* Resolve MySQL index issues ([50bdba9](https://github.com/ory/kratos/commit/50bdba9f1117c60e80e153416bc997187b4a60b7)) -* Resolve otelx panics ([6613a02](https://github.com/ory/kratos/commit/6613a02b8fd5f6f06e9b6301bdc39037771b3d9b)) -* **sdk:** Improved OpenAPI specifications for UI nodes ([#2375](https://github.com/ory/kratos/issues/2375)) ([a42a0f7](https://github.com/ory/kratos/commit/a42a0f772af3625c457032d6dcc34289a62acc61)), closes [#2357](https://github.com/ory/kratos/issues/2357) -* Serve.admin.request_log.disable_for_health behaviour ([#2399](https://github.com/ory/kratos/issues/2399)) ([0a381fa](https://github.com/ory/kratos/commit/0a381fa3d702f77e614d0492dafa3ac2cd102c7e)) -* **sql:** Add additional join argument to resolve MySQL query issue ([854e5cb](https://github.com/ory/kratos/commit/854e5cba80cad52b58571587980c00c038ff6596)), closes [#2262](https://github.com/ory/kratos/issues/2262) -* Unreliable HIBP caching strategy ([#2468](https://github.com/ory/kratos/issues/2468)) ([93bf1e2](https://github.com/ory/kratos/commit/93bf1e2cd53f3a4de3ff414017c17813d36b56da)) -* Use `path` instead of `filepath` to join http route paths ([16b1244](https://github.com/ory/kratos/commit/16b12449c841bf7a237fe436b884b4b5012cd022)), closes [#2292](https://github.com/ory/kratos/issues/2292) -* Use JOIN instead of iterative queries ([0998cfb](https://github.com/ory/kratos/commit/0998cfb2fdda27ba8baeebcc603aae5fbe5c901f)), closes [#2402](https://github.com/ory/kratos/issues/2402) -* Use pointer of string for PasswordIdentifier in example code ([#2421](https://github.com/ory/kratos/issues/2421)) ([61f12e7](https://github.com/ory/kratos/commit/61f12e7579c7c337d0f415ac2b4029790c659c3d)) -* Use predictable SQLite in memory DSNs ([#2415](https://github.com/ory/kratos/issues/2415)) ([51a13f7](https://github.com/ory/kratos/commit/51a13f712d38a942772b3f4c014971ecb4658d7a)), closes [#2059](https://github.com/ory/kratos/issues/2059) +- Add flow id when return_to is passed to the verification + ([#2482](https://github.com/ory/kratos/issues/2482)) + ([c2b1c23](https://github.com/ory/kratos/commit/c2b1c2303cd0587b9419d500f2e3d5f9c9c80ad4)) +- Add indices for slow queries + ([e0cdbc9](https://github.com/ory/kratos/commit/e0cdbc9ab3389de0f65b37758d86bea56d294d64)) +- Add legacy session value + ([ecfd052](https://github.com/ory/kratos/commit/ecfd05216f5ebb70f1617595d2d398cf1fa3c660)), + closes [#2398](https://github.com/ory/kratos/issues/2398) +- **auth0:** Created_at workaround + ([#2492](https://github.com/ory/kratos/issues/2492)) + ([52a965d](https://github.com/ory/kratos/commit/52a965dc7e4ac868d21261cb44576846426bffa5)), + closes [#2485](https://github.com/ory/kratos/issues/2485) +- Avoid excessive memory allocations in HIBP cache + ([#2389](https://github.com/ory/kratos/issues/2389)) + ([ee2d410](https://github.com/ory/kratos/commit/ee2d41057a7e6cb2c57c6304c2e7bbf5ad7c56da)), + closes [#2354](https://github.com/ory/kratos/issues/2354) +- Change SQLite database mode to 0600 + ([#2344](https://github.com/ory/kratos/issues/2344)) + ([0e5d3b7](https://github.com/ory/kratos/commit/0e5d3b7726a8923fbc2a4c10ec18f0ba97ffbcff)): + + The default mode is 0644, which is allows broader access than necessary. + +- Compile issues from merge conflict + ([#2419](https://github.com/ory/kratos/issues/2419)) + ([85a90c8](https://github.com/ory/kratos/commit/85a90c892d785b834cbdf8d029315550210444e2)) +- Correct location + ([b249aaa](https://github.com/ory/kratos/commit/b249aaad97eabc88c269265359a33cea920ef7f2)) +- **courier:** Add ability to specify backoff + ([#2349](https://github.com/ory/kratos/issues/2349)) + ([bf970f3](https://github.com/ory/kratos/commit/bf970f32f571164b8081f09f602a3473e079194e)) +- Do not expose debug in a response when a schema is not found + ([#2348](https://github.com/ory/kratos/issues/2348)) + ([aee2b1e](https://github.com/ory/kratos/commit/aee2b1ed1189b57fcbb1aaa456444d5121be94b1)) +- Do not fail release if no changes needed + ([114c93e](https://github.com/ory/kratos/commit/114c93eb48c242702b72d7785da70bd31d858214)) +- **Dockerfile:** Use existing builder base image + ([#2390](https://github.com/ory/kratos/issues/2390)) + ([37de25a](https://github.com/ory/kratos/commit/37de25a541a24e03407ecf344fb750775e48c782)) +- Embed schema + ([b797bba](https://github.com/ory/kratos/commit/b797bba5910dfd925a11fb86e2dbd14b5dd839d9)) +- Get user first name and last name from Apple + ([#2331](https://github.com/ory/kratos/issues/2331)) + ([4779909](https://github.com/ory/kratos/commit/47799098b35ea1cf5a1163f57d872a5bb2242d97)) +- Improve error reporting from OpenAPI + ([8a1009b](https://github.com/ory/kratos/commit/8a1009b16653df13485bab8e33926967c449bf4e)) +- Improve performance of identity schema call + ([af28de2](https://github.com/ory/kratos/commit/af28de267f21cd72953f3f353d8fd587937b2249)) +- Internal Server Error on Empty PUT /identities/id body + ([#2417](https://github.com/ory/kratos/issues/2417)) + ([5a50231](https://github.com/ory/kratos/commit/5a50231b553aaa64bd90a3d2cd1be9d2e3aba9ac)) +- Load return_to and append to errors + ([#2333](https://github.com/ory/kratos/issues/2333)) + ([5efe4a3](https://github.com/ory/kratos/commit/5efe4a33e35e74d248d4eec43dc901b7b6334037)), + closes [#2275](https://github.com/ory/kratos/issues/2275) + [#2279](https://github.com/ory/kratos/issues/2279) + [#2285](https://github.com/ory/kratos/issues/2285) +- Make delete formattable + ([0005f35](https://github.com/ory/kratos/commit/0005f357a049ecbf94d76a1e73434837753a04ea)) +- Mark body as required ([#2479](https://github.com/ory/kratos/issues/2479)) + ([c9ae117](https://github.com/ory/kratos/commit/c9ae1175340993cfc93db436c06462c80935ea2a)) +- New issue templates + ([b9ad684](https://github.com/ory/kratos/commit/b9ad684311ee8c654b2fa382010315e892581f5c)) +- Openapi regression ([#2465](https://github.com/ory/kratos/issues/2465)) + ([37a3369](https://github.com/ory/kratos/commit/37a3369cea8ed5af34e8324a291a7d7dba0eb43a)) +- Quickstart docker-compose ([#2490](https://github.com/ory/kratos/issues/2490)) + ([9717762](https://github.com/ory/kratos/commit/97177629c715028affbc294bdd432fd6c954d5ad)), + closes [#2488](https://github.com/ory/kratos/issues/2488) +- Refresh is always false when session exists + ([d3436d7](https://github.com/ory/kratos/commit/d3436d7fa17589d91e25c9f0bd66bc3bb5b150fa)), + closes [#2341](https://github.com/ory/kratos/issues/2341) +- Remove required legacy field + ([#2410](https://github.com/ory/kratos/issues/2410)) + ([638d45c](https://github.com/ory/kratos/commit/638d45caf480b7287c9762cbf3c593217f40e3e8)) +- Remove wrong templates + ([4fe2d25](https://github.com/ory/kratos/commit/4fe2d25dd68033a8d7b3dd5f62d87b23a7ba361d)) +- Reorder transactions + ([78ca4c6](https://github.com/ory/kratos/commit/78ca4c6ca5a49b0800d9c34954638a926d80078b)) +- Resolve index naming issues + ([d5550b5](https://github.com/ory/kratos/commit/d5550b5ddc4e1677e4c4f808578f573760c6581e)) +- Resolve MySQL index issues + ([50bdba9](https://github.com/ory/kratos/commit/50bdba9f1117c60e80e153416bc997187b4a60b7)) +- Resolve otelx panics + ([6613a02](https://github.com/ory/kratos/commit/6613a02b8fd5f6f06e9b6301bdc39037771b3d9b)) +- **sdk:** Improved OpenAPI specifications for UI nodes + ([#2375](https://github.com/ory/kratos/issues/2375)) + ([a42a0f7](https://github.com/ory/kratos/commit/a42a0f772af3625c457032d6dcc34289a62acc61)), + closes [#2357](https://github.com/ory/kratos/issues/2357) +- Serve.admin.request_log.disable_for_health behaviour + ([#2399](https://github.com/ory/kratos/issues/2399)) + ([0a381fa](https://github.com/ory/kratos/commit/0a381fa3d702f77e614d0492dafa3ac2cd102c7e)) +- **sql:** Add additional join argument to resolve MySQL query issue + ([854e5cb](https://github.com/ory/kratos/commit/854e5cba80cad52b58571587980c00c038ff6596)), + closes [#2262](https://github.com/ory/kratos/issues/2262) +- Unreliable HIBP caching strategy + ([#2468](https://github.com/ory/kratos/issues/2468)) + ([93bf1e2](https://github.com/ory/kratos/commit/93bf1e2cd53f3a4de3ff414017c17813d36b56da)) +- Use `path` instead of `filepath` to join http route paths + ([16b1244](https://github.com/ory/kratos/commit/16b12449c841bf7a237fe436b884b4b5012cd022)), + closes [#2292](https://github.com/ory/kratos/issues/2292) +- Use JOIN instead of iterative queries + ([0998cfb](https://github.com/ory/kratos/commit/0998cfb2fdda27ba8baeebcc603aae5fbe5c901f)), + closes [#2402](https://github.com/ory/kratos/issues/2402) +- Use pointer of string for PasswordIdentifier in example code + ([#2421](https://github.com/ory/kratos/issues/2421)) + ([61f12e7](https://github.com/ory/kratos/commit/61f12e7579c7c337d0f415ac2b4029790c659c3d)) +- Use predictable SQLite in memory DSNs + ([#2415](https://github.com/ory/kratos/issues/2415)) + ([51a13f7](https://github.com/ory/kratos/commit/51a13f712d38a942772b3f4c014971ecb4658d7a)), + closes [#2059](https://github.com/ory/kratos/issues/2059) ### Code Generation -* Pin v0.10.0 release commit ([87e0de7](https://github.com/ory/kratos/commit/87e0de7a10b2a7478d8113ca028bfdb6525bc8e5)) +- Pin v0.10.0 release commit + ([87e0de7](https://github.com/ory/kratos/commit/87e0de7a10b2a7478d8113ca028bfdb6525bc8e5)) ### Code Refactoring -* Deprecate fizz renderer ([5277668](https://github.com/ory/kratos/commit/5277668b1324173df95db5e9e4b96ed841ff088b)) -* Move CLI commands to match Ory CLI structure ([d11a9a9](https://github.com/ory/kratos/commit/d11a9a9dafdebb53ed9a8359496eb70b8adb99dd)) -* Move CLI commands to match Ory CLI structure ([73910a3](https://github.com/ory/kratos/commit/73910a329b1ee46de2607c7ab1958ef2fb6de5f4)) +- Deprecate fizz renderer + ([5277668](https://github.com/ory/kratos/commit/5277668b1324173df95db5e9e4b96ed841ff088b)) +- Move CLI commands to match Ory CLI structure + ([d11a9a9](https://github.com/ory/kratos/commit/d11a9a9dafdebb53ed9a8359496eb70b8adb99dd)) +- Move CLI commands to match Ory CLI structure + ([73910a3](https://github.com/ory/kratos/commit/73910a329b1ee46de2607c7ab1958ef2fb6de5f4)) ### Documentation -* Add docs about change in default schema ([#2447](https://github.com/ory/kratos/issues/2447)) ([5093cd4](https://github.com/ory/kratos/commit/5093cd47f22311c2e1fdbffd82f0494806076f08)) -* Remove notice importing credentials not possible ([#2418](https://github.com/ory/kratos/issues/2418)) ([b80ed69](https://github.com/ory/kratos/commit/b80ed6955518003ae6b7f647dffd2d49cc999fbc)) +- Add docs about change in default schema + ([#2447](https://github.com/ory/kratos/issues/2447)) + ([5093cd4](https://github.com/ory/kratos/commit/5093cd47f22311c2e1fdbffd82f0494806076f08)) +- Remove notice importing credentials not possible + ([#2418](https://github.com/ory/kratos/issues/2418)) + ([b80ed69](https://github.com/ory/kratos/commit/b80ed6955518003ae6b7f647dffd2d49cc999fbc)) ### Features -* Add certificate based authentication for smtp client ([#2351](https://github.com/ory/kratos/issues/2351)) ([7200037](https://github.com/ory/kratos/commit/72000375c028f5f7f9cb0d0b1b02f8aa09503e4f)) -* Add ID to the recovery error when already logged in ([#2483](https://github.com/ory/kratos/issues/2483)) ([29e4a51](https://github.com/ory/kratos/commit/29e4a51cc5344dcb44839f8aa57197c41aeeb78d)) -* Add localName to smtp config ([#2445](https://github.com/ory/kratos/issues/2445)) ([27336b6](https://github.com/ory/kratos/commit/27336b63b0c11c1667d5a07230bed82283475aa4)), closes [#2425](https://github.com/ory/kratos/issues/2425) -* Add render-schema script ([a0c006e](https://github.com/ory/kratos/commit/a0c006e40fb00608d682b74f44725883b9c7bf4f)) -* Add session renew capabilities ([#2146](https://github.com/ory/kratos/issues/2146)) ([4348b86](https://github.com/ory/kratos/commit/4348b8640a282cd61fe30961faba5753e2af8bb0)), closes [#615](https://github.com/ory/kratos/issues/615) -* Add support for netID provider ([#2394](https://github.com/ory/kratos/issues/2394)) ([ee7fc79](https://github.com/ory/kratos/commit/ee7fc79d49cd6d8f2985809585d1675c8e2ed376)) -* Add tracing to persister ([391c54e](https://github.com/ory/kratos/commit/391c54eb3ba721e4912a7a4676acc2f630be2a72)) -* **identity:** Add admin and public metadata fields ([562e340](https://github.com/ory/kratos/commit/562e340fe980e7c65ab3fc41f82a2a8899a33bfa)), closes [#2388](https://github.com/ory/kratos/issues/2388) [#47](https://github.com/ory/kratos/issues/47): - - This patch adds two new keys to identities, `metadata_public` and `metadata_admin` that can be used to store additional metadata about identities in Ory. - -* Read subject id from https://graph.microsoft.com/v1.0/me for microsoft ([#2347](https://github.com/ory/kratos/issues/2347)) ([852f24f](https://github.com/ory/kratos/commit/852f24fb5cd8576f3f6d35017ce85e4fa1c51c95)): - - Adds the ability to read the OIDC subject ID from the `https://graph.microsoft.com/v1.0/me` endpoint. This introduces a new field `subject_source` to the OIDC configuration. - - Closes https://github.com/ory/kratos/pull/2153 - - - -* **sdk:** Add cookie headers to all form submissions ([#2467](https://github.com/ory/kratos/issues/2467)) ([9a969fd](https://github.com/ory/kratos/commit/9a969fd927ae8436a863e91ecb6574cb3bb1c3a6)), closes [#2003](https://github.com/ory/kratos/issues/2003) [#2454](https://github.com/ory/kratos/issues/2454) -* **sdk:** Add csrf cookie for login flow submission ([#2454](https://github.com/ory/kratos/issues/2454)) ([2bffee8](https://github.com/ory/kratos/commit/2bffee81f0e8a98851a3e11b4fc4969d95e9b445)) -* Support argon2i password ([#2395](https://github.com/ory/kratos/issues/2395)) ([8fdadf9](https://github.com/ory/kratos/commit/8fdadf9d1724d28ae11996304703e06671549660)) -* Switch to opentelemetry tracing ([#2318](https://github.com/ory/kratos/issues/2318)) ([121a4d3](https://github.com/ory/kratos/commit/121a4d3fc0f396e8da50ad1985cacf68a5c85a12)) -* **tracing:** Improved tracing for requests ([#2475](https://github.com/ory/kratos/issues/2475)) ([b90a558](https://github.com/ory/kratos/commit/b90a5582284f1ceb0e97575e3b3562603b65ec5f)) -* Upgrade to Go 1.18 ([725d202](https://github.com/ory/kratos/commit/725d202e6ae15b3b5c3282e03c03a40480a2e310)) +- Add certificate based authentication for smtp client + ([#2351](https://github.com/ory/kratos/issues/2351)) + ([7200037](https://github.com/ory/kratos/commit/72000375c028f5f7f9cb0d0b1b02f8aa09503e4f)) +- Add ID to the recovery error when already logged in + ([#2483](https://github.com/ory/kratos/issues/2483)) + ([29e4a51](https://github.com/ory/kratos/commit/29e4a51cc5344dcb44839f8aa57197c41aeeb78d)) +- Add localName to smtp config + ([#2445](https://github.com/ory/kratos/issues/2445)) + ([27336b6](https://github.com/ory/kratos/commit/27336b63b0c11c1667d5a07230bed82283475aa4)), + closes [#2425](https://github.com/ory/kratos/issues/2425) +- Add render-schema script + ([a0c006e](https://github.com/ory/kratos/commit/a0c006e40fb00608d682b74f44725883b9c7bf4f)) +- Add session renew capabilities + ([#2146](https://github.com/ory/kratos/issues/2146)) + ([4348b86](https://github.com/ory/kratos/commit/4348b8640a282cd61fe30961faba5753e2af8bb0)), + closes [#615](https://github.com/ory/kratos/issues/615) +- Add support for netID provider + ([#2394](https://github.com/ory/kratos/issues/2394)) + ([ee7fc79](https://github.com/ory/kratos/commit/ee7fc79d49cd6d8f2985809585d1675c8e2ed376)) +- Add tracing to persister + ([391c54e](https://github.com/ory/kratos/commit/391c54eb3ba721e4912a7a4676acc2f630be2a72)) +- **identity:** Add admin and public metadata fields + ([562e340](https://github.com/ory/kratos/commit/562e340fe980e7c65ab3fc41f82a2a8899a33bfa)), + closes [#2388](https://github.com/ory/kratos/issues/2388) + [#47](https://github.com/ory/kratos/issues/47): + + This patch adds two new keys to identities, `metadata_public` and + `metadata_admin` that can be used to store additional metadata about + identities in Ory. + +- Read subject id from https://graph.microsoft.com/v1.0/me for microsoft + ([#2347](https://github.com/ory/kratos/issues/2347)) + ([852f24f](https://github.com/ory/kratos/commit/852f24fb5cd8576f3f6d35017ce85e4fa1c51c95)): + + Adds the ability to read the OIDC subject ID from the + `https://graph.microsoft.com/v1.0/me` endpoint. This introduces a new field + `subject_source` to the OIDC configuration. + + Closes https://github.com/ory/kratos/pull/2153 + +- **sdk:** Add cookie headers to all form submissions + ([#2467](https://github.com/ory/kratos/issues/2467)) + ([9a969fd](https://github.com/ory/kratos/commit/9a969fd927ae8436a863e91ecb6574cb3bb1c3a6)), + closes [#2003](https://github.com/ory/kratos/issues/2003) + [#2454](https://github.com/ory/kratos/issues/2454) +- **sdk:** Add csrf cookie for login flow submission + ([#2454](https://github.com/ory/kratos/issues/2454)) + ([2bffee8](https://github.com/ory/kratos/commit/2bffee81f0e8a98851a3e11b4fc4969d95e9b445)) +- Support argon2i password ([#2395](https://github.com/ory/kratos/issues/2395)) + ([8fdadf9](https://github.com/ory/kratos/commit/8fdadf9d1724d28ae11996304703e06671549660)) +- Switch to opentelemetry tracing + ([#2318](https://github.com/ory/kratos/issues/2318)) + ([121a4d3](https://github.com/ory/kratos/commit/121a4d3fc0f396e8da50ad1985cacf68a5c85a12)) +- **tracing:** Improved tracing for requests + ([#2475](https://github.com/ory/kratos/issues/2475)) + ([b90a558](https://github.com/ory/kratos/commit/b90a5582284f1ceb0e97575e3b3562603b65ec5f)) +- Upgrade to Go 1.18 + ([725d202](https://github.com/ory/kratos/commit/725d202e6ae15b3b5c3282e03c03a40480a2e310)) ### Tests -* Fix incorrect assertion ([b5b1361](https://github.com/ory/kratos/commit/b5b1361defa8faa6ea36d50a8d940c76f70c4ddd)) -* Resolve regressions ([dd44593](https://github.com/ory/kratos/commit/dd44593a51a9277c717170360f9794837e4f910c)) +- Fix incorrect assertion + ([b5b1361](https://github.com/ory/kratos/commit/b5b1361defa8faa6ea36d50a8d940c76f70c4ddd)) +- Resolve regressions + ([dd44593](https://github.com/ory/kratos/commit/dd44593a51a9277c717170360f9794837e4f910c)) ### Unclassified -* BREAKING CHANGES: This patch group updates the tracing provider from OpenTracing to OpenTelemetry. Due to these changes, tracing providers Zipkin, DataDog, Elastic APM have been deactivated temporarily. The best way to re-add support for them is to make a pull request at https://github.com/ory/x/tree/master/otelx and check the status of https://github.com/ory/x/issues/499 ([7165fa0](https://github.com/ory/kratos/commit/7165fa04fa1c9442cad8da5c5814453e1ca0ba7b)): - - The configuration has not changed, and thus no changes to your system are required if you use Jaeger. - +- BREAKING CHANGES: This patch group updates the tracing provider from + OpenTracing to OpenTelemetry. Due to these changes, tracing providers Zipkin, + DataDog, Elastic APM have been deactivated temporarily. The best way to re-add + support for them is to make a pull request at + https://github.com/ory/x/tree/master/otelx and check the status of + https://github.com/ory/x/issues/499 + ([7165fa0](https://github.com/ory/kratos/commit/7165fa04fa1c9442cad8da5c5814453e1ca0ba7b)): + The configuration has not changed, and thus no changes to your system are + required if you use Jaeger. # [0.9.0-alpha.3](https://github.com/ory/kratos/compare/v0.9.0-alpha.2...v0.9.0-alpha.3) (2022-03-25) Resolves an issue in the quickstart. - - ## Breaking Changes -Calling /self-service/recovery without flow ID or with an invalid flow ID while authenticated will now respond with an error instead of redirecting to the default page. +Calling /self-service/recovery without flow ID or with an invalid flow ID while +authenticated will now respond with an error instead of redirecting to the +default page. Closes https://github.com/ory-corp/cloud/issues/2173 Co-authored-by: aeneasr <3372410+aeneasr@users.noreply.github.com> - - ### Bug Fixes -* Accept recovery link from authenticated users ([#2195](https://github.com/ory/kratos/issues/2195)) ([0fa64dd](https://github.com/ory/kratos/commit/0fa64dd7fdaaadf92bddb600bbf201fb6e9d1fed)): +- Accept recovery link from authenticated users + ([#2195](https://github.com/ory/kratos/issues/2195)) + ([0fa64dd](https://github.com/ory/kratos/commit/0fa64dd7fdaaadf92bddb600bbf201fb6e9d1fed)): - When a recovery link is opened while the user already has a session cookie (possibly for another account), the endpoint will now correctly complete the recovery process and issue new cookies. + When a recovery link is opened while the user already has a session cookie + (possibly for another account), the endpoint will now correctly complete the + recovery process and issue new cookies. -* Quickstart ([73b461c](https://github.com/ory/kratos/commit/73b461c6ea45e0feaab734d0eb0ce380993e95d4)): +- Quickstart + ([73b461c](https://github.com/ory/kratos/commit/73b461c6ea45e0feaab734d0eb0ce380993e95d4)): - Closes https://github.com/ory/kratos/issues/2339 + Closes https://github.com/ory/kratos/issues/2339 -* Resolve issue where CF cookies would mingle with CSRF detection in API flows ([011219a](https://github.com/ory/kratos/commit/011219a40027d2c1b06c2797951a55e2f07c0845)) -* Typo in error message ([#2332](https://github.com/ory/kratos/issues/2332)) ([b075a5b](https://github.com/ory/kratos/commit/b075a5b30b47e79af1330238a3b5ea97a3c2ac4b)) -* Update v0.9.0-alpha.2 config schema path ([#2328](https://github.com/ory/kratos/issues/2328)) ([55705c7](https://github.com/ory/kratos/commit/55705c7ce0ff76dc7ddda24524db919dcb51225a)) -* **version schema:** Require version or fall back to latest ([52c9824](https://github.com/ory/kratos/commit/52c98247d4c170f79fa25a019d7f4a73b3e5fdc4)) +- Resolve issue where CF cookies would mingle with CSRF detection in API flows + ([011219a](https://github.com/ory/kratos/commit/011219a40027d2c1b06c2797951a55e2f07c0845)) +- Typo in error message ([#2332](https://github.com/ory/kratos/issues/2332)) + ([b075a5b](https://github.com/ory/kratos/commit/b075a5b30b47e79af1330238a3b5ea97a3c2ac4b)) +- Update v0.9.0-alpha.2 config schema path + ([#2328](https://github.com/ory/kratos/issues/2328)) + ([55705c7](https://github.com/ory/kratos/commit/55705c7ce0ff76dc7ddda24524db919dcb51225a)) +- **version schema:** Require version or fall back to latest + ([52c9824](https://github.com/ory/kratos/commit/52c98247d4c170f79fa25a019d7f4a73b3e5fdc4)) ### Code Generation -* Pin v0.9.0-alpha.3 release commit ([32e36d4](https://github.com/ory/kratos/commit/32e36d4e75f888e69653625a52171200b4968a6c)) +- Pin v0.9.0-alpha.3 release commit + ([32e36d4](https://github.com/ory/kratos/commit/32e36d4e75f888e69653625a52171200b4968a6c)) ### Documentation -* Add missing error codes ([b854bb8](https://github.com/ory/kratos/commit/b854bb8a33794bba684abbfe5abc6b8da1c54f44)) -* Clarify 410 error for api payloads ([2c7ac3b](https://github.com/ory/kratos/commit/2c7ac3b15a65e629ba25c0170fce68aa9eb3a80a)) - +- Add missing error codes + ([b854bb8](https://github.com/ory/kratos/commit/b854bb8a33794bba684abbfe5abc6b8da1c54f44)) +- Clarify 410 error for api payloads + ([2c7ac3b](https://github.com/ory/kratos/commit/2c7ac3b15a65e629ba25c0170fce68aa9eb3a80a)) # [0.9.0-alpha.2](https://github.com/ory/kratos/compare/v0.9.0-alpha.1...v0.9.0-alpha.2) (2022-03-22) Resolves an issue in the SDK release pipeline. - - - - ### Bug Fixes -* Swag location ([5b51bfb](https://github.com/ory/kratos/commit/5b51bfbb10592c9e7dce14689f48530427c34edc)) +- Swag location + ([5b51bfb](https://github.com/ory/kratos/commit/5b51bfbb10592c9e7dce14689f48530427c34edc)) ### Code Generation -* Pin v0.9.0-alpha.2 release commit ([f5501cf](https://github.com/ory/kratos/commit/f5501cf575a74884555e0e1e4cba39c552f4868f)) - +- Pin v0.9.0-alpha.2 release commit + ([f5501cf](https://github.com/ory/kratos/commit/f5501cf575a74884555e0e1e4cba39c552f4868f)) # [0.9.0-alpha.1](https://github.com/ory/kratos/compare/v0.8.2-alpha.1...v0.9.0-alpha.1) (2022-03-21) -Ory Kratos v0.9 is here! We're extremely happy to announce that the new release is out and once again it's been made even better thanks to the incredible contributions from our awesome community. <3 +Ory Kratos v0.9 is here! We're extremely happy to announce that the new release +is out and once again it's been made even better thanks to the incredible +contributions from our awesome community. <3 Enjoy! Here's an overview of things you can expect from the v0.9 release: -1. We introduced 1:1 compatibility between self-hosting Ory Kratos and using Ory Cloud. The configuration works the same across all modes of operation and deployment! -2. Passwordless login with WebAuthn is now available! Authentication with YubiKeys, TouchID, FaceID, Microsoft Hello, and other WebAuthn-supported methods is now available. The refactored infrastructure lays a foundation for more passwordless flows to come. -3. All the docs are now available in a single repo. Go to the [ory/docs](https://github.com/ory/docs) repository to find docs for all Ory projects. -4. You can now load custom email templates that'll make your essential messaging like project invitations or password recovery emails look slick. +1. We introduced 1:1 compatibility between self-hosting Ory Kratos and using Ory + Cloud. The configuration works the same across all modes of operation and + deployment! +2. Passwordless login with WebAuthn is now available! Authentication with + YubiKeys, TouchID, FaceID, Microsoft Hello, and other WebAuthn-supported + methods is now available. The refactored infrastructure lays a foundation for + more passwordless flows to come. +3. All the docs are now available in a single repo. Go to the + [ory/docs](https://github.com/ory/docs) repository to find docs for all Ory + projects. +4. You can now load custom email templates that'll make your essential messaging + like project invitations or password recovery emails look slick. 5. We've laid the foundation for adding SMS-dependant flows. -6. Security is always a top priority. We've made changes and updates such as CSP nonces, SSRF defenses, session invalidation hooks, and more. +6. Security is always a top priority. We've made changes and updates such as CSP + nonces, SSRF defenses, session invalidation hooks, and more. 7. Kratos now gracefully handles cookie errors. 8. Password policies are now configurable. -9. Added configuration to control the flow of webhooks. Now you can cancel flows & run them in the background. -10. You can import identities along with their credentials (password, social sign-in connections, WebAuthn, ...). +9. Added configuration to control the flow of webhooks. Now you can cancel flows + & run them in the background. +10. You can import identities along with their credentials (password, social + sign-in connections, WebAuthn, ...). 11. Infra: we migrated all of our CIs from CircleCI to GitHub Actions. -12. We moved the admin API from `/` to `admin`. **This is a breaking change**. Please read the explanation and proceed with caution! -13. Bugfix: fixed a bug in the handling of secrets. **This is a breaking change**. Please read the explanation and proceed with caution! +12. We moved the admin API from `/` to `admin`. **This is a breaking change**. + Please read the explanation and proceed with caution! +13. Bugfix: fixed a bug in the handling of secrets. **This is a breaking + change**. Please read the explanation and proceed with caution! 14. Bugfix: several bugs in different self-service flows are no more. -As you can see, this release introduces breaking changes. We tried to keep the HTTP API as backward-compatible as possible by introducing HTTP redirects and other measures, but this update requires you to take extra care. Make sure you've read the release notes and understand the risk before updating. - -You must apply SQL migrations for this release. **Make sure to create backup before you start!** - +As you can see, this release introduces breaking changes. We tried to keep the +HTTP API as backward-compatible as possible by introducing HTTP redirects and +other measures, but this update requires you to take extra care. Make sure +you've read the release notes and understand the risk before updating. +You must apply SQL migrations for this release. **Make sure to create backup +before you start!** ## Breaking Changes -Configuration key `selfservice.whitelisted_return_urls` has been renamed to `allowed_return_urls`. - -All endpoints at the Admin API are now exposed at `/admin/`. For example, endpoint `https://kratos:4434/identities` is now exposed at `https://kratos:4434/admin/identities`. This change makes it easier to configure reverse proxies and API Gateways. Additionally, it introduces 1:1 compatibility between Ory Cloud's APIs and self-hosted Ory Kratos. Please note that nothing has changed in terms of the port. To make the migration less painful, we have set up redirects from the old endpoints to the new `/admin` endpoints, so your APIs, SDKs, and clients should continue working as they were working before. This change is marked as a breaking change as it touches many endpoints and might be confusing when encountering the redirect for the first time. - -If you are using two or more secrets for the `secrets.session`, this patch might break existing Ory Session Cookies. This has the effect that users will need to re-authenticate when visiting your app. - -The `password_identifier` form field of the password login strategy has been renamed to `identifier` to make compatibility with passwordless flows possible. Field name `password_identifier` will still be accepted. Please note that the UI node for displaying the "username" / "email" field has this `name="identifier"` going forward. Additionally, the `traits` of the password strategy are no longer within group `password` but instead in group `profile` going forward! - -The following OpenID Connect configuration keys have been renamed to better explain their purpose: +Configuration key `selfservice.whitelisted_return_urls` has been renamed to +`allowed_return_urls`. + +All endpoints at the Admin API are now exposed at `/admin/`. For example, +endpoint `https://kratos:4434/identities` is now exposed at +`https://kratos:4434/admin/identities`. This change makes it easier to configure +reverse proxies and API Gateways. Additionally, it introduces 1:1 compatibility +between Ory Cloud's APIs and self-hosted Ory Kratos. Please note that nothing +has changed in terms of the port. To make the migration less painful, we have +set up redirects from the old endpoints to the new `/admin` endpoints, so your +APIs, SDKs, and clients should continue working as they were working before. +This change is marked as a breaking change as it touches many endpoints and +might be confusing when encountering the redirect for the first time. + +If you are using two or more secrets for the `secrets.session`, this patch might +break existing Ory Session Cookies. This has the effect that users will need to +re-authenticate when visiting your app. + +The `password_identifier` form field of the password login strategy has been +renamed to `identifier` to make compatibility with passwordless flows possible. +Field name `password_identifier` will still be accepted. Please note that the UI +node for displaying the "username" / "email" field has this `name="identifier"` +going forward. Additionally, the `traits` of the password strategy are no longer +within group `password` but instead in group `profile` going forward! + +The following OpenID Connect configuration keys have been renamed to better +explain their purpose: ```patch - private_key_id @@ -592,9 +880,15 @@ The following OpenID Connect configuration keys have been renamed to better expl + microsoft_tenant ``` -A major issue has been lingering in the configuration for a while. What happens to your identities when you update a schema? The answer was, it depends on the change. If the change is incompatible, some things might break! +A major issue has been lingering in the configuration for a while. What happens +to your identities when you update a schema? The answer was, it depends on the +change. If the change is incompatible, some things might break! -To resolve this problem we changed the way you define schemas. Instead of having a global `default_schema_url` which developers used to update their schema, you now need to define the `default_schema_id` which must reference schema ID in your config. To update your existing configuration, check out the patch example below: +To resolve this problem we changed the way you define schemas. Instead of having +a global `default_schema_url` which developers used to update their schema, you +now need to define the `default_schema_id` which must reference schema ID in +your config. To update your existing configuration, check out the patch example +below: ```patch identity: @@ -605,7 +899,8 @@ identity: + url: file://stub/identity.schema.json ``` -Ideally, you would version your schema and update the `default_schema_id` with every change to the new version: +Ideally, you would version your schema and update the `default_schema_id` with +every change to the new version: ```yaml identity: @@ -617,401 +912,748 @@ identity: url: file://path/to/user_v1.json ``` -This patch removes the ability to use domain aliases, an obscure feature rarely used that had several issues and inconsistencies. - - +This patch removes the ability to use domain aliases, an obscure feature rarely +used that had several issues and inconsistencies. ### Bug Fixes -* Add `identity_id` index to `identity_verifiable_addresses` table ([#2147](https://github.com/ory/kratos/issues/2147)) ([86fd942](https://github.com/ory/kratos/commit/86fd942e9a80e36dd65ef4ac57c5a5546f94995a)): - - The verifiable addresses are loaded eagerly into the identity. When that happens, the `identity_verifiable_addresses` table is queried by `nid` and `identity_id`. This index should greatly improve performance, especially of the `/sessions/whoami` endpoint. - -* Add ability to resume continuity sessions from several cookies ([#2131](https://github.com/ory/kratos/issues/2131)) ([8b87bdb](https://github.com/ory/kratos/commit/8b87bdb1967654b5fbfbf9799948485b2a9a6af0)), closes [#2016](https://github.com/ory/kratos/issues/2016) [#1786](https://github.com/ory/kratos/issues/1786) -* Add CourierConfig to default registry ([#2243](https://github.com/ory/kratos/issues/2243)) ([2e1fba3](https://github.com/ory/kratos/commit/2e1fba3ca88e273362978fe29197fe44a879813e)) -* Add DispatchMessage to interface ([df2ca7a](https://github.com/ory/kratos/commit/df2ca7a7c97a28d40c6a8af082f99ff7706ee9db)) -* Add hiring notice to README ([#2074](https://github.com/ory/kratos/issues/2074)) ([0c1e816](https://github.com/ory/kratos/commit/0c1e816693ad4a6c3fdb7206bbc95c81cdfdf3c0)) -* Add missing enum ([#2223](https://github.com/ory/kratos/issues/2223)) ([4b7d7d0](https://github.com/ory/kratos/commit/4b7d7d0011207614ab12f52bb3a911b62581ebe9)): - - Closes https://github.com/ory/sdk/issues/147 - -* Add missing version tag in quickstart.yml ([#2110](https://github.com/ory/kratos/issues/2110)) ([1d281ea](https://github.com/ory/kratos/commit/1d281ea69e551cc3d40415f5405690f445891bb6)) -* Add output-dir input to cli-next ([#2230](https://github.com/ory/kratos/issues/2230)) ([1eb3f18](https://github.com/ory/kratos/commit/1eb3f189f29cc032c44cbd9803acbf99362e5a62)) -* Added malformed config test ([5a3c9c1](https://github.com/ory/kratos/commit/5a3c9c162bd1da5c7bb938192a5e82789bac52cc)) -* Adjust scan configuration ([#2140](https://github.com/ory/kratos/issues/2140)) ([8506fcf](https://github.com/ory/kratos/commit/8506fcf59d572851b24041b48af6a04b31520a32)), closes [#2083](https://github.com/ory/kratos/issues/2083) -* Admin endpoint `/schemas` not redirecting to public endpoint ([#2133](https://github.com/ory/kratos/issues/2133)) ([413833f](https://github.com/ory/kratos/commit/413833f128c0674f4e8dbb9e73698a9df04cfc1a)), closes [#2084](https://github.com/ory/kratos/issues/2084) -* Appropriately pass context around ([#2241](https://github.com/ory/kratos/issues/2241)) ([668f6b2](https://github.com/ory/kratos/commit/668f6b246db1f61b9800f7581bedba4fa25318c4)): - - Closes https://github.com/ory/cloud/issues/56 - -* Base redirect URL decoding ([acdefa7](https://github.com/ory/kratos/commit/acdefa7464825e5307132eab5cd2752e1841c3de)) -* Base64 encode identity schema URLs ([ad44e4d](https://github.com/ory/kratos/commit/ad44e4d5f2cea86a95cc376c94fb5f5ac5bc1b82)): - - Previously, identity schema IDs with special characters could lead to broken URLs. This patch introduces a change where identity schema IDs are base64 encoded to address this issue. Schema IDs that are not base64 encoded will continue working. - -* Broken links API spec ([e1e7516](https://github.com/ory/kratos/commit/e1e75165785f48f5a154c899e1c4168bcbb7d8c3)) -* Choose correct CSRF cookie when multiple are set ([633076b](https://github.com/ory/kratos/commit/633076be008104afd50186ebe60722ef21999d5d)), closes [ory/kratos#2121](https://github.com/ory/kratos/issues/2121) [ory-corp/cloud#1786](https://github.com/ory-corp/cloud/issues/1786): - - Resolves an issue where, when multiple CSRF cookies are set, a random one would be used to verify the CSRF token. Now, regardless of how many conflicting CSRF cookies exist, if one of them is valid, the request will pass and clean up the cookie store. - -* Cloud config issue ([135b29c](https://github.com/ory/kratos/commit/135b29c647c87569cc85e8a72babb8d6777ebd24)) -* **continuity:** Properly reset cookies that became invalid ([8e4b4fb](https://github.com/ory/kratos/commit/8e4b4fb3d6dbe668cf0166f4cff49eae753d481c)), closes [#2121](https://github.com/ory/kratos/issues/2121) [ory-corp/cloud#1786](https://github.com/ory-corp/cloud/issues/1786): - - Resolves several reports related to incorrect handling of invalid continuity issues. - -* **continuity:** Remove cookie on any error ([428ac03](https://github.com/ory/kratos/commit/428ac03b582184dbbbc0c9c3ffd399273fd8e1a5)) -* Correct recovery hook ([c7682a8](https://github.com/ory/kratos/commit/c7682a8fd97fdac87d59d3e7fb798384b018c40f)) -* **courier:** Improve composability ([d47150e](https://github.com/ory/kratos/commit/d47150e8440a03ce34d6085fb693bddf2c02620b)) -* Do not error when HIBP behaves unexpectedly ([#2251](https://github.com/ory/kratos/issues/2251)) ([a431c1e](https://github.com/ory/kratos/commit/a431c1e1976f740bedb2fec4ce88b7d1b832e42c)), closes [#2145](https://github.com/ory/kratos/issues/2145) -* Do not remove all credentials when remove all security keys ([#2233](https://github.com/ory/kratos/issues/2233)) ([ecd715a](https://github.com/ory/kratos/commit/ecd715a0437c0b068aa0c6a17cd2ba53fe034354)) -* Do not send session after registration without hook ([#2094](https://github.com/ory/kratos/issues/2094)) ([3044229](https://github.com/ory/kratos/commit/3044229227229e81a4ba770eec241a748dd0945c)), closes [#2093](https://github.com/ory/kratos/issues/2093) -* Docker-compose standalone definition ([3c7065a](https://github.com/ory/kratos/commit/3c7065ad32ff314c8cbdad8ed89fd9a9f5928f72)) -* Don't inherit flow type in recovery and verification flows ([#2250](https://github.com/ory/kratos/issues/2250)) ([c5b444a](https://github.com/ory/kratos/commit/c5b444aa2bf46b3a86d08f693ab200a30bd4a609)), closes [#2049](https://github.com/ory/kratos/issues/2049) -* **embed:** Disallow additional props ([b2018ce](https://github.com/ory/kratos/commit/b2018ce3b1667fffc9d0a2c4c82cfafed7f3cac5)) -* **embed:** Do not require plaintext/html in email config ([dfe4140](https://github.com/ory/kratos/commit/dfe4140dda44d4b64988b94272b4776e362abde5)) -* Ensure no internal networks can be called in SMS sender ([65e42e5](https://github.com/ory/kratos/commit/65e42e5cb3a9a3a81e3c623fa066a7651dfb0699)) -* Explain mitigations in cookie error messages ([ef4b01a](https://github.com/ory/kratos/commit/ef4b01a80ea91114b182ff26759d98cd5ba2cd02)) -* Expose network wrapper ([a570607](https://github.com/ory/kratos/commit/a570607d460e7c5f9d49ce38ba7a4e06ae172359)) -* Faq ([#2101](https://github.com/ory/kratos/issues/2101)) ([311f906](https://github.com/ory/kratos/commit/311f9066a524308b970afc81d98d1a14b78bf63d)): - - This patch - - moves the FAQ to the Debug & Help section - - renames it to Tips & Troubleshooting - - moves many of the questions to documents where they fit better, reformatted and with added information where needed. - - also some other spelling/format fixes - - See also https://github.com/ory/docusaurus-template/pull/87 - -* **identity:** Slow query performance on MySQL ([731b3c7](https://github.com/ory/kratos/commit/731b3c7ba48271e2fb6bbd53b0281d5269012332)), closes [#2278](https://github.com/ory/kratos/issues/2278) -* Ignore whitespace around identifier with password strategy ([#2160](https://github.com/ory/kratos/issues/2160)) ([45335c5](https://github.com/ory/kratos/commit/45335c50f719af504974fe54e504d7653db03c78)), closes [#2158](https://github.com/ory/kratos/issues/2158) -* Improve courier test signature ([b8888e3](https://github.com/ory/kratos/commit/b8888e3c93a602635b396503b7301396ce740ff8)) -* Improve password error resilience on settings flow ([e614f6e](https://github.com/ory/kratos/commit/e614f6e94e1d0f66f48bd058b015ab467d6b1b07)) -* Improve soundness of credential identifier normalization ([e475163](https://github.com/ory/kratos/commit/e475163330d06ca02cd0419e4b7216f03218e8c5)) -* Include missing type string in config schema ([#2142](https://github.com/ory/kratos/issues/2142)) ([ec2c88a](https://github.com/ory/kratos/commit/ec2c88ac2d65ea1db1146101519cdbb709ebdbbb)): - - Inside the config.schema.json under the CORS setting, add the missing type (string) for the items of the allowed_origins array - -* Incorrect makefile rule ([#2222](https://github.com/ory/kratos/issues/2222)) ([83a0ce7](https://github.com/ory/kratos/commit/83a0ce7d20e59c2fb1a35fa071a3d11a9280bcad)) -* **login:** Error handling when failed to prepare for an expired flow ([#2120](https://github.com/ory/kratos/issues/2120)) ([fdad834](https://github.com/ory/kratos/commit/fdad834e7577e298887b83b693ddf20632cd7c43)) -* **login:** Put passwordless login before password ([df9245f](https://github.com/ory/kratos/commit/df9245fbc403e1b8f2dd1378678963cc0d71ef1a)) -* **lookup:** Resolve credentials counting regression ([50782c6](https://github.com/ory/kratos/commit/50782c68c77ce1c0d8c092678a6710e0be6fa18d)) -* Lower-case jsonnet context for sms ([8c58e94](https://github.com/ory/kratos/commit/8c58e94707122a9b50873ca1acaa32659b5b8416)) -* Mark struct as used ([33f3dfe](https://github.com/ory/kratos/commit/33f3dfeba5af3808f34b16241d74993ceed788be)) -* Mark width and height as required ([#2322](https://github.com/ory/kratos/issues/2322)) ([37f2f22](https://github.com/ory/kratos/commit/37f2f220ce699e031018777c9976cafa22faa984)): - - Closes https://github.com/ory/sdk/issues/157 - -* Minor fixes in FAQ update ([#2130](https://github.com/ory/kratos/issues/2130)) ([b53eec7](https://github.com/ory/kratos/commit/b53eec721489514a80719b73bc5c758dc2adedfd)) -* Move to new post-release steps ([#2206](https://github.com/ory/kratos/issues/2206)) ([10778fd](https://github.com/ory/kratos/commit/10778fdd16a116b5dc8f4c2bdc96a895728d9aec)) -* Mr comment fix ([96c917e](https://github.com/ory/kratos/commit/96c917e3c1b02b13be55056bfd94b517007fc206)) -* **oidc:** Improve empty credential handling ([124d4ce](https://github.com/ory/kratos/commit/124d4ce9fe949dcea4fd5ff8e45530835d38cb3c)) -* **oidc:** Incorrect error handling ([c8d789c](https://github.com/ory/kratos/commit/c8d789c10e2be11dfc8c3eea01a339637f89ea63)) -* Order regression ([2cb5d2b](https://github.com/ory/kratos/commit/2cb5d2bf2d645a0e63cf289c966ee8557edbf333)) -* Pass context to registration flow ([c8d55b3](https://github.com/ory/kratos/commit/c8d55b339647cdca3c9beace760dc3a9beac31c1)) -* Pass docs output dir as a separate argument ([78c69a2](https://github.com/ory/kratos/commit/78c69a2790c957bf8102260150d69b1844899ed9)) -* Pass token to render-version-schema ([#2246](https://github.com/ory/kratos/issues/2246)) ([4d117e5](https://github.com/ory/kratos/commit/4d117e51abef739d686e48dede63a030a753be41)) -* **password:** Schema regressions ([271d5fa](https://github.com/ory/kratos/commit/271d5fa93f96721d7bf8aa841c700dfec1de4104)) -* Properly check for not found ([77ac199](https://github.com/ory/kratos/commit/77ac199f00f04eb7fd40db6fb546921271026e20)) -* Properly pass context ([#2300](https://github.com/ory/kratos/issues/2300)) ([fab8a93](https://github.com/ory/kratos/commit/fab8a939c97e61c028143e37e2a78d3edd569da0)) -* Provide access to root path and error page ([#2317](https://github.com/ory/kratos/issues/2317)) ([f360ee8](https://github.com/ory/kratos/commit/f360ee8e65dc64983181746d1059eac53588e029)) -* Quickstart standalone service definition ([#2149](https://github.com/ory/kratos/issues/2149)) ([872b06e](https://github.com/ory/kratos/commit/872b06e1f798deacfef101edc3ab33fd75af9b29)) -* Rebase regressions ([d1c5085](https://github.com/ory/kratos/commit/d1c508570032c620a654b896111215a76a811517)) -* **registration:** Order for passwordless webauthn ([8427322](https://github.com/ory/kratos/commit/8427322b31fb5206a55e9f62823745fcc6983a22)) -* Remove non-hermetic sprig functions ([#2201](https://github.com/ory/kratos/issues/2201)) ([17e0acc](https://github.com/ory/kratos/commit/17e0acc527cfbb703d9d44b776138da23b217ca4)): - - Closes https://github.com/ory/kratos/issues/2087 - -* Resolve configx regression ([672c0ff](https://github.com/ory/kratos/commit/672c0ffc7f5edd1fd238dcdd0c5d0430b30966c6)) -* Resolve issues with the CI pipeline ([d15bd90](https://github.com/ory/kratos/commit/d15bd90433ed191c2eb41f119ed288906827334e)) -* Resolve merge regression ([d8ca4f3](https://github.com/ory/kratos/commit/d8ca4f327499f94c811c55237f210288fb6a9dd5)) -* Resolve prettier issues ([32bf052](https://github.com/ory/kratos/commit/32bf052f0084860623ea815ed913e94261c89070)) -* Resolve remaining passwordless regressions ([151c8cf](https://github.com/ory/kratos/commit/151c8cfb53402aaf2518a471579c25c3785b13d2)) -* Resovle lint errors ([afb7aaf](https://github.com/ory/kratos/commit/afb7aaf7b019756a624e7f1b2e35fd575882570a)) -* Return 400 instead of 404 on admin recovery ([ae2509c](https://github.com/ory/kratos/commit/ae2509cf7a95f940d33945271ac1fe8fc255506b)), closes [#1664](https://github.com/ory/kratos/issues/1664) -* **sdk:** Add all available discriminators ([5d70f9c](https://github.com/ory/kratos/commit/5d70f9c70a39067c2d6c0b1f127ff28ca39e77a9)), closes [#2287](https://github.com/ory/kratos/issues/2287) [#2288](https://github.com/ory/kratos/issues/2288) -* **sdk:** Add webauth and lookup_secret to identityCredentialsType ([#2276](https://github.com/ory/kratos/issues/2276)) ([61ce3c0](https://github.com/ory/kratos/commit/61ce3c0c35366f587bfee5c89496fa15432bb241)) -* **sdk:** Correct minimum page to 1 ([a28362e](https://github.com/ory/kratos/commit/a28362e054cf12441ed25d8927cd63e3264bfed6)), closes [#2286](https://github.com/ory/kratos/issues/2286) -* **selfservice:** Cannot login after remove security keys and all other 2FA settings ([#2181](https://github.com/ory/kratos/issues/2181)) ([5ff6773](https://github.com/ory/kratos/commit/5ff6773ab8512bdfb8d2c7b650970711cbb012ba)), closes [#2180](https://github.com/ory/kratos/issues/2180) -* **selfservice:** Login self service flow with TOTP does not pass on return_to URL ([#2175](https://github.com/ory/kratos/issues/2175)) ([3eaa88e](https://github.com/ory/kratos/commit/3eaa88e74e1540b14b6e41df2881346c60b92046)), closes [#2172](https://github.com/ory/kratos/issues/2172) -* **selfservice:** Recovery self service flow passes on return_to URL ([#1920](https://github.com/ory/kratos/issues/1920)) ([b925d35](https://github.com/ory/kratos/commit/b925d351dd0ce48cb6aed046dcf2698796453751)), closes [#914](https://github.com/ory/kratos/issues/914) -* Send 404 instead of null response for unknown verification flows ([#2102](https://github.com/ory/kratos/issues/2102)) ([c9490c8](https://github.com/ory/kratos/commit/c9490c8927209b686aafe54b8a16207a8ef47ebe)), closes [#2099](https://github.com/ory/kratos/issues/2099): - - Fixes the verification handler to write the error, instead of nil object, when the flow does not exist. Adds tests for every handler to check proper behavior in that regard. - -* **session:** Correctly calculate aal for passwordless webauthn ([c7eb970](https://github.com/ory/kratos/commit/c7eb970ed252577e06d3d769d2545d5e8e98175a)) -* **session:** Properly declare session secrets ([6312afd](https://github.com/ory/kratos/commit/6312afd2eb0d1dc808d600a902eb1e16b07fd9cb)), closes [#2272](https://github.com/ory/kratos/issues/2272): - - Previously, a misconfiguration of Gorilla's session store caused incorrect handling of the configured secrets. From now on, cookies will also be properly encrypted at all times. - -* Snapshot regression ([6481441](https://github.com/ory/kratos/commit/6481441fe7df1a2fc43ff153697e9bd2160c49b3)) -* Static analysis ([a1d3254](https://github.com/ory/kratos/commit/a1d3254346ec0bcc0a8c42bf66a8171e027f0d97)) -* Support setting complex configs from the environment ([c45bf83](https://github.com/ory/kratos/commit/c45bf83a9e6744a0b3f2f24e3b07a6f0131d9a40)): - - Closes https://github.com/ory/kratos/issues/1535 - Closes https://github.com/ory/kratos/issues/1792 - Closes https://github.com/ory/kratos/issues/1801 - -* **test:** Parallelization issues ([dbcf3fb](https://github.com/ory/kratos/commit/dbcf3fb616db64e1b1f4cb5066113f703ca0b2ee)) -* **text:** Incorrect IDs for different messages ([0833321](https://github.com/ory/kratos/commit/0833321e04e9865046294b051376bed415a41441)), closes [#2277](https://github.com/ory/kratos/issues/2277) -* **totp:** Resolve credentials counting regression ([737bb3f](https://github.com/ory/kratos/commit/737bb3f71e91f7c735231d0131072aca4f5622ea)) -* Typo ([fbc8b4f](https://github.com/ory/kratos/commit/fbc8b4f9901e7761bef9a7f74a483cb077007cf8)) -* Typo ([3bb0d41](https://github.com/ory/kratos/commit/3bb0d41e3696be90cfc12f1bf00a546536e283b6)) -* Unstable ordering ([bee26c6](https://github.com/ory/kratos/commit/bee26c65c9511af82b9ed2051ab4f45b9570602d)) -* Unstable webauthn order ([6262160](https://github.com/ory/kratos/commit/626216098fcd9411c1b4b7cb3b42784146b29924)) -* Update download urls according to the new names ([#2078](https://github.com/ory/kratos/issues/2078)) ([86ae016](https://github.com/ory/kratos/commit/86ae0166c8893b809929c7c45a2ba84416ddf228)) -* Updated oathkeeper+kratos example ([#2273](https://github.com/ory/kratos/issues/2273)) ([567a3d7](https://github.com/ory/kratos/commit/567a3d765aa2115951f6af5b4ed4d2c791231de0)) -* URL with hash sign in after_verification_return_to stays encoded ([#2173](https://github.com/ory/kratos/issues/2173)) ([fb1cb8a](https://github.com/ory/kratos/commit/fb1cb8a993cbf6cb050d7dce91672b05efd53224)), closes [#2068](https://github.com/ory/kratos/issues/2068) -* Use actions/checkout for ui repos ([f0136ca](https://github.com/ory/kratos/commit/f0136cac639862bf50933063b7dc38973739139b)) -* Use correct dir for clidoc ([8c8a1ab](https://github.com/ory/kratos/commit/8c8a1ab7b41fa026189cec8d1f77e2e89c696d11)) -* Use HTTP 303 instead of 302 for selfservice redirects ([#2215](https://github.com/ory/kratos/issues/2215)) ([50b6bd8](https://github.com/ory/kratos/commit/50b6bd892ae6efba34773811ef488f15fc95154f)), closes [#1969](https://github.com/ory/kratos/issues/1969) -* Use latest hydra version ([ffb3f20](https://github.com/ory/kratos/commit/ffb3f20e67d357160c024f5e58ebf63a9aec41ff)) -* **webauthn:** Resolve missing identifier bug ([93a1ae4](https://github.com/ory/kratos/commit/93a1ae4fe98487a0bca00d2afdc5e7b07c0e1c46)) -* **webauthn:** Schema regressions ([970e861](https://github.com/ory/kratos/commit/970e861714ec01c5cfe19545871798d9ad0ae70c)) -* **webauth:** SPA regressions for login ([be378ff](https://github.com/ory/kratos/commit/be378ffa5ddbd56a00b471dce861ec074eed5192)) -* Yq version ([41b6f18](https://github.com/ory/kratos/commit/41b6f1879f23866c070100dd1767f841bff3a815)) +- Add `identity_id` index to `identity_verifiable_addresses` table + ([#2147](https://github.com/ory/kratos/issues/2147)) + ([86fd942](https://github.com/ory/kratos/commit/86fd942e9a80e36dd65ef4ac57c5a5546f94995a)): + + The verifiable addresses are loaded eagerly into the identity. When that + happens, the `identity_verifiable_addresses` table is queried by `nid` and + `identity_id`. This index should greatly improve performance, especially of + the `/sessions/whoami` endpoint. + +- Add ability to resume continuity sessions from several cookies + ([#2131](https://github.com/ory/kratos/issues/2131)) + ([8b87bdb](https://github.com/ory/kratos/commit/8b87bdb1967654b5fbfbf9799948485b2a9a6af0)), + closes [#2016](https://github.com/ory/kratos/issues/2016) + [#1786](https://github.com/ory/kratos/issues/1786) +- Add CourierConfig to default registry + ([#2243](https://github.com/ory/kratos/issues/2243)) + ([2e1fba3](https://github.com/ory/kratos/commit/2e1fba3ca88e273362978fe29197fe44a879813e)) +- Add DispatchMessage to interface + ([df2ca7a](https://github.com/ory/kratos/commit/df2ca7a7c97a28d40c6a8af082f99ff7706ee9db)) +- Add hiring notice to README + ([#2074](https://github.com/ory/kratos/issues/2074)) + ([0c1e816](https://github.com/ory/kratos/commit/0c1e816693ad4a6c3fdb7206bbc95c81cdfdf3c0)) +- Add missing enum ([#2223](https://github.com/ory/kratos/issues/2223)) + ([4b7d7d0](https://github.com/ory/kratos/commit/4b7d7d0011207614ab12f52bb3a911b62581ebe9)): + + Closes https://github.com/ory/sdk/issues/147 + +- Add missing version tag in quickstart.yml + ([#2110](https://github.com/ory/kratos/issues/2110)) + ([1d281ea](https://github.com/ory/kratos/commit/1d281ea69e551cc3d40415f5405690f445891bb6)) +- Add output-dir input to cli-next + ([#2230](https://github.com/ory/kratos/issues/2230)) + ([1eb3f18](https://github.com/ory/kratos/commit/1eb3f189f29cc032c44cbd9803acbf99362e5a62)) +- Added malformed config test + ([5a3c9c1](https://github.com/ory/kratos/commit/5a3c9c162bd1da5c7bb938192a5e82789bac52cc)) +- Adjust scan configuration ([#2140](https://github.com/ory/kratos/issues/2140)) + ([8506fcf](https://github.com/ory/kratos/commit/8506fcf59d572851b24041b48af6a04b31520a32)), + closes [#2083](https://github.com/ory/kratos/issues/2083) +- Admin endpoint `/schemas` not redirecting to public endpoint + ([#2133](https://github.com/ory/kratos/issues/2133)) + ([413833f](https://github.com/ory/kratos/commit/413833f128c0674f4e8dbb9e73698a9df04cfc1a)), + closes [#2084](https://github.com/ory/kratos/issues/2084) +- Appropriately pass context around + ([#2241](https://github.com/ory/kratos/issues/2241)) + ([668f6b2](https://github.com/ory/kratos/commit/668f6b246db1f61b9800f7581bedba4fa25318c4)): + + Closes https://github.com/ory/cloud/issues/56 + +- Base redirect URL decoding + ([acdefa7](https://github.com/ory/kratos/commit/acdefa7464825e5307132eab5cd2752e1841c3de)) +- Base64 encode identity schema URLs + ([ad44e4d](https://github.com/ory/kratos/commit/ad44e4d5f2cea86a95cc376c94fb5f5ac5bc1b82)): + + Previously, identity schema IDs with special characters could lead to broken + URLs. This patch introduces a change where identity schema IDs are base64 + encoded to address this issue. Schema IDs that are not base64 encoded will + continue working. + +- Broken links API spec + ([e1e7516](https://github.com/ory/kratos/commit/e1e75165785f48f5a154c899e1c4168bcbb7d8c3)) +- Choose correct CSRF cookie when multiple are set + ([633076b](https://github.com/ory/kratos/commit/633076be008104afd50186ebe60722ef21999d5d)), + closes [ory/kratos#2121](https://github.com/ory/kratos/issues/2121) + [ory-corp/cloud#1786](https://github.com/ory-corp/cloud/issues/1786): + + Resolves an issue where, when multiple CSRF cookies are set, a random one + would be used to verify the CSRF token. Now, regardless of how many + conflicting CSRF cookies exist, if one of them is valid, the request will pass + and clean up the cookie store. + +- Cloud config issue + ([135b29c](https://github.com/ory/kratos/commit/135b29c647c87569cc85e8a72babb8d6777ebd24)) +- **continuity:** Properly reset cookies that became invalid + ([8e4b4fb](https://github.com/ory/kratos/commit/8e4b4fb3d6dbe668cf0166f4cff49eae753d481c)), + closes [#2121](https://github.com/ory/kratos/issues/2121) + [ory-corp/cloud#1786](https://github.com/ory-corp/cloud/issues/1786): + + Resolves several reports related to incorrect handling of invalid continuity + issues. + +- **continuity:** Remove cookie on any error + ([428ac03](https://github.com/ory/kratos/commit/428ac03b582184dbbbc0c9c3ffd399273fd8e1a5)) +- Correct recovery hook + ([c7682a8](https://github.com/ory/kratos/commit/c7682a8fd97fdac87d59d3e7fb798384b018c40f)) +- **courier:** Improve composability + ([d47150e](https://github.com/ory/kratos/commit/d47150e8440a03ce34d6085fb693bddf2c02620b)) +- Do not error when HIBP behaves unexpectedly + ([#2251](https://github.com/ory/kratos/issues/2251)) + ([a431c1e](https://github.com/ory/kratos/commit/a431c1e1976f740bedb2fec4ce88b7d1b832e42c)), + closes [#2145](https://github.com/ory/kratos/issues/2145) +- Do not remove all credentials when remove all security keys + ([#2233](https://github.com/ory/kratos/issues/2233)) + ([ecd715a](https://github.com/ory/kratos/commit/ecd715a0437c0b068aa0c6a17cd2ba53fe034354)) +- Do not send session after registration without hook + ([#2094](https://github.com/ory/kratos/issues/2094)) + ([3044229](https://github.com/ory/kratos/commit/3044229227229e81a4ba770eec241a748dd0945c)), + closes [#2093](https://github.com/ory/kratos/issues/2093) +- Docker-compose standalone definition + ([3c7065a](https://github.com/ory/kratos/commit/3c7065ad32ff314c8cbdad8ed89fd9a9f5928f72)) +- Don't inherit flow type in recovery and verification flows + ([#2250](https://github.com/ory/kratos/issues/2250)) + ([c5b444a](https://github.com/ory/kratos/commit/c5b444aa2bf46b3a86d08f693ab200a30bd4a609)), + closes [#2049](https://github.com/ory/kratos/issues/2049) +- **embed:** Disallow additional props + ([b2018ce](https://github.com/ory/kratos/commit/b2018ce3b1667fffc9d0a2c4c82cfafed7f3cac5)) +- **embed:** Do not require plaintext/html in email config + ([dfe4140](https://github.com/ory/kratos/commit/dfe4140dda44d4b64988b94272b4776e362abde5)) +- Ensure no internal networks can be called in SMS sender + ([65e42e5](https://github.com/ory/kratos/commit/65e42e5cb3a9a3a81e3c623fa066a7651dfb0699)) +- Explain mitigations in cookie error messages + ([ef4b01a](https://github.com/ory/kratos/commit/ef4b01a80ea91114b182ff26759d98cd5ba2cd02)) +- Expose network wrapper + ([a570607](https://github.com/ory/kratos/commit/a570607d460e7c5f9d49ce38ba7a4e06ae172359)) +- Faq ([#2101](https://github.com/ory/kratos/issues/2101)) + ([311f906](https://github.com/ory/kratos/commit/311f9066a524308b970afc81d98d1a14b78bf63d)): + + This patch + + - moves the FAQ to the Debug & Help section + - renames it to Tips & Troubleshooting + - moves many of the questions to documents where they fit better, reformatted + and with added information where needed. + - also some other spelling/format fixes + + See also https://github.com/ory/docusaurus-template/pull/87 + +- **identity:** Slow query performance on MySQL + ([731b3c7](https://github.com/ory/kratos/commit/731b3c7ba48271e2fb6bbd53b0281d5269012332)), + closes [#2278](https://github.com/ory/kratos/issues/2278) +- Ignore whitespace around identifier with password strategy + ([#2160](https://github.com/ory/kratos/issues/2160)) + ([45335c5](https://github.com/ory/kratos/commit/45335c50f719af504974fe54e504d7653db03c78)), + closes [#2158](https://github.com/ory/kratos/issues/2158) +- Improve courier test signature + ([b8888e3](https://github.com/ory/kratos/commit/b8888e3c93a602635b396503b7301396ce740ff8)) +- Improve password error resilience on settings flow + ([e614f6e](https://github.com/ory/kratos/commit/e614f6e94e1d0f66f48bd058b015ab467d6b1b07)) +- Improve soundness of credential identifier normalization + ([e475163](https://github.com/ory/kratos/commit/e475163330d06ca02cd0419e4b7216f03218e8c5)) +- Include missing type string in config schema + ([#2142](https://github.com/ory/kratos/issues/2142)) + ([ec2c88a](https://github.com/ory/kratos/commit/ec2c88ac2d65ea1db1146101519cdbb709ebdbbb)): + + Inside the config.schema.json under the CORS setting, add the missing type + (string) for the items of the allowed_origins array + +- Incorrect makefile rule ([#2222](https://github.com/ory/kratos/issues/2222)) + ([83a0ce7](https://github.com/ory/kratos/commit/83a0ce7d20e59c2fb1a35fa071a3d11a9280bcad)) +- **login:** Error handling when failed to prepare for an expired flow + ([#2120](https://github.com/ory/kratos/issues/2120)) + ([fdad834](https://github.com/ory/kratos/commit/fdad834e7577e298887b83b693ddf20632cd7c43)) +- **login:** Put passwordless login before password + ([df9245f](https://github.com/ory/kratos/commit/df9245fbc403e1b8f2dd1378678963cc0d71ef1a)) +- **lookup:** Resolve credentials counting regression + ([50782c6](https://github.com/ory/kratos/commit/50782c68c77ce1c0d8c092678a6710e0be6fa18d)) +- Lower-case jsonnet context for sms + ([8c58e94](https://github.com/ory/kratos/commit/8c58e94707122a9b50873ca1acaa32659b5b8416)) +- Mark struct as used + ([33f3dfe](https://github.com/ory/kratos/commit/33f3dfeba5af3808f34b16241d74993ceed788be)) +- Mark width and height as required + ([#2322](https://github.com/ory/kratos/issues/2322)) + ([37f2f22](https://github.com/ory/kratos/commit/37f2f220ce699e031018777c9976cafa22faa984)): + + Closes https://github.com/ory/sdk/issues/157 + +- Minor fixes in FAQ update ([#2130](https://github.com/ory/kratos/issues/2130)) + ([b53eec7](https://github.com/ory/kratos/commit/b53eec721489514a80719b73bc5c758dc2adedfd)) +- Move to new post-release steps + ([#2206](https://github.com/ory/kratos/issues/2206)) + ([10778fd](https://github.com/ory/kratos/commit/10778fdd16a116b5dc8f4c2bdc96a895728d9aec)) +- Mr comment fix + ([96c917e](https://github.com/ory/kratos/commit/96c917e3c1b02b13be55056bfd94b517007fc206)) +- **oidc:** Improve empty credential handling + ([124d4ce](https://github.com/ory/kratos/commit/124d4ce9fe949dcea4fd5ff8e45530835d38cb3c)) +- **oidc:** Incorrect error handling + ([c8d789c](https://github.com/ory/kratos/commit/c8d789c10e2be11dfc8c3eea01a339637f89ea63)) +- Order regression + ([2cb5d2b](https://github.com/ory/kratos/commit/2cb5d2bf2d645a0e63cf289c966ee8557edbf333)) +- Pass context to registration flow + ([c8d55b3](https://github.com/ory/kratos/commit/c8d55b339647cdca3c9beace760dc3a9beac31c1)) +- Pass docs output dir as a separate argument + ([78c69a2](https://github.com/ory/kratos/commit/78c69a2790c957bf8102260150d69b1844899ed9)) +- Pass token to render-version-schema + ([#2246](https://github.com/ory/kratos/issues/2246)) + ([4d117e5](https://github.com/ory/kratos/commit/4d117e51abef739d686e48dede63a030a753be41)) +- **password:** Schema regressions + ([271d5fa](https://github.com/ory/kratos/commit/271d5fa93f96721d7bf8aa841c700dfec1de4104)) +- Properly check for not found + ([77ac199](https://github.com/ory/kratos/commit/77ac199f00f04eb7fd40db6fb546921271026e20)) +- Properly pass context ([#2300](https://github.com/ory/kratos/issues/2300)) + ([fab8a93](https://github.com/ory/kratos/commit/fab8a939c97e61c028143e37e2a78d3edd569da0)) +- Provide access to root path and error page + ([#2317](https://github.com/ory/kratos/issues/2317)) + ([f360ee8](https://github.com/ory/kratos/commit/f360ee8e65dc64983181746d1059eac53588e029)) +- Quickstart standalone service definition + ([#2149](https://github.com/ory/kratos/issues/2149)) + ([872b06e](https://github.com/ory/kratos/commit/872b06e1f798deacfef101edc3ab33fd75af9b29)) +- Rebase regressions + ([d1c5085](https://github.com/ory/kratos/commit/d1c508570032c620a654b896111215a76a811517)) +- **registration:** Order for passwordless webauthn + ([8427322](https://github.com/ory/kratos/commit/8427322b31fb5206a55e9f62823745fcc6983a22)) +- Remove non-hermetic sprig functions + ([#2201](https://github.com/ory/kratos/issues/2201)) + ([17e0acc](https://github.com/ory/kratos/commit/17e0acc527cfbb703d9d44b776138da23b217ca4)): + + Closes https://github.com/ory/kratos/issues/2087 + +- Resolve configx regression + ([672c0ff](https://github.com/ory/kratos/commit/672c0ffc7f5edd1fd238dcdd0c5d0430b30966c6)) +- Resolve issues with the CI pipeline + ([d15bd90](https://github.com/ory/kratos/commit/d15bd90433ed191c2eb41f119ed288906827334e)) +- Resolve merge regression + ([d8ca4f3](https://github.com/ory/kratos/commit/d8ca4f327499f94c811c55237f210288fb6a9dd5)) +- Resolve prettier issues + ([32bf052](https://github.com/ory/kratos/commit/32bf052f0084860623ea815ed913e94261c89070)) +- Resolve remaining passwordless regressions + ([151c8cf](https://github.com/ory/kratos/commit/151c8cfb53402aaf2518a471579c25c3785b13d2)) +- Resovle lint errors + ([afb7aaf](https://github.com/ory/kratos/commit/afb7aaf7b019756a624e7f1b2e35fd575882570a)) +- Return 400 instead of 404 on admin recovery + ([ae2509c](https://github.com/ory/kratos/commit/ae2509cf7a95f940d33945271ac1fe8fc255506b)), + closes [#1664](https://github.com/ory/kratos/issues/1664) +- **sdk:** Add all available discriminators + ([5d70f9c](https://github.com/ory/kratos/commit/5d70f9c70a39067c2d6c0b1f127ff28ca39e77a9)), + closes [#2287](https://github.com/ory/kratos/issues/2287) + [#2288](https://github.com/ory/kratos/issues/2288) +- **sdk:** Add webauth and lookup_secret to identityCredentialsType + ([#2276](https://github.com/ory/kratos/issues/2276)) + ([61ce3c0](https://github.com/ory/kratos/commit/61ce3c0c35366f587bfee5c89496fa15432bb241)) +- **sdk:** Correct minimum page to 1 + ([a28362e](https://github.com/ory/kratos/commit/a28362e054cf12441ed25d8927cd63e3264bfed6)), + closes [#2286](https://github.com/ory/kratos/issues/2286) +- **selfservice:** Cannot login after remove security keys and all other 2FA + settings ([#2181](https://github.com/ory/kratos/issues/2181)) + ([5ff6773](https://github.com/ory/kratos/commit/5ff6773ab8512bdfb8d2c7b650970711cbb012ba)), + closes [#2180](https://github.com/ory/kratos/issues/2180) +- **selfservice:** Login self service flow with TOTP does not pass on return_to + URL ([#2175](https://github.com/ory/kratos/issues/2175)) + ([3eaa88e](https://github.com/ory/kratos/commit/3eaa88e74e1540b14b6e41df2881346c60b92046)), + closes [#2172](https://github.com/ory/kratos/issues/2172) +- **selfservice:** Recovery self service flow passes on return_to URL + ([#1920](https://github.com/ory/kratos/issues/1920)) + ([b925d35](https://github.com/ory/kratos/commit/b925d351dd0ce48cb6aed046dcf2698796453751)), + closes [#914](https://github.com/ory/kratos/issues/914) +- Send 404 instead of null response for unknown verification flows + ([#2102](https://github.com/ory/kratos/issues/2102)) + ([c9490c8](https://github.com/ory/kratos/commit/c9490c8927209b686aafe54b8a16207a8ef47ebe)), + closes [#2099](https://github.com/ory/kratos/issues/2099): + + Fixes the verification handler to write the error, instead of nil object, when + the flow does not exist. Adds tests for every handler to check proper behavior + in that regard. + +- **session:** Correctly calculate aal for passwordless webauthn + ([c7eb970](https://github.com/ory/kratos/commit/c7eb970ed252577e06d3d769d2545d5e8e98175a)) +- **session:** Properly declare session secrets + ([6312afd](https://github.com/ory/kratos/commit/6312afd2eb0d1dc808d600a902eb1e16b07fd9cb)), + closes [#2272](https://github.com/ory/kratos/issues/2272): + + Previously, a misconfiguration of Gorilla's session store caused incorrect + handling of the configured secrets. From now on, cookies will also be properly + encrypted at all times. + +- Snapshot regression + ([6481441](https://github.com/ory/kratos/commit/6481441fe7df1a2fc43ff153697e9bd2160c49b3)) +- Static analysis + ([a1d3254](https://github.com/ory/kratos/commit/a1d3254346ec0bcc0a8c42bf66a8171e027f0d97)) +- Support setting complex configs from the environment + ([c45bf83](https://github.com/ory/kratos/commit/c45bf83a9e6744a0b3f2f24e3b07a6f0131d9a40)): + + Closes https://github.com/ory/kratos/issues/1535 Closes + https://github.com/ory/kratos/issues/1792 Closes + https://github.com/ory/kratos/issues/1801 + +- **test:** Parallelization issues + ([dbcf3fb](https://github.com/ory/kratos/commit/dbcf3fb616db64e1b1f4cb5066113f703ca0b2ee)) +- **text:** Incorrect IDs for different messages + ([0833321](https://github.com/ory/kratos/commit/0833321e04e9865046294b051376bed415a41441)), + closes [#2277](https://github.com/ory/kratos/issues/2277) +- **totp:** Resolve credentials counting regression + ([737bb3f](https://github.com/ory/kratos/commit/737bb3f71e91f7c735231d0131072aca4f5622ea)) +- Typo + ([fbc8b4f](https://github.com/ory/kratos/commit/fbc8b4f9901e7761bef9a7f74a483cb077007cf8)) +- Typo + ([3bb0d41](https://github.com/ory/kratos/commit/3bb0d41e3696be90cfc12f1bf00a546536e283b6)) +- Unstable ordering + ([bee26c6](https://github.com/ory/kratos/commit/bee26c65c9511af82b9ed2051ab4f45b9570602d)) +- Unstable webauthn order + ([6262160](https://github.com/ory/kratos/commit/626216098fcd9411c1b4b7cb3b42784146b29924)) +- Update download urls according to the new names + ([#2078](https://github.com/ory/kratos/issues/2078)) + ([86ae016](https://github.com/ory/kratos/commit/86ae0166c8893b809929c7c45a2ba84416ddf228)) +- Updated oathkeeper+kratos example + ([#2273](https://github.com/ory/kratos/issues/2273)) + ([567a3d7](https://github.com/ory/kratos/commit/567a3d765aa2115951f6af5b4ed4d2c791231de0)) +- URL with hash sign in after_verification_return_to stays encoded + ([#2173](https://github.com/ory/kratos/issues/2173)) + ([fb1cb8a](https://github.com/ory/kratos/commit/fb1cb8a993cbf6cb050d7dce91672b05efd53224)), + closes [#2068](https://github.com/ory/kratos/issues/2068) +- Use actions/checkout for ui repos + ([f0136ca](https://github.com/ory/kratos/commit/f0136cac639862bf50933063b7dc38973739139b)) +- Use correct dir for clidoc + ([8c8a1ab](https://github.com/ory/kratos/commit/8c8a1ab7b41fa026189cec8d1f77e2e89c696d11)) +- Use HTTP 303 instead of 302 for selfservice redirects + ([#2215](https://github.com/ory/kratos/issues/2215)) + ([50b6bd8](https://github.com/ory/kratos/commit/50b6bd892ae6efba34773811ef488f15fc95154f)), + closes [#1969](https://github.com/ory/kratos/issues/1969) +- Use latest hydra version + ([ffb3f20](https://github.com/ory/kratos/commit/ffb3f20e67d357160c024f5e58ebf63a9aec41ff)) +- **webauthn:** Resolve missing identifier bug + ([93a1ae4](https://github.com/ory/kratos/commit/93a1ae4fe98487a0bca00d2afdc5e7b07c0e1c46)) +- **webauthn:** Schema regressions + ([970e861](https://github.com/ory/kratos/commit/970e861714ec01c5cfe19545871798d9ad0ae70c)) +- **webauth:** SPA regressions for login + ([be378ff](https://github.com/ory/kratos/commit/be378ffa5ddbd56a00b471dce861ec074eed5192)) +- Yq version + ([41b6f18](https://github.com/ory/kratos/commit/41b6f1879f23866c070100dd1767f841bff3a815)) ### Code Generation -* Pin v0.9.0-alpha.1 release commit ([72bd2ed](https://github.com/ory/kratos/commit/72bd2ed67559a64415b2686e8f67c42df888e49e)) +- Pin v0.9.0-alpha.1 release commit + ([72bd2ed](https://github.com/ory/kratos/commit/72bd2ed67559a64415b2686e8f67c42df888e49e)) ### Code Refactoring -* All admin endpoints are now exposed under `/admin/` on the admin port ([8acb4cf](https://github.com/ory/kratos/commit/8acb4cfaa61ef52619e889b8c862191c6b92e5eb)) -* Deprecate domain aliases ([894a2cc](https://github.com/ory/kratos/commit/894a2cc39671fbc9d2c13b1fc1b45b217da5145d)) -* Distinguish between first and multi factor credentials ([8de9d01](https://github.com/ory/kratos/commit/8de9d01d9edae485f5a6ea7c68584ba4019a24d6)) -* Identity.default_schema_url is now `identity.default_schema_id` ([#1964](https://github.com/ory/kratos/issues/1964)) ([e4f205d](https://github.com/ory/kratos/commit/e4f205d69bec07a71bf1d34d97ab3a6b99a4cc46)) -* **identity:** Move credentials counter ([c9875a7](https://github.com/ory/kratos/commit/c9875a7582accc740061e6a19d7b4b0998899f3f)) -* Mimic credentials config on import ([c3eb7ce](https://github.com/ory/kratos/commit/c3eb7ce60597954a60b8903ac011a643d0facf12)) -* Move credential configs for oidc and password ([50ac851](https://github.com/ory/kratos/commit/50ac851cc4534aa474a76c208f15483548ec8631)) -* Move docs to ory/docs ([57151da](https://github.com/ory/kratos/commit/57151da6adc85753d54c108637298642ccbc8347)) -* **oidc:** Credentials counting ([b75a639](https://github.com/ory/kratos/commit/b75a6390de85e10db8e9e17a74e95dd6dd716442)) -* **password:** DRY up registration helpers ([8a51839](https://github.com/ory/kratos/commit/8a51839ba85ddb5a345fef65f30b4325103ce38a)) -* **password:** Internals and deprecated fields ([a7784bd](https://github.com/ory/kratos/commit/a7784bdb52aff0ac171e59b2301755b65c842813)) -* Rename `password_identifier` field to `identifier` ([4dbe0ea](https://github.com/ory/kratos/commit/4dbe0ea41f49e198840292fc101258a4bdca826e)) -* Rename `whitelisted_return_urls` to `allowed_return_urls` ([#2299](https://github.com/ory/kratos/issues/2299)) ([686c9ba](https://github.com/ory/kratos/commit/686c9ba08ff1db8a310eaed5c4b3aec69e0f84da)) -* **session:** Aal computation ([a136de9](https://github.com/ory/kratos/commit/a136de99a0f8fe78ee344f2243359c781b166378)) -* Update apple and microsoft config key names ([#2261](https://github.com/ory/kratos/issues/2261)) ([6da2370](https://github.com/ory/kratos/commit/6da2370b4e6833ef61ca03214261e45c4786cb44)), closes [#1979](https://github.com/ory/kratos/issues/1979) +- All admin endpoints are now exposed under `/admin/` on the admin port + ([8acb4cf](https://github.com/ory/kratos/commit/8acb4cfaa61ef52619e889b8c862191c6b92e5eb)) +- Deprecate domain aliases + ([894a2cc](https://github.com/ory/kratos/commit/894a2cc39671fbc9d2c13b1fc1b45b217da5145d)) +- Distinguish between first and multi factor credentials + ([8de9d01](https://github.com/ory/kratos/commit/8de9d01d9edae485f5a6ea7c68584ba4019a24d6)) +- Identity.default_schema_url is now `identity.default_schema_id` + ([#1964](https://github.com/ory/kratos/issues/1964)) + ([e4f205d](https://github.com/ory/kratos/commit/e4f205d69bec07a71bf1d34d97ab3a6b99a4cc46)) +- **identity:** Move credentials counter + ([c9875a7](https://github.com/ory/kratos/commit/c9875a7582accc740061e6a19d7b4b0998899f3f)) +- Mimic credentials config on import + ([c3eb7ce](https://github.com/ory/kratos/commit/c3eb7ce60597954a60b8903ac011a643d0facf12)) +- Move credential configs for oidc and password + ([50ac851](https://github.com/ory/kratos/commit/50ac851cc4534aa474a76c208f15483548ec8631)) +- Move docs to ory/docs + ([57151da](https://github.com/ory/kratos/commit/57151da6adc85753d54c108637298642ccbc8347)) +- **oidc:** Credentials counting + ([b75a639](https://github.com/ory/kratos/commit/b75a6390de85e10db8e9e17a74e95dd6dd716442)) +- **password:** DRY up registration helpers + ([8a51839](https://github.com/ory/kratos/commit/8a51839ba85ddb5a345fef65f30b4325103ce38a)) +- **password:** Internals and deprecated fields + ([a7784bd](https://github.com/ory/kratos/commit/a7784bdb52aff0ac171e59b2301755b65c842813)) +- Rename `password_identifier` field to `identifier` + ([4dbe0ea](https://github.com/ory/kratos/commit/4dbe0ea41f49e198840292fc101258a4bdca826e)) +- Rename `whitelisted_return_urls` to `allowed_return_urls` + ([#2299](https://github.com/ory/kratos/issues/2299)) + ([686c9ba](https://github.com/ory/kratos/commit/686c9ba08ff1db8a310eaed5c4b3aec69e0f84da)) +- **session:** Aal computation + ([a136de9](https://github.com/ory/kratos/commit/a136de99a0f8fe78ee344f2243359c781b166378)) +- Update apple and microsoft config key names + ([#2261](https://github.com/ory/kratos/issues/2261)) + ([6da2370](https://github.com/ory/kratos/commit/6da2370b4e6833ef61ca03214261e45c4786cb44)), + closes [#1979](https://github.com/ory/kratos/issues/1979) ### Documentation -* Add debug tip ([#2186](https://github.com/ory/kratos/issues/2186)) ([a1ada22](https://github.com/ory/kratos/commit/a1ada2255d132b1f3ea8cb494620b9c17b42f161)) -* Add react example code ([#2185](https://github.com/ory/kratos/issues/2185)) ([0689cc7](https://github.com/ory/kratos/commit/0689cc73ccc9a472c5610f1e011c6ccbc5e0c20d)) -* Cloud ([8d1d65d](https://github.com/ory/kratos/commit/8d1d65d9d12a894bd25c82394e0392e228fe383d)) -* Fix broken links ([d88c56f](https://github.com/ory/kratos/commit/d88c56fc0ebf042d1270d04a2382784e5200654d)) -* Fix broken links API doc ([#2296](https://github.com/ory/kratos/issues/2296)) ([47eaae5](https://github.com/ory/kratos/commit/47eaae575023469834c0c3a4aac64dc6d880e164)) -* Fix incorrect port ([c9a3587](https://github.com/ory/kratos/commit/c9a358717a99af436c6802f45c9c1f6edc77585f)), closes [#2095](https://github.com/ory/kratos/issues/2095) -* Fix link ([c245ed4](https://github.com/ory/kratos/commit/c245ed40d443e3068bc5eee902e6b14f6ae777c6)): - - Closes https://github.com/ory/kratos-selfservice-ui-node/issues/164 - -* Fix versions ([7186ff3](https://github.com/ory/kratos/commit/7186ff354b9c3d0fbd3fb809546075fcfcd0c57f)) -* Ory cloud mentions + spelling ([#2100](https://github.com/ory/kratos/issues/2100)) ([0c2fa5b](https://github.com/ory/kratos/commit/0c2fa5bdb98b95877ef740297b6d96a931a3430f)) -* Pagination ([#2143](https://github.com/ory/kratos/issues/2143)) ([0807a03](https://github.com/ory/kratos/commit/0807a03fba8ff9a3123cd038a472e90895502e82)), closes [#2039](https://github.com/ory/kratos/issues/2039) -* Replace all mentions of Ory Kratos SDK with Ory SDK ([#2187](https://github.com/ory/kratos/issues/2187)) ([4e6897f](https://github.com/ory/kratos/commit/4e6897ff2220b5668d784a16dd1f48db30f271f0)) -* Typo ([#2073](https://github.com/ory/kratos/issues/2073)) ([e1a54f9](https://github.com/ory/kratos/commit/e1a54f9129d41b34cc8864c8ac38d1448e1f9372)) -* Typo ([#2114](https://github.com/ory/kratos/issues/2114)) ([a7a16d7](https://github.com/ory/kratos/commit/a7a16d7c91d89e274ea5fd79787cd4671d825532)) -* Update docker guide ([072ca4d](https://github.com/ory/kratos/commit/072ca4d990cf4060555c8b2626f39ff18172d064)), closes [#2086](https://github.com/ory/kratos/issues/2086) -* Update readme ([e7d9da1](https://github.com/ory/kratos/commit/e7d9da199825fb15ae720c0496a257590b353a26)) -* Upgrade guide ([#2132](https://github.com/ory/kratos/issues/2132)) ([4a4ab05](https://github.com/ory/kratos/commit/4a4ab05573ebb20f82f62bfd38767de68d7708e9)): - - Closes https://github.com/ory/kratos/discussions/2104 - +- Add debug tip ([#2186](https://github.com/ory/kratos/issues/2186)) + ([a1ada22](https://github.com/ory/kratos/commit/a1ada2255d132b1f3ea8cb494620b9c17b42f161)) +- Add react example code ([#2185](https://github.com/ory/kratos/issues/2185)) + ([0689cc7](https://github.com/ory/kratos/commit/0689cc73ccc9a472c5610f1e011c6ccbc5e0c20d)) +- Cloud + ([8d1d65d](https://github.com/ory/kratos/commit/8d1d65d9d12a894bd25c82394e0392e228fe383d)) +- Fix broken links + ([d88c56f](https://github.com/ory/kratos/commit/d88c56fc0ebf042d1270d04a2382784e5200654d)) +- Fix broken links API doc ([#2296](https://github.com/ory/kratos/issues/2296)) + ([47eaae5](https://github.com/ory/kratos/commit/47eaae575023469834c0c3a4aac64dc6d880e164)) +- Fix incorrect port + ([c9a3587](https://github.com/ory/kratos/commit/c9a358717a99af436c6802f45c9c1f6edc77585f)), + closes [#2095](https://github.com/ory/kratos/issues/2095) +- Fix link + ([c245ed4](https://github.com/ory/kratos/commit/c245ed40d443e3068bc5eee902e6b14f6ae777c6)): + + Closes https://github.com/ory/kratos-selfservice-ui-node/issues/164 + +- Fix versions + ([7186ff3](https://github.com/ory/kratos/commit/7186ff354b9c3d0fbd3fb809546075fcfcd0c57f)) +- Ory cloud mentions + spelling + ([#2100](https://github.com/ory/kratos/issues/2100)) + ([0c2fa5b](https://github.com/ory/kratos/commit/0c2fa5bdb98b95877ef740297b6d96a931a3430f)) +- Pagination ([#2143](https://github.com/ory/kratos/issues/2143)) + ([0807a03](https://github.com/ory/kratos/commit/0807a03fba8ff9a3123cd038a472e90895502e82)), + closes [#2039](https://github.com/ory/kratos/issues/2039) +- Replace all mentions of Ory Kratos SDK with Ory SDK + ([#2187](https://github.com/ory/kratos/issues/2187)) + ([4e6897f](https://github.com/ory/kratos/commit/4e6897ff2220b5668d784a16dd1f48db30f271f0)) +- Typo ([#2073](https://github.com/ory/kratos/issues/2073)) + ([e1a54f9](https://github.com/ory/kratos/commit/e1a54f9129d41b34cc8864c8ac38d1448e1f9372)) +- Typo ([#2114](https://github.com/ory/kratos/issues/2114)) + ([a7a16d7](https://github.com/ory/kratos/commit/a7a16d7c91d89e274ea5fd79787cd4671d825532)) +- Update docker guide + ([072ca4d](https://github.com/ory/kratos/commit/072ca4d990cf4060555c8b2626f39ff18172d064)), + closes [#2086](https://github.com/ory/kratos/issues/2086) +- Update readme + ([e7d9da1](https://github.com/ory/kratos/commit/e7d9da199825fb15ae720c0496a257590b353a26)) +- Upgrade guide ([#2132](https://github.com/ory/kratos/issues/2132)) + ([4a4ab05](https://github.com/ory/kratos/commit/4a4ab05573ebb20f82f62bfd38767de68d7708e9)): + + Closes https://github.com/ory/kratos/discussions/2104 ### Features -* Abandon courier messages after configurable timeout ([#2257](https://github.com/ory/kratos/issues/2257)) ([bff92f7](https://github.com/ory/kratos/commit/bff92f73b3f12d2dffa2061eb0e51e746eba2185)) -* Add `webauthn` to list of identifiers ([1a8b256](https://github.com/ory/kratos/commit/1a8b256cca33aa9cbb143e7e8fc1efc8217e9b8a)): - - This patch adds the key `webauthn` to the list of possible identifiers in the Identity JSON Schema. Use this key to specify what field is used to find the WebAuthn credentials on passwordless login flows. - -* Add credential migrator pattern ([77afc6f](https://github.com/ory/kratos/commit/77afc6f8ea868eaba7853adfcb9ed159b44ecbc8)) -* Add message for missing webauthn credentials ([303dc6b](https://github.com/ory/kratos/commit/303dc6bc33c20cd619d2542180247bd7b7f02092)) -* Add new messages ([09e6fd1](https://github.com/ory/kratos/commit/09e6fd16bb6be0ff3ee209bbfe69e967546f70da)) -* Add npm install step ([3d253e5](https://github.com/ory/kratos/commit/3d253e58ec7d4464d9749efe6ecc4a5c1d9be789)) -* Add preset CSP nonce ([#2096](https://github.com/ory/kratos/issues/2096)) ([8913292](https://github.com/ory/kratos/commit/8913292c1193c416e5a54997e3635bef87affc01)): - - Closes https://github.com/ory/kratos-selfservice-ui-node/issues/162 - -* Add versioning and improve compatibility for credential migrations ([78ce668](https://github.com/ory/kratos/commit/78ce668a38c914939028be42cd30eefa566ed09a)) -* Added phone number identifier ([#1938](https://github.com/ory/kratos/issues/1938)) ([294dfa8](https://github.com/ory/kratos/commit/294dfa85b4552b9266c44bb3376b8610c1ff5521)), closes [#137](https://github.com/ory/kratos/issues/137) -* Added sms sending support to courier ([687eca2](https://github.com/ory/kratos/commit/687eca24aac7a7b89cc949693271343573107898)) -* Allow empty version string ([419f94b](https://github.com/ory/kratos/commit/419f94bc1065771e49982faf56f8ef90a30bc306)) -* Allow registration to be disabled ([#2081](https://github.com/ory/kratos/issues/2081)) ([864b00d](https://github.com/ory/kratos/commit/864b00d6ecddefdb06ac22fda04670bfa43f2fd5)), closes [#882](https://github.com/ory/kratos/issues/882) -* Cancelable web hooks ([44a5323](https://github.com/ory/kratos/commit/44a5323f835860dccd11460d666f620026e8b58d)): - - Introduces the ability to cancel web hooks by calling `error "cancel"` in JsonNet. - -* **config:** Add option to mark webauthn as passwordless-able ([0455e3f](https://github.com/ory/kratos/commit/0455e3fe901cff6ff314fd59a35864886672327c)): - - Adds option `passwordless` to `selfservice.methods.webauthn.config`, making it possible to use WebAuthn for first-factor authentication, or so-called "passwordless" authentication. - -* Courier template configs ([#2156](https://github.com/ory/kratos/issues/2156)) ([799b6a8](https://github.com/ory/kratos/commit/799b6a81add747d3001a1758e08ee7b4c6463d64)), closes [#2054](https://github.com/ory/kratos/issues/2054): - - It is now possible to override individual courier email templates using the configuration system! - -* Courier templates fs support ([#2164](https://github.com/ory/kratos/issues/2164)) ([13689a7](https://github.com/ory/kratos/commit/13689a7135311a05b17383486f5fdab2e7a412d0)) -* **courier:** Expose setters again ([598dc3a](https://github.com/ory/kratos/commit/598dc3a4d7c27838e9058382378972a1c0330bde)) -* **courier:** Override default link base URL ([cc99096](https://github.com/ory/kratos/commit/cc99096d07408c8b713ef9a7b17b8345597a9129)): - - Added a new configuration value `selfservice.methods.link.config.base_url` which allows to change the default base URL of recovery and verification links. This is useful when the email should send a link which does not match the globally configured base URL. - - See https://github.com/ory-corp/cloud/issues/1766 - -* **docker:** Add jaeger ([27ec2b7](https://github.com/ory/kratos/commit/27ec2b74ee42697102c6a9a79bc5ca3c09756d94)) -* **e2e:** Add passwordless flows and fix bugs ([ef3871b](https://github.com/ory/kratos/commit/ef3871bd9b3e7e5f4360da8d1b7749cc005b4e19)) -* Enable Buildkit ([#2079](https://github.com/ory/kratos/issues/2079)) ([f40df5c](https://github.com/ory/kratos/commit/f40df5cd932aa3185b2155368db51a49b7f05991)): - - Looks like this was attempted before but the magic comment was not on the first line. - -* Expose courier template load ([#2082](https://github.com/ory/kratos/issues/2082)) ([790716e](https://github.com/ory/kratos/commit/790716e58a4be06f04f3cbc5b974f16d873ae0d8)) -* Generalise courier tests ([#2125](https://github.com/ory/kratos/issues/2125)) ([75c6053](https://github.com/ory/kratos/commit/75c60537e366760fe87b7b8978e9854873b7f702)) -* **identity:** Add identity credentials helpers ([b7be327](https://github.com/ory/kratos/commit/b7be327a370368932ff390968acffaa1ce6d55a0)) -* **identity:** Add versioning to credentials ([aaf779a](https://github.com/ory/kratos/commit/aaf779ac1c29b24ece6d5f3d7892a3bf08277653)) -* Ignore web hook response ([ae87914](https://github.com/ory/kratos/commit/ae87914512025c05d814a1200eda66d8f931ce44)): - - Introduces the ability to ignore responses from web hooks in favor of faster and non-blocking execution. - -* Make sensitive log value redaction text configurable ([#2321](https://github.com/ory/kratos/issues/2321)) ([9b66e43](https://github.com/ory/kratos/commit/9b66e437d0aeed61643b76aea7d49cad001dc8cf)) -* Make the password policy more configurable ([#2118](https://github.com/ory/kratos/issues/2118)) ([70c627b](https://github.com/ory/kratos/commit/70c627b9feb3ec55765070b7c6c3fd64f2640e59)), closes [#970](https://github.com/ory/kratos/issues/970) -* **oidc:** Customizable base redirect uri ([fa1f234](https://github.com/ory/kratos/commit/fa1f23469f2fecfa82fa38147f601d969bd9aaa4)): - - Closes https://github.com/ory-corp/cloud/issues/2003 - -* Password, social sign, verified email in import ([41a27b1](https://github.com/ory/kratos/commit/41a27b1e15e090d3e99cdcfc3c1ba8eac76097a4)), closes [#605](https://github.com/ory/kratos/issues/605): - - This patch introduces the ability to import passwords (cleartext, PKBDF2, Argon2, BCrypt) and Social Sign In connections when creating identities! - -* **recovery:** Allow invalidation of existing sessions ([5029884](https://github.com/ory/kratos/commit/502988474e2bce46752f7fc7885bc1b91423bbdd)), closes [#1077](https://github.com/ory/kratos/issues/1077): - - You can now use the `revoke_active_sessions` hook in the recovery flow. It invalidates all of an identity's sessions on successful account recovery. - -* **schema:** Add functionality to disallow internal HTTP requests ([6e08416](https://github.com/ory/kratos/commit/6e08416235bd821493df4d9cda2e8bd76d507871)): - - See https://github.com/ory-corp/cloud/issues/1261 - -* **security:** Add e2e tests for various private network SSRF defenses ([b049bc3](https://github.com/ory/kratos/commit/b049bc304cd79568ee82f1423e583949f63d3377)) -* **security:** Add option to disallow private IP ranges in webhooks ([05f1e5a](https://github.com/ory/kratos/commit/05f1e5a99426ed54cb70514554e64d851f0ba8d6)), closes [#2152](https://github.com/ory/kratos/issues/2152) -* **security:** Add SSRF defenses in OIDC ([d37dc5d](https://github.com/ory/kratos/commit/d37dc5d7946252783463bc9e99f7f792e2735614)) -* Selfservice and administrative session management ([#2011](https://github.com/ory/kratos/issues/2011)) ([0fe4155](https://github.com/ory/kratos/commit/0fe4155b878102b77f7f13de5f0754ff75961498)), closes [#655](https://github.com/ory/kratos/issues/655) [#2007](https://github.com/ory/kratos/issues/2007) -* **session:** Add webauthn to extension validation ([049fd8e](https://github.com/ory/kratos/commit/049fd8edc382f344018398027a4e0b3915116ff2)) -* **session:** Webauthn can now be a first factor as well ([861bee0](https://github.com/ory/kratos/commit/861bee0f029e3bb3f6b7218be19eaf6c26562b76)) -* Trace web hook calls ([#2154](https://github.com/ory/kratos/issues/2154)) ([98ee300](https://github.com/ory/kratos/commit/98ee300e065c6e81e6128a509af3f48612cda88a)) -* **webauthn:** Add error preventing deleting last webauthn credential ([1209eda](https://github.com/ory/kratos/commit/1209edacaf1b7dea32bd1bd124c86910bc2553c6)) -* **webauthn:** Add new decoder schemas ([c3e1501](https://github.com/ory/kratos/commit/c3e1501bf5170416a034130eb68d1db456a47239)) -* **webauthn:** Add passwordless credentials indicator ([6e3057a](https://github.com/ory/kratos/commit/6e3057a96a34d22cac193e5c17b4a3c01d2ca045)) -* **webauthn:** Add swagger type ([14c2b74](https://github.com/ory/kratos/commit/14c2b745e951a185dee600f6f2e8f93788c67285)) -* **webauthn:** Count passwordless credentials ([145af23](https://github.com/ory/kratos/commit/145af23aef8f5c9ffdcec47bac5758da709d4646)) -* **webauthn:** Implement refresh using webauth ([bf10868](https://github.com/ory/kratos/commit/bf108688ed146211da3cc2ec4bf0df015e535220)), closes [#2284](https://github.com/ory/kratos/issues/2284): - - This change introduces the ability to refresh a session (for example when entering "sudo" mode") using WebAuthn credentials. In this case, it does not matter whether the WebAuthN credentials are for MFA or passwordless flows. - -* **webauthn:** Improve schema ([790dcf3](https://github.com/ory/kratos/commit/790dcf3a7079d57a088d399c03d040af1019a3aa)) -* **webauthn:** Manage webauthn passwordless keys ([5a62ced](https://github.com/ory/kratos/commit/5a62ced175248a85b1e843b4017757aa86d62d23)) -* **webauthn:** Passwordless login ([b4c4fd2](https://github.com/ory/kratos/commit/b4c4fd2c25ae5d55350ce573df8295fe6d8c42a1)) -* **webauthn:** Update messages and nodes ([22534d8](https://github.com/ory/kratos/commit/22534d8253384f2002033a5b2bbdcf573779a49c)) -* **webauthn:** Use plain bytes for wrapped user ([97c8c9e](https://github.com/ory/kratos/commit/97c8c9e25234847622f1ab508cd5d50758d323c0)) +- Abandon courier messages after configurable timeout + ([#2257](https://github.com/ory/kratos/issues/2257)) + ([bff92f7](https://github.com/ory/kratos/commit/bff92f73b3f12d2dffa2061eb0e51e746eba2185)) +- Add `webauthn` to list of identifiers + ([1a8b256](https://github.com/ory/kratos/commit/1a8b256cca33aa9cbb143e7e8fc1efc8217e9b8a)): + + This patch adds the key `webauthn` to the list of possible identifiers in the + Identity JSON Schema. Use this key to specify what field is used to find the + WebAuthn credentials on passwordless login flows. + +- Add credential migrator pattern + ([77afc6f](https://github.com/ory/kratos/commit/77afc6f8ea868eaba7853adfcb9ed159b44ecbc8)) +- Add message for missing webauthn credentials + ([303dc6b](https://github.com/ory/kratos/commit/303dc6bc33c20cd619d2542180247bd7b7f02092)) +- Add new messages + ([09e6fd1](https://github.com/ory/kratos/commit/09e6fd16bb6be0ff3ee209bbfe69e967546f70da)) +- Add npm install step + ([3d253e5](https://github.com/ory/kratos/commit/3d253e58ec7d4464d9749efe6ecc4a5c1d9be789)) +- Add preset CSP nonce ([#2096](https://github.com/ory/kratos/issues/2096)) + ([8913292](https://github.com/ory/kratos/commit/8913292c1193c416e5a54997e3635bef87affc01)): + + Closes https://github.com/ory/kratos-selfservice-ui-node/issues/162 + +- Add versioning and improve compatibility for credential migrations + ([78ce668](https://github.com/ory/kratos/commit/78ce668a38c914939028be42cd30eefa566ed09a)) +- Added phone number identifier + ([#1938](https://github.com/ory/kratos/issues/1938)) + ([294dfa8](https://github.com/ory/kratos/commit/294dfa85b4552b9266c44bb3376b8610c1ff5521)), + closes [#137](https://github.com/ory/kratos/issues/137) +- Added sms sending support to courier + ([687eca2](https://github.com/ory/kratos/commit/687eca24aac7a7b89cc949693271343573107898)) +- Allow empty version string + ([419f94b](https://github.com/ory/kratos/commit/419f94bc1065771e49982faf56f8ef90a30bc306)) +- Allow registration to be disabled + ([#2081](https://github.com/ory/kratos/issues/2081)) + ([864b00d](https://github.com/ory/kratos/commit/864b00d6ecddefdb06ac22fda04670bfa43f2fd5)), + closes [#882](https://github.com/ory/kratos/issues/882) +- Cancelable web hooks + ([44a5323](https://github.com/ory/kratos/commit/44a5323f835860dccd11460d666f620026e8b58d)): + + Introduces the ability to cancel web hooks by calling `error "cancel"` in + JsonNet. + +- **config:** Add option to mark webauthn as passwordless-able + ([0455e3f](https://github.com/ory/kratos/commit/0455e3fe901cff6ff314fd59a35864886672327c)): + + Adds option `passwordless` to `selfservice.methods.webauthn.config`, making it + possible to use WebAuthn for first-factor authentication, or so-called + "passwordless" authentication. + +- Courier template configs ([#2156](https://github.com/ory/kratos/issues/2156)) + ([799b6a8](https://github.com/ory/kratos/commit/799b6a81add747d3001a1758e08ee7b4c6463d64)), + closes [#2054](https://github.com/ory/kratos/issues/2054): + + It is now possible to override individual courier email templates using the + configuration system! + +- Courier templates fs support + ([#2164](https://github.com/ory/kratos/issues/2164)) + ([13689a7](https://github.com/ory/kratos/commit/13689a7135311a05b17383486f5fdab2e7a412d0)) +- **courier:** Expose setters again + ([598dc3a](https://github.com/ory/kratos/commit/598dc3a4d7c27838e9058382378972a1c0330bde)) +- **courier:** Override default link base URL + ([cc99096](https://github.com/ory/kratos/commit/cc99096d07408c8b713ef9a7b17b8345597a9129)): + + Added a new configuration value `selfservice.methods.link.config.base_url` + which allows to change the default base URL of recovery and verification + links. This is useful when the email should send a link which does not match + the globally configured base URL. + + See https://github.com/ory-corp/cloud/issues/1766 + +- **docker:** Add jaeger + ([27ec2b7](https://github.com/ory/kratos/commit/27ec2b74ee42697102c6a9a79bc5ca3c09756d94)) +- **e2e:** Add passwordless flows and fix bugs + ([ef3871b](https://github.com/ory/kratos/commit/ef3871bd9b3e7e5f4360da8d1b7749cc005b4e19)) +- Enable Buildkit ([#2079](https://github.com/ory/kratos/issues/2079)) + ([f40df5c](https://github.com/ory/kratos/commit/f40df5cd932aa3185b2155368db51a49b7f05991)): + + Looks like this was attempted before but the magic comment was not on the + first line. + +- Expose courier template load + ([#2082](https://github.com/ory/kratos/issues/2082)) + ([790716e](https://github.com/ory/kratos/commit/790716e58a4be06f04f3cbc5b974f16d873ae0d8)) +- Generalise courier tests ([#2125](https://github.com/ory/kratos/issues/2125)) + ([75c6053](https://github.com/ory/kratos/commit/75c60537e366760fe87b7b8978e9854873b7f702)) +- **identity:** Add identity credentials helpers + ([b7be327](https://github.com/ory/kratos/commit/b7be327a370368932ff390968acffaa1ce6d55a0)) +- **identity:** Add versioning to credentials + ([aaf779a](https://github.com/ory/kratos/commit/aaf779ac1c29b24ece6d5f3d7892a3bf08277653)) +- Ignore web hook response + ([ae87914](https://github.com/ory/kratos/commit/ae87914512025c05d814a1200eda66d8f931ce44)): + + Introduces the ability to ignore responses from web hooks in favor of faster + and non-blocking execution. + +- Make sensitive log value redaction text configurable + ([#2321](https://github.com/ory/kratos/issues/2321)) + ([9b66e43](https://github.com/ory/kratos/commit/9b66e437d0aeed61643b76aea7d49cad001dc8cf)) +- Make the password policy more configurable + ([#2118](https://github.com/ory/kratos/issues/2118)) + ([70c627b](https://github.com/ory/kratos/commit/70c627b9feb3ec55765070b7c6c3fd64f2640e59)), + closes [#970](https://github.com/ory/kratos/issues/970) +- **oidc:** Customizable base redirect uri + ([fa1f234](https://github.com/ory/kratos/commit/fa1f23469f2fecfa82fa38147f601d969bd9aaa4)): + + Closes https://github.com/ory-corp/cloud/issues/2003 + +- Password, social sign, verified email in import + ([41a27b1](https://github.com/ory/kratos/commit/41a27b1e15e090d3e99cdcfc3c1ba8eac76097a4)), + closes [#605](https://github.com/ory/kratos/issues/605): + + This patch introduces the ability to import passwords (cleartext, PKBDF2, + Argon2, BCrypt) and Social Sign In connections when creating identities! + +- **recovery:** Allow invalidation of existing sessions + ([5029884](https://github.com/ory/kratos/commit/502988474e2bce46752f7fc7885bc1b91423bbdd)), + closes [#1077](https://github.com/ory/kratos/issues/1077): + + You can now use the `revoke_active_sessions` hook in the recovery flow. It + invalidates all of an identity's sessions on successful account recovery. + +- **schema:** Add functionality to disallow internal HTTP requests + ([6e08416](https://github.com/ory/kratos/commit/6e08416235bd821493df4d9cda2e8bd76d507871)): + + See https://github.com/ory-corp/cloud/issues/1261 + +- **security:** Add e2e tests for various private network SSRF defenses + ([b049bc3](https://github.com/ory/kratos/commit/b049bc304cd79568ee82f1423e583949f63d3377)) +- **security:** Add option to disallow private IP ranges in webhooks + ([05f1e5a](https://github.com/ory/kratos/commit/05f1e5a99426ed54cb70514554e64d851f0ba8d6)), + closes [#2152](https://github.com/ory/kratos/issues/2152) +- **security:** Add SSRF defenses in OIDC + ([d37dc5d](https://github.com/ory/kratos/commit/d37dc5d7946252783463bc9e99f7f792e2735614)) +- Selfservice and administrative session management + ([#2011](https://github.com/ory/kratos/issues/2011)) + ([0fe4155](https://github.com/ory/kratos/commit/0fe4155b878102b77f7f13de5f0754ff75961498)), + closes [#655](https://github.com/ory/kratos/issues/655) + [#2007](https://github.com/ory/kratos/issues/2007) +- **session:** Add webauthn to extension validation + ([049fd8e](https://github.com/ory/kratos/commit/049fd8edc382f344018398027a4e0b3915116ff2)) +- **session:** Webauthn can now be a first factor as well + ([861bee0](https://github.com/ory/kratos/commit/861bee0f029e3bb3f6b7218be19eaf6c26562b76)) +- Trace web hook calls ([#2154](https://github.com/ory/kratos/issues/2154)) + ([98ee300](https://github.com/ory/kratos/commit/98ee300e065c6e81e6128a509af3f48612cda88a)) +- **webauthn:** Add error preventing deleting last webauthn credential + ([1209eda](https://github.com/ory/kratos/commit/1209edacaf1b7dea32bd1bd124c86910bc2553c6)) +- **webauthn:** Add new decoder schemas + ([c3e1501](https://github.com/ory/kratos/commit/c3e1501bf5170416a034130eb68d1db456a47239)) +- **webauthn:** Add passwordless credentials indicator + ([6e3057a](https://github.com/ory/kratos/commit/6e3057a96a34d22cac193e5c17b4a3c01d2ca045)) +- **webauthn:** Add swagger type + ([14c2b74](https://github.com/ory/kratos/commit/14c2b745e951a185dee600f6f2e8f93788c67285)) +- **webauthn:** Count passwordless credentials + ([145af23](https://github.com/ory/kratos/commit/145af23aef8f5c9ffdcec47bac5758da709d4646)) +- **webauthn:** Implement refresh using webauth + ([bf10868](https://github.com/ory/kratos/commit/bf108688ed146211da3cc2ec4bf0df015e535220)), + closes [#2284](https://github.com/ory/kratos/issues/2284): + + This change introduces the ability to refresh a session (for example when + entering "sudo" mode") using WebAuthn credentials. In this case, it does not + matter whether the WebAuthN credentials are for MFA or passwordless flows. + +- **webauthn:** Improve schema + ([790dcf3](https://github.com/ory/kratos/commit/790dcf3a7079d57a088d399c03d040af1019a3aa)) +- **webauthn:** Manage webauthn passwordless keys + ([5a62ced](https://github.com/ory/kratos/commit/5a62ced175248a85b1e843b4017757aa86d62d23)) +- **webauthn:** Passwordless login + ([b4c4fd2](https://github.com/ory/kratos/commit/b4c4fd2c25ae5d55350ce573df8295fe6d8c42a1)) +- **webauthn:** Update messages and nodes + ([22534d8](https://github.com/ory/kratos/commit/22534d8253384f2002033a5b2bbdcf573779a49c)) +- **webauthn:** Use plain bytes for wrapped user + ([97c8c9e](https://github.com/ory/kratos/commit/97c8c9e25234847622f1ab508cd5d50758d323c0)) ### Tests -* Add data for new migration ([b0488ef](https://github.com/ory/kratos/commit/b0488efa600024f40b2c019fa0f492dd39c8bfa9)) -* Add tests for new sms options ([799fa10](https://github.com/ory/kratos/commit/799fa106cd0fed33afbe76903911df9292d49bf6)) -* **cmd:** Fix regressions ([4b92be9](https://github.com/ory/kratos/commit/4b92be9325d02e605e12d96c7990774234ed1d1d)) -* **driver:** Fix regressions ([c6f5137](https://github.com/ory/kratos/commit/c6f51377f253275bf7321c67a5e949699ac12adb)) -* **e2e:** Add import tests ([ed90f39](https://github.com/ory/kratos/commit/ed90f394d32ee0a3e42c3a9c1c066f94a05d02c1)) -* **e2e:** Reenable hydra ([055a491](https://github.com/ory/kratos/commit/055a4912d3e7712d4bc3a3f5cf9c68d1834998dc)) -* **e2e:** Resolve privileged regression ([f7dd5ab](https://github.com/ory/kratos/commit/f7dd5aba26b43aa9f60d8429a7d256f48f228578)) -* **e2e:** Resolve regression ([b5053c9](https://github.com/ory/kratos/commit/b5053c902331ae166824eb92b89295e693bf0dc7)) -* **e2e:** Resolve regressions ([da154c5](https://github.com/ory/kratos/commit/da154c5e549f79ca5703209852981ded07281f43)) -* **e2e:** Resolve regressions ([d46d435](https://github.com/ory/kratos/commit/d46d435c40c383bbd844af8fead283ee46a137fb)) -* **e2e:** Resolve regressions and flakes ([a607385](https://github.com/ory/kratos/commit/a60738510875f770f9dbb0b3449dbcf2d473ada3)) -* **e2e:** Wait for initial network requests ([#2242](https://github.com/ory/kratos/issues/2242)) ([c5a04b5](https://github.com/ory/kratos/commit/c5a04b5f174e06faca99ebc7461c8ebe8e1f694d)) -* Extract common registration helpers to library ([5c1f11b](https://github.com/ory/kratos/commit/5c1f11b2ae65dd73d572e456b522a7d83ac1f473)) -* Fix concurrent database access ([46f6fb7](https://github.com/ory/kratos/commit/46f6fb7d246b384e561bdf8952185855f25cce56)) -* Fix regression ([f96e48f](https://github.com/ory/kratos/commit/f96e48fa6d4d8b341bcd3f52228b7abff8b934fb)) -* **identity:** Ensure migrations run when fetching identities ([322d467](https://github.com/ory/kratos/commit/322d467ac11dcdf4e3210f947b80029c77662065)) -* **identity:** Fix regressions ([f492f0e](https://github.com/ory/kratos/commit/f492f0e1d112813d926eac48b5ad5d2e1857a382)) -* Re-enable MySQL ([cbe8f6e](https://github.com/ory/kratos/commit/cbe8f6ea4fe48fe84a5cbc8915754f83e7eff428)) -* Remove obsolete test ([cd644ae](https://github.com/ory/kratos/commit/cd644aef9175fe21024c37a381722503fcd88555)) -* Remove obsolete test failure ([f8fd480](https://github.com/ory/kratos/commit/f8fd48041404344636c51b63d55a668209bed0e0)) -* Remove only ([87b3bce](https://github.com/ory/kratos/commit/87b3bce3433601dd918f76c0bc2d25ea4af6e482)) -* Remove unnecessary test ([2fa33e4](https://github.com/ory/kratos/commit/2fa33e4f28759b5dc5de78e00e42ed8cc4ccce89)) -* Resolve potential panic ([d44af28](https://github.com/ory/kratos/commit/d44af289e9c09a981e80b6f69d22a5cce6b1dbfa)) -* **schema:** Resolve regressions ([c6d0810](https://github.com/ory/kratos/commit/c6d08105a270fafd21a14a19e412d7081dedc754)) -* Significantly reduce persister run time ([647d6ef](https://github.com/ory/kratos/commit/647d6ef73797462020c2f59ece15e645561182b0)) -* Update cypress ([#2090](https://github.com/ory/kratos/issues/2090)) ([883a1b1](https://github.com/ory/kratos/commit/883a1b1ea33a1d3ef8b33342328382b59e4f18c3)) -* Update fixtures ([21462b7](https://github.com/ory/kratos/commit/21462b7eb8cbac719d8ae531969b0fd9d42b5e0c)) -* Update fixtures ([299c6e3](https://github.com/ory/kratos/commit/299c6e3be7c120bb769a4b2572ebe42c5ab3ddb1)) -* **webauthn:** Add passwordless profile ([88199ea](https://github.com/ory/kratos/commit/88199ea28e8b3460ccc585e5fd1713d398cae15c)) -* **webauthn:** Passwordless registration ([c9b6280](https://github.com/ory/kratos/commit/c9b6280720c2fd08191994c86e85ceb1f52a27d2)) +- Add data for new migration + ([b0488ef](https://github.com/ory/kratos/commit/b0488efa600024f40b2c019fa0f492dd39c8bfa9)) +- Add tests for new sms options + ([799fa10](https://github.com/ory/kratos/commit/799fa106cd0fed33afbe76903911df9292d49bf6)) +- **cmd:** Fix regressions + ([4b92be9](https://github.com/ory/kratos/commit/4b92be9325d02e605e12d96c7990774234ed1d1d)) +- **driver:** Fix regressions + ([c6f5137](https://github.com/ory/kratos/commit/c6f51377f253275bf7321c67a5e949699ac12adb)) +- **e2e:** Add import tests + ([ed90f39](https://github.com/ory/kratos/commit/ed90f394d32ee0a3e42c3a9c1c066f94a05d02c1)) +- **e2e:** Reenable hydra + ([055a491](https://github.com/ory/kratos/commit/055a4912d3e7712d4bc3a3f5cf9c68d1834998dc)) +- **e2e:** Resolve privileged regression + ([f7dd5ab](https://github.com/ory/kratos/commit/f7dd5aba26b43aa9f60d8429a7d256f48f228578)) +- **e2e:** Resolve regression + ([b5053c9](https://github.com/ory/kratos/commit/b5053c902331ae166824eb92b89295e693bf0dc7)) +- **e2e:** Resolve regressions + ([da154c5](https://github.com/ory/kratos/commit/da154c5e549f79ca5703209852981ded07281f43)) +- **e2e:** Resolve regressions + ([d46d435](https://github.com/ory/kratos/commit/d46d435c40c383bbd844af8fead283ee46a137fb)) +- **e2e:** Resolve regressions and flakes + ([a607385](https://github.com/ory/kratos/commit/a60738510875f770f9dbb0b3449dbcf2d473ada3)) +- **e2e:** Wait for initial network requests + ([#2242](https://github.com/ory/kratos/issues/2242)) + ([c5a04b5](https://github.com/ory/kratos/commit/c5a04b5f174e06faca99ebc7461c8ebe8e1f694d)) +- Extract common registration helpers to library + ([5c1f11b](https://github.com/ory/kratos/commit/5c1f11b2ae65dd73d572e456b522a7d83ac1f473)) +- Fix concurrent database access + ([46f6fb7](https://github.com/ory/kratos/commit/46f6fb7d246b384e561bdf8952185855f25cce56)) +- Fix regression + ([f96e48f](https://github.com/ory/kratos/commit/f96e48fa6d4d8b341bcd3f52228b7abff8b934fb)) +- **identity:** Ensure migrations run when fetching identities + ([322d467](https://github.com/ory/kratos/commit/322d467ac11dcdf4e3210f947b80029c77662065)) +- **identity:** Fix regressions + ([f492f0e](https://github.com/ory/kratos/commit/f492f0e1d112813d926eac48b5ad5d2e1857a382)) +- Re-enable MySQL + ([cbe8f6e](https://github.com/ory/kratos/commit/cbe8f6ea4fe48fe84a5cbc8915754f83e7eff428)) +- Remove obsolete test + ([cd644ae](https://github.com/ory/kratos/commit/cd644aef9175fe21024c37a381722503fcd88555)) +- Remove obsolete test failure + ([f8fd480](https://github.com/ory/kratos/commit/f8fd48041404344636c51b63d55a668209bed0e0)) +- Remove only + ([87b3bce](https://github.com/ory/kratos/commit/87b3bce3433601dd918f76c0bc2d25ea4af6e482)) +- Remove unnecessary test + ([2fa33e4](https://github.com/ory/kratos/commit/2fa33e4f28759b5dc5de78e00e42ed8cc4ccce89)) +- Resolve potential panic + ([d44af28](https://github.com/ory/kratos/commit/d44af289e9c09a981e80b6f69d22a5cce6b1dbfa)) +- **schema:** Resolve regressions + ([c6d0810](https://github.com/ory/kratos/commit/c6d08105a270fafd21a14a19e412d7081dedc754)) +- Significantly reduce persister run time + ([647d6ef](https://github.com/ory/kratos/commit/647d6ef73797462020c2f59ece15e645561182b0)) +- Update cypress ([#2090](https://github.com/ory/kratos/issues/2090)) + ([883a1b1](https://github.com/ory/kratos/commit/883a1b1ea33a1d3ef8b33342328382b59e4f18c3)) +- Update fixtures + ([21462b7](https://github.com/ory/kratos/commit/21462b7eb8cbac719d8ae531969b0fd9d42b5e0c)) +- Update fixtures + ([299c6e3](https://github.com/ory/kratos/commit/299c6e3be7c120bb769a4b2572ebe42c5ab3ddb1)) +- **webauthn:** Add passwordless profile + ([88199ea](https://github.com/ory/kratos/commit/88199ea28e8b3460ccc585e5fd1713d398cae15c)) +- **webauthn:** Passwordless registration + ([c9b6280](https://github.com/ory/kratos/commit/c9b6280720c2fd08191994c86e85ceb1f52a27d2)) ### Unclassified -* Move login hinting to own package ([1eb2604](https://github.com/ory/kratos/commit/1eb260423491af917edb1256d260ca3d3fb198dc)) - +- Move login hinting to own package + ([1eb2604](https://github.com/ory/kratos/commit/1eb260423491af917edb1256d260ca3d3fb198dc)) # [0.8.2-alpha.1](https://github.com/ory/kratos/compare/v0.8.1-alpha.1...v0.8.2-alpha.1) (2021-12-17) -This release addresses further important security updates in the base Docker Images. We also resolved all issues related to ARM support on both Linux and macOS and fixed a bug that prevent the binary from compiling on FreeBSD. +This release addresses further important security updates in the base Docker +Images. We also resolved all issues related to ARM support on both Linux and +macOS and fixed a bug that prevent the binary from compiling on FreeBSD. -This release also makes use of our new build architecture which means that the Docker Images names have changed. We removed the "scratch" images as we received frequent complaints about them. Additionally, -all Docker Images have now, per default, SQLite support built-in. If you are relying on the SQLite images, update your Docker Pull commands as follows: +This release also makes use of our new build architecture which means that the +Docker Images names have changed. We removed the "scratch" images as we received +frequent complaints about them. Additionally, all Docker Images have now, per +default, SQLite support built-in. If you are relying on the SQLite images, +update your Docker Pull commands as follows: ```patch - docker pull oryd/kratos:{version}-sqlite + docker pull oryd/kratos:{version} ``` -Additionally, all passwords now have to be at least 8 characters long, following recommendations from Microsoft and others. +Additionally, all passwords now have to be at least 8 characters long, following +recommendations from Microsoft and others. -In v0.8.1-alpha.1 we failed to include all the exciting things that landed, so we'll cover them now! +In v0.8.1-alpha.1 we failed to include all the exciting things that landed, so +we'll cover them now! -1. Advanced E-Mail templating support with sprig - makes it possible to translate emails as well! +1. Advanced E-Mail templating support with sprig - makes it possible to + translate emails as well! 2. Support wildcards for allowing redirection targets. -3. Account Recovery initiated by the Admin API now works even if identities have no email address. +3. Account Recovery initiated by the Admin API now works even if identities have + no email address. Enjoy this release! - - - - ### Bug Fixes -* Add missing sample app paths to oathkeeper config ([#2058](https://github.com/ory/kratos/issues/2058)) ([a527db4](https://github.com/ory/kratos/commit/a527db4487c4efd2e96f8bf84d48a3cca30a14a1)): +- Add missing sample app paths to oathkeeper config + ([#2058](https://github.com/ory/kratos/issues/2058)) + ([a527db4](https://github.com/ory/kratos/commit/a527db4487c4efd2e96f8bf84d48a3cca30a14a1)): - Add "welcome,registration,login,verification" and "**.png" to the paths oathkeeper forwards to self service ui. + Add "welcome,registration,login,verification" and "\*\*.png" to the paths + oathkeeper forwards to self service ui. -* Add section on webauthn constraints ([#2072](https://github.com/ory/kratos/issues/2072)) ([23663b5](https://github.com/ory/kratos/commit/23663b50afce59cec2cfcaa4d3f50ae0abcf6310)) -* After release hooks ([56c2e61](https://github.com/ory/kratos/commit/56c2e61195b6e6808ed76b9fd5dee0da1f489ce9)) -* Dockerfile clean up ([52420cc](https://github.com/ory/kratos/commit/52420ccc17a8d395f0b13c0ad03ac334434c4b0e)), closes [#2070](https://github.com/ory/kratos/issues/2070) -* Goreleaser after hook ([c763f2b](https://github.com/ory/kratos/commit/c763f2b394543a142f35b022d9c9d154c8e8489c)) -* Goreleaser config ([7099af2](https://github.com/ory/kratos/commit/7099af20929ad003968e7fc9e47a4fe745984fbb)): +- Add section on webauthn constraints + ([#2072](https://github.com/ory/kratos/issues/2072)) + ([23663b5](https://github.com/ory/kratos/commit/23663b50afce59cec2cfcaa4d3f50ae0abcf6310)) +- After release hooks + ([56c2e61](https://github.com/ory/kratos/commit/56c2e61195b6e6808ed76b9fd5dee0da1f489ce9)) +- Dockerfile clean up + ([52420cc](https://github.com/ory/kratos/commit/52420ccc17a8d395f0b13c0ad03ac334434c4b0e)), + closes [#2070](https://github.com/ory/kratos/issues/2070) +- Goreleaser after hook + ([c763f2b](https://github.com/ory/kratos/commit/c763f2b394543a142f35b022d9c9d154c8e8489c)) +- Goreleaser config + ([7099af2](https://github.com/ory/kratos/commit/7099af20929ad003968e7fc9e47a4fe745984fbb)): - See https://github.com/goreleaser/goreleaser/issues/2762 + See https://github.com/goreleaser/goreleaser/issues/2762 -* Release hook ([90bd769](https://github.com/ory/kratos/commit/90bd7698380168b88ee301d9f343054052b208fd)) +- Release hook + ([90bd769](https://github.com/ory/kratos/commit/90bd7698380168b88ee301d9f343054052b208fd)) ### Code Generation -* Pin v0.8.2-alpha.1 release commit ([627f4a1](https://github.com/ory/kratos/commit/627f4a1ddb378db84510a85013c4580a9d8024ad)) +- Pin v0.8.2-alpha.1 release commit + ([627f4a1](https://github.com/ory/kratos/commit/627f4a1ddb378db84510a85013c4580a9d8024ad)) ### Documentation -* Fix bodged release ([032b23a](https://github.com/ory/kratos/commit/032b23aba3fa04e5e2a638b78b806ca49a6a8e1c)) -* Quickstart update ([#2060](https://github.com/ory/kratos/issues/2060)) ([3387cf6](https://github.com/ory/kratos/commit/3387cf6f111db5944fbff536fd0a9a67bc388f9a)), closes [#2032](https://github.com/ory/kratos/issues/2032) [#1916](https://github.com/ory/kratos/issues/1916) - +- Fix bodged release + ([032b23a](https://github.com/ory/kratos/commit/032b23aba3fa04e5e2a638b78b806ca49a6a8e1c)) +- Quickstart update ([#2060](https://github.com/ory/kratos/issues/2060)) + ([3387cf6](https://github.com/ory/kratos/commit/3387cf6f111db5944fbff536fd0a9a67bc388f9a)), + closes [#2032](https://github.com/ory/kratos/issues/2032) + [#1916](https://github.com/ory/kratos/issues/1916) # [0.8.1-alpha.1](https://github.com/ory/kratos/compare/v0.8.0-alpha.3...v0.8.1-alpha.1) (2021-12-13) -This maintenance release important security updates for the base Docker Images (e.g. Alpine). Additionally, several hiccups with the new ARM support have been resolved and the binaries are now downloadable for all major platforms. Please note that passwords now have to be at least 8 characters long, following recommendations from Microsoft and others. +This maintenance release important security updates for the base Docker Images +(e.g. Alpine). Additionally, several hiccups with the new ARM support have been +resolved and the binaries are now downloadable for all major platforms. Please +note that passwords now have to be at least 8 characters long, following +recommendations from Microsoft and others. Enjoy this release! - - ## Breaking Changes -To celebrate this change, we cleaned up the ways you install Ory software, and will roll this out to all other projects soon: +To celebrate this change, we cleaned up the ways you install Ory software, and +will roll this out to all other projects soon: There is now one central brew / bash curl repository: @@ -1023,172 +1665,280 @@ There is now one central brew / bash curl repository: +bash <(curl https://raw.githubusercontent.com/ory/meta/master/install.sh) kratos ``` - - ### Bug Fixes -* Add base64 to ReadSchema ([#1918](https://github.com/ory/kratos/issues/1918)) ([8c8815b](https://github.com/ory/kratos/commit/8c8815b7ced0051eb0120198ae75b8fcf0fce2ba)), closes [#1529](https://github.com/ory/kratos/issues/1529) -* Add error.id to invalid cookie/token settings flow ([#1919](https://github.com/ory/kratos/issues/1919)) ([73610d4](https://github.com/ory/kratos/commit/73610d4cfb16789385d2660e278419664b1ea3f3)), closes [#1888](https://github.com/ory/kratos/issues/1888) -* Adds missing webauthn authentication method ([#1914](https://github.com/ory/kratos/issues/1914)) ([44892f3](https://github.com/ory/kratos/commit/44892f379c1aa9ffd7f5c92c9c1b32cc34a0dada)) -* Allow use of relative URLs in config ([#1754](https://github.com/ory/kratos/issues/1754)) ([5f73bb0](https://github.com/ory/kratos/commit/5f73bb0784aeb7c4f3b1ed949926f9d9aed968d1)), closes [#1446](https://github.com/ory/kratos/issues/1446) -* Bodget docs commit ([f9d2f82](https://github.com/ory/kratos/commit/f9d2f8245bc94aaf21ddc9e5516b64e7887dae4b)) -* Build docs on release ([2cf137a](https://github.com/ory/kratos/commit/2cf137a0540b81f4e405920cafd251db71d2f9fa)) -* De-duplicate message IDs ([#1973](https://github.com/ory/kratos/issues/1973)) ([9d8e197](https://github.com/ory/kratos/commit/9d8e19720fcc2e5b5371c2ddea4e2501304a93fd)) -* Do not use csrf for meta endpoints ([#1927](https://github.com/ory/kratos/issues/1927)) ([fd14798](https://github.com/ory/kratos/commit/fd147989a55357248a37a30548c5d4c104bcf0f7)) -* Docs links ([#2008](https://github.com/ory/kratos/issues/2008)) ([8515e17](https://github.com/ory/kratos/commit/8515e17938570770ca4cbf93028782925e28f431)) -* E2e test regression ([#1937](https://github.com/ory/kratos/issues/1937)) ([c9be009](https://github.com/ory/kratos/commit/c9be009112b03291ea76dd4de0911f495cf1e1ac)) -* Include text label for link email field ([07a1dbb](https://github.com/ory/kratos/commit/07a1dbb95156ca50116219dc837ca61e3d597df1)), closes [#1909](https://github.com/ory/kratos/issues/1909) -* Panic on webhook with nil body ([#1890](https://github.com/ory/kratos/issues/1890)) ([4bf1825](https://github.com/ory/kratos/commit/4bf18250373b7255e26e95d51a257e5280ad3148)), closes [#1885](https://github.com/ory/kratos/issues/1885) -* Paths ([8c852c7](https://github.com/ory/kratos/commit/8c852c73136e130d163e2c9c5e0ca8a3449f4e26)) -* Require minimum length of 8 characters password ([#2009](https://github.com/ory/kratos/issues/2009)) ([bb5846e](https://github.com/ory/kratos/commit/bb5846ecb446b9e58b2a4949c678fddac4bbac4f)): - - Kratos follows [NIST Digital Identity Guidelines - 5.1.1.2 Memorized Secret Verifiers](https://pages.nist.gov/800-63-3/sp800-63b.html) and [password policy](https://www.ory.sh/kratos/docs/concepts/security#password-policy) says - - > Passwords must have a minimum length of 8 characters and all characters (unicode, ASCII) must be allowed. - - - - -* Resolve freebsd build issue ([#2004](https://github.com/ory/kratos/issues/2004)) ([9c75fe9](https://github.com/ory/kratos/commit/9c75fe9e7ab4ff27f8d1f2399a58baaadefaaa0d)), closes [#1645](https://github.com/ory/kratos/issues/1645) -* Revert tag ([f1d7b9e](https://github.com/ory/kratos/commit/f1d7b9e2db2cab4acdcaacbae06a85c42417b334)), closes [#1945](https://github.com/ory/kratos/issues/1945) -* Set dockerfile ([c860b99](https://github.com/ory/kratos/commit/c860b992aee6a63d9696377ed9047e8cdeef0098)) -* Skip docs publishing for pre releases ([eb6d8cd](https://github.com/ory/kratos/commit/eb6d8cdb2d3d400eb3b9398a15825ecdb10d3cf8)) -* Speed up git clone ([d3e4bde](https://github.com/ory/kratos/commit/d3e4bdefd252131b6a1b84917962ff07284e3f9f)) -* Support complex lifespans ([#2050](https://github.com/ory/kratos/issues/2050)) ([0edbebe](https://github.com/ory/kratos/commit/0edbebed896e79fd2979a54756932ea27c2ddb99)) -* Update docs after release ([850be90](https://github.com/ory/kratos/commit/850be9065b64bcf268b42e4018f60b25a7a73da5)) -* Update sdk orb ([94e12e6](https://github.com/ory/kratos/commit/94e12e6d767ffa46d9060fdfb463adb83806990b)) -* Use bcrypt for password hashing in example ([a9196f2](https://github.com/ory/kratos/commit/a9196f27791c30d32743e6b69a86595d76362f29)) -* Use new ory installation method ([09cfc7e](https://github.com/ory/kratos/commit/09cfc7e2c23885270ef02193b4fdddc5550f3c23)) -* Verification error code ([#1967](https://github.com/ory/kratos/issues/1967)) ([44411ab](https://github.com/ory/kratos/commit/44411ab4ac5f184c7f42e6ece0ccb2ae7cbdc42c)), closes [#1956](https://github.com/ory/kratos/issues/1956) +- Add base64 to ReadSchema ([#1918](https://github.com/ory/kratos/issues/1918)) + ([8c8815b](https://github.com/ory/kratos/commit/8c8815b7ced0051eb0120198ae75b8fcf0fce2ba)), + closes [#1529](https://github.com/ory/kratos/issues/1529) +- Add error.id to invalid cookie/token settings flow + ([#1919](https://github.com/ory/kratos/issues/1919)) + ([73610d4](https://github.com/ory/kratos/commit/73610d4cfb16789385d2660e278419664b1ea3f3)), + closes [#1888](https://github.com/ory/kratos/issues/1888) +- Adds missing webauthn authentication method + ([#1914](https://github.com/ory/kratos/issues/1914)) + ([44892f3](https://github.com/ory/kratos/commit/44892f379c1aa9ffd7f5c92c9c1b32cc34a0dada)) +- Allow use of relative URLs in config + ([#1754](https://github.com/ory/kratos/issues/1754)) + ([5f73bb0](https://github.com/ory/kratos/commit/5f73bb0784aeb7c4f3b1ed949926f9d9aed968d1)), + closes [#1446](https://github.com/ory/kratos/issues/1446) +- Bodget docs commit + ([f9d2f82](https://github.com/ory/kratos/commit/f9d2f8245bc94aaf21ddc9e5516b64e7887dae4b)) +- Build docs on release + ([2cf137a](https://github.com/ory/kratos/commit/2cf137a0540b81f4e405920cafd251db71d2f9fa)) +- De-duplicate message IDs ([#1973](https://github.com/ory/kratos/issues/1973)) + ([9d8e197](https://github.com/ory/kratos/commit/9d8e19720fcc2e5b5371c2ddea4e2501304a93fd)) +- Do not use csrf for meta endpoints + ([#1927](https://github.com/ory/kratos/issues/1927)) + ([fd14798](https://github.com/ory/kratos/commit/fd147989a55357248a37a30548c5d4c104bcf0f7)) +- Docs links ([#2008](https://github.com/ory/kratos/issues/2008)) + ([8515e17](https://github.com/ory/kratos/commit/8515e17938570770ca4cbf93028782925e28f431)) +- E2e test regression ([#1937](https://github.com/ory/kratos/issues/1937)) + ([c9be009](https://github.com/ory/kratos/commit/c9be009112b03291ea76dd4de0911f495cf1e1ac)) +- Include text label for link email field + ([07a1dbb](https://github.com/ory/kratos/commit/07a1dbb95156ca50116219dc837ca61e3d597df1)), + closes [#1909](https://github.com/ory/kratos/issues/1909) +- Panic on webhook with nil body + ([#1890](https://github.com/ory/kratos/issues/1890)) + ([4bf1825](https://github.com/ory/kratos/commit/4bf18250373b7255e26e95d51a257e5280ad3148)), + closes [#1885](https://github.com/ory/kratos/issues/1885) +- Paths + ([8c852c7](https://github.com/ory/kratos/commit/8c852c73136e130d163e2c9c5e0ca8a3449f4e26)) +- Require minimum length of 8 characters password + ([#2009](https://github.com/ory/kratos/issues/2009)) + ([bb5846e](https://github.com/ory/kratos/commit/bb5846ecb446b9e58b2a4949c678fddac4bbac4f)): + + Kratos follows + [NIST Digital Identity Guidelines - 5.1.1.2 Memorized Secret Verifiers](https://pages.nist.gov/800-63-3/sp800-63b.html) + and + [password policy](https://www.ory.sh/kratos/docs/concepts/security#password-policy) + says + + > Passwords must have a minimum length of 8 characters and all characters + > (unicode, ASCII) must be allowed. + +- Resolve freebsd build issue + ([#2004](https://github.com/ory/kratos/issues/2004)) + ([9c75fe9](https://github.com/ory/kratos/commit/9c75fe9e7ab4ff27f8d1f2399a58baaadefaaa0d)), + closes [#1645](https://github.com/ory/kratos/issues/1645) +- Revert tag + ([f1d7b9e](https://github.com/ory/kratos/commit/f1d7b9e2db2cab4acdcaacbae06a85c42417b334)), + closes [#1945](https://github.com/ory/kratos/issues/1945) +- Set dockerfile + ([c860b99](https://github.com/ory/kratos/commit/c860b992aee6a63d9696377ed9047e8cdeef0098)) +- Skip docs publishing for pre releases + ([eb6d8cd](https://github.com/ory/kratos/commit/eb6d8cdb2d3d400eb3b9398a15825ecdb10d3cf8)) +- Speed up git clone + ([d3e4bde](https://github.com/ory/kratos/commit/d3e4bdefd252131b6a1b84917962ff07284e3f9f)) +- Support complex lifespans ([#2050](https://github.com/ory/kratos/issues/2050)) + ([0edbebe](https://github.com/ory/kratos/commit/0edbebed896e79fd2979a54756932ea27c2ddb99)) +- Update docs after release + ([850be90](https://github.com/ory/kratos/commit/850be9065b64bcf268b42e4018f60b25a7a73da5)) +- Update sdk orb + ([94e12e6](https://github.com/ory/kratos/commit/94e12e6d767ffa46d9060fdfb463adb83806990b)) +- Use bcrypt for password hashing in example + ([a9196f2](https://github.com/ory/kratos/commit/a9196f27791c30d32743e6b69a86595d76362f29)) +- Use new ory installation method + ([09cfc7e](https://github.com/ory/kratos/commit/09cfc7e2c23885270ef02193b4fdddc5550f3c23)) +- Verification error code ([#1967](https://github.com/ory/kratos/issues/1967)) + ([44411ab](https://github.com/ory/kratos/commit/44411ab4ac5f184c7f42e6ece0ccb2ae7cbdc42c)), + closes [#1956](https://github.com/ory/kratos/issues/1956) ### Code Generation -* Pin v0.8.1-alpha.1 release commit ([8247416](https://github.com/ory/kratos/commit/82474161f61a3a22afad478838ffe8fe837d41ac)) +- Pin v0.8.1-alpha.1 release commit + ([8247416](https://github.com/ory/kratos/commit/82474161f61a3a22afad478838ffe8fe837d41ac)) ### Documentation -* Add `Content-Type` to recommended CORS allowed headers ([#2015](https://github.com/ory/kratos/issues/2015)) ([dd890ab](https://github.com/ory/kratos/commit/dd890ab96727d7a2c8c2f52279dc3516096213f0)) -* Add subdomain configuration in csrf page ([#1896](https://github.com/ory/kratos/issues/1896)) ([681750f](https://github.com/ory/kratos/commit/681750f92d7fe517e7cc184cb4b65e6a21903ee9)): - - Add some instructions as to how kratos can be configured to work across subdomains. - -* **debug:** Fix typo ([#1976](https://github.com/ory/kratos/issues/1976)) ([0647554](https://github.com/ory/kratos/commit/0647554179d7b0119ed01d353cd0ea9eb8317752)) -* Fix incorrect tag ([bbd2355](https://github.com/ory/kratos/commit/bbd2355bbb220389021b596eec339a25652d932a)), closes [#2032](https://github.com/ory/kratos/issues/2032) [#2028](https://github.com/ory/kratos/issues/2028) -* Fixed date format example ([#2038](https://github.com/ory/kratos/issues/2038)) ([fc4703a](https://github.com/ory/kratos/commit/fc4703aa34066a56fa3cf3b664a0d032157e477a)) -* Improve text around bcrypt ([#2037](https://github.com/ory/kratos/issues/2037)) ([ba6981e](https://github.com/ory/kratos/commit/ba6981e344e880936b5e995c433dae85659ba780)) -* Levenshtein-Distance has been released ([#2040](https://github.com/ory/kratos/issues/2040)) ([393b6b3](https://github.com/ory/kratos/commit/393b6b38cdc4758e838eec20e81d486662f7b4a7)) -* Minor fixes ([#2010](https://github.com/ory/kratos/issues/2010)) ([12918db](https://github.com/ory/kratos/commit/12918dbf4b0edb2857e06736aee9cccf1a5f76ff)) -* Password-strength meter has been dropped ([#2041](https://github.com/ory/kratos/issues/2041)) ([9848fb3](https://github.com/ory/kratos/commit/9848fb3b40c12799eafc73d2ec0f410bf5b22aa8)) -* Remove unintended characters in subdomain section in csrf page ([#1897](https://github.com/ory/kratos/issues/1897)) ([dfb9007](https://github.com/ory/kratos/commit/dfb900797fc98ca7900631ccf8018858c4e43e85)) -* This has been done ([#2045](https://github.com/ory/kratos/issues/2045)) ([7e8c91a](https://github.com/ory/kratos/commit/7e8c91ace5229fdc394461b3453acb3f01da0a6c)) -* Totp unlink image in 2fa docs ([#1957](https://github.com/ory/kratos/issues/1957)) ([7afb731](https://github.com/ory/kratos/commit/7afb731c15ebbd6bab54a133f2e80e938dd937d4)) -* Update email template docs ([#1960](https://github.com/ory/kratos/issues/1960)) ([#1968](https://github.com/ory/kratos/issues/1968)) ([b0f25a9](https://github.com/ory/kratos/commit/b0f25a9a6013f1e450163f5c08b221d328c210be)) -* Webhooks have landed ([#2035](https://github.com/ory/kratos/issues/2035)) ([80e53eb](https://github.com/ory/kratos/commit/80e53eb83d0dc84d2082ee343bfcecd2bfd99e13)) +- Add `Content-Type` to recommended CORS allowed headers + ([#2015](https://github.com/ory/kratos/issues/2015)) + ([dd890ab](https://github.com/ory/kratos/commit/dd890ab96727d7a2c8c2f52279dc3516096213f0)) +- Add subdomain configuration in csrf page + ([#1896](https://github.com/ory/kratos/issues/1896)) + ([681750f](https://github.com/ory/kratos/commit/681750f92d7fe517e7cc184cb4b65e6a21903ee9)): + + Add some instructions as to how kratos can be configured to work across + subdomains. + +- **debug:** Fix typo ([#1976](https://github.com/ory/kratos/issues/1976)) + ([0647554](https://github.com/ory/kratos/commit/0647554179d7b0119ed01d353cd0ea9eb8317752)) +- Fix incorrect tag + ([bbd2355](https://github.com/ory/kratos/commit/bbd2355bbb220389021b596eec339a25652d932a)), + closes [#2032](https://github.com/ory/kratos/issues/2032) + [#2028](https://github.com/ory/kratos/issues/2028) +- Fixed date format example ([#2038](https://github.com/ory/kratos/issues/2038)) + ([fc4703a](https://github.com/ory/kratos/commit/fc4703aa34066a56fa3cf3b664a0d032157e477a)) +- Improve text around bcrypt + ([#2037](https://github.com/ory/kratos/issues/2037)) + ([ba6981e](https://github.com/ory/kratos/commit/ba6981e344e880936b5e995c433dae85659ba780)) +- Levenshtein-Distance has been released + ([#2040](https://github.com/ory/kratos/issues/2040)) + ([393b6b3](https://github.com/ory/kratos/commit/393b6b38cdc4758e838eec20e81d486662f7b4a7)) +- Minor fixes ([#2010](https://github.com/ory/kratos/issues/2010)) + ([12918db](https://github.com/ory/kratos/commit/12918dbf4b0edb2857e06736aee9cccf1a5f76ff)) +- Password-strength meter has been dropped + ([#2041](https://github.com/ory/kratos/issues/2041)) + ([9848fb3](https://github.com/ory/kratos/commit/9848fb3b40c12799eafc73d2ec0f410bf5b22aa8)) +- Remove unintended characters in subdomain section in csrf page + ([#1897](https://github.com/ory/kratos/issues/1897)) + ([dfb9007](https://github.com/ory/kratos/commit/dfb900797fc98ca7900631ccf8018858c4e43e85)) +- This has been done ([#2045](https://github.com/ory/kratos/issues/2045)) + ([7e8c91a](https://github.com/ory/kratos/commit/7e8c91ace5229fdc394461b3453acb3f01da0a6c)) +- Totp unlink image in 2fa docs + ([#1957](https://github.com/ory/kratos/issues/1957)) + ([7afb731](https://github.com/ory/kratos/commit/7afb731c15ebbd6bab54a133f2e80e938dd937d4)) +- Update email template docs + ([#1960](https://github.com/ory/kratos/issues/1960)) + ([#1968](https://github.com/ory/kratos/issues/1968)) + ([b0f25a9](https://github.com/ory/kratos/commit/b0f25a9a6013f1e450163f5c08b221d328c210be)) +- Webhooks have landed ([#2035](https://github.com/ory/kratos/issues/2035)) + ([80e53eb](https://github.com/ory/kratos/commit/80e53eb83d0dc84d2082ee343bfcecd2bfd99e13)) ### Features -* Add alpine dockerfile ([587eaee](https://github.com/ory/kratos/commit/587eaeee60cab2f539af8f309800f5a6e9cdfe6f)) -* Add new goreleaser build chain ([#1932](https://github.com/ory/kratos/issues/1932)) ([cf1714d](https://github.com/ory/kratos/commit/cf1714dafaa0cda98640c772106620586dae7763)): - - This patch adds full compatibility with ARM architectures, including Apple Silicon (M1). We additionally added cryptographically signed signatures verifiable using [cosign](https://github.com/sigstore/cosign) for both binaries as well as docker images. - -* Add quickstart mimicking hosted ui ([813fb4c](https://github.com/ory/kratos/commit/813fb4cf48df1154ea334cca751cb55f7b3c77eb)) -* Add x-total-count to paginated pages ([b633ec3](https://github.com/ory/kratos/commit/b633ec3da6ccca196cd9d78c3c43d9797bd8d982)) -* Advanced e-mail templating support ([#1859](https://github.com/ory/kratos/issues/1859)) ([54b97b4](https://github.com/ory/kratos/commit/54b97b45506eff9cfafe338842ddf818b0c81f62)), closes [#834](https://github.com/ory/kratos/issues/834) [#925](https://github.com/ory/kratos/issues/925) -* Allow wildcard domains for redirect_to checks ([#1528](https://github.com/ory/kratos/issues/1528)) ([349cdcf](https://github.com/ory/kratos/commit/349cdcf4b1298d9e544344705ecd8e7b5eada48c)), closes [#943](https://github.com/ory/kratos/issues/943): - - Support wildcard domains in redirect_to checks. - -* Buildkit with multi stage build ([#2025](https://github.com/ory/kratos/issues/2025)) ([57ab7f7](https://github.com/ory/kratos/commit/57ab7f784674c2cef2b1cef4b6922e9834213e3d)) -* **cmd:** Add OIDC credential include ([#2017](https://github.com/ory/kratos/issues/2017)) ([1482844](https://github.com/ory/kratos/commit/148284485db8a86aa10c5aefb34373f9a8c7d95a)): - - With this change, the `kratos identities get` CLI can additionally fetch OIDC credentials. - - - -* Configurable health endpoints access logging ([#1934](https://github.com/ory/kratos/issues/1934)) ([1301f68](https://github.com/ory/kratos/commit/1301f689bb0f1f44b66a057c8915f77ac71f30cc)): - - This PR introduces a new boolean configuration parameter that allows turning off logging of health endpoints requests in the access log. The implementation is basically a rip-off from Ory Hydra and the configuration parameter is the same: - - ``` - serve.public.request_log.disable_for_health - serve.admin.request_log.disable_for_health - ``` - - The default value is _false_. - - - -* Generalise courier ([#2019](https://github.com/ory/kratos/issues/2019)) ([1762a73](https://github.com/ory/kratos/commit/1762a730886707be3549bc6789f65c66d755e1d0)) -* Integrate sbom generation to goreleaser ([#1850](https://github.com/ory/kratos/issues/1850)) ([305bb28](https://github.com/ory/kratos/commit/305bb28d689dabc4d211baac5e6babd34862af5f)) -* Make admin recovery to work without emails [#1419](https://github.com/ory/kratos/issues/1419) ([#1750](https://github.com/ory/kratos/issues/1750)) ([db00e85](https://github.com/ory/kratos/commit/db00e85e65c31b2bc497f0f4b4a28684b9f8bb9a)) -* **oidc:** Add spotify provider ([#2024](https://github.com/ory/kratos/issues/2024)) ([0064e35](https://github.com/ory/kratos/commit/0064e350ccb417fefee6f48ca5895f3d75247bb3)) +- Add alpine dockerfile + ([587eaee](https://github.com/ory/kratos/commit/587eaeee60cab2f539af8f309800f5a6e9cdfe6f)) +- Add new goreleaser build chain + ([#1932](https://github.com/ory/kratos/issues/1932)) + ([cf1714d](https://github.com/ory/kratos/commit/cf1714dafaa0cda98640c772106620586dae7763)): + + This patch adds full compatibility with ARM architectures, including Apple + Silicon (M1). We additionally added cryptographically signed signatures + verifiable using [cosign](https://github.com/sigstore/cosign) for both + binaries as well as docker images. + +- Add quickstart mimicking hosted ui + ([813fb4c](https://github.com/ory/kratos/commit/813fb4cf48df1154ea334cca751cb55f7b3c77eb)) +- Add x-total-count to paginated pages + ([b633ec3](https://github.com/ory/kratos/commit/b633ec3da6ccca196cd9d78c3c43d9797bd8d982)) +- Advanced e-mail templating support + ([#1859](https://github.com/ory/kratos/issues/1859)) + ([54b97b4](https://github.com/ory/kratos/commit/54b97b45506eff9cfafe338842ddf818b0c81f62)), + closes [#834](https://github.com/ory/kratos/issues/834) + [#925](https://github.com/ory/kratos/issues/925) +- Allow wildcard domains for redirect_to checks + ([#1528](https://github.com/ory/kratos/issues/1528)) + ([349cdcf](https://github.com/ory/kratos/commit/349cdcf4b1298d9e544344705ecd8e7b5eada48c)), + closes [#943](https://github.com/ory/kratos/issues/943): + + Support wildcard domains in redirect_to checks. + +- Buildkit with multi stage build + ([#2025](https://github.com/ory/kratos/issues/2025)) + ([57ab7f7](https://github.com/ory/kratos/commit/57ab7f784674c2cef2b1cef4b6922e9834213e3d)) +- **cmd:** Add OIDC credential include + ([#2017](https://github.com/ory/kratos/issues/2017)) + ([1482844](https://github.com/ory/kratos/commit/148284485db8a86aa10c5aefb34373f9a8c7d95a)): + + With this change, the `kratos identities get` CLI can additionally fetch OIDC + credentials. + +- Configurable health endpoints access logging + ([#1934](https://github.com/ory/kratos/issues/1934)) + ([1301f68](https://github.com/ory/kratos/commit/1301f689bb0f1f44b66a057c8915f77ac71f30cc)): + + This PR introduces a new boolean configuration parameter that allows turning + off logging of health endpoints requests in the access log. The implementation + is basically a rip-off from Ory Hydra and the configuration parameter is the + same: + + ``` + serve.public.request_log.disable_for_health + serve.admin.request_log.disable_for_health + ``` + + The default value is _false_. + +- Generalise courier ([#2019](https://github.com/ory/kratos/issues/2019)) + ([1762a73](https://github.com/ory/kratos/commit/1762a730886707be3549bc6789f65c66d755e1d0)) +- Integrate sbom generation to goreleaser + ([#1850](https://github.com/ory/kratos/issues/1850)) + ([305bb28](https://github.com/ory/kratos/commit/305bb28d689dabc4d211baac5e6babd34862af5f)) +- Make admin recovery to work without emails + [#1419](https://github.com/ory/kratos/issues/1419) + ([#1750](https://github.com/ory/kratos/issues/1750)) + ([db00e85](https://github.com/ory/kratos/commit/db00e85e65c31b2bc497f0f4b4a28684b9f8bb9a)) +- **oidc:** Add spotify provider + ([#2024](https://github.com/ory/kratos/issues/2024)) + ([0064e35](https://github.com/ory/kratos/commit/0064e350ccb417fefee6f48ca5895f3d75247bb3)) ### Tests -* Add web hook test cases ([#2051](https://github.com/ory/kratos/issues/2051)) ([316e940](https://github.com/ory/kratos/commit/316e940a70684084c857e80a2ffaf334a64aee94)) -* **e2e:** Improved SDK set up and arm fix ([#1933](https://github.com/ory/kratos/issues/1933)) ([c914ba1](https://github.com/ory/kratos/commit/c914ba10a85e89c031e7acfb73bf22c53201e287)) -* **e2e:** Split e2e script into setup and test phase ([#2027](https://github.com/ory/kratos/issues/2027)) ([1761418](https://github.com/ory/kratos/commit/176141860f3aa946519073d0e35bf3acacd6c685)) -* Fix changed message ID ([#2013](https://github.com/ory/kratos/issues/2013)) ([0bb66de](https://github.com/ory/kratos/commit/0bb66de582ebcb501c161655ae00e276a1d7d5d2)) -* Update snapshots ([a820653](https://github.com/ory/kratos/commit/a820653718475656b7ae44a1bc7235a8fb97b8b5)) - +- Add web hook test cases ([#2051](https://github.com/ory/kratos/issues/2051)) + ([316e940](https://github.com/ory/kratos/commit/316e940a70684084c857e80a2ffaf334a64aee94)) +- **e2e:** Improved SDK set up and arm fix + ([#1933](https://github.com/ory/kratos/issues/1933)) + ([c914ba1](https://github.com/ory/kratos/commit/c914ba10a85e89c031e7acfb73bf22c53201e287)) +- **e2e:** Split e2e script into setup and test phase + ([#2027](https://github.com/ory/kratos/issues/2027)) + ([1761418](https://github.com/ory/kratos/commit/176141860f3aa946519073d0e35bf3acacd6c685)) +- Fix changed message ID ([#2013](https://github.com/ory/kratos/issues/2013)) + ([0bb66de](https://github.com/ory/kratos/commit/0bb66de582ebcb501c161655ae00e276a1d7d5d2)) +- Update snapshots + ([a820653](https://github.com/ory/kratos/commit/a820653718475656b7ae44a1bc7235a8fb97b8b5)) # [0.8.0-alpha.3](https://github.com/ory/kratos/compare/v0.8.0-alpha.2...v0.8.0-alpha.3) (2021-10-28) Resolves issues in the quickstart. - - - - ### Bug Fixes -* Resolve quickstart issues ([#1900](https://github.com/ory/kratos/issues/1900)) ([d047009](https://github.com/ory/kratos/commit/d0470095f3263e287f76e8be0abb8df332492dd9)): - - Closes https://github.com/ory/kratos/discussions/1899 +- Resolve quickstart issues ([#1900](https://github.com/ory/kratos/issues/1900)) + ([d047009](https://github.com/ory/kratos/commit/d0470095f3263e287f76e8be0abb8df332492dd9)): + Closes https://github.com/ory/kratos/discussions/1899 ### Code Generation -* Pin v0.8.0-alpha.3 release commit ([a307deb](https://github.com/ory/kratos/commit/a307deb6779dacd2ce54e161a00d347600d2c583)) - +- Pin v0.8.0-alpha.3 release commit + ([a307deb](https://github.com/ory/kratos/commit/a307deb6779dacd2ce54e161a00d347600d2c583)) # [0.8.0-alpha.2](https://github.com/ory/kratos/compare/v0.8.0-alpha.1...v0.8.0-alpha.2) (2021-10-28) Resolves an issue in the SDK release pipeline. - - - - ### Code Generation -* Pin v0.8.0-alpha.2 release commit ([2178929](https://github.com/ory/kratos/commit/217892978c4fa9897a88b140276c2d27622c5de4)) - +- Pin v0.8.0-alpha.2 release commit + ([2178929](https://github.com/ory/kratos/commit/217892978c4fa9897a88b140276c2d27622c5de4)) # [0.8.0-alpha.1](https://github.com/ory/kratos/compare/v0.7.6-alpha.1...v0.8.0-alpha.1) (2021-10-27) -We are extremely excited to share this next generation of Ory Kratos! The project is truly maturing and the community is getting larger by the hour. - -On this special occasion, we would like to bring to your attention that the [**Ory Summit is happening tomorrow and on Friday!**](https://events.hubilo.com/ory-summit/register?mtm_campaign=ory-summit-2021&mtm_kwd=banner-landingpage) You will hear gripping talks from the Ory Community and Ory maintainers! And the best part, tickets are free and we are covering multiple time zones! - -This release is truly the best version of Ory Kratos to date and we want to give you a tl;dr of the 345 commits and 1152 files changed, and what you can expect from this release: - -- Full multi-factor authentication with different enforcement policies (soft/hard MFA). -- Support for WebAuthn (FIDO2 / U2F) two-factor authentication - from fingerprints to hardware tokens every FIDO2 device is supported! -- Ability to fetch the initial OAuth2 Access and Refresh and OpenID Connect ID Tokens an identity receives when performing social sign up. Optionally, these tokens are stored encrypted in the database (XChaCha20Poly1305 or AES-GCM)! -- Support for TOTP (Google Authenticator) two-factor verification/authentication. +We are extremely excited to share this next generation of Ory Kratos! The +project is truly maturing and the community is getting larger by the hour. + +On this special occasion, we would like to bring to your attention that the +[**Ory Summit is happening tomorrow and on Friday!**](https://events.hubilo.com/ory-summit/register?mtm_campaign=ory-summit-2021&mtm_kwd=banner-landingpage) +You will hear gripping talks from the Ory Community and Ory maintainers! And the +best part, tickets are free and we are covering multiple time zones! + +This release is truly the best version of Ory Kratos to date and we want to give +you a tl;dr of the 345 commits and 1152 files changed, and what you can expect +from this release: + +- Full multi-factor authentication with different enforcement policies + (soft/hard MFA). +- Support for WebAuthn (FIDO2 / U2F) two-factor authentication - from + fingerprints to hardware tokens every FIDO2 device is supported! +- Ability to fetch the initial OAuth2 Access and Refresh and OpenID Connect ID + Tokens an identity receives when performing social sign up. Optionally, these + tokens are stored encrypted in the database (XChaCha20Poly1305 or AES-GCM)! +- Support for TOTP (Google Authenticator) two-factor + verification/authentication. - Advanced two-factor recovery with lookup secrets. - [A complete reference implementation of the Ory Kratos end-user (self-service) facing UI in ReactJS & VercelJS](https://github.com/ory/kratos-react-nextjs-ui). - "Native" support for Single-Page App Single Sign-On. - Much improved single-page app and native app APIs for all self-service flows. -- Support for PKBDF2 password hashing, which will help import user passwords from other systems in the future. +- Support for PKBDF2 password hashing, which will help import user passwords + from other systems in the future. - Bugfixes and improvements to the OpenAPI spec and auto-generated SDKs. - ARM Docker Images. - Greatly improved internal e2e test pipeline using Cypress 8.x. - Improved functional tests with cupaloy snapshot testing. -- Documentation on different error codes and message identifiers to easier translate messages in your own UI. -- Better form decoding and ability to mark required JSON Schema fields as required in the UI. +- Documentation on different error codes and message identifiers to easier + translate messages in your own UI. +- Better form decoding and ability to mark required JSON Schema fields as + required in the UI. - Bug fixes that could result in users ending up in irrecoverable UI states. - Better support for `return_to` across flows (e.g. OIDC) and in custom UIs. - SBOM Software Supply Chain scanning & reporting. @@ -1196,40 +1946,66 @@ This release is truly the best version of Ory Kratos to date and we want to give - Support sending emails via AWS SES SMTP. - A REST endpoint to invalidate all an identity's sessions. -As you can see, much has happened and we are grateful for all the great interactions we have with you, every day! +As you can see, much has happened and we are grateful for all the great +interactions we have with you, every day! -Let's take a look at some of the breaking changes. Even though much was added, little has changed in breaking ways! This is a testament that Ory Kratos' internals and APIs are becoming more stable! +Let's take a look at some of the breaking changes. Even though much was added, +little has changed in breaking ways! This is a testament that Ory Kratos' +internals and APIs are becoming more stable! -This release requires you to run SQL migrations. Please, as always, create a backup of your database first! +This release requires you to run SQL migrations. Please, as always, create a +backup of your database first! -The SDKs are now generated with tag v0alpha2 to reflect that some signatures have changed in a breaking fashion. Please update your imports from `v0alpha1` to `v0alpha2`. +The SDKs are now generated with tag v0alpha2 to reflect that some signatures +have changed in a breaking fashion. Please update your imports from `v0alpha1` +to `v0alpha2`. -The SMTPS scheme used in courier config URL with cleartext/StartTLS/TLS SMTP connection types is now only supporting implicit TLS. For StartTLS and cleartext SMTP, please use the SMTP scheme instead. +The SMTPS scheme used in courier config URL with cleartext/StartTLS/TLS SMTP +connection types is now only supporting implicit TLS. For StartTLS and cleartext +SMTP, please use the SMTP scheme instead. Example: -- SMTP Cleartext: `smtp://foo:bar@my-mailserver:1234/?disable_starttls=true` -- SMTP with StartTLS: `smtps://foo:bar@my-mailserver:1234/` -> `smtp://foo:bar@my-mailserver:1234/` -- SMTP with implicit TLS: `smtps://foo:bar@my-mailserver:1234/?legacy_ssl=true` -> `smtps://foo:bar@my-mailserver:1234/We are extremely excited to share this next generation of Ory Kratos! The project is truly maturing and the community is getting larger by the hour. - -On this special occasion, we would like to bring to your attention that the [**Ory Summit is happening tomorrow and on Friday!**](https://events.hubilo.com/ory-summit/register?mtm_campaign=ory-summit-2021&mtm_kwd=banner-landingpage) You will hear gripping talks from the Ory Community and Ory maintainers! And the best part, tickets are free and we are covering multiple time zones! - -This release is truly the best version of Ory Kratos to date and we want to give you a tl;dr of the 345 commits and 1152 files changed, and what you can expect from this release: -- Full multi-factor authentication with different enforcement policies (soft/hard MFA). -- Support for WebAuthn (FIDO2 / U2F) two-factor authentication - from fingerprints to hardware tokens every FIDO2 device is supported! -- Ability to fetch the initial OAuth2 Access and Refresh and OpenID Connect ID Tokens an identity receives when performing social sign up. Optionally, these tokens are stored encrypted in the database (XChaCha20Poly1305 or AES-GCM)! -- Support for TOTP (Google Authenticator) two-factor verification/authentication. +- SMTP Cleartext: `smtp://foo:bar@my-mailserver:1234/?disable_starttls=true` +- SMTP with StartTLS: `smtps://foo:bar@my-mailserver:1234/` -> + `smtp://foo:bar@my-mailserver:1234/` +- SMTP with implicit TLS: `smtps://foo:bar@my-mailserver:1234/?legacy_ssl=true` + -> `smtps://foo:bar@my-mailserver:1234/We are extremely excited to share this + next generation of Ory Kratos! The project is truly maturing and the community + is getting larger by the hour. + +On this special occasion, we would like to bring to your attention that the +[**Ory Summit is happening tomorrow and on Friday!**](https://events.hubilo.com/ory-summit/register?mtm_campaign=ory-summit-2021&mtm_kwd=banner-landingpage) +You will hear gripping talks from the Ory Community and Ory maintainers! And the +best part, tickets are free and we are covering multiple time zones! + +This release is truly the best version of Ory Kratos to date and we want to give +you a tl;dr of the 345 commits and 1152 files changed, and what you can expect +from this release: + +- Full multi-factor authentication with different enforcement policies + (soft/hard MFA). +- Support for WebAuthn (FIDO2 / U2F) two-factor authentication - from + fingerprints to hardware tokens every FIDO2 device is supported! +- Ability to fetch the initial OAuth2 Access and Refresh and OpenID Connect ID + Tokens an identity receives when performing social sign up. Optionally, these + tokens are stored encrypted in the database (XChaCha20Poly1305 or AES-GCM)! +- Support for TOTP (Google Authenticator) two-factor + verification/authentication. - Advanced two-factor recovery with lookup secrets. - [A complete reference implementation of the Ory Kratos end-user (self-service) facing UI in ReactJS & VercelJS](https://github.com/ory/kratos-react-nextjs-ui). - "Native" support for Single-Page App Single Sign-On. - Much improved single-page app and native app APIs for all self-service flows. -- Support for PKBDF2 password hashing, which will help import user passwords from other systems in the future. +- Support for PKBDF2 password hashing, which will help import user passwords + from other systems in the future. - Bugfixes and improvements to the OpenAPI spec and auto-generated SDKs. - ARM Docker Images. - Greatly improved internal e2e test pipeline using Cypress 8.x. - Improved functional tests with cupaloy snapshot testing. -- Documentation on different error codes and message identifiers to easier translate messages in your own UI. -- Better form decoding and ability to mark required JSON Schema fields as required in the UI. +- Documentation on different error codes and message identifiers to easier + translate messages in your own UI. +- Better form decoding and ability to mark required JSON Schema fields as + required in the UI. - Bug fixes that could result in users ending up in irrecoverable UI states. - Better support for `return_to` across flows (e.g. OIDC) and in custom UIs. - SBOM Software Supply Chain scanning & reporting. @@ -1237,40 +2013,66 @@ This release is truly the best version of Ory Kratos to date and we want to give - Support sending emails via AWS SES SMTP. - A REST endpoint to invalidate all an identity's sessions. -As you can see, much has happened and we are grateful for all the great interactions we have with you, every day! +As you can see, much has happened and we are grateful for all the great +interactions we have with you, every day! -Let's take a look at some of the breaking changes. Even though much was added, little has changed in breaking ways! This is a testament that Ory Kratos' internals and APIs are becoming more stable! +Let's take a look at some of the breaking changes. Even though much was added, +little has changed in breaking ways! This is a testament that Ory Kratos' +internals and APIs are becoming more stable! -This release requires you to run SQL migrations. Please, as always, create a backup of your database first! +This release requires you to run SQL migrations. Please, as always, create a +backup of your database first! -The SDKs are now generated with tag v0alpha2 to reflect that some signatures have changed in a breaking fashion. Please update your imports from `v0alpha1` to `v0alpha2`. +The SDKs are now generated with tag v0alpha2 to reflect that some signatures +have changed in a breaking fashion. Please update your imports from `v0alpha1` +to `v0alpha2`. -The SMTPS scheme used in courier config URL with cleartext/StartTLS/TLS SMTP connection types is now only supporting implicit TLS. For StartTLS and cleartext SMTP, please use the SMTP scheme instead. +The SMTPS scheme used in courier config URL with cleartext/StartTLS/TLS SMTP +connection types is now only supporting implicit TLS. For StartTLS and cleartext +SMTP, please use the SMTP scheme instead. Example: -- SMTP Cleartext: `smtp://foo:bar@my-mailserver:1234/?disable_starttls=true` -- SMTP with StartTLS: `smtps://foo:bar@my-mailserver:1234/` -> `smtp://foo:bar@my-mailserver:1234/` -- SMTP with implicit TLS: `smtps://foo:bar@my-mailserver:1234/?legacy_ssl=true` -> `smtps://foo:bar@my-mailserver:1234/We are extremely excited to share this next generation of Ory Kratos! The project is truly maturing and the community is getting larger by the hour. - -On this special occasion, we would like to bring to your attention that the [**Ory Summit is happening tomorrow and on Friday!**](https://events.hubilo.com/ory-summit/register?mtm_campaign=ory-summit-2021&mtm_kwd=banner-landingpage) You will hear gripping talks from the Ory Community and Ory maintainers! And the best part, tickets are free and we are covering multiple time zones! -This release is truly the best version of Ory Kratos to date and we want to give you a tl;dr of the 345 commits and 1152 files changed, and what you can expect from this release: - -- Full multi-factor authentication with different enforcement policies (soft/hard MFA). -- Support for WebAuthn (FIDO2 / U2F) two-factor authentication - from fingerprints to hardware tokens every FIDO2 device is supported! -- Ability to fetch the initial OAuth2 Access and Refresh and OpenID Connect ID Tokens an identity receives when performing social sign up. Optionally, these tokens are stored encrypted in the database (XChaCha20Poly1305 or AES-GCM)! -- Support for TOTP (Google Authenticator) two-factor verification/authentication. +- SMTP Cleartext: `smtp://foo:bar@my-mailserver:1234/?disable_starttls=true` +- SMTP with StartTLS: `smtps://foo:bar@my-mailserver:1234/` -> + `smtp://foo:bar@my-mailserver:1234/` +- SMTP with implicit TLS: `smtps://foo:bar@my-mailserver:1234/?legacy_ssl=true` + -> `smtps://foo:bar@my-mailserver:1234/We are extremely excited to share this + next generation of Ory Kratos! The project is truly maturing and the community + is getting larger by the hour. + +On this special occasion, we would like to bring to your attention that the +[**Ory Summit is happening tomorrow and on Friday!**](https://events.hubilo.com/ory-summit/register?mtm_campaign=ory-summit-2021&mtm_kwd=banner-landingpage) +You will hear gripping talks from the Ory Community and Ory maintainers! And the +best part, tickets are free and we are covering multiple time zones! + +This release is truly the best version of Ory Kratos to date and we want to give +you a tl;dr of the 345 commits and 1152 files changed, and what you can expect +from this release: + +- Full multi-factor authentication with different enforcement policies + (soft/hard MFA). +- Support for WebAuthn (FIDO2 / U2F) two-factor authentication - from + fingerprints to hardware tokens every FIDO2 device is supported! +- Ability to fetch the initial OAuth2 Access and Refresh and OpenID Connect ID + Tokens an identity receives when performing social sign up. Optionally, these + tokens are stored encrypted in the database (XChaCha20Poly1305 or AES-GCM)! +- Support for TOTP (Google Authenticator) two-factor + verification/authentication. - Advanced two-factor recovery with lookup secrets. - [A complete reference implementation of the Ory Kratos end-user (self-service) facing UI in ReactJS & VercelJS](https://github.com/ory/kratos-react-nextjs-ui). - "Native" support for Single-Page App Single Sign-On. - Much improved single-page app and native app APIs for all self-service flows. -- Support for PKBDF2 password hashing, which will help import user passwords from other systems in the future. +- Support for PKBDF2 password hashing, which will help import user passwords + from other systems in the future. - Bugfixes and improvements to the OpenAPI spec and auto-generated SDKs. - ARM Docker Images. - Greatly improved internal e2e test pipeline using Cypress 8.x. - Improved functional tests with cupaloy snapshot testing. -- Documentation on different error codes and message identifiers to easier translate messages in your own UI. -- Better form decoding and ability to mark required JSON Schema fields as required in the UI. +- Documentation on different error codes and message identifiers to easier + translate messages in your own UI. +- Better form decoding and ability to mark required JSON Schema fields as + required in the UI. - Bug fixes that could result in users ending up in irrecoverable UI states. - Better support for `return_to` across flows (e.g. OIDC) and in custom UIs. - SBOM Software Supply Chain scanning & reporting. @@ -1278,32 +2080,49 @@ This release is truly the best version of Ory Kratos to date and we want to give - Support sending emails via AWS SES SMTP. - A REST endpoint to invalidate all an identity's sessions. -As you can see, much has happened and we are grateful for all the great interactions we have with you, every day! +As you can see, much has happened and we are grateful for all the great +interactions we have with you, every day! -Let's take a look at some of the breaking changes. Even though much was added, little has changed in breaking ways! This is a testament that Ory Kratos' internals and APIs are becoming more stable! +Let's take a look at some of the breaking changes. Even though much was added, +little has changed in breaking ways! This is a testament that Ory Kratos' +internals and APIs are becoming more stable! -This release requires you to run SQL migrations. Please, as always, create a backup of your database first! +This release requires you to run SQL migrations. Please, as always, create a +backup of your database first! -The SDKs are now generated with tag v0alpha2 to reflect that some signatures have changed in a breaking fashion. Please update your imports from `v0alpha1` to `v0alpha2`. +The SDKs are now generated with tag v0alpha2 to reflect that some signatures +have changed in a breaking fashion. Please update your imports from `v0alpha1` +to `v0alpha2`. -The SMTPS scheme used in courier config URL with cleartext/StartTLS/TLS SMTP connection types is now only supporting implicit TLS. For StartTLS and cleartext SMTP, please use the SMTP scheme instead. +The SMTPS scheme used in courier config URL with cleartext/StartTLS/TLS SMTP +connection types is now only supporting implicit TLS. For StartTLS and cleartext +SMTP, please use the SMTP scheme instead. Example: -- SMTP Cleartext: `smtp://foo:bar@my-mailserver:1234/?disable_starttls=true` -- SMTP with StartTLS: `smtps://foo:bar@my-mailserver:1234/` -> `smtp://foo:bar@my-mailserver:1234/` -- SMTP with implicit TLS: `smtps://foo:bar@my-mailserver:1234/?legacy_ssl=true` -> `smtps://foo:bar@my-mailserver:1234/` - +- SMTP Cleartext: `smtp://foo:bar@my-mailserver:1234/?disable_starttls=true` +- SMTP with StartTLS: `smtps://foo:bar@my-mailserver:1234/` -> + `smtp://foo:bar@my-mailserver:1234/` +- SMTP with implicit TLS: `smtps://foo:bar@my-mailserver:1234/?legacy_ssl=true` + -> `smtps://foo:bar@my-mailserver:1234/` ## Breaking Changes -The location of the homebrew tap has changed from `ory/ory/kratos` to `ory/tap/kratos`. +The location of the homebrew tap has changed from `ory/ory/kratos` to +`ory/tap/kratos`. -To stay consistent with other query parameter's, the self-service login flow's `forced` key has been renamed to `refresh`. +To stay consistent with other query parameter's, the self-service login flow's +`forced` key has been renamed to `refresh`. -The SDKs are now generated with tag v0alpha2 to reflect that some signatures have changed in a breaking fashion. Please update your imports from `v0alpha1` to `v0alpha2`. +The SDKs are now generated with tag v0alpha2 to reflect that some signatures +have changed in a breaking fashion. Please update your imports from `v0alpha1` +to `v0alpha2`. -To support 2FA on non-browser (e.g. native mobile) apps we have added the Ory Session Token as a possible parameter to both `initializeSelfServiceLoginFlowWithoutBrowser` and `submitSelfServiceLoginFlow`. Depending on the SDK generator, the order of the arguments may have changed. In JavaScript: +To support 2FA on non-browser (e.g. native mobile) apps we have added the Ory +Session Token as a possible parameter to both +`initializeSelfServiceLoginFlowWithoutBrowser` and `submitSelfServiceLoginFlow`. +Depending on the SDK generator, the order of the arguments may have changed. In +JavaScript: ```patch - .submitSelfServiceLoginFlow(flow.id, payload) @@ -1312,7 +2131,9 @@ To support 2FA on non-browser (e.g. native mobile) apps we have added the Ory Se + .submitSelfServiceLoginFlow(flow.id, undefined, payload) ``` -To improve the overall API design we have changed the result of `POST /self-service/settings`. Instead of having flow be a key, the flow is now the response. The updated identity payload stays the same! +To improve the overall API design we have changed the result of +`POST /self-service/settings`. Instead of having flow be a key, the flow is now +the response. The updated identity payload stays the same! ```patch { @@ -1328,610 +2149,1092 @@ To improve the overall API design we have changed the result of `POST /self-serv } ``` -The SMTPS scheme used in courier config url with cleartext/StartTLS/TLS SMTP connection types is now only supporting implicit TLS. For StartTLS and cleartext SMTP, please use the smtp scheme instead. +The SMTPS scheme used in courier config url with cleartext/StartTLS/TLS SMTP +connection types is now only supporting implicit TLS. For StartTLS and cleartext +SMTP, please use the smtp scheme instead. Example: -- SMTP Cleartext: `smtp://foo:bar@my-mailserver:1234/?disable_starttls=true` -- SMTP with StartTLS: `smtps://foo:bar@my-mailserver:1234/` -> `smtp://foo:bar@my-mailserver:1234/` -- SMTP with implicit TLS: `smtps://foo:bar@my-mailserver:1234/?legacy_ssl=true` -> `smtps://foo:bar@my-mailserver:1234/` - -This patch changes the naming and number of prometheus metrics (see: https://github.com/ory/x/pull/379). In short: all metrics will have now `http_` prefix to conform to Prometheus best practices. +- SMTP Cleartext: `smtp://foo:bar@my-mailserver:1234/?disable_starttls=true` +- SMTP with StartTLS: `smtps://foo:bar@my-mailserver:1234/` -> + `smtp://foo:bar@my-mailserver:1234/` +- SMTP with implicit TLS: `smtps://foo:bar@my-mailserver:1234/?legacy_ssl=true` + -> `smtps://foo:bar@my-mailserver:1234/` +This patch changes the naming and number of prometheus metrics (see: +https://github.com/ory/x/pull/379). In short: all metrics will have now `http_` +prefix to conform to Prometheus best practices. ### Bug Fixes -* Add error id ([1442784](https://github.com/ory/kratos/commit/1442784264d1f5032830a0646b853b925bb19c62)) -* Add mfa e2e test scenarios and resolve found issues ([436992d](https://github.com/ory/kratos/commit/436992ddf2ace68b247c708fc955fccb95cf6fd2)) -* Add middleware earlier [#1775](https://github.com/ory/kratos/issues/1775) ([#1776](https://github.com/ory/kratos/issues/1776)) ([b9d253e](https://github.com/ory/kratos/commit/b9d253ef05ff7cd616111a817d03a17e39f8f4a8)) -* Allow refresh and aal upgrade at the same time ([2ec801f](https://github.com/ory/kratos/commit/2ec801f262cd8f6dcdf8121a20897257e3b74ad3)) -* API client leaks stack trace with an error ([#1772](https://github.com/ory/kratos/issues/1772)) ([d3aff6d](https://github.com/ory/kratos/commit/d3aff6d3eb11942fbfd6f2de71f4399053075b62)), closes [#1771](https://github.com/ory/kratos/issues/1771) -* Better const handling for internal context ([1e457e3](https://github.com/ory/kratos/commit/1e457e3b3dea9ea9a05c12740578af2d45902aba)) -* Correct swagger path for /identities/:id/session endpoint ([#1756](https://github.com/ory/kratos/issues/1756)) ([d614f2a](https://github.com/ory/kratos/commit/d614f2a737eef90ad60a4bdedae248b74131ff35)) -* Decoder regression in registration ([febf75a](https://github.com/ory/kratos/commit/febf75ae959a2b67c19fcd1705b591f22ff5314b)) -* Deterministic clidoc dates ([e48d90a](https://github.com/ory/kratos/commit/e48d90ad5a178ab3317d89800526c516aad6e274)) -* Disable totp per default ([7278589](https://github.com/ory/kratos/commit/7278589ff2460a13302650b5e3fae01d774f9684)) -* Docs autogen should not use `time.Now` ([a830f5b](https://github.com/ory/kratos/commit/a830f5b3b535bc375e879c797626b6084b76776e)) -* Ensure correct error propagation ([77ce709](https://github.com/ory/kratos/commit/77ce709d53d88f70c892ab0892c13e16f5b761a5)) -* Ensure refresh issues a new session when the identity changes ([a10b385](https://github.com/ory/kratos/commit/a10b385510a0102ede5850f9be30b7deba810acf)) -* Ensure return_to works for OIDC flows ([d615734](https://github.com/ory/kratos/commit/d615734c312db6f7fa48fb8c7b4090a80c9e5ce7)), closes [#1773](https://github.com/ory/kratos/issues/1773) -* Explicit validation for return to in new flows ([284cf29](https://github.com/ory/kratos/commit/284cf29a6be82530b55c24a15c465ec9f1b6a210)) -* Follow chrome webauthn best practice recommendation ([0a7c812](https://github.com/ory/kratos/commit/0a7c8128bb0b78f8dc236af06ca9be038b201829)) -* Githup-app name in config ([#1822](https://github.com/ory/kratos/issues/1822)) ([1b50963](https://github.com/ory/kratos/commit/1b50963525ceaceea9afb8d1236d728de3107a8e)) -* Handle return errors on the frontend and break early ([0e8d481](https://github.com/ory/kratos/commit/0e8d481cc220777aa56faf2e716da15537fa27fc)): - - Closes https://github.com/ory-corp/cloud/issues/1426 - -* Identity credential identifiers are now unique per method ([57fd99a](https://github.com/ory/kratos/commit/57fd99ac05d29fc0362f14e5910641944232d61e)) -* Improve schema validation error tracing ([f793fe5](https://github.com/ory/kratos/commit/f793fe56182f3f195a57fe5f4b54f7fcf8402c81)) -* Incorrect JSON response for browser flows ([1501f56](https://github.com/ory/kratos/commit/1501f5627ed12d2d149f1fcf49fcf326120e6b0b)) -* Kill modd as well ([e5a98e5](https://github.com/ory/kratos/commit/e5a98e54ec68f122615dd902df9ebac788fdb579)) -* **link:** Resolve incorrect response types when opening API recovery link in browser ([35ea8db](https://github.com/ory/kratos/commit/35ea8db300c2d3eeaf7d8f0e29c604ecc455cd2b)) -* **login:** Properly handle refresh ([8dc7059](https://github.com/ory/kratos/commit/8dc7059222fa12dd0bca0183f42306b5169addb6)) -* **lookup:** Ensure correct fields are set ([5ed4c55](https://github.com/ory/kratos/commit/5ed4c5572f9cbb35461e45dfc6b7c5eb4bce7434)) -* **lookup:** Resolve reuse scenarios ([dbfe475](https://github.com/ory/kratos/commit/dbfe475ba5f0d2b9d4b0b67d0d8e7cb99e89ad5d)) -* **lookup:** Set up codes correctly ([2f373f3](https://github.com/ory/kratos/commit/2f373f344326fbd5dbebf6233dbf5b56252b7e95)) -* OIDC provider field in spec ([#1809](https://github.com/ory/kratos/issues/1809)) ([11b25de](https://github.com/ory/kratos/commit/11b25deb46b73c7d0ab95a77ff2ab60c032c1942)) -* **oidc:** Ensure nested keys work on login ([71583c5](https://github.com/ory/kratos/commit/71583c57f1334bee1e5c9be1fae6a1b241ea3d6d)) -* Omitempty for VerifiedAt and StateChangedAt ([#1736](https://github.com/ory/kratos/issues/1736)) ([bf2ec6e](https://github.com/ory/kratos/commit/bf2ec6e6ae8d656ea6dcac037dedd3603ad12915)): - - Closes https://github.com/ory/sdk/issues/95 - - - -* Only respect required modules for SDK ([4c5677f](https://github.com/ory/kratos/commit/4c5677f3ea48bd87e5d7a1f95e3807b7884a0b64)) -* Panic when recovering deactivated user ([0a49f27](https://github.com/ory/kratos/commit/0a49f2714991a3f397dc5c721fe22d11846d3db5)), closes [#1794](https://github.com/ory/kratos/issues/1794) [#1826](https://github.com/ory/kratos/issues/1826) -* Potentially resolve hanging postgres connection closing ([693a928](https://github.com/ory/kratos/commit/693a9286b02c2329dcfd358a038857901193b459)) -* Properly encode aal error ([49b6288](https://github.com/ory/kratos/commit/49b6288c2345840a7517272e9616c2c20a254edb)) -* Properly open recovery endpoints in browser if flow was initiated via API ([23c12e5](https://github.com/ory/kratos/commit/23c12e55d24591ca69c9178017355a9262fa35eb)) -* Remove duplicate schema error ([4e69123](https://github.com/ory/kratos/commit/4e691238da3bf3ee8d9a92d4d9507b27fce20199)) -* Remove initial_value again as it was not useful outside of booleans ([0cc984b](https://github.com/ory/kratos/commit/0cc984b85baff3db500fb656bd541cfa0396df98)) -* Remove obsolete openapi patch ([11618ec](https://github.com/ory/kratos/commit/11618ecc6681a9108ee70a3e0d1ab3d21e33f9db)) -* Remove unnecessary cmd reference ([351760e](https://github.com/ory/kratos/commit/351760ece01d421687179b8e3f6f48a720247a1d)) -* Replace 302 with 303 ([2e2b0f8](https://github.com/ory/kratos/commit/2e2b0f840450c6d23f3e51e5885d0908685ef3f6)) -* Resolve clidoc generation issue ([1aaaa03](https://github.com/ory/kratos/commit/1aaaa035f863852799575e1f65e9d9ed276a3160)) -* Resolve merge issues ([1dc7497](https://github.com/ory/kratos/commit/1dc74976c785afca8079379cd5060116b5f3d831)) -* Resolve openapi issues and regenerate clients ([f7d60c0](https://github.com/ory/kratos/commit/f7d60c02392d2ad664c73ee4ff6bb108a4cb04e2)) -* Resolve swagger regression ([02b9d47](https://github.com/ory/kratos/commit/02b9d470df012ae9818a8516a5549aee83c0963d)) -* Run format on ts files ([f55f6f6](https://github.com/ory/kratos/commit/f55f6f69bf0df88d001fda791b330bdcbf5d92b2)) -* Slow CLI start-up time ([ae20c17](https://github.com/ory/kratos/commit/ae20c17777eb57363f811b57d782db88b2de91ae)): - - Found a deeply nested dependency which was importing `https://github.com/markbates/pkger`, causing unreasonable CPU consumption and significant delay at start up time. With this patch, start up time was reduced from almost 3s to ~0.01s. - - ``` - $ time kratos - kratos 2.55s user 2.46s system 508% cpu 0.986 total - - $ time ./kratos-patch - ./kratos-patch 0.00s user 0.00s system 64% cpu 0.001 total - ``` - -* **test:** OIDC storategy test ([#1836](https://github.com/ory/kratos/issues/1836)) ([b877dbe](https://github.com/ory/kratos/commit/b877dbecaf84e2d102bcceff4ad85c5b4efe18c5)) -* **totp:** Reorder QR ([d096df7](https://github.com/ory/kratos/commit/d096df734ba8cf7dcfb872af03a19550d320c8b7)) -* Try and reduce cookie flakyness ([e7ae8d6](https://github.com/ory/kratos/commit/e7ae8d63a16df69fd43afdf41691b9c1d3efe439)) -* Typo ([8c4d8a2](https://github.com/ory/kratos/commit/8c4d8a2284f7a52a2dca7e7fd5e686756d410647)) -* **ui:** Use correct type for anchor ([a6595e4](https://github.com/ory/kratos/commit/a6595e49c38a302f4a603dd46f5a0764680a24b1)) -* Update schema config location ([539ae73](https://github.com/ory/kratos/commit/539ae7303158f14ca42165c12f9d3e8ef9dcdbdf)) -* Use parallelism of 1 in go test ([8736334](https://github.com/ory/kratos/commit/8736334bf11fc9a742e2972aa97ee56c407c7c0c)) -* **webauthn:** Support react-based webauth ([b6123b4](https://github.com/ory/kratos/commit/b6123b4840547b295be44272e76454462a0f60c4)) -* X-session-token must not be mandatory ([05d73be](https://github.com/ory/kratos/commit/05d73beed26f1be31c6f2a62499c7c71d7d54bec)) +- Add error id + ([1442784](https://github.com/ory/kratos/commit/1442784264d1f5032830a0646b853b925bb19c62)) +- Add mfa e2e test scenarios and resolve found issues + ([436992d](https://github.com/ory/kratos/commit/436992ddf2ace68b247c708fc955fccb95cf6fd2)) +- Add middleware earlier [#1775](https://github.com/ory/kratos/issues/1775) + ([#1776](https://github.com/ory/kratos/issues/1776)) + ([b9d253e](https://github.com/ory/kratos/commit/b9d253ef05ff7cd616111a817d03a17e39f8f4a8)) +- Allow refresh and aal upgrade at the same time + ([2ec801f](https://github.com/ory/kratos/commit/2ec801f262cd8f6dcdf8121a20897257e3b74ad3)) +- API client leaks stack trace with an error + ([#1772](https://github.com/ory/kratos/issues/1772)) + ([d3aff6d](https://github.com/ory/kratos/commit/d3aff6d3eb11942fbfd6f2de71f4399053075b62)), + closes [#1771](https://github.com/ory/kratos/issues/1771) +- Better const handling for internal context + ([1e457e3](https://github.com/ory/kratos/commit/1e457e3b3dea9ea9a05c12740578af2d45902aba)) +- Correct swagger path for /identities/:id/session endpoint + ([#1756](https://github.com/ory/kratos/issues/1756)) + ([d614f2a](https://github.com/ory/kratos/commit/d614f2a737eef90ad60a4bdedae248b74131ff35)) +- Decoder regression in registration + ([febf75a](https://github.com/ory/kratos/commit/febf75ae959a2b67c19fcd1705b591f22ff5314b)) +- Deterministic clidoc dates + ([e48d90a](https://github.com/ory/kratos/commit/e48d90ad5a178ab3317d89800526c516aad6e274)) +- Disable totp per default + ([7278589](https://github.com/ory/kratos/commit/7278589ff2460a13302650b5e3fae01d774f9684)) +- Docs autogen should not use `time.Now` + ([a830f5b](https://github.com/ory/kratos/commit/a830f5b3b535bc375e879c797626b6084b76776e)) +- Ensure correct error propagation + ([77ce709](https://github.com/ory/kratos/commit/77ce709d53d88f70c892ab0892c13e16f5b761a5)) +- Ensure refresh issues a new session when the identity changes + ([a10b385](https://github.com/ory/kratos/commit/a10b385510a0102ede5850f9be30b7deba810acf)) +- Ensure return_to works for OIDC flows + ([d615734](https://github.com/ory/kratos/commit/d615734c312db6f7fa48fb8c7b4090a80c9e5ce7)), + closes [#1773](https://github.com/ory/kratos/issues/1773) +- Explicit validation for return to in new flows + ([284cf29](https://github.com/ory/kratos/commit/284cf29a6be82530b55c24a15c465ec9f1b6a210)) +- Follow chrome webauthn best practice recommendation + ([0a7c812](https://github.com/ory/kratos/commit/0a7c8128bb0b78f8dc236af06ca9be038b201829)) +- Githup-app name in config ([#1822](https://github.com/ory/kratos/issues/1822)) + ([1b50963](https://github.com/ory/kratos/commit/1b50963525ceaceea9afb8d1236d728de3107a8e)) +- Handle return errors on the frontend and break early + ([0e8d481](https://github.com/ory/kratos/commit/0e8d481cc220777aa56faf2e716da15537fa27fc)): + + Closes https://github.com/ory-corp/cloud/issues/1426 + +- Identity credential identifiers are now unique per method + ([57fd99a](https://github.com/ory/kratos/commit/57fd99ac05d29fc0362f14e5910641944232d61e)) +- Improve schema validation error tracing + ([f793fe5](https://github.com/ory/kratos/commit/f793fe56182f3f195a57fe5f4b54f7fcf8402c81)) +- Incorrect JSON response for browser flows + ([1501f56](https://github.com/ory/kratos/commit/1501f5627ed12d2d149f1fcf49fcf326120e6b0b)) +- Kill modd as well + ([e5a98e5](https://github.com/ory/kratos/commit/e5a98e54ec68f122615dd902df9ebac788fdb579)) +- **link:** Resolve incorrect response types when opening API recovery link in + browser + ([35ea8db](https://github.com/ory/kratos/commit/35ea8db300c2d3eeaf7d8f0e29c604ecc455cd2b)) +- **login:** Properly handle refresh + ([8dc7059](https://github.com/ory/kratos/commit/8dc7059222fa12dd0bca0183f42306b5169addb6)) +- **lookup:** Ensure correct fields are set + ([5ed4c55](https://github.com/ory/kratos/commit/5ed4c5572f9cbb35461e45dfc6b7c5eb4bce7434)) +- **lookup:** Resolve reuse scenarios + ([dbfe475](https://github.com/ory/kratos/commit/dbfe475ba5f0d2b9d4b0b67d0d8e7cb99e89ad5d)) +- **lookup:** Set up codes correctly + ([2f373f3](https://github.com/ory/kratos/commit/2f373f344326fbd5dbebf6233dbf5b56252b7e95)) +- OIDC provider field in spec + ([#1809](https://github.com/ory/kratos/issues/1809)) + ([11b25de](https://github.com/ory/kratos/commit/11b25deb46b73c7d0ab95a77ff2ab60c032c1942)) +- **oidc:** Ensure nested keys work on login + ([71583c5](https://github.com/ory/kratos/commit/71583c57f1334bee1e5c9be1fae6a1b241ea3d6d)) +- Omitempty for VerifiedAt and StateChangedAt + ([#1736](https://github.com/ory/kratos/issues/1736)) + ([bf2ec6e](https://github.com/ory/kratos/commit/bf2ec6e6ae8d656ea6dcac037dedd3603ad12915)): + + Closes https://github.com/ory/sdk/issues/95 + +- Only respect required modules for SDK + ([4c5677f](https://github.com/ory/kratos/commit/4c5677f3ea48bd87e5d7a1f95e3807b7884a0b64)) +- Panic when recovering deactivated user + ([0a49f27](https://github.com/ory/kratos/commit/0a49f2714991a3f397dc5c721fe22d11846d3db5)), + closes [#1794](https://github.com/ory/kratos/issues/1794) + [#1826](https://github.com/ory/kratos/issues/1826) +- Potentially resolve hanging postgres connection closing + ([693a928](https://github.com/ory/kratos/commit/693a9286b02c2329dcfd358a038857901193b459)) +- Properly encode aal error + ([49b6288](https://github.com/ory/kratos/commit/49b6288c2345840a7517272e9616c2c20a254edb)) +- Properly open recovery endpoints in browser if flow was initiated via API + ([23c12e5](https://github.com/ory/kratos/commit/23c12e55d24591ca69c9178017355a9262fa35eb)) +- Remove duplicate schema error + ([4e69123](https://github.com/ory/kratos/commit/4e691238da3bf3ee8d9a92d4d9507b27fce20199)) +- Remove initial_value again as it was not useful outside of booleans + ([0cc984b](https://github.com/ory/kratos/commit/0cc984b85baff3db500fb656bd541cfa0396df98)) +- Remove obsolete openapi patch + ([11618ec](https://github.com/ory/kratos/commit/11618ecc6681a9108ee70a3e0d1ab3d21e33f9db)) +- Remove unnecessary cmd reference + ([351760e](https://github.com/ory/kratos/commit/351760ece01d421687179b8e3f6f48a720247a1d)) +- Replace 302 with 303 + ([2e2b0f8](https://github.com/ory/kratos/commit/2e2b0f840450c6d23f3e51e5885d0908685ef3f6)) +- Resolve clidoc generation issue + ([1aaaa03](https://github.com/ory/kratos/commit/1aaaa035f863852799575e1f65e9d9ed276a3160)) +- Resolve merge issues + ([1dc7497](https://github.com/ory/kratos/commit/1dc74976c785afca8079379cd5060116b5f3d831)) +- Resolve openapi issues and regenerate clients + ([f7d60c0](https://github.com/ory/kratos/commit/f7d60c02392d2ad664c73ee4ff6bb108a4cb04e2)) +- Resolve swagger regression + ([02b9d47](https://github.com/ory/kratos/commit/02b9d470df012ae9818a8516a5549aee83c0963d)) +- Run format on ts files + ([f55f6f6](https://github.com/ory/kratos/commit/f55f6f69bf0df88d001fda791b330bdcbf5d92b2)) +- Slow CLI start-up time + ([ae20c17](https://github.com/ory/kratos/commit/ae20c17777eb57363f811b57d782db88b2de91ae)): + + Found a deeply nested dependency which was importing + `https://github.com/markbates/pkger`, causing unreasonable CPU consumption and + significant delay at start up time. With this patch, start up time was reduced + from almost 3s to ~0.01s. + + ``` + $ time kratos + kratos 2.55s user 2.46s system 508% cpu 0.986 total + + $ time ./kratos-patch + ./kratos-patch 0.00s user 0.00s system 64% cpu 0.001 total + ``` + +- **test:** OIDC storategy test + ([#1836](https://github.com/ory/kratos/issues/1836)) + ([b877dbe](https://github.com/ory/kratos/commit/b877dbecaf84e2d102bcceff4ad85c5b4efe18c5)) +- **totp:** Reorder QR + ([d096df7](https://github.com/ory/kratos/commit/d096df734ba8cf7dcfb872af03a19550d320c8b7)) +- Try and reduce cookie flakyness + ([e7ae8d6](https://github.com/ory/kratos/commit/e7ae8d63a16df69fd43afdf41691b9c1d3efe439)) +- Typo + ([8c4d8a2](https://github.com/ory/kratos/commit/8c4d8a2284f7a52a2dca7e7fd5e686756d410647)) +- **ui:** Use correct type for anchor + ([a6595e4](https://github.com/ory/kratos/commit/a6595e49c38a302f4a603dd46f5a0764680a24b1)) +- Update schema config location + ([539ae73](https://github.com/ory/kratos/commit/539ae7303158f14ca42165c12f9d3e8ef9dcdbdf)) +- Use parallelism of 1 in go test + ([8736334](https://github.com/ory/kratos/commit/8736334bf11fc9a742e2972aa97ee56c407c7c0c)) +- **webauthn:** Support react-based webauth + ([b6123b4](https://github.com/ory/kratos/commit/b6123b4840547b295be44272e76454462a0f60c4)) +- X-session-token must not be mandatory + ([05d73be](https://github.com/ory/kratos/commit/05d73beed26f1be31c6f2a62499c7c71d7d54bec)) ### Code Generation -* Pin v0.8.0-alpha.1 release commit ([c2c902c](https://github.com/ory/kratos/commit/c2c902c1bd8d910843d747c25b99ee1bcc6f962d)) +- Pin v0.8.0-alpha.1 release commit + ([c2c902c](https://github.com/ory/kratos/commit/c2c902c1bd8d910843d747c25b99ee1bcc6f962d)) ### Code Refactoring -* **courier:** Support SMTP schemes for implicit TLS, explicit StartTLS, and cleartext SMTP ([#1831](https://github.com/ory/kratos/issues/1831)) ([4cb082c](https://github.com/ory/kratos/commit/4cb082ce1e15ddd1d992a2def9e7d6410142cc02)), closes [#1770](https://github.com/ory/kratos/issues/1770) [#1769](https://github.com/ory/kratos/issues/1769) -* Homogenize error messages ([421a319](https://github.com/ory/kratos/commit/421a3190d1d4f6f5d96ef8ad87c3a2a667b57a28)) -* Improved prometheus metrics ([#1830](https://github.com/ory/kratos/issues/1830)) ([0be993b](https://github.com/ory/kratos/commit/0be993bebeb9e50d90806ad13f60bb8d72c3b2d3)), closes [#1735](https://github.com/ory/kratos/issues/1735): - - This will add new prometheus metrics for Kratos that are more useful for alerting and increase overall observability. - -* Login flow `forced` renamed to `refresh` ([92087e5](https://github.com/ory/kratos/commit/92087e5f00b4fcce1706442c9edf1b466f9a23c9)) -* **login:** Rename forced -> refresh ([8d1e54b](https://github.com/ory/kratos/commit/8d1e54bd79cf617985602997f1121e168f58c389)) -* **login:** Support 2FA for non-browser SDKs ([df4846d](https://github.com/ory/kratos/commit/df4846d3867599f49e58b6b4d59b338916f37cbf)) -* Move expired error into top-level flow module ([01a2602](https://github.com/ory/kratos/commit/01a26025375f1d958a7e345c61fb6ba5e3403efe)) -* Move homebrew tap to ory/tap ([0ee67c3](https://github.com/ory/kratos/commit/0ee67c388a1fea8aa9633cbf684e1f62e16d61cc)) -* Move node identifiers to node package ([b0a86dc](https://github.com/ory/kratos/commit/b0a86dc6e5005017a9a0fa2120560f668ab2432f)) -* Revert decision to return 422 errors and streamline 401/403 ([8aa5318](https://github.com/ory/kratos/commit/8aa53187f1e78d693463a47fcd9aedab30d1b55f)) -* Sdk API is no v0alpha2 ([3f06738](https://github.com/ory/kratos/commit/3f067386e32ad3baeec48fd21dd51659a5725970)) -* **session:** CreateAndIssueCookie is now UpsertAndIssueCookie ([a6d134d](https://github.com/ory/kratos/commit/a6d134de7710c7e92e51f735f13b7757eb7011e5)) -* **session:** CreateSession is now UpsertSession ([3ec81a2](https://github.com/ory/kratos/commit/3ec81a2cc401ff18052abd2a9ba060e665f0baa2)) -* **settings:** Change settings success response ([12f98f2](https://github.com/ory/kratos/commit/12f98f2884294669bbb7eab7e8ed73a5372386f6)) +- **courier:** Support SMTP schemes for implicit TLS, explicit StartTLS, and + cleartext SMTP ([#1831](https://github.com/ory/kratos/issues/1831)) + ([4cb082c](https://github.com/ory/kratos/commit/4cb082ce1e15ddd1d992a2def9e7d6410142cc02)), + closes [#1770](https://github.com/ory/kratos/issues/1770) + [#1769](https://github.com/ory/kratos/issues/1769) +- Homogenize error messages + ([421a319](https://github.com/ory/kratos/commit/421a3190d1d4f6f5d96ef8ad87c3a2a667b57a28)) +- Improved prometheus metrics + ([#1830](https://github.com/ory/kratos/issues/1830)) + ([0be993b](https://github.com/ory/kratos/commit/0be993bebeb9e50d90806ad13f60bb8d72c3b2d3)), + closes [#1735](https://github.com/ory/kratos/issues/1735): + + This will add new prometheus metrics for Kratos that are more useful for + alerting and increase overall observability. + +- Login flow `forced` renamed to `refresh` + ([92087e5](https://github.com/ory/kratos/commit/92087e5f00b4fcce1706442c9edf1b466f9a23c9)) +- **login:** Rename forced -> refresh + ([8d1e54b](https://github.com/ory/kratos/commit/8d1e54bd79cf617985602997f1121e168f58c389)) +- **login:** Support 2FA for non-browser SDKs + ([df4846d](https://github.com/ory/kratos/commit/df4846d3867599f49e58b6b4d59b338916f37cbf)) +- Move expired error into top-level flow module + ([01a2602](https://github.com/ory/kratos/commit/01a26025375f1d958a7e345c61fb6ba5e3403efe)) +- Move homebrew tap to ory/tap + ([0ee67c3](https://github.com/ory/kratos/commit/0ee67c388a1fea8aa9633cbf684e1f62e16d61cc)) +- Move node identifiers to node package + ([b0a86dc](https://github.com/ory/kratos/commit/b0a86dc6e5005017a9a0fa2120560f668ab2432f)) +- Revert decision to return 422 errors and streamline 401/403 + ([8aa5318](https://github.com/ory/kratos/commit/8aa53187f1e78d693463a47fcd9aedab30d1b55f)) +- Sdk API is no v0alpha2 + ([3f06738](https://github.com/ory/kratos/commit/3f067386e32ad3baeec48fd21dd51659a5725970)) +- **session:** CreateAndIssueCookie is now UpsertAndIssueCookie + ([a6d134d](https://github.com/ory/kratos/commit/a6d134de7710c7e92e51f735f13b7757eb7011e5)) +- **session:** CreateSession is now UpsertSession + ([3ec81a2](https://github.com/ory/kratos/commit/3ec81a2cc401ff18052abd2a9ba060e665f0baa2)) +- **settings:** Change settings success response + ([12f98f2](https://github.com/ory/kratos/commit/12f98f2884294669bbb7eab7e8ed73a5372386f6)) ### Documentation -* Add 2fa credentials ([f7899a7](https://github.com/ory/kratos/commit/f7899a761aaf59d2cfddc2c330a805456cfca947)) -* Add 2fa guide ([b4eed76](https://github.com/ory/kratos/commit/b4eed76305ecf1de3461525fd2ea748ec94da53c)) -* Add a commandline example for the logout ([#1753](https://github.com/ory/kratos/issues/1753)) ([81ba264](https://github.com/ory/kratos/commit/81ba2647a66fca99b7ed2e56a67deec75ac06b89)) -* Add admin ui guide ([ac88060](https://github.com/ory/kratos/commit/ac88060ed7390f0a34db637880c1660b8c45b352)) -* Add advanced custom UI documentation ([5e3a2cd](https://github.com/ory/kratos/commit/5e3a2cdbedf0005c89db717d1136c56ab3304ede)) -* Add image assets ([6bc93ca](https://github.com/ory/kratos/commit/6bc93ca79283bd993b0176dda11ad9d5860a5e4f)) -* Add missing angle bracket ([#1799](https://github.com/ory/kratos/issues/1799)) ([4270140](https://github.com/ory/kratos/commit/427014052ef905c2003e2cd0133d57bf83819776)) -* Add ory sessions as a concept ([626c0c9](https://github.com/ory/kratos/commit/626c0c90bd2d683048618452ba421e40be92f587)) -* Add powershell to deps ([#1853](https://github.com/ory/kratos/issues/1853)) ([e945336](https://github.com/ory/kratos/commit/e94533690b658c4afba81e694a052579f0ffff42)), closes [#1848](https://github.com/ory/kratos/issues/1848) -* **credentials:** Add AAL explanation ([c1f501e](https://github.com/ory/kratos/commit/c1f501e9ec3ba203fb252fbd56cb87843d667b17)) -* Enhance error return values ([3799c24](https://github.com/ory/kratos/commit/3799c24fbc0397876df4f1c530e325bd1212d750)) -* Fix invalid syntax ([#1819](https://github.com/ory/kratos/issues/1819)) ([8cd6428](https://github.com/ory/kratos/commit/8cd6428e40610fa40b9c59414beb3d5c614dddaa)) -* Fix the flow links used for rendering ([#1752](https://github.com/ory/kratos/issues/1752)) ([131d2c2](https://github.com/ory/kratos/commit/131d2c284d4191ee979077937ea3b48fce772f3c)) -* Fix the invalid links ([#1868](https://github.com/ory/kratos/issues/1868)) ([6d621ec](https://github.com/ory/kratos/commit/6d621ec89d1a7c37daf4622b06a0ad94f2d77b31)) -* Remove obsolete file ([b7f9052](https://github.com/ory/kratos/commit/b7f905278edf4aed1e2984aa3d2d94a41368d6d8)) -* Update generated docs ([72afb81](https://github.com/ory/kratos/commit/72afb81be8bfaa36236087ec7715bca1804aa62c)) -* Update quickstart curl examples ([#1778](https://github.com/ory/kratos/issues/1778)) ([6c677c4](https://github.com/ory/kratos/commit/6c677c49df8fa8d48e7c0bbf91bbd18874f4c514)) -* Use correct link ([f007919](https://github.com/ory/kratos/commit/f007919b7bd86c1d1b20b3625709e01b5f123302)), closes [#1793](https://github.com/ory/kratos/issues/1793) +- Add 2fa credentials + ([f7899a7](https://github.com/ory/kratos/commit/f7899a761aaf59d2cfddc2c330a805456cfca947)) +- Add 2fa guide + ([b4eed76](https://github.com/ory/kratos/commit/b4eed76305ecf1de3461525fd2ea748ec94da53c)) +- Add a commandline example for the logout + ([#1753](https://github.com/ory/kratos/issues/1753)) + ([81ba264](https://github.com/ory/kratos/commit/81ba2647a66fca99b7ed2e56a67deec75ac06b89)) +- Add admin ui guide + ([ac88060](https://github.com/ory/kratos/commit/ac88060ed7390f0a34db637880c1660b8c45b352)) +- Add advanced custom UI documentation + ([5e3a2cd](https://github.com/ory/kratos/commit/5e3a2cdbedf0005c89db717d1136c56ab3304ede)) +- Add image assets + ([6bc93ca](https://github.com/ory/kratos/commit/6bc93ca79283bd993b0176dda11ad9d5860a5e4f)) +- Add missing angle bracket ([#1799](https://github.com/ory/kratos/issues/1799)) + ([4270140](https://github.com/ory/kratos/commit/427014052ef905c2003e2cd0133d57bf83819776)) +- Add ory sessions as a concept + ([626c0c9](https://github.com/ory/kratos/commit/626c0c90bd2d683048618452ba421e40be92f587)) +- Add powershell to deps ([#1853](https://github.com/ory/kratos/issues/1853)) + ([e945336](https://github.com/ory/kratos/commit/e94533690b658c4afba81e694a052579f0ffff42)), + closes [#1848](https://github.com/ory/kratos/issues/1848) +- **credentials:** Add AAL explanation + ([c1f501e](https://github.com/ory/kratos/commit/c1f501e9ec3ba203fb252fbd56cb87843d667b17)) +- Enhance error return values + ([3799c24](https://github.com/ory/kratos/commit/3799c24fbc0397876df4f1c530e325bd1212d750)) +- Fix invalid syntax ([#1819](https://github.com/ory/kratos/issues/1819)) + ([8cd6428](https://github.com/ory/kratos/commit/8cd6428e40610fa40b9c59414beb3d5c614dddaa)) +- Fix the flow links used for rendering + ([#1752](https://github.com/ory/kratos/issues/1752)) + ([131d2c2](https://github.com/ory/kratos/commit/131d2c284d4191ee979077937ea3b48fce772f3c)) +- Fix the invalid links ([#1868](https://github.com/ory/kratos/issues/1868)) + ([6d621ec](https://github.com/ory/kratos/commit/6d621ec89d1a7c37daf4622b06a0ad94f2d77b31)) +- Remove obsolete file + ([b7f9052](https://github.com/ory/kratos/commit/b7f905278edf4aed1e2984aa3d2d94a41368d6d8)) +- Update generated docs + ([72afb81](https://github.com/ory/kratos/commit/72afb81be8bfaa36236087ec7715bca1804aa62c)) +- Update quickstart curl examples + ([#1778](https://github.com/ory/kratos/issues/1778)) + ([6c677c4](https://github.com/ory/kratos/commit/6c677c49df8fa8d48e7c0bbf91bbd18874f4c514)) +- Use correct link + ([f007919](https://github.com/ory/kratos/commit/f007919b7bd86c1d1b20b3625709e01b5f123302)), + closes [#1793](https://github.com/ory/kratos/issues/1793) ### Features -* Add `intended_for_someone_else` error code ([572a131](https://github.com/ory/kratos/commit/572a1315aec7d1103c8d4fb9c128644ea2af6d3b)) -* Add aal fallback for existing sessions ([a5c7b11](https://github.com/ory/kratos/commit/a5c7b1143bca7029bf94fc42fe638534961a06bc)) -* Add authenticators after set up ([035c276](https://github.com/ory/kratos/commit/035c276152a22a2c9c7159b1cf89dbe7724728dd)) -* Add DeleteCredentialsType to identity struct including tests ([b12bf52](https://github.com/ory/kratos/commit/b12bf523e4213e49f545206c457a1739f493d385)) -* Add e2e tests for react native 2fa ([a3ac253](https://github.com/ory/kratos/commit/a3ac253bdb9c42df6dce9288a2e7c2dada24d255)) -* Add error ids for csrf-related errors ([dc2adbf](https://github.com/ory/kratos/commit/dc2adbf52f7ee845778ee5c3c943b9e10c41e181)) -* Add error ids for redirect-related errors ([246a045](https://github.com/ory/kratos/commit/246a0453e65e70635331c95ff02ec9133ae81e46)) -* Add error ids for session-related errors ([087d907](https://github.com/ory/kratos/commit/087d90731185b71cd88cc6451ce360d6c1dada34)) -* Add explicit return_to to flow objects and API parameters ([50d04ea](https://github.com/ory/kratos/commit/50d04eaa455932a9a5cc31f812f66518e1d4ad3b)), closes [#1605](https://github.com/ory/kratos/issues/1605) [#1121](https://github.com/ory/kratos/issues/1121): - - This patch adds a `return_to` field to the flow objects which contains the original `?return_to=...` value. It uses the Flow's `request_url` for that purpose. - -* Add ids for user-facing errors for login, registration, settings ([787558b](https://github.com/ory/kratos/commit/787558b48fd7405ac61a48d3c18c7252ac1aaf19)): - - This patch adds a new field `id` to JSON error payloads. This helps tremendously in implementing better client-side (native / SPA) apps as the API now returns error IDs like `no_active_session`, `orbidden_return_to`, `no_verified_address` and more. UIs can use these IDs to decide what to do next in the application - for example redirecting to a particular endpoint or showing an error message. - -* Add initial value to bool checkboxes ([63dba73](https://github.com/ory/kratos/commit/63dba737376dbe2f15c5afb5df22c593328c6483)) -* Add internal context to login and registration ([723e6ee](https://github.com/ory/kratos/commit/723e6eee731d34f85bc4346a1040f2f121662ae9)) -* Add internal context to settings flow ([afb6895](https://github.com/ory/kratos/commit/afb6895daa8743edbf4fca957b2a156e676ef63a)) -* Add lookup node to disable lookup ([d0836be](https://github.com/ory/kratos/commit/d0836beb53709c88eb9ed78df39e95a3204c7cec)): - - See https://github.com/ory/cloud/issues/12 - -* Add lookup to config ([14119b6](https://github.com/ory/kratos/commit/14119b623941b6f5e795ef0d369ee9e3adb73207)) -* Add lookup to identity ([ead3833](https://github.com/ory/kratos/commit/ead3833e254b4939f2b86b34e954580960cc7ea1)) -* Add lookup to migrations ([dac4f75](https://github.com/ory/kratos/commit/dac4f759a0b92c1eebca177c3c931fb3146e7dee)) -* Add MFA enforcment option to whoami and settings ([554d725](https://github.com/ory/kratos/commit/554d72552702818c8f1fc45fd1daf9d93c0d2cad)) -* Add mfa for non-browser ([4096fd3](https://github.com/ory/kratos/commit/4096fd3fbdb430fd325b38fe9102defa31dd1b6d)) -* Add missing migrations ([ccc64d8](https://github.com/ory/kratos/commit/ccc64d87935c6b5ad506dce6a5f903d56541f864)) -* Add option to disable recovery codes ([9d3daa6](https://github.com/ory/kratos/commit/9d3daa656a5361ef8a90fe3511f9c1a6e9015969)): - - Closes https://github.com/ory/cloud/issues/12 - -* Add ory cli config ([5b959be](https://github.com/ory/kratos/commit/5b959beaba4d03e143f7701c30bc30e25f2c51cc)) -* Add schema patch for new initial_value field ([131e380](https://github.com/ory/kratos/commit/131e3803ff6d04af9ec668286c8e6fcf88467214)): - - The field sets a node input's initial value. This is primarily used for fields which are e.g. checkboxes or buttons (active/inactive). If this field is set on a button, it implies that clicking the button should trigger the "value" to be set. - -* Add script type and discriminator for attributes ([de0af95](https://github.com/ory/kratos/commit/de0af955904894d97997cf598686b6d33cd88bd4)): - - See https://github.com/ory/sdk/issues/72 - -* Add smtp headers config option ([#1747](https://github.com/ory/kratos/issues/1747)) ([7ffe0e9](https://github.com/ory/kratos/commit/7ffe0e9766e930615dbb6833e650b73a8975a544)), closes [#1725](https://github.com/ory/kratos/issues/1725) -* Add support for onclick javascript in ui nodes ([7cc7efa](https://github.com/ory/kratos/commit/7cc7efa00ff0e8107f1369573bfdf766fcfc0e93)) -* Add totp strategy for settings flow ([d1d6617](https://github.com/ory/kratos/commit/d1d6617013fbcc37eaf48cf19061b86955fc5d5e)): - - This patch allows adding a TOTP device in the settings, and also removing it when no longer needed. - -* Add webauthn identity credential ([f8b9582](https://github.com/ory/kratos/commit/f8b95828ea41d29c7f3577cc7772168135bc5514)) -* Adding Dockle Container Linter ([#1852](https://github.com/ory/kratos/issues/1852)) ([3c0d519](https://github.com/ory/kratos/commit/3c0d519dd47657c6adca3d64bca8b3ed02cb7a8f)) -* Adjust to new aal error handling ([b8956bc](https://github.com/ory/kratos/commit/b8956bc0fc8a45e88dd51f79608f9d6c34e2b6f3)) -* API to return access, refresh, id tokens from social sign in ([#1818](https://github.com/ory/kratos/issues/1818)) ([198991a](https://github.com/ory/kratos/commit/198991a9ce25fbaccc927be3bd3f6b1593771bec)), closes [#1518](https://github.com/ory/kratos/issues/1518) [#397](https://github.com/ory/kratos/issues/397): - - This patch introduces the new `include_credential` query parameter to the `GET /identities` endpoint which allows administrators to receive the initial access, refresh, and ID tokens from Social Sign In (OpenID Connect / OAuth 2.0) flows. - - These tokens can be stored in an encrypted format (XChaCha20Poly1305 or AES-GCM) in the database if an appropriate encryption secret is set. To get started easily these values are not encrypted per default. - - For more information head [over to the docs](https://kratos/docs/guides/retrieve-social-sign-in-access-refresh-id-token). - -* Auto-generate list of messages ([cf46339](https://github.com/ory/kratos/commit/cf46339b9a07cd72b4d01e40c2df72e6c8104e9b)), closes [#1784](https://github.com/ory/kratos/issues/1784) -* Endpoint to list all identity schemas ([#1703](https://github.com/ory/kratos/issues/1703)) ([aa23d5d](https://github.com/ory/kratos/commit/aa23d5d5af28d8a7789b4a0c7e97197c7758ad98)), closes [#1699](https://github.com/ory/kratos/issues/1699) -* Generate sdks and update versions ([c9d22d9](https://github.com/ory/kratos/commit/c9d22d91f5fe49b5f2818160ade58bfd265f03e5)) -* **hash:** PBKDF2 password hash verification ([#1774](https://github.com/ory/kratos/issues/1774)) ([33cc7e0](https://github.com/ory/kratos/commit/33cc7e02d9bcc24ae1de438102660cc89fd008d6)), closes [#1659](https://github.com/ory/kratos/issues/1659) -* Identity schema validation on startup ([#1779](https://github.com/ory/kratos/issues/1779)) ([99db3f0](https://github.com/ory/kratos/commit/99db3f03afd4b2525cbce54133a1abd1d49d2886)), closes [#701](https://github.com/ory/kratos/issues/701) -* **identity:** Add AAL constants ([882573d](https://github.com/ory/kratos/commit/882573df5621446e799b17ca0ab09d3934e44437)) -* Implement AAL for login and sessions ([45467e0](https://github.com/ory/kratos/commit/45467e0caba7ed31e2ebde71a8b32ecd5f8db7c2)) -* Implement endpoint for invalidating all sessions for a given identity ([#1740](https://github.com/ory/kratos/issues/1740)) ([dbd1689](https://github.com/ory/kratos/commit/dbd1689c11fd0a3d999ea09b553dd4a14a7a6972)), closes [#655](https://github.com/ory/kratos/issues/655): - - This PR introduces endpoint to destroy all sessions for a given identity which effectively logouts user from all devices/sessions. This is useful when for some security concern we want to make sure there are no "old" sessions active or other "staff" related actions (such as force logout after password change etc.). - -* Implement lookup code settings and login ([8f3ce7b](https://github.com/ory/kratos/commit/8f3ce7b33390fcae85e605193806364ca9d099c9)) -* Improve detection of AAL errors and return 422 instead of 403 ([e2bfbea](https://github.com/ory/kratos/commit/e2bfbea1541aca983eb835d3da2b5fe70ac4b7a5)) -* Improve labels for totp and lookup ([b92e00e](https://github.com/ory/kratos/commit/b92e00e345da1f8ab76750e3f0ae1301977bbae0)) -* Improve session device annotations ([87907b8](https://github.com/ory/kratos/commit/87907b8d29dc9cd7140535e81ea62c2d7f8e41c3)) -* In docker debug support with delve ([#1789](https://github.com/ory/kratos/issues/1789)) ([37325a1](https://github.com/ory/kratos/commit/37325a18d9430130d0062674433fa0d3f9a59eb3)) -* Introduce cve scanning ([#1798](https://github.com/ory/kratos/issues/1798)) ([ade13ea](https://github.com/ory/kratos/commit/ade13ea082ee11e9c1005de3ccb3ae6b5f02bb49)) -* **logout:** Add logout token to browser response ([#1758](https://github.com/ory/kratos/issues/1758)) ([d3f1177](https://github.com/ory/kratos/commit/d3f1177a9a82dc2c4f930f15c6ec87c3ec5a1d53)) -* Mark recovery email address verified ([#1665](https://github.com/ory/kratos/issues/1665)) ([e3efc5d](https://github.com/ory/kratos/commit/e3efc5d0673106115a236e38b5d76d6672d64d20)), closes [#1662](https://github.com/ory/kratos/issues/1662) -* Mark required fiels as required ([34cd5e8](https://github.com/ory/kratos/commit/34cd5e8e638be3d48ed8174112417bc36400e8cb)): - - Closes https://github.com/ory-corp/cloud/issues/1328 - Closes https://github.com/ory/kratos/issues/400 - Closes https://github.com/ory/kratos/issues/1058 - See https://ory-community.slack.com/archives/C012RJ2MQ1H/p1631825476159000 - -* Natively support social sign in for single-page apps ([1a1a350](https://github.com/ory/kratos/commit/1a1a350a9f0df85195505690fc52086eddf78371)) -* **persistence:** Add new columns for mfa ([6184fe3](https://github.com/ory/kratos/commit/6184fe385cf87b260117290089b06445e5b6b205)) -* Potentially add arm64 docker support ([68112de](https://github.com/ory/kratos/commit/68112defb97db1c6f4b8bf65e2e522b22e27d280)) -* Proper enum and type assertions for openapi ([c4d8516](https://github.com/ory/kratos/commit/c4d8516fb93c2127c6d0c28a914ed7b8f8646832)) -* Publish webauthn as loadable script instead of eval ([2717c59](https://github.com/ory/kratos/commit/2717c5958ab3f088821fdf96fdf6d44d48fea310)) -* Redirect on login if session aal is not matched ([8feff8d](https://github.com/ory/kratos/commit/8feff8daaf4ac744fab22627d9bdab45740570d5)) -* Respect webauthn in session aal ([869b4a5](https://github.com/ory/kratos/commit/869b4a5a812b840196eaf1e591aeb685d7f0e904)) -* **session:** Respect 2fa enforcement in whoami ([3a82c88](https://github.com/ory/kratos/commit/3a82c8806931a2b4cd05142a6dae8040a76658bc)) -* Sign in with apple ([#1833](https://github.com/ory/kratos/issues/1833)) ([16ed123](https://github.com/ory/kratos/commit/16ed123adba06167f70eb952ae3877d4476f8c71)), closes [#1782](https://github.com/ory/kratos/issues/1782): - - Adds an adapter and configuration options for enabling Social Sign In with Apple. - -* Sort totp nodes ([5c9a494](https://github.com/ory/kratos/commit/5c9a49487f45af5b7edf069edf9c3d37ef293cd5)) -* Stubable time in text package ([22e4ed1](https://github.com/ory/kratos/commit/22e4ed15e2eecb51b393762077872b19f6f2acd2)) -* Support apple m1 ([54b4fb6](https://github.com/ory/kratos/commit/54b4fb698c6a087afef8821fa8300798e484ae18)) -* Support setting the identity state via the admin API ([#1805](https://github.com/ory/kratos/issues/1805)) ([29c060b](https://github.com/ory/kratos/commit/29c060bd348733eeafee98d5f255c737a8cbcad0)), closes [#1767](https://github.com/ory/kratos/issues/1767) -* Support strategy return to ui for settings ([74670bb](https://github.com/ory/kratos/commit/74670bb4b0cc45626537e5ac63283fd14f05dee1)) -* Support webauthn for mfa ([e8f4d3c](https://github.com/ory/kratos/commit/e8f4d3cb899d44c777b094f2ae4d84ff68532bf9)) -* **totp:** Add width and height to QR code ([a648ba3](https://github.com/ory/kratos/commit/a648ba3de9a0ba707ce39c37fa5d5e38c4da74d3)) -* **totp:** Support account name setting from schema ([19a6bcc](https://github.com/ory/kratos/commit/19a6bcc9d8940acb2a5f0eb4a6cc7f28801a2f92)) -* Treat lookup as aal2 in session ([3269028](https://github.com/ory/kratos/commit/3269028d46d0ef23de3f905c325d514f24db43b8)) -* Use discriminators for ui node types in spec ([59e808e](https://github.com/ory/kratos/commit/59e808e8dc6339da59bbe08ebbcf7b840e3fdd50)) -* Use initial_value in lookup strategy ([efe272f](https://github.com/ory/kratos/commit/efe272f06966edc4858602d94740b6ed36c12e57)) +- Add `intended_for_someone_else` error code + ([572a131](https://github.com/ory/kratos/commit/572a1315aec7d1103c8d4fb9c128644ea2af6d3b)) +- Add aal fallback for existing sessions + ([a5c7b11](https://github.com/ory/kratos/commit/a5c7b1143bca7029bf94fc42fe638534961a06bc)) +- Add authenticators after set up + ([035c276](https://github.com/ory/kratos/commit/035c276152a22a2c9c7159b1cf89dbe7724728dd)) +- Add DeleteCredentialsType to identity struct including tests + ([b12bf52](https://github.com/ory/kratos/commit/b12bf523e4213e49f545206c457a1739f493d385)) +- Add e2e tests for react native 2fa + ([a3ac253](https://github.com/ory/kratos/commit/a3ac253bdb9c42df6dce9288a2e7c2dada24d255)) +- Add error ids for csrf-related errors + ([dc2adbf](https://github.com/ory/kratos/commit/dc2adbf52f7ee845778ee5c3c943b9e10c41e181)) +- Add error ids for redirect-related errors + ([246a045](https://github.com/ory/kratos/commit/246a0453e65e70635331c95ff02ec9133ae81e46)) +- Add error ids for session-related errors + ([087d907](https://github.com/ory/kratos/commit/087d90731185b71cd88cc6451ce360d6c1dada34)) +- Add explicit return_to to flow objects and API parameters + ([50d04ea](https://github.com/ory/kratos/commit/50d04eaa455932a9a5cc31f812f66518e1d4ad3b)), + closes [#1605](https://github.com/ory/kratos/issues/1605) + [#1121](https://github.com/ory/kratos/issues/1121): + + This patch adds a `return_to` field to the flow objects which contains the + original `?return_to=...` value. It uses the Flow's `request_url` for that + purpose. + +- Add ids for user-facing errors for login, registration, settings + ([787558b](https://github.com/ory/kratos/commit/787558b48fd7405ac61a48d3c18c7252ac1aaf19)): + + This patch adds a new field `id` to JSON error payloads. This helps + tremendously in implementing better client-side (native / SPA) apps as the API + now returns error IDs like `no_active_session`, `orbidden_return_to`, + `no_verified_address` and more. UIs can use these IDs to decide what to do + next in the application - for example redirecting to a particular endpoint or + showing an error message. + +- Add initial value to bool checkboxes + ([63dba73](https://github.com/ory/kratos/commit/63dba737376dbe2f15c5afb5df22c593328c6483)) +- Add internal context to login and registration + ([723e6ee](https://github.com/ory/kratos/commit/723e6eee731d34f85bc4346a1040f2f121662ae9)) +- Add internal context to settings flow + ([afb6895](https://github.com/ory/kratos/commit/afb6895daa8743edbf4fca957b2a156e676ef63a)) +- Add lookup node to disable lookup + ([d0836be](https://github.com/ory/kratos/commit/d0836beb53709c88eb9ed78df39e95a3204c7cec)): + + See https://github.com/ory/cloud/issues/12 + +- Add lookup to config + ([14119b6](https://github.com/ory/kratos/commit/14119b623941b6f5e795ef0d369ee9e3adb73207)) +- Add lookup to identity + ([ead3833](https://github.com/ory/kratos/commit/ead3833e254b4939f2b86b34e954580960cc7ea1)) +- Add lookup to migrations + ([dac4f75](https://github.com/ory/kratos/commit/dac4f759a0b92c1eebca177c3c931fb3146e7dee)) +- Add MFA enforcment option to whoami and settings + ([554d725](https://github.com/ory/kratos/commit/554d72552702818c8f1fc45fd1daf9d93c0d2cad)) +- Add mfa for non-browser + ([4096fd3](https://github.com/ory/kratos/commit/4096fd3fbdb430fd325b38fe9102defa31dd1b6d)) +- Add missing migrations + ([ccc64d8](https://github.com/ory/kratos/commit/ccc64d87935c6b5ad506dce6a5f903d56541f864)) +- Add option to disable recovery codes + ([9d3daa6](https://github.com/ory/kratos/commit/9d3daa656a5361ef8a90fe3511f9c1a6e9015969)): + + Closes https://github.com/ory/cloud/issues/12 + +- Add ory cli config + ([5b959be](https://github.com/ory/kratos/commit/5b959beaba4d03e143f7701c30bc30e25f2c51cc)) +- Add schema patch for new initial_value field + ([131e380](https://github.com/ory/kratos/commit/131e3803ff6d04af9ec668286c8e6fcf88467214)): + + The field sets a node input's initial value. This is primarily used for fields + which are e.g. checkboxes or buttons (active/inactive). If this field is set + on a button, it implies that clicking the button should trigger the "value" to + be set. + +- Add script type and discriminator for attributes + ([de0af95](https://github.com/ory/kratos/commit/de0af955904894d97997cf598686b6d33cd88bd4)): + + See https://github.com/ory/sdk/issues/72 + +- Add smtp headers config option + ([#1747](https://github.com/ory/kratos/issues/1747)) + ([7ffe0e9](https://github.com/ory/kratos/commit/7ffe0e9766e930615dbb6833e650b73a8975a544)), + closes [#1725](https://github.com/ory/kratos/issues/1725) +- Add support for onclick javascript in ui nodes + ([7cc7efa](https://github.com/ory/kratos/commit/7cc7efa00ff0e8107f1369573bfdf766fcfc0e93)) +- Add totp strategy for settings flow + ([d1d6617](https://github.com/ory/kratos/commit/d1d6617013fbcc37eaf48cf19061b86955fc5d5e)): + + This patch allows adding a TOTP device in the settings, and also removing it + when no longer needed. + +- Add webauthn identity credential + ([f8b9582](https://github.com/ory/kratos/commit/f8b95828ea41d29c7f3577cc7772168135bc5514)) +- Adding Dockle Container Linter + ([#1852](https://github.com/ory/kratos/issues/1852)) + ([3c0d519](https://github.com/ory/kratos/commit/3c0d519dd47657c6adca3d64bca8b3ed02cb7a8f)) +- Adjust to new aal error handling + ([b8956bc](https://github.com/ory/kratos/commit/b8956bc0fc8a45e88dd51f79608f9d6c34e2b6f3)) +- API to return access, refresh, id tokens from social sign in + ([#1818](https://github.com/ory/kratos/issues/1818)) + ([198991a](https://github.com/ory/kratos/commit/198991a9ce25fbaccc927be3bd3f6b1593771bec)), + closes [#1518](https://github.com/ory/kratos/issues/1518) + [#397](https://github.com/ory/kratos/issues/397): + + This patch introduces the new `include_credential` query parameter to the + `GET /identities` endpoint which allows administrators to receive the initial + access, refresh, and ID tokens from Social Sign In (OpenID Connect / OAuth + 2.0) flows. + + These tokens can be stored in an encrypted format (XChaCha20Poly1305 or + AES-GCM) in the database if an appropriate encryption secret is set. To get + started easily these values are not encrypted per default. + + For more information head + [over to the docs](https://kratos/docs/guides/retrieve-social-sign-in-access-refresh-id-token). + +- Auto-generate list of messages + ([cf46339](https://github.com/ory/kratos/commit/cf46339b9a07cd72b4d01e40c2df72e6c8104e9b)), + closes [#1784](https://github.com/ory/kratos/issues/1784) +- Endpoint to list all identity schemas + ([#1703](https://github.com/ory/kratos/issues/1703)) + ([aa23d5d](https://github.com/ory/kratos/commit/aa23d5d5af28d8a7789b4a0c7e97197c7758ad98)), + closes [#1699](https://github.com/ory/kratos/issues/1699) +- Generate sdks and update versions + ([c9d22d9](https://github.com/ory/kratos/commit/c9d22d91f5fe49b5f2818160ade58bfd265f03e5)) +- **hash:** PBKDF2 password hash verification + ([#1774](https://github.com/ory/kratos/issues/1774)) + ([33cc7e0](https://github.com/ory/kratos/commit/33cc7e02d9bcc24ae1de438102660cc89fd008d6)), + closes [#1659](https://github.com/ory/kratos/issues/1659) +- Identity schema validation on startup + ([#1779](https://github.com/ory/kratos/issues/1779)) + ([99db3f0](https://github.com/ory/kratos/commit/99db3f03afd4b2525cbce54133a1abd1d49d2886)), + closes [#701](https://github.com/ory/kratos/issues/701) +- **identity:** Add AAL constants + ([882573d](https://github.com/ory/kratos/commit/882573df5621446e799b17ca0ab09d3934e44437)) +- Implement AAL for login and sessions + ([45467e0](https://github.com/ory/kratos/commit/45467e0caba7ed31e2ebde71a8b32ecd5f8db7c2)) +- Implement endpoint for invalidating all sessions for a given identity + ([#1740](https://github.com/ory/kratos/issues/1740)) + ([dbd1689](https://github.com/ory/kratos/commit/dbd1689c11fd0a3d999ea09b553dd4a14a7a6972)), + closes [#655](https://github.com/ory/kratos/issues/655): + + This PR introduces endpoint to destroy all sessions for a given identity which + effectively logouts user from all devices/sessions. This is useful when for + some security concern we want to make sure there are no "old" sessions active + or other "staff" related actions (such as force logout after password change + etc.). + +- Implement lookup code settings and login + ([8f3ce7b](https://github.com/ory/kratos/commit/8f3ce7b33390fcae85e605193806364ca9d099c9)) +- Improve detection of AAL errors and return 422 instead of 403 + ([e2bfbea](https://github.com/ory/kratos/commit/e2bfbea1541aca983eb835d3da2b5fe70ac4b7a5)) +- Improve labels for totp and lookup + ([b92e00e](https://github.com/ory/kratos/commit/b92e00e345da1f8ab76750e3f0ae1301977bbae0)) +- Improve session device annotations + ([87907b8](https://github.com/ory/kratos/commit/87907b8d29dc9cd7140535e81ea62c2d7f8e41c3)) +- In docker debug support with delve + ([#1789](https://github.com/ory/kratos/issues/1789)) + ([37325a1](https://github.com/ory/kratos/commit/37325a18d9430130d0062674433fa0d3f9a59eb3)) +- Introduce cve scanning ([#1798](https://github.com/ory/kratos/issues/1798)) + ([ade13ea](https://github.com/ory/kratos/commit/ade13ea082ee11e9c1005de3ccb3ae6b5f02bb49)) +- **logout:** Add logout token to browser response + ([#1758](https://github.com/ory/kratos/issues/1758)) + ([d3f1177](https://github.com/ory/kratos/commit/d3f1177a9a82dc2c4f930f15c6ec87c3ec5a1d53)) +- Mark recovery email address verified + ([#1665](https://github.com/ory/kratos/issues/1665)) + ([e3efc5d](https://github.com/ory/kratos/commit/e3efc5d0673106115a236e38b5d76d6672d64d20)), + closes [#1662](https://github.com/ory/kratos/issues/1662) +- Mark required fiels as required + ([34cd5e8](https://github.com/ory/kratos/commit/34cd5e8e638be3d48ed8174112417bc36400e8cb)): + + Closes https://github.com/ory-corp/cloud/issues/1328 Closes + https://github.com/ory/kratos/issues/400 Closes + https://github.com/ory/kratos/issues/1058 See + https://ory-community.slack.com/archives/C012RJ2MQ1H/p1631825476159000 + +- Natively support social sign in for single-page apps + ([1a1a350](https://github.com/ory/kratos/commit/1a1a350a9f0df85195505690fc52086eddf78371)) +- **persistence:** Add new columns for mfa + ([6184fe3](https://github.com/ory/kratos/commit/6184fe385cf87b260117290089b06445e5b6b205)) +- Potentially add arm64 docker support + ([68112de](https://github.com/ory/kratos/commit/68112defb97db1c6f4b8bf65e2e522b22e27d280)) +- Proper enum and type assertions for openapi + ([c4d8516](https://github.com/ory/kratos/commit/c4d8516fb93c2127c6d0c28a914ed7b8f8646832)) +- Publish webauthn as loadable script instead of eval + ([2717c59](https://github.com/ory/kratos/commit/2717c5958ab3f088821fdf96fdf6d44d48fea310)) +- Redirect on login if session aal is not matched + ([8feff8d](https://github.com/ory/kratos/commit/8feff8daaf4ac744fab22627d9bdab45740570d5)) +- Respect webauthn in session aal + ([869b4a5](https://github.com/ory/kratos/commit/869b4a5a812b840196eaf1e591aeb685d7f0e904)) +- **session:** Respect 2fa enforcement in whoami + ([3a82c88](https://github.com/ory/kratos/commit/3a82c8806931a2b4cd05142a6dae8040a76658bc)) +- Sign in with apple ([#1833](https://github.com/ory/kratos/issues/1833)) + ([16ed123](https://github.com/ory/kratos/commit/16ed123adba06167f70eb952ae3877d4476f8c71)), + closes [#1782](https://github.com/ory/kratos/issues/1782): + + Adds an adapter and configuration options for enabling Social Sign In with + Apple. + +- Sort totp nodes + ([5c9a494](https://github.com/ory/kratos/commit/5c9a49487f45af5b7edf069edf9c3d37ef293cd5)) +- Stubable time in text package + ([22e4ed1](https://github.com/ory/kratos/commit/22e4ed15e2eecb51b393762077872b19f6f2acd2)) +- Support apple m1 + ([54b4fb6](https://github.com/ory/kratos/commit/54b4fb698c6a087afef8821fa8300798e484ae18)) +- Support setting the identity state via the admin API + ([#1805](https://github.com/ory/kratos/issues/1805)) + ([29c060b](https://github.com/ory/kratos/commit/29c060bd348733eeafee98d5f255c737a8cbcad0)), + closes [#1767](https://github.com/ory/kratos/issues/1767) +- Support strategy return to ui for settings + ([74670bb](https://github.com/ory/kratos/commit/74670bb4b0cc45626537e5ac63283fd14f05dee1)) +- Support webauthn for mfa + ([e8f4d3c](https://github.com/ory/kratos/commit/e8f4d3cb899d44c777b094f2ae4d84ff68532bf9)) +- **totp:** Add width and height to QR code + ([a648ba3](https://github.com/ory/kratos/commit/a648ba3de9a0ba707ce39c37fa5d5e38c4da74d3)) +- **totp:** Support account name setting from schema + ([19a6bcc](https://github.com/ory/kratos/commit/19a6bcc9d8940acb2a5f0eb4a6cc7f28801a2f92)) +- Treat lookup as aal2 in session + ([3269028](https://github.com/ory/kratos/commit/3269028d46d0ef23de3f905c325d514f24db43b8)) +- Use discriminators for ui node types in spec + ([59e808e](https://github.com/ory/kratos/commit/59e808e8dc6339da59bbe08ebbcf7b840e3fdd50)) +- Use initial_value in lookup strategy + ([efe272f](https://github.com/ory/kratos/commit/efe272f06966edc4858602d94740b6ed36c12e57)) ### Reverts -* 3745014 ([d493d10](https://github.com/ory/kratos/commit/d493d1049f90ca6ee7b85931e3652aa9fdeb0254)) +- 3745014 + ([d493d10](https://github.com/ory/kratos/commit/d493d1049f90ca6ee7b85931e3652aa9fdeb0254)) ### Tests -* Aal in login.NewFlow ([5986e38](https://github.com/ory/kratos/commit/5986e38e6ab9eec1761e4c723c807dc0ef2a3dfa)) -* AcceptToRedirectOrJSON ([2ca153f](https://github.com/ory/kratos/commit/2ca153f027599c18583ce0ebacb5ed577b56ddf3)) -* Add credentials test ([58b388c](https://github.com/ory/kratos/commit/58b388c70d5ff32822e8ac5f3a394e683273ac6a)) -* Add expired test to login handler ([3bdb8ab](https://github.com/ory/kratos/commit/3bdb8abb558c0f8c4b33f712678f5da02d0ef4ee)) -* Add identity change test to settings submit ([5eb090b](https://github.com/ory/kratos/commit/5eb090b2564192deb77e64dd74a07b96c381391d)) -* Add initial spa e2e test ([20617f6](https://github.com/ory/kratos/commit/20617f628ac84981c3b47ce9e9ab193b8ff426d0)) -* Add initial totp integration tests ([c9d456b](https://github.com/ory/kratos/commit/c9d456bf03cb33baf0745fe9a511f84b4c9427e3)) -* Add login tests ([a71cadd](https://github.com/ory/kratos/commit/a71cadde91bdaf960caf30dcfa957a2646da86a2)) -* Add migrations tests for new tables ([3c96ab0](https://github.com/ory/kratos/commit/3c96ab059af9bf6002b341c5db51d1b3ca5da655)) -* Add react app to e2e tests ([1214eee](https://github.com/ory/kratos/commit/1214eeee24b06e6e72c55cfed2176860ecbf3c13)) -* Add schema test for totp config ([c4f05ba](https://github.com/ory/kratos/commit/c4f05ba60af1d7ca31b4cf54097cbefa88085704)) -* Add session amr test ([eedb60b](https://github.com/ory/kratos/commit/eedb60bec9bebfb0a4ffb67dd484d2e6b466e776)) -* Add settings tests ([6959565](https://github.com/ory/kratos/commit/6959565212dc5e7296aad7f1365a944379dd5d6d)) -* Add test for TOTPIssuer ([14731c4](https://github.com/ory/kratos/commit/14731c4e7809c2202c9298422c005358b7b26fc3)) -* Add test for ui error page ([3977a9c](https://github.com/ory/kratos/commit/3977a9c4d6f98ef6d8f7f4c88d55b46579401ba8)) -* Add TestEnsureInternalContext ([152bfc7](https://github.com/ory/kratos/commit/152bfc7294078081ca9f8fc6dd194db6d2e699ad)) -* Add totp registry tests ([817e3ec](https://github.com/ory/kratos/commit/817e3ecb213454e4ce3f987ce8a8714301ee8165)) -* Add totp settings tests ([c5a0d0f](https://github.com/ory/kratos/commit/c5a0d0f8435690786eaf719bb1376f7da15a6203)) -* Add TOTP to profile ([7431e9f](https://github.com/ory/kratos/commit/7431e9fcf4e9c9853ec4d378221c7a3744b3b239)) -* Add update session test ([47bd057](https://github.com/ory/kratos/commit/47bd057da0fbf849d643c27c6eb75ef09c5075fb)) -* Additional checks for flow hydration ([a40d7fe](https://github.com/ory/kratos/commit/a40d7fe4340ff61c3fa9ac0a70dc5f7e4641a15e)) -* Amr persistence ([b0b2d81](https://github.com/ory/kratos/commit/b0b2d8174ca46e066e8eb912a24d9e6efeea0ce8)) -* Check if internal context is validated in store ([a23d851](https://github.com/ory/kratos/commit/a23d8518fc65f645cae9c196ff70df4efca67266)) -* CheckAAL ([03b37e7](https://github.com/ory/kratos/commit/03b37e7675e369817d2bb226047ec9f26b18a456)) -* Complete TOTP login integration tests ([6e503cf](https://github.com/ory/kratos/commit/6e503cff28428e707b3812cd2bf8e44ccc487b89)) -* **e2e:** Add baseurl ([159b25f](https://github.com/ory/kratos/commit/159b25f7ab0ac659033d861868f472183b852167)) -* **e2e:** Add checkboxes to schemas ([0c91f0c](https://github.com/ory/kratos/commit/0c91f0c89081726e7451d5411a6adeb631ae2edb)) -* **e2e:** Add config for proxy to simplify cy.visit logic ([7d87985](https://github.com/ory/kratos/commit/7d8798560947227d64a35d2dd69623bc1a1ddc8f)) -* **e2e:** Add mfa profile ([a60d157](https://github.com/ory/kratos/commit/a60d157bfeb79cb527bf73b3fc38e1ba5388cbed)) -* **e2e:** Add modd to build ([48cd8ae](https://github.com/ory/kratos/commit/48cd8aeb851d02e2fd31e73e044befb45242e953)) -* **e2e:** Add more helpers and ts defs ([21b35b0](https://github.com/ory/kratos/commit/21b35b025a21b1f6ab3ac8be79339f1734b3033a)) -* **e2e:** Add more helpers for various flows and proxy settings ([755ac60](https://github.com/ory/kratos/commit/755ac60cb1a54cd188ab07d9448598d738c5e866)) -* **e2e:** Add more routes to registry ([30423c9](https://github.com/ory/kratos/commit/30423c92ba27709e003e88e58072b78ef3e2aa04)) -* **e2e:** Add more typings for cypress helpers ([60bd63f](https://github.com/ory/kratos/commit/60bd63f31d6b639af19048cc3d1e392b885213e0)) -* **e2e:** Add plugin for using got ([8fafc40](https://github.com/ory/kratos/commit/8fafc40dff8a0d9d5d678b59ecf4c13755906a4f)) -* **e2e:** Add proxy capabilities for react native app ([b5668df](https://github.com/ory/kratos/commit/b5668df755e186f12c0e543715bc2e16011583a6)) -* **e2e:** Add recovery tests for SPA ([b6014ee](https://github.com/ory/kratos/commit/b6014eee8b507abf6e3b4324097b3015f722cbe3)) -* **e2e:** Add spa as allowed redirect url ([2625d16](https://github.com/ory/kratos/commit/2625d1689d47fb1cdbe34708be27f2317cdc7bea)) -* **e2e:** Add SPA tests for login and refactor tests to typescript ([d9a25df](https://github.com/ory/kratos/commit/d9a25df1ba34cbefd416dccfdb2f5fc93e0290b9)) -* **e2e:** Add SPA tests for logout and refactor tests to typescript ([b0c6776](https://github.com/ory/kratos/commit/b0c67769e4afcdbc05d2c1966e38faa18404a5db)) -* **e2e:** Add SPA tests for registration and refactor tests to typescript ([a61ed1e](https://github.com/ory/kratos/commit/a61ed1edb41df64f58e23f8c88894fb742fd275d)) -* **e2e:** Add support functions and type definitions ([c82d68d](https://github.com/ory/kratos/commit/c82d68db36563b16623a63be9efaf6b25322f855)) -* **e2e:** Clean up helper ([4806add](https://github.com/ory/kratos/commit/4806add17a5dd0ea8c8fded644a6c240b17861b3)) -* **e2e:** Complete SPA tests for all mfa flows ([2196129](https://github.com/ory/kratos/commit/219612903bd4dce208e2074e4595980c1cb60711)) -* **e2e:** Default and empty values and required fields ([72f2c5f](https://github.com/ory/kratos/commit/72f2c5fbd8227e19d62f26aeddfb1bd14d7c768b)) -* **e2e:** Ensure advanced types work in forms also ([287269c](https://github.com/ory/kratos/commit/287269c9992390b52ff380b31eda3bb7ad205f09)) -* **e2e:** Ensure correct app ([a9ff545](https://github.com/ory/kratos/commit/a9ff5457cb48a90668b62e54d0b08cb1e9108994)) -* **e2e:** Finalize mobile tests ([acf5c3d](https://github.com/ory/kratos/commit/acf5c3d649e51edfd9e1e3755222d9c7161a92e7)) -* **e2e:** Force port ([a49eda8](https://github.com/ory/kratos/commit/a49eda8e0405954d62058d8c1410a62f72bfb7ae)) -* **e2e:** Homogenize profiles ([7798e19](https://github.com/ory/kratos/commit/7798e193aa3cce0347e5ca018e09685b6fda0ba2)) -* **e2e:** Hot reload ory kratos on changes ([841da09](https://github.com/ory/kratos/commit/841da091689f9a3fceb5509490d7a2f4828b926f)) -* **e2e:** Implement recovery tests for SPA ([3dea57f](https://github.com/ory/kratos/commit/3dea57ff986702b9a31621198794e1cc94e4881e)) -* **e2e:** Implement required verification tests for SPA ([fb55f34](https://github.com/ory/kratos/commit/fb55f3475f25ab3aa6f7b1765ec5b9f13ef72b15)) -* **e2e:** Improve stability for login tests ([43df22b](https://github.com/ory/kratos/commit/43df22bdd52305b2b5d98a0db1c09751bd3ebb4f)) -* **e2e:** Improve stability for registration tests ([a1c59a3](https://github.com/ory/kratos/commit/a1c59a349cab3819e5f869dc89eba3c05100f1b8)) -* **e2e:** Improve test reliability ([061a7e3](https://github.com/ory/kratos/commit/061a7e340c86b580abde02de3cb521dda7c23efb)) -* **e2e:** Migrate email tests to new proxy set up ([54d8cd6](https://github.com/ory/kratos/commit/54d8cd65b8b19f7a643bf9d4060906b818fc91d6)) -* **e2e:** Migrate settings tests to typescript and add SPA tests ([566336d](https://github.com/ory/kratos/commit/566336d910f0b3deb4675e1413bfd0182bde6a79)) -* **e2e:** Move config to lower level and publish as package ([c21fa26](https://github.com/ory/kratos/commit/c21fa2688e560bb9c714d2078dbc9a72a1da125f)) -* **e2e:** Move registration tests to new proxy set up ([eddeb85](https://github.com/ory/kratos/commit/eddeb8510ca4cb13d0644d7083d436778828d0bd)) -* **e2e:** Port mobile test to typescript ([db42346](https://github.com/ory/kratos/commit/db4234694723b7dc965c9e2cf4ba792bad0374e9)) -* **e2e:** Port remaining e2e tests to typescript ([5853d1a](https://github.com/ory/kratos/commit/5853d1a64b3f7b20af79cc6ebbc381de0d213139)) -* **e2e:** Potentially resolve flaky login test ([e237d66](https://github.com/ory/kratos/commit/e237d66adbc3cce972d8e4689a88d02b9a925354)) -* **e2e:** Potentially resolve webauthn startup issues ([eae6f5d](https://github.com/ory/kratos/commit/eae6f5d1e9dc08dc8f7152a9c441e029dd4351f3)) -* **e2e:** Prototype typescript implementation ([2e869cf](https://github.com/ory/kratos/commit/2e869cff7b1cb87e15013a86b54fda16a01e0267)) -* **e2e:** Recreate identities per flow ([1a560a3](https://github.com/ory/kratos/commit/1a560a37c13240d9ae16d34188a6221f589ebbbc)) -* **e2e:** Reduce flaky tests ([cae86e7](https://github.com/ory/kratos/commit/cae86e7f6a4fcc9e1433b9c063efe3745273f2dc)) -* **e2e:** Reduce test flakes in lookup codes ([bfea354](https://github.com/ory/kratos/commit/bfea354f45858e5be0a588840f6e8125819a244c)) -* **e2e:** Refactor and add support for SPA app ([7609219](https://github.com/ory/kratos/commit/7609219448effde35844675533e71583babe1d14)) -* **e2e:** Remove wait condition ([af10b03](https://github.com/ory/kratos/commit/af10b03ebca03cdb5654c116efbd3c23b47c7594)) -* **e2e:** Resolve broken test ([c7cf134](https://github.com/ory/kratos/commit/c7cf134fbfbbb59b276aa00d02bbad3886f78dee)) -* **e2e:** Resolve flaky test ([de7cc59](https://github.com/ory/kratos/commit/de7cc59f07a6b77e3bbf3d98a7b2104b60ce708c)) -* **e2e:** Resolve flaky test issues ([1627745](https://github.com/ory/kratos/commit/162774567d44336c8999ee0c1362adb191855d0c)) -* **e2e:** Resolve next not starting ([2a2a3cb](https://github.com/ory/kratos/commit/2a2a3cb016e820f651f3cf6cd33123672e5977cb)) -* **e2e:** Resolve regression ([d62f0c0](https://github.com/ory/kratos/commit/d62f0c02315702f55b998d4c48d4ca8c6a41827f)) -* **e2e:** Resolve regressions ([aaff34e](https://github.com/ory/kratos/commit/aaff34ed66165f787103292ac0a034a0cdaf1308)) -* **e2e:** Resolve regressions ([af9aedc](https://github.com/ory/kratos/commit/af9aedc8d29678f480b1b6bad128aefbacd6a373)) -* **e2e:** Revert proxy changes ([293d920](https://github.com/ory/kratos/commit/293d92084a7614ae0cd7d5326dc82a209a0841be)) -* **e2e:** Stabilize e2e tests ([a5dca28](https://github.com/ory/kratos/commit/a5dca2839ef66217b0046262a7e1fc886276509f)) -* **e2e:** Temporarily add totp to default profile ([8ffac9d](https://github.com/ory/kratos/commit/8ffac9d138656eb2322913992b350cea31ed7e87)) -* **e2e:** Update e2e profiles to new proxy set up ([a3204cf](https://github.com/ory/kratos/commit/a3204cf9b85e274441c02592288a4f322481e894)) -* **e2e:** Use 127.0.0.1 to prevent ipv6 issues ([6f4b534](https://github.com/ory/kratos/commit/6f4b5340d33b31a5e4582858b544beb9c82181c7)) -* **e2e:** Wait for oidc to trigger ([9c67c49](https://github.com/ory/kratos/commit/9c67c49235a562430da7ae60426d60cfd6120fca)) -* Enable cookie debug ([81c3064](https://github.com/ory/kratos/commit/81c3064d69f8a233b8e0b78e103f2a23ae63cb63)) -* Ensure aal and amr is set on recovery ([5cbab54](https://github.com/ory/kratos/commit/5cbab54fe5780689f0b64700567ac4632eb04c0b)), closes [#1322](https://github.com/ory/kratos/issues/1322) -* Ensure aal2 can not be used for oidc ([cbbcdd2](https://github.com/ory/kratos/commit/cbbcdd2e86c2d4da14c478637105eb8a36ae06c0)) -* Ensure aal2 can not be used for password ([d9d39f0](https://github.com/ory/kratos/commit/d9d39f0bdda0725989a0a8261a449cf1a71afb6b)) -* Ensure authenticated_at after all upgrade ([80408b4](https://github.com/ory/kratos/commit/80408b4c90229c61138411be8534fc577b8f0f33)) -* Ensure redirect_url in password strategy ([9eafc10](https://github.com/ory/kratos/commit/9eafc10189ca88724fa6d75748299c2dd2c470b1)) -* ErrStrategyAsksToReturnToUI behavior ([f739018](https://github.com/ory/kratos/commit/f7390184b02d526bb6e3ff496abc4522afc39d5a)) -* Finalize webauthn tests ([97e59e6](https://github.com/ory/kratos/commit/97e59e61ee8be263199c3749e27dd81344777166)) -* Fix regressions in the tests ([246c580](https://github.com/ory/kratos/commit/246c580222acd193eea784a6cbfd1e75181a484f)) -* Fix tests in cmd/serve ([#1755](https://github.com/ory/kratos/issues/1755)) ([b704d08](https://github.com/ory/kratos/commit/b704d08382a9059157c2a649872e88943d66a99f)) -* ID methods of node attributes ([ff9ff04](https://github.com/ory/kratos/commit/ff9ff048ddfa13ae73571064a36b33a867727392)) -* Login form submission with AAL ([4d54fbb](https://github.com/ory/kratos/commit/4d54fbb37349126418274de8e21473c2ff81f785)) -* **lookup:** Add secret_disable to snapshots ([68d6a87](https://github.com/ory/kratos/commit/68d6a876a4f1a0fd74789798397bd325a68d71d6)) -* **lookup:** Ensure context is cleaned up after use ([8a210c4](https://github.com/ory/kratos/commit/8a210c41696d1865cce4c589a7cb3e52283fe24d)) -* **lookup:** Refresh and reuse scenarios ([89736ed](https://github.com/ory/kratos/commit/89736ed9ba8667314313ca549a6377faddcc3d80)) -* **migration:** Resolve mysql migration issue with empty array ([71a5649](https://github.com/ory/kratos/commit/71a5649a52036e29b351b6b4ee220ec7ce3aed05)) -* Move to cupaloy for snapshots ([0cce70f](https://github.com/ory/kratos/commit/0cce70f47712da44d891c6d2890e818da6d9971b)) -* Properly refresh mobile session ([c31915d](https://github.com/ory/kratos/commit/c31915de32e4b3db4af8ca8f3b5ecb0adf01a510)) -* Registry regression ([25c88b5](https://github.com/ory/kratos/commit/25c88b55577b016aa77d2df3c595410633d0eefe)) -* Remove todo items ([f60050e](https://github.com/ory/kratos/commit/f60050e0e30b1bf5441c95ada5777743719d65f1)) -* Resolve flaky config test ([147c670](https://github.com/ory/kratos/commit/147c6704a9d38b5687eb8aba5661f24f99e577e3)) -* Resolve flaky config test ([#1832](https://github.com/ory/kratos/issues/1832)) ([db98d01](https://github.com/ory/kratos/commit/db98d010639bfc387ef927c4f80ff6cd0ebc9588)) -* Resolve flaky example tests ([#1817](https://github.com/ory/kratos/issues/1817)) ([0e700d8](https://github.com/ory/kratos/commit/0e700d89c0aaa99b9eec7ce070b7974373377f03)) -* Resolve flaky tests ([2bd9100](https://github.com/ory/kratos/commit/2bd910037efd20ab1829784ee087c533e5e8b177)) -* Resolve migratest regressions ([e9a1ed1](https://github.com/ory/kratos/commit/e9a1ed188a8f2556e1f60d1c171506dc0dd931d4)) -* Resolve regressions ([1502ca1](https://github.com/ory/kratos/commit/1502ca1eb6c2e7ab698dc94675a50db63c326a41)) -* Resolve regressions ([1a93b2f](https://github.com/ory/kratos/commit/1a93b2fba1fc41a6ba314253387af9770fd36f5a)) -* Resolve regressions ([64850ed](https://github.com/ory/kratos/commit/64850ed3277185ebf68b50449721c903c01eab89)) -* Resolve remaining regressions ([f02804c](https://github.com/ory/kratos/commit/f02804c567a532a30eaa228b0ba784b7f7fb0d9a)) -* Resolve remaining regressions ([0224c22](https://github.com/ory/kratos/commit/0224c22ebda566c69363ae09dea9d42368c86f48)) -* Resolve remaining regressions ([1fa2aa5](https://github.com/ory/kratos/commit/1fa2aa5b60d0b81e2035ae18c60d199b060a4c1f)) -* Resolve time locality issues ([53b8b2a](https://github.com/ory/kratos/commit/53b8b2a22e5bad12dabf90c7bcbaf05b13a73a55)) -* Restructure session struct tests ([50d3f66](https://github.com/ory/kratos/commit/50d3f66f82cb4e85a213fd86dc20bfadafefae23)) -* Session AAL handling ([6fea3e5](https://github.com/ory/kratos/commit/6fea3e5aec6556697092c9a9d12295ed7e4d408b)) -* Session activate ([c86fa03](https://github.com/ory/kratos/commit/c86fa03d3b2390403dcb14ef93307adc61ac7c79)) -* **sql:** Fix incorrect UUID ([ea2894e](https://github.com/ory/kratos/commit/ea2894ed0f12de011fd5ce304dd614579ea5e96c)) -* Temporarily enable lookup globally ([458f559](https://github.com/ory/kratos/commit/458f559ec816e64c6c9f53ecacdb4ae30fc9f8f7)) -* **totp:** Ensure context is cleaned up after use ([1905883](https://github.com/ory/kratos/commit/19058830c0541f717360d3f599760b2a5cf47c4e)) -* Upgrade cypress to 8.x ([c8a1dfc](https://github.com/ory/kratos/commit/c8a1dfcae3d42555b1215ad7eaa03a521bdcb1da)) -* Use different return handler ([e489a43](https://github.com/ory/kratos/commit/e489a439e56dcd4218cf81284beaca0ef2ecd35e)) -* Various aal combinations for newflow ([b095b99](https://github.com/ory/kratos/commit/b095b990224cbbd5ffa272b8f443b3345634d353)) -* Webauth settings flow ([4c82772](https://github.com/ory/kratos/commit/4c82772ae28643ce69a5778c37f3c67644ef6f4c)) -* Webauthn aal2 login ([60ace8b](https://github.com/ory/kratos/commit/60ace8b36c033ac4f9cd7e8cd929921e2e882946)) -* Webauthn credentials ([c3e1184](https://github.com/ory/kratos/commit/c3e1184e719cd2041df8894edd4bd921bf2c3b00)) -* Webauthn credentials counter ([f7701f6](https://github.com/ory/kratos/commit/f7701f629d5553e229546b00d3c345a8d74dd627)) -* **webauthn:** Ensure context is cleaned up after use ([7a8055b](https://github.com/ory/kratos/commit/7a8055be357a64a1f4074fe28b249fbaf05cf519)) +- Aal in login.NewFlow + ([5986e38](https://github.com/ory/kratos/commit/5986e38e6ab9eec1761e4c723c807dc0ef2a3dfa)) +- AcceptToRedirectOrJSON + ([2ca153f](https://github.com/ory/kratos/commit/2ca153f027599c18583ce0ebacb5ed577b56ddf3)) +- Add credentials test + ([58b388c](https://github.com/ory/kratos/commit/58b388c70d5ff32822e8ac5f3a394e683273ac6a)) +- Add expired test to login handler + ([3bdb8ab](https://github.com/ory/kratos/commit/3bdb8abb558c0f8c4b33f712678f5da02d0ef4ee)) +- Add identity change test to settings submit + ([5eb090b](https://github.com/ory/kratos/commit/5eb090b2564192deb77e64dd74a07b96c381391d)) +- Add initial spa e2e test + ([20617f6](https://github.com/ory/kratos/commit/20617f628ac84981c3b47ce9e9ab193b8ff426d0)) +- Add initial totp integration tests + ([c9d456b](https://github.com/ory/kratos/commit/c9d456bf03cb33baf0745fe9a511f84b4c9427e3)) +- Add login tests + ([a71cadd](https://github.com/ory/kratos/commit/a71cadde91bdaf960caf30dcfa957a2646da86a2)) +- Add migrations tests for new tables + ([3c96ab0](https://github.com/ory/kratos/commit/3c96ab059af9bf6002b341c5db51d1b3ca5da655)) +- Add react app to e2e tests + ([1214eee](https://github.com/ory/kratos/commit/1214eeee24b06e6e72c55cfed2176860ecbf3c13)) +- Add schema test for totp config + ([c4f05ba](https://github.com/ory/kratos/commit/c4f05ba60af1d7ca31b4cf54097cbefa88085704)) +- Add session amr test + ([eedb60b](https://github.com/ory/kratos/commit/eedb60bec9bebfb0a4ffb67dd484d2e6b466e776)) +- Add settings tests + ([6959565](https://github.com/ory/kratos/commit/6959565212dc5e7296aad7f1365a944379dd5d6d)) +- Add test for TOTPIssuer + ([14731c4](https://github.com/ory/kratos/commit/14731c4e7809c2202c9298422c005358b7b26fc3)) +- Add test for ui error page + ([3977a9c](https://github.com/ory/kratos/commit/3977a9c4d6f98ef6d8f7f4c88d55b46579401ba8)) +- Add TestEnsureInternalContext + ([152bfc7](https://github.com/ory/kratos/commit/152bfc7294078081ca9f8fc6dd194db6d2e699ad)) +- Add totp registry tests + ([817e3ec](https://github.com/ory/kratos/commit/817e3ecb213454e4ce3f987ce8a8714301ee8165)) +- Add totp settings tests + ([c5a0d0f](https://github.com/ory/kratos/commit/c5a0d0f8435690786eaf719bb1376f7da15a6203)) +- Add TOTP to profile + ([7431e9f](https://github.com/ory/kratos/commit/7431e9fcf4e9c9853ec4d378221c7a3744b3b239)) +- Add update session test + ([47bd057](https://github.com/ory/kratos/commit/47bd057da0fbf849d643c27c6eb75ef09c5075fb)) +- Additional checks for flow hydration + ([a40d7fe](https://github.com/ory/kratos/commit/a40d7fe4340ff61c3fa9ac0a70dc5f7e4641a15e)) +- Amr persistence + ([b0b2d81](https://github.com/ory/kratos/commit/b0b2d8174ca46e066e8eb912a24d9e6efeea0ce8)) +- Check if internal context is validated in store + ([a23d851](https://github.com/ory/kratos/commit/a23d8518fc65f645cae9c196ff70df4efca67266)) +- CheckAAL + ([03b37e7](https://github.com/ory/kratos/commit/03b37e7675e369817d2bb226047ec9f26b18a456)) +- Complete TOTP login integration tests + ([6e503cf](https://github.com/ory/kratos/commit/6e503cff28428e707b3812cd2bf8e44ccc487b89)) +- **e2e:** Add baseurl + ([159b25f](https://github.com/ory/kratos/commit/159b25f7ab0ac659033d861868f472183b852167)) +- **e2e:** Add checkboxes to schemas + ([0c91f0c](https://github.com/ory/kratos/commit/0c91f0c89081726e7451d5411a6adeb631ae2edb)) +- **e2e:** Add config for proxy to simplify cy.visit logic + ([7d87985](https://github.com/ory/kratos/commit/7d8798560947227d64a35d2dd69623bc1a1ddc8f)) +- **e2e:** Add mfa profile + ([a60d157](https://github.com/ory/kratos/commit/a60d157bfeb79cb527bf73b3fc38e1ba5388cbed)) +- **e2e:** Add modd to build + ([48cd8ae](https://github.com/ory/kratos/commit/48cd8aeb851d02e2fd31e73e044befb45242e953)) +- **e2e:** Add more helpers and ts defs + ([21b35b0](https://github.com/ory/kratos/commit/21b35b025a21b1f6ab3ac8be79339f1734b3033a)) +- **e2e:** Add more helpers for various flows and proxy settings + ([755ac60](https://github.com/ory/kratos/commit/755ac60cb1a54cd188ab07d9448598d738c5e866)) +- **e2e:** Add more routes to registry + ([30423c9](https://github.com/ory/kratos/commit/30423c92ba27709e003e88e58072b78ef3e2aa04)) +- **e2e:** Add more typings for cypress helpers + ([60bd63f](https://github.com/ory/kratos/commit/60bd63f31d6b639af19048cc3d1e392b885213e0)) +- **e2e:** Add plugin for using got + ([8fafc40](https://github.com/ory/kratos/commit/8fafc40dff8a0d9d5d678b59ecf4c13755906a4f)) +- **e2e:** Add proxy capabilities for react native app + ([b5668df](https://github.com/ory/kratos/commit/b5668df755e186f12c0e543715bc2e16011583a6)) +- **e2e:** Add recovery tests for SPA + ([b6014ee](https://github.com/ory/kratos/commit/b6014eee8b507abf6e3b4324097b3015f722cbe3)) +- **e2e:** Add spa as allowed redirect url + ([2625d16](https://github.com/ory/kratos/commit/2625d1689d47fb1cdbe34708be27f2317cdc7bea)) +- **e2e:** Add SPA tests for login and refactor tests to typescript + ([d9a25df](https://github.com/ory/kratos/commit/d9a25df1ba34cbefd416dccfdb2f5fc93e0290b9)) +- **e2e:** Add SPA tests for logout and refactor tests to typescript + ([b0c6776](https://github.com/ory/kratos/commit/b0c67769e4afcdbc05d2c1966e38faa18404a5db)) +- **e2e:** Add SPA tests for registration and refactor tests to typescript + ([a61ed1e](https://github.com/ory/kratos/commit/a61ed1edb41df64f58e23f8c88894fb742fd275d)) +- **e2e:** Add support functions and type definitions + ([c82d68d](https://github.com/ory/kratos/commit/c82d68db36563b16623a63be9efaf6b25322f855)) +- **e2e:** Clean up helper + ([4806add](https://github.com/ory/kratos/commit/4806add17a5dd0ea8c8fded644a6c240b17861b3)) +- **e2e:** Complete SPA tests for all mfa flows + ([2196129](https://github.com/ory/kratos/commit/219612903bd4dce208e2074e4595980c1cb60711)) +- **e2e:** Default and empty values and required fields + ([72f2c5f](https://github.com/ory/kratos/commit/72f2c5fbd8227e19d62f26aeddfb1bd14d7c768b)) +- **e2e:** Ensure advanced types work in forms also + ([287269c](https://github.com/ory/kratos/commit/287269c9992390b52ff380b31eda3bb7ad205f09)) +- **e2e:** Ensure correct app + ([a9ff545](https://github.com/ory/kratos/commit/a9ff5457cb48a90668b62e54d0b08cb1e9108994)) +- **e2e:** Finalize mobile tests + ([acf5c3d](https://github.com/ory/kratos/commit/acf5c3d649e51edfd9e1e3755222d9c7161a92e7)) +- **e2e:** Force port + ([a49eda8](https://github.com/ory/kratos/commit/a49eda8e0405954d62058d8c1410a62f72bfb7ae)) +- **e2e:** Homogenize profiles + ([7798e19](https://github.com/ory/kratos/commit/7798e193aa3cce0347e5ca018e09685b6fda0ba2)) +- **e2e:** Hot reload ory kratos on changes + ([841da09](https://github.com/ory/kratos/commit/841da091689f9a3fceb5509490d7a2f4828b926f)) +- **e2e:** Implement recovery tests for SPA + ([3dea57f](https://github.com/ory/kratos/commit/3dea57ff986702b9a31621198794e1cc94e4881e)) +- **e2e:** Implement required verification tests for SPA + ([fb55f34](https://github.com/ory/kratos/commit/fb55f3475f25ab3aa6f7b1765ec5b9f13ef72b15)) +- **e2e:** Improve stability for login tests + ([43df22b](https://github.com/ory/kratos/commit/43df22bdd52305b2b5d98a0db1c09751bd3ebb4f)) +- **e2e:** Improve stability for registration tests + ([a1c59a3](https://github.com/ory/kratos/commit/a1c59a349cab3819e5f869dc89eba3c05100f1b8)) +- **e2e:** Improve test reliability + ([061a7e3](https://github.com/ory/kratos/commit/061a7e340c86b580abde02de3cb521dda7c23efb)) +- **e2e:** Migrate email tests to new proxy set up + ([54d8cd6](https://github.com/ory/kratos/commit/54d8cd65b8b19f7a643bf9d4060906b818fc91d6)) +- **e2e:** Migrate settings tests to typescript and add SPA tests + ([566336d](https://github.com/ory/kratos/commit/566336d910f0b3deb4675e1413bfd0182bde6a79)) +- **e2e:** Move config to lower level and publish as package + ([c21fa26](https://github.com/ory/kratos/commit/c21fa2688e560bb9c714d2078dbc9a72a1da125f)) +- **e2e:** Move registration tests to new proxy set up + ([eddeb85](https://github.com/ory/kratos/commit/eddeb8510ca4cb13d0644d7083d436778828d0bd)) +- **e2e:** Port mobile test to typescript + ([db42346](https://github.com/ory/kratos/commit/db4234694723b7dc965c9e2cf4ba792bad0374e9)) +- **e2e:** Port remaining e2e tests to typescript + ([5853d1a](https://github.com/ory/kratos/commit/5853d1a64b3f7b20af79cc6ebbc381de0d213139)) +- **e2e:** Potentially resolve flaky login test + ([e237d66](https://github.com/ory/kratos/commit/e237d66adbc3cce972d8e4689a88d02b9a925354)) +- **e2e:** Potentially resolve webauthn startup issues + ([eae6f5d](https://github.com/ory/kratos/commit/eae6f5d1e9dc08dc8f7152a9c441e029dd4351f3)) +- **e2e:** Prototype typescript implementation + ([2e869cf](https://github.com/ory/kratos/commit/2e869cff7b1cb87e15013a86b54fda16a01e0267)) +- **e2e:** Recreate identities per flow + ([1a560a3](https://github.com/ory/kratos/commit/1a560a37c13240d9ae16d34188a6221f589ebbbc)) +- **e2e:** Reduce flaky tests + ([cae86e7](https://github.com/ory/kratos/commit/cae86e7f6a4fcc9e1433b9c063efe3745273f2dc)) +- **e2e:** Reduce test flakes in lookup codes + ([bfea354](https://github.com/ory/kratos/commit/bfea354f45858e5be0a588840f6e8125819a244c)) +- **e2e:** Refactor and add support for SPA app + ([7609219](https://github.com/ory/kratos/commit/7609219448effde35844675533e71583babe1d14)) +- **e2e:** Remove wait condition + ([af10b03](https://github.com/ory/kratos/commit/af10b03ebca03cdb5654c116efbd3c23b47c7594)) +- **e2e:** Resolve broken test + ([c7cf134](https://github.com/ory/kratos/commit/c7cf134fbfbbb59b276aa00d02bbad3886f78dee)) +- **e2e:** Resolve flaky test + ([de7cc59](https://github.com/ory/kratos/commit/de7cc59f07a6b77e3bbf3d98a7b2104b60ce708c)) +- **e2e:** Resolve flaky test issues + ([1627745](https://github.com/ory/kratos/commit/162774567d44336c8999ee0c1362adb191855d0c)) +- **e2e:** Resolve next not starting + ([2a2a3cb](https://github.com/ory/kratos/commit/2a2a3cb016e820f651f3cf6cd33123672e5977cb)) +- **e2e:** Resolve regression + ([d62f0c0](https://github.com/ory/kratos/commit/d62f0c02315702f55b998d4c48d4ca8c6a41827f)) +- **e2e:** Resolve regressions + ([aaff34e](https://github.com/ory/kratos/commit/aaff34ed66165f787103292ac0a034a0cdaf1308)) +- **e2e:** Resolve regressions + ([af9aedc](https://github.com/ory/kratos/commit/af9aedc8d29678f480b1b6bad128aefbacd6a373)) +- **e2e:** Revert proxy changes + ([293d920](https://github.com/ory/kratos/commit/293d92084a7614ae0cd7d5326dc82a209a0841be)) +- **e2e:** Stabilize e2e tests + ([a5dca28](https://github.com/ory/kratos/commit/a5dca2839ef66217b0046262a7e1fc886276509f)) +- **e2e:** Temporarily add totp to default profile + ([8ffac9d](https://github.com/ory/kratos/commit/8ffac9d138656eb2322913992b350cea31ed7e87)) +- **e2e:** Update e2e profiles to new proxy set up + ([a3204cf](https://github.com/ory/kratos/commit/a3204cf9b85e274441c02592288a4f322481e894)) +- **e2e:** Use 127.0.0.1 to prevent ipv6 issues + ([6f4b534](https://github.com/ory/kratos/commit/6f4b5340d33b31a5e4582858b544beb9c82181c7)) +- **e2e:** Wait for oidc to trigger + ([9c67c49](https://github.com/ory/kratos/commit/9c67c49235a562430da7ae60426d60cfd6120fca)) +- Enable cookie debug + ([81c3064](https://github.com/ory/kratos/commit/81c3064d69f8a233b8e0b78e103f2a23ae63cb63)) +- Ensure aal and amr is set on recovery + ([5cbab54](https://github.com/ory/kratos/commit/5cbab54fe5780689f0b64700567ac4632eb04c0b)), + closes [#1322](https://github.com/ory/kratos/issues/1322) +- Ensure aal2 can not be used for oidc + ([cbbcdd2](https://github.com/ory/kratos/commit/cbbcdd2e86c2d4da14c478637105eb8a36ae06c0)) +- Ensure aal2 can not be used for password + ([d9d39f0](https://github.com/ory/kratos/commit/d9d39f0bdda0725989a0a8261a449cf1a71afb6b)) +- Ensure authenticated_at after all upgrade + ([80408b4](https://github.com/ory/kratos/commit/80408b4c90229c61138411be8534fc577b8f0f33)) +- Ensure redirect_url in password strategy + ([9eafc10](https://github.com/ory/kratos/commit/9eafc10189ca88724fa6d75748299c2dd2c470b1)) +- ErrStrategyAsksToReturnToUI behavior + ([f739018](https://github.com/ory/kratos/commit/f7390184b02d526bb6e3ff496abc4522afc39d5a)) +- Finalize webauthn tests + ([97e59e6](https://github.com/ory/kratos/commit/97e59e61ee8be263199c3749e27dd81344777166)) +- Fix regressions in the tests + ([246c580](https://github.com/ory/kratos/commit/246c580222acd193eea784a6cbfd1e75181a484f)) +- Fix tests in cmd/serve ([#1755](https://github.com/ory/kratos/issues/1755)) + ([b704d08](https://github.com/ory/kratos/commit/b704d08382a9059157c2a649872e88943d66a99f)) +- ID methods of node attributes + ([ff9ff04](https://github.com/ory/kratos/commit/ff9ff048ddfa13ae73571064a36b33a867727392)) +- Login form submission with AAL + ([4d54fbb](https://github.com/ory/kratos/commit/4d54fbb37349126418274de8e21473c2ff81f785)) +- **lookup:** Add secret_disable to snapshots + ([68d6a87](https://github.com/ory/kratos/commit/68d6a876a4f1a0fd74789798397bd325a68d71d6)) +- **lookup:** Ensure context is cleaned up after use + ([8a210c4](https://github.com/ory/kratos/commit/8a210c41696d1865cce4c589a7cb3e52283fe24d)) +- **lookup:** Refresh and reuse scenarios + ([89736ed](https://github.com/ory/kratos/commit/89736ed9ba8667314313ca549a6377faddcc3d80)) +- **migration:** Resolve mysql migration issue with empty array + ([71a5649](https://github.com/ory/kratos/commit/71a5649a52036e29b351b6b4ee220ec7ce3aed05)) +- Move to cupaloy for snapshots + ([0cce70f](https://github.com/ory/kratos/commit/0cce70f47712da44d891c6d2890e818da6d9971b)) +- Properly refresh mobile session + ([c31915d](https://github.com/ory/kratos/commit/c31915de32e4b3db4af8ca8f3b5ecb0adf01a510)) +- Registry regression + ([25c88b5](https://github.com/ory/kratos/commit/25c88b55577b016aa77d2df3c595410633d0eefe)) +- Remove todo items + ([f60050e](https://github.com/ory/kratos/commit/f60050e0e30b1bf5441c95ada5777743719d65f1)) +- Resolve flaky config test + ([147c670](https://github.com/ory/kratos/commit/147c6704a9d38b5687eb8aba5661f24f99e577e3)) +- Resolve flaky config test ([#1832](https://github.com/ory/kratos/issues/1832)) + ([db98d01](https://github.com/ory/kratos/commit/db98d010639bfc387ef927c4f80ff6cd0ebc9588)) +- Resolve flaky example tests + ([#1817](https://github.com/ory/kratos/issues/1817)) + ([0e700d8](https://github.com/ory/kratos/commit/0e700d89c0aaa99b9eec7ce070b7974373377f03)) +- Resolve flaky tests + ([2bd9100](https://github.com/ory/kratos/commit/2bd910037efd20ab1829784ee087c533e5e8b177)) +- Resolve migratest regressions + ([e9a1ed1](https://github.com/ory/kratos/commit/e9a1ed188a8f2556e1f60d1c171506dc0dd931d4)) +- Resolve regressions + ([1502ca1](https://github.com/ory/kratos/commit/1502ca1eb6c2e7ab698dc94675a50db63c326a41)) +- Resolve regressions + ([1a93b2f](https://github.com/ory/kratos/commit/1a93b2fba1fc41a6ba314253387af9770fd36f5a)) +- Resolve regressions + ([64850ed](https://github.com/ory/kratos/commit/64850ed3277185ebf68b50449721c903c01eab89)) +- Resolve remaining regressions + ([f02804c](https://github.com/ory/kratos/commit/f02804c567a532a30eaa228b0ba784b7f7fb0d9a)) +- Resolve remaining regressions + ([0224c22](https://github.com/ory/kratos/commit/0224c22ebda566c69363ae09dea9d42368c86f48)) +- Resolve remaining regressions + ([1fa2aa5](https://github.com/ory/kratos/commit/1fa2aa5b60d0b81e2035ae18c60d199b060a4c1f)) +- Resolve time locality issues + ([53b8b2a](https://github.com/ory/kratos/commit/53b8b2a22e5bad12dabf90c7bcbaf05b13a73a55)) +- Restructure session struct tests + ([50d3f66](https://github.com/ory/kratos/commit/50d3f66f82cb4e85a213fd86dc20bfadafefae23)) +- Session AAL handling + ([6fea3e5](https://github.com/ory/kratos/commit/6fea3e5aec6556697092c9a9d12295ed7e4d408b)) +- Session activate + ([c86fa03](https://github.com/ory/kratos/commit/c86fa03d3b2390403dcb14ef93307adc61ac7c79)) +- **sql:** Fix incorrect UUID + ([ea2894e](https://github.com/ory/kratos/commit/ea2894ed0f12de011fd5ce304dd614579ea5e96c)) +- Temporarily enable lookup globally + ([458f559](https://github.com/ory/kratos/commit/458f559ec816e64c6c9f53ecacdb4ae30fc9f8f7)) +- **totp:** Ensure context is cleaned up after use + ([1905883](https://github.com/ory/kratos/commit/19058830c0541f717360d3f599760b2a5cf47c4e)) +- Upgrade cypress to 8.x + ([c8a1dfc](https://github.com/ory/kratos/commit/c8a1dfcae3d42555b1215ad7eaa03a521bdcb1da)) +- Use different return handler + ([e489a43](https://github.com/ory/kratos/commit/e489a439e56dcd4218cf81284beaca0ef2ecd35e)) +- Various aal combinations for newflow + ([b095b99](https://github.com/ory/kratos/commit/b095b990224cbbd5ffa272b8f443b3345634d353)) +- Webauth settings flow + ([4c82772](https://github.com/ory/kratos/commit/4c82772ae28643ce69a5778c37f3c67644ef6f4c)) +- Webauthn aal2 login + ([60ace8b](https://github.com/ory/kratos/commit/60ace8b36c033ac4f9cd7e8cd929921e2e882946)) +- Webauthn credentials + ([c3e1184](https://github.com/ory/kratos/commit/c3e1184e719cd2041df8894edd4bd921bf2c3b00)) +- Webauthn credentials counter + ([f7701f6](https://github.com/ory/kratos/commit/f7701f629d5553e229546b00d3c345a8d74dd627)) +- **webauthn:** Ensure context is cleaned up after use + ([7a8055b](https://github.com/ory/kratos/commit/7a8055be357a64a1f4074fe28b249fbaf05cf519)) ### Unclassified -* test(e2e) improve reliability ([763dd00](https://github.com/ory/kratos/commit/763dd0063f3166fad323b25a1b0e7bdf9850e519)) -* Correct session godoc ([7108e65](https://github.com/ory/kratos/commit/7108e65447c37cc6f2937083a2a61442e0a43cb8)) - +- test(e2e) improve reliability + ([763dd00](https://github.com/ory/kratos/commit/763dd0063f3166fad323b25a1b0e7bdf9850e519)) +- Correct session godoc + ([7108e65](https://github.com/ory/kratos/commit/7108e65447c37cc6f2937083a2a61442e0a43cb8)) # [0.7.6-alpha.1](https://github.com/ory/kratos/compare/v0.7.5-alpha.1...v0.7.6-alpha.1) (2021-09-12) Resolves further issues in the SDK and release pipeline. - - - - ### Code Generation -* Pin v0.7.6-alpha.1 release commit ([8b0d1ee](https://github.com/ory/kratos/commit/8b0d1ee66f1ee2b9f37cd178ac2bcbd8980d6f1d)) - +- Pin v0.7.6-alpha.1 release commit + ([8b0d1ee](https://github.com/ory/kratos/commit/8b0d1ee66f1ee2b9f37cd178ac2bcbd8980d6f1d)) # [0.7.5-alpha.1](https://github.com/ory/kratos/compare/v0.7.4-alpha.1...v0.7.5-alpha.1) (2021-09-11) Primarily resolves issues in the SDK pipeline. - - - - ### Code Generation -* Pin v0.7.5-alpha.1 release commit ([3a741a5](https://github.com/ory/kratos/commit/3a741a5ed5cff78e0e060bc98f8526537e8719d7)) - +- Pin v0.7.5-alpha.1 release commit + ([3a741a5](https://github.com/ory/kratos/commit/3a741a5ed5cff78e0e060bc98f8526537e8719d7)) # [0.7.4-alpha.1](https://github.com/ory/kratos/compare/v0.7.3-alpha.1...v0.7.4-alpha.1) (2021-09-09) -This release adds the GitHub-app provider, improves SQL instrumentation, resolves an expired flow bug, and resolves documentation issues. - - - - +This release adds the GitHub-app provider, improves SQL instrumentation, +resolves an expired flow bug, and resolves documentation issues. ### Bug Fixes -* Corret sdk annotations for enums ([6152363](https://github.com/ory/kratos/commit/6152363cda20992a9b894e618c3a438f30808a97)) -* Do not panic if cookiemanager returns a nil cookie ([6ea5678](https://github.com/ory/kratos/commit/6ea56785fa0354d8d9479a699304a4b933d6c294)), closes [#1695](https://github.com/ory/kratos/issues/1695) -* Respect return_to in expired flows ([#1697](https://github.com/ory/kratos/issues/1697)) ([394a8de](https://github.com/ory/kratos/commit/394a8de9c0cdd33df91d56008eac12510ff14e07)), closes [#1251](https://github.com/ory/kratos/issues/1251) +- Corret sdk annotations for enums + ([6152363](https://github.com/ory/kratos/commit/6152363cda20992a9b894e618c3a438f30808a97)) +- Do not panic if cookiemanager returns a nil cookie + ([6ea5678](https://github.com/ory/kratos/commit/6ea56785fa0354d8d9479a699304a4b933d6c294)), + closes [#1695](https://github.com/ory/kratos/issues/1695) +- Respect return_to in expired flows + ([#1697](https://github.com/ory/kratos/issues/1697)) + ([394a8de](https://github.com/ory/kratos/commit/394a8de9c0cdd33df91d56008eac12510ff14e07)), + closes [#1251](https://github.com/ory/kratos/issues/1251) ### Code Generation -* Pin v0.7.4-alpha.1 release commit ([67ff8a9](https://github.com/ory/kratos/commit/67ff8a947b5b339648aeb4c22aba89205c61382b)) +- Pin v0.7.4-alpha.1 release commit + ([67ff8a9](https://github.com/ory/kratos/commit/67ff8a947b5b339648aeb4c22aba89205c61382b)) ### Documentation -* Add e2e quickstart ([2b749d3](https://github.com/ory/kratos/commit/2b749d39fcb0d320d193290966a558ee2c5734d1)) -* Browser redirects ([#1700](https://github.com/ory/kratos/issues/1700)) ([a44089a](https://github.com/ory/kratos/commit/a44089a506f5ea9daa406fcb862ad707f569c2bb)) -* Mark logout_url always available ([9021805](https://github.com/ory/kratos/commit/9021805c4399beb73f234726f8f5f3bfd312482c)) -* Minor improvements ([#1707](https://github.com/ory/kratos/issues/1707)) ([79c132c](https://github.com/ory/kratos/commit/79c132c5a0737ea1632655d8aea0af63c4200d37)) +- Add e2e quickstart + ([2b749d3](https://github.com/ory/kratos/commit/2b749d39fcb0d320d193290966a558ee2c5734d1)) +- Browser redirects ([#1700](https://github.com/ory/kratos/issues/1700)) + ([a44089a](https://github.com/ory/kratos/commit/a44089a506f5ea9daa406fcb862ad707f569c2bb)) +- Mark logout_url always available + ([9021805](https://github.com/ory/kratos/commit/9021805c4399beb73f234726f8f5f3bfd312482c)) +- Minor improvements ([#1707](https://github.com/ory/kratos/issues/1707)) + ([79c132c](https://github.com/ory/kratos/commit/79c132c5a0737ea1632655d8aea0af63c4200d37)) ### Features -* Making use of the updated instrumentedsql version ([#1723](https://github.com/ory/kratos/issues/1723)) ([9e6fbdd](https://github.com/ory/kratos/commit/9e6fbdd06a75d7207b4801d1148267b3a1a0a0c7)) -* **oidc:** Github-app provider ([#1711](https://github.com/ory/kratos/issues/1711)) ([fb1fe8c](https://github.com/ory/kratos/commit/fb1fe8c468bb6f8275618b84c5fa157a314c345f)) +- Making use of the updated instrumentedsql version + ([#1723](https://github.com/ory/kratos/issues/1723)) + ([9e6fbdd](https://github.com/ory/kratos/commit/9e6fbdd06a75d7207b4801d1148267b3a1a0a0c7)) +- **oidc:** Github-app provider + ([#1711](https://github.com/ory/kratos/issues/1711)) + ([fb1fe8c](https://github.com/ory/kratos/commit/fb1fe8c468bb6f8275618b84c5fa157a314c345f)) ### Tests -* **session:** Resolve incorrect assertion ([0531220](https://github.com/ory/kratos/commit/05312203ab12eec44e59dcd9210160f2781a69b4)) - +- **session:** Resolve incorrect assertion + ([0531220](https://github.com/ory/kratos/commit/05312203ab12eec44e59dcd9210160f2781a69b4)) # [0.7.3-alpha.1](https://github.com/ory/kratos/compare/v0.7.1-alpha.1...v0.7.3-alpha.1) (2021-08-28) -This patch resolves a regression issue with Facebook login, a memory leak issue introduced by an external dependency, adds a "requires verification" login hook, and improves performance for some endpoints. - -Also, Ory Kratos SDKs are now published in individual [GitHub repositories for every language](https://github.com/ory?q=kratos-client). - - - +This patch resolves a regression issue with Facebook login, a memory leak issue +introduced by an external dependency, adds a "requires verification" login hook, +and improves performance for some endpoints. +Also, Ory Kratos SDKs are now published in individual +[GitHub repositories for every language](https://github.com/ory?q=kratos-client). ### Bug Fixes -* Add new message when refresh parameter is true ([#1560](https://github.com/ory/kratos/issues/1560)) ([0525623](https://github.com/ory/kratos/commit/05256232bf85d68e068eece6c883f46a447ba5bd)), closes [#1117](https://github.com/ory/kratos/issues/1117) -* Add session in spa registration if session cook is configured ([#1657](https://github.com/ory/kratos/issues/1657)) ([639a7dd](https://github.com/ory/kratos/commit/639a7dd52d43c57e9708ed3e7360c17d6efde6a5)), closes [#1604](https://github.com/ory/kratos/issues/1604) -* **docs:** Ensure config reference is updated ([f6b3aa4](https://github.com/ory/kratos/commit/f6b3aa45b1f39ca5e9ee7ef4cd96de1970b2ed71)), closes [#1597](https://github.com/ory/kratos/issues/1597) -* Facebook sign in regression ([#1689](https://github.com/ory/kratos/issues/1689)) ([85337bf](https://github.com/ory/kratos/commit/85337bf65af767d7296b14e8fd21bab5c64d23e2)), closes [#1687](https://github.com/ory/kratos/issues/1687) [#1686](https://github.com/ory/kratos/issues/1686) -* Http context memory leak ([b21bd22](https://github.com/ory/kratos/commit/b21bd224059e8a42da9814237572a118297c5210)): - - Ory Kratos was using `gorilla/sessions` prior to version v1.2 which had a dependency on `gorilla/context`, a deprecated library with known memory management issues. Even though we used `gorilla/context`'s clean up middleware, it appears that `r.Context()` was not properly cleaned up, causing memory leaks. - - On average, the memory leak is pretty small, but depending on what gets added to `r.Context()` it could significantly increase the memory leak. - - By replacing `gorilla/sessions` with v1.2.1 we: - - 1. Increased the HTTP API throughput by an estimate of 4 times; - 2. Brought average memory use back down to about 12MB; - - Closes https://github.com/ory-corp/cloud/issues/1292 - -* Outdated label ([#1681](https://github.com/ory/kratos/issues/1681)) ([149101e](https://github.com/ory/kratos/commit/149101ed145dae2b75e5150013efc478f5fd0cc3)) -* Register argon2 CLI commands properly ([#1592](https://github.com/ory/kratos/issues/1592)) ([45c28d9](https://github.com/ory/kratos/commit/45c28d99064baf8051521a1078ac2b59bb3206ec)) -* Remove session cookie on logout ([#1587](https://github.com/ory/kratos/issues/1587)) ([cdb30bb](https://github.com/ory/kratos/commit/cdb30bb65ac932a17e4924b4efc8952113452513)), closes [#1584](https://github.com/ory/kratos/issues/1584): - - Before, the logout endpoint would invalidate the session cookie, but not remove it. This was a regression introduced in 0.7.0. This patch resolves that issue. - -* **sdk:** Use proper annotation for genericError ([#1611](https://github.com/ory/kratos/issues/1611)) ([da214b2](https://github.com/ory/kratos/commit/da214b2933ae2a91d8c5bf6aa8eea613a2078b9d)), closes [#1609](https://github.com/ory/kratos/issues/1609) -* Skip prompt on discord authorization by default ([#1594](https://github.com/ory/kratos/issues/1594)) ([a667255](https://github.com/ory/kratos/commit/a6672554b02378eb2dac7b1af99ea2915395867b)): - - When a value for prompt is not provided, Discord defaults to `prompt="consent"`. This change makes it so that if the request is not forced, prompt is explicitly set to "none". - -* Static parameter for warning message in config.baseURL(...) ([#1673](https://github.com/ory/kratos/issues/1673)) ([db54a1b](https://github.com/ory/kratos/commit/db54a1bd0c93d7a5845ee09d0a16cbc3b8f26a4a)), closes [#1672](https://github.com/ory/kratos/issues/1672) -* Update csrf token cookie name ([#1601](https://github.com/ory/kratos/issues/1601)) ([64c90bf](https://github.com/ory/kratos/commit/64c90bf5e5cec6545a81f88ad5fabb29e9e80850)): - - See https://github.com/ory-corp/cloud/issues/1252 - -* Use eager preloading for list identites endpoint ([#1588](https://github.com/ory/kratos/issues/1588)) ([de5fb3e](https://github.com/ory/kratos/commit/de5fb3e52af9f2d0f1209eed217403a5d7d1ae2d)) +- Add new message when refresh parameter is true + ([#1560](https://github.com/ory/kratos/issues/1560)) + ([0525623](https://github.com/ory/kratos/commit/05256232bf85d68e068eece6c883f46a447ba5bd)), + closes [#1117](https://github.com/ory/kratos/issues/1117) +- Add session in spa registration if session cook is configured + ([#1657](https://github.com/ory/kratos/issues/1657)) + ([639a7dd](https://github.com/ory/kratos/commit/639a7dd52d43c57e9708ed3e7360c17d6efde6a5)), + closes [#1604](https://github.com/ory/kratos/issues/1604) +- **docs:** Ensure config reference is updated + ([f6b3aa4](https://github.com/ory/kratos/commit/f6b3aa45b1f39ca5e9ee7ef4cd96de1970b2ed71)), + closes [#1597](https://github.com/ory/kratos/issues/1597) +- Facebook sign in regression + ([#1689](https://github.com/ory/kratos/issues/1689)) + ([85337bf](https://github.com/ory/kratos/commit/85337bf65af767d7296b14e8fd21bab5c64d23e2)), + closes [#1687](https://github.com/ory/kratos/issues/1687) + [#1686](https://github.com/ory/kratos/issues/1686) +- Http context memory leak + ([b21bd22](https://github.com/ory/kratos/commit/b21bd224059e8a42da9814237572a118297c5210)): + + Ory Kratos was using `gorilla/sessions` prior to version v1.2 which had a + dependency on `gorilla/context`, a deprecated library with known memory + management issues. Even though we used `gorilla/context`'s clean up + middleware, it appears that `r.Context()` was not properly cleaned up, causing + memory leaks. + + On average, the memory leak is pretty small, but depending on what gets added + to `r.Context()` it could significantly increase the memory leak. + + By replacing `gorilla/sessions` with v1.2.1 we: + + 1. Increased the HTTP API throughput by an estimate of 4 times; + 2. Brought average memory use back down to about 12MB; + + Closes https://github.com/ory-corp/cloud/issues/1292 + +- Outdated label ([#1681](https://github.com/ory/kratos/issues/1681)) + ([149101e](https://github.com/ory/kratos/commit/149101ed145dae2b75e5150013efc478f5fd0cc3)) +- Register argon2 CLI commands properly + ([#1592](https://github.com/ory/kratos/issues/1592)) + ([45c28d9](https://github.com/ory/kratos/commit/45c28d99064baf8051521a1078ac2b59bb3206ec)) +- Remove session cookie on logout + ([#1587](https://github.com/ory/kratos/issues/1587)) + ([cdb30bb](https://github.com/ory/kratos/commit/cdb30bb65ac932a17e4924b4efc8952113452513)), + closes [#1584](https://github.com/ory/kratos/issues/1584): + + Before, the logout endpoint would invalidate the session cookie, but not + remove it. This was a regression introduced in 0.7.0. This patch resolves that + issue. + +- **sdk:** Use proper annotation for genericError + ([#1611](https://github.com/ory/kratos/issues/1611)) + ([da214b2](https://github.com/ory/kratos/commit/da214b2933ae2a91d8c5bf6aa8eea613a2078b9d)), + closes [#1609](https://github.com/ory/kratos/issues/1609) +- Skip prompt on discord authorization by default + ([#1594](https://github.com/ory/kratos/issues/1594)) + ([a667255](https://github.com/ory/kratos/commit/a6672554b02378eb2dac7b1af99ea2915395867b)): + + When a value for prompt is not provided, Discord defaults to + `prompt="consent"`. This change makes it so that if the request is not forced, + prompt is explicitly set to "none". + +- Static parameter for warning message in config.baseURL(...) + ([#1673](https://github.com/ory/kratos/issues/1673)) + ([db54a1b](https://github.com/ory/kratos/commit/db54a1bd0c93d7a5845ee09d0a16cbc3b8f26a4a)), + closes [#1672](https://github.com/ory/kratos/issues/1672) +- Update csrf token cookie name + ([#1601](https://github.com/ory/kratos/issues/1601)) + ([64c90bf](https://github.com/ory/kratos/commit/64c90bf5e5cec6545a81f88ad5fabb29e9e80850)): + + See https://github.com/ory-corp/cloud/issues/1252 + +- Use eager preloading for list identites endpoint + ([#1588](https://github.com/ory/kratos/issues/1588)) + ([de5fb3e](https://github.com/ory/kratos/commit/de5fb3e52af9f2d0f1209eed217403a5d7d1ae2d)) ### Code Generation -* Pin v0.7.3-alpha.1 release commit ([b5ad53e](https://github.com/ory/kratos/commit/b5ad53eca933438126eda3c6c647d99e05e37695)) +- Pin v0.7.3-alpha.1 release commit + ([b5ad53e](https://github.com/ory/kratos/commit/b5ad53eca933438126eda3c6c647d99e05e37695)) ### Documentation -* Change model to schema ([#1639](https://github.com/ory/kratos/issues/1639)) ([09c403e](https://github.com/ory/kratos/commit/09c403e55482e91a5bfe9a253e514b7a90826709)) -* Fix func naming for Logout flow ([#1676](https://github.com/ory/kratos/issues/1676)) ([bbeb613](https://github.com/ory/kratos/commit/bbeb6132ba82e28057bc14bf35ea99b70f0c4118)): - - rename createSelfServiceLogoutUrlForBrowsers to createSelfServiceLogoutFlowUrlForBrowsers - -* Fix stub error example ([#1642](https://github.com/ory/kratos/issues/1642)) ([9bc2fd0](https://github.com/ory/kratos/commit/9bc2fd088ed9b3e7334713e63bae3c7bbcb922db)), closes [#1568](https://github.com/ory/kratos/issues/1568) -* Fixes incorrect yaml identation ([#1641](https://github.com/ory/kratos/issues/1641)) ([6b58278](https://github.com/ory/kratos/commit/6b582784b49c1d103bbf7a6843cdf197fbd93931)) -* Identity traits are visible to user ([#1621](https://github.com/ory/kratos/issues/1621)) ([641eba6](https://github.com/ory/kratos/commit/641eba675bdc583661565a6378776bfad26067c6)) -* Make qickstart URLs consistent (playground vs. localhost) ([#1626](https://github.com/ory/kratos/issues/1626)) ([bae1847](https://github.com/ory/kratos/commit/bae1847eba0d925f28a010876e35e3c2093bc8c6)): - - Since the quick-start describes how to run Kratos locally the actual location of the redirect is `http://127.0.0.1:4433/self-service/login/browser`. - -* Update docker.md - Outdated information ([#1627](https://github.com/ory/kratos/issues/1627)) ([dc32720](https://github.com/ory/kratos/commit/dc32720de25f52b7deb3e32f7530c7827a6ce5df)), closes [#1619](https://github.com/ory/kratos/issues/1619): - - Kratos does not automatically use a config file that exists at `$HOME/.kratos.yaml`, or any other similar pattern. The documentation in the Docker Images section of the guides could lead developers to believe that the --config flag is unnecessary if they are binding the directory the configuration file is in to $HOME or using a custom docker image to provide the file. - +- Change model to schema ([#1639](https://github.com/ory/kratos/issues/1639)) + ([09c403e](https://github.com/ory/kratos/commit/09c403e55482e91a5bfe9a253e514b7a90826709)) +- Fix func naming for Logout flow + ([#1676](https://github.com/ory/kratos/issues/1676)) + ([bbeb613](https://github.com/ory/kratos/commit/bbeb6132ba82e28057bc14bf35ea99b70f0c4118)): + + rename createSelfServiceLogoutUrlForBrowsers to + createSelfServiceLogoutFlowUrlForBrowsers + +- Fix stub error example ([#1642](https://github.com/ory/kratos/issues/1642)) + ([9bc2fd0](https://github.com/ory/kratos/commit/9bc2fd088ed9b3e7334713e63bae3c7bbcb922db)), + closes [#1568](https://github.com/ory/kratos/issues/1568) +- Fixes incorrect yaml identation + ([#1641](https://github.com/ory/kratos/issues/1641)) + ([6b58278](https://github.com/ory/kratos/commit/6b582784b49c1d103bbf7a6843cdf197fbd93931)) +- Identity traits are visible to user + ([#1621](https://github.com/ory/kratos/issues/1621)) + ([641eba6](https://github.com/ory/kratos/commit/641eba675bdc583661565a6378776bfad26067c6)) +- Make qickstart URLs consistent (playground vs. localhost) + ([#1626](https://github.com/ory/kratos/issues/1626)) + ([bae1847](https://github.com/ory/kratos/commit/bae1847eba0d925f28a010876e35e3c2093bc8c6)): + + Since the quick-start describes how to run Kratos locally the actual location + of the redirect is `http://127.0.0.1:4433/self-service/login/browser`. + +- Update docker.md - Outdated information + ([#1627](https://github.com/ory/kratos/issues/1627)) + ([dc32720](https://github.com/ory/kratos/commit/dc32720de25f52b7deb3e32f7530c7827a6ce5df)), + closes [#1619](https://github.com/ory/kratos/issues/1619): + + Kratos does not automatically use a config file that exists at + `$HOME/.kratos.yaml`, or any other similar pattern. The documentation in the + Docker Images section of the guides could lead developers to believe that the + --config flag is unnecessary if they are binding the directory the + configuration file is in to $HOME or using a custom docker image to provide + the file. ### Features -* Allow multiple webhook body sources ([#1606](https://github.com/ory/kratos/issues/1606)) ([51b1311](https://github.com/ory/kratos/commit/51b131177c9e0db018eced939fef43742c9e86cf)): - - This patch adds support for loading webhooks from the local filesystem, base64 encoded inline string, and remote (http/https) sources. Please note that support for relative/absolute paths without an URI scheme are deprecated and will eventually be removed. +- Allow multiple webhook body sources + ([#1606](https://github.com/ory/kratos/issues/1606)) + ([51b1311](https://github.com/ory/kratos/commit/51b131177c9e0db018eced939fef43742c9e86cf)): -* Require verified address ([#1355](https://github.com/ory/kratos/issues/1355)) ([1cf61cd](https://github.com/ory/kratos/commit/1cf61cdeedbd8bf5b66310793249681ff976baab)), closes [#1328](https://github.com/ory/kratos/issues/1328) + This patch adds support for loading webhooks from the local filesystem, base64 + encoded inline string, and remote (http/https) sources. Please note that + support for relative/absolute paths without an URI scheme are deprecated and + will eventually be removed. +- Require verified address ([#1355](https://github.com/ory/kratos/issues/1355)) + ([1cf61cd](https://github.com/ory/kratos/commit/1cf61cdeedbd8bf5b66310793249681ff976baab)), + closes [#1328](https://github.com/ory/kratos/issues/1328) # [0.7.1-alpha.1](https://github.com/ory/kratos/compare/v0.7.0-alpha.1...v0.7.1-alpha.1) (2021-07-22) -This release addresses regressions introduced in Ory Kratos v0.7.0 and resolves some bugs and documentation inconsistencies. - - - - +This release addresses regressions introduced in Ory Kratos v0.7.0 and resolves +some bugs and documentation inconsistencies. ### Bug Fixes -* Automatic tagging for node ui ([fe5056e](https://github.com/ory/kratos/commit/fe5056e11d1f8e4355cafa72ed1ff953077181cc)), closes [#1537](https://github.com/ory/kratos/issues/1537) -* Bump kratos ui image for quickstart ([aedbb5a](https://github.com/ory/kratos/commit/aedbb5a259ea8ee63fb06c36fb1c7af78bb63ffc)), closes [#1537](https://github.com/ory/kratos/issues/1537) -* Cleanup lint errors and add doc to x ([#1545](https://github.com/ory/kratos/issues/1545)) ([3cfd784](https://github.com/ory/kratos/commit/3cfd7845730685a4493c2b5d1974b79d873eea86)) -* Correct meta schema ([8d4f3ff](https://github.com/ory/kratos/commit/8d4f3ff22d4ade6ae3f923c33303002e5f534cff)) -* Do not reset link method ([#1573](https://github.com/ory/kratos/issues/1573)) ([835fb31](https://github.com/ory/kratos/commit/835fb3127bc10b1642b4a7573722e5dce63fedc7)) -* Do not set csrf cookies on /sessions/whoami ([#1580](https://github.com/ory/kratos/issues/1580)) ([36bbd43](https://github.com/ory/kratos/commit/36bbd434114d120006d49785787a3c94c7f103f9)) -* Export extensionschemas ([#1553](https://github.com/ory/kratos/issues/1553)) ([6af7638](https://github.com/ory/kratos/commit/6af76387caf37160ded75d83dc09ba0bc177a895)) -* Generate CSRF token on validation creation ([#1549](https://github.com/ory/kratos/issues/1549)) ([6612c5f](https://github.com/ory/kratos/commit/6612c5f62e5cc242a808032def5714715ce49d11)), closes [#1547](https://github.com/ory/kratos/issues/1547) -* Identity extension meta schema ([#1554](https://github.com/ory/kratos/issues/1554)) ([ba5ca64](https://github.com/ory/kratos/commit/ba5ca642d01917b43d49e009bf140ae13b4f1313)): - - Up until now the extension meta schema was only applied to top level keys. This fix now recursively checks the extension schema on any depth. - -* Remove domain alias config constraint ([#1542](https://github.com/ory/kratos/issues/1542)) ([c6145db](https://github.com/ory/kratos/commit/c6145dbfb278369c8e3ad6eae7e8574ed49ba193)) -* Resolve wrong openapi types ([b07927c](https://github.com/ory/kratos/commit/b07927cd23cbfce23f3b0676303a2d0ca564143b)) -* Update identity state openapi spec ([0217737](https://github.com/ory/kratos/commit/0217737f5a2860e299ccec4387a2cc83aaac1557)) -* Use legacy ssl in quickstart config ([6c13c2b](https://github.com/ory/kratos/commit/6c13c2bedd45c10713907e24976658d4a4b88de6)), closes [#1569](https://github.com/ory/kratos/issues/1569) +- Automatic tagging for node ui + ([fe5056e](https://github.com/ory/kratos/commit/fe5056e11d1f8e4355cafa72ed1ff953077181cc)), + closes [#1537](https://github.com/ory/kratos/issues/1537) +- Bump kratos ui image for quickstart + ([aedbb5a](https://github.com/ory/kratos/commit/aedbb5a259ea8ee63fb06c36fb1c7af78bb63ffc)), + closes [#1537](https://github.com/ory/kratos/issues/1537) +- Cleanup lint errors and add doc to x + ([#1545](https://github.com/ory/kratos/issues/1545)) + ([3cfd784](https://github.com/ory/kratos/commit/3cfd7845730685a4493c2b5d1974b79d873eea86)) +- Correct meta schema + ([8d4f3ff](https://github.com/ory/kratos/commit/8d4f3ff22d4ade6ae3f923c33303002e5f534cff)) +- Do not reset link method ([#1573](https://github.com/ory/kratos/issues/1573)) + ([835fb31](https://github.com/ory/kratos/commit/835fb3127bc10b1642b4a7573722e5dce63fedc7)) +- Do not set csrf cookies on /sessions/whoami + ([#1580](https://github.com/ory/kratos/issues/1580)) + ([36bbd43](https://github.com/ory/kratos/commit/36bbd434114d120006d49785787a3c94c7f103f9)) +- Export extensionschemas ([#1553](https://github.com/ory/kratos/issues/1553)) + ([6af7638](https://github.com/ory/kratos/commit/6af76387caf37160ded75d83dc09ba0bc177a895)) +- Generate CSRF token on validation creation + ([#1549](https://github.com/ory/kratos/issues/1549)) + ([6612c5f](https://github.com/ory/kratos/commit/6612c5f62e5cc242a808032def5714715ce49d11)), + closes [#1547](https://github.com/ory/kratos/issues/1547) +- Identity extension meta schema + ([#1554](https://github.com/ory/kratos/issues/1554)) + ([ba5ca64](https://github.com/ory/kratos/commit/ba5ca642d01917b43d49e009bf140ae13b4f1313)): + + Up until now the extension meta schema was only applied to top level keys. + This fix now recursively checks the extension schema on any depth. + +- Remove domain alias config constraint + ([#1542](https://github.com/ory/kratos/issues/1542)) + ([c6145db](https://github.com/ory/kratos/commit/c6145dbfb278369c8e3ad6eae7e8574ed49ba193)) +- Resolve wrong openapi types + ([b07927c](https://github.com/ory/kratos/commit/b07927cd23cbfce23f3b0676303a2d0ca564143b)) +- Update identity state openapi spec + ([0217737](https://github.com/ory/kratos/commit/0217737f5a2860e299ccec4387a2cc83aaac1557)) +- Use legacy ssl in quickstart config + ([6c13c2b](https://github.com/ory/kratos/commit/6c13c2bedd45c10713907e24976658d4a4b88de6)), + closes [#1569](https://github.com/ory/kratos/issues/1569) ### Code Generation -* Pin v0.7.1-alpha.1 release commit ([4fe76af](https://github.com/ory/kratos/commit/4fe76af1302d45ddf4cf3c2c5949311c9cf1f8b8)) +- Pin v0.7.1-alpha.1 release commit + ([4fe76af](https://github.com/ory/kratos/commit/4fe76af1302d45ddf4cf3c2c5949311c9cf1f8b8)) ### Documentation -* Add instruction for creating user ([#1541](https://github.com/ory/kratos/issues/1541)) ([c2a1b6d](https://github.com/ory/kratos/commit/c2a1b6df95bcb5dfe2b238be5903f483b9e701b5)), closes [#1530](https://github.com/ory/kratos/issues/1530) -* Clarify flags in schema which are not available in config file ([e5ea5fe](https://github.com/ory/kratos/commit/e5ea5fee31eb2f70dc7c33565f791da9e2e87cc2)), closes [#1514](https://github.com/ory/kratos/issues/1514) -* Fix formatting of Email and Phone Verification Flow tab content ([#1536](https://github.com/ory/kratos/issues/1536)) ([0bfac67](https://github.com/ory/kratos/commit/0bfac67a06ef0d96ffd6a487c90edb44d3a40710)) -* Fix typo ([#1543](https://github.com/ory/kratos/issues/1543)) ([b25bae7](https://github.com/ory/kratos/commit/b25bae7f2cdcbb60384808041744edd718a2a814)) -* Fix typo ([#1544](https://github.com/ory/kratos/issues/1544)) ([547788d](https://github.com/ory/kratos/commit/547788de74794a1dcf43e5190cdfc9d2e1a2dc92)) -* Update csrf pitfall flow section ([#1558](https://github.com/ory/kratos/issues/1558)) ([cc7ed4b](https://github.com/ory/kratos/commit/cc7ed4b5f65d2971a45d5d0ec6188908d070d915)), closes [#1557](https://github.com/ory/kratos/issues/1557) +- Add instruction for creating user + ([#1541](https://github.com/ory/kratos/issues/1541)) + ([c2a1b6d](https://github.com/ory/kratos/commit/c2a1b6df95bcb5dfe2b238be5903f483b9e701b5)), + closes [#1530](https://github.com/ory/kratos/issues/1530) +- Clarify flags in schema which are not available in config file + ([e5ea5fe](https://github.com/ory/kratos/commit/e5ea5fee31eb2f70dc7c33565f791da9e2e87cc2)), + closes [#1514](https://github.com/ory/kratos/issues/1514) +- Fix formatting of Email and Phone Verification Flow tab content + ([#1536](https://github.com/ory/kratos/issues/1536)) + ([0bfac67](https://github.com/ory/kratos/commit/0bfac67a06ef0d96ffd6a487c90edb44d3a40710)) +- Fix typo ([#1543](https://github.com/ory/kratos/issues/1543)) + ([b25bae7](https://github.com/ory/kratos/commit/b25bae7f2cdcbb60384808041744edd718a2a814)) +- Fix typo ([#1544](https://github.com/ory/kratos/issues/1544)) + ([547788d](https://github.com/ory/kratos/commit/547788de74794a1dcf43e5190cdfc9d2e1a2dc92)) +- Update csrf pitfall flow section + ([#1558](https://github.com/ory/kratos/issues/1558)) + ([cc7ed4b](https://github.com/ory/kratos/commit/cc7ed4b5f65d2971a45d5d0ec6188908d070d915)), + closes [#1557](https://github.com/ory/kratos/issues/1557) ### Tests -* Longer wait time for e2e boot ([3a85a33](https://github.com/ory/kratos/commit/3a85a33ad8a8eec2ebf57d5a47937499141b6bc0)) - +- Longer wait time for e2e boot + ([3a85a33](https://github.com/ory/kratos/commit/3a85a33ad8a8eec2ebf57d5a47937499141b6bc0)) # [0.7.0-alpha.1](https://github.com/ory/kratos/compare/v0.6.3-alpha.1...v0.7.0-alpha.1) (2021-07-13) -About two months ago we released Ory Kratos v0.6. Today, we are excited to announce the next iteration of Ory Kratos v0.7! This release includes 215 commits from 24 contributors with over 770 files and more than 100.000 lines of code changed! +About two months ago we released Ory Kratos v0.6. Today, we are excited to +announce the next iteration of Ory Kratos v0.7! This release includes 215 +commits from 24 contributors with over 770 files and more than 100.000 lines of +code changed! Ory Kratos v0.7 brings massive developer experience improvements: -- A reworked, tested, and standardized SDK based on OpenAPI 3.0.3 ([#1477](https://github.com/ory/kratos/pull/1477), [#1424](https://github.com/ory/kratos/issues/1424)); -- Native support of Single-Page-Apps (ReactJS, AngularJS, ...) for all self-service flows ([#1367](https://github.com/ory/kratos/pull/1367)); +- A reworked, tested, and standardized SDK based on OpenAPI 3.0.3 + ([#1477](https://github.com/ory/kratos/pull/1477), + [#1424](https://github.com/ory/kratos/issues/1424)); +- Native support of Single-Page-Apps (ReactJS, AngularJS, ...) for all + self-service flows ([#1367](https://github.com/ory/kratos/pull/1367)); - Sign in with Yandex, VK, Auth0, Slack; -- An all-new, secure logout flow ([#1433](https://github.com/ory/kratos/pull/1433)); -- Important security updates to the self-service GET APIs ([#1458](https://github.com/ory/kratos/pull/1458), [#1282](https://github.com/ory/kratos/issues/1282)); +- An all-new, secure logout flow + ([#1433](https://github.com/ory/kratos/pull/1433)); +- Important security updates to the self-service GET APIs + ([#1458](https://github.com/ory/kratos/pull/1458), + [#1282](https://github.com/ory/kratos/issues/1282)); - Built-in support for TLS ([#1466](https://github.com/ory/kratos/pull/1466)); - Improved documentation and Go Module structure; -- Resolving a case-sensitivity bug in self-service recovery and verification flows; +- Resolving a case-sensitivity bug in self-service recovery and verification + flows; - Improved performance for listing identities; -- Support for Instant tracing ([#1429](https://github.com/ory/kratos/pull/1429)); -- Improved control for SMTPS, supporting SSL and STARTTLS ([#1430](https://github.com/ory/kratos/pull/1430)); -- Ability to run Ory Kratos in networks without outbound requests ([#1445](https://github.com/ory/kratos/pull/1445)); -- Improved control over HTTP Cookie behavior ([#1531](https://github.com/ory/kratos/pull/1531)); +- Support for Instant tracing + ([#1429](https://github.com/ory/kratos/pull/1429)); +- Improved control for SMTPS, supporting SSL and STARTTLS + ([#1430](https://github.com/ory/kratos/pull/1430)); +- Ability to run Ory Kratos in networks without outbound requests + ([#1445](https://github.com/ory/kratos/pull/1445)); +- Improved control over HTTP Cookie behavior + ([#1531](https://github.com/ory/kratos/pull/1531)); - Several smaller user experience improvements and bug fixes; - Improved e2e test pipeline. -In the next iteration of Ory Kratos, we will focus on providing a NextJS example application for the SPA integration as well as the long-awaited MFA flows! +In the next iteration of Ory Kratos, we will focus on providing a NextJS example +application for the SPA integration as well as the long-awaited MFA flows! -Please be aware that upgrading to Ory Kratos 0.7 requires you to apply SQL migrations. Make sure to back up your database before migration! +Please be aware that upgrading to Ory Kratos 0.7 requires you to apply SQL +migrations. Make sure to back up your database before migration! For more details on breaking changes and patch notes, see below. - - ## Breaking Changes -Prior to this change it was not possible to specify the verification/recovery link lifetime. Instead, it was bound to the flow expiry. This patch changes that and adds the ability to configure the lifespan of the link individually: +Prior to this change it was not possible to specify the verification/recovery +link lifetime. Instead, it was bound to the flow expiry. This patch changes that +and adds the ability to configure the lifespan of the link individually: ```patch selfservice: @@ -1943,19 +3246,29 @@ Prior to this change it was not possible to specify the verification/recovery li + lifespan: 15m ``` -This is a breaking change because the link strategy no longer respects the recovery / verification flow expiry time and, unless set, will default to one hour. +This is a breaking change because the link strategy no longer respects the +recovery / verification flow expiry time and, unless set, will default to one +hour. -This change introduces a better SDK. As part of this change, several breaking changes with regards to the SDK have been introduced. We recommend reading this section carefully to understand the changes and how they might affect you. +This change introduces a better SDK. As part of this change, several breaking +changes with regards to the SDK have been introduced. We recommend reading this +section carefully to understand the changes and how they might affect you. -Before, the SDK was structured into tags `public` and `admin`. This stems from the fact that we have two ports in Ory Kratos - one administrative and one public port. +Before, the SDK was structured into tags `public` and `admin`. This stems from +the fact that we have two ports in Ory Kratos - one administrative and one +public port. -While serves as a good overview when working with Ory Kratos, it does not express: +While serves as a good overview when working with Ory Kratos, it does not +express: - What module the API belongs to (e.g. self-service, identity, ...) - What maturity the API has (e.g. experimental, alpha, beta, ...) - What version the API has (e.g. v0alpha0, v1beta0, ...) -This patch replaces the current `admin` and `public` tags with a versioned approach indicating the maturity of the API used. For example, `initializeSelfServiceSettingsForBrowsers` would no longer be under the `public` tag but instead under the `v0alpha1` tag: +This patch replaces the current `admin` and `public` tags with a versioned +approach indicating the maturity of the API used. For example, +`initializeSelfServiceSettingsForBrowsers` would no longer be under the `public` +tag but instead under the `v0alpha1` tag: ```patch import { @@ -1968,9 +3281,18 @@ import { + const kratos = new V0Alpha1(new Configuration({ basePath: config.kratos.public })); ``` -To avoid confusion when setting up the SDK, and potentially using the wrong endpoints in your codebase and ending up with strange 404 errors, Ory Kratos now redirects you to the correct port, given that `serve.(public|admin).base_url` are configured correctly. This is a significant improvement towards a more robust API experience! +To avoid confusion when setting up the SDK, and potentially using the wrong +endpoints in your codebase and ending up with strange 404 errors, Ory Kratos now +redirects you to the correct port, given that `serve.(public|admin).base_url` +are configured correctly. This is a significant improvement towards a more +robust API experience! -Further, all administrative functions require, in the Ory SaaS, authorization using e.g. an Ory Personal Access Token. In the open source, we do not know what developers use to protect their APIs. As such, we believe that it is ok to have admin and public functions under one common API and differentiate with an `admin` prefix. Therefore, the following patches should be made in your codebase: +Further, all administrative functions require, in the Ory SaaS, authorization +using e.g. an Ory Personal Access Token. In the open source, we do not know what +developers use to protect their APIs. As such, we believe that it is ok to have +admin and public functions under one common API and differentiate with an +`admin` prefix. Therefore, the following patches should be made in your +codebase: ```patch import { @@ -1989,26 +3311,41 @@ import { }) ``` -Further, we have introduced a [style guide for writing SDKs annotations](https://www.ory.sh/docs/ecosystem/contributing#openapi-spec-and-go-swagger) governing how naming conventions should be chosen. +Further, we have introduced a +[style guide for writing SDKs annotations](https://www.ory.sh/docs/ecosystem/contributing#openapi-spec-and-go-swagger) +governing how naming conventions should be chosen. We also streamlined how credentials are used. We now differentiate between: - Per-request credentials such as the Ory Session Token / Cookie - ``` - - public getSelfServiceRegistrationFlow(id: string, cookie?: string, options?: any) {} - + public getSelfServiceSettingsFlow(id: string, xSessionToken?: string, cookie?: string, options?: any) {} - ``` + ``` + - public getSelfServiceRegistrationFlow(id: string, cookie?: string, options?: any) {} + + public getSelfServiceSettingsFlow(id: string, xSessionToken?: string, cookie?: string, options?: any) {} + ``` - Global credentials such as the Ory (SaaS) Personal Access Token. - ```typescript - const kratos = new V0Alpha0(new Configuration({ basePath: config.kratos.admin, accessToken: 'some-token' })); - kratosAdmin.adminCreateIdentity({ - schema_id: 'default', - traits: { /* ... */ }, - }); - ``` - -This patch introduces CSRF countermeasures for fetching all self-service flows. This ensures that users can not accidentally leak sensitive information when copy/pasting e.g. login URLs (see #1282). If a self-service flow for browsers is requested, the CSRF cookie must be included in the call, regardless if it is a client-side browser app or a server-side browser app calling. This **does not apply** for API-based flows. + ```typescript + const kratos = new V0Alpha0( + new Configuration({ + basePath: config.kratos.admin, + accessToken: "some-token", + }), + ) + + kratosAdmin.adminCreateIdentity({ + schema_id: "default", + traits: { + /* ... */ + }, + }) + ``` + +This patch introduces CSRF countermeasures for fetching all self-service flows. +This ensures that users can not accidentally leak sensitive information when +copy/pasting e.g. login URLs (see #1282). If a self-service flow for browsers is +requested, the CSRF cookie must be included in the call, regardless if it is a +client-side browser app or a server-side browser app calling. This **does not +apply** for API-based flows. As part of this change, the following endpoints have been removed: @@ -2018,11 +3355,16 @@ As part of this change, the following endpoints have been removed: - `GET /self-service/recovery/flows`; - `GET /self-service/settings/flows`. -Please ensure that your server-side applications use the public port (e.g. `GET /self-service/login/flows`) for fetching self-service flows going forward. +Please ensure that your server-side applications use the public port (e.g. +`GET /self-service/login/flows`) for fetching self-service +flows going forward. -If you use the SDKs, upgrading is easy by adding the `cookie` header when fetching the flows. This is only required when **using browser flows on the server side**. +If you use the SDKs, upgrading is easy by adding the `cookie` header when +fetching the flows. This is only required when **using browser flows on the +server side**. -The following example illustrates a ExpressJS (NodeJS) server-side application fetching the self-service flows. +The following example illustrates a ExpressJS (NodeJS) server-side application +fetching the self-service flows. ```patch app.get('some-route', (req: Request, res: Response) => { @@ -2043,341 +3385,650 @@ app.get('some-route', (req: Request, res: Response) => { }) ``` -For concrete details, check out [the changes in the NodeJS app](https://github.com/ory/kratos-selfservice-ui-node/commit/e7fa292968111e06401fcfc9b1dd0e8e285a4d87). - -This patch refactors the logout functionality for browsers and APIs. It adds increased security and DoS-defenses to the logout flow. - -Previously, calling `GET /self-service/browser/flows/logout` would remove the session cookie and redirect the user to the logout endpoint. Now you have to make a call to `GET /self-service/logout/browser` which returns a JSON response including a `logout_url` URL to be used for logout. The call to `/self-service/logout/browser` must be made using AJAX with cookies enabled or by including the Ory Session Cookie in the `X-Session-Cookie` HTTP Header. You may also use the SDK method `createSelfServiceLogoutUrlForBrowsers` to do that. - -Additionally, the endpoint `DELETE /sessions` has been moved to `DELETE /self-service/logout/api`. Payloads and responses stay equal. The SDK method `revokeSession` has been renamed to `submitSelfServiceLogoutFlowWithoutBrowser`. - -We listened to your feedback and have improved the naming of the SDK method `initializeSelfServiceRecoveryForNativeApps` to better match what it does: `initializeSelfServiceRecoveryWithoutBrowser`. As in the previous release you may still use the old SDK if you do not want to deal with the SDK breaking changes for now. - -We listened to your feedback and have improved the naming of the SDK method `initializeSelfServiceVerificationForNativeApps` to better match what it does: `initializeSelfServiceVerificationWithoutBrowser`. As in the previous release you may still use the old SDK if you do not want to deal with the SDK breaking changes for now. - -We listened to your feedback and have improved the naming of the SDK method `initializeSelfServiceSettingsForNativeApps` to better match what it does: `initializeSelfServiceSettingsWithoutBrowser`. As in the previous release you may still use the old SDK if you do not want to deal with the SDK breaking changes for now. - -We listened to your feedback and have improved the naming of the SDK method `initializeSelfServiceregistrationForNativeApps` to better match what it does: `initializeSelfServiceregistrationWithoutBrowser`. As in the previous release you may still use the old SDK if you do not want to deal with the SDK breaking changes for now. - -We listened to your feedback and have improved the naming of the SDK method `initializeSelfServiceLoginForNativeApps` to better match what it does: `initializeSelfServiceLoginWithoutBrowser`. As in the previous release you may still use the old SDK if you do not want to deal with the SDK breaking changes for now. - - +For concrete details, check out +[the changes in the NodeJS app](https://github.com/ory/kratos-selfservice-ui-node/commit/e7fa292968111e06401fcfc9b1dd0e8e285a4d87). + +This patch refactors the logout functionality for browsers and APIs. It adds +increased security and DoS-defenses to the logout flow. + +Previously, calling `GET /self-service/browser/flows/logout` would remove the +session cookie and redirect the user to the logout endpoint. Now you have to +make a call to `GET /self-service/logout/browser` which returns a JSON response +including a `logout_url` URL to be used for logout. The call to +`/self-service/logout/browser` must be made using AJAX with cookies enabled or +by including the Ory Session Cookie in the `X-Session-Cookie` HTTP Header. You +may also use the SDK method `createSelfServiceLogoutUrlForBrowsers` to do that. + +Additionally, the endpoint `DELETE /sessions` has been moved to +`DELETE /self-service/logout/api`. Payloads and responses stay equal. The SDK +method `revokeSession` has been renamed to +`submitSelfServiceLogoutFlowWithoutBrowser`. + +We listened to your feedback and have improved the naming of the SDK method +`initializeSelfServiceRecoveryForNativeApps` to better match what it does: +`initializeSelfServiceRecoveryWithoutBrowser`. As in the previous release you +may still use the old SDK if you do not want to deal with the SDK breaking +changes for now. + +We listened to your feedback and have improved the naming of the SDK method +`initializeSelfServiceVerificationForNativeApps` to better match what it does: +`initializeSelfServiceVerificationWithoutBrowser`. As in the previous release +you may still use the old SDK if you do not want to deal with the SDK breaking +changes for now. + +We listened to your feedback and have improved the naming of the SDK method +`initializeSelfServiceSettingsForNativeApps` to better match what it does: +`initializeSelfServiceSettingsWithoutBrowser`. As in the previous release you +may still use the old SDK if you do not want to deal with the SDK breaking +changes for now. + +We listened to your feedback and have improved the naming of the SDK method +`initializeSelfServiceregistrationForNativeApps` to better match what it does: +`initializeSelfServiceregistrationWithoutBrowser`. As in the previous release +you may still use the old SDK if you do not want to deal with the SDK breaking +changes for now. + +We listened to your feedback and have improved the naming of the SDK method +`initializeSelfServiceLoginForNativeApps` to better match what it does: +`initializeSelfServiceLoginWithoutBrowser`. As in the previous release you may +still use the old SDK if you do not want to deal with the SDK breaking changes +for now. ### Bug Fixes -* Add json detection to setting error subbranches ([fb83dcb](https://github.com/ory/kratos/commit/fb83dcb8ae7463079ddb33c04673cf4556f6058c)) -* Add verification success message ([#1526](https://github.com/ory/kratos/issues/1526)) ([126698c](https://github.com/ory/kratos/commit/126698c0b531ca304bb323c825cbeb86b5814f31)), closes [#1450](https://github.com/ory/kratos/issues/1450) -* Cache migration status ([5be2f14](https://github.com/ory/kratos/commit/5be2f149cd79ddfbe8496eccf5d5aacb6a9a0b8e)), closes [#1337](https://github.com/ory/kratos/issues/1337) -* Change SMTP config validation from URI to a Regex pattern ([#1436](https://github.com/ory/kratos/issues/1436)) ([5ab1e8f](https://github.com/ory/kratos/commit/5ab1e8f17bcbc229fada2c584b2c1f576b819761)), closes [#1435](https://github.com/ory/kratos/issues/1435) -* Check filesystem before fallback to bundled templates ([#1401](https://github.com/ory/kratos/issues/1401)) ([22d999e](https://github.com/ory/kratos/commit/22d999e78eb4f67d2f3ba07e62fd28ffb3331d6d)) -* Continue button for oidc registration step ([2aad5ac](https://github.com/ory/kratos/commit/2aad5ac8f7055f39f4f434d26fbca74cdbe75337)), closes [#1422](https://github.com/ory/kratos/issues/1422) [#1320](https://github.com/ory/kratos/issues/1320): - - When signing up with an OIDC provider and the traits model is missing some fields, the submit button shows all OIDC options. Instead, it should show just one option called "Continue". - -* Deprecate sessionCookie ([#1428](https://github.com/ory/kratos/issues/1428)) ([eccad74](https://github.com/ory/kratos/commit/eccad741a1702181d4b207aad954a950906a808b)), closes [#1426](https://github.com/ory/kratos/issues/1426) -* Do not cache incomplete migrations ([#1434](https://github.com/ory/kratos/issues/1434)) ([154c26f](https://github.com/ory/kratos/commit/154c26f6da4bb7040deabdc352c90cdae42c69fe)) -* Do not run network migrations when booting ([12bbab9](https://github.com/ory/kratos/commit/12bbab9d3cf788998cd4a9be50ac8c7a9d2232bd)), closes [#1399](https://github.com/ory/kratos/issues/1399) -* Format test files ([0468aa1](https://github.com/ory/kratos/commit/0468aa19ebfb0f68de5d9d1e59180d953f197cc0)) -* Improve identity list performance ([f76886f](https://github.com/ory/kratos/commit/f76886fe7436f71fbef00081888a2f8d0106ba98)), closes [#1412](https://github.com/ory/kratos/issues/1412) -* Incorrect openapi specification for verification submission ([#1431](https://github.com/ory/kratos/issues/1431)) ([ecb0a01](https://github.com/ory/kratos/commit/ecb0a01f61441aa97751943b5e9ddcc28f783d91)), closes [#1368](https://github.com/ory/kratos/issues/1368) -* Link t docker guide ([953c6d6](https://github.com/ory/kratos/commit/953c6d60f6b6d82ac1406e84c2d87119e63dac48)) -* Mark ui node message as optional ([#1365](https://github.com/ory/kratos/issues/1365)) ([7b8d59f](https://github.com/ory/kratos/commit/7b8d59f48ed14a6d0672238645d8675d4bf7fd77)), closes [#1361](https://github.com/ory/kratos/issues/1361) [#1362](https://github.com/ory/kratos/issues/1362) -* Mark verified_at as omitempty ([77b258e](https://github.com/ory/kratos/commit/77b258e57a3d53fe437838a5e9c57805e9c970aa)): - - Closes https://github.com/ory/sdk/issues/46 - -* Panic if contextualizer is not set ([760035a](https://github.com/ory/kratos/commit/760035a6c5efa08561b93daff57ebb4655032b2a)) -* Panic on error in issue session ([5fbd855](https://github.com/ory/kratos/commit/5fbd8557e1f907dd400bfcd26c187db16dc344ba)), closes [#1384](https://github.com/ory/kratos/issues/1384) -* Prometheus metrics fix ([#1299](https://github.com/ory/kratos/issues/1299)) ([ac5d00d](https://github.com/ory/kratos/commit/ac5d00d472a87ab51e7c6834e2cb59f107fc3b3b)) -* Recovery email case sensitive ([#1357](https://github.com/ory/kratos/issues/1357)) ([bce14c4](https://github.com/ory/kratos/commit/bce14c487450bd668859f362b98704644fa4c72a)), closes [#1329](https://github.com/ory/kratos/issues/1329) -* Remove changelog ([7affb7a](https://github.com/ory/kratos/commit/7affb7a25bc84082e0ad8096e6c0e4b3933ac5f6)) -* Remove obsolete ADD for corp module ([#1455](https://github.com/ory/kratos/issues/1455)) ([0fa3a53](https://github.com/ory/kratos/commit/0fa3a539fbe1ae498434b200c3b636de10d73a7c)) -* Remove typing from node.attribute.value ([63a5e08](https://github.com/ory/kratos/commit/63a5e08afab76dafbfe13e6126e165af28492aad)): - - Closes https://github.com/ory/sdk/issues/75 - Closes https://github.com/ory/sdk/issues/74 - Closes https://github.com/ory/sdk/issues/72 - -* Rename client package for external consumption ([cba8b00](https://github.com/ory/kratos/commit/cba8b00c8b755cc0bdc7818bc9d7390ff3532ce1)) -* Resolve build issues on release ([7c265a8](https://github.com/ory/kratos/commit/7c265a8b909dcc07ceeeda546a748ad28ab0c746)) -* Resolve driver issues ([47b1c8d](https://github.com/ory/kratos/commit/47b1c8dce57a023e89a2b178bc8a033496ef4ff2)) -* Resolve network regression ([8f96b1f](https://github.com/ory/kratos/commit/8f96b1fe4d0846a3ad97a45bc972ece04109289d)) -* Resolve network regressions ([8fc52c0](https://github.com/ory/kratos/commit/8fc52c034ed9978c2a04cc66bccc9b795c9bbefa)) -* Testhelper regressions ([bf3b04f](https://github.com/ory/kratos/commit/bf3b04fd2c7f9162073cb584d6fb0d59e868ecbf)) -* Use correct url in submitSelfServiceVerificationFlow ([ab8a600](https://github.com/ory/kratos/commit/ab8a600080ac0d6a6235806b74c5b9e3dc1c2d60)) -* Use local schema URL for sorting UI nodes ([#1449](https://github.com/ory/kratos/issues/1449)) ([a003885](https://github.com/ory/kratos/commit/a0038853f30cd7d139d42d1d4601c8cf49d03934)) -* Use session cookie path settings for csrf cookie ([#1493](https://github.com/ory/kratos/issues/1493)) ([c6d08ed](https://github.com/ory/kratos/commit/c6d08edae32fd94877fb58355d3c711460c7d1a2)), closes [#1292](https://github.com/ory/kratos/issues/1292): - - This PR adds configuration option for CSRF cookies and improves the domain alias logic as well as adding tests for it. - -* Use STARTTLS for smtps connections ([#1430](https://github.com/ory/kratos/issues/1430)) ([c21bb80](https://github.com/ory/kratos/commit/c21bb80a749df7b224a8ac3f15fa62523a78d805)), closes [#781](https://github.com/ory/kratos/issues/781) -* Version schema ([#1359](https://github.com/ory/kratos/issues/1359)) ([8c4bac7](https://github.com/ory/kratos/commit/8c4bac71674e45e440d916c6c947ed018a8ea29a)), closes [#1331](https://github.com/ory/kratos/issues/1331) [#1101](https://github.com/ory/kratos/issues/1101) [ory/hydra#2427](https://github.com/ory/hydra/issues/2427) +- Add json detection to setting error subbranches + ([fb83dcb](https://github.com/ory/kratos/commit/fb83dcb8ae7463079ddb33c04673cf4556f6058c)) +- Add verification success message + ([#1526](https://github.com/ory/kratos/issues/1526)) + ([126698c](https://github.com/ory/kratos/commit/126698c0b531ca304bb323c825cbeb86b5814f31)), + closes [#1450](https://github.com/ory/kratos/issues/1450) +- Cache migration status + ([5be2f14](https://github.com/ory/kratos/commit/5be2f149cd79ddfbe8496eccf5d5aacb6a9a0b8e)), + closes [#1337](https://github.com/ory/kratos/issues/1337) +- Change SMTP config validation from URI to a Regex pattern + ([#1436](https://github.com/ory/kratos/issues/1436)) + ([5ab1e8f](https://github.com/ory/kratos/commit/5ab1e8f17bcbc229fada2c584b2c1f576b819761)), + closes [#1435](https://github.com/ory/kratos/issues/1435) +- Check filesystem before fallback to bundled templates + ([#1401](https://github.com/ory/kratos/issues/1401)) + ([22d999e](https://github.com/ory/kratos/commit/22d999e78eb4f67d2f3ba07e62fd28ffb3331d6d)) +- Continue button for oidc registration step + ([2aad5ac](https://github.com/ory/kratos/commit/2aad5ac8f7055f39f4f434d26fbca74cdbe75337)), + closes [#1422](https://github.com/ory/kratos/issues/1422) + [#1320](https://github.com/ory/kratos/issues/1320): + + When signing up with an OIDC provider and the traits model is missing some + fields, the submit button shows all OIDC options. Instead, it should show just + one option called "Continue". + +- Deprecate sessionCookie ([#1428](https://github.com/ory/kratos/issues/1428)) + ([eccad74](https://github.com/ory/kratos/commit/eccad741a1702181d4b207aad954a950906a808b)), + closes [#1426](https://github.com/ory/kratos/issues/1426) +- Do not cache incomplete migrations + ([#1434](https://github.com/ory/kratos/issues/1434)) + ([154c26f](https://github.com/ory/kratos/commit/154c26f6da4bb7040deabdc352c90cdae42c69fe)) +- Do not run network migrations when booting + ([12bbab9](https://github.com/ory/kratos/commit/12bbab9d3cf788998cd4a9be50ac8c7a9d2232bd)), + closes [#1399](https://github.com/ory/kratos/issues/1399) +- Format test files + ([0468aa1](https://github.com/ory/kratos/commit/0468aa19ebfb0f68de5d9d1e59180d953f197cc0)) +- Improve identity list performance + ([f76886f](https://github.com/ory/kratos/commit/f76886fe7436f71fbef00081888a2f8d0106ba98)), + closes [#1412](https://github.com/ory/kratos/issues/1412) +- Incorrect openapi specification for verification submission + ([#1431](https://github.com/ory/kratos/issues/1431)) + ([ecb0a01](https://github.com/ory/kratos/commit/ecb0a01f61441aa97751943b5e9ddcc28f783d91)), + closes [#1368](https://github.com/ory/kratos/issues/1368) +- Link t docker guide + ([953c6d6](https://github.com/ory/kratos/commit/953c6d60f6b6d82ac1406e84c2d87119e63dac48)) +- Mark ui node message as optional + ([#1365](https://github.com/ory/kratos/issues/1365)) + ([7b8d59f](https://github.com/ory/kratos/commit/7b8d59f48ed14a6d0672238645d8675d4bf7fd77)), + closes [#1361](https://github.com/ory/kratos/issues/1361) + [#1362](https://github.com/ory/kratos/issues/1362) +- Mark verified_at as omitempty + ([77b258e](https://github.com/ory/kratos/commit/77b258e57a3d53fe437838a5e9c57805e9c970aa)): + + Closes https://github.com/ory/sdk/issues/46 + +- Panic if contextualizer is not set + ([760035a](https://github.com/ory/kratos/commit/760035a6c5efa08561b93daff57ebb4655032b2a)) +- Panic on error in issue session + ([5fbd855](https://github.com/ory/kratos/commit/5fbd8557e1f907dd400bfcd26c187db16dc344ba)), + closes [#1384](https://github.com/ory/kratos/issues/1384) +- Prometheus metrics fix ([#1299](https://github.com/ory/kratos/issues/1299)) + ([ac5d00d](https://github.com/ory/kratos/commit/ac5d00d472a87ab51e7c6834e2cb59f107fc3b3b)) +- Recovery email case sensitive + ([#1357](https://github.com/ory/kratos/issues/1357)) + ([bce14c4](https://github.com/ory/kratos/commit/bce14c487450bd668859f362b98704644fa4c72a)), + closes [#1329](https://github.com/ory/kratos/issues/1329) +- Remove changelog + ([7affb7a](https://github.com/ory/kratos/commit/7affb7a25bc84082e0ad8096e6c0e4b3933ac5f6)) +- Remove obsolete ADD for corp module + ([#1455](https://github.com/ory/kratos/issues/1455)) + ([0fa3a53](https://github.com/ory/kratos/commit/0fa3a539fbe1ae498434b200c3b636de10d73a7c)) +- Remove typing from node.attribute.value + ([63a5e08](https://github.com/ory/kratos/commit/63a5e08afab76dafbfe13e6126e165af28492aad)): + + Closes https://github.com/ory/sdk/issues/75 Closes + https://github.com/ory/sdk/issues/74 Closes + https://github.com/ory/sdk/issues/72 + +- Rename client package for external consumption + ([cba8b00](https://github.com/ory/kratos/commit/cba8b00c8b755cc0bdc7818bc9d7390ff3532ce1)) +- Resolve build issues on release + ([7c265a8](https://github.com/ory/kratos/commit/7c265a8b909dcc07ceeeda546a748ad28ab0c746)) +- Resolve driver issues + ([47b1c8d](https://github.com/ory/kratos/commit/47b1c8dce57a023e89a2b178bc8a033496ef4ff2)) +- Resolve network regression + ([8f96b1f](https://github.com/ory/kratos/commit/8f96b1fe4d0846a3ad97a45bc972ece04109289d)) +- Resolve network regressions + ([8fc52c0](https://github.com/ory/kratos/commit/8fc52c034ed9978c2a04cc66bccc9b795c9bbefa)) +- Testhelper regressions + ([bf3b04f](https://github.com/ory/kratos/commit/bf3b04fd2c7f9162073cb584d6fb0d59e868ecbf)) +- Use correct url in submitSelfServiceVerificationFlow + ([ab8a600](https://github.com/ory/kratos/commit/ab8a600080ac0d6a6235806b74c5b9e3dc1c2d60)) +- Use local schema URL for sorting UI nodes + ([#1449](https://github.com/ory/kratos/issues/1449)) + ([a003885](https://github.com/ory/kratos/commit/a0038853f30cd7d139d42d1d4601c8cf49d03934)) +- Use session cookie path settings for csrf cookie + ([#1493](https://github.com/ory/kratos/issues/1493)) + ([c6d08ed](https://github.com/ory/kratos/commit/c6d08edae32fd94877fb58355d3c711460c7d1a2)), + closes [#1292](https://github.com/ory/kratos/issues/1292): + + This PR adds configuration option for CSRF cookies and improves the domain + alias logic as well as adding tests for it. + +- Use STARTTLS for smtps connections + ([#1430](https://github.com/ory/kratos/issues/1430)) + ([c21bb80](https://github.com/ory/kratos/commit/c21bb80a749df7b224a8ac3f15fa62523a78d805)), + closes [#781](https://github.com/ory/kratos/issues/781) +- Version schema ([#1359](https://github.com/ory/kratos/issues/1359)) + ([8c4bac7](https://github.com/ory/kratos/commit/8c4bac71674e45e440d916c6c947ed018a8ea29a)), + closes [#1331](https://github.com/ory/kratos/issues/1331) + [#1101](https://github.com/ory/kratos/issues/1101) + [ory/hydra#2427](https://github.com/ory/hydra/issues/2427) ### Code Generation -* Pin v0.7.0-alpha.1 release commit ([53a0e38](https://github.com/ory/kratos/commit/53a0e38c2b5d7003786a8386a9c4cf129acc06aa)) +- Pin v0.7.0-alpha.1 release commit + ([53a0e38](https://github.com/ory/kratos/commit/53a0e38c2b5d7003786a8386a9c4cf129acc06aa)) ### Code Refactoring -* Corp package ([#1402](https://github.com/ory/kratos/issues/1402)) ([0202dc5](https://github.com/ory/kratos/commit/0202dc57aacc0d48e4c1ee4e68c91654451f63fa)) -* Finalize SDK refactoring ([e772641](https://github.com/ory/kratos/commit/e772641f9bcfa462aa5111cf1329a479e3cdff99)), closes [kratos#1424](https://github.com/kratos/issues/1424) [#1424](https://github.com/ory/kratos/issues/1424) -* Identity SDKs ([d8658dc](https://github.com/ory/kratos/commit/d8658dc887a76d82e3cf23386c03b5ebf7053189)), closes [#1477](https://github.com/ory/kratos/issues/1477) -* Improve session sdk ([7207af4](https://github.com/ory/kratos/commit/7207af4cdf6c78dd3f0fd42b6727d7e320d252e6)) -* Introduce DefaultContextualizer in corp package ([#1390](https://github.com/ory/kratos/issues/1390)) ([944d045](https://github.com/ory/kratos/commit/944d045aa7fc59eadfdd18951f0d4937b1ea79df)), closes [#1363](https://github.com/ory/kratos/issues/1363) -* Move cleansql to separate package ([7c203dc](https://github.com/ory/kratos/commit/7c203dc8219afe07f180143f832158615b51f60a)) -* Openapi.json -> api.json ([6df0de5](https://github.com/ory/kratos/commit/6df0de5d0b4c952576bf9e14c18d521934edd9bb)) -* Self-service error APIs ([65c482f](https://github.com/ory/kratos/commit/65c482fba62c2782b03a3b840124eac062499266)) +- Corp package ([#1402](https://github.com/ory/kratos/issues/1402)) + ([0202dc5](https://github.com/ory/kratos/commit/0202dc57aacc0d48e4c1ee4e68c91654451f63fa)) +- Finalize SDK refactoring + ([e772641](https://github.com/ory/kratos/commit/e772641f9bcfa462aa5111cf1329a479e3cdff99)), + closes [kratos#1424](https://github.com/kratos/issues/1424) + [#1424](https://github.com/ory/kratos/issues/1424) +- Identity SDKs + ([d8658dc](https://github.com/ory/kratos/commit/d8658dc887a76d82e3cf23386c03b5ebf7053189)), + closes [#1477](https://github.com/ory/kratos/issues/1477) +- Improve session sdk + ([7207af4](https://github.com/ory/kratos/commit/7207af4cdf6c78dd3f0fd42b6727d7e320d252e6)) +- Introduce DefaultContextualizer in corp package + ([#1390](https://github.com/ory/kratos/issues/1390)) + ([944d045](https://github.com/ory/kratos/commit/944d045aa7fc59eadfdd18951f0d4937b1ea79df)), + closes [#1363](https://github.com/ory/kratos/issues/1363) +- Move cleansql to separate package + ([7c203dc](https://github.com/ory/kratos/commit/7c203dc8219afe07f180143f832158615b51f60a)) +- Openapi.json -> api.json + ([6df0de5](https://github.com/ory/kratos/commit/6df0de5d0b4c952576bf9e14c18d521934edd9bb)) +- Self-service error APIs + ([65c482f](https://github.com/ory/kratos/commit/65c482fba62c2782b03a3b840124eac062499266)) ### Documentation -* Add docs for registration SPA flow ([84458f1](https://github.com/ory/kratos/commit/84458f1a9dfe8be6a97bddd832fcc508b60b8498)) -* Add go sdk examples ([e948fad](https://github.com/ory/kratos/commit/e948faddce3a1f52df964c701f6ba2a28f5dfe03)) -* Add kratos quickstart config notes ([#1490](https://github.com/ory/kratos/issues/1490)) ([2f8094c](https://github.com/ory/kratos/commit/2f8094c50eaf7e1cd964067172adcad407713764)) -* Add replit instructions ([8ab8607](https://github.com/ory/kratos/commit/8ab8607dee433f6e708ade296a6c26d0a87d0aae)) -* Add tested and running go sdk examples ([3b56bb5](https://github.com/ory/kratos/commit/3b56bb5fd37d0e7d4479967aa0b5721a68a267f2)) -* Correct CII badge ([#1447](https://github.com/ory/kratos/issues/1447)) ([048aec3](https://github.com/ory/kratos/commit/048aec39295f0a3534df5e43e3cd7684d4fbd758)) -* Fix broken link ([9eaf764](https://github.com/ory/kratos/commit/9eaf764b28f3ca1dae2816d4c0a985c4866c409b)) -* Fix building from source ([#1473](https://github.com/ory/kratos/issues/1473)) ([af54d5b](https://github.com/ory/kratos/commit/af54d5bb9e36f90d272d293817f0d6d7eb2e79a8)) -* Fix typo in "Sign in/up with ID & assword" ([#1383](https://github.com/ory/kratos/issues/1383)) ([f39739d](https://github.com/ory/kratos/commit/f39739d94e97f20b94630b957371d11294dc8300)) -* Mark login endpoints as experimental ([6faf0f6](https://github.com/ory/kratos/commit/6faf0f65bb05bbafdee6b1274a719695fd5b4173)) -* Refactor documentation and adopt changes for [#1477](https://github.com/ory/kratos/issues/1477) ([f5e96cd](https://github.com/ory/kratos/commit/f5e96cd5054e734c319ed32992357fcd73ac44a1)), closes [#1472](https://github.com/ory/kratos/issues/1472) -* Remove changelog from docs folder ([5a7e3d8](https://github.com/ory/kratos/commit/5a7e3d83a5fb7f3e6945f37d42abca14d2982e72)) -* Resolve build issues ([b51bb55](https://github.com/ory/kratos/commit/b51bb555d829ab020e593a764cbce4c5ba4885a2)) -* Resolve typos and docs react issues ([2d640e4](https://github.com/ory/kratos/commit/2d640e4b9b556fd866c29c83564cb1c7702ab9ff)) -* Update docs for all flows ([d29ea69](https://github.com/ory/kratos/commit/d29ea69f6bb908b529502030942b1ced52227372)) -* Update documentation for plaintext templates ([#1369](https://github.com/ory/kratos/issues/1369)) ([419784d](https://github.com/ory/kratos/commit/419784dd0d4ddc338830ed0d77a7d99f8f440777)), closes [#1351](https://github.com/ory/kratos/issues/1351) -* Update error documentation ([7d83609](https://github.com/ory/kratos/commit/7d8360973a3359bec321a60f4f3a4202ac7d2430)) -* Update login flow documentation ([a27de91](https://github.com/ory/kratos/commit/a27de91e9e06f8501ae9cb70446ed0aae5a39f71)) -* Update path ([f0384d9](https://github.com/ory/kratos/commit/f0384d9c11085230fd16290c524d22fac6002870)) -* Update README.md Go instructions ([#1464](https://github.com/ory/kratos/issues/1464)) ([8db4b4a](https://github.com/ory/kratos/commit/8db4b4a966c5c418cf9d9169b66d7dacff256113)) -* Update remaining self service documentation ([bcc6284](https://github.com/ory/kratos/commit/bcc62846297a67216e01e8c31d375d376c1b7cef)) -* Update sdk use ([bcb8c06](https://github.com/ory/kratos/commit/bcb8c06ee324c639e548fc06315d9e952f470582)) -* Update settings documentation ([258ceaf](https://github.com/ory/kratos/commit/258ceaf84e6ee15b8eee2f203f456f73e7d406d5)) -* Use correct path ([#1333](https://github.com/ory/kratos/issues/1333)) ([e401135](https://github.com/ory/kratos/commit/e401135cf415d7e3e6a8ca463dd47e46fe399b33)) +- Add docs for registration SPA flow + ([84458f1](https://github.com/ory/kratos/commit/84458f1a9dfe8be6a97bddd832fcc508b60b8498)) +- Add go sdk examples + ([e948fad](https://github.com/ory/kratos/commit/e948faddce3a1f52df964c701f6ba2a28f5dfe03)) +- Add kratos quickstart config notes + ([#1490](https://github.com/ory/kratos/issues/1490)) + ([2f8094c](https://github.com/ory/kratos/commit/2f8094c50eaf7e1cd964067172adcad407713764)) +- Add replit instructions + ([8ab8607](https://github.com/ory/kratos/commit/8ab8607dee433f6e708ade296a6c26d0a87d0aae)) +- Add tested and running go sdk examples + ([3b56bb5](https://github.com/ory/kratos/commit/3b56bb5fd37d0e7d4479967aa0b5721a68a267f2)) +- Correct CII badge ([#1447](https://github.com/ory/kratos/issues/1447)) + ([048aec3](https://github.com/ory/kratos/commit/048aec39295f0a3534df5e43e3cd7684d4fbd758)) +- Fix broken link + ([9eaf764](https://github.com/ory/kratos/commit/9eaf764b28f3ca1dae2816d4c0a985c4866c409b)) +- Fix building from source ([#1473](https://github.com/ory/kratos/issues/1473)) + ([af54d5b](https://github.com/ory/kratos/commit/af54d5bb9e36f90d272d293817f0d6d7eb2e79a8)) +- Fix typo in "Sign in/up with ID & assword" + ([#1383](https://github.com/ory/kratos/issues/1383)) + ([f39739d](https://github.com/ory/kratos/commit/f39739d94e97f20b94630b957371d11294dc8300)) +- Mark login endpoints as experimental + ([6faf0f6](https://github.com/ory/kratos/commit/6faf0f65bb05bbafdee6b1274a719695fd5b4173)) +- Refactor documentation and adopt changes for + [#1477](https://github.com/ory/kratos/issues/1477) + ([f5e96cd](https://github.com/ory/kratos/commit/f5e96cd5054e734c319ed32992357fcd73ac44a1)), + closes [#1472](https://github.com/ory/kratos/issues/1472) +- Remove changelog from docs folder + ([5a7e3d8](https://github.com/ory/kratos/commit/5a7e3d83a5fb7f3e6945f37d42abca14d2982e72)) +- Resolve build issues + ([b51bb55](https://github.com/ory/kratos/commit/b51bb555d829ab020e593a764cbce4c5ba4885a2)) +- Resolve typos and docs react issues + ([2d640e4](https://github.com/ory/kratos/commit/2d640e4b9b556fd866c29c83564cb1c7702ab9ff)) +- Update docs for all flows + ([d29ea69](https://github.com/ory/kratos/commit/d29ea69f6bb908b529502030942b1ced52227372)) +- Update documentation for plaintext templates + ([#1369](https://github.com/ory/kratos/issues/1369)) + ([419784d](https://github.com/ory/kratos/commit/419784dd0d4ddc338830ed0d77a7d99f8f440777)), + closes [#1351](https://github.com/ory/kratos/issues/1351) +- Update error documentation + ([7d83609](https://github.com/ory/kratos/commit/7d8360973a3359bec321a60f4f3a4202ac7d2430)) +- Update login flow documentation + ([a27de91](https://github.com/ory/kratos/commit/a27de91e9e06f8501ae9cb70446ed0aae5a39f71)) +- Update path + ([f0384d9](https://github.com/ory/kratos/commit/f0384d9c11085230fd16290c524d22fac6002870)) +- Update README.md Go instructions + ([#1464](https://github.com/ory/kratos/issues/1464)) + ([8db4b4a](https://github.com/ory/kratos/commit/8db4b4a966c5c418cf9d9169b66d7dacff256113)) +- Update remaining self service documentation + ([bcc6284](https://github.com/ory/kratos/commit/bcc62846297a67216e01e8c31d375d376c1b7cef)) +- Update sdk use + ([bcb8c06](https://github.com/ory/kratos/commit/bcb8c06ee324c639e548fc06315d9e952f470582)) +- Update settings documentation + ([258ceaf](https://github.com/ory/kratos/commit/258ceaf84e6ee15b8eee2f203f456f73e7d406d5)) +- Use correct path ([#1333](https://github.com/ory/kratos/issues/1333)) + ([e401135](https://github.com/ory/kratos/commit/e401135cf415d7e3e6a8ca463dd47e46fe399b33)) ### Features -* Add examples for usage of go sdk ([870c2bd](https://github.com/ory/kratos/commit/870c2bd316a3e5b7ce9d526ebf369e41dbea2630)) -* Add GetContextualizer ([ac32717](https://github.com/ory/kratos/commit/ac3271742c9c2b968b08dd2b35a5d120c5befcd9)) -* Add helper for starting kratos e2e ([#1469](https://github.com/ory/kratos/issues/1469)) ([b9c7674](https://github.com/ory/kratos/commit/b9c7674c30df8200bcd7223c2fa6b058e833bb8a)) -* Add instana as possible tracing provider ([#1429](https://github.com/ory/kratos/issues/1429)) ([abe48a9](https://github.com/ory/kratos/commit/abe48a97ee75567979a70f00dd73ff698efcc75d)), closes [#1385](https://github.com/ory/kratos/issues/1385) -* Add redoc ([#1502](https://github.com/ory/kratos/issues/1502)) ([492266d](https://github.com/ory/kratos/commit/492266de9c9b7b775a7b21b5890361380d911da4)) -* Add vk and yandex providers to oidc providers and documentation ([#1339](https://github.com/ory/kratos/issues/1339)) ([22a3ef9](https://github.com/ory/kratos/commit/22a3ef98181eb5922cc0f1c016d42ce46732d0a2)), closes [#1234](https://github.com/ory/kratos/issues/1234) -* Anti-CSRF measures when fetching flows ([#1458](https://github.com/ory/kratos/issues/1458)) ([5171557](https://github.com/ory/kratos/commit/51715572ea08f654d1e97d760b9c3d3a9113aa3d)), closes [#1282](https://github.com/ory/kratos/issues/1282) -* Configurable recovery/verification link lifetime ([f80d4e3](https://github.com/ory/kratos/commit/f80d4e3bf7df603b73589dbc6805c69d049921e0)) -* Disable HaveIBeenPwned validation when HaveIBeenPwnedEnabled is set to false ([#1445](https://github.com/ory/kratos/issues/1445)) ([44002f4](https://github.com/ory/kratos/commit/44002f4fa93b40a6bb18f1e759bb416d082cec08)), closes [#316](https://github.com/ory/kratos/issues/316): - - This patch introduces an option to disable HaveIBeenPwned checks in environments where outbound network calls are disabled. - -* **identities:** Add a state to identities ([#1312](https://github.com/ory/kratos/issues/1312)) ([d22954e](https://github.com/ory/kratos/commit/d22954e2fdb7b2dd5206651b6dd5cf96185a33ba)), closes [#598](https://github.com/ory/kratos/issues/598) -* Improve contextualization in serve/daemon ([f83cd35](https://github.com/ory/kratos/commit/f83cd355422fb4b422f703406473bda914d8419c)) -* Include Credentials Metadata in admin api ([#1274](https://github.com/ory/kratos/issues/1274)) ([c8b6219](https://github.com/ory/kratos/commit/c8b62190fca53db4e1b3a4ddb5253fbd2fd46002)), closes [#820](https://github.com/ory/kratos/issues/820) -* Include Credentials Metadata in admin api Missing changes in handler ([#1366](https://github.com/ory/kratos/issues/1366)) ([a71c220](https://github.com/ory/kratos/commit/a71c2208dedac45d32dab578e62a5e3105c8dee0)) -* Natively support SPA for login flows ([6ff67af](https://github.com/ory/kratos/commit/6ff67afa8b0fc0a95cec44d3dda2cbc1987b51dd)), closes [#1138](https://github.com/ory/kratos/issues/1138) [#668](https://github.com/ory/kratos/issues/668): - - This patch adds the long-awaited capabilities for natively working with SPAs and AJAX requests. Previously, requests to the `/self-service/login/browser` endpoint would always end up in a redirect. Now, if the `Accept` header is set to `application/json`, the login flow will be returned as JSON instead. Accordingly, changes to the error and submission flow have been made to support `application/json` content types and SPA / AJAX requests. - -* Natively support SPA for recovery flows ([5461244](https://github.com/ory/kratos/commit/5461244943286081e13c304a3b38413b8ee6fdf2)): - - This patch adds the long-awaited capabilities for natively working with SPAs and AJAX requests. Previously, requests to the `/self-service/recovery/browser` endpoint would always end up in a redirect. Now, if the `Accept` header is set to `application/json`, the registration flow will be returned as JSON instead. Accordingly, changes to the error and submission flow have been made to support `application/json` content types and SPA / AJAX requests. - -* Natively support SPA for registration flows ([57d3c57](https://github.com/ory/kratos/commit/57d3c5786a88f0648e7fa57f181f060a057ec19f)), closes [#1138](https://github.com/ory/kratos/issues/1138) [#668](https://github.com/ory/kratos/issues/668): - - This patch adds the long-awaited capabilities for natively working with SPAs and AJAX requests. Previously, requests to the `/self-service/registration/browser` endpoint would always end up in a redirect. Now, if the `Accept` header is set to `application/json`, the registration flow will be returned as JSON instead. Accordingly, changes to the error and submission flow have been made to support `application/json` content types and SPA / AJAX requests. - -* Natively support SPA for settings flows ([ea4395e](https://github.com/ory/kratos/commit/ea4395ed25d5668e4ce365336cd7a5e13e0ba1cc)): - - This patch adds the long-awaited capabilities for natively working with SPAs and AJAX requests. Previously, requests to the `/self-service/settings/browser` endpoint would always end up in a redirect. Now, if the `Accept` header is set to `application/json`, the registration flow will be returned as JSON instead. Accordingly, changes to the error and submission flow have been made to support `application/json` content types and SPA / AJAX requests. - -* Natively support SPA for verification flows ([c151500](https://github.com/ory/kratos/commit/c1515009dcd1b5946a93733feedb01753de91c3d)): - - This patch adds the long-awaited capabilities for natively working with SPAs and AJAX requests. Previously, requests to the `/self-service/verification/browser` endpoint would always end up in a redirect. Now, if the `Accept` header is set to `application/json`, the registration flow will be returned as JSON instead. Accordingly, changes to the error and submission flow have been made to support `application/json` content types and SPA / AJAX requests. - -* Protect logout against CSRF ([#1433](https://github.com/ory/kratos/issues/1433)) ([1a7a74c](https://github.com/ory/kratos/commit/1a7a74c3fe425f139a87bb68fbc07f8862c00e58)), closes [#142](https://github.com/ory/kratos/issues/142) -* Sign in with Auth0 ([#1352](https://github.com/ory/kratos/issues/1352)) ([f618a53](https://github.com/ory/kratos/commit/f618a53fb971ad16121aa8728cfec54253bb3f44)), closes [#609](https://github.com/ory/kratos/issues/609) -* Support api in settings error ([23105db](https://github.com/ory/kratos/commit/23105dbb836d920b8766536b65de58932f53d6f6)) -* Support reading session token from X-Session-Token HTTP header ([dcaefd9](https://github.com/ory/kratos/commit/dcaefd94a0b2cf819424f2e10b3bdae63b256726)) -* Team id in slack oidc ([#1409](https://github.com/ory/kratos/issues/1409)) ([e4d021a](https://github.com/ory/kratos/commit/e4d021a037a6b44f8bd66372e9c260c640e87b9d)), closes [#1408](https://github.com/ory/kratos/issues/1408) -* TLS support for public and admin endpoints ([#1466](https://github.com/ory/kratos/issues/1466)) ([7f44f81](https://github.com/ory/kratos/commit/7f44f819a5989a699e403e02c69541369573078f)), closes [#791](https://github.com/ory/kratos/issues/791) -* Update openapi specs and regenerate ([cac507e](https://github.com/ory/kratos/commit/cac507eb5b1f39d003d72e57912dbbfe6f92deb1)) +- Add examples for usage of go sdk + ([870c2bd](https://github.com/ory/kratos/commit/870c2bd316a3e5b7ce9d526ebf369e41dbea2630)) +- Add GetContextualizer + ([ac32717](https://github.com/ory/kratos/commit/ac3271742c9c2b968b08dd2b35a5d120c5befcd9)) +- Add helper for starting kratos e2e + ([#1469](https://github.com/ory/kratos/issues/1469)) + ([b9c7674](https://github.com/ory/kratos/commit/b9c7674c30df8200bcd7223c2fa6b058e833bb8a)) +- Add instana as possible tracing provider + ([#1429](https://github.com/ory/kratos/issues/1429)) + ([abe48a9](https://github.com/ory/kratos/commit/abe48a97ee75567979a70f00dd73ff698efcc75d)), + closes [#1385](https://github.com/ory/kratos/issues/1385) +- Add redoc ([#1502](https://github.com/ory/kratos/issues/1502)) + ([492266d](https://github.com/ory/kratos/commit/492266de9c9b7b775a7b21b5890361380d911da4)) +- Add vk and yandex providers to oidc providers and documentation + ([#1339](https://github.com/ory/kratos/issues/1339)) + ([22a3ef9](https://github.com/ory/kratos/commit/22a3ef98181eb5922cc0f1c016d42ce46732d0a2)), + closes [#1234](https://github.com/ory/kratos/issues/1234) +- Anti-CSRF measures when fetching flows + ([#1458](https://github.com/ory/kratos/issues/1458)) + ([5171557](https://github.com/ory/kratos/commit/51715572ea08f654d1e97d760b9c3d3a9113aa3d)), + closes [#1282](https://github.com/ory/kratos/issues/1282) +- Configurable recovery/verification link lifetime + ([f80d4e3](https://github.com/ory/kratos/commit/f80d4e3bf7df603b73589dbc6805c69d049921e0)) +- Disable HaveIBeenPwned validation when HaveIBeenPwnedEnabled is set to false + ([#1445](https://github.com/ory/kratos/issues/1445)) + ([44002f4](https://github.com/ory/kratos/commit/44002f4fa93b40a6bb18f1e759bb416d082cec08)), + closes [#316](https://github.com/ory/kratos/issues/316): + + This patch introduces an option to disable HaveIBeenPwned checks in + environments where outbound network calls are disabled. + +- **identities:** Add a state to identities + ([#1312](https://github.com/ory/kratos/issues/1312)) + ([d22954e](https://github.com/ory/kratos/commit/d22954e2fdb7b2dd5206651b6dd5cf96185a33ba)), + closes [#598](https://github.com/ory/kratos/issues/598) +- Improve contextualization in serve/daemon + ([f83cd35](https://github.com/ory/kratos/commit/f83cd355422fb4b422f703406473bda914d8419c)) +- Include Credentials Metadata in admin api + ([#1274](https://github.com/ory/kratos/issues/1274)) + ([c8b6219](https://github.com/ory/kratos/commit/c8b62190fca53db4e1b3a4ddb5253fbd2fd46002)), + closes [#820](https://github.com/ory/kratos/issues/820) +- Include Credentials Metadata in admin api Missing changes in handler + ([#1366](https://github.com/ory/kratos/issues/1366)) + ([a71c220](https://github.com/ory/kratos/commit/a71c2208dedac45d32dab578e62a5e3105c8dee0)) +- Natively support SPA for login flows + ([6ff67af](https://github.com/ory/kratos/commit/6ff67afa8b0fc0a95cec44d3dda2cbc1987b51dd)), + closes [#1138](https://github.com/ory/kratos/issues/1138) + [#668](https://github.com/ory/kratos/issues/668): + + This patch adds the long-awaited capabilities for natively working with SPAs + and AJAX requests. Previously, requests to the `/self-service/login/browser` + endpoint would always end up in a redirect. Now, if the `Accept` header is set + to `application/json`, the login flow will be returned as JSON instead. + Accordingly, changes to the error and submission flow have been made to + support `application/json` content types and SPA / AJAX requests. + +- Natively support SPA for recovery flows + ([5461244](https://github.com/ory/kratos/commit/5461244943286081e13c304a3b38413b8ee6fdf2)): + + This patch adds the long-awaited capabilities for natively working with SPAs + and AJAX requests. Previously, requests to the + `/self-service/recovery/browser` endpoint would always end up in a redirect. + Now, if the `Accept` header is set to `application/json`, the registration + flow will be returned as JSON instead. Accordingly, changes to the error and + submission flow have been made to support `application/json` content types and + SPA / AJAX requests. + +- Natively support SPA for registration flows + ([57d3c57](https://github.com/ory/kratos/commit/57d3c5786a88f0648e7fa57f181f060a057ec19f)), + closes [#1138](https://github.com/ory/kratos/issues/1138) + [#668](https://github.com/ory/kratos/issues/668): + + This patch adds the long-awaited capabilities for natively working with SPAs + and AJAX requests. Previously, requests to the + `/self-service/registration/browser` endpoint would always end up in a + redirect. Now, if the `Accept` header is set to `application/json`, the + registration flow will be returned as JSON instead. Accordingly, changes to + the error and submission flow have been made to support `application/json` + content types and SPA / AJAX requests. + +- Natively support SPA for settings flows + ([ea4395e](https://github.com/ory/kratos/commit/ea4395ed25d5668e4ce365336cd7a5e13e0ba1cc)): + + This patch adds the long-awaited capabilities for natively working with SPAs + and AJAX requests. Previously, requests to the + `/self-service/settings/browser` endpoint would always end up in a redirect. + Now, if the `Accept` header is set to `application/json`, the registration + flow will be returned as JSON instead. Accordingly, changes to the error and + submission flow have been made to support `application/json` content types and + SPA / AJAX requests. + +- Natively support SPA for verification flows + ([c151500](https://github.com/ory/kratos/commit/c1515009dcd1b5946a93733feedb01753de91c3d)): + + This patch adds the long-awaited capabilities for natively working with SPAs + and AJAX requests. Previously, requests to the + `/self-service/verification/browser` endpoint would always end up in a + redirect. Now, if the `Accept` header is set to `application/json`, the + registration flow will be returned as JSON instead. Accordingly, changes to + the error and submission flow have been made to support `application/json` + content types and SPA / AJAX requests. + +- Protect logout against CSRF + ([#1433](https://github.com/ory/kratos/issues/1433)) + ([1a7a74c](https://github.com/ory/kratos/commit/1a7a74c3fe425f139a87bb68fbc07f8862c00e58)), + closes [#142](https://github.com/ory/kratos/issues/142) +- Sign in with Auth0 ([#1352](https://github.com/ory/kratos/issues/1352)) + ([f618a53](https://github.com/ory/kratos/commit/f618a53fb971ad16121aa8728cfec54253bb3f44)), + closes [#609](https://github.com/ory/kratos/issues/609) +- Support api in settings error + ([23105db](https://github.com/ory/kratos/commit/23105dbb836d920b8766536b65de58932f53d6f6)) +- Support reading session token from X-Session-Token HTTP header + ([dcaefd9](https://github.com/ory/kratos/commit/dcaefd94a0b2cf819424f2e10b3bdae63b256726)) +- Team id in slack oidc ([#1409](https://github.com/ory/kratos/issues/1409)) + ([e4d021a](https://github.com/ory/kratos/commit/e4d021a037a6b44f8bd66372e9c260c640e87b9d)), + closes [#1408](https://github.com/ory/kratos/issues/1408) +- TLS support for public and admin endpoints + ([#1466](https://github.com/ory/kratos/issues/1466)) + ([7f44f81](https://github.com/ory/kratos/commit/7f44f819a5989a699e403e02c69541369573078f)), + closes [#791](https://github.com/ory/kratos/issues/791) +- Update openapi specs and regenerate + ([cac507e](https://github.com/ory/kratos/commit/cac507eb5b1f39d003d72e57912dbbfe6f92deb1)) ### Tests -* Add tests for cookie behavior of API and browser endpoints ([d1b1521](https://github.com/ory/kratos/commit/d1b15217867cfb92a615c793b26fad288f5e5742)) -* **e2e:** Greatly improve test performance ([#1421](https://github.com/ory/kratos/issues/1421)) ([2ffad9e](https://github.com/ory/kratos/commit/2ffad9ee751471451e2151719a2e70d5f89437b0)): - - Instead of running the individual profiles as separate Cypress instances, we now use one singular instance which updates the Ory Kratos configuration depending on the test context. This ensures that hot-reloading is properly working while also signficantly reducing the amount of time spent on booting up the service dependencies. - -* **e2e:** Resolve flaky test issues related to timeouts and speed ([b083791](https://github.com/ory/kratos/commit/b083791858bc26a02250d7f5a4e8883cd7392a58)) -* **e2e:** Resolve recovery regression ([72c47d6](https://github.com/ory/kratos/commit/72c47d65415efbb53d5d680bd9d78156d577b67f)) -* **e2e:** Resolve test config regressions ([eb9c4f9](https://github.com/ory/kratos/commit/eb9c4f98f2e30ac420ed1e3f18a3f0d9ff23846e)) -* Remove obsolete console.log ([3ecc869](https://github.com/ory/kratos/commit/3ecc869ebfef5c97334ae4334fb4af98ca9baf97)) -* Resolve e2e regressions ([b0d3b82](https://github.com/ory/kratos/commit/b0d3b82f301942bebe3c0027c8b3160749f907af)) -* Resolve migratest panic ([89d05ae](https://github.com/ory/kratos/commit/89d05ae0c376c4ea1f23708cccf95c9754a29c94)) -* Resolve mobile regressions ([868e82e](https://github.com/ory/kratos/commit/868e82e3d7aec4cde80d7c1d0ce4601e40695f27)) -* Resolve oidc regressions ([2403082](https://github.com/ory/kratos/commit/2403082701ac5d667706afd893a6d406496f67fa)) +- Add tests for cookie behavior of API and browser endpoints + ([d1b1521](https://github.com/ory/kratos/commit/d1b15217867cfb92a615c793b26fad288f5e5742)) +- **e2e:** Greatly improve test performance + ([#1421](https://github.com/ory/kratos/issues/1421)) + ([2ffad9e](https://github.com/ory/kratos/commit/2ffad9ee751471451e2151719a2e70d5f89437b0)): + + Instead of running the individual profiles as separate Cypress instances, we + now use one singular instance which updates the Ory Kratos configuration + depending on the test context. This ensures that hot-reloading is properly + working while also signficantly reducing the amount of time spent on booting + up the service dependencies. + +- **e2e:** Resolve flaky test issues related to timeouts and speed + ([b083791](https://github.com/ory/kratos/commit/b083791858bc26a02250d7f5a4e8883cd7392a58)) +- **e2e:** Resolve recovery regression + ([72c47d6](https://github.com/ory/kratos/commit/72c47d65415efbb53d5d680bd9d78156d577b67f)) +- **e2e:** Resolve test config regressions + ([eb9c4f9](https://github.com/ory/kratos/commit/eb9c4f98f2e30ac420ed1e3f18a3f0d9ff23846e)) +- Remove obsolete console.log + ([3ecc869](https://github.com/ory/kratos/commit/3ecc869ebfef5c97334ae4334fb4af98ca9baf97)) +- Resolve e2e regressions + ([b0d3b82](https://github.com/ory/kratos/commit/b0d3b82f301942bebe3c0027c8b3160749f907af)) +- Resolve migratest panic + ([89d05ae](https://github.com/ory/kratos/commit/89d05ae0c376c4ea1f23708cccf95c9754a29c94)) +- Resolve mobile regressions + ([868e82e](https://github.com/ory/kratos/commit/868e82e3d7aec4cde80d7c1d0ce4601e40695f27)) +- Resolve oidc regressions + ([2403082](https://github.com/ory/kratos/commit/2403082701ac5d667706afd893a6d406496f67fa)) ### Unclassified -* add CoC shield (#1439) ([826ed1a](https://github.com/ory/kratos/commit/826ed1a6deafdc2631a5c72f0bfacc91b06a3435)), closes [#1439](https://github.com/ory/kratos/issues/1439) -* u ([b03549b](https://github.com/ory/kratos/commit/b03549b6340ec0bf4f9d741ce145ca90bbc09968)) -* u ([318a31d](https://github.com/ory/kratos/commit/318a31d400b97653b4f377c67df4ae0afea189d9)) -* Format ([eca7aff](https://github.com/ory/kratos/commit/eca7aff2be96c673dd6be5dc36ab1f4850cc44f0)) -* Format ([5cc9fc3](https://github.com/ory/kratos/commit/5cc9fc3a6e91a96225d016d60c8da5cef647ac18)) -* Format ([e525805](https://github.com/ory/kratos/commit/e525805246431075d26c3f47596ae93f6580d8ee)) -* Format ([4a692ac](https://github.com/ory/kratos/commit/4a692acc7db160068ed7d81461b173bc957e4736)) -* Format ([169c0cd](https://github.com/ory/kratos/commit/169c0cd8d424babef69a52ddf65e2b75ded09a46)) - +- add CoC shield (#1439) + ([826ed1a](https://github.com/ory/kratos/commit/826ed1a6deafdc2631a5c72f0bfacc91b06a3435)), + closes [#1439](https://github.com/ory/kratos/issues/1439) +- u + ([b03549b](https://github.com/ory/kratos/commit/b03549b6340ec0bf4f9d741ce145ca90bbc09968)) +- u + ([318a31d](https://github.com/ory/kratos/commit/318a31d400b97653b4f377c67df4ae0afea189d9)) +- Format + ([eca7aff](https://github.com/ory/kratos/commit/eca7aff2be96c673dd6be5dc36ab1f4850cc44f0)) +- Format + ([5cc9fc3](https://github.com/ory/kratos/commit/5cc9fc3a6e91a96225d016d60c8da5cef647ac18)) +- Format + ([e525805](https://github.com/ory/kratos/commit/e525805246431075d26c3f47596ae93f6580d8ee)) +- Format + ([4a692ac](https://github.com/ory/kratos/commit/4a692acc7db160068ed7d81461b173bc957e4736)) +- Format + ([169c0cd](https://github.com/ory/kratos/commit/169c0cd8d424babef69a52ddf65e2b75ded09a46)) # [0.6.3-alpha.1](https://github.com/ory/kratos/compare/v0.6.2-alpha.1...v0.6.3-alpha.1) (2021-05-17) -This release addresses some minor bugs and improves the SDK experience. Please be aware that the Ory Kratos SDK v0.6.3+ have breaking changes compared to Ory Kratos SDK v0.6.2. If you do not wish to update your code, you can keep using the Ory Kratos v0.6.2 SDK and upgrade to v0.6.3+ SDKs at a later stage, as only naming conventions have changed! - - +This release addresses some minor bugs and improves the SDK experience. Please +be aware that the Ory Kratos SDK v0.6.3+ have breaking changes compared to Ory +Kratos SDK v0.6.2. If you do not wish to update your code, you can keep using +the Ory Kratos v0.6.2 SDK and upgrade to v0.6.3+ SDKs at a later stage, as only +naming conventions have changed! ## Breaking Changes -Unfortunately, some method signatures have changed in the SDKs. Below is a list of changed entries: +Unfortunately, some method signatures have changed in the SDKs. Below is a list +of changed entries: -- Error `genericError` was renamed to `jsonError` and now includes more information and better typing for errors; +- Error `genericError` was renamed to `jsonError` and now includes more + information and better typing for errors; - The following functions have been renamed: - - `initializeSelfServiceLoginViaAPIFlow` -> `initializeSelfServiceLoginForNativeApps` - - `initializeSelfServiceLoginViaBrowserFlow` -> `initializeSelfServiceLoginForBrowsers` - - `initializeSelfServiceRegistrationViaAPIFlow` -> `initializeSelfServiceRegistrationForNativeApps` - - `initializeSelfServiceRegistrationViaBrowserFlow` -> `initializeSelfServiceRegistrationForBrowsers` - - `initializeSelfServiceSettingsViaAPIFlow` -> `initializeSelfServiceSettingsForNativeApps` - - `initializeSelfServiceSettingsViaBrowserFlow` -> `initializeSelfServiceSettingsForBrowsers` - - `initializeSelfServiceRecoveryViaAPIFlow` -> `initializeSelfServiceRecoveryForNativeApps` - - `initializeSelfServiceRecoveryViaBrowserFlow` -> `initializeSelfServiceRecoveryForBrowsers` - - `initializeSelfServiceVerificationViaAPIFlow` -> `initializeSelfServiceVerificationForNativeApps` - - `initializeSelfServiceVerificationViaBrowserFlow` -> `initializeSelfServiceVerificationForBrowsers` + - `initializeSelfServiceLoginViaAPIFlow` -> + `initializeSelfServiceLoginForNativeApps` + - `initializeSelfServiceLoginViaBrowserFlow` -> + `initializeSelfServiceLoginForBrowsers` + - `initializeSelfServiceRegistrationViaAPIFlow` -> + `initializeSelfServiceRegistrationForNativeApps` + - `initializeSelfServiceRegistrationViaBrowserFlow` -> + `initializeSelfServiceRegistrationForBrowsers` + - `initializeSelfServiceSettingsViaAPIFlow` -> + `initializeSelfServiceSettingsForNativeApps` + - `initializeSelfServiceSettingsViaBrowserFlow` -> + `initializeSelfServiceSettingsForBrowsers` + - `initializeSelfServiceRecoveryViaAPIFlow` -> + `initializeSelfServiceRecoveryForNativeApps` + - `initializeSelfServiceRecoveryViaBrowserFlow` -> + `initializeSelfServiceRecoveryForBrowsers` + - `initializeSelfServiceVerificationViaAPIFlow` -> + `initializeSelfServiceVerificationForNativeApps` + - `initializeSelfServiceVerificationViaBrowserFlow` -> + `initializeSelfServiceVerificationForBrowsers` - Some type names have changed, for example `traits` -> `identityTraits`. - - ### Bug Fixes -* Improve settings oas definition ([867abfc](https://github.com/ory/kratos/commit/867abfc813b08142786f71bfe28e373d4754c959)) -* Properly handle CSRF for API flows in recovery and verification strategies ([461c829](https://github.com/ory/kratos/commit/461c829dc4d7f7b70620abee2263efba78ce463a)), closes [#1141](https://github.com/ory/kratos/issues/1141) -* **session:** Use specific headers before bearer use ([82c0b54](https://github.com/ory/kratos/commit/82c0b545b29b30fcf3521d9621ec5c5f1a23dc96)) -* Use correct api spec path ([5f41f87](https://github.com/ory/kratos/commit/5f41f87bea2919cdf4e9f55c6ad938c5bc08b619)) -* Use correct openapi path for validation ([#1340](https://github.com/ory/kratos/issues/1340)) ([a0f5673](https://github.com/ory/kratos/commit/a0f5673d6aa4e60bab06ef699dce231f0bf4aeff)) +- Improve settings oas definition + ([867abfc](https://github.com/ory/kratos/commit/867abfc813b08142786f71bfe28e373d4754c959)) +- Properly handle CSRF for API flows in recovery and verification strategies + ([461c829](https://github.com/ory/kratos/commit/461c829dc4d7f7b70620abee2263efba78ce463a)), + closes [#1141](https://github.com/ory/kratos/issues/1141) +- **session:** Use specific headers before bearer use + ([82c0b54](https://github.com/ory/kratos/commit/82c0b545b29b30fcf3521d9621ec5c5f1a23dc96)) +- Use correct api spec path + ([5f41f87](https://github.com/ory/kratos/commit/5f41f87bea2919cdf4e9f55c6ad938c5bc08b619)) +- Use correct openapi path for validation + ([#1340](https://github.com/ory/kratos/issues/1340)) + ([a0f5673](https://github.com/ory/kratos/commit/a0f5673d6aa4e60bab06ef699dce231f0bf4aeff)) ### Code Generation -* Pin v0.6.3-alpha.1 release commit ([5edf952](https://github.com/ory/kratos/commit/5edf9524d812795ac5712e4a9541b34359234724)) +- Pin v0.6.3-alpha.1 release commit + ([5edf952](https://github.com/ory/kratos/commit/5edf9524d812795ac5712e4a9541b34359234724)) ### Code Refactoring -* Improve SDK experience ([71b8511](https://github.com/ory/kratos/commit/71b8511ae1f6f77b2996a01a55accc99d171cfaf)): - - This patch resolves UX issues in the auto-generated SDKs by using consistent naming and introducing a test suite for the Ory SaaS. - +- Improve SDK experience + ([71b8511](https://github.com/ory/kratos/commit/71b8511ae1f6f77b2996a01a55accc99d171cfaf)): + This patch resolves UX issues in the auto-generated SDKs by using consistent + naming and introducing a test suite for the Ory SaaS. # [0.6.2-alpha.1](https://github.com/ory/kratos/compare/v0.6.1-alpha.1...v0.6.2-alpha.1) (2021-05-14) Resolves an issue in the Go SDK. - - - - ### Code Generation -* Pin v0.6.2-alpha.1 release commit ([99c1b1d](https://github.com/ory/kratos/commit/99c1b1d674df3bd8263f7cbf1ed2bdfae6281f69)) +- Pin v0.6.2-alpha.1 release commit + ([99c1b1d](https://github.com/ory/kratos/commit/99c1b1d674df3bd8263f7cbf1ed2bdfae6281f69)) ### Documentation -* Update link to example email template. ([#1326](https://github.com/ory/kratos/issues/1326)) ([28a1723](https://github.com/ory/kratos/commit/28a17234b557cabf17b592ee68041aec695f6d20)) - +- Update link to example email template. + ([#1326](https://github.com/ory/kratos/issues/1326)) + ([28a1723](https://github.com/ory/kratos/commit/28a17234b557cabf17b592ee68041aec695f6d20)) # [0.6.1-alpha.1](https://github.com/ory/kratos/compare/v0.6.0-alpha.2...v0.6.1-alpha.1) (2021-05-11) This release primarily addresses issues in the SDK CI pipeline. - - - - ### Code Generation -* Pin v0.6.1-alpha.1 release commit ([1df82da](https://github.com/ory/kratos/commit/1df82daaf3f9cfd3a470d7c9bf8d96abbd52b872)) +- Pin v0.6.1-alpha.1 release commit + ([1df82da](https://github.com/ory/kratos/commit/1df82daaf3f9cfd3a470d7c9bf8d96abbd52b872)) ### Features -* Allow changing password validation API DNS name ([#1009](https://github.com/ory/kratos/issues/1009)) ([ced85e8](https://github.com/ory/kratos/commit/ced85e8091b06d864cc55c9975f8b006f6be1ce4)) - +- Allow changing password validation API DNS name + ([#1009](https://github.com/ory/kratos/issues/1009)) + ([ced85e8](https://github.com/ory/kratos/commit/ced85e8091b06d864cc55c9975f8b006f6be1ce4)) # [0.6.0-alpha.2](https://github.com/ory/kratos/compare/v0.6.0-alpha.1...v0.6.0-alpha.2) (2021-05-07) -This release addresses issues with the SDK pipeline and also closes a bug related to email sending. - - - - +This release addresses issues with the SDK pipeline and also closes a bug +related to email sending. ### Bug Fixes -* Update node image ([eef307e](https://github.com/ory/kratos/commit/eef307e6bc33c9ec36ed9138f99c19f72c7be575)) +- Update node image + ([eef307e](https://github.com/ory/kratos/commit/eef307e6bc33c9ec36ed9138f99c19f72c7be575)) ### Code Generation -* Pin v0.6.0-alpha.2 release commit ([a3658ba](https://github.com/ory/kratos/commit/a3658badb848656b61d54b3ee35114972afc1f35)) +- Pin v0.6.0-alpha.2 release commit + ([a3658ba](https://github.com/ory/kratos/commit/a3658badb848656b61d54b3ee35114972afc1f35)) ### Features -* Fix unexpected emails when update profile ([#1300](https://github.com/ory/kratos/issues/1300)) ([7b24485](https://github.com/ory/kratos/commit/7b2448566f82e69d555997654ee410f9b4ff3939)), closes [#1221](https://github.com/ory/kratos/issues/1221) - +- Fix unexpected emails when update profile + ([#1300](https://github.com/ory/kratos/issues/1300)) + ([7b24485](https://github.com/ory/kratos/commit/7b2448566f82e69d555997654ee410f9b4ff3939)), + closes [#1221](https://github.com/ory/kratos/issues/1221) # [0.6.0-alpha.1](https://github.com/ory/kratos/compare/v0.5.5-alpha.1...v0.6.0-alpha.1) (2021-05-05) -Today Ory Kratos v0.6 has been released! We are extremely happy with this release where we made many changes that pave the path for exciting future additions such as integrating 2FA more easily! We would like to thank the awesome community for the many contributions. +Today Ory Kratos v0.6 has been released! We are extremely happy with this +release where we made many changes that pave the path for exciting future +additions such as integrating 2FA more easily! We would like to thank the +awesome community for the many contributions. -Kratos v0.6 includes an insane amount of work spread over the last five months - 480 commits and over 4200 files changed. The team at Ory would like to thank all the amazing contributors that made this release possible! +Kratos v0.6 includes an insane amount of work spread over the last five months - +480 commits and over 4200 files changed. The team at Ory would like to thank all +the amazing contributors that made this release possible! Here is a summary of the most important changes: -- Ory Kratos now support highly customizable web hooks - contributed by [@dadrus](https://github.com/dadrus) and [@martinei](https://github.com/martinei); -- Ory Kratos Courier can now be run as a standalone task using `kratos courier watch -c your/config.yaml`. To use the mail courier as a background task of the server run `kratos serve --watch-courier` - contributed by [@mattbonnell](https://github.com/mattbonnell); -- Reworked migrations to ensure stable migrations in production systems - backward compatibility is ensured and tested; -- Upgraded to Go 1.16 and removed all static file packers, greatly improving build time; -- Refactored our SDK pipeline from Swagger 2.0 to OpenAPI Spec 3.0. Ory's SDKs are now properly typed and bugs can easily be addressed using a patch process. Due to this, we had to move away from go-swagger client generation for the Go SDK and replace it with openapi-generator. This, unfortunately, introduced breaking changes in the Go SDK APIs. If you have problems migrating, or have a tutorial on how to migrate, please share it with the community on GitHub! -- Created reliable health and status checks by ensuring that e.g. migrations have completed; +- Ory Kratos now support highly customizable web hooks - contributed by + [@dadrus](https://github.com/dadrus) and + [@martinei](https://github.com/martinei); +- Ory Kratos Courier can now be run as a standalone task using + `kratos courier watch -c your/config.yaml`. To use the mail courier as a + background task of the server run `kratos serve --watch-courier` - contributed + by [@mattbonnell](https://github.com/mattbonnell); +- Reworked migrations to ensure stable migrations in production systems - + backward compatibility is ensured and tested; +- Upgraded to Go 1.16 and removed all static file packers, greatly improving + build time; +- Refactored our SDK pipeline from Swagger 2.0 to OpenAPI Spec 3.0. Ory's SDKs + are now properly typed and bugs can easily be addressed using a patch process. + Due to this, we had to move away from go-swagger client generation for the Go + SDK and replace it with openapi-generator. This, unfortunately, introduced + breaking changes in the Go SDK APIs. If you have problems migrating, or have a + tutorial on how to migrate, please share it with the community on GitHub! +- Created reliable health and status checks by ensuring that e.g. migrations + have completed; - Made resilient CLI client commands e.g. kratos identities list; -- Better support for cookies in multi-domain setups called [domain aliasing](https://www.ory.sh/kratos/docs/guides/configuring-cookies); +- Better support for cookies in multi-domain setups called + [domain aliasing](https://www.ory.sh/kratos/docs/guides/configuring-cookies); - A new, [dynamically generated FAQ](https://www.ory.sh/kratos/docs/next/faq); - Enhanced GitHub and Google claims parsing; - Faster and more resilient CI/CD pipeline; - Improvements for running Ory Kratos in secure Kubernetes environments; - Better Helm Charts for Ory Kratos; -- Support for BCrypt hashing, which is now the default hashing implementation. Existing Argon2id hashes will be automatically translated to BCrypt hashes when the user signs in the next time. We recommend using Argon2id in use cases where password hashing is required to take at least 2 seconds. For regular web workloads (200ms) BCrypt is recommended - contributed by [@seremenko-wish](https://github.com/seremenko-wish); -- The Argon2 memory configuration is now human readable: `hashers.argon2.memory: 131072` -> `hashers.argon2.memory: 131072B` (supports kb, mb, kib, mib, ...). -- Add possibility to keep track of the return_to URLs for verification_flows after sign up using the new `after_verification_return_to` query parameter (e.g. `http://foo.com/registration?after_verification_return_to=verification_callback`) - contributed by [@mattbonnell](https://github.com/mattbonnell); -- Emails are now populated at delivery time, offering more flexibility in terms of templating; -- Emails contain a plaintext variant for email clients that do not display HTML emails - contributed by [@mattbonnell](https://github.com/mattbonnell); -- Mitigation for password hash timing attacks by adding a random delay to login attempts where the user does not exist; +- Support for BCrypt hashing, which is now the default hashing implementation. + Existing Argon2id hashes will be automatically translated to BCrypt hashes + when the user signs in the next time. We recommend using Argon2id in use cases + where password hashing is required to take at least 2 seconds. For regular web + workloads (200ms) BCrypt is recommended - contributed by + [@seremenko-wish](https://github.com/seremenko-wish); +- The Argon2 memory configuration is now human readable: + `hashers.argon2.memory: 131072` -> `hashers.argon2.memory: 131072B` (supports + kb, mb, kib, mib, ...). +- Add possibility to keep track of the return_to URLs for verification_flows + after sign up using the new `after_verification_return_to` query parameter + (e.g. + `http://foo.com/registration?after_verification_return_to=verification_callback`) - + contributed by [@mattbonnell](https://github.com/mattbonnell); +- Emails are now populated at delivery time, offering more flexibility in terms + of templating; +- Emails contain a plaintext variant for email clients that do not display HTML + emails - contributed by [@mattbonnell](https://github.com/mattbonnell); +- Mitigation for password hash timing attacks by adding a random delay to login + attempts where the user does not exist; - Resolving SDKs issues for whoami requests; -- Simplified database schema for faster processing, significantly reducing the amount of data stored and latency as several JOINS have been removed; -- Support for binding the HTTP server on UNIX sockets - contributed by [@sloonz](https://github.com/sloonz); - -There are even more contributions by [@NickUfer](https://github.com/NickUfer) and [harnash](https://github.com/harnash). In total, [33 people contributed to this release](https://github.com/ory/kratos/graphs/contributors?from=2020-12-09&to=2021-05-04&type=c)! Thank you all! - -*IMPORTANT:* Please be aware that the database schema has changed significantly. Applying migrations might, depending on the size of your tables, take a long time. If your database does not support online schema migrations, you will experience downtimes. Please test the migration process before applying it to production! - -The probably biggest and most significant change is the refactoring of how self-service flows work and what their payloads look like. This took the most amount of time and introduces the biggest breaking changes in our APIs. We did this refactoring to support several flows planned for Ory Kratos 0.7: - -1. Displaying QR codes (images) in login, registration, settings flows - necessary for TOTP 2FA; -2. Asking the login/registration/... UI to render JavaScript - necessary for CAPTCHA, WebAuthN, and more; -3. Refactoring the form submission API to use one endpoint per flow instead of one endpoint per flow per method. This allows us to process several registration/settings/login/... methods such as password + 2FA in one Go. - -[Check out how we migrated the NodeJS app](https://github.com/ory/kratos-selfservice-ui-node/commit/53ad90b6c82cde48994feebcc75d754ba74929ec) from the Ory Kratos 0.5 to Ory Kratos 0.6 SDK. - -Let's take a look into how these payloads have changed (the flows have identical configuration): +- Simplified database schema for faster processing, significantly reducing the + amount of data stored and latency as several JOINS have been removed; +- Support for binding the HTTP server on UNIX sockets - contributed by + [@sloonz](https://github.com/sloonz); + +There are even more contributions by [@NickUfer](https://github.com/NickUfer) +and [harnash](https://github.com/harnash). In total, +[33 people contributed to this release](https://github.com/ory/kratos/graphs/contributors?from=2020-12-09&to=2021-05-04&type=c)! +Thank you all! + +_IMPORTANT:_ Please be aware that the database schema has changed significantly. +Applying migrations might, depending on the size of your tables, take a long +time. If your database does not support online schema migrations, you will +experience downtimes. Please test the migration process before applying it to +production! + +The probably biggest and most significant change is the refactoring of how +self-service flows work and what their payloads look like. This took the most +amount of time and introduces the biggest breaking changes in our APIs. We did +this refactoring to support several flows planned for Ory Kratos 0.7: + +1. Displaying QR codes (images) in login, registration, settings flows - + necessary for TOTP 2FA; +2. Asking the login/registration/... UI to render JavaScript - necessary for + CAPTCHA, WebAuthN, and more; +3. Refactoring the form submission API to use one endpoint per flow instead of + one endpoint per flow per method. This allows us to process several + registration/settings/login/... methods such as password + 2FA in one Go. + +[Check out how we migrated the NodeJS app](https://github.com/ory/kratos-selfservice-ui-node/commit/53ad90b6c82cde48994feebcc75d754ba74929ec) +from the Ory Kratos 0.5 to Ory Kratos 0.6 SDK. + +Let's take a look into how these payloads have changed (the flows have identical +configuration): **Ory Kratos v0.5** -*Login* +_Login_ ```json { @@ -2418,7 +4069,7 @@ Let's take a look into how these payloads have changed (the flows have identical } ``` -*Registration* +_Registration_ ```json { @@ -2481,9 +4132,10 @@ Let's take a look into how these payloads have changed (the flows have identical **Ory Kratos v0.6** -*Login* +_Login_ -As you can see below, the input name `identifier` has changed to `password_identifier`. +As you can see below, the input name `identifier` has changed to +`password_identifier`. ```json { @@ -2571,7 +4223,7 @@ As you can see below, the input name `identifier` has changed to `password_ident } ``` -*Registration* +_Registration_ ```json { @@ -2692,56 +4344,137 @@ As you can see below, the input name `identifier` has changed to `password_ident These changes are analogous to settings, recovery, verification as well! -We hope you enjoy these new features as much as we do, even if we were not able to deliver 2FA in time for 0.6! +We hope you enjoy these new features as much as we do, even if we were not able +to deliver 2FA in time for 0.6! -On the last note, Ory Platform, a SaaS is launching in May as early access. It includes Ory Kratos as a managed service and we plan on adding all the other Ory open source technology soon. In our view, Ory is a 10x improvement to the existing "IAM" ecosystem: +On the last note, Ory Platform, a SaaS is launching in May as early access. It +includes Ory Kratos as a managed service and we plan on adding all the other Ory +open source technology soon. In our view, Ory is a 10x improvement to the +existing "IAM" ecosystem: -1. The major components of Ory Platform are and will remain Apache 2.0 licensed open source. We are *not changing our approach or commitment to open source*. The SaaS model allows us to keep commercialization and open source in harmony; +1. The major components of Ory Platform are and will remain Apache 2.0 licensed + open source. We are _not changing our approach or commitment to open source_. + The SaaS model allows us to keep commercialization and open source in + harmony; 2. Affordable pricing - Ory does not charge on a per identity basis; -3. Supporting migrations from the Ory Platform (SaaS) to the open-source and vice versa; -4. Offering a planet-scale service with ultra-low latencies no matter where your users are; -5. The largest set of features and APIs of any Identity Product, including Identity and Credentials Management (Ory Kratos), Permissions and Access Control (Ory Keto), Zero-Trust Networking (Ory Oathkeeper), OAuth2, and OpenID Connect (Ory Hydra) plus integrations with Stripe, Mailchimp, Salesforce, and much more. -6. Data aggregation for threat mitigation, auditing, and other use cases (e.g. integration with Snowflake, AWS RedShift, GCP BigQuery, ...) -7. All the advantages of the open source projects - headless, fully customizable, strong security, built with a community; -If you wish to become a part of the preview, please write a short email to [sales@ory.sh](mailto:sales@ory.sh). Early access adopters are also eligible for Ory Hypercare - helping you integrate with Ory fast and designing your security architecture following industry best practices. +3. Supporting migrations from the Ory Platform (SaaS) to the open-source and + vice versa; +4. Offering a planet-scale service with ultra-low latencies no matter where your + users are; +5. The largest set of features and APIs of any Identity Product, including + Identity and Credentials Management (Ory Kratos), Permissions and Access + Control (Ory Keto), Zero-Trust Networking (Ory Oathkeeper), OAuth2, and + OpenID Connect (Ory Hydra) plus integrations with Stripe, Mailchimp, + Salesforce, and much more. +6. Data aggregation for threat mitigation, auditing, and other use cases (e.g. + integration with Snowflake, AWS RedShift, GCP BigQuery, ...) +7. All the advantages of the open source projects - headless, fully + customizable, strong security, built with a community; If you wish to become + a part of the preview, please write a short email to + [sales@ory.sh](mailto:sales@ory.sh). Early access adopters are also eligible + for Ory Hypercare - helping you integrate with Ory fast and designing your + security architecture following industry best practices. Thank you for being a part of our community! - - ## Breaking Changes -BCrypt is now the default hashing alogrithm. If you wish to continue using Argon2id please set `hashers.algorithm` to `argon2`. - -This implies a significant breaking change in the verification flow payload. Please consult the new ui documentation. In essence, the login flow's `methods` key was replaced with a generic `ui` key which provides information for the UI that needs to be rendered. - -To apply this patch you must apply SQL migrations. These migrations will drop the flow method table implying that all verification flows that are ongoing will become invalid. We recommend purging the flow table manually as well after this migration has been applied, if you have users doing at least one self-service flow per minute. - -This implies a significant breaking change in the recovery flow payload. Please consult the new ui documentation. In essence, the login flow's `methods` key was replaced with a generic `ui` key which provides information for the UI that needs to be rendered. - -To apply this patch you must apply SQL migrations. These migrations will drop the flow method table implying that all recovery flows that are ongoing will become invalid. We recommend purging the flow table manually as well after this migration has been applied, if you have users doing at least one self-service flow per minute. - -This implies a significant breaking change in the settings flow payload. Please consult the new ui documentation. In essence, the login flow's `methods` key was replaced with a generic `ui` key which provides information for the UI that needs to be rendered. - -To apply this patch you must apply SQL migrations. These migrations will drop the flow method table implying that all settings flows that are ongoing will become invalid. We recommend purging the flow table manually as well after this migration has been applied, if you have users doing at least one self-service flow per minute. - -This implies a significant breaking change in the registration flow payload. Please consult the new ui documentation. In essence, the login flow's `methods` key was replaced with a generic `ui` key which provides information for the UI that needs to be rendered. - -To apply this patch you must apply SQL migrations. These migrations will drop the flow method table implying that all registration flows that are ongoing will become invalid. We recommend purging the flow table manually as well after this migration has been applied, if you have users doing at least one self-service flow per minute. - -This implies a significant breaking change in the login flow payload. Please consult the new ui documentation. In essence, the login flow's `methods` key was replaced with a generic `ui` key which provides information for the UI that needs to be rendered. - -To apply this patch you must apply SQL migrations. These migrations will drop the flow method table implying that all login flows that are ongoing will become invalid. We recommend purging the flow table manually as well after this migration has been applied, if you have users doing at least one self-service flow per minute. - -This change introduces a new feature: UI Nodes. Previously, all self-service flows (login, registration, ...) included form fields (e.g. `methods.password.config.fields`). However, these form fields lacked support for other types of UI elements such as links (for e.g. "Sign in with Google"), images (e.g. QR codes), javascript (e.g. WebAuthn), or text (e.g. recovery codes). With this patch, these new features have been introduced. Please be aware that this introduces significant breaking changes which you will need to adopt to in your UI. Please refer to the most recent documentation to see what has changed. Conceptionally, most things stayed the same - you do however need to update how you access and render the form fields. - -Please be also aware that this patch includes SQL migrations which **purge existing self-service forms** from the database. This means that users will need to re-start the login/registration/... flow after the SQL migrations have been applied! If you wish to keep these records, make a back up of your database prior! - -This change introduces a new feature: UI Nodes. Previously, all self-service flows (login, registration, ...) included form fields (e.g. `methods.password.config.fields`). However, these form fields lacked support for other types of UI elements such as links (for e.g. "Sign in with Google"), images (e.g. QR codes), javascript (e.g. WebAuthn), or text (e.g. recovery codes). With this patch, these new features have been introduced. Please be aware that this introduces significant breaking changes which you will need to adopt to in your UI. Please refer to the most recent documentation to see what has changed. Conceptionally, most things stayed the same - you do however need to update how you access and render the form fields. - -Please be also aware that this patch includes SQL migrations which **purge existing self-service forms** from the database. This means that users will need to re-start the login/registration/... flow after the SQL migrations have been applied! If you wish to keep these records, make a back up of your database prior! - -The configuration value for `hashers.argon2.memory` is now a string representation of the memory amount including the unit of measurement. To convert the value divide your current setting (KB) by 1024 to get a result in MB or 1048576 to get a result in GB. Example: `131072` would now become `128MB`. +BCrypt is now the default hashing alogrithm. If you wish to continue using +Argon2id please set `hashers.algorithm` to `argon2`. + +This implies a significant breaking change in the verification flow payload. +Please consult the new ui documentation. In essence, the login flow's `methods` +key was replaced with a generic `ui` key which provides information for the UI +that needs to be rendered. + +To apply this patch you must apply SQL migrations. These migrations will drop +the flow method table implying that all verification flows that are ongoing will +become invalid. We recommend purging the flow table manually as well after this +migration has been applied, if you have users doing at least one self-service +flow per minute. + +This implies a significant breaking change in the recovery flow payload. Please +consult the new ui documentation. In essence, the login flow's `methods` key was +replaced with a generic `ui` key which provides information for the UI that +needs to be rendered. + +To apply this patch you must apply SQL migrations. These migrations will drop +the flow method table implying that all recovery flows that are ongoing will +become invalid. We recommend purging the flow table manually as well after this +migration has been applied, if you have users doing at least one self-service +flow per minute. + +This implies a significant breaking change in the settings flow payload. Please +consult the new ui documentation. In essence, the login flow's `methods` key was +replaced with a generic `ui` key which provides information for the UI that +needs to be rendered. + +To apply this patch you must apply SQL migrations. These migrations will drop +the flow method table implying that all settings flows that are ongoing will +become invalid. We recommend purging the flow table manually as well after this +migration has been applied, if you have users doing at least one self-service +flow per minute. + +This implies a significant breaking change in the registration flow payload. +Please consult the new ui documentation. In essence, the login flow's `methods` +key was replaced with a generic `ui` key which provides information for the UI +that needs to be rendered. + +To apply this patch you must apply SQL migrations. These migrations will drop +the flow method table implying that all registration flows that are ongoing will +become invalid. We recommend purging the flow table manually as well after this +migration has been applied, if you have users doing at least one self-service +flow per minute. + +This implies a significant breaking change in the login flow payload. Please +consult the new ui documentation. In essence, the login flow's `methods` key was +replaced with a generic `ui` key which provides information for the UI that +needs to be rendered. + +To apply this patch you must apply SQL migrations. These migrations will drop +the flow method table implying that all login flows that are ongoing will become +invalid. We recommend purging the flow table manually as well after this +migration has been applied, if you have users doing at least one self-service +flow per minute. + +This change introduces a new feature: UI Nodes. Previously, all self-service +flows (login, registration, ...) included form fields (e.g. +`methods.password.config.fields`). However, these form fields lacked support for +other types of UI elements such as links (for e.g. "Sign in with Google"), +images (e.g. QR codes), javascript (e.g. WebAuthn), or text (e.g. recovery +codes). With this patch, these new features have been introduced. Please be +aware that this introduces significant breaking changes which you will need to +adopt to in your UI. Please refer to the most recent documentation to see what +has changed. Conceptionally, most things stayed the same - you do however need +to update how you access and render the form fields. + +Please be also aware that this patch includes SQL migrations which **purge +existing self-service forms** from the database. This means that users will need +to re-start the login/registration/... flow after the SQL migrations have been +applied! If you wish to keep these records, make a back up of your database +prior! + +This change introduces a new feature: UI Nodes. Previously, all self-service +flows (login, registration, ...) included form fields (e.g. +`methods.password.config.fields`). However, these form fields lacked support for +other types of UI elements such as links (for e.g. "Sign in with Google"), +images (e.g. QR codes), javascript (e.g. WebAuthn), or text (e.g. recovery +codes). With this patch, these new features have been introduced. Please be +aware that this introduces significant breaking changes which you will need to +adopt to in your UI. Please refer to the most recent documentation to see what +has changed. Conceptionally, most things stayed the same - you do however need +to update how you access and render the form fields. + +Please be also aware that this patch includes SQL migrations which **purge +existing self-service forms** from the database. This means that users will need +to re-start the login/registration/... flow after the SQL migrations have been +applied! If you wish to keep these records, make a back up of your database +prior! + +The configuration value for `hashers.argon2.memory` is now a string +representation of the memory amount including the unit of measurement. To +convert the value divide your current setting (KB) by 1024 to get a result in MB +or 1048576 to get a result in GB. Example: `131072` would now become `128MB`. Co-authored-by: aeneasr <3372410+aeneasr@users.noreply.github.com> Co-authored-by: aeneasr @@ -2753,652 +4486,1146 @@ The following configuration keys were updated: ```patch selfservice.methods.password.config.max_breaches ``` -- `password.max_breaches` -> `selfservice.methods.password.config.max_breaches` -- `password.ignore_network_errors` -> `selfservice.methods.password.config.ignore_network_errors` - -After battling with [spf13/viper](https://github.com/spf13/viper) for several years we finally found a viable alternative with [knadh/koanf](https://github.com/knadh/koanf). The complete internal configuration infrastructure has changed, with several highlights: - -1. Configuration sourcing works from all sources (file, env, cli flags) with validation against the configuration schema, greatly improving developer experience when changing or updating configuration. -2. Configuration reloading has improved significantly and works flawlessly on Kubernetes. -3. Performance increased dramatically, completely removing the need for a cache layer between the configuration system and ORY Hydra. -4. It is now possible to load several config files using the `--config` flag. -5. Configuration values are now sent to the tracer (e.g. Jaeger) if tracing is enabled. - -Please be aware that ORY Kratos might complain about an invalid configuration, because the validation process has improved significantly. +- `password.max_breaches` -> `selfservice.methods.password.config.max_breaches` +- `password.ignore_network_errors` -> + `selfservice.methods.password.config.ignore_network_errors` + +After battling with [spf13/viper](https://github.com/spf13/viper) for several +years we finally found a viable alternative with +[knadh/koanf](https://github.com/knadh/koanf). The complete internal +configuration infrastructure has changed, with several highlights: + +1. Configuration sourcing works from all sources (file, env, cli flags) with + validation against the configuration schema, greatly improving developer + experience when changing or updating configuration. +2. Configuration reloading has improved significantly and works flawlessly on + Kubernetes. +3. Performance increased dramatically, completely removing the need for a cache + layer between the configuration system and ORY Hydra. +4. It is now possible to load several config files using the `--config` flag. +5. Configuration values are now sent to the tracer (e.g. Jaeger) if tracing is + enabled. +Please be aware that ORY Kratos might complain about an invalid configuration, +because the validation process has improved significantly. ### Bug Fixes -* Add include stub go files ([6d725b1](https://github.com/ory/kratos/commit/6d725b1461a26d99c8b179be8ca219ba83ba0f17)) -* Add index to migration status ([8c6ec27](https://github.com/ory/kratos/commit/8c6ec2741535c090aae16f02a744f56c15923e2b)) -* Add node_modules to format tasks ([e5f6b36](https://github.com/ory/kratos/commit/e5f6b36caeff080905d15566cf55f8fe4905dbc0)) -* Add titles to identity schema ([73c15d2](https://github.com/ory/kratos/commit/73c15d23840aa83d2c99c013cad52ad7df285f18)) -* Adopt to new go-swagger changes ([5c45bd9](https://github.com/ory/kratos/commit/5c45bd9f354bfe19b8cbcd7eb4eaebf22c441f42)) -* Allow absolute file URLs as config values ([#1069](https://github.com/ory/kratos/issues/1069)) ([4bb4f67](https://github.com/ory/kratos/commit/4bb4f679d1fe0a49edb0c0189bb7a2188d4f850d)) -* Allow hashtag in ui urls ([#1040](https://github.com/ory/kratos/issues/1040)) ([7591f07](https://github.com/ory/kratos/commit/7591f07f7d48376a03e9eacfdb6f4a93fd26c0d5)) -* Avoid unicode-escaping ampersand in recovery URL query string ([#1212](https://github.com/ory/kratos/issues/1212)) ([d172368](https://github.com/ory/kratos/commit/d17236870af490f043d87e220179b35c9eb2dd4e)) -* Bcrypt regression in credentials counting ([23fc13b](https://github.com/ory/kratos/commit/23fc13ba778e0045ca30c00d673ebd6c2f2b7fb7)) -* Broken make quickstart-dev task ([#980](https://github.com/ory/kratos/issues/980)) ([999828a](https://github.com/ory/kratos/commit/999828ae036f20bde6d12fe89851e1fde9bdaca6)), closes [#965](https://github.com/ory/kratos/issues/965) -* Broken make sdk task ([#977](https://github.com/ory/kratos/issues/977)) ([5b01c7a](https://github.com/ory/kratos/commit/5b01c7a368c5bcfaa3af218d42f15288f51ab3e4)), closes [#950](https://github.com/ory/kratos/issues/950) -* Call contextualized test helpers ([e1f3f78](https://github.com/ory/kratos/commit/e1f3f7835696b039409c9d05f63665aba7a179ae)) -* **cmd:** Make HTTP calls resilient ([e8ed61f](https://github.com/ory/kratos/commit/e8ed61fc3e806453f78b8fa629e96ff7b320bf95)) -* Code integer parsing bit size ([#1178](https://github.com/ory/kratos/issues/1178)) ([31e9632](https://github.com/ory/kratos/commit/31e9632bcd6ec3bdeabe862a4cce89021c6dd361)): - - In some cases we had a wrong bitsize of `64`, while the var was later cast to `int`. Replaced with a bitsize of `0`, which is the value to cast to `int`. - -* Contextualize identity persister ([f8640c0](https://github.com/ory/kratos/commit/f8640c04f0c5873c39c8af4652d16bfbd347b79e)) -* Convert all identifiers to lower case on login ([#815](https://github.com/ory/kratos/issues/815)) ([d64b575](https://github.com/ory/kratos/commit/d64b5757c710c436d6789dbdb33ed04dc11cbdf9)), closes [#814](https://github.com/ory/kratos/issues/814) -* Courier adress ([#1198](https://github.com/ory/kratos/issues/1198)) ([ebe4e64](https://github.com/ory/kratos/commit/ebe4e643150f7603a1e3a3cf6f909135097b3f49)), closes [#1194](https://github.com/ory/kratos/issues/1194) -* Courier message dequeue race condition ([#1024](https://github.com/ory/kratos/issues/1024)) ([5396a82](https://github.com/ory/kratos/commit/5396a82c34eef5d42444b5c4371bd4f820fe3eb0)), closes [#652](https://github.com/ory/kratos/issues/652) [#732](https://github.com/ory/kratos/issues/732): - - Fixes the courier message dequeuing race condition by modifying `*sql.Persister.NextMessages(ctx context.Context, limit uint8)` to retrieve only messages with status `MessageStatusQueued` and update the status of the retrieved messages to `MessageStatusProcessing` within a transaction. On message send failure, the message's status is reset to `MessageStatusQueued`, so that the message can be dequeued in a subsequent `NextMessages` call. On message send success, the status is updated to `MessageStatusSent` (no change there). - -* Define credentials types as sql template and resolve crdb issue ([a2d6eeb](https://github.com/ory/kratos/commit/a2d6eeb2928c9750741237f559197fd80494310d)) -* Dereference pointer types from new flow structures ([#1019](https://github.com/ory/kratos/issues/1019)) ([efedc92](https://github.com/ory/kratos/commit/efedc920e592bd6e963726e6b123ddc40df93a59)) -* Do not include smtp in tracing ([#1268](https://github.com/ory/kratos/issues/1268)) ([bbfcbf9](https://github.com/ory/kratos/commit/bbfcbf9ce595d842a53a3ea21c286d5899eeb28f)) -* Do not publish version at public endpoint ([3726ed4](https://github.com/ory/kratos/commit/3726ed4d145a949b25f5b5da5f58d4f448a2a90f)) -* Do not reset registration method ([554bb0b](https://github.com/ory/kratos/commit/554bb0b4e62e4ac2a321fa4dbf89ffdf37b188df)) -* Do not return system errors for missing identifiers ([1fcc855](https://github.com/ory/kratos/commit/1fcc8557bfee0f7ba562a635670b61dc9acb3530)), closes [#1286](https://github.com/ory/kratos/issues/1286) -* Export mailhog dockertest runner ([1384148](https://github.com/ory/kratos/commit/138414873ad319c6c32c6cc64a73547540dffc74)) -* Fix random delay norm distribution math ([#1131](https://github.com/ory/kratos/issues/1131)) ([bd9d28f](https://github.com/ory/kratos/commit/bd9d28fe354710957f4ebaf71d1fffeae3968364)) -* Fork audit logger from root logger ([68a09e7](https://github.com/ory/kratos/commit/68a09e7f3dc3ded9a477bb309c68ac8c4e2c2836)) -* Gitlab oidc flow ([#1159](https://github.com/ory/kratos/issues/1159)) ([0bb3eb6](https://github.com/ory/kratos/commit/0bb3eb6db1144a09f4ac356cc45e1644d862bb70)), closes [#1157](https://github.com/ory/kratos/issues/1157) -* Give specific message instead of only 404 when method is disabled ([#1025](https://github.com/ory/kratos/issues/1025)) ([2f62041](https://github.com/ory/kratos/commit/2f62041a62588f5b3b062092c57053facb858e62)): - - Enabled strategies are not only used for handlers but also in other areas - (e.g. populating the flow methods). So we should keep the logic to get - enabled strategies and add new functions for getting all strategies. - -* **hashing:** Make bcrypt default hashing algorithm ([04abe77](https://github.com/ory/kratos/commit/04abe774ada1ef4bf318658fcf84c1d39a2a922d)) -* Ignore unset domain aliases ([ada6997](https://github.com/ory/kratos/commit/ada6997ff3dc7e48fd098e40267db5f231a5201f)) -* Improve cli error output ([43e9678](https://github.com/ory/kratos/commit/43e967887280b57639565dabd92a07f02fbddeb5)) -* Improve error stack trace ([4351773](https://github.com/ory/kratos/commit/43517737109088eda3b1d7f5b42f78bd5eb701d2)) -* Improve error tracing ([#1005](https://github.com/ory/kratos/issues/1005)) ([456fd25](https://github.com/ory/kratos/commit/456fd254485fc80b9ae02dfca672a9fea8ae0134)) -* Improve test contextualization ([2f92a70](https://github.com/ory/kratos/commit/2f92a7066d72535d32146a98207996fda45e0b96)) -* Initialize randomdelay with seeded source ([9896289](https://github.com/ory/kratos/commit/9896289216f10b808a8c78b86d9c27b8d74379de)) -* Insert credentials type constants as part of migrations ([#865](https://github.com/ory/kratos/issues/865)) ([92b79b8](https://github.com/ory/kratos/commit/92b79b86762edddf2ad6529b98b3383b641148d5)), closes [#861](https://github.com/ory/kratos/issues/861) -* Linking a connection may result in system error ([#990](https://github.com/ory/kratos/issues/990)) ([be02a70](https://github.com/ory/kratos/commit/be02a70c3cd60adbcc13559e1cb5dc01a8572da4)), closes [#694](https://github.com/ory/kratos/issues/694) -* Marking whoami auhorization parameter as 'in header' ([#1244](https://github.com/ory/kratos/issues/1244)) ([62d8b85](https://github.com/ory/kratos/commit/62d8b85223a0535b07620b08d35c6c3f6b127642)), closes [#1215](https://github.com/ory/kratos/issues/1215) -* Move schema loaders to correct file ([029781f](https://github.com/ory/kratos/commit/029781f69448e8abc85607a03b4bd2055158cf2c)) -* Move to new transaction-safe migrations ([#1063](https://github.com/ory/kratos/issues/1063)) ([2588fb4](https://github.com/ory/kratos/commit/2588fb489d76939aeec2986d30fde9075b373831)): - - This patch introduces a new SQL transaction model for running SQL migrations. This fix is particularly targeted at CockroachDB which has limited support for mixing DDL and DML statements. - - Previously it could happen that migrations failure needed manual intervention. This has now been resolved. The new migration model is compatible with the old one and should work without a problem. - -* Pass down context to registry ([0879446](https://github.com/ory/kratos/commit/08794461ed95965a9e5460ded2b4c04ab0f5e2e8)) -* Re-enable SDK generation ([1d5854d](https://github.com/ory/kratos/commit/1d5854d6298e3d21f85a8fa01d3004166c4b3f50)) -* Record cypress runs ([db35d8f](https://github.com/ory/kratos/commit/db35d8ff6bb44dc9e9acf131cb0a14a7f4a7d160)) -* Rehydrate settings form on successful submission ([3457e1a](https://github.com/ory/kratos/commit/3457e1a46f48ed79eabff76f8af08b82f12ecc89)), closes [#1305](https://github.com/ory/kratos/issues/1305) -* Remove absolete 'make pack' from Dockerfile ([#1172](https://github.com/ory/kratos/issues/1172)) ([b8eb908](https://github.com/ory/kratos/commit/b8eb908529cc72a3147ad28e4eeee71850a8e431)) -* Remove continuity cookies on errors ([85eea67](https://github.com/ory/kratos/commit/85eea6748be6ae8cdfc10cabaa6b677e4efd63eb)) -* Remove include stubs ([1764e3a](https://github.com/ory/kratos/commit/1764e3a08a24db82dc391a77fdea09a91faffb5f)) -* Remove obsolete clihelpers ([230fd13](https://github.com/ory/kratos/commit/230fd138d1bc7ec57647ea8eeca8e17baaacce0a)) -* Remove record from bash script ([84a9315](https://github.com/ory/kratos/commit/84a9315a824cacd29d30b98b65725343af22732d)) -* Remove stray non-ctx configs ([#1053](https://github.com/ory/kratos/issues/1053)) ([1fe137e](https://github.com/ory/kratos/commit/1fe137e0d6314bd0af47a29c00e2f72564e71cef)) -* Remove trailing double-dot from error ([59581e3](https://github.com/ory/kratos/commit/59581e3fede0fd43028a5f064c350c3cc833b5b0)) -* Remove unused sql migration ([1445d1d](https://github.com/ory/kratos/commit/1445d1d1b4b0b5e8ef3426a98ced9573063d8646)) -* Remove unused var ([30a8cee](https://github.com/ory/kratos/commit/30a8cee22238d9f400e6d315a9bc99f710945f81)) -* Remove verify hook ([98cfec6](https://github.com/ory/kratos/commit/98cfec6d72c2e7bf2db2e8dd6f8875e885923ba8)), closes [#1302](https://github.com/ory/kratos/issues/1302): - - The verify hook is automatically used when verification is enabled and has been removed as a configuration option. - -* Replace jwt module ([#1254](https://github.com/ory/kratos/issues/1254)) ([3803c8c](https://github.com/ory/kratos/commit/3803c8ce43e35c51a9c1d7ab55bc662c398cf0d8)), closes [#1250](https://github.com/ory/kratos/issues/1250) -* Resolve build and release issues ([fb582aa](https://github.com/ory/kratos/commit/fb582aa06ad55ca3fd4e2b083e1e9bbb4ba7c715)) -* Resolve clidoc issues ([599e9f7](https://github.com/ory/kratos/commit/599e9f773a743f811329cc57cea2748831105e58)) -* Resolve compile issues ([63063c1](https://github.com/ory/kratos/commit/63063c15c17f4d3aca96b106275a3478a8ed717e)) -* Resolve contextualized table issues ([5a4f0d9](https://github.com/ory/kratos/commit/5a4f0d92800df7fb5ca0df18203a6d73416814e1)) -* Resolve crdb migration issue ([9f6edfd](https://github.com/ory/kratos/commit/9f6edfd1f544d5f85e5f5558a08672f40e928136)) -* Resolve double hook invokation for registration ([032322c](https://github.com/ory/kratos/commit/032322c66fb6925d8f1473746cb4bfd800d60590)) -* Resolve incorrect field types on oidc sign up completion ([f88b6ab](https://github.com/ory/kratos/commit/f88b6abe202605739092a8230fbdebaebcd4407a)) -* Resolve lint issues ([0348825](https://github.com/ory/kratos/commit/03488250bcdbfda6ef6a536b4de6117fa8924dc8)) -* Resolve lint issues ([75a995b](https://github.com/ory/kratos/commit/75a995b3f69778655611929b65ae22bd77c5370b)) -* Resolve linting issues and disable nancy ([c8396f6](https://github.com/ory/kratos/commit/c8396f6007831240d83f77433876c5971a2191ef)) -* Resolve mail queue issues ([b968bc4](https://github.com/ory/kratos/commit/b968bc4ed8962d421175adbcaa2dba6eaeea2245)) -* Resolve merge regressions ([9862ac7](https://github.com/ory/kratos/commit/9862ac72e0877df4cf17c93e140c354e1ddbd0e7)) -* Resolve oidc e2e regressions ([f28087a](https://github.com/ory/kratos/commit/f28087aaf133c116a81213f787dc6f2e982564c0)) -* Resolve oidc regressions and e2e tests ([f5091fa](https://github.com/ory/kratos/commit/f5091fac161db0b1401b340a002278bc26891251)) -* Resolve potential fsnotify leaks ([3159c0a](https://github.com/ory/kratos/commit/3159c0abe109ea4e3832770278c4e9bc4ca3b3e1)) -* Resolve regressions and test failures ([8bae356](https://github.com/ory/kratos/commit/8bae3565ea5410b60c3e638a49f5454fac8e63d3)) -* Resolve regressions in cookies and payloads ([9e34bf2](https://github.com/ory/kratos/commit/9e34bf2f6a2f3b007069a5415643c448798207a6)) -* Resolve settings sudo regressions ([4b611f3](https://github.com/ory/kratos/commit/4b611f34755369eafcbafa2fc16da13ea3b82370)) -* Resolve test regressions ([e3fb028](https://github.com/ory/kratos/commit/e3fb0281dd9be123271d11f2934cfb08fdc470b7)) -* Resolve ui issues with nested form objects ([8e744b9](https://github.com/ory/kratos/commit/8e744b931954283cf5f5cbf3ebaca3fa94e035ed)) -* Resolve update regression ([d0d661a](https://github.com/ory/kratos/commit/d0d661aaffcba8b039738b773c891ee6e8f6449e)) -* Return delay instead of sleeping to improve tests ([27b977e](https://github.com/ory/kratos/commit/27b977ebbaa25b95caa7e3e4536a09ea0bfa61c3)) -* Revert generator changes ([c18b97f](https://github.com/ory/kratos/commit/c18b97f333a638d4b4495678013c55faca4b04d0)) -* Run correct error handler for registration hooks ([0d80447](https://github.com/ory/kratos/commit/0d80447102d5092e310ca728012f083147c0c5c9)) -* Simplify data breaches password error reason ([#1136](https://github.com/ory/kratos/issues/1136)) ([33d29bf](https://github.com/ory/kratos/commit/33d29bf72af03aea77f1d318c19f5087a506719f)): - - This PR simplifies the error reason given when a password has appeared in data breaches to not include the actual number and rather just show "this password has appeared in data breaches and must not be used". - -* Support form and json formats in decoder ([d420fe6](https://github.com/ory/kratos/commit/d420fe6e8a491b20063d4bfeaa0a841058087d32)) -* Update openapi definitions for signup ([eb0b69d](https://github.com/ory/kratos/commit/eb0b69d50ce834b170186a39bbc9cda4d3366c36)) -* Update quickstart node image ([c19b2f4](https://github.com/ory/kratos/commit/c19b2f4c57307e27ce289d44eff34f5aec1341da)): - - See https://github.com/ory/kratos/discussions/1301 - -* Update to new goreleaser config ([4c2a1b7](https://github.com/ory/kratos/commit/4c2a1b7f5a0059a6e0c28779808ffb27e8910553)) -* Update to new healthx ([6ec987a](https://github.com/ory/kratos/commit/6ec987ae81ef0c05f2c4d1eb836c40f9d15950b2)) -* Use equalfold ([1c0e52e](https://github.com/ory/kratos/commit/1c0e52ec36ff95b53e3537c5ef457f1c818d7f6b)) -* Use new TB interface ([d75a378](https://github.com/ory/kratos/commit/d75a378e700a206753f2cb17032315f2981960e7)) -* Use numerical User ID instead of name to avoid k8s security warnings ([#1151](https://github.com/ory/kratos/issues/1151)) ([468a12e](https://github.com/ory/kratos/commit/468a12e56f22cfdf7bd05d68159cc735e75211b2)): - - Our docker image scanner does not allow running processes inside - container using non-numeric User spec (to determine if we are trying - to run docker image as root). - -* Use remote dependencies ([1e56457](https://github.com/ory/kratos/commit/1e56457d49e1cde69baa41e3111ca113aa49ee3c)) +- Add include stub go files + ([6d725b1](https://github.com/ory/kratos/commit/6d725b1461a26d99c8b179be8ca219ba83ba0f17)) +- Add index to migration status + ([8c6ec27](https://github.com/ory/kratos/commit/8c6ec2741535c090aae16f02a744f56c15923e2b)) +- Add node_modules to format tasks + ([e5f6b36](https://github.com/ory/kratos/commit/e5f6b36caeff080905d15566cf55f8fe4905dbc0)) +- Add titles to identity schema + ([73c15d2](https://github.com/ory/kratos/commit/73c15d23840aa83d2c99c013cad52ad7df285f18)) +- Adopt to new go-swagger changes + ([5c45bd9](https://github.com/ory/kratos/commit/5c45bd9f354bfe19b8cbcd7eb4eaebf22c441f42)) +- Allow absolute file URLs as config values + ([#1069](https://github.com/ory/kratos/issues/1069)) + ([4bb4f67](https://github.com/ory/kratos/commit/4bb4f679d1fe0a49edb0c0189bb7a2188d4f850d)) +- Allow hashtag in ui urls ([#1040](https://github.com/ory/kratos/issues/1040)) + ([7591f07](https://github.com/ory/kratos/commit/7591f07f7d48376a03e9eacfdb6f4a93fd26c0d5)) +- Avoid unicode-escaping ampersand in recovery URL query string + ([#1212](https://github.com/ory/kratos/issues/1212)) + ([d172368](https://github.com/ory/kratos/commit/d17236870af490f043d87e220179b35c9eb2dd4e)) +- Bcrypt regression in credentials counting + ([23fc13b](https://github.com/ory/kratos/commit/23fc13ba778e0045ca30c00d673ebd6c2f2b7fb7)) +- Broken make quickstart-dev task + ([#980](https://github.com/ory/kratos/issues/980)) + ([999828a](https://github.com/ory/kratos/commit/999828ae036f20bde6d12fe89851e1fde9bdaca6)), + closes [#965](https://github.com/ory/kratos/issues/965) +- Broken make sdk task ([#977](https://github.com/ory/kratos/issues/977)) + ([5b01c7a](https://github.com/ory/kratos/commit/5b01c7a368c5bcfaa3af218d42f15288f51ab3e4)), + closes [#950](https://github.com/ory/kratos/issues/950) +- Call contextualized test helpers + ([e1f3f78](https://github.com/ory/kratos/commit/e1f3f7835696b039409c9d05f63665aba7a179ae)) +- **cmd:** Make HTTP calls resilient + ([e8ed61f](https://github.com/ory/kratos/commit/e8ed61fc3e806453f78b8fa629e96ff7b320bf95)) +- Code integer parsing bit size + ([#1178](https://github.com/ory/kratos/issues/1178)) + ([31e9632](https://github.com/ory/kratos/commit/31e9632bcd6ec3bdeabe862a4cce89021c6dd361)): + + In some cases we had a wrong bitsize of `64`, while the var was later cast to + `int`. Replaced with a bitsize of `0`, which is the value to cast to `int`. + +- Contextualize identity persister + ([f8640c0](https://github.com/ory/kratos/commit/f8640c04f0c5873c39c8af4652d16bfbd347b79e)) +- Convert all identifiers to lower case on login + ([#815](https://github.com/ory/kratos/issues/815)) + ([d64b575](https://github.com/ory/kratos/commit/d64b5757c710c436d6789dbdb33ed04dc11cbdf9)), + closes [#814](https://github.com/ory/kratos/issues/814) +- Courier adress ([#1198](https://github.com/ory/kratos/issues/1198)) + ([ebe4e64](https://github.com/ory/kratos/commit/ebe4e643150f7603a1e3a3cf6f909135097b3f49)), + closes [#1194](https://github.com/ory/kratos/issues/1194) +- Courier message dequeue race condition + ([#1024](https://github.com/ory/kratos/issues/1024)) + ([5396a82](https://github.com/ory/kratos/commit/5396a82c34eef5d42444b5c4371bd4f820fe3eb0)), + closes [#652](https://github.com/ory/kratos/issues/652) + [#732](https://github.com/ory/kratos/issues/732): + + Fixes the courier message dequeuing race condition by modifying + `*sql.Persister.NextMessages(ctx context.Context, limit uint8)` to retrieve + only messages with status `MessageStatusQueued` and update the status of the + retrieved messages to `MessageStatusProcessing` within a transaction. On + message send failure, the message's status is reset to `MessageStatusQueued`, + so that the message can be dequeued in a subsequent `NextMessages` call. On + message send success, the status is updated to `MessageStatusSent` (no change + there). + +- Define credentials types as sql template and resolve crdb issue + ([a2d6eeb](https://github.com/ory/kratos/commit/a2d6eeb2928c9750741237f559197fd80494310d)) +- Dereference pointer types from new flow structures + ([#1019](https://github.com/ory/kratos/issues/1019)) + ([efedc92](https://github.com/ory/kratos/commit/efedc920e592bd6e963726e6b123ddc40df93a59)) +- Do not include smtp in tracing + ([#1268](https://github.com/ory/kratos/issues/1268)) + ([bbfcbf9](https://github.com/ory/kratos/commit/bbfcbf9ce595d842a53a3ea21c286d5899eeb28f)) +- Do not publish version at public endpoint + ([3726ed4](https://github.com/ory/kratos/commit/3726ed4d145a949b25f5b5da5f58d4f448a2a90f)) +- Do not reset registration method + ([554bb0b](https://github.com/ory/kratos/commit/554bb0b4e62e4ac2a321fa4dbf89ffdf37b188df)) +- Do not return system errors for missing identifiers + ([1fcc855](https://github.com/ory/kratos/commit/1fcc8557bfee0f7ba562a635670b61dc9acb3530)), + closes [#1286](https://github.com/ory/kratos/issues/1286) +- Export mailhog dockertest runner + ([1384148](https://github.com/ory/kratos/commit/138414873ad319c6c32c6cc64a73547540dffc74)) +- Fix random delay norm distribution math + ([#1131](https://github.com/ory/kratos/issues/1131)) + ([bd9d28f](https://github.com/ory/kratos/commit/bd9d28fe354710957f4ebaf71d1fffeae3968364)) +- Fork audit logger from root logger + ([68a09e7](https://github.com/ory/kratos/commit/68a09e7f3dc3ded9a477bb309c68ac8c4e2c2836)) +- Gitlab oidc flow ([#1159](https://github.com/ory/kratos/issues/1159)) + ([0bb3eb6](https://github.com/ory/kratos/commit/0bb3eb6db1144a09f4ac356cc45e1644d862bb70)), + closes [#1157](https://github.com/ory/kratos/issues/1157) +- Give specific message instead of only 404 when method is disabled + ([#1025](https://github.com/ory/kratos/issues/1025)) + ([2f62041](https://github.com/ory/kratos/commit/2f62041a62588f5b3b062092c57053facb858e62)): + + Enabled strategies are not only used for handlers but also in other areas + (e.g. populating the flow methods). So we should keep the logic to get enabled + strategies and add new functions for getting all strategies. + +- **hashing:** Make bcrypt default hashing algorithm + ([04abe77](https://github.com/ory/kratos/commit/04abe774ada1ef4bf318658fcf84c1d39a2a922d)) +- Ignore unset domain aliases + ([ada6997](https://github.com/ory/kratos/commit/ada6997ff3dc7e48fd098e40267db5f231a5201f)) +- Improve cli error output + ([43e9678](https://github.com/ory/kratos/commit/43e967887280b57639565dabd92a07f02fbddeb5)) +- Improve error stack trace + ([4351773](https://github.com/ory/kratos/commit/43517737109088eda3b1d7f5b42f78bd5eb701d2)) +- Improve error tracing ([#1005](https://github.com/ory/kratos/issues/1005)) + ([456fd25](https://github.com/ory/kratos/commit/456fd254485fc80b9ae02dfca672a9fea8ae0134)) +- Improve test contextualization + ([2f92a70](https://github.com/ory/kratos/commit/2f92a7066d72535d32146a98207996fda45e0b96)) +- Initialize randomdelay with seeded source + ([9896289](https://github.com/ory/kratos/commit/9896289216f10b808a8c78b86d9c27b8d74379de)) +- Insert credentials type constants as part of migrations + ([#865](https://github.com/ory/kratos/issues/865)) + ([92b79b8](https://github.com/ory/kratos/commit/92b79b86762edddf2ad6529b98b3383b641148d5)), + closes [#861](https://github.com/ory/kratos/issues/861) +- Linking a connection may result in system error + ([#990](https://github.com/ory/kratos/issues/990)) + ([be02a70](https://github.com/ory/kratos/commit/be02a70c3cd60adbcc13559e1cb5dc01a8572da4)), + closes [#694](https://github.com/ory/kratos/issues/694) +- Marking whoami auhorization parameter as 'in header' + ([#1244](https://github.com/ory/kratos/issues/1244)) + ([62d8b85](https://github.com/ory/kratos/commit/62d8b85223a0535b07620b08d35c6c3f6b127642)), + closes [#1215](https://github.com/ory/kratos/issues/1215) +- Move schema loaders to correct file + ([029781f](https://github.com/ory/kratos/commit/029781f69448e8abc85607a03b4bd2055158cf2c)) +- Move to new transaction-safe migrations + ([#1063](https://github.com/ory/kratos/issues/1063)) + ([2588fb4](https://github.com/ory/kratos/commit/2588fb489d76939aeec2986d30fde9075b373831)): + + This patch introduces a new SQL transaction model for running SQL migrations. + This fix is particularly targeted at CockroachDB which has limited support for + mixing DDL and DML statements. + + Previously it could happen that migrations failure needed manual intervention. + This has now been resolved. The new migration model is compatible with the old + one and should work without a problem. + +- Pass down context to registry + ([0879446](https://github.com/ory/kratos/commit/08794461ed95965a9e5460ded2b4c04ab0f5e2e8)) +- Re-enable SDK generation + ([1d5854d](https://github.com/ory/kratos/commit/1d5854d6298e3d21f85a8fa01d3004166c4b3f50)) +- Record cypress runs + ([db35d8f](https://github.com/ory/kratos/commit/db35d8ff6bb44dc9e9acf131cb0a14a7f4a7d160)) +- Rehydrate settings form on successful submission + ([3457e1a](https://github.com/ory/kratos/commit/3457e1a46f48ed79eabff76f8af08b82f12ecc89)), + closes [#1305](https://github.com/ory/kratos/issues/1305) +- Remove absolete 'make pack' from Dockerfile + ([#1172](https://github.com/ory/kratos/issues/1172)) + ([b8eb908](https://github.com/ory/kratos/commit/b8eb908529cc72a3147ad28e4eeee71850a8e431)) +- Remove continuity cookies on errors + ([85eea67](https://github.com/ory/kratos/commit/85eea6748be6ae8cdfc10cabaa6b677e4efd63eb)) +- Remove include stubs + ([1764e3a](https://github.com/ory/kratos/commit/1764e3a08a24db82dc391a77fdea09a91faffb5f)) +- Remove obsolete clihelpers + ([230fd13](https://github.com/ory/kratos/commit/230fd138d1bc7ec57647ea8eeca8e17baaacce0a)) +- Remove record from bash script + ([84a9315](https://github.com/ory/kratos/commit/84a9315a824cacd29d30b98b65725343af22732d)) +- Remove stray non-ctx configs + ([#1053](https://github.com/ory/kratos/issues/1053)) + ([1fe137e](https://github.com/ory/kratos/commit/1fe137e0d6314bd0af47a29c00e2f72564e71cef)) +- Remove trailing double-dot from error + ([59581e3](https://github.com/ory/kratos/commit/59581e3fede0fd43028a5f064c350c3cc833b5b0)) +- Remove unused sql migration + ([1445d1d](https://github.com/ory/kratos/commit/1445d1d1b4b0b5e8ef3426a98ced9573063d8646)) +- Remove unused var + ([30a8cee](https://github.com/ory/kratos/commit/30a8cee22238d9f400e6d315a9bc99f710945f81)) +- Remove verify hook + ([98cfec6](https://github.com/ory/kratos/commit/98cfec6d72c2e7bf2db2e8dd6f8875e885923ba8)), + closes [#1302](https://github.com/ory/kratos/issues/1302): + + The verify hook is automatically used when verification is enabled and has + been removed as a configuration option. + +- Replace jwt module ([#1254](https://github.com/ory/kratos/issues/1254)) + ([3803c8c](https://github.com/ory/kratos/commit/3803c8ce43e35c51a9c1d7ab55bc662c398cf0d8)), + closes [#1250](https://github.com/ory/kratos/issues/1250) +- Resolve build and release issues + ([fb582aa](https://github.com/ory/kratos/commit/fb582aa06ad55ca3fd4e2b083e1e9bbb4ba7c715)) +- Resolve clidoc issues + ([599e9f7](https://github.com/ory/kratos/commit/599e9f773a743f811329cc57cea2748831105e58)) +- Resolve compile issues + ([63063c1](https://github.com/ory/kratos/commit/63063c15c17f4d3aca96b106275a3478a8ed717e)) +- Resolve contextualized table issues + ([5a4f0d9](https://github.com/ory/kratos/commit/5a4f0d92800df7fb5ca0df18203a6d73416814e1)) +- Resolve crdb migration issue + ([9f6edfd](https://github.com/ory/kratos/commit/9f6edfd1f544d5f85e5f5558a08672f40e928136)) +- Resolve double hook invokation for registration + ([032322c](https://github.com/ory/kratos/commit/032322c66fb6925d8f1473746cb4bfd800d60590)) +- Resolve incorrect field types on oidc sign up completion + ([f88b6ab](https://github.com/ory/kratos/commit/f88b6abe202605739092a8230fbdebaebcd4407a)) +- Resolve lint issues + ([0348825](https://github.com/ory/kratos/commit/03488250bcdbfda6ef6a536b4de6117fa8924dc8)) +- Resolve lint issues + ([75a995b](https://github.com/ory/kratos/commit/75a995b3f69778655611929b65ae22bd77c5370b)) +- Resolve linting issues and disable nancy + ([c8396f6](https://github.com/ory/kratos/commit/c8396f6007831240d83f77433876c5971a2191ef)) +- Resolve mail queue issues + ([b968bc4](https://github.com/ory/kratos/commit/b968bc4ed8962d421175adbcaa2dba6eaeea2245)) +- Resolve merge regressions + ([9862ac7](https://github.com/ory/kratos/commit/9862ac72e0877df4cf17c93e140c354e1ddbd0e7)) +- Resolve oidc e2e regressions + ([f28087a](https://github.com/ory/kratos/commit/f28087aaf133c116a81213f787dc6f2e982564c0)) +- Resolve oidc regressions and e2e tests + ([f5091fa](https://github.com/ory/kratos/commit/f5091fac161db0b1401b340a002278bc26891251)) +- Resolve potential fsnotify leaks + ([3159c0a](https://github.com/ory/kratos/commit/3159c0abe109ea4e3832770278c4e9bc4ca3b3e1)) +- Resolve regressions and test failures + ([8bae356](https://github.com/ory/kratos/commit/8bae3565ea5410b60c3e638a49f5454fac8e63d3)) +- Resolve regressions in cookies and payloads + ([9e34bf2](https://github.com/ory/kratos/commit/9e34bf2f6a2f3b007069a5415643c448798207a6)) +- Resolve settings sudo regressions + ([4b611f3](https://github.com/ory/kratos/commit/4b611f34755369eafcbafa2fc16da13ea3b82370)) +- Resolve test regressions + ([e3fb028](https://github.com/ory/kratos/commit/e3fb0281dd9be123271d11f2934cfb08fdc470b7)) +- Resolve ui issues with nested form objects + ([8e744b9](https://github.com/ory/kratos/commit/8e744b931954283cf5f5cbf3ebaca3fa94e035ed)) +- Resolve update regression + ([d0d661a](https://github.com/ory/kratos/commit/d0d661aaffcba8b039738b773c891ee6e8f6449e)) +- Return delay instead of sleeping to improve tests + ([27b977e](https://github.com/ory/kratos/commit/27b977ebbaa25b95caa7e3e4536a09ea0bfa61c3)) +- Revert generator changes + ([c18b97f](https://github.com/ory/kratos/commit/c18b97f333a638d4b4495678013c55faca4b04d0)) +- Run correct error handler for registration hooks + ([0d80447](https://github.com/ory/kratos/commit/0d80447102d5092e310ca728012f083147c0c5c9)) +- Simplify data breaches password error reason + ([#1136](https://github.com/ory/kratos/issues/1136)) + ([33d29bf](https://github.com/ory/kratos/commit/33d29bf72af03aea77f1d318c19f5087a506719f)): + + This PR simplifies the error reason given when a password has appeared in data + breaches to not include the actual number and rather just show "this password + has appeared in data breaches and must not be used". + +- Support form and json formats in decoder + ([d420fe6](https://github.com/ory/kratos/commit/d420fe6e8a491b20063d4bfeaa0a841058087d32)) +- Update openapi definitions for signup + ([eb0b69d](https://github.com/ory/kratos/commit/eb0b69d50ce834b170186a39bbc9cda4d3366c36)) +- Update quickstart node image + ([c19b2f4](https://github.com/ory/kratos/commit/c19b2f4c57307e27ce289d44eff34f5aec1341da)): + + See https://github.com/ory/kratos/discussions/1301 + +- Update to new goreleaser config + ([4c2a1b7](https://github.com/ory/kratos/commit/4c2a1b7f5a0059a6e0c28779808ffb27e8910553)) +- Update to new healthx + ([6ec987a](https://github.com/ory/kratos/commit/6ec987ae81ef0c05f2c4d1eb836c40f9d15950b2)) +- Use equalfold + ([1c0e52e](https://github.com/ory/kratos/commit/1c0e52ec36ff95b53e3537c5ef457f1c818d7f6b)) +- Use new TB interface + ([d75a378](https://github.com/ory/kratos/commit/d75a378e700a206753f2cb17032315f2981960e7)) +- Use numerical User ID instead of name to avoid k8s security warnings + ([#1151](https://github.com/ory/kratos/issues/1151)) + ([468a12e](https://github.com/ory/kratos/commit/468a12e56f22cfdf7bd05d68159cc735e75211b2)): + + Our docker image scanner does not allow running processes inside container + using non-numeric User spec (to determine if we are trying to run docker image + as root). + +- Use remote dependencies + ([1e56457](https://github.com/ory/kratos/commit/1e56457d49e1cde69baa41e3111ca113aa49ee3c)) ### Code Generation -* Pin v0.6.0-alpha.1 release commit ([507d13a](https://github.com/ory/kratos/commit/507d13a8ec9cd89c9933fc8814a8a99921da69fb)) +- Pin v0.6.0-alpha.1 release commit + ([507d13a](https://github.com/ory/kratos/commit/507d13a8ec9cd89c9933fc8814a8a99921da69fb)) ### Code Refactoring -* Adapt new sdk in testhelpers ([6e15f6f](https://github.com/ory/kratos/commit/6e15f6f86c0f146e846a384ffd6eac78406178bc)) -* Add nid everywhere ([407fd95](https://github.com/ory/kratos/commit/407fd95889f416f0d76d6f3f43644a6fafa13b44)) -* Contextualize everything ([7ebc3a9](https://github.com/ory/kratos/commit/7ebc3a9a1a2cd85d28c5a9adf2c0c8c10cbd072e)): - - This patch contextualizes all configuration and DBAL models. - -* Do not use prefixed node names ([fc42ece](https://github.com/ory/kratos/commit/fc42ece24107dcb6e6a416cc54a2fb5de524fd94)) -* Improve Argon2 tooling ([#961](https://github.com/ory/kratos/issues/961)) ([3151187](https://github.com/ory/kratos/commit/315118720419194be8baf5e5e64d7bf190179568)), closes [#955](https://github.com/ory/kratos/issues/955): - - This adds a load testing CLI that allows to adjust the hasher parameters under simulated load. - -* Move faker to exportable module ([09f8ae5](https://github.com/ory/kratos/commit/09f8ae5755c9978574e91676bf5df6a23a2feb78)) -* Move migratest helpers to ory/x ([7eca67e](https://github.com/ory/kratos/commit/7eca67eb9ec3e4ab065af7221911a74ed16c7c48)) -* Move password config to selfservice ([cd0e0eb](https://github.com/ory/kratos/commit/cd0e0ebb0de372ff31c982ef023fe1979addb05a)) -* Move to go 1.16 embed ([43c4a13](https://github.com/ory/kratos/commit/43c4a13c25be4a3a23a1ffdbecfaa0f9eda1a11d)): - - This patch replaces packr and pkged with the Go 1.16 embed feature. - -* Remove password node attribute prefix ([e27fae4](https://github.com/ory/kratos/commit/e27fae4b0d7a91ff3964804963d4885178b80803)) -* Remove profile node attribute prefix ([a3ff6f7](https://github.com/ory/kratos/commit/a3ff6f7eec45b1a9a1e7eb8569793fbc6a047d4f)) -* Rename config structs and interfaces ([4a2f419](https://github.com/ory/kratos/commit/4a2f41977439354415118df3e37dd0cde8dac1aa)) -* Rename form to container ([5da155a](https://github.com/ory/kratos/commit/5da155a07d3737cefabaf98c4ff650115f662480)) -* Replace flow's forms with new ui node module ([647eb1e](https://github.com/ory/kratos/commit/647eb1e66850c67e539d0338cca6cb8ae476ee55)) -* Replace flow's forms with new ui node module ([f74a5c2](https://github.com/ory/kratos/commit/f74a5c25af60936b59caee0866a21637a5c0ae6f)) -* Replace login flow methods with ui container ([d4ca364](https://github.com/ory/kratos/commit/d4ca364fd8905cfb205ee047a9cb831064a6b9d0)) -* Replace recovery flow methods with ui container ([cac0456](https://github.com/ory/kratos/commit/cac04562f2e4e77875275fcfd82c039d787607fb)) -* Replace registration flow methods with ui container ([3f6388d](https://github.com/ory/kratos/commit/3f6388d03f91cfad17bd74ebca4d924b4b546668)) -* Replace settings flow methods with ui container ([0efd17e](https://github.com/ory/kratos/commit/0efd17e76ba0a0cbd46916a7644b7bdf19bd4ab4)) -* Replace verification flow methods with ui container ([dbf2668](https://github.com/ory/kratos/commit/dbf2668747922c93dd967961cd843354afbecfde)) -* Replace viper with koanf config management ([5eb1bc0](https://github.com/ory/kratos/commit/5eb1bc0bff7c5d0f83c604484b8e845701112cad)) -* Update RegisterFakes calls ([6268310](https://github.com/ory/kratos/commit/626831069ab4f971094ba0bc0b43ac9ff618d91d)) -* Use underscore in webhook auth types ([26829d2](https://github.com/ory/kratos/commit/26829d21911cccd4a87c8693b6089af661c1bfe3)) +- Adapt new sdk in testhelpers + ([6e15f6f](https://github.com/ory/kratos/commit/6e15f6f86c0f146e846a384ffd6eac78406178bc)) +- Add nid everywhere + ([407fd95](https://github.com/ory/kratos/commit/407fd95889f416f0d76d6f3f43644a6fafa13b44)) +- Contextualize everything + ([7ebc3a9](https://github.com/ory/kratos/commit/7ebc3a9a1a2cd85d28c5a9adf2c0c8c10cbd072e)): + + This patch contextualizes all configuration and DBAL models. + +- Do not use prefixed node names + ([fc42ece](https://github.com/ory/kratos/commit/fc42ece24107dcb6e6a416cc54a2fb5de524fd94)) +- Improve Argon2 tooling ([#961](https://github.com/ory/kratos/issues/961)) + ([3151187](https://github.com/ory/kratos/commit/315118720419194be8baf5e5e64d7bf190179568)), + closes [#955](https://github.com/ory/kratos/issues/955): + + This adds a load testing CLI that allows to adjust the hasher parameters under + simulated load. + +- Move faker to exportable module + ([09f8ae5](https://github.com/ory/kratos/commit/09f8ae5755c9978574e91676bf5df6a23a2feb78)) +- Move migratest helpers to ory/x + ([7eca67e](https://github.com/ory/kratos/commit/7eca67eb9ec3e4ab065af7221911a74ed16c7c48)) +- Move password config to selfservice + ([cd0e0eb](https://github.com/ory/kratos/commit/cd0e0ebb0de372ff31c982ef023fe1979addb05a)) +- Move to go 1.16 embed + ([43c4a13](https://github.com/ory/kratos/commit/43c4a13c25be4a3a23a1ffdbecfaa0f9eda1a11d)): + + This patch replaces packr and pkged with the Go 1.16 embed feature. + +- Remove password node attribute prefix + ([e27fae4](https://github.com/ory/kratos/commit/e27fae4b0d7a91ff3964804963d4885178b80803)) +- Remove profile node attribute prefix + ([a3ff6f7](https://github.com/ory/kratos/commit/a3ff6f7eec45b1a9a1e7eb8569793fbc6a047d4f)) +- Rename config structs and interfaces + ([4a2f419](https://github.com/ory/kratos/commit/4a2f41977439354415118df3e37dd0cde8dac1aa)) +- Rename form to container + ([5da155a](https://github.com/ory/kratos/commit/5da155a07d3737cefabaf98c4ff650115f662480)) +- Replace flow's forms with new ui node module + ([647eb1e](https://github.com/ory/kratos/commit/647eb1e66850c67e539d0338cca6cb8ae476ee55)) +- Replace flow's forms with new ui node module + ([f74a5c2](https://github.com/ory/kratos/commit/f74a5c25af60936b59caee0866a21637a5c0ae6f)) +- Replace login flow methods with ui container + ([d4ca364](https://github.com/ory/kratos/commit/d4ca364fd8905cfb205ee047a9cb831064a6b9d0)) +- Replace recovery flow methods with ui container + ([cac0456](https://github.com/ory/kratos/commit/cac04562f2e4e77875275fcfd82c039d787607fb)) +- Replace registration flow methods with ui container + ([3f6388d](https://github.com/ory/kratos/commit/3f6388d03f91cfad17bd74ebca4d924b4b546668)) +- Replace settings flow methods with ui container + ([0efd17e](https://github.com/ory/kratos/commit/0efd17e76ba0a0cbd46916a7644b7bdf19bd4ab4)) +- Replace verification flow methods with ui container + ([dbf2668](https://github.com/ory/kratos/commit/dbf2668747922c93dd967961cd843354afbecfde)) +- Replace viper with koanf config management + ([5eb1bc0](https://github.com/ory/kratos/commit/5eb1bc0bff7c5d0f83c604484b8e845701112cad)) +- Update RegisterFakes calls + ([6268310](https://github.com/ory/kratos/commit/626831069ab4f971094ba0bc0b43ac9ff618d91d)) +- Use underscore in webhook auth types + ([26829d2](https://github.com/ory/kratos/commit/26829d21911cccd4a87c8693b6089af661c1bfe3)) ### Documentation -* Add docker to docs main ([8ce8b78](https://github.com/ory/kratos/commit/8ce8b785e2246557253420ea97cf6b7d5ee75d58)) -* Add docker to sidebar ([ed38c88](https://github.com/ory/kratos/commit/ed38c88bdbadcdcd2527a2b5270390251742bbe4)) -* Add dotnet sdk ([#1183](https://github.com/ory/kratos/issues/1183)) ([32d874a](https://github.com/ory/kratos/commit/32d874a04bb384259aeb544a3fcd6b3a8b23acdd)) -* Add faq sidebar ([#1105](https://github.com/ory/kratos/issues/1105)) ([10697aa](https://github.com/ory/kratos/commit/10697aa4ab5dc3e2ab90d1c037dfbe3492bf2bdf)) -* Add log docs to schema config ([4967f11](https://github.com/ory/kratos/commit/4967f11d8df177ebdae855eb745e90d21ce38e9f)) -* Add more HA docs ([cbb2e27](https://github.com/ory/kratos/commit/cbb2e27f8919a8991c4797a3f1c192ec364f0dd3)) -* Add Rust and Dart SDKs ([6d96952](https://github.com/ory/kratos/commit/6d969528e13350ef099669510d3d37df1c007c82)): - - We now support for Rust and Dart SDKs! - -* Add SameSite help ([2df6729](https://github.com/ory/kratos/commit/2df6729b4acc70532024658e8874682de64b06b3)) -* Add shell-session language ([d16db87](https://github.com/ory/kratos/commit/d16db87802ae2f230a02e4deed189f473588552c)) -* Add ui node docs ([e48a07d](https://github.com/ory/kratos/commit/e48a07d03c19a0677d3a56f9e57294b358f24501)) -* Adding double colons ([#1187](https://github.com/ory/kratos/issues/1187)) ([fc712f4](https://github.com/ory/kratos/commit/fc712f4530066c429242491c19d1534ffb267b0c)) -* Bcrypt is default and add 72 char warning ([29ae53a](https://github.com/ory/kratos/commit/29ae53a96b4472ff549b34241894d72d439c8ea1)) -* Better import identities examples ([#997](https://github.com/ory/kratos/issues/997)) ([2e2880a](https://github.com/ory/kratos/commit/2e2880ac057b5c98cd69481c4f6f36b564b5871d)) -* Change forum to discussions readme ([#1220](https://github.com/ory/kratos/issues/1220)) ([ae39956](https://github.com/ory/kratos/commit/ae399561ea6ed89aaadd4128bc564254984520e8)) -* Describe more about Kratos login/browser flow on quickstart doc ([#1047](https://github.com/ory/kratos/issues/1047)) ([fe725ad](https://github.com/ory/kratos/commit/fe725ad12b5aed5faa8f95bec24ed3aa82512de8)) -* Docker file links ([#1182](https://github.com/ory/kratos/issues/1182)) ([4d9b6a3](https://github.com/ory/kratos/commit/4d9b6a3fd5de81310016a811126e40a263ecd27c)) -* Document hash timing attack mitigation ([ec86993](https://github.com/ory/kratos/commit/ec869930a9c0e6f6f56c2614835894e0a6a3eaab)) -* Explain how to use `after_verification_return_to` ([7e1546b](https://github.com/ory/kratos/commit/7e1546be1fd20baca10507d642d4f209eb88dcbc)) -* FAQ improvements ([#1135](https://github.com/ory/kratos/issues/1135)) ([44d0bc9](https://github.com/ory/kratos/commit/44d0bc968a7c0ba5c0793b2349820fa8133bada3)) -* FAQ item & minor changes ([#1174](https://github.com/ory/kratos/issues/1174)) ([11cf630](https://github.com/ory/kratos/commit/11cf630082b56c80d12f5915f8e34aa03a7e8c54)) -* Fix broken link ([#1037](https://github.com/ory/kratos/issues/1037)) ([6b9aae8](https://github.com/ory/kratos/commit/6b9aae8af5aa3bd614c99b32e341fbd533caf116)) -* Fix failing build ([0de328f](https://github.com/ory/kratos/commit/0de328ff0053605e6bded589a79d3ab938d55b31)) -* Fix formatting ([#966](https://github.com/ory/kratos/issues/966)) ([687251a](https://github.com/ory/kratos/commit/687251a24e796322b43f8aed6b1fb3d7900e3271)) -* Fix identity state bullets ([#1095](https://github.com/ory/kratos/issues/1095)) ([f476334](https://github.com/ory/kratos/commit/f476334c4693277656ad88e768f66b59cbcba126)) -* Fix known/unknown email account recovery ([#1211](https://github.com/ory/kratos/issues/1211)) ([e208ca5](https://github.com/ory/kratos/commit/e208ca50ba4f03d5410c9644aaa3b04bdf1b8dbd)) -* Fix link ([7f6d7f5](https://github.com/ory/kratos/commit/7f6d7f501d7118dfe6868c9d923fb5ecc5eded48)) -* Fix link ([#1128](https://github.com/ory/kratos/issues/1128)) ([e7043e9](https://github.com/ory/kratos/commit/e7043e9b99260eaff2b48ca6f457af46a1521654)) -* Fix link to blogpost ([#949](https://github.com/ory/kratos/issues/949)) ([4622e32](https://github.com/ory/kratos/commit/4622e3228fb12231222c7e6b602458111f35f727)), closes [#945](https://github.com/ory/kratos/issues/945) -* Fix link to self-service flows overview ([#995](https://github.com/ory/kratos/issues/995)) ([2be8778](https://github.com/ory/kratos/commit/2be877847644a3df2645ac3be4bbd7704db30b17)) -* Fix note block in third party login guide ([#920](https://github.com/ory/kratos/issues/920)) ([745cea0](https://github.com/ory/kratos/commit/745cea02d0e9940f689e668bbd814b29fd53bf37)): - - Allows the document to render properly - -* Fix npm links ([#991](https://github.com/ory/kratos/issues/991)) ([4ce4468](https://github.com/ory/kratos/commit/4ce4468132dde21c1692e3a834ad7780bee12b90)) -* Fix self-service code flows labels ([#1253](https://github.com/ory/kratos/issues/1253)) ([f2ed424](https://github.com/ory/kratos/commit/f2ed424289cdd2a0edc1736888dd15be6df65f11)) -* Fix typo in README ([#1122](https://github.com/ory/kratos/issues/1122)) ([e500707](https://github.com/ory/kratos/commit/e5007078c3cd597cea669827b96c7e6f205f2f32)) -* Link to argon2 blogpost and add cross-references ([#1038](https://github.com/ory/kratos/issues/1038)) ([9ab7c3d](https://github.com/ory/kratos/commit/9ab7c3df59ecd94a74a7bf18af9c0ded5305e042)) -* Make explicit the ID of the default schema ([#1173](https://github.com/ory/kratos/issues/1173)) ([cc6e9ff](https://github.com/ory/kratos/commit/cc6e9ffbac7118436d85078720cde2de98a68044)) -* Minor cosmetics ([#1050](https://github.com/ory/kratos/issues/1050)) ([34db06f](https://github.com/ory/kratos/commit/34db06fd4f83d415c09109b06dfd3b82ce03705e)) -* Minor improvements ([#1052](https://github.com/ory/kratos/issues/1052)) ([f0672b5](https://github.com/ory/kratos/commit/f0672b5cb8cca41fa914db21798d20f00a5699f9)) -* ORY -> Ory ([ea30979](https://github.com/ory/kratos/commit/ea309797bf59f3da5c5cd184e45f2e585144be56)) -* **prometheus:** Update codedoc ([47146ea](https://github.com/ory/kratos/commit/47146ea8ce169ee908aa4d33b59a01e9df4bae10)) -* Reformat settings code samples ([cdbbf4d](https://github.com/ory/kratos/commit/cdbbf4df5fa3fa667a78d5cf682bc7fa36693e9d)) -* Remove unnecessary and wrong docker pull commands ([#1203](https://github.com/ory/kratos/issues/1203)) ([2b0342a](https://github.com/ory/kratos/commit/2b0342ad7607d705bcebfafd5a78e4e09e57a940)) -* Resolve duplication error ([a3d8284](https://github.com/ory/kratos/commit/a3d8284ab20ae76bccba361601b7290af20bdde6)) -* Update build from source ([9b5754f](https://github.com/ory/kratos/commit/9b5754f36661f6de9c95f30c06f28164fe5be48b)), closes [#979](https://github.com/ory/kratos/issues/979) -* Update email template docs ([1778cb9](https://github.com/ory/kratos/commit/1778cb9a293feb2c91c0b1921ab78a0395cdca98)), closes [#897](https://github.com/ory/kratos/issues/897) -* Update identity-data-model links ([b5fd9a3](https://github.com/ory/kratos/commit/b5fd9a3a0821215f94da168c9c6f87dceba8c8f4)) -* Update identity.ID field documentation ([4624f03](https://github.com/ory/kratos/commit/4624f03a5e9249a5449992a1f0b7ec80dc3499fd)): - - See https://github.com/ory/kratos/discussions/956 - -* Update kratos video link ([#1073](https://github.com/ory/kratos/issues/1073)) ([e86178f](https://github.com/ory/kratos/commit/e86178f4ee66e5053e0da2fab2c21ecb2e730ada)) -* Update login code samples ([695a30f](https://github.com/ory/kratos/commit/695a30f6c80f277676bf04b4665efeb7ea4db618)) -* Update login code samples ([ce6c755](https://github.com/ory/kratos/commit/ce6c75587bea80ef83855d764fed79a9d6c948d3)) -* Update quickstart samples ([c3fcaba](https://github.com/ory/kratos/commit/c3fcaba65899d9d46a08ca8b60ec0c010f70b16c)) -* Update recovery code samples ([d9fbb62](https://github.com/ory/kratos/commit/d9fbb62faff5144f587136935f15d24b6399f29c)) -* Update registration code samples ([317810f](https://github.com/ory/kratos/commit/317810ffd8ba6faf87f2248263b6c82cf4e9ffd8)) -* Update self-service code samples ([6415011](https://github.com/ory/kratos/commit/6415011ab83a19972c6f52467055fbdcef23a0cc)) -* Update settings code samples ([bbd6266](https://github.com/ory/kratos/commit/bbd6266c22097fae195654957cbab589d04892c7)) -* Update verification code samples ([4285dec](https://github.com/ory/kratos/commit/4285dec59a8fc31fa3416b594c765f5da9a9de1c)) -* Use correct extension for identity-data-model ([acab3e8](https://github.com/ory/kratos/commit/acab3e8b489d9865e4bf0805895f0b7ae9e6f1b8)), closes [/github.com/ory/kratos/pull/1197#issuecomment-819455322](https://github.com//github.com/ory/kratos/pull/1197/issues/issuecomment-819455322) +- Add docker to docs main + ([8ce8b78](https://github.com/ory/kratos/commit/8ce8b785e2246557253420ea97cf6b7d5ee75d58)) +- Add docker to sidebar + ([ed38c88](https://github.com/ory/kratos/commit/ed38c88bdbadcdcd2527a2b5270390251742bbe4)) +- Add dotnet sdk ([#1183](https://github.com/ory/kratos/issues/1183)) + ([32d874a](https://github.com/ory/kratos/commit/32d874a04bb384259aeb544a3fcd6b3a8b23acdd)) +- Add faq sidebar ([#1105](https://github.com/ory/kratos/issues/1105)) + ([10697aa](https://github.com/ory/kratos/commit/10697aa4ab5dc3e2ab90d1c037dfbe3492bf2bdf)) +- Add log docs to schema config + ([4967f11](https://github.com/ory/kratos/commit/4967f11d8df177ebdae855eb745e90d21ce38e9f)) +- Add more HA docs + ([cbb2e27](https://github.com/ory/kratos/commit/cbb2e27f8919a8991c4797a3f1c192ec364f0dd3)) +- Add Rust and Dart SDKs + ([6d96952](https://github.com/ory/kratos/commit/6d969528e13350ef099669510d3d37df1c007c82)): + + We now support for Rust and Dart SDKs! + +- Add SameSite help + ([2df6729](https://github.com/ory/kratos/commit/2df6729b4acc70532024658e8874682de64b06b3)) +- Add shell-session language + ([d16db87](https://github.com/ory/kratos/commit/d16db87802ae2f230a02e4deed189f473588552c)) +- Add ui node docs + ([e48a07d](https://github.com/ory/kratos/commit/e48a07d03c19a0677d3a56f9e57294b358f24501)) +- Adding double colons ([#1187](https://github.com/ory/kratos/issues/1187)) + ([fc712f4](https://github.com/ory/kratos/commit/fc712f4530066c429242491c19d1534ffb267b0c)) +- Bcrypt is default and add 72 char warning + ([29ae53a](https://github.com/ory/kratos/commit/29ae53a96b4472ff549b34241894d72d439c8ea1)) +- Better import identities examples + ([#997](https://github.com/ory/kratos/issues/997)) + ([2e2880a](https://github.com/ory/kratos/commit/2e2880ac057b5c98cd69481c4f6f36b564b5871d)) +- Change forum to discussions readme + ([#1220](https://github.com/ory/kratos/issues/1220)) + ([ae39956](https://github.com/ory/kratos/commit/ae399561ea6ed89aaadd4128bc564254984520e8)) +- Describe more about Kratos login/browser flow on quickstart doc + ([#1047](https://github.com/ory/kratos/issues/1047)) + ([fe725ad](https://github.com/ory/kratos/commit/fe725ad12b5aed5faa8f95bec24ed3aa82512de8)) +- Docker file links ([#1182](https://github.com/ory/kratos/issues/1182)) + ([4d9b6a3](https://github.com/ory/kratos/commit/4d9b6a3fd5de81310016a811126e40a263ecd27c)) +- Document hash timing attack mitigation + ([ec86993](https://github.com/ory/kratos/commit/ec869930a9c0e6f6f56c2614835894e0a6a3eaab)) +- Explain how to use `after_verification_return_to` + ([7e1546b](https://github.com/ory/kratos/commit/7e1546be1fd20baca10507d642d4f209eb88dcbc)) +- FAQ improvements ([#1135](https://github.com/ory/kratos/issues/1135)) + ([44d0bc9](https://github.com/ory/kratos/commit/44d0bc968a7c0ba5c0793b2349820fa8133bada3)) +- FAQ item & minor changes ([#1174](https://github.com/ory/kratos/issues/1174)) + ([11cf630](https://github.com/ory/kratos/commit/11cf630082b56c80d12f5915f8e34aa03a7e8c54)) +- Fix broken link ([#1037](https://github.com/ory/kratos/issues/1037)) + ([6b9aae8](https://github.com/ory/kratos/commit/6b9aae8af5aa3bd614c99b32e341fbd533caf116)) +- Fix failing build + ([0de328f](https://github.com/ory/kratos/commit/0de328ff0053605e6bded589a79d3ab938d55b31)) +- Fix formatting ([#966](https://github.com/ory/kratos/issues/966)) + ([687251a](https://github.com/ory/kratos/commit/687251a24e796322b43f8aed6b1fb3d7900e3271)) +- Fix identity state bullets + ([#1095](https://github.com/ory/kratos/issues/1095)) + ([f476334](https://github.com/ory/kratos/commit/f476334c4693277656ad88e768f66b59cbcba126)) +- Fix known/unknown email account recovery + ([#1211](https://github.com/ory/kratos/issues/1211)) + ([e208ca5](https://github.com/ory/kratos/commit/e208ca50ba4f03d5410c9644aaa3b04bdf1b8dbd)) +- Fix link + ([7f6d7f5](https://github.com/ory/kratos/commit/7f6d7f501d7118dfe6868c9d923fb5ecc5eded48)) +- Fix link ([#1128](https://github.com/ory/kratos/issues/1128)) + ([e7043e9](https://github.com/ory/kratos/commit/e7043e9b99260eaff2b48ca6f457af46a1521654)) +- Fix link to blogpost ([#949](https://github.com/ory/kratos/issues/949)) + ([4622e32](https://github.com/ory/kratos/commit/4622e3228fb12231222c7e6b602458111f35f727)), + closes [#945](https://github.com/ory/kratos/issues/945) +- Fix link to self-service flows overview + ([#995](https://github.com/ory/kratos/issues/995)) + ([2be8778](https://github.com/ory/kratos/commit/2be877847644a3df2645ac3be4bbd7704db30b17)) +- Fix note block in third party login guide + ([#920](https://github.com/ory/kratos/issues/920)) + ([745cea0](https://github.com/ory/kratos/commit/745cea02d0e9940f689e668bbd814b29fd53bf37)): + + Allows the document to render properly + +- Fix npm links ([#991](https://github.com/ory/kratos/issues/991)) + ([4ce4468](https://github.com/ory/kratos/commit/4ce4468132dde21c1692e3a834ad7780bee12b90)) +- Fix self-service code flows labels + ([#1253](https://github.com/ory/kratos/issues/1253)) + ([f2ed424](https://github.com/ory/kratos/commit/f2ed424289cdd2a0edc1736888dd15be6df65f11)) +- Fix typo in README ([#1122](https://github.com/ory/kratos/issues/1122)) + ([e500707](https://github.com/ory/kratos/commit/e5007078c3cd597cea669827b96c7e6f205f2f32)) +- Link to argon2 blogpost and add cross-references + ([#1038](https://github.com/ory/kratos/issues/1038)) + ([9ab7c3d](https://github.com/ory/kratos/commit/9ab7c3df59ecd94a74a7bf18af9c0ded5305e042)) +- Make explicit the ID of the default schema + ([#1173](https://github.com/ory/kratos/issues/1173)) + ([cc6e9ff](https://github.com/ory/kratos/commit/cc6e9ffbac7118436d85078720cde2de98a68044)) +- Minor cosmetics ([#1050](https://github.com/ory/kratos/issues/1050)) + ([34db06f](https://github.com/ory/kratos/commit/34db06fd4f83d415c09109b06dfd3b82ce03705e)) +- Minor improvements ([#1052](https://github.com/ory/kratos/issues/1052)) + ([f0672b5](https://github.com/ory/kratos/commit/f0672b5cb8cca41fa914db21798d20f00a5699f9)) +- ORY -> Ory + ([ea30979](https://github.com/ory/kratos/commit/ea309797bf59f3da5c5cd184e45f2e585144be56)) +- **prometheus:** Update codedoc + ([47146ea](https://github.com/ory/kratos/commit/47146ea8ce169ee908aa4d33b59a01e9df4bae10)) +- Reformat settings code samples + ([cdbbf4d](https://github.com/ory/kratos/commit/cdbbf4df5fa3fa667a78d5cf682bc7fa36693e9d)) +- Remove unnecessary and wrong docker pull commands + ([#1203](https://github.com/ory/kratos/issues/1203)) + ([2b0342a](https://github.com/ory/kratos/commit/2b0342ad7607d705bcebfafd5a78e4e09e57a940)) +- Resolve duplication error + ([a3d8284](https://github.com/ory/kratos/commit/a3d8284ab20ae76bccba361601b7290af20bdde6)) +- Update build from source + ([9b5754f](https://github.com/ory/kratos/commit/9b5754f36661f6de9c95f30c06f28164fe5be48b)), + closes [#979](https://github.com/ory/kratos/issues/979) +- Update email template docs + ([1778cb9](https://github.com/ory/kratos/commit/1778cb9a293feb2c91c0b1921ab78a0395cdca98)), + closes [#897](https://github.com/ory/kratos/issues/897) +- Update identity-data-model links + ([b5fd9a3](https://github.com/ory/kratos/commit/b5fd9a3a0821215f94da168c9c6f87dceba8c8f4)) +- Update identity.ID field documentation + ([4624f03](https://github.com/ory/kratos/commit/4624f03a5e9249a5449992a1f0b7ec80dc3499fd)): + + See https://github.com/ory/kratos/discussions/956 + +- Update kratos video link ([#1073](https://github.com/ory/kratos/issues/1073)) + ([e86178f](https://github.com/ory/kratos/commit/e86178f4ee66e5053e0da2fab2c21ecb2e730ada)) +- Update login code samples + ([695a30f](https://github.com/ory/kratos/commit/695a30f6c80f277676bf04b4665efeb7ea4db618)) +- Update login code samples + ([ce6c755](https://github.com/ory/kratos/commit/ce6c75587bea80ef83855d764fed79a9d6c948d3)) +- Update quickstart samples + ([c3fcaba](https://github.com/ory/kratos/commit/c3fcaba65899d9d46a08ca8b60ec0c010f70b16c)) +- Update recovery code samples + ([d9fbb62](https://github.com/ory/kratos/commit/d9fbb62faff5144f587136935f15d24b6399f29c)) +- Update registration code samples + ([317810f](https://github.com/ory/kratos/commit/317810ffd8ba6faf87f2248263b6c82cf4e9ffd8)) +- Update self-service code samples + ([6415011](https://github.com/ory/kratos/commit/6415011ab83a19972c6f52467055fbdcef23a0cc)) +- Update settings code samples + ([bbd6266](https://github.com/ory/kratos/commit/bbd6266c22097fae195654957cbab589d04892c7)) +- Update verification code samples + ([4285dec](https://github.com/ory/kratos/commit/4285dec59a8fc31fa3416b594c765f5da9a9de1c)) +- Use correct extension for identity-data-model + ([acab3e8](https://github.com/ory/kratos/commit/acab3e8b489d9865e4bf0805895f0b7ae9e6f1b8)), + closes + [/github.com/ory/kratos/pull/1197#issuecomment-819455322](https://github.com//github.com/ory/kratos/pull/1197/issues/issuecomment-819455322) ### Features -* Add email template specification in doc ([#898](https://github.com/ory/kratos/issues/898)) ([4230d9e](https://github.com/ory/kratos/commit/4230d9e0fc35c651b0d2cbdbbf9e1f1c514743f8)) -* Add error for when no login strategy was found ([6bae66c](https://github.com/ory/kratos/commit/6bae66cde362c4e2995c9d06a0d3ffee403feb74)) -* Add facebook provider to oidc providers and documentation ([#1035](https://github.com/ory/kratos/issues/1035)) ([905bb03](https://github.com/ory/kratos/commit/905bb032520189212bd88f29641903945ae03608)), closes [#1034](https://github.com/ory/kratos/issues/1034) -* Add FAQ to docs ([#1096](https://github.com/ory/kratos/issues/1096)) ([9c6b68c](https://github.com/ory/kratos/commit/9c6b68c454f472b26c34e1975b6a67b24b218f47)) -* Add gh login to claims ([49deb2e](https://github.com/ory/kratos/commit/49deb2e166362a5d051bc08523ef44425f144bdd)) -* Add login strategy text message ([7468c83](https://github.com/ory/kratos/commit/7468c835d4800c207035897fc9962860d8ab7803)) -* Add more tests for multi domain args ([e99803b](https://github.com/ory/kratos/commit/e99803b62a847bcee52bcd87fa8088124b4deae2)) -* Add Prometheus monitoring to Public APIs ([#1022](https://github.com/ory/kratos/issues/1022)) ([75a4f1a](https://github.com/ory/kratos/commit/75a4f1a5472ffd780fed43a7395a191ed495c6e9)) -* Add random delay to login flow ([#1088](https://github.com/ory/kratos/issues/1088)) ([cb9894f](https://github.com/ory/kratos/commit/cb9894fefc694a4092215d3981e80f287021542f)), closes [#832](https://github.com/ory/kratos/issues/832) -* Add return_url to verification flow ([#1149](https://github.com/ory/kratos/issues/1149)) ([bb99912](https://github.com/ory/kratos/commit/bb99912d823e9bcffa41edf50a01dcae40117fe6)), closes [#1123](https://github.com/ory/kratos/issues/1123) [#1133](https://github.com/ory/kratos/issues/1133) -* Add sql migrations for new login flow ([e947edf](https://github.com/ory/kratos/commit/e947edf497b36bc576061c9ae38049e84ee48575)) -* Add sql tracing ([3c4cc1c](https://github.com/ory/kratos/commit/3c4cc1cec170df14331288170a94ada770d3289f)) -* Add tracing to config schema ([007dde4](https://github.com/ory/kratos/commit/007dde4482d11f22b8527c94b002da675152a872)) -* Add transporter with host modification ([2c41b81](https://github.com/ory/kratos/commit/2c41b81be947f9972638d082105f0f5c83078b91)) -* Add workaround template for go openapi ([5d72d10](https://github.com/ory/kratos/commit/5d72d10f6c6948c48c5701fe348084a668c8311a)) -* Adds slack sogial login ([#974](https://github.com/ory/kratos/issues/974)) ([7c66053](https://github.com/ory/kratos/commit/7c66053390b3086fe7233625038a78431a61e507)), closes [#953](https://github.com/ory/kratos/issues/953) -* Allow session cookie name configuration ([77ce316](https://github.com/ory/kratos/commit/77ce3162ba97cf5c516c26ef499d9fa892162f0a)), closes [#268](https://github.com/ory/kratos/issues/268) -* Allow specifying sender name in smtp.from_address ([#1100](https://github.com/ory/kratos/issues/1100)) ([5904fe3](https://github.com/ory/kratos/commit/5904fe319f75f8138783434d568db6fc7c55b301)) -* Bcrypt algorithm support ([#1169](https://github.com/ory/kratos/issues/1169)) ([b2612ee](https://github.com/ory/kratos/commit/b2612eefbad98d29482d364f670549f470d0a6f5)): - - This patch adds the ability to use BCrypt instead of Argon2id for password hashing. We recommend using BCrypt for web workloads where password hashing should take around 200ms. For workloads where login takes >= 2 seconds, we recommend to continue using Argon2id. - - To use bcrypt for password hashing, set your config as follows: - - ``` - hashers: - bcrypt: - cost: 12 - algorithm: bcrypt - ``` - - Switching the hashing algorithm will not break existing passwords! - - - Co-authored-by: Patrik - -* Check migrations in health check ([c6ef7ad](https://github.com/ory/kratos/commit/c6ef7ad16b70310c645550f7e41b3c8aff847de3)) -* Configure domain alias as query param ([9d8563e](https://github.com/ory/kratos/commit/9d8563eeb3293c42cce440ad74f025b304cccbbe)) -* Contextualize configuration ([d3d5327](https://github.com/ory/kratos/commit/d3d5327a3622318265a063be4782caa25e645a05)) -* Contextualize health checks ([8145a1c](https://github.com/ory/kratos/commit/8145a1c9acaeab441e787118d40ccd448ea82fe4)) -* Contextualize http client in cli calls ([3b3ef8f](https://github.com/ory/kratos/commit/3b3ef8f025d75b244d9285036e66f79af7d5ee35)) -* Contextualize persitence testers ([6440373](https://github.com/ory/kratos/commit/64403736ad9f8b264567e1f8eed1af710cab6046)) -* Courier foreground worker with "kratos courier watch" ([#1062](https://github.com/ory/kratos/issues/1062)) ([500b8ba](https://github.com/ory/kratos/commit/500b8bacd9fd541afd053f42fec66443cfebabda)), closes [#1033](https://github.com/ory/kratos/issues/1033) [#1024](https://github.com/ory/kratos/issues/1024): - - BREACKING CHANGES: This patch moves the courier watcher (responsible for sending mail) to its own foreground worker, which can be executed as a, for example, Kubernetes job. - - It is still possible to have the previous behaviour which would run the worker as a background task when running `kratos serve` by using the `--watch-courier` flag. - - To run the foreground worker, use `kratos courier watch -c your/config.yaml`. - -* **courier:** Allow sending individual messages ([cbb2c0b](https://github.com/ory/kratos/commit/cbb2c0bef63323a177589e9d2a809c84b4f1acdd)) -* Do not enforce bcrypt 12 for dev envs ([bbf44d8](https://github.com/ory/kratos/commit/bbf44d887ae5cdb5975516149c74b3ba10896209)) -* Email input validation ([#1287](https://github.com/ory/kratos/issues/1287)) ([cd56b73](https://github.com/ory/kratos/commit/cd56b73df363dd37485f07d31fef11fd4d9f40a6)), closes [#1285](https://github.com/ory/kratos/issues/1285) -* Export and add config options ([4391fe5](https://github.com/ory/kratos/commit/4391fe572eb6a766afe9808396847ca5fdca07f5)) -* Expose courier worker ([f50969e](https://github.com/ory/kratos/commit/f50969ecba757dea558e9e8b9dd142f5f564d53a)) -* Expose crdb ui ([504d518](https://github.com/ory/kratos/commit/504d5181f5e391bb8d67768b314a0348ed252c8b)) -* Global docs sidebar ([#1258](https://github.com/ory/kratos/issues/1258)) ([7108262](https://github.com/ory/kratos/commit/71082624e093b8c100e71ae59050f89b35ac20a2)) -* Implement and test domain aliasing ([1516a54](https://github.com/ory/kratos/commit/1516a54657df485627251de4e7019bc16353c956)): - - This patch adds a feature called domain aliasing. For more information, head over to http://ory.sh/docs/kratos/next/guides/multi-domain-cookies - -* Improve oas spec and fix mobile tests ([4ead2c8](https://github.com/ory/kratos/commit/4ead2c826a2f1a307e327b9736dd8ac99ef52743)) -* Improve sorting of ui fields ([797b49d](https://github.com/ory/kratos/commit/797b49d0175280f85f568014cf3083e9bc42d354)): - - See https://github.com/ory/kratos/discussions/1196 - -* Include schema ([348a493](https://github.com/ory/kratos/commit/348a493c9e5381830b76e57cad803a308e6ce53a)) -* Make cli commands consumable in Ory Cloud ([#926](https://github.com/ory/kratos/issues/926)) ([fed790b](https://github.com/ory/kratos/commit/fed790b0f71f028f6d92e8ebceee188dbdb20770)) -* Migrate to openapi v3 ([595224b](https://github.com/ory/kratos/commit/595224b1efd5a225702ef236a87f08180a7118b8)) -* **oidc:** Support google hd claim ([#1097](https://github.com/ory/kratos/issues/1097)) ([1f20a5c](https://github.com/ory/kratos/commit/1f20a5ceba7682719112d24a3b18bf046fb2ac22)) -* Populate email templates at delivery time, add plaintext defaults ([#1155](https://github.com/ory/kratos/issues/1155)) ([7749c7a](https://github.com/ory/kratos/commit/7749c7a75a4386c1fd53db57626355467b698c2f)), closes [#1065](https://github.com/ory/kratos/issues/1065) -* **schema:** Add totp errors ([a61f881](https://github.com/ory/kratos/commit/a61f8814101401dbb422967e37b6c6c1ae85d113)) -* Sort and label nodes with easy to use defaults ([cbec27c](https://github.com/ory/kratos/commit/cbec27c957a733411e4c1d511ed5854855b7236e)): - - Ory Kratos takes a guess based on best practices for - - - ordering UI nodes (e.g. email, password, submit button) - - grouping UI nodes (e.g. keep password and oidc nodes together) - - labeling UI nodes (e.g. "Sign in with GitHub") - - using the "title" attribute from the identity schema to label trait fields - - This greatly simplifies front-end code on your end and makes it even easier to integrate with Ory Kratos! If you want a custom experience with e.g. translations or other things you can always adjust this in your UI integration! - -* Support base64 inline schemas ([815a248](https://github.com/ory/kratos/commit/815a24890a118f4128ac083241a93d8df27042f7)) -* Support contextual csrf cookies ([957ef38](https://github.com/ory/kratos/commit/957ef38b69fc6ab071b91262736e6c191be3a4b8)) -* Support domain aliasing in session cookie ([0681c12](https://github.com/ory/kratos/commit/0681c123f2d856ca27caee645dadc9e6e3731d2c)) -* Support label in oidc config ([a99cdcd](https://github.com/ory/kratos/commit/a99cdcddaa0c4bd7b679884b232c2ef8f2dcd978)) -* Support retryable CRDB transactions ([f0c21d7](https://github.com/ory/kratos/commit/f0c21d7e0a6ed85818d0e9025a451cb8cbdee086)) -* Unix sockets support ([#1255](https://github.com/ory/kratos/issues/1255)) ([ad010de](https://github.com/ory/kratos/commit/ad010de240ddd9219f0cfb2ca3fbb180d2d3a697)) -* Web hooks support (recovery) ([#1289](https://github.com/ory/kratos/issues/1289)) ([3e181fe](https://github.com/ory/kratos/commit/3e181fe3d7750a715ab31eb8347fbb4bdb89d6e6)), closes [#271](https://github.com/ory/kratos/issues/271): - - feat: web hooks for self-service flows - - This feature adds the ability to define web-hooks using a mixture of configuration and JsonNet. This allows integration with services like Mailchimp, Stripe, CRMs, and all other APIs that support REST requests. Additional to these new changes it is now possible to define hooks for verification and recovery as well! - - For more information, head over to the [hooks documentation](https://www.ory.sh/kratos/docs/self-service/hooks). - +- Add email template specification in doc + ([#898](https://github.com/ory/kratos/issues/898)) + ([4230d9e](https://github.com/ory/kratos/commit/4230d9e0fc35c651b0d2cbdbbf9e1f1c514743f8)) +- Add error for when no login strategy was found + ([6bae66c](https://github.com/ory/kratos/commit/6bae66cde362c4e2995c9d06a0d3ffee403feb74)) +- Add facebook provider to oidc providers and documentation + ([#1035](https://github.com/ory/kratos/issues/1035)) + ([905bb03](https://github.com/ory/kratos/commit/905bb032520189212bd88f29641903945ae03608)), + closes [#1034](https://github.com/ory/kratos/issues/1034) +- Add FAQ to docs ([#1096](https://github.com/ory/kratos/issues/1096)) + ([9c6b68c](https://github.com/ory/kratos/commit/9c6b68c454f472b26c34e1975b6a67b24b218f47)) +- Add gh login to claims + ([49deb2e](https://github.com/ory/kratos/commit/49deb2e166362a5d051bc08523ef44425f144bdd)) +- Add login strategy text message + ([7468c83](https://github.com/ory/kratos/commit/7468c835d4800c207035897fc9962860d8ab7803)) +- Add more tests for multi domain args + ([e99803b](https://github.com/ory/kratos/commit/e99803b62a847bcee52bcd87fa8088124b4deae2)) +- Add Prometheus monitoring to Public APIs + ([#1022](https://github.com/ory/kratos/issues/1022)) + ([75a4f1a](https://github.com/ory/kratos/commit/75a4f1a5472ffd780fed43a7395a191ed495c6e9)) +- Add random delay to login flow + ([#1088](https://github.com/ory/kratos/issues/1088)) + ([cb9894f](https://github.com/ory/kratos/commit/cb9894fefc694a4092215d3981e80f287021542f)), + closes [#832](https://github.com/ory/kratos/issues/832) +- Add return_url to verification flow + ([#1149](https://github.com/ory/kratos/issues/1149)) + ([bb99912](https://github.com/ory/kratos/commit/bb99912d823e9bcffa41edf50a01dcae40117fe6)), + closes [#1123](https://github.com/ory/kratos/issues/1123) + [#1133](https://github.com/ory/kratos/issues/1133) +- Add sql migrations for new login flow + ([e947edf](https://github.com/ory/kratos/commit/e947edf497b36bc576061c9ae38049e84ee48575)) +- Add sql tracing + ([3c4cc1c](https://github.com/ory/kratos/commit/3c4cc1cec170df14331288170a94ada770d3289f)) +- Add tracing to config schema + ([007dde4](https://github.com/ory/kratos/commit/007dde4482d11f22b8527c94b002da675152a872)) +- Add transporter with host modification + ([2c41b81](https://github.com/ory/kratos/commit/2c41b81be947f9972638d082105f0f5c83078b91)) +- Add workaround template for go openapi + ([5d72d10](https://github.com/ory/kratos/commit/5d72d10f6c6948c48c5701fe348084a668c8311a)) +- Adds slack sogial login ([#974](https://github.com/ory/kratos/issues/974)) + ([7c66053](https://github.com/ory/kratos/commit/7c66053390b3086fe7233625038a78431a61e507)), + closes [#953](https://github.com/ory/kratos/issues/953) +- Allow session cookie name configuration + ([77ce316](https://github.com/ory/kratos/commit/77ce3162ba97cf5c516c26ef499d9fa892162f0a)), + closes [#268](https://github.com/ory/kratos/issues/268) +- Allow specifying sender name in smtp.from_address + ([#1100](https://github.com/ory/kratos/issues/1100)) + ([5904fe3](https://github.com/ory/kratos/commit/5904fe319f75f8138783434d568db6fc7c55b301)) +- Bcrypt algorithm support ([#1169](https://github.com/ory/kratos/issues/1169)) + ([b2612ee](https://github.com/ory/kratos/commit/b2612eefbad98d29482d364f670549f470d0a6f5)): + + This patch adds the ability to use BCrypt instead of Argon2id for password + hashing. We recommend using BCrypt for web workloads where password hashing + should take around 200ms. For workloads where login takes >= 2 seconds, we + recommend to continue using Argon2id. + + To use bcrypt for password hashing, set your config as follows: + + ``` + hashers: + bcrypt: + cost: 12 + algorithm: bcrypt + ``` + + Switching the hashing algorithm will not break existing passwords! + + Co-authored-by: Patrik + +- Check migrations in health check + ([c6ef7ad](https://github.com/ory/kratos/commit/c6ef7ad16b70310c645550f7e41b3c8aff847de3)) +- Configure domain alias as query param + ([9d8563e](https://github.com/ory/kratos/commit/9d8563eeb3293c42cce440ad74f025b304cccbbe)) +- Contextualize configuration + ([d3d5327](https://github.com/ory/kratos/commit/d3d5327a3622318265a063be4782caa25e645a05)) +- Contextualize health checks + ([8145a1c](https://github.com/ory/kratos/commit/8145a1c9acaeab441e787118d40ccd448ea82fe4)) +- Contextualize http client in cli calls + ([3b3ef8f](https://github.com/ory/kratos/commit/3b3ef8f025d75b244d9285036e66f79af7d5ee35)) +- Contextualize persitence testers + ([6440373](https://github.com/ory/kratos/commit/64403736ad9f8b264567e1f8eed1af710cab6046)) +- Courier foreground worker with "kratos courier watch" + ([#1062](https://github.com/ory/kratos/issues/1062)) + ([500b8ba](https://github.com/ory/kratos/commit/500b8bacd9fd541afd053f42fec66443cfebabda)), + closes [#1033](https://github.com/ory/kratos/issues/1033) + [#1024](https://github.com/ory/kratos/issues/1024): + + BREACKING CHANGES: This patch moves the courier watcher (responsible for + sending mail) to its own foreground worker, which can be executed as a, for + example, Kubernetes job. + + It is still possible to have the previous behaviour which would run the worker + as a background task when running `kratos serve` by using the + `--watch-courier` flag. + + To run the foreground worker, use `kratos courier watch -c your/config.yaml`. + +- **courier:** Allow sending individual messages + ([cbb2c0b](https://github.com/ory/kratos/commit/cbb2c0bef63323a177589e9d2a809c84b4f1acdd)) +- Do not enforce bcrypt 12 for dev envs + ([bbf44d8](https://github.com/ory/kratos/commit/bbf44d887ae5cdb5975516149c74b3ba10896209)) +- Email input validation ([#1287](https://github.com/ory/kratos/issues/1287)) + ([cd56b73](https://github.com/ory/kratos/commit/cd56b73df363dd37485f07d31fef11fd4d9f40a6)), + closes [#1285](https://github.com/ory/kratos/issues/1285) +- Export and add config options + ([4391fe5](https://github.com/ory/kratos/commit/4391fe572eb6a766afe9808396847ca5fdca07f5)) +- Expose courier worker + ([f50969e](https://github.com/ory/kratos/commit/f50969ecba757dea558e9e8b9dd142f5f564d53a)) +- Expose crdb ui + ([504d518](https://github.com/ory/kratos/commit/504d5181f5e391bb8d67768b314a0348ed252c8b)) +- Global docs sidebar ([#1258](https://github.com/ory/kratos/issues/1258)) + ([7108262](https://github.com/ory/kratos/commit/71082624e093b8c100e71ae59050f89b35ac20a2)) +- Implement and test domain aliasing + ([1516a54](https://github.com/ory/kratos/commit/1516a54657df485627251de4e7019bc16353c956)): + + This patch adds a feature called domain aliasing. For more information, head + over to http://ory.sh/docs/kratos/next/guides/multi-domain-cookies + +- Improve oas spec and fix mobile tests + ([4ead2c8](https://github.com/ory/kratos/commit/4ead2c826a2f1a307e327b9736dd8ac99ef52743)) +- Improve sorting of ui fields + ([797b49d](https://github.com/ory/kratos/commit/797b49d0175280f85f568014cf3083e9bc42d354)): + + See https://github.com/ory/kratos/discussions/1196 + +- Include schema + ([348a493](https://github.com/ory/kratos/commit/348a493c9e5381830b76e57cad803a308e6ce53a)) +- Make cli commands consumable in Ory Cloud + ([#926](https://github.com/ory/kratos/issues/926)) + ([fed790b](https://github.com/ory/kratos/commit/fed790b0f71f028f6d92e8ebceee188dbdb20770)) +- Migrate to openapi v3 + ([595224b](https://github.com/ory/kratos/commit/595224b1efd5a225702ef236a87f08180a7118b8)) +- **oidc:** Support google hd claim + ([#1097](https://github.com/ory/kratos/issues/1097)) + ([1f20a5c](https://github.com/ory/kratos/commit/1f20a5ceba7682719112d24a3b18bf046fb2ac22)) +- Populate email templates at delivery time, add plaintext defaults + ([#1155](https://github.com/ory/kratos/issues/1155)) + ([7749c7a](https://github.com/ory/kratos/commit/7749c7a75a4386c1fd53db57626355467b698c2f)), + closes [#1065](https://github.com/ory/kratos/issues/1065) +- **schema:** Add totp errors + ([a61f881](https://github.com/ory/kratos/commit/a61f8814101401dbb422967e37b6c6c1ae85d113)) +- Sort and label nodes with easy to use defaults + ([cbec27c](https://github.com/ory/kratos/commit/cbec27c957a733411e4c1d511ed5854855b7236e)): + + Ory Kratos takes a guess based on best practices for + + - ordering UI nodes (e.g. email, password, submit button) + - grouping UI nodes (e.g. keep password and oidc nodes together) + - labeling UI nodes (e.g. "Sign in with GitHub") + - using the "title" attribute from the identity schema to label trait fields + + This greatly simplifies front-end code on your end and makes it even easier to + integrate with Ory Kratos! If you want a custom experience with e.g. + translations or other things you can always adjust this in your UI + integration! + +- Support base64 inline schemas + ([815a248](https://github.com/ory/kratos/commit/815a24890a118f4128ac083241a93d8df27042f7)) +- Support contextual csrf cookies + ([957ef38](https://github.com/ory/kratos/commit/957ef38b69fc6ab071b91262736e6c191be3a4b8)) +- Support domain aliasing in session cookie + ([0681c12](https://github.com/ory/kratos/commit/0681c123f2d856ca27caee645dadc9e6e3731d2c)) +- Support label in oidc config + ([a99cdcd](https://github.com/ory/kratos/commit/a99cdcddaa0c4bd7b679884b232c2ef8f2dcd978)) +- Support retryable CRDB transactions + ([f0c21d7](https://github.com/ory/kratos/commit/f0c21d7e0a6ed85818d0e9025a451cb8cbdee086)) +- Unix sockets support ([#1255](https://github.com/ory/kratos/issues/1255)) + ([ad010de](https://github.com/ory/kratos/commit/ad010de240ddd9219f0cfb2ca3fbb180d2d3a697)) +- Web hooks support (recovery) + ([#1289](https://github.com/ory/kratos/issues/1289)) + ([3e181fe](https://github.com/ory/kratos/commit/3e181fe3d7750a715ab31eb8347fbb4bdb89d6e6)), + closes [#271](https://github.com/ory/kratos/issues/271): + + feat: web hooks for self-service flows + + This feature adds the ability to define web-hooks using a mixture of + configuration and JsonNet. This allows integration with services like + Mailchimp, Stripe, CRMs, and all other APIs that support REST requests. + Additional to these new changes it is now possible to define hooks for + verification and recovery as well! + + For more information, head over to the + [hooks documentation](https://www.ory.sh/kratos/docs/self-service/hooks). ### Tests -* Add case to ensure correct behavior when verifying a different email address ([#999](https://github.com/ory/kratos/issues/999)) ([f95a117](https://github.com/ory/kratos/commit/f95a117677c9c59436ad10aa8951fe875c39a64f)), closes [#998](https://github.com/ory/kratos/issues/998) -* Add oasis test case ([f80691b](https://github.com/ory/kratos/commit/f80691b9dd77566857c4284e2639cc94d5b8c333)) -* Bump poll interval ([b3dc925](https://github.com/ory/kratos/commit/b3dc925a5d43557293745ee81c0ffb3db37b6342)) -* Bump video quality ([b7f8d04](https://github.com/ory/kratos/commit/b7f8d042646037e1589ae2d03602bd63a5cec2fe)) -* Bump wait times ([b2e43f8](https://github.com/ory/kratos/commit/b2e43f8b0b64784f60e5f57d9a0f5d2928c2b891)) -* Clean up hydra env before restart ([cf49414](https://github.com/ory/kratos/commit/cf494149e6a46b15e3b174185e1e87cfcd6f9f7a)) -* **e2e:** Significantly reduce wait and idle times ([f525fc5](https://github.com/ory/kratos/commit/f525fc53afec6f5232ce507fe25ddec1b9069196)) -* Longer wait times ([4bec9ef](https://github.com/ory/kratos/commit/4bec9ef50f14f22342a311f09ba1b59cde47befc)) -* Reliable migration tests on crdb ([2e3764b](https://github.com/ory/kratos/commit/2e3764ba66c156d810de66fba2b0e142dced6f4d)) -* Remove old noop test ([16dca3f](https://github.com/ory/kratos/commit/16dca3f78b2021c09ec83e81ab6d2e68c42ca081)) -* Resolve compile issues ([c1b5ba4](https://github.com/ory/kratos/commit/c1b5ba42171ec522579df9dfaff27b5b74a1566a)) -* Resolve flaky tests ([cb670a8](https://github.com/ory/kratos/commit/cb670a854cbb09b8437bfed7e4a6908ff6dcfd27)) -* Resolve json parser test regression ([a1b9b9a](https://github.com/ory/kratos/commit/a1b9b9a95d58583dc7ecf6d2a501da52f84dd6bb)) -* Resolve login integration regressions ([388b5b2](https://github.com/ory/kratos/commit/388b5b27d6dee7770e5f37d6d83c532044a4e984)) -* Resolve migration regression ([2051a71](https://github.com/ory/kratos/commit/2051a716cb4b8cf334dd65f2ccddb31e5fbed545)) -* Resolve more json parser test regressions ([ff791c4](https://github.com/ory/kratos/commit/ff791c41a1d9ce25af4e883469d3f8c0ef9eb302)) -* Resolve more regressions ([c5a23af](https://github.com/ory/kratos/commit/c5a23af81427480088651833d904e3403a969fab)) -* Resolve order regression ([40a849c](https://github.com/ory/kratos/commit/40a849ca35f4700185322e9ac4f6a4b70132851c)) -* Resolve regression ([e2b0ad3](https://github.com/ory/kratos/commit/e2b0ad3c1845da80f078b11b327b9a0376cbb7c5)) -* Resolve regression ([f0c9e5f](https://github.com/ory/kratos/commit/f0c9e5ff105d76d6bc9478c98522b2440c7181df)) -* Resolve regressions ([4b9da3c](https://github.com/ory/kratos/commit/4b9da3c9d98d40f7b71a56c51543fc115974630d)) -* Resolve stub regressions ([82650cf](https://github.com/ory/kratos/commit/82650cf1843f6bfde015f556f4452a7b6fd52b11)) -* Resolve test migrations ([de0b65d](https://github.com/ory/kratos/commit/de0b65d96daef0e31c12b3b6915f283a8e71244b)) -* Resolve test regression issues ([ccf9fed](https://github.com/ory/kratos/commit/ccf9feddade11f9fcaaf1c37dd3efeb2c4df6649)) -* Speed up tests ([a16737c](https://github.com/ory/kratos/commit/a16737cccc36a14444711660f1737913ffd7ba01)) -* Update schema tests for webhooks ([d1ddfa8](https://github.com/ory/kratos/commit/d1ddfa80742728b28dc5710ca5b6e7282a2dec55)) -* Update test description ([55fb37f](https://github.com/ory/kratos/commit/55fb37f62fc3ab7c0d5324ed31ef3e7f66a73aa2)) -* Use bcrypt cost 4 to reduce CI times ([cabe97d](https://github.com/ory/kratos/commit/cabe97d0656858fd1ee0442b40881417e91294f3)) -* Use fast bcrypt for e2e ([d90cf13](https://github.com/ory/kratos/commit/d90cf13230632e76eb74965c0945573b4f2e98ff)) +- Add case to ensure correct behavior when verifying a different email address + ([#999](https://github.com/ory/kratos/issues/999)) + ([f95a117](https://github.com/ory/kratos/commit/f95a117677c9c59436ad10aa8951fe875c39a64f)), + closes [#998](https://github.com/ory/kratos/issues/998) +- Add oasis test case + ([f80691b](https://github.com/ory/kratos/commit/f80691b9dd77566857c4284e2639cc94d5b8c333)) +- Bump poll interval + ([b3dc925](https://github.com/ory/kratos/commit/b3dc925a5d43557293745ee81c0ffb3db37b6342)) +- Bump video quality + ([b7f8d04](https://github.com/ory/kratos/commit/b7f8d042646037e1589ae2d03602bd63a5cec2fe)) +- Bump wait times + ([b2e43f8](https://github.com/ory/kratos/commit/b2e43f8b0b64784f60e5f57d9a0f5d2928c2b891)) +- Clean up hydra env before restart + ([cf49414](https://github.com/ory/kratos/commit/cf494149e6a46b15e3b174185e1e87cfcd6f9f7a)) +- **e2e:** Significantly reduce wait and idle times + ([f525fc5](https://github.com/ory/kratos/commit/f525fc53afec6f5232ce507fe25ddec1b9069196)) +- Longer wait times + ([4bec9ef](https://github.com/ory/kratos/commit/4bec9ef50f14f22342a311f09ba1b59cde47befc)) +- Reliable migration tests on crdb + ([2e3764b](https://github.com/ory/kratos/commit/2e3764ba66c156d810de66fba2b0e142dced6f4d)) +- Remove old noop test + ([16dca3f](https://github.com/ory/kratos/commit/16dca3f78b2021c09ec83e81ab6d2e68c42ca081)) +- Resolve compile issues + ([c1b5ba4](https://github.com/ory/kratos/commit/c1b5ba42171ec522579df9dfaff27b5b74a1566a)) +- Resolve flaky tests + ([cb670a8](https://github.com/ory/kratos/commit/cb670a854cbb09b8437bfed7e4a6908ff6dcfd27)) +- Resolve json parser test regression + ([a1b9b9a](https://github.com/ory/kratos/commit/a1b9b9a95d58583dc7ecf6d2a501da52f84dd6bb)) +- Resolve login integration regressions + ([388b5b2](https://github.com/ory/kratos/commit/388b5b27d6dee7770e5f37d6d83c532044a4e984)) +- Resolve migration regression + ([2051a71](https://github.com/ory/kratos/commit/2051a716cb4b8cf334dd65f2ccddb31e5fbed545)) +- Resolve more json parser test regressions + ([ff791c4](https://github.com/ory/kratos/commit/ff791c41a1d9ce25af4e883469d3f8c0ef9eb302)) +- Resolve more regressions + ([c5a23af](https://github.com/ory/kratos/commit/c5a23af81427480088651833d904e3403a969fab)) +- Resolve order regression + ([40a849c](https://github.com/ory/kratos/commit/40a849ca35f4700185322e9ac4f6a4b70132851c)) +- Resolve regression + ([e2b0ad3](https://github.com/ory/kratos/commit/e2b0ad3c1845da80f078b11b327b9a0376cbb7c5)) +- Resolve regression + ([f0c9e5f](https://github.com/ory/kratos/commit/f0c9e5ff105d76d6bc9478c98522b2440c7181df)) +- Resolve regressions + ([4b9da3c](https://github.com/ory/kratos/commit/4b9da3c9d98d40f7b71a56c51543fc115974630d)) +- Resolve stub regressions + ([82650cf](https://github.com/ory/kratos/commit/82650cf1843f6bfde015f556f4452a7b6fd52b11)) +- Resolve test migrations + ([de0b65d](https://github.com/ory/kratos/commit/de0b65d96daef0e31c12b3b6915f283a8e71244b)) +- Resolve test regression issues + ([ccf9fed](https://github.com/ory/kratos/commit/ccf9feddade11f9fcaaf1c37dd3efeb2c4df6649)) +- Speed up tests + ([a16737c](https://github.com/ory/kratos/commit/a16737cccc36a14444711660f1737913ffd7ba01)) +- Update schema tests for webhooks + ([d1ddfa8](https://github.com/ory/kratos/commit/d1ddfa80742728b28dc5710ca5b6e7282a2dec55)) +- Update test description + ([55fb37f](https://github.com/ory/kratos/commit/55fb37f62fc3ab7c0d5324ed31ef3e7f66a73aa2)) +- Use bcrypt cost 4 to reduce CI times + ([cabe97d](https://github.com/ory/kratos/commit/cabe97d0656858fd1ee0442b40881417e91294f3)) +- Use fast bcrypt for e2e + ([d90cf13](https://github.com/ory/kratos/commit/d90cf13230632e76eb74965c0945573b4f2e98ff)) ### Unclassified -* fix: resolve clidoc issues (#976) ([346bc73](https://github.com/ory/kratos/commit/346bc73921655d52861b8803eb3351c4205657ee)), closes [#976](https://github.com/ory/kratos/issues/976) [#951](https://github.com/ory/kratos/issues/951) -* :bug: fix ory home directory path (#897) ([2fca2be](https://github.com/ory/kratos/commit/2fca2bedaa907691bef324c11545e007b51d4881)), closes [#897](https://github.com/ory/kratos/issues/897) -* Fix typo in config schema ([16337f1](https://github.com/ory/kratos/commit/16337f13e4388a715c8109c29cf198c82a848a16)) -* Format ([e4b7e79](https://github.com/ory/kratos/commit/e4b7e79f4ee91dadfcd008a5b3e318b6bfedad10)) -* Format ([193d266](https://github.com/ory/kratos/commit/193d2668ae0955a1346390057539a8b796d17afd)) -* Format ([1ebfbde](https://github.com/ory/kratos/commit/1ebfbdea75f27c8eeafa7d3aff45de133ea340bb)) -* Format ([ba1eeef](https://github.com/ory/kratos/commit/ba1eeef4f232c4ab59343a2ca3c7cf0eb6dfd110)) -* Format ([ada5dbb](https://github.com/ory/kratos/commit/ada5dbb58c45502b8275850a3bc0876debc66888)) -* Format ([17a0bf5](https://github.com/ory/kratos/commit/17a0bf5872b33eac615afc675c7d92d7c7441b2e)) -* Initial documentation tests via Text-Runner ([#567](https://github.com/ory/kratos/issues/567)) ([c30eb26](https://github.com/ory/kratos/commit/c30eb26f76ab70a6098c0b40c9a04726d36d72f2)) - +- fix: resolve clidoc issues (#976) + ([346bc73](https://github.com/ory/kratos/commit/346bc73921655d52861b8803eb3351c4205657ee)), + closes [#976](https://github.com/ory/kratos/issues/976) + [#951](https://github.com/ory/kratos/issues/951) +- :bug: fix ory home directory path (#897) + ([2fca2be](https://github.com/ory/kratos/commit/2fca2bedaa907691bef324c11545e007b51d4881)), + closes [#897](https://github.com/ory/kratos/issues/897) +- Fix typo in config schema + ([16337f1](https://github.com/ory/kratos/commit/16337f13e4388a715c8109c29cf198c82a848a16)) +- Format + ([e4b7e79](https://github.com/ory/kratos/commit/e4b7e79f4ee91dadfcd008a5b3e318b6bfedad10)) +- Format + ([193d266](https://github.com/ory/kratos/commit/193d2668ae0955a1346390057539a8b796d17afd)) +- Format + ([1ebfbde](https://github.com/ory/kratos/commit/1ebfbdea75f27c8eeafa7d3aff45de133ea340bb)) +- Format + ([ba1eeef](https://github.com/ory/kratos/commit/ba1eeef4f232c4ab59343a2ca3c7cf0eb6dfd110)) +- Format + ([ada5dbb](https://github.com/ory/kratos/commit/ada5dbb58c45502b8275850a3bc0876debc66888)) +- Format + ([17a0bf5](https://github.com/ory/kratos/commit/17a0bf5872b33eac615afc675c7d92d7c7441b2e)) +- Initial documentation tests via Text-Runner + ([#567](https://github.com/ory/kratos/issues/567)) + ([c30eb26](https://github.com/ory/kratos/commit/c30eb26f76ab70a6098c0b40c9a04726d36d72f2)) # [0.5.5-alpha.1](https://github.com/ory/kratos/compare/v0.5.4-alpha.1...v0.5.5-alpha.1) (2020-12-09) -The ORY Community is proud to present you the next iteration of ORY Kratos. In this release, we focused on improving production stability! - - - - +The ORY Community is proud to present you the next iteration of ORY Kratos. In +this release, we focused on improving production stability! ### Bug Fixes -* CSRF token is required when using the Revoke Session API endpoint ([#839](https://github.com/ory/kratos/issues/839)) ([d3218a0](https://github.com/ory/kratos/commit/d3218a0f23de7293b0a4a966ad21369a92b68b1a)), closes [#838](https://github.com/ory/kratos/issues/838) -* Incorrect home path ([#848](https://github.com/ory/kratos/issues/848)) ([5265af0](https://github.com/ory/kratos/commit/5265af00c92fe505819300caddfcc64004d45c65)) -* Make password policy configurable ([#888](https://github.com/ory/kratos/issues/888)) ([7a00483](https://github.com/ory/kratos/commit/7a00483908bb623efdf281e76005c4485ea6b1ab)), closes [#450](https://github.com/ory/kratos/issues/450) [#316](https://github.com/ory/kratos/issues/316): - - Allows configuring password breach thresholds and optionally enforces checks against the HIBP API. - -* Remove obsolete types ([#887](https://github.com/ory/kratos/issues/887)) ([b8bac7a](https://github.com/ory/kratos/commit/b8bac7aa56c16cd98f76a95a5e0d01fb1bbde6b7)), closes [#716](https://github.com/ory/kratos/issues/716) -* Set samesite attribute to lax if in dev mode ([#824](https://github.com/ory/kratos/issues/824)) ([91d6698](https://github.com/ory/kratos/commit/91d6698e4ce05ee59bb72fc84b54af9d1d204b41)), closes [#821](https://github.com/ory/kratos/issues/821) -* Use working cache-control header for cdn/proxies/cache ([#869](https://github.com/ory/kratos/issues/869)) ([d8e3d40](https://github.com/ory/kratos/commit/d8e3d40001ffdc64da2288f3cffd53cf3bfdf781)), closes [#601](https://github.com/ory/kratos/issues/601) +- CSRF token is required when using the Revoke Session API endpoint + ([#839](https://github.com/ory/kratos/issues/839)) + ([d3218a0](https://github.com/ory/kratos/commit/d3218a0f23de7293b0a4a966ad21369a92b68b1a)), + closes [#838](https://github.com/ory/kratos/issues/838) +- Incorrect home path ([#848](https://github.com/ory/kratos/issues/848)) + ([5265af0](https://github.com/ory/kratos/commit/5265af00c92fe505819300caddfcc64004d45c65)) +- Make password policy configurable + ([#888](https://github.com/ory/kratos/issues/888)) + ([7a00483](https://github.com/ory/kratos/commit/7a00483908bb623efdf281e76005c4485ea6b1ab)), + closes [#450](https://github.com/ory/kratos/issues/450) + [#316](https://github.com/ory/kratos/issues/316): + + Allows configuring password breach thresholds and optionally enforces checks + against the HIBP API. + +- Remove obsolete types ([#887](https://github.com/ory/kratos/issues/887)) + ([b8bac7a](https://github.com/ory/kratos/commit/b8bac7aa56c16cd98f76a95a5e0d01fb1bbde6b7)), + closes [#716](https://github.com/ory/kratos/issues/716) +- Set samesite attribute to lax if in dev mode + ([#824](https://github.com/ory/kratos/issues/824)) + ([91d6698](https://github.com/ory/kratos/commit/91d6698e4ce05ee59bb72fc84b54af9d1d204b41)), + closes [#821](https://github.com/ory/kratos/issues/821) +- Use working cache-control header for cdn/proxies/cache + ([#869](https://github.com/ory/kratos/issues/869)) + ([d8e3d40](https://github.com/ory/kratos/commit/d8e3d40001ffdc64da2288f3cffd53cf3bfdf781)), + closes [#601](https://github.com/ory/kratos/issues/601) ### Code Generation -* Pin v0.5.5-alpha.1 release commit ([83aedcb](https://github.com/ory/kratos/commit/83aedcb885acb96c5deb39fff675d5f0528af32d)) +- Pin v0.5.5-alpha.1 release commit + ([83aedcb](https://github.com/ory/kratos/commit/83aedcb885acb96c5deb39fff675d5f0528af32d)) ### Documentation -* Add contributing to sidebar ([#866](https://github.com/ory/kratos/issues/866)) ([44f33f9](https://github.com/ory/kratos/commit/44f33f97d43f2a3c553a65ebb2986e0731c0e5f2)): - - The same change as in https://github.com/ory/hydra/pull/2209 - -* Add newsletter to config ([1735ca2](https://github.com/ory/kratos/commit/1735ca2ced104971de4e97524d0a23d57ba045f2)) -* Add recovery flow ([#868](https://github.com/ory/kratos/issues/868)) ([d95cfe9](https://github.com/ory/kratos/commit/d95cfe9759d3ffc08c24048a064c0c800abdf4b4)), closes [#864](https://github.com/ory/kratos/issues/864): - - Added a short section for the recovery flow on managing-user-identities. - -* Fix account recovery click instruction ([#870](https://github.com/ory/kratos/issues/870)) ([383de9e](https://github.com/ory/kratos/commit/383de9ecf6f6504dbb9c20fb4cb984e934f0751e)) -* Fix broken link ([#893](https://github.com/ory/kratos/issues/893)) ([dec38a2](https://github.com/ory/kratos/commit/dec38a28964aaa13827d356e5bfa12c2a6d1400e)), closes [#835](https://github.com/ory/kratos/issues/835) -* Fix oidc config example structure ([#845](https://github.com/ory/kratos/issues/845)) ([c102a68](https://github.com/ory/kratos/commit/c102a6844db29f994b67d23bb04e64ee71376264)) -* Fix redirect ([#802](https://github.com/ory/kratos/issues/802)) ([b868782](https://github.com/ory/kratos/commit/b86878229f343e6b11521596b04040f892d1e2c3)) -* Fix typo ([#847](https://github.com/ory/kratos/issues/847)) ([9b3da9f](https://github.com/ory/kratos/commit/9b3da9f0fe2ce71743115844d8c91a1dc9c4cbae)) -* Fix typo ([#881](https://github.com/ory/kratos/issues/881)) ([3078293](https://github.com/ory/kratos/commit/3078293717a2ce21c4b939de4c2c4886c75303b5)) -* Fix typo MKFA to MFA ([#826](https://github.com/ory/kratos/issues/826)) ([a5613d0](https://github.com/ory/kratos/commit/a5613d08aa21f90f4d192e5663ba4977b3de16c3)) -* Remove workaround note ([#886](https://github.com/ory/kratos/issues/886)) ([05409bc](https://github.com/ory/kratos/commit/05409bc13f527398e3de01f29437e5d4353ef8d4)), closes [#718](https://github.com/ory/kratos/issues/718) -* Swagger specs for selfservice settings browser flow ([#825](https://github.com/ory/kratos/issues/825)) ([28d50f4](https://github.com/ory/kratos/commit/28d50f45ab14d561609be7047cac13902394b547)) -* Update oidc provider with json conf support ([#833](https://github.com/ory/kratos/issues/833)) ([670eb37](https://github.com/ory/kratos/commit/670eb37d19674f33a36402cd9a88d61ca7327751)) +- Add contributing to sidebar ([#866](https://github.com/ory/kratos/issues/866)) + ([44f33f9](https://github.com/ory/kratos/commit/44f33f97d43f2a3c553a65ebb2986e0731c0e5f2)): + + The same change as in https://github.com/ory/hydra/pull/2209 + +- Add newsletter to config + ([1735ca2](https://github.com/ory/kratos/commit/1735ca2ced104971de4e97524d0a23d57ba045f2)) +- Add recovery flow ([#868](https://github.com/ory/kratos/issues/868)) + ([d95cfe9](https://github.com/ory/kratos/commit/d95cfe9759d3ffc08c24048a064c0c800abdf4b4)), + closes [#864](https://github.com/ory/kratos/issues/864): + + Added a short section for the recovery flow on managing-user-identities. + +- Fix account recovery click instruction + ([#870](https://github.com/ory/kratos/issues/870)) + ([383de9e](https://github.com/ory/kratos/commit/383de9ecf6f6504dbb9c20fb4cb984e934f0751e)) +- Fix broken link ([#893](https://github.com/ory/kratos/issues/893)) + ([dec38a2](https://github.com/ory/kratos/commit/dec38a28964aaa13827d356e5bfa12c2a6d1400e)), + closes [#835](https://github.com/ory/kratos/issues/835) +- Fix oidc config example structure + ([#845](https://github.com/ory/kratos/issues/845)) + ([c102a68](https://github.com/ory/kratos/commit/c102a6844db29f994b67d23bb04e64ee71376264)) +- Fix redirect ([#802](https://github.com/ory/kratos/issues/802)) + ([b868782](https://github.com/ory/kratos/commit/b86878229f343e6b11521596b04040f892d1e2c3)) +- Fix typo ([#847](https://github.com/ory/kratos/issues/847)) + ([9b3da9f](https://github.com/ory/kratos/commit/9b3da9f0fe2ce71743115844d8c91a1dc9c4cbae)) +- Fix typo ([#881](https://github.com/ory/kratos/issues/881)) + ([3078293](https://github.com/ory/kratos/commit/3078293717a2ce21c4b939de4c2c4886c75303b5)) +- Fix typo MKFA to MFA ([#826](https://github.com/ory/kratos/issues/826)) + ([a5613d0](https://github.com/ory/kratos/commit/a5613d08aa21f90f4d192e5663ba4977b3de16c3)) +- Remove workaround note ([#886](https://github.com/ory/kratos/issues/886)) + ([05409bc](https://github.com/ory/kratos/commit/05409bc13f527398e3de01f29437e5d4353ef8d4)), + closes [#718](https://github.com/ory/kratos/issues/718) +- Swagger specs for selfservice settings browser flow + ([#825](https://github.com/ory/kratos/issues/825)) + ([28d50f4](https://github.com/ory/kratos/commit/28d50f45ab14d561609be7047cac13902394b547)) +- Update oidc provider with json conf support + ([#833](https://github.com/ory/kratos/issues/833)) + ([670eb37](https://github.com/ory/kratos/commit/670eb37d19674f33a36402cd9a88d61ca7327751)) ### Features -* Add return_to parameter to logout flow ([#823](https://github.com/ory/kratos/issues/823)) ([1c146dd](https://github.com/ory/kratos/commit/1c146dd21d616a56f510019abadd37402782bb39)), closes [#702](https://github.com/ory/kratos/issues/702) -* Add selinux compatible quickstart config ([#889](https://github.com/ory/kratos/issues/889)) ([0f87948](https://github.com/ory/kratos/commit/0f879481df209ed96b778799adcc2a9424449b37)), closes [#831](https://github.com/ory/kratos/issues/831) +- Add return_to parameter to logout flow + ([#823](https://github.com/ory/kratos/issues/823)) + ([1c146dd](https://github.com/ory/kratos/commit/1c146dd21d616a56f510019abadd37402782bb39)), + closes [#702](https://github.com/ory/kratos/issues/702) +- Add selinux compatible quickstart config + ([#889](https://github.com/ory/kratos/issues/889)) + ([0f87948](https://github.com/ory/kratos/commit/0f879481df209ed96b778799adcc2a9424449b37)), + closes [#831](https://github.com/ory/kratos/issues/831) ### Tests -* Ensure registration runs only once ([#872](https://github.com/ory/kratos/issues/872)) ([5ffc036](https://github.com/ory/kratos/commit/5ffc036ac82f36ad6ef499e217971275a35fc23a)) +- Ensure registration runs only once + ([#872](https://github.com/ory/kratos/issues/872)) + ([5ffc036](https://github.com/ory/kratos/commit/5ffc036ac82f36ad6ef499e217971275a35fc23a)) ### Unclassified -* docs: fix link and typo in Configuring Cookies (#883) ([c51ed6b](https://github.com/ory/kratos/commit/c51ed6b789d2e3a8fe4e93565c3bded37d298f98)), closes [#883](https://github.com/ory/kratos/issues/883) - +- docs: fix link and typo in Configuring Cookies (#883) + ([c51ed6b](https://github.com/ory/kratos/commit/c51ed6b789d2e3a8fe4e93565c3bded37d298f98)), + closes [#883](https://github.com/ory/kratos/issues/883) # [0.5.4-alpha.1](https://github.com/ory/kratos/compare/v0.5.3-alpha.1...v0.5.4-alpha.1) (2020-11-11) -This release introduces the new CLI command `kratos hashers argon2 calibrate 500ms`. This command will choose the best parameterization for Argon2. Check out the [Choose Argon2 Parameters for Secure Password Hashing and Login](https://www.ory.sh/choose-recommended-argon2-parameters-password-hashing/) blog article for more insights! - - - - +This release introduces the new CLI command +`kratos hashers argon2 calibrate 500ms`. This command will choose the best +parameterization for Argon2. Check out the +[Choose Argon2 Parameters for Secure Password Hashing and Login](https://www.ory.sh/choose-recommended-argon2-parameters-password-hashing/) +blog article for more insights! ### Bug Fixes -* Case in settings handler method ([#798](https://github.com/ory/kratos/issues/798)) ([83eb4e0](https://github.com/ory/kratos/commit/83eb4e0021621014d2b543e57a01401381f07fe4)) -* Force brew install statement ([#796](https://github.com/ory/kratos/issues/796)) ([ad542ad](https://github.com/ory/kratos/commit/ad542ad5919205ac26a757145474e5a46f3937ec)): - - Closes https://github.com/ory/homebrew-kratos/issues/1 +- Case in settings handler method + ([#798](https://github.com/ory/kratos/issues/798)) + ([83eb4e0](https://github.com/ory/kratos/commit/83eb4e0021621014d2b543e57a01401381f07fe4)) +- Force brew install statement + ([#796](https://github.com/ory/kratos/issues/796)) + ([ad542ad](https://github.com/ory/kratos/commit/ad542ad5919205ac26a757145474e5a46f3937ec)): + Closes https://github.com/ory/homebrew-kratos/issues/1 ### Code Generation -* Pin v0.5.4-alpha.1 release commit ([b02926c](https://github.com/ory/kratos/commit/b02926c42aee2748bc37ce2600596bd0c2537a0d)) +- Pin v0.5.4-alpha.1 release commit + ([b02926c](https://github.com/ory/kratos/commit/b02926c42aee2748bc37ce2600596bd0c2537a0d)) ### Code Refactoring -* Move pkger and ioutil helpers to ory/x ([60a0fc4](https://github.com/ory/kratos/commit/60a0fc449d90ead6065ca00926536a989d8b2a2b)) +- Move pkger and ioutil helpers to ory/x + ([60a0fc4](https://github.com/ory/kratos/commit/60a0fc449d90ead6065ca00926536a989d8b2a2b)) ### Documentation -* Fix another broken link ([15bae9f](https://github.com/ory/kratos/commit/15bae9f893c2e2910167326d987455246c110001)) -* Fix broken links ([#795](https://github.com/ory/kratos/issues/795)) ([0ab0e7e](https://github.com/ory/kratos/commit/0ab0e7eca8e95d6c26d028c177cbbd1f06b68871)), closes [#793](https://github.com/ory/kratos/issues/793) -* Fix broken relative link ([#812](https://github.com/ory/kratos/issues/812)) ([b32b173](https://github.com/ory/kratos/commit/b32b173fe30b7c5c43700abfa4ddb3409a33556b)) -* Fix links ([#800](https://github.com/ory/kratos/issues/800)) ([5fcc272](https://github.com/ory/kratos/commit/5fcc272e625de9e583b2ec24d5679895a6d24c1b)) -* Fix oidc config examples ([#799](https://github.com/ory/kratos/issues/799)) ([8a4f480](https://github.com/ory/kratos/commit/8a4f480121995d9899668f037382086fcdd2da4c)) -* Fix self-service recovery flow typo ([#807](https://github.com/ory/kratos/issues/807)) ([800110d](https://github.com/ory/kratos/commit/800110d87c9df70a5ec79b58d9fcb9ae39ff76b9)) -* Remove duplicate words & fix spelling ([#810](https://github.com/ory/kratos/issues/810)) ([4e1b966](https://github.com/ory/kratos/commit/4e1b96667d9f08dbafeb2f5ce144ca43309de8e0)) -* Remove leftover category from reference sidebar ([#813](https://github.com/ory/kratos/issues/813)) ([94fde51](https://github.com/ory/kratos/commit/94fde5101d00b9e1f7228e9d122ef0a8e4719355)) -* Use correct links ([#797](https://github.com/ory/kratos/issues/797)) ([a4de293](https://github.com/ory/kratos/commit/a4de29399e4f1b5d0a33acc85478f2d38579a174)) +- Fix another broken link + ([15bae9f](https://github.com/ory/kratos/commit/15bae9f893c2e2910167326d987455246c110001)) +- Fix broken links ([#795](https://github.com/ory/kratos/issues/795)) + ([0ab0e7e](https://github.com/ory/kratos/commit/0ab0e7eca8e95d6c26d028c177cbbd1f06b68871)), + closes [#793](https://github.com/ory/kratos/issues/793) +- Fix broken relative link ([#812](https://github.com/ory/kratos/issues/812)) + ([b32b173](https://github.com/ory/kratos/commit/b32b173fe30b7c5c43700abfa4ddb3409a33556b)) +- Fix links ([#800](https://github.com/ory/kratos/issues/800)) + ([5fcc272](https://github.com/ory/kratos/commit/5fcc272e625de9e583b2ec24d5679895a6d24c1b)) +- Fix oidc config examples ([#799](https://github.com/ory/kratos/issues/799)) + ([8a4f480](https://github.com/ory/kratos/commit/8a4f480121995d9899668f037382086fcdd2da4c)) +- Fix self-service recovery flow typo + ([#807](https://github.com/ory/kratos/issues/807)) + ([800110d](https://github.com/ory/kratos/commit/800110d87c9df70a5ec79b58d9fcb9ae39ff76b9)) +- Remove duplicate words & fix spelling + ([#810](https://github.com/ory/kratos/issues/810)) + ([4e1b966](https://github.com/ory/kratos/commit/4e1b96667d9f08dbafeb2f5ce144ca43309de8e0)) +- Remove leftover category from reference sidebar + ([#813](https://github.com/ory/kratos/issues/813)) + ([94fde51](https://github.com/ory/kratos/commit/94fde5101d00b9e1f7228e9d122ef0a8e4719355)) +- Use correct links ([#797](https://github.com/ory/kratos/issues/797)) + ([a4de293](https://github.com/ory/kratos/commit/a4de29399e4f1b5d0a33acc85478f2d38579a174)) ### Features -* Add helper for choosing argon2 parameters ([#803](https://github.com/ory/kratos/issues/803)) ([ca5a69b](https://github.com/ory/kratos/commit/ca5a69b798635d0e5361fd5b0cc369b035dca738)), closes [#723](https://github.com/ory/kratos/issues/723) [#572](https://github.com/ory/kratos/issues/572) [#647](https://github.com/ory/kratos/issues/647): - - This patch adds the new command "hashers argon2 calibrate" which allows one to pick the desired hashing time for password hashing and then chooses the optimal parameters for the hardware the command is running on: - - ``` - $ kratos hashers argon2 calibrate 500ms - Increasing memory to get over 500ms: - took 2.846592732s in try 0 - took 6.006488824s in try 1 - took 4.42657975s with 4.00GB of memory - [...] - Decreasing iterations to get under 500ms: - took 484.257775ms in try 0 - took 488.784192ms in try 1 - took 486.534204ms with 3 iterations - Settled on 3 iterations. - - { - "memory": 1048576, - "iterations": 3, - "parallelism": 32, - "salt_length": 16, - "key_length": 32 - } - ``` - +- Add helper for choosing argon2 parameters + ([#803](https://github.com/ory/kratos/issues/803)) + ([ca5a69b](https://github.com/ory/kratos/commit/ca5a69b798635d0e5361fd5b0cc369b035dca738)), + closes [#723](https://github.com/ory/kratos/issues/723) + [#572](https://github.com/ory/kratos/issues/572) + [#647](https://github.com/ory/kratos/issues/647): + + This patch adds the new command "hashers argon2 calibrate" which allows one to + pick the desired hashing time for password hashing and then chooses the + optimal parameters for the hardware the command is running on: + + ``` + $ kratos hashers argon2 calibrate 500ms + Increasing memory to get over 500ms: + took 2.846592732s in try 0 + took 6.006488824s in try 1 + took 4.42657975s with 4.00GB of memory + [...] + Decreasing iterations to get under 500ms: + took 484.257775ms in try 0 + took 488.784192ms in try 1 + took 486.534204ms with 3 iterations + Settled on 3 iterations. + { + "memory": 1048576, + "iterations": 3, + "parallelism": 32, + "salt_length": 16, + "key_length": 32 + } + ``` # [0.5.3-alpha.1](https://github.com/ory/kratos/compare/v0.5.2-alpha.1...v0.5.3-alpha.1) (2020-10-27) -This release improves the developer and user experience around CSRF counter-measures. It should now be possible to use the self-service API flows without having to explicitly disable cookie features in your SDKs and integrations. Additionally, another issue in the CGO pipeline was resolved which finally allows running ORY Kratos without CGO if the target database is not SQLite. - -Further improvements to default config values have been made and a full end-to-end test suite for the exemplary [kratos-selfservice-ui-react-native](kratos-selfservice-ui-react-native) app. The app is now available in the iTunes store as well - just search for "ORY Profile App"! - - - +This release improves the developer and user experience around CSRF +counter-measures. It should now be possible to use the self-service API flows +without having to explicitly disable cookie features in your SDKs and +integrations. Additionally, another issue in the CGO pipeline was resolved which +finally allows running ORY Kratos without CGO if the target database is not +SQLite. +Further improvements to default config values have been made and a full +end-to-end test suite for the exemplary +[kratos-selfservice-ui-react-native](kratos-selfservice-ui-react-native) app. +The app is now available in the iTunes store as well - just search for "ORY +Profile App"! ### Bug Fixes -* Add "x-session-token" to default allowed headers ([3c912e4](https://github.com/ory/kratos/commit/3c912e4c7d46fd45c00cabb68ed7770bd44f7d07)) -* Do not set cookies on api endpoints ([2f67c28](https://github.com/ory/kratos/commit/2f67c28718856ea03ea2effa89b28a8c4b3b8ae0)) -* Do not set csrf cookies on potential api endpoints ([4d97a95](https://github.com/ory/kratos/commit/4d97a95d084ea99f5aca158609e197acd256cdd7)) -* Ignore unsupported migration dialects ([12bb8d1](https://github.com/ory/kratos/commit/12bb8d14ae1edef18591996411be67d5693e5101)), closes [#778](https://github.com/ory/kratos/issues/778): - - Skips sqlite3 migrations when support is lacking. - -* Improve semver regex ([584c0b5](https://github.com/ory/kratos/commit/584c0b5043e85e88ac2648cf699d60fed3e775a9)) -* Properly set nosurf context even when ignored ([0dcb774](https://github.com/ory/kratos/commit/0dcb774157bcbfd41a5d9df3914c31162226da75)) -* Update cypress ([ba8b172](https://github.com/ory/kratos/commit/ba8b1729477233f79d099e5d7b397430ac1c6ace)) -* Use correct regex for version replacement ([ce870ab](https://github.com/ory/kratos/commit/ce870ababdf089344a9428d3a405e18504a3c906)), closes [#787](https://github.com/ory/kratos/issues/787) +- Add "x-session-token" to default allowed headers + ([3c912e4](https://github.com/ory/kratos/commit/3c912e4c7d46fd45c00cabb68ed7770bd44f7d07)) +- Do not set cookies on api endpoints + ([2f67c28](https://github.com/ory/kratos/commit/2f67c28718856ea03ea2effa89b28a8c4b3b8ae0)) +- Do not set csrf cookies on potential api endpoints + ([4d97a95](https://github.com/ory/kratos/commit/4d97a95d084ea99f5aca158609e197acd256cdd7)) +- Ignore unsupported migration dialects + ([12bb8d1](https://github.com/ory/kratos/commit/12bb8d14ae1edef18591996411be67d5693e5101)), + closes [#778](https://github.com/ory/kratos/issues/778): + + Skips sqlite3 migrations when support is lacking. + +- Improve semver regex + ([584c0b5](https://github.com/ory/kratos/commit/584c0b5043e85e88ac2648cf699d60fed3e775a9)) +- Properly set nosurf context even when ignored + ([0dcb774](https://github.com/ory/kratos/commit/0dcb774157bcbfd41a5d9df3914c31162226da75)) +- Update cypress + ([ba8b172](https://github.com/ory/kratos/commit/ba8b1729477233f79d099e5d7b397430ac1c6ace)) +- Use correct regex for version replacement + ([ce870ab](https://github.com/ory/kratos/commit/ce870ababdf089344a9428d3a405e18504a3c906)), + closes [#787](https://github.com/ory/kratos/issues/787) ### Code Generation -* Pin v0.5.3-alpha.1 release commit ([64dc91a](https://github.com/ory/kratos/commit/64dc91af54cdf3eba158a50690240cdc8f7cb43b)) +- Pin v0.5.3-alpha.1 release commit + ([64dc91a](https://github.com/ory/kratos/commit/64dc91af54cdf3eba158a50690240cdc8f7cb43b)) ### Documentation -* Fix docosaurus admonitions ([#788](https://github.com/ory/kratos/issues/788)) ([281a7c9](https://github.com/ory/kratos/commit/281a7c9289570d4bee33447655281b610cbe7e52)) -* Pin download script version ([e4137a6](https://github.com/ory/kratos/commit/e4137a6a41d68b1480af2075bda8c5f46c42cd22)) -* Remove trailing garbage from quickstart ([#787](https://github.com/ory/kratos/issues/787)) ([7e70924](https://github.com/ory/kratos/commit/7e709242ada28b7781c6ace272f60f9d1b9d5b2f)) +- Fix docosaurus admonitions ([#788](https://github.com/ory/kratos/issues/788)) + ([281a7c9](https://github.com/ory/kratos/commit/281a7c9289570d4bee33447655281b610cbe7e52)) +- Pin download script version + ([e4137a6](https://github.com/ory/kratos/commit/e4137a6a41d68b1480af2075bda8c5f46c42cd22)) +- Remove trailing garbage from quickstart + ([#787](https://github.com/ory/kratos/issues/787)) + ([7e70924](https://github.com/ory/kratos/commit/7e709242ada28b7781c6ace272f60f9d1b9d5b2f)) ### Features -* Improve makefile install process and update deps ([d1eb37f](https://github.com/ory/kratos/commit/d1eb37f5d9d0f16e7864b5f8f08a44ba80853fa5)) +- Improve makefile install process and update deps + ([d1eb37f](https://github.com/ory/kratos/commit/d1eb37f5d9d0f16e7864b5f8f08a44ba80853fa5)) ### Tests -* Add e2e tests for mobile ([d481d51](https://github.com/ory/kratos/commit/d481d51f5f4de96cbbc7c347f5dbff381b44462d)) -* Add option to disable csrf protection in apis ([a0077f1](https://github.com/ory/kratos/commit/a0077f12adf94ff428b502b69bbb0eaafd05be66)) -* Bump wait time ([7a719e1](https://github.com/ory/kratos/commit/7a719e17c5641f4df47314f6f0ac2cf73dddc8bb)) -* Install expo-cli globally ([db21cfa](https://github.com/ory/kratos/commit/db21cfa1c589a2dab829a4c8eaf1db15d14d965e)) -* Install expo-cli in cci config with sudo ([d255f46](https://github.com/ory/kratos/commit/d255f462402f2d2c2278dcba1a139d0064343b22)) -* Log wait-on output ([62b5ba9](https://github.com/ory/kratos/commit/62b5ba92d56e9f6b98adb8fb9c4daff03be08f2e)) -* Output web server address ([cb41ca7](https://github.com/ory/kratos/commit/cb41ca78367b1943d230fa9ac116fcf3cf69b1c1)) -* Resolve csrf test issues in settings ([ef8ba7d](https://github.com/ory/kratos/commit/ef8ba7dc93d6ba84f22b7aa65d00797e33b520a3)) -* Resolve test panic ([6f6461f](https://github.com/ory/kratos/commit/6f6461fe3690576015ded9146c065a1e5d950be1)) -* Revert delay increase and improve install scripts ([1eafcaa](https://github.com/ory/kratos/commit/1eafcaa86be194e412b0470a759bff6afc6c21af)) - +- Add e2e tests for mobile + ([d481d51](https://github.com/ory/kratos/commit/d481d51f5f4de96cbbc7c347f5dbff381b44462d)) +- Add option to disable csrf protection in apis + ([a0077f1](https://github.com/ory/kratos/commit/a0077f12adf94ff428b502b69bbb0eaafd05be66)) +- Bump wait time + ([7a719e1](https://github.com/ory/kratos/commit/7a719e17c5641f4df47314f6f0ac2cf73dddc8bb)) +- Install expo-cli globally + ([db21cfa](https://github.com/ory/kratos/commit/db21cfa1c589a2dab829a4c8eaf1db15d14d965e)) +- Install expo-cli in cci config with sudo + ([d255f46](https://github.com/ory/kratos/commit/d255f462402f2d2c2278dcba1a139d0064343b22)) +- Log wait-on output + ([62b5ba9](https://github.com/ory/kratos/commit/62b5ba92d56e9f6b98adb8fb9c4daff03be08f2e)) +- Output web server address + ([cb41ca7](https://github.com/ory/kratos/commit/cb41ca78367b1943d230fa9ac116fcf3cf69b1c1)) +- Resolve csrf test issues in settings + ([ef8ba7d](https://github.com/ory/kratos/commit/ef8ba7dc93d6ba84f22b7aa65d00797e33b520a3)) +- Resolve test panic + ([6f6461f](https://github.com/ory/kratos/commit/6f6461fe3690576015ded9146c065a1e5d950be1)) +- Revert delay increase and improve install scripts + ([1eafcaa](https://github.com/ory/kratos/commit/1eafcaa86be194e412b0470a759bff6afc6c21af)) # [0.5.2-alpha.1](https://github.com/ory/kratos/compare/v0.5.1-alpha.1...v0.5.2-alpha.1) (2020-10-22) This release addresses bugs and user experience issues. - - - - ### Bug Fixes -* Add debug quickstart yml ([#780](https://github.com/ory/kratos/issues/780)) ([16e6b4d](https://github.com/ory/kratos/commit/16e6b4d76d297182ea9a1f5dc6367570f02f7b42)) -* Gracefully handle double slashes in URLs ([aeb9414](https://github.com/ory/kratos/commit/aeb941477910b5ab54429a6aab7a3e1e388c48c5)), closes [#779](https://github.com/ory/kratos/issues/779) -* Merge gobuffalo CGO fix ([fea2e77](https://github.com/ory/kratos/commit/fea2e77ca0f9b20185c7a7704854fdcf29b7ab33)) -* Remove obsolete recovery_token and add link to schema ([acf6ac4](https://github.com/ory/kratos/commit/acf6ac4e11c755e56c7d40728088257de367f7ff)) -* Return correct error in login csrf ([dd9cab0](https://github.com/ory/kratos/commit/dd9cab0e02400c88e89877f755f03c6179013123)), closes [#785](https://github.com/ory/kratos/issues/785) -* Use correct assert package ([76be5b0](https://github.com/ory/kratos/commit/76be5b0a5d94c251f5f07eee9f700ec11b341e2e)) +- Add debug quickstart yml ([#780](https://github.com/ory/kratos/issues/780)) + ([16e6b4d](https://github.com/ory/kratos/commit/16e6b4d76d297182ea9a1f5dc6367570f02f7b42)) +- Gracefully handle double slashes in URLs + ([aeb9414](https://github.com/ory/kratos/commit/aeb941477910b5ab54429a6aab7a3e1e388c48c5)), + closes [#779](https://github.com/ory/kratos/issues/779) +- Merge gobuffalo CGO fix + ([fea2e77](https://github.com/ory/kratos/commit/fea2e77ca0f9b20185c7a7704854fdcf29b7ab33)) +- Remove obsolete recovery_token and add link to schema + ([acf6ac4](https://github.com/ory/kratos/commit/acf6ac4e11c755e56c7d40728088257de367f7ff)) +- Return correct error in login csrf + ([dd9cab0](https://github.com/ory/kratos/commit/dd9cab0e02400c88e89877f755f03c6179013123)), + closes [#785](https://github.com/ory/kratos/issues/785) +- Use correct assert package + ([76be5b0](https://github.com/ory/kratos/commit/76be5b0a5d94c251f5f07eee9f700ec11b341e2e)) ### Code Generation -* Pin v0.5.2-alpha.1 release commit ([79fcd8a](https://github.com/ory/kratos/commit/79fcd8a6949886f847f7be0c9ba2aba7554ab204)) +- Pin v0.5.2-alpha.1 release commit + ([79fcd8a](https://github.com/ory/kratos/commit/79fcd8a6949886f847f7be0c9ba2aba7554ab204)) ### Documentation -* Small improvements to discord oidc provider guide ([#783](https://github.com/ory/kratos/issues/783)) ([6a3c453](https://github.com/ory/kratos/commit/6a3c45330885eb95015fa7ee9b58a72c38132499)) +- Small improvements to discord oidc provider guide + ([#783](https://github.com/ory/kratos/issues/783)) + ([6a3c453](https://github.com/ory/kratos/commit/6a3c45330885eb95015fa7ee9b58a72c38132499)) ### Tests -* Add tests for csrf behavior ([48993e2](https://github.com/ory/kratos/commit/48993e2c496fb8af7e7b9e2752ba7078a134a75a)), closes [#785](https://github.com/ory/kratos/issues/785) -* Mark link as enabled in e2e test ([c214b81](https://github.com/ory/kratos/commit/c214b81a7026b06aaca062b2aa77951d01b0e237)) -* Resolve schema test regression ([bb7af1b](https://github.com/ory/kratos/commit/bb7af1b759d6c812755956ef872bcbd31b9c50be)) - +- Add tests for csrf behavior + ([48993e2](https://github.com/ory/kratos/commit/48993e2c496fb8af7e7b9e2752ba7078a134a75a)), + closes [#785](https://github.com/ory/kratos/issues/785) +- Mark link as enabled in e2e test + ([c214b81](https://github.com/ory/kratos/commit/c214b81a7026b06aaca062b2aa77951d01b0e237)) +- Resolve schema test regression + ([bb7af1b](https://github.com/ory/kratos/commit/bb7af1b759d6c812755956ef872bcbd31b9c50be)) # [0.5.1-alpha.1](https://github.com/ory/kratos/compare/v0.5.0-alpha.1...v0.5.1-alpha.1) (2020-10-20) -This release resolves an issue where ORY Kratos Docker Images without CGO and SQLite support would fail to boot even when SQLite was not used as a data source. - - - - +This release resolves an issue where ORY Kratos Docker Images without CGO and +SQLite support would fail to boot even when SQLite was not used as a data +source. ### Bug Fixes -* Do not require sqlite without build tag ([2ee787b](https://github.com/ory/kratos/commit/2ee787bc1e97bdc11d0c92d55664d59e777f7ed1)) -* Use extra dc config file for quickstart-dev ([72c03f9](https://github.com/ory/kratos/commit/72c03f9bcb91d30d5ff6b94030f2cbb6144fbf8d)) +- Do not require sqlite without build tag + ([2ee787b](https://github.com/ory/kratos/commit/2ee787bc1e97bdc11d0c92d55664d59e777f7ed1)) +- Use extra dc config file for quickstart-dev + ([72c03f9](https://github.com/ory/kratos/commit/72c03f9bcb91d30d5ff6b94030f2cbb6144fbf8d)) ### Code Generation -* Pin v0.5.1-alpha.1 release commit ([b85b36b](https://github.com/ory/kratos/commit/b85b36b967d91c13b6d70ed668f17d3474eafae7)) +- Pin v0.5.1-alpha.1 release commit + ([b85b36b](https://github.com/ory/kratos/commit/b85b36b967d91c13b6d70ed668f17d3474eafae7)) ### Documentation -* Fix spelling mistake ([14e7f65](https://github.com/ory/kratos/commit/14e7f6535e69f4bee2e3ca611a8d1a36bfd5f8f8)) -* Fix spelling mistake ([#772](https://github.com/ory/kratos/issues/772)) ([bf401a2](https://github.com/ory/kratos/commit/bf401a26ee4422a8ea1b52f642885b0d8bac1272)) -* Improve schemas ([#773](https://github.com/ory/kratos/issues/773)) ([e614859](https://github.com/ory/kratos/commit/e6148590577e1688d58534b8559d3bc602f9c2e7)) +- Fix spelling mistake + ([14e7f65](https://github.com/ory/kratos/commit/14e7f6535e69f4bee2e3ca611a8d1a36bfd5f8f8)) +- Fix spelling mistake ([#772](https://github.com/ory/kratos/issues/772)) + ([bf401a2](https://github.com/ory/kratos/commit/bf401a26ee4422a8ea1b52f642885b0d8bac1272)) +- Improve schemas ([#773](https://github.com/ory/kratos/issues/773)) + ([e614859](https://github.com/ory/kratos/commit/e6148590577e1688d58534b8559d3bc602f9c2e7)) ### Features -* Auto-update docker and git tags on release ([08084a9](https://github.com/ory/kratos/commit/08084a987501939544da1a1c7ee102819e2480ce)) -* Use fixed versions for docker-compose ([e73c4ce](https://github.com/ory/kratos/commit/e73c4ce6f328376ad310b8f6d5c391ea06573003)) +- Auto-update docker and git tags on release + ([08084a9](https://github.com/ory/kratos/commit/08084a987501939544da1a1c7ee102819e2480ce)) +- Use fixed versions for docker-compose + ([e73c4ce](https://github.com/ory/kratos/commit/e73c4ce6f328376ad310b8f6d5c391ea06573003)) ### Tests -* Increase waittime ([5e911d6](https://github.com/ory/kratos/commit/5e911d687247e4878bdcf82e5b008617f0bbdf4e)) -* Reduce flakes by increasing wait time for expiry test ([cddf29e](https://github.com/ory/kratos/commit/cddf29e7dc5304c497d5ba7c1e6a2d63c9b6c137)) +- Increase waittime + ([5e911d6](https://github.com/ory/kratos/commit/5e911d687247e4878bdcf82e5b008617f0bbdf4e)) +- Reduce flakes by increasing wait time for expiry test + ([cddf29e](https://github.com/ory/kratos/commit/cddf29e7dc5304c497d5ba7c1e6a2d63c9b6c137)) ### Unclassified -* Format ([8be02c8](https://github.com/ory/kratos/commit/8be02c8938769dfcd7c9b7ed5e72e4ded3b1924b)) - +- Format + ([8be02c8](https://github.com/ory/kratos/commit/8be02c8938769dfcd7c9b7ed5e72e4ded3b1924b)) # [0.5.0-alpha.1](https://github.com/ory/kratos/compare/v0.4.6-alpha.1...v0.5.0-alpha.1) (2020-10-15) -The ORY team and community is very proud to present the next ORY Kratos iteration! +The ORY team and community is very proud to present the next ORY Kratos +iteration! -ORY Kratos is now capable of handling native (iOS, Android, Windows, macOS, ...) login, registration, settings, recovery, and verification flows. As a goodie on top, we released a reference React Native application which you can find on [GitHub](http://github.com/ory/kratos-selfservice-ui-react-native). +ORY Kratos is now capable of handling native (iOS, Android, Windows, macOS, ...) +login, registration, settings, recovery, and verification flows. As a goodie on +top, we released a reference React Native application which you can find on +[GitHub](http://github.com/ory/kratos-selfservice-ui-react-native). -We co-released our reference React Native application which acts as a reference on implementing these flows: +We co-released our reference React Native application which acts as a reference +on implementing these flows: ![Registration](http://ory.sh/images/newsletter/kratos-0.5.0/registration-screen.png) @@ -3406,28 +5633,56 @@ We co-released our reference React Native application which acts as a reference ![Settings](http://ory.sh/images/newsletter/kratos-0.5.0/settings-screen.png) -In total, almost 1200 files were changed in about 480 commits. While you can find a list of all changes in the changelist below, these are the changes we are most proud of: +In total, almost 1200 files were changed in about 480 commits. While you can +find a list of all changes in the changelist below, these are the changes we are +most proud of: -- We renamed login, registration, ... requests to "flows" consistently across the code base, APIs, and data storage. We now: +- We renamed login, registration, ... requests to "flows" consistently across + the code base, APIs, and data storage. We now: - Initiate a login, registration, ... flow; - Fetch a login, registration, ... flow; and - - Complete a login, registration, ... flow using a login flow method such as "Log in with username and password". -- All self-service flows are now capable of handling API-based requests that do not originate from Browser such as Chrome. This is set groundwork for handling native flows (see above)! -- The self service documentation has been refactored and simplified. We added code samples, screenshots, payloads, and curl commands to make things easier and clearer to understand. Video guides have also been added to help you and the community get things done faster! -- Documentation for rotating important secrets such as the cookie and session secrets was added. -- The need for reverse proxies was removed by adding the ability to change the ORY Kratos Session Cookie domain and path! The [kratos-selfservice-ui-node](https://github.com/ory/kratos-selfservice-ui-node) reference implementation no longer requires HTTP Request piping which greatly simplifies the network layout and codebase! -- The ORY Kratos CLI is now capable of managing identities with an interface that works almost like the Docker CLI we all love! + - Complete a login, registration, ... flow using a login flow method such as + "Log in with username and password". +- All self-service flows are now capable of handling API-based requests that do + not originate from Browser such as Chrome. This is set groundwork for handling + native flows (see above)! +- The self service documentation has been refactored and simplified. We added + code samples, screenshots, payloads, and curl commands to make things easier + and clearer to understand. Video guides have also been added to help you and + the community get things done faster! +- Documentation for rotating important secrets such as the cookie and session + secrets was added. +- The need for reverse proxies was removed by adding the ability to change the + ORY Kratos Session Cookie domain and path! The + [kratos-selfservice-ui-node](https://github.com/ory/kratos-selfservice-ui-node) + reference implementation no longer requires HTTP Request piping which greatly + simplifies the network layout and codebase! +- The ORY Kratos CLI is now capable of managing identities with an interface + that works almost like the Docker CLI we all love! - Admins are now able to initiate account recovery for identities. -- Email verification and account recovery were refactored. It is now possible to add additional strategies (e.g. recovery codes) in the future, greatly increasing the feature set and security capabilities of future ORY Kratos versions! -- Lookup to Have I Been Pwnd is no longer a hard requirement, allowing registration processes to complete when the service is unavailable or the network is slow. -- We contributed several issues and features in upstream projects such as justinas/nosurf, gobuffalo/pop, and many more! -- The build pipeline has been upgraded to support cross-compilation of CGO with Go 1.15+. -- Fetching flows no longer requires CSRF cookies to be set, improving developer experience while not compromising on security! -- ORY Kratos now has ORY Kratos Session Cookies (set in the HTTP Cookie header) and ORY Kratos Session Tokens (set as a HTTP Bearer Authorization token or the `X-Session-Token` HTTP Header). - -Additionally tons of bugs were fixed, tests added, documentation improved, and much more. Please note that several things have changed in a breaking fashion. You can find details for the individual breaking changes in the changelog below. - -We would like to thank all community members who contributed towards this release (in no particular order): +- Email verification and account recovery were refactored. It is now possible to + add additional strategies (e.g. recovery codes) in the future, greatly + increasing the feature set and security capabilities of future ORY Kratos + versions! +- Lookup to Have I Been Pwnd is no longer a hard requirement, allowing + registration processes to complete when the service is unavailable or the + network is slow. +- We contributed several issues and features in upstream projects such as + justinas/nosurf, gobuffalo/pop, and many more! +- The build pipeline has been upgraded to support cross-compilation of CGO with + Go 1.15+. +- Fetching flows no longer requires CSRF cookies to be set, improving developer + experience while not compromising on security! +- ORY Kratos now has ORY Kratos Session Cookies (set in the HTTP Cookie header) + and ORY Kratos Session Tokens (set as a HTTP Bearer Authorization token or the + `X-Session-Token` HTTP Header). + +Additionally tons of bugs were fixed, tests added, documentation improved, and +much more. Please note that several things have changed in a breaking fashion. +You can find details for the individual breaking changes in the changelog below. + +We would like to thank all community members who contributed towards this +release (in no particular order): - https://github.com/kevgo - https://github.com/NickUfer @@ -3443,41 +5698,71 @@ We would like to thank all community members who contributed towards this releas - https://github.com/aschepis - https://github.com/jakhog -Have fun exploring the new release, we hope you like it! If you haven't already, join the [ORY Community Slack](http://slack.ory.sh) where we hold weekly community hangouts via video chat and answer your questions, exchange ideas, and present new developments! - - +Have fun exploring the new release, we hope you like it! If you haven't already, +join the [ORY Community Slack](http://slack.ory.sh) where we hold weekly +community hangouts via video chat and answer your questions, exchange ideas, and +present new developments! ## Breaking Changes -The "common" keyword has been removed from the Swagger 2.0 spec which deprecates the `common` module / package / class (depending on the generated SDK). Please use `public` or `admin` instead! +The "common" keyword has been removed from the Swagger 2.0 spec which deprecates +the `common` module / package / class (depending on the generated SDK). Please +use `public` or `admin` instead! -Additionally, the SDK for TypeScript now uses the `fetch` API which allows the SDK to be used in both client-side as well as server-side contexts. Please note that several methods and parameters in the generated TypeScript SDK have changed. Please check the TypeScript results to see what needs to be changed! +Additionally, the SDK for TypeScript now uses the `fetch` API which allows the +SDK to be used in both client-side as well as server-side contexts. Please note +that several methods and parameters in the generated TypeScript SDK have +changed. Please check the TypeScript results to see what needs to be changed! -This patch changes the OpenID Connect and OAuth2 ("Sign in with Google, Facebook, ...") Callback URL from `http(s):///self-service/browser/flows/strategies/oidc/` to `http(s):///self-service/methods/oidc/`. To apply this patch, you need to update these URLs at the OAuth2 Client configuration pages of the individual OpenID Conenct providers (e.g. GitHub, Google). +This patch changes the OpenID Connect and OAuth2 ("Sign in with Google, +Facebook, ...") Callback URL from +`http(s):///self-service/browser/flows/strategies/oidc/` +to `http(s):///self-service/methods/oidc/`. To apply +this patch, you need to update these URLs at the OAuth2 Client configuration +pages of the individual OpenID Conenct providers (e.g. GitHub, Google). Configuration key `selfservice.strategies` was renamed to `selfservice.methods`. -This patch significantly changes how email verification works. The Verification Flow no longer uses its own system but now re-uses the API and Browser flows and flow methods established in other components such as login, recovery, registration. +This patch significantly changes how email verification works. The Verification +Flow no longer uses its own system but now re-uses the API and Browser flows and +flow methods established in other components such as login, recovery, +registration. -Due to the many changes these patch notes does not cover how to upgrade this particular flow. We instead want to kindly ask you to check out the updated documentation for this flow at: https://www.ory.sh/kratos/docs/self-service/flows/verify-email-account-activation +Due to the many changes these patch notes does not cover how to upgrade this +particular flow. We instead want to kindly ask you to check out the updated +documentation for this flow at: +https://www.ory.sh/kratos/docs/self-service/flows/verify-email-account-activation -This patch changes the SQL schema and thus requires running the SQL Migration command (e.g. `... migrate sql`). -Never apply SQL migrations without backing up your database prior. +This patch changes the SQL schema and thus requires running the SQL Migration +command (e.g. `... migrate sql`). Never apply SQL migrations without backing up +your database prior. -Configuration items `selfservice.flows..request_lifespan` have been renamed to `selfservice.flows..lifespan` to match the new flow semantics. +Configuration items `selfservice.flows..request_lifespan` have been +renamed to `selfservice.flows..lifespan` to match the new flow semantics. -Wording has changed from "Self-Service Recovery Request" to "Self-Service Recovery Flow" to follow community feedback and practice already applied in the documentation. Additionally, fetching a recovery flow over the public API no longer requires Anti-CSRF cookies to be sent. +Wording has changed from "Self-Service Recovery Request" to "Self-Service +Recovery Flow" to follow community feedback and practice already applied in the +documentation. Additionally, fetching a recovery flow over the public API no +longer requires Anti-CSRF cookies to be sent. This patch renames several important recovery flow endpoints: -- `/self-service/browser/flows/recovery` is now `/self-service/recovery/browser` without functional changes. -- `/self-service/browser/flows/requests/recovery?request=abcd` is now `/self-service/recovery/flows?id=abcd` and no longer needs anti-CSRF cookies to be available. +- `/self-service/browser/flows/recovery` is now `/self-service/recovery/browser` + without functional changes. +- `/self-service/browser/flows/requests/recovery?request=abcd` is now + `/self-service/recovery/flows?id=abcd` and no longer needs anti-CSRF cookies + to be available. -Additionally, the URL for completing the password and oidc recovery method has been moved. Given that this endpoint is typically not manually called, you can probably ignore this change: +Additionally, the URL for completing the password and oidc recovery method has +been moved. Given that this endpoint is typically not manually called, you can +probably ignore this change: -- `/self-service/browser/flows/recovery/link?request=abcd` is now `/self-service/recovery/methods/link?flow=abcd` without functional changes. +- `/self-service/browser/flows/recovery/link?request=abcd` is now + `/self-service/recovery/methods/link?flow=abcd` without functional changes. -The Recovery UI Endpoint no longer receives a `?request=abcde` query parameter but instead a `?flow=abcde` query parameter. Functionality did not change however. +The Recovery UI Endpoint no longer receives a `?request=abcde` query parameter +but instead a `?flow=abcde` query parameter. Functionality did not change +however. As part of this change SDK methods have been renamed: @@ -3490,20 +5775,32 @@ As part of this change SDK methods have been renamed: This patch requires you to run SQL migrations. -Wording has changed from "Self-Service Settings Request" to "Self-Service Settings Flow" to follow community feedback and practice already applied in the documentation. +Wording has changed from "Self-Service Settings Request" to "Self-Service +Settings Flow" to follow community feedback and practice already applied in the +documentation. This patch renames several important settings flow endpoints: -- `/self-service/browser/flows/settings` is now `/self-service/settings/browser` without functional changes. -- `/self-service/browser/flows/requests/settings?request=abcd` is now `/self-service/settings/flows?id=abcd` and no longer needs anti-CSRF cookies to be available. +- `/self-service/browser/flows/settings` is now `/self-service/settings/browser` + without functional changes. +- `/self-service/browser/flows/requests/settings?request=abcd` is now + `/self-service/settings/flows?id=abcd` and no longer needs anti-CSRF cookies + to be available. -Additionally, the URL for completing the password, profile, and oidc settings method has been moved. Given that this endpoint is typically not manually called, you can probably ignore this change: +Additionally, the URL for completing the password, profile, and oidc settings +method has been moved. Given that this endpoint is typically not manually +called, you can probably ignore this change: -- `/self-service/browser/flows/login/strategies/password?request=abcd` is now `/self-service/login/methods/password?flow=abcd` without functional changes. -- `/self-service/browser/flows/strategies/oidc?request=abcd` is now `/self-service/methods/oidc?flow=abcd` without functional changes. -- `/self-service/browser/flows/settings/strategies/profile?request=abcd` is now `/self-service/settings/methods/profile?flow=abcd` without functional changes. +- `/self-service/browser/flows/login/strategies/password?request=abcd` is now + `/self-service/login/methods/password?flow=abcd` without functional changes. +- `/self-service/browser/flows/strategies/oidc?request=abcd` is now + `/self-service/methods/oidc?flow=abcd` without functional changes. +- `/self-service/browser/flows/settings/strategies/profile?request=abcd` is now + `/self-service/settings/methods/profile?flow=abcd` without functional changes. -The Settings UI Endpoint no longer receives a `?request=abcde` query parameter but instead a `?flow=abcde` query parameter. Functionality did not change however. +The Settings UI Endpoint no longer receives a `?request=abcde` query parameter +but instead a `?flow=abcde` query parameter. Functionality did not change +however. As part of this change SDK methods have been renamed: @@ -3523,9 +5820,13 @@ As part of this change SDK methods have been renamed: This patch requires you to run SQL migrations. -This patch makes the reverse proxy functionality required in prior versions of the self-service UI example obsolete. All examples work now with a simple set up and documentation has been added to assist in subdomain scenarios. +This patch makes the reverse proxy functionality required in prior versions of +the self-service UI example obsolete. All examples work now with a simple set up +and documentation has been added to assist in subdomain scenarios. -The session field `sid` has been renamed to `id` to stay consistent with other APIs which also use `id` terminology to clarify identifiers. The payload of, for example, `/session/whoami` has changed as follows: +The session field `sid` has been renamed to `id` to stay consistent with other +APIs which also use `id` terminology to clarify identifiers. The payload of, for +example, `/session/whoami` has changed as follows: ```patch { @@ -3538,19 +5839,32 @@ The session field `sid` has been renamed to `id` to stay consistent with other A } ``` -Wording has changed from "Self-Service Registration Request" to "Self-Service Registration Flow" to follow community feedback and practice already applied in the documentation. Additionally, fetching a login flow over the public API no longer requires Anti-CSRF cookies to be sent. +Wording has changed from "Self-Service Registration Request" to "Self-Service +Registration Flow" to follow community feedback and practice already applied in +the documentation. Additionally, fetching a login flow over the public API no +longer requires Anti-CSRF cookies to be sent. This patch renames several important registration flow endpoints: -- `/self-service/browser/flows/registration` is now `/self-service/registration/browser` without behavioral change. -- `/self-service/browser/flows/requests/registration?request=abcd` is now `/self-service/registration/flows?id=abcd` and no longer needs anti-CSRF cookies to be available. +- `/self-service/browser/flows/registration` is now + `/self-service/registration/browser` without behavioral change. +- `/self-service/browser/flows/requests/registration?request=abcd` is now + `/self-service/registration/flows?id=abcd` and no longer needs anti-CSRF + cookies to be available. -Additionally, the URL for completing the password registration method has been moved. Given that this endpoint is typically not manually called, you can probably ignore this change: +Additionally, the URL for completing the password registration method has been +moved. Given that this endpoint is typically not manually called, you can +probably ignore this change: -- `/self-service/browser/flows/registration/strategies/password?request=abcd` is now `/self-service/registration/methods/password?flow=abcd` without functional changes. -- `/self-service/browser/flows/strategies/oidc?request=abcd` is now `/self-service/methods/oidc?flow=abcd` without functional changes. +- `/self-service/browser/flows/registration/strategies/password?request=abcd` is + now `/self-service/registration/methods/password?flow=abcd` without functional + changes. +- `/self-service/browser/flows/strategies/oidc?request=abcd` is now + `/self-service/methods/oidc?flow=abcd` without functional changes. -The Registration UI Endpoint no longer receives a `?request=abcde` query parameter but instead a `?flow=abcde` query parameter. Functionality did not change however. +The Registration UI Endpoint no longer receives a `?request=abcde` query +parameter but instead a `?flow=abcde` query parameter. Functionality did not +change however. As part of this change SDK methods have been renamed: @@ -3563,21 +5877,33 @@ As part of this change SDK methods have been renamed: This patch requires you to run SQL migrations. -Existing login sessions will no longer be valid because the session cookie data model changed. If you apply this patch, your users will need to sign in again. +Existing login sessions will no longer be valid because the session cookie data +model changed. If you apply this patch, your users will need to sign in again. -Wording has changed from "Self-Service Login Request" to "Self-Service Login Flow" to follow community feedback and practice already applied in the documentation. Additionally, fetching a login flow over the public API no longer requires Anti-CSRF cookies to be sent. +Wording has changed from "Self-Service Login Request" to "Self-Service Login +Flow" to follow community feedback and practice already applied in the +documentation. Additionally, fetching a login flow over the public API no longer +requires Anti-CSRF cookies to be sent. This patch renames several important login flow endpoints: -- `/self-service/browser/flows/login` is now `/self-service/login/browser` without functional changes. -- `/self-service/browser/flows/requests/login?request=abcd` is now `/self-service/login/flows?id=abcd` and no longer needs anti-CSRF cookies to be available. +- `/self-service/browser/flows/login` is now `/self-service/login/browser` + without functional changes. +- `/self-service/browser/flows/requests/login?request=abcd` is now + `/self-service/login/flows?id=abcd` and no longer needs anti-CSRF cookies to + be available. -Additionally, the URL for completing the password and oidc login method has been moved. Given that this endpoint is typically not manually called, you can probably ignore this change: +Additionally, the URL for completing the password and oidc login method has been +moved. Given that this endpoint is typically not manually called, you can +probably ignore this change: -- `/self-service/browser/flows/login/strategies/password?request=abcd` is now `/self-service/login/methods/password?flow=abcd` without functional changes. -- `/self-service/browser/flows/strategies/oidc?request=abcd` is now `/self-service/methods/oidc?flow=abcd` without functional changes. +- `/self-service/browser/flows/login/strategies/password?request=abcd` is now + `/self-service/login/methods/password?flow=abcd` without functional changes. +- `/self-service/browser/flows/strategies/oidc?request=abcd` is now + `/self-service/methods/oidc?flow=abcd` without functional changes. -The Login UI Endpoint no longer receives a `?request=abcde` query parameter but instead a `?flow=abcde` query parameter. Functionality did not change however. +The Login UI Endpoint no longer receives a `?request=abcde` query parameter but +instead a `?flow=abcde` query parameter. Functionality did not change however. As part of this change SDK methods have been renamed: @@ -3590,567 +5916,1001 @@ As part of this change SDK methods have been renamed: This patch requires you to run SQL migrations. -Configuraiton value `session.cookie_same_site` has moved to `session.cookie.same_site`. There was no functional change. - - +Configuraiton value `session.cookie_same_site` has moved to +`session.cookie.same_site`. There was no functional change. ### Bug Fixes -* Add missing 'recovery' path in oathkeeper access-rules.yml ([#763](https://github.com/ory/kratos/issues/763)) ([f180dba](https://github.com/ory/kratos/commit/f180dba2207638e83e4a23ebc213cddaecb5677f)) -* Add missing error handling ([43c1446](https://github.com/ory/kratos/commit/43c14464efa7b736695e2144b031daf6fca87703)) -* Add ory-prettier-styles to main repo ([#744](https://github.com/ory/kratos/issues/744)) ([aeaddbc](https://github.com/ory/kratos/commit/aeaddbcb27f89d61b076bdd9ad1739fb1da2ffd9)) -* Add remote help description ([f66bbe1](https://github.com/ory/kratos/commit/f66bbe18cfad1e8725ecbcf6e2843b34c3d5119f)) -* Add serve help description ([2eb072b](https://github.com/ory/kratos/commit/2eb072b71e5602895d4232e197bfd76180fcdcd7)) -* Allow using json with form layout in password registration ([bd2225c](https://github.com/ory/kratos/commit/bd2225c0fff3e0363716d2096346d59046838bb7)) -* Annotate whoami endpoint with cookie and token ([a8a781c](https://github.com/ory/kratos/commit/a8a781c00847c74c65558b55e882e12c1e69d8c8)) -* Bump datadog version to fix build failure ([4dfd322](https://github.com/ory/kratos/commit/4dfd322290313ec8467ebe8b385b56004b2417bd)) -* Change KRATOS_ADMIN_ENDPOINT to KRATOS_ADMIN_URL ([763fdc5](https://github.com/ory/kratos/commit/763fdc56d19d12fa2b83eed2757fbf178d9288b1)) -* Clarify fetch use ([8eb2e6f](https://github.com/ory/kratos/commit/8eb2e6f222788a9a579774772696c77987f3cf97)) -* Complete verification by redirecting to UI with success ([f0ecf51](https://github.com/ory/kratos/commit/f0ecf5144970f666643aa7c00a3f4ca73f4ab047)) -* Correct cookie domain on logout ([#646](https://github.com/ory/kratos/issues/646)) ([6d77e04](https://github.com/ory/kratos/commit/6d77e043ce3bec0864b8abdee371a101f68e4335)), closes [#645](https://github.com/ory/kratos/issues/645) -* Correct help message for import ([a5f46d2](https://github.com/ory/kratos/commit/a5f46d260b43d15f8e77b04cb36c589e103468bf)) -* Correct password and profile swagger annotations ([668c184](https://github.com/ory/kratos/commit/668c1847c4c4236ca28f9dcd5147b523a2f60832)) -* Correct password registration method api spec ([08dd582](https://github.com/ory/kratos/commit/08dd582195cdb6a891d2428ba5d02cd956555e48)) -* Correct PHONY spelling ([#739](https://github.com/ory/kratos/issues/739)) ([e3d3617](https://github.com/ory/kratos/commit/e3d3617b8d82812b0ad67cc1cb02ff86c2c0c66c)) -* Cover more test cases for persister ([37d2e08](https://github.com/ory/kratos/commit/37d2e0839b88792733387f26abb98c51bd1e1395)) -* Create decoder only once ([34dc43b](https://github.com/ory/kratos/commit/34dc43b0c75303f88d2c304225c027faf5366c1f)) -* Deprecate packr2 dependency in makefile ([be9a84d](https://github.com/ory/kratos/commit/be9a84dcffbccd5f0e073a38264cf11a404d3b66)), closes [#711](https://github.com/ory/kratos/issues/711) [#750](https://github.com/ory/kratos/issues/750) -* Do not propagate parent validation error ([bf6093d](https://github.com/ory/kratos/commit/bf6093d442d9779b4df051031565d020ef628ded)) -* Don't resend verification emails once verified ([#583](https://github.com/ory/kratos/issues/583)) ([a4d9969](https://github.com/ory/kratos/commit/a4d99694525e65b58d49197c96324b27fb8c31c2)), closes [#578](https://github.com/ory/kratos/issues/578) -* Enforce endpoint to be set ([171ac18](https://github.com/ory/kratos/commit/171ac18d73eaa0822b45f544a9034d6734400f31)) -* Escape jsx characters in api documentation ([0946094](https://github.com/ory/kratos/commit/09460948a24918b2a84804cafa86cf88189af919)) -* Exit with code 1 on unimplemented CLI commands ([66943d7](https://github.com/ory/kratos/commit/66943d7e5b47fc477a378d8a7cf2b2009ccfceb3)) -* Explicitly ignore fprint return values ([f50e582](https://github.com/ory/kratos/commit/f50e5823f4ee047fdc3e276b80b4fb08c9128d99)) -* Explicitly ignore fprintf results ([a83dc50](https://github.com/ory/kratos/commit/a83dc509970b3be46d832743481357f336fecc35)) -* Fallback to default return url if logout after url is not defined ([#594](https://github.com/ory/kratos/issues/594)) ([7edd367](https://github.com/ory/kratos/commit/7edd367dc64a01dbe252ca0ab8cf4d3926a35014)) -* Favor packr2 over pkger ([ac18a45](https://github.com/ory/kratos/commit/ac18a45ea55929c34ca20953e3baa197363483bc)): - - See https://github.com/markbates/pkger/issues/117 - -* Find and replace "request" references ([41fb673](https://github.com/ory/kratos/commit/41fb673e38779cb27d4400f70458617eb7e5b93c)) -* Force exe buildmode for windows CGO ([e017bb5](https://github.com/ory/kratos/commit/e017bb579cd29ad1a634cd552e2601295ff9c104)) -* Html form parse regression issue ([6b07cbb](https://github.com/ory/kratos/commit/6b07cbb657702d36423d1fa66fe8a149222c8772)) -* Ignore x/net false positives ([7044b95](https://github.com/ory/kratos/commit/7044b95f6188c4ffbfff42c666dee6ebaba055c8)) -* Improve debugging output for login hook and restructure files ([dabac40](https://github.com/ory/kratos/commit/dabac40f82407f72071780840f468d0b5b389777)) -* Improve debugging output for registration hook and restructure files ([ec11775](https://github.com/ory/kratos/commit/ec117754f5dd41e5a3a43b3807c05796396ced55)) -* Improve expired error responses ([124a92e](https://github.com/ory/kratos/commit/124a92ee98d62abeb695e1e271ee2536a69d6047)) -* Improve hook tests ([55ba485](https://github.com/ory/kratos/commit/55ba48530a890fdd55ed7da380940f2791148f26)) -* Improve makefile dependency building ([8e1d69a](https://github.com/ory/kratos/commit/8e1d69a024414196b39eb3d419f4850cd547e3b5)) -* Improve pagination when listing identities ([c60bf44](https://github.com/ory/kratos/commit/c60bf440b9c85b4f2e871237e3d7725571151efe)) -* Improve post login hook log and audit messages ([ddd5d5a](https://github.com/ory/kratos/commit/ddd5d5a253d01d2b7b74239a1c7c701759084140)) -* Improve post registration hook log and audit messages ([2495629](https://github.com/ory/kratos/commit/24956296dd91cf6f5b110a17f65f9f60d8a7aa78)) -* Improve registration hook tests ([8163152](https://github.com/ory/kratos/commit/8163152a4d9595b1ea73d2887205e7ba80b016f9)) -* Improve session max-age behavior ([65189fe](https://github.com/ory/kratos/commit/65189fe4a2f84f832240cd67366400e44bb7f09a)), closes [#42](https://github.com/ory/kratos/issues/42) -* Keep HTML form type on registration error ([#698](https://github.com/ory/kratos/issues/698)) ([6c9e756](https://github.com/ory/kratos/commit/6c9e7564efffe1452004d4eda42e1b9ec9feac6b)), closes [#670](https://github.com/ory/kratos/issues/670) -* Lowercase emails on login ([244b4dd](https://github.com/ory/kratos/commit/244b4dd825b9a2448cc61465cef81bd9dcb051db)) -* Mark flow methods' fields as required ([#708](https://github.com/ory/kratos/issues/708)) ([834c607](https://github.com/ory/kratos/commit/834c60738ca7bb26e982ff73134b7b0e85a72076)) -* Merge public and admin login flow fetch handlers ([48c4906](https://github.com/ory/kratos/commit/48c4906a606396d889e057a03dc83b619220db54)) -* Missing write in registration error handler ([3b2af53](https://github.com/ory/kratos/commit/3b2af5397048d63099eace092bf2e50e84a4c610)) -* Properly annotate swagger password parameters ([2ef57c4](https://github.com/ory/kratos/commit/2ef57c4323eb2623f4115bee0e44ee27dd1648a9)) -* Properly fetch identity for session ([7be4086](https://github.com/ory/kratos/commit/7be4086045fddfacc38813ca3dd7fbcc7039391f)) -* Recursive loop on network errors in password validator ([#589](https://github.com/ory/kratos/issues/589)) ([b4d5a42](https://github.com/ory/kratos/commit/b4d5a42346510e40222b8eb59b455b585f0a05cf)), closes [#316](https://github.com/ory/kratos/issues/316): - - The old code no error when ignoreNetworkErrors was set to true, but did not set a hash result which caused an infinite loop. - -* Remove incorrect security specs ([4c3d46d](https://github.com/ory/kratos/commit/4c3d46dac20363202f0ccd043e1c9d6bf97fb1f8)) -* Remove obsolete tests ([f102f95](https://github.com/ory/kratos/commit/f102f95f420c8a03520602880d096616069c9233)): - - The test is no longer valid as CSRF checks now happen after checking for login sessions in settings flows. - -* Remove redirector from code base ([6689ecf](https://github.com/ory/kratos/commit/6689ecf110b11ba15ec39af822906c2b4b17369e)) -* Remove stray debug statements ([a8e1ec4](https://github.com/ory/kratos/commit/a8e1ec42cda6ebc664e9434bb5ba7e4dd7c21b4c)) -* Rename import to put ([8003e0f](https://github.com/ory/kratos/commit/8003e0f42a5d1b77e326d1dba0a70fcd44c704c0)) -* Rename quickstart config files and path ([#671](https://github.com/ory/kratos/issues/671)) ([be8b9e5](https://github.com/ory/kratos/commit/be8b9e5f1ca70b1aa06b77bb2ca35644d8cd3c00)) -* Rename quickstart schema file name ([e943c90](https://github.com/ory/kratos/commit/e943c9018a495b39b72ae463fd4727b1798d5ba2)) -* Rename recovery models and generate SDKs ([d764435](https://github.com/ory/kratos/commit/d7644359c39732e0b25f43e122d05c1566fb837b)) -* Resolve and test for missing data when updating flows ([045ecab](https://github.com/ory/kratos/commit/045ecab11ec185ca688a10de75e506fe413afa26)) -* Resolve broken csrf tests ([6befe2e](https://github.com/ory/kratos/commit/6befe2ec08c01c6c9fb397ba119ecebdcecf7db3)) -* Resolve broken docs links ([56f4a39](https://github.com/ory/kratos/commit/56f4a397a715b6c0428ae63baa0d2e4bc936f737)) -* Resolve broken migrations and bump fizz ([1ed9c70](https://github.com/ory/kratos/commit/1ed9c700b946a090bce9587a57eeb9ac64f04c59)) -* Resolve broken OIDC tests and disallow API flows ([9986d8f](https://github.com/ory/kratos/commit/9986d8f818934bd5e073f59bf7a73c6b7a74b6e2)) -* Resolve cookie issues ([6e2b6d2](https://github.com/ory/kratos/commit/6e2b6d2f0ce2fb6df7d3e26d6cc8e755e6593a81)) -* Resolve e2e headless test failures ([82d506e](https://github.com/ory/kratos/commit/82d506e9d35bbbe4c1578f72e5bcf380ebc97142)) -* Resolve e2e test failures ([2627db2](https://github.com/ory/kratos/commit/2627db26089e8f8e4c18782ff59b4cb2068b276f)) -* Resolve failing test cases ([f8647b4](https://github.com/ory/kratos/commit/f8647b4c637b4aee29d68df2336fd216306ec78c)) -* Resolve flaky passwort setting tests ([#582](https://github.com/ory/kratos/issues/582)) ([c42d936](https://github.com/ory/kratos/commit/c42d936ef51d2ffb48b491b99988d048442e3b8b)), closes [#581](https://github.com/ory/kratos/issues/581) [#577](https://github.com/ory/kratos/issues/577) -* Resolve handler testing issue ([4f6bafd](https://github.com/ory/kratos/commit/4f6bafdc84ba4d878c68700dc243cd3cfe8fe530)) -* Resolve identity admin api issues ([#586](https://github.com/ory/kratos/issues/586)) ([feef8a7](https://github.com/ory/kratos/commit/feef8a7d4454c1b343c34a96fa4dadd56149b0cd)), closes [#435](https://github.com/ory/kratos/issues/435) [#500](https://github.com/ory/kratos/issues/500): - - This patch resolves several issues that occurred when creating or updating identities using the Admin API. Now, all hooks are running properly and updating privileged properties no longer causes errors. - -* Resolve interface type issues ([064b305](https://github.com/ory/kratos/commit/064b305ab31dc003ccb5992eb1ed2804f85085b9)) -* Resolve logout csrf issues ([#761](https://github.com/ory/kratos/issues/761)) ([74c0aac](https://github.com/ory/kratos/commit/74c0aac3b94446c3824ae52b04b6f69395938b81)) -* Resolve migratest failures ([e2f34d3](https://github.com/ory/kratos/commit/e2f34d3f411bac042079d7f5425063ef117fae77)) -* Resolve migratest ordering failing tests ([dffecc0](https://github.com/ory/kratos/commit/dffecc0e80810ffae57870fd313ee0103ad3f60c)) -* Resolve migration issues ([b545e15](https://github.com/ory/kratos/commit/b545e15eeaa3e6e1f4a8fe0f8e1890012ac62c94)) -* Resolve panic on `serve` ([ae34155](https://github.com/ory/kratos/commit/ae341555e7b2b622cf58d09d3eb6a78d833dfdcc)) -* Resolve panic when DSN="memory" ([#574](https://github.com/ory/kratos/issues/574)) ([05e55f3](https://github.com/ory/kratos/commit/05e55f3584e20ae5d39cfda6e542d4da40d718e4)): - - Executing the migration logic in registry.go cause a panic as the registry is not initalized at that point. Therefore we decided to move the handling to driver_default.go, after the registry has been initialized. - -* Resolve pkger issues ([294066c](https://github.com/ory/kratos/commit/294066c41be1d508681caa435afda4858a37b7f1)) -* Resolve remaining testing issues ([af40d93](https://github.com/ory/kratos/commit/af40d933b2f663adb6a537b32546b43ba13ae237)) -* Resolve SQL persistence tester issues ([4952df4](https://github.com/ory/kratos/commit/4952df43e0aba067c06cdedb1fc2c2d9a2a81a40)) -* Resolve swagger issues and regenerate SDK ([be4c7e4](https://github.com/ory/kratos/commit/be4c7e4ea72d2ad7cec67b1d6709858d5a1b3d61)) -* Resolve template loading issue ([145fb20](https://github.com/ory/kratos/commit/145fb204d9a8ca189480f9f2221527ccc62980a0)) -* Resolve test issues introduced by new csrf protection ([625ef5e](https://github.com/ory/kratos/commit/625ef5e4781700449af0c4e4f1f6cb8aa1787764)) -* Resolve verification sql errors ([784da53](https://github.com/ory/kratos/commit/784da53ddefe59aea90254be40ae63e919b4b419)) -* Resolves a bug that prevents sessions from expiring ([#612](https://github.com/ory/kratos/issues/612)) ([86b281a](https://github.com/ory/kratos/commit/86b281a46b676d80c8f70bfc42c91d988997c21c)), closes [#611](https://github.com/ory/kratos/issues/611) -* Revert disabling `swagger flatten` during sdk generation ([98c7915](https://github.com/ory/kratos/commit/98c7915cc493ad99c959244eef68b70bc9baa971)) -* Set correct path for kratos in oathkeeper set up ([414259f](https://github.com/ory/kratos/commit/414259f9383f30b762051c712763d484f5358075)) -* Set quickstart logging to trace ([d3e9192](https://github.com/ory/kratos/commit/d3e919249ae59b449367511d3cc8adef839f31c9)) -* Support browser flows only in redirector ([cab5280](https://github.com/ory/kratos/commit/cab5280859b0fc7fc7fec2b2ec9945f457910b20)) -* Swagger models ([1b5f9ab](https://github.com/ory/kratos/commit/1b5f9abd5d82251ab93a05d4ff26b4c48c8151ca)): - - The `swagger:parameters ` definitions for `updateIdentity` and `createIdentity` where defined two times with the same ID. They had some old definition swagger used. The `internal/httpclient` should now work again as expected. - -* Tell tls what the smtps server name is ([#634](https://github.com/ory/kratos/issues/634)) ([b724038](https://github.com/ory/kratos/commit/b724038a67e84ca71b146bf4b9b044be2dc8c0b4)) -* Type ([e264c69](https://github.com/ory/kratos/commit/e264c69a07e569429b5e835b1e15c318eff23339)) -* Update cli documentation examples ([216ea7f](https://github.com/ory/kratos/commit/216ea7f926798ff03d211447200919f9ef3c8b39)) -* Update contrib samples ([79d24b4](https://github.com/ory/kratos/commit/79d24b4472017a75854cce4a45b4c762e5390a67)) -* Update crdb quickstart version ([249a6ba](https://github.com/ory/kratos/commit/249a6bae32ccaa6cf002eaab921388e8cb10e58f)) -* Update import description ([aef1e1a](https://github.com/ory/kratos/commit/aef1e1acf757637590fe19644952a44d1994ba18)) -* Update quickstart kratos config ([e3246e5](https://github.com/ory/kratos/commit/e3246e5d56b95750529239663bab03168789cc09)) -* Update recovery token field and column names ([42abfa1](https://github.com/ory/kratos/commit/42abfa1dea2a6291c5b723baf25f35a66f2af835)) -* Update status help description ([b147831](https://github.com/ory/kratos/commit/b1478316d2f601843133fd33d75c3b047384f283)) -* Update swagger names and fix broken tests ([85b7fb1](https://github.com/ory/kratos/commit/85b7fb1d466bc4dcee97ad75cc92b8bea8e44d9f)) -* Update version help description ([8bf4a79](https://github.com/ory/kratos/commit/8bf4a79064a93cb53ef8aee3433b24602bc9f30a)) -* Use and test for csrf tokens and prevent api misuse ([a4e3bc5](https://github.com/ory/kratos/commit/a4e3bc55e43ba42582a33551c1cc2e83ecd865fa)) -* Use correct HTTP method for password login ([4f4fcee](https://github.com/ory/kratos/commit/4f4fcee8931ab4998e974106b8d88e0c61736e3f)) -* Use correct log message ([53c384a](https://github.com/ory/kratos/commit/53c384a542a583259a75315b2602cf4fb41a0ef0)) -* Use correct redirection for registration ([8d47113](https://github.com/ory/kratos/commit/8d47113a5f7c0c25dc5f92c683b560763cfd47c9)) -* Use correct security annotation ([c9bebe0](https://github.com/ory/kratos/commit/c9bebe00452a73d1c831831e5a95cb4ed8de37b9)) -* Use correct swagger tags and regenerate ([df99d8c](https://github.com/ory/kratos/commit/df99d8cbe6e0f2f6a5da872f66db557b2a5e9f70)) -* Use helpers to create flow ([aba8610](https://github.com/ory/kratos/commit/aba861097d2c67ce9ebff85df59fce8018862516)) -* Use nosurf fork to address VerifyToken bug ([cd84e51](https://github.com/ory/kratos/commit/cd84e51b7b1861ca9bd2312a4dfc5e84afd890cf)) -* Use params per_page and page for pagination ([5dfb6e3](https://github.com/ory/kratos/commit/5dfb6e32c44420ed49d652733b9099a41c9347f2)) -* Use proper pwd in makefile ([52e22c3](https://github.com/ory/kratos/commit/52e22c3b5c0130afd3e235aba9847389369f435e)) -* Use public instead of common sdk ([dcb4a36](https://github.com/ory/kratos/commit/dcb4a36f9fb3c25ace9a252b7e05f7ab71d2e21f)) -* Use relative threshold to judge longest common substring in password policy ([#585](https://github.com/ory/kratos/issues/585)) ([3e9f8cc](https://github.com/ory/kratos/commit/3e9f8cce4b058b05d69c73fff514f3b8e46c2be3)), closes [#581](https://github.com/ory/kratos/issues/581) -* Whoami returns 401 not 403 ([3b3b78c](https://github.com/ory/kratos/commit/3b3b78c04bbbbb7b7fb05635d96b4f7c7fa7776f)), closes [#729](https://github.com/ory/kratos/issues/729) +- Add missing 'recovery' path in oathkeeper access-rules.yml + ([#763](https://github.com/ory/kratos/issues/763)) + ([f180dba](https://github.com/ory/kratos/commit/f180dba2207638e83e4a23ebc213cddaecb5677f)) +- Add missing error handling + ([43c1446](https://github.com/ory/kratos/commit/43c14464efa7b736695e2144b031daf6fca87703)) +- Add ory-prettier-styles to main repo + ([#744](https://github.com/ory/kratos/issues/744)) + ([aeaddbc](https://github.com/ory/kratos/commit/aeaddbcb27f89d61b076bdd9ad1739fb1da2ffd9)) +- Add remote help description + ([f66bbe1](https://github.com/ory/kratos/commit/f66bbe18cfad1e8725ecbcf6e2843b34c3d5119f)) +- Add serve help description + ([2eb072b](https://github.com/ory/kratos/commit/2eb072b71e5602895d4232e197bfd76180fcdcd7)) +- Allow using json with form layout in password registration + ([bd2225c](https://github.com/ory/kratos/commit/bd2225c0fff3e0363716d2096346d59046838bb7)) +- Annotate whoami endpoint with cookie and token + ([a8a781c](https://github.com/ory/kratos/commit/a8a781c00847c74c65558b55e882e12c1e69d8c8)) +- Bump datadog version to fix build failure + ([4dfd322](https://github.com/ory/kratos/commit/4dfd322290313ec8467ebe8b385b56004b2417bd)) +- Change KRATOS_ADMIN_ENDPOINT to KRATOS_ADMIN_URL + ([763fdc5](https://github.com/ory/kratos/commit/763fdc56d19d12fa2b83eed2757fbf178d9288b1)) +- Clarify fetch use + ([8eb2e6f](https://github.com/ory/kratos/commit/8eb2e6f222788a9a579774772696c77987f3cf97)) +- Complete verification by redirecting to UI with success + ([f0ecf51](https://github.com/ory/kratos/commit/f0ecf5144970f666643aa7c00a3f4ca73f4ab047)) +- Correct cookie domain on logout + ([#646](https://github.com/ory/kratos/issues/646)) + ([6d77e04](https://github.com/ory/kratos/commit/6d77e043ce3bec0864b8abdee371a101f68e4335)), + closes [#645](https://github.com/ory/kratos/issues/645) +- Correct help message for import + ([a5f46d2](https://github.com/ory/kratos/commit/a5f46d260b43d15f8e77b04cb36c589e103468bf)) +- Correct password and profile swagger annotations + ([668c184](https://github.com/ory/kratos/commit/668c1847c4c4236ca28f9dcd5147b523a2f60832)) +- Correct password registration method api spec + ([08dd582](https://github.com/ory/kratos/commit/08dd582195cdb6a891d2428ba5d02cd956555e48)) +- Correct PHONY spelling ([#739](https://github.com/ory/kratos/issues/739)) + ([e3d3617](https://github.com/ory/kratos/commit/e3d3617b8d82812b0ad67cc1cb02ff86c2c0c66c)) +- Cover more test cases for persister + ([37d2e08](https://github.com/ory/kratos/commit/37d2e0839b88792733387f26abb98c51bd1e1395)) +- Create decoder only once + ([34dc43b](https://github.com/ory/kratos/commit/34dc43b0c75303f88d2c304225c027faf5366c1f)) +- Deprecate packr2 dependency in makefile + ([be9a84d](https://github.com/ory/kratos/commit/be9a84dcffbccd5f0e073a38264cf11a404d3b66)), + closes [#711](https://github.com/ory/kratos/issues/711) + [#750](https://github.com/ory/kratos/issues/750) +- Do not propagate parent validation error + ([bf6093d](https://github.com/ory/kratos/commit/bf6093d442d9779b4df051031565d020ef628ded)) +- Don't resend verification emails once verified + ([#583](https://github.com/ory/kratos/issues/583)) + ([a4d9969](https://github.com/ory/kratos/commit/a4d99694525e65b58d49197c96324b27fb8c31c2)), + closes [#578](https://github.com/ory/kratos/issues/578) +- Enforce endpoint to be set + ([171ac18](https://github.com/ory/kratos/commit/171ac18d73eaa0822b45f544a9034d6734400f31)) +- Escape jsx characters in api documentation + ([0946094](https://github.com/ory/kratos/commit/09460948a24918b2a84804cafa86cf88189af919)) +- Exit with code 1 on unimplemented CLI commands + ([66943d7](https://github.com/ory/kratos/commit/66943d7e5b47fc477a378d8a7cf2b2009ccfceb3)) +- Explicitly ignore fprint return values + ([f50e582](https://github.com/ory/kratos/commit/f50e5823f4ee047fdc3e276b80b4fb08c9128d99)) +- Explicitly ignore fprintf results + ([a83dc50](https://github.com/ory/kratos/commit/a83dc509970b3be46d832743481357f336fecc35)) +- Fallback to default return url if logout after url is not defined + ([#594](https://github.com/ory/kratos/issues/594)) + ([7edd367](https://github.com/ory/kratos/commit/7edd367dc64a01dbe252ca0ab8cf4d3926a35014)) +- Favor packr2 over pkger + ([ac18a45](https://github.com/ory/kratos/commit/ac18a45ea55929c34ca20953e3baa197363483bc)): + + See https://github.com/markbates/pkger/issues/117 + +- Find and replace "request" references + ([41fb673](https://github.com/ory/kratos/commit/41fb673e38779cb27d4400f70458617eb7e5b93c)) +- Force exe buildmode for windows CGO + ([e017bb5](https://github.com/ory/kratos/commit/e017bb579cd29ad1a634cd552e2601295ff9c104)) +- Html form parse regression issue + ([6b07cbb](https://github.com/ory/kratos/commit/6b07cbb657702d36423d1fa66fe8a149222c8772)) +- Ignore x/net false positives + ([7044b95](https://github.com/ory/kratos/commit/7044b95f6188c4ffbfff42c666dee6ebaba055c8)) +- Improve debugging output for login hook and restructure files + ([dabac40](https://github.com/ory/kratos/commit/dabac40f82407f72071780840f468d0b5b389777)) +- Improve debugging output for registration hook and restructure files + ([ec11775](https://github.com/ory/kratos/commit/ec117754f5dd41e5a3a43b3807c05796396ced55)) +- Improve expired error responses + ([124a92e](https://github.com/ory/kratos/commit/124a92ee98d62abeb695e1e271ee2536a69d6047)) +- Improve hook tests + ([55ba485](https://github.com/ory/kratos/commit/55ba48530a890fdd55ed7da380940f2791148f26)) +- Improve makefile dependency building + ([8e1d69a](https://github.com/ory/kratos/commit/8e1d69a024414196b39eb3d419f4850cd547e3b5)) +- Improve pagination when listing identities + ([c60bf44](https://github.com/ory/kratos/commit/c60bf440b9c85b4f2e871237e3d7725571151efe)) +- Improve post login hook log and audit messages + ([ddd5d5a](https://github.com/ory/kratos/commit/ddd5d5a253d01d2b7b74239a1c7c701759084140)) +- Improve post registration hook log and audit messages + ([2495629](https://github.com/ory/kratos/commit/24956296dd91cf6f5b110a17f65f9f60d8a7aa78)) +- Improve registration hook tests + ([8163152](https://github.com/ory/kratos/commit/8163152a4d9595b1ea73d2887205e7ba80b016f9)) +- Improve session max-age behavior + ([65189fe](https://github.com/ory/kratos/commit/65189fe4a2f84f832240cd67366400e44bb7f09a)), + closes [#42](https://github.com/ory/kratos/issues/42) +- Keep HTML form type on registration error + ([#698](https://github.com/ory/kratos/issues/698)) + ([6c9e756](https://github.com/ory/kratos/commit/6c9e7564efffe1452004d4eda42e1b9ec9feac6b)), + closes [#670](https://github.com/ory/kratos/issues/670) +- Lowercase emails on login + ([244b4dd](https://github.com/ory/kratos/commit/244b4dd825b9a2448cc61465cef81bd9dcb051db)) +- Mark flow methods' fields as required + ([#708](https://github.com/ory/kratos/issues/708)) + ([834c607](https://github.com/ory/kratos/commit/834c60738ca7bb26e982ff73134b7b0e85a72076)) +- Merge public and admin login flow fetch handlers + ([48c4906](https://github.com/ory/kratos/commit/48c4906a606396d889e057a03dc83b619220db54)) +- Missing write in registration error handler + ([3b2af53](https://github.com/ory/kratos/commit/3b2af5397048d63099eace092bf2e50e84a4c610)) +- Properly annotate swagger password parameters + ([2ef57c4](https://github.com/ory/kratos/commit/2ef57c4323eb2623f4115bee0e44ee27dd1648a9)) +- Properly fetch identity for session + ([7be4086](https://github.com/ory/kratos/commit/7be4086045fddfacc38813ca3dd7fbcc7039391f)) +- Recursive loop on network errors in password validator + ([#589](https://github.com/ory/kratos/issues/589)) + ([b4d5a42](https://github.com/ory/kratos/commit/b4d5a42346510e40222b8eb59b455b585f0a05cf)), + closes [#316](https://github.com/ory/kratos/issues/316): + + The old code no error when ignoreNetworkErrors was set to true, but did not + set a hash result which caused an infinite loop. + +- Remove incorrect security specs + ([4c3d46d](https://github.com/ory/kratos/commit/4c3d46dac20363202f0ccd043e1c9d6bf97fb1f8)) +- Remove obsolete tests + ([f102f95](https://github.com/ory/kratos/commit/f102f95f420c8a03520602880d096616069c9233)): + + The test is no longer valid as CSRF checks now happen after checking for login + sessions in settings flows. + +- Remove redirector from code base + ([6689ecf](https://github.com/ory/kratos/commit/6689ecf110b11ba15ec39af822906c2b4b17369e)) +- Remove stray debug statements + ([a8e1ec4](https://github.com/ory/kratos/commit/a8e1ec42cda6ebc664e9434bb5ba7e4dd7c21b4c)) +- Rename import to put + ([8003e0f](https://github.com/ory/kratos/commit/8003e0f42a5d1b77e326d1dba0a70fcd44c704c0)) +- Rename quickstart config files and path + ([#671](https://github.com/ory/kratos/issues/671)) + ([be8b9e5](https://github.com/ory/kratos/commit/be8b9e5f1ca70b1aa06b77bb2ca35644d8cd3c00)) +- Rename quickstart schema file name + ([e943c90](https://github.com/ory/kratos/commit/e943c9018a495b39b72ae463fd4727b1798d5ba2)) +- Rename recovery models and generate SDKs + ([d764435](https://github.com/ory/kratos/commit/d7644359c39732e0b25f43e122d05c1566fb837b)) +- Resolve and test for missing data when updating flows + ([045ecab](https://github.com/ory/kratos/commit/045ecab11ec185ca688a10de75e506fe413afa26)) +- Resolve broken csrf tests + ([6befe2e](https://github.com/ory/kratos/commit/6befe2ec08c01c6c9fb397ba119ecebdcecf7db3)) +- Resolve broken docs links + ([56f4a39](https://github.com/ory/kratos/commit/56f4a397a715b6c0428ae63baa0d2e4bc936f737)) +- Resolve broken migrations and bump fizz + ([1ed9c70](https://github.com/ory/kratos/commit/1ed9c700b946a090bce9587a57eeb9ac64f04c59)) +- Resolve broken OIDC tests and disallow API flows + ([9986d8f](https://github.com/ory/kratos/commit/9986d8f818934bd5e073f59bf7a73c6b7a74b6e2)) +- Resolve cookie issues + ([6e2b6d2](https://github.com/ory/kratos/commit/6e2b6d2f0ce2fb6df7d3e26d6cc8e755e6593a81)) +- Resolve e2e headless test failures + ([82d506e](https://github.com/ory/kratos/commit/82d506e9d35bbbe4c1578f72e5bcf380ebc97142)) +- Resolve e2e test failures + ([2627db2](https://github.com/ory/kratos/commit/2627db26089e8f8e4c18782ff59b4cb2068b276f)) +- Resolve failing test cases + ([f8647b4](https://github.com/ory/kratos/commit/f8647b4c637b4aee29d68df2336fd216306ec78c)) +- Resolve flaky passwort setting tests + ([#582](https://github.com/ory/kratos/issues/582)) + ([c42d936](https://github.com/ory/kratos/commit/c42d936ef51d2ffb48b491b99988d048442e3b8b)), + closes [#581](https://github.com/ory/kratos/issues/581) + [#577](https://github.com/ory/kratos/issues/577) +- Resolve handler testing issue + ([4f6bafd](https://github.com/ory/kratos/commit/4f6bafdc84ba4d878c68700dc243cd3cfe8fe530)) +- Resolve identity admin api issues + ([#586](https://github.com/ory/kratos/issues/586)) + ([feef8a7](https://github.com/ory/kratos/commit/feef8a7d4454c1b343c34a96fa4dadd56149b0cd)), + closes [#435](https://github.com/ory/kratos/issues/435) + [#500](https://github.com/ory/kratos/issues/500): + + This patch resolves several issues that occurred when creating or updating + identities using the Admin API. Now, all hooks are running properly and + updating privileged properties no longer causes errors. + +- Resolve interface type issues + ([064b305](https://github.com/ory/kratos/commit/064b305ab31dc003ccb5992eb1ed2804f85085b9)) +- Resolve logout csrf issues ([#761](https://github.com/ory/kratos/issues/761)) + ([74c0aac](https://github.com/ory/kratos/commit/74c0aac3b94446c3824ae52b04b6f69395938b81)) +- Resolve migratest failures + ([e2f34d3](https://github.com/ory/kratos/commit/e2f34d3f411bac042079d7f5425063ef117fae77)) +- Resolve migratest ordering failing tests + ([dffecc0](https://github.com/ory/kratos/commit/dffecc0e80810ffae57870fd313ee0103ad3f60c)) +- Resolve migration issues + ([b545e15](https://github.com/ory/kratos/commit/b545e15eeaa3e6e1f4a8fe0f8e1890012ac62c94)) +- Resolve panic on `serve` + ([ae34155](https://github.com/ory/kratos/commit/ae341555e7b2b622cf58d09d3eb6a78d833dfdcc)) +- Resolve panic when DSN="memory" + ([#574](https://github.com/ory/kratos/issues/574)) + ([05e55f3](https://github.com/ory/kratos/commit/05e55f3584e20ae5d39cfda6e542d4da40d718e4)): + + Executing the migration logic in registry.go cause a panic as the registry is + not initalized at that point. Therefore we decided to move the handling to + driver_default.go, after the registry has been initialized. + +- Resolve pkger issues + ([294066c](https://github.com/ory/kratos/commit/294066c41be1d508681caa435afda4858a37b7f1)) +- Resolve remaining testing issues + ([af40d93](https://github.com/ory/kratos/commit/af40d933b2f663adb6a537b32546b43ba13ae237)) +- Resolve SQL persistence tester issues + ([4952df4](https://github.com/ory/kratos/commit/4952df43e0aba067c06cdedb1fc2c2d9a2a81a40)) +- Resolve swagger issues and regenerate SDK + ([be4c7e4](https://github.com/ory/kratos/commit/be4c7e4ea72d2ad7cec67b1d6709858d5a1b3d61)) +- Resolve template loading issue + ([145fb20](https://github.com/ory/kratos/commit/145fb204d9a8ca189480f9f2221527ccc62980a0)) +- Resolve test issues introduced by new csrf protection + ([625ef5e](https://github.com/ory/kratos/commit/625ef5e4781700449af0c4e4f1f6cb8aa1787764)) +- Resolve verification sql errors + ([784da53](https://github.com/ory/kratos/commit/784da53ddefe59aea90254be40ae63e919b4b419)) +- Resolves a bug that prevents sessions from expiring + ([#612](https://github.com/ory/kratos/issues/612)) + ([86b281a](https://github.com/ory/kratos/commit/86b281a46b676d80c8f70bfc42c91d988997c21c)), + closes [#611](https://github.com/ory/kratos/issues/611) +- Revert disabling `swagger flatten` during sdk generation + ([98c7915](https://github.com/ory/kratos/commit/98c7915cc493ad99c959244eef68b70bc9baa971)) +- Set correct path for kratos in oathkeeper set up + ([414259f](https://github.com/ory/kratos/commit/414259f9383f30b762051c712763d484f5358075)) +- Set quickstart logging to trace + ([d3e9192](https://github.com/ory/kratos/commit/d3e919249ae59b449367511d3cc8adef839f31c9)) +- Support browser flows only in redirector + ([cab5280](https://github.com/ory/kratos/commit/cab5280859b0fc7fc7fec2b2ec9945f457910b20)) +- Swagger models + ([1b5f9ab](https://github.com/ory/kratos/commit/1b5f9abd5d82251ab93a05d4ff26b4c48c8151ca)): + + The `swagger:parameters ` definitions for `updateIdentity` and + `createIdentity` where defined two times with the same ID. They had some old + definition swagger used. The `internal/httpclient` should now work again as + expected. + +- Tell tls what the smtps server name is + ([#634](https://github.com/ory/kratos/issues/634)) + ([b724038](https://github.com/ory/kratos/commit/b724038a67e84ca71b146bf4b9b044be2dc8c0b4)) +- Type + ([e264c69](https://github.com/ory/kratos/commit/e264c69a07e569429b5e835b1e15c318eff23339)) +- Update cli documentation examples + ([216ea7f](https://github.com/ory/kratos/commit/216ea7f926798ff03d211447200919f9ef3c8b39)) +- Update contrib samples + ([79d24b4](https://github.com/ory/kratos/commit/79d24b4472017a75854cce4a45b4c762e5390a67)) +- Update crdb quickstart version + ([249a6ba](https://github.com/ory/kratos/commit/249a6bae32ccaa6cf002eaab921388e8cb10e58f)) +- Update import description + ([aef1e1a](https://github.com/ory/kratos/commit/aef1e1acf757637590fe19644952a44d1994ba18)) +- Update quickstart kratos config + ([e3246e5](https://github.com/ory/kratos/commit/e3246e5d56b95750529239663bab03168789cc09)) +- Update recovery token field and column names + ([42abfa1](https://github.com/ory/kratos/commit/42abfa1dea2a6291c5b723baf25f35a66f2af835)) +- Update status help description + ([b147831](https://github.com/ory/kratos/commit/b1478316d2f601843133fd33d75c3b047384f283)) +- Update swagger names and fix broken tests + ([85b7fb1](https://github.com/ory/kratos/commit/85b7fb1d466bc4dcee97ad75cc92b8bea8e44d9f)) +- Update version help description + ([8bf4a79](https://github.com/ory/kratos/commit/8bf4a79064a93cb53ef8aee3433b24602bc9f30a)) +- Use and test for csrf tokens and prevent api misuse + ([a4e3bc5](https://github.com/ory/kratos/commit/a4e3bc55e43ba42582a33551c1cc2e83ecd865fa)) +- Use correct HTTP method for password login + ([4f4fcee](https://github.com/ory/kratos/commit/4f4fcee8931ab4998e974106b8d88e0c61736e3f)) +- Use correct log message + ([53c384a](https://github.com/ory/kratos/commit/53c384a542a583259a75315b2602cf4fb41a0ef0)) +- Use correct redirection for registration + ([8d47113](https://github.com/ory/kratos/commit/8d47113a5f7c0c25dc5f92c683b560763cfd47c9)) +- Use correct security annotation + ([c9bebe0](https://github.com/ory/kratos/commit/c9bebe00452a73d1c831831e5a95cb4ed8de37b9)) +- Use correct swagger tags and regenerate + ([df99d8c](https://github.com/ory/kratos/commit/df99d8cbe6e0f2f6a5da872f66db557b2a5e9f70)) +- Use helpers to create flow + ([aba8610](https://github.com/ory/kratos/commit/aba861097d2c67ce9ebff85df59fce8018862516)) +- Use nosurf fork to address VerifyToken bug + ([cd84e51](https://github.com/ory/kratos/commit/cd84e51b7b1861ca9bd2312a4dfc5e84afd890cf)) +- Use params per_page and page for pagination + ([5dfb6e3](https://github.com/ory/kratos/commit/5dfb6e32c44420ed49d652733b9099a41c9347f2)) +- Use proper pwd in makefile + ([52e22c3](https://github.com/ory/kratos/commit/52e22c3b5c0130afd3e235aba9847389369f435e)) +- Use public instead of common sdk + ([dcb4a36](https://github.com/ory/kratos/commit/dcb4a36f9fb3c25ace9a252b7e05f7ab71d2e21f)) +- Use relative threshold to judge longest common substring in password policy + ([#585](https://github.com/ory/kratos/issues/585)) + ([3e9f8cc](https://github.com/ory/kratos/commit/3e9f8cce4b058b05d69c73fff514f3b8e46c2be3)), + closes [#581](https://github.com/ory/kratos/issues/581) +- Whoami returns 401 not 403 + ([3b3b78c](https://github.com/ory/kratos/commit/3b3b78c04bbbbb7b7fb05635d96b4f7c7fa7776f)), + closes [#729](https://github.com/ory/kratos/issues/729) ### Code Generation -* Pin v0.5.0-alpha.1 release commit ([557d37d](https://github.com/ory/kratos/commit/557d37d1139adb14a25abe40d0174d47d4e18fee)) +- Pin v0.5.0-alpha.1 release commit + ([557d37d](https://github.com/ory/kratos/commit/557d37d1139adb14a25abe40d0174d47d4e18fee)) ### Code Refactoring -* Add flow methods to verification ([00ee828](https://github.com/ory/kratos/commit/00ee828842bd4bc6f917ba2446b1374d28b62000)): - - Completely refactors the verification flow to support other methods. The original email verification flow now moved to the "link" method also used for recovery. - - Additionally, several upstream bugs in gobuffalo/pop and gobuffalo/fizz have been addressed, patched, and merged which improves support for SQLite and CockroachDB migrations: - - - https://github.com/gobuffalo/fizz/pull/97 - - https://github.com/gobuffalo/fizz/pull/96 - -* Add method and rename request to flow ([006bf56](https://github.com/ory/kratos/commit/006bf56671d8162cdb5bcce630c027b67935263d)) -* Change oidc callback URL ([36d9380](https://github.com/ory/kratos/commit/36d9380b2123d27219c908b51ad97574ee11bc57)) -* Complete login flow refactoring ([ad2b3db](https://github.com/ory/kratos/commit/ad2b3db4493085b80889cbc0dce9562288ec6896)) -* Dry up login.NewFlow ([f261c44](https://github.com/ory/kratos/commit/f261c442dbe74e3b9887193b74e36fe70306f9d8)) -* Improve CSRF infrastructure ([7e367e7](https://github.com/ory/kratos/commit/7e367e7f45481147d5c231d0ea8cbb30b738226f)) -* Improve login test reuse ([b4184e5](https://github.com/ory/kratos/commit/b4184e5f1525a9918bc795f2353b186141ce5399)) -* Improve NewFlowExpiredError ([1caefac](https://github.com/ory/kratos/commit/1caefac6e0e82aa2b12458ef16d7f5af24014bf9)) -* Improve registration tests with testhelpers ([9bf4530](https://github.com/ory/kratos/commit/9bf45303be908449b78c68c7382eab5cfc5c40fa)) -* Improve selfservice method tests ([df4d06d](https://github.com/ory/kratos/commit/df4d06d553852cdb8b914810c19bdd0fcc845c9c)) -* Improve settings helper functions ([fda17ca](https://github.com/ory/kratos/commit/fda17ca5ea7824c4bf5010218cace7d5fbc7ad5b)) -* Move samesite config to cookie parent-key ([753eb86](https://github.com/ory/kratos/commit/753eb86c904c4af9e7d91e46ff4c836dcce35807)) -* Moved clihelpers to ory/x ([#756](https://github.com/ory/kratos/issues/756)) ([6ccffa8](https://github.com/ory/kratos/commit/6ccffa8a1cc5b9fd33435187720257bb66323546)): - - Contributes to https://github.com/ory/hydra/issues/2124. - - - -* Profile settings method is now API-able ([c5f361f](https://github.com/ory/kratos/commit/c5f361ff418336cfcaa452eded4bd61132808b16)) -* Remove common keyword from API spec ([6619562](https://github.com/ory/kratos/commit/6619562667ef0e363d14c57cfbcd15c16f292853)) -* Remove need for reverse proxy in selfservice-ui ([beb4c32](https://github.com/ory/kratos/commit/beb4c3284e552fe51c3a8cebb20a8c2bfc07cdf8)), closes [#661](https://github.com/ory/kratos/issues/661) -* Rename `session.sid` to `session.id` ([809fe73](https://github.com/ory/kratos/commit/809fe7334e4a308405c1f03ada1dbef6ed33c01a)) -* Rename login request to login flow ([9369d1b](https://github.com/ory/kratos/commit/9369d1bb637fc80b5d5980140693d5bcac0c76bb)), closes [#635](https://github.com/ory/kratos/issues/635): - - As part of this change, fetching a login flow over the public API no longer requires Anti-CSRF cookies to be sent. - -* Rename LoginRequestErrorHandler to LoginFlowErrorHandler ([66ae029](https://github.com/ory/kratos/commit/66ae029f49aecdfba5fa6905cfccfcdad992dd5a)) -* Rename package recoverytoken to link ([f87fb54](https://github.com/ory/kratos/commit/f87fb549f6d8a10ba5adffddeb2fe12060d520ab)) -* Rename recovery request to flow internally ([16c5618](https://github.com/ory/kratos/commit/16c5618644e78cf1081f966e01b570a36eea709b)) -* Rename recovery request to recovery flow ([b0f433d](https://github.com/ory/kratos/commit/b0f433d4cb65d79acba789394d828663e873a833)), closes [#635](https://github.com/ory/kratos/issues/635): - - As part of this change, fetching a login flow over the public API no longer requires Anti-CSRF cookies to be sent. - -* Rename registration request to flow ([8437ebc](https://github.com/ory/kratos/commit/8437ebcf4deb2844562ec701af3bbbb2a9b5dea4)) -* Rename registration request to registration flow ([0470956](https://github.com/ory/kratos/commit/0470956128d03921d8554c43af2c5a0003abe82f)), closes [#635](https://github.com/ory/kratos/issues/635): - - As part of this change, fetching a registration flow over the public API no longer requires Anti-CSRF cookies to be sent. - -* Rename request_lifespan to lifespan ([#677](https://github.com/ory/kratos/issues/677)) ([3c8d5e0](https://github.com/ory/kratos/commit/3c8d5e02b04686a1e0bfbd28caa0bc536e3414e4)), closes [#666](https://github.com/ory/kratos/issues/666) -* Rename strategies to methods ([8985189](https://github.com/ory/kratos/commit/89851896d563518909bc2b47a7ff91683eec4958)): - - This patch renames `strategies` such as "Username/Email & Password" to methods. - -* Rename verify to verificaiton ([#597](https://github.com/ory/kratos/issues/597)) ([0ecd69a](https://github.com/ory/kratos/commit/0ecd69a60f741fc334c9b060b6aeaafc39e048b1)) -* Replace all occurrences of login request to flow ([1b3c491](https://github.com/ory/kratos/commit/1b3c49174a7a2eff51dd531f3a49afc15c31c536)) -* Replace all registration request occurrences with registration flow ([308ef47](https://github.com/ory/kratos/commit/308ef47846c9ab4f18a598ef6ef78514fad77c42)) -* Replace packr2 with pkger fork ([4e2acae](https://github.com/ory/kratos/commit/4e2acae7c4fc17880cf88ef05cf7cca5f20f5be3)) -* Restructure login package ([c99e2a2](https://github.com/ory/kratos/commit/c99e2a2f23c3c2aabaae55de67e40ab7fb2dd307)) -* Use session token as cookie identifier ([60fd9c2](https://github.com/ory/kratos/commit/60fd9c2efa881fcdd769a8967abe73c05a198868)) +- Add flow methods to verification + ([00ee828](https://github.com/ory/kratos/commit/00ee828842bd4bc6f917ba2446b1374d28b62000)): + + Completely refactors the verification flow to support other methods. The + original email verification flow now moved to the "link" method also used for + recovery. + + Additionally, several upstream bugs in gobuffalo/pop and gobuffalo/fizz have + been addressed, patched, and merged which improves support for SQLite and + CockroachDB migrations: + + - https://github.com/gobuffalo/fizz/pull/97 + - https://github.com/gobuffalo/fizz/pull/96 + +- Add method and rename request to flow + ([006bf56](https://github.com/ory/kratos/commit/006bf56671d8162cdb5bcce630c027b67935263d)) +- Change oidc callback URL + ([36d9380](https://github.com/ory/kratos/commit/36d9380b2123d27219c908b51ad97574ee11bc57)) +- Complete login flow refactoring + ([ad2b3db](https://github.com/ory/kratos/commit/ad2b3db4493085b80889cbc0dce9562288ec6896)) +- Dry up login.NewFlow + ([f261c44](https://github.com/ory/kratos/commit/f261c442dbe74e3b9887193b74e36fe70306f9d8)) +- Improve CSRF infrastructure + ([7e367e7](https://github.com/ory/kratos/commit/7e367e7f45481147d5c231d0ea8cbb30b738226f)) +- Improve login test reuse + ([b4184e5](https://github.com/ory/kratos/commit/b4184e5f1525a9918bc795f2353b186141ce5399)) +- Improve NewFlowExpiredError + ([1caefac](https://github.com/ory/kratos/commit/1caefac6e0e82aa2b12458ef16d7f5af24014bf9)) +- Improve registration tests with testhelpers + ([9bf4530](https://github.com/ory/kratos/commit/9bf45303be908449b78c68c7382eab5cfc5c40fa)) +- Improve selfservice method tests + ([df4d06d](https://github.com/ory/kratos/commit/df4d06d553852cdb8b914810c19bdd0fcc845c9c)) +- Improve settings helper functions + ([fda17ca](https://github.com/ory/kratos/commit/fda17ca5ea7824c4bf5010218cace7d5fbc7ad5b)) +- Move samesite config to cookie parent-key + ([753eb86](https://github.com/ory/kratos/commit/753eb86c904c4af9e7d91e46ff4c836dcce35807)) +- Moved clihelpers to ory/x ([#756](https://github.com/ory/kratos/issues/756)) + ([6ccffa8](https://github.com/ory/kratos/commit/6ccffa8a1cc5b9fd33435187720257bb66323546)): + + Contributes to https://github.com/ory/hydra/issues/2124. + +- Profile settings method is now API-able + ([c5f361f](https://github.com/ory/kratos/commit/c5f361ff418336cfcaa452eded4bd61132808b16)) +- Remove common keyword from API spec + ([6619562](https://github.com/ory/kratos/commit/6619562667ef0e363d14c57cfbcd15c16f292853)) +- Remove need for reverse proxy in selfservice-ui + ([beb4c32](https://github.com/ory/kratos/commit/beb4c3284e552fe51c3a8cebb20a8c2bfc07cdf8)), + closes [#661](https://github.com/ory/kratos/issues/661) +- Rename `session.sid` to `session.id` + ([809fe73](https://github.com/ory/kratos/commit/809fe7334e4a308405c1f03ada1dbef6ed33c01a)) +- Rename login request to login flow + ([9369d1b](https://github.com/ory/kratos/commit/9369d1bb637fc80b5d5980140693d5bcac0c76bb)), + closes [#635](https://github.com/ory/kratos/issues/635): + + As part of this change, fetching a login flow over the public API no longer + requires Anti-CSRF cookies to be sent. + +- Rename LoginRequestErrorHandler to LoginFlowErrorHandler + ([66ae029](https://github.com/ory/kratos/commit/66ae029f49aecdfba5fa6905cfccfcdad992dd5a)) +- Rename package recoverytoken to link + ([f87fb54](https://github.com/ory/kratos/commit/f87fb549f6d8a10ba5adffddeb2fe12060d520ab)) +- Rename recovery request to flow internally + ([16c5618](https://github.com/ory/kratos/commit/16c5618644e78cf1081f966e01b570a36eea709b)) +- Rename recovery request to recovery flow + ([b0f433d](https://github.com/ory/kratos/commit/b0f433d4cb65d79acba789394d828663e873a833)), + closes [#635](https://github.com/ory/kratos/issues/635): + + As part of this change, fetching a login flow over the public API no longer + requires Anti-CSRF cookies to be sent. + +- Rename registration request to flow + ([8437ebc](https://github.com/ory/kratos/commit/8437ebcf4deb2844562ec701af3bbbb2a9b5dea4)) +- Rename registration request to registration flow + ([0470956](https://github.com/ory/kratos/commit/0470956128d03921d8554c43af2c5a0003abe82f)), + closes [#635](https://github.com/ory/kratos/issues/635): + + As part of this change, fetching a registration flow over the public API no + longer requires Anti-CSRF cookies to be sent. + +- Rename request_lifespan to lifespan + ([#677](https://github.com/ory/kratos/issues/677)) + ([3c8d5e0](https://github.com/ory/kratos/commit/3c8d5e02b04686a1e0bfbd28caa0bc536e3414e4)), + closes [#666](https://github.com/ory/kratos/issues/666) +- Rename strategies to methods + ([8985189](https://github.com/ory/kratos/commit/89851896d563518909bc2b47a7ff91683eec4958)): + + This patch renames `strategies` such as "Username/Email & Password" to + methods. + +- Rename verify to verificaiton + ([#597](https://github.com/ory/kratos/issues/597)) + ([0ecd69a](https://github.com/ory/kratos/commit/0ecd69a60f741fc334c9b060b6aeaafc39e048b1)) +- Replace all occurrences of login request to flow + ([1b3c491](https://github.com/ory/kratos/commit/1b3c49174a7a2eff51dd531f3a49afc15c31c536)) +- Replace all registration request occurrences with registration flow + ([308ef47](https://github.com/ory/kratos/commit/308ef47846c9ab4f18a598ef6ef78514fad77c42)) +- Replace packr2 with pkger fork + ([4e2acae](https://github.com/ory/kratos/commit/4e2acae7c4fc17880cf88ef05cf7cca5f20f5be3)) +- Restructure login package + ([c99e2a2](https://github.com/ory/kratos/commit/c99e2a2f23c3c2aabaae55de67e40ab7fb2dd307)) +- Use session token as cookie identifier + ([60fd9c2](https://github.com/ory/kratos/commit/60fd9c2efa881fcdd769a8967abe73c05a198868)) ### Documentation -* Add administrative user management guide ([b97e0c6](https://github.com/ory/kratos/commit/b97e0c69bb1115bdec88b218e8cdda34f137d798)) -* Add code samples to session checking ([eba8eda](https://github.com/ory/kratos/commit/eba8eda70423aa802eace278889a5e8d2e0bc513)) -* Add configuring introduction ([#630](https://github.com/ory/kratos/issues/630)) ([b8cfb35](https://github.com/ory/kratos/commit/b8cfb351c2dca783e355f39d25ce17b65fef7dd4)) -* Add descriptions to cobra commands ([607b76d](https://github.com/ory/kratos/commit/607b76d109d1fa519235fe9d6af78c8315b9c4fc)) -* Add documentation for configuring cookies ([e3dbc8a](https://github.com/ory/kratos/commit/e3dbc8acc055f6e2d78bc959be7356f9a66ac90f)), closes [#516](https://github.com/ory/kratos/issues/516) -* Add domain, subdomain, multi-domain cookie guides ([3eb1e59](https://github.com/ory/kratos/commit/3eb1e5987df56993c792684a6a2bc11f5eb570b8)), closes [#661](https://github.com/ory/kratos/issues/661) -* Add github video tutorial ([#622](https://github.com/ory/kratos/issues/622)) ([0c4222c](https://github.com/ory/kratos/commit/0c4222c0d12df4e971fd7e5099006484e0bcb317)) -* Add guide for cors ([a8ae759](https://github.com/ory/kratos/commit/a8ae759565d94ebd9d0f758b7eb6efbddf486372)) -* Add guide for cors ([91fd278](https://github.com/ory/kratos/commit/91fd278d1a6720576998b115dedb882b90915561)) -* Add guide for dealing with login sessions ([4e2718c](https://github.com/ory/kratos/commit/4e2718c779031c0e3b877e9df1747ccb2371927b)) -* Add identity state ([fb4aedb](https://github.com/ory/kratos/commit/fb4aedb9a95367e25080491b54aab11de491d819)) -* Add login session to navbar ([b212d64](https://github.com/ory/kratos/commit/b212d6484e40c9f2cce10f2ba4aaf4e2a72f03a1)) -* Add milestones to sidebar ([aae13ec](https://github.com/ory/kratos/commit/aae13ec141a2c315aff1a53aa005bb9465efcdc0)) -* Add missing GitLab provider to the list of supported OIDC providers ([#766](https://github.com/ory/kratos/issues/766)) ([a43ed33](https://github.com/ory/kratos/commit/a43ed335262fd542f349224aef918af5263c384d)) -* Add missing TOC entries ([#748](https://github.com/ory/kratos/issues/748)) ([bd7edfb](https://github.com/ory/kratos/commit/bd7edfbebd19f01af337c34293ebc2865f2b077d)) -* Add pagination docs ([7fe0901](https://github.com/ory/kratos/commit/7fe0901ee5d0e829e110bd0c4fdecb24bfc27768)) -* Add secret key rotation guide ([3d6e21a](https://github.com/ory/kratos/commit/3d6e21af2f726944468299c326600a8ab0e4e885)) -* Add sequence diagrams for browser/api flows ([590d767](https://github.com/ory/kratos/commit/590d767352b9253b7550eaba56fea99400399cd7)) -* Add session hook to ssi guide ([#623](https://github.com/ory/kratos/issues/623)) ([1bbed39](https://github.com/ory/kratos/commit/1bbed390ffedd811afdb5fcfe69047554419d8ce)) -* Add terminology section ([29b81a7](https://github.com/ory/kratos/commit/29b81a78fcf880cd6d9d3b2cbb03f955b701ffbd)) -* Add theme helpers and decouple mermaid ([7c3eb32](https://github.com/ory/kratos/commit/7c3eb32df5d9287845258bf25d6719733f6c4227)) -* Add video to OIDC guide ([#619](https://github.com/ory/kratos/issues/619)) ([f286980](https://github.com/ory/kratos/commit/f286980c29ce8460ba550e5d74b8dee23602e920)) -* Added sidebar cli label ([5d24a29](https://github.com/ory/kratos/commit/5d24a2998b412159295feca40421b8b11cf02274)): - - `clidoc.Generate` expects to find an entry under `sidebar.json/Reference` that contains the substring "CLI" in it's label. Because that was missing, a new entry was appended on every regeneration of the file. - -* Added sidebar item ([#639](https://github.com/ory/kratos/issues/639)) ([8574761](https://github.com/ory/kratos/commit/857476112d12b8ab79ef49054452a950ff81bc23)): - - Added Kratos Video Tutorial Transcripts document to sidebar. - -* Added transcript ([#627](https://github.com/ory/kratos/issues/627)) ([cec7f1f](https://github.com/ory/kratos/commit/cec7f1fc4955b02d21d772e748ec791f31bad24e)): - - Added Login with Github Transcript - -* Adds twitch oidc provider guide ([#760](https://github.com/ory/kratos/issues/760)) ([339e622](https://github.com/ory/kratos/commit/339e62202170bf21d469d1a2bfe6b053a78c374d)) -* Bring oidc docs up to date ([7d0e470](https://github.com/ory/kratos/commit/7d0e47058cd6dca1763f01e45ed46cee49321240)) -* Changed transcript location ([#642](https://github.com/ory/kratos/issues/642)) ([c52764d](https://github.com/ory/kratos/commit/c52764d4394181b24dffbf8301418530ba5dbcc2)): - - Changed the location so it is in the right place. - -* Clarify 302 redirect on expired login flows ([ca31b53](https://github.com/ory/kratos/commit/ca31b53837e8eb2b811bf384da3724fdf61b423b)) -* Clarify api flow use ([a38b4a1](https://github.com/ory/kratos/commit/a38b4a1684cfbc385ca21005c91a47e57df5a35d)) -* Clarify feature-set ([2266ae7](https://github.com/ory/kratos/commit/2266ae7ea92207cdc4fcb58ef1384e287a5b34dc)) -* Clarify kratos config snippet ([e7732f3](https://github.com/ory/kratos/commit/e7732f3283d82a1678076cd2463ef5ff33dd30ea)) -* Clean up docs and correct samples ([8627ec5](https://github.com/ory/kratos/commit/8627ec58edb15118e0c4ce2cfcef7a5573482c5a)) -* Complete registration documentation ([b3af02b](https://github.com/ory/kratos/commit/b3af02b0ea4cbf16ea282b7ce5f5057d99044ac3)) -* Consistent formatting of badges ([#745](https://github.com/ory/kratos/issues/745)) ([b391a03](https://github.com/ory/kratos/commit/b391a036f3b49cd6c1915444c9f26dead4855a7c)) -* Correct settings and verification redir ([30e25e7](https://github.com/ory/kratos/commit/30e25e7287a2579da99a6a6dc2f890e7e06fcc81)) -* Docker image documentation ([#573](https://github.com/ory/kratos/issues/573)) ([bfe032e](https://github.com/ory/kratos/commit/bfe032e2b6bfd8b9415d466011bdd7e36efa4146)) -* Document APi flows in self-service overview ([71ed0bd](https://github.com/ory/kratos/commit/71ed0bd2027d61c2e5cebf6b031fe66469bdf97e)) -* Document how to check for login sessions ([9ad73b8](https://github.com/ory/kratos/commit/9ad73b8dab06c6796933448cb93ae4e55d9f2c51)) -* Explain high-level API and browser flows ([fe3ee0a](https://github.com/ory/kratos/commit/fe3ee0a0c8681a99dc6b61b90cff547c6a7fc6d2)) -* Fix logout url ([#593](https://github.com/ory/kratos/issues/593)) ([f0971d4](https://github.com/ory/kratos/commit/f0971d44a911caed8a6071358fa6b7ebc0fcf145)) -* Fix sidebar missing comment ([d90123a](https://github.com/ory/kratos/commit/d90123ae31edbae6a39a1f039cc9362f9acdfdcb)) -* Fix typo ([c2f94da](https://github.com/ory/kratos/commit/c2f94daa4143a70c13426ccd5366ec891182e4d0)) -* Fix typo on index page ([#656](https://github.com/ory/kratos/issues/656)) ([907add5](https://github.com/ory/kratos/commit/907add5edb526adb4de57d35da16929ac08041e1)) -* Fix url of admin-api /recovery/link ([#650](https://github.com/ory/kratos/issues/650)) ([e68c7cb](https://github.com/ory/kratos/commit/e68c7cbdc2191565570d0ee6812318ac9ad3421d)) -* Fixed link ([c2aebbd](https://github.com/ory/kratos/commit/c2aebbd898f38388d849954938d56212c88d280f)) -* Fixed link ([#629](https://github.com/ory/kratos/issues/629)) ([ad1276f](https://github.com/ory/kratos/commit/ad1276f2b2cf3cbbecba4dee1d6d433999286946)) -* Fixed typos/readability ([#620](https://github.com/ory/kratos/issues/620)) ([7fd3ce0](https://github.com/ory/kratos/commit/7fd3ce0d8c52346ba3504ce5777321937baf8d1e)): - - Fixed a few typos, and moved some sentences around to improve readability. - -* Fixed typos/readability ([#621](https://github.com/ory/kratos/issues/621)) ([c4fc75f](https://github.com/ory/kratos/commit/c4fc75f7dca59fa8f31d068f57179f49bf798b6a)) -* Import mermaid ([#696](https://github.com/ory/kratos/issues/696)) ([6f75004](https://github.com/ory/kratos/commit/6f750047d41add6bd2d30adb1c654181c9636d2d)) -* Improve charts and examples in self-service overview ([312c91d](https://github.com/ory/kratos/commit/312c91de3ae3c086f836ec3928735d787ad40dde)) -* Improve documentation and add tests ([3dde956](https://github.com/ory/kratos/commit/3dde956e09d1f3f6411046b12f8684d8760f9b91)) -* Improve long messages and render cli documentation ([e5fc02f](https://github.com/ory/kratos/commit/e5fc02ff22836e074a1dfca043d4b4b8ad64c747)) -* Make assumptions neutral in concepts overview ([e89d980](https://github.com/ory/kratos/commit/e89d98099bd3fc5c8361f9015e44668494211152)) -* Move development section ([2e6f643](https://github.com/ory/kratos/commit/2e6f6430f88105efd5618482043809c6d643216b)) -* Move hooks ([c02b588](https://github.com/ory/kratos/commit/c02b58867ee2c0a386b2b741375ec8cd76122461)) -* Move to json sidebar ([504af3b](https://github.com/ory/kratos/commit/504af3b89d728eb11bf42f4a2037c78b3b7cb788)) -* Password login and registration methods for API clients ([5a44356](https://github.com/ory/kratos/commit/5a4435643ae3463df85458f22f87730c11af10ab)) -* Prettify all files ([#743](https://github.com/ory/kratos/issues/743)) ([d9d1bfd](https://github.com/ory/kratos/commit/d9d1bfdff70ad835629a2dba00579925fcb3094d)) -* Quickstart next steps ([#676](https://github.com/ory/kratos/issues/676)) ([ee9dd0d](https://github.com/ory/kratos/commit/ee9dd0d58a4146a0e131f6a7b74943bb39d26c0b)): - - Added a section outlining some easy config changes, that users can apply to the quickstart to test out different scenarios and configurations. - -* Refactor login and registration documentation ([c660a04](https://github.com/ory/kratos/commit/c660a04ed6a70aefca18896662331fcc5d1919cf)) -* Refactor settings and recovery documentation ([11ca9f7](https://github.com/ory/kratos/commit/11ca9f7d1b858dcda3a96e1e1d2607ba64f7fbbe)) -* Refactor verification docs ([70f2789](https://github.com/ory/kratos/commit/70f2789363773fccc4bd8691597ff588ac6892c6)) -* Regenerate clidocs with up-to-date binary ([e53289c](https://github.com/ory/kratos/commit/e53289c8e9f34a02ec66ec7ee03e2269a4a13c42)) -* Remove `make tools` task ([ec6e664](https://github.com/ory/kratos/commit/ec6e6641234191d4eb39e1ad17bc7fcc03c2a0b5)), closes [#711](https://github.com/ory/kratos/issues/711) [#750](https://github.com/ory/kratos/issues/750): - - This task does not exist any more and the dependency building is much smarter now. - -* Remove contraction ([#747](https://github.com/ory/kratos/issues/747)) ([cd4f21d](https://github.com/ory/kratos/commit/cd4f21dbfa2b3824468146677f542fbab2417c42)) -* Remove duplicate word ([b84e659](https://github.com/ory/kratos/commit/b84e659af29aa1b129f33ccf5ca9e0d54353c019)) -* Remove duplicate word ([#700](https://github.com/ory/kratos/issues/700)) ([a12100e](https://github.com/ory/kratos/commit/a12100e7644b535c4bd3073e03c48229bb81e7b2)) -* Remove react native guide for now ([daa5f2e](https://github.com/ory/kratos/commit/daa5f2e3de3fe8380a91f594e034afcadc6e6ba5)) -* Rename self service and add admin section ([639c424](https://github.com/ory/kratos/commit/639c424d3bde0557f7edd7edc489a476f1aa60b3)) -* Replace ampersand ([#749](https://github.com/ory/kratos/issues/749)) ([8337b80](https://github.com/ory/kratos/commit/8337b80a13e8cf0cb2848241c93bb151420ac6a4)) -* Resolve regression issues ([0470fd7](https://github.com/ory/kratos/commit/0470fd734fb30170033e10758d99cf5711c80eb1)) -* Resolve typo in message IDs ([562cfc4](https://github.com/ory/kratos/commit/562cfc4392ba1c9c1fb8854ea0ac85bd44d0fac9)) -* Resolve typo in message IDs ([#607](https://github.com/ory/kratos/issues/607)) ([f7688f0](https://github.com/ory/kratos/commit/f7688f0ab07b579a375ce4cc25361b360e82dd88)) -* Update cli docs ([085efca](https://github.com/ory/kratos/commit/085efcae895b3aa3c76c819dca0f080ea79d57cd)) -* Update link to mfa issue ([d03a706](https://github.com/ory/kratos/commit/d03a706307be21b83d18601223fb0d1430459a29)) -* Update links ([a06fd88](https://github.com/ory/kratos/commit/a06fd88b0dcb747808ffea450bf1ac74dd941769)) -* Update MFA link to issue ([#690](https://github.com/ory/kratos/issues/690)) ([7a744ad](https://github.com/ory/kratos/commit/7a744ad7b62540dd5789aee8532c1f97ddcab32d)): - - MFA issue was pushed to a later milestone. Update the documentation to point to the issue instead of the milestone. - -* Update repository templates ([f422485](https://github.com/ory/kratos/commit/f4224852ceeb054405251b21895efa493e1abc9c)) -* Update repository templates ([#678](https://github.com/ory/kratos/issues/678)) ([bdb6875](https://github.com/ory/kratos/commit/bdb6875e55aed454cda061969e1dd4f712e09bb5)) -* Update sidebar ([ea15c20](https://github.com/ory/kratos/commit/ea15c2093fc66e4cfc0a66aabf7dfad6965777dc)) -* Update ts examples ([65cb46e](https://github.com/ory/kratos/commit/65cb46e57595b920bd6544f9a9a4f7b886462be0)) -* Use correct id for multi-domain-cookies ([b49288a](https://github.com/ory/kratos/commit/b49288a351647c91a3c7d4a62537146d4a9f1bd0)) -* Use correct path in 0.4 docs ([9fcaac4](https://github.com/ory/kratos/commit/9fcaac4048e05500d0456eb3cd9cd11cc123e370)), closes [#588](https://github.com/ory/kratos/issues/588) -* Use NYT Capitalization for all Swagger headlines ([#675](https://github.com/ory/kratos/issues/675)) ([6c96429](https://github.com/ory/kratos/commit/6c9642959dab8cf042ad227711609d5726328394)), closes [#664](https://github.com/ory/kratos/issues/664) +- Add administrative user management guide + ([b97e0c6](https://github.com/ory/kratos/commit/b97e0c69bb1115bdec88b218e8cdda34f137d798)) +- Add code samples to session checking + ([eba8eda](https://github.com/ory/kratos/commit/eba8eda70423aa802eace278889a5e8d2e0bc513)) +- Add configuring introduction + ([#630](https://github.com/ory/kratos/issues/630)) + ([b8cfb35](https://github.com/ory/kratos/commit/b8cfb351c2dca783e355f39d25ce17b65fef7dd4)) +- Add descriptions to cobra commands + ([607b76d](https://github.com/ory/kratos/commit/607b76d109d1fa519235fe9d6af78c8315b9c4fc)) +- Add documentation for configuring cookies + ([e3dbc8a](https://github.com/ory/kratos/commit/e3dbc8acc055f6e2d78bc959be7356f9a66ac90f)), + closes [#516](https://github.com/ory/kratos/issues/516) +- Add domain, subdomain, multi-domain cookie guides + ([3eb1e59](https://github.com/ory/kratos/commit/3eb1e5987df56993c792684a6a2bc11f5eb570b8)), + closes [#661](https://github.com/ory/kratos/issues/661) +- Add github video tutorial ([#622](https://github.com/ory/kratos/issues/622)) + ([0c4222c](https://github.com/ory/kratos/commit/0c4222c0d12df4e971fd7e5099006484e0bcb317)) +- Add guide for cors + ([a8ae759](https://github.com/ory/kratos/commit/a8ae759565d94ebd9d0f758b7eb6efbddf486372)) +- Add guide for cors + ([91fd278](https://github.com/ory/kratos/commit/91fd278d1a6720576998b115dedb882b90915561)) +- Add guide for dealing with login sessions + ([4e2718c](https://github.com/ory/kratos/commit/4e2718c779031c0e3b877e9df1747ccb2371927b)) +- Add identity state + ([fb4aedb](https://github.com/ory/kratos/commit/fb4aedb9a95367e25080491b54aab11de491d819)) +- Add login session to navbar + ([b212d64](https://github.com/ory/kratos/commit/b212d6484e40c9f2cce10f2ba4aaf4e2a72f03a1)) +- Add milestones to sidebar + ([aae13ec](https://github.com/ory/kratos/commit/aae13ec141a2c315aff1a53aa005bb9465efcdc0)) +- Add missing GitLab provider to the list of supported OIDC providers + ([#766](https://github.com/ory/kratos/issues/766)) + ([a43ed33](https://github.com/ory/kratos/commit/a43ed335262fd542f349224aef918af5263c384d)) +- Add missing TOC entries ([#748](https://github.com/ory/kratos/issues/748)) + ([bd7edfb](https://github.com/ory/kratos/commit/bd7edfbebd19f01af337c34293ebc2865f2b077d)) +- Add pagination docs + ([7fe0901](https://github.com/ory/kratos/commit/7fe0901ee5d0e829e110bd0c4fdecb24bfc27768)) +- Add secret key rotation guide + ([3d6e21a](https://github.com/ory/kratos/commit/3d6e21af2f726944468299c326600a8ab0e4e885)) +- Add sequence diagrams for browser/api flows + ([590d767](https://github.com/ory/kratos/commit/590d767352b9253b7550eaba56fea99400399cd7)) +- Add session hook to ssi guide + ([#623](https://github.com/ory/kratos/issues/623)) + ([1bbed39](https://github.com/ory/kratos/commit/1bbed390ffedd811afdb5fcfe69047554419d8ce)) +- Add terminology section + ([29b81a7](https://github.com/ory/kratos/commit/29b81a78fcf880cd6d9d3b2cbb03f955b701ffbd)) +- Add theme helpers and decouple mermaid + ([7c3eb32](https://github.com/ory/kratos/commit/7c3eb32df5d9287845258bf25d6719733f6c4227)) +- Add video to OIDC guide ([#619](https://github.com/ory/kratos/issues/619)) + ([f286980](https://github.com/ory/kratos/commit/f286980c29ce8460ba550e5d74b8dee23602e920)) +- Added sidebar cli label + ([5d24a29](https://github.com/ory/kratos/commit/5d24a2998b412159295feca40421b8b11cf02274)): + + `clidoc.Generate` expects to find an entry under `sidebar.json/Reference` that + contains the substring "CLI" in it's label. Because that was missing, a new + entry was appended on every regeneration of the file. + +- Added sidebar item ([#639](https://github.com/ory/kratos/issues/639)) + ([8574761](https://github.com/ory/kratos/commit/857476112d12b8ab79ef49054452a950ff81bc23)): + + Added Kratos Video Tutorial Transcripts document to sidebar. + +- Added transcript ([#627](https://github.com/ory/kratos/issues/627)) + ([cec7f1f](https://github.com/ory/kratos/commit/cec7f1fc4955b02d21d772e748ec791f31bad24e)): + + Added Login with Github Transcript + +- Adds twitch oidc provider guide + ([#760](https://github.com/ory/kratos/issues/760)) + ([339e622](https://github.com/ory/kratos/commit/339e62202170bf21d469d1a2bfe6b053a78c374d)) +- Bring oidc docs up to date + ([7d0e470](https://github.com/ory/kratos/commit/7d0e47058cd6dca1763f01e45ed46cee49321240)) +- Changed transcript location ([#642](https://github.com/ory/kratos/issues/642)) + ([c52764d](https://github.com/ory/kratos/commit/c52764d4394181b24dffbf8301418530ba5dbcc2)): + + Changed the location so it is in the right place. + +- Clarify 302 redirect on expired login flows + ([ca31b53](https://github.com/ory/kratos/commit/ca31b53837e8eb2b811bf384da3724fdf61b423b)) +- Clarify api flow use + ([a38b4a1](https://github.com/ory/kratos/commit/a38b4a1684cfbc385ca21005c91a47e57df5a35d)) +- Clarify feature-set + ([2266ae7](https://github.com/ory/kratos/commit/2266ae7ea92207cdc4fcb58ef1384e287a5b34dc)) +- Clarify kratos config snippet + ([e7732f3](https://github.com/ory/kratos/commit/e7732f3283d82a1678076cd2463ef5ff33dd30ea)) +- Clean up docs and correct samples + ([8627ec5](https://github.com/ory/kratos/commit/8627ec58edb15118e0c4ce2cfcef7a5573482c5a)) +- Complete registration documentation + ([b3af02b](https://github.com/ory/kratos/commit/b3af02b0ea4cbf16ea282b7ce5f5057d99044ac3)) +- Consistent formatting of badges + ([#745](https://github.com/ory/kratos/issues/745)) + ([b391a03](https://github.com/ory/kratos/commit/b391a036f3b49cd6c1915444c9f26dead4855a7c)) +- Correct settings and verification redir + ([30e25e7](https://github.com/ory/kratos/commit/30e25e7287a2579da99a6a6dc2f890e7e06fcc81)) +- Docker image documentation ([#573](https://github.com/ory/kratos/issues/573)) + ([bfe032e](https://github.com/ory/kratos/commit/bfe032e2b6bfd8b9415d466011bdd7e36efa4146)) +- Document APi flows in self-service overview + ([71ed0bd](https://github.com/ory/kratos/commit/71ed0bd2027d61c2e5cebf6b031fe66469bdf97e)) +- Document how to check for login sessions + ([9ad73b8](https://github.com/ory/kratos/commit/9ad73b8dab06c6796933448cb93ae4e55d9f2c51)) +- Explain high-level API and browser flows + ([fe3ee0a](https://github.com/ory/kratos/commit/fe3ee0a0c8681a99dc6b61b90cff547c6a7fc6d2)) +- Fix logout url ([#593](https://github.com/ory/kratos/issues/593)) + ([f0971d4](https://github.com/ory/kratos/commit/f0971d44a911caed8a6071358fa6b7ebc0fcf145)) +- Fix sidebar missing comment + ([d90123a](https://github.com/ory/kratos/commit/d90123ae31edbae6a39a1f039cc9362f9acdfdcb)) +- Fix typo + ([c2f94da](https://github.com/ory/kratos/commit/c2f94daa4143a70c13426ccd5366ec891182e4d0)) +- Fix typo on index page ([#656](https://github.com/ory/kratos/issues/656)) + ([907add5](https://github.com/ory/kratos/commit/907add5edb526adb4de57d35da16929ac08041e1)) +- Fix url of admin-api /recovery/link + ([#650](https://github.com/ory/kratos/issues/650)) + ([e68c7cb](https://github.com/ory/kratos/commit/e68c7cbdc2191565570d0ee6812318ac9ad3421d)) +- Fixed link + ([c2aebbd](https://github.com/ory/kratos/commit/c2aebbd898f38388d849954938d56212c88d280f)) +- Fixed link ([#629](https://github.com/ory/kratos/issues/629)) + ([ad1276f](https://github.com/ory/kratos/commit/ad1276f2b2cf3cbbecba4dee1d6d433999286946)) +- Fixed typos/readability ([#620](https://github.com/ory/kratos/issues/620)) + ([7fd3ce0](https://github.com/ory/kratos/commit/7fd3ce0d8c52346ba3504ce5777321937baf8d1e)): + + Fixed a few typos, and moved some sentences around to improve readability. + +- Fixed typos/readability ([#621](https://github.com/ory/kratos/issues/621)) + ([c4fc75f](https://github.com/ory/kratos/commit/c4fc75f7dca59fa8f31d068f57179f49bf798b6a)) +- Import mermaid ([#696](https://github.com/ory/kratos/issues/696)) + ([6f75004](https://github.com/ory/kratos/commit/6f750047d41add6bd2d30adb1c654181c9636d2d)) +- Improve charts and examples in self-service overview + ([312c91d](https://github.com/ory/kratos/commit/312c91de3ae3c086f836ec3928735d787ad40dde)) +- Improve documentation and add tests + ([3dde956](https://github.com/ory/kratos/commit/3dde956e09d1f3f6411046b12f8684d8760f9b91)) +- Improve long messages and render cli documentation + ([e5fc02f](https://github.com/ory/kratos/commit/e5fc02ff22836e074a1dfca043d4b4b8ad64c747)) +- Make assumptions neutral in concepts overview + ([e89d980](https://github.com/ory/kratos/commit/e89d98099bd3fc5c8361f9015e44668494211152)) +- Move development section + ([2e6f643](https://github.com/ory/kratos/commit/2e6f6430f88105efd5618482043809c6d643216b)) +- Move hooks + ([c02b588](https://github.com/ory/kratos/commit/c02b58867ee2c0a386b2b741375ec8cd76122461)) +- Move to json sidebar + ([504af3b](https://github.com/ory/kratos/commit/504af3b89d728eb11bf42f4a2037c78b3b7cb788)) +- Password login and registration methods for API clients + ([5a44356](https://github.com/ory/kratos/commit/5a4435643ae3463df85458f22f87730c11af10ab)) +- Prettify all files ([#743](https://github.com/ory/kratos/issues/743)) + ([d9d1bfd](https://github.com/ory/kratos/commit/d9d1bfdff70ad835629a2dba00579925fcb3094d)) +- Quickstart next steps ([#676](https://github.com/ory/kratos/issues/676)) + ([ee9dd0d](https://github.com/ory/kratos/commit/ee9dd0d58a4146a0e131f6a7b74943bb39d26c0b)): + + Added a section outlining some easy config changes, that users can apply to + the quickstart to test out different scenarios and configurations. + +- Refactor login and registration documentation + ([c660a04](https://github.com/ory/kratos/commit/c660a04ed6a70aefca18896662331fcc5d1919cf)) +- Refactor settings and recovery documentation + ([11ca9f7](https://github.com/ory/kratos/commit/11ca9f7d1b858dcda3a96e1e1d2607ba64f7fbbe)) +- Refactor verification docs + ([70f2789](https://github.com/ory/kratos/commit/70f2789363773fccc4bd8691597ff588ac6892c6)) +- Regenerate clidocs with up-to-date binary + ([e53289c](https://github.com/ory/kratos/commit/e53289c8e9f34a02ec66ec7ee03e2269a4a13c42)) +- Remove `make tools` task + ([ec6e664](https://github.com/ory/kratos/commit/ec6e6641234191d4eb39e1ad17bc7fcc03c2a0b5)), + closes [#711](https://github.com/ory/kratos/issues/711) + [#750](https://github.com/ory/kratos/issues/750): + + This task does not exist any more and the dependency building is much smarter + now. + +- Remove contraction ([#747](https://github.com/ory/kratos/issues/747)) + ([cd4f21d](https://github.com/ory/kratos/commit/cd4f21dbfa2b3824468146677f542fbab2417c42)) +- Remove duplicate word + ([b84e659](https://github.com/ory/kratos/commit/b84e659af29aa1b129f33ccf5ca9e0d54353c019)) +- Remove duplicate word ([#700](https://github.com/ory/kratos/issues/700)) + ([a12100e](https://github.com/ory/kratos/commit/a12100e7644b535c4bd3073e03c48229bb81e7b2)) +- Remove react native guide for now + ([daa5f2e](https://github.com/ory/kratos/commit/daa5f2e3de3fe8380a91f594e034afcadc6e6ba5)) +- Rename self service and add admin section + ([639c424](https://github.com/ory/kratos/commit/639c424d3bde0557f7edd7edc489a476f1aa60b3)) +- Replace ampersand ([#749](https://github.com/ory/kratos/issues/749)) + ([8337b80](https://github.com/ory/kratos/commit/8337b80a13e8cf0cb2848241c93bb151420ac6a4)) +- Resolve regression issues + ([0470fd7](https://github.com/ory/kratos/commit/0470fd734fb30170033e10758d99cf5711c80eb1)) +- Resolve typo in message IDs + ([562cfc4](https://github.com/ory/kratos/commit/562cfc4392ba1c9c1fb8854ea0ac85bd44d0fac9)) +- Resolve typo in message IDs ([#607](https://github.com/ory/kratos/issues/607)) + ([f7688f0](https://github.com/ory/kratos/commit/f7688f0ab07b579a375ce4cc25361b360e82dd88)) +- Update cli docs + ([085efca](https://github.com/ory/kratos/commit/085efcae895b3aa3c76c819dca0f080ea79d57cd)) +- Update link to mfa issue + ([d03a706](https://github.com/ory/kratos/commit/d03a706307be21b83d18601223fb0d1430459a29)) +- Update links + ([a06fd88](https://github.com/ory/kratos/commit/a06fd88b0dcb747808ffea450bf1ac74dd941769)) +- Update MFA link to issue ([#690](https://github.com/ory/kratos/issues/690)) + ([7a744ad](https://github.com/ory/kratos/commit/7a744ad7b62540dd5789aee8532c1f97ddcab32d)): + + MFA issue was pushed to a later milestone. Update the documentation to point + to the issue instead of the milestone. + +- Update repository templates + ([f422485](https://github.com/ory/kratos/commit/f4224852ceeb054405251b21895efa493e1abc9c)) +- Update repository templates ([#678](https://github.com/ory/kratos/issues/678)) + ([bdb6875](https://github.com/ory/kratos/commit/bdb6875e55aed454cda061969e1dd4f712e09bb5)) +- Update sidebar + ([ea15c20](https://github.com/ory/kratos/commit/ea15c2093fc66e4cfc0a66aabf7dfad6965777dc)) +- Update ts examples + ([65cb46e](https://github.com/ory/kratos/commit/65cb46e57595b920bd6544f9a9a4f7b886462be0)) +- Use correct id for multi-domain-cookies + ([b49288a](https://github.com/ory/kratos/commit/b49288a351647c91a3c7d4a62537146d4a9f1bd0)) +- Use correct path in 0.4 docs + ([9fcaac4](https://github.com/ory/kratos/commit/9fcaac4048e05500d0456eb3cd9cd11cc123e370)), + closes [#588](https://github.com/ory/kratos/issues/588) +- Use NYT Capitalization for all Swagger headlines + ([#675](https://github.com/ory/kratos/issues/675)) + ([6c96429](https://github.com/ory/kratos/commit/6c9642959dab8cf042ad227711609d5726328394)), + closes [#664](https://github.com/ory/kratos/issues/664) ### Features -* Add ability to configure session cookie domain/path ([faeb332](https://github.com/ory/kratos/commit/faeb3328dab343c6ef3974065ba0c5c590a8817e)), closes [#516](https://github.com/ory/kratos/issues/516) -* Add and improve settings testhelpers ([10a43fc](https://github.com/ory/kratos/commit/10a43fc518bd5c764712b549e6d35bf7159d757a)) -* Add bearer helper ([ec6ca20](https://github.com/ory/kratos/commit/ec6ca20279d839dc10e7e3bc80e0442a630e586b)) -* Add config version schema ([#608](https://github.com/ory/kratos/issues/608)) ([d218662](https://github.com/ory/kratos/commit/d218662388ef4fb7ea3bfee7b29c5cc8d34f1c8c)), closes [#590](https://github.com/ory/kratos/issues/590) -* Add discord oidc provider ([#767](https://github.com/ory/kratos/issues/767)) ([487296d](https://github.com/ory/kratos/commit/487296dd39d2e59d61b63f00f3d61fea9b8aed8c)) -* Add enum to form field type ([96028d8](https://github.com/ory/kratos/commit/96028d8c80414cdcea177150ba6e986d0ecb29c6)) -* Add flow type to login ([ce9133b](https://github.com/ory/kratos/commit/ce9133b0ff6d03738a5d27cf9c6a213496d75772)) -* Add HTTP request flow validator ([1a6e847](https://github.com/ory/kratos/commit/1a6e84774b65ee7be9294baaaff77192cec8f0f2)) -* Add new prometheus metrics endpoint [#672](https://github.com/ory/kratos/issues/672) ([#673](https://github.com/ory/kratos/issues/673)) ([0f5c436](https://github.com/ory/kratos/commit/0f5c436ce6e4aa78ca52ae63e58812e6703a1ab7)): - - Adds endpoint `/metrics` for prometheus metrics collection to the Admin API Endpoint. - -* Add nocache helpers ([54dcc4d](https://github.com/ory/kratos/commit/54dcc4da2ff22bdb17e53dd6eac1c0bd54a20390)) -* Add pagination tests ([e3aa81b](https://github.com/ory/kratos/commit/e3aa81b7da55108f43ea6e16c817c97e2f8a1d50)) -* Add session token security definition ([d36c26f](https://github.com/ory/kratos/commit/d36c26f2edd66ddbd8338de4901957a9b9b7342e)): - - Adds the new Session Token as a Swagger security definition to allow setting the session token as a Bearer token when calling `/sessions/whoami`. - -* Add stub errors to errorx ([5d452bb](https://github.com/ory/kratos/commit/5d452bb582e6a9e3b893424ec135d0cbdf875659)), closes [#610](https://github.com/ory/kratos/issues/610) -* Add test helper for fetching settings requests ([3646383](https://github.com/ory/kratos/commit/36463838d81d8b108aa9ded8c1ec6bc8f48f2267)) -* Add tests and helpers to test recovery/verifiable addresses ([#579](https://github.com/ory/kratos/issues/579)) ([29979e6](https://github.com/ory/kratos/commit/29979e6c4934b71c7fb158cfa5b85e97be3ea8fc)), closes [#576](https://github.com/ory/kratos/issues/576) -* Add tests to cover auth ([c9d3a15](https://github.com/ory/kratos/commit/c9d3a1525cc74976d16b483e0ab5c48909b84022)) -* Add texts for settings ([795548c](https://github.com/ory/kratos/commit/795548c25507c34c7fc37ce1c1a8ecc076c34ef4)) -* Add the already declared (and settable) tracer as a middleware ([#614](https://github.com/ory/kratos/issues/614)) ([e24fffe](https://github.com/ory/kratos/commit/e24fffe3f13c353e3c07214c1e056a849533a9f6)) -* Add token to session ([08c8c78](https://github.com/ory/kratos/commit/08c8c7837dbf799e6ba01d1820812c9e792d7850)) -* Add type to all flows in SQL ([5515776](https://github.com/ory/kratos/commit/551577659f6a416ff6ef032c35af224b517df413)) -* Allow import/validation of arrays ([d11ac32](https://github.com/ory/kratos/commit/d11ac32db6ddc0dce73067ffe7d4d0a734a3f991)) -* Bump cli and migration render tasks ([6dcb42a](https://github.com/ory/kratos/commit/6dcb42a487476371a545b72f7ee7e820b815bbee)) -* Finalize tests for registration flow refactor ([8e52c3a](https://github.com/ory/kratos/commit/8e52c3a99bd39b3429ff476340b5df49e0a85707)) -* Finish off client cli ([36d60c7](https://github.com/ory/kratos/commit/36d60c7e7bc38d83726b4b4a3061ba6353dd1978)) -* Implement administrative account recovery ([f5f9c43](https://github.com/ory/kratos/commit/f5f9c43e10dd3a9547e87776164d2d4a171f35ce)) -* Implement API flow for recovery link method ([d65bf66](https://github.com/ory/kratos/commit/d65bf66781bdd2fae73e75c0ba39287b1575c45a)) -* Implement API-based tests for password method settings flows ([60664aa](https://github.com/ory/kratos/commit/60664aaf05dbd6b228f420688d0171e5789246be)) -* Implement max-age for session cookie ([2e642ff](https://github.com/ory/kratos/commit/2e642ff13c59a7e23babe9209c1a114ef0163bad)), closes [#326](https://github.com/ory/kratos/issues/326) -* Implement tests and anti-csrf for API settings flows ([8b8b6e5](https://github.com/ory/kratos/commit/8b8b6e5367e05f49950b851ea6834a9f18e896e7)) -* Implement tests for new migrations ([e08ece9](https://github.com/ory/kratos/commit/e08ece9bb1c8c52580c15cf9152b4203821a0a0e)) -* Improve test readability for password method ([a896d9b](https://github.com/ory/kratos/commit/a896d9b55596d2925941a6b6a91b8a6e4ef2caa1)) -* Log successful hook execution ([f6026cf](https://github.com/ory/kratos/commit/f6026cfb0418767d99d18cd50529c2b71b21d775)) -* Log successful hook execution ([1e7d044](https://github.com/ory/kratos/commit/1e7d044603b204632d2ec73c2e54db896992300b)) -* Make login error handle JSON aware ([88f581f](https://github.com/ory/kratos/commit/88f581ff40a183cb96b5fb6d1ba398c58a9792d1)) -* Make password settings method API-able ([0cf6027](https://github.com/ory/kratos/commit/0cf60274f87f098d5eb57531f5071cd407b65f4d)) -* Make public cors configurable ([863a0d4](https://github.com/ory/kratos/commit/863a0d4f4696b05209b16f2e0c3daa9e8f4c1945)), closes [#712](https://github.com/ory/kratos/issues/712) -* Oidc provider claims config option ([#753](https://github.com/ory/kratos/issues/753)) ([bf94a40](https://github.com/ory/kratos/commit/bf94a40acd52128303c0b878ddb92d56abc4ceaf)), closes [#735](https://github.com/ory/kratos/issues/735) -* Reply with cache-control: 0 for browser-facing APIs ([1a45b53](https://github.com/ory/kratos/commit/1a45b5341e0ab4580208bfb6a505859d1e5d2faf)), closes [#360](https://github.com/ory/kratos/issues/360) -* Schemas are now static assets ([1776d58](https://github.com/ory/kratos/commit/1776d58278c42094b2c703e269a5901a96617051)) -* Support and document api flow in session issuer hook ([91f3cc7](https://github.com/ory/kratos/commit/91f3cc7a559b1ea1279216f8dc81abd8e6f73776)) -* Support application/json in registration ([3476b97](https://github.com/ory/kratos/commit/3476b978fdaee90358cc5505e20a0526f812a460)), closes [#44](https://github.com/ory/kratos/issues/44) -* Support custom session token header ([56bec76](https://github.com/ory/kratos/commit/56bec760fd1b94428ba296395a11358664d9e830)): - - The `/sessions/whoami` endpoint now accepts the ORY Kratos Session Token in the `X-Session-Token` HTTP header. - -* Support GitLab OIDC Provider ([#519](https://github.com/ory/kratos/issues/519)) ([8580d96](https://github.com/ory/kratos/commit/8580d96b7e345cc85a646f2945c3931f831afebf)), closes [#518](https://github.com/ory/kratos/issues/518) -* Support json payloads for login and password ([354e8b2](https://github.com/ory/kratos/commit/354e8b2cd63ee8feb1fd8a4ed8b033490155d90c)) -* Support JSON payloads in password login flow ([dd32c23](https://github.com/ory/kratos/commit/dd32c23121da42e7eb3294fc8cb940fb7982723b)) -* Support session token bearer auth and lifecycle ([c12600a](https://github.com/ory/kratos/commit/c12600a7243b541a91631169ec09d618a45c72dc)): - - This patch adds support for issuing, validating, and revoking session tokens. Session tokens carry a reference to a session, and are equal to session cookies but can be used on environments which do not support cookies (e.g. React Native) by sending them in the Bearer Authorization. - -* Update migration tests ([fb28173](https://github.com/ory/kratos/commit/fb28173afa46ee828a3090981f394043c075f1ec)) -* Use uri-reference for ui_url etc. to allow relative urls ([#617](https://github.com/ory/kratos/issues/617)) ([2dba450](https://github.com/ory/kratos/commit/2dba4503266436a615f4c1c18e07aa36ec713498)) -* Write request -> flow rename migrations ([d7189a9](https://github.com/ory/kratos/commit/d7189a99c9d3e0ce33b4cc9846e6b2530ddfe5ec)) +- Add ability to configure session cookie domain/path + ([faeb332](https://github.com/ory/kratos/commit/faeb3328dab343c6ef3974065ba0c5c590a8817e)), + closes [#516](https://github.com/ory/kratos/issues/516) +- Add and improve settings testhelpers + ([10a43fc](https://github.com/ory/kratos/commit/10a43fc518bd5c764712b549e6d35bf7159d757a)) +- Add bearer helper + ([ec6ca20](https://github.com/ory/kratos/commit/ec6ca20279d839dc10e7e3bc80e0442a630e586b)) +- Add config version schema ([#608](https://github.com/ory/kratos/issues/608)) + ([d218662](https://github.com/ory/kratos/commit/d218662388ef4fb7ea3bfee7b29c5cc8d34f1c8c)), + closes [#590](https://github.com/ory/kratos/issues/590) +- Add discord oidc provider ([#767](https://github.com/ory/kratos/issues/767)) + ([487296d](https://github.com/ory/kratos/commit/487296dd39d2e59d61b63f00f3d61fea9b8aed8c)) +- Add enum to form field type + ([96028d8](https://github.com/ory/kratos/commit/96028d8c80414cdcea177150ba6e986d0ecb29c6)) +- Add flow type to login + ([ce9133b](https://github.com/ory/kratos/commit/ce9133b0ff6d03738a5d27cf9c6a213496d75772)) +- Add HTTP request flow validator + ([1a6e847](https://github.com/ory/kratos/commit/1a6e84774b65ee7be9294baaaff77192cec8f0f2)) +- Add new prometheus metrics endpoint + [#672](https://github.com/ory/kratos/issues/672) + ([#673](https://github.com/ory/kratos/issues/673)) + ([0f5c436](https://github.com/ory/kratos/commit/0f5c436ce6e4aa78ca52ae63e58812e6703a1ab7)): + + Adds endpoint `/metrics` for prometheus metrics collection to the Admin API + Endpoint. + +- Add nocache helpers + ([54dcc4d](https://github.com/ory/kratos/commit/54dcc4da2ff22bdb17e53dd6eac1c0bd54a20390)) +- Add pagination tests + ([e3aa81b](https://github.com/ory/kratos/commit/e3aa81b7da55108f43ea6e16c817c97e2f8a1d50)) +- Add session token security definition + ([d36c26f](https://github.com/ory/kratos/commit/d36c26f2edd66ddbd8338de4901957a9b9b7342e)): + + Adds the new Session Token as a Swagger security definition to allow setting + the session token as a Bearer token when calling `/sessions/whoami`. + +- Add stub errors to errorx + ([5d452bb](https://github.com/ory/kratos/commit/5d452bb582e6a9e3b893424ec135d0cbdf875659)), + closes [#610](https://github.com/ory/kratos/issues/610) +- Add test helper for fetching settings requests + ([3646383](https://github.com/ory/kratos/commit/36463838d81d8b108aa9ded8c1ec6bc8f48f2267)) +- Add tests and helpers to test recovery/verifiable addresses + ([#579](https://github.com/ory/kratos/issues/579)) + ([29979e6](https://github.com/ory/kratos/commit/29979e6c4934b71c7fb158cfa5b85e97be3ea8fc)), + closes [#576](https://github.com/ory/kratos/issues/576) +- Add tests to cover auth + ([c9d3a15](https://github.com/ory/kratos/commit/c9d3a1525cc74976d16b483e0ab5c48909b84022)) +- Add texts for settings + ([795548c](https://github.com/ory/kratos/commit/795548c25507c34c7fc37ce1c1a8ecc076c34ef4)) +- Add the already declared (and settable) tracer as a middleware + ([#614](https://github.com/ory/kratos/issues/614)) + ([e24fffe](https://github.com/ory/kratos/commit/e24fffe3f13c353e3c07214c1e056a849533a9f6)) +- Add token to session + ([08c8c78](https://github.com/ory/kratos/commit/08c8c7837dbf799e6ba01d1820812c9e792d7850)) +- Add type to all flows in SQL + ([5515776](https://github.com/ory/kratos/commit/551577659f6a416ff6ef032c35af224b517df413)) +- Allow import/validation of arrays + ([d11ac32](https://github.com/ory/kratos/commit/d11ac32db6ddc0dce73067ffe7d4d0a734a3f991)) +- Bump cli and migration render tasks + ([6dcb42a](https://github.com/ory/kratos/commit/6dcb42a487476371a545b72f7ee7e820b815bbee)) +- Finalize tests for registration flow refactor + ([8e52c3a](https://github.com/ory/kratos/commit/8e52c3a99bd39b3429ff476340b5df49e0a85707)) +- Finish off client cli + ([36d60c7](https://github.com/ory/kratos/commit/36d60c7e7bc38d83726b4b4a3061ba6353dd1978)) +- Implement administrative account recovery + ([f5f9c43](https://github.com/ory/kratos/commit/f5f9c43e10dd3a9547e87776164d2d4a171f35ce)) +- Implement API flow for recovery link method + ([d65bf66](https://github.com/ory/kratos/commit/d65bf66781bdd2fae73e75c0ba39287b1575c45a)) +- Implement API-based tests for password method settings flows + ([60664aa](https://github.com/ory/kratos/commit/60664aaf05dbd6b228f420688d0171e5789246be)) +- Implement max-age for session cookie + ([2e642ff](https://github.com/ory/kratos/commit/2e642ff13c59a7e23babe9209c1a114ef0163bad)), + closes [#326](https://github.com/ory/kratos/issues/326) +- Implement tests and anti-csrf for API settings flows + ([8b8b6e5](https://github.com/ory/kratos/commit/8b8b6e5367e05f49950b851ea6834a9f18e896e7)) +- Implement tests for new migrations + ([e08ece9](https://github.com/ory/kratos/commit/e08ece9bb1c8c52580c15cf9152b4203821a0a0e)) +- Improve test readability for password method + ([a896d9b](https://github.com/ory/kratos/commit/a896d9b55596d2925941a6b6a91b8a6e4ef2caa1)) +- Log successful hook execution + ([f6026cf](https://github.com/ory/kratos/commit/f6026cfb0418767d99d18cd50529c2b71b21d775)) +- Log successful hook execution + ([1e7d044](https://github.com/ory/kratos/commit/1e7d044603b204632d2ec73c2e54db896992300b)) +- Make login error handle JSON aware + ([88f581f](https://github.com/ory/kratos/commit/88f581ff40a183cb96b5fb6d1ba398c58a9792d1)) +- Make password settings method API-able + ([0cf6027](https://github.com/ory/kratos/commit/0cf60274f87f098d5eb57531f5071cd407b65f4d)) +- Make public cors configurable + ([863a0d4](https://github.com/ory/kratos/commit/863a0d4f4696b05209b16f2e0c3daa9e8f4c1945)), + closes [#712](https://github.com/ory/kratos/issues/712) +- Oidc provider claims config option + ([#753](https://github.com/ory/kratos/issues/753)) + ([bf94a40](https://github.com/ory/kratos/commit/bf94a40acd52128303c0b878ddb92d56abc4ceaf)), + closes [#735](https://github.com/ory/kratos/issues/735) +- Reply with cache-control: 0 for browser-facing APIs + ([1a45b53](https://github.com/ory/kratos/commit/1a45b5341e0ab4580208bfb6a505859d1e5d2faf)), + closes [#360](https://github.com/ory/kratos/issues/360) +- Schemas are now static assets + ([1776d58](https://github.com/ory/kratos/commit/1776d58278c42094b2c703e269a5901a96617051)) +- Support and document api flow in session issuer hook + ([91f3cc7](https://github.com/ory/kratos/commit/91f3cc7a559b1ea1279216f8dc81abd8e6f73776)) +- Support application/json in registration + ([3476b97](https://github.com/ory/kratos/commit/3476b978fdaee90358cc5505e20a0526f812a460)), + closes [#44](https://github.com/ory/kratos/issues/44) +- Support custom session token header + ([56bec76](https://github.com/ory/kratos/commit/56bec760fd1b94428ba296395a11358664d9e830)): + + The `/sessions/whoami` endpoint now accepts the ORY Kratos Session Token in + the `X-Session-Token` HTTP header. + +- Support GitLab OIDC Provider + ([#519](https://github.com/ory/kratos/issues/519)) + ([8580d96](https://github.com/ory/kratos/commit/8580d96b7e345cc85a646f2945c3931f831afebf)), + closes [#518](https://github.com/ory/kratos/issues/518) +- Support json payloads for login and password + ([354e8b2](https://github.com/ory/kratos/commit/354e8b2cd63ee8feb1fd8a4ed8b033490155d90c)) +- Support JSON payloads in password login flow + ([dd32c23](https://github.com/ory/kratos/commit/dd32c23121da42e7eb3294fc8cb940fb7982723b)) +- Support session token bearer auth and lifecycle + ([c12600a](https://github.com/ory/kratos/commit/c12600a7243b541a91631169ec09d618a45c72dc)): + + This patch adds support for issuing, validating, and revoking session tokens. + Session tokens carry a reference to a session, and are equal to session + cookies but can be used on environments which do not support cookies (e.g. + React Native) by sending them in the Bearer Authorization. + +- Update migration tests + ([fb28173](https://github.com/ory/kratos/commit/fb28173afa46ee828a3090981f394043c075f1ec)) +- Use uri-reference for ui_url etc. to allow relative urls + ([#617](https://github.com/ory/kratos/issues/617)) + ([2dba450](https://github.com/ory/kratos/commit/2dba4503266436a615f4c1c18e07aa36ec713498)) +- Write request -> flow rename migrations + ([d7189a9](https://github.com/ory/kratos/commit/d7189a99c9d3e0ce33b4cc9846e6b2530ddfe5ec)) ### Tests -* Add handler update tests ([aea1fb8](https://github.com/ory/kratos/commit/aea1fb807a16acd8406b94a72c3b39be8c3e1280)), closes [#325](https://github.com/ory/kratos/issues/325) -* Add init browser flow tests ([f477ece](https://github.com/ory/kratos/commit/f477ecebc73741b638cd62ef8aa2adb8b7adb8f2)) -* Add test for no-cache on public router ([b8aa63b](https://github.com/ory/kratos/commit/b8aa63b7ebd269a87578e8a5c6b2df27e18f9efa)) -* Add test for registration request ([79ed63c](https://github.com/ory/kratos/commit/79ed63cb4536499712796dab52999bcb73fe8466)) -* Add tests for registration flows ([4772f71](https://github.com/ory/kratos/commit/4772f710f66d1ee36b52eca120d617a354f72413)) -* Complete test suite for API-based auth ([fb9d62f](https://github.com/ory/kratos/commit/fb9d62f658165aa80bd117e1f827bbcc7c635150)) -* Implement API login password tests ([8bfd5f2](https://github.com/ory/kratos/commit/8bfd5f294ff03280bcf01c5066acefe767eabc73)) -* Implement API registration password tests ([db178b7](https://github.com/ory/kratos/commit/db178b73b097820c8dcd8760eec041a6fd0740aa)) -* Replace e2e-memory with unit test ([52bd839](https://github.com/ory/kratos/commit/52bd839ea9fe8de1aac4663b9dc0a88ae18a5765)), closes [#580](https://github.com/ory/kratos/issues/580) -* Resolve broken decoder tests ([07add1b](https://github.com/ory/kratos/commit/07add1b3e4f46e4aff52174ce43d6970f60cf3ee)) -* Use correct hook in test ([421320c](https://github.com/ory/kratos/commit/421320ca4ad5b346c6dfb6ef0a9d14d7cf23fded)) +- Add handler update tests + ([aea1fb8](https://github.com/ory/kratos/commit/aea1fb807a16acd8406b94a72c3b39be8c3e1280)), + closes [#325](https://github.com/ory/kratos/issues/325) +- Add init browser flow tests + ([f477ece](https://github.com/ory/kratos/commit/f477ecebc73741b638cd62ef8aa2adb8b7adb8f2)) +- Add test for no-cache on public router + ([b8aa63b](https://github.com/ory/kratos/commit/b8aa63b7ebd269a87578e8a5c6b2df27e18f9efa)) +- Add test for registration request + ([79ed63c](https://github.com/ory/kratos/commit/79ed63cb4536499712796dab52999bcb73fe8466)) +- Add tests for registration flows + ([4772f71](https://github.com/ory/kratos/commit/4772f710f66d1ee36b52eca120d617a354f72413)) +- Complete test suite for API-based auth + ([fb9d62f](https://github.com/ory/kratos/commit/fb9d62f658165aa80bd117e1f827bbcc7c635150)) +- Implement API login password tests + ([8bfd5f2](https://github.com/ory/kratos/commit/8bfd5f294ff03280bcf01c5066acefe767eabc73)) +- Implement API registration password tests + ([db178b7](https://github.com/ory/kratos/commit/db178b73b097820c8dcd8760eec041a6fd0740aa)) +- Replace e2e-memory with unit test + ([52bd839](https://github.com/ory/kratos/commit/52bd839ea9fe8de1aac4663b9dc0a88ae18a5765)), + closes [#580](https://github.com/ory/kratos/issues/580) +- Resolve broken decoder tests + ([07add1b](https://github.com/ory/kratos/commit/07add1b3e4f46e4aff52174ce43d6970f60cf3ee)) +- Use correct hook in test + ([421320c](https://github.com/ory/kratos/commit/421320ca4ad5b346c6dfb6ef0a9d14d7cf23fded)) ### Unclassified -* u ([e207a6a](https://github.com/ory/kratos/commit/e207a6adb98f639413accce383633d7e74ca4db9)) -* As part of this change, fetching a settings flow over the public API no longer requires Anti-CSRF cookies to be sent. ([31d560e](https://github.com/ory/kratos/commit/31d560e47d55b087519355081cbca20b2a49da4e)), closes [#635](https://github.com/ory/kratos/issues/635) -* Create labels.json ([68b1f6f](https://github.com/ory/kratos/commit/68b1f6f5a35c66cc71f74f1473796fa16a852366)) -* Add codedoc to identifier hint block ([6fe840f](https://github.com/ory/kratos/commit/6fe840f9c7a27ed97593e01936913e2239fd9446)) -* Format ([e61a51d](https://github.com/ory/kratos/commit/e61a51dd6e2d5e003165a0b7906a9c86ebbc87d9)) -* Format ([1e5b738](https://github.com/ory/kratos/commit/1e5b738f0765ec110c3ee70d7fc90fad0d1c89ac)) -* Format code ([c3b5ff5](https://github.com/ory/kratos/commit/c3b5ff5d3bc3a1e72f48498fbed60bae9f159617)) - +- u + ([e207a6a](https://github.com/ory/kratos/commit/e207a6adb98f639413accce383633d7e74ca4db9)) +- As part of this change, fetching a settings flow over the public API no longer + requires Anti-CSRF cookies to be sent. + ([31d560e](https://github.com/ory/kratos/commit/31d560e47d55b087519355081cbca20b2a49da4e)), + closes [#635](https://github.com/ory/kratos/issues/635) +- Create labels.json + ([68b1f6f](https://github.com/ory/kratos/commit/68b1f6f5a35c66cc71f74f1473796fa16a852366)) +- Add codedoc to identifier hint block + ([6fe840f](https://github.com/ory/kratos/commit/6fe840f9c7a27ed97593e01936913e2239fd9446)) +- Format + ([e61a51d](https://github.com/ory/kratos/commit/e61a51dd6e2d5e003165a0b7906a9c86ebbc87d9)) +- Format + ([1e5b738](https://github.com/ory/kratos/commit/1e5b738f0765ec110c3ee70d7fc90fad0d1c89ac)) +- Format code + ([c3b5ff5](https://github.com/ory/kratos/commit/c3b5ff5d3bc3a1e72f48498fbed60bae9f159617)) # [0.4.6-alpha.1](https://github.com/ory/kratos/compare/v0.4.5-alpha.1...v0.4.6-alpha.1) (2020-07-13) Resolves build and install issues and includes a few bugfixes. - - - - ### Bug Fixes -* Use proper binary name in dockerfile ([d36bbb0](https://github.com/ory/kratos/commit/d36bbb0875177ccd68747f4a17e59c981a7a6464)) +- Use proper binary name in dockerfile + ([d36bbb0](https://github.com/ory/kratos/commit/d36bbb0875177ccd68747f4a17e59c981a7a6464)) ### Code Generation -* Pin v0.4.6-alpha.1 release commit ([ad90e77](https://github.com/ory/kratos/commit/ad90e772cf59a33b213bc0fb782959a1685d9741)): - - Bumps from v0.4.4-alpha.1 - +- Pin v0.4.6-alpha.1 release commit + ([ad90e77](https://github.com/ory/kratos/commit/ad90e772cf59a33b213bc0fb782959a1685d9741)): + Bumps from v0.4.4-alpha.1 # [0.4.5-alpha.1](https://github.com/ory/kratos/compare/v0.4.4-alpha.1...v0.4.5-alpha.1) (2020-07-13) Resolves build and install issues and includes a few bugfixes. - - - - ### Bug Fixes -* Ensure default_browser_return_url for flows is configured in after ([#570](https://github.com/ory/kratos/issues/570)) ([cf9753c](https://github.com/ory/kratos/commit/cf9753c690c67e6401be52d2c1ce69f168aae6e8)), closes [#569](https://github.com/ory/kratos/issues/569) -* Require selfservice.default_browser_return_url to be set in config ([#571](https://github.com/ory/kratos/issues/571)) ([af2af7d](https://github.com/ory/kratos/commit/af2af7d35ba8b10dcd6d7636b044b0f7761a719d)) +- Ensure default_browser_return_url for flows is configured in after + ([#570](https://github.com/ory/kratos/issues/570)) + ([cf9753c](https://github.com/ory/kratos/commit/cf9753c690c67e6401be52d2c1ce69f168aae6e8)), + closes [#569](https://github.com/ory/kratos/issues/569) +- Require selfservice.default_browser_return_url to be set in config + ([#571](https://github.com/ory/kratos/issues/571)) + ([af2af7d](https://github.com/ory/kratos/commit/af2af7d35ba8b10dcd6d7636b044b0f7761a719d)) ### Code Generation -* Pin v0.4.5-alpha.1 release commit ([3ea7fd3](https://github.com/ory/kratos/commit/3ea7fd3e7fd2c0b4aef638aa30e2b5b05c1bad26)): - - Bumps from v0.4.4-alpha.1 - +- Pin v0.4.5-alpha.1 release commit + ([3ea7fd3](https://github.com/ory/kratos/commit/3ea7fd3e7fd2c0b4aef638aa30e2b5b05c1bad26)): + Bumps from v0.4.4-alpha.1 # [0.4.4-alpha.1](https://github.com/ory/kratos/compare/v0.4.3-alpha.1...v0.4.4-alpha.1) (2020-07-10) -The purpose of this release is to resolve issues with install scripts, homebrew, and scoop. - - - - +The purpose of this release is to resolve issues with install scripts, homebrew, +and scoop. ### Bug Fixes -* Detection of SQLite memory mode ([#564](https://github.com/ory/kratos/issues/564)) ([605cd57](https://github.com/ory/kratos/commit/605cd579895f3b765d398074cfdb37fa3eae0c4e)) -* Improve goreleaser config ([0f8a0d8](https://github.com/ory/kratos/commit/0f8a0d8afa6489383800d3eff1b7b1da01fbef08)) +- Detection of SQLite memory mode + ([#564](https://github.com/ory/kratos/issues/564)) + ([605cd57](https://github.com/ory/kratos/commit/605cd579895f3b765d398074cfdb37fa3eae0c4e)) +- Improve goreleaser config + ([0f8a0d8](https://github.com/ory/kratos/commit/0f8a0d8afa6489383800d3eff1b7b1da01fbef08)) ### Code Generation -* Pin v0.4.4-alpha.1 release commit ([154d543](https://github.com/ory/kratos/commit/154d543eef29ab67be8637a96d8d06620974094f)) +- Pin v0.4.4-alpha.1 release commit + ([154d543](https://github.com/ory/kratos/commit/154d543eef29ab67be8637a96d8d06620974094f)) ### Documentation -* Add description for subkeys of serve ([#562](https://github.com/ory/kratos/issues/562)) ([deae005](https://github.com/ory/kratos/commit/deae005a259747872f678d355b49cca21904e565)) -* Add section about password expiry ([19c2414](https://github.com/ory/kratos/commit/19c2414c3defe79fe6e80e50dd0e85026ecd60e6)) -* Specify the use of secrets ([#565](https://github.com/ory/kratos/issues/565)) ([7680450](https://github.com/ory/kratos/commit/7680450cfa44049759b27ec09d5bebc236b19a29)) -* Update upgrade guide ([a40b1ec](https://github.com/ory/kratos/commit/a40b1ec18e7801f2862aad4e37becb7ce8f99c37)) - +- Add description for subkeys of serve + ([#562](https://github.com/ory/kratos/issues/562)) + ([deae005](https://github.com/ory/kratos/commit/deae005a259747872f678d355b49cca21904e565)) +- Add section about password expiry + ([19c2414](https://github.com/ory/kratos/commit/19c2414c3defe79fe6e80e50dd0e85026ecd60e6)) +- Specify the use of secrets ([#565](https://github.com/ory/kratos/issues/565)) + ([7680450](https://github.com/ory/kratos/commit/7680450cfa44049759b27ec09d5bebc236b19a29)) +- Update upgrade guide + ([a40b1ec](https://github.com/ory/kratos/commit/a40b1ec18e7801f2862aad4e37becb7ce8f99c37)) # [0.4.3-alpha.1](https://github.com/ory/kratos/compare/v0.4.2-alpha.1...v0.4.3-alpha.1) (2020-07-08) -We are very happy to announce the 0.4 release of ORY Kratos with 163 commits and 817 changed files with 52,681 additions and 9,876 deletions. +We are very happy to announce the 0.4 release of ORY Kratos with 163 commits and +817 changed files with 52,681 additions and 9,876 deletions. There have been many improvements and bugfixes merged. The biggest changes are: 1. Account recovery ("reset password") has been implemented. -2. Documentation has been improved with easier to understand examples - currently only for account recovery so let us know what you think! -3. The configuration has been simplified a lot. It is now much easier to enable account recovery and email verification. This is a breaking change - please read the breaking changes section with care! -4. The Identity Traits JSON Schema has been renamed to the Identity JSON Schema. This is a breaking change - please read the breaking changes section with care! -5. `prompt=login` has been renamed to `refresh=true`. This is a breaking change - please read the breaking changes section with care! -6. We have reworked how (error) messages are returned. They now include an ID and all the parameters required for translating and customizing UI messages. This is a breaking change - please read the breaking changes section with care! -7. Instead of keeping track of `update_successful` with booleans, flows (e.g. the settings flow) that have more than one state now include a state machine. This is a breaking change - please read the breaking changes section with care! +2. Documentation has been improved with easier to understand examples - + currently only for account recovery so let us know what you think! +3. The configuration has been simplified a lot. It is now much easier to enable + account recovery and email verification. This is a breaking change - please + read the breaking changes section with care! +4. The Identity Traits JSON Schema has been renamed to the Identity JSON Schema. + This is a breaking change - please read the breaking changes section with + care! +5. `prompt=login` has been renamed to `refresh=true`. This is a breaking + change - please read the breaking changes section with care! +6. We have reworked how (error) messages are returned. They now include an ID + and all the parameters required for translating and customizing UI messages. + This is a breaking change - please read the breaking changes section with + care! +7. Instead of keeping track of `update_successful` with booleans, flows (e.g. + the settings flow) that have more than one state now include a state machine. + This is a breaking change - please read the breaking changes section with + care! 8. Tons of tests have been added. -9. We have reworked and fully tested the migration pipeline to prevent breaking schema changes in future versions. -10. ORY Kratos now supports login with Azure AD and the Microsoft Identity Platform. - -Before upgrading, please make a backup of your database and read the section "Breaking Changes" with care! - - - +9. We have reworked and fully tested the migration pipeline to prevent breaking + schema changes in future versions. +10. ORY Kratos now supports login with Azure AD and the Microsoft Identity + Platform. +Before upgrading, please make a backup of your database and read the section +"Breaking Changes" with care! ### Bug Fixes -* Resolve goreleaser build issues ([223571b](https://github.com/ory/kratos/commit/223571bca15f507067d20bedb104923331f88e59)) -* Update install.sh script ([883d99b](https://github.com/ory/kratos/commit/883d99ba42de084018a32eaa094b5ae1a8ad4fc2)) +- Resolve goreleaser build issues + ([223571b](https://github.com/ory/kratos/commit/223571bca15f507067d20bedb104923331f88e59)) +- Update install.sh script + ([883d99b](https://github.com/ory/kratos/commit/883d99ba42de084018a32eaa094b5ae1a8ad4fc2)) ### Code Generation -* Pin v0.4.3-alpha.1 release commit ([a3a34b1](https://github.com/ory/kratos/commit/a3a34b1e43b2d010ed85e098cd7cea31127df311)): - - Bumps from v0.4.0-alpha.1 - +- Pin v0.4.3-alpha.1 release commit + ([a3a34b1](https://github.com/ory/kratos/commit/a3a34b1e43b2d010ed85e098cd7cea31127df311)): + Bumps from v0.4.0-alpha.1 # [0.4.2-alpha.1](https://github.com/ory/kratos/compare/v0.4.0-alpha.1...v0.4.2-alpha.1) (2020-07-08) -We are very happy to announce the 0.4 release of ORY Kratos with 153 commits and 760 changed files with 36,223 additions and 9,754 deletions. +We are very happy to announce the 0.4 release of ORY Kratos with 153 commits and +760 changed files with 36,223 additions and 9,754 deletions. There have been many improvements and bugfixes merged. The biggest changes are: 1. Account recovery ("reset password") has been implemented. -2. Documentation has been improved with easier to understand examples - currently only for account recovery so let us know what you think! -3. The configuration has been simplified a lot. It is now much easier to enable account recovery and email verification. This is a breaking change - please read the breaking changes section with care! -4. The Identity Traits JSON Schema has been renamed to the Identity JSON Schema. This is a breaking change - please read the breaking changes section with care! -5. `prompt=login` has been renamed to `refresh=true`. This is a breaking change - please read the breaking changes section with care! -6. We have reworked how (error) messages are returned. They now include an ID and all the parameters required for translating and customizing UI messages. This is a breaking change - please read the breaking changes section with care! -7. Instead of keeping track of `update_successful` with booleans, flows (e.g. the settings flow) that have more than one state now include a state machine. This is a breaking change - please read the breaking changes section with care! +2. Documentation has been improved with easier to understand examples - + currently only for account recovery so let us know what you think! +3. The configuration has been simplified a lot. It is now much easier to enable + account recovery and email verification. This is a breaking change - please + read the breaking changes section with care! +4. The Identity Traits JSON Schema has been renamed to the Identity JSON Schema. + This is a breaking change - please read the breaking changes section with + care! +5. `prompt=login` has been renamed to `refresh=true`. This is a breaking + change - please read the breaking changes section with care! +6. We have reworked how (error) messages are returned. They now include an ID + and all the parameters required for translating and customizing UI messages. + This is a breaking change - please read the breaking changes section with + care! +7. Instead of keeping track of `update_successful` with booleans, flows (e.g. + the settings flow) that have more than one state now include a state machine. + This is a breaking change - please read the breaking changes section with + care! 8. Tons of tests have been added. -9. We have reworked and fully tested the migration pipeline to prevent breaking schema changes in future versions. -10. ORY Kratos now supports login with Azure AD and the Microsoft Identity Platform. - -Before upgrading, please make a backup of your database and read the section "Breaking Changes" with care! - - - +9. We have reworked and fully tested the migration pipeline to prevent breaking + schema changes in future versions. +10. ORY Kratos now supports login with Azure AD and the Microsoft Identity + Platform. +Before upgrading, please make a backup of your database and read the section +"Breaking Changes" with care! ### Bug Fixes -* Ignore pkged generated files ([1d385e4](https://github.com/ory/kratos/commit/1d385e4d1a004405099242c3003006d1713a24c6)) +- Ignore pkged generated files + ([1d385e4](https://github.com/ory/kratos/commit/1d385e4d1a004405099242c3003006d1713a24c6)) ### Code Generation -* Pin v0.4.2-alpha.1 release commit ([20024cb](https://github.com/ory/kratos/commit/20024cbbb44b4f556004ef752a7f37e70a070e6a)): - - Bumps from v0.4.0-alpha.1 - +- Pin v0.4.2-alpha.1 release commit + ([20024cb](https://github.com/ory/kratos/commit/20024cbbb44b4f556004ef752a7f37e70a070e6a)): + Bumps from v0.4.0-alpha.1 # [0.4.0-alpha.1](https://github.com/ory/kratos/compare/v0.3.0-alpha.1...v0.4.0-alpha.1) (2020-07-08) -We are very happy to announce the 0.4 release of ORY Kratos with 153 commits and 760 changed files with 36,223 additions and 9,754 deletions. +We are very happy to announce the 0.4 release of ORY Kratos with 153 commits and +760 changed files with 36,223 additions and 9,754 deletions. There have been many improvements and bugfixes merged. The biggest changes are: 1. Account recovery ("reset password") has been implemented. -2. Documentation has been improved with easier to understand examples - currently only for account recovery so let us know what you think! -3. The configuration has been simplified a lot. It is now much easier to enable account recovery and email verification. This is a breaking change - please read the breaking changes section with care! -4. The Identity Traits JSON Schema has been renamed to the Identity JSON Schema. This is a breaking change - please read the breaking changes section with care! -5. `prompt=login` has been renamed to `refresh=true`. This is a breaking change - please read the breaking changes section with care! -6. We have reworked how (error) messages are returned. They now include an ID and all the parameters required for translating and customizing UI messages. This is a breaking change - please read the breaking changes section with care! -7. Instead of keeping track of `update_successful` with booleans, flows (e.g. the settings flow) that have more than one state now include a state machine. This is a breaking change - please read the breaking changes section with care! +2. Documentation has been improved with easier to understand examples - + currently only for account recovery so let us know what you think! +3. The configuration has been simplified a lot. It is now much easier to enable + account recovery and email verification. This is a breaking change - please + read the breaking changes section with care! +4. The Identity Traits JSON Schema has been renamed to the Identity JSON Schema. + This is a breaking change - please read the breaking changes section with + care! +5. `prompt=login` has been renamed to `refresh=true`. This is a breaking + change - please read the breaking changes section with care! +6. We have reworked how (error) messages are returned. They now include an ID + and all the parameters required for translating and customizing UI messages. + This is a breaking change - please read the breaking changes section with + care! +7. Instead of keeping track of `update_successful` with booleans, flows (e.g. + the settings flow) that have more than one state now include a state machine. + This is a breaking change - please read the breaking changes section with + care! 8. Tons of tests have been added. -9. We have reworked and fully tested the migration pipeline to prevent breaking schema changes in future versions. -10. ORY Kratos now supports login with Azure AD and the Microsoft Identity Platform. - -Before upgrading, please make a backup of your database and read the section "Breaking Changes" with care! This release requires running SQL migrations when upgrading! - +9. We have reworked and fully tested the migration pipeline to prevent breaking + schema changes in future versions. +10. ORY Kratos now supports login with Azure AD and the Microsoft Identity + Platform. +Before upgrading, please make a backup of your database and read the section +"Breaking Changes" with care! This release requires running SQL migrations when +upgrading! ## Breaking Changes @@ -4167,8 +6927,8 @@ The identity payload has changed from } ``` -Additionally, it is now expected that your Identity JSON Schema includes a "traits" key at the -root level. +Additionally, it is now expected that your Identity JSON Schema includes a +"traits" key at the root level. **Before (example)** @@ -4262,15 +7022,18 @@ You also need to remove the `traits` key from your ORY Kratos config like this: + url: http://test.kratos.ory.sh/other-identity.schema.json ``` -Do not forget to also update environment variables for the Identity JSON Schema as well if set. +Do not forget to also update environment variables for the Identity JSON Schema +as well if set. -To address these refactorings, the configuration had to be changed and with breaking changes -as keys have moved or have been removed. +To address these refactorings, the configuration had to be changed and with +breaking changes as keys have moved or have been removed. -Hook configuration has also changed. It is no longer required to include hooks such as `verification` to get -verification working. Instead, verification is enabled globally (`selfservice.flows.verification.enabled`). -Also, the `redirect` hook has been removed as it lead to confusion because there are already default redirect -URLs configurable. You will find more information in the details below. +Hook configuration has also changed. It is no longer required to include hooks +such as `verification` to get verification working. Instead, verification is +enabled globally (`selfservice.flows.verification.enabled`). Also, the +`redirect` hook has been removed as it lead to confusion because there are +already default redirect URLs configurable. You will find more information in +the details below. **Session Management** @@ -4304,8 +7067,9 @@ URLs configurable. You will find more information in the details below. **URLs** -The Base URL configuration has moved to `serve.public` and `serve.admin`. They are also no longer required and fall -back to defaults based on the machine's hostname, port configuration, and other settings: +The Base URL configuration has moved to `serve.public` and `serve.admin`. They +are also no longer required and fall back to defaults based on the machine's +hostname, port configuration, and other settings: ```diff -urls: @@ -4343,7 +7107,8 @@ The UI URLs have moved from `urls` to their respective self-service flows: + ui_url: http://127.0.0.1:4455/error ``` -The default redirect URL as well as whitelisted redirect URLs have also changed their location: +The default redirect URL as well as whitelisted redirect URLs have also changed +their location: ```diff -urls: @@ -4499,9 +7264,10 @@ On top of this change, a few keys under `settings` have changed as well: + verification: ``` -Instead of configuring verification with hooks and other components, it can now be enabled -in a central place. If enabled, a SMTP server must be configured in the `courier` section. -You are still required to mark a field as verifiable in your Identity JSON Schema. +Instead of configuring verification with hooks and other components, it can now +be enabled in a central place. If enabled, a SMTP server must be configured in +the `courier` section. You are still required to mark a field as verifiable in +your Identity JSON Schema. ```diff selfservice: @@ -4515,183 +7281,361 @@ You are still required to mark a field as verifiable in your Identity JSON Schem + default_browser_return_url: https://self-service/verification/return_to ``` -Replaces the `update_successful` field of the settings request -with a field called `state` which can be either `show_form` or `success`. - -Flows, request methods, form fields have had a key errors to show e.g. validation errors such as ("not an email address", "incorrect username/password", and so on. The `errors` key is now called `messages`. Each message now has a `type` which can be `error` or `info`, an `id` which can be used to translate messages, a `text` (which was previously errors[*].message). This affects all login, request, settings, and recovery flows and methods. +Replaces the `update_successful` field of the settings request with a field +called `state` which can be either `show_form` or `success`. -To refresh a login session it is now required to append `refresh=true` instead of `prompt=login` as the second has implications for revoking an existing issue and might be confusing when used in combination with OpenID Connect. - -* Applying this patch requires running SQL Migrations. -* The field `identity.addresses` has moved to `identity.verifiable_addresses`. -* Configuration key `selfservice.verification.link_lifespan` -has been merged with `selfservice.verification.request_lifespan`. +Flows, request methods, form fields have had a key errors to show e.g. +validation errors such as ("not an email address", "incorrect +username/password", and so on. The `errors` key is now called `messages`. Each +message now has a `type` which can be `error` or `info`, an `id` which can be +used to translate messages, a `text` (which was previously errors[*].message). +This affects all login, request, settings, and recovery flows and methods. +To refresh a login session it is now required to append `refresh=true` instead +of `prompt=login` as the second has implications for revoking an existing issue +and might be confusing when used in combination with OpenID Connect. +- Applying this patch requires running SQL Migrations. +- The field `identity.addresses` has moved to `identity.verifiable_addresses`. +- Configuration key `selfservice.verification.link_lifespan` has been merged + with `selfservice.verification.request_lifespan`. ### Bug Fixes -* Account recovery can't use recovery token ([#526](https://github.com/ory/kratos/issues/526)) ([379f24e](https://github.com/ory/kratos/commit/379f24e96e50a3e5c71b53a11195bdd84a8dc957)), closes [#525](https://github.com/ory/kratos/issues/525) -* Add and document recovery to quickstart ([c229c54](https://github.com/ory/kratos/commit/c229c54603bdc3efb863fd76b64096ae599d1aac)) -* Add pkger to docker builds ([d3ef5a0](https://github.com/ory/kratos/commit/d3ef5a0fe90f430999d0d94cb2f55acc8d628212)) -* Allow linking oidc credentials without existing oidc connection ([#548](https://github.com/ory/kratos/issues/548)) ([39c1234](https://github.com/ory/kratos/commit/39c1234f8ff3f6c7b0923053c8a317677d6cb667)), closes [#532](https://github.com/ory/kratos/issues/532) -* Bump pop version ([#558](https://github.com/ory/kratos/issues/558)) ([9e46cea](https://github.com/ory/kratos/commit/9e46ceabec8d5c1995321b62cbba9ac3900de446)), closes [#556](https://github.com/ory/kratos/issues/556) -* Clear error messages after updating settings successfully ([#421](https://github.com/ory/kratos/issues/421)) ([7eec388](https://github.com/ory/kratos/commit/7eec38829449237cffe345d8bec67578764559be)), closes [#420](https://github.com/ory/kratos/issues/420) -* Do not send debug on session/whoami ([16d3670](https://github.com/ory/kratos/commit/16d3670070bf46170c4540203e8380ad81bfb4c3)), closes [#483](https://github.com/ory/kratos/issues/483) -* Document login refresh parameter in swagger ([#482](https://github.com/ory/kratos/issues/482)) ([6b94993](https://github.com/ory/kratos/commit/6b949936725a6100a31851a5d879c877c2c76cbf)) -* Embedded video link properly ([#514](https://github.com/ory/kratos/issues/514)) ([962bbc6](https://github.com/ory/kratos/commit/962bbc6e4af0797c190418b812f6298372dabdde)) -* Embedded video link properly ([#515](https://github.com/ory/kratos/issues/515)) ([821ca93](https://github.com/ory/kratos/commit/821ca93838a360551378e336e9ce10cfe13369ec)) -* Enable recovery for quickstart ([0ccc651](https://github.com/ory/kratos/commit/0ccc651f809b1e39dd6c41b88f1a10c67451eae2)) -* Improve grammar of similar password error ([#471](https://github.com/ory/kratos/issues/471)) ([39873bf](https://github.com/ory/kratos/commit/39873bfad89a654fe12e101b54e9b0c2f95714ec)) -* Improvements to Dockerfiles ([#552](https://github.com/ory/kratos/issues/552)) ([6023877](https://github.com/ory/kratos/commit/6023877184efeadd6ec27a050a6969b6d0dd6caa)): - - - expose ory home as volume to simplify passing in own config file - - declare Kratos default ports in Dockerfile - -* Initialize verification request with correct state ([3264ecf](https://github.com/ory/kratos/commit/3264ecfbb8f7b34d9dbb22237df8d9f591ac09f3)), closes [#543](https://github.com/ory/kratos/issues/543) -* Re-add all databases to persister ([#527](https://github.com/ory/kratos/issues/527)) ([b04d178](https://github.com/ory/kratos/commit/b04d17815b5a28b5fe73a6a94ce1d907a63115e1)) -* Re-add redirect targets for quickstart ([3c48ad2](https://github.com/ory/kratos/commit/3c48ad26961560d6e10a627a64052e316d9ffdc7)) -* Reduce docker bloat by ignoring docs and others ([ecc555b](https://github.com/ory/kratos/commit/ecc555b5ad0fa888a8d5ba39cc09094fd251e655)) -* Resolve broken redirect in verify flow ([a9ca8fd](https://github.com/ory/kratos/commit/a9ca8fd793347ed8e4404a4bd29e330a3f1ef684)), closes [#436](https://github.com/ory/kratos/issues/436) -* Respect multiple secrets and fix used flag ([#526](https://github.com/ory/kratos/issues/526)) ([b16c2b8](https://github.com/ory/kratos/commit/b16c2b80edfc78afca0c72fa8da7d73b51b3075a)), closes [#525](https://github.com/ory/kratos/issues/525) -* Respect self-service enabled flag ([#470](https://github.com/ory/kratos/issues/470)) ([b198faf](https://github.com/ory/kratos/commit/b198fafce9d96fbb644300243e6a757242fbbd06)), closes [#417](https://github.com/ory/kratos/issues/417): - - Respects the `enabled` flag for self-service strategies. - - Also a new testhelper function was needed, to defer route registration - (because whether strategies are enabled or not is determined only once: - at route registration) - -* Typo accent -> account ([984d978](https://github.com/ory/kratos/commit/984d978cf44763d916a9329742d046e00f21577b)) -* Use correct brew replacements ([fd269b1](https://github.com/ory/kratos/commit/fd269b1afa784becac7ee79cd7a6f9d2bbe39121)), closes [#423](https://github.com/ory/kratos/issues/423) -* Write migration tests ([#499](https://github.com/ory/kratos/issues/499)) ([d32413a](https://github.com/ory/kratos/commit/d32413a1fcd0ce1a82d2529f18b5d4334a490a2a)), closes [#481](https://github.com/ory/kratos/issues/481) +- Account recovery can't use recovery token + ([#526](https://github.com/ory/kratos/issues/526)) + ([379f24e](https://github.com/ory/kratos/commit/379f24e96e50a3e5c71b53a11195bdd84a8dc957)), + closes [#525](https://github.com/ory/kratos/issues/525) +- Add and document recovery to quickstart + ([c229c54](https://github.com/ory/kratos/commit/c229c54603bdc3efb863fd76b64096ae599d1aac)) +- Add pkger to docker builds + ([d3ef5a0](https://github.com/ory/kratos/commit/d3ef5a0fe90f430999d0d94cb2f55acc8d628212)) +- Allow linking oidc credentials without existing oidc connection + ([#548](https://github.com/ory/kratos/issues/548)) + ([39c1234](https://github.com/ory/kratos/commit/39c1234f8ff3f6c7b0923053c8a317677d6cb667)), + closes [#532](https://github.com/ory/kratos/issues/532) +- Bump pop version ([#558](https://github.com/ory/kratos/issues/558)) + ([9e46cea](https://github.com/ory/kratos/commit/9e46ceabec8d5c1995321b62cbba9ac3900de446)), + closes [#556](https://github.com/ory/kratos/issues/556) +- Clear error messages after updating settings successfully + ([#421](https://github.com/ory/kratos/issues/421)) + ([7eec388](https://github.com/ory/kratos/commit/7eec38829449237cffe345d8bec67578764559be)), + closes [#420](https://github.com/ory/kratos/issues/420) +- Do not send debug on session/whoami + ([16d3670](https://github.com/ory/kratos/commit/16d3670070bf46170c4540203e8380ad81bfb4c3)), + closes [#483](https://github.com/ory/kratos/issues/483) +- Document login refresh parameter in swagger + ([#482](https://github.com/ory/kratos/issues/482)) + ([6b94993](https://github.com/ory/kratos/commit/6b949936725a6100a31851a5d879c877c2c76cbf)) +- Embedded video link properly + ([#514](https://github.com/ory/kratos/issues/514)) + ([962bbc6](https://github.com/ory/kratos/commit/962bbc6e4af0797c190418b812f6298372dabdde)) +- Embedded video link properly + ([#515](https://github.com/ory/kratos/issues/515)) + ([821ca93](https://github.com/ory/kratos/commit/821ca93838a360551378e336e9ce10cfe13369ec)) +- Enable recovery for quickstart + ([0ccc651](https://github.com/ory/kratos/commit/0ccc651f809b1e39dd6c41b88f1a10c67451eae2)) +- Improve grammar of similar password error + ([#471](https://github.com/ory/kratos/issues/471)) + ([39873bf](https://github.com/ory/kratos/commit/39873bfad89a654fe12e101b54e9b0c2f95714ec)) +- Improvements to Dockerfiles ([#552](https://github.com/ory/kratos/issues/552)) + ([6023877](https://github.com/ory/kratos/commit/6023877184efeadd6ec27a050a6969b6d0dd6caa)): + + - expose ory home as volume to simplify passing in own config file + - declare Kratos default ports in Dockerfile + +- Initialize verification request with correct state + ([3264ecf](https://github.com/ory/kratos/commit/3264ecfbb8f7b34d9dbb22237df8d9f591ac09f3)), + closes [#543](https://github.com/ory/kratos/issues/543) +- Re-add all databases to persister + ([#527](https://github.com/ory/kratos/issues/527)) + ([b04d178](https://github.com/ory/kratos/commit/b04d17815b5a28b5fe73a6a94ce1d907a63115e1)) +- Re-add redirect targets for quickstart + ([3c48ad2](https://github.com/ory/kratos/commit/3c48ad26961560d6e10a627a64052e316d9ffdc7)) +- Reduce docker bloat by ignoring docs and others + ([ecc555b](https://github.com/ory/kratos/commit/ecc555b5ad0fa888a8d5ba39cc09094fd251e655)) +- Resolve broken redirect in verify flow + ([a9ca8fd](https://github.com/ory/kratos/commit/a9ca8fd793347ed8e4404a4bd29e330a3f1ef684)), + closes [#436](https://github.com/ory/kratos/issues/436) +- Respect multiple secrets and fix used flag + ([#526](https://github.com/ory/kratos/issues/526)) + ([b16c2b8](https://github.com/ory/kratos/commit/b16c2b80edfc78afca0c72fa8da7d73b51b3075a)), + closes [#525](https://github.com/ory/kratos/issues/525) +- Respect self-service enabled flag + ([#470](https://github.com/ory/kratos/issues/470)) + ([b198faf](https://github.com/ory/kratos/commit/b198fafce9d96fbb644300243e6a757242fbbd06)), + closes [#417](https://github.com/ory/kratos/issues/417): + + Respects the `enabled` flag for self-service strategies. + + Also a new testhelper function was needed, to defer route registration + (because whether strategies are enabled or not is determined only once: at + route registration) + +- Typo accent -> account + ([984d978](https://github.com/ory/kratos/commit/984d978cf44763d916a9329742d046e00f21577b)) +- Use correct brew replacements + ([fd269b1](https://github.com/ory/kratos/commit/fd269b1afa784becac7ee79cd7a6f9d2bbe39121)), + closes [#423](https://github.com/ory/kratos/issues/423) +- Write migration tests ([#499](https://github.com/ory/kratos/issues/499)) + ([d32413a](https://github.com/ory/kratos/commit/d32413a1fcd0ce1a82d2529f18b5d4334a490a2a)), + closes [#481](https://github.com/ory/kratos/issues/481) ### Code Generation -* Pin v0.4.0-alpha.1 release commit ([e8690c4](https://github.com/ory/kratos/commit/e8690c4037ba5d80aa2459625be553c5bc2d2152)) +- Pin v0.4.0-alpha.1 release commit + ([e8690c4](https://github.com/ory/kratos/commit/e8690c4037ba5d80aa2459625be553c5bc2d2152)) ### Code Refactoring -* Improve and simplify configuration ([#536](https://github.com/ory/kratos/issues/536)) ([8e7f9f5](https://github.com/ory/kratos/commit/8e7f9f5ec3ac6f5675584974e8d189247b539634)), closes [#432](https://github.com/ory/kratos/issues/432) -* Move schema packing to pkger ([173f9d2](https://github.com/ory/kratos/commit/173f9d2b09d597376490b5d4588f7c0a4f525857)) -* Move verify fallback to verification ([1ce6469](https://github.com/ory/kratos/commit/1ce64695ec61c3a31e00875069d2847be502744b)) -* Rename identity traits schema to identity schema ([#557](https://github.com/ory/kratos/issues/557)) ([949e743](https://github.com/ory/kratos/commit/949e743ef9ddbc6e711f0174593f59f4fa3a1171)), closes [#531](https://github.com/ory/kratos/issues/531) -* Rename prompt=login to refresh=true ([#478](https://github.com/ory/kratos/issues/478)) ([c04346e](https://github.com/ory/kratos/commit/c04346e0f01aa7ce5627c0b7135032b225e7faf9)), closes [#477](https://github.com/ory/kratos/issues/477) -* Replace settings update_successful with state ([#488](https://github.com/ory/kratos/issues/488)) ([ca3b3f4](https://github.com/ory/kratos/commit/ca3b3f4dbdcd75ceb13c9a1b2c8dc991aba7c7e4)), closes [#449](https://github.com/ory/kratos/issues/449) -* Text errors to text messages ([#476](https://github.com/ory/kratos/issues/476)) ([8106951](https://github.com/ory/kratos/commit/81069514e5ef1d851f76d44bb45d6a896d4985a6)), closes [#428](https://github.com/ory/kratos/issues/428): - - This patch implements a better way to deal with text messages by giving them a unique ID, a context, and a default message. - +- Improve and simplify configuration + ([#536](https://github.com/ory/kratos/issues/536)) + ([8e7f9f5](https://github.com/ory/kratos/commit/8e7f9f5ec3ac6f5675584974e8d189247b539634)), + closes [#432](https://github.com/ory/kratos/issues/432) +- Move schema packing to pkger + ([173f9d2](https://github.com/ory/kratos/commit/173f9d2b09d597376490b5d4588f7c0a4f525857)) +- Move verify fallback to verification + ([1ce6469](https://github.com/ory/kratos/commit/1ce64695ec61c3a31e00875069d2847be502744b)) +- Rename identity traits schema to identity schema + ([#557](https://github.com/ory/kratos/issues/557)) + ([949e743](https://github.com/ory/kratos/commit/949e743ef9ddbc6e711f0174593f59f4fa3a1171)), + closes [#531](https://github.com/ory/kratos/issues/531) +- Rename prompt=login to refresh=true + ([#478](https://github.com/ory/kratos/issues/478)) + ([c04346e](https://github.com/ory/kratos/commit/c04346e0f01aa7ce5627c0b7135032b225e7faf9)), + closes [#477](https://github.com/ory/kratos/issues/477) +- Replace settings update_successful with state + ([#488](https://github.com/ory/kratos/issues/488)) + ([ca3b3f4](https://github.com/ory/kratos/commit/ca3b3f4dbdcd75ceb13c9a1b2c8dc991aba7c7e4)), + closes [#449](https://github.com/ory/kratos/issues/449) +- Text errors to text messages + ([#476](https://github.com/ory/kratos/issues/476)) + ([8106951](https://github.com/ory/kratos/commit/81069514e5ef1d851f76d44bb45d6a896d4985a6)), + closes [#428](https://github.com/ory/kratos/issues/428): + + This patch implements a better way to deal with text messages by giving them a + unique ID, a context, and a default message. ### Documentation -* Add azure to next docs ([e1dd3fa](https://github.com/ory/kratos/commit/e1dd3fad30a07be6f105201a8478642e9792df46)) -* Add fixme note for viper workaround ([7e3eef6](https://github.com/ory/kratos/commit/7e3eef6d36dcbb1a06ce0a20e2de0874a7dc5d38)): - - See https://github.com/ory/x/issues/169 - -* Add guide for setting up account recovery ([bbf3762](https://github.com/ory/kratos/commit/bbf37620d5b47fd18cb754c8ed43856652ee33c0)) -* Add guide for setting up email verification ([1435cbc](https://github.com/ory/kratos/commit/1435cbcea5d45c9cde1a0eb7e5ebb66ce65c4b82)) -* Add guide for SSO via Google ([#424](https://github.com/ory/kratos/issues/424)) ([5c45b16](https://github.com/ory/kratos/commit/5c45b1653791cc3ab5d4e4694da98da7543e816d)) -* Add new guides to sidebar ([24c5cbc](https://github.com/ory/kratos/commit/24c5cbc129ad185ec02883c3451d7e573409b865)) -* Added video tutorials to guides ([#513](https://github.com/ory/kratos/issues/513)) ([956731d](https://github.com/ory/kratos/commit/956731d562f33f2849197b2e692a4f20b18279f9)) -* Added youtube manual ([#490](https://github.com/ory/kratos/issues/490)) ([ec232f7](https://github.com/ory/kratos/commit/ec232f72d7204b2cdf946874d51f7473a10a76a4)) -* Connecting Kratos to AzureAD ([#433](https://github.com/ory/kratos/issues/433)) ([7660bcd](https://github.com/ory/kratos/commit/7660bcd2ba90d83c4ab0683a2f011e6841b2c810)) -* Correct claims.email in github guide ([#422](https://github.com/ory/kratos/issues/422)) ([052a622](https://github.com/ory/kratos/commit/052a622de79d34e32ccab9c7da12a1275c7be51b)): - - There is no email_primary in claims, and the selfservice strategy is currently using claims.email. - -* Correct claims.email in github guide ([#422](https://github.com/ory/kratos/issues/422)) ([58f7e15](https://github.com/ory/kratos/commit/58f7e15093d2461d4322fe68adb0723ae244bed9)): - - There is no email_primary in claims, and the selfservice strategy is currently using claims.email. - -* Correct link in user-settings ([d13317d](https://github.com/ory/kratos/commit/d13317d9bf71db775067a7c17f4c98cdbf1cc7e5)) -* Correct SDK use in quickstart ([#480](https://github.com/ory/kratos/issues/480)) ([dfdf975](https://github.com/ory/kratos/commit/dfdf9751d9333994a49537d82a15b780ebd8bc76)), closes [#430](https://github.com/ory/kratos/issues/430) -* Correct stray dot ([e820f41](https://github.com/ory/kratos/commit/e820f41e63aff1a85094a9e14dfd968353ae6b1b)) -* Correct user settings render form ([197e246](https://github.com/ory/kratos/commit/197e24603fc67707131e54e52e1bfb52011ca839)) -* Delete old redirect homepage ([b6d9244](https://github.com/ory/kratos/commit/b6d9244b5d683f5baf27e9af5970596261a4fd20)) -* Document new account recovery feature ([2252a86](https://github.com/ory/kratos/commit/2252a8676e573b9ade85814acc40b212dcfd48c1)), closes [#436](https://github.com/ory/kratos/issues/436) -* Document refresh=true for login ([#479](https://github.com/ory/kratos/issues/479)) ([2ab5ead](https://github.com/ory/kratos/commit/2ab5ead77517ab5b750835195ab6673e219da71a)), closes [#464](https://github.com/ory/kratos/issues/464) -* Embedded quickstart video ([#491](https://github.com/ory/kratos/issues/491)) ([ee80346](https://github.com/ory/kratos/commit/ee80346a30ebc2c7b06292e58bd3578e002e242a)) -* Fix broken link ([d20816e](https://github.com/ory/kratos/commit/d20816e5335abb8bcde5c6d68b17eaabae5d01b0)) -* Fix broken link ([aa9d3e6](https://github.com/ory/kratos/commit/aa9d3e6347375170a84ba53b2a9050c9544e7e2a)) -* Fix broken link ([#506](https://github.com/ory/kratos/issues/506)) ([dac8dfd](https://github.com/ory/kratos/commit/dac8dfd970255f8e79e7fc7811f563e6903f6fc9)): - - The rest api is no longer under sdk but under reference. - -* Fix broken link ([#554](https://github.com/ory/kratos/issues/554)) ([e80d691](https://github.com/ory/kratos/commit/e80d691e256326aacfa89b391583e0494d8a6872)) -* Fix code sample comment ([781a76b](https://github.com/ory/kratos/commit/781a76bb6de20767d6150b1fcb5236f4f376edd7)) -* Fix copy paste errors in code docs ([e456a4e](https://github.com/ory/kratos/commit/e456a4e435265eade7026fd899c4bc7d2b28a5c9)) -* Fix iframe syntax ([#520](https://github.com/ory/kratos/issues/520)) ([0cb36ca](https://github.com/ory/kratos/commit/0cb36ca9d8459dc8027358190e6e8aa8764bffe4)) -* Fix typo ([#535](https://github.com/ory/kratos/issues/535)) ([c57d270](https://github.com/ory/kratos/commit/c57d270758a97315c874df3fae867b0031300501)) -* Fix typo in base docs ([#503](https://github.com/ory/kratos/issues/503)) ([6668048](https://github.com/ory/kratos/commit/666804812d707b1d50ea160877bdb3878ddfe6b0)) -* Fix typo in oauth sign in documentation ([#504](https://github.com/ory/kratos/issues/504)) ([886e24d](https://github.com/ory/kratos/commit/886e24d93a5eb233062b8c7d562c8208f7a4f48f)) -* Fix typos ([81903a5](https://github.com/ory/kratos/commit/81903a5137d87588531391623b92afde70abc3ea)) -* Fix typos ([#489](https://github.com/ory/kratos/issues/489)) ([57a7bc8](https://github.com/ory/kratos/commit/57a7bc89961612fea0255202d3dd6a535921ef3c)) -* Fix ui url keys everywhere ([b75debb](https://github.com/ory/kratos/commit/b75debb0ee4f87dd9910b30bd76d8c6ad382fb38)) -* Fix username example by renaming property and removing format ([#508](https://github.com/ory/kratos/issues/508)) ([4573426](https://github.com/ory/kratos/commit/45734260bcead3087aadcaaf3033cc1e89bc1844)) -* Fix wording in settings flow graph ([e2a0084](https://github.com/ory/kratos/commit/e2a00842cb5bd3cfbddd0e5117c7f3f968e9f2df)) -* Fixed broken link ([#452](https://github.com/ory/kratos/issues/452)) ([d1ddbd1](https://github.com/ory/kratos/commit/d1ddbd1ee465a7d3e29815fcfd9c75b5decbb5f9)) -* Fixed broken link ([#455](https://github.com/ory/kratos/issues/455)) ([4f3d179](https://github.com/ory/kratos/commit/4f3d17906f3fa2aea3a0b0505047da6aa54938e4)) -* Fixed broken link ([#456](https://github.com/ory/kratos/issues/456)) ([4b43e99](https://github.com/ory/kratos/commit/4b43e993df62d2bf54fa39624651f081eb75bbb0)) -* Fixed broken link ([#460](https://github.com/ory/kratos/issues/460)) ([7da304c](https://github.com/ory/kratos/commit/7da304caf0de93442f047872cdd30d7fc316218e)) -* Fixed broken link ([#461](https://github.com/ory/kratos/issues/461)) ([c248e4e](https://github.com/ory/kratos/commit/c248e4e2a48a409b53ed02644abfc27e3cebeb11)) -* Fixed broken link ([#462](https://github.com/ory/kratos/issues/462)) ([ceacac3](https://github.com/ory/kratos/commit/ceacac30eda7d94cb24403c1fb988d4dd5fcd21f)) -* Fixed broken links ([#451](https://github.com/ory/kratos/issues/451)) ([193a781](https://github.com/ory/kratos/commit/193a781576031818006d6e2b72418293cf94dda1)): - - Fixed a few broken links, .md in the url was the problem. - -* Fixed broken links ([#453](https://github.com/ory/kratos/issues/453)) ([59d00eb](https://github.com/ory/kratos/commit/59d00ebb87564cc9ff9c5ae12bcd7d25fb0b26c9)) -* Fixed broken links ([#457](https://github.com/ory/kratos/issues/457)) ([00ec00d](https://github.com/ory/kratos/commit/00ec00d09ca5318c75832caff5e7a97d640ac083)) -* Fixed broken links ([#458](https://github.com/ory/kratos/issues/458)) ([f960887](https://github.com/ory/kratos/commit/f9608876e30dbdd7c67ee70dcf5d9a1985b80f0f)) -* Fixed broken links ([#459](https://github.com/ory/kratos/issues/459)) ([2749596](https://github.com/ory/kratos/commit/27495964c7cd34e9bf914b19c83157e484c9cde4)) -* Fixed broken markdown ([#474](https://github.com/ory/kratos/issues/474)) ([22d5be1](https://github.com/ory/kratos/commit/22d5be16f91ed9df206310c6f04d843cd79328ca)) -* Format guides ([407c70f](https://github.com/ory/kratos/commit/407c70f23d815380d98ee9252f263e07c1f0f4a9)) -* Improve grammar and wording ([#448](https://github.com/ory/kratos/issues/448)) ([a19adf3](https://github.com/ory/kratos/commit/a19adf30426ff8df03a3eb725ae0101ebb6c4ab1)) -* Improve grammar, clarify sections, update images ([#419](https://github.com/ory/kratos/issues/419)) ([79019d1](https://github.com/ory/kratos/commit/79019d1246b1517b3297996a207a3d2f517fab01)) -* Make whitelisted_return_to_urls examples an array ([#426](https://github.com/ory/kratos/issues/426)) ([7ed5605](https://github.com/ory/kratos/commit/7ed56057f533f23ca18cab5a2614429554e877e2)), closes [#425](https://github.com/ory/kratos/issues/425) -* Minor fixes ([#467](https://github.com/ory/kratos/issues/467)) ([8d15307](https://github.com/ory/kratos/commit/8d153079ee44f0765993640500bbe746dc0a34aa)) -* Move security questions to own document ([2b77fba](https://github.com/ory/kratos/commit/2b77fba79b724dcd68ff0cd739cd65517aea4325)) -* Properly annotate forms disabled field ([#486](https://github.com/ory/kratos/issues/486)) ([be1acb3](https://github.com/ory/kratos/commit/be1acb3d161412d18599c970364f0c91fa6ebffb)), closes [/github.com/ory/kratos/pull/467#discussion_r434764266](https://github.com//github.com/ory/kratos/pull/467/issues/discussion_r434764266) -* Remove rogue slash and fix closing tag ([#521](https://github.com/ory/kratos/issues/521)) ([3fd1076](https://github.com/ory/kratos/commit/3fd1076929eeecffb7e8aa8e906970774283daeb)) -* Rename redirect page to browser-redirect-flow-completion ([ae77d48](https://github.com/ory/kratos/commit/ae77d48a3435069556382b9403cb1ad45a9d7c07)) -* Replace mailhog references with mailslurper ([#509](https://github.com/ory/kratos/issues/509)) ([d0e5a0f](https://github.com/ory/kratos/commit/d0e5a0fa64e2d46437fb2abd17dc306bdec34a91)) -* Run format ([2b3f299](https://github.com/ory/kratos/commit/2b3f29913be844498a02b9869789c2b2d4aaacf8)) -* Typo correction in credentials.md ([#551](https://github.com/ory/kratos/issues/551)) ([3b7e104](https://github.com/ory/kratos/commit/3b7e104c2bcba52326f89761c9e3da14b4f06d08)) -* Typos and stale links ([29fb466](https://github.com/ory/kratos/commit/29fb466d9881b6574ee697d7e25e45785f07114b)) -* Typos and stale links ([#510](https://github.com/ory/kratos/issues/510)) ([7557ab8](https://github.com/ory/kratos/commit/7557ab85ddf8501935d70e2558682dff2024897b)) -* Update repository templates ([4c89834](https://github.com/ory/kratos/commit/4c89834ce59195c5b59da5bc5b41db7ed03bf1c4)) -* Use central banner repo for README ([d1e8a82](https://github.com/ory/kratos/commit/d1e8a8272cd536b6e12326778258bfbe0b7e8af7)) -* Use shorthand closing tag for Mermaid ([f9f2dbc](https://github.com/ory/kratos/commit/f9f2dbc063f82a852b540013ddff81501f7c1222)) +- Add azure to next docs + ([e1dd3fa](https://github.com/ory/kratos/commit/e1dd3fad30a07be6f105201a8478642e9792df46)) +- Add fixme note for viper workaround + ([7e3eef6](https://github.com/ory/kratos/commit/7e3eef6d36dcbb1a06ce0a20e2de0874a7dc5d38)): + + See https://github.com/ory/x/issues/169 + +- Add guide for setting up account recovery + ([bbf3762](https://github.com/ory/kratos/commit/bbf37620d5b47fd18cb754c8ed43856652ee33c0)) +- Add guide for setting up email verification + ([1435cbc](https://github.com/ory/kratos/commit/1435cbcea5d45c9cde1a0eb7e5ebb66ce65c4b82)) +- Add guide for SSO via Google + ([#424](https://github.com/ory/kratos/issues/424)) + ([5c45b16](https://github.com/ory/kratos/commit/5c45b1653791cc3ab5d4e4694da98da7543e816d)) +- Add new guides to sidebar + ([24c5cbc](https://github.com/ory/kratos/commit/24c5cbc129ad185ec02883c3451d7e573409b865)) +- Added video tutorials to guides + ([#513](https://github.com/ory/kratos/issues/513)) + ([956731d](https://github.com/ory/kratos/commit/956731d562f33f2849197b2e692a4f20b18279f9)) +- Added youtube manual ([#490](https://github.com/ory/kratos/issues/490)) + ([ec232f7](https://github.com/ory/kratos/commit/ec232f72d7204b2cdf946874d51f7473a10a76a4)) +- Connecting Kratos to AzureAD + ([#433](https://github.com/ory/kratos/issues/433)) + ([7660bcd](https://github.com/ory/kratos/commit/7660bcd2ba90d83c4ab0683a2f011e6841b2c810)) +- Correct claims.email in github guide + ([#422](https://github.com/ory/kratos/issues/422)) + ([052a622](https://github.com/ory/kratos/commit/052a622de79d34e32ccab9c7da12a1275c7be51b)): + + There is no email_primary in claims, and the selfservice strategy is currently + using claims.email. + +- Correct claims.email in github guide + ([#422](https://github.com/ory/kratos/issues/422)) + ([58f7e15](https://github.com/ory/kratos/commit/58f7e15093d2461d4322fe68adb0723ae244bed9)): + + There is no email_primary in claims, and the selfservice strategy is currently + using claims.email. + +- Correct link in user-settings + ([d13317d](https://github.com/ory/kratos/commit/d13317d9bf71db775067a7c17f4c98cdbf1cc7e5)) +- Correct SDK use in quickstart + ([#480](https://github.com/ory/kratos/issues/480)) + ([dfdf975](https://github.com/ory/kratos/commit/dfdf9751d9333994a49537d82a15b780ebd8bc76)), + closes [#430](https://github.com/ory/kratos/issues/430) +- Correct stray dot + ([e820f41](https://github.com/ory/kratos/commit/e820f41e63aff1a85094a9e14dfd968353ae6b1b)) +- Correct user settings render form + ([197e246](https://github.com/ory/kratos/commit/197e24603fc67707131e54e52e1bfb52011ca839)) +- Delete old redirect homepage + ([b6d9244](https://github.com/ory/kratos/commit/b6d9244b5d683f5baf27e9af5970596261a4fd20)) +- Document new account recovery feature + ([2252a86](https://github.com/ory/kratos/commit/2252a8676e573b9ade85814acc40b212dcfd48c1)), + closes [#436](https://github.com/ory/kratos/issues/436) +- Document refresh=true for login + ([#479](https://github.com/ory/kratos/issues/479)) + ([2ab5ead](https://github.com/ory/kratos/commit/2ab5ead77517ab5b750835195ab6673e219da71a)), + closes [#464](https://github.com/ory/kratos/issues/464) +- Embedded quickstart video ([#491](https://github.com/ory/kratos/issues/491)) + ([ee80346](https://github.com/ory/kratos/commit/ee80346a30ebc2c7b06292e58bd3578e002e242a)) +- Fix broken link + ([d20816e](https://github.com/ory/kratos/commit/d20816e5335abb8bcde5c6d68b17eaabae5d01b0)) +- Fix broken link + ([aa9d3e6](https://github.com/ory/kratos/commit/aa9d3e6347375170a84ba53b2a9050c9544e7e2a)) +- Fix broken link ([#506](https://github.com/ory/kratos/issues/506)) + ([dac8dfd](https://github.com/ory/kratos/commit/dac8dfd970255f8e79e7fc7811f563e6903f6fc9)): + + The rest api is no longer under sdk but under reference. + +- Fix broken link ([#554](https://github.com/ory/kratos/issues/554)) + ([e80d691](https://github.com/ory/kratos/commit/e80d691e256326aacfa89b391583e0494d8a6872)) +- Fix code sample comment + ([781a76b](https://github.com/ory/kratos/commit/781a76bb6de20767d6150b1fcb5236f4f376edd7)) +- Fix copy paste errors in code docs + ([e456a4e](https://github.com/ory/kratos/commit/e456a4e435265eade7026fd899c4bc7d2b28a5c9)) +- Fix iframe syntax ([#520](https://github.com/ory/kratos/issues/520)) + ([0cb36ca](https://github.com/ory/kratos/commit/0cb36ca9d8459dc8027358190e6e8aa8764bffe4)) +- Fix typo ([#535](https://github.com/ory/kratos/issues/535)) + ([c57d270](https://github.com/ory/kratos/commit/c57d270758a97315c874df3fae867b0031300501)) +- Fix typo in base docs ([#503](https://github.com/ory/kratos/issues/503)) + ([6668048](https://github.com/ory/kratos/commit/666804812d707b1d50ea160877bdb3878ddfe6b0)) +- Fix typo in oauth sign in documentation + ([#504](https://github.com/ory/kratos/issues/504)) + ([886e24d](https://github.com/ory/kratos/commit/886e24d93a5eb233062b8c7d562c8208f7a4f48f)) +- Fix typos + ([81903a5](https://github.com/ory/kratos/commit/81903a5137d87588531391623b92afde70abc3ea)) +- Fix typos ([#489](https://github.com/ory/kratos/issues/489)) + ([57a7bc8](https://github.com/ory/kratos/commit/57a7bc89961612fea0255202d3dd6a535921ef3c)) +- Fix ui url keys everywhere + ([b75debb](https://github.com/ory/kratos/commit/b75debb0ee4f87dd9910b30bd76d8c6ad382fb38)) +- Fix username example by renaming property and removing format + ([#508](https://github.com/ory/kratos/issues/508)) + ([4573426](https://github.com/ory/kratos/commit/45734260bcead3087aadcaaf3033cc1e89bc1844)) +- Fix wording in settings flow graph + ([e2a0084](https://github.com/ory/kratos/commit/e2a00842cb5bd3cfbddd0e5117c7f3f968e9f2df)) +- Fixed broken link ([#452](https://github.com/ory/kratos/issues/452)) + ([d1ddbd1](https://github.com/ory/kratos/commit/d1ddbd1ee465a7d3e29815fcfd9c75b5decbb5f9)) +- Fixed broken link ([#455](https://github.com/ory/kratos/issues/455)) + ([4f3d179](https://github.com/ory/kratos/commit/4f3d17906f3fa2aea3a0b0505047da6aa54938e4)) +- Fixed broken link ([#456](https://github.com/ory/kratos/issues/456)) + ([4b43e99](https://github.com/ory/kratos/commit/4b43e993df62d2bf54fa39624651f081eb75bbb0)) +- Fixed broken link ([#460](https://github.com/ory/kratos/issues/460)) + ([7da304c](https://github.com/ory/kratos/commit/7da304caf0de93442f047872cdd30d7fc316218e)) +- Fixed broken link ([#461](https://github.com/ory/kratos/issues/461)) + ([c248e4e](https://github.com/ory/kratos/commit/c248e4e2a48a409b53ed02644abfc27e3cebeb11)) +- Fixed broken link ([#462](https://github.com/ory/kratos/issues/462)) + ([ceacac3](https://github.com/ory/kratos/commit/ceacac30eda7d94cb24403c1fb988d4dd5fcd21f)) +- Fixed broken links ([#451](https://github.com/ory/kratos/issues/451)) + ([193a781](https://github.com/ory/kratos/commit/193a781576031818006d6e2b72418293cf94dda1)): + + Fixed a few broken links, .md in the url was the problem. + +- Fixed broken links ([#453](https://github.com/ory/kratos/issues/453)) + ([59d00eb](https://github.com/ory/kratos/commit/59d00ebb87564cc9ff9c5ae12bcd7d25fb0b26c9)) +- Fixed broken links ([#457](https://github.com/ory/kratos/issues/457)) + ([00ec00d](https://github.com/ory/kratos/commit/00ec00d09ca5318c75832caff5e7a97d640ac083)) +- Fixed broken links ([#458](https://github.com/ory/kratos/issues/458)) + ([f960887](https://github.com/ory/kratos/commit/f9608876e30dbdd7c67ee70dcf5d9a1985b80f0f)) +- Fixed broken links ([#459](https://github.com/ory/kratos/issues/459)) + ([2749596](https://github.com/ory/kratos/commit/27495964c7cd34e9bf914b19c83157e484c9cde4)) +- Fixed broken markdown ([#474](https://github.com/ory/kratos/issues/474)) + ([22d5be1](https://github.com/ory/kratos/commit/22d5be16f91ed9df206310c6f04d843cd79328ca)) +- Format guides + ([407c70f](https://github.com/ory/kratos/commit/407c70f23d815380d98ee9252f263e07c1f0f4a9)) +- Improve grammar and wording ([#448](https://github.com/ory/kratos/issues/448)) + ([a19adf3](https://github.com/ory/kratos/commit/a19adf30426ff8df03a3eb725ae0101ebb6c4ab1)) +- Improve grammar, clarify sections, update images + ([#419](https://github.com/ory/kratos/issues/419)) + ([79019d1](https://github.com/ory/kratos/commit/79019d1246b1517b3297996a207a3d2f517fab01)) +- Make whitelisted_return_to_urls examples an array + ([#426](https://github.com/ory/kratos/issues/426)) + ([7ed5605](https://github.com/ory/kratos/commit/7ed56057f533f23ca18cab5a2614429554e877e2)), + closes [#425](https://github.com/ory/kratos/issues/425) +- Minor fixes ([#467](https://github.com/ory/kratos/issues/467)) + ([8d15307](https://github.com/ory/kratos/commit/8d153079ee44f0765993640500bbe746dc0a34aa)) +- Move security questions to own document + ([2b77fba](https://github.com/ory/kratos/commit/2b77fba79b724dcd68ff0cd739cd65517aea4325)) +- Properly annotate forms disabled field + ([#486](https://github.com/ory/kratos/issues/486)) + ([be1acb3](https://github.com/ory/kratos/commit/be1acb3d161412d18599c970364f0c91fa6ebffb)), + closes + [/github.com/ory/kratos/pull/467#discussion_r434764266](https://github.com//github.com/ory/kratos/pull/467/issues/discussion_r434764266) +- Remove rogue slash and fix closing tag + ([#521](https://github.com/ory/kratos/issues/521)) + ([3fd1076](https://github.com/ory/kratos/commit/3fd1076929eeecffb7e8aa8e906970774283daeb)) +- Rename redirect page to browser-redirect-flow-completion + ([ae77d48](https://github.com/ory/kratos/commit/ae77d48a3435069556382b9403cb1ad45a9d7c07)) +- Replace mailhog references with mailslurper + ([#509](https://github.com/ory/kratos/issues/509)) + ([d0e5a0f](https://github.com/ory/kratos/commit/d0e5a0fa64e2d46437fb2abd17dc306bdec34a91)) +- Run format + ([2b3f299](https://github.com/ory/kratos/commit/2b3f29913be844498a02b9869789c2b2d4aaacf8)) +- Typo correction in credentials.md + ([#551](https://github.com/ory/kratos/issues/551)) + ([3b7e104](https://github.com/ory/kratos/commit/3b7e104c2bcba52326f89761c9e3da14b4f06d08)) +- Typos and stale links + ([29fb466](https://github.com/ory/kratos/commit/29fb466d9881b6574ee697d7e25e45785f07114b)) +- Typos and stale links ([#510](https://github.com/ory/kratos/issues/510)) + ([7557ab8](https://github.com/ory/kratos/commit/7557ab85ddf8501935d70e2558682dff2024897b)) +- Update repository templates + ([4c89834](https://github.com/ory/kratos/commit/4c89834ce59195c5b59da5bc5b41db7ed03bf1c4)) +- Use central banner repo for README + ([d1e8a82](https://github.com/ory/kratos/commit/d1e8a8272cd536b6e12326778258bfbe0b7e8af7)) +- Use shorthand closing tag for Mermaid + ([f9f2dbc](https://github.com/ory/kratos/commit/f9f2dbc063f82a852b540013ddff81501f7c1222)) ### Features -* Add support for Multitenant Azure AD as an OIDC provider ([#434](https://github.com/ory/kratos/issues/434)) ([a8f1179](https://github.com/ory/kratos/commit/a8f117985217c753cfca52905e43b640e89a6bd1)) -* Add tests for defaults ([a16fc51](https://github.com/ory/kratos/commit/a16fc5121b36353cf2e684190eda976a1ea53a8f)) -* Add User ID to a header when calling whoami ([#530](https://github.com/ory/kratos/issues/530)) ([183b4d0](https://github.com/ory/kratos/commit/183b4d075a9ff50c1f9f53d108a48789e49a5138)) -* Implement account recovery ([#428](https://github.com/ory/kratos/issues/428)) ([e169a3e](https://github.com/ory/kratos/commit/e169a3e4079b1ef3a18564e0723baf81c44c38ec)), closes [#37](https://github.com/ory/kratos/issues/37): - - This patch implements the account recovery with endpoints such as "Init Account Recovery", a new config value `urls.recovery_ui` and so on. A new identity field has been added `identity.recovery_addresses` containing all recovery addresses. - - Additionally, some refactoring was made to DRY code and make naming consistent. As part of dependency upgrades, structured logging has also improved and an audit trail prototype has been added (currently streams to stderr only). - +- Add support for Multitenant Azure AD as an OIDC provider + ([#434](https://github.com/ory/kratos/issues/434)) + ([a8f1179](https://github.com/ory/kratos/commit/a8f117985217c753cfca52905e43b640e89a6bd1)) +- Add tests for defaults + ([a16fc51](https://github.com/ory/kratos/commit/a16fc5121b36353cf2e684190eda976a1ea53a8f)) +- Add User ID to a header when calling whoami + ([#530](https://github.com/ory/kratos/issues/530)) + ([183b4d0](https://github.com/ory/kratos/commit/183b4d075a9ff50c1f9f53d108a48789e49a5138)) +- Implement account recovery ([#428](https://github.com/ory/kratos/issues/428)) + ([e169a3e](https://github.com/ory/kratos/commit/e169a3e4079b1ef3a18564e0723baf81c44c38ec)), + closes [#37](https://github.com/ory/kratos/issues/37): + + This patch implements the account recovery with endpoints such as "Init + Account Recovery", a new config value `urls.recovery_ui` and so on. A new + identity field has been added `identity.recovery_addresses` containing all + recovery addresses. + + Additionally, some refactoring was made to DRY code and make naming + consistent. As part of dependency upgrades, structured logging has also + improved and an audit trail prototype has been added (currently streams to + stderr only). ### Unclassified -* docs:fixed broken link (#454) ([22720c6](https://github.com/ory/kratos/commit/22720c6c5e3d31acc175980223183e2336b3751d)), closes [#454](https://github.com/ory/kratos/issues/454) -* Allow kratos to talk to databases in docker-compose quickstart ([#522](https://github.com/ory/kratos/issues/522)) ([8bf9a1a](https://github.com/ory/kratos/commit/8bf9a1ac4162c677a455c2f02de658bd5d146905)): - - All of the databases must exist on the same docker network to allow the - main kratos applications to communicate with them. +- docs:fixed broken link (#454) + ([22720c6](https://github.com/ory/kratos/commit/22720c6c5e3d31acc175980223183e2336b3751d)), + closes [#454](https://github.com/ory/kratos/issues/454) +- Allow kratos to talk to databases in docker-compose quickstart + ([#522](https://github.com/ory/kratos/issues/522)) + ([8bf9a1a](https://github.com/ory/kratos/commit/8bf9a1ac4162c677a455c2f02de658bd5d146905)): -* Fixed typo ([#472](https://github.com/ory/kratos/issues/472)) ([31263b6](https://github.com/ory/kratos/commit/31263b68ab8d81d264e0fa375a915f8f82d70bb3)) + All of the databases must exist on the same docker network to allow the main + kratos applications to communicate with them. +- Fixed typo ([#472](https://github.com/ory/kratos/issues/472)) + ([31263b6](https://github.com/ory/kratos/commit/31263b68ab8d81d264e0fa375a915f8f82d70bb3)) # [0.3.0-alpha.1](https://github.com/ory/kratos/compare/v0.2.1-alpha.1...v0.3.0-alpha.1) (2020-05-15) -This release finalizes the OpenID Connect and OAuth2 login, registration, and settings strategy with JsonNet data transformation! From now on, "Sign in with Google, Github, ..." is officially supported! It's also possible to link and unlink these connections using the Self-Service Settings Flow! The documentation has been updated to reflect those changes and includes guides to setting up "Sign in with GitHub" in under 5 Minutes! Please be aware that existing OpenID Connect connections will stop working. Check out the "Breaking Changes" section for more info! Want to learn more? Check [out the docs](https://www.ory.sh/kratos/docs/concepts/credentials/openid-connect-oidc-oauth2)! +This release finalizes the OpenID Connect and OAuth2 login, registration, and +settings strategy with JsonNet data transformation! From now on, "Sign in with +Google, Github, ..." is officially supported! It's also possible to link and +unlink these connections using the Self-Service Settings Flow! The documentation +has been updated to reflect those changes and includes guides to setting up +"Sign in with GitHub" in under 5 Minutes! Please be aware that existing OpenID +Connect connections will stop working. Check out the "Breaking Changes" section +for more info! Want to learn more? Check +[out the docs](https://www.ory.sh/kratos/docs/concepts/credentials/openid-connect-oidc-oauth2)! -We also changed the config validation output, making it easier than ever to find bugs in your config: +We also changed the config validation output, making it easier than ever to find +bugs in your config: ``` % kratos --config invalid-config.yml serve @@ -4709,109 +7653,184 @@ FATA[0001] The services failed to start because the configuration is invalid. Ch This release concludes over 50 commits and 16.000 lines of code changed. - - ## Breaking Changes -If you upgrade and have existing Social Sign In connections, it will no longer be possible to use them to sign in. Because the oidc strategy was undocumented and not officially released we do not provide an upgrade guide. If you run into this issue on a production system you may need to use SQL to change the config of those identities. If this is a real issue for you that you're unable to solve, please create an issue on GitHub. - -This is a breaking change as previous OIDC configurations will not work. Please consult the newly written documentation on OpenID Connect to learn how to use OIDC in your login and registration flows. Since the OIDC feature was not publicly broadcasted yet we have chosen not to provide an upgrade path. If you have issues, please reach out on the forums or slack. - +If you upgrade and have existing Social Sign In connections, it will no longer +be possible to use them to sign in. Because the oidc strategy was undocumented +and not officially released we do not provide an upgrade guide. If you run into +this issue on a production system you may need to use SQL to change the config +of those identities. If this is a real issue for you that you're unable to +solve, please create an issue on GitHub. +This is a breaking change as previous OIDC configurations will not work. Please +consult the newly written documentation on OpenID Connect to learn how to use +OIDC in your login and registration flows. Since the OIDC feature was not +publicly broadcasted yet we have chosen not to provide an upgrade path. If you +have issues, please reach out on the forums or slack. ### Bug Fixes -* Access rules of oathkeeper for quick start ([#390](https://github.com/ory/kratos/issues/390)) ([5ed6d05](https://github.com/ory/kratos/commit/5ed6d05b3e13027e4e7ffef1ff10ab2fb948093d)), closes [#389](https://github.com/ory/kratos/issues/389): - - To access `/` as dashboard - -* Active field should not be required ([#401](https://github.com/ory/kratos/issues/401)) ([aed2a5c](https://github.com/ory/kratos/commit/aed2a5c3c8e39132df53ae8f0eecfb7924296796)), closes [ory/sdk#14](https://github.com/ory/sdk/issues/14) -* Adopt jsonnet in e2e oidc tests ([5e518fb](https://github.com/ory/kratos/commit/5e518fb2de678e27fcc0e4fff020a4d575f1c109)) -* Detect postgres unique constraint ([3a777af](https://github.com/ory/kratos/commit/3a777af00244066a42751005d832e4058ddad8d2)) -* Fix oidc strategy jsonnet test ([f6c48bf](https://github.com/ory/kratos/commit/f6c48bf2c64cea1f111e5777de22878e0be5f03c)) -* Improve config validation error message ([#414](https://github.com/ory/kratos/issues/414)) ([d1e6896](https://github.com/ory/kratos/commit/d1e6896b3870cad49217ee78f6024a8a5c416f46)), closes [#413](https://github.com/ory/kratos/issues/413) -* Reset request id after parse ([9550205](https://github.com/ory/kratos/commit/9550205a35364473e0f620ef2b2a7eac223dbfff)) -* Resolve flaky swagger generation ([#416](https://github.com/ory/kratos/issues/416)) ([ac4acfc](https://github.com/ory/kratos/commit/ac4acfcd7f4e686b5d5c01136158fdf1687329ac)) -* Resolve regression issues and bugs ([e6d5369](https://github.com/ory/kratos/commit/e6d53693e146ec6e0d9de2ea366323721af3d8fb)) -* Return correct error on id mismatch ([5915f28](https://github.com/ory/kratos/commit/5915f2882d2a481ea357d50b0058093ba3ddb51b)) -* Test and implement mapper_url for jsonnet ([40ac3dc](https://github.com/ory/kratos/commit/40ac3dc7b5828ac775055fed3c0bd9ff393e5d86)) -* Transaction usage in the identity persister ([#404](https://github.com/ory/kratos/issues/404)) ([7f5072d](https://github.com/ory/kratos/commit/7f5072dc2d4fbf1f48cdf4d199ce4e89683a87b1)) +- Access rules of oathkeeper for quick start + ([#390](https://github.com/ory/kratos/issues/390)) + ([5ed6d05](https://github.com/ory/kratos/commit/5ed6d05b3e13027e4e7ffef1ff10ab2fb948093d)), + closes [#389](https://github.com/ory/kratos/issues/389): + + To access `/` as dashboard + +- Active field should not be required + ([#401](https://github.com/ory/kratos/issues/401)) + ([aed2a5c](https://github.com/ory/kratos/commit/aed2a5c3c8e39132df53ae8f0eecfb7924296796)), + closes [ory/sdk#14](https://github.com/ory/sdk/issues/14) +- Adopt jsonnet in e2e oidc tests + ([5e518fb](https://github.com/ory/kratos/commit/5e518fb2de678e27fcc0e4fff020a4d575f1c109)) +- Detect postgres unique constraint + ([3a777af](https://github.com/ory/kratos/commit/3a777af00244066a42751005d832e4058ddad8d2)) +- Fix oidc strategy jsonnet test + ([f6c48bf](https://github.com/ory/kratos/commit/f6c48bf2c64cea1f111e5777de22878e0be5f03c)) +- Improve config validation error message + ([#414](https://github.com/ory/kratos/issues/414)) + ([d1e6896](https://github.com/ory/kratos/commit/d1e6896b3870cad49217ee78f6024a8a5c416f46)), + closes [#413](https://github.com/ory/kratos/issues/413) +- Reset request id after parse + ([9550205](https://github.com/ory/kratos/commit/9550205a35364473e0f620ef2b2a7eac223dbfff)) +- Resolve flaky swagger generation + ([#416](https://github.com/ory/kratos/issues/416)) + ([ac4acfc](https://github.com/ory/kratos/commit/ac4acfcd7f4e686b5d5c01136158fdf1687329ac)) +- Resolve regression issues and bugs + ([e6d5369](https://github.com/ory/kratos/commit/e6d53693e146ec6e0d9de2ea366323721af3d8fb)) +- Return correct error on id mismatch + ([5915f28](https://github.com/ory/kratos/commit/5915f2882d2a481ea357d50b0058093ba3ddb51b)) +- Test and implement mapper_url for jsonnet + ([40ac3dc](https://github.com/ory/kratos/commit/40ac3dc7b5828ac775055fed3c0bd9ff393e5d86)) +- Transaction usage in the identity persister + ([#404](https://github.com/ory/kratos/issues/404)) + ([7f5072d](https://github.com/ory/kratos/commit/7f5072dc2d4fbf1f48cdf4d199ce4e89683a87b1)) ### Chores -* Pin v0.3.0-alpha.1 release commit ([43b693a](https://github.com/ory/kratos/commit/43b693a449bf7cd219eb6901acf36725ace1c41c)) +- Pin v0.3.0-alpha.1 release commit + ([43b693a](https://github.com/ory/kratos/commit/43b693a449bf7cd219eb6901acf36725ace1c41c)) ### Code Refactoring -* Adopt new request parser ([ad16cc9](https://github.com/ory/kratos/commit/ad16cc917c8067eb1c4b89ef8192287be1c912c8)) -* Dry config and oidc tests ([3e98756](https://github.com/ory/kratos/commit/3e9875612ea895f9b565d34f4d5b0f80d136868f)) -* Improve oidc flows and payloads and add e2e tests ([#381](https://github.com/ory/kratos/issues/381)) ([f9a5079](https://github.com/ory/kratos/commit/f9a50790637a848897ba275373bc538728e09f3d)), closes [#387](https://github.com/ory/kratos/issues/387): - - This patch improves the OpenID Connect login and registration user experience by simplifying the network flows and introduces e2e tests using ORY Hydra. - -* Move cypress files to test/e2e ([df8e627](https://github.com/ory/kratos/commit/df8e627d81d69682e01ec5670c7088ba564df578)) -* Moved scanner json to ory/x ([#412](https://github.com/ory/kratos/issues/412)) ([8a0967d](https://github.com/ory/kratos/commit/8a0967daef4329981b01e6c2b8bb55a8105b4829)) -* Partition files and change creds structure ([4f1eb94](https://github.com/ory/kratos/commit/4f1eb946fe1e74e537fc2166fc000180a11c2048)): - - This patch changes the data model of the OpenID Connect strategy. Instead of using an array of providers as the base config item (e.g. `{"type":"oidc","config":[{"provider":"google","subject":"..."}]}`) the credentials config is now an object with a `providers` key: `{"type":"oidc","config":{"providers":[{"provider":"google","subject":"..."}]}}`. This change allows introduction of future changes to the schema without breaking compatibility. - -* Replace oidc jsonschema with jsonnet ([2b45e79](https://github.com/ory/kratos/commit/2b45e7953787ad46a6937fe44cb24b6c786eb223)), closes [#380](https://github.com/ory/kratos/issues/380): - - This patch replaces the previous methodology of merging OIDC data which used JSON Schema with Extensions and JSON Path in favor of a much easier to use approach with JSONNet. - -* **settings:** Use common request parser ([ad6c402](https://github.com/ory/kratos/commit/ad6c4026e5fd15924dc906cdc9cb6c9de2fc4daa)) +- Adopt new request parser + ([ad16cc9](https://github.com/ory/kratos/commit/ad16cc917c8067eb1c4b89ef8192287be1c912c8)) +- Dry config and oidc tests + ([3e98756](https://github.com/ory/kratos/commit/3e9875612ea895f9b565d34f4d5b0f80d136868f)) +- Improve oidc flows and payloads and add e2e tests + ([#381](https://github.com/ory/kratos/issues/381)) + ([f9a5079](https://github.com/ory/kratos/commit/f9a50790637a848897ba275373bc538728e09f3d)), + closes [#387](https://github.com/ory/kratos/issues/387): + + This patch improves the OpenID Connect login and registration user experience + by simplifying the network flows and introduces e2e tests using ORY Hydra. + +- Move cypress files to test/e2e + ([df8e627](https://github.com/ory/kratos/commit/df8e627d81d69682e01ec5670c7088ba564df578)) +- Moved scanner json to ory/x ([#412](https://github.com/ory/kratos/issues/412)) + ([8a0967d](https://github.com/ory/kratos/commit/8a0967daef4329981b01e6c2b8bb55a8105b4829)) +- Partition files and change creds structure + ([4f1eb94](https://github.com/ory/kratos/commit/4f1eb946fe1e74e537fc2166fc000180a11c2048)): + + This patch changes the data model of the OpenID Connect strategy. Instead of + using an array of providers as the base config item (e.g. + `{"type":"oidc","config":[{"provider":"google","subject":"..."}]}`) the + credentials config is now an object with a `providers` key: + `{"type":"oidc","config":{"providers":[{"provider":"google","subject":"..."}]}}`. + This change allows introduction of future changes to the schema without + breaking compatibility. + +- Replace oidc jsonschema with jsonnet + ([2b45e79](https://github.com/ory/kratos/commit/2b45e7953787ad46a6937fe44cb24b6c786eb223)), + closes [#380](https://github.com/ory/kratos/issues/380): + + This patch replaces the previous methodology of merging OIDC data which used + JSON Schema with Extensions and JSON Path in favor of a much easier to use + approach with JSONNet. + +- **settings:** Use common request parser + ([ad6c402](https://github.com/ory/kratos/commit/ad6c4026e5fd15924dc906cdc9cb6c9de2fc4daa)) ### Documentation -* Document account enumeration defenses for oidc ([266329c](https://github.com/ory/kratos/commit/266329cd2969627c823418c1267360193e6342df)), closes [#32](https://github.com/ory/kratos/issues/32) -* Document new oidc jsonnet mapper ([#392](https://github.com/ory/kratos/issues/392)) ([088b30f](https://github.com/ory/kratos/commit/088b30feb6845863e6651489e0c963cde7e10516)) -* Document oidc strategy ([#415](https://github.com/ory/kratos/issues/415)) ([9f079f4](https://github.com/ory/kratos/commit/9f079f4f77e54f7be67ac59e13e8ec2696522637)), closes [#409](https://github.com/ory/kratos/issues/409) [#124](https://github.com/ory/kratos/issues/124) [#32](https://github.com/ory/kratos/issues/32) -* Explain that form data is merged with oidc data ([#394](https://github.com/ory/kratos/issues/394)) ([b0dbec4](https://github.com/ory/kratos/commit/b0dbec403c96af41346b6b14fc74b7010e7f8e8a)), closes [#127](https://github.com/ory/kratos/issues/127) -* Fix links in README ([efb6102](https://github.com/ory/kratos/commit/efb610239ac2ae828db26ee84c4c5a83c54c0a6a)), closes [#403](https://github.com/ory/kratos/issues/403) -* Improve social sign in guide ([#393](https://github.com/ory/kratos/issues/393)) ([647ced3](https://github.com/ory/kratos/commit/647ced3084d203e9954ca037afea34316f2080d8)), closes [#49](https://github.com/ory/kratos/issues/49): - - This patch changes the social sign in guide to represent more use cases such as Google and Facebook. Additionally, the example has been updated to work with Jsonnet. - - This patch also documents limitations around merging user data from GitHub. - -* Improve the identity data model page ([#410](https://github.com/ory/kratos/issues/410)) ([2915b8f](https://github.com/ory/kratos/commit/2915b8faf3530fe7b9d252094c3aeb9fdbe9dd08)) -* Include redirect doc in nav ([5aaebff](https://github.com/ory/kratos/commit/5aaebffd8c03e613ec60735536b6ef38d4da39e3)), closes [#406](https://github.com/ory/kratos/issues/406) -* Prepare v0.3.0-alpha.1 ([d6a6f43](https://github.com/ory/kratos/commit/d6a6f432f375018a2dc79d6b60de18455057c25a)) -* Ui should show only active form sections ([#395](https://github.com/ory/kratos/issues/395)) ([4db674d](https://github.com/ory/kratos/commit/4db674de14bc50e782321c7bd88ac8077db2bf75)) -* Update github templates ([#408](https://github.com/ory/kratos/issues/408)) ([6e646b0](https://github.com/ory/kratos/commit/6e646b033e0d43499bf37579a2f04b726af0e3f7)) +- Document account enumeration defenses for oidc + ([266329c](https://github.com/ory/kratos/commit/266329cd2969627c823418c1267360193e6342df)), + closes [#32](https://github.com/ory/kratos/issues/32) +- Document new oidc jsonnet mapper + ([#392](https://github.com/ory/kratos/issues/392)) + ([088b30f](https://github.com/ory/kratos/commit/088b30feb6845863e6651489e0c963cde7e10516)) +- Document oidc strategy ([#415](https://github.com/ory/kratos/issues/415)) + ([9f079f4](https://github.com/ory/kratos/commit/9f079f4f77e54f7be67ac59e13e8ec2696522637)), + closes [#409](https://github.com/ory/kratos/issues/409) + [#124](https://github.com/ory/kratos/issues/124) + [#32](https://github.com/ory/kratos/issues/32) +- Explain that form data is merged with oidc data + ([#394](https://github.com/ory/kratos/issues/394)) + ([b0dbec4](https://github.com/ory/kratos/commit/b0dbec403c96af41346b6b14fc74b7010e7f8e8a)), + closes [#127](https://github.com/ory/kratos/issues/127) +- Fix links in README + ([efb6102](https://github.com/ory/kratos/commit/efb610239ac2ae828db26ee84c4c5a83c54c0a6a)), + closes [#403](https://github.com/ory/kratos/issues/403) +- Improve social sign in guide + ([#393](https://github.com/ory/kratos/issues/393)) + ([647ced3](https://github.com/ory/kratos/commit/647ced3084d203e9954ca037afea34316f2080d8)), + closes [#49](https://github.com/ory/kratos/issues/49): + + This patch changes the social sign in guide to represent more use cases such + as Google and Facebook. Additionally, the example has been updated to work + with Jsonnet. + + This patch also documents limitations around merging user data from GitHub. + +- Improve the identity data model page + ([#410](https://github.com/ory/kratos/issues/410)) + ([2915b8f](https://github.com/ory/kratos/commit/2915b8faf3530fe7b9d252094c3aeb9fdbe9dd08)) +- Include redirect doc in nav + ([5aaebff](https://github.com/ory/kratos/commit/5aaebffd8c03e613ec60735536b6ef38d4da39e3)), + closes [#406](https://github.com/ory/kratos/issues/406) +- Prepare v0.3.0-alpha.1 + ([d6a6f43](https://github.com/ory/kratos/commit/d6a6f432f375018a2dc79d6b60de18455057c25a)) +- Ui should show only active form sections + ([#395](https://github.com/ory/kratos/issues/395)) + ([4db674d](https://github.com/ory/kratos/commit/4db674de14bc50e782321c7bd88ac8077db2bf75)) +- Update github templates ([#408](https://github.com/ory/kratos/issues/408)) + ([6e646b0](https://github.com/ory/kratos/commit/6e646b033e0d43499bf37579a2f04b726af0e3f7)) ### Features -* Add format and lint for JSONNet files ([0a1b244](https://github.com/ory/kratos/commit/0a1b244a6fd2f714a12d101071b3c0f82b4da584)): +- Add format and lint for JSONNet files + ([0a1b244](https://github.com/ory/kratos/commit/0a1b244a6fd2f714a12d101071b3c0f82b4da584)): - This patch adds two commands `kratos jsonnet format` and `kratos jsonnet lint` that help with formatting and linting JSONNet code. + This patch adds two commands `kratos jsonnet format` and `kratos jsonnet lint` + that help with formatting and linting JSONNet code. -* Implement oidc settings e2e tests ([919925c](https://github.com/ory/kratos/commit/919925c87be561064300c3981b5a230c6cada4f7)) -* Introduce leaklog for debugging oidc map payloads ([238d7a4](https://github.com/ory/kratos/commit/238d7a493566bcc28f08b1b2bf6463f95b100254)) -* Write tests and fix bugs for oidc settings ([575a61f](https://github.com/ory/kratos/commit/575a61f58a887fefa6b2917761c06304c94c9892)) +- Implement oidc settings e2e tests + ([919925c](https://github.com/ory/kratos/commit/919925c87be561064300c3981b5a230c6cada4f7)) +- Introduce leaklog for debugging oidc map payloads + ([238d7a4](https://github.com/ory/kratos/commit/238d7a493566bcc28f08b1b2bf6463f95b100254)) +- Write tests and fix bugs for oidc settings + ([575a61f](https://github.com/ory/kratos/commit/575a61f58a887fefa6b2917761c06304c94c9892)) ### Unclassified -* Format code ([bc7557a](https://github.com/ory/kratos/commit/bc7557a4247ede1fdb4141f2670532aec7cbd456)) - +- Format code + ([bc7557a](https://github.com/ory/kratos/commit/bc7557a4247ede1fdb4141f2670532aec7cbd456)) # [0.2.1-alpha.1](https://github.com/ory/kratos/compare/v0.2.0-alpha.2...v0.2.1-alpha.1) (2020-05-05) Resolves a bug in the kratos-selfservice-ui-node application. - - - - ### Chores -* Pin v0.2.1-alpha.1 release commit ([16463ea](https://github.com/ory/kratos/commit/16463ead91a009f33373150d10095aa3857b38f4)) +- Pin v0.2.1-alpha.1 release commit + ([16463ea](https://github.com/ory/kratos/commit/16463ead91a009f33373150d10095aa3857b38f4)) ### Documentation -* Fix quickstart hero sections ([7c6c439](https://github.com/ory/kratos/commit/7c6c4397bccd2b505fc04cc8d3b0944ceca18982)) -* Fix typo in upgrade guide ([a1b1d7c](https://github.com/ory/kratos/commit/a1b1d7c9cbe5fad3b1112a16eced4f3064cfdda0)) - +- Fix quickstart hero sections + ([7c6c439](https://github.com/ory/kratos/commit/7c6c4397bccd2b505fc04cc8d3b0944ceca18982)) +- Fix typo in upgrade guide + ([a1b1d7c](https://github.com/ory/kratos/commit/a1b1d7c9cbe5fad3b1112a16eced4f3064cfdda0)) # [0.2.0-alpha.2](https://github.com/ory/kratos/compare/v0.1.1-alpha.1...v0.2.0-alpha.2) (2020-05-04) @@ -4832,8 +7851,8 @@ All three databases now pass acceptance tests and are thus officially supported! The self-service profile flow has been refactored into a more generic flow allowing users to make modifications to their traits and credentials. Check out -the [docs to learn -more](https://www.ory.sh/kratos/docs/self-service/flows/user-settings-profile-management) +the +[docs to learn more](https://www.ory.sh/kratos/docs/self-service/flows/user-settings-profile-management) about the flow and it's features. Please keep in mind that the flow's APIs have changed. We recommend re-reading @@ -4888,417 +7907,653 @@ Lean more about this flow We added tons of end-to-end and integration tests to find and fix pesky bugs. - - ## Breaking Changes -Please remove the `redirect` hook from both login, -registration, and settings after configuration. Please remove -the `session` hook from your login after configuration. Hooks -have moved down a level and are now configured at -`selfservice...hooks` -instead of -`selfservice...hooks`. -Hooks are now identified by `hook:` instead of `job:`. Please -rename those sections accordingly. +Please remove the `redirect` hook from both login, registration, and settings +after configuration. Please remove the `session` hook from your login after +configuration. Hooks have moved down a level and are now configured at +`selfservice...hooks` instead of +`selfservice...hooks`. Hooks are now +identified by `hook:` instead of `job:`. Please rename those sections +accordingly. -Several profile-related URLs have and payloads been updated. Please consult the most recent documentation. +Several profile-related URLs have and payloads been updated. Please consult the +most recent documentation. -The payloads of the Profile Management Request API -that previously were set in `{ "methods": { "traits": { ... } }}` have now moved to +The payloads of the Profile Management Request API that previously were set in +`{ "methods": { "traits": { ... } }}` have now moved to `{ "methods": { "profile": { ... } }}`. -This patch introduces a refactor that is needed -for the profile management API to be capable of handling (password, -oidc, ...) credential changes as well. +This patch introduces a refactor that is needed for the profile management API +to be capable of handling (password, oidc, ...) credential changes as well. -To implement this, the payloads of the Profile Management Request API -that previously were set in `{"form": {...} }` have now moved to +To implement this, the payloads of the Profile Management Request API that +previously were set in `{"form": {...} }` have now moved to `{"methods": { "traits": { ... } }}`. -In the future, as more credential updates are handled, there will -be additional keys in the forms key -`{"methods": { "traits": { ... }, "password": { ... } }}`. - - +In the future, as more credential updates are handled, there will be additional +keys in the forms key `{"methods": { "traits": { ... }, "password": { ... } }}`. ### Bug Fixes -* Allow setting new password in profile flow ([3b5fd5c](https://github.com/ory/kratos/commit/3b5fd5ca8c09b2344c0262547f2b387bda362362)) -* Automatically append multiStatements parameter to mySQL URI ([#374](https://github.com/ory/kratos/issues/374)) ([39f77bb](https://github.com/ory/kratos/commit/39f77bb29637db048b15c097d869d8828b0d292b)) -* **config:** Rename config key stmp to smtp ([#278](https://github.com/ory/kratos/issues/278)) ([ef95811](https://github.com/ory/kratos/commit/ef95811bb891afe3a0ef3b19514f13a56a32ea3b)) -* Create pop connection without parsed connection options ([#366](https://github.com/ory/kratos/issues/366)) ([10b6481](https://github.com/ory/kratos/commit/10b6481774aaff42b70b9c6af3ed776ac8f7734c)) -* Declare proper vars for setting version ([#383](https://github.com/ory/kratos/issues/383)) ([2fc7556](https://github.com/ory/kratos/commit/2fc7556b70b11e519162326ded0ba2638b6d32df)) -* Decouple quickstart scenarios ([#336](https://github.com/ory/kratos/issues/336)) ([17363b3](https://github.com/ory/kratos/commit/17363b312deff8b92fc1b0d158dc70670d5938e5)), closes [#262](https://github.com/ory/kratos/issues/262): - - Creates several docker compose examples which include various - scenarios of the quickstart. - - The regular quickstart guide now works without ORY Oathkeeper - and uses the standalone mode of the example app instead. - - Additionally, the Makefile was improved and now automatically pulls - required dependencies in the appropriate version. - -* **docker:** Throw away build artifacts ([481ec1b](https://github.com/ory/kratos/commit/481ec1ba14480ced39516f6e0c47a40b6a44a631)) -* Document Schema API and serve over admin endpoint ([#299](https://github.com/ory/kratos/issues/299)) ([4be417c](https://github.com/ory/kratos/commit/4be417c0ee18622247a15d2803f7f436cfe3c229)), closes [#287](https://github.com/ory/kratos/issues/287) -* Exempt whomai from csrf protection ([#329](https://github.com/ory/kratos/issues/329)) ([31d4065](https://github.com/ory/kratos/commit/31d4065c2b0cbd6c8d2b0031ce8f6f157ff967cf)) -* Fix swagger annotation ([#331](https://github.com/ory/kratos/issues/331)) ([5c5c78f](https://github.com/ory/kratos/commit/5c5c78f404a11d5df25cb68584b826b685bf5385)): - - Closes https://github.com/ory/sdk/issues/10 - -* Move to ory sqa service ([#309](https://github.com/ory/kratos/issues/309)) ([7c244e0](https://github.com/ory/kratos/commit/7c244e0a28a010e56e07d061132dad7a0309ea75)) -* Properly annotate error API ([a6f1300](https://github.com/ory/kratos/commit/a6f1300951010e7c862c410e93653f7c02c2e79f)) -* Remove unused returnTo ([e64e5b0](https://github.com/ory/kratos/commit/e64e5b0cecceedda29a525f683cbf6070a9ef1eb)) -* Resolve docker build permission issues ([f3612e8](https://github.com/ory/kratos/commit/f3612e8f82018bae17c9146d273fe7e82ceb033d)) -* Resolve failing test issues ([2e968e5](https://github.com/ory/kratos/commit/2e968e52d3ae3396a3f2e212c0dab22677b4b5fd)) -* Resolve linux install script archive naming ([#302](https://github.com/ory/kratos/issues/302)) ([c98b8aa](https://github.com/ory/kratos/commit/c98b8aa4cd3ab881b904e9dc4cdcb6383a8ad09b)) -* Resolve NULL value for seen_at ([#259](https://github.com/ory/kratos/issues/259)) ([a7d1e86](https://github.com/ory/kratos/commit/a7d1e86844a9cdd0c58353e1f1e4340dac4260b3)), closes [#244](https://github.com/ory/kratos/issues/244): - - Previously, errorx tests were not executed which caused several bugs. - -* Resolve password continuity issues ([56a44fa](https://github.com/ory/kratos/commit/56a44fa33d325eea9fddec4269e34e632310f77b)) -* Revert use host volume mount for sqlite ([#272](https://github.com/ory/kratos/issues/272)) ([#285](https://github.com/ory/kratos/issues/285)) ([a7477ab](https://github.com/ory/kratos/commit/a7477ab1db0d986f96e754946607d05888de4c97)): - - This reverts commit 230ab2d83f4d187f410e267c6d68554e82514948. - -* Self-service error query parameter name ([#308](https://github.com/ory/kratos/issues/308)) ([be257f5](https://github.com/ory/kratos/commit/be257f5448abaa48e25735a088757f3fd6dc6d22)): - - The query parameter for the self-service errors endpoint was named `id` - in the API docs, whereas it is the `error` param that is used by the - handler. - -* **session:** Regenerate CSRF Token on principal change ([#290](https://github.com/ory/kratos/issues/290)) ([1527ef4](https://github.com/ory/kratos/commit/1527ef4209b937e2175b60d56efd019f17b33b04)), closes [#217](https://github.com/ory/kratos/issues/217) -* **session:** Whoami endpoint now supports all HTTP methods ([#283](https://github.com/ory/kratos/issues/283)) ([4bf645b](https://github.com/ory/kratos/commit/4bf645b66c7a128182ff55e52fdad7f53d752ce7)), closes [#270](https://github.com/ory/kratos/issues/270) -* Show log in ui only when unauthenticated or forced ([df77310](https://github.com/ory/kratos/commit/df77310ffbe7cfc90fa3bc5dad0450e79c34ebef)), closes [#323](https://github.com/ory/kratos/issues/323) -* **sql:** Rename migrations with same version ([#280](https://github.com/ory/kratos/issues/280)) ([07e46b9](https://github.com/ory/kratos/commit/07e46b9c9e57940bec904d744ffdd272d610a77b)), closes [#279](https://github.com/ory/kratos/issues/279) -* **swagger:** Move nolint,deadcode instructions to own file ([#293](https://github.com/ory/kratos/issues/293)) ([1935510](https://github.com/ory/kratos/commit/1935510ad9b0f387eb3b2e690e31c5313a06883e)): - - Closes https://github.com/ory/docs/pull/279 - -* Use host volume mount for sqlite ([#272](https://github.com/ory/kratos/issues/272)) ([230ab2d](https://github.com/ory/kratos/commit/230ab2d83f4d187f410e267c6d68554e82514948)) -* Use resilient client for HIBP lookup ([#288](https://github.com/ory/kratos/issues/288)) ([735b435](https://github.com/ory/kratos/commit/735b43508392c6966a57907c20caa7cf9df4fc4d)), closes [#261](https://github.com/ory/kratos/issues/261) -* Use semver-regex replacer func ([d5c9a47](https://github.com/ory/kratos/commit/d5c9a47800fc2a55b96c7b9330f68b0a2db328cb)) -* Use sqlite tag on make install ([2c82784](https://github.com/ory/kratos/commit/2c82784cd69e0468a72354f6898945032d826306)) -* Verified_at field should not be required ([#353](https://github.com/ory/kratos/issues/353)) ([15d5e26](https://github.com/ory/kratos/commit/15d5e268d2ec397f0647d2407d86404c4ee8bfa3)): - - Closes https://github.com/ory/sdk/issues/11 - - - +- Allow setting new password in profile flow + ([3b5fd5c](https://github.com/ory/kratos/commit/3b5fd5ca8c09b2344c0262547f2b387bda362362)) +- Automatically append multiStatements parameter to mySQL URI + ([#374](https://github.com/ory/kratos/issues/374)) + ([39f77bb](https://github.com/ory/kratos/commit/39f77bb29637db048b15c097d869d8828b0d292b)) +- **config:** Rename config key stmp to smtp + ([#278](https://github.com/ory/kratos/issues/278)) + ([ef95811](https://github.com/ory/kratos/commit/ef95811bb891afe3a0ef3b19514f13a56a32ea3b)) +- Create pop connection without parsed connection options + ([#366](https://github.com/ory/kratos/issues/366)) + ([10b6481](https://github.com/ory/kratos/commit/10b6481774aaff42b70b9c6af3ed776ac8f7734c)) +- Declare proper vars for setting version + ([#383](https://github.com/ory/kratos/issues/383)) + ([2fc7556](https://github.com/ory/kratos/commit/2fc7556b70b11e519162326ded0ba2638b6d32df)) +- Decouple quickstart scenarios + ([#336](https://github.com/ory/kratos/issues/336)) + ([17363b3](https://github.com/ory/kratos/commit/17363b312deff8b92fc1b0d158dc70670d5938e5)), + closes [#262](https://github.com/ory/kratos/issues/262): + + Creates several docker compose examples which include various scenarios of the + quickstart. + + The regular quickstart guide now works without ORY Oathkeeper and uses the + standalone mode of the example app instead. + + Additionally, the Makefile was improved and now automatically pulls required + dependencies in the appropriate version. + +- **docker:** Throw away build artifacts + ([481ec1b](https://github.com/ory/kratos/commit/481ec1ba14480ced39516f6e0c47a40b6a44a631)) +- Document Schema API and serve over admin endpoint + ([#299](https://github.com/ory/kratos/issues/299)) + ([4be417c](https://github.com/ory/kratos/commit/4be417c0ee18622247a15d2803f7f436cfe3c229)), + closes [#287](https://github.com/ory/kratos/issues/287) +- Exempt whomai from csrf protection + ([#329](https://github.com/ory/kratos/issues/329)) + ([31d4065](https://github.com/ory/kratos/commit/31d4065c2b0cbd6c8d2b0031ce8f6f157ff967cf)) +- Fix swagger annotation ([#331](https://github.com/ory/kratos/issues/331)) + ([5c5c78f](https://github.com/ory/kratos/commit/5c5c78f404a11d5df25cb68584b826b685bf5385)): + + Closes https://github.com/ory/sdk/issues/10 + +- Move to ory sqa service ([#309](https://github.com/ory/kratos/issues/309)) + ([7c244e0](https://github.com/ory/kratos/commit/7c244e0a28a010e56e07d061132dad7a0309ea75)) +- Properly annotate error API + ([a6f1300](https://github.com/ory/kratos/commit/a6f1300951010e7c862c410e93653f7c02c2e79f)) +- Remove unused returnTo + ([e64e5b0](https://github.com/ory/kratos/commit/e64e5b0cecceedda29a525f683cbf6070a9ef1eb)) +- Resolve docker build permission issues + ([f3612e8](https://github.com/ory/kratos/commit/f3612e8f82018bae17c9146d273fe7e82ceb033d)) +- Resolve failing test issues + ([2e968e5](https://github.com/ory/kratos/commit/2e968e52d3ae3396a3f2e212c0dab22677b4b5fd)) +- Resolve linux install script archive naming + ([#302](https://github.com/ory/kratos/issues/302)) + ([c98b8aa](https://github.com/ory/kratos/commit/c98b8aa4cd3ab881b904e9dc4cdcb6383a8ad09b)) +- Resolve NULL value for seen_at + ([#259](https://github.com/ory/kratos/issues/259)) + ([a7d1e86](https://github.com/ory/kratos/commit/a7d1e86844a9cdd0c58353e1f1e4340dac4260b3)), + closes [#244](https://github.com/ory/kratos/issues/244): + + Previously, errorx tests were not executed which caused several bugs. + +- Resolve password continuity issues + ([56a44fa](https://github.com/ory/kratos/commit/56a44fa33d325eea9fddec4269e34e632310f77b)) +- Revert use host volume mount for sqlite + ([#272](https://github.com/ory/kratos/issues/272)) + ([#285](https://github.com/ory/kratos/issues/285)) + ([a7477ab](https://github.com/ory/kratos/commit/a7477ab1db0d986f96e754946607d05888de4c97)): + + This reverts commit 230ab2d83f4d187f410e267c6d68554e82514948. + +- Self-service error query parameter name + ([#308](https://github.com/ory/kratos/issues/308)) + ([be257f5](https://github.com/ory/kratos/commit/be257f5448abaa48e25735a088757f3fd6dc6d22)): + + The query parameter for the self-service errors endpoint was named `id` in the + API docs, whereas it is the `error` param that is used by the handler. + +- **session:** Regenerate CSRF Token on principal change + ([#290](https://github.com/ory/kratos/issues/290)) + ([1527ef4](https://github.com/ory/kratos/commit/1527ef4209b937e2175b60d56efd019f17b33b04)), + closes [#217](https://github.com/ory/kratos/issues/217) +- **session:** Whoami endpoint now supports all HTTP methods + ([#283](https://github.com/ory/kratos/issues/283)) + ([4bf645b](https://github.com/ory/kratos/commit/4bf645b66c7a128182ff55e52fdad7f53d752ce7)), + closes [#270](https://github.com/ory/kratos/issues/270) +- Show log in ui only when unauthenticated or forced + ([df77310](https://github.com/ory/kratos/commit/df77310ffbe7cfc90fa3bc5dad0450e79c34ebef)), + closes [#323](https://github.com/ory/kratos/issues/323) +- **sql:** Rename migrations with same version + ([#280](https://github.com/ory/kratos/issues/280)) + ([07e46b9](https://github.com/ory/kratos/commit/07e46b9c9e57940bec904d744ffdd272d610a77b)), + closes [#279](https://github.com/ory/kratos/issues/279) +- **swagger:** Move nolint,deadcode instructions to own file + ([#293](https://github.com/ory/kratos/issues/293)) + ([1935510](https://github.com/ory/kratos/commit/1935510ad9b0f387eb3b2e690e31c5313a06883e)): + + Closes https://github.com/ory/docs/pull/279 + +- Use host volume mount for sqlite + ([#272](https://github.com/ory/kratos/issues/272)) + ([230ab2d](https://github.com/ory/kratos/commit/230ab2d83f4d187f410e267c6d68554e82514948)) +- Use resilient client for HIBP lookup + ([#288](https://github.com/ory/kratos/issues/288)) + ([735b435](https://github.com/ory/kratos/commit/735b43508392c6966a57907c20caa7cf9df4fc4d)), + closes [#261](https://github.com/ory/kratos/issues/261) +- Use semver-regex replacer func + ([d5c9a47](https://github.com/ory/kratos/commit/d5c9a47800fc2a55b96c7b9330f68b0a2db328cb)) +- Use sqlite tag on make install + ([2c82784](https://github.com/ory/kratos/commit/2c82784cd69e0468a72354f6898945032d826306)) +- Verified_at field should not be required + ([#353](https://github.com/ory/kratos/issues/353)) + ([15d5e26](https://github.com/ory/kratos/commit/15d5e268d2ec397f0647d2407d86404c4ee8bfa3)): + + Closes https://github.com/ory/sdk/issues/11 ### Chores -* Pin v0.2.0-alpha.2 release commit ([ab91689](https://github.com/ory/kratos/commit/ab916894b761b18c53e4ed1fd0e42d9f5aa0817c)) +- Pin v0.2.0-alpha.2 release commit + ([ab91689](https://github.com/ory/kratos/commit/ab916894b761b18c53e4ed1fd0e42d9f5aa0817c)) ### Code Refactoring -* Move docs to this repository ([#317](https://github.com/ory/kratos/issues/317)) ([aa0d726](https://github.com/ory/kratos/commit/aa0d72639ecae3b0649761e6ee881a59b2f3e94e)) -* Prepare profile management payloads for credentials ([44493f3](https://github.com/ory/kratos/commit/44493f3ddbb449981576ec317ac45530ca3be14d)) -* Rename traits method to profile ([4f1e033](https://github.com/ory/kratos/commit/4f1e0339ecc1efbdfa3d3680ad64b7683e90e447)) -* Rework hooks and self-service flow completion ([#349](https://github.com/ory/kratos/issues/349)) ([a7c7fef](https://github.com/ory/kratos/commit/a7c7fef758e843393b0dc1e60bee11b88b8c9b4a)), closes [#348](https://github.com/ory/kratos/issues/348) [#347](https://github.com/ory/kratos/issues/347) [#179](https://github.com/ory/kratos/issues/179) [#51](https://github.com/ory/kratos/issues/51) [#50](https://github.com/ory/kratos/issues/50) [#31](https://github.com/ory/kratos/issues/31): - - This patch focuses on refactoring how self-service flows terminate and - changes how hooks behave and when they are executed. - - Before this patch, it was not clear whether hooks run before or - after an identity is persisted. This caused problems with multiple - writes on the HTTP ResponseWriter and other bugs. - - This patch removes certain hooks from after login, registration, and profile flows. - Per default, these flows now respond with an appropriate payload ( - redirect for browsers, JSON for API clients) and deprecate - the `redirect` hook. This patch includes documentation which explains - how these hooks work now. - - Additionally, the documentation was updated. Especially the sections - about hooks have been refactored. The login and user registration docs - have been updated to reflect the latest changes as well. - - Also, some other minor, cosmetic, changes to the documentation have been made. - +- Move docs to this repository + ([#317](https://github.com/ory/kratos/issues/317)) + ([aa0d726](https://github.com/ory/kratos/commit/aa0d72639ecae3b0649761e6ee881a59b2f3e94e)) +- Prepare profile management payloads for credentials + ([44493f3](https://github.com/ory/kratos/commit/44493f3ddbb449981576ec317ac45530ca3be14d)) +- Rename traits method to profile + ([4f1e033](https://github.com/ory/kratos/commit/4f1e0339ecc1efbdfa3d3680ad64b7683e90e447)) +- Rework hooks and self-service flow completion + ([#349](https://github.com/ory/kratos/issues/349)) + ([a7c7fef](https://github.com/ory/kratos/commit/a7c7fef758e843393b0dc1e60bee11b88b8c9b4a)), + closes [#348](https://github.com/ory/kratos/issues/348) + [#347](https://github.com/ory/kratos/issues/347) + [#179](https://github.com/ory/kratos/issues/179) + [#51](https://github.com/ory/kratos/issues/51) + [#50](https://github.com/ory/kratos/issues/50) + [#31](https://github.com/ory/kratos/issues/31): + + This patch focuses on refactoring how self-service flows terminate and changes + how hooks behave and when they are executed. + + Before this patch, it was not clear whether hooks run before or after an + identity is persisted. This caused problems with multiple writes on the HTTP + ResponseWriter and other bugs. + + This patch removes certain hooks from after login, registration, and profile + flows. Per default, these flows now respond with an appropriate payload ( + redirect for browsers, JSON for API clients) and deprecate the `redirect` + hook. This patch includes documentation which explains how these hooks work + now. + + Additionally, the documentation was updated. Especially the sections about + hooks have been refactored. The login and user registration docs have been + updated to reflect the latest changes as well. + + Also, some other minor, cosmetic, changes to the documentation have been made. ### Documentation -* Add banner kratos ([8a9dfbb](https://github.com/ory/kratos/commit/8a9dfbbd54bac14778cc84ec13326eb1ef80f5b3)) -* Add csrf and cookie debug section ([#342](https://github.com/ory/kratos/issues/342)) ([cac2948](https://github.com/ory/kratos/commit/cac2948685ed2a3c3edbc8eb4696bbfb8523dfeb)), closes [#341](https://github.com/ory/kratos/issues/341) -* Add database connection documentation ([#332](https://github.com/ory/kratos/issues/332)) ([4f9e8b0](https://github.com/ory/kratos/commit/4f9e8b00bacda3612db3f48b81fabd562075470a)) -* Add HA docs ([2e5c591](https://github.com/ory/kratos/commit/2e5c59158915d1ccbb90363e23f73a09c227b6f7)) -* Add hook changes to upgrade guide ([55b5fe0](https://github.com/ory/kratos/commit/55b5fe00c0472f5f6f7408eee76bf9a39318db7e)) -* Add info to oidc ([#382](https://github.com/ory/kratos/issues/382)) ([6eeeb5d](https://github.com/ory/kratos/commit/6eeeb5dbe98d2f31fd922d60a35d9d8f81d0b2a8)) -* Add more examples to config schema ([#372](https://github.com/ory/kratos/issues/372)) ([ed2ccb9](https://github.com/ory/kratos/commit/ed2ccb935fdcfcb11999996cd582726bba096435)), closes [#345](https://github.com/ory/kratos/issues/345) -* Add quickstart notes for docker debugging ([74f082a](https://github.com/ory/kratos/commit/74f082a407ee73741453ff6a394f47790e79b667)) -* Add settings docs and improve flows ([#375](https://github.com/ory/kratos/issues/375)) ([478cd9c](https://github.com/ory/kratos/commit/478cd9c5b5755030307d1f11e9bcbd4e171ee0d6)), closes [#345](https://github.com/ory/kratos/issues/345) -* **concepts:** Fix typo ([a49184c](https://github.com/ory/kratos/commit/a49184c30d9c2ccff5a2d41d3aff61b24e7d2ea9)): - - Closes https://github.com/ory/docs/pull/296 - -* **concepts:** Properly close code tag ([1c841c2](https://github.com/ory/kratos/commit/1c841c213bdbc79a6aa41e8450444d8d6c1f0284)) -* Declare api frontmatter properly ([df7591f](https://github.com/ory/kratos/commit/df7591f7b70c94cfe62042a598eceb36b6a4f29a)) -* Document 0.2.0 high-level changes ([9be1064](https://github.com/ory/kratos/commit/9be1064500dd86489b79e1abd9cbf1268b97853a)) -* Document multi-tenant set up ([891594d](https://github.com/ory/kratos/commit/891594df488e42ce30a81465f10f2936d152cb55)), closes [#370](https://github.com/ory/kratos/issues/370) -* Fix broken images in quickstart ([52aa4cf](https://github.com/ory/kratos/commit/52aa4cf0b6967108fa58f58b6b151e6f6118bcc9)) -* Fix broken link ([bf7843c](https://github.com/ory/kratos/commit/bf7843cd96795a894488a0910529c847cf7eee19)), closes [#327](https://github.com/ory/kratos/issues/327) -* Fix broken link ([c2adc73](https://github.com/ory/kratos/commit/c2adc734a73758d858d50d8738dc2a556110f26c)), closes [#327](https://github.com/ory/kratos/issues/327) -* Fix broken mermaid links ([f24fc1b](https://github.com/ory/kratos/commit/f24fc1bbba234d71098298bcddbba236ac4297f3)) -* Fix spelling in quickstart ([#356](https://github.com/ory/kratos/issues/356)) ([3ce6b4a](https://github.com/ory/kratos/commit/3ce6b4a1b0722a96bcbae79b7261616f20741494)) -* Improve changelog ([#384](https://github.com/ory/kratos/issues/384)) ([a973ca7](https://github.com/ory/kratos/commit/a973ca7719cd820bb196ec5732c85418528be1d0)) -* Improve profile section and restructure nav ([#373](https://github.com/ory/kratos/issues/373)) ([3cc0979](https://github.com/ory/kratos/commit/3cc097934edc81d4c6d853594eed5e68e9e48445)), closes [#345](https://github.com/ory/kratos/issues/345) -* Regenerate and update changelog ([7d4ed98](https://github.com/ory/kratos/commit/7d4ed9873f25b14b59f727002fb08a8b8a4e91a6)) -* Regenerate and update changelog ([175b626](https://github.com/ory/kratos/commit/175b626f74b4471e068bd79259c6d479fd6c1a7d)) -* Regenerate and update changelog ([e60e2df](https://github.com/ory/kratos/commit/e60e2df5d5cc4c1ef8a6a7f13487d4ebbf54741e)) -* Regenerate and update changelog ([41eeb75](https://github.com/ory/kratos/commit/41eeb7587fad864f64c4179ac20847f902c438b3)) -* Regenerate and update changelog ([468105a](https://github.com/ory/kratos/commit/468105a6080b861f1e02db3a404f2bac7f2f5eb6)) -* Regenerate and update changelog ([8414520](https://github.com/ory/kratos/commit/8414520c995cb2405ed051952357d37ca8111f25)) -* Regenerate and update changelog ([85d5866](https://github.com/ory/kratos/commit/85d5866df403b3cfa5566cef5cb983714b395505)) -* Regenerate and update changelog ([e8d2d10](https://github.com/ory/kratos/commit/e8d2d1019bbc05fbe4eeaaee7a8eb1e8f2d18cf9)) -* Regenerate and update changelog ([4c58b6d](https://github.com/ory/kratos/commit/4c58b6de4a3a39b1e94516abd1ea8ed7b09c1fe4)) -* Regenerate and update changelog ([a726eb2](https://github.com/ory/kratos/commit/a726eb202a070038148612f98f12e5d22170d1ec)) -* Regenerate and update changelog ([87b47ba](https://github.com/ory/kratos/commit/87b47baa9cdc0175c58ccbb20e67b458ce6a445f)) -* Regenerate and update changelog ([537d496](https://github.com/ory/kratos/commit/537d496d2043a17c68f31a8744c39bc76f76314c)) -* Regenerate and update changelog ([00e6af9](https://github.com/ory/kratos/commit/00e6af96060ec38059c449ac5e8b3c1df5bb8c95)) -* Regenerate and update changelog ([48a2eca](https://github.com/ory/kratos/commit/48a2eca2dcd274ca73d55132efca4a6dae63efdf)) -* Regenerate and update changelog ([8a71948](https://github.com/ory/kratos/commit/8a719481b54957681aa21eff5415229f3e5d4bff)) -* Regenerate and update changelog ([ad3d510](https://github.com/ory/kratos/commit/ad3d5101dad3c8a2725083c63f155638905b6e8c)) -* Regenerate and update changelog ([48bcc70](https://github.com/ory/kratos/commit/48bcc704ed22d8c78620aa3a5f8ecb5b41937759)) -* Regenerate and update changelog ([816a55c](https://github.com/ory/kratos/commit/816a55c81a27b53d5bd823392751853b68d3f607)) -* Regenerate and update changelog ([4ed74d2](https://github.com/ory/kratos/commit/4ed74d25c45f6e439377329d42cd7ae0acf9d0f1)) -* Regenerate and update changelog ([367927e](https://github.com/ory/kratos/commit/367927e716e7c1c6898151a5f14876fb30070dd3)) -* Regenerate and update changelog ([38f4019](https://github.com/ory/kratos/commit/38f40190f54264808c7a2716555876d05cdf560f)) -* Typo in README.md ([#265](https://github.com/ory/kratos/issues/265)) ([9f865a2](https://github.com/ory/kratos/commit/9f865a2ebace801414b2de17fe2f627d91f23474)) -* Update banner url ([292c986](https://github.com/ory/kratos/commit/292c986729d83187f7e77365e11ef74a6f3cadf6)) -* Update forum and chat links ([3039191](https://github.com/ory/kratos/commit/30391919d7ea58609dd3cd37db2709495e7abc76)) -* Update github templates ([#338](https://github.com/ory/kratos/issues/338)) ([57dbc77](https://github.com/ory/kratos/commit/57dbc77b548383522ca428e899dfde461334216c)) -* Update github templates ([#343](https://github.com/ory/kratos/issues/343)) ([eb13dc1](https://github.com/ory/kratos/commit/eb13dc1285cb16515d1c63b99cc389147508a31e)) -* Update github templates ([#350](https://github.com/ory/kratos/issues/350)) ([faf2f30](https://github.com/ory/kratos/commit/faf2f305aea1826e3d5f0b2614313920ac2b585b)) -* Update github templates ([#351](https://github.com/ory/kratos/issues/351)) ([20ff289](https://github.com/ory/kratos/commit/20ff2890004745231073cd4fd6ef1b37521cde72)) -* Update linux install guide ([3b8e549](https://github.com/ory/kratos/commit/3b8e5493a01357f8c442a8a2dc9437712498452c)) -* Update linux install guide ([#354](https://github.com/ory/kratos/issues/354)) ([ec49cae](https://github.com/ory/kratos/commit/ec49caec6ddea2c800db0779005bac6da73903e1)) -* Update self service reg docs ([#367](https://github.com/ory/kratos/issues/367)) ([4cf0323](https://github.com/ory/kratos/commit/4cf0323095990c5ec25283a01561cb9b8833f9ef)), closes [/github.com/ory/kratos-selfservice-ui-node/blob/489c76d1b0474ee55ef56804b28f54d8718747ba/src/routes/auth.ts#L28](https://github.com//github.com/ory/kratos-selfservice-ui-node/blob/489c76d1b0474ee55ef56804b28f54d8718747ba/src/routes/auth.ts/issues/L28): - - The old links pointed at `/auth/browser/(login|registration)` - which seems to be outdated now. - -* Update user-settings-profile-management.md ([#322](https://github.com/ory/kratos/issues/322)) ([45dc3a5](https://github.com/ory/kratos/commit/45dc3a56c15ae442890313a7dbc784b75644248a)) -* Updates issue and pull request templates ([#298](https://github.com/ory/kratos/issues/298)) ([1be738d](https://github.com/ory/kratos/commit/1be738d3f8e9bbc6dae31ffad5d990657a66761c)) -* Updates issue and pull request templates ([#313](https://github.com/ory/kratos/issues/313)) ([299063c](https://github.com/ory/kratos/commit/299063caf2fdde40713bae4c36abb3b6fac7271d)) -* Updates issue and pull request templates ([#314](https://github.com/ory/kratos/issues/314)) ([d5ae452](https://github.com/ory/kratos/commit/d5ae452a8ce5f641a40e510e82441d4eb8137218)) -* Updates issue and pull request templates ([#315](https://github.com/ory/kratos/issues/315)) ([8b68db1](https://github.com/ory/kratos/commit/8b68db140a7fc1c0eaa9318c1759ea9d8d0c27df)) -* Use git checkout in quickstart ([#339](https://github.com/ory/kratos/issues/339)) ([2d2562b](https://github.com/ory/kratos/commit/2d2562b587a69a2891ff29d927cb001e15d75b5d)), closes [#335](https://github.com/ory/kratos/issues/335) +- Add banner kratos + ([8a9dfbb](https://github.com/ory/kratos/commit/8a9dfbbd54bac14778cc84ec13326eb1ef80f5b3)) +- Add csrf and cookie debug section + ([#342](https://github.com/ory/kratos/issues/342)) + ([cac2948](https://github.com/ory/kratos/commit/cac2948685ed2a3c3edbc8eb4696bbfb8523dfeb)), + closes [#341](https://github.com/ory/kratos/issues/341) +- Add database connection documentation + ([#332](https://github.com/ory/kratos/issues/332)) + ([4f9e8b0](https://github.com/ory/kratos/commit/4f9e8b00bacda3612db3f48b81fabd562075470a)) +- Add HA docs + ([2e5c591](https://github.com/ory/kratos/commit/2e5c59158915d1ccbb90363e23f73a09c227b6f7)) +- Add hook changes to upgrade guide + ([55b5fe0](https://github.com/ory/kratos/commit/55b5fe00c0472f5f6f7408eee76bf9a39318db7e)) +- Add info to oidc ([#382](https://github.com/ory/kratos/issues/382)) + ([6eeeb5d](https://github.com/ory/kratos/commit/6eeeb5dbe98d2f31fd922d60a35d9d8f81d0b2a8)) +- Add more examples to config schema + ([#372](https://github.com/ory/kratos/issues/372)) + ([ed2ccb9](https://github.com/ory/kratos/commit/ed2ccb935fdcfcb11999996cd582726bba096435)), + closes [#345](https://github.com/ory/kratos/issues/345) +- Add quickstart notes for docker debugging + ([74f082a](https://github.com/ory/kratos/commit/74f082a407ee73741453ff6a394f47790e79b667)) +- Add settings docs and improve flows + ([#375](https://github.com/ory/kratos/issues/375)) + ([478cd9c](https://github.com/ory/kratos/commit/478cd9c5b5755030307d1f11e9bcbd4e171ee0d6)), + closes [#345](https://github.com/ory/kratos/issues/345) +- **concepts:** Fix typo + ([a49184c](https://github.com/ory/kratos/commit/a49184c30d9c2ccff5a2d41d3aff61b24e7d2ea9)): + + Closes https://github.com/ory/docs/pull/296 + +- **concepts:** Properly close code tag + ([1c841c2](https://github.com/ory/kratos/commit/1c841c213bdbc79a6aa41e8450444d8d6c1f0284)) +- Declare api frontmatter properly + ([df7591f](https://github.com/ory/kratos/commit/df7591f7b70c94cfe62042a598eceb36b6a4f29a)) +- Document 0.2.0 high-level changes + ([9be1064](https://github.com/ory/kratos/commit/9be1064500dd86489b79e1abd9cbf1268b97853a)) +- Document multi-tenant set up + ([891594d](https://github.com/ory/kratos/commit/891594df488e42ce30a81465f10f2936d152cb55)), + closes [#370](https://github.com/ory/kratos/issues/370) +- Fix broken images in quickstart + ([52aa4cf](https://github.com/ory/kratos/commit/52aa4cf0b6967108fa58f58b6b151e6f6118bcc9)) +- Fix broken link + ([bf7843c](https://github.com/ory/kratos/commit/bf7843cd96795a894488a0910529c847cf7eee19)), + closes [#327](https://github.com/ory/kratos/issues/327) +- Fix broken link + ([c2adc73](https://github.com/ory/kratos/commit/c2adc734a73758d858d50d8738dc2a556110f26c)), + closes [#327](https://github.com/ory/kratos/issues/327) +- Fix broken mermaid links + ([f24fc1b](https://github.com/ory/kratos/commit/f24fc1bbba234d71098298bcddbba236ac4297f3)) +- Fix spelling in quickstart ([#356](https://github.com/ory/kratos/issues/356)) + ([3ce6b4a](https://github.com/ory/kratos/commit/3ce6b4a1b0722a96bcbae79b7261616f20741494)) +- Improve changelog ([#384](https://github.com/ory/kratos/issues/384)) + ([a973ca7](https://github.com/ory/kratos/commit/a973ca7719cd820bb196ec5732c85418528be1d0)) +- Improve profile section and restructure nav + ([#373](https://github.com/ory/kratos/issues/373)) + ([3cc0979](https://github.com/ory/kratos/commit/3cc097934edc81d4c6d853594eed5e68e9e48445)), + closes [#345](https://github.com/ory/kratos/issues/345) +- Regenerate and update changelog + ([7d4ed98](https://github.com/ory/kratos/commit/7d4ed9873f25b14b59f727002fb08a8b8a4e91a6)) +- Regenerate and update changelog + ([175b626](https://github.com/ory/kratos/commit/175b626f74b4471e068bd79259c6d479fd6c1a7d)) +- Regenerate and update changelog + ([e60e2df](https://github.com/ory/kratos/commit/e60e2df5d5cc4c1ef8a6a7f13487d4ebbf54741e)) +- Regenerate and update changelog + ([41eeb75](https://github.com/ory/kratos/commit/41eeb7587fad864f64c4179ac20847f902c438b3)) +- Regenerate and update changelog + ([468105a](https://github.com/ory/kratos/commit/468105a6080b861f1e02db3a404f2bac7f2f5eb6)) +- Regenerate and update changelog + ([8414520](https://github.com/ory/kratos/commit/8414520c995cb2405ed051952357d37ca8111f25)) +- Regenerate and update changelog + ([85d5866](https://github.com/ory/kratos/commit/85d5866df403b3cfa5566cef5cb983714b395505)) +- Regenerate and update changelog + ([e8d2d10](https://github.com/ory/kratos/commit/e8d2d1019bbc05fbe4eeaaee7a8eb1e8f2d18cf9)) +- Regenerate and update changelog + ([4c58b6d](https://github.com/ory/kratos/commit/4c58b6de4a3a39b1e94516abd1ea8ed7b09c1fe4)) +- Regenerate and update changelog + ([a726eb2](https://github.com/ory/kratos/commit/a726eb202a070038148612f98f12e5d22170d1ec)) +- Regenerate and update changelog + ([87b47ba](https://github.com/ory/kratos/commit/87b47baa9cdc0175c58ccbb20e67b458ce6a445f)) +- Regenerate and update changelog + ([537d496](https://github.com/ory/kratos/commit/537d496d2043a17c68f31a8744c39bc76f76314c)) +- Regenerate and update changelog + ([00e6af9](https://github.com/ory/kratos/commit/00e6af96060ec38059c449ac5e8b3c1df5bb8c95)) +- Regenerate and update changelog + ([48a2eca](https://github.com/ory/kratos/commit/48a2eca2dcd274ca73d55132efca4a6dae63efdf)) +- Regenerate and update changelog + ([8a71948](https://github.com/ory/kratos/commit/8a719481b54957681aa21eff5415229f3e5d4bff)) +- Regenerate and update changelog + ([ad3d510](https://github.com/ory/kratos/commit/ad3d5101dad3c8a2725083c63f155638905b6e8c)) +- Regenerate and update changelog + ([48bcc70](https://github.com/ory/kratos/commit/48bcc704ed22d8c78620aa3a5f8ecb5b41937759)) +- Regenerate and update changelog + ([816a55c](https://github.com/ory/kratos/commit/816a55c81a27b53d5bd823392751853b68d3f607)) +- Regenerate and update changelog + ([4ed74d2](https://github.com/ory/kratos/commit/4ed74d25c45f6e439377329d42cd7ae0acf9d0f1)) +- Regenerate and update changelog + ([367927e](https://github.com/ory/kratos/commit/367927e716e7c1c6898151a5f14876fb30070dd3)) +- Regenerate and update changelog + ([38f4019](https://github.com/ory/kratos/commit/38f40190f54264808c7a2716555876d05cdf560f)) +- Typo in README.md ([#265](https://github.com/ory/kratos/issues/265)) + ([9f865a2](https://github.com/ory/kratos/commit/9f865a2ebace801414b2de17fe2f627d91f23474)) +- Update banner url + ([292c986](https://github.com/ory/kratos/commit/292c986729d83187f7e77365e11ef74a6f3cadf6)) +- Update forum and chat links + ([3039191](https://github.com/ory/kratos/commit/30391919d7ea58609dd3cd37db2709495e7abc76)) +- Update github templates ([#338](https://github.com/ory/kratos/issues/338)) + ([57dbc77](https://github.com/ory/kratos/commit/57dbc77b548383522ca428e899dfde461334216c)) +- Update github templates ([#343](https://github.com/ory/kratos/issues/343)) + ([eb13dc1](https://github.com/ory/kratos/commit/eb13dc1285cb16515d1c63b99cc389147508a31e)) +- Update github templates ([#350](https://github.com/ory/kratos/issues/350)) + ([faf2f30](https://github.com/ory/kratos/commit/faf2f305aea1826e3d5f0b2614313920ac2b585b)) +- Update github templates ([#351](https://github.com/ory/kratos/issues/351)) + ([20ff289](https://github.com/ory/kratos/commit/20ff2890004745231073cd4fd6ef1b37521cde72)) +- Update linux install guide + ([3b8e549](https://github.com/ory/kratos/commit/3b8e5493a01357f8c442a8a2dc9437712498452c)) +- Update linux install guide ([#354](https://github.com/ory/kratos/issues/354)) + ([ec49cae](https://github.com/ory/kratos/commit/ec49caec6ddea2c800db0779005bac6da73903e1)) +- Update self service reg docs + ([#367](https://github.com/ory/kratos/issues/367)) + ([4cf0323](https://github.com/ory/kratos/commit/4cf0323095990c5ec25283a01561cb9b8833f9ef)), + closes + [/github.com/ory/kratos-selfservice-ui-node/blob/489c76d1b0474ee55ef56804b28f54d8718747ba/src/routes/auth.ts#L28](https://github.com//github.com/ory/kratos-selfservice-ui-node/blob/489c76d1b0474ee55ef56804b28f54d8718747ba/src/routes/auth.ts/issues/L28): + + The old links pointed at `/auth/browser/(login|registration)` which seems to + be outdated now. + +- Update user-settings-profile-management.md + ([#322](https://github.com/ory/kratos/issues/322)) + ([45dc3a5](https://github.com/ory/kratos/commit/45dc3a56c15ae442890313a7dbc784b75644248a)) +- Updates issue and pull request templates + ([#298](https://github.com/ory/kratos/issues/298)) + ([1be738d](https://github.com/ory/kratos/commit/1be738d3f8e9bbc6dae31ffad5d990657a66761c)) +- Updates issue and pull request templates + ([#313](https://github.com/ory/kratos/issues/313)) + ([299063c](https://github.com/ory/kratos/commit/299063caf2fdde40713bae4c36abb3b6fac7271d)) +- Updates issue and pull request templates + ([#314](https://github.com/ory/kratos/issues/314)) + ([d5ae452](https://github.com/ory/kratos/commit/d5ae452a8ce5f641a40e510e82441d4eb8137218)) +- Updates issue and pull request templates + ([#315](https://github.com/ory/kratos/issues/315)) + ([8b68db1](https://github.com/ory/kratos/commit/8b68db140a7fc1c0eaa9318c1759ea9d8d0c27df)) +- Use git checkout in quickstart + ([#339](https://github.com/ory/kratos/issues/339)) + ([2d2562b](https://github.com/ory/kratos/commit/2d2562b587a69a2891ff29d927cb001e15d75b5d)), + closes [#335](https://github.com/ory/kratos/issues/335) ### Features -* Add `dsn: memory` shorthand ([#284](https://github.com/ory/kratos/issues/284)) ([e66a030](https://github.com/ory/kratos/commit/e66a030f7d67dec639121fb23dfc7f1444474c6b)), closes [#228](https://github.com/ory/kratos/issues/228) -* Add and test id hint in reauth flow ([2298f01](https://github.com/ory/kratos/commit/2298f0140e77da870c842daa8eaca274e5d64254)), closes [#323](https://github.com/ory/kratos/issues/323) -* Add cypress e2e tests ([#334](https://github.com/ory/kratos/issues/334)) ([abc0e91](https://github.com/ory/kratos/commit/abc0e91e278f7938b264598ac0c60d18c5a9e8a0)) -* Allow configuring same-site for session cookies ([#303](https://github.com/ory/kratos/issues/303)) ([2eb2054](https://github.com/ory/kratos/commit/2eb2054a94281aefa9a0818110d168cc9c052094)), closes [#257](https://github.com/ory/kratos/issues/257): - - It is now possible to set SameSite for the session cookie via the key `security.session.cookie.same_site`. - -* **continuity:** Implement request continuity ([135e047](https://github.com/ory/kratos/commit/135e04750b1855ab0db812517c61e292a770ba94)), closes [#304](https://github.com/ory/kratos/issues/304) [#311](https://github.com/ory/kratos/issues/311): - - This patch adds a module which is capable of aborting a request, waiting for - another option to complete, and then resuming the request again. - - This feature makes use of a temporary cookie which keeps track of the - request state. - - This feature is required for several workflows that update privileged - fields such as passwords, 2fa recovery codes, email addresses. - - refactor: rename profile to settings flow - - Renames selfservice/profile to settings. The settings flow includes a strategy for managing profile information - -* Enable CockroachDB integration ([#260](https://github.com/ory/kratos/issues/260)) ([adc5153](https://github.com/ory/kratos/commit/adc5153410fb4d9f99702d7c73a78aeec8c1e9f1)), closes [#132](https://github.com/ory/kratos/issues/132) [#155](https://github.com/ory/kratos/issues/155) -* Enable continuity management for settings module ([009d755](https://github.com/ory/kratos/commit/009d7558f525168fecf86168de2906088662535e)) -* Enable updating auth related traits ([#266](https://github.com/ory/kratos/issues/266)) ([65b88ba](https://github.com/ory/kratos/commit/65b88ba52fb9e6da3c1a65f734352519303327a6)), closes [#243](https://github.com/ory/kratos/issues/243) -* Implement password profile management flow ([a31839a](https://github.com/ory/kratos/commit/a31839a5c33c80500c900fb50d1dd499ab1161a1)), closes [#243](https://github.com/ory/kratos/issues/243) -* Introduce fallbacks for required configs ([#376](https://github.com/ory/kratos/issues/376)) ([b3bcb25](https://github.com/ory/kratos/commit/b3bcb25be6b417647ece2b3dda26d691f8e8d685)), closes [#369](https://github.com/ory/kratos/issues/369) [#352](https://github.com/ory/kratos/issues/352) -* **login:** Forced reauthentication ([#248](https://github.com/ory/kratos/issues/248)) ([344fc9c](https://github.com/ory/kratos/commit/344fc9cddccff958f13249b999a835d3e46a7771)), closes [#243](https://github.com/ory/kratos/issues/243) -* Return 410 when selfservice requests expire ([#289](https://github.com/ory/kratos/issues/289)) ([b414607](https://github.com/ory/kratos/commit/b4146076148d9ff079e9d433f0a90f5bc938650c)), closes [#235](https://github.com/ory/kratos/issues/235) -* Send verification emails on profile update ([#333](https://github.com/ory/kratos/issues/333)) ([1cacc80](https://github.com/ory/kratos/commit/1cacc80c54f92b380ef3752591970cc4dd97085e)), closes [#267](https://github.com/ory/kratos/issues/267) +- Add `dsn: memory` shorthand ([#284](https://github.com/ory/kratos/issues/284)) + ([e66a030](https://github.com/ory/kratos/commit/e66a030f7d67dec639121fb23dfc7f1444474c6b)), + closes [#228](https://github.com/ory/kratos/issues/228) +- Add and test id hint in reauth flow + ([2298f01](https://github.com/ory/kratos/commit/2298f0140e77da870c842daa8eaca274e5d64254)), + closes [#323](https://github.com/ory/kratos/issues/323) +- Add cypress e2e tests ([#334](https://github.com/ory/kratos/issues/334)) + ([abc0e91](https://github.com/ory/kratos/commit/abc0e91e278f7938b264598ac0c60d18c5a9e8a0)) +- Allow configuring same-site for session cookies + ([#303](https://github.com/ory/kratos/issues/303)) + ([2eb2054](https://github.com/ory/kratos/commit/2eb2054a94281aefa9a0818110d168cc9c052094)), + closes [#257](https://github.com/ory/kratos/issues/257): + + It is now possible to set SameSite for the session cookie via the key + `security.session.cookie.same_site`. + +- **continuity:** Implement request continuity + ([135e047](https://github.com/ory/kratos/commit/135e04750b1855ab0db812517c61e292a770ba94)), + closes [#304](https://github.com/ory/kratos/issues/304) + [#311](https://github.com/ory/kratos/issues/311): + + This patch adds a module which is capable of aborting a request, waiting for + another option to complete, and then resuming the request again. + + This feature makes use of a temporary cookie which keeps track of the request + state. + + This feature is required for several workflows that update privileged fields + such as passwords, 2fa recovery codes, email addresses. + + refactor: rename profile to settings flow + + Renames selfservice/profile to settings. The settings flow includes a strategy + for managing profile information + +- Enable CockroachDB integration + ([#260](https://github.com/ory/kratos/issues/260)) + ([adc5153](https://github.com/ory/kratos/commit/adc5153410fb4d9f99702d7c73a78aeec8c1e9f1)), + closes [#132](https://github.com/ory/kratos/issues/132) + [#155](https://github.com/ory/kratos/issues/155) +- Enable continuity management for settings module + ([009d755](https://github.com/ory/kratos/commit/009d7558f525168fecf86168de2906088662535e)) +- Enable updating auth related traits + ([#266](https://github.com/ory/kratos/issues/266)) + ([65b88ba](https://github.com/ory/kratos/commit/65b88ba52fb9e6da3c1a65f734352519303327a6)), + closes [#243](https://github.com/ory/kratos/issues/243) +- Implement password profile management flow + ([a31839a](https://github.com/ory/kratos/commit/a31839a5c33c80500c900fb50d1dd499ab1161a1)), + closes [#243](https://github.com/ory/kratos/issues/243) +- Introduce fallbacks for required configs + ([#376](https://github.com/ory/kratos/issues/376)) + ([b3bcb25](https://github.com/ory/kratos/commit/b3bcb25be6b417647ece2b3dda26d691f8e8d685)), + closes [#369](https://github.com/ory/kratos/issues/369) + [#352](https://github.com/ory/kratos/issues/352) +- **login:** Forced reauthentication + ([#248](https://github.com/ory/kratos/issues/248)) + ([344fc9c](https://github.com/ory/kratos/commit/344fc9cddccff958f13249b999a835d3e46a7771)), + closes [#243](https://github.com/ory/kratos/issues/243) +- Return 410 when selfservice requests expire + ([#289](https://github.com/ory/kratos/issues/289)) + ([b414607](https://github.com/ory/kratos/commit/b4146076148d9ff079e9d433f0a90f5bc938650c)), + closes [#235](https://github.com/ory/kratos/issues/235) +- Send verification emails on profile update + ([#333](https://github.com/ory/kratos/issues/333)) + ([1cacc80](https://github.com/ory/kratos/commit/1cacc80c54f92b380ef3752591970cc4dd97085e)), + closes [#267](https://github.com/ory/kratos/issues/267) ### Unclassified -* u ([0b6fa48](https://github.com/ory/kratos/commit/0b6fa48e90fa0c50b9c26bae034eb1662c855d69)) -* u ([03fa4f0](https://github.com/ory/kratos/commit/03fa4f05363aa1f38fe45730317375ce380cfa31)) -* u ([a3dfd9d](https://github.com/ory/kratos/commit/a3dfd9d15e1f7287558b85c3a4f23d02444b0bf4)) -* u ([616aa0f](https://github.com/ory/kratos/commit/616aa0f0cf3d662b48fcaa02715e02e854e05581)) -* fix:add graceful shutdown to courier handler (#296) ([235d784](https://github.com/ory/kratos/commit/235d784b7f8bf38859d15d68c37b089fc9371195)), closes [#296](https://github.com/ory/kratos/issues/296) [#295](https://github.com/ory/kratos/issues/295): - - Courier would not stop with the provided Background handler. - This changes the methods of Courier so that the graceful package can be - used in the same way as the http endpoints can be used. - -* fix(sql) change courier body to text field (#276) ([ed5268d](https://github.com/ory/kratos/commit/ed5268d539b2a28f5367e8ba2e2e6bd3a605ce5b)), closes [#276](https://github.com/ory/kratos/issues/276) [#269](https://github.com/ory/kratos/issues/269) -* Make format ([b85e5af](https://github.com/ory/kratos/commit/b85e5af2e29f9ca3bc3341ba4f2b1b338b441398)) - +- u + ([0b6fa48](https://github.com/ory/kratos/commit/0b6fa48e90fa0c50b9c26bae034eb1662c855d69)) +- u + ([03fa4f0](https://github.com/ory/kratos/commit/03fa4f05363aa1f38fe45730317375ce380cfa31)) +- u + ([a3dfd9d](https://github.com/ory/kratos/commit/a3dfd9d15e1f7287558b85c3a4f23d02444b0bf4)) +- u + ([616aa0f](https://github.com/ory/kratos/commit/616aa0f0cf3d662b48fcaa02715e02e854e05581)) +- fix:add graceful shutdown to courier handler (#296) + ([235d784](https://github.com/ory/kratos/commit/235d784b7f8bf38859d15d68c37b089fc9371195)), + closes [#296](https://github.com/ory/kratos/issues/296) + [#295](https://github.com/ory/kratos/issues/295): + + Courier would not stop with the provided Background handler. This changes the + methods of Courier so that the graceful package can be used in the same way as + the http endpoints can be used. + +- fix(sql) change courier body to text field (#276) + ([ed5268d](https://github.com/ory/kratos/commit/ed5268d539b2a28f5367e8ba2e2e6bd3a605ce5b)), + closes [#276](https://github.com/ory/kratos/issues/276) + [#269](https://github.com/ory/kratos/issues/269) +- Make format + ([b85e5af](https://github.com/ory/kratos/commit/b85e5af2e29f9ca3bc3341ba4f2b1b338b441398)) # [0.1.1-alpha.1](https://github.com/ory/kratos/compare/v0.1.0-alpha.6...v0.1.1-alpha.1) (2020-02-18) docs: Regenerate and update changelog - - - - ### Bug Fixes -* Add verify return to address ([#252](https://github.com/ory/kratos/issues/252)) ([64ab9e5](https://github.com/ory/kratos/commit/64ab9e510e6b65f9dd16fdfaadfd24785dab0c93)) -* Clean up docker quickstart ([#255](https://github.com/ory/kratos/issues/255)) ([7f0996b](https://github.com/ory/kratos/commit/7f0996b99646e57136f20c04a77a6f682eecdd9c)) -* Resolve several verification problems ([#253](https://github.com/ory/kratos/issues/253)) ([30d4632](https://github.com/ory/kratos/commit/30d46326373cf038b600ee07db3e95ce6d94ab12)) -* Update verify URLs ([#258](https://github.com/ory/kratos/issues/258)) ([5d4f909](https://github.com/ory/kratos/commit/5d4f9099b5c61ff9572ad23a3eb9c0e0025d92da)) +- Add verify return to address + ([#252](https://github.com/ory/kratos/issues/252)) + ([64ab9e5](https://github.com/ory/kratos/commit/64ab9e510e6b65f9dd16fdfaadfd24785dab0c93)) +- Clean up docker quickstart ([#255](https://github.com/ory/kratos/issues/255)) + ([7f0996b](https://github.com/ory/kratos/commit/7f0996b99646e57136f20c04a77a6f682eecdd9c)) +- Resolve several verification problems + ([#253](https://github.com/ory/kratos/issues/253)) + ([30d4632](https://github.com/ory/kratos/commit/30d46326373cf038b600ee07db3e95ce6d94ab12)) +- Update verify URLs ([#258](https://github.com/ory/kratos/issues/258)) + ([5d4f909](https://github.com/ory/kratos/commit/5d4f9099b5c61ff9572ad23a3eb9c0e0025d92da)) ### Code Refactoring -* Support context-based SQL transactions ([#254](https://github.com/ory/kratos/issues/254)) ([6ace1ee](https://github.com/ory/kratos/commit/6ace1ee2070c35b0da3e36dcd5417ff70a4ff9cb)) +- Support context-based SQL transactions + ([#254](https://github.com/ory/kratos/issues/254)) + ([6ace1ee](https://github.com/ory/kratos/commit/6ace1ee2070c35b0da3e36dcd5417ff70a4ff9cb)) ### Documentation -* Regenerate and update changelog ([a125822](https://github.com/ory/kratos/commit/a1258221a1fef82cc525be7b1042e91e2d20b1eb)) -* Regenerate and update changelog ([b3a8220](https://github.com/ory/kratos/commit/b3a822035509ec2c9fb04037b2088ce6df8191da)) -* Regenerate and update changelog ([a141b30](https://github.com/ory/kratos/commit/a141b309a1fc22bc45d70a090869fdee198a065e)) -* Regenerate and update changelog ([7e12e20](https://github.com/ory/kratos/commit/7e12e20be0fa61a2f41a416a3edcd2b522165196)) -* Regenerate and update changelog ([3c1c67b](https://github.com/ory/kratos/commit/3c1c67b31a54dd8d5fceac9449d305db82ff8844)) -* Regenerate and update changelog ([ee07937](https://github.com/ory/kratos/commit/ee07937d5e797f0217c86946da42d0070ca7c250)) - +- Regenerate and update changelog + ([a125822](https://github.com/ory/kratos/commit/a1258221a1fef82cc525be7b1042e91e2d20b1eb)) +- Regenerate and update changelog + ([b3a8220](https://github.com/ory/kratos/commit/b3a822035509ec2c9fb04037b2088ce6df8191da)) +- Regenerate and update changelog + ([a141b30](https://github.com/ory/kratos/commit/a141b309a1fc22bc45d70a090869fdee198a065e)) +- Regenerate and update changelog + ([7e12e20](https://github.com/ory/kratos/commit/7e12e20be0fa61a2f41a416a3edcd2b522165196)) +- Regenerate and update changelog + ([3c1c67b](https://github.com/ory/kratos/commit/3c1c67b31a54dd8d5fceac9449d305db82ff8844)) +- Regenerate and update changelog + ([ee07937](https://github.com/ory/kratos/commit/ee07937d5e797f0217c86946da42d0070ca7c250)) # [0.1.0-alpha.6](https://github.com/ory/kratos/compare/v0.1.0-alpha.5...v0.1.0-alpha.6) (2020-02-16) feat: Add verification to quickstart (#251) - - - - - ### Bug Fixes -* Adapt quickstart to verify changes ([#247](https://github.com/ory/kratos/issues/247)) ([24eceb7](https://github.com/ory/kratos/commit/24eceb7147cef1081ac1ad969713ca1bc36229cb)) -* Gracefully handle selfservice request expiry ([#242](https://github.com/ory/kratos/issues/242)) ([4421e6b](https://github.com/ory/kratos/commit/4421e6bde494fbe9672251cf813a39e3031bf3fd)), closes [#233](https://github.com/ory/kratos/issues/233) -* Set AuthenticatedAt in session issuer hook ([#246](https://github.com/ory/kratos/issues/246)) ([29c83fa](https://github.com/ory/kratos/commit/29c83fa986c612fb17e13fe9415f7836062159d2)), closes [#224](https://github.com/ory/kratos/issues/224) -* **swagger:** Sanitize before validate ([c72f140](https://github.com/ory/kratos/commit/c72f140083e94f3a47ee2398c56d188e6d4edcb4)) -* **swagger:** Use correct annotations for request methods ([#237](https://github.com/ory/kratos/issues/237)) ([8473c85](https://github.com/ory/kratos/commit/8473c85d8282b27375b53babbbc79046d407b3fb)), closes [#234](https://github.com/ory/kratos/issues/234) +- Adapt quickstart to verify changes + ([#247](https://github.com/ory/kratos/issues/247)) + ([24eceb7](https://github.com/ory/kratos/commit/24eceb7147cef1081ac1ad969713ca1bc36229cb)) +- Gracefully handle selfservice request expiry + ([#242](https://github.com/ory/kratos/issues/242)) + ([4421e6b](https://github.com/ory/kratos/commit/4421e6bde494fbe9672251cf813a39e3031bf3fd)), + closes [#233](https://github.com/ory/kratos/issues/233) +- Set AuthenticatedAt in session issuer hook + ([#246](https://github.com/ory/kratos/issues/246)) + ([29c83fa](https://github.com/ory/kratos/commit/29c83fa986c612fb17e13fe9415f7836062159d2)), + closes [#224](https://github.com/ory/kratos/issues/224) +- **swagger:** Sanitize before validate + ([c72f140](https://github.com/ory/kratos/commit/c72f140083e94f3a47ee2398c56d188e6d4edcb4)) +- **swagger:** Use correct annotations for request methods + ([#237](https://github.com/ory/kratos/issues/237)) + ([8473c85](https://github.com/ory/kratos/commit/8473c85d8282b27375b53babbbc79046d407b3fb)), + closes [#234](https://github.com/ory/kratos/issues/234) ### Code Refactoring -* Move to ory/jsonschema/v3 everywhere ([#229](https://github.com/ory/kratos/issues/229)) ([61f5c1d](https://github.com/ory/kratos/commit/61f5c1d3d896841b08deb08c42ba896118e3fc71)), closes [#225](https://github.com/ory/kratos/issues/225) +- Move to ory/jsonschema/v3 everywhere + ([#229](https://github.com/ory/kratos/issues/229)) + ([61f5c1d](https://github.com/ory/kratos/commit/61f5c1d3d896841b08deb08c42ba896118e3fc71)), + closes [#225](https://github.com/ory/kratos/issues/225) ### Documentation -* Regenerate and update changelog ([922cf0f](https://github.com/ory/kratos/commit/922cf0f3d7ec8860d13aff3b88849a71fb59e2c9)) -* Regenerate and update changelog ([e097c23](https://github.com/ory/kratos/commit/e097c23d8b4902a9013f3a8fa9a397033a92fb88)) -* Regenerate and update changelog ([2d1685f](https://github.com/ory/kratos/commit/2d1685f4f4235e9293b1ab79e67050042787c6e9)) -* Regenerate and update changelog ([f8964e9](https://github.com/ory/kratos/commit/f8964e9e5c442f75ba501ce7cfcb18916b781dc1)) -* Regenerate and update changelog ([92b8001](https://github.com/ory/kratos/commit/92b80013c98e9556138eff04aa24dc696b8d6128)) -* Regenerate and update changelog ([d7083ab](https://github.com/ory/kratos/commit/d7083ab9fb8e8172707cae3ac4a8a183f0c25903)) -* Regenerate and update changelog ([c4547dc](https://github.com/ory/kratos/commit/c4547dc53ecf167b63e5d7d3b6764535bd86fa5a)) -* Regenerate and update changelog ([d8d8bba](https://github.com/ory/kratos/commit/d8d8bbae055e2220023a45b832d2435984191029)) -* Regenerate and update changelog ([b012ed9](https://github.com/ory/kratos/commit/b012ed9ce1f4fd0ece2e3463e952711b4380f4a4)) +- Regenerate and update changelog + ([922cf0f](https://github.com/ory/kratos/commit/922cf0f3d7ec8860d13aff3b88849a71fb59e2c9)) +- Regenerate and update changelog + ([e097c23](https://github.com/ory/kratos/commit/e097c23d8b4902a9013f3a8fa9a397033a92fb88)) +- Regenerate and update changelog + ([2d1685f](https://github.com/ory/kratos/commit/2d1685f4f4235e9293b1ab79e67050042787c6e9)) +- Regenerate and update changelog + ([f8964e9](https://github.com/ory/kratos/commit/f8964e9e5c442f75ba501ce7cfcb18916b781dc1)) +- Regenerate and update changelog + ([92b8001](https://github.com/ory/kratos/commit/92b80013c98e9556138eff04aa24dc696b8d6128)) +- Regenerate and update changelog + ([d7083ab](https://github.com/ory/kratos/commit/d7083ab9fb8e8172707cae3ac4a8a183f0c25903)) +- Regenerate and update changelog + ([c4547dc](https://github.com/ory/kratos/commit/c4547dc53ecf167b63e5d7d3b6764535bd86fa5a)) +- Regenerate and update changelog + ([d8d8bba](https://github.com/ory/kratos/commit/d8d8bbae055e2220023a45b832d2435984191029)) +- Regenerate and update changelog + ([b012ed9](https://github.com/ory/kratos/commit/b012ed9ce1f4fd0ece2e3463e952711b4380f4a4)) ### Features -* Add disabled flag to identifier form fields ([#238](https://github.com/ory/kratos/issues/238)) ([a2178bd](https://github.com/ory/kratos/commit/a2178bdbbe20798a3e1e3fb5ed7b44afc187c640)), closes [#227](https://github.com/ory/kratos/issues/227) -* Add verification to quickstart ([#251](https://github.com/ory/kratos/issues/251)) ([172dc87](https://github.com/ory/kratos/commit/172dc87d22f925668c21da1b3b581156e01d45a4)) -* Implement email verification ([#245](https://github.com/ory/kratos/issues/245)) ([eed00f4](https://github.com/ory/kratos/commit/eed00f4b328c173057455980ce0e1aad909c278f)), closes [#27](https://github.com/ory/kratos/issues/27) -* Improve password validation strategy ([#231](https://github.com/ory/kratos/issues/231)) ([256fad3](https://github.com/ory/kratos/commit/256fad37164c81cc44c35e77b99911996722a86a)) - +- Add disabled flag to identifier form fields + ([#238](https://github.com/ory/kratos/issues/238)) + ([a2178bd](https://github.com/ory/kratos/commit/a2178bdbbe20798a3e1e3fb5ed7b44afc187c640)), + closes [#227](https://github.com/ory/kratos/issues/227) +- Add verification to quickstart + ([#251](https://github.com/ory/kratos/issues/251)) + ([172dc87](https://github.com/ory/kratos/commit/172dc87d22f925668c21da1b3b581156e01d45a4)) +- Implement email verification + ([#245](https://github.com/ory/kratos/issues/245)) + ([eed00f4](https://github.com/ory/kratos/commit/eed00f4b328c173057455980ce0e1aad909c278f)), + closes [#27](https://github.com/ory/kratos/issues/27) +- Improve password validation strategy + ([#231](https://github.com/ory/kratos/issues/231)) + ([256fad3](https://github.com/ory/kratos/commit/256fad37164c81cc44c35e77b99911996722a86a)) # [0.1.0-alpha.5](https://github.com/ory/kratos/compare/v0.1.0-alpha.4...v0.1.0-alpha.5) (2020-02-06) docs: Regenerate and update changelog - - - - ### Documentation -* Regenerate and update changelog ([e87e9c9](https://github.com/ory/kratos/commit/e87e9c9ec9cf55351439ab16a778f3ea303ec646)) -* Regenerate and update changelog ([d6f0794](https://github.com/ory/kratos/commit/d6f0794d53b6e7d6d9e3bc63a77d402e43a29bed)) -* Regenerate and update changelog ([eb7326c](https://github.com/ory/kratos/commit/eb7326c98c2d5e87a8ac3cd9f2efb43f2552164a)) +- Regenerate and update changelog + ([e87e9c9](https://github.com/ory/kratos/commit/e87e9c9ec9cf55351439ab16a778f3ea303ec646)) +- Regenerate and update changelog + ([d6f0794](https://github.com/ory/kratos/commit/d6f0794d53b6e7d6d9e3bc63a77d402e43a29bed)) +- Regenerate and update changelog + ([eb7326c](https://github.com/ory/kratos/commit/eb7326c98c2d5e87a8ac3cd9f2efb43f2552164a)) ### Features -* Redirect to new auth session on expired auth sessions ([#230](https://github.com/ory/kratos/issues/230)) ([b477ecd](https://github.com/ory/kratos/commit/b477ecd47de33a9a45159a298ac288c4ad5a0b55)), closes [#96](https://github.com/ory/kratos/issues/96) - +- Redirect to new auth session on expired auth sessions + ([#230](https://github.com/ory/kratos/issues/230)) + ([b477ecd](https://github.com/ory/kratos/commit/b477ecd47de33a9a45159a298ac288c4ad5a0b55)), + closes [#96](https://github.com/ory/kratos/issues/96) # [0.1.0-alpha.4](https://github.com/ory/kratos/compare/v0.1.0-alpha.3...v0.1.0-alpha.4) (2020-02-06) ci: Bump ory/sdk to 0.1.22 - - - ### Continuous Integration -* Bump ory/sdk to 0.1.22 ([c0d0edf](https://github.com/ory/kratos/commit/c0d0edf1f369ecaeb28d1337930b16222b97337f)) +- Bump ory/sdk to 0.1.22 + ([c0d0edf](https://github.com/ory/kratos/commit/c0d0edf1f369ecaeb28d1337930b16222b97337f)) ### Documentation -* Regenerate and update changelog ([f02afb3](https://github.com/ory/kratos/commit/f02afb3fed310f7fe9c5e6f7df34dfc9738018ad)) - +- Regenerate and update changelog + ([f02afb3](https://github.com/ory/kratos/commit/f02afb3fed310f7fe9c5e6f7df34dfc9738018ad)) # [0.1.0-alpha.3](https://github.com/ory/kratos/compare/v0.1.0-alpha.2...v0.1.0-alpha.3) (2020-02-06) ci: Bump ory/sdk orb - - - ### Continuous Integration -* Bump ory/sdk orb ([65b2ca0](https://github.com/ory/kratos/commit/65b2ca0b8a1da8249aa4b4cb439b1d63aecaf8e0)) - +- Bump ory/sdk orb + ([65b2ca0](https://github.com/ory/kratos/commit/65b2ca0b8a1da8249aa4b4cb439b1d63aecaf8e0)) # [0.1.0-alpha.2](https://github.com/ory/kratos/compare/v0.1.0-alpha.1...v0.1.0-alpha.2) (2020-02-03) docs: Regenerate and update changelog - - - - ### Bug Fixes -* Add paths to sqa middleware ([#216](https://github.com/ory/kratos/issues/216)) ([130c9c2](https://github.com/ory/kratos/commit/130c9c242e1434074d9fa4970b60ccb9b4f2ff47)) -* **daemon:** Register error routes on admin port ([#226](https://github.com/ory/kratos/issues/226)) ([decd8d8](https://github.com/ory/kratos/commit/decd8d8ef8dac3674938b564962238195ffaf017)) -* Set csrf token on public endpoints ([d0b15ae](https://github.com/ory/kratos/commit/d0b15aeca991a94771715a6eabd4a956be41ceda)) +- Add paths to sqa middleware ([#216](https://github.com/ory/kratos/issues/216)) + ([130c9c2](https://github.com/ory/kratos/commit/130c9c242e1434074d9fa4970b60ccb9b4f2ff47)) +- **daemon:** Register error routes on admin port + ([#226](https://github.com/ory/kratos/issues/226)) + ([decd8d8](https://github.com/ory/kratos/commit/decd8d8ef8dac3674938b564962238195ffaf017)) +- Set csrf token on public endpoints + ([d0b15ae](https://github.com/ory/kratos/commit/d0b15aeca991a94771715a6eabd4a956be41ceda)) ### Documentation -* Introduce upgrade guide ([736a3b1](https://github.com/ory/kratos/commit/736a3b19bfe35cc699dea508b4bdb56b3302ba7e)) -* Prepare ecosystem automation ([7013b6c](https://github.com/ory/kratos/commit/7013b6c9a856e05f6ad385eb8ce36c5faf342f5a)) -* Regenerate and update changelog ([f39b942](https://github.com/ory/kratos/commit/f39b9422d79d3e69304f013c85f3850337ca1730)) -* Regenerate and update changelog ([c121601](https://github.com/ory/kratos/commit/c121601b5c741c846d9c478b01aabb9907d81b95)) -* Regenerate and update changelog ([a947d55](https://github.com/ory/kratos/commit/a947d554ba2be94f334568a4e77a501742ca95af)) -* Regenerate and update changelog ([8ba2044](https://github.com/ory/kratos/commit/8ba2044ebb369ea741f99c65163f650c607e6c07)) -* Regenerate and update changelog ([9c023e1](https://github.com/ory/kratos/commit/9c023e1a9288f156c79ea78b3a979d0fefab8825)) -* Regenerate and update changelog ([1e855a9](https://github.com/ory/kratos/commit/1e855a9e0ebd232ba2b07dc4a8bb79b84cd548e6)) -* Regenerate and update changelog ([01ce3a8](https://github.com/ory/kratos/commit/01ce3a891edd84174694111637dd44fe65e48b37)) -* Updates issue and pull request templates ([#222](https://github.com/ory/kratos/issues/222)) ([4daae88](https://github.com/ory/kratos/commit/4daae88af527018e9ee4e1e9717a07dffab427fe)) +- Introduce upgrade guide + ([736a3b1](https://github.com/ory/kratos/commit/736a3b19bfe35cc699dea508b4bdb56b3302ba7e)) +- Prepare ecosystem automation + ([7013b6c](https://github.com/ory/kratos/commit/7013b6c9a856e05f6ad385eb8ce36c5faf342f5a)) +- Regenerate and update changelog + ([f39b942](https://github.com/ory/kratos/commit/f39b9422d79d3e69304f013c85f3850337ca1730)) +- Regenerate and update changelog + ([c121601](https://github.com/ory/kratos/commit/c121601b5c741c846d9c478b01aabb9907d81b95)) +- Regenerate and update changelog + ([a947d55](https://github.com/ory/kratos/commit/a947d554ba2be94f334568a4e77a501742ca95af)) +- Regenerate and update changelog + ([8ba2044](https://github.com/ory/kratos/commit/8ba2044ebb369ea741f99c65163f650c607e6c07)) +- Regenerate and update changelog + ([9c023e1](https://github.com/ory/kratos/commit/9c023e1a9288f156c79ea78b3a979d0fefab8825)) +- Regenerate and update changelog + ([1e855a9](https://github.com/ory/kratos/commit/1e855a9e0ebd232ba2b07dc4a8bb79b84cd548e6)) +- Regenerate and update changelog + ([01ce3a8](https://github.com/ory/kratos/commit/01ce3a891edd84174694111637dd44fe65e48b37)) +- Updates issue and pull request templates + ([#222](https://github.com/ory/kratos/issues/222)) + ([4daae88](https://github.com/ory/kratos/commit/4daae88af527018e9ee4e1e9717a07dffab427fe)) ### Features -* Override semantic config ([#220](https://github.com/ory/kratos/issues/220)) ([9b4214b](https://github.com/ory/kratos/commit/9b4214bf5eac81a92513e04dc5f862b93df86935)) +- Override semantic config ([#220](https://github.com/ory/kratos/issues/220)) + ([9b4214b](https://github.com/ory/kratos/commit/9b4214bf5eac81a92513e04dc5f862b93df86935)) ### Unclassified -* Update CHANGELOG [ci skip] ([ce9390c](https://github.com/ory/kratos/commit/ce9390c27f61966b7ed23244400215c2218bbc0b)) -* refactor!: Improve user-facing error APIs (#219) ([7d4054f](https://github.com/ory/kratos/commit/7d4054f4363da7bc0e943e7abfbd0c804eb7f0c1)), closes [#219](https://github.com/ory/kratos/issues/219) [#204](https://github.com/ory/kratos/issues/204): +- Update CHANGELOG [ci skip] + ([ce9390c](https://github.com/ory/kratos/commit/ce9390c27f61966b7ed23244400215c2218bbc0b)) +- refactor!: Improve user-facing error APIs (#219) + ([7d4054f](https://github.com/ory/kratos/commit/7d4054f4363da7bc0e943e7abfbd0c804eb7f0c1)), + closes [#219](https://github.com/ory/kratos/issues/219) + [#204](https://github.com/ory/kratos/issues/204): - This patch refactors user-facing error APIs: - - - The `/errors` endpoint moved to `/self-service/errors` - - The endpoint is now available at both the Admin and Public API. The Public API requires CSRF Token match or a 403 error will be returned. - - The Public API endpoint no longer returns 404 errors but 403 instead. - - The response payload changed. What was `[{"code": ...}]` is now `{"id": "...", "errors": [{"code": ...}]}` - - This patch requires running `kratos migrate sql` as a new column (`csrf_token`) has been added to the user-facing error store. + This patch refactors user-facing error APIs: -* Update CHANGELOG [ci skip] ([c368a11](https://github.com/ory/kratos/commit/c368a11523a9bcb30a830d65c11e4f6d27417a78)) + - The `/errors` endpoint moved to `/self-service/errors` + - The endpoint is now available at both the Admin and Public API. The Public + API requires CSRF Token match or a 403 error will be returned. + - The Public API endpoint no longer returns 404 errors but 403 instead. + - The response payload changed. What was `[{"code": ...}]` is now + `{"id": "...", "errors": [{"code": ...}]}` + This patch requires running `kratos migrate sql` as a new column + (`csrf_token`) has been added to the user-facing error store. + +- Update CHANGELOG [ci skip] + ([c368a11](https://github.com/ory/kratos/commit/c368a11523a9bcb30a830d65c11e4f6d27417a78)) # [0.1.0-alpha.1](https://github.com/ory/kratos/compare/v0.0.3-alpha.15...v0.1.0-alpha.1) (2020-01-31) @@ -5306,390 +8561,548 @@ docs: Updates issue and pull request templates (#215) Signed-off-by: aeneasr - - - ### Documentation -* Updates issue and pull request templates ([#215](https://github.com/ory/kratos/issues/215)) ([10c45f2](https://github.com/ory/kratos/commit/10c45f23e11abba1ca82095548769cd923a6a6a6)) - +- Updates issue and pull request templates + ([#215](https://github.com/ory/kratos/issues/215)) + ([10c45f2](https://github.com/ory/kratos/commit/10c45f23e11abba1ca82095548769cd923a6a6a6)) # [0.0.3-alpha.15](https://github.com/ory/kratos/compare/v0.0.3-alpha.14...v0.0.3-alpha.15) (2020-01-31) Update permissions in SQLite Dockerfile - - - - ### Unclassified -* Update permissions in SQLite Dockerfile ([1266e53](https://github.com/ory/kratos/commit/1266e533ac9a1f6ec375980cadce9755998f9fe6)) - +- Update permissions in SQLite Dockerfile + ([1266e53](https://github.com/ory/kratos/commit/1266e533ac9a1f6ec375980cadce9755998f9fe6)) # [0.0.3-alpha.14](https://github.com/ory/kratos/compare/v0.0.3-alpha.13...v0.0.3-alpha.14) (2020-01-31) Update README.md - - - ### Unclassified -* Update README.md ([db8d65b](https://github.com/ory/kratos/commit/db8d65bf136223df546aa27f1ecff03d01159624)) - +- Update README.md + ([db8d65b](https://github.com/ory/kratos/commit/db8d65bf136223df546aa27f1ecff03d01159624)) # [0.0.3-alpha.13](https://github.com/ory/kratos/compare/v0.0.3-alpha.12...v0.0.3-alpha.13) (2020-01-31) Allow mounting SQLite in /home/ory/sqlite (#212) - - - - - ### Unclassified -* Allow mounting SQLite in /home/ory/sqlite (#212) ([2fe8c0f](https://github.com/ory/kratos/commit/2fe8c0f752e870028d68e8593a46c0902f673a65)), closes [#212](https://github.com/ory/kratos/issues/212) - +- Allow mounting SQLite in /home/ory/sqlite (#212) + ([2fe8c0f](https://github.com/ory/kratos/commit/2fe8c0f752e870028d68e8593a46c0902f673a65)), + closes [#212](https://github.com/ory/kratos/issues/212) # [0.0.3-alpha.11](https://github.com/ory/kratos/compare/v0.0.3-alpha.10...v0.0.3-alpha.11) (2020-01-31) Clean up cmd and resolve packr2 issues (#211) -This patch addresses issues with the build pipeline caused by an invalid import. Profiling was also added. - - - +This patch addresses issues with the build pipeline caused by an invalid import. +Profiling was also added. ### Unclassified -* Clean up cmd and resolve packr2 issues (#211) ([2e43ec0](https://github.com/ory/kratos/commit/2e43ec09e9d6aa572c4351bfef4c59dfc43f2343)), closes [#211](https://github.com/ory/kratos/issues/211): - - This patch addresses issues with the build pipeline caused by an invalid import. Profiling was also added. +- Clean up cmd and resolve packr2 issues (#211) + ([2e43ec0](https://github.com/ory/kratos/commit/2e43ec09e9d6aa572c4351bfef4c59dfc43f2343)), + closes [#211](https://github.com/ory/kratos/issues/211): -* Improve field types (#209) ([aeefa93](https://github.com/ory/kratos/commit/aeefa93bf0427685f6ffadad5abfaa1fc26ce074)), closes [#209](https://github.com/ory/kratos/issues/209) -* Update CHANGELOG [ci skip] ([fc32207](https://github.com/ory/kratos/commit/fc32207482861b8f989cb1d6fe5d96bf34c54e4c)) + This patch addresses issues with the build pipeline caused by an invalid + import. Profiling was also added. +- Improve field types (#209) + ([aeefa93](https://github.com/ory/kratos/commit/aeefa93bf0427685f6ffadad5abfaa1fc26ce074)), + closes [#209](https://github.com/ory/kratos/issues/209) +- Update CHANGELOG [ci skip] + ([fc32207](https://github.com/ory/kratos/commit/fc32207482861b8f989cb1d6fe5d96bf34c54e4c)) # [0.0.3-alpha.10](https://github.com/ory/kratos/compare/v0.0.3-alpha.9...v0.0.3-alpha.10) (2020-01-31) Update README - - - ### Unclassified -* Update README ([35a310d](https://github.com/ory/kratos/commit/35a310d6de52fa74ad8728b1df67f88ce900aa61)) -* Update CHANGELOG [ci skip] ([3c98745](https://github.com/ory/kratos/commit/3c987455a44b9e12e31619ba9f447e8a5feafc38)) -* Update CHANGELOG [ci skip] ([c1c01df](https://github.com/ory/kratos/commit/c1c01df3a04fc7988bf847e3f31680112f5a642d)) - +- Update README + ([35a310d](https://github.com/ory/kratos/commit/35a310d6de52fa74ad8728b1df67f88ce900aa61)) +- Update CHANGELOG [ci skip] + ([3c98745](https://github.com/ory/kratos/commit/3c987455a44b9e12e31619ba9f447e8a5feafc38)) +- Update CHANGELOG [ci skip] + ([c1c01df](https://github.com/ory/kratos/commit/c1c01df3a04fc7988bf847e3f31680112f5a642d)) # [0.0.3-alpha.7](https://github.com/ory/kratos/compare/v0.0.3-alpha.5...v0.0.3-alpha.7) (2020-01-30) Use correct project root in Dockerfile - - - - ### Unclassified -* Use correct project root in Dockerfile ([3528758](https://github.com/ory/kratos/commit/352875878c74d15b522336b518df339c8ad48e49)) -* Update CHANGELOG [ci skip] ([e78bbbe](https://github.com/ory/kratos/commit/e78bbbecbd9515c02e447efc3208599bf27ef85c)) - +- Use correct project root in Dockerfile + ([3528758](https://github.com/ory/kratos/commit/352875878c74d15b522336b518df339c8ad48e49)) +- Update CHANGELOG [ci skip] + ([e78bbbe](https://github.com/ory/kratos/commit/e78bbbecbd9515c02e447efc3208599bf27ef85c)) # [0.0.3-alpha.5](https://github.com/ory/kratos/compare/v0.0.3-alpha.4...v0.0.3-alpha.5) (2020-01-30) ci: Resolve final docker build issues (#210) - - - - - ### Continuous Integration -* Resolve final docker build issues ([#210](https://github.com/ory/kratos/issues/210)) ([d703a1e](https://github.com/ory/kratos/commit/d703a1e328808df6761a9da5866a3f4df4c7923e)) +- Resolve final docker build issues + ([#210](https://github.com/ory/kratos/issues/210)) + ([d703a1e](https://github.com/ory/kratos/commit/d703a1e328808df6761a9da5866a3f4df4c7923e)) ### Unclassified -* Update CHANGELOG [ci skip] ([ebb1744](https://github.com/ory/kratos/commit/ebb1744d68b8a416774477182b1e2b2cd8bdfc43)) -* Add libmusl to binary output ([e9b8445](https://github.com/ory/kratos/commit/e9b8445f2fc8e9e571ec0b8480cc70fe3251db9e)) - +- Update CHANGELOG [ci skip] + ([ebb1744](https://github.com/ory/kratos/commit/ebb1744d68b8a416774477182b1e2b2cd8bdfc43)) +- Add libmusl to binary output + ([e9b8445](https://github.com/ory/kratos/commit/e9b8445f2fc8e9e571ec0b8480cc70fe3251db9e)) # [0.0.3-alpha.4](https://github.com/ory/kratos/compare/v0.0.3-alpha.3...v0.0.3-alpha.4) (2020-01-30) Update CHANGELOG [ci skip] - - - - ### Unclassified -* Update CHANGELOG [ci skip] ([018c229](https://github.com/ory/kratos/commit/018c229c4cff62e47c1154ca29ab9c70766a43e5)) -* Add and use ory docker user ([cccbe09](https://github.com/ory/kratos/commit/cccbe09cc6e2ad72847206d46afe3e0bf7f79ab5)) -* Update CHANGELOG [ci skip] ([0e436e5](https://github.com/ory/kratos/commit/0e436e57f79692c4c6e0a0c25f48a41654afcda1)) -* Update goreleaser changelog filters ([7e5af97](https://github.com/ory/kratos/commit/7e5af97fded9f56a3cc9d1d92a7726e7b613b586)) -* Update CHANGELOG [ci skip] ([4387503](https://github.com/ory/kratos/commit/438750326c5d6ad1569802c82806e831f43e785e)) - +- Update CHANGELOG [ci skip] + ([018c229](https://github.com/ory/kratos/commit/018c229c4cff62e47c1154ca29ab9c70766a43e5)) +- Add and use ory docker user + ([cccbe09](https://github.com/ory/kratos/commit/cccbe09cc6e2ad72847206d46afe3e0bf7f79ab5)) +- Update CHANGELOG [ci skip] + ([0e436e5](https://github.com/ory/kratos/commit/0e436e57f79692c4c6e0a0c25f48a41654afcda1)) +- Update goreleaser changelog filters + ([7e5af97](https://github.com/ory/kratos/commit/7e5af97fded9f56a3cc9d1d92a7726e7b613b586)) +- Update CHANGELOG [ci skip] + ([4387503](https://github.com/ory/kratos/commit/438750326c5d6ad1569802c82806e831f43e785e)) # [0.0.3-alpha.2](https://github.com/ory/kratos/compare/v0.0.3-alpha.1...v0.0.3-alpha.2) (2020-01-30) Resolve goreleaser build issues (#208) - - - - - - ### Unclassified -* Resolve goreleaser build issues (#208) ([d59a08a](https://github.com/ory/kratos/commit/d59a08a0ef680a984352d7f5068626cc1958185a)), closes [#208](https://github.com/ory/kratos/issues/208) - +- Resolve goreleaser build issues (#208) + ([d59a08a](https://github.com/ory/kratos/commit/d59a08a0ef680a984352d7f5068626cc1958185a)), + closes [#208](https://github.com/ory/kratos/issues/208) # [0.0.3-alpha.1](https://github.com/ory/kratos/compare/v0.0.1-alpha.9...v0.0.3-alpha.1) (2020-01-30) Update CHANGELOG [ci skip] - - - - ### Unclassified -* Update CHANGELOG [ci skip] ([49e09ea](https://github.com/ory/kratos/commit/49e09eaaab1fc681f9330e12ce6e5483c62ee9e3)) -* Take form field orders from JSON Schema (#205) ([a880f0d](https://github.com/ory/kratos/commit/a880f0ddb52fb4366acf8fbd80aabaa9843445a9)), closes [#205](https://github.com/ory/kratos/issues/205) [#176](https://github.com/ory/kratos/issues/176) -* Update CHANGELOG [ci skip] ([ff52bbb](https://github.com/ory/kratos/commit/ff52bbb264542b48658679bf5563b0f3b7ad73c7)) -* Adapt quickstart docker compose config (#207) ([e532583](https://github.com/ory/kratos/commit/e532583b35a22cb39bbab0101bf86c0bf01b1088)), closes [#207](https://github.com/ory/kratos/issues/207) -* Update CHANGELOG [ci skip] ([7f4800b](https://github.com/ory/kratos/commit/7f4800b07556e688ba0cd551438876b3bf23ace5)) -* Update CHANGELOG [ci skip] ([1b2c3f6](https://github.com/ory/kratos/commit/1b2c3f645e64848e7fba6656aa730c7e346ed75d)) -* Rework public and admin fetch strategy (#203) ([99aa169](https://github.com/ory/kratos/commit/99aa1693e758f706f264c2439594e2be37ae9bc6)), closes [#203](https://github.com/ory/kratos/issues/203) [#122](https://github.com/ory/kratos/issues/122) -* Update CHANGELOG [ci skip] ([1cea427](https://github.com/ory/kratos/commit/1cea42780a95d4ebf5520e1c1803fb13ef596d52)) -* ss/profile: Use request ID as query param everywhere (#202) ([ed32b14](https://github.com/ory/kratos/commit/ed32b14f8ea972cf549480f29cbf1b95d010789c)), closes [#202](https://github.com/ory/kratos/issues/202) [#190](https://github.com/ory/kratos/issues/190) -* Update CHANGELOG [ci skip] ([a392027](https://github.com/ory/kratos/commit/a3920278129399ce576c5336c2e50dd015b8f2f8)) -* Update HTTP routes for a consistent API naming (#199) ([9ed4bda](https://github.com/ory/kratos/commit/9ed4bda9f0b0d45e8ac0de0c42b78f717f3d92f3)), closes [#199](https://github.com/ory/kratos/issues/199) [#195](https://github.com/ory/kratos/issues/195) - +- Update CHANGELOG [ci skip] + ([49e09ea](https://github.com/ory/kratos/commit/49e09eaaab1fc681f9330e12ce6e5483c62ee9e3)) +- Take form field orders from JSON Schema (#205) + ([a880f0d](https://github.com/ory/kratos/commit/a880f0ddb52fb4366acf8fbd80aabaa9843445a9)), + closes [#205](https://github.com/ory/kratos/issues/205) + [#176](https://github.com/ory/kratos/issues/176) +- Update CHANGELOG [ci skip] + ([ff52bbb](https://github.com/ory/kratos/commit/ff52bbb264542b48658679bf5563b0f3b7ad73c7)) +- Adapt quickstart docker compose config (#207) + ([e532583](https://github.com/ory/kratos/commit/e532583b35a22cb39bbab0101bf86c0bf01b1088)), + closes [#207](https://github.com/ory/kratos/issues/207) +- Update CHANGELOG [ci skip] + ([7f4800b](https://github.com/ory/kratos/commit/7f4800b07556e688ba0cd551438876b3bf23ace5)) +- Update CHANGELOG [ci skip] + ([1b2c3f6](https://github.com/ory/kratos/commit/1b2c3f645e64848e7fba6656aa730c7e346ed75d)) +- Rework public and admin fetch strategy (#203) + ([99aa169](https://github.com/ory/kratos/commit/99aa1693e758f706f264c2439594e2be37ae9bc6)), + closes [#203](https://github.com/ory/kratos/issues/203) + [#122](https://github.com/ory/kratos/issues/122) +- Update CHANGELOG [ci skip] + ([1cea427](https://github.com/ory/kratos/commit/1cea42780a95d4ebf5520e1c1803fb13ef596d52)) +- ss/profile: Use request ID as query param everywhere (#202) + ([ed32b14](https://github.com/ory/kratos/commit/ed32b14f8ea972cf549480f29cbf1b95d010789c)), + closes [#202](https://github.com/ory/kratos/issues/202) + [#190](https://github.com/ory/kratos/issues/190) +- Update CHANGELOG [ci skip] + ([a392027](https://github.com/ory/kratos/commit/a3920278129399ce576c5336c2e50dd015b8f2f8)) +- Update HTTP routes for a consistent API naming (#199) + ([9ed4bda](https://github.com/ory/kratos/commit/9ed4bda9f0b0d45e8ac0de0c42b78f717f3d92f3)), + closes [#199](https://github.com/ory/kratos/issues/199) + [#195](https://github.com/ory/kratos/issues/195) # [0.0.1-alpha.9](https://github.com/ory/kratos/compare/v0.0.1-alpha.11...v0.0.1-alpha.9) (2020-01-29) ci: Bump goreleaser orb - - - ### Continuous Integration -* Bump goreleaser orb ([29cd754](https://github.com/ory/kratos/commit/29cd754d33ec2f800730bd007f17fc0ce53a51eb)) - +- Bump goreleaser orb + ([29cd754](https://github.com/ory/kratos/commit/29cd754d33ec2f800730bd007f17fc0ce53a51eb)) # [0.0.2-alpha.1](https://github.com/ory/kratos/compare/v0.0.1-alpha.8...v0.0.2-alpha.1) (2020-01-29) Use correct build archive for homebrew - - - ### Unclassified -* Use correct build archive for homebrew ([74ac29f](https://github.com/ory/kratos/commit/74ac29f43f2937cad9065ad3c03cf3cf909cff42)) - +- Use correct build archive for homebrew + ([74ac29f](https://github.com/ory/kratos/commit/74ac29f43f2937cad9065ad3c03cf3cf909cff42)) # [0.0.1-alpha.6](https://github.com/ory/kratos/compare/v0.0.1-alpha.5...v0.0.1-alpha.6) (2020-01-29) ci: Bump goreleaser orb - - - ### Continuous Integration -* Bump goreleaser orb ([018c94c](https://github.com/ory/kratos/commit/018c94ccc9e833f28f827fd10d607a7a1c954ac5)) - +- Bump goreleaser orb + ([018c94c](https://github.com/ory/kratos/commit/018c94ccc9e833f28f827fd10d607a7a1c954ac5)) # [0.0.1-alpha.5](https://github.com/ory/kratos/compare/v0.0.1-alpha.3...v0.0.1-alpha.5) (2020-01-29) ci: Bump goreleaser dependency - - - - ### Continuous Integration -* Bump goreleaser dependency ([ec49bfb](https://github.com/ory/kratos/commit/ec49bfb4b636a72e51d3a68521ba047f97d4c5e6)) +- Bump goreleaser dependency + ([ec49bfb](https://github.com/ory/kratos/commit/ec49bfb4b636a72e51d3a68521ba047f97d4c5e6)) ### Unclassified -* Resolve build issues with CGO (#196) ([298f4ea](https://github.com/ory/kratos/commit/298f4ea85b3e7405929f481b756efe8c5c133479)), closes [#196](https://github.com/ory/kratos/issues/196) -* ss/password: Make form fields an array (#197) ([6cb0058](https://github.com/ory/kratos/commit/6cb005860755ff897ad847f09af50bc911bbc7f0)), closes [#197](https://github.com/ory/kratos/issues/197) [#186](https://github.com/ory/kratos/issues/186) - +- Resolve build issues with CGO (#196) + ([298f4ea](https://github.com/ory/kratos/commit/298f4ea85b3e7405929f481b756efe8c5c133479)), + closes [#196](https://github.com/ory/kratos/issues/196) +- ss/password: Make form fields an array (#197) + ([6cb0058](https://github.com/ory/kratos/commit/6cb005860755ff897ad847f09af50bc911bbc7f0)), + closes [#197](https://github.com/ory/kratos/issues/197) + [#186](https://github.com/ory/kratos/issues/186) # [0.0.1-alpha.3](https://github.com/ory/kratos/compare/ab6f24a85276bdd8687f2fc06390c1279892b005...v0.0.1-alpha.3) (2020-01-28) ci: Only compile goarmv7 - - - - ### Continuous Integration -* Only compile goarmv7 ([d8e7ec7](https://github.com/ory/kratos/commit/d8e7ec788d1b43bcbbe221becde3432fdbf28e9b)) +- Only compile goarmv7 + ([d8e7ec7](https://github.com/ory/kratos/commit/d8e7ec788d1b43bcbbe221becde3432fdbf28e9b)) ### Documentation -* Present ORY Hive to the world ([#107](https://github.com/ory/kratos/issues/107)) ([7883589](https://github.com/ory/kratos/commit/78835897664a5ab5564751fc9f04172f7d20d572)) -* Updates issue and pull request templates ([0441dff](https://github.com/ory/kratos/commit/0441dffe0c439cc54214bf9ee8f4a4bd25206999)) -* Updates issue and pull request templates ([#174](https://github.com/ory/kratos/issues/174)) ([ad405e9](https://github.com/ory/kratos/commit/ad405e9037e2db2910a012f414556fea672e732a)) -* Updates issue and pull request templates ([#39](https://github.com/ory/kratos/issues/39)) ([daf5aa8](https://github.com/ory/kratos/commit/daf5aa89c717de6176ee25119d2e751ae2ef6558)) -* Updates issue and pull request templates ([#40](https://github.com/ory/kratos/issues/40)) ([f5907f3](https://github.com/ory/kratos/commit/f5907f3f248e05511b19ff6dc15bf6f60f8b62da)) -* Updates issue and pull request templates ([#59](https://github.com/ory/kratos/issues/59)) ([8c5612c](https://github.com/ory/kratos/commit/8c5612c080e5b7531028b778b86cc4cde2abd516)) -* Updates issue and pull request templates ([#7](https://github.com/ory/kratos/issues/7)) ([a1220ba](https://github.com/ory/kratos/commit/a1220ba1e950498a6e9594266dc730c9a8731b49)) -* Updates issue and pull request templates ([#8](https://github.com/ory/kratos/issues/8)) ([c56798a](https://github.com/ory/kratos/commit/c56798ab29e72ed308fff840e3b1b98ead19aea6)) +- Present ORY Hive to the world + ([#107](https://github.com/ory/kratos/issues/107)) + ([7883589](https://github.com/ory/kratos/commit/78835897664a5ab5564751fc9f04172f7d20d572)) +- Updates issue and pull request templates + ([0441dff](https://github.com/ory/kratos/commit/0441dffe0c439cc54214bf9ee8f4a4bd25206999)) +- Updates issue and pull request templates + ([#174](https://github.com/ory/kratos/issues/174)) + ([ad405e9](https://github.com/ory/kratos/commit/ad405e9037e2db2910a012f414556fea672e732a)) +- Updates issue and pull request templates + ([#39](https://github.com/ory/kratos/issues/39)) + ([daf5aa8](https://github.com/ory/kratos/commit/daf5aa89c717de6176ee25119d2e751ae2ef6558)) +- Updates issue and pull request templates + ([#40](https://github.com/ory/kratos/issues/40)) + ([f5907f3](https://github.com/ory/kratos/commit/f5907f3f248e05511b19ff6dc15bf6f60f8b62da)) +- Updates issue and pull request templates + ([#59](https://github.com/ory/kratos/issues/59)) + ([8c5612c](https://github.com/ory/kratos/commit/8c5612c080e5b7531028b778b86cc4cde2abd516)) +- Updates issue and pull request templates + ([#7](https://github.com/ory/kratos/issues/7)) + ([a1220ba](https://github.com/ory/kratos/commit/a1220ba1e950498a6e9594266dc730c9a8731b49)) +- Updates issue and pull request templates + ([#8](https://github.com/ory/kratos/issues/8)) + ([c56798a](https://github.com/ory/kratos/commit/c56798ab29e72ed308fff840e3b1b98ead19aea6)) ### Unclassified -* Remove redundant return statement ([7c2989f](https://github.com/ory/kratos/commit/7c2989f52c090bb9900380b4ec74e04d9c37a441)) -* ss/oidc: Remove obsolete request field from form (#193) ([59671ba](https://github.com/ory/kratos/commit/59671badb63009e2440b14868b622adc75cf882f)), closes [#193](https://github.com/ory/kratos/issues/193) [#180](https://github.com/ory/kratos/issues/180) -* strategy/oidc: Allow multiple OIDC Connections (#191) ([8984831](https://github.com/ory/kratos/commit/898483137ff9dc47d65750cd94a973f2e5bee770)), closes [#191](https://github.com/ory/kratos/issues/191) [#114](https://github.com/ory/kratos/issues/114) -* Improve Docker Compose Quickstart (#187) ([9459072](https://github.com/ory/kratos/commit/945907297ded4b18e1bd0e7c9824a975ac7395c6)), closes [#187](https://github.com/ory/kratos/issues/187) [#188](https://github.com/ory/kratos/issues/188) -* selfservice/password: Remove request field and ensure method is set (#183) ([e035adc](https://github.com/ory/kratos/commit/e035adc233198e9b5c9a6e08d442fb5fb3290816)), closes [#183](https://github.com/ory/kratos/issues/183) -* Add tests and fixtures for the config JSON Schema (#171) ([ede9c0e](https://github.com/ory/kratos/commit/ede9c0e9c45ee91e60587311dc18a0a04ff62295)), closes [#171](https://github.com/ory/kratos/issues/171) -* Add example values for config JSON Schema ([12ba728](https://github.com/ory/kratos/commit/12ba7283bf879cd7682d3017c3b3f12e49029d6b)) -* Replace `url` with `uri` format in config JSON Schema ([68eddef](https://github.com/ory/kratos/commit/68eddef0cf179bf61abb999d84d2af19c3703c80)) -* Replace number with integer in config JSON Schema (#177) ([9eff6fd](https://github.com/ory/kratos/commit/9eff6fd09720b11acae089ebfcaf37288bc031b0)), closes [#177](https://github.com/ory/kratos/issues/177) -* Improve `--dev` flag (#167) ([9b61ee1](https://github.com/ory/kratos/commit/9b61ee10bbb4710d6694addfa60c04313855516f)), closes [#167](https://github.com/ory/kratos/issues/167) [#162](https://github.com/ory/kratos/issues/162) -* Add goreleaser orb task (#170) ([5df0def](https://github.com/ory/kratos/commit/5df0defefc95ced289a9c59a4f5deb3c67446e75)), closes [#170](https://github.com/ory/kratos/issues/170) -* Add changelog generation task (#169) ([edd937c](https://github.com/ory/kratos/commit/edd937c21b7e37b2f2e926f0fe62c2e7d4a7d608)), closes [#169](https://github.com/ory/kratos/issues/169) -* Adopt new SDK pipeline (#168) ([21d9b6d](https://github.com/ory/kratos/commit/21d9b6d27adbfe8504fb46ac95952e7cea239085)), closes [#168](https://github.com/ory/kratos/issues/168) -* Add docker-compose quickstart (#153) ([e096190](https://github.com/ory/kratos/commit/e096190e778f22573e30f35e85b7cf147caf851b)), closes [#153](https://github.com/ory/kratos/issues/153) -* Update README (#160) ([533775b](https://github.com/ory/kratos/commit/533775ba78a2c1758c47ed093da6acc18ab951c2)), closes [#160](https://github.com/ory/kratos/issues/160) -* Separate post register/login hooks (#150) ([f4b7812](https://github.com/ory/kratos/commit/f4b78122d9cbe4dcc05b4fd52d94a2d9f1b16eb2)), closes [#150](https://github.com/ory/kratos/issues/150) [#149](https://github.com/ory/kratos/issues/149) -* Update README badges ([4f7838e](https://github.com/ory/kratos/commit/4f7838e69181c5a10e27cde1e241779e4e724909)) -* Bump go-acc and resolve test issues (#154) ([15b1b63](https://github.com/ory/kratos/commit/15b1b630c5363e0e1afbed53285b3f39098c0792)), closes [#154](https://github.com/ory/kratos/issues/154) [#152](https://github.com/ory/kratos/issues/152) [#151](https://github.com/ory/kratos/issues/151): - - Due to a bug in `go-acc`, tests would not run if `-tags sqlite` was supplied as a go tool argument to `go-acc`. This patch resolves that issue and also includes several test patches from previous community PRs and some internal test issues. - -* Add ORY Kratos banner to README (#145) ([23b824f](https://github.com/ory/kratos/commit/23b824f7f99efbc23787508c03506e73a3240a2a)), closes [#145](https://github.com/ory/kratos/issues/145) -* Replace DBAL layer with gobuffalo/pop (#130) ([21d08b8](https://github.com/ory/kratos/commit/21d08b84560230d8a063a418a74efcf53c146872)), closes [#130](https://github.com/ory/kratos/issues/130): - - This is a major refactoring of the internal DBAL. After a successful proof of concept and evaluation of gobuffalo/pop, we believe this to be the best DBAL for Go at the moment. It abstracts a lot of boilerplate code away. - - As with all sophisticated DBALs, pop too has its quirks. There are several issues that have been discovered during testing and adoption: https://github.com/gobuffalo/pop/issues/136 https://github.com/gobuffalo/pop/issues/476 https://github.com/gobuffalo/pop/issues/473 https://github.com/gobuffalo/pop/issues/469 https://github.com/gobuffalo/pop/issues/466 - - However, the upside of moving much of the hard database/sql plumbing into another library cleans up the code base significantly and reduces complexity. - - As part of this change, the "ephermal" DBAL ("in memory") will be removed and sqlite will be used instead. This further reduces complexity of the code base and code-duplication. - - To support sqlite, CGO is required, which means that we need to run tests with `go test -tags sqlite` on a machine that has g++ installed. This also means that we need a Docker Image with `alpine` as opposed to pure `scratch`. While this is certainly a downside, the upside of less maintenance and "free" support for SQLite, PostgreSQL, MySQL, and CockroachDB simply outweighs any downsides that come with CGO. - -* Replace local deps with remote ones ([8605e45](https://github.com/ory/kratos/commit/8605e454cf538e047c5a9c3479372892d6b3f483)) -* ss/profile: Improve success and error flows ([9e0015a](https://github.com/ory/kratos/commit/9e0015acec7f8d927498e48366b377e22ec768b7)), closes [#112](https://github.com/ory/kratos/issues/112): - - This patch completes the profile management flow by implementing proper error and success states and adding several data integrity tests. - -* Rebrand ORY Hive to ORY Kratos (#111) ([ceda7fb](https://github.com/ory/kratos/commit/ceda7fb3472b081f0c6066aa1f282d4ec1787f7b)), closes [#111](https://github.com/ory/kratos/issues/111) -* Fix broken tests and ci linter issues (#104) ([69760fe](https://github.com/ory/kratos/commit/69760fe9fecb2f302dd5c1821185ea990f4e411c)), closes [#104](https://github.com/ory/kratos/issues/104) -* Update to Go modules 1.13 ([1da4d75](https://github.com/ory/kratos/commit/1da4d757bc2434f97c588e395305066edce9ef0d)) -* Resolve minor configuration issues and response errors (#85) ([a44913b](https://github.com/ory/kratos/commit/a44913b26b515333576def6b882861ff2c8d4aff)), closes [#85](https://github.com/ory/kratos/issues/85) -* Clean up dead files (#84) ([e0c96ef](https://github.com/ory/kratos/commit/e0c96effbee2521b12eeedc851b67fa3a1ae41c8)), closes [#84](https://github.com/ory/kratos/issues/84) -* Add health endpoints (#83) ([0e936f7](https://github.com/ory/kratos/commit/0e936f7047bb9eacae0c5107360ce752a23d8282)), closes [#83](https://github.com/ory/kratos/issues/83) [#82](https://github.com/ory/kratos/issues/82) -* Update Dockerfile and related build tools (#80) ([d20c701](https://github.com/ory/kratos/commit/d20c701433cea916d3df4863846cf09743150966)), closes [#80](https://github.com/ory/kratos/issues/80) -* Implement SQL Database adapter (#79) ([86d07c4](https://github.com/ory/kratos/commit/86d07c4a9e3b3e6607e73f4d54b4e7b9f0382e59)), closes [#79](https://github.com/ory/kratos/issues/79) [#69](https://github.com/ory/kratos/issues/69) -* Prevent duplicate signups (#76) ([4c88968](https://github.com/ory/kratos/commit/4c88968a6853396755f61db2673a0cb2201868f7)), closes [#76](https://github.com/ory/kratos/issues/76) [#46](https://github.com/ory/kratos/issues/46) -* Contributing 08 10 19 00 52 45 (#74) ([43b511f](https://github.com/ory/kratos/commit/43b511f1a43be114ac04b377434b22ec8afe465b)), closes [#74](https://github.com/ory/kratos/issues/74) -* Echo form values from oidc signup ([98b1da5](https://github.com/ory/kratos/commit/98b1da5f59d5dcde4416b74ea323af3e29fefa75)), closes [#71](https://github.com/ory/kratos/issues/71) -* Properly decode values in error handler ([5eb9088](https://github.com/ory/kratos/commit/5eb9088efb291256d65fadbd5a803369cc96bdd2)), closes [#71](https://github.com/ory/kratos/issues/71) -* Force path and domain on CSRF cookie (#70) ([a80d8b0](https://github.com/ory/kratos/commit/a80d8b0e0bb16fce530559826de29fd6b9836873)), closes [#70](https://github.com/ory/kratos/issues/70) [#68](https://github.com/ory/kratos/issues/68) -* Require no session when accessing login or sign up (#67) ([c0e0da1](https://github.com/ory/kratos/commit/c0e0da1b38ebadaa33eb5b59dc566731b3320b70)), closes [#67](https://github.com/ory/kratos/issues/67) [#63](https://github.com/ory/kratos/issues/63) -* Add tests for selfservice ErrorHandler (#62) ([4bb9e70](https://github.com/ory/kratos/commit/4bb9e7086ee57c4eb1a73fea436c7b2dec0257b7)), closes [#62](https://github.com/ory/kratos/issues/62) -* Enable Circle CI (#57) ([6fb0afd](https://github.com/ory/kratos/commit/6fb0afd30e3755026b6ffca0cc80f2fe00267681)), closes [#57](https://github.com/ory/kratos/issues/57) [#53](https://github.com/ory/kratos/issues/53) -* OIDC provider selfservice data enrichment (#56) ([936970a](https://github.com/ory/kratos/commit/936970a9abaadeab5c191ff52218bf4f65af2220)), closes [#56](https://github.com/ory/kratos/issues/56) [#23](https://github.com/ory/kratos/issues/23) [#55](https://github.com/ory/kratos/issues/55) -* Remove local jsonschema module override ([cd2a5d8](https://github.com/ory/kratos/commit/cd2a5d8c74b21b122f5d5437702d8c74fb1cb726)) -* Implement identity management, login, and registration (#22) ([bf3395e](https://github.com/ory/kratos/commit/bf3395ea34ecf85303034f3e941a049c8cbd6229)), closes [#22](https://github.com/ory/kratos/issues/22) -* Revert incorrect license changes ([fb9740b](https://github.com/ory/kratos/commit/fb9740b37a94dbdde1a8f4433fb7e5a8b4dac295)) -* Create FUNDING.yml ([3c67ac8](https://github.com/ory/kratos/commit/3c67ac83f58c5b03dc3935d279083268b8a85e0d)) -* Initial commit ([ab6f24a](https://github.com/ory/kratos/commit/ab6f24a85276bdd8687f2fc06390c1279892b005)) -* Add ability to define multiple schemas and serve them over HTTP ([#164](https://github.com/ory/kratos/issues/164)) ([c65119c](https://github.com/ory/kratos/commit/c65119c24378dabd306e5a49f89c28c0367f7c2e)), closes [#86](https://github.com/ory/kratos/issues/86): - - All identity traits schemas have to be configured using a human readable ID and the corresponding URL. This PR enables multiple schemas to be used next to the default schema. - It also adds the kratos.public/schemas/:id endpoint that mirrors all schemas. - -* Add helper for requiring authentication ([3888fbd](https://github.com/ory/kratos/commit/3888fbdc239b7a06c7fca34d08de7d55af69a48c)) -* Add helpers for go-swagger ([165a660](https://github.com/ory/kratos/commit/165a660f277588ed572d7843354c207f72f1678d)): - - See https://github.com/go-swagger/go-swagger/issues/2119 - -* Add profile management and refactor internals ([3ec9263](https://github.com/ory/kratos/commit/3ec9263f597a5949d0de6d10073cc626cfcfcca4)), closes [#112](https://github.com/ory/kratos/issues/112) -* Add session destroyer hook ([#148](https://github.com/ory/kratos/issues/148)) ([d17f002](https://github.com/ory/kratos/commit/d17f002cdfe1f11ebb6bcbb17f6976aa329eab4a)), closes [#139](https://github.com/ory/kratos/issues/139): - - This patch adds a hook that destroys all active session by the identity which is being logged in. This can be useful in scenarios where only one session should be active at any given time. - -* Add SQL adapter ([#100](https://github.com/ory/kratos/issues/100)) ([9e7f998](https://github.com/ory/kratos/commit/9e7f99871e3f09e7ae9ec1c38c8b8cf94d076f45)), closes [#92](https://github.com/ory/kratos/issues/92) -* Explicitly whitelist form parser keys ([#105](https://github.com/ory/kratos/issues/105)) ([28b056e](https://github.com/ory/kratos/commit/28b056e5bbfec645262914c52f0386d70c787a32)), closes [#98](https://github.com/ory/kratos/issues/98): - - Previously the form parser would try to detect the field type by - asserting types for the whole form. That caused passwords - containing only numbers to fail to unmarshal into a string - value. - - This patch resolves that issue by introducing a prefix - option to the BodyParser - -* Fix broken import ([308aa13](https://github.com/ory/kratos/commit/308aa1334dd43bc4bebade4e70e9c81c83fe8806)) -* Handle securecookie errors appropriately ([#101](https://github.com/ory/kratos/issues/101)) ([75bf6fe](https://github.com/ory/kratos/commit/75bf6fe3f79d025f2aaa79d06db39c26430dc3fc)), closes [#97](https://github.com/ory/kratos/issues/97): - - Previously, IsNotAuthenticated would not handle securecookie errors appropriately. - This has been resolved. - -* Implement CRUD for identities ([#60](https://github.com/ory/kratos/issues/60)) ([58a3c24](https://github.com/ory/kratos/commit/58a3c240fca66e1195bf310024a2f8473826bce6)), closes [#58](https://github.com/ory/kratos/issues/58) -* Implement message templates and SMTP delivery ([#146](https://github.com/ory/kratos/issues/146)) ([dc674bf](https://github.com/ory/kratos/commit/dc674bfa7d1fa9ee94b014d09866bbdc0a97c321)), closes [#99](https://github.com/ory/kratos/issues/99): - - This patch adds a message templates (with override capabilities) - and SMTP delivery. - - Integration tests using MailHog test fault resilience and e2e email - delivery. - - This system is designed to be extended for SMS and other use cases. - -* Improve migration command ([#94](https://github.com/ory/kratos/issues/94)) ([2b631de](https://github.com/ory/kratos/commit/2b631de6d621dcebac5318f6dd628646fec7712f)) -* Inject Identity Traits JSON Schema ([3a4c5ad](https://github.com/ory/kratos/commit/3a4c5ad35f885c7d38ffcf1d5836fb485f122fe9)), closes [#189](https://github.com/ory/kratos/issues/189) -* Mark active field as nullable ([#89](https://github.com/ory/kratos/issues/89)) ([292702d](https://github.com/ory/kratos/commit/292702d9e031e43c63e0ecb59354557139499e87)) -* Move package to selfservice ([063b767](https://github.com/ory/kratos/commit/063b7679af76333fc546e94e92b197079e5bdb30)): - - Because this module is primarily used - in selfservice scenarios, it has been - moved to the selfservice parent. - -* Omit request header from login/registration request ([#106](https://github.com/ory/kratos/issues/106)) ([9b07587](https://github.com/ory/kratos/commit/9b07587f2de2b270c5c326e37b2b6b3dbbfa8595)), closes [#95](https://github.com/ory/kratos/issues/95): - - When fetching a login and registration request, the HTTP Request Headers - must not be included in the response, as they contain irrelevant - information for the API caller. - -* Properly handle empty credentials config in sql ([#93](https://github.com/ory/kratos/issues/93)) ([b79c5d1](https://github.com/ory/kratos/commit/b79c5d1d5216e994f986ce739285cb1a89523df5)) -* Re-introduce migration plans to CLI command ([#192](https://github.com/ory/kratos/issues/192)) ([bb32cd3](https://github.com/ory/kratos/commit/bb32cd3cad3cd0bd6f3166de0166701e1f676ac6)), closes [#131](https://github.com/ory/kratos/issues/131) -* Reset CSRF token on principal change ([#64](https://github.com/ory/kratos/issues/64)) ([9c889ab](https://github.com/ory/kratos/commit/9c889ab4f6c846812a4290545fef7d8106da35f0)), closes [#38](https://github.com/ory/kratos/issues/38): - - Add tests for logout. - -* Resolve wrong column reference in sql ([#90](https://github.com/ory/kratos/issues/90)) ([0c0eb87](https://github.com/ory/kratos/commit/0c0eb87cd341bd3e73eb9adb303054b38c103ba9)): - - Reference ic.method instead of ici.method. - - Added regression tests against this particular issue. - -* Update keyword from kratos to ory.sh/kratos ([f45cbe0](https://github.com/ory/kratos/commit/f45cbe0339db8d129522314f3099e6944e4a6ea3)), closes [#115](https://github.com/ory/kratos/issues/115) -* Update sdk generation method ([24aa3d7](https://github.com/ory/kratos/commit/24aa3d73354d5a28f05999a09e7bbbe51a44d44e)) -* Update to ory/x 0.0.80 ([#110](https://github.com/ory/kratos/issues/110)) ([64de2f8](https://github.com/ory/kratos/commit/64de2f86540bf8715a1703d773fa95011603a854)): - - Removes the need for BindEnv() - -* Use JSON Schema to type assert form body ([#116](https://github.com/ory/kratos/issues/116)) ([1944c7c](https://github.com/ory/kratos/commit/1944c7c6e82b5b6a3b9d47db94c8f8f45248feb7)), closes [#109](https://github.com/ory/kratos/issues/109) - - +- Remove redundant return statement + ([7c2989f](https://github.com/ory/kratos/commit/7c2989f52c090bb9900380b4ec74e04d9c37a441)) +- ss/oidc: Remove obsolete request field from form (#193) + ([59671ba](https://github.com/ory/kratos/commit/59671badb63009e2440b14868b622adc75cf882f)), + closes [#193](https://github.com/ory/kratos/issues/193) + [#180](https://github.com/ory/kratos/issues/180) +- strategy/oidc: Allow multiple OIDC Connections (#191) + ([8984831](https://github.com/ory/kratos/commit/898483137ff9dc47d65750cd94a973f2e5bee770)), + closes [#191](https://github.com/ory/kratos/issues/191) + [#114](https://github.com/ory/kratos/issues/114) +- Improve Docker Compose Quickstart (#187) + ([9459072](https://github.com/ory/kratos/commit/945907297ded4b18e1bd0e7c9824a975ac7395c6)), + closes [#187](https://github.com/ory/kratos/issues/187) + [#188](https://github.com/ory/kratos/issues/188) +- selfservice/password: Remove request field and ensure method is set (#183) + ([e035adc](https://github.com/ory/kratos/commit/e035adc233198e9b5c9a6e08d442fb5fb3290816)), + closes [#183](https://github.com/ory/kratos/issues/183) +- Add tests and fixtures for the config JSON Schema (#171) + ([ede9c0e](https://github.com/ory/kratos/commit/ede9c0e9c45ee91e60587311dc18a0a04ff62295)), + closes [#171](https://github.com/ory/kratos/issues/171) +- Add example values for config JSON Schema + ([12ba728](https://github.com/ory/kratos/commit/12ba7283bf879cd7682d3017c3b3f12e49029d6b)) +- Replace `url` with `uri` format in config JSON Schema + ([68eddef](https://github.com/ory/kratos/commit/68eddef0cf179bf61abb999d84d2af19c3703c80)) +- Replace number with integer in config JSON Schema (#177) + ([9eff6fd](https://github.com/ory/kratos/commit/9eff6fd09720b11acae089ebfcaf37288bc031b0)), + closes [#177](https://github.com/ory/kratos/issues/177) +- Improve `--dev` flag (#167) + ([9b61ee1](https://github.com/ory/kratos/commit/9b61ee10bbb4710d6694addfa60c04313855516f)), + closes [#167](https://github.com/ory/kratos/issues/167) + [#162](https://github.com/ory/kratos/issues/162) +- Add goreleaser orb task (#170) + ([5df0def](https://github.com/ory/kratos/commit/5df0defefc95ced289a9c59a4f5deb3c67446e75)), + closes [#170](https://github.com/ory/kratos/issues/170) +- Add changelog generation task (#169) + ([edd937c](https://github.com/ory/kratos/commit/edd937c21b7e37b2f2e926f0fe62c2e7d4a7d608)), + closes [#169](https://github.com/ory/kratos/issues/169) +- Adopt new SDK pipeline (#168) + ([21d9b6d](https://github.com/ory/kratos/commit/21d9b6d27adbfe8504fb46ac95952e7cea239085)), + closes [#168](https://github.com/ory/kratos/issues/168) +- Add docker-compose quickstart (#153) + ([e096190](https://github.com/ory/kratos/commit/e096190e778f22573e30f35e85b7cf147caf851b)), + closes [#153](https://github.com/ory/kratos/issues/153) +- Update README (#160) + ([533775b](https://github.com/ory/kratos/commit/533775ba78a2c1758c47ed093da6acc18ab951c2)), + closes [#160](https://github.com/ory/kratos/issues/160) +- Separate post register/login hooks (#150) + ([f4b7812](https://github.com/ory/kratos/commit/f4b78122d9cbe4dcc05b4fd52d94a2d9f1b16eb2)), + closes [#150](https://github.com/ory/kratos/issues/150) + [#149](https://github.com/ory/kratos/issues/149) +- Update README badges + ([4f7838e](https://github.com/ory/kratos/commit/4f7838e69181c5a10e27cde1e241779e4e724909)) +- Bump go-acc and resolve test issues (#154) + ([15b1b63](https://github.com/ory/kratos/commit/15b1b630c5363e0e1afbed53285b3f39098c0792)), + closes [#154](https://github.com/ory/kratos/issues/154) + [#152](https://github.com/ory/kratos/issues/152) + [#151](https://github.com/ory/kratos/issues/151): + + Due to a bug in `go-acc`, tests would not run if `-tags sqlite` was supplied + as a go tool argument to `go-acc`. This patch resolves that issue and also + includes several test patches from previous community PRs and some internal + test issues. + +- Add ORY Kratos banner to README (#145) + ([23b824f](https://github.com/ory/kratos/commit/23b824f7f99efbc23787508c03506e73a3240a2a)), + closes [#145](https://github.com/ory/kratos/issues/145) +- Replace DBAL layer with gobuffalo/pop (#130) + ([21d08b8](https://github.com/ory/kratos/commit/21d08b84560230d8a063a418a74efcf53c146872)), + closes [#130](https://github.com/ory/kratos/issues/130): + + This is a major refactoring of the internal DBAL. After a successful proof of + concept and evaluation of gobuffalo/pop, we believe this to be the best DBAL + for Go at the moment. It abstracts a lot of boilerplate code away. + + As with all sophisticated DBALs, pop too has its quirks. There are several + issues that have been discovered during testing and adoption: + https://github.com/gobuffalo/pop/issues/136 + https://github.com/gobuffalo/pop/issues/476 + https://github.com/gobuffalo/pop/issues/473 + https://github.com/gobuffalo/pop/issues/469 + https://github.com/gobuffalo/pop/issues/466 + + However, the upside of moving much of the hard database/sql plumbing into + another library cleans up the code base significantly and reduces complexity. + + As part of this change, the "ephermal" DBAL ("in memory") will be removed and + sqlite will be used instead. This further reduces complexity of the code base + and code-duplication. + + To support sqlite, CGO is required, which means that we need to run tests with + `go test -tags sqlite` on a machine that has g++ installed. This also means + that we need a Docker Image with `alpine` as opposed to pure `scratch`. While + this is certainly a downside, the upside of less maintenance and "free" + support for SQLite, PostgreSQL, MySQL, and CockroachDB simply outweighs any + downsides that come with CGO. + +- Replace local deps with remote ones + ([8605e45](https://github.com/ory/kratos/commit/8605e454cf538e047c5a9c3479372892d6b3f483)) +- ss/profile: Improve success and error flows + ([9e0015a](https://github.com/ory/kratos/commit/9e0015acec7f8d927498e48366b377e22ec768b7)), + closes [#112](https://github.com/ory/kratos/issues/112): + + This patch completes the profile management flow by implementing proper error + and success states and adding several data integrity tests. + +- Rebrand ORY Hive to ORY Kratos (#111) + ([ceda7fb](https://github.com/ory/kratos/commit/ceda7fb3472b081f0c6066aa1f282d4ec1787f7b)), + closes [#111](https://github.com/ory/kratos/issues/111) +- Fix broken tests and ci linter issues (#104) + ([69760fe](https://github.com/ory/kratos/commit/69760fe9fecb2f302dd5c1821185ea990f4e411c)), + closes [#104](https://github.com/ory/kratos/issues/104) +- Update to Go modules 1.13 + ([1da4d75](https://github.com/ory/kratos/commit/1da4d757bc2434f97c588e395305066edce9ef0d)) +- Resolve minor configuration issues and response errors (#85) + ([a44913b](https://github.com/ory/kratos/commit/a44913b26b515333576def6b882861ff2c8d4aff)), + closes [#85](https://github.com/ory/kratos/issues/85) +- Clean up dead files (#84) + ([e0c96ef](https://github.com/ory/kratos/commit/e0c96effbee2521b12eeedc851b67fa3a1ae41c8)), + closes [#84](https://github.com/ory/kratos/issues/84) +- Add health endpoints (#83) + ([0e936f7](https://github.com/ory/kratos/commit/0e936f7047bb9eacae0c5107360ce752a23d8282)), + closes [#83](https://github.com/ory/kratos/issues/83) + [#82](https://github.com/ory/kratos/issues/82) +- Update Dockerfile and related build tools (#80) + ([d20c701](https://github.com/ory/kratos/commit/d20c701433cea916d3df4863846cf09743150966)), + closes [#80](https://github.com/ory/kratos/issues/80) +- Implement SQL Database adapter (#79) + ([86d07c4](https://github.com/ory/kratos/commit/86d07c4a9e3b3e6607e73f4d54b4e7b9f0382e59)), + closes [#79](https://github.com/ory/kratos/issues/79) + [#69](https://github.com/ory/kratos/issues/69) +- Prevent duplicate signups (#76) + ([4c88968](https://github.com/ory/kratos/commit/4c88968a6853396755f61db2673a0cb2201868f7)), + closes [#76](https://github.com/ory/kratos/issues/76) + [#46](https://github.com/ory/kratos/issues/46) +- Contributing 08 10 19 00 52 45 (#74) + ([43b511f](https://github.com/ory/kratos/commit/43b511f1a43be114ac04b377434b22ec8afe465b)), + closes [#74](https://github.com/ory/kratos/issues/74) +- Echo form values from oidc signup + ([98b1da5](https://github.com/ory/kratos/commit/98b1da5f59d5dcde4416b74ea323af3e29fefa75)), + closes [#71](https://github.com/ory/kratos/issues/71) +- Properly decode values in error handler + ([5eb9088](https://github.com/ory/kratos/commit/5eb9088efb291256d65fadbd5a803369cc96bdd2)), + closes [#71](https://github.com/ory/kratos/issues/71) +- Force path and domain on CSRF cookie (#70) + ([a80d8b0](https://github.com/ory/kratos/commit/a80d8b0e0bb16fce530559826de29fd6b9836873)), + closes [#70](https://github.com/ory/kratos/issues/70) + [#68](https://github.com/ory/kratos/issues/68) +- Require no session when accessing login or sign up (#67) + ([c0e0da1](https://github.com/ory/kratos/commit/c0e0da1b38ebadaa33eb5b59dc566731b3320b70)), + closes [#67](https://github.com/ory/kratos/issues/67) + [#63](https://github.com/ory/kratos/issues/63) +- Add tests for selfservice ErrorHandler (#62) + ([4bb9e70](https://github.com/ory/kratos/commit/4bb9e7086ee57c4eb1a73fea436c7b2dec0257b7)), + closes [#62](https://github.com/ory/kratos/issues/62) +- Enable Circle CI (#57) + ([6fb0afd](https://github.com/ory/kratos/commit/6fb0afd30e3755026b6ffca0cc80f2fe00267681)), + closes [#57](https://github.com/ory/kratos/issues/57) + [#53](https://github.com/ory/kratos/issues/53) +- OIDC provider selfservice data enrichment (#56) + ([936970a](https://github.com/ory/kratos/commit/936970a9abaadeab5c191ff52218bf4f65af2220)), + closes [#56](https://github.com/ory/kratos/issues/56) + [#23](https://github.com/ory/kratos/issues/23) + [#55](https://github.com/ory/kratos/issues/55) +- Remove local jsonschema module override + ([cd2a5d8](https://github.com/ory/kratos/commit/cd2a5d8c74b21b122f5d5437702d8c74fb1cb726)) +- Implement identity management, login, and registration (#22) + ([bf3395e](https://github.com/ory/kratos/commit/bf3395ea34ecf85303034f3e941a049c8cbd6229)), + closes [#22](https://github.com/ory/kratos/issues/22) +- Revert incorrect license changes + ([fb9740b](https://github.com/ory/kratos/commit/fb9740b37a94dbdde1a8f4433fb7e5a8b4dac295)) +- Create FUNDING.yml + ([3c67ac8](https://github.com/ory/kratos/commit/3c67ac83f58c5b03dc3935d279083268b8a85e0d)) +- Initial commit + ([ab6f24a](https://github.com/ory/kratos/commit/ab6f24a85276bdd8687f2fc06390c1279892b005)) +- Add ability to define multiple schemas and serve them over HTTP + ([#164](https://github.com/ory/kratos/issues/164)) + ([c65119c](https://github.com/ory/kratos/commit/c65119c24378dabd306e5a49f89c28c0367f7c2e)), + closes [#86](https://github.com/ory/kratos/issues/86): + + All identity traits schemas have to be configured using a human readable ID + and the corresponding URL. This PR enables multiple schemas to be used next to + the default schema. It also adds the kratos.public/schemas/:id endpoint that + mirrors all schemas. + +- Add helper for requiring authentication + ([3888fbd](https://github.com/ory/kratos/commit/3888fbdc239b7a06c7fca34d08de7d55af69a48c)) +- Add helpers for go-swagger + ([165a660](https://github.com/ory/kratos/commit/165a660f277588ed572d7843354c207f72f1678d)): + + See https://github.com/go-swagger/go-swagger/issues/2119 + +- Add profile management and refactor internals + ([3ec9263](https://github.com/ory/kratos/commit/3ec9263f597a5949d0de6d10073cc626cfcfcca4)), + closes [#112](https://github.com/ory/kratos/issues/112) +- Add session destroyer hook ([#148](https://github.com/ory/kratos/issues/148)) + ([d17f002](https://github.com/ory/kratos/commit/d17f002cdfe1f11ebb6bcbb17f6976aa329eab4a)), + closes [#139](https://github.com/ory/kratos/issues/139): + + This patch adds a hook that destroys all active session by the identity which + is being logged in. This can be useful in scenarios where only one session + should be active at any given time. + +- Add SQL adapter ([#100](https://github.com/ory/kratos/issues/100)) + ([9e7f998](https://github.com/ory/kratos/commit/9e7f99871e3f09e7ae9ec1c38c8b8cf94d076f45)), + closes [#92](https://github.com/ory/kratos/issues/92) +- Explicitly whitelist form parser keys + ([#105](https://github.com/ory/kratos/issues/105)) + ([28b056e](https://github.com/ory/kratos/commit/28b056e5bbfec645262914c52f0386d70c787a32)), + closes [#98](https://github.com/ory/kratos/issues/98): + + Previously the form parser would try to detect the field type by asserting + types for the whole form. That caused passwords containing only numbers to + fail to unmarshal into a string value. + + This patch resolves that issue by introducing a prefix option to the + BodyParser + +- Fix broken import + ([308aa13](https://github.com/ory/kratos/commit/308aa1334dd43bc4bebade4e70e9c81c83fe8806)) +- Handle securecookie errors appropriately + ([#101](https://github.com/ory/kratos/issues/101)) + ([75bf6fe](https://github.com/ory/kratos/commit/75bf6fe3f79d025f2aaa79d06db39c26430dc3fc)), + closes [#97](https://github.com/ory/kratos/issues/97): + + Previously, IsNotAuthenticated would not handle securecookie errors + appropriately. This has been resolved. + +- Implement CRUD for identities ([#60](https://github.com/ory/kratos/issues/60)) + ([58a3c24](https://github.com/ory/kratos/commit/58a3c240fca66e1195bf310024a2f8473826bce6)), + closes [#58](https://github.com/ory/kratos/issues/58) +- Implement message templates and SMTP delivery + ([#146](https://github.com/ory/kratos/issues/146)) + ([dc674bf](https://github.com/ory/kratos/commit/dc674bfa7d1fa9ee94b014d09866bbdc0a97c321)), + closes [#99](https://github.com/ory/kratos/issues/99): + + This patch adds a message templates (with override capabilities) and SMTP + delivery. + + Integration tests using MailHog test fault resilience and e2e email delivery. + + This system is designed to be extended for SMS and other use cases. + +- Improve migration command ([#94](https://github.com/ory/kratos/issues/94)) + ([2b631de](https://github.com/ory/kratos/commit/2b631de6d621dcebac5318f6dd628646fec7712f)) +- Inject Identity Traits JSON Schema + ([3a4c5ad](https://github.com/ory/kratos/commit/3a4c5ad35f885c7d38ffcf1d5836fb485f122fe9)), + closes [#189](https://github.com/ory/kratos/issues/189) +- Mark active field as nullable ([#89](https://github.com/ory/kratos/issues/89)) + ([292702d](https://github.com/ory/kratos/commit/292702d9e031e43c63e0ecb59354557139499e87)) +- Move package to selfservice + ([063b767](https://github.com/ory/kratos/commit/063b7679af76333fc546e94e92b197079e5bdb30)): + + Because this module is primarily used in selfservice scenarios, it has been + moved to the selfservice parent. + +- Omit request header from login/registration request + ([#106](https://github.com/ory/kratos/issues/106)) + ([9b07587](https://github.com/ory/kratos/commit/9b07587f2de2b270c5c326e37b2b6b3dbbfa8595)), + closes [#95](https://github.com/ory/kratos/issues/95): + + When fetching a login and registration request, the HTTP Request Headers must + not be included in the response, as they contain irrelevant information for + the API caller. + +- Properly handle empty credentials config in sql + ([#93](https://github.com/ory/kratos/issues/93)) + ([b79c5d1](https://github.com/ory/kratos/commit/b79c5d1d5216e994f986ce739285cb1a89523df5)) +- Re-introduce migration plans to CLI command + ([#192](https://github.com/ory/kratos/issues/192)) + ([bb32cd3](https://github.com/ory/kratos/commit/bb32cd3cad3cd0bd6f3166de0166701e1f676ac6)), + closes [#131](https://github.com/ory/kratos/issues/131) +- Reset CSRF token on principal change + ([#64](https://github.com/ory/kratos/issues/64)) + ([9c889ab](https://github.com/ory/kratos/commit/9c889ab4f6c846812a4290545fef7d8106da35f0)), + closes [#38](https://github.com/ory/kratos/issues/38): + + Add tests for logout. + +- Resolve wrong column reference in sql + ([#90](https://github.com/ory/kratos/issues/90)) + ([0c0eb87](https://github.com/ory/kratos/commit/0c0eb87cd341bd3e73eb9adb303054b38c103ba9)): + + Reference ic.method instead of ici.method. + + Added regression tests against this particular issue. + +- Update keyword from kratos to ory.sh/kratos + ([f45cbe0](https://github.com/ory/kratos/commit/f45cbe0339db8d129522314f3099e6944e4a6ea3)), + closes [#115](https://github.com/ory/kratos/issues/115) +- Update sdk generation method + ([24aa3d7](https://github.com/ory/kratos/commit/24aa3d73354d5a28f05999a09e7bbbe51a44d44e)) +- Update to ory/x 0.0.80 ([#110](https://github.com/ory/kratos/issues/110)) + ([64de2f8](https://github.com/ory/kratos/commit/64de2f86540bf8715a1703d773fa95011603a854)): + + Removes the need for BindEnv() + +- Use JSON Schema to type assert form body + ([#116](https://github.com/ory/kratos/issues/116)) + ([1944c7c](https://github.com/ory/kratos/commit/1944c7c6e82b5b6a3b9d47db94c8f8f45248feb7)), + closes [#109](https://github.com/ory/kratos/issues/109) From 29aa3b6c37b3a173dcfeb02fdad4abc83774bc0b Mon Sep 17 00:00:00 2001 From: Erol Keskin Date: Mon, 25 Jul 2022 12:02:20 +0300 Subject: [PATCH 184/411] fix: disappearing title label on verification and recovery flow (#2613) Closes #2591 --- ...the_correct_recovery_payloads_after_submission.json | 8 +++++++- ...correct_verification_payloads_after_submission.json | 8 +++++++- selfservice/strategy/link/strategy_recovery.go | 4 ++-- selfservice/strategy/link/strategy_verification.go | 4 ++-- test/e2e/cypress/support/commands.ts | 10 ++++++++++ 5 files changed, 28 insertions(+), 6 deletions(-) diff --git a/selfservice/strategy/link/.snapshots/TestRecovery-description=should_set_all_the_correct_recovery_payloads_after_submission.json b/selfservice/strategy/link/.snapshots/TestRecovery-description=should_set_all_the_correct_recovery_payloads_after_submission.json index be31751d7837..498575cfee1b 100644 --- a/selfservice/strategy/link/.snapshots/TestRecovery-description=should_set_all_the_correct_recovery_payloads_after_submission.json +++ b/selfservice/strategy/link/.snapshots/TestRecovery-description=should_set_all_the_correct_recovery_payloads_after_submission.json @@ -24,7 +24,13 @@ "node_type": "input" }, "messages": [], - "meta": {} + "meta": { + "label": { + "id": 1070007, + "text": "Email", + "type": "info" + } + } }, { "type": "input", diff --git a/selfservice/strategy/link/.snapshots/TestVerification-description=should_set_all_the_correct_verification_payloads_after_submission.json b/selfservice/strategy/link/.snapshots/TestVerification-description=should_set_all_the_correct_verification_payloads_after_submission.json index be31751d7837..498575cfee1b 100644 --- a/selfservice/strategy/link/.snapshots/TestVerification-description=should_set_all_the_correct_verification_payloads_after_submission.json +++ b/selfservice/strategy/link/.snapshots/TestVerification-description=should_set_all_the_correct_verification_payloads_after_submission.json @@ -24,7 +24,13 @@ "node_type": "input" }, "messages": [], - "meta": {} + "meta": { + "label": { + "id": 1070007, + "text": "Email", + "type": "info" + } + } }, { "type": "input", diff --git a/selfservice/strategy/link/strategy_recovery.go b/selfservice/strategy/link/strategy_recovery.go index df95f40c1290..7ae56c4a3477 100644 --- a/selfservice/strategy/link/strategy_recovery.go +++ b/selfservice/strategy/link/strategy_recovery.go @@ -437,7 +437,7 @@ func (s *Strategy) recoveryHandleFormSubmission(w http.ResponseWriter, r *http.R f.UI.SetCSRF(s.d.GenerateCSRFToken(r)) f.UI.GetNodes().Upsert( // v0.5: form.Field{Name: "email", Type: "email", Required: true, Value: body.Body.Email} - node.NewInputField("email", body.Email, node.LinkGroup, node.InputAttributeTypeEmail, node.WithRequiredInputAttribute), + node.NewInputField("email", body.Email, node.LinkGroup, node.InputAttributeTypeEmail, node.WithRequiredInputAttribute).WithMetaLabel(text.NewInfoNodeInputEmail()), ) f.Active = sqlxx.NullString(s.RecoveryNodeGroup()) @@ -483,7 +483,7 @@ func (s *Strategy) HandleRecoveryError(w http.ResponseWriter, r *http.Request, r req.UI.SetCSRF(s.d.GenerateCSRFToken(r)) req.UI.GetNodes().Upsert( // v0.5: form.Field{Name: "email", Type: "email", Required: true, Value: body.Body.Email} - node.NewInputField("email", email, node.LinkGroup, node.InputAttributeTypeEmail, node.WithRequiredInputAttribute), + node.NewInputField("email", email, node.LinkGroup, node.InputAttributeTypeEmail, node.WithRequiredInputAttribute).WithMetaLabel(text.NewInfoNodeInputEmail()), ) } diff --git a/selfservice/strategy/link/strategy_verification.go b/selfservice/strategy/link/strategy_verification.go index f5d1d9999e73..65599959d120 100644 --- a/selfservice/strategy/link/strategy_verification.go +++ b/selfservice/strategy/link/strategy_verification.go @@ -75,7 +75,7 @@ func (s *Strategy) handleVerificationError(w http.ResponseWriter, r *http.Reques f.UI.SetCSRF(s.d.GenerateCSRFToken(r)) f.UI.GetNodes().Upsert( // v0.5: form.Field{Name: "email", Type: "email", Required: true, Value: body.Body.Email} - node.NewInputField("email", body.Email, node.LinkGroup, node.InputAttributeTypeEmail, node.WithRequiredInputAttribute), + node.NewInputField("email", body.Email, node.LinkGroup, node.InputAttributeTypeEmail, node.WithRequiredInputAttribute).WithMetaLabel(text.NewInfoNodeInputEmail()), ) } @@ -166,7 +166,7 @@ func (s *Strategy) verificationHandleFormSubmission(w http.ResponseWriter, r *ht f.UI.SetCSRF(s.d.GenerateCSRFToken(r)) f.UI.GetNodes().Upsert( // v0.5: form.Field{Name: "email", Type: "email", Required: true, Value: body.Body.Email} - node.NewInputField("email", body.Email, node.LinkGroup, node.InputAttributeTypeEmail, node.WithRequiredInputAttribute), + node.NewInputField("email", body.Email, node.LinkGroup, node.InputAttributeTypeEmail, node.WithRequiredInputAttribute).WithMetaLabel(text.NewInfoNodeInputEmail()), ) f.Active = sqlxx.NullString(s.VerificationNodeGroup()) diff --git a/test/e2e/cypress/support/commands.ts b/test/e2e/cypress/support/commands.ts index ab21496b785e..deb093b2d462 100644 --- a/test/e2e/cypress/support/commands.ts +++ b/test/e2e/cypress/support/commands.ts @@ -396,6 +396,11 @@ Cypress.Commands.add('recoverApi', ({ email, returnTo }) => { cy.request({ url }) .then(({ body }) => { const form = body.ui + // label should still exist after request, for more detail: #2591 + expect(form.nodes[1].meta).to.not.be.null + expect(form.nodes[1].meta.label).to.not.be.null + expect(form.nodes[1].meta.label.text).to.equal('Email') + return cy.request({ method: form.method, body: mergeFields(form, { email, method: 'link' }), @@ -415,6 +420,11 @@ Cypress.Commands.add('verificationApi', ({ email, returnTo }) => { cy.request({ url }) .then(({ body }) => { const form = body.ui + // label should still exist after request, for more detail: #2591 + expect(form.nodes[1].meta).to.not.be.null + expect(form.nodes[1].meta.label).to.not.be.null + expect(form.nodes[1].meta.label.text).to.equal('Email') + return cy.request({ method: form.method, body: mergeFields(form, { email, method: 'link' }), From aaabe754659b96d2a5b727c4cada3ec300624434 Mon Sep 17 00:00:00 2001 From: Tomasz Tomalak <12939493+t-tomalak@users.noreply.github.com> Date: Mon, 25 Jul 2022 11:03:16 +0200 Subject: [PATCH 185/411] fix: debugging Docker setup (#2616) --- .docker/Dockerfile-debug | 2 +- script/debug-entrypoint.sh | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.docker/Dockerfile-debug b/.docker/Dockerfile-debug index 24e59568c53e..3d1b4ea052d9 100644 --- a/.docker/Dockerfile-debug +++ b/.docker/Dockerfile-debug @@ -2,7 +2,7 @@ FROM golang:1.18-buster ENV CGO_ENABLED 1 RUN apt-get update && apt-get install -y --no-install-recommends inotify-tools psmisc -RUN go get github.com/go-delve/delve/cmd/dlv +RUN go install github.com/go-delve/delve/cmd/dlv@latest COPY script/debug-entrypoint.sh /entrypoint.sh diff --git a/script/debug-entrypoint.sh b/script/debug-entrypoint.sh index f810bb23e95b..28b0e15c1eab 100755 --- a/script/debug-entrypoint.sh +++ b/script/debug-entrypoint.sh @@ -17,7 +17,7 @@ build() { log "Building ${SERVICE_NAME} binary" go env -w GOPROXY="proxy.golang.org,direct" go mod download - go build -gcflags "all=-N -l" -o /${SERVICE_NAME} + go build -buildvcs=false -gcflags "all=-N -l" -o /${SERVICE_NAME} } start() { From 2b253769f0a0aacc2b2915c1f86d1a33c0a31a99 Mon Sep 17 00:00:00 2001 From: ory-bot <60093411+ory-bot@users.noreply.github.com> Date: Mon, 25 Jul 2022 09:49:04 +0000 Subject: [PATCH 186/411] autogen(docs): regenerate and update changelog [skip ci] --- CHANGELOG.md | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index bc12de4e429f..7f3d9b21b80a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,7 +4,7 @@ **Table of Contents** -- [ (2022-07-23)](#2022-07-23) +- [ (2022-07-25)](#2022-07-25) - [Breaking Changes](#breaking-changes) - [Bug Fixes](#bug-fixes) - [Code Refactoring](#code-refactoring) @@ -263,7 +263,7 @@ -# [](https://github.com/ory/kratos/compare/v0.10.1...v) (2022-07-23) +# [](https://github.com/ory/kratos/compare/v0.10.1...v) (2022-07-25) ## Breaking Changes @@ -289,6 +289,12 @@ SDK Method `getJsonSchema` was renamed to `getIdentitySchema`. ([9ce2d26](https://github.com/ory/kratos/commit/9ce2d260338f020e2da077e81464e520883f582b)) - **cli:** Dry up code ([#2572](https://github.com/ory/kratos/issues/2572)) ([d1b6b40](https://github.com/ory/kratos/commit/d1b6b40aa9dcc7a3ec9237eec28c4fa55f0b8627)) +- Debugging Docker setup ([#2616](https://github.com/ory/kratos/issues/2616)) + ([aaabe75](https://github.com/ory/kratos/commit/aaabe754659b96d2a5b727c4cada3ec300624434)) +- Disappearing title label on verification and recovery flow + ([#2613](https://github.com/ory/kratos/issues/2613)) + ([29aa3b6](https://github.com/ory/kratos/commit/29aa3b6c37b3a173dcfeb02fdad4abc83774bc0b)), + closes [#2591](https://github.com/ory/kratos/issues/2591) - **docker:** Update images ([b5f80c1](https://github.com/ory/kratos/commit/b5f80c1198e4bb9ed392521daca934548eb21ee6)) - Duplicate messages in recovery flow From 8800085d5bde32367217170d00f7141b7ea46733 Mon Sep 17 00:00:00 2001 From: hackerman <3372410+aeneasr@users.noreply.github.com> Date: Tue, 26 Jul 2022 12:46:21 +0200 Subject: [PATCH 187/411] fix(sdk): rust compile issue with required enum (#2619) Co-authored-by: ory-bot <60093411+ory-bot@users.noreply.github.com> --- .schema/openapi/patches/schema.yaml | 3 +++ ui/node/attributes.go | 2 -- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/.schema/openapi/patches/schema.yaml b/.schema/openapi/patches/schema.yaml index a06a4e495b87..8dca42320381 100644 --- a/.schema/openapi/patches/schema.yaml +++ b/.schema/openapi/patches/schema.yaml @@ -23,6 +23,9 @@ # Makes the uiNodeInputAttributes value attribute polymorph - op: remove path: /components/schemas/uiNodeInputAttributes/properties/value/type +# Workaround until https://github.com/OpenAPITools/openapi-generator/issues/13020 is fixed +- op: remove + path: /components/schemas/uiNodeInputAttributes/properties/autocomplete/enum - op: add path: /components/schemas/uiNodeInputAttributes/properties/value/nullable value: true diff --git a/ui/node/attributes.go b/ui/node/attributes.go index 4300d218f233..28dbd02ecb38 100644 --- a/ui/node/attributes.go +++ b/ui/node/attributes.go @@ -62,8 +62,6 @@ type InputAttributes struct { Name string `json:"name"` // The input's element type. - // - // required: true Type UiNodeInputAttributeType `json:"type" faker:"-"` // The input's value. From 1b677733b7488f95673a58c9c5b2600939855a48 Mon Sep 17 00:00:00 2001 From: ory-bot <60093411+ory-bot@users.noreply.github.com> Date: Tue, 26 Jul 2022 10:48:05 +0000 Subject: [PATCH 188/411] autogen(openapi): regenerate swagger spec and internal client [skip ci] --- internal/httpclient/api/openapi.yaml | 8 ----- .../httpclient/docs/UiNodeInputAttributes.md | 9 +++-- .../model_ui_node_input_attributes.go | 33 +++++++++++-------- spec/api.json | 9 ----- spec/swagger.json | 1 - 5 files changed, 27 insertions(+), 33 deletions(-) diff --git a/internal/httpclient/api/openapi.yaml b/internal/httpclient/api/openapi.yaml index 612b46960baa..6ee09e5814b8 100644 --- a/internal/httpclient/api/openapi.yaml +++ b/internal/httpclient/api/openapi.yaml @@ -5475,13 +5475,6 @@ components: properties: autocomplete: description: The autocomplete attribute for the input. - enum: - - email - - tel - - url - - current-password - - new-password - - one-time-code type: string disabled: description: Sets the input's disabled field to true or false. @@ -5530,7 +5523,6 @@ components: - disabled - name - node_type - - type type: object uiNodeMeta: description: |- diff --git a/internal/httpclient/docs/UiNodeInputAttributes.md b/internal/httpclient/docs/UiNodeInputAttributes.md index 2758b6bbaf83..94bcfb643b09 100644 --- a/internal/httpclient/docs/UiNodeInputAttributes.md +++ b/internal/httpclient/docs/UiNodeInputAttributes.md @@ -12,14 +12,14 @@ Name | Type | Description | Notes **Onclick** | Pointer to **string** | OnClick may contain javascript which should be executed on click. This is primarily used for WebAuthn. | [optional] **Pattern** | Pointer to **string** | The input's pattern. | [optional] **Required** | Pointer to **bool** | Mark this input field as required. | [optional] -**Type** | **string** | The input's element type. | +**Type** | Pointer to **string** | The input's element type. | [optional] **Value** | Pointer to **interface{}** | The input's value. | [optional] ## Methods ### NewUiNodeInputAttributes -`func NewUiNodeInputAttributes(disabled bool, name string, nodeType string, type_ string, ) *UiNodeInputAttributes` +`func NewUiNodeInputAttributes(disabled bool, name string, nodeType string, ) *UiNodeInputAttributes` NewUiNodeInputAttributes instantiates a new UiNodeInputAttributes object This constructor will assign default values to properties that have it defined, @@ -238,6 +238,11 @@ and a boolean to check if the value has been set. SetType sets Type field to given value. +### HasType + +`func (o *UiNodeInputAttributes) HasType() bool` + +HasType returns a boolean if a field has been set. ### GetValue diff --git a/internal/httpclient/model_ui_node_input_attributes.go b/internal/httpclient/model_ui_node_input_attributes.go index c6def217c1d1..ae6e9c5df39e 100644 --- a/internal/httpclient/model_ui_node_input_attributes.go +++ b/internal/httpclient/model_ui_node_input_attributes.go @@ -33,7 +33,7 @@ type UiNodeInputAttributes struct { // Mark this input field as required. Required *bool `json:"required,omitempty"` // The input's element type. - Type string `json:"type"` + Type *string `json:"type,omitempty"` // The input's value. Value interface{} `json:"value,omitempty"` } @@ -42,12 +42,11 @@ type UiNodeInputAttributes struct { // This constructor will assign default values to properties that have it defined, // and makes sure properties required by API are set, but the set of arguments // will change when the set of required properties is changed -func NewUiNodeInputAttributes(disabled bool, name string, nodeType string, type_ string) *UiNodeInputAttributes { +func NewUiNodeInputAttributes(disabled bool, name string, nodeType string) *UiNodeInputAttributes { this := UiNodeInputAttributes{} this.Disabled = disabled this.Name = name this.NodeType = nodeType - this.Type = type_ return &this } @@ -291,28 +290,36 @@ func (o *UiNodeInputAttributes) SetRequired(v bool) { o.Required = &v } -// GetType returns the Type field value +// GetType returns the Type field value if set, zero value otherwise. func (o *UiNodeInputAttributes) GetType() string { - if o == nil { + if o == nil || o.Type == nil { var ret string return ret } - - return o.Type + return *o.Type } -// GetTypeOk returns a tuple with the Type field value +// GetTypeOk returns a tuple with the Type field value if set, nil otherwise // and a boolean to check if the value has been set. func (o *UiNodeInputAttributes) GetTypeOk() (*string, bool) { - if o == nil { + if o == nil || o.Type == nil { return nil, false } - return &o.Type, true + return o.Type, true +} + +// HasType returns a boolean if a field has been set. +func (o *UiNodeInputAttributes) HasType() bool { + if o != nil && o.Type != nil { + return true + } + + return false } -// SetType sets field value +// SetType gets a reference to the given string and assigns it to the Type field. func (o *UiNodeInputAttributes) SetType(v string) { - o.Type = v + o.Type = &v } // GetValue returns the Value field value if set, zero value otherwise (both if not set or set to explicit null). @@ -374,7 +381,7 @@ func (o UiNodeInputAttributes) MarshalJSON() ([]byte, error) { if o.Required != nil { toSerialize["required"] = o.Required } - if true { + if o.Type != nil { toSerialize["type"] = o.Type } if o.Value != nil { diff --git a/spec/api.json b/spec/api.json index 2cfa9c4e6011..395cd73d705a 100755 --- a/spec/api.json +++ b/spec/api.json @@ -2055,14 +2055,6 @@ "properties": { "autocomplete": { "description": "The autocomplete attribute for the input.", - "enum": [ - "email", - "tel", - "url", - "current-password", - "new-password", - "one-time-code" - ], "type": "string" }, "disabled": { @@ -2117,7 +2109,6 @@ }, "required": [ "name", - "type", "disabled", "node_type" ], diff --git a/spec/swagger.json b/spec/swagger.json index 3bab3006bcd5..4ac5abb760b7 100755 --- a/spec/swagger.json +++ b/spec/swagger.json @@ -4340,7 +4340,6 @@ "type": "object", "required": [ "name", - "type", "disabled", "node_type" ], From 191cee8cddb4ef2baa029dbbe6ae8358e9946c96 Mon Sep 17 00:00:00 2001 From: aeneasr <3372410+aeneasr@users.noreply.github.com> Date: Wed, 27 Jul 2022 06:42:00 +0000 Subject: [PATCH 189/411] chore: update repository templates [skip ci] - updated repository templates to https://github.com/ory/meta/commit/32137ce422e5241bef5d7fd12c928ad39e34add0 --- .github/workflows/conventional_commits.yml | 73 ++++++++-------------- package-lock.json | 2 +- 2 files changed, 28 insertions(+), 47 deletions(-) diff --git a/.github/workflows/conventional_commits.yml b/.github/workflows/conventional_commits.yml index 9d92dcb88846..eb5de549dce3 100644 --- a/.github/workflows/conventional_commits.yml +++ b/.github/workflows/conventional_commits.yml @@ -1,8 +1,19 @@ name: Conventional commits +# This GitHub CI Action enforces that pull request titles follow conventional commits. +# More info at https://www.conventionalcommits.org. +# +# The Ory-wide defaults for commit titles and scopes are below. +# Your repository can add/replace elements via a configuration file at the path below. +# More info at https://github.com/ory/ci/blob/master/conventional_commit_config/README.md + on: - pull_request_target: # enable Pull Requests from forks, uses config from master branch - types: [opened, edited, reopened, ready_for_review] + pull_request_target: + types: + - edited + - opened + - ready_for_review + - reopened # pull_request: # for debugging, uses config in local branch but supports only Pull Requests from this repo jobs: @@ -10,12 +21,12 @@ jobs: name: Validate PR title runs-on: ubuntu-latest steps: - - uses: amannn/action-semantic-pull-request@v4 - id: check-title - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + - uses: actions/checkout@v3 + - id: config + uses: ory/ci/conventional_commit_config@master with: - types: | + config_path: .github/conventional_commits.json + default_types: | feat fix revert @@ -28,48 +39,18 @@ jobs: security ci chore - - scopes: | - blog - cms + default_scopes: | deps docs - home - hydra - keto - kratos - stats - - requireScope: false - - # Configure which scopes are disallowed in PR titles. For instance by setting - # the value below, `chore(release): ...` and `ci(e2e,release): ...` will be rejected. - # disallowScopes: | - # release - - # Configure additional validation for the subject based on a regex. - # This example ensures the subject doesn't start with an uppercase character. + default_require_scope: false + - uses: amannn/action-semantic-pull-request@v4 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + with: + types: ${{ steps.config.outputs.types }} + scopes: ${{ steps.config.outputs.scopes }} + requireScope: ${{ steps.config.outputs.requireScope }} subjectPattern: ^(?![A-Z]).+$ - - # If `subjectPattern` is configured, you can use this property to override - # the default error message that is shown when the pattern doesn't match. - # The variables `subject` and `title` can be used within the message. subjectPatternError: | The subject should start with a lowercase letter, yours is uppercase: "{subject}" - - # If the PR contains one of these labels, the validation is skipped. - # Multiple labels can be separated by newlines. - # If you want to rerun the validation when labels change, you might want - # to use the `labeled` and `unlabeled` event triggers in your workflow. - # ignoreLabels: | - # bot - # ignore-semantic-pull-request - - # For work-in-progress PRs you can typically use draft pull requests - # from GitHub. However, private repositories on the free plan don't have - # this option and therefore this action allows you to opt-in to using the - # special "[WIP]" prefix to indicate this state. This will avoid the - # validation of the PR title and the pull request checks remain pending. - # Note that a second check will be reported if this is enabled. - # wip: true diff --git a/package-lock.json b/package-lock.json index 1f443c4dcdc8..da4787b2dd17 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,5 +1,5 @@ { - "name": "tmp.GfwTlCXnLq", + "name": "tmp.0uMB6SBgXB", "lockfileVersion": 2, "requires": true, "packages": { From fee154b28dfb3007f8d20a807cfd6d362c3bd9e7 Mon Sep 17 00:00:00 2001 From: hackerman <3372410+aeneasr@users.noreply.github.com> Date: Wed, 27 Jul 2022 10:31:33 +0200 Subject: [PATCH 190/411] fix: revert removal of required field in uiNodeInputAttributes (#2623) Co-authored-by: ory-bot <60093411+ory-bot@users.noreply.github.com> --- internal/httpclient/api/openapi.yaml | 1 + .../httpclient/docs/UiNodeInputAttributes.md | 9 ++--- .../model_ui_node_input_attributes.go | 33 ++++++++----------- spec/api.json | 1 + spec/swagger.json | 1 + ui/node/attributes.go | 2 ++ 6 files changed, 20 insertions(+), 27 deletions(-) diff --git a/internal/httpclient/api/openapi.yaml b/internal/httpclient/api/openapi.yaml index 6ee09e5814b8..ebc48c690bc1 100644 --- a/internal/httpclient/api/openapi.yaml +++ b/internal/httpclient/api/openapi.yaml @@ -5523,6 +5523,7 @@ components: - disabled - name - node_type + - type type: object uiNodeMeta: description: |- diff --git a/internal/httpclient/docs/UiNodeInputAttributes.md b/internal/httpclient/docs/UiNodeInputAttributes.md index 94bcfb643b09..2758b6bbaf83 100644 --- a/internal/httpclient/docs/UiNodeInputAttributes.md +++ b/internal/httpclient/docs/UiNodeInputAttributes.md @@ -12,14 +12,14 @@ Name | Type | Description | Notes **Onclick** | Pointer to **string** | OnClick may contain javascript which should be executed on click. This is primarily used for WebAuthn. | [optional] **Pattern** | Pointer to **string** | The input's pattern. | [optional] **Required** | Pointer to **bool** | Mark this input field as required. | [optional] -**Type** | Pointer to **string** | The input's element type. | [optional] +**Type** | **string** | The input's element type. | **Value** | Pointer to **interface{}** | The input's value. | [optional] ## Methods ### NewUiNodeInputAttributes -`func NewUiNodeInputAttributes(disabled bool, name string, nodeType string, ) *UiNodeInputAttributes` +`func NewUiNodeInputAttributes(disabled bool, name string, nodeType string, type_ string, ) *UiNodeInputAttributes` NewUiNodeInputAttributes instantiates a new UiNodeInputAttributes object This constructor will assign default values to properties that have it defined, @@ -238,11 +238,6 @@ and a boolean to check if the value has been set. SetType sets Type field to given value. -### HasType - -`func (o *UiNodeInputAttributes) HasType() bool` - -HasType returns a boolean if a field has been set. ### GetValue diff --git a/internal/httpclient/model_ui_node_input_attributes.go b/internal/httpclient/model_ui_node_input_attributes.go index ae6e9c5df39e..c6def217c1d1 100644 --- a/internal/httpclient/model_ui_node_input_attributes.go +++ b/internal/httpclient/model_ui_node_input_attributes.go @@ -33,7 +33,7 @@ type UiNodeInputAttributes struct { // Mark this input field as required. Required *bool `json:"required,omitempty"` // The input's element type. - Type *string `json:"type,omitempty"` + Type string `json:"type"` // The input's value. Value interface{} `json:"value,omitempty"` } @@ -42,11 +42,12 @@ type UiNodeInputAttributes struct { // This constructor will assign default values to properties that have it defined, // and makes sure properties required by API are set, but the set of arguments // will change when the set of required properties is changed -func NewUiNodeInputAttributes(disabled bool, name string, nodeType string) *UiNodeInputAttributes { +func NewUiNodeInputAttributes(disabled bool, name string, nodeType string, type_ string) *UiNodeInputAttributes { this := UiNodeInputAttributes{} this.Disabled = disabled this.Name = name this.NodeType = nodeType + this.Type = type_ return &this } @@ -290,36 +291,28 @@ func (o *UiNodeInputAttributes) SetRequired(v bool) { o.Required = &v } -// GetType returns the Type field value if set, zero value otherwise. +// GetType returns the Type field value func (o *UiNodeInputAttributes) GetType() string { - if o == nil || o.Type == nil { + if o == nil { var ret string return ret } - return *o.Type + + return o.Type } -// GetTypeOk returns a tuple with the Type field value if set, nil otherwise +// GetTypeOk returns a tuple with the Type field value // and a boolean to check if the value has been set. func (o *UiNodeInputAttributes) GetTypeOk() (*string, bool) { - if o == nil || o.Type == nil { + if o == nil { return nil, false } - return o.Type, true -} - -// HasType returns a boolean if a field has been set. -func (o *UiNodeInputAttributes) HasType() bool { - if o != nil && o.Type != nil { - return true - } - - return false + return &o.Type, true } -// SetType gets a reference to the given string and assigns it to the Type field. +// SetType sets field value func (o *UiNodeInputAttributes) SetType(v string) { - o.Type = &v + o.Type = v } // GetValue returns the Value field value if set, zero value otherwise (both if not set or set to explicit null). @@ -381,7 +374,7 @@ func (o UiNodeInputAttributes) MarshalJSON() ([]byte, error) { if o.Required != nil { toSerialize["required"] = o.Required } - if o.Type != nil { + if true { toSerialize["type"] = o.Type } if o.Value != nil { diff --git a/spec/api.json b/spec/api.json index 395cd73d705a..b085802095cd 100755 --- a/spec/api.json +++ b/spec/api.json @@ -2109,6 +2109,7 @@ }, "required": [ "name", + "type", "disabled", "node_type" ], diff --git a/spec/swagger.json b/spec/swagger.json index 4ac5abb760b7..3bab3006bcd5 100755 --- a/spec/swagger.json +++ b/spec/swagger.json @@ -4340,6 +4340,7 @@ "type": "object", "required": [ "name", + "type", "disabled", "node_type" ], diff --git a/ui/node/attributes.go b/ui/node/attributes.go index 28dbd02ecb38..4300d218f233 100644 --- a/ui/node/attributes.go +++ b/ui/node/attributes.go @@ -62,6 +62,8 @@ type InputAttributes struct { Name string `json:"name"` // The input's element type. + // + // required: true Type UiNodeInputAttributeType `json:"type" faker:"-"` // The input's value. From 8c8833e3c5ad088f89dbd027b073fe1fd1cbd9f5 Mon Sep 17 00:00:00 2001 From: ory-bot <60093411+ory-bot@users.noreply.github.com> Date: Wed, 27 Jul 2022 09:12:20 +0000 Subject: [PATCH 191/411] autogen(docs): regenerate and update changelog [skip ci] --- CHANGELOG.md | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 7f3d9b21b80a..b1f7a2df0bed 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,7 +4,7 @@ **Table of Contents** -- [ (2022-07-25)](#2022-07-25) +- [ (2022-07-27)](#2022-07-27) - [Breaking Changes](#breaking-changes) - [Bug Fixes](#bug-fixes) - [Code Refactoring](#code-refactoring) @@ -263,7 +263,7 @@ -# [](https://github.com/ory/kratos/compare/v0.10.1...v) (2022-07-25) +# [](https://github.com/ory/kratos/compare/v0.10.1...v) (2022-07-27) ## Breaking Changes @@ -337,8 +337,14 @@ SDK Method `getJsonSchema` was renamed to `getIdentitySchema`. - Return empty array not null when there are no sessions ([#2548](https://github.com/ory/kratos/issues/2548)) ([fffba47](https://github.com/ory/kratos/commit/fffba473440fec3118a3951b697d5a0d2d4e30d6)) +- Revert removal of required field in uiNodeInputAttributes + ([#2623](https://github.com/ory/kratos/issues/2623)) + ([fee154b](https://github.com/ory/kratos/commit/fee154b28dfb3007f8d20a807cfd6d362c3bd9e7)) - **sdk:** Make InputAttributes.Type an enum ([ff6190f](https://github.com/ory/kratos/commit/ff6190f31f538cf8ed735dfd1bb3b7afcd944c36)) +- **sdk:** Rust compile issue with required enum + ([#2619](https://github.com/ory/kratos/issues/2619)) + ([8800085](https://github.com/ory/kratos/commit/8800085d5bde32367217170d00f7141b7ea46733)) - Unable to find JSON Schema ID: default ([#2393](https://github.com/ory/kratos/issues/2393)) ([f43396b](https://github.com/ory/kratos/commit/f43396bdc03f89812f026c2a94b0b50100134c23)) From 5a8a484b754411cc918ee8bf642cf08e7fce190c Mon Sep 17 00:00:00 2001 From: Kevin Goslar Date: Thu, 28 Jul 2022 15:48:16 -0500 Subject: [PATCH 192/411] ci: delete semantic.yml (#2627) --- .github/semantic.yml | 17 ----------------- 1 file changed, 17 deletions(-) delete mode 100644 .github/semantic.yml diff --git a/.github/semantic.yml b/.github/semantic.yml deleted file mode 100644 index 4f8499c9f1d7..000000000000 --- a/.github/semantic.yml +++ /dev/null @@ -1,17 +0,0 @@ -titleOnly: true -commitsOnly: false -titleAndCommits: false - -types: - - feat - - fix - - revert - - docs - - style - - refactor - - test - - build - - autogen - - security - - ci - - chore From 4e8a8c1ce15e7176e038e27ae15b32490a46b782 Mon Sep 17 00:00:00 2001 From: Kevin Goslar Date: Fri, 29 Jul 2022 02:09:16 -0500 Subject: [PATCH 193/411] ci: additional types and scopes for conventional commits (#2626) --- .github/conventional_commits.json | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 .github/conventional_commits.json diff --git a/.github/conventional_commits.json b/.github/conventional_commits.json new file mode 100644 index 000000000000..c879da818477 --- /dev/null +++ b/.github/conventional_commits.json @@ -0,0 +1,5 @@ +{ + "$schema": "https://raw.githubusercontent.com/ory/ci/master/conventional_commit_config/dist/config.schema.json", + "addTypes": ["improvement", "perf"], + "addScopes": ["cli", "sql"] +} From 902073836e4dcf6dc87776921e7988d795943718 Mon Sep 17 00:00:00 2001 From: hackerman <3372410+aeneasr@users.noreply.github.com> Date: Mon, 1 Aug 2022 12:37:10 +0200 Subject: [PATCH 194/411] fix: cache migration status (#2631) See https://github.com/ory-corp/cloud/issues/2691 --- driver/registry_default.go | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/driver/registry_default.go b/driver/registry_default.go index 219d5ea01c38..4288d12affdf 100644 --- a/driver/registry_default.go +++ b/driver/registry_default.go @@ -8,6 +8,8 @@ import ( "sync" "time" + "github.com/ory/x/popx" + "github.com/hashicorp/go-retryablehttp" "github.com/ory/x/httpx" @@ -83,7 +85,8 @@ type RegistryDefault struct { healthxHandler *healthx.Handler metricsHandler *prometheus.Handler - persister persistence.Persister + persister persistence.Persister + migrationStatus popx.MigrationStatuses hookVerifier *hook.Verifier hookSessionIssuer *hook.SessionIssuer @@ -222,6 +225,10 @@ func (m *RegistryDefault) HealthHandler(_ context.Context) *healthx.Handler { return m.Ping() }, "migrations": func(r *http.Request) error { + if m.migrationStatus != nil && !m.migrationStatus.HasPending() { + return nil + } + status, err := m.Persister().MigrationStatus(r.Context()) if err != nil { return err @@ -231,6 +238,7 @@ func (m *RegistryDefault) HealthHandler(_ context.Context) *healthx.Handler { return errors.Errorf("migrations have not yet been fully applied") } + m.migrationStatus = status return nil }, }) From ad2305375584b42a2a4071d1142710a09cc02f94 Mon Sep 17 00:00:00 2001 From: aeneasr <3372410+aeneasr@users.noreply.github.com> Date: Mon, 1 Aug 2022 18:09:02 +0000 Subject: [PATCH 195/411] chore: update repository templates [skip ci] - updated repository templates to https://github.com/ory/meta/commit/38af4400702ca1e7eeffe42270f5e9a23906bf63 --- package-lock.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package-lock.json b/package-lock.json index da4787b2dd17..09474b1c3997 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,5 +1,5 @@ { - "name": "tmp.0uMB6SBgXB", + "name": "tmp.BG96w4STbK", "lockfileVersion": 2, "requires": true, "packages": { From fe00c5be72b0cdcc8d462a97aa04c413f758e8e3 Mon Sep 17 00:00:00 2001 From: hackerman <3372410+aeneasr@users.noreply.github.com> Date: Mon, 1 Aug 2022 22:00:15 +0200 Subject: [PATCH 196/411] fix: remove jackc rewrites (#2634) --- go.mod | 1 - go.sum | 47 ++++++++++++++++++++++++++++++++++++++++++++--- 2 files changed, 44 insertions(+), 4 deletions(-) diff --git a/go.mod b/go.mod index 6993aeb41db6..206999bdcbf0 100644 --- a/go.mod +++ b/go.mod @@ -5,7 +5,6 @@ go 1.17 replace ( github.com/bradleyjkemp/cupaloy/v2 => github.com/aeneasr/cupaloy/v2 v2.6.1-0.20210924214125-3dfdd01210a3 github.com/gorilla/sessions => github.com/ory/sessions v1.2.2-0.20220110165800-b09c17334dc2 - github.com/jackc/pgconn => github.com/jackc/pgconn v1.10.1-0.20211002123621-290ee79d1e8d github.com/knadh/koanf => github.com/aeneasr/koanf v0.14.1-0.20211230115640-aa3902b3267a // github.com/luna-duclos/instrumentedsql => github.com/ory/instrumentedsql v1.2.0 // github.com/luna-duclos/instrumentedsql/opentracing => github.com/ory/instrumentedsql/opentracing v0.0.0-20210903114257-c8963b546c5c diff --git a/go.sum b/go.sum index d16386942bbb..39660611ee73 100644 --- a/go.sum +++ b/go.sum @@ -429,8 +429,9 @@ github.com/coreos/go-semver v0.3.0 h1:wkHLiw0WNATZnSG7epLsujiMCgPAc9xhjJ4tgnAxmf github.com/coreos/go-semver v0.3.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk= github.com/coreos/go-systemd v0.0.0-20161114122254-48702e0da86b/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4= github.com/coreos/go-systemd v0.0.0-20180511133405-39ca1b05acc7/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4= -github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e h1:Wf6HqHfScWJN9/ZjdUKyjop4mf3Qdd+1TvvltAvM3m8= github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4= +github.com/coreos/go-systemd v0.0.0-20190719114852-fd7a80b32e1f h1:JOrtw2xFKzlg+cbHpyrpLDmnN1HqhBfnX7WDiW7eG2c= +github.com/coreos/go-systemd v0.0.0-20190719114852-fd7a80b32e1f/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4= github.com/coreos/go-systemd/v22 v22.0.0/go.mod h1:xO0FLkIi5MaZafQlIrOotqXZ90ih+1atmu1JpKERPPk= github.com/coreos/go-systemd/v22 v22.1.0/go.mod h1:xO0FLkIi5MaZafQlIrOotqXZ90ih+1atmu1JpKERPPk= github.com/coreos/go-systemd/v22 v22.3.2 h1:D9/bQk5vlXQFZ6Kwuu6zaiXJ9oTPe68++AzAJc1DzSI= @@ -1095,31 +1096,59 @@ github.com/instana/go-sensor v1.41.1/go.mod h1:E42MelHWFz11qqaLwvgt0j98v2s2O/bq2 github.com/instana/testify v1.6.2-0.20200721153833-94b1851f4d65 h1:T25FL3WEzgmKB0m6XCJNZ65nw09/QIp3T1yXr487D+A= github.com/instana/testify v1.6.2-0.20200721153833-94b1851f4d65/go.mod h1:nYhEREG/B7HUY7P+LKOrqy53TpIqmJ9JyUShcaEKtGw= github.com/j-keck/arping v0.0.0-20160618110441-2cf9dc699c56/go.mod h1:ymszkNOg6tORTn+6F6j+Jc8TOr5osrynvN6ivFWZ2GA= +github.com/jackc/chunkreader v1.0.0 h1:4s39bBR8ByfqH+DKm8rQA3E1LHZWB9XWcrz8fqaZbe0= +github.com/jackc/chunkreader v1.0.0/go.mod h1:RT6O25fNZIuasFJRyZ4R/Y2BbhasbmZXF9QQ7T3kePo= github.com/jackc/chunkreader/v2 v2.0.0/go.mod h1:odVSm741yZoC3dpHEUXIqA9tQRhFrgOHwnPIn9lDKlk= github.com/jackc/chunkreader/v2 v2.0.1 h1:i+RDz65UE+mmpjTfyz0MoVTnzeYxroil2G82ki7MGG8= github.com/jackc/chunkreader/v2 v2.0.1/go.mod h1:odVSm741yZoC3dpHEUXIqA9tQRhFrgOHwnPIn9lDKlk= -github.com/jackc/pgconn v1.10.1-0.20211002123621-290ee79d1e8d h1:FvOBGYSZXxGmjtmh3MYsmGu9N+ZbMx+4AvZH588NhVw= -github.com/jackc/pgconn v1.10.1-0.20211002123621-290ee79d1e8d/go.mod h1:4z2w8XhRbP1hYxkpTuBjTS3ne3J48K83+u0zoyvg2pI= +github.com/jackc/pgconn v0.0.0-20190420214824-7e0022ef6ba3/go.mod h1:jkELnwuX+w9qN5YIfX0fl88Ehu4XC3keFuOJJk9pcnA= +github.com/jackc/pgconn v0.0.0-20190824142844-760dd75542eb/go.mod h1:lLjNuW/+OfW9/pnVKPazfWOgNfH2aPem8YQ7ilXGvJE= +github.com/jackc/pgconn v0.0.0-20190831204454-2fabfa3c18b7/go.mod h1:ZJKsE/KZfsUgOEh9hBm+xYTstcNHg7UPMVJqRfQxq4s= +github.com/jackc/pgconn v1.8.0/go.mod h1:1C2Pb36bGIP9QHGBYCjnyhqu7Rv3sGshaQUvmfGIB/o= +github.com/jackc/pgconn v1.9.0/go.mod h1:YctiPyvzfU11JFxoXokUOOKQXQmDMoJL9vJzHH8/2JY= +github.com/jackc/pgconn v1.9.1-0.20210724152538-d89c8390a530/go.mod h1:4z2w8XhRbP1hYxkpTuBjTS3ne3J48K83+u0zoyvg2pI= +github.com/jackc/pgconn v1.10.0/go.mod h1:4z2w8XhRbP1hYxkpTuBjTS3ne3J48K83+u0zoyvg2pI= +github.com/jackc/pgconn v1.10.1/go.mod h1:4z2w8XhRbP1hYxkpTuBjTS3ne3J48K83+u0zoyvg2pI= +github.com/jackc/pgconn v1.12.0/go.mod h1:ZkhRC59Llhrq3oSfrikvwQ5NaxYExr6twkdkMLaKono= +github.com/jackc/pgconn v1.12.1 h1:rsDFzIpRk7xT4B8FufgpCCeyjdNpKyghZeSefViE5W8= +github.com/jackc/pgconn v1.12.1/go.mod h1:ZkhRC59Llhrq3oSfrikvwQ5NaxYExr6twkdkMLaKono= github.com/jackc/pgio v1.0.0 h1:g12B9UwVnzGhueNavwioyEEpAmqMe1E/BN9ES+8ovkE= github.com/jackc/pgio v1.0.0/go.mod h1:oP+2QK2wFfUWgr+gxjoBH9KGBb31Eio69xUb0w5bYf8= +github.com/jackc/pgmock v0.0.0-20190831213851-13a1b77aafa2/go.mod h1:fGZlG77KXmcq05nJLRkk0+p82V8B8Dw8KN2/V9c/OAE= +github.com/jackc/pgmock v0.0.0-20201204152224-4fe30f7445fd/go.mod h1:hrBW0Enj2AZTNpt/7Y5rr2xe/9Mn757Wtb2xeBzPv2c= github.com/jackc/pgmock v0.0.0-20210724152146-4ad1a8207f65 h1:DadwsjnMwFjfWc9y5Wi/+Zz7xoE5ALHsRQlOctkOiHc= github.com/jackc/pgmock v0.0.0-20210724152146-4ad1a8207f65/go.mod h1:5R2h2EEX+qri8jOWMbJCtaPWkrrNc7OHwsp2TCqp7ak= github.com/jackc/pgpassfile v1.0.0 h1:/6Hmqy13Ss2zCq62VdNG8tM1wchn8zjSGOBJ6icpsIM= github.com/jackc/pgpassfile v1.0.0/go.mod h1:CEx0iS5ambNFdcRtxPj5JhEz+xB6uRky5eyVu/W2HEg= +github.com/jackc/pgproto3 v1.1.0 h1:FYYE4yRw+AgI8wXIinMlNjBbp/UitDJwfj5LqqewP1A= +github.com/jackc/pgproto3 v1.1.0/go.mod h1:eR5FA3leWg7p9aeAqi37XOTgTIbkABlvcPB3E5rlc78= +github.com/jackc/pgproto3/v2 v2.0.0-alpha1.0.20190420180111-c116219b62db/go.mod h1:bhq50y+xrl9n5mRYyCBFKkpRVTLYJVWeCc+mEAI3yXA= +github.com/jackc/pgproto3/v2 v2.0.0-alpha1.0.20190609003834-432c2951c711/go.mod h1:uH0AWtUmuShn0bcesswc4aBTWGvw0cAxIJp+6OB//Wg= +github.com/jackc/pgproto3/v2 v2.0.0-rc3/go.mod h1:ryONWYqW6dqSg1Lw6vXNMXoBJhpzvWKnT95C46ckYeM= +github.com/jackc/pgproto3/v2 v2.0.0-rc3.0.20190831210041-4c03ce451f29/go.mod h1:ryONWYqW6dqSg1Lw6vXNMXoBJhpzvWKnT95C46ckYeM= +github.com/jackc/pgproto3/v2 v2.0.6/go.mod h1:WfJCnwN3HIg9Ish/j3sgWXnAfK8A9Y0bwXYU5xKaEdA= github.com/jackc/pgproto3/v2 v2.1.1/go.mod h1:WfJCnwN3HIg9Ish/j3sgWXnAfK8A9Y0bwXYU5xKaEdA= github.com/jackc/pgproto3/v2 v2.3.0 h1:brH0pCGBDkBW07HWlN/oSBXrmo3WB0UvZd1pIuDcL8Y= github.com/jackc/pgproto3/v2 v2.3.0/go.mod h1:WfJCnwN3HIg9Ish/j3sgWXnAfK8A9Y0bwXYU5xKaEdA= github.com/jackc/pgservicefile v0.0.0-20200714003250-2b9c44734f2b h1:C8S2+VttkHFdOOCXJe+YGfa4vHYwlt4Zx+IVXQ97jYg= github.com/jackc/pgservicefile v0.0.0-20200714003250-2b9c44734f2b/go.mod h1:vsD4gTJCa9TptPL8sPkXrLZ+hDuNrZCnj29CQpr4X1E= +github.com/jackc/pgtype v0.0.0-20190421001408-4ed0de4755e0/go.mod h1:hdSHsc1V01CGwFsrv11mJRHWJ6aifDLfdV3aVjFF0zg= +github.com/jackc/pgtype v0.0.0-20190824184912-ab885b375b90/go.mod h1:KcahbBH1nCMSo2DXpzsoWOAfFkdEtEJpPbVLq8eE+mc= +github.com/jackc/pgtype v0.0.0-20190828014616-a8802b16cc59/go.mod h1:MWlu30kVJrUS8lot6TQqcg7mtthZ9T0EoIBFiJcmcyw= github.com/jackc/pgtype v1.8.1-0.20210724151600-32e20a603178/go.mod h1:C516IlIV9NKqfsMCXTdChteoXmwgUceqaLfjg2e3NlM= github.com/jackc/pgtype v1.8.1/go.mod h1:LUMuVrfsFfdKGLw+AFFVv6KtHOFMwRgDDzBt76IqCA4= github.com/jackc/pgtype v1.11.0 h1:u4uiGPz/1hryuXzyaBhSk6dnIyyG2683olG2OV+UUgs= github.com/jackc/pgtype v1.11.0/go.mod h1:LUMuVrfsFfdKGLw+AFFVv6KtHOFMwRgDDzBt76IqCA4= +github.com/jackc/pgx/v4 v4.0.0-20190420224344-cc3461e65d96/go.mod h1:mdxmSJJuR08CZQyj1PVQBHy9XOp5p8/SHH6a0psbY9Y= +github.com/jackc/pgx/v4 v4.0.0-20190421002000-1b8f0016e912/go.mod h1:no/Y67Jkk/9WuGR0JG/JseM9irFbnEPbuWV2EELPNuM= +github.com/jackc/pgx/v4 v4.0.0-pre1.0.20190824185557-6972a5742186/go.mod h1:X+GQnOEnf1dqHGpw7JmHqHc1NxDoalibchSk9/RWuDc= github.com/jackc/pgx/v4 v4.12.1-0.20210724153913-640aa07df17c/go.mod h1:1QD0+tgSXP7iUjYm9C1NxKhny7lq6ee99u/z+IHFcgs= github.com/jackc/pgx/v4 v4.13.0/go.mod h1:9P4X524sErlaxj0XSGZk7s+LD0eOyu1ZDUrrpznYDF0= github.com/jackc/pgx/v4 v4.16.0/go.mod h1:N0A9sFdWzkw/Jy1lwoiB64F2+ugFZi987zRxcPez/wI= github.com/jackc/pgx/v4 v4.16.1 h1:JzTglcal01DrghUqt+PmzWsZx/Yh7SC/CTQmSBMTd0Y= github.com/jackc/pgx/v4 v4.16.1/go.mod h1:SIhx0D5hoADaiXZVyv+3gSm3LCIIINTVO0PficsvWGQ= +github.com/jackc/puddle v0.0.0-20190413234325-e4ced69a3a2b/go.mod h1:m4B5Dj62Y0fbyuIc15OsIqK0+JU8nkqQjsgx7dvjSWk= +github.com/jackc/puddle v0.0.0-20190608224051-11cab39313c9/go.mod h1:m4B5Dj62Y0fbyuIc15OsIqK0+JU8nkqQjsgx7dvjSWk= github.com/jackc/puddle v1.1.3/go.mod h1:m4B5Dj62Y0fbyuIc15OsIqK0+JU8nkqQjsgx7dvjSWk= github.com/jackc/puddle v1.2.1/go.mod h1:m4B5Dj62Y0fbyuIc15OsIqK0+JU8nkqQjsgx7dvjSWk= github.com/jandelgado/gcov2lcov v1.0.4/go.mod h1:NnSxK6TMlg1oGDBfGelGbjgorT5/L3cchlbtgFYZSss= @@ -1221,6 +1250,8 @@ github.com/leodido/go-urn v1.2.0 h1:hpXL4XnriNwQ/ABnpepYM/1vCLWNDfUNts8dX3xTG6Y= github.com/leodido/go-urn v1.2.0/go.mod h1:+8+nEpDfqqsY+g338gtMEUOtuK+4dEMhiQEgxpxOKII= github.com/letsencrypt/pkcs11key/v4 v4.0.0/go.mod h1:EFUvBDay26dErnNb70Nd0/VW3tJiIbETBPTl9ATXQag= github.com/lib/pq v0.0.0-20180327071824-d34b9ff171c2/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo= +github.com/lib/pq v1.0.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo= +github.com/lib/pq v1.1.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo= github.com/lib/pq v1.1.1/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo= github.com/lib/pq v1.2.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo= github.com/lib/pq v1.10.1/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o= @@ -1273,6 +1304,7 @@ github.com/mattn/go-ieproxy v0.0.0-20190610004146-91bb50d98149/go.mod h1:31jz6HN github.com/mattn/go-isatty v0.0.3/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4= github.com/mattn/go-isatty v0.0.4/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4= github.com/mattn/go-isatty v0.0.5/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s= +github.com/mattn/go-isatty v0.0.7/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s= github.com/mattn/go-isatty v0.0.8/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s= github.com/mattn/go-isatty v0.0.10/go.mod h1:qgIWMr58cqv1PHHyhnkY9lrL7etaEgOFcMEpPG5Rm84= github.com/mattn/go-isatty v0.0.11/go.mod h1:PhnuNfih5lzO57/f3n+odYbM4JtupLOxQOAqxQCu2WE= @@ -1611,6 +1643,7 @@ github.com/rs/cors v1.7.0/go.mod h1:gFx+x8UowdsKA9AchylcLynDq+nNFfI8FkUZdN/jGCU= github.com/rs/cors v1.8.2 h1:KCooALfAYGs415Cwu5ABvv9n9509fSiG5SQJn/AQo4U= github.com/rs/cors v1.8.2/go.mod h1:XyqrcTp5zjWr1wsJ8PIRZssZ8b/WMcMf71DJnit4EMU= github.com/rs/xid v1.2.1/go.mod h1:+uKXf+4Djp6Md1KODXJxgGQPKngRmWyn10oCKFzNHOQ= +github.com/rs/zerolog v1.13.0/go.mod h1:YbFCdg8HfsridGWAh22vktObvhZbQsZXe4/zB0OKkWU= github.com/rs/zerolog v1.15.0/go.mod h1:xYTKnLHcpfU2225ny5qZjxnj9NvkumZYjJHlAThCjNc= github.com/russross/blackfriday v1.5.2 h1:HyvC0ARfnZBqnXwABFeSZHpKvJHJJfPz81GNueLj0oo= github.com/russross/blackfriday v1.5.2/go.mod h1:JO/DiYxRf+HjHt06OyowR9PTA263kcR/rfWxYHBV53g= @@ -1644,6 +1677,7 @@ github.com/sergi/go-diff v1.0.0/go.mod h1:0CfEIISq7TuYL3j771MWULgwwjU+GofnZX9QAm github.com/sergi/go-diff v1.1.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNXdaHfM= github.com/sergi/go-diff v1.2.0 h1:XU+rvMAioB0UC3q1MFrIQy4Vo5/4VsRDQQXHsEya6xQ= github.com/sergi/go-diff v1.2.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNXdaHfM= +github.com/shopspring/decimal v0.0.0-20180709203117-cd690d0c9e24/go.mod h1:M+9NzErvs504Cn4c5DxATwIqPbtswREoFCre64PpcG4= github.com/shopspring/decimal v1.2.0/go.mod h1:DKyhrW/HYNuLGql+MJL6WCR6knT2jwCFRcu2hWCYk4o= github.com/shopspring/decimal v1.3.1 h1:2Usl1nmF/WZucqkFZhnfFYxxxu8LG21F6nPQBE5gKV8= github.com/shopspring/decimal v1.3.1/go.mod h1:DKyhrW/HYNuLGql+MJL6WCR6knT2jwCFRcu2hWCYk4o= @@ -1957,6 +1991,7 @@ go.uber.org/multierr v1.6.0/go.mod h1:cdWPpRnG4AhwMwsgIHip0KRBQjJy5kYEpYjJxpXp9i go.uber.org/multierr v1.7.0 h1:zaiO/rmgFjbmCXdSYJWQcdvOCsthmdaHfr3Gm2Kx4Ec= go.uber.org/multierr v1.7.0/go.mod h1:7EAYxJLBy9rStEaz58O2t4Uvip6FSURkq8/ppBp95ak= go.uber.org/tools v0.0.0-20190618225709-2cfd321de3ee/go.mod h1:vJERXedbb3MVM5f9Ejo0C68/HhF8uaILCdgjnY+goOA= +go.uber.org/zap v1.9.1/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q= go.uber.org/zap v1.10.0/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q= go.uber.org/zap v1.13.0/go.mod h1:zwrFLgMcdUuIBviXEYEH1YKNaOBnKXsx2IPda5bBwHM= go.uber.org/zap v1.16.0/go.mod h1:MA8QOfq0BHJwdXa996Y4dYkAqRKB8/1K1QMMZVaNZjQ= @@ -1973,6 +2008,7 @@ golang.org/x/crypto v0.0.0-20181203042331-505ab145d0a9/go.mod h1:6SG95UA2DQfeDnf golang.org/x/crypto v0.0.0-20190219172222-a4c6cb3142f2/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20190320223903-b7391e95e576/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= +golang.org/x/crypto v0.0.0-20190411191339-88737f569e3a/go.mod h1:WFFai1msRO1wXaEeE5yQxYXgSfI8pQAWXbQop6sCtWE= golang.org/x/crypto v0.0.0-20190422162423-af44ce270edf/go.mod h1:WFFai1msRO1wXaEeE5yQxYXgSfI8pQAWXbQop6sCtWE= golang.org/x/crypto v0.0.0-20190426145343-a29dc8fdc734/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= @@ -1993,10 +2029,12 @@ golang.org/x/crypto v0.0.0-20200728195943-123391ffb6de/go.mod h1:LzIPMQfyMNhhGPh golang.org/x/crypto v0.0.0-20201002170205-7f63de1d35b0/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20201112155050-0c6587e931a9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20201124201722-c8d3bf9c5392/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I= +golang.org/x/crypto v0.0.0-20201203163018-be400aefbc4c/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I= golang.org/x/crypto v0.0.0-20210220033148-5ea612d1eb83/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I= golang.org/x/crypto v0.0.0-20210322153248-0c34fe9e7dc2/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4= golang.org/x/crypto v0.0.0-20210421170649-83a5a9bb288b/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4= golang.org/x/crypto v0.0.0-20210506145944-38f3c27a63bf/go.mod h1:P+XmwS30IXTQdn5tA2iutPOUgjI07+tq3H3K9MVA1s8= +golang.org/x/crypto v0.0.0-20210616213533-5ff15b29337e/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.0.0-20210711020723-a769d52b0f97/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.0.0-20210817164053-32db794688a5/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.0.0-20210920023735-84f357641f63/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= @@ -2227,6 +2265,7 @@ golang.org/x/tools v0.0.0-20190624222133-a101b041ded4/go.mod h1:/rFqwRUd4F7ZHNgw golang.org/x/tools v0.0.0-20190628153133-6cdbf07be9d0/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= golang.org/x/tools v0.0.0-20190729092621-ff9f1409240a/go.mod h1:jcCCGcm9btYwXyDqrUWc6MKQKKGJCWEQ3AfLSRIbEuI= golang.org/x/tools v0.0.0-20190816200558-6889da9d5479/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= +golang.org/x/tools v0.0.0-20190823170909-c4a336ef6a2f/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20190907020128-2ca718005c18/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20190911174233-4f2ddba30aff/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20190927191325-030b2cf1153e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= @@ -2286,6 +2325,8 @@ golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.7/go.mod h1:LGqMHiF4EqQNHR1JncWGqT5BVaXmza+X+BDGol+dOxo= golang.org/x/tools v0.1.10 h1:QjFRCZxdOhBJ/UNgnBZLbNV13DlbnK0quyivTnXJM20= golang.org/x/tools v0.1.10/go.mod h1:Uh6Zz+xoGYZom868N8YTex3t7RhtHDBrE8Gzo9bV56E= +golang.org/x/xerrors v0.0.0-20190410155217-1f06c39b4373/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +golang.org/x/xerrors v0.0.0-20190513163551-3ee3066db522/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= From e17064de0f4a0ddec7ba3dc9abcc5f888160cf76 Mon Sep 17 00:00:00 2001 From: ory-bot <60093411+ory-bot@users.noreply.github.com> Date: Mon, 1 Aug 2022 20:37:57 +0000 Subject: [PATCH 197/411] autogen(docs): regenerate and update changelog [skip ci] --- CHANGELOG.md | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index b1f7a2df0bed..e2a12d919c89 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,7 +4,7 @@ **Table of Contents** -- [ (2022-07-27)](#2022-07-27) +- [ (2022-08-01)](#2022-08-01) - [Breaking Changes](#breaking-changes) - [Bug Fixes](#bug-fixes) - [Code Refactoring](#code-refactoring) @@ -263,7 +263,7 @@ -# [](https://github.com/ory/kratos/compare/v0.10.1...v) (2022-07-27) +# [](https://github.com/ory/kratos/compare/v0.10.1...v) (2022-08-01) ## Breaking Changes @@ -287,6 +287,11 @@ SDK Method `getJsonSchema` was renamed to `getIdentitySchema`. ([071c885](https://github.com/ory/kratos/commit/071c885d8231a1a66051002ecfcff5c8e5237085)) - Bump graceful to deal with http header timeouts ([9ce2d26](https://github.com/ory/kratos/commit/9ce2d260338f020e2da077e81464e520883f582b)) +- Cache migration status ([#2631](https://github.com/ory/kratos/issues/2631)) + ([9020738](https://github.com/ory/kratos/commit/902073836e4dcf6dc87776921e7988d795943718)): + + See https://github.com/ory-corp/cloud/issues/2691 + - **cli:** Dry up code ([#2572](https://github.com/ory/kratos/issues/2572)) ([d1b6b40](https://github.com/ory/kratos/commit/d1b6b40aa9dcc7a3ec9237eec28c4fa55f0b8627)) - Debugging Docker setup ([#2616](https://github.com/ory/kratos/issues/2616)) @@ -327,6 +332,8 @@ SDK Method `getJsonSchema` was renamed to `getIdentitySchema`. ([#2598](https://github.com/ory/kratos/issues/2598)) ([bf6f27e](https://github.com/ory/kratos/commit/bf6f27e37b8aa342ae002e0a9f227a31e0f7c279)), closes [#2562](https://github.com/ory/kratos/issues/2562) +- Remove jackc rewrites ([#2634](https://github.com/ory/kratos/issues/2634)) + ([fe00c5b](https://github.com/ory/kratos/commit/fe00c5be72b0cdcc8d462a97aa04c413f758e8e3)) - Remove newline sign from email subject ([#2576](https://github.com/ory/kratos/issues/2576)) ([ca3d9c2](https://github.com/ory/kratos/commit/ca3d9c24e25ce501e9eae23547f87e1c35b2ea97)) From 4ce9f1ebb39cccfd36c4f0fb4a2ae2a17fbc18cc Mon Sep 17 00:00:00 2001 From: hackerman <3372410+aeneasr@users.noreply.github.com> Date: Mon, 1 Aug 2022 23:02:09 +0200 Subject: [PATCH 198/411] fix: wrap migration error in WithStack (#2636) --- persistence/sql/persister.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/persistence/sql/persister.go b/persistence/sql/persister.go index 5795d81164ad..53d5fea105d8 100644 --- a/persistence/sql/persister.go +++ b/persistence/sql/persister.go @@ -95,7 +95,7 @@ func (p *Persister) MigrationStatus(ctx context.Context) (popx.MigrationStatuses status, err := p.mb.Status(ctx) if err != nil { - return nil, err + return nil, errors.WithStack(err) } if !status.HasPending() { From 782d82968c17a3aea22f150891355c9d36a487e6 Mon Sep 17 00:00:00 2001 From: ory-bot <60093411+ory-bot@users.noreply.github.com> Date: Mon, 1 Aug 2022 21:43:47 +0000 Subject: [PATCH 199/411] autogen(docs): regenerate and update changelog [skip ci] --- CHANGELOG.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index e2a12d919c89..9fb31a45572e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -359,6 +359,9 @@ SDK Method `getJsonSchema` was renamed to `getIdentitySchema`. ([c36ca53](https://github.com/ory/kratos/commit/c36ca53d4552596e62ec323795c3bf21438d4f26)) - Use errors instead of fatal for serve cmd ([02f7e9c](https://github.com/ory/kratos/commit/02f7e9cfd17ab60c3f38aab3ae977c427b26990d)) +- Wrap migration error in WithStack + ([#2636](https://github.com/ory/kratos/issues/2636)) + ([4ce9f1e](https://github.com/ory/kratos/commit/4ce9f1ebb39cccfd36c4f0fb4a2ae2a17fbc18cc)) ### Code Refactoring From a2e3c41f9e513e1de47f6320f6a10acd1fed5eea Mon Sep 17 00:00:00 2001 From: hackerman <3372410+aeneasr@users.noreply.github.com> Date: Tue, 2 Aug 2022 22:07:17 +0200 Subject: [PATCH 200/411] fix: improve migration status speed (#2637) --- go.mod | 18 +++++++-------- go.sum | 69 +++++++++++++++++----------------------------------------- 2 files changed, 29 insertions(+), 58 deletions(-) diff --git a/go.mod b/go.mod index 206999bdcbf0..e5581b1c1bbc 100644 --- a/go.mod +++ b/go.mod @@ -39,9 +39,9 @@ require ( github.com/go-openapi/strfmt v0.20.3 github.com/go-playground/validator/v10 v10.4.1 github.com/go-swagger/go-swagger v0.26.1 - github.com/gobuffalo/fizz v1.14.0 + github.com/gobuffalo/fizz v1.14.2 github.com/gobuffalo/httptest v1.0.2 - github.com/gobuffalo/pop/v6 v6.0.4-0.20220707121509-feb0eed33d86 + github.com/gobuffalo/pop/v6 v6.0.6 github.com/gofrs/uuid v4.2.0+incompatible github.com/golang-jwt/jwt/v4 v4.1.0 github.com/golang/gddo v0.0.0-20190904175337-72a348e765d2 @@ -76,7 +76,7 @@ require ( github.com/ory/kratos-client-go v0.6.3-alpha.1 github.com/ory/mail/v3 v3.0.0 github.com/ory/nosurf v1.2.7 - github.com/ory/x v0.0.445 + github.com/ory/x v0.0.453 github.com/phayes/freeport v0.0.0-20180830031419-95f893ade6f2 github.com/pkg/errors v0.9.1 github.com/pquerna/otp v1.3.0 @@ -97,7 +97,7 @@ require ( golang.org/x/net v0.0.0-20220225172249-27dd8689420f golang.org/x/oauth2 v0.0.0-20211104180415-d3ed0bb246c8 golang.org/x/sync v0.0.0-20220601150217-0de741cfad7f - golang.org/x/tools v0.1.10 + golang.org/x/tools v0.1.11 ) require ( @@ -171,11 +171,11 @@ require ( github.com/gobuffalo/envy v1.10.1 // indirect github.com/gobuffalo/flect v0.2.5 // indirect github.com/gobuffalo/github_flavored_markdown v1.1.1 // indirect - github.com/gobuffalo/helpers v0.6.4 // indirect + github.com/gobuffalo/helpers v0.6.5 // indirect github.com/gobuffalo/nulls v0.4.1 // indirect - github.com/gobuffalo/plush/v4 v4.1.12 // indirect - github.com/gobuffalo/tags/v3 v3.1.2 // indirect - github.com/gobuffalo/validate/v3 v3.3.1 // indirect + github.com/gobuffalo/plush/v4 v4.1.13 // indirect + github.com/gobuffalo/tags/v3 v3.1.3 // indirect + github.com/gobuffalo/validate/v3 v3.3.2 // indirect github.com/goccy/go-yaml v1.9.5 // indirect github.com/gofrs/flock v0.8.1 // indirect github.com/gogo/protobuf v1.3.2 // indirect @@ -314,7 +314,7 @@ require ( go.uber.org/atomic v1.7.0 // indirect go.uber.org/multierr v1.7.0 // indirect go.uber.org/zap v1.17.0 // indirect - golang.org/x/mod v0.6.0-dev.0.20220106191415-9b9b3d81d5e3 // indirect + golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4 // indirect golang.org/x/sys v0.0.0-20220517195934-5e4e11fc645e // indirect golang.org/x/term v0.0.0-20210927222741-03fcf44c2211 // indirect golang.org/x/text v0.3.7 // indirect diff --git a/go.sum b/go.sum index 39660611ee73..784fa0e272ac 100644 --- a/go.sum +++ b/go.sum @@ -241,7 +241,6 @@ github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kB github.com/bitly/go-simplejson v0.5.0/go.mod h1:cXHtHw4XUPsvGaxgjIAn8PhEWG9NfngEKAMDJEczWVA= github.com/bits-and-blooms/bitset v1.2.0/go.mod h1:gIdJ4wp64HaoK2YrL1Q5/N7Y16edYb8uY+O0FJTyyDA= github.com/bketelsen/crypt v0.0.3-0.20200106085610-5cbc8cc4026c/go.mod h1:MKsuJmJgSg28kpZDP6UIiPt0e0Oz0kqKNGyRaWEPv84= -github.com/bketelsen/crypt v0.0.4/go.mod h1:aI6NrJ0pMGgvZKL1iVgXLnfIFJtfV+bKCoqOes/6LfM= github.com/blakesmith/ar v0.0.0-20190502131153-809d4375e1fb/go.mod h1:PkYb9DJNAwrSvRx5DYA+gUcOIgTGVMNkfSCbZM8cWpI= github.com/blang/semver v3.1.0+incompatible/go.mod h1:kRBLl5iJ+tD4TcOOxsy/0fnwebNt5EWlYSAyrTnjyyk= github.com/blang/semver v3.5.1+incompatible/go.mod h1:kRBLl5iJ+tD4TcOOxsy/0fnwebNt5EWlYSAyrTnjyyk= @@ -737,39 +736,33 @@ github.com/go-test/deep v1.0.2-0.20181118220953-042da051cf31/go.mod h1:wGDj63lr6 github.com/go-test/deep v1.0.4 h1:u2CU3YKy9I2pmu9pX0eq50wCgjfGIt539SqR7FbHiho= github.com/go-test/deep v1.0.4/go.mod h1:wGDj63lr65AM2AQyKZd/NYHGb0R+1RLqB8NKt3aSFNA= github.com/gobuffalo/attrs v0.0.0-20190224210810-a9411de4debd/go.mod h1:4duuawTqi2wkkpB4ePgWMaai6/Kc6WEz83bhFwpHzj0= -github.com/gobuffalo/attrs v1.0.1/go.mod h1:qGdnq2RukKtBl4ASJit0OFckc5XGSyTFk98SvRpMFrQ= +github.com/gobuffalo/attrs v1.0.2/go.mod h1:tJ7wJj6XbMNhYwJ8fl2PFDpDcUfsG1spWdUJISvPAZQ= github.com/gobuffalo/depgen v0.0.0-20190329151759-d478694a28d3/go.mod h1:3STtPUQYuzV0gBVOY3vy6CfMm/ljR4pABfrTeHNLHUY= github.com/gobuffalo/depgen v0.1.0/go.mod h1:+ifsuy7fhi15RWncXQQKjWS9JPkdah5sZvtHc2RXGlg= github.com/gobuffalo/envy v1.6.15/go.mod h1:n7DRkBerg/aorDM8kbduw5dN3oXGswK5liaSCx4T5NI= github.com/gobuffalo/envy v1.7.0/go.mod h1:n7DRkBerg/aorDM8kbduw5dN3oXGswK5liaSCx4T5NI= github.com/gobuffalo/envy v1.10.1 h1:ppDLoXv2feQ5nus4IcgtyMdHQkKng2lhJCIm33cblM0= github.com/gobuffalo/envy v1.10.1/go.mod h1:AWx4++KnNOW3JOeEvhSaq+mvgAvnMYOY1XSIin4Mago= -github.com/gobuffalo/fizz v1.10.0/go.mod h1:J2XGPO0AfJ1zKw7+2BA+6FEGAkyEsdCOLvN93WCT2WI= -github.com/gobuffalo/fizz v1.14.0 h1:hicZBYSwSWITXEDUR77tqrLU1/vScXHddd02IaFkkPI= -github.com/gobuffalo/fizz v1.14.0/go.mod h1:0aF1kAZYCfKqbLM/lmZ3jXFyqqWE/kY/nIOKnNdAYXQ= +github.com/gobuffalo/fizz v1.14.2 h1:t02ZX47tLq5P9NzxbsNkpvXqqBXsYDk02O2xhw5C2Po= +github.com/gobuffalo/fizz v1.14.2/go.mod h1:pZp2NZYEiPRoylV3lKIz0XZOOupizz+SnKq9wb1idxE= github.com/gobuffalo/flect v0.1.0/go.mod h1:d2ehjJqGOH/Kjqcoz+F7jHTBbmDb38yXA598Hb50EGs= github.com/gobuffalo/flect v0.1.1/go.mod h1:8JCgGVbRjJhVgD6399mQr4fx5rRfGKVzFjbj6RE/9UI= github.com/gobuffalo/flect v0.1.3/go.mod h1:8JCgGVbRjJhVgD6399mQr4fx5rRfGKVzFjbj6RE/9UI= -github.com/gobuffalo/flect v0.2.0/go.mod h1:W3K3X9ksuZfir8f/LrfVtWmCDQFfayuylOJ7sz/Fj80= -github.com/gobuffalo/flect v0.2.4/go.mod h1:1ZyCLIbg0YD7sDkzvFdPoOydPtD8y9JQnrOROolUcM8= github.com/gobuffalo/flect v0.2.5 h1:H6vvsv2an0lalEaCDRThvtBfmg44W/QHXBCYUXf/6S4= github.com/gobuffalo/flect v0.2.5/go.mod h1:1ZyCLIbg0YD7sDkzvFdPoOydPtD8y9JQnrOROolUcM8= github.com/gobuffalo/genny v0.0.0-20190329151137-27723ad26ef9/go.mod h1:rWs4Z12d1Zbf19rlsn0nurr75KqhYp52EAGGxTbBhNk= github.com/gobuffalo/genny v0.0.0-20190403191548-3ca520ef0d9e/go.mod h1:80lIj3kVJWwOrXWWMRzzdhW3DsrdjILVil/SFKBzF28= github.com/gobuffalo/genny v0.1.0/go.mod h1:XidbUqzak3lHdS//TPu2OgiFB+51Ur5f7CSnXZ/JDvo= github.com/gobuffalo/genny v0.1.1/go.mod h1:5TExbEyY48pfunL4QSXxlDOmdsD44RRq4mVZ0Ex28Xk= -github.com/gobuffalo/genny/v2 v2.0.8/go.mod h1:R45scCyQfff2HysNJHNanjrpvPw4Qu+rM1MOMDBB5oU= -github.com/gobuffalo/genny/v2 v2.0.9/go.mod h1:R45scCyQfff2HysNJHNanjrpvPw4Qu+rM1MOMDBB5oU= +github.com/gobuffalo/genny/v2 v2.0.12/go.mod h1:KtMtTcR/U2kHbQxhjCVA16ph6rjBnhw39f6aaxl4hMk= github.com/gobuffalo/gitgen v0.0.0-20190315122116-cc086187d211/go.mod h1:vEHJk/E9DmhejeLeNt7UVvlSGv3ziL+djtTr3yyzcOw= -github.com/gobuffalo/github_flavored_markdown v1.1.0/go.mod h1:TSpTKWcRTI0+v7W3x8dkSKMLJSUpuVitlptCkpeY8ic= github.com/gobuffalo/github_flavored_markdown v1.1.1 h1:kUf8ginyBOTRXcKSTPsPAqlA25vQ80+xAspLIYaxmTU= github.com/gobuffalo/github_flavored_markdown v1.1.1/go.mod h1:yU32Pen+eorS58oxh/bNZx76zUOCJwmvyV5FBrvzOKQ= github.com/gobuffalo/gogen v0.0.0-20190315121717-8f38393713f5/go.mod h1:V9QVDIxsgKNZs6L2IYiGR8datgMhB577vzTDqypH360= github.com/gobuffalo/gogen v0.1.0/go.mod h1:8NTelM5qd8RZ15VjQTFkAW6qOMx5wBbW4dSCS3BY8gg= github.com/gobuffalo/gogen v0.1.1/go.mod h1:y8iBtmHmGc4qa3urIyo1shvOD8JftTtfcKi+71xfDNE= -github.com/gobuffalo/helpers v0.6.0/go.mod h1:pncVrer7x/KRvnL5aJABLAuT/RhKRR9klL6dkUOhyv8= -github.com/gobuffalo/helpers v0.6.4 h1:N9is8xgaotJzGIge1GoLYiWRpKZPqnS9RSty72OhIn8= -github.com/gobuffalo/helpers v0.6.4/go.mod h1:m2aOKsTl3KB0RUwwpxf3tykaaitujQ3irivqrlNAcJ0= +github.com/gobuffalo/helpers v0.6.5 h1:Quf1KAUae97sdDmm/QP5V9P/0XYpK+HrhnYXU+nf65M= +github.com/gobuffalo/helpers v0.6.5/go.mod h1:LA4zcc89tkZsfKpJIWsXLibiqTgZQ4EvDszfxdqr9ZA= github.com/gobuffalo/here v0.6.0 h1:hYrd0a6gDmWxBM4TnrGw8mQg24iSVoIkHEk7FodQcBI= github.com/gobuffalo/here v0.6.0/go.mod h1:wAG085dHOYqUpf+Ap+WOdrPTp5IYcDAs/x7PLa8Y5fM= github.com/gobuffalo/httptest v1.0.2 h1:LWp2khlgA697h4BIYWW2aRxvB93jMnBrbakQ/r2KLzs= @@ -785,20 +778,15 @@ github.com/gobuffalo/packd v0.1.0/go.mod h1:M2Juc+hhDXf/PnmBANFCqx4DM3wRbgDvnVWe github.com/gobuffalo/packd v1.0.1/go.mod h1:PP2POP3p3RXGz7Jh6eYEf93S7vA2za6xM7QT85L4+VY= github.com/gobuffalo/packr/v2 v2.0.9/go.mod h1:emmyGweYTm6Kdper+iywB6YK5YzuKchGtJQZ0Odn4pQ= github.com/gobuffalo/packr/v2 v2.2.0/go.mod h1:CaAwI0GPIAv+5wKLtv8Afwl+Cm78K/I/VCm/3ptBN+0= -github.com/gobuffalo/plush/v4 v4.0.0/go.mod h1:ErFS3UxKqEb8fpFJT7lYErfN/Nw6vHGiDMTjxpk5bQ0= -github.com/gobuffalo/plush/v4 v4.1.9/go.mod h1:9OOII9uAM5pZnhWu1OkQnboXJjaWMQ7kcTl3zNcxvTM= -github.com/gobuffalo/plush/v4 v4.1.12 h1:zkkH7+yC/rbhDp88+PgF5I2pnaVC4cYbDekp1cI452c= -github.com/gobuffalo/plush/v4 v4.1.12/go.mod h1:Ke2mPa1ZuGXkyHnAeNcVTKC6s0Aa1H9DH6qJ2Tdkl4s= -github.com/gobuffalo/pop/v6 v6.0.0/go.mod h1:5rd3OnViLhjteR8+0i/mT9Q4CzkTzCoR7tm/9mmAic4= -github.com/gobuffalo/pop/v6 v6.0.4-0.20220707121509-feb0eed33d86 h1:fQz6sw44aXDrJS7BX91ZRbX86tIqz55go3EbgJ1crfY= -github.com/gobuffalo/pop/v6 v6.0.4-0.20220707121509-feb0eed33d86/go.mod h1:52Jl9aGbapxpS4ENiwdQeW8AWf2ixJYweszb0o3t/QU= +github.com/gobuffalo/plush/v4 v4.1.13 h1:tru7S39kYaefzM+dk+W1bib65ZVkS1nV+6ARB7yPWn0= +github.com/gobuffalo/plush/v4 v4.1.13/go.mod h1:s3hUyj/JlwEiJ039OBJevojq9xT40D1pgekw0o88CVU= +github.com/gobuffalo/pop/v6 v6.0.6 h1:M/CJ9RLibCTN0OtsgASmVtKqyEXJAreF8oamZrHscc4= +github.com/gobuffalo/pop/v6 v6.0.6/go.mod h1:toTxNJnsSuSlyK6w0yGb4YXSNIHsi2chQYC2CjBF9Ac= github.com/gobuffalo/syncx v0.0.0-20190224160051-33c29581e754/go.mod h1:HhnNqWY95UYwwW3uSASeV7vtgYkT2t16hJgV3AEPUpw= -github.com/gobuffalo/tags/v3 v3.0.2/go.mod h1:ZQeN6TCTiwAFnS0dNcbDtSgZDwNKSpqajvVtt6mlYpA= -github.com/gobuffalo/tags/v3 v3.1.2 h1:68sHcwFFDstXyfbk5ovbGcQFDsupgVLs+lw1XZinHJw= -github.com/gobuffalo/tags/v3 v3.1.2/go.mod h1:o3ldUfKv50jxWAC8eZHXMm8dnKW3YvyZUMr0xqUcZTI= -github.com/gobuffalo/validate/v3 v3.0.0/go.mod h1:HFpjq+AIiA2RHoQnQVTFKF/ZpUPXwyw82LgyDPxQ9r0= -github.com/gobuffalo/validate/v3 v3.3.1 h1:5YLQL22YARUsYS5ZGsPU6TrD0Utiu53N1JJ5qi+foYk= -github.com/gobuffalo/validate/v3 v3.3.1/go.mod h1:Ehu8ieNJQuUM4peDDr/0VapzdGA7RgTc3wbe51vHfS0= +github.com/gobuffalo/tags/v3 v3.1.3 h1:yhq9gudiEngYtPzH1KtMUknxffQBqwNfkHKP6i4l4NE= +github.com/gobuffalo/tags/v3 v3.1.3/go.mod h1:WAAjKdskZUmdi6EkNjP2SXBwBwRovHsjJsPJbBiPlKc= +github.com/gobuffalo/validate/v3 v3.3.2 h1:GZdJlDy6zDRXF5BnEiY+pGvGDFx95atMIWd3N3MMseE= +github.com/gobuffalo/validate/v3 v3.3.2/go.mod h1:jiEEw+N7KbAP2aInFxGnfitI0g7HjXqcp5hDD6TaQDU= github.com/goccy/go-yaml v1.9.5 h1:Eh/+3uk9kLxG4koCX6lRMAPS1OaMSAi+FJcya0INdB0= github.com/goccy/go-yaml v1.9.5/go.mod h1:U/jl18uSupI5rdI2jmuCswEA2htH9eXfferR3KfscvA= github.com/godbus/dbus v0.0.0-20151105175453-c7fdd8b5cd55/go.mod h1:/YcGZj5zSblfDWMMoOzV4fas9FZnQYTkDnsGvmh2Grw= @@ -809,7 +797,6 @@ github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5x github.com/godbus/dbus/v5 v5.0.6/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA= github.com/gofrs/flock v0.8.1 h1:+gYjHKf32LDeiEEFhQaotPbLuUXjY5ZqxKgXy7n59aw= github.com/gofrs/flock v0.8.1/go.mod h1:F1TvTiK9OcQqauNUHlbJvyl9Qa1QvF/gOUDKA14jxHU= -github.com/gofrs/uuid v3.2.0+incompatible/go.mod h1:b2aQJv3Z4Fp6yNu3cdSllBxTCLRxnplIgP/c0N/04lM= github.com/gofrs/uuid v4.0.0+incompatible/go.mod h1:b2aQJv3Z4Fp6yNu3cdSllBxTCLRxnplIgP/c0N/04lM= github.com/gofrs/uuid v4.1.0+incompatible/go.mod h1:b2aQJv3Z4Fp6yNu3cdSllBxTCLRxnplIgP/c0N/04lM= github.com/gofrs/uuid v4.2.0+incompatible h1:yyYWMnhkhrKwwr8gAOcOCYxOOscHgDS9yZgBrnJfGa0= @@ -1107,8 +1094,6 @@ github.com/jackc/pgconn v0.0.0-20190831204454-2fabfa3c18b7/go.mod h1:ZJKsE/KZfsU github.com/jackc/pgconn v1.8.0/go.mod h1:1C2Pb36bGIP9QHGBYCjnyhqu7Rv3sGshaQUvmfGIB/o= github.com/jackc/pgconn v1.9.0/go.mod h1:YctiPyvzfU11JFxoXokUOOKQXQmDMoJL9vJzHH8/2JY= github.com/jackc/pgconn v1.9.1-0.20210724152538-d89c8390a530/go.mod h1:4z2w8XhRbP1hYxkpTuBjTS3ne3J48K83+u0zoyvg2pI= -github.com/jackc/pgconn v1.10.0/go.mod h1:4z2w8XhRbP1hYxkpTuBjTS3ne3J48K83+u0zoyvg2pI= -github.com/jackc/pgconn v1.10.1/go.mod h1:4z2w8XhRbP1hYxkpTuBjTS3ne3J48K83+u0zoyvg2pI= github.com/jackc/pgconn v1.12.0/go.mod h1:ZkhRC59Llhrq3oSfrikvwQ5NaxYExr6twkdkMLaKono= github.com/jackc/pgconn v1.12.1 h1:rsDFzIpRk7xT4B8FufgpCCeyjdNpKyghZeSefViE5W8= github.com/jackc/pgconn v1.12.1/go.mod h1:ZkhRC59Llhrq3oSfrikvwQ5NaxYExr6twkdkMLaKono= @@ -1136,14 +1121,12 @@ github.com/jackc/pgtype v0.0.0-20190421001408-4ed0de4755e0/go.mod h1:hdSHsc1V01C github.com/jackc/pgtype v0.0.0-20190824184912-ab885b375b90/go.mod h1:KcahbBH1nCMSo2DXpzsoWOAfFkdEtEJpPbVLq8eE+mc= github.com/jackc/pgtype v0.0.0-20190828014616-a8802b16cc59/go.mod h1:MWlu30kVJrUS8lot6TQqcg7mtthZ9T0EoIBFiJcmcyw= github.com/jackc/pgtype v1.8.1-0.20210724151600-32e20a603178/go.mod h1:C516IlIV9NKqfsMCXTdChteoXmwgUceqaLfjg2e3NlM= -github.com/jackc/pgtype v1.8.1/go.mod h1:LUMuVrfsFfdKGLw+AFFVv6KtHOFMwRgDDzBt76IqCA4= github.com/jackc/pgtype v1.11.0 h1:u4uiGPz/1hryuXzyaBhSk6dnIyyG2683olG2OV+UUgs= github.com/jackc/pgtype v1.11.0/go.mod h1:LUMuVrfsFfdKGLw+AFFVv6KtHOFMwRgDDzBt76IqCA4= github.com/jackc/pgx/v4 v4.0.0-20190420224344-cc3461e65d96/go.mod h1:mdxmSJJuR08CZQyj1PVQBHy9XOp5p8/SHH6a0psbY9Y= github.com/jackc/pgx/v4 v4.0.0-20190421002000-1b8f0016e912/go.mod h1:no/Y67Jkk/9WuGR0JG/JseM9irFbnEPbuWV2EELPNuM= github.com/jackc/pgx/v4 v4.0.0-pre1.0.20190824185557-6972a5742186/go.mod h1:X+GQnOEnf1dqHGpw7JmHqHc1NxDoalibchSk9/RWuDc= github.com/jackc/pgx/v4 v4.12.1-0.20210724153913-640aa07df17c/go.mod h1:1QD0+tgSXP7iUjYm9C1NxKhny7lq6ee99u/z+IHFcgs= -github.com/jackc/pgx/v4 v4.13.0/go.mod h1:9P4X524sErlaxj0XSGZk7s+LD0eOyu1ZDUrrpznYDF0= github.com/jackc/pgx/v4 v4.16.0/go.mod h1:N0A9sFdWzkw/Jy1lwoiB64F2+ugFZi987zRxcPez/wI= github.com/jackc/pgx/v4 v4.16.1 h1:JzTglcal01DrghUqt+PmzWsZx/Yh7SC/CTQmSBMTd0Y= github.com/jackc/pgx/v4 v4.16.1/go.mod h1:SIhx0D5hoADaiXZVyv+3gSm3LCIIINTVO0PficsvWGQ= @@ -1256,7 +1239,6 @@ github.com/lib/pq v1.1.1/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo= github.com/lib/pq v1.2.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo= github.com/lib/pq v1.10.1/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o= github.com/lib/pq v1.10.2/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o= -github.com/lib/pq v1.10.4/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o= github.com/lib/pq v1.10.6 h1:jbk+ZieJ0D7EVGJYpL9QTz7/YW6UHbmdnZWYyK5cdBs= github.com/lib/pq v1.10.6/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o= github.com/lightstep/lightstep-tracer-common/golang/gogo v0.0.0-20190605223551-bc2310a04743/go.mod h1:qklhhLq1aX+mtWk9cPHPzaBjWImj5ULL6C7HFJtXQMM= @@ -1285,7 +1267,6 @@ github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJ github.com/markbates/hmax v1.0.0 h1:yo2N0gBoCnUMKhV/VRLHomT6Y9wUm+oQQENuWJqCdlM= github.com/markbates/hmax v1.0.0/go.mod h1:cOkR9dktiESxIMu+65oc/r/bdY4bE8zZw3OLhLx0X2c= github.com/markbates/oncer v0.0.0-20181203154359-bf2de49a0be2/go.mod h1:Ld9puTsIW75CHf65OeIOkyKbteujpZVXDpWK6YGZbxE= -github.com/markbates/oncer v1.0.0/go.mod h1:Z59JA581E9GP6w96jai+TGqafHPW+cPfRxz2aSZ0mcI= github.com/markbates/pkger v0.17.1 h1:/MKEtWqtc0mZvu9OinB9UzVN9iYCwLWuyUv4Bw+PCno= github.com/markbates/pkger v0.17.1/go.mod h1:0JoVlrol20BSywW79rN3kdFFsE5xYM+rSCQDXbLhiuI= github.com/markbates/safe v1.0.1/go.mod h1:nAqgmRi7cY2nqMc92/bSEeQA+R4OheNU2T1kNSCBdG0= @@ -1327,7 +1308,6 @@ github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5 github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369 h1:I0XW9+e1XWDxdcEniV4rQAIOPUGDq67JSCiRCgGCZLI= github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369/go.mod h1:BSXmuO+STAnVfrANrmjBb36TMTDstsz7MSK+HVaYKv4= github.com/mgutz/ansi v0.0.0-20170206155736-9520e82c474b/go.mod h1:01TrycV0kFyexm33Z7vhZRXopbI8J3TDReVlkTgMUxE= -github.com/microcosm-cc/bluemonday v1.0.2/go.mod h1:iVP4YcDBq+n/5fb23BhYFvIMq/leAFZyRl6bYmGDlGc= github.com/microcosm-cc/bluemonday v1.0.16 h1:kHmAq2t7WPWLjiGvzKa5o3HzSfahUKiOq7fAPUiMNIc= github.com/microcosm-cc/bluemonday v1.0.16/go.mod h1:Z0r70sCuXHig8YpBzCc5eGHAap2K7e/u082ZUpDRRqM= github.com/miekg/dns v1.0.14/go.mod h1:W1PPwlIAgtquWBMBEV9nkV9Cazfe8ScdGz/Lj7v3Nrg= @@ -1508,8 +1488,8 @@ github.com/ory/sessions v1.2.2-0.20220110165800-b09c17334dc2 h1:zm6sDvHy/U9XrGpi github.com/ory/sessions v1.2.2-0.20220110165800-b09c17334dc2/go.mod h1:dk2InVEVJ0sfLlnXv9EAgkf6ecYs/i80K/zI+bUmuGM= github.com/ory/viper v1.7.5 h1:+xVdq7SU3e1vNaCsk/ixsfxE4zylk1TJUiJrY647jUE= github.com/ory/viper v1.7.5/go.mod h1:ypOuyJmEUb3oENywQZRgeAMwqgOyDqwboO1tj3DjTaM= -github.com/ory/x v0.0.445 h1:gKBFPOT8fbLt0i80z+siYlDunAbzpBX/hflhQbAdvBQ= -github.com/ory/x v0.0.445/go.mod h1:kB0Nf6sgWsDl7M0QjDmfyKheDc/LF999wzhKHQ2Kop0= +github.com/ory/x v0.0.453 h1:57/UpP55cON7w+L/qloIn1kKKqyjWbBK6KaCvT4LqTA= +github.com/ory/x v0.0.453/go.mod h1:i3TlzVVChaun6sfVscSqGyPr7IuzC3C0aSgS+ODSbNQ= github.com/otiai10/copy v1.2.0/go.mod h1:rrF5dJ5F0t/EWSYODDu4j9/vEeYHMkc8jt0zJChqQWw= github.com/otiai10/curr v0.0.0-20150429015615-9b4961190c95/go.mod h1:9qAhocn7zKJG+0mI8eUu6xqkFDYS2kb2saOteoSB3cE= github.com/otiai10/curr v1.0.0/go.mod h1:LskTG5wDwr8Rs+nNQ+1LlxRjAtTZZjtJW4rMXl6j4vs= @@ -1527,7 +1507,6 @@ github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/9 github.com/pelletier/go-toml v1.7.0/go.mod h1:vwGMzjaWMwyfHwgIBhI2YUM4fB6nL6lVAvS1LBMMhTE= github.com/pelletier/go-toml v1.8.0/go.mod h1:D6yutnOGMveHEPV7VQOuvI/gXY61bv+9bAOTRnLElKs= github.com/pelletier/go-toml v1.8.1/go.mod h1:T2/BmBdy8dvIRq1a/8aqjN41wvWlN4lrapLU/GW4pbc= -github.com/pelletier/go-toml v1.9.3/go.mod h1:u1nR/EPcESfeI/szUZKdtJ0xRNbUoANCkoOuaOx1Y+c= github.com/pelletier/go-toml v1.9.4/go.mod h1:u1nR/EPcESfeI/szUZKdtJ0xRNbUoANCkoOuaOx1Y+c= github.com/pelletier/go-toml v1.9.5 h1:4yBQzkHv+7BHq2PQUZF3Mx0IYxG7LsP222s7Agd3ve8= github.com/pelletier/go-toml v1.9.5/go.mod h1:u1nR/EPcESfeI/szUZKdtJ0xRNbUoANCkoOuaOx1Y+c= @@ -1732,7 +1711,6 @@ github.com/spf13/cobra v0.0.5/go.mod h1:3K3wKZymM7VvHMDS9+Akkh4K60UwM26emMESw8tL github.com/spf13/cobra v1.0.0/go.mod h1:/6GTrnGXV9HjY+aR4k0oJ5tcvakLuG6EuKReYlHNrgE= github.com/spf13/cobra v1.1.1/go.mod h1:WnodtKOvamDL/PwE2M4iKs8aMDBZ5Q5klgD3qfVJQMI= github.com/spf13/cobra v1.1.3/go.mod h1:pGADOWyqRD/YMrPZigI/zbliZ2wVD/23d+is3pSWzOo= -github.com/spf13/cobra v1.2.1/go.mod h1:ExllRjgxM/piMAM+3tAZvg8fsklGAf3tPfi+i8t68Nk= github.com/spf13/cobra v1.3.0/go.mod h1:BrRVncBjOJa/eUcVVm9CE+oC6as8k+VYr4NY7WCi9V4= github.com/spf13/cobra v1.5.0 h1:X+jTBEBqF0bHN+9cSMgmfuvv2VHJ9ezmFNf9Y/XstYU= github.com/spf13/cobra v1.5.0/go.mod h1:dWXEIy2H428czQCjInthrTRUg7yKbok+2Qi/yBIJoUM= @@ -1749,7 +1727,6 @@ github.com/spf13/viper v1.3.2/go.mod h1:ZiWeW+zYFKm7srdB9IoDzzZXaJaI5eL9QjNiN/DM github.com/spf13/viper v1.4.0/go.mod h1:PTJ7Z/lr49W6bUbkmS1V3by4uWynFiR9p7+dSq/yZzE= github.com/spf13/viper v1.7.0/go.mod h1:8WkrPz2fc9jxqZNCJI/76HCieCp4Q8HaLFoCha5qpdg= github.com/spf13/viper v1.7.1/go.mod h1:8WkrPz2fc9jxqZNCJI/76HCieCp4Q8HaLFoCha5qpdg= -github.com/spf13/viper v1.8.1/go.mod h1:o0Pch8wJ9BVSWGQMbra6iw0oQ5oktSIBaujf1rJH9Ns= github.com/spf13/viper v1.10.0 h1:mXH0UwHS4D2HwWZa75im4xIQynLfblmWV7qcWpfv0yk= github.com/spf13/viper v1.10.0/go.mod h1:SoyBPwAtKDzypXNDFKN5kzH7ppppbGZtls1UpIy5AsM= github.com/sqs/goreturns v0.0.0-20181028201513-538ac6014518 h1:iD+PFTQwKEmbwSdwfvP5ld2WEI/g7qbdhmHJ2ASfYGs= @@ -1894,14 +1871,11 @@ go.etcd.io/etcd v0.0.0-20191023171146-3cf2f69b5738/go.mod h1:dnLIgRNXwCJa5e+c6mI go.etcd.io/etcd v0.5.0-alpha.5.0.20200910180754-dd1b699fc489 h1:1JFLBqwIgdyHN1ZtgjTBwO+blA6gVOmZurpiMEsETKo= go.etcd.io/etcd v0.5.0-alpha.5.0.20200910180754-dd1b699fc489/go.mod h1:yVHk9ub3CSBatqGNg7GRmsnfLWtoW60w4eDYfh7vHDg= go.etcd.io/etcd/api/v3 v3.5.0-alpha.0/go.mod h1:mPcW6aZJukV6Aa81LSKpBjQXTWlXB5r74ymPoSWa3Sw= -go.etcd.io/etcd/api/v3 v3.5.0/go.mod h1:cbVKeC6lCfl7j/8jBhAK6aIYO9XOjdptoxU/nLQcPvs= go.etcd.io/etcd/api/v3 v3.5.1 h1:v28cktvBq+7vGyJXF8G+rWJmj+1XUmMtqcLnH8hDocM= go.etcd.io/etcd/api/v3 v3.5.1/go.mod h1:cbVKeC6lCfl7j/8jBhAK6aIYO9XOjdptoxU/nLQcPvs= -go.etcd.io/etcd/client/pkg/v3 v3.5.0/go.mod h1:IJHfcCEKxYu1Os13ZdwCwIUTUVGYTSAM3YSwc9/Ac1g= go.etcd.io/etcd/client/pkg/v3 v3.5.1 h1:XIQcHCFSG53bJETYeRJtIxdLv2EWRGxcfzR8lSnTH4E= go.etcd.io/etcd/client/pkg/v3 v3.5.1/go.mod h1:IJHfcCEKxYu1Os13ZdwCwIUTUVGYTSAM3YSwc9/Ac1g= go.etcd.io/etcd/client/v2 v2.305.0-alpha.0/go.mod h1:kdV+xzCJ3luEBSIeQyB/OEKkWKd8Zkux4sbDeANrosU= -go.etcd.io/etcd/client/v2 v2.305.0/go.mod h1:h9puh54ZTgAKtEbut2oe9P4L/oqKCVB6xsXlzd7alYQ= go.etcd.io/etcd/client/v2 v2.305.1 h1:vtxYCKWA9x31w0WJj7DdqsHFNjhkigdAnziDtkZb/l4= go.etcd.io/etcd/client/v2 v2.305.1/go.mod h1:pMEacxZW7o8pg4CrFE7pquyCJJzZvkvdD2RibOCCCGs= go.etcd.io/etcd/client/v3 v3.5.0-alpha.0 h1:dr1EOILak2pu4Nf5XbRIOCNIBjcz6UmkQd7hHRXwxaM= @@ -2092,9 +2066,8 @@ golang.org/x/mod v0.4.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.5.0/go.mod h1:5OXOZSfqPIIbmVBIIKWRFfZjPR0E5r58TLhUjH0a2Ro= -golang.org/x/mod v0.5.1/go.mod h1:5OXOZSfqPIIbmVBIIKWRFfZjPR0E5r58TLhUjH0a2Ro= -golang.org/x/mod v0.6.0-dev.0.20220106191415-9b9b3d81d5e3 h1:kQgndtyPBW/JIYERgdxfwMYh3AVStj88WQTlNDi2a+o= -golang.org/x/mod v0.6.0-dev.0.20220106191415-9b9b3d81d5e3/go.mod h1:3p9vT2HGsQu2K1YbXdKPJLVgG5VJdoTa1poYQBtP1AY= +golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4 h1:6zppjxzCulZykYSLyVDYbneBfbaBIQPYMevg0bEwv2s= +golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -2182,7 +2155,6 @@ golang.org/x/oauth2 v0.0.0-20201208152858-08078c50e5b5/go.mod h1:KelEdhl1UZF7XfJ golang.org/x/oauth2 v0.0.0-20210218202405-ba52d332ba99/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20210220000619-9bb904979d93/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20210313182246-cd4f82c27b84/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/oauth2 v0.0.0-20210402161424-2e8d93401602/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20210413134643-5e61552d6c78/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20210427180440-81ed05c6b58c/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20210514164344-f6687ab2804c/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= @@ -2323,8 +2295,8 @@ golang.org/x/tools v0.1.3/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.4/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.7/go.mod h1:LGqMHiF4EqQNHR1JncWGqT5BVaXmza+X+BDGol+dOxo= -golang.org/x/tools v0.1.10 h1:QjFRCZxdOhBJ/UNgnBZLbNV13DlbnK0quyivTnXJM20= -golang.org/x/tools v0.1.10/go.mod h1:Uh6Zz+xoGYZom868N8YTex3t7RhtHDBrE8Gzo9bV56E= +golang.org/x/tools v0.1.11 h1:loJ25fNOEhSXfHrpoGj91eCUThwdNX6u24rO1xnNteY= +golang.org/x/tools v0.1.11/go.mod h1:SgwaegtQh8clINPpECJMqnxLv9I09HLqnW3RMqW0CA4= golang.org/x/xerrors v0.0.0-20190410155217-1f06c39b4373/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20190513163551-3ee3066db522/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= @@ -2366,7 +2338,6 @@ google.golang.org/api v0.36.0/go.mod h1:+z5ficQTmoYpPn8LCUNVpK5I7hwkpjbcgqA7I34q google.golang.org/api v0.40.0/go.mod h1:fYKFpnQN0DsDSKRVRcQSDQNtqWPfM9i+zNPxepjRCQ8= google.golang.org/api v0.41.0/go.mod h1:RkxM5lITDfTzmyKFPt+wGrCJbVfniCr2ool8kTBzRTU= google.golang.org/api v0.43.0/go.mod h1:nQsDGjRXMo4lvh5hP0TKqF244gqhGcr/YSIykhUk/94= -google.golang.org/api v0.44.0/go.mod h1:EBOGZqzyhtvMDoxwS97ctnh0zUmYY6CxqXsc1AvkYD8= google.golang.org/api v0.45.0/go.mod h1:ISLIJCedJolbZvDfAk+Ctuq5hf+aJ33WgtUsfyFoLXA= google.golang.org/api v0.47.0/go.mod h1:Wbvgpq1HddcWVtzsVLyfLp8lDg6AA241LmgIL59tHXo= google.golang.org/api v0.48.0/go.mod h1:71Pr1vy+TAZRPkPs/xlCf5SsU8WjuAWv1Pfjbtukyy4= From 573bd1601c9e690ecd3aa67eb2c5a422f8d2cf72 Mon Sep 17 00:00:00 2001 From: ory-bot <60093411+ory-bot@users.noreply.github.com> Date: Tue, 2 Aug 2022 20:49:38 +0000 Subject: [PATCH 201/411] autogen(docs): regenerate and update changelog [skip ci] --- CHANGELOG.md | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 9fb31a45572e..62982def3b7f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,7 +4,7 @@ **Table of Contents** -- [ (2022-08-01)](#2022-08-01) +- [ (2022-08-02)](#2022-08-02) - [Breaking Changes](#breaking-changes) - [Bug Fixes](#bug-fixes) - [Code Refactoring](#code-refactoring) @@ -263,7 +263,7 @@ -# [](https://github.com/ory/kratos/compare/v0.10.1...v) (2022-08-01) +# [](https://github.com/ory/kratos/compare/v0.10.1...v) (2022-08-02) ## Breaking Changes @@ -313,6 +313,9 @@ SDK Method `getJsonSchema` was renamed to `getIdentitySchema`. ([#2517](https://github.com/ory/kratos/issues/2517)) ([c058e23](https://github.com/ory/kratos/commit/c058e23599d994e12b676e87f7282c1f2b2e089c)), closes [#2426](https://github.com/ory/kratos/issues/2426) +- Improve migration status speed + ([#2637](https://github.com/ory/kratos/issues/2637)) + ([a2e3c41](https://github.com/ory/kratos/commit/a2e3c41f9e513e1de47f6320f6a10acd1fed5eea)) - Make hydra consistently localhost ([70211a1](https://github.com/ory/kratos/commit/70211a17a452d5ced8317822afda3f8e6185cc71)) - Make ID field in VerifiableAddress struct optional From b341756130ee808ddcc003163884f09e3f006d0a Mon Sep 17 00:00:00 2001 From: Jonas Hungershausen Date: Thu, 4 Aug 2022 16:18:22 +0200 Subject: [PATCH 202/411] feat: replace message_ttl with static max retry count (#2638) This PR replaces the `courier.message_ttl` configuration option with a `courier.message_retries` option to limit how often the sending of a message is retried before it is marked as `abandoned`. BREAKING CHANGES: This is a breaking change, as it removes the `courier.message_ttl` config key and replaces it with a counter `courier.message_retries`. Closes https://github.com/ory/kratos/issues/402 Closes https://github.com/ory/kratos/issues/1598 --- .schemastore/config.schema.json | 14 ++-- courier/courier_dispatcher.go | 64 +++++++++------- courier/courier_dispatcher_test.go | 75 ++++++++++++++++--- courier/message.go | 21 +++--- courier/persistence.go | 2 + courier/smtp.go | 14 ++++ courier/test/persistence.go | 12 +++ driver/config/config.go | 8 +- driver/config/config_test.go | 6 +- .../stub/.kratos.courier.messageTTL.yaml | 2 - .../stub/.kratos.courier.message_retries.yaml | 2 + embedx/config.schema.json | 14 ++-- persistence/sql/README.md | 25 +++++-- ...02103909000000_courier_send_count.down.sql | 1 + ...0802103909000000_courier_send_count.up.sql | 2 + persistence/sql/persister_courier.go | 25 +++++++ .../root.invalidTypes.yaml | 2 +- .../root.courierSMS.yaml | 2 +- 18 files changed, 213 insertions(+), 78 deletions(-) delete mode 100644 driver/config/stub/.kratos.courier.messageTTL.yaml create mode 100644 driver/config/stub/.kratos.courier.message_retries.yaml create mode 100644 persistence/sql/migrations/sql/20220802103909000000_courier_send_count.down.sql create mode 100644 persistence/sql/migrations/sql/20220802103909000000_courier_send_count.up.sql diff --git a/.schemastore/config.schema.json b/.schemastore/config.schema.json index 9bab217719d5..e001756985e8 100644 --- a/.schemastore/config.schema.json +++ b/.schemastore/config.schema.json @@ -1471,15 +1471,13 @@ "/conf/courier-templates" ] }, - "message_ttl": { - "description": "Defines a Time-To-Live for courier messages that could not be delivered. After the defined TTL has expired for a message that message is abandoned.", - "type": "string", - "pattern": "^([0-9]+(ns|us|ms|s|m|h))+$", - "default": "1h", + "message_retries": { + "description": "Defines the maximum number of times the sending of a message is retried after it failed before it is marked as abandoned", + "type": "integer", + "default": 5, "examples": [ - "1h", - "1m", - "1s" + 10, + 60 ] }, "smtp": { diff --git a/courier/courier_dispatcher.go b/courier/courier_dispatcher.go index 7b243c786128..af572e5aa7cf 100644 --- a/courier/courier_dispatcher.go +++ b/courier/courier_dispatcher.go @@ -2,12 +2,37 @@ package courier import ( "context" - "time" "github.com/pkg/errors" ) func (c *courier) DispatchMessage(ctx context.Context, msg Message) error { + maxRetries := c.deps.CourierConfig(ctx).CourierMessageRetries() + + if msg.SendCount > maxRetries { + if err := c.deps.CourierPersister().SetMessageStatus(ctx, msg.ID, MessageStatusAbandoned); err != nil { + c.deps.Logger(). + WithError(err). + WithField("message_id", msg.ID). + Error(`Unable to reset the retried message's status to "abandoned".`) + return err + } + + // Skip the message + c.deps.Logger(). + WithField("message_id", msg.ID). + Warnf(`Message was abandoned because it did not deliver after %d attempts`, msg.SendCount) + return nil + } + + if err := c.deps.CourierPersister().IncrementMessageSendCount(ctx, msg.ID); err != nil { + c.deps.Logger(). + WithError(err). + WithField("message_id", msg.ID). + Error(`Unable to increment the message's "send_count" field`) + return err + } + switch msg.Type { case MessageTypeEmail: if err := c.dispatchEmail(ctx, msg); err != nil { @@ -48,35 +73,22 @@ func (c *courier) DispatchQueue(ctx context.Context) error { return err } - ttl := c.deps.CourierConfig(ctx).CourierMessageTTL() - for k, msg := range messages { - if time.Now().After(msg.CreatedAt.Add(ttl)) { - if err := c.deps.CourierPersister().SetMessageStatus(ctx, msg.ID, MessageStatusAbandoned); err != nil { - if c.failOnError { - return err - } - c.deps.Logger(). - WithError(err). - WithField("message_id", msg.ID). - Error(`Unable to reset the timed out message's status to "abandoned".`) - } - } else { - if err := c.DispatchMessage(ctx, msg); err != nil { - for _, replace := range messages[k:] { - if err := c.deps.CourierPersister().SetMessageStatus(ctx, replace.ID, MessageStatusQueued); err != nil { - if c.failOnError { - return err - } - c.deps.Logger(). - WithError(err). - WithField("message_id", replace.ID). - Error(`Unable to reset the failed message's status to "queued".`) + if err := c.DispatchMessage(ctx, msg); err != nil { + + for _, replace := range messages[k:] { + if err := c.deps.CourierPersister().SetMessageStatus(ctx, replace.ID, MessageStatusQueued); err != nil { + if c.failOnError { + return err } + c.deps.Logger(). + WithError(err). + WithField("message_id", replace.ID). + Error(`Unable to reset the failed message's status to "queued".`) } - - return err } + + return err } } diff --git a/courier/courier_dispatcher_test.go b/courier/courier_dispatcher_test.go index dd7289acf073..01980a50e7d1 100644 --- a/courier/courier_dispatcher_test.go +++ b/courier/courier_dispatcher_test.go @@ -3,28 +3,75 @@ package courier_test import ( "context" "testing" - "time" "github.com/gofrs/uuid" - "github.com/sirupsen/logrus" "github.com/stretchr/testify/require" "github.com/ory/kratos/courier" + "github.com/ory/kratos/courier/template" templates "github.com/ory/kratos/courier/template/email" "github.com/ory/kratos/driver/config" "github.com/ory/kratos/internal" ) -func TestMessageTTL(t *testing.T) { - if testing.Short() { - t.SkipNow() - } +func queueNewMessage(t *testing.T, ctx context.Context, c courier.Courier, d template.Dependencies) uuid.UUID { + t.Helper() + id, err := c.QueueEmail(ctx, templates.NewTestStub(d, &templates.TestStubModel{ + To: "test-recipient-1@example.org", + Subject: "test-subject-1", + Body: "test-body-1", + })) + require.NoError(t, err) + return id +} + +func TestDispatchMessageWithInvalidSMTP(t *testing.T) { ctx := context.Background() conf, reg := internal.NewRegistryDefaultWithDSN(t, "") - conf.MustSet(config.ViperKeyCourierMessageTTL, 1*time.Nanosecond) + conf.MustSet(config.ViperKeyCourierMessageRetries, 5) + conf.MustSet(config.ViperKeyCourierSMTPURL, "http://foo.url") - reg.Logger().Level = logrus.TraceLevel + ctx, cancel := context.WithCancel(ctx) + defer cancel() + + c := reg.Courier(ctx) + + t.Run("case=failed sending", func(t *testing.T) { + id := queueNewMessage(t, ctx, c, reg) + message, err := reg.CourierPersister().LatestQueuedMessage(ctx) + require.NoError(t, err) + require.Equal(t, id, message.ID) + + err = c.DispatchMessage(ctx, *message) + // sending the email fails, because there is no SMTP server at foo.url + require.Error(t, err) + + messages, err := reg.CourierPersister().NextMessages(ctx, 10) + require.Len(t, messages, 1) + }) + + t.Run("case=max retries reached", func(t *testing.T) { + id := queueNewMessage(t, ctx, c, reg) + message, err := reg.CourierPersister().LatestQueuedMessage(ctx) + require.NoError(t, err) + require.Equal(t, id, message.ID) + message.SendCount = 6 + + err = c.DispatchMessage(ctx, *message) + require.NoError(t, err) + + messages, err := reg.CourierPersister().NextMessages(ctx, 1) + require.Empty(t, messages) + }) + +} + +func TestDispatchMessage2(t *testing.T) { + ctx := context.Background() + + conf, reg := internal.NewRegistryDefaultWithDSN(t, "") + conf.MustSet(config.ViperKeyCourierMessageRetries, 1) c := reg.Courier(ctx) @@ -39,9 +86,17 @@ func TestMessageTTL(t *testing.T) { require.NoError(t, err) require.NotEqual(t, uuid.Nil, id) - c.DispatchQueue(ctx) + // Fails to deliver the first time + err = c.DispatchQueue(ctx) + require.Error(t, err) + + // Retry once, as we set above - still fails + err = c.DispatchQueue(ctx) + require.Error(t, err) - time.Sleep(1 * time.Second) + // Now it has been retried once, which means 2 > 1 is true and it is no longer tried + err = c.DispatchQueue(ctx) + require.NoError(t, err) var message courier.Message err = reg.Persister().GetConnection(ctx). diff --git a/courier/message.go b/courier/message.go index d6664556283f..da85a956de88 100644 --- a/courier/message.go +++ b/courier/message.go @@ -27,20 +27,21 @@ const ( // swagger:ignore type Message struct { - ID uuid.UUID `json:"-" faker:"-" db:"id"` - NID uuid.UUID `json:"-" faker:"-" db:"nid"` - Status MessageStatus `json:"-" db:"status"` - Type MessageType `json:"-" db:"type"` - Recipient string `json:"-" db:"recipient"` - Body string `json:"-" db:"body"` - Subject string `json:"-" db:"subject"` - TemplateType TemplateType `json:"-" db:"template_type"` + ID uuid.UUID `json:"id" faker:"-" db:"id"` + NID uuid.UUID `json:"-" faker:"-" db:"nid"` + Status MessageStatus `json:"status" db:"status"` + Type MessageType `json:"type" db:"type"` + Recipient string `json:"recipient" db:"recipient"` + Body string `json:"body" db:"body"` + Subject string `json:"subject" db:"subject"` + TemplateType TemplateType `json:"template_type" db:"template_type"` TemplateData []byte `json:"-" db:"template_data"` + SendCount int `json:"send_count" db:"send_count"` // CreatedAt is a helper struct field for gobuffalo.pop. - CreatedAt time.Time `json:"-" faker:"-" db:"created_at"` + CreatedAt time.Time `json:"created_at" faker:"-" db:"created_at"` // UpdatedAt is a helper struct field for gobuffalo.pop. - UpdatedAt time.Time `json:"-" faker:"-" db:"updated_at"` + UpdatedAt time.Time `json:"updated_at" faker:"-" db:"updated_at"` } func (m Message) TableName(ctx context.Context) string { diff --git a/courier/persistence.go b/courier/persistence.go index 54811daefe4b..dcccfebb7222 100644 --- a/courier/persistence.go +++ b/courier/persistence.go @@ -18,6 +18,8 @@ type ( SetMessageStatus(context.Context, uuid.UUID, MessageStatus) error LatestQueuedMessage(ctx context.Context) (*Message, error) + + IncrementMessageSendCount(context.Context, uuid.UUID) error } PersistenceProvider interface { CourierPersister() Persister diff --git a/courier/smtp.go b/courier/smtp.go index 7b0f0834a8ff..cd6c96bec183 100644 --- a/courier/smtp.go +++ b/courier/smtp.go @@ -5,6 +5,7 @@ import ( "crypto/tls" "encoding/json" "fmt" + "net/textproto" "strconv" "time" @@ -199,6 +200,19 @@ func (c *courier) dispatchEmail(ctx context.Context, msg Message) error { // WithField("email_to", msg.Recipient). WithField("message_from", from). Error("Unable to send email using SMTP connection.") + + var protoErr *textproto.Error + if containsProtoErr := errors.As(err, &protoErr); containsProtoErr && protoErr.Code >= 500 { + // See https://en.wikipedia.org/wiki/List_of_SMTP_server_return_codes + // If the SMTP server responds with 5xx, sending the message should not be retried (without changing something about the request) + if err := c.deps.CourierPersister().SetMessageStatus(ctx, msg.ID, MessageStatusAbandoned); err != nil { + c.deps.Logger(). + WithError(err). + WithField("message_id", msg.ID). + Error(`Unable to reset the retried message's status to "abandoned".`) + return err + } + } return errors.WithStack(err) } diff --git a/courier/test/persistence.go b/courier/test/persistence.go index b81f37cc8b5b..78efe40166b3 100644 --- a/courier/test/persistence.go +++ b/courier/test/persistence.go @@ -95,6 +95,18 @@ func TestPersister(ctx context.Context, newNetworkUnlessExisting NetworkWrapper, require.ErrorIs(t, err, courier.ErrQueueEmpty) }) + t.Run("case=incrementing send count", func(t *testing.T) { + originalSendCount := messages[0].SendCount + require.NoError(t, p.SetMessageStatus(ctx, messages[0].ID, courier.MessageStatusQueued)) + + require.NoError(t, p.IncrementMessageSendCount(ctx, messages[0].ID)) + ms, err := p.NextMessages(ctx, 1) + require.NoError(t, err) + require.Len(t, ms, 1) + assert.Equal(t, messages[0].ID, ms[0].ID) + assert.Equal(t, originalSendCount+1, ms[0].SendCount) + }) + t.Run("case=network", func(t *testing.T) { id := x.NewUUID() diff --git a/driver/config/config.go b/driver/config/config.go index 352698bc33d1..ef031ad2c365 100644 --- a/driver/config/config.go +++ b/driver/config/config.go @@ -74,7 +74,7 @@ const ( ViperKeyCourierSMSRequestConfig = "courier.sms.request_config" ViperKeyCourierSMSEnabled = "courier.sms.enabled" ViperKeyCourierSMSFrom = "courier.sms.from" - ViperKeyCourierMessageTTL = "courier.message_ttl" + ViperKeyCourierMessageRetries = "courier.message_retries" ViperKeySecretsDefault = "secrets.default" ViperKeySecretsCookie = "secrets.cookie" ViperKeySecretsCipher = "secrets.cipher" @@ -257,7 +257,7 @@ type ( CourierTemplatesVerificationValid() *CourierEmailTemplate CourierTemplatesRecoveryInvalid() *CourierEmailTemplate CourierTemplatesRecoveryValid() *CourierEmailTemplate - CourierMessageTTL() time.Duration + CourierMessageRetries() int } ) @@ -948,8 +948,8 @@ func (p *Config) CourierTemplatesRecoveryValid() *CourierEmailTemplate { return p.CourierTemplatesHelper(ViperKeyCourierTemplatesRecoveryValidEmail) } -func (p *Config) CourierMessageTTL() time.Duration { - return p.p.DurationF(ViperKeyCourierMessageTTL, time.Hour) +func (p *Config) CourierMessageRetries() int { + return p.p.IntF(ViperKeyCourierMessageRetries, 5) } func (p *Config) CourierSMTPHeaders() map[string]string { diff --git a/driver/config/config_test.go b/driver/config/config_test.go index 17d30dd88fb6..c4a2781577a3 100644 --- a/driver/config/config_test.go +++ b/driver/config/config_test.go @@ -1110,13 +1110,13 @@ func TestCourierMessageTTL(t *testing.T) { t.Run("case=configs set", func(t *testing.T) { conf, _ := config.New(ctx, logrusx.New("", ""), os.Stderr, - configx.WithConfigFiles("stub/.kratos.courier.messageTTL.yaml"), configx.SkipValidation()) - assert.Equal(t, conf.CourierMessageTTL(), time.Duration(5*time.Minute)) + configx.WithConfigFiles("stub/.kratos.courier.message_retries.yaml"), configx.SkipValidation()) + assert.Equal(t, conf.CourierMessageRetries(), 10) }) t.Run("case=defaults", func(t *testing.T) { conf, _ := config.New(ctx, logrusx.New("", ""), os.Stderr, configx.SkipValidation()) - assert.Equal(t, conf.CourierMessageTTL(), time.Duration(1*time.Hour)) + assert.Equal(t, conf.CourierMessageRetries(), 5) }) } diff --git a/driver/config/stub/.kratos.courier.messageTTL.yaml b/driver/config/stub/.kratos.courier.messageTTL.yaml deleted file mode 100644 index 2c7f1856ca36..000000000000 --- a/driver/config/stub/.kratos.courier.messageTTL.yaml +++ /dev/null @@ -1,2 +0,0 @@ -courier: - message_ttl: 5m diff --git a/driver/config/stub/.kratos.courier.message_retries.yaml b/driver/config/stub/.kratos.courier.message_retries.yaml new file mode 100644 index 000000000000..570238d811b7 --- /dev/null +++ b/driver/config/stub/.kratos.courier.message_retries.yaml @@ -0,0 +1,2 @@ +courier: + message_retries: 10 diff --git a/embedx/config.schema.json b/embedx/config.schema.json index f552bf0082ce..f2c4ef9696ab 100644 --- a/embedx/config.schema.json +++ b/embedx/config.schema.json @@ -1549,15 +1549,13 @@ "/conf/courier-templates" ] }, - "message_ttl": { - "description": "Defines a Time-To-Live for courier messages that could not be delivered. After the defined TTL has expired for a message that message is abandoned.", - "type": "string", - "pattern": "^([0-9]+(ns|us|ms|s|m|h))+$", - "default": "1h", + "message_retries": { + "description": "Defines the maximum number of times the sending of a message is retried after it failed before it is marked as abandoned", + "type": "integer", + "default": 5, "examples": [ - "1h", - "1m", - "1s" + 10, + 60 ] }, "smtp": { diff --git a/persistence/sql/README.md b/persistence/sql/README.md index 690dd2b1742c..ced33e84ac6d 100644 --- a/persistence/sql/README.md +++ b/persistence/sql/README.md @@ -1,11 +1,26 @@ # SQL Migrations -To create a new [fizz](https://gobuffalo.io/en/docs/db/fizz/) migration run in the project root: +Migrations consist of one `up` and one `down` file. +To create these SQL migrations, copy the last migration in `./persistence/sql/migrations/sql` and change the timestamp to the current timestamp and the name to the desired name. -``` -$ name= -$ ory dev pop migration create ./persistence/sql/migrations/templates $name -``` +If some logic is different for one of the database systems, add the id after the name to the file name. +The content of that file will override the content of the "general" file for that particular DB system. + +Example: + +`20220802103909000000_courier_send_count.up.sql` +and +`20220802103909000000_courier_send_count.down.sql` + +With for example cockroach specific behavior: + +`20220802103909000000_courier_send_count.cockroach.up.sql` +and +`20220802103909000000_courier_send_count.cockroach.down.sql` + +Replace `cockroach` with `mysql`, `postgres` or `sqlite` if applicable. + +## Old Way To create SQL migrations, target each database individually and run diff --git a/persistence/sql/migrations/sql/20220802103909000000_courier_send_count.down.sql b/persistence/sql/migrations/sql/20220802103909000000_courier_send_count.down.sql new file mode 100644 index 000000000000..bc90e6b4c5e5 --- /dev/null +++ b/persistence/sql/migrations/sql/20220802103909000000_courier_send_count.down.sql @@ -0,0 +1 @@ +ALTER TABLE courier_messages DROP COLUMN send_count; \ No newline at end of file diff --git a/persistence/sql/migrations/sql/20220802103909000000_courier_send_count.up.sql b/persistence/sql/migrations/sql/20220802103909000000_courier_send_count.up.sql new file mode 100644 index 000000000000..983fcd561df6 --- /dev/null +++ b/persistence/sql/migrations/sql/20220802103909000000_courier_send_count.up.sql @@ -0,0 +1,2 @@ +ALTER TABLE courier_messages +ADD send_count INT NOT NULL DEFAULT 0; diff --git a/persistence/sql/persister_courier.go b/persistence/sql/persister_courier.go index 2450276ffd5e..9fc56bedea6d 100644 --- a/persistence/sql/persister_courier.go +++ b/persistence/sql/persister_courier.go @@ -117,3 +117,28 @@ func (p *Persister) SetMessageStatus(ctx context.Context, id uuid.UUID, ms couri return nil } + +func (p *Persister) IncrementMessageSendCount(ctx context.Context, id uuid.UUID) error { + ctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, "persistence.sql.SetMessageStatus") + defer span.End() + + count, err := p.GetConnection(ctx).RawQuery( + // #nosec G201 + fmt.Sprintf( + "UPDATE %s SET send_count = send_count + 1 WHERE id = ? AND nid = ?", + corp.ContextualizeTableName(ctx, "courier_messages"), + ), + id, + corp.ContextualizeNID(ctx, p.nid), + ).ExecWithCount() + + if err != nil { + return sqlcon.HandleError(err) + } + + if count == 0 { + return errors.WithStack(sqlcon.ErrNoRows) + } + + return nil +} diff --git a/test/schema/fixtures/config.schema.test.failure/root.invalidTypes.yaml b/test/schema/fixtures/config.schema.test.failure/root.invalidTypes.yaml index eee757e4f0e3..239169fabda2 100644 --- a/test/schema/fixtures/config.schema.test.failure/root.invalidTypes.yaml +++ b/test/schema/fixtures/config.schema.test.failure/root.invalidTypes.yaml @@ -33,7 +33,7 @@ courier: smtp: connection_uri: 0 from_address: 0 - message_ttl: invalid-value + message_retries: invalid-value serve: admin: diff --git a/test/schema/fixtures/config.schema.test.success/root.courierSMS.yaml b/test/schema/fixtures/config.schema.test.success/root.courierSMS.yaml index 8d0b32c3b795..0a131356ee04 100644 --- a/test/schema/fixtures/config.schema.test.success/root.courierSMS.yaml +++ b/test/schema/fixtures/config.schema.test.success/root.courierSMS.yaml @@ -9,7 +9,7 @@ identity: url: https://example.com courier: - message_ttl: 50m + message_retries: 50 smtp: connection_uri: smtps://foo:bar@my-mailserver:1234/ from_address: no-reply@ory.kratos.sh From 8fa14ecb41aa08f9d532439cf5d50bcd8fc5f55f Mon Sep 17 00:00:00 2001 From: ory-bot <60093411+ory-bot@users.noreply.github.com> Date: Thu, 4 Aug 2022 15:00:27 +0000 Subject: [PATCH 203/411] autogen(docs): regenerate and update changelog [skip ci] --- CHANGELOG.md | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 62982def3b7f..e31b5286e583 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,7 +4,7 @@ **Table of Contents** -- [ (2022-08-02)](#2022-08-02) +- [ (2022-08-04)](#2022-08-04) - [Breaking Changes](#breaking-changes) - [Bug Fixes](#bug-fixes) - [Code Refactoring](#code-refactoring) @@ -263,10 +263,16 @@ -# [](https://github.com/ory/kratos/compare/v0.10.1...v) (2022-08-02) +# [](https://github.com/ory/kratos/compare/v0.10.1...v) (2022-08-04) ## Breaking Changes +This is a breaking change, as it removes the `courier.message_ttl` config key +and replaces it with a counter `courier.message_retries`. + +Closes https://github.com/ory/kratos/issues/402 Closes +https://github.com/ory/kratos/issues/1598 + SDK Method `getJsonSchema` was renamed to `getIdentitySchema`. ### Bug Fixes @@ -424,6 +430,13 @@ SDK Method `getJsonSchema` was renamed to `getIdentitySchema`. ([e48e9fa](https://github.com/ory/kratos/commit/e48e9fac7ab6a982e0e941bfea1d15569eb53582)), closes [#1724](https://github.com/ory/kratos/issues/1724) [#1483](https://github.com/ory/kratos/issues/1483) +- Replace message_ttl with static max retry count + ([#2638](https://github.com/ory/kratos/issues/2638)) + ([b341756](https://github.com/ory/kratos/commit/b341756130ee808ddcc003163884f09e3f006d0a)): + + This PR replaces the `courier.message_ttl` configuration option with a + `courier.message_retries` option to limit how often the sending of a message + is retried before it is marked as `abandoned`. ### Tests From c589520ff865cefdb287e597b9e858851a778755 Mon Sep 17 00:00:00 2001 From: Dejan Filipovic Date: Fri, 5 Aug 2022 11:14:11 +0200 Subject: [PATCH 204/411] fix(docker): add missing dependencies (#2643) --- .docker/Dockerfile-build | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.docker/Dockerfile-build b/.docker/Dockerfile-build index 978312ae4767..71791df2b7d6 100644 --- a/.docker/Dockerfile-build +++ b/.docker/Dockerfile-build @@ -1,7 +1,7 @@ # syntax = docker/dockerfile:1-experimental FROM golang:1.18-alpine3.16 AS base -RUN apk --update upgrade && apk --no-cache --update-cache --upgrade --latest add ca-certificates +RUN apk --update upgrade && apk --no-cache --update-cache --upgrade --latest add ca-certificates build-base gcc WORKDIR /go/src/github.com/ory/kratos From 6e3fdb7de8a82f428b97bb2c9fbf3deac45414a7 Mon Sep 17 00:00:00 2001 From: aeneasr <3372410+aeneasr@users.noreply.github.com> Date: Sun, 7 Aug 2022 04:49:47 +0000 Subject: [PATCH 205/411] chore: update repository templates [skip ci] - updated repository templates to https://github.com/ory/meta/commit/93406389c87ece491fe9775500af1dd7e8aaa86f --- package-lock.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package-lock.json b/package-lock.json index 09474b1c3997..2221e3f97ddd 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,5 +1,5 @@ { - "name": "tmp.BG96w4STbK", + "name": "tmp.lqbftq1zhx", "lockfileVersion": 2, "requires": true, "packages": { From aa6ef6decae05bb43107340a09b413bac1a76579 Mon Sep 17 00:00:00 2001 From: aeneasr <3372410+aeneasr@users.noreply.github.com> Date: Thu, 11 Aug 2022 00:11:38 +0000 Subject: [PATCH 206/411] chore: update repository templates [skip ci] - updated repository templates to https://github.com/ory/meta/commit/430183216bf2d03ee7e20d26e19000c2d55fbb54 --- .github/pull_request_template.md | 4 ++-- package-lock.json | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md index d22b92a3142f..3d85438b24f5 100644 --- a/.github/pull_request_template.md +++ b/.github/pull_request_template.md @@ -17,8 +17,8 @@ If this pull request 1. is a fix for a known bug, link the issue where the bug was reported in the format of `#1234`; 2. is a fix for a previously unknown bug, explain the bug and how to reproduce it in this pull request; -2. implements a new feature, link the issue containing the design document in the format of `#1234`; -3. improves the documentation, no issue reference is required. +3. implements a new feature, link the issue containing the design document in the format of `#1234`; +4. improves the documentation, no issue reference is required. Pull requests introducing new features, which do not have a design document linked are more likely to be rejected and take on average 2-8 weeks longer to get merged. diff --git a/package-lock.json b/package-lock.json index 2221e3f97ddd..9626bb708d1a 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,5 +1,5 @@ { - "name": "tmp.lqbftq1zhx", + "name": "tmp.CphaENfkJU", "lockfileVersion": 2, "requires": true, "packages": { From e25c886dafa32231f4c441748df53ccc8ab66486 Mon Sep 17 00:00:00 2001 From: aeneasr <3372410+aeneasr@users.noreply.github.com> Date: Sat, 13 Aug 2022 14:17:10 +0000 Subject: [PATCH 207/411] chore: update repository templates [skip ci] - updated repository templates to https://github.com/ory/meta/commit/34c4f7ec6c0128421e0d055fd80ea21a6b27e78e --- README.md | 6 ++++++ package-lock.json | 2 +- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 6d722a839c0c..7a3dce3f435a 100644 --- a/README.md +++ b/README.md @@ -289,6 +289,12 @@ that your company deserves a spot here, reach out to Connctd connctd.com + + Adopter * + Paralus + Paralus + paralus.io + diff --git a/package-lock.json b/package-lock.json index 9626bb708d1a..cb26077ca427 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,5 +1,5 @@ { - "name": "tmp.CphaENfkJU", + "name": "tmp.T01PPIJfY2", "lockfileVersion": 2, "requires": true, "packages": { From e2d805b7e336d202f7cf3c2e0ce586d78ac03cc0 Mon Sep 17 00:00:00 2001 From: Jonas Hungershausen Date: Fri, 12 Aug 2022 10:34:21 +0200 Subject: [PATCH 208/411] fix: replace io/util usage by io and os package --- cmd/cleanup/sql_test.go | 4 +- cmd/identities/helpers.go | 7 +- cmd/identities/import_test.go | 6 +- cmd/jsonnet/format.go | 6 +- cmd/jsonnet/lint.go | 3 +- cmd/serve/root_test.go | 5 +- courier/sms_test.go | 4 +- courier/smtp_test.go | 8 +- courier/template/load_template_test.go | 5 +- courier/template/testhelpers/testhelpers.go | 4 +- driver/config/config_test.go | 5 +- driver/config/handler_test.go | 8 +- identity/handler_test.go | 6 +- identity/validator_test.go | 4 +- internal/httpclient/api_metadata.go | 14 +- internal/httpclient/api_v0alpha2.go | 166 +++++++++--------- internal/testhelpers/handler_mock.go | 4 +- internal/testhelpers/http.go | 5 +- internal/testhelpers/selfservice.go | 4 +- request/builder_test.go | 4 +- schema/handler.go | 3 +- schema/handler_test.go | 4 +- schema/schema.go | 4 +- selfservice/errorx/handler_test.go | 8 +- selfservice/flow/login/error_test.go | 10 +- selfservice/flow/login/handler_test.go | 6 +- selfservice/flow/recovery/error_test.go | 10 +- selfservice/flow/recovery/handler_test.go | 8 +- selfservice/flow/registration/error_test.go | 10 +- selfservice/flow/registration/handler_test.go | 8 +- selfservice/flow/request_test.go | 6 +- selfservice/flow/settings/error_test.go | 16 +- selfservice/flow/settings/handler_test.go | 6 +- selfservice/flow/verification/error_test.go | 10 +- selfservice/flow/verification/handler_test.go | 4 +- selfservice/hook/web_hook_integration_test.go | 4 +- selfservice/strategy/oidc/provider_auth0.go | 4 +- selfservice/strategy/oidc/strategy_test.go | 4 +- selfservice/strategy/password/login_test.go | 6 +- .../password/strategy_disabled_test.go | 8 +- .../strategy/password/validator_test.go | 6 +- selfservice/strategy/profile/strategy_test.go | 4 +- session/handler_test.go | 6 +- test/schema/schema_test.go | 5 +- ui/node/attributes_input_test.go | 4 +- x/clean_url_test.go | 4 +- x/http.go | 5 +- x/http_redirect_admin_test.go | 4 +- x/http_secure_redirect_test.go | 6 +- x/readall.go | 3 +- 50 files changed, 225 insertions(+), 233 deletions(-) diff --git a/cmd/cleanup/sql_test.go b/cmd/cleanup/sql_test.go index 4476467d63be..bc09b109d90f 100644 --- a/cmd/cleanup/sql_test.go +++ b/cmd/cleanup/sql_test.go @@ -2,7 +2,7 @@ package cleanup import ( "bytes" - "io/ioutil" + "io" "strings" "testing" ) @@ -13,7 +13,7 @@ func Test_ExecuteCleanupFailedDSN(t *testing.T) { cmd.SetOut(b) cmd.SetArgs([]string{"--read-from-env=false"}) cmd.Execute() - out, err := ioutil.ReadAll(b) + out, err := io.ReadAll(b) if err != nil { t.Fatal(err) } diff --git a/cmd/identities/helpers.go b/cmd/identities/helpers.go index aabe9770bda5..874e0dc6a08e 100644 --- a/cmd/identities/helpers.go +++ b/cmd/identities/helpers.go @@ -2,7 +2,8 @@ package identities import ( "fmt" - "io/ioutil" + "io" + "os" "github.com/spf13/cobra" "github.com/tidwall/gjson" @@ -25,7 +26,7 @@ func parseIdentities(raw []byte) (rawIdentities []string) { func readIdentities(cmd *cobra.Command, args []string) (map[string]string, error) { rawIdentities := make(map[string]string) if len(args) == 0 { - fc, err := ioutil.ReadAll(cmd.InOrStdin()) + fc, err := io.ReadAll(cmd.InOrStdin()) if err != nil { _, _ = fmt.Fprintf(cmd.ErrOrStderr(), "STD_IN: Could not read: %s\n", err) return nil, cmdx.FailSilently(cmd) @@ -36,7 +37,7 @@ func readIdentities(cmd *cobra.Command, args []string) (map[string]string, error return rawIdentities, nil } for _, fn := range args { - fc, err := ioutil.ReadFile(fn) + fc, err := os.ReadFile(fn) if err != nil { _, _ = fmt.Fprintf(cmd.ErrOrStderr(), "%s: Could not open identity file: %s\n", fn, err) return nil, cmdx.FailSilently(cmd) diff --git a/cmd/identities/import_test.go b/cmd/identities/import_test.go index b835c017df10..bdb05302f6ee 100644 --- a/cmd/identities/import_test.go +++ b/cmd/identities/import_test.go @@ -4,7 +4,7 @@ import ( "bytes" "context" "encoding/json" - "io/ioutil" + "os" "testing" "github.com/spf13/cobra" @@ -31,7 +31,7 @@ func TestImportCmd(t *testing.T) { } ij, err := json.Marshal(i) require.NoError(t, err) - f, err := ioutil.TempFile("", "") + f, err := os.CreateTemp("", "") require.NoError(t, err) _, err = f.Write(ij) require.NoError(t, err) @@ -58,7 +58,7 @@ func TestImportCmd(t *testing.T) { } ij, err := json.Marshal(i) require.NoError(t, err) - f, err := ioutil.TempFile("", "") + f, err := os.CreateTemp("", "") require.NoError(t, err) _, err = f.Write(ij) require.NoError(t, err) diff --git a/cmd/jsonnet/format.go b/cmd/jsonnet/format.go index c30dd736ebde..c44ed6791916 100644 --- a/cmd/jsonnet/format.go +++ b/cmd/jsonnet/format.go @@ -2,7 +2,7 @@ package jsonnet import ( "fmt" - "io/ioutil" + "os" "path/filepath" "github.com/google/go-jsonnet/formatter" @@ -37,14 +37,14 @@ Use -w or --write to write output back to files instead of stdout. shouldWrite := flagx.MustGetBool(cmd, "write") for _, file := range files { - content, err := ioutil.ReadFile(file) + content, err := os.ReadFile(file) cmdx.Must(err, `Unable to read file "%s" because: %s`, file, err) output, err := formatter.Format(file, string(content), formatter.DefaultOptions()) cmdx.Must(err, `JSONNet file "%s" could not be formatted: %s`, file, err) if shouldWrite { - err := ioutil.WriteFile(file, []byte(output), 0644) // #nosec + err := os.WriteFile(file, []byte(output), 0644) // #nosec cmdx.Must(err, `Could not write to file "%s" because: %s`, file, err) } else { fmt.Println(output) diff --git a/cmd/jsonnet/lint.go b/cmd/jsonnet/lint.go index 604209186070..09cd3475ed11 100644 --- a/cmd/jsonnet/lint.go +++ b/cmd/jsonnet/lint.go @@ -2,7 +2,6 @@ package jsonnet import ( "fmt" - "io/ioutil" "os" "path/filepath" "strings" @@ -38,7 +37,7 @@ func NewJsonnetLintCmd() *cobra.Command { cmdx.Must(err, `Glob path "%s" is not valid: %s`, pattern, err) for _, file := range files { - content, err := ioutil.ReadFile(file) + content, err := os.ReadFile(file) cmdx.Must(err, `Unable to read file "%s" because: %s`, file, err) var outBuilder strings.Builder diff --git a/cmd/serve/root_test.go b/cmd/serve/root_test.go index e8ce5835d113..bb0827c373e5 100644 --- a/cmd/serve/root_test.go +++ b/cmd/serve/root_test.go @@ -2,7 +2,6 @@ package serve_test import ( "encoding/base64" - "io/ioutil" "os" "path/filepath" "testing" @@ -24,10 +23,10 @@ func TestServeTLSBase64(t *testing.T) { testhelpers.GenerateTLSCertificateFilesForTests(t, certPath, keyPath) - certRaw, err := ioutil.ReadFile(certPath) + certRaw, err := os.ReadFile(certPath) require.NoError(t, err) - keyRaw, err := ioutil.ReadFile(keyPath) + keyRaw, err := os.ReadFile(keyPath) require.NoError(t, err) certBase64 := base64.StdEncoding.EncodeToString(certRaw) diff --git a/courier/sms_test.go b/courier/sms_test.go index fdcd234f4ce3..5266c7a9d05c 100644 --- a/courier/sms_test.go +++ b/courier/sms_test.go @@ -4,7 +4,7 @@ import ( "context" "encoding/json" "fmt" - "io/ioutil" + "io" "net/http" "net/http/httptest" "testing" @@ -43,7 +43,7 @@ func TestQueueSMS(t *testing.T) { Body string } - rb, err := ioutil.ReadAll(r.Body) + rb, err := io.ReadAll(r.Body) require.NoError(t, err) var body sendSMSRequestBody diff --git a/courier/smtp_test.go b/courier/smtp_test.go index 842b28ee464e..92d8ddf0c3ce 100644 --- a/courier/smtp_test.go +++ b/courier/smtp_test.go @@ -9,7 +9,7 @@ import ( "encoding/pem" "flag" "fmt" - "io/ioutil" + "io" "math/big" "net/http" "os" @@ -153,7 +153,7 @@ func TestQueueEmail(t *testing.T) { } defer res.Body.Close() - body, err = ioutil.ReadAll(res.Body) + body, err = io.ReadAll(res.Body) if err != nil { return err } @@ -209,7 +209,7 @@ func generateTestClientCert() (clientCert *os.File, clientKey *os.File, err erro if err != nil { return nil, nil, err } - clientCert, err = ioutil.TempFile("./test", "testCert") + clientCert, err = os.CreateTemp("./test", "testCert") if err != nil { return nil, nil, err } @@ -217,7 +217,7 @@ func generateTestClientCert() (clientCert *os.File, clientKey *os.File, err erro pem.Encode(clientCert, &pem.Block{Type: "CERTIFICATE", Bytes: cert}) clientCert.Close() - clientKey, err = ioutil.TempFile("./test", "testKey") + clientKey, err = os.CreateTemp("./test", "testKey") if err != nil { return nil, nil, err } diff --git a/courier/template/load_template_test.go b/courier/template/load_template_test.go index 89b9a936244d..cd66a1e3f65f 100644 --- a/courier/template/load_template_test.go +++ b/courier/template/load_template_test.go @@ -4,7 +4,6 @@ import ( "context" "encoding/base64" "fmt" - "io/ioutil" "net/http" "net/http/httptest" "os" @@ -105,7 +104,7 @@ func TestLoadTextTemplate(t *testing.T) { t.Run("case=base64 encoded data", func(t *testing.T) { t.Run("html template", func(t *testing.T) { m := map[string]interface{}{"lang": "en_US"} - f, err := ioutil.ReadFile("courier/builtin/templates/test_stub/email.body.html.en_US.gotmpl") + f, err := os.ReadFile("courier/builtin/templates/test_stub/email.body.html.en_US.gotmpl") require.NoError(t, err) b64 := base64.StdEncoding.EncodeToString(f) tp, err := template.LoadHTML(ctx, reg, nil, "", "", m, "base64://"+b64) @@ -115,7 +114,7 @@ func TestLoadTextTemplate(t *testing.T) { t.Run("case=plaintext", func(t *testing.T) { m := map[string]interface{}{"Body": "something"} - f, err := ioutil.ReadFile("courier/builtin/templates/test_stub/email.body.plaintext.gotmpl") + f, err := os.ReadFile("courier/builtin/templates/test_stub/email.body.plaintext.gotmpl") require.NoError(t, err) b64 := base64.StdEncoding.EncodeToString(f) diff --git a/courier/template/testhelpers/testhelpers.go b/courier/template/testhelpers/testhelpers.go index 895ec767f408..d2e1d46cd40d 100644 --- a/courier/template/testhelpers/testhelpers.go +++ b/courier/template/testhelpers/testhelpers.go @@ -3,9 +3,9 @@ package testhelpers import ( "context" "encoding/base64" - "io/ioutil" "net/http" "net/http/httptest" + "os" "path" "testing" @@ -52,7 +52,7 @@ func TestRemoteTemplates(t *testing.T, basePath string, tmplType courier.Templat t.Cleanup(cancel) toBase64 := func(filePath string) string { - f, err := ioutil.ReadFile(filePath) + f, err := os.ReadFile(filePath) require.NoError(t, err) return base64.StdEncoding.EncodeToString(f) } diff --git a/driver/config/config_test.go b/driver/config/config_test.go index c4a2781577a3..195e726e1a93 100644 --- a/driver/config/config_test.go +++ b/driver/config/config_test.go @@ -7,7 +7,6 @@ import ( "encoding/json" "fmt" "io" - "io/ioutil" "net/http" "net/url" "os" @@ -767,10 +766,10 @@ func TestLoadingTLSConfig(t *testing.T) { testhelpers.GenerateTLSCertificateFilesForTests(t, certPath, keyPath) - certRaw, err := ioutil.ReadFile(certPath) + certRaw, err := os.ReadFile(certPath) assert.Nil(t, err) - keyRaw, err := ioutil.ReadFile(keyPath) + keyRaw, err := os.ReadFile(keyPath) assert.Nil(t, err) certBase64 := base64.StdEncoding.EncodeToString(certRaw) diff --git a/driver/config/handler_test.go b/driver/config/handler_test.go index b6ef0a3fc7e2..dd3dcc481605 100644 --- a/driver/config/handler_test.go +++ b/driver/config/handler_test.go @@ -1,7 +1,7 @@ package config_test import ( - "io/ioutil" + "io" "net/http/httptest" "testing" @@ -23,14 +23,14 @@ func TestNewConfigHashHandler(t *testing.T) { require.NoError(t, err) defer res.Body.Close() require.Equal(t, 200, res.StatusCode) - first, err := ioutil.ReadAll(res.Body) + first, err := io.ReadAll(res.Body) require.NoError(t, err) res, err = ts.Client().Get(ts.URL + "/health/config") require.NoError(t, err) defer res.Body.Close() require.Equal(t, 200, res.StatusCode) - second, err := ioutil.ReadAll(res.Body) + second, err := io.ReadAll(res.Body) require.NoError(t, err) assert.Equal(t, first, second) @@ -40,7 +40,7 @@ func TestNewConfigHashHandler(t *testing.T) { require.NoError(t, err) defer res.Body.Close() require.Equal(t, 200, res.StatusCode) - second, err = ioutil.ReadAll(res.Body) + second, err = io.ReadAll(res.Body) require.NoError(t, err) assert.NotEqual(t, first, second) } diff --git a/identity/handler_test.go b/identity/handler_test.go index c7365b204846..bcbea3a7b87e 100644 --- a/identity/handler_test.go +++ b/identity/handler_test.go @@ -5,7 +5,7 @@ import ( "context" "encoding/json" "fmt" - "io/ioutil" + "io" "net/http" "net/http/httptest" "testing" @@ -54,7 +54,7 @@ func TestHandler(t *testing.T) { t.Helper() res, err := base.Client().Get(base.URL + href) require.NoError(t, err) - body, err := ioutil.ReadAll(res.Body) + body, err := io.ReadAll(res.Body) require.NoError(t, err) require.NoError(t, res.Body.Close()) @@ -84,7 +84,7 @@ func TestHandler(t *testing.T) { req.Header.Set("Content-Type", "application/json") res, err := base.Client().Do(req) require.NoError(t, err) - body, err := ioutil.ReadAll(res.Body) + body, err := io.ReadAll(res.Body) require.NoError(t, err) require.NoError(t, res.Body.Close()) diff --git a/identity/validator_test.go b/identity/validator_test.go index 6137ad62b6d0..30fcc41b2667 100644 --- a/identity/validator_test.go +++ b/identity/validator_test.go @@ -3,7 +3,7 @@ package identity_test import ( "context" "fmt" - "io/ioutil" + "io" "net/http" "net/http/httptest" "testing" @@ -53,7 +53,7 @@ func TestSchemaValidatorDisallowsInternalNetworkRequests(t *testing.T) { res, err := ts.Client().Get(ts.URL + "/" + id) require.NoError(t, err) defer res.Body.Close() - body, err := ioutil.ReadAll(res.Body) + body, err := io.ReadAll(res.Body) require.NoError(t, err) return string(body) } diff --git a/internal/httpclient/api_metadata.go b/internal/httpclient/api_metadata.go index 64e4967188b1..a63febb073aa 100644 --- a/internal/httpclient/api_metadata.go +++ b/internal/httpclient/api_metadata.go @@ -14,7 +14,7 @@ package client import ( "bytes" "context" - "io/ioutil" + "io" "net/http" "net/url" ) @@ -172,9 +172,9 @@ func (a *MetadataApiService) GetVersionExecute(r MetadataApiApiGetVersionRequest return localVarReturnValue, localVarHTTPResponse, err } - localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body) + localVarBody, err := io.ReadAll(localVarHTTPResponse.Body) localVarHTTPResponse.Body.Close() - localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody)) + localVarHTTPResponse.Body = io.NopCloser(bytes.NewBuffer(localVarBody)) if err != nil { return localVarReturnValue, localVarHTTPResponse, err } @@ -280,9 +280,9 @@ func (a *MetadataApiService) IsAliveExecute(r MetadataApiApiIsAliveRequest) (*In return localVarReturnValue, localVarHTTPResponse, err } - localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body) + localVarBody, err := io.ReadAll(localVarHTTPResponse.Body) localVarHTTPResponse.Body.Close() - localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody)) + localVarHTTPResponse.Body = io.NopCloser(bytes.NewBuffer(localVarBody)) if err != nil { return localVarReturnValue, localVarHTTPResponse, err } @@ -397,9 +397,9 @@ func (a *MetadataApiService) IsReadyExecute(r MetadataApiApiIsReadyRequest) (*In return localVarReturnValue, localVarHTTPResponse, err } - localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body) + localVarBody, err := io.ReadAll(localVarHTTPResponse.Body) localVarHTTPResponse.Body.Close() - localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody)) + localVarHTTPResponse.Body = io.NopCloser(bytes.NewBuffer(localVarBody)) if err != nil { return localVarReturnValue, localVarHTTPResponse, err } diff --git a/internal/httpclient/api_v0alpha2.go b/internal/httpclient/api_v0alpha2.go index 119f75ed5d13..212cfd12a350 100644 --- a/internal/httpclient/api_v0alpha2.go +++ b/internal/httpclient/api_v0alpha2.go @@ -14,7 +14,7 @@ package client import ( "bytes" "context" - "io/ioutil" + "io" "net/http" "net/url" "reflect" @@ -1207,9 +1207,9 @@ func (a *V0alpha2ApiService) AdminCreateIdentityExecute(r V0alpha2ApiApiAdminCre return localVarReturnValue, localVarHTTPResponse, err } - localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body) + localVarBody, err := io.ReadAll(localVarHTTPResponse.Body) localVarHTTPResponse.Body.Close() - localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody)) + localVarHTTPResponse.Body = io.NopCloser(bytes.NewBuffer(localVarBody)) if err != nil { return localVarReturnValue, localVarHTTPResponse, err } @@ -1346,9 +1346,9 @@ func (a *V0alpha2ApiService) AdminCreateSelfServiceRecoveryLinkExecute(r V0alpha return localVarReturnValue, localVarHTTPResponse, err } - localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body) + localVarBody, err := io.ReadAll(localVarHTTPResponse.Body) localVarHTTPResponse.Body.Close() - localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody)) + localVarHTTPResponse.Body = io.NopCloser(bytes.NewBuffer(localVarBody)) if err != nil { return localVarReturnValue, localVarHTTPResponse, err } @@ -1496,9 +1496,9 @@ func (a *V0alpha2ApiService) AdminDeleteIdentityExecute(r V0alpha2ApiApiAdminDel return localVarHTTPResponse, err } - localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body) + localVarBody, err := io.ReadAll(localVarHTTPResponse.Body) localVarHTTPResponse.Body.Close() - localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody)) + localVarHTTPResponse.Body = io.NopCloser(bytes.NewBuffer(localVarBody)) if err != nil { return localVarHTTPResponse, err } @@ -1625,9 +1625,9 @@ func (a *V0alpha2ApiService) AdminDeleteIdentitySessionsExecute(r V0alpha2ApiApi return localVarHTTPResponse, err } - localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body) + localVarBody, err := io.ReadAll(localVarHTTPResponse.Body) localVarHTTPResponse.Body.Close() - localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody)) + localVarHTTPResponse.Body = io.NopCloser(bytes.NewBuffer(localVarBody)) if err != nil { return localVarHTTPResponse, err } @@ -1774,9 +1774,9 @@ func (a *V0alpha2ApiService) AdminExtendSessionExecute(r V0alpha2ApiApiAdminExte return localVarReturnValue, localVarHTTPResponse, err } - localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body) + localVarBody, err := io.ReadAll(localVarHTTPResponse.Body) localVarHTTPResponse.Body.Close() - localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody)) + localVarHTTPResponse.Body = io.NopCloser(bytes.NewBuffer(localVarBody)) if err != nil { return localVarReturnValue, localVarHTTPResponse, err } @@ -1939,9 +1939,9 @@ func (a *V0alpha2ApiService) AdminGetIdentityExecute(r V0alpha2ApiApiAdminGetIde return localVarReturnValue, localVarHTTPResponse, err } - localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body) + localVarBody, err := io.ReadAll(localVarHTTPResponse.Body) localVarHTTPResponse.Body.Close() - localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody)) + localVarHTTPResponse.Body = io.NopCloser(bytes.NewBuffer(localVarBody)) if err != nil { return localVarReturnValue, localVarHTTPResponse, err } @@ -2092,9 +2092,9 @@ func (a *V0alpha2ApiService) AdminListIdentitiesExecute(r V0alpha2ApiApiAdminLis return localVarReturnValue, localVarHTTPResponse, err } - localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body) + localVarBody, err := io.ReadAll(localVarHTTPResponse.Body) localVarHTTPResponse.Body.Close() - localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody)) + localVarHTTPResponse.Body = io.NopCloser(bytes.NewBuffer(localVarBody)) if err != nil { return localVarReturnValue, localVarHTTPResponse, err } @@ -2247,9 +2247,9 @@ func (a *V0alpha2ApiService) AdminListIdentitySessionsExecute(r V0alpha2ApiApiAd return localVarReturnValue, localVarHTTPResponse, err } - localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body) + localVarBody, err := io.ReadAll(localVarHTTPResponse.Body) localVarHTTPResponse.Body.Close() - localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody)) + localVarHTTPResponse.Body = io.NopCloser(bytes.NewBuffer(localVarBody)) if err != nil { return localVarReturnValue, localVarHTTPResponse, err } @@ -2415,9 +2415,9 @@ func (a *V0alpha2ApiService) AdminPatchIdentityExecute(r V0alpha2ApiApiAdminPatc return localVarReturnValue, localVarHTTPResponse, err } - localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body) + localVarBody, err := io.ReadAll(localVarHTTPResponse.Body) localVarHTTPResponse.Body.Close() - localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody)) + localVarHTTPResponse.Body = io.NopCloser(bytes.NewBuffer(localVarBody)) if err != nil { return localVarReturnValue, localVarHTTPResponse, err } @@ -2583,9 +2583,9 @@ func (a *V0alpha2ApiService) AdminUpdateIdentityExecute(r V0alpha2ApiApiAdminUpd return localVarReturnValue, localVarHTTPResponse, err } - localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body) + localVarBody, err := io.ReadAll(localVarHTTPResponse.Body) localVarHTTPResponse.Body.Close() - localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody)) + localVarHTTPResponse.Body = io.NopCloser(bytes.NewBuffer(localVarBody)) if err != nil { return localVarReturnValue, localVarHTTPResponse, err } @@ -2741,9 +2741,9 @@ func (a *V0alpha2ApiService) CreateSelfServiceLogoutFlowUrlForBrowsersExecute(r return localVarReturnValue, localVarHTTPResponse, err } - localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body) + localVarBody, err := io.ReadAll(localVarHTTPResponse.Body) localVarHTTPResponse.Body.Close() - localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody)) + localVarHTTPResponse.Body = io.NopCloser(bytes.NewBuffer(localVarBody)) if err != nil { return localVarReturnValue, localVarHTTPResponse, err } @@ -2865,9 +2865,9 @@ func (a *V0alpha2ApiService) GetIdentitySchemaExecute(r V0alpha2ApiApiGetIdentit return localVarReturnValue, localVarHTTPResponse, err } - localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body) + localVarBody, err := io.ReadAll(localVarHTTPResponse.Body) localVarHTTPResponse.Body.Close() - localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody)) + localVarHTTPResponse.Body = io.NopCloser(bytes.NewBuffer(localVarBody)) if err != nil { return localVarReturnValue, localVarHTTPResponse, err } @@ -3001,9 +3001,9 @@ func (a *V0alpha2ApiService) GetSelfServiceErrorExecute(r V0alpha2ApiApiGetSelfS return localVarReturnValue, localVarHTTPResponse, err } - localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body) + localVarBody, err := io.ReadAll(localVarHTTPResponse.Body) localVarHTTPResponse.Body.Close() - localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody)) + localVarHTTPResponse.Body = io.NopCloser(bytes.NewBuffer(localVarBody)) if err != nil { return localVarReturnValue, localVarHTTPResponse, err } @@ -3171,9 +3171,9 @@ func (a *V0alpha2ApiService) GetSelfServiceLoginFlowExecute(r V0alpha2ApiApiGetS return localVarReturnValue, localVarHTTPResponse, err } - localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body) + localVarBody, err := io.ReadAll(localVarHTTPResponse.Body) localVarHTTPResponse.Body.Close() - localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody)) + localVarHTTPResponse.Body = io.NopCloser(bytes.NewBuffer(localVarBody)) if err != nil { return localVarReturnValue, localVarHTTPResponse, err } @@ -3346,9 +3346,9 @@ func (a *V0alpha2ApiService) GetSelfServiceRecoveryFlowExecute(r V0alpha2ApiApiG return localVarReturnValue, localVarHTTPResponse, err } - localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body) + localVarBody, err := io.ReadAll(localVarHTTPResponse.Body) localVarHTTPResponse.Body.Close() - localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody)) + localVarHTTPResponse.Body = io.NopCloser(bytes.NewBuffer(localVarBody)) if err != nil { return localVarReturnValue, localVarHTTPResponse, err } @@ -3516,9 +3516,9 @@ func (a *V0alpha2ApiService) GetSelfServiceRegistrationFlowExecute(r V0alpha2Api return localVarReturnValue, localVarHTTPResponse, err } - localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body) + localVarBody, err := io.ReadAll(localVarHTTPResponse.Body) localVarHTTPResponse.Body.Close() - localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody)) + localVarHTTPResponse.Body = io.NopCloser(bytes.NewBuffer(localVarBody)) if err != nil { return localVarReturnValue, localVarHTTPResponse, err } @@ -3700,9 +3700,9 @@ func (a *V0alpha2ApiService) GetSelfServiceSettingsFlowExecute(r V0alpha2ApiApiG return localVarReturnValue, localVarHTTPResponse, err } - localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body) + localVarBody, err := io.ReadAll(localVarHTTPResponse.Body) localVarHTTPResponse.Body.Close() - localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody)) + localVarHTTPResponse.Body = io.NopCloser(bytes.NewBuffer(localVarBody)) if err != nil { return localVarReturnValue, localVarHTTPResponse, err } @@ -3884,9 +3884,9 @@ func (a *V0alpha2ApiService) GetSelfServiceVerificationFlowExecute(r V0alpha2Api return localVarReturnValue, localVarHTTPResponse, err } - localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body) + localVarBody, err := io.ReadAll(localVarHTTPResponse.Body) localVarHTTPResponse.Body.Close() - localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody)) + localVarHTTPResponse.Body = io.NopCloser(bytes.NewBuffer(localVarBody)) if err != nil { return localVarReturnValue, localVarHTTPResponse, err } @@ -4022,9 +4022,9 @@ func (a *V0alpha2ApiService) GetWebAuthnJavaScriptExecute(r V0alpha2ApiApiGetWeb return localVarReturnValue, localVarHTTPResponse, err } - localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body) + localVarBody, err := io.ReadAll(localVarHTTPResponse.Body) localVarHTTPResponse.Body.Close() - localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody)) + localVarHTTPResponse.Body = io.NopCloser(bytes.NewBuffer(localVarBody)) if err != nil { return localVarReturnValue, localVarHTTPResponse, err } @@ -4166,9 +4166,9 @@ func (a *V0alpha2ApiService) InitializeSelfServiceLoginFlowForBrowsersExecute(r return localVarReturnValue, localVarHTTPResponse, err } - localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body) + localVarBody, err := io.ReadAll(localVarHTTPResponse.Body) localVarHTTPResponse.Body.Close() - localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody)) + localVarHTTPResponse.Body = io.NopCloser(bytes.NewBuffer(localVarBody)) if err != nil { return localVarReturnValue, localVarHTTPResponse, err } @@ -4330,9 +4330,9 @@ func (a *V0alpha2ApiService) InitializeSelfServiceLoginFlowWithoutBrowserExecute return localVarReturnValue, localVarHTTPResponse, err } - localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body) + localVarBody, err := io.ReadAll(localVarHTTPResponse.Body) localVarHTTPResponse.Body.Close() - localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody)) + localVarHTTPResponse.Body = io.NopCloser(bytes.NewBuffer(localVarBody)) if err != nil { return localVarReturnValue, localVarHTTPResponse, err } @@ -4468,9 +4468,9 @@ func (a *V0alpha2ApiService) InitializeSelfServiceRecoveryFlowForBrowsersExecute return localVarReturnValue, localVarHTTPResponse, err } - localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body) + localVarBody, err := io.ReadAll(localVarHTTPResponse.Body) localVarHTTPResponse.Body.Close() - localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody)) + localVarHTTPResponse.Body = io.NopCloser(bytes.NewBuffer(localVarBody)) if err != nil { return localVarReturnValue, localVarHTTPResponse, err } @@ -4601,9 +4601,9 @@ func (a *V0alpha2ApiService) InitializeSelfServiceRecoveryFlowWithoutBrowserExec return localVarReturnValue, localVarHTTPResponse, err } - localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body) + localVarBody, err := io.ReadAll(localVarHTTPResponse.Body) localVarHTTPResponse.Body.Close() - localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody)) + localVarHTTPResponse.Body = io.NopCloser(bytes.NewBuffer(localVarBody)) if err != nil { return localVarReturnValue, localVarHTTPResponse, err } @@ -4754,9 +4754,9 @@ func (a *V0alpha2ApiService) InitializeSelfServiceRegistrationFlowForBrowsersExe return localVarReturnValue, localVarHTTPResponse, err } - localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body) + localVarBody, err := io.ReadAll(localVarHTTPResponse.Body) localVarHTTPResponse.Body.Close() - localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody)) + localVarHTTPResponse.Body = io.NopCloser(bytes.NewBuffer(localVarBody)) if err != nil { return localVarReturnValue, localVarHTTPResponse, err } @@ -4882,9 +4882,9 @@ func (a *V0alpha2ApiService) InitializeSelfServiceRegistrationFlowWithoutBrowser return localVarReturnValue, localVarHTTPResponse, err } - localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body) + localVarBody, err := io.ReadAll(localVarHTTPResponse.Body) localVarHTTPResponse.Body.Close() - localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody)) + localVarHTTPResponse.Body = io.NopCloser(bytes.NewBuffer(localVarBody)) if err != nil { return localVarReturnValue, localVarHTTPResponse, err } @@ -5036,9 +5036,9 @@ func (a *V0alpha2ApiService) InitializeSelfServiceSettingsFlowForBrowsersExecute return localVarReturnValue, localVarHTTPResponse, err } - localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body) + localVarBody, err := io.ReadAll(localVarHTTPResponse.Body) localVarHTTPResponse.Body.Close() - localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody)) + localVarHTTPResponse.Body = io.NopCloser(bytes.NewBuffer(localVarBody)) if err != nil { return localVarReturnValue, localVarHTTPResponse, err } @@ -5206,9 +5206,9 @@ func (a *V0alpha2ApiService) InitializeSelfServiceSettingsFlowWithoutBrowserExec return localVarReturnValue, localVarHTTPResponse, err } - localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body) + localVarBody, err := io.ReadAll(localVarHTTPResponse.Body) localVarHTTPResponse.Body.Close() - localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody)) + localVarHTTPResponse.Body = io.NopCloser(bytes.NewBuffer(localVarBody)) if err != nil { return localVarReturnValue, localVarHTTPResponse, err } @@ -5342,9 +5342,9 @@ func (a *V0alpha2ApiService) InitializeSelfServiceVerificationFlowForBrowsersExe return localVarReturnValue, localVarHTTPResponse, err } - localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body) + localVarBody, err := io.ReadAll(localVarHTTPResponse.Body) localVarHTTPResponse.Body.Close() - localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody)) + localVarHTTPResponse.Body = io.NopCloser(bytes.NewBuffer(localVarBody)) if err != nil { return localVarReturnValue, localVarHTTPResponse, err } @@ -5462,9 +5462,9 @@ func (a *V0alpha2ApiService) InitializeSelfServiceVerificationFlowWithoutBrowser return localVarReturnValue, localVarHTTPResponse, err } - localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body) + localVarBody, err := io.ReadAll(localVarHTTPResponse.Body) localVarHTTPResponse.Body.Close() - localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody)) + localVarHTTPResponse.Body = io.NopCloser(bytes.NewBuffer(localVarBody)) if err != nil { return localVarReturnValue, localVarHTTPResponse, err } @@ -5599,9 +5599,9 @@ func (a *V0alpha2ApiService) ListIdentitySchemasExecute(r V0alpha2ApiApiListIden return localVarReturnValue, localVarHTTPResponse, err } - localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body) + localVarBody, err := io.ReadAll(localVarHTTPResponse.Body) localVarHTTPResponse.Body.Close() - localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody)) + localVarHTTPResponse.Body = io.NopCloser(bytes.NewBuffer(localVarBody)) if err != nil { return localVarReturnValue, localVarHTTPResponse, err } @@ -5744,9 +5744,9 @@ func (a *V0alpha2ApiService) ListSessionsExecute(r V0alpha2ApiApiListSessionsReq return localVarReturnValue, localVarHTTPResponse, err } - localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body) + localVarBody, err := io.ReadAll(localVarHTTPResponse.Body) localVarHTTPResponse.Body.Close() - localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody)) + localVarHTTPResponse.Body = io.NopCloser(bytes.NewBuffer(localVarBody)) if err != nil { return localVarReturnValue, localVarHTTPResponse, err } @@ -5888,9 +5888,9 @@ func (a *V0alpha2ApiService) RevokeSessionExecute(r V0alpha2ApiApiRevokeSessionR return localVarHTTPResponse, err } - localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body) + localVarBody, err := io.ReadAll(localVarHTTPResponse.Body) localVarHTTPResponse.Body.Close() - localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody)) + localVarHTTPResponse.Body = io.NopCloser(bytes.NewBuffer(localVarBody)) if err != nil { return localVarHTTPResponse, err } @@ -6028,9 +6028,9 @@ func (a *V0alpha2ApiService) RevokeSessionsExecute(r V0alpha2ApiApiRevokeSession return localVarReturnValue, localVarHTTPResponse, err } - localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body) + localVarBody, err := io.ReadAll(localVarHTTPResponse.Body) localVarHTTPResponse.Body.Close() - localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody)) + localVarHTTPResponse.Body = io.NopCloser(bytes.NewBuffer(localVarBody)) if err != nil { return localVarReturnValue, localVarHTTPResponse, err } @@ -6236,9 +6236,9 @@ func (a *V0alpha2ApiService) SubmitSelfServiceLoginFlowExecute(r V0alpha2ApiApiS return localVarReturnValue, localVarHTTPResponse, err } - localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body) + localVarBody, err := io.ReadAll(localVarHTTPResponse.Body) localVarHTTPResponse.Body.Close() - localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody)) + localVarHTTPResponse.Body = io.NopCloser(bytes.NewBuffer(localVarBody)) if err != nil { return localVarReturnValue, localVarHTTPResponse, err } @@ -6403,9 +6403,9 @@ func (a *V0alpha2ApiService) SubmitSelfServiceLogoutFlowExecute(r V0alpha2ApiApi return localVarHTTPResponse, err } - localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body) + localVarBody, err := io.ReadAll(localVarHTTPResponse.Body) localVarHTTPResponse.Body.Close() - localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody)) + localVarHTTPResponse.Body = io.NopCloser(bytes.NewBuffer(localVarBody)) if err != nil { return localVarHTTPResponse, err } @@ -6520,9 +6520,9 @@ func (a *V0alpha2ApiService) SubmitSelfServiceLogoutFlowWithoutBrowserExecute(r return localVarHTTPResponse, err } - localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body) + localVarBody, err := io.ReadAll(localVarHTTPResponse.Body) localVarHTTPResponse.Body.Close() - localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody)) + localVarHTTPResponse.Body = io.NopCloser(bytes.NewBuffer(localVarBody)) if err != nil { return localVarHTTPResponse, err } @@ -6682,9 +6682,9 @@ func (a *V0alpha2ApiService) SubmitSelfServiceRecoveryFlowExecute(r V0alpha2ApiA return localVarReturnValue, localVarHTTPResponse, err } - localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body) + localVarBody, err := io.ReadAll(localVarHTTPResponse.Body) localVarHTTPResponse.Body.Close() - localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody)) + localVarHTTPResponse.Body = io.NopCloser(bytes.NewBuffer(localVarBody)) if err != nil { return localVarReturnValue, localVarHTTPResponse, err } @@ -6867,9 +6867,9 @@ func (a *V0alpha2ApiService) SubmitSelfServiceRegistrationFlowExecute(r V0alpha2 return localVarReturnValue, localVarHTTPResponse, err } - localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body) + localVarBody, err := io.ReadAll(localVarHTTPResponse.Body) localVarHTTPResponse.Body.Close() - localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody)) + localVarHTTPResponse.Body = io.NopCloser(bytes.NewBuffer(localVarBody)) if err != nil { return localVarReturnValue, localVarHTTPResponse, err } @@ -7085,9 +7085,9 @@ func (a *V0alpha2ApiService) SubmitSelfServiceSettingsFlowExecute(r V0alpha2ApiA return localVarReturnValue, localVarHTTPResponse, err } - localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body) + localVarBody, err := io.ReadAll(localVarHTTPResponse.Body) localVarHTTPResponse.Body.Close() - localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody)) + localVarHTTPResponse.Body = io.NopCloser(bytes.NewBuffer(localVarBody)) if err != nil { return localVarReturnValue, localVarHTTPResponse, err } @@ -7296,9 +7296,9 @@ func (a *V0alpha2ApiService) SubmitSelfServiceVerificationFlowExecute(r V0alpha2 return localVarReturnValue, localVarHTTPResponse, err } - localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body) + localVarBody, err := io.ReadAll(localVarHTTPResponse.Body) localVarHTTPResponse.Body.Close() - localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody)) + localVarHTTPResponse.Body = io.NopCloser(bytes.NewBuffer(localVarBody)) if err != nil { return localVarReturnValue, localVarHTTPResponse, err } @@ -7491,9 +7491,9 @@ func (a *V0alpha2ApiService) ToSessionExecute(r V0alpha2ApiApiToSessionRequest) return localVarReturnValue, localVarHTTPResponse, err } - localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body) + localVarBody, err := io.ReadAll(localVarHTTPResponse.Body) localVarHTTPResponse.Body.Close() - localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody)) + localVarHTTPResponse.Body = io.NopCloser(bytes.NewBuffer(localVarBody)) if err != nil { return localVarReturnValue, localVarHTTPResponse, err } diff --git a/internal/testhelpers/handler_mock.go b/internal/testhelpers/handler_mock.go index 56ba53df87c7..a8964f90fc63 100644 --- a/internal/testhelpers/handler_mock.go +++ b/internal/testhelpers/handler_mock.go @@ -2,7 +2,7 @@ package testhelpers import ( "context" - "io/ioutil" + "io" "net/http" "net/http/cookiejar" "testing" @@ -82,7 +82,7 @@ func MockMakeAuthenticatedRequestWithClientAndID(t *testing.T, reg mockDeps, con res, err := client.Do(req) require.NoError(t, errors.WithStack(err)) - body, err := ioutil.ReadAll(res.Body) + body, err := io.ReadAll(res.Body) require.NoError(t, errors.WithStack(err)) require.NoError(t, res.Body.Close()) diff --git a/internal/testhelpers/http.go b/internal/testhelpers/http.go index 85ebcbf98a34..7e993fb0b140 100644 --- a/internal/testhelpers/http.go +++ b/internal/testhelpers/http.go @@ -4,7 +4,6 @@ import ( "bytes" "encoding/json" "io" - "io/ioutil" "net/http" "net/url" "testing" @@ -70,7 +69,7 @@ func HTTPRequestJSON(t *testing.T, client *http.Client, method string, url strin require.NoError(t, err) defer res.Body.Close() - payload, err := ioutil.ReadAll(res.Body) + payload, err := io.ReadAll(res.Body) require.NoError(t, err) return payload, res @@ -85,7 +84,7 @@ func HTTPPostForm(t *testing.T, client *http.Client, remote string, in *url.Valu require.NoError(t, err) defer res.Body.Close() - payload, err := ioutil.ReadAll(res.Body) + payload, err := io.ReadAll(res.Body) require.NoError(t, err) return payload, res diff --git a/internal/testhelpers/selfservice.go b/internal/testhelpers/selfservice.go index 6d2360206e85..cdd99824c196 100644 --- a/internal/testhelpers/selfservice.go +++ b/internal/testhelpers/selfservice.go @@ -3,7 +3,7 @@ package testhelpers import ( "context" "errors" - "io/ioutil" + "io" "net/http" "net/url" "testing" @@ -193,7 +193,7 @@ func SelfServiceMakeHookRequest(t *testing.T, ts *httptest.Server, suffix string res, err := ts.Client().Do(req) require.NoError(t, err) defer res.Body.Close() - body, err := ioutil.ReadAll(res.Body) + body, err := io.ReadAll(res.Body) require.NoError(t, err) return res, string(body) } diff --git a/request/builder_test.go b/request/builder_test.go index 3af9e45ada9d..bf73441eaeea 100644 --- a/request/builder_test.go +++ b/request/builder_test.go @@ -5,7 +5,7 @@ import ( "encoding/base64" "encoding/json" "fmt" - "io/ioutil" + "io" "net/http" "testing" @@ -251,7 +251,7 @@ func TestBuildRequest(t *testing.T) { assert.Equal(t, tc.method, req.Method) if tc.body != nil { - requestBody, err := ioutil.ReadAll(req.Body) + requestBody, err := io.ReadAll(req.Body) require.NoError(t, err) assert.Equal(t, tc.expectedBody, string(requestBody)) diff --git a/schema/handler.go b/schema/handler.go index 99de0cc55fa3..7bea24ece3ee 100644 --- a/schema/handler.go +++ b/schema/handler.go @@ -5,7 +5,6 @@ import ( "encoding/json" "fmt" "io" - "io/ioutil" "net/http" "os" "strings" @@ -176,7 +175,7 @@ func (h *Handler) getAll(w http.ResponseWriter, r *http.Request, ps httprouter.P return } - raw, err := ioutil.ReadAll(src) + raw, err := io.ReadAll(src) _ = src.Close() if err != nil { h.r.Writer().WriteError(w, r, errors.WithStack(herodot.ErrInternalServerError.WithReasonf("The file for this JSON Schema ID could not be found or opened. This is a configuration issue.").WithDebugf("%+v", err))) diff --git a/schema/handler_test.go b/schema/handler_test.go index 41afc38d74b6..2e746bceef19 100644 --- a/schema/handler_test.go +++ b/schema/handler_test.go @@ -4,7 +4,7 @@ import ( "encoding/base64" "encoding/json" "fmt" - "io/ioutil" + "io" "net/http" "net/http/httptest" "os" @@ -77,7 +77,7 @@ func TestHandler(t *testing.T) { getFromTS := func(url string, expectCode int) []byte { res, err := ts.Client().Get(url) require.NoError(t, err) - body, err := ioutil.ReadAll(res.Body) + body, err := io.ReadAll(res.Body) require.NoError(t, err) require.NoError(t, res.Body.Close()) diff --git a/schema/schema.go b/schema/schema.go index 80d93e962070..c1306e380466 100644 --- a/schema/schema.go +++ b/schema/schema.go @@ -3,7 +3,7 @@ package schema import ( "context" "encoding/base64" - "io/ioutil" + "io" "net/url" "strings" "sync" @@ -80,7 +80,7 @@ func GetKeysInOrder(ctx context.Context, schemaRef string) ([]string, error) { if err != nil { return nil, errors.WithStack(err) } - schema, err := ioutil.ReadAll(sio) + schema, err := io.ReadAll(sio) if err != nil { return nil, errors.WithStack(err) } diff --git a/selfservice/errorx/handler_test.go b/selfservice/errorx/handler_test.go index 8339bc483ef7..da6fc56909e3 100644 --- a/selfservice/errorx/handler_test.go +++ b/selfservice/errorx/handler_test.go @@ -4,7 +4,7 @@ import ( "context" "encoding/json" "fmt" - "io/ioutil" + "io" "net/http" "net/http/httptest" "testing" @@ -52,7 +52,7 @@ func TestHandler(t *testing.T) { require.NoError(t, err) defer res.Body.Close() require.EqualValues(t, expectedCode, res.StatusCode) - body, err := ioutil.ReadAll(res.Body) + body, err := io.ReadAll(res.Body) require.NoError(t, err) return body } @@ -79,7 +79,7 @@ func TestHandler(t *testing.T) { require.NoError(t, err) require.EqualValues(t, http.StatusOK, res.StatusCode) - actual, err := ioutil.ReadAll(res.Body) + actual, err := io.ReadAll(res.Body) require.NoError(t, err) assert.EqualValues(t, "This is a stub error.", gjson.GetBytes(actual, "error.reason").String()) @@ -109,7 +109,7 @@ func TestHandler(t *testing.T) { defer res.Body.Close() assert.EqualValues(t, http.StatusOK, res.StatusCode) - actual, err := ioutil.ReadAll(res.Body) + actual, err := io.ReadAll(res.Body) require.NoError(t, err) gg := errorsx.Cause(tc.gave) diff --git a/selfservice/flow/login/error_test.go b/selfservice/flow/login/error_test.go index a7de240feb7c..6f66b733dd5c 100644 --- a/selfservice/flow/login/error_test.go +++ b/selfservice/flow/login/error_test.go @@ -3,7 +3,7 @@ package login_test import ( "context" "encoding/json" - "io/ioutil" + "io" "net/http" "testing" "time" @@ -124,7 +124,7 @@ func TestHandleError(t *testing.T) { assert.Contains(t, res.Header.Get("Content-Type"), "application/json") assert.NotContains(t, res.Request.URL.String(), conf.SelfServiceFlowErrorURL().String()+"?id=") - body, err := ioutil.ReadAll(res.Body) + body, err := io.ReadAll(res.Body) require.NoError(t, err) assert.Contains(t, string(body), "system error") }) @@ -148,7 +148,7 @@ func TestHandleError(t *testing.T) { require.NoError(t, err) defer res.Body.Close() - body, err := ioutil.ReadAll(res.Body) + body, err := io.ReadAll(res.Body) require.NoError(t, err) require.Equal(t, http.StatusGone, res.StatusCode, "%+v\n\t%s", res.Request, body) @@ -168,7 +168,7 @@ func TestHandleError(t *testing.T) { defer res.Body.Close() require.Equal(t, http.StatusBadRequest, res.StatusCode) - body, err := ioutil.ReadAll(res.Body) + body, err := io.ReadAll(res.Body) require.NoError(t, err) assert.Equal(t, int(text.ErrorValidationInvalidCredentials), int(gjson.GetBytes(body, "ui.messages.0.id").Int()), "%s", body) assert.Equal(t, loginFlow.ID.String(), gjson.GetBytes(body, "id").String()) @@ -186,7 +186,7 @@ func TestHandleError(t *testing.T) { defer res.Body.Close() require.Equal(t, http.StatusInternalServerError, res.StatusCode) - body, err := ioutil.ReadAll(res.Body) + body, err := io.ReadAll(res.Body) require.NoError(t, err) assert.JSONEq(t, x.MustEncodeJSON(t, flowError), gjson.GetBytes(body, "error").Raw) }) diff --git a/selfservice/flow/login/handler_test.go b/selfservice/flow/login/handler_test.go index 66c8f670b328..c1f9c95731c7 100644 --- a/selfservice/flow/login/handler_test.go +++ b/selfservice/flow/login/handler_test.go @@ -4,7 +4,7 @@ import ( "context" "encoding/json" "fmt" - "io/ioutil" + "io" "net/http" "net/url" "strings" @@ -91,7 +91,7 @@ func TestFlowLifecycle(t *testing.T) { res, err := c.Do(req) require.NoError(t, err) defer res.Body.Close() - body, err := ioutil.ReadAll(res.Body) + body, err := io.ReadAll(res.Body) require.NoError(t, err) return res, body } @@ -575,7 +575,7 @@ func TestGetFlow(t *testing.T) { // submit the flow but it is expired u := public.URL + login.RouteSubmitFlow + "?flow=" + f.ID.String() res, err := client.PostForm(u, url.Values{"password_identifier": {"email@ory.sh"}, "csrf_token": {f.CSRFToken}, "password": {"password"}, "method": {"password"}}) - resBody, err := ioutil.ReadAll(res.Body) + resBody, err := io.ReadAll(res.Body) require.NoError(t, err) require.NoError(t, res.Body.Close()) diff --git a/selfservice/flow/recovery/error_test.go b/selfservice/flow/recovery/error_test.go index e467a40bb96c..a3fe1f6ab5b7 100644 --- a/selfservice/flow/recovery/error_test.go +++ b/selfservice/flow/recovery/error_test.go @@ -2,7 +2,7 @@ package recovery_test import ( "context" - "io/ioutil" + "io" "net/http" "testing" "time" @@ -109,7 +109,7 @@ func TestHandleError(t *testing.T) { assert.Contains(t, res.Header.Get("Content-Type"), "application/json") assert.NotContains(t, res.Request.URL.String(), conf.SelfServiceFlowErrorURL().String()+"?id=") - body, err := ioutil.ReadAll(res.Body) + body, err := io.ReadAll(res.Body) require.NoError(t, err) assert.Contains(t, string(body), "system error") }) @@ -135,7 +135,7 @@ func TestHandleError(t *testing.T) { require.Contains(t, res.Request.URL.String(), public.URL+recovery.RouteGetFlow) require.Equal(t, http.StatusOK, res.StatusCode, "%+v", res.Request) - body, err := ioutil.ReadAll(res.Body) + body, err := io.ReadAll(res.Body) require.NoError(t, err) assert.Equal(t, int(text.ErrorValidationRecoveryFlowExpired), int(gjson.GetBytes(body, "ui.messages.0.id").Int()), string(body)) assert.NotEqual(t, recoveryFlow.ID.String(), gjson.GetBytes(body, "id").String()) @@ -153,7 +153,7 @@ func TestHandleError(t *testing.T) { defer res.Body.Close() require.Equal(t, http.StatusBadRequest, res.StatusCode) - body, err := ioutil.ReadAll(res.Body) + body, err := io.ReadAll(res.Body) require.NoError(t, err) assert.Equal(t, int(text.ErrorValidationInvalidCredentials), int(gjson.GetBytes(body, "ui.messages.0.id").Int()), "%s", body) assert.Equal(t, recoveryFlow.ID.String(), gjson.GetBytes(body, "id").String()) @@ -171,7 +171,7 @@ func TestHandleError(t *testing.T) { defer res.Body.Close() require.Equal(t, http.StatusInternalServerError, res.StatusCode) - body, err := ioutil.ReadAll(res.Body) + body, err := io.ReadAll(res.Body) require.NoError(t, err) assert.JSONEq(t, x.MustEncodeJSON(t, flowError), gjson.GetBytes(body, "error").Raw) }) diff --git a/selfservice/flow/recovery/handler_test.go b/selfservice/flow/recovery/handler_test.go index 66ed8c9f94d1..17966cc308f2 100644 --- a/selfservice/flow/recovery/handler_test.go +++ b/selfservice/flow/recovery/handler_test.go @@ -4,7 +4,7 @@ import ( "context" "encoding/json" "fmt" - "io/ioutil" + "io" "net/http" "net/http/httptest" "net/url" @@ -103,7 +103,7 @@ func TestInitFlow(t *testing.T) { res, err := c.Get(publicTS.URL + route) require.NoError(t, err) defer res.Body.Close() - body, err := ioutil.ReadAll(res.Body) + body, err := io.ReadAll(res.Body) require.NoError(t, err) return res, body } @@ -118,7 +118,7 @@ func TestInitFlow(t *testing.T) { res, err := c.Do(req) require.NoError(t, err) defer res.Body.Close() - body, err := ioutil.ReadAll(res.Body) + body, err := io.ReadAll(res.Body) require.NoError(t, err) return res, body } @@ -269,7 +269,7 @@ func TestGetFlow(t *testing.T) { // submit the flow but it is expired u := public.URL + recovery.RouteSubmitFlow + "?flow=" + f.ID.String() res, err := client.PostForm(u, url.Values{"email": {"email@ory.sh"}, "csrf_token": {f.CSRFToken}, "method": {"link"}}) - resBody, err := ioutil.ReadAll(res.Body) + resBody, err := io.ReadAll(res.Body) require.NoError(t, err) require.NoError(t, res.Body.Close()) diff --git a/selfservice/flow/registration/error_test.go b/selfservice/flow/registration/error_test.go index 3e1b1fd5748b..0a3970dd8419 100644 --- a/selfservice/flow/registration/error_test.go +++ b/selfservice/flow/registration/error_test.go @@ -3,7 +3,7 @@ package registration_test import ( "context" "encoding/json" - "io/ioutil" + "io" "net/http" "testing" "time" @@ -113,7 +113,7 @@ func TestHandleError(t *testing.T) { assert.Contains(t, res.Header.Get("Content-Type"), "application/json") assert.NotContains(t, res.Request.URL.String(), conf.SelfServiceFlowErrorURL().String()+"?id=") - body, err := ioutil.ReadAll(res.Body) + body, err := io.ReadAll(res.Body) require.NoError(t, err) assert.Contains(t, string(body), "system error") }) @@ -137,7 +137,7 @@ func TestHandleError(t *testing.T) { require.NoError(t, err) defer res.Body.Close() - body, err := ioutil.ReadAll(res.Body) + body, err := io.ReadAll(res.Body) require.NoError(t, err) require.Equal(t, http.StatusGone, res.StatusCode, "%+v\n\t%s", res.Request, body) @@ -157,7 +157,7 @@ func TestHandleError(t *testing.T) { defer res.Body.Close() require.Equal(t, http.StatusBadRequest, res.StatusCode) - body, err := ioutil.ReadAll(res.Body) + body, err := io.ReadAll(res.Body) require.NoError(t, err) assert.Equal(t, int(text.ErrorValidationInvalidCredentials), int(gjson.GetBytes(body, "ui.messages.0.id").Int()), "%s", body) assert.Equal(t, registrationFlow.ID.String(), gjson.GetBytes(body, "id").String()) @@ -175,7 +175,7 @@ func TestHandleError(t *testing.T) { defer res.Body.Close() require.Equal(t, http.StatusInternalServerError, res.StatusCode) - body, err := ioutil.ReadAll(res.Body) + body, err := io.ReadAll(res.Body) require.NoError(t, err) assert.JSONEq(t, x.MustEncodeJSON(t, flowError), gjson.GetBytes(body, "error").Raw) }) diff --git a/selfservice/flow/registration/handler_test.go b/selfservice/flow/registration/handler_test.go index fd9ff858337b..cdcdad0a3c31 100644 --- a/selfservice/flow/registration/handler_test.go +++ b/selfservice/flow/registration/handler_test.go @@ -4,7 +4,7 @@ import ( "context" "encoding/json" "fmt" - "io/ioutil" + "io" "net/http" "net/http/httptest" "net/url" @@ -108,7 +108,7 @@ func TestInitFlow(t *testing.T) { res, err := c.Do(req) require.NoError(t, err) defer res.Body.Close() - body, err := ioutil.ReadAll(res.Body) + body, err := io.ReadAll(res.Body) require.NoError(t, err) return res, body } @@ -212,7 +212,7 @@ func TestDisabledFlow(t *testing.T) { res, err := c.Do(req) require.NoError(t, err) defer res.Body.Close() - body, err := ioutil.ReadAll(res.Body) + body, err := io.ReadAll(res.Body) require.NoError(t, err) return res, body } @@ -325,7 +325,7 @@ func TestGetFlow(t *testing.T) { // submit the flow but it is expired u := public.URL + registration.RouteSubmitFlow + "?flow=" + f.ID.String() res, err := client.PostForm(u, url.Values{"method": {"password"}, "csrf_token": {f.CSRFToken}, "password": {"password"}, "traits.email": {"email@ory.sh"}}) - resBody, err := ioutil.ReadAll(res.Body) + resBody, err := io.ReadAll(res.Body) require.NoError(t, err) require.NoError(t, res.Body.Close()) diff --git a/selfservice/flow/request_test.go b/selfservice/flow/request_test.go index a24f86c9e128..e977cb95797d 100644 --- a/selfservice/flow/request_test.go +++ b/selfservice/flow/request_test.go @@ -2,7 +2,7 @@ package flow_test import ( "fmt" - "io/ioutil" + "io" "net/http" "net/http/httptest" "net/url" @@ -68,7 +68,7 @@ func TestMethodEnabledAndAllowed(t *testing.T) { t.Run("unknown", func(t *testing.T) { res, err := ts.Client().PostForm(ts.URL, url.Values{"method": {"other"}}) require.NoError(t, err) - body, err := ioutil.ReadAll(res.Body) + body, err := io.ReadAll(res.Body) require.NoError(t, err) require.NoError(t, res.Body.Close()) assert.Equal(t, http.StatusInternalServerError, res.StatusCode) @@ -79,7 +79,7 @@ func TestMethodEnabledAndAllowed(t *testing.T) { require.NoError(t, conf.Set(fmt.Sprintf("%s.%s.enabled", config.ViperKeySelfServiceStrategyConfig, "password"), false)) res, err := ts.Client().PostForm(ts.URL, url.Values{"method": {"password"}}) require.NoError(t, err) - body, err := ioutil.ReadAll(res.Body) + body, err := io.ReadAll(res.Body) require.NoError(t, err) require.NoError(t, res.Body.Close()) assert.Equal(t, http.StatusInternalServerError, res.StatusCode) diff --git a/selfservice/flow/settings/error_test.go b/selfservice/flow/settings/error_test.go index e446b5e83c3b..a7b188c5d6ba 100644 --- a/selfservice/flow/settings/error_test.go +++ b/selfservice/flow/settings/error_test.go @@ -3,7 +3,7 @@ package settings_test import ( "context" "encoding/json" - "io/ioutil" + "io" "net/http" "testing" "time" @@ -124,7 +124,7 @@ func TestHandleError(t *testing.T) { assert.Contains(t, res.Header.Get("Content-Type"), "application/json") assert.NotContains(t, res.Request.URL.String(), conf.SelfServiceFlowErrorURL().String()+"?id=") - body, err := ioutil.ReadAll(res.Body) + body, err := io.ReadAll(res.Body) require.NoError(t, err) assert.Contains(t, string(body), "system error") }) @@ -154,7 +154,7 @@ func TestHandleError(t *testing.T) { defer res.Body.Close() require.Contains(t, res.Request.URL.String(), ts.URL+"/error") - body, err := ioutil.ReadAll(res.Body) + body, err := io.ReadAll(res.Body) require.NoError(t, err) require.Equal(t, http.StatusGone, res.StatusCode, "%+v\n\t%s", res.Request, body) @@ -174,7 +174,7 @@ func TestHandleError(t *testing.T) { defer res.Body.Close() require.Equal(t, http.StatusBadRequest, res.StatusCode) - body, err := ioutil.ReadAll(res.Body) + body, err := io.ReadAll(res.Body) require.NoError(t, err) assert.Equal(t, int(text.ErrorValidationInvalidCredentials), int(gjson.GetBytes(body, "ui.messages.0.id").Int()), "%s", body) assert.Equal(t, settingsFlow.ID.String(), gjson.GetBytes(body, "id").String()) @@ -193,7 +193,7 @@ func TestHandleError(t *testing.T) { defer res.Body.Close() require.Equal(t, http.StatusOK, res.StatusCode) - body, err := ioutil.ReadAll(res.Body) + body, err := io.ReadAll(res.Body) require.NoError(t, err) assert.Equal(t, settingsFlow.ID.String(), gjson.GetBytes(body, "id").String()) }) @@ -211,7 +211,7 @@ func TestHandleError(t *testing.T) { defer res.Body.Close() require.Equal(t, http.StatusUnauthorized, res.StatusCode) - body, err := ioutil.ReadAll(res.Body) + body, err := io.ReadAll(res.Body) require.NoError(t, err) assert.Equal(t, session.NewErrNoActiveSessionFound().Reason(), gjson.GetBytes(body, "error.reason").String(), "%s", body) }) @@ -229,7 +229,7 @@ func TestHandleError(t *testing.T) { defer res.Body.Close() require.Equal(t, http.StatusForbidden, res.StatusCode) - body, err := ioutil.ReadAll(res.Body) + body, err := io.ReadAll(res.Body) require.NoError(t, err) assertx.EqualAsJSON(t, session.NewErrAALNotSatisfied("a"), json.RawMessage(body)) }) @@ -246,7 +246,7 @@ func TestHandleError(t *testing.T) { defer res.Body.Close() require.Equal(t, http.StatusInternalServerError, res.StatusCode) - body, err := ioutil.ReadAll(res.Body) + body, err := io.ReadAll(res.Body) require.NoError(t, err) assert.JSONEq(t, x.MustEncodeJSON(t, flowError), gjson.GetBytes(body, "error").Raw) }) diff --git a/selfservice/flow/settings/handler_test.go b/selfservice/flow/settings/handler_test.go index 1cf590d76b6e..b813f0a60217 100644 --- a/selfservice/flow/settings/handler_test.go +++ b/selfservice/flow/settings/handler_test.go @@ -4,7 +4,7 @@ import ( "context" "encoding/json" "fmt" - "io/ioutil" + "io" "net/http" "net/url" "testing" @@ -97,7 +97,7 @@ func TestHandler(t *testing.T) { if isAPI { assert.Len(t, res.Header.Get("Set-Cookie"), 0) } - body, err := ioutil.ReadAll(res.Body) + body, err := io.ReadAll(res.Body) require.NoError(t, err) return res, body } @@ -244,7 +244,7 @@ func TestHandler(t *testing.T) { // submit the flow but it is expired u := publicTS.URL + settings.RouteSubmitFlow + "?flow=" + f.ID.String() res, err := client.PostForm(u, url.Values{"method": {"password"}, "csrf_token": {"csrf"}, "password": {"password"}}) - resBody, err := ioutil.ReadAll(res.Body) + resBody, err := io.ReadAll(res.Body) require.NoError(t, err) require.NoError(t, res.Body.Close()) diff --git a/selfservice/flow/verification/error_test.go b/selfservice/flow/verification/error_test.go index 21c990626298..4132b93e1972 100644 --- a/selfservice/flow/verification/error_test.go +++ b/selfservice/flow/verification/error_test.go @@ -2,7 +2,7 @@ package verification_test import ( "context" - "io/ioutil" + "io" "net/http" "testing" "time" @@ -109,7 +109,7 @@ func TestHandleError(t *testing.T) { assert.Contains(t, res.Header.Get("Content-Type"), "application/json") assert.NotContains(t, res.Request.URL.String(), conf.SelfServiceFlowErrorURL().String()+"?id=") - body, err := ioutil.ReadAll(res.Body) + body, err := io.ReadAll(res.Body) require.NoError(t, err) assert.Contains(t, string(body), "system error") }) @@ -135,7 +135,7 @@ func TestHandleError(t *testing.T) { require.Contains(t, res.Request.URL.String(), public.URL+verification.RouteGetFlow) require.Equal(t, http.StatusOK, res.StatusCode, "%+v", res.Request) - body, err := ioutil.ReadAll(res.Body) + body, err := io.ReadAll(res.Body) require.NoError(t, err) assert.Equal(t, int(text.ErrorValidationVerificationFlowExpired), int(gjson.GetBytes(body, "ui.messages.0.id").Int()), string(body)) assert.NotEqual(t, verificationFlow.ID.String(), gjson.GetBytes(body, "id").String()) @@ -153,7 +153,7 @@ func TestHandleError(t *testing.T) { defer res.Body.Close() require.Equal(t, http.StatusBadRequest, res.StatusCode) - body, err := ioutil.ReadAll(res.Body) + body, err := io.ReadAll(res.Body) require.NoError(t, err) assert.Equal(t, int(text.ErrorValidationInvalidCredentials), int(gjson.GetBytes(body, "ui.messages.0.id").Int()), "%s", body) assert.Equal(t, verificationFlow.ID.String(), gjson.GetBytes(body, "id").String()) @@ -171,7 +171,7 @@ func TestHandleError(t *testing.T) { defer res.Body.Close() require.Equal(t, http.StatusInternalServerError, res.StatusCode) - body, err := ioutil.ReadAll(res.Body) + body, err := io.ReadAll(res.Body) require.NoError(t, err) assert.JSONEq(t, x.MustEncodeJSON(t, flowError), gjson.GetBytes(body, "error").Raw) }) diff --git a/selfservice/flow/verification/handler_test.go b/selfservice/flow/verification/handler_test.go index fa70fff5097e..52d06d0cfccb 100644 --- a/selfservice/flow/verification/handler_test.go +++ b/selfservice/flow/verification/handler_test.go @@ -3,7 +3,7 @@ package verification_test import ( "context" "fmt" - "io/ioutil" + "io" "net/http" "net/url" "testing" @@ -131,7 +131,7 @@ func TestGetFlow(t *testing.T) { // submit the flow but it is expired u := public.URL + verification.RouteSubmitFlow + "?flow=" + f.ID.String() res, err := client.PostForm(u, url.Values{"method": {"link"}, "csrf_token": {f.CSRFToken}, "email": {"email@ory.sh"}}) - resBody, err := ioutil.ReadAll(res.Body) + resBody, err := io.ReadAll(res.Body) require.NoError(t, err) require.NoError(t, res.Body.Close()) diff --git a/selfservice/hook/web_hook_integration_test.go b/selfservice/hook/web_hook_integration_test.go index 120864531335..7f0a03e1d0df 100644 --- a/selfservice/hook/web_hook_integration_test.go +++ b/selfservice/hook/web_hook_integration_test.go @@ -6,7 +6,7 @@ import ( "encoding/base64" "encoding/json" "fmt" - "io/ioutil" + "io" "net/http" "net/http/httptest" "strconv" @@ -57,7 +57,7 @@ func TestWebHooks(t *testing.T) { webHookEndPoint := func(whr *WebHookRequest) httprouter.Handle { return func(w http.ResponseWriter, r *http.Request, _ httprouter.Params) { - body, err := ioutil.ReadAll(r.Body) + body, err := io.ReadAll(r.Body) if err != nil { w.WriteHeader(http.StatusInternalServerError) return diff --git a/selfservice/strategy/oidc/provider_auth0.go b/selfservice/strategy/oidc/provider_auth0.go index 0e2ba1a3f91b..a5143e8853f1 100644 --- a/selfservice/strategy/oidc/provider_auth0.go +++ b/selfservice/strategy/oidc/provider_auth0.go @@ -3,7 +3,7 @@ package oidc import ( "context" "encoding/json" - "io/ioutil" + "io" "net/url" "path" "time" @@ -94,7 +94,7 @@ func (g *ProviderAuth0) Claims(ctx context.Context, exchange *oauth2.Token, quer defer resp.Body.Close() // Once auth0 fixes this bug, all this workaround can be removed. - b, err := ioutil.ReadAll(resp.Body) + b, err := io.ReadAll(resp.Body) if err != nil { return nil, errors.WithStack(herodot.ErrInternalServerError.WithReasonf("%s", err)) } diff --git a/selfservice/strategy/oidc/strategy_test.go b/selfservice/strategy/oidc/strategy_test.go index b21e9628952e..31de2998652a 100644 --- a/selfservice/strategy/oidc/strategy_test.go +++ b/selfservice/strategy/oidc/strategy_test.go @@ -5,7 +5,7 @@ import ( "context" "encoding/json" "fmt" - "io/ioutil" + "io" "net/http" "net/http/cookiejar" "net/http/httptest" @@ -140,7 +140,7 @@ func TestStrategy(t *testing.T) { res, err := newClient(t, jar).PostForm(action, fv) require.NoError(t, err, action) - body, err := ioutil.ReadAll(res.Body) + body, err := io.ReadAll(res.Body) require.NoError(t, res.Body.Close()) require.NoError(t, err) diff --git a/selfservice/strategy/password/login_test.go b/selfservice/strategy/password/login_test.go index 58ddfee34493..d8941cc96c1f 100644 --- a/selfservice/strategy/password/login_test.go +++ b/selfservice/strategy/password/login_test.go @@ -6,7 +6,7 @@ import ( _ "embed" "encoding/json" "fmt" - "io/ioutil" + "io" "net/http" "net/url" "strings" @@ -497,7 +497,7 @@ func TestCompleteLogin(t *testing.T) { require.NoError(t, err) require.EqualValues(t, http.StatusOK, res.StatusCode) - body, err := ioutil.ReadAll(res.Body) + body, err := io.ReadAll(res.Body) require.NoError(t, err) assert.True(t, gjson.GetBytes(body, "refresh").Bool()) assert.Equal(t, identifier, gjson.GetBytes(body, "ui.nodes.#(attributes.name==identifier).attributes.value").String(), "%s", body) @@ -521,7 +521,7 @@ func TestCompleteLogin(t *testing.T) { require.NoError(t, err) require.EqualValues(t, http.StatusOK, res.StatusCode) - body, err := ioutil.ReadAll(res.Body) + body, err := io.ReadAll(res.Body) require.NoError(t, err) assert.True(t, gjson.GetBytes(body, "refresh").Bool()) assert.False(t, gjson.GetBytes(body, "ui.nodes.#(attributes.name==identifier)").Exists(), "%s", body) diff --git a/selfservice/strategy/password/strategy_disabled_test.go b/selfservice/strategy/password/strategy_disabled_test.go index b96a1c3fee09..9cb85f39c465 100644 --- a/selfservice/strategy/password/strategy_disabled_test.go +++ b/selfservice/strategy/password/strategy_disabled_test.go @@ -1,7 +1,7 @@ package password_test import ( - "io/ioutil" + "io" "net/http" "net/url" "testing" @@ -31,7 +31,7 @@ func TestDisabledEndpoint(t *testing.T) { assert.Equal(t, http.StatusNotFound, res.StatusCode) defer res.Body.Close() - b, err := ioutil.ReadAll(res.Body) + b, err := io.ReadAll(res.Body) assert.Contains(t, string(b), "This endpoint was disabled by system administrator", "%s", b) }) @@ -43,7 +43,7 @@ func TestDisabledEndpoint(t *testing.T) { assert.Equal(t, http.StatusNotFound, res.StatusCode) defer res.Body.Close() - b, err := ioutil.ReadAll(res.Body) + b, err := io.ReadAll(res.Body) assert.Contains(t, string(b), "This endpoint was disabled by system administrator", "%s", b) }) @@ -65,7 +65,7 @@ func TestDisabledEndpoint(t *testing.T) { assert.Equal(t, http.StatusNotFound, res.StatusCode) defer res.Body.Close() - b, err := ioutil.ReadAll(res.Body) + b, err := io.ReadAll(res.Body) assert.Contains(t, string(b), "This endpoint was disabled by system administrator", "%s", b) }) }) diff --git a/selfservice/strategy/password/validator_test.go b/selfservice/strategy/password/validator_test.go index f44782cfdf1f..0df2f05c7b9f 100644 --- a/selfservice/strategy/password/validator_test.go +++ b/selfservice/strategy/password/validator_test.go @@ -7,7 +7,7 @@ import ( "crypto/sha1" "errors" "fmt" - "io/ioutil" + "io" "net/http" "net/http/httptest" "net/url" @@ -132,7 +132,7 @@ func TestDefaultPasswordValidationStrategy(t *testing.T) { buffer := bytes.NewBufferString(<-hibpResp) return &http.Response{ StatusCode: http.StatusOK, - Body: ioutil.NopCloser(buffer), + Body: io.NopCloser(buffer), ContentLength: int64(buffer.Len()), Request: req, }, nil @@ -327,7 +327,7 @@ func (c *fakeHttpClient) RespondWith(status int, body string) { buffer := bytes.NewBufferString(body) return &http.Response{ StatusCode: status, - Body: ioutil.NopCloser(buffer), + Body: io.NopCloser(buffer), ContentLength: int64(buffer.Len()), Request: request, }, nil diff --git a/selfservice/strategy/profile/strategy_test.go b/selfservice/strategy/profile/strategy_test.go index b3be1caeebed..fbb069d80f73 100644 --- a/selfservice/strategy/profile/strategy_test.go +++ b/selfservice/strategy/profile/strategy_test.go @@ -6,7 +6,7 @@ import ( _ "embed" "encoding/json" "fmt" - "io/ioutil" + "io" "net/http" "net/http/httptest" "net/url" @@ -505,7 +505,7 @@ func TestStrategyTraits(t *testing.T) { require.NoError(t, err) defer res.Body.Close() - body, err := ioutil.ReadAll(res.Body) + body, err := io.ReadAll(res.Body) require.NoError(t, err) assert.True(t, returned, "%d - %s", res.StatusCode, body) }) diff --git a/session/handler_test.go b/session/handler_test.go index 06fd095e69dd..a129f2faadbc 100644 --- a/session/handler_test.go +++ b/session/handler_test.go @@ -4,7 +4,7 @@ import ( "context" "encoding/json" "fmt" - "io/ioutil" + "io" "net/http" "net/http/httptest" "strings" @@ -166,7 +166,7 @@ func TestSessionWhoAmI(t *testing.T) { res, err = client.Do(req) require.NoError(t, err) - body, err := ioutil.ReadAll(res.Body) + body, err := io.ReadAll(res.Body) require.NoError(t, err) assertNoCSRFCookieInResponse(t, ts, client, res) // Test that no CSRF cookie is ever set here. @@ -568,7 +568,7 @@ func TestHandlerSelfServiceSessionManagement(t *testing.T) { res, err := client.Do(req) require.NoError(t, err) require.Equal(t, http.StatusOK, res.StatusCode) - body, err := ioutil.ReadAll(res.Body) + body, err := io.ReadAll(res.Body) require.NoError(t, err) assert.Equal(t, int64(1), gjson.GetBytes(body, "count").Int(), "%s", body) diff --git a/test/schema/schema_test.go b/test/schema/schema_test.go index 414bc0fb2378..d1c8dc72d468 100644 --- a/test/schema/schema_test.go +++ b/test/schema/schema_test.go @@ -5,7 +5,6 @@ import ( "context" "fmt" "io" - "io/ioutil" "os" "path/filepath" "strings" @@ -57,7 +56,7 @@ func (s schema) validate(path string) error { } var doc io.Reader - y, err := ioutil.ReadFile(path) + y, err := os.ReadFile(path) if err != nil { return errors.WithStack(err) } @@ -92,7 +91,7 @@ func TestSchemas(t *testing.T) { func SchemaTestRunner(spath string, sname string) func(*testing.T) { return func(t *testing.T) { - sb, err := ioutil.ReadFile(fmt.Sprintf("%s/%s.schema.json", spath, sname)) + sb, err := os.ReadFile(fmt.Sprintf("%s/%s.schema.json", spath, sname)) require.NoError(t, err) // To test refs independently and reduce test case size we replace every "$ref" with "const". diff --git a/ui/node/attributes_input_test.go b/ui/node/attributes_input_test.go index 6b614cd4c204..72b0416d7dda 100644 --- a/ui/node/attributes_input_test.go +++ b/ui/node/attributes_input_test.go @@ -4,7 +4,7 @@ import ( "bytes" "context" "fmt" - "io/ioutil" + "os" "testing" "github.com/stretchr/testify/assert" @@ -19,7 +19,7 @@ func TestFieldFromPath(t *testing.T) { var ctx = context.Background() t.Run("all properties are properly transferred", func(t *testing.T) { - schema, err := ioutil.ReadFile("./fixtures/all_formats.schema.json") + schema, err := os.ReadFile("./fixtures/all_formats.schema.json") require.NoError(t, err) c := jsonschema.NewCompiler() diff --git a/x/clean_url_test.go b/x/clean_url_test.go index 38faf0252332..8d5a70d720d6 100644 --- a/x/clean_url_test.go +++ b/x/clean_url_test.go @@ -2,7 +2,7 @@ package x import ( "fmt" - "io/ioutil" + "io" "net/http" "net/http/httptest" "testing" @@ -28,7 +28,7 @@ func TestCleanPath(t *testing.T) { res, err := ts.Client().Get(ts.URL + tc[0]) require.NoError(t, err) defer res.Body.Close() - body, err := ioutil.ReadAll(res.Body) + body, err := io.ReadAll(res.Body) require.NoError(t, err) assert.Equal(t, string(body), tc[1]) }) diff --git a/x/http.go b/x/http.go index 85fea6c386e0..7acb0164ca40 100644 --- a/x/http.go +++ b/x/http.go @@ -3,7 +3,6 @@ package x import ( "context" "io" - "io/ioutil" "net/http" "net/http/cookiejar" "net/url" @@ -32,7 +31,7 @@ func EasyGet(t *testing.T, c *http.Client, url string) (*http.Response, []byte) res, err := c.Get(url) require.NoError(t, err) defer res.Body.Close() - body, err := ioutil.ReadAll(res.Body) + body, err := io.ReadAll(res.Body) require.NoError(t, err) return res, body } @@ -44,7 +43,7 @@ func EasyGetJSON(t *testing.T, c *http.Client, url string) (*http.Response, []by res, err := c.Do(req) require.NoError(t, err) defer res.Body.Close() - body, err := ioutil.ReadAll(res.Body) + body, err := io.ReadAll(res.Body) require.NoError(t, err) return res, body } diff --git a/x/http_redirect_admin_test.go b/x/http_redirect_admin_test.go index 34cc9836686d..1045fa675ae8 100644 --- a/x/http_redirect_admin_test.go +++ b/x/http_redirect_admin_test.go @@ -1,7 +1,7 @@ package x import ( - "io/ioutil" + "io" "net/http" "net/http/httptest" "strings" @@ -45,7 +45,7 @@ func TestRedirectAdmin(t *testing.T) { assert.Equal(t, tc.expectedPath, res.Request.URL.Path) defer res.Body.Close() if tc.expectedBody != "" { - body, err := ioutil.ReadAll(res.Body) + body, err := io.ReadAll(res.Body) require.NoError(t, err) assert.Equal(t, tc.expectedBody, strings.TrimSpace(string(body))) } diff --git a/x/http_secure_redirect_test.go b/x/http_secure_redirect_test.go index 9f1e0ae39847..f6bfd3f749ab 100644 --- a/x/http_secure_redirect_test.go +++ b/x/http_secure_redirect_test.go @@ -2,7 +2,7 @@ package x_test import ( "encoding/json" - "io/ioutil" + "io" "net/http" "net/http/httptest" "net/url" @@ -50,7 +50,7 @@ func TestSecureContentNegotiationRedirection(t *testing.T) { req.Header.Add("Accept", contentType) res, err := ts.Client().Do(req) require.NoError(t, err) - body, err := ioutil.ReadAll(res.Body) + body, err := io.ReadAll(res.Body) require.NoError(t, err) require.NoError(t, res.Body.Close()) return res, string(body) @@ -137,7 +137,7 @@ func TestSecureRedirectTo(t *testing.T) { res, err := ts.Client().Get(ts.URL + "/" + path) require.NoError(t, err) - body, err := ioutil.ReadAll(res.Body) + body, err := io.ReadAll(res.Body) require.NoError(t, err) require.NoError(t, res.Body.Close()) return res, string(body) diff --git a/x/readall.go b/x/readall.go index 19c6c2211b4d..588b1c574319 100644 --- a/x/readall.go +++ b/x/readall.go @@ -2,11 +2,10 @@ package x import ( "io" - "io/ioutil" ) func MustReadAll(r io.Reader) []byte { - all, err := ioutil.ReadAll(r) + all, err := io.ReadAll(r) if err != nil { panic(err) } From ae4a72eff0e4844aee836f77bd9da8c4dfe77c9a Mon Sep 17 00:00:00 2001 From: Jonas Hungershausen Date: Thu, 11 Aug 2022 17:33:15 +0200 Subject: [PATCH 209/411] chore: fix golangci/lint version to v1.47.3 --- .github/workflows/ci.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 4c63e4b64ba3..b0346215a0f9 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -91,6 +91,7 @@ jobs: GOGC: 100 with: args: --timeout 10m0s + version: v1.47.3 skip-go-installation: true skip-pkg-cache: true - name: Build Kratos From b553f506ec073a602f08e9c1db8074da8675556c Mon Sep 17 00:00:00 2001 From: Jonas Hungershausen Date: Mon, 15 Aug 2022 10:05:43 +0200 Subject: [PATCH 210/411] chore: remove ioutil from open api templates --- .schema/openapi/templates/go/api.mustache | 8 ++++---- .schema/openapi/templates/go/signing.mustache | 3 +-- quickstart.yml | 16 ++++++++-------- 3 files changed, 13 insertions(+), 14 deletions(-) diff --git a/.schema/openapi/templates/go/api.mustache b/.schema/openapi/templates/go/api.mustache index 63f93b1b82eb..6ee735a7ffdd 100644 --- a/.schema/openapi/templates/go/api.mustache +++ b/.schema/openapi/templates/go/api.mustache @@ -5,7 +5,7 @@ package {{packageName}} import ( "bytes" "context" - "io/ioutil" + "io" "net/http" "net/url" {{#imports}} "{{import}}" @@ -243,7 +243,7 @@ func (a *{{{classname}}}Service) {{nickname}}Execute(r {{#structPrefix}}{{&class } {{/required}} if localVarFile != nil { - fbs, _ := ioutil.ReadAll(localVarFile) + fbs, _ := io.ReadAll(localVarFile) localVarFileBytes = fbs localVarFileName = localVarFile.Name() localVarFile.Close() @@ -321,9 +321,9 @@ func (a *{{{classname}}}Service) {{nickname}}Execute(r {{#structPrefix}}{{&class return {{#returnType}}localVarReturnValue, {{/returnType}}localVarHTTPResponse, err } - localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body) + localVarBody, err := io.ReadAll(localVarHTTPResponse.Body) localVarHTTPResponse.Body.Close() - localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody)) + localVarHTTPResponse.Body = io.NopCloser(bytes.NewBuffer(localVarBody)) if err != nil { return {{#returnType}}localVarReturnValue, {{/returnType}}localVarHTTPResponse, err } diff --git a/.schema/openapi/templates/go/signing.mustache b/.schema/openapi/templates/go/signing.mustache index db486a16b207..6202dea1d4f0 100644 --- a/.schema/openapi/templates/go/signing.mustache +++ b/.schema/openapi/templates/go/signing.mustache @@ -14,7 +14,6 @@ import ( "encoding/pem" "fmt" "io" - "io/ioutil" "net/http" "net/textproto" "os" @@ -178,7 +177,7 @@ func (h *HttpSignatureAuth) loadPrivateKey() (err error) { err = file.Close() }() var priv []byte - priv, err = ioutil.ReadAll(file) + priv, err = io.ReadAll(file) if err != nil { return err } diff --git a/quickstart.yml b/quickstart.yml index 97ee08af94a0..317d6456078e 100644 --- a/quickstart.yml +++ b/quickstart.yml @@ -16,14 +16,14 @@ services: restart: on-failure networks: - intranet - kratos-selfservice-ui-node: - image: oryd/kratos-selfservice-ui-node:v0.10.1 - environment: - - KRATOS_PUBLIC_URL=http://kratos:4433/ - - KRATOS_BROWSER_URL=http://127.0.0.1:4433/ - networks: - - intranet - restart: on-failure + # kratos-selfservice-ui-node: + # image: oryd/kratos-selfservice-ui-node:v0.10.1 + # environment: + # - KRATOS_PUBLIC_URL=http://kratos:4433/ + # - KRATOS_BROWSER_URL=http://127.0.0.1:4433/ + # networks: + # - intranet + # restart: on-failure kratos: depends_on: - kratos-migrate From 4159b93ae3f8175cf7ccf77d34e4a7a2d0181d4f Mon Sep 17 00:00:00 2001 From: ory-bot <60093411+ory-bot@users.noreply.github.com> Date: Mon, 15 Aug 2022 15:21:22 +0000 Subject: [PATCH 211/411] autogen(openapi): regenerate swagger spec and internal client [skip ci] --- cmd/cleanup/sql.go | 4 +- cmd/migrate/sql.go | 2 +- examples/go/selfservice/error/main.go | 2 +- examples/go/selfservice/login/main.go | 2 +- examples/go/selfservice/logout/main.go | 2 +- examples/go/selfservice/recovery/main.go | 2 +- examples/go/selfservice/registration/main.go | 2 +- examples/go/selfservice/settings/main.go | 2 +- examples/go/selfservice/verification/main.go | 2 +- examples/go/session/tosession/main.go | 2 +- identity/handler.go | 142 ++++---- internal/httpclient/api_metadata.go | 26 +- internal/httpclient/api_v0alpha2.go | 318 +++++++++--------- schema/handler.go | 26 +- selfservice/errorx/handler.go | 18 +- selfservice/flow/login/handler.go | 108 +++--- selfservice/flow/logout/handler.go | 50 +-- selfservice/flow/recovery/handler.go | 103 +++--- selfservice/flow/registration/handler.go | 98 +++--- selfservice/flow/settings/handler.go | 114 +++---- selfservice/flow/settings/state.go | 8 +- selfservice/flow/verification/handler.go | 98 +++--- .../strategy/link/strategy_recovery.go | 22 +- selfservice/strategy/lookup/strategy.go | 2 +- selfservice/strategy/webauthn/handler.go | 12 +- session/handler.go | 138 ++++---- swagger_meta.go | 38 +-- ui/node/attributes.go | 1 - x/doc.go | 4 +- x/time.go | 2 +- 30 files changed, 683 insertions(+), 667 deletions(-) diff --git a/cmd/cleanup/sql.go b/cmd/cleanup/sql.go index 847d010a02cb..c74d214fcba1 100644 --- a/cmd/cleanup/sql.go +++ b/cmd/cleanup/sql.go @@ -3,7 +3,9 @@ Copyright © 2019 NAME HERE Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at - http://www.apache.org/licenses/LICENSE-2.0 + + http://www.apache.org/licenses/LICENSE-2.0 + Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. diff --git a/cmd/migrate/sql.go b/cmd/migrate/sql.go index d9b088b5841e..3e65c07fe01b 100644 --- a/cmd/migrate/sql.go +++ b/cmd/migrate/sql.go @@ -5,7 +5,7 @@ Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at - http://www.apache.org/licenses/LICENSE-2.0 + http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, diff --git a/examples/go/selfservice/error/main.go b/examples/go/selfservice/error/main.go index a8025a681d76..05ebe2c46a2e 100644 --- a/examples/go/selfservice/error/main.go +++ b/examples/go/selfservice/error/main.go @@ -8,7 +8,7 @@ import ( // If you use Open Source this would be: // -//var client = pkg.NewSDKForSelfHosted("http://127.0.0.1:4433") +// var client = pkg.NewSDKForSelfHosted("http://127.0.0.1:4433") var client = pkg.NewSDK("playground") func getError() *ory.SelfServiceError { diff --git a/examples/go/selfservice/login/main.go b/examples/go/selfservice/login/main.go index 56ef6b3d7bef..ec8829003e85 100644 --- a/examples/go/selfservice/login/main.go +++ b/examples/go/selfservice/login/main.go @@ -10,7 +10,7 @@ import ( // If you use Open Source this would be: // -//var client = pkg.NewSDKForSelfHosted("http://127.0.0.1:4433") +// var client = pkg.NewSDKForSelfHosted("http://127.0.0.1:4433") var client = pkg.NewSDK("playground") func performLogin() *ory.SuccessfulSelfServiceLoginWithoutBrowser { diff --git a/examples/go/selfservice/logout/main.go b/examples/go/selfservice/logout/main.go index ea2e483fa3ff..81897596a34f 100644 --- a/examples/go/selfservice/logout/main.go +++ b/examples/go/selfservice/logout/main.go @@ -10,7 +10,7 @@ import ( // If you use Open Source this would be: // -//var client = pkg.NewSDKForSelfHosted("http://127.0.0.1:4433") +// var client = pkg.NewSDKForSelfHosted("http://127.0.0.1:4433") var client = pkg.NewSDK("playground") func performLogout() { diff --git a/examples/go/selfservice/recovery/main.go b/examples/go/selfservice/recovery/main.go index 80e22aaed2aa..aa051ab088f2 100644 --- a/examples/go/selfservice/recovery/main.go +++ b/examples/go/selfservice/recovery/main.go @@ -10,7 +10,7 @@ import ( // If you use Open Source this would be: // -//var client = pkg.NewSDKForSelfHosted("http://127.0.0.1:4433") +// var client = pkg.NewSDKForSelfHosted("http://127.0.0.1:4433") var client = pkg.NewSDK("playground") func performRecovery(email string) *ory.SelfServiceRecoveryFlow { diff --git a/examples/go/selfservice/registration/main.go b/examples/go/selfservice/registration/main.go index 5f0fb0d3cbfe..a0e6b2b04d63 100644 --- a/examples/go/selfservice/registration/main.go +++ b/examples/go/selfservice/registration/main.go @@ -10,7 +10,7 @@ import ( // If you use Open Source this would be: // -//var client = pkg.NewSDKForSelfHosted("http://127.0.0.1:4433") +// var client = pkg.NewSDKForSelfHosted("http://127.0.0.1:4433") var client = pkg.NewSDK("playground") func initRegistration() *ory.SuccessfulSelfServiceRegistrationWithoutBrowser { diff --git a/examples/go/selfservice/settings/main.go b/examples/go/selfservice/settings/main.go index 3f817260293f..5f570233c192 100644 --- a/examples/go/selfservice/settings/main.go +++ b/examples/go/selfservice/settings/main.go @@ -10,7 +10,7 @@ import ( // If you use Open Source this would be: // -//var client = pkg.NewSDKForSelfHosted("http://127.0.0.1:4433") +// var client = pkg.NewSDKForSelfHosted("http://127.0.0.1:4433") var client = pkg.NewSDK("playground") var ctx = context.Background() diff --git a/examples/go/selfservice/verification/main.go b/examples/go/selfservice/verification/main.go index f703c4841148..f8462bf880b9 100644 --- a/examples/go/selfservice/verification/main.go +++ b/examples/go/selfservice/verification/main.go @@ -10,7 +10,7 @@ import ( // If you use Open Source this would be: // -//var client = pkg.NewSDKForSelfHosted("http://127.0.0.1:4433") +// var client = pkg.NewSDKForSelfHosted("http://127.0.0.1:4433") var client = pkg.NewSDK("playground") func performVerification(email string) *ory.SelfServiceVerificationFlow { diff --git a/examples/go/session/tosession/main.go b/examples/go/session/tosession/main.go index c76f67220884..629dd2e5b2c7 100644 --- a/examples/go/session/tosession/main.go +++ b/examples/go/session/tosession/main.go @@ -8,7 +8,7 @@ import ( // If you use Open Source this would be: // -//var client = pkg.NewSDKForSelfHosted("http://127.0.0.1:4433") +// var client = pkg.NewSDKForSelfHosted("http://127.0.0.1:4433") var client = pkg.NewSDK("playground") func toSession() *ory.Session { diff --git a/identity/handler.go b/identity/handler.go index 472f12747936..8eb706731ce4 100644 --- a/identity/handler.go +++ b/identity/handler.go @@ -104,23 +104,23 @@ type adminListIdentities struct { // swagger:route GET /admin/identities v0alpha2 adminListIdentities // -// List Identities +// # List Identities // // Lists all identities. Does not support search at the moment. // // Learn how identities work in [Ory Kratos' User And Identity Model Documentation](https://www.ory.sh/docs/next/kratos/concepts/identity-user-model). // -// Produces: -// - application/json +// Produces: +// - application/json // -// Schemes: http, https +// Schemes: http, https // -// Security: -// oryAccessToken: +// Security: +// oryAccessToken: // -// Responses: -// 200: identityList -// 500: jsonError +// Responses: +// 200: identityList +// 500: jsonError func (h *Handler) list(w http.ResponseWriter, r *http.Request, _ httprouter.Params) { page, itemsPerPage := x.ParsePagination(r) is, err := h.r.IdentityPool().ListIdentities(r.Context(), page, itemsPerPage) @@ -160,25 +160,25 @@ type adminGetIdentity struct { // swagger:route GET /admin/identities/{id} v0alpha2 adminGetIdentity // -// Get an Identity +// # Get an Identity // // Learn how identities work in [Ory Kratos' User And Identity Model Documentation](https://www.ory.sh/docs/next/kratos/concepts/identity-user-model). // -// Consumes: -// - application/json +// Consumes: +// - application/json // -// Produces: -// - application/json +// Produces: +// - application/json // -// Schemes: http, https +// Schemes: http, https // -// Security: -// oryAccessToken: +// Security: +// oryAccessToken: // -// Responses: -// 200: identity -// 404: jsonError -// 500: jsonError +// Responses: +// 200: identity +// 404: jsonError +// 500: jsonError func (h *Handler) get(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { i, err := h.r.PrivilegedIdentityPool().GetIdentityConfidential(r.Context(), x.ParseUUID(ps.ByName("id"))) if err != nil { @@ -309,26 +309,26 @@ type AdminCreateIdentityImportCredentialsOidcProvider struct { // swagger:route POST /admin/identities v0alpha2 adminCreateIdentity // -// Create an Identity +// # Create an Identity // // This endpoint creates an identity. Learn how identities work in [Ory Kratos' User And Identity Model Documentation](https://www.ory.sh/docs/next/kratos/concepts/identity-user-model). // -// Consumes: -// - application/json +// Consumes: +// - application/json // -// Produces: -// - application/json +// Produces: +// - application/json // -// Schemes: http, https +// Schemes: http, https // -// Security: -// oryAccessToken: +// Security: +// oryAccessToken: // -// Responses: -// 201: identity -// 400: jsonError -// 409: jsonError -// 500: jsonError +// Responses: +// 201: identity +// 400: jsonError +// 409: jsonError +// 500: jsonError func (h *Handler) create(w http.ResponseWriter, r *http.Request, _ httprouter.Params) { var cr AdminCreateIdentityBody if err := jsonx.NewStrictDecoder(r.Body).Decode(&cr); err != nil { @@ -426,29 +426,29 @@ type AdminUpdateIdentityBody struct { // swagger:route PUT /admin/identities/{id} v0alpha2 adminUpdateIdentity // -// Update an Identity +// # Update an Identity // // This endpoint updates an identity. The full identity payload (except credentials) is expected. This endpoint does not support patching. // // Learn how identities work in [Ory Kratos' User And Identity Model Documentation](https://www.ory.sh/docs/next/kratos/concepts/identity-user-model). // -// Consumes: -// - application/json +// Consumes: +// - application/json // -// Produces: -// - application/json +// Produces: +// - application/json // -// Schemes: http, https +// Schemes: http, https // -// Security: -// oryAccessToken: +// Security: +// oryAccessToken: // -// Responses: -// 200: identity -// 400: jsonError -// 404: jsonError -// 409: jsonError -// 500: jsonError +// Responses: +// 200: identity +// 400: jsonError +// 404: jsonError +// 409: jsonError +// 500: jsonError func (h *Handler) update(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { var ur AdminUpdateIdentityBody if err := h.dx.Decode(r, &ur, @@ -516,7 +516,7 @@ type adminDeleteIdentity struct { // swagger:route DELETE /admin/identities/{id} v0alpha2 adminDeleteIdentity // -// Delete an Identity +// # Delete an Identity // // Calling this endpoint irrecoverably and permanently deletes the identity given its ID. This action can not be undone. // This endpoint returns 204 when the identity was deleted or when the identity was not found, in which case it is @@ -524,18 +524,18 @@ type adminDeleteIdentity struct { // // Learn how identities work in [Ory Kratos' User And Identity Model Documentation](https://www.ory.sh/docs/next/kratos/concepts/identity-user-model). // -// Produces: -// - application/json +// Produces: +// - application/json // -// Schemes: http, https +// Schemes: http, https // -// Security: -// oryAccessToken: +// Security: +// oryAccessToken: // -// Responses: -// 204: emptyResponse -// 404: jsonError -// 500: jsonError +// Responses: +// 204: emptyResponse +// 404: jsonError +// 500: jsonError func (h *Handler) delete(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { if err := h.r.IdentityPool().(PrivilegedPool).DeleteIdentity(r.Context(), x.ParseUUID(ps.ByName("id"))); err != nil { h.r.Writer().WriteError(w, r, err) @@ -566,23 +566,23 @@ type adminPatchIdentity struct { // // Learn how identities work in [Ory Kratos' User And Identity Model Documentation](https://www.ory.sh/docs/next/kratos/concepts/identity-user-model). // -// Consumes: -// - application/json +// Consumes: +// - application/json // -// Produces: -// - application/json +// Produces: +// - application/json // -// Schemes: http, https +// Schemes: http, https // -// Security: -// oryAccessToken: +// Security: +// oryAccessToken: // -// Responses: -// 200: identity -// 400: jsonError -// 404: jsonError -// 409: jsonError -// 500: jsonError +// Responses: +// 200: identity +// 400: jsonError +// 404: jsonError +// 409: jsonError +// 500: jsonError func (h *Handler) patch(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { requestBody, err := io.ReadAll(r.Body) if err != nil { diff --git a/internal/httpclient/api_metadata.go b/internal/httpclient/api_metadata.go index a63febb073aa..eec994165b53 100644 --- a/internal/httpclient/api_metadata.go +++ b/internal/httpclient/api_metadata.go @@ -102,16 +102,16 @@ func (r MetadataApiApiGetVersionRequest) Execute() (*InlineResponse2001, *http.R } /* - * GetVersion Return Running Software Version. - * This endpoint returns the version of Ory Kratos. + - GetVersion Return Running Software Version. + - This endpoint returns the version of Ory Kratos. If the service supports TLS Edge Termination, this endpoint does not require the `X-Forwarded-Proto` header to be set. Be aware that if you are running multiple nodes of this service, the version will never refer to the cluster state, only to a single instance. - * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - * @return MetadataApiApiGetVersionRequest + - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + - @return MetadataApiApiGetVersionRequest */ func (a *MetadataApiService) GetVersion(ctx context.Context) MetadataApiApiGetVersionRequest { return MetadataApiApiGetVersionRequest{ @@ -209,8 +209,9 @@ func (r MetadataApiApiIsAliveRequest) Execute() (*InlineResponse200, *http.Respo } /* - * IsAlive Check HTTP Server Status - * This endpoint returns a HTTP 200 status code when Ory Kratos is accepting incoming + - IsAlive Check HTTP Server Status + - This endpoint returns a HTTP 200 status code when Ory Kratos is accepting incoming + HTTP requests. This status does currently not include checks whether the database connection is working. If the service supports TLS Edge Termination, this endpoint does not require the @@ -218,8 +219,8 @@ If the service supports TLS Edge Termination, this endpoint does not require the Be aware that if you are running multiple nodes of this service, the health status will never refer to the cluster state, only to a single instance. - * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - * @return MetadataApiApiIsAliveRequest + - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + - @return MetadataApiApiIsAliveRequest */ func (a *MetadataApiService) IsAlive(ctx context.Context) MetadataApiApiIsAliveRequest { return MetadataApiApiIsAliveRequest{ @@ -326,8 +327,9 @@ func (r MetadataApiApiIsReadyRequest) Execute() (*InlineResponse200, *http.Respo } /* - * IsReady Check HTTP Server and Database Status - * This endpoint returns a HTTP 200 status code when Ory Kratos is up running and the environment dependencies (e.g. + - IsReady Check HTTP Server and Database Status + - This endpoint returns a HTTP 200 status code when Ory Kratos is up running and the environment dependencies (e.g. + the database) are responsive as well. If the service supports TLS Edge Termination, this endpoint does not require the @@ -335,8 +337,8 @@ If the service supports TLS Edge Termination, this endpoint does not require the Be aware that if you are running multiple nodes of Ory Kratos, the health status will never refer to the cluster state, only to a single instance. - * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - * @return MetadataApiApiIsReadyRequest + - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + - @return MetadataApiApiIsReadyRequest */ func (a *MetadataApiService) IsReady(ctx context.Context) MetadataApiApiIsReadyRequest { return MetadataApiApiIsReadyRequest{ diff --git a/internal/httpclient/api_v0alpha2.go b/internal/httpclient/api_v0alpha2.go index 212cfd12a350..cfc74a7f3b7c 100644 --- a/internal/httpclient/api_v0alpha2.go +++ b/internal/httpclient/api_v0alpha2.go @@ -1279,11 +1279,12 @@ func (r V0alpha2ApiApiAdminCreateSelfServiceRecoveryLinkRequest) Execute() (*Sel } /* - * AdminCreateSelfServiceRecoveryLink Create a Recovery Link - * This endpoint creates a recovery link which should be given to the user in order for them to recover + - AdminCreateSelfServiceRecoveryLink Create a Recovery Link + - This endpoint creates a recovery link which should be given to the user in order for them to recover + (or activate) their account. - * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - * @return V0alpha2ApiApiAdminCreateSelfServiceRecoveryLinkRequest + - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + - @return V0alpha2ApiApiAdminCreateSelfServiceRecoveryLinkRequest */ func (a *V0alpha2ApiService) AdminCreateSelfServiceRecoveryLink(ctx context.Context) V0alpha2ApiApiAdminCreateSelfServiceRecoveryLinkRequest { return V0alpha2ApiApiAdminCreateSelfServiceRecoveryLinkRequest{ @@ -1413,15 +1414,16 @@ func (r V0alpha2ApiApiAdminDeleteIdentityRequest) Execute() (*http.Response, err } /* - * AdminDeleteIdentity Delete an Identity - * Calling this endpoint irrecoverably and permanently deletes the identity given its ID. This action can not be undone. + - AdminDeleteIdentity Delete an Identity + - Calling this endpoint irrecoverably and permanently deletes the identity given its ID. This action can not be undone. + This endpoint returns 204 when the identity was deleted or when the identity was not found, in which case it is assumed that is has been deleted already. Learn how identities work in [Ory Kratos' User And Identity Model Documentation](https://www.ory.sh/docs/next/kratos/concepts/identity-user-model). - * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - * @param id ID is the identity's ID. - * @return V0alpha2ApiApiAdminDeleteIdentityRequest + - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + - @param id ID is the identity's ID. + - @return V0alpha2ApiApiAdminDeleteIdentityRequest */ func (a *V0alpha2ApiService) AdminDeleteIdentity(ctx context.Context, id string) V0alpha2ApiApiAdminDeleteIdentityRequest { return V0alpha2ApiApiAdminDeleteIdentityRequest{ @@ -1544,13 +1546,13 @@ func (r V0alpha2ApiApiAdminDeleteIdentitySessionsRequest) Execute() (*http.Respo } /* - * AdminDeleteIdentitySessions Calling this endpoint irrecoverably and permanently deletes and invalidates all sessions that belong to the given Identity. - * This endpoint is useful for: + - AdminDeleteIdentitySessions Calling this endpoint irrecoverably and permanently deletes and invalidates all sessions that belong to the given Identity. + - This endpoint is useful for: To forcefully logout Identity from all devices and sessions - * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - * @param id ID is the identity's ID. - * @return V0alpha2ApiApiAdminDeleteIdentitySessionsRequest + - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + - @param id ID is the identity's ID. + - @return V0alpha2ApiApiAdminDeleteIdentitySessionsRequest */ func (a *V0alpha2ApiService) AdminDeleteIdentitySessions(ctx context.Context, id string) V0alpha2ApiApiAdminDeleteIdentitySessionsRequest { return V0alpha2ApiApiAdminDeleteIdentitySessionsRequest{ @@ -2006,12 +2008,12 @@ func (r V0alpha2ApiApiAdminListIdentitiesRequest) Execute() ([]Identity, *http.R } /* - * AdminListIdentities List Identities - * Lists all identities. Does not support search at the moment. + - AdminListIdentities List Identities + - Lists all identities. Does not support search at the moment. Learn how identities work in [Ory Kratos' User And Identity Model Documentation](https://www.ory.sh/docs/next/kratos/concepts/identity-user-model). - * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - * @return V0alpha2ApiApiAdminListIdentitiesRequest + - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + - @return V0alpha2ApiApiAdminListIdentitiesRequest */ func (a *V0alpha2ApiService) AdminListIdentities(ctx context.Context) V0alpha2ApiApiAdminListIdentitiesRequest { return V0alpha2ApiApiAdminListIdentitiesRequest{ @@ -2155,13 +2157,13 @@ func (r V0alpha2ApiApiAdminListIdentitySessionsRequest) Execute() ([]Session, *h } /* - * AdminListIdentitySessions This endpoint returns all sessions that belong to the given Identity. - * This endpoint is useful for: + - AdminListIdentitySessions This endpoint returns all sessions that belong to the given Identity. + - This endpoint is useful for: Listing all sessions that belong to an Identity in an administrative context. - * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - * @param id ID is the identity's ID. - * @return V0alpha2ApiApiAdminListIdentitySessionsRequest + - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + - @param id ID is the identity's ID. + - @return V0alpha2ApiApiAdminListIdentitySessionsRequest */ func (a *V0alpha2ApiService) AdminListIdentitySessions(ctx context.Context, id string) V0alpha2ApiApiAdminListIdentitySessionsRequest { return V0alpha2ApiApiAdminListIdentitySessionsRequest{ @@ -2330,13 +2332,13 @@ func (r V0alpha2ApiApiAdminPatchIdentityRequest) Execute() (*Identity, *http.Res } /* - * AdminPatchIdentity Partially updates an Identity's field using [JSON Patch](https://jsonpatch.com/) - * NOTE: The fields `id`, `stateChangedAt` and `credentials` are not updateable. + - AdminPatchIdentity Partially updates an Identity's field using [JSON Patch](https://jsonpatch.com/) + - NOTE: The fields `id`, `stateChangedAt` and `credentials` are not updateable. Learn how identities work in [Ory Kratos' User And Identity Model Documentation](https://www.ory.sh/docs/next/kratos/concepts/identity-user-model). - * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - * @param id ID must be set to the ID of identity you want to update - * @return V0alpha2ApiApiAdminPatchIdentityRequest + - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + - @param id ID must be set to the ID of identity you want to update + - @return V0alpha2ApiApiAdminPatchIdentityRequest */ func (a *V0alpha2ApiService) AdminPatchIdentity(ctx context.Context, id string) V0alpha2ApiApiAdminPatchIdentityRequest { return V0alpha2ApiApiAdminPatchIdentityRequest{ @@ -2498,13 +2500,13 @@ func (r V0alpha2ApiApiAdminUpdateIdentityRequest) Execute() (*Identity, *http.Re } /* - * AdminUpdateIdentity Update an Identity - * This endpoint updates an identity. The full identity payload (except credentials) is expected. This endpoint does not support patching. + - AdminUpdateIdentity Update an Identity + - This endpoint updates an identity. The full identity payload (except credentials) is expected. This endpoint does not support patching. Learn how identities work in [Ory Kratos' User And Identity Model Documentation](https://www.ory.sh/docs/next/kratos/concepts/identity-user-model). - * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - * @param id ID must be set to the ID of identity you want to update - * @return V0alpha2ApiApiAdminUpdateIdentityRequest + - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + - @param id ID must be set to the ID of identity you want to update + - @return V0alpha2ApiApiAdminUpdateIdentityRequest */ func (a *V0alpha2ApiService) AdminUpdateIdentity(ctx context.Context, id string) V0alpha2ApiApiAdminUpdateIdentityRequest { return V0alpha2ApiApiAdminUpdateIdentityRequest{ @@ -2665,8 +2667,8 @@ func (r V0alpha2ApiApiCreateSelfServiceLogoutFlowUrlForBrowsersRequest) Execute( } /* - * CreateSelfServiceLogoutFlowUrlForBrowsers Create a Logout URL for Browsers - * This endpoint initializes a browser-based user logout flow and a URL which can be used to log out the user. + - CreateSelfServiceLogoutFlowUrlForBrowsers Create a Logout URL for Browsers + - This endpoint initializes a browser-based user logout flow and a URL which can be used to log out the user. This endpoint is NOT INTENDED for API clients and only works with browsers (Chrome, Firefox, ...). For API clients you can @@ -2676,8 +2678,8 @@ The URL is only valid for the currently signed in user. If no user is signed in, a 401 error. When calling this endpoint from a backend, please ensure to properly forward the HTTP cookies. - * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - * @return V0alpha2ApiApiCreateSelfServiceLogoutFlowUrlForBrowsersRequest + - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + - @return V0alpha2ApiApiCreateSelfServiceLogoutFlowUrlForBrowsersRequest */ func (a *V0alpha2ApiService) CreateSelfServiceLogoutFlowUrlForBrowsers(ctx context.Context) V0alpha2ApiApiCreateSelfServiceLogoutFlowUrlForBrowsersRequest { return V0alpha2ApiApiCreateSelfServiceLogoutFlowUrlForBrowsersRequest{ @@ -2927,16 +2929,16 @@ func (r V0alpha2ApiApiGetSelfServiceErrorRequest) Execute() (*SelfServiceError, } /* - * GetSelfServiceError Get Self-Service Errors - * This endpoint returns the error associated with a user-facing self service errors. + - GetSelfServiceError Get Self-Service Errors + - This endpoint returns the error associated with a user-facing self service errors. This endpoint supports stub values to help you implement the error UI: `?id=stub:500` - returns a stub 500 (Internal Server Error) error. More information can be found at [Ory Kratos User User Facing Error Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-facing-errors). - * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - * @return V0alpha2ApiApiGetSelfServiceErrorRequest + - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + - @return V0alpha2ApiApiGetSelfServiceErrorRequest */ func (a *V0alpha2ApiService) GetSelfServiceError(ctx context.Context) V0alpha2ApiApiGetSelfServiceErrorRequest { return V0alpha2ApiApiGetSelfServiceErrorRequest{ @@ -3078,8 +3080,8 @@ func (r V0alpha2ApiApiGetSelfServiceLoginFlowRequest) Execute() (*SelfServiceLog } /* - * GetSelfServiceLoginFlow Get Login Flow - * This endpoint returns a login flow's context with, for example, error details and other information. + - GetSelfServiceLoginFlow Get Login Flow + - This endpoint returns a login flow's context with, for example, error details and other information. Browser flows expect the anti-CSRF cookie to be included in the request's HTTP Cookie Header. For AJAX requests you must ensure that cookies are included in the request or requests will fail. @@ -3102,8 +3104,8 @@ This request may fail due to several reasons. The `error.id` can be one of: `self_service_flow_expired`: The flow is expired and you should request a new one. More information can be found at [Ory Kratos User Login](https://www.ory.sh/docs/kratos/self-service/flows/user-login) and [User Registration Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-registration). - * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - * @return V0alpha2ApiApiGetSelfServiceLoginFlowRequest + - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + - @return V0alpha2ApiApiGetSelfServiceLoginFlowRequest */ func (a *V0alpha2ApiService) GetSelfServiceLoginFlow(ctx context.Context) V0alpha2ApiApiGetSelfServiceLoginFlowRequest { return V0alpha2ApiApiGetSelfServiceLoginFlowRequest{ @@ -3258,8 +3260,8 @@ func (r V0alpha2ApiApiGetSelfServiceRecoveryFlowRequest) Execute() (*SelfService } /* - * GetSelfServiceRecoveryFlow Get Recovery Flow - * This endpoint returns a recovery flow's context with, for example, error details and other information. + - GetSelfServiceRecoveryFlow Get Recovery Flow + - This endpoint returns a recovery flow's context with, for example, error details and other information. Browser flows expect the anti-CSRF cookie to be included in the request's HTTP Cookie Header. For AJAX requests you must ensure that cookies are included in the request or requests will fail. @@ -3277,8 +3279,8 @@ res.render('recovery', flow) ``` More information can be found at [Ory Kratos Account Recovery Documentation](../self-service/flows/account-recovery). - * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - * @return V0alpha2ApiApiGetSelfServiceRecoveryFlowRequest + - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + - @return V0alpha2ApiApiGetSelfServiceRecoveryFlowRequest */ func (a *V0alpha2ApiService) GetSelfServiceRecoveryFlow(ctx context.Context) V0alpha2ApiApiGetSelfServiceRecoveryFlowRequest { return V0alpha2ApiApiGetSelfServiceRecoveryFlowRequest{ @@ -3423,8 +3425,8 @@ func (r V0alpha2ApiApiGetSelfServiceRegistrationFlowRequest) Execute() (*SelfSer } /* - * GetSelfServiceRegistrationFlow Get Registration Flow - * This endpoint returns a registration flow's context with, for example, error details and other information. + - GetSelfServiceRegistrationFlow Get Registration Flow + - This endpoint returns a registration flow's context with, for example, error details and other information. Browser flows expect the anti-CSRF cookie to be included in the request's HTTP Cookie Header. For AJAX requests you must ensure that cookies are included in the request or requests will fail. @@ -3447,8 +3449,8 @@ This request may fail due to several reasons. The `error.id` can be one of: `self_service_flow_expired`: The flow is expired and you should request a new one. More information can be found at [Ory Kratos User Login](https://www.ory.sh/docs/kratos/self-service/flows/user-login) and [User Registration Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-registration). - * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - * @return V0alpha2ApiApiGetSelfServiceRegistrationFlowRequest + - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + - @return V0alpha2ApiApiGetSelfServiceRegistrationFlowRequest */ func (a *V0alpha2ApiService) GetSelfServiceRegistrationFlow(ctx context.Context) V0alpha2ApiApiGetSelfServiceRegistrationFlowRequest { return V0alpha2ApiApiGetSelfServiceRegistrationFlowRequest{ @@ -3608,8 +3610,9 @@ func (r V0alpha2ApiApiGetSelfServiceSettingsFlowRequest) Execute() (*SelfService } /* - * GetSelfServiceSettingsFlow Get Settings Flow - * When accessing this endpoint through Ory Kratos' Public API you must ensure that either the Ory Kratos Session Cookie + - GetSelfServiceSettingsFlow Get Settings Flow + - When accessing this endpoint through Ory Kratos' Public API you must ensure that either the Ory Kratos Session Cookie + or the Ory Kratos Session Token are set. Depending on your configuration this endpoint might return a 403 error if the session has a lower Authenticator @@ -3628,8 +3631,8 @@ case of an error, the `error.id` of the JSON response body can be one of: identity logged in instead. More information can be found at [Ory Kratos User Settings & Profile Management Documentation](../self-service/flows/user-settings). - * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - * @return V0alpha2ApiApiGetSelfServiceSettingsFlowRequest + - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + - @return V0alpha2ApiApiGetSelfServiceSettingsFlowRequest */ func (a *V0alpha2ApiService) GetSelfServiceSettingsFlow(ctx context.Context) V0alpha2ApiApiGetSelfServiceSettingsFlowRequest { return V0alpha2ApiApiGetSelfServiceSettingsFlowRequest{ @@ -3797,8 +3800,8 @@ func (r V0alpha2ApiApiGetSelfServiceVerificationFlowRequest) Execute() (*SelfSer } /* - * GetSelfServiceVerificationFlow Get Verification Flow - * This endpoint returns a verification flow's context with, for example, error details and other information. + - GetSelfServiceVerificationFlow Get Verification Flow + - This endpoint returns a verification flow's context with, for example, error details and other information. Browser flows expect the anti-CSRF cookie to be included in the request's HTTP Cookie Header. For AJAX requests you must ensure that cookies are included in the request or requests will fail. @@ -3815,8 +3818,8 @@ res.render('verification', flow) }) More information can be found at [Ory Kratos Email and Phone Verification Documentation](https://www.ory.sh/docs/kratos/selfservice/flows/verify-email-account-activation). - * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - * @return V0alpha2ApiApiGetSelfServiceVerificationFlowRequest + - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + - @return V0alpha2ApiApiGetSelfServiceVerificationFlowRequest */ func (a *V0alpha2ApiService) GetSelfServiceVerificationFlow(ctx context.Context) V0alpha2ApiApiGetSelfServiceVerificationFlowRequest { return V0alpha2ApiApiGetSelfServiceVerificationFlowRequest{ @@ -3950,8 +3953,8 @@ func (r V0alpha2ApiApiGetWebAuthnJavaScriptRequest) Execute() (string, *http.Res } /* - * GetWebAuthnJavaScript Get WebAuthn JavaScript - * This endpoint provides JavaScript which is needed in order to perform WebAuthn login and registration. + - GetWebAuthnJavaScript Get WebAuthn JavaScript + - This endpoint provides JavaScript which is needed in order to perform WebAuthn login and registration. If you are building a JavaScript Browser App (e.g. in ReactJS or AngularJS) you will need to load this file: @@ -3960,8 +3963,8 @@ If you are building a JavaScript Browser App (e.g. in ReactJS or AngularJS) you ``` More information can be found at [Ory Kratos User Login](https://www.ory.sh/docs/kratos/self-service/flows/user-login) and [User Registration Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-registration). - * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - * @return V0alpha2ApiApiGetWebAuthnJavaScriptRequest + - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + - @return V0alpha2ApiApiGetWebAuthnJavaScriptRequest */ func (a *V0alpha2ApiService) GetWebAuthnJavaScript(ctx context.Context) V0alpha2ApiApiGetWebAuthnJavaScriptRequest { return V0alpha2ApiApiGetWebAuthnJavaScriptRequest{ @@ -4075,8 +4078,9 @@ func (r V0alpha2ApiApiInitializeSelfServiceLoginFlowForBrowsersRequest) Execute( } /* - * InitializeSelfServiceLoginFlowForBrowsers Initialize Login Flow for Browsers - * This endpoint initializes a browser-based user login flow. This endpoint will set the appropriate + - InitializeSelfServiceLoginFlowForBrowsers Initialize Login Flow for Browsers + - This endpoint initializes a browser-based user login flow. This endpoint will set the appropriate + cookies and anti-CSRF measures required for browser-based flows. If this endpoint is opened as a link in the browser, it will be redirected to @@ -4095,8 +4099,8 @@ case of an error, the `error.id` of the JSON response body can be one of: This endpoint is NOT INTENDED for clients that do not have a browser (Chrome, Firefox, ...) as cookies are needed. More information can be found at [Ory Kratos User Login](https://www.ory.sh/docs/kratos/self-service/flows/user-login) and [User Registration Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-registration). - * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - * @return V0alpha2ApiApiInitializeSelfServiceLoginFlowForBrowsersRequest + - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + - @return V0alpha2ApiApiInitializeSelfServiceLoginFlowForBrowsersRequest */ func (a *V0alpha2ApiService) InitializeSelfServiceLoginFlowForBrowsers(ctx context.Context) V0alpha2ApiApiInitializeSelfServiceLoginFlowForBrowsersRequest { return V0alpha2ApiApiInitializeSelfServiceLoginFlowForBrowsersRequest{ @@ -4238,8 +4242,8 @@ func (r V0alpha2ApiApiInitializeSelfServiceLoginFlowWithoutBrowserRequest) Execu } /* - * InitializeSelfServiceLoginFlowWithoutBrowser Initialize Login Flow for APIs, Services, Apps, ... - * This endpoint initiates a login flow for API clients that do not use a browser, such as mobile devices, smart TVs, and so on. + - InitializeSelfServiceLoginFlowWithoutBrowser Initialize Login Flow for APIs, Services, Apps, ... + - This endpoint initiates a login flow for API clients that do not use a browser, such as mobile devices, smart TVs, and so on. If a valid provided session cookie or session token is provided, a 400 Bad Request error will be returned unless the URL query parameter `?refresh=true` is set. @@ -4259,8 +4263,8 @@ In the case of an error, the `error.id` of the JSON response body can be one of: This endpoint MUST ONLY be used in scenarios such as native mobile apps (React Native, Objective C, Swift, Java, ...). More information can be found at [Ory Kratos User Login](https://www.ory.sh/docs/kratos/self-service/flows/user-login) and [User Registration Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-registration). - * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - * @return V0alpha2ApiApiInitializeSelfServiceLoginFlowWithoutBrowserRequest + - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + - @return V0alpha2ApiApiInitializeSelfServiceLoginFlowWithoutBrowserRequest */ func (a *V0alpha2ApiService) InitializeSelfServiceLoginFlowWithoutBrowser(ctx context.Context) V0alpha2ApiApiInitializeSelfServiceLoginFlowWithoutBrowserRequest { return V0alpha2ApiApiInitializeSelfServiceLoginFlowWithoutBrowserRequest{ @@ -4392,8 +4396,9 @@ func (r V0alpha2ApiApiInitializeSelfServiceRecoveryFlowForBrowsersRequest) Execu } /* - * InitializeSelfServiceRecoveryFlowForBrowsers Initialize Recovery Flow for Browsers - * This endpoint initializes a browser-based account recovery flow. Once initialized, the browser will be redirected to + - InitializeSelfServiceRecoveryFlowForBrowsers Initialize Recovery Flow for Browsers + - This endpoint initializes a browser-based account recovery flow. Once initialized, the browser will be redirected to + `selfservice.flows.recovery.ui_url` with the flow ID set as the query parameter `?flow=`. If a valid user session exists, the browser is returned to the configured return URL. @@ -4403,8 +4408,8 @@ or a 400 bad request error if the user is already authenticated. This endpoint is NOT INTENDED for clients that do not have a browser (Chrome, Firefox, ...) as cookies are needed. More information can be found at [Ory Kratos Account Recovery Documentation](../self-service/flows/account-recovery). - * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - * @return V0alpha2ApiApiInitializeSelfServiceRecoveryFlowForBrowsersRequest + - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + - @return V0alpha2ApiApiInitializeSelfServiceRecoveryFlowForBrowsersRequest */ func (a *V0alpha2ApiService) InitializeSelfServiceRecoveryFlowForBrowsers(ctx context.Context) V0alpha2ApiApiInitializeSelfServiceRecoveryFlowForBrowsersRequest { return V0alpha2ApiApiInitializeSelfServiceRecoveryFlowForBrowsersRequest{ @@ -4524,8 +4529,8 @@ func (r V0alpha2ApiApiInitializeSelfServiceRecoveryFlowWithoutBrowserRequest) Ex } /* - * InitializeSelfServiceRecoveryFlowWithoutBrowser Initialize Recovery Flow for APIs, Services, Apps, ... - * This endpoint initiates a recovery flow for API clients such as mobile devices, smart TVs, and so on. + - InitializeSelfServiceRecoveryFlowWithoutBrowser Initialize Recovery Flow for APIs, Services, Apps, ... + - This endpoint initiates a recovery flow for API clients such as mobile devices, smart TVs, and so on. If a valid provided session cookie or session token is provided, a 400 Bad Request error. @@ -4537,10 +4542,9 @@ you vulnerable to a variety of CSRF attacks. This endpoint MUST ONLY be used in scenarios such as native mobile apps (React Native, Objective C, Swift, Java, ...). - More information can be found at [Ory Kratos Account Recovery Documentation](../self-service/flows/account-recovery). - * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - * @return V0alpha2ApiApiInitializeSelfServiceRecoveryFlowWithoutBrowserRequest + - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + - @return V0alpha2ApiApiInitializeSelfServiceRecoveryFlowWithoutBrowserRequest */ func (a *V0alpha2ApiService) InitializeSelfServiceRecoveryFlowWithoutBrowser(ctx context.Context) V0alpha2ApiApiInitializeSelfServiceRecoveryFlowWithoutBrowserRequest { return V0alpha2ApiApiInitializeSelfServiceRecoveryFlowWithoutBrowserRequest{ @@ -4663,8 +4667,9 @@ func (r V0alpha2ApiApiInitializeSelfServiceRegistrationFlowForBrowsersRequest) E } /* - * InitializeSelfServiceRegistrationFlowForBrowsers Initialize Registration Flow for Browsers - * This endpoint initializes a browser-based user registration flow. This endpoint will set the appropriate + - InitializeSelfServiceRegistrationFlowForBrowsers Initialize Registration Flow for Browsers + - This endpoint initializes a browser-based user registration flow. This endpoint will set the appropriate + cookies and anti-CSRF measures required for browser-based flows. :::info @@ -4689,8 +4694,8 @@ If this endpoint is called via an AJAX request, the response contains the regist This endpoint is NOT INTENDED for clients that do not have a browser (Chrome, Firefox, ...) as cookies are needed. More information can be found at [Ory Kratos User Login](https://www.ory.sh/docs/kratos/self-service/flows/user-login) and [User Registration Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-registration). - * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - * @return V0alpha2ApiApiInitializeSelfServiceRegistrationFlowForBrowsersRequest + - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + - @return V0alpha2ApiApiInitializeSelfServiceRegistrationFlowForBrowsersRequest */ func (a *V0alpha2ApiService) InitializeSelfServiceRegistrationFlowForBrowsers(ctx context.Context) V0alpha2ApiApiInitializeSelfServiceRegistrationFlowForBrowsersRequest { return V0alpha2ApiApiInitializeSelfServiceRegistrationFlowForBrowsersRequest{ @@ -4800,8 +4805,8 @@ func (r V0alpha2ApiApiInitializeSelfServiceRegistrationFlowWithoutBrowserRequest } /* - * InitializeSelfServiceRegistrationFlowWithoutBrowser Initialize Registration Flow for APIs, Services, Apps, ... - * This endpoint initiates a registration flow for API clients such as mobile devices, smart TVs, and so on. + - InitializeSelfServiceRegistrationFlowWithoutBrowser Initialize Registration Flow for APIs, Services, Apps, ... + - This endpoint initiates a registration flow for API clients such as mobile devices, smart TVs, and so on. If a valid provided session cookie or session token is provided, a 400 Bad Request error will be returned unless the URL query parameter `?refresh=true` is set. @@ -4820,8 +4825,8 @@ In the case of an error, the `error.id` of the JSON response body can be one of: This endpoint MUST ONLY be used in scenarios such as native mobile apps (React Native, Objective C, Swift, Java, ...). More information can be found at [Ory Kratos User Login](https://www.ory.sh/docs/kratos/self-service/flows/user-login) and [User Registration Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-registration). - * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - * @return V0alpha2ApiApiInitializeSelfServiceRegistrationFlowWithoutBrowserRequest + - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + - @return V0alpha2ApiApiInitializeSelfServiceRegistrationFlowWithoutBrowserRequest */ func (a *V0alpha2ApiService) InitializeSelfServiceRegistrationFlowWithoutBrowser(ctx context.Context) V0alpha2ApiApiInitializeSelfServiceRegistrationFlowWithoutBrowserRequest { return V0alpha2ApiApiInitializeSelfServiceRegistrationFlowWithoutBrowserRequest{ @@ -4944,8 +4949,9 @@ func (r V0alpha2ApiApiInitializeSelfServiceSettingsFlowForBrowsersRequest) Execu } /* - * InitializeSelfServiceSettingsFlowForBrowsers Initialize Settings Flow for Browsers - * This endpoint initializes a browser-based user settings flow. Once initialized, the browser will be redirected to + - InitializeSelfServiceSettingsFlowForBrowsers Initialize Settings Flow for Browsers + - This endpoint initializes a browser-based user settings flow. Once initialized, the browser will be redirected to + `selfservice.flows.settings.ui_url` with the flow ID set as the query parameter `?flow=`. If no valid Ory Kratos Session Cookie is included in the request, a login flow will be initialized. @@ -4971,8 +4977,8 @@ case of an error, the `error.id` of the JSON response body can be one of: This endpoint is NOT INTENDED for clients that do not have a browser (Chrome, Firefox, ...) as cookies are needed. More information can be found at [Ory Kratos User Settings & Profile Management Documentation](../self-service/flows/user-settings). - * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - * @return V0alpha2ApiApiInitializeSelfServiceSettingsFlowForBrowsersRequest + - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + - @return V0alpha2ApiApiInitializeSelfServiceSettingsFlowForBrowsersRequest */ func (a *V0alpha2ApiService) InitializeSelfServiceSettingsFlowForBrowsers(ctx context.Context) V0alpha2ApiApiInitializeSelfServiceSettingsFlowForBrowsersRequest { return V0alpha2ApiApiInitializeSelfServiceSettingsFlowForBrowsersRequest{ @@ -5118,8 +5124,9 @@ func (r V0alpha2ApiApiInitializeSelfServiceSettingsFlowWithoutBrowserRequest) Ex } /* - * InitializeSelfServiceSettingsFlowWithoutBrowser Initialize Settings Flow for APIs, Services, Apps, ... - * This endpoint initiates a settings flow for API clients such as mobile devices, smart TVs, and so on. + - InitializeSelfServiceSettingsFlowWithoutBrowser Initialize Settings Flow for APIs, Services, Apps, ... + - This endpoint initiates a settings flow for API clients such as mobile devices, smart TVs, and so on. + You must provide a valid Ory Kratos Session Token for this endpoint to respond with HTTP 200 OK. To fetch an existing settings flow call `/self-service/settings/flows?flow=`. @@ -5141,8 +5148,8 @@ In the case of an error, the `error.id` of the JSON response body can be one of: This endpoint MUST ONLY be used in scenarios such as native mobile apps (React Native, Objective C, Swift, Java, ...). More information can be found at [Ory Kratos User Settings & Profile Management Documentation](../self-service/flows/user-settings). - * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - * @return V0alpha2ApiApiInitializeSelfServiceSettingsFlowWithoutBrowserRequest + - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + - @return V0alpha2ApiApiInitializeSelfServiceSettingsFlowWithoutBrowserRequest */ func (a *V0alpha2ApiService) InitializeSelfServiceSettingsFlowWithoutBrowser(ctx context.Context) V0alpha2ApiApiInitializeSelfServiceSettingsFlowWithoutBrowserRequest { return V0alpha2ApiApiInitializeSelfServiceSettingsFlowWithoutBrowserRequest{ @@ -5268,8 +5275,9 @@ func (r V0alpha2ApiApiInitializeSelfServiceVerificationFlowForBrowsersRequest) E } /* - * InitializeSelfServiceVerificationFlowForBrowsers Initialize Verification Flow for Browser Clients - * This endpoint initializes a browser-based account verification flow. Once initialized, the browser will be redirected to + - InitializeSelfServiceVerificationFlowForBrowsers Initialize Verification Flow for Browser Clients + - This endpoint initializes a browser-based account verification flow. Once initialized, the browser will be redirected to + `selfservice.flows.verification.ui_url` with the flow ID set as the query parameter `?flow=`. If this endpoint is called via an AJAX request, the response contains the recovery flow without any redirects. @@ -5277,8 +5285,8 @@ If this endpoint is called via an AJAX request, the response contains the recove This endpoint is NOT INTENDED for API clients and only works with browsers (Chrome, Firefox, ...). More information can be found at [Ory Kratos Email and Phone Verification Documentation](https://www.ory.sh/docs/kratos/selfservice/flows/verify-email-account-activation). - * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - * @return V0alpha2ApiApiInitializeSelfServiceVerificationFlowForBrowsersRequest + - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + - @return V0alpha2ApiApiInitializeSelfServiceVerificationFlowForBrowsersRequest */ func (a *V0alpha2ApiService) InitializeSelfServiceVerificationFlowForBrowsers(ctx context.Context) V0alpha2ApiApiInitializeSelfServiceVerificationFlowForBrowsersRequest { return V0alpha2ApiApiInitializeSelfServiceVerificationFlowForBrowsersRequest{ @@ -5388,8 +5396,8 @@ func (r V0alpha2ApiApiInitializeSelfServiceVerificationFlowWithoutBrowserRequest } /* - * InitializeSelfServiceVerificationFlowWithoutBrowser Initialize Verification Flow for APIs, Services, Apps, ... - * This endpoint initiates a verification flow for API clients such as mobile devices, smart TVs, and so on. + - InitializeSelfServiceVerificationFlowWithoutBrowser Initialize Verification Flow for APIs, Services, Apps, ... + - This endpoint initiates a verification flow for API clients such as mobile devices, smart TVs, and so on. To fetch an existing verification flow call `/self-service/verification/flows?flow=`. @@ -5400,8 +5408,8 @@ you vulnerable to a variety of CSRF attacks. This endpoint MUST ONLY be used in scenarios such as native mobile apps (React Native, Objective C, Swift, Java, ...). More information can be found at [Ory Kratos Email and Phone Verification Documentation](https://www.ory.sh/docs/kratos/self-service/flows/verify-email-account-activation). - * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - * @return V0alpha2ApiApiInitializeSelfServiceVerificationFlowWithoutBrowserRequest + - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + - @return V0alpha2ApiApiInitializeSelfServiceVerificationFlowWithoutBrowserRequest */ func (a *V0alpha2ApiService) InitializeSelfServiceVerificationFlowWithoutBrowser(ctx context.Context) V0alpha2ApiApiInitializeSelfServiceVerificationFlowWithoutBrowserRequest { return V0alpha2ApiApiInitializeSelfServiceVerificationFlowWithoutBrowserRequest{ @@ -5666,12 +5674,12 @@ func (r V0alpha2ApiApiListSessionsRequest) Execute() ([]Session, *http.Response, } /* - * ListSessions This endpoints returns all other active sessions that belong to the logged-in user. The current session can be retrieved by calling the `/sessions/whoami` endpoint. - * This endpoint is useful for: + - ListSessions This endpoints returns all other active sessions that belong to the logged-in user. The current session can be retrieved by calling the `/sessions/whoami` endpoint. + - This endpoint is useful for: Displaying all other sessions that belong to the logged-in user - * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - * @return V0alpha2ApiApiListSessionsRequest + - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + - @return V0alpha2ApiApiListSessionsRequest */ func (a *V0alpha2ApiService) ListSessions(ctx context.Context) V0alpha2ApiApiListSessionsRequest { return V0alpha2ApiApiListSessionsRequest{ @@ -5821,13 +5829,13 @@ func (r V0alpha2ApiApiRevokeSessionRequest) Execute() (*http.Response, error) { } /* - * RevokeSession Calling this endpoint invalidates the specified session. The current session cannot be revoked. Session data are not deleted. - * This endpoint is useful for: + - RevokeSession Calling this endpoint invalidates the specified session. The current session cannot be revoked. Session data are not deleted. + - This endpoint is useful for: To forcefully logout the current user from another device or session - * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - * @param id ID is the session's ID. - * @return V0alpha2ApiApiRevokeSessionRequest + - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + - @param id ID is the session's ID. + - @return V0alpha2ApiApiRevokeSessionRequest */ func (a *V0alpha2ApiService) RevokeSession(ctx context.Context, id string) V0alpha2ApiApiRevokeSessionRequest { return V0alpha2ApiApiRevokeSessionRequest{ @@ -5956,12 +5964,12 @@ func (r V0alpha2ApiApiRevokeSessionsRequest) Execute() (*RevokedSessions, *http. } /* - * RevokeSessions Calling this endpoint invalidates all except the current session that belong to the logged-in user. Session data are not deleted. - * This endpoint is useful for: + - RevokeSessions Calling this endpoint invalidates all except the current session that belong to the logged-in user. Session data are not deleted. + - This endpoint is useful for: To forcefully logout the current user from all other devices and sessions - * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - * @return V0alpha2ApiApiRevokeSessionsRequest + - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + - @return V0alpha2ApiApiRevokeSessionsRequest */ func (a *V0alpha2ApiService) RevokeSessions(ctx context.Context) V0alpha2ApiApiRevokeSessionsRequest { return V0alpha2ApiApiRevokeSessionsRequest{ @@ -6125,8 +6133,8 @@ func (r V0alpha2ApiApiSubmitSelfServiceLoginFlowRequest) Execute() (*SuccessfulS } /* - * SubmitSelfServiceLoginFlow Submit a Login Flow - * :::info + - SubmitSelfServiceLoginFlow Submit a Login Flow + - :::info This endpoint is EXPERIMENTAL and subject to potential breaking changes in the future. @@ -6159,8 +6167,8 @@ case of an error, the `error.id` of the JSON response body can be one of: Most likely used in Social Sign In flows. More information can be found at [Ory Kratos User Login](https://www.ory.sh/docs/kratos/self-service/flows/user-login) and [User Registration Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-registration). - * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - * @return V0alpha2ApiApiSubmitSelfServiceLoginFlowRequest + - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + - @return V0alpha2ApiApiSubmitSelfServiceLoginFlowRequest */ func (a *V0alpha2ApiService) SubmitSelfServiceLoginFlow(ctx context.Context) V0alpha2ApiApiSubmitSelfServiceLoginFlowRequest { return V0alpha2ApiApiSubmitSelfServiceLoginFlowRequest{ @@ -6323,8 +6331,8 @@ func (r V0alpha2ApiApiSubmitSelfServiceLogoutFlowRequest) Execute() (*http.Respo } /* - * SubmitSelfServiceLogoutFlow Complete Self-Service Logout - * This endpoint logs out an identity in a self-service manner. + - SubmitSelfServiceLogoutFlow Complete Self-Service Logout + - This endpoint logs out an identity in a self-service manner. If the `Accept` HTTP header is not set to `application/json`, the browser will be redirected (HTTP 303 See Other) to the `return_to` parameter of the initial request or fall back to `urls.default_return_to`. @@ -6337,8 +6345,8 @@ with browsers (Chrome, Firefox, ...). For API clients you can call the `/self-service/logout/api` URL directly with the Ory Session Token. More information can be found at [Ory Kratos User Logout Documentation](https://www.ory.sh/docs/next/kratos/self-service/flows/user-logout). - * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - * @return V0alpha2ApiApiSubmitSelfServiceLogoutFlowRequest + - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + - @return V0alpha2ApiApiSubmitSelfServiceLogoutFlowRequest */ func (a *V0alpha2ApiService) SubmitSelfServiceLogoutFlow(ctx context.Context) V0alpha2ApiApiSubmitSelfServiceLogoutFlowRequest { return V0alpha2ApiApiSubmitSelfServiceLogoutFlowRequest{ @@ -6446,8 +6454,9 @@ func (r V0alpha2ApiApiSubmitSelfServiceLogoutFlowWithoutBrowserRequest) Execute( } /* - * SubmitSelfServiceLogoutFlowWithoutBrowser Perform Logout for APIs, Services, Apps, ... - * Use this endpoint to log out an identity using an Ory Session Token. If the Ory Session Token was successfully + - SubmitSelfServiceLogoutFlowWithoutBrowser Perform Logout for APIs, Services, Apps, ... + - Use this endpoint to log out an identity using an Ory Session Token. If the Ory Session Token was successfully + revoked, the server returns a 204 No Content response. A 204 No Content response is also sent when the Ory Session Token has been revoked already before. @@ -6455,8 +6464,8 @@ If the Ory Session Token is malformed or does not exist a 403 Forbidden response This endpoint does not remove any HTTP Cookies - use the Browser-Based Self-Service Logout Flow instead. - * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - * @return V0alpha2ApiApiSubmitSelfServiceLogoutFlowWithoutBrowserRequest + - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + - @return V0alpha2ApiApiSubmitSelfServiceLogoutFlowWithoutBrowserRequest */ func (a *V0alpha2ApiService) SubmitSelfServiceLogoutFlowWithoutBrowser(ctx context.Context) V0alpha2ApiApiSubmitSelfServiceLogoutFlowWithoutBrowserRequest { return V0alpha2ApiApiSubmitSelfServiceLogoutFlowWithoutBrowserRequest{ @@ -6588,8 +6597,9 @@ func (r V0alpha2ApiApiSubmitSelfServiceRecoveryFlowRequest) Execute() (*SelfServ } /* - * SubmitSelfServiceRecoveryFlow Complete Recovery Flow - * Use this endpoint to complete a recovery flow. This endpoint + - SubmitSelfServiceRecoveryFlow Complete Recovery Flow + - Use this endpoint to complete a recovery flow. This endpoint + behaves differently for API and browser flows and has several states: `choose_method` expects `flow` (in the URL query) and `email` (in the body) to be sent @@ -6605,8 +6615,8 @@ does not have any API capabilities. The server responds with a HTTP 303 See Othe a new Recovery Flow ID which contains an error message that the recovery link was invalid. More information can be found at [Ory Kratos Account Recovery Documentation](../self-service/flows/account-recovery). - * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - * @return V0alpha2ApiApiSubmitSelfServiceRecoveryFlowRequest + - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + - @return V0alpha2ApiApiSubmitSelfServiceRecoveryFlowRequest */ func (a *V0alpha2ApiService) SubmitSelfServiceRecoveryFlow(ctx context.Context) V0alpha2ApiApiSubmitSelfServiceRecoveryFlowRequest { return V0alpha2ApiApiSubmitSelfServiceRecoveryFlowRequest{ @@ -6764,8 +6774,9 @@ func (r V0alpha2ApiApiSubmitSelfServiceRegistrationFlowRequest) Execute() (*Succ } /* - * SubmitSelfServiceRegistrationFlow Submit a Registration Flow - * Use this endpoint to complete a registration flow by sending an identity's traits and password. This endpoint + - SubmitSelfServiceRegistrationFlow Submit a Registration Flow + - Use this endpoint to complete a registration flow by sending an identity's traits and password. This endpoint + behaves differently for API and browser flows. API flows expect `application/json` to be sent in the body and respond with @@ -6793,8 +6804,8 @@ case of an error, the `error.id` of the JSON response body can be one of: Most likely used in Social Sign In flows. More information can be found at [Ory Kratos User Login](https://www.ory.sh/docs/kratos/self-service/flows/user-login) and [User Registration Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-registration). - * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - * @return V0alpha2ApiApiSubmitSelfServiceRegistrationFlowRequest + - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + - @return V0alpha2ApiApiSubmitSelfServiceRegistrationFlowRequest */ func (a *V0alpha2ApiService) SubmitSelfServiceRegistrationFlow(ctx context.Context) V0alpha2ApiApiSubmitSelfServiceRegistrationFlowRequest { return V0alpha2ApiApiSubmitSelfServiceRegistrationFlowRequest{ @@ -6964,8 +6975,9 @@ func (r V0alpha2ApiApiSubmitSelfServiceSettingsFlowRequest) Execute() (*SelfServ } /* - * SubmitSelfServiceSettingsFlow Complete Settings Flow - * Use this endpoint to complete a settings flow by sending an identity's updated password. This endpoint + - SubmitSelfServiceSettingsFlow Complete Settings Flow + - Use this endpoint to complete a settings flow by sending an identity's updated password. This endpoint + behaves differently for API and browser flows. API-initiated flows expect `application/json` to be sent in the body and respond with @@ -7008,8 +7020,8 @@ identity logged in instead. Most likely used in Social Sign In flows. More information can be found at [Ory Kratos User Settings & Profile Management Documentation](../self-service/flows/user-settings). - * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - * @return V0alpha2ApiApiSubmitSelfServiceSettingsFlowRequest + - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + - @return V0alpha2ApiApiSubmitSelfServiceSettingsFlowRequest */ func (a *V0alpha2ApiService) SubmitSelfServiceSettingsFlow(ctx context.Context) V0alpha2ApiApiSubmitSelfServiceSettingsFlowRequest { return V0alpha2ApiApiSubmitSelfServiceSettingsFlowRequest{ @@ -7202,8 +7214,9 @@ func (r V0alpha2ApiApiSubmitSelfServiceVerificationFlowRequest) Execute() (*Self } /* - * SubmitSelfServiceVerificationFlow Complete Verification Flow - * Use this endpoint to complete a verification flow. This endpoint + - SubmitSelfServiceVerificationFlow Complete Verification Flow + - Use this endpoint to complete a verification flow. This endpoint + behaves differently for API and browser flows and has several states: `choose_method` expects `flow` (in the URL query) and `email` (in the body) to be sent @@ -7219,8 +7232,8 @@ does not have any API capabilities. The server responds with a HTTP 303 See Othe a new Verification Flow ID which contains an error message that the verification link was invalid. More information can be found at [Ory Kratos Email and Phone Verification Documentation](https://www.ory.sh/docs/kratos/selfservice/flows/verify-email-account-activation). - * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - * @return V0alpha2ApiApiSubmitSelfServiceVerificationFlowRequest + - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + - @return V0alpha2ApiApiSubmitSelfServiceVerificationFlowRequest */ func (a *V0alpha2ApiService) SubmitSelfServiceVerificationFlow(ctx context.Context) V0alpha2ApiApiSubmitSelfServiceVerificationFlowRequest { return V0alpha2ApiApiSubmitSelfServiceVerificationFlowRequest{ @@ -7373,8 +7386,9 @@ func (r V0alpha2ApiApiToSessionRequest) Execute() (*Session, *http.Response, err } /* - * ToSession Check Who the Current HTTP Session Belongs To - * Uses the HTTP Headers in the GET request to determine (e.g. by using checking the cookies) who is authenticated. + - ToSession Check Who the Current HTTP Session Belongs To + - Uses the HTTP Headers in the GET request to determine (e.g. by using checking the cookies) who is authenticated. + Returns a session object in the body or 401 if the credentials are invalid or no credentials were sent. Additionally when the request it successful it adds the user ID to the 'X-Kratos-Authenticated-Identity-Id' header in the response. @@ -7411,7 +7425,7 @@ AJAX calls. Remember to send credentials and set up CORS correctly! Reverse proxies and API Gateways Server-side calls - use the `X-Session-Token` header! -This endpoint authenticates users by checking +# This endpoint authenticates users by checking if the `Cookie` HTTP header was set containing an Ory Kratos Session Cookie; if the `Authorization: bearer ` HTTP header was set with a valid Ory Kratos Session Token; @@ -7423,8 +7437,8 @@ As explained above, this request may fail due to several reasons. The `error.id` `session_inactive`: No active session was found in the request (e.g. no Ory Session Cookie / Ory Session Token). `session_aal2_required`: An active session was found but it does not fulfil the Authenticator Assurance Level, implying that the session must (e.g.) authenticate the second factor. - * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - * @return V0alpha2ApiApiToSessionRequest + - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + - @return V0alpha2ApiApiToSessionRequest */ func (a *V0alpha2ApiService) ToSession(ctx context.Context) V0alpha2ApiApiToSessionRequest { return V0alpha2ApiApiToSessionRequest{ diff --git a/schema/handler.go b/schema/handler.go index 7bea24ece3ee..41396047fef3 100644 --- a/schema/handler.go +++ b/schema/handler.go @@ -79,15 +79,15 @@ type getIdentitySchema struct { // // Get a JSON Schema // -// Produces: -// - application/json +// Produces: +// - application/json // -// Schemes: http, https +// Schemes: http, https // -// Responses: -// 200: identitySchema -// 404: jsonError -// 500: jsonError +// Responses: +// 200: identitySchema +// 404: jsonError +// 500: jsonError func (h *Handler) getIdentitySchema(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { ss, err := h.r.IdentityTraitsSchemas(r.Context()) if err != nil { @@ -147,14 +147,14 @@ type listIdentitySchemas struct { // // Get all Identity Schemas // -// Produces: -// - application/json +// Produces: +// - application/json // -// Schemes: http, https +// Schemes: http, https // -// Responses: -// 200: identitySchemas -// 500: jsonError +// Responses: +// 200: identitySchemas +// 500: jsonError func (h *Handler) getAll(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { page, itemsPerPage := x.ParsePagination(r) diff --git a/selfservice/errorx/handler.go b/selfservice/errorx/handler.go index a61dede3734f..b34341d29998 100644 --- a/selfservice/errorx/handler.go +++ b/selfservice/errorx/handler.go @@ -64,7 +64,7 @@ type getSelfServiceError struct { // swagger:route GET /self-service/errors v0alpha2 getSelfServiceError // -// Get Self-Service Errors +// # Get Self-Service Errors // // This endpoint returns the error associated with a user-facing self service errors. // @@ -74,16 +74,16 @@ type getSelfServiceError struct { // // More information can be found at [Ory Kratos User User Facing Error Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-facing-errors). // -// Produces: -// - application/json +// Produces: +// - application/json // -// Schemes: http, https +// Schemes: http, https // -// Responses: -// 200: selfServiceError -// 403: jsonError -// 404: jsonError -// 500: jsonError +// Responses: +// 200: selfServiceError +// 403: jsonError +// 404: jsonError +// 500: jsonError func (h *Handler) publicFetchError(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { if err := h.fetchError(w, r); err != nil { h.r.Writer().WriteError(w, r, err) diff --git a/selfservice/flow/login/handler.go b/selfservice/flow/login/handler.go index 4589e19c5065..d7447fceabae 100644 --- a/selfservice/flow/login/handler.go +++ b/selfservice/flow/login/handler.go @@ -257,15 +257,15 @@ type initializeSelfServiceLoginFlowWithoutBrowser struct { // // More information can be found at [Ory Kratos User Login](https://www.ory.sh/docs/kratos/self-service/flows/user-login) and [User Registration Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-registration). // -// Produces: -// - application/json +// Produces: +// - application/json // -// Schemes: http, https +// Schemes: http, https // -// Responses: -// 200: selfServiceLoginFlow -// 400: jsonError -// 500: jsonError +// Responses: +// 200: selfServiceLoginFlow +// 400: jsonError +// 500: jsonError func (h *Handler) initAPIFlow(w http.ResponseWriter, r *http.Request, _ httprouter.Params) { f, err := h.NewLoginFlow(w, r, flow.TypeAPI) if err != nil { @@ -306,7 +306,7 @@ type initializeSelfServiceLoginFlowForBrowsers struct { // swagger:route GET /self-service/login/browser v0alpha2 initializeSelfServiceLoginFlowForBrowsers // -// Initialize Login Flow for Browsers +// # Initialize Login Flow for Browsers // // This endpoint initializes a browser-based user login flow. This endpoint will set the appropriate // cookies and anti-CSRF measures required for browser-based flows. @@ -328,16 +328,16 @@ type initializeSelfServiceLoginFlowForBrowsers struct { // // More information can be found at [Ory Kratos User Login](https://www.ory.sh/docs/kratos/self-service/flows/user-login) and [User Registration Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-registration). // -// Produces: -// - application/json +// Produces: +// - application/json // -// Schemes: http, https +// Schemes: http, https // -// Responses: -// 200: selfServiceLoginFlow -// 303: emptyResponse -// 400: jsonError -// 500: jsonError +// Responses: +// 200: selfServiceLoginFlow +// 303: emptyResponse +// 400: jsonError +// 500: jsonError func (h *Handler) initBrowserFlow(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { a, err := h.NewLoginFlow(w, r, flow.TypeBrowser) if errors.Is(err, ErrAlreadyLoggedIn) { @@ -384,7 +384,7 @@ type getSelfServiceLoginFlow struct { // swagger:route GET /self-service/login/flows v0alpha2 getSelfServiceLoginFlow // -// Get Login Flow +// # Get Login Flow // // This endpoint returns a login flow's context with, for example, error details and other information. // @@ -394,14 +394,14 @@ type getSelfServiceLoginFlow struct { // If you use the browser-flow for server-side apps, the services need to run on a common top-level-domain // and you need to forward the incoming HTTP Cookie header to this endpoint: // -// ```js -// // pseudo-code example -// router.get('/login', async function (req, res) { -// const flow = await client.getSelfServiceLoginFlow(req.header('cookie'), req.query['flow']) +// ```js +// // pseudo-code example +// router.get('/login', async function (req, res) { +// const flow = await client.getSelfServiceLoginFlow(req.header('cookie'), req.query['flow']) // -// res.render('login', flow) -// }) -// ``` +// res.render('login', flow) +// }) +// ``` // // This request may fail due to several reasons. The `error.id` can be one of: // @@ -410,17 +410,17 @@ type getSelfServiceLoginFlow struct { // // More information can be found at [Ory Kratos User Login](https://www.ory.sh/docs/kratos/self-service/flows/user-login) and [User Registration Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-registration). // -// Produces: -// - application/json +// Produces: +// - application/json // -// Schemes: http, https +// Schemes: http, https // -// Responses: -// 200: selfServiceLoginFlow -// 403: jsonError -// 404: jsonError -// 410: jsonError -// 500: jsonError +// Responses: +// 200: selfServiceLoginFlow +// 403: jsonError +// 404: jsonError +// 410: jsonError +// 500: jsonError func (h *Handler) fetchFlow(w http.ResponseWriter, r *http.Request, _ httprouter.Params) { ar, err := h.d.LoginFlowPersister().GetLoginFlow(r.Context(), x.ParseUUID(r.URL.Query().Get("id"))) if err != nil { @@ -492,7 +492,7 @@ type submitSelfServiceLoginFlowBody struct{} // swagger:route POST /self-service/login v0alpha2 submitSelfServiceLoginFlow // -// Submit a Login Flow +// # Submit a Login Flow // // :::info // @@ -520,33 +520,33 @@ type submitSelfServiceLoginFlowBody struct{} // If this endpoint is called with `Accept: application/json` in the header, the response contains the flow without a redirect. In the // case of an error, the `error.id` of the JSON response body can be one of: // -// - `session_already_available`: The user is already signed in. -// - `security_csrf_violation`: Unable to fetch the flow because a CSRF violation occurred. -// - `security_identity_mismatch`: The requested `?return_to` address is not allowed to be used. Adjust this in the configuration! -// - `browser_location_change_required`: Usually sent when an AJAX request indicates that the browser needs to open a specific URL. -// Most likely used in Social Sign In flows. +// - `session_already_available`: The user is already signed in. +// - `security_csrf_violation`: Unable to fetch the flow because a CSRF violation occurred. +// - `security_identity_mismatch`: The requested `?return_to` address is not allowed to be used. Adjust this in the configuration! +// - `browser_location_change_required`: Usually sent when an AJAX request indicates that the browser needs to open a specific URL. +// Most likely used in Social Sign In flows. // // More information can be found at [Ory Kratos User Login](https://www.ory.sh/docs/kratos/self-service/flows/user-login) and [User Registration Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-registration). // -// Schemes: http, https +// Schemes: http, https // -// Consumes: -// - application/json -// - application/x-www-form-urlencoded +// Consumes: +// - application/json +// - application/x-www-form-urlencoded // -// Produces: -// - application/json +// Produces: +// - application/json // -// Header: -// - Set-Cookie +// Header: +// - Set-Cookie // -// Responses: -// 200: successfulSelfServiceLoginWithoutBrowser -// 303: emptyResponse -// 400: selfServiceLoginFlow -// 410: jsonError -// 422: selfServiceBrowserLocationChangeRequiredError -// 500: jsonError +// Responses: +// 200: successfulSelfServiceLoginWithoutBrowser +// 303: emptyResponse +// 400: selfServiceLoginFlow +// 410: jsonError +// 422: selfServiceBrowserLocationChangeRequiredError +// 500: jsonError func (h *Handler) submitFlow(w http.ResponseWriter, r *http.Request, _ httprouter.Params) { rid, err := flow.GetFlowID(r) if err != nil { diff --git a/selfservice/flow/logout/handler.go b/selfservice/flow/logout/handler.go index 5c6dd2197cd9..2067f9f18434 100644 --- a/selfservice/flow/logout/handler.go +++ b/selfservice/flow/logout/handler.go @@ -93,7 +93,7 @@ type createSelfServiceLogoutFlowUrlForBrowsers struct { // swagger:route GET /self-service/logout/browser v0alpha2 createSelfServiceLogoutFlowUrlForBrowsers // -// Create a Logout URL for Browsers +// # Create a Logout URL for Browsers // // This endpoint initializes a browser-based user logout flow and a URL which can be used to log out the user. // @@ -106,15 +106,15 @@ type createSelfServiceLogoutFlowUrlForBrowsers struct { // // When calling this endpoint from a backend, please ensure to properly forward the HTTP cookies. // -// Produces: -// - application/json +// Produces: +// - application/json // -// Schemes: http, https +// Schemes: http, https // -// Responses: -// 200: selfServiceLogoutUrl -// 401: jsonError -// 500: jsonError +// Responses: +// 200: selfServiceLogoutUrl +// 401: jsonError +// 500: jsonError func (h *Handler) createSelfServiceLogoutUrlForBrowsers(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { sess, err := h.d.SessionManager().FetchFromRequest(r.Context(), r) if err != nil { @@ -161,18 +161,18 @@ type submitSelfServiceLogoutFlowWithoutBrowserBody struct { // This endpoint does not remove any HTTP // Cookies - use the Browser-Based Self-Service Logout Flow instead. // -// Consumes: -// - application/json +// Consumes: +// - application/json // -// Produces: -// - application/json +// Produces: +// - application/json // -// Schemes: http, https +// Schemes: http, https // -// Responses: -// 204: emptyResponse -// 400: jsonError -// 500: jsonError +// Responses: +// 204: emptyResponse +// 400: jsonError +// 500: jsonError func (h *Handler) submitSelfServiceLogoutFlowWithoutBrowser(w http.ResponseWriter, r *http.Request, _ httprouter.Params) { var p submitSelfServiceLogoutFlowWithoutBrowserBody if err := h.dx.Decode(r, &p, @@ -214,7 +214,7 @@ type submitSelfServiceLogoutFlow struct { // swagger:route GET /self-service/logout v0alpha2 submitSelfServiceLogoutFlow // -// Complete Self-Service Logout +// # Complete Self-Service Logout // // This endpoint logs out an identity in a self-service manner. // @@ -230,15 +230,15 @@ type submitSelfServiceLogoutFlow struct { // // More information can be found at [Ory Kratos User Logout Documentation](https://www.ory.sh/docs/next/kratos/self-service/flows/user-logout). // -// Produces: -// - application/json +// Produces: +// - application/json // -// Schemes: http, https +// Schemes: http, https // -// Responses: -// 303: emptyResponse -// 204: emptyResponse -// 500: jsonError +// Responses: +// 303: emptyResponse +// 204: emptyResponse +// 500: jsonError func (h *Handler) submitLogout(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { expected := r.URL.Query().Get("token") if len(expected) == 0 { diff --git a/selfservice/flow/recovery/handler.go b/selfservice/flow/recovery/handler.go index f7fae3a10cb6..54ff160d4387 100644 --- a/selfservice/flow/recovery/handler.go +++ b/selfservice/flow/recovery/handler.go @@ -107,15 +107,14 @@ func (h *Handler) RegisterAdminRoutes(admin *x.RouterAdmin) { // // This endpoint MUST ONLY be used in scenarios such as native mobile apps (React Native, Objective C, Swift, Java, ...). // -// // More information can be found at [Ory Kratos Account Recovery Documentation](../self-service/flows/account-recovery). // -// Schemes: http, https +// Schemes: http, https // -// Responses: -// 200: selfServiceRecoveryFlow -// 500: jsonError -// 400: jsonError +// Responses: +// 200: selfServiceRecoveryFlow +// 500: jsonError +// 400: jsonError func (h *Handler) initAPIFlow(w http.ResponseWriter, r *http.Request, _ httprouter.Params) { if !h.d.Config(r.Context()).SelfServiceFlowRecoveryEnabled() { h.d.SelfServiceErrorManager().Forward(r.Context(), w, r, errors.WithStack(herodot.ErrBadRequest.WithReasonf("Recovery is not allowed because it was disabled."))) @@ -147,7 +146,7 @@ type initializeSelfServiceRecoveryFlowWithoutBrowser struct { // swagger:route GET /self-service/recovery/browser v0alpha2 initializeSelfServiceRecoveryFlowForBrowsers // -// Initialize Recovery Flow for Browsers +// # Initialize Recovery Flow for Browsers // // This endpoint initializes a browser-based account recovery flow. Once initialized, the browser will be redirected to // `selfservice.flows.recovery.ui_url` with the flow ID set as the query parameter `?flow=`. If a valid user session @@ -160,13 +159,13 @@ type initializeSelfServiceRecoveryFlowWithoutBrowser struct { // // More information can be found at [Ory Kratos Account Recovery Documentation](../self-service/flows/account-recovery). // -// Schemes: http, https +// Schemes: http, https // -// Responses: -// 200: selfServiceRecoveryFlow -// 303: emptyResponse -// 400: jsonError -// 500: jsonError +// Responses: +// 200: selfServiceRecoveryFlow +// 303: emptyResponse +// 400: jsonError +// 500: jsonError func (h *Handler) initBrowserFlow(w http.ResponseWriter, r *http.Request, _ httprouter.Params) { if !h.d.Config(r.Context()).SelfServiceFlowRecoveryEnabled() { h.d.SelfServiceErrorManager().Forward(r.Context(), w, r, errors.WithStack(herodot.ErrBadRequest.WithReasonf("Recovery is not allowed because it was disabled."))) @@ -212,7 +211,7 @@ type getSelfServiceRecoveryFlow struct { // swagger:route GET /self-service/recovery/flows v0alpha2 getSelfServiceRecoveryFlow // -// Get Recovery Flow +// # Get Recovery Flow // // This endpoint returns a recovery flow's context with, for example, error details and other information. // @@ -222,27 +221,27 @@ type getSelfServiceRecoveryFlow struct { // If you use the browser-flow for server-side apps, the services need to run on a common top-level-domain // and you need to forward the incoming HTTP Cookie header to this endpoint: // -// ```js -// // pseudo-code example -// router.get('/recovery', async function (req, res) { -// const flow = await client.getSelfServiceRecoveryFlow(req.header('Cookie'), req.query['flow']) +// ```js +// // pseudo-code example +// router.get('/recovery', async function (req, res) { +// const flow = await client.getSelfServiceRecoveryFlow(req.header('Cookie'), req.query['flow']) // -// res.render('recovery', flow) -// }) -// ``` +// res.render('recovery', flow) +// }) +// ``` // // More information can be found at [Ory Kratos Account Recovery Documentation](../self-service/flows/account-recovery). // -// Produces: -// - application/json +// Produces: +// - application/json // -// Schemes: http, https +// Schemes: http, https // -// Responses: -// 200: selfServiceRecoveryFlow -// 404: jsonError -// 410: jsonError -// 500: jsonError +// Responses: +// 200: selfServiceRecoveryFlow +// 404: jsonError +// 410: jsonError +// 500: jsonError func (h *Handler) fetch(w http.ResponseWriter, r *http.Request, _ httprouter.Params) { if !h.d.Config(r.Context()).SelfServiceFlowRecoveryEnabled() { h.d.SelfServiceErrorManager().Forward(r.Context(), w, r, errors.WithStack(herodot.ErrBadRequest.WithReasonf("Recovery is not allowed because it was disabled."))) @@ -325,40 +324,40 @@ type submitSelfServiceRecoveryFlowBody struct{} // swagger:route POST /self-service/recovery v0alpha2 submitSelfServiceRecoveryFlow // -// Complete Recovery Flow +// # Complete Recovery Flow // // Use this endpoint to complete a recovery flow. This endpoint // behaves differently for API and browser flows and has several states: // -// - `choose_method` expects `flow` (in the URL query) and `email` (in the body) to be sent -// and works with API- and Browser-initiated flows. -// - For API clients and Browser clients with HTTP Header `Accept: application/json` it either returns a HTTP 200 OK when the form is valid and HTTP 400 OK when the form is invalid. +// - `choose_method` expects `flow` (in the URL query) and `email` (in the body) to be sent +// and works with API- and Browser-initiated flows. +// - For API clients and Browser clients with HTTP Header `Accept: application/json` it either returns a HTTP 200 OK when the form is valid and HTTP 400 OK when the form is invalid. // and a HTTP 303 See Other redirect with a fresh recovery flow if the flow was otherwise invalid (e.g. expired). -// - For Browser clients without HTTP Header `Accept` or with `Accept: text/*` it returns a HTTP 303 See Other redirect to the Recovery UI URL with the Recovery Flow ID appended. -// - `sent_email` is the success state after `choose_method` for the `link` method and allows the user to request another recovery email. It -// works for both API and Browser-initiated flows and returns the same responses as the flow in `choose_method` state. -// - `passed_challenge` expects a `token` to be sent in the URL query and given the nature of the flow ("sending a recovery link") -// does not have any API capabilities. The server responds with a HTTP 303 See Other redirect either to the Settings UI URL -// (if the link was valid) and instructs the user to update their password, or a redirect to the Recover UI URL with -// a new Recovery Flow ID which contains an error message that the recovery link was invalid. +// - For Browser clients without HTTP Header `Accept` or with `Accept: text/*` it returns a HTTP 303 See Other redirect to the Recovery UI URL with the Recovery Flow ID appended. +// - `sent_email` is the success state after `choose_method` for the `link` method and allows the user to request another recovery email. It +// works for both API and Browser-initiated flows and returns the same responses as the flow in `choose_method` state. +// - `passed_challenge` expects a `token` to be sent in the URL query and given the nature of the flow ("sending a recovery link") +// does not have any API capabilities. The server responds with a HTTP 303 See Other redirect either to the Settings UI URL +// (if the link was valid) and instructs the user to update their password, or a redirect to the Recover UI URL with +// a new Recovery Flow ID which contains an error message that the recovery link was invalid. // // More information can be found at [Ory Kratos Account Recovery Documentation](../self-service/flows/account-recovery). // -// Consumes: -// - application/json -// - application/x-www-form-urlencoded +// Consumes: +// - application/json +// - application/x-www-form-urlencoded // -// Produces: -// - application/json +// Produces: +// - application/json // -// Schemes: http, https +// Schemes: http, https // -// Responses: -// 200: selfServiceRecoveryFlow -// 303: emptyResponse -// 400: selfServiceRecoveryFlow -// 410: jsonError -// 500: jsonError +// Responses: +// 200: selfServiceRecoveryFlow +// 303: emptyResponse +// 400: selfServiceRecoveryFlow +// 410: jsonError +// 500: jsonError func (h *Handler) submitFlow(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { rid, err := flow.GetFlowID(r) if err != nil { diff --git a/selfservice/flow/registration/handler.go b/selfservice/flow/registration/handler.go index 490d6ea98974..ce04acec3e39 100644 --- a/selfservice/flow/registration/handler.go +++ b/selfservice/flow/registration/handler.go @@ -172,12 +172,12 @@ func (h *Handler) FromOldFlow(w http.ResponseWriter, r *http.Request, of Flow) ( // // More information can be found at [Ory Kratos User Login](https://www.ory.sh/docs/kratos/self-service/flows/user-login) and [User Registration Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-registration). // -// Schemes: http, https +// Schemes: http, https // -// Responses: -// 200: selfServiceRegistrationFlow -// 400: jsonError -// 500: jsonError +// Responses: +// 200: selfServiceRegistrationFlow +// 400: jsonError +// 500: jsonError func (h *Handler) initApiFlow(w http.ResponseWriter, r *http.Request, _ httprouter.Params) { a, err := h.NewRegistrationFlow(w, r, flow.TypeAPI) if err != nil { @@ -199,7 +199,7 @@ type initializeSelfServiceRegistrationFlowForBrowsers struct { // swagger:route GET /self-service/registration/browser v0alpha2 initializeSelfServiceRegistrationFlowForBrowsers // -// Initialize Registration Flow for Browsers +// # Initialize Registration Flow for Browsers // // This endpoint initializes a browser-based user registration flow. This endpoint will set the appropriate // cookies and anti-CSRF measures required for browser-based flows. @@ -227,15 +227,15 @@ type initializeSelfServiceRegistrationFlowForBrowsers struct { // // More information can be found at [Ory Kratos User Login](https://www.ory.sh/docs/kratos/self-service/flows/user-login) and [User Registration Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-registration). // -// Schemes: http, https +// Schemes: http, https // -// Produces: -// - application/json +// Produces: +// - application/json // -// Responses: -// 200: selfServiceRegistrationFlow -// 303: emptyResponse -// 500: jsonError +// Responses: +// 200: selfServiceRegistrationFlow +// 303: emptyResponse +// 500: jsonError func (h *Handler) initBrowserFlow(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { a, err := h.NewRegistrationFlow(w, r, flow.TypeBrowser) if err != nil { @@ -281,7 +281,7 @@ type getSelfServiceRegistrationFlow struct { // swagger:route GET /self-service/registration/flows v0alpha2 getSelfServiceRegistrationFlow // -// Get Registration Flow +// # Get Registration Flow // // This endpoint returns a registration flow's context with, for example, error details and other information. // @@ -291,14 +291,14 @@ type getSelfServiceRegistrationFlow struct { // If you use the browser-flow for server-side apps, the services need to run on a common top-level-domain // and you need to forward the incoming HTTP Cookie header to this endpoint: // -// ```js -// // pseudo-code example -// router.get('/registration', async function (req, res) { -// const flow = await client.getSelfServiceRegistrationFlow(req.header('cookie'), req.query['flow']) +// ```js +// // pseudo-code example +// router.get('/registration', async function (req, res) { +// const flow = await client.getSelfServiceRegistrationFlow(req.header('cookie'), req.query['flow']) // -// res.render('registration', flow) -// }) -// ``` +// res.render('registration', flow) +// }) +// ``` // // This request may fail due to several reasons. The `error.id` can be one of: // @@ -307,17 +307,17 @@ type getSelfServiceRegistrationFlow struct { // // More information can be found at [Ory Kratos User Login](https://www.ory.sh/docs/kratos/self-service/flows/user-login) and [User Registration Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-registration). // -// Produces: -// - application/json +// Produces: +// - application/json // -// Schemes: http, https +// Schemes: http, https // -// Responses: -// 200: selfServiceRegistrationFlow -// 403: jsonError -// 404: jsonError -// 410: jsonError -// 500: jsonError +// Responses: +// 200: selfServiceRegistrationFlow +// 403: jsonError +// 404: jsonError +// 410: jsonError +// 500: jsonError func (h *Handler) fetchFlow(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { if !h.d.Config(r.Context()).SelfServiceFlowRegistrationEnabled() { @@ -390,7 +390,7 @@ type submitSelfServiceRegistrationFlowBody struct{} // swagger:route POST /self-service/registration v0alpha2 submitSelfServiceRegistrationFlow // -// Submit a Registration Flow +// # Submit a Registration Flow // // Use this endpoint to complete a registration flow by sending an identity's traits and password. This endpoint // behaves differently for API and browser flows. @@ -413,30 +413,30 @@ type submitSelfServiceRegistrationFlowBody struct{} // If this endpoint is called with `Accept: application/json` in the header, the response contains the flow without a redirect. In the // case of an error, the `error.id` of the JSON response body can be one of: // -// - `session_already_available`: The user is already signed in. -// - `security_csrf_violation`: Unable to fetch the flow because a CSRF violation occurred. -// - `security_identity_mismatch`: The requested `?return_to` address is not allowed to be used. Adjust this in the configuration! -// - `browser_location_change_required`: Usually sent when an AJAX request indicates that the browser needs to open a specific URL. -// Most likely used in Social Sign In flows. +// - `session_already_available`: The user is already signed in. +// - `security_csrf_violation`: Unable to fetch the flow because a CSRF violation occurred. +// - `security_identity_mismatch`: The requested `?return_to` address is not allowed to be used. Adjust this in the configuration! +// - `browser_location_change_required`: Usually sent when an AJAX request indicates that the browser needs to open a specific URL. +// Most likely used in Social Sign In flows. // // More information can be found at [Ory Kratos User Login](https://www.ory.sh/docs/kratos/self-service/flows/user-login) and [User Registration Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-registration). // -// Schemes: http, https +// Schemes: http, https // -// Consumes: -// - application/json -// - application/x-www-form-urlencoded +// Consumes: +// - application/json +// - application/x-www-form-urlencoded // -// Produces: -// - application/json +// Produces: +// - application/json // -// Responses: -// 200: successfulSelfServiceRegistrationWithoutBrowser -// 303: emptyResponse -// 400: selfServiceRegistrationFlow -// 410: jsonError -// 422: selfServiceBrowserLocationChangeRequiredError -// 500: jsonError +// Responses: +// 200: successfulSelfServiceRegistrationWithoutBrowser +// 303: emptyResponse +// 400: selfServiceRegistrationFlow +// 410: jsonError +// 422: selfServiceBrowserLocationChangeRequiredError +// 500: jsonError func (h *Handler) submitFlow(w http.ResponseWriter, r *http.Request, _ httprouter.Params) { rid, err := flow.GetFlowID(r) if err != nil { diff --git a/selfservice/flow/settings/handler.go b/selfservice/flow/settings/handler.go index a2bbc1c640e4..ae576f010ffc 100644 --- a/selfservice/flow/settings/handler.go +++ b/selfservice/flow/settings/handler.go @@ -183,12 +183,12 @@ type initializeSelfServiceSettingsFlowWithoutBrowser struct { // // More information can be found at [Ory Kratos User Settings & Profile Management Documentation](../self-service/flows/user-settings). // -// Schemes: http, https +// Schemes: http, https // -// Responses: -// 200: selfServiceSettingsFlow -// 400: jsonError -// 500: jsonError +// Responses: +// 200: selfServiceSettingsFlow +// 400: jsonError +// 500: jsonError func (h *Handler) initApiFlow(w http.ResponseWriter, r *http.Request, _ httprouter.Params) { s, err := h.d.SessionManager().FetchFromRequest(r.Context(), r) if err != nil { @@ -221,7 +221,7 @@ type initializeSelfServiceSettingsFlowForBrowsers struct { // swagger:route GET /self-service/settings/browser v0alpha2 initializeSelfServiceSettingsFlowForBrowsers // -// Initialize Settings Flow for Browsers +// # Initialize Settings Flow for Browsers // // This endpoint initializes a browser-based user settings flow. Once initialized, the browser will be redirected to // `selfservice.flows.settings.ui_url` with the flow ID set as the query parameter `?flow=`. If no valid @@ -250,15 +250,15 @@ type initializeSelfServiceSettingsFlowForBrowsers struct { // // More information can be found at [Ory Kratos User Settings & Profile Management Documentation](../self-service/flows/user-settings). // -// Schemes: http, https +// Schemes: http, https // -// Responses: -// 200: selfServiceSettingsFlow -// 303: emptyResponse -// 400: jsonError -// 401: jsonError -// 403: jsonError -// 500: jsonError +// Responses: +// 200: selfServiceSettingsFlow +// 303: emptyResponse +// 400: jsonError +// 401: jsonError +// 403: jsonError +// 500: jsonError func (h *Handler) initBrowserFlow(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { s, err := h.d.SessionManager().FetchFromRequest(r.Context(), r) if err != nil { @@ -313,7 +313,7 @@ type getSelfServiceSettingsFlow struct { // swagger:route GET /self-service/settings/flows v0alpha2 getSelfServiceSettingsFlow // -// Get Settings Flow +// # Get Settings Flow // // When accessing this endpoint through Ory Kratos' Public API you must ensure that either the Ory Kratos Session Cookie // or the Ory Kratos Session Token are set. @@ -328,25 +328,25 @@ type getSelfServiceSettingsFlow struct { // If this endpoint is called via an AJAX request, the response contains the flow without a redirect. In the // case of an error, the `error.id` of the JSON response body can be one of: // -// - `security_csrf_violation`: Unable to fetch the flow because a CSRF violation occurred. -// - `session_inactive`: No Ory Session was found - sign in a user first. -// - `security_identity_mismatch`: The flow was interrupted with `session_refresh_required` but apparently some other -// identity logged in instead. +// - `security_csrf_violation`: Unable to fetch the flow because a CSRF violation occurred. +// - `session_inactive`: No Ory Session was found - sign in a user first. +// - `security_identity_mismatch`: The flow was interrupted with `session_refresh_required` but apparently some other +// identity logged in instead. // // More information can be found at [Ory Kratos User Settings & Profile Management Documentation](../self-service/flows/user-settings). // -// Produces: -// - application/json +// Produces: +// - application/json // -// Schemes: http, https +// Schemes: http, https // -// Responses: -// 200: selfServiceSettingsFlow -// 401: jsonError -// 403: jsonError -// 404: jsonError -// 410: jsonError -// 500: jsonError +// Responses: +// 200: selfServiceSettingsFlow +// 401: jsonError +// 403: jsonError +// 404: jsonError +// 410: jsonError +// 500: jsonError func (h *Handler) fetchPublicFlow(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { if err := h.fetchFlow(w, r); err != nil { h.d.Writer().WriteError(w, r, err) @@ -431,7 +431,7 @@ type submitSelfServiceSettingsFlowBody struct{} // swagger:route POST /self-service/settings v0alpha2 submitSelfServiceSettingsFlow // -// Complete Settings Flow +// # Complete Settings Flow // // Use this endpoint to complete a settings flow by sending an identity's updated password. This endpoint // behaves differently for API and browser flows. @@ -464,40 +464,40 @@ type submitSelfServiceSettingsFlowBody struct{} // If this endpoint is called with a `Accept: application/json` HTTP header, the response contains the flow without a redirect. In the // case of an error, the `error.id` of the JSON response body can be one of: // -// - `session_refresh_required`: The identity requested to change something that needs a privileged session. Redirect -// the identity to the login init endpoint with query parameters `?refresh=true&return_to=`, -// or initiate a refresh login flow otherwise. -// - `security_csrf_violation`: Unable to fetch the flow because a CSRF violation occurred. -// - `session_inactive`: No Ory Session was found - sign in a user first. -// - `security_identity_mismatch`: The flow was interrupted with `session_refresh_required` but apparently some other -// identity logged in instead. -// - `security_identity_mismatch`: The requested `?return_to` address is not allowed to be used. Adjust this in the configuration! -// - `browser_location_change_required`: Usually sent when an AJAX request indicates that the browser needs to open a specific URL. -// Most likely used in Social Sign In flows. +// - `session_refresh_required`: The identity requested to change something that needs a privileged session. Redirect +// the identity to the login init endpoint with query parameters `?refresh=true&return_to=`, +// or initiate a refresh login flow otherwise. +// - `security_csrf_violation`: Unable to fetch the flow because a CSRF violation occurred. +// - `session_inactive`: No Ory Session was found - sign in a user first. +// - `security_identity_mismatch`: The flow was interrupted with `session_refresh_required` but apparently some other +// identity logged in instead. +// - `security_identity_mismatch`: The requested `?return_to` address is not allowed to be used. Adjust this in the configuration! +// - `browser_location_change_required`: Usually sent when an AJAX request indicates that the browser needs to open a specific URL. +// Most likely used in Social Sign In flows. // // More information can be found at [Ory Kratos User Settings & Profile Management Documentation](../self-service/flows/user-settings). // -// Consumes: -// - application/json -// - application/x-www-form-urlencoded +// Consumes: +// - application/json +// - application/x-www-form-urlencoded // -// Produces: -// - application/json +// Produces: +// - application/json // -// Security: -// sessionToken: +// Security: +// sessionToken: // -// Schemes: http, https +// Schemes: http, https // -// Responses: -// 200: selfServiceSettingsFlow -// 303: emptyResponse -// 400: selfServiceSettingsFlow -// 401: jsonError -// 403: jsonError -// 410: jsonError -// 422: selfServiceBrowserLocationChangeRequiredError -// 500: jsonError +// Responses: +// 200: selfServiceSettingsFlow +// 303: emptyResponse +// 400: selfServiceSettingsFlow +// 401: jsonError +// 403: jsonError +// 410: jsonError +// 422: selfServiceBrowserLocationChangeRequiredError +// 500: jsonError func (h *Handler) submitSettingsFlow(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { rid, err := GetFlowID(r) if err != nil { diff --git a/selfservice/flow/settings/state.go b/selfservice/flow/settings/state.go index ca883c7948fe..96d4d3869c09 100644 --- a/selfservice/flow/settings/state.go +++ b/selfservice/flow/settings/state.go @@ -2,10 +2,10 @@ package settings // State represents the state of this flow. It knows two states: // -// - show_form: No user data has been collected, or it is invalid, and thus the form should be shown. -// - success: Indicates that the settings flow has been updated successfully with the provided data. -// Done will stay true when repeatedly checking. If set to true, done will revert back to false only -// when a flow with invalid (e.g. "please use a valid phone number") data was sent. +// - show_form: No user data has been collected, or it is invalid, and thus the form should be shown. +// - success: Indicates that the settings flow has been updated successfully with the provided data. +// Done will stay true when repeatedly checking. If set to true, done will revert back to false only +// when a flow with invalid (e.g. "please use a valid phone number") data was sent. // // swagger:model selfServiceSettingsFlowState type State string diff --git a/selfservice/flow/verification/handler.go b/selfservice/flow/verification/handler.go index dbd821288097..a389a70a00d3 100644 --- a/selfservice/flow/verification/handler.go +++ b/selfservice/flow/verification/handler.go @@ -96,12 +96,12 @@ func (h *Handler) RegisterAdminRoutes(admin *x.RouterAdmin) { // // More information can be found at [Ory Kratos Email and Phone Verification Documentation](https://www.ory.sh/docs/kratos/self-service/flows/verify-email-account-activation). // -// Schemes: http, https +// Schemes: http, https // -// Responses: -// 200: selfServiceVerificationFlow -// 500: jsonError -// 400: jsonError +// Responses: +// 200: selfServiceVerificationFlow +// 500: jsonError +// 400: jsonError func (h *Handler) initAPIFlow(w http.ResponseWriter, r *http.Request, _ httprouter.Params) { if !h.d.Config(r.Context()).SelfServiceFlowVerificationEnabled() { h.d.SelfServiceErrorManager().Forward(r.Context(), w, r, errors.WithStack(herodot.ErrBadRequest.WithReasonf("Verification is not allowed because it was disabled."))) @@ -133,7 +133,7 @@ type initializeSelfServiceVerificationFlowForBrowsers struct { // swagger:route GET /self-service/verification/browser v0alpha2 initializeSelfServiceVerificationFlowForBrowsers // -// Initialize Verification Flow for Browser Clients +// # Initialize Verification Flow for Browser Clients // // This endpoint initializes a browser-based account verification flow. Once initialized, the browser will be redirected to // `selfservice.flows.verification.ui_url` with the flow ID set as the query parameter `?flow=`. @@ -144,12 +144,12 @@ type initializeSelfServiceVerificationFlowForBrowsers struct { // // More information can be found at [Ory Kratos Email and Phone Verification Documentation](https://www.ory.sh/docs/kratos/selfservice/flows/verify-email-account-activation). // -// Schemes: http, https +// Schemes: http, https // -// Responses: -// 200: selfServiceVerificationFlow -// 303: emptyResponse -// 500: jsonError +// Responses: +// 200: selfServiceVerificationFlow +// 303: emptyResponse +// 500: jsonError func (h *Handler) initBrowserFlow(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { if !h.d.Config(r.Context()).SelfServiceFlowVerificationEnabled() { h.d.SelfServiceErrorManager().Forward(r.Context(), w, r, errors.WithStack(herodot.ErrBadRequest.WithReasonf("Verification is not allowed because it was disabled."))) @@ -195,7 +195,7 @@ type getSelfServiceVerificationFlow struct { // swagger:route GET /self-service/verification/flows v0alpha2 getSelfServiceVerificationFlow // -// Get Verification Flow +// # Get Verification Flow // // This endpoint returns a verification flow's context with, for example, error details and other information. // @@ -205,26 +205,26 @@ type getSelfServiceVerificationFlow struct { // If you use the browser-flow for server-side apps, the services need to run on a common top-level-domain // and you need to forward the incoming HTTP Cookie header to this endpoint: // -// ```js -// // pseudo-code example -// router.get('/recovery', async function (req, res) { -// const flow = await client.getSelfServiceVerificationFlow(req.header('cookie'), req.query['flow']) +// ```js +// // pseudo-code example +// router.get('/recovery', async function (req, res) { +// const flow = await client.getSelfServiceVerificationFlow(req.header('cookie'), req.query['flow']) // -// res.render('verification', flow) -// }) +// res.render('verification', flow) +// }) // // More information can be found at [Ory Kratos Email and Phone Verification Documentation](https://www.ory.sh/docs/kratos/selfservice/flows/verify-email-account-activation). // -// Produces: -// - application/json +// Produces: +// - application/json // -// Schemes: http, https +// Schemes: http, https // -// Responses: -// 200: selfServiceVerificationFlow -// 403: jsonError -// 404: jsonError -// 500: jsonError +// Responses: +// 200: selfServiceVerificationFlow +// 403: jsonError +// 404: jsonError +// 500: jsonError func (h *Handler) fetch(w http.ResponseWriter, r *http.Request, _ httprouter.Params) { if !h.d.Config(r.Context()).SelfServiceFlowVerificationEnabled() { h.d.SelfServiceErrorManager().Forward(r.Context(), w, r, errors.WithStack(herodot.ErrBadRequest.WithReasonf("Verification is not allowed because it was disabled."))) @@ -307,40 +307,40 @@ type submitSelfServiceVerificationFlowBody struct{} // swagger:route POST /self-service/verification v0alpha2 submitSelfServiceVerificationFlow // -// Complete Verification Flow +// # Complete Verification Flow // // Use this endpoint to complete a verification flow. This endpoint // behaves differently for API and browser flows and has several states: // -// - `choose_method` expects `flow` (in the URL query) and `email` (in the body) to be sent -// and works with API- and Browser-initiated flows. -// - For API clients and Browser clients with HTTP Header `Accept: application/json` it either returns a HTTP 200 OK when the form is valid and HTTP 400 OK when the form is invalid +// - `choose_method` expects `flow` (in the URL query) and `email` (in the body) to be sent +// and works with API- and Browser-initiated flows. +// - For API clients and Browser clients with HTTP Header `Accept: application/json` it either returns a HTTP 200 OK when the form is valid and HTTP 400 OK when the form is invalid // and a HTTP 303 See Other redirect with a fresh verification flow if the flow was otherwise invalid (e.g. expired). -// - For Browser clients without HTTP Header `Accept` or with `Accept: text/*` it returns a HTTP 303 See Other redirect to the Verification UI URL with the Verification Flow ID appended. -// - `sent_email` is the success state after `choose_method` when using the `link` method and allows the user to request another verification email. It -// works for both API and Browser-initiated flows and returns the same responses as the flow in `choose_method` state. -// - `passed_challenge` expects a `token` to be sent in the URL query and given the nature of the flow ("sending a verification link") -// does not have any API capabilities. The server responds with a HTTP 303 See Other redirect either to the Settings UI URL -// (if the link was valid) and instructs the user to update their password, or a redirect to the Verification UI URL with -// a new Verification Flow ID which contains an error message that the verification link was invalid. +// - For Browser clients without HTTP Header `Accept` or with `Accept: text/*` it returns a HTTP 303 See Other redirect to the Verification UI URL with the Verification Flow ID appended. +// - `sent_email` is the success state after `choose_method` when using the `link` method and allows the user to request another verification email. It +// works for both API and Browser-initiated flows and returns the same responses as the flow in `choose_method` state. +// - `passed_challenge` expects a `token` to be sent in the URL query and given the nature of the flow ("sending a verification link") +// does not have any API capabilities. The server responds with a HTTP 303 See Other redirect either to the Settings UI URL +// (if the link was valid) and instructs the user to update their password, or a redirect to the Verification UI URL with +// a new Verification Flow ID which contains an error message that the verification link was invalid. // // More information can be found at [Ory Kratos Email and Phone Verification Documentation](https://www.ory.sh/docs/kratos/selfservice/flows/verify-email-account-activation). // -// Consumes: -// - application/json -// - application/x-www-form-urlencoded +// Consumes: +// - application/json +// - application/x-www-form-urlencoded // -// Produces: -// - application/json +// Produces: +// - application/json // -// Schemes: http, https +// Schemes: http, https // -// Responses: -// 200: selfServiceVerificationFlow -// 303: emptyResponse -// 400: selfServiceVerificationFlow -// 410: jsonError -// 500: jsonError +// Responses: +// 200: selfServiceVerificationFlow +// 303: emptyResponse +// 400: selfServiceVerificationFlow +// 410: jsonError +// 500: jsonError func (h *Handler) submitFlow(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { rid, err := flow.GetFlowID(r) if err != nil { diff --git a/selfservice/strategy/link/strategy_recovery.go b/selfservice/strategy/link/strategy_recovery.go index 7ae56c4a3477..79f6767b452e 100644 --- a/selfservice/strategy/link/strategy_recovery.go +++ b/selfservice/strategy/link/strategy_recovery.go @@ -106,24 +106,24 @@ type selfServiceRecoveryLink struct { // swagger:route POST /admin/recovery/link v0alpha2 adminCreateSelfServiceRecoveryLink // -// Create a Recovery Link +// # Create a Recovery Link // // This endpoint creates a recovery link which should be given to the user in order for them to recover // (or activate) their account. // -// Consumes: -// - application/json +// Consumes: +// - application/json // -// Produces: -// - application/json +// Produces: +// - application/json // -// Schemes: http, https +// Schemes: http, https // -// Responses: -// 200: selfServiceRecoveryLink -// 400: jsonError -// 404: jsonError -// 500: jsonError +// Responses: +// 200: selfServiceRecoveryLink +// 400: jsonError +// 404: jsonError +// 500: jsonError func (s *Strategy) createRecoveryLink(w http.ResponseWriter, r *http.Request, _ httprouter.Params) { var p adminCreateSelfServiceRecoveryLinkBody if err := s.dx.Decode(r, &p, decoderx.HTTPJSONDecoder()); err != nil { diff --git a/selfservice/strategy/lookup/strategy.go b/selfservice/strategy/lookup/strategy.go index 12c78ffd485a..ed6ac05fe22d 100644 --- a/selfservice/strategy/lookup/strategy.go +++ b/selfservice/strategy/lookup/strategy.go @@ -20,7 +20,7 @@ import ( "github.com/ory/x/decoderx" ) -//var _ login.Strategy = new(Strategy) +// var _ login.Strategy = new(Strategy) var _ settings.Strategy = new(Strategy) var _ identity.ActiveCredentialsCounter = new(Strategy) diff --git a/selfservice/strategy/webauthn/handler.go b/selfservice/strategy/webauthn/handler.go index 19e0f44e5035..98d0203b90ca 100644 --- a/selfservice/strategy/webauthn/handler.go +++ b/selfservice/strategy/webauthn/handler.go @@ -19,7 +19,7 @@ type webAuthnJavaScript string // swagger:route GET /.well-known/ory/webauthn.js v0alpha2 getWebAuthnJavaScript // -// Get WebAuthn JavaScript +// # Get WebAuthn JavaScript // // This endpoint provides JavaScript which is needed in order to perform WebAuthn login and registration. // @@ -31,13 +31,13 @@ type webAuthnJavaScript string // // More information can be found at [Ory Kratos User Login](https://www.ory.sh/docs/kratos/self-service/flows/user-login) and [User Registration Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-registration). // -// Produces: -// - text/javascript +// Produces: +// - text/javascript // -// Schemes: http, https +// Schemes: http, https // -// Responses: -// 200: webAuthnJavaScript +// Responses: +// 200: webAuthnJavaScript func (s *Strategy) RegisterLoginRoutes(r *x.RouterPublic) { if handle, _, _ := r.Lookup("GET", webAuthnRoute); handle == nil { r.GET(webAuthnRoute, func(w http.ResponseWriter, r *http.Request, _ httprouter.Params) { diff --git a/session/handler.go b/session/handler.go index 20d75f42e770..6a5f1f7c5625 100644 --- a/session/handler.go +++ b/session/handler.go @@ -111,7 +111,7 @@ type toSession struct { // swagger:route GET /sessions/whoami v0alpha2 toSession // -// Check Who the Current HTTP Session Belongs To +// # Check Who the Current HTTP Session Belongs To // // Uses the HTTP Headers in the GET request to determine (e.g. by using checking the cookies) who is authenticated. // Returns a session object in the body or 401 if the credentials are invalid or no credentials were sent. @@ -120,24 +120,24 @@ type toSession struct { // // If you call this endpoint from a server-side application, you must forward the HTTP Cookie Header to this endpoint: // -// ```js -// // pseudo-code example -// router.get('/protected-endpoint', async function (req, res) { -// const session = await client.toSession(undefined, req.header('cookie')) +// ```js +// // pseudo-code example +// router.get('/protected-endpoint', async function (req, res) { +// const session = await client.toSession(undefined, req.header('cookie')) // -// // console.log(session) -// }) -// ``` +// // console.log(session) +// }) +// ``` // // When calling this endpoint from a non-browser application (e.g. mobile app) you must include the session token: // -// ```js -// // pseudo-code example -// // ... -// const session = await client.toSession("the-session-token") +// ```js +// // pseudo-code example +// // ... +// const session = await client.toSession("the-session-token") // -// // console.log(session) -// ``` +// // console.log(session) +// ``` // // Depending on your configuration this endpoint might return a 403 status code if the session has a lower Authenticator // Assurance Level (AAL) than is possible for the identity. This can happen if the identity has password + webauthn @@ -150,7 +150,7 @@ type toSession struct { // - Reverse proxies and API Gateways // - Server-side calls - use the `X-Session-Token` header! // -// This endpoint authenticates users by checking +// # This endpoint authenticates users by checking // // - if the `Cookie` HTTP header was set containing an Ory Kratos Session Cookie; // - if the `Authorization: bearer ` HTTP header was set with a valid Ory Kratos Session Token; @@ -163,16 +163,16 @@ type toSession struct { // - `session_inactive`: No active session was found in the request (e.g. no Ory Session Cookie / Ory Session Token). // - `session_aal2_required`: An active session was found but it does not fulfil the Authenticator Assurance Level, implying that the session must (e.g.) authenticate the second factor. // -// Produces: -// - application/json +// Produces: +// - application/json // -// Schemes: http, https +// Schemes: http, https // -// Responses: -// 200: session -// 401: jsonError -// 403: jsonError -// 500: jsonError +// Responses: +// 200: session +// 401: jsonError +// 403: jsonError +// 500: jsonError func (h *Handler) whoami(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { s, err := h.r.SessionManager().FetchFromRequest(r.Context(), r) if err != nil { @@ -226,17 +226,17 @@ type adminDeleteIdentitySessions struct { // // - To forcefully logout Identity from all devices and sessions // -// Schemes: http, https +// Schemes: http, https // -// Security: -// oryAccessToken: +// Security: +// oryAccessToken: // -// Responses: -// 204: emptyResponse -// 400: jsonError -// 401: jsonError -// 404: jsonError -// 500: jsonError +// Responses: +// 204: emptyResponse +// 400: jsonError +// 401: jsonError +// 404: jsonError +// 500: jsonError func (h *Handler) adminDeleteIdentitySessions(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { iID, err := uuid.FromString(ps.ByName("id")) if err != nil { @@ -272,17 +272,17 @@ type adminListIdentitySessions struct { // // - Listing all sessions that belong to an Identity in an administrative context. // -// Schemes: http, https +// Schemes: http, https // -// Security: -// oryAccessToken: +// Security: +// oryAccessToken: // -// Responses: -// 200: sessionList -// 400: jsonError -// 401: jsonError -// 404: jsonError -// 500: jsonError +// Responses: +// 200: sessionList +// 400: jsonError +// 401: jsonError +// 404: jsonError +// 500: jsonError func (h *Handler) adminListIdentitySessions(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { iID, err := uuid.FromString(ps.ByName("id")) if err != nil { @@ -327,14 +327,14 @@ type revokeSessions struct { // // - To forcefully logout the current user from all other devices and sessions // -// Schemes: http, https +// Schemes: http, https // -// Responses: -// 200: revokedSessions -// 400: jsonError -// 401: jsonError -// 404: jsonError -// 500: jsonError +// Responses: +// 200: revokedSessions +// 400: jsonError +// 401: jsonError +// 404: jsonError +// 500: jsonError func (h *Handler) revokeSessions(w http.ResponseWriter, r *http.Request, _ httprouter.Params) { s, err := h.r.SessionManager().FetchFromRequest(r.Context(), r) if err != nil { @@ -371,13 +371,13 @@ type revokeSession struct { // // - To forcefully logout the current user from another device or session // -// Schemes: http, https +// Schemes: http, https // -// Responses: -// 204: emptyResponse -// 400: jsonError -// 401: jsonError -// 500: jsonError +// Responses: +// 204: emptyResponse +// 400: jsonError +// 401: jsonError +// 500: jsonError func (h *Handler) revokeSession(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { sid := ps.ByName("id") if sid == "whoami" { @@ -430,14 +430,14 @@ type sessionList []*Session // // - Displaying all other sessions that belong to the logged-in user // -// Schemes: http, https +// Schemes: http, https // -// Responses: -// 200: sessionList -// 400: jsonError -// 401: jsonError -// 404: jsonError -// 500: jsonError +// Responses: +// 200: sessionList +// 400: jsonError +// 401: jsonError +// 404: jsonError +// 500: jsonError func (h *Handler) listSessions(w http.ResponseWriter, r *http.Request, _ httprouter.Params) { s, err := h.r.SessionManager().FetchFromRequest(r.Context(), r) if err != nil { @@ -489,16 +489,16 @@ type adminExtendSession struct { // // Retrieve the session ID from the `/sessions/whoami` endpoint / `toSession` SDK method. // -// Schemes: http, https +// Schemes: http, https // -// Security: -// oryAccessToken: +// Security: +// oryAccessToken: // -// Responses: -// 200: session -// 400: jsonError -// 404: jsonError -// 500: jsonError +// Responses: +// 200: session +// 400: jsonError +// 404: jsonError +// 500: jsonError func (h *Handler) adminSessionExtend(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { iID, err := uuid.FromString(ps.ByName("id")) if err != nil { diff --git a/swagger_meta.go b/swagger_meta.go index 6cebe3242999..bd9a2d4917ba 100644 --- a/swagger_meta.go +++ b/swagger_meta.go @@ -2,29 +2,29 @@ // // Welcome to the Ory Kratos HTTP API documentation! // -// Schemes: http, https -// Host: -// BasePath: / -// Version: latest +// Schemes: http, https +// Host: +// BasePath: / +// Version: latest // -// Consumes: -// - application/json -// - application/x-www-form-urlencoded +// Consumes: +// - application/json +// - application/x-www-form-urlencoded // -// Produces: -// - application/json +// Produces: +// - application/json // -// SecurityDefinitions: -// oryAccessToken: -// type: apiKey -// name: Authorization -// in: header +// SecurityDefinitions: +// oryAccessToken: +// type: apiKey +// name: Authorization +// in: header // -// Extensions: -// --- -// x-request-id: string -// x-forwarded-proto: string -// --- +// Extensions: +// --- +// x-request-id: string +// x-forwarded-proto: string +// --- // // swagger:meta package main diff --git a/ui/node/attributes.go b/ui/node/attributes.go index 4300d218f233..a26b13c88f1b 100644 --- a/ui/node/attributes.go +++ b/ui/node/attributes.go @@ -158,7 +158,6 @@ type AnchorAttributes struct { // TextAttributes represents the attributes of a text node. // -// // swagger:model uiNodeTextAttributes type TextAttributes struct { // The text of the text node. diff --git a/x/doc.go b/x/doc.go index 3582cb8b79da..64aa08a21794 100644 --- a/x/doc.go +++ b/x/doc.go @@ -2,7 +2,7 @@ Package x provides various helpers that do not have an obvious home elsewhere. The contract implied here, is that: - - Package x does not depend on other parts of kratos - - Packages outside kratos do not depend on x. + - Package x does not depend on other parts of kratos + - Packages outside kratos do not depend on x. */ package x diff --git a/x/time.go b/x/time.go index 28635fa7431e..950cb93953e9 100644 --- a/x/time.go +++ b/x/time.go @@ -26,7 +26,7 @@ func RequireEqualTime(t *testing.T, expected, actual time.Time) { // To produce a different normal distribution, callers can // adjust the output using: // -// sample = NormFloat64() * desiredStdDev + desiredMean +// sample = NormFloat64() * desiredStdDev + desiredMean // // Since 99.73% of values in a normal distribution lie within three standard deviations from the mean (https://en.wikipedia.org/wiki/68%E2%80%9395%E2%80%9399.7_rule), // by taking the standard deviation to be deviation/3, we can get a distribution which fits our bounds nicely with minimal clipping when we take max/mins to cut off the tails. From 546ee3dc900874bc0614923b10697388c4e7676b Mon Sep 17 00:00:00 2001 From: aeneasr <3372410+aeneasr@users.noreply.github.com> Date: Thu, 28 Jul 2022 12:39:34 +0200 Subject: [PATCH 212/411] feat: improve state generation logic --- selfservice/strategy/oidc/strategy.go | 7 +++++++ selfservice/strategy/oidc/strategy_login.go | 2 +- .../strategy/oidc/strategy_registration.go | 2 +- selfservice/strategy/oidc/strategy_settings.go | 2 +- selfservice/strategy/oidc/strategy_state_test.go | 15 +++++++++++++++ 5 files changed, 25 insertions(+), 3 deletions(-) create mode 100644 selfservice/strategy/oidc/strategy_state_test.go diff --git a/selfservice/strategy/oidc/strategy.go b/selfservice/strategy/oidc/strategy.go index db79575d289e..fe643d3b80c5 100644 --- a/selfservice/strategy/oidc/strategy.go +++ b/selfservice/strategy/oidc/strategy.go @@ -3,7 +3,9 @@ package oidc import ( "bytes" "context" + "encoding/base64" "encoding/json" + "fmt" "net/http" "path/filepath" "strings" @@ -114,6 +116,11 @@ type authCodeContainer struct { Traits json.RawMessage `json:"traits"` } +func generateState(flowID string) string { + state := x.NewUUID().String() + return base64.RawURLEncoding.EncodeToString([]byte(fmt.Sprintf("%s:%s", flowID, state))) +} + func (s *Strategy) CountActiveFirstFactorCredentials(cc map[identity.CredentialsType]identity.Credentials) (count int, err error) { for _, c := range cc { if c.Type == s.ID() && gjson.ValidBytes(c.Config) { diff --git a/selfservice/strategy/oidc/strategy_login.go b/selfservice/strategy/oidc/strategy_login.go index 253380c6f0ab..c43a70ad2a3c 100644 --- a/selfservice/strategy/oidc/strategy_login.go +++ b/selfservice/strategy/oidc/strategy_login.go @@ -167,7 +167,7 @@ func (s *Strategy) Login(w http.ResponseWriter, r *http.Request, f *login.Flow, return } - state := x.NewUUID().String() + state := generateState(f.ID.String()) if err := s.d.ContinuityManager().Pause(r.Context(), w, r, sessionName, continuity.WithPayload(&authCodeContainer{ State: state, diff --git a/selfservice/strategy/oidc/strategy_registration.go b/selfservice/strategy/oidc/strategy_registration.go index 18673a76a853..00aa504357cf 100644 --- a/selfservice/strategy/oidc/strategy_registration.go +++ b/selfservice/strategy/oidc/strategy_registration.go @@ -141,7 +141,7 @@ func (s *Strategy) Register(w http.ResponseWriter, r *http.Request, f *registrat return errors.WithStack(registration.ErrAlreadyLoggedIn) } - state := x.NewUUID().String() + state := generateState(f.ID.String()) if err := s.d.ContinuityManager().Pause(r.Context(), w, r, sessionName, continuity.WithPayload(&authCodeContainer{ State: state, diff --git a/selfservice/strategy/oidc/strategy_settings.go b/selfservice/strategy/oidc/strategy_settings.go index ed4926e58d21..35283e7cb9a2 100644 --- a/selfservice/strategy/oidc/strategy_settings.go +++ b/selfservice/strategy/oidc/strategy_settings.go @@ -336,7 +336,7 @@ func (s *Strategy) initLinkProvider(w http.ResponseWriter, r *http.Request, ctxU return s.handleSettingsError(w, r, ctxUpdate, p, err) } - state := x.NewUUID().String() + state := generateState(ctxUpdate.Flow.ID.String()) if err := s.d.ContinuityManager().Pause(r.Context(), w, r, sessionName, continuity.WithPayload(&authCodeContainer{ State: state, diff --git a/selfservice/strategy/oidc/strategy_state_test.go b/selfservice/strategy/oidc/strategy_state_test.go new file mode 100644 index 000000000000..1a4268353754 --- /dev/null +++ b/selfservice/strategy/oidc/strategy_state_test.go @@ -0,0 +1,15 @@ +package oidc + +import ( + "testing" + + "github.com/stretchr/testify/assert" + + "github.com/ory/kratos/x" +) + +func TestGenerateState(t *testing.T) { + state := generateState(x.NewUUID().String()) + assert.NotEmpty(t, state) + t.Logf("state: %s", state) +} From e572e8185e17839addabf2a72f4e9921bda8b47a Mon Sep 17 00:00:00 2001 From: aeneasr <3372410+aeneasr@users.noreply.github.com> Date: Thu, 28 Jul 2022 12:39:38 +0200 Subject: [PATCH 213/411] fix: resolve bug where 500s in web hooks are not properly retried --- request/builder.go | 9 ++++-- selfservice/hook/web_hook.go | 2 +- selfservice/hook/web_hook_integration_test.go | 29 +++++++++++++++++++ 3 files changed, 36 insertions(+), 4 deletions(-) diff --git a/request/builder.go b/request/builder.go index e825451fd05d..e85dac0d7f66 100644 --- a/request/builder.go +++ b/request/builder.go @@ -121,8 +121,9 @@ func (b *Builder) addJSONBody(template *bytes.Buffer, body interface{}) error { } rb := strings.NewReader(res) - b.r.Body = io.NopCloser(rb) - b.r.ContentLength = int64(rb.Len()) + if err := b.r.SetBody(io.NopCloser(rb)); err != nil { + return errors.WithStack(err) + } return nil } @@ -157,7 +158,9 @@ func (b *Builder) addURLEncodedBody(template *bytes.Buffer, body interface{}) er } rb := strings.NewReader(u.Encode()) - b.r.Body = io.NopCloser(rb) + if err := b.r.SetBody(io.NopCloser(rb)); err != nil { + return errors.WithStack(err) + } return nil } diff --git a/selfservice/hook/web_hook.go b/selfservice/hook/web_hook.go index 1e935912ecea..f7907f792357 100644 --- a/selfservice/hook/web_hook.go +++ b/selfservice/hook/web_hook.go @@ -196,7 +196,7 @@ func (e *WebHook) execute(ctx context.Context, data *templateContext) error { resp, err := e.deps.HTTPClient(ctx).Do(req) if err != nil { - errChan <- err + errChan <- errors.WithStack(err) return } defer resp.Body.Close() diff --git a/selfservice/hook/web_hook_integration_test.go b/selfservice/hook/web_hook_integration_test.go index 7f0a03e1d0df..83308cc43441 100644 --- a/selfservice/hook/web_hook_integration_test.go +++ b/selfservice/hook/web_hook_integration_test.go @@ -633,6 +633,35 @@ func TestWebHooks(t *testing.T) { wg.Wait() }) + t.Run("does not error on 500 request with retry", func(t *testing.T) { + // This test essentially ensures that we do not regress on the bug we had where 500 status code + // would cause a retry, but because the body was incorrectly set we ended up with a ContentLength + // error. + + var wg sync.WaitGroup + wg.Add(3) // HTTP client does 3 attempts + ts := newServer(func(w http.ResponseWriter, r *http.Request, _ httprouter.Params) { + defer wg.Done() + w.WriteHeader(500) + _, _ = w.Write([]byte(`{"error":"some error"}`)) + }) + + req := &http.Request{ + Header: map[string][]string{"Some-Header": {"Some-Value"}}, + RequestURI: "https://www.ory.sh/some_end_point", + Method: http.MethodPost, + } + f := &login.Flow{ID: x.NewUUID()} + conf := json.RawMessage(fmt.Sprintf(`{"url": "%s", "method": "GET", "body": "./stub/test_body.jsonnet"}`, ts.URL+path)) + wh := hook.NewWebHook(&whDeps, conf) + + err := wh.ExecuteLoginPreHook(nil, req, f) + require.Error(t, err) + assert.NotContains(t, err.Error(), "ContentLength") + + wg.Wait() + }) + for _, tc := range []struct { code int mustSuccess bool From 66a94488eb2fc778a00a5c69916e7958b3535440 Mon Sep 17 00:00:00 2001 From: aeneasr <3372410+aeneasr@users.noreply.github.com> Date: Thu, 28 Jul 2022 13:00:28 +0200 Subject: [PATCH 214/411] fix: respect more http sources for computing request URL --- x/http.go | 7 ++++++- x/http_test.go | 3 +++ 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/x/http.go b/x/http.go index 7acb0164ca40..656570a915a0 100644 --- a/x/http.go +++ b/x/http.go @@ -61,7 +61,12 @@ func EasyCookieJar(t *testing.T, o *cookiejar.Options) *cookiejar.Jar { func RequestURL(r *http.Request) *url.URL { source := *r.URL - source.Host = stringsx.Coalesce(source.Host, r.Host) + source.Host = stringsx.Coalesce(source.Host, r.Header.Get("X-Forwarded-Host"), r.Host) + + if proto := r.Header.Get("X-Forwarded-Proto"); len(proto) > 0 { + source.Scheme = proto + } + if source.Scheme == "" { source.Scheme = "https" if r.TLS == nil { diff --git a/x/http_test.go b/x/http_test.go index 6050087eb900..b3dcb7bf421f 100644 --- a/x/http_test.go +++ b/x/http_test.go @@ -26,6 +26,9 @@ func TestRequestURL(t *testing.T) { assert.EqualValues(t, RequestURL(&http.Request{ URL: urlx.ParseOrPanic("/foo"), Host: "foobar", }).String(), "http://foobar/foo") + assert.EqualValues(t, RequestURL(&http.Request{ + URL: urlx.ParseOrPanic("/foo"), Host: "foobar", Header: http.Header{"X-Forwarded-Host": []string{"notfoobar"}, "X-Forwarded-Proto": {"https"}}, + }).String(), "https://notfoobar/foo") } func TestAcceptToRedirectOrJSON(t *testing.T) { From 72595adcb68a1a2d350c4687328653e28d888847 Mon Sep 17 00:00:00 2001 From: aeneasr <3372410+aeneasr@users.noreply.github.com> Date: Thu, 28 Jul 2022 13:00:40 +0200 Subject: [PATCH 215/411] fix: use full URL for webhook payload --- selfservice/hook/web_hook.go | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/selfservice/hook/web_hook.go b/selfservice/hook/web_hook.go index f7907f792357..0d90fe5121fe 100644 --- a/selfservice/hook/web_hook.go +++ b/selfservice/hook/web_hook.go @@ -45,7 +45,7 @@ type ( Flow flow.Flow `json:"flow"` RequestHeaders http.Header `json:"request_headers"` RequestMethod string `json:"request_method"` - RequestUrl string `json:"request_url"` + RequestURL string `json:"request_url"` Identity *identity.Identity `json:"identity,omitempty"` } @@ -81,7 +81,7 @@ func (e *WebHook) ExecuteLoginPreHook(_ http.ResponseWriter, req *http.Request, Flow: flow, RequestHeaders: req.Header, RequestMethod: req.Method, - RequestUrl: req.RequestURI, + RequestURL: x.RequestURL(req).String(), }) } @@ -91,7 +91,7 @@ func (e *WebHook) ExecuteLoginPostHook(_ http.ResponseWriter, req *http.Request, Flow: flow, RequestHeaders: req.Header, RequestMethod: req.Method, - RequestUrl: req.RequestURI, + RequestURL: x.RequestURL(req).String(), Identity: session.Identity, }) } @@ -102,7 +102,7 @@ func (e *WebHook) ExecutePostVerificationHook(_ http.ResponseWriter, req *http.R Flow: flow, RequestHeaders: req.Header, RequestMethod: req.Method, - RequestUrl: req.RequestURI, + RequestURL: x.RequestURL(req).String(), Identity: id, }) } @@ -113,7 +113,7 @@ func (e *WebHook) ExecutePostRecoveryHook(_ http.ResponseWriter, req *http.Reque Flow: flow, RequestHeaders: req.Header, RequestMethod: req.Method, - RequestUrl: req.RequestURI, + RequestURL: x.RequestURL(req).String(), Identity: session.Identity, }) } @@ -124,7 +124,7 @@ func (e *WebHook) ExecuteRegistrationPreHook(_ http.ResponseWriter, req *http.Re Flow: flow, RequestHeaders: req.Header, RequestMethod: req.Method, - RequestUrl: req.RequestURI, + RequestURL: x.RequestURL(req).String(), }) } @@ -134,7 +134,7 @@ func (e *WebHook) ExecutePostRegistrationPrePersistHook(_ http.ResponseWriter, r Flow: flow, RequestHeaders: req.Header, RequestMethod: req.Method, - RequestUrl: req.RequestURI, + RequestURL: x.RequestURL(req).String(), Identity: id, }) } @@ -145,7 +145,7 @@ func (e *WebHook) ExecutePostRegistrationPostPersistHook(_ http.ResponseWriter, Flow: flow, RequestHeaders: req.Header, RequestMethod: req.Method, - RequestUrl: req.RequestURI, + RequestURL: x.RequestURL(req).String(), Identity: session.Identity, }) } @@ -156,7 +156,7 @@ func (e *WebHook) ExecuteSettingsPostPersistHook(_ http.ResponseWriter, req *htt Flow: flow, RequestHeaders: req.Header, RequestMethod: req.Method, - RequestUrl: req.RequestURI, + RequestURL: x.RequestURL(req).String(), Identity: id, }) } @@ -165,7 +165,7 @@ func (e *WebHook) execute(ctx context.Context, data *templateContext) error { span := trace.SpanFromContext(ctx) attrs := map[string]string{ "webhook.http.method": data.RequestMethod, - "webhook.http.url": data.RequestUrl, + "webhook.http.url": data.RequestURL, "webhook.http.headers": fmt.Sprintf("%#v", data.RequestHeaders), } From 934c30d6064d1e7dfc59f4eef43d096e977c113e Mon Sep 17 00:00:00 2001 From: aeneasr <3372410+aeneasr@users.noreply.github.com> Date: Thu, 28 Jul 2022 13:02:15 +0200 Subject: [PATCH 216/411] test: resolve builder regression --- request/builder_test.go | 3 +- selfservice/hook/web_hook_integration_test.go | 84 ++++++++++++------- 2 files changed, 56 insertions(+), 31 deletions(-) diff --git a/request/builder_test.go b/request/builder_test.go index bf73441eaeea..10a3dd0f8825 100644 --- a/request/builder_test.go +++ b/request/builder_test.go @@ -5,7 +5,6 @@ import ( "encoding/base64" "encoding/json" "fmt" - "io" "net/http" "testing" @@ -251,7 +250,7 @@ func TestBuildRequest(t *testing.T) { assert.Equal(t, tc.method, req.Method) if tc.body != nil { - requestBody, err := io.ReadAll(req.Body) + requestBody, err := req.BodyBytes() require.NoError(t, err) assert.Equal(t, tc.expectedBody, string(requestBody)) diff --git a/selfservice/hook/web_hook_integration_test.go b/selfservice/hook/web_hook_integration_test.go index 83308cc43441..0303b45de671 100644 --- a/selfservice/hook/web_hook_integration_test.go +++ b/selfservice/hook/web_hook_integration_test.go @@ -2,6 +2,7 @@ package hook_test import ( "context" + "crypto/tls" _ "embed" "encoding/base64" "encoding/json" @@ -9,6 +10,7 @@ import ( "io" "net/http" "net/http/httptest" + "net/url" "strconv" "sync" "testing" @@ -108,7 +110,7 @@ func TestWebHooks(t *testing.T) { "headers": %s, "method": "%s", "url": "%s" - }`, f.GetID(), string(h), req.Method, req.RequestURI) + }`, f.GetID(), string(h), req.Method, "http://www.ory.sh/some_end_point") } bodyWithFlowAndIdentity := func(req *http.Request, f flow.Flow, s *session.Session) string { @@ -119,7 +121,7 @@ func TestWebHooks(t *testing.T) { "headers": %s, "method": "%s", "url": "%s" - }`, f.GetID(), s.Identity.ID, string(h), req.Method, req.RequestURI) + }`, f.GetID(), s.Identity.ID, string(h), req.Method, "http://www.ory.sh/some_end_point") } for _, tc := range []struct { @@ -263,9 +265,11 @@ func TestWebHooks(t *testing.T) { t.Run("method="+method, func(t *testing.T) { f := tc.createFlow() req := &http.Request{ + Host: "www.ory.sh", Header: map[string][]string{"Some-Header": {"Some-Value"}}, - RequestURI: "https://www.ory.sh/some_end_point", + RequestURI: "/some_end_point", Method: http.MethodPost, + URL: &url.URL{Path: "/some_end_point"}, } s := &session.Session{ID: x.NewUUID(), Identity: &identity.Identity{ID: x.NewUUID()}} whr := &WebHookRequest{} @@ -515,9 +519,13 @@ func TestWebHooks(t *testing.T) { t.Run("method="+method, func(t *testing.T) { f := tc.createFlow() req := &http.Request{ - Header: map[string][]string{"Some-Header": {"Some-Value"}}, - RequestURI: "https://www.ory.sh/some_end_point", + Host: "www.ory.sh", + Header: map[string][]string{"Some-Header": {"Some-Value"}, "X-Forwarded-Proto": {"https"}}, + RequestURI: "/some_end_point", Method: http.MethodPost, + URL: &url.URL{ + Path: "some_end_point", + }, } s := &session.Session{ID: x.NewUUID(), Identity: &identity.Identity{ID: x.NewUUID()}} code, res := tc.webHookResponse() @@ -549,9 +557,12 @@ func TestWebHooks(t *testing.T) { t.Run("must error when config is erroneous", func(t *testing.T) { req := &http.Request{ - Header: map[string][]string{"Some-Header": {"Some-Value"}}, - RequestURI: "https://www.ory.sh/some_end_point", - Method: http.MethodPost, + Header: map[string][]string{"Some-Header": {"Some-Value"}}, + Host: "www.ory.sh", + TLS: new(tls.ConnectionState), + URL: &url.URL{Path: "/some_end_point"}, + + Method: http.MethodPost, } f := &login.Flow{ID: x.NewUUID()} conf := json.RawMessage("not valid json") @@ -564,9 +575,11 @@ func TestWebHooks(t *testing.T) { t.Run("must error when template is erroneous", func(t *testing.T) { ts := newServer(webHookHttpCodeEndPoint(200)) req := &http.Request{ - Header: map[string][]string{"Some-Header": {"Some-Value"}}, - RequestURI: "https://www.ory.sh/some_end_point", - Method: http.MethodPost, + Header: map[string][]string{"Some-Header": {"Some-Value"}}, + Host: "www.ory.sh", + TLS: new(tls.ConnectionState), + URL: &url.URL{Path: "/some_end_point"}, + Method: http.MethodPost, } f := &login.Flow{ID: x.NewUUID()} conf := json.RawMessage(fmt.Sprintf(`{ @@ -582,9 +595,12 @@ func TestWebHooks(t *testing.T) { t.Run("must not make request", func(t *testing.T) { req := &http.Request{ - Header: map[string][]string{"Some-Header": {"Some-Value"}}, - RequestURI: "https://www.ory.sh/some_end_point", - Method: http.MethodPost, + Header: map[string][]string{"Some-Header": {"Some-Value"}}, + Host: "www.ory.sh", + TLS: new(tls.ConnectionState), + URL: &url.URL{Path: "/some_end_point"}, + + Method: http.MethodPost, } f := &login.Flow{ID: x.NewUUID()} conf := json.RawMessage(`{ @@ -617,9 +633,11 @@ func TestWebHooks(t *testing.T) { }) req := &http.Request{ - Header: map[string][]string{"Some-Header": {"Some-Value"}}, - RequestURI: "https://www.ory.sh/some_end_point", - Method: http.MethodPost, + Header: map[string][]string{"Some-Header": {"Some-Value"}}, + Host: "www.ory.sh", + TLS: new(tls.ConnectionState), + URL: &url.URL{Path: "/some_end_point"}, + Method: http.MethodPost, } f := &login.Flow{ID: x.NewUUID()} conf := json.RawMessage(fmt.Sprintf(`{"url": "%s", "method": "GET", "body": "./stub/test_body.jsonnet", "response": {"ignore": true}}`, ts.URL+path)) @@ -647,9 +665,11 @@ func TestWebHooks(t *testing.T) { }) req := &http.Request{ - Header: map[string][]string{"Some-Header": {"Some-Value"}}, - RequestURI: "https://www.ory.sh/some_end_point", - Method: http.MethodPost, + Header: map[string][]string{"Some-Header": {"Some-Value"}}, + Host: "www.ory.sh", + TLS: new(tls.ConnectionState), + URL: &url.URL{Path: "/some_end_point"}, + Method: http.MethodPost, } f := &login.Flow{ID: x.NewUUID()} conf := json.RawMessage(fmt.Sprintf(`{"url": "%s", "method": "GET", "body": "./stub/test_body.jsonnet"}`, ts.URL+path)) @@ -678,9 +698,11 @@ func TestWebHooks(t *testing.T) { t.Run("Must"+boolToString(tc.mustSuccess)+" error when end point is returning "+strconv.Itoa(tc.code), func(t *testing.T) { ts := newServer(webHookHttpCodeEndPoint(tc.code)) req := &http.Request{ - Header: map[string][]string{"Some-Header": {"Some-Value"}}, - RequestURI: "https://www.ory.sh/some_end_point", - Method: http.MethodPost, + Header: map[string][]string{"Some-Header": {"Some-Value"}}, + Host: "www.ory.sh", + TLS: new(tls.ConnectionState), + URL: &url.URL{Path: "/some_end_point"}, + Method: http.MethodPost, } f := &login.Flow{ID: x.NewUUID()} conf := json.RawMessage(fmt.Sprintf(`{ @@ -707,9 +729,11 @@ func TestDisallowPrivateIPRanges(t *testing.T) { whDeps := x.SimpleLoggerWithClient{L: logger, C: reg.HTTPClient(context.Background()), T: otelx.NewNoop(logger, conf.Tracing())} req := &http.Request{ - Header: map[string][]string{"Some-Header": {"Some-Value"}}, - RequestURI: "https://www.ory.sh/some_end_point", - Method: http.MethodPost, + Header: map[string][]string{"Some-Header": {"Some-Value"}}, + Host: "www.ory.sh", + TLS: new(tls.ConnectionState), + URL: &url.URL{Path: "/some_end_point"}, + Method: http.MethodPost, } s := &session.Session{ID: x.NewUUID(), Identity: &identity.Identity{ID: x.NewUUID()}} f := &login.Flow{ID: x.NewUUID()} @@ -727,9 +751,11 @@ func TestDisallowPrivateIPRanges(t *testing.T) { }) t.Run("not allowed to load from source", func(t *testing.T) { req := &http.Request{ - Header: map[string][]string{"Some-Header": {"Some-Value"}}, - RequestURI: "https://www.ory.sh/some_end_point", - Method: http.MethodPost, + Header: map[string][]string{"Some-Header": {"Some-Value"}}, + Host: "www.ory.sh", + TLS: new(tls.ConnectionState), + URL: &url.URL{Path: "/some_end_point"}, + Method: http.MethodPost, } s := &session.Session{ID: x.NewUUID(), Identity: &identity.Identity{ID: x.NewUUID()}} f := &login.Flow{ID: x.NewUUID()} From 7fb085b6ca4fbfe2978998bea868959966ae193d Mon Sep 17 00:00:00 2001 From: aeneasr <3372410+aeneasr@users.noreply.github.com> Date: Fri, 19 Aug 2022 14:06:38 +0200 Subject: [PATCH 217/411] fix: revert Go 1.19 formatting changes --- identity/handler.go | 142 +++++++++--------- schema/handler.go | 26 ++-- selfservice/errorx/handler.go | 18 +-- selfservice/flow/login/handler.go | 50 +++--- selfservice/flow/logout/handler.go | 4 +- selfservice/flow/recovery/handler.go | 20 +-- selfservice/flow/registration/handler.go | 20 +-- selfservice/flow/settings/handler.go | 10 +- selfservice/flow/verification/handler.go | 19 +-- .../strategy/link/strategy_recovery.go | 2 +- selfservice/strategy/webauthn/handler.go | 2 +- session/handler.go | 138 ++++++++--------- swagger_meta.go | 38 ++--- 13 files changed, 245 insertions(+), 244 deletions(-) diff --git a/identity/handler.go b/identity/handler.go index 8eb706731ce4..bcbca0b06eb3 100644 --- a/identity/handler.go +++ b/identity/handler.go @@ -104,23 +104,23 @@ type adminListIdentities struct { // swagger:route GET /admin/identities v0alpha2 adminListIdentities // -// # List Identities +// List Identities // // Lists all identities. Does not support search at the moment. // // Learn how identities work in [Ory Kratos' User And Identity Model Documentation](https://www.ory.sh/docs/next/kratos/concepts/identity-user-model). // -// Produces: -// - application/json +// Produces: +// - application/json // -// Schemes: http, https +// Schemes: http, https // -// Security: -// oryAccessToken: +// Security: +// oryAccessToken: // -// Responses: -// 200: identityList -// 500: jsonError +// Responses: +// 200: identityList +// 500: jsonError func (h *Handler) list(w http.ResponseWriter, r *http.Request, _ httprouter.Params) { page, itemsPerPage := x.ParsePagination(r) is, err := h.r.IdentityPool().ListIdentities(r.Context(), page, itemsPerPage) @@ -160,25 +160,25 @@ type adminGetIdentity struct { // swagger:route GET /admin/identities/{id} v0alpha2 adminGetIdentity // -// # Get an Identity +// Get an Identity // // Learn how identities work in [Ory Kratos' User And Identity Model Documentation](https://www.ory.sh/docs/next/kratos/concepts/identity-user-model). // -// Consumes: -// - application/json +// Consumes: +// - application/json // -// Produces: -// - application/json +// Produces: +// - application/json // -// Schemes: http, https +// Schemes: http, https // -// Security: -// oryAccessToken: +// Security: +// oryAccessToken: // -// Responses: -// 200: identity -// 404: jsonError -// 500: jsonError +// Responses: +// 200: identity +// 404: jsonError +// 500: jsonError func (h *Handler) get(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { i, err := h.r.PrivilegedIdentityPool().GetIdentityConfidential(r.Context(), x.ParseUUID(ps.ByName("id"))) if err != nil { @@ -309,26 +309,26 @@ type AdminCreateIdentityImportCredentialsOidcProvider struct { // swagger:route POST /admin/identities v0alpha2 adminCreateIdentity // -// # Create an Identity +// Create an Identity // // This endpoint creates an identity. Learn how identities work in [Ory Kratos' User And Identity Model Documentation](https://www.ory.sh/docs/next/kratos/concepts/identity-user-model). // -// Consumes: -// - application/json +// Consumes: +// - application/json // -// Produces: -// - application/json +// Produces: +// - application/json // -// Schemes: http, https +// Schemes: http, https // -// Security: -// oryAccessToken: +// Security: +// oryAccessToken: // -// Responses: -// 201: identity -// 400: jsonError -// 409: jsonError -// 500: jsonError +// Responses: +// 201: identity +// 400: jsonError +// 409: jsonError +// 500: jsonError func (h *Handler) create(w http.ResponseWriter, r *http.Request, _ httprouter.Params) { var cr AdminCreateIdentityBody if err := jsonx.NewStrictDecoder(r.Body).Decode(&cr); err != nil { @@ -426,29 +426,29 @@ type AdminUpdateIdentityBody struct { // swagger:route PUT /admin/identities/{id} v0alpha2 adminUpdateIdentity // -// # Update an Identity +// Update an Identity // // This endpoint updates an identity. The full identity payload (except credentials) is expected. This endpoint does not support patching. // // Learn how identities work in [Ory Kratos' User And Identity Model Documentation](https://www.ory.sh/docs/next/kratos/concepts/identity-user-model). // -// Consumes: -// - application/json +// Consumes: +// - application/json // -// Produces: -// - application/json +// Produces: +// - application/json // -// Schemes: http, https +// Schemes: http, https // -// Security: -// oryAccessToken: +// Security: +// oryAccessToken: // -// Responses: -// 200: identity -// 400: jsonError -// 404: jsonError -// 409: jsonError -// 500: jsonError +// Responses: +// 200: identity +// 400: jsonError +// 404: jsonError +// 409: jsonError +// 500: jsonError func (h *Handler) update(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { var ur AdminUpdateIdentityBody if err := h.dx.Decode(r, &ur, @@ -516,7 +516,7 @@ type adminDeleteIdentity struct { // swagger:route DELETE /admin/identities/{id} v0alpha2 adminDeleteIdentity // -// # Delete an Identity +// Delete an Identity // // Calling this endpoint irrecoverably and permanently deletes the identity given its ID. This action can not be undone. // This endpoint returns 204 when the identity was deleted or when the identity was not found, in which case it is @@ -524,18 +524,18 @@ type adminDeleteIdentity struct { // // Learn how identities work in [Ory Kratos' User And Identity Model Documentation](https://www.ory.sh/docs/next/kratos/concepts/identity-user-model). // -// Produces: -// - application/json +// Produces: +// - application/json // -// Schemes: http, https +// Schemes: http, https // -// Security: -// oryAccessToken: +// Security: +// oryAccessToken: // -// Responses: -// 204: emptyResponse -// 404: jsonError -// 500: jsonError +// Responses: +// 204: emptyResponse +// 404: jsonError +// 500: jsonError func (h *Handler) delete(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { if err := h.r.IdentityPool().(PrivilegedPool).DeleteIdentity(r.Context(), x.ParseUUID(ps.ByName("id"))); err != nil { h.r.Writer().WriteError(w, r, err) @@ -566,23 +566,23 @@ type adminPatchIdentity struct { // // Learn how identities work in [Ory Kratos' User And Identity Model Documentation](https://www.ory.sh/docs/next/kratos/concepts/identity-user-model). // -// Consumes: -// - application/json +// Consumes: +// - application/json // -// Produces: -// - application/json +// Produces: +// - application/json // -// Schemes: http, https +// Schemes: http, https // -// Security: -// oryAccessToken: +// Security: +// oryAccessToken: // -// Responses: -// 200: identity -// 400: jsonError -// 404: jsonError -// 409: jsonError -// 500: jsonError +// Responses: +// 200: identity +// 400: jsonError +// 404: jsonError +// 409: jsonError +// 500: jsonError func (h *Handler) patch(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { requestBody, err := io.ReadAll(r.Body) if err != nil { diff --git a/schema/handler.go b/schema/handler.go index 41396047fef3..8ebe3c6fbac2 100644 --- a/schema/handler.go +++ b/schema/handler.go @@ -79,15 +79,15 @@ type getIdentitySchema struct { // // Get a JSON Schema // -// Produces: -// - application/json +// Produces: +// - application/json // -// Schemes: http, https +// Schemes: http, https // -// Responses: -// 200: identitySchema -// 404: jsonError -// 500: jsonError +// Responses: +// 200: identitySchema +// 404: jsonError +// 500: jsonError func (h *Handler) getIdentitySchema(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { ss, err := h.r.IdentityTraitsSchemas(r.Context()) if err != nil { @@ -147,14 +147,14 @@ type listIdentitySchemas struct { // // Get all Identity Schemas // -// Produces: -// - application/json +// Produces: +// - application/json // -// Schemes: http, https +// Schemes: http, https // -// Responses: -// 200: identitySchemas -// 500: jsonError +// Responses: +// 200: identitySchemas +// 500: jsonError func (h *Handler) getAll(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { page, itemsPerPage := x.ParsePagination(r) diff --git a/selfservice/errorx/handler.go b/selfservice/errorx/handler.go index b34341d29998..e6218f7d0684 100644 --- a/selfservice/errorx/handler.go +++ b/selfservice/errorx/handler.go @@ -64,7 +64,7 @@ type getSelfServiceError struct { // swagger:route GET /self-service/errors v0alpha2 getSelfServiceError // -// # Get Self-Service Errors +// Get Self-Service Errors // // This endpoint returns the error associated with a user-facing self service errors. // @@ -74,16 +74,16 @@ type getSelfServiceError struct { // // More information can be found at [Ory Kratos User User Facing Error Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-facing-errors). // -// Produces: -// - application/json +// Produces: +// - application/json // -// Schemes: http, https +// Schemes: http, https // -// Responses: -// 200: selfServiceError -// 403: jsonError -// 404: jsonError -// 500: jsonError +// Responses: +// 200: selfServiceError +// 403: jsonError +// 404: jsonError +// 500: jsonError func (h *Handler) publicFetchError(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { if err := h.fetchError(w, r); err != nil { h.r.Writer().WriteError(w, r, err) diff --git a/selfservice/flow/login/handler.go b/selfservice/flow/login/handler.go index d7447fceabae..f70964032dfe 100644 --- a/selfservice/flow/login/handler.go +++ b/selfservice/flow/login/handler.go @@ -257,15 +257,15 @@ type initializeSelfServiceLoginFlowWithoutBrowser struct { // // More information can be found at [Ory Kratos User Login](https://www.ory.sh/docs/kratos/self-service/flows/user-login) and [User Registration Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-registration). // -// Produces: -// - application/json +// Produces: +// - application/json // -// Schemes: http, https +// Schemes: http, https // -// Responses: -// 200: selfServiceLoginFlow -// 400: jsonError -// 500: jsonError +// Responses: +// 200: selfServiceLoginFlow +// 400: jsonError +// 500: jsonError func (h *Handler) initAPIFlow(w http.ResponseWriter, r *http.Request, _ httprouter.Params) { f, err := h.NewLoginFlow(w, r, flow.TypeAPI) if err != nil { @@ -306,7 +306,7 @@ type initializeSelfServiceLoginFlowForBrowsers struct { // swagger:route GET /self-service/login/browser v0alpha2 initializeSelfServiceLoginFlowForBrowsers // -// # Initialize Login Flow for Browsers +// Initialize Login Flow for Browsers // // This endpoint initializes a browser-based user login flow. This endpoint will set the appropriate // cookies and anti-CSRF measures required for browser-based flows. @@ -328,16 +328,16 @@ type initializeSelfServiceLoginFlowForBrowsers struct { // // More information can be found at [Ory Kratos User Login](https://www.ory.sh/docs/kratos/self-service/flows/user-login) and [User Registration Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-registration). // -// Produces: -// - application/json +// Produces: +// - application/json // -// Schemes: http, https +// Schemes: http, https // -// Responses: -// 200: selfServiceLoginFlow -// 303: emptyResponse -// 400: jsonError -// 500: jsonError +// Responses: +// 200: selfServiceLoginFlow +// 303: emptyResponse +// 400: jsonError +// 500: jsonError func (h *Handler) initBrowserFlow(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { a, err := h.NewLoginFlow(w, r, flow.TypeBrowser) if errors.Is(err, ErrAlreadyLoggedIn) { @@ -384,7 +384,7 @@ type getSelfServiceLoginFlow struct { // swagger:route GET /self-service/login/flows v0alpha2 getSelfServiceLoginFlow // -// # Get Login Flow +// Get Login Flow // // This endpoint returns a login flow's context with, for example, error details and other information. // @@ -394,14 +394,14 @@ type getSelfServiceLoginFlow struct { // If you use the browser-flow for server-side apps, the services need to run on a common top-level-domain // and you need to forward the incoming HTTP Cookie header to this endpoint: // -// ```js -// // pseudo-code example -// router.get('/login', async function (req, res) { -// const flow = await client.getSelfServiceLoginFlow(req.header('cookie'), req.query['flow']) +// ```js +// // pseudo-code example +// router.get('/login', async function (req, res) { +// const flow = await client.getSelfServiceLoginFlow(req.header('cookie'), req.query['flow']) // -// res.render('login', flow) -// }) -// ``` +// res.render('login', flow) +// }) +// ``` // // This request may fail due to several reasons. The `error.id` can be one of: // @@ -492,7 +492,7 @@ type submitSelfServiceLoginFlowBody struct{} // swagger:route POST /self-service/login v0alpha2 submitSelfServiceLoginFlow // -// # Submit a Login Flow +// Submit a Login Flow // // :::info // diff --git a/selfservice/flow/logout/handler.go b/selfservice/flow/logout/handler.go index 2067f9f18434..f98fb75a63ac 100644 --- a/selfservice/flow/logout/handler.go +++ b/selfservice/flow/logout/handler.go @@ -93,7 +93,7 @@ type createSelfServiceLogoutFlowUrlForBrowsers struct { // swagger:route GET /self-service/logout/browser v0alpha2 createSelfServiceLogoutFlowUrlForBrowsers // -// # Create a Logout URL for Browsers +// Create a Logout URL for Browsers // // This endpoint initializes a browser-based user logout flow and a URL which can be used to log out the user. // @@ -214,7 +214,7 @@ type submitSelfServiceLogoutFlow struct { // swagger:route GET /self-service/logout v0alpha2 submitSelfServiceLogoutFlow // -// # Complete Self-Service Logout +// Complete Self-Service Logout // // This endpoint logs out an identity in a self-service manner. // diff --git a/selfservice/flow/recovery/handler.go b/selfservice/flow/recovery/handler.go index 54ff160d4387..aed1470f3afe 100644 --- a/selfservice/flow/recovery/handler.go +++ b/selfservice/flow/recovery/handler.go @@ -146,7 +146,7 @@ type initializeSelfServiceRecoveryFlowWithoutBrowser struct { // swagger:route GET /self-service/recovery/browser v0alpha2 initializeSelfServiceRecoveryFlowForBrowsers // -// # Initialize Recovery Flow for Browsers +// Initialize Recovery Flow for Browsers // // This endpoint initializes a browser-based account recovery flow. Once initialized, the browser will be redirected to // `selfservice.flows.recovery.ui_url` with the flow ID set as the query parameter `?flow=`. If a valid user session @@ -211,7 +211,7 @@ type getSelfServiceRecoveryFlow struct { // swagger:route GET /self-service/recovery/flows v0alpha2 getSelfServiceRecoveryFlow // -// # Get Recovery Flow +// Get Recovery Flow // // This endpoint returns a recovery flow's context with, for example, error details and other information. // @@ -221,14 +221,14 @@ type getSelfServiceRecoveryFlow struct { // If you use the browser-flow for server-side apps, the services need to run on a common top-level-domain // and you need to forward the incoming HTTP Cookie header to this endpoint: // -// ```js -// // pseudo-code example -// router.get('/recovery', async function (req, res) { -// const flow = await client.getSelfServiceRecoveryFlow(req.header('Cookie'), req.query['flow']) +// ```js +// // pseudo-code example +// router.get('/recovery', async function (req, res) { +// const flow = await client.getSelfServiceRecoveryFlow(req.header('Cookie'), req.query['flow']) // -// res.render('recovery', flow) -// }) -// ``` +// res.render('recovery', flow) +// }) +// ``` // // More information can be found at [Ory Kratos Account Recovery Documentation](../self-service/flows/account-recovery). // @@ -324,7 +324,7 @@ type submitSelfServiceRecoveryFlowBody struct{} // swagger:route POST /self-service/recovery v0alpha2 submitSelfServiceRecoveryFlow // -// # Complete Recovery Flow +// Complete Recovery Flow // // Use this endpoint to complete a recovery flow. This endpoint // behaves differently for API and browser flows and has several states: diff --git a/selfservice/flow/registration/handler.go b/selfservice/flow/registration/handler.go index ce04acec3e39..2d8f358a8555 100644 --- a/selfservice/flow/registration/handler.go +++ b/selfservice/flow/registration/handler.go @@ -199,7 +199,7 @@ type initializeSelfServiceRegistrationFlowForBrowsers struct { // swagger:route GET /self-service/registration/browser v0alpha2 initializeSelfServiceRegistrationFlowForBrowsers // -// # Initialize Registration Flow for Browsers +// Initialize Registration Flow for Browsers // // This endpoint initializes a browser-based user registration flow. This endpoint will set the appropriate // cookies and anti-CSRF measures required for browser-based flows. @@ -281,7 +281,7 @@ type getSelfServiceRegistrationFlow struct { // swagger:route GET /self-service/registration/flows v0alpha2 getSelfServiceRegistrationFlow // -// # Get Registration Flow +// Get Registration Flow // // This endpoint returns a registration flow's context with, for example, error details and other information. // @@ -291,14 +291,14 @@ type getSelfServiceRegistrationFlow struct { // If you use the browser-flow for server-side apps, the services need to run on a common top-level-domain // and you need to forward the incoming HTTP Cookie header to this endpoint: // -// ```js -// // pseudo-code example -// router.get('/registration', async function (req, res) { -// const flow = await client.getSelfServiceRegistrationFlow(req.header('cookie'), req.query['flow']) +// ```js +// // pseudo-code example +// router.get('/registration', async function (req, res) { +// const flow = await client.getSelfServiceRegistrationFlow(req.header('cookie'), req.query['flow']) // -// res.render('registration', flow) -// }) -// ``` +// res.render('registration', flow) +// }) +// ``` // // This request may fail due to several reasons. The `error.id` can be one of: // @@ -390,7 +390,7 @@ type submitSelfServiceRegistrationFlowBody struct{} // swagger:route POST /self-service/registration v0alpha2 submitSelfServiceRegistrationFlow // -// # Submit a Registration Flow +// Submit a Registration Flow // // Use this endpoint to complete a registration flow by sending an identity's traits and password. This endpoint // behaves differently for API and browser flows. diff --git a/selfservice/flow/settings/handler.go b/selfservice/flow/settings/handler.go index ae576f010ffc..82d48905ceea 100644 --- a/selfservice/flow/settings/handler.go +++ b/selfservice/flow/settings/handler.go @@ -183,9 +183,9 @@ type initializeSelfServiceSettingsFlowWithoutBrowser struct { // // More information can be found at [Ory Kratos User Settings & Profile Management Documentation](../self-service/flows/user-settings). // -// Schemes: http, https +// Schemes: http, https // -// Responses: +// Responses: // 200: selfServiceSettingsFlow // 400: jsonError // 500: jsonError @@ -221,7 +221,7 @@ type initializeSelfServiceSettingsFlowForBrowsers struct { // swagger:route GET /self-service/settings/browser v0alpha2 initializeSelfServiceSettingsFlowForBrowsers // -// # Initialize Settings Flow for Browsers +// Initialize Settings Flow for Browsers // // This endpoint initializes a browser-based user settings flow. Once initialized, the browser will be redirected to // `selfservice.flows.settings.ui_url` with the flow ID set as the query parameter `?flow=`. If no valid @@ -313,7 +313,7 @@ type getSelfServiceSettingsFlow struct { // swagger:route GET /self-service/settings/flows v0alpha2 getSelfServiceSettingsFlow // -// # Get Settings Flow +// Get Settings Flow // // When accessing this endpoint through Ory Kratos' Public API you must ensure that either the Ory Kratos Session Cookie // or the Ory Kratos Session Token are set. @@ -431,7 +431,7 @@ type submitSelfServiceSettingsFlowBody struct{} // swagger:route POST /self-service/settings v0alpha2 submitSelfServiceSettingsFlow // -// # Complete Settings Flow +// Complete Settings Flow // // Use this endpoint to complete a settings flow by sending an identity's updated password. This endpoint // behaves differently for API and browser flows. diff --git a/selfservice/flow/verification/handler.go b/selfservice/flow/verification/handler.go index a389a70a00d3..cf6d8decba2f 100644 --- a/selfservice/flow/verification/handler.go +++ b/selfservice/flow/verification/handler.go @@ -133,7 +133,7 @@ type initializeSelfServiceVerificationFlowForBrowsers struct { // swagger:route GET /self-service/verification/browser v0alpha2 initializeSelfServiceVerificationFlowForBrowsers // -// # Initialize Verification Flow for Browser Clients +// Initialize Verification Flow for Browser Clients // // This endpoint initializes a browser-based account verification flow. Once initialized, the browser will be redirected to // `selfservice.flows.verification.ui_url` with the flow ID set as the query parameter `?flow=`. @@ -195,7 +195,7 @@ type getSelfServiceVerificationFlow struct { // swagger:route GET /self-service/verification/flows v0alpha2 getSelfServiceVerificationFlow // -// # Get Verification Flow +// Get Verification Flow // // This endpoint returns a verification flow's context with, for example, error details and other information. // @@ -205,13 +205,14 @@ type getSelfServiceVerificationFlow struct { // If you use the browser-flow for server-side apps, the services need to run on a common top-level-domain // and you need to forward the incoming HTTP Cookie header to this endpoint: // -// ```js -// // pseudo-code example -// router.get('/recovery', async function (req, res) { -// const flow = await client.getSelfServiceVerificationFlow(req.header('cookie'), req.query['flow']) +// ```js +// // pseudo-code example +// router.get('/recovery', async function (req, res) { +// const flow = await client.getSelfServiceVerificationFlow(req.header('cookie'), req.query['flow']) // -// res.render('verification', flow) -// }) +// res.render('verification', flow) +// }) +// ``` // // More information can be found at [Ory Kratos Email and Phone Verification Documentation](https://www.ory.sh/docs/kratos/selfservice/flows/verify-email-account-activation). // @@ -307,7 +308,7 @@ type submitSelfServiceVerificationFlowBody struct{} // swagger:route POST /self-service/verification v0alpha2 submitSelfServiceVerificationFlow // -// # Complete Verification Flow +// Complete Verification Flow // // Use this endpoint to complete a verification flow. This endpoint // behaves differently for API and browser flows and has several states: diff --git a/selfservice/strategy/link/strategy_recovery.go b/selfservice/strategy/link/strategy_recovery.go index 79f6767b452e..feb160792f6f 100644 --- a/selfservice/strategy/link/strategy_recovery.go +++ b/selfservice/strategy/link/strategy_recovery.go @@ -106,7 +106,7 @@ type selfServiceRecoveryLink struct { // swagger:route POST /admin/recovery/link v0alpha2 adminCreateSelfServiceRecoveryLink // -// # Create a Recovery Link +// Create a Recovery Link // // This endpoint creates a recovery link which should be given to the user in order for them to recover // (or activate) their account. diff --git a/selfservice/strategy/webauthn/handler.go b/selfservice/strategy/webauthn/handler.go index 98d0203b90ca..2bb2f1fb78c8 100644 --- a/selfservice/strategy/webauthn/handler.go +++ b/selfservice/strategy/webauthn/handler.go @@ -19,7 +19,7 @@ type webAuthnJavaScript string // swagger:route GET /.well-known/ory/webauthn.js v0alpha2 getWebAuthnJavaScript // -// # Get WebAuthn JavaScript +// Get WebAuthn JavaScript // // This endpoint provides JavaScript which is needed in order to perform WebAuthn login and registration. // diff --git a/session/handler.go b/session/handler.go index 6a5f1f7c5625..39ad0d9ad3ea 100644 --- a/session/handler.go +++ b/session/handler.go @@ -111,7 +111,7 @@ type toSession struct { // swagger:route GET /sessions/whoami v0alpha2 toSession // -// # Check Who the Current HTTP Session Belongs To +// Check Who the Current HTTP Session Belongs To // // Uses the HTTP Headers in the GET request to determine (e.g. by using checking the cookies) who is authenticated. // Returns a session object in the body or 401 if the credentials are invalid or no credentials were sent. @@ -120,24 +120,24 @@ type toSession struct { // // If you call this endpoint from a server-side application, you must forward the HTTP Cookie Header to this endpoint: // -// ```js -// // pseudo-code example -// router.get('/protected-endpoint', async function (req, res) { -// const session = await client.toSession(undefined, req.header('cookie')) +// ```js +// // pseudo-code example +// router.get('/protected-endpoint', async function (req, res) { +// const session = await client.toSession(undefined, req.header('cookie')) // -// // console.log(session) -// }) -// ``` +// // console.log(session) +// }) +// ``` // // When calling this endpoint from a non-browser application (e.g. mobile app) you must include the session token: // -// ```js -// // pseudo-code example -// // ... -// const session = await client.toSession("the-session-token") +// ```js +// // pseudo-code example +// // ... +// const session = await client.toSession("the-session-token") // -// // console.log(session) -// ``` +// // console.log(session) +// ``` // // Depending on your configuration this endpoint might return a 403 status code if the session has a lower Authenticator // Assurance Level (AAL) than is possible for the identity. This can happen if the identity has password + webauthn @@ -150,7 +150,7 @@ type toSession struct { // - Reverse proxies and API Gateways // - Server-side calls - use the `X-Session-Token` header! // -// # This endpoint authenticates users by checking +// This endpoint authenticates users by checking // // - if the `Cookie` HTTP header was set containing an Ory Kratos Session Cookie; // - if the `Authorization: bearer ` HTTP header was set with a valid Ory Kratos Session Token; @@ -163,16 +163,16 @@ type toSession struct { // - `session_inactive`: No active session was found in the request (e.g. no Ory Session Cookie / Ory Session Token). // - `session_aal2_required`: An active session was found but it does not fulfil the Authenticator Assurance Level, implying that the session must (e.g.) authenticate the second factor. // -// Produces: -// - application/json +// Produces: +// - application/json // -// Schemes: http, https +// Schemes: http, https // -// Responses: -// 200: session -// 401: jsonError -// 403: jsonError -// 500: jsonError +// Responses: +// 200: session +// 401: jsonError +// 403: jsonError +// 500: jsonError func (h *Handler) whoami(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { s, err := h.r.SessionManager().FetchFromRequest(r.Context(), r) if err != nil { @@ -226,17 +226,17 @@ type adminDeleteIdentitySessions struct { // // - To forcefully logout Identity from all devices and sessions // -// Schemes: http, https +// Schemes: http, https // -// Security: -// oryAccessToken: +// Security: +// oryAccessToken: // -// Responses: -// 204: emptyResponse -// 400: jsonError -// 401: jsonError -// 404: jsonError -// 500: jsonError +// Responses: +// 204: emptyResponse +// 400: jsonError +// 401: jsonError +// 404: jsonError +// 500: jsonError func (h *Handler) adminDeleteIdentitySessions(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { iID, err := uuid.FromString(ps.ByName("id")) if err != nil { @@ -272,17 +272,17 @@ type adminListIdentitySessions struct { // // - Listing all sessions that belong to an Identity in an administrative context. // -// Schemes: http, https +// Schemes: http, https // -// Security: -// oryAccessToken: +// Security: +// oryAccessToken: // -// Responses: -// 200: sessionList -// 400: jsonError -// 401: jsonError -// 404: jsonError -// 500: jsonError +// Responses: +// 200: sessionList +// 400: jsonError +// 401: jsonError +// 404: jsonError +// 500: jsonError func (h *Handler) adminListIdentitySessions(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { iID, err := uuid.FromString(ps.ByName("id")) if err != nil { @@ -327,14 +327,14 @@ type revokeSessions struct { // // - To forcefully logout the current user from all other devices and sessions // -// Schemes: http, https +// Schemes: http, https // -// Responses: -// 200: revokedSessions -// 400: jsonError -// 401: jsonError -// 404: jsonError -// 500: jsonError +// Responses: +// 200: revokedSessions +// 400: jsonError +// 401: jsonError +// 404: jsonError +// 500: jsonError func (h *Handler) revokeSessions(w http.ResponseWriter, r *http.Request, _ httprouter.Params) { s, err := h.r.SessionManager().FetchFromRequest(r.Context(), r) if err != nil { @@ -371,13 +371,13 @@ type revokeSession struct { // // - To forcefully logout the current user from another device or session // -// Schemes: http, https +// Schemes: http, https // -// Responses: -// 204: emptyResponse -// 400: jsonError -// 401: jsonError -// 500: jsonError +// Responses: +// 204: emptyResponse +// 400: jsonError +// 401: jsonError +// 500: jsonError func (h *Handler) revokeSession(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { sid := ps.ByName("id") if sid == "whoami" { @@ -430,14 +430,14 @@ type sessionList []*Session // // - Displaying all other sessions that belong to the logged-in user // -// Schemes: http, https +// Schemes: http, https // -// Responses: -// 200: sessionList -// 400: jsonError -// 401: jsonError -// 404: jsonError -// 500: jsonError +// Responses: +// 200: sessionList +// 400: jsonError +// 401: jsonError +// 404: jsonError +// 500: jsonError func (h *Handler) listSessions(w http.ResponseWriter, r *http.Request, _ httprouter.Params) { s, err := h.r.SessionManager().FetchFromRequest(r.Context(), r) if err != nil { @@ -489,16 +489,16 @@ type adminExtendSession struct { // // Retrieve the session ID from the `/sessions/whoami` endpoint / `toSession` SDK method. // -// Schemes: http, https +// Schemes: http, https // -// Security: -// oryAccessToken: +// Security: +// oryAccessToken: // -// Responses: -// 200: session -// 400: jsonError -// 404: jsonError -// 500: jsonError +// Responses: +// 200: session +// 400: jsonError +// 404: jsonError +// 500: jsonError func (h *Handler) adminSessionExtend(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { iID, err := uuid.FromString(ps.ByName("id")) if err != nil { diff --git a/swagger_meta.go b/swagger_meta.go index bd9a2d4917ba..707c2b97627c 100644 --- a/swagger_meta.go +++ b/swagger_meta.go @@ -2,29 +2,29 @@ // // Welcome to the Ory Kratos HTTP API documentation! // -// Schemes: http, https -// Host: -// BasePath: / -// Version: latest +// Schemes: http, https +// Host: +// BasePath: / +// Version: latest // -// Consumes: -// - application/json -// - application/x-www-form-urlencoded +// Consumes: +// - application/json +// - application/x-www-form-urlencoded // -// Produces: -// - application/json +// Produces: +// - application/json // -// SecurityDefinitions: -// oryAccessToken: -// type: apiKey -// name: Authorization -// in: header +// SecurityDefinitions: +// oryAccessToken: +// type: apiKey +// name: Authorization +// in: header // -// Extensions: -// --- -// x-request-id: string -// x-forwarded-proto: string -// --- +// Extensions: +// --- +// x-request-id: string +// x-forwarded-proto: string +// --- // // swagger:meta package main From e00a9766d0cd6aa5a03507365b00c957dd5e8137 Mon Sep 17 00:00:00 2001 From: aeneasr <3372410+aeneasr@users.noreply.github.com> Date: Fri, 19 Aug 2022 14:06:48 +0200 Subject: [PATCH 218/411] ci: fix to Go 1.18 --- .github/workflows/ci.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index b0346215a0f9..f9b05910bd19 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -77,7 +77,7 @@ jobs: fetch-depth: 2 - uses: actions/setup-go@v2 with: - go-version: ^1.18 + go-version: '~1.18' - run: go list -json > go.list - name: Run nancy uses: sonatype-nexus-community/nancy-github-action@v1.0.2 @@ -162,7 +162,7 @@ jobs: - name: Setup Go uses: actions/setup-go@v2 with: - go-version: '^1.18' + go-version: '~1.18' - name: Install selfservice-ui-react-native uses: actions/checkout@v2 with: From 576f9c0c6c5966c7d786403f387b2c99f9e92864 Mon Sep 17 00:00:00 2001 From: ory-bot <60093411+ory-bot@users.noreply.github.com> Date: Fri, 19 Aug 2022 13:05:50 +0000 Subject: [PATCH 219/411] autogen(openapi): regenerate swagger spec and internal client [skip ci] --- internal/httpclient/api/openapi.yaml | 2 +- internal/httpclient/api_metadata.go | 26 +-- internal/httpclient/api_v0alpha2.go | 320 +++++++++++++-------------- spec/api.json | 4 +- spec/swagger.json | 4 +- 5 files changed, 170 insertions(+), 186 deletions(-) diff --git a/internal/httpclient/api/openapi.yaml b/internal/httpclient/api/openapi.yaml index ebc48c690bc1..483b899efd10 100644 --- a/internal/httpclient/api/openapi.yaml +++ b/internal/httpclient/api/openapi.yaml @@ -1382,7 +1382,6 @@ paths: This endpoint MUST ONLY be used in scenarios such as native mobile apps (React Native, Objective C, Swift, Java, ...). - More information can be found at [Ory Kratos Account Recovery Documentation](../self-service/flows/account-recovery). operationId: initializeSelfServiceRecoveryFlowWithoutBrowser responses: @@ -2391,6 +2390,7 @@ paths: res.render('verification', flow) }) + ``` More information can be found at [Ory Kratos Email and Phone Verification Documentation](https://www.ory.sh/docs/kratos/selfservice/flows/verify-email-account-activation). operationId: getSelfServiceVerificationFlow diff --git a/internal/httpclient/api_metadata.go b/internal/httpclient/api_metadata.go index eec994165b53..a63febb073aa 100644 --- a/internal/httpclient/api_metadata.go +++ b/internal/httpclient/api_metadata.go @@ -102,16 +102,16 @@ func (r MetadataApiApiGetVersionRequest) Execute() (*InlineResponse2001, *http.R } /* - - GetVersion Return Running Software Version. - - This endpoint returns the version of Ory Kratos. + * GetVersion Return Running Software Version. + * This endpoint returns the version of Ory Kratos. If the service supports TLS Edge Termination, this endpoint does not require the `X-Forwarded-Proto` header to be set. Be aware that if you are running multiple nodes of this service, the version will never refer to the cluster state, only to a single instance. - - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - - @return MetadataApiApiGetVersionRequest + * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + * @return MetadataApiApiGetVersionRequest */ func (a *MetadataApiService) GetVersion(ctx context.Context) MetadataApiApiGetVersionRequest { return MetadataApiApiGetVersionRequest{ @@ -209,9 +209,8 @@ func (r MetadataApiApiIsAliveRequest) Execute() (*InlineResponse200, *http.Respo } /* - - IsAlive Check HTTP Server Status - - This endpoint returns a HTTP 200 status code when Ory Kratos is accepting incoming - + * IsAlive Check HTTP Server Status + * This endpoint returns a HTTP 200 status code when Ory Kratos is accepting incoming HTTP requests. This status does currently not include checks whether the database connection is working. If the service supports TLS Edge Termination, this endpoint does not require the @@ -219,8 +218,8 @@ If the service supports TLS Edge Termination, this endpoint does not require the Be aware that if you are running multiple nodes of this service, the health status will never refer to the cluster state, only to a single instance. - - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - - @return MetadataApiApiIsAliveRequest + * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + * @return MetadataApiApiIsAliveRequest */ func (a *MetadataApiService) IsAlive(ctx context.Context) MetadataApiApiIsAliveRequest { return MetadataApiApiIsAliveRequest{ @@ -327,9 +326,8 @@ func (r MetadataApiApiIsReadyRequest) Execute() (*InlineResponse200, *http.Respo } /* - - IsReady Check HTTP Server and Database Status - - This endpoint returns a HTTP 200 status code when Ory Kratos is up running and the environment dependencies (e.g. - + * IsReady Check HTTP Server and Database Status + * This endpoint returns a HTTP 200 status code when Ory Kratos is up running and the environment dependencies (e.g. the database) are responsive as well. If the service supports TLS Edge Termination, this endpoint does not require the @@ -337,8 +335,8 @@ If the service supports TLS Edge Termination, this endpoint does not require the Be aware that if you are running multiple nodes of Ory Kratos, the health status will never refer to the cluster state, only to a single instance. - - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - - @return MetadataApiApiIsReadyRequest + * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + * @return MetadataApiApiIsReadyRequest */ func (a *MetadataApiService) IsReady(ctx context.Context) MetadataApiApiIsReadyRequest { return MetadataApiApiIsReadyRequest{ diff --git a/internal/httpclient/api_v0alpha2.go b/internal/httpclient/api_v0alpha2.go index cfc74a7f3b7c..1edd310dd035 100644 --- a/internal/httpclient/api_v0alpha2.go +++ b/internal/httpclient/api_v0alpha2.go @@ -398,6 +398,7 @@ type V0alpha2Api interface { res.render('verification', flow) }) + ``` More information can be found at [Ory Kratos Email and Phone Verification Documentation](https://www.ory.sh/docs/kratos/selfservice/flows/verify-email-account-activation). * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). @@ -535,7 +536,6 @@ type V0alpha2Api interface { This endpoint MUST ONLY be used in scenarios such as native mobile apps (React Native, Objective C, Swift, Java, ...). - More information can be found at [Ory Kratos Account Recovery Documentation](../self-service/flows/account-recovery). * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). * @return V0alpha2ApiApiInitializeSelfServiceRecoveryFlowWithoutBrowserRequest @@ -1279,12 +1279,11 @@ func (r V0alpha2ApiApiAdminCreateSelfServiceRecoveryLinkRequest) Execute() (*Sel } /* - - AdminCreateSelfServiceRecoveryLink Create a Recovery Link - - This endpoint creates a recovery link which should be given to the user in order for them to recover - + * AdminCreateSelfServiceRecoveryLink Create a Recovery Link + * This endpoint creates a recovery link which should be given to the user in order for them to recover (or activate) their account. - - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - - @return V0alpha2ApiApiAdminCreateSelfServiceRecoveryLinkRequest + * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + * @return V0alpha2ApiApiAdminCreateSelfServiceRecoveryLinkRequest */ func (a *V0alpha2ApiService) AdminCreateSelfServiceRecoveryLink(ctx context.Context) V0alpha2ApiApiAdminCreateSelfServiceRecoveryLinkRequest { return V0alpha2ApiApiAdminCreateSelfServiceRecoveryLinkRequest{ @@ -1414,16 +1413,15 @@ func (r V0alpha2ApiApiAdminDeleteIdentityRequest) Execute() (*http.Response, err } /* - - AdminDeleteIdentity Delete an Identity - - Calling this endpoint irrecoverably and permanently deletes the identity given its ID. This action can not be undone. - + * AdminDeleteIdentity Delete an Identity + * Calling this endpoint irrecoverably and permanently deletes the identity given its ID. This action can not be undone. This endpoint returns 204 when the identity was deleted or when the identity was not found, in which case it is assumed that is has been deleted already. Learn how identities work in [Ory Kratos' User And Identity Model Documentation](https://www.ory.sh/docs/next/kratos/concepts/identity-user-model). - - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - - @param id ID is the identity's ID. - - @return V0alpha2ApiApiAdminDeleteIdentityRequest + * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + * @param id ID is the identity's ID. + * @return V0alpha2ApiApiAdminDeleteIdentityRequest */ func (a *V0alpha2ApiService) AdminDeleteIdentity(ctx context.Context, id string) V0alpha2ApiApiAdminDeleteIdentityRequest { return V0alpha2ApiApiAdminDeleteIdentityRequest{ @@ -1546,13 +1544,13 @@ func (r V0alpha2ApiApiAdminDeleteIdentitySessionsRequest) Execute() (*http.Respo } /* - - AdminDeleteIdentitySessions Calling this endpoint irrecoverably and permanently deletes and invalidates all sessions that belong to the given Identity. - - This endpoint is useful for: + * AdminDeleteIdentitySessions Calling this endpoint irrecoverably and permanently deletes and invalidates all sessions that belong to the given Identity. + * This endpoint is useful for: To forcefully logout Identity from all devices and sessions - - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - - @param id ID is the identity's ID. - - @return V0alpha2ApiApiAdminDeleteIdentitySessionsRequest + * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + * @param id ID is the identity's ID. + * @return V0alpha2ApiApiAdminDeleteIdentitySessionsRequest */ func (a *V0alpha2ApiService) AdminDeleteIdentitySessions(ctx context.Context, id string) V0alpha2ApiApiAdminDeleteIdentitySessionsRequest { return V0alpha2ApiApiAdminDeleteIdentitySessionsRequest{ @@ -2008,12 +2006,12 @@ func (r V0alpha2ApiApiAdminListIdentitiesRequest) Execute() ([]Identity, *http.R } /* - - AdminListIdentities List Identities - - Lists all identities. Does not support search at the moment. + * AdminListIdentities List Identities + * Lists all identities. Does not support search at the moment. Learn how identities work in [Ory Kratos' User And Identity Model Documentation](https://www.ory.sh/docs/next/kratos/concepts/identity-user-model). - - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - - @return V0alpha2ApiApiAdminListIdentitiesRequest + * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + * @return V0alpha2ApiApiAdminListIdentitiesRequest */ func (a *V0alpha2ApiService) AdminListIdentities(ctx context.Context) V0alpha2ApiApiAdminListIdentitiesRequest { return V0alpha2ApiApiAdminListIdentitiesRequest{ @@ -2157,13 +2155,13 @@ func (r V0alpha2ApiApiAdminListIdentitySessionsRequest) Execute() ([]Session, *h } /* - - AdminListIdentitySessions This endpoint returns all sessions that belong to the given Identity. - - This endpoint is useful for: + * AdminListIdentitySessions This endpoint returns all sessions that belong to the given Identity. + * This endpoint is useful for: Listing all sessions that belong to an Identity in an administrative context. - - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - - @param id ID is the identity's ID. - - @return V0alpha2ApiApiAdminListIdentitySessionsRequest + * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + * @param id ID is the identity's ID. + * @return V0alpha2ApiApiAdminListIdentitySessionsRequest */ func (a *V0alpha2ApiService) AdminListIdentitySessions(ctx context.Context, id string) V0alpha2ApiApiAdminListIdentitySessionsRequest { return V0alpha2ApiApiAdminListIdentitySessionsRequest{ @@ -2332,13 +2330,13 @@ func (r V0alpha2ApiApiAdminPatchIdentityRequest) Execute() (*Identity, *http.Res } /* - - AdminPatchIdentity Partially updates an Identity's field using [JSON Patch](https://jsonpatch.com/) - - NOTE: The fields `id`, `stateChangedAt` and `credentials` are not updateable. + * AdminPatchIdentity Partially updates an Identity's field using [JSON Patch](https://jsonpatch.com/) + * NOTE: The fields `id`, `stateChangedAt` and `credentials` are not updateable. Learn how identities work in [Ory Kratos' User And Identity Model Documentation](https://www.ory.sh/docs/next/kratos/concepts/identity-user-model). - - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - - @param id ID must be set to the ID of identity you want to update - - @return V0alpha2ApiApiAdminPatchIdentityRequest + * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + * @param id ID must be set to the ID of identity you want to update + * @return V0alpha2ApiApiAdminPatchIdentityRequest */ func (a *V0alpha2ApiService) AdminPatchIdentity(ctx context.Context, id string) V0alpha2ApiApiAdminPatchIdentityRequest { return V0alpha2ApiApiAdminPatchIdentityRequest{ @@ -2500,13 +2498,13 @@ func (r V0alpha2ApiApiAdminUpdateIdentityRequest) Execute() (*Identity, *http.Re } /* - - AdminUpdateIdentity Update an Identity - - This endpoint updates an identity. The full identity payload (except credentials) is expected. This endpoint does not support patching. + * AdminUpdateIdentity Update an Identity + * This endpoint updates an identity. The full identity payload (except credentials) is expected. This endpoint does not support patching. Learn how identities work in [Ory Kratos' User And Identity Model Documentation](https://www.ory.sh/docs/next/kratos/concepts/identity-user-model). - - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - - @param id ID must be set to the ID of identity you want to update - - @return V0alpha2ApiApiAdminUpdateIdentityRequest + * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + * @param id ID must be set to the ID of identity you want to update + * @return V0alpha2ApiApiAdminUpdateIdentityRequest */ func (a *V0alpha2ApiService) AdminUpdateIdentity(ctx context.Context, id string) V0alpha2ApiApiAdminUpdateIdentityRequest { return V0alpha2ApiApiAdminUpdateIdentityRequest{ @@ -2667,8 +2665,8 @@ func (r V0alpha2ApiApiCreateSelfServiceLogoutFlowUrlForBrowsersRequest) Execute( } /* - - CreateSelfServiceLogoutFlowUrlForBrowsers Create a Logout URL for Browsers - - This endpoint initializes a browser-based user logout flow and a URL which can be used to log out the user. + * CreateSelfServiceLogoutFlowUrlForBrowsers Create a Logout URL for Browsers + * This endpoint initializes a browser-based user logout flow and a URL which can be used to log out the user. This endpoint is NOT INTENDED for API clients and only works with browsers (Chrome, Firefox, ...). For API clients you can @@ -2678,8 +2676,8 @@ The URL is only valid for the currently signed in user. If no user is signed in, a 401 error. When calling this endpoint from a backend, please ensure to properly forward the HTTP cookies. - - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - - @return V0alpha2ApiApiCreateSelfServiceLogoutFlowUrlForBrowsersRequest + * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + * @return V0alpha2ApiApiCreateSelfServiceLogoutFlowUrlForBrowsersRequest */ func (a *V0alpha2ApiService) CreateSelfServiceLogoutFlowUrlForBrowsers(ctx context.Context) V0alpha2ApiApiCreateSelfServiceLogoutFlowUrlForBrowsersRequest { return V0alpha2ApiApiCreateSelfServiceLogoutFlowUrlForBrowsersRequest{ @@ -2929,16 +2927,16 @@ func (r V0alpha2ApiApiGetSelfServiceErrorRequest) Execute() (*SelfServiceError, } /* - - GetSelfServiceError Get Self-Service Errors - - This endpoint returns the error associated with a user-facing self service errors. + * GetSelfServiceError Get Self-Service Errors + * This endpoint returns the error associated with a user-facing self service errors. This endpoint supports stub values to help you implement the error UI: `?id=stub:500` - returns a stub 500 (Internal Server Error) error. More information can be found at [Ory Kratos User User Facing Error Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-facing-errors). - - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - - @return V0alpha2ApiApiGetSelfServiceErrorRequest + * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + * @return V0alpha2ApiApiGetSelfServiceErrorRequest */ func (a *V0alpha2ApiService) GetSelfServiceError(ctx context.Context) V0alpha2ApiApiGetSelfServiceErrorRequest { return V0alpha2ApiApiGetSelfServiceErrorRequest{ @@ -3080,8 +3078,8 @@ func (r V0alpha2ApiApiGetSelfServiceLoginFlowRequest) Execute() (*SelfServiceLog } /* - - GetSelfServiceLoginFlow Get Login Flow - - This endpoint returns a login flow's context with, for example, error details and other information. + * GetSelfServiceLoginFlow Get Login Flow + * This endpoint returns a login flow's context with, for example, error details and other information. Browser flows expect the anti-CSRF cookie to be included in the request's HTTP Cookie Header. For AJAX requests you must ensure that cookies are included in the request or requests will fail. @@ -3104,8 +3102,8 @@ This request may fail due to several reasons. The `error.id` can be one of: `self_service_flow_expired`: The flow is expired and you should request a new one. More information can be found at [Ory Kratos User Login](https://www.ory.sh/docs/kratos/self-service/flows/user-login) and [User Registration Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-registration). - - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - - @return V0alpha2ApiApiGetSelfServiceLoginFlowRequest + * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + * @return V0alpha2ApiApiGetSelfServiceLoginFlowRequest */ func (a *V0alpha2ApiService) GetSelfServiceLoginFlow(ctx context.Context) V0alpha2ApiApiGetSelfServiceLoginFlowRequest { return V0alpha2ApiApiGetSelfServiceLoginFlowRequest{ @@ -3260,8 +3258,8 @@ func (r V0alpha2ApiApiGetSelfServiceRecoveryFlowRequest) Execute() (*SelfService } /* - - GetSelfServiceRecoveryFlow Get Recovery Flow - - This endpoint returns a recovery flow's context with, for example, error details and other information. + * GetSelfServiceRecoveryFlow Get Recovery Flow + * This endpoint returns a recovery flow's context with, for example, error details and other information. Browser flows expect the anti-CSRF cookie to be included in the request's HTTP Cookie Header. For AJAX requests you must ensure that cookies are included in the request or requests will fail. @@ -3279,8 +3277,8 @@ res.render('recovery', flow) ``` More information can be found at [Ory Kratos Account Recovery Documentation](../self-service/flows/account-recovery). - - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - - @return V0alpha2ApiApiGetSelfServiceRecoveryFlowRequest + * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + * @return V0alpha2ApiApiGetSelfServiceRecoveryFlowRequest */ func (a *V0alpha2ApiService) GetSelfServiceRecoveryFlow(ctx context.Context) V0alpha2ApiApiGetSelfServiceRecoveryFlowRequest { return V0alpha2ApiApiGetSelfServiceRecoveryFlowRequest{ @@ -3425,8 +3423,8 @@ func (r V0alpha2ApiApiGetSelfServiceRegistrationFlowRequest) Execute() (*SelfSer } /* - - GetSelfServiceRegistrationFlow Get Registration Flow - - This endpoint returns a registration flow's context with, for example, error details and other information. + * GetSelfServiceRegistrationFlow Get Registration Flow + * This endpoint returns a registration flow's context with, for example, error details and other information. Browser flows expect the anti-CSRF cookie to be included in the request's HTTP Cookie Header. For AJAX requests you must ensure that cookies are included in the request or requests will fail. @@ -3449,8 +3447,8 @@ This request may fail due to several reasons. The `error.id` can be one of: `self_service_flow_expired`: The flow is expired and you should request a new one. More information can be found at [Ory Kratos User Login](https://www.ory.sh/docs/kratos/self-service/flows/user-login) and [User Registration Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-registration). - - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - - @return V0alpha2ApiApiGetSelfServiceRegistrationFlowRequest + * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + * @return V0alpha2ApiApiGetSelfServiceRegistrationFlowRequest */ func (a *V0alpha2ApiService) GetSelfServiceRegistrationFlow(ctx context.Context) V0alpha2ApiApiGetSelfServiceRegistrationFlowRequest { return V0alpha2ApiApiGetSelfServiceRegistrationFlowRequest{ @@ -3610,9 +3608,8 @@ func (r V0alpha2ApiApiGetSelfServiceSettingsFlowRequest) Execute() (*SelfService } /* - - GetSelfServiceSettingsFlow Get Settings Flow - - When accessing this endpoint through Ory Kratos' Public API you must ensure that either the Ory Kratos Session Cookie - + * GetSelfServiceSettingsFlow Get Settings Flow + * When accessing this endpoint through Ory Kratos' Public API you must ensure that either the Ory Kratos Session Cookie or the Ory Kratos Session Token are set. Depending on your configuration this endpoint might return a 403 error if the session has a lower Authenticator @@ -3631,8 +3628,8 @@ case of an error, the `error.id` of the JSON response body can be one of: identity logged in instead. More information can be found at [Ory Kratos User Settings & Profile Management Documentation](../self-service/flows/user-settings). - - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - - @return V0alpha2ApiApiGetSelfServiceSettingsFlowRequest + * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + * @return V0alpha2ApiApiGetSelfServiceSettingsFlowRequest */ func (a *V0alpha2ApiService) GetSelfServiceSettingsFlow(ctx context.Context) V0alpha2ApiApiGetSelfServiceSettingsFlowRequest { return V0alpha2ApiApiGetSelfServiceSettingsFlowRequest{ @@ -3800,8 +3797,8 @@ func (r V0alpha2ApiApiGetSelfServiceVerificationFlowRequest) Execute() (*SelfSer } /* - - GetSelfServiceVerificationFlow Get Verification Flow - - This endpoint returns a verification flow's context with, for example, error details and other information. + * GetSelfServiceVerificationFlow Get Verification Flow + * This endpoint returns a verification flow's context with, for example, error details and other information. Browser flows expect the anti-CSRF cookie to be included in the request's HTTP Cookie Header. For AJAX requests you must ensure that cookies are included in the request or requests will fail. @@ -3816,10 +3813,11 @@ const flow = await client.getSelfServiceVerificationFlow(req.header('cookie'), r res.render('verification', flow) }) +``` More information can be found at [Ory Kratos Email and Phone Verification Documentation](https://www.ory.sh/docs/kratos/selfservice/flows/verify-email-account-activation). - - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - - @return V0alpha2ApiApiGetSelfServiceVerificationFlowRequest + * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + * @return V0alpha2ApiApiGetSelfServiceVerificationFlowRequest */ func (a *V0alpha2ApiService) GetSelfServiceVerificationFlow(ctx context.Context) V0alpha2ApiApiGetSelfServiceVerificationFlowRequest { return V0alpha2ApiApiGetSelfServiceVerificationFlowRequest{ @@ -3953,8 +3951,8 @@ func (r V0alpha2ApiApiGetWebAuthnJavaScriptRequest) Execute() (string, *http.Res } /* - - GetWebAuthnJavaScript Get WebAuthn JavaScript - - This endpoint provides JavaScript which is needed in order to perform WebAuthn login and registration. + * GetWebAuthnJavaScript Get WebAuthn JavaScript + * This endpoint provides JavaScript which is needed in order to perform WebAuthn login and registration. If you are building a JavaScript Browser App (e.g. in ReactJS or AngularJS) you will need to load this file: @@ -3963,8 +3961,8 @@ If you are building a JavaScript Browser App (e.g. in ReactJS or AngularJS) you ``` More information can be found at [Ory Kratos User Login](https://www.ory.sh/docs/kratos/self-service/flows/user-login) and [User Registration Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-registration). - - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - - @return V0alpha2ApiApiGetWebAuthnJavaScriptRequest + * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + * @return V0alpha2ApiApiGetWebAuthnJavaScriptRequest */ func (a *V0alpha2ApiService) GetWebAuthnJavaScript(ctx context.Context) V0alpha2ApiApiGetWebAuthnJavaScriptRequest { return V0alpha2ApiApiGetWebAuthnJavaScriptRequest{ @@ -4078,9 +4076,8 @@ func (r V0alpha2ApiApiInitializeSelfServiceLoginFlowForBrowsersRequest) Execute( } /* - - InitializeSelfServiceLoginFlowForBrowsers Initialize Login Flow for Browsers - - This endpoint initializes a browser-based user login flow. This endpoint will set the appropriate - + * InitializeSelfServiceLoginFlowForBrowsers Initialize Login Flow for Browsers + * This endpoint initializes a browser-based user login flow. This endpoint will set the appropriate cookies and anti-CSRF measures required for browser-based flows. If this endpoint is opened as a link in the browser, it will be redirected to @@ -4099,8 +4096,8 @@ case of an error, the `error.id` of the JSON response body can be one of: This endpoint is NOT INTENDED for clients that do not have a browser (Chrome, Firefox, ...) as cookies are needed. More information can be found at [Ory Kratos User Login](https://www.ory.sh/docs/kratos/self-service/flows/user-login) and [User Registration Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-registration). - - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - - @return V0alpha2ApiApiInitializeSelfServiceLoginFlowForBrowsersRequest + * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + * @return V0alpha2ApiApiInitializeSelfServiceLoginFlowForBrowsersRequest */ func (a *V0alpha2ApiService) InitializeSelfServiceLoginFlowForBrowsers(ctx context.Context) V0alpha2ApiApiInitializeSelfServiceLoginFlowForBrowsersRequest { return V0alpha2ApiApiInitializeSelfServiceLoginFlowForBrowsersRequest{ @@ -4242,8 +4239,8 @@ func (r V0alpha2ApiApiInitializeSelfServiceLoginFlowWithoutBrowserRequest) Execu } /* - - InitializeSelfServiceLoginFlowWithoutBrowser Initialize Login Flow for APIs, Services, Apps, ... - - This endpoint initiates a login flow for API clients that do not use a browser, such as mobile devices, smart TVs, and so on. + * InitializeSelfServiceLoginFlowWithoutBrowser Initialize Login Flow for APIs, Services, Apps, ... + * This endpoint initiates a login flow for API clients that do not use a browser, such as mobile devices, smart TVs, and so on. If a valid provided session cookie or session token is provided, a 400 Bad Request error will be returned unless the URL query parameter `?refresh=true` is set. @@ -4263,8 +4260,8 @@ In the case of an error, the `error.id` of the JSON response body can be one of: This endpoint MUST ONLY be used in scenarios such as native mobile apps (React Native, Objective C, Swift, Java, ...). More information can be found at [Ory Kratos User Login](https://www.ory.sh/docs/kratos/self-service/flows/user-login) and [User Registration Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-registration). - - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - - @return V0alpha2ApiApiInitializeSelfServiceLoginFlowWithoutBrowserRequest + * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + * @return V0alpha2ApiApiInitializeSelfServiceLoginFlowWithoutBrowserRequest */ func (a *V0alpha2ApiService) InitializeSelfServiceLoginFlowWithoutBrowser(ctx context.Context) V0alpha2ApiApiInitializeSelfServiceLoginFlowWithoutBrowserRequest { return V0alpha2ApiApiInitializeSelfServiceLoginFlowWithoutBrowserRequest{ @@ -4396,9 +4393,8 @@ func (r V0alpha2ApiApiInitializeSelfServiceRecoveryFlowForBrowsersRequest) Execu } /* - - InitializeSelfServiceRecoveryFlowForBrowsers Initialize Recovery Flow for Browsers - - This endpoint initializes a browser-based account recovery flow. Once initialized, the browser will be redirected to - + * InitializeSelfServiceRecoveryFlowForBrowsers Initialize Recovery Flow for Browsers + * This endpoint initializes a browser-based account recovery flow. Once initialized, the browser will be redirected to `selfservice.flows.recovery.ui_url` with the flow ID set as the query parameter `?flow=`. If a valid user session exists, the browser is returned to the configured return URL. @@ -4408,8 +4404,8 @@ or a 400 bad request error if the user is already authenticated. This endpoint is NOT INTENDED for clients that do not have a browser (Chrome, Firefox, ...) as cookies are needed. More information can be found at [Ory Kratos Account Recovery Documentation](../self-service/flows/account-recovery). - - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - - @return V0alpha2ApiApiInitializeSelfServiceRecoveryFlowForBrowsersRequest + * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + * @return V0alpha2ApiApiInitializeSelfServiceRecoveryFlowForBrowsersRequest */ func (a *V0alpha2ApiService) InitializeSelfServiceRecoveryFlowForBrowsers(ctx context.Context) V0alpha2ApiApiInitializeSelfServiceRecoveryFlowForBrowsersRequest { return V0alpha2ApiApiInitializeSelfServiceRecoveryFlowForBrowsersRequest{ @@ -4529,8 +4525,8 @@ func (r V0alpha2ApiApiInitializeSelfServiceRecoveryFlowWithoutBrowserRequest) Ex } /* - - InitializeSelfServiceRecoveryFlowWithoutBrowser Initialize Recovery Flow for APIs, Services, Apps, ... - - This endpoint initiates a recovery flow for API clients such as mobile devices, smart TVs, and so on. + * InitializeSelfServiceRecoveryFlowWithoutBrowser Initialize Recovery Flow for APIs, Services, Apps, ... + * This endpoint initiates a recovery flow for API clients such as mobile devices, smart TVs, and so on. If a valid provided session cookie or session token is provided, a 400 Bad Request error. @@ -4543,8 +4539,8 @@ you vulnerable to a variety of CSRF attacks. This endpoint MUST ONLY be used in scenarios such as native mobile apps (React Native, Objective C, Swift, Java, ...). More information can be found at [Ory Kratos Account Recovery Documentation](../self-service/flows/account-recovery). - - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - - @return V0alpha2ApiApiInitializeSelfServiceRecoveryFlowWithoutBrowserRequest + * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + * @return V0alpha2ApiApiInitializeSelfServiceRecoveryFlowWithoutBrowserRequest */ func (a *V0alpha2ApiService) InitializeSelfServiceRecoveryFlowWithoutBrowser(ctx context.Context) V0alpha2ApiApiInitializeSelfServiceRecoveryFlowWithoutBrowserRequest { return V0alpha2ApiApiInitializeSelfServiceRecoveryFlowWithoutBrowserRequest{ @@ -4667,9 +4663,8 @@ func (r V0alpha2ApiApiInitializeSelfServiceRegistrationFlowForBrowsersRequest) E } /* - - InitializeSelfServiceRegistrationFlowForBrowsers Initialize Registration Flow for Browsers - - This endpoint initializes a browser-based user registration flow. This endpoint will set the appropriate - + * InitializeSelfServiceRegistrationFlowForBrowsers Initialize Registration Flow for Browsers + * This endpoint initializes a browser-based user registration flow. This endpoint will set the appropriate cookies and anti-CSRF measures required for browser-based flows. :::info @@ -4694,8 +4689,8 @@ If this endpoint is called via an AJAX request, the response contains the regist This endpoint is NOT INTENDED for clients that do not have a browser (Chrome, Firefox, ...) as cookies are needed. More information can be found at [Ory Kratos User Login](https://www.ory.sh/docs/kratos/self-service/flows/user-login) and [User Registration Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-registration). - - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - - @return V0alpha2ApiApiInitializeSelfServiceRegistrationFlowForBrowsersRequest + * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + * @return V0alpha2ApiApiInitializeSelfServiceRegistrationFlowForBrowsersRequest */ func (a *V0alpha2ApiService) InitializeSelfServiceRegistrationFlowForBrowsers(ctx context.Context) V0alpha2ApiApiInitializeSelfServiceRegistrationFlowForBrowsersRequest { return V0alpha2ApiApiInitializeSelfServiceRegistrationFlowForBrowsersRequest{ @@ -4805,8 +4800,8 @@ func (r V0alpha2ApiApiInitializeSelfServiceRegistrationFlowWithoutBrowserRequest } /* - - InitializeSelfServiceRegistrationFlowWithoutBrowser Initialize Registration Flow for APIs, Services, Apps, ... - - This endpoint initiates a registration flow for API clients such as mobile devices, smart TVs, and so on. + * InitializeSelfServiceRegistrationFlowWithoutBrowser Initialize Registration Flow for APIs, Services, Apps, ... + * This endpoint initiates a registration flow for API clients such as mobile devices, smart TVs, and so on. If a valid provided session cookie or session token is provided, a 400 Bad Request error will be returned unless the URL query parameter `?refresh=true` is set. @@ -4825,8 +4820,8 @@ In the case of an error, the `error.id` of the JSON response body can be one of: This endpoint MUST ONLY be used in scenarios such as native mobile apps (React Native, Objective C, Swift, Java, ...). More information can be found at [Ory Kratos User Login](https://www.ory.sh/docs/kratos/self-service/flows/user-login) and [User Registration Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-registration). - - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - - @return V0alpha2ApiApiInitializeSelfServiceRegistrationFlowWithoutBrowserRequest + * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + * @return V0alpha2ApiApiInitializeSelfServiceRegistrationFlowWithoutBrowserRequest */ func (a *V0alpha2ApiService) InitializeSelfServiceRegistrationFlowWithoutBrowser(ctx context.Context) V0alpha2ApiApiInitializeSelfServiceRegistrationFlowWithoutBrowserRequest { return V0alpha2ApiApiInitializeSelfServiceRegistrationFlowWithoutBrowserRequest{ @@ -4949,9 +4944,8 @@ func (r V0alpha2ApiApiInitializeSelfServiceSettingsFlowForBrowsersRequest) Execu } /* - - InitializeSelfServiceSettingsFlowForBrowsers Initialize Settings Flow for Browsers - - This endpoint initializes a browser-based user settings flow. Once initialized, the browser will be redirected to - + * InitializeSelfServiceSettingsFlowForBrowsers Initialize Settings Flow for Browsers + * This endpoint initializes a browser-based user settings flow. Once initialized, the browser will be redirected to `selfservice.flows.settings.ui_url` with the flow ID set as the query parameter `?flow=`. If no valid Ory Kratos Session Cookie is included in the request, a login flow will be initialized. @@ -4977,8 +4971,8 @@ case of an error, the `error.id` of the JSON response body can be one of: This endpoint is NOT INTENDED for clients that do not have a browser (Chrome, Firefox, ...) as cookies are needed. More information can be found at [Ory Kratos User Settings & Profile Management Documentation](../self-service/flows/user-settings). - - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - - @return V0alpha2ApiApiInitializeSelfServiceSettingsFlowForBrowsersRequest + * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + * @return V0alpha2ApiApiInitializeSelfServiceSettingsFlowForBrowsersRequest */ func (a *V0alpha2ApiService) InitializeSelfServiceSettingsFlowForBrowsers(ctx context.Context) V0alpha2ApiApiInitializeSelfServiceSettingsFlowForBrowsersRequest { return V0alpha2ApiApiInitializeSelfServiceSettingsFlowForBrowsersRequest{ @@ -5124,9 +5118,8 @@ func (r V0alpha2ApiApiInitializeSelfServiceSettingsFlowWithoutBrowserRequest) Ex } /* - - InitializeSelfServiceSettingsFlowWithoutBrowser Initialize Settings Flow for APIs, Services, Apps, ... - - This endpoint initiates a settings flow for API clients such as mobile devices, smart TVs, and so on. - + * InitializeSelfServiceSettingsFlowWithoutBrowser Initialize Settings Flow for APIs, Services, Apps, ... + * This endpoint initiates a settings flow for API clients such as mobile devices, smart TVs, and so on. You must provide a valid Ory Kratos Session Token for this endpoint to respond with HTTP 200 OK. To fetch an existing settings flow call `/self-service/settings/flows?flow=`. @@ -5148,8 +5141,8 @@ In the case of an error, the `error.id` of the JSON response body can be one of: This endpoint MUST ONLY be used in scenarios such as native mobile apps (React Native, Objective C, Swift, Java, ...). More information can be found at [Ory Kratos User Settings & Profile Management Documentation](../self-service/flows/user-settings). - - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - - @return V0alpha2ApiApiInitializeSelfServiceSettingsFlowWithoutBrowserRequest + * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + * @return V0alpha2ApiApiInitializeSelfServiceSettingsFlowWithoutBrowserRequest */ func (a *V0alpha2ApiService) InitializeSelfServiceSettingsFlowWithoutBrowser(ctx context.Context) V0alpha2ApiApiInitializeSelfServiceSettingsFlowWithoutBrowserRequest { return V0alpha2ApiApiInitializeSelfServiceSettingsFlowWithoutBrowserRequest{ @@ -5275,9 +5268,8 @@ func (r V0alpha2ApiApiInitializeSelfServiceVerificationFlowForBrowsersRequest) E } /* - - InitializeSelfServiceVerificationFlowForBrowsers Initialize Verification Flow for Browser Clients - - This endpoint initializes a browser-based account verification flow. Once initialized, the browser will be redirected to - + * InitializeSelfServiceVerificationFlowForBrowsers Initialize Verification Flow for Browser Clients + * This endpoint initializes a browser-based account verification flow. Once initialized, the browser will be redirected to `selfservice.flows.verification.ui_url` with the flow ID set as the query parameter `?flow=`. If this endpoint is called via an AJAX request, the response contains the recovery flow without any redirects. @@ -5285,8 +5277,8 @@ If this endpoint is called via an AJAX request, the response contains the recove This endpoint is NOT INTENDED for API clients and only works with browsers (Chrome, Firefox, ...). More information can be found at [Ory Kratos Email and Phone Verification Documentation](https://www.ory.sh/docs/kratos/selfservice/flows/verify-email-account-activation). - - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - - @return V0alpha2ApiApiInitializeSelfServiceVerificationFlowForBrowsersRequest + * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + * @return V0alpha2ApiApiInitializeSelfServiceVerificationFlowForBrowsersRequest */ func (a *V0alpha2ApiService) InitializeSelfServiceVerificationFlowForBrowsers(ctx context.Context) V0alpha2ApiApiInitializeSelfServiceVerificationFlowForBrowsersRequest { return V0alpha2ApiApiInitializeSelfServiceVerificationFlowForBrowsersRequest{ @@ -5396,8 +5388,8 @@ func (r V0alpha2ApiApiInitializeSelfServiceVerificationFlowWithoutBrowserRequest } /* - - InitializeSelfServiceVerificationFlowWithoutBrowser Initialize Verification Flow for APIs, Services, Apps, ... - - This endpoint initiates a verification flow for API clients such as mobile devices, smart TVs, and so on. + * InitializeSelfServiceVerificationFlowWithoutBrowser Initialize Verification Flow for APIs, Services, Apps, ... + * This endpoint initiates a verification flow for API clients such as mobile devices, smart TVs, and so on. To fetch an existing verification flow call `/self-service/verification/flows?flow=`. @@ -5408,8 +5400,8 @@ you vulnerable to a variety of CSRF attacks. This endpoint MUST ONLY be used in scenarios such as native mobile apps (React Native, Objective C, Swift, Java, ...). More information can be found at [Ory Kratos Email and Phone Verification Documentation](https://www.ory.sh/docs/kratos/self-service/flows/verify-email-account-activation). - - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - - @return V0alpha2ApiApiInitializeSelfServiceVerificationFlowWithoutBrowserRequest + * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + * @return V0alpha2ApiApiInitializeSelfServiceVerificationFlowWithoutBrowserRequest */ func (a *V0alpha2ApiService) InitializeSelfServiceVerificationFlowWithoutBrowser(ctx context.Context) V0alpha2ApiApiInitializeSelfServiceVerificationFlowWithoutBrowserRequest { return V0alpha2ApiApiInitializeSelfServiceVerificationFlowWithoutBrowserRequest{ @@ -5674,12 +5666,12 @@ func (r V0alpha2ApiApiListSessionsRequest) Execute() ([]Session, *http.Response, } /* - - ListSessions This endpoints returns all other active sessions that belong to the logged-in user. The current session can be retrieved by calling the `/sessions/whoami` endpoint. - - This endpoint is useful for: + * ListSessions This endpoints returns all other active sessions that belong to the logged-in user. The current session can be retrieved by calling the `/sessions/whoami` endpoint. + * This endpoint is useful for: Displaying all other sessions that belong to the logged-in user - - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - - @return V0alpha2ApiApiListSessionsRequest + * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + * @return V0alpha2ApiApiListSessionsRequest */ func (a *V0alpha2ApiService) ListSessions(ctx context.Context) V0alpha2ApiApiListSessionsRequest { return V0alpha2ApiApiListSessionsRequest{ @@ -5829,13 +5821,13 @@ func (r V0alpha2ApiApiRevokeSessionRequest) Execute() (*http.Response, error) { } /* - - RevokeSession Calling this endpoint invalidates the specified session. The current session cannot be revoked. Session data are not deleted. - - This endpoint is useful for: + * RevokeSession Calling this endpoint invalidates the specified session. The current session cannot be revoked. Session data are not deleted. + * This endpoint is useful for: To forcefully logout the current user from another device or session - - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - - @param id ID is the session's ID. - - @return V0alpha2ApiApiRevokeSessionRequest + * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + * @param id ID is the session's ID. + * @return V0alpha2ApiApiRevokeSessionRequest */ func (a *V0alpha2ApiService) RevokeSession(ctx context.Context, id string) V0alpha2ApiApiRevokeSessionRequest { return V0alpha2ApiApiRevokeSessionRequest{ @@ -5964,12 +5956,12 @@ func (r V0alpha2ApiApiRevokeSessionsRequest) Execute() (*RevokedSessions, *http. } /* - - RevokeSessions Calling this endpoint invalidates all except the current session that belong to the logged-in user. Session data are not deleted. - - This endpoint is useful for: + * RevokeSessions Calling this endpoint invalidates all except the current session that belong to the logged-in user. Session data are not deleted. + * This endpoint is useful for: To forcefully logout the current user from all other devices and sessions - - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - - @return V0alpha2ApiApiRevokeSessionsRequest + * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + * @return V0alpha2ApiApiRevokeSessionsRequest */ func (a *V0alpha2ApiService) RevokeSessions(ctx context.Context) V0alpha2ApiApiRevokeSessionsRequest { return V0alpha2ApiApiRevokeSessionsRequest{ @@ -6133,8 +6125,8 @@ func (r V0alpha2ApiApiSubmitSelfServiceLoginFlowRequest) Execute() (*SuccessfulS } /* - - SubmitSelfServiceLoginFlow Submit a Login Flow - - :::info + * SubmitSelfServiceLoginFlow Submit a Login Flow + * :::info This endpoint is EXPERIMENTAL and subject to potential breaking changes in the future. @@ -6167,8 +6159,8 @@ case of an error, the `error.id` of the JSON response body can be one of: Most likely used in Social Sign In flows. More information can be found at [Ory Kratos User Login](https://www.ory.sh/docs/kratos/self-service/flows/user-login) and [User Registration Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-registration). - - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - - @return V0alpha2ApiApiSubmitSelfServiceLoginFlowRequest + * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + * @return V0alpha2ApiApiSubmitSelfServiceLoginFlowRequest */ func (a *V0alpha2ApiService) SubmitSelfServiceLoginFlow(ctx context.Context) V0alpha2ApiApiSubmitSelfServiceLoginFlowRequest { return V0alpha2ApiApiSubmitSelfServiceLoginFlowRequest{ @@ -6331,8 +6323,8 @@ func (r V0alpha2ApiApiSubmitSelfServiceLogoutFlowRequest) Execute() (*http.Respo } /* - - SubmitSelfServiceLogoutFlow Complete Self-Service Logout - - This endpoint logs out an identity in a self-service manner. + * SubmitSelfServiceLogoutFlow Complete Self-Service Logout + * This endpoint logs out an identity in a self-service manner. If the `Accept` HTTP header is not set to `application/json`, the browser will be redirected (HTTP 303 See Other) to the `return_to` parameter of the initial request or fall back to `urls.default_return_to`. @@ -6345,8 +6337,8 @@ with browsers (Chrome, Firefox, ...). For API clients you can call the `/self-service/logout/api` URL directly with the Ory Session Token. More information can be found at [Ory Kratos User Logout Documentation](https://www.ory.sh/docs/next/kratos/self-service/flows/user-logout). - - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - - @return V0alpha2ApiApiSubmitSelfServiceLogoutFlowRequest + * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + * @return V0alpha2ApiApiSubmitSelfServiceLogoutFlowRequest */ func (a *V0alpha2ApiService) SubmitSelfServiceLogoutFlow(ctx context.Context) V0alpha2ApiApiSubmitSelfServiceLogoutFlowRequest { return V0alpha2ApiApiSubmitSelfServiceLogoutFlowRequest{ @@ -6454,9 +6446,8 @@ func (r V0alpha2ApiApiSubmitSelfServiceLogoutFlowWithoutBrowserRequest) Execute( } /* - - SubmitSelfServiceLogoutFlowWithoutBrowser Perform Logout for APIs, Services, Apps, ... - - Use this endpoint to log out an identity using an Ory Session Token. If the Ory Session Token was successfully - + * SubmitSelfServiceLogoutFlowWithoutBrowser Perform Logout for APIs, Services, Apps, ... + * Use this endpoint to log out an identity using an Ory Session Token. If the Ory Session Token was successfully revoked, the server returns a 204 No Content response. A 204 No Content response is also sent when the Ory Session Token has been revoked already before. @@ -6464,8 +6455,8 @@ If the Ory Session Token is malformed or does not exist a 403 Forbidden response This endpoint does not remove any HTTP Cookies - use the Browser-Based Self-Service Logout Flow instead. - - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - - @return V0alpha2ApiApiSubmitSelfServiceLogoutFlowWithoutBrowserRequest + * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + * @return V0alpha2ApiApiSubmitSelfServiceLogoutFlowWithoutBrowserRequest */ func (a *V0alpha2ApiService) SubmitSelfServiceLogoutFlowWithoutBrowser(ctx context.Context) V0alpha2ApiApiSubmitSelfServiceLogoutFlowWithoutBrowserRequest { return V0alpha2ApiApiSubmitSelfServiceLogoutFlowWithoutBrowserRequest{ @@ -6597,9 +6588,8 @@ func (r V0alpha2ApiApiSubmitSelfServiceRecoveryFlowRequest) Execute() (*SelfServ } /* - - SubmitSelfServiceRecoveryFlow Complete Recovery Flow - - Use this endpoint to complete a recovery flow. This endpoint - + * SubmitSelfServiceRecoveryFlow Complete Recovery Flow + * Use this endpoint to complete a recovery flow. This endpoint behaves differently for API and browser flows and has several states: `choose_method` expects `flow` (in the URL query) and `email` (in the body) to be sent @@ -6615,8 +6605,8 @@ does not have any API capabilities. The server responds with a HTTP 303 See Othe a new Recovery Flow ID which contains an error message that the recovery link was invalid. More information can be found at [Ory Kratos Account Recovery Documentation](../self-service/flows/account-recovery). - - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - - @return V0alpha2ApiApiSubmitSelfServiceRecoveryFlowRequest + * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + * @return V0alpha2ApiApiSubmitSelfServiceRecoveryFlowRequest */ func (a *V0alpha2ApiService) SubmitSelfServiceRecoveryFlow(ctx context.Context) V0alpha2ApiApiSubmitSelfServiceRecoveryFlowRequest { return V0alpha2ApiApiSubmitSelfServiceRecoveryFlowRequest{ @@ -6774,9 +6764,8 @@ func (r V0alpha2ApiApiSubmitSelfServiceRegistrationFlowRequest) Execute() (*Succ } /* - - SubmitSelfServiceRegistrationFlow Submit a Registration Flow - - Use this endpoint to complete a registration flow by sending an identity's traits and password. This endpoint - + * SubmitSelfServiceRegistrationFlow Submit a Registration Flow + * Use this endpoint to complete a registration flow by sending an identity's traits and password. This endpoint behaves differently for API and browser flows. API flows expect `application/json` to be sent in the body and respond with @@ -6804,8 +6793,8 @@ case of an error, the `error.id` of the JSON response body can be one of: Most likely used in Social Sign In flows. More information can be found at [Ory Kratos User Login](https://www.ory.sh/docs/kratos/self-service/flows/user-login) and [User Registration Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-registration). - - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - - @return V0alpha2ApiApiSubmitSelfServiceRegistrationFlowRequest + * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + * @return V0alpha2ApiApiSubmitSelfServiceRegistrationFlowRequest */ func (a *V0alpha2ApiService) SubmitSelfServiceRegistrationFlow(ctx context.Context) V0alpha2ApiApiSubmitSelfServiceRegistrationFlowRequest { return V0alpha2ApiApiSubmitSelfServiceRegistrationFlowRequest{ @@ -6975,9 +6964,8 @@ func (r V0alpha2ApiApiSubmitSelfServiceSettingsFlowRequest) Execute() (*SelfServ } /* - - SubmitSelfServiceSettingsFlow Complete Settings Flow - - Use this endpoint to complete a settings flow by sending an identity's updated password. This endpoint - + * SubmitSelfServiceSettingsFlow Complete Settings Flow + * Use this endpoint to complete a settings flow by sending an identity's updated password. This endpoint behaves differently for API and browser flows. API-initiated flows expect `application/json` to be sent in the body and respond with @@ -7020,8 +7008,8 @@ identity logged in instead. Most likely used in Social Sign In flows. More information can be found at [Ory Kratos User Settings & Profile Management Documentation](../self-service/flows/user-settings). - - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - - @return V0alpha2ApiApiSubmitSelfServiceSettingsFlowRequest + * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + * @return V0alpha2ApiApiSubmitSelfServiceSettingsFlowRequest */ func (a *V0alpha2ApiService) SubmitSelfServiceSettingsFlow(ctx context.Context) V0alpha2ApiApiSubmitSelfServiceSettingsFlowRequest { return V0alpha2ApiApiSubmitSelfServiceSettingsFlowRequest{ @@ -7214,9 +7202,8 @@ func (r V0alpha2ApiApiSubmitSelfServiceVerificationFlowRequest) Execute() (*Self } /* - - SubmitSelfServiceVerificationFlow Complete Verification Flow - - Use this endpoint to complete a verification flow. This endpoint - + * SubmitSelfServiceVerificationFlow Complete Verification Flow + * Use this endpoint to complete a verification flow. This endpoint behaves differently for API and browser flows and has several states: `choose_method` expects `flow` (in the URL query) and `email` (in the body) to be sent @@ -7232,8 +7219,8 @@ does not have any API capabilities. The server responds with a HTTP 303 See Othe a new Verification Flow ID which contains an error message that the verification link was invalid. More information can be found at [Ory Kratos Email and Phone Verification Documentation](https://www.ory.sh/docs/kratos/selfservice/flows/verify-email-account-activation). - - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - - @return V0alpha2ApiApiSubmitSelfServiceVerificationFlowRequest + * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + * @return V0alpha2ApiApiSubmitSelfServiceVerificationFlowRequest */ func (a *V0alpha2ApiService) SubmitSelfServiceVerificationFlow(ctx context.Context) V0alpha2ApiApiSubmitSelfServiceVerificationFlowRequest { return V0alpha2ApiApiSubmitSelfServiceVerificationFlowRequest{ @@ -7386,9 +7373,8 @@ func (r V0alpha2ApiApiToSessionRequest) Execute() (*Session, *http.Response, err } /* - - ToSession Check Who the Current HTTP Session Belongs To - - Uses the HTTP Headers in the GET request to determine (e.g. by using checking the cookies) who is authenticated. - + * ToSession Check Who the Current HTTP Session Belongs To + * Uses the HTTP Headers in the GET request to determine (e.g. by using checking the cookies) who is authenticated. Returns a session object in the body or 401 if the credentials are invalid or no credentials were sent. Additionally when the request it successful it adds the user ID to the 'X-Kratos-Authenticated-Identity-Id' header in the response. @@ -7425,7 +7411,7 @@ AJAX calls. Remember to send credentials and set up CORS correctly! Reverse proxies and API Gateways Server-side calls - use the `X-Session-Token` header! -# This endpoint authenticates users by checking +This endpoint authenticates users by checking if the `Cookie` HTTP header was set containing an Ory Kratos Session Cookie; if the `Authorization: bearer ` HTTP header was set with a valid Ory Kratos Session Token; @@ -7437,8 +7423,8 @@ As explained above, this request may fail due to several reasons. The `error.id` `session_inactive`: No active session was found in the request (e.g. no Ory Session Cookie / Ory Session Token). `session_aal2_required`: An active session was found but it does not fulfil the Authenticator Assurance Level, implying that the session must (e.g.) authenticate the second factor. - - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - - @return V0alpha2ApiApiToSessionRequest + * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + * @return V0alpha2ApiApiToSessionRequest */ func (a *V0alpha2ApiService) ToSession(ctx context.Context) V0alpha2ApiApiToSessionRequest { return V0alpha2ApiApiToSessionRequest{ diff --git a/spec/api.json b/spec/api.json index b085802095cd..2675e62362a8 100755 --- a/spec/api.json +++ b/spec/api.json @@ -3902,7 +3902,7 @@ }, "/self-service/recovery/api": { "get": { - "description": "This endpoint initiates a recovery flow for API clients such as mobile devices, smart TVs, and so on.\n\nIf a valid provided session cookie or session token is provided, a 400 Bad Request error.\n\nTo fetch an existing recovery flow call `/self-service/recovery/flows?flow=\u003cflow_id\u003e`.\n\nYou MUST NOT use this endpoint in client-side (Single Page Apps, ReactJS, AngularJS) nor server-side (Java Server\nPages, NodeJS, PHP, Golang, ...) browser applications. Using this endpoint in these applications will make\nyou vulnerable to a variety of CSRF attacks.\n\nThis endpoint MUST ONLY be used in scenarios such as native mobile apps (React Native, Objective C, Swift, Java, ...).\n\n\nMore information can be found at [Ory Kratos Account Recovery Documentation](../self-service/flows/account-recovery).", + "description": "This endpoint initiates a recovery flow for API clients such as mobile devices, smart TVs, and so on.\n\nIf a valid provided session cookie or session token is provided, a 400 Bad Request error.\n\nTo fetch an existing recovery flow call `/self-service/recovery/flows?flow=\u003cflow_id\u003e`.\n\nYou MUST NOT use this endpoint in client-side (Single Page Apps, ReactJS, AngularJS) nor server-side (Java Server\nPages, NodeJS, PHP, Golang, ...) browser applications. Using this endpoint in these applications will make\nyou vulnerable to a variety of CSRF attacks.\n\nThis endpoint MUST ONLY be used in scenarios such as native mobile apps (React Native, Objective C, Swift, Java, ...).\n\nMore information can be found at [Ory Kratos Account Recovery Documentation](../self-service/flows/account-recovery).", "operationId": "initializeSelfServiceRecoveryFlowWithoutBrowser", "responses": { "200": { @@ -4882,7 +4882,7 @@ }, "/self-service/verification/flows": { "get": { - "description": "This endpoint returns a verification flow's context with, for example, error details and other information.\n\nBrowser flows expect the anti-CSRF cookie to be included in the request's HTTP Cookie Header.\nFor AJAX requests you must ensure that cookies are included in the request or requests will fail.\n\nIf you use the browser-flow for server-side apps, the services need to run on a common top-level-domain\nand you need to forward the incoming HTTP Cookie header to this endpoint:\n\n```js\npseudo-code example\nrouter.get('/recovery', async function (req, res) {\nconst flow = await client.getSelfServiceVerificationFlow(req.header('cookie'), req.query['flow'])\n\nres.render('verification', flow)\n})\n\nMore information can be found at [Ory Kratos Email and Phone Verification Documentation](https://www.ory.sh/docs/kratos/selfservice/flows/verify-email-account-activation).", + "description": "This endpoint returns a verification flow's context with, for example, error details and other information.\n\nBrowser flows expect the anti-CSRF cookie to be included in the request's HTTP Cookie Header.\nFor AJAX requests you must ensure that cookies are included in the request or requests will fail.\n\nIf you use the browser-flow for server-side apps, the services need to run on a common top-level-domain\nand you need to forward the incoming HTTP Cookie header to this endpoint:\n\n```js\npseudo-code example\nrouter.get('/recovery', async function (req, res) {\nconst flow = await client.getSelfServiceVerificationFlow(req.header('cookie'), req.query['flow'])\n\nres.render('verification', flow)\n})\n```\n\nMore information can be found at [Ory Kratos Email and Phone Verification Documentation](https://www.ory.sh/docs/kratos/selfservice/flows/verify-email-account-activation).", "operationId": "getSelfServiceVerificationFlow", "parameters": [ { diff --git a/spec/swagger.json b/spec/swagger.json index 3bab3006bcd5..f6b9963d7378 100755 --- a/spec/swagger.json +++ b/spec/swagger.json @@ -1346,7 +1346,7 @@ }, "/self-service/recovery/api": { "get": { - "description": "This endpoint initiates a recovery flow for API clients such as mobile devices, smart TVs, and so on.\n\nIf a valid provided session cookie or session token is provided, a 400 Bad Request error.\n\nTo fetch an existing recovery flow call `/self-service/recovery/flows?flow=\u003cflow_id\u003e`.\n\nYou MUST NOT use this endpoint in client-side (Single Page Apps, ReactJS, AngularJS) nor server-side (Java Server\nPages, NodeJS, PHP, Golang, ...) browser applications. Using this endpoint in these applications will make\nyou vulnerable to a variety of CSRF attacks.\n\nThis endpoint MUST ONLY be used in scenarios such as native mobile apps (React Native, Objective C, Swift, Java, ...).\n\n\nMore information can be found at [Ory Kratos Account Recovery Documentation](../self-service/flows/account-recovery).", + "description": "This endpoint initiates a recovery flow for API clients such as mobile devices, smart TVs, and so on.\n\nIf a valid provided session cookie or session token is provided, a 400 Bad Request error.\n\nTo fetch an existing recovery flow call `/self-service/recovery/flows?flow=\u003cflow_id\u003e`.\n\nYou MUST NOT use this endpoint in client-side (Single Page Apps, ReactJS, AngularJS) nor server-side (Java Server\nPages, NodeJS, PHP, Golang, ...) browser applications. Using this endpoint in these applications will make\nyou vulnerable to a variety of CSRF attacks.\n\nThis endpoint MUST ONLY be used in scenarios such as native mobile apps (React Native, Objective C, Swift, Java, ...).\n\nMore information can be found at [Ory Kratos Account Recovery Documentation](../self-service/flows/account-recovery).", "schemes": [ "http", "https" @@ -2131,7 +2131,7 @@ }, "/self-service/verification/flows": { "get": { - "description": "This endpoint returns a verification flow's context with, for example, error details and other information.\n\nBrowser flows expect the anti-CSRF cookie to be included in the request's HTTP Cookie Header.\nFor AJAX requests you must ensure that cookies are included in the request or requests will fail.\n\nIf you use the browser-flow for server-side apps, the services need to run on a common top-level-domain\nand you need to forward the incoming HTTP Cookie header to this endpoint:\n\n```js\npseudo-code example\nrouter.get('/recovery', async function (req, res) {\nconst flow = await client.getSelfServiceVerificationFlow(req.header('cookie'), req.query['flow'])\n\nres.render('verification', flow)\n})\n\nMore information can be found at [Ory Kratos Email and Phone Verification Documentation](https://www.ory.sh/docs/kratos/selfservice/flows/verify-email-account-activation).", + "description": "This endpoint returns a verification flow's context with, for example, error details and other information.\n\nBrowser flows expect the anti-CSRF cookie to be included in the request's HTTP Cookie Header.\nFor AJAX requests you must ensure that cookies are included in the request or requests will fail.\n\nIf you use the browser-flow for server-side apps, the services need to run on a common top-level-domain\nand you need to forward the incoming HTTP Cookie header to this endpoint:\n\n```js\npseudo-code example\nrouter.get('/recovery', async function (req, res) {\nconst flow = await client.getSelfServiceVerificationFlow(req.header('cookie'), req.query['flow'])\n\nres.render('verification', flow)\n})\n```\n\nMore information can be found at [Ory Kratos Email and Phone Verification Documentation](https://www.ory.sh/docs/kratos/selfservice/flows/verify-email-account-activation).", "produces": [ "application/json" ], From 866b472750fba7bf498d359796f24867af7270ad Mon Sep 17 00:00:00 2001 From: Jonas Hungershausen Date: Mon, 15 Aug 2022 16:46:51 +0200 Subject: [PATCH 220/411] fix: ignore CSRF for session extension on public route --- session/handler.go | 1 + session/handler_test.go | 29 ++++++++++++++++++++--------- 2 files changed, 21 insertions(+), 9 deletions(-) diff --git a/session/handler.go b/session/handler.go index 39ad0d9ad3ea..5f6ec9de752e 100644 --- a/session/handler.go +++ b/session/handler.go @@ -78,6 +78,7 @@ func (h *Handler) RegisterPublicRoutes(public *x.RouterPublic) { h.r.CSRFHandler().IgnorePath(RouteWhoami) h.r.CSRFHandler().IgnorePath(RouteCollection) h.r.CSRFHandler().IgnoreGlob(RouteCollection + "/*") + h.r.CSRFHandler().IgnoreGlob(RouteCollection + "/*/extend") h.r.CSRFHandler().IgnoreGlob(AdminRouteIdentity + "/*/sessions") for _, m := range []string{http.MethodGet, http.MethodHead, http.MethodPost, http.MethodPut, http.MethodPatch, http.MethodConnect, http.MethodOptions, http.MethodTrace} { diff --git a/session/handler_test.go b/session/handler_test.go index a129f2faadbc..92755f90d865 100644 --- a/session/handler_test.go +++ b/session/handler_test.go @@ -687,21 +687,22 @@ func TestHandlerSelfServiceSessionManagement(t *testing.T) { func TestHandlerRefreshSessionBySessionID(t *testing.T) { conf, reg := internal.NewFastRegistryWithMocks(t) - _, ts, _, _ := testhelpers.NewKratosServerWithCSRFAndRouters(t, reg) + publicServer, adminServer, _, _ := testhelpers.NewKratosServerWithCSRFAndRouters(t, reg) // set this intermediate because kratos needs some valid url for CRUDE operations conf.MustSet(config.ViperKeyPublicBaseURL, "http://example.com") testhelpers.SetDefaultIdentitySchema(conf, "file://./stub/identity.schema.json") - conf.MustSet(config.ViperKeyPublicBaseURL, ts.URL) + conf.MustSet(config.ViperKeyPublicBaseURL, adminServer.URL) + + i := identity.NewIdentity("") + require.NoError(t, reg.IdentityManager().Create(context.Background(), i)) + s := &Session{Identity: i, ExpiresAt: time.Now().Add(5 * time.Minute)} + require.NoError(t, reg.SessionPersister().UpsertSession(context.Background(), s)) t.Run("case=should return 200 after refreshing one session", func(t *testing.T) { client := testhelpers.NewClientWithCookies(t) - i := identity.NewIdentity("") - require.NoError(t, reg.IdentityManager().Create(context.Background(), i)) - s := &Session{Identity: i, ExpiresAt: time.Now().Add(5 * time.Minute)} - require.NoError(t, reg.SessionPersister().UpsertSession(context.Background(), s)) - req, _ := http.NewRequest("PATCH", ts.URL+"/admin/sessions/"+s.ID.String()+"/extend", nil) + req, _ := http.NewRequest("PATCH", adminServer.URL+"/admin/sessions/"+s.ID.String()+"/extend", nil) res, err := client.Do(req) require.NoError(t, err) require.Equal(t, http.StatusOK, res.StatusCode) @@ -712,7 +713,7 @@ func TestHandlerRefreshSessionBySessionID(t *testing.T) { t.Run("case=should return 400 when bad UUID is sent", func(t *testing.T) { client := testhelpers.NewClientWithCookies(t) - req, _ := http.NewRequest("PATCH", ts.URL+"/admin/sessions/BADUUID/extend", nil) + req, _ := http.NewRequest("PATCH", adminServer.URL+"/admin/sessions/BADUUID/extend", nil) res, err := client.Do(req) require.NoError(t, err) require.Equal(t, http.StatusBadRequest, res.StatusCode) @@ -721,9 +722,19 @@ func TestHandlerRefreshSessionBySessionID(t *testing.T) { t.Run("case=should return 404 when calling with missing UUID", func(t *testing.T) { client := testhelpers.NewClientWithCookies(t) someID, _ := uuid.NewV4() - req, _ := http.NewRequest("PATCH", ts.URL+"/admin/sessions/"+someID.String()+"/extend", nil) + req, _ := http.NewRequest("PATCH", adminServer.URL+"/admin/sessions/"+someID.String()+"/extend", nil) res, err := client.Do(req) require.NoError(t, err) require.Equal(t, http.StatusNotFound, res.StatusCode) }) + + t.Run("case=should return 404 when calling puplic server", func(t *testing.T) { + req := x.NewTestHTTPRequest(t, "PATCH", publicServer.URL+"/sessions/"+s.ID.String()+"/extend", nil) + + res, err := publicServer.Client().Do(req) + require.NoError(t, err) + assert.Equal(t, http.StatusNotFound, res.StatusCode) + body := ioutilx.MustReadAll(res.Body) + assert.NotEqual(t, gjson.GetBytes(body, "error.id").String(), "security_csrf_violation") + }) } From 3c00b66b373568ea1526b4649a7a8c18b3e6cee7 Mon Sep 17 00:00:00 2001 From: ory-bot <60093411+ory-bot@users.noreply.github.com> Date: Fri, 19 Aug 2022 14:35:39 +0000 Subject: [PATCH 221/411] autogen(docs): regenerate and update changelog [skip ci] --- CHANGELOG.md | 23 +++++++++++++++++++++-- 1 file changed, 21 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index e31b5286e583..e7fe91c37efd 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,7 +4,7 @@ **Table of Contents** -- [ (2022-08-04)](#2022-08-04) +- [ (2022-08-19)](#2022-08-19) - [Breaking Changes](#breaking-changes) - [Bug Fixes](#bug-fixes) - [Code Refactoring](#code-refactoring) @@ -263,7 +263,7 @@ -# [](https://github.com/ory/kratos/compare/v0.10.1...v) (2022-08-04) +# [](https://github.com/ory/kratos/compare/v0.10.1...v) (2022-08-19) ## Breaking Changes @@ -306,6 +306,9 @@ SDK Method `getJsonSchema` was renamed to `getIdentitySchema`. ([#2613](https://github.com/ory/kratos/issues/2613)) ([29aa3b6](https://github.com/ory/kratos/commit/29aa3b6c37b3a173dcfeb02fdad4abc83774bc0b)), closes [#2591](https://github.com/ory/kratos/issues/2591) +- **docker:** Add missing dependencies + ([#2643](https://github.com/ory/kratos/issues/2643)) + ([c589520](https://github.com/ory/kratos/commit/c589520ff865cefdb287e597b9e858851a778755)) - **docker:** Update images ([b5f80c1](https://github.com/ory/kratos/commit/b5f80c1198e4bb9ed392521daca934548eb21ee6)) - Duplicate messages in recovery flow @@ -319,6 +322,8 @@ SDK Method `getJsonSchema` was renamed to `getIdentitySchema`. ([#2517](https://github.com/ory/kratos/issues/2517)) ([c058e23](https://github.com/ory/kratos/commit/c058e23599d994e12b676e87f7282c1f2b2e089c)), closes [#2426](https://github.com/ory/kratos/issues/2426) +- Ignore CSRF for session extension on public route + ([866b472](https://github.com/ory/kratos/commit/866b472750fba7bf498d359796f24867af7270ad)) - Improve migration status speed ([#2637](https://github.com/ory/kratos/issues/2637)) ([a2e3c41](https://github.com/ory/kratos/commit/a2e3c41f9e513e1de47f6320f6a10acd1fed5eea)) @@ -346,6 +351,12 @@ SDK Method `getJsonSchema` was renamed to `getIdentitySchema`. - Remove newline sign from email subject ([#2576](https://github.com/ory/kratos/issues/2576)) ([ca3d9c2](https://github.com/ory/kratos/commit/ca3d9c24e25ce501e9eae23547f87e1c35b2ea97)) +- Replace io/util usage by io and os package + ([e2d805b](https://github.com/ory/kratos/commit/e2d805b7e336d202f7cf3c2e0ce586d78ac03cc0)) +- Resolve bug where 500s in web hooks are not properly retried + ([e572e81](https://github.com/ory/kratos/commit/e572e8185e17839addabf2a72f4e9921bda8b47a)) +- Respect more http sources for computing request URL + ([66a9448](https://github.com/ory/kratos/commit/66a94488eb2fc778a00a5c69916e7958b3535440)) - Return browser to 'return_to' when logging in without registered account using oidc. ([#2496](https://github.com/ory/kratos/issues/2496)) ([a4194f5](https://github.com/ory/kratos/commit/a4194f58dd4ccecca6698d5b43284d857a70a221)), @@ -353,6 +364,8 @@ SDK Method `getJsonSchema` was renamed to `getIdentitySchema`. - Return empty array not null when there are no sessions ([#2548](https://github.com/ory/kratos/issues/2548)) ([fffba47](https://github.com/ory/kratos/commit/fffba473440fec3118a3951b697d5a0d2d4e30d6)) +- Revert Go 1.19 formatting changes + ([7fb085b](https://github.com/ory/kratos/commit/7fb085b6ca4fbfe2978998bea868959966ae193d)) - Revert removal of required field in uiNodeInputAttributes ([#2623](https://github.com/ory/kratos/issues/2623)) ([fee154b](https://github.com/ory/kratos/commit/fee154b28dfb3007f8d20a807cfd6d362c3bd9e7)) @@ -368,6 +381,8 @@ SDK Method `getJsonSchema` was renamed to `getIdentitySchema`. ([c36ca53](https://github.com/ory/kratos/commit/c36ca53d4552596e62ec323795c3bf21438d4f26)) - Use errors instead of fatal for serve cmd ([02f7e9c](https://github.com/ory/kratos/commit/02f7e9cfd17ab60c3f38aab3ae977c427b26990d)) +- Use full URL for webhook payload + ([72595ad](https://github.com/ory/kratos/commit/72595adcb68a1a2d350c4687328653e28d888847)) - Wrap migration error in WithStack ([#2636](https://github.com/ory/kratos/issues/2636)) ([4ce9f1e](https://github.com/ory/kratos/commit/4ce9f1ebb39cccfd36c4f0fb4a2ae2a17fbc18cc)) @@ -430,6 +445,8 @@ SDK Method `getJsonSchema` was renamed to `getIdentitySchema`. ([e48e9fa](https://github.com/ory/kratos/commit/e48e9fac7ab6a982e0e941bfea1d15569eb53582)), closes [#1724](https://github.com/ory/kratos/issues/1724) [#1483](https://github.com/ory/kratos/issues/1483) +- Improve state generation logic + ([546ee3d](https://github.com/ory/kratos/commit/546ee3dc900874bc0614923b10697388c4e7676b)) - Replace message_ttl with static max retry count ([#2638](https://github.com/ory/kratos/issues/2638)) ([b341756](https://github.com/ory/kratos/commit/b341756130ee808ddcc003163884f09e3f006d0a)): @@ -461,6 +478,8 @@ SDK Method `getJsonSchema` was renamed to `getIdentitySchema`. - Parallelize and speed up config tests ([#2611](https://github.com/ory/kratos/issues/2611)) ([d8dea01](https://github.com/ory/kratos/commit/d8dea0138b09d4dff3c30aa14e0e99e423b355fe)) +- Resolve builder regression + ([934c30d](https://github.com/ory/kratos/commit/934c30d6064d1e7dfc59f4eef43d096e977c113e)) - Try and recover from allocated port error ([3b5ac5f](https://github.com/ory/kratos/commit/3b5ac5ff03b653191c1979fe1e4e9a4ea3ed7d36)) From b0d8f3853886228a64e82437643a82b3970d6ff7 Mon Sep 17 00:00:00 2001 From: aeneasr <3372410+aeneasr@users.noreply.github.com> Date: Thu, 4 Aug 2022 22:47:37 +0200 Subject: [PATCH 222/411] refactor: hot reloading --- cipher/aes.go | 6 +- cipher/chacha20.go | 6 +- cipher/cipher.go | 2 +- cipher/cipher_test.go | 17 +- cmd/cliclient/cleanup.go | 14 +- cmd/cliclient/migrate.go | 39 +- cmd/courier/watch.go | 45 +- cmd/courier/watch_test.go | 8 +- cmd/daemon/serve.go | 63 +- cmd/hashers/argon2/hash.go | 2 + cmd/hashers/argon2/loadtest.go | 2 + cmd/hashers/argon2/root.go | 9 +- cmd/serve/root.go | 12 +- continuity/container.go | 4 +- continuity/manager_test.go | 3 +- corp/context.go | 24 - corp/context_test.go | 33 - courier/courier.go | 2 +- courier/courier_dispatcher.go | 2 +- courier/courier_dispatcher_test.go | 6 +- courier/message.go | 4 +- courier/sms.go | 7 +- courier/sms_test.go | 23 +- courier/smtp.go | 14 +- courier/smtp_test.go | 23 +- courier/template/email/recovery_invalid.go | 6 +- courier/template/email/recovery_valid.go | 6 +- courier/template/email/stub.go | 6 +- .../template/email/verification_invalid.go | 6 +- courier/template/email/verification_valid.go | 6 +- courier/template/load_template_test.go | 2 +- courier/template/sms/otp.go | 2 +- courier/template/sms/stub.go | 2 +- courier/template/template.go | 2 +- courier/template/testhelpers/testhelpers.go | 2 +- courier/test/persistence.go | 4 +- driver/config/config.go | 621 +++++++++--------- driver/config/config_test.go | 462 ++++++------- driver/config/handler.go | 2 +- driver/config/handler_test.go | 4 +- driver/factory.go | 43 +- driver/factory_test.go | 10 +- driver/registry.go | 10 +- driver/registry_default.go | 77 ++- driver/registry_default_login.go | 6 +- driver/registry_default_recovery.go | 4 +- driver/registry_default_registration.go | 10 +- driver/registry_default_schemas.go | 2 +- driver/registry_default_schemas_test.go | 4 +- driver/registry_default_settings.go | 10 +- driver/registry_default_test.go | 85 +-- driver/registry_default_verify.go | 5 +- hash/hasher.go | 2 +- hash/hasher_argon2.go | 2 +- hash/hasher_bcrypt.go | 2 +- identity/credentials.go | 11 +- identity/handler.go | 6 +- identity/handler_import.go | 2 +- identity/handler_test.go | 8 +- identity/identity.go | 6 +- identity/identity_recovery.go | 4 +- identity/identity_verification.go | 3 +- identity/manager.go | 2 +- identity/manager_test.go | 10 +- identity/test/pool.go | 4 +- identity/validator.go | 2 +- identity/validator_test.go | 6 +- internal/driver.go | 18 +- internal/registrationhelpers/helpers.go | 25 +- internal/settingshelpers/helpers.go | 4 +- internal/testhelpers/config.go | 9 +- internal/testhelpers/e2e_server.go | 2 - internal/testhelpers/errorx.go | 8 +- internal/testhelpers/handler_mock.go | 7 +- internal/testhelpers/identity.go | 2 +- internal/testhelpers/identity_schema.go | 4 +- internal/testhelpers/selfservice.go | 54 +- internal/testhelpers/selfservice_login.go | 6 +- internal/testhelpers/selfservice_recovery.go | 3 +- .../testhelpers/selfservice_registration.go | 3 +- internal/testhelpers/selfservice_settings.go | 23 +- .../testhelpers/selfservice_verification.go | 3 +- internal/testhelpers/server.go | 18 +- internal/testhelpers/session.go | 17 +- internal/testhelpers/strategies.go | 4 +- main.go | 3 - persistence/reference.go | 2 +- persistence/sql/migratest/migration_test.go | 11 +- persistence/sql/persister.go | 15 +- persistence/sql/persister_cleanup_test.go | 32 +- persistence/sql/persister_continuity.go | 10 +- persistence/sql/persister_courier.go | 17 +- persistence/sql/persister_errorx.go | 18 +- persistence/sql/persister_hmac.go | 4 +- persistence/sql/persister_hmac_test.go | 22 +- persistence/sql/persister_identity.go | 54 +- persistence/sql/persister_login.go | 10 +- persistence/sql/persister_recovery.go | 17 +- persistence/sql/persister_registration.go | 10 +- persistence/sql/persister_session.go | 36 +- persistence/sql/persister_settings.go | 10 +- persistence/sql/persister_test.go | 6 +- persistence/sql/persister_verification.go | 17 +- schema/handler.go | 2 +- schema/handler_test.go | 8 +- selfservice/errorx/error.go | 4 +- selfservice/errorx/manager.go | 2 +- selfservice/flow/error.go | 5 +- selfservice/flow/login/error.go | 4 +- selfservice/flow/login/error_test.go | 9 +- selfservice/flow/login/flow.go | 12 +- selfservice/flow/login/flow_test.go | 4 +- selfservice/flow/login/handler.go | 18 +- selfservice/flow/login/handler_test.go | 20 +- selfservice/flow/login/hook.go | 14 +- selfservice/flow/login/hook_test.go | 15 +- selfservice/flow/logout/handler.go | 8 +- selfservice/flow/logout/handler_test.go | 2 +- selfservice/flow/recovery/error.go | 8 +- selfservice/flow/recovery/error_test.go | 9 +- selfservice/flow/recovery/flow.go | 11 +- selfservice/flow/recovery/flow_test.go | 7 +- selfservice/flow/recovery/handler.go | 18 +- selfservice/flow/recovery/handler_test.go | 21 +- selfservice/flow/recovery/hook_test.go | 9 +- selfservice/flow/registration/decoder.go | 2 +- selfservice/flow/registration/error.go | 6 +- selfservice/flow/registration/error_test.go | 9 +- selfservice/flow/registration/flow.go | 12 +- selfservice/flow/registration/flow_test.go | 4 +- selfservice/flow/registration/handler.go | 21 +- selfservice/flow/registration/handler_test.go | 26 +- selfservice/flow/registration/hook.go | 12 +- selfservice/flow/registration/hook_test.go | 9 +- selfservice/flow/request.go | 2 +- selfservice/flow/request_test.go | 4 +- selfservice/flow/settings/error.go | 14 +- selfservice/flow/settings/error_test.go | 13 +- selfservice/flow/settings/flow.go | 12 +- selfservice/flow/settings/flow_test.go | 4 +- selfservice/flow/settings/handler.go | 20 +- selfservice/flow/settings/handler_test.go | 41 +- selfservice/flow/settings/hook.go | 14 +- selfservice/flow/settings/hook_test.go | 14 +- selfservice/flow/settings/strategy_helper.go | 2 +- selfservice/flow/verification/error.go | 8 +- selfservice/flow/verification/error_test.go | 9 +- selfservice/flow/verification/flow.go | 11 +- selfservice/flow/verification/flow_test.go | 7 +- selfservice/flow/verification/handler.go | 18 +- selfservice/flow/verification/handler_test.go | 11 +- selfservice/flow/verification/hook_test.go | 7 +- selfservice/flowhelpers/login_test.go | 3 +- selfservice/hook/session_destroyer_test.go | 3 +- selfservice/hook/session_issuer_test.go | 3 +- selfservice/hook/verification.go | 6 +- selfservice/hook/verification_test.go | 9 +- selfservice/hook/web_hook_integration_test.go | 5 +- selfservice/strategy/handler.go | 6 +- selfservice/strategy/link/sender.go | 8 +- selfservice/strategy/link/sender_test.go | 15 +- .../strategy/link/strategy_recovery.go | 28 +- .../strategy/link/strategy_recovery_test.go | 49 +- selfservice/strategy/link/strategy_test.go | 14 +- .../strategy/link/strategy_verification.go | 26 +- .../link/strategy_verification_test.go | 27 +- selfservice/strategy/link/test/persistence.go | 2 +- selfservice/strategy/link/token_recovery.go | 4 +- .../strategy/link/token_verification.go | 10 +- selfservice/strategy/lookup/login.go | 2 +- selfservice/strategy/lookup/login_test.go | 11 +- selfservice/strategy/lookup/settings.go | 4 +- selfservice/strategy/lookup/settings_test.go | 19 +- selfservice/strategy/oidc/provider_auth0.go | 2 +- .../strategy/oidc/provider_config_test.go | 5 +- .../strategy/oidc/provider_dingtalk.go | 2 +- selfservice/strategy/oidc/provider_discord.go | 2 +- .../strategy/oidc/provider_generic_oidc.go | 2 +- .../strategy/oidc/provider_generic_test.go | 7 +- selfservice/strategy/oidc/provider_github.go | 2 +- .../strategy/oidc/provider_github_app.go | 2 +- selfservice/strategy/oidc/provider_gitlab.go | 2 +- selfservice/strategy/oidc/provider_netid.go | 2 +- .../oidc/provider_private_net_test.go | 3 +- selfservice/strategy/oidc/provider_slack.go | 2 +- selfservice/strategy/oidc/provider_spotify.go | 4 +- selfservice/strategy/oidc/provider_vk.go | 2 +- selfservice/strategy/oidc/provider_yandex.go | 2 +- selfservice/strategy/oidc/strategy.go | 8 +- .../strategy/oidc/strategy_helper_test.go | 15 +- .../strategy/oidc/strategy_registration.go | 10 +- .../strategy/oidc/strategy_settings.go | 18 +- .../strategy/oidc/strategy_settings_test.go | 18 +- selfservice/strategy/oidc/strategy_test.go | 11 +- selfservice/strategy/password/login.go | 8 +- selfservice/strategy/password/login_test.go | 23 +- selfservice/strategy/password/registration.go | 8 +- .../strategy/password/registration_test.go | 40 +- selfservice/strategy/password/settings.go | 6 +- .../strategy/password/settings_test.go | 25 +- .../strategy/password/strategy_test.go | 3 +- selfservice/strategy/password/validator.go | 7 +- .../strategy/password/validator_test.go | 35 +- selfservice/strategy/profile/strategy.go | 9 +- selfservice/strategy/profile/strategy_test.go | 23 +- selfservice/strategy/totp/generator.go | 2 +- selfservice/strategy/totp/generator_test.go | 5 +- selfservice/strategy/totp/login.go | 2 +- selfservice/strategy/totp/login_test.go | 16 +- selfservice/strategy/totp/settings.go | 4 +- selfservice/strategy/totp/settings_test.go | 21 +- selfservice/strategy/webauthn/login.go | 18 +- selfservice/strategy/webauthn/login_test.go | 20 +- selfservice/strategy/webauthn/registration.go | 14 +- .../strategy/webauthn/registration_test.go | 30 +- selfservice/strategy/webauthn/settings.go | 12 +- .../strategy/webauthn/settings_test.go | 28 +- selfservice/strategy/webauthn/strategy.go | 6 +- .../strategy/webauthn/strategy_test.go | 2 +- session/handler.go | 15 +- session/handler_test.go | 53 +- session/manager_http.go | 20 +- session/manager_http_test.go | 77 +-- session/persistence.go | 2 +- session/session.go | 23 +- session/session_test.go | 24 +- x/http_secure_redirect.go | 6 +- x/http_secure_redirect_test.go | 9 +- x/nosurf.go | 12 +- x/nosurf_test.go | 17 +- x/redir.go | 4 +- x/redir_test.go | 6 +- x/servicelocatorx/config.go | 26 + 233 files changed, 2052 insertions(+), 1849 deletions(-) delete mode 100644 corp/context_test.go create mode 100644 x/servicelocatorx/config.go diff --git a/cipher/aes.go b/cipher/aes.go index 39aeaf0f7d53..ea2d34aaec69 100644 --- a/cipher/aes.go +++ b/cipher/aes.go @@ -33,11 +33,11 @@ func (a *AES) Encrypt(ctx context.Context, message []byte) (string, error) { return "", nil } - if len(a.c.Config(ctx).SecretsCipher()) == 0 { + if len(a.c.Config().SecretsCipher(ctx)) == 0 { return "", errors.WithStack(herodot.ErrInternalServerError.WithReason("Unable to encrypt message because no cipher secrets were configured.")) } - ciphertext, err := cryptopasta.Encrypt(message, &a.c.Config(ctx).SecretsCipher()[0]) + ciphertext, err := cryptopasta.Encrypt(message, &a.c.Config().SecretsCipher(ctx)[0]) return hex.EncodeToString(ciphertext), errors.WithStack(err) } @@ -49,7 +49,7 @@ func (a *AES) Decrypt(ctx context.Context, ciphertext string) ([]byte, error) { return nil, nil } - secrets := a.c.Config(ctx).SecretsCipher() + secrets := a.c.Config().SecretsCipher(ctx) if len(secrets) == 0 { return nil, errors.WithStack(herodot.ErrInternalServerError.WithReason("Unable to decipher the encrypted message because no AES secrets were configured.")) } diff --git a/cipher/chacha20.go b/cipher/chacha20.go index 58285d561b70..51bbc4399fb2 100644 --- a/cipher/chacha20.go +++ b/cipher/chacha20.go @@ -31,11 +31,11 @@ func (c *XChaCha20Poly1305) Encrypt(ctx context.Context, message []byte) (string return "", nil } - if len(c.c.Config(ctx).SecretsCipher()) == 0 { + if len(c.c.Config().SecretsCipher(ctx)) == 0 { return "", errors.WithStack(herodot.ErrInternalServerError.WithReason("Unable to encrypt message because no cipher secrets were configured.")) } - aead, err := chacha20poly1305.NewX(c.c.Config(ctx).SecretsCipher()[0][:]) + aead, err := chacha20poly1305.NewX(c.c.Config().SecretsCipher(ctx)[0][:]) if err != nil { return "", herodot.ErrInternalServerError.WithWrap(err).WithReason("Unable to generate key") } @@ -56,7 +56,7 @@ func (c *XChaCha20Poly1305) Decrypt(ctx context.Context, ciphertext string) ([]b return nil, nil } - secrets := c.c.Config(ctx).SecretsCipher() + secrets := c.c.Config().SecretsCipher(ctx) if len(secrets) == 0 { return nil, errors.WithStack(herodot.ErrInternalServerError.WithReason("Unable to decipher the encrypted message because no cipher secrets were configured.")) } diff --git a/cipher/cipher.go b/cipher/cipher.go index 91a2f7506e10..402ede523727 100644 --- a/cipher/cipher.go +++ b/cipher/cipher.go @@ -18,5 +18,5 @@ type Cipher interface { } type Provider interface { - Cipher() Cipher + Cipher(ctx context.Context) Cipher } diff --git a/cipher/cipher_test.go b/cipher/cipher_test.go index bc9676f50265..844e56e4c6ae 100644 --- a/cipher/cipher_test.go +++ b/cipher/cipher_test.go @@ -16,6 +16,7 @@ import ( ) func TestCipher(t *testing.T) { + ctx := context.Background() cfg, reg := internal.NewFastRegistryWithMocks(t) goodSecret := []string{"secret-thirty-two-character-long"} @@ -28,13 +29,13 @@ func TestCipher(t *testing.T) { t.Run(fmt.Sprintf("cipher=%T", c), func(t *testing.T) { t.Run("case=all_work", func(t *testing.T) { - cfg.MustSet(config.ViperKeySecretsCipher, goodSecret) + cfg.MustSet(ctx, config.ViperKeySecretsCipher, goodSecret) testAllWork(t, c, cfg) }) t.Run("case=encryption_failed", func(t *testing.T) { // unset secret - err := cfg.Set(config.ViperKeySecretsCipher, []string{}) + err := cfg.Set(ctx, config.ViperKeySecretsCipher, []string{}) require.NoError(t, err) // secret have to be set @@ -42,7 +43,7 @@ func TestCipher(t *testing.T) { require.Error(t, err) // unset secret - err = cfg.Set(config.ViperKeySecretsCipher, []string{"bad-length"}) + err = cfg.Set(ctx, config.ViperKeySecretsCipher, []string{"bad-length"}) require.NoError(t, err) // bad secret length @@ -56,7 +57,7 @@ func TestCipher(t *testing.T) { t.Run("case=decryption_failed", func(t *testing.T) { // set secret - err := cfg.Set(config.ViperKeySecretsCipher, goodSecret) + err := cfg.Set(ctx, config.ViperKeySecretsCipher, goodSecret) require.NoError(t, err) // @@ -67,7 +68,7 @@ func TestCipher(t *testing.T) { require.Error(t, err) // unset secret - err = cfg.Set(config.ViperKeySecretsCipher, []string{}) + err = cfg.Set(ctx, config.ViperKeySecretsCipher, []string{}) require.NoError(t, err) _, err = c.Decrypt(context.Background(), "not-empty") @@ -77,14 +78,16 @@ func TestCipher(t *testing.T) { } c := cipher.NewNoop(reg) t.Run(fmt.Sprintf("cipher=%T", c), func(t *testing.T) { - cfg.MustSet(config.ViperKeySecretsCipher, goodSecret) + cfg.MustSet(ctx, config.ViperKeySecretsCipher, goodSecret) testAllWork(t, c, cfg) }) } func testAllWork(t *testing.T, c cipher.Cipher, cfg *config.Config) { + ctx := context.Background() + goodSecret := []string{"secret-thirty-two-character-long"} - cfg.MustSet(config.ViperKeySecretsCipher, goodSecret) + cfg.MustSet(ctx, config.ViperKeySecretsCipher, goodSecret) message := "my secret message!" diff --git a/cmd/cliclient/cleanup.go b/cmd/cliclient/cleanup.go index 4cf9b95e0e70..3627a6e7c339 100644 --- a/cmd/cliclient/cleanup.go +++ b/cmd/cliclient/cleanup.go @@ -3,6 +3,8 @@ package cliclient import ( "github.com/pkg/errors" + "github.com/ory/x/contextx" + "github.com/ory/x/configx" "github.com/spf13/cobra" @@ -31,16 +33,18 @@ func (h *CleanupHandler) CleanupSQL(cmd *cobra.Command, args []string) error { opts = append(opts, configx.WithValue(config.ViperKeyDSN, args[0])) } - d := driver.NewWithoutInit( + d, err := driver.NewWithoutInit( cmd.Context(), cmd.ErrOrStderr(), opts..., ) - if len(d.Config(cmd.Context()).DSN()) == 0 { + if len(d.Config().DSN(cmd.Context())) == 0 { return errors.New(`required config value "dsn" was not set`) + } else if err != nil { + return errors.Wrap(err, "An error occurred initializing cleanup") } - err := d.Init(cmd.Context(), driver.SkipNetworkInit) + err = d.Init(cmd.Context(), &contextx.Default{}, driver.SkipNetworkInit) if err != nil { return errors.Wrap(err, "An error occurred initializing cleanup") } @@ -49,9 +53,9 @@ func (h *CleanupHandler) CleanupSQL(cmd *cobra.Command, args []string) error { err = d.Persister().CleanupDatabase( cmd.Context(), - d.Config(cmd.Context()).DatabaseCleanupSleepTables(), + d.Config().DatabaseCleanupSleepTables(cmd.Context()), keepLast, - d.Config(cmd.Context()).DatabaseCleanupBatchSize()) + d.Config().DatabaseCleanupBatchSize(cmd.Context())) if err != nil { return errors.Wrap(err, "An error occurred while cleaning up expired data") } diff --git a/cmd/cliclient/migrate.go b/cmd/cliclient/migrate.go index 9872d1e3f180..e6729da700d1 100644 --- a/cmd/cliclient/migrate.go +++ b/cmd/cliclient/migrate.go @@ -7,6 +7,10 @@ import ( "os" "strings" + "github.com/pkg/errors" + + "github.com/ory/x/contextx" + "github.com/ory/x/configx" "github.com/spf13/cobra" @@ -23,42 +27,52 @@ func NewMigrateHandler() *MigrateHandler { return &MigrateHandler{} } -func (h *MigrateHandler) MigrateSQL(cmd *cobra.Command, args []string) { +func (h *MigrateHandler) MigrateSQL(cmd *cobra.Command, args []string) error { var d driver.Registry + var err error if flagx.MustGetBool(cmd, "read-from-env") { - d = driver.NewWithoutInit( + d, err = driver.NewWithoutInit( cmd.Context(), cmd.ErrOrStderr(), configx.WithFlags(cmd.Flags()), configx.SkipValidation()) - if len(d.Config(cmd.Context()).DSN()) == 0 { + if len(d.Config().DSN(cmd.Context())) == 0 { fmt.Println(cmd.UsageString()) fmt.Println("") fmt.Println("When using flag -e, environment variable DSN must be set") - os.Exit(1) - return + return cmdx.FailSilently(cmd) + } + if err != nil { + return err } } else { if len(args) != 1 { fmt.Println(cmd.UsageString()) - os.Exit(1) - return + return cmdx.FailSilently(cmd) } - d = driver.NewWithoutInit( + d, err = driver.NewWithoutInit( cmd.Context(), cmd.ErrOrStderr(), configx.WithFlags(cmd.Flags()), configx.SkipValidation(), configx.WithValue(config.ViperKeyDSN, args[0])) + if err != nil { + return err + } } - err := d.Init(cmd.Context(), driver.SkipNetworkInit) + err = d.Init(cmd.Context(), &contextx.Default{}, driver.SkipNetworkInit) cmdx.Must(err, "An error occurred initializing migrations: %s", err) + if err != nil { + return errors.Wrap(err, "an error occurred initializing migrations") + } var plan bytes.Buffer - statuses, err := d.Persister().MigrationStatus(cmd.Context()) - cmdx.Must(err, "An error occurred planning migrations:%s \n-- Migration Plan --\n%s", err, statuses.Write(&plan)) + _, err = d.Persister().MigrationStatus(cmd.Context()) + if err != nil { + return errors.Wrap(err, "an error occurred planning migrations:") + } if !flagx.MustGetBool(cmd, "yes") { fmt.Println("The following migration is planned:") @@ -68,13 +82,14 @@ func (h *MigrateHandler) MigrateSQL(cmd *cobra.Command, args []string) { fmt.Println("To skip the next question use flag --yes (at your own risk).") if !askForConfirmation("Do you wish to execute this migration plan?") { fmt.Println("Migration aborted.") - return + return cmdx.FailSilently(cmd) } } err = d.Persister().MigrateUp(cmd.Context()) cmdx.Must(err, "An error occurred while connecting to SQL: %s", err) fmt.Println("Successfully applied SQL migrations!") + return nil } func askForConfirmation(s string) bool { diff --git a/cmd/courier/watch.go b/cmd/courier/watch.go index 6a12e18c0416..b966e4c422f7 100644 --- a/cmd/courier/watch.go +++ b/cmd/courier/watch.go @@ -4,6 +4,8 @@ import ( cx "context" "net/http" + "golang.org/x/sync/errgroup" + "github.com/spf13/cobra" "github.com/urfave/negroni" @@ -19,33 +21,44 @@ func NewWatchCmd() *cobra.Command { var c = &cobra.Command{ Use: "watch", Short: "Starts the Ory Kratos message courier", - Run: func(cmd *cobra.Command, args []string) { - r := driver.New(cmd.Context(), cmd.ErrOrStderr(), configx.WithFlags(cmd.Flags())) - StartCourier(cmd.Context(), r) + RunE: func(cmd *cobra.Command, args []string) error { + r, err := driver.New(cmd.Context(), cmd.ErrOrStderr(), configx.WithFlags(cmd.Flags())) + if err != nil { + return err + } + + return StartCourier(cmd.Context(), r) }, } c.PersistentFlags().Int("expose-metrics-port", 0, "The port to expose the metrics endpoint on (not exposed by default)") return c } -func StartCourier(ctx cx.Context, r driver.Registry) { - c := r.Config(ctx) +func StartCourier(ctx cx.Context, r driver.Registry) error { + eg, ctx := errgroup.WithContext(ctx) - if c.CourierExposeMetricsPort() != 0 { - go ServeMetrics(ctx, r) + if r.Config().CourierExposeMetricsPort(ctx) != 0 { + eg.Go(func() error { + return ServeMetrics(ctx, r) + }) } - Watch(ctx, r) + + eg.Go(func() error { + return Watch(ctx, r) + }) + + return eg.Wait() } -func ServeMetrics(ctx cx.Context, r driver.Registry) { - c := r.Config(ctx) +func ServeMetrics(ctx cx.Context, r driver.Registry) error { + c := r.Config() l := r.Logger() n := negroni.New() router := x.NewRouterAdmin() r.MetricsHandler().SetRoutes(router.Router) - n.Use(reqlog.NewMiddlewareFromLogger(l, "admin#"+c.SelfPublicURL().String())) + n.Use(reqlog.NewMiddlewareFromLogger(l, "admin#"+c.SelfPublicURL(ctx).String())) n.Use(r.PrometheusManager()) n.UseHandler(router) @@ -57,7 +70,7 @@ func ServeMetrics(ctx cx.Context, r driver.Registry) { // #nosec G112 - the correct settings are set by graceful.WithDefaults server := graceful.WithDefaults(&http.Server{ - Addr: c.MetricsListenOn(), + Addr: c.MetricsListenOn(ctx), Handler: handler, }) @@ -79,12 +92,14 @@ func ServeMetrics(ctx cx.Context, r driver.Registry) { } }, server.Shutdown); err != nil { l.Errorln("Failed to gracefully shutdown metrics httpd") + return err } else { l.Println("Metrics httpd was shutdown gracefully") } + return nil } -func Watch(ctx cx.Context, r driver.Registry) { +func Watch(ctx cx.Context, r driver.Registry) error { ctx, cancel := cx.WithCancel(ctx) r.Logger().Println("Courier worker started.") @@ -94,8 +109,10 @@ func Watch(ctx cx.Context, r driver.Registry) { cancel() return nil }); err != nil { - r.Logger().WithError(err).Fatalf("Failed to run courier worker.") + r.Logger().WithError(err).Error("Failed to run courier worker.") + return err } r.Logger().Println("Courier worker was shutdown gracefully.") + return nil } diff --git a/cmd/courier/watch_test.go b/cmd/courier/watch_test.go index 96f47385aca3..5c4d17305b23 100644 --- a/cmd/courier/watch_test.go +++ b/cmd/courier/watch_test.go @@ -18,19 +18,19 @@ func TestStartCourier(t *testing.T) { _, r := internal.NewFastRegistryWithMocks(t) go StartCourier(ctx, r) time.Sleep(time.Second) - require.Equal(t, r.Config(ctx).CourierExposeMetricsPort(), 0) + require.Equal(t, r.Config().CourierExposeMetricsPort(ctx), 0) cancel() - }) + t.Run("case=with metrics", func(t *testing.T) { ctx, cancel := context.WithCancel(context.Background()) _, r := internal.NewFastRegistryWithMocks(t) port, err := freeport.GetFreePort() require.NoError(t, err) - r.Config(ctx).Set("expose-metrics-port", port) + r.Config().Set(ctx, "expose-metrics-port", port) go StartCourier(ctx, r) time.Sleep(time.Second) - res, err := http.Get("http://" + r.Config(ctx).MetricsListenOn() + "/metrics/prometheus") + res, err := http.Get("http://" + r.Config().MetricsListenOn(ctx) + "/metrics/prometheus") require.NoError(t, err) require.Equal(t, 200, res.StatusCode) cancel() diff --git a/cmd/daemon/serve.go b/cmd/daemon/serve.go index c657badd3225..2a4c755504e0 100644 --- a/cmd/daemon/serve.go +++ b/cmd/daemon/serve.go @@ -2,6 +2,9 @@ package daemon import ( "crypto/tls" + "github.com/ory/x/servicelocator" + "github.com/pkg/errors" + "golang.org/x/net/context" "net/http" "golang.org/x/sync/errgroup" @@ -78,19 +81,27 @@ func ServePublic(r driver.Registry, cmd *cobra.Command, args []string, opts ...O modifiers := NewOptions(cmd.Context(), opts) ctx := modifiers.ctx - c := r.Config(cmd.Context()) + c := r.Config() l := r.Logger() n := negroni.New() + + for _, mw := range servicelocator.HTTPMiddlewares(ctx) { + n.Use(mw) + } + for _, mw := range modifiers.mwf { n.UseFunc(mw) } + publicLogger := reqlog.NewMiddlewareFromLogger( l, - "public#"+c.SelfPublicURL().String(), + "public#"+c.SelfPublicURL(ctx).String(), ) - if r.Config(ctx).DisablePublicHealthRequestLog() { + + if r.Config().DisablePublicHealthRequestLog(ctx) { publicLogger.ExcludePaths(healthx.AliveCheckPath, healthx.ReadyCheckPath) } + n.Use(publicLogger) n.Use(x.HTTPLoaderContextMiddleware(r)) n.Use(sqa(ctx, cmd, r)) @@ -114,12 +125,12 @@ func ServePublic(r driver.Registry, cmd *cobra.Command, args []string, opts ...O r.PrometheusManager().RegisterRouter(router.Router) var handler http.Handler = n - options, enabled := r.Config(ctx).CORS("public") + options, enabled := r.Config().CORS(ctx, "public") if enabled { handler = cors.New(options).Handler(handler) } - certs := c.GetTSLCertificatesForPublic() + certs := c.GetTSLCertificatesForPublic(ctx) if tracer := r.Tracer(ctx); tracer.IsLoaded() { handler = x.TraceHandler(handler) @@ -130,11 +141,11 @@ func ServePublic(r driver.Registry, cmd *cobra.Command, args []string, opts ...O Handler: handler, TLSConfig: &tls.Config{Certificates: certs, MinVersion: tls.VersionTLS12}, }) - addr := c.PublicListenOn() + addr := c.PublicListenOn(ctx) l.Printf("Starting the public httpd on: %s", addr) if err := graceful.Graceful(func() error { - listener, err := networkx.MakeListener(addr, c.PublicSocketPermission()) + listener, err := networkx.MakeListener(addr, c.PublicSocketPermission(ctx)) if err != nil { return err } @@ -144,8 +155,10 @@ func ServePublic(r driver.Registry, cmd *cobra.Command, args []string, opts ...O } return server.ServeTLS(listener, "", "") }, server.Shutdown); err != nil { - l.Errorf("Failed to gracefully shutdown public httpd: %s", err) - return err + if !errors.Is(err, context.Canceled) { + l.Errorf("Failed to gracefully shutdown public httpd: %s", err) + return err + } } l.Println("Public httpd was shutdown gracefully") return nil @@ -155,18 +168,24 @@ func ServeAdmin(r driver.Registry, cmd *cobra.Command, args []string, opts ...Op modifiers := NewOptions(cmd.Context(), opts) ctx := modifiers.ctx - c := r.Config(ctx) + c := r.Config() l := r.Logger() n := negroni.New() + + for _, mw := range servicelocator.HTTPMiddlewares(ctx) { + n.Use(mw) + } + for _, mw := range modifiers.mwf { n.UseFunc(mw) } + adminLogger := reqlog.NewMiddlewareFromLogger( l, - "admin#"+c.SelfPublicURL().String(), + "admin#"+c.SelfPublicURL(ctx).String(), ) - if r.Config(ctx).DisableAdminHealthRequestLog() { + if r.Config().DisableAdminHealthRequestLog(ctx) { adminLogger.ExcludePaths(x.AdminPrefix+healthx.AliveCheckPath, x.AdminPrefix+healthx.ReadyCheckPath) } n.Use(adminLogger) @@ -180,7 +199,7 @@ func ServeAdmin(r driver.Registry, cmd *cobra.Command, args []string, opts ...Op r.PrometheusManager().RegisterRouter(router.Router) n.UseHandler(router) - certs := c.GetTSLCertificatesForAdmin() + certs := c.GetTSLCertificatesForAdmin(ctx) var handler http.Handler = n if tracer := r.Tracer(ctx); tracer.IsLoaded() { @@ -193,11 +212,11 @@ func ServeAdmin(r driver.Registry, cmd *cobra.Command, args []string, opts ...Op TLSConfig: &tls.Config{Certificates: certs, MinVersion: tls.VersionTLS12}, }) - addr := c.AdminListenOn() + addr := c.AdminListenOn(ctx) l.Printf("Starting the admin httpd on: %s", addr) if err := graceful.Graceful(func() error { - listener, err := networkx.MakeListener(addr, c.AdminSocketPermission()) + listener, err := networkx.MakeListener(addr, c.AdminSocketPermission(ctx)) if err != nil { return err } @@ -207,8 +226,10 @@ func ServeAdmin(r driver.Registry, cmd *cobra.Command, args []string, opts ...Op } return server.ServeTLS(listener, "", "") }, server.Shutdown); err != nil { - l.Errorf("Failed to gracefully shutdown admin httpd: %s", err) - return err + if !errors.Is(err, context.Canceled) { + l.Errorf("Failed to gracefully shutdown admin httpd: %s", err) + return err + } } l.Println("Admin httpd was shutdown gracefully") return nil @@ -220,11 +241,11 @@ func sqa(ctx stdctx.Context, cmd *cobra.Command, d driver.Registry) *metricsx.Se return metricsx.New( cmd, d.Logger(), - d.Config(ctx).Source(), + d.Config().GetProvider(ctx), &metricsx.Options{ Service: "ory-kratos", - ClusterID: metricsx.Hash(d.Persister().NetworkID().String()), - IsDevelopment: d.Config(ctx).IsInsecureDevMode(), + ClusterID: metricsx.Hash(d.Persister().NetworkID(ctx).String()), + IsDevelopment: d.Config().IsInsecureDevMode(ctx), WriteKey: "qQlI6q8Q4WvkzTjKQSor4sHYOikHIvvi", WhitelistedPaths: []string{ "/", @@ -287,7 +308,7 @@ func bgTasks(d driver.Registry, cmd *cobra.Command, args []string, opts ...Optio modifiers := NewOptions(cmd.Context(), opts) ctx := modifiers.ctx - if d.Config(ctx).IsBackgroundCourierEnabled() { + if d.Config().IsBackgroundCourierEnabled(ctx) { go courier.Watch(ctx, d) } return nil diff --git a/cmd/hashers/argon2/hash.go b/cmd/hashers/argon2/hash.go index d36832b7cb64..7da1dd48eb54 100644 --- a/cmd/hashers/argon2/hash.go +++ b/cmd/hashers/argon2/hash.go @@ -29,6 +29,8 @@ func newHashCmd() *cobra.Command { return err } + flagConfig.ctx = cmd.Context() + hasher := hash.NewHasherArgon2(conf) hashes := make([][]byte, len(args)) errs := make(chan error, len(args)) diff --git a/cmd/hashers/argon2/loadtest.go b/cmd/hashers/argon2/loadtest.go index 12780790d12d..74b06de511ea 100644 --- a/cmd/hashers/argon2/loadtest.go +++ b/cmd/hashers/argon2/loadtest.go @@ -70,6 +70,8 @@ func newLoadTestCmd() *cobra.Command { return err } + flagConf.ctx = cmd.Context() + conf, err := configProvider(cmd, flagConf) if err != nil { return err diff --git a/cmd/hashers/argon2/root.go b/cmd/hashers/argon2/root.go index fa122951f666..fd8392151a78 100644 --- a/cmd/hashers/argon2/root.go +++ b/cmd/hashers/argon2/root.go @@ -76,7 +76,7 @@ func configProvider(cmd *cobra.Command, flagConf *argon2Config) (*argon2Config, _, _ = fmt.Fprintf(cmd.ErrOrStderr(), "Unable to initialize the config provider: %s\n", err) return nil, cmdx.FailSilently(cmd) } - conf.localConfig = *conf.config.HasherArgon2() + conf.localConfig = *conf.config.HasherArgon2(cmd.Context()) if cmd.Flags().Changed(FlagIterations) { conf.localConfig.Iterations = flagConf.localConfig.Iterations @@ -110,10 +110,11 @@ type ( argon2Config struct { localConfig config.Argon2 config *config.Config + ctx context.Context } ) -var _ cmdx.TableRow = &argon2Config{} +var _ cmdx.TableRow = (*argon2Config)(nil) func (c *argon2Config) Header() []string { var header []string @@ -145,7 +146,7 @@ func (c *argon2Config) Interface() interface{} { return i } -func (c *argon2Config) Config(_ context.Context) *config.Config { +func (c *argon2Config) Config() *config.Config { ac, _ := c.HasherArgon2() for k, v := range map[string]interface{}{ config.ViperKeyHasherArgon2ConfigIterations: ac.Iterations, @@ -157,7 +158,7 @@ func (c *argon2Config) Config(_ context.Context) *config.Config { config.ViperKeyHasherArgon2ConfigExpectedDuration: ac.ExpectedDuration, config.ViperKeyHasherArgon2ConfigExpectedDeviation: ac.ExpectedDeviation, } { - _ = c.config.Set(k, v) + _ = c.config.Set(c.ctx, k, v) } return c.config } diff --git a/cmd/serve/root.go b/cmd/serve/root.go index 4415bbb4eab0..5764e6cc2ea3 100644 --- a/cmd/serve/root.go +++ b/cmd/serve/root.go @@ -30,9 +30,15 @@ func NewServeCmd() (serveCmd *cobra.Command) { Use: "serve", Short: "Run the Ory Kratos server", RunE: func(cmd *cobra.Command, args []string) error { - d := driver.New(cmd.Context(), cmd.ErrOrStderr(), configx.WithFlags(cmd.Flags())) + ctx := cmd.Context() + opts := configx.ConfigOptionsFromContext(ctx) - if d.Config(cmd.Context()).IsInsecureDevMode() { + d, err := driver.New(ctx, cmd.ErrOrStderr(), append(opts, configx.WithFlags(cmd.Flags()))...) + if err != nil { + return err + } + + if d.Config().IsInsecureDevMode(ctx) { d.Logger().Warn(` YOU ARE RUNNING Ory KRATOS IN DEV MODE. @@ -42,7 +48,7 @@ DON'T DO THIS IN PRODUCTION! `) } - configVersion := d.Config(cmd.Context()).ConfigVersion() + configVersion := d.Config().ConfigVersion(ctx) if configVersion == config.UnknownVersion { d.Logger().Warn("The config has no version specified. Add the version to improve your development experience.") } else if config.Version != "" && diff --git a/continuity/container.go b/continuity/container.go index 7c697a83b114..ac1890abcbd2 100644 --- a/continuity/container.go +++ b/continuity/container.go @@ -4,8 +4,6 @@ import ( "context" "time" - "github.com/ory/kratos/corp" - "github.com/gofrs/uuid" "github.com/pkg/errors" @@ -42,7 +40,7 @@ func (c *Container) UTC() *Container { } func (c Container) TableName(ctx context.Context) string { - return corp.ContextualizeTableName(ctx, "continuity_containers") + return "continuity_containers" } func NewContainer(name string, o managerOptions) *Container { diff --git a/continuity/manager_test.go b/continuity/manager_test.go index 5a65f828f052..462f829ae820 100644 --- a/continuity/manager_test.go +++ b/continuity/manager_test.go @@ -42,10 +42,11 @@ type persisterTestPayload struct { } func TestManager(t *testing.T) { + ctx := context.Background() conf, reg := internal.NewFastRegistryWithMocks(t) testhelpers.SetDefaultIdentitySchema(conf, "file://../test/stub/identity/empty.schema.json") - conf.MustSet(config.ViperKeyPublicBaseURL, "https://www.ory.sh") + conf.MustSet(ctx, config.ViperKeyPublicBaseURL, "https://www.ory.sh") i := identity.NewIdentity("") require.NoError(t, reg.PrivilegedIdentityPool().CreateIdentity(context.Background(), i)) diff --git a/corp/context.go b/corp/context.go index 75b079052983..44780f3152e6 100644 --- a/corp/context.go +++ b/corp/context.go @@ -18,32 +18,8 @@ type Contextualizer interface { var c Contextualizer = nil -func GetContextualizer() Contextualizer { - return c -} - -func SetContextualizer(cc Contextualizer) { - if _, ok := cc.(*ContextNoOp); ok && c != nil { - return - } - - c = cc -} - // These global functions call the respective method on Context -func ContextualizeTableName(ctx context.Context, name string) string { - return c.ContextualizeTableName(ctx, name) -} - -func ContextualizeMiddleware(ctx context.Context) func(rw http.ResponseWriter, r *http.Request, next http.HandlerFunc) { - return c.ContextualizeMiddleware(ctx) -} - func ContextualizeConfig(ctx context.Context, fb *config.Config) *config.Config { return c.ContextualizeConfig(ctx, fb) } - -func ContextualizeNID(ctx context.Context, fallback uuid.UUID) uuid.UUID { - return c.ContextualizeNID(ctx, fallback) -} diff --git a/corp/context_test.go b/corp/context_test.go deleted file mode 100644 index d2444fe03044..000000000000 --- a/corp/context_test.go +++ /dev/null @@ -1,33 +0,0 @@ -package corp - -import ( - "context" - "testing" - - "github.com/stretchr/testify/assert" - "github.com/stretchr/testify/require" -) - -type contextMock struct { - ContextNoOp -} - -func (*contextMock) ContextualizeTableName(_ context.Context, name string) string { - return "foo" -} - -func TestSetContextualizer(t *testing.T) { - ctx := context.Background() - require.Panics(t, func() { - ContextualizeTableName(ctx, "") - }) - - SetContextualizer(new(ContextNoOp)) - assert.Equal(t, "bar", ContextualizeTableName(ctx, "bar")) - - SetContextualizer(new(contextMock)) - assert.Equal(t, "foo", ContextualizeTableName(ctx, "bar")) - - SetContextualizer(new(ContextNoOp)) - assert.Equal(t, "foo", ContextualizeTableName(ctx, "bar")) -} diff --git a/courier/courier.go b/courier/courier.go index a4e8d7d9465c..e29f1b1ce83b 100644 --- a/courier/courier.go +++ b/courier/courier.go @@ -40,7 +40,7 @@ type ( } ConfigProvider interface { - CourierConfig(ctx context.Context) config.CourierConfigs + CourierConfig() config.CourierConfigs } courier struct { diff --git a/courier/courier_dispatcher.go b/courier/courier_dispatcher.go index af572e5aa7cf..4f88884ce83c 100644 --- a/courier/courier_dispatcher.go +++ b/courier/courier_dispatcher.go @@ -7,7 +7,7 @@ import ( ) func (c *courier) DispatchMessage(ctx context.Context, msg Message) error { - maxRetries := c.deps.CourierConfig(ctx).CourierMessageRetries() + maxRetries := c.deps.CourierConfig().CourierMessageRetries(ctx) if msg.SendCount > maxRetries { if err := c.deps.CourierPersister().SetMessageStatus(ctx, msg.ID, MessageStatusAbandoned); err != nil { diff --git a/courier/courier_dispatcher_test.go b/courier/courier_dispatcher_test.go index 01980a50e7d1..afe4c35fcf3b 100644 --- a/courier/courier_dispatcher_test.go +++ b/courier/courier_dispatcher_test.go @@ -29,8 +29,8 @@ func TestDispatchMessageWithInvalidSMTP(t *testing.T) { ctx := context.Background() conf, reg := internal.NewRegistryDefaultWithDSN(t, "") - conf.MustSet(config.ViperKeyCourierMessageRetries, 5) - conf.MustSet(config.ViperKeyCourierSMTPURL, "http://foo.url") + conf.MustSet(ctx, config.ViperKeyCourierMessageRetries, 5) + conf.MustSet(ctx, config.ViperKeyCourierSMTPURL, "http://foo.url") ctx, cancel := context.WithCancel(ctx) defer cancel() @@ -71,7 +71,7 @@ func TestDispatchMessage2(t *testing.T) { ctx := context.Background() conf, reg := internal.NewRegistryDefaultWithDSN(t, "") - conf.MustSet(config.ViperKeyCourierMessageRetries, 1) + conf.MustSet(ctx, config.ViperKeyCourierMessageRetries, 1) c := reg.Courier(ctx) diff --git a/courier/message.go b/courier/message.go index da85a956de88..52228d4a8358 100644 --- a/courier/message.go +++ b/courier/message.go @@ -5,8 +5,6 @@ import ( "time" "github.com/gofrs/uuid" - - "github.com/ory/kratos/corp" ) type MessageStatus int @@ -45,7 +43,7 @@ type Message struct { } func (m Message) TableName(ctx context.Context) string { - return corp.ContextualizeTableName(ctx, "courier_messages") + return "courier_messages" } func (m *Message) GetID() uuid.UUID { diff --git a/courier/sms.go b/courier/sms.go index 1436a6062abf..df2f7fdf02de 100644 --- a/courier/sms.go +++ b/courier/sms.go @@ -29,8 +29,7 @@ type smsClient struct { func newSMS(ctx context.Context, deps Dependencies) *smsClient { return &smsClient{ - RequestConfig: deps.CourierConfig(ctx).CourierSMSRequestConfig(), - + RequestConfig: deps.CourierConfig().CourierSMSRequestConfig(ctx), GetTemplateType: SMSTemplateType, NewTemplateFromMessage: NewSMSTemplateFromMessage, } @@ -67,7 +66,7 @@ func (c *courier) QueueSMS(ctx context.Context, t SMSTemplate) (uuid.UUID, error } func (c *courier) dispatchSMS(ctx context.Context, msg Message) error { - if !c.deps.CourierConfig(ctx).CourierSMSEnabled() { + if !c.deps.CourierConfig().CourierSMSEnabled(ctx) { return errors.WithStack(herodot.ErrInternalServerError.WithReasonf("Courier tried to deliver an sms but courier.sms.enabled is set to false!")) } @@ -88,7 +87,7 @@ func (c *courier) dispatchSMS(ctx context.Context, msg Message) error { req, err := builder.BuildRequest(&sendSMSRequestBody{ To: msg.Recipient, - From: c.deps.CourierConfig(ctx).CourierSMSFrom(), + From: c.deps.CourierConfig().CourierSMSFrom(ctx), Body: body, }) if err != nil { diff --git a/courier/sms_test.go b/courier/sms_test.go index 5266c7a9d05c..ca54a953c821 100644 --- a/courier/sms_test.go +++ b/courier/sms_test.go @@ -23,6 +23,8 @@ import ( ) func TestQueueSMS(t *testing.T) { + ctx := context.Background() + expectedSender := "Kratos Test" expectedSMS := []*sms.TestStubModel{ { @@ -75,14 +77,12 @@ func TestQueueSMS(t *testing.T) { }`, srv.URL) conf, reg := internal.NewFastRegistryWithMocks(t) - conf.MustSet(config.ViperKeyCourierSMSRequestConfig, requestConfig) - conf.MustSet(config.ViperKeyCourierSMSFrom, expectedSender) - conf.MustSet(config.ViperKeyCourierSMSEnabled, true) - conf.MustSet(config.ViperKeyCourierSMTPURL, "http://foo.url") + conf.MustSet(ctx, config.ViperKeyCourierSMSRequestConfig, requestConfig) + conf.MustSet(ctx, config.ViperKeyCourierSMSFrom, expectedSender) + conf.MustSet(ctx, config.ViperKeyCourierSMSEnabled, true) + conf.MustSet(ctx, config.ViperKeyCourierSMTPURL, "http://foo.url") reg.Logger().Level = logrus.TraceLevel - ctx := context.Background() - c := reg.Courier(ctx) ctx, cancel := context.WithCancel(ctx) @@ -116,18 +116,19 @@ func TestQueueSMS(t *testing.T) { } func TestDisallowedInternalNetwork(t *testing.T) { + ctx := context.Background() + conf, reg := internal.NewFastRegistryWithMocks(t) - conf.MustSet(config.ViperKeyCourierSMSRequestConfig, fmt.Sprintf(`{ + conf.MustSet(ctx, config.ViperKeyCourierSMSRequestConfig, fmt.Sprintf(`{ "url": "http://127.0.0.1/", "method": "GET", "body": "file://./stub/request.config.twilio.jsonnet" }`)) - conf.MustSet(config.ViperKeyCourierSMSEnabled, true) - conf.MustSet(config.ViperKeyCourierSMTPURL, "http://foo.url") - conf.MustSet(config.ViperKeyClientHTTPNoPrivateIPRanges, true) + conf.MustSet(ctx, config.ViperKeyCourierSMSEnabled, true) + conf.MustSet(ctx, config.ViperKeyCourierSMTPURL, "http://foo.url") + conf.MustSet(ctx, config.ViperKeyClientHTTPNoPrivateIPRanges, true) reg.Logger().Level = logrus.TraceLevel - ctx := context.Background() c := reg.Courier(ctx) c.(interface { FailOnDispatchError() diff --git a/courier/smtp.go b/courier/smtp.go index cd6c96bec183..fbcb838009cb 100644 --- a/courier/smtp.go +++ b/courier/smtp.go @@ -28,10 +28,10 @@ type smtpClient struct { } func newSMTP(ctx context.Context, deps Dependencies) *smtpClient { - uri := deps.CourierConfig(ctx).CourierSMTPURL() + uri := deps.CourierConfig().CourierSMTPURL(ctx) var tlsCertificates []tls.Certificate - clientCertPath := deps.CourierConfig(ctx).CourierSMTPClientCertPath() - clientKeyPath := deps.CourierConfig(ctx).CourierSMTPClientKeyPath() + clientCertPath := deps.CourierConfig().CourierSMTPClientCertPath(ctx) + clientKeyPath := deps.CourierConfig().CourierSMTPClientKeyPath(ctx) if clientCertPath != "" && clientKeyPath != "" { clientCert, err := tls.LoadX509KeyPair(clientCertPath, clientKeyPath) @@ -44,7 +44,7 @@ func newSMTP(ctx context.Context, deps Dependencies) *smtpClient { } } - localName := deps.CourierConfig(ctx).CourierSMTPLocalName() + localName := deps.CourierConfig().CourierSMTPLocalName(ctx) password, _ := uri.User.Password() port, _ := strconv.ParseInt(uri.Port(), 10, 0) @@ -154,8 +154,8 @@ func (c *courier) dispatchEmail(ctx context.Context, msg Message) error { return errors.WithStack(herodot.ErrInternalServerError.WithReasonf("Courier tried to deliver an email but %s is not set!", config.ViperKeyCourierSMTPURL)) } - from := c.deps.CourierConfig(ctx).CourierSMTPFrom() - fromName := c.deps.CourierConfig(ctx).CourierSMTPFromName() + from := c.deps.CourierConfig().CourierSMTPFrom(ctx) + fromName := c.deps.CourierConfig().CourierSMTPFromName(ctx) gm := gomail.NewMessage() if fromName == "" { @@ -167,7 +167,7 @@ func (c *courier) dispatchEmail(ctx context.Context, msg Message) error { gm.SetHeader("To", msg.Recipient) gm.SetHeader("Subject", msg.Subject) - headers := c.deps.CourierConfig(ctx).CourierSMTPHeaders() + headers := c.deps.CourierConfig().CourierSMTPHeaders(ctx) for k, v := range headers { gm.SetHeader(k, v) } diff --git a/courier/smtp_test.go b/courier/smtp_test.go index 92d8ddf0c3ce..ab7229398e20 100644 --- a/courier/smtp_test.go +++ b/courier/smtp_test.go @@ -38,8 +38,8 @@ func TestNewSMTP(t *testing.T) { conf, reg := internal.NewFastRegistryWithMocks(t) setupCourier := func(stringURL string) courier.Courier { - conf.MustSet(config.ViperKeyCourierSMTPURL, stringURL) - t.Logf("SMTP URL: %s", conf.CourierSMTPURL().String()) + conf.MustSet(ctx, config.ViperKeyCourierSMTPURL, stringURL) + t.Logf("SMTP URL: %s", conf.CourierSMTPURL(ctx).String()) return courier.NewCourier(ctx, reg) } @@ -68,8 +68,8 @@ func TestNewSMTP(t *testing.T) { defer os.Remove(clientCert.Name()) defer os.Remove(clientKey.Name()) - conf.Set(config.ViperKeyCourierSMTPClientCertPath, clientCert.Name()) - conf.Set(config.ViperKeyCourierSMTPClientKeyPath, clientKey.Name()) + conf.Set(ctx, config.ViperKeyCourierSMTPClientCertPath, clientCert.Name()) + conf.Set(ctx, config.ViperKeyCourierSMTPClientKeyPath, clientKey.Name()) clientPEM, err := tls.LoadX509KeyPair(clientCert.Name(), clientKey.Name()) require.NoError(t, err) @@ -82,7 +82,7 @@ func TestNewSMTP(t *testing.T) { assert.Contains(t, smtpWithCert.SmtpDialer().TLSConfig.Certificates, clientPEM, "TLS config should contain client pem") //error case: invalid client key - conf.Set(config.ViperKeyCourierSMTPClientKeyPath, clientCert.Name()) //mixup client key and client cert + conf.Set(ctx, config.ViperKeyCourierSMTPClientKeyPath, clientCert.Name()) //mixup client key and client cert smtpWithCert = setupCourier("smtps://subdomain.my-server:1234/?server_name=my-server") assert.Equal(t, len(smtpWithCert.SmtpDialer().TLSConfig.Certificates), 0, "TLS config certificates should be empty") } @@ -100,8 +100,8 @@ func TestQueueEmail(t *testing.T) { ctx := context.Background() conf, reg := internal.NewRegistryDefaultWithDSN(t, "") - conf.MustSet(config.ViperKeyCourierSMTPURL, smtp) - conf.MustSet(config.ViperKeyCourierSMTPFrom, "test-stub@ory.sh") + conf.MustSet(ctx, config.ViperKeyCourierSMTPURL, smtp) + conf.MustSet(ctx, config.ViperKeyCourierSMTPFrom, "test-stub@ory.sh") reg.Logger().Level = logrus.TraceLevel c := reg.Courier(ctx) @@ -126,11 +126,12 @@ func TestQueueEmail(t *testing.T) { require.NotEqual(t, uuid.Nil, id) // The third email contains a sender name and custom headers - conf.MustSet(config.ViperKeyCourierSMTPFromName, "Bob") - conf.MustSet(config.ViperKeyCourierSMTPHeaders+".test-stub-header1", "foo") - conf.MustSet(config.ViperKeyCourierSMTPHeaders+".test-stub-header2", "bar") - customerHeaders := conf.CourierSMTPHeaders() + conf.MustSet(ctx, config.ViperKeyCourierSMTPFromName, "Bob") + conf.MustSet(ctx, config.ViperKeyCourierSMTPHeaders+".test-stub-header1", "foo") + conf.MustSet(ctx, config.ViperKeyCourierSMTPHeaders+".test-stub-header2", "bar") + customerHeaders := conf.CourierSMTPHeaders(ctx) require.Len(t, customerHeaders, 2) + id, err = c.QueueEmail(ctx, templates.NewTestStub(reg, &templates.TestStubModel{ To: "test-recipient-3@example.org", Subject: "test-subject-3", diff --git a/courier/template/email/recovery_invalid.go b/courier/template/email/recovery_invalid.go index 0fe4dcaf5d04..408e51972558 100644 --- a/courier/template/email/recovery_invalid.go +++ b/courier/template/email/recovery_invalid.go @@ -28,17 +28,17 @@ func (t *RecoveryInvalid) EmailRecipient() (string, error) { } func (t *RecoveryInvalid) EmailSubject(ctx context.Context) (string, error) { - subject, err := template.LoadText(ctx, t.d, os.DirFS(t.d.CourierConfig(ctx).CourierTemplatesRoot()), "recovery/invalid/email.subject.gotmpl", "recovery/invalid/email.subject*", t.m, t.d.CourierConfig(ctx).CourierTemplatesRecoveryInvalid().Subject) + subject, err := template.LoadText(ctx, t.d, os.DirFS(t.d.CourierConfig().CourierTemplatesRoot(ctx)), "recovery/invalid/email.subject.gotmpl", "recovery/invalid/email.subject*", t.m, t.d.CourierConfig().CourierTemplatesRecoveryInvalid(ctx).Subject) return strings.TrimSpace(subject), err } func (t *RecoveryInvalid) EmailBody(ctx context.Context) (string, error) { - return template.LoadHTML(ctx, t.d, os.DirFS(t.d.CourierConfig(ctx).CourierTemplatesRoot()), "recovery/invalid/email.body.gotmpl", "recovery/invalid/email.body*", t.m, t.d.CourierConfig(ctx).CourierTemplatesRecoveryInvalid().Body.HTML) + return template.LoadHTML(ctx, t.d, os.DirFS(t.d.CourierConfig().CourierTemplatesRoot(ctx)), "recovery/invalid/email.body.gotmpl", "recovery/invalid/email.body*", t.m, t.d.CourierConfig().CourierTemplatesRecoveryInvalid(ctx).Body.HTML) } func (t *RecoveryInvalid) EmailBodyPlaintext(ctx context.Context) (string, error) { - return template.LoadText(ctx, t.d, os.DirFS(t.d.CourierConfig(ctx).CourierTemplatesRoot()), "recovery/invalid/email.body.plaintext.gotmpl", "recovery/invalid/email.body.plaintext*", t.m, t.d.CourierConfig(ctx).CourierTemplatesRecoveryInvalid().Body.PlainText) + return template.LoadText(ctx, t.d, os.DirFS(t.d.CourierConfig().CourierTemplatesRoot(ctx)), "recovery/invalid/email.body.plaintext.gotmpl", "recovery/invalid/email.body.plaintext*", t.m, t.d.CourierConfig().CourierTemplatesRecoveryInvalid(ctx).Body.PlainText) } func (t *RecoveryInvalid) MarshalJSON() ([]byte, error) { diff --git a/courier/template/email/recovery_valid.go b/courier/template/email/recovery_valid.go index 686b498182b2..4cb60373f0a7 100644 --- a/courier/template/email/recovery_valid.go +++ b/courier/template/email/recovery_valid.go @@ -30,17 +30,17 @@ func (t *RecoveryValid) EmailRecipient() (string, error) { } func (t *RecoveryValid) EmailSubject(ctx context.Context) (string, error) { - subject, err := template.LoadText(ctx, t.d, os.DirFS(t.d.CourierConfig(ctx).CourierTemplatesRoot()), "recovery/valid/email.subject.gotmpl", "recovery/valid/email.subject*", t.m, t.d.CourierConfig(ctx).CourierTemplatesRecoveryValid().Subject) + subject, err := template.LoadText(ctx, t.d, os.DirFS(t.d.CourierConfig().CourierTemplatesRoot(ctx)), "recovery/valid/email.subject.gotmpl", "recovery/valid/email.subject*", t.m, t.d.CourierConfig().CourierTemplatesRecoveryValid(ctx).Subject) return strings.TrimSpace(subject), err } func (t *RecoveryValid) EmailBody(ctx context.Context) (string, error) { - return template.LoadHTML(ctx, t.d, os.DirFS(t.d.CourierConfig(ctx).CourierTemplatesRoot()), "recovery/valid/email.body.gotmpl", "recovery/valid/email.body*", t.m, t.d.CourierConfig(ctx).CourierTemplatesRecoveryValid().Body.HTML) + return template.LoadHTML(ctx, t.d, os.DirFS(t.d.CourierConfig().CourierTemplatesRoot(ctx)), "recovery/valid/email.body.gotmpl", "recovery/valid/email.body*", t.m, t.d.CourierConfig().CourierTemplatesRecoveryValid(ctx).Body.HTML) } func (t *RecoveryValid) EmailBodyPlaintext(ctx context.Context) (string, error) { - return template.LoadText(ctx, t.d, os.DirFS(t.d.CourierConfig(ctx).CourierTemplatesRoot()), "recovery/valid/email.body.plaintext.gotmpl", "recovery/valid/email.body.plaintext*", t.m, t.d.CourierConfig(ctx).CourierTemplatesRecoveryValid().Body.PlainText) + return template.LoadText(ctx, t.d, os.DirFS(t.d.CourierConfig().CourierTemplatesRoot(ctx)), "recovery/valid/email.body.plaintext.gotmpl", "recovery/valid/email.body.plaintext*", t.m, t.d.CourierConfig().CourierTemplatesRecoveryValid(ctx).Body.PlainText) } func (t *RecoveryValid) MarshalJSON() ([]byte, error) { diff --git a/courier/template/email/stub.go b/courier/template/email/stub.go index eaba365441ab..dbd86f51462f 100644 --- a/courier/template/email/stub.go +++ b/courier/template/email/stub.go @@ -30,17 +30,17 @@ func (t *TestStub) EmailRecipient() (string, error) { } func (t *TestStub) EmailSubject(ctx context.Context) (string, error) { - subject, err := template.LoadText(ctx, t.d, os.DirFS(t.d.CourierConfig(ctx).CourierTemplatesRoot()), "test_stub/email.subject.gotmpl", "test_stub/email.subject*", t.m, "") + subject, err := template.LoadText(ctx, t.d, os.DirFS(t.d.CourierConfig().CourierTemplatesRoot(ctx)), "test_stub/email.subject.gotmpl", "test_stub/email.subject*", t.m, "") return strings.TrimSpace(subject), err } func (t *TestStub) EmailBody(ctx context.Context) (string, error) { - return template.LoadHTML(ctx, t.d, os.DirFS(t.d.CourierConfig(ctx).CourierTemplatesRoot()), "test_stub/email.body.gotmpl", "test_stub/email.body*", t.m, "") + return template.LoadHTML(ctx, t.d, os.DirFS(t.d.CourierConfig().CourierTemplatesRoot(ctx)), "test_stub/email.body.gotmpl", "test_stub/email.body*", t.m, "") } func (t *TestStub) EmailBodyPlaintext(ctx context.Context) (string, error) { - return template.LoadText(ctx, t.d, os.DirFS(t.d.CourierConfig(ctx).CourierTemplatesRoot()), "test_stub/email.body.plaintext.gotmpl", "test_stub/email.body.plaintext*", t.m, "") + return template.LoadText(ctx, t.d, os.DirFS(t.d.CourierConfig().CourierTemplatesRoot(ctx)), "test_stub/email.body.plaintext.gotmpl", "test_stub/email.body.plaintext*", t.m, "") } func (t *TestStub) MarshalJSON() ([]byte, error) { diff --git a/courier/template/email/verification_invalid.go b/courier/template/email/verification_invalid.go index 2eae8483abb6..1aaac47165d2 100644 --- a/courier/template/email/verification_invalid.go +++ b/courier/template/email/verification_invalid.go @@ -28,17 +28,17 @@ func (t *VerificationInvalid) EmailRecipient() (string, error) { } func (t *VerificationInvalid) EmailSubject(ctx context.Context) (string, error) { - subject, err := template.LoadText(ctx, t.d, os.DirFS(t.d.CourierConfig(ctx).CourierTemplatesRoot()), "verification/invalid/email.subject.gotmpl", "verification/invalid/email.subject*", t.m, t.d.CourierConfig(ctx).CourierTemplatesVerificationInvalid().Subject) + subject, err := template.LoadText(ctx, t.d, os.DirFS(t.d.CourierConfig().CourierTemplatesRoot(ctx)), "verification/invalid/email.subject.gotmpl", "verification/invalid/email.subject*", t.m, t.d.CourierConfig().CourierTemplatesVerificationInvalid(ctx).Subject) return strings.TrimSpace(subject), err } func (t *VerificationInvalid) EmailBody(ctx context.Context) (string, error) { - return template.LoadHTML(ctx, t.d, os.DirFS(t.d.CourierConfig(ctx).CourierTemplatesRoot()), "verification/invalid/email.body.gotmpl", "verification/invalid/email.body*", t.m, t.d.CourierConfig(ctx).CourierTemplatesVerificationInvalid().Body.HTML) + return template.LoadHTML(ctx, t.d, os.DirFS(t.d.CourierConfig().CourierTemplatesRoot(ctx)), "verification/invalid/email.body.gotmpl", "verification/invalid/email.body*", t.m, t.d.CourierConfig().CourierTemplatesVerificationInvalid(ctx).Body.HTML) } func (t *VerificationInvalid) EmailBodyPlaintext(ctx context.Context) (string, error) { - return template.LoadText(ctx, t.d, os.DirFS(t.d.CourierConfig(ctx).CourierTemplatesRoot()), "verification/invalid/email.body.plaintext.gotmpl", "verification/invalid/email.body.plaintext*", t.m, t.d.CourierConfig(ctx).CourierTemplatesVerificationInvalid().Body.PlainText) + return template.LoadText(ctx, t.d, os.DirFS(t.d.CourierConfig().CourierTemplatesRoot(ctx)), "verification/invalid/email.body.plaintext.gotmpl", "verification/invalid/email.body.plaintext*", t.m, t.d.CourierConfig().CourierTemplatesVerificationInvalid(ctx).Body.PlainText) } func (t *VerificationInvalid) MarshalJSON() ([]byte, error) { diff --git a/courier/template/email/verification_valid.go b/courier/template/email/verification_valid.go index 9a7b33dbb899..e8836c3a9431 100644 --- a/courier/template/email/verification_valid.go +++ b/courier/template/email/verification_valid.go @@ -30,17 +30,17 @@ func (t *VerificationValid) EmailRecipient() (string, error) { } func (t *VerificationValid) EmailSubject(ctx context.Context) (string, error) { - subject, err := template.LoadText(ctx, t.d, os.DirFS(t.d.CourierConfig(ctx).CourierTemplatesRoot()), "verification/valid/email.subject.gotmpl", "verification/valid/email.subject*", t.m, t.d.CourierConfig(ctx).CourierTemplatesVerificationValid().Subject) + subject, err := template.LoadText(ctx, t.d, os.DirFS(t.d.CourierConfig().CourierTemplatesRoot(ctx)), "verification/valid/email.subject.gotmpl", "verification/valid/email.subject*", t.m, t.d.CourierConfig().CourierTemplatesVerificationValid(ctx).Subject) return strings.TrimSpace(subject), err } func (t *VerificationValid) EmailBody(ctx context.Context) (string, error) { - return template.LoadHTML(ctx, t.d, os.DirFS(t.d.CourierConfig(ctx).CourierTemplatesRoot()), "verification/valid/email.body.gotmpl", "verification/valid/email.body*", t.m, t.d.CourierConfig(ctx).CourierTemplatesVerificationValid().Body.HTML) + return template.LoadHTML(ctx, t.d, os.DirFS(t.d.CourierConfig().CourierTemplatesRoot(ctx)), "verification/valid/email.body.gotmpl", "verification/valid/email.body*", t.m, t.d.CourierConfig().CourierTemplatesVerificationValid(ctx).Body.HTML) } func (t *VerificationValid) EmailBodyPlaintext(ctx context.Context) (string, error) { - return template.LoadText(ctx, t.d, os.DirFS(t.d.CourierConfig(ctx).CourierTemplatesRoot()), "verification/valid/email.body.plaintext.gotmpl", "verification/valid/email.body.plaintext*", t.m, t.d.CourierConfig(ctx).CourierTemplatesVerificationValid().Body.PlainText) + return template.LoadText(ctx, t.d, os.DirFS(t.d.CourierConfig().CourierTemplatesRoot(ctx)), "verification/valid/email.body.plaintext.gotmpl", "verification/valid/email.body.plaintext*", t.m, t.d.CourierConfig().CourierTemplatesVerificationValid(ctx).Body.PlainText) } func (t *VerificationValid) MarshalJSON() ([]byte, error) { diff --git a/courier/template/load_template_test.go b/courier/template/load_template_test.go index cd66a1e3f65f..caa4410e17b1 100644 --- a/courier/template/load_template_test.go +++ b/courier/template/load_template_test.go @@ -181,7 +181,7 @@ func TestLoadTextTemplate(t *testing.T) { }) t.Run("case=disallowed resources", func(t *testing.T) { - require.NoError(t, reg.Config(ctx).Source().Set(config.ViperKeyClientHTTPNoPrivateIPRanges, true)) + require.NoError(t, reg.Config().GetProvider(ctx).Set(config.ViperKeyClientHTTPNoPrivateIPRanges, true)) reg.HTTPClient(ctx).RetryMax = 1 reg.HTTPClient(ctx).RetryWaitMax = time.Millisecond diff --git a/courier/template/sms/otp.go b/courier/template/sms/otp.go index ef003f63b0ea..ffa6b6ab356c 100644 --- a/courier/template/sms/otp.go +++ b/courier/template/sms/otp.go @@ -30,7 +30,7 @@ func (t *OTPMessage) PhoneNumber() (string, error) { } func (t *OTPMessage) SMSBody(ctx context.Context) (string, error) { - return template.LoadText(ctx, t.d, os.DirFS(t.d.CourierConfig(ctx).CourierTemplatesRoot()), "otp/sms.body.gotmpl", "otp/sms.body*", t.m, "") + return template.LoadText(ctx, t.d, os.DirFS(t.d.CourierConfig().CourierTemplatesRoot(ctx)), "otp/sms.body.gotmpl", "otp/sms.body*", t.m, "") } func (t *OTPMessage) MarshalJSON() ([]byte, error) { diff --git a/courier/template/sms/stub.go b/courier/template/sms/stub.go index fa2fb19e3b5f..5d9932e45ec3 100644 --- a/courier/template/sms/stub.go +++ b/courier/template/sms/stub.go @@ -30,7 +30,7 @@ func (t *TestStub) PhoneNumber() (string, error) { } func (t *TestStub) SMSBody(ctx context.Context) (string, error) { - return template.LoadText(ctx, t.d, os.DirFS(t.d.CourierConfig(ctx).CourierTemplatesRoot()), "otp/test_stub/sms.body.gotmpl", "otp/test_stub/sms.body*", t.m, "") + return template.LoadText(ctx, t.d, os.DirFS(t.d.CourierConfig().CourierTemplatesRoot(ctx)), "otp/test_stub/sms.body.gotmpl", "otp/test_stub/sms.body*", t.m, "") } func (t *TestStub) MarshalJSON() ([]byte, error) { diff --git a/courier/template/template.go b/courier/template/template.go index f81e8ce444aa..465975c0a9e7 100644 --- a/courier/template/template.go +++ b/courier/template/template.go @@ -19,7 +19,7 @@ type ( } Dependencies interface { - CourierConfig(ctx context.Context) config.CourierConfigs + CourierConfig() config.CourierConfigs HTTPClient(ctx context.Context, opts ...httpx.ResilientOptions) *retryablehttp.Client } ) diff --git a/courier/template/testhelpers/testhelpers.go b/courier/template/testhelpers/testhelpers.go index d2e1d46cd40d..8a50fcee271f 100644 --- a/courier/template/testhelpers/testhelpers.go +++ b/courier/template/testhelpers/testhelpers.go @@ -24,7 +24,7 @@ import ( func SetupRemoteConfig(t *testing.T, ctx context.Context, plaintext string, html string, subject string) *driver.RegistryDefault { _, reg := internal.NewFastRegistryWithMocks(t) - require.NoError(t, reg.Config(ctx).Set(config.ViperKeyCourierTemplatesRecoveryInvalidEmail, &config.CourierEmailTemplate{ + require.NoError(t, reg.Config().Set(ctx, config.ViperKeyCourierTemplatesRecoveryInvalidEmail, &config.CourierEmailTemplate{ Body: &config.CourierEmailBodyTemplate{ PlainText: plaintext, HTML: html, diff --git a/courier/test/persistence.go b/courier/test/persistence.go index 78efe40166b3..12323715a434 100644 --- a/courier/test/persistence.go +++ b/courier/test/persistence.go @@ -20,7 +20,7 @@ import ( type PersisterWrapper interface { GetConnection(ctx context.Context) *pop.Connection - NetworkID() uuid.UUID + NetworkID(ctx context.Context) uuid.UUID courier.Persister } @@ -116,7 +116,7 @@ func TestPersister(ctx context.Context, newNetworkUnlessExisting NetworkWrapper, assert.EqualValues(t, id, expected.ID) assert.EqualValues(t, nid, expected.NID) - assert.EqualValues(t, nid, p.NetworkID()) + assert.EqualValues(t, nid, p.NetworkID(ctx)) actual, err := p.LatestQueuedMessage(ctx) require.NoError(t, err) diff --git a/driver/config/config.go b/driver/config/config.go index ef031ad2c365..b0c6006dcd84 100644 --- a/driver/config/config.go +++ b/driver/config/config.go @@ -15,6 +15,8 @@ import ( "testing" "time" + "github.com/ory/x/contextx" + "github.com/ory/jsonschema/v3/httploader" "github.com/ory/x/httpx" "github.com/ory/x/otelx" @@ -233,31 +235,32 @@ type ( Subject string `json:"subject"` } Config struct { - l *logrusx.Logger - p *configx.Provider - identitySchema *jsonschema.Schema - stdOutOrErr io.Writer + l *logrusx.Logger + p *configx.Provider + c contextx.Contextualizer + identityMetaSchema *jsonschema.Schema + stdOutOrErr io.Writer } Provider interface { - Config(ctx context.Context) *Config + Config() *Config } CourierConfigs interface { - CourierSMTPURL() *url.URL - CourierSMTPClientCertPath() string - CourierSMTPClientKeyPath() string - CourierSMTPFrom() string - CourierSMTPFromName() string - CourierSMTPHeaders() map[string]string - CourierSMTPLocalName() string - CourierSMSEnabled() bool - CourierSMSFrom() string - CourierSMSRequestConfig() json.RawMessage - CourierTemplatesRoot() string - CourierTemplatesVerificationInvalid() *CourierEmailTemplate - CourierTemplatesVerificationValid() *CourierEmailTemplate - CourierTemplatesRecoveryInvalid() *CourierEmailTemplate - CourierTemplatesRecoveryValid() *CourierEmailTemplate - CourierMessageRetries() int + CourierSMTPURL(ctx context.Context) *url.URL + CourierSMTPClientCertPath(ctx context.Context) string + CourierSMTPClientKeyPath(ctx context.Context) string + CourierSMTPFrom(ctx context.Context) string + CourierSMTPFromName(ctx context.Context) string + CourierSMTPHeaders(ctx context.Context) map[string]string + CourierSMTPLocalName(ctx context.Context) string + CourierSMSEnabled(ctx context.Context) bool + CourierSMSFrom(ctx context.Context) string + CourierSMSRequestConfig(ctx context.Context) json.RawMessage + CourierTemplatesRoot(ctx context.Context) string + CourierTemplatesVerificationInvalid(ctx context.Context) *CourierEmailTemplate + CourierTemplatesVerificationValid(ctx context.Context) *CourierEmailTemplate + CourierTemplatesRecoveryInvalid(ctx context.Context) *CourierEmailTemplate + CourierTemplatesRecoveryValid(ctx context.Context) *CourierEmailTemplate + CourierMessageRetries(ctx context.Context) int } ) @@ -341,7 +344,7 @@ func New(ctx context.Context, l *logrusx.Logger, stdOutOrErr io.Writer, opts ... l.UseConfig(p) - c = &Config{l: l, p: p, stdOutOrErr: stdOutOrErr} + c = NewCustom(l, p, stdOutOrErr, &contextx.Default{}) if !p.SkipValidation() { if err := c.validateIdentitySchemas(ctx); err != nil { @@ -352,20 +355,25 @@ func New(ctx context.Context, l *logrusx.Logger, stdOutOrErr io.Writer, opts ... return c, nil } +func NewCustom(l *logrusx.Logger, p *configx.Provider, stdOutOrErr io.Writer, ctxt contextx.Contextualizer) *Config { + l.UseConfig(p) + return &Config{l: l, p: p, c: ctxt, stdOutOrErr: stdOutOrErr} +} + func (p *Config) getIdentitySchemaValidator(ctx context.Context) (*jsonschema.Schema, error) { - if p.identitySchema == nil { + if p.identityMetaSchema == nil { c := jsonschema.NewCompiler() err := embedx.AddSchemaResources(c, embedx.IdentityMeta) if err != nil { return nil, err } - p.identitySchema, err = c.Compile(ctx, embedx.IdentityMeta.GetSchemaID()) + p.identityMetaSchema, err = c.Compile(ctx, embedx.IdentityMeta.GetSchemaID()) if err != nil { return nil, errors.WithStack(err) } } - return p.identitySchema, nil + return p.identityMetaSchema, nil } type validateIdentitySchemasContextKey int @@ -387,7 +395,7 @@ func (p *Config) validateIdentitySchemas(ctx context.Context) error { opts = o } - if p.ClientHTTPNoPrivateIPRanges() { + if p.ClientHTTPNoPrivateIPRanges(ctx) { opts = append(opts, httpx.ResilientClientDisallowInternalIPs()) } @@ -398,7 +406,7 @@ func (p *Config) validateIdentitySchemas(ctx context.Context) error { return err } - ss, err := p.IdentityTraitsSchemas() + ss, err := p.IdentityTraitsSchemas(ctx) if err != nil { return err } @@ -428,23 +436,23 @@ func (p *Config) formatJsonErrors(schema []byte, err error) { jsonschemax.FormatValidationErrorForCLI(p.stdOutOrErr, schema, err) } -func (p *Config) Source() *configx.Provider { - return p.p -} - -func (p *Config) CORS(iface string) (cors.Options, bool) { +func (p *Config) CORS(ctx context.Context, iface string) (cors.Options, bool) { switch iface { case "admin": - return p.cors("serve.admin") + return p.cors(ctx, "serve.admin") case "public": - return p.cors("serve.public") + return p.cors(ctx, "serve.public") default: panic(fmt.Sprintf("Received unexpected CORS interface: %s", iface)) } } -func (p *Config) cors(prefix string) (cors.Options, bool) { - return p.p.CORS(prefix, cors.Options{ +func (p *Config) SetTracer(ctx context.Context, t *otelx.Tracer) { + p.GetProvider(ctx).SetTracer(ctx, t) +} + +func (p *Config) cors(ctx context.Context, prefix string) (cors.Options, bool) { + return p.GetProvider(ctx).CORS(prefix, cors.Options{ AllowedMethods: []string{"GET", "POST", "PUT", "PATCH", "DELETE"}, AllowedHeaders: []string{"Authorization", "Content-Type", "Cookie"}, ExposedHeaders: []string{"Content-Type", "Set-Cookie"}, @@ -452,65 +460,66 @@ func (p *Config) cors(prefix string) (cors.Options, bool) { }) } -func (p *Config) Set(key string, value interface{}) error { - return p.p.Set(key, value) +func (p *Config) Set(ctx context.Context, key string, value interface{}) error { + return p.GetProvider(ctx).Set(key, value) } -func (p *Config) MustSet(key string, value interface{}) { - if err := p.p.Set(key, value); err != nil { +func (p *Config) MustSet(ctx context.Context, key string, value interface{}) { + if err := p.GetProvider(ctx).Set(key, value); err != nil { p.l.WithError(err).Fatalf("Unable to set \"%s\" to \"%s\".", key, value) } } -func (p *Config) SessionName() string { - return stringsx.Coalesce(p.p.String(ViperKeySessionName), DefaultSessionCookieName) +func (p *Config) SessionName(ctx context.Context) string { + return stringsx.Coalesce(p.GetProvider(ctx).String(ViperKeySessionName), DefaultSessionCookieName) } -func (p *Config) HasherArgon2() *Argon2 { +func (p *Config) HasherArgon2(ctx context.Context) *Argon2 { // warn about usage of default values and point to the docs // warning will require https://github.com/ory/viper/issues/19 return &Argon2{ - Memory: p.p.ByteSizeF(ViperKeyHasherArgon2ConfigMemory, Argon2DefaultMemory), - Iterations: uint32(p.p.IntF(ViperKeyHasherArgon2ConfigIterations, int(Argon2DefaultIterations))), - Parallelism: uint8(p.p.IntF(ViperKeyHasherArgon2ConfigParallelism, int(Argon2DefaultParallelism))), - SaltLength: uint32(p.p.IntF(ViperKeyHasherArgon2ConfigSaltLength, int(Argon2DefaultSaltLength))), - KeyLength: uint32(p.p.IntF(ViperKeyHasherArgon2ConfigKeyLength, int(Argon2DefaultKeyLength))), - ExpectedDuration: p.p.DurationF(ViperKeyHasherArgon2ConfigExpectedDuration, Argon2DefaultDuration), - ExpectedDeviation: p.p.DurationF(ViperKeyHasherArgon2ConfigExpectedDeviation, Argon2DefaultDeviation), - DedicatedMemory: p.p.ByteSizeF(ViperKeyHasherArgon2ConfigDedicatedMemory, Argon2DefaultDedicatedMemory), + Memory: p.GetProvider(ctx).ByteSizeF(ViperKeyHasherArgon2ConfigMemory, Argon2DefaultMemory), + Iterations: uint32(p.GetProvider(ctx).IntF(ViperKeyHasherArgon2ConfigIterations, int(Argon2DefaultIterations))), + Parallelism: uint8(p.GetProvider(ctx).IntF(ViperKeyHasherArgon2ConfigParallelism, int(Argon2DefaultParallelism))), + SaltLength: uint32(p.GetProvider(ctx).IntF(ViperKeyHasherArgon2ConfigSaltLength, int(Argon2DefaultSaltLength))), + KeyLength: uint32(p.GetProvider(ctx).IntF(ViperKeyHasherArgon2ConfigKeyLength, int(Argon2DefaultKeyLength))), + ExpectedDuration: p.GetProvider(ctx).DurationF(ViperKeyHasherArgon2ConfigExpectedDuration, Argon2DefaultDuration), + ExpectedDeviation: p.GetProvider(ctx).DurationF(ViperKeyHasherArgon2ConfigExpectedDeviation, Argon2DefaultDeviation), + DedicatedMemory: p.GetProvider(ctx).ByteSizeF(ViperKeyHasherArgon2ConfigDedicatedMemory, Argon2DefaultDedicatedMemory), } } -func (p *Config) HasherBcrypt() *Bcrypt { - cost := uint32(p.p.IntF(ViperKeyHasherBcryptCost, int(BcryptDefaultCost))) - if !p.IsInsecureDevMode() && cost < BcryptDefaultCost { +func (p *Config) HasherBcrypt(ctx context.Context) *Bcrypt { + cost := uint32(p.GetProvider(ctx).IntF(ViperKeyHasherBcryptCost, int(BcryptDefaultCost))) + if !p.IsInsecureDevMode(ctx) && cost < BcryptDefaultCost { cost = BcryptDefaultCost } return &Bcrypt{Cost: cost} } -func (p *Config) listenOn(key string) string { +func (p *Config) listenOn(ctx context.Context, key string) string { fb := 4433 if key == "admin" { fb = 4434 } - port := p.p.IntF("serve."+key+".port", fb) + pp := p.GetProvider(ctx) + port := pp.IntF("serve."+key+".port", fb) if port < 1 { p.l.Fatalf("serve.%s.port can not be zero or negative", key) } - return configx.GetAddress(p.p.String("serve."+key+".host"), port) + return configx.GetAddress(pp.String("serve."+key+".host"), port) } -func (p *Config) DefaultIdentityTraitsSchemaURL() (*url.URL, error) { - ss, err := p.IdentityTraitsSchemas() +func (p *Config) DefaultIdentityTraitsSchemaURL(ctx context.Context) (*url.URL, error) { + ss, err := p.IdentityTraitsSchemas(ctx) if err != nil { return nil, err } - search := p.p.String(ViperKeyDefaultIdentitySchemaID) + search := p.GetProvider(ctx).String(ViperKeyDefaultIdentitySchemaID) found, err := ss.FindSchemaByID(search) if err != nil { return nil, err @@ -519,52 +528,55 @@ func (p *Config) DefaultIdentityTraitsSchemaURL() (*url.URL, error) { return p.ParseURI(found.URL) } -func (p *Config) DefaultIdentityTraitsSchemaID() string { - return p.p.String(ViperKeyDefaultIdentitySchemaID) +func (p *Config) DefaultIdentityTraitsSchemaID(ctx context.Context) string { + return p.GetProvider(ctx).String(ViperKeyDefaultIdentitySchemaID) } -func (p *Config) TOTPIssuer() string { - return p.Source().StringF(ViperKeyTOTPIssuer, p.SelfPublicURL().Hostname()) +func (p *Config) TOTPIssuer(ctx context.Context) string { + return p.GetProvider(ctx).StringF(ViperKeyTOTPIssuer, p.SelfPublicURL(ctx).Hostname()) } -func (p *Config) OIDCRedirectURIBase() *url.URL { - return p.Source().URIF(ViperKeyOIDCBaseRedirectURL, p.SelfPublicURL()) +func (p *Config) OIDCRedirectURIBase(ctx context.Context) *url.URL { + return p.GetProvider(ctx).URIF(ViperKeyOIDCBaseRedirectURL, p.SelfPublicURL(ctx)) } -func (p *Config) IdentityTraitsSchemas() (ss Schemas, err error) { - if err = p.Source().Koanf.Unmarshal(ViperKeyIdentitySchemas, &ss); err != nil { +func (p *Config) IdentityTraitsSchemas(ctx context.Context) (ss Schemas, err error) { + if err = p.GetProvider(ctx).Koanf.Unmarshal(ViperKeyIdentitySchemas, &ss); err != nil { return ss, nil } return ss, nil } -func (p *Config) AdminListenOn() string { - return p.listenOn("admin") +func (p *Config) AdminListenOn(ctx context.Context) string { + return p.listenOn(ctx, "admin") } -func (p *Config) PublicListenOn() string { - return p.listenOn("public") +func (p *Config) PublicListenOn(ctx context.Context) string { + return p.listenOn(ctx, "public") } -func (p *Config) PublicSocketPermission() *configx.UnixPermission { +func (p *Config) PublicSocketPermission(ctx context.Context) *configx.UnixPermission { + pp := p.GetProvider(ctx) return &configx.UnixPermission{ - Owner: p.p.String(ViperKeyPublicSocketOwner), - Group: p.p.String(ViperKeyPublicSocketGroup), - Mode: os.FileMode(p.p.IntF(ViperKeyPublicSocketMode, 0755)), + Owner: pp.String(ViperKeyPublicSocketOwner), + Group: pp.String(ViperKeyPublicSocketGroup), + Mode: os.FileMode(pp.IntF(ViperKeyPublicSocketMode, 0755)), } } -func (p *Config) AdminSocketPermission() *configx.UnixPermission { +func (p *Config) AdminSocketPermission(ctx context.Context) *configx.UnixPermission { + pp := p.GetProvider(ctx) return &configx.UnixPermission{ - Owner: p.p.String(ViperKeyAdminSocketOwner), - Group: p.p.String(ViperKeyAdminSocketGroup), - Mode: os.FileMode(p.p.IntF(ViperKeyAdminSocketMode, 0755)), + Owner: pp.String(ViperKeyAdminSocketOwner), + Group: pp.String(ViperKeyAdminSocketGroup), + Mode: os.FileMode(pp.IntF(ViperKeyAdminSocketMode, 0755)), } } -func (p *Config) DSN() string { - dsn := p.p.String(ViperKeyDSN) +func (p *Config) DSN(ctx context.Context) string { + pp := p.GetProvider(ctx) + dsn := pp.String(ViperKeyDSN) if dsn == "memory" { return DefaultSQLiteMemoryDSN @@ -578,45 +590,47 @@ func (p *Config) DSN() string { return "" } -func (p *Config) DisableAPIFlowEnforcement() bool { - if p.IsInsecureDevMode() && os.Getenv("DEV_DISABLE_API_FLOW_ENFORCEMENT") == "true" { +func (p *Config) DisableAPIFlowEnforcement(ctx context.Context) bool { + if p.IsInsecureDevMode(ctx) && os.Getenv("DEV_DISABLE_API_FLOW_ENFORCEMENT") == "true" { p.l.Warn("Because \"DEV_DISABLE_API_FLOW_ENFORCEMENT=true\" and the \"--dev\" flag are set, self-service API flows will no longer check if the interaction is actually a browser flow. This is very dangerous as it allows bypassing of anti-CSRF measures, leaving the deployment highly vulnerable. This option should only be used for automated testing and never come close to real user data anywhere.") return true } return false } -func (p *Config) ClientHTTPNoPrivateIPRanges() bool { - return p.p.Bool(ViperKeyClientHTTPNoPrivateIPRanges) +func (p *Config) ClientHTTPNoPrivateIPRanges(ctx context.Context) bool { + return p.GetProvider(ctx).Bool(ViperKeyClientHTTPNoPrivateIPRanges) } -func (p *Config) SelfServiceFlowRegistrationEnabled() bool { - return p.p.Bool(ViperKeySelfServiceRegistrationEnabled) +func (p *Config) SelfServiceFlowRegistrationEnabled(ctx context.Context) bool { + return p.GetProvider(ctx).Bool(ViperKeySelfServiceRegistrationEnabled) } -func (p *Config) SelfServiceFlowVerificationEnabled() bool { - return p.p.Bool(ViperKeySelfServiceVerificationEnabled) +func (p *Config) SelfServiceFlowVerificationEnabled(ctx context.Context) bool { + return p.GetProvider(ctx).Bool(ViperKeySelfServiceVerificationEnabled) } -func (p *Config) SelfServiceFlowRecoveryEnabled() bool { - return p.p.Bool(ViperKeySelfServiceRecoveryEnabled) +func (p *Config) SelfServiceFlowRecoveryEnabled(ctx context.Context) bool { + return p.GetProvider(ctx).Bool(ViperKeySelfServiceRecoveryEnabled) } -func (p *Config) SelfServiceFlowLoginBeforeHooks() []SelfServiceHook { - return p.selfServiceHooks(ViperKeySelfServiceLoginBeforeHooks) +func (p *Config) SelfServiceFlowLoginBeforeHooks(ctx context.Context) []SelfServiceHook { + return p.selfServiceHooks(ctx, ViperKeySelfServiceLoginBeforeHooks) } -func (p *Config) SelfServiceFlowRegistrationBeforeHooks() []SelfServiceHook { - return p.selfServiceHooks(ViperKeySelfServiceRegistrationBeforeHooks) +func (p *Config) SelfServiceFlowRegistrationBeforeHooks(ctx context.Context) []SelfServiceHook { + return p.selfServiceHooks(ctx, ViperKeySelfServiceRegistrationBeforeHooks) } -func (p *Config) selfServiceHooks(key string) []SelfServiceHook { +func (p *Config) selfServiceHooks(ctx context.Context, key string) []SelfServiceHook { + pp := p.GetProvider(ctx) + var hooks []SelfServiceHook - if !p.p.Exists(key) { + if !pp.Exists(key) { return []SelfServiceHook{} } - out, err := p.p.Marshal(kjson.Parser()) + out, err := pp.Marshal(kjson.Parser()) if err != nil { p.l.WithError(err).Fatalf("Unable to decode values from configuration key: %s", key) } @@ -639,21 +653,23 @@ func (p *Config) selfServiceHooks(key string) []SelfServiceHook { return hooks } -func (p *Config) SelfServiceFlowLoginAfterHooks(strategy string) []SelfServiceHook { - return p.selfServiceHooks(HookStrategyKey(ViperKeySelfServiceLoginAfter, strategy)) +func (p *Config) SelfServiceFlowLoginAfterHooks(ctx context.Context, strategy string) []SelfServiceHook { + return p.selfServiceHooks(ctx, HookStrategyKey(ViperKeySelfServiceLoginAfter, strategy)) } -func (p *Config) SelfServiceFlowSettingsAfterHooks(strategy string) []SelfServiceHook { - return p.selfServiceHooks(HookStrategyKey(ViperKeySelfServiceSettingsAfter, strategy)) +func (p *Config) SelfServiceFlowSettingsAfterHooks(ctx context.Context, strategy string) []SelfServiceHook { + return p.selfServiceHooks(ctx, HookStrategyKey(ViperKeySelfServiceSettingsAfter, strategy)) } -func (p *Config) SelfServiceFlowRegistrationAfterHooks(strategy string) []SelfServiceHook { - return p.selfServiceHooks(HookStrategyKey(ViperKeySelfServiceRegistrationAfter, strategy)) +func (p *Config) SelfServiceFlowRegistrationAfterHooks(ctx context.Context, strategy string) []SelfServiceHook { + return p.selfServiceHooks(ctx, HookStrategyKey(ViperKeySelfServiceRegistrationAfter, strategy)) } -func (p *Config) SelfServiceStrategy(strategy string) *SelfServiceStrategy { +func (p *Config) SelfServiceStrategy(ctx context.Context, strategy string) *SelfServiceStrategy { + pp := p.GetProvider(ctx) + config := "{}" - out, err := p.p.Marshal(kjson.Parser()) + out, err := pp.Marshal(kjson.Parser()) if err != nil { p.l.WithError(err).Warn("Unable to marshal self service strategy configuration.") } else if c := gjson.GetBytes(out, @@ -663,13 +679,13 @@ func (p *Config) SelfServiceStrategy(strategy string) *SelfServiceStrategy { enabledKey := fmt.Sprintf("%s.%s.enabled", ViperKeySelfServiceStrategyConfig, strategy) s := &SelfServiceStrategy{ - Enabled: p.p.Bool(enabledKey), + Enabled: pp.Bool(enabledKey), Config: json.RawMessage(config), } // The default value can easily be overwritten by setting e.g. `{"selfservice": "null"}` which means that // we need to forcibly set these values here: - if !p.p.Exists(enabledKey) { + if !pp.Exists(enabledKey) { switch strategy { case "password": fallthrough @@ -687,12 +703,13 @@ func (p *Config) SelfServiceStrategy(strategy string) *SelfServiceStrategy { return s } -func (p *Config) SecretsDefault() [][]byte { - secrets := p.p.Strings(ViperKeySecretsDefault) +func (p *Config) SecretsDefault(ctx context.Context) [][]byte { + pp := p.GetProvider(ctx) + secrets := pp.Strings(ViperKeySecretsDefault) if len(secrets) == 0 { secrets = []string{uuid.New().String()} - p.MustSet(ViperKeySecretsDefault, secrets) + p.MustSet(ctx, ViperKeySecretsDefault, secrets) } result := make([][]byte, len(secrets)) @@ -703,10 +720,10 @@ func (p *Config) SecretsDefault() [][]byte { return result } -func (p *Config) SecretsSession() [][]byte { - secrets := p.p.Strings(ViperKeySecretsCookie) +func (p *Config) SecretsSession(ctx context.Context) [][]byte { + secrets := p.GetProvider(ctx).Strings(ViperKeySecretsCookie) if len(secrets) == 0 { - return p.SecretsDefault() + return p.SecretsDefault(ctx) } result := make([][]byte, len(secrets)) @@ -717,8 +734,8 @@ func (p *Config) SecretsSession() [][]byte { return result } -func (p *Config) SecretsCipher() [][32]byte { - secrets := p.p.Strings(ViperKeySecretsCipher) +func (p *Config) SecretsCipher(ctx context.Context) [][32]byte { + secrets := p.GetProvider(ctx).Strings(ViperKeySecretsCipher) var cleanSecrets []string for k := range secrets { if len(secrets[k]) == 32 { @@ -737,14 +754,14 @@ func (p *Config) SecretsCipher() [][32]byte { return result } -func (p *Config) SelfServiceBrowserDefaultReturnTo() *url.URL { - return p.ParseAbsoluteOrRelativeURIOrFail(ViperKeySelfServiceBrowserDefaultReturnTo) +func (p *Config) SelfServiceBrowserDefaultReturnTo(ctx context.Context) *url.URL { + return p.ParseAbsoluteOrRelativeURIOrFail(ctx, ViperKeySelfServiceBrowserDefaultReturnTo) } -func (p *Config) guessBaseURL(keyHost, keyPort string, defaultPort int) *url.URL { - port := p.p.IntF(keyPort, defaultPort) +func (p *Config) guessBaseURL(ctx context.Context, keyHost, keyPort string, defaultPort int) *url.URL { + port := p.GetProvider(ctx).IntF(keyPort, defaultPort) - host := p.p.String(keyHost) + host := p.GetProvider(ctx).String(keyHost) if host == "0.0.0.0" || len(host) == 0 { var err error host, err = os.Hostname() @@ -755,15 +772,15 @@ func (p *Config) guessBaseURL(keyHost, keyPort string, defaultPort int) *url.URL } guess := url.URL{Host: fmt.Sprintf("%s:%d", host, port), Scheme: "https", Path: "/"} - if p.IsInsecureDevMode() { + if p.IsInsecureDevMode(ctx) { guess.Scheme = "http" } return &guess } -func (p *Config) baseURL(keyURL, keyHost, keyPort string, defaultPort int) *url.URL { - switch t := p.p.Get(keyURL).(type) { +func (p *Config) baseURL(ctx context.Context, keyURL, keyHost, keyPort string, defaultPort int) *url.URL { + switch t := p.GetProvider(ctx).Get(keyURL).(type) { case *url.URL: return t case url.URL: @@ -772,66 +789,66 @@ func (p *Config) baseURL(keyURL, keyHost, keyPort string, defaultPort int) *url. parsed, err := url.ParseRequestURI(t) if err != nil { p.l.WithError(err).Errorf("Configuration key %s is not a valid URL. Falling back to optimistically guessing the server's base URL. Please set a value to avoid problems with redirects and cookies.", keyURL) - return p.guessBaseURL(keyHost, keyPort, defaultPort) + return p.guessBaseURL(ctx, keyHost, keyPort, defaultPort) } return parsed } p.l.Warnf("Configuration key %s was left empty. Optimistically guessing the server's base URL. Please set a value to avoid problems with redirects and cookies.", keyURL) - return p.guessBaseURL(keyHost, keyPort, defaultPort) + return p.guessBaseURL(ctx, keyHost, keyPort, defaultPort) } -func (p *Config) DisablePublicHealthRequestLog() bool { - return p.p.Bool(ViperKeyDisablePublicHealthRequestLog) +func (p *Config) DisablePublicHealthRequestLog(ctx context.Context) bool { + return p.GetProvider(ctx).Bool(ViperKeyDisablePublicHealthRequestLog) } -func (p *Config) SelfPublicURL() *url.URL { - return p.baseURL(ViperKeyPublicBaseURL, ViperKeyPublicHost, ViperKeyPublicPort, 4433) +func (p *Config) SelfPublicURL(ctx context.Context) *url.URL { + return p.baseURL(ctx, ViperKeyPublicBaseURL, ViperKeyPublicHost, ViperKeyPublicPort, 4433) } -func (p *Config) DisableAdminHealthRequestLog() bool { - return p.p.Bool(ViperKeyDisableAdminHealthRequestLog) +func (p *Config) DisableAdminHealthRequestLog(ctx context.Context) bool { + return p.GetProvider(ctx).Bool(ViperKeyDisableAdminHealthRequestLog) } -func (p *Config) SelfAdminURL() *url.URL { - return p.baseURL(ViperKeyAdminBaseURL, ViperKeyAdminHost, ViperKeyAdminPort, 4434) +func (p *Config) SelfAdminURL(ctx context.Context) *url.URL { + return p.baseURL(ctx, ViperKeyAdminBaseURL, ViperKeyAdminHost, ViperKeyAdminPort, 4434) } -func (p *Config) CourierSMTPURL() *url.URL { - return p.ParseURIOrFail(ViperKeyCourierSMTPURL) +func (p *Config) CourierSMTPURL(ctx context.Context) *url.URL { + return p.ParseURIOrFail(ctx, ViperKeyCourierSMTPURL) } -func (p *Config) SelfServiceFlowLoginUI() *url.URL { - return p.ParseAbsoluteOrRelativeURIOrFail(ViperKeySelfServiceLoginUI) +func (p *Config) SelfServiceFlowLoginUI(ctx context.Context) *url.URL { + return p.ParseAbsoluteOrRelativeURIOrFail(ctx, ViperKeySelfServiceLoginUI) } -func (p *Config) SelfServiceFlowSettingsUI() *url.URL { - return p.ParseAbsoluteOrRelativeURIOrFail(ViperKeySelfServiceSettingsURL) +func (p *Config) SelfServiceFlowSettingsUI(ctx context.Context) *url.URL { + return p.ParseAbsoluteOrRelativeURIOrFail(ctx, ViperKeySelfServiceSettingsURL) } -func (p *Config) SelfServiceFlowErrorURL() *url.URL { - return p.ParseAbsoluteOrRelativeURIOrFail(ViperKeySelfServiceErrorUI) +func (p *Config) SelfServiceFlowErrorURL(ctx context.Context) *url.URL { + return p.ParseAbsoluteOrRelativeURIOrFail(ctx, ViperKeySelfServiceErrorUI) } -func (p *Config) SelfServiceFlowRegistrationUI() *url.URL { - return p.ParseAbsoluteOrRelativeURIOrFail(ViperKeySelfServiceRegistrationUI) +func (p *Config) SelfServiceFlowRegistrationUI(ctx context.Context) *url.URL { + return p.ParseAbsoluteOrRelativeURIOrFail(ctx, ViperKeySelfServiceRegistrationUI) } -func (p *Config) SelfServiceFlowRecoveryUI() *url.URL { - return p.ParseAbsoluteOrRelativeURIOrFail(ViperKeySelfServiceRecoveryUI) +func (p *Config) SelfServiceFlowRecoveryUI(ctx context.Context) *url.URL { + return p.ParseAbsoluteOrRelativeURIOrFail(ctx, ViperKeySelfServiceRecoveryUI) } // SessionLifespan returns nil when the value is not set. -func (p *Config) SessionLifespan() time.Duration { - return p.p.DurationF(ViperKeySessionLifespan, time.Hour*24) +func (p *Config) SessionLifespan(ctx context.Context) time.Duration { + return p.GetProvider(ctx).DurationF(ViperKeySessionLifespan, time.Hour*24) } -func (p *Config) SessionPersistentCookie() bool { - return p.p.Bool(ViperKeySessionPersistentCookie) +func (p *Config) SessionPersistentCookie(ctx context.Context) bool { + return p.GetProvider(ctx).Bool(ViperKeySessionPersistentCookie) } -func (p *Config) SelfServiceBrowserAllowedReturnToDomains() (us []url.URL) { - src := p.p.Strings(ViperKeyURLsAllowedReturnToDomains) +func (p *Config) SelfServiceBrowserAllowedReturnToDomains(ctx context.Context) (us []url.URL) { + src := p.GetProvider(ctx).Strings(ViperKeyURLsAllowedReturnToDomains) for k, u := range src { if len(u) == 0 { continue @@ -861,47 +878,47 @@ func (p *Config) SelfServiceBrowserAllowedReturnToDomains() (us []url.URL) { return us } -func (p *Config) SelfServiceFlowLoginRequestLifespan() time.Duration { - return p.p.DurationF(ViperKeySelfServiceLoginRequestLifespan, time.Hour) +func (p *Config) SelfServiceFlowLoginRequestLifespan(ctx context.Context) time.Duration { + return p.GetProvider(ctx).DurationF(ViperKeySelfServiceLoginRequestLifespan, time.Hour) } -func (p *Config) SelfServiceFlowSettingsFlowLifespan() time.Duration { - return p.p.DurationF(ViperKeySelfServiceSettingsRequestLifespan, time.Hour) +func (p *Config) SelfServiceFlowSettingsFlowLifespan(ctx context.Context) time.Duration { + return p.GetProvider(ctx).DurationF(ViperKeySelfServiceSettingsRequestLifespan, time.Hour) } -func (p *Config) SelfServiceFlowRegistrationRequestLifespan() time.Duration { - return p.p.DurationF(ViperKeySelfServiceRegistrationRequestLifespan, time.Hour) +func (p *Config) SelfServiceFlowRegistrationRequestLifespan(ctx context.Context) time.Duration { + return p.GetProvider(ctx).DurationF(ViperKeySelfServiceRegistrationRequestLifespan, time.Hour) } -func (p *Config) SelfServiceFlowLogoutRedirectURL() *url.URL { - return p.p.RequestURIF(ViperKeySelfServiceLogoutBrowserDefaultReturnTo, p.SelfServiceBrowserDefaultReturnTo()) +func (p *Config) SelfServiceFlowLogoutRedirectURL(ctx context.Context) *url.URL { + return p.GetProvider(ctx).RequestURIF(ViperKeySelfServiceLogoutBrowserDefaultReturnTo, p.SelfServiceBrowserDefaultReturnTo(ctx)) } -func (p *Config) CourierSMTPClientCertPath() string { - return p.p.StringF(ViperKeyCourierSMTPClientCertPath, "") +func (p *Config) CourierSMTPClientCertPath(ctx context.Context) string { + return p.GetProvider(ctx).StringF(ViperKeyCourierSMTPClientCertPath, "") } -func (p *Config) CourierSMTPClientKeyPath() string { - return p.p.StringF(ViperKeyCourierSMTPClientKeyPath, "") +func (p *Config) CourierSMTPClientKeyPath(ctx context.Context) string { + return p.GetProvider(ctx).StringF(ViperKeyCourierSMTPClientKeyPath, "") } -func (p *Config) CourierSMTPFrom() string { - return p.p.StringF(ViperKeyCourierSMTPFrom, "noreply@kratos.ory.sh") +func (p *Config) CourierSMTPFrom(ctx context.Context) string { + return p.GetProvider(ctx).StringF(ViperKeyCourierSMTPFrom, "noreply@kratos.ory.sh") } -func (p *Config) CourierSMTPFromName() string { - return p.p.StringF(ViperKeyCourierSMTPFromName, "") +func (p *Config) CourierSMTPFromName(ctx context.Context) string { + return p.GetProvider(ctx).StringF(ViperKeyCourierSMTPFromName, "") } -func (p *Config) CourierSMTPLocalName() string { - return p.p.StringF(ViperKeyCourierSMTPLocalName, "localhost") +func (p *Config) CourierSMTPLocalName(ctx context.Context) string { + return p.GetProvider(ctx).StringF(ViperKeyCourierSMTPLocalName, "localhost") } -func (p *Config) CourierTemplatesRoot() string { - return p.p.StringF(ViperKeyCourierTemplatesPath, "courier/builtin/templates") +func (p *Config) CourierTemplatesRoot(ctx context.Context) string { + return p.GetProvider(ctx).StringF(ViperKeyCourierTemplatesPath, "courier/builtin/templates") } -func (p *Config) CourierTemplatesHelper(key string) *CourierEmailTemplate { +func (p *Config) CourierTemplatesHelper(ctx context.Context, key string) *CourierEmailTemplate { courierTemplate := &CourierEmailTemplate{ Body: &CourierEmailBodyTemplate{ PlainText: "", @@ -910,11 +927,11 @@ func (p *Config) CourierTemplatesHelper(key string) *CourierEmailTemplate { Subject: "", } - if !p.p.Exists(key) { + if !p.GetProvider(ctx).Exists(key) { return courierTemplate } - out, err := p.p.Marshal(kjson.Parser()) + out, err := p.GetProvider(ctx).Marshal(kjson.Parser()) if err != nil { p.l.WithError(err).Fatalf("Unable to dencode values from %s.", key) return courierTemplate @@ -932,36 +949,36 @@ func (p *Config) CourierTemplatesHelper(key string) *CourierEmailTemplate { return courierTemplate } -func (p *Config) CourierTemplatesVerificationInvalid() *CourierEmailTemplate { - return p.CourierTemplatesHelper(ViperKeyCourierTemplatesVerificationInvalidEmail) +func (p *Config) CourierTemplatesVerificationInvalid(ctx context.Context) *CourierEmailTemplate { + return p.CourierTemplatesHelper(ctx, ViperKeyCourierTemplatesVerificationInvalidEmail) } -func (p *Config) CourierTemplatesVerificationValid() *CourierEmailTemplate { - return p.CourierTemplatesHelper(ViperKeyCourierTemplatesVerificationValidEmail) +func (p *Config) CourierTemplatesVerificationValid(ctx context.Context) *CourierEmailTemplate { + return p.CourierTemplatesHelper(ctx, ViperKeyCourierTemplatesVerificationValidEmail) } -func (p *Config) CourierTemplatesRecoveryInvalid() *CourierEmailTemplate { - return p.CourierTemplatesHelper(ViperKeyCourierTemplatesRecoveryInvalidEmail) +func (p *Config) CourierTemplatesRecoveryInvalid(ctx context.Context) *CourierEmailTemplate { + return p.CourierTemplatesHelper(ctx, ViperKeyCourierTemplatesRecoveryInvalidEmail) } -func (p *Config) CourierTemplatesRecoveryValid() *CourierEmailTemplate { - return p.CourierTemplatesHelper(ViperKeyCourierTemplatesRecoveryValidEmail) +func (p *Config) CourierTemplatesRecoveryValid(ctx context.Context) *CourierEmailTemplate { + return p.CourierTemplatesHelper(ctx, ViperKeyCourierTemplatesRecoveryValidEmail) } -func (p *Config) CourierMessageRetries() int { - return p.p.IntF(ViperKeyCourierMessageRetries, 5) +func (p *Config) CourierMessageRetries(ctx context.Context) int { + return p.GetProvider(ctx).IntF(ViperKeyCourierMessageRetries, 5) } -func (p *Config) CourierSMTPHeaders() map[string]string { - return p.p.StringMap(ViperKeyCourierSMTPHeaders) +func (p *Config) CourierSMTPHeaders(ctx context.Context) map[string]string { + return p.GetProvider(ctx).StringMap(ViperKeyCourierSMTPHeaders) } -func (p *Config) CourierSMSRequestConfig() json.RawMessage { - if !p.p.Bool(ViperKeyCourierSMSEnabled) { +func (p *Config) CourierSMSRequestConfig(ctx context.Context) json.RawMessage { + if !p.GetProvider(ctx).Bool(ViperKeyCourierSMSEnabled) { return nil } - out, err := p.p.Marshal(kjson.Parser()) + out, err := p.GetProvider(ctx).Marshal(kjson.Parser()) if err != nil { p.l.WithError(err).Warn("Unable to marshal self service strategy configuration.") return nil @@ -975,12 +992,12 @@ func (p *Config) CourierSMSRequestConfig() json.RawMessage { return json.RawMessage(config) } -func (p *Config) CourierSMSFrom() string { - return p.p.StringF(ViperKeyCourierSMSFrom, "Ory Kratos") +func (p *Config) CourierSMSFrom(ctx context.Context) string { + return p.GetProvider(ctx).StringF(ViperKeyCourierSMSFrom, "Ory Kratos") } -func (p *Config) CourierSMSEnabled() bool { - return p.p.Bool(ViperKeyCourierSMSEnabled) +func (p *Config) CourierSMSEnabled(ctx context.Context) bool { + return p.GetProvider(ctx).Bool(ViperKeyCourierSMSEnabled) } func splitUrlAndFragment(s string) (string, string) { @@ -991,20 +1008,20 @@ func splitUrlAndFragment(s string) (string, string) { return s[:i], s[i+1:] } -func (p *Config) ParseAbsoluteOrRelativeURIOrFail(key string) *url.URL { - parsed, err := p.ParseAbsoluteOrRelativeURI(p.p.String(key)) +func (p *Config) ParseAbsoluteOrRelativeURIOrFail(ctx context.Context, key string) *url.URL { + parsed, err := p.ParseAbsoluteOrRelativeURI(p.GetProvider(ctx).String(key)) if err != nil { p.l.WithError(errors.WithStack(err)). - Fatalf("Configuration value from key %s is not a valid URL: %s", key, p.p.String(key)) + Fatalf("Configuration value from key %s is not a valid URL: %s", key, p.GetProvider(ctx).String(key)) } return parsed } -func (p *Config) ParseURIOrFail(key string) *url.URL { - parsed, err := p.ParseURI(p.p.String(key)) +func (p *Config) ParseURIOrFail(ctx context.Context, key string) *url.URL { + parsed, err := p.ParseURI(p.GetProvider(ctx).String(key)) if err != nil { p.l.WithField("reason", "expected scheme to be set"). - Fatalf("Configuration value from key %s is not a valid URL: %s", key, p.p.String(key)) + Fatalf("Configuration value from key %s is not a valid URL: %s", key, p.GetProvider(ctx).String(key)) } return parsed } @@ -1034,80 +1051,80 @@ func (p *Config) ParseURI(rawUrl string) (*url.URL, error) { return parsed, nil } -func (p *Config) Tracing() *otelx.Config { - return p.p.TracingConfig("Ory Kratos") +func (p *Config) Tracing(ctx context.Context) *otelx.Config { + return p.GetProvider(ctx).TracingConfig("Ory Kratos") } -func (p *Config) IsInsecureDevMode() bool { - return p.Source().Bool("dev") +func (p *Config) IsInsecureDevMode(ctx context.Context) bool { + return p.GetProvider(ctx).Bool("dev") } -func (p *Config) IsBackgroundCourierEnabled() bool { - return p.Source().Bool("watch-courier") +func (p *Config) IsBackgroundCourierEnabled(ctx context.Context) bool { + return p.GetProvider(ctx).Bool("watch-courier") } -func (p *Config) CourierExposeMetricsPort() int { - return p.Source().Int("expose-metrics-port") +func (p *Config) CourierExposeMetricsPort(ctx context.Context) int { + return p.GetProvider(ctx).Int("expose-metrics-port") } -func (p *Config) MetricsListenOn() string { - return strings.Replace(p.AdminListenOn(), ":4434", fmt.Sprintf(":%d", p.CourierExposeMetricsPort()), 1) +func (p *Config) MetricsListenOn(ctx context.Context) string { + return strings.Replace(p.AdminListenOn(ctx), ":4434", fmt.Sprintf(":%d", p.CourierExposeMetricsPort(ctx)), 1) } -func (p *Config) SelfServiceFlowVerificationUI() *url.URL { - return p.ParseAbsoluteOrRelativeURIOrFail(ViperKeySelfServiceVerificationUI) +func (p *Config) SelfServiceFlowVerificationUI(ctx context.Context) *url.URL { + return p.ParseAbsoluteOrRelativeURIOrFail(ctx, ViperKeySelfServiceVerificationUI) } -func (p *Config) SelfServiceFlowVerificationRequestLifespan() time.Duration { - return p.p.DurationF(ViperKeySelfServiceVerificationRequestLifespan, time.Hour) +func (p *Config) SelfServiceFlowVerificationRequestLifespan(ctx context.Context) time.Duration { + return p.GetProvider(ctx).DurationF(ViperKeySelfServiceVerificationRequestLifespan, time.Hour) } -func (p *Config) SelfServiceFlowVerificationReturnTo(defaultReturnTo *url.URL) *url.URL { - return p.p.RequestURIF(ViperKeySelfServiceVerificationBrowserDefaultReturnTo, defaultReturnTo) +func (p *Config) SelfServiceFlowVerificationReturnTo(ctx context.Context, defaultReturnTo *url.URL) *url.URL { + return p.GetProvider(ctx).RequestURIF(ViperKeySelfServiceVerificationBrowserDefaultReturnTo, defaultReturnTo) } -func (p *Config) SelfServiceFlowVerificationAfterHooks(strategy string) []SelfServiceHook { - return p.selfServiceHooks(HookStrategyKey(ViperKeySelfServiceVerificationAfter, strategy)) +func (p *Config) SelfServiceFlowVerificationAfterHooks(ctx context.Context, strategy string) []SelfServiceHook { + return p.selfServiceHooks(ctx, HookStrategyKey(ViperKeySelfServiceVerificationAfter, strategy)) } -func (p *Config) SelfServiceFlowRecoveryReturnTo() *url.URL { - return p.p.RequestURIF(ViperKeySelfServiceRecoveryBrowserDefaultReturnTo, p.SelfServiceBrowserDefaultReturnTo()) +func (p *Config) SelfServiceFlowRecoveryReturnTo(ctx context.Context) *url.URL { + return p.GetProvider(ctx).RequestURIF(ViperKeySelfServiceRecoveryBrowserDefaultReturnTo, p.SelfServiceBrowserDefaultReturnTo(ctx)) } -func (p *Config) SelfServiceFlowRecoveryRequestLifespan() time.Duration { - return p.p.DurationF(ViperKeySelfServiceRecoveryRequestLifespan, time.Hour) +func (p *Config) SelfServiceFlowRecoveryRequestLifespan(ctx context.Context) time.Duration { + return p.GetProvider(ctx).DurationF(ViperKeySelfServiceRecoveryRequestLifespan, time.Hour) } -func (p *Config) SelfServiceLinkMethodLifespan() time.Duration { - return p.p.DurationF(ViperKeyLinkLifespan, time.Hour) +func (p *Config) SelfServiceLinkMethodLifespan(ctx context.Context) time.Duration { + return p.GetProvider(ctx).DurationF(ViperKeyLinkLifespan, time.Hour) } -func (p *Config) SelfServiceLinkMethodBaseURL() *url.URL { - return p.p.RequestURIF(ViperKeyLinkBaseURL, p.SelfPublicURL()) +func (p *Config) SelfServiceLinkMethodBaseURL(ctx context.Context) *url.URL { + return p.GetProvider(ctx).RequestURIF(ViperKeyLinkBaseURL, p.SelfPublicURL(ctx)) } -func (p *Config) DatabaseCleanupSleepTables() time.Duration { - return p.p.Duration(ViperKeyDatabaseCleanupSleepTables) +func (p *Config) DatabaseCleanupSleepTables(ctx context.Context) time.Duration { + return p.GetProvider(ctx).Duration(ViperKeyDatabaseCleanupSleepTables) } -func (p *Config) DatabaseCleanupBatchSize() int { - return p.p.Int(ViperKeyDatabaseCleanupBatchSize) +func (p *Config) DatabaseCleanupBatchSize(ctx context.Context) int { + return p.GetProvider(ctx).Int(ViperKeyDatabaseCleanupBatchSize) } -func (p *Config) SelfServiceFlowRecoveryAfterHooks(strategy string) []SelfServiceHook { - return p.selfServiceHooks(HookStrategyKey(ViperKeySelfServiceRecoveryAfter, strategy)) +func (p *Config) SelfServiceFlowRecoveryAfterHooks(ctx context.Context, strategy string) []SelfServiceHook { + return p.selfServiceHooks(ctx, HookStrategyKey(ViperKeySelfServiceRecoveryAfter, strategy)) } -func (p *Config) SelfServiceFlowSettingsPrivilegedSessionMaxAge() time.Duration { - return p.p.DurationF(ViperKeySelfServiceSettingsPrivilegedAuthenticationAfter, time.Hour) +func (p *Config) SelfServiceFlowSettingsPrivilegedSessionMaxAge(ctx context.Context) time.Duration { + return p.GetProvider(ctx).DurationF(ViperKeySelfServiceSettingsPrivilegedAuthenticationAfter, time.Hour) } -func (p *Config) SessionSameSiteMode() http.SameSite { - if !p.p.Exists(ViperKeySessionSameSite) { - return p.CookieSameSiteMode() +func (p *Config) SessionSameSiteMode(ctx context.Context) http.SameSite { + if !p.GetProvider(ctx).Exists(ViperKeySessionSameSite) { + return p.CookieSameSiteMode(ctx) } - switch p.p.StringF(ViperKeySessionSameSite, "Lax") { + switch p.GetProvider(ctx).StringF(ViperKeySessionSameSite, "Lax") { case "Lax": return http.SameSiteLaxMode case "Strict": @@ -1118,31 +1135,31 @@ func (p *Config) SessionSameSiteMode() http.SameSite { return http.SameSiteDefaultMode } -func (p *Config) SessionDomain() string { - if !p.p.Exists(ViperKeySessionDomain) { - return p.CookieDomain() +func (p *Config) SessionDomain(ctx context.Context) string { + if !p.GetProvider(ctx).Exists(ViperKeySessionDomain) { + return p.CookieDomain(ctx) } - return p.p.String(ViperKeySessionDomain) + return p.GetProvider(ctx).String(ViperKeySessionDomain) } -func (p *Config) CookieDomain() string { - return p.p.String(ViperKeyCookieDomain) +func (p *Config) CookieDomain(ctx context.Context) string { + return p.GetProvider(ctx).String(ViperKeyCookieDomain) } -func (p *Config) SessionWhoAmIAAL() string { - return p.p.String(ViperKeySessionWhoAmIAAL) +func (p *Config) SessionWhoAmIAAL(ctx context.Context) string { + return p.GetProvider(ctx).String(ViperKeySessionWhoAmIAAL) } -func (p *Config) SessionRefreshMinTimeLeft() time.Duration { - return p.p.DurationF(ViperKeySessionRefreshMinTimeLeft, p.SessionLifespan()) +func (p *Config) SessionRefreshMinTimeLeft(ctx context.Context) time.Duration { + return p.GetProvider(ctx).DurationF(ViperKeySessionRefreshMinTimeLeft, p.SessionLifespan(ctx)) } -func (p *Config) SelfServiceSettingsRequiredAAL() string { - return p.p.String(ViperKeySelfServiceSettingsRequiredAAL) +func (p *Config) SelfServiceSettingsRequiredAAL(ctx context.Context) string { + return p.GetProvider(ctx).String(ViperKeySelfServiceSettingsRequiredAAL) } -func (p *Config) CookieSameSiteMode() http.SameSite { - switch p.p.StringF(ViperKeyCookieSameSite, "Lax") { +func (p *Config) CookieSameSiteMode(ctx context.Context) http.SameSite { + switch p.GetProvider(ctx).StringF(ViperKeyCookieSameSite, "Lax") { case "Lax": return http.SameSiteLaxMode case "Strict": @@ -1153,76 +1170,76 @@ func (p *Config) CookieSameSiteMode() http.SameSite { return http.SameSiteDefaultMode } -func (p *Config) SessionPath() string { - if !p.p.Exists(ViperKeySessionPath) { - return p.CookiePath() +func (p *Config) SessionPath(ctx context.Context) string { + if !p.GetProvider(ctx).Exists(ViperKeySessionPath) { + return p.CookiePath(ctx) } - return p.p.String(ViperKeySessionPath) + return p.GetProvider(ctx).String(ViperKeySessionPath) } -func (p *Config) CookiePath() string { - return p.p.String(ViperKeyCookiePath) +func (p *Config) CookiePath(ctx context.Context) string { + return p.GetProvider(ctx).String(ViperKeyCookiePath) } -func (p *Config) SelfServiceFlowLoginReturnTo(strategy string) *url.URL { - return p.selfServiceReturnTo(ViperKeySelfServiceLoginAfter, strategy) +func (p *Config) SelfServiceFlowLoginReturnTo(ctx context.Context, strategy string) *url.URL { + return p.selfServiceReturnTo(ctx, ViperKeySelfServiceLoginAfter, strategy) } -func (p *Config) SelfServiceFlowRegistrationReturnTo(strategy string) *url.URL { - return p.selfServiceReturnTo(ViperKeySelfServiceRegistrationAfter, strategy) +func (p *Config) SelfServiceFlowRegistrationReturnTo(ctx context.Context, strategy string) *url.URL { + return p.selfServiceReturnTo(ctx, ViperKeySelfServiceRegistrationAfter, strategy) } -func (p *Config) SelfServiceFlowSettingsReturnTo(strategy string, defaultReturnTo *url.URL) *url.URL { - return p.p.RequestURIF( +func (p *Config) SelfServiceFlowSettingsReturnTo(ctx context.Context, strategy string, defaultReturnTo *url.URL) *url.URL { + return p.GetProvider(ctx).RequestURIF( ViperKeySelfServiceSettingsAfter+"."+strategy+"."+DefaultBrowserReturnURL, - p.p.RequestURIF(ViperKeySelfServiceSettingsAfter+"."+DefaultBrowserReturnURL, + p.GetProvider(ctx).RequestURIF(ViperKeySelfServiceSettingsAfter+"."+DefaultBrowserReturnURL, defaultReturnTo, ), ) } -func (p *Config) selfServiceReturnTo(key string, strategy string) *url.URL { - return p.p.RequestURIF( +func (p *Config) selfServiceReturnTo(ctx context.Context, key string, strategy string) *url.URL { + return p.GetProvider(ctx).RequestURIF( key+"."+strategy+"."+DefaultBrowserReturnURL, - p.p.RequestURIF(key+"."+DefaultBrowserReturnURL, - p.SelfServiceBrowserDefaultReturnTo(), + p.GetProvider(ctx).RequestURIF(key+"."+DefaultBrowserReturnURL, + p.SelfServiceBrowserDefaultReturnTo(ctx), ), ) } -func (p *Config) ConfigVersion() string { - return p.p.StringF(ViperKeyVersion, UnknownVersion) +func (p *Config) ConfigVersion(ctx context.Context) string { + return p.GetProvider(ctx).StringF(ViperKeyVersion, UnknownVersion) } -func (p *Config) PasswordPolicyConfig() *PasswordPolicy { +func (p *Config) PasswordPolicyConfig(ctx context.Context) *PasswordPolicy { return &PasswordPolicy{ - HaveIBeenPwnedHost: p.p.StringF(ViperKeyPasswordHaveIBeenPwnedHost, "api.pwnedpasswords.com"), - HaveIBeenPwnedEnabled: p.p.BoolF(ViperKeyPasswordHaveIBeenPwnedEnabled, true), - MaxBreaches: uint(p.p.Int(ViperKeyPasswordMaxBreaches)), - IgnoreNetworkErrors: p.p.BoolF(ViperKeyIgnoreNetworkErrors, true), - MinPasswordLength: uint(p.p.IntF(ViperKeyPasswordMinLength, 8)), - IdentifierSimilarityCheckEnabled: p.p.BoolF(ViperKeyPasswordIdentifierSimilarityCheckEnabled, true), + HaveIBeenPwnedHost: p.GetProvider(ctx).StringF(ViperKeyPasswordHaveIBeenPwnedHost, "api.pwnedpasswords.com"), + HaveIBeenPwnedEnabled: p.GetProvider(ctx).BoolF(ViperKeyPasswordHaveIBeenPwnedEnabled, true), + MaxBreaches: uint(p.GetProvider(ctx).Int(ViperKeyPasswordMaxBreaches)), + IgnoreNetworkErrors: p.GetProvider(ctx).BoolF(ViperKeyIgnoreNetworkErrors, true), + MinPasswordLength: uint(p.GetProvider(ctx).IntF(ViperKeyPasswordMinLength, 8)), + IdentifierSimilarityCheckEnabled: p.GetProvider(ctx).BoolF(ViperKeyPasswordIdentifierSimilarityCheckEnabled, true), } } -func (p *Config) WebAuthnForPasswordless() bool { - return p.p.BoolF(ViperKeyWebAuthnPasswordless, false) +func (p *Config) WebAuthnForPasswordless(ctx context.Context) bool { + return p.GetProvider(ctx).BoolF(ViperKeyWebAuthnPasswordless, false) } -func (p *Config) WebAuthnConfig() *webauthn.Config { +func (p *Config) WebAuthnConfig(ctx context.Context) *webauthn.Config { return &webauthn.Config{ - RPDisplayName: p.p.String(ViperKeyWebAuthnRPDisplayName), - RPID: p.p.String(ViperKeyWebAuthnRPID), - RPOrigin: p.p.String(ViperKeyWebAuthnRPOrigin), - RPIcon: p.p.String(ViperKeyWebAuthnRPIcon), + RPDisplayName: p.GetProvider(ctx).String(ViperKeyWebAuthnRPDisplayName), + RPID: p.GetProvider(ctx).String(ViperKeyWebAuthnRPID), + RPOrigin: p.GetProvider(ctx).String(ViperKeyWebAuthnRPOrigin), + RPIcon: p.GetProvider(ctx).String(ViperKeyWebAuthnRPIcon), AuthenticatorSelection: protocol.AuthenticatorSelection{ UserVerification: protocol.VerificationDiscouraged, }, } } -func (p *Config) HasherPasswordHashingAlgorithm() string { - configValue := p.p.StringF(ViperKeyHasherAlgorithm, DefaultPasswordHashingAlgorithm) +func (p *Config) HasherPasswordHashingAlgorithm(ctx context.Context) string { + configValue := p.GetProvider(ctx).StringF(ViperKeyHasherAlgorithm, DefaultPasswordHashingAlgorithm) switch configValue { case "bcrypt": return configValue @@ -1233,8 +1250,8 @@ func (p *Config) HasherPasswordHashingAlgorithm() string { } } -func (p *Config) CipherAlgorithm() string { - configValue := p.p.StringF(ViperKeyCipherAlgorithm, DefaultCipherAlgorithm) +func (p *Config) CipherAlgorithm(ctx context.Context) string { + configValue := p.GetProvider(ctx).StringF(ViperKeyCipherAlgorithm, DefaultCipherAlgorithm) switch configValue { case "noop": return configValue @@ -1247,23 +1264,23 @@ func (p *Config) CipherAlgorithm() string { } } -func (p *Config) GetTSLCertificatesForPublic() []tls.Certificate { +func (p *Config) GetTSLCertificatesForPublic(ctx context.Context) []tls.Certificate { return p.getTSLCertificates( "public", - p.p.String(ViperKeyPublicTLSCertBase64), - p.p.String(ViperKeyPublicTLSKeyBase64), - p.p.String(ViperKeyPublicTLSCertPath), - p.p.String(ViperKeyPublicTLSKeyPath), + p.GetProvider(ctx).String(ViperKeyPublicTLSCertBase64), + p.GetProvider(ctx).String(ViperKeyPublicTLSKeyBase64), + p.GetProvider(ctx).String(ViperKeyPublicTLSCertPath), + p.GetProvider(ctx).String(ViperKeyPublicTLSKeyPath), ) } -func (p *Config) GetTSLCertificatesForAdmin() []tls.Certificate { +func (p *Config) GetTSLCertificatesForAdmin(ctx context.Context) []tls.Certificate { return p.getTSLCertificates( "admin", - p.p.String(ViperKeyAdminTLSCertBase64), - p.p.String(ViperKeyAdminTLSKeyBase64), - p.p.String(ViperKeyAdminTLSCertPath), - p.p.String(ViperKeyAdminTLSKeyPath), + p.GetProvider(ctx).String(ViperKeyAdminTLSCertBase64), + p.GetProvider(ctx).String(ViperKeyAdminTLSKeyBase64), + p.GetProvider(ctx).String(ViperKeyAdminTLSCertPath), + p.GetProvider(ctx).String(ViperKeyAdminTLSKeyPath), ) } @@ -1280,3 +1297,7 @@ func (p *Config) getTSLCertificates(daemon, certBase64, keyBase64, certPath, key p.l.Infof("TLS has not been configured for %s, skipping", daemon) return nil } + +func (p *Config) GetProvider(ctx context.Context) *configx.Provider { + return p.c.Config(ctx, p.p) +} diff --git a/driver/config/config_test.go b/driver/config/config_test.go index 195e726e1a93..a5032f434232 100644 --- a/driver/config/config_test.go +++ b/driver/config/config_test.go @@ -56,22 +56,22 @@ func TestViperProvider(t *testing.T) { ) t.Run("group=client config", func(t *testing.T) { - assert.False(t, p.ClientHTTPNoPrivateIPRanges(), "Should not have private IP ranges disabled per default") - p.MustSet(config.ViperKeyClientHTTPNoPrivateIPRanges, true) - assert.True(t, p.ClientHTTPNoPrivateIPRanges(), "Should disallow private IP ranges if set") + assert.False(t, p.ClientHTTPNoPrivateIPRanges(ctx), "Should not have private IP ranges disabled per default") + p.MustSet(ctx, config.ViperKeyClientHTTPNoPrivateIPRanges, true) + assert.True(t, p.ClientHTTPNoPrivateIPRanges(ctx), "Should disallow private IP ranges if set") }) t.Run("group=urls", func(t *testing.T) { - assert.Equal(t, "http://test.kratos.ory.sh/login", p.SelfServiceFlowLoginUI().String()) - assert.Equal(t, "http://test.kratos.ory.sh/settings", p.SelfServiceFlowSettingsUI().String()) - assert.Equal(t, "http://test.kratos.ory.sh/register", p.SelfServiceFlowRegistrationUI().String()) - assert.Equal(t, "http://test.kratos.ory.sh/error", p.SelfServiceFlowErrorURL().String()) + assert.Equal(t, "http://test.kratos.ory.sh/login", p.SelfServiceFlowLoginUI(ctx).String()) + assert.Equal(t, "http://test.kratos.ory.sh/settings", p.SelfServiceFlowSettingsUI(ctx).String()) + assert.Equal(t, "http://test.kratos.ory.sh/register", p.SelfServiceFlowRegistrationUI(ctx).String()) + assert.Equal(t, "http://test.kratos.ory.sh/error", p.SelfServiceFlowErrorURL(ctx).String()) - assert.Equal(t, "http://admin.kratos.ory.sh", p.SelfAdminURL().String()) - assert.Equal(t, "http://public.kratos.ory.sh", p.SelfPublicURL().String()) + assert.Equal(t, "http://admin.kratos.ory.sh", p.SelfAdminURL(ctx).String()) + assert.Equal(t, "http://public.kratos.ory.sh", p.SelfPublicURL(ctx).String()) var ds []string - for _, v := range p.SelfServiceBrowserAllowedReturnToDomains() { + for _, v := range p.SelfServiceBrowserAllowedReturnToDomains(ctx) { ds = append(ds, v.String()) } @@ -93,10 +93,10 @@ func TestViperProvider(t *testing.T) { configx.SkipValidation(), ) - assert.Equal(t, "http://test.kratos.ory.sh/#/login", pWithFragments.SelfServiceFlowLoginUI().String()) - assert.Equal(t, "http://test.kratos.ory.sh/#/settings", pWithFragments.SelfServiceFlowSettingsUI().String()) - assert.Equal(t, "http://test.kratos.ory.sh/#/register", pWithFragments.SelfServiceFlowRegistrationUI().String()) - assert.Equal(t, "http://test.kratos.ory.sh/#/error", pWithFragments.SelfServiceFlowErrorURL().String()) + assert.Equal(t, "http://test.kratos.ory.sh/#/login", pWithFragments.SelfServiceFlowLoginUI(ctx).String()) + assert.Equal(t, "http://test.kratos.ory.sh/#/settings", pWithFragments.SelfServiceFlowSettingsUI(ctx).String()) + assert.Equal(t, "http://test.kratos.ory.sh/#/register", pWithFragments.SelfServiceFlowRegistrationUI(ctx).String()) + assert.Equal(t, "http://test.kratos.ory.sh/#/error", pWithFragments.SelfServiceFlowErrorURL(ctx).String()) pWithRelativeFragments := config.MustNew(t, logrusx.New("", ""), os.Stderr, @@ -109,10 +109,10 @@ func TestViperProvider(t *testing.T) { configx.SkipValidation(), ) - assert.Equal(t, "/login", pWithRelativeFragments.SelfServiceFlowLoginUI().String()) - assert.Equal(t, "/settings", pWithRelativeFragments.SelfServiceFlowSettingsUI().String()) - assert.Equal(t, "/register", pWithRelativeFragments.SelfServiceFlowRegistrationUI().String()) - assert.Equal(t, "/error", pWithRelativeFragments.SelfServiceFlowErrorURL().String()) + assert.Equal(t, "/login", pWithRelativeFragments.SelfServiceFlowLoginUI(ctx).String()) + assert.Equal(t, "/settings", pWithRelativeFragments.SelfServiceFlowSettingsUI(ctx).String()) + assert.Equal(t, "/register", pWithRelativeFragments.SelfServiceFlowRegistrationUI(ctx).String()) + assert.Equal(t, "/error", pWithRelativeFragments.SelfServiceFlowErrorURL(ctx).String()) for _, v := range []string{ "#/login", @@ -131,7 +131,7 @@ func TestViperProvider(t *testing.T) { configx.SkipValidation(), ) - assert.Panics(t, func() { pWithIncorrectUrls.SelfServiceFlowLoginUI() }) + assert.Panics(t, func() { pWithIncorrectUrls.SelfServiceFlowLoginUI(ctx) }) assert.Equal(t, logrus.FatalLevel, hook.LastEntry().Level) assert.Equal(t, "Configuration value from key selfservice.flows.login.ui_url is not a valid URL: "+v, hook.LastEntry().Message) @@ -140,18 +140,18 @@ func TestViperProvider(t *testing.T) { }) t.Run("group=default_return_to", func(t *testing.T) { - assert.Equal(t, "https://self-service/login/password/return_to", p.SelfServiceFlowLoginReturnTo("password").String()) - assert.Equal(t, "https://self-service/login/return_to", p.SelfServiceFlowLoginReturnTo("oidc").String()) + assert.Equal(t, "https://self-service/login/password/return_to", p.SelfServiceFlowLoginReturnTo(ctx, "password").String()) + assert.Equal(t, "https://self-service/login/return_to", p.SelfServiceFlowLoginReturnTo(ctx, "oidc").String()) - assert.Equal(t, "https://self-service/registration/return_to", p.SelfServiceFlowRegistrationReturnTo("password").String()) - assert.Equal(t, "https://self-service/registration/oidc/return_to", p.SelfServiceFlowRegistrationReturnTo("oidc").String()) + assert.Equal(t, "https://self-service/registration/return_to", p.SelfServiceFlowRegistrationReturnTo(ctx, "password").String()) + assert.Equal(t, "https://self-service/registration/oidc/return_to", p.SelfServiceFlowRegistrationReturnTo(ctx, "oidc").String()) - assert.Equal(t, "https://self-service/settings/password/return_to", p.SelfServiceFlowSettingsReturnTo("password", p.SelfServiceBrowserDefaultReturnTo()).String()) - assert.Equal(t, "https://self-service/settings/return_to", p.SelfServiceFlowSettingsReturnTo("profile", p.SelfServiceBrowserDefaultReturnTo()).String()) + assert.Equal(t, "https://self-service/settings/password/return_to", p.SelfServiceFlowSettingsReturnTo(ctx, "password", p.SelfServiceBrowserDefaultReturnTo(ctx)).String()) + assert.Equal(t, "https://self-service/settings/return_to", p.SelfServiceFlowSettingsReturnTo(ctx, "profile", p.SelfServiceBrowserDefaultReturnTo(ctx)).String()) - assert.Equal(t, "http://test.kratos.ory.sh:4000/", p.SelfServiceFlowLogoutRedirectURL().String()) - p.MustSet(config.ViperKeySelfServiceLogoutBrowserDefaultReturnTo, "") - assert.Equal(t, "http://return-to-3-test.ory.sh/", p.SelfServiceFlowLogoutRedirectURL().String()) + assert.Equal(t, "http://test.kratos.ory.sh:4000/", p.SelfServiceFlowLogoutRedirectURL(ctx).String()) + p.MustSet(ctx, config.ViperKeySelfServiceLogoutBrowserDefaultReturnTo, "") + assert.Equal(t, "http://return-to-3-test.ory.sh/", p.SelfServiceFlowLogoutRedirectURL(ctx).String()) }) t.Run("group=identity", func(t *testing.T) { @@ -159,11 +159,11 @@ func TestViperProvider(t *testing.T) { configx.WithConfigFiles("stub/.kratos.mock.identities.yaml"), configx.SkipValidation()) - ds, err := c.DefaultIdentityTraitsSchemaURL() + ds, err := c.DefaultIdentityTraitsSchemaURL(ctx) require.NoError(t, err) assert.Equal(t, "http://test.kratos.ory.sh/default-identity.schema.json", ds.String()) - ss, err := c.IdentityTraitsSchemas() + ss, err := c.IdentityTraitsSchemas(ctx) require.NoError(t, err) assert.Equal(t, 2, len(ss)) @@ -178,26 +178,26 @@ func TestViperProvider(t *testing.T) { }) t.Run("group=serve", func(t *testing.T) { - assert.Equal(t, "admin.kratos.ory.sh:1234", p.AdminListenOn()) - assert.Equal(t, "public.kratos.ory.sh:1235", p.PublicListenOn()) + assert.Equal(t, "admin.kratos.ory.sh:1234", p.AdminListenOn(ctx)) + assert.Equal(t, "public.kratos.ory.sh:1235", p.PublicListenOn(ctx)) }) t.Run("group=dsn", func(t *testing.T) { - assert.Equal(t, "sqlite://foo.db?mode=memory&_fk=true", p.DSN()) + assert.Equal(t, "sqlite://foo.db?mode=memory&_fk=true", p.DSN(ctx)) }) t.Run("group=secrets", func(t *testing.T) { assert.Equal(t, [][]byte{ []byte("session-key-7f8a9b77-1"), []byte("session-key-7f8a9b77-2"), - }, p.SecretsSession()) + }, p.SecretsSession(ctx)) var cipherExpected [32]byte for k, v := range []byte("secret-thirty-two-character-long") { cipherExpected[k] = byte(v) } assert.Equal(t, [][32]byte{ cipherExpected, - }, p.SecretsCipher()) + }, p.SecretsCipher(ctx)) }) t.Run("group=methods", func(t *testing.T) { @@ -210,22 +210,22 @@ func TestViperProvider(t *testing.T) { {id: "oidc", enabled: true, config: `{"providers":[{"client_id":"a","client_secret":"b","id":"github","provider":"github","mapper_url":"http://test.kratos.ory.sh/default-identity.schema.json"}]}`}, {id: "totp", enabled: true, config: `{"issuer":"issuer.ory.sh"}`}, } { - strategy := p.SelfServiceStrategy(tc.id) + strategy := p.SelfServiceStrategy(ctx, tc.id) assert.Equal(t, tc.enabled, strategy.Enabled) assert.JSONEq(t, tc.config, string(strategy.Config)) } }) t.Run("method=registration", func(t *testing.T) { - assert.Equal(t, true, p.SelfServiceFlowRegistrationEnabled()) - assert.Equal(t, time.Minute*98, p.SelfServiceFlowRegistrationRequestLifespan()) + assert.Equal(t, true, p.SelfServiceFlowRegistrationEnabled(ctx)) + assert.Equal(t, time.Minute*98, p.SelfServiceFlowRegistrationRequestLifespan(ctx)) t.Run("hook=before", func(t *testing.T) { expHooks := []config.SelfServiceHook{ {Name: "web_hook", Config: json.RawMessage(`{"method":"GET","url":"https://test.kratos.ory.sh/before_registration_hook"}`)}, } - hooks := p.SelfServiceFlowRegistrationBeforeHooks() + hooks := p.SelfServiceFlowRegistrationBeforeHooks(ctx) require.Len(t, hooks, 1) assert.Equal(t, expHooks, hooks) @@ -263,25 +263,25 @@ func TestViperProvider(t *testing.T) { }, } { t.Run("hook=after/strategy="+tc.strategy, func(t *testing.T) { - hooks := p.SelfServiceFlowRegistrationAfterHooks(tc.strategy) + hooks := p.SelfServiceFlowRegistrationAfterHooks(ctx, tc.strategy) assert.Equal(t, tc.hooks, hooks) }) } }) t.Run("method=totp", func(t *testing.T) { - assert.Equal(t, "issuer.ory.sh", p.TOTPIssuer()) + assert.Equal(t, "issuer.ory.sh", p.TOTPIssuer(ctx)) }) t.Run("method=login", func(t *testing.T) { - assert.Equal(t, time.Minute*99, p.SelfServiceFlowLoginRequestLifespan()) + assert.Equal(t, time.Minute*99, p.SelfServiceFlowLoginRequestLifespan(ctx)) t.Run("hook=before", func(t *testing.T) { expHooks := []config.SelfServiceHook{ {Name: "web_hook", Config: json.RawMessage(`{"method":"POST","url":"https://test.kratos.ory.sh/before_login_hook"}`)}, } - hooks := p.SelfServiceFlowLoginBeforeHooks() + hooks := p.SelfServiceFlowLoginBeforeHooks(ctx) require.Len(t, hooks, 1) assert.Equal(t, expHooks, hooks) @@ -316,15 +316,15 @@ func TestViperProvider(t *testing.T) { }, } { t.Run("hook=after/strategy="+tc.strategy, func(t *testing.T) { - hooks := p.SelfServiceFlowLoginAfterHooks(tc.strategy) + hooks := p.SelfServiceFlowLoginAfterHooks(ctx, tc.strategy) assert.Equal(t, tc.hooks, hooks) }) } }) t.Run("method=settings", func(t *testing.T) { - assert.Equal(t, time.Minute*99, p.SelfServiceFlowSettingsFlowLifespan()) - assert.Equal(t, time.Minute*5, p.SelfServiceFlowSettingsPrivilegedSessionMaxAge()) + assert.Equal(t, time.Minute*99, p.SelfServiceFlowSettingsFlowLifespan(ctx)) + assert.Equal(t, time.Minute*5, p.SelfServiceFlowSettingsPrivilegedSessionMaxAge(ctx)) for _, tc := range []struct { strategy string @@ -350,31 +350,31 @@ func TestViperProvider(t *testing.T) { }, } { t.Run("hook=after/strategy="+tc.strategy, func(t *testing.T) { - hooks := p.SelfServiceFlowSettingsAfterHooks(tc.strategy) + hooks := p.SelfServiceFlowSettingsAfterHooks(ctx, tc.strategy) assert.Equal(t, tc.hooks, hooks) }) } }) t.Run("method=recovery", func(t *testing.T) { - assert.Equal(t, true, p.SelfServiceFlowRecoveryEnabled()) - assert.Equal(t, time.Minute*98, p.SelfServiceFlowRecoveryRequestLifespan()) - assert.Equal(t, "http://test.kratos.ory.sh/recovery", p.SelfServiceFlowRecoveryUI().String()) + assert.Equal(t, true, p.SelfServiceFlowRecoveryEnabled(ctx)) + assert.Equal(t, time.Minute*98, p.SelfServiceFlowRecoveryRequestLifespan(ctx)) + assert.Equal(t, "http://test.kratos.ory.sh/recovery", p.SelfServiceFlowRecoveryUI(ctx).String()) - hooks := p.SelfServiceFlowRecoveryAfterHooks(config.HookGlobal) + hooks := p.SelfServiceFlowRecoveryAfterHooks(ctx, config.HookGlobal) assert.Equal(t, []config.SelfServiceHook{{Name: "web_hook", Config: json.RawMessage(`{"body":"/path/to/template.jsonnet","method":"GET","url":"https://test.kratos.ory.sh/after_recovery_hook"}`)}}, hooks) }) t.Run("method=verification", func(t *testing.T) { - assert.Equal(t, time.Minute*97, p.SelfServiceFlowVerificationRequestLifespan()) - assert.Equal(t, "http://test.kratos.ory.sh/verification", p.SelfServiceFlowVerificationUI().String()) + assert.Equal(t, time.Minute*97, p.SelfServiceFlowVerificationRequestLifespan(ctx)) + assert.Equal(t, "http://test.kratos.ory.sh/verification", p.SelfServiceFlowVerificationUI(ctx).String()) - hooks := p.SelfServiceFlowVerificationAfterHooks(config.HookGlobal) + hooks := p.SelfServiceFlowVerificationAfterHooks(ctx, config.HookGlobal) assert.Equal(t, []config.SelfServiceHook{{Name: "web_hook", Config: json.RawMessage(`{"body":"/path/to/template.jsonnet","method":"GET","url":"https://test.kratos.ory.sh/after_verification_hook"}`)}}, hooks) }) t.Run("group=hashers", func(t *testing.T) { - c := p.HasherArgon2() + c := p.HasherArgon2(ctx) assert.Equal(t, &config.Argon2{Memory: 1048576, Iterations: 2, Parallelism: 4, SaltLength: 16, KeyLength: 32, DedicatedMemory: config.Argon2DefaultDedicatedMemory, ExpectedDeviation: config.Argon2DefaultDeviation, ExpectedDuration: config.Argon2DefaultDuration}, c) }) @@ -383,8 +383,8 @@ func TestViperProvider(t *testing.T) { providerConfigJSON := `{"providers": [{"id":"github-test","provider":"github","client_id":"set_json_test","client_secret":"secret","mapper_url":"http://mapper-url","scope":["user:email"]}]}` strategyConfigJSON := fmt.Sprintf(`{"enabled":true, "config": %s}`, providerConfigJSON) - p.MustSet(config.ViperKeySelfServiceStrategyConfig+".oidc", strategyConfigJSON) - strategy := p.SelfServiceStrategy("oidc") + p.MustSet(ctx, config.ViperKeySelfServiceStrategyConfig+".oidc", strategyConfigJSON) + strategy := p.SelfServiceStrategy(ctx, "oidc") assert.JSONEq(t, providerConfigJSON, string(strategy.Config)) }) }) @@ -404,69 +404,74 @@ func (l InterceptHook) Fire(e *logrus.Entry) error { } func TestBcrypt(t *testing.T) { + ctx := context.Background() p := config.MustNew(t, logrusx.New("", ""), os.Stderr, configx.SkipValidation()) - require.NoError(t, p.Set(config.ViperKeyHasherBcryptCost, 4)) - require.NoError(t, p.Set("dev", false)) - assert.EqualValues(t, uint32(12), p.HasherBcrypt().Cost) + require.NoError(t, p.Set(ctx, config.ViperKeyHasherBcryptCost, 4)) + require.NoError(t, p.Set(ctx, "dev", false)) + assert.EqualValues(t, uint32(12), p.HasherBcrypt(ctx).Cost) - require.NoError(t, p.Set("dev", true)) - assert.EqualValues(t, uint32(4), p.HasherBcrypt().Cost) + require.NoError(t, p.Set(ctx, "dev", true)) + assert.EqualValues(t, uint32(4), p.HasherBcrypt(ctx).Cost) } func TestProviderBaseURLs(t *testing.T) { + ctx := context.Background() machineHostname, err := os.Hostname() if err != nil { machineHostname = "127.0.0.1" } p := config.MustNew(t, logrusx.New("", ""), os.Stderr, configx.SkipValidation()) - assert.Equal(t, "https://"+machineHostname+":4433/", p.SelfPublicURL().String()) - assert.Equal(t, "https://"+machineHostname+":4434/", p.SelfAdminURL().String()) + assert.Equal(t, "https://"+machineHostname+":4433/", p.SelfPublicURL(ctx).String()) + assert.Equal(t, "https://"+machineHostname+":4434/", p.SelfAdminURL(ctx).String()) - p.MustSet(config.ViperKeyPublicPort, 4444) - p.MustSet(config.ViperKeyAdminPort, 4445) - assert.Equal(t, "https://"+machineHostname+":4444/", p.SelfPublicURL().String()) - assert.Equal(t, "https://"+machineHostname+":4445/", p.SelfAdminURL().String()) + p.MustSet(ctx, config.ViperKeyPublicPort, 4444) + p.MustSet(ctx, config.ViperKeyAdminPort, 4445) + assert.Equal(t, "https://"+machineHostname+":4444/", p.SelfPublicURL(ctx).String()) + assert.Equal(t, "https://"+machineHostname+":4445/", p.SelfAdminURL(ctx).String()) - p.MustSet(config.ViperKeyPublicHost, "public.ory.sh") - p.MustSet(config.ViperKeyAdminHost, "admin.ory.sh") - assert.Equal(t, "https://public.ory.sh:4444/", p.SelfPublicURL().String()) - assert.Equal(t, "https://admin.ory.sh:4445/", p.SelfAdminURL().String()) + p.MustSet(ctx, config.ViperKeyPublicHost, "public.ory.sh") + p.MustSet(ctx, config.ViperKeyAdminHost, "admin.ory.sh") + assert.Equal(t, "https://public.ory.sh:4444/", p.SelfPublicURL(ctx).String()) + assert.Equal(t, "https://admin.ory.sh:4445/", p.SelfAdminURL(ctx).String()) // Set to dev mode - p.MustSet("dev", true) - assert.Equal(t, "http://public.ory.sh:4444/", p.SelfPublicURL().String()) - assert.Equal(t, "http://admin.ory.sh:4445/", p.SelfAdminURL().String()) + p.MustSet(ctx, "dev", true) + assert.Equal(t, "http://public.ory.sh:4444/", p.SelfPublicURL(ctx).String()) + assert.Equal(t, "http://admin.ory.sh:4445/", p.SelfAdminURL(ctx).String()) } func TestProviderSelfServiceLinkMethodBaseURL(t *testing.T) { + ctx := context.Background() machineHostname, err := os.Hostname() if err != nil { machineHostname = "127.0.0.1" } p := config.MustNew(t, logrusx.New("", ""), os.Stderr, configx.SkipValidation()) - assert.Equal(t, "https://"+machineHostname+":4433/", p.SelfServiceLinkMethodBaseURL().String()) + assert.Equal(t, "https://"+machineHostname+":4433/", p.SelfServiceLinkMethodBaseURL(ctx).String()) - p.MustSet(config.ViperKeyLinkBaseURL, "https://example.org/bar") - assert.Equal(t, "https://example.org/bar", p.SelfServiceLinkMethodBaseURL().String()) + p.MustSet(ctx, config.ViperKeyLinkBaseURL, "https://example.org/bar") + assert.Equal(t, "https://example.org/bar", p.SelfServiceLinkMethodBaseURL(ctx).String()) } func TestViperProvider_Secrets(t *testing.T) { + ctx := context.Background() p := config.MustNew(t, logrusx.New("", ""), os.Stderr, configx.SkipValidation()) - def := p.SecretsDefault() + def := p.SecretsDefault(ctx) assert.NotEmpty(t, def) - assert.Equal(t, def, p.SecretsSession()) - assert.Equal(t, def, p.SecretsDefault()) - assert.Empty(t, p.SecretsCipher()) - err := p.Set(config.ViperKeySecretsCipher, []string{"short-secret-key"}) + assert.Equal(t, def, p.SecretsSession(ctx)) + assert.Equal(t, def, p.SecretsDefault(ctx)) + assert.Empty(t, p.SecretsCipher(ctx)) + err := p.Set(ctx, config.ViperKeySecretsCipher, []string{"short-secret-key"}) require.NoError(t, err) - assert.Equal(t, [][32]byte{}, p.SecretsCipher()) + assert.Equal(t, [][32]byte{}, p.SecretsCipher(ctx)) } func TestViperProvider_Defaults(t *testing.T) { + ctx := context.Background() l := logrusx.New("", "") for k, tc := range []struct { @@ -495,13 +500,13 @@ func TestViperProvider_Defaults(t *testing.T) { return config.MustNew(t, l, os.Stderr, configx.WithConfigFiles("../../test/e2e/profiles/recovery/.kratos.yml"), configx.SkipValidation()) }, expect: func(t *testing.T, p *config.Config) { - assert.True(t, p.SelfServiceFlowRecoveryEnabled()) - assert.False(t, p.SelfServiceFlowVerificationEnabled()) - assert.True(t, p.SelfServiceFlowRegistrationEnabled()) - assert.True(t, p.SelfServiceStrategy("password").Enabled) - assert.True(t, p.SelfServiceStrategy("profile").Enabled) - assert.True(t, p.SelfServiceStrategy("link").Enabled) - assert.False(t, p.SelfServiceStrategy("oidc").Enabled) + assert.True(t, p.SelfServiceFlowRecoveryEnabled(ctx)) + assert.False(t, p.SelfServiceFlowVerificationEnabled(ctx)) + assert.True(t, p.SelfServiceFlowRegistrationEnabled(ctx)) + assert.True(t, p.SelfServiceStrategy(ctx, "password").Enabled) + assert.True(t, p.SelfServiceStrategy(ctx, "profile").Enabled) + assert.True(t, p.SelfServiceStrategy(ctx, "link").Enabled) + assert.False(t, p.SelfServiceStrategy(ctx, "oidc").Enabled) }, }, { @@ -509,13 +514,13 @@ func TestViperProvider_Defaults(t *testing.T) { return config.MustNew(t, l, os.Stderr, configx.WithConfigFiles("../../test/e2e/profiles/verification/.kratos.yml"), configx.SkipValidation()) }, expect: func(t *testing.T, p *config.Config) { - assert.False(t, p.SelfServiceFlowRecoveryEnabled()) - assert.True(t, p.SelfServiceFlowVerificationEnabled()) - assert.True(t, p.SelfServiceFlowRegistrationEnabled()) - assert.True(t, p.SelfServiceStrategy("password").Enabled) - assert.True(t, p.SelfServiceStrategy("profile").Enabled) - assert.True(t, p.SelfServiceStrategy("link").Enabled) - assert.False(t, p.SelfServiceStrategy("oidc").Enabled) + assert.False(t, p.SelfServiceFlowRecoveryEnabled(ctx)) + assert.True(t, p.SelfServiceFlowVerificationEnabled(ctx)) + assert.True(t, p.SelfServiceFlowRegistrationEnabled(ctx)) + assert.True(t, p.SelfServiceStrategy(ctx, "password").Enabled) + assert.True(t, p.SelfServiceStrategy(ctx, "profile").Enabled) + assert.True(t, p.SelfServiceStrategy(ctx, "link").Enabled) + assert.False(t, p.SelfServiceStrategy(ctx, "oidc").Enabled) }, }, { @@ -523,12 +528,12 @@ func TestViperProvider_Defaults(t *testing.T) { return config.MustNew(t, l, os.Stderr, configx.WithConfigFiles("../../test/e2e/profiles/oidc/.kratos.yml"), configx.SkipValidation()) }, expect: func(t *testing.T, p *config.Config) { - assert.False(t, p.SelfServiceFlowRecoveryEnabled()) - assert.False(t, p.SelfServiceFlowVerificationEnabled()) - assert.True(t, p.SelfServiceStrategy("password").Enabled) - assert.True(t, p.SelfServiceStrategy("profile").Enabled) - assert.True(t, p.SelfServiceStrategy("link").Enabled) - assert.True(t, p.SelfServiceStrategy("oidc").Enabled) + assert.False(t, p.SelfServiceFlowRecoveryEnabled(ctx)) + assert.False(t, p.SelfServiceFlowVerificationEnabled(ctx)) + assert.True(t, p.SelfServiceStrategy(ctx, "password").Enabled) + assert.True(t, p.SelfServiceStrategy(ctx, "profile").Enabled) + assert.True(t, p.SelfServiceStrategy(ctx, "link").Enabled) + assert.True(t, p.SelfServiceStrategy(ctx, "oidc").Enabled) }, }, } { @@ -539,120 +544,125 @@ func TestViperProvider_Defaults(t *testing.T) { tc.expect(t, p) return } - assert.False(t, p.SelfServiceFlowRecoveryEnabled()) - assert.False(t, p.SelfServiceFlowVerificationEnabled()) - assert.True(t, p.SelfServiceStrategy("password").Enabled) - assert.True(t, p.SelfServiceStrategy("profile").Enabled) - assert.True(t, p.SelfServiceStrategy("link").Enabled) - assert.False(t, p.SelfServiceStrategy("oidc").Enabled) + assert.False(t, p.SelfServiceFlowRecoveryEnabled(ctx)) + assert.False(t, p.SelfServiceFlowVerificationEnabled(ctx)) + assert.True(t, p.SelfServiceStrategy(ctx, "password").Enabled) + assert.True(t, p.SelfServiceStrategy(ctx, "profile").Enabled) + assert.True(t, p.SelfServiceStrategy(ctx, "link").Enabled) + assert.False(t, p.SelfServiceStrategy(ctx, "oidc").Enabled) }) } t.Run("suite=ui_url", func(t *testing.T) { p := config.MustNew(t, l, os.Stderr, configx.SkipValidation()) - assert.Equal(t, "https://www.ory.sh/kratos/docs/fallback/login", p.SelfServiceFlowLoginUI().String()) - assert.Equal(t, "https://www.ory.sh/kratos/docs/fallback/settings", p.SelfServiceFlowSettingsUI().String()) - assert.Equal(t, "https://www.ory.sh/kratos/docs/fallback/registration", p.SelfServiceFlowRegistrationUI().String()) - assert.Equal(t, "https://www.ory.sh/kratos/docs/fallback/recovery", p.SelfServiceFlowRecoveryUI().String()) - assert.Equal(t, "https://www.ory.sh/kratos/docs/fallback/verification", p.SelfServiceFlowVerificationUI().String()) + assert.Equal(t, "https://www.ory.sh/kratos/docs/fallback/login", p.SelfServiceFlowLoginUI(ctx).String()) + assert.Equal(t, "https://www.ory.sh/kratos/docs/fallback/settings", p.SelfServiceFlowSettingsUI(ctx).String()) + assert.Equal(t, "https://www.ory.sh/kratos/docs/fallback/registration", p.SelfServiceFlowRegistrationUI(ctx).String()) + assert.Equal(t, "https://www.ory.sh/kratos/docs/fallback/recovery", p.SelfServiceFlowRecoveryUI(ctx).String()) + assert.Equal(t, "https://www.ory.sh/kratos/docs/fallback/verification", p.SelfServiceFlowVerificationUI(ctx).String()) }) } func TestViperProvider_ReturnTo(t *testing.T) { + ctx := context.Background() l := logrusx.New("", "") p := config.MustNew(t, l, os.Stderr, configx.SkipValidation()) - p.MustSet(config.ViperKeySelfServiceBrowserDefaultReturnTo, "https://www.ory.sh/") - assert.Equal(t, "https://www.ory.sh/", p.SelfServiceFlowVerificationReturnTo(urlx.ParseOrPanic("https://www.ory.sh/")).String()) - assert.Equal(t, "https://www.ory.sh/", p.SelfServiceFlowRecoveryReturnTo().String()) + p.MustSet(ctx, config.ViperKeySelfServiceBrowserDefaultReturnTo, "https://www.ory.sh/") + assert.Equal(t, "https://www.ory.sh/", p.SelfServiceFlowVerificationReturnTo(ctx, urlx.ParseOrPanic("https://www.ory.sh/")).String()) + assert.Equal(t, "https://www.ory.sh/", p.SelfServiceFlowRecoveryReturnTo(ctx).String()) - p.MustSet(config.ViperKeySelfServiceRecoveryBrowserDefaultReturnTo, "https://www.ory.sh/recovery") - assert.Equal(t, "https://www.ory.sh/recovery", p.SelfServiceFlowRecoveryReturnTo().String()) + p.MustSet(ctx, config.ViperKeySelfServiceRecoveryBrowserDefaultReturnTo, "https://www.ory.sh/recovery") + assert.Equal(t, "https://www.ory.sh/recovery", p.SelfServiceFlowRecoveryReturnTo(ctx).String()) - p.MustSet(config.ViperKeySelfServiceVerificationBrowserDefaultReturnTo, "https://www.ory.sh/verification") - assert.Equal(t, "https://www.ory.sh/verification", p.SelfServiceFlowVerificationReturnTo(urlx.ParseOrPanic("https://www.ory.sh/")).String()) + p.MustSet(ctx, config.ViperKeySelfServiceVerificationBrowserDefaultReturnTo, "https://www.ory.sh/verification") + assert.Equal(t, "https://www.ory.sh/verification", p.SelfServiceFlowVerificationReturnTo(ctx, urlx.ParseOrPanic("https://www.ory.sh/")).String()) } func TestSession(t *testing.T) { + ctx := context.Background() l := logrusx.New("", "") p := config.MustNew(t, l, os.Stderr, configx.SkipValidation()) - assert.Equal(t, "ory_kratos_session", p.SessionName()) - p.MustSet(config.ViperKeySessionName, "ory_session") - assert.Equal(t, "ory_session", p.SessionName()) + assert.Equal(t, "ory_kratos_session", p.SessionName(ctx)) + p.MustSet(ctx, config.ViperKeySessionName, "ory_session") + assert.Equal(t, "ory_session", p.SessionName(ctx)) - assert.Equal(t, time.Hour*24, p.SessionRefreshMinTimeLeft()) - p.MustSet(config.ViperKeySessionRefreshMinTimeLeft, "1m") - assert.Equal(t, time.Minute, p.SessionRefreshMinTimeLeft()) + assert.Equal(t, time.Hour*24, p.SessionRefreshMinTimeLeft(ctx)) + p.MustSet(ctx, config.ViperKeySessionRefreshMinTimeLeft, "1m") + assert.Equal(t, time.Minute, p.SessionRefreshMinTimeLeft(ctx)) - assert.Equal(t, time.Hour*24, p.SessionLifespan()) - p.MustSet(config.ViperKeySessionLifespan, "1m") - assert.Equal(t, time.Minute, p.SessionLifespan()) + assert.Equal(t, time.Hour*24, p.SessionLifespan(ctx)) + p.MustSet(ctx, config.ViperKeySessionLifespan, "1m") + assert.Equal(t, time.Minute, p.SessionLifespan(ctx)) - assert.Equal(t, true, p.SessionPersistentCookie()) - p.MustSet(config.ViperKeySessionPersistentCookie, false) - assert.Equal(t, false, p.SessionPersistentCookie()) + assert.Equal(t, true, p.SessionPersistentCookie(ctx)) + p.MustSet(ctx, config.ViperKeySessionPersistentCookie, false) + assert.Equal(t, false, p.SessionPersistentCookie(ctx)) } func TestCookies(t *testing.T) { + ctx := context.Background() l := logrusx.New("", "") p := config.MustNew(t, l, os.Stderr, configx.SkipValidation()) t.Run("path", func(t *testing.T) { - assert.Equal(t, "/", p.CookiePath()) - assert.Equal(t, "/", p.SessionPath()) + assert.Equal(t, "/", p.CookiePath(ctx)) + assert.Equal(t, "/", p.SessionPath(ctx)) - p.MustSet(config.ViperKeyCookiePath, "/cookie") - assert.Equal(t, "/cookie", p.CookiePath()) - assert.Equal(t, "/cookie", p.SessionPath()) + p.MustSet(ctx, config.ViperKeyCookiePath, "/cookie") + assert.Equal(t, "/cookie", p.CookiePath(ctx)) + assert.Equal(t, "/cookie", p.SessionPath(ctx)) - p.MustSet(config.ViperKeySessionPath, "/session") - assert.Equal(t, "/cookie", p.CookiePath()) - assert.Equal(t, "/session", p.SessionPath()) + p.MustSet(ctx, config.ViperKeySessionPath, "/session") + assert.Equal(t, "/cookie", p.CookiePath(ctx)) + assert.Equal(t, "/session", p.SessionPath(ctx)) }) t.Run("SameSite", func(t *testing.T) { - assert.Equal(t, http.SameSiteLaxMode, p.CookieSameSiteMode()) - assert.Equal(t, http.SameSiteLaxMode, p.SessionSameSiteMode()) + assert.Equal(t, http.SameSiteLaxMode, p.CookieSameSiteMode(ctx)) + assert.Equal(t, http.SameSiteLaxMode, p.SessionSameSiteMode(ctx)) - p.MustSet(config.ViperKeyCookieSameSite, "Strict") - assert.Equal(t, http.SameSiteStrictMode, p.CookieSameSiteMode()) - assert.Equal(t, http.SameSiteStrictMode, p.SessionSameSiteMode()) + p.MustSet(ctx, config.ViperKeyCookieSameSite, "Strict") + assert.Equal(t, http.SameSiteStrictMode, p.CookieSameSiteMode(ctx)) + assert.Equal(t, http.SameSiteStrictMode, p.SessionSameSiteMode(ctx)) - p.MustSet(config.ViperKeySessionSameSite, "None") - assert.Equal(t, http.SameSiteStrictMode, p.CookieSameSiteMode()) - assert.Equal(t, http.SameSiteNoneMode, p.SessionSameSiteMode()) + p.MustSet(ctx, config.ViperKeySessionSameSite, "None") + assert.Equal(t, http.SameSiteStrictMode, p.CookieSameSiteMode(ctx)) + assert.Equal(t, http.SameSiteNoneMode, p.SessionSameSiteMode(ctx)) }) t.Run("domain", func(t *testing.T) { - assert.Equal(t, "", p.CookieDomain()) - assert.Equal(t, "", p.SessionDomain()) + assert.Equal(t, "", p.CookieDomain(ctx)) + assert.Equal(t, "", p.SessionDomain(ctx)) - p.MustSet(config.ViperKeyCookieDomain, "www.cookie.com") - assert.Equal(t, "www.cookie.com", p.CookieDomain()) - assert.Equal(t, "www.cookie.com", p.SessionDomain()) + p.MustSet(ctx, config.ViperKeyCookieDomain, "www.cookie.com") + assert.Equal(t, "www.cookie.com", p.CookieDomain(ctx)) + assert.Equal(t, "www.cookie.com", p.SessionDomain(ctx)) - p.MustSet(config.ViperKeySessionDomain, "www.session.com") - assert.Equal(t, "www.cookie.com", p.CookieDomain()) - assert.Equal(t, "www.session.com", p.SessionDomain()) + p.MustSet(ctx, config.ViperKeySessionDomain, "www.session.com") + assert.Equal(t, "www.cookie.com", p.CookieDomain(ctx)) + assert.Equal(t, "www.session.com", p.SessionDomain(ctx)) }) } func TestViperProvider_DSN(t *testing.T) { + ctx := context.Background() + t.Run("case=dsn: memory", func(t *testing.T) { p := config.MustNew(t, logrusx.New("", ""), os.Stderr, configx.SkipValidation()) - p.MustSet(config.ViperKeyDSN, "memory") + p.MustSet(ctx, config.ViperKeyDSN, "memory") - assert.Equal(t, config.DefaultSQLiteMemoryDSN, p.DSN()) + assert.Equal(t, config.DefaultSQLiteMemoryDSN, p.DSN(ctx)) }) t.Run("case=dsn: not memory", func(t *testing.T) { p := config.MustNew(t, logrusx.New("", ""), os.Stderr, configx.SkipValidation()) dsn := "sqlite://foo.db?_fk=true" - p.MustSet(config.ViperKeyDSN, dsn) + p.MustSet(ctx, config.ViperKeyDSN, dsn) - assert.Equal(t, dsn, p.DSN()) + assert.Equal(t, dsn, p.DSN(ctx)) }) t.Run("case=dsn: not set", func(t *testing.T) { @@ -664,12 +674,13 @@ func TestViperProvider_DSN(t *testing.T) { }), logrusx.WithHook(InterceptHook{})) p := config.MustNew(t, l, os.Stderr, configx.SkipValidation()) - assert.Equal(t, dsn, p.DSN()) + assert.Equal(t, dsn, p.DSN(ctx)) assert.NotEqual(t, 0, exitCode) }) } func TestViperProvider_ParseURIOrFail(t *testing.T) { + ctx := context.Background() var exitCode int l := logrusx.New("", "", logrusx.WithExitFunc(func(i int) { @@ -716,9 +727,9 @@ func TestViperProvider_ParseURIOrFail(t *testing.T) { }, } { t.Run("case=parse "+tc.u, func(t *testing.T) { - require.NoError(t, p.Set(testKey, tc.u)) + require.NoError(t, p.Set(ctx, testKey, tc.u)) - u := p.ParseURIOrFail(testKey) + u := p.ParseURIOrFail(ctx, testKey) require.Zero(t, exitCode) assert.Equal(t, tc.expected, *u) }) @@ -726,39 +737,41 @@ func TestViperProvider_ParseURIOrFail(t *testing.T) { } func TestViperProvider_HaveIBeenPwned(t *testing.T) { + ctx := context.Background() p := config.MustNew(t, logrusx.New("", ""), os.Stderr, configx.SkipValidation()) t.Run("case=hipb: host", func(t *testing.T) { - p.MustSet(config.ViperKeyPasswordHaveIBeenPwnedHost, "foo.bar") - assert.Equal(t, "foo.bar", p.PasswordPolicyConfig().HaveIBeenPwnedHost) + p.MustSet(ctx, config.ViperKeyPasswordHaveIBeenPwnedHost, "foo.bar") + assert.Equal(t, "foo.bar", p.PasswordPolicyConfig(ctx).HaveIBeenPwnedHost) }) t.Run("case=hibp: enabled", func(t *testing.T) { - p.MustSet(config.ViperKeyPasswordHaveIBeenPwnedEnabled, true) - assert.Equal(t, true, p.PasswordPolicyConfig().HaveIBeenPwnedEnabled) + p.MustSet(ctx, config.ViperKeyPasswordHaveIBeenPwnedEnabled, true) + assert.Equal(t, true, p.PasswordPolicyConfig(ctx).HaveIBeenPwnedEnabled) }) t.Run("case=hibp: enabled", func(t *testing.T) { - p.MustSet(config.ViperKeyPasswordHaveIBeenPwnedEnabled, false) - assert.Equal(t, false, p.PasswordPolicyConfig().HaveIBeenPwnedEnabled) + p.MustSet(ctx, config.ViperKeyPasswordHaveIBeenPwnedEnabled, false) + assert.Equal(t, false, p.PasswordPolicyConfig(ctx).HaveIBeenPwnedEnabled) }) t.Run("case=hibp: max_breaches", func(t *testing.T) { - p.MustSet(config.ViperKeyPasswordMaxBreaches, 10) - assert.Equal(t, uint(10), p.PasswordPolicyConfig().MaxBreaches) + p.MustSet(ctx, config.ViperKeyPasswordMaxBreaches, 10) + assert.Equal(t, uint(10), p.PasswordPolicyConfig(ctx).MaxBreaches) }) t.Run("case=hibp: ignore_network_errors", func(t *testing.T) { - p.MustSet(config.ViperKeyIgnoreNetworkErrors, true) - assert.Equal(t, true, p.PasswordPolicyConfig().IgnoreNetworkErrors) + p.MustSet(ctx, config.ViperKeyIgnoreNetworkErrors, true) + assert.Equal(t, true, p.PasswordPolicyConfig(ctx).IgnoreNetworkErrors) }) t.Run("case=hibp: ignore_network_errors", func(t *testing.T) { - p.MustSet(config.ViperKeyIgnoreNetworkErrors, false) - assert.Equal(t, false, p.PasswordPolicyConfig().IgnoreNetworkErrors) + p.MustSet(ctx, config.ViperKeyIgnoreNetworkErrors, false) + assert.Equal(t, false, p.PasswordPolicyConfig(ctx).IgnoreNetworkErrors) }) } func TestLoadingTLSConfig(t *testing.T) { + ctx := context.Background() t.Parallel() certPath := filepath.Join(os.TempDir(), "e2e_test_cert_"+x.NewUUID().String()+".pem") @@ -782,9 +795,9 @@ func TestLoadingTLSConfig(t *testing.T) { logger.Logger.Hooks.Add(hook) p := config.MustNew(t, logger, os.Stderr, configx.SkipValidation()) - p.MustSet(config.ViperKeyPublicTLSKeyBase64, keyBase64) - p.MustSet(config.ViperKeyPublicTLSCertBase64, certBase64) - assert.NotNil(t, p.GetTSLCertificatesForPublic()) + p.MustSet(ctx, config.ViperKeyPublicTLSKeyBase64, keyBase64) + p.MustSet(ctx, config.ViperKeyPublicTLSCertBase64, certBase64) + assert.NotNil(t, p.GetTSLCertificatesForPublic(ctx)) assert.Equal(t, "Setting up HTTPS for public", hook.LastEntry().Message) }) @@ -795,9 +808,9 @@ func TestLoadingTLSConfig(t *testing.T) { logger.Logger.Hooks.Add(hook) p := config.MustNew(t, logger, os.Stderr, configx.SkipValidation()) - p.MustSet(config.ViperKeyPublicTLSKeyPath, keyPath) - p.MustSet(config.ViperKeyPublicTLSCertPath, certPath) - assert.NotNil(t, p.GetTSLCertificatesForPublic()) + p.MustSet(ctx, config.ViperKeyPublicTLSKeyPath, keyPath) + p.MustSet(ctx, config.ViperKeyPublicTLSCertPath, certPath) + assert.NotNil(t, p.GetTSLCertificatesForPublic(ctx)) assert.Equal(t, "Setting up HTTPS for public", hook.LastEntry().Message) }) @@ -808,9 +821,9 @@ func TestLoadingTLSConfig(t *testing.T) { logger.Logger.Hooks.Add(hook) p := config.MustNew(t, logger, os.Stderr, configx.SkipValidation()) - p.MustSet(config.ViperKeyPublicTLSKeyBase64, "empty") - p.MustSet(config.ViperKeyPublicTLSCertBase64, certBase64) - assert.Nil(t, p.GetTSLCertificatesForPublic()) + p.MustSet(ctx, config.ViperKeyPublicTLSKeyBase64, "empty") + p.MustSet(ctx, config.ViperKeyPublicTLSCertBase64, certBase64) + assert.Nil(t, p.GetTSLCertificatesForPublic(ctx)) assert.Equal(t, "TLS has not been configured for public, skipping", hook.LastEntry().Message) }) @@ -821,9 +834,9 @@ func TestLoadingTLSConfig(t *testing.T) { logger.Logger.Hooks.Add(hook) p := config.MustNew(t, logger, os.Stderr, configx.SkipValidation()) - p.MustSet(config.ViperKeyPublicTLSKeyPath, "/dev/null") - p.MustSet(config.ViperKeyPublicTLSCertPath, certPath) - assert.Nil(t, p.GetTSLCertificatesForPublic()) + p.MustSet(ctx, config.ViperKeyPublicTLSKeyPath, "/dev/null") + p.MustSet(ctx, config.ViperKeyPublicTLSCertPath, certPath) + assert.Nil(t, p.GetTSLCertificatesForPublic(ctx)) assert.Equal(t, "TLS has not been configured for public, skipping", hook.LastEntry().Message) }) @@ -834,9 +847,9 @@ func TestLoadingTLSConfig(t *testing.T) { logger.Logger.Hooks.Add(hook) p := config.MustNew(t, logger, os.Stderr, configx.SkipValidation()) - p.MustSet(config.ViperKeyAdminTLSKeyBase64, keyBase64) - p.MustSet(config.ViperKeyAdminTLSCertBase64, certBase64) - assert.NotNil(t, p.GetTSLCertificatesForAdmin()) + p.MustSet(ctx, config.ViperKeyAdminTLSKeyBase64, keyBase64) + p.MustSet(ctx, config.ViperKeyAdminTLSCertBase64, certBase64) + assert.NotNil(t, p.GetTSLCertificatesForAdmin(ctx)) assert.Equal(t, "Setting up HTTPS for admin", hook.LastEntry().Message) }) @@ -847,9 +860,9 @@ func TestLoadingTLSConfig(t *testing.T) { logger.Logger.Hooks.Add(hook) p := config.MustNew(t, logger, os.Stderr, configx.SkipValidation()) - p.MustSet(config.ViperKeyAdminTLSKeyPath, keyPath) - p.MustSet(config.ViperKeyAdminTLSCertPath, certPath) - assert.NotNil(t, p.GetTSLCertificatesForAdmin()) + p.MustSet(ctx, config.ViperKeyAdminTLSKeyPath, keyPath) + p.MustSet(ctx, config.ViperKeyAdminTLSCertPath, certPath) + assert.NotNil(t, p.GetTSLCertificatesForAdmin(ctx)) assert.Equal(t, "Setting up HTTPS for admin", hook.LastEntry().Message) }) @@ -860,9 +873,9 @@ func TestLoadingTLSConfig(t *testing.T) { logger.Logger.Hooks.Add(hook) p := config.MustNew(t, logger, os.Stderr, configx.SkipValidation()) - p.MustSet(config.ViperKeyAdminTLSKeyBase64, "empty") - p.MustSet(config.ViperKeyAdminTLSCertBase64, certBase64) - assert.Nil(t, p.GetTSLCertificatesForAdmin()) + p.MustSet(ctx, config.ViperKeyAdminTLSKeyBase64, "empty") + p.MustSet(ctx, config.ViperKeyAdminTLSCertBase64, certBase64) + assert.Nil(t, p.GetTSLCertificatesForAdmin(ctx)) assert.Equal(t, "TLS has not been configured for admin, skipping", hook.LastEntry().Message) }) @@ -873,9 +886,9 @@ func TestLoadingTLSConfig(t *testing.T) { logger.Logger.Hooks.Add(hook) p := config.MustNew(t, logger, os.Stderr, configx.SkipValidation()) - p.MustSet(config.ViperKeyAdminTLSKeyPath, "/dev/null") - p.MustSet(config.ViperKeyAdminTLSCertPath, certPath) - assert.Nil(t, p.GetTSLCertificatesForAdmin()) + p.MustSet(ctx, config.ViperKeyAdminTLSKeyPath, "/dev/null") + p.MustSet(ctx, config.ViperKeyAdminTLSCertPath, certPath) + assert.Nil(t, p.GetTSLCertificatesForAdmin(ctx)) assert.Equal(t, "TLS has not been configured for admin, skipping", hook.LastEntry().Message) }) @@ -1052,14 +1065,15 @@ func TestIdentitySchemaValidation(t *testing.T) { func TestPasswordless(t *testing.T) { ctx := context.Background() + conf, err := config.New(ctx, logrusx.New("", ""), os.Stderr, configx.SkipValidation(), configx.WithValue(config.ViperKeyWebAuthnPasswordless, true)) require.NoError(t, err) - assert.True(t, conf.WebAuthnForPasswordless()) - conf.MustSet(config.ViperKeyWebAuthnPasswordless, false) - assert.False(t, conf.WebAuthnForPasswordless()) + assert.True(t, conf.WebAuthnForPasswordless(ctx)) + conf.MustSet(ctx, config.ViperKeyWebAuthnPasswordless, false) + assert.False(t, conf.WebAuthnForPasswordless(ctx)) } func TestChangeMinPasswordLength(t *testing.T) { @@ -1090,17 +1104,17 @@ func TestCourierSMS(t *testing.T) { t.Run("case=configs set", func(t *testing.T) { conf, _ := config.New(ctx, logrusx.New("", ""), os.Stderr, configx.WithConfigFiles("stub/.kratos.courier.sms.yaml"), configx.SkipValidation()) - assert.True(t, conf.CourierSMSEnabled()) - snapshotx.SnapshotTExcept(t, conf.CourierSMSRequestConfig(), nil) - assert.Equal(t, "+49123456789", conf.CourierSMSFrom()) + assert.True(t, conf.CourierSMSEnabled(ctx)) + snapshotx.SnapshotTExcept(t, conf.CourierSMSRequestConfig(ctx), nil) + assert.Equal(t, "+49123456789", conf.CourierSMSFrom(ctx)) }) t.Run("case=defaults", func(t *testing.T) { conf, _ := config.New(ctx, logrusx.New("", ""), os.Stderr, configx.SkipValidation()) - assert.False(t, conf.CourierSMSEnabled()) - snapshotx.SnapshotTExcept(t, conf.CourierSMSRequestConfig(), nil) - assert.Equal(t, "Ory Kratos", conf.CourierSMSFrom()) + assert.False(t, conf.CourierSMSEnabled(ctx)) + snapshotx.SnapshotTExcept(t, conf.CourierSMSRequestConfig(ctx), nil) + assert.Equal(t, "Ory Kratos", conf.CourierSMSFrom(ctx)) }) } @@ -1110,12 +1124,12 @@ func TestCourierMessageTTL(t *testing.T) { t.Run("case=configs set", func(t *testing.T) { conf, _ := config.New(ctx, logrusx.New("", ""), os.Stderr, configx.WithConfigFiles("stub/.kratos.courier.message_retries.yaml"), configx.SkipValidation()) - assert.Equal(t, conf.CourierMessageRetries(), 10) + assert.Equal(t, conf.CourierMessageRetries(ctx), 10) }) t.Run("case=defaults", func(t *testing.T) { conf, _ := config.New(ctx, logrusx.New("", ""), os.Stderr, configx.SkipValidation()) - assert.Equal(t, conf.CourierMessageRetries(), 5) + assert.Equal(t, conf.CourierMessageRetries(ctx), 5) }) } @@ -1148,10 +1162,10 @@ func TestCourierTemplatesConfig(t *testing.T) { Subject: "", } - assert.Equal(t, courierTemplateConfig, c.CourierTemplatesHelper(config.ViperKeyCourierTemplatesVerificationInvalidEmail)) - assert.Equal(t, courierTemplateConfig, c.CourierTemplatesHelper(config.ViperKeyCourierTemplatesVerificationValidEmail)) + assert.Equal(t, courierTemplateConfig, c.CourierTemplatesHelper(ctx, config.ViperKeyCourierTemplatesVerificationInvalidEmail)) + assert.Equal(t, courierTemplateConfig, c.CourierTemplatesHelper(ctx, config.ViperKeyCourierTemplatesVerificationValidEmail)) // this should return an empty courierEmailTemplate as the key does not exist - assert.Equal(t, courierTemplateConfig, c.CourierTemplatesHelper("a_random_key")) + assert.Equal(t, courierTemplateConfig, c.CourierTemplatesHelper(ctx, "a_random_key")) courierTemplateConfig = &config.CourierEmailTemplate{ Body: &config.CourierEmailBodyTemplate{ @@ -1160,7 +1174,7 @@ func TestCourierTemplatesConfig(t *testing.T) { }, Subject: "base64://QWNjb3VudCBBY2Nlc3MgQXR0ZW1wdGVk", } - assert.Equal(t, courierTemplateConfig, c.CourierTemplatesHelper(config.ViperKeyCourierTemplatesRecoveryInvalidEmail)) + assert.Equal(t, courierTemplateConfig, c.CourierTemplatesHelper(ctx, config.ViperKeyCourierTemplatesRecoveryInvalidEmail)) courierTemplateConfig = &config.CourierEmailTemplate{ Body: &config.CourierEmailBodyTemplate{ @@ -1169,20 +1183,22 @@ func TestCourierTemplatesConfig(t *testing.T) { }, Subject: "base64://UmVjb3ZlciBhY2Nlc3MgdG8geW91ciBhY2NvdW50", } - assert.Equal(t, courierTemplateConfig, c.CourierTemplatesHelper(config.ViperKeyCourierTemplatesRecoveryValidEmail)) + assert.Equal(t, courierTemplateConfig, c.CourierTemplatesHelper(ctx, config.ViperKeyCourierTemplatesRecoveryValidEmail)) }) } func TestCleanup(t *testing.T) { + ctx := context.Background() + p := config.MustNew(t, logrusx.New("", ""), os.Stderr, configx.WithConfigFiles("stub/.kratos.yaml")) t.Run("group=cleanup config", func(t *testing.T) { - assert.Equal(t, p.DatabaseCleanupSleepTables(), 1*time.Minute) - p.MustSet(config.ViperKeyDatabaseCleanupSleepTables, "1s") - assert.Equal(t, p.DatabaseCleanupSleepTables(), time.Second) - assert.Equal(t, p.DatabaseCleanupBatchSize(), 100) - p.MustSet(config.ViperKeyDatabaseCleanupBatchSize, "1") - assert.Equal(t, p.DatabaseCleanupBatchSize(), 1) + assert.Equal(t, p.DatabaseCleanupSleepTables(ctx), 1*time.Minute) + p.MustSet(ctx, config.ViperKeyDatabaseCleanupSleepTables, "1s") + assert.Equal(t, p.DatabaseCleanupSleepTables(ctx), time.Second) + assert.Equal(t, p.DatabaseCleanupBatchSize(ctx), 100) + p.MustSet(ctx, config.ViperKeyDatabaseCleanupBatchSize, "1") + assert.Equal(t, p.DatabaseCleanupBatchSize(ctx), 1) }) } diff --git a/driver/config/handler.go b/driver/config/handler.go index c36ea007f386..9230f3e09b62 100644 --- a/driver/config/handler.go +++ b/driver/config/handler.go @@ -15,7 +15,7 @@ type router interface { func NewConfigHashHandler(c Provider, router router) { router.GET("/health/config", func(w http.ResponseWriter, r *http.Request, _ httprouter.Params) { - bytes, _ := c.Config(r.Context()).Source().Marshal(json.Parser()) + bytes, _ := c.Config().GetProvider(r.Context()).Marshal(json.Parser()) sum := sha256.Sum256(bytes) w.Header().Set("Content-Type", "text/plain") _, _ = fmt.Fprintf(w, "%x", sum) diff --git a/driver/config/handler_test.go b/driver/config/handler_test.go index dd3dcc481605..f32d8c7e78d9 100644 --- a/driver/config/handler_test.go +++ b/driver/config/handler_test.go @@ -1,6 +1,7 @@ package config_test import ( + "context" "io" "net/http/httptest" "testing" @@ -14,6 +15,7 @@ import ( ) func TestNewConfigHashHandler(t *testing.T) { + ctx := context.Background() conf, reg := internal.NewFastRegistryWithMocks(t) router := httprouter.New() config.NewConfigHashHandler(reg, router) @@ -34,7 +36,7 @@ func TestNewConfigHashHandler(t *testing.T) { require.NoError(t, err) assert.Equal(t, first, second) - require.NoError(t, conf.Set(config.ViperKeySessionDomain, "foobar")) + require.NoError(t, conf.Set(ctx, config.ViperKeySessionDomain, "foobar")) res, err = ts.Client().Get(ts.URL + "/health/config") require.NoError(t, err) diff --git a/driver/factory.go b/driver/factory.go index 00704f3e105a..af0e0160317f 100644 --- a/driver/factory.go +++ b/driver/factory.go @@ -4,34 +4,49 @@ import ( "context" "io" + "github.com/ory/kratos/x/servicelocatorx" + "github.com/ory/x/contextx" + "github.com/ory/x/servicelocator" + "github.com/ory/kratos/driver/config" "github.com/ory/x/configx" "github.com/ory/x/logrusx" ) -func New(ctx context.Context, stdOutOrErr io.Writer, opts ...configx.OptionModifier) Registry { - r := NewWithoutInit(ctx, stdOutOrErr, opts...) +func New(ctx context.Context, stdOutOrErr io.Writer, opts ...configx.OptionModifier) (Registry, error) { + r, err := NewWithoutInit(ctx, stdOutOrErr, opts...) + if err != nil { + return nil, err + } - if err := r.Init(ctx); err != nil { - r.Logger().WithError(err).Fatal("Unable to initialize service registry.") + ctxter := servicelocator.Contextualizer(ctx, &contextx.Default{}) + if err := r.Init(ctx, ctxter); err != nil { + r.Logger().WithError(err).Error("Unable to initialize service registry.") + return nil, err } - return r + return r, nil } -func NewWithoutInit(ctx context.Context, stdOutOrErr io.Writer, opts ...configx.OptionModifier) Registry { +func NewWithoutInit(ctx context.Context, stdOutOrErr io.Writer, opts ...configx.OptionModifier) (Registry, error) { l := logrusx.New("Ory Kratos", config.Version) - c, err := config.New(ctx, l, stdOutOrErr, opts...) - if err != nil { - l.WithError(err).Fatal("Unable to instantiate configuration.") + + c := servicelocatorx.ConfigFromContext(ctx, nil) + if c == nil { + var err error + c, err = config.New(ctx, l, stdOutOrErr, opts...) + if err != nil { + l.WithError(err).Error("Unable to instantiate configuration.") + return nil, err + } } - r, err := NewRegistryFromDSN(c, l) + r, err := NewRegistryFromDSN(ctx, c, l) if err != nil { - l.WithError(err).Fatal("Unable to instantiate service registry.") + l.WithError(err).Error("Unable to instantiate service registry.") + return nil, err } - c.Source().SetTracer(ctx, r.Tracer(ctx)) - - return r + c.SetTracer(ctx, r.Tracer(ctx)) + return r, nil } diff --git a/driver/factory_test.go b/driver/factory_test.go index b91ef7f5ec5e..b609680ba86d 100644 --- a/driver/factory_test.go +++ b/driver/factory_test.go @@ -17,18 +17,20 @@ import ( ) func TestDriverNew(t *testing.T) { - r := driver.New( + ctx := context.Background() + r, err := driver.New( context.Background(), os.Stderr, configx.WithValue(config.ViperKeyDSN, config.DefaultSQLiteMemoryDSN), configx.SkipValidation()) + require.NoError(t, err) - assert.EqualValues(t, config.DefaultSQLiteMemoryDSN, r.Config(context.Background()).DSN()) + assert.EqualValues(t, config.DefaultSQLiteMemoryDSN, r.Config().DSN(ctx)) require.NoError(t, r.Persister().Ping()) - assert.NotEqual(t, uuid.Nil.String(), r.Persister().NetworkID().String()) + assert.NotEqual(t, uuid.Nil.String(), r.Persister().NetworkID(context.Background()).String()) n, err := r.Persister().DetermineNetwork(context.Background()) require.NoError(t, err) - assert.Equal(t, r.Persister().NetworkID(), n.ID) + assert.Equal(t, r.Persister().NetworkID(context.Background()), n.ID) } diff --git a/driver/registry.go b/driver/registry.go index d63c9c9c0002..cab077590f15 100644 --- a/driver/registry.go +++ b/driver/registry.go @@ -3,6 +3,7 @@ package driver import ( "context" + "github.com/ory/x/contextx" "github.com/ory/x/otelx" prometheus "github.com/ory/x/prometheusx" @@ -43,7 +44,7 @@ import ( type Registry interface { dbal.Driver - Init(ctx context.Context, opts ...RegistryOption) error + Init(ctx context.Context, ctxer contextx.Contextualizer, opts ...RegistryOption) error WithLogger(l *logrusx.Logger) Registry @@ -62,8 +63,9 @@ type Registry interface { Tracer(context.Context) *otelx.Tracer config.Provider - CourierConfig(ctx context.Context) config.CourierConfigs + CourierConfig() config.CourierConfigs WithConfig(c *config.Config) Registry + WithContextualizer(ctxer contextx.Contextualizer) Registry x.CSRFProvider x.WriterProvider @@ -136,8 +138,8 @@ type Registry interface { x.CSRFTokenGeneratorProvider } -func NewRegistryFromDSN(c *config.Config, l *logrusx.Logger) (Registry, error) { - driver, err := dbal.GetDriverFor(c.DSN()) +func NewRegistryFromDSN(ctx context.Context, c *config.Config, l *logrusx.Logger) (Registry, error) { + driver, err := dbal.GetDriverFor(c.DSN(ctx)) if err != nil { return nil, errors.WithStack(err) } diff --git a/driver/registry_default.go b/driver/registry_default.go index 4288d12affdf..631bb4422fc4 100644 --- a/driver/registry_default.go +++ b/driver/registry_default.go @@ -8,6 +8,8 @@ import ( "sync" "time" + "github.com/ory/x/contextx" + "github.com/ory/x/popx" "github.com/hashicorp/go-retryablehttp" @@ -28,8 +30,6 @@ import ( "github.com/luna-duclos/instrumentedsql" - "github.com/ory/kratos/corp" - prometheus "github.com/ory/x/prometheusx" "github.com/ory/kratos/cipher" @@ -76,6 +76,8 @@ type RegistryDefault struct { l *logrusx.Logger c *config.Config + ctxer contextx.Contextualizer + injectedSelfserviceHooks map[string]func(config.SelfServiceHook) interface{} nosurf nosurf.Handler @@ -266,15 +268,15 @@ func (m *RegistryDefault) CSRFHandler() nosurf.Handler { return m.nosurf } -func (m *RegistryDefault) Config(ctx context.Context) *config.Config { +func (m *RegistryDefault) Config() *config.Config { if m.c == nil { panic("configuration not set") } - return corp.ContextualizeConfig(ctx, m.c) + return m.c } -func (m *RegistryDefault) CourierConfig(ctx context.Context) config.CourierConfigs { - return m.Config(ctx) +func (m *RegistryDefault) CourierConfig() config.CourierConfigs { + return m.Config() } func (m *RegistryDefault) selfServiceStrategies() []interface{} { @@ -296,7 +298,7 @@ func (m *RegistryDefault) selfServiceStrategies() []interface{} { func (m *RegistryDefault) RegistrationStrategies(ctx context.Context) (registrationStrategies registration.Strategies) { for _, strategy := range m.selfServiceStrategies() { if s, ok := strategy.(registration.Strategy); ok { - if m.Config(ctx).SelfServiceStrategy(string(s.ID())).Enabled { + if m.Config().SelfServiceStrategy(ctx, string(s.ID())).Enabled { registrationStrategies = append(registrationStrategies, s) } } @@ -318,7 +320,7 @@ func (m *RegistryDefault) AllRegistrationStrategies() registration.Strategies { func (m *RegistryDefault) LoginStrategies(ctx context.Context) (loginStrategies login.Strategies) { for _, strategy := range m.selfServiceStrategies() { if s, ok := strategy.(login.Strategy); ok { - if m.Config(ctx).SelfServiceStrategy(string(s.ID())).Enabled { + if m.Config().SelfServiceStrategy(ctx, string(s.ID())).Enabled { loginStrategies = append(loginStrategies, s) } } @@ -393,9 +395,9 @@ func (m *RegistryDefault) SessionHandler() *session.Handler { return m.sessionHandler } -func (m *RegistryDefault) Cipher() cipher.Cipher { +func (m *RegistryDefault) Cipher(ctx context.Context) cipher.Cipher { if m.crypter == nil { - switch m.c.CipherAlgorithm() { + switch m.c.CipherAlgorithm(ctx) { case "xchacha20-poly1305": m.crypter = cipher.NewCryptChaCha20(m) case "aes": @@ -408,9 +410,9 @@ func (m *RegistryDefault) Cipher() cipher.Cipher { return m.crypter } -func (m *RegistryDefault) Hasher() hash.Hasher { +func (m *RegistryDefault) Hasher(ctx context.Context) hash.Hasher { if m.passwordHasher == nil { - if m.c.HasherPasswordHashingAlgorithm() == "bcrypt" { + if m.c.HasherPasswordHashingAlgorithm(ctx) == "bcrypt" { m.passwordHasher = hash.NewHasherBcrypt(m) } else { m.passwordHasher = hash.NewHasherArgon2(m) @@ -439,38 +441,38 @@ func (m *RegistryDefault) SelfServiceErrorHandler() *errorx.Handler { func (m *RegistryDefault) CookieManager(ctx context.Context) sessions.StoreExact { var keys [][]byte - for _, k := range m.Config(ctx).SecretsSession() { + for _, k := range m.Config().SecretsSession(ctx) { encrypt := sha256.Sum256(k) keys = append(keys, k, encrypt[:]) } cs := sessions.NewCookieStore(keys...) - cs.Options.Secure = !m.Config(ctx).IsInsecureDevMode() + cs.Options.Secure = !m.Config().IsInsecureDevMode(ctx) cs.Options.HttpOnly = true - if domain := m.Config(ctx).SessionDomain(); domain != "" { + if domain := m.Config().SessionDomain(ctx); domain != "" { cs.Options.Domain = domain } - if path := m.Config(ctx).SessionPath(); path != "" { + if path := m.Config().SessionPath(ctx); path != "" { cs.Options.Path = path } - if sameSite := m.Config(ctx).SessionSameSiteMode(); sameSite != 0 { + if sameSite := m.Config().SessionSameSiteMode(ctx); sameSite != 0 { cs.Options.SameSite = sameSite } cs.Options.MaxAge = 0 - if m.Config(ctx).SessionPersistentCookie() { - cs.Options.MaxAge = int(m.Config(ctx).SessionLifespan().Seconds()) + if m.Config().SessionPersistentCookie(ctx) { + cs.Options.MaxAge = int(m.Config().SessionLifespan(ctx).Seconds()) } return cs } func (m *RegistryDefault) ContinuityCookieManager(ctx context.Context) sessions.StoreExact { // To support hot reloading, this can not be instantiated only once. - cs := sessions.NewCookieStore(m.Config(ctx).SecretsSession()...) - cs.Options.Secure = !m.Config(ctx).IsInsecureDevMode() + cs := sessions.NewCookieStore(m.Config().SecretsSession(ctx)...) + cs.Options.Secure = !m.Config().IsInsecureDevMode(ctx) cs.Options.HttpOnly = true cs.Options.SameSite = http.SameSiteLaxMode return cs @@ -479,16 +481,16 @@ func (m *RegistryDefault) ContinuityCookieManager(ctx context.Context) sessions. func (m *RegistryDefault) Tracer(ctx context.Context) *otelx.Tracer { if m.trc == nil { // Tracing is initialized only once so it can not be hot reloaded or context-aware. - t, err := otelx.New("Ory Kratos", m.l, m.Config(ctx).Tracing()) + t, err := otelx.New("Ory Kratos", m.l, m.Config().Tracing(ctx)) if err != nil { m.Logger().WithError(err).Fatalf("Unable to initialize Tracer.") - t = otelx.NewNoop(m.l, m.Config(ctx).Tracing()) + t = otelx.NewNoop(m.l, m.Config().Tracing(ctx)) } m.trc = t } if m.trc.Tracer() == nil { - m.trc = otelx.NewNoop(m.l, m.Config(ctx).Tracing()) + m.trc = otelx.NewNoop(m.l, m.Config().Tracing(ctx)) } return m.trc @@ -520,16 +522,12 @@ func (m *RegistryDefault) CanHandle(dsn string) bool { strings.HasPrefix(dsn, "crdb") } -func (m *RegistryDefault) Init(ctx context.Context, opts ...RegistryOption) error { +func (m *RegistryDefault) Init(ctx context.Context, ctxer contextx.Contextualizer, opts ...RegistryOption) error { if m.persister != nil { // The DSN connection can not be hot-reloaded! panic("RegistryDefault.Init() must not be called more than once.") } - if corp.GetContextualizer() == nil { - panic("Contextualizer has not been set yet.") - } - o := newOptions(opts) bc := backoff.NewExponentialBackOff() @@ -544,8 +542,10 @@ func (m *RegistryDefault) Init(ctx context.Context, opts ...RegistryOption) erro } } + m.WithContextualizer(ctxer) + // Use maxIdleConnTime - see comment below for https://github.com/gobuffalo/pop/pull/637 - pool, idlePool, connMaxLifetime, _, cleanedDSN := sqlcon.ParseConnectionOptions(m.l, m.Config(ctx).DSN()) + pool, idlePool, connMaxLifetime, _, cleanedDSN := sqlcon.ParseConnectionOptions(m.l, m.Config().DSN(ctx)) m.Logger(). WithField("pool", pool). WithField("idlePool", idlePool). @@ -582,7 +582,7 @@ func (m *RegistryDefault) Init(ctx context.Context, opts ...RegistryOption) erro } // if dsn is memory we have to run the migrations on every start - if dbal.IsMemorySQLite(m.Config(ctx).DSN()) || m.Config(ctx).DSN() == "memory" { + if dbal.IsMemorySQLite(m.Config().DSN(ctx)) || m.Config().DSN(ctx) == "memory" { m.Logger().Infoln("Ory Kratos is running migrations on every startup as DSN is memory. This means your data is lost when Kratos terminates.") if err := p.MigrateUp(ctx); err != nil { m.Logger().WithError(err).Warnf("Unable to run migrations, retrying.") @@ -716,8 +716,21 @@ func (m *RegistryDefault) HTTPClient(ctx context.Context, opts ...httpx.Resilien opts = append(opts, httpx.ResilientClientWithTracer(tracer.Tracer())) } - if m.Config(ctx).ClientHTTPNoPrivateIPRanges() { + // One of the few exceptions, this usually should not be hot reloaded. + if m.Config().ClientHTTPNoPrivateIPRanges(contextx.RootContext) { opts = append(opts, httpx.ResilientClientDisallowInternalIPs()) } return httpx.NewResilientClient(opts...) } + +func (m *RegistryDefault) WithContextualizer(ctxer contextx.Contextualizer) Registry { + m.ctxer = ctxer + return m +} + +func (m *RegistryDefault) Contextualizer() contextx.Contextualizer { + if m.ctxer == nil { + panic("registry Contextualizer not set") + } + return m.ctxer +} diff --git a/driver/registry_default_login.go b/driver/registry_default_login.go index d9bfedeeb090..8ba903aa6f29 100644 --- a/driver/registry_default_login.go +++ b/driver/registry_default_login.go @@ -16,7 +16,7 @@ func (m *RegistryDefault) LoginHookExecutor() *login.HookExecutor { } func (m *RegistryDefault) PreLoginHooks(ctx context.Context) (b []login.PreHookExecutor) { - for _, v := range m.getHooks("", m.Config(ctx).SelfServiceFlowLoginBeforeHooks()) { + for _, v := range m.getHooks("", m.Config().SelfServiceFlowLoginBeforeHooks(ctx)) { if hook, ok := v.(login.PreHookExecutor); ok { b = append(b, hook) } @@ -25,7 +25,7 @@ func (m *RegistryDefault) PreLoginHooks(ctx context.Context) (b []login.PreHookE } func (m *RegistryDefault) PostLoginHooks(ctx context.Context, credentialsType identity.CredentialsType) (b []login.PostHookExecutor) { - for _, v := range m.getHooks(string(credentialsType), m.Config(ctx).SelfServiceFlowLoginAfterHooks(string(credentialsType))) { + for _, v := range m.getHooks(string(credentialsType), m.Config().SelfServiceFlowLoginAfterHooks(ctx, string(credentialsType))) { if hook, ok := v.(login.PostHookExecutor); ok { b = append(b, hook) } @@ -34,7 +34,7 @@ func (m *RegistryDefault) PostLoginHooks(ctx context.Context, credentialsType id if len(b) == 0 { // since we don't want merging hooks defined in a specific strategy and global hooks // global hooks are added only if no strategy specific hooks are defined - for _, v := range m.getHooks(config.HookGlobal, m.Config(ctx).SelfServiceFlowLoginAfterHooks("global")) { + for _, v := range m.getHooks(config.HookGlobal, m.Config().SelfServiceFlowLoginAfterHooks(ctx, "global")) { if hook, ok := v.(login.PostHookExecutor); ok { b = append(b, hook) } diff --git a/driver/registry_default_recovery.go b/driver/registry_default_recovery.go index 337f77e50417..6981edfbd6c1 100644 --- a/driver/registry_default_recovery.go +++ b/driver/registry_default_recovery.go @@ -26,7 +26,7 @@ func (m *RegistryDefault) RecoveryHandler() *recovery.Handler { func (m *RegistryDefault) RecoveryStrategies(ctx context.Context) (recoveryStrategies recovery.Strategies) { for _, strategy := range m.selfServiceStrategies() { if s, ok := strategy.(recovery.Strategy); ok { - if m.Config(ctx).SelfServiceStrategy(s.RecoveryStrategyID()).Enabled { + if m.Config().SelfServiceStrategy(ctx, s.RecoveryStrategyID()).Enabled { recoveryStrategies = append(recoveryStrategies, s) } } @@ -51,7 +51,7 @@ func (m *RegistryDefault) RecoveryExecutor() *recovery.HookExecutor { } func (m *RegistryDefault) PostRecoveryHooks(ctx context.Context) (b []recovery.PostHookExecutor) { - for _, v := range m.getHooks(config.HookGlobal, m.Config(ctx).SelfServiceFlowRecoveryAfterHooks(config.HookGlobal)) { + for _, v := range m.getHooks(config.HookGlobal, m.Config().SelfServiceFlowRecoveryAfterHooks(ctx, config.HookGlobal)) { if hook, ok := v.(recovery.PostHookExecutor); ok { b = append(b, hook) } diff --git a/driver/registry_default_registration.go b/driver/registry_default_registration.go index c1f4720d31e3..d9ca11e4bcc8 100644 --- a/driver/registry_default_registration.go +++ b/driver/registry_default_registration.go @@ -9,7 +9,7 @@ import ( ) func (m *RegistryDefault) PostRegistrationPrePersistHooks(ctx context.Context, credentialsType identity.CredentialsType) (b []registration.PostHookPrePersistExecutor) { - for _, v := range m.getHooks(string(credentialsType), m.Config(ctx).SelfServiceFlowRegistrationAfterHooks(string(credentialsType))) { + for _, v := range m.getHooks(string(credentialsType), m.Config().SelfServiceFlowRegistrationAfterHooks(ctx, string(credentialsType))) { if hook, ok := v.(registration.PostHookPrePersistExecutor); ok { b = append(b, hook) } @@ -20,12 +20,12 @@ func (m *RegistryDefault) PostRegistrationPrePersistHooks(ctx context.Context, c func (m *RegistryDefault) PostRegistrationPostPersistHooks(ctx context.Context, credentialsType identity.CredentialsType) (b []registration.PostHookPostPersistExecutor) { initialHookCount := 0 - if m.Config(ctx).SelfServiceFlowVerificationEnabled() { + if m.Config().SelfServiceFlowVerificationEnabled(ctx) { b = append(b, m.HookVerifier()) initialHookCount = 1 } - for _, v := range m.getHooks(string(credentialsType), m.Config(ctx).SelfServiceFlowRegistrationAfterHooks(string(credentialsType))) { + for _, v := range m.getHooks(string(credentialsType), m.Config().SelfServiceFlowRegistrationAfterHooks(ctx, string(credentialsType))) { if hook, ok := v.(registration.PostHookPostPersistExecutor); ok { b = append(b, hook) } @@ -34,7 +34,7 @@ func (m *RegistryDefault) PostRegistrationPostPersistHooks(ctx context.Context, if len(b) == initialHookCount { // since we don't want merging hooks defined in a specific strategy and global hooks // global hooks are added only if no strategy specific hooks are defined - for _, v := range m.getHooks(config.HookGlobal, m.Config(ctx).SelfServiceFlowRegistrationAfterHooks(config.HookGlobal)) { + for _, v := range m.getHooks(config.HookGlobal, m.Config().SelfServiceFlowRegistrationAfterHooks(ctx, config.HookGlobal)) { if hook, ok := v.(registration.PostHookPostPersistExecutor); ok { b = append(b, hook) } @@ -45,7 +45,7 @@ func (m *RegistryDefault) PostRegistrationPostPersistHooks(ctx context.Context, } func (m *RegistryDefault) PreRegistrationHooks(ctx context.Context) (b []registration.PreHookExecutor) { - for _, v := range m.getHooks("", m.Config(ctx).SelfServiceFlowRegistrationBeforeHooks()) { + for _, v := range m.getHooks("", m.Config().SelfServiceFlowRegistrationBeforeHooks(ctx)) { if hook, ok := v.(registration.PreHookExecutor); ok { b = append(b, hook) } diff --git a/driver/registry_default_schemas.go b/driver/registry_default_schemas.go index 78ed24534b7f..d4550434fa21 100644 --- a/driver/registry_default_schemas.go +++ b/driver/registry_default_schemas.go @@ -10,7 +10,7 @@ import ( ) func (m *RegistryDefault) IdentityTraitsSchemas(ctx context.Context) (schema.Schemas, error) { - ms, err := m.Config(ctx).IdentityTraitsSchemas() + ms, err := m.Config().IdentityTraitsSchemas(ctx) if err != nil { return nil, err } diff --git a/driver/registry_default_schemas_test.go b/driver/registry_default_schemas_test.go index a81588af3326..734a474ab0ae 100644 --- a/driver/registry_default_schemas_test.go +++ b/driver/registry_default_schemas_test.go @@ -15,6 +15,8 @@ import ( ) func TestRegistryDefault_IdentityTraitsSchemas(t *testing.T) { + ctx := context.Background() + conf, reg := internal.NewFastRegistryWithMocks(t) defaultSchema := schema.Schema{ ID: "default", @@ -27,7 +29,7 @@ func TestRegistryDefault_IdentityTraitsSchemas(t *testing.T) { RawURL: "file://other.schema.json", } - conf.MustSet(config.ViperKeyIdentitySchemas, []config.Schema{ + conf.MustSet(ctx, config.ViperKeyIdentitySchemas, []config.Schema{ {ID: altSchema.ID, URL: altSchema.RawURL}, {ID: defaultSchema.ID, URL: defaultSchema.RawURL}, }) diff --git a/driver/registry_default_settings.go b/driver/registry_default_settings.go index ffd1a12ba431..567c06959d4b 100644 --- a/driver/registry_default_settings.go +++ b/driver/registry_default_settings.go @@ -8,7 +8,7 @@ import ( ) func (m *RegistryDefault) PostSettingsPrePersistHooks(ctx context.Context, settingsType string) (b []settings.PostHookPrePersistExecutor) { - for _, v := range m.getHooks(settingsType, m.Config(ctx).SelfServiceFlowSettingsAfterHooks(settingsType)) { + for _, v := range m.getHooks(settingsType, m.Config().SelfServiceFlowSettingsAfterHooks(ctx, settingsType)) { if hook, ok := v.(settings.PostHookPrePersistExecutor); ok { b = append(b, hook) } @@ -18,12 +18,12 @@ func (m *RegistryDefault) PostSettingsPrePersistHooks(ctx context.Context, setti func (m *RegistryDefault) PostSettingsPostPersistHooks(ctx context.Context, settingsType string) (b []settings.PostHookPostPersistExecutor) { initialHookCount := 0 - if m.Config(ctx).SelfServiceFlowVerificationEnabled() { + if m.Config().SelfServiceFlowVerificationEnabled(ctx) { b = append(b, m.HookVerifier()) initialHookCount = 1 } - for _, v := range m.getHooks(settingsType, m.Config(ctx).SelfServiceFlowSettingsAfterHooks(settingsType)) { + for _, v := range m.getHooks(settingsType, m.Config().SelfServiceFlowSettingsAfterHooks(ctx, settingsType)) { if hook, ok := v.(settings.PostHookPostPersistExecutor); ok { b = append(b, hook) } @@ -32,7 +32,7 @@ func (m *RegistryDefault) PostSettingsPostPersistHooks(ctx context.Context, sett if len(b) == initialHookCount { // since we don't want merging hooks defined in a specific strategy and global hooks // global hooks are added only if no strategy specific hooks are defined - for _, v := range m.getHooks(config.HookGlobal, m.Config(ctx).SelfServiceFlowSettingsAfterHooks(config.HookGlobal)) { + for _, v := range m.getHooks(config.HookGlobal, m.Config().SelfServiceFlowSettingsAfterHooks(ctx, config.HookGlobal)) { if hook, ok := v.(settings.PostHookPostPersistExecutor); ok { b = append(b, hook) } @@ -66,7 +66,7 @@ func (m *RegistryDefault) SettingsFlowErrorHandler() *settings.ErrorHandler { func (m *RegistryDefault) SettingsStrategies(ctx context.Context) (profileStrategies settings.Strategies) { for _, strategy := range m.selfServiceStrategies() { if s, ok := strategy.(settings.Strategy); ok { - if m.Config(ctx).SelfServiceStrategy(s.SettingsStrategyID()).Enabled { + if m.Config().SelfServiceStrategy(ctx, s.SettingsStrategyID()).Enabled { profileStrategies = append(profileStrategies, s) } } diff --git a/driver/registry_default_test.go b/driver/registry_default_test.go index 54524c8b6b71..96ac14a7944f 100644 --- a/driver/registry_default_test.go +++ b/driver/registry_default_test.go @@ -45,7 +45,7 @@ func TestDriverDefault_Hooks(t *testing.T) { { uc: "Multiple web_hooks configured", prep: func(conf *config.Config) { - conf.MustSet(config.ViperKeySelfServiceVerificationAfter+".hooks", []map[string]interface{}{ + conf.MustSet(ctx, config.ViperKeySelfServiceVerificationAfter+".hooks", []map[string]interface{}{ {"hook": "web_hook", "config": map[string]interface{}{"url": "foo", "method": "POST"}}, {"hook": "web_hook", "config": map[string]interface{}{"url": "bar", "method": "GET"}}, }) @@ -86,7 +86,7 @@ func TestDriverDefault_Hooks(t *testing.T) { { uc: "Multiple web_hooks configured", prep: func(conf *config.Config) { - conf.MustSet(config.ViperKeySelfServiceRecoveryAfter+".hooks", []map[string]interface{}{ + conf.MustSet(ctx, config.ViperKeySelfServiceRecoveryAfter+".hooks", []map[string]interface{}{ {"hook": "web_hook", "config": map[string]interface{}{"url": "foo", "method": "POST"}}, {"hook": "web_hook", "config": map[string]interface{}{"url": "bar", "method": "GET"}}, }) @@ -127,7 +127,7 @@ func TestDriverDefault_Hooks(t *testing.T) { { uc: "Two web_hooks are configured", prep: func(conf *config.Config) { - conf.MustSet(config.ViperKeySelfServiceRegistrationBeforeHooks, []map[string]interface{}{ + conf.MustSet(ctx, config.ViperKeySelfServiceRegistrationBeforeHooks, []map[string]interface{}{ {"hook": "web_hook", "config": map[string]interface{}{"url": "foo", "method": "POST"}}, {"hook": "web_hook", "config": map[string]interface{}{"url": "bar", "method": "GET"}}, }) @@ -166,8 +166,8 @@ func TestDriverDefault_Hooks(t *testing.T) { { uc: "Only session hook configured for password strategy", prep: func(conf *config.Config) { - conf.MustSet(config.ViperKeySelfServiceVerificationEnabled, true) - conf.MustSet(config.ViperKeySelfServiceRegistrationAfter+".password.hooks", []map[string]interface{}{ + conf.MustSet(ctx, config.ViperKeySelfServiceVerificationEnabled, true) + conf.MustSet(ctx, config.ViperKeySelfServiceRegistrationAfter+".password.hooks", []map[string]interface{}{ {"hook": "session"}, }) }, @@ -181,8 +181,8 @@ func TestDriverDefault_Hooks(t *testing.T) { { uc: "A session hook and a web_hook are configured for password strategy", prep: func(conf *config.Config) { - conf.MustSet(config.ViperKeySelfServiceVerificationEnabled, true) - conf.MustSet(config.ViperKeySelfServiceRegistrationAfter+".password.hooks", []map[string]interface{}{ + conf.MustSet(ctx, config.ViperKeySelfServiceVerificationEnabled, true) + conf.MustSet(ctx, config.ViperKeySelfServiceRegistrationAfter+".password.hooks", []map[string]interface{}{ {"hook": "web_hook", "config": map[string]interface{}{"url": "foo", "method": "POST", "body": "bar"}}, {"hook": "session"}, }) @@ -198,7 +198,7 @@ func TestDriverDefault_Hooks(t *testing.T) { { uc: "Two web_hooks are configured on a global level", prep: func(conf *config.Config) { - conf.MustSet(config.ViperKeySelfServiceRegistrationAfter+".hooks", []map[string]interface{}{ + conf.MustSet(ctx, config.ViperKeySelfServiceRegistrationAfter+".hooks", []map[string]interface{}{ {"hook": "web_hook", "config": map[string]interface{}{"url": "foo", "method": "POST"}}, {"hook": "web_hook", "config": map[string]interface{}{"url": "bar", "method": "GET"}}, }) @@ -213,14 +213,14 @@ func TestDriverDefault_Hooks(t *testing.T) { { uc: "Hooks are configured on a global level, as well as on a strategy level", prep: func(conf *config.Config) { - conf.MustSet(config.ViperKeySelfServiceRegistrationAfter+".password.hooks", []map[string]interface{}{ + conf.MustSet(ctx, config.ViperKeySelfServiceRegistrationAfter+".password.hooks", []map[string]interface{}{ {"hook": "web_hook", "config": map[string]interface{}{"url": "foo", "method": "GET"}}, {"hook": "session"}, }) - conf.MustSet(config.ViperKeySelfServiceRegistrationAfter+".hooks", []map[string]interface{}{ + conf.MustSet(ctx, config.ViperKeySelfServiceRegistrationAfter+".hooks", []map[string]interface{}{ {"hook": "web_hook", "config": map[string]interface{}{"url": "bar", "method": "POST"}}, }) - conf.MustSet(config.ViperKeySelfServiceVerificationEnabled, true) + conf.MustSet(ctx, config.ViperKeySelfServiceVerificationEnabled, true) }, expect: func(reg *driver.RegistryDefault) []registration.PostHookPostPersistExecutor { return []registration.PostHookPostPersistExecutor{ @@ -259,7 +259,7 @@ func TestDriverDefault_Hooks(t *testing.T) { { uc: "Two web_hooks are configured", prep: func(conf *config.Config) { - conf.MustSet(config.ViperKeySelfServiceLoginBeforeHooks, []map[string]interface{}{ + conf.MustSet(ctx, config.ViperKeySelfServiceLoginBeforeHooks, []map[string]interface{}{ {"hook": "web_hook", "config": map[string]interface{}{"url": "foo", "method": "POST"}}, {"hook": "web_hook", "config": map[string]interface{}{"url": "bar", "method": "GET"}}, }) @@ -298,7 +298,7 @@ func TestDriverDefault_Hooks(t *testing.T) { { uc: "Only revoke_active_sessions hook configured for password strategy", prep: func(conf *config.Config) { - conf.MustSet(config.ViperKeySelfServiceLoginAfter+".password.hooks", []map[string]interface{}{ + conf.MustSet(ctx, config.ViperKeySelfServiceLoginAfter+".password.hooks", []map[string]interface{}{ {"hook": "revoke_active_sessions"}, }) }, @@ -311,7 +311,7 @@ func TestDriverDefault_Hooks(t *testing.T) { { uc: "Only require_verified_address hook configured for password strategy", prep: func(conf *config.Config) { - conf.MustSet(config.ViperKeySelfServiceLoginAfter+".password.hooks", []map[string]interface{}{ + conf.MustSet(ctx, config.ViperKeySelfServiceLoginAfter+".password.hooks", []map[string]interface{}{ {"hook": "require_verified_address"}, }) }, @@ -324,7 +324,7 @@ func TestDriverDefault_Hooks(t *testing.T) { { uc: "A revoke_active_sessions hook, require_verified_address hook and a web_hook are configured for password strategy", prep: func(conf *config.Config) { - conf.MustSet(config.ViperKeySelfServiceLoginAfter+".password.hooks", []map[string]interface{}{ + conf.MustSet(ctx, config.ViperKeySelfServiceLoginAfter+".password.hooks", []map[string]interface{}{ {"hook": "web_hook", "config": map[string]interface{}{"url": "foo", "method": "POST", "body": "bar"}}, {"hook": "require_verified_address"}, {"hook": "revoke_active_sessions"}, @@ -341,7 +341,7 @@ func TestDriverDefault_Hooks(t *testing.T) { { uc: "Two web_hooks are configured on a global level", prep: func(conf *config.Config) { - conf.MustSet(config.ViperKeySelfServiceLoginAfter+".hooks", []map[string]interface{}{ + conf.MustSet(ctx, config.ViperKeySelfServiceLoginAfter+".hooks", []map[string]interface{}{ {"hook": "web_hook", "config": map[string]interface{}{"url": "foo", "method": "POST"}}, {"hook": "web_hook", "config": map[string]interface{}{"url": "bar", "method": "GET"}}, }) @@ -356,12 +356,12 @@ func TestDriverDefault_Hooks(t *testing.T) { { uc: "Hooks are configured on a global level, as well as on a strategy level", prep: func(conf *config.Config) { - conf.MustSet(config.ViperKeySelfServiceLoginAfter+".password.hooks", []map[string]interface{}{ + conf.MustSet(ctx, config.ViperKeySelfServiceLoginAfter+".password.hooks", []map[string]interface{}{ {"hook": "web_hook", "config": map[string]interface{}{"url": "foo", "method": "GET"}}, {"hook": "revoke_active_sessions"}, {"hook": "require_verified_address"}, }) - conf.MustSet(config.ViperKeySelfServiceLoginAfter+".hooks", []map[string]interface{}{ + conf.MustSet(ctx, config.ViperKeySelfServiceLoginAfter+".hooks", []map[string]interface{}{ {"hook": "web_hook", "config": map[string]interface{}{"url": "foo", "method": "POST"}}, }) }, @@ -402,7 +402,7 @@ func TestDriverDefault_Hooks(t *testing.T) { { uc: "Only verify hook configured for the strategy", prep: func(conf *config.Config) { - conf.MustSet(config.ViperKeySelfServiceVerificationEnabled, true) + conf.MustSet(ctx, config.ViperKeySelfServiceVerificationEnabled, true) // I think this is a bug as there is a hook named verify defined for both profile and password // strategies. Instead of using it, the code makes use of the property used above and which // is defined in an entirely different flow (verification). @@ -416,10 +416,10 @@ func TestDriverDefault_Hooks(t *testing.T) { { uc: "A verify hook and a web_hook are configured for profile strategy", prep: func(conf *config.Config) { - conf.MustSet(config.ViperKeySelfServiceSettingsAfter+".profile.hooks", []map[string]interface{}{ + conf.MustSet(ctx, config.ViperKeySelfServiceSettingsAfter+".profile.hooks", []map[string]interface{}{ {"hook": "web_hook", "config": map[string]interface{}{"url": "foo", "method": "POST", "body": "bar"}}, }) - conf.MustSet(config.ViperKeySelfServiceVerificationEnabled, true) + conf.MustSet(ctx, config.ViperKeySelfServiceVerificationEnabled, true) }, expect: func(reg *driver.RegistryDefault) []settings.PostHookPostPersistExecutor { return []settings.PostHookPostPersistExecutor{ @@ -431,7 +431,7 @@ func TestDriverDefault_Hooks(t *testing.T) { { uc: "Two web_hooks are configured on a global level", prep: func(conf *config.Config) { - conf.MustSet(config.ViperKeySelfServiceSettingsAfter+".hooks", []map[string]interface{}{ + conf.MustSet(ctx, config.ViperKeySelfServiceSettingsAfter+".hooks", []map[string]interface{}{ {"hook": "web_hook", "config": map[string]interface{}{"url": "foo", "method": "POST"}}, {"hook": "web_hook", "config": map[string]interface{}{"url": "bar", "method": "GET"}}, }) @@ -446,11 +446,11 @@ func TestDriverDefault_Hooks(t *testing.T) { { uc: "Hooks are configured on a global level, as well as on a strategy level", prep: func(conf *config.Config) { - conf.MustSet(config.ViperKeySelfServiceVerificationEnabled, true) - conf.MustSet(config.ViperKeySelfServiceSettingsAfter+".profile.hooks", []map[string]interface{}{ + conf.MustSet(ctx, config.ViperKeySelfServiceVerificationEnabled, true) + conf.MustSet(ctx, config.ViperKeySelfServiceSettingsAfter+".profile.hooks", []map[string]interface{}{ {"hook": "web_hook", "config": map[string]interface{}{"url": "foo", "method": "GET"}}, }) - conf.MustSet(config.ViperKeySelfServiceSettingsAfter+".hooks", []map[string]interface{}{ + conf.MustSet(ctx, config.ViperKeySelfServiceSettingsAfter+".hooks", []map[string]interface{}{ {"hook": "web_hook", "config": map[string]interface{}{"url": "foo", "method": "POST"}}, }) }, @@ -477,6 +477,7 @@ func TestDriverDefault_Hooks(t *testing.T) { } func TestDriverDefault_Strategies(t *testing.T) { + ctx := context.Background() t.Run("case=registration", func(t *testing.T) { for k, tc := range []struct { prep func(conf *config.Config) @@ -484,26 +485,26 @@ func TestDriverDefault_Strategies(t *testing.T) { }{ { prep: func(conf *config.Config) { - conf.MustSet(config.ViperKeySelfServiceStrategyConfig+".password.enabled", false) + conf.MustSet(ctx, config.ViperKeySelfServiceStrategyConfig+".password.enabled", false) }}, { prep: func(conf *config.Config) { - conf.MustSet(config.ViperKeySelfServiceStrategyConfig+".password.enabled", true) + conf.MustSet(ctx, config.ViperKeySelfServiceStrategyConfig+".password.enabled", true) }, expect: []string{"password"}, }, { prep: func(conf *config.Config) { - conf.MustSet(config.ViperKeySelfServiceStrategyConfig+".oidc.enabled", true) - conf.MustSet(config.ViperKeySelfServiceStrategyConfig+".password.enabled", true) + conf.MustSet(ctx, config.ViperKeySelfServiceStrategyConfig+".oidc.enabled", true) + conf.MustSet(ctx, config.ViperKeySelfServiceStrategyConfig+".password.enabled", true) }, expect: []string{"password", "oidc"}, }, { prep: func(conf *config.Config) { - conf.MustSet(config.ViperKeySelfServiceStrategyConfig+".oidc.enabled", true) - conf.MustSet(config.ViperKeySelfServiceStrategyConfig+".password.enabled", true) - conf.MustSet(config.ViperKeySelfServiceStrategyConfig+".totp.enabled", true) + conf.MustSet(ctx, config.ViperKeySelfServiceStrategyConfig+".oidc.enabled", true) + conf.MustSet(ctx, config.ViperKeySelfServiceStrategyConfig+".password.enabled", true) + conf.MustSet(ctx, config.ViperKeySelfServiceStrategyConfig+".totp.enabled", true) }, expect: []string{"password", "oidc"}, }, @@ -528,26 +529,26 @@ func TestDriverDefault_Strategies(t *testing.T) { }{ { prep: func(conf *config.Config) { - conf.MustSet(config.ViperKeySelfServiceStrategyConfig+".password.enabled", false) + conf.MustSet(ctx, config.ViperKeySelfServiceStrategyConfig+".password.enabled", false) }}, { prep: func(conf *config.Config) { - conf.MustSet(config.ViperKeySelfServiceStrategyConfig+".password.enabled", true) + conf.MustSet(ctx, config.ViperKeySelfServiceStrategyConfig+".password.enabled", true) }, expect: []string{"password"}, }, { prep: func(conf *config.Config) { - conf.MustSet(config.ViperKeySelfServiceStrategyConfig+".oidc.enabled", true) - conf.MustSet(config.ViperKeySelfServiceStrategyConfig+".password.enabled", true) + conf.MustSet(ctx, config.ViperKeySelfServiceStrategyConfig+".oidc.enabled", true) + conf.MustSet(ctx, config.ViperKeySelfServiceStrategyConfig+".password.enabled", true) }, expect: []string{"password", "oidc"}, }, { prep: func(conf *config.Config) { - conf.MustSet(config.ViperKeySelfServiceStrategyConfig+".oidc.enabled", true) - conf.MustSet(config.ViperKeySelfServiceStrategyConfig+".password.enabled", true) - conf.MustSet(config.ViperKeySelfServiceStrategyConfig+".totp.enabled", true) + conf.MustSet(ctx, config.ViperKeySelfServiceStrategyConfig+".oidc.enabled", true) + conf.MustSet(ctx, config.ViperKeySelfServiceStrategyConfig+".password.enabled", true) + conf.MustSet(ctx, config.ViperKeySelfServiceStrategyConfig+".totp.enabled", true) }, expect: []string{"password", "oidc", "totp"}, }, @@ -572,12 +573,12 @@ func TestDriverDefault_Strategies(t *testing.T) { }{ { prep: func(conf *config.Config) { - conf.MustSet(config.ViperKeySelfServiceStrategyConfig+".link.enabled", false) + conf.MustSet(ctx, config.ViperKeySelfServiceStrategyConfig+".link.enabled", false) }, }, { prep: func(conf *config.Config) { - conf.MustSet(config.ViperKeySelfServiceStrategyConfig+".link.enabled", true) + conf.MustSet(ctx, config.ViperKeySelfServiceStrategyConfig+".link.enabled", true) }, expect: []string{"link"}, }, } { @@ -668,7 +669,7 @@ func TestDriverDefault_Strategies(t *testing.T) { t.Run(fmt.Sprintf("run=%d", k), func(t *testing.T) { conf := tc.prep(t) - reg, err := driver.NewRegistryFromDSN(conf, logrusx.New("", "")) + reg, err := driver.NewRegistryFromDSN(ctx, conf, logrusx.New("", "")) require.NoError(t, err) s := reg.SettingsStrategies(context.Background()) diff --git a/driver/registry_default_verify.go b/driver/registry_default_verify.go index d7572d7449a4..7fdca0f71bec 100644 --- a/driver/registry_default_verify.go +++ b/driver/registry_default_verify.go @@ -48,7 +48,7 @@ func (m *RegistryDefault) LinkSender() *link.Sender { func (m *RegistryDefault) VerificationStrategies(ctx context.Context) (verificationStrategies verification.Strategies) { for _, strategy := range m.selfServiceStrategies() { if s, ok := strategy.(verification.Strategy); ok { - if m.Config(ctx).SelfServiceStrategy(s.VerificationStrategyID()).Enabled { + if m.Config().SelfServiceStrategy(ctx, s.VerificationStrategyID()).Enabled { verificationStrategies = append(verificationStrategies, s) } } @@ -74,8 +74,7 @@ func (m *RegistryDefault) VerificationExecutor() *verification.HookExecutor { } func (m *RegistryDefault) PostVerificationHooks(ctx context.Context) (b []verification.PostHookExecutor) { - - for _, v := range m.getHooks(config.HookGlobal, m.Config(ctx).SelfServiceFlowVerificationAfterHooks(config.HookGlobal)) { + for _, v := range m.getHooks(config.HookGlobal, m.Config().SelfServiceFlowVerificationAfterHooks(ctx, config.HookGlobal)) { if hook, ok := v.(verification.PostHookExecutor); ok { b = append(b, hook) } diff --git a/hash/hasher.go b/hash/hasher.go index a936f9155095..f78d355d556b 100644 --- a/hash/hasher.go +++ b/hash/hasher.go @@ -14,7 +14,7 @@ type Hasher interface { } type HashProvider interface { - Hasher() Hasher + Hasher(ctx context.Context) Hasher } const tracingComponent = "github.com/ory/kratos/hash" diff --git a/hash/hasher_argon2.go b/hash/hasher_argon2.go index a05c3b02f547..3bb7c142434e 100644 --- a/hash/hasher_argon2.go +++ b/hash/hasher_argon2.go @@ -43,7 +43,7 @@ func toKB(mem bytesize.ByteSize) uint32 { func (h *Argon2) Generate(ctx context.Context, password []byte) ([]byte, error) { ctx, span := otel.GetTracerProvider().Tracer(tracingComponent).Start(ctx, "hash.Argon2.Generate") defer span.End() - p := h.c.Config(ctx).HasherArgon2() + p := h.c.Config().HasherArgon2(ctx) span.SetAttributes(attribute.String("argon2.config", fmt.Sprintf("#%v", p))) salt := make([]byte, p.SaltLength) diff --git a/hash/hasher_bcrypt.go b/hash/hasher_bcrypt.go index 3aa397a8ba97..55e457f12a8e 100644 --- a/hash/hasher_bcrypt.go +++ b/hash/hasher_bcrypt.go @@ -36,7 +36,7 @@ func (h *Bcrypt) Generate(ctx context.Context, password []byte) ([]byte, error) return nil, err } - cost := int(h.c.Config(ctx).HasherBcrypt().Cost) + cost := int(h.c.Config().HasherBcrypt(ctx).Cost) span.SetAttributes(attribute.Int("bcrypt.cost", cost)) hash, err := bcrypt.GenerateFromPassword(password, cost) if err != nil { diff --git a/identity/credentials.go b/identity/credentials.go index 025abd59480b..b650d7cc1e69 100644 --- a/identity/credentials.go +++ b/identity/credentials.go @@ -5,7 +5,6 @@ import ( "reflect" "time" - "github.com/ory/kratos/corp" "github.com/ory/kratos/ui/node" "github.com/gofrs/uuid" @@ -148,23 +147,23 @@ type ( ) func (c CredentialsTypeTable) TableName(ctx context.Context) string { - return corp.ContextualizeTableName(ctx, "identity_credential_types") + return "identity_credential_types" } func (c CredentialsCollection) TableName(ctx context.Context) string { - return corp.ContextualizeTableName(ctx, "identity_credentials") + return "identity_credentials" } func (c Credentials) TableName(ctx context.Context) string { - return corp.ContextualizeTableName(ctx, "identity_credentials") + return "identity_credentials" } func (c CredentialIdentifierCollection) TableName(ctx context.Context) string { - return corp.ContextualizeTableName(ctx, "identity_credential_identifiers") + return "identity_credential_identifiers" } func (c CredentialIdentifier) TableName(ctx context.Context) string { - return corp.ContextualizeTableName(ctx, "identity_credential_identifiers") + return "identity_credential_identifiers" } func CredentialsEqual(a, b map[CredentialsType]Credentials) bool { diff --git a/identity/handler.go b/identity/handler.go index bcbca0b06eb3..0737c75c7ac5 100644 --- a/identity/handler.go +++ b/identity/handler.go @@ -50,7 +50,7 @@ type ( ) func (h *Handler) Config(ctx context.Context) *config.Config { - return h.r.Config(ctx) + return h.r.Config() } func NewHandler(r handlerDependencies) *Handler { @@ -135,7 +135,7 @@ func (h *Handler) list(w http.ResponseWriter, r *http.Request, _ httprouter.Para return } - x.PaginationHeader(w, urlx.AppendPaths(h.r.Config(r.Context()).SelfAdminURL(), RouteCollection), total, page, itemsPerPage) + x.PaginationHeader(w, urlx.AppendPaths(h.r.Config().SelfAdminURL(r.Context()), RouteCollection), total, page, itemsPerPage) h.r.Writer().Write(w, r, is) } @@ -369,7 +369,7 @@ func (h *Handler) create(w http.ResponseWriter, r *http.Request, _ httprouter.Pa h.r.Writer().WriteCreated(w, r, urlx.AppendPaths( - h.r.Config(r.Context()).SelfAdminURL(), + h.r.Config().SelfAdminURL(r.Context()), "identities", i.ID.String(), ).String(), diff --git a/identity/handler_import.go b/identity/handler_import.go index 155e72f215e8..5e27cc287d50 100644 --- a/identity/handler_import.go +++ b/identity/handler_import.go @@ -37,7 +37,7 @@ func (h *Handler) importPasswordCredentials(ctx context.Context, i *Identity, cr hashed := []byte(creds.Config.HashedPassword) if len(creds.Config.Password) > 0 { // Importing a clear text password - hashed, err = h.r.Hasher().Generate(ctx, []byte(creds.Config.Password)) + hashed, err = h.r.Hasher(ctx).Generate(ctx, []byte(creds.Config.Password)) if err != nil { return err } diff --git a/identity/handler_test.go b/identity/handler_test.go index bcbea3a7b87e..f3bce9668f33 100644 --- a/identity/handler_test.go +++ b/identity/handler_test.go @@ -41,14 +41,14 @@ func TestHandler(t *testing.T) { mockServerURL := urlx.ParseOrPanic(publicTS.URL) defaultSchemaExternalURL := (&schema.Schema{ID: "default"}).SchemaURL(mockServerURL).String() - conf.MustSet(config.ViperKeyAdminBaseURL, adminTS.URL) + conf.MustSet(ctx, config.ViperKeyAdminBaseURL, adminTS.URL) testhelpers.SetIdentitySchemas(t, conf, map[string]string{ "default": "file://./stub/identity.schema.json", "customer": "file://./stub/handler/customer.schema.json", "employee": "file://./stub/handler/employee.schema.json", }) - conf.MustSet(config.ViperKeyPublicBaseURL, mockServerURL.String()) + conf.MustSet(ctx, config.ViperKeyPublicBaseURL, mockServerURL.String()) var get = func(t *testing.T, base *httptest.Server, href string, expectCode int) gjson.Result { t.Helper() @@ -284,7 +284,7 @@ func TestHandler(t *testing.T) { if !encrypt { return token } - c, err := reg.Cipher().Encrypt(context.Background(), []byte(token)) + c, err := reg.Cipher(ctx).Encrypt(context.Background(), []byte(token)) require.NoError(t, err) return c } @@ -428,7 +428,7 @@ func TestHandler(t *testing.T) { }) } - e, _ := reg.Cipher().Encrypt(context.Background(), []byte("foo_token")) + e, _ := reg.Cipher(ctx).Encrypt(context.Background(), []byte("foo_token")) id = createOidcIdentity(t, "foo-failed-2.oidc@bar.com", e, "bar_token", "id_token", false) for name, ts := range map[string]*httptest.Server{"public": publicTS, "admin": adminTS} { t.Run("endpoint="+name, func(t *testing.T) { diff --git a/identity/identity.go b/identity/identity.go index 6169810f4162..9e72358b7af7 100644 --- a/identity/identity.go +++ b/identity/identity.go @@ -14,8 +14,6 @@ import ( "github.com/ory/kratos/cipher" - "github.com/ory/kratos/corp" - "github.com/ory/herodot" "github.com/ory/x/sqlxx" @@ -171,7 +169,7 @@ func (t *Traits) UnmarshalJSON(data []byte) error { } func (i Identity) TableName(ctx context.Context) string { - return corp.ContextualizeTableName(ctx, "identities") + return "identities" } func (i *Identity) lock() *sync.RWMutex { @@ -388,7 +386,7 @@ func (i *Identity) WithDeclassifiedCredentialsOIDC(ctx context.Context, c cipher ciphertext := v.Get(token).String() var plaintext []byte - plaintext, err = c.Cipher().Decrypt(ctx, ciphertext) + plaintext, err = c.Cipher(ctx).Decrypt(ctx, ciphertext) if err != nil { return false } diff --git a/identity/identity_recovery.go b/identity/identity_recovery.go index f22f84d8fae2..0a3a2b662086 100644 --- a/identity/identity_recovery.go +++ b/identity/identity_recovery.go @@ -4,8 +4,6 @@ import ( "context" "time" - "github.com/ory/kratos/corp" - "github.com/gofrs/uuid" ) @@ -50,7 +48,7 @@ func (v RecoveryAddressType) HTMLFormInputType() string { } func (a RecoveryAddress) TableName(ctx context.Context) string { - return corp.ContextualizeTableName(ctx, "identity_recovery_addresses") + return "identity_recovery_addresses" } func (a RecoveryAddress) ValidateNID() error { diff --git a/identity/identity_verification.go b/identity/identity_verification.go index f2d975b61cf9..0fc757d1418c 100644 --- a/identity/identity_verification.go +++ b/identity/identity_verification.go @@ -6,7 +6,6 @@ import ( "github.com/gofrs/uuid" - "github.com/ory/kratos/corp" "github.com/ory/x/sqlxx" ) @@ -96,7 +95,7 @@ func (v VerifiableAddressType) HTMLFormInputType() string { } func (a VerifiableAddress) TableName(ctx context.Context) string { - return corp.ContextualizeTableName(ctx, "identity_verifiable_addresses") + return "identity_verifiable_addresses" } func NewVerifiableEmailAddress(value string, identity uuid.UUID) *VerifiableAddress { diff --git a/identity/manager.go b/identity/manager.go index 1401b3b137cf..93cb4755d949 100644 --- a/identity/manager.go +++ b/identity/manager.go @@ -66,7 +66,7 @@ func newManagerOptions(opts []ManagerOption) *managerOptions { func (m *Manager) Create(ctx context.Context, i *Identity, opts ...ManagerOption) error { if i.SchemaID == "" { - i.SchemaID = m.r.Config(ctx).DefaultIdentityTraitsSchemaID() + i.SchemaID = m.r.Config().DefaultIdentityTraitsSchemaID(ctx) } o := newManagerOptions(opts) diff --git a/identity/manager_test.go b/identity/manager_test.go index 776aa1bbd907..bf4a8054ae2e 100644 --- a/identity/manager_test.go +++ b/identity/manager_test.go @@ -23,8 +23,8 @@ import ( func TestManager(t *testing.T) { conf, reg := internal.NewFastRegistryWithMocks(t) testhelpers.SetDefaultIdentitySchema(conf, "file://./stub/manager.schema.json") - conf.MustSet(config.ViperKeyPublicBaseURL, "https://www.ory.sh/") - conf.MustSet(config.ViperKeyCourierSMTPURL, "smtp://foo@bar@dev.null/") + conf.MustSet(ctx, config.ViperKeyPublicBaseURL, "https://www.ory.sh/") + conf.MustSet(ctx, config.ViperKeyCourierSMTPURL, "smtp://foo@bar@dev.null/") t.Run("case=should fail to create because validation fails", func(t *testing.T) { i := identity.NewIdentity(config.DefaultIdentityTraitsSchemaID) @@ -256,11 +256,11 @@ func TestManager(t *testing.T) { func TestManagerNoDefaultNamedSchema(t *testing.T) { conf, reg := internal.NewFastRegistryWithMocks(t) - conf.MustSet(config.ViperKeyDefaultIdentitySchemaID, "user_v0") - conf.MustSet(config.ViperKeyIdentitySchemas, config.Schemas{ + conf.MustSet(ctx, config.ViperKeyDefaultIdentitySchemaID, "user_v0") + conf.MustSet(ctx, config.ViperKeyIdentitySchemas, config.Schemas{ {ID: "user_v0", URL: "file://./stub/manager.schema.json"}, }) - conf.MustSet(config.ViperKeyPublicBaseURL, "https://www.ory.sh/") + conf.MustSet(ctx, config.ViperKeyPublicBaseURL, "https://www.ory.sh/") t.Run("case=should create identity with default schema", func(t *testing.T) { stateChangedAt := sqlxx.NullTime(time.Now().UTC()) diff --git a/identity/test/pool.go b/identity/test/pool.go index 92c2f8cc19ba..88c7205816c9 100644 --- a/identity/test/pool.go +++ b/identity/test/pool.go @@ -45,7 +45,7 @@ func TestPool(ctx context.Context, conf *config.Config, p interface { nid, p := testhelpers.NewNetworkUnlessExisting(t, ctx, p) exampleServerURL := urlx.ParseOrPanic("http://example.com") - conf.MustSet(config.ViperKeyPublicBaseURL, exampleServerURL.String()) + conf.MustSet(ctx, config.ViperKeyPublicBaseURL, exampleServerURL.String()) defaultSchema := schema.Schema{ ID: config.DefaultIdentityTraitsSchemaID, URL: urlx.ParseOrPanic("file://./stub/identity.schema.json"), @@ -56,7 +56,7 @@ func TestPool(ctx context.Context, conf *config.Config, p interface { URL: urlx.ParseOrPanic("file://./stub/identity-2.schema.json"), RawURL: "file://./stub/identity-2.schema.json", } - conf.MustSet(config.ViperKeyIdentitySchemas, []config.Schema{ + conf.MustSet(ctx, config.ViperKeyIdentitySchemas, []config.Schema{ { ID: altSchema.ID, URL: altSchema.RawURL, diff --git a/identity/validator.go b/identity/validator.go index 822b7e989711..df2e13ac6396 100644 --- a/identity/validator.go +++ b/identity/validator.go @@ -54,7 +54,7 @@ func (v *Validator) ValidateWithRunner(ctx context.Context, i *Identity, runners func (v *Validator) Validate(ctx context.Context, i *Identity) error { return v.ValidateWithRunner(ctx, i, NewSchemaExtensionCredentials(i), - NewSchemaExtensionVerification(i, v.d.Config(ctx).SelfServiceFlowVerificationRequestLifespan()), + NewSchemaExtensionVerification(i, v.d.Config().SelfServiceFlowVerificationRequestLifespan(ctx)), NewSchemaExtensionRecovery(i), ) } diff --git a/identity/validator_test.go b/identity/validator_test.go index 30fcc41b2667..f36b62d595af 100644 --- a/identity/validator_test.go +++ b/identity/validator_test.go @@ -27,8 +27,8 @@ import ( func TestSchemaValidatorDisallowsInternalNetworkRequests(t *testing.T) { conf, reg := internal.NewFastRegistryWithMocks(t) - conf.MustSet(config.ViperKeyClientHTTPNoPrivateIPRanges, true) - conf.MustSet(config.ViperKeyIdentitySchemas, []config.Schema{ + conf.MustSet(ctx, config.ViperKeyClientHTTPNoPrivateIPRanges, true) + conf.MustSet(ctx, config.ViperKeyIdentitySchemas, []config.Schema{ {ID: "localhost", URL: "https://localhost/schema/whatever"}, {ID: "privateRef", URL: "file://stub/localhost-ref.schema.json"}, }) @@ -108,7 +108,7 @@ func TestSchemaValidator(t *testing.T) { defer ts.Close() conf, reg := internal.NewFastRegistryWithMocks(t) - conf.MustSet(config.ViperKeyIdentitySchemas, []config.Schema{ + conf.MustSet(ctx, config.ViperKeyIdentitySchemas, []config.Schema{ {ID: "default", URL: ts.URL + "/schema/firstName"}, {ID: "whatever", URL: ts.URL + "/schema/whatever"}, {ID: "unreachable-url", URL: ts.URL + "/404-not-found"}, diff --git a/internal/driver.go b/internal/driver.go index fc6eaa73074c..3ab4b4ecd309 100644 --- a/internal/driver.go +++ b/internal/driver.go @@ -5,7 +5,7 @@ import ( "os" "testing" - "github.com/ory/kratos/corp" + "github.com/ory/x/contextx" "github.com/gofrs/uuid" @@ -24,7 +24,6 @@ import ( ) func init() { - corp.SetContextualizer(new(corp.ContextNoOp)) dbal.RegisterDriver(func() dbal.Driver { return driver.NewRegistryDefault() }) @@ -64,27 +63,28 @@ func NewFastRegistryWithMocks(t *testing.T) (*config.Config, *driver.RegistryDef }) require.NoError(t, reg.Persister().MigrateUp(context.Background())) - require.NotEqual(t, uuid.Nil, reg.Persister().NetworkID()) + require.NotEqual(t, uuid.Nil, reg.Persister().NetworkID(context.Background())) return conf, reg } // NewRegistryDefaultWithDSN returns a more standard registry without mocks. Good for e2e and advanced integration testing! func NewRegistryDefaultWithDSN(t *testing.T, dsn string) (*config.Config, *driver.RegistryDefault) { + ctx := context.Background() c := NewConfigurationWithDefaults(t) - c.MustSet(config.ViperKeyDSN, stringsx.Coalesce(dsn, dbal.NewSQLiteTestDatabase(t))) + c.MustSet(ctx, config.ViperKeyDSN, stringsx.Coalesce(dsn, dbal.NewSQLiteTestDatabase(t))) - reg, err := driver.NewRegistryFromDSN(c, logrusx.New("", "")) + reg, err := driver.NewRegistryFromDSN(ctx, c, logrusx.New("", "")) require.NoError(t, err) - reg.Config(context.Background()).MustSet("dev", true) - require.NoError(t, reg.Init(context.Background(), driver.SkipNetworkInit)) + reg.Config().MustSet(ctx, "dev", true) + require.NoError(t, reg.Init(context.Background(), &contextx.Default{}, driver.SkipNetworkInit)) require.NoError(t, reg.Persister().MigrateUp(context.Background())) // always migrate up actual, err := reg.Persister().DetermineNetwork(context.Background()) require.NoError(t, err) reg.SetPersister(reg.Persister().WithNetworkID(actual.ID)) - require.EqualValues(t, reg.Persister().NetworkID(), actual.ID) - require.NotEqual(t, uuid.Nil, reg.Persister().NetworkID()) + require.EqualValues(t, reg.Persister().NetworkID(context.Background()), actual.ID) + require.NotEqual(t, uuid.Nil, reg.Persister().NetworkID(context.Background())) reg.Persister() return c, reg.(*driver.RegistryDefault) diff --git a/internal/registrationhelpers/helpers.go b/internal/registrationhelpers/helpers.go index 613edbeb0120..5c14807505af 100644 --- a/internal/registrationhelpers/helpers.go +++ b/internal/registrationhelpers/helpers.go @@ -32,24 +32,26 @@ import ( ) func setupServer(t *testing.T, reg *driver.RegistryDefault) *httptest.Server { - conf := reg.Config(context.Background()) + conf := reg.Config() router := x.NewRouterPublic() admin := x.NewRouterAdmin() publicTS, _ := testhelpers.NewKratosServerWithRouters(t, reg, router, admin) redirTS := testhelpers.NewRedirSessionEchoTS(t, reg) - conf.MustSet(config.ViperKeySelfServiceBrowserDefaultReturnTo, redirTS.URL+"/default-return-to") - conf.MustSet(config.ViperKeySelfServiceRegistrationAfter+"."+config.DefaultBrowserReturnURL, redirTS.URL+"/registration-return-ts") + ctx := context.Background() + conf.MustSet(ctx, config.ViperKeySelfServiceBrowserDefaultReturnTo, redirTS.URL+"/default-return-to") + conf.MustSet(ctx, config.ViperKeySelfServiceRegistrationAfter+"."+config.DefaultBrowserReturnURL, redirTS.URL+"/registration-return-ts") return publicTS } func ExpectValidationError(t *testing.T, ts *httptest.Server, conf *config.Config, flow string, values func(url.Values)) string { isSPA := flow == "spa" isAPI := flow == "api" + ctx := context.Background() return testhelpers.SubmitRegistrationForm(t, isAPI, nil, ts, values, isSPA, testhelpers.ExpectStatusCode(isAPI || isSPA, http.StatusBadRequest, http.StatusOK), - testhelpers.ExpectURL(isAPI || isSPA, ts.URL+registration.RouteSubmitFlow, conf.SelfServiceFlowRegistrationUI().String())) + testhelpers.ExpectURL(isAPI || isSPA, ts.URL+registration.RouteSubmitFlow, conf.SelfServiceFlowRegistrationUI(ctx).String())) } func CheckFormContent(t *testing.T, body []byte, requiredFields ...string) { @@ -89,7 +91,7 @@ var skipIfNotEnabled = func(t *testing.T, flows []string, flow string) { } func AssertSchemDoesNotExist(t *testing.T, reg *driver.RegistryDefault, flows []string, payload func(v url.Values)) { - conf := reg.Config(context.Background()) + conf := reg.Config() _ = testhelpers.NewRegistrationUIFlowEchoServer(t, reg) publicTS := setupServer(t, reg) apiClient := testhelpers.NewDebugClient(t) @@ -152,7 +154,7 @@ func AssertSchemDoesNotExist(t *testing.T, reg *driver.RegistryDefault, flows [] } func AssertCSRFFailures(t *testing.T, reg *driver.RegistryDefault, flows []string, payload func(v url.Values)) { - conf := reg.Config(context.Background()) + conf := reg.Config() testhelpers.SetDefaultIdentitySchemaFromRaw(conf, multifieldSchema) _ = testhelpers.NewRegistrationUIFlowEchoServer(t, reg) publicTS := setupServer(t, reg) @@ -241,7 +243,7 @@ func AssertCSRFFailures(t *testing.T, reg *driver.RegistryDefault, flows []strin } func AssertRegistrationRespectsValidation(t *testing.T, reg *driver.RegistryDefault, flows []string, payload func(url.Values)) { - conf := reg.Config(context.Background()) + conf := reg.Config() testhelpers.SetDefaultIdentitySchemaFromRaw(conf, multifieldSchema) _ = testhelpers.NewRegistrationUIFlowEchoServer(t, reg) publicTS := setupServer(t, reg) @@ -271,6 +273,7 @@ func AssertRegistrationRespectsValidation(t *testing.T, reg *driver.RegistryDefa } func AssertCommonErrorCases(t *testing.T, reg *driver.RegistryDefault, flows []string) { + ctx := context.Background() conf, reg := internal.NewFastRegistryWithMocks(t) testhelpers.SetDefaultIdentitySchemaFromRaw(conf, basicSchema) uiTS := testhelpers.NewRegistrationUIFlowEchoServer(t, reg) @@ -286,7 +289,7 @@ func AssertCommonErrorCases(t *testing.T, reg *driver.RegistryDefault, flows []s require.NoError(t, err) defer res.Body.Close() assert.EqualValues(t, http.StatusOK, res.StatusCode, "%+v", res.Request) - assert.Contains(t, res.Request.URL.String(), conf.Source().String(config.ViperKeySelfServiceBrowserDefaultReturnTo)) + assert.Contains(t, res.Request.URL.String(), conf.GetProvider(ctx).String(config.ViperKeySelfServiceBrowserDefaultReturnTo)) }) t.Run("type=api", func(t *testing.T) { @@ -335,7 +338,7 @@ func AssertCommonErrorCases(t *testing.T, reg *driver.RegistryDefault, flows []s require.NoError(t, err) defer res.Body.Close() assert.EqualValues(t, http.StatusOK, res.StatusCode, "%+v", res.Request) - assert.Contains(t, res.Request.URL.String(), conf.Source().String(config.ViperKeySelfServiceBrowserDefaultReturnTo)) + assert.Contains(t, res.Request.URL.String(), conf.GetProvider(ctx).String(config.ViperKeySelfServiceBrowserDefaultReturnTo)) }) t.Run("type=api", func(t *testing.T) { @@ -437,9 +440,9 @@ func AssertCommonErrorCases(t *testing.T, reg *driver.RegistryDefault, flows []s }) t.Run("case=should return an error because the request is expired", func(t *testing.T) { - conf.MustSet(config.ViperKeySelfServiceRegistrationRequestLifespan, "500ms") + conf.MustSet(ctx, config.ViperKeySelfServiceRegistrationRequestLifespan, "500ms") t.Cleanup(func() { - conf.MustSet(config.ViperKeySelfServiceRegistrationRequestLifespan, "10m") + conf.MustSet(ctx, config.ViperKeySelfServiceRegistrationRequestLifespan, "10m") }) t.Run("type=api", func(t *testing.T) { diff --git a/internal/settingshelpers/helpers.go b/internal/settingshelpers/helpers.go index 7c127df8a35c..e78d25a6af50 100644 --- a/internal/settingshelpers/helpers.go +++ b/internal/settingshelpers/helpers.go @@ -1,6 +1,7 @@ package settingshelpers import ( + "context" "net/http" "net/http/httptest" "net/url" @@ -14,7 +15,8 @@ import ( func ExpectValidationError(t *testing.T, ts *httptest.Server, hc *http.Client, conf *config.Config, flow string, values func(url.Values)) string { isSPA := flow == "spa" isAPI := flow == "api" + ctx := context.Background() return testhelpers.SubmitSettingsForm(t, isAPI, isSPA, hc, ts, values, testhelpers.ExpectStatusCode(isAPI || isSPA, http.StatusBadRequest, http.StatusOK), - testhelpers.ExpectURL(isAPI || isSPA, ts.URL+settings.RouteSubmitFlow, conf.SelfServiceFlowSettingsUI().String())) + testhelpers.ExpectURL(isAPI || isSPA, ts.URL+settings.RouteSubmitFlow, conf.SelfServiceFlowSettingsUI(ctx).String())) } diff --git a/internal/testhelpers/config.go b/internal/testhelpers/config.go index e69a3141ab19..30e330374cb0 100644 --- a/internal/testhelpers/config.go +++ b/internal/testhelpers/config.go @@ -1,6 +1,7 @@ package testhelpers import ( + "context" "encoding/base64" "testing" @@ -20,16 +21,16 @@ func UseConfigFile(t *testing.T, path string) *pflag.FlagSet { } func SetDefaultIdentitySchema(conf *config.Config, url string) { - conf.MustSet(config.ViperKeyDefaultIdentitySchemaID, "default") - conf.MustSet(config.ViperKeyIdentitySchemas, config.Schemas{ + conf.MustSet(context.Background(), config.ViperKeyDefaultIdentitySchemaID, "default") + conf.MustSet(context.Background(), config.ViperKeyIdentitySchemas, config.Schemas{ {ID: "default", URL: url}, }) } // SetDefaultIdentitySchemaFromRaw allows setting the default identity schema from a raw JSON string. func SetDefaultIdentitySchemaFromRaw(conf *config.Config, schema []byte) { - conf.MustSet(config.ViperKeyDefaultIdentitySchemaID, "default") - conf.MustSet(config.ViperKeyIdentitySchemas, config.Schemas{ + conf.MustSet(context.Background(), config.ViperKeyDefaultIdentitySchemaID, "default") + conf.MustSet(context.Background(), config.ViperKeyIdentitySchemas, config.Schemas{ {ID: "default", URL: "base64://" + base64.URLEncoding.EncodeToString(schema)}, }) } diff --git a/internal/testhelpers/e2e_server.go b/internal/testhelpers/e2e_server.go index ff8f41e57b0c..671ad9e1671d 100644 --- a/internal/testhelpers/e2e_server.go +++ b/internal/testhelpers/e2e_server.go @@ -17,7 +17,6 @@ import ( "testing" "time" - "github.com/ory/kratos/corp" "github.com/ory/kratos/driver" "github.com/ory/x/dbal" @@ -39,7 +38,6 @@ import ( type ConfigOptions map[string]interface{} func init() { - corp.SetContextualizer(new(corp.ContextNoOp)) dbal.RegisterDriver(func() dbal.Driver { return driver.NewRegistryDefault() }) diff --git a/internal/testhelpers/errorx.go b/internal/testhelpers/errorx.go index 428368ac0c06..31eb321afe28 100644 --- a/internal/testhelpers/errorx.go +++ b/internal/testhelpers/errorx.go @@ -34,7 +34,7 @@ func NewErrorTestServer(t *testing.T, reg interface { })) t.Cleanup(ts.Close) ts.URL = strings.Replace(ts.URL, "127.0.0.1", "localhost", -1) - reg.Config(context.Background()).MustSet(config.ViperKeySelfServiceErrorUI, ts.URL) + reg.Config().MustSet(context.Background(), config.ViperKeySelfServiceErrorUI, ts.URL) return ts } @@ -47,7 +47,7 @@ func NewRedirTS(t *testing.T, body string, conf *config.Config) *httptest.Server _, _ = w.Write([]byte(body)) })) t.Cleanup(ts.Close) - conf.MustSet(config.ViperKeySelfServiceBrowserDefaultReturnTo, ts.URL) + conf.MustSet(context.Background(), config.ViperKeySelfServiceBrowserDefaultReturnTo, ts.URL) return ts } @@ -63,7 +63,7 @@ func NewRedirSessionEchoTS(t *testing.T, reg interface { reg.Writer().Write(w, r, sess) })) t.Cleanup(ts.Close) - reg.Config(context.Background()).MustSet(config.ViperKeySelfServiceBrowserDefaultReturnTo, ts.URL+"/return-ts") + reg.Config().MustSet(context.Background(), config.ViperKeySelfServiceBrowserDefaultReturnTo, ts.URL+"/return-ts") return ts } @@ -79,6 +79,6 @@ func NewRedirNoSessionTS(t *testing.T, reg interface { reg.Writer().Write(w, r, nil) })) t.Cleanup(ts.Close) - reg.Config(context.Background()).MustSet(config.ViperKeySelfServiceBrowserDefaultReturnTo, ts.URL+"/return-ts") + reg.Config().MustSet(context.Background(), config.ViperKeySelfServiceBrowserDefaultReturnTo, ts.URL+"/return-ts") return ts } diff --git a/internal/testhelpers/handler_mock.go b/internal/testhelpers/handler_mock.go index a8964f90fc63..07c1787e552c 100644 --- a/internal/testhelpers/handler_mock.go +++ b/internal/testhelpers/handler_mock.go @@ -39,7 +39,7 @@ func MockSetSession(t *testing.T, reg mockDeps, conf *config.Config) httprouter. func MockSetSessionWithIdentity(t *testing.T, reg mockDeps, conf *config.Config, i *identity.Identity) httprouter.Handle { return func(w http.ResponseWriter, r *http.Request, _ httprouter.Params) { - activeSession, _ := session.NewActiveSession(i, conf, time.Now().UTC(), identity.CredentialsTypePassword, identity.AuthenticatorAssuranceLevel1) + activeSession, _ := session.NewActiveSession(r.Context(), i, conf, time.Now().UTC(), identity.CredentialsTypePassword, identity.AuthenticatorAssuranceLevel1) if aal := r.URL.Query().Get("set_aal"); len(aal) > 0 { activeSession.AuthenticatorAssuranceLevel = identity.AuthenticatorAssuranceLevel(aal) } @@ -143,8 +143,9 @@ func MockSessionCreateHandlerWithIdentityAndAMR(t *testing.T, reg mockDeps, i *i } sess.SetAuthenticatorAssuranceLevel() - if _, err := reg.Config(context.Background()).DefaultIdentityTraitsSchemaURL(); err != nil { - SetDefaultIdentitySchema(reg.Config(context.Background()), "file://./stub/fake-session.schema.json") + ctx := context.Background() + if _, err := reg.Config().DefaultIdentityTraitsSchemaURL(ctx); err != nil { + SetDefaultIdentitySchema(reg.Config(), "file://./stub/fake-session.schema.json") } require.NoError(t, reg.PrivilegedIdentityPool().CreateIdentity(context.Background(), i)) diff --git a/internal/testhelpers/identity.go b/internal/testhelpers/identity.go index 133a5eb4121a..76c6cf10f7ea 100644 --- a/internal/testhelpers/identity.go +++ b/internal/testhelpers/identity.go @@ -17,7 +17,7 @@ func CreateSession(t *testing.T, reg driver.Registry) *session.Session { ctx := context.Background() i := identity.NewIdentity(config.DefaultIdentityTraitsSchemaID) require.NoError(t, reg.PrivilegedIdentityPool().CreateIdentity(ctx, i)) - sess, err := session.NewActiveSession(i, reg.Config(ctx), time.Now().UTC(), identity.CredentialsTypePassword, identity.AuthenticatorAssuranceLevel1) + sess, err := session.NewActiveSession(ctx, i, reg.Config(), time.Now().UTC(), identity.CredentialsTypePassword, identity.AuthenticatorAssuranceLevel1) require.NoError(t, err) require.NoError(t, reg.SessionPersister().UpsertSession(ctx, sess)) return sess diff --git a/internal/testhelpers/identity_schema.go b/internal/testhelpers/identity_schema.go index 2d418ec2421a..7f8e597e6c57 100644 --- a/internal/testhelpers/identity_schema.go +++ b/internal/testhelpers/identity_schema.go @@ -1,6 +1,7 @@ package testhelpers import ( + "context" "testing" "github.com/ory/kratos/driver/config" @@ -10,10 +11,11 @@ import ( // // testhelpers.SetIdentitySchemas(map[string]string{"customer": "file://customer.json"}) func SetIdentitySchemas(t *testing.T, conf *config.Config, schemas map[string]string) { + ctx := context.Background() var s []config.Schema for id, location := range schemas { s = append(s, config.Schema{ID: id, URL: location}) } - conf.MustSet(config.ViperKeyIdentitySchemas, s) + conf.MustSet(ctx, config.ViperKeyIdentitySchemas, s) } diff --git a/internal/testhelpers/selfservice.go b/internal/testhelpers/selfservice.go index cdd99824c196..8a21cb0aad89 100644 --- a/internal/testhelpers/selfservice.go +++ b/internal/testhelpers/selfservice.go @@ -27,6 +27,7 @@ func TestSelfServicePreHook( newServer func(t *testing.T) *httptest.Server, conf *config.Config, ) func(t *testing.T) { + ctx := context.Background() return func(t *testing.T) { t.Run("case=pass without hooks", func(t *testing.T) { t.Cleanup(SelfServiceHookConfigReset(t, conf)) @@ -37,7 +38,7 @@ func TestSelfServicePreHook( t.Run("case=pass if hooks pass", func(t *testing.T) { t.Cleanup(SelfServiceHookConfigReset(t, conf)) - conf.MustSet(configKey, []config.SelfServiceHook{{Name: "err", Config: []byte(`{}`)}}) + conf.MustSet(ctx, configKey, []config.SelfServiceHook{{Name: "err", Config: []byte(`{}`)}}) res, _ := makeRequestPre(t, newServer(t)) assert.EqualValues(t, http.StatusOK, res.StatusCode) @@ -45,7 +46,7 @@ func TestSelfServicePreHook( t.Run("case=err if hooks err", func(t *testing.T) { t.Cleanup(SelfServiceHookConfigReset(t, conf)) - conf.MustSet(configKey, []config.SelfServiceHook{{Name: "err", Config: []byte(`{"ExecuteLoginPreHook": "err","ExecuteRegistrationPreHook": "err"}`)}}) + conf.MustSet(ctx, configKey, []config.SelfServiceHook{{Name: "err", Config: []byte(`{"ExecuteLoginPreHook": "err","ExecuteRegistrationPreHook": "err"}`)}}) res, body := makeRequestPre(t, newServer(t)) assert.EqualValues(t, http.StatusInternalServerError, res.StatusCode, "%s", body) @@ -54,7 +55,7 @@ func TestSelfServicePreHook( t.Run("case=abort if hooks aborts", func(t *testing.T) { t.Cleanup(SelfServiceHookConfigReset(t, conf)) - conf.MustSet(configKey, []config.SelfServiceHook{{Name: "err", Config: []byte(`{"ExecuteLoginPreHook": "abort","ExecuteRegistrationPreHook": "abort"}`)}}) + conf.MustSet(ctx, configKey, []config.SelfServiceHook{{Name: "err", Config: []byte(`{"ExecuteLoginPreHook": "abort","ExecuteRegistrationPreHook": "abort"}`)}}) res, body := makeRequestPre(t, newServer(t)) assert.EqualValues(t, http.StatusOK, res.StatusCode) @@ -65,7 +66,7 @@ func TestSelfServicePreHook( t.Skipf("Skipped because pre-redirect is no longer supported") t.Cleanup(SelfServiceHookConfigReset(t, conf)) - conf.MustSet(configKey, []config.SelfServiceHook{{Name: "redirect", Config: []byte(`{"to": "https://www.ory.sh/"}`)}}) + conf.MustSet(ctx, configKey, []config.SelfServiceHook{{Name: "redirect", Config: []byte(`{"to": "https://www.ory.sh/"}`)}}) res, _ := makeRequestPre(t, newServer(t)) assert.EqualValues(t, http.StatusOK, res.StatusCode) @@ -89,50 +90,59 @@ func SelfServiceHookFakeIdentity(t *testing.T) *identity.Identity { } func SelfServiceHookConfigReset(t *testing.T, conf *config.Config) func() { + ctx := context.Background() return func() { - conf.MustSet(config.ViperKeySelfServiceLoginAfter, nil) - conf.MustSet(config.ViperKeySelfServiceLoginAfter+".hooks", nil) - conf.MustSet(config.ViperKeySelfServiceLoginBeforeHooks, nil) - conf.MustSet(config.ViperKeySelfServiceRecoveryAfter, nil) - conf.MustSet(config.ViperKeySelfServiceRecoveryAfter+".hooks", nil) - conf.MustSet(config.ViperKeySelfServiceRegistrationAfter, nil) - conf.MustSet(config.ViperKeySelfServiceRegistrationAfter+".hooks", nil) - conf.MustSet(config.ViperKeySelfServiceRegistrationBeforeHooks, nil) - conf.MustSet(config.ViperKeySelfServiceSettingsAfter, nil) - conf.MustSet(config.ViperKeySelfServiceSettingsAfter+".hooks", nil) + conf.MustSet(ctx, config.ViperKeySelfServiceLoginAfter, nil) + conf.MustSet(ctx, config.ViperKeySelfServiceLoginAfter+".hooks", nil) + conf.MustSet(ctx, config.ViperKeySelfServiceLoginBeforeHooks, nil) + conf.MustSet(ctx, config.ViperKeySelfServiceRecoveryAfter, nil) + conf.MustSet(ctx, config.ViperKeySelfServiceRecoveryAfter+".hooks", nil) + conf.MustSet(ctx, config.ViperKeySelfServiceRegistrationAfter, nil) + conf.MustSet(ctx, config.ViperKeySelfServiceRegistrationAfter+".hooks", nil) + conf.MustSet(ctx, config.ViperKeySelfServiceRegistrationBeforeHooks, nil) + conf.MustSet(ctx, config.ViperKeySelfServiceSettingsAfter, nil) + conf.MustSet(ctx, config.ViperKeySelfServiceSettingsAfter+".hooks", nil) } } func SelfServiceHookSettingsSetDefaultRedirectTo(t *testing.T, conf *config.Config, value string) { - conf.MustSet(config.ViperKeySelfServiceSettingsAfter+"."+config.DefaultBrowserReturnURL, value) + ctx := context.Background() + conf.MustSet(ctx, config.ViperKeySelfServiceSettingsAfter+"."+config.DefaultBrowserReturnURL, value) } func SelfServiceHookSettingsSetDefaultRedirectToStrategy(t *testing.T, conf *config.Config, strategy, value string) { - conf.MustSet(config.ViperKeySelfServiceSettingsAfter+"."+strategy+"."+config.DefaultBrowserReturnURL, value) + ctx := context.Background() + conf.MustSet(ctx, config.ViperKeySelfServiceSettingsAfter+"."+strategy+"."+config.DefaultBrowserReturnURL, value) } func SelfServiceHookLoginSetDefaultRedirectTo(t *testing.T, conf *config.Config, value string) { - conf.MustSet(config.ViperKeySelfServiceLoginAfter+"."+config.DefaultBrowserReturnURL, value) + ctx := context.Background() + conf.MustSet(ctx, config.ViperKeySelfServiceLoginAfter+"."+config.DefaultBrowserReturnURL, value) } func SelfServiceHookLoginSetDefaultRedirectToStrategy(t *testing.T, conf *config.Config, strategy, value string) { - conf.MustSet(config.ViperKeySelfServiceLoginAfter+"."+strategy+"."+config.DefaultBrowserReturnURL, value) + ctx := context.Background() + conf.MustSet(ctx, config.ViperKeySelfServiceLoginAfter+"."+strategy+"."+config.DefaultBrowserReturnURL, value) } func SelfServiceHookRegistrationSetDefaultRedirectTo(t *testing.T, conf *config.Config, value string) { - conf.MustSet(config.ViperKeySelfServiceRegistrationAfter+"."+config.DefaultBrowserReturnURL, value) + ctx := context.Background() + conf.MustSet(ctx, config.ViperKeySelfServiceRegistrationAfter+"."+config.DefaultBrowserReturnURL, value) } func SelfServiceHookRegistrationSetDefaultRedirectToStrategy(t *testing.T, conf *config.Config, strategy, value string) { - conf.MustSet(config.ViperKeySelfServiceRegistrationAfter+"."+strategy+"."+config.DefaultBrowserReturnURL, value) + ctx := context.Background() + conf.MustSet(ctx, config.ViperKeySelfServiceRegistrationAfter+"."+strategy+"."+config.DefaultBrowserReturnURL, value) } func SelfServiceHookLoginViperSetPost(t *testing.T, conf *config.Config, strategy string, c []config.SelfServiceHook) { - conf.MustSet(config.HookStrategyKey(config.ViperKeySelfServiceLoginAfter, strategy), c) + ctx := context.Background() + conf.MustSet(ctx, config.HookStrategyKey(config.ViperKeySelfServiceLoginAfter, strategy), c) } func SelfServiceHookRegistrationViperSetPost(t *testing.T, conf *config.Config, strategy string, c []config.SelfServiceHook) { - conf.MustSet(config.HookStrategyKey(config.ViperKeySelfServiceRegistrationAfter, strategy), c) + ctx := context.Background() + conf.MustSet(ctx, config.HookStrategyKey(config.ViperKeySelfServiceRegistrationAfter, strategy), c) } func SelfServiceHookLoginErrorHandler(t *testing.T, w http.ResponseWriter, r *http.Request, err error) bool { diff --git a/internal/testhelpers/selfservice_login.go b/internal/testhelpers/selfservice_login.go index 30121c08304c..e4b16e63a236 100644 --- a/internal/testhelpers/selfservice_login.go +++ b/internal/testhelpers/selfservice_login.go @@ -27,13 +27,14 @@ import ( ) func NewLoginUIFlowEchoServer(t *testing.T, reg driver.Registry) *httptest.Server { + ctx := context.Background() ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { e, err := reg.LoginFlowPersister().GetLoginFlow(r.Context(), x.ParseUUID(r.URL.Query().Get("flow"))) require.NoError(t, err) reg.Writer().Write(w, r, e) })) ts.URL = strings.Replace(ts.URL, "127.0.0.1", "localhost", -1) - reg.Config(context.Background()).MustSet(config.ViperKeySelfServiceLoginUI, ts.URL+"/login-ts") + reg.Config().MustSet(ctx, config.ViperKeySelfServiceLoginUI, ts.URL+"/login-ts") t.Cleanup(ts.Close) return ts } @@ -43,7 +44,8 @@ func NewLoginUIWith401Response(t *testing.T, c *config.Config) *httptest.Server w.WriteHeader(http.StatusUnauthorized) })) ts.URL = strings.Replace(ts.URL, "127.0.0.1", "localhost", -1) - c.MustSet(config.ViperKeySelfServiceLoginUI, ts.URL+"/login-ts") + ctx := context.Background() + c.MustSet(ctx, config.ViperKeySelfServiceLoginUI, ts.URL+"/login-ts") t.Cleanup(ts.Close) return ts } diff --git a/internal/testhelpers/selfservice_recovery.go b/internal/testhelpers/selfservice_recovery.go index 83eeb4aac922..d600931203cb 100644 --- a/internal/testhelpers/selfservice_recovery.go +++ b/internal/testhelpers/selfservice_recovery.go @@ -23,12 +23,13 @@ import ( ) func NewVerificationUIFlowEchoServer(t *testing.T, reg driver.Registry) *httptest.Server { + ctx := context.Background() ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { e, err := reg.VerificationFlowPersister().GetVerificationFlow(r.Context(), x.ParseUUID(r.URL.Query().Get("flow"))) require.NoError(t, err) reg.Writer().Write(w, r, e) })) - reg.Config(context.Background()).MustSet(config.ViperKeySelfServiceVerificationUI, ts.URL+"/verification-ts") + reg.Config().MustSet(ctx, config.ViperKeySelfServiceVerificationUI, ts.URL+"/verification-ts") t.Cleanup(ts.Close) return ts } diff --git a/internal/testhelpers/selfservice_registration.go b/internal/testhelpers/selfservice_registration.go index fe6cd52bab16..1e7379e63839 100644 --- a/internal/testhelpers/selfservice_registration.go +++ b/internal/testhelpers/selfservice_registration.go @@ -28,12 +28,13 @@ import ( ) func NewRegistrationUIFlowEchoServer(t *testing.T, reg driver.Registry) *httptest.Server { + ctx := context.Background() ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { e, err := reg.RegistrationFlowPersister().GetRegistrationFlow(r.Context(), x.ParseUUID(r.URL.Query().Get("flow"))) require.NoError(t, err) reg.Writer().Write(w, r, e) })) - reg.Config(context.Background()).MustSet(config.ViperKeySelfServiceRegistrationUI, ts.URL+"/registration-ts") + reg.Config().MustSet(ctx, config.ViperKeySelfServiceRegistrationUI, ts.URL+"/registration-ts") t.Cleanup(ts.Close) return ts } diff --git a/internal/testhelpers/selfservice_settings.go b/internal/testhelpers/selfservice_settings.go index 51e0a7ae88a4..f9524bb60872 100644 --- a/internal/testhelpers/selfservice_settings.go +++ b/internal/testhelpers/selfservice_settings.go @@ -31,12 +31,13 @@ import ( ) func NewSettingsUIFlowEchoServer(t *testing.T, reg driver.Registry) *httptest.Server { + ctx := context.Background() ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { e, err := reg.SettingsFlowPersister().GetSettingsFlow(r.Context(), x.ParseUUID(r.URL.Query().Get("flow"))) require.NoError(t, err) reg.Writer().Write(w, r, e) })) - reg.Config(context.Background()).MustSet(config.ViperKeySelfServiceSettingsURL, ts.URL+"/settings-ts") + reg.Config().MustSet(ctx, config.ViperKeySelfServiceSettingsURL, ts.URL+"/settings-ts") t.Cleanup(ts.Close) return ts } @@ -119,8 +120,9 @@ func NewSettingsUITestServer(t *testing.T, conf *config.Config) *httptest.Server ts := httptest.NewServer(router) t.Cleanup(ts.Close) - conf.MustSet(config.ViperKeySelfServiceSettingsURL, ts.URL+"/settings") - conf.MustSet(config.ViperKeySelfServiceLoginUI, ts.URL+"/login") + ctx := context.Background() + conf.MustSet(ctx, config.ViperKeySelfServiceSettingsURL, ts.URL+"/settings") + conf.MustSet(ctx, config.ViperKeySelfServiceLoginUI, ts.URL+"/login") return ts } @@ -139,8 +141,9 @@ func NewSettingsUIEchoServer(t *testing.T, reg *driver.RegistryDefault) *httptes ts := httptest.NewServer(router) t.Cleanup(ts.Close) - reg.Config(context.Background()).MustSet(config.ViperKeySelfServiceSettingsURL, ts.URL+"/settings") - reg.Config(context.Background()).MustSet(config.ViperKeySelfServiceLoginUI, ts.URL+"/login") + ctx := context.Background() + reg.Config().MustSet(ctx, config.ViperKeySelfServiceSettingsURL, ts.URL+"/settings") + reg.Config().MustSet(ctx, config.ViperKeySelfServiceLoginUI, ts.URL+"/login") return ts } @@ -151,7 +154,7 @@ func NewSettingsLoginAcceptAPIServer(t *testing.T, publicClient *kratos.APIClien require.Equal(t, 0, called) called++ - conf.MustSet(config.ViperKeySelfServiceSettingsPrivilegedAuthenticationAfter, "5m") + conf.MustSet(r.Context(), config.ViperKeySelfServiceSettingsPrivilegedAuthenticationAfter, "5m") res, _, err := publicClient.V0alpha2Api.GetSelfServiceLoginFlow(context.Background()).Id(r.URL.Query().Get("flow")).Execute() @@ -165,11 +168,13 @@ func NewSettingsLoginAcceptAPIServer(t *testing.T, publicClient *kratos.APIClien t.Cleanup(func() { loginTS.Close() }) - conf.MustSet(config.ViperKeySelfServiceLoginUI, loginTS.URL+"/login") + ctx := context.Background() + conf.MustSet(ctx, config.ViperKeySelfServiceLoginUI, loginTS.URL+"/login") return loginTS } func NewSettingsAPIServer(t *testing.T, reg *driver.RegistryDefault, ids map[string]*identity.Identity) (*httptest.Server, *httptest.Server, map[string]*http.Client) { + ctx := context.Background() public, admin := x.NewRouterPublic(), x.NewRouterAdmin() reg.SettingsHandler().RegisterAdminRoutes(admin) @@ -188,8 +193,8 @@ func NewSettingsAPIServer(t *testing.T, reg *driver.RegistryDefault, ids map[str t.Cleanup(tsp.Close) t.Cleanup(tsa.Close) - reg.Config(context.Background()).MustSet(config.ViperKeyPublicBaseURL, tsp.URL) - reg.Config(context.Background()).MustSet(config.ViperKeyAdminBaseURL, tsa.URL) + reg.Config().MustSet(ctx, config.ViperKeyPublicBaseURL, tsp.URL) + reg.Config().MustSet(ctx, config.ViperKeyAdminBaseURL, tsa.URL) // #nosec G112 return tsp, tsa, AddAndLoginIdentities(t, reg, &httptest.Server{Config: &http.Server{Handler: public}, URL: tsp.URL}, ids) } diff --git a/internal/testhelpers/selfservice_verification.go b/internal/testhelpers/selfservice_verification.go index 1cfca6fb9b5d..c204a0b10598 100644 --- a/internal/testhelpers/selfservice_verification.go +++ b/internal/testhelpers/selfservice_verification.go @@ -25,12 +25,13 @@ import ( ) func NewRecoveryUIFlowEchoServer(t *testing.T, reg driver.Registry) *httptest.Server { + ctx := context.Background() ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { e, err := reg.RecoveryFlowPersister().GetRecoveryFlow(r.Context(), x.ParseUUID(r.URL.Query().Get("flow"))) require.NoError(t, err) reg.Writer().Write(w, r, e) })) - reg.Config(context.Background()).MustSet(config.ViperKeySelfServiceRecoveryUI, ts.URL+"/recovery-ts") + reg.Config().MustSet(ctx, config.ViperKeySelfServiceRecoveryUI, ts.URL+"/recovery-ts") t.Cleanup(ts.Close) return ts } diff --git a/internal/testhelpers/server.go b/internal/testhelpers/server.go index 6b072434fc03..86045417c481 100644 --- a/internal/testhelpers/server.go +++ b/internal/testhelpers/server.go @@ -32,17 +32,18 @@ func NewKratosServerWithCSRFAndRouters(t *testing.T, reg driver.Registry) (publi ran.UseHandler(ra) public = httptest.NewServer(x.NewTestCSRFHandler(rp, reg)) admin = httptest.NewServer(ran) + ctx := context.Background() // Workaround for: // - https://github.com/golang/go/issues/12610 // - https://github.com/golang/go/issues/31054 public.URL = strings.Replace(public.URL, "127.0.0.1", "localhost", -1) - if len(reg.Config(context.Background()).Source().String(config.ViperKeySelfServiceLoginUI)) == 0 { - reg.Config(context.Background()).MustSet(config.ViperKeySelfServiceLoginUI, "http://NewKratosServerWithCSRF/you-forgot-to-set-me/login") + if len(reg.Config().GetProvider(ctx).String(config.ViperKeySelfServiceLoginUI)) == 0 { + reg.Config().MustSet(ctx, config.ViperKeySelfServiceLoginUI, "http://NewKratosServerWithCSRF/you-forgot-to-set-me/login") } - reg.Config(context.Background()).MustSet(config.ViperKeyPublicBaseURL, public.URL) - reg.Config(context.Background()).MustSet(config.ViperKeyAdminBaseURL, admin.URL) + reg.Config().MustSet(ctx, config.ViperKeyPublicBaseURL, public.URL) + reg.Config().MustSet(ctx, config.ViperKeyAdminBaseURL, admin.URL) reg.RegisterRoutes(context.Background(), rp, ra) @@ -63,11 +64,12 @@ func NewKratosServerWithRouters(t *testing.T, reg driver.Registry, rp *x.RouterP } func InitKratosServers(t *testing.T, reg driver.Registry, public, admin *httptest.Server) { - if len(reg.Config(context.Background()).Source().String(config.ViperKeySelfServiceLoginUI)) == 0 { - reg.Config(context.Background()).MustSet(config.ViperKeySelfServiceLoginUI, "http://NewKratosServerWithRouters/you-forgot-to-set-me/login") + ctx := context.Background() + if len(reg.Config().GetProvider(ctx).String(config.ViperKeySelfServiceLoginUI)) == 0 { + reg.Config().MustSet(ctx, config.ViperKeySelfServiceLoginUI, "http://NewKratosServerWithRouters/you-forgot-to-set-me/login") } - reg.Config(context.Background()).MustSet(config.ViperKeyPublicBaseURL, public.URL) - reg.Config(context.Background()).MustSet(config.ViperKeyAdminBaseURL, admin.URL) + reg.Config().MustSet(ctx, config.ViperKeyPublicBaseURL, public.URL) + reg.Config().MustSet(ctx, config.ViperKeyAdminBaseURL, admin.URL) reg.RegisterRoutes(context.Background(), public.Config.Handler.(*x.RouterPublic), admin.Config.Handler.(*x.RouterAdmin)) } diff --git a/internal/testhelpers/session.go b/internal/testhelpers/session.go index 5174067fc556..550f8dbac839 100644 --- a/internal/testhelpers/session.go +++ b/internal/testhelpers/session.go @@ -25,7 +25,7 @@ type SessionLifespanProvider struct { e time.Duration } -func (p *SessionLifespanProvider) SessionLifespan() time.Duration { +func (p *SessionLifespanProvider) SessionLifespan(ctx context.Context) time.Duration { return p.e } @@ -137,7 +137,8 @@ func NewHTTPClientWithSessionToken(t *testing.T, reg *driver.RegistryDefault, se } func NewHTTPClientWithArbitrarySessionToken(t *testing.T, reg *driver.RegistryDefault) *http.Client { - s, err := session.NewActiveSession( + ctx := context.Background() + s, err := session.NewActiveSession(ctx, &identity.Identity{ID: x.NewUUID(), State: identity.StateActive}, NewSessionLifespanProvider(time.Hour), time.Now(), @@ -150,7 +151,8 @@ func NewHTTPClientWithArbitrarySessionToken(t *testing.T, reg *driver.RegistryDe } func NewHTTPClientWithArbitrarySessionCookie(t *testing.T, reg *driver.RegistryDefault) *http.Client { - s, err := session.NewActiveSession( + ctx := context.Background() + s, err := session.NewActiveSession(ctx, &identity.Identity{ID: x.NewUUID(), State: identity.StateActive}, NewSessionLifespanProvider(time.Hour), time.Now(), @@ -163,7 +165,8 @@ func NewHTTPClientWithArbitrarySessionCookie(t *testing.T, reg *driver.RegistryD } func NewNoRedirectHTTPClientWithArbitrarySessionCookie(t *testing.T, reg *driver.RegistryDefault) *http.Client { - s, err := session.NewActiveSession( + ctx := context.Background() + s, err := session.NewActiveSession(ctx, &identity.Identity{ID: x.NewUUID(), State: identity.StateActive}, NewSessionLifespanProvider(time.Hour), time.Now(), @@ -176,7 +179,8 @@ func NewNoRedirectHTTPClientWithArbitrarySessionCookie(t *testing.T, reg *driver } func NewHTTPClientWithIdentitySessionCookie(t *testing.T, reg *driver.RegistryDefault, id *identity.Identity) *http.Client { - s, err := session.NewActiveSession(id, + ctx := context.Background() + s, err := session.NewActiveSession(ctx, id, NewSessionLifespanProvider(time.Hour), time.Now(), identity.CredentialsTypePassword, @@ -188,7 +192,8 @@ func NewHTTPClientWithIdentitySessionCookie(t *testing.T, reg *driver.RegistryDe } func NewHTTPClientWithIdentitySessionToken(t *testing.T, reg *driver.RegistryDefault, id *identity.Identity) *http.Client { - s, err := session.NewActiveSession(id, + ctx := context.Background() + s, err := session.NewActiveSession(ctx, id, NewSessionLifespanProvider(time.Hour), time.Now(), identity.CredentialsTypePassword, diff --git a/internal/testhelpers/strategies.go b/internal/testhelpers/strategies.go index d8f01873af95..fb83dc475735 100644 --- a/internal/testhelpers/strategies.go +++ b/internal/testhelpers/strategies.go @@ -1,6 +1,7 @@ package testhelpers import ( + "context" "fmt" "testing" @@ -8,5 +9,6 @@ import ( ) func StrategyEnable(t *testing.T, c *config.Config, strategy string, enable bool) { - c.MustSet(fmt.Sprintf("%s.%s.enabled", config.ViperKeySelfServiceStrategyConfig, strategy), enable) + ctx := context.Background() + c.MustSet(ctx, fmt.Sprintf("%s.%s.enabled", config.ViperKeySelfServiceStrategyConfig, strategy), enable) } diff --git a/main.go b/main.go index 6bef4fe307e6..e077c318c005 100644 --- a/main.go +++ b/main.go @@ -16,7 +16,6 @@ package main import ( - "github.com/ory/kratos/corp" "github.com/ory/kratos/driver" "github.com/ory/x/dbal" "github.com/ory/x/profilex" @@ -25,8 +24,6 @@ import ( ) func main() { - corp.SetContextualizer(new(corp.ContextNoOp)) - defer profilex.Profile().Stop() dbal.RegisterDriver(func() dbal.Driver { return driver.NewRegistryDefault() diff --git a/persistence/reference.go b/persistence/reference.go index eb01d1d5c665..b17b7e15d1dd 100644 --- a/persistence/reference.go +++ b/persistence/reference.go @@ -58,6 +58,6 @@ type Persister interface { type Networker interface { WithNetworkID(sid uuid.UUID) Persister - NetworkID() uuid.UUID + NetworkID(ctx context.Context) uuid.UUID DetermineNetwork(ctx context.Context) (*networkx.Network, error) } diff --git a/persistence/sql/migratest/migration_test.go b/persistence/sql/migratest/migration_test.go index 52168787a285..56720540f112 100644 --- a/persistence/sql/migratest/migration_test.go +++ b/persistence/sql/migratest/migration_test.go @@ -17,7 +17,6 @@ import ( "github.com/bradleyjkemp/cupaloy/v2" "github.com/stretchr/testify/assert" - "github.com/ory/kratos/corp" "github.com/ory/x/dbal" "github.com/ory/kratos/x/xsql" @@ -46,7 +45,6 @@ import ( ) func init() { - corp.SetContextualizer(new(corp.ContextNoOp)) dbal.RegisterDriver(func() dbal.Driver { return driver.NewRegistryDefault() }) @@ -75,18 +73,18 @@ func TestMigrations(t *testing.T) { require.NoError(t, sqlite.Open()) connections := map[string]*pop.Connection{ - //"sqlite": sqlite, + "sqlite": sqlite, } if !testing.Short() { dockertest.Parallel([]func(){ func() { - //connections["postgres"] = dockertest.ConnectToTestPostgreSQLPop(t) + connections["postgres"] = dockertest.ConnectToTestPostgreSQLPop(t) }, func() { connections["mysql"] = dockertest.ConnectToTestMySQLPop(t) }, func() { - //connections["cockroach"] = dockertest.ConnectToTestCockroachDBPop(t) + connections["cockroach"] = dockertest.ConnectToTestCockroachDBPop(t) }, }) } @@ -127,7 +125,7 @@ func TestMigrations(t *testing.T) { }) t.Run("suite=fixtures", func(t *testing.T) { - d := driver.New( + d, err := driver.New( context.Background(), os.Stderr, configx.WithValues(map[string]interface{}{ @@ -138,6 +136,7 @@ func TestMigrations(t *testing.T) { }), configx.SkipValidation(), ) + require.NoError(t, err) t.Run("case=identity", func(t *testing.T) { ids, err := d.PrivilegedIdentityPool().ListIdentities(context.Background(), 0, 1000) diff --git a/persistence/sql/persister.go b/persistence/sql/persister.go index 53d5fea105d8..0b43dd4b4987 100644 --- a/persistence/sql/persister.go +++ b/persistence/sql/persister.go @@ -6,9 +6,9 @@ import ( "fmt" "time" - "github.com/ory/x/fsx" + "github.com/ory/x/contextx" - "github.com/ory/kratos/corp" + "github.com/ory/x/fsx" "github.com/gobuffalo/pop/v6" "github.com/gobuffalo/pop/v6/columns" @@ -38,6 +38,7 @@ type ( identity.ValidationProvider x.LoggingProvider config.Provider + contextx.Provider x.TracingProvider } Persister struct { @@ -64,12 +65,8 @@ func NewPersister(ctx context.Context, r persisterDependencies, c *pop.Connectio }, nil } -func (p *Persister) NetworkID() uuid.UUID { - if p.nid == uuid.Nil { - panic("NetworkID called before initialized") - } - - return p.nid +func (p *Persister) NetworkID(ctx context.Context) uuid.UUID { + return p.r.Contextualizer().Network(ctx, p.nid) } func (p Persister) WithNetworkID(sid uuid.UUID) persistence.Persister { @@ -245,7 +242,7 @@ func (p *Persister) delete(ctx context.Context, v interface{}, id uuid.UUID) err ctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, "persistence.sql.delete") defer span.End() - nid := corp.ContextualizeNID(ctx, p.nid) + nid := p.NetworkID(ctx) tabler, ok := v.(interface { TableName(ctx context.Context) string diff --git a/persistence/sql/persister_cleanup_test.go b/persistence/sql/persister_cleanup_test.go index bedf286bcbee..8232660649d3 100644 --- a/persistence/sql/persister_cleanup_test.go +++ b/persistence/sql/persister_cleanup_test.go @@ -16,12 +16,12 @@ func TestPersister_Cleanup(t *testing.T) { ctx := context.Background() t.Run("case=should not throw error on cleanup", func(t *testing.T) { - assert.Nil(t, p.CleanupDatabase(ctx, 0, 0, reg.Config(context.Background()).DatabaseCleanupBatchSize())) + assert.Nil(t, p.CleanupDatabase(ctx, 0, 0, reg.Config().DatabaseCleanupBatchSize(ctx))) }) t.Run("case=should throw error on cleanup", func(t *testing.T) { p.GetConnection(ctx).Close() - assert.Error(t, p.CleanupDatabase(ctx, 0, 0, reg.Config(context.Background()).DatabaseCleanupBatchSize())) + assert.Error(t, p.CleanupDatabase(ctx, 0, 0, reg.Config().DatabaseCleanupBatchSize(ctx))) }) } @@ -32,12 +32,12 @@ func TestPersister_Continuity_Cleanup(t *testing.T) { ctx := context.Background() t.Run("case=should not throw error on cleanup continuity sessions", func(t *testing.T) { - assert.Nil(t, p.DeleteExpiredContinuitySessions(ctx, currentTime, reg.Config(context.Background()).DatabaseCleanupBatchSize())) + assert.Nil(t, p.DeleteExpiredContinuitySessions(ctx, currentTime, reg.Config().DatabaseCleanupBatchSize(ctx))) }) t.Run("case=should throw error on cleanup continuity sessions", func(t *testing.T) { p.GetConnection(ctx).Close() - assert.Error(t, p.DeleteExpiredContinuitySessions(ctx, currentTime, reg.Config(context.Background()).DatabaseCleanupBatchSize())) + assert.Error(t, p.DeleteExpiredContinuitySessions(ctx, currentTime, reg.Config().DatabaseCleanupBatchSize(ctx))) }) } @@ -48,12 +48,12 @@ func TestPersister_Login_Cleanup(t *testing.T) { ctx := context.Background() t.Run("case=should not throw error on cleanup login flows", func(t *testing.T) { - assert.Nil(t, p.DeleteExpiredLoginFlows(ctx, currentTime, reg.Config(context.Background()).DatabaseCleanupBatchSize())) + assert.Nil(t, p.DeleteExpiredLoginFlows(ctx, currentTime, reg.Config().DatabaseCleanupBatchSize(ctx))) }) t.Run("case=should throw error on cleanup login flows", func(t *testing.T) { p.GetConnection(ctx).Close() - assert.Error(t, p.DeleteExpiredLoginFlows(ctx, currentTime, reg.Config(context.Background()).DatabaseCleanupBatchSize())) + assert.Error(t, p.DeleteExpiredLoginFlows(ctx, currentTime, reg.Config().DatabaseCleanupBatchSize(ctx))) }) } @@ -64,12 +64,12 @@ func TestPersister_Recovery_Cleanup(t *testing.T) { ctx := context.Background() t.Run("case=should not throw error on cleanup recovery flows", func(t *testing.T) { - assert.Nil(t, p.DeleteExpiredRecoveryFlows(ctx, currentTime, reg.Config(context.Background()).DatabaseCleanupBatchSize())) + assert.Nil(t, p.DeleteExpiredRecoveryFlows(ctx, currentTime, reg.Config().DatabaseCleanupBatchSize(ctx))) }) t.Run("case=should throw error on cleanup recovery flows", func(t *testing.T) { p.GetConnection(ctx).Close() - assert.Error(t, p.DeleteExpiredRecoveryFlows(ctx, currentTime, reg.Config(context.Background()).DatabaseCleanupBatchSize())) + assert.Error(t, p.DeleteExpiredRecoveryFlows(ctx, currentTime, reg.Config().DatabaseCleanupBatchSize(ctx))) }) } @@ -80,12 +80,12 @@ func TestPersister_Registration_Cleanup(t *testing.T) { ctx := context.Background() t.Run("case=should not throw error on cleanup registration flows", func(t *testing.T) { - assert.Nil(t, p.DeleteExpiredRegistrationFlows(ctx, currentTime, reg.Config(context.Background()).DatabaseCleanupBatchSize())) + assert.Nil(t, p.DeleteExpiredRegistrationFlows(ctx, currentTime, reg.Config().DatabaseCleanupBatchSize(ctx))) }) t.Run("case=should throw error on cleanup registration flows", func(t *testing.T) { p.GetConnection(ctx).Close() - assert.Error(t, p.DeleteExpiredRegistrationFlows(ctx, currentTime, reg.Config(context.Background()).DatabaseCleanupBatchSize())) + assert.Error(t, p.DeleteExpiredRegistrationFlows(ctx, currentTime, reg.Config().DatabaseCleanupBatchSize(ctx))) }) } @@ -96,12 +96,12 @@ func TestPersister_Session_Cleanup(t *testing.T) { ctx := context.Background() t.Run("case=should not throw error on cleanup sessions", func(t *testing.T) { - assert.Nil(t, p.DeleteExpiredSessions(ctx, currentTime, reg.Config(context.Background()).DatabaseCleanupBatchSize())) + assert.Nil(t, p.DeleteExpiredSessions(ctx, currentTime, reg.Config().DatabaseCleanupBatchSize(ctx))) }) t.Run("case=should throw error on cleanup sessions", func(t *testing.T) { p.GetConnection(ctx).Close() - assert.Error(t, p.DeleteExpiredSessions(ctx, currentTime, reg.Config(context.Background()).DatabaseCleanupBatchSize())) + assert.Error(t, p.DeleteExpiredSessions(ctx, currentTime, reg.Config().DatabaseCleanupBatchSize(ctx))) }) } @@ -112,12 +112,12 @@ func TestPersister_Settings_Cleanup(t *testing.T) { ctx := context.Background() t.Run("case=should not throw error on cleanup setting flows", func(t *testing.T) { - assert.Nil(t, p.DeleteExpiredSettingsFlows(ctx, currentTime, reg.Config(context.Background()).DatabaseCleanupBatchSize())) + assert.Nil(t, p.DeleteExpiredSettingsFlows(ctx, currentTime, reg.Config().DatabaseCleanupBatchSize(ctx))) }) t.Run("case=should throw error on cleanup setting flows", func(t *testing.T) { p.GetConnection(ctx).Close() - assert.Error(t, p.DeleteExpiredSettingsFlows(ctx, currentTime, reg.Config(context.Background()).DatabaseCleanupBatchSize())) + assert.Error(t, p.DeleteExpiredSettingsFlows(ctx, currentTime, reg.Config().DatabaseCleanupBatchSize(ctx))) }) } @@ -128,11 +128,11 @@ func TestPersister_Verification_Cleanup(t *testing.T) { ctx := context.Background() t.Run("case=should not throw error on cleanup verification flows", func(t *testing.T) { - assert.Nil(t, p.DeleteExpiredVerificationFlows(ctx, currentTime, reg.Config(context.Background()).DatabaseCleanupBatchSize())) + assert.Nil(t, p.DeleteExpiredVerificationFlows(ctx, currentTime, reg.Config().DatabaseCleanupBatchSize(ctx))) }) t.Run("case=should throw error on cleanup verification flows", func(t *testing.T) { p.GetConnection(ctx).Close() - assert.Error(t, p.DeleteExpiredVerificationFlows(ctx, currentTime, reg.Config(context.Background()).DatabaseCleanupBatchSize())) + assert.Error(t, p.DeleteExpiredVerificationFlows(ctx, currentTime, reg.Config().DatabaseCleanupBatchSize(ctx))) }) } diff --git a/persistence/sql/persister_continuity.go b/persistence/sql/persister_continuity.go index 9151a4ba1dde..cc69644bceb1 100644 --- a/persistence/sql/persister_continuity.go +++ b/persistence/sql/persister_continuity.go @@ -7,8 +7,6 @@ import ( "github.com/pkg/errors" - "github.com/ory/kratos/corp" - "github.com/gofrs/uuid" "github.com/ory/x/sqlcon" @@ -22,7 +20,7 @@ func (p *Persister) SaveContinuitySession(ctx context.Context, c *continuity.Con ctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, "persistence.sql.SaveContinuitySession") defer span.End() - c.NID = corp.ContextualizeNID(ctx, p.nid) + c.NID = p.NetworkID(ctx) return sqlcon.HandleError(p.GetConnection(ctx).Create(c)) } @@ -31,7 +29,7 @@ func (p *Persister) GetContinuitySession(ctx context.Context, id uuid.UUID) (*co defer span.End() var c continuity.Container - if err := p.GetConnection(ctx).Where("id = ? AND nid = ?", id, corp.ContextualizeNID(ctx, p.nid)).First(&c); err != nil { + if err := p.GetConnection(ctx).Where("id = ? AND nid = ?", id, p.NetworkID(ctx)).First(&c); err != nil { return nil, sqlcon.HandleError(err) } return &c, nil @@ -44,7 +42,7 @@ func (p *Persister) DeleteContinuitySession(ctx context.Context, id uuid.UUID) e if count, err := p.GetConnection(ctx).RawQuery( // #nosec fmt.Sprintf("DELETE FROM %s WHERE id=? AND nid=?", - new(continuity.Container).TableName(ctx)), id, corp.ContextualizeNID(ctx, p.nid)).ExecWithCount(); err != nil { + new(continuity.Container).TableName(ctx)), id, p.NetworkID(ctx)).ExecWithCount(); err != nil { return sqlcon.HandleError(err) } else if count == 0 { return errors.WithStack(sqlcon.ErrNoRows) @@ -61,7 +59,7 @@ func (p *Persister) DeleteExpiredContinuitySessions(ctx context.Context, expires limit, ), expiresAt, - corp.ContextualizeNID(ctx, p.nid), + p.NetworkID(ctx), ).Exec() if err != nil { return sqlcon.HandleError(err) diff --git a/persistence/sql/persister_courier.go b/persistence/sql/persister_courier.go index 9fc56bedea6d..44158dc351ea 100644 --- a/persistence/sql/persister_courier.go +++ b/persistence/sql/persister_courier.go @@ -4,13 +4,10 @@ import ( "context" "database/sql" "fmt" - "github.com/gobuffalo/pop/v6" "github.com/gofrs/uuid" "github.com/pkg/errors" - "github.com/ory/kratos/corp" - "github.com/ory/x/sqlcon" "github.com/ory/kratos/courier" @@ -22,7 +19,7 @@ func (p *Persister) AddMessage(ctx context.Context, m *courier.Message) error { ctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, "persistence.sql.AddMessage") defer span.End() - m.NID = corp.ContextualizeNID(ctx, p.nid) + m.NID = p.NetworkID(ctx) m.Status = courier.MessageStatusQueued return sqlcon.HandleError(p.GetConnection(ctx).Create(m)) // do not create eager to avoid identity injection. } @@ -35,7 +32,7 @@ func (p *Persister) NextMessages(ctx context.Context, limit uint8) (messages []c var m []courier.Message if err := tx. Where("nid = ? AND status = ?", - corp.ContextualizeNID(ctx, p.nid), + p.NetworkID(ctx), courier.MessageStatusQueued, ). Order("created_at ASC"). @@ -79,7 +76,7 @@ func (p *Persister) LatestQueuedMessage(ctx context.Context) (*courier.Message, var m courier.Message if err := p.GetConnection(ctx). Where("nid = ? AND status = ?", - corp.ContextualizeNID(ctx, p.nid), + p.NetworkID(ctx), courier.MessageStatusQueued, ). Order("created_at DESC"). @@ -101,11 +98,11 @@ func (p *Persister) SetMessageStatus(ctx context.Context, id uuid.UUID, ms couri // #nosec G201 fmt.Sprintf( "UPDATE %s SET status = ? WHERE id = ? AND nid = ?", - corp.ContextualizeTableName(ctx, "courier_messages"), + "courier_messages", ), ms, id, - corp.ContextualizeNID(ctx, p.nid), + p.NetworkID(ctx), ).ExecWithCount() if err != nil { return sqlcon.HandleError(err) @@ -126,10 +123,10 @@ func (p *Persister) IncrementMessageSendCount(ctx context.Context, id uuid.UUID) // #nosec G201 fmt.Sprintf( "UPDATE %s SET send_count = send_count + 1 WHERE id = ? AND nid = ?", - corp.ContextualizeTableName(ctx, "courier_messages"), + "courier_messages", ), id, - corp.ContextualizeNID(ctx, p.nid), + p.NetworkID(ctx), ).ExecWithCount() if err != nil { diff --git a/persistence/sql/persister_errorx.go b/persistence/sql/persister_errorx.go index 8b3e6d866c5b..ba7adcb54a45 100644 --- a/persistence/sql/persister_errorx.go +++ b/persistence/sql/persister_errorx.go @@ -9,8 +9,6 @@ import ( "github.com/ory/kratos/x" - "github.com/ory/kratos/corp" - "github.com/gofrs/uuid" "github.com/pkg/errors" @@ -35,7 +33,7 @@ func (p *Persister) Add(ctx context.Context, csrfToken string, errs error) (uuid c := &errorx.ErrorContainer{ ID: x.NewUUID(), - NID: corp.ContextualizeNID(ctx, p.nid), + NID: p.NetworkID(ctx), CSRFToken: csrfToken, Errors: buf.Bytes(), WasSeen: false, @@ -53,14 +51,14 @@ func (p *Persister) Read(ctx context.Context, id uuid.UUID) (*errorx.ErrorContai defer span.End() var ec errorx.ErrorContainer - if err := p.GetConnection(ctx).Where("id = ? AND nid = ?", id, corp.ContextualizeNID(ctx, p.nid)).First(&ec); err != nil { + if err := p.GetConnection(ctx).Where("id = ? AND nid = ?", id, p.NetworkID(ctx)).First(&ec); err != nil { return nil, sqlcon.HandleError(err) } // #nosec G201 if err := p.GetConnection(ctx).RawQuery( - fmt.Sprintf("UPDATE %s SET was_seen = true, seen_at = ? WHERE id = ? AND nid = ?", corp.ContextualizeTableName(ctx, "selfservice_errors")), - time.Now().UTC(), id, corp.ContextualizeNID(ctx, p.nid)).Exec(); err != nil { + fmt.Sprintf("UPDATE %s SET was_seen = true, seen_at = ? WHERE id = ? AND nid = ?", "selfservice_errors"), + time.Now().UTC(), id, p.NetworkID(ctx)).Exec(); err != nil { return nil, sqlcon.HandleError(err) } @@ -74,13 +72,13 @@ func (p *Persister) Clear(ctx context.Context, olderThan time.Duration, force bo if force { // #nosec G201 err = p.GetConnection(ctx).RawQuery( - fmt.Sprintf("DELETE FROM %s WHERE nid = ? AND seen_at < ? AND seen_at IS NOT NULL", corp.ContextualizeTableName(ctx, "selfservice_errors")), - corp.ContextualizeNID(ctx, p.nid), time.Now().UTC().Add(-olderThan)).Exec() + fmt.Sprintf("DELETE FROM %s WHERE nid = ? AND seen_at < ? AND seen_at IS NOT NULL", "selfservice_errors"), + p.NetworkID(ctx), time.Now().UTC().Add(-olderThan)).Exec() } else { // #nosec G201 err = p.GetConnection(ctx).RawQuery( - fmt.Sprintf("DELETE FROM %s WHERE nid = ? AND was_seen=true AND seen_at < ? AND seen_at IS NOT NULL", corp.ContextualizeTableName(ctx, "selfservice_errors")), - corp.ContextualizeNID(ctx, p.nid), time.Now().UTC().Add(-olderThan)).Exec() + fmt.Sprintf("DELETE FROM %s WHERE nid = ? AND was_seen=true AND seen_at < ? AND seen_at IS NOT NULL", "selfservice_errors"), + p.NetworkID(ctx), time.Now().UTC().Add(-olderThan)).Exec() } return sqlcon.HandleError(err) diff --git a/persistence/sql/persister_hmac.go b/persistence/sql/persister_hmac.go index bab8257af759..25025118389d 100644 --- a/persistence/sql/persister_hmac.go +++ b/persistence/sql/persister_hmac.go @@ -9,7 +9,7 @@ import ( ) func (p *Persister) hmacValue(ctx context.Context, value string) string { - return p.hmacValueWithSecret(ctx, value, p.r.Config(ctx).SecretsSession()[0]) + return p.hmacValueWithSecret(ctx, value, p.r.Config().SecretsSession(ctx)[0]) } func (p *Persister) hmacValueWithSecret(ctx context.Context, value string, secret []byte) string { @@ -21,7 +21,7 @@ func (p *Persister) hmacValueWithSecret(ctx context.Context, value string, secre } func (p *Persister) hmacConstantCompare(ctx context.Context, value, hash string) bool { - for _, secret := range p.r.Config(ctx).SecretsSession() { + for _, secret := range p.r.Config().SecretsSession(ctx) { if subtle.ConstantTimeCompare([]byte(p.hmacValueWithSecret(ctx, value, secret)), []byte(hash)) == 1 { return true } diff --git a/persistence/sql/persister_hmac_test.go b/persistence/sql/persister_hmac_test.go index 7f345d1237f9..8e9bfa16388b 100644 --- a/persistence/sql/persister_hmac_test.go +++ b/persistence/sql/persister_hmac_test.go @@ -5,6 +5,8 @@ import ( "os" "testing" + "github.com/ory/x/contextx" + "github.com/ory/x/configx" "github.com/ory/x/otelx" @@ -25,6 +27,15 @@ type logRegistryOnly struct { c *config.Config } +func (l *logRegistryOnly) Config() *config.Config { + return l.c +} + +func (l *logRegistryOnly) Contextualizer() contextx.Contextualizer { + //TODO implement me + panic("implement me") +} + func (l *logRegistryOnly) IdentityTraitsSchemas(ctx context.Context) (schema.Schemas, error) { panic("implement me") } @@ -40,10 +51,6 @@ func (l *logRegistryOnly) Logger() *logrusx.Logger { return l.l } -func (l *logRegistryOnly) Config(_ context.Context) *config.Config { - return l.c -} - func (l *logRegistryOnly) Audit() *logrusx.Logger { panic("implement me") } @@ -55,8 +62,9 @@ func (l *logRegistryOnly) Tracer(ctx context.Context) *otelx.Tracer { var _ persisterDependencies = &logRegistryOnly{} func TestPersisterHMAC(t *testing.T) { + ctx := context.Background() conf := config.MustNew(t, logrusx.New("", ""), os.Stderr, configx.SkipValidation()) - conf.MustSet(config.ViperKeySecretsDefault, []string{"foobarbaz"}) + conf.MustSet(ctx, config.ViperKeySecretsDefault, []string{"foobarbaz"}) c, err := pop.NewConnection(&pop.ConnectionDetails{URL: "sqlite://foo?mode=memory"}) require.NoError(t, err) p, err := NewPersister(context.Background(), &logRegistryOnly{c: conf}, c) @@ -67,11 +75,11 @@ func TestPersisterHMAC(t *testing.T) { assert.False(t, p.hmacConstantCompare(context.Background(), "hashme", p.hmacValue(context.Background(), "notme"))) hash := p.hmacValue(context.Background(), "hashme") - conf.MustSet(config.ViperKeySecretsDefault, []string{"notfoobarbaz"}) + conf.MustSet(ctx, config.ViperKeySecretsDefault, []string{"notfoobarbaz"}) assert.False(t, p.hmacConstantCompare(context.Background(), "hashme", hash)) assert.True(t, p.hmacConstantCompare(context.Background(), "hashme", p.hmacValue(context.Background(), "hashme"))) - conf.MustSet(config.ViperKeySecretsDefault, []string{"notfoobarbaz", "foobarbaz"}) + conf.MustSet(ctx, config.ViperKeySecretsDefault, []string{"notfoobarbaz", "foobarbaz"}) assert.True(t, p.hmacConstantCompare(context.Background(), "hashme", hash)) assert.True(t, p.hmacConstantCompare(context.Background(), "hashme", p.hmacValue(context.Background(), "hashme"))) assert.NotEqual(t, hash, p.hmacValue(context.Background(), "hashme")) diff --git a/persistence/sql/persister_identity.go b/persistence/sql/persister_identity.go index 91ffae4d3a1a..22e13f1b5e62 100644 --- a/persistence/sql/persister_identity.go +++ b/persistence/sql/persister_identity.go @@ -9,8 +9,6 @@ import ( "github.com/ory/kratos/credentialmigrate" - "github.com/ory/kratos/corp" - "github.com/ory/jsonschema/v3" "github.com/ory/x/sqlxx" @@ -35,7 +33,7 @@ func (p *Persister) ListVerifiableAddresses(ctx context.Context, page, itemsPerP ctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, "persistence.sql.ListVerifiableAddresses") defer span.End() - if err := p.GetConnection(ctx).Where("nid = ?", corp.ContextualizeNID(ctx, p.nid)).Order("id DESC").Paginate(page, x.MaxItemsPerPage(itemsPerPage)).All(&a); err != nil { + if err := p.GetConnection(ctx).Where("nid = ?", p.NetworkID(ctx)).Order("id DESC").Paginate(page, x.MaxItemsPerPage(itemsPerPage)).All(&a); err != nil { return nil, sqlcon.HandleError(err) } @@ -46,7 +44,7 @@ func (p *Persister) ListRecoveryAddresses(ctx context.Context, page, itemsPerPag ctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, "persistence.sql.ListRecoveryAddresses") defer span.End() - if err := p.GetConnection(ctx).Where("nid = ?", corp.ContextualizeNID(ctx, p.nid)).Order("id DESC").Paginate(page, x.MaxItemsPerPage(itemsPerPage)).All(&a); err != nil { + if err := p.GetConnection(ctx).Where("nid = ?", p.NetworkID(ctx)).Order("id DESC").Paginate(page, x.MaxItemsPerPage(itemsPerPage)).All(&a); err != nil { return nil, sqlcon.HandleError(err) } @@ -80,7 +78,7 @@ func (p *Persister) FindByCredentialsIdentifier(ctx context.Context, ct identity ctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, "persistence.sql.FindByCredentialsIdentifier") defer span.End() - nid := corp.ContextualizeNID(ctx, p.nid) + nid := p.NetworkID(ctx) var find struct { IdentityID uuid.UUID `db:"identity_id"` @@ -99,9 +97,9 @@ WHERE ici.identifier = ? AND ic.nid = ? AND ici.nid = ? AND ict.name = ?`, - corp.ContextualizeTableName(ctx, "identity_credentials"), - corp.ContextualizeTableName(ctx, "identity_credential_types"), - corp.ContextualizeTableName(ctx, "identity_credential_identifiers"), + "identity_credentials", + "identity_credential_types", + "identity_credential_identifiers", ), match, nid, @@ -145,7 +143,7 @@ func (p *Persister) createIdentityCredentials(ctx context.Context, i *identity.I c := p.GetConnection(ctx) - nid := corp.ContextualizeNID(ctx, p.nid) + nid := p.NetworkID(ctx) for k := range i.Credentials { cred := i.Credentials[k] @@ -177,7 +175,7 @@ func (p *Persister) createIdentityCredentials(ctx context.Context, i *identity.I Identifier: ids, IdentityCredentialsID: cred.ID, IdentityCredentialsTypeID: ct.ID, - NID: corp.ContextualizeNID(ctx, p.nid), + NID: p.NetworkID(ctx), }); err != nil { return sqlcon.HandleError(err) } @@ -195,7 +193,7 @@ func (p *Persister) createVerifiableAddresses(ctx context.Context, i *identity.I for k := range i.VerifiableAddresses { i.VerifiableAddresses[k].IdentityID = i.ID - i.VerifiableAddresses[k].NID = corp.ContextualizeNID(ctx, p.nid) + i.VerifiableAddresses[k].NID = p.NetworkID(ctx) i.VerifiableAddresses[k].Value = stringToLowerTrim(i.VerifiableAddresses[k].Value) if err := p.GetConnection(ctx).Create(&i.VerifiableAddresses[k]); err != nil { return err @@ -210,7 +208,7 @@ func (p *Persister) createRecoveryAddresses(ctx context.Context, i *identity.Ide for k := range i.RecoveryAddresses { i.RecoveryAddresses[k].IdentityID = i.ID - i.RecoveryAddresses[k].NID = corp.ContextualizeNID(ctx, p.nid) + i.RecoveryAddresses[k].NID = p.NetworkID(ctx) i.RecoveryAddresses[k].Value = stringToLowerTrim(i.RecoveryAddresses[k].Value) if err := p.GetConnection(ctx).Create(&i.RecoveryAddresses[k]); err != nil { return err @@ -224,7 +222,7 @@ func (p *Persister) findVerifiableAddresses(ctx context.Context, i *identity.Ide defer span.End() var addresses []identity.VerifiableAddress - if err := p.GetConnection(ctx).Where("identity_id = ? AND nid = ?", i.ID, corp.ContextualizeNID(ctx, p.nid)).Order("id ASC").All(&addresses); err != nil { + if err := p.GetConnection(ctx).Where("identity_id = ? AND nid = ?", i.ID, p.NetworkID(ctx)).Order("id ASC").All(&addresses); err != nil { return err } i.VerifiableAddresses = addresses @@ -236,7 +234,7 @@ func (p *Persister) findRecoveryAddresses(ctx context.Context, i *identity.Ident defer span.End() var addresses []identity.RecoveryAddress - if err := p.GetConnection(ctx).Where("identity_id = ? AND nid = ?", i.ID, corp.ContextualizeNID(ctx, p.nid)).Order("id ASC").All(&addresses); err != nil { + if err := p.GetConnection(ctx).Where("identity_id = ? AND nid = ?", i.ID, p.NetworkID(ctx)).Order("id ASC").All(&addresses); err != nil { return err } i.RecoveryAddresses = addresses @@ -247,7 +245,7 @@ func (p *Persister) CountIdentities(ctx context.Context) (int64, error) { ctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, "persistence.sql.CountIdentities") defer span.End() - count, err := p.c.WithContext(ctx).Where("nid = ?", corp.ContextualizeNID(ctx, p.nid)).Count(new(identity.Identity)) + count, err := p.c.WithContext(ctx).Where("nid = ?", p.NetworkID(ctx)).Count(new(identity.Identity)) if err != nil { return 0, sqlcon.HandleError(err) } @@ -258,10 +256,10 @@ func (p *Persister) CreateIdentity(ctx context.Context, i *identity.Identity) er ctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, "persistence.sql.CreateIdentity") defer span.End() - i.NID = corp.ContextualizeNID(ctx, p.nid) + i.NID = p.NetworkID(ctx) if i.SchemaID == "" { - i.SchemaID = p.r.Config(ctx).DefaultIdentityTraitsSchemaID() + i.SchemaID = p.r.Config().DefaultIdentityTraitsSchemaID(ctx) } stateChangedAt := sqlxx.NullTime(time.Now()) @@ -306,7 +304,7 @@ func (p *Persister) ListIdentities(ctx context.Context, page, perPage int) ([]id is := make([]identity.Identity, 0) /* #nosec G201 TableName is static */ - if err := sqlcon.HandleError(p.GetConnection(ctx).Where("nid = ?", corp.ContextualizeNID(ctx, p.nid)). + if err := sqlcon.HandleError(p.GetConnection(ctx).Where("nid = ?", p.NetworkID(ctx)). EagerPreload("VerifiableAddresses", "RecoveryAddresses"). Paginate(page, perPage).Order("id DESC"). All(&is)); err != nil { @@ -344,9 +342,9 @@ func (p *Persister) UpdateIdentity(ctx context.Context, i *identity.Identity) er return err } - i.NID = corp.ContextualizeNID(ctx, p.nid) + i.NID = p.NetworkID(ctx) return sqlcon.HandleError(p.Transaction(ctx, func(ctx context.Context, tx *pop.Connection) error { - if count, err := tx.Where("id = ? AND nid = ?", i.ID, corp.ContextualizeNID(ctx, p.nid)).Count(i); err != nil { + if count, err := tx.Where("id = ? AND nid = ?", i.ID, p.NetworkID(ctx)).Count(i); err != nil { return err } else if count == 0 { return sql.ErrNoRows @@ -359,7 +357,7 @@ func (p *Persister) UpdateIdentity(ctx context.Context, i *identity.Identity) er } { /* #nosec G201 TableName is static */ if err := tx.RawQuery(fmt.Sprintf( - `DELETE FROM %s WHERE identity_id = ? AND nid = ?`, tn), i.ID, corp.ContextualizeNID(ctx, p.nid)).Exec(); err != nil { + `DELETE FROM %s WHERE identity_id = ? AND nid = ?`, tn), i.ID, p.NetworkID(ctx)).Exec(); err != nil { return err } } @@ -392,7 +390,7 @@ func (p *Persister) GetIdentity(ctx context.Context, id uuid.UUID) (*identity.Id defer span.End() var i identity.Identity - if err := p.GetConnection(ctx).EagerPreload("VerifiableAddresses", "RecoveryAddresses").Where("id = ? AND nid = ?", id, corp.ContextualizeNID(ctx, p.nid)).First(&i); err != nil { + if err := p.GetConnection(ctx).EagerPreload("VerifiableAddresses", "RecoveryAddresses").Where("id = ? AND nid = ?", id, p.NetworkID(ctx)).First(&i); err != nil { return nil, sqlcon.HandleError(err) } @@ -419,7 +417,7 @@ func (p *Persister) GetIdentityConfidential(ctx context.Context, id uuid.UUID) ( var i identity.Identity - nid := corp.ContextualizeNID(ctx, p.nid) + nid := p.NetworkID(ctx) if err := p.GetConnection(ctx).Where("id = ? AND nid = ?", id, nid).First(&i); err != nil { return nil, sqlcon.HandleError(err) } @@ -475,7 +473,7 @@ func (p *Persister) FindVerifiableAddressByValue(ctx context.Context, via identi defer span.End() var address identity.VerifiableAddress - if err := p.GetConnection(ctx).Where("nid = ? AND via = ? AND value = ?", corp.ContextualizeNID(ctx, p.nid), via, stringToLowerTrim(value)).First(&address); err != nil { + if err := p.GetConnection(ctx).Where("nid = ? AND via = ? AND value = ?", p.NetworkID(ctx), via, stringToLowerTrim(value)).First(&address); err != nil { return nil, sqlcon.HandleError(err) } @@ -487,7 +485,7 @@ func (p *Persister) FindRecoveryAddressByValue(ctx context.Context, via identity defer span.End() var address identity.RecoveryAddress - if err := p.GetConnection(ctx).Where("nid = ? AND via = ? AND value = ?", corp.ContextualizeNID(ctx, p.nid), via, stringToLowerTrim(value)).First(&address); err != nil { + if err := p.GetConnection(ctx).Where("nid = ? AND via = ? AND value = ?", p.NetworkID(ctx), via, stringToLowerTrim(value)).First(&address); err != nil { return nil, sqlcon.HandleError(err) } @@ -511,7 +509,7 @@ func (p *Persister) VerifyAddress(ctx context.Context, code string) error { identity.VerifiableAddressStatusCompleted, time.Now().UTC().Round(time.Second), newCode, - corp.ContextualizeNID(ctx, p.nid), + p.NetworkID(ctx), code, time.Now().UTC(), ).ExecWithCount() @@ -530,7 +528,7 @@ func (p *Persister) UpdateVerifiableAddress(ctx context.Context, address *identi ctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, "persistence.sql.UpdateVerifiableAddress") defer span.End() - address.NID = corp.ContextualizeNID(ctx, p.nid) + address.NID = p.NetworkID(ctx) address.Value = stringToLowerTrim(address.Value) return p.update(ctx, address) } @@ -562,6 +560,6 @@ func (p *Persister) injectTraitsSchemaURL(ctx context.Context, i *identity.Ident return errors.WithStack(herodot.ErrInternalServerError.WithReasonf( `The JSON Schema "%s" for this identity's traits could not be found.`, i.SchemaID)) } - i.SchemaURL = s.SchemaURL(p.r.Config(ctx).SelfPublicURL()).String() + i.SchemaURL = s.SchemaURL(p.r.Config().SelfPublicURL(ctx)).String() return nil } diff --git a/persistence/sql/persister_login.go b/persistence/sql/persister_login.go index 5ff446e51398..47c74f88fabd 100644 --- a/persistence/sql/persister_login.go +++ b/persistence/sql/persister_login.go @@ -5,8 +5,6 @@ import ( "fmt" "time" - "github.com/ory/kratos/corp" - "github.com/gobuffalo/pop/v6" "github.com/gofrs/uuid" @@ -22,7 +20,7 @@ func (p *Persister) CreateLoginFlow(ctx context.Context, r *login.Flow) error { ctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, "persistence.sql.CreateLoginFlow") defer span.End() - r.NID = corp.ContextualizeNID(ctx, p.nid) + r.NID = p.NetworkID(ctx) r.EnsureInternalContext() return p.GetConnection(ctx).Create(r) } @@ -33,7 +31,7 @@ func (p *Persister) UpdateLoginFlow(ctx context.Context, r *login.Flow) error { r.EnsureInternalContext() cp := *r - cp.NID = corp.ContextualizeNID(ctx, p.nid) + cp.NID = p.NetworkID(ctx) return p.update(ctx, cp) } @@ -44,7 +42,7 @@ func (p *Persister) GetLoginFlow(ctx context.Context, id uuid.UUID) (*login.Flow conn := p.GetConnection(ctx) var r login.Flow - if err := conn.Where("id = ? AND nid = ?", id, corp.ContextualizeNID(ctx, p.nid)).First(&r); err != nil { + if err := conn.Where("id = ? AND nid = ?", id, p.NetworkID(ctx)).First(&r); err != nil { return nil, sqlcon.HandleError(err) } @@ -75,7 +73,7 @@ func (p *Persister) DeleteExpiredLoginFlows(ctx context.Context, expiresAt time. limit, ), expiresAt, - corp.ContextualizeNID(ctx, p.nid), + p.NetworkID(ctx), ).Exec() if err != nil { return sqlcon.HandleError(err) diff --git a/persistence/sql/persister_recovery.go b/persistence/sql/persister_recovery.go index 1bb5b01e5a65..f4be646efc4a 100644 --- a/persistence/sql/persister_recovery.go +++ b/persistence/sql/persister_recovery.go @@ -9,7 +9,6 @@ import ( "github.com/gobuffalo/pop/v6" "github.com/gofrs/uuid" - "github.com/ory/kratos/corp" "github.com/ory/kratos/identity" "github.com/ory/kratos/selfservice/flow/recovery" "github.com/ory/kratos/selfservice/strategy/link" @@ -23,7 +22,7 @@ func (p *Persister) CreateRecoveryFlow(ctx context.Context, r *recovery.Flow) er ctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, "persistence.sql.CreateRecoveryFlow") defer span.End() - r.NID = corp.ContextualizeNID(ctx, p.nid) + r.NID = p.NetworkID(ctx) return p.GetConnection(ctx).Create(r) } @@ -32,7 +31,7 @@ func (p *Persister) GetRecoveryFlow(ctx context.Context, id uuid.UUID) (*recover defer span.End() var r recovery.Flow - if err := p.GetConnection(ctx).Where("id = ? AND nid = ?", id, corp.ContextualizeNID(ctx, p.nid)).First(&r); err != nil { + if err := p.GetConnection(ctx).Where("id = ? AND nid = ?", id, p.NetworkID(ctx)).First(&r); err != nil { return nil, sqlcon.HandleError(err) } @@ -44,7 +43,7 @@ func (p *Persister) UpdateRecoveryFlow(ctx context.Context, r *recovery.Flow) er defer span.End() cp := *r - cp.NID = corp.ContextualizeNID(ctx, p.nid) + cp.NID = p.NetworkID(ctx) return p.update(ctx, cp) } @@ -54,7 +53,7 @@ func (p *Persister) CreateRecoveryToken(ctx context.Context, token *link.Recover t := token.Token token.Token = p.hmacValue(ctx, t) - token.NID = corp.ContextualizeNID(ctx, p.nid) + token.NID = p.NetworkID(ctx) // This should not create the request eagerly because otherwise we might accidentally create an address that isn't // supposed to be in the database. @@ -72,9 +71,9 @@ func (p *Persister) UseRecoveryToken(ctx context.Context, token string) (*link.R var rt link.RecoveryToken - nid := corp.ContextualizeNID(ctx, p.nid) + nid := p.NetworkID(ctx) if err := sqlcon.HandleError(p.Transaction(ctx, func(ctx context.Context, tx *pop.Connection) (err error) { - for _, secret := range p.r.Config(ctx).SecretsSession() { + for _, secret := range p.r.Config().SecretsSession(ctx) { if err = tx.Where("token = ? AND nid = ? AND NOT used", p.hmacValueWithSecret(ctx, token, secret), nid).First(&rt); err != nil { if !errors.Is(sqlcon.HandleError(err), sqlcon.ErrNoRows) { return err @@ -109,7 +108,7 @@ func (p *Persister) DeleteRecoveryToken(ctx context.Context, token string) error defer span.End() /* #nosec G201 TableName is static */ - return p.GetConnection(ctx).RawQuery(fmt.Sprintf("DELETE FROM %s WHERE token=? AND nid = ?", new(link.RecoveryToken).TableName(ctx)), token, corp.ContextualizeNID(ctx, p.nid)).Exec() + return p.GetConnection(ctx).RawQuery(fmt.Sprintf("DELETE FROM %s WHERE token=? AND nid = ?", new(link.RecoveryToken).TableName(ctx)), token, p.NetworkID(ctx)).Exec() } func (p *Persister) DeleteExpiredRecoveryFlows(ctx context.Context, expiresAt time.Time, limit int) error { @@ -121,7 +120,7 @@ func (p *Persister) DeleteExpiredRecoveryFlows(ctx context.Context, expiresAt ti limit, ), expiresAt, - corp.ContextualizeNID(ctx, p.nid), + p.NetworkID(ctx), ).Exec() if err != nil { return sqlcon.HandleError(err) diff --git a/persistence/sql/persister_registration.go b/persistence/sql/persister_registration.go index 6b242fabddce..d504c2f7e914 100644 --- a/persistence/sql/persister_registration.go +++ b/persistence/sql/persister_registration.go @@ -5,8 +5,6 @@ import ( "fmt" "time" - "github.com/ory/kratos/corp" - "github.com/gofrs/uuid" "github.com/ory/x/sqlcon" @@ -18,7 +16,7 @@ func (p *Persister) CreateRegistrationFlow(ctx context.Context, r *registration. ctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, "persistence.sql.CreateRegistrationFlow") defer span.End() - r.NID = corp.ContextualizeNID(ctx, p.nid) + r.NID = p.NetworkID(ctx) r.EnsureInternalContext() return p.GetConnection(ctx).Create(r) } @@ -29,7 +27,7 @@ func (p *Persister) UpdateRegistrationFlow(ctx context.Context, r *registration. r.EnsureInternalContext() cp := *r - cp.NID = corp.ContextualizeNID(ctx, p.nid) + cp.NID = p.NetworkID(ctx) return p.update(ctx, cp) } @@ -39,7 +37,7 @@ func (p *Persister) GetRegistrationFlow(ctx context.Context, id uuid.UUID) (*reg var r registration.Flow if err := p.GetConnection(ctx).Where("id = ? AND nid = ?", - id, corp.ContextualizeNID(ctx, p.nid)).First(&r); err != nil { + id, p.NetworkID(ctx)).First(&r); err != nil { return nil, sqlcon.HandleError(err) } @@ -55,7 +53,7 @@ func (p *Persister) DeleteExpiredRegistrationFlows(ctx context.Context, expiresA limit, ), expiresAt, - corp.ContextualizeNID(ctx, p.nid), + p.NetworkID(ctx), ).Exec() if err != nil { return sqlcon.HandleError(err) diff --git a/persistence/sql/persister_session.go b/persistence/sql/persister_session.go index 2c036d2ab6d9..b37c2562cadb 100644 --- a/persistence/sql/persister_session.go +++ b/persistence/sql/persister_session.go @@ -10,8 +10,6 @@ import ( "github.com/pkg/errors" - "github.com/ory/kratos/corp" - "github.com/gofrs/uuid" "github.com/ory/x/sqlcon" @@ -26,7 +24,7 @@ func (p *Persister) GetSession(ctx context.Context, sid uuid.UUID) (*session.Ses defer span.End() var s session.Session - nid := corp.ContextualizeNID(ctx, p.nid) + nid := p.NetworkID(ctx) if err := p.GetConnection(ctx).Where("id = ? AND nid = ?", sid, nid).First(&s); err != nil { return nil, sqlcon.HandleError(err) } @@ -48,7 +46,7 @@ func (p *Persister) ListSessionsByIdentity(ctx context.Context, iID uuid.UUID, a defer span.End() s := make([]*session.Session, 0) - nid := corp.ContextualizeNID(ctx, p.nid) + nid := p.NetworkID(ctx) if err := p.Transaction(ctx, func(ctx context.Context, c *pop.Connection) error { q := c.Where("identity_id = ? AND nid = ?", iID, nid).Paginate(page, perPage) @@ -82,7 +80,7 @@ func (p *Persister) UpsertSession(ctx context.Context, s *session.Session) error ctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, "persistence.sql.UpsertSession") defer span.End() - s.NID = corp.ContextualizeNID(ctx, p.nid) + s.NID = p.NetworkID(ctx) if err := p.Connection(ctx).Find(new(session.Session), s.ID); errors.Is(err, sql.ErrNoRows) { // This must not be eager or identities will be created / updated @@ -109,10 +107,10 @@ func (p *Persister) DeleteSessionsByIdentity(ctx context.Context, identityID uui // #nosec G201 count, err := p.GetConnection(ctx).RawQuery(fmt.Sprintf( "DELETE FROM %s WHERE identity_id = ? AND nid = ?", - corp.ContextualizeTableName(ctx, "sessions"), + "sessions", ), identityID, - corp.ContextualizeNID(ctx, p.nid), + p.NetworkID(ctx), ).ExecWithCount() if err != nil { return sqlcon.HandleError(err) @@ -130,7 +128,7 @@ func (p *Persister) GetSessionByToken(ctx context.Context, token string) (*sessi var s session.Session if err := p.GetConnection(ctx).Where("token = ? AND nid = ?", token, - corp.ContextualizeNID(ctx, p.nid), + p.NetworkID(ctx), ).First(&s); err != nil { return nil, sqlcon.HandleError(err) } @@ -152,10 +150,10 @@ func (p *Persister) DeleteSessionByToken(ctx context.Context, token string) erro // #nosec G201 count, err := p.GetConnection(ctx).RawQuery(fmt.Sprintf( "DELETE FROM %s WHERE token = ? AND nid = ?", - corp.ContextualizeTableName(ctx, "sessions"), + "sessions", ), token, - corp.ContextualizeNID(ctx, p.nid), + p.NetworkID(ctx), ).ExecWithCount() if err != nil { return sqlcon.HandleError(err) @@ -173,10 +171,10 @@ func (p *Persister) RevokeSessionByToken(ctx context.Context, token string) erro // #nosec G201 count, err := p.GetConnection(ctx).RawQuery(fmt.Sprintf( "UPDATE %s SET active = false WHERE token = ? AND nid = ?", - corp.ContextualizeTableName(ctx, "sessions"), + "sessions", ), token, - corp.ContextualizeNID(ctx, p.nid), + p.NetworkID(ctx), ).ExecWithCount() if err != nil { return sqlcon.HandleError(err) @@ -196,11 +194,11 @@ func (p *Persister) RevokeSession(ctx context.Context, iID, sID uuid.UUID) error // #nosec G201 err := p.GetConnection(ctx).RawQuery(fmt.Sprintf( "UPDATE %s SET active = false WHERE id = ? AND identity_id = ? AND nid = ?", - corp.ContextualizeTableName(ctx, "sessions"), + "sessions", ), sID, iID, - corp.ContextualizeNID(ctx, p.nid), + p.NetworkID(ctx), ).Exec() if err != nil { return sqlcon.HandleError(err) @@ -216,11 +214,11 @@ func (p *Persister) RevokeSessionsIdentityExcept(ctx context.Context, iID, sID u // #nosec G201 count, err := p.GetConnection(ctx).RawQuery(fmt.Sprintf( "UPDATE %s SET active = false WHERE identity_id = ? AND id != ? AND nid = ?", - corp.ContextualizeTableName(ctx, "sessions"), + "sessions", ), iID, sID, - corp.ContextualizeNID(ctx, p.nid), + p.NetworkID(ctx), ).ExecWithCount() if err != nil { return 0, sqlcon.HandleError(err) @@ -231,12 +229,12 @@ func (p *Persister) RevokeSessionsIdentityExcept(ctx context.Context, iID, sID u func (p *Persister) DeleteExpiredSessions(ctx context.Context, expiresAt time.Time, limit int) error { err := p.GetConnection(ctx).RawQuery(fmt.Sprintf( "DELETE FROM %s WHERE id in (SELECT id FROM (SELECT id FROM %s c WHERE expires_at <= ? and nid = ? ORDER BY expires_at ASC LIMIT %d ) AS s )", - corp.ContextualizeTableName(ctx, "sessions"), - corp.ContextualizeTableName(ctx, "sessions"), + "sessions", + "sessions", limit, ), expiresAt, - corp.ContextualizeNID(ctx, p.nid), + p.NetworkID(ctx), ).Exec() if err != nil { return sqlcon.HandleError(err) diff --git a/persistence/sql/persister_settings.go b/persistence/sql/persister_settings.go index 294ccde391a2..ac035e551261 100644 --- a/persistence/sql/persister_settings.go +++ b/persistence/sql/persister_settings.go @@ -7,8 +7,6 @@ import ( "github.com/gofrs/uuid" - "github.com/ory/kratos/corp" - "github.com/ory/x/sqlcon" "github.com/ory/kratos/selfservice/flow/settings" @@ -20,7 +18,7 @@ func (p *Persister) CreateSettingsFlow(ctx context.Context, r *settings.Flow) er ctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, "persistence.sql.CreateSettingsFlow") defer span.End() - r.NID = corp.ContextualizeNID(ctx, p.nid) + r.NID = p.NetworkID(ctx) r.EnsureInternalContext() return sqlcon.HandleError(p.GetConnection(ctx).Create(r)) } @@ -31,7 +29,7 @@ func (p *Persister) GetSettingsFlow(ctx context.Context, id uuid.UUID) (*setting var r settings.Flow - err := p.GetConnection(ctx).Where("id = ? AND nid = ?", id, corp.ContextualizeNID(ctx, p.nid)).First(&r) + err := p.GetConnection(ctx).Where("id = ? AND nid = ?", id, p.NetworkID(ctx)).First(&r) if err != nil { return nil, sqlcon.HandleError(err) } @@ -50,7 +48,7 @@ func (p *Persister) UpdateSettingsFlow(ctx context.Context, r *settings.Flow) er r.EnsureInternalContext() cp := *r - cp.NID = corp.ContextualizeNID(ctx, p.nid) + cp.NID = p.NetworkID(ctx) return p.update(ctx, cp) } @@ -63,7 +61,7 @@ func (p *Persister) DeleteExpiredSettingsFlows(ctx context.Context, expiresAt ti limit, ), expiresAt, - corp.ContextualizeNID(ctx, p.nid), + p.NetworkID(ctx), ).Exec() if err != nil { return sqlcon.HandleError(err) diff --git a/persistence/sql/persister_test.go b/persistence/sql/persister_test.go index 4873724482b9..0474a6b7324f 100644 --- a/persistence/sql/persister_test.go +++ b/persistence/sql/persister_test.go @@ -170,9 +170,9 @@ func TestPersister(t *testing.T) { t.Parallel() _, p := testhelpers.NewNetwork(t, ctx, reg.Persister()) - conf := reg.Config(context.Background()) + conf := reg.Config() - t.Logf("DSN: %s", conf.DSN()) + t.Logf("DSN: %s", conf.DSN(ctx)) // This test must remain the first test in the test suite! t.Run("racy identity creation", func(t *testing.T) { @@ -183,7 +183,7 @@ func TestPersister(t *testing.T) { } var wg sync.WaitGroup - testhelpers.SetDefaultIdentitySchema(reg.Config(context.Background()), defaultSchema.RawURL) + testhelpers.SetDefaultIdentitySchema(reg.Config(), defaultSchema.RawURL) _, ps := testhelpers.NewNetwork(t, ctx, reg.Persister()) for i := 0; i < 10; i++ { diff --git a/persistence/sql/persister_verification.go b/persistence/sql/persister_verification.go index 5567d8e801de..77a0e22e2b50 100644 --- a/persistence/sql/persister_verification.go +++ b/persistence/sql/persister_verification.go @@ -6,7 +6,6 @@ import ( "fmt" "time" - "github.com/ory/kratos/corp" "github.com/ory/kratos/identity" "github.com/gobuffalo/pop/v6" @@ -24,7 +23,7 @@ func (p *Persister) CreateVerificationFlow(ctx context.Context, r *verification. ctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, "persistence.sql.CreateVerificationFlow") defer span.End() - r.NID = corp.ContextualizeNID(ctx, p.nid) + r.NID = p.NetworkID(ctx) // This should not create the request eagerly because otherwise we might accidentally create an address // that isn't supposed to be in the database. return p.GetConnection(ctx).Create(r) @@ -35,7 +34,7 @@ func (p *Persister) GetVerificationFlow(ctx context.Context, id uuid.UUID) (*ver defer span.End() var r verification.Flow - if err := p.GetConnection(ctx).Where("id = ? AND nid = ?", id, corp.ContextualizeNID(ctx, p.nid)).First(&r); err != nil { + if err := p.GetConnection(ctx).Where("id = ? AND nid = ?", id, p.NetworkID(ctx)).First(&r); err != nil { return nil, sqlcon.HandleError(err) } @@ -47,7 +46,7 @@ func (p *Persister) UpdateVerificationFlow(ctx context.Context, r *verification. defer span.End() cp := *r - cp.NID = corp.ContextualizeNID(ctx, p.nid) + cp.NID = p.NetworkID(ctx) return p.update(ctx, cp) } @@ -57,7 +56,7 @@ func (p *Persister) CreateVerificationToken(ctx context.Context, token *link.Ver t := token.Token token.Token = p.hmacValue(ctx, t) - token.NID = corp.ContextualizeNID(ctx, p.nid) + token.NID = p.NetworkID(ctx) // This should not create the request eagerly because otherwise we might accidentally create an address that isn't // supposed to be in the database. @@ -74,9 +73,9 @@ func (p *Persister) UseVerificationToken(ctx context.Context, token string) (*li var rt link.VerificationToken - nid := corp.ContextualizeNID(ctx, p.nid) + nid := p.NetworkID(ctx) if err := sqlcon.HandleError(p.Transaction(ctx, func(ctx context.Context, tx *pop.Connection) (err error) { - for _, secret := range p.r.Config(ctx).SecretsSession() { + for _, secret := range p.r.Config().SecretsSession(ctx) { if err = tx.Where("token = ? AND nid = ? AND NOT used", p.hmacValueWithSecret(ctx, token, secret), nid).First(&rt); err != nil { if !errors.Is(sqlcon.HandleError(err), sqlcon.ErrNoRows) { return err @@ -109,7 +108,7 @@ func (p *Persister) DeleteVerificationToken(ctx context.Context, token string) e ctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, "persistence.sql.DeleteVerificationToken") defer span.End() - nid := corp.ContextualizeNID(ctx, p.nid) + nid := p.NetworkID(ctx) /* #nosec G201 TableName is static */ return p.GetConnection(ctx).RawQuery(fmt.Sprintf("DELETE FROM %s WHERE token=? AND nid = ?", new(link.VerificationToken).TableName(ctx)), token, nid).Exec() } @@ -123,7 +122,7 @@ func (p *Persister) DeleteExpiredVerificationFlows(ctx context.Context, expiresA limit, ), expiresAt, - corp.ContextualizeNID(ctx, p.nid), + p.NetworkID(ctx), ).Exec() if err != nil { return sqlcon.HandleError(err) diff --git a/schema/handler.go b/schema/handler.go index 8ebe3c6fbac2..ac06096a82d3 100644 --- a/schema/handler.go +++ b/schema/handler.go @@ -188,7 +188,7 @@ func (h *Handler) getAll(w http.ResponseWriter, r *http.Request, ps httprouter.P }) } - x.PaginationHeader(w, urlx.AppendPaths(h.r.Config(r.Context()).SelfPublicURL(), fmt.Sprintf("/%s", SchemasPath)), int64(total), page, itemsPerPage) + x.PaginationHeader(w, urlx.AppendPaths(h.r.Config().SelfPublicURL(r.Context()), fmt.Sprintf("/%s", SchemasPath)), int64(total), page, itemsPerPage) h.r.Writer().Write(w, r, ss) } diff --git a/schema/handler_test.go b/schema/handler_test.go index 2e746bceef19..d5951a8e887a 100644 --- a/schema/handler_test.go +++ b/schema/handler_test.go @@ -1,6 +1,7 @@ package schema_test import ( + "context" "encoding/base64" "encoding/json" "fmt" @@ -24,6 +25,7 @@ import ( ) func TestHandler(t *testing.T) { + ctx := context.Background() conf, reg := internal.NewFastRegistryWithMocks(t) router := x.NewRouterPublic() reg.SchemaHandler().RegisterPublicRoutes(router) @@ -117,11 +119,11 @@ func TestHandler(t *testing.T) { URL: s.RawURL, }) } - conf.MustSet(config.ViperKeyIdentitySchemas, schemasConfig) + conf.MustSet(ctx, config.ViperKeyIdentitySchemas, schemasConfig) } - conf.MustSet(config.ViperKeyPublicBaseURL, ts.URL) - conf.MustSet(config.ViperKeyDefaultIdentitySchemaID, config.DefaultIdentityTraitsSchemaID) + conf.MustSet(ctx, config.ViperKeyPublicBaseURL, ts.URL) + conf.MustSet(ctx, config.ViperKeyDefaultIdentitySchemaID, config.DefaultIdentityTraitsSchemaID) setSchemas(schemas) t.Run("case=get default schema", func(t *testing.T) { diff --git a/selfservice/errorx/error.go b/selfservice/errorx/error.go index 5bdace159757..3be943418499 100644 --- a/selfservice/errorx/error.go +++ b/selfservice/errorx/error.go @@ -6,8 +6,6 @@ import ( "encoding/json" "time" - "github.com/ory/kratos/corp" - "github.com/gofrs/uuid" ) @@ -34,5 +32,5 @@ type ErrorContainer struct { } func (e ErrorContainer) TableName(ctx context.Context) string { - return corp.ContextualizeTableName(ctx, "selfservice_errors") + return "selfservice_errors" } diff --git a/selfservice/errorx/manager.go b/selfservice/errorx/manager.go index 26778c23c4c9..498db3963778 100644 --- a/selfservice/errorx/manager.go +++ b/selfservice/errorx/manager.go @@ -47,7 +47,7 @@ func (m *Manager) Create(ctx context.Context, w http.ResponseWriter, r *http.Req q := url.Values{} q.Set("id", id.String()) - return urlx.CopyWithQuery(m.d.Config(ctx).SelfServiceFlowErrorURL(), q).String(), nil + return urlx.CopyWithQuery(m.d.Config().SelfServiceFlowErrorURL(ctx), q).String(), nil } // Forward is a simple helper that saves all errors in the store and forwards the HTTP Request diff --git a/selfservice/flow/error.go b/selfservice/flow/error.go index 970efec6be01..650a8bdc7b75 100644 --- a/selfservice/flow/error.go +++ b/selfservice/flow/error.go @@ -1,6 +1,7 @@ package flow import ( + "context" "fmt" "net/http" "net/url" @@ -116,8 +117,8 @@ func HandleHookError(_ http.ResponseWriter, r *http.Request, f Flow, traits iden return flowError } -func GetFlowExpiredRedirectURL(config *config.Config, route, returnTo string) *url.URL { - redirectURL := urlx.AppendPaths(config.SelfPublicURL(), route) +func GetFlowExpiredRedirectURL(ctx context.Context, config *config.Config, route, returnTo string) *url.URL { + redirectURL := urlx.AppendPaths(config.SelfPublicURL(ctx), route) if returnTo != "" { redirectURL = urlx.CopyWithQuery(redirectURL, url.Values{"return_to": {returnTo}}) } diff --git a/selfservice/flow/login/error.go b/selfservice/flow/login/error.go index eb7562986e58..e14848eab56a 100644 --- a/selfservice/flow/login/error.go +++ b/selfservice/flow/login/error.go @@ -89,7 +89,7 @@ func (s *ErrorHandler) WriteFlowError(w http.ResponseWriter, r *http.Request, f if f.Type == flow.TypeAPI || x.IsJSONRequest(r) { s.d.Writer().WriteError(w, r, expired) } else { - http.Redirect(w, r, expired.GetFlow().AppendTo(s.d.Config(r.Context()).SelfServiceFlowLoginUI()).String(), http.StatusSeeOther) + http.Redirect(w, r, expired.GetFlow().AppendTo(s.d.Config().SelfServiceFlowLoginUI(r.Context())).String(), http.StatusSeeOther) } return } @@ -111,7 +111,7 @@ func (s *ErrorHandler) WriteFlowError(w http.ResponseWriter, r *http.Request, f } if f.Type == flow.TypeBrowser && !x.IsJSONRequest(r) { - http.Redirect(w, r, f.AppendTo(s.d.Config(r.Context()).SelfServiceFlowLoginUI()).String(), http.StatusSeeOther) + http.Redirect(w, r, f.AppendTo(s.d.Config().SelfServiceFlowLoginUI(r.Context())).String(), http.StatusSeeOther) return } diff --git a/selfservice/flow/login/error_test.go b/selfservice/flow/login/error_test.go index 6f66b733dd5c..da11f6caaa44 100644 --- a/selfservice/flow/login/error_test.go +++ b/selfservice/flow/login/error_test.go @@ -36,6 +36,7 @@ import ( ) func TestHandleError(t *testing.T) { + ctx := context.Background() conf, reg := internal.NewFastRegistryWithMocks(t) public, _ := testhelpers.NewKratosServer(t, reg) @@ -79,7 +80,7 @@ func TestHandleError(t *testing.T) { res, err := ts.Client().Get(ts.URL + "/error") require.NoError(t, err) defer res.Body.Close() - require.Contains(t, res.Request.URL.String(), conf.SelfServiceFlowErrorURL().String()+"?id=") + require.Contains(t, res.Request.URL.String(), conf.SelfServiceFlowErrorURL(ctx).String()+"?id=") sse, _, err := sdk.V0alpha2Api.GetSelfServiceError(context.Background()).Id(res.Request.URL.Query().Get("id")).Execute() require.NoError(t, err) @@ -101,7 +102,7 @@ func TestHandleError(t *testing.T) { t.Run("case=relative error", func(t *testing.T) { t.Cleanup(reset) - reg.Config(context.Background()).MustSet(config.ViperKeySelfServiceErrorUI, "/login-ts") + reg.Config().MustSet(ctx, config.ViperKeySelfServiceErrorUI, "/login-ts") flowError = herodot.ErrInternalServerError.WithReason("system error") ct = node.PasswordGroup assert.Regexp( @@ -122,7 +123,7 @@ func TestHandleError(t *testing.T) { require.NoError(t, err) defer res.Body.Close() assert.Contains(t, res.Header.Get("Content-Type"), "application/json") - assert.NotContains(t, res.Request.URL.String(), conf.SelfServiceFlowErrorURL().String()+"?id=") + assert.NotContains(t, res.Request.URL.String(), conf.SelfServiceFlowErrorURL(ctx).String()+"?id=") body, err := io.ReadAll(res.Body) require.NoError(t, err) @@ -198,7 +199,7 @@ func TestHandleError(t *testing.T) { res, err := http.DefaultClient.Get(ts.URL + "/error") require.NoError(t, err) defer res.Body.Close() - assert.Contains(t, res.Request.URL.String(), conf.SelfServiceFlowLoginUI().String()+"?flow=") + assert.Contains(t, res.Request.URL.String(), conf.SelfServiceFlowLoginUI(ctx).String()+"?flow=") lf, err := reg.LoginFlowPersister().GetLoginFlow(context.Background(), uuid.FromStringOrNil(res.Request.URL.Query().Get("flow"))) require.NoError(t, err) diff --git a/selfservice/flow/login/flow.go b/selfservice/flow/login/flow.go index 667cbca7130d..b25e16e9fc71 100644 --- a/selfservice/flow/login/flow.go +++ b/selfservice/flow/login/flow.go @@ -21,8 +21,6 @@ import ( "github.com/ory/kratos/ui/container" - "github.com/ory/kratos/corp" - "github.com/gofrs/uuid" "github.com/pkg/errors" @@ -112,10 +110,10 @@ func NewFlow(conf *config.Config, exp time.Duration, csrf string, r *http.Reques // Pre-validate the return to URL which is contained in the HTTP request. _, err := x.SecureRedirectTo(r, - conf.SelfServiceBrowserDefaultReturnTo(), + conf.SelfServiceBrowserDefaultReturnTo(r.Context()), x.SecureRedirectUseSourceURL(requestURL), - x.SecureRedirectAllowURLs(conf.SelfServiceBrowserAllowedReturnToDomains()), - x.SecureRedirectAllowSelfServiceURLs(conf.SelfPublicURL()), + x.SecureRedirectAllowURLs(conf.SelfServiceBrowserAllowedReturnToDomains(r.Context())), + x.SecureRedirectAllowSelfServiceURLs(conf.SelfPublicURL(r.Context())), ) if err != nil { return nil, err @@ -127,7 +125,7 @@ func NewFlow(conf *config.Config, exp time.Duration, csrf string, r *http.Reques IssuedAt: now, UI: &container.Container{ Method: "POST", - Action: flow.AppendFlowTo(urlx.AppendPaths(conf.SelfPublicURL(), RouteSubmitFlow), id).String(), + Action: flow.AppendFlowTo(urlx.AppendPaths(conf.SelfPublicURL(r.Context()), RouteSubmitFlow), id).String(), }, RequestURL: requestURL, CSRFToken: csrf, @@ -149,7 +147,7 @@ func (f *Flow) GetRequestURL() string { } func (f Flow) TableName(ctx context.Context) string { - return corp.ContextualizeTableName(ctx, "selfservice_login_flows") + return "selfservice_login_flows" } func (f Flow) WhereID(ctx context.Context, alias string) string { diff --git a/selfservice/flow/login/flow_test.go b/selfservice/flow/login/flow_test.go index d82a2b508bac..5a47a2167a10 100644 --- a/selfservice/flow/login/flow_test.go +++ b/selfservice/flow/login/flow_test.go @@ -1,6 +1,7 @@ package login_test import ( + "context" "crypto/tls" "fmt" "net/http" @@ -42,6 +43,7 @@ func TestFakeFlow(t *testing.T) { } func TestNewFlow(t *testing.T) { + ctx := context.Background() conf, _ := internal.NewFastRegistryWithMocks(t) t.Run("type=aal", func(t *testing.T) { @@ -60,7 +62,7 @@ func TestNewFlow(t *testing.T) { _, err := login.NewFlow(conf, 0, "csrf", &http.Request{URL: &url.URL{Path: "/", RawQuery: "return_to=https://not-allowed/foobar"}, Host: "ory.sh"}, flow.TypeBrowser) require.Error(t, err) - _, err = login.NewFlow(conf, 0, "csrf", &http.Request{URL: &url.URL{Path: "/", RawQuery: "return_to=" + urlx.AppendPaths(conf.SelfPublicURL(), "/self-service/login/browser").String()}, Host: "ory.sh"}, flow.TypeBrowser) + _, err = login.NewFlow(conf, 0, "csrf", &http.Request{URL: &url.URL{Path: "/", RawQuery: "return_to=" + urlx.AppendPaths(conf.SelfPublicURL(ctx), "/self-service/login/browser").String()}, Host: "ory.sh"}, flow.TypeBrowser) require.NoError(t, err) }) diff --git a/selfservice/flow/login/handler.go b/selfservice/flow/login/handler.go index f70964032dfe..5c98a6a98598 100644 --- a/selfservice/flow/login/handler.go +++ b/selfservice/flow/login/handler.go @@ -95,8 +95,8 @@ func WithFlowReturnTo(returnTo string) FlowOption { } func (h *Handler) NewLoginFlow(w http.ResponseWriter, r *http.Request, ft flow.Type, opts ...FlowOption) (*Flow, error) { - conf := h.d.Config(r.Context()) - f, err := NewFlow(conf, conf.SelfServiceFlowLoginRequestLifespan(), h.d.GenerateCSRFToken(r), r, ft) + conf := h.d.Config() + f, err := NewFlow(conf, conf.SelfServiceFlowLoginRequestLifespan(r.Context()), h.d.GenerateCSRFToken(r), r, ft) if err != nil { return nil, err } @@ -341,9 +341,9 @@ type initializeSelfServiceLoginFlowForBrowsers struct { func (h *Handler) initBrowserFlow(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { a, err := h.NewLoginFlow(w, r, flow.TypeBrowser) if errors.Is(err, ErrAlreadyLoggedIn) { - returnTo, redirErr := x.SecureRedirectTo(r, h.d.Config(r.Context()).SelfServiceBrowserDefaultReturnTo(), - x.SecureRedirectAllowSelfServiceURLs(h.d.Config(r.Context()).SelfPublicURL()), - x.SecureRedirectAllowURLs(h.d.Config(r.Context()).SelfServiceBrowserAllowedReturnToDomains()), + returnTo, redirErr := x.SecureRedirectTo(r, h.d.Config().SelfServiceBrowserDefaultReturnTo(r.Context()), + x.SecureRedirectAllowSelfServiceURLs(h.d.Config().SelfPublicURL(r.Context())), + x.SecureRedirectAllowURLs(h.d.Config().SelfServiceBrowserAllowedReturnToDomains(r.Context())), ) if redirErr != nil { h.d.SelfServiceErrorManager().Forward(r.Context(), w, r, redirErr) @@ -357,7 +357,7 @@ func (h *Handler) initBrowserFlow(w http.ResponseWriter, r *http.Request, ps htt return } - x.AcceptToRedirectOrJSON(w, r, h.d.Writer(), a, a.AppendTo(h.d.Config(r.Context()).SelfServiceFlowLoginUI()).String()) + x.AcceptToRedirectOrJSON(w, r, h.d.Writer(), a, a.AppendTo(h.d.Config().SelfServiceFlowLoginUI(r.Context())).String()) } // nolint:deadcode,unused @@ -438,7 +438,7 @@ func (h *Handler) fetchFlow(w http.ResponseWriter, r *http.Request, _ httprouter if ar.ExpiresAt.Before(time.Now()) { if ar.Type == flow.TypeBrowser { - redirectURL := flow.GetFlowExpiredRedirectURL(h.d.Config(r.Context()), RouteInitBrowserFlow, ar.ReturnTo) + redirectURL := flow.GetFlowExpiredRedirectURL(r.Context(), h.d.Config(), RouteInitBrowserFlow, ar.ReturnTo) h.d.Writer().WriteError(w, r, errors.WithStack(x.ErrGone.WithID(text.ErrIDSelfServiceFlowExpired). WithReason("The login flow has expired. Redirect the user to the login flow init endpoint to initialize a new login flow."). @@ -448,7 +448,7 @@ func (h *Handler) fetchFlow(w http.ResponseWriter, r *http.Request, _ httprouter } h.d.Writer().WriteError(w, r, errors.WithStack(x.ErrGone.WithID(text.ErrIDSelfServiceFlowExpired). WithReason("The login flow has expired. Call the login flow init API endpoint to initialize a new login flow."). - WithDetail("api", urlx.AppendPaths(h.d.Config(r.Context()).SelfPublicURL(), RouteInitAPIFlow).String()))) + WithDetail("api", urlx.AppendPaths(h.d.Config().SelfPublicURL(r.Context()), RouteInitAPIFlow).String()))) return } @@ -578,7 +578,7 @@ func (h *Handler) submitFlow(w http.ResponseWriter, r *http.Request, _ httproute return } - http.Redirect(w, r, h.d.Config(r.Context()).SelfServiceBrowserDefaultReturnTo().String(), http.StatusSeeOther) + http.Redirect(w, r, h.d.Config().SelfServiceBrowserDefaultReturnTo(r.Context()).String(), http.StatusSeeOther) return } else if e := new(session.ErrNoActiveSessionFound); errors.As(err, &e) { // Only failure scenario here is if we try to upgrade the session to a higher AAL without actually diff --git a/selfservice/flow/login/handler_test.go b/selfservice/flow/login/handler_test.go index c1f9c95731c7..b212dd58245a 100644 --- a/selfservice/flow/login/handler_test.go +++ b/selfservice/flow/login/handler_test.go @@ -42,13 +42,14 @@ func init() { } func TestFlowLifecycle(t *testing.T) { + ctx := context.Background() conf, reg := internal.NewFastRegistryWithMocks(t) router := x.NewRouterPublic() ts, _ := testhelpers.NewKratosServerWithRouters(t, reg, router, x.NewRouterAdmin()) loginTS := testhelpers.NewLoginUIFlowEchoServer(t, reg) errorTS := testhelpers.NewErrorTestServer(t, reg) - conf.MustSet(config.ViperKeySelfServiceBrowserDefaultReturnTo, "https://www.ory.sh") + conf.MustSet(ctx, config.ViperKeySelfServiceBrowserDefaultReturnTo, "https://www.ory.sh") testhelpers.SetDefaultIdentitySchema(conf, "file://./stub/password.schema.json") assertion := func(body []byte, isForced, isApi bool) { @@ -174,7 +175,7 @@ func TestFlowLifecycle(t *testing.T) { t.Run("case=reset the session when refresh is true but identity is different", func(t *testing.T) { testhelpers.NewRedirSessionEchoTS(t, reg) t.Cleanup(func() { - conf.MustSet(config.ViperKeySelfServiceBrowserDefaultReturnTo, "https://www.ory.sh") + conf.MustSet(ctx, config.ViperKeySelfServiceBrowserDefaultReturnTo, "https://www.ory.sh") }) run := func(t *testing.T, tt flow.Type) (string, string) { @@ -261,9 +262,9 @@ func TestFlowLifecycle(t *testing.T) { }) t.Run("case=should return an error because the request is expired", func(t *testing.T) { - conf.MustSet(config.ViperKeySelfServiceLoginRequestLifespan, "50ms") + conf.MustSet(ctx, config.ViperKeySelfServiceLoginRequestLifespan, "50ms") t.Cleanup(func() { - conf.MustSet(config.ViperKeySelfServiceLoginRequestLifespan, "10m") + conf.MustSet(ctx, config.ViperKeySelfServiceLoginRequestLifespan, "10m") }) expired := time.Now().Add(-time.Minute) @@ -484,7 +485,7 @@ func TestFlowLifecycle(t *testing.T) { }) t.Run("case=relative redirect when self-service login ui is a relative URL", func(t *testing.T) { - reg.Config(context.Background()).MustSet(config.ViperKeySelfServiceLoginUI, "/login-ts") + reg.Config().MustSet(ctx, config.ViperKeySelfServiceLoginUI, "/login-ts") assert.Regexp( t, "^/login-ts.*$", @@ -495,6 +496,7 @@ func TestFlowLifecycle(t *testing.T) { } func TestGetFlow(t *testing.T) { + ctx := context.Background() conf, reg := internal.NewFastRegistryWithMocks(t) public, _ := testhelpers.NewKratosServerWithCSRF(t, reg) _ = testhelpers.NewErrorTestServer(t, reg) @@ -506,14 +508,14 @@ func TestGetFlow(t *testing.T) { _, err := w.Write(x.EasyGetBody(t, c, public.URL+login.RouteGetFlow+"?id="+r.URL.Query().Get("flow"))) require.NoError(t, err) })) - conf.MustSet(config.ViperKeySelfServiceLoginUI, ts.URL) - conf.MustSet(config.ViperKeySelfServiceBrowserDefaultReturnTo, "https://www.ory.sh") + conf.MustSet(ctx, config.ViperKeySelfServiceLoginUI, ts.URL) + conf.MustSet(ctx, config.ViperKeySelfServiceBrowserDefaultReturnTo, "https://www.ory.sh") t.Cleanup(ts.Close) return ts } _ = testhelpers.NewLoginUIFlowEchoServer(t, reg) - conf.MustSet(config.ViperKeySelfServiceStrategyConfig+"."+string(identity.CredentialsTypePassword), map[string]interface{}{ + conf.MustSet(ctx, config.ViperKeySelfServiceStrategyConfig+"."+string(identity.CredentialsTypePassword), map[string]interface{}{ "enabled": true}) t.Run("case=fetching successful", func(t *testing.T) { @@ -555,7 +557,7 @@ func TestGetFlow(t *testing.T) { t.Run("case=expired with return_to", func(t *testing.T) { returnTo := "https://www.ory.sh" - conf.MustSet(config.ViperKeyURLsAllowedReturnToDomains, []string{returnTo}) + conf.MustSet(ctx, config.ViperKeyURLsAllowedReturnToDomains, []string{returnTo}) client := testhelpers.NewClientWithCookies(t) setupLoginUI(t, client) diff --git a/selfservice/flow/login/hook.go b/selfservice/flow/login/hook.go index 803d39d4b38f..3893fc070327 100644 --- a/selfservice/flow/login/hook.go +++ b/selfservice/flow/login/hook.go @@ -65,7 +65,7 @@ func NewHookExecutor(d executorDependencies) *HookExecutor { func (e *HookExecutor) requiresAAL2(r *http.Request, s *session.Session, a *Flow) (*session.ErrAALNotSatisfied, bool) { var aalErr *session.ErrAALNotSatisfied - err := e.d.SessionManager().DoesSessionSatisfy(r, s, e.d.Config(r.Context()).SessionWhoAmIAAL()) + err := e.d.SessionManager().DoesSessionSatisfy(r, s, e.d.Config().SessionWhoAmIAAL(r.Context())) if ok := errors.As(err, &aalErr); !ok { return nil, false } @@ -101,18 +101,18 @@ func (e *HookExecutor) handleLoginError(_ http.ResponseWriter, r *http.Request, } func (e *HookExecutor) PostLoginHook(w http.ResponseWriter, r *http.Request, g node.UiNodeGroup, a *Flow, i *identity.Identity, s *session.Session) error { - if err := s.Activate(i, e.d.Config(r.Context()), time.Now().UTC()); err != nil { + if err := s.Activate(r.Context(), i, e.d.Config(), time.Now().UTC()); err != nil { return err } // Verify the redirect URL before we do any other processing. - c := e.d.Config(r.Context()) - returnTo, err := x.SecureRedirectTo(r, c.SelfServiceBrowserDefaultReturnTo(), + c := e.d.Config() + returnTo, err := x.SecureRedirectTo(r, c.SelfServiceBrowserDefaultReturnTo(r.Context()), x.SecureRedirectReturnTo(a.ReturnTo), x.SecureRedirectUseSourceURL(a.RequestURL), - x.SecureRedirectAllowURLs(c.SelfServiceBrowserAllowedReturnToDomains()), - x.SecureRedirectAllowSelfServiceURLs(c.SelfPublicURL()), - x.SecureRedirectOverrideDefaultReturnTo(e.d.Config(r.Context()).SelfServiceFlowLoginReturnTo(a.Active.String())), + x.SecureRedirectAllowURLs(c.SelfServiceBrowserAllowedReturnToDomains(r.Context())), + x.SecureRedirectAllowSelfServiceURLs(c.SelfPublicURL(r.Context())), + x.SecureRedirectOverrideDefaultReturnTo(e.d.Config().SelfServiceFlowLoginReturnTo(r.Context(), a.Active.String())), ) if err != nil { return err diff --git a/selfservice/flow/login/hook_test.go b/selfservice/flow/login/hook_test.go index 57e65b303ffb..3f2cf7a237a6 100644 --- a/selfservice/flow/login/hook_test.go +++ b/selfservice/flow/login/hook_test.go @@ -26,6 +26,7 @@ import ( ) func TestLoginExecutor(t *testing.T) { + ctx := context.Background() for _, strategy := range []identity.CredentialsType{ identity.CredentialsTypePassword, identity.CredentialsTypeOIDC, @@ -36,7 +37,7 @@ func TestLoginExecutor(t *testing.T) { t.Run("strategy="+strategy.String(), func(t *testing.T) { conf, reg := internal.NewFastRegistryWithMocks(t) testhelpers.SetDefaultIdentitySchema(conf, "file://./stub/login.schema.json") - conf.MustSet(config.ViperKeySelfServiceBrowserDefaultReturnTo, "https://www.ory.sh/") + conf.MustSet(ctx, config.ViperKeySelfServiceBrowserDefaultReturnTo, "https://www.ory.sh/") newServer := func(t *testing.T, ft flow.Type, useIdentity *identity.Identity) *httptest.Server { router := httprouter.New() @@ -66,7 +67,7 @@ func TestLoginExecutor(t *testing.T) { ts := httptest.NewServer(router) t.Cleanup(ts.Close) - conf.MustSet(config.ViperKeyPublicBaseURL, ts.URL) + conf.MustSet(ctx, config.ViperKeyPublicBaseURL, ts.URL) return ts } @@ -102,7 +103,7 @@ func TestLoginExecutor(t *testing.T) { t.Run("case=use return_to value", func(t *testing.T) { t.Cleanup(testhelpers.SelfServiceHookConfigReset(t, conf)) - conf.MustSet(config.ViperKeyURLsAllowedReturnToDomains, []string{"https://www.ory.sh/"}) + conf.MustSet(ctx, config.ViperKeyURLsAllowedReturnToDomains, []string{"https://www.ory.sh/"}) res, _ := makeRequestPost(t, newServer(t, flow.TypeBrowser, nil), false, url.Values{"return_to": {"https://www.ory.sh/kratos/"}}) assert.EqualValues(t, http.StatusOK, res.StatusCode) @@ -111,7 +112,7 @@ func TestLoginExecutor(t *testing.T) { t.Run("case=use nested config value", func(t *testing.T) { t.Cleanup(testhelpers.SelfServiceHookConfigReset(t, conf)) - conf.MustSet(config.ViperKeySelfServiceLoginAfter+"."+config.DefaultBrowserReturnURL, "https://www.ory.sh/kratos") + conf.MustSet(ctx, config.ViperKeySelfServiceLoginAfter+"."+config.DefaultBrowserReturnURL, "https://www.ory.sh/kratos") res, _ := makeRequestPost(t, newServer(t, flow.TypeBrowser, nil), false, url.Values{}) assert.EqualValues(t, http.StatusOK, res.StatusCode) @@ -156,7 +157,7 @@ func TestLoginExecutor(t *testing.T) { }) t.Run("case=work normally if AAL is satisfied", func(t *testing.T) { - conf.MustSet(config.ViperKeySessionWhoAmIAAL, "aal1") + conf.MustSet(ctx, config.ViperKeySessionWhoAmIAAL, "aal1") _ = testhelpers.NewLoginUIFlowEchoServer(t, reg) t.Cleanup(testhelpers.SelfServiceHookConfigReset(t, conf)) @@ -189,10 +190,10 @@ func TestLoginExecutor(t *testing.T) { }) t.Run("case=redirect to login if AAL is too low", func(t *testing.T) { - conf.MustSet(config.ViperKeySessionWhoAmIAAL, "highest_available") + conf.MustSet(ctx, config.ViperKeySessionWhoAmIAAL, "highest_available") _ = testhelpers.NewLoginUIFlowEchoServer(t, reg) t.Cleanup(func() { - conf.MustSet(config.ViperKeySessionWhoAmIAAL, "aal1") + conf.MustSet(ctx, config.ViperKeySessionWhoAmIAAL, "aal1") }) t.Cleanup(testhelpers.SelfServiceHookConfigReset(t, conf)) diff --git a/selfservice/flow/logout/handler.go b/selfservice/flow/logout/handler.go index f98fb75a63ac..55c80cde9aaa 100644 --- a/selfservice/flow/logout/handler.go +++ b/selfservice/flow/logout/handler.go @@ -124,7 +124,7 @@ func (h *Handler) createSelfServiceLogoutUrlForBrowsers(w http.ResponseWriter, r h.d.Writer().Write(w, r, &selfServiceLogoutUrl{ LogoutToken: sess.LogoutToken, - LogoutURL: urlx.CopyWithQuery(urlx.AppendPaths(h.d.Config(r.Context()).SelfPublicURL(), RouteSubmitFlow), + LogoutURL: urlx.CopyWithQuery(urlx.AppendPaths(h.d.Config().SelfPublicURL(r.Context()), RouteSubmitFlow), url.Values{"token": {sess.LogoutToken}}).String(), }) } @@ -271,10 +271,10 @@ func (h *Handler) submitLogout(w http.ResponseWriter, r *http.Request, ps httpro func (h *Handler) completeLogout(w http.ResponseWriter, r *http.Request) { _ = h.d.CSRFHandler().RegenerateToken(w, r) - ret, err := x.SecureRedirectTo(r, h.d.Config(r.Context()).SelfServiceFlowLogoutRedirectURL(), + ret, err := x.SecureRedirectTo(r, h.d.Config().SelfServiceFlowLogoutRedirectURL(r.Context()), x.SecureRedirectUseSourceURL(r.RequestURI), - x.SecureRedirectAllowURLs(h.d.Config(r.Context()).SelfServiceBrowserAllowedReturnToDomains()), - x.SecureRedirectAllowSelfServiceURLs(h.d.Config(r.Context()).SelfPublicURL()), + x.SecureRedirectAllowURLs(h.d.Config().SelfServiceBrowserAllowedReturnToDomains(r.Context())), + x.SecureRedirectAllowSelfServiceURLs(h.d.Config().SelfPublicURL(r.Context())), ) if err != nil { h.d.SelfServiceErrorManager().Forward(r.Context(), w, r, err) diff --git a/selfservice/flow/logout/handler_test.go b/selfservice/flow/logout/handler_test.go index 288ad037eb60..dcfe709e2d75 100644 --- a/selfservice/flow/logout/handler_test.go +++ b/selfservice/flow/logout/handler_test.go @@ -42,7 +42,7 @@ func TestLogout(t *testing.T) { publicRouter.POST("/csrf/check", func(w http.ResponseWriter, r *http.Request, _ httprouter.Params) { w.WriteHeader(http.StatusNoContent) }) - conf.MustSet(config.ViperKeySelfServiceLogoutBrowserDefaultReturnTo, public.URL+"/session/browser/get") + conf.MustSet(ctx, config.ViperKeySelfServiceLogoutBrowserDefaultReturnTo, public.URL+"/session/browser/get") t.Run("case=successful logout for API clients", func(t *testing.T) { hc := testhelpers.NewDebugClient(t) diff --git a/selfservice/flow/recovery/error.go b/selfservice/flow/recovery/error.go index c39b960dde74..927e6bc98e9e 100644 --- a/selfservice/flow/recovery/error.go +++ b/selfservice/flow/recovery/error.go @@ -70,7 +70,7 @@ func (s *ErrorHandler) WriteFlowError( if e := new(flow.ExpiredError); errors.As(err, &e) { // create new flow because the old one is not valid - a, err := FromOldFlow(s.d.Config(r.Context()), s.d.Config(r.Context()).SelfServiceFlowRecoveryRequestLifespan(), s.d.GenerateCSRFToken(r), r, s.d.RecoveryStrategies(r.Context()), *f) + a, err := FromOldFlow(s.d.Config(), s.d.Config().SelfServiceFlowRecoveryRequestLifespan(r.Context()), s.d.GenerateCSRFToken(r), r, s.d.RecoveryStrategies(r.Context()), *f) if err != nil { // failed to create a new session and redirect to it, handle that error as a new one s.WriteFlowError(w, r, f, group, err) @@ -87,10 +87,10 @@ func (s *ErrorHandler) WriteFlowError( // // https://github.com/ory/kratos/issues/2049!! if a.Type == flow.TypeAPI || x.IsJSONRequest(r) { - http.Redirect(w, r, urlx.CopyWithQuery(urlx.AppendPaths(s.d.Config(r.Context()).SelfPublicURL(), + http.Redirect(w, r, urlx.CopyWithQuery(urlx.AppendPaths(s.d.Config().SelfPublicURL(r.Context()), RouteGetFlow), url.Values{"id": {a.ID.String()}}).String(), http.StatusSeeOther) } else { - http.Redirect(w, r, a.AppendTo(s.d.Config(r.Context()).SelfServiceFlowRecoveryUI()).String(), http.StatusSeeOther) + http.Redirect(w, r, a.AppendTo(s.d.Config().SelfServiceFlowRecoveryUI(r.Context())).String(), http.StatusSeeOther) } return } @@ -108,7 +108,7 @@ func (s *ErrorHandler) WriteFlowError( } if f.Type == flow.TypeBrowser && !x.IsJSONRequest(r) { - http.Redirect(w, r, f.AppendTo(s.d.Config(r.Context()).SelfServiceFlowRecoveryUI()).String(), http.StatusSeeOther) + http.Redirect(w, r, f.AppendTo(s.d.Config().SelfServiceFlowRecoveryUI(r.Context())).String(), http.StatusSeeOther) return } diff --git a/selfservice/flow/recovery/error_test.go b/selfservice/flow/recovery/error_test.go index a3fe1f6ab5b7..ae8b0015567f 100644 --- a/selfservice/flow/recovery/error_test.go +++ b/selfservice/flow/recovery/error_test.go @@ -35,8 +35,9 @@ import ( ) func TestHandleError(t *testing.T) { + ctx := context.Background() conf, reg := internal.NewFastRegistryWithMocks(t) - conf.MustSet(config.ViperKeySelfServiceRecoveryEnabled, true) + conf.MustSet(ctx, config.ViperKeySelfServiceRecoveryEnabled, true) public, _ := testhelpers.NewKratosServer(t, reg) @@ -77,7 +78,7 @@ func TestHandleError(t *testing.T) { res, err := ts.Client().Get(ts.URL + "/error") require.NoError(t, err) defer res.Body.Close() - require.Contains(t, res.Request.URL.String(), conf.SelfServiceFlowErrorURL().String()+"?id=") + require.Contains(t, res.Request.URL.String(), conf.SelfServiceFlowErrorURL(ctx).String()+"?id=") sse, _, err := sdk.V0alpha2Api.GetSelfServiceError(context.Background()).Id(res.Request.URL.Query().Get("id")).Execute() require.NoError(t, err) @@ -107,7 +108,7 @@ func TestHandleError(t *testing.T) { require.NoError(t, err) defer res.Body.Close() assert.Contains(t, res.Header.Get("Content-Type"), "application/json") - assert.NotContains(t, res.Request.URL.String(), conf.SelfServiceFlowErrorURL().String()+"?id=") + assert.NotContains(t, res.Request.URL.String(), conf.SelfServiceFlowErrorURL(ctx).String()+"?id=") body, err := io.ReadAll(res.Body) require.NoError(t, err) @@ -183,7 +184,7 @@ func TestHandleError(t *testing.T) { res, err := ts.Client().Get(ts.URL + "/error") require.NoError(t, err) defer res.Body.Close() - assert.Contains(t, res.Request.URL.String(), conf.SelfServiceFlowRecoveryUI().String()+"?flow=") + assert.Contains(t, res.Request.URL.String(), conf.SelfServiceFlowRecoveryUI(ctx).String()+"?flow=") rf, err := reg.RecoveryFlowPersister().GetRecoveryFlow(context.Background(), uuid.FromStringOrNil(res.Request.URL.Query().Get("flow"))) require.NoError(t, err) diff --git a/selfservice/flow/recovery/flow.go b/selfservice/flow/recovery/flow.go index f3d648d166d9..72614138b193 100644 --- a/selfservice/flow/recovery/flow.go +++ b/selfservice/flow/recovery/flow.go @@ -12,7 +12,6 @@ import ( "github.com/gofrs/uuid" "github.com/pkg/errors" - "github.com/ory/kratos/corp" "github.com/ory/kratos/driver/config" "github.com/ory/kratos/selfservice/flow" "github.com/ory/kratos/ui/container" @@ -101,10 +100,10 @@ func NewFlow(conf *config.Config, exp time.Duration, csrf string, r *http.Reques // Pre-validate the return to URL which is contained in the HTTP request. requestURL := x.RequestURL(r).String() _, err := x.SecureRedirectTo(r, - conf.SelfServiceBrowserDefaultReturnTo(), + conf.SelfServiceBrowserDefaultReturnTo(r.Context()), x.SecureRedirectUseSourceURL(requestURL), - x.SecureRedirectAllowURLs(conf.SelfServiceBrowserAllowedReturnToDomains()), - x.SecureRedirectAllowSelfServiceURLs(conf.SelfPublicURL()), + x.SecureRedirectAllowURLs(conf.SelfServiceBrowserAllowedReturnToDomains(r.Context())), + x.SecureRedirectAllowSelfServiceURLs(conf.SelfPublicURL(r.Context())), ) if err != nil { return nil, err @@ -117,7 +116,7 @@ func NewFlow(conf *config.Config, exp time.Duration, csrf string, r *http.Reques RequestURL: requestURL, UI: &container.Container{ Method: "POST", - Action: flow.AppendFlowTo(urlx.AppendPaths(conf.SelfPublicURL(), RouteSubmitFlow), id).String(), + Action: flow.AppendFlowTo(urlx.AppendPaths(conf.SelfPublicURL(r.Context()), RouteSubmitFlow), id).String(), }, State: StateChooseMethod, CSRFToken: csrf, @@ -157,7 +156,7 @@ func (f *Flow) GetRequestURL() string { } func (f Flow) TableName(ctx context.Context) string { - return corp.ContextualizeTableName(ctx, "selfservice_recovery_flows") + return "selfservice_recovery_flows" } func (f Flow) GetID() uuid.UUID { diff --git a/selfservice/flow/recovery/flow_test.go b/selfservice/flow/recovery/flow_test.go index ba08845fb295..b1358ee60101 100644 --- a/selfservice/flow/recovery/flow_test.go +++ b/selfservice/flow/recovery/flow_test.go @@ -1,6 +1,7 @@ package recovery_test import ( + "context" "fmt" "net/http" "net/url" @@ -23,6 +24,7 @@ import ( ) func TestFlow(t *testing.T) { + ctx := context.Background() conf, _ := internal.NewFastRegistryWithMocks(t) must := func(r *recovery.Flow, err error) *recovery.Flow { @@ -56,7 +58,7 @@ func TestFlow(t *testing.T) { _, err := recovery.NewFlow(conf, 0, "csrf", &http.Request{URL: &url.URL{Path: "/", RawQuery: "return_to=https://not-allowed/foobar"}, Host: "ory.sh"}, nil, flow.TypeBrowser) require.Error(t, err) - _, err = recovery.NewFlow(conf, 0, "csrf", &http.Request{URL: &url.URL{Path: "/", RawQuery: "return_to=" + urlx.AppendPaths(conf.SelfPublicURL(), "/self-service/login/browser").String()}, Host: "ory.sh"}, nil, flow.TypeBrowser) + _, err = recovery.NewFlow(conf, 0, "csrf", &http.Request{URL: &url.URL{Path: "/", RawQuery: "return_to=" + urlx.AppendPaths(conf.SelfPublicURL(ctx), "/self-service/login/browser").String()}, Host: "ory.sh"}, nil, flow.TypeBrowser) require.NoError(t, err) }) } @@ -86,8 +88,9 @@ func TestFlowEncodeJSON(t *testing.T) { } func TestFromOldFlow(t *testing.T) { + ctx := context.Background() conf := internal.NewConfigurationWithDefaults(t) - r := http.Request{URL: &url.URL{Path: "/", RawQuery: "return_to=" + urlx.AppendPaths(conf.SelfPublicURL(), "/self-service/login/browser").String()}, Host: "ory.sh"} + r := http.Request{URL: &url.URL{Path: "/", RawQuery: "return_to=" + urlx.AppendPaths(conf.SelfPublicURL(ctx), "/self-service/login/browser").String()}, Host: "ory.sh"} for _, ft := range []flow.Type{ flow.TypeAPI, flow.TypeBrowser, diff --git a/selfservice/flow/recovery/handler.go b/selfservice/flow/recovery/handler.go index aed1470f3afe..bcb8c4de129f 100644 --- a/selfservice/flow/recovery/handler.go +++ b/selfservice/flow/recovery/handler.go @@ -116,12 +116,12 @@ func (h *Handler) RegisterAdminRoutes(admin *x.RouterAdmin) { // 500: jsonError // 400: jsonError func (h *Handler) initAPIFlow(w http.ResponseWriter, r *http.Request, _ httprouter.Params) { - if !h.d.Config(r.Context()).SelfServiceFlowRecoveryEnabled() { + if !h.d.Config().SelfServiceFlowRecoveryEnabled(r.Context()) { h.d.SelfServiceErrorManager().Forward(r.Context(), w, r, errors.WithStack(herodot.ErrBadRequest.WithReasonf("Recovery is not allowed because it was disabled."))) return } - req, err := NewFlow(h.d.Config(r.Context()), h.d.Config(r.Context()).SelfServiceFlowRecoveryRequestLifespan(), h.d.GenerateCSRFToken(r), r, h.d.RecoveryStrategies(r.Context()), flow.TypeAPI) + req, err := NewFlow(h.d.Config(), h.d.Config().SelfServiceFlowRecoveryRequestLifespan(r.Context()), h.d.GenerateCSRFToken(r), r, h.d.RecoveryStrategies(r.Context()), flow.TypeAPI) if err != nil { h.d.Writer().WriteError(w, r, err) return @@ -167,12 +167,12 @@ type initializeSelfServiceRecoveryFlowWithoutBrowser struct { // 400: jsonError // 500: jsonError func (h *Handler) initBrowserFlow(w http.ResponseWriter, r *http.Request, _ httprouter.Params) { - if !h.d.Config(r.Context()).SelfServiceFlowRecoveryEnabled() { + if !h.d.Config().SelfServiceFlowRecoveryEnabled(r.Context()) { h.d.SelfServiceErrorManager().Forward(r.Context(), w, r, errors.WithStack(herodot.ErrBadRequest.WithReasonf("Recovery is not allowed because it was disabled."))) return } - f, err := NewFlow(h.d.Config(r.Context()), h.d.Config(r.Context()).SelfServiceFlowRecoveryRequestLifespan(), h.d.GenerateCSRFToken(r), r, h.d.RecoveryStrategies(r.Context()), flow.TypeBrowser) + f, err := NewFlow(h.d.Config(), h.d.Config().SelfServiceFlowRecoveryRequestLifespan(r.Context()), h.d.GenerateCSRFToken(r), r, h.d.RecoveryStrategies(r.Context()), flow.TypeBrowser) if err != nil { h.d.SelfServiceErrorManager().Forward(r.Context(), w, r, err) return @@ -183,7 +183,7 @@ func (h *Handler) initBrowserFlow(w http.ResponseWriter, r *http.Request, _ http return } - redirTo := f.AppendTo(h.d.Config(r.Context()).SelfServiceFlowRecoveryUI()).String() + redirTo := f.AppendTo(h.d.Config().SelfServiceFlowRecoveryUI(r.Context())).String() x.AcceptToRedirectOrJSON(w, r, h.d.Writer(), f, redirTo) } @@ -243,7 +243,7 @@ type getSelfServiceRecoveryFlow struct { // 410: jsonError // 500: jsonError func (h *Handler) fetch(w http.ResponseWriter, r *http.Request, _ httprouter.Params) { - if !h.d.Config(r.Context()).SelfServiceFlowRecoveryEnabled() { + if !h.d.Config().SelfServiceFlowRecoveryEnabled(r.Context()) { h.d.SelfServiceErrorManager().Forward(r.Context(), w, r, errors.WithStack(herodot.ErrBadRequest.WithReasonf("Recovery is not allowed because it was disabled."))) return } @@ -265,7 +265,7 @@ func (h *Handler) fetch(w http.ResponseWriter, r *http.Request, _ httprouter.Par if f.ExpiresAt.Before(time.Now().UTC()) { if f.Type == flow.TypeBrowser { - redirectURL := flow.GetFlowExpiredRedirectURL(h.d.Config(r.Context()), RouteInitBrowserFlow, f.ReturnTo) + redirectURL := flow.GetFlowExpiredRedirectURL(r.Context(), h.d.Config(), RouteInitBrowserFlow, f.ReturnTo) h.d.Writer().WriteError(w, r, errors.WithStack(x.ErrGone. WithReason("The recovery flow has expired. Redirect the user to the recovery flow init endpoint to initialize a new recovery flow."). @@ -275,7 +275,7 @@ func (h *Handler) fetch(w http.ResponseWriter, r *http.Request, _ httprouter.Par } h.d.Writer().WriteError(w, r, errors.WithStack(x.ErrGone. WithReason("The recovery flow has expired. Call the recovery flow init API endpoint to initialize a new recovery flow."). - WithDetail("api", urlx.AppendPaths(h.d.Config(r.Context()).SelfPublicURL(), RouteInitAPIFlow).String()))) + WithDetail("api", urlx.AppendPaths(h.d.Config().SelfPublicURL(r.Context()), RouteInitAPIFlow).String()))) return } @@ -403,7 +403,7 @@ func (h *Handler) submitFlow(w http.ResponseWriter, r *http.Request, ps httprout } if f.Type == flow.TypeBrowser && !x.IsJSONRequest(r) { - http.Redirect(w, r, f.AppendTo(h.d.Config(r.Context()).SelfServiceFlowRecoveryUI()).String(), http.StatusSeeOther) + http.Redirect(w, r, f.AppendTo(h.d.Config().SelfServiceFlowRecoveryUI(r.Context())).String(), http.StatusSeeOther) return } diff --git a/selfservice/flow/recovery/handler_test.go b/selfservice/flow/recovery/handler_test.go index 17966cc308f2..2975aa21b57c 100644 --- a/selfservice/flow/recovery/handler_test.go +++ b/selfservice/flow/recovery/handler_test.go @@ -34,8 +34,9 @@ func init() { } func TestHandlerRedirectOnAuthenticated(t *testing.T) { + ctx := context.Background() conf, reg := internal.NewFastRegistryWithMocks(t) - conf.MustSet(config.ViperKeySelfServiceRecoveryEnabled, true) + conf.MustSet(ctx, config.ViperKeySelfServiceRecoveryEnabled, true) router := x.NewRouterPublic() ts, _ := testhelpers.NewKratosServerWithRouters(t, reg, router, x.NewRouterAdmin()) @@ -58,16 +59,17 @@ func TestHandlerRedirectOnAuthenticated(t *testing.T) { } func TestInitFlow(t *testing.T) { + ctx := context.Background() conf, reg := internal.NewFastRegistryWithMocks(t) - conf.MustSet(config.ViperKeySelfServiceRecoveryEnabled, true) - conf.MustSet(config.ViperKeySelfServiceStrategyConfig+"."+recovery.StrategyRecoveryLinkName, + conf.MustSet(ctx, config.ViperKeySelfServiceRecoveryEnabled, true) + conf.MustSet(ctx, config.ViperKeySelfServiceStrategyConfig+"."+recovery.StrategyRecoveryLinkName, map[string]interface{}{"enabled": true}) router := x.NewRouterPublic() publicTS, _ := testhelpers.NewKratosServerWithRouters(t, reg, router, x.NewRouterAdmin()) recoveryTS := testhelpers.NewRecoveryUIFlowEchoServer(t, reg) - conf.MustSet(config.ViperKeySelfServiceBrowserDefaultReturnTo, "https://www.ory.sh") + conf.MustSet(ctx, config.ViperKeySelfServiceBrowserDefaultReturnTo, "https://www.ory.sh") testhelpers.SetDefaultIdentitySchema(conf, "file://./stub/identity.schema.json") assertion := func(body []byte, isForced, isApi bool) { @@ -164,7 +166,7 @@ func TestInitFlow(t *testing.T) { }) t.Run("case=relative redirect when self-service recovery ui is a relative URL", func(t *testing.T) { - reg.Config(context.Background()).MustSet(config.ViperKeySelfServiceRecoveryUI, "/recovery-ts") + reg.Config().MustSet(ctx, config.ViperKeySelfServiceRecoveryUI, "/recovery-ts") assert.Regexp( t, "^/recovery-ts.*$", @@ -193,9 +195,10 @@ func TestInitFlow(t *testing.T) { } func TestGetFlow(t *testing.T) { + ctx := context.Background() conf, reg := internal.NewFastRegistryWithMocks(t) - conf.MustSet(config.ViperKeySelfServiceRecoveryEnabled, true) - conf.MustSet(config.ViperKeySelfServiceStrategyConfig+"."+recovery.StrategyRecoveryLinkName, + conf.MustSet(ctx, config.ViperKeySelfServiceRecoveryEnabled, true) + conf.MustSet(ctx, config.ViperKeySelfServiceStrategyConfig+"."+recovery.StrategyRecoveryLinkName, map[string]interface{}{"enabled": true}) testhelpers.SetDefaultIdentitySchema(conf, "file://./stub/identity.schema.json") @@ -209,7 +212,7 @@ func TestGetFlow(t *testing.T) { require.NoError(t, err) })) t.Cleanup(ts.Close) - conf.MustSet(config.ViperKeySelfServiceRecoveryUI, ts.URL) + conf.MustSet(ctx, config.ViperKeySelfServiceRecoveryUI, ts.URL) return ts } @@ -250,7 +253,7 @@ func TestGetFlow(t *testing.T) { t.Run("case=expired with return_to", func(t *testing.T) { returnTo := "https://www.ory.sh" - conf.MustSet(config.ViperKeyURLsAllowedReturnToDomains, []string{returnTo}) + conf.MustSet(ctx, config.ViperKeyURLsAllowedReturnToDomains, []string{returnTo}) client := testhelpers.NewClientWithCookies(t) setupRecoveryTS(t, client) body := x.EasyGetBody(t, client, public.URL+recovery.RouteInitBrowserFlow+"?return_to="+returnTo) diff --git a/selfservice/flow/recovery/hook_test.go b/selfservice/flow/recovery/hook_test.go index e4f4cb3a428d..32e164009c91 100644 --- a/selfservice/flow/recovery/hook_test.go +++ b/selfservice/flow/recovery/hook_test.go @@ -25,6 +25,7 @@ import ( ) func TestRecoveryExecutor(t *testing.T) { + ctx := context.Background() conf, reg := internal.NewFastRegistryWithMocks(t) newServer := func(t *testing.T, i *identity.Identity, ft flow.Type) *httptest.Server { @@ -33,7 +34,7 @@ func TestRecoveryExecutor(t *testing.T) { router.GET("/recovery/post", func(w http.ResponseWriter, r *http.Request, _ httprouter.Params) { a, err := recovery.NewFlow(conf, time.Minute, x.FakeCSRFToken, r, reg.RecoveryStrategies(context.Background()), ft) require.NoError(t, err) - s, _ := session.NewActiveSession( + s, _ := session.NewActiveSession(ctx, i, conf, time.Now().UTC(), @@ -48,7 +49,7 @@ func TestRecoveryExecutor(t *testing.T) { ts := httptest.NewServer(router) t.Cleanup(ts.Close) - conf.MustSet(config.ViperKeyPublicBaseURL, ts.URL) + conf.MustSet(ctx, config.ViperKeyPublicBaseURL, ts.URL) return ts } @@ -65,7 +66,7 @@ func TestRecoveryExecutor(t *testing.T) { t.Run("case=pass if hooks pass", func(t *testing.T) { t.Cleanup(testhelpers.SelfServiceHookConfigReset(t, conf)) - conf.MustSet(config.HookStrategyKey(config.ViperKeySelfServiceRecoveryAfter, config.HookGlobal), + conf.MustSet(ctx, config.HookStrategyKey(config.ViperKeySelfServiceRecoveryAfter, config.HookGlobal), []config.SelfServiceHook{{Name: "err", Config: []byte(`{}`)}}) i := testhelpers.SelfServiceHookFakeIdentity(t) ts := newServer(t, i, flow.TypeBrowser) @@ -77,7 +78,7 @@ func TestRecoveryExecutor(t *testing.T) { t.Run("case=fail if hooks fail", func(t *testing.T) { t.Cleanup(testhelpers.SelfServiceHookConfigReset(t, conf)) - conf.MustSet(config.HookStrategyKey(config.ViperKeySelfServiceRecoveryAfter, config.HookGlobal), + conf.MustSet(ctx, config.HookStrategyKey(config.ViperKeySelfServiceRecoveryAfter, config.HookGlobal), []config.SelfServiceHook{{Name: "err", Config: []byte(`{"ExecutePostRecoveryHook": "abort"}`)}}) i := testhelpers.SelfServiceHookFakeIdentity(t) ts := newServer(t, i, flow.TypeBrowser) diff --git a/selfservice/flow/registration/decoder.go b/selfservice/flow/registration/decoder.go index fbe201dd4c85..b072152db20e 100644 --- a/selfservice/flow/registration/decoder.go +++ b/selfservice/flow/registration/decoder.go @@ -11,7 +11,7 @@ import ( ) func DecodeBody(p interface{}, r *http.Request, dec *decoderx.HTTP, conf *config.Config, schema []byte) error { - ds, err := conf.DefaultIdentityTraitsSchemaURL() + ds, err := conf.DefaultIdentityTraitsSchemaURL(r.Context()) if err != nil { return err } diff --git a/selfservice/flow/registration/error.go b/selfservice/flow/registration/error.go index 0a132ef5fe77..41cfadd8adf3 100644 --- a/selfservice/flow/registration/error.go +++ b/selfservice/flow/registration/error.go @@ -87,7 +87,7 @@ func (s *ErrorHandler) WriteFlowError( if f.Type == flow.TypeAPI || x.IsJSONRequest(r) { s.d.Writer().WriteError(w, r, expired) } else { - http.Redirect(w, r, expired.GetFlow().AppendTo(s.d.Config(r.Context()).SelfServiceFlowRegistrationUI()).String(), http.StatusSeeOther) + http.Redirect(w, r, expired.GetFlow().AppendTo(s.d.Config().SelfServiceFlowRegistrationUI(r.Context())).String(), http.StatusSeeOther) } return } @@ -98,7 +98,7 @@ func (s *ErrorHandler) WriteFlowError( return } - ds, err := s.d.Config(r.Context()).DefaultIdentityTraitsSchemaURL() + ds, err := s.d.Config().DefaultIdentityTraitsSchemaURL(r.Context()) if err != nil { s.forward(w, r, f, err) return @@ -115,7 +115,7 @@ func (s *ErrorHandler) WriteFlowError( } if f.Type == flow.TypeBrowser && !x.IsJSONRequest(r) { - http.Redirect(w, r, f.AppendTo(s.d.Config(r.Context()).SelfServiceFlowRegistrationUI()).String(), http.StatusFound) + http.Redirect(w, r, f.AppendTo(s.d.Config().SelfServiceFlowRegistrationUI(r.Context())).String(), http.StatusFound) return } diff --git a/selfservice/flow/registration/error_test.go b/selfservice/flow/registration/error_test.go index 0a3970dd8419..5767607c6b65 100644 --- a/selfservice/flow/registration/error_test.go +++ b/selfservice/flow/registration/error_test.go @@ -35,9 +35,10 @@ import ( ) func TestHandleError(t *testing.T) { + ctx := context.Background() conf, reg := internal.NewFastRegistryWithMocks(t) - conf.MustSet(config.ViperKeySelfServiceRegistrationEnabled, true) + conf.MustSet(ctx, config.ViperKeySelfServiceRegistrationEnabled, true) testhelpers.SetDefaultIdentitySchema(conf, "file://./stub/login.schema.json") public, _ := testhelpers.NewKratosServer(t, reg) @@ -81,7 +82,7 @@ func TestHandleError(t *testing.T) { res, err := ts.Client().Get(ts.URL + "/error") require.NoError(t, err) defer res.Body.Close() - require.Contains(t, res.Request.URL.String(), conf.SelfServiceFlowErrorURL().String()+"?id=") + require.Contains(t, res.Request.URL.String(), conf.SelfServiceFlowErrorURL(ctx).String()+"?id=") sse, _, err := sdk.V0alpha2Api.GetSelfServiceError(context.Background()).Id(res.Request.URL.Query().Get("id")).Execute() require.NoError(t, err) @@ -111,7 +112,7 @@ func TestHandleError(t *testing.T) { require.NoError(t, err) defer res.Body.Close() assert.Contains(t, res.Header.Get("Content-Type"), "application/json") - assert.NotContains(t, res.Request.URL.String(), conf.SelfServiceFlowErrorURL().String()+"?id=") + assert.NotContains(t, res.Request.URL.String(), conf.SelfServiceFlowErrorURL(ctx).String()+"?id=") body, err := io.ReadAll(res.Body) require.NoError(t, err) @@ -187,7 +188,7 @@ func TestHandleError(t *testing.T) { res, err := ts.Client().Get(ts.URL + "/error") require.NoError(t, err) defer res.Body.Close() - assert.Contains(t, res.Request.URL.String(), conf.SelfServiceFlowRegistrationUI().String()+"?flow=") + assert.Contains(t, res.Request.URL.String(), conf.SelfServiceFlowRegistrationUI(ctx).String()+"?flow=") rf, err := reg.RegistrationFlowPersister().GetRegistrationFlow(context.Background(), uuid.FromStringOrNil(res.Request.URL.Query().Get("flow"))) require.NoError(t, err) diff --git a/selfservice/flow/registration/flow.go b/selfservice/flow/registration/flow.go index 20fd9e50c468..eac408c45197 100644 --- a/selfservice/flow/registration/flow.go +++ b/selfservice/flow/registration/flow.go @@ -16,8 +16,6 @@ import ( "github.com/ory/kratos/driver/config" "github.com/ory/kratos/ui/container" - "github.com/ory/kratos/corp" - "github.com/gofrs/uuid" "github.com/pkg/errors" @@ -91,10 +89,10 @@ func NewFlow(conf *config.Config, exp time.Duration, csrf string, r *http.Reques // Pre-validate the return to URL which is contained in the HTTP request. requestURL := x.RequestURL(r).String() _, err := x.SecureRedirectTo(r, - conf.SelfServiceBrowserDefaultReturnTo(), + conf.SelfServiceBrowserDefaultReturnTo(r.Context()), x.SecureRedirectUseSourceURL(requestURL), - x.SecureRedirectAllowURLs(conf.SelfServiceBrowserAllowedReturnToDomains()), - x.SecureRedirectAllowSelfServiceURLs(conf.SelfPublicURL()), + x.SecureRedirectAllowURLs(conf.SelfServiceBrowserAllowedReturnToDomains(r.Context())), + x.SecureRedirectAllowSelfServiceURLs(conf.SelfPublicURL(r.Context())), ) if err != nil { return nil, err @@ -107,7 +105,7 @@ func NewFlow(conf *config.Config, exp time.Duration, csrf string, r *http.Reques RequestURL: requestURL, UI: &container.Container{ Method: "POST", - Action: flow.AppendFlowTo(urlx.AppendPaths(conf.SelfPublicURL(), RouteSubmitFlow), id).String(), + Action: flow.AppendFlowTo(urlx.AppendPaths(conf.SelfPublicURL(r.Context()), RouteSubmitFlow), id).String(), }, CSRFToken: csrf, Type: ft, @@ -116,7 +114,7 @@ func NewFlow(conf *config.Config, exp time.Duration, csrf string, r *http.Reques } func (f Flow) TableName(ctx context.Context) string { - return corp.ContextualizeTableName(ctx, "selfservice_registration_flows") + return "selfservice_registration_flows" } func (f Flow) GetID() uuid.UUID { diff --git a/selfservice/flow/registration/flow_test.go b/selfservice/flow/registration/flow_test.go index acda1c8ee780..bb36c8516287 100644 --- a/selfservice/flow/registration/flow_test.go +++ b/selfservice/flow/registration/flow_test.go @@ -1,6 +1,7 @@ package registration_test import ( + "context" "crypto/tls" "fmt" "net/http" @@ -39,6 +40,7 @@ func TestFakeFlow(t *testing.T) { } func TestNewFlow(t *testing.T) { + ctx := context.Background() conf, _ := internal.NewFastRegistryWithMocks(t) t.Run("case=0", func(t *testing.T) { r, err := registration.NewFlow(conf, 0, "csrf", &http.Request{ @@ -55,7 +57,7 @@ func TestNewFlow(t *testing.T) { _, err := registration.NewFlow(conf, 0, "csrf", &http.Request{URL: &url.URL{Path: "/", RawQuery: "return_to=https://not-allowed/foobar"}, Host: "ory.sh"}, flow.TypeBrowser) require.Error(t, err) - _, err = registration.NewFlow(conf, 0, "csrf", &http.Request{URL: &url.URL{Path: "/", RawQuery: "return_to=" + urlx.AppendPaths(conf.SelfPublicURL(), "/self-service/login/browser").String()}, Host: "ory.sh"}, flow.TypeBrowser) + _, err = registration.NewFlow(conf, 0, "csrf", &http.Request{URL: &url.URL{Path: "/", RawQuery: "return_to=" + urlx.AppendPaths(conf.SelfPublicURL(ctx), "/self-service/login/browser").String()}, Host: "ory.sh"}, flow.TypeBrowser) require.NoError(t, err) }) diff --git a/selfservice/flow/registration/handler.go b/selfservice/flow/registration/handler.go index 2d8f358a8555..977dc516c153 100644 --- a/selfservice/flow/registration/handler.go +++ b/selfservice/flow/registration/handler.go @@ -100,11 +100,11 @@ func WithFlowReturnTo(returnTo string) FlowOption { } func (h *Handler) NewRegistrationFlow(w http.ResponseWriter, r *http.Request, ft flow.Type, opts ...FlowOption) (*Flow, error) { - if !h.d.Config(r.Context()).SelfServiceFlowRegistrationEnabled() { + if !h.d.Config().SelfServiceFlowRegistrationEnabled(r.Context()) { return nil, errors.WithStack(ErrRegistrationDisabled) } - f, err := NewFlow(h.d.Config(r.Context()), h.d.Config(r.Context()).SelfServiceFlowRegistrationRequestLifespan(), h.d.GenerateCSRFToken(r), r, ft) + f, err := NewFlow(h.d.Config(), h.d.Config().SelfServiceFlowRegistrationRequestLifespan(r.Context()), h.d.GenerateCSRFToken(r), r, ft) if err != nil { return nil, err } @@ -118,7 +118,7 @@ func (h *Handler) NewRegistrationFlow(w http.ResponseWriter, r *http.Request, ft } } - ds, err := h.d.Config(r.Context()).DefaultIdentityTraitsSchemaURL() + ds, err := h.d.Config().DefaultIdentityTraitsSchemaURL(r.Context()) if err != nil { return nil, err } @@ -249,11 +249,11 @@ func (h *Handler) initBrowserFlow(w http.ResponseWriter, r *http.Request, ps htt return } - http.Redirect(w, r, h.d.Config(r.Context()).SelfServiceBrowserDefaultReturnTo().String(), http.StatusSeeOther) + http.Redirect(w, r, h.d.Config().SelfServiceBrowserDefaultReturnTo(r.Context()).String(), http.StatusSeeOther) return } - redirTo := a.AppendTo(h.d.Config(r.Context()).SelfServiceFlowRegistrationUI()).String() + redirTo := a.AppendTo(h.d.Config().SelfServiceFlowRegistrationUI(r.Context())).String() x.AcceptToRedirectOrJSON(w, r, h.d.Writer(), a, redirTo) } @@ -319,8 +319,7 @@ type getSelfServiceRegistrationFlow struct { // 410: jsonError // 500: jsonError func (h *Handler) fetchFlow(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { - - if !h.d.Config(r.Context()).SelfServiceFlowRegistrationEnabled() { + if !h.d.Config().SelfServiceFlowRegistrationEnabled(r.Context()) { h.d.SelfServiceErrorManager().Forward(r.Context(), w, r, errors.WithStack(ErrRegistrationDisabled)) return } @@ -341,7 +340,7 @@ func (h *Handler) fetchFlow(w http.ResponseWriter, r *http.Request, ps httproute if ar.ExpiresAt.Before(time.Now()) { if ar.Type == flow.TypeBrowser { - redirectURL := flow.GetFlowExpiredRedirectURL(h.d.Config(r.Context()), RouteInitBrowserFlow, ar.ReturnTo) + redirectURL := flow.GetFlowExpiredRedirectURL(r.Context(), h.d.Config(), RouteInitBrowserFlow, ar.ReturnTo) h.d.Writer().WriteError(w, r, errors.WithStack(x.ErrGone.WithID(text.ErrIDSelfServiceFlowExpired). WithReason("The registration flow has expired. Redirect the user to the registration flow init endpoint to initialize a new registration flow."). @@ -351,7 +350,7 @@ func (h *Handler) fetchFlow(w http.ResponseWriter, r *http.Request, ps httproute } h.d.Writer().WriteError(w, r, errors.WithStack(x.ErrGone.WithID(text.ErrIDSelfServiceFlowExpired). WithReason("The registration flow has expired. Call the registration flow init API endpoint to initialize a new registration flow."). - WithDetail("api", urlx.AppendPaths(h.d.Config(r.Context()).SelfPublicURL(), RouteInitAPIFlow).String()))) + WithDetail("api", urlx.AppendPaths(h.d.Config().SelfPublicURL(r.Context()), RouteInitAPIFlow).String()))) return } @@ -452,7 +451,7 @@ func (h *Handler) submitFlow(w http.ResponseWriter, r *http.Request, _ httproute if _, err := h.d.SessionManager().FetchFromRequest(r.Context(), r); err == nil { if f.Type == flow.TypeBrowser { - http.Redirect(w, r, h.d.Config(r.Context()).SelfServiceBrowserDefaultReturnTo().String(), http.StatusSeeOther) + http.Redirect(w, r, h.d.Config().SelfServiceBrowserDefaultReturnTo(r.Context()).String(), http.StatusSeeOther) return } @@ -465,7 +464,7 @@ func (h *Handler) submitFlow(w http.ResponseWriter, r *http.Request, _ httproute return } - i := identity.NewIdentity(h.d.Config(r.Context()).DefaultIdentityTraitsSchemaID()) + i := identity.NewIdentity(h.d.Config().DefaultIdentityTraitsSchemaID(r.Context())) var s Strategy for _, ss := range h.d.AllRegistrationStrategies() { if err := ss.Register(w, r, f, i); errors.Is(err, flow.ErrStrategyNotResponsible) { diff --git a/selfservice/flow/registration/handler_test.go b/selfservice/flow/registration/handler_test.go index cdcdad0a3c31..75f555742849 100644 --- a/selfservice/flow/registration/handler_test.go +++ b/selfservice/flow/registration/handler_test.go @@ -34,13 +34,14 @@ func init() { } func TestHandlerRedirectOnAuthenticated(t *testing.T) { + ctx := context.Background() conf, reg := internal.NewFastRegistryWithMocks(t) router := x.NewRouterPublic() ts, _ := testhelpers.NewKratosServerWithRouters(t, reg, router, x.NewRouterAdmin()) redirTS := testhelpers.NewRedirTS(t, "already authenticated", conf) - conf.MustSet(config.ViperKeySelfServiceRegistrationEnabled, true) + conf.MustSet(ctx, config.ViperKeySelfServiceRegistrationEnabled, true) testhelpers.SetDefaultIdentitySchema(conf, "file://./stub/identity.schema.json") t.Run("does redirect to default on authenticated request", func(t *testing.T) { @@ -57,16 +58,17 @@ func TestHandlerRedirectOnAuthenticated(t *testing.T) { } func TestInitFlow(t *testing.T) { + ctx := context.Background() conf, reg := internal.NewFastRegistryWithMocks(t) - conf.MustSet(config.ViperKeySelfServiceStrategyConfig+"."+string(identity.CredentialsTypePassword), + conf.MustSet(ctx, config.ViperKeySelfServiceStrategyConfig+"."+string(identity.CredentialsTypePassword), map[string]interface{}{"enabled": true}) router := x.NewRouterPublic() publicTS, _ := testhelpers.NewKratosServerWithRouters(t, reg, router, x.NewRouterAdmin()) registrationTS := testhelpers.NewRegistrationUIFlowEchoServer(t, reg) - conf.MustSet(config.ViperKeySelfServiceRegistrationEnabled, true) - conf.MustSet(config.ViperKeySelfServiceBrowserDefaultReturnTo, "https://www.ory.sh") + conf.MustSet(ctx, config.ViperKeySelfServiceRegistrationEnabled, true) + conf.MustSet(ctx, config.ViperKeySelfServiceBrowserDefaultReturnTo, "https://www.ory.sh") testhelpers.SetDefaultIdentitySchema(conf, "file://./stub/login.schema.json") assertion := func(body []byte, isForced, isApi bool) { @@ -161,7 +163,7 @@ func TestInitFlow(t *testing.T) { }) t.Run("case=relative redirect when self-service registration ui is a relative URL", func(t *testing.T) { - reg.Config(context.Background()).MustSet(config.ViperKeySelfServiceRegistrationUI, "/registration-ts") + reg.Config().MustSet(ctx, config.ViperKeySelfServiceRegistrationUI, "/registration-ts") assert.Regexp( t, "^/registration-ts.*$", @@ -190,11 +192,12 @@ func TestInitFlow(t *testing.T) { } func TestDisabledFlow(t *testing.T) { + ctx := context.Background() conf, reg := internal.NewFastRegistryWithMocks(t) - conf.MustSet(config.ViperKeySelfServiceRegistrationEnabled, false) + conf.MustSet(ctx, config.ViperKeySelfServiceRegistrationEnabled, false) testhelpers.SetDefaultIdentitySchema(conf, "file://./stub/login.schema.json") - conf.MustSet(config.ViperKeySelfServiceStrategyConfig+"."+string(identity.CredentialsTypePassword), + conf.MustSet(ctx, config.ViperKeySelfServiceStrategyConfig+"."+string(identity.CredentialsTypePassword), map[string]interface{}{"enabled": true}) publicTS, _ := testhelpers.NewKratosServerWithCSRF(t, reg) @@ -247,10 +250,11 @@ func TestDisabledFlow(t *testing.T) { } func TestGetFlow(t *testing.T) { + ctx := context.Background() conf, reg := internal.NewFastRegistryWithMocks(t) - conf.MustSet(config.ViperKeySelfServiceRegistrationEnabled, true) + conf.MustSet(ctx, config.ViperKeySelfServiceRegistrationEnabled, true) testhelpers.SetDefaultIdentitySchema(conf, "file://./stub/registration.schema.json") - conf.MustSet(config.ViperKeySelfServiceStrategyConfig+"."+string(identity.CredentialsTypePassword), + conf.MustSet(ctx, config.ViperKeySelfServiceStrategyConfig+"."+string(identity.CredentialsTypePassword), map[string]interface{}{"enabled": true}) public, _ := testhelpers.NewKratosServerWithCSRF(t, reg) @@ -263,7 +267,7 @@ func TestGetFlow(t *testing.T) { require.NoError(t, err) })) t.Cleanup(ts.Close) - conf.MustSet(config.ViperKeySelfServiceRegistrationUI, ts.URL) + conf.MustSet(ctx, config.ViperKeySelfServiceRegistrationUI, ts.URL) return ts } @@ -305,7 +309,7 @@ func TestGetFlow(t *testing.T) { t.Run("case=expired with return_to", func(t *testing.T) { returnTo := "https://www.ory.sh" - conf.MustSet(config.ViperKeyURLsAllowedReturnToDomains, []string{returnTo}) + conf.MustSet(ctx, config.ViperKeyURLsAllowedReturnToDomains, []string{returnTo}) client := testhelpers.NewClientWithCookies(t) setupRegistrationUI(t, client) diff --git a/selfservice/flow/registration/hook.go b/selfservice/flow/registration/hook.go index b04a8a2e2f52..2974f56faa39 100644 --- a/selfservice/flow/registration/hook.go +++ b/selfservice/flow/registration/hook.go @@ -132,13 +132,13 @@ func (e *HookExecutor) PostRegistrationHook(w http.ResponseWriter, r *http.Reque } // Verify the redirect URL before we do any other processing. - c := e.d.Config(r.Context()) - returnTo, err := x.SecureRedirectTo(r, c.SelfServiceBrowserDefaultReturnTo(), + c := e.d.Config() + returnTo, err := x.SecureRedirectTo(r, c.SelfServiceBrowserDefaultReturnTo(r.Context()), x.SecureRedirectReturnTo(a.ReturnTo), x.SecureRedirectUseSourceURL(a.RequestURL), - x.SecureRedirectAllowURLs(c.SelfServiceBrowserAllowedReturnToDomains()), - x.SecureRedirectAllowSelfServiceURLs(c.SelfPublicURL()), - x.SecureRedirectOverrideDefaultReturnTo(c.SelfServiceFlowRegistrationReturnTo(ct.String())), + x.SecureRedirectAllowURLs(c.SelfServiceBrowserAllowedReturnToDomains(r.Context())), + x.SecureRedirectAllowSelfServiceURLs(c.SelfPublicURL(r.Context())), + x.SecureRedirectOverrideDefaultReturnTo(c.SelfServiceFlowRegistrationReturnTo(r.Context(), ct.String())), ) if err != nil { return err @@ -149,7 +149,7 @@ func (e *HookExecutor) PostRegistrationHook(w http.ResponseWriter, r *http.Reque WithField("identity_id", i.ID). Info("A new identity has registered using self-service registration.") - s, err := session.NewActiveSession(i, e.d.Config(r.Context()), time.Now().UTC(), ct, identity.AuthenticatorAssuranceLevel1) + s, err := session.NewActiveSession(r.Context(), i, e.d.Config(), time.Now().UTC(), ct, identity.AuthenticatorAssuranceLevel1) if err != nil { return err } diff --git a/selfservice/flow/registration/hook_test.go b/selfservice/flow/registration/hook_test.go index 3917bc6db18d..8eb3490df458 100644 --- a/selfservice/flow/registration/hook_test.go +++ b/selfservice/flow/registration/hook_test.go @@ -23,6 +23,7 @@ import ( ) func TestRegistrationExecutor(t *testing.T) { + ctx := context.Background() for _, strategy := range []string{ identity.CredentialsTypePassword.String(), identity.CredentialsTypeOIDC.String(), @@ -32,7 +33,7 @@ func TestRegistrationExecutor(t *testing.T) { t.Run("strategy="+strategy, func(t *testing.T) { conf, reg := internal.NewFastRegistryWithMocks(t) testhelpers.SetDefaultIdentitySchema(conf, "file://./stub/registration.schema.json") - conf.MustSet(config.ViperKeySelfServiceBrowserDefaultReturnTo, "https://www.ory.sh/") + conf.MustSet(ctx, config.ViperKeySelfServiceBrowserDefaultReturnTo, "https://www.ory.sh/") newServer := func(t *testing.T, i *identity.Identity, ft flow.Type) *httptest.Server { router := httprouter.New() @@ -57,7 +58,7 @@ func TestRegistrationExecutor(t *testing.T) { ts := httptest.NewServer(router) t.Cleanup(ts.Close) - conf.MustSet(config.ViperKeyPublicBaseURL, ts.URL) + conf.MustSet(ctx, config.ViperKeyPublicBaseURL, ts.URL) return ts } @@ -102,7 +103,7 @@ func TestRegistrationExecutor(t *testing.T) { t.Run("case=use return_to value", func(t *testing.T) { t.Cleanup(testhelpers.SelfServiceHookConfigReset(t, conf)) - conf.MustSet(config.ViperKeyURLsAllowedReturnToDomains, []string{"https://www.ory.sh/"}) + conf.MustSet(ctx, config.ViperKeyURLsAllowedReturnToDomains, []string{"https://www.ory.sh/"}) res, _ := makeRequestPost(t, newServer(t, nil, flow.TypeBrowser), false, url.Values{"return_to": {"https://www.ory.sh/kratos/"}}) assert.EqualValues(t, http.StatusOK, res.StatusCode) @@ -120,7 +121,7 @@ func TestRegistrationExecutor(t *testing.T) { t.Run("case=use nested config value", func(t *testing.T) { t.Cleanup(testhelpers.SelfServiceHookConfigReset(t, conf)) - conf.MustSet(config.ViperKeyURLsAllowedReturnToDomains, []string{"https://www.ory.sh/kratos"}) + conf.MustSet(ctx, config.ViperKeyURLsAllowedReturnToDomains, []string{"https://www.ory.sh/kratos"}) testhelpers.SelfServiceHookRegistrationSetDefaultRedirectTo(t, conf, "https://www.ory.sh/not-kratos") testhelpers.SelfServiceHookRegistrationSetDefaultRedirectToStrategy(t, conf, strategy, "https://www.ory.sh/kratos") diff --git a/selfservice/flow/request.go b/selfservice/flow/request.go index 9732f441fe61..33f72614610a 100644 --- a/selfservice/flow/request.go +++ b/selfservice/flow/request.go @@ -103,7 +103,7 @@ func MethodEnabledAndAllowed(ctx context.Context, expected, actual string, d int return errors.WithStack(ErrStrategyNotResponsible) } - if !d.Config(ctx).SelfServiceStrategy(expected).Enabled { + if !d.Config().SelfServiceStrategy(ctx, expected).Enabled { return errors.WithStack(herodot.ErrNotFound.WithReason(strategy.EndpointDisabledMessage)) } diff --git a/selfservice/flow/request_test.go b/selfservice/flow/request_test.go index e977cb95797d..5afe63016416 100644 --- a/selfservice/flow/request_test.go +++ b/selfservice/flow/request_test.go @@ -1,6 +1,7 @@ package flow_test import ( + "context" "fmt" "io" "net/http" @@ -48,6 +49,7 @@ func TestVerifyRequest(t *testing.T) { } func TestMethodEnabledAndAllowed(t *testing.T) { + ctx := context.Background() conf, d := internal.NewFastRegistryWithMocks(t) ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { if err := flow.MethodEnabledAndAllowedFromRequest(r, "password", d); err != nil { @@ -76,7 +78,7 @@ func TestMethodEnabledAndAllowed(t *testing.T) { }) t.Run("disabled", func(t *testing.T) { - require.NoError(t, conf.Set(fmt.Sprintf("%s.%s.enabled", config.ViperKeySelfServiceStrategyConfig, "password"), false)) + require.NoError(t, conf.Set(ctx, fmt.Sprintf("%s.%s.enabled", config.ViperKeySelfServiceStrategyConfig, "password"), false)) res, err := ts.Client().PostForm(ts.URL, url.Values{"method": {"password"}}) require.NoError(t, err) body, err := io.ReadAll(res.Body) diff --git a/selfservice/flow/settings/error.go b/selfservice/flow/settings/error.go index 1432ba720146..b749b5ca4505 100644 --- a/selfservice/flow/settings/error.go +++ b/selfservice/flow/settings/error.go @@ -79,8 +79,8 @@ func (s *ErrorHandler) reauthenticate( f *Flow, err *FlowNeedsReAuth, ) { - returnTo := urlx.CopyWithQuery(urlx.AppendPaths(s.d.Config(r.Context()).SelfPublicURL(), r.URL.Path), r.URL.Query()) - redirectTo := urlx.AppendPaths(urlx.CopyWithQuery(s.d.Config(r.Context()).SelfPublicURL(), + returnTo := urlx.CopyWithQuery(urlx.AppendPaths(s.d.Config().SelfPublicURL(r.Context()), r.URL.Path), r.URL.Query()) + redirectTo := urlx.AppendPaths(urlx.CopyWithQuery(s.d.Config().SelfPublicURL(r.Context()), url.Values{"refresh": {"true"}, "return_to": {returnTo.String()}}), login.RouteInitBrowserFlow).String() err.RedirectBrowserTo = redirectTo @@ -135,7 +135,7 @@ func (s *ErrorHandler) WriteFlowError( if shouldRespondWithJSON { s.d.Writer().WriteError(w, r, err) } else { - http.Redirect(w, r, urlx.AppendPaths(s.d.Config(r.Context()).SelfPublicURL(), login.RouteInitBrowserFlow).String(), http.StatusSeeOther) + http.Redirect(w, r, urlx.AppendPaths(s.d.Config().SelfPublicURL(r.Context()), login.RouteInitBrowserFlow).String(), http.StatusSeeOther) } return } @@ -145,7 +145,7 @@ func (s *ErrorHandler) WriteFlowError( s.d.Writer().WriteError(w, r, aalErr) } else { http.Redirect(w, r, urlx.CopyWithQuery( - urlx.AppendPaths(s.d.Config(r.Context()).SelfPublicURL(), login.RouteInitBrowserFlow), + urlx.AppendPaths(s.d.Config().SelfPublicURL(r.Context()), login.RouteInitBrowserFlow), url.Values{"aal": {string(identity.AuthenticatorAssuranceLevel2)}}).String(), http.StatusSeeOther) } return @@ -168,7 +168,7 @@ func (s *ErrorHandler) WriteFlowError( if f.Type == flow.TypeAPI || x.IsJSONRequest(r) { s.d.Writer().WriteError(w, r, expired) } else { - http.Redirect(w, r, expired.GetFlow().AppendTo(s.d.Config(r.Context()).SelfServiceFlowSettingsUI()).String(), http.StatusSeeOther) + http.Redirect(w, r, expired.GetFlow().AppendTo(s.d.Config().SelfServiceFlowSettingsUI(r.Context())).String(), http.StatusSeeOther) } return } @@ -177,7 +177,7 @@ func (s *ErrorHandler) WriteFlowError( if shouldRespondWithJSON { s.d.Writer().Write(w, r, f) } else { - http.Redirect(w, r, f.AppendTo(s.d.Config(r.Context()).SelfServiceFlowSettingsUI()).String(), http.StatusSeeOther) + http.Redirect(w, r, f.AppendTo(s.d.Config().SelfServiceFlowSettingsUI(r.Context())).String(), http.StatusSeeOther) } return } @@ -217,7 +217,7 @@ func (s *ErrorHandler) WriteFlowError( } if f.Type == flow.TypeBrowser && !x.IsJSONRequest(r) { - http.Redirect(w, r, f.AppendTo(s.d.Config(r.Context()).SelfServiceFlowSettingsUI()).String(), http.StatusSeeOther) + http.Redirect(w, r, f.AppendTo(s.d.Config().SelfServiceFlowSettingsUI(r.Context())).String(), http.StatusSeeOther) return } diff --git a/selfservice/flow/settings/error_test.go b/selfservice/flow/settings/error_test.go index a7b188c5d6ba..56ced4f9cf4b 100644 --- a/selfservice/flow/settings/error_test.go +++ b/selfservice/flow/settings/error_test.go @@ -39,6 +39,7 @@ import ( ) func TestHandleError(t *testing.T) { + ctx := context.Background() conf, reg := internal.NewFastRegistryWithMocks(t) testhelpers.SetDefaultIdentitySchema(conf, "file://./stub/identity.schema.json") @@ -91,7 +92,7 @@ func TestHandleError(t *testing.T) { res, err := ts.Client().Get(ts.URL + "/error") require.NoError(t, err) defer res.Body.Close() - require.Contains(t, res.Request.URL.String(), conf.SelfServiceFlowErrorURL().String()+"?id=") + require.Contains(t, res.Request.URL.String(), conf.SelfServiceFlowErrorURL(ctx).String()+"?id=") sse, _, err := sdk.V0alpha2Api.GetSelfServiceError(context.Background()). Id(res.Request.URL.Query().Get("id")).Execute() @@ -122,7 +123,7 @@ func TestHandleError(t *testing.T) { require.NoError(t, err) defer res.Body.Close() assert.Contains(t, res.Header.Get("Content-Type"), "application/json") - assert.NotContains(t, res.Request.URL.String(), conf.SelfServiceFlowErrorURL().String()+"?id=") + assert.NotContains(t, res.Request.URL.String(), conf.SelfServiceFlowErrorURL(ctx).String()+"?id=") body, err := io.ReadAll(res.Body) require.NoError(t, err) @@ -141,7 +142,7 @@ func TestHandleError(t *testing.T) { t.Cleanup(reset) // This needs an authenticated client in order to call the RouteGetFlow endpoint - s, err := session.NewActiveSession(&id, testhelpers.NewSessionLifespanProvider(time.Hour), time.Now(), identity.CredentialsTypePassword, identity.AuthenticatorAssuranceLevel1) + s, err := session.NewActiveSession(ctx, &id, testhelpers.NewSessionLifespanProvider(time.Hour), time.Now(), identity.CredentialsTypePassword, identity.AuthenticatorAssuranceLevel1) require.NoError(t, err) c := testhelpers.NewHTTPClientWithSessionToken(t, reg, s) @@ -258,7 +259,7 @@ func TestHandleError(t *testing.T) { res, err := ts.Client().Get(ts.URL + "/error") require.NoError(t, err) defer res.Body.Close() - assert.Contains(t, res.Request.URL.String(), conf.SelfServiceFlowSettingsUI().String()+"?flow=") + assert.Contains(t, res.Request.URL.String(), conf.SelfServiceFlowSettingsUI(ctx).String()+"?flow=") sf, err := reg.SettingsFlowPersister().GetSettingsFlow(context.Background(), uuid.FromStringOrNil(res.Request.URL.Query().Get("flow"))) require.NoError(t, err) @@ -326,7 +327,7 @@ func TestHandleError(t *testing.T) { }) t.Run("case=session old error", func(t *testing.T) { - conf.MustSet(config.ViperKeyURLsAllowedReturnToDomains, []string{urlx.AppendPaths(conf.SelfPublicURL(), "/error").String()}) + conf.MustSet(ctx, config.ViperKeyURLsAllowedReturnToDomains, []string{urlx.AppendPaths(conf.SelfPublicURL(ctx), "/error").String()}) t.Cleanup(reset) settingsFlow = &settings.Flow{Type: flow.TypeBrowser} @@ -336,7 +337,7 @@ func TestHandleError(t *testing.T) { res, err := ts.Client().Get(ts.URL + "/error") require.NoError(t, err) defer res.Body.Close() - require.Contains(t, res.Request.URL.String(), conf.Source().String(config.ViperKeySelfServiceLoginUI)) + require.Contains(t, res.Request.URL.String(), conf.GetProvider(ctx).String(config.ViperKeySelfServiceLoginUI)) }) t.Run("case=validation error", func(t *testing.T) { diff --git a/selfservice/flow/settings/flow.go b/selfservice/flow/settings/flow.go index 15ec1f737795..eeae6de19799 100644 --- a/selfservice/flow/settings/flow.go +++ b/selfservice/flow/settings/flow.go @@ -17,8 +17,6 @@ import ( "github.com/ory/kratos/ui/container" "github.com/ory/x/urlx" - "github.com/ory/kratos/corp" - "github.com/gofrs/uuid" "github.com/pkg/errors" @@ -127,10 +125,10 @@ func NewFlow(conf *config.Config, exp time.Duration, r *http.Request, i *identit // Pre-validate the return to URL which is contained in the HTTP request. requestURL := x.RequestURL(r).String() _, err := x.SecureRedirectTo(r, - conf.SelfServiceBrowserDefaultReturnTo(), + conf.SelfServiceBrowserDefaultReturnTo(r.Context()), x.SecureRedirectUseSourceURL(requestURL), - x.SecureRedirectAllowURLs(conf.SelfServiceBrowserAllowedReturnToDomains()), - x.SecureRedirectAllowSelfServiceURLs(conf.SelfPublicURL()), + x.SecureRedirectAllowURLs(conf.SelfServiceBrowserAllowedReturnToDomains(r.Context())), + x.SecureRedirectAllowSelfServiceURLs(conf.SelfPublicURL(r.Context())), ) if err != nil { return nil, err @@ -147,7 +145,7 @@ func NewFlow(conf *config.Config, exp time.Duration, r *http.Request, i *identit State: StateShowForm, UI: &container.Container{ Method: "POST", - Action: flow.AppendFlowTo(urlx.AppendPaths(conf.SelfPublicURL(), RouteSubmitFlow), id).String(), + Action: flow.AppendFlowTo(urlx.AppendPaths(conf.SelfPublicURL(r.Context()), RouteSubmitFlow), id).String(), }, InternalContext: []byte("{}"), }, nil @@ -162,7 +160,7 @@ func (f *Flow) GetRequestURL() string { } func (f Flow) TableName(ctx context.Context) string { - return corp.ContextualizeTableName(ctx, "selfservice_settings_flows") + return "selfservice_settings_flows" } func (f Flow) GetID() uuid.UUID { diff --git a/selfservice/flow/settings/flow_test.go b/selfservice/flow/settings/flow_test.go index 8935d0ca2378..4bffc506145c 100644 --- a/selfservice/flow/settings/flow_test.go +++ b/selfservice/flow/settings/flow_test.go @@ -1,6 +1,7 @@ package settings_test import ( + "context" "crypto/tls" "fmt" "net/http" @@ -43,6 +44,7 @@ func TestFakeFlow(t *testing.T) { } func TestNewFlow(t *testing.T) { + ctx := context.Background() conf := internal.NewConfigurationWithDefaults(t) id := &identity.Identity{ID: x.NewUUID()} @@ -59,7 +61,7 @@ func TestNewFlow(t *testing.T) { _, err := registration.NewFlow(conf, 0, "csrf", &http.Request{URL: &url.URL{Path: "/", RawQuery: "return_to=https://not-allowed/foobar"}, Host: "ory.sh"}, flow.TypeBrowser) require.Error(t, err) - _, err = registration.NewFlow(conf, 0, "csrf", &http.Request{URL: &url.URL{Path: "/", RawQuery: "return_to=" + urlx.AppendPaths(conf.SelfPublicURL(), "/self-service/login/browser").String()}, Host: "ory.sh"}, flow.TypeBrowser) + _, err = registration.NewFlow(conf, 0, "csrf", &http.Request{URL: &url.URL{Path: "/", RawQuery: "return_to=" + urlx.AppendPaths(conf.SelfPublicURL(ctx), "/self-service/login/browser").String()}, Host: "ory.sh"}, flow.TypeBrowser) require.NoError(t, err) }) diff --git a/selfservice/flow/settings/handler.go b/selfservice/flow/settings/handler.go index 82d48905ceea..e39b3a0dcbf8 100644 --- a/selfservice/flow/settings/handler.go +++ b/selfservice/flow/settings/handler.go @@ -85,7 +85,7 @@ func (h *Handler) RegisterPublicRoutes(public *x.RouterPublic) { if x.IsJSONRequest(r) { h.d.Writer().WriteError(w, r, session.NewErrNoActiveSessionFound()) } else { - http.Redirect(w, r, h.d.Config(r.Context()).SelfServiceFlowLoginUI().String(), http.StatusSeeOther) + http.Redirect(w, r, h.d.Config().SelfServiceFlowLoginUI(r.Context()).String(), http.StatusSeeOther) } })) @@ -107,7 +107,7 @@ func (h *Handler) RegisterAdminRoutes(admin *x.RouterAdmin) { } func (h *Handler) NewFlow(w http.ResponseWriter, r *http.Request, i *identity.Identity, ft flow.Type) (*Flow, error) { - f, err := NewFlow(h.d.Config(r.Context()), h.d.Config(r.Context()).SelfServiceFlowSettingsFlowLifespan(), r, i, ft) + f, err := NewFlow(h.d.Config(), h.d.Config().SelfServiceFlowSettingsFlowLifespan(r.Context()), r, i, ft) if err != nil { return nil, err } @@ -121,7 +121,7 @@ func (h *Handler) NewFlow(w http.ResponseWriter, r *http.Request, i *identity.Id } } - ds, err := h.d.Config(r.Context()).DefaultIdentityTraitsSchemaURL() + ds, err := h.d.Config().DefaultIdentityTraitsSchemaURL(r.Context()) if err != nil { return nil, err } @@ -196,7 +196,7 @@ func (h *Handler) initApiFlow(w http.ResponseWriter, r *http.Request, _ httprout return } - if err := h.d.SessionManager().DoesSessionSatisfy(r, s, h.d.Config(r.Context()).SelfServiceSettingsRequiredAAL()); err != nil { + if err := h.d.SessionManager().DoesSessionSatisfy(r, s, h.d.Config().SelfServiceSettingsRequiredAAL(r.Context())); err != nil { h.d.Writer().WriteError(w, r, err) return } @@ -266,7 +266,7 @@ func (h *Handler) initBrowserFlow(w http.ResponseWriter, r *http.Request, ps htt return } - if err := h.d.SessionManager().DoesSessionSatisfy(r, s, h.d.Config(r.Context()).SelfServiceSettingsRequiredAAL()); err != nil { + if err := h.d.SessionManager().DoesSessionSatisfy(r, s, h.d.Config().SelfServiceSettingsRequiredAAL(r.Context())); err != nil { h.d.SettingsFlowErrorHandler().WriteFlowError(w, r, node.DefaultGroup, nil, nil, err) return } @@ -277,7 +277,7 @@ func (h *Handler) initBrowserFlow(w http.ResponseWriter, r *http.Request, ps htt return } - redirTo := f.AppendTo(h.d.Config(r.Context()).SelfServiceFlowSettingsUI()).String() + redirTo := f.AppendTo(h.d.Config().SelfServiceFlowSettingsUI(r.Context())).String() x.AcceptToRedirectOrJSON(w, r, h.d.Writer(), f, redirTo) } @@ -370,13 +370,13 @@ func (h *Handler) fetchFlow(w http.ResponseWriter, r *http.Request) error { return errors.WithStack(herodot.ErrForbidden.WithID(text.ErrIDInitiatedBySomeoneElse).WithReasonf("The request was made for another identity and has been blocked for security reasons.")) } - if err := h.d.SessionManager().DoesSessionSatisfy(r, sess, h.d.Config(r.Context()).SelfServiceSettingsRequiredAAL()); err != nil { + if err := h.d.SessionManager().DoesSessionSatisfy(r, sess, h.d.Config().SelfServiceSettingsRequiredAAL(r.Context())); err != nil { return err } if pr.ExpiresAt.Before(time.Now().UTC()) { if pr.Type == flow.TypeBrowser { - redirectURL := flow.GetFlowExpiredRedirectURL(h.d.Config(r.Context()), RouteInitBrowserFlow, pr.ReturnTo) + redirectURL := flow.GetFlowExpiredRedirectURL(r.Context(), h.d.Config(), RouteInitBrowserFlow, pr.ReturnTo) h.d.Writer().WriteError(w, r, errors.WithStack(x.ErrGone. WithReason("The settings flow has expired. Redirect the user to the settings flow init endpoint to initialize a new settings flow."). @@ -386,7 +386,7 @@ func (h *Handler) fetchFlow(w http.ResponseWriter, r *http.Request) error { } h.d.Writer().WriteError(w, r, errors.WithStack(x.ErrGone. WithReason("The settings flow has expired. Call the settings flow init API endpoint to initialize a new settings flow."). - WithDetail("api", urlx.AppendPaths(h.d.Config(r.Context()).SelfPublicURL(), RouteInitAPIFlow).String()))) + WithDetail("api", urlx.AppendPaths(h.d.Config().SelfPublicURL(r.Context()), RouteInitAPIFlow).String()))) return nil } @@ -520,7 +520,7 @@ func (h *Handler) submitSettingsFlow(w http.ResponseWriter, r *http.Request, ps return } - if err := h.d.SessionManager().DoesSessionSatisfy(r, ss, h.d.Config(r.Context()).SelfServiceSettingsRequiredAAL()); err != nil { + if err := h.d.SessionManager().DoesSessionSatisfy(r, ss, h.d.Config().SelfServiceSettingsRequiredAAL(r.Context())); err != nil { h.d.SettingsFlowErrorHandler().WriteFlowError(w, r, node.DefaultGroup, f, nil, err) return } diff --git a/selfservice/flow/settings/handler_test.go b/selfservice/flow/settings/handler_test.go index b813f0a60217..b457bc651f1c 100644 --- a/selfservice/flow/settings/handler_test.go +++ b/selfservice/flow/settings/handler_test.go @@ -45,6 +45,7 @@ func init() { } func TestHandler(t *testing.T) { + ctx := context.Background() conf, reg := internal.NewFastRegistryWithMocks(t) testhelpers.SetDefaultIdentitySchema(conf, "file://./stub/identity.schema.json") testhelpers.StrategyEnable(t, conf, identity.CredentialsTypePassword.String(), true) @@ -59,7 +60,7 @@ func TestHandler(t *testing.T) { _ = testhelpers.NewErrorTestServer(t, reg) _ = testhelpers.NewSettingsUIFlowEchoServer(t, reg) - conf.MustSet(config.ViperKeySelfServiceSettingsPrivilegedAuthenticationAfter, "1ns") + conf.MustSet(ctx, config.ViperKeySelfServiceSettingsPrivilegedAuthenticationAfter, "1ns") primaryIdentity := &identity.Identity{ID: x.NewUUID(), Traits: identity.Traits(`{}`)} require.NoError(t, reg.PrivilegedIdentityPool().CreateIdentity(context.Background(), primaryIdentity)) @@ -133,7 +134,7 @@ func TestHandler(t *testing.T) { }) t.Run("description=can not init if identity has aal2 but session has aal1", func(t *testing.T) { - conf.MustSet(config.ViperKeySelfServiceSettingsRequiredAAL, config.HighestAvailableAAL) + conf.MustSet(ctx, config.ViperKeySelfServiceSettingsRequiredAAL, config.HighestAvailableAAL) res, body := initFlow(t, aal2Identity, true) assert.Equal(t, http.StatusForbidden, res.StatusCode, "%s", body) assertx.EqualAsJSON(t, session.NewErrAALNotSatisfied(publicTS.URL+"/self-service/login/browser?aal=aal2"), json.RawMessage(body)) @@ -150,14 +151,14 @@ func TestHandler(t *testing.T) { t.Run("description=success", func(t *testing.T) { user1 := testhelpers.NewHTTPClientWithArbitrarySessionCookie(t, reg) res, body := initFlow(t, user1, false) - assert.Contains(t, res.Request.URL.String(), reg.Config(context.Background()).SelfServiceFlowSettingsUI().String()) + assert.Contains(t, res.Request.URL.String(), reg.Config().SelfServiceFlowSettingsUI(ctx).String()) assertion(t, body, false) }) t.Run("description=can not init if identity has aal2 but session has aal1", func(t *testing.T) { - conf.MustSet(config.ViperKeySelfServiceSettingsRequiredAAL, config.HighestAvailableAAL) + conf.MustSet(ctx, config.ViperKeySelfServiceSettingsRequiredAAL, config.HighestAvailableAAL) res, body := initFlow(t, aal2Identity, false) - assert.Contains(t, res.Request.URL.String(), reg.Config(context.Background()).SelfServiceFlowLoginUI().String()) + assert.Contains(t, res.Request.URL.String(), reg.Config().SelfServiceFlowLoginUI(ctx).String()) assert.EqualValues(t, "Please complete the second authentication challenge.", gjson.GetBytes(body, "ui.messages.0.text").String(), "%s", body) }) @@ -188,7 +189,7 @@ func TestHandler(t *testing.T) { t.Run("description=can not init if identity has aal2 but session has aal1", func(t *testing.T) { email := testhelpers.RandomEmail() - conf.MustSet(config.ViperKeySelfServiceSettingsRequiredAAL, config.HighestAvailableAAL) + conf.MustSet(ctx, config.ViperKeySelfServiceSettingsRequiredAAL, config.HighestAvailableAAL) user1 := testhelpers.NewHTTPClientWithIdentitySessionCookie(t, reg, &identity.Identity{ State: identity.StateActive, Traits: []byte(`{"email":"` + email + `"}`), @@ -225,7 +226,7 @@ func TestHandler(t *testing.T) { t.Run("case=expired with return_to", func(t *testing.T) { returnTo := "https://www.ory.sh" - conf.MustSet(config.ViperKeyURLsAllowedReturnToDomains, []string{returnTo}) + conf.MustSet(ctx, config.ViperKeyURLsAllowedReturnToDomains, []string{returnTo}) client := testhelpers.NewHTTPClientWithArbitrarySessionToken(t, reg) body := x.EasyGetBody(t, client, publicTS.URL+settings.RouteInitBrowserFlow+"?return_to="+returnTo) @@ -291,14 +292,14 @@ func TestHandler(t *testing.T) { t.Run("description=can not fetch if identity has aal2 but session has aal1", func(t *testing.T) { t.Cleanup(func() { - conf.MustSet(config.ViperKeySelfServiceSettingsRequiredAAL, config.HighestAvailableAAL) + conf.MustSet(ctx, config.ViperKeySelfServiceSettingsRequiredAAL, config.HighestAvailableAAL) }) - conf.MustSet(config.ViperKeySelfServiceSettingsRequiredAAL, "aal1") + conf.MustSet(ctx, config.ViperKeySelfServiceSettingsRequiredAAL, "aal1") res, body := initFlow(t, aal2Identity, false) require.Equal(t, http.StatusOK, res.StatusCode) - conf.MustSet(config.ViperKeySelfServiceSettingsRequiredAAL, config.HighestAvailableAAL) + conf.MustSet(ctx, config.ViperKeySelfServiceSettingsRequiredAAL, config.HighestAvailableAAL) res, err := aal2Identity.Get(publicTS.URL + settings.RouteGetFlow + "?id=" + gjson.GetBytes(body, "id").String()) require.NoError(t, err) body = ioutilx.MustReadAll(res.Body) @@ -314,16 +315,16 @@ func TestHandler(t *testing.T) { t.Run("description=can not submit if identity has aal2 but session has aal1", func(t *testing.T) { t.Run("type=browser", func(t *testing.T) { t.Cleanup(func() { - conf.MustSet(config.ViperKeySelfServiceSettingsRequiredAAL, config.HighestAvailableAAL) + conf.MustSet(ctx, config.ViperKeySelfServiceSettingsRequiredAAL, config.HighestAvailableAAL) }) - conf.MustSet(config.ViperKeySelfServiceSettingsRequiredAAL, "aal1") + conf.MustSet(ctx, config.ViperKeySelfServiceSettingsRequiredAAL, "aal1") res, body := initFlow(t, aal2Identity, false) require.Equal(t, http.StatusOK, res.StatusCode) var f kratos.SelfServiceSettingsFlow require.NoError(t, json.Unmarshal(body, &f)) - conf.MustSet(config.ViperKeySelfServiceSettingsRequiredAAL, config.HighestAvailableAAL) + conf.MustSet(ctx, config.ViperKeySelfServiceSettingsRequiredAAL, config.HighestAvailableAAL) actual, res := testhelpers.SettingsMakeRequest(t, false, false, &f, aal2Identity, `{"method":"not-exists"}`) assert.Equal(t, http.StatusOK, res.StatusCode) assert.Equal(t, "Please complete the second authentication challenge.", gjson.Get(actual, "ui.messages.0.text").String(), actual) @@ -331,16 +332,16 @@ func TestHandler(t *testing.T) { t.Run("type=spa", func(t *testing.T) { t.Cleanup(func() { - conf.MustSet(config.ViperKeySelfServiceSettingsRequiredAAL, config.HighestAvailableAAL) + conf.MustSet(ctx, config.ViperKeySelfServiceSettingsRequiredAAL, config.HighestAvailableAAL) }) - conf.MustSet(config.ViperKeySelfServiceSettingsRequiredAAL, "aal1") + conf.MustSet(ctx, config.ViperKeySelfServiceSettingsRequiredAAL, "aal1") res, body := initFlow(t, aal2Identity, false) require.Equal(t, http.StatusOK, res.StatusCode) var f kratos.SelfServiceSettingsFlow require.NoError(t, json.Unmarshal(body, &f)) - conf.MustSet(config.ViperKeySelfServiceSettingsRequiredAAL, config.HighestAvailableAAL) + conf.MustSet(ctx, config.ViperKeySelfServiceSettingsRequiredAAL, config.HighestAvailableAAL) actual, res := testhelpers.SettingsMakeRequest(t, false, true, &f, aal2Identity, `{"method":"not-exists"}`) assert.Equal(t, http.StatusForbidden, res.StatusCode) assertx.EqualAsJSON(t, session.NewErrAALNotSatisfied(publicTS.URL+"/self-service/login/browser?aal=aal2"), json.RawMessage(actual)) @@ -348,16 +349,16 @@ func TestHandler(t *testing.T) { t.Run("type=api", func(t *testing.T) { t.Cleanup(func() { - conf.MustSet(config.ViperKeySelfServiceSettingsRequiredAAL, config.HighestAvailableAAL) + conf.MustSet(ctx, config.ViperKeySelfServiceSettingsRequiredAAL, config.HighestAvailableAAL) }) - conf.MustSet(config.ViperKeySelfServiceSettingsRequiredAAL, "aal1") + conf.MustSet(ctx, config.ViperKeySelfServiceSettingsRequiredAAL, "aal1") res, body := initFlow(t, aal2Identity, true) require.Equal(t, http.StatusOK, res.StatusCode) var f kratos.SelfServiceSettingsFlow require.NoError(t, json.Unmarshal(body, &f)) - conf.MustSet(config.ViperKeySelfServiceSettingsRequiredAAL, config.HighestAvailableAAL) + conf.MustSet(ctx, config.ViperKeySelfServiceSettingsRequiredAAL, config.HighestAvailableAAL) actual, res := testhelpers.SettingsMakeRequest(t, true, false, &f, aal2Identity, `{"method":"not-exists"}`) assert.Equal(t, http.StatusForbidden, res.StatusCode) assertx.EqualAsJSON(t, session.NewErrAALNotSatisfied(publicTS.URL+"/self-service/login/browser?aal=aal2"), json.RawMessage(actual)) @@ -404,7 +405,7 @@ func TestHandler(t *testing.T) { }) t.Run("case=relative redirect when self-service settings ui is a relative url", func(t *testing.T) { - reg.Config(context.Background()).MustSet(config.ViperKeySelfServiceSettingsURL, "/settings-ts") + reg.Config().MustSet(ctx, config.ViperKeySelfServiceSettingsURL, "/settings-ts") user1 := testhelpers.NewNoRedirectHTTPClientWithArbitrarySessionCookie(t, reg) res, _ := initFlow(t, user1, false) assert.Regexp( diff --git a/selfservice/flow/settings/hook.go b/selfservice/flow/settings/hook.go index e5b14e5c3319..6690891f8d42 100644 --- a/selfservice/flow/settings/hook.go +++ b/selfservice/flow/settings/hook.go @@ -136,14 +136,14 @@ func (e *HookExecutor) PostSettingsHook(w http.ResponseWriter, r *http.Request, Debug("Running PostSettingsPrePersistHooks.") // Verify the redirect URL before we do any other processing. - c := e.d.Config(r.Context()) - returnTo, err := x.SecureRedirectTo(r, c.SelfServiceBrowserDefaultReturnTo(), + c := e.d.Config() + returnTo, err := x.SecureRedirectTo(r, c.SelfServiceBrowserDefaultReturnTo(r.Context()), x.SecureRedirectUseSourceURL(ctxUpdate.Flow.RequestURL), - x.SecureRedirectAllowURLs(c.SelfServiceBrowserAllowedReturnToDomains()), - x.SecureRedirectAllowSelfServiceURLs(c.SelfPublicURL()), + x.SecureRedirectAllowURLs(c.SelfServiceBrowserAllowedReturnToDomains(r.Context())), + x.SecureRedirectAllowSelfServiceURLs(c.SelfPublicURL(r.Context())), x.SecureRedirectOverrideDefaultReturnTo( - e.d.Config(r.Context()).SelfServiceFlowSettingsReturnTo(settingsType, - ctxUpdate.Flow.AppendTo(e.d.Config(r.Context()).SelfServiceFlowSettingsUI()))), + e.d.Config().SelfServiceFlowSettingsReturnTo(r.Context(), settingsType, + ctxUpdate.Flow.AppendTo(e.d.Config().SelfServiceFlowSettingsUI(r.Context())))), ) if err != nil { return err @@ -187,7 +187,7 @@ func (e *HookExecutor) PostSettingsHook(w http.ResponseWriter, r *http.Request, } options := []identity.ManagerOption{identity.ManagerExposeValidationErrorsForInternalTypeAssertion} - ttl := e.d.Config(r.Context()).SelfServiceFlowSettingsPrivilegedSessionMaxAge() + ttl := e.d.Config().SelfServiceFlowSettingsPrivilegedSessionMaxAge(r.Context()) if ctxUpdate.Session.AuthenticatedAt.Add(ttl).After(time.Now()) { options = append(options, identity.ManagerAllowWriteProtectedTraits) } diff --git a/selfservice/flow/settings/hook_test.go b/selfservice/flow/settings/hook_test.go index 27b61a38c10e..4ed6ba035d99 100644 --- a/selfservice/flow/settings/hook_test.go +++ b/selfservice/flow/settings/hook_test.go @@ -1,6 +1,7 @@ package settings_test import ( + "context" "net/http" "net/url" "testing" @@ -25,6 +26,7 @@ import ( ) func TestSettingsExecutor(t *testing.T) { + ctx := context.Background() for _, strategy := range []string{ identity.CredentialsTypePassword.String(), settings.StrategyProfile, @@ -33,7 +35,7 @@ func TestSettingsExecutor(t *testing.T) { conf, reg := internal.NewFastRegistryWithMocks(t) testhelpers.SetDefaultIdentitySchema(conf, "file://./stub/identity.schema.json") - conf.MustSet(config.ViperKeySelfServiceBrowserDefaultReturnTo, "https://www.ory.sh/") + conf.MustSet(ctx, config.ViperKeySelfServiceBrowserDefaultReturnTo, "https://www.ory.sh/") reg.WithHooks(map[string]func(config.SelfServiceHook) interface{}{ "err": func(c config.SelfServiceHook) interface{} { @@ -46,7 +48,7 @@ func TestSettingsExecutor(t *testing.T) { handleErr := testhelpers.SelfServiceHookSettingsErrorHandler router.GET("/settings/post", func(w http.ResponseWriter, r *http.Request, _ httprouter.Params) { i := testhelpers.SelfServiceHookCreateFakeIdentity(t, reg) - sess, _ := session.NewActiveSession(i, conf, time.Now().UTC(), identity.CredentialsTypePassword, identity.AuthenticatorAssuranceLevel1) + sess, _ := session.NewActiveSession(ctx, i, conf, time.Now().UTC(), identity.CredentialsTypePassword, identity.AuthenticatorAssuranceLevel1) a, err := settings.NewFlow(conf, time.Minute, r, sess.Identity, ft) require.NoError(t, err) @@ -57,19 +59,19 @@ func TestSettingsExecutor(t *testing.T) { }) ts := httptest.NewServer(router) t.Cleanup(ts.Close) - conf.MustSet(config.ViperKeyPublicBaseURL, ts.URL) + conf.MustSet(ctx, config.ViperKeyPublicBaseURL, ts.URL) return ts } makeRequestPost := testhelpers.SelfServiceMakeSettingsPostHookRequest viperSetPost := func(strategy string, c []config.SelfServiceHook) { - conf.MustSet(config.HookStrategyKey(config.ViperKeySelfServiceSettingsAfter, strategy), c) + conf.MustSet(ctx, config.HookStrategyKey(config.ViperKeySelfServiceSettingsAfter, strategy), c) } uiTS := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {})) t.Cleanup(uiTS.Close) uiURL := uiTS.URL + "/user/settings" - conf.MustSet(config.ViperKeySelfServiceSettingsURL, uiURL) + conf.MustSet(ctx, config.ViperKeySelfServiceSettingsURL, uiURL) t.Run("method=PostSettingsHook", func(t *testing.T) { @@ -101,7 +103,7 @@ func TestSettingsExecutor(t *testing.T) { t.Run("case=use return_to value", func(t *testing.T) { t.Cleanup(testhelpers.SelfServiceHookConfigReset(t, conf)) - conf.MustSet(config.ViperKeyURLsAllowedReturnToDomains, []string{"https://www.ory.sh/"}) + conf.MustSet(ctx, config.ViperKeyURLsAllowedReturnToDomains, []string{"https://www.ory.sh/"}) testhelpers.SelfServiceHookSettingsSetDefaultRedirectTo(t, conf, "https://www.ory.sh") res, _ := makeRequestPost(t, newServer(t, flow.TypeBrowser), false, url.Values{"return_to": {"https://www.ory.sh/kratos/"}}) diff --git a/selfservice/flow/settings/strategy_helper.go b/selfservice/flow/settings/strategy_helper.go index bb6809b4c6fa..3659480997a7 100644 --- a/selfservice/flow/settings/strategy_helper.go +++ b/selfservice/flow/settings/strategy_helper.go @@ -101,7 +101,7 @@ func OnUnauthenticated(reg interface { x.WriterProvider }) func(http.ResponseWriter, *http.Request, httprouter.Params) { return func(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { - handler := session.RedirectOnUnauthenticated(reg.Config(r.Context()).SelfServiceFlowLoginUI().String()) + handler := session.RedirectOnUnauthenticated(reg.Config().SelfServiceFlowLoginUI(r.Context()).String()) if x.IsJSONRequest(r) { handler = session.RespondWithJSONErrorOnAuthenticated(reg.Writer(), herodot.ErrUnauthorized.WithReasonf("A valid Ory Session Cookie or Ory Session Token is missing.")) } diff --git a/selfservice/flow/verification/error.go b/selfservice/flow/verification/error.go index 879d13f9555a..9d50f9623f1d 100644 --- a/selfservice/flow/verification/error.go +++ b/selfservice/flow/verification/error.go @@ -67,7 +67,7 @@ func (s *ErrorHandler) WriteFlowError( if e := new(flow.ExpiredError); errors.As(err, &e) { // create new flow because the old one is not valid - a, err := FromOldFlow(s.d.Config(r.Context()), s.d.Config(r.Context()).SelfServiceFlowVerificationRequestLifespan(), + a, err := FromOldFlow(s.d.Config(), s.d.Config().SelfServiceFlowVerificationRequestLifespan(r.Context()), s.d.GenerateCSRFToken(r), r, s.d.VerificationStrategies(r.Context()), f) if err != nil { // failed to create a new session and redirect to it, handle that error as a new one @@ -85,10 +85,10 @@ func (s *ErrorHandler) WriteFlowError( // // https://github.com/ory/kratos/issues/2049!! if a.Type == flow.TypeAPI || x.IsJSONRequest(r) { - http.Redirect(w, r, urlx.CopyWithQuery(urlx.AppendPaths(s.d.Config(r.Context()).SelfPublicURL(), + http.Redirect(w, r, urlx.CopyWithQuery(urlx.AppendPaths(s.d.Config().SelfPublicURL(r.Context()), RouteGetFlow), url.Values{"id": {a.ID.String()}}).String(), http.StatusSeeOther) } else { - http.Redirect(w, r, a.AppendTo(s.d.Config(r.Context()).SelfServiceFlowVerificationUI()).String(), http.StatusSeeOther) + http.Redirect(w, r, a.AppendTo(s.d.Config().SelfServiceFlowVerificationUI(r.Context())).String(), http.StatusSeeOther) } return } @@ -105,7 +105,7 @@ func (s *ErrorHandler) WriteFlowError( } if f.Type == flow.TypeBrowser && !x.IsJSONRequest(r) { - http.Redirect(w, r, f.AppendTo(s.d.Config(r.Context()).SelfServiceFlowVerificationUI()).String(), http.StatusSeeOther) + http.Redirect(w, r, f.AppendTo(s.d.Config().SelfServiceFlowVerificationUI(r.Context())).String(), http.StatusSeeOther) return } diff --git a/selfservice/flow/verification/error_test.go b/selfservice/flow/verification/error_test.go index 4132b93e1972..73835ac104dc 100644 --- a/selfservice/flow/verification/error_test.go +++ b/selfservice/flow/verification/error_test.go @@ -35,8 +35,9 @@ import ( ) func TestHandleError(t *testing.T) { + ctx := context.Background() conf, reg := internal.NewFastRegistryWithMocks(t) - conf.MustSet(config.ViperKeySelfServiceVerificationEnabled, true) + conf.MustSet(ctx, config.ViperKeySelfServiceVerificationEnabled, true) public, _ := testhelpers.NewKratosServer(t, reg) @@ -77,7 +78,7 @@ func TestHandleError(t *testing.T) { res, err := ts.Client().Get(ts.URL + "/error") require.NoError(t, err) defer res.Body.Close() - require.Contains(t, res.Request.URL.String(), conf.SelfServiceFlowErrorURL().String()+"?id=") + require.Contains(t, res.Request.URL.String(), conf.SelfServiceFlowErrorURL(ctx).String()+"?id=") sse, _, err := sdk.V0alpha2Api.GetSelfServiceError(context.Background()).Id(res.Request.URL.Query().Get("id")).Execute() require.NoError(t, err) @@ -107,7 +108,7 @@ func TestHandleError(t *testing.T) { require.NoError(t, err) defer res.Body.Close() assert.Contains(t, res.Header.Get("Content-Type"), "application/json") - assert.NotContains(t, res.Request.URL.String(), conf.SelfServiceFlowErrorURL().String()+"?id=") + assert.NotContains(t, res.Request.URL.String(), conf.SelfServiceFlowErrorURL(ctx).String()+"?id=") body, err := io.ReadAll(res.Body) require.NoError(t, err) @@ -183,7 +184,7 @@ func TestHandleError(t *testing.T) { res, err := ts.Client().Get(ts.URL + "/error") require.NoError(t, err) defer res.Body.Close() - assert.Contains(t, res.Request.URL.String(), conf.SelfServiceFlowVerificationUI().String()+"?flow=") + assert.Contains(t, res.Request.URL.String(), conf.SelfServiceFlowVerificationUI(ctx).String()+"?flow=") vf, err := reg.VerificationFlowPersister().GetVerificationFlow(context.Background(), uuid.FromStringOrNil(res.Request.URL.Query().Get("flow"))) require.NoError(t, err) diff --git a/selfservice/flow/verification/flow.go b/selfservice/flow/verification/flow.go index f8547cf48f87..f680edafaca8 100644 --- a/selfservice/flow/verification/flow.go +++ b/selfservice/flow/verification/flow.go @@ -12,7 +12,6 @@ import ( "github.com/gofrs/uuid" "github.com/pkg/errors" - "github.com/ory/kratos/corp" "github.com/ory/kratos/driver/config" "github.com/ory/kratos/selfservice/flow" "github.com/ory/kratos/ui/container" @@ -94,7 +93,7 @@ func (f *Flow) GetRequestURL() string { } func (f Flow) TableName(ctx context.Context) string { - return corp.ContextualizeTableName(ctx, "selfservice_verification_flows") + return "selfservice_verification_flows" } func NewFlow(conf *config.Config, exp time.Duration, csrf string, r *http.Request, strategies Strategies, ft flow.Type) (*Flow, error) { @@ -104,10 +103,10 @@ func NewFlow(conf *config.Config, exp time.Duration, csrf string, r *http.Reques // Pre-validate the return to URL which is contained in the HTTP request. requestURL := x.RequestURL(r).String() _, err := x.SecureRedirectTo(r, - conf.SelfServiceBrowserDefaultReturnTo(), + conf.SelfServiceBrowserDefaultReturnTo(r.Context()), x.SecureRedirectUseSourceURL(requestURL), - x.SecureRedirectAllowURLs(conf.SelfServiceBrowserAllowedReturnToDomains()), - x.SecureRedirectAllowSelfServiceURLs(conf.SelfPublicURL()), + x.SecureRedirectAllowURLs(conf.SelfServiceBrowserAllowedReturnToDomains(r.Context())), + x.SecureRedirectAllowSelfServiceURLs(conf.SelfPublicURL(r.Context())), ) if err != nil { return nil, err @@ -119,7 +118,7 @@ func NewFlow(conf *config.Config, exp time.Duration, csrf string, r *http.Reques RequestURL: requestURL, UI: &container.Container{ Method: "POST", - Action: flow.AppendFlowTo(urlx.AppendPaths(conf.SelfPublicURL(), RouteSubmitFlow), id).String(), + Action: flow.AppendFlowTo(urlx.AppendPaths(conf.SelfPublicURL(r.Context()), RouteSubmitFlow), id).String(), }, CSRFToken: csrf, State: StateChooseMethod, diff --git a/selfservice/flow/verification/flow_test.go b/selfservice/flow/verification/flow_test.go index d0b609d9a483..4bf0de8f08d2 100644 --- a/selfservice/flow/verification/flow_test.go +++ b/selfservice/flow/verification/flow_test.go @@ -1,6 +1,7 @@ package verification_test import ( + "context" "fmt" "net/http" "net/url" @@ -24,6 +25,7 @@ import ( ) func TestFlow(t *testing.T) { + ctx := context.Background() conf, _ := internal.NewFastRegistryWithMocks(t) must := func(r *verification.Flow, err error) *verification.Flow { @@ -54,7 +56,7 @@ func TestFlow(t *testing.T) { _, err := verification.NewFlow(conf, 0, "csrf", &http.Request{URL: &url.URL{Path: "/", RawQuery: "return_to=https://not-allowed/foobar"}, Host: "ory.sh"}, nil, flow.TypeBrowser) require.Error(t, err) - _, err = verification.NewFlow(conf, 0, "csrf", &http.Request{URL: &url.URL{Path: "/", RawQuery: "return_to=" + urlx.AppendPaths(conf.SelfPublicURL(), "/self-service/login/browser").String()}, Host: "ory.sh"}, nil, flow.TypeBrowser) + _, err = verification.NewFlow(conf, 0, "csrf", &http.Request{URL: &url.URL{Path: "/", RawQuery: "return_to=" + urlx.AppendPaths(conf.SelfPublicURL(ctx), "/self-service/login/browser").String()}, Host: "ory.sh"}, nil, flow.TypeBrowser) require.NoError(t, err) }) @@ -121,8 +123,9 @@ func TestFlowEncodeJSON(t *testing.T) { } func TestFromOldFlow(t *testing.T) { + ctx := context.Background() conf := internal.NewConfigurationWithDefaults(t) - r := http.Request{URL: &url.URL{Path: "/", RawQuery: "return_to=" + urlx.AppendPaths(conf.SelfPublicURL(), "/self-service/login/browser").String()}, Host: "ory.sh"} + r := http.Request{URL: &url.URL{Path: "/", RawQuery: "return_to=" + urlx.AppendPaths(conf.SelfPublicURL(ctx), "/self-service/login/browser").String()}, Host: "ory.sh"} for _, ft := range []flow.Type{ flow.TypeAPI, flow.TypeBrowser, diff --git a/selfservice/flow/verification/handler.go b/selfservice/flow/verification/handler.go index cf6d8decba2f..eac36061db03 100644 --- a/selfservice/flow/verification/handler.go +++ b/selfservice/flow/verification/handler.go @@ -103,12 +103,12 @@ func (h *Handler) RegisterAdminRoutes(admin *x.RouterAdmin) { // 500: jsonError // 400: jsonError func (h *Handler) initAPIFlow(w http.ResponseWriter, r *http.Request, _ httprouter.Params) { - if !h.d.Config(r.Context()).SelfServiceFlowVerificationEnabled() { + if !h.d.Config().SelfServiceFlowVerificationEnabled(r.Context()) { h.d.SelfServiceErrorManager().Forward(r.Context(), w, r, errors.WithStack(herodot.ErrBadRequest.WithReasonf("Verification is not allowed because it was disabled."))) return } - req, err := NewFlow(h.d.Config(r.Context()), h.d.Config(r.Context()).SelfServiceFlowVerificationRequestLifespan(), h.d.GenerateCSRFToken(r), r, h.d.VerificationStrategies(r.Context()), flow.TypeAPI) + req, err := NewFlow(h.d.Config(), h.d.Config().SelfServiceFlowVerificationRequestLifespan(r.Context()), h.d.GenerateCSRFToken(r), r, h.d.VerificationStrategies(r.Context()), flow.TypeAPI) if err != nil { h.d.Writer().WriteError(w, r, err) return @@ -151,12 +151,12 @@ type initializeSelfServiceVerificationFlowForBrowsers struct { // 303: emptyResponse // 500: jsonError func (h *Handler) initBrowserFlow(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { - if !h.d.Config(r.Context()).SelfServiceFlowVerificationEnabled() { + if !h.d.Config().SelfServiceFlowVerificationEnabled(r.Context()) { h.d.SelfServiceErrorManager().Forward(r.Context(), w, r, errors.WithStack(herodot.ErrBadRequest.WithReasonf("Verification is not allowed because it was disabled."))) return } - req, err := NewFlow(h.d.Config(r.Context()), h.d.Config(r.Context()).SelfServiceFlowVerificationRequestLifespan(), h.d.GenerateCSRFToken(r), r, h.d.VerificationStrategies(r.Context()), flow.TypeBrowser) + req, err := NewFlow(h.d.Config(), h.d.Config().SelfServiceFlowVerificationRequestLifespan(r.Context()), h.d.GenerateCSRFToken(r), r, h.d.VerificationStrategies(r.Context()), flow.TypeBrowser) if err != nil { h.d.SelfServiceErrorManager().Forward(r.Context(), w, r, err) return @@ -167,7 +167,7 @@ func (h *Handler) initBrowserFlow(w http.ResponseWriter, r *http.Request, ps htt return } - redirTo := req.AppendTo(h.d.Config(r.Context()).SelfServiceFlowVerificationUI()).String() + redirTo := req.AppendTo(h.d.Config().SelfServiceFlowVerificationUI(r.Context())).String() x.AcceptToRedirectOrJSON(w, r, h.d.Writer(), req, redirTo) } @@ -227,7 +227,7 @@ type getSelfServiceVerificationFlow struct { // 404: jsonError // 500: jsonError func (h *Handler) fetch(w http.ResponseWriter, r *http.Request, _ httprouter.Params) { - if !h.d.Config(r.Context()).SelfServiceFlowVerificationEnabled() { + if !h.d.Config().SelfServiceFlowVerificationEnabled(r.Context()) { h.d.SelfServiceErrorManager().Forward(r.Context(), w, r, errors.WithStack(herodot.ErrBadRequest.WithReasonf("Verification is not allowed because it was disabled."))) return } @@ -249,7 +249,7 @@ func (h *Handler) fetch(w http.ResponseWriter, r *http.Request, _ httprouter.Par if req.ExpiresAt.Before(time.Now().UTC()) { if req.Type == flow.TypeBrowser { - redirectURL := flow.GetFlowExpiredRedirectURL(h.d.Config(r.Context()), RouteInitBrowserFlow, req.ReturnTo) + redirectURL := flow.GetFlowExpiredRedirectURL(r.Context(), h.d.Config(), RouteInitBrowserFlow, req.ReturnTo) h.d.Writer().WriteError(w, r, errors.WithStack(x.ErrGone. WithReason("The verification flow has expired. Redirect the user to the verification flow init endpoint to initialize a new verification flow."). @@ -259,7 +259,7 @@ func (h *Handler) fetch(w http.ResponseWriter, r *http.Request, _ httprouter.Par } h.d.Writer().WriteError(w, r, errors.WithStack(x.ErrGone. WithReason("The verification flow has expired. Call the verification flow init API endpoint to initialize a new verification flow."). - WithDetail("api", urlx.AppendPaths(h.d.Config(r.Context()).SelfPublicURL(), RouteInitAPIFlow).String()))) + WithDetail("api", urlx.AppendPaths(h.d.Config().SelfPublicURL(r.Context()), RouteInitAPIFlow).String()))) return } @@ -387,7 +387,7 @@ func (h *Handler) submitFlow(w http.ResponseWriter, r *http.Request, ps httprout } if f.Type == flow.TypeBrowser && !x.IsJSONRequest(r) { - http.Redirect(w, r, f.AppendTo(h.d.Config(r.Context()).SelfServiceFlowVerificationUI()).String(), http.StatusSeeOther) + http.Redirect(w, r, f.AppendTo(h.d.Config().SelfServiceFlowVerificationUI(r.Context())).String(), http.StatusSeeOther) return } diff --git a/selfservice/flow/verification/handler_test.go b/selfservice/flow/verification/handler_test.go index 52d06d0cfccb..15269d165690 100644 --- a/selfservice/flow/verification/handler_test.go +++ b/selfservice/flow/verification/handler_test.go @@ -24,9 +24,10 @@ import ( ) func TestGetFlow(t *testing.T) { + ctx := context.Background() conf, reg := internal.NewFastRegistryWithMocks(t) - conf.MustSet(config.ViperKeySelfServiceVerificationEnabled, true) - conf.MustSet(config.ViperKeySelfServiceStrategyConfig+"."+verification.StrategyVerificationLinkName, + conf.MustSet(ctx, config.ViperKeySelfServiceVerificationEnabled, true) + conf.MustSet(ctx, config.ViperKeySelfServiceStrategyConfig+"."+verification.StrategyVerificationLinkName, map[string]interface{}{"enabled": true}) testhelpers.SetDefaultIdentitySchema(conf, "file://./stub/identity.schema.json") @@ -40,7 +41,7 @@ func TestGetFlow(t *testing.T) { require.NoError(t, err) })) t.Cleanup(ts.Close) - conf.MustSet(config.ViperKeySelfServiceVerificationUI, ts.URL) + conf.MustSet(ctx, config.ViperKeySelfServiceVerificationUI, ts.URL) return ts } @@ -111,7 +112,7 @@ func TestGetFlow(t *testing.T) { t.Run("case=expired with return_to", func(t *testing.T) { returnTo := "https://www.ory.sh" - conf.MustSet(config.ViperKeyURLsAllowedReturnToDomains, []string{returnTo}) + conf.MustSet(ctx, config.ViperKeyURLsAllowedReturnToDomains, []string{returnTo}) client := testhelpers.NewClientWithCookies(t) _ = setupVerificationUI(t, client) @@ -143,7 +144,7 @@ func TestGetFlow(t *testing.T) { t.Run("case=relative redirect when self-service verification ui is a relative URL", func(t *testing.T) { router := x.NewRouterPublic() ts, _ := testhelpers.NewKratosServerWithRouters(t, reg, router, x.NewRouterAdmin()) - reg.Config(context.Background()).MustSet(config.ViperKeySelfServiceVerificationUI, "/verification-ts") + reg.Config().MustSet(ctx, config.ViperKeySelfServiceVerificationUI, "/verification-ts") assert.Regexp( t, "^/verification-ts.*$", diff --git a/selfservice/flow/verification/hook_test.go b/selfservice/flow/verification/hook_test.go index e1091d73f8fb..75b9bafc3caf 100644 --- a/selfservice/flow/verification/hook_test.go +++ b/selfservice/flow/verification/hook_test.go @@ -23,6 +23,7 @@ import ( ) func TestVerificationExecutor(t *testing.T) { + ctx := context.Background() conf, reg := internal.NewFastRegistryWithMocks(t) newServer := func(t *testing.T, i *identity.Identity, ft flow.Type) *httptest.Server { @@ -39,7 +40,7 @@ func TestVerificationExecutor(t *testing.T) { ts := httptest.NewServer(router) t.Cleanup(ts.Close) - conf.MustSet(config.ViperKeyPublicBaseURL, ts.URL) + conf.MustSet(ctx, config.ViperKeyPublicBaseURL, ts.URL) return ts } @@ -56,7 +57,7 @@ func TestVerificationExecutor(t *testing.T) { t.Run("case=pass if hooks pass", func(t *testing.T) { t.Cleanup(testhelpers.SelfServiceHookConfigReset(t, conf)) - conf.MustSet(config.HookStrategyKey(config.ViperKeySelfServiceVerificationAfter, config.HookGlobal), + conf.MustSet(ctx, config.HookStrategyKey(config.ViperKeySelfServiceVerificationAfter, config.HookGlobal), []config.SelfServiceHook{{Name: "err", Config: []byte(`{}`)}}) i := testhelpers.SelfServiceHookFakeIdentity(t) ts := newServer(t, i, flow.TypeBrowser) @@ -68,7 +69,7 @@ func TestVerificationExecutor(t *testing.T) { t.Run("case=fail if hooks fail", func(t *testing.T) { t.Cleanup(testhelpers.SelfServiceHookConfigReset(t, conf)) - conf.MustSet(config.HookStrategyKey(config.ViperKeySelfServiceVerificationAfter, config.HookGlobal), + conf.MustSet(ctx, config.HookStrategyKey(config.ViperKeySelfServiceVerificationAfter, config.HookGlobal), []config.SelfServiceHook{{Name: "err", Config: []byte(`{"ExecutePostVerificationHook": "abort"}`)}}) i := testhelpers.SelfServiceHookFakeIdentity(t) ts := newServer(t, i, flow.TypeBrowser) diff --git a/selfservice/flowhelpers/login_test.go b/selfservice/flowhelpers/login_test.go index ac8a59813535..277f9ead813c 100644 --- a/selfservice/flowhelpers/login_test.go +++ b/selfservice/flowhelpers/login_test.go @@ -18,6 +18,7 @@ import ( ) func TestGuessForcedLoginIdentifier(t *testing.T) { + ctx := context.Background() conf, reg := internal.NewFastRegistryWithMocks(t) testhelpers.SetDefaultIdentitySchema(conf, "file://./stub/login.schema.json") @@ -29,7 +30,7 @@ func TestGuessForcedLoginIdentifier(t *testing.T) { i.Credentials[identity.CredentialsTypePassword] = ic require.NoError(t, reg.IdentityManager().Create(context.Background(), i)) - sess, err := session.NewActiveSession(i, conf, time.Now(), identity.CredentialsTypePassword, identity.AuthenticatorAssuranceLevel1) + sess, err := session.NewActiveSession(ctx, i, conf, time.Now(), identity.CredentialsTypePassword, identity.AuthenticatorAssuranceLevel1) require.NoError(t, err) reg.SessionPersister().UpsertSession(context.Background(), sess) diff --git a/selfservice/hook/session_destroyer_test.go b/selfservice/hook/session_destroyer_test.go index e74e673de617..4ef51279b552 100644 --- a/selfservice/hook/session_destroyer_test.go +++ b/selfservice/hook/session_destroyer_test.go @@ -28,9 +28,10 @@ func init() { } func TestSessionDestroyer(t *testing.T) { + ctx := context.Background() conf, reg := internal.NewFastRegistryWithMocks(t) - conf.MustSet(config.ViperKeyPublicBaseURL, "http://localhost/") + conf.MustSet(ctx, config.ViperKeyPublicBaseURL, "http://localhost/") testhelpers.SetDefaultIdentitySchema(conf, "file://./stub/stub.schema.json") h := hook.NewSessionDestroyer(reg) diff --git a/selfservice/hook/session_issuer_test.go b/selfservice/hook/session_issuer_test.go index d41892fb9336..a4641e752b2a 100644 --- a/selfservice/hook/session_issuer_test.go +++ b/selfservice/hook/session_issuer_test.go @@ -26,8 +26,9 @@ import ( ) func TestSessionIssuer(t *testing.T) { + ctx := context.Background() conf, reg := internal.NewFastRegistryWithMocks(t) - conf.MustSet(config.ViperKeyPublicBaseURL, "http://localhost/") + conf.MustSet(ctx, config.ViperKeyPublicBaseURL, "http://localhost/") testhelpers.SetDefaultIdentitySchema(conf, "file://./stub/stub.schema.json") var r http.Request diff --git a/selfservice/hook/verification.go b/selfservice/hook/verification.go index 37663582208a..ff6445f19f98 100644 --- a/selfservice/hook/verification.go +++ b/selfservice/hook/verification.go @@ -52,8 +52,8 @@ func (e *Verifier) do(r *http.Request, i *identity.Identity, f flow.Flow) error if address.Status != identity.VerifiableAddressStatusPending { continue } - verificationFlow, err := verification.NewPostHookFlow(e.r.Config(r.Context()), - e.r.Config(r.Context()).SelfServiceFlowVerificationRequestLifespan(), + verificationFlow, err := verification.NewPostHookFlow(e.r.Config(), + e.r.Config().SelfServiceFlowVerificationRequestLifespan(r.Context()), e.r.GenerateCSRFToken(r), r, e.r.VerificationStrategies(r.Context()), f) if err != nil { return err @@ -63,7 +63,7 @@ func (e *Verifier) do(r *http.Request, i *identity.Identity, f flow.Flow) error return err } - token := link.NewSelfServiceVerificationToken(address, verificationFlow, e.r.Config(r.Context()).SelfServiceLinkMethodLifespan()) + token := link.NewSelfServiceVerificationToken(address, verificationFlow, e.r.Config().SelfServiceLinkMethodLifespan(r.Context())) if err := e.r.VerificationTokenPersister().CreateVerificationToken(r.Context(), token); err != nil { return err } diff --git a/selfservice/hook/verification_test.go b/selfservice/hook/verification_test.go index b474cd9706de..a2db93435982 100644 --- a/selfservice/hook/verification_test.go +++ b/selfservice/hook/verification_test.go @@ -29,6 +29,7 @@ import ( ) func TestVerifier(t *testing.T) { + ctx := context.Background() u := &http.Request{URL: urlx.ParseOrPanic("https://www.ory.sh/")} for k, hf := range map[string]func(*hook.Verifier, *identity.Identity, flow.Flow) error{ "settings": func(h *hook.Verifier, i *identity.Identity, f flow.Flow) error { @@ -43,8 +44,8 @@ func TestVerifier(t *testing.T) { t.Run("name="+k, func(t *testing.T) { conf, reg := internal.NewFastRegistryWithMocks(t) testhelpers.SetDefaultIdentitySchema(conf, "file://./stub/verify.schema.json") - conf.MustSet(config.ViperKeyPublicBaseURL, "https://www.ory.sh/") - conf.MustSet(config.ViperKeyCourierSMTPURL, "smtp://foo@bar@dev.null/") + conf.MustSet(ctx, config.ViperKeyPublicBaseURL, "https://www.ory.sh/") + conf.MustSet(ctx, config.ViperKeyCourierSMTPURL, "smtp://foo@bar@dev.null/") i := identity.NewIdentity(config.DefaultIdentityTraitsSchemaID) i.Traits = identity.Traits(`{"emails":["foo@ory.sh","bar@ory.sh","baz@ory.sh"]}`) @@ -83,7 +84,7 @@ func TestVerifier(t *testing.T) { h := hook.NewVerifier(reg) require.NoError(t, hf(h, i, originalFlow)) - expectedVerificationFlow, err := verification.NewPostHookFlow(conf, conf.SelfServiceFlowVerificationRequestLifespan(), "", u, reg.VerificationStrategies(context.Background()), originalFlow) + expectedVerificationFlow, err := verification.NewPostHookFlow(conf, conf.SelfServiceFlowVerificationRequestLifespan(ctx), "", u, reg.VerificationStrategies(context.Background()), originalFlow) require.NoError(t, err) var verificationFlow verification.Flow @@ -114,7 +115,7 @@ func TestVerifier(t *testing.T) { assert.EqualValues(t, identity.VerifiableAddressStatusSent, address2.Status) require.NoError(t, hf(h, i, originalFlow)) - expectedVerificationFlow, err = verification.NewPostHookFlow(conf, conf.SelfServiceFlowVerificationRequestLifespan(), "", u, reg.VerificationStrategies(context.Background()), originalFlow) + expectedVerificationFlow, err = verification.NewPostHookFlow(conf, conf.SelfServiceFlowVerificationRequestLifespan(ctx), "", u, reg.VerificationStrategies(context.Background()), originalFlow) var verificationFlow2 verification.Flow require.NoError(t, reg.Persister().GetConnection(context.Background()).First(&verificationFlow2)) assert.Equal(t, expectedVerificationFlow.RequestURL, verificationFlow2.RequestURL) diff --git a/selfservice/hook/web_hook_integration_test.go b/selfservice/hook/web_hook_integration_test.go index 0303b45de671..f85cadb71604 100644 --- a/selfservice/hook/web_hook_integration_test.go +++ b/selfservice/hook/web_hook_integration_test.go @@ -723,10 +723,11 @@ func TestWebHooks(t *testing.T) { } func TestDisallowPrivateIPRanges(t *testing.T) { + ctx := context.Background() conf, reg := internal.NewFastRegistryWithMocks(t) - conf.MustSet(config.ViperKeyClientHTTPNoPrivateIPRanges, true) + conf.MustSet(ctx, config.ViperKeyClientHTTPNoPrivateIPRanges, true) logger := logrusx.New("kratos", "test") - whDeps := x.SimpleLoggerWithClient{L: logger, C: reg.HTTPClient(context.Background()), T: otelx.NewNoop(logger, conf.Tracing())} + whDeps := x.SimpleLoggerWithClient{L: logger, C: reg.HTTPClient(context.Background()), T: otelx.NewNoop(logger, conf.Tracing(ctx))} req := &http.Request{ Header: map[string][]string{"Some-Header": {"Some-Value"}}, diff --git a/selfservice/strategy/handler.go b/selfservice/strategy/handler.go index 8eb68ce3c995..c87c0d65c833 100644 --- a/selfservice/strategy/handler.go +++ b/selfservice/strategy/handler.go @@ -27,14 +27,14 @@ func disabledWriter(c disabledChecker, enabled bool, wrap httprouter.Handle, w h func IsDisabled(c disabledChecker, strategy string, wrap httprouter.Handle) httprouter.Handle { return func(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { - disabledWriter(c, c.Config(r.Context()).SelfServiceStrategy(strategy).Enabled, wrap, w, r, ps) + disabledWriter(c, c.Config().SelfServiceStrategy(r.Context(), strategy).Enabled, wrap, w, r, ps) } } func IsRecoveryDisabled(c disabledChecker, strategy string, wrap httprouter.Handle) httprouter.Handle { return func(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { disabledWriter(c, - c.Config(r.Context()).SelfServiceStrategy(strategy).Enabled && c.Config(r.Context()).SelfServiceFlowRecoveryEnabled(), + c.Config().SelfServiceStrategy(r.Context(), strategy).Enabled && c.Config().SelfServiceFlowRecoveryEnabled(r.Context()), wrap, w, r, ps) } } @@ -42,7 +42,7 @@ func IsRecoveryDisabled(c disabledChecker, strategy string, wrap httprouter.Hand func IsVerificationDisabled(c disabledChecker, strategy string, wrap httprouter.Handle) httprouter.Handle { return func(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { disabledWriter(c, - c.Config(r.Context()).SelfServiceStrategy(strategy).Enabled && c.Config(r.Context()).SelfServiceFlowVerificationEnabled(), + c.Config().SelfServiceStrategy(r.Context(), strategy).Enabled && c.Config().SelfServiceFlowVerificationEnabled(r.Context()), wrap, w, r, ps) } } diff --git a/selfservice/strategy/link/sender.go b/selfservice/strategy/link/sender.go index df4a9bf2b851..a63e197ba882 100644 --- a/selfservice/strategy/link/sender.go +++ b/selfservice/strategy/link/sender.go @@ -79,7 +79,7 @@ func (s *Sender) SendRecoveryLink(ctx context.Context, r *http.Request, f *recov return err } - token := NewSelfServiceRecoveryToken(address, f, s.r.Config(r.Context()).SelfServiceLinkMethodLifespan()) + token := NewSelfServiceRecoveryToken(address, f, s.r.Config().SelfServiceLinkMethodLifespan(r.Context())) if err := s.r.RecoveryTokenPersister().CreateRecoveryToken(ctx, token); err != nil { return err } @@ -121,7 +121,7 @@ func (s *Sender) SendVerificationLink(ctx context.Context, f *verification.Flow, return err } - token := NewSelfServiceVerificationToken(address, f, s.r.Config(ctx).SelfServiceLinkMethodLifespan()) + token := NewSelfServiceVerificationToken(address, f, s.r.Config().SelfServiceLinkMethodLifespan(ctx)) if err := s.r.VerificationTokenPersister().CreateVerificationToken(ctx, token); err != nil { return err } @@ -148,7 +148,7 @@ func (s *Sender) SendRecoveryTokenTo(ctx context.Context, f *recovery.Flow, i *i return s.send(ctx, string(address.Via), email.NewRecoveryValid(s.r, &email.RecoveryValidModel{To: address.Value, RecoveryURL: urlx.CopyWithQuery( - urlx.AppendPaths(s.r.Config(ctx).SelfServiceLinkMethodBaseURL(), recovery.RouteSubmitFlow), + urlx.AppendPaths(s.r.Config().SelfServiceLinkMethodBaseURL(ctx), recovery.RouteSubmitFlow), url.Values{ "token": {token.Token}, "flow": {f.ID.String()}, @@ -171,7 +171,7 @@ func (s *Sender) SendVerificationTokenTo(ctx context.Context, f *verification.Fl if err := s.send(ctx, string(address.Via), email.NewVerificationValid(s.r, &email.VerificationValidModel{To: address.Value, VerificationURL: urlx.CopyWithQuery( - urlx.AppendPaths(s.r.Config(ctx).SelfServiceLinkMethodBaseURL(), verification.RouteSubmitFlow), + urlx.AppendPaths(s.r.Config().SelfServiceLinkMethodBaseURL(ctx), verification.RouteSubmitFlow), url.Values{ "flow": {f.ID.String()}, "token": {token.Token}, diff --git a/selfservice/strategy/link/sender_test.go b/selfservice/strategy/link/sender_test.go index 7866fc8c933a..b8c8eabb4d70 100644 --- a/selfservice/strategy/link/sender_test.go +++ b/selfservice/strategy/link/sender_test.go @@ -23,11 +23,12 @@ import ( ) func TestManager(t *testing.T) { + ctx := context.Background() conf, reg := internal.NewFastRegistryWithMocks(t) testhelpers.SetDefaultIdentitySchema(conf, "file://./stub/default.schema.json") - conf.MustSet(config.ViperKeyPublicBaseURL, "https://www.ory.sh/") - conf.MustSet(config.ViperKeyCourierSMTPURL, "smtp://foo@bar@dev.null/") - conf.MustSet(config.ViperKeyLinkBaseURL, "https://link-url/") + conf.MustSet(ctx, config.ViperKeyPublicBaseURL, "https://www.ory.sh/") + conf.MustSet(ctx, config.ViperKeyCourierSMTPURL, "smtp://foo@bar@dev.null/") + conf.MustSet(ctx, config.ViperKeyLinkBaseURL, "https://link-url/") u := &http.Request{URL: urlx.ParseOrPanic("https://www.ory.sh/")} @@ -52,13 +53,13 @@ func TestManager(t *testing.T) { assert.EqualValues(t, "tracked@ory.sh", messages[0].Recipient) assert.Contains(t, messages[0].Subject, "Recover access to your account") - assert.Contains(t, messages[0].Body, urlx.AppendPaths(conf.SelfServiceLinkMethodBaseURL(), recovery.RouteSubmitFlow).String()+"?") + assert.Contains(t, messages[0].Body, urlx.AppendPaths(conf.SelfServiceLinkMethodBaseURL(ctx), recovery.RouteSubmitFlow).String()+"?") assert.Contains(t, messages[0].Body, "token=") assert.Contains(t, messages[0].Body, "flow=") assert.EqualValues(t, "not-tracked@ory.sh", messages[1].Recipient) assert.Contains(t, messages[1].Subject, "Account access attempted") - assert.NotContains(t, messages[1].Body, urlx.AppendPaths(conf.SelfServiceLinkMethodBaseURL(), recovery.RouteSubmitFlow).String()+"?") + assert.NotContains(t, messages[1].Body, urlx.AppendPaths(conf.SelfServiceLinkMethodBaseURL(ctx), recovery.RouteSubmitFlow).String()+"?") assert.NotContains(t, messages[1].Body, "token=") assert.NotContains(t, messages[1].Body, "flow=") }) @@ -77,13 +78,13 @@ func TestManager(t *testing.T) { assert.EqualValues(t, "tracked@ory.sh", messages[0].Recipient) assert.Contains(t, messages[0].Subject, "Please verify") - assert.Contains(t, messages[0].Body, urlx.AppendPaths(conf.SelfServiceLinkMethodBaseURL(), verification.RouteSubmitFlow).String()+"?") + assert.Contains(t, messages[0].Body, urlx.AppendPaths(conf.SelfServiceLinkMethodBaseURL(ctx), verification.RouteSubmitFlow).String()+"?") assert.Contains(t, messages[0].Body, "token=") assert.Contains(t, messages[0].Body, "flow=") assert.EqualValues(t, "not-tracked@ory.sh", messages[1].Recipient) assert.Contains(t, messages[1].Subject, "tried to verify") - assert.NotContains(t, messages[1].Body, urlx.AppendPaths(conf.SelfServiceLinkMethodBaseURL(), verification.RouteSubmitFlow).String()+"?") + assert.NotContains(t, messages[1].Body, urlx.AppendPaths(conf.SelfServiceLinkMethodBaseURL(ctx), verification.RouteSubmitFlow).String()+"?") address, err := reg.IdentityPool().FindVerifiableAddressByValue(context.Background(), identity.VerifiableAddressTypeEmail, "tracked@ory.sh") require.NoError(t, err) assert.EqualValues(t, identity.VerifiableAddressStatusSent, address.Status) diff --git a/selfservice/strategy/link/strategy_recovery.go b/selfservice/strategy/link/strategy_recovery.go index feb160792f6f..be89af1c8092 100644 --- a/selfservice/strategy/link/strategy_recovery.go +++ b/selfservice/strategy/link/strategy_recovery.go @@ -131,7 +131,7 @@ func (s *Strategy) createRecoveryLink(w http.ResponseWriter, r *http.Request, _ return } - expiresIn := s.d.Config(r.Context()).SelfServiceLinkMethodLifespan() + expiresIn := s.d.Config().SelfServiceLinkMethodLifespan(r.Context()) if len(p.ExpiresIn) > 0 { var err error expiresIn, err = time.ParseDuration(p.ExpiresIn) @@ -146,7 +146,7 @@ func (s *Strategy) createRecoveryLink(w http.ResponseWriter, r *http.Request, _ return } - req, err := recovery.NewFlow(s.d.Config(r.Context()), expiresIn, s.d.GenerateCSRFToken(r), + req, err := recovery.NewFlow(s.d.Config(), expiresIn, s.d.GenerateCSRFToken(r), r, s.d.RecoveryStrategies(r.Context()), flow.TypeBrowser) if err != nil { s.d.Writer().WriteError(w, r, err) @@ -181,7 +181,7 @@ func (s *Strategy) createRecoveryLink(w http.ResponseWriter, r *http.Request, _ s.d.Writer().Write(w, r, &selfServiceRecoveryLink{ ExpiresAt: req.ExpiresAt.UTC(), RecoveryLink: urlx.CopyWithQuery( - urlx.AppendPaths(s.d.Config(r.Context()).SelfPublicURL(), recovery.RouteSubmitFlow), + urlx.AppendPaths(s.d.Config().SelfPublicURL(r.Context()), recovery.RouteSubmitFlow), url.Values{ "token": {token.Token}, "flow": {req.ID.String()}, @@ -272,7 +272,7 @@ func (s *Strategy) recoveryIssueSession(w http.ResponseWriter, r *http.Request, return s.retryRecoveryFlowWithError(w, r, flow.TypeBrowser, err) } - sess, err := session.NewActiveSession(id, s.d.Config(r.Context()), time.Now().UTC(), identity.CredentialsTypeRecoveryLink, identity.AuthenticatorAssuranceLevel1) + sess, err := session.NewActiveSession(r.Context(), id, s.d.Config(), time.Now().UTC(), identity.CredentialsTypeRecoveryLink, identity.AuthenticatorAssuranceLevel1) if err != nil { return s.retryRecoveryFlowWithError(w, r, flow.TypeBrowser, err) } @@ -304,12 +304,12 @@ func (s *Strategy) recoveryIssueSession(w http.ResponseWriter, r *http.Request, return s.retryRecoveryFlowWithError(w, r, flow.TypeBrowser, err) } - sf.UI.Messages.Set(text.NewRecoverySuccessful(time.Now().Add(s.d.Config(r.Context()).SelfServiceFlowSettingsPrivilegedSessionMaxAge()))) + sf.UI.Messages.Set(text.NewRecoverySuccessful(time.Now().Add(s.d.Config().SelfServiceFlowSettingsPrivilegedSessionMaxAge(r.Context())))) if err := s.d.SettingsFlowPersister().UpdateSettingsFlow(r.Context(), sf); err != nil { return s.retryRecoveryFlowWithError(w, r, flow.TypeBrowser, err) } - http.Redirect(w, r, sf.AppendTo(s.d.Config(r.Context()).SelfServiceFlowSettingsUI()).String(), http.StatusSeeOther) + http.Redirect(w, r, sf.AppendTo(s.d.Config().SelfServiceFlowSettingsUI(r.Context())).String(), http.StatusSeeOther) return errors.WithStack(flow.ErrCompletedByStrategy) } @@ -325,7 +325,7 @@ func (s *Strategy) recoveryUseToken(w http.ResponseWriter, r *http.Request, body var f *recovery.Flow if !token.FlowID.Valid { - f, err = recovery.NewFlow(s.d.Config(r.Context()), time.Until(token.ExpiresAt), s.d.GenerateCSRFToken(r), + f, err = recovery.NewFlow(s.d.Config(), time.Until(token.ExpiresAt), s.d.GenerateCSRFToken(r), r, s.d.RecoveryStrategies(r.Context()), flow.TypeBrowser) if err != nil { return s.retryRecoveryFlowWithError(w, r, flow.TypeBrowser, err) @@ -363,7 +363,7 @@ func (s *Strategy) recoveryUseToken(w http.ResponseWriter, r *http.Request, body func (s *Strategy) retryRecoveryFlowWithMessage(w http.ResponseWriter, r *http.Request, ft flow.Type, message *text.Message) error { s.d.Logger().WithRequest(r).WithField("message", message).Debug("A recovery flow is being retried because a validation error occurred.") - req, err := recovery.NewFlow(s.d.Config(r.Context()), s.d.Config(r.Context()).SelfServiceFlowRecoveryRequestLifespan(), s.d.CSRFHandler().RegenerateToken(w, r), r, s.d.RecoveryStrategies(r.Context()), ft) + req, err := recovery.NewFlow(s.d.Config(), s.d.Config().SelfServiceFlowRecoveryRequestLifespan(r.Context()), s.d.CSRFHandler().RegenerateToken(w, r), r, s.d.RecoveryStrategies(r.Context()), ft) if err != nil { return err } @@ -374,9 +374,9 @@ func (s *Strategy) retryRecoveryFlowWithMessage(w http.ResponseWriter, r *http.R } if ft == flow.TypeBrowser { - http.Redirect(w, r, req.AppendTo(s.d.Config(r.Context()).SelfServiceFlowRecoveryUI()).String(), http.StatusSeeOther) + http.Redirect(w, r, req.AppendTo(s.d.Config().SelfServiceFlowRecoveryUI(r.Context())).String(), http.StatusSeeOther) } else { - http.Redirect(w, r, urlx.CopyWithQuery(urlx.AppendPaths(s.d.Config(r.Context()).SelfPublicURL(), + http.Redirect(w, r, urlx.CopyWithQuery(urlx.AppendPaths(s.d.Config().SelfPublicURL(r.Context()), recovery.RouteGetFlow), url.Values{"id": {req.ID.String()}}).String(), http.StatusSeeOther) } @@ -386,7 +386,7 @@ func (s *Strategy) retryRecoveryFlowWithMessage(w http.ResponseWriter, r *http.R func (s *Strategy) retryRecoveryFlowWithError(w http.ResponseWriter, r *http.Request, ft flow.Type, recErr error) error { s.d.Logger().WithRequest(r).WithError(recErr).Debug("A recovery flow is being retried because a validation error occurred.") - req, err := recovery.NewFlow(s.d.Config(r.Context()), s.d.Config(r.Context()).SelfServiceFlowRecoveryRequestLifespan(), s.d.CSRFHandler().RegenerateToken(w, r), r, s.d.RecoveryStrategies(r.Context()), ft) + req, err := recovery.NewFlow(s.d.Config(), s.d.Config().SelfServiceFlowRecoveryRequestLifespan(r.Context()), s.d.CSRFHandler().RegenerateToken(w, r), r, s.d.RecoveryStrategies(r.Context()), ft) if err != nil { return err } @@ -404,9 +404,9 @@ func (s *Strategy) retryRecoveryFlowWithError(w http.ResponseWriter, r *http.Req } if ft == flow.TypeBrowser { - http.Redirect(w, r, req.AppendTo(s.d.Config(r.Context()).SelfServiceFlowRecoveryUI()).String(), http.StatusSeeOther) + http.Redirect(w, r, req.AppendTo(s.d.Config().SelfServiceFlowRecoveryUI(r.Context())).String(), http.StatusSeeOther) } else { - http.Redirect(w, r, urlx.CopyWithQuery(urlx.AppendPaths(s.d.Config(r.Context()).SelfPublicURL(), + http.Redirect(w, r, urlx.CopyWithQuery(urlx.AppendPaths(s.d.Config().SelfPublicURL(r.Context()), recovery.RouteGetFlow), url.Values{"id": {req.ID.String()}}).String(), http.StatusSeeOther) } @@ -423,7 +423,7 @@ func (s *Strategy) recoveryHandleFormSubmission(w http.ResponseWriter, r *http.R return s.HandleRecoveryError(w, r, f, body, schema.NewRequiredError("#/email", "email")) } - if err := flow.EnsureCSRF(s.d, r, f.Type, s.d.Config(r.Context()).DisableAPIFlowEnforcement(), s.d.GenerateCSRFToken, body.CSRFToken); err != nil { + if err := flow.EnsureCSRF(s.d, r, f.Type, s.d.Config().DisableAPIFlowEnforcement(r.Context()), s.d.GenerateCSRFToken, body.CSRFToken); err != nil { return s.HandleRecoveryError(w, r, f, body, err) } diff --git a/selfservice/strategy/link/strategy_recovery_test.go b/selfservice/strategy/link/strategy_recovery_test.go index ea902faa2591..cc5d17881943 100644 --- a/selfservice/strategy/link/strategy_recovery_test.go +++ b/selfservice/strategy/link/strategy_recovery_test.go @@ -57,6 +57,7 @@ func init() { } func TestAdminStrategy(t *testing.T) { + ctx := context.Background() conf, reg := internal.NewFastRegistryWithMocks(t) initViper(t, conf) @@ -82,7 +83,7 @@ func TestAdminStrategy(t *testing.T) { require.NoError(t, err) w := httptest.NewRecorder() r := &http.Request{URL: new(url.URL)} - f, err := recovery.NewFlow(reg.Config(ctx), time.Minute, "", r, reg.RecoveryStrategies(ctx), flow.TypeBrowser) + f, err := recovery.NewFlow(reg.Config(), time.Minute, "", r, reg.RecoveryStrategies(ctx), flow.TypeBrowser) require.NoError(t, err) require.NotPanics(t, func() { require.Error(t, s.(*link.Strategy).HandleRecoveryError(w, r, f, nil, errors.New("test"))) @@ -110,7 +111,7 @@ func TestAdminStrategy(t *testing.T) { require.NoError(t, err) time.Sleep(time.Millisecond * 100) - checkLink(t, rl, time.Now().Add(conf.SelfServiceFlowRecoveryRequestLifespan())) + checkLink(t, rl, time.Now().Add(conf.SelfServiceFlowRecoveryRequestLifespan(ctx))) res, err := publicTS.Client().Get(rl.RecoveryLink) require.NoError(t, err) @@ -134,7 +135,7 @@ func TestAdminStrategy(t *testing.T) { require.NoError(t, err) time.Sleep(time.Millisecond * 100) - checkLink(t, rl, time.Now().Add(conf.SelfServiceFlowRecoveryRequestLifespan())) + checkLink(t, rl, time.Now().Add(conf.SelfServiceFlowRecoveryRequestLifespan(ctx))) res, err := publicTS.Client().Get(rl.RecoveryLink) require.NoError(t, err) @@ -162,11 +163,11 @@ func TestAdminStrategy(t *testing.T) { }).Execute() require.NoError(t, err) - checkLink(t, rl, time.Now().Add(conf.SelfServiceFlowRecoveryRequestLifespan()+time.Second)) + checkLink(t, rl, time.Now().Add(conf.SelfServiceFlowRecoveryRequestLifespan(ctx)+time.Second)) res, err := publicTS.Client().Get(rl.RecoveryLink) require.NoError(t, err) - assert.Contains(t, res.Request.URL.String(), conf.SelfServiceFlowSettingsUI().String()) + assert.Contains(t, res.Request.URL.String(), conf.SelfServiceFlowSettingsUI(ctx).String()) assert.Equal(t, http.StatusOK, res.StatusCode) testhelpers.LogJSON(t, rl) @@ -185,6 +186,7 @@ func TestAdminStrategy(t *testing.T) { } func TestRecovery(t *testing.T) { + ctx := context.Background() conf, reg := internal.NewFastRegistryWithMocks(t) initViper(t, conf) @@ -222,7 +224,7 @@ func TestRecovery(t *testing.T) { } return testhelpers.SubmitRecoveryForm(t, isAPI, isSPA, hc, public, values, c, - testhelpers.ExpectURL(isAPI || isSPA, public.URL+recovery.RouteSubmitFlow, conf.SelfServiceFlowRecoveryUI().String())) + testhelpers.ExpectURL(isAPI || isSPA, public.URL+recovery.RouteSubmitFlow, conf.SelfServiceFlowRecoveryUI(ctx).String())) } var expectValidationError = func(t *testing.T, hc *http.Client, isAPI, isSPA bool, values func(url.Values)) string { @@ -323,7 +325,7 @@ func TestRecovery(t *testing.T) { authClient := testhelpers.NewHTTPClientWithArbitrarySessionToken(t, reg) if isAPI { - s, err := session.NewActiveSession( + s, err := session.NewActiveSession(ctx, &identity.Identity{ID: x.NewUUID(), State: identity.StateActive}, testhelpers.NewSessionLifespanProvider(time.Hour), time.Now(), @@ -342,7 +344,7 @@ func TestRecovery(t *testing.T) { assertx.EqualAsJSONExcept(t, recovery.ErrAlreadyLoggedIn, json.RawMessage(gjson.Get(body, "error").Raw), nil) } else { assert.EqualValues(t, http.StatusOK, res.StatusCode, "%s", body) - assert.Contains(t, res.Request.URL.String(), conf.SelfServiceBrowserDefaultReturnTo().String(), "%+v\n\t%s", res.Request, body) + assert.Contains(t, res.Request.URL.String(), conf.SelfServiceBrowserDefaultReturnTo(ctx).String(), "%+v\n\t%s", res.Request, body) } } @@ -405,7 +407,7 @@ func TestRecovery(t *testing.T) { assertx.EqualAsJSON(t, session.ErrIdentityDisabled.WithDetail("identity_id", addr.IdentityID), json.RawMessage(gjson.GetBytes(body, "error").Raw), "%s", body) } else { assert.Equal(t, http.StatusOK, res.StatusCode) - assert.Contains(t, res.Request.URL.String(), conf.SelfServiceFlowErrorURL().String()) + assert.Contains(t, res.Request.URL.String(), conf.SelfServiceFlowErrorURL(ctx).String()) assertx.EqualAsJSON(t, session.ErrIdentityDisabled.WithDetail("identity_id", addr.IdentityID), json.RawMessage(body), "%s", body) } } @@ -462,7 +464,7 @@ func TestRecovery(t *testing.T) { require.NoError(t, err) assert.Equal(t, http.StatusOK, res.StatusCode) - assert.Contains(t, res.Request.URL.String(), conf.SelfServiceFlowSettingsUI().String()) + assert.Contains(t, res.Request.URL.String(), conf.SelfServiceFlowSettingsUI(ctx).String()) body := ioutilx.MustReadAll(res.Body) assert.Equal(t, text.NewRecoverySuccessful(time.Now().Add(time.Hour)).Text, @@ -508,7 +510,7 @@ func TestRecovery(t *testing.T) { b, res := testhelpers.RecoveryMakeRequest(t, false, f, hc, testhelpers.EncodeFormAsJSON(t, false, formPayload)) assert.EqualValues(t, http.StatusOK, res.StatusCode, "%s", b) - expectedURL := testhelpers.ExpectURL(false, public.URL+recovery.RouteSubmitFlow, conf.SelfServiceFlowRecoveryUI().String()) + expectedURL := testhelpers.ExpectURL(false, public.URL+recovery.RouteSubmitFlow, conf.SelfServiceFlowRecoveryUI(ctx).String()) assert.Contains(t, res.Request.URL.String(), expectedURL, "%+v\n\t%s", res.Request, b) check(t, b, email, returnTo) @@ -549,7 +551,7 @@ func TestRecovery(t *testing.T) { assert.Contains(t, cookies, "ory_kratos_session") returnTo, err := res.Location() require.NoError(t, err) - assert.Contains(t, returnTo.String(), conf.SelfServiceFlowSettingsUI().String(), "we end up at the settings screen") + assert.Contains(t, returnTo.String(), conf.SelfServiceFlowSettingsUI(ctx).String(), "we end up at the settings screen") rl := urlx.ParseOrPanic(recoveryLink) actualRes, err := cl.Get(public.URL + recovery.RouteGetFlow + "?id=" + rl.Query().Get("flow")) @@ -595,16 +597,16 @@ func TestRecovery(t *testing.T) { }) t.Run("description=should recover and invalidate all other sessions if hook is set", func(t *testing.T) { - conf.MustSet(config.HookStrategyKey(config.ViperKeySelfServiceRecoveryAfter, config.HookGlobal), []config.SelfServiceHook{{Name: "revoke_active_sessions"}}) + conf.MustSet(ctx, config.HookStrategyKey(config.ViperKeySelfServiceRecoveryAfter, config.HookGlobal), []config.SelfServiceHook{{Name: "revoke_active_sessions"}}) t.Cleanup(func() { - conf.MustSet(config.HookStrategyKey(config.ViperKeySelfServiceRegistrationAfter, identity.CredentialsTypePassword.String()), nil) + conf.MustSet(ctx, config.HookStrategyKey(config.ViperKeySelfServiceRegistrationAfter, identity.CredentialsTypePassword.String()), nil) }) recoveryEmail := strings.ToLower(testhelpers.RandomEmail()) email := recoveryEmail id := createIdentityToRecover(email) - sess, err := session.NewActiveSession(id, conf, time.Now(), identity.CredentialsTypePassword, identity.AuthenticatorAssuranceLevel1) + sess, err := session.NewActiveSession(ctx, id, conf, time.Now(), identity.CredentialsTypePassword, identity.AuthenticatorAssuranceLevel1) require.NoError(t, err) require.NoError(t, reg.SessionPersister().UpsertSession(context.Background(), sess)) @@ -646,7 +648,7 @@ func TestRecovery(t *testing.T) { res, err := c.Get(f.Ui.Action + "&token=i-do-not-exist") require.NoError(t, err) assert.Equal(t, http.StatusOK, res.StatusCode) - assert.Contains(t, res.Request.URL.String(), conf.SelfServiceFlowRecoveryUI().String()+"?flow=") + assert.Contains(t, res.Request.URL.String(), conf.SelfServiceFlowRecoveryUI(ctx).String()+"?flow=") rs, _, err := testhelpers.NewSDKCustomClient(public, c).V0alpha2Api.GetSelfServiceRecoveryFlow(context.Background()).Id(res.Request.URL.Query().Get("flow")).Execute() require.NoError(t, err) @@ -658,9 +660,9 @@ func TestRecovery(t *testing.T) { t.Run("description=should not be able to use an outdated link", func(t *testing.T) { recoveryEmail := "recoverme5@ory.sh" createIdentityToRecover(recoveryEmail) - conf.MustSet(config.ViperKeySelfServiceRecoveryRequestLifespan, time.Millisecond*200) + conf.MustSet(ctx, config.ViperKeySelfServiceRecoveryRequestLifespan, time.Millisecond*200) t.Cleanup(func() { - conf.MustSet(config.ViperKeySelfServiceRecoveryRequestLifespan, time.Minute) + conf.MustSet(ctx, config.ViperKeySelfServiceRecoveryRequestLifespan, time.Minute) }) c := testhelpers.NewClientWithCookies(t) @@ -672,7 +674,7 @@ func TestRecovery(t *testing.T) { require.NoError(t, err) assert.EqualValues(t, http.StatusOK, res.StatusCode) assert.NotContains(t, res.Request.URL.String(), "flow="+rs.Id) - assert.Contains(t, res.Request.URL.String(), conf.SelfServiceFlowRecoveryUI().String()) + assert.Contains(t, res.Request.URL.String(), conf.SelfServiceFlowRecoveryUI(ctx).String()) addr, err := reg.IdentityPool().FindVerifiableAddressByValue(context.Background(), identity.VerifiableAddressTypeEmail, recoveryEmail) assert.NoError(t, err) @@ -684,9 +686,9 @@ func TestRecovery(t *testing.T) { t.Run("description=should not be able to use an outdated flow", func(t *testing.T) { recoveryEmail := "recoverme6@ory.sh" createIdentityToRecover(recoveryEmail) - conf.MustSet(config.ViperKeySelfServiceRecoveryRequestLifespan, time.Millisecond*200) + conf.MustSet(ctx, config.ViperKeySelfServiceRecoveryRequestLifespan, time.Millisecond*200) t.Cleanup(func() { - conf.MustSet(config.ViperKeySelfServiceRecoveryRequestLifespan, time.Minute) + conf.MustSet(ctx, config.ViperKeySelfServiceRecoveryRequestLifespan, time.Minute) }) c := testhelpers.NewClientWithCookies(t) @@ -705,7 +707,7 @@ func TestRecovery(t *testing.T) { require.NoError(t, err) assert.EqualValues(t, http.StatusOK, res.StatusCode) - assert.Contains(t, res.Request.URL.String(), conf.SelfServiceFlowRecoveryUI().String()) + assert.Contains(t, res.Request.URL.String(), conf.SelfServiceFlowRecoveryUI(ctx).String()) assert.NotContains(t, res.Request.URL.String(), gjson.Get(body, "id").String()) rs, _, err := testhelpers.NewSDKCustomClient(public, c).V0alpha2Api.GetSelfServiceRecoveryFlow(context.Background()).Id(res.Request.URL.Query().Get("flow")).Execute() @@ -723,9 +725,10 @@ func TestRecovery(t *testing.T) { } func TestDisabledEndpoint(t *testing.T) { + ctx := context.Background() conf, reg := internal.NewFastRegistryWithMocks(t) initViper(t, conf) - conf.MustSet(config.ViperKeySelfServiceStrategyConfig+"."+recovery.StrategyRecoveryLinkName+".enabled", false) + conf.MustSet(ctx, config.ViperKeySelfServiceStrategyConfig+"."+recovery.StrategyRecoveryLinkName+".enabled", false) publicTS, adminTS := testhelpers.NewKratosServer(t, reg) adminSDK := testhelpers.NewSDKClient(adminTS) diff --git a/selfservice/strategy/link/strategy_test.go b/selfservice/strategy/link/strategy_test.go index 8bf112d322c1..fb8f6cd96283 100644 --- a/selfservice/strategy/link/strategy_test.go +++ b/selfservice/strategy/link/strategy_test.go @@ -1,6 +1,7 @@ package link_test import ( + "context" "testing" "github.com/ory/kratos/internal/testhelpers" @@ -11,11 +12,12 @@ import ( ) func initViper(t *testing.T, c *config.Config) { + ctx := context.Background() testhelpers.SetDefaultIdentitySchema(c, "file://./stub/default.schema.json") - c.MustSet(config.ViperKeySelfServiceBrowserDefaultReturnTo, "https://www.ory.sh") - c.MustSet(config.ViperKeyURLsAllowedReturnToDomains, []string{"https://www.ory.sh"}) - c.MustSet(config.ViperKeySelfServiceStrategyConfig+"."+identity.CredentialsTypePassword.String()+".enabled", true) - c.MustSet(config.ViperKeySelfServiceStrategyConfig+"."+recovery.StrategyRecoveryLinkName+".enabled", true) - c.MustSet(config.ViperKeySelfServiceRecoveryEnabled, true) - c.MustSet(config.ViperKeySelfServiceVerificationEnabled, true) + c.MustSet(ctx, config.ViperKeySelfServiceBrowserDefaultReturnTo, "https://www.ory.sh") + c.MustSet(ctx, config.ViperKeyURLsAllowedReturnToDomains, []string{"https://www.ory.sh"}) + c.MustSet(ctx, config.ViperKeySelfServiceStrategyConfig+"."+identity.CredentialsTypePassword.String()+".enabled", true) + c.MustSet(ctx, config.ViperKeySelfServiceStrategyConfig+"."+recovery.StrategyRecoveryLinkName+".enabled", true) + c.MustSet(ctx, config.ViperKeySelfServiceRecoveryEnabled, true) + c.MustSet(ctx, config.ViperKeySelfServiceVerificationEnabled, true) } diff --git a/selfservice/strategy/link/strategy_verification.go b/selfservice/strategy/link/strategy_verification.go index 65599959d120..22f005ecb23f 100644 --- a/selfservice/strategy/link/strategy_verification.go +++ b/selfservice/strategy/link/strategy_verification.go @@ -152,7 +152,7 @@ func (s *Strategy) verificationHandleFormSubmission(w http.ResponseWriter, r *ht return s.handleVerificationError(w, r, f, body, schema.NewRequiredError("#/email", "email")) } - if err := flow.EnsureCSRF(s.d, r, f.Type, s.d.Config(r.Context()).DisableAPIFlowEnforcement(), s.d.GenerateCSRFToken, body.CSRFToken); err != nil { + if err := flow.EnsureCSRF(s.d, r, f.Type, s.d.Config().DisableAPIFlowEnforcement(r.Context()), s.d.GenerateCSRFToken, body.CSRFToken); err != nil { return s.handleVerificationError(w, r, f, body, err) } @@ -199,7 +199,7 @@ func (s *Strategy) verificationUseToken(w http.ResponseWriter, r *http.Request, var f *verification.Flow if !token.FlowID.Valid { - f, err = verification.NewFlow(s.d.Config(r.Context()), s.d.Config(r.Context()).SelfServiceFlowVerificationRequestLifespan(), s.d.GenerateCSRFToken(r), r, s.d.VerificationStrategies(r.Context()), flow.TypeBrowser) + f, err = verification.NewFlow(s.d.Config(), s.d.Config().SelfServiceFlowVerificationRequestLifespan(r.Context()), s.d.GenerateCSRFToken(r), r, s.d.VerificationStrategies(r.Context()), flow.TypeBrowser) if err != nil { return s.retryVerificationFlowWithError(w, r, flow.TypeBrowser, err) } @@ -245,7 +245,7 @@ func (s *Strategy) verificationUseToken(w http.ResponseWriter, r *http.Request, return s.retryVerificationFlowWithError(w, r, flow.TypeBrowser, err) } - defaultRedirectURL := s.d.Config(r.Context()).SelfServiceFlowVerificationReturnTo(f.AppendTo(s.d.Config(r.Context()).SelfServiceFlowVerificationUI())) + defaultRedirectURL := s.d.Config().SelfServiceFlowVerificationReturnTo(r.Context(), f.AppendTo(s.d.Config().SelfServiceFlowVerificationUI(r.Context()))) verificationRequestURL, err := urlx.Parse(f.GetRequestURL()) if err != nil { @@ -256,8 +256,8 @@ func (s *Strategy) verificationUseToken(w http.ResponseWriter, r *http.Request, verificationRequest := http.Request{URL: verificationRequestURL} returnTo, err := x.SecureRedirectTo(&verificationRequest, defaultRedirectURL, - x.SecureRedirectAllowSelfServiceURLs(s.d.Config(r.Context()).SelfPublicURL()), - x.SecureRedirectAllowURLs(s.d.Config(r.Context()).SelfServiceBrowserAllowedReturnToDomains()), + x.SecureRedirectAllowSelfServiceURLs(s.d.Config().SelfPublicURL(r.Context())), + x.SecureRedirectAllowURLs(s.d.Config().SelfServiceBrowserAllowedReturnToDomains(r.Context())), ) if err != nil { s.d.Logger().Debugf("error parsing redirectTo from verification: %s\n", err) @@ -272,8 +272,8 @@ func (s *Strategy) verificationUseToken(w http.ResponseWriter, r *http.Request, func (s *Strategy) retryVerificationFlowWithMessage(w http.ResponseWriter, r *http.Request, ft flow.Type, message *text.Message) error { s.d.Logger().WithRequest(r).WithField("message", message).Debug("A verification flow is being retried because a validation error occurred.") - f, err := verification.NewFlow(s.d.Config(r.Context()), - s.d.Config(r.Context()).SelfServiceFlowVerificationRequestLifespan(), s.d.CSRFHandler().RegenerateToken(w, r), r, s.d.VerificationStrategies(r.Context()), ft) + f, err := verification.NewFlow(s.d.Config(), + s.d.Config().SelfServiceFlowVerificationRequestLifespan(r.Context()), s.d.CSRFHandler().RegenerateToken(w, r), r, s.d.VerificationStrategies(r.Context()), ft) if err != nil { return s.handleVerificationError(w, r, f, nil, err) } @@ -284,9 +284,9 @@ func (s *Strategy) retryVerificationFlowWithMessage(w http.ResponseWriter, r *ht } if ft == flow.TypeBrowser { - http.Redirect(w, r, f.AppendTo(s.d.Config(r.Context()).SelfServiceFlowVerificationUI()).String(), http.StatusSeeOther) + http.Redirect(w, r, f.AppendTo(s.d.Config().SelfServiceFlowVerificationUI(r.Context())).String(), http.StatusSeeOther) } else { - http.Redirect(w, r, urlx.CopyWithQuery(urlx.AppendPaths(s.d.Config(r.Context()).SelfPublicURL(), + http.Redirect(w, r, urlx.CopyWithQuery(urlx.AppendPaths(s.d.Config().SelfPublicURL(r.Context()), verification.RouteGetFlow), url.Values{"id": {f.ID.String()}}).String(), http.StatusSeeOther) } @@ -296,8 +296,8 @@ func (s *Strategy) retryVerificationFlowWithMessage(w http.ResponseWriter, r *ht func (s *Strategy) retryVerificationFlowWithError(w http.ResponseWriter, r *http.Request, ft flow.Type, verErr error) error { s.d.Logger().WithRequest(r).WithError(verErr).Debug("A verification flow is being retried because an error occurred.") - f, err := verification.NewFlow(s.d.Config(r.Context()), - s.d.Config(r.Context()).SelfServiceFlowVerificationRequestLifespan(), s.d.CSRFHandler().RegenerateToken(w, r), r, s.d.VerificationStrategies(r.Context()), ft) + f, err := verification.NewFlow(s.d.Config(), + s.d.Config().SelfServiceFlowVerificationRequestLifespan(r.Context()), s.d.CSRFHandler().RegenerateToken(w, r), r, s.d.VerificationStrategies(r.Context()), ft) if err != nil { return s.handleVerificationError(w, r, f, nil, err) } @@ -315,9 +315,9 @@ func (s *Strategy) retryVerificationFlowWithError(w http.ResponseWriter, r *http } if ft == flow.TypeBrowser { - http.Redirect(w, r, f.AppendTo(s.d.Config(r.Context()).SelfServiceFlowVerificationUI()).String(), http.StatusSeeOther) + http.Redirect(w, r, f.AppendTo(s.d.Config().SelfServiceFlowVerificationUI(r.Context())).String(), http.StatusSeeOther) } else { - http.Redirect(w, r, urlx.CopyWithQuery(urlx.AppendPaths(s.d.Config(r.Context()).SelfPublicURL(), + http.Redirect(w, r, urlx.CopyWithQuery(urlx.AppendPaths(s.d.Config().SelfPublicURL(r.Context()), verification.RouteGetFlow), url.Values{"id": {f.ID.String()}}).String(), http.StatusSeeOther) } diff --git a/selfservice/strategy/link/strategy_verification_test.go b/selfservice/strategy/link/strategy_verification_test.go index 63bc355ed9d0..e3edb984c502 100644 --- a/selfservice/strategy/link/strategy_verification_test.go +++ b/selfservice/strategy/link/strategy_verification_test.go @@ -35,6 +35,7 @@ import ( ) func TestVerification(t *testing.T) { + ctx := context.Background() conf, reg := internal.NewFastRegistryWithMocks(t) initViper(t, conf) @@ -69,7 +70,7 @@ func TestVerification(t *testing.T) { } return testhelpers.SubmitVerificationForm(t, isAPI, isSPA, hc, public, values, c, - testhelpers.ExpectURL(isAPI || isSPA, public.URL+verification.RouteSubmitFlow, conf.SelfServiceFlowVerificationUI().String())) + testhelpers.ExpectURL(isAPI || isSPA, public.URL+verification.RouteSubmitFlow, conf.SelfServiceFlowVerificationUI(ctx).String())) } var expectValidationError = func(t *testing.T, hc *http.Client, isAPI, isSPA bool, values func(url.Values)) string { @@ -103,7 +104,7 @@ func TestVerification(t *testing.T) { res, err := c.PostForm(rs.Ui.Action, url.Values{"method": {"not-link"}, "email": {verificationEmail}}) require.NoError(t, err) assert.EqualValues(t, http.StatusOK, res.StatusCode) - assert.Contains(t, res.Request.URL.String(), conf.SelfServiceFlowVerificationUI().String()) + assert.Contains(t, res.Request.URL.String(), conf.SelfServiceFlowVerificationUI(ctx).String()) body := ioutilx.MustReadAll(res.Body) require.NoError(t, res.Body.Close()) @@ -199,7 +200,7 @@ func TestVerification(t *testing.T) { res, err := c.Get(public.URL + verification.RouteSubmitFlow + "?flow=" + f.Id + "&token=i-do-not-exist") require.NoError(t, err) assert.Equal(t, http.StatusOK, res.StatusCode) - assert.Contains(t, res.Request.URL.String(), conf.SelfServiceFlowVerificationUI().String()+"?flow=") + assert.Contains(t, res.Request.URL.String(), conf.SelfServiceFlowVerificationUI(ctx).String()+"?flow=") sr, _, err := testhelpers.NewSDKCustomClient(public, c).V0alpha2Api.GetSelfServiceVerificationFlow(context.Background()).Id(res.Request.URL.Query().Get("flow")).Execute() require.NoError(t, err) @@ -209,9 +210,9 @@ func TestVerification(t *testing.T) { }) t.Run("description=should not be able to use an outdated link", func(t *testing.T) { - conf.MustSet(config.ViperKeySelfServiceVerificationRequestLifespan, time.Millisecond*200) + conf.MustSet(ctx, config.ViperKeySelfServiceVerificationRequestLifespan, time.Millisecond*200) t.Cleanup(func() { - conf.MustSet(config.ViperKeySelfServiceVerificationRequestLifespan, time.Minute) + conf.MustSet(ctx, config.ViperKeySelfServiceVerificationRequestLifespan, time.Minute) }) c := testhelpers.NewClientWithCookies(t) @@ -223,13 +224,13 @@ func TestVerification(t *testing.T) { require.NoError(t, err) assert.EqualValues(t, http.StatusOK, res.StatusCode) assert.NotContains(t, res.Request.URL.String(), "flow="+rs.Id) - assert.Contains(t, res.Request.URL.String(), conf.SelfServiceFlowVerificationUI().String()) + assert.Contains(t, res.Request.URL.String(), conf.SelfServiceFlowVerificationUI(ctx).String()) }) t.Run("description=should not be able to use an outdated flow", func(t *testing.T) { - conf.MustSet(config.ViperKeySelfServiceVerificationRequestLifespan, time.Millisecond*200) + conf.MustSet(ctx, config.ViperKeySelfServiceVerificationRequestLifespan, time.Millisecond*200) t.Cleanup(func() { - conf.MustSet(config.ViperKeySelfServiceVerificationRequestLifespan, time.Minute) + conf.MustSet(ctx, config.ViperKeySelfServiceVerificationRequestLifespan, time.Minute) }) c := testhelpers.NewClientWithCookies(t) @@ -248,7 +249,7 @@ func TestVerification(t *testing.T) { require.NoError(t, err) assert.EqualValues(t, http.StatusOK, res.StatusCode) - assert.Contains(t, res.Request.URL.String(), conf.SelfServiceFlowVerificationUI().String()) + assert.Contains(t, res.Request.URL.String(), conf.SelfServiceFlowVerificationUI(ctx).String()) assert.NotContains(t, res.Request.URL.String(), gjson.Get(body, "id").String()) sr, _, err := testhelpers.NewSDKCustomClient(public, c).V0alpha2Api.GetSelfServiceVerificationFlow(context.Background()).Id(res.Request.URL.Query().Get("flow")).Execute() @@ -278,7 +279,7 @@ func TestVerification(t *testing.T) { defer res.Body.Close() assert.Equal(t, http.StatusOK, res.StatusCode) - assert.Contains(t, res.Request.URL.String(), conf.SelfServiceFlowVerificationUI().String()) + assert.Contains(t, res.Request.URL.String(), conf.SelfServiceFlowVerificationUI(ctx).String()) body := string(ioutilx.MustReadAll(res.Body)) assert.EqualValues(t, "passed_challenge", gjson.Get(body, "state").String()) assert.EqualValues(t, text.NewInfoSelfServiceVerificationSuccessful().Text, gjson.Get(body, "ui.messages.0.text").String()) @@ -357,16 +358,16 @@ func TestVerification(t *testing.T) { t.Run("case=respects return_to URI parameter", func(t *testing.T) { returnToURL := public.URL + "/after-verification" - conf.MustSet(config.ViperKeyURLsAllowedReturnToDomains, []string{returnToURL}) + conf.MustSet(ctx, config.ViperKeyURLsAllowedReturnToDomains, []string{returnToURL}) client := &http.Client{ CheckRedirect: func(req *http.Request, via []*http.Request) error { return http.ErrUseLastResponse }, } - conf.MustSet(config.ViperKeySelfServiceVerificationRequestLifespan, time.Millisecond*200) + conf.MustSet(ctx, config.ViperKeySelfServiceVerificationRequestLifespan, time.Millisecond*200) t.Cleanup(func() { - conf.MustSet(config.ViperKeySelfServiceVerificationRequestLifespan, time.Minute) + conf.MustSet(ctx, config.ViperKeySelfServiceVerificationRequestLifespan, time.Minute) }) flow, token := newValidFlow(t, public.URL+verification.RouteInitBrowserFlow+"?"+url.Values{"return_to": {returnToURL}}.Encode()) diff --git a/selfservice/strategy/link/test/persistence.go b/selfservice/strategy/link/test/persistence.go index 664d2fb9a440..fba4a6786cf4 100644 --- a/selfservice/strategy/link/test/persistence.go +++ b/selfservice/strategy/link/test/persistence.go @@ -31,7 +31,7 @@ func TestPersister(ctx context.Context, conf *config.Config, p interface { nid, p := testhelpers.NewNetworkUnlessExisting(t, ctx, p) testhelpers.SetDefaultIdentitySchema(conf, "file://./stub/identity.schema.json") - conf.MustSet(config.ViperKeySecretsDefault, []string{"secret-a", "secret-b"}) + conf.MustSet(ctx, config.ViperKeySecretsDefault, []string{"secret-a", "secret-b"}) t.Run("token=recovery", func(t *testing.T) { t.Run("case=should error when the recovery token does not exist", func(t *testing.T) { diff --git a/selfservice/strategy/link/token_recovery.go b/selfservice/strategy/link/token_recovery.go index 37980d2a77d4..12c5368d9f9f 100644 --- a/selfservice/strategy/link/token_recovery.go +++ b/selfservice/strategy/link/token_recovery.go @@ -6,8 +6,6 @@ import ( "github.com/ory/kratos/selfservice/flow" - "github.com/ory/kratos/corp" - "github.com/gofrs/uuid" errors "github.com/pkg/errors" @@ -54,7 +52,7 @@ type RecoveryToken struct { } func (RecoveryToken) TableName(ctx context.Context) string { - return corp.ContextualizeTableName(ctx, "identity_recovery_tokens") + return "identity_recovery_tokens" } func NewSelfServiceRecoveryToken(address *identity.RecoveryAddress, f *recovery.Flow, expiresIn time.Duration) *RecoveryToken { diff --git a/selfservice/strategy/link/token_verification.go b/selfservice/strategy/link/token_verification.go index 2898c3b8f0c9..93454725b47d 100644 --- a/selfservice/strategy/link/token_verification.go +++ b/selfservice/strategy/link/token_verification.go @@ -4,18 +4,14 @@ import ( "context" "time" - "github.com/ory/kratos/selfservice/flow" - - "github.com/ory/kratos/corp" - "github.com/gofrs/uuid" "github.com/pkg/errors" - "github.com/ory/x/randx" - "github.com/ory/kratos/identity" + "github.com/ory/kratos/selfservice/flow" "github.com/ory/kratos/selfservice/flow/verification" "github.com/ory/kratos/x" + "github.com/ory/x/randx" ) type VerificationToken struct { @@ -53,7 +49,7 @@ type VerificationToken struct { } func (VerificationToken) TableName(ctx context.Context) string { - return corp.ContextualizeTableName(ctx, "identity_verification_tokens") + return "identity_verification_tokens" } func NewSelfServiceVerificationToken(address *identity.VerifiableAddress, f *verification.Flow, expiresIn time.Duration) *VerificationToken { diff --git a/selfservice/strategy/lookup/login.go b/selfservice/strategy/lookup/login.go index c4ef436bb7ff..610256a8fdec 100644 --- a/selfservice/strategy/lookup/login.go +++ b/selfservice/strategy/lookup/login.go @@ -102,7 +102,7 @@ func (s *Strategy) Login(w http.ResponseWriter, r *http.Request, f *login.Flow, return nil, s.handleLoginError(r, f, err) } - if err := flow.EnsureCSRF(s.d, r, f.Type, s.d.Config(r.Context()).DisableAPIFlowEnforcement(), s.d.GenerateCSRFToken, p.CSRFToken); err != nil { + if err := flow.EnsureCSRF(s.d, r, f.Type, s.d.Config().DisableAPIFlowEnforcement(r.Context()), s.d.GenerateCSRFToken, p.CSRFToken); err != nil { return nil, s.handleLoginError(r, f, err) } diff --git a/selfservice/strategy/lookup/login_test.go b/selfservice/strategy/lookup/login_test.go index 1bf17f7aa416..8964bc8098ee 100644 --- a/selfservice/strategy/lookup/login_test.go +++ b/selfservice/strategy/lookup/login_test.go @@ -31,9 +31,10 @@ import ( var lookupCodeGJSONQuery = "ui.nodes.#(attributes.name==" + identity.CredentialsTypeLookup.String() + ")" func TestCompleteLogin(t *testing.T) { + ctx := context.Background() conf, reg := internal.NewFastRegistryWithMocks(t) - conf.MustSet(config.ViperKeySelfServiceStrategyConfig+"."+string(identity.CredentialsTypePassword)+".enabled", false) - conf.MustSet(config.ViperKeySelfServiceStrategyConfig+"."+string(identity.CredentialsTypeLookup)+".enabled", true) + conf.MustSet(ctx, config.ViperKeySelfServiceStrategyConfig+"."+string(identity.CredentialsTypePassword)+".enabled", false) + conf.MustSet(ctx, config.ViperKeySelfServiceStrategyConfig+"."+string(identity.CredentialsTypeLookup)+".enabled", true) router := x.NewRouterPublic() publicTS, _ := testhelpers.NewKratosServerWithRouters(t, reg, router, x.NewRouterAdmin()) @@ -43,11 +44,11 @@ func TestCompleteLogin(t *testing.T) { redirTS := testhelpers.NewRedirSessionEchoTS(t, reg) // Overwrite these two to make it more explicit when tests fail - conf.MustSet(config.ViperKeySelfServiceErrorUI, errTS.URL+"/error-ts") - conf.MustSet(config.ViperKeySelfServiceLoginUI, uiTS.URL+"/login-ts") + conf.MustSet(ctx, config.ViperKeySelfServiceErrorUI, errTS.URL+"/error-ts") + conf.MustSet(ctx, config.ViperKeySelfServiceLoginUI, uiTS.URL+"/login-ts") testhelpers.SetDefaultIdentitySchema(conf, "file://./stub/login.schema.json") - conf.MustSet(config.ViperKeySecretsDefault, []string{"not-a-secure-session-key"}) + conf.MustSet(ctx, config.ViperKeySecretsDefault, []string{"not-a-secure-session-key"}) t.Run("case=lookup payload is set when identity has lookup", func(t *testing.T) { id, _ := createIdentity(t, reg) diff --git a/selfservice/strategy/lookup/settings.go b/selfservice/strategy/lookup/settings.go index 27b1095d49d0..c67c092d0b88 100644 --- a/selfservice/strategy/lookup/settings.go +++ b/selfservice/strategy/lookup/settings.go @@ -140,11 +140,11 @@ func (s *Strategy) continueSettingsFlow( return err } - if err := flow.EnsureCSRF(s.d, r, ctxUpdate.Flow.Type, s.d.Config(r.Context()).DisableAPIFlowEnforcement(), s.d.GenerateCSRFToken, p.CSRFToken); err != nil { + if err := flow.EnsureCSRF(s.d, r, ctxUpdate.Flow.Type, s.d.Config().DisableAPIFlowEnforcement(r.Context()), s.d.GenerateCSRFToken, p.CSRFToken); err != nil { return err } - if ctxUpdate.Session.AuthenticatedAt.Add(s.d.Config(r.Context()).SelfServiceFlowSettingsPrivilegedSessionMaxAge()).Before(time.Now()) { + if ctxUpdate.Session.AuthenticatedAt.Add(s.d.Config().SelfServiceFlowSettingsPrivilegedSessionMaxAge(r.Context())).Before(time.Now()) { return errors.WithStack(settings.NewFlowNeedsReAuth()) } } else { diff --git a/selfservice/strategy/lookup/settings_test.go b/selfservice/strategy/lookup/settings_test.go index 2acba8626116..3e39bd4a3c00 100644 --- a/selfservice/strategy/lookup/settings_test.go +++ b/selfservice/strategy/lookup/settings_test.go @@ -53,7 +53,7 @@ func createIdentity(t *testing.T, reg driver.Registry) (*identity.Identity, []lo } identifier := x.NewUUID().String() + "@ory.sh" password := x.NewUUID().String() - p, err := reg.Hasher().Generate(context.Background(), []byte(password)) + p, err := reg.Hasher(context.Background()).Generate(context.Background(), []byte(password)) require.NoError(t, err) i := &identity.Identity{ Traits: identity.Traits(fmt.Sprintf(`{"subject":"%s"}`, identifier)), @@ -87,11 +87,12 @@ func createIdentity(t *testing.T, reg driver.Registry) (*identity.Identity, []lo } func TestCompleteSettings(t *testing.T) { + ctx := context.Background() conf, reg := internal.NewFastRegistryWithMocks(t) - conf.MustSet(config.ViperKeySelfServiceStrategyConfig+"."+string(identity.CredentialsTypePassword)+".enabled", false) - conf.MustSet(config.ViperKeySelfServiceStrategyConfig+".profile.enabled", false) - conf.MustSet(config.ViperKeySelfServiceStrategyConfig+"."+string(identity.CredentialsTypeLookup)+".enabled", true) - conf.MustSet(config.ViperKeySelfServiceSettingsRequiredAAL, "aal1") + conf.MustSet(ctx, config.ViperKeySelfServiceStrategyConfig+"."+string(identity.CredentialsTypePassword)+".enabled", false) + conf.MustSet(ctx, config.ViperKeySelfServiceStrategyConfig+".profile.enabled", false) + conf.MustSet(ctx, config.ViperKeySelfServiceStrategyConfig+"."+string(identity.CredentialsTypeLookup)+".enabled", true) + conf.MustSet(ctx, config.ViperKeySelfServiceSettingsRequiredAAL, "aal1") router := x.NewRouterPublic() publicTS, _ := testhelpers.NewKratosServerWithRouters(t, reg, router, x.NewRouterAdmin()) @@ -101,10 +102,10 @@ func TestCompleteSettings(t *testing.T) { _ = testhelpers.NewRedirSessionEchoTS(t, reg) loginTS := testhelpers.NewLoginUIFlowEchoServer(t, reg) - conf.MustSet(config.ViperKeySelfServiceSettingsPrivilegedAuthenticationAfter, "1m") + conf.MustSet(ctx, config.ViperKeySelfServiceSettingsPrivilegedAuthenticationAfter, "1m") testhelpers.SetDefaultIdentitySchema(conf, "file://./stub/login.schema.json") - conf.MustSet(config.ViperKeySecretsDefault, []string{"not-a-secure-session-key"}) + conf.MustSet(ctx, config.ViperKeySecretsDefault, []string{"not-a-secure-session-key"}) doAPIFlow := func(t *testing.T, v func(url.Values), id *identity.Identity) (string, *http.Response) { apiClient := testhelpers.NewHTTPClientWithIdentitySessionToken(t, reg, id) @@ -202,9 +203,9 @@ func TestCompleteSettings(t *testing.T) { }) t.Run("type=can not reveal or regenerate or remove without privileged session", func(t *testing.T) { - conf.MustSet(config.ViperKeySelfServiceSettingsPrivilegedAuthenticationAfter, "1ns") + conf.MustSet(ctx, config.ViperKeySelfServiceSettingsPrivilegedAuthenticationAfter, "1ns") t.Cleanup(func() { - conf.MustSet(config.ViperKeySelfServiceSettingsPrivilegedAuthenticationAfter, "5m") + conf.MustSet(ctx, config.ViperKeySelfServiceSettingsPrivilegedAuthenticationAfter, "5m") }) id, codes := createIdentity(t, reg) diff --git a/selfservice/strategy/oidc/provider_auth0.go b/selfservice/strategy/oidc/provider_auth0.go index a5143e8853f1..ad6c95286844 100644 --- a/selfservice/strategy/oidc/provider_auth0.go +++ b/selfservice/strategy/oidc/provider_auth0.go @@ -57,7 +57,7 @@ func (g *ProviderAuth0) oauth2(ctx context.Context) (*oauth2.Config, error) { TokenURL: tokenUrl.String(), }, Scopes: g.config.Scope, - RedirectURL: g.config.Redir(g.reg.Config(ctx).OIDCRedirectURIBase()), + RedirectURL: g.config.Redir(g.reg.Config().OIDCRedirectURIBase(ctx)), } return c, nil diff --git a/selfservice/strategy/oidc/provider_config_test.go b/selfservice/strategy/oidc/provider_config_test.go index cb51199986ec..c56053c388fd 100644 --- a/selfservice/strategy/oidc/provider_config_test.go +++ b/selfservice/strategy/oidc/provider_config_test.go @@ -16,15 +16,16 @@ import ( ) func TestConfig(t *testing.T) { + ctx := context.Background() conf, reg := internal.NewFastRegistryWithMocks(t) var c map[string]interface{} require.NoError(t, json.NewDecoder( bytes.NewBufferString(`{"config":{"providers": [{"provider": "generic"}]}}`)).Decode(&c)) - conf.MustSet(config.ViperKeySelfServiceStrategyConfig+"."+string(identity.CredentialsTypeOIDC), c) + conf.MustSet(ctx, config.ViperKeySelfServiceStrategyConfig+"."+string(identity.CredentialsTypeOIDC), c) s := oidc.NewStrategy(reg) - collection, err := s.Config(context.Background()) + collection, err := s.Config(ctx) require.NoError(t, err) require.Len(t, collection.Providers, 1) diff --git a/selfservice/strategy/oidc/provider_dingtalk.go b/selfservice/strategy/oidc/provider_dingtalk.go index 30b2f00099bb..4f39eba019c3 100644 --- a/selfservice/strategy/oidc/provider_dingtalk.go +++ b/selfservice/strategy/oidc/provider_dingtalk.go @@ -48,7 +48,7 @@ func (g *ProviderDingTalk) oauth2(ctx context.Context) *oauth2.Config { Endpoint: endpoint, // DingTalk only allow to set scopes: openid or openid corpid Scopes: g.config.Scope, - RedirectURL: g.config.Redir(g.reg.Config(ctx).OIDCRedirectURIBase()), + RedirectURL: g.config.Redir(g.reg.Config().OIDCRedirectURIBase(ctx)), } } diff --git a/selfservice/strategy/oidc/provider_discord.go b/selfservice/strategy/oidc/provider_discord.go index 7776e72b0fb0..3ede5c4c5ed3 100644 --- a/selfservice/strategy/oidc/provider_discord.go +++ b/selfservice/strategy/oidc/provider_discord.go @@ -43,7 +43,7 @@ func (d *ProviderDiscord) oauth2(ctx context.Context) *oauth2.Config { AuthURL: discordgo.EndpointOauth2 + "authorize", TokenURL: discordgo.EndpointOauth2 + "token", }, - RedirectURL: d.config.Redir(d.reg.Config(ctx).OIDCRedirectURIBase()), + RedirectURL: d.config.Redir(d.reg.Config().OIDCRedirectURIBase(ctx)), Scopes: d.config.Scope, } } diff --git a/selfservice/strategy/oidc/provider_generic_oidc.go b/selfservice/strategy/oidc/provider_generic_oidc.go index db71b95ad668..9548eb488773 100644 --- a/selfservice/strategy/oidc/provider_generic_oidc.go +++ b/selfservice/strategy/oidc/provider_generic_oidc.go @@ -57,7 +57,7 @@ func (g *ProviderGenericOIDC) oauth2ConfigFromEndpoint(ctx context.Context, endp ClientSecret: g.config.ClientSecret, Endpoint: endpoint, Scopes: scope, - RedirectURL: g.config.Redir(g.reg.Config(ctx).OIDCRedirectURIBase()), + RedirectURL: g.config.Redir(g.reg.Config().OIDCRedirectURIBase(ctx)), } } diff --git a/selfservice/strategy/oidc/provider_generic_test.go b/selfservice/strategy/oidc/provider_generic_test.go index 5e200801bf8b..f9da7bda48a5 100644 --- a/selfservice/strategy/oidc/provider_generic_test.go +++ b/selfservice/strategy/oidc/provider_generic_test.go @@ -48,8 +48,9 @@ func makeAuthCodeURL(t *testing.T, r *login.Flow, reg *driver.RegistryDefault) s } func TestProviderGenericOIDC_AddAuthCodeURLOptions(t *testing.T) { + ctx := context.Background() conf, reg := internal.NewFastRegistryWithMocks(t) - conf.MustSet(config.ViperKeyPublicBaseURL, "https://ory.sh") + conf.MustSet(ctx, config.ViperKeyPublicBaseURL, "https://ory.sh") t.Run("case=redirectURI is public base url", func(t *testing.T) { r := &login.Flow{ID: x.NewUUID(), Refresh: true} actual, err := url.ParseRequestURI(makeAuthCodeURL(t, r, reg)) @@ -58,9 +59,9 @@ func TestProviderGenericOIDC_AddAuthCodeURLOptions(t *testing.T) { }) t.Run("case=redirectURI is public base url", func(t *testing.T) { - conf.MustSet(config.ViperKeyOIDCBaseRedirectURL, "https://example.org") + conf.MustSet(ctx, config.ViperKeyOIDCBaseRedirectURL, "https://example.org") t.Cleanup(func() { - conf.MustSet(config.ViperKeyOIDCBaseRedirectURL, nil) + conf.MustSet(ctx, config.ViperKeyOIDCBaseRedirectURL, nil) }) r := &login.Flow{ID: x.NewUUID(), Refresh: true} actual, err := url.ParseRequestURI(makeAuthCodeURL(t, r, reg)) diff --git a/selfservice/strategy/oidc/provider_github.go b/selfservice/strategy/oidc/provider_github.go index 05c79847d8ad..62d9b3b16457 100644 --- a/selfservice/strategy/oidc/provider_github.go +++ b/selfservice/strategy/oidc/provider_github.go @@ -44,7 +44,7 @@ func (g *ProviderGitHub) oauth2(ctx context.Context) *oauth2.Config { ClientSecret: g.config.ClientSecret, Endpoint: github.Endpoint, Scopes: g.config.Scope, - RedirectURL: g.config.Redir(g.reg.Config(ctx).OIDCRedirectURIBase()), + RedirectURL: g.config.Redir(g.reg.Config().OIDCRedirectURIBase(ctx)), } } diff --git a/selfservice/strategy/oidc/provider_github_app.go b/selfservice/strategy/oidc/provider_github_app.go index 9553852a3614..ef69cb9cf047 100644 --- a/selfservice/strategy/oidc/provider_github_app.go +++ b/selfservice/strategy/oidc/provider_github_app.go @@ -41,7 +41,7 @@ func (g *ProviderGitHubApp) oauth2(ctx context.Context) *oauth2.Config { ClientSecret: g.config.ClientSecret, Endpoint: github.Endpoint, Scopes: g.config.Scope, - RedirectURL: g.config.Redir(g.reg.Config(ctx).OIDCRedirectURIBase()), + RedirectURL: g.config.Redir(g.reg.Config().OIDCRedirectURIBase(ctx)), } } diff --git a/selfservice/strategy/oidc/provider_gitlab.go b/selfservice/strategy/oidc/provider_gitlab.go index 169afe6df893..0170ecc79212 100644 --- a/selfservice/strategy/oidc/provider_gitlab.go +++ b/selfservice/strategy/oidc/provider_gitlab.go @@ -56,7 +56,7 @@ func (g *ProviderGitLab) oauth2(ctx context.Context) (*oauth2.Config, error) { TokenURL: tokenUrl.String(), }, Scopes: g.config.Scope, - RedirectURL: g.config.Redir(g.reg.Config(ctx).OIDCRedirectURIBase()), + RedirectURL: g.config.Redir(g.reg.Config().OIDCRedirectURIBase(ctx)), }, nil } diff --git a/selfservice/strategy/oidc/provider_netid.go b/selfservice/strategy/oidc/provider_netid.go index 501252dbc406..83e6b0151d84 100644 --- a/selfservice/strategy/oidc/provider_netid.go +++ b/selfservice/strategy/oidc/provider_netid.go @@ -54,7 +54,7 @@ func (n *ProviderNetID) oAuth2(ctx context.Context) (*oauth2.Config, error) { TokenURL: tokenURL.String(), }, Scopes: n.config.Scope, - RedirectURL: n.config.Redir(n.reg.Config(ctx).OIDCRedirectURIBase()), + RedirectURL: n.config.Redir(n.reg.Config().OIDCRedirectURIBase(ctx)), }, nil } diff --git a/selfservice/strategy/oidc/provider_private_net_test.go b/selfservice/strategy/oidc/provider_private_net_test.go index 583be20f229c..590fd6791824 100644 --- a/selfservice/strategy/oidc/provider_private_net_test.go +++ b/selfservice/strategy/oidc/provider_private_net_test.go @@ -22,8 +22,9 @@ const fakeJWTJWKS = "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3OD const fakeJWTToken = "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyLCJleHAiOjk5OTk5OTk5OTksImF1ZCI6ImFiY2QiLCJpc3MiOiJodHRwczovL3Jhdy5naXRodWJ1c2VyY29udGVudC5jb20vYWVuZWFzci9wcml2YXRlLW9pZGMvbWFzdGVyL3Rva2VuIn0.G9v8pJXJrEOgdJ5ecE6sIIcTH_p-RKkBaImfZY5DDVCl7h5GEis1n3GKKYbL_O3fj8Fu-WzI2mquI8S8BOVCQ6wN0XtrqJv22iX_nzeVHc4V_JWV1q7hg2gPpoFFcnF3KKtxZLvDOA8ujsDbAXmoBu0fEBdwCN56xLOOKQDzULyfijuAa8hrCwespZ9HaqcHzD3iHf_Utd4nHqlTM-6upWpKIMkplS_NGcxrfIRIWusZ0wob6ryy8jECD9QeZpdTGUozq-YM64lZfMOZzuLuqichH_PCMKFyB_tOZb6lDIiiSX4Irz7_YF-DP-LmfxgIW4934RqTCeFGGIP64h4xAA" func TestProviderPrivateIP(t *testing.T) { + ctx := context.Background() conf, reg := internal.NewFastRegistryWithMocks(t) - conf.MustSet(config.ViperKeyClientHTTPNoPrivateIPRanges, true) + conf.MustSet(ctx, config.ViperKeyClientHTTPNoPrivateIPRanges, true) generic := func(c *oidc.Configuration) oidc.Provider { return oidc.NewProviderGenericOIDC(c, reg) diff --git a/selfservice/strategy/oidc/provider_slack.go b/selfservice/strategy/oidc/provider_slack.go index 1845cfea2255..41ac179d30e0 100644 --- a/selfservice/strategy/oidc/provider_slack.go +++ b/selfservice/strategy/oidc/provider_slack.go @@ -45,7 +45,7 @@ func (d *ProviderSlack) oauth2(ctx context.Context) *oauth2.Config { AuthURL: "https://slack.com/oauth/authorize", TokenURL: slack.APIURL + "oauth.access", }, - RedirectURL: d.config.Redir(d.reg.Config(ctx).OIDCRedirectURIBase()), + RedirectURL: d.config.Redir(d.reg.Config().OIDCRedirectURIBase(ctx)), Scopes: d.config.Scope, } } diff --git a/selfservice/strategy/oidc/provider_spotify.go b/selfservice/strategy/oidc/provider_spotify.go index 4b42c774c10c..bacce52cee5a 100644 --- a/selfservice/strategy/oidc/provider_spotify.go +++ b/selfservice/strategy/oidc/provider_spotify.go @@ -44,7 +44,7 @@ func (g *ProviderSpotify) oauth2(ctx context.Context) *oauth2.Config { ClientSecret: g.config.ClientSecret, Endpoint: spotify.Endpoint, Scopes: g.config.Scope, - RedirectURL: g.config.Redir(g.reg.Config(ctx).OIDCRedirectURIBase()), + RedirectURL: g.config.Redir(g.reg.Config().OIDCRedirectURIBase(ctx)), } } @@ -65,7 +65,7 @@ func (g *ProviderSpotify) Claims(ctx context.Context, exchange *oauth2.Token, qu } auth := spotifyauth.New( - spotifyauth.WithRedirectURL(g.config.Redir(g.reg.Config(ctx).OIDCRedirectURIBase())), + spotifyauth.WithRedirectURL(g.config.Redir(g.reg.Config().OIDCRedirectURIBase(ctx))), spotifyauth.WithScopes(spotifyauth.ScopeUserReadPrivate)) client := spotifyapi.New(auth.Client(ctx, exchange)) diff --git a/selfservice/strategy/oidc/provider_vk.go b/selfservice/strategy/oidc/provider_vk.go index fed90d8e9c48..a2fea4b3bf3f 100644 --- a/selfservice/strategy/oidc/provider_vk.go +++ b/selfservice/strategy/oidc/provider_vk.go @@ -44,7 +44,7 @@ func (g *ProviderVK) oauth2(ctx context.Context) *oauth2.Config { TokenURL: "https://oauth.vk.com/access_token", }, Scopes: g.config.Scope, - RedirectURL: g.config.Redir(g.reg.Config(ctx).OIDCRedirectURIBase()), + RedirectURL: g.config.Redir(g.reg.Config().OIDCRedirectURIBase(ctx)), } } diff --git a/selfservice/strategy/oidc/provider_yandex.go b/selfservice/strategy/oidc/provider_yandex.go index 6b78a9dda733..d5c084b016bc 100644 --- a/selfservice/strategy/oidc/provider_yandex.go +++ b/selfservice/strategy/oidc/provider_yandex.go @@ -42,7 +42,7 @@ func (g *ProviderYandex) oauth2(ctx context.Context) *oauth2.Config { TokenURL: "https://oauth.yandex.com/token", }, Scopes: g.config.Scope, - RedirectURL: g.config.Redir(g.reg.Config(ctx).OIDCRedirectURIBase()), + RedirectURL: g.config.Redir(g.reg.Config().OIDCRedirectURIBase(ctx)), } } diff --git a/selfservice/strategy/oidc/strategy.go b/selfservice/strategy/oidc/strategy.go index fe643d3b80c5..16f914edcc5e 100644 --- a/selfservice/strategy/oidc/strategy.go +++ b/selfservice/strategy/oidc/strategy.go @@ -172,7 +172,7 @@ func (s *Strategy) setRoutes(r *x.RouterPublic) { // Redirect POST request to GET rewriting form fields to query params. func (s *Strategy) redirectToGET(w http.ResponseWriter, r *http.Request, _ httprouter.Params) { - publicUrl := s.d.Config(r.Context()).SelfPublicURL() + publicUrl := s.d.Config().SelfPublicURL(r.Context()) dest := *r.URL dest.Host = publicUrl.Host dest.Scheme = publicUrl.Scheme @@ -289,7 +289,7 @@ func (s *Strategy) alreadyAuthenticated(w http.ResponseWriter, r *http.Request, if _, ok := req.(*settings.Flow); ok { // ignore this if it's a settings flow } else if !isForced(req) { - http.Redirect(w, r, s.d.Config(r.Context()).SelfServiceBrowserDefaultReturnTo().String(), http.StatusSeeOther) + http.Redirect(w, r, s.d.Config().SelfServiceBrowserDefaultReturnTo(r.Context()).String(), http.StatusSeeOther) return true } } @@ -397,7 +397,7 @@ func (s *Strategy) populateMethod(r *http.Request, c *container.Container, messa func (s *Strategy) Config(ctx context.Context) (*ConfigurationCollection, error) { var c ConfigurationCollection - conf := s.d.Config(ctx).SelfServiceStrategy(string(s.ID())).Config + conf := s.d.Config().SelfServiceStrategy(ctx, string(s.ID())).Config if err := jsonx. NewStrictDecoder(bytes.NewBuffer(conf)). Decode(&c); err != nil { @@ -450,7 +450,7 @@ func (s *Strategy) handleError(w http.ResponseWriter, r *http.Request, f flow.Fl AddProvider(rf.UI, provider, text.NewInfoRegistrationContinue()) if traits != nil { - ds, err := s.d.Config(r.Context()).DefaultIdentityTraitsSchemaURL() + ds, err := s.d.Config().DefaultIdentityTraitsSchemaURL(r.Context()) if err != nil { return err } diff --git a/selfservice/strategy/oidc/strategy_helper_test.go b/selfservice/strategy/oidc/strategy_helper_test.go index 8fd37ee5b838..6c061c2a5196 100644 --- a/selfservice/strategy/oidc/strategy_helper_test.go +++ b/selfservice/strategy/oidc/strategy_helper_test.go @@ -168,18 +168,20 @@ func newHydraIntegration(t *testing.T, remote *string, subject *string, claims * } func newReturnTs(t *testing.T, reg driver.Registry) *httptest.Server { + ctx := context.Background() ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { sess, err := reg.SessionManager().FetchFromRequest(r.Context(), r) require.NoError(t, err) require.Empty(t, sess.Identity.Credentials) reg.Writer().Write(w, r, sess) })) - reg.Config(context.Background()).MustSet(config.ViperKeySelfServiceBrowserDefaultReturnTo, ts.URL) + reg.Config().MustSet(ctx, config.ViperKeySelfServiceBrowserDefaultReturnTo, ts.URL) t.Cleanup(ts.Close) return ts } func newUI(t *testing.T, reg driver.Registry) *httptest.Server { + ctx := context.Background() ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { var e interface{} var err error @@ -195,9 +197,9 @@ func newUI(t *testing.T, reg driver.Registry) *httptest.Server { reg.Writer().Write(w, r, e) })) t.Cleanup(ts.Close) - reg.Config(context.Background()).MustSet(config.ViperKeySelfServiceLoginUI, ts.URL+"/login") - reg.Config(context.Background()).MustSet(config.ViperKeySelfServiceRegistrationUI, ts.URL+"/registration") - reg.Config(context.Background()).MustSet(config.ViperKeySelfServiceSettingsURL, ts.URL+"/settings") + reg.Config().MustSet(ctx, config.ViperKeySelfServiceLoginUI, ts.URL+"/login") + reg.Config().MustSet(ctx, config.ViperKeySelfServiceRegistrationUI, ts.URL+"/registration") + reg.Config().MustSet(ctx, config.ViperKeySelfServiceSettingsURL, ts.URL+"/settings") return ts } @@ -270,8 +272,9 @@ func newOIDCProvider( } func viperSetProviderConfig(t *testing.T, conf *config.Config, providers ...oidc.Configuration) { - conf.MustSet(config.ViperKeySelfServiceStrategyConfig+"."+string(identity.CredentialsTypeOIDC)+".config", &oidc.ConfigurationCollection{Providers: providers}) - conf.MustSet(config.ViperKeySelfServiceStrategyConfig+"."+string(identity.CredentialsTypeOIDC)+".enabled", true) + ctx := context.Background() + conf.MustSet(ctx, config.ViperKeySelfServiceStrategyConfig+"."+string(identity.CredentialsTypeOIDC)+".config", &oidc.ConfigurationCollection{Providers: providers}) + conf.MustSet(ctx, config.ViperKeySelfServiceStrategyConfig+"."+string(identity.CredentialsTypeOIDC)+".enabled", true) } func newClient(t *testing.T, jar *cookiejar.Jar) *http.Client { diff --git a/selfservice/strategy/oidc/strategy_registration.go b/selfservice/strategy/oidc/strategy_registration.go index 00aa504357cf..b4bb59b0a21c 100644 --- a/selfservice/strategy/oidc/strategy_registration.go +++ b/selfservice/strategy/oidc/strategy_registration.go @@ -79,7 +79,7 @@ type SubmitSelfServiceRegistrationFlowWithOidcMethodBody struct { } func (s *Strategy) newLinkDecoder(p interface{}, r *http.Request) error { - ds, err := s.d.Config(r.Context()).DefaultIdentityTraitsSchemaURL() + ds, err := s.d.Config().DefaultIdentityTraitsSchemaURL(r.Context()) if err != nil { return err } @@ -213,17 +213,17 @@ func (s *Strategy) processRegistration(w http.ResponseWriter, r *http.Request, a var it string if idToken, ok := token.Extra("id_token").(string); ok { - if it, err = s.d.Cipher().Encrypt(r.Context(), []byte(idToken)); err != nil { + if it, err = s.d.Cipher(r.Context()).Encrypt(r.Context(), []byte(idToken)); err != nil { return nil, s.handleError(w, r, a, provider.Config().ID, i.Traits, err) } } - cat, err := s.d.Cipher().Encrypt(r.Context(), []byte(token.AccessToken)) + cat, err := s.d.Cipher(r.Context()).Encrypt(r.Context(), []byte(token.AccessToken)) if err != nil { return nil, s.handleError(w, r, a, provider.Config().ID, i.Traits, err) } - crt, err := s.d.Cipher().Encrypt(r.Context(), []byte(token.RefreshToken)) + crt, err := s.d.Cipher(r.Context()).Encrypt(r.Context(), []byte(token.RefreshToken)) if err != nil { return nil, s.handleError(w, r, a, provider.Config().ID, i.Traits, err) } @@ -254,7 +254,7 @@ func (s *Strategy) createIdentity(w http.ResponseWriter, r *http.Request, a *reg return nil, s.handleError(w, r, a, provider.Config().ID, nil, err) } - i := identity.NewIdentity(s.d.Config(r.Context()).DefaultIdentityTraitsSchemaID()) + i := identity.NewIdentity(s.d.Config().DefaultIdentityTraitsSchemaID(r.Context())) if err := s.setTraits(w, r, a, claims, provider, container, evaluated, i); err != nil { return nil, s.handleError(w, r, a, provider.Config().ID, i.Traits, err) } diff --git a/selfservice/strategy/oidc/strategy_settings.go b/selfservice/strategy/oidc/strategy_settings.go index 35283e7cb9a2..37deb3e81066 100644 --- a/selfservice/strategy/oidc/strategy_settings.go +++ b/selfservice/strategy/oidc/strategy_settings.go @@ -45,7 +45,7 @@ func (s *Strategy) SettingsStrategyID() string { } func (s *Strategy) decoderSettings(p *submitSelfServiceSettingsFlowWithOidcMethodBody, r *http.Request) error { - ds, err := s.d.Config(r.Context()).DefaultIdentityTraitsSchemaURL() + ds, err := s.d.Config().DefaultIdentityTraitsSchemaURL(r.Context()) if err != nil { return err } @@ -228,7 +228,7 @@ func (s *Strategy) Settings(w http.ResponseWriter, r *http.Request, f *settings. ctxUpdate, err := settings.PrepareUpdate(s.d, w, r, f, ss, settings.ContinuityKey(s.SettingsStrategyID()), &p) if errors.Is(err, settings.ErrContinuePreviousAction) { - if !s.d.Config(r.Context()).SelfServiceStrategy(s.SettingsStrategyID()).Enabled { + if !s.d.Config().SelfServiceStrategy(r.Context(), s.SettingsStrategyID()).Enabled { return nil, errors.WithStack(herodot.ErrNotFound.WithReason(strategy.EndpointDisabledMessage)) } @@ -255,7 +255,7 @@ func (s *Strategy) Settings(w http.ResponseWriter, r *http.Request, f *settings. return nil, errors.WithStack(flow.ErrStrategyNotResponsible) } - if !s.d.Config(r.Context()).SelfServiceStrategy(s.SettingsStrategyID()).Enabled { + if !s.d.Config().SelfServiceStrategy(r.Context(), s.SettingsStrategyID()).Enabled { return nil, errors.WithStack(herodot.ErrNotFound.WithReason(strategy.EndpointDisabledMessage)) } @@ -317,7 +317,7 @@ func (s *Strategy) initLinkProvider(w http.ResponseWriter, r *http.Request, ctxU return s.handleSettingsError(w, r, ctxUpdate, p, err) } - if ctxUpdate.Session.AuthenticatedAt.Add(s.d.Config(r.Context()).SelfServiceFlowSettingsPrivilegedSessionMaxAge()).Before(time.Now()) { + if ctxUpdate.Session.AuthenticatedAt.Add(s.d.Config().SelfServiceFlowSettingsPrivilegedSessionMaxAge(r.Context())).Before(time.Now()) { return s.handleSettingsError(w, r, ctxUpdate, p, errors.WithStack(settings.NewFlowNeedsReAuth())) } @@ -360,7 +360,7 @@ func (s *Strategy) initLinkProvider(w http.ResponseWriter, r *http.Request, ctxU func (s *Strategy) linkProvider(w http.ResponseWriter, r *http.Request, ctxUpdate *settings.UpdateContext, token *oauth2.Token, claims *Claims, provider Provider) error { p := &submitSelfServiceSettingsFlowWithOidcMethodBody{ Link: provider.Config().ID, FlowID: ctxUpdate.Flow.ID.String()} - if ctxUpdate.Session.AuthenticatedAt.Add(s.d.Config(r.Context()).SelfServiceFlowSettingsPrivilegedSessionMaxAge()).Before(time.Now()) { + if ctxUpdate.Session.AuthenticatedAt.Add(s.d.Config().SelfServiceFlowSettingsPrivilegedSessionMaxAge(r.Context())).Before(time.Now()) { return s.handleSettingsError(w, r, ctxUpdate, p, errors.WithStack(settings.NewFlowNeedsReAuth())) } @@ -371,17 +371,17 @@ func (s *Strategy) linkProvider(w http.ResponseWriter, r *http.Request, ctxUpdat var it string if idToken, ok := token.Extra("id_token").(string); ok { - if it, err = s.d.Cipher().Encrypt(r.Context(), []byte(idToken)); err != nil { + if it, err = s.d.Cipher(r.Context()).Encrypt(r.Context(), []byte(idToken)); err != nil { return s.handleSettingsError(w, r, ctxUpdate, p, err) } } - cat, err := s.d.Cipher().Encrypt(r.Context(), []byte(token.AccessToken)) + cat, err := s.d.Cipher(r.Context()).Encrypt(r.Context(), []byte(token.AccessToken)) if err != nil { return s.handleSettingsError(w, r, ctxUpdate, p, err) } - crt, err := s.d.Cipher().Encrypt(r.Context(), []byte(token.RefreshToken)) + crt, err := s.d.Cipher(r.Context()).Encrypt(r.Context(), []byte(token.RefreshToken)) if err != nil { return s.handleSettingsError(w, r, ctxUpdate, p, err) } @@ -421,7 +421,7 @@ func (s *Strategy) linkProvider(w http.ResponseWriter, r *http.Request, ctxUpdat } func (s *Strategy) unlinkProvider(w http.ResponseWriter, r *http.Request, ctxUpdate *settings.UpdateContext, p *submitSelfServiceSettingsFlowWithOidcMethodBody) error { - if ctxUpdate.Session.AuthenticatedAt.Add(s.d.Config(r.Context()).SelfServiceFlowSettingsPrivilegedSessionMaxAge()).Before(time.Now()) { + if ctxUpdate.Session.AuthenticatedAt.Add(s.d.Config().SelfServiceFlowSettingsPrivilegedSessionMaxAge(r.Context())).Before(time.Now()) { return s.handleSettingsError(w, r, ctxUpdate, p, errors.WithStack(settings.NewFlowNeedsReAuth())) } diff --git a/selfservice/strategy/oidc/strategy_settings_test.go b/selfservice/strategy/oidc/strategy_settings_test.go index 0f2a2f98b989..c30f7d0fbb98 100644 --- a/selfservice/strategy/oidc/strategy_settings_test.go +++ b/selfservice/strategy/oidc/strategy_settings_test.go @@ -42,6 +42,7 @@ func init() { } func TestSettingsStrategy(t *testing.T) { + ctx := context.Background() if testing.Short() { t.Skip() } @@ -67,7 +68,7 @@ func TestSettingsStrategy(t *testing.T) { ) testhelpers.InitKratosServers(t, reg, publicTS, adminTS) testhelpers.SetDefaultIdentitySchema(conf, "file://./stub/settings.schema.json") - conf.MustSet(config.ViperKeySelfServiceBrowserDefaultReturnTo, "https://www.ory.sh/kratos") + conf.MustSet(ctx, config.ViperKeySelfServiceBrowserDefaultReturnTo, "https://www.ory.sh/kratos") // Make test data for this test run unique testID := x.NewUUID().String() @@ -240,7 +241,7 @@ func TestSettingsStrategy(t *testing.T) { var reset = func(t *testing.T) func() { return func() { - conf.MustSet(config.ViperKeySelfServiceSettingsPrivilegedAuthenticationAfter, time.Minute*5) + conf.MustSet(ctx, config.ViperKeySelfServiceSettingsPrivilegedAuthenticationAfter, time.Minute*5) agents = testhelpers.AddAndLoginIdentities(t, reg, publicTS, users) } } @@ -300,7 +301,7 @@ func TestSettingsStrategy(t *testing.T) { agent, provider := "githuber", "github" var runUnauthed = func(t *testing.T) *kratos.SelfServiceSettingsFlow { - conf.MustSet(config.ViperKeySelfServiceSettingsPrivilegedAuthenticationAfter, time.Millisecond) + conf.MustSet(ctx, config.ViperKeySelfServiceSettingsPrivilegedAuthenticationAfter, time.Millisecond) time.Sleep(time.Millisecond) t.Cleanup(reset(t)) _, res, req := unlink(t, agent, provider) @@ -323,7 +324,7 @@ func TestSettingsStrategy(t *testing.T) { req := runUnauthed(t) // fake login by allowing longer sessions... - conf.MustSet(config.ViperKeySelfServiceSettingsPrivilegedAuthenticationAfter, time.Minute*5) + conf.MustSet(ctx, config.ViperKeySelfServiceSettingsPrivilegedAuthenticationAfter, time.Minute*5) body, res := testhelpers.HTTPPostForm(t, agents[agent], action(req), &url.Values{"csrf_token": {x.FakeCSRFToken}, "unlink": {provider}}) @@ -463,7 +464,7 @@ func TestSettingsStrategy(t *testing.T) { subject = "hackerman+new+google+" + testID var runUnauthed = func(t *testing.T) *kratos.SelfServiceSettingsFlow { - conf.MustSet(config.ViperKeySelfServiceSettingsPrivilegedAuthenticationAfter, time.Millisecond) + conf.MustSet(ctx, config.ViperKeySelfServiceSettingsPrivilegedAuthenticationAfter, time.Millisecond) time.Sleep(time.Millisecond) t.Cleanup(reset(t)) _, res, req := link(t, agent, provider) @@ -486,7 +487,7 @@ func TestSettingsStrategy(t *testing.T) { req := runUnauthed(t) // fake login by allowing longer sessions... - conf.MustSet(config.ViperKeySelfServiceSettingsPrivilegedAuthenticationAfter, time.Minute*5) + conf.MustSet(ctx, config.ViperKeySelfServiceSettingsPrivilegedAuthenticationAfter, time.Minute*5) body, res := testhelpers.HTTPPostForm(t, agents[agent], action(req), &url.Values{"csrf_token": {x.FakeCSRFToken}, "unlink": {provider}}) @@ -501,14 +502,15 @@ func TestSettingsStrategy(t *testing.T) { } func TestPopulateSettingsMethod(t *testing.T) { + ctx := context.Background() nreg := func(t *testing.T, conf *oidc.ConfigurationCollection) *driver.RegistryDefault { c, reg := internal.NewFastRegistryWithMocks(t) testhelpers.SetDefaultIdentitySchema(c, "file://stub/registration.schema.json") - c.MustSet(config.ViperKeyPublicBaseURL, "https://www.ory.sh/") + c.MustSet(ctx, config.ViperKeyPublicBaseURL, "https://www.ory.sh/") // Enabled per default: - // conf.Set(configuration.ViperKeySelfServiceStrategyConfig+"."+string(identity.CredentialsTypePassword), map[string]interface{}{"enabled": true}) + // conf.Set(ctx, configuration.ViperKeySelfServiceStrategyConfig+"."+string(identity.CredentialsTypePassword), map[string]interface{}{"enabled": true}) viperSetProviderConfig(t, c, conf.Providers...) return reg } diff --git a/selfservice/strategy/oidc/strategy_test.go b/selfservice/strategy/oidc/strategy_test.go index 31de2998652a..b2b8064c8496 100644 --- a/selfservice/strategy/oidc/strategy_test.go +++ b/selfservice/strategy/oidc/strategy_test.go @@ -48,6 +48,7 @@ import ( const debugRedirects = false func TestStrategy(t *testing.T) { + ctx := context.Background() if testing.Short() { t.Skip() } @@ -60,7 +61,7 @@ func TestStrategy(t *testing.T) { ) remoteAdmin, remotePublic, hydraIntegrationTSURL := newHydra(t, &subject, &claims, &scope) returnTS := newReturnTs(t, reg) - conf.MustSet(config.ViperKeyURLsAllowedReturnToDomains, []string{returnTS.URL}) + conf.MustSet(ctx, config.ViperKeyURLsAllowedReturnToDomains, []string{returnTS.URL}) uiTS := newUI(t, reg) errTS := testhelpers.NewErrorTestServer(t, reg) routerP := x.NewRouterPublic() @@ -82,9 +83,9 @@ func TestStrategy(t *testing.T) { }, ) - conf.MustSet(config.ViperKeySelfServiceRegistrationEnabled, true) + conf.MustSet(ctx, config.ViperKeySelfServiceRegistrationEnabled, true) testhelpers.SetDefaultIdentitySchema(conf, "file://./stub/registration.schema.json") - conf.MustSet(config.HookStrategyKey(config.ViperKeySelfServiceRegistrationAfter, + conf.MustSet(ctx, config.HookStrategyKey(config.ViperKeySelfServiceRegistrationAfter, identity.CredentialsTypeOIDC.String()), []config.SelfServiceHook{{Name: "session"}}) t.Logf("Kratos Public URL: %s", ts.URL) @@ -507,7 +508,7 @@ func TestStrategy(t *testing.T) { }) t.Run("method=TestPopulateSignUpMethod", func(t *testing.T) { - conf.MustSet(config.ViperKeyPublicBaseURL, "https://foo/") + conf.MustSet(ctx, config.ViperKeyPublicBaseURL, "https://foo/") sr, err := registration.NewFlow(conf, time.Minute, "nosurf", &http.Request{URL: urlx.ParseOrPanic("/")}, flow.TypeBrowser) require.NoError(t, err) @@ -517,7 +518,7 @@ func TestStrategy(t *testing.T) { }) t.Run("method=TestPopulateLoginMethod", func(t *testing.T) { - conf.MustSet(config.ViperKeyPublicBaseURL, "https://foo/") + conf.MustSet(ctx, config.ViperKeyPublicBaseURL, "https://foo/") sr, err := login.NewFlow(conf, time.Minute, "nosurf", &http.Request{URL: urlx.ParseOrPanic("/")}, flow.TypeBrowser) require.NoError(t, err) diff --git a/selfservice/strategy/password/login.go b/selfservice/strategy/password/login.go index d3bbbd37c25d..cb84fef8b41b 100644 --- a/selfservice/strategy/password/login.go +++ b/selfservice/strategy/password/login.go @@ -62,13 +62,13 @@ func (s *Strategy) Login(w http.ResponseWriter, r *http.Request, f *login.Flow, return nil, s.handleLoginError(w, r, f, &p, err) } - if err := flow.EnsureCSRF(s.d, r, f.Type, s.d.Config(r.Context()).DisableAPIFlowEnforcement(), s.d.GenerateCSRFToken, p.CSRFToken); err != nil { + if err := flow.EnsureCSRF(s.d, r, f.Type, s.d.Config().DisableAPIFlowEnforcement(r.Context()), s.d.GenerateCSRFToken, p.CSRFToken); err != nil { return nil, s.handleLoginError(w, r, f, &p, err) } i, c, err := s.d.PrivilegedIdentityPool().FindByCredentialsIdentifier(r.Context(), s.ID(), stringsx.Coalesce(p.Identifier, p.LegacyIdentifier)) if err != nil { - time.Sleep(x.RandomDelay(s.d.Config(r.Context()).HasherArgon2().ExpectedDuration, s.d.Config(r.Context()).HasherArgon2().ExpectedDeviation)) + time.Sleep(x.RandomDelay(s.d.Config().HasherArgon2(r.Context()).ExpectedDuration, s.d.Config().HasherArgon2(r.Context()).ExpectedDeviation)) return nil, s.handleLoginError(w, r, f, &p, errors.WithStack(schema.NewInvalidCredentialsError())) } @@ -82,7 +82,7 @@ func (s *Strategy) Login(w http.ResponseWriter, r *http.Request, f *login.Flow, return nil, s.handleLoginError(w, r, f, &p, errors.WithStack(schema.NewInvalidCredentialsError())) } - if !s.d.Hasher().Understands([]byte(o.HashedPassword)) { + if !s.d.Hasher(r.Context()).Understands([]byte(o.HashedPassword)) { if err := s.migratePasswordHash(r.Context(), i.ID, []byte(p.Password)); err != nil { return nil, s.handleLoginError(w, r, f, &p, err) } @@ -98,7 +98,7 @@ func (s *Strategy) Login(w http.ResponseWriter, r *http.Request, f *login.Flow, } func (s *Strategy) migratePasswordHash(ctx context.Context, identifier uuid.UUID, password []byte) error { - hpw, err := s.d.Hasher().Generate(ctx, password) + hpw, err := s.d.Hasher(ctx).Generate(ctx, password) if err != nil { return err } diff --git a/selfservice/strategy/password/login_test.go b/selfservice/strategy/password/login_test.go index d8941cc96c1f..b1ea33df3c73 100644 --- a/selfservice/strategy/password/login_test.go +++ b/selfservice/strategy/password/login_test.go @@ -46,8 +46,9 @@ import ( var loginSchema []byte func TestCompleteLogin(t *testing.T) { + ctx := context.Background() conf, reg := internal.NewFastRegistryWithMocks(t) - conf.MustSet(config.ViperKeySelfServiceStrategyConfig+"."+string(identity.CredentialsTypePassword), + conf.MustSet(ctx, config.ViperKeySelfServiceStrategyConfig+"."+string(identity.CredentialsTypePassword), map[string]interface{}{"enabled": true}) router := x.NewRouterPublic() publicTS, _ := testhelpers.NewKratosServerWithRouters(t, reg, router, x.NewRouterAdmin()) @@ -57,11 +58,11 @@ func TestCompleteLogin(t *testing.T) { redirTS := testhelpers.NewRedirSessionEchoTS(t, reg) // Overwrite these two: - conf.MustSet(config.ViperKeySelfServiceErrorUI, errTS.URL+"/error-ts") - conf.MustSet(config.ViperKeySelfServiceLoginUI, uiTS.URL+"/login-ts") + conf.MustSet(ctx, config.ViperKeySelfServiceErrorUI, errTS.URL+"/error-ts") + conf.MustSet(ctx, config.ViperKeySelfServiceLoginUI, uiTS.URL+"/login-ts") testhelpers.SetDefaultIdentitySchemaFromRaw(conf, loginSchema) - conf.MustSet(config.ViperKeySecretsDefault, []string{"not-a-secure-session-key"}) + conf.MustSet(ctx, config.ViperKeySecretsDefault, []string{"not-a-secure-session-key"}) ensureFieldsExist := func(t *testing.T, body []byte) { registrationhelpers.CheckFormContent(t, body, "identifier", @@ -70,7 +71,7 @@ func TestCompleteLogin(t *testing.T) { } createIdentity := func(identifier, password string) { - p, _ := reg.Hasher().Generate(context.Background(), []byte(password)) + p, _ := reg.Hasher(ctx).Generate(context.Background(), []byte(password)) iId := x.NewUUID() require.NoError(t, reg.PrivilegedIdentityPool().CreateIdentity(context.Background(), &identity.Identity{ ID: iId, @@ -180,9 +181,9 @@ func TestCompleteLogin(t *testing.T) { }) t.Run("case=should return an error because the request is expired", func(t *testing.T) { - conf.MustSet(config.ViperKeySelfServiceLoginRequestLifespan, "50ms") + conf.MustSet(ctx, config.ViperKeySelfServiceLoginRequestLifespan, "50ms") t.Cleanup(func() { - conf.MustSet(config.ViperKeySelfServiceLoginRequestLifespan, "10m") + conf.MustSet(ctx, config.ViperKeySelfServiceLoginRequestLifespan, "10m") }) values := url.Values{ "csrf_token": {x.FakeCSRFToken}, @@ -299,13 +300,13 @@ func TestCompleteLogin(t *testing.T) { return testhelpers.SubmitLoginForm(t, isAPI, nil, publicTS, values, isSPA, refresh, testhelpers.ExpectStatusCode(isAPI || isSPA, http.StatusBadRequest, http.StatusOK), - testhelpers.ExpectURL(isAPI || isSPA, publicTS.URL+login.RouteSubmitFlow, conf.SelfServiceFlowLoginUI().String())) + testhelpers.ExpectURL(isAPI || isSPA, publicTS.URL+login.RouteSubmitFlow, conf.SelfServiceFlowLoginUI(ctx).String())) } t.Run("should return an error because the credentials are invalid (user does not exist)", func(t *testing.T) { var check = func(t *testing.T, body string, start time.Time) { delay := time.Since(start) - minConfiguredDelay := conf.HasherArgon2().ExpectedDuration - conf.HasherArgon2().ExpectedDeviation + minConfiguredDelay := conf.HasherArgon2(ctx).ExpectedDuration - conf.HasherArgon2(ctx).ExpectedDeviation assert.GreaterOrEqual(t, delay, minConfiguredDelay) assert.NotEmpty(t, gjson.Get(body, "id").String(), "%s", body) assert.Contains(t, gjson.Get(body, "ui.action").String(), publicTS.URL+login.RouteSubmitFlow, "%s", body) @@ -764,7 +765,7 @@ func TestCompleteLogin(t *testing.T) { }) t.Run("should fail as email is not yet verified", func(t *testing.T) { - conf.MustSet(config.ViperKeySelfServiceLoginAfter+".password.hooks", []map[string]interface{}{ + conf.MustSet(ctx, config.ViperKeySelfServiceLoginAfter+".password.hooks", []map[string]interface{}{ {"hook": "require_verified_address"}, }) @@ -849,7 +850,7 @@ func TestCompleteLogin(t *testing.T) { require.NoError(t, err) var o identity.CredentialsPassword require.NoError(t, json.NewDecoder(bytes.NewBuffer(c.Config)).Decode(&o)) - assert.True(t, reg.Hasher().Understands([]byte(o.HashedPassword)), "%s", o.HashedPassword) + assert.True(t, reg.Hasher(ctx).Understands([]byte(o.HashedPassword)), "%s", o.HashedPassword) assert.True(t, hash.IsBcryptHash([]byte(o.HashedPassword)), "%s", o.HashedPassword) // retry after upgraded diff --git a/selfservice/strategy/password/registration.go b/selfservice/strategy/password/registration.go index 4d5e0bfbce69..cdb899528a92 100644 --- a/selfservice/strategy/password/registration.go +++ b/selfservice/strategy/password/registration.go @@ -67,7 +67,7 @@ func (s *Strategy) handleRegistrationError(_ http.ResponseWriter, r *http.Reques } func (s *Strategy) decode(p *SubmitSelfServiceRegistrationFlowWithPasswordMethodBody, r *http.Request) error { - return registration.DecodeBody(p, r, s.hd, s.d.Config(r.Context()), registrationSchema) + return registration.DecodeBody(p, r, s.hd, s.d.Config(), registrationSchema) } func (s *Strategy) Register(w http.ResponseWriter, r *http.Request, f *registration.Flow, i *identity.Identity) (err error) { @@ -80,7 +80,7 @@ func (s *Strategy) Register(w http.ResponseWriter, r *http.Request, f *registrat return s.handleRegistrationError(w, r, f, &p, err) } - if err := flow.EnsureCSRF(s.d, r, f.Type, s.d.Config(r.Context()).DisableAPIFlowEnforcement(), s.d.GenerateCSRFToken, p.CSRFToken); err != nil { + if err := flow.EnsureCSRF(s.d, r, f.Type, s.d.Config().DisableAPIFlowEnforcement(r.Context()), s.d.GenerateCSRFToken, p.CSRFToken); err != nil { return s.handleRegistrationError(w, r, f, &p, err) } @@ -92,7 +92,7 @@ func (s *Strategy) Register(w http.ResponseWriter, r *http.Request, f *registrat p.Traits = json.RawMessage("{}") } - hpw, err := s.d.Hasher().Generate(r.Context(), []byte(p.Password)) + hpw, err := s.d.Hasher(r.Context()).Generate(r.Context(), []byte(p.Password)) if err != nil { return s.handleRegistrationError(w, r, f, &p, err) } @@ -135,7 +135,7 @@ func (s *Strategy) validateCredentials(ctx context.Context, i *identity.Identity } func (s *Strategy) PopulateRegistrationMethod(r *http.Request, f *registration.Flow) error { - ds, err := s.d.Config(r.Context()).DefaultIdentityTraitsSchemaURL() + ds, err := s.d.Config().DefaultIdentityTraitsSchemaURL(r.Context()) if err != nil { return err } diff --git a/selfservice/strategy/password/registration_test.go b/selfservice/strategy/password/registration_test.go index 4565c0382c19..2a4060a02850 100644 --- a/selfservice/strategy/password/registration_test.go +++ b/selfservice/strategy/password/registration_test.go @@ -39,15 +39,17 @@ var flows = []string{"spa", "api", "browser"} var registrationSchema []byte func newRegistrationRegistry(t *testing.T) *driver.RegistryDefault { + ctx := context.Background() conf, reg := internal.NewFastRegistryWithMocks(t) - conf.MustSet(config.ViperKeySelfServiceStrategyConfig+"."+string(identity.CredentialsTypePassword), map[string]interface{}{"enabled": true}) + conf.MustSet(ctx, config.ViperKeySelfServiceStrategyConfig+"."+string(identity.CredentialsTypePassword), map[string]interface{}{"enabled": true}) return reg } func TestRegistration(t *testing.T) { + ctx := context.Background() t.Run("case=registration", func(t *testing.T) { reg := newRegistrationRegistry(t) - conf := reg.Config(context.Background()) + conf := reg.Config() router := x.NewRouterPublic() admin := x.NewRouterAdmin() @@ -61,8 +63,8 @@ func TestRegistration(t *testing.T) { // set the "return to" server, which will assert the session state // (redirTS: enforce that a session exists, redirNoSessionTS: enforce that no session exists) var useReturnToFromTS = func(ts *httptest.Server) { - conf.MustSet(config.ViperKeySelfServiceBrowserDefaultReturnTo, ts.URL+"/default-return-to") - conf.MustSet(config.ViperKeySelfServiceRegistrationAfter+"."+config.DefaultBrowserReturnURL, ts.URL+"/registration-return-ts") + conf.MustSet(ctx, config.ViperKeySelfServiceBrowserDefaultReturnTo, ts.URL+"/default-return-to") + conf.MustSet(ctx, config.ViperKeySelfServiceRegistrationAfter+"."+config.DefaultBrowserReturnURL, ts.URL+"/registration-return-ts") } useReturnToFromTS(redirTS) @@ -133,9 +135,9 @@ func TestRegistration(t *testing.T) { t.Run("case=should pass and set up a session", func(t *testing.T) { testhelpers.SetDefaultIdentitySchema(conf, "file://./stub/registration.schema.json") - conf.MustSet(config.HookStrategyKey(config.ViperKeySelfServiceRegistrationAfter, identity.CredentialsTypePassword.String()), []config.SelfServiceHook{{Name: "session"}}) + conf.MustSet(ctx, config.HookStrategyKey(config.ViperKeySelfServiceRegistrationAfter, identity.CredentialsTypePassword.String()), []config.SelfServiceHook{{Name: "session"}}) t.Cleanup(func() { - conf.MustSet(config.HookStrategyKey(config.ViperKeySelfServiceRegistrationAfter, identity.CredentialsTypePassword.String()), nil) + conf.MustSet(ctx, config.HookStrategyKey(config.ViperKeySelfServiceRegistrationAfter, identity.CredentialsTypePassword.String()), nil) }) t.Run("type=api", func(t *testing.T) { @@ -172,7 +174,7 @@ func TestRegistration(t *testing.T) { t.Run("case=should not set up a session if hook is not configured", func(t *testing.T) { testhelpers.SetDefaultIdentitySchema(conf, "file://./stub/registration.schema.json") - conf.MustSet(config.HookStrategyKey(config.ViperKeySelfServiceRegistrationAfter, identity.CredentialsTypePassword.String()), nil) + conf.MustSet(ctx, config.HookStrategyKey(config.ViperKeySelfServiceRegistrationAfter, identity.CredentialsTypePassword.String()), nil) t.Run("type=api", func(t *testing.T) { body := expectNoLogin(t, true, false, nil, func(v url.Values) { @@ -204,9 +206,9 @@ func TestRegistration(t *testing.T) { t.Run("case=should fail to register the same user again", func(t *testing.T) { testhelpers.SetDefaultIdentitySchema(conf, "file://./stub/registration.schema.json") - conf.MustSet(config.HookStrategyKey(config.ViperKeySelfServiceRegistrationAfter, identity.CredentialsTypePassword.String()), []config.SelfServiceHook{{Name: "session"}}) + conf.MustSet(ctx, config.HookStrategyKey(config.ViperKeySelfServiceRegistrationAfter, identity.CredentialsTypePassword.String()), []config.SelfServiceHook{{Name: "session"}}) t.Cleanup(func() { - conf.MustSet(config.HookStrategyKey(config.ViperKeySelfServiceRegistrationAfter, identity.CredentialsTypePassword.String()), nil) + conf.MustSet(ctx, config.HookStrategyKey(config.ViperKeySelfServiceRegistrationAfter, identity.CredentialsTypePassword.String()), nil) }) var applyTransform = func(values, transform func(v url.Values)) func(v url.Values) { @@ -354,9 +356,9 @@ func TestRegistration(t *testing.T) { t.Run("case=should work even if password is just numbers", func(t *testing.T) { testhelpers.SetDefaultIdentitySchema(conf, "file://stub/registration.schema.json") - conf.MustSet(config.HookStrategyKey(config.ViperKeySelfServiceRegistrationAfter, identity.CredentialsTypePassword.String()), []config.SelfServiceHook{{Name: "session"}}) + conf.MustSet(ctx, config.HookStrategyKey(config.ViperKeySelfServiceRegistrationAfter, identity.CredentialsTypePassword.String()), []config.SelfServiceHook{{Name: "session"}}) t.Cleanup(func() { - conf.MustSet(config.HookStrategyKey(config.ViperKeySelfServiceRegistrationAfter, identity.CredentialsTypePassword.String()), nil) + conf.MustSet(ctx, config.HookStrategyKey(config.ViperKeySelfServiceRegistrationAfter, identity.CredentialsTypePassword.String()), nil) }) t.Run("type=api", func(t *testing.T) { @@ -404,9 +406,9 @@ func TestRegistration(t *testing.T) { t.Run("case=should work with regular JSON", func(t *testing.T) { testhelpers.SetDefaultIdentitySchema(conf, "file://stub/registration.schema.json") - conf.MustSet(config.HookStrategyKey(config.ViperKeySelfServiceRegistrationAfter, identity.CredentialsTypePassword.String()), []config.SelfServiceHook{{Name: "session"}}) + conf.MustSet(ctx, config.HookStrategyKey(config.ViperKeySelfServiceRegistrationAfter, identity.CredentialsTypePassword.String()), []config.SelfServiceHook{{Name: "session"}}) t.Cleanup(func() { - conf.MustSet(config.HookStrategyKey(config.ViperKeySelfServiceRegistrationAfter, identity.CredentialsTypePassword.String()), nil) + conf.MustSet(ctx, config.HookStrategyKey(config.ViperKeySelfServiceRegistrationAfter, identity.CredentialsTypePassword.String()), nil) }) hc := testhelpers.NewClientWithCookies(t) @@ -430,12 +432,12 @@ func TestRegistration(t *testing.T) { }) t.Run("case=should choose the correct identity schema", func(t *testing.T) { - conf.MustSet(config.ViperKeyDefaultIdentitySchemaID, "advanced-user") - conf.MustSet(config.ViperKeyIdentitySchemas, config.Schemas{ + conf.MustSet(ctx, config.ViperKeyDefaultIdentitySchemaID, "advanced-user") + conf.MustSet(ctx, config.ViperKeyIdentitySchemas, config.Schemas{ {ID: "does-not-exist", URL: "file://./stub/not-exists.schema.json"}, {ID: "advanced-user", URL: "file://./stub/registration.secondary.schema.json"}, }) - conf.MustSet(config.HookStrategyKey(config.ViperKeySelfServiceRegistrationAfter, identity.CredentialsTypePassword.String()), nil) + conf.MustSet(ctx, config.HookStrategyKey(config.ViperKeySelfServiceRegistrationAfter, identity.CredentialsTypePassword.String()), nil) username := "registration-custom-schema" t.Run("type=api", func(t *testing.T) { @@ -470,9 +472,9 @@ func TestRegistration(t *testing.T) { t.Run("method=PopulateSignUpMethod", func(t *testing.T) { conf, reg := internal.NewFastRegistryWithMocks(t) - conf.MustSet(config.ViperKeyPublicBaseURL, "https://foo/") + conf.MustSet(ctx, config.ViperKeyPublicBaseURL, "https://foo/") testhelpers.SetDefaultIdentitySchema(conf, "file://stub/sort.schema.json") - conf.MustSet(config.ViperKeySelfServiceStrategyConfig+"."+string(identity.CredentialsTypePassword)+".enabled", true) + conf.MustSet(ctx, config.ViperKeySelfServiceStrategyConfig+"."+string(identity.CredentialsTypePassword)+".enabled", true) router := x.NewRouterPublic() publicTS, _ := testhelpers.NewKratosServerWithRouters(t, reg, router, x.NewRouterAdmin()) @@ -482,7 +484,7 @@ func TestRegistration(t *testing.T) { f := testhelpers.InitializeRegistrationFlowViaBrowser(t, browserClient, publicTS, false) assertx.EqualAsJSON(t, container.Container{ - Action: conf.SelfPublicURL().String() + registration.RouteSubmitFlow + "?flow=" + f.Id, + Action: conf.SelfPublicURL(ctx).String() + registration.RouteSubmitFlow + "?flow=" + f.Id, Method: "POST", Nodes: node.Nodes{ node.NewCSRFNode(x.FakeCSRFToken), diff --git a/selfservice/strategy/password/settings.go b/selfservice/strategy/password/settings.go index c431ec1c488a..950b91df3e75 100644 --- a/selfservice/strategy/password/settings.go +++ b/selfservice/strategy/password/settings.go @@ -108,11 +108,11 @@ func (s *Strategy) continueSettingsFlow( return err } - if err := flow.EnsureCSRF(s.d, r, ctxUpdate.Flow.Type, s.d.Config(r.Context()).DisableAPIFlowEnforcement(), s.d.GenerateCSRFToken, p.CSRFToken); err != nil { + if err := flow.EnsureCSRF(s.d, r, ctxUpdate.Flow.Type, s.d.Config().DisableAPIFlowEnforcement(r.Context()), s.d.GenerateCSRFToken, p.CSRFToken); err != nil { return err } - if ctxUpdate.Session.AuthenticatedAt.Add(s.d.Config(r.Context()).SelfServiceFlowSettingsPrivilegedSessionMaxAge()).Before(time.Now()) { + if ctxUpdate.Session.AuthenticatedAt.Add(s.d.Config().SelfServiceFlowSettingsPrivilegedSessionMaxAge(r.Context())).Before(time.Now()) { return errors.WithStack(settings.NewFlowNeedsReAuth()) } @@ -120,7 +120,7 @@ func (s *Strategy) continueSettingsFlow( return schema.NewRequiredError("#/password", "password") } - hpw, err := s.d.Hasher().Generate(r.Context(), []byte(p.Password)) + hpw, err := s.d.Hasher(r.Context()).Generate(r.Context(), []byte(p.Password)) if err != nil { return err } diff --git a/selfservice/strategy/password/settings_test.go b/selfservice/strategy/password/settings_test.go index 3fcf47911dd1..969a0e4d1ae7 100644 --- a/selfservice/strategy/password/settings_test.go +++ b/selfservice/strategy/password/settings_test.go @@ -72,8 +72,9 @@ func newIdentityWithoutCredentials(email string) *identity.Identity { } func TestSettings(t *testing.T) { + ctx := context.Background() conf, reg := internal.NewFastRegistryWithMocks(t) - conf.MustSet(config.ViperKeySelfServiceBrowserDefaultReturnTo, "https://www.ory.sh/") + conf.MustSet(ctx, config.ViperKeySelfServiceBrowserDefaultReturnTo, "https://www.ory.sh/") testhelpers.SetDefaultIdentitySchema(conf, "file://./stub/profile.schema.json") testhelpers.StrategyEnable(t, conf, identity.CredentialsTypePassword.String(), true) testhelpers.StrategyEnable(t, conf, settings.StrategyProfile, true) @@ -81,7 +82,7 @@ func TestSettings(t *testing.T) { _ = testhelpers.NewSettingsUIFlowEchoServer(t, reg) _ = testhelpers.NewErrorTestServer(t, reg) _ = testhelpers.NewLoginUIWith401Response(t, conf) - conf.MustSet(config.ViperKeySelfServiceSettingsPrivilegedAuthenticationAfter, "1m") + conf.MustSet(ctx, config.ViperKeySelfServiceSettingsPrivilegedAuthenticationAfter, "1m") browserIdentity1 := newIdentityWithPassword("john-browser@doe.com") apiIdentity1 := newIdentityWithPassword("john-api@doe.com") @@ -102,7 +103,7 @@ func TestSettings(t *testing.T) { require.NoError(t, err) defer res.Body.Close() assert.EqualValues(t, http.StatusUnauthorized, res.StatusCode, "%+v", res.Request) - assert.Contains(t, res.Request.URL.String(), conf.Source().String(config.ViperKeySelfServiceLoginUI)) + assert.Contains(t, res.Request.URL.String(), conf.GetProvider(ctx).String(config.ViperKeySelfServiceLoginUI)) }) t.Run("type=spa", func(t *testing.T) { @@ -125,7 +126,7 @@ func TestSettings(t *testing.T) { var expectValidationError = func(t *testing.T, isAPI, isSPA bool, hc *http.Client, values func(url.Values)) string { return testhelpers.SubmitSettingsForm(t, isAPI, isSPA, hc, publicTS, values, testhelpers.ExpectStatusCode(isAPI || isSPA, http.StatusBadRequest, http.StatusOK), - testhelpers.ExpectURL(isAPI || isSPA, publicTS.URL+settings.RouteSubmitFlow, conf.SelfServiceFlowSettingsUI().String())) + testhelpers.ExpectURL(isAPI || isSPA, publicTS.URL+settings.RouteSubmitFlow, conf.SelfServiceFlowSettingsUI(ctx).String())) } t.Run("description=should fail if password violates policy", func(t *testing.T) { @@ -136,7 +137,7 @@ func TestSettings(t *testing.T) { } t.Run("session=with privileged session", func(t *testing.T) { - conf.MustSet(config.ViperKeySelfServiceSettingsPrivilegedAuthenticationAfter, "5m") + conf.MustSet(ctx, config.ViperKeySelfServiceSettingsPrivilegedAuthenticationAfter, "5m") var payload = func(v url.Values) { v.Set("password", "123456") @@ -157,10 +158,10 @@ func TestSettings(t *testing.T) { }) t.Run("session=needs reauthentication", func(t *testing.T) { - conf.MustSet(config.ViperKeySelfServiceSettingsPrivilegedAuthenticationAfter, "1ns") + conf.MustSet(ctx, config.ViperKeySelfServiceSettingsPrivilegedAuthenticationAfter, "1ns") defer testhelpers.NewLoginUIWith401Response(t, conf) t.Cleanup(func() { - conf.MustSet(config.ViperKeySelfServiceSettingsPrivilegedAuthenticationAfter, "5m") + conf.MustSet(ctx, config.ViperKeySelfServiceSettingsPrivilegedAuthenticationAfter, "5m") }) var payload = func(v url.Values) { @@ -246,7 +247,7 @@ func TestSettings(t *testing.T) { }) t.Run("type=browser", func(t *testing.T) { - check(t, testhelpers.SubmitSettingsForm(t, false, false, browserUser1, publicTS, payload, http.StatusOK, conf.SelfServiceFlowSettingsUI().String())) + check(t, testhelpers.SubmitSettingsForm(t, false, false, browserUser1, publicTS, payload, http.StatusOK, conf.SelfServiceFlowSettingsUI(ctx).String())) }) }) @@ -259,7 +260,7 @@ func TestSettings(t *testing.T) { actual, res := testhelpers.SettingsMakeRequest(t, false, false, f, browserUser1, values.Encode()) assert.Equal(t, http.StatusOK, res.StatusCode) - assert.Contains(t, res.Request.URL.String(), conf.Source().String(config.ViperKeySelfServiceErrorUI)) + assert.Contains(t, res.Request.URL.String(), conf.GetProvider(ctx).String(config.ViperKeySelfServiceErrorUI)) assertx.EqualAsJSON(t, x.ErrInvalidCSRFToken, json.RawMessage(actual), "%s", actual) }) @@ -329,7 +330,7 @@ func TestSettings(t *testing.T) { var expectSuccess = func(t *testing.T, isAPI, isSPA bool, hc *http.Client, values func(url.Values)) string { return testhelpers.SubmitSettingsForm(t, isAPI, isSPA, hc, publicTS, values, http.StatusOK, - testhelpers.ExpectURL(isAPI || isSPA, publicTS.URL+settings.RouteSubmitFlow, conf.SelfServiceFlowSettingsUI().String())) + testhelpers.ExpectURL(isAPI || isSPA, publicTS.URL+settings.RouteSubmitFlow, conf.SelfServiceFlowSettingsUI(ctx).String())) } t.Run("description=should update the password even if no password was set before", func(t *testing.T) { @@ -375,9 +376,9 @@ func TestSettings(t *testing.T) { t.Run("description=should update the password and perform the correct redirection", func(t *testing.T) { rts := testhelpers.NewRedirTS(t, "", conf) - conf.MustSet(config.ViperKeySelfServiceSettingsAfter+"."+config.DefaultBrowserReturnURL, rts.URL+"/return-ts") + conf.MustSet(ctx, config.ViperKeySelfServiceSettingsAfter+"."+config.DefaultBrowserReturnURL, rts.URL+"/return-ts") t.Cleanup(func() { - conf.MustSet(config.ViperKeySelfServiceSettingsAfter, nil) + conf.MustSet(ctx, config.ViperKeySelfServiceSettingsAfter, nil) }) var run = func(t *testing.T, f *kratos.SelfServiceSettingsFlow, isAPI bool, c *http.Client, id *identity.Identity) { diff --git a/selfservice/strategy/password/strategy_test.go b/selfservice/strategy/password/strategy_test.go index 9eb706a76ddd..3c6185551d6f 100644 --- a/selfservice/strategy/password/strategy_test.go +++ b/selfservice/strategy/password/strategy_test.go @@ -16,12 +16,13 @@ import ( ) func TestCountActiveFirstFactorCredentials(t *testing.T) { + ctx := context.Background() _, reg := internal.NewFastRegistryWithMocks(t) strategy := password.NewStrategy(reg) h1, err := hash2.NewHasherBcrypt(reg).Generate(context.Background(), []byte("a password")) require.NoError(t, err) - h2, err := reg.Hasher().Generate(context.Background(), []byte("a password")) + h2, err := reg.Hasher(ctx).Generate(context.Background(), []byte("a password")) require.NoError(t, err) for k, tc := range []struct { diff --git a/selfservice/strategy/password/validator.go b/selfservice/strategy/password/validator.go index 06adbbf6ea61..342316909530 100644 --- a/selfservice/strategy/password/validator.go +++ b/selfservice/strategy/password/validator.go @@ -5,6 +5,8 @@ import ( "context" stderrs "errors" + "github.com/hashicorp/go-retryablehttp" + /* #nosec G505 sha1 is used for k-anonymity */ "crypto/sha1" "fmt" @@ -15,7 +17,6 @@ import ( "github.com/arbovm/levenshtein" "github.com/dgraph-io/ristretto" - "github.com/hashicorp/go-retryablehttp" "github.com/pkg/errors" "github.com/ory/herodot" @@ -158,7 +159,7 @@ func (s *DefaultPasswordValidator) fetch(hpw []byte, apiDNSName string) (int64, } func (s *DefaultPasswordValidator) Validate(ctx context.Context, identifier, password string) error { - passwordPolicyConfig := s.reg.Config(ctx).PasswordPolicyConfig() + passwordPolicyConfig := s.reg.Config().PasswordPolicyConfig(ctx) if len(password) < int(passwordPolicyConfig.MinPasswordLength) { return errors.Errorf("password length must be at least %d characters but only got %d", passwordPolicyConfig.MinPasswordLength, len(password)) @@ -196,7 +197,7 @@ func (s *DefaultPasswordValidator) Validate(ctx context.Context, identifier, pas } v, ok := c.(int64) - if ok && v > int64(s.reg.Config(ctx).PasswordPolicyConfig().MaxBreaches) { + if ok && v > int64(s.reg.Config().PasswordPolicyConfig(ctx).MaxBreaches) { return errors.WithStack(ErrTooManyBreaches) } diff --git a/selfservice/strategy/password/validator_test.go b/selfservice/strategy/password/validator_test.go index 0df2f05c7b9f..8e71ec476b18 100644 --- a/selfservice/strategy/password/validator_test.go +++ b/selfservice/strategy/password/validator_test.go @@ -28,6 +28,7 @@ import ( ) func TestDefaultPasswordValidationStrategy(t *testing.T) { + ctx := context.Background() // Tests are based on: // - https://www.troyhunt.com/passwords-evolved-authentication-guidance-for-the-modern-era/ // - https://www.microsoft.com/en-us/research/wp-content/uploads/2016/06/Microsoft_Password_Guidance-1.pdf @@ -91,31 +92,31 @@ func TestDefaultPasswordValidationStrategy(t *testing.T) { s.Client = httpx.NewResilientClient(httpx.ResilientClientWithClient(&fakeClient.Client), httpx.ResilientClientWithMaxRetry(1), httpx.ResilientClientWithConnectionTimeout(time.Millisecond), httpx.ResilientClientWithMaxRetryWait(time.Millisecond)) t.Run("case=should send request to pwnedpasswords.com", func(t *testing.T) { - conf.MustSet(config.ViperKeyIgnoreNetworkErrors, false) + conf.MustSet(ctx, config.ViperKeyIgnoreNetworkErrors, false) require.Error(t, s.Validate(context.Background(), "mohutdesub", "damrumukuh")) require.Contains(t, fakeClient.RequestedURLs(), "https://api.pwnedpasswords.com/range/BCBA9") }) t.Run("case=should fail if request fails and ignoreNetworkErrors is not set", func(t *testing.T) { - conf.MustSet(config.ViperKeyIgnoreNetworkErrors, false) + conf.MustSet(ctx, config.ViperKeyIgnoreNetworkErrors, false) fakeClient.RespondWithError("Network request failed") require.Error(t, s.Validate(context.Background(), "", "sumdarmetp")) }) t.Run("case=should not fail if request fails and ignoreNetworkErrors is set", func(t *testing.T) { - conf.MustSet(config.ViperKeyIgnoreNetworkErrors, true) + conf.MustSet(ctx, config.ViperKeyIgnoreNetworkErrors, true) fakeClient.RespondWithError("Network request failed") require.NoError(t, s.Validate(context.Background(), "", "pepegtawni")) }) t.Run("case=should fail if response has non 200 code and ignoreNetworkErrors is not set", func(t *testing.T) { - conf.MustSet(config.ViperKeyIgnoreNetworkErrors, false) + conf.MustSet(ctx, config.ViperKeyIgnoreNetworkErrors, false) fakeClient.RespondWith(http.StatusForbidden, "") require.Error(t, s.Validate(context.Background(), "", "jolhakowef")) }) t.Run("case=should not fail if response has non 200 code code and ignoreNetworkErrors is set", func(t *testing.T) { - conf.MustSet(config.ViperKeyIgnoreNetworkErrors, true) + conf.MustSet(ctx, config.ViperKeyIgnoreNetworkErrors, true) fakeClient.RespondWith(http.StatusInternalServerError, "") require.NoError(t, s.Validate(context.Background(), "", "jenuzuhjoj")) }) @@ -154,7 +155,7 @@ func TestDefaultPasswordValidationStrategy(t *testing.T) { return fmt.Sprintf("%x", pw) } - conf.MustSet(config.ViperKeyPasswordMaxBreaches, 5) + conf.MustSet(ctx, config.ViperKeyPasswordMaxBreaches, 5) for _, tc := range []struct { name string res func(t *testing.T, hash string) string @@ -197,16 +198,16 @@ func TestDefaultPasswordValidationStrategy(t *testing.T) { return fmt.Sprintf( "%s:%d\n%s:%d", hash, - conf.PasswordPolicyConfig().MaxBreaches, + conf.PasswordPolicyConfig(ctx).MaxBreaches, hashPw(t, randomPassword(t)), - conf.PasswordPolicyConfig().MaxBreaches+1, + conf.PasswordPolicyConfig(ctx).MaxBreaches+1, ) }, }, { name: "contains more than maxBreachesThreshold", res: func(t *testing.T, hash string) string { - return fmt.Sprintf("%s:%d", hash, conf.PasswordPolicyConfig().MaxBreaches+1) + return fmt.Sprintf("%s:%d", hash, conf.PasswordPolicyConfig(ctx).MaxBreaches+1) }, expectErr: password.ErrTooManyBreaches, }, @@ -233,13 +234,14 @@ func TestDefaultPasswordValidationStrategy(t *testing.T) { } func TestChangeHaveIBeenPwnedValidationHost(t *testing.T) { + ctx := context.Background() testServer := httptest.NewUnstartedServer(&fakeValidatorAPI{}) defer testServer.Close() testServer.StartTLS() testServerURL, _ := url.Parse(testServer.URL) conf, reg := internal.NewFastRegistryWithMocks(t) s, _ := password.NewDefaultPasswordValidatorStrategy(reg) - conf.MustSet(config.ViperKeyPasswordHaveIBeenPwnedHost, testServerURL.Host) + conf.MustSet(ctx, config.ViperKeyPasswordHaveIBeenPwnedHost, testServerURL.Host) fakeClient := NewFakeHTTPClient() s.Client = httpx.NewResilientClient(httpx.ResilientClientWithClient(&fakeClient.Client), httpx.ResilientClientWithMaxRetry(1), httpx.ResilientClientWithConnectionTimeout(time.Millisecond)) @@ -247,16 +249,17 @@ func TestChangeHaveIBeenPwnedValidationHost(t *testing.T) { testServerExpectedCallURL := fmt.Sprintf("https://%s/range/BCBA9", testServerURL.Host) t.Run("case=should send request to test server", func(t *testing.T) { - conf.MustSet(config.ViperKeyIgnoreNetworkErrors, false) + conf.MustSet(ctx, config.ViperKeyIgnoreNetworkErrors, false) require.Error(t, s.Validate(context.Background(), "mohutdesub", "damrumukuh")) require.Contains(t, fakeClient.RequestedURLs(), testServerExpectedCallURL) }) } func TestDisableHaveIBeenPwnedValidationHost(t *testing.T) { + ctx := context.Background() conf, reg := internal.NewFastRegistryWithMocks(t) s, _ := password.NewDefaultPasswordValidatorStrategy(reg) - conf.MustSet(config.ViperKeyPasswordHaveIBeenPwnedEnabled, false) + conf.MustSet(ctx, config.ViperKeyPasswordHaveIBeenPwnedEnabled, false) fakeClient := NewFakeHTTPClient() s.Client = httpx.NewResilientClient(httpx.ResilientClientWithClient(&fakeClient.Client), httpx.ResilientClientWithMaxRetry(1), httpx.ResilientClientWithConnectionTimeout(time.Millisecond)) @@ -268,9 +271,10 @@ func TestDisableHaveIBeenPwnedValidationHost(t *testing.T) { } func TestChangeMinPasswordLength(t *testing.T) { + ctx := context.Background() conf, reg := internal.NewFastRegistryWithMocks(t) s, _ := password.NewDefaultPasswordValidatorStrategy(reg) - conf.MustSet(config.ViperKeyPasswordMinLength, 10) + conf.MustSet(ctx, config.ViperKeyPasswordMinLength, 10) t.Run("case=should not fail if password is longer than min length", func(t *testing.T) { require.NoError(t, s.Validate(context.Background(), "", "kuobahcaas")) @@ -282,16 +286,17 @@ func TestChangeMinPasswordLength(t *testing.T) { } func TestChangeIdentifierSimilarityCheckEnabled(t *testing.T) { + ctx := context.Background() conf, reg := internal.NewFastRegistryWithMocks(t) s, _ := password.NewDefaultPasswordValidatorStrategy(reg) t.Run("case=should not fail if password is similar to identifier", func(t *testing.T) { - conf.MustSet(config.ViperKeyPasswordIdentifierSimilarityCheckEnabled, false) + conf.MustSet(ctx, config.ViperKeyPasswordIdentifierSimilarityCheckEnabled, false) require.NoError(t, s.Validate(context.Background(), "bosqwfaxee", "bosqwfaxee")) }) t.Run("case=should fail if password is similar to identifier", func(t *testing.T) { - conf.MustSet(config.ViperKeyPasswordIdentifierSimilarityCheckEnabled, true) + conf.MustSet(ctx, config.ViperKeyPasswordIdentifierSimilarityCheckEnabled, true) require.Error(t, s.Validate(context.Background(), "bosqwfaxee", "bosqwfaxee")) }) } diff --git a/selfservice/strategy/profile/strategy.go b/selfservice/strategy/profile/strategy.go index 1f53dc3ff368..ed60299dce55 100644 --- a/selfservice/strategy/profile/strategy.go +++ b/selfservice/strategy/profile/strategy.go @@ -6,6 +6,8 @@ import ( "net/http" "time" + "github.com/ory/jsonschema/v3" + "github.com/ory/kratos/text" "github.com/gofrs/uuid" @@ -13,7 +15,6 @@ import ( "github.com/tidwall/sjson" "github.com/ory/herodot" - "github.com/ory/jsonschema/v3" "github.com/ory/kratos/continuity" "github.com/ory/kratos/driver/config" "github.com/ory/kratos/identity" @@ -80,7 +81,7 @@ func (s *Strategy) SettingsStrategyID() string { func (s *Strategy) RegisterSettingsRoutes(public *x.RouterPublic) {} func (s *Strategy) PopulateSettingsMethod(r *http.Request, id *identity.Identity, f *settings.Flow) error { - schemas, err := s.d.Config(r.Context()).IdentityTraitsSchemas() + schemas, err := s.d.Config().IdentityTraitsSchemas(r.Context()) if err != nil { return err } @@ -149,7 +150,7 @@ func (s *Strategy) continueFlow(w http.ResponseWriter, r *http.Request, ctxUpdat return err } - if err := flow.EnsureCSRF(s.d, r, ctxUpdate.Flow.Type, s.d.Config(r.Context()).DisableAPIFlowEnforcement(), s.d.GenerateCSRFToken, p.CSRFToken); err != nil { + if err := flow.EnsureCSRF(s.d, r, ctxUpdate.Flow.Type, s.d.Config().DisableAPIFlowEnforcement(r.Context()), s.d.GenerateCSRFToken, p.CSRFToken); err != nil { return err } @@ -162,7 +163,7 @@ func (s *Strategy) continueFlow(w http.ResponseWriter, r *http.Request, ctxUpdat } options := []identity.ManagerOption{identity.ManagerExposeValidationErrorsForInternalTypeAssertion} - ttl := s.d.Config(r.Context()).SelfServiceFlowSettingsPrivilegedSessionMaxAge() + ttl := s.d.Config().SelfServiceFlowSettingsPrivilegedSessionMaxAge(r.Context()) if ctxUpdate.Session.AuthenticatedAt.Add(ttl).After(time.Now()) { options = append(options, identity.ManagerAllowWriteProtectedTraits) } diff --git a/selfservice/strategy/profile/strategy_test.go b/selfservice/strategy/profile/strategy_test.go index fbb069d80f73..39a8801fb94f 100644 --- a/selfservice/strategy/profile/strategy_test.go +++ b/selfservice/strategy/profile/strategy_test.go @@ -56,16 +56,17 @@ func newIdentityWithPassword(email string) *identity.Identity { } func TestStrategyTraits(t *testing.T) { + ctx := context.Background() conf, reg := internal.NewFastRegistryWithMocks(t) testhelpers.SetDefaultIdentitySchema(conf, "file://./stub/identity.schema.json") - conf.MustSet(config.ViperKeySelfServiceBrowserDefaultReturnTo, "https://www.ory.sh/") + conf.MustSet(ctx, config.ViperKeySelfServiceBrowserDefaultReturnTo, "https://www.ory.sh/") testhelpers.StrategyEnable(t, conf, identity.CredentialsTypePassword.String(), true) testhelpers.StrategyEnable(t, conf, settings.StrategyProfile, true) setPrivilegedTime := func(t *testing.T, duration time.Duration) { - conf.MustSet(config.ViperKeySelfServiceSettingsPrivilegedAuthenticationAfter, duration.String()) + conf.MustSet(ctx, config.ViperKeySelfServiceSettingsPrivilegedAuthenticationAfter, duration.String()) t.Cleanup(func() { - conf.MustSet(config.ViperKeySelfServiceSettingsPrivilegedAuthenticationAfter, "1ns") + conf.MustSet(ctx, config.ViperKeySelfServiceSettingsPrivilegedAuthenticationAfter, "1ns") }) } @@ -100,7 +101,7 @@ func TestStrategyTraits(t *testing.T) { require.NoError(t, err) defer res.Body.Close() assert.EqualValues(t, http.StatusUnauthorized, res.StatusCode, "%+v", res.Request) - assert.Contains(t, res.Request.URL.String(), conf.Source().String(config.ViperKeySelfServiceLoginUI)) + assert.Contains(t, res.Request.URL.String(), conf.GetProvider(ctx).String(config.ViperKeySelfServiceLoginUI)) }) t.Run("type=api/spa", func(t *testing.T) { @@ -229,7 +230,7 @@ func TestStrategyTraits(t *testing.T) { var expectValidationError = func(t *testing.T, isAPI, isSPA bool, hc *http.Client, values func(url.Values)) string { return testhelpers.SubmitSettingsForm(t, isAPI, isSPA, hc, publicTS, values, testhelpers.ExpectStatusCode(isAPI || isSPA, http.StatusBadRequest, http.StatusOK), - testhelpers.ExpectURL(isAPI || isSPA, publicTS.URL+settings.RouteSubmitFlow, conf.SelfServiceFlowSettingsUI().String())) + testhelpers.ExpectURL(isAPI || isSPA, publicTS.URL+settings.RouteSubmitFlow, conf.SelfServiceFlowSettingsUI(ctx).String())) } t.Run("description=should come back with form errors if some profile data is invalid", func(t *testing.T) { @@ -320,7 +321,7 @@ func TestStrategyTraits(t *testing.T) { f := testhelpers.InitializeSettingsFlowViaBrowser(t, browserUser1, true, publicTS) res := run(t, f, true, browserUser1) assert.EqualValues(t, http.StatusUnauthorized, res.StatusCode) - assert.Contains(t, res.Request.URL.String(), conf.Source().String(config.ViperKeySelfServiceLoginUI)) + assert.Contains(t, res.Request.URL.String(), conf.GetProvider(ctx).String(config.ViperKeySelfServiceLoginUI)) }) t.Run("type=browser", func(t *testing.T) { @@ -328,7 +329,7 @@ func TestStrategyTraits(t *testing.T) { f := testhelpers.InitializeSettingsFlowViaBrowser(t, browserUser1, false, publicTS) res := run(t, f, false, browserUser1) assert.EqualValues(t, http.StatusUnauthorized, res.StatusCode) - assert.Contains(t, res.Request.URL.String(), conf.Source().String(config.ViperKeySelfServiceLoginUI)) + assert.Contains(t, res.Request.URL.String(), conf.GetProvider(ctx).String(config.ViperKeySelfServiceLoginUI)) t.Run("should update when signed back in", func(t *testing.T) { setPrivileged(t) @@ -413,7 +414,7 @@ func TestStrategyTraits(t *testing.T) { var expectSuccess = func(t *testing.T, isAPI, isSPA bool, hc *http.Client, values func(url.Values)) string { return testhelpers.SubmitSettingsForm(t, isAPI, isSPA, hc, publicTS, values, http.StatusOK, - testhelpers.ExpectURL(isAPI || isSPA, publicTS.URL+settings.RouteSubmitFlow, conf.SelfServiceFlowSettingsUI().String())) + testhelpers.ExpectURL(isAPI || isSPA, publicTS.URL+settings.RouteSubmitFlow, conf.SelfServiceFlowSettingsUI(ctx).String())) } t.Run("flow=succeed with final request", func(t *testing.T) { @@ -516,10 +517,10 @@ func TestStrategyTraits(t *testing.T) { t.Run("description=should send email with verifiable address", func(t *testing.T) { setPrivileged(t) - conf.MustSet(config.ViperKeySelfServiceVerificationEnabled, true) - conf.MustSet(config.ViperKeyCourierSMTPURL, "smtp://foo:bar@irrelevant.com/") + conf.MustSet(ctx, config.ViperKeySelfServiceVerificationEnabled, true) + conf.MustSet(ctx, config.ViperKeyCourierSMTPURL, "smtp://foo:bar@irrelevant.com/") t.Cleanup(func() { - conf.MustSet(config.HookStrategyKey(config.ViperKeySelfServiceSettingsAfter, settings.StrategyProfile), nil) + conf.MustSet(ctx, config.HookStrategyKey(config.ViperKeySelfServiceSettingsAfter, settings.StrategyProfile), nil) }) var check = func(t *testing.T, actual, newEmail string) { diff --git a/selfservice/strategy/totp/generator.go b/selfservice/strategy/totp/generator.go index a94b6421b883..f1a337e43d0f 100644 --- a/selfservice/strategy/totp/generator.go +++ b/selfservice/strategy/totp/generator.go @@ -27,7 +27,7 @@ func NewKey(ctx context.Context, accountName string, d interface { config.Provider }) (*otp.Key, error) { key, err := stdtotp.Generate(stdtotp.GenerateOpts{ - Issuer: d.Config(ctx).TOTPIssuer(), + Issuer: d.Config().TOTPIssuer(ctx), AccountName: accountName, SecretSize: secretSize, Digits: otp.DigitsSix, diff --git a/selfservice/strategy/totp/generator_test.go b/selfservice/strategy/totp/generator_test.go index 76591eceb0f2..c303cb81212a 100644 --- a/selfservice/strategy/totp/generator_test.go +++ b/selfservice/strategy/totp/generator_test.go @@ -14,13 +14,14 @@ import ( ) func TestGenerator(t *testing.T) { + ctx := context.Background() conf, reg := internal.NewFastRegistryWithMocks(t) key, err := totp.NewKey(context.Background(), "foo", reg) require.NoError(t, err) - assert.Equal(t, conf.SelfPublicURL().Hostname(), key.Issuer(), "if issuer is not set explicitly it should be the public URL") + assert.Equal(t, conf.SelfPublicURL(ctx).Hostname(), key.Issuer(), "if issuer is not set explicitly it should be the public URL") - require.NoError(t, conf.Set(config.ViperKeyTOTPIssuer, "foobar.com")) + require.NoError(t, conf.Set(ctx, config.ViperKeyTOTPIssuer, "foobar.com")) key, err = totp.NewKey(context.Background(), "foo", reg) require.NoError(t, err) diff --git a/selfservice/strategy/totp/login.go b/selfservice/strategy/totp/login.go index a3eb8747ac39..ab8b4060d7fe 100644 --- a/selfservice/strategy/totp/login.go +++ b/selfservice/strategy/totp/login.go @@ -99,7 +99,7 @@ func (s *Strategy) Login(w http.ResponseWriter, r *http.Request, f *login.Flow, return nil, s.handleLoginError(r, f, err) } - if err := flow.EnsureCSRF(s.d, r, f.Type, s.d.Config(r.Context()).DisableAPIFlowEnforcement(), s.d.GenerateCSRFToken, p.CSRFToken); err != nil { + if err := flow.EnsureCSRF(s.d, r, f.Type, s.d.Config().DisableAPIFlowEnforcement(r.Context()), s.d.GenerateCSRFToken, p.CSRFToken); err != nil { return nil, s.handleLoginError(r, f, err) } diff --git a/selfservice/strategy/totp/login_test.go b/selfservice/strategy/totp/login_test.go index 5ad61e6db051..ab3310cc2552 100644 --- a/selfservice/strategy/totp/login_test.go +++ b/selfservice/strategy/totp/login_test.go @@ -45,11 +45,12 @@ func createIdentityWithoutTOTP(t *testing.T, reg driver.Registry) *identity.Iden } func createIdentity(t *testing.T, reg driver.Registry) (*identity.Identity, string, *otp.Key) { + ctx := context.Background() identifier := x.NewUUID().String() + "@ory.sh" password := x.NewUUID().String() key, err := totp.NewKey(context.Background(), "foo", reg) require.NoError(t, err) - p, err := reg.Hasher().Generate(context.Background(), []byte(password)) + p, err := reg.Hasher(ctx).Generate(context.Background(), []byte(password)) require.NoError(t, err) i := &identity.Identity{ Traits: identity.Traits(fmt.Sprintf(`{"subject":"%s"}`, identifier)), @@ -79,10 +80,11 @@ func createIdentity(t *testing.T, reg driver.Registry) (*identity.Identity, stri } func TestCompleteLogin(t *testing.T) { + ctx := context.Background() conf, reg := internal.NewFastRegistryWithMocks(t) - conf.MustSet(config.ViperKeySelfServiceStrategyConfig+"."+string(identity.CredentialsTypePassword), map[string]interface{}{"enabled": true}) - conf.MustSet(config.ViperKeySelfServiceStrategyConfig+"."+string(identity.CredentialsTypeTOTP), map[string]interface{}{"enabled": true}) - conf.MustSet(config.ViperKeyURLsAllowedReturnToDomains, []string{"https://www.ory.sh"}) + conf.MustSet(ctx, config.ViperKeySelfServiceStrategyConfig+"."+string(identity.CredentialsTypePassword), map[string]interface{}{"enabled": true}) + conf.MustSet(ctx, config.ViperKeySelfServiceStrategyConfig+"."+string(identity.CredentialsTypeTOTP), map[string]interface{}{"enabled": true}) + conf.MustSet(ctx, config.ViperKeyURLsAllowedReturnToDomains, []string{"https://www.ory.sh"}) router := x.NewRouterPublic() publicTS, _ := testhelpers.NewKratosServerWithRouters(t, reg, router, x.NewRouterAdmin()) @@ -92,11 +94,11 @@ func TestCompleteLogin(t *testing.T) { redirTS := testhelpers.NewRedirSessionEchoTS(t, reg) // Overwrite these two to make it more explicit when tests fail - conf.MustSet(config.ViperKeySelfServiceErrorUI, errTS.URL+"/error-ts") - conf.MustSet(config.ViperKeySelfServiceLoginUI, uiTS.URL+"/login-ts") + conf.MustSet(ctx, config.ViperKeySelfServiceErrorUI, errTS.URL+"/error-ts") + conf.MustSet(ctx, config.ViperKeySelfServiceLoginUI, uiTS.URL+"/login-ts") testhelpers.SetDefaultIdentitySchema(conf, "file://./stub/login.schema.json") - conf.MustSet(config.ViperKeySecretsDefault, []string{"not-a-secure-session-key"}) + conf.MustSet(ctx, config.ViperKeySecretsDefault, []string{"not-a-secure-session-key"}) t.Run("case=totp payload is set when identity has totp", func(t *testing.T) { id, _, _ := createIdentity(t, reg) diff --git a/selfservice/strategy/totp/settings.go b/selfservice/strategy/totp/settings.go index eb314c0a1216..815e978dee36 100644 --- a/selfservice/strategy/totp/settings.go +++ b/selfservice/strategy/totp/settings.go @@ -126,11 +126,11 @@ func (s *Strategy) continueSettingsFlow( return err } - if err := flow.EnsureCSRF(s.d, r, ctxUpdate.Flow.Type, s.d.Config(r.Context()).DisableAPIFlowEnforcement(), s.d.GenerateCSRFToken, p.CSRFToken); err != nil { + if err := flow.EnsureCSRF(s.d, r, ctxUpdate.Flow.Type, s.d.Config().DisableAPIFlowEnforcement(r.Context()), s.d.GenerateCSRFToken, p.CSRFToken); err != nil { return err } - if ctxUpdate.Session.AuthenticatedAt.Add(s.d.Config(r.Context()).SelfServiceFlowSettingsPrivilegedSessionMaxAge()).Before(time.Now()) { + if ctxUpdate.Session.AuthenticatedAt.Add(s.d.Config().SelfServiceFlowSettingsPrivilegedSessionMaxAge(r.Context())).Before(time.Now()) { return errors.WithStack(settings.NewFlowNeedsReAuth()) } diff --git a/selfservice/strategy/totp/settings_test.go b/selfservice/strategy/totp/settings_test.go index dbecd5f86210..802e47ed3265 100644 --- a/selfservice/strategy/totp/settings_test.go +++ b/selfservice/strategy/totp/settings_test.go @@ -38,11 +38,12 @@ import ( ) func TestCompleteSettings(t *testing.T) { + ctx := context.Background() conf, reg := internal.NewFastRegistryWithMocks(t) - conf.MustSet(config.ViperKeySelfServiceStrategyConfig+"."+string(identity.CredentialsTypePassword), map[string]interface{}{"enabled": false}) - conf.MustSet(config.ViperKeySelfServiceStrategyConfig+".profile", map[string]interface{}{"enabled": false}) - conf.MustSet(config.ViperKeySelfServiceStrategyConfig+"."+string(identity.CredentialsTypeTOTP), map[string]interface{}{"enabled": true}) - conf.MustSet(config.ViperKeySelfServiceSettingsRequiredAAL, "aal1") + conf.MustSet(ctx, config.ViperKeySelfServiceStrategyConfig+"."+string(identity.CredentialsTypePassword), map[string]interface{}{"enabled": false}) + conf.MustSet(ctx, config.ViperKeySelfServiceStrategyConfig+".profile", map[string]interface{}{"enabled": false}) + conf.MustSet(ctx, config.ViperKeySelfServiceStrategyConfig+"."+string(identity.CredentialsTypeTOTP), map[string]interface{}{"enabled": true}) + conf.MustSet(ctx, config.ViperKeySelfServiceSettingsRequiredAAL, "aal1") router := x.NewRouterPublic() publicTS, _ := testhelpers.NewKratosServerWithRouters(t, reg, router, x.NewRouterAdmin()) @@ -52,10 +53,10 @@ func TestCompleteSettings(t *testing.T) { _ = testhelpers.NewRedirSessionEchoTS(t, reg) loginTS := testhelpers.NewLoginUIFlowEchoServer(t, reg) - conf.MustSet(config.ViperKeySelfServiceSettingsPrivilegedAuthenticationAfter, "1m") + conf.MustSet(ctx, config.ViperKeySelfServiceSettingsPrivilegedAuthenticationAfter, "1m") testhelpers.SetDefaultIdentitySchema(conf, "file://./stub/settings.schema.json") - conf.MustSet(config.ViperKeySecretsDefault, []string{"not-a-secure-session-key"}) + conf.MustSet(ctx, config.ViperKeySecretsDefault, []string{"not-a-secure-session-key"}) t.Run("case=device unlinking is available when identity has totp", func(t *testing.T) { id, _, _ := createIdentity(t, reg) @@ -138,9 +139,9 @@ func TestCompleteSettings(t *testing.T) { }) t.Run("type=can not unlink without privileged session", func(t *testing.T) { - conf.MustSet(config.ViperKeySelfServiceSettingsPrivilegedAuthenticationAfter, "1ns") + conf.MustSet(ctx, config.ViperKeySelfServiceSettingsPrivilegedAuthenticationAfter, "1ns") t.Cleanup(func() { - conf.MustSet(config.ViperKeySelfServiceSettingsPrivilegedAuthenticationAfter, "5m") + conf.MustSet(ctx, config.ViperKeySelfServiceSettingsPrivilegedAuthenticationAfter, "5m") }) id, _, key := createIdentity(t, reg) @@ -180,9 +181,9 @@ func TestCompleteSettings(t *testing.T) { }) t.Run("type=can not set up new totp device without privileged session", func(t *testing.T) { - conf.MustSet(config.ViperKeySelfServiceSettingsPrivilegedAuthenticationAfter, "1ns") + conf.MustSet(ctx, config.ViperKeySelfServiceSettingsPrivilegedAuthenticationAfter, "1ns") t.Cleanup(func() { - conf.MustSet(config.ViperKeySelfServiceSettingsPrivilegedAuthenticationAfter, "5m") + conf.MustSet(ctx, config.ViperKeySelfServiceSettingsPrivilegedAuthenticationAfter, "5m") }) id := createIdentityWithoutTOTP(t, reg) diff --git a/selfservice/strategy/webauthn/login.go b/selfservice/strategy/webauthn/login.go index f7188dfb2a6f..3408a1192c35 100644 --- a/selfservice/strategy/webauthn/login.go +++ b/selfservice/strategy/webauthn/login.go @@ -37,7 +37,7 @@ func (s *Strategy) PopulateLoginMethod(r *http.Request, requestedAAL identity.Au return nil } - if s.d.Config(r.Context()).WebAuthnForPasswordless() && (requestedAAL == identity.AuthenticatorAssuranceLevel1) { + if s.d.Config().WebAuthnForPasswordless(r.Context()) && (requestedAAL == identity.AuthenticatorAssuranceLevel1) { if err := s.populateLoginMethodForPasswordless(r, sr); errors.Is(err, ErrNoCredentials) { return nil } else if err != nil { @@ -51,7 +51,7 @@ func (s *Strategy) PopulateLoginMethod(r *http.Request, requestedAAL identity.Au return err } return nil - } else if !s.d.Config(r.Context()).WebAuthnForPasswordless() && (requestedAAL == identity.AuthenticatorAssuranceLevel2) { + } else if !s.d.Config().WebAuthnForPasswordless(r.Context()) && (requestedAAL == identity.AuthenticatorAssuranceLevel2) { // We have done proper validation before so this should never error sess, err := s.d.SessionManager().FetchFromRequest(r.Context(), r) if err != nil { @@ -147,7 +147,7 @@ func (s *Strategy) populateLoginMethod(r *http.Request, sr *login.Flow, i *ident } sr.UI.SetCSRF(s.d.GenerateCSRFToken(r)) - sr.UI.Nodes.Upsert(NewWebAuthnScript(urlx.AppendPaths(s.d.Config(r.Context()).SelfPublicURL(), webAuthnRoute).String(), jsOnLoad)) + sr.UI.Nodes.Upsert(NewWebAuthnScript(urlx.AppendPaths(s.d.Config().SelfPublicURL(r.Context()), webAuthnRoute).String(), jsOnLoad)) sr.UI.SetNode(NewWebAuthnLoginTrigger(string(injectWebAuthnOptions)). WithMetaLabel(label)) sr.UI.Nodes.Upsert(NewWebAuthnLoginInput()) @@ -213,11 +213,11 @@ func (s *Strategy) Login(w http.ResponseWriter, r *http.Request, f *login.Flow, return nil, s.handleLoginError(r, f, err) } - if err := flow.EnsureCSRF(s.d, r, f.Type, s.d.Config(r.Context()).DisableAPIFlowEnforcement(), s.d.GenerateCSRFToken, p.CSRFToken); err != nil { + if err := flow.EnsureCSRF(s.d, r, f.Type, s.d.Config().DisableAPIFlowEnforcement(r.Context()), s.d.GenerateCSRFToken, p.CSRFToken); err != nil { return nil, s.handleLoginError(r, f, err) } - if s.d.Config(r.Context()).WebAuthnForPasswordless() || f.IsForced() && f.RequestedAAL == identity.AuthenticatorAssuranceLevel1 { + if s.d.Config().WebAuthnForPasswordless(r.Context()) || f.IsForced() && f.RequestedAAL == identity.AuthenticatorAssuranceLevel1 { return s.loginPasswordless(w, r, f, ss, &p) } @@ -229,7 +229,7 @@ func (s *Strategy) loginPasswordless(w http.ResponseWriter, r *http.Request, f * return nil, s.handleLoginError(r, f, err) } - if err := flow.EnsureCSRF(s.d, r, f.Type, s.d.Config(r.Context()).DisableAPIFlowEnforcement(), s.d.GenerateCSRFToken, p.CSRFToken); err != nil { + if err := flow.EnsureCSRF(s.d, r, f.Type, s.d.Config().DisableAPIFlowEnforcement(r.Context()), s.d.GenerateCSRFToken, p.CSRFToken); err != nil { return nil, s.handleLoginError(r, f, err) } @@ -239,7 +239,7 @@ func (s *Strategy) loginPasswordless(w http.ResponseWriter, r *http.Request, f * i, _, err = s.d.PrivilegedIdentityPool().FindByCredentialsIdentifier(r.Context(), s.ID(), p.Identifier) if err != nil { - time.Sleep(x.RandomDelay(s.d.Config(r.Context()).HasherArgon2().ExpectedDuration, s.d.Config(r.Context()).HasherArgon2().ExpectedDeviation)) + time.Sleep(x.RandomDelay(s.d.Config().HasherArgon2(r.Context()).ExpectedDuration, s.d.Config().HasherArgon2(r.Context()).ExpectedDeviation)) return nil, s.handleLoginError(r, f, errors.WithStack(schema.NewNoWebAuthnCredentials())) } @@ -264,11 +264,11 @@ func (s *Strategy) loginPasswordless(w http.ResponseWriter, r *http.Request, f * return nil, s.handleLoginError(r, f, err) } - redirectTo := f.AppendTo(s.d.Config(r.Context()).SelfServiceFlowLoginUI()).String() + redirectTo := f.AppendTo(s.d.Config().SelfServiceFlowLoginUI(r.Context())).String() if x.IsJSONRequest(r) { s.d.Writer().WriteError(w, r, flow.NewBrowserLocationChangeRequiredError(redirectTo)) } else { - http.Redirect(w, r, f.AppendTo(s.d.Config(r.Context()).SelfServiceFlowLoginUI()).String(), http.StatusSeeOther) + http.Redirect(w, r, f.AppendTo(s.d.Config().SelfServiceFlowLoginUI(r.Context())).String(), http.StatusSeeOther) } return nil, errors.WithStack(flow.ErrCompletedByStrategy) diff --git a/selfservice/strategy/webauthn/login_test.go b/selfservice/strategy/webauthn/login_test.go index d790611b5703..016e861226d7 100644 --- a/selfservice/strategy/webauthn/login_test.go +++ b/selfservice/strategy/webauthn/login_test.go @@ -71,7 +71,7 @@ var loginFixtureSuccessEmail = gjson.GetBytes(loginFixtureSuccessIdentity, "trai func TestCompleteLogin(t *testing.T) { conf, reg := internal.NewFastRegistryWithMocks(t) - conf.MustSet(config.ViperKeySelfServiceStrategyConfig+"."+string(identity.CredentialsTypePassword)+".enabled", false) + conf.MustSet(ctx, config.ViperKeySelfServiceStrategyConfig+"."+string(identity.CredentialsTypePassword)+".enabled", false) enableWebAuthn(conf) router := x.NewRouterPublic() @@ -82,11 +82,11 @@ func TestCompleteLogin(t *testing.T) { redirTS := testhelpers.NewRedirSessionEchoTS(t, reg) // Overwrite these two to make it more explicit when tests fail - conf.MustSet(config.ViperKeySelfServiceErrorUI, errTS.URL+"/error-ts") - conf.MustSet(config.ViperKeySelfServiceLoginUI, uiTS.URL+"/login-ts") + conf.MustSet(ctx, config.ViperKeySelfServiceErrorUI, errTS.URL+"/error-ts") + conf.MustSet(ctx, config.ViperKeySelfServiceLoginUI, uiTS.URL+"/login-ts") testhelpers.SetDefaultIdentitySchema(conf, "file://./stub/login.schema.json") - conf.MustSet(config.ViperKeySecretsDefault, []string{"not-a-secure-session-key"}) + conf.MustSet(ctx, config.ViperKeySecretsDefault, []string{"not-a-secure-session-key"}) checkURL := func(t *testing.T, shouldRedirect bool, res *http.Response) { if shouldRedirect { @@ -155,9 +155,9 @@ func TestCompleteLogin(t *testing.T) { } t.Run("flow=refresh", func(t *testing.T) { - conf.MustSet(config.ViperKeySessionWhoAmIAAL, "aal1") + conf.MustSet(ctx, config.ViperKeySessionWhoAmIAAL, "aal1") t.Cleanup(func() { - conf.MustSet(config.ViperKeySessionWhoAmIAAL, nil) + conf.MustSet(ctx, config.ViperKeySessionWhoAmIAAL, nil) }) run := func(t *testing.T, id *identity.Identity, context, response []byte, isSPA bool, expectedAAL identity.AuthenticatorAssuranceLevel) { @@ -196,7 +196,7 @@ func TestCompleteLogin(t *testing.T) { true, false, } { - conf.MustSet(config.ViperKeyWebAuthnPasswordless, e) + conf.MustSet(ctx, config.ViperKeyWebAuthnPasswordless, e) expectedAAL := identity.AuthenticatorAssuranceLevel1 if !e { // If passwordless is disabled, using WebAuthn means that we have a second factor enabled. @@ -256,7 +256,7 @@ func TestCompleteLogin(t *testing.T) { t.Run("case=no webauth credentials", func(t *testing.T) { for _, e := range []bool{true, false} { - conf.MustSet(config.ViperKeyWebAuthnPasswordless, e) + conf.MustSet(ctx, config.ViperKeyWebAuthnPasswordless, e) t.Run(fmt.Sprintf("passwordless=%v", e), func(t *testing.T) { for _, f := range []string{"browser", "spa"} { t.Run(f, func(t *testing.T) { @@ -279,9 +279,9 @@ func TestCompleteLogin(t *testing.T) { }) t.Run("flow=passwordless", func(t *testing.T) { - conf.MustSet(config.ViperKeyWebAuthnPasswordless, true) + conf.MustSet(ctx, config.ViperKeyWebAuthnPasswordless, true) t.Cleanup(func() { - conf.MustSet(config.ViperKeyWebAuthnPasswordless, false) + conf.MustSet(ctx, config.ViperKeyWebAuthnPasswordless, false) }) t.Run("case=webauthn button exists", func(t *testing.T) { diff --git a/selfservice/strategy/webauthn/registration.go b/selfservice/strategy/webauthn/registration.go index a22b43798814..e410af655ab2 100644 --- a/selfservice/strategy/webauthn/registration.go +++ b/selfservice/strategy/webauthn/registration.go @@ -79,11 +79,11 @@ func (s *Strategy) handleRegistrationError(_ http.ResponseWriter, r *http.Reques } func (s *Strategy) decode(p *submitSelfServiceRegistrationFlowWithWebAuthnMethodBody, r *http.Request) error { - return registration.DecodeBody(p, r, s.hd, s.d.Config(r.Context()), registrationSchema) + return registration.DecodeBody(p, r, s.hd, s.d.Config(), registrationSchema) } func (s *Strategy) Register(w http.ResponseWriter, r *http.Request, f *registration.Flow, i *identity.Identity) (err error) { - if f.Type != flow.TypeBrowser || !s.d.Config(r.Context()).WebAuthnForPasswordless() { + if f.Type != flow.TypeBrowser || !s.d.Config().WebAuthnForPasswordless(r.Context()) { return flow.ErrStrategyNotResponsible } @@ -92,7 +92,7 @@ func (s *Strategy) Register(w http.ResponseWriter, r *http.Request, f *registrat return s.handleRegistrationError(w, r, f, &p, err) } - if err := flow.EnsureCSRF(s.d, r, f.Type, s.d.Config(r.Context()).DisableAPIFlowEnforcement(), s.d.GenerateCSRFToken, p.CSRFToken); err != nil { + if err := flow.EnsureCSRF(s.d, r, f.Type, s.d.Config().DisableAPIFlowEnforcement(r.Context()), s.d.GenerateCSRFToken, p.CSRFToken); err != nil { return s.handleRegistrationError(w, r, f, &p, err) } @@ -139,7 +139,7 @@ func (s *Strategy) Register(w http.ResponseWriter, r *http.Request, f *registrat wc := CredentialFromWebAuthn(credential, true) wc.AddedAt = time.Now().UTC().Round(time.Second) wc.DisplayName = p.RegisterDisplayName - wc.IsPasswordless = s.d.Config(r.Context()).WebAuthnForPasswordless() + wc.IsPasswordless = s.d.Config().WebAuthnForPasswordless(r.Context()) cc.UserHandle = webAuthnSess.UserID cc.Credentials = append(cc.Credentials, *wc) @@ -167,11 +167,11 @@ func (s *Strategy) Register(w http.ResponseWriter, r *http.Request, f *registrat } func (s *Strategy) PopulateRegistrationMethod(r *http.Request, f *registration.Flow) error { - if f.Type != flow.TypeBrowser || !s.d.Config(r.Context()).WebAuthnForPasswordless() { + if f.Type != flow.TypeBrowser || !s.d.Config().WebAuthnForPasswordless(r.Context()) { return nil } - ds, err := s.d.Config(r.Context()).DefaultIdentityTraitsSchemaURL() + ds, err := s.d.Config().DefaultIdentityTraitsSchemaURL(r.Context()) if err != nil { return err } @@ -206,7 +206,7 @@ func (s *Strategy) PopulateRegistrationMethod(r *http.Request, f *registration.F return errors.WithStack(err) } - f.UI.Nodes.Upsert(NewWebAuthnScript(urlx.AppendPaths(s.d.Config(r.Context()).SelfPublicURL(), webAuthnRoute).String(), jsOnLoad)) + f.UI.Nodes.Upsert(NewWebAuthnScript(urlx.AppendPaths(s.d.Config().SelfPublicURL(r.Context()), webAuthnRoute).String(), jsOnLoad)) f.UI.Nodes.Upsert(NewWebAuthnConnectionName()) f.UI.Nodes.Upsert(NewWebAuthnConnectionInput()) f.UI.Nodes.Upsert(NewWebAuthnConnectionTrigger(string(injectWebAuthnOptions)). diff --git a/selfservice/strategy/webauthn/registration_test.go b/selfservice/strategy/webauthn/registration_test.go index 6a7bf63f564a..6a675cad0413 100644 --- a/selfservice/strategy/webauthn/registration_test.go +++ b/selfservice/strategy/webauthn/registration_test.go @@ -45,15 +45,15 @@ func flowToIsSPA(flow string) bool { func newRegistrationRegistry(t *testing.T) *driver.RegistryDefault { conf, reg := internal.NewFastRegistryWithMocks(t) - conf.MustSet(config.ViperKeySelfServiceStrategyConfig+"."+string(identity.CredentialsTypePassword)+".enabled", true) + conf.MustSet(ctx, config.ViperKeySelfServiceStrategyConfig+"."+string(identity.CredentialsTypePassword)+".enabled", true) enableWebAuthn(conf) - conf.MustSet(config.ViperKeyWebAuthnPasswordless, true) + conf.MustSet(ctx, config.ViperKeyWebAuthnPasswordless, true) return reg } func TestRegistration(t *testing.T) { reg := newRegistrationRegistry(t) - conf := reg.Config(context.Background()) + conf := reg.Config() router := x.NewRouterPublic() publicTS, _ := testhelpers.NewKratosServerWithRouters(t, reg, router, x.NewRouterAdmin()) @@ -63,7 +63,7 @@ func TestRegistration(t *testing.T) { _ = testhelpers.NewRedirSessionEchoTS(t, reg) testhelpers.SetDefaultIdentitySchema(conf, "file://./stub/registration.schema.json") - conf.MustSet(config.ViperKeySecretsDefault, []string{"not-a-secure-session-key"}) + conf.MustSet(ctx, config.ViperKeySecretsDefault, []string{"not-a-secure-session-key"}) redirTS := testhelpers.NewRedirSessionEchoTS(t, reg) redirNoSessionTS := testhelpers.NewRedirNoSessionTS(t, reg) @@ -71,8 +71,8 @@ func TestRegistration(t *testing.T) { // set the "return to" server, which will assert the session state // (redirTS: enforce that a session exists, redirNoSessionTS: enforce that no session exists) var useReturnToFromTS = func(ts *httptest.Server) { - conf.MustSet(config.ViperKeySelfServiceBrowserDefaultReturnTo, ts.URL+"/default-return-to") - conf.MustSet(config.ViperKeySelfServiceRegistrationAfter+"."+config.DefaultBrowserReturnURL, ts.URL+"/registration-return-ts") + conf.MustSet(ctx, config.ViperKeySelfServiceBrowserDefaultReturnTo, ts.URL+"/default-return-to") + conf.MustSet(ctx, config.ViperKeySelfServiceRegistrationAfter+"."+config.DefaultBrowserReturnURL, ts.URL+"/registration-return-ts") } useReturnToFromTS(redirTS) @@ -115,9 +115,9 @@ func TestRegistration(t *testing.T) { }) t.Run("case=webauthn button does not exist when passwordless is disabled", func(t *testing.T) { - conf.MustSet(config.ViperKeyWebAuthnPasswordless, false) + conf.MustSet(ctx, config.ViperKeyWebAuthnPasswordless, false) t.Cleanup(func() { - conf.MustSet(config.ViperKeyWebAuthnPasswordless, true) + conf.MustSet(ctx, config.ViperKeyWebAuthnPasswordless, true) }) for _, f := range flows { t.Run(f, func(t *testing.T) { @@ -260,7 +260,7 @@ func TestRegistration(t *testing.T) { t.Run("successful registration", func(t *testing.T) { t.Cleanup(func() { - conf.MustSet(config.HookStrategyKey(config.ViperKeySelfServiceRegistrationAfter, identity.CredentialsTypeWebAuthn.String()), nil) + conf.MustSet(ctx, config.HookStrategyKey(config.ViperKeySelfServiceRegistrationAfter, identity.CredentialsTypeWebAuthn.String()), nil) }) var values = func(email string) func(v url.Values) { @@ -277,7 +277,7 @@ func TestRegistration(t *testing.T) { t.Cleanup(func() { useReturnToFromTS(redirTS) }) - conf.MustSet(config.HookStrategyKey(config.ViperKeySelfServiceRegistrationAfter, identity.CredentialsTypePassword.String()), nil) + conf.MustSet(ctx, config.HookStrategyKey(config.ViperKeySelfServiceRegistrationAfter, identity.CredentialsTypePassword.String()), nil) for _, f := range flows { t.Run("type="+f, func(t *testing.T) { @@ -299,9 +299,9 @@ func TestRegistration(t *testing.T) { }) t.Run("case=should create the identity and a session and use the correct schema", func(t *testing.T) { - conf.MustSet(config.HookStrategyKey(config.ViperKeySelfServiceRegistrationAfter, identity.CredentialsTypeWebAuthn.String()), []config.SelfServiceHook{{Name: "session"}}) - conf.MustSet(config.ViperKeyDefaultIdentitySchemaID, "advanced-user") - conf.MustSet(config.ViperKeyIdentitySchemas, config.Schemas{ + conf.MustSet(ctx, config.HookStrategyKey(config.ViperKeySelfServiceRegistrationAfter, identity.CredentialsTypeWebAuthn.String()), []config.SelfServiceHook{{Name: "session"}}) + conf.MustSet(ctx, config.ViperKeyDefaultIdentitySchemaID, "advanced-user") + conf.MustSet(ctx, config.ViperKeyIdentitySchemas, config.Schemas{ {ID: "does-not-exist", URL: "file://./stub/profile.schema.json"}, {ID: "advanced-user", URL: "file://./stub/registration.schema.json"}, }) @@ -324,7 +324,7 @@ func TestRegistration(t *testing.T) { }) t.Run("case=not able to create the same account twice", func(t *testing.T) { - conf.MustSet(config.HookStrategyKey(config.ViperKeySelfServiceRegistrationAfter, identity.CredentialsTypeWebAuthn.String()), []config.SelfServiceHook{{Name: "session"}}) + conf.MustSet(ctx, config.HookStrategyKey(config.ViperKeySelfServiceRegistrationAfter, identity.CredentialsTypeWebAuthn.String()), []config.SelfServiceHook{{Name: "session"}}) testhelpers.SetDefaultIdentitySchema(conf, "file://./stub/registration.schema.json") for _, f := range flows { @@ -342,7 +342,7 @@ func TestRegistration(t *testing.T) { }) t.Run("case=reset previous form errors", func(t *testing.T) { - conf.MustSet(config.HookStrategyKey(config.ViperKeySelfServiceRegistrationAfter, identity.CredentialsTypeWebAuthn.String()), []config.SelfServiceHook{{Name: "session"}}) + conf.MustSet(ctx, config.HookStrategyKey(config.ViperKeySelfServiceRegistrationAfter, identity.CredentialsTypeWebAuthn.String()), []config.SelfServiceHook{{Name: "session"}}) testhelpers.SetDefaultIdentitySchema(conf, "file://./stub/registration.schema.json") for _, f := range flows { diff --git a/selfservice/strategy/webauthn/settings.go b/selfservice/strategy/webauthn/settings.go index 751dd8b4200e..3cf41d3bc9fb 100644 --- a/selfservice/strategy/webauthn/settings.go +++ b/selfservice/strategy/webauthn/settings.go @@ -145,11 +145,11 @@ func (s *Strategy) continueSettingsFlow( return err } - if err := flow.EnsureCSRF(s.d, r, ctxUpdate.Flow.Type, s.d.Config(r.Context()).DisableAPIFlowEnforcement(), s.d.GenerateCSRFToken, p.CSRFToken); err != nil { + if err := flow.EnsureCSRF(s.d, r, ctxUpdate.Flow.Type, s.d.Config().DisableAPIFlowEnforcement(r.Context()), s.d.GenerateCSRFToken, p.CSRFToken); err != nil { return err } - if ctxUpdate.Session.AuthenticatedAt.Add(s.d.Config(r.Context()).SelfServiceFlowSettingsPrivilegedSessionMaxAge()).Before(time.Now()) { + if ctxUpdate.Session.AuthenticatedAt.Add(s.d.Config().SelfServiceFlowSettingsPrivilegedSessionMaxAge(r.Context())).Before(time.Now()) { return errors.WithStack(settings.NewFlowNeedsReAuth()) } } else { @@ -259,10 +259,10 @@ func (s *Strategy) continueSettingsFlowAdd(w http.ResponseWriter, r *http.Reques return errors.WithStack(herodot.ErrInternalServerError.WithReasonf("Unable to decode identity credentials.").WithDebug(err.Error())) } - wc := CredentialFromWebAuthn(credential, s.d.Config(r.Context()).WebAuthnForPasswordless()) + wc := CredentialFromWebAuthn(credential, s.d.Config().WebAuthnForPasswordless(r.Context())) wc.AddedAt = time.Now().UTC().Round(time.Second) wc.DisplayName = p.RegisterDisplayName - wc.IsPasswordless = s.d.Config(r.Context()).WebAuthnForPasswordless() + wc.IsPasswordless = s.d.Config().WebAuthnForPasswordless(r.Context()) cc.UserHandle = ctxUpdate.Session.IdentityID[:] cc.Credentials = append(cc.Credentials, *wc) @@ -287,7 +287,7 @@ func (s *Strategy) continueSettingsFlowAdd(w http.ResponseWriter, r *http.Reques } aal := identity.AuthenticatorAssuranceLevel1 - if !s.d.Config(r.Context()).WebAuthnForPasswordless() { + if !s.d.Config().WebAuthnForPasswordless(r.Context()) { aal = identity.AuthenticatorAssuranceLevel2 } @@ -371,7 +371,7 @@ func (s *Strategy) PopulateSettingsMethod(r *http.Request, id *identity.Identity return errors.WithStack(err) } - f.UI.Nodes.Upsert(NewWebAuthnScript(urlx.AppendPaths(s.d.Config(r.Context()).SelfPublicURL(), webAuthnRoute).String(), jsOnLoad)) + f.UI.Nodes.Upsert(NewWebAuthnScript(urlx.AppendPaths(s.d.Config().SelfPublicURL(r.Context()), webAuthnRoute).String(), jsOnLoad)) f.UI.Nodes.Upsert(NewWebAuthnConnectionName()) f.UI.Nodes.Upsert(NewWebAuthnConnectionTrigger(string(injectWebAuthnOptions)). WithMetaLabel(text.NewInfoSelfServiceSettingsRegisterWebAuthn())) diff --git a/selfservice/strategy/webauthn/settings_test.go b/selfservice/strategy/webauthn/settings_test.go index dcc01c43e3b3..0094997a4d0f 100644 --- a/selfservice/strategy/webauthn/settings_test.go +++ b/selfservice/strategy/webauthn/settings_test.go @@ -59,7 +59,7 @@ func createIdentityWithoutWebAuthn(t *testing.T, reg driver.Registry) *identity. func createIdentityAndReturnIdentifier(t *testing.T, reg driver.Registry, conf []byte) (*identity.Identity, string) { identifier := x.NewUUID().String() + "@ory.sh" password := x.NewUUID().String() - p, err := reg.Hasher().Generate(context.Background(), []byte(password)) + p, err := reg.Hasher(ctx).Generate(context.Background(), []byte(password)) require.NoError(t, err) i := &identity.Identity{ Traits: identity.Traits(fmt.Sprintf(`{"subject":"%s"}`, identifier)), @@ -97,10 +97,10 @@ func createIdentity(t *testing.T, reg driver.Registry) *identity.Identity { } func enableWebAuthn(conf *config.Config) { - conf.MustSet(config.ViperKeySelfServiceStrategyConfig+"."+string(identity.CredentialsTypeWebAuthn)+".enabled", true) - conf.MustSet(config.ViperKeySelfServiceStrategyConfig+"."+string(identity.CredentialsTypeWebAuthn)+".config.rp.display_name", "Ory Corp") - conf.MustSet(config.ViperKeySelfServiceStrategyConfig+"."+string(identity.CredentialsTypeWebAuthn)+".config.rp.id", "localhost") - conf.MustSet(config.ViperKeySelfServiceStrategyConfig+"."+string(identity.CredentialsTypeWebAuthn)+".config.rp.origin", "http://localhost:4455") + conf.MustSet(ctx, config.ViperKeySelfServiceStrategyConfig+"."+string(identity.CredentialsTypeWebAuthn)+".enabled", true) + conf.MustSet(ctx, config.ViperKeySelfServiceStrategyConfig+"."+string(identity.CredentialsTypeWebAuthn)+".config.rp.display_name", "Ory Corp") + conf.MustSet(ctx, config.ViperKeySelfServiceStrategyConfig+"."+string(identity.CredentialsTypeWebAuthn)+".config.rp.id", "localhost") + conf.MustSet(ctx, config.ViperKeySelfServiceStrategyConfig+"."+string(identity.CredentialsTypeWebAuthn)+".config.rp.origin", "http://localhost:4455") } func ensureReplacement(t *testing.T, index string, ui kratos.UiContainer, expected string) { @@ -113,10 +113,10 @@ var ctx = context.Background() func TestCompleteSettings(t *testing.T) { conf, reg := internal.NewFastRegistryWithMocks(t) - conf.MustSet(config.ViperKeySelfServiceStrategyConfig+"."+string(identity.CredentialsTypePassword)+".enabled", false) + conf.MustSet(ctx, config.ViperKeySelfServiceStrategyConfig+"."+string(identity.CredentialsTypePassword)+".enabled", false) enableWebAuthn(conf) - conf.MustSet(config.ViperKeySelfServiceStrategyConfig+".profile.enabled", false) - conf.MustSet(config.ViperKeySelfServiceSettingsRequiredAAL, "aal1") + conf.MustSet(ctx, config.ViperKeySelfServiceStrategyConfig+".profile.enabled", false) + conf.MustSet(ctx, config.ViperKeySelfServiceSettingsRequiredAAL, "aal1") router := x.NewRouterPublic() publicTS, _ := testhelpers.NewKratosServerWithRouters(t, reg, router, x.NewRouterAdmin()) @@ -126,10 +126,10 @@ func TestCompleteSettings(t *testing.T) { _ = testhelpers.NewRedirSessionEchoTS(t, reg) loginTS := testhelpers.NewLoginUIFlowEchoServer(t, reg) - conf.MustSet(config.ViperKeySelfServiceSettingsPrivilegedAuthenticationAfter, "1m") + conf.MustSet(ctx, config.ViperKeySelfServiceSettingsPrivilegedAuthenticationAfter, "1m") testhelpers.SetDefaultIdentitySchema(conf, "file://./stub/settings.schema.json") - conf.MustSet(config.ViperKeySecretsDefault, []string{"not-a-secure-session-key"}) + conf.MustSet(ctx, config.ViperKeySecretsDefault, []string{"not-a-secure-session-key"}) t.Run("case=a device is shown which can be unlinked", func(t *testing.T) { id := createIdentity(t, reg) @@ -273,9 +273,9 @@ func TestCompleteSettings(t *testing.T) { }) t.Run("case=requires privileged session for register", func(t *testing.T) { - conf.MustSet(config.ViperKeySelfServiceSettingsPrivilegedAuthenticationAfter, "1ns") + conf.MustSet(ctx, config.ViperKeySelfServiceSettingsPrivilegedAuthenticationAfter, "1ns") t.Cleanup(func() { - conf.MustSet(config.ViperKeySelfServiceSettingsPrivilegedAuthenticationAfter, "5m") + conf.MustSet(ctx, config.ViperKeySelfServiceSettingsPrivilegedAuthenticationAfter, "5m") }) run := func(t *testing.T, spa bool) { @@ -356,9 +356,9 @@ func TestCompleteSettings(t *testing.T) { }) t.Run("case=fails to remove security key if it is passwordless and the last credential available", func(t *testing.T) { - conf.MustSet(config.ViperKeyWebAuthnPasswordless, true) + conf.MustSet(ctx, config.ViperKeyWebAuthnPasswordless, true) t.Cleanup(func() { - conf.MustSet(config.ViperKeyWebAuthnPasswordless, false) + conf.MustSet(ctx, config.ViperKeyWebAuthnPasswordless, false) }) run := func(t *testing.T, spa bool) { diff --git a/selfservice/strategy/webauthn/strategy.go b/selfservice/strategy/webauthn/strategy.go index 3b8f53d25b08..f2cd9a704a4b 100644 --- a/selfservice/strategy/webauthn/strategy.go +++ b/selfservice/strategy/webauthn/strategy.go @@ -112,8 +112,8 @@ func (s *Strategy) NodeGroup() node.UiNodeGroup { } func (s *Strategy) newWebAuthn(ctx context.Context) (*webauthn.WebAuthn, error) { - c := s.d.Config(ctx) - web, err := webauthn.New(c.WebAuthnConfig()) + c := s.d.Config() + web, err := webauthn.New(c.WebAuthnConfig(ctx)) if err != nil { return nil, errors.WithStack(err) } @@ -123,7 +123,7 @@ func (s *Strategy) newWebAuthn(ctx context.Context) (*webauthn.WebAuthn, error) func (s *Strategy) CompletedAuthenticationMethod(ctx context.Context) session.AuthenticationMethod { aal := identity.AuthenticatorAssuranceLevel1 - if !s.d.Config(ctx).WebAuthnForPasswordless() { + if !s.d.Config().WebAuthnForPasswordless(ctx) { aal = identity.AuthenticatorAssuranceLevel2 } return session.AuthenticationMethod{ diff --git a/selfservice/strategy/webauthn/strategy_test.go b/selfservice/strategy/webauthn/strategy_test.go index 7d0748375f2a..5dcc30c6f799 100644 --- a/selfservice/strategy/webauthn/strategy_test.go +++ b/selfservice/strategy/webauthn/strategy_test.go @@ -25,7 +25,7 @@ func TestCompletedAuthenticationMethod(t *testing.T) { AAL: identity.AuthenticatorAssuranceLevel2, }, strategy.CompletedAuthenticationMethod(context.Background())) - conf.MustSet(config.ViperKeyWebAuthnPasswordless, true) + conf.MustSet(ctx, config.ViperKeyWebAuthnPasswordless, true) assert.Equal(t, session.AuthenticationMethod{ Method: strategy.ID(), AAL: identity.AuthenticatorAssuranceLevel1, diff --git a/session/handler.go b/session/handler.go index 5f6ec9de752e..1800016be73a 100644 --- a/session/handler.go +++ b/session/handler.go @@ -183,8 +183,8 @@ func (h *Handler) whoami(w http.ResponseWriter, r *http.Request, ps httprouter.P } var aalErr *ErrAALNotSatisfied - c := h.r.Config(r.Context()) - if err := h.r.SessionManager().DoesSessionSatisfy(r, s, c.SessionWhoAmIAAL()); errors.As(err, &aalErr) { + c := h.r.Config() + if err := h.r.SessionManager().DoesSessionSatisfy(r, s, c.SessionWhoAmIAAL(r.Context())); errors.As(err, &aalErr) { h.r.Audit().WithRequest(r).WithError(err).Info("Session was found but AAL is not satisfied for calling this endpoint.") h.r.Writer().WriteError(w, r, err) return @@ -513,9 +513,9 @@ func (h *Handler) adminSessionExtend(w http.ResponseWriter, r *http.Request, ps return } - c := h.r.Config(r.Context()) - if s.CanBeRefreshed(c) { - if err := h.r.SessionPersister().UpsertSession(r.Context(), s.Refresh(c)); err != nil { + c := h.r.Config() + if s.CanBeRefreshed(r.Context(), c) { + if err := h.r.SessionPersister().UpsertSession(r.Context(), s.Refresh(r.Context(), c)); err != nil { h.r.Writer().WriteError(w, r, err) return } @@ -546,9 +546,10 @@ func (h *Handler) IsNotAuthenticated(wrap httprouter.Handle, onAuthenticated htt func RedirectOnAuthenticated(d interface{ config.Provider }) httprouter.Handle { return func(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { - returnTo, err := x.SecureRedirectTo(r, d.Config(r.Context()).SelfServiceBrowserDefaultReturnTo(), x.SecureRedirectAllowSelfServiceURLs(d.Config(r.Context()).SelfPublicURL())) + ctx := r.Context() + returnTo, err := x.SecureRedirectTo(r, d.Config().SelfServiceBrowserDefaultReturnTo(ctx), x.SecureRedirectAllowSelfServiceURLs(d.Config().SelfPublicURL(ctx))) if err != nil { - http.Redirect(w, r, d.Config(r.Context()).SelfServiceBrowserDefaultReturnTo().String(), http.StatusFound) + http.Redirect(w, r, d.Config().SelfServiceBrowserDefaultReturnTo(ctx).String(), http.StatusFound) return } diff --git a/session/handler_test.go b/session/handler_test.go index 92755f90d865..90652d109772 100644 --- a/session/handler_test.go +++ b/session/handler_test.go @@ -72,9 +72,10 @@ func assertNoCSRFCookieInResponse(t *testing.T, _ *httptest.Server, _ *http.Clie func TestSessionWhoAmI(t *testing.T) { conf, reg := internal.NewFastRegistryWithMocks(t) ts, _, r, _ := testhelpers.NewKratosServerWithCSRFAndRouters(t, reg) + ctx := context.Background() // set this intermediate because kratos needs some valid url for CRUDE operations - conf.MustSet(config.ViperKeyPublicBaseURL, "http://example.com") + conf.MustSet(ctx, config.ViperKeyPublicBaseURL, "http://example.com") i := &identity.Identity{ ID: x.NewUUID(), State: identity.StateActive, @@ -91,7 +92,7 @@ func TestSessionWhoAmI(t *testing.T) { h, _ := testhelpers.MockSessionCreateHandlerWithIdentity(t, reg, i) r.GET("/set", h) - conf.MustSet(config.ViperKeyPublicBaseURL, ts.URL) + conf.MustSet(ctx, config.ViperKeyPublicBaseURL, ts.URL) t.Run("case=aal requirements", func(t *testing.T) { h1, _ := testhelpers.MockSessionCreateHandlerWithIdentityAndAMR(t, reg, createAAL2Identity(t, reg), []identity.CredentialsType{identity.CredentialsTypePassword, identity.CredentialsTypeWebAuthn}) @@ -115,28 +116,28 @@ func TestSessionWhoAmI(t *testing.T) { } t.Run("case=aal2-aal2", func(t *testing.T) { - conf.MustSet(config.ViperKeySessionWhoAmIAAL, config.HighestAvailableAAL) + conf.MustSet(ctx, config.ViperKeySessionWhoAmIAAL, config.HighestAvailableAAL) run(t, "aal2-aal2", http.StatusOK) }) t.Run("case=aal2-aal2", func(t *testing.T) { - conf.MustSet(config.ViperKeySessionWhoAmIAAL, "aal1") + conf.MustSet(ctx, config.ViperKeySessionWhoAmIAAL, "aal1") run(t, "aal2-aal2", http.StatusOK) }) t.Run("case=aal2-aal1", func(t *testing.T) { - conf.MustSet(config.ViperKeySessionWhoAmIAAL, config.HighestAvailableAAL) + conf.MustSet(ctx, config.ViperKeySessionWhoAmIAAL, config.HighestAvailableAAL) body := run(t, "aal2-aal1", http.StatusForbidden) assert.EqualValues(t, NewErrAALNotSatisfied("").Reason(), gjson.Get(body, "error.reason").String(), body) }) t.Run("case=aal2-aal1", func(t *testing.T) { - conf.MustSet(config.ViperKeySessionWhoAmIAAL, "aal1") + conf.MustSet(ctx, config.ViperKeySessionWhoAmIAAL, "aal1") run(t, "aal2-aal1", http.StatusOK) }) t.Run("case=aal1-aal1", func(t *testing.T) { - conf.MustSet(config.ViperKeySessionWhoAmIAAL, config.HighestAvailableAAL) + conf.MustSet(ctx, config.ViperKeySessionWhoAmIAAL, config.HighestAvailableAAL) run(t, "aal1-aal1", http.StatusOK) }) }) @@ -182,10 +183,10 @@ func TestSessionWhoAmI(t *testing.T) { /* t.Run("case=respects AAL config", func(t *testing.T) { - conf.MustSet(config.ViperKeySessionLifespan, "1m") + conf.MustSet(ctx, config.ViperKeySessionLifespan, "1m") t.Run("required_aal=aal1", func(t *testing.T) { - conf.MustSet(config.ViperKeySelfServiceSettingsRequiredAAL, "aal1") + conf.MustSet(ctx, config.ViperKeySelfServiceSettingsRequiredAAL, "aal1") i := identity.Identity{Traits: []byte("{}"), State: identity.StateActive} require.NoError(t, reg.PrivilegedIdentityPool().CreateIdentity(context.Background(), &i)) @@ -238,27 +239,27 @@ func TestSessionWhoAmI(t *testing.T) { } t.Run("fulfilled for aal2 if identity has aal2", func(t *testing.T) { - conf.MustSet(config.ViperKeySessionWhoAmIAAL, config.HighestAvailableAAL) + conf.MustSet(ctx, config.ViperKeySessionWhoAmIAAL, config.HighestAvailableAAL) run(t, []identity.CredentialsType{identity.CredentialsTypePassword, identity.CredentialsTypeWebAuthn}, 200, &idAAL2) }) t.Run("rejected for aal1 if identity has aal2", func(t *testing.T) { - conf.MustSet(config.ViperKeySessionWhoAmIAAL, config.HighestAvailableAAL) + conf.MustSet(ctx, config.ViperKeySessionWhoAmIAAL, config.HighestAvailableAAL) run(t, []identity.CredentialsType{identity.CredentialsTypePassword}, 403, &idAAL2) }) t.Run("fulfilled for aal1 if identity has aal2 but config is aal1", func(t *testing.T) { - conf.MustSet(config.ViperKeySessionWhoAmIAAL, "aal1") + conf.MustSet(ctx, config.ViperKeySessionWhoAmIAAL, "aal1") run(t, []identity.CredentialsType{identity.CredentialsTypePassword}, 200, &idAAL2) }) t.Run("fulfilled for aal2 if identity has aal1", func(t *testing.T) { - conf.MustSet(config.ViperKeySessionWhoAmIAAL, config.HighestAvailableAAL) + conf.MustSet(ctx, config.ViperKeySessionWhoAmIAAL, config.HighestAvailableAAL) run(t, []identity.CredentialsType{identity.CredentialsTypePassword, identity.CredentialsTypeWebAuthn}, 200, &idAAL1) }) t.Run("fulfilled for aal1 if identity has aal1", func(t *testing.T) { - conf.MustSet(config.ViperKeySessionWhoAmIAAL, config.HighestAvailableAAL) + conf.MustSet(ctx, config.ViperKeySessionWhoAmIAAL, config.HighestAvailableAAL) run(t, []identity.CredentialsType{identity.CredentialsTypePassword}, 200, &idAAL1) }) }) @@ -267,13 +268,14 @@ func TestSessionWhoAmI(t *testing.T) { } func TestIsNotAuthenticatedSecurecookie(t *testing.T) { + ctx := context.Background() conf, reg := internal.NewFastRegistryWithMocks(t) r := x.NewRouterPublic() r.GET("/public/with-callback", reg.SessionHandler().IsNotAuthenticated(send(http.StatusOK), send(http.StatusBadRequest))) ts := httptest.NewServer(r) defer ts.Close() - conf.MustSet(config.ViperKeyPublicBaseURL, ts.URL) + conf.MustSet(ctx, config.ViperKeyPublicBaseURL, ts.URL) c := testhelpers.NewClientWithCookies(t) c.Jar.SetCookies(urlx.ParseOrPanic(ts.URL), []*http.Cookie{ @@ -294,10 +296,11 @@ func TestIsNotAuthenticatedSecurecookie(t *testing.T) { } func TestIsNotAuthenticated(t *testing.T) { + ctx := context.Background() conf, reg := internal.NewFastRegistryWithMocks(t) r := x.NewRouterPublic() // set this intermediate because kratos needs some valid url for CRUDE operations - conf.MustSet(config.ViperKeyPublicBaseURL, "http://example.com") + conf.MustSet(ctx, config.ViperKeyPublicBaseURL, "http://example.com") reg.WithCSRFHandler(new(x.FakeCSRFHandler)) h, _ := testhelpers.MockSessionCreateHandler(t, reg) @@ -307,7 +310,7 @@ func TestIsNotAuthenticated(t *testing.T) { ts := httptest.NewServer(r) defer ts.Close() - conf.MustSet(config.ViperKeyPublicBaseURL, ts.URL) + conf.MustSet(ctx, config.ViperKeyPublicBaseURL, ts.URL) sessionClient := testhelpers.NewClientWithCookies(t) testhelpers.MockHydrateCookieClient(t, sessionClient, ts.URL+"/set") @@ -349,6 +352,7 @@ func TestIsNotAuthenticated(t *testing.T) { } func TestIsAuthenticated(t *testing.T) { + ctx := context.Background() conf, reg := internal.NewFastRegistryWithMocks(t) reg.WithCSRFHandler(new(x.FakeCSRFHandler)) r := x.NewRouterPublic() @@ -359,7 +363,7 @@ func TestIsAuthenticated(t *testing.T) { r.GET("/privileged/without-callback", reg.SessionHandler().IsAuthenticated(send(http.StatusOK), nil)) ts := httptest.NewServer(r) defer ts.Close() - conf.MustSet(config.ViperKeyPublicBaseURL, ts.URL) + conf.MustSet(ctx, config.ViperKeyPublicBaseURL, ts.URL) sessionClient := testhelpers.NewClientWithCookies(t) testhelpers.MockHydrateCookieClient(t, sessionClient, ts.URL+"/set") @@ -406,9 +410,9 @@ func TestHandlerAdminSessionManagement(t *testing.T) { _, ts, _, _ := testhelpers.NewKratosServerWithCSRFAndRouters(t, reg) // set this intermediate because kratos needs some valid url for CRUDE operations - conf.MustSet(config.ViperKeyPublicBaseURL, "http://example.com") + conf.MustSet(ctx, config.ViperKeyPublicBaseURL, "http://example.com") testhelpers.SetDefaultIdentitySchema(conf, "file://./stub/identity.schema.json") - conf.MustSet(config.ViperKeyPublicBaseURL, ts.URL) + conf.MustSet(ctx, config.ViperKeyPublicBaseURL, ts.URL) t.Run("case=should return 202 after invalidating all sessions", func(t *testing.T) { client := testhelpers.NewClientWithCookies(t) @@ -530,9 +534,9 @@ func TestHandlerSelfServiceSessionManagement(t *testing.T) { ts, _, r, _ := testhelpers.NewKratosServerWithCSRFAndRouters(t, reg) // set this intermediate because kratos needs some valid url for CRUDE operations - conf.MustSet(config.ViperKeyPublicBaseURL, "http://example.com") + conf.MustSet(ctx, config.ViperKeyPublicBaseURL, "http://example.com") testhelpers.SetDefaultIdentitySchema(conf, "file://./stub/identity.schema.json") - conf.MustSet(config.ViperKeyPublicBaseURL, ts.URL) + conf.MustSet(ctx, config.ViperKeyPublicBaseURL, ts.URL) var setup func(t *testing.T) (*http.Client, *identity.Identity, *Session) { @@ -686,13 +690,14 @@ func TestHandlerSelfServiceSessionManagement(t *testing.T) { } func TestHandlerRefreshSessionBySessionID(t *testing.T) { + ctx := context.Background() conf, reg := internal.NewFastRegistryWithMocks(t) publicServer, adminServer, _, _ := testhelpers.NewKratosServerWithCSRFAndRouters(t, reg) // set this intermediate because kratos needs some valid url for CRUDE operations - conf.MustSet(config.ViperKeyPublicBaseURL, "http://example.com") + conf.MustSet(ctx, config.ViperKeyPublicBaseURL, "http://example.com") testhelpers.SetDefaultIdentitySchema(conf, "file://./stub/identity.schema.json") - conf.MustSet(config.ViperKeyPublicBaseURL, adminServer.URL) + conf.MustSet(ctx, config.ViperKeyPublicBaseURL, adminServer.URL) i := identity.NewIdentity("") require.NoError(t, reg.IdentityManager().Create(context.Background(), i)) diff --git a/session/manager_http.go b/session/manager_http.go index c3d21fedbf7b..3b1e7a339601 100644 --- a/session/manager_http.go +++ b/session/manager_http.go @@ -44,7 +44,7 @@ func NewManagerHTTP(r managerHTTPDependencies) *ManagerHTTP { return &ManagerHTTP{ r: r, cookieName: func(ctx context.Context) string { - return r.Config(ctx).SessionName() + return r.Config().SessionName(ctx) }, } } @@ -91,15 +91,15 @@ func (s *ManagerHTTP) IssueCookie(ctx context.Context, w http.ResponseWriter, r return errors.WithStack(err) } - if s.r.Config(ctx).SessionPath() != "" { - cookie.Options.Path = s.r.Config(ctx).SessionPath() + if s.r.Config().SessionPath(ctx) != "" { + cookie.Options.Path = s.r.Config().SessionPath(ctx) } - if domain := s.r.Config(ctx).SessionDomain(); domain != "" { + if domain := s.r.Config().SessionDomain(ctx); domain != "" { cookie.Options.Domain = domain } - if alias := s.r.Config(ctx).SelfPublicURL(); s.r.Config(ctx).SelfPublicURL().String() != alias.String() { + if alias := s.r.Config().SelfPublicURL(ctx); s.r.Config().SelfPublicURL(ctx).String() != alias.String() { // If a domain alias is detected use that instead. cookie.Options.Domain = alias.Hostname() cookie.Options.Path = alias.Path @@ -114,14 +114,14 @@ func (s *ManagerHTTP) IssueCookie(ctx context.Context, w http.ResponseWriter, r _ = s.r.CSRFHandler().RegenerateToken(w, r) } - if s.r.Config(ctx).SessionSameSiteMode() != 0 { - cookie.Options.SameSite = s.r.Config(ctx).SessionSameSiteMode() + if s.r.Config().SessionSameSiteMode(ctx) != 0 { + cookie.Options.SameSite = s.r.Config().SessionSameSiteMode(ctx) } cookie.Options.MaxAge = 0 - if s.r.Config(ctx).SessionPersistentCookie() { + if s.r.Config().SessionPersistentCookie(ctx) { if session.ExpiresAt.IsZero() { - cookie.Options.MaxAge = int(s.r.Config(ctx).SessionLifespan().Seconds()) + cookie.Options.MaxAge = int(s.r.Config().SessionLifespan(ctx).Seconds()) } else { cookie.Options.MaxAge = int(time.Until(session.ExpiresAt).Seconds()) } @@ -254,7 +254,7 @@ func (s *ManagerHTTP) DoesSessionSatisfy(r *http.Request, sess *Session, request } return NewErrAALNotSatisfied( - urlx.CopyWithQuery(urlx.AppendPaths(s.r.Config(r.Context()).SelfPublicURL(), "/self-service/login/browser"), url.Values{"aal": {"aal2"}}).String()) + urlx.CopyWithQuery(urlx.AppendPaths(s.r.Config().SelfPublicURL(r.Context()), "/self-service/login/browser"), url.Values{"aal": {"aal2"}}).String()) } return errors.Errorf("requested unknown aal: %s", requestedAAL) } diff --git a/session/manager_http_test.go b/session/manager_http_test.go index 40508b251eef..4c93292bd89b 100644 --- a/session/manager_http_test.go +++ b/session/manager_http_test.go @@ -76,6 +76,8 @@ func createAAL1Identity(t *testing.T, reg driver.Registry) *identity.Identity { } func TestManagerHTTP(t *testing.T) { + ctx := context.Background() + t.Run("case=regenerate csrf on principal change", func(t *testing.T) { _, reg := internal.NewFastRegistryWithMocks(t) mock := new(mockCSRFHandler) @@ -88,12 +90,12 @@ func TestManagerHTTP(t *testing.T) { t.Run("case=cookie settings", func(t *testing.T) { ctx := context.Background() conf, reg := internal.NewFastRegistryWithMocks(t) - conf.MustSet("dev", false) + conf.MustSet(ctx, "dev", false) mock := new(mockCSRFHandler) reg.WithCSRFHandler(mock) s := &session.Session{Identity: new(identity.Identity)} - require.NoError(t, conf.Source().Set(config.ViperKeyPublicBaseURL, "https://baseurl.com/base_url")) + require.NoError(t, conf.GetProvider(ctx).Set(config.ViperKeyPublicBaseURL, "https://baseurl.com/base_url")) var getCookie = func(t *testing.T, req *http.Request) *http.Cookie { rec := httptest.NewRecorder() @@ -112,9 +114,9 @@ func TestManagerHTTP(t *testing.T) { }) t.Run("case=with base cookie customization", func(t *testing.T) { - conf.MustSet(config.ViperKeyCookiePath, "/cookie") - conf.MustSet(config.ViperKeyCookieDomain, "cookie.com") - conf.MustSet(config.ViperKeyCookieSameSite, "Strict") + conf.MustSet(ctx, config.ViperKeyCookiePath, "/cookie") + conf.MustSet(ctx, config.ViperKeyCookieDomain, "cookie.com") + conf.MustSet(ctx, config.ViperKeyCookieSameSite, "Strict") actual := getCookie(t, httptest.NewRequest("GET", "https://baseurl.com/bar", nil)) assert.EqualValues(t, "cookie.com", actual.Domain, "Domain is empty because unset as a config option") @@ -125,9 +127,9 @@ func TestManagerHTTP(t *testing.T) { }) t.Run("case=with base session customization", func(t *testing.T) { - conf.MustSet(config.ViperKeySessionPath, "/session") - conf.MustSet(config.ViperKeySessionDomain, "session.com") - conf.MustSet(config.ViperKeySessionSameSite, "None") + conf.MustSet(ctx, config.ViperKeySessionPath, "/session") + conf.MustSet(ctx, config.ViperKeySessionDomain, "session.com") + conf.MustSet(ctx, config.ViperKeySessionSameSite, "None") actual := getCookie(t, httptest.NewRequest("GET", "https://baseurl.com/bar", nil)) assert.EqualValues(t, "session.com", actual.Domain, "Domain is empty because unset as a config option") @@ -145,7 +147,7 @@ func TestManagerHTTP(t *testing.T) { i := &identity.Identity{Traits: []byte("{}"), State: identity.StateActive} require.NoError(t, reg.PrivilegedIdentityPool().CreateIdentity(context.Background(), i)) sess := session.NewInactiveSession() - require.NoError(t, sess.Activate(i, conf, time.Now())) + require.NoError(t, sess.Activate(ctx, i, conf, time.Now())) require.NoError(t, reg.SessionPersister().UpsertSession(context.Background(), sess)) require.NoError(t, reg.SessionManager().SessionAddAuthenticationMethods(context.Background(), sess.ID, session.AuthenticationMethod{ @@ -169,7 +171,7 @@ func TestManagerHTTP(t *testing.T) { t.Run("suite=lifecycle", func(t *testing.T) { conf, reg := internal.NewFastRegistryWithMocks(t) - conf.MustSet(config.ViperKeySelfServiceLoginUI, "https://www.ory.sh") + conf.MustSet(ctx, config.ViperKeySelfServiceLoginUI, "https://www.ory.sh") testhelpers.SetDefaultIdentitySchema(conf, "file://./stub/fake-session.schema.json") var s *session.Session @@ -196,15 +198,15 @@ func TestManagerHTTP(t *testing.T) { pts := httptest.NewServer(x.NewTestCSRFHandler(rp, reg)) t.Cleanup(pts.Close) - conf.MustSet(config.ViperKeyPublicBaseURL, pts.URL) + conf.MustSet(ctx, config.ViperKeyPublicBaseURL, pts.URL) reg.RegisterPublicRoutes(context.Background(), rp) t.Run("case=valid", func(t *testing.T) { - conf.MustSet(config.ViperKeySessionLifespan, "1m") + conf.MustSet(ctx, config.ViperKeySessionLifespan, "1m") i := identity.Identity{Traits: []byte("{}")} require.NoError(t, reg.PrivilegedIdentityPool().CreateIdentity(context.Background(), &i)) - s, _ = session.NewActiveSession(&i, conf, time.Now(), identity.CredentialsTypePassword, identity.AuthenticatorAssuranceLevel1) + s, _ = session.NewActiveSession(ctx, &i, conf, time.Now(), identity.CredentialsTypePassword, identity.AuthenticatorAssuranceLevel1) c := testhelpers.NewClientWithCookies(t) testhelpers.MockHydrateCookieClient(t, c, pts.URL+"/session/set") @@ -215,16 +217,16 @@ func TestManagerHTTP(t *testing.T) { }) t.Run("case=key rotation", func(t *testing.T) { - original := conf.Source().Strings(config.ViperKeySecretsCookie) + original := conf.GetProvider(ctx).Strings(config.ViperKeySecretsCookie) t.Cleanup(func() { - conf.MustSet(config.ViperKeySecretsCookie, original) + conf.MustSet(ctx, config.ViperKeySecretsCookie, original) }) - conf.MustSet(config.ViperKeySessionLifespan, "1m") - conf.MustSet(config.ViperKeySecretsCookie, []string{"foo"}) + conf.MustSet(ctx, config.ViperKeySessionLifespan, "1m") + conf.MustSet(ctx, config.ViperKeySecretsCookie, []string{"foo"}) i := identity.Identity{Traits: []byte("{}")} require.NoError(t, reg.PrivilegedIdentityPool().CreateIdentity(context.Background(), &i)) - s, _ = session.NewActiveSession(&i, conf, time.Now(), identity.CredentialsTypePassword, identity.AuthenticatorAssuranceLevel1) + s, _ = session.NewActiveSession(ctx, &i, conf, time.Now(), identity.CredentialsTypePassword, identity.AuthenticatorAssuranceLevel1) c := testhelpers.NewClientWithCookies(t) testhelpers.MockHydrateCookieClient(t, c, pts.URL+"/session/set") @@ -233,17 +235,17 @@ func TestManagerHTTP(t *testing.T) { require.NoError(t, err) assert.EqualValues(t, http.StatusOK, res.StatusCode) - conf.MustSet(config.ViperKeySecretsCookie, []string{"bar", "foo"}) + conf.MustSet(ctx, config.ViperKeySecretsCookie, []string{"bar", "foo"}) res, err = c.Get(pts.URL + "/session/get") require.NoError(t, err) assert.EqualValues(t, http.StatusOK, res.StatusCode) }) t.Run("case=no panic on invalid cookie name", func(t *testing.T) { - conf.MustSet(config.ViperKeySessionLifespan, "1m") - conf.MustSet(config.ViperKeySessionName, "$%˜\"") + conf.MustSet(ctx, config.ViperKeySessionLifespan, "1m") + conf.MustSet(ctx, config.ViperKeySessionName, "$%˜\"") t.Cleanup(func() { - conf.MustSet(config.ViperKeySessionName, "") + conf.MustSet(ctx, config.ViperKeySessionName, "") }) rp.GET("/session/set/invalid", func(w http.ResponseWriter, r *http.Request, _ httprouter.Params) { @@ -253,7 +255,7 @@ func TestManagerHTTP(t *testing.T) { i := identity.Identity{Traits: []byte("{}")} require.NoError(t, reg.PrivilegedIdentityPool().CreateIdentity(context.Background(), &i)) - s, _ = session.NewActiveSession(&i, conf, time.Now(), identity.CredentialsTypePassword, identity.AuthenticatorAssuranceLevel1) + s, _ = session.NewActiveSession(ctx, &i, conf, time.Now(), identity.CredentialsTypePassword, identity.AuthenticatorAssuranceLevel1) c := testhelpers.NewClientWithCookies(t) res, err := c.Get(pts.URL + "/session/set/invalid") @@ -262,11 +264,11 @@ func TestManagerHTTP(t *testing.T) { }) t.Run("case=valid and uses x-session-cookie", func(t *testing.T) { - conf.MustSet(config.ViperKeySessionLifespan, "1m") + conf.MustSet(ctx, config.ViperKeySessionLifespan, "1m") i := identity.Identity{Traits: []byte("{}")} require.NoError(t, reg.PrivilegedIdentityPool().CreateIdentity(context.Background(), &i)) - s, _ = session.NewActiveSession(&i, conf, time.Now(), identity.CredentialsTypePassword, identity.AuthenticatorAssuranceLevel1) + s, _ = session.NewActiveSession(ctx, &i, conf, time.Now(), identity.CredentialsTypePassword, identity.AuthenticatorAssuranceLevel1) c := testhelpers.NewClientWithCookies(t) testhelpers.MockHydrateCookieClient(t, c, pts.URL+"/session/set") @@ -295,11 +297,11 @@ func TestManagerHTTP(t *testing.T) { }) t.Run("case=valid bearer auth as fallback", func(t *testing.T) { - conf.MustSet(config.ViperKeySessionLifespan, "1m") + conf.MustSet(ctx, config.ViperKeySessionLifespan, "1m") i := identity.Identity{Traits: []byte("{}"), State: identity.StateActive} require.NoError(t, reg.PrivilegedIdentityPool().CreateIdentity(context.Background(), &i)) - s, err := session.NewActiveSession(&i, conf, time.Now(), identity.CredentialsTypePassword, identity.AuthenticatorAssuranceLevel1) + s, err := session.NewActiveSession(ctx, &i, conf, time.Now(), identity.CredentialsTypePassword, identity.AuthenticatorAssuranceLevel1) require.NoError(t, err) require.NoError(t, reg.SessionPersister().UpsertSession(context.Background(), s)) require.NotEmpty(t, s.Token) @@ -315,11 +317,11 @@ func TestManagerHTTP(t *testing.T) { }) t.Run("case=valid x-session-token auth even if bearer is set", func(t *testing.T) { - conf.MustSet(config.ViperKeySessionLifespan, "1m") + conf.MustSet(ctx, config.ViperKeySessionLifespan, "1m") i := identity.Identity{Traits: []byte("{}"), State: identity.StateActive} require.NoError(t, reg.PrivilegedIdentityPool().CreateIdentity(context.Background(), &i)) - s, err := session.NewActiveSession(&i, conf, time.Now(), identity.CredentialsTypePassword, identity.AuthenticatorAssuranceLevel1) + s, err := session.NewActiveSession(ctx, &i, conf, time.Now(), identity.CredentialsTypePassword, identity.AuthenticatorAssuranceLevel1) require.NoError(t, err) require.NoError(t, reg.SessionPersister().UpsertSession(context.Background(), s)) @@ -335,14 +337,14 @@ func TestManagerHTTP(t *testing.T) { }) t.Run("case=expired", func(t *testing.T) { - conf.MustSet(config.ViperKeySessionLifespan, "1ns") + conf.MustSet(ctx, config.ViperKeySessionLifespan, "1ns") t.Cleanup(func() { - conf.MustSet(config.ViperKeySessionLifespan, "1m") + conf.MustSet(ctx, config.ViperKeySessionLifespan, "1m") }) i := identity.Identity{Traits: []byte("{}")} require.NoError(t, reg.PrivilegedIdentityPool().CreateIdentity(context.Background(), &i)) - s, _ = session.NewActiveSession(&i, conf, time.Now(), identity.CredentialsTypePassword, identity.AuthenticatorAssuranceLevel1) + s, _ = session.NewActiveSession(ctx, &i, conf, time.Now(), identity.CredentialsTypePassword, identity.AuthenticatorAssuranceLevel1) c := testhelpers.NewClientWithCookies(t) testhelpers.MockHydrateCookieClient(t, c, pts.URL+"/session/set") @@ -357,9 +359,9 @@ func TestManagerHTTP(t *testing.T) { t.Run("case=revoked", func(t *testing.T) { i := identity.Identity{Traits: []byte("{}")} require.NoError(t, reg.PrivilegedIdentityPool().CreateIdentity(context.Background(), &i)) - s, _ = session.NewActiveSession(&i, conf, time.Now(), identity.CredentialsTypePassword, identity.AuthenticatorAssuranceLevel1) + s, _ = session.NewActiveSession(ctx, &i, conf, time.Now(), identity.CredentialsTypePassword, identity.AuthenticatorAssuranceLevel1) - s, _ = session.NewActiveSession(&i, conf, time.Now(), identity.CredentialsTypePassword, identity.AuthenticatorAssuranceLevel1) + s, _ = session.NewActiveSession(ctx, &i, conf, time.Now(), identity.CredentialsTypePassword, identity.AuthenticatorAssuranceLevel1) c := testhelpers.NewClientWithCookies(t) testhelpers.MockHydrateCookieClient(t, c, pts.URL+"/session/set") @@ -374,7 +376,7 @@ func TestManagerHTTP(t *testing.T) { }) t.Run("case=respects AAL config", func(t *testing.T) { - conf.MustSet(config.ViperKeySessionLifespan, "1m") + conf.MustSet(ctx, config.ViperKeySessionLifespan, "1m") t.Run("required_aal=aal2", func(t *testing.T) { idAAL2 := createAAL2Identity(t, reg) @@ -387,7 +389,7 @@ func TestManagerHTTP(t *testing.T) { for _, m := range complete { s.CompletedLoginFor(m, "") } - require.NoError(t, s.Activate(i, conf, time.Now().UTC())) + require.NoError(t, s.Activate(ctx, i, conf, time.Now().UTC())) err := reg.SessionManager().DoesSessionSatisfy((&http.Request{}).WithContext(context.Background()), s, requested) if expectedError != nil { require.ErrorAs(t, err, &expectedError) @@ -422,6 +424,7 @@ func TestManagerHTTP(t *testing.T) { } func TestDoesSessionSatisfy(t *testing.T) { + ctx := context.Background() conf, reg := internal.NewFastRegistryWithMocks(t) testhelpers.SetDefaultIdentitySchema(conf, "file://./stub/identity.schema.json") @@ -553,7 +556,7 @@ func TestDoesSessionSatisfy(t *testing.T) { for _, m := range tc.amr { s.CompletedLoginFor(m.Method, m.AAL) } - require.NoError(t, s.Activate(id, conf, time.Now().UTC())) + require.NoError(t, s.Activate(ctx, id, conf, time.Now().UTC())) err := reg.SessionManager().DoesSessionSatisfy((&http.Request{}).WithContext(context.Background()), s, string(tc.requested)) if tc.err != nil { diff --git a/session/persistence.go b/session/persistence.go index 48bb98c7d6e9..ed3cd882aefb 100644 --- a/session/persistence.go +++ b/session/persistence.go @@ -65,7 +65,7 @@ func TestPersister(ctx context.Context, conf *config.Config, p interface { identity.PrivilegedPool }) func(t *testing.T) { return func(t *testing.T) { - conf.MustSet(config.ViperKeyIdentitySchemas, config.Schemas{ + conf.MustSet(ctx, config.ViperKeyIdentitySchemas, config.Schemas{ {ID: "default", URL: "file://./stub/identity.schema.json"}, }) diff --git a/session/session.go b/session/session.go index e65ade74a83d..f8dd18cdb1f6 100644 --- a/session/session.go +++ b/session/session.go @@ -12,7 +12,6 @@ import ( "github.com/gofrs/uuid" "github.com/ory/herodot" - "github.com/ory/kratos/corp" "github.com/ory/kratos/identity" "github.com/ory/kratos/x" "github.com/ory/x/randx" @@ -21,11 +20,11 @@ import ( var ErrIdentityDisabled = herodot.ErrUnauthorized.WithError("identity is disabled").WithReason("This account was disabled.") type lifespanProvider interface { - SessionLifespan() time.Duration + SessionLifespan(ctx context.Context) time.Duration } type refreshWindowProvider interface { - SessionRefreshMinTimeLeft() time.Duration + SessionRefreshMinTimeLeft(ctx context.Context) time.Duration } // A Session @@ -97,7 +96,7 @@ type Session struct { } func (s Session) TableName(ctx context.Context) string { - return corp.ContextualizeTableName(ctx, "sessions") + return "sessions" } func (s *Session) CompletedLoginFor(method identity.CredentialsType, aal identity.AuthenticatorAssuranceLevel) { @@ -149,10 +148,10 @@ func (s *Session) SetAuthenticatorAssuranceLevel() { } } -func NewActiveSession(i *identity.Identity, c lifespanProvider, authenticatedAt time.Time, completedLoginFor identity.CredentialsType, completedLoginAAL identity.AuthenticatorAssuranceLevel) (*Session, error) { +func NewActiveSession(ctx context.Context, i *identity.Identity, c lifespanProvider, authenticatedAt time.Time, completedLoginFor identity.CredentialsType, completedLoginAAL identity.AuthenticatorAssuranceLevel) (*Session, error) { s := NewInactiveSession() s.CompletedLoginFor(completedLoginFor, completedLoginAAL) - if err := s.Activate(i, c, authenticatedAt); err != nil { + if err := s.Activate(ctx, i, c, authenticatedAt); err != nil { return nil, err } return s, nil @@ -168,13 +167,13 @@ func NewInactiveSession() *Session { } } -func (s *Session) Activate(i *identity.Identity, c lifespanProvider, authenticatedAt time.Time) error { +func (s *Session) Activate(ctx context.Context, i *identity.Identity, c lifespanProvider, authenticatedAt time.Time) error { if i != nil && !i.IsActive() { return ErrIdentityDisabled.WithDetail("identity_id", i.ID) } s.Active = true - s.ExpiresAt = authenticatedAt.Add(c.SessionLifespan()) + s.ExpiresAt = authenticatedAt.Add(c.SessionLifespan(ctx)) s.AuthenticatedAt = authenticatedAt s.IssuedAt = authenticatedAt s.Identity = i @@ -199,13 +198,13 @@ func (s *Session) IsActive() bool { return s.Active && s.ExpiresAt.After(time.Now()) && (s.Identity == nil || s.Identity.IsActive()) } -func (s *Session) Refresh(c lifespanProvider) *Session { - s.ExpiresAt = time.Now().Add(c.SessionLifespan()).UTC() +func (s *Session) Refresh(ctx context.Context, c lifespanProvider) *Session { + s.ExpiresAt = time.Now().Add(c.SessionLifespan(ctx)).UTC() return s } -func (s *Session) CanBeRefreshed(c refreshWindowProvider) bool { - return s.ExpiresAt.Add(-c.SessionRefreshMinTimeLeft()).Before(time.Now()) +func (s *Session) CanBeRefreshed(ctx context.Context, c refreshWindowProvider) bool { + return s.ExpiresAt.Add(-c.SessionRefreshMinTimeLeft(ctx)).Before(time.Now()) } // List of (Used) AuthenticationMethods diff --git a/session/session_test.go b/session/session_test.go index 0aeb1dc85c3b..cbc6ad2c2341 100644 --- a/session/session_test.go +++ b/session/session_test.go @@ -1,6 +1,7 @@ package session_test import ( + "context" "fmt" "testing" "time" @@ -16,20 +17,21 @@ import ( ) func TestSession(t *testing.T) { + ctx := context.Background() conf, _ := internal.NewFastRegistryWithMocks(t) authAt := time.Now() t.Run("case=active session", func(t *testing.T) { i := new(identity.Identity) i.State = identity.StateActive - s, _ := session.NewActiveSession(i, conf, authAt, identity.CredentialsTypePassword, identity.AuthenticatorAssuranceLevel1) + s, _ := session.NewActiveSession(ctx, i, conf, authAt, identity.CredentialsTypePassword, identity.AuthenticatorAssuranceLevel1) assert.True(t, s.IsActive()) require.NotEmpty(t, s.Token) require.NotEmpty(t, s.LogoutToken) assert.EqualValues(t, identity.CredentialsTypePassword, s.AMR[0].Method) i = new(identity.Identity) - s, err := session.NewActiveSession(i, conf, authAt, identity.CredentialsTypePassword, identity.AuthenticatorAssuranceLevel1) + s, err := session.NewActiveSession(ctx, i, conf, authAt, identity.CredentialsTypePassword, identity.AuthenticatorAssuranceLevel1) assert.Nil(t, s) assert.ErrorIs(t, err, session.ErrIdentityDisabled) }) @@ -50,13 +52,13 @@ func TestSession(t *testing.T) { t.Run("case=activate", func(t *testing.T) { s := session.NewInactiveSession() - require.NoError(t, s.Activate(&identity.Identity{State: identity.StateActive}, conf, authAt)) + require.NoError(t, s.Activate(ctx, &identity.Identity{State: identity.StateActive}, conf, authAt)) assert.True(t, s.Active) assert.Equal(t, identity.NoAuthenticatorAssuranceLevel, s.AuthenticatorAssuranceLevel) assert.Equal(t, authAt, s.AuthenticatedAt) s = session.NewInactiveSession() - require.ErrorIs(t, s.Activate(&identity.Identity{State: identity.StateInactive}, conf, authAt), session.ErrIdentityDisabled) + require.ErrorIs(t, s.Activate(ctx, &identity.Identity{State: identity.StateInactive}, conf, authAt), session.ErrIdentityDisabled) assert.False(t, s.Active) assert.Equal(t, identity.NoAuthenticatorAssuranceLevel, s.AuthenticatorAssuranceLevel) assert.Empty(t, s.AuthenticatedAt) @@ -190,18 +192,18 @@ func TestSession(t *testing.T) { } t.Run("case=session refresh", func(t *testing.T) { - conf.MustSet(config.ViperKeySessionLifespan, "24h") - conf.MustSet(config.ViperKeySessionRefreshMinTimeLeft, "12h") + conf.MustSet(ctx, config.ViperKeySessionLifespan, "24h") + conf.MustSet(ctx, config.ViperKeySessionRefreshMinTimeLeft, "12h") t.Cleanup(func() { - conf.MustSet(config.ViperKeySessionLifespan, "1m") - conf.MustSet(config.ViperKeySessionRefreshMinTimeLeft, "1m") + conf.MustSet(ctx, config.ViperKeySessionLifespan, "1m") + conf.MustSet(ctx, config.ViperKeySessionRefreshMinTimeLeft, "1m") }) i := new(identity.Identity) i.State = identity.StateActive - s, _ := session.NewActiveSession(i, conf, authAt, identity.CredentialsTypePassword, identity.AuthenticatorAssuranceLevel1) - assert.False(t, s.CanBeRefreshed(conf), "fresh session is not refreshable") + s, _ := session.NewActiveSession(ctx, i, conf, authAt, identity.CredentialsTypePassword, identity.AuthenticatorAssuranceLevel1) + assert.False(t, s.CanBeRefreshed(ctx, conf), "fresh session is not refreshable") s.ExpiresAt = s.ExpiresAt.Add(-12 * time.Hour) - assert.True(t, s.CanBeRefreshed(conf), "session is refreshable after 12hrs") + assert.True(t, s.CanBeRefreshed(ctx, conf), "session is refreshable after 12hrs") }) } diff --git a/x/http_secure_redirect.go b/x/http_secure_redirect.go index 6b46a9d7e192..972461c0720f 100644 --- a/x/http_secure_redirect.go +++ b/x/http_secure_redirect.go @@ -141,11 +141,11 @@ func SecureContentNegotiationRedirection( case "text/html": fallthrough default: - ret, err := SecureRedirectTo(r, c.SelfServiceBrowserDefaultReturnTo(), + ret, err := SecureRedirectTo(r, c.SelfServiceBrowserDefaultReturnTo(r.Context()), append([]SecureRedirectOption{ SecureRedirectUseSourceURL(requestURL), - SecureRedirectAllowURLs(c.SelfServiceBrowserAllowedReturnToDomains()), - SecureRedirectAllowSelfServiceURLs(c.SelfPublicURL()), + SecureRedirectAllowURLs(c.SelfServiceBrowserAllowedReturnToDomains(r.Context())), + SecureRedirectAllowSelfServiceURLs(c.SelfPublicURL(r.Context())), }, opts...)..., ) if err != nil { diff --git a/x/http_secure_redirect_test.go b/x/http_secure_redirect_test.go index f6bfd3f749ab..078c1e8dff73 100644 --- a/x/http_secure_redirect_test.go +++ b/x/http_secure_redirect_test.go @@ -1,6 +1,7 @@ package x_test import ( + "context" "encoding/json" "io" "net/http" @@ -39,10 +40,12 @@ func TestSecureContentNegotiationRedirection(t *testing.T) { ts := httptest.NewServer(router) defer ts.Close() + ctx := context.Background() + defaultReturnTo := ts.URL + "/default-return-to" - conf.MustSet(config.ViperKeySelfServiceBrowserDefaultReturnTo, defaultReturnTo) - conf.MustSet(config.ViperKeyPublicBaseURL, ts.URL) - conf.MustSet(config.ViperKeyURLsAllowedReturnToDomains, []string{ts.URL}) + conf.MustSet(ctx, config.ViperKeySelfServiceBrowserDefaultReturnTo, defaultReturnTo) + conf.MustSet(ctx, config.ViperKeyPublicBaseURL, ts.URL) + conf.MustSet(ctx, config.ViperKeyURLsAllowedReturnToDomains, []string{ts.URL}) run := func(t *testing.T, href string, contentType string) (*http.Response, string) { req, err := http.NewRequest("GET", href, nil) diff --git a/x/nosurf.go b/x/nosurf.go index a0d5c0f0271b..1a35998428fd 100644 --- a/x/nosurf.go +++ b/x/nosurf.go @@ -128,22 +128,22 @@ type CSRFProvider interface { func CSRFCookieName(reg interface { config.Provider }, r *http.Request) string { - return "csrf_token_" + fmt.Sprintf("%x", sha256.Sum256([]byte(reg.Config(r.Context()).SelfPublicURL().String()))) + return "csrf_token_" + fmt.Sprintf("%x", sha256.Sum256([]byte(reg.Config().SelfPublicURL(r.Context()).String()))) } func NosurfBaseCookieHandler(reg interface { config.Provider }) func(w http.ResponseWriter, r *http.Request) http.Cookie { return func(w http.ResponseWriter, r *http.Request) http.Cookie { - secure := !reg.Config(r.Context()).IsInsecureDevMode() + secure := !reg.Config().IsInsecureDevMode(r.Context()) - sameSite := reg.Config(r.Context()).CookieSameSiteMode() + sameSite := reg.Config().CookieSameSiteMode(r.Context()) if !secure { sameSite = http.SameSiteLaxMode } domain := "" - if d := reg.Config(r.Context()).CookieDomain(); d != "" { + if d := reg.Config().CookieDomain(r.Context()); d != "" { domain = d } @@ -151,14 +151,14 @@ func NosurfBaseCookieHandler(reg interface { cookie := http.Cookie{ Name: name, MaxAge: nosurf.MaxAge, - Path: reg.Config(r.Context()).CookiePath(), + Path: reg.Config().CookiePath(r.Context()), Domain: domain, HttpOnly: true, Secure: secure, SameSite: sameSite, } - if alias := reg.Config(r.Context()).SelfPublicURL(); reg.Config(r.Context()).SelfPublicURL().String() != alias.String() { + if alias := reg.Config().SelfPublicURL(r.Context()); reg.Config().SelfPublicURL(r.Context()).String() != alias.String() { // If a domain alias is detected use that instead. cookie.Domain = alias.Hostname() cookie.Path = alias.Path diff --git a/x/nosurf_test.go b/x/nosurf_test.go index 409adbc1ed02..5dcdc2f86dda 100644 --- a/x/nosurf_test.go +++ b/x/nosurf_test.go @@ -1,6 +1,7 @@ package x_test import ( + "context" "encoding/json" "net/http" "net/http/httptest" @@ -24,8 +25,9 @@ import ( ) func TestNosurfBaseCookieHandler(t *testing.T) { + ctx := context.Background() conf, reg := internal.NewFastRegistryWithMocks(t) - require.NoError(t, conf.Source().Set(config.ViperKeyPublicBaseURL, "http://foo.com/bar")) + require.NoError(t, conf.Set(ctx, config.ViperKeyPublicBaseURL, "http://foo.com/bar")) cookie := x.NosurfBaseCookieHandler(reg)(httptest.NewRecorder(), httptest.NewRequest("GET", "https://foo/bar", nil)) assert.EqualValues(t, "csrf_token_01c86631efd1537ee34a98e75884a6e21dd8e2d9e944934bca21204106bfd32f", cookie.Name, "base64 representation of http://foo.com/bar") @@ -38,15 +40,15 @@ func TestNosurfBaseCookieHandler(t *testing.T) { alNum := regexp.MustCompile("[a-zA-Z_0-9]+") for i := 0; i < 10; i++ { - require.NoError(t, conf.Source().Set(config.ViperKeyPublicBaseURL, randx.MustString(16, randx.AlphaNum))) + require.NoError(t, conf.Set(ctx, config.ViperKeyPublicBaseURL, randx.MustString(16, randx.AlphaNum))) cookie := x.NosurfBaseCookieHandler(reg)(httptest.NewRecorder(), httptest.NewRequest("GET", "https://foo/bar", nil)) assert.NotEqual(t, "aHR0cDovL2Zvby5jb20vYmFy_csrf_token", cookie.Name, "should no longer be http://foo.com/bar") assert.True(t, alNum.MatchString(cookie.Name), "does not have any special chars") } - require.NoError(t, conf.Set(config.ViperKeyCookieSameSite, "None")) - require.NoError(t, conf.Source().Set("dev", false)) + require.NoError(t, conf.Set(ctx, config.ViperKeyCookieSameSite, "None")) + require.NoError(t, conf.Set(ctx, "dev", false)) cookie = x.NosurfBaseCookieHandler(reg)(httptest.NewRecorder(), httptest.NewRequest("GET", "https://foo/bar", nil)) assert.EqualValues(t, http.SameSiteNoneMode, cookie.SameSite, "can be none because https/secure is true") assert.True(t, cookie.Secure, "true because secure mode") @@ -54,17 +56,18 @@ func TestNosurfBaseCookieHandler(t *testing.T) { } func TestNosurfBaseCookieHandlerAliasing(t *testing.T) { + ctx := context.Background() conf, reg := internal.NewFastRegistryWithMocks(t) - require.NoError(t, conf.Source().Set(config.ViperKeyPublicBaseURL, "http://foo.com/bar")) + require.NoError(t, conf.Set(ctx, config.ViperKeyPublicBaseURL, "http://foo.com/bar")) cookie := x.NosurfBaseCookieHandler(reg)(httptest.NewRecorder(), httptest.NewRequest("GET", "http://foo.com/bar", nil)) assert.EqualValues(t, "", cookie.Domain, "remains unset") assert.EqualValues(t, "/", cookie.Path, "cookie path is site root by default") // Check root settings - require.NoError(t, conf.Source().Set(config.ViperKeyCookieDomain, "bar.com")) - require.NoError(t, conf.Source().Set(config.ViperKeyCookiePath, "/baz")) + require.NoError(t, conf.Set(ctx, config.ViperKeyCookieDomain, "bar.com")) + require.NoError(t, conf.Set(ctx, config.ViperKeyCookiePath, "/baz")) cookie = x.NosurfBaseCookieHandler(reg)(httptest.NewRecorder(), httptest.NewRequest("GET", "http://foo.com/bar", nil)) assert.EqualValues(t, "bar.com", cookie.Domain, "domain doesn't change when request not from an alias but is overwritten by ViperKeyCookieDomain") assert.EqualValues(t, "/baz", cookie.Path, "cookie path is site root by default but is overwritten by ViperKeyCookiePath") diff --git a/x/redir.go b/x/redir.go index 694ddca45d29..cb310936418b 100644 --- a/x/redir.go +++ b/x/redir.go @@ -12,7 +12,7 @@ import ( func RedirectToAdminRoute(reg config.Provider) httprouter.Handle { return func(w http.ResponseWriter, r *http.Request, _ httprouter.Params) { - admin := reg.Config(r.Context()).SelfAdminURL() + admin := reg.Config().SelfAdminURL(r.Context()) dest := *r.URL dest.Host = admin.Host @@ -26,7 +26,7 @@ func RedirectToAdminRoute(reg config.Provider) httprouter.Handle { func RedirectToPublicRoute(reg config.Provider) httprouter.Handle { return func(w http.ResponseWriter, r *http.Request, _ httprouter.Params) { - public := reg.Config(r.Context()).SelfPublicURL() + public := reg.Config().SelfPublicURL(r.Context()) dest := *r.URL dest.Host = public.Host diff --git a/x/redir_test.go b/x/redir_test.go index 610cf7ce4cc0..2cb1abb156f3 100644 --- a/x/redir_test.go +++ b/x/redir_test.go @@ -1,6 +1,7 @@ package x_test import ( + "context" "fmt" "io" "net/http" @@ -18,6 +19,7 @@ import ( ) func TestRedirectToPublicAdminRoute(t *testing.T) { + ctx := context.Background() conf, reg := internal.NewFastRegistryWithMocks(t) pub := x.NewRouterPublic() adm := x.NewRouterAdmin() @@ -26,8 +28,8 @@ func TestRedirectToPublicAdminRoute(t *testing.T) { t.Cleanup(pubTS.Close) t.Cleanup(adminTS.Close) - conf.MustSet(config.ViperKeyAdminBaseURL, adminTS.URL) - conf.MustSet(config.ViperKeyPublicBaseURL, pubTS.URL) + conf.MustSet(ctx, config.ViperKeyAdminBaseURL, adminTS.URL) + conf.MustSet(ctx, config.ViperKeyPublicBaseURL, pubTS.URL) pub.POST("/privileged", x.RedirectToAdminRoute(reg)) pub.POST("/admin/privileged", x.RedirectToAdminRoute(reg)) diff --git a/x/servicelocatorx/config.go b/x/servicelocatorx/config.go new file mode 100644 index 000000000000..a81c12bcde99 --- /dev/null +++ b/x/servicelocatorx/config.go @@ -0,0 +1,26 @@ +package servicelocatorx + +import ( + "context" + + "github.com/ory/kratos/driver/config" +) + +type key int + +const ( + keyConfig key = iota + 1 +) + +// ContextWithConfig returns a new context with the provided config. +func ContextWithConfig(ctx context.Context, c *config.Config) context.Context { + return context.WithValue(ctx, keyConfig, c) +} + +// ConfigFromContext returns the config from the context. +func ConfigFromContext(ctx context.Context, fallback *config.Config) *config.Config { + if c, ok := ctx.Value(keyConfig).(*config.Config); ok { + return c + } + return fallback +} From a11548603a4c9b46ba238d2a7ee58fffb7f6d857 Mon Sep 17 00:00:00 2001 From: aeneasr <3372410+aeneasr@users.noreply.github.com> Date: Wed, 10 Aug 2022 17:20:49 -0700 Subject: [PATCH 223/411] fix: migration error detection --- cmd/cliclient/migrate.go | 9 ++++++--- cmd/daemon/serve.go | 6 ++++-- cmd/migrate/sql.go | 4 ++-- persistence/sql/persister_courier.go | 1 + 4 files changed, 13 insertions(+), 7 deletions(-) diff --git a/cmd/cliclient/migrate.go b/cmd/cliclient/migrate.go index e6729da700d1..d95bf6d5b283 100644 --- a/cmd/cliclient/migrate.go +++ b/cmd/cliclient/migrate.go @@ -37,6 +37,9 @@ func (h *MigrateHandler) MigrateSQL(cmd *cobra.Command, args []string) error { cmd.ErrOrStderr(), configx.WithFlags(cmd.Flags()), configx.SkipValidation()) + if err != nil { + return err + } if len(d.Config().DSN(cmd.Context())) == 0 { fmt.Println(cmd.UsageString()) fmt.Println("") @@ -63,7 +66,6 @@ func (h *MigrateHandler) MigrateSQL(cmd *cobra.Command, args []string) error { } err = d.Init(cmd.Context(), &contextx.Default{}, driver.SkipNetworkInit) - cmdx.Must(err, "An error occurred initializing migrations: %s", err) if err != nil { return errors.Wrap(err, "an error occurred initializing migrations") } @@ -86,8 +88,9 @@ func (h *MigrateHandler) MigrateSQL(cmd *cobra.Command, args []string) error { } } - err = d.Persister().MigrateUp(cmd.Context()) - cmdx.Must(err, "An error occurred while connecting to SQL: %s", err) + if err = d.Persister().MigrateUp(cmd.Context()); err != nil { + return err + } fmt.Println("Successfully applied SQL migrations!") return nil } diff --git a/cmd/daemon/serve.go b/cmd/daemon/serve.go index 2a4c755504e0..91969c61a4b4 100644 --- a/cmd/daemon/serve.go +++ b/cmd/daemon/serve.go @@ -2,10 +2,12 @@ package daemon import ( "crypto/tls" - "github.com/ory/x/servicelocator" + "net/http" + "github.com/pkg/errors" "golang.org/x/net/context" - "net/http" + + "github.com/ory/x/servicelocator" "golang.org/x/sync/errgroup" diff --git a/cmd/migrate/sql.go b/cmd/migrate/sql.go index 3e65c07fe01b..0e065c997807 100644 --- a/cmd/migrate/sql.go +++ b/cmd/migrate/sql.go @@ -40,8 +40,8 @@ You can read in the database URL using the -e flag, for example: Before running this command on an existing database, create a back up! `, - Run: func(cmd *cobra.Command, args []string) { - cliclient.NewMigrateHandler().MigrateSQL(cmd, args) + RunE: func(cmd *cobra.Command, args []string) error { + return cliclient.NewMigrateHandler().MigrateSQL(cmd, args) }, } diff --git a/persistence/sql/persister_courier.go b/persistence/sql/persister_courier.go index 44158dc351ea..81b92edbe6d7 100644 --- a/persistence/sql/persister_courier.go +++ b/persistence/sql/persister_courier.go @@ -4,6 +4,7 @@ import ( "context" "database/sql" "fmt" + "github.com/gobuffalo/pop/v6" "github.com/gofrs/uuid" "github.com/pkg/errors" From 4f841dae5423acf3514d50add9e99d28bc339fbb Mon Sep 17 00:00:00 2001 From: aeneasr <3372410+aeneasr@users.noreply.github.com> Date: Thu, 18 Aug 2022 18:14:48 +0200 Subject: [PATCH 224/411] fix: make servicelocator explicit --- cmd/cliclient/cleanup.go | 6 +++- cmd/cliclient/migrate.go | 20 ++++++++--- cmd/courier/root.go | 7 ++-- cmd/courier/watch.go | 6 ++-- cmd/daemon/serve.go | 37 ++++++--------------- cmd/root.go | 4 +-- cmd/serve/root.go | 13 ++++---- driver/factory.go | 19 ++++++----- driver/factory_test.go | 10 ++++-- driver/registry.go | 7 ++++ go.mod | 2 +- go.sum | 4 +-- persistence/sql/migratest/migration_test.go | 20 +++++++---- 13 files changed, 90 insertions(+), 65 deletions(-) diff --git a/cmd/cliclient/cleanup.go b/cmd/cliclient/cleanup.go index 3627a6e7c339..8a9e24b48d9a 100644 --- a/cmd/cliclient/cleanup.go +++ b/cmd/cliclient/cleanup.go @@ -3,6 +3,8 @@ package cliclient import ( "github.com/pkg/errors" + "github.com/ory/x/servicelocatorx" + "github.com/ory/x/contextx" "github.com/ory/x/configx" @@ -36,7 +38,9 @@ func (h *CleanupHandler) CleanupSQL(cmd *cobra.Command, args []string) error { d, err := driver.NewWithoutInit( cmd.Context(), cmd.ErrOrStderr(), - opts..., + servicelocatorx.NewOptions(), + nil, + opts, ) if len(d.Config().DSN(cmd.Context())) == 0 { return errors.New(`required config value "dsn" was not set`) diff --git a/cmd/cliclient/migrate.go b/cmd/cliclient/migrate.go index d95bf6d5b283..4b43f1851461 100644 --- a/cmd/cliclient/migrate.go +++ b/cmd/cliclient/migrate.go @@ -7,6 +7,8 @@ import ( "os" "strings" + "github.com/ory/x/servicelocatorx" + "github.com/pkg/errors" "github.com/ory/x/contextx" @@ -35,8 +37,12 @@ func (h *MigrateHandler) MigrateSQL(cmd *cobra.Command, args []string) error { d, err = driver.NewWithoutInit( cmd.Context(), cmd.ErrOrStderr(), - configx.WithFlags(cmd.Flags()), - configx.SkipValidation()) + servicelocatorx.NewOptions(), + nil, + []configx.OptionModifier{ + configx.WithFlags(cmd.Flags()), + configx.SkipValidation(), + }) if err != nil { return err } @@ -57,9 +63,13 @@ func (h *MigrateHandler) MigrateSQL(cmd *cobra.Command, args []string) error { d, err = driver.NewWithoutInit( cmd.Context(), cmd.ErrOrStderr(), - configx.WithFlags(cmd.Flags()), - configx.SkipValidation(), - configx.WithValue(config.ViperKeyDSN, args[0])) + servicelocatorx.NewOptions(), + nil, + []configx.OptionModifier{ + configx.WithFlags(cmd.Flags()), + configx.SkipValidation(), + configx.WithValue(config.ViperKeyDSN, args[0]), + }) if err != nil { return err } diff --git a/cmd/courier/root.go b/cmd/courier/root.go index 815dfea85370..338dd84f485d 100644 --- a/cmd/courier/root.go +++ b/cmd/courier/root.go @@ -3,6 +3,9 @@ package courier import ( "github.com/spf13/cobra" + "github.com/ory/kratos/driver" + "github.com/ory/x/servicelocatorx" + "github.com/ory/x/configx" ) @@ -16,8 +19,8 @@ func NewCourierCmd() *cobra.Command { return c } -func RegisterCommandRecursive(parent *cobra.Command) { +func RegisterCommandRecursive(parent *cobra.Command, slOpts []servicelocatorx.Option, dOpts []driver.RegistryOption) { c := NewCourierCmd() parent.AddCommand(c) - c.AddCommand(NewWatchCmd()) + c.AddCommand(NewWatchCmd(slOpts, dOpts)) } diff --git a/cmd/courier/watch.go b/cmd/courier/watch.go index b966e4c422f7..faf8ebff826b 100644 --- a/cmd/courier/watch.go +++ b/cmd/courier/watch.go @@ -4,6 +4,8 @@ import ( cx "context" "net/http" + "github.com/ory/x/servicelocatorx" + "golang.org/x/sync/errgroup" "github.com/spf13/cobra" @@ -17,12 +19,12 @@ import ( "github.com/ory/x/reqlog" ) -func NewWatchCmd() *cobra.Command { +func NewWatchCmd(slOpts []servicelocatorx.Option, dOpts []driver.RegistryOption) *cobra.Command { var c = &cobra.Command{ Use: "watch", Short: "Starts the Ory Kratos message courier", RunE: func(cmd *cobra.Command, args []string) error { - r, err := driver.New(cmd.Context(), cmd.ErrOrStderr(), configx.WithFlags(cmd.Flags())) + r, err := driver.New(cmd.Context(), cmd.ErrOrStderr(), servicelocatorx.NewOptions(slOpts...), dOpts, []configx.OptionModifier{configx.WithFlags(cmd.Flags())}) if err != nil { return err } diff --git a/cmd/daemon/serve.go b/cmd/daemon/serve.go index 91969c61a4b4..52513e1fb53c 100644 --- a/cmd/daemon/serve.go +++ b/cmd/daemon/serve.go @@ -4,11 +4,11 @@ import ( "crypto/tls" "net/http" + "github.com/ory/x/servicelocatorx" + "github.com/pkg/errors" "golang.org/x/net/context" - "github.com/ory/x/servicelocator" - "golang.org/x/sync/errgroup" "github.com/ory/kratos/schema" @@ -52,7 +52,6 @@ import ( ) type options struct { - mwf []func(rw http.ResponseWriter, r *http.Request, next http.HandlerFunc) ctx stdctx.Context } @@ -67,19 +66,13 @@ func NewOptions(ctx stdctx.Context, opts []Option) *options { type Option func(*options) -func WithRootMiddleware(m func(rw http.ResponseWriter, r *http.Request, next http.HandlerFunc)) Option { - return func(o *options) { - o.mwf = append(o.mwf, m) - } -} - func WithContext(ctx stdctx.Context) Option { return func(o *options) { o.ctx = ctx } } -func ServePublic(r driver.Registry, cmd *cobra.Command, args []string, opts ...Option) error { +func ServePublic(r driver.Registry, cmd *cobra.Command, args []string, slOpts *servicelocatorx.Options, opts []Option) error { modifiers := NewOptions(cmd.Context(), opts) ctx := modifiers.ctx @@ -87,11 +80,7 @@ func ServePublic(r driver.Registry, cmd *cobra.Command, args []string, opts ...O l := r.Logger() n := negroni.New() - for _, mw := range servicelocator.HTTPMiddlewares(ctx) { - n.Use(mw) - } - - for _, mw := range modifiers.mwf { + for _, mw := range slOpts.HTTPMiddlewares() { n.UseFunc(mw) } @@ -166,7 +155,7 @@ func ServePublic(r driver.Registry, cmd *cobra.Command, args []string, opts ...O return nil } -func ServeAdmin(r driver.Registry, cmd *cobra.Command, args []string, opts ...Option) error { +func ServeAdmin(r driver.Registry, cmd *cobra.Command, args []string, slOpts *servicelocatorx.Options, opts []Option) error { modifiers := NewOptions(cmd.Context(), opts) ctx := modifiers.ctx @@ -174,11 +163,7 @@ func ServeAdmin(r driver.Registry, cmd *cobra.Command, args []string, opts ...Op l := r.Logger() n := negroni.New() - for _, mw := range servicelocator.HTTPMiddlewares(ctx) { - n.Use(mw) - } - - for _, mw := range modifiers.mwf { + for _, mw := range slOpts.HTTPMiddlewares() { n.UseFunc(mw) } @@ -306,7 +291,7 @@ func sqa(ctx stdctx.Context, cmd *cobra.Command, d driver.Registry) *metricsx.Se ) } -func bgTasks(d driver.Registry, cmd *cobra.Command, args []string, opts ...Option) error { +func bgTasks(d driver.Registry, cmd *cobra.Command, args []string, slOpts *servicelocatorx.Options, opts []Option) error { modifiers := NewOptions(cmd.Context(), opts) ctx := modifiers.ctx @@ -316,7 +301,7 @@ func bgTasks(d driver.Registry, cmd *cobra.Command, args []string, opts ...Optio return nil } -func ServeAll(d driver.Registry, opts ...Option) func(cmd *cobra.Command, args []string) error { +func ServeAll(d driver.Registry, slOpts *servicelocatorx.Options, opts []Option) func(cmd *cobra.Command, args []string) error { return func(cmd *cobra.Command, args []string) error { mods := NewOptions(cmd.Context(), opts) ctx := mods.ctx @@ -326,13 +311,13 @@ func ServeAll(d driver.Registry, opts ...Option) func(cmd *cobra.Command, args [ opts = append(opts, WithContext(ctx)) g.Go(func() error { - return ServePublic(d, cmd, args, opts...) + return ServePublic(d, cmd, args, slOpts, opts) }) g.Go(func() error { - return ServeAdmin(d, cmd, args, opts...) + return ServeAdmin(d, cmd, args, slOpts, opts) }) g.Go(func() error { - return bgTasks(d, cmd, args, opts...) + return bgTasks(d, cmd, args, slOpts, opts) }) return g.Wait() } diff --git a/cmd/root.go b/cmd/root.go index f3808a1402c8..d2cb518320af 100644 --- a/cmd/root.go +++ b/cmd/root.go @@ -28,7 +28,7 @@ func NewRootCmd() (cmd *cobra.Command) { cmd = &cobra.Command{ Use: "kratos", } - courier.RegisterCommandRecursive(cmd) + courier.RegisterCommandRecursive(cmd, nil, nil) cmd.AddCommand(identities.NewGetCmd(cmd)) cmd.AddCommand(identities.NewDeleteCmd(cmd)) cmd.AddCommand(jsonnet.NewFormatCmd()) @@ -37,7 +37,7 @@ func NewRootCmd() (cmd *cobra.Command) { cmd.AddCommand(jsonnet.NewLintCmd()) cmd.AddCommand(identities.NewListCmd(cmd)) migrate.RegisterCommandRecursive(cmd) - serve.RegisterCommandRecursive(cmd) + serve.RegisterCommandRecursive(cmd, nil, nil) cleanup.RegisterCommandRecursive(cmd) remote.RegisterCommandRecursive(cmd) cmd.AddCommand(identities.NewValidateCmd()) diff --git a/cmd/serve/root.go b/cmd/serve/root.go index 5764e6cc2ea3..3aadce77c93a 100644 --- a/cmd/serve/root.go +++ b/cmd/serve/root.go @@ -17,6 +17,7 @@ package serve import ( "github.com/ory/kratos/driver/config" "github.com/ory/x/configx" + "github.com/ory/x/servicelocatorx" "github.com/spf13/cobra" @@ -25,15 +26,15 @@ import ( ) // serveCmd represents the serve command -func NewServeCmd() (serveCmd *cobra.Command) { +func NewServeCmd(slOpts []servicelocatorx.Option, dOpts []driver.RegistryOption) (serveCmd *cobra.Command) { serveCmd = &cobra.Command{ Use: "serve", Short: "Run the Ory Kratos server", RunE: func(cmd *cobra.Command, args []string) error { ctx := cmd.Context() opts := configx.ConfigOptionsFromContext(ctx) - - d, err := driver.New(ctx, cmd.ErrOrStderr(), append(opts, configx.WithFlags(cmd.Flags()))...) + sl := servicelocatorx.NewOptions(slOpts...) + d, err := driver.New(ctx, cmd.ErrOrStderr(), sl, dOpts, append(opts, configx.WithFlags(cmd.Flags()))) if err != nil { return err } @@ -56,7 +57,7 @@ DON'T DO THIS IN PRODUCTION! d.Logger().Warnf("Config version is '%s' but kratos runs on version '%s'", configVersion, config.Version) } - return daemon.ServeAll(d)(cmd, args) + return daemon.ServeAll(d, sl, nil)(cmd, args) }, } configx.RegisterFlags(serveCmd.PersistentFlags()) @@ -67,6 +68,6 @@ DON'T DO THIS IN PRODUCTION! return serveCmd } -func RegisterCommandRecursive(parent *cobra.Command) { - parent.AddCommand(NewServeCmd()) +func RegisterCommandRecursive(parent *cobra.Command, slOpts []servicelocatorx.Option, dOpts []driver.RegistryOption) { + parent.AddCommand(NewServeCmd(slOpts, dOpts)) } diff --git a/driver/factory.go b/driver/factory.go index af0e0160317f..fc79e91b3edf 100644 --- a/driver/factory.go +++ b/driver/factory.go @@ -4,22 +4,20 @@ import ( "context" "io" - "github.com/ory/kratos/x/servicelocatorx" - "github.com/ory/x/contextx" - "github.com/ory/x/servicelocator" + "github.com/ory/x/servicelocatorx" "github.com/ory/kratos/driver/config" "github.com/ory/x/configx" "github.com/ory/x/logrusx" ) -func New(ctx context.Context, stdOutOrErr io.Writer, opts ...configx.OptionModifier) (Registry, error) { - r, err := NewWithoutInit(ctx, stdOutOrErr, opts...) +func New(ctx context.Context, stdOutOrErr io.Writer, sl *servicelocatorx.Options, dOpts []RegistryOption, opts []configx.OptionModifier) (Registry, error) { + r, err := NewWithoutInit(ctx, stdOutOrErr, sl, dOpts, opts) if err != nil { return nil, err } - ctxter := servicelocator.Contextualizer(ctx, &contextx.Default{}) + ctxter := sl.Contextualizer() if err := r.Init(ctx, ctxter); err != nil { r.Logger().WithError(err).Error("Unable to initialize service registry.") return nil, err @@ -28,10 +26,13 @@ func New(ctx context.Context, stdOutOrErr io.Writer, opts ...configx.OptionModif return r, nil } -func NewWithoutInit(ctx context.Context, stdOutOrErr io.Writer, opts ...configx.OptionModifier) (Registry, error) { - l := logrusx.New("Ory Kratos", config.Version) +func NewWithoutInit(ctx context.Context, stdOutOrErr io.Writer, sl *servicelocatorx.Options, dOpts []RegistryOption, opts []configx.OptionModifier) (Registry, error) { + l := sl.Logger() + if l == nil { + l = logrusx.New("Ory Kratos", config.Version) + } - c := servicelocatorx.ConfigFromContext(ctx, nil) + c := newOptions(dOpts).config if c == nil { var err error c, err = config.New(ctx, l, stdOutOrErr, opts...) diff --git a/driver/factory_test.go b/driver/factory_test.go index b609680ba86d..40565e32b7ba 100644 --- a/driver/factory_test.go +++ b/driver/factory_test.go @@ -5,6 +5,8 @@ import ( "os" "testing" + "github.com/ory/x/servicelocatorx" + "github.com/gofrs/uuid" "github.com/ory/x/configx" @@ -21,8 +23,12 @@ func TestDriverNew(t *testing.T) { r, err := driver.New( context.Background(), os.Stderr, - configx.WithValue(config.ViperKeyDSN, config.DefaultSQLiteMemoryDSN), - configx.SkipValidation()) + servicelocatorx.NewOptions(), + nil, + []configx.OptionModifier{ + configx.WithValue(config.ViperKeyDSN, config.DefaultSQLiteMemoryDSN), + configx.SkipValidation(), + }) require.NoError(t, err) assert.EqualValues(t, config.DefaultSQLiteMemoryDSN, r.Config().DSN(ctx)) diff --git a/driver/registry.go b/driver/registry.go index cab077590f15..dde98c0e9983 100644 --- a/driver/registry.go +++ b/driver/registry.go @@ -154,6 +154,7 @@ func NewRegistryFromDSN(ctx context.Context, c *config.Config, l *logrusx.Logger type options struct { skipNetworkInit bool + config *config.Config } type RegistryOption func(*options) @@ -162,6 +163,12 @@ func SkipNetworkInit(o *options) { o.skipNetworkInit = true } +func WithConfig(config *config.Config) func(o *options) { + return func(o *options) { + o.config = config + } +} + func newOptions(os []RegistryOption) *options { o := new(options) for _, f := range os { diff --git a/go.mod b/go.mod index e5581b1c1bbc..c2517839d518 100644 --- a/go.mod +++ b/go.mod @@ -76,7 +76,7 @@ require ( github.com/ory/kratos-client-go v0.6.3-alpha.1 github.com/ory/mail/v3 v3.0.0 github.com/ory/nosurf v1.2.7 - github.com/ory/x v0.0.453 + github.com/ory/x v0.0.454 github.com/phayes/freeport v0.0.0-20180830031419-95f893ade6f2 github.com/pkg/errors v0.9.1 github.com/pquerna/otp v1.3.0 diff --git a/go.sum b/go.sum index 784fa0e272ac..9739f4f0dc30 100644 --- a/go.sum +++ b/go.sum @@ -1488,8 +1488,8 @@ github.com/ory/sessions v1.2.2-0.20220110165800-b09c17334dc2 h1:zm6sDvHy/U9XrGpi github.com/ory/sessions v1.2.2-0.20220110165800-b09c17334dc2/go.mod h1:dk2InVEVJ0sfLlnXv9EAgkf6ecYs/i80K/zI+bUmuGM= github.com/ory/viper v1.7.5 h1:+xVdq7SU3e1vNaCsk/ixsfxE4zylk1TJUiJrY647jUE= github.com/ory/viper v1.7.5/go.mod h1:ypOuyJmEUb3oENywQZRgeAMwqgOyDqwboO1tj3DjTaM= -github.com/ory/x v0.0.453 h1:57/UpP55cON7w+L/qloIn1kKKqyjWbBK6KaCvT4LqTA= -github.com/ory/x v0.0.453/go.mod h1:i3TlzVVChaun6sfVscSqGyPr7IuzC3C0aSgS+ODSbNQ= +github.com/ory/x v0.0.454 h1:hDKNrFFMBkBrSHlTY1w+IhZ9CnxMpMz8RRaiaRtxQgA= +github.com/ory/x v0.0.454/go.mod h1:i3TlzVVChaun6sfVscSqGyPr7IuzC3C0aSgS+ODSbNQ= github.com/otiai10/copy v1.2.0/go.mod h1:rrF5dJ5F0t/EWSYODDu4j9/vEeYHMkc8jt0zJChqQWw= github.com/otiai10/curr v0.0.0-20150429015615-9b4961190c95/go.mod h1:9qAhocn7zKJG+0mI8eUu6xqkFDYS2kb2saOteoSB3cE= github.com/otiai10/curr v1.0.0/go.mod h1:LskTG5wDwr8Rs+nNQ+1LlxRjAtTZZjtJW4rMXl6j4vs= diff --git a/persistence/sql/migratest/migration_test.go b/persistence/sql/migratest/migration_test.go index 56720540f112..772ba39c80a8 100644 --- a/persistence/sql/migratest/migration_test.go +++ b/persistence/sql/migratest/migration_test.go @@ -10,6 +10,8 @@ import ( "testing" "time" + "github.com/ory/x/servicelocatorx" + "github.com/ory/x/fsx" "github.com/ory/kratos/identity" @@ -128,13 +130,17 @@ func TestMigrations(t *testing.T) { d, err := driver.New( context.Background(), os.Stderr, - configx.WithValues(map[string]interface{}{ - config.ViperKeyDSN: url, - config.ViperKeyPublicBaseURL: "https://www.ory.sh/", - config.ViperKeyIdentitySchemas: config.Schemas{{ID: "default", URL: "file://stub/default.schema.json"}}, - config.ViperKeySecretsDefault: []string{"secret"}, - }), - configx.SkipValidation(), + servicelocatorx.NewOptions(), + nil, + []configx.OptionModifier{ + configx.WithValues(map[string]interface{}{ + config.ViperKeyDSN: url, + config.ViperKeyPublicBaseURL: "https://www.ory.sh/", + config.ViperKeyIdentitySchemas: config.Schemas{{ID: "default", URL: "file://stub/default.schema.json"}}, + config.ViperKeySecretsDefault: []string{"secret"}, + }), + configx.SkipValidation(), + }, ) require.NoError(t, err) From 24eddfb2adc67e22d34efdc6b6a6723c7be64237 Mon Sep 17 00:00:00 2001 From: aeneasr <3372410+aeneasr@users.noreply.github.com> Date: Fri, 19 Aug 2022 13:48:47 +0200 Subject: [PATCH 225/411] Revert "autogen(openapi): regenerate swagger spec and internal client" This reverts commit 4159b93ae3f8175cf7ccf77d34e4a7a2d0181d4f. --- cmd/cleanup/sql.go | 4 +- cmd/migrate/sql.go | 2 +- examples/go/selfservice/error/main.go | 2 +- examples/go/selfservice/login/main.go | 2 +- examples/go/selfservice/logout/main.go | 2 +- examples/go/selfservice/recovery/main.go | 2 +- examples/go/selfservice/registration/main.go | 2 +- examples/go/selfservice/settings/main.go | 2 +- examples/go/selfservice/verification/main.go | 2 +- examples/go/session/tosession/main.go | 2 +- internal/httpclient/api_v0alpha2.go | 1 + selfservice/flow/login/handler.go | 58 ++++++------- selfservice/flow/logout/handler.go | 46 +++++----- selfservice/flow/recovery/handler.go | 83 ++++++++++--------- selfservice/flow/registration/handler.go | 78 ++++++++--------- selfservice/flow/settings/state.go | 8 +- selfservice/flow/verification/handler.go | 77 +++++++++-------- .../strategy/link/strategy_recovery.go | 20 ++--- selfservice/strategy/lookup/strategy.go | 2 +- selfservice/strategy/webauthn/handler.go | 10 +-- ui/node/attributes.go | 1 + x/doc.go | 4 +- x/time.go | 2 +- 23 files changed, 206 insertions(+), 206 deletions(-) diff --git a/cmd/cleanup/sql.go b/cmd/cleanup/sql.go index c74d214fcba1..847d010a02cb 100644 --- a/cmd/cleanup/sql.go +++ b/cmd/cleanup/sql.go @@ -3,9 +3,7 @@ Copyright © 2019 NAME HERE Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - + http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. diff --git a/cmd/migrate/sql.go b/cmd/migrate/sql.go index 0e065c997807..43e531a6d01c 100644 --- a/cmd/migrate/sql.go +++ b/cmd/migrate/sql.go @@ -5,7 +5,7 @@ Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at - http://www.apache.org/licenses/LICENSE-2.0 + http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, diff --git a/examples/go/selfservice/error/main.go b/examples/go/selfservice/error/main.go index 05ebe2c46a2e..a8025a681d76 100644 --- a/examples/go/selfservice/error/main.go +++ b/examples/go/selfservice/error/main.go @@ -8,7 +8,7 @@ import ( // If you use Open Source this would be: // -// var client = pkg.NewSDKForSelfHosted("http://127.0.0.1:4433") +//var client = pkg.NewSDKForSelfHosted("http://127.0.0.1:4433") var client = pkg.NewSDK("playground") func getError() *ory.SelfServiceError { diff --git a/examples/go/selfservice/login/main.go b/examples/go/selfservice/login/main.go index ec8829003e85..56ef6b3d7bef 100644 --- a/examples/go/selfservice/login/main.go +++ b/examples/go/selfservice/login/main.go @@ -10,7 +10,7 @@ import ( // If you use Open Source this would be: // -// var client = pkg.NewSDKForSelfHosted("http://127.0.0.1:4433") +//var client = pkg.NewSDKForSelfHosted("http://127.0.0.1:4433") var client = pkg.NewSDK("playground") func performLogin() *ory.SuccessfulSelfServiceLoginWithoutBrowser { diff --git a/examples/go/selfservice/logout/main.go b/examples/go/selfservice/logout/main.go index 81897596a34f..ea2e483fa3ff 100644 --- a/examples/go/selfservice/logout/main.go +++ b/examples/go/selfservice/logout/main.go @@ -10,7 +10,7 @@ import ( // If you use Open Source this would be: // -// var client = pkg.NewSDKForSelfHosted("http://127.0.0.1:4433") +//var client = pkg.NewSDKForSelfHosted("http://127.0.0.1:4433") var client = pkg.NewSDK("playground") func performLogout() { diff --git a/examples/go/selfservice/recovery/main.go b/examples/go/selfservice/recovery/main.go index aa051ab088f2..80e22aaed2aa 100644 --- a/examples/go/selfservice/recovery/main.go +++ b/examples/go/selfservice/recovery/main.go @@ -10,7 +10,7 @@ import ( // If you use Open Source this would be: // -// var client = pkg.NewSDKForSelfHosted("http://127.0.0.1:4433") +//var client = pkg.NewSDKForSelfHosted("http://127.0.0.1:4433") var client = pkg.NewSDK("playground") func performRecovery(email string) *ory.SelfServiceRecoveryFlow { diff --git a/examples/go/selfservice/registration/main.go b/examples/go/selfservice/registration/main.go index a0e6b2b04d63..5f0fb0d3cbfe 100644 --- a/examples/go/selfservice/registration/main.go +++ b/examples/go/selfservice/registration/main.go @@ -10,7 +10,7 @@ import ( // If you use Open Source this would be: // -// var client = pkg.NewSDKForSelfHosted("http://127.0.0.1:4433") +//var client = pkg.NewSDKForSelfHosted("http://127.0.0.1:4433") var client = pkg.NewSDK("playground") func initRegistration() *ory.SuccessfulSelfServiceRegistrationWithoutBrowser { diff --git a/examples/go/selfservice/settings/main.go b/examples/go/selfservice/settings/main.go index 5f570233c192..3f817260293f 100644 --- a/examples/go/selfservice/settings/main.go +++ b/examples/go/selfservice/settings/main.go @@ -10,7 +10,7 @@ import ( // If you use Open Source this would be: // -// var client = pkg.NewSDKForSelfHosted("http://127.0.0.1:4433") +//var client = pkg.NewSDKForSelfHosted("http://127.0.0.1:4433") var client = pkg.NewSDK("playground") var ctx = context.Background() diff --git a/examples/go/selfservice/verification/main.go b/examples/go/selfservice/verification/main.go index f8462bf880b9..f703c4841148 100644 --- a/examples/go/selfservice/verification/main.go +++ b/examples/go/selfservice/verification/main.go @@ -10,7 +10,7 @@ import ( // If you use Open Source this would be: // -// var client = pkg.NewSDKForSelfHosted("http://127.0.0.1:4433") +//var client = pkg.NewSDKForSelfHosted("http://127.0.0.1:4433") var client = pkg.NewSDK("playground") func performVerification(email string) *ory.SelfServiceVerificationFlow { diff --git a/examples/go/session/tosession/main.go b/examples/go/session/tosession/main.go index 629dd2e5b2c7..c76f67220884 100644 --- a/examples/go/session/tosession/main.go +++ b/examples/go/session/tosession/main.go @@ -8,7 +8,7 @@ import ( // If you use Open Source this would be: // -// var client = pkg.NewSDKForSelfHosted("http://127.0.0.1:4433") +//var client = pkg.NewSDKForSelfHosted("http://127.0.0.1:4433") var client = pkg.NewSDK("playground") func toSession() *ory.Session { diff --git a/internal/httpclient/api_v0alpha2.go b/internal/httpclient/api_v0alpha2.go index 1edd310dd035..05c5e77f9e9b 100644 --- a/internal/httpclient/api_v0alpha2.go +++ b/internal/httpclient/api_v0alpha2.go @@ -4538,6 +4538,7 @@ you vulnerable to a variety of CSRF attacks. This endpoint MUST ONLY be used in scenarios such as native mobile apps (React Native, Objective C, Swift, Java, ...). + More information can be found at [Ory Kratos Account Recovery Documentation](../self-service/flows/account-recovery). * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). * @return V0alpha2ApiApiInitializeSelfServiceRecoveryFlowWithoutBrowserRequest diff --git a/selfservice/flow/login/handler.go b/selfservice/flow/login/handler.go index 5c98a6a98598..7544c6f84438 100644 --- a/selfservice/flow/login/handler.go +++ b/selfservice/flow/login/handler.go @@ -410,17 +410,17 @@ type getSelfServiceLoginFlow struct { // // More information can be found at [Ory Kratos User Login](https://www.ory.sh/docs/kratos/self-service/flows/user-login) and [User Registration Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-registration). // -// Produces: -// - application/json +// Produces: +// - application/json // -// Schemes: http, https +// Schemes: http, https // -// Responses: -// 200: selfServiceLoginFlow -// 403: jsonError -// 404: jsonError -// 410: jsonError -// 500: jsonError +// Responses: +// 200: selfServiceLoginFlow +// 403: jsonError +// 404: jsonError +// 410: jsonError +// 500: jsonError func (h *Handler) fetchFlow(w http.ResponseWriter, r *http.Request, _ httprouter.Params) { ar, err := h.d.LoginFlowPersister().GetLoginFlow(r.Context(), x.ParseUUID(r.URL.Query().Get("id"))) if err != nil { @@ -520,33 +520,33 @@ type submitSelfServiceLoginFlowBody struct{} // If this endpoint is called with `Accept: application/json` in the header, the response contains the flow without a redirect. In the // case of an error, the `error.id` of the JSON response body can be one of: // -// - `session_already_available`: The user is already signed in. -// - `security_csrf_violation`: Unable to fetch the flow because a CSRF violation occurred. -// - `security_identity_mismatch`: The requested `?return_to` address is not allowed to be used. Adjust this in the configuration! -// - `browser_location_change_required`: Usually sent when an AJAX request indicates that the browser needs to open a specific URL. -// Most likely used in Social Sign In flows. +// - `session_already_available`: The user is already signed in. +// - `security_csrf_violation`: Unable to fetch the flow because a CSRF violation occurred. +// - `security_identity_mismatch`: The requested `?return_to` address is not allowed to be used. Adjust this in the configuration! +// - `browser_location_change_required`: Usually sent when an AJAX request indicates that the browser needs to open a specific URL. +// Most likely used in Social Sign In flows. // // More information can be found at [Ory Kratos User Login](https://www.ory.sh/docs/kratos/self-service/flows/user-login) and [User Registration Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-registration). // -// Schemes: http, https +// Schemes: http, https // -// Consumes: -// - application/json -// - application/x-www-form-urlencoded +// Consumes: +// - application/json +// - application/x-www-form-urlencoded // -// Produces: -// - application/json +// Produces: +// - application/json // -// Header: -// - Set-Cookie +// Header: +// - Set-Cookie // -// Responses: -// 200: successfulSelfServiceLoginWithoutBrowser -// 303: emptyResponse -// 400: selfServiceLoginFlow -// 410: jsonError -// 422: selfServiceBrowserLocationChangeRequiredError -// 500: jsonError +// Responses: +// 200: successfulSelfServiceLoginWithoutBrowser +// 303: emptyResponse +// 400: selfServiceLoginFlow +// 410: jsonError +// 422: selfServiceBrowserLocationChangeRequiredError +// 500: jsonError func (h *Handler) submitFlow(w http.ResponseWriter, r *http.Request, _ httprouter.Params) { rid, err := flow.GetFlowID(r) if err != nil { diff --git a/selfservice/flow/logout/handler.go b/selfservice/flow/logout/handler.go index 55c80cde9aaa..892f6b517aa7 100644 --- a/selfservice/flow/logout/handler.go +++ b/selfservice/flow/logout/handler.go @@ -106,15 +106,15 @@ type createSelfServiceLogoutFlowUrlForBrowsers struct { // // When calling this endpoint from a backend, please ensure to properly forward the HTTP cookies. // -// Produces: -// - application/json +// Produces: +// - application/json // -// Schemes: http, https +// Schemes: http, https // -// Responses: -// 200: selfServiceLogoutUrl -// 401: jsonError -// 500: jsonError +// Responses: +// 200: selfServiceLogoutUrl +// 401: jsonError +// 500: jsonError func (h *Handler) createSelfServiceLogoutUrlForBrowsers(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { sess, err := h.d.SessionManager().FetchFromRequest(r.Context(), r) if err != nil { @@ -161,18 +161,18 @@ type submitSelfServiceLogoutFlowWithoutBrowserBody struct { // This endpoint does not remove any HTTP // Cookies - use the Browser-Based Self-Service Logout Flow instead. // -// Consumes: -// - application/json +// Consumes: +// - application/json // -// Produces: -// - application/json +// Produces: +// - application/json // -// Schemes: http, https +// Schemes: http, https // -// Responses: -// 204: emptyResponse -// 400: jsonError -// 500: jsonError +// Responses: +// 204: emptyResponse +// 400: jsonError +// 500: jsonError func (h *Handler) submitSelfServiceLogoutFlowWithoutBrowser(w http.ResponseWriter, r *http.Request, _ httprouter.Params) { var p submitSelfServiceLogoutFlowWithoutBrowserBody if err := h.dx.Decode(r, &p, @@ -230,15 +230,15 @@ type submitSelfServiceLogoutFlow struct { // // More information can be found at [Ory Kratos User Logout Documentation](https://www.ory.sh/docs/next/kratos/self-service/flows/user-logout). // -// Produces: -// - application/json +// Produces: +// - application/json // -// Schemes: http, https +// Schemes: http, https // -// Responses: -// 303: emptyResponse -// 204: emptyResponse -// 500: jsonError +// Responses: +// 303: emptyResponse +// 204: emptyResponse +// 500: jsonError func (h *Handler) submitLogout(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { expected := r.URL.Query().Get("token") if len(expected) == 0 { diff --git a/selfservice/flow/recovery/handler.go b/selfservice/flow/recovery/handler.go index bcb8c4de129f..10b83e8c8b67 100644 --- a/selfservice/flow/recovery/handler.go +++ b/selfservice/flow/recovery/handler.go @@ -107,14 +107,15 @@ func (h *Handler) RegisterAdminRoutes(admin *x.RouterAdmin) { // // This endpoint MUST ONLY be used in scenarios such as native mobile apps (React Native, Objective C, Swift, Java, ...). // +// // More information can be found at [Ory Kratos Account Recovery Documentation](../self-service/flows/account-recovery). // -// Schemes: http, https +// Schemes: http, https // -// Responses: -// 200: selfServiceRecoveryFlow -// 500: jsonError -// 400: jsonError +// Responses: +// 200: selfServiceRecoveryFlow +// 500: jsonError +// 400: jsonError func (h *Handler) initAPIFlow(w http.ResponseWriter, r *http.Request, _ httprouter.Params) { if !h.d.Config().SelfServiceFlowRecoveryEnabled(r.Context()) { h.d.SelfServiceErrorManager().Forward(r.Context(), w, r, errors.WithStack(herodot.ErrBadRequest.WithReasonf("Recovery is not allowed because it was disabled."))) @@ -159,13 +160,13 @@ type initializeSelfServiceRecoveryFlowWithoutBrowser struct { // // More information can be found at [Ory Kratos Account Recovery Documentation](../self-service/flows/account-recovery). // -// Schemes: http, https +// Schemes: http, https // -// Responses: -// 200: selfServiceRecoveryFlow -// 303: emptyResponse -// 400: jsonError -// 500: jsonError +// Responses: +// 200: selfServiceRecoveryFlow +// 303: emptyResponse +// 400: jsonError +// 500: jsonError func (h *Handler) initBrowserFlow(w http.ResponseWriter, r *http.Request, _ httprouter.Params) { if !h.d.Config().SelfServiceFlowRecoveryEnabled(r.Context()) { h.d.SelfServiceErrorManager().Forward(r.Context(), w, r, errors.WithStack(herodot.ErrBadRequest.WithReasonf("Recovery is not allowed because it was disabled."))) @@ -232,16 +233,16 @@ type getSelfServiceRecoveryFlow struct { // // More information can be found at [Ory Kratos Account Recovery Documentation](../self-service/flows/account-recovery). // -// Produces: -// - application/json +// Produces: +// - application/json // -// Schemes: http, https +// Schemes: http, https // -// Responses: -// 200: selfServiceRecoveryFlow -// 404: jsonError -// 410: jsonError -// 500: jsonError +// Responses: +// 200: selfServiceRecoveryFlow +// 404: jsonError +// 410: jsonError +// 500: jsonError func (h *Handler) fetch(w http.ResponseWriter, r *http.Request, _ httprouter.Params) { if !h.d.Config().SelfServiceFlowRecoveryEnabled(r.Context()) { h.d.SelfServiceErrorManager().Forward(r.Context(), w, r, errors.WithStack(herodot.ErrBadRequest.WithReasonf("Recovery is not allowed because it was disabled."))) @@ -329,35 +330,35 @@ type submitSelfServiceRecoveryFlowBody struct{} // Use this endpoint to complete a recovery flow. This endpoint // behaves differently for API and browser flows and has several states: // -// - `choose_method` expects `flow` (in the URL query) and `email` (in the body) to be sent -// and works with API- and Browser-initiated flows. -// - For API clients and Browser clients with HTTP Header `Accept: application/json` it either returns a HTTP 200 OK when the form is valid and HTTP 400 OK when the form is invalid. +// - `choose_method` expects `flow` (in the URL query) and `email` (in the body) to be sent +// and works with API- and Browser-initiated flows. +// - For API clients and Browser clients with HTTP Header `Accept: application/json` it either returns a HTTP 200 OK when the form is valid and HTTP 400 OK when the form is invalid. // and a HTTP 303 See Other redirect with a fresh recovery flow if the flow was otherwise invalid (e.g. expired). -// - For Browser clients without HTTP Header `Accept` or with `Accept: text/*` it returns a HTTP 303 See Other redirect to the Recovery UI URL with the Recovery Flow ID appended. -// - `sent_email` is the success state after `choose_method` for the `link` method and allows the user to request another recovery email. It -// works for both API and Browser-initiated flows and returns the same responses as the flow in `choose_method` state. -// - `passed_challenge` expects a `token` to be sent in the URL query and given the nature of the flow ("sending a recovery link") -// does not have any API capabilities. The server responds with a HTTP 303 See Other redirect either to the Settings UI URL -// (if the link was valid) and instructs the user to update their password, or a redirect to the Recover UI URL with -// a new Recovery Flow ID which contains an error message that the recovery link was invalid. +// - For Browser clients without HTTP Header `Accept` or with `Accept: text/*` it returns a HTTP 303 See Other redirect to the Recovery UI URL with the Recovery Flow ID appended. +// - `sent_email` is the success state after `choose_method` for the `link` method and allows the user to request another recovery email. It +// works for both API and Browser-initiated flows and returns the same responses as the flow in `choose_method` state. +// - `passed_challenge` expects a `token` to be sent in the URL query and given the nature of the flow ("sending a recovery link") +// does not have any API capabilities. The server responds with a HTTP 303 See Other redirect either to the Settings UI URL +// (if the link was valid) and instructs the user to update their password, or a redirect to the Recover UI URL with +// a new Recovery Flow ID which contains an error message that the recovery link was invalid. // // More information can be found at [Ory Kratos Account Recovery Documentation](../self-service/flows/account-recovery). // -// Consumes: -// - application/json -// - application/x-www-form-urlencoded +// Consumes: +// - application/json +// - application/x-www-form-urlencoded // -// Produces: -// - application/json +// Produces: +// - application/json // -// Schemes: http, https +// Schemes: http, https // -// Responses: -// 200: selfServiceRecoveryFlow -// 303: emptyResponse -// 400: selfServiceRecoveryFlow -// 410: jsonError -// 500: jsonError +// Responses: +// 200: selfServiceRecoveryFlow +// 303: emptyResponse +// 400: selfServiceRecoveryFlow +// 410: jsonError +// 500: jsonError func (h *Handler) submitFlow(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { rid, err := flow.GetFlowID(r) if err != nil { diff --git a/selfservice/flow/registration/handler.go b/selfservice/flow/registration/handler.go index 977dc516c153..7aaf9043f68a 100644 --- a/selfservice/flow/registration/handler.go +++ b/selfservice/flow/registration/handler.go @@ -172,12 +172,12 @@ func (h *Handler) FromOldFlow(w http.ResponseWriter, r *http.Request, of Flow) ( // // More information can be found at [Ory Kratos User Login](https://www.ory.sh/docs/kratos/self-service/flows/user-login) and [User Registration Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-registration). // -// Schemes: http, https +// Schemes: http, https // -// Responses: -// 200: selfServiceRegistrationFlow -// 400: jsonError -// 500: jsonError +// Responses: +// 200: selfServiceRegistrationFlow +// 400: jsonError +// 500: jsonError func (h *Handler) initApiFlow(w http.ResponseWriter, r *http.Request, _ httprouter.Params) { a, err := h.NewRegistrationFlow(w, r, flow.TypeAPI) if err != nil { @@ -227,15 +227,15 @@ type initializeSelfServiceRegistrationFlowForBrowsers struct { // // More information can be found at [Ory Kratos User Login](https://www.ory.sh/docs/kratos/self-service/flows/user-login) and [User Registration Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-registration). // -// Schemes: http, https +// Schemes: http, https // -// Produces: -// - application/json +// Produces: +// - application/json // -// Responses: -// 200: selfServiceRegistrationFlow -// 303: emptyResponse -// 500: jsonError +// Responses: +// 200: selfServiceRegistrationFlow +// 303: emptyResponse +// 500: jsonError func (h *Handler) initBrowserFlow(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { a, err := h.NewRegistrationFlow(w, r, flow.TypeBrowser) if err != nil { @@ -307,17 +307,17 @@ type getSelfServiceRegistrationFlow struct { // // More information can be found at [Ory Kratos User Login](https://www.ory.sh/docs/kratos/self-service/flows/user-login) and [User Registration Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-registration). // -// Produces: -// - application/json +// Produces: +// - application/json // -// Schemes: http, https +// Schemes: http, https // -// Responses: -// 200: selfServiceRegistrationFlow -// 403: jsonError -// 404: jsonError -// 410: jsonError -// 500: jsonError +// Responses: +// 200: selfServiceRegistrationFlow +// 403: jsonError +// 404: jsonError +// 410: jsonError +// 500: jsonError func (h *Handler) fetchFlow(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { if !h.d.Config().SelfServiceFlowRegistrationEnabled(r.Context()) { h.d.SelfServiceErrorManager().Forward(r.Context(), w, r, errors.WithStack(ErrRegistrationDisabled)) @@ -412,30 +412,30 @@ type submitSelfServiceRegistrationFlowBody struct{} // If this endpoint is called with `Accept: application/json` in the header, the response contains the flow without a redirect. In the // case of an error, the `error.id` of the JSON response body can be one of: // -// - `session_already_available`: The user is already signed in. -// - `security_csrf_violation`: Unable to fetch the flow because a CSRF violation occurred. -// - `security_identity_mismatch`: The requested `?return_to` address is not allowed to be used. Adjust this in the configuration! -// - `browser_location_change_required`: Usually sent when an AJAX request indicates that the browser needs to open a specific URL. -// Most likely used in Social Sign In flows. +// - `session_already_available`: The user is already signed in. +// - `security_csrf_violation`: Unable to fetch the flow because a CSRF violation occurred. +// - `security_identity_mismatch`: The requested `?return_to` address is not allowed to be used. Adjust this in the configuration! +// - `browser_location_change_required`: Usually sent when an AJAX request indicates that the browser needs to open a specific URL. +// Most likely used in Social Sign In flows. // // More information can be found at [Ory Kratos User Login](https://www.ory.sh/docs/kratos/self-service/flows/user-login) and [User Registration Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-registration). // -// Schemes: http, https +// Schemes: http, https // -// Consumes: -// - application/json -// - application/x-www-form-urlencoded +// Consumes: +// - application/json +// - application/x-www-form-urlencoded // -// Produces: -// - application/json +// Produces: +// - application/json // -// Responses: -// 200: successfulSelfServiceRegistrationWithoutBrowser -// 303: emptyResponse -// 400: selfServiceRegistrationFlow -// 410: jsonError -// 422: selfServiceBrowserLocationChangeRequiredError -// 500: jsonError +// Responses: +// 200: successfulSelfServiceRegistrationWithoutBrowser +// 303: emptyResponse +// 400: selfServiceRegistrationFlow +// 410: jsonError +// 422: selfServiceBrowserLocationChangeRequiredError +// 500: jsonError func (h *Handler) submitFlow(w http.ResponseWriter, r *http.Request, _ httprouter.Params) { rid, err := flow.GetFlowID(r) if err != nil { diff --git a/selfservice/flow/settings/state.go b/selfservice/flow/settings/state.go index 96d4d3869c09..ca883c7948fe 100644 --- a/selfservice/flow/settings/state.go +++ b/selfservice/flow/settings/state.go @@ -2,10 +2,10 @@ package settings // State represents the state of this flow. It knows two states: // -// - show_form: No user data has been collected, or it is invalid, and thus the form should be shown. -// - success: Indicates that the settings flow has been updated successfully with the provided data. -// Done will stay true when repeatedly checking. If set to true, done will revert back to false only -// when a flow with invalid (e.g. "please use a valid phone number") data was sent. +// - show_form: No user data has been collected, or it is invalid, and thus the form should be shown. +// - success: Indicates that the settings flow has been updated successfully with the provided data. +// Done will stay true when repeatedly checking. If set to true, done will revert back to false only +// when a flow with invalid (e.g. "please use a valid phone number") data was sent. // // swagger:model selfServiceSettingsFlowState type State string diff --git a/selfservice/flow/verification/handler.go b/selfservice/flow/verification/handler.go index eac36061db03..c6f2b46f5e27 100644 --- a/selfservice/flow/verification/handler.go +++ b/selfservice/flow/verification/handler.go @@ -96,12 +96,12 @@ func (h *Handler) RegisterAdminRoutes(admin *x.RouterAdmin) { // // More information can be found at [Ory Kratos Email and Phone Verification Documentation](https://www.ory.sh/docs/kratos/self-service/flows/verify-email-account-activation). // -// Schemes: http, https +// Schemes: http, https // -// Responses: -// 200: selfServiceVerificationFlow -// 500: jsonError -// 400: jsonError +// Responses: +// 200: selfServiceVerificationFlow +// 500: jsonError +// 400: jsonError func (h *Handler) initAPIFlow(w http.ResponseWriter, r *http.Request, _ httprouter.Params) { if !h.d.Config().SelfServiceFlowVerificationEnabled(r.Context()) { h.d.SelfServiceErrorManager().Forward(r.Context(), w, r, errors.WithStack(herodot.ErrBadRequest.WithReasonf("Verification is not allowed because it was disabled."))) @@ -144,12 +144,12 @@ type initializeSelfServiceVerificationFlowForBrowsers struct { // // More information can be found at [Ory Kratos Email and Phone Verification Documentation](https://www.ory.sh/docs/kratos/selfservice/flows/verify-email-account-activation). // -// Schemes: http, https +// Schemes: http, https // -// Responses: -// 200: selfServiceVerificationFlow -// 303: emptyResponse -// 500: jsonError +// Responses: +// 200: selfServiceVerificationFlow +// 303: emptyResponse +// 500: jsonError func (h *Handler) initBrowserFlow(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { if !h.d.Config().SelfServiceFlowVerificationEnabled(r.Context()) { h.d.SelfServiceErrorManager().Forward(r.Context(), w, r, errors.WithStack(herodot.ErrBadRequest.WithReasonf("Verification is not allowed because it was disabled."))) @@ -195,7 +195,7 @@ type getSelfServiceVerificationFlow struct { // swagger:route GET /self-service/verification/flows v0alpha2 getSelfServiceVerificationFlow // -// Get Verification Flow +// # Get Verification Flow // // This endpoint returns a verification flow's context with, for example, error details and other information. // @@ -205,27 +205,26 @@ type getSelfServiceVerificationFlow struct { // If you use the browser-flow for server-side apps, the services need to run on a common top-level-domain // and you need to forward the incoming HTTP Cookie header to this endpoint: // -// ```js -// // pseudo-code example -// router.get('/recovery', async function (req, res) { -// const flow = await client.getSelfServiceVerificationFlow(req.header('cookie'), req.query['flow']) +// ```js +// // pseudo-code example +// router.get('/recovery', async function (req, res) { +// const flow = await client.getSelfServiceVerificationFlow(req.header('cookie'), req.query['flow']) // -// res.render('verification', flow) -// }) -// ``` +// res.render('verification', flow) +// }) // // More information can be found at [Ory Kratos Email and Phone Verification Documentation](https://www.ory.sh/docs/kratos/selfservice/flows/verify-email-account-activation). // -// Produces: -// - application/json +// Produces: +// - application/json // -// Schemes: http, https +// Schemes: http, https // -// Responses: -// 200: selfServiceVerificationFlow -// 403: jsonError -// 404: jsonError -// 500: jsonError +// Responses: +// 200: selfServiceVerificationFlow +// 403: jsonError +// 404: jsonError +// 500: jsonError func (h *Handler) fetch(w http.ResponseWriter, r *http.Request, _ httprouter.Params) { if !h.d.Config().SelfServiceFlowVerificationEnabled(r.Context()) { h.d.SelfServiceErrorManager().Forward(r.Context(), w, r, errors.WithStack(herodot.ErrBadRequest.WithReasonf("Verification is not allowed because it was disabled."))) @@ -308,7 +307,7 @@ type submitSelfServiceVerificationFlowBody struct{} // swagger:route POST /self-service/verification v0alpha2 submitSelfServiceVerificationFlow // -// Complete Verification Flow +// # Complete Verification Flow // // Use this endpoint to complete a verification flow. This endpoint // behaves differently for API and browser flows and has several states: @@ -327,21 +326,21 @@ type submitSelfServiceVerificationFlowBody struct{} // // More information can be found at [Ory Kratos Email and Phone Verification Documentation](https://www.ory.sh/docs/kratos/selfservice/flows/verify-email-account-activation). // -// Consumes: -// - application/json -// - application/x-www-form-urlencoded +// Consumes: +// - application/json +// - application/x-www-form-urlencoded // -// Produces: -// - application/json +// Produces: +// - application/json // -// Schemes: http, https +// Schemes: http, https // -// Responses: -// 200: selfServiceVerificationFlow -// 303: emptyResponse -// 400: selfServiceVerificationFlow -// 410: jsonError -// 500: jsonError +// Responses: +// 200: selfServiceVerificationFlow +// 303: emptyResponse +// 400: selfServiceVerificationFlow +// 410: jsonError +// 500: jsonError func (h *Handler) submitFlow(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { rid, err := flow.GetFlowID(r) if err != nil { diff --git a/selfservice/strategy/link/strategy_recovery.go b/selfservice/strategy/link/strategy_recovery.go index be89af1c8092..6e4a1a83755d 100644 --- a/selfservice/strategy/link/strategy_recovery.go +++ b/selfservice/strategy/link/strategy_recovery.go @@ -111,19 +111,19 @@ type selfServiceRecoveryLink struct { // This endpoint creates a recovery link which should be given to the user in order for them to recover // (or activate) their account. // -// Consumes: -// - application/json +// Consumes: +// - application/json // -// Produces: -// - application/json +// Produces: +// - application/json // -// Schemes: http, https +// Schemes: http, https // -// Responses: -// 200: selfServiceRecoveryLink -// 400: jsonError -// 404: jsonError -// 500: jsonError +// Responses: +// 200: selfServiceRecoveryLink +// 400: jsonError +// 404: jsonError +// 500: jsonError func (s *Strategy) createRecoveryLink(w http.ResponseWriter, r *http.Request, _ httprouter.Params) { var p adminCreateSelfServiceRecoveryLinkBody if err := s.dx.Decode(r, &p, decoderx.HTTPJSONDecoder()); err != nil { diff --git a/selfservice/strategy/lookup/strategy.go b/selfservice/strategy/lookup/strategy.go index ed6ac05fe22d..12c78ffd485a 100644 --- a/selfservice/strategy/lookup/strategy.go +++ b/selfservice/strategy/lookup/strategy.go @@ -20,7 +20,7 @@ import ( "github.com/ory/x/decoderx" ) -// var _ login.Strategy = new(Strategy) +//var _ login.Strategy = new(Strategy) var _ settings.Strategy = new(Strategy) var _ identity.ActiveCredentialsCounter = new(Strategy) diff --git a/selfservice/strategy/webauthn/handler.go b/selfservice/strategy/webauthn/handler.go index 2bb2f1fb78c8..19e0f44e5035 100644 --- a/selfservice/strategy/webauthn/handler.go +++ b/selfservice/strategy/webauthn/handler.go @@ -31,13 +31,13 @@ type webAuthnJavaScript string // // More information can be found at [Ory Kratos User Login](https://www.ory.sh/docs/kratos/self-service/flows/user-login) and [User Registration Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-registration). // -// Produces: -// - text/javascript +// Produces: +// - text/javascript // -// Schemes: http, https +// Schemes: http, https // -// Responses: -// 200: webAuthnJavaScript +// Responses: +// 200: webAuthnJavaScript func (s *Strategy) RegisterLoginRoutes(r *x.RouterPublic) { if handle, _, _ := r.Lookup("GET", webAuthnRoute); handle == nil { r.GET(webAuthnRoute, func(w http.ResponseWriter, r *http.Request, _ httprouter.Params) { diff --git a/ui/node/attributes.go b/ui/node/attributes.go index a26b13c88f1b..4300d218f233 100644 --- a/ui/node/attributes.go +++ b/ui/node/attributes.go @@ -158,6 +158,7 @@ type AnchorAttributes struct { // TextAttributes represents the attributes of a text node. // +// // swagger:model uiNodeTextAttributes type TextAttributes struct { // The text of the text node. diff --git a/x/doc.go b/x/doc.go index 64aa08a21794..3582cb8b79da 100644 --- a/x/doc.go +++ b/x/doc.go @@ -2,7 +2,7 @@ Package x provides various helpers that do not have an obvious home elsewhere. The contract implied here, is that: - - Package x does not depend on other parts of kratos - - Packages outside kratos do not depend on x. + - Package x does not depend on other parts of kratos + - Packages outside kratos do not depend on x. */ package x diff --git a/x/time.go b/x/time.go index 950cb93953e9..28635fa7431e 100644 --- a/x/time.go +++ b/x/time.go @@ -26,7 +26,7 @@ func RequireEqualTime(t *testing.T, expected, actual time.Time) { // To produce a different normal distribution, callers can // adjust the output using: // -// sample = NormFloat64() * desiredStdDev + desiredMean +// sample = NormFloat64() * desiredStdDev + desiredMean // // Since 99.73% of values in a normal distribution lie within three standard deviations from the mean (https://en.wikipedia.org/wiki/68%E2%80%9395%E2%80%9399.7_rule), // by taking the standard deviation to be deviation/3, we can get a distribution which fits our bounds nicely with minimal clipping when we take max/mins to cut off the tails. From 772d5968d5a0cb7ac9415cfb2b1e9e86ae3a3131 Mon Sep 17 00:00:00 2001 From: aeneasr <3372410+aeneasr@users.noreply.github.com> Date: Fri, 19 Aug 2022 15:41:38 +0200 Subject: [PATCH 226/411] fix: ignore error explicitly --- cmd/daemon/serve.go | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/cmd/daemon/serve.go b/cmd/daemon/serve.go index 52513e1fb53c..a952448af803 100644 --- a/cmd/daemon/serve.go +++ b/cmd/daemon/serve.go @@ -296,8 +296,9 @@ func bgTasks(d driver.Registry, cmd *cobra.Command, args []string, slOpts *servi ctx := modifiers.ctx if d.Config().IsBackgroundCourierEnabled(ctx) { - go courier.Watch(ctx, d) + return courier.Watch(ctx, d) } + return nil } From 39bb84dd78df3737c68b864ae4a04dbf9cf00282 Mon Sep 17 00:00:00 2001 From: ory-bot <60093411+ory-bot@users.noreply.github.com> Date: Fri, 19 Aug 2022 15:11:46 +0000 Subject: [PATCH 227/411] autogen(openapi): regenerate swagger spec and internal client [skip ci] --- internal/httpclient/README.md | 4 ++-- internal/httpclient/api/openapi.yaml | 6 +++--- internal/httpclient/api_v0alpha2.go | 11 +++++------ internal/httpclient/docs/V0alpha2Api.md | 8 ++++---- spec/api.json | 8 ++++---- spec/swagger.json | 8 ++++---- 6 files changed, 22 insertions(+), 23 deletions(-) diff --git a/internal/httpclient/README.md b/internal/httpclient/README.md index 37a9fb01a3a3..5c929d3c48e7 100644 --- a/internal/httpclient/README.md +++ b/internal/httpclient/README.md @@ -103,7 +103,7 @@ Class | Method | HTTP request | Description *V0alpha2Api* | [**GetSelfServiceRecoveryFlow**](docs/V0alpha2Api.md#getselfservicerecoveryflow) | **Get** /self-service/recovery/flows | Get Recovery Flow *V0alpha2Api* | [**GetSelfServiceRegistrationFlow**](docs/V0alpha2Api.md#getselfserviceregistrationflow) | **Get** /self-service/registration/flows | Get Registration Flow *V0alpha2Api* | [**GetSelfServiceSettingsFlow**](docs/V0alpha2Api.md#getselfservicesettingsflow) | **Get** /self-service/settings/flows | Get Settings Flow -*V0alpha2Api* | [**GetSelfServiceVerificationFlow**](docs/V0alpha2Api.md#getselfserviceverificationflow) | **Get** /self-service/verification/flows | Get Verification Flow +*V0alpha2Api* | [**GetSelfServiceVerificationFlow**](docs/V0alpha2Api.md#getselfserviceverificationflow) | **Get** /self-service/verification/flows | # Get Verification Flow *V0alpha2Api* | [**GetWebAuthnJavaScript**](docs/V0alpha2Api.md#getwebauthnjavascript) | **Get** /.well-known/ory/webauthn.js | Get WebAuthn JavaScript *V0alpha2Api* | [**InitializeSelfServiceLoginFlowForBrowsers**](docs/V0alpha2Api.md#initializeselfserviceloginflowforbrowsers) | **Get** /self-service/login/browser | Initialize Login Flow for Browsers *V0alpha2Api* | [**InitializeSelfServiceLoginFlowWithoutBrowser**](docs/V0alpha2Api.md#initializeselfserviceloginflowwithoutbrowser) | **Get** /self-service/login/api | Initialize Login Flow for APIs, Services, Apps, ... @@ -125,7 +125,7 @@ Class | Method | HTTP request | Description *V0alpha2Api* | [**SubmitSelfServiceRecoveryFlow**](docs/V0alpha2Api.md#submitselfservicerecoveryflow) | **Post** /self-service/recovery | Complete Recovery Flow *V0alpha2Api* | [**SubmitSelfServiceRegistrationFlow**](docs/V0alpha2Api.md#submitselfserviceregistrationflow) | **Post** /self-service/registration | Submit a Registration Flow *V0alpha2Api* | [**SubmitSelfServiceSettingsFlow**](docs/V0alpha2Api.md#submitselfservicesettingsflow) | **Post** /self-service/settings | Complete Settings Flow -*V0alpha2Api* | [**SubmitSelfServiceVerificationFlow**](docs/V0alpha2Api.md#submitselfserviceverificationflow) | **Post** /self-service/verification | Complete Verification Flow +*V0alpha2Api* | [**SubmitSelfServiceVerificationFlow**](docs/V0alpha2Api.md#submitselfserviceverificationflow) | **Post** /self-service/verification | # Complete Verification Flow *V0alpha2Api* | [**ToSession**](docs/V0alpha2Api.md#tosession) | **Get** /sessions/whoami | Check Who the Current HTTP Session Belongs To diff --git a/internal/httpclient/api/openapi.yaml b/internal/httpclient/api/openapi.yaml index 483b899efd10..704ed890fd0d 100644 --- a/internal/httpclient/api/openapi.yaml +++ b/internal/httpclient/api/openapi.yaml @@ -1382,6 +1382,7 @@ paths: This endpoint MUST ONLY be used in scenarios such as native mobile apps (React Native, Objective C, Swift, Java, ...). + More information can be found at [Ory Kratos Account Recovery Documentation](../self-service/flows/account-recovery). operationId: initializeSelfServiceRecoveryFlowWithoutBrowser responses: @@ -2292,7 +2293,7 @@ paths: schema: $ref: '#/components/schemas/jsonError' description: jsonError - summary: Complete Verification Flow + summary: '# Complete Verification Flow' tags: - v0alpha2 /self-service/verification/api: @@ -2390,7 +2391,6 @@ paths: res.render('verification', flow) }) - ``` More information can be found at [Ory Kratos Email and Phone Verification Documentation](https://www.ory.sh/docs/kratos/selfservice/flows/verify-email-account-activation). operationId: getSelfServiceVerificationFlow @@ -2444,7 +2444,7 @@ paths: schema: $ref: '#/components/schemas/jsonError' description: jsonError - summary: Get Verification Flow + summary: '# Get Verification Flow' tags: - v0alpha2 /sessions: diff --git a/internal/httpclient/api_v0alpha2.go b/internal/httpclient/api_v0alpha2.go index 05c5e77f9e9b..d7b191201fae 100644 --- a/internal/httpclient/api_v0alpha2.go +++ b/internal/httpclient/api_v0alpha2.go @@ -382,7 +382,7 @@ type V0alpha2Api interface { GetSelfServiceSettingsFlowExecute(r V0alpha2ApiApiGetSelfServiceSettingsFlowRequest) (*SelfServiceSettingsFlow, *http.Response, error) /* - * GetSelfServiceVerificationFlow Get Verification Flow + * GetSelfServiceVerificationFlow # Get Verification Flow * This endpoint returns a verification flow's context with, for example, error details and other information. Browser flows expect the anti-CSRF cookie to be included in the request's HTTP Cookie Header. @@ -398,7 +398,6 @@ type V0alpha2Api interface { res.render('verification', flow) }) - ``` More information can be found at [Ory Kratos Email and Phone Verification Documentation](https://www.ory.sh/docs/kratos/selfservice/flows/verify-email-account-activation). * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). @@ -536,6 +535,7 @@ type V0alpha2Api interface { This endpoint MUST ONLY be used in scenarios such as native mobile apps (React Native, Objective C, Swift, Java, ...). + More information can be found at [Ory Kratos Account Recovery Documentation](../self-service/flows/account-recovery). * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). * @return V0alpha2ApiApiInitializeSelfServiceRecoveryFlowWithoutBrowserRequest @@ -1017,7 +1017,7 @@ type V0alpha2Api interface { SubmitSelfServiceSettingsFlowExecute(r V0alpha2ApiApiSubmitSelfServiceSettingsFlowRequest) (*SelfServiceSettingsFlow, *http.Response, error) /* - * SubmitSelfServiceVerificationFlow Complete Verification Flow + * SubmitSelfServiceVerificationFlow # Complete Verification Flow * Use this endpoint to complete a verification flow. This endpoint behaves differently for API and browser flows and has several states: @@ -3797,7 +3797,7 @@ func (r V0alpha2ApiApiGetSelfServiceVerificationFlowRequest) Execute() (*SelfSer } /* - * GetSelfServiceVerificationFlow Get Verification Flow + * GetSelfServiceVerificationFlow # Get Verification Flow * This endpoint returns a verification flow's context with, for example, error details and other information. Browser flows expect the anti-CSRF cookie to be included in the request's HTTP Cookie Header. @@ -3813,7 +3813,6 @@ const flow = await client.getSelfServiceVerificationFlow(req.header('cookie'), r res.render('verification', flow) }) -``` More information can be found at [Ory Kratos Email and Phone Verification Documentation](https://www.ory.sh/docs/kratos/selfservice/flows/verify-email-account-activation). * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). @@ -7203,7 +7202,7 @@ func (r V0alpha2ApiApiSubmitSelfServiceVerificationFlowRequest) Execute() (*Self } /* - * SubmitSelfServiceVerificationFlow Complete Verification Flow + * SubmitSelfServiceVerificationFlow # Complete Verification Flow * Use this endpoint to complete a verification flow. This endpoint behaves differently for API and browser flows and has several states: diff --git a/internal/httpclient/docs/V0alpha2Api.md b/internal/httpclient/docs/V0alpha2Api.md index 1dbbfcc10d52..2f918b756a1c 100644 --- a/internal/httpclient/docs/V0alpha2Api.md +++ b/internal/httpclient/docs/V0alpha2Api.md @@ -21,7 +21,7 @@ Method | HTTP request | Description [**GetSelfServiceRecoveryFlow**](V0alpha2Api.md#GetSelfServiceRecoveryFlow) | **Get** /self-service/recovery/flows | Get Recovery Flow [**GetSelfServiceRegistrationFlow**](V0alpha2Api.md#GetSelfServiceRegistrationFlow) | **Get** /self-service/registration/flows | Get Registration Flow [**GetSelfServiceSettingsFlow**](V0alpha2Api.md#GetSelfServiceSettingsFlow) | **Get** /self-service/settings/flows | Get Settings Flow -[**GetSelfServiceVerificationFlow**](V0alpha2Api.md#GetSelfServiceVerificationFlow) | **Get** /self-service/verification/flows | Get Verification Flow +[**GetSelfServiceVerificationFlow**](V0alpha2Api.md#GetSelfServiceVerificationFlow) | **Get** /self-service/verification/flows | # Get Verification Flow [**GetWebAuthnJavaScript**](V0alpha2Api.md#GetWebAuthnJavaScript) | **Get** /.well-known/ory/webauthn.js | Get WebAuthn JavaScript [**InitializeSelfServiceLoginFlowForBrowsers**](V0alpha2Api.md#InitializeSelfServiceLoginFlowForBrowsers) | **Get** /self-service/login/browser | Initialize Login Flow for Browsers [**InitializeSelfServiceLoginFlowWithoutBrowser**](V0alpha2Api.md#InitializeSelfServiceLoginFlowWithoutBrowser) | **Get** /self-service/login/api | Initialize Login Flow for APIs, Services, Apps, ... @@ -43,7 +43,7 @@ Method | HTTP request | Description [**SubmitSelfServiceRecoveryFlow**](V0alpha2Api.md#SubmitSelfServiceRecoveryFlow) | **Post** /self-service/recovery | Complete Recovery Flow [**SubmitSelfServiceRegistrationFlow**](V0alpha2Api.md#SubmitSelfServiceRegistrationFlow) | **Post** /self-service/registration | Submit a Registration Flow [**SubmitSelfServiceSettingsFlow**](V0alpha2Api.md#SubmitSelfServiceSettingsFlow) | **Post** /self-service/settings | Complete Settings Flow -[**SubmitSelfServiceVerificationFlow**](V0alpha2Api.md#SubmitSelfServiceVerificationFlow) | **Post** /self-service/verification | Complete Verification Flow +[**SubmitSelfServiceVerificationFlow**](V0alpha2Api.md#SubmitSelfServiceVerificationFlow) | **Post** /self-service/verification | # Complete Verification Flow [**ToSession**](V0alpha2Api.md#ToSession) | **Get** /sessions/whoami | Check Who the Current HTTP Session Belongs To @@ -1226,7 +1226,7 @@ No authorization required > SelfServiceVerificationFlow GetSelfServiceVerificationFlow(ctx).Id(id).Cookie(cookie).Execute() -Get Verification Flow +# Get Verification Flow @@ -2700,7 +2700,7 @@ No authorization required > SelfServiceVerificationFlow SubmitSelfServiceVerificationFlow(ctx).Flow(flow).SubmitSelfServiceVerificationFlowBody(submitSelfServiceVerificationFlowBody).Token(token).Cookie(cookie).Execute() -Complete Verification Flow +# Complete Verification Flow diff --git a/spec/api.json b/spec/api.json index 2675e62362a8..48dea266fde7 100755 --- a/spec/api.json +++ b/spec/api.json @@ -3902,7 +3902,7 @@ }, "/self-service/recovery/api": { "get": { - "description": "This endpoint initiates a recovery flow for API clients such as mobile devices, smart TVs, and so on.\n\nIf a valid provided session cookie or session token is provided, a 400 Bad Request error.\n\nTo fetch an existing recovery flow call `/self-service/recovery/flows?flow=\u003cflow_id\u003e`.\n\nYou MUST NOT use this endpoint in client-side (Single Page Apps, ReactJS, AngularJS) nor server-side (Java Server\nPages, NodeJS, PHP, Golang, ...) browser applications. Using this endpoint in these applications will make\nyou vulnerable to a variety of CSRF attacks.\n\nThis endpoint MUST ONLY be used in scenarios such as native mobile apps (React Native, Objective C, Swift, Java, ...).\n\nMore information can be found at [Ory Kratos Account Recovery Documentation](../self-service/flows/account-recovery).", + "description": "This endpoint initiates a recovery flow for API clients such as mobile devices, smart TVs, and so on.\n\nIf a valid provided session cookie or session token is provided, a 400 Bad Request error.\n\nTo fetch an existing recovery flow call `/self-service/recovery/flows?flow=\u003cflow_id\u003e`.\n\nYou MUST NOT use this endpoint in client-side (Single Page Apps, ReactJS, AngularJS) nor server-side (Java Server\nPages, NodeJS, PHP, Golang, ...) browser applications. Using this endpoint in these applications will make\nyou vulnerable to a variety of CSRF attacks.\n\nThis endpoint MUST ONLY be used in scenarios such as native mobile apps (React Native, Objective C, Swift, Java, ...).\n\n\nMore information can be found at [Ory Kratos Account Recovery Documentation](../self-service/flows/account-recovery).", "operationId": "initializeSelfServiceRecoveryFlowWithoutBrowser", "responses": { "200": { @@ -4787,7 +4787,7 @@ "description": "jsonError" } }, - "summary": "Complete Verification Flow", + "summary": "# Complete Verification Flow", "tags": [ "v0alpha2" ] @@ -4882,7 +4882,7 @@ }, "/self-service/verification/flows": { "get": { - "description": "This endpoint returns a verification flow's context with, for example, error details and other information.\n\nBrowser flows expect the anti-CSRF cookie to be included in the request's HTTP Cookie Header.\nFor AJAX requests you must ensure that cookies are included in the request or requests will fail.\n\nIf you use the browser-flow for server-side apps, the services need to run on a common top-level-domain\nand you need to forward the incoming HTTP Cookie header to this endpoint:\n\n```js\npseudo-code example\nrouter.get('/recovery', async function (req, res) {\nconst flow = await client.getSelfServiceVerificationFlow(req.header('cookie'), req.query['flow'])\n\nres.render('verification', flow)\n})\n```\n\nMore information can be found at [Ory Kratos Email and Phone Verification Documentation](https://www.ory.sh/docs/kratos/selfservice/flows/verify-email-account-activation).", + "description": "This endpoint returns a verification flow's context with, for example, error details and other information.\n\nBrowser flows expect the anti-CSRF cookie to be included in the request's HTTP Cookie Header.\nFor AJAX requests you must ensure that cookies are included in the request or requests will fail.\n\nIf you use the browser-flow for server-side apps, the services need to run on a common top-level-domain\nand you need to forward the incoming HTTP Cookie header to this endpoint:\n\n```js\npseudo-code example\nrouter.get('/recovery', async function (req, res) {\nconst flow = await client.getSelfServiceVerificationFlow(req.header('cookie'), req.query['flow'])\n\nres.render('verification', flow)\n})\n\nMore information can be found at [Ory Kratos Email and Phone Verification Documentation](https://www.ory.sh/docs/kratos/selfservice/flows/verify-email-account-activation).", "operationId": "getSelfServiceVerificationFlow", "parameters": [ { @@ -4945,7 +4945,7 @@ "description": "jsonError" } }, - "summary": "Get Verification Flow", + "summary": "# Get Verification Flow", "tags": [ "v0alpha2" ] diff --git a/spec/swagger.json b/spec/swagger.json index f6b9963d7378..d0f5cdc3275e 100755 --- a/spec/swagger.json +++ b/spec/swagger.json @@ -1346,7 +1346,7 @@ }, "/self-service/recovery/api": { "get": { - "description": "This endpoint initiates a recovery flow for API clients such as mobile devices, smart TVs, and so on.\n\nIf a valid provided session cookie or session token is provided, a 400 Bad Request error.\n\nTo fetch an existing recovery flow call `/self-service/recovery/flows?flow=\u003cflow_id\u003e`.\n\nYou MUST NOT use this endpoint in client-side (Single Page Apps, ReactJS, AngularJS) nor server-side (Java Server\nPages, NodeJS, PHP, Golang, ...) browser applications. Using this endpoint in these applications will make\nyou vulnerable to a variety of CSRF attacks.\n\nThis endpoint MUST ONLY be used in scenarios such as native mobile apps (React Native, Objective C, Swift, Java, ...).\n\nMore information can be found at [Ory Kratos Account Recovery Documentation](../self-service/flows/account-recovery).", + "description": "This endpoint initiates a recovery flow for API clients such as mobile devices, smart TVs, and so on.\n\nIf a valid provided session cookie or session token is provided, a 400 Bad Request error.\n\nTo fetch an existing recovery flow call `/self-service/recovery/flows?flow=\u003cflow_id\u003e`.\n\nYou MUST NOT use this endpoint in client-side (Single Page Apps, ReactJS, AngularJS) nor server-side (Java Server\nPages, NodeJS, PHP, Golang, ...) browser applications. Using this endpoint in these applications will make\nyou vulnerable to a variety of CSRF attacks.\n\nThis endpoint MUST ONLY be used in scenarios such as native mobile apps (React Native, Objective C, Swift, Java, ...).\n\n\nMore information can be found at [Ory Kratos Account Recovery Documentation](../self-service/flows/account-recovery).", "schemes": [ "http", "https" @@ -1994,7 +1994,7 @@ "tags": [ "v0alpha2" ], - "summary": "Complete Verification Flow", + "summary": "# Complete Verification Flow", "operationId": "submitSelfServiceVerificationFlow", "parameters": [ { @@ -2131,7 +2131,7 @@ }, "/self-service/verification/flows": { "get": { - "description": "This endpoint returns a verification flow's context with, for example, error details and other information.\n\nBrowser flows expect the anti-CSRF cookie to be included in the request's HTTP Cookie Header.\nFor AJAX requests you must ensure that cookies are included in the request or requests will fail.\n\nIf you use the browser-flow for server-side apps, the services need to run on a common top-level-domain\nand you need to forward the incoming HTTP Cookie header to this endpoint:\n\n```js\npseudo-code example\nrouter.get('/recovery', async function (req, res) {\nconst flow = await client.getSelfServiceVerificationFlow(req.header('cookie'), req.query['flow'])\n\nres.render('verification', flow)\n})\n```\n\nMore information can be found at [Ory Kratos Email and Phone Verification Documentation](https://www.ory.sh/docs/kratos/selfservice/flows/verify-email-account-activation).", + "description": "This endpoint returns a verification flow's context with, for example, error details and other information.\n\nBrowser flows expect the anti-CSRF cookie to be included in the request's HTTP Cookie Header.\nFor AJAX requests you must ensure that cookies are included in the request or requests will fail.\n\nIf you use the browser-flow for server-side apps, the services need to run on a common top-level-domain\nand you need to forward the incoming HTTP Cookie header to this endpoint:\n\n```js\npseudo-code example\nrouter.get('/recovery', async function (req, res) {\nconst flow = await client.getSelfServiceVerificationFlow(req.header('cookie'), req.query['flow'])\n\nres.render('verification', flow)\n})\n\nMore information can be found at [Ory Kratos Email and Phone Verification Documentation](https://www.ory.sh/docs/kratos/selfservice/flows/verify-email-account-activation).", "produces": [ "application/json" ], @@ -2142,7 +2142,7 @@ "tags": [ "v0alpha2" ], - "summary": "Get Verification Flow", + "summary": "# Get Verification Flow", "operationId": "getSelfServiceVerificationFlow", "parameters": [ { From 355ec431a304eef236a088571e2414f96c49d862 Mon Sep 17 00:00:00 2001 From: aeneasr <3372410+aeneasr@users.noreply.github.com> Date: Tue, 23 Aug 2022 14:07:16 +0200 Subject: [PATCH 228/411] fix: remove rust workaround --- .schema/openapi/patches/schema.yaml | 3 --- 1 file changed, 3 deletions(-) diff --git a/.schema/openapi/patches/schema.yaml b/.schema/openapi/patches/schema.yaml index 8dca42320381..a06a4e495b87 100644 --- a/.schema/openapi/patches/schema.yaml +++ b/.schema/openapi/patches/schema.yaml @@ -23,9 +23,6 @@ # Makes the uiNodeInputAttributes value attribute polymorph - op: remove path: /components/schemas/uiNodeInputAttributes/properties/value/type -# Workaround until https://github.com/OpenAPITools/openapi-generator/issues/13020 is fixed -- op: remove - path: /components/schemas/uiNodeInputAttributes/properties/autocomplete/enum - op: add path: /components/schemas/uiNodeInputAttributes/properties/value/nullable value: true From 1a397ac96132d8d78b0869d58af9a9a8ddeb2e49 Mon Sep 17 00:00:00 2001 From: ory-bot <60093411+ory-bot@users.noreply.github.com> Date: Tue, 23 Aug 2022 12:47:39 +0000 Subject: [PATCH 229/411] autogen(openapi): regenerate swagger spec and internal client [skip ci] --- internal/httpclient/api/openapi.yaml | 7 +++++++ spec/api.json | 8 ++++++++ 2 files changed, 15 insertions(+) diff --git a/internal/httpclient/api/openapi.yaml b/internal/httpclient/api/openapi.yaml index 704ed890fd0d..b6231e0d4415 100644 --- a/internal/httpclient/api/openapi.yaml +++ b/internal/httpclient/api/openapi.yaml @@ -5475,6 +5475,13 @@ components: properties: autocomplete: description: The autocomplete attribute for the input. + enum: + - email + - tel + - url + - current-password + - new-password + - one-time-code type: string disabled: description: Sets the input's disabled field to true or false. diff --git a/spec/api.json b/spec/api.json index 48dea266fde7..857e8714c219 100755 --- a/spec/api.json +++ b/spec/api.json @@ -2055,6 +2055,14 @@ "properties": { "autocomplete": { "description": "The autocomplete attribute for the input.", + "enum": [ + "email", + "tel", + "url", + "current-password", + "new-password", + "one-time-code" + ], "type": "string" }, "disabled": { From 8c52c33cf277eda82c9b00b77cd9e03f1e5b4602 Mon Sep 17 00:00:00 2001 From: aeneasr <3372410+aeneasr@users.noreply.github.com> Date: Tue, 23 Aug 2022 18:38:00 +0200 Subject: [PATCH 230/411] fix: re-add service to quickstart --- quickstart.yml | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/quickstart.yml b/quickstart.yml index 317d6456078e..e124eae832d4 100644 --- a/quickstart.yml +++ b/quickstart.yml @@ -16,14 +16,14 @@ services: restart: on-failure networks: - intranet - # kratos-selfservice-ui-node: - # image: oryd/kratos-selfservice-ui-node:v0.10.1 - # environment: - # - KRATOS_PUBLIC_URL=http://kratos:4433/ - # - KRATOS_BROWSER_URL=http://127.0.0.1:4433/ - # networks: - # - intranet - # restart: on-failure + kratos-selfservice-ui-node: + image: oryd/kratos-selfservice-ui-node:v0.10.1 + environment: + - KRATOS_PUBLIC_URL=http://kratos:4433/ + - KRATOS_BROWSER_URL=http://127.0.0.1:4433/ + networks: + - intranet + restart: on-failure kratos: depends_on: - kratos-migrate From 7ec3fe3fd7febdc3eb3da7129c02ad322ab7e923 Mon Sep 17 00:00:00 2001 From: ory-bot <60093411+ory-bot@users.noreply.github.com> Date: Tue, 23 Aug 2022 17:22:06 +0000 Subject: [PATCH 231/411] autogen(docs): regenerate and update changelog [skip ci] --- CHANGELOG.md | 26 +++++++++++++++++++++++--- 1 file changed, 23 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index e7fe91c37efd..18b3066ad85f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,12 +4,13 @@ **Table of Contents** -- [ (2022-08-19)](#2022-08-19) +- [ (2022-08-23)](#2022-08-23) - [Breaking Changes](#breaking-changes) - [Bug Fixes](#bug-fixes) - [Code Refactoring](#code-refactoring) - [Documentation](#documentation) - [Features](#features) + - [Reverts](#reverts) - [Tests](#tests) - [0.10.1 (2022-06-01)](#0101-2022-06-01) - [Bug Fixes](#bug-fixes-1) @@ -63,7 +64,7 @@ - [Code Refactoring](#code-refactoring-3) - [Documentation](#documentation-6) - [Features](#features-4) - - [Reverts](#reverts) + - [Reverts](#reverts-1) - [Tests](#tests-4) - [Unclassified](#unclassified-2) - [0.7.6-alpha.1 (2021-09-12)](#076-alpha1-2021-09-12) @@ -263,7 +264,7 @@ -# [](https://github.com/ory/kratos/compare/v0.10.1...v) (2022-08-19) +# [](https://github.com/ory/kratos/compare/v0.10.1...v) (2022-08-23) ## Breaking Changes @@ -324,6 +325,8 @@ SDK Method `getJsonSchema` was renamed to `getIdentitySchema`. closes [#2426](https://github.com/ory/kratos/issues/2426) - Ignore CSRF for session extension on public route ([866b472](https://github.com/ory/kratos/commit/866b472750fba7bf498d359796f24867af7270ad)) +- Ignore error explicitly + ([772d596](https://github.com/ory/kratos/commit/772d5968d5a0cb7ac9415cfb2b1e9e86ae3a3131)) - Improve migration status speed ([#2637](https://github.com/ory/kratos/issues/2637)) ([a2e3c41](https://github.com/ory/kratos/commit/a2e3c41f9e513e1de47f6320f6a10acd1fed5eea)) @@ -333,15 +336,21 @@ SDK Method `getJsonSchema` was renamed to `getIdentitySchema`. ([#2507](https://github.com/ory/kratos/issues/2507)) ([0844b47](https://github.com/ory/kratos/commit/0844b47c30851c548d46273927afee103cdc0e97)), closes [#2506](https://github.com/ory/kratos/issues/2506) +- Make servicelocator explicit + ([4f841da](https://github.com/ory/kratos/commit/4f841dae5423acf3514d50add9e99d28bc339fbb)) - Mark gosec false positives ([13eaddb](https://github.com/ory/kratos/commit/13eaddb7babe630750361c6d8f3ffc736898ddec)) - Metadata should not be required ([05afd68](https://github.com/ory/kratos/commit/05afd68381abe58c5e7cdd51cbf0ae409f5f0eb0)) +- Migration error detection + ([a115486](https://github.com/ory/kratos/commit/a11548603a4c9b46ba238d2a7ee58fffb7f6d857)) - Panic ([1182278](https://github.com/ory/kratos/commit/11822789c1561b27c2d769c9ea53a81835702f4a)) - Potentially resolve tx issue in crdb ([#2595](https://github.com/ory/kratos/issues/2595)) ([9d22035](https://github.com/ory/kratos/commit/9d22035695b6a793ac4bc5e2bd0a68b3aeea039c)) +- Re-add service to quickstart + ([8c52c33](https://github.com/ory/kratos/commit/8c52c33cf277eda82c9b00b77cd9e03f1e5b4602)) - Re-issue outdated cookie in /whoami ([#2598](https://github.com/ory/kratos/issues/2598)) ([bf6f27e](https://github.com/ory/kratos/commit/bf6f27e37b8aa342ae002e0a9f227a31e0f7c279)), @@ -351,6 +360,8 @@ SDK Method `getJsonSchema` was renamed to `getIdentitySchema`. - Remove newline sign from email subject ([#2576](https://github.com/ory/kratos/issues/2576)) ([ca3d9c2](https://github.com/ory/kratos/commit/ca3d9c24e25ce501e9eae23547f87e1c35b2ea97)) +- Remove rust workaround + ([355ec43](https://github.com/ory/kratos/commit/355ec431a304eef236a088571e2414f96c49d862)) - Replace io/util usage by io and os package ([e2d805b](https://github.com/ory/kratos/commit/e2d805b7e336d202f7cf3c2e0ce586d78ac03cc0)) - Resolve bug where 500s in web hooks are not properly retried @@ -389,6 +400,8 @@ SDK Method `getJsonSchema` was renamed to `getIdentitySchema`. ### Code Refactoring +- Hot reloading + ([b0d8f38](https://github.com/ory/kratos/commit/b0d8f3853886228a64e82437643a82b3970d6ff7)) - **sdk:** Rename `getJsonSchema` to `getIdentitySchema` ([#2606](https://github.com/ory/kratos/issues/2606)) ([8dc2ecf](https://github.com/ory/kratos/commit/8dc2ecf4919c9a14ef0bd089677de66ab3cfed92)) @@ -455,6 +468,13 @@ SDK Method `getJsonSchema` was renamed to `getIdentitySchema`. `courier.message_retries` option to limit how often the sending of a message is retried before it is marked as `abandoned`. +### Reverts + +- Revert "autogen(openapi): regenerate swagger spec and internal client" + ([24eddfb](https://github.com/ory/kratos/commit/24eddfb2adc67e22d34efdc6b6a6723c7be64237)): + + This reverts commit 4159b93ae3f8175cf7ccf77d34e4a7a2d0181d4f. + ### Tests - **e2e:** Add typescript From 4e8b5cf775c1bfe4c2eb5588bfebe900d1c390eb Mon Sep 17 00:00:00 2001 From: Vincent Date: Wed, 24 Aug 2022 09:46:33 +0200 Subject: [PATCH 232/411] docs: importing credentials supported --- cmd/identities/import.go | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/cmd/identities/import.go b/cmd/identities/import.go index dba55d0de5f8..ddaa280f1ac8 100644 --- a/cmd/identities/import.go +++ b/cmd/identities/import.go @@ -47,9 +47,7 @@ Alternatively: cat file.json | %[1]s import identities`, root.Use), Long: `Import identities from files or STD_IN. -Files can contain only a single or an array of identities. The validity of files can be tested beforehand using "... identities validate". - -WARNING: Importing credentials is not yet supported.`, +Files can contain only a single or an array of identities. The validity of files can be tested beforehand using "... identities validate".`, RunE: func(cmd *cobra.Command, args []string) error { c, err := cliclient.NewClient(cmd) if err != nil { From 1cd2672ca5a4f49c847e6a0cbe5b7960bd56d31b Mon Sep 17 00:00:00 2001 From: ory-bot <60093411+ory-bot@users.noreply.github.com> Date: Wed, 24 Aug 2022 08:53:38 +0000 Subject: [PATCH 233/411] autogen(docs): regenerate and update changelog [skip ci] --- CHANGELOG.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 18b3066ad85f..4f2cd8b81e1b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,7 +4,7 @@ **Table of Contents** -- [ (2022-08-23)](#2022-08-23) +- [ (2022-08-24)](#2022-08-24) - [Breaking Changes](#breaking-changes) - [Bug Fixes](#bug-fixes) - [Code Refactoring](#code-refactoring) @@ -264,7 +264,7 @@ -# [](https://github.com/ory/kratos/compare/v0.10.1...v) (2022-08-23) +# [](https://github.com/ory/kratos/compare/v0.10.1...v) (2022-08-24) ## Breaking Changes @@ -410,6 +410,8 @@ SDK Method `getJsonSchema` was renamed to `getIdentitySchema`. - Fix badge ([dbb7506](https://github.com/ory/kratos/commit/dbb7506ec1a5a2b5bef21cb7838b6c86e755f0f9)) +- Importing credentials supported + ([4e8b5cf](https://github.com/ory/kratos/commit/4e8b5cf775c1bfe4c2eb5588bfebe900d1c390eb)) - **sdk:** Identifier is actually required ([#2593](https://github.com/ory/kratos/issues/2593)) ([f89d279](https://github.com/ory/kratos/commit/f89d2794d8a2122e3f86eeb8aa5d554da32e753e)) From d56586b028d79387886f880c1455edb5e4df2209 Mon Sep 17 00:00:00 2001 From: Jonas Hungershausen Date: Thu, 25 Aug 2022 14:41:31 +0200 Subject: [PATCH 234/411] fix: include flow id in use recovery token query (#2679) This PR adds the `selfservice_recovery_flow_id` to the query used when "using" a token in the recovery flow. This PR also adds a new enum field for `identity_recovery_tokens` to distinguish the two flows: admin versus self-service recovery. BREAKING CHANGES: This patch invalidates recovery flows initiated using the Admin API. Please re-generate any admin-generated recovery flows and tokens. --- ..._type_to_identity_recovery_tokens.down.sql | 2 + ...ow_type_to_identity_recovery_tokens.up.sql | 2 + ...late_flow_type_in_recovery_tokens.down.sql | 0 ...pulate_flow_type_in_recovery_tokens.up.sql | 7 ++ ...02_add_flow_type_check_constraint.down.sql | 0 ...low_type_check_constraint.sqlite3.down.sql | 0 ..._flow_type_check_constraint.sqlite3.up.sql | 1 + ...0002_add_flow_type_check_constraint.up.sql | 2 + persistence/sql/persister_recovery.go | 4 +- selfservice/strategy/link/persistence.go | 4 +- .../strategy/link/strategy_recovery.go | 10 +- .../strategy/link/strategy_recovery_test.go | 110 +++++++++++++----- selfservice/strategy/link/test/persistence.go | 32 ++--- selfservice/strategy/link/token_recovery.go | 14 ++- .../strategy/link/token_recovery_test.go | 5 + 15 files changed, 143 insertions(+), 50 deletions(-) create mode 100644 persistence/sql/migrations/sql/20220824165300000000_add_flow_type_to_identity_recovery_tokens.down.sql create mode 100644 persistence/sql/migrations/sql/20220824165300000000_add_flow_type_to_identity_recovery_tokens.up.sql create mode 100644 persistence/sql/migrations/sql/20220824165300000001_populate_flow_type_in_recovery_tokens.down.sql create mode 100644 persistence/sql/migrations/sql/20220824165300000001_populate_flow_type_in_recovery_tokens.up.sql create mode 100644 persistence/sql/migrations/sql/20220824165300000002_add_flow_type_check_constraint.down.sql create mode 100644 persistence/sql/migrations/sql/20220824165300000002_add_flow_type_check_constraint.sqlite3.down.sql create mode 100644 persistence/sql/migrations/sql/20220824165300000002_add_flow_type_check_constraint.sqlite3.up.sql create mode 100644 persistence/sql/migrations/sql/20220824165300000002_add_flow_type_check_constraint.up.sql diff --git a/persistence/sql/migrations/sql/20220824165300000000_add_flow_type_to_identity_recovery_tokens.down.sql b/persistence/sql/migrations/sql/20220824165300000000_add_flow_type_to_identity_recovery_tokens.down.sql new file mode 100644 index 000000000000..e57722f64b79 --- /dev/null +++ b/persistence/sql/migrations/sql/20220824165300000000_add_flow_type_to_identity_recovery_tokens.down.sql @@ -0,0 +1,2 @@ +ALTER TABLE identity_recovery_tokens +DROP token_type; diff --git a/persistence/sql/migrations/sql/20220824165300000000_add_flow_type_to_identity_recovery_tokens.up.sql b/persistence/sql/migrations/sql/20220824165300000000_add_flow_type_to_identity_recovery_tokens.up.sql new file mode 100644 index 000000000000..b4fc9ee079da --- /dev/null +++ b/persistence/sql/migrations/sql/20220824165300000000_add_flow_type_to_identity_recovery_tokens.up.sql @@ -0,0 +1,2 @@ +ALTER TABLE identity_recovery_tokens +ADD token_type int NOT NULL DEFAULT 0; diff --git a/persistence/sql/migrations/sql/20220824165300000001_populate_flow_type_in_recovery_tokens.down.sql b/persistence/sql/migrations/sql/20220824165300000001_populate_flow_type_in_recovery_tokens.down.sql new file mode 100644 index 000000000000..e69de29bb2d1 diff --git a/persistence/sql/migrations/sql/20220824165300000001_populate_flow_type_in_recovery_tokens.up.sql b/persistence/sql/migrations/sql/20220824165300000001_populate_flow_type_in_recovery_tokens.up.sql new file mode 100644 index 000000000000..311af2ad3c9c --- /dev/null +++ b/persistence/sql/migrations/sql/20220824165300000001_populate_flow_type_in_recovery_tokens.up.sql @@ -0,0 +1,7 @@ +UPDATE identity_recovery_tokens +SET token_type = 1 +WHERE selfservice_recovery_flow_id IS NULL; + +UPDATE identity_recovery_tokens +SET token_type = 2 +WHERE selfservice_recovery_flow_id IS NOT NULL; diff --git a/persistence/sql/migrations/sql/20220824165300000002_add_flow_type_check_constraint.down.sql b/persistence/sql/migrations/sql/20220824165300000002_add_flow_type_check_constraint.down.sql new file mode 100644 index 000000000000..e69de29bb2d1 diff --git a/persistence/sql/migrations/sql/20220824165300000002_add_flow_type_check_constraint.sqlite3.down.sql b/persistence/sql/migrations/sql/20220824165300000002_add_flow_type_check_constraint.sqlite3.down.sql new file mode 100644 index 000000000000..e69de29bb2d1 diff --git a/persistence/sql/migrations/sql/20220824165300000002_add_flow_type_check_constraint.sqlite3.up.sql b/persistence/sql/migrations/sql/20220824165300000002_add_flow_type_check_constraint.sqlite3.up.sql new file mode 100644 index 000000000000..590dfcad0c69 --- /dev/null +++ b/persistence/sql/migrations/sql/20220824165300000002_add_flow_type_check_constraint.sqlite3.up.sql @@ -0,0 +1 @@ +-- SQLITE does not support Check constraints in all cases diff --git a/persistence/sql/migrations/sql/20220824165300000002_add_flow_type_check_constraint.up.sql b/persistence/sql/migrations/sql/20220824165300000002_add_flow_type_check_constraint.up.sql new file mode 100644 index 000000000000..00b652b1bdb5 --- /dev/null +++ b/persistence/sql/migrations/sql/20220824165300000002_add_flow_type_check_constraint.up.sql @@ -0,0 +1,2 @@ +ALTER TABLE identity_recovery_tokens +ADD CONSTRAINT identity_recovery_tokens_token_type_ck CHECK (token_type = 1 OR token_type = 2); diff --git a/persistence/sql/persister_recovery.go b/persistence/sql/persister_recovery.go index f4be646efc4a..c13a75b48c96 100644 --- a/persistence/sql/persister_recovery.go +++ b/persistence/sql/persister_recovery.go @@ -65,7 +65,7 @@ func (p *Persister) CreateRecoveryToken(ctx context.Context, token *link.Recover return nil } -func (p *Persister) UseRecoveryToken(ctx context.Context, token string) (*link.RecoveryToken, error) { +func (p *Persister) UseRecoveryToken(ctx context.Context, fID uuid.UUID, token string) (*link.RecoveryToken, error) { ctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, "persistence.sql.UseRecoveryToken") defer span.End() @@ -74,7 +74,7 @@ func (p *Persister) UseRecoveryToken(ctx context.Context, token string) (*link.R nid := p.NetworkID(ctx) if err := sqlcon.HandleError(p.Transaction(ctx, func(ctx context.Context, tx *pop.Connection) (err error) { for _, secret := range p.r.Config().SecretsSession(ctx) { - if err = tx.Where("token = ? AND nid = ? AND NOT used", p.hmacValueWithSecret(ctx, token, secret), nid).First(&rt); err != nil { + if err = tx.Where("token = ? AND nid = ? AND NOT used AND selfservice_recovery_flow_id = ?", p.hmacValueWithSecret(ctx, token, secret), nid, fID).First(&rt); err != nil { if !errors.Is(sqlcon.HandleError(err), sqlcon.ErrNoRows) { return err } diff --git a/selfservice/strategy/link/persistence.go b/selfservice/strategy/link/persistence.go index 7a0c9ffdab37..1caff3221bb4 100644 --- a/selfservice/strategy/link/persistence.go +++ b/selfservice/strategy/link/persistence.go @@ -2,12 +2,14 @@ package link import ( "context" + + "github.com/gofrs/uuid" ) type ( RecoveryTokenPersister interface { CreateRecoveryToken(ctx context.Context, token *RecoveryToken) error - UseRecoveryToken(ctx context.Context, token string) (*RecoveryToken, error) + UseRecoveryToken(ctx context.Context, fID uuid.UUID, token string) (*RecoveryToken, error) DeleteRecoveryToken(ctx context.Context, token string) error } diff --git a/selfservice/strategy/link/strategy_recovery.go b/selfservice/strategy/link/strategy_recovery.go index 6e4a1a83755d..b2e30b27a7b9 100644 --- a/selfservice/strategy/link/strategy_recovery.go +++ b/selfservice/strategy/link/strategy_recovery.go @@ -167,7 +167,7 @@ func (s *Strategy) createRecoveryLink(w http.ResponseWriter, r *http.Request, _ return } - token := NewRecoveryToken(id.ID, expiresIn) + token := NewAdminRecoveryToken(id.ID, req.ID, expiresIn) if err := s.d.RecoveryTokenPersister().CreateRecoveryToken(r.Context(), token); err != nil { s.d.Writer().WriteError(w, r, err) return @@ -222,7 +222,7 @@ func (s *Strategy) Recover(w http.ResponseWriter, r *http.Request, f *recovery.F return s.HandleRecoveryError(w, r, nil, body, err) } - return s.recoveryUseToken(w, r, body) + return s.recoveryUseToken(w, r, f.ID, body) } if _, err := s.d.SessionManager().FetchFromRequest(r.Context(), r); err == nil { @@ -313,8 +313,8 @@ func (s *Strategy) recoveryIssueSession(w http.ResponseWriter, r *http.Request, return errors.WithStack(flow.ErrCompletedByStrategy) } -func (s *Strategy) recoveryUseToken(w http.ResponseWriter, r *http.Request, body *recoverySubmitPayload) error { - token, err := s.d.RecoveryTokenPersister().UseRecoveryToken(r.Context(), body.Token) +func (s *Strategy) recoveryUseToken(w http.ResponseWriter, r *http.Request, fID uuid.UUID, body *recoverySubmitPayload) error { + token, err := s.d.RecoveryTokenPersister().UseRecoveryToken(r.Context(), fID, body.Token) if err != nil { if errors.Is(err, sqlcon.ErrNoRows) { return s.retryRecoveryFlowWithMessage(w, r, flow.TypeBrowser, text.NewErrorValidationRecoveryTokenInvalidOrAlreadyUsed()) @@ -351,7 +351,7 @@ func (s *Strategy) recoveryUseToken(w http.ResponseWriter, r *http.Request, body } // mark address as verified only for a self-service flow - if token.FlowID.Valid { + if token.TokenType == RecoveryTokenTypeSelfService { if err := s.markRecoveryAddressVerified(w, r, f, recovered, token.RecoveryAddress); err != nil { return s.HandleRecoveryError(w, r, f, body, err) } diff --git a/selfservice/strategy/link/strategy_recovery_test.go b/selfservice/strategy/link/strategy_recovery_test.go index cc5d17881943..2f72ff41a476 100644 --- a/selfservice/strategy/link/strategy_recovery_test.go +++ b/selfservice/strategy/link/strategy_recovery_test.go @@ -12,6 +12,7 @@ import ( "testing" "time" + "github.com/ory/kratos/driver" "github.com/ory/kratos/session" "github.com/davecgh/go-spew/spew" @@ -56,6 +57,23 @@ func init() { corpx.RegisterFakes() } +func createIdentityToRecover(t *testing.T, reg *driver.RegistryDefault, email string) *identity.Identity { + var id = &identity.Identity{ + Credentials: map[identity.CredentialsType]identity.Credentials{ + "password": {Type: "password", Identifiers: []string{email}, Config: sqlxx.JSONRawMessage(`{"hashed_password":"foo"}`)}}, + Traits: identity.Traits(fmt.Sprintf(`{"email":"%s"}`, email)), + SchemaID: config.DefaultIdentityTraitsSchemaID, + } + require.NoError(t, reg.IdentityManager().Create(context.Background(), id, identity.ManagerAllowWriteProtectedTraits)) + + addr, err := reg.IdentityPool().FindVerifiableAddressByValue(context.Background(), identity.VerifiableAddressTypeEmail, email) + assert.NoError(t, err) + assert.False(t, addr.Verified) + assert.Nil(t, addr.VerifiedAt) + assert.Equal(t, identity.VerifiableAddressStatusPending, addr.Status) + return id +} + func TestAdminStrategy(t *testing.T) { ctx := context.Background() conf, reg := internal.NewFastRegistryWithMocks(t) @@ -183,6 +201,59 @@ func TestAdminStrategy(t *testing.T) { assert.Nil(t, addr.VerifiedAt) assert.Equal(t, identity.VerifiableAddressStatusPending, addr.Status) }) + + t.Run("case=should not be able to use code from different flow", func(t *testing.T) { + email := strings.ToLower(testhelpers.RandomEmail()) + id := createIdentityToRecover(t, reg, email) + + rl1, _, err := adminSDK.V0alpha2Api. + AdminCreateSelfServiceRecoveryLink(context.Background()). + AdminCreateSelfServiceRecoveryLinkBody(kratos.AdminCreateSelfServiceRecoveryLinkBody{ + IdentityId: id.ID.String(), + }). + Execute() + require.NoError(t, err) + + checkLink(t, rl1, time.Now().Add(conf.SelfServiceFlowRecoveryRequestLifespan(ctx)+time.Second)) + + rl2, _, err := adminSDK.V0alpha2Api. + AdminCreateSelfServiceRecoveryLink(context.Background()). + AdminCreateSelfServiceRecoveryLinkBody(kratos.AdminCreateSelfServiceRecoveryLinkBody{ + IdentityId: id.ID.String(), + }). + Execute() + require.NoError(t, err) + + checkLink(t, rl2, time.Now().Add(conf.SelfServiceFlowRecoveryRequestLifespan(ctx)+time.Second)) + + recoveryUrl1, err := url.Parse(rl1.RecoveryLink) + require.NoError(t, err) + + recoveryUrl2, err := url.Parse(rl2.RecoveryLink) + require.NoError(t, err) + + token1 := recoveryUrl1.Query().Get("token") + require.NotEmpty(t, token1) + token2 := recoveryUrl2.Query().Get("token") + require.NotEmpty(t, token2) + require.NotEqual(t, token1, token2) + + values := recoveryUrl1.Query() + + values.Set("token", token2) + + recoveryUrl1.RawQuery = values.Encode() + + action := recoveryUrl1.String() + // Submit the modified link with token from rl2 and flow from rl1 + res, err := publicTS.Client().Get(action) + require.NoError(t, err) + body := ioutilx.MustReadAll(res.Body) + + action = gjson.GetBytes(body, "ui.action").String() + require.NotEmpty(t, action) + assert.Equal(t, "The recovery token is invalid or has already been used. Please retry the flow.", gjson.GetBytes(body, "ui.messages.0.text").String()) + }) } func TestRecovery(t *testing.T) { @@ -197,23 +268,6 @@ func TestRecovery(t *testing.T) { public, _, publicRouter, _ := testhelpers.NewKratosServerWithCSRFAndRouters(t, reg) - var createIdentityToRecover = func(email string) *identity.Identity { - var id = &identity.Identity{ - Credentials: map[identity.CredentialsType]identity.Credentials{ - "password": {Type: "password", Identifiers: []string{email}, Config: sqlxx.JSONRawMessage(`{"hashed_password":"foo"}`)}}, - Traits: identity.Traits(fmt.Sprintf(`{"email":"%s"}`, email)), - SchemaID: config.DefaultIdentityTraitsSchemaID, - } - require.NoError(t, reg.IdentityManager().Create(context.Background(), id, identity.ManagerAllowWriteProtectedTraits)) - - addr, err := reg.IdentityPool().FindVerifiableAddressByValue(context.Background(), identity.VerifiableAddressTypeEmail, email) - assert.NoError(t, err) - assert.False(t, addr.Verified) - assert.Nil(t, addr.VerifiedAt) - assert.Equal(t, identity.VerifiableAddressStatusPending, addr.Status) - return id - } - var expect = func(t *testing.T, hc *http.Client, isAPI, isSPA bool, values func(url.Values), c int) string { if hc == nil { hc = testhelpers.NewDebugClient(t) @@ -414,7 +468,7 @@ func TestRecovery(t *testing.T) { t.Run("type=browser", func(t *testing.T) { email := "recoverinactive1@ory.sh" - createIdentityToRecover(email) + createIdentityToRecover(t, reg, email) check(t, expectSuccess(t, nil, false, false, func(v url.Values) { v.Set("email", email) }), email, false) @@ -422,7 +476,7 @@ func TestRecovery(t *testing.T) { t.Run("type=spa", func(t *testing.T) { email := "recoverinactive2@ory.sh" - createIdentityToRecover(email) + createIdentityToRecover(t, reg, email) check(t, expectSuccess(t, nil, true, true, func(v url.Values) { v.Set("email", email) }), email, true) @@ -430,7 +484,7 @@ func TestRecovery(t *testing.T) { t.Run("type=api", func(t *testing.T) { email := "recoverinactive3@ory.sh" - createIdentityToRecover(email) + createIdentityToRecover(t, reg, email) check(t, expectSuccess(t, nil, true, false, func(v url.Values) { v.Set("email", email) }), email, true) @@ -487,7 +541,7 @@ func TestRecovery(t *testing.T) { t.Run("type=browser", func(t *testing.T) { email := "recoverme1@ory.sh" - createIdentityToRecover(email) + createIdentityToRecover(t, reg, email) check(t, expectSuccess(t, nil, false, false, func(v url.Values) { v.Set("email", email) }), email, "") @@ -496,7 +550,7 @@ func TestRecovery(t *testing.T) { t.Run("type=browser set return_to", func(t *testing.T) { email := "recoverme2@ory.sh" returnTo := "https://www.ory.sh" - createIdentityToRecover(email) + createIdentityToRecover(t, reg, email) hc := testhelpers.NewClientWithCookies(t) hc.Transport = testhelpers.NewTransportWithLogger(http.DefaultTransport, t).RoundTripper @@ -518,7 +572,7 @@ func TestRecovery(t *testing.T) { t.Run("type=spa", func(t *testing.T) { email := "recoverme3@ory.sh" - createIdentityToRecover(email) + createIdentityToRecover(t, reg, email) check(t, expectSuccess(t, nil, true, true, func(v url.Values) { v.Set("email", email) }), email, "") @@ -526,7 +580,7 @@ func TestRecovery(t *testing.T) { t.Run("type=api", func(t *testing.T) { email := "recoverme4@ory.sh" - createIdentityToRecover(email) + createIdentityToRecover(t, reg, email) check(t, expectSuccess(t, nil, true, false, func(v url.Values) { v.Set("email", email) }), email, "") @@ -563,7 +617,7 @@ func TestRecovery(t *testing.T) { } email := x.NewUUID().String() + "@ory.sh" - id := createIdentityToRecover(email) + id := createIdentityToRecover(t, reg, email) t.Run("case=unauthenticated", func(t *testing.T) { var values = func(v url.Values) { @@ -604,7 +658,7 @@ func TestRecovery(t *testing.T) { recoveryEmail := strings.ToLower(testhelpers.RandomEmail()) email := recoveryEmail - id := createIdentityToRecover(email) + id := createIdentityToRecover(t, reg, email) sess, err := session.NewActiveSession(ctx, id, conf, time.Now(), identity.CredentialsTypePassword, identity.AuthenticatorAssuranceLevel1) require.NoError(t, err) @@ -659,7 +713,7 @@ func TestRecovery(t *testing.T) { t.Run("description=should not be able to use an outdated link", func(t *testing.T) { recoveryEmail := "recoverme5@ory.sh" - createIdentityToRecover(recoveryEmail) + createIdentityToRecover(t, reg, recoveryEmail) conf.MustSet(ctx, config.ViperKeySelfServiceRecoveryRequestLifespan, time.Millisecond*200) t.Cleanup(func() { conf.MustSet(ctx, config.ViperKeySelfServiceRecoveryRequestLifespan, time.Minute) @@ -685,7 +739,7 @@ func TestRecovery(t *testing.T) { t.Run("description=should not be able to use an outdated flow", func(t *testing.T) { recoveryEmail := "recoverme6@ory.sh" - createIdentityToRecover(recoveryEmail) + createIdentityToRecover(t, reg, recoveryEmail) conf.MustSet(ctx, config.ViperKeySelfServiceRecoveryRequestLifespan, time.Millisecond*200) t.Cleanup(func() { conf.MustSet(ctx, config.ViperKeySelfServiceRecoveryRequestLifespan, time.Minute) diff --git a/selfservice/strategy/link/test/persistence.go b/selfservice/strategy/link/test/persistence.go index fba4a6786cf4..b6ed26f00c61 100644 --- a/selfservice/strategy/link/test/persistence.go +++ b/selfservice/strategy/link/test/persistence.go @@ -34,12 +34,8 @@ func TestPersister(ctx context.Context, conf *config.Config, p interface { conf.MustSet(ctx, config.ViperKeySecretsDefault, []string{"secret-a", "secret-b"}) t.Run("token=recovery", func(t *testing.T) { - t.Run("case=should error when the recovery token does not exist", func(t *testing.T) { - _, err := p.UseRecoveryToken(ctx, "i-do-not-exist") - require.Error(t, err) - }) - newRecoveryToken := func(t *testing.T, email string) *link.RecoveryToken { + newRecoveryToken := func(t *testing.T, email string) (*link.RecoveryToken, *recovery.Flow) { var req recovery.Flow require.NoError(t, faker.FakeData(&req)) require.NoError(t, p.CreateRecoveryFlow(ctx, &req)) @@ -52,42 +48,52 @@ func TestPersister(ctx context.Context, conf *config.Config, p interface { require.NoError(t, p.CreateIdentity(ctx, &i)) - return &link.RecoveryToken{Token: x.NewUUID().String(), FlowID: uuid.NullUUID{UUID: req.ID, Valid: true}, + return &link.RecoveryToken{ + Token: x.NewUUID().String(), + FlowID: uuid.NullUUID{UUID: req.ID, Valid: true}, RecoveryAddress: &i.RecoveryAddresses[0], ExpiresAt: time.Now(), IssuedAt: time.Now(), IdentityID: i.ID, - } + TokenType: link.RecoveryTokenTypeAdmin, + }, &req } t.Run("case=should error when the recovery token does not exist", func(t *testing.T) { - _, err := p.UseRecoveryToken(ctx, "i-do-not-exist") + _, err := p.UseRecoveryToken(ctx, x.NewUUID(), "i-do-not-exist") require.Error(t, err) }) t.Run("case=should create a new recovery token", func(t *testing.T) { - token := newRecoveryToken(t, "foo-user@ory.sh") + token, _ := newRecoveryToken(t, "foo-user@ory.sh") require.NoError(t, p.CreateRecoveryToken(ctx, token)) }) + t.Run("case=should error when token is used with different flow id", func(t *testing.T) { + token, _ := newRecoveryToken(t, "foo-user1@ory.sh") + require.NoError(t, p.CreateRecoveryToken(ctx, token)) + _, err := p.UseRecoveryToken(ctx, x.NewUUID(), token.Token) + require.Error(t, err) + }) + t.Run("case=should create a recovery token and use it", func(t *testing.T) { - expected := newRecoveryToken(t, "other-user@ory.sh") + expected, f := newRecoveryToken(t, "other-user@ory.sh") require.NoError(t, p.CreateRecoveryToken(ctx, expected)) t.Run("not work on another network", func(t *testing.T) { _, p := testhelpers.NewNetwork(t, ctx, p) - _, err := p.UseRecoveryToken(ctx, expected.Token) + _, err := p.UseRecoveryToken(ctx, f.ID, expected.Token) require.ErrorIs(t, err, sqlcon.ErrNoRows) }) - actual, err := p.UseRecoveryToken(ctx, expected.Token) + actual, err := p.UseRecoveryToken(ctx, f.ID, expected.Token) require.NoError(t, err) assert.Equal(t, nid, actual.NID) assert.Equal(t, expected.IdentityID, actual.IdentityID) assert.NotEqual(t, expected.Token, actual.Token) assert.EqualValues(t, expected.FlowID, actual.FlowID) - _, err = p.UseRecoveryToken(ctx, expected.Token) + _, err = p.UseRecoveryToken(ctx, f.ID, expected.Token) require.Error(t, err) }) diff --git a/selfservice/strategy/link/token_recovery.go b/selfservice/strategy/link/token_recovery.go index 12c5368d9f9f..2d5e06690315 100644 --- a/selfservice/strategy/link/token_recovery.go +++ b/selfservice/strategy/link/token_recovery.go @@ -16,6 +16,13 @@ import ( "github.com/ory/kratos/x" ) +type RecoveryTokenType int + +const ( + RecoveryTokenTypeAdmin RecoveryTokenType = iota + 1 + RecoveryTokenTypeSelfService +) + type RecoveryToken struct { // ID represents the tokens's unique ID. // @@ -31,6 +38,8 @@ type RecoveryToken struct { // required: true RecoveryAddress *identity.RecoveryAddress `json:"recovery_address" belongs_to:"identity_recovery_addresses" fk_id:"RecoveryAddressID"` + TokenType RecoveryTokenType `json:"-" faker:"-" db:"token_type"` + // ExpiresAt is the time (UTC) when the token expires. // required: true ExpiresAt time.Time `json:"expires_at" faker:"time_type" db:"expires_at"` @@ -72,10 +81,11 @@ func NewSelfServiceRecoveryToken(address *identity.RecoveryAddress, f *recovery. IdentityID: identityID, FlowID: uuid.NullUUID{UUID: f.ID, Valid: true}, RecoveryAddressID: &recoveryAddressID, + TokenType: RecoveryTokenTypeSelfService, } } -func NewRecoveryToken(identityID uuid.UUID, expiresIn time.Duration) *RecoveryToken { +func NewAdminRecoveryToken(identityID uuid.UUID, fID uuid.UUID, expiresIn time.Duration) *RecoveryToken { now := time.Now().UTC() return &RecoveryToken{ ID: x.NewUUID(), @@ -83,6 +93,8 @@ func NewRecoveryToken(identityID uuid.UUID, expiresIn time.Duration) *RecoveryTo ExpiresAt: now.Add(expiresIn), IssuedAt: now, IdentityID: identityID, + FlowID: uuid.NullUUID{UUID: fID, Valid: true}, + TokenType: RecoveryTokenTypeAdmin, } } diff --git a/selfservice/strategy/link/token_recovery_test.go b/selfservice/strategy/link/token_recovery_test.go index 6e57135916ba..969f457e540d 100644 --- a/selfservice/strategy/link/token_recovery_test.go +++ b/selfservice/strategy/link/token_recovery_test.go @@ -46,3 +46,8 @@ func TestRecoveryToken(t *testing.T) { }) }) } + +func TestRecoveryTokenType(t *testing.T) { + assert.Equal(t, 1, int(link.RecoveryTokenTypeAdmin)) + assert.Equal(t, 2, int(link.RecoveryTokenTypeSelfService)) +} From 0856bd719b7e06a6d2163bf428ff6513d86376db Mon Sep 17 00:00:00 2001 From: aeneasr <3372410+aeneasr@users.noreply.github.com> Date: Fri, 26 Aug 2022 12:44:29 +0200 Subject: [PATCH 235/411] fix: ignore commata in HIBP response --- selfservice/strategy/password/validator.go | 2 +- selfservice/strategy/password/validator_test.go | 12 ++++++++++++ 2 files changed, 13 insertions(+), 1 deletion(-) diff --git a/selfservice/strategy/password/validator.go b/selfservice/strategy/password/validator.go index 342316909530..23b8ffa0b1e1 100644 --- a/selfservice/strategy/password/validator.go +++ b/selfservice/strategy/password/validator.go @@ -138,7 +138,7 @@ func (s *DefaultPasswordValidator) fetch(hpw []byte, apiDNSName string) (int64, // See https://github.com/ory/kratos/issues/2145 count := int64(1) if len(result) == 2 { - count, err = strconv.ParseInt(result[1], 10, 64) + count, err = strconv.ParseInt(strings.ReplaceAll(result[1], ",", ""), 10, 64) if err != nil { return 0, errors.WithStack(herodot.ErrInternalServerError.WithReasonf("Expected password hash to contain a count formatted as int but got: %s", result[1])) } diff --git a/selfservice/strategy/password/validator_test.go b/selfservice/strategy/password/validator_test.go index 8e71ec476b18..36d0e28b296a 100644 --- a/selfservice/strategy/password/validator_test.go +++ b/selfservice/strategy/password/validator_test.go @@ -204,6 +204,18 @@ func TestDefaultPasswordValidationStrategy(t *testing.T) { ) }, }, + { + name: "contains less than maxBreachesThreshold with a leading comma", + res: func(t *testing.T, hash string) string { + return fmt.Sprintf( + "%s:%d\n%s:0,%d", + hash, + conf.PasswordPolicyConfig(ctx).MaxBreaches, + hashPw(t, randomPassword(t)), + conf.PasswordPolicyConfig(ctx).MaxBreaches+1, + ) + }, + }, { name: "contains more than maxBreachesThreshold", res: func(t *testing.T, hash string) string { From fec6772739129e0d5bb4103c717b1ac60df45aa8 Mon Sep 17 00:00:00 2001 From: aeneasr <3372410+aeneasr@users.noreply.github.com> Date: Tue, 30 Aug 2022 12:47:27 +0200 Subject: [PATCH 236/411] fix: make swagger/openapi go 1.19 compatible --- .schema/openapi/patches/common.yaml | 3 +- .schema/openapi/patches/schema.yaml | 2 - go.mod | 104 +++--- go.sum | 288 ++++++++++------ internal/httpclient/.openapi-generator/FILES | 4 +- internal/httpclient/README.md | 6 +- internal/httpclient/api/openapi.yaml | 292 +++++++++++----- internal/httpclient/api_metadata.go | 26 +- internal/httpclient/api_v0alpha2.go | 325 +++++++++--------- .../docs/AdminCreateIdentityBody.md | 8 +- .../AdminCreateSelfServiceRecoveryLinkBody.md | 2 +- ...AuthenticatorAssuranceLevelNotSatisfied.md | 8 +- internal/httpclient/docs/Identity.md | 10 +- .../docs/NeedsPrivilegedSessionError.md | 8 +- ...yAddress.md => RecoveryIdentityAddress.md} | 48 +-- ...rviceBrowserLocationChangeRequiredError.md | 8 +- internal/httpclient/docs/SelfServiceError.md | 2 +- .../docs/SelfServiceFlowExpiredError.md | 10 +- .../httpclient/docs/SelfServiceLoginFlow.md | 2 +- .../docs/SelfServiceRecoveryFlow.md | 2 +- .../docs/SelfServiceRegistrationFlow.md | 2 +- .../docs/SelfServiceSettingsFlow.md | 2 +- .../docs/SelfServiceVerificationFlow.md | 2 +- internal/httpclient/docs/Session.md | 2 +- internal/httpclient/docs/UiNode.md | 4 +- internal/httpclient/docs/UiNodeAttributes.md | 2 +- .../httpclient/docs/UiNodeInputAttributes.md | 4 +- internal/httpclient/docs/V0alpha2Api.md | 8 +- .../docs/VerifiableIdentityAddress.md | 2 +- .../model_admin_create_identity_body.go | 12 +- ..._create_self_service_recovery_link_body.go | 5 +- ...enticator_assurance_level_not_satisfied.go | 12 +- internal/httpclient/model_identity.go | 15 +- .../model_needs_privileged_session_error.go | 12 +- ....go => model_recovery_identity_address.go} | 72 ++-- ..._browser_location_change_required_error.go | 12 +- .../httpclient/model_self_service_error.go | 3 +- .../model_self_service_flow_expired_error.go | 15 +- .../model_self_service_login_flow.go | 3 +- .../model_self_service_recovery_flow.go | 3 +- .../model_self_service_registration_flow.go | 3 +- .../model_self_service_settings_flow.go | 5 +- .../model_self_service_verification_flow.go | 3 +- internal/httpclient/model_session.go | 5 +- internal/httpclient/model_ui_node.go | 4 +- .../model_ui_node_input_attributes.go | 4 +- .../model_verifiable_identity_address.go | 3 +- 47 files changed, 791 insertions(+), 586 deletions(-) rename internal/httpclient/docs/{RecoveryAddress.md => RecoveryIdentityAddress.md} (64%) rename internal/httpclient/{model_recovery_address.go => model_recovery_identity_address.go} (65%) diff --git a/.schema/openapi/patches/common.yaml b/.schema/openapi/patches/common.yaml index b0a4083c036e..fe51488c7066 100644 --- a/.schema/openapi/patches/common.yaml +++ b/.schema/openapi/patches/common.yaml @@ -1,2 +1 @@ -- op: remove - path: /components/schemas/jsonPatch/properties/value/type \ No newline at end of file +[] diff --git a/.schema/openapi/patches/schema.yaml b/.schema/openapi/patches/schema.yaml index a06a4e495b87..40a52a7ae25a 100644 --- a/.schema/openapi/patches/schema.yaml +++ b/.schema/openapi/patches/schema.yaml @@ -21,8 +21,6 @@ - "$ref": "#/components/schemas/uiNodeScriptAttributes" # Makes the uiNodeInputAttributes value attribute polymorph -- op: remove - path: /components/schemas/uiNodeInputAttributes/properties/value/type - op: add path: /components/schemas/uiNodeInputAttributes/properties/value/nullable value: true diff --git a/go.mod b/go.mod index c2517839d518..c6a2050066ca 100644 --- a/go.mod +++ b/go.mod @@ -20,7 +20,7 @@ replace ( ) require ( - github.com/Masterminds/sprig/v3 v3.0.0 + github.com/Masterminds/sprig/v3 v3.2.2 github.com/arbovm/levenshtein v0.0.0-20160628152529-48b4e1c0c4d0 github.com/avast/retry-go/v3 v3.1.1 github.com/bradleyjkemp/cupaloy/v2 v2.6.0 @@ -36,9 +36,9 @@ require ( github.com/fatih/color v1.13.0 github.com/ghodss/yaml v1.0.0 github.com/go-errors/errors v1.0.1 - github.com/go-openapi/strfmt v0.20.3 + github.com/go-openapi/strfmt v0.21.3 github.com/go-playground/validator/v10 v10.4.1 - github.com/go-swagger/go-swagger v0.26.1 + github.com/go-swagger/go-swagger v0.30.0 github.com/gobuffalo/fizz v1.14.2 github.com/gobuffalo/httptest v1.0.2 github.com/gobuffalo/pop/v6 v6.0.6 @@ -52,7 +52,7 @@ require ( github.com/google/uuid v1.3.0 github.com/gorilla/sessions v1.2.1 github.com/gtank/cryptopasta v0.0.0-20170601214702-1f550f6f2f69 - github.com/hashicorp/consul/api v1.11.0 + github.com/hashicorp/consul/api v1.12.0 github.com/hashicorp/go-retryablehttp v0.7.0 github.com/hashicorp/golang-lru v0.5.4 github.com/imdario/mergo v0.3.12 @@ -76,7 +76,7 @@ require ( github.com/ory/kratos-client-go v0.6.3-alpha.1 github.com/ory/mail/v3 v3.0.0 github.com/ory/nosurf v1.2.7 - github.com/ory/x v0.0.454 + github.com/ory/x v0.0.460 github.com/phayes/freeport v0.0.0-20180830031419-95f893ade6f2 github.com/pkg/errors v0.9.1 github.com/pquerna/otp v1.3.0 @@ -91,25 +91,23 @@ require ( github.com/tidwall/sjson v1.2.4 github.com/urfave/negroni v1.0.0 github.com/zmb3/spotify/v2 v2.0.0 - go.opentelemetry.io/otel v1.7.0 - go.opentelemetry.io/otel/trace v1.7.0 - golang.org/x/crypto v0.0.0-20220517005047-85d78b3ac167 - golang.org/x/net v0.0.0-20220225172249-27dd8689420f - golang.org/x/oauth2 v0.0.0-20211104180415-d3ed0bb246c8 - golang.org/x/sync v0.0.0-20220601150217-0de741cfad7f - golang.org/x/tools v0.1.11 + go.opentelemetry.io/otel v1.9.0 + go.opentelemetry.io/otel/trace v1.9.0 + golang.org/x/crypto v0.0.0-20220817201139-bc19a97f63c8 + golang.org/x/net v0.0.0-20220826154423-83b083e8dc8b + golang.org/x/oauth2 v0.0.0-20220822191816-0ebed06d0094 + golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4 + golang.org/x/tools v0.1.12 ) require ( - cloud.google.com/go v0.99.0 // indirect + cloud.google.com/go/compute v1.7.0 // indirect github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1 // indirect - github.com/Masterminds/goutils v1.1.0 // indirect + github.com/Masterminds/goutils v1.1.1 // indirect github.com/Masterminds/semver v1.5.0 // indirect github.com/Masterminds/semver/v3 v3.1.1 // indirect github.com/Microsoft/go-winio v0.5.2 // indirect github.com/Nvveen/Gotty v0.0.0-20120604004816-cd527374f1e5 // indirect - github.com/PuerkitoBio/purell v1.1.1 // indirect - github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578 // indirect github.com/a8m/envsubst v1.3.0 // indirect github.com/ajg/form v0.0.0-20160822230020-523a5da1a92f // indirect github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751 // indirect @@ -143,27 +141,27 @@ require ( github.com/docker/go-units v0.4.0 // indirect github.com/dustin/go-humanize v1.0.0 // indirect github.com/elliotchance/orderedmap v1.4.0 // indirect - github.com/envoyproxy/go-control-plane v0.10.1 // indirect + github.com/envoyproxy/go-control-plane v0.10.2-0.20220325020618-49ff273808a1 // indirect github.com/envoyproxy/protoc-gen-validate v0.6.2 // indirect github.com/evanphx/json-patch v4.11.0+incompatible // indirect github.com/fatih/structs v1.1.0 // indirect - github.com/felixge/httpsnoop v1.0.2 // indirect + github.com/felixge/httpsnoop v1.0.3 // indirect github.com/form3tech-oss/jwt-go v3.2.3+incompatible // indirect github.com/fsnotify/fsnotify v1.5.4 // indirect github.com/fullstorydev/grpcurl v1.8.1 // indirect github.com/fxamacker/cbor/v2 v2.4.0 // indirect github.com/go-logr/logr v1.2.3 // indirect github.com/go-logr/stdr v1.2.2 // indirect - github.com/go-openapi/analysis v0.19.16 // indirect - github.com/go-openapi/errors v0.20.1 // indirect + github.com/go-openapi/analysis v0.21.4 // indirect + github.com/go-openapi/errors v0.20.3 // indirect github.com/go-openapi/inflect v0.19.0 // indirect github.com/go-openapi/jsonpointer v0.19.5 // indirect - github.com/go-openapi/jsonreference v0.19.5 // indirect - github.com/go-openapi/loads v0.20.1 // indirect - github.com/go-openapi/runtime v0.20.0 // indirect - github.com/go-openapi/spec v0.20.2 // indirect - github.com/go-openapi/swag v0.19.15 // indirect - github.com/go-openapi/validate v0.20.1 // indirect + github.com/go-openapi/jsonreference v0.20.0 // indirect + github.com/go-openapi/loads v0.21.2 // indirect + github.com/go-openapi/runtime v0.24.1 // indirect + github.com/go-openapi/spec v0.20.7 // indirect + github.com/go-openapi/swag v0.22.3 // indirect + github.com/go-openapi/validate v0.22.0 // indirect github.com/go-playground/locales v0.13.0 // indirect github.com/go-playground/universal-translator v0.17.0 // indirect github.com/go-sql-driver/mysql v1.6.0 // indirect @@ -195,12 +193,12 @@ require ( github.com/grpc-ecosystem/grpc-gateway v1.16.0 // indirect github.com/grpc-ecosystem/grpc-gateway/v2 v2.7.0 // indirect github.com/hashicorp/go-cleanhttp v0.5.2 // indirect - github.com/hashicorp/go-hclog v1.0.0 // indirect + github.com/hashicorp/go-hclog v1.2.0 // indirect github.com/hashicorp/go-immutable-radix v1.3.1 // indirect github.com/hashicorp/go-rootcerts v1.0.2 // indirect github.com/hashicorp/hcl v1.0.0 // indirect - github.com/hashicorp/serf v0.9.6 // indirect - github.com/huandu/xstrings v1.2.0 // indirect + github.com/hashicorp/serf v0.9.7 // indirect + github.com/huandu/xstrings v1.3.2 // indirect github.com/inconshreveable/mousetrap v1.0.0 // indirect github.com/jackc/chunkreader/v2 v2.0.1 // indirect github.com/jackc/pgconn v1.12.1 // indirect @@ -211,7 +209,7 @@ require ( github.com/jackc/pgtype v1.11.0 // indirect github.com/jackc/pgx/v4 v4.16.1 // indirect github.com/jandelgado/gcov2lcov v1.0.5 // indirect - github.com/jessevdk/go-flags v1.4.0 // indirect + github.com/jessevdk/go-flags v1.5.0 // indirect github.com/jhump/protoreflect v1.8.2 // indirect github.com/jinzhu/copier v0.3.5 // indirect github.com/jmoiron/sqlx v1.3.5 // indirect @@ -250,28 +248,30 @@ require ( github.com/ory/viper v1.7.5 // indirect github.com/pborman/uuid v1.2.1 // indirect github.com/pelletier/go-toml v1.9.5 // indirect + github.com/pelletier/go-toml/v2 v2.0.1 // indirect github.com/pkg/profile v1.6.0 // indirect github.com/pmezard/go-difflib v1.0.0 // indirect - github.com/pquerna/cachecontrol v0.0.0-20200921180117-858c6e7e6b7e // indirect - github.com/prometheus/client_golang v1.11.0 // indirect + github.com/pquerna/cachecontrol v0.1.0 // indirect + github.com/prometheus/client_golang v1.11.1 // indirect github.com/prometheus/client_model v0.2.0 // indirect github.com/prometheus/common v0.32.1 // indirect github.com/prometheus/procfs v0.7.3 // indirect github.com/rivo/uniseg v0.2.0 // indirect github.com/rjeczalik/notify v0.0.0-20181126183243-629144ba06a1 // indirect - github.com/rogpeppe/go-internal v1.8.0 // indirect + github.com/rogpeppe/go-internal v1.9.0 // indirect github.com/russross/blackfriday/v2 v2.1.0 // indirect github.com/seatgeek/logrus-gelf-formatter v0.0.0-20210414080842-5b05eb8ff761 // indirect github.com/segmentio/backo-go v0.0.0-20200129164019-23eae7c10bd3 // indirect github.com/sergi/go-diff v1.2.0 // indirect + github.com/shopspring/decimal v1.3.1 // indirect github.com/soheilhy/cmux v0.1.5 // indirect github.com/sourcegraph/annotate v0.0.0-20160123013949-f4cad6c6324d // indirect github.com/sourcegraph/syntaxhighlight v0.0.0-20170531221838-bd320f5d308e // indirect github.com/spf13/afero v1.8.2 // indirect github.com/spf13/cast v1.5.0 // indirect github.com/spf13/jwalterweatherman v1.1.0 // indirect - github.com/spf13/viper v1.10.0 // indirect - github.com/subosito/gotenv v1.2.0 // indirect + github.com/spf13/viper v1.12.0 // indirect + github.com/subosito/gotenv v1.3.0 // indirect github.com/tidwall/match v1.1.1 // indirect github.com/tidwall/pretty v1.2.0 // indirect github.com/timtadh/data-structures v0.5.3 // indirect @@ -286,44 +286,44 @@ require ( github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2 // indirect github.com/xtgo/uuid v0.0.0-20140804021211-a0b114877d4c // indirect go.etcd.io/bbolt v1.3.5 // indirect - go.etcd.io/etcd/api/v3 v3.5.1 // indirect - go.etcd.io/etcd/client/pkg/v3 v3.5.1 // indirect - go.etcd.io/etcd/client/v2 v2.305.1 // indirect - go.etcd.io/etcd/client/v3 v3.5.0-alpha.0 // indirect + go.etcd.io/etcd/api/v3 v3.5.4 // indirect + go.etcd.io/etcd/client/pkg/v3 v3.5.4 // indirect + go.etcd.io/etcd/client/v2 v2.305.4 // indirect + go.etcd.io/etcd/client/v3 v3.5.4 // indirect go.etcd.io/etcd/etcdctl/v3 v3.5.0-alpha.0 // indirect go.etcd.io/etcd/pkg/v3 v3.5.0-alpha.0 // indirect go.etcd.io/etcd/raft/v3 v3.5.0-alpha.0 // indirect go.etcd.io/etcd/server/v3 v3.5.0-alpha.0 // indirect go.etcd.io/etcd/tests/v3 v3.5.0-alpha.0 // indirect go.etcd.io/etcd/v3 v3.5.0-alpha.0 // indirect - go.mongodb.org/mongo-driver v1.7.3 // indirect + go.mongodb.org/mongo-driver v1.10.1 // indirect go.opentelemetry.io/contrib/instrumentation/net/http/httptrace/otelhttptrace v0.25.0 // indirect go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.29.0 // indirect go.opentelemetry.io/contrib/propagators/b3 v1.4.0 // indirect go.opentelemetry.io/contrib/propagators/jaeger v1.4.0 // indirect go.opentelemetry.io/contrib/samplers/jaegerremote v0.0.0-20220314184135-32895002a444 // indirect - go.opentelemetry.io/otel/exporters/jaeger v1.5.0 // indirect - go.opentelemetry.io/otel/exporters/otlp/internal/retry v1.6.3 // indirect - go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.6.3 // indirect - go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.6.3 // indirect - go.opentelemetry.io/otel/exporters/zipkin v1.7.0 // indirect + go.opentelemetry.io/otel/exporters/jaeger v1.9.0 // indirect + go.opentelemetry.io/otel/exporters/otlp/internal/retry v1.9.0 // indirect + go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.9.0 // indirect + go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.9.0 // indirect + go.opentelemetry.io/otel/exporters/zipkin v1.9.0 // indirect go.opentelemetry.io/otel/internal/metric v0.27.0 // indirect go.opentelemetry.io/otel/metric v0.27.0 // indirect - go.opentelemetry.io/otel/sdk v1.7.0 // indirect - go.opentelemetry.io/proto/otlp v0.15.0 // indirect + go.opentelemetry.io/otel/sdk v1.9.0 // indirect + go.opentelemetry.io/proto/otlp v0.18.0 // indirect go.uber.org/atomic v1.7.0 // indirect go.uber.org/multierr v1.7.0 // indirect go.uber.org/zap v1.17.0 // indirect golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4 // indirect - golang.org/x/sys v0.0.0-20220517195934-5e4e11fc645e // indirect + golang.org/x/sys v0.0.0-20220817070843-5a390386f1f2 // indirect golang.org/x/term v0.0.0-20210927222741-03fcf44c2211 // indirect golang.org/x/text v0.3.7 // indirect golang.org/x/time v0.0.0-20211116232009-f0f3c7e86c11 // indirect - golang.org/x/xerrors v0.0.0-20220517211312-f3a8303e98df // indirect + golang.org/x/xerrors v0.0.0-20220609144429-65e65417b02f // indirect google.golang.org/appengine v1.6.7 // indirect - google.golang.org/genproto v0.0.0-20211208223120-3a66f561d7aa // indirect - google.golang.org/grpc v1.45.0 // indirect - google.golang.org/protobuf v1.28.0 // indirect + google.golang.org/genproto v0.0.0-20220616135557-88e70c0c3a90 // indirect + google.golang.org/grpc v1.47.0 // indirect + google.golang.org/protobuf v1.28.1 // indirect gopkg.in/alecthomas/kingpin.v2 v2.2.6 // indirect gopkg.in/alexcesaro/quotedprintable.v3 v3.0.0-20150716171945-2caba252f4dc // indirect gopkg.in/cheggaaa/pb.v1 v1.0.28 // indirect diff --git a/go.sum b/go.sum index 9739f4f0dc30..01c22baf056f 100644 --- a/go.sum +++ b/go.sum @@ -33,18 +33,28 @@ cloud.google.com/go v0.93.3/go.mod h1:8utlLll2EF5XMAV15woO4lSbWQlk8rer9aLOfLh7+Y cloud.google.com/go v0.94.1/go.mod h1:qAlAugsXlC+JWO+Bke5vCtc9ONxjQT3drlTTnAplMW4= cloud.google.com/go v0.97.0/go.mod h1:GF7l59pYBVlXQIBLx3a761cZ41F9bBH3JUlihCt2Udc= cloud.google.com/go v0.98.0/go.mod h1:ua6Ush4NALrHk5QXDWnjvZHN93OuF0HfuEPq9I1X0cM= -cloud.google.com/go v0.99.0 h1:y/cM2iqGgGi5D5DQZl6D9STN/3dR/Vx5Mp8s752oJTY= cloud.google.com/go v0.99.0/go.mod h1:w0Xx2nLzqWJPuozYQX+hFfCSI8WioryfRDzkoI/Y2ZA= +cloud.google.com/go v0.100.2/go.mod h1:4Xra9TjzAeYHrl5+oeLlzbM2k3mjVhZh4UqTZ//w99A= +cloud.google.com/go v0.102.0 h1:DAq3r8y4mDgyB/ZPJ9v/5VJNqjgJAxTn6ZYLlUywOu8= +cloud.google.com/go v0.102.0/go.mod h1:oWcCzKlqJ5zgHQt9YsaeTY9KzIvjyy0ArmiBUgpQ+nc= cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o= cloud.google.com/go/bigquery v1.3.0/go.mod h1:PjpwJnslEMmckchkHFfq+HTD2DmtT67aNFKH1/VBDHE= cloud.google.com/go/bigquery v1.4.0/go.mod h1:S8dzgnTigyfTmLBfrtrhyYhwRxG72rYxvftPBK2Dvzc= cloud.google.com/go/bigquery v1.5.0/go.mod h1:snEHRnqQbz117VIFhE8bmtwIDY80NLUZUMb4Nv6dBIg= cloud.google.com/go/bigquery v1.7.0/go.mod h1://okPTzCYNXSlb24MZs83e2Do+h+VXtc4gLoIoXIAPc= cloud.google.com/go/bigquery v1.8.0/go.mod h1:J5hqkt3O0uAFnINi6JXValWIb1v0goeZM77hZzJN/fQ= +cloud.google.com/go/compute v0.1.0/go.mod h1:GAesmwr110a34z04OlxYkATPBEfVhkymfTBXtfbBFow= +cloud.google.com/go/compute v1.3.0/go.mod h1:cCZiE1NHEtai4wiufUhW8I8S1JKkAnhnQJWM7YD99wM= +cloud.google.com/go/compute v1.5.0/go.mod h1:9SMHyhJlzhlkJqrPAc839t2BZFTSk6Jdj6mkzQJeu0M= +cloud.google.com/go/compute v1.6.0/go.mod h1:T29tfhtVbq1wvAPo0E3+7vhgmkOYeXjhFvz/FMzPu0s= +cloud.google.com/go/compute v1.6.1/go.mod h1:g85FgpzFvNULZ+S8AYq87axRKuf2Kh7deLqV/jJ3thU= +cloud.google.com/go/compute v1.7.0 h1:v/k9Eueb8aAJ0vZuxKMrgm6kPhCLZU9HxFU+AFDs9Uk= +cloud.google.com/go/compute v1.7.0/go.mod h1:435lt8av5oL9P3fv1OEzSbSUe+ybHXGMPQHHZWZxy9U= cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE= cloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1b3c64qFpCk= cloud.google.com/go/firestore v1.1.0/go.mod h1:ulACoGHTpvq5r8rxGJ4ddJZBZqakUQqClKRT5SZwBmk= cloud.google.com/go/firestore v1.6.1/go.mod h1:asNXNOzBdyVQmEU+ggO8UPodTkEVFW5Qx+rwHnAz+EY= +cloud.google.com/go/iam v0.3.0/go.mod h1:XzJPvDayI+9zsASAFO68Hk07u3z+f+JrT2xXNdp4bnY= cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I= cloud.google.com/go/pubsub v1.1.0/go.mod h1:EwwdRX2sKPjnvnqCa270oGRyludottCI76h+R3AArQw= cloud.google.com/go/pubsub v1.2.0/go.mod h1:jhfEVHT8odbXTkndysNHCcx0awwzvfOlguIAii9o8iA= @@ -56,6 +66,7 @@ cloud.google.com/go/storage v1.6.0/go.mod h1:N7U0C8pVQ/+NIKOBQyamJIeKQKkZ+mxpohl cloud.google.com/go/storage v1.8.0/go.mod h1:Wv1Oy7z6Yz3DshWRJFhqM/UCfaWIRTdp0RXyy7KQOVs= cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9ullr3+Kg0= cloud.google.com/go/storage v1.14.0/go.mod h1:GrKmX003DSIwi9o29oFT7YDnHYwZoctc3fOKtUw0Xmo= +cloud.google.com/go/storage v1.22.1/go.mod h1:S8N1cAStu7BOeFfE8KAQzmyyLkK8p/vmRq6kuBTW58Y= code.gitea.io/sdk/gitea v0.11.3/go.mod h1:z3uwDV/b9Ls47NGukYM9XhnHtqPh/J+t40lsUrR6JDY= contrib.go.opencensus.io/exporter/aws v0.0.0-20181029163544-2befc13012d0/go.mod h1:uu1P0UCM/6RbsMrgPa98ll8ZcHM858i/AD06a9aLRCA= contrib.go.opencensus.io/exporter/ocagent v0.5.0/go.mod h1:ImxhfLRpxoYiSq891pBrLVhN+qmP8BTVvdH2YLs7Gl0= @@ -98,12 +109,12 @@ github.com/GeertJohan/go.rice v1.0.2/go.mod h1:af5vUNlDNkCjOZeSGFgIJxDje9qdjsO6h github.com/GoogleCloudPlatform/cloudsql-proxy v0.0.0-20191009163259-e802c2cb94ae/go.mod h1:mjwGPas4yKduTyubHvD1Atl9r1rUq8DfVy+gkVvZ+oo= github.com/HdrHistogram/hdrhistogram-go v1.1.2/go.mod h1:yDgFjdqOqDEKOvasDdhWNXYg9BVp4O+o5f6V/ehm6Oo= github.com/Knetic/govaluate v3.0.1-0.20171022003610-9aa49832a739+incompatible/go.mod h1:r7JcOSlj0wfOMncg0iLm8Leh48TZaKVeNIfJntJ2wa0= -github.com/Masterminds/goutils v1.1.0 h1:zukEsf/1JZwCMgHiK3GZftabmxiCw4apj3a28RPBiVg= github.com/Masterminds/goutils v1.1.0/go.mod h1:8cTjp+g8YejhMuvIA5y2vz3BpJxksy863GQaJW2MFNU= +github.com/Masterminds/goutils v1.1.1 h1:5nUrii3FMTL5diU80unEVvNevw1nH4+ZV4DSLVJLSYI= +github.com/Masterminds/goutils v1.1.1/go.mod h1:8cTjp+g8YejhMuvIA5y2vz3BpJxksy863GQaJW2MFNU= github.com/Masterminds/semver v1.4.2/go.mod h1:MB6lktGJrhw8PrUyiEoblNEGEQ+RzHPF078ddwwvV3Y= github.com/Masterminds/semver v1.5.0 h1:H65muMkzWKEuNDnfl9d70GUjFniHKHRbFPGBuZ3QEww= github.com/Masterminds/semver v1.5.0/go.mod h1:MB6lktGJrhw8PrUyiEoblNEGEQ+RzHPF078ddwwvV3Y= -github.com/Masterminds/semver/v3 v3.0.1/go.mod h1:VPu/7SZ7ePZ3QOrcuXROw5FAcLl4a0cBrbBpGY/8hQs= github.com/Masterminds/semver/v3 v3.0.3/go.mod h1:VPu/7SZ7ePZ3QOrcuXROw5FAcLl4a0cBrbBpGY/8hQs= github.com/Masterminds/semver/v3 v3.1.0/go.mod h1:VPu/7SZ7ePZ3QOrcuXROw5FAcLl4a0cBrbBpGY/8hQs= github.com/Masterminds/semver/v3 v3.1.1 h1:hLg3sBzpNErnxhQtUy/mmLR2I9foDujNK030IGemrRc= @@ -111,8 +122,8 @@ github.com/Masterminds/semver/v3 v3.1.1/go.mod h1:VPu/7SZ7ePZ3QOrcuXROw5FAcLl4a0 github.com/Masterminds/sprig v2.15.0+incompatible/go.mod h1:y6hNFY5UBTIWBxnzTeuNhlNS5hqE0NB0E6fgfo2Br3o= github.com/Masterminds/sprig v2.22.0+incompatible h1:z4yfnGrZ7netVz+0EDJ0Wi+5VZCSYp4Z0m2dk6cEM60= github.com/Masterminds/sprig v2.22.0+incompatible/go.mod h1:y6hNFY5UBTIWBxnzTeuNhlNS5hqE0NB0E6fgfo2Br3o= -github.com/Masterminds/sprig/v3 v3.0.0 h1:KSQz7Nb08/3VU9E4ns29dDxcczhOD1q7O1UfM4G3t3g= -github.com/Masterminds/sprig/v3 v3.0.0/go.mod h1:NEUY/Qq8Gdm2xgYA+NwJM6wmfdRV9xkh8h/Rld20R0U= +github.com/Masterminds/sprig/v3 v3.2.2 h1:17jRggJu518dr3QaafizSXOjKYp94wKfABxUmyxvxX8= +github.com/Masterminds/sprig/v3 v3.2.2/go.mod h1:UoaO7Yp8KlPnJIYWTFkMaqPUYKTfGFPhxNuwnnxkKlk= github.com/Microsoft/go-winio v0.4.11/go.mod h1:VhR8bwka0BXejwEJY73c50VrPtXAaKcyvVC4A4RozmA= github.com/Microsoft/go-winio v0.4.14/go.mod h1:qXqCSQ3Xa7+6tgxaGTIe4Kpcdsi+P8jBhyzoq1bpyYA= github.com/Microsoft/go-winio v0.4.15-0.20190919025122-fc70bd9a86b5/go.mod h1:tTuCMEN+UleMWgg9dVx4Hu52b1bJo+59jBh3ajtinzw= @@ -140,9 +151,7 @@ github.com/Nvveen/Gotty v0.0.0-20120604004816-cd527374f1e5 h1:TngWCqHvy9oXAN6lEV github.com/Nvveen/Gotty v0.0.0-20120604004816-cd527374f1e5/go.mod h1:lmUJ/7eu/Q8D7ML55dXQrVaamCz2vxCfdQBasLZfHKk= github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU= github.com/PuerkitoBio/purell v1.1.0/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0= -github.com/PuerkitoBio/purell v1.1.1 h1:WEQqlqaGbrPkxLJWfBwQmfEAE1Z7ONdDLqrN38tNFfI= github.com/PuerkitoBio/purell v1.1.1/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0= -github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578 h1:d+Bc7a5rLufV/sSk/8dngufqelfh6jnri85riMAaF/M= github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE= github.com/Shopify/logrus-bugsnag v0.0.0-20171204204709-577dee27f20d/go.mod h1:HI8ITrYtUY+O+ZhtlqUnD8+KwNPOyugEhfP9fdUIaEQ= github.com/Shopify/sarama v1.19.0/go.mod h1:FVkBWblsNy7DGZRfXLU0O9RCGt5g3g3yEuWXgklEdEo= @@ -157,7 +166,6 @@ github.com/aeneasr/cupaloy/v2 v2.6.1-0.20210924214125-3dfdd01210a3/go.mod h1:bm7 github.com/aeneasr/koanf v0.14.1-0.20211230115640-aa3902b3267a h1:CWZu1palLlc1XlFcbEQ6i4Oqax3CJ8YEAb/mIdkPu5o= github.com/aeneasr/koanf v0.14.1-0.20211230115640-aa3902b3267a/go.mod h1:1cfH5223ZeZUOs8FU2UdTmaNfHpqgtjV0+NHjRO43gs= github.com/afex/hystrix-go v0.0.0-20180502004556-fa1af6a1f4f5/go.mod h1:SkGFH1ia65gfNATL8TAiHDNxPzPdmEL5uirI2Uyuz6c= -github.com/agnivade/levenshtein v1.0.1/go.mod h1:CURSv5d9Uaml+FovSIICkLbAUZ9S4RqaHDIsdSBg7lM= github.com/ajg/form v0.0.0-20160822230020-523a5da1a92f h1:zvClvFQwU++UpIUBGC8YmDlfhUrweEy1R1Fj1gu5iIM= github.com/ajg/form v0.0.0-20160822230020-523a5da1a92f/go.mod h1:uL1WgH+h2mgNtvBq0339dVnzXdBETtL2LeUXaIv25UY= github.com/ajstarks/svgo v0.0.0-20180226025133-644b8db467af/go.mod h1:K08gAheRH3/J6wwsYMMT4xOr94bZjxIelGM0+d/wbFw= @@ -174,7 +182,6 @@ github.com/alecthomas/units v0.0.0-20190924025748-f65c72e2690d/go.mod h1:rBZYJk5 github.com/alecthomas/units v0.0.0-20210208195552-ff826a37aa15 h1:AUNCr9CiJuwrRYS3XieqF+Z9B9gNxo/eANAJCF2eiN4= github.com/alecthomas/units v0.0.0-20210208195552-ff826a37aa15/go.mod h1:OMCwj8VM1Kc9e19TLln2VL61YJF0x1XFtfdL4JdbSyE= github.com/alexflint/go-filemutex v0.0.0-20171022225611-72bdc8eae2ae/go.mod h1:CgnQgUtFrFz9mxFNtED3jI5tLDjKlOM+oUF/sTk6ps0= -github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883/go.mod h1:rCTlJbsFo29Kk6CurOXKm700vrz8f0KW0JNfpkRJY/8= github.com/anmitsu/go-shlex v0.0.0-20161002113705-648efa622239/go.mod h1:2FmKhYUyUczH0OGQWaF5ceTx0UBShxjsH6f8oGKYe2c= github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY= github.com/aokoli/goutils v1.0.1/go.mod h1:SijmP0QR8LtwsmDs8Yii5Z/S4trXFGFC2oO5g9DP+DQ= @@ -268,7 +275,6 @@ github.com/casbin/casbin/v2 v2.1.2/go.mod h1:YcPU1XXisHhLzuxH9coDNf2FbKpjGlbCg3n github.com/cavaliercoder/go-cpio v0.0.0-20180626203310-925f9528c45e/go.mod h1:oDpT4efm8tSYHXV5tHSdRvBet/b/QzxZ+XyyPehvm3A= github.com/cenkalti/backoff v2.2.1+incompatible h1:tNowT99t7UNflLxfYYSlKYsBpXdEet03Pg2g16Swow4= github.com/cenkalti/backoff v2.2.1+incompatible/go.mod h1:90ReRw6GdpyfrHakVjL/QHaoyV4aDUVVkXQJJJ3NXXM= -github.com/cenkalti/backoff/v4 v4.1.2/go.mod h1:scbssz8iZGpm3xbr14ovlUdkxfGXNInqkPWOWmG2CLw= github.com/cenkalti/backoff/v4 v4.1.3 h1:cFAlzYUlVYDysBEH2T5hyJZMh3+5+WCBvSnK6Q8UtC4= github.com/cenkalti/backoff/v4 v4.1.3/go.mod h1:scbssz8iZGpm3xbr14ovlUdkxfGXNInqkPWOWmG2CLw= github.com/census-instrumentation/opencensus-proto v0.2.0/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= @@ -532,8 +538,9 @@ github.com/envoyproxy/go-control-plane v0.9.9-0.20201210154907-fd9021fe5dad/go.m github.com/envoyproxy/go-control-plane v0.9.9-0.20210217033140-668b12f5399d/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk= github.com/envoyproxy/go-control-plane v0.9.9-0.20210512163311-63b5d3c536b0/go.mod h1:hliV/p42l8fGbc6Y9bQ70uLwIvmJyVE5k4iMKlh8wCQ= github.com/envoyproxy/go-control-plane v0.9.10-0.20210907150352-cf90f659a021/go.mod h1:AFq3mo9L8Lqqiid3OhADV3RfLJnjiw63cSpi+fDTRC0= -github.com/envoyproxy/go-control-plane v0.10.1 h1:cgDRLG7bs59Zd+apAWuzLQL95obVYAymNJek76W3mgw= github.com/envoyproxy/go-control-plane v0.10.1/go.mod h1:AY7fTTXNdv/aJ2O5jwpxAPOWUZ7hQAEvzN5Pf27BkQQ= +github.com/envoyproxy/go-control-plane v0.10.2-0.20220325020618-49ff273808a1 h1:xvqufLtNVwAhN8NMyWklVgxnWohi+wtMGQMhtxexlm0= +github.com/envoyproxy/go-control-plane v0.10.2-0.20220325020618-49ff273808a1/go.mod h1:KJwIaB5Mv44NWtYuAOFCVOjcI94vtpEz2JU/D2v6IjE= github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= github.com/envoyproxy/protoc-gen-validate v0.3.0-java/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= github.com/envoyproxy/protoc-gen-validate v0.6.1/go.mod h1:txg5va2Qkip90uYoSKH+nkAAmXrb2j3iq4FLwdrCbXQ= @@ -551,8 +558,9 @@ github.com/fatih/color v1.13.0/go.mod h1:kLAiJbzzSOZDVNGyDpeOxJ47H46qBXwg5ILebYF github.com/fatih/structs v1.1.0 h1:Q7juDM0QtcnhCpeyLGQKyg4TOIghuNXrkL32pHAUMxo= github.com/fatih/structs v1.1.0/go.mod h1:9NiDSp5zOcgEDl+j00MP/WkGVPOlPRLejGD8Ga6PJ7M= github.com/felixge/httpsnoop v1.0.1/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U= -github.com/felixge/httpsnoop v1.0.2 h1:+nS9g82KMXccJ/wp0zyRW9ZBHFETmMGtkk+2CTTrW4o= github.com/felixge/httpsnoop v1.0.2/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U= +github.com/felixge/httpsnoop v1.0.3 h1:s/nj+GCswXYzN5v2DpNMuMQYe+0DDwt5WVCU6CWBdXk= +github.com/felixge/httpsnoop v1.0.3/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U= github.com/flynn/go-shlex v0.0.0-20150515145356-3f9db97f8568/go.mod h1:xEzjJPgXI435gkrCt3MPfRiAkVrwSbHsst4LCFVfpJc= github.com/fogleman/gg v1.2.1-0.20190220221249-0403632d5b90/go.mod h1:R/bRT+9gY/C5z7JzPU0zXsXHKM4/ayA+zqcVNZzPa1k= github.com/fogleman/gg v1.3.0/go.mod h1:R/bRT+9gY/C5z7JzPU0zXsXHKM4/ayA+zqcVNZzPa1k= @@ -622,19 +630,20 @@ github.com/go-openapi/analysis v0.19.2/go.mod h1:3P1osvZa9jKjb8ed2TPng3f0i/UY9sn github.com/go-openapi/analysis v0.19.4/go.mod h1:3P1osvZa9jKjb8ed2TPng3f0i/UY9snX6gxi44djMjk= github.com/go-openapi/analysis v0.19.5/go.mod h1:hkEAkxagaIvIP7VTn8ygJNkd4kAYON2rCu0v0ObL0AU= github.com/go-openapi/analysis v0.19.10/go.mod h1:qmhS3VNFxBlquFJ0RGoDtylO9y4pgTAUNE9AEEMdlJQ= -github.com/go-openapi/analysis v0.19.16 h1:Ub9e++M8sDwtHD+S587TYi+6ANBG1NRYGZDihqk0SaY= -github.com/go-openapi/analysis v0.19.16/go.mod h1:GLInF007N83Ad3m8a/CbQ5TPzdnGT7workfHwuVjNVk= +github.com/go-openapi/analysis v0.21.2/go.mod h1:HZwRk4RRisyG8vx2Oe6aqeSQcoxRp47Xkp3+K6q+LdY= +github.com/go-openapi/analysis v0.21.4 h1:ZDFLvSNxpDaomuCueM0BlSXxpANBlFYiBvr+GXrvIHc= +github.com/go-openapi/analysis v0.21.4/go.mod h1:4zQ35W4neeZTqh3ol0rv/O8JBbka9QyAgQRPp9y3pfo= github.com/go-openapi/errors v0.17.0/go.mod h1:LcZQpmvG4wyF5j4IhA73wkLFQg+QJXOQHVjmcZxhka0= github.com/go-openapi/errors v0.18.0/go.mod h1:LcZQpmvG4wyF5j4IhA73wkLFQg+QJXOQHVjmcZxhka0= github.com/go-openapi/errors v0.19.2/go.mod h1:qX0BLWsyaKfvhluLejVpVNwNRdXZhEbTA4kxxpKBC94= github.com/go-openapi/errors v0.19.3/go.mod h1:qX0BLWsyaKfvhluLejVpVNwNRdXZhEbTA4kxxpKBC94= github.com/go-openapi/errors v0.19.6/go.mod h1:cM//ZKUKyO06HSwqAelJ5NsEMMcpa6VpXe8DOa1Mi1M= -github.com/go-openapi/errors v0.19.7/go.mod h1:cM//ZKUKyO06HSwqAelJ5NsEMMcpa6VpXe8DOa1Mi1M= github.com/go-openapi/errors v0.19.8/go.mod h1:cM//ZKUKyO06HSwqAelJ5NsEMMcpa6VpXe8DOa1Mi1M= github.com/go-openapi/errors v0.19.9/go.mod h1:cM//ZKUKyO06HSwqAelJ5NsEMMcpa6VpXe8DOa1Mi1M= github.com/go-openapi/errors v0.20.0/go.mod h1:cM//ZKUKyO06HSwqAelJ5NsEMMcpa6VpXe8DOa1Mi1M= -github.com/go-openapi/errors v0.20.1 h1:j23mMDtRxMwIobkpId7sWh7Ddcx4ivaoqUbfXx5P+a8= -github.com/go-openapi/errors v0.20.1/go.mod h1:cM//ZKUKyO06HSwqAelJ5NsEMMcpa6VpXe8DOa1Mi1M= +github.com/go-openapi/errors v0.20.2/go.mod h1:cM//ZKUKyO06HSwqAelJ5NsEMMcpa6VpXe8DOa1Mi1M= +github.com/go-openapi/errors v0.20.3 h1:rz6kiC84sqNQoqrtulzaL/VERgkoCyB6WdEkc2ujzUc= +github.com/go-openapi/errors v0.20.3/go.mod h1:Z3FlZ4I8jEGxjUK+bugx3on2mIAk4txuAOhlsB1FSgk= github.com/go-openapi/inflect v0.19.0 h1:9jCH9scKIbHeV9m12SmPilScz6krDxKRasNNSNPXu/4= github.com/go-openapi/inflect v0.19.0/go.mod h1:lHpZVlpIQqLyKwJ4N+YSc9hchQy/i12fJykb83CRBH4= github.com/go-openapi/jsonpointer v0.17.0/go.mod h1:cOnomiV+CVVwFLk0A/MExoFMjwdsUdVpsRhURCKh+3M= @@ -647,39 +656,35 @@ github.com/go-openapi/jsonreference v0.17.0/go.mod h1:g4xxGn04lDIRh0GJb5QlpE3Hfo github.com/go-openapi/jsonreference v0.18.0/go.mod h1:g4xxGn04lDIRh0GJb5QlpE3HfopLOL6uZrK/VgnsK9I= github.com/go-openapi/jsonreference v0.19.2/go.mod h1:jMjeRr2HHw6nAVajTXJ4eiUwohSTlpa0o73RUL1owJc= github.com/go-openapi/jsonreference v0.19.3/go.mod h1:rjx6GuL8TTa9VaixXglHmQmIL98+wF9xc8zWvFonSJ8= -github.com/go-openapi/jsonreference v0.19.5 h1:1WJP/wi4OjB4iV8KVbH73rQaoialJrqv8gitZLxGLtM= -github.com/go-openapi/jsonreference v0.19.5/go.mod h1:RdybgQwPxbL4UEjuAruzK1x3nE69AqPYEJeo/TWfEeg= +github.com/go-openapi/jsonreference v0.19.6/go.mod h1:diGHMEHg2IqXZGKxqyvWdfWU/aim5Dprw5bqpKkTvns= +github.com/go-openapi/jsonreference v0.20.0 h1:MYlu0sBgChmCfJxxUKZ8g1cPWFOB37YSZqewK7OKeyA= +github.com/go-openapi/jsonreference v0.20.0/go.mod h1:Ag74Ico3lPc+zR+qjn4XBUmXymS4zJbYVCZmcgkasdo= github.com/go-openapi/loads v0.17.0/go.mod h1:72tmFy5wsWx89uEVddd0RjRWPZm92WRLhf7AC+0+OOU= github.com/go-openapi/loads v0.18.0/go.mod h1:72tmFy5wsWx89uEVddd0RjRWPZm92WRLhf7AC+0+OOU= github.com/go-openapi/loads v0.19.0/go.mod h1:72tmFy5wsWx89uEVddd0RjRWPZm92WRLhf7AC+0+OOU= github.com/go-openapi/loads v0.19.2/go.mod h1:QAskZPMX5V0C2gvfkGZzJlINuP7Hx/4+ix5jWFxsNPs= github.com/go-openapi/loads v0.19.3/go.mod h1:YVfqhUCdahYwR3f3iiwQLhicVRvLlU/WO5WPaZvcvSI= github.com/go-openapi/loads v0.19.5/go.mod h1:dswLCAdonkRufe/gSUC3gN8nTSaB9uaS2es0x5/IbjY= -github.com/go-openapi/loads v0.19.6/go.mod h1:brCsvE6j8mnbmGBh103PT/QLHfbyDxA4hsKvYBNEGVc= -github.com/go-openapi/loads v0.19.7/go.mod h1:brCsvE6j8mnbmGBh103PT/QLHfbyDxA4hsKvYBNEGVc= -github.com/go-openapi/loads v0.20.0/go.mod h1:2LhKquiE513rN5xC6Aan6lYOSddlL8Mp20AW9kpviM4= -github.com/go-openapi/loads v0.20.1 h1:LX55ObGRfG+53/1KRKTvCfqC1U2Htf7KgkPBpIVhuUM= -github.com/go-openapi/loads v0.20.1/go.mod h1:/6LfFL8fDvTSX8ypmYXIq3U9Q7nfniSOStW22m864WM= +github.com/go-openapi/loads v0.21.1/go.mod h1:/DtAMXXneXFjbQMGEtbamCZb+4x7eGwkvZCvBmwUG+g= +github.com/go-openapi/loads v0.21.2 h1:r2a/xFIYeZ4Qd2TnGpWDIQNcP80dIaZgf704za8enro= +github.com/go-openapi/loads v0.21.2/go.mod h1:Jq58Os6SSGz0rzh62ptiu8Z31I+OTHqmULx5e/gJbNw= github.com/go-openapi/runtime v0.0.0-20180920151709-4f900dc2ade9/go.mod h1:6v9a6LTXWQCdL8k1AO3cvqx5OtZY/Y9wKTgaoP6YRfA= github.com/go-openapi/runtime v0.19.0/go.mod h1:OwNfisksmmaZse4+gpV3Ne9AyMOlP1lt4sK4FXt0O64= github.com/go-openapi/runtime v0.19.4/go.mod h1:X277bwSUBxVlCYR3r7xgZZGKVvBd/29gLDlFGtJ8NL4= github.com/go-openapi/runtime v0.19.15/go.mod h1:dhGWCTKRXlAfGnQG0ONViOZpjfg0m2gUt9nTQPQZuoo= -github.com/go-openapi/runtime v0.19.16/go.mod h1:5P9104EJgYcizotuXhEuUrzVc+j1RiSjahULvYmlv98= -github.com/go-openapi/runtime v0.19.24/go.mod h1:Lm9YGCeecBnUUkFTxPC4s1+lwrkJ0pthx8YvyjCfkgk= -github.com/go-openapi/runtime v0.19.26/go.mod h1:BvrQtn6iVb2QmiVXRsFAm6ZCAZBpbVKFfN6QWCp582M= -github.com/go-openapi/runtime v0.20.0 h1:DEV4oYH28MqakaabtbxH0cjvlzFegi/15kfUVCfiZW0= github.com/go-openapi/runtime v0.20.0/go.mod h1:2WnLRxMiOUWNN0UZskSkxW0+WXdfB1KmqRKCFH+ZWYk= +github.com/go-openapi/runtime v0.24.1 h1:Sml5cgQKGYQHF+M7yYSHaH1eOjvTykrddTE/KtQVjqo= +github.com/go-openapi/runtime v0.24.1/go.mod h1:AKurw9fNre+h3ELZfk6ILsfvPN+bvvlaU/M9q/r9hpk= github.com/go-openapi/spec v0.17.0/go.mod h1:XkF/MOi14NmjsfZ8VtAKf8pIlbZzyoTvZsdfssdxcBI= github.com/go-openapi/spec v0.18.0/go.mod h1:XkF/MOi14NmjsfZ8VtAKf8pIlbZzyoTvZsdfssdxcBI= github.com/go-openapi/spec v0.19.2/go.mod h1:sCxk3jxKgioEJikev4fgkNmwS+3kuYdJtcsZsD5zxMY= github.com/go-openapi/spec v0.19.3/go.mod h1:FpwSN1ksY1eteniUU7X0N/BgJ7a4WvBFVA8Lj9mJglo= github.com/go-openapi/spec v0.19.6/go.mod h1:Hm2Jr4jv8G1ciIAo+frC/Ft+rR2kQDh8JHKHb3gWUSk= github.com/go-openapi/spec v0.19.8/go.mod h1:Hm2Jr4jv8G1ciIAo+frC/Ft+rR2kQDh8JHKHb3gWUSk= -github.com/go-openapi/spec v0.19.15/go.mod h1:+81FIL1JwC5P3/Iuuozq3pPE9dXdIEGxFutcFKaVbmU= -github.com/go-openapi/spec v0.20.0/go.mod h1:+81FIL1JwC5P3/Iuuozq3pPE9dXdIEGxFutcFKaVbmU= -github.com/go-openapi/spec v0.20.1/go.mod h1:93x7oh+d+FQsmsieroS4cmR3u0p/ywH649a3qwC9OsQ= -github.com/go-openapi/spec v0.20.2 h1:pFPUZsiIbZ20kLUcuCGeuQWG735fPMxW7wHF9BWlnQU= -github.com/go-openapi/spec v0.20.2/go.mod h1:RW6Xcbs6LOyWLU/mXGdzn2Qc+3aj+ASfI7rvSZh1Vls= +github.com/go-openapi/spec v0.20.4/go.mod h1:faYFR1CvsJZ0mNsmsphTMSoRrNV3TEDoAM7FOEWeq8I= +github.com/go-openapi/spec v0.20.6/go.mod h1:2OpW+JddWPrpXSCIX8eOx7lZ5iyuWj3RYR6VaaBKcWA= +github.com/go-openapi/spec v0.20.7 h1:1Rlu/ZrOCCob0n+JKKJAWhNWMPW8bOZRg8FJaY+0SKI= +github.com/go-openapi/spec v0.20.7/go.mod h1:2OpW+JddWPrpXSCIX8eOx7lZ5iyuWj3RYR6VaaBKcWA= github.com/go-openapi/strfmt v0.17.0/go.mod h1:P82hnJI0CXkErkXi8IKjPbNBM6lV6+5pLP5l494TcyU= github.com/go-openapi/strfmt v0.18.0/go.mod h1:P82hnJI0CXkErkXi8IKjPbNBM6lV6+5pLP5l494TcyU= github.com/go-openapi/strfmt v0.19.0/go.mod h1:+uW+93UVvGGq2qGaZxdDeJqSAqBqBdl+ZPMF/cC8nDY= @@ -687,28 +692,28 @@ github.com/go-openapi/strfmt v0.19.2/go.mod h1:0yX7dbo8mKIvc3XSKp7MNfxw4JytCfCD6 github.com/go-openapi/strfmt v0.19.3/go.mod h1:0yX7dbo8mKIvc3XSKp7MNfxw4JytCfCD6+bY1AVL9LU= github.com/go-openapi/strfmt v0.19.4/go.mod h1:eftuHTlB/dI8Uq8JJOyRlieZf+WkkxUuk0dgdHXr2Qk= github.com/go-openapi/strfmt v0.19.5/go.mod h1:eftuHTlB/dI8Uq8JJOyRlieZf+WkkxUuk0dgdHXr2Qk= -github.com/go-openapi/strfmt v0.19.11/go.mod h1:UukAYgTaQfqJuAFlNxxMWNvMYiwiXtLsF2VwmoFtbtc= -github.com/go-openapi/strfmt v0.20.0/go.mod h1:UukAYgTaQfqJuAFlNxxMWNvMYiwiXtLsF2VwmoFtbtc= -github.com/go-openapi/strfmt v0.20.3 h1:YVG4ZgPZ00km/lRHrIf7c6cKL5/4FAUtG2T9RxWAgDY= -github.com/go-openapi/strfmt v0.20.3/go.mod h1:43urheQI9dNtE5lTZQfuFJvjYJKPrxicATpEfZwHUNk= +github.com/go-openapi/strfmt v0.21.0/go.mod h1:ZRQ409bWMj+SOgXofQAGTIo2Ebu72Gs+WaRADcS5iNg= +github.com/go-openapi/strfmt v0.21.1/go.mod h1:I/XVKeLc5+MM5oPNN7P6urMOpuLXEcNrCX/rPGuWb0k= +github.com/go-openapi/strfmt v0.21.2/go.mod h1:I/XVKeLc5+MM5oPNN7P6urMOpuLXEcNrCX/rPGuWb0k= +github.com/go-openapi/strfmt v0.21.3 h1:xwhj5X6CjXEZZHMWy1zKJxvW9AfHC9pkyUjLvHtKG7o= +github.com/go-openapi/strfmt v0.21.3/go.mod h1:k+RzNO0Da+k3FrrynSNN8F7n/peCmQQqbbXjtDfvmGg= github.com/go-openapi/swag v0.17.0/go.mod h1:AByQ+nYG6gQg71GINrmuDXCPWdL640yX49/kXLo40Tg= github.com/go-openapi/swag v0.18.0/go.mod h1:AByQ+nYG6gQg71GINrmuDXCPWdL640yX49/kXLo40Tg= github.com/go-openapi/swag v0.19.2/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh66Z9tfKk= github.com/go-openapi/swag v0.19.5/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh66Z9tfKk= github.com/go-openapi/swag v0.19.7/go.mod h1:ao+8BpOPyKdpQz3AOJfbeEVpLmWAvlT1IfTe5McPyhY= github.com/go-openapi/swag v0.19.9/go.mod h1:ao+8BpOPyKdpQz3AOJfbeEVpLmWAvlT1IfTe5McPyhY= -github.com/go-openapi/swag v0.19.12/go.mod h1:eFdyEBkTdoAf/9RXBvj4cr1nH7GD8Kzo5HTt47gr72M= -github.com/go-openapi/swag v0.19.13/go.mod h1:QYRuS/SOXUCsnplDa677K7+DxSOj6IPNl/eQntq43wQ= -github.com/go-openapi/swag v0.19.15 h1:D2NRCBzS9/pEY3gP9Nl8aDqGUcPFrwG2p+CNFrLyrCM= github.com/go-openapi/swag v0.19.15/go.mod h1:QYRuS/SOXUCsnplDa677K7+DxSOj6IPNl/eQntq43wQ= +github.com/go-openapi/swag v0.21.1/go.mod h1:QYRuS/SOXUCsnplDa677K7+DxSOj6IPNl/eQntq43wQ= +github.com/go-openapi/swag v0.22.3 h1:yMBqmnQ0gyZvEb/+KzuWZOXgllrXT4SADYbvDaXHv/g= +github.com/go-openapi/swag v0.22.3/go.mod h1:UzaqsxGiab7freDnrUUra0MwWfN/q7tE4j+VcZ0yl14= github.com/go-openapi/validate v0.18.0/go.mod h1:Uh4HdOzKt19xGIGm1qHf/ofbX1YQ4Y+MYsct2VUrAJ4= github.com/go-openapi/validate v0.19.2/go.mod h1:1tRCw7m3jtI8eNWEEliiAqUIcBztB2KDnRCRMUi7GTA= github.com/go-openapi/validate v0.19.3/go.mod h1:90Vh6jjkTn+OT1Eefm0ZixWNFjhtOH7vS9k0lo6zwJo= github.com/go-openapi/validate v0.19.10/go.mod h1:RKEZTUWDkxKQxN2jDT7ZnZi2bhZlbNMAuKvKB+IaGx8= -github.com/go-openapi/validate v0.19.12/go.mod h1:Rzou8hA/CBw8donlS6WNEUQupNvUZ0waH08tGe6kAQ4= -github.com/go-openapi/validate v0.19.15/go.mod h1:tbn/fdOwYHgrhPBzidZfJC2MIVvs9GA7monOmWBbeCI= -github.com/go-openapi/validate v0.20.1 h1:QGQ5CvK74E28t3DkegGweKR+auemUi5IdpMc4x3UW6s= -github.com/go-openapi/validate v0.20.1/go.mod h1:b60iJT+xNNLfaQJUqLI7946tYiFEOuE9E4k54HpKcJ0= +github.com/go-openapi/validate v0.21.0/go.mod h1:rjnrwK57VJ7A8xqfpAOEKRH8yQSGUriMu5/zuPSQ1hg= +github.com/go-openapi/validate v0.22.0 h1:b0QecH6VslW/TxtpKgzpO1SNG7GU2FsaqKdP1E2T50Y= +github.com/go-openapi/validate v0.22.0/go.mod h1:rjnrwK57VJ7A8xqfpAOEKRH8yQSGUriMu5/zuPSQ1hg= github.com/go-pdf/fpdf v0.5.0/go.mod h1:HzcnA+A23uwogo0tp9yU+l3V+KXhiESpt1PMayhOh5M= github.com/go-playground/assert/v2 v2.0.1 h1:MsBgLAaY856+nPRTKrp3/OZK38U/wa0CcBYNjji3q3A= github.com/go-playground/assert/v2 v2.0.1/go.mod h1:VDjEfimB/XKnb+ZQfWdccd7VUvScMdVu0Titje2rxJ4= @@ -727,8 +732,8 @@ github.com/go-sql-driver/mysql v1.6.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LB github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY= github.com/go-stack/stack v1.8.1 h1:ntEHSVwIt7PNXNpgPmVfMrNhLtgjlmnZha2kOpuRiDw= github.com/go-stack/stack v1.8.1/go.mod h1:dcoOX6HbPZSZptuspn9bctJ+N/CnF5gGygcUP3XYfe4= -github.com/go-swagger/go-swagger v0.26.1 h1:1XUWLnH6hKxHzeKjJfA2gHkSqcT1Zgi4q/PZp2hDdN8= -github.com/go-swagger/go-swagger v0.26.1/go.mod h1:zlf/LHplZpdtU2mYXg9Ajd3+9TgHYltv5f/pEM6LjnI= +github.com/go-swagger/go-swagger v0.30.0 h1:HakSyutD7Ek9ndkR8Fxy6WAoQtgu7UcAmZCTa6SzawA= +github.com/go-swagger/go-swagger v0.30.0/go.mod h1:GhZVX/KIBM4VpGp4P7AJOIrlTuBeRVPS+j9kk6rFmfY= github.com/go-swagger/scan-repo-boundary v0.0.0-20180623220736-973b3573c013 h1:l9rI6sNaZgNC0LnF3MiE+qTmyBA/tZAg1rtyrGbUMK0= github.com/go-swagger/scan-repo-boundary v0.0.0-20180623220736-973b3573c013/go.mod h1:b65mBPzqzZWxOZGxSWrqs4GInLIn+u99Q9q7p+GKni0= github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0/go.mod h1:fyg7847qk6SyHyPtNmDHnmrv/HOrqktSC+C9fM+CJOE= @@ -812,6 +817,8 @@ github.com/gogo/protobuf v1.3.0/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXP github.com/gogo/protobuf v1.3.1/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXPKa29o= github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= +github.com/golang-jwt/jwt v3.2.2+incompatible h1:IfV12K8xAKAnZqdXVzCZ+TOjboZ2keLg81eXfW3O+oY= +github.com/golang-jwt/jwt v3.2.2+incompatible/go.mod h1:8pz2t5EyA70fFQQSrl6XZXzqecmYZeUEB8OUGHkxJ+I= github.com/golang-jwt/jwt/v4 v4.1.0 h1:XUgk2Ex5veyVFVeLm0xhusUTQybEbexJXrvPNOKkSY0= github.com/golang-jwt/jwt/v4 v4.1.0/go.mod h1:/xlHOz8bRuivTWchD4jCa+NbatV+wEUSzwAxVc6locg= github.com/golang/freetype v0.0.0-20170609003504-e2365dfdc4a0/go.mod h1:E/TSTwGwJL78qG/PmXZO1EjYhfJinVAhrmmHX6Z8B9k= @@ -880,8 +887,9 @@ github.com/google/go-cmp v0.5.3/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/ github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.5.7 h1:81/ik6ipDQS2aGcBfIN5dHDB36BwrStyeAQquSYCV4o= github.com/google/go-cmp v0.5.7/go.mod h1:n+brtR0CgQNWTVd5ZUFpTBC8YFBDLK/h/bpaJ8/DtOE= +github.com/google/go-cmp v0.5.8 h1:e6P7q2lk1O+qJJb4BtCQXlK8vWEO8V1ZeuEdJNOqZyg= +github.com/google/go-cmp v0.5.8/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/go-github/v27 v27.0.1 h1:sSMFSShNn4VnqCqs+qhab6TS3uQc+uVR6TD1bW6MavM= github.com/google/go-github/v27 v27.0.1/go.mod h1:/0Gr8pJ55COkmv+S/yPKCczSkUPIM/LnFyubufRNIS0= github.com/google/go-github/v28 v28.1.1/go.mod h1:bsqJWQX05omyWVmc00nEUql9mhQyv38lDZ8kPZcQVoM= @@ -934,12 +942,17 @@ github.com/google/uuid v1.2.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+ github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I= github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/google/wire v0.3.0/go.mod h1:i1DMg/Lu8Sz5yYl25iOdmc5CT5qusaa+zmRWs16741s= +github.com/googleapis/enterprise-certificate-proxy v0.0.0-20220520183353-fd19c99a87aa/go.mod h1:17drOmN3MwGY7t0e+Ei9b45FFGA3fBs3x36SsCg1hq8= github.com/googleapis/gax-go v2.0.2+incompatible/go.mod h1:SFVmujtThgffbyetf+mdk2eWhX2bMyUtNHzFKcPA9HY= github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg= github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk= github.com/googleapis/gax-go/v2 v2.1.0/go.mod h1:Q3nei7sK6ybPYH7twZdmQpAd1MKb7pfu6SK+H1/DsU0= github.com/googleapis/gax-go/v2 v2.1.1/go.mod h1:hddJymUZASv3XPyGkUpKj8pPO47Rmb0eJc8R6ouapiM= +github.com/googleapis/gax-go/v2 v2.2.0/go.mod h1:as02EH8zWkzwUoLbBaFeQ+arQaj/OthfcblKl4IGNaM= +github.com/googleapis/gax-go/v2 v2.3.0/go.mod h1:b8LNqSzNabLiUpXKkY7HAR5jr6bIT99EXz9pXxye9YM= +github.com/googleapis/gax-go/v2 v2.4.0/go.mod h1:XOTVJ59hdnfJLIP/dh8n5CGryZR2LxK9wbMD5+iXC6c= github.com/googleapis/gnostic v0.4.1/go.mod h1:LRhVm6pbyptWbWbuZ38d1eyptfvIytN3ir6b65WBswg= +github.com/googleapis/go-type-adapters v1.0.0/go.mod h1:zHW75FOG2aur7gAO2B+MLby+cLsWGBF62rFAi7WjWO4= github.com/googleapis/google-cloud-go-testing v0.0.0-20200911160855-bcd43fbb19e8/go.mod h1:dvDLG8qkwmyD9a/MJJN3XJcT3xFxOKAvTZGvuZmac9g= github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY= github.com/gordonklaus/ineffassign v0.0.0-20200309095847-7953dde2c7bf/go.mod h1:cuNKsD1zp2v6XfE/orVX2QE1LC+i254ceGcVeDT3pTU= @@ -984,8 +997,9 @@ github.com/gtank/cryptopasta v0.0.0-20170601214702-1f550f6f2f69 h1:7xsUJsB2Nrdct github.com/gtank/cryptopasta v0.0.0-20170601214702-1f550f6f2f69/go.mod h1:YLEMZOtU+AZ7dhN9T/IpGhXVGly2bvkJQ+zxj3WeVQo= github.com/hashicorp/consul/api v1.1.0/go.mod h1:VmuI/Lkw1nC05EYQWNKwWGbkg+FbDBtguAZLlVdkD9Q= github.com/hashicorp/consul/api v1.3.0/go.mod h1:MmDNSzIMUjNpY/mQ398R4bk2FnqQLoPndWW5VkKPlCE= -github.com/hashicorp/consul/api v1.11.0 h1:Hw/G8TtRvOElqxVIhBzXciiSTbapq8hZ2XKZsXk5ZCE= github.com/hashicorp/consul/api v1.11.0/go.mod h1:XjsvQN+RJGWI2TWy1/kqaE16HrR2J/FWgkYjdZQsX9M= +github.com/hashicorp/consul/api v1.12.0 h1:k3y1FYv6nuKyNTqj6w9gXOx5r5CfLj/k/euUeBXj1OY= +github.com/hashicorp/consul/api v1.12.0/go.mod h1:6pVBMo0ebnYdt2S3H87XhekM/HHrUoTD2XXb/VrZVy0= github.com/hashicorp/consul/sdk v0.1.1/go.mod h1:VKf9jXwCTEY1QZP2MOLRhb5i/I/ssyNV1vwHyQBF0x8= github.com/hashicorp/consul/sdk v0.3.0/go.mod h1:VKf9jXwCTEY1QZP2MOLRhb5i/I/ssyNV1vwHyQBF0x8= github.com/hashicorp/consul/sdk v0.8.0 h1:OJtKBtEjboEZvG6AOUdh4Z1Zbyu0WcxQ0qatRrZHTVU= @@ -1001,8 +1015,9 @@ github.com/hashicorp/go-hclog v0.0.0-20180709165350-ff2cf002a8dd/go.mod h1:9bjs9 github.com/hashicorp/go-hclog v0.8.0/go.mod h1:5CU+agLiy3J7N7QjHK5d05KxGsuXiQLrjA0H7acj2lQ= github.com/hashicorp/go-hclog v0.9.2/go.mod h1:5CU+agLiy3J7N7QjHK5d05KxGsuXiQLrjA0H7acj2lQ= github.com/hashicorp/go-hclog v0.12.0/go.mod h1:whpDNt7SSdeAju8AWKIWsul05p54N/39EeqMAyrmvFQ= -github.com/hashicorp/go-hclog v1.0.0 h1:bkKf0BeBXcSYa7f5Fyi9gMuQ8gNsxeiNpZjR6VxNZeo= github.com/hashicorp/go-hclog v1.0.0/go.mod h1:whpDNt7SSdeAju8AWKIWsul05p54N/39EeqMAyrmvFQ= +github.com/hashicorp/go-hclog v1.2.0 h1:La19f8d7WIlm4ogzNHB0JGqs5AUDAZ2UfCY4sJXcJdM= +github.com/hashicorp/go-hclog v1.2.0/go.mod h1:whpDNt7SSdeAju8AWKIWsul05p54N/39EeqMAyrmvFQ= github.com/hashicorp/go-immutable-radix v1.0.0/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60= github.com/hashicorp/go-immutable-radix v1.3.1 h1:DKHmCUm2hRBK510BaiZlwvpD40f8bJFeZnpfm2KLowc= github.com/hashicorp/go-immutable-radix v1.3.1/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60= @@ -1050,16 +1065,19 @@ github.com/hashicorp/memberlist v0.3.0 h1:8+567mCcFDnS5ADl7lrpxPMWiFCElyUEeW0gtj github.com/hashicorp/memberlist v0.3.0/go.mod h1:MS2lj3INKhZjWNqd3N0m3J+Jxf3DAOnAH9VT3Sh9MUE= github.com/hashicorp/serf v0.8.2/go.mod h1:6hOLApaqBFA1NXqRQAsxw9QxuDEvNxSQRwA/JwenrHc= github.com/hashicorp/serf v0.9.5/go.mod h1:UWDWwZeL5cuWDJdl0C6wrvrUwEqtQ4ZKBKKENpqIUyk= -github.com/hashicorp/serf v0.9.6 h1:uuEX1kLR6aoda1TBttmJQKDLZE1Ob7KN0NPdE7EtCDc= github.com/hashicorp/serf v0.9.6/go.mod h1:TXZNMjZQijwlDvp+r0b63xZ45H7JmCmgg4gpTwn9UV4= +github.com/hashicorp/serf v0.9.7 h1:hkdgbqizGQHuU5IPqYM1JdSMV8nKfpuOnZYXssk9muY= +github.com/hashicorp/serf v0.9.7/go.mod h1:TXZNMjZQijwlDvp+r0b63xZ45H7JmCmgg4gpTwn9UV4= github.com/hashicorp/vault/api v1.0.4/go.mod h1:gDcqh3WGcR1cpF5AJz/B1UFheUEneMoIospckxBxk6Q= github.com/hashicorp/vault/sdk v0.1.13/go.mod h1:B+hVj7TpuQY1Y/GPbCpffmgd+tSEwvhkWnjtSYCaS2M= github.com/hashicorp/yamux v0.0.0-20180604194846-3520598351bb/go.mod h1:+NfK9FKeTrX5uv1uIXGdwYDTeHna2qgaIlx54MXqjAM= github.com/hashicorp/yamux v0.0.0-20181012175058-2f1d1f20f75d/go.mod h1:+NfK9FKeTrX5uv1uIXGdwYDTeHna2qgaIlx54MXqjAM= github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU= github.com/huandu/xstrings v1.0.0/go.mod h1:4qWG/gcEcfX4z/mBDHJ++3ReCw9ibxbsNJbcucJdbSo= -github.com/huandu/xstrings v1.2.0 h1:yPeWdRnmynF7p+lLYz0H2tthW9lqhMJrQV/U7yy4wX0= github.com/huandu/xstrings v1.2.0/go.mod h1:DvyZB1rfVYsBIigL8HwpZgxHwXozlTgGqn63UyNX5k4= +github.com/huandu/xstrings v1.3.1/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE= +github.com/huandu/xstrings v1.3.2 h1:L18LIDzqlW6xN2rEkpdV8+oL/IXWJ1APd+vsdYy4Wdw= +github.com/huandu/xstrings v1.3.2/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE= github.com/hudl/fargo v1.3.0/go.mod h1:y3CKSmjA+wD2gak7sUSXTAoopbhU08POFhmITJgmKTg= github.com/iancoleman/strcase v0.0.0-20180726023541-3605ed457bf7/go.mod h1:SK73tn/9oHe+/Y0h39VT4UCxmurVJkR5NA7kMEAOgSE= github.com/iancoleman/strcase v0.2.0/go.mod h1:iwCmte+B7n89clKwxIoIXy/HfoL7AsD47ZCWhYzw7ho= @@ -1067,7 +1085,6 @@ github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1: github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= github.com/imdario/mergo v0.3.4/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA= github.com/imdario/mergo v0.3.5/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA= -github.com/imdario/mergo v0.3.7/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA= github.com/imdario/mergo v0.3.8/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA= github.com/imdario/mergo v0.3.9/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA= github.com/imdario/mergo v0.3.10/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA= @@ -1147,8 +1164,9 @@ github.com/jcmturner/gofork v1.0.0/go.mod h1:MK8+TM0La+2rjBD4jE12Kj1pCCxK7d2LK/U github.com/jcmturner/goidentity/v6 v6.0.1/go.mod h1:X1YW3bgtvwAXju7V3LCIMpY0Gbxyjn/mY9zx4tFonSg= github.com/jcmturner/gokrb5/v8 v8.4.2/go.mod h1:sb+Xq/fTY5yktf/VxLsE3wlfPqQjp0aWNYyvBVK62bc= github.com/jcmturner/rpc/v2 v2.0.3/go.mod h1:VUJYCIDm3PVOEHw8sgt091/20OJjskO/YJki3ELg/Hc= -github.com/jessevdk/go-flags v1.4.0 h1:4IU2WS7AumrZ/40jfhf4QVDMsQwqA7VEHozFRrGARJA= github.com/jessevdk/go-flags v1.4.0/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI= +github.com/jessevdk/go-flags v1.5.0 h1:1jKYvbxEjfUl0fmqTCOfonvskHHXMjBySTLW4y9LFvc= +github.com/jessevdk/go-flags v1.5.0/go.mod h1:Fw0T6WPc1dYxT4mKEZRfG5kJhaTDP9pj1c2EWnYs/m4= github.com/jhump/protoreflect v1.6.1/go.mod h1:RZQ/lnuN+zqeRVpQigTwO6o0AJUkxbnSnpuG7toUTG4= github.com/jhump/protoreflect v1.8.2 h1:k2xE7wcUomeqwY0LDCYA16y4WWfyTcMx5mKhk0d4ua0= github.com/jhump/protoreflect v1.8.2/go.mod h1:7GcYQDdMU/O/BBrl/cX6PNHpXh6cenjd8pneu5yW7Tg= @@ -1337,7 +1355,6 @@ github.com/mitchellh/mapstructure v0.0.0-20160808181253-ca63d7c062ee/go.mod h1:F github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y= github.com/mitchellh/mapstructure v1.3.2/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= github.com/mitchellh/mapstructure v1.3.3/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= -github.com/mitchellh/mapstructure v1.4.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= github.com/mitchellh/mapstructure v1.4.1/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= github.com/mitchellh/mapstructure v1.4.2/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= github.com/mitchellh/mapstructure v1.4.3/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= @@ -1488,8 +1505,8 @@ github.com/ory/sessions v1.2.2-0.20220110165800-b09c17334dc2 h1:zm6sDvHy/U9XrGpi github.com/ory/sessions v1.2.2-0.20220110165800-b09c17334dc2/go.mod h1:dk2InVEVJ0sfLlnXv9EAgkf6ecYs/i80K/zI+bUmuGM= github.com/ory/viper v1.7.5 h1:+xVdq7SU3e1vNaCsk/ixsfxE4zylk1TJUiJrY647jUE= github.com/ory/viper v1.7.5/go.mod h1:ypOuyJmEUb3oENywQZRgeAMwqgOyDqwboO1tj3DjTaM= -github.com/ory/x v0.0.454 h1:hDKNrFFMBkBrSHlTY1w+IhZ9CnxMpMz8RRaiaRtxQgA= -github.com/ory/x v0.0.454/go.mod h1:i3TlzVVChaun6sfVscSqGyPr7IuzC3C0aSgS+ODSbNQ= +github.com/ory/x v0.0.460 h1:p5sYRjtHeVVMvCWtd8PWzoPl7Br0IfoalNJr22qnZCE= +github.com/ory/x v0.0.460/go.mod h1:w2gwqgw3XqKTxW8wURVxUFI2NuDyIC2rGxvEsnBJqjs= github.com/otiai10/copy v1.2.0/go.mod h1:rrF5dJ5F0t/EWSYODDu4j9/vEeYHMkc8jt0zJChqQWw= github.com/otiai10/curr v0.0.0-20150429015615-9b4961190c95/go.mod h1:9qAhocn7zKJG+0mI8eUu6xqkFDYS2kb2saOteoSB3cE= github.com/otiai10/curr v1.0.0/go.mod h1:LskTG5wDwr8Rs+nNQ+1LlxRjAtTZZjtJW4rMXl6j4vs= @@ -1510,6 +1527,8 @@ github.com/pelletier/go-toml v1.8.1/go.mod h1:T2/BmBdy8dvIRq1a/8aqjN41wvWlN4lrap github.com/pelletier/go-toml v1.9.4/go.mod h1:u1nR/EPcESfeI/szUZKdtJ0xRNbUoANCkoOuaOx1Y+c= github.com/pelletier/go-toml v1.9.5 h1:4yBQzkHv+7BHq2PQUZF3Mx0IYxG7LsP222s7Agd3ve8= github.com/pelletier/go-toml v1.9.5/go.mod h1:u1nR/EPcESfeI/szUZKdtJ0xRNbUoANCkoOuaOx1Y+c= +github.com/pelletier/go-toml/v2 v2.0.1 h1:8e3L2cCQzLFi2CR4g7vGFuFxX7Jl1kKX8gW+iV0GUKU= +github.com/pelletier/go-toml/v2 v2.0.1/go.mod h1:r9LEWfGN8R5k0VXJ+0BkIe7MYkRdwZOjgMj2KwnJFUo= github.com/performancecopilot/speed v3.0.0+incompatible/go.mod h1:/CLtqpZ5gBg1M9iaPbIdPPGyKcA8hKdoy6hAWba7Yac= github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR/tNboyR3/BZd58JJSHlUSCU= github.com/phayes/freeport v0.0.0-20180830031419-95f893ade6f2 h1:JhzVVoYvbOACxoUmOs6V/G4D5nPVUW73rKvXxP4XUJc= @@ -1541,8 +1560,8 @@ github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZN github.com/posener/complete v1.1.1/go.mod h1:em0nMJCgc9GFtwrmVmEMR/ZL6WyhyjMBndrE9hABlRI= github.com/posener/complete v1.2.3/go.mod h1:WZIdtGGp+qx0sLrYKtIRAruyNpv6hFCicSgv7Sy7s/s= github.com/pquerna/cachecontrol v0.0.0-20171018203845-0dec1b30a021/go.mod h1:prYjPmNq4d1NPVmpShWobRqXY3q7Vp+80DqgxxUrUIA= -github.com/pquerna/cachecontrol v0.0.0-20200921180117-858c6e7e6b7e h1:BLqxdwZ6j771IpSCRx7s/GJjXHUE00Hmu7/YegCGdzA= -github.com/pquerna/cachecontrol v0.0.0-20200921180117-858c6e7e6b7e/go.mod h1:hoLfEwdY11HjRfKFH6KqnPsfxlo3BP6bJehpDv8t6sQ= +github.com/pquerna/cachecontrol v0.1.0 h1:yJMy84ti9h/+OEWa752kBTKv4XC30OtVVHYv/8cTqKc= +github.com/pquerna/cachecontrol v0.1.0/go.mod h1:NrUG3Z7Rdu85UNR3vm7SOsl1nFIeSiQnrHV5K9mBcUI= github.com/pquerna/otp v1.3.0 h1:oJV/SkzR33anKXwQU3Of42rL4wbrffP4uvUf1SvS5Xs= github.com/pquerna/otp v1.3.0/go.mod h1:dkJfzwRKNiegxyNb54X/3fLwhCynbMspSyWKnvi1AEg= github.com/prometheus/client_golang v0.0.0-20180209125602-c332b6f63c06/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw= @@ -1556,8 +1575,9 @@ github.com/prometheus/client_golang v1.4.0/go.mod h1:e9GMxYsXl05ICDXkRhurwBS4Q3O github.com/prometheus/client_golang v1.5.1/go.mod h1:e9GMxYsXl05ICDXkRhurwBS4Q3OK1iX/F2sw+iXX5zU= github.com/prometheus/client_golang v1.7.1/go.mod h1:PY5Wy2awLA44sXw4AOSfFBetzPP4j5+D6mVACh+pe2M= github.com/prometheus/client_golang v1.10.0/go.mod h1:WJM3cc3yu7XKBKa/I8WeZm+V3eltZnBwfENSU7mdogU= -github.com/prometheus/client_golang v1.11.0 h1:HNkLOAEQMIDv/K+04rukrLx6ch7msSRwf3/SASFAGtQ= github.com/prometheus/client_golang v1.11.0/go.mod h1:Z6t4BnS23TR94PD6BsDNk8yVqroYurpAkEiz0P2BEV0= +github.com/prometheus/client_golang v1.11.1 h1:+4eQaD7vAZ6DsfsxB15hbE0odUjGI5ARs9yskGu1v4s= +github.com/prometheus/client_golang v1.11.1/go.mod h1:Z6t4BnS23TR94PD6BsDNk8yVqroYurpAkEiz0P2BEV0= github.com/prometheus/client_model v0.0.0-20171117100541-99fa1f4be8e5/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo= github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo= github.com/prometheus/client_model v0.0.0-20190115171406-56726106282f/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo= @@ -1616,8 +1636,9 @@ github.com/rogpeppe/go-internal v1.2.2/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFR github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= github.com/rogpeppe/go-internal v1.6.1/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc= github.com/rogpeppe/go-internal v1.6.2/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc= -github.com/rogpeppe/go-internal v1.8.0 h1:FCbCCtXNOY3UtUuHUYaghJg4y7Fd14rXifAYUAtL9R8= github.com/rogpeppe/go-internal v1.8.0/go.mod h1:WmiCO8CzOY8rg0OYDC4/i/2WRWAB6poM+XZ2dLUbcbE= +github.com/rogpeppe/go-internal v1.9.0 h1:73kH8U+JUqXU8lRuOHeVHaa/SZPifC7BkcraZVejAe8= +github.com/rogpeppe/go-internal v1.9.0/go.mod h1:WtVeX8xhTBvf0smdhujwtBcq4Qrzq/fJaraNFVN+nFs= github.com/rs/cors v1.7.0/go.mod h1:gFx+x8UowdsKA9AchylcLynDq+nNFfI8FkUZdN/jGCU= github.com/rs/cors v1.8.2 h1:KCooALfAYGs415Cwu5ABvv9n9509fSiG5SQJn/AQo4U= github.com/rs/cors v1.8.2/go.mod h1:XyqrcTp5zjWr1wsJ8PIRZssZ8b/WMcMf71DJnit4EMU= @@ -1636,6 +1657,7 @@ github.com/ryanuber/columnize v2.1.0+incompatible/go.mod h1:sm1tb6uqfes/u+d4ooFo github.com/ryanuber/go-glob v1.0.0/go.mod h1:807d1WSdnB0XRJzKNil9Om6lcp/3a0v4qIHxIXzX/Yc= github.com/safchain/ethtool v0.0.0-20190326074333-42ed695e3de8/go.mod h1:Z0q5wiBQGYcxhMZ6gUqHn6pYNLypFAvaL3UvgZLR0U4= github.com/sagikazarmark/crypt v0.3.0/go.mod h1:uD/D+6UF4SrIR1uGEv7bBNkNqLGqUr43MRiaGWX1Nig= +github.com/sagikazarmark/crypt v0.6.0/go.mod h1:U8+INwJo3nBv1m6A/8OBXAq7Jnpspk5AxSgDyEQcea8= github.com/samuel/go-zookeeper v0.0.0-20190923202752-2cc03de413da/go.mod h1:gi+0XIa01GRL2eRQVjQkKGqKF3SF9vZR/HnPullcV2E= github.com/santhosh-tekuri/jsonschema v1.2.4/go.mod h1:TEAUOeZSmIxTTuHatJzrvARHiuO9LYd+cIxzgEHCQI4= github.com/sassoftware/go-rpmutils v0.0.0-20190420191620-a8f1baeba37b/go.mod h1:am+Fp8Bt506lA3Rk3QCmSqmYmLMnPDhdDUcosQCAx+I= @@ -1694,7 +1716,6 @@ github.com/spf13/afero v1.1.2/go.mod h1:j4pytiNVoe2o6bmDsKpLACNPDBIoEAkihy7loJ1B github.com/spf13/afero v1.2.2/go.mod h1:9ZxEEn6pIJ8Rxe320qSDBk6AsU0r9pR7Q4OcevTdifk= github.com/spf13/afero v1.3.3/go.mod h1:5KUK8ByomD5Ti5Artl0RtHeI5pTF7MIDuXL3yY520V4= github.com/spf13/afero v1.3.4/go.mod h1:Ai8FlHk4v/PARR026UzYexafAt9roJ7LcLMAmO6Z93I= -github.com/spf13/afero v1.4.1/go.mod h1:Ai8FlHk4v/PARR026UzYexafAt9roJ7LcLMAmO6Z93I= github.com/spf13/afero v1.5.1/go.mod h1:Ai8FlHk4v/PARR026UzYexafAt9roJ7LcLMAmO6Z93I= github.com/spf13/afero v1.6.0/go.mod h1:Ai8FlHk4v/PARR026UzYexafAt9roJ7LcLMAmO6Z93I= github.com/spf13/afero v1.8.2 h1:xehSyVa0YnHWsJ49JFljMpg1HX19V6NDZ1fkm1Xznbo= @@ -1726,9 +1747,9 @@ github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An github.com/spf13/viper v1.3.2/go.mod h1:ZiWeW+zYFKm7srdB9IoDzzZXaJaI5eL9QjNiN/DMA2s= github.com/spf13/viper v1.4.0/go.mod h1:PTJ7Z/lr49W6bUbkmS1V3by4uWynFiR9p7+dSq/yZzE= github.com/spf13/viper v1.7.0/go.mod h1:8WkrPz2fc9jxqZNCJI/76HCieCp4Q8HaLFoCha5qpdg= -github.com/spf13/viper v1.7.1/go.mod h1:8WkrPz2fc9jxqZNCJI/76HCieCp4Q8HaLFoCha5qpdg= -github.com/spf13/viper v1.10.0 h1:mXH0UwHS4D2HwWZa75im4xIQynLfblmWV7qcWpfv0yk= github.com/spf13/viper v1.10.0/go.mod h1:SoyBPwAtKDzypXNDFKN5kzH7ppppbGZtls1UpIy5AsM= +github.com/spf13/viper v1.12.0 h1:CZ7eSOd3kZoaYDLbXnmzgQI5RlciuXBMA+18HwHRfZQ= +github.com/spf13/viper v1.12.0/go.mod h1:b6COn30jlNxbm/V2IqWiNWkJ+vZNiMNksliPCiuKtSI= github.com/sqs/goreturns v0.0.0-20181028201513-538ac6014518 h1:iD+PFTQwKEmbwSdwfvP5ld2WEI/g7qbdhmHJ2ASfYGs= github.com/sqs/goreturns v0.0.0-20181028201513-538ac6014518/go.mod h1:CKI4AZ4XmGV240rTHfO0hfE83S6/a3/Q1siZJ/vXf7A= github.com/square/go-jose/v3 v3.0.0-20200630053402-0a67ce9b0693/go.mod h1:6hSY48PjDm4UObWmGLyJE9DxYVKTgR9kbCspXXJEhcU= @@ -1752,10 +1773,12 @@ github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5 github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= +github.com/stretchr/testify v1.7.2/go.mod h1:R6va5+xMeoiuVRoj+gSkQ7d3FALtqAAGI1FQKckRals= github.com/stretchr/testify v1.8.0 h1:pSgiaMZlXftHpm5L7V1+rVB+AZJydKsMxsQBIJw4PKk= github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= -github.com/subosito/gotenv v1.2.0 h1:Slr1R9HxAlEKefgq5jn9U+DnETlIUa6HfgEzj0g5d7s= github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69rRypqCw= +github.com/subosito/gotenv v1.3.0 h1:mjC+YW8QpAdXibNi+vNWgzmgBH4+5l5dCXv8cNysBLI= +github.com/subosito/gotenv v1.3.0/go.mod h1:YzJjq/33h7nrwdY+iHMhEOEEbW0ovIz0tB6t6PwAXzs= github.com/syndtr/gocapability v0.0.0-20170704070218-db04d3cc01c8/go.mod h1:hkRG7XYTFWNJGYcbNJQlaLq0fg1yr4J4t/NcTQtrfww= github.com/syndtr/gocapability v0.0.0-20180916011248-d98352740cb2/go.mod h1:hkRG7XYTFWNJGYcbNJQlaLq0fg1yr4J4t/NcTQtrfww= github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635/go.mod h1:hkRG7XYTFWNJGYcbNJQlaLq0fg1yr4J4t/NcTQtrfww= @@ -1806,7 +1829,6 @@ github.com/urfave/negroni v1.0.0 h1:kIimOitoypq34K7TG7DUaJ9kq/N4Ofuwi1sjz0KipXc= github.com/urfave/negroni v1.0.0/go.mod h1:Meg73S6kFm/4PpbYdq35yYWoCZ9mS/YSx+lKnmiohz4= github.com/valyala/bytebufferpool v1.0.0/go.mod h1:6bBcMArwyJ5K/AmCkWv1jt77kVWyCJ6HpOuEn7z0Csc= github.com/valyala/fasttemplate v1.0.1/go.mod h1:UQGH1tvbgY+Nz5t2n7tXsz52dQxojPUpymEIMZ47gx8= -github.com/vektah/gqlparser v1.1.2/go.mod h1:1ycwN7Ij5njmMkPPAOaRFY4rET2Enx7IkVv3vaXspKw= github.com/vishvananda/netlink v0.0.0-20181108222139-023a6dafdcdf/go.mod h1:+SR5DhBJrl6ZM7CoCKvpw5BKroDKQ+PJqOg65H/2ktk= github.com/vishvananda/netlink v1.1.0/go.mod h1:cTgwzPIzzgDAYoQrMm0EdrjRUBkTqKYppBueQtXaqoE= github.com/vishvananda/netlink v1.1.1-0.20201029203352-d40f9887b852/go.mod h1:twkDnbuQxJYemMlGd4JFIcuhgX83tXhKS2B/PRMpOho= @@ -1847,6 +1869,7 @@ github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9dec github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= github.com/yuin/goldmark v1.4.0/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= github.com/yuin/goldmark v1.4.1/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= +github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= github.com/yvasiyarov/go-metrics v0.0.0-20140926110328-57bccd1ccd43/go.mod h1:aX5oPXxHm3bOH+xeAttToC8pqch2ScQN/JoXYupl6xs= github.com/yvasiyarov/gorelic v0.0.0-20141212073537-a9bba5b9ab50/go.mod h1:NUSPSUX/bi6SeDMUh6brw0nXpxHnc96TguQh0+r/ssA= github.com/yvasiyarov/newrelic_platform_go v0.0.0-20140908184405-b21fdbd4370f/go.mod h1:GlGEuHIJweS1mbCqG+7vt2nvWLzLLnRHbXz5JKd/Qbg= @@ -1871,15 +1894,19 @@ go.etcd.io/etcd v0.0.0-20191023171146-3cf2f69b5738/go.mod h1:dnLIgRNXwCJa5e+c6mI go.etcd.io/etcd v0.5.0-alpha.5.0.20200910180754-dd1b699fc489 h1:1JFLBqwIgdyHN1ZtgjTBwO+blA6gVOmZurpiMEsETKo= go.etcd.io/etcd v0.5.0-alpha.5.0.20200910180754-dd1b699fc489/go.mod h1:yVHk9ub3CSBatqGNg7GRmsnfLWtoW60w4eDYfh7vHDg= go.etcd.io/etcd/api/v3 v3.5.0-alpha.0/go.mod h1:mPcW6aZJukV6Aa81LSKpBjQXTWlXB5r74ymPoSWa3Sw= -go.etcd.io/etcd/api/v3 v3.5.1 h1:v28cktvBq+7vGyJXF8G+rWJmj+1XUmMtqcLnH8hDocM= go.etcd.io/etcd/api/v3 v3.5.1/go.mod h1:cbVKeC6lCfl7j/8jBhAK6aIYO9XOjdptoxU/nLQcPvs= -go.etcd.io/etcd/client/pkg/v3 v3.5.1 h1:XIQcHCFSG53bJETYeRJtIxdLv2EWRGxcfzR8lSnTH4E= +go.etcd.io/etcd/api/v3 v3.5.4 h1:OHVyt3TopwtUQ2GKdd5wu3PmmipR4FTwCqoEjSyRdIc= +go.etcd.io/etcd/api/v3 v3.5.4/go.mod h1:5GB2vv4A4AOn3yk7MftYGHkUfGtDHnEraIjym4dYz5A= go.etcd.io/etcd/client/pkg/v3 v3.5.1/go.mod h1:IJHfcCEKxYu1Os13ZdwCwIUTUVGYTSAM3YSwc9/Ac1g= +go.etcd.io/etcd/client/pkg/v3 v3.5.4 h1:lrneYvz923dvC14R54XcA7FXoZ3mlGZAgmwhfm7HqOg= +go.etcd.io/etcd/client/pkg/v3 v3.5.4/go.mod h1:IJHfcCEKxYu1Os13ZdwCwIUTUVGYTSAM3YSwc9/Ac1g= go.etcd.io/etcd/client/v2 v2.305.0-alpha.0/go.mod h1:kdV+xzCJ3luEBSIeQyB/OEKkWKd8Zkux4sbDeANrosU= -go.etcd.io/etcd/client/v2 v2.305.1 h1:vtxYCKWA9x31w0WJj7DdqsHFNjhkigdAnziDtkZb/l4= go.etcd.io/etcd/client/v2 v2.305.1/go.mod h1:pMEacxZW7o8pg4CrFE7pquyCJJzZvkvdD2RibOCCCGs= -go.etcd.io/etcd/client/v3 v3.5.0-alpha.0 h1:dr1EOILak2pu4Nf5XbRIOCNIBjcz6UmkQd7hHRXwxaM= +go.etcd.io/etcd/client/v2 v2.305.4 h1:Dcx3/MYyfKcPNLpR4VVQUP5KgYrBeJtktBwEKkw08Ao= +go.etcd.io/etcd/client/v2 v2.305.4/go.mod h1:Ud+VUwIi9/uQHOMA+4ekToJ12lTxlv0zB/+DHwTGEbU= go.etcd.io/etcd/client/v3 v3.5.0-alpha.0/go.mod h1:wKt7jgDgf/OfKiYmCq5WFGxOFAkVMLxiiXgLDFhECr8= +go.etcd.io/etcd/client/v3 v3.5.4 h1:p83BUL3tAYS0OT/r0qglgc3M1JjhM0diV8DSWAhVXv4= +go.etcd.io/etcd/client/v3 v3.5.4/go.mod h1:ZaRkVgBZC+L+dLCjTcF1hRXpgZXQPOvnA/Ak/gq3kiY= go.etcd.io/etcd/etcdctl/v3 v3.5.0-alpha.0 h1:odMFuQQCg0UmPd7Cyw6TViRYv9ybGuXuki4CusDSzqA= go.etcd.io/etcd/etcdctl/v3 v3.5.0-alpha.0/go.mod h1:YPwSaBciV5G6Gpt435AasAG3ROetZsKNUzibRa/++oo= go.etcd.io/etcd/pkg/v3 v3.5.0-alpha.0 h1:3yLUEC0nFCxw/RArImOyRUI4OAFbg4PFpBbAhSNzKNY= @@ -1918,40 +1945,34 @@ go.opentelemetry.io/contrib/samplers/jaegerremote v0.0.0-20220314184135-32895002 go.opentelemetry.io/otel v1.0.1/go.mod h1:OPEOD4jIT2SlZPMmwT6FqZz2C0ZNdQqiWcoK6M0SNFU= go.opentelemetry.io/otel v1.4.0/go.mod h1:jeAqMFKy2uLIxCtKxoFj0FAL5zAPKQagc3+GtBWakzk= go.opentelemetry.io/otel v1.4.1/go.mod h1:StM6F/0fSwpd8dKWDCdRr7uRvEPYdW0hBSlbdTiUde4= -go.opentelemetry.io/otel v1.5.0/go.mod h1:Jm/m+rNp/z0eqJc74H7LPwQ3G87qkU/AnnAydAjSAHk= -go.opentelemetry.io/otel v1.6.3/go.mod h1:7BgNga5fNlF/iZjG06hM3yofffp0ofKCDwSXx1GC4dI= -go.opentelemetry.io/otel v1.7.0 h1:Z2lA3Tdch0iDcrhJXDIlC94XE+bxok1F9B+4Lz/lGsM= -go.opentelemetry.io/otel v1.7.0/go.mod h1:5BdUoMIz5WEs0vt0CUEMtSSaTSHBBVwrhnz7+nrD5xk= -go.opentelemetry.io/otel/bridge/opentracing v1.6.3/go.mod h1:3SVwOElsIpFiclDeQ4aB7EO/Y1Lm0IXUsLh5TYjHTxo= -go.opentelemetry.io/otel/exporters/jaeger v1.5.0 h1:ZR7nhLSfLufS5AHk/iN11Q+W9XYwsJrVZ1Frb833d+Y= -go.opentelemetry.io/otel/exporters/jaeger v1.5.0/go.mod h1:rSeUArMBRe1eQLo1T0WxOazohN1M2mYThWJQmn1BjRQ= -go.opentelemetry.io/otel/exporters/otlp/internal/retry v1.6.3 h1:nAmg1WgsUXoXf46dJG9eS/AzOcvkCTK4xJSUYpWyHYg= -go.opentelemetry.io/otel/exporters/otlp/internal/retry v1.6.3/go.mod h1:NEu79Xo32iVb+0gVNV8PMd7GoWqnyDXRlj04yFjqz40= -go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.6.3 h1:4/UjHWMVVc5VwX/KAtqJOHErKigMCH8NexChMuanb/o= -go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.6.3/go.mod h1:UJmXdiVVBaZ63umRUTwJuCMAV//GCMvDiQwn703/GoY= -go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.6.3 h1:ufVuVt/g16GZ/yDOyp+AcCGebGX8u4z7kDRuwEX0DkA= -go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.6.3/go.mod h1:S18p8VK4KRHHyAg5rH3iUnJUcRvIUg9xwIWtq1MWibM= -go.opentelemetry.io/otel/exporters/zipkin v1.7.0 h1:X0FZj+kaIdLi29UiyrEGDhRTYsEXj9GdEW5Y39UQFEE= -go.opentelemetry.io/otel/exporters/zipkin v1.7.0/go.mod h1:9YBXeOMFLQGwNEjsxMRiWPGoJX83usGMhbCmxUbNe5I= +go.opentelemetry.io/otel v1.9.0 h1:8WZNQFIB2a71LnANS9JeyidJKKGOOremcUtb/OtHISw= +go.opentelemetry.io/otel v1.9.0/go.mod h1:np4EoPGzoPs3O67xUVNoPPcmSvsfOxNlNA4F4AC+0Eo= +go.opentelemetry.io/otel/bridge/opentracing v1.9.0/go.mod h1:QYKRAmt+MWDoudzsVKYSutcVs9scYhc2K6YspGV/LLw= +go.opentelemetry.io/otel/exporters/jaeger v1.9.0 h1:gAEgEVGDWwFjcis9jJTOJqZNxDzoZfR12WNIxr7g9Ww= +go.opentelemetry.io/otel/exporters/jaeger v1.9.0/go.mod h1:hquezOLVAybNW6vanIxkdLXTXvzlj2Vn3wevSP15RYs= +go.opentelemetry.io/otel/exporters/otlp/internal/retry v1.9.0 h1:ggqApEjDKczicksfvZUCxuvoyDmR6Sbm56LwiK8DVR0= +go.opentelemetry.io/otel/exporters/otlp/internal/retry v1.9.0/go.mod h1:78XhIg8Ht9vR4tbLNUhXsiOnE2HOuSeKAiAcoVQEpOY= +go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.9.0 h1:NN90Cuna0CnBg8YNu1Q0V35i2E8LDByFOwHRCq/ZP9I= +go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.9.0/go.mod h1:0EsCXjZAiiZGnLdEUXM9YjCKuuLZMYyglh2QDXcYKVA= +go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.9.0 h1:FAF9l8Wjxi9Ad2k/vLTfHZyzXYX72C62wBGpV3G6AIo= +go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.9.0/go.mod h1:smUdtylgc0YQiUr2PuifS4hBXhAS5xtR6WQhxP1wiNA= +go.opentelemetry.io/otel/exporters/zipkin v1.9.0 h1:06b/nt6xao6th00aue9WU3ZDTTe+InaMXA/vym6pLuA= +go.opentelemetry.io/otel/exporters/zipkin v1.9.0/go.mod h1:HyIvYIu37wV4Wx5azd7e05x9k/dOz9KB4x0plw2QNvs= go.opentelemetry.io/otel/internal/metric v0.27.0 h1:9dAVGAfFiiEq5NVB9FUJ5et+btbDQAUIJehJ+ikyryk= go.opentelemetry.io/otel/internal/metric v0.27.0/go.mod h1:n1CVxRqKqYZtqyTh9U/onvKapPGv7y/rpyOTI+LFNzw= go.opentelemetry.io/otel/metric v0.27.0 h1:HhJPsGhJoKRSegPQILFbODU56NS/L1UE4fS1sC5kIwQ= go.opentelemetry.io/otel/metric v0.27.0/go.mod h1:raXDJ7uP2/Jc0nVZWQjJtzoyssOYWu/+pjZqRzfvZ7g= go.opentelemetry.io/otel/sdk v1.4.1/go.mod h1:NBwHDgDIBYjwK2WNu1OPgsIc2IJzmBXNnvIJxJc8BpE= -go.opentelemetry.io/otel/sdk v1.5.0/go.mod h1:CU4J1v+7iEljnm1G14QjdFWOXUyYLHVh0Lh+/BTYyFg= -go.opentelemetry.io/otel/sdk v1.6.3/go.mod h1:A4iWF7HTXa+GWL/AaqESz28VuSBIcZ+0CV+IzJ5NMiQ= -go.opentelemetry.io/otel/sdk v1.7.0 h1:4OmStpcKVOfvDOgCt7UriAPtKolwIhxpnSNI/yK+1B0= -go.opentelemetry.io/otel/sdk v1.7.0/go.mod h1:uTEOTwaqIVuTGiJN7ii13Ibp75wJmYUDe374q6cZwUU= +go.opentelemetry.io/otel/sdk v1.9.0 h1:LNXp1vrr83fNXTHgU8eO89mhzxb/bbWAsHG6fNf3qWo= +go.opentelemetry.io/otel/sdk v1.9.0/go.mod h1:AEZc8nt5bd2F7BC24J5R0mrjYnpEgYHyTcM/vrSple4= go.opentelemetry.io/otel/trace v1.0.1/go.mod h1:5g4i4fKLaX2BQpSBsxw8YYcgKpMMSW3x7ZTuYBr3sUk= go.opentelemetry.io/otel/trace v1.4.0/go.mod h1:uc3eRsqDfWs9R7b92xbQbU42/eTNz4N+gLP8qJCi4aE= go.opentelemetry.io/otel/trace v1.4.1/go.mod h1:iYEVbroFCNut9QkwEczV9vMRPHNKSSwYZjulEtsmhFc= -go.opentelemetry.io/otel/trace v1.5.0/go.mod h1:sq55kfhjXYr1zVSyexg0w1mpa03AYXR5eyTkB9NPPdE= -go.opentelemetry.io/otel/trace v1.6.3/go.mod h1:GNJQusJlUgZl9/TQBPKU/Y/ty+0iVB5fjhKeJGZPGFs= -go.opentelemetry.io/otel/trace v1.7.0 h1:O37Iogk1lEkMRXewVtZ1BBTVn5JEp8GrJvP92bJqC6o= -go.opentelemetry.io/otel/trace v1.7.0/go.mod h1:fzLSB9nqR2eXzxPXb2JW9IKE+ScyXA48yyE4TNvoHqU= +go.opentelemetry.io/otel/trace v1.9.0 h1:oZaCNJUjWcg60VXWee8lJKlqhPbXAPB51URuR47pQYc= +go.opentelemetry.io/otel/trace v1.9.0/go.mod h1:2737Q0MuG8q1uILYm2YYVkAyLtOofiTNGg6VODnOiPo= go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqeYNgFYFoEGnI= -go.opentelemetry.io/proto/otlp v0.15.0 h1:h0bKrvdrT/9sBwEJ6iWUqT/N/xPcS66bL4u3isneJ6w= -go.opentelemetry.io/proto/otlp v0.15.0/go.mod h1:H7XAot3MsfNsj7EXtrA2q5xSNQ10UqI405h3+duxN4U= +go.opentelemetry.io/proto/otlp v0.18.0 h1:W5hyXNComRa23tGpKwG+FRAc4rfF6ZUg1JReK+QHS80= +go.opentelemetry.io/proto/otlp v0.18.0/go.mod h1:H7XAot3MsfNsj7EXtrA2q5xSNQ10UqI405h3+duxN4U= go.uber.org/atomic v1.3.2/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE= go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE= go.uber.org/atomic v1.5.0/go.mod h1:sABNBOSYdrvTF6hTgEIbc7YasKWGhgEQZyfxyTvoXHQ= @@ -1997,6 +2018,7 @@ golang.org/x/crypto v0.0.0-20190923035154-9ee001bba392/go.mod h1:/lpIB1dKB+9EgE3 golang.org/x/crypto v0.0.0-20191002192127-34f69633bfdc/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20191117063200-497ca9f6d64f/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= +golang.org/x/crypto v0.0.0-20200414173820-0848c9571904/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20200510223506-06a226fb4e37/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20200728195943-123391ffb6de/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= @@ -2014,8 +2036,10 @@ golang.org/x/crypto v0.0.0-20210817164053-32db794688a5/go.mod h1:GvvjBRRGRdwPK5y golang.org/x/crypto v0.0.0-20210920023735-84f357641f63/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.0.0-20211108221036-ceb1ce70b4fa/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= -golang.org/x/crypto v0.0.0-20220517005047-85d78b3ac167 h1:O8uGbHCqlTp2P6QJSLmCojM4mN6UemYv8K+dCnmHmu0= +golang.org/x/crypto v0.0.0-20220411220226-7b82a4e95df4/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.0.0-20220517005047-85d78b3ac167/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= +golang.org/x/crypto v0.0.0-20220817201139-bc19a97f63c8 h1:GIAS/yBem/gq2MUqgNIzUHW7cJMmx3TGZOrnyYaNQ6c= +golang.org/x/crypto v0.0.0-20220817201139-bc19a97f63c8/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/exp v0.0.0-20180321215751-8460e604b9de/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20180807140117-3d87b88a115f/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= @@ -2130,6 +2154,7 @@ golang.org/x/net v0.0.0-20210316092652-d523dce5a7f4/go.mod h1:RBQZq4jEuRlivfhVLd golang.org/x/net v0.0.0-20210323141857-08027d57d8cf/go.mod h1:RBQZq4jEuRlivfhVLdyRGr576XBO4/greRjx4P4O3yc= golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM= golang.org/x/net v0.0.0-20210410081132-afb366fc7cd1/go.mod h1:9tjilg8BloeKEkVJvy7fQ90B1CfIiPueXVOjqfkSzI8= +golang.org/x/net v0.0.0-20210421230115-4e50805a0758/go.mod h1:72T/g9IO56b78aLF+1Kcs5dz7/ng1VjMUvfKvpfy+jM= golang.org/x/net v0.0.0-20210428140749-89ef3d95e781/go.mod h1:OJAsFXCWl8Ukc7SiCT/9KSuxbyM7479/AVlXFRxuMCk= golang.org/x/net v0.0.0-20210503060351-7fd8e65b6420/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20210510120150-4163338589ed/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= @@ -2140,8 +2165,17 @@ golang.org/x/net v0.0.0-20210813160813-60bc85c4be6d/go.mod h1:9nx3DQGgdP8bBQD5qx golang.org/x/net v0.0.0-20210917221730-978cfadd31cf/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20211015210444-4f30a5c0130f/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= -golang.org/x/net v0.0.0-20220225172249-27dd8689420f h1:oA4XRj0qtSt8Yo1Zms0CUlsT3KG69V2UGQWPBxujDmc= +golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= golang.org/x/net v0.0.0-20220225172249-27dd8689420f/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= +golang.org/x/net v0.0.0-20220325170049-de3da57026de/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= +golang.org/x/net v0.0.0-20220412020605-290c469a71a5/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= +golang.org/x/net v0.0.0-20220425223048-2871e0cb64e4/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= +golang.org/x/net v0.0.0-20220520000938-2e3eb7b945c2/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= +golang.org/x/net v0.0.0-20220607020251-c690dde0001d/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= +golang.org/x/net v0.0.0-20220624214902-1bab6f366d9e/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= +golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= +golang.org/x/net v0.0.0-20220826154423-83b083e8dc8b h1:ZmngSVLe/wycRns9MKikG9OWIEjGcGAkacif7oYQaUY= +golang.org/x/net v0.0.0-20220826154423-83b083e8dc8b/go.mod h1:YDH+HFinaLZZlnHAfSS6ZXJJ9M9t4Dl22yv3iI2vPwk= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20181106182150-f42d05182288/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= @@ -2163,8 +2197,13 @@ golang.org/x/oauth2 v0.0.0-20210805134026-6f1e6394065a/go.mod h1:KelEdhl1UZF7XfJ golang.org/x/oauth2 v0.0.0-20210810183815-faf39c7919d5/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20210819190943-2bc19b11175f/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20211005180243-6b3c2da341f1/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/oauth2 v0.0.0-20211104180415-d3ed0bb246c8 h1:RerP+noqYHUQ8CMRcPlC2nvTa4dcBIjegkuWdcUDuqg= golang.org/x/oauth2 v0.0.0-20211104180415-d3ed0bb246c8/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= +golang.org/x/oauth2 v0.0.0-20220223155221-ee480838109b/go.mod h1:DAh4E804XQdzx2j+YRIaUnCqCV2RuMz24cGBJ5QYIrc= +golang.org/x/oauth2 v0.0.0-20220309155454-6242fa91716a/go.mod h1:DAh4E804XQdzx2j+YRIaUnCqCV2RuMz24cGBJ5QYIrc= +golang.org/x/oauth2 v0.0.0-20220411215720-9780585627b5/go.mod h1:DAh4E804XQdzx2j+YRIaUnCqCV2RuMz24cGBJ5QYIrc= +golang.org/x/oauth2 v0.0.0-20220608161450-d0670ef3b1eb/go.mod h1:jaDAt6Dkxork7LmZnYtzbRWj0W47D86a3TGe0YHBvmE= +golang.org/x/oauth2 v0.0.0-20220822191816-0ebed06d0094 h1:2o1E+E8TpNLklK9nHiPiK1uzIYrIHt+cQx3ynCwq9V8= +golang.org/x/oauth2 v0.0.0-20220822191816-0ebed06d0094/go.mod h1:h4gKUeWbJ4rQPri7E0u6Gs4e9Ri2zaLxzw5DI5XGrYg= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -2177,8 +2216,10 @@ golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20220601150217-0de741cfad7f h1:Ax0t5p6N38Ga0dThY21weqDEyz2oklo4IvDkpigvkD8= +golang.org/x/sync v0.0.0-20220513210516-0976fa681c29/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20220601150217-0de741cfad7f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4 h1:uVc8UZUe6tr40fFVnUP5Oj+veunVezqYl9z7DYw9xzw= +golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sys v0.0.0-20220319134239-a9b59b0215f8 h1:OH54vjqzRWmbJ62fjuhxy7AxFFgoHN0/DPc/UrL8cAs= golang.org/x/sys v0.0.0-20220319134239-a9b59b0215f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20191110171634-ad39bd3f0407/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw= @@ -2213,7 +2254,6 @@ golang.org/x/tools v0.0.0-20180828015842-6cd1fcedba52/go.mod h1:n7NCudcB/nEzxVGm golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20181030221726-6c7e314b6563/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= -golang.org/x/tools v0.0.0-20190125232054-d66bd3c5d5a6/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190206041539-40960b6deb8e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY= golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= @@ -2281,7 +2321,6 @@ golang.org/x/tools v0.0.0-20200825202427-b303f430e36d/go.mod h1:njjCfa9FT2d7l9Bc golang.org/x/tools v0.0.0-20200904185747-39188db58858/go.mod h1:Cj7w3i3Rnn0Xh82ur9kSqwfTHTeVxaDqrfMjpcNT6bE= golang.org/x/tools v0.0.0-20201014170642-d1624618ad65/go.mod h1:z6u4i615ZeAfBE4XtMziQW1fSVJXACjjbWkB/mvPzlU= golang.org/x/tools v0.0.0-20201110124207-079ba7bd75cd/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= -golang.org/x/tools v0.0.0-20201125231158-b5590deeca9b/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.0.0-20201201161351-ac6f37ff4c2a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.0.0-20201208233053-a543418bbed2/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.0.0-20201224043029-2b0845dc783e/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= @@ -2295,16 +2334,19 @@ golang.org/x/tools v0.1.3/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.4/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.7/go.mod h1:LGqMHiF4EqQNHR1JncWGqT5BVaXmza+X+BDGol+dOxo= -golang.org/x/tools v0.1.11 h1:loJ25fNOEhSXfHrpoGj91eCUThwdNX6u24rO1xnNteY= golang.org/x/tools v0.1.11/go.mod h1:SgwaegtQh8clINPpECJMqnxLv9I09HLqnW3RMqW0CA4= +golang.org/x/tools v0.1.12 h1:VveCTK38A2rkS8ZqFY25HIDFscX5X9OoEhJd3quQmXU= +golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= golang.org/x/xerrors v0.0.0-20190410155217-1f06c39b4373/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20190513163551-3ee3066db522/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -golang.org/x/xerrors v0.0.0-20220517211312-f3a8303e98df h1:5Pf6pFKu98ODmgnpvkJ3kFUOQGGLIzLIkbzUHp47618= +golang.org/x/xerrors v0.0.0-20220411194840-2f41105eb62f/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20220517211312-f3a8303e98df/go.mod h1:K8+ghG5WaK9qNqU5K3HdILfMLy1f3aNYFI/wnl100a8= +golang.org/x/xerrors v0.0.0-20220609144429-65e65417b02f h1:uF6paiQQebLeSXkrTqHqz0MXhXXS1KgF41eUdBNvxK0= +golang.org/x/xerrors v0.0.0-20220609144429-65e65417b02f/go.mod h1:K8+ghG5WaK9qNqU5K3HdILfMLy1f3aNYFI/wnl100a8= gonum.org/v1/gonum v0.0.0-20180816165407-929014505bf4/go.mod h1:Y+Yx5eoAFn32cQvJDxZx5Dpnq+c3wtXuadVZAcxbbBo= gonum.org/v1/gonum v0.8.2/go.mod h1:oe/vMfY3deqTw+1EZJhuvEW2iwGF1bW9wwu7XCu0+v0= gonum.org/v1/gonum v0.9.3/go.mod h1:TZumC3NeyVQskjXqmyWt4S3bINhy7B4eYwW69EbyX+0= @@ -2350,6 +2392,16 @@ google.golang.org/api v0.57.0/go.mod h1:dVPlbZyBo2/OjBpmvNdpn2GRm6rPy75jyU7bmhdr google.golang.org/api v0.59.0/go.mod h1:sT2boj7M9YJxZzgeZqXogmhfmRWDtPzT31xkieUbuZU= google.golang.org/api v0.61.0/go.mod h1:xQRti5UdCmoCEqFxcz93fTl338AVqDgyaDRuOZ3hg9I= google.golang.org/api v0.62.0/go.mod h1:dKmwPCydfsad4qCH08MSdgWjfHOyfpd4VtDGgRFdavw= +google.golang.org/api v0.63.0/go.mod h1:gs4ij2ffTRXwuzzgJl/56BdwJaA194ijkfn++9tDuPo= +google.golang.org/api v0.67.0/go.mod h1:ShHKP8E60yPsKNw/w8w+VYaj9H6buA5UqDp8dhbQZ6g= +google.golang.org/api v0.70.0/go.mod h1:Bs4ZM2HGifEvXwd50TtW70ovgJffJYw2oRCOFU/SkfA= +google.golang.org/api v0.71.0/go.mod h1:4PyU6e6JogV1f9eA4voyrTY2batOLdgZ5qZ5HOCc4j8= +google.golang.org/api v0.74.0/go.mod h1:ZpfMZOVRMywNyvJFeqL9HRWBgAuRfSjJFpe9QtRRyDs= +google.golang.org/api v0.75.0/go.mod h1:pU9QmyHLnzlpar1Mjt4IbapUCy8J+6HD6GeELN69ljA= +google.golang.org/api v0.78.0/go.mod h1:1Sg78yoMLOhlQTeF+ARBoytAcH1NNyyl390YMy6rKmw= +google.golang.org/api v0.80.0/go.mod h1:xY3nI94gbvBrE0J6NHXhxOmW97HG7Khjkku6AFB3Hyg= +google.golang.org/api v0.81.0/go.mod h1:FA6Mb/bZxj706H2j+j2d6mHEEaHBmbbWnkfvmorOCko= +google.golang.org/api v0.84.0/go.mod h1:NTsGnUFJMYROtiquksZHBWtHfeMC7iYthki7Eq3pa8o= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.2.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.3.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= @@ -2414,6 +2466,7 @@ google.golang.org/genproto v0.0.0-20210226172003-ab064af71705/go.mod h1:FWY/as6D google.golang.org/genproto v0.0.0-20210303154014-9728d6b83eeb/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20210310155132-4ce2db91004e/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20210319143718-93e7006c17a6/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= +google.golang.org/genproto v0.0.0-20210329143202-679c6ae281ee/go.mod h1:9lPAdzaEmUacj36I+k7YKbEc5CXzPIeORRgDAUOu28A= google.golang.org/genproto v0.0.0-20210331142528-b7513248f0ba/go.mod h1:9lPAdzaEmUacj36I+k7YKbEc5CXzPIeORRgDAUOu28A= google.golang.org/genproto v0.0.0-20210402141018-6c239bbf2bb1/go.mod h1:9lPAdzaEmUacj36I+k7YKbEc5CXzPIeORRgDAUOu28A= google.golang.org/genproto v0.0.0-20210413151531-c14fb6ef47c3/go.mod h1:P3QM42oQyzQSnHPnZ/vqoCdDmzH28fzWByN9asMeM8A= @@ -2441,8 +2494,27 @@ google.golang.org/genproto v0.0.0-20211118181313-81c1377c94b1/go.mod h1:5CzLGKJ6 google.golang.org/genproto v0.0.0-20211129164237-f09f9a12af12/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= google.golang.org/genproto v0.0.0-20211203200212-54befc351ae9/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= google.golang.org/genproto v0.0.0-20211206160659-862468c7d6e0/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= -google.golang.org/genproto v0.0.0-20211208223120-3a66f561d7aa h1:I0YcKz0I7OAhddo7ya8kMnvprhcWM045PmkBdMO9zN0= google.golang.org/genproto v0.0.0-20211208223120-3a66f561d7aa/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= +google.golang.org/genproto v0.0.0-20211221195035-429b39de9b1c/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= +google.golang.org/genproto v0.0.0-20220126215142-9970aeb2e350/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= +google.golang.org/genproto v0.0.0-20220207164111-0872dc986b00/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= +google.golang.org/genproto v0.0.0-20220218161850-94dd64e39d7c/go.mod h1:kGP+zUP2Ddo0ayMi4YuN7C3WZyJvGLZRh8Z5wnAqvEI= +google.golang.org/genproto v0.0.0-20220222213610-43724f9ea8cf/go.mod h1:kGP+zUP2Ddo0ayMi4YuN7C3WZyJvGLZRh8Z5wnAqvEI= +google.golang.org/genproto v0.0.0-20220304144024-325a89244dc8/go.mod h1:kGP+zUP2Ddo0ayMi4YuN7C3WZyJvGLZRh8Z5wnAqvEI= +google.golang.org/genproto v0.0.0-20220310185008-1973136f34c6/go.mod h1:kGP+zUP2Ddo0ayMi4YuN7C3WZyJvGLZRh8Z5wnAqvEI= +google.golang.org/genproto v0.0.0-20220324131243-acbaeb5b85eb/go.mod h1:hAL49I2IFola2sVEjAn7MEwsja0xp51I0tlGAf9hz4E= +google.golang.org/genproto v0.0.0-20220407144326-9054f6ed7bac/go.mod h1:8w6bsBMX6yCPbAVTeqQHvzxW0EIFigd5lZyahWgyfDo= +google.golang.org/genproto v0.0.0-20220413183235-5e96e2839df9/go.mod h1:8w6bsBMX6yCPbAVTeqQHvzxW0EIFigd5lZyahWgyfDo= +google.golang.org/genproto v0.0.0-20220414192740-2d67ff6cf2b4/go.mod h1:8w6bsBMX6yCPbAVTeqQHvzxW0EIFigd5lZyahWgyfDo= +google.golang.org/genproto v0.0.0-20220421151946-72621c1f0bd3/go.mod h1:8w6bsBMX6yCPbAVTeqQHvzxW0EIFigd5lZyahWgyfDo= +google.golang.org/genproto v0.0.0-20220429170224-98d788798c3e/go.mod h1:8w6bsBMX6yCPbAVTeqQHvzxW0EIFigd5lZyahWgyfDo= +google.golang.org/genproto v0.0.0-20220505152158-f39f71e6c8f3/go.mod h1:RAyBrSAP7Fh3Nc84ghnVLDPuV51xc9agzmm4Ph6i0Q4= +google.golang.org/genproto v0.0.0-20220518221133-4f43b3371335/go.mod h1:RAyBrSAP7Fh3Nc84ghnVLDPuV51xc9agzmm4Ph6i0Q4= +google.golang.org/genproto v0.0.0-20220519153652-3a47de7e79bd/go.mod h1:RAyBrSAP7Fh3Nc84ghnVLDPuV51xc9agzmm4Ph6i0Q4= +google.golang.org/genproto v0.0.0-20220523171625-347a074981d8/go.mod h1:RAyBrSAP7Fh3Nc84ghnVLDPuV51xc9agzmm4Ph6i0Q4= +google.golang.org/genproto v0.0.0-20220608133413-ed9918b62aac/go.mod h1:KEWEmljWE5zPzLBa/oHl6DaEt9LmfH6WtH1OHIvleBA= +google.golang.org/genproto v0.0.0-20220616135557-88e70c0c3a90 h1:4SPz2GL2CXJt28MTF8V6Ap/9ZiVbQlJeGSd9qtA7DLs= +google.golang.org/genproto v0.0.0-20220616135557-88e70c0c3a90/go.mod h1:KEWEmljWE5zPzLBa/oHl6DaEt9LmfH6WtH1OHIvleBA= google.golang.org/grpc v0.0.0-20160317175043-d3ddb4469d5a/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw= google.golang.org/grpc v1.8.0/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw= google.golang.org/grpc v1.14.0/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw= @@ -2482,8 +2554,12 @@ google.golang.org/grpc v1.40.0/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9K google.golang.org/grpc v1.40.1/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9KAK34= google.golang.org/grpc v1.41.0/go.mod h1:U3l9uK9J0sini8mHphKoXyaqDA/8VyGnDee1zzIUK6k= google.golang.org/grpc v1.42.0/go.mod h1:k+4IHHFw41K8+bbowsex27ge2rCb65oeWqe4jJ590SU= -google.golang.org/grpc v1.45.0 h1:NEpgUqV3Z+ZjkqMsxMg11IaDrXY4RY6CQukSGK0uI1M= +google.golang.org/grpc v1.44.0/go.mod h1:k+4IHHFw41K8+bbowsex27ge2rCb65oeWqe4jJ590SU= google.golang.org/grpc v1.45.0/go.mod h1:lN7owxKUQEqMfSyQikvvk5tf/6zMPsrK+ONuO11+0rQ= +google.golang.org/grpc v1.46.0/go.mod h1:vN9eftEi1UMyUsIF80+uQXhHjbXYbm0uXoFCACuMGWk= +google.golang.org/grpc v1.46.2/go.mod h1:vN9eftEi1UMyUsIF80+uQXhHjbXYbm0uXoFCACuMGWk= +google.golang.org/grpc v1.47.0 h1:9n77onPX5F3qfFCqjy9dhn8PbNQsIKeVU04J9G7umt8= +google.golang.org/grpc v1.47.0/go.mod h1:vN9eftEi1UMyUsIF80+uQXhHjbXYbm0uXoFCACuMGWk= google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.1.0/go.mod h1:6Kw0yEErY5E/yWrBtf03jp27GLLJujG4z/JK95pnjjw= google.golang.org/grpc/examples v0.0.0-20210304020650-930c79186c99 h1:qA8rMbz1wQ4DOFfM2ouD29DG9aHWBm6ZOy9BGxiUMmY= google.golang.org/grpc/examples v0.0.0-20210304020650-930c79186c99/go.mod h1:Ly7ZA/ARzg8fnPU9TyZIxoz33sEUuWX7txiqs8lPTgE= @@ -2501,8 +2577,9 @@ google.golang.org/protobuf v1.25.1-0.20200805231151-a709e31e5d12/go.mod h1:9JNX7 google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= -google.golang.org/protobuf v1.28.0 h1:w43yiav+6bVFTBQFZX0r7ipe9JQ1QsbMgHwbBziscLw= google.golang.org/protobuf v1.28.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= +google.golang.org/protobuf v1.28.1 h1:d0NfwRgPtno5B1Wa6L2DAG+KivqkdutMf1UhdNx175w= +google.golang.org/protobuf v1.28.1/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= gopkg.in/DataDog/dd-trace-go.v1 v1.27.1-0.20201005154917-54b73b3e126a/go.mod h1:Sp1lku8WJMvNV0kjDI4Ni/T7J/U3BO5ct5kEaoVU8+I= gopkg.in/airbrake/gobrake.v2 v2.0.9/go.mod h1:/h5ZAUhDkGaJfjzjKLSjv6zCL6O0LLBxU4K+aSYdM/U= gopkg.in/alecthomas/kingpin.v2 v2.2.6 h1:jMFz6MfLP0/4fUyZle81rXUoxOBFi19VUFKVDOQfozc= @@ -2565,6 +2642,7 @@ gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C gopkg.in/yaml.v3 v3.0.0-20200605160147-a5ece683394c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.0-20200615113413-eeeca48fe776/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= +gopkg.in/yaml.v3 v3.0.0/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gorm.io/driver/postgres v1.3.5/go.mod h1:EGCWefLFQSVFrHGy4J8EtiHCWX5Q8t0yz2Jt9aKkGzU= diff --git a/internal/httpclient/.openapi-generator/FILES b/internal/httpclient/.openapi-generator/FILES index 53993154b1db..408bd69aade9 100644 --- a/internal/httpclient/.openapi-generator/FILES +++ b/internal/httpclient/.openapi-generator/FILES @@ -37,7 +37,7 @@ docs/JsonPatch.md docs/MetadataApi.md docs/NeedsPrivilegedSessionError.md docs/Pagination.md -docs/RecoveryAddress.md +docs/RecoveryIdentityAddress.md docs/RevokedSessions.md docs/SelfServiceBrowserLocationChangeRequiredError.md docs/SelfServiceError.md @@ -128,7 +128,7 @@ model_json_error.go model_json_patch.go model_needs_privileged_session_error.go model_pagination.go -model_recovery_address.go +model_recovery_identity_address.go model_revoked_sessions.go model_self_service_browser_location_change_required_error.go model_self_service_error.go diff --git a/internal/httpclient/README.md b/internal/httpclient/README.md index 5c929d3c48e7..d6b83db12981 100644 --- a/internal/httpclient/README.md +++ b/internal/httpclient/README.md @@ -103,7 +103,7 @@ Class | Method | HTTP request | Description *V0alpha2Api* | [**GetSelfServiceRecoveryFlow**](docs/V0alpha2Api.md#getselfservicerecoveryflow) | **Get** /self-service/recovery/flows | Get Recovery Flow *V0alpha2Api* | [**GetSelfServiceRegistrationFlow**](docs/V0alpha2Api.md#getselfserviceregistrationflow) | **Get** /self-service/registration/flows | Get Registration Flow *V0alpha2Api* | [**GetSelfServiceSettingsFlow**](docs/V0alpha2Api.md#getselfservicesettingsflow) | **Get** /self-service/settings/flows | Get Settings Flow -*V0alpha2Api* | [**GetSelfServiceVerificationFlow**](docs/V0alpha2Api.md#getselfserviceverificationflow) | **Get** /self-service/verification/flows | # Get Verification Flow +*V0alpha2Api* | [**GetSelfServiceVerificationFlow**](docs/V0alpha2Api.md#getselfserviceverificationflow) | **Get** /self-service/verification/flows | Get Verification Flow *V0alpha2Api* | [**GetWebAuthnJavaScript**](docs/V0alpha2Api.md#getwebauthnjavascript) | **Get** /.well-known/ory/webauthn.js | Get WebAuthn JavaScript *V0alpha2Api* | [**InitializeSelfServiceLoginFlowForBrowsers**](docs/V0alpha2Api.md#initializeselfserviceloginflowforbrowsers) | **Get** /self-service/login/browser | Initialize Login Flow for Browsers *V0alpha2Api* | [**InitializeSelfServiceLoginFlowWithoutBrowser**](docs/V0alpha2Api.md#initializeselfserviceloginflowwithoutbrowser) | **Get** /self-service/login/api | Initialize Login Flow for APIs, Services, Apps, ... @@ -125,7 +125,7 @@ Class | Method | HTTP request | Description *V0alpha2Api* | [**SubmitSelfServiceRecoveryFlow**](docs/V0alpha2Api.md#submitselfservicerecoveryflow) | **Post** /self-service/recovery | Complete Recovery Flow *V0alpha2Api* | [**SubmitSelfServiceRegistrationFlow**](docs/V0alpha2Api.md#submitselfserviceregistrationflow) | **Post** /self-service/registration | Submit a Registration Flow *V0alpha2Api* | [**SubmitSelfServiceSettingsFlow**](docs/V0alpha2Api.md#submitselfservicesettingsflow) | **Post** /self-service/settings | Complete Settings Flow -*V0alpha2Api* | [**SubmitSelfServiceVerificationFlow**](docs/V0alpha2Api.md#submitselfserviceverificationflow) | **Post** /self-service/verification | # Complete Verification Flow +*V0alpha2Api* | [**SubmitSelfServiceVerificationFlow**](docs/V0alpha2Api.md#submitselfserviceverificationflow) | **Post** /self-service/verification | Complete Verification Flow *V0alpha2Api* | [**ToSession**](docs/V0alpha2Api.md#tosession) | **Get** /sessions/whoami | Check Who the Current HTTP Session Belongs To @@ -160,7 +160,7 @@ Class | Method | HTTP request | Description - [JsonPatch](docs/JsonPatch.md) - [NeedsPrivilegedSessionError](docs/NeedsPrivilegedSessionError.md) - [Pagination](docs/Pagination.md) - - [RecoveryAddress](docs/RecoveryAddress.md) + - [RecoveryIdentityAddress](docs/RecoveryIdentityAddress.md) - [RevokedSessions](docs/RevokedSessions.md) - [SelfServiceBrowserLocationChangeRequiredError](docs/SelfServiceBrowserLocationChangeRequiredError.md) - [SelfServiceError](docs/SelfServiceError.md) diff --git a/internal/httpclient/api/openapi.yaml b/internal/httpclient/api/openapi.yaml index b6231e0d4415..95e0f74c8b34 100644 --- a/internal/httpclient/api/openapi.yaml +++ b/internal/httpclient/api/openapi.yaml @@ -1382,7 +1382,6 @@ paths: This endpoint MUST ONLY be used in scenarios such as native mobile apps (React Native, Objective C, Swift, Java, ...). - More information can be found at [Ory Kratos Account Recovery Documentation](../self-service/flows/account-recovery). operationId: initializeSelfServiceRecoveryFlowWithoutBrowser responses: @@ -2293,7 +2292,7 @@ paths: schema: $ref: '#/components/schemas/jsonError' description: jsonError - summary: '# Complete Verification Flow' + summary: Complete Verification Flow tags: - v0alpha2 /self-service/verification/api: @@ -2444,7 +2443,7 @@ paths: schema: $ref: '#/components/schemas/jsonError' description: jsonError - summary: '# Get Verification Flow' + summary: Get Verification Flow tags: - v0alpha2 /sessions: @@ -2650,7 +2649,7 @@ paths: Reverse proxies and API Gateways Server-side calls - use the `X-Session-Token` header! - This endpoint authenticates users by checking + # This endpoint authenticates users by checking if the `Cookie` HTTP header was set containing an Ory Kratos Session Cookie; if the `Authorization: bearer ` HTTP header was set with a valid Ory Kratos Session Token; @@ -2849,35 +2848,9 @@ components: title: JSONRawMessage represents a json.RawMessage that works well with JSON, SQL, and Swagger. type: object - RecoveryAddress: - example: - updated_at: 2000-01-23T04:56:07.000+00:00 - created_at: 2000-01-23T04:56:07.000+00:00 - id: id - value: value - via: via - properties: - created_at: - description: CreatedAt is a helper struct field for gobuffalo.pop. - format: date-time - type: string - id: - format: uuid4 - type: string - updated_at: - description: UpdatedAt is a helper struct field for gobuffalo.pop. - format: date-time - type: string - value: - type: string - via: - type: string - required: - - id - - value - - via - type: object RecoveryAddressType: + title: RecoveryAddressType must not exceed 16 characters as that is the limitation + in the SQL Schema. type: string UUID: format: uuid4 @@ -2901,7 +2874,7 @@ components: that the address needs to be represented in the Identity Schema or this field will be overwritten on the next identity update. items: - $ref: '#/components/schemas/RecoveryAddress' + $ref: '#/components/schemas/recoveryIdentityAddress' type: array schema_id: description: SchemaID is the ID of the JSON Schema to be used for validating @@ -3012,7 +2985,11 @@ components: pattern: ^[0-9]+(ns|us|ms|s|m|h)$ type: string identity_id: - format: uuid4 + description: |- + Identity to Recover + + The identity's ID you wish to recover. + format: uuid type: string required: - identity_id @@ -3071,7 +3048,7 @@ components: example: SQL field "foo" is not a bool. type: string details: - additionalProperties: true + additionalProperties: {} description: Further error details type: object id: @@ -3196,12 +3173,12 @@ components: recovery_addresses: - updated_at: 2000-01-23T04:56:07.000+00:00 created_at: 2000-01-23T04:56:07.000+00:00 - id: id + id: 046b6c7f-0b8a-43b9-b35d-6489e6daee91 value: value via: via - updated_at: 2000-01-23T04:56:07.000+00:00 created_at: 2000-01-23T04:56:07.000+00:00 - id: id + id: 046b6c7f-0b8a-43b9-b35d-6489e6daee91 value: value via: via metadata_admin: "" @@ -3211,7 +3188,7 @@ components: verified_at: 2000-01-23T04:56:07.000+00:00 verified: true created_at: 2014-01-01T23:28:56.782Z - id: id + id: 046b6c7f-0b8a-43b9-b35d-6489e6daee91 value: value status: status via: via @@ -3219,13 +3196,13 @@ components: verified_at: 2000-01-23T04:56:07.000+00:00 verified: true created_at: 2014-01-01T23:28:56.782Z - id: id + id: 046b6c7f-0b8a-43b9-b35d-6489e6daee91 value: value status: status via: via schema_id: schema_id schema_url: schema_url - id: id + id: 046b6c7f-0b8a-43b9-b35d-6489e6daee91 metadata_public: "" properties: created_at: @@ -3239,7 +3216,12 @@ components: authenticating this identity. type: object id: - format: uuid4 + description: |- + ID is the identity's unique identifier. + + The Identity ID can not be changed and can not be chosen. This ensures future + compatibility and optimization for distributed stores such as CockroachDB. + format: uuid type: string metadata_admin: description: NullJSONRawMessage represents a json.RawMessage that works @@ -3251,7 +3233,7 @@ components: description: RecoveryAddresses contains all the addresses that can be used to recover an identity. items: - $ref: '#/components/schemas/RecoveryAddress' + $ref: '#/components/schemas/recoveryIdentityAddress' type: array x-omitempty: true schema_id: @@ -3480,7 +3462,7 @@ components: example: SQL field "foo" is not a bool. type: string details: - additionalProperties: true + additionalProperties: {} description: Further error details type: object id: @@ -3553,6 +3535,36 @@ components: minimum: 1 type: integer type: object + recoveryIdentityAddress: + example: + updated_at: 2000-01-23T04:56:07.000+00:00 + created_at: 2000-01-23T04:56:07.000+00:00 + id: 046b6c7f-0b8a-43b9-b35d-6489e6daee91 + value: value + via: via + properties: + created_at: + description: CreatedAt is a helper struct field for gobuffalo.pop. + format: date-time + type: string + id: + format: uuid + type: string + updated_at: + description: UpdatedAt is a helper struct field for gobuffalo.pop. + format: date-time + type: string + value: + type: string + via: + title: RecoveryAddressType must not exceed 16 characters as that is the + limitation in the SQL Schema. + type: string + required: + - id + - value + - via + type: object revokedSessions: example: count: 0 @@ -3578,7 +3590,7 @@ components: example: SQL field "foo" is not a bool. type: string details: - additionalProperties: true + additionalProperties: {} description: Further error details type: object id: @@ -3621,7 +3633,7 @@ components: example: updated_at: 2000-01-23T04:56:07.000+00:00 created_at: 2000-01-23T04:56:07.000+00:00 - id: id + id: 046b6c7f-0b8a-43b9-b35d-6489e6daee91 error: '{}' properties: created_at: @@ -3631,7 +3643,8 @@ components: error: type: object id: - format: uuid4 + description: ID of the error container. + format: uuid type: string updated_at: description: UpdatedAt is a helper struct field for gobuffalo.pop. @@ -3657,7 +3670,7 @@ components: example: SQL field "foo" is not a bool. type: string details: - additionalProperties: true + additionalProperties: {} description: Further error details type: object id: @@ -3697,7 +3710,9 @@ components: example: Not Found type: string use_flow_id: - format: uuid4 + description: The flow ID that should be used for the new flow as it contains + the correct messages. + format: uuid type: string required: - message @@ -3765,7 +3780,7 @@ components: created_at: 2000-01-23T04:56:07.000+00:00 refresh: true return_to: return_to - id: id + id: 046b6c7f-0b8a-43b9-b35d-6489e6daee91 type: type issued_at: 2000-01-23T04:56:07.000+00:00 request_url: request_url @@ -3783,7 +3798,10 @@ components: format: date-time type: string id: - format: uuid4 + description: |- + ID represents the flow's unique ID. When performing the login flow, this + represents the id in the login UI's query parameter: http:///?flow= + format: uuid type: string issued_at: description: IssuedAt is the time (UTC) when the flow started. @@ -3895,7 +3913,7 @@ components: type: type active: active return_to: return_to - id: id + id: 046b6c7f-0b8a-43b9-b35d-6489e6daee91 type: type issued_at: 2000-01-23T04:56:07.000+00:00 request_url: request_url @@ -3912,7 +3930,10 @@ components: format: date-time type: string id: - format: uuid4 + description: |- + ID represents the request's unique ID. When performing the recovery flow, this + represents the id in the recovery ui's query parameter: http://?request= + format: uuid type: string issued_at: description: IssuedAt is the time (UTC) when the request occurred. @@ -4029,7 +4050,7 @@ components: text: text type: type return_to: return_to - id: id + id: 046b6c7f-0b8a-43b9-b35d-6489e6daee91 type: type issued_at: 2000-01-23T04:56:07.000+00:00 request_url: request_url @@ -4043,7 +4064,10 @@ components: format: date-time type: string id: - format: uuid4 + description: |- + ID represents the flow's unique ID. When performing the registration flow, this + represents the id in the registration ui's query parameter: http:///?flow= + format: uuid type: string issued_at: description: IssuedAt is the time (UTC) when the flow occurred. @@ -4142,12 +4166,12 @@ components: recovery_addresses: - updated_at: 2000-01-23T04:56:07.000+00:00 created_at: 2000-01-23T04:56:07.000+00:00 - id: id + id: 046b6c7f-0b8a-43b9-b35d-6489e6daee91 value: value via: via - updated_at: 2000-01-23T04:56:07.000+00:00 created_at: 2000-01-23T04:56:07.000+00:00 - id: id + id: 046b6c7f-0b8a-43b9-b35d-6489e6daee91 value: value via: via metadata_admin: "" @@ -4157,7 +4181,7 @@ components: verified_at: 2000-01-23T04:56:07.000+00:00 verified: true created_at: 2014-01-01T23:28:56.782Z - id: id + id: 046b6c7f-0b8a-43b9-b35d-6489e6daee91 value: value status: status via: via @@ -4165,17 +4189,17 @@ components: verified_at: 2000-01-23T04:56:07.000+00:00 verified: true created_at: 2014-01-01T23:28:56.782Z - id: id + id: 046b6c7f-0b8a-43b9-b35d-6489e6daee91 value: value status: status via: via schema_id: schema_id schema_url: schema_url - id: id + id: 046b6c7f-0b8a-43b9-b35d-6489e6daee91 metadata_public: "" active: active return_to: return_to - id: id + id: 046b6c7f-0b8a-43b9-b35d-6489e6daee91 type: type issued_at: 2000-01-23T04:56:07.000+00:00 request_url: request_url @@ -4192,7 +4216,10 @@ components: format: date-time type: string id: - format: uuid4 + description: |- + ID represents the flow's unique ID. When performing the settings flow, this + represents the id in the settings ui's query parameter: http://?flow= + format: uuid type: string identity: $ref: '#/components/schemas/identity' @@ -4295,7 +4322,7 @@ components: type: type active: active return_to: return_to - id: id + id: 046b6c7f-0b8a-43b9-b35d-6489e6daee91 type: type issued_at: 2000-01-23T04:56:07.000+00:00 request_url: request_url @@ -4312,7 +4339,13 @@ components: format: date-time type: string id: - format: uuid4 + description: |- + ID represents the request's unique ID. When performing the verification flow, this + represents the id in the verify ui's query parameter: http://?request= + + type: string + format: uuid + format: uuid type: string issued_at: description: IssuedAt is the time (UTC) when the request occurred. @@ -4379,12 +4412,12 @@ components: recovery_addresses: - updated_at: 2000-01-23T04:56:07.000+00:00 created_at: 2000-01-23T04:56:07.000+00:00 - id: id + id: 046b6c7f-0b8a-43b9-b35d-6489e6daee91 value: value via: via - updated_at: 2000-01-23T04:56:07.000+00:00 created_at: 2000-01-23T04:56:07.000+00:00 - id: id + id: 046b6c7f-0b8a-43b9-b35d-6489e6daee91 value: value via: via metadata_admin: "" @@ -4394,7 +4427,7 @@ components: verified_at: 2000-01-23T04:56:07.000+00:00 verified: true created_at: 2014-01-01T23:28:56.782Z - id: id + id: 046b6c7f-0b8a-43b9-b35d-6489e6daee91 value: value status: status via: via @@ -4402,17 +4435,17 @@ components: verified_at: 2000-01-23T04:56:07.000+00:00 verified: true created_at: 2014-01-01T23:28:56.782Z - id: id + id: 046b6c7f-0b8a-43b9-b35d-6489e6daee91 value: value status: status via: via schema_id: schema_id schema_url: schema_url - id: id + id: 046b6c7f-0b8a-43b9-b35d-6489e6daee91 metadata_public: "" authenticated_at: 2000-01-23T04:56:07.000+00:00 active: true - id: id + id: 046b6c7f-0b8a-43b9-b35d-6489e6daee91 issued_at: 2000-01-23T04:56:07.000+00:00 properties: active: @@ -4443,7 +4476,8 @@ components: format: date-time type: string id: - format: uuid4 + description: Session ID + format: uuid type: string identity: $ref: '#/components/schemas/identity' @@ -5043,12 +5077,12 @@ components: recovery_addresses: - updated_at: 2000-01-23T04:56:07.000+00:00 created_at: 2000-01-23T04:56:07.000+00:00 - id: id + id: 046b6c7f-0b8a-43b9-b35d-6489e6daee91 value: value via: via - updated_at: 2000-01-23T04:56:07.000+00:00 created_at: 2000-01-23T04:56:07.000+00:00 - id: id + id: 046b6c7f-0b8a-43b9-b35d-6489e6daee91 value: value via: via metadata_admin: "" @@ -5058,7 +5092,7 @@ components: verified_at: 2000-01-23T04:56:07.000+00:00 verified: true created_at: 2014-01-01T23:28:56.782Z - id: id + id: 046b6c7f-0b8a-43b9-b35d-6489e6daee91 value: value status: status via: via @@ -5066,17 +5100,17 @@ components: verified_at: 2000-01-23T04:56:07.000+00:00 verified: true created_at: 2014-01-01T23:28:56.782Z - id: id + id: 046b6c7f-0b8a-43b9-b35d-6489e6daee91 value: value status: status via: via schema_id: schema_id schema_url: schema_url - id: id + id: 046b6c7f-0b8a-43b9-b35d-6489e6daee91 metadata_public: "" authenticated_at: 2000-01-23T04:56:07.000+00:00 active: true - id: id + id: 046b6c7f-0b8a-43b9-b35d-6489e6daee91 issued_at: 2000-01-23T04:56:07.000+00:00 properties: session: @@ -5115,12 +5149,12 @@ components: recovery_addresses: - updated_at: 2000-01-23T04:56:07.000+00:00 created_at: 2000-01-23T04:56:07.000+00:00 - id: id + id: 046b6c7f-0b8a-43b9-b35d-6489e6daee91 value: value via: via - updated_at: 2000-01-23T04:56:07.000+00:00 created_at: 2000-01-23T04:56:07.000+00:00 - id: id + id: 046b6c7f-0b8a-43b9-b35d-6489e6daee91 value: value via: via metadata_admin: "" @@ -5130,7 +5164,7 @@ components: verified_at: 2000-01-23T04:56:07.000+00:00 verified: true created_at: 2014-01-01T23:28:56.782Z - id: id + id: 046b6c7f-0b8a-43b9-b35d-6489e6daee91 value: value status: status via: via @@ -5138,13 +5172,13 @@ components: verified_at: 2000-01-23T04:56:07.000+00:00 verified: true created_at: 2014-01-01T23:28:56.782Z - id: id + id: 046b6c7f-0b8a-43b9-b35d-6489e6daee91 value: value status: status via: via schema_id: schema_id schema_url: schema_url - id: id + id: 046b6c7f-0b8a-43b9-b35d-6489e6daee91 metadata_public: "" session: expires_at: 2000-01-23T04:56:07.000+00:00 @@ -5169,12 +5203,12 @@ components: recovery_addresses: - updated_at: 2000-01-23T04:56:07.000+00:00 created_at: 2000-01-23T04:56:07.000+00:00 - id: id + id: 046b6c7f-0b8a-43b9-b35d-6489e6daee91 value: value via: via - updated_at: 2000-01-23T04:56:07.000+00:00 created_at: 2000-01-23T04:56:07.000+00:00 - id: id + id: 046b6c7f-0b8a-43b9-b35d-6489e6daee91 value: value via: via metadata_admin: "" @@ -5184,7 +5218,7 @@ components: verified_at: 2000-01-23T04:56:07.000+00:00 verified: true created_at: 2014-01-01T23:28:56.782Z - id: id + id: 046b6c7f-0b8a-43b9-b35d-6489e6daee91 value: value status: status via: via @@ -5192,17 +5226,17 @@ components: verified_at: 2000-01-23T04:56:07.000+00:00 verified: true created_at: 2014-01-01T23:28:56.782Z - id: id + id: 046b6c7f-0b8a-43b9-b35d-6489e6daee91 value: value status: status via: via schema_id: schema_id schema_url: schema_url - id: id + id: 046b6c7f-0b8a-43b9-b35d-6489e6daee91 metadata_public: "" authenticated_at: 2000-01-23T04:56:07.000+00:00 active: true - id: id + id: 046b6c7f-0b8a-43b9-b35d-6489e6daee91 issued_at: 2000-01-23T04:56:07.000+00:00 properties: identity: @@ -5362,8 +5396,16 @@ components: attributes: $ref: '#/components/schemas/uiNodeAttributes' group: - description: Group specifies which group (e.g. password authenticator) this - node belongs to. + description: |- + Group specifies which group (e.g. password authenticator) this node belongs to. + default DefaultGroup + password PasswordGroup + oidc OpenIDConnectGroup + profile ProfileGroup + link LinkGroup + totp TOTPGroup + lookup_secret LookupGroup + webauthn WebAuthnGroup enum: - default - password @@ -5374,6 +5416,15 @@ components: - lookup_secret - webauthn type: string + x-go-enum-desc: |- + default DefaultGroup + password PasswordGroup + oidc OpenIDConnectGroup + profile ProfileGroup + link LinkGroup + totp TOTPGroup + lookup_secret LookupGroup + webauthn WebAuthnGroup messages: items: $ref: '#/components/schemas/uiText' @@ -5381,7 +5432,13 @@ components: meta: $ref: '#/components/schemas/uiNodeMeta' type: - description: The node's type + description: |- + The node's type + text Text + input Input + img Image + a Anchor + script Script enum: - text - input @@ -5389,6 +5446,12 @@ components: - a - script type: string + x-go-enum-desc: |- + text Text + input Input + img Image + a Anchor + script Script required: - attributes - group @@ -5474,7 +5537,14 @@ components: description: InputAttributes represents the attributes of an input node properties: autocomplete: - description: The autocomplete attribute for the input. + description: |- + The autocomplete attribute for the input. + email InputAttributeAutocompleteEmail + tel InputAttributeAutocompleteTel + url InputAttributeAutocompleteUrl + current-password InputAttributeAutocompleteCurrentPassword + new-password InputAttributeAutocompleteNewPassword + one-time-code InputAttributeAutocompleteOneTimeCode enum: - email - tel @@ -5483,6 +5553,13 @@ components: - new-password - one-time-code type: string + x-go-enum-desc: |- + email InputAttributeAutocompleteEmail + tel InputAttributeAutocompleteTel + url InputAttributeAutocompleteUrl + current-password InputAttributeAutocompleteCurrentPassword + new-password InputAttributeAutocompleteNewPassword + one-time-code InputAttributeAutocompleteOneTimeCode disabled: description: Sets the input's disabled field to true or false. type: boolean @@ -5508,7 +5585,20 @@ components: description: Mark this input field as required. type: boolean type: - description: The input's element type. + description: |- + The input's element type. + text InputAttributeTypeText + password InputAttributeTypePassword + number InputAttributeTypeNumber + checkbox InputAttributeTypeCheckbox + hidden InputAttributeTypeHidden + email InputAttributeTypeEmail + tel InputAttributeTypeTel + submit InputAttributeTypeSubmit + button InputAttributeTypeButton + datetime-local InputAttributeTypeDateTimeLocal + date InputAttributeTypeDate + url InputAttributeTypeURI enum: - text - password @@ -5523,6 +5613,19 @@ components: - date - url type: string + x-go-enum-desc: |- + text InputAttributeTypeText + password InputAttributeTypePassword + number InputAttributeTypeNumber + checkbox InputAttributeTypeCheckbox + hidden InputAttributeTypeHidden + email InputAttributeTypeEmail + tel InputAttributeTypeTel + submit InputAttributeTypeSubmit + button InputAttributeTypeButton + datetime-local InputAttributeTypeDateTimeLocal + date InputAttributeTypeDate + url InputAttributeTypeURI value: description: The input's value. nullable: true @@ -5653,7 +5756,7 @@ components: verified_at: 2000-01-23T04:56:07.000+00:00 verified: true created_at: 2014-01-01T23:28:56.782Z - id: id + id: 046b6c7f-0b8a-43b9-b35d-6489e6daee91 value: value status: status via: via @@ -5664,7 +5767,8 @@ components: format: date-time type: string id: - format: uuid4 + description: The ID + format: uuid type: string status: description: VerifiableAddressStatus must not exceed 16 characters as that diff --git a/internal/httpclient/api_metadata.go b/internal/httpclient/api_metadata.go index a63febb073aa..eec994165b53 100644 --- a/internal/httpclient/api_metadata.go +++ b/internal/httpclient/api_metadata.go @@ -102,16 +102,16 @@ func (r MetadataApiApiGetVersionRequest) Execute() (*InlineResponse2001, *http.R } /* - * GetVersion Return Running Software Version. - * This endpoint returns the version of Ory Kratos. + - GetVersion Return Running Software Version. + - This endpoint returns the version of Ory Kratos. If the service supports TLS Edge Termination, this endpoint does not require the `X-Forwarded-Proto` header to be set. Be aware that if you are running multiple nodes of this service, the version will never refer to the cluster state, only to a single instance. - * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - * @return MetadataApiApiGetVersionRequest + - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + - @return MetadataApiApiGetVersionRequest */ func (a *MetadataApiService) GetVersion(ctx context.Context) MetadataApiApiGetVersionRequest { return MetadataApiApiGetVersionRequest{ @@ -209,8 +209,9 @@ func (r MetadataApiApiIsAliveRequest) Execute() (*InlineResponse200, *http.Respo } /* - * IsAlive Check HTTP Server Status - * This endpoint returns a HTTP 200 status code when Ory Kratos is accepting incoming + - IsAlive Check HTTP Server Status + - This endpoint returns a HTTP 200 status code when Ory Kratos is accepting incoming + HTTP requests. This status does currently not include checks whether the database connection is working. If the service supports TLS Edge Termination, this endpoint does not require the @@ -218,8 +219,8 @@ If the service supports TLS Edge Termination, this endpoint does not require the Be aware that if you are running multiple nodes of this service, the health status will never refer to the cluster state, only to a single instance. - * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - * @return MetadataApiApiIsAliveRequest + - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + - @return MetadataApiApiIsAliveRequest */ func (a *MetadataApiService) IsAlive(ctx context.Context) MetadataApiApiIsAliveRequest { return MetadataApiApiIsAliveRequest{ @@ -326,8 +327,9 @@ func (r MetadataApiApiIsReadyRequest) Execute() (*InlineResponse200, *http.Respo } /* - * IsReady Check HTTP Server and Database Status - * This endpoint returns a HTTP 200 status code when Ory Kratos is up running and the environment dependencies (e.g. + - IsReady Check HTTP Server and Database Status + - This endpoint returns a HTTP 200 status code when Ory Kratos is up running and the environment dependencies (e.g. + the database) are responsive as well. If the service supports TLS Edge Termination, this endpoint does not require the @@ -335,8 +337,8 @@ If the service supports TLS Edge Termination, this endpoint does not require the Be aware that if you are running multiple nodes of Ory Kratos, the health status will never refer to the cluster state, only to a single instance. - * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - * @return MetadataApiApiIsReadyRequest + - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + - @return MetadataApiApiIsReadyRequest */ func (a *MetadataApiService) IsReady(ctx context.Context) MetadataApiApiIsReadyRequest { return MetadataApiApiIsReadyRequest{ diff --git a/internal/httpclient/api_v0alpha2.go b/internal/httpclient/api_v0alpha2.go index d7b191201fae..93d81fd80c6a 100644 --- a/internal/httpclient/api_v0alpha2.go +++ b/internal/httpclient/api_v0alpha2.go @@ -382,7 +382,7 @@ type V0alpha2Api interface { GetSelfServiceSettingsFlowExecute(r V0alpha2ApiApiGetSelfServiceSettingsFlowRequest) (*SelfServiceSettingsFlow, *http.Response, error) /* - * GetSelfServiceVerificationFlow # Get Verification Flow + * GetSelfServiceVerificationFlow Get Verification Flow * This endpoint returns a verification flow's context with, for example, error details and other information. Browser flows expect the anti-CSRF cookie to be included in the request's HTTP Cookie Header. @@ -535,7 +535,6 @@ type V0alpha2Api interface { This endpoint MUST ONLY be used in scenarios such as native mobile apps (React Native, Objective C, Swift, Java, ...). - More information can be found at [Ory Kratos Account Recovery Documentation](../self-service/flows/account-recovery). * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). * @return V0alpha2ApiApiInitializeSelfServiceRecoveryFlowWithoutBrowserRequest @@ -1017,7 +1016,7 @@ type V0alpha2Api interface { SubmitSelfServiceSettingsFlowExecute(r V0alpha2ApiApiSubmitSelfServiceSettingsFlowRequest) (*SelfServiceSettingsFlow, *http.Response, error) /* - * SubmitSelfServiceVerificationFlow # Complete Verification Flow + * SubmitSelfServiceVerificationFlow Complete Verification Flow * Use this endpoint to complete a verification flow. This endpoint behaves differently for API and browser flows and has several states: @@ -1084,7 +1083,7 @@ type V0alpha2Api interface { Reverse proxies and API Gateways Server-side calls - use the `X-Session-Token` header! - This endpoint authenticates users by checking + # This endpoint authenticates users by checking if the `Cookie` HTTP header was set containing an Ory Kratos Session Cookie; if the `Authorization: bearer ` HTTP header was set with a valid Ory Kratos Session Token; @@ -1279,11 +1278,12 @@ func (r V0alpha2ApiApiAdminCreateSelfServiceRecoveryLinkRequest) Execute() (*Sel } /* - * AdminCreateSelfServiceRecoveryLink Create a Recovery Link - * This endpoint creates a recovery link which should be given to the user in order for them to recover + - AdminCreateSelfServiceRecoveryLink Create a Recovery Link + - This endpoint creates a recovery link which should be given to the user in order for them to recover + (or activate) their account. - * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - * @return V0alpha2ApiApiAdminCreateSelfServiceRecoveryLinkRequest + - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + - @return V0alpha2ApiApiAdminCreateSelfServiceRecoveryLinkRequest */ func (a *V0alpha2ApiService) AdminCreateSelfServiceRecoveryLink(ctx context.Context) V0alpha2ApiApiAdminCreateSelfServiceRecoveryLinkRequest { return V0alpha2ApiApiAdminCreateSelfServiceRecoveryLinkRequest{ @@ -1413,15 +1413,16 @@ func (r V0alpha2ApiApiAdminDeleteIdentityRequest) Execute() (*http.Response, err } /* - * AdminDeleteIdentity Delete an Identity - * Calling this endpoint irrecoverably and permanently deletes the identity given its ID. This action can not be undone. + - AdminDeleteIdentity Delete an Identity + - Calling this endpoint irrecoverably and permanently deletes the identity given its ID. This action can not be undone. + This endpoint returns 204 when the identity was deleted or when the identity was not found, in which case it is assumed that is has been deleted already. Learn how identities work in [Ory Kratos' User And Identity Model Documentation](https://www.ory.sh/docs/next/kratos/concepts/identity-user-model). - * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - * @param id ID is the identity's ID. - * @return V0alpha2ApiApiAdminDeleteIdentityRequest + - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + - @param id ID is the identity's ID. + - @return V0alpha2ApiApiAdminDeleteIdentityRequest */ func (a *V0alpha2ApiService) AdminDeleteIdentity(ctx context.Context, id string) V0alpha2ApiApiAdminDeleteIdentityRequest { return V0alpha2ApiApiAdminDeleteIdentityRequest{ @@ -1544,13 +1545,13 @@ func (r V0alpha2ApiApiAdminDeleteIdentitySessionsRequest) Execute() (*http.Respo } /* - * AdminDeleteIdentitySessions Calling this endpoint irrecoverably and permanently deletes and invalidates all sessions that belong to the given Identity. - * This endpoint is useful for: + - AdminDeleteIdentitySessions Calling this endpoint irrecoverably and permanently deletes and invalidates all sessions that belong to the given Identity. + - This endpoint is useful for: To forcefully logout Identity from all devices and sessions - * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - * @param id ID is the identity's ID. - * @return V0alpha2ApiApiAdminDeleteIdentitySessionsRequest + - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + - @param id ID is the identity's ID. + - @return V0alpha2ApiApiAdminDeleteIdentitySessionsRequest */ func (a *V0alpha2ApiService) AdminDeleteIdentitySessions(ctx context.Context, id string) V0alpha2ApiApiAdminDeleteIdentitySessionsRequest { return V0alpha2ApiApiAdminDeleteIdentitySessionsRequest{ @@ -2006,12 +2007,12 @@ func (r V0alpha2ApiApiAdminListIdentitiesRequest) Execute() ([]Identity, *http.R } /* - * AdminListIdentities List Identities - * Lists all identities. Does not support search at the moment. + - AdminListIdentities List Identities + - Lists all identities. Does not support search at the moment. Learn how identities work in [Ory Kratos' User And Identity Model Documentation](https://www.ory.sh/docs/next/kratos/concepts/identity-user-model). - * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - * @return V0alpha2ApiApiAdminListIdentitiesRequest + - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + - @return V0alpha2ApiApiAdminListIdentitiesRequest */ func (a *V0alpha2ApiService) AdminListIdentities(ctx context.Context) V0alpha2ApiApiAdminListIdentitiesRequest { return V0alpha2ApiApiAdminListIdentitiesRequest{ @@ -2155,13 +2156,13 @@ func (r V0alpha2ApiApiAdminListIdentitySessionsRequest) Execute() ([]Session, *h } /* - * AdminListIdentitySessions This endpoint returns all sessions that belong to the given Identity. - * This endpoint is useful for: + - AdminListIdentitySessions This endpoint returns all sessions that belong to the given Identity. + - This endpoint is useful for: Listing all sessions that belong to an Identity in an administrative context. - * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - * @param id ID is the identity's ID. - * @return V0alpha2ApiApiAdminListIdentitySessionsRequest + - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + - @param id ID is the identity's ID. + - @return V0alpha2ApiApiAdminListIdentitySessionsRequest */ func (a *V0alpha2ApiService) AdminListIdentitySessions(ctx context.Context, id string) V0alpha2ApiApiAdminListIdentitySessionsRequest { return V0alpha2ApiApiAdminListIdentitySessionsRequest{ @@ -2330,13 +2331,13 @@ func (r V0alpha2ApiApiAdminPatchIdentityRequest) Execute() (*Identity, *http.Res } /* - * AdminPatchIdentity Partially updates an Identity's field using [JSON Patch](https://jsonpatch.com/) - * NOTE: The fields `id`, `stateChangedAt` and `credentials` are not updateable. + - AdminPatchIdentity Partially updates an Identity's field using [JSON Patch](https://jsonpatch.com/) + - NOTE: The fields `id`, `stateChangedAt` and `credentials` are not updateable. Learn how identities work in [Ory Kratos' User And Identity Model Documentation](https://www.ory.sh/docs/next/kratos/concepts/identity-user-model). - * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - * @param id ID must be set to the ID of identity you want to update - * @return V0alpha2ApiApiAdminPatchIdentityRequest + - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + - @param id ID must be set to the ID of identity you want to update + - @return V0alpha2ApiApiAdminPatchIdentityRequest */ func (a *V0alpha2ApiService) AdminPatchIdentity(ctx context.Context, id string) V0alpha2ApiApiAdminPatchIdentityRequest { return V0alpha2ApiApiAdminPatchIdentityRequest{ @@ -2498,13 +2499,13 @@ func (r V0alpha2ApiApiAdminUpdateIdentityRequest) Execute() (*Identity, *http.Re } /* - * AdminUpdateIdentity Update an Identity - * This endpoint updates an identity. The full identity payload (except credentials) is expected. This endpoint does not support patching. + - AdminUpdateIdentity Update an Identity + - This endpoint updates an identity. The full identity payload (except credentials) is expected. This endpoint does not support patching. Learn how identities work in [Ory Kratos' User And Identity Model Documentation](https://www.ory.sh/docs/next/kratos/concepts/identity-user-model). - * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - * @param id ID must be set to the ID of identity you want to update - * @return V0alpha2ApiApiAdminUpdateIdentityRequest + - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + - @param id ID must be set to the ID of identity you want to update + - @return V0alpha2ApiApiAdminUpdateIdentityRequest */ func (a *V0alpha2ApiService) AdminUpdateIdentity(ctx context.Context, id string) V0alpha2ApiApiAdminUpdateIdentityRequest { return V0alpha2ApiApiAdminUpdateIdentityRequest{ @@ -2665,8 +2666,8 @@ func (r V0alpha2ApiApiCreateSelfServiceLogoutFlowUrlForBrowsersRequest) Execute( } /* - * CreateSelfServiceLogoutFlowUrlForBrowsers Create a Logout URL for Browsers - * This endpoint initializes a browser-based user logout flow and a URL which can be used to log out the user. + - CreateSelfServiceLogoutFlowUrlForBrowsers Create a Logout URL for Browsers + - This endpoint initializes a browser-based user logout flow and a URL which can be used to log out the user. This endpoint is NOT INTENDED for API clients and only works with browsers (Chrome, Firefox, ...). For API clients you can @@ -2676,8 +2677,8 @@ The URL is only valid for the currently signed in user. If no user is signed in, a 401 error. When calling this endpoint from a backend, please ensure to properly forward the HTTP cookies. - * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - * @return V0alpha2ApiApiCreateSelfServiceLogoutFlowUrlForBrowsersRequest + - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + - @return V0alpha2ApiApiCreateSelfServiceLogoutFlowUrlForBrowsersRequest */ func (a *V0alpha2ApiService) CreateSelfServiceLogoutFlowUrlForBrowsers(ctx context.Context) V0alpha2ApiApiCreateSelfServiceLogoutFlowUrlForBrowsersRequest { return V0alpha2ApiApiCreateSelfServiceLogoutFlowUrlForBrowsersRequest{ @@ -2927,16 +2928,16 @@ func (r V0alpha2ApiApiGetSelfServiceErrorRequest) Execute() (*SelfServiceError, } /* - * GetSelfServiceError Get Self-Service Errors - * This endpoint returns the error associated with a user-facing self service errors. + - GetSelfServiceError Get Self-Service Errors + - This endpoint returns the error associated with a user-facing self service errors. This endpoint supports stub values to help you implement the error UI: `?id=stub:500` - returns a stub 500 (Internal Server Error) error. More information can be found at [Ory Kratos User User Facing Error Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-facing-errors). - * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - * @return V0alpha2ApiApiGetSelfServiceErrorRequest + - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + - @return V0alpha2ApiApiGetSelfServiceErrorRequest */ func (a *V0alpha2ApiService) GetSelfServiceError(ctx context.Context) V0alpha2ApiApiGetSelfServiceErrorRequest { return V0alpha2ApiApiGetSelfServiceErrorRequest{ @@ -3078,8 +3079,8 @@ func (r V0alpha2ApiApiGetSelfServiceLoginFlowRequest) Execute() (*SelfServiceLog } /* - * GetSelfServiceLoginFlow Get Login Flow - * This endpoint returns a login flow's context with, for example, error details and other information. + - GetSelfServiceLoginFlow Get Login Flow + - This endpoint returns a login flow's context with, for example, error details and other information. Browser flows expect the anti-CSRF cookie to be included in the request's HTTP Cookie Header. For AJAX requests you must ensure that cookies are included in the request or requests will fail. @@ -3102,8 +3103,8 @@ This request may fail due to several reasons. The `error.id` can be one of: `self_service_flow_expired`: The flow is expired and you should request a new one. More information can be found at [Ory Kratos User Login](https://www.ory.sh/docs/kratos/self-service/flows/user-login) and [User Registration Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-registration). - * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - * @return V0alpha2ApiApiGetSelfServiceLoginFlowRequest + - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + - @return V0alpha2ApiApiGetSelfServiceLoginFlowRequest */ func (a *V0alpha2ApiService) GetSelfServiceLoginFlow(ctx context.Context) V0alpha2ApiApiGetSelfServiceLoginFlowRequest { return V0alpha2ApiApiGetSelfServiceLoginFlowRequest{ @@ -3258,8 +3259,8 @@ func (r V0alpha2ApiApiGetSelfServiceRecoveryFlowRequest) Execute() (*SelfService } /* - * GetSelfServiceRecoveryFlow Get Recovery Flow - * This endpoint returns a recovery flow's context with, for example, error details and other information. + - GetSelfServiceRecoveryFlow Get Recovery Flow + - This endpoint returns a recovery flow's context with, for example, error details and other information. Browser flows expect the anti-CSRF cookie to be included in the request's HTTP Cookie Header. For AJAX requests you must ensure that cookies are included in the request or requests will fail. @@ -3277,8 +3278,8 @@ res.render('recovery', flow) ``` More information can be found at [Ory Kratos Account Recovery Documentation](../self-service/flows/account-recovery). - * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - * @return V0alpha2ApiApiGetSelfServiceRecoveryFlowRequest + - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + - @return V0alpha2ApiApiGetSelfServiceRecoveryFlowRequest */ func (a *V0alpha2ApiService) GetSelfServiceRecoveryFlow(ctx context.Context) V0alpha2ApiApiGetSelfServiceRecoveryFlowRequest { return V0alpha2ApiApiGetSelfServiceRecoveryFlowRequest{ @@ -3423,8 +3424,8 @@ func (r V0alpha2ApiApiGetSelfServiceRegistrationFlowRequest) Execute() (*SelfSer } /* - * GetSelfServiceRegistrationFlow Get Registration Flow - * This endpoint returns a registration flow's context with, for example, error details and other information. + - GetSelfServiceRegistrationFlow Get Registration Flow + - This endpoint returns a registration flow's context with, for example, error details and other information. Browser flows expect the anti-CSRF cookie to be included in the request's HTTP Cookie Header. For AJAX requests you must ensure that cookies are included in the request or requests will fail. @@ -3447,8 +3448,8 @@ This request may fail due to several reasons. The `error.id` can be one of: `self_service_flow_expired`: The flow is expired and you should request a new one. More information can be found at [Ory Kratos User Login](https://www.ory.sh/docs/kratos/self-service/flows/user-login) and [User Registration Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-registration). - * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - * @return V0alpha2ApiApiGetSelfServiceRegistrationFlowRequest + - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + - @return V0alpha2ApiApiGetSelfServiceRegistrationFlowRequest */ func (a *V0alpha2ApiService) GetSelfServiceRegistrationFlow(ctx context.Context) V0alpha2ApiApiGetSelfServiceRegistrationFlowRequest { return V0alpha2ApiApiGetSelfServiceRegistrationFlowRequest{ @@ -3608,8 +3609,9 @@ func (r V0alpha2ApiApiGetSelfServiceSettingsFlowRequest) Execute() (*SelfService } /* - * GetSelfServiceSettingsFlow Get Settings Flow - * When accessing this endpoint through Ory Kratos' Public API you must ensure that either the Ory Kratos Session Cookie + - GetSelfServiceSettingsFlow Get Settings Flow + - When accessing this endpoint through Ory Kratos' Public API you must ensure that either the Ory Kratos Session Cookie + or the Ory Kratos Session Token are set. Depending on your configuration this endpoint might return a 403 error if the session has a lower Authenticator @@ -3628,8 +3630,8 @@ case of an error, the `error.id` of the JSON response body can be one of: identity logged in instead. More information can be found at [Ory Kratos User Settings & Profile Management Documentation](../self-service/flows/user-settings). - * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - * @return V0alpha2ApiApiGetSelfServiceSettingsFlowRequest + - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + - @return V0alpha2ApiApiGetSelfServiceSettingsFlowRequest */ func (a *V0alpha2ApiService) GetSelfServiceSettingsFlow(ctx context.Context) V0alpha2ApiApiGetSelfServiceSettingsFlowRequest { return V0alpha2ApiApiGetSelfServiceSettingsFlowRequest{ @@ -3797,8 +3799,8 @@ func (r V0alpha2ApiApiGetSelfServiceVerificationFlowRequest) Execute() (*SelfSer } /* - * GetSelfServiceVerificationFlow # Get Verification Flow - * This endpoint returns a verification flow's context with, for example, error details and other information. + - GetSelfServiceVerificationFlow Get Verification Flow + - This endpoint returns a verification flow's context with, for example, error details and other information. Browser flows expect the anti-CSRF cookie to be included in the request's HTTP Cookie Header. For AJAX requests you must ensure that cookies are included in the request or requests will fail. @@ -3815,8 +3817,8 @@ res.render('verification', flow) }) More information can be found at [Ory Kratos Email and Phone Verification Documentation](https://www.ory.sh/docs/kratos/selfservice/flows/verify-email-account-activation). - * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - * @return V0alpha2ApiApiGetSelfServiceVerificationFlowRequest + - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + - @return V0alpha2ApiApiGetSelfServiceVerificationFlowRequest */ func (a *V0alpha2ApiService) GetSelfServiceVerificationFlow(ctx context.Context) V0alpha2ApiApiGetSelfServiceVerificationFlowRequest { return V0alpha2ApiApiGetSelfServiceVerificationFlowRequest{ @@ -3950,8 +3952,8 @@ func (r V0alpha2ApiApiGetWebAuthnJavaScriptRequest) Execute() (string, *http.Res } /* - * GetWebAuthnJavaScript Get WebAuthn JavaScript - * This endpoint provides JavaScript which is needed in order to perform WebAuthn login and registration. + - GetWebAuthnJavaScript Get WebAuthn JavaScript + - This endpoint provides JavaScript which is needed in order to perform WebAuthn login and registration. If you are building a JavaScript Browser App (e.g. in ReactJS or AngularJS) you will need to load this file: @@ -3960,8 +3962,8 @@ If you are building a JavaScript Browser App (e.g. in ReactJS or AngularJS) you ``` More information can be found at [Ory Kratos User Login](https://www.ory.sh/docs/kratos/self-service/flows/user-login) and [User Registration Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-registration). - * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - * @return V0alpha2ApiApiGetWebAuthnJavaScriptRequest + - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + - @return V0alpha2ApiApiGetWebAuthnJavaScriptRequest */ func (a *V0alpha2ApiService) GetWebAuthnJavaScript(ctx context.Context) V0alpha2ApiApiGetWebAuthnJavaScriptRequest { return V0alpha2ApiApiGetWebAuthnJavaScriptRequest{ @@ -4075,8 +4077,9 @@ func (r V0alpha2ApiApiInitializeSelfServiceLoginFlowForBrowsersRequest) Execute( } /* - * InitializeSelfServiceLoginFlowForBrowsers Initialize Login Flow for Browsers - * This endpoint initializes a browser-based user login flow. This endpoint will set the appropriate + - InitializeSelfServiceLoginFlowForBrowsers Initialize Login Flow for Browsers + - This endpoint initializes a browser-based user login flow. This endpoint will set the appropriate + cookies and anti-CSRF measures required for browser-based flows. If this endpoint is opened as a link in the browser, it will be redirected to @@ -4095,8 +4098,8 @@ case of an error, the `error.id` of the JSON response body can be one of: This endpoint is NOT INTENDED for clients that do not have a browser (Chrome, Firefox, ...) as cookies are needed. More information can be found at [Ory Kratos User Login](https://www.ory.sh/docs/kratos/self-service/flows/user-login) and [User Registration Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-registration). - * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - * @return V0alpha2ApiApiInitializeSelfServiceLoginFlowForBrowsersRequest + - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + - @return V0alpha2ApiApiInitializeSelfServiceLoginFlowForBrowsersRequest */ func (a *V0alpha2ApiService) InitializeSelfServiceLoginFlowForBrowsers(ctx context.Context) V0alpha2ApiApiInitializeSelfServiceLoginFlowForBrowsersRequest { return V0alpha2ApiApiInitializeSelfServiceLoginFlowForBrowsersRequest{ @@ -4238,8 +4241,8 @@ func (r V0alpha2ApiApiInitializeSelfServiceLoginFlowWithoutBrowserRequest) Execu } /* - * InitializeSelfServiceLoginFlowWithoutBrowser Initialize Login Flow for APIs, Services, Apps, ... - * This endpoint initiates a login flow for API clients that do not use a browser, such as mobile devices, smart TVs, and so on. + - InitializeSelfServiceLoginFlowWithoutBrowser Initialize Login Flow for APIs, Services, Apps, ... + - This endpoint initiates a login flow for API clients that do not use a browser, such as mobile devices, smart TVs, and so on. If a valid provided session cookie or session token is provided, a 400 Bad Request error will be returned unless the URL query parameter `?refresh=true` is set. @@ -4259,8 +4262,8 @@ In the case of an error, the `error.id` of the JSON response body can be one of: This endpoint MUST ONLY be used in scenarios such as native mobile apps (React Native, Objective C, Swift, Java, ...). More information can be found at [Ory Kratos User Login](https://www.ory.sh/docs/kratos/self-service/flows/user-login) and [User Registration Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-registration). - * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - * @return V0alpha2ApiApiInitializeSelfServiceLoginFlowWithoutBrowserRequest + - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + - @return V0alpha2ApiApiInitializeSelfServiceLoginFlowWithoutBrowserRequest */ func (a *V0alpha2ApiService) InitializeSelfServiceLoginFlowWithoutBrowser(ctx context.Context) V0alpha2ApiApiInitializeSelfServiceLoginFlowWithoutBrowserRequest { return V0alpha2ApiApiInitializeSelfServiceLoginFlowWithoutBrowserRequest{ @@ -4392,8 +4395,9 @@ func (r V0alpha2ApiApiInitializeSelfServiceRecoveryFlowForBrowsersRequest) Execu } /* - * InitializeSelfServiceRecoveryFlowForBrowsers Initialize Recovery Flow for Browsers - * This endpoint initializes a browser-based account recovery flow. Once initialized, the browser will be redirected to + - InitializeSelfServiceRecoveryFlowForBrowsers Initialize Recovery Flow for Browsers + - This endpoint initializes a browser-based account recovery flow. Once initialized, the browser will be redirected to + `selfservice.flows.recovery.ui_url` with the flow ID set as the query parameter `?flow=`. If a valid user session exists, the browser is returned to the configured return URL. @@ -4403,8 +4407,8 @@ or a 400 bad request error if the user is already authenticated. This endpoint is NOT INTENDED for clients that do not have a browser (Chrome, Firefox, ...) as cookies are needed. More information can be found at [Ory Kratos Account Recovery Documentation](../self-service/flows/account-recovery). - * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - * @return V0alpha2ApiApiInitializeSelfServiceRecoveryFlowForBrowsersRequest + - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + - @return V0alpha2ApiApiInitializeSelfServiceRecoveryFlowForBrowsersRequest */ func (a *V0alpha2ApiService) InitializeSelfServiceRecoveryFlowForBrowsers(ctx context.Context) V0alpha2ApiApiInitializeSelfServiceRecoveryFlowForBrowsersRequest { return V0alpha2ApiApiInitializeSelfServiceRecoveryFlowForBrowsersRequest{ @@ -4524,8 +4528,8 @@ func (r V0alpha2ApiApiInitializeSelfServiceRecoveryFlowWithoutBrowserRequest) Ex } /* - * InitializeSelfServiceRecoveryFlowWithoutBrowser Initialize Recovery Flow for APIs, Services, Apps, ... - * This endpoint initiates a recovery flow for API clients such as mobile devices, smart TVs, and so on. + - InitializeSelfServiceRecoveryFlowWithoutBrowser Initialize Recovery Flow for APIs, Services, Apps, ... + - This endpoint initiates a recovery flow for API clients such as mobile devices, smart TVs, and so on. If a valid provided session cookie or session token is provided, a 400 Bad Request error. @@ -4537,10 +4541,9 @@ you vulnerable to a variety of CSRF attacks. This endpoint MUST ONLY be used in scenarios such as native mobile apps (React Native, Objective C, Swift, Java, ...). - More information can be found at [Ory Kratos Account Recovery Documentation](../self-service/flows/account-recovery). - * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - * @return V0alpha2ApiApiInitializeSelfServiceRecoveryFlowWithoutBrowserRequest + - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + - @return V0alpha2ApiApiInitializeSelfServiceRecoveryFlowWithoutBrowserRequest */ func (a *V0alpha2ApiService) InitializeSelfServiceRecoveryFlowWithoutBrowser(ctx context.Context) V0alpha2ApiApiInitializeSelfServiceRecoveryFlowWithoutBrowserRequest { return V0alpha2ApiApiInitializeSelfServiceRecoveryFlowWithoutBrowserRequest{ @@ -4663,8 +4666,9 @@ func (r V0alpha2ApiApiInitializeSelfServiceRegistrationFlowForBrowsersRequest) E } /* - * InitializeSelfServiceRegistrationFlowForBrowsers Initialize Registration Flow for Browsers - * This endpoint initializes a browser-based user registration flow. This endpoint will set the appropriate + - InitializeSelfServiceRegistrationFlowForBrowsers Initialize Registration Flow for Browsers + - This endpoint initializes a browser-based user registration flow. This endpoint will set the appropriate + cookies and anti-CSRF measures required for browser-based flows. :::info @@ -4689,8 +4693,8 @@ If this endpoint is called via an AJAX request, the response contains the regist This endpoint is NOT INTENDED for clients that do not have a browser (Chrome, Firefox, ...) as cookies are needed. More information can be found at [Ory Kratos User Login](https://www.ory.sh/docs/kratos/self-service/flows/user-login) and [User Registration Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-registration). - * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - * @return V0alpha2ApiApiInitializeSelfServiceRegistrationFlowForBrowsersRequest + - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + - @return V0alpha2ApiApiInitializeSelfServiceRegistrationFlowForBrowsersRequest */ func (a *V0alpha2ApiService) InitializeSelfServiceRegistrationFlowForBrowsers(ctx context.Context) V0alpha2ApiApiInitializeSelfServiceRegistrationFlowForBrowsersRequest { return V0alpha2ApiApiInitializeSelfServiceRegistrationFlowForBrowsersRequest{ @@ -4800,8 +4804,8 @@ func (r V0alpha2ApiApiInitializeSelfServiceRegistrationFlowWithoutBrowserRequest } /* - * InitializeSelfServiceRegistrationFlowWithoutBrowser Initialize Registration Flow for APIs, Services, Apps, ... - * This endpoint initiates a registration flow for API clients such as mobile devices, smart TVs, and so on. + - InitializeSelfServiceRegistrationFlowWithoutBrowser Initialize Registration Flow for APIs, Services, Apps, ... + - This endpoint initiates a registration flow for API clients such as mobile devices, smart TVs, and so on. If a valid provided session cookie or session token is provided, a 400 Bad Request error will be returned unless the URL query parameter `?refresh=true` is set. @@ -4820,8 +4824,8 @@ In the case of an error, the `error.id` of the JSON response body can be one of: This endpoint MUST ONLY be used in scenarios such as native mobile apps (React Native, Objective C, Swift, Java, ...). More information can be found at [Ory Kratos User Login](https://www.ory.sh/docs/kratos/self-service/flows/user-login) and [User Registration Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-registration). - * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - * @return V0alpha2ApiApiInitializeSelfServiceRegistrationFlowWithoutBrowserRequest + - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + - @return V0alpha2ApiApiInitializeSelfServiceRegistrationFlowWithoutBrowserRequest */ func (a *V0alpha2ApiService) InitializeSelfServiceRegistrationFlowWithoutBrowser(ctx context.Context) V0alpha2ApiApiInitializeSelfServiceRegistrationFlowWithoutBrowserRequest { return V0alpha2ApiApiInitializeSelfServiceRegistrationFlowWithoutBrowserRequest{ @@ -4944,8 +4948,9 @@ func (r V0alpha2ApiApiInitializeSelfServiceSettingsFlowForBrowsersRequest) Execu } /* - * InitializeSelfServiceSettingsFlowForBrowsers Initialize Settings Flow for Browsers - * This endpoint initializes a browser-based user settings flow. Once initialized, the browser will be redirected to + - InitializeSelfServiceSettingsFlowForBrowsers Initialize Settings Flow for Browsers + - This endpoint initializes a browser-based user settings flow. Once initialized, the browser will be redirected to + `selfservice.flows.settings.ui_url` with the flow ID set as the query parameter `?flow=`. If no valid Ory Kratos Session Cookie is included in the request, a login flow will be initialized. @@ -4971,8 +4976,8 @@ case of an error, the `error.id` of the JSON response body can be one of: This endpoint is NOT INTENDED for clients that do not have a browser (Chrome, Firefox, ...) as cookies are needed. More information can be found at [Ory Kratos User Settings & Profile Management Documentation](../self-service/flows/user-settings). - * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - * @return V0alpha2ApiApiInitializeSelfServiceSettingsFlowForBrowsersRequest + - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + - @return V0alpha2ApiApiInitializeSelfServiceSettingsFlowForBrowsersRequest */ func (a *V0alpha2ApiService) InitializeSelfServiceSettingsFlowForBrowsers(ctx context.Context) V0alpha2ApiApiInitializeSelfServiceSettingsFlowForBrowsersRequest { return V0alpha2ApiApiInitializeSelfServiceSettingsFlowForBrowsersRequest{ @@ -5118,8 +5123,9 @@ func (r V0alpha2ApiApiInitializeSelfServiceSettingsFlowWithoutBrowserRequest) Ex } /* - * InitializeSelfServiceSettingsFlowWithoutBrowser Initialize Settings Flow for APIs, Services, Apps, ... - * This endpoint initiates a settings flow for API clients such as mobile devices, smart TVs, and so on. + - InitializeSelfServiceSettingsFlowWithoutBrowser Initialize Settings Flow for APIs, Services, Apps, ... + - This endpoint initiates a settings flow for API clients such as mobile devices, smart TVs, and so on. + You must provide a valid Ory Kratos Session Token for this endpoint to respond with HTTP 200 OK. To fetch an existing settings flow call `/self-service/settings/flows?flow=`. @@ -5141,8 +5147,8 @@ In the case of an error, the `error.id` of the JSON response body can be one of: This endpoint MUST ONLY be used in scenarios such as native mobile apps (React Native, Objective C, Swift, Java, ...). More information can be found at [Ory Kratos User Settings & Profile Management Documentation](../self-service/flows/user-settings). - * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - * @return V0alpha2ApiApiInitializeSelfServiceSettingsFlowWithoutBrowserRequest + - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + - @return V0alpha2ApiApiInitializeSelfServiceSettingsFlowWithoutBrowserRequest */ func (a *V0alpha2ApiService) InitializeSelfServiceSettingsFlowWithoutBrowser(ctx context.Context) V0alpha2ApiApiInitializeSelfServiceSettingsFlowWithoutBrowserRequest { return V0alpha2ApiApiInitializeSelfServiceSettingsFlowWithoutBrowserRequest{ @@ -5268,8 +5274,9 @@ func (r V0alpha2ApiApiInitializeSelfServiceVerificationFlowForBrowsersRequest) E } /* - * InitializeSelfServiceVerificationFlowForBrowsers Initialize Verification Flow for Browser Clients - * This endpoint initializes a browser-based account verification flow. Once initialized, the browser will be redirected to + - InitializeSelfServiceVerificationFlowForBrowsers Initialize Verification Flow for Browser Clients + - This endpoint initializes a browser-based account verification flow. Once initialized, the browser will be redirected to + `selfservice.flows.verification.ui_url` with the flow ID set as the query parameter `?flow=`. If this endpoint is called via an AJAX request, the response contains the recovery flow without any redirects. @@ -5277,8 +5284,8 @@ If this endpoint is called via an AJAX request, the response contains the recove This endpoint is NOT INTENDED for API clients and only works with browsers (Chrome, Firefox, ...). More information can be found at [Ory Kratos Email and Phone Verification Documentation](https://www.ory.sh/docs/kratos/selfservice/flows/verify-email-account-activation). - * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - * @return V0alpha2ApiApiInitializeSelfServiceVerificationFlowForBrowsersRequest + - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + - @return V0alpha2ApiApiInitializeSelfServiceVerificationFlowForBrowsersRequest */ func (a *V0alpha2ApiService) InitializeSelfServiceVerificationFlowForBrowsers(ctx context.Context) V0alpha2ApiApiInitializeSelfServiceVerificationFlowForBrowsersRequest { return V0alpha2ApiApiInitializeSelfServiceVerificationFlowForBrowsersRequest{ @@ -5388,8 +5395,8 @@ func (r V0alpha2ApiApiInitializeSelfServiceVerificationFlowWithoutBrowserRequest } /* - * InitializeSelfServiceVerificationFlowWithoutBrowser Initialize Verification Flow for APIs, Services, Apps, ... - * This endpoint initiates a verification flow for API clients such as mobile devices, smart TVs, and so on. + - InitializeSelfServiceVerificationFlowWithoutBrowser Initialize Verification Flow for APIs, Services, Apps, ... + - This endpoint initiates a verification flow for API clients such as mobile devices, smart TVs, and so on. To fetch an existing verification flow call `/self-service/verification/flows?flow=`. @@ -5400,8 +5407,8 @@ you vulnerable to a variety of CSRF attacks. This endpoint MUST ONLY be used in scenarios such as native mobile apps (React Native, Objective C, Swift, Java, ...). More information can be found at [Ory Kratos Email and Phone Verification Documentation](https://www.ory.sh/docs/kratos/self-service/flows/verify-email-account-activation). - * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - * @return V0alpha2ApiApiInitializeSelfServiceVerificationFlowWithoutBrowserRequest + - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + - @return V0alpha2ApiApiInitializeSelfServiceVerificationFlowWithoutBrowserRequest */ func (a *V0alpha2ApiService) InitializeSelfServiceVerificationFlowWithoutBrowser(ctx context.Context) V0alpha2ApiApiInitializeSelfServiceVerificationFlowWithoutBrowserRequest { return V0alpha2ApiApiInitializeSelfServiceVerificationFlowWithoutBrowserRequest{ @@ -5666,12 +5673,12 @@ func (r V0alpha2ApiApiListSessionsRequest) Execute() ([]Session, *http.Response, } /* - * ListSessions This endpoints returns all other active sessions that belong to the logged-in user. The current session can be retrieved by calling the `/sessions/whoami` endpoint. - * This endpoint is useful for: + - ListSessions This endpoints returns all other active sessions that belong to the logged-in user. The current session can be retrieved by calling the `/sessions/whoami` endpoint. + - This endpoint is useful for: Displaying all other sessions that belong to the logged-in user - * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - * @return V0alpha2ApiApiListSessionsRequest + - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + - @return V0alpha2ApiApiListSessionsRequest */ func (a *V0alpha2ApiService) ListSessions(ctx context.Context) V0alpha2ApiApiListSessionsRequest { return V0alpha2ApiApiListSessionsRequest{ @@ -5821,13 +5828,13 @@ func (r V0alpha2ApiApiRevokeSessionRequest) Execute() (*http.Response, error) { } /* - * RevokeSession Calling this endpoint invalidates the specified session. The current session cannot be revoked. Session data are not deleted. - * This endpoint is useful for: + - RevokeSession Calling this endpoint invalidates the specified session. The current session cannot be revoked. Session data are not deleted. + - This endpoint is useful for: To forcefully logout the current user from another device or session - * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - * @param id ID is the session's ID. - * @return V0alpha2ApiApiRevokeSessionRequest + - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + - @param id ID is the session's ID. + - @return V0alpha2ApiApiRevokeSessionRequest */ func (a *V0alpha2ApiService) RevokeSession(ctx context.Context, id string) V0alpha2ApiApiRevokeSessionRequest { return V0alpha2ApiApiRevokeSessionRequest{ @@ -5956,12 +5963,12 @@ func (r V0alpha2ApiApiRevokeSessionsRequest) Execute() (*RevokedSessions, *http. } /* - * RevokeSessions Calling this endpoint invalidates all except the current session that belong to the logged-in user. Session data are not deleted. - * This endpoint is useful for: + - RevokeSessions Calling this endpoint invalidates all except the current session that belong to the logged-in user. Session data are not deleted. + - This endpoint is useful for: To forcefully logout the current user from all other devices and sessions - * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - * @return V0alpha2ApiApiRevokeSessionsRequest + - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + - @return V0alpha2ApiApiRevokeSessionsRequest */ func (a *V0alpha2ApiService) RevokeSessions(ctx context.Context) V0alpha2ApiApiRevokeSessionsRequest { return V0alpha2ApiApiRevokeSessionsRequest{ @@ -6125,8 +6132,8 @@ func (r V0alpha2ApiApiSubmitSelfServiceLoginFlowRequest) Execute() (*SuccessfulS } /* - * SubmitSelfServiceLoginFlow Submit a Login Flow - * :::info + - SubmitSelfServiceLoginFlow Submit a Login Flow + - :::info This endpoint is EXPERIMENTAL and subject to potential breaking changes in the future. @@ -6159,8 +6166,8 @@ case of an error, the `error.id` of the JSON response body can be one of: Most likely used in Social Sign In flows. More information can be found at [Ory Kratos User Login](https://www.ory.sh/docs/kratos/self-service/flows/user-login) and [User Registration Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-registration). - * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - * @return V0alpha2ApiApiSubmitSelfServiceLoginFlowRequest + - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + - @return V0alpha2ApiApiSubmitSelfServiceLoginFlowRequest */ func (a *V0alpha2ApiService) SubmitSelfServiceLoginFlow(ctx context.Context) V0alpha2ApiApiSubmitSelfServiceLoginFlowRequest { return V0alpha2ApiApiSubmitSelfServiceLoginFlowRequest{ @@ -6323,8 +6330,8 @@ func (r V0alpha2ApiApiSubmitSelfServiceLogoutFlowRequest) Execute() (*http.Respo } /* - * SubmitSelfServiceLogoutFlow Complete Self-Service Logout - * This endpoint logs out an identity in a self-service manner. + - SubmitSelfServiceLogoutFlow Complete Self-Service Logout + - This endpoint logs out an identity in a self-service manner. If the `Accept` HTTP header is not set to `application/json`, the browser will be redirected (HTTP 303 See Other) to the `return_to` parameter of the initial request or fall back to `urls.default_return_to`. @@ -6337,8 +6344,8 @@ with browsers (Chrome, Firefox, ...). For API clients you can call the `/self-service/logout/api` URL directly with the Ory Session Token. More information can be found at [Ory Kratos User Logout Documentation](https://www.ory.sh/docs/next/kratos/self-service/flows/user-logout). - * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - * @return V0alpha2ApiApiSubmitSelfServiceLogoutFlowRequest + - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + - @return V0alpha2ApiApiSubmitSelfServiceLogoutFlowRequest */ func (a *V0alpha2ApiService) SubmitSelfServiceLogoutFlow(ctx context.Context) V0alpha2ApiApiSubmitSelfServiceLogoutFlowRequest { return V0alpha2ApiApiSubmitSelfServiceLogoutFlowRequest{ @@ -6446,8 +6453,9 @@ func (r V0alpha2ApiApiSubmitSelfServiceLogoutFlowWithoutBrowserRequest) Execute( } /* - * SubmitSelfServiceLogoutFlowWithoutBrowser Perform Logout for APIs, Services, Apps, ... - * Use this endpoint to log out an identity using an Ory Session Token. If the Ory Session Token was successfully + - SubmitSelfServiceLogoutFlowWithoutBrowser Perform Logout for APIs, Services, Apps, ... + - Use this endpoint to log out an identity using an Ory Session Token. If the Ory Session Token was successfully + revoked, the server returns a 204 No Content response. A 204 No Content response is also sent when the Ory Session Token has been revoked already before. @@ -6455,8 +6463,8 @@ If the Ory Session Token is malformed or does not exist a 403 Forbidden response This endpoint does not remove any HTTP Cookies - use the Browser-Based Self-Service Logout Flow instead. - * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - * @return V0alpha2ApiApiSubmitSelfServiceLogoutFlowWithoutBrowserRequest + - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + - @return V0alpha2ApiApiSubmitSelfServiceLogoutFlowWithoutBrowserRequest */ func (a *V0alpha2ApiService) SubmitSelfServiceLogoutFlowWithoutBrowser(ctx context.Context) V0alpha2ApiApiSubmitSelfServiceLogoutFlowWithoutBrowserRequest { return V0alpha2ApiApiSubmitSelfServiceLogoutFlowWithoutBrowserRequest{ @@ -6588,8 +6596,9 @@ func (r V0alpha2ApiApiSubmitSelfServiceRecoveryFlowRequest) Execute() (*SelfServ } /* - * SubmitSelfServiceRecoveryFlow Complete Recovery Flow - * Use this endpoint to complete a recovery flow. This endpoint + - SubmitSelfServiceRecoveryFlow Complete Recovery Flow + - Use this endpoint to complete a recovery flow. This endpoint + behaves differently for API and browser flows and has several states: `choose_method` expects `flow` (in the URL query) and `email` (in the body) to be sent @@ -6605,8 +6614,8 @@ does not have any API capabilities. The server responds with a HTTP 303 See Othe a new Recovery Flow ID which contains an error message that the recovery link was invalid. More information can be found at [Ory Kratos Account Recovery Documentation](../self-service/flows/account-recovery). - * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - * @return V0alpha2ApiApiSubmitSelfServiceRecoveryFlowRequest + - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + - @return V0alpha2ApiApiSubmitSelfServiceRecoveryFlowRequest */ func (a *V0alpha2ApiService) SubmitSelfServiceRecoveryFlow(ctx context.Context) V0alpha2ApiApiSubmitSelfServiceRecoveryFlowRequest { return V0alpha2ApiApiSubmitSelfServiceRecoveryFlowRequest{ @@ -6764,8 +6773,9 @@ func (r V0alpha2ApiApiSubmitSelfServiceRegistrationFlowRequest) Execute() (*Succ } /* - * SubmitSelfServiceRegistrationFlow Submit a Registration Flow - * Use this endpoint to complete a registration flow by sending an identity's traits and password. This endpoint + - SubmitSelfServiceRegistrationFlow Submit a Registration Flow + - Use this endpoint to complete a registration flow by sending an identity's traits and password. This endpoint + behaves differently for API and browser flows. API flows expect `application/json` to be sent in the body and respond with @@ -6793,8 +6803,8 @@ case of an error, the `error.id` of the JSON response body can be one of: Most likely used in Social Sign In flows. More information can be found at [Ory Kratos User Login](https://www.ory.sh/docs/kratos/self-service/flows/user-login) and [User Registration Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-registration). - * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - * @return V0alpha2ApiApiSubmitSelfServiceRegistrationFlowRequest + - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + - @return V0alpha2ApiApiSubmitSelfServiceRegistrationFlowRequest */ func (a *V0alpha2ApiService) SubmitSelfServiceRegistrationFlow(ctx context.Context) V0alpha2ApiApiSubmitSelfServiceRegistrationFlowRequest { return V0alpha2ApiApiSubmitSelfServiceRegistrationFlowRequest{ @@ -6964,8 +6974,9 @@ func (r V0alpha2ApiApiSubmitSelfServiceSettingsFlowRequest) Execute() (*SelfServ } /* - * SubmitSelfServiceSettingsFlow Complete Settings Flow - * Use this endpoint to complete a settings flow by sending an identity's updated password. This endpoint + - SubmitSelfServiceSettingsFlow Complete Settings Flow + - Use this endpoint to complete a settings flow by sending an identity's updated password. This endpoint + behaves differently for API and browser flows. API-initiated flows expect `application/json` to be sent in the body and respond with @@ -7008,8 +7019,8 @@ identity logged in instead. Most likely used in Social Sign In flows. More information can be found at [Ory Kratos User Settings & Profile Management Documentation](../self-service/flows/user-settings). - * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - * @return V0alpha2ApiApiSubmitSelfServiceSettingsFlowRequest + - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + - @return V0alpha2ApiApiSubmitSelfServiceSettingsFlowRequest */ func (a *V0alpha2ApiService) SubmitSelfServiceSettingsFlow(ctx context.Context) V0alpha2ApiApiSubmitSelfServiceSettingsFlowRequest { return V0alpha2ApiApiSubmitSelfServiceSettingsFlowRequest{ @@ -7202,8 +7213,9 @@ func (r V0alpha2ApiApiSubmitSelfServiceVerificationFlowRequest) Execute() (*Self } /* - * SubmitSelfServiceVerificationFlow # Complete Verification Flow - * Use this endpoint to complete a verification flow. This endpoint + - SubmitSelfServiceVerificationFlow Complete Verification Flow + - Use this endpoint to complete a verification flow. This endpoint + behaves differently for API and browser flows and has several states: `choose_method` expects `flow` (in the URL query) and `email` (in the body) to be sent @@ -7219,8 +7231,8 @@ does not have any API capabilities. The server responds with a HTTP 303 See Othe a new Verification Flow ID which contains an error message that the verification link was invalid. More information can be found at [Ory Kratos Email and Phone Verification Documentation](https://www.ory.sh/docs/kratos/selfservice/flows/verify-email-account-activation). - * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - * @return V0alpha2ApiApiSubmitSelfServiceVerificationFlowRequest + - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + - @return V0alpha2ApiApiSubmitSelfServiceVerificationFlowRequest */ func (a *V0alpha2ApiService) SubmitSelfServiceVerificationFlow(ctx context.Context) V0alpha2ApiApiSubmitSelfServiceVerificationFlowRequest { return V0alpha2ApiApiSubmitSelfServiceVerificationFlowRequest{ @@ -7373,8 +7385,9 @@ func (r V0alpha2ApiApiToSessionRequest) Execute() (*Session, *http.Response, err } /* - * ToSession Check Who the Current HTTP Session Belongs To - * Uses the HTTP Headers in the GET request to determine (e.g. by using checking the cookies) who is authenticated. + - ToSession Check Who the Current HTTP Session Belongs To + - Uses the HTTP Headers in the GET request to determine (e.g. by using checking the cookies) who is authenticated. + Returns a session object in the body or 401 if the credentials are invalid or no credentials were sent. Additionally when the request it successful it adds the user ID to the 'X-Kratos-Authenticated-Identity-Id' header in the response. @@ -7411,7 +7424,7 @@ AJAX calls. Remember to send credentials and set up CORS correctly! Reverse proxies and API Gateways Server-side calls - use the `X-Session-Token` header! -This endpoint authenticates users by checking +# This endpoint authenticates users by checking if the `Cookie` HTTP header was set containing an Ory Kratos Session Cookie; if the `Authorization: bearer ` HTTP header was set with a valid Ory Kratos Session Token; @@ -7423,8 +7436,8 @@ As explained above, this request may fail due to several reasons. The `error.id` `session_inactive`: No active session was found in the request (e.g. no Ory Session Cookie / Ory Session Token). `session_aal2_required`: An active session was found but it does not fulfil the Authenticator Assurance Level, implying that the session must (e.g.) authenticate the second factor. - * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - * @return V0alpha2ApiApiToSessionRequest + - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + - @return V0alpha2ApiApiToSessionRequest */ func (a *V0alpha2ApiService) ToSession(ctx context.Context) V0alpha2ApiApiToSessionRequest { return V0alpha2ApiApiToSessionRequest{ diff --git a/internal/httpclient/docs/AdminCreateIdentityBody.md b/internal/httpclient/docs/AdminCreateIdentityBody.md index 165f9fb4a72f..a91118f35907 100644 --- a/internal/httpclient/docs/AdminCreateIdentityBody.md +++ b/internal/httpclient/docs/AdminCreateIdentityBody.md @@ -7,7 +7,7 @@ Name | Type | Description | Notes **Credentials** | Pointer to [**AdminIdentityImportCredentials**](AdminIdentityImportCredentials.md) | | [optional] **MetadataAdmin** | Pointer to **interface{}** | Store metadata about the user which is only accessible through admin APIs such as `GET /admin/identities/<id>`. | [optional] **MetadataPublic** | Pointer to **interface{}** | Store metadata about the identity which the identity itself can see when calling for example the session endpoint. Do not store sensitive information (e.g. credit score) about the identity in this field. | [optional] -**RecoveryAddresses** | Pointer to [**[]RecoveryAddress**](RecoveryAddress.md) | RecoveryAddresses contains all the addresses that can be used to recover an identity. Use this structure to import recovery addresses for an identity. Please keep in mind that the address needs to be represented in the Identity Schema or this field will be overwritten on the next identity update. | [optional] +**RecoveryAddresses** | Pointer to [**[]RecoveryIdentityAddress**](RecoveryIdentityAddress.md) | RecoveryAddresses contains all the addresses that can be used to recover an identity. Use this structure to import recovery addresses for an identity. Please keep in mind that the address needs to be represented in the Identity Schema or this field will be overwritten on the next identity update. | [optional] **SchemaId** | **string** | SchemaID is the ID of the JSON Schema to be used for validating the identity's traits. | **State** | Pointer to [**IdentityState**](IdentityState.md) | | [optional] **Traits** | **map[string]interface{}** | Traits represent an identity's traits. The identity is able to create, modify, and delete traits in a self-service manner. The input will always be validated against the JSON Schema defined in `schema_url`. | @@ -129,20 +129,20 @@ HasMetadataPublic returns a boolean if a field has been set. UnsetMetadataPublic ensures that no value is present for MetadataPublic, not even an explicit nil ### GetRecoveryAddresses -`func (o *AdminCreateIdentityBody) GetRecoveryAddresses() []RecoveryAddress` +`func (o *AdminCreateIdentityBody) GetRecoveryAddresses() []RecoveryIdentityAddress` GetRecoveryAddresses returns the RecoveryAddresses field if non-nil, zero value otherwise. ### GetRecoveryAddressesOk -`func (o *AdminCreateIdentityBody) GetRecoveryAddressesOk() (*[]RecoveryAddress, bool)` +`func (o *AdminCreateIdentityBody) GetRecoveryAddressesOk() (*[]RecoveryIdentityAddress, bool)` GetRecoveryAddressesOk returns a tuple with the RecoveryAddresses field if it's non-nil, zero value otherwise and a boolean to check if the value has been set. ### SetRecoveryAddresses -`func (o *AdminCreateIdentityBody) SetRecoveryAddresses(v []RecoveryAddress)` +`func (o *AdminCreateIdentityBody) SetRecoveryAddresses(v []RecoveryIdentityAddress)` SetRecoveryAddresses sets RecoveryAddresses field to given value. diff --git a/internal/httpclient/docs/AdminCreateSelfServiceRecoveryLinkBody.md b/internal/httpclient/docs/AdminCreateSelfServiceRecoveryLinkBody.md index f4f02b8ff3d3..782b1f25bbba 100644 --- a/internal/httpclient/docs/AdminCreateSelfServiceRecoveryLinkBody.md +++ b/internal/httpclient/docs/AdminCreateSelfServiceRecoveryLinkBody.md @@ -5,7 +5,7 @@ Name | Type | Description | Notes ------------ | ------------- | ------------- | ------------- **ExpiresIn** | Pointer to **string** | Link Expires In The recovery link will expire at that point in time. Defaults to the configuration value of `selfservice.flows.recovery.request_lifespan`. | [optional] -**IdentityId** | **string** | | +**IdentityId** | **string** | Identity to Recover The identity's ID you wish to recover. | ## Methods diff --git a/internal/httpclient/docs/ErrorAuthenticatorAssuranceLevelNotSatisfied.md b/internal/httpclient/docs/ErrorAuthenticatorAssuranceLevelNotSatisfied.md index 8b331688acd4..6c3e1df5c425 100644 --- a/internal/httpclient/docs/ErrorAuthenticatorAssuranceLevelNotSatisfied.md +++ b/internal/httpclient/docs/ErrorAuthenticatorAssuranceLevelNotSatisfied.md @@ -6,7 +6,7 @@ Name | Type | Description | Notes ------------ | ------------- | ------------- | ------------- **Code** | Pointer to **int64** | The status code | [optional] **Debug** | Pointer to **string** | Debug information This field is often not exposed to protect against leaking sensitive information. | [optional] -**Details** | Pointer to **map[string]map[string]interface{}** | Further error details | [optional] +**Details** | Pointer to **map[string]interface{}** | Further error details | [optional] **Id** | Pointer to **string** | The error ID Useful when trying to identify various errors in application logic. | [optional] **Message** | **string** | Error message The error's message. | **Reason** | Pointer to **string** | A human-readable reason for the error | [optional] @@ -85,20 +85,20 @@ HasDebug returns a boolean if a field has been set. ### GetDetails -`func (o *ErrorAuthenticatorAssuranceLevelNotSatisfied) GetDetails() map[string]map[string]interface{}` +`func (o *ErrorAuthenticatorAssuranceLevelNotSatisfied) GetDetails() map[string]interface{}` GetDetails returns the Details field if non-nil, zero value otherwise. ### GetDetailsOk -`func (o *ErrorAuthenticatorAssuranceLevelNotSatisfied) GetDetailsOk() (*map[string]map[string]interface{}, bool)` +`func (o *ErrorAuthenticatorAssuranceLevelNotSatisfied) GetDetailsOk() (*map[string]interface{}, bool)` GetDetailsOk returns a tuple with the Details field if it's non-nil, zero value otherwise and a boolean to check if the value has been set. ### SetDetails -`func (o *ErrorAuthenticatorAssuranceLevelNotSatisfied) SetDetails(v map[string]map[string]interface{})` +`func (o *ErrorAuthenticatorAssuranceLevelNotSatisfied) SetDetails(v map[string]interface{})` SetDetails sets Details field to given value. diff --git a/internal/httpclient/docs/Identity.md b/internal/httpclient/docs/Identity.md index 7040cdab5aaa..10e3b5d3ab95 100644 --- a/internal/httpclient/docs/Identity.md +++ b/internal/httpclient/docs/Identity.md @@ -6,10 +6,10 @@ Name | Type | Description | Notes ------------ | ------------- | ------------- | ------------- **CreatedAt** | Pointer to **time.Time** | CreatedAt is a helper struct field for gobuffalo.pop. | [optional] **Credentials** | Pointer to [**map[string]IdentityCredentials**](IdentityCredentials.md) | Credentials represents all credentials that can be used for authenticating this identity. | [optional] -**Id** | **string** | | +**Id** | **string** | ID is the identity's unique identifier. The Identity ID can not be changed and can not be chosen. This ensures future compatibility and optimization for distributed stores such as CockroachDB. | **MetadataAdmin** | Pointer to **interface{}** | NullJSONRawMessage represents a json.RawMessage that works well with JSON, SQL, and Swagger and is NULLable- | [optional] **MetadataPublic** | Pointer to **interface{}** | NullJSONRawMessage represents a json.RawMessage that works well with JSON, SQL, and Swagger and is NULLable- | [optional] -**RecoveryAddresses** | Pointer to [**[]RecoveryAddress**](RecoveryAddress.md) | RecoveryAddresses contains all the addresses that can be used to recover an identity. | [optional] +**RecoveryAddresses** | Pointer to [**[]RecoveryIdentityAddress**](RecoveryIdentityAddress.md) | RecoveryAddresses contains all the addresses that can be used to recover an identity. | [optional] **SchemaId** | **string** | SchemaID is the ID of the JSON Schema to be used for validating the identity's traits. | **SchemaUrl** | **string** | SchemaURL is the URL of the endpoint where the identity's traits schema can be fetched from. format: url | **State** | Pointer to [**IdentityState**](IdentityState.md) | | [optional] @@ -179,20 +179,20 @@ HasMetadataPublic returns a boolean if a field has been set. UnsetMetadataPublic ensures that no value is present for MetadataPublic, not even an explicit nil ### GetRecoveryAddresses -`func (o *Identity) GetRecoveryAddresses() []RecoveryAddress` +`func (o *Identity) GetRecoveryAddresses() []RecoveryIdentityAddress` GetRecoveryAddresses returns the RecoveryAddresses field if non-nil, zero value otherwise. ### GetRecoveryAddressesOk -`func (o *Identity) GetRecoveryAddressesOk() (*[]RecoveryAddress, bool)` +`func (o *Identity) GetRecoveryAddressesOk() (*[]RecoveryIdentityAddress, bool)` GetRecoveryAddressesOk returns a tuple with the RecoveryAddresses field if it's non-nil, zero value otherwise and a boolean to check if the value has been set. ### SetRecoveryAddresses -`func (o *Identity) SetRecoveryAddresses(v []RecoveryAddress)` +`func (o *Identity) SetRecoveryAddresses(v []RecoveryIdentityAddress)` SetRecoveryAddresses sets RecoveryAddresses field to given value. diff --git a/internal/httpclient/docs/NeedsPrivilegedSessionError.md b/internal/httpclient/docs/NeedsPrivilegedSessionError.md index 1acd66e05143..56ea0ac4a5b3 100644 --- a/internal/httpclient/docs/NeedsPrivilegedSessionError.md +++ b/internal/httpclient/docs/NeedsPrivilegedSessionError.md @@ -6,7 +6,7 @@ Name | Type | Description | Notes ------------ | ------------- | ------------- | ------------- **Code** | Pointer to **int64** | The status code | [optional] **Debug** | Pointer to **string** | Debug information This field is often not exposed to protect against leaking sensitive information. | [optional] -**Details** | Pointer to **map[string]map[string]interface{}** | Further error details | [optional] +**Details** | Pointer to **map[string]interface{}** | Further error details | [optional] **Id** | Pointer to **string** | The error ID Useful when trying to identify various errors in application logic. | [optional] **Message** | **string** | Error message The error's message. | **Reason** | Pointer to **string** | A human-readable reason for the error | [optional] @@ -85,20 +85,20 @@ HasDebug returns a boolean if a field has been set. ### GetDetails -`func (o *NeedsPrivilegedSessionError) GetDetails() map[string]map[string]interface{}` +`func (o *NeedsPrivilegedSessionError) GetDetails() map[string]interface{}` GetDetails returns the Details field if non-nil, zero value otherwise. ### GetDetailsOk -`func (o *NeedsPrivilegedSessionError) GetDetailsOk() (*map[string]map[string]interface{}, bool)` +`func (o *NeedsPrivilegedSessionError) GetDetailsOk() (*map[string]interface{}, bool)` GetDetailsOk returns a tuple with the Details field if it's non-nil, zero value otherwise and a boolean to check if the value has been set. ### SetDetails -`func (o *NeedsPrivilegedSessionError) SetDetails(v map[string]map[string]interface{})` +`func (o *NeedsPrivilegedSessionError) SetDetails(v map[string]interface{})` SetDetails sets Details field to given value. diff --git a/internal/httpclient/docs/RecoveryAddress.md b/internal/httpclient/docs/RecoveryIdentityAddress.md similarity index 64% rename from internal/httpclient/docs/RecoveryAddress.md rename to internal/httpclient/docs/RecoveryIdentityAddress.md index 95406a6c83c4..d9a61a69da0d 100644 --- a/internal/httpclient/docs/RecoveryAddress.md +++ b/internal/httpclient/docs/RecoveryIdentityAddress.md @@ -1,4 +1,4 @@ -# RecoveryAddress +# RecoveryIdentityAddress ## Properties @@ -12,129 +12,129 @@ Name | Type | Description | Notes ## Methods -### NewRecoveryAddress +### NewRecoveryIdentityAddress -`func NewRecoveryAddress(id string, value string, via string, ) *RecoveryAddress` +`func NewRecoveryIdentityAddress(id string, value string, via string, ) *RecoveryIdentityAddress` -NewRecoveryAddress instantiates a new RecoveryAddress object +NewRecoveryIdentityAddress instantiates a new RecoveryIdentityAddress object This constructor will assign default values to properties that have it defined, and makes sure properties required by API are set, but the set of arguments will change when the set of required properties is changed -### NewRecoveryAddressWithDefaults +### NewRecoveryIdentityAddressWithDefaults -`func NewRecoveryAddressWithDefaults() *RecoveryAddress` +`func NewRecoveryIdentityAddressWithDefaults() *RecoveryIdentityAddress` -NewRecoveryAddressWithDefaults instantiates a new RecoveryAddress object +NewRecoveryIdentityAddressWithDefaults instantiates a new RecoveryIdentityAddress object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set ### GetCreatedAt -`func (o *RecoveryAddress) GetCreatedAt() time.Time` +`func (o *RecoveryIdentityAddress) GetCreatedAt() time.Time` GetCreatedAt returns the CreatedAt field if non-nil, zero value otherwise. ### GetCreatedAtOk -`func (o *RecoveryAddress) GetCreatedAtOk() (*time.Time, bool)` +`func (o *RecoveryIdentityAddress) GetCreatedAtOk() (*time.Time, bool)` GetCreatedAtOk returns a tuple with the CreatedAt field if it's non-nil, zero value otherwise and a boolean to check if the value has been set. ### SetCreatedAt -`func (o *RecoveryAddress) SetCreatedAt(v time.Time)` +`func (o *RecoveryIdentityAddress) SetCreatedAt(v time.Time)` SetCreatedAt sets CreatedAt field to given value. ### HasCreatedAt -`func (o *RecoveryAddress) HasCreatedAt() bool` +`func (o *RecoveryIdentityAddress) HasCreatedAt() bool` HasCreatedAt returns a boolean if a field has been set. ### GetId -`func (o *RecoveryAddress) GetId() string` +`func (o *RecoveryIdentityAddress) GetId() string` GetId returns the Id field if non-nil, zero value otherwise. ### GetIdOk -`func (o *RecoveryAddress) GetIdOk() (*string, bool)` +`func (o *RecoveryIdentityAddress) GetIdOk() (*string, bool)` GetIdOk returns a tuple with the Id field if it's non-nil, zero value otherwise and a boolean to check if the value has been set. ### SetId -`func (o *RecoveryAddress) SetId(v string)` +`func (o *RecoveryIdentityAddress) SetId(v string)` SetId sets Id field to given value. ### GetUpdatedAt -`func (o *RecoveryAddress) GetUpdatedAt() time.Time` +`func (o *RecoveryIdentityAddress) GetUpdatedAt() time.Time` GetUpdatedAt returns the UpdatedAt field if non-nil, zero value otherwise. ### GetUpdatedAtOk -`func (o *RecoveryAddress) GetUpdatedAtOk() (*time.Time, bool)` +`func (o *RecoveryIdentityAddress) GetUpdatedAtOk() (*time.Time, bool)` GetUpdatedAtOk returns a tuple with the UpdatedAt field if it's non-nil, zero value otherwise and a boolean to check if the value has been set. ### SetUpdatedAt -`func (o *RecoveryAddress) SetUpdatedAt(v time.Time)` +`func (o *RecoveryIdentityAddress) SetUpdatedAt(v time.Time)` SetUpdatedAt sets UpdatedAt field to given value. ### HasUpdatedAt -`func (o *RecoveryAddress) HasUpdatedAt() bool` +`func (o *RecoveryIdentityAddress) HasUpdatedAt() bool` HasUpdatedAt returns a boolean if a field has been set. ### GetValue -`func (o *RecoveryAddress) GetValue() string` +`func (o *RecoveryIdentityAddress) GetValue() string` GetValue returns the Value field if non-nil, zero value otherwise. ### GetValueOk -`func (o *RecoveryAddress) GetValueOk() (*string, bool)` +`func (o *RecoveryIdentityAddress) GetValueOk() (*string, bool)` GetValueOk returns a tuple with the Value field if it's non-nil, zero value otherwise and a boolean to check if the value has been set. ### SetValue -`func (o *RecoveryAddress) SetValue(v string)` +`func (o *RecoveryIdentityAddress) SetValue(v string)` SetValue sets Value field to given value. ### GetVia -`func (o *RecoveryAddress) GetVia() string` +`func (o *RecoveryIdentityAddress) GetVia() string` GetVia returns the Via field if non-nil, zero value otherwise. ### GetViaOk -`func (o *RecoveryAddress) GetViaOk() (*string, bool)` +`func (o *RecoveryIdentityAddress) GetViaOk() (*string, bool)` GetViaOk returns a tuple with the Via field if it's non-nil, zero value otherwise and a boolean to check if the value has been set. ### SetVia -`func (o *RecoveryAddress) SetVia(v string)` +`func (o *RecoveryIdentityAddress) SetVia(v string)` SetVia sets Via field to given value. diff --git a/internal/httpclient/docs/SelfServiceBrowserLocationChangeRequiredError.md b/internal/httpclient/docs/SelfServiceBrowserLocationChangeRequiredError.md index 942dea36009d..01193cc92e72 100644 --- a/internal/httpclient/docs/SelfServiceBrowserLocationChangeRequiredError.md +++ b/internal/httpclient/docs/SelfServiceBrowserLocationChangeRequiredError.md @@ -6,7 +6,7 @@ Name | Type | Description | Notes ------------ | ------------- | ------------- | ------------- **Code** | Pointer to **int64** | The status code | [optional] **Debug** | Pointer to **string** | Debug information This field is often not exposed to protect against leaking sensitive information. | [optional] -**Details** | Pointer to **map[string]map[string]interface{}** | Further error details | [optional] +**Details** | Pointer to **map[string]interface{}** | Further error details | [optional] **Id** | Pointer to **string** | The error ID Useful when trying to identify various errors in application logic. | [optional] **Message** | **string** | Error message The error's message. | **Reason** | Pointer to **string** | A human-readable reason for the error | [optional] @@ -85,20 +85,20 @@ HasDebug returns a boolean if a field has been set. ### GetDetails -`func (o *SelfServiceBrowserLocationChangeRequiredError) GetDetails() map[string]map[string]interface{}` +`func (o *SelfServiceBrowserLocationChangeRequiredError) GetDetails() map[string]interface{}` GetDetails returns the Details field if non-nil, zero value otherwise. ### GetDetailsOk -`func (o *SelfServiceBrowserLocationChangeRequiredError) GetDetailsOk() (*map[string]map[string]interface{}, bool)` +`func (o *SelfServiceBrowserLocationChangeRequiredError) GetDetailsOk() (*map[string]interface{}, bool)` GetDetailsOk returns a tuple with the Details field if it's non-nil, zero value otherwise and a boolean to check if the value has been set. ### SetDetails -`func (o *SelfServiceBrowserLocationChangeRequiredError) SetDetails(v map[string]map[string]interface{})` +`func (o *SelfServiceBrowserLocationChangeRequiredError) SetDetails(v map[string]interface{})` SetDetails sets Details field to given value. diff --git a/internal/httpclient/docs/SelfServiceError.md b/internal/httpclient/docs/SelfServiceError.md index 5b73b316f8e1..0ab742eb428c 100644 --- a/internal/httpclient/docs/SelfServiceError.md +++ b/internal/httpclient/docs/SelfServiceError.md @@ -6,7 +6,7 @@ Name | Type | Description | Notes ------------ | ------------- | ------------- | ------------- **CreatedAt** | Pointer to **time.Time** | CreatedAt is a helper struct field for gobuffalo.pop. | [optional] **Error** | Pointer to **map[string]interface{}** | | [optional] -**Id** | **string** | | +**Id** | **string** | ID of the error container. | **UpdatedAt** | Pointer to **time.Time** | UpdatedAt is a helper struct field for gobuffalo.pop. | [optional] ## Methods diff --git a/internal/httpclient/docs/SelfServiceFlowExpiredError.md b/internal/httpclient/docs/SelfServiceFlowExpiredError.md index 952199aabff1..58b490b11469 100644 --- a/internal/httpclient/docs/SelfServiceFlowExpiredError.md +++ b/internal/httpclient/docs/SelfServiceFlowExpiredError.md @@ -6,14 +6,14 @@ Name | Type | Description | Notes ------------ | ------------- | ------------- | ------------- **Code** | Pointer to **int64** | The status code | [optional] **Debug** | Pointer to **string** | Debug information This field is often not exposed to protect against leaking sensitive information. | [optional] -**Details** | Pointer to **map[string]map[string]interface{}** | Further error details | [optional] +**Details** | Pointer to **map[string]interface{}** | Further error details | [optional] **Id** | Pointer to **string** | The error ID Useful when trying to identify various errors in application logic. | [optional] **Message** | **string** | Error message The error's message. | **Reason** | Pointer to **string** | A human-readable reason for the error | [optional] **Request** | Pointer to **string** | The request ID The request ID is often exposed internally in order to trace errors across service architectures. This is often a UUID. | [optional] **Since** | Pointer to **int64** | A Duration represents the elapsed time between two instants as an int64 nanosecond count. The representation limits the largest representable duration to approximately 290 years. | [optional] **Status** | Pointer to **string** | The status description | [optional] -**UseFlowId** | Pointer to **string** | | [optional] +**UseFlowId** | Pointer to **string** | The flow ID that should be used for the new flow as it contains the correct messages. | [optional] ## Methods @@ -86,20 +86,20 @@ HasDebug returns a boolean if a field has been set. ### GetDetails -`func (o *SelfServiceFlowExpiredError) GetDetails() map[string]map[string]interface{}` +`func (o *SelfServiceFlowExpiredError) GetDetails() map[string]interface{}` GetDetails returns the Details field if non-nil, zero value otherwise. ### GetDetailsOk -`func (o *SelfServiceFlowExpiredError) GetDetailsOk() (*map[string]map[string]interface{}, bool)` +`func (o *SelfServiceFlowExpiredError) GetDetailsOk() (*map[string]interface{}, bool)` GetDetailsOk returns a tuple with the Details field if it's non-nil, zero value otherwise and a boolean to check if the value has been set. ### SetDetails -`func (o *SelfServiceFlowExpiredError) SetDetails(v map[string]map[string]interface{})` +`func (o *SelfServiceFlowExpiredError) SetDetails(v map[string]interface{})` SetDetails sets Details field to given value. diff --git a/internal/httpclient/docs/SelfServiceLoginFlow.md b/internal/httpclient/docs/SelfServiceLoginFlow.md index 997230e2914a..3cb8c2336102 100644 --- a/internal/httpclient/docs/SelfServiceLoginFlow.md +++ b/internal/httpclient/docs/SelfServiceLoginFlow.md @@ -7,7 +7,7 @@ Name | Type | Description | Notes **Active** | Pointer to [**IdentityCredentialsType**](IdentityCredentialsType.md) | | [optional] **CreatedAt** | Pointer to **time.Time** | CreatedAt is a helper struct field for gobuffalo.pop. | [optional] **ExpiresAt** | **time.Time** | ExpiresAt is the time (UTC) when the flow expires. If the user still wishes to log in, a new flow has to be initiated. | -**Id** | **string** | | +**Id** | **string** | ID represents the flow's unique ID. When performing the login flow, this represents the id in the login UI's query parameter: http://<selfservice.flows.login.ui_url>/?flow=<flow_id> | **IssuedAt** | **time.Time** | IssuedAt is the time (UTC) when the flow started. | **Refresh** | Pointer to **bool** | Refresh stores whether this login flow should enforce re-authentication. | [optional] **RequestUrl** | **string** | RequestURL is the initial URL that was requested from Ory Kratos. It can be used to forward information contained in the URL's path or query for example. | diff --git a/internal/httpclient/docs/SelfServiceRecoveryFlow.md b/internal/httpclient/docs/SelfServiceRecoveryFlow.md index 68d613914725..8f207707d7cc 100644 --- a/internal/httpclient/docs/SelfServiceRecoveryFlow.md +++ b/internal/httpclient/docs/SelfServiceRecoveryFlow.md @@ -6,7 +6,7 @@ Name | Type | Description | Notes ------------ | ------------- | ------------- | ------------- **Active** | Pointer to **string** | Active, if set, contains the registration method that is being used. It is initially not set. | [optional] **ExpiresAt** | **time.Time** | ExpiresAt is the time (UTC) when the request expires. If the user still wishes to update the setting, a new request has to be initiated. | -**Id** | **string** | | +**Id** | **string** | ID represents the request's unique ID. When performing the recovery flow, this represents the id in the recovery ui's query parameter: http://<selfservice.flows.recovery.ui_url>?request=<id> | **IssuedAt** | **time.Time** | IssuedAt is the time (UTC) when the request occurred. | **RequestUrl** | **string** | RequestURL is the initial URL that was requested from Ory Kratos. It can be used to forward information contained in the URL's path or query for example. | **ReturnTo** | Pointer to **string** | ReturnTo contains the requested return_to URL. | [optional] diff --git a/internal/httpclient/docs/SelfServiceRegistrationFlow.md b/internal/httpclient/docs/SelfServiceRegistrationFlow.md index bc7901df27fb..7f7f424a0db5 100644 --- a/internal/httpclient/docs/SelfServiceRegistrationFlow.md +++ b/internal/httpclient/docs/SelfServiceRegistrationFlow.md @@ -6,7 +6,7 @@ Name | Type | Description | Notes ------------ | ------------- | ------------- | ------------- **Active** | Pointer to [**IdentityCredentialsType**](IdentityCredentialsType.md) | | [optional] **ExpiresAt** | **time.Time** | ExpiresAt is the time (UTC) when the flow expires. If the user still wishes to log in, a new flow has to be initiated. | -**Id** | **string** | | +**Id** | **string** | ID represents the flow's unique ID. When performing the registration flow, this represents the id in the registration ui's query parameter: http://<selfservice.flows.registration.ui_url>/?flow=<id> | **IssuedAt** | **time.Time** | IssuedAt is the time (UTC) when the flow occurred. | **RequestUrl** | **string** | RequestURL is the initial URL that was requested from Ory Kratos. It can be used to forward information contained in the URL's path or query for example. | **ReturnTo** | Pointer to **string** | ReturnTo contains the requested return_to URL. | [optional] diff --git a/internal/httpclient/docs/SelfServiceSettingsFlow.md b/internal/httpclient/docs/SelfServiceSettingsFlow.md index 2628c8ea60c3..202dde05845a 100644 --- a/internal/httpclient/docs/SelfServiceSettingsFlow.md +++ b/internal/httpclient/docs/SelfServiceSettingsFlow.md @@ -6,7 +6,7 @@ Name | Type | Description | Notes ------------ | ------------- | ------------- | ------------- **Active** | Pointer to **string** | Active, if set, contains the registration method that is being used. It is initially not set. | [optional] **ExpiresAt** | **time.Time** | ExpiresAt is the time (UTC) when the flow expires. If the user still wishes to update the setting, a new flow has to be initiated. | -**Id** | **string** | | +**Id** | **string** | ID represents the flow's unique ID. When performing the settings flow, this represents the id in the settings ui's query parameter: http://<selfservice.flows.settings.ui_url>?flow=<id> | **Identity** | [**Identity**](Identity.md) | | **IssuedAt** | **time.Time** | IssuedAt is the time (UTC) when the flow occurred. | **RequestUrl** | **string** | RequestURL is the initial URL that was requested from Ory Kratos. It can be used to forward information contained in the URL's path or query for example. | diff --git a/internal/httpclient/docs/SelfServiceVerificationFlow.md b/internal/httpclient/docs/SelfServiceVerificationFlow.md index e18db30082fc..6f25380ba79b 100644 --- a/internal/httpclient/docs/SelfServiceVerificationFlow.md +++ b/internal/httpclient/docs/SelfServiceVerificationFlow.md @@ -6,7 +6,7 @@ Name | Type | Description | Notes ------------ | ------------- | ------------- | ------------- **Active** | Pointer to **string** | Active, if set, contains the registration method that is being used. It is initially not set. | [optional] **ExpiresAt** | Pointer to **time.Time** | ExpiresAt is the time (UTC) when the request expires. If the user still wishes to verify the address, a new request has to be initiated. | [optional] -**Id** | **string** | | +**Id** | **string** | ID represents the request's unique ID. When performing the verification flow, this represents the id in the verify ui's query parameter: http://<selfservice.flows.verification.ui_url>?request=<id> type: string format: uuid | **IssuedAt** | Pointer to **time.Time** | IssuedAt is the time (UTC) when the request occurred. | [optional] **RequestUrl** | Pointer to **string** | RequestURL is the initial URL that was requested from Ory Kratos. It can be used to forward information contained in the URL's path or query for example. | [optional] **ReturnTo** | Pointer to **string** | ReturnTo contains the requested return_to URL. | [optional] diff --git a/internal/httpclient/docs/Session.md b/internal/httpclient/docs/Session.md index ed98f8b557e2..3d47e8c490e4 100644 --- a/internal/httpclient/docs/Session.md +++ b/internal/httpclient/docs/Session.md @@ -9,7 +9,7 @@ Name | Type | Description | Notes **AuthenticationMethods** | Pointer to [**[]SessionAuthenticationMethod**](SessionAuthenticationMethod.md) | A list of authenticators which were used to authenticate the session. | [optional] **AuthenticatorAssuranceLevel** | Pointer to [**AuthenticatorAssuranceLevel**](AuthenticatorAssuranceLevel.md) | | [optional] **ExpiresAt** | Pointer to **time.Time** | The Session Expiry When this session expires at. | [optional] -**Id** | **string** | | +**Id** | **string** | Session ID | **Identity** | [**Identity**](Identity.md) | | **IssuedAt** | Pointer to **time.Time** | The Session Issuance Timestamp When this session was issued at. Usually equal or close to `authenticated_at`. | [optional] diff --git a/internal/httpclient/docs/UiNode.md b/internal/httpclient/docs/UiNode.md index 956290963e39..f37dca33cca3 100644 --- a/internal/httpclient/docs/UiNode.md +++ b/internal/httpclient/docs/UiNode.md @@ -5,10 +5,10 @@ Name | Type | Description | Notes ------------ | ------------- | ------------- | ------------- **Attributes** | [**UiNodeAttributes**](UiNodeAttributes.md) | | -**Group** | **string** | Group specifies which group (e.g. password authenticator) this node belongs to. | +**Group** | **string** | Group specifies which group (e.g. password authenticator) this node belongs to. default DefaultGroup password PasswordGroup oidc OpenIDConnectGroup profile ProfileGroup link LinkGroup totp TOTPGroup lookup_secret LookupGroup webauthn WebAuthnGroup | **Messages** | [**[]UiText**](UiText.md) | | **Meta** | [**UiNodeMeta**](UiNodeMeta.md) | | -**Type** | **string** | The node's type | +**Type** | **string** | The node's type text Text input Input img Image a Anchor script Script | ## Methods diff --git a/internal/httpclient/docs/UiNodeAttributes.md b/internal/httpclient/docs/UiNodeAttributes.md index 611ba317f638..d699bd98a2c8 100644 --- a/internal/httpclient/docs/UiNodeAttributes.md +++ b/internal/httpclient/docs/UiNodeAttributes.md @@ -4,7 +4,7 @@ Name | Type | Description | Notes ------------ | ------------- | ------------- | ------------- -**Autocomplete** | Pointer to **string** | The autocomplete attribute for the input. | [optional] +**Autocomplete** | Pointer to **string** | The autocomplete attribute for the input. email InputAttributeAutocompleteEmail tel InputAttributeAutocompleteTel url InputAttributeAutocompleteUrl current-password InputAttributeAutocompleteCurrentPassword new-password InputAttributeAutocompleteNewPassword one-time-code InputAttributeAutocompleteOneTimeCode | [optional] **Disabled** | **bool** | Sets the input's disabled field to true or false. | **Label** | Pointer to [**UiText**](UiText.md) | | [optional] **Name** | **string** | The input's element name. | diff --git a/internal/httpclient/docs/UiNodeInputAttributes.md b/internal/httpclient/docs/UiNodeInputAttributes.md index 2758b6bbaf83..904982afa8c5 100644 --- a/internal/httpclient/docs/UiNodeInputAttributes.md +++ b/internal/httpclient/docs/UiNodeInputAttributes.md @@ -4,7 +4,7 @@ Name | Type | Description | Notes ------------ | ------------- | ------------- | ------------- -**Autocomplete** | Pointer to **string** | The autocomplete attribute for the input. | [optional] +**Autocomplete** | Pointer to **string** | The autocomplete attribute for the input. email InputAttributeAutocompleteEmail tel InputAttributeAutocompleteTel url InputAttributeAutocompleteUrl current-password InputAttributeAutocompleteCurrentPassword new-password InputAttributeAutocompleteNewPassword one-time-code InputAttributeAutocompleteOneTimeCode | [optional] **Disabled** | **bool** | Sets the input's disabled field to true or false. | **Label** | Pointer to [**UiText**](UiText.md) | | [optional] **Name** | **string** | The input's element name. | @@ -12,7 +12,7 @@ Name | Type | Description | Notes **Onclick** | Pointer to **string** | OnClick may contain javascript which should be executed on click. This is primarily used for WebAuthn. | [optional] **Pattern** | Pointer to **string** | The input's pattern. | [optional] **Required** | Pointer to **bool** | Mark this input field as required. | [optional] -**Type** | **string** | The input's element type. | +**Type** | **string** | The input's element type. text InputAttributeTypeText password InputAttributeTypePassword number InputAttributeTypeNumber checkbox InputAttributeTypeCheckbox hidden InputAttributeTypeHidden email InputAttributeTypeEmail tel InputAttributeTypeTel submit InputAttributeTypeSubmit button InputAttributeTypeButton datetime-local InputAttributeTypeDateTimeLocal date InputAttributeTypeDate url InputAttributeTypeURI | **Value** | Pointer to **interface{}** | The input's value. | [optional] ## Methods diff --git a/internal/httpclient/docs/V0alpha2Api.md b/internal/httpclient/docs/V0alpha2Api.md index 2f918b756a1c..1dbbfcc10d52 100644 --- a/internal/httpclient/docs/V0alpha2Api.md +++ b/internal/httpclient/docs/V0alpha2Api.md @@ -21,7 +21,7 @@ Method | HTTP request | Description [**GetSelfServiceRecoveryFlow**](V0alpha2Api.md#GetSelfServiceRecoveryFlow) | **Get** /self-service/recovery/flows | Get Recovery Flow [**GetSelfServiceRegistrationFlow**](V0alpha2Api.md#GetSelfServiceRegistrationFlow) | **Get** /self-service/registration/flows | Get Registration Flow [**GetSelfServiceSettingsFlow**](V0alpha2Api.md#GetSelfServiceSettingsFlow) | **Get** /self-service/settings/flows | Get Settings Flow -[**GetSelfServiceVerificationFlow**](V0alpha2Api.md#GetSelfServiceVerificationFlow) | **Get** /self-service/verification/flows | # Get Verification Flow +[**GetSelfServiceVerificationFlow**](V0alpha2Api.md#GetSelfServiceVerificationFlow) | **Get** /self-service/verification/flows | Get Verification Flow [**GetWebAuthnJavaScript**](V0alpha2Api.md#GetWebAuthnJavaScript) | **Get** /.well-known/ory/webauthn.js | Get WebAuthn JavaScript [**InitializeSelfServiceLoginFlowForBrowsers**](V0alpha2Api.md#InitializeSelfServiceLoginFlowForBrowsers) | **Get** /self-service/login/browser | Initialize Login Flow for Browsers [**InitializeSelfServiceLoginFlowWithoutBrowser**](V0alpha2Api.md#InitializeSelfServiceLoginFlowWithoutBrowser) | **Get** /self-service/login/api | Initialize Login Flow for APIs, Services, Apps, ... @@ -43,7 +43,7 @@ Method | HTTP request | Description [**SubmitSelfServiceRecoveryFlow**](V0alpha2Api.md#SubmitSelfServiceRecoveryFlow) | **Post** /self-service/recovery | Complete Recovery Flow [**SubmitSelfServiceRegistrationFlow**](V0alpha2Api.md#SubmitSelfServiceRegistrationFlow) | **Post** /self-service/registration | Submit a Registration Flow [**SubmitSelfServiceSettingsFlow**](V0alpha2Api.md#SubmitSelfServiceSettingsFlow) | **Post** /self-service/settings | Complete Settings Flow -[**SubmitSelfServiceVerificationFlow**](V0alpha2Api.md#SubmitSelfServiceVerificationFlow) | **Post** /self-service/verification | # Complete Verification Flow +[**SubmitSelfServiceVerificationFlow**](V0alpha2Api.md#SubmitSelfServiceVerificationFlow) | **Post** /self-service/verification | Complete Verification Flow [**ToSession**](V0alpha2Api.md#ToSession) | **Get** /sessions/whoami | Check Who the Current HTTP Session Belongs To @@ -1226,7 +1226,7 @@ No authorization required > SelfServiceVerificationFlow GetSelfServiceVerificationFlow(ctx).Id(id).Cookie(cookie).Execute() -# Get Verification Flow +Get Verification Flow @@ -2700,7 +2700,7 @@ No authorization required > SelfServiceVerificationFlow SubmitSelfServiceVerificationFlow(ctx).Flow(flow).SubmitSelfServiceVerificationFlowBody(submitSelfServiceVerificationFlowBody).Token(token).Cookie(cookie).Execute() -# Complete Verification Flow +Complete Verification Flow diff --git a/internal/httpclient/docs/VerifiableIdentityAddress.md b/internal/httpclient/docs/VerifiableIdentityAddress.md index 2d158f168dc9..e2b45c44da59 100644 --- a/internal/httpclient/docs/VerifiableIdentityAddress.md +++ b/internal/httpclient/docs/VerifiableIdentityAddress.md @@ -5,7 +5,7 @@ Name | Type | Description | Notes ------------ | ------------- | ------------- | ------------- **CreatedAt** | Pointer to **time.Time** | When this entry was created | [optional] -**Id** | Pointer to **string** | | [optional] +**Id** | Pointer to **string** | The ID | [optional] **Status** | **string** | VerifiableAddressStatus must not exceed 16 characters as that is the limitation in the SQL Schema | **UpdatedAt** | Pointer to **time.Time** | When this entry was last updated | [optional] **Value** | **string** | The address value example foo@user.com | diff --git a/internal/httpclient/model_admin_create_identity_body.go b/internal/httpclient/model_admin_create_identity_body.go index b0aa0fbfab29..11c76859f3e9 100644 --- a/internal/httpclient/model_admin_create_identity_body.go +++ b/internal/httpclient/model_admin_create_identity_body.go @@ -23,7 +23,7 @@ type AdminCreateIdentityBody struct { // Store metadata about the identity which the identity itself can see when calling for example the session endpoint. Do not store sensitive information (e.g. credit score) about the identity in this field. MetadataPublic interface{} `json:"metadata_public,omitempty"` // RecoveryAddresses contains all the addresses that can be used to recover an identity. Use this structure to import recovery addresses for an identity. Please keep in mind that the address needs to be represented in the Identity Schema or this field will be overwritten on the next identity update. - RecoveryAddresses []RecoveryAddress `json:"recovery_addresses,omitempty"` + RecoveryAddresses []RecoveryIdentityAddress `json:"recovery_addresses,omitempty"` // SchemaID is the ID of the JSON Schema to be used for validating the identity's traits. SchemaId string `json:"schema_id"` State *IdentityState `json:"state,omitempty"` @@ -151,9 +151,9 @@ func (o *AdminCreateIdentityBody) SetMetadataPublic(v interface{}) { } // GetRecoveryAddresses returns the RecoveryAddresses field value if set, zero value otherwise. -func (o *AdminCreateIdentityBody) GetRecoveryAddresses() []RecoveryAddress { +func (o *AdminCreateIdentityBody) GetRecoveryAddresses() []RecoveryIdentityAddress { if o == nil || o.RecoveryAddresses == nil { - var ret []RecoveryAddress + var ret []RecoveryIdentityAddress return ret } return o.RecoveryAddresses @@ -161,7 +161,7 @@ func (o *AdminCreateIdentityBody) GetRecoveryAddresses() []RecoveryAddress { // GetRecoveryAddressesOk returns a tuple with the RecoveryAddresses field value if set, nil otherwise // and a boolean to check if the value has been set. -func (o *AdminCreateIdentityBody) GetRecoveryAddressesOk() ([]RecoveryAddress, bool) { +func (o *AdminCreateIdentityBody) GetRecoveryAddressesOk() ([]RecoveryIdentityAddress, bool) { if o == nil || o.RecoveryAddresses == nil { return nil, false } @@ -177,8 +177,8 @@ func (o *AdminCreateIdentityBody) HasRecoveryAddresses() bool { return false } -// SetRecoveryAddresses gets a reference to the given []RecoveryAddress and assigns it to the RecoveryAddresses field. -func (o *AdminCreateIdentityBody) SetRecoveryAddresses(v []RecoveryAddress) { +// SetRecoveryAddresses gets a reference to the given []RecoveryIdentityAddress and assigns it to the RecoveryAddresses field. +func (o *AdminCreateIdentityBody) SetRecoveryAddresses(v []RecoveryIdentityAddress) { o.RecoveryAddresses = v } diff --git a/internal/httpclient/model_admin_create_self_service_recovery_link_body.go b/internal/httpclient/model_admin_create_self_service_recovery_link_body.go index 2baf77acec00..790f7e87a548 100644 --- a/internal/httpclient/model_admin_create_self_service_recovery_link_body.go +++ b/internal/httpclient/model_admin_create_self_service_recovery_link_body.go @@ -18,8 +18,9 @@ import ( // AdminCreateSelfServiceRecoveryLinkBody struct for AdminCreateSelfServiceRecoveryLinkBody type AdminCreateSelfServiceRecoveryLinkBody struct { // Link Expires In The recovery link will expire at that point in time. Defaults to the configuration value of `selfservice.flows.recovery.request_lifespan`. - ExpiresIn *string `json:"expires_in,omitempty"` - IdentityId string `json:"identity_id"` + ExpiresIn *string `json:"expires_in,omitempty"` + // Identity to Recover The identity's ID you wish to recover. + IdentityId string `json:"identity_id"` } // NewAdminCreateSelfServiceRecoveryLinkBody instantiates a new AdminCreateSelfServiceRecoveryLinkBody object diff --git a/internal/httpclient/model_error_authenticator_assurance_level_not_satisfied.go b/internal/httpclient/model_error_authenticator_assurance_level_not_satisfied.go index 9b3b7bab338c..c4979c68bc3c 100644 --- a/internal/httpclient/model_error_authenticator_assurance_level_not_satisfied.go +++ b/internal/httpclient/model_error_authenticator_assurance_level_not_satisfied.go @@ -22,7 +22,7 @@ type ErrorAuthenticatorAssuranceLevelNotSatisfied struct { // Debug information This field is often not exposed to protect against leaking sensitive information. Debug *string `json:"debug,omitempty"` // Further error details - Details map[string]map[string]interface{} `json:"details,omitempty"` + Details map[string]interface{} `json:"details,omitempty"` // The error ID Useful when trying to identify various errors in application logic. Id *string `json:"id,omitempty"` // Error message The error's message. @@ -119,9 +119,9 @@ func (o *ErrorAuthenticatorAssuranceLevelNotSatisfied) SetDebug(v string) { } // GetDetails returns the Details field value if set, zero value otherwise. -func (o *ErrorAuthenticatorAssuranceLevelNotSatisfied) GetDetails() map[string]map[string]interface{} { +func (o *ErrorAuthenticatorAssuranceLevelNotSatisfied) GetDetails() map[string]interface{} { if o == nil || o.Details == nil { - var ret map[string]map[string]interface{} + var ret map[string]interface{} return ret } return o.Details @@ -129,7 +129,7 @@ func (o *ErrorAuthenticatorAssuranceLevelNotSatisfied) GetDetails() map[string]m // GetDetailsOk returns a tuple with the Details field value if set, nil otherwise // and a boolean to check if the value has been set. -func (o *ErrorAuthenticatorAssuranceLevelNotSatisfied) GetDetailsOk() (map[string]map[string]interface{}, bool) { +func (o *ErrorAuthenticatorAssuranceLevelNotSatisfied) GetDetailsOk() (map[string]interface{}, bool) { if o == nil || o.Details == nil { return nil, false } @@ -145,8 +145,8 @@ func (o *ErrorAuthenticatorAssuranceLevelNotSatisfied) HasDetails() bool { return false } -// SetDetails gets a reference to the given map[string]map[string]interface{} and assigns it to the Details field. -func (o *ErrorAuthenticatorAssuranceLevelNotSatisfied) SetDetails(v map[string]map[string]interface{}) { +// SetDetails gets a reference to the given map[string]interface{} and assigns it to the Details field. +func (o *ErrorAuthenticatorAssuranceLevelNotSatisfied) SetDetails(v map[string]interface{}) { o.Details = v } diff --git a/internal/httpclient/model_identity.go b/internal/httpclient/model_identity.go index d0ae329b604a..5606c79badcf 100644 --- a/internal/httpclient/model_identity.go +++ b/internal/httpclient/model_identity.go @@ -22,13 +22,14 @@ type Identity struct { CreatedAt *time.Time `json:"created_at,omitempty"` // Credentials represents all credentials that can be used for authenticating this identity. Credentials *map[string]IdentityCredentials `json:"credentials,omitempty"` - Id string `json:"id"` + // ID is the identity's unique identifier. The Identity ID can not be changed and can not be chosen. This ensures future compatibility and optimization for distributed stores such as CockroachDB. + Id string `json:"id"` // NullJSONRawMessage represents a json.RawMessage that works well with JSON, SQL, and Swagger and is NULLable- MetadataAdmin interface{} `json:"metadata_admin,omitempty"` // NullJSONRawMessage represents a json.RawMessage that works well with JSON, SQL, and Swagger and is NULLable- MetadataPublic interface{} `json:"metadata_public,omitempty"` // RecoveryAddresses contains all the addresses that can be used to recover an identity. - RecoveryAddresses []RecoveryAddress `json:"recovery_addresses,omitempty"` + RecoveryAddresses []RecoveryIdentityAddress `json:"recovery_addresses,omitempty"` // SchemaID is the ID of the JSON Schema to be used for validating the identity's traits. SchemaId string `json:"schema_id"` // SchemaURL is the URL of the endpoint where the identity's traits schema can be fetched from. format: url @@ -219,9 +220,9 @@ func (o *Identity) SetMetadataPublic(v interface{}) { } // GetRecoveryAddresses returns the RecoveryAddresses field value if set, zero value otherwise. -func (o *Identity) GetRecoveryAddresses() []RecoveryAddress { +func (o *Identity) GetRecoveryAddresses() []RecoveryIdentityAddress { if o == nil || o.RecoveryAddresses == nil { - var ret []RecoveryAddress + var ret []RecoveryIdentityAddress return ret } return o.RecoveryAddresses @@ -229,7 +230,7 @@ func (o *Identity) GetRecoveryAddresses() []RecoveryAddress { // GetRecoveryAddressesOk returns a tuple with the RecoveryAddresses field value if set, nil otherwise // and a boolean to check if the value has been set. -func (o *Identity) GetRecoveryAddressesOk() ([]RecoveryAddress, bool) { +func (o *Identity) GetRecoveryAddressesOk() ([]RecoveryIdentityAddress, bool) { if o == nil || o.RecoveryAddresses == nil { return nil, false } @@ -245,8 +246,8 @@ func (o *Identity) HasRecoveryAddresses() bool { return false } -// SetRecoveryAddresses gets a reference to the given []RecoveryAddress and assigns it to the RecoveryAddresses field. -func (o *Identity) SetRecoveryAddresses(v []RecoveryAddress) { +// SetRecoveryAddresses gets a reference to the given []RecoveryIdentityAddress and assigns it to the RecoveryAddresses field. +func (o *Identity) SetRecoveryAddresses(v []RecoveryIdentityAddress) { o.RecoveryAddresses = v } diff --git a/internal/httpclient/model_needs_privileged_session_error.go b/internal/httpclient/model_needs_privileged_session_error.go index aec02bbe01cb..ace164fd844a 100644 --- a/internal/httpclient/model_needs_privileged_session_error.go +++ b/internal/httpclient/model_needs_privileged_session_error.go @@ -22,7 +22,7 @@ type NeedsPrivilegedSessionError struct { // Debug information This field is often not exposed to protect against leaking sensitive information. Debug *string `json:"debug,omitempty"` // Further error details - Details map[string]map[string]interface{} `json:"details,omitempty"` + Details map[string]interface{} `json:"details,omitempty"` // The error ID Useful when trying to identify various errors in application logic. Id *string `json:"id,omitempty"` // Error message The error's message. @@ -121,9 +121,9 @@ func (o *NeedsPrivilegedSessionError) SetDebug(v string) { } // GetDetails returns the Details field value if set, zero value otherwise. -func (o *NeedsPrivilegedSessionError) GetDetails() map[string]map[string]interface{} { +func (o *NeedsPrivilegedSessionError) GetDetails() map[string]interface{} { if o == nil || o.Details == nil { - var ret map[string]map[string]interface{} + var ret map[string]interface{} return ret } return o.Details @@ -131,7 +131,7 @@ func (o *NeedsPrivilegedSessionError) GetDetails() map[string]map[string]interfa // GetDetailsOk returns a tuple with the Details field value if set, nil otherwise // and a boolean to check if the value has been set. -func (o *NeedsPrivilegedSessionError) GetDetailsOk() (map[string]map[string]interface{}, bool) { +func (o *NeedsPrivilegedSessionError) GetDetailsOk() (map[string]interface{}, bool) { if o == nil || o.Details == nil { return nil, false } @@ -147,8 +147,8 @@ func (o *NeedsPrivilegedSessionError) HasDetails() bool { return false } -// SetDetails gets a reference to the given map[string]map[string]interface{} and assigns it to the Details field. -func (o *NeedsPrivilegedSessionError) SetDetails(v map[string]map[string]interface{}) { +// SetDetails gets a reference to the given map[string]interface{} and assigns it to the Details field. +func (o *NeedsPrivilegedSessionError) SetDetails(v map[string]interface{}) { o.Details = v } diff --git a/internal/httpclient/model_recovery_address.go b/internal/httpclient/model_recovery_identity_address.go similarity index 65% rename from internal/httpclient/model_recovery_address.go rename to internal/httpclient/model_recovery_identity_address.go index e54295247c19..260d7256337d 100644 --- a/internal/httpclient/model_recovery_address.go +++ b/internal/httpclient/model_recovery_identity_address.go @@ -16,8 +16,8 @@ import ( "time" ) -// RecoveryAddress struct for RecoveryAddress -type RecoveryAddress struct { +// RecoveryIdentityAddress struct for RecoveryIdentityAddress +type RecoveryIdentityAddress struct { // CreatedAt is a helper struct field for gobuffalo.pop. CreatedAt *time.Time `json:"created_at,omitempty"` Id string `json:"id"` @@ -27,28 +27,28 @@ type RecoveryAddress struct { Via string `json:"via"` } -// NewRecoveryAddress instantiates a new RecoveryAddress object +// NewRecoveryIdentityAddress instantiates a new RecoveryIdentityAddress object // This constructor will assign default values to properties that have it defined, // and makes sure properties required by API are set, but the set of arguments // will change when the set of required properties is changed -func NewRecoveryAddress(id string, value string, via string) *RecoveryAddress { - this := RecoveryAddress{} +func NewRecoveryIdentityAddress(id string, value string, via string) *RecoveryIdentityAddress { + this := RecoveryIdentityAddress{} this.Id = id this.Value = value this.Via = via return &this } -// NewRecoveryAddressWithDefaults instantiates a new RecoveryAddress object +// NewRecoveryIdentityAddressWithDefaults instantiates a new RecoveryIdentityAddress object // This constructor will only assign default values to properties that have it defined, // but it doesn't guarantee that properties required by API are set -func NewRecoveryAddressWithDefaults() *RecoveryAddress { - this := RecoveryAddress{} +func NewRecoveryIdentityAddressWithDefaults() *RecoveryIdentityAddress { + this := RecoveryIdentityAddress{} return &this } // GetCreatedAt returns the CreatedAt field value if set, zero value otherwise. -func (o *RecoveryAddress) GetCreatedAt() time.Time { +func (o *RecoveryIdentityAddress) GetCreatedAt() time.Time { if o == nil || o.CreatedAt == nil { var ret time.Time return ret @@ -58,7 +58,7 @@ func (o *RecoveryAddress) GetCreatedAt() time.Time { // GetCreatedAtOk returns a tuple with the CreatedAt field value if set, nil otherwise // and a boolean to check if the value has been set. -func (o *RecoveryAddress) GetCreatedAtOk() (*time.Time, bool) { +func (o *RecoveryIdentityAddress) GetCreatedAtOk() (*time.Time, bool) { if o == nil || o.CreatedAt == nil { return nil, false } @@ -66,7 +66,7 @@ func (o *RecoveryAddress) GetCreatedAtOk() (*time.Time, bool) { } // HasCreatedAt returns a boolean if a field has been set. -func (o *RecoveryAddress) HasCreatedAt() bool { +func (o *RecoveryIdentityAddress) HasCreatedAt() bool { if o != nil && o.CreatedAt != nil { return true } @@ -75,12 +75,12 @@ func (o *RecoveryAddress) HasCreatedAt() bool { } // SetCreatedAt gets a reference to the given time.Time and assigns it to the CreatedAt field. -func (o *RecoveryAddress) SetCreatedAt(v time.Time) { +func (o *RecoveryIdentityAddress) SetCreatedAt(v time.Time) { o.CreatedAt = &v } // GetId returns the Id field value -func (o *RecoveryAddress) GetId() string { +func (o *RecoveryIdentityAddress) GetId() string { if o == nil { var ret string return ret @@ -91,7 +91,7 @@ func (o *RecoveryAddress) GetId() string { // GetIdOk returns a tuple with the Id field value // and a boolean to check if the value has been set. -func (o *RecoveryAddress) GetIdOk() (*string, bool) { +func (o *RecoveryIdentityAddress) GetIdOk() (*string, bool) { if o == nil { return nil, false } @@ -99,12 +99,12 @@ func (o *RecoveryAddress) GetIdOk() (*string, bool) { } // SetId sets field value -func (o *RecoveryAddress) SetId(v string) { +func (o *RecoveryIdentityAddress) SetId(v string) { o.Id = v } // GetUpdatedAt returns the UpdatedAt field value if set, zero value otherwise. -func (o *RecoveryAddress) GetUpdatedAt() time.Time { +func (o *RecoveryIdentityAddress) GetUpdatedAt() time.Time { if o == nil || o.UpdatedAt == nil { var ret time.Time return ret @@ -114,7 +114,7 @@ func (o *RecoveryAddress) GetUpdatedAt() time.Time { // GetUpdatedAtOk returns a tuple with the UpdatedAt field value if set, nil otherwise // and a boolean to check if the value has been set. -func (o *RecoveryAddress) GetUpdatedAtOk() (*time.Time, bool) { +func (o *RecoveryIdentityAddress) GetUpdatedAtOk() (*time.Time, bool) { if o == nil || o.UpdatedAt == nil { return nil, false } @@ -122,7 +122,7 @@ func (o *RecoveryAddress) GetUpdatedAtOk() (*time.Time, bool) { } // HasUpdatedAt returns a boolean if a field has been set. -func (o *RecoveryAddress) HasUpdatedAt() bool { +func (o *RecoveryIdentityAddress) HasUpdatedAt() bool { if o != nil && o.UpdatedAt != nil { return true } @@ -131,12 +131,12 @@ func (o *RecoveryAddress) HasUpdatedAt() bool { } // SetUpdatedAt gets a reference to the given time.Time and assigns it to the UpdatedAt field. -func (o *RecoveryAddress) SetUpdatedAt(v time.Time) { +func (o *RecoveryIdentityAddress) SetUpdatedAt(v time.Time) { o.UpdatedAt = &v } // GetValue returns the Value field value -func (o *RecoveryAddress) GetValue() string { +func (o *RecoveryIdentityAddress) GetValue() string { if o == nil { var ret string return ret @@ -147,7 +147,7 @@ func (o *RecoveryAddress) GetValue() string { // GetValueOk returns a tuple with the Value field value // and a boolean to check if the value has been set. -func (o *RecoveryAddress) GetValueOk() (*string, bool) { +func (o *RecoveryIdentityAddress) GetValueOk() (*string, bool) { if o == nil { return nil, false } @@ -155,12 +155,12 @@ func (o *RecoveryAddress) GetValueOk() (*string, bool) { } // SetValue sets field value -func (o *RecoveryAddress) SetValue(v string) { +func (o *RecoveryIdentityAddress) SetValue(v string) { o.Value = v } // GetVia returns the Via field value -func (o *RecoveryAddress) GetVia() string { +func (o *RecoveryIdentityAddress) GetVia() string { if o == nil { var ret string return ret @@ -171,7 +171,7 @@ func (o *RecoveryAddress) GetVia() string { // GetViaOk returns a tuple with the Via field value // and a boolean to check if the value has been set. -func (o *RecoveryAddress) GetViaOk() (*string, bool) { +func (o *RecoveryIdentityAddress) GetViaOk() (*string, bool) { if o == nil { return nil, false } @@ -179,11 +179,11 @@ func (o *RecoveryAddress) GetViaOk() (*string, bool) { } // SetVia sets field value -func (o *RecoveryAddress) SetVia(v string) { +func (o *RecoveryIdentityAddress) SetVia(v string) { o.Via = v } -func (o RecoveryAddress) MarshalJSON() ([]byte, error) { +func (o RecoveryIdentityAddress) MarshalJSON() ([]byte, error) { toSerialize := map[string]interface{}{} if o.CreatedAt != nil { toSerialize["created_at"] = o.CreatedAt @@ -203,38 +203,38 @@ func (o RecoveryAddress) MarshalJSON() ([]byte, error) { return json.Marshal(toSerialize) } -type NullableRecoveryAddress struct { - value *RecoveryAddress +type NullableRecoveryIdentityAddress struct { + value *RecoveryIdentityAddress isSet bool } -func (v NullableRecoveryAddress) Get() *RecoveryAddress { +func (v NullableRecoveryIdentityAddress) Get() *RecoveryIdentityAddress { return v.value } -func (v *NullableRecoveryAddress) Set(val *RecoveryAddress) { +func (v *NullableRecoveryIdentityAddress) Set(val *RecoveryIdentityAddress) { v.value = val v.isSet = true } -func (v NullableRecoveryAddress) IsSet() bool { +func (v NullableRecoveryIdentityAddress) IsSet() bool { return v.isSet } -func (v *NullableRecoveryAddress) Unset() { +func (v *NullableRecoveryIdentityAddress) Unset() { v.value = nil v.isSet = false } -func NewNullableRecoveryAddress(val *RecoveryAddress) *NullableRecoveryAddress { - return &NullableRecoveryAddress{value: val, isSet: true} +func NewNullableRecoveryIdentityAddress(val *RecoveryIdentityAddress) *NullableRecoveryIdentityAddress { + return &NullableRecoveryIdentityAddress{value: val, isSet: true} } -func (v NullableRecoveryAddress) MarshalJSON() ([]byte, error) { +func (v NullableRecoveryIdentityAddress) MarshalJSON() ([]byte, error) { return json.Marshal(v.value) } -func (v *NullableRecoveryAddress) UnmarshalJSON(src []byte) error { +func (v *NullableRecoveryIdentityAddress) UnmarshalJSON(src []byte) error { v.isSet = true return json.Unmarshal(src, &v.value) } diff --git a/internal/httpclient/model_self_service_browser_location_change_required_error.go b/internal/httpclient/model_self_service_browser_location_change_required_error.go index fee3505b78ea..5f83f869f271 100644 --- a/internal/httpclient/model_self_service_browser_location_change_required_error.go +++ b/internal/httpclient/model_self_service_browser_location_change_required_error.go @@ -22,7 +22,7 @@ type SelfServiceBrowserLocationChangeRequiredError struct { // Debug information This field is often not exposed to protect against leaking sensitive information. Debug *string `json:"debug,omitempty"` // Further error details - Details map[string]map[string]interface{} `json:"details,omitempty"` + Details map[string]interface{} `json:"details,omitempty"` // The error ID Useful when trying to identify various errors in application logic. Id *string `json:"id,omitempty"` // Error message The error's message. @@ -120,9 +120,9 @@ func (o *SelfServiceBrowserLocationChangeRequiredError) SetDebug(v string) { } // GetDetails returns the Details field value if set, zero value otherwise. -func (o *SelfServiceBrowserLocationChangeRequiredError) GetDetails() map[string]map[string]interface{} { +func (o *SelfServiceBrowserLocationChangeRequiredError) GetDetails() map[string]interface{} { if o == nil || o.Details == nil { - var ret map[string]map[string]interface{} + var ret map[string]interface{} return ret } return o.Details @@ -130,7 +130,7 @@ func (o *SelfServiceBrowserLocationChangeRequiredError) GetDetails() map[string] // GetDetailsOk returns a tuple with the Details field value if set, nil otherwise // and a boolean to check if the value has been set. -func (o *SelfServiceBrowserLocationChangeRequiredError) GetDetailsOk() (map[string]map[string]interface{}, bool) { +func (o *SelfServiceBrowserLocationChangeRequiredError) GetDetailsOk() (map[string]interface{}, bool) { if o == nil || o.Details == nil { return nil, false } @@ -146,8 +146,8 @@ func (o *SelfServiceBrowserLocationChangeRequiredError) HasDetails() bool { return false } -// SetDetails gets a reference to the given map[string]map[string]interface{} and assigns it to the Details field. -func (o *SelfServiceBrowserLocationChangeRequiredError) SetDetails(v map[string]map[string]interface{}) { +// SetDetails gets a reference to the given map[string]interface{} and assigns it to the Details field. +func (o *SelfServiceBrowserLocationChangeRequiredError) SetDetails(v map[string]interface{}) { o.Details = v } diff --git a/internal/httpclient/model_self_service_error.go b/internal/httpclient/model_self_service_error.go index 740d61196b84..79290d5d06b3 100644 --- a/internal/httpclient/model_self_service_error.go +++ b/internal/httpclient/model_self_service_error.go @@ -21,7 +21,8 @@ type SelfServiceError struct { // CreatedAt is a helper struct field for gobuffalo.pop. CreatedAt *time.Time `json:"created_at,omitempty"` Error map[string]interface{} `json:"error,omitempty"` - Id string `json:"id"` + // ID of the error container. + Id string `json:"id"` // UpdatedAt is a helper struct field for gobuffalo.pop. UpdatedAt *time.Time `json:"updated_at,omitempty"` } diff --git a/internal/httpclient/model_self_service_flow_expired_error.go b/internal/httpclient/model_self_service_flow_expired_error.go index 58101f49a6b5..bf1d7c9da208 100644 --- a/internal/httpclient/model_self_service_flow_expired_error.go +++ b/internal/httpclient/model_self_service_flow_expired_error.go @@ -22,7 +22,7 @@ type SelfServiceFlowExpiredError struct { // Debug information This field is often not exposed to protect against leaking sensitive information. Debug *string `json:"debug,omitempty"` // Further error details - Details map[string]map[string]interface{} `json:"details,omitempty"` + Details map[string]interface{} `json:"details,omitempty"` // The error ID Useful when trying to identify various errors in application logic. Id *string `json:"id,omitempty"` // Error message The error's message. @@ -34,7 +34,8 @@ type SelfServiceFlowExpiredError struct { // A Duration represents the elapsed time between two instants as an int64 nanosecond count. The representation limits the largest representable duration to approximately 290 years. Since *int64 `json:"since,omitempty"` // The status description - Status *string `json:"status,omitempty"` + Status *string `json:"status,omitempty"` + // The flow ID that should be used for the new flow as it contains the correct messages. UseFlowId *string `json:"use_flow_id,omitempty"` } @@ -121,9 +122,9 @@ func (o *SelfServiceFlowExpiredError) SetDebug(v string) { } // GetDetails returns the Details field value if set, zero value otherwise. -func (o *SelfServiceFlowExpiredError) GetDetails() map[string]map[string]interface{} { +func (o *SelfServiceFlowExpiredError) GetDetails() map[string]interface{} { if o == nil || o.Details == nil { - var ret map[string]map[string]interface{} + var ret map[string]interface{} return ret } return o.Details @@ -131,7 +132,7 @@ func (o *SelfServiceFlowExpiredError) GetDetails() map[string]map[string]interfa // GetDetailsOk returns a tuple with the Details field value if set, nil otherwise // and a boolean to check if the value has been set. -func (o *SelfServiceFlowExpiredError) GetDetailsOk() (map[string]map[string]interface{}, bool) { +func (o *SelfServiceFlowExpiredError) GetDetailsOk() (map[string]interface{}, bool) { if o == nil || o.Details == nil { return nil, false } @@ -147,8 +148,8 @@ func (o *SelfServiceFlowExpiredError) HasDetails() bool { return false } -// SetDetails gets a reference to the given map[string]map[string]interface{} and assigns it to the Details field. -func (o *SelfServiceFlowExpiredError) SetDetails(v map[string]map[string]interface{}) { +// SetDetails gets a reference to the given map[string]interface{} and assigns it to the Details field. +func (o *SelfServiceFlowExpiredError) SetDetails(v map[string]interface{}) { o.Details = v } diff --git a/internal/httpclient/model_self_service_login_flow.go b/internal/httpclient/model_self_service_login_flow.go index c996e0e3f1dc..dbdf326f6900 100644 --- a/internal/httpclient/model_self_service_login_flow.go +++ b/internal/httpclient/model_self_service_login_flow.go @@ -23,7 +23,8 @@ type SelfServiceLoginFlow struct { CreatedAt *time.Time `json:"created_at,omitempty"` // ExpiresAt is the time (UTC) when the flow expires. If the user still wishes to log in, a new flow has to be initiated. ExpiresAt time.Time `json:"expires_at"` - Id string `json:"id"` + // ID represents the flow's unique ID. When performing the login flow, this represents the id in the login UI's query parameter: http:///?flow= + Id string `json:"id"` // IssuedAt is the time (UTC) when the flow started. IssuedAt time.Time `json:"issued_at"` // Refresh stores whether this login flow should enforce re-authentication. diff --git a/internal/httpclient/model_self_service_recovery_flow.go b/internal/httpclient/model_self_service_recovery_flow.go index 996e5f0a1894..e39e839f4893 100644 --- a/internal/httpclient/model_self_service_recovery_flow.go +++ b/internal/httpclient/model_self_service_recovery_flow.go @@ -22,7 +22,8 @@ type SelfServiceRecoveryFlow struct { Active *string `json:"active,omitempty"` // ExpiresAt is the time (UTC) when the request expires. If the user still wishes to update the setting, a new request has to be initiated. ExpiresAt time.Time `json:"expires_at"` - Id string `json:"id"` + // ID represents the request's unique ID. When performing the recovery flow, this represents the id in the recovery ui's query parameter: http://?request= + Id string `json:"id"` // IssuedAt is the time (UTC) when the request occurred. IssuedAt time.Time `json:"issued_at"` // RequestURL is the initial URL that was requested from Ory Kratos. It can be used to forward information contained in the URL's path or query for example. diff --git a/internal/httpclient/model_self_service_registration_flow.go b/internal/httpclient/model_self_service_registration_flow.go index 4e42e7b99001..ab11281c3d64 100644 --- a/internal/httpclient/model_self_service_registration_flow.go +++ b/internal/httpclient/model_self_service_registration_flow.go @@ -21,7 +21,8 @@ type SelfServiceRegistrationFlow struct { Active *IdentityCredentialsType `json:"active,omitempty"` // ExpiresAt is the time (UTC) when the flow expires. If the user still wishes to log in, a new flow has to be initiated. ExpiresAt time.Time `json:"expires_at"` - Id string `json:"id"` + // ID represents the flow's unique ID. When performing the registration flow, this represents the id in the registration ui's query parameter: http:///?flow= + Id string `json:"id"` // IssuedAt is the time (UTC) when the flow occurred. IssuedAt time.Time `json:"issued_at"` // RequestURL is the initial URL that was requested from Ory Kratos. It can be used to forward information contained in the URL's path or query for example. diff --git a/internal/httpclient/model_self_service_settings_flow.go b/internal/httpclient/model_self_service_settings_flow.go index 275a7d9b8cbb..3237f8b4b78c 100644 --- a/internal/httpclient/model_self_service_settings_flow.go +++ b/internal/httpclient/model_self_service_settings_flow.go @@ -22,8 +22,9 @@ type SelfServiceSettingsFlow struct { Active *string `json:"active,omitempty"` // ExpiresAt is the time (UTC) when the flow expires. If the user still wishes to update the setting, a new flow has to be initiated. ExpiresAt time.Time `json:"expires_at"` - Id string `json:"id"` - Identity Identity `json:"identity"` + // ID represents the flow's unique ID. When performing the settings flow, this represents the id in the settings ui's query parameter: http://?flow= + Id string `json:"id"` + Identity Identity `json:"identity"` // IssuedAt is the time (UTC) when the flow occurred. IssuedAt time.Time `json:"issued_at"` // RequestURL is the initial URL that was requested from Ory Kratos. It can be used to forward information contained in the URL's path or query for example. diff --git a/internal/httpclient/model_self_service_verification_flow.go b/internal/httpclient/model_self_service_verification_flow.go index 65e31efb0ebb..6a87fdb3f0c9 100644 --- a/internal/httpclient/model_self_service_verification_flow.go +++ b/internal/httpclient/model_self_service_verification_flow.go @@ -22,7 +22,8 @@ type SelfServiceVerificationFlow struct { Active *string `json:"active,omitempty"` // ExpiresAt is the time (UTC) when the request expires. If the user still wishes to verify the address, a new request has to be initiated. ExpiresAt *time.Time `json:"expires_at,omitempty"` - Id string `json:"id"` + // ID represents the request's unique ID. When performing the verification flow, this represents the id in the verify ui's query parameter: http://?request= type: string format: uuid + Id string `json:"id"` // IssuedAt is the time (UTC) when the request occurred. IssuedAt *time.Time `json:"issued_at,omitempty"` // RequestURL is the initial URL that was requested from Ory Kratos. It can be used to forward information contained in the URL's path or query for example. diff --git a/internal/httpclient/model_session.go b/internal/httpclient/model_session.go index b53f528b4557..cbf8ac2bc7ad 100644 --- a/internal/httpclient/model_session.go +++ b/internal/httpclient/model_session.go @@ -27,8 +27,9 @@ type Session struct { AuthenticatorAssuranceLevel *AuthenticatorAssuranceLevel `json:"authenticator_assurance_level,omitempty"` // The Session Expiry When this session expires at. ExpiresAt *time.Time `json:"expires_at,omitempty"` - Id string `json:"id"` - Identity Identity `json:"identity"` + // Session ID + Id string `json:"id"` + Identity Identity `json:"identity"` // The Session Issuance Timestamp When this session was issued at. Usually equal or close to `authenticated_at`. IssuedAt *time.Time `json:"issued_at,omitempty"` } diff --git a/internal/httpclient/model_ui_node.go b/internal/httpclient/model_ui_node.go index e94114166a0b..4fa9c7d03905 100644 --- a/internal/httpclient/model_ui_node.go +++ b/internal/httpclient/model_ui_node.go @@ -18,11 +18,11 @@ import ( // UiNode Nodes are represented as HTML elements or their native UI equivalents. For example, a node can be an `` tag, or an `` but also `some plain text`. type UiNode struct { Attributes UiNodeAttributes `json:"attributes"` - // Group specifies which group (e.g. password authenticator) this node belongs to. + // Group specifies which group (e.g. password authenticator) this node belongs to. default DefaultGroup password PasswordGroup oidc OpenIDConnectGroup profile ProfileGroup link LinkGroup totp TOTPGroup lookup_secret LookupGroup webauthn WebAuthnGroup Group string `json:"group"` Messages []UiText `json:"messages"` Meta UiNodeMeta `json:"meta"` - // The node's type + // The node's type text Text input Input img Image a Anchor script Script Type string `json:"type"` } diff --git a/internal/httpclient/model_ui_node_input_attributes.go b/internal/httpclient/model_ui_node_input_attributes.go index c6def217c1d1..1f2eb5d971e1 100644 --- a/internal/httpclient/model_ui_node_input_attributes.go +++ b/internal/httpclient/model_ui_node_input_attributes.go @@ -17,7 +17,7 @@ import ( // UiNodeInputAttributes InputAttributes represents the attributes of an input node type UiNodeInputAttributes struct { - // The autocomplete attribute for the input. + // The autocomplete attribute for the input. email InputAttributeAutocompleteEmail tel InputAttributeAutocompleteTel url InputAttributeAutocompleteUrl current-password InputAttributeAutocompleteCurrentPassword new-password InputAttributeAutocompleteNewPassword one-time-code InputAttributeAutocompleteOneTimeCode Autocomplete *string `json:"autocomplete,omitempty"` // Sets the input's disabled field to true or false. Disabled bool `json:"disabled"` @@ -32,7 +32,7 @@ type UiNodeInputAttributes struct { Pattern *string `json:"pattern,omitempty"` // Mark this input field as required. Required *bool `json:"required,omitempty"` - // The input's element type. + // The input's element type. text InputAttributeTypeText password InputAttributeTypePassword number InputAttributeTypeNumber checkbox InputAttributeTypeCheckbox hidden InputAttributeTypeHidden email InputAttributeTypeEmail tel InputAttributeTypeTel submit InputAttributeTypeSubmit button InputAttributeTypeButton datetime-local InputAttributeTypeDateTimeLocal date InputAttributeTypeDate url InputAttributeTypeURI Type string `json:"type"` // The input's value. Value interface{} `json:"value,omitempty"` diff --git a/internal/httpclient/model_verifiable_identity_address.go b/internal/httpclient/model_verifiable_identity_address.go index 8ea75073ad21..5de05f749dd0 100644 --- a/internal/httpclient/model_verifiable_identity_address.go +++ b/internal/httpclient/model_verifiable_identity_address.go @@ -20,7 +20,8 @@ import ( type VerifiableIdentityAddress struct { // When this entry was created CreatedAt *time.Time `json:"created_at,omitempty"` - Id *string `json:"id,omitempty"` + // The ID + Id *string `json:"id,omitempty"` // VerifiableAddressStatus must not exceed 16 characters as that is the limitation in the SQL Schema Status string `json:"status"` // When this entry was last updated From de46c08534dfae6165f6a570cc59829f367c0b57 Mon Sep 17 00:00:00 2001 From: aeneasr <3372410+aeneasr@users.noreply.github.com> Date: Tue, 30 Aug 2022 12:47:46 +0200 Subject: [PATCH 237/411] feat: support ip exceptions --- driver/config/config.go | 5 +++++ driver/config/config_test.go | 5 +++++ driver/registry_default.go | 7 ++++++- selfservice/hook/web_hook_integration_test.go | 12 ++++++++++++ 4 files changed, 28 insertions(+), 1 deletion(-) diff --git a/driver/config/config.go b/driver/config/config.go index b0c6006dcd84..d5e7d9455690 100644 --- a/driver/config/config.go +++ b/driver/config/config.go @@ -173,6 +173,7 @@ const ( ViperKeyWebAuthnRPIcon = "selfservice.methods.webauthn.config.rp.issuer" ViperKeyWebAuthnPasswordless = "selfservice.methods.webauthn.config.passwordless" ViperKeyClientHTTPNoPrivateIPRanges = "clients.http.disallow_private_ip_ranges" + ViperKeyClientHTTPPrivateIPExceptionURLs = "clients.http.private_ip_exception_urls" ViperKeyVersion = "version" ) @@ -602,6 +603,10 @@ func (p *Config) ClientHTTPNoPrivateIPRanges(ctx context.Context) bool { return p.GetProvider(ctx).Bool(ViperKeyClientHTTPNoPrivateIPRanges) } +func (p *Config) ClientHTTPPrivateIPExceptionURLs(ctx context.Context) []string { + return p.GetProvider(ctx).Strings(ViperKeyClientHTTPPrivateIPExceptionURLs) +} + func (p *Config) SelfServiceFlowRegistrationEnabled(ctx context.Context) bool { return p.GetProvider(ctx).Bool(ViperKeySelfServiceRegistrationEnabled) } diff --git a/driver/config/config_test.go b/driver/config/config_test.go index a5032f434232..97189b3c963c 100644 --- a/driver/config/config_test.go +++ b/driver/config/config_test.go @@ -57,8 +57,13 @@ func TestViperProvider(t *testing.T) { t.Run("group=client config", func(t *testing.T) { assert.False(t, p.ClientHTTPNoPrivateIPRanges(ctx), "Should not have private IP ranges disabled per default") + assert.Equal(t, []string{}, p.ClientHTTPPrivateIPExceptionURLs(ctx), "Should return the correct exceptions") + p.MustSet(ctx, config.ViperKeyClientHTTPNoPrivateIPRanges, true) assert.True(t, p.ClientHTTPNoPrivateIPRanges(ctx), "Should disallow private IP ranges if set") + + p.MustSet(ctx, config.ViperKeyClientHTTPPrivateIPExceptionURLs, []string{"https://foobar.com/baz"}) + assert.Equal(t, []string{"https://foobar.com/baz"}, p.ClientHTTPPrivateIPExceptionURLs(ctx), "Should return the correct exceptions") }) t.Run("group=urls", func(t *testing.T) { diff --git a/driver/registry_default.go b/driver/registry_default.go index 631bb4422fc4..37ebe9c72424 100644 --- a/driver/registry_default.go +++ b/driver/registry_default.go @@ -718,7 +718,12 @@ func (m *RegistryDefault) HTTPClient(ctx context.Context, opts ...httpx.Resilien // One of the few exceptions, this usually should not be hot reloaded. if m.Config().ClientHTTPNoPrivateIPRanges(contextx.RootContext) { - opts = append(opts, httpx.ResilientClientDisallowInternalIPs()) + opts = append( + opts, + httpx.ResilientClientDisallowInternalIPs(), + // One of the few exceptions, this usually should not be hot reloaded. + httpx.ResilientClientAllowInternalIPRequestsTo(m.Config().ClientHTTPPrivateIPExceptionURLs(contextx.RootContext)...), + ) } return httpx.NewResilientClient(opts...) } diff --git a/selfservice/hook/web_hook_integration_test.go b/selfservice/hook/web_hook_integration_test.go index f85cadb71604..b48fd79d73f4 100644 --- a/selfservice/hook/web_hook_integration_test.go +++ b/selfservice/hook/web_hook_integration_test.go @@ -726,6 +726,7 @@ func TestDisallowPrivateIPRanges(t *testing.T) { ctx := context.Background() conf, reg := internal.NewFastRegistryWithMocks(t) conf.MustSet(ctx, config.ViperKeyClientHTTPNoPrivateIPRanges, true) + conf.MustSet(ctx, config.ViperKeyClientHTTPPrivateIPExceptionURLs, []string{"http://localhost/exception"}) logger := logrusx.New("kratos", "test") whDeps := x.SimpleLoggerWithClient{L: logger, C: reg.HTTPClient(context.Background()), T: otelx.NewNoop(logger, conf.Tracing(ctx))} @@ -748,8 +749,19 @@ func TestDisallowPrivateIPRanges(t *testing.T) { err := wh.ExecuteLoginPostHook(nil, req, node.DefaultGroup, f, s) require.Error(t, err) require.Contains(t, err.Error(), "ip 127.0.0.1 is in the 127.0.0.0/8 range") + }) + t.Run("allowed to call exempt url", func(t *testing.T) { + wh := hook.NewWebHook(&whDeps, json.RawMessage(`{ + "url": "http://localhost/exception", + "method": "GET", + "body": "file://stub/test_body.jsonnet" +}`)) + err := wh.ExecuteLoginPostHook(nil, req, node.DefaultGroup, f, s) + require.Error(t, err, "the target does not exist and we still receive an error") + require.NotContains(t, err.Error(), "ip 127.0.0.1 is in the 127.0.0.0/8 range", "but the error is not related to the IP range.") }) + t.Run("not allowed to load from source", func(t *testing.T) { req := &http.Request{ Header: map[string][]string{"Some-Header": {"Some-Value"}}, From fc9573070a88a9bd70416d014ecd843fcc472e7c Mon Sep 17 00:00:00 2001 From: aeneasr <3372410+aeneasr@users.noreply.github.com> Date: Tue, 30 Aug 2022 12:48:08 +0200 Subject: [PATCH 238/411] chore: go 1.19 format --- cmd/cleanup/sql.go | 4 +- cmd/migrate/sql.go | 2 +- examples/go/selfservice/error/main.go | 2 +- examples/go/selfservice/login/main.go | 2 +- examples/go/selfservice/logout/main.go | 2 +- examples/go/selfservice/recovery/main.go | 2 +- examples/go/selfservice/registration/main.go | 2 +- examples/go/selfservice/settings/main.go | 2 +- examples/go/selfservice/verification/main.go | 2 +- examples/go/session/tosession/main.go | 2 +- identity/handler.go | 142 ++++++++-------- schema/handler.go | 26 +-- selfservice/errorx/handler.go | 18 +-- selfservice/flow/login/handler.go | 94 +++++------ selfservice/flow/logout/handler.go | 50 +++--- selfservice/flow/recovery/handler.go | 89 +++++----- selfservice/flow/registration/handler.go | 84 +++++----- selfservice/flow/settings/handler.go | 16 +- selfservice/flow/settings/state.go | 8 +- selfservice/flow/verification/handler.go | 74 ++++----- .../strategy/link/strategy_recovery.go | 22 +-- selfservice/strategy/lookup/strategy.go | 2 +- selfservice/strategy/webauthn/handler.go | 12 +- session/handler.go | 124 +++++++------- spec/api.json | 144 ++++++++++------- spec/swagger.json | 152 ++++++++++-------- swagger_meta.go | 38 ++--- ui/node/attributes.go | 1 - x/doc.go | 4 +- x/time.go | 2 +- 30 files changed, 589 insertions(+), 535 deletions(-) diff --git a/cmd/cleanup/sql.go b/cmd/cleanup/sql.go index 847d010a02cb..c74d214fcba1 100644 --- a/cmd/cleanup/sql.go +++ b/cmd/cleanup/sql.go @@ -3,7 +3,9 @@ Copyright © 2019 NAME HERE Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at - http://www.apache.org/licenses/LICENSE-2.0 + + http://www.apache.org/licenses/LICENSE-2.0 + Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. diff --git a/cmd/migrate/sql.go b/cmd/migrate/sql.go index 43e531a6d01c..0e065c997807 100644 --- a/cmd/migrate/sql.go +++ b/cmd/migrate/sql.go @@ -5,7 +5,7 @@ Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at - http://www.apache.org/licenses/LICENSE-2.0 + http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, diff --git a/examples/go/selfservice/error/main.go b/examples/go/selfservice/error/main.go index a8025a681d76..05ebe2c46a2e 100644 --- a/examples/go/selfservice/error/main.go +++ b/examples/go/selfservice/error/main.go @@ -8,7 +8,7 @@ import ( // If you use Open Source this would be: // -//var client = pkg.NewSDKForSelfHosted("http://127.0.0.1:4433") +// var client = pkg.NewSDKForSelfHosted("http://127.0.0.1:4433") var client = pkg.NewSDK("playground") func getError() *ory.SelfServiceError { diff --git a/examples/go/selfservice/login/main.go b/examples/go/selfservice/login/main.go index 56ef6b3d7bef..ec8829003e85 100644 --- a/examples/go/selfservice/login/main.go +++ b/examples/go/selfservice/login/main.go @@ -10,7 +10,7 @@ import ( // If you use Open Source this would be: // -//var client = pkg.NewSDKForSelfHosted("http://127.0.0.1:4433") +// var client = pkg.NewSDKForSelfHosted("http://127.0.0.1:4433") var client = pkg.NewSDK("playground") func performLogin() *ory.SuccessfulSelfServiceLoginWithoutBrowser { diff --git a/examples/go/selfservice/logout/main.go b/examples/go/selfservice/logout/main.go index ea2e483fa3ff..81897596a34f 100644 --- a/examples/go/selfservice/logout/main.go +++ b/examples/go/selfservice/logout/main.go @@ -10,7 +10,7 @@ import ( // If you use Open Source this would be: // -//var client = pkg.NewSDKForSelfHosted("http://127.0.0.1:4433") +// var client = pkg.NewSDKForSelfHosted("http://127.0.0.1:4433") var client = pkg.NewSDK("playground") func performLogout() { diff --git a/examples/go/selfservice/recovery/main.go b/examples/go/selfservice/recovery/main.go index 80e22aaed2aa..aa051ab088f2 100644 --- a/examples/go/selfservice/recovery/main.go +++ b/examples/go/selfservice/recovery/main.go @@ -10,7 +10,7 @@ import ( // If you use Open Source this would be: // -//var client = pkg.NewSDKForSelfHosted("http://127.0.0.1:4433") +// var client = pkg.NewSDKForSelfHosted("http://127.0.0.1:4433") var client = pkg.NewSDK("playground") func performRecovery(email string) *ory.SelfServiceRecoveryFlow { diff --git a/examples/go/selfservice/registration/main.go b/examples/go/selfservice/registration/main.go index 5f0fb0d3cbfe..a0e6b2b04d63 100644 --- a/examples/go/selfservice/registration/main.go +++ b/examples/go/selfservice/registration/main.go @@ -10,7 +10,7 @@ import ( // If you use Open Source this would be: // -//var client = pkg.NewSDKForSelfHosted("http://127.0.0.1:4433") +// var client = pkg.NewSDKForSelfHosted("http://127.0.0.1:4433") var client = pkg.NewSDK("playground") func initRegistration() *ory.SuccessfulSelfServiceRegistrationWithoutBrowser { diff --git a/examples/go/selfservice/settings/main.go b/examples/go/selfservice/settings/main.go index 3f817260293f..5f570233c192 100644 --- a/examples/go/selfservice/settings/main.go +++ b/examples/go/selfservice/settings/main.go @@ -10,7 +10,7 @@ import ( // If you use Open Source this would be: // -//var client = pkg.NewSDKForSelfHosted("http://127.0.0.1:4433") +// var client = pkg.NewSDKForSelfHosted("http://127.0.0.1:4433") var client = pkg.NewSDK("playground") var ctx = context.Background() diff --git a/examples/go/selfservice/verification/main.go b/examples/go/selfservice/verification/main.go index f703c4841148..f8462bf880b9 100644 --- a/examples/go/selfservice/verification/main.go +++ b/examples/go/selfservice/verification/main.go @@ -10,7 +10,7 @@ import ( // If you use Open Source this would be: // -//var client = pkg.NewSDKForSelfHosted("http://127.0.0.1:4433") +// var client = pkg.NewSDKForSelfHosted("http://127.0.0.1:4433") var client = pkg.NewSDK("playground") func performVerification(email string) *ory.SelfServiceVerificationFlow { diff --git a/examples/go/session/tosession/main.go b/examples/go/session/tosession/main.go index c76f67220884..629dd2e5b2c7 100644 --- a/examples/go/session/tosession/main.go +++ b/examples/go/session/tosession/main.go @@ -8,7 +8,7 @@ import ( // If you use Open Source this would be: // -//var client = pkg.NewSDKForSelfHosted("http://127.0.0.1:4433") +// var client = pkg.NewSDKForSelfHosted("http://127.0.0.1:4433") var client = pkg.NewSDK("playground") func toSession() *ory.Session { diff --git a/identity/handler.go b/identity/handler.go index 0737c75c7ac5..7c9a99bedd78 100644 --- a/identity/handler.go +++ b/identity/handler.go @@ -104,23 +104,23 @@ type adminListIdentities struct { // swagger:route GET /admin/identities v0alpha2 adminListIdentities // -// List Identities +// # List Identities // // Lists all identities. Does not support search at the moment. // // Learn how identities work in [Ory Kratos' User And Identity Model Documentation](https://www.ory.sh/docs/next/kratos/concepts/identity-user-model). // -// Produces: -// - application/json +// Produces: +// - application/json // -// Schemes: http, https +// Schemes: http, https // -// Security: -// oryAccessToken: +// Security: +// oryAccessToken: // -// Responses: -// 200: identityList -// 500: jsonError +// Responses: +// 200: identityList +// 500: jsonError func (h *Handler) list(w http.ResponseWriter, r *http.Request, _ httprouter.Params) { page, itemsPerPage := x.ParsePagination(r) is, err := h.r.IdentityPool().ListIdentities(r.Context(), page, itemsPerPage) @@ -160,25 +160,25 @@ type adminGetIdentity struct { // swagger:route GET /admin/identities/{id} v0alpha2 adminGetIdentity // -// Get an Identity +// # Get an Identity // // Learn how identities work in [Ory Kratos' User And Identity Model Documentation](https://www.ory.sh/docs/next/kratos/concepts/identity-user-model). // -// Consumes: -// - application/json +// Consumes: +// - application/json // -// Produces: -// - application/json +// Produces: +// - application/json // -// Schemes: http, https +// Schemes: http, https // -// Security: -// oryAccessToken: +// Security: +// oryAccessToken: // -// Responses: -// 200: identity -// 404: jsonError -// 500: jsonError +// Responses: +// 200: identity +// 404: jsonError +// 500: jsonError func (h *Handler) get(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { i, err := h.r.PrivilegedIdentityPool().GetIdentityConfidential(r.Context(), x.ParseUUID(ps.ByName("id"))) if err != nil { @@ -309,26 +309,26 @@ type AdminCreateIdentityImportCredentialsOidcProvider struct { // swagger:route POST /admin/identities v0alpha2 adminCreateIdentity // -// Create an Identity +// # Create an Identity // // This endpoint creates an identity. Learn how identities work in [Ory Kratos' User And Identity Model Documentation](https://www.ory.sh/docs/next/kratos/concepts/identity-user-model). // -// Consumes: -// - application/json +// Consumes: +// - application/json // -// Produces: -// - application/json +// Produces: +// - application/json // -// Schemes: http, https +// Schemes: http, https // -// Security: -// oryAccessToken: +// Security: +// oryAccessToken: // -// Responses: -// 201: identity -// 400: jsonError -// 409: jsonError -// 500: jsonError +// Responses: +// 201: identity +// 400: jsonError +// 409: jsonError +// 500: jsonError func (h *Handler) create(w http.ResponseWriter, r *http.Request, _ httprouter.Params) { var cr AdminCreateIdentityBody if err := jsonx.NewStrictDecoder(r.Body).Decode(&cr); err != nil { @@ -426,29 +426,29 @@ type AdminUpdateIdentityBody struct { // swagger:route PUT /admin/identities/{id} v0alpha2 adminUpdateIdentity // -// Update an Identity +// # Update an Identity // // This endpoint updates an identity. The full identity payload (except credentials) is expected. This endpoint does not support patching. // // Learn how identities work in [Ory Kratos' User And Identity Model Documentation](https://www.ory.sh/docs/next/kratos/concepts/identity-user-model). // -// Consumes: -// - application/json +// Consumes: +// - application/json // -// Produces: -// - application/json +// Produces: +// - application/json // -// Schemes: http, https +// Schemes: http, https // -// Security: -// oryAccessToken: +// Security: +// oryAccessToken: // -// Responses: -// 200: identity -// 400: jsonError -// 404: jsonError -// 409: jsonError -// 500: jsonError +// Responses: +// 200: identity +// 400: jsonError +// 404: jsonError +// 409: jsonError +// 500: jsonError func (h *Handler) update(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { var ur AdminUpdateIdentityBody if err := h.dx.Decode(r, &ur, @@ -516,7 +516,7 @@ type adminDeleteIdentity struct { // swagger:route DELETE /admin/identities/{id} v0alpha2 adminDeleteIdentity // -// Delete an Identity +// # Delete an Identity // // Calling this endpoint irrecoverably and permanently deletes the identity given its ID. This action can not be undone. // This endpoint returns 204 when the identity was deleted or when the identity was not found, in which case it is @@ -524,18 +524,18 @@ type adminDeleteIdentity struct { // // Learn how identities work in [Ory Kratos' User And Identity Model Documentation](https://www.ory.sh/docs/next/kratos/concepts/identity-user-model). // -// Produces: -// - application/json +// Produces: +// - application/json // -// Schemes: http, https +// Schemes: http, https // -// Security: -// oryAccessToken: +// Security: +// oryAccessToken: // -// Responses: -// 204: emptyResponse -// 404: jsonError -// 500: jsonError +// Responses: +// 204: emptyResponse +// 404: jsonError +// 500: jsonError func (h *Handler) delete(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { if err := h.r.IdentityPool().(PrivilegedPool).DeleteIdentity(r.Context(), x.ParseUUID(ps.ByName("id"))); err != nil { h.r.Writer().WriteError(w, r, err) @@ -566,23 +566,23 @@ type adminPatchIdentity struct { // // Learn how identities work in [Ory Kratos' User And Identity Model Documentation](https://www.ory.sh/docs/next/kratos/concepts/identity-user-model). // -// Consumes: -// - application/json +// Consumes: +// - application/json // -// Produces: -// - application/json +// Produces: +// - application/json // -// Schemes: http, https +// Schemes: http, https // -// Security: -// oryAccessToken: +// Security: +// oryAccessToken: // -// Responses: -// 200: identity -// 400: jsonError -// 404: jsonError -// 409: jsonError -// 500: jsonError +// Responses: +// 200: identity +// 400: jsonError +// 404: jsonError +// 409: jsonError +// 500: jsonError func (h *Handler) patch(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { requestBody, err := io.ReadAll(r.Body) if err != nil { diff --git a/schema/handler.go b/schema/handler.go index ac06096a82d3..88df15d0c6af 100644 --- a/schema/handler.go +++ b/schema/handler.go @@ -79,15 +79,15 @@ type getIdentitySchema struct { // // Get a JSON Schema // -// Produces: -// - application/json +// Produces: +// - application/json // -// Schemes: http, https +// Schemes: http, https // -// Responses: -// 200: identitySchema -// 404: jsonError -// 500: jsonError +// Responses: +// 200: identitySchema +// 404: jsonError +// 500: jsonError func (h *Handler) getIdentitySchema(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { ss, err := h.r.IdentityTraitsSchemas(r.Context()) if err != nil { @@ -147,14 +147,14 @@ type listIdentitySchemas struct { // // Get all Identity Schemas // -// Produces: -// - application/json +// Produces: +// - application/json // -// Schemes: http, https +// Schemes: http, https // -// Responses: -// 200: identitySchemas -// 500: jsonError +// Responses: +// 200: identitySchemas +// 500: jsonError func (h *Handler) getAll(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { page, itemsPerPage := x.ParsePagination(r) diff --git a/selfservice/errorx/handler.go b/selfservice/errorx/handler.go index e6218f7d0684..b34341d29998 100644 --- a/selfservice/errorx/handler.go +++ b/selfservice/errorx/handler.go @@ -64,7 +64,7 @@ type getSelfServiceError struct { // swagger:route GET /self-service/errors v0alpha2 getSelfServiceError // -// Get Self-Service Errors +// # Get Self-Service Errors // // This endpoint returns the error associated with a user-facing self service errors. // @@ -74,16 +74,16 @@ type getSelfServiceError struct { // // More information can be found at [Ory Kratos User User Facing Error Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-facing-errors). // -// Produces: -// - application/json +// Produces: +// - application/json // -// Schemes: http, https +// Schemes: http, https // -// Responses: -// 200: selfServiceError -// 403: jsonError -// 404: jsonError -// 500: jsonError +// Responses: +// 200: selfServiceError +// 403: jsonError +// 404: jsonError +// 500: jsonError func (h *Handler) publicFetchError(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { if err := h.fetchError(w, r); err != nil { h.r.Writer().WriteError(w, r, err) diff --git a/selfservice/flow/login/handler.go b/selfservice/flow/login/handler.go index 7544c6f84438..f895ca9a4215 100644 --- a/selfservice/flow/login/handler.go +++ b/selfservice/flow/login/handler.go @@ -257,15 +257,15 @@ type initializeSelfServiceLoginFlowWithoutBrowser struct { // // More information can be found at [Ory Kratos User Login](https://www.ory.sh/docs/kratos/self-service/flows/user-login) and [User Registration Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-registration). // -// Produces: -// - application/json +// Produces: +// - application/json // -// Schemes: http, https +// Schemes: http, https // -// Responses: -// 200: selfServiceLoginFlow -// 400: jsonError -// 500: jsonError +// Responses: +// 200: selfServiceLoginFlow +// 400: jsonError +// 500: jsonError func (h *Handler) initAPIFlow(w http.ResponseWriter, r *http.Request, _ httprouter.Params) { f, err := h.NewLoginFlow(w, r, flow.TypeAPI) if err != nil { @@ -306,7 +306,7 @@ type initializeSelfServiceLoginFlowForBrowsers struct { // swagger:route GET /self-service/login/browser v0alpha2 initializeSelfServiceLoginFlowForBrowsers // -// Initialize Login Flow for Browsers +// # Initialize Login Flow for Browsers // // This endpoint initializes a browser-based user login flow. This endpoint will set the appropriate // cookies and anti-CSRF measures required for browser-based flows. @@ -328,16 +328,16 @@ type initializeSelfServiceLoginFlowForBrowsers struct { // // More information can be found at [Ory Kratos User Login](https://www.ory.sh/docs/kratos/self-service/flows/user-login) and [User Registration Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-registration). // -// Produces: -// - application/json +// Produces: +// - application/json // -// Schemes: http, https +// Schemes: http, https // -// Responses: -// 200: selfServiceLoginFlow -// 303: emptyResponse -// 400: jsonError -// 500: jsonError +// Responses: +// 200: selfServiceLoginFlow +// 303: emptyResponse +// 400: jsonError +// 500: jsonError func (h *Handler) initBrowserFlow(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { a, err := h.NewLoginFlow(w, r, flow.TypeBrowser) if errors.Is(err, ErrAlreadyLoggedIn) { @@ -384,7 +384,7 @@ type getSelfServiceLoginFlow struct { // swagger:route GET /self-service/login/flows v0alpha2 getSelfServiceLoginFlow // -// Get Login Flow +// # Get Login Flow // // This endpoint returns a login flow's context with, for example, error details and other information. // @@ -410,17 +410,17 @@ type getSelfServiceLoginFlow struct { // // More information can be found at [Ory Kratos User Login](https://www.ory.sh/docs/kratos/self-service/flows/user-login) and [User Registration Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-registration). // -// Produces: -// - application/json +// Produces: +// - application/json // -// Schemes: http, https +// Schemes: http, https // -// Responses: -// 200: selfServiceLoginFlow -// 403: jsonError -// 404: jsonError -// 410: jsonError -// 500: jsonError +// Responses: +// 200: selfServiceLoginFlow +// 403: jsonError +// 404: jsonError +// 410: jsonError +// 500: jsonError func (h *Handler) fetchFlow(w http.ResponseWriter, r *http.Request, _ httprouter.Params) { ar, err := h.d.LoginFlowPersister().GetLoginFlow(r.Context(), x.ParseUUID(r.URL.Query().Get("id"))) if err != nil { @@ -492,7 +492,7 @@ type submitSelfServiceLoginFlowBody struct{} // swagger:route POST /self-service/login v0alpha2 submitSelfServiceLoginFlow // -// Submit a Login Flow +// # Submit a Login Flow // // :::info // @@ -520,33 +520,33 @@ type submitSelfServiceLoginFlowBody struct{} // If this endpoint is called with `Accept: application/json` in the header, the response contains the flow without a redirect. In the // case of an error, the `error.id` of the JSON response body can be one of: // -// - `session_already_available`: The user is already signed in. -// - `security_csrf_violation`: Unable to fetch the flow because a CSRF violation occurred. -// - `security_identity_mismatch`: The requested `?return_to` address is not allowed to be used. Adjust this in the configuration! -// - `browser_location_change_required`: Usually sent when an AJAX request indicates that the browser needs to open a specific URL. -// Most likely used in Social Sign In flows. +// - `session_already_available`: The user is already signed in. +// - `security_csrf_violation`: Unable to fetch the flow because a CSRF violation occurred. +// - `security_identity_mismatch`: The requested `?return_to` address is not allowed to be used. Adjust this in the configuration! +// - `browser_location_change_required`: Usually sent when an AJAX request indicates that the browser needs to open a specific URL. +// Most likely used in Social Sign In flows. // // More information can be found at [Ory Kratos User Login](https://www.ory.sh/docs/kratos/self-service/flows/user-login) and [User Registration Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-registration). // -// Schemes: http, https +// Schemes: http, https // -// Consumes: -// - application/json -// - application/x-www-form-urlencoded +// Consumes: +// - application/json +// - application/x-www-form-urlencoded // -// Produces: -// - application/json +// Produces: +// - application/json // -// Header: -// - Set-Cookie +// Header: +// - Set-Cookie // -// Responses: -// 200: successfulSelfServiceLoginWithoutBrowser -// 303: emptyResponse -// 400: selfServiceLoginFlow -// 410: jsonError -// 422: selfServiceBrowserLocationChangeRequiredError -// 500: jsonError +// Responses: +// 200: successfulSelfServiceLoginWithoutBrowser +// 303: emptyResponse +// 400: selfServiceLoginFlow +// 410: jsonError +// 422: selfServiceBrowserLocationChangeRequiredError +// 500: jsonError func (h *Handler) submitFlow(w http.ResponseWriter, r *http.Request, _ httprouter.Params) { rid, err := flow.GetFlowID(r) if err != nil { diff --git a/selfservice/flow/logout/handler.go b/selfservice/flow/logout/handler.go index 892f6b517aa7..724d53560bef 100644 --- a/selfservice/flow/logout/handler.go +++ b/selfservice/flow/logout/handler.go @@ -93,7 +93,7 @@ type createSelfServiceLogoutFlowUrlForBrowsers struct { // swagger:route GET /self-service/logout/browser v0alpha2 createSelfServiceLogoutFlowUrlForBrowsers // -// Create a Logout URL for Browsers +// # Create a Logout URL for Browsers // // This endpoint initializes a browser-based user logout flow and a URL which can be used to log out the user. // @@ -106,15 +106,15 @@ type createSelfServiceLogoutFlowUrlForBrowsers struct { // // When calling this endpoint from a backend, please ensure to properly forward the HTTP cookies. // -// Produces: -// - application/json +// Produces: +// - application/json // -// Schemes: http, https +// Schemes: http, https // -// Responses: -// 200: selfServiceLogoutUrl -// 401: jsonError -// 500: jsonError +// Responses: +// 200: selfServiceLogoutUrl +// 401: jsonError +// 500: jsonError func (h *Handler) createSelfServiceLogoutUrlForBrowsers(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { sess, err := h.d.SessionManager().FetchFromRequest(r.Context(), r) if err != nil { @@ -161,18 +161,18 @@ type submitSelfServiceLogoutFlowWithoutBrowserBody struct { // This endpoint does not remove any HTTP // Cookies - use the Browser-Based Self-Service Logout Flow instead. // -// Consumes: -// - application/json +// Consumes: +// - application/json // -// Produces: -// - application/json +// Produces: +// - application/json // -// Schemes: http, https +// Schemes: http, https // -// Responses: -// 204: emptyResponse -// 400: jsonError -// 500: jsonError +// Responses: +// 204: emptyResponse +// 400: jsonError +// 500: jsonError func (h *Handler) submitSelfServiceLogoutFlowWithoutBrowser(w http.ResponseWriter, r *http.Request, _ httprouter.Params) { var p submitSelfServiceLogoutFlowWithoutBrowserBody if err := h.dx.Decode(r, &p, @@ -214,7 +214,7 @@ type submitSelfServiceLogoutFlow struct { // swagger:route GET /self-service/logout v0alpha2 submitSelfServiceLogoutFlow // -// Complete Self-Service Logout +// # Complete Self-Service Logout // // This endpoint logs out an identity in a self-service manner. // @@ -230,15 +230,15 @@ type submitSelfServiceLogoutFlow struct { // // More information can be found at [Ory Kratos User Logout Documentation](https://www.ory.sh/docs/next/kratos/self-service/flows/user-logout). // -// Produces: -// - application/json +// Produces: +// - application/json // -// Schemes: http, https +// Schemes: http, https // -// Responses: -// 303: emptyResponse -// 204: emptyResponse -// 500: jsonError +// Responses: +// 303: emptyResponse +// 204: emptyResponse +// 500: jsonError func (h *Handler) submitLogout(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { expected := r.URL.Query().Get("token") if len(expected) == 0 { diff --git a/selfservice/flow/recovery/handler.go b/selfservice/flow/recovery/handler.go index 10b83e8c8b67..1da77912af28 100644 --- a/selfservice/flow/recovery/handler.go +++ b/selfservice/flow/recovery/handler.go @@ -107,15 +107,14 @@ func (h *Handler) RegisterAdminRoutes(admin *x.RouterAdmin) { // // This endpoint MUST ONLY be used in scenarios such as native mobile apps (React Native, Objective C, Swift, Java, ...). // -// // More information can be found at [Ory Kratos Account Recovery Documentation](../self-service/flows/account-recovery). // -// Schemes: http, https +// Schemes: http, https // -// Responses: -// 200: selfServiceRecoveryFlow -// 500: jsonError -// 400: jsonError +// Responses: +// 200: selfServiceRecoveryFlow +// 500: jsonError +// 400: jsonError func (h *Handler) initAPIFlow(w http.ResponseWriter, r *http.Request, _ httprouter.Params) { if !h.d.Config().SelfServiceFlowRecoveryEnabled(r.Context()) { h.d.SelfServiceErrorManager().Forward(r.Context(), w, r, errors.WithStack(herodot.ErrBadRequest.WithReasonf("Recovery is not allowed because it was disabled."))) @@ -147,7 +146,7 @@ type initializeSelfServiceRecoveryFlowWithoutBrowser struct { // swagger:route GET /self-service/recovery/browser v0alpha2 initializeSelfServiceRecoveryFlowForBrowsers // -// Initialize Recovery Flow for Browsers +// # Initialize Recovery Flow for Browsers // // This endpoint initializes a browser-based account recovery flow. Once initialized, the browser will be redirected to // `selfservice.flows.recovery.ui_url` with the flow ID set as the query parameter `?flow=`. If a valid user session @@ -160,13 +159,13 @@ type initializeSelfServiceRecoveryFlowWithoutBrowser struct { // // More information can be found at [Ory Kratos Account Recovery Documentation](../self-service/flows/account-recovery). // -// Schemes: http, https +// Schemes: http, https // -// Responses: -// 200: selfServiceRecoveryFlow -// 303: emptyResponse -// 400: jsonError -// 500: jsonError +// Responses: +// 200: selfServiceRecoveryFlow +// 303: emptyResponse +// 400: jsonError +// 500: jsonError func (h *Handler) initBrowserFlow(w http.ResponseWriter, r *http.Request, _ httprouter.Params) { if !h.d.Config().SelfServiceFlowRecoveryEnabled(r.Context()) { h.d.SelfServiceErrorManager().Forward(r.Context(), w, r, errors.WithStack(herodot.ErrBadRequest.WithReasonf("Recovery is not allowed because it was disabled."))) @@ -212,7 +211,7 @@ type getSelfServiceRecoveryFlow struct { // swagger:route GET /self-service/recovery/flows v0alpha2 getSelfServiceRecoveryFlow // -// Get Recovery Flow +// # Get Recovery Flow // // This endpoint returns a recovery flow's context with, for example, error details and other information. // @@ -233,16 +232,16 @@ type getSelfServiceRecoveryFlow struct { // // More information can be found at [Ory Kratos Account Recovery Documentation](../self-service/flows/account-recovery). // -// Produces: -// - application/json +// Produces: +// - application/json // -// Schemes: http, https +// Schemes: http, https // -// Responses: -// 200: selfServiceRecoveryFlow -// 404: jsonError -// 410: jsonError -// 500: jsonError +// Responses: +// 200: selfServiceRecoveryFlow +// 404: jsonError +// 410: jsonError +// 500: jsonError func (h *Handler) fetch(w http.ResponseWriter, r *http.Request, _ httprouter.Params) { if !h.d.Config().SelfServiceFlowRecoveryEnabled(r.Context()) { h.d.SelfServiceErrorManager().Forward(r.Context(), w, r, errors.WithStack(herodot.ErrBadRequest.WithReasonf("Recovery is not allowed because it was disabled."))) @@ -325,40 +324,40 @@ type submitSelfServiceRecoveryFlowBody struct{} // swagger:route POST /self-service/recovery v0alpha2 submitSelfServiceRecoveryFlow // -// Complete Recovery Flow +// # Complete Recovery Flow // // Use this endpoint to complete a recovery flow. This endpoint // behaves differently for API and browser flows and has several states: // -// - `choose_method` expects `flow` (in the URL query) and `email` (in the body) to be sent -// and works with API- and Browser-initiated flows. -// - For API clients and Browser clients with HTTP Header `Accept: application/json` it either returns a HTTP 200 OK when the form is valid and HTTP 400 OK when the form is invalid. +// - `choose_method` expects `flow` (in the URL query) and `email` (in the body) to be sent +// and works with API- and Browser-initiated flows. +// - For API clients and Browser clients with HTTP Header `Accept: application/json` it either returns a HTTP 200 OK when the form is valid and HTTP 400 OK when the form is invalid. // and a HTTP 303 See Other redirect with a fresh recovery flow if the flow was otherwise invalid (e.g. expired). -// - For Browser clients without HTTP Header `Accept` or with `Accept: text/*` it returns a HTTP 303 See Other redirect to the Recovery UI URL with the Recovery Flow ID appended. -// - `sent_email` is the success state after `choose_method` for the `link` method and allows the user to request another recovery email. It -// works for both API and Browser-initiated flows and returns the same responses as the flow in `choose_method` state. -// - `passed_challenge` expects a `token` to be sent in the URL query and given the nature of the flow ("sending a recovery link") -// does not have any API capabilities. The server responds with a HTTP 303 See Other redirect either to the Settings UI URL -// (if the link was valid) and instructs the user to update their password, or a redirect to the Recover UI URL with -// a new Recovery Flow ID which contains an error message that the recovery link was invalid. +// - For Browser clients without HTTP Header `Accept` or with `Accept: text/*` it returns a HTTP 303 See Other redirect to the Recovery UI URL with the Recovery Flow ID appended. +// - `sent_email` is the success state after `choose_method` for the `link` method and allows the user to request another recovery email. It +// works for both API and Browser-initiated flows and returns the same responses as the flow in `choose_method` state. +// - `passed_challenge` expects a `token` to be sent in the URL query and given the nature of the flow ("sending a recovery link") +// does not have any API capabilities. The server responds with a HTTP 303 See Other redirect either to the Settings UI URL +// (if the link was valid) and instructs the user to update their password, or a redirect to the Recover UI URL with +// a new Recovery Flow ID which contains an error message that the recovery link was invalid. // // More information can be found at [Ory Kratos Account Recovery Documentation](../self-service/flows/account-recovery). // -// Consumes: -// - application/json -// - application/x-www-form-urlencoded +// Consumes: +// - application/json +// - application/x-www-form-urlencoded // -// Produces: -// - application/json +// Produces: +// - application/json // -// Schemes: http, https +// Schemes: http, https // -// Responses: -// 200: selfServiceRecoveryFlow -// 303: emptyResponse -// 400: selfServiceRecoveryFlow -// 410: jsonError -// 500: jsonError +// Responses: +// 200: selfServiceRecoveryFlow +// 303: emptyResponse +// 400: selfServiceRecoveryFlow +// 410: jsonError +// 500: jsonError func (h *Handler) submitFlow(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { rid, err := flow.GetFlowID(r) if err != nil { diff --git a/selfservice/flow/registration/handler.go b/selfservice/flow/registration/handler.go index 7aaf9043f68a..de36b755e9ca 100644 --- a/selfservice/flow/registration/handler.go +++ b/selfservice/flow/registration/handler.go @@ -172,12 +172,12 @@ func (h *Handler) FromOldFlow(w http.ResponseWriter, r *http.Request, of Flow) ( // // More information can be found at [Ory Kratos User Login](https://www.ory.sh/docs/kratos/self-service/flows/user-login) and [User Registration Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-registration). // -// Schemes: http, https +// Schemes: http, https // -// Responses: -// 200: selfServiceRegistrationFlow -// 400: jsonError -// 500: jsonError +// Responses: +// 200: selfServiceRegistrationFlow +// 400: jsonError +// 500: jsonError func (h *Handler) initApiFlow(w http.ResponseWriter, r *http.Request, _ httprouter.Params) { a, err := h.NewRegistrationFlow(w, r, flow.TypeAPI) if err != nil { @@ -199,7 +199,7 @@ type initializeSelfServiceRegistrationFlowForBrowsers struct { // swagger:route GET /self-service/registration/browser v0alpha2 initializeSelfServiceRegistrationFlowForBrowsers // -// Initialize Registration Flow for Browsers +// # Initialize Registration Flow for Browsers // // This endpoint initializes a browser-based user registration flow. This endpoint will set the appropriate // cookies and anti-CSRF measures required for browser-based flows. @@ -227,15 +227,15 @@ type initializeSelfServiceRegistrationFlowForBrowsers struct { // // More information can be found at [Ory Kratos User Login](https://www.ory.sh/docs/kratos/self-service/flows/user-login) and [User Registration Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-registration). // -// Schemes: http, https +// Schemes: http, https // -// Produces: -// - application/json +// Produces: +// - application/json // -// Responses: -// 200: selfServiceRegistrationFlow -// 303: emptyResponse -// 500: jsonError +// Responses: +// 200: selfServiceRegistrationFlow +// 303: emptyResponse +// 500: jsonError func (h *Handler) initBrowserFlow(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { a, err := h.NewRegistrationFlow(w, r, flow.TypeBrowser) if err != nil { @@ -281,7 +281,7 @@ type getSelfServiceRegistrationFlow struct { // swagger:route GET /self-service/registration/flows v0alpha2 getSelfServiceRegistrationFlow // -// Get Registration Flow +// # Get Registration Flow // // This endpoint returns a registration flow's context with, for example, error details and other information. // @@ -307,17 +307,17 @@ type getSelfServiceRegistrationFlow struct { // // More information can be found at [Ory Kratos User Login](https://www.ory.sh/docs/kratos/self-service/flows/user-login) and [User Registration Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-registration). // -// Produces: -// - application/json +// Produces: +// - application/json // -// Schemes: http, https +// Schemes: http, https // -// Responses: -// 200: selfServiceRegistrationFlow -// 403: jsonError -// 404: jsonError -// 410: jsonError -// 500: jsonError +// Responses: +// 200: selfServiceRegistrationFlow +// 403: jsonError +// 404: jsonError +// 410: jsonError +// 500: jsonError func (h *Handler) fetchFlow(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { if !h.d.Config().SelfServiceFlowRegistrationEnabled(r.Context()) { h.d.SelfServiceErrorManager().Forward(r.Context(), w, r, errors.WithStack(ErrRegistrationDisabled)) @@ -389,7 +389,7 @@ type submitSelfServiceRegistrationFlowBody struct{} // swagger:route POST /self-service/registration v0alpha2 submitSelfServiceRegistrationFlow // -// Submit a Registration Flow +// # Submit a Registration Flow // // Use this endpoint to complete a registration flow by sending an identity's traits and password. This endpoint // behaves differently for API and browser flows. @@ -412,30 +412,30 @@ type submitSelfServiceRegistrationFlowBody struct{} // If this endpoint is called with `Accept: application/json` in the header, the response contains the flow without a redirect. In the // case of an error, the `error.id` of the JSON response body can be one of: // -// - `session_already_available`: The user is already signed in. -// - `security_csrf_violation`: Unable to fetch the flow because a CSRF violation occurred. -// - `security_identity_mismatch`: The requested `?return_to` address is not allowed to be used. Adjust this in the configuration! -// - `browser_location_change_required`: Usually sent when an AJAX request indicates that the browser needs to open a specific URL. -// Most likely used in Social Sign In flows. +// - `session_already_available`: The user is already signed in. +// - `security_csrf_violation`: Unable to fetch the flow because a CSRF violation occurred. +// - `security_identity_mismatch`: The requested `?return_to` address is not allowed to be used. Adjust this in the configuration! +// - `browser_location_change_required`: Usually sent when an AJAX request indicates that the browser needs to open a specific URL. +// Most likely used in Social Sign In flows. // // More information can be found at [Ory Kratos User Login](https://www.ory.sh/docs/kratos/self-service/flows/user-login) and [User Registration Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-registration). // -// Schemes: http, https +// Schemes: http, https // -// Consumes: -// - application/json -// - application/x-www-form-urlencoded +// Consumes: +// - application/json +// - application/x-www-form-urlencoded // -// Produces: -// - application/json +// Produces: +// - application/json // -// Responses: -// 200: successfulSelfServiceRegistrationWithoutBrowser -// 303: emptyResponse -// 400: selfServiceRegistrationFlow -// 410: jsonError -// 422: selfServiceBrowserLocationChangeRequiredError -// 500: jsonError +// Responses: +// 200: successfulSelfServiceRegistrationWithoutBrowser +// 303: emptyResponse +// 400: selfServiceRegistrationFlow +// 410: jsonError +// 422: selfServiceBrowserLocationChangeRequiredError +// 500: jsonError func (h *Handler) submitFlow(w http.ResponseWriter, r *http.Request, _ httprouter.Params) { rid, err := flow.GetFlowID(r) if err != nil { diff --git a/selfservice/flow/settings/handler.go b/selfservice/flow/settings/handler.go index e39b3a0dcbf8..0ce280d38bff 100644 --- a/selfservice/flow/settings/handler.go +++ b/selfservice/flow/settings/handler.go @@ -183,12 +183,12 @@ type initializeSelfServiceSettingsFlowWithoutBrowser struct { // // More information can be found at [Ory Kratos User Settings & Profile Management Documentation](../self-service/flows/user-settings). // -// Schemes: http, https +// Schemes: http, https // -// Responses: -// 200: selfServiceSettingsFlow -// 400: jsonError -// 500: jsonError +// Responses: +// 200: selfServiceSettingsFlow +// 400: jsonError +// 500: jsonError func (h *Handler) initApiFlow(w http.ResponseWriter, r *http.Request, _ httprouter.Params) { s, err := h.d.SessionManager().FetchFromRequest(r.Context(), r) if err != nil { @@ -221,7 +221,7 @@ type initializeSelfServiceSettingsFlowForBrowsers struct { // swagger:route GET /self-service/settings/browser v0alpha2 initializeSelfServiceSettingsFlowForBrowsers // -// Initialize Settings Flow for Browsers +// # Initialize Settings Flow for Browsers // // This endpoint initializes a browser-based user settings flow. Once initialized, the browser will be redirected to // `selfservice.flows.settings.ui_url` with the flow ID set as the query parameter `?flow=`. If no valid @@ -313,7 +313,7 @@ type getSelfServiceSettingsFlow struct { // swagger:route GET /self-service/settings/flows v0alpha2 getSelfServiceSettingsFlow // -// Get Settings Flow +// # Get Settings Flow // // When accessing this endpoint through Ory Kratos' Public API you must ensure that either the Ory Kratos Session Cookie // or the Ory Kratos Session Token are set. @@ -431,7 +431,7 @@ type submitSelfServiceSettingsFlowBody struct{} // swagger:route POST /self-service/settings v0alpha2 submitSelfServiceSettingsFlow // -// Complete Settings Flow +// # Complete Settings Flow // // Use this endpoint to complete a settings flow by sending an identity's updated password. This endpoint // behaves differently for API and browser flows. diff --git a/selfservice/flow/settings/state.go b/selfservice/flow/settings/state.go index ca883c7948fe..96d4d3869c09 100644 --- a/selfservice/flow/settings/state.go +++ b/selfservice/flow/settings/state.go @@ -2,10 +2,10 @@ package settings // State represents the state of this flow. It knows two states: // -// - show_form: No user data has been collected, or it is invalid, and thus the form should be shown. -// - success: Indicates that the settings flow has been updated successfully with the provided data. -// Done will stay true when repeatedly checking. If set to true, done will revert back to false only -// when a flow with invalid (e.g. "please use a valid phone number") data was sent. +// - show_form: No user data has been collected, or it is invalid, and thus the form should be shown. +// - success: Indicates that the settings flow has been updated successfully with the provided data. +// Done will stay true when repeatedly checking. If set to true, done will revert back to false only +// when a flow with invalid (e.g. "please use a valid phone number") data was sent. // // swagger:model selfServiceSettingsFlowState type State string diff --git a/selfservice/flow/verification/handler.go b/selfservice/flow/verification/handler.go index c6f2b46f5e27..5a4de45c18ea 100644 --- a/selfservice/flow/verification/handler.go +++ b/selfservice/flow/verification/handler.go @@ -96,12 +96,12 @@ func (h *Handler) RegisterAdminRoutes(admin *x.RouterAdmin) { // // More information can be found at [Ory Kratos Email and Phone Verification Documentation](https://www.ory.sh/docs/kratos/self-service/flows/verify-email-account-activation). // -// Schemes: http, https +// Schemes: http, https // -// Responses: -// 200: selfServiceVerificationFlow -// 500: jsonError -// 400: jsonError +// Responses: +// 200: selfServiceVerificationFlow +// 500: jsonError +// 400: jsonError func (h *Handler) initAPIFlow(w http.ResponseWriter, r *http.Request, _ httprouter.Params) { if !h.d.Config().SelfServiceFlowVerificationEnabled(r.Context()) { h.d.SelfServiceErrorManager().Forward(r.Context(), w, r, errors.WithStack(herodot.ErrBadRequest.WithReasonf("Verification is not allowed because it was disabled."))) @@ -133,7 +133,7 @@ type initializeSelfServiceVerificationFlowForBrowsers struct { // swagger:route GET /self-service/verification/browser v0alpha2 initializeSelfServiceVerificationFlowForBrowsers // -// Initialize Verification Flow for Browser Clients +// # Initialize Verification Flow for Browser Clients // // This endpoint initializes a browser-based account verification flow. Once initialized, the browser will be redirected to // `selfservice.flows.verification.ui_url` with the flow ID set as the query parameter `?flow=`. @@ -144,12 +144,12 @@ type initializeSelfServiceVerificationFlowForBrowsers struct { // // More information can be found at [Ory Kratos Email and Phone Verification Documentation](https://www.ory.sh/docs/kratos/selfservice/flows/verify-email-account-activation). // -// Schemes: http, https +// Schemes: http, https // -// Responses: -// 200: selfServiceVerificationFlow -// 303: emptyResponse -// 500: jsonError +// Responses: +// 200: selfServiceVerificationFlow +// 303: emptyResponse +// 500: jsonError func (h *Handler) initBrowserFlow(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { if !h.d.Config().SelfServiceFlowVerificationEnabled(r.Context()) { h.d.SelfServiceErrorManager().Forward(r.Context(), w, r, errors.WithStack(herodot.ErrBadRequest.WithReasonf("Verification is not allowed because it was disabled."))) @@ -205,26 +205,26 @@ type getSelfServiceVerificationFlow struct { // If you use the browser-flow for server-side apps, the services need to run on a common top-level-domain // and you need to forward the incoming HTTP Cookie header to this endpoint: // -// ```js -// // pseudo-code example -// router.get('/recovery', async function (req, res) { -// const flow = await client.getSelfServiceVerificationFlow(req.header('cookie'), req.query['flow']) +// ```js +// // pseudo-code example +// router.get('/recovery', async function (req, res) { +// const flow = await client.getSelfServiceVerificationFlow(req.header('cookie'), req.query['flow']) // -// res.render('verification', flow) -// }) +// res.render('verification', flow) +// }) // // More information can be found at [Ory Kratos Email and Phone Verification Documentation](https://www.ory.sh/docs/kratos/selfservice/flows/verify-email-account-activation). // -// Produces: -// - application/json +// Produces: +// - application/json // -// Schemes: http, https +// Schemes: http, https // -// Responses: -// 200: selfServiceVerificationFlow -// 403: jsonError -// 404: jsonError -// 500: jsonError +// Responses: +// 200: selfServiceVerificationFlow +// 403: jsonError +// 404: jsonError +// 500: jsonError func (h *Handler) fetch(w http.ResponseWriter, r *http.Request, _ httprouter.Params) { if !h.d.Config().SelfServiceFlowVerificationEnabled(r.Context()) { h.d.SelfServiceErrorManager().Forward(r.Context(), w, r, errors.WithStack(herodot.ErrBadRequest.WithReasonf("Verification is not allowed because it was disabled."))) @@ -326,21 +326,21 @@ type submitSelfServiceVerificationFlowBody struct{} // // More information can be found at [Ory Kratos Email and Phone Verification Documentation](https://www.ory.sh/docs/kratos/selfservice/flows/verify-email-account-activation). // -// Consumes: -// - application/json -// - application/x-www-form-urlencoded +// Consumes: +// - application/json +// - application/x-www-form-urlencoded // -// Produces: -// - application/json +// Produces: +// - application/json // -// Schemes: http, https +// Schemes: http, https // -// Responses: -// 200: selfServiceVerificationFlow -// 303: emptyResponse -// 400: selfServiceVerificationFlow -// 410: jsonError -// 500: jsonError +// Responses: +// 200: selfServiceVerificationFlow +// 303: emptyResponse +// 400: selfServiceVerificationFlow +// 410: jsonError +// 500: jsonError func (h *Handler) submitFlow(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { rid, err := flow.GetFlowID(r) if err != nil { diff --git a/selfservice/strategy/link/strategy_recovery.go b/selfservice/strategy/link/strategy_recovery.go index b2e30b27a7b9..c2b636a18fb5 100644 --- a/selfservice/strategy/link/strategy_recovery.go +++ b/selfservice/strategy/link/strategy_recovery.go @@ -106,24 +106,24 @@ type selfServiceRecoveryLink struct { // swagger:route POST /admin/recovery/link v0alpha2 adminCreateSelfServiceRecoveryLink // -// Create a Recovery Link +// # Create a Recovery Link // // This endpoint creates a recovery link which should be given to the user in order for them to recover // (or activate) their account. // -// Consumes: -// - application/json +// Consumes: +// - application/json // -// Produces: -// - application/json +// Produces: +// - application/json // -// Schemes: http, https +// Schemes: http, https // -// Responses: -// 200: selfServiceRecoveryLink -// 400: jsonError -// 404: jsonError -// 500: jsonError +// Responses: +// 200: selfServiceRecoveryLink +// 400: jsonError +// 404: jsonError +// 500: jsonError func (s *Strategy) createRecoveryLink(w http.ResponseWriter, r *http.Request, _ httprouter.Params) { var p adminCreateSelfServiceRecoveryLinkBody if err := s.dx.Decode(r, &p, decoderx.HTTPJSONDecoder()); err != nil { diff --git a/selfservice/strategy/lookup/strategy.go b/selfservice/strategy/lookup/strategy.go index 12c78ffd485a..ed6ac05fe22d 100644 --- a/selfservice/strategy/lookup/strategy.go +++ b/selfservice/strategy/lookup/strategy.go @@ -20,7 +20,7 @@ import ( "github.com/ory/x/decoderx" ) -//var _ login.Strategy = new(Strategy) +// var _ login.Strategy = new(Strategy) var _ settings.Strategy = new(Strategy) var _ identity.ActiveCredentialsCounter = new(Strategy) diff --git a/selfservice/strategy/webauthn/handler.go b/selfservice/strategy/webauthn/handler.go index 19e0f44e5035..98d0203b90ca 100644 --- a/selfservice/strategy/webauthn/handler.go +++ b/selfservice/strategy/webauthn/handler.go @@ -19,7 +19,7 @@ type webAuthnJavaScript string // swagger:route GET /.well-known/ory/webauthn.js v0alpha2 getWebAuthnJavaScript // -// Get WebAuthn JavaScript +// # Get WebAuthn JavaScript // // This endpoint provides JavaScript which is needed in order to perform WebAuthn login and registration. // @@ -31,13 +31,13 @@ type webAuthnJavaScript string // // More information can be found at [Ory Kratos User Login](https://www.ory.sh/docs/kratos/self-service/flows/user-login) and [User Registration Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-registration). // -// Produces: -// - text/javascript +// Produces: +// - text/javascript // -// Schemes: http, https +// Schemes: http, https // -// Responses: -// 200: webAuthnJavaScript +// Responses: +// 200: webAuthnJavaScript func (s *Strategy) RegisterLoginRoutes(r *x.RouterPublic) { if handle, _, _ := r.Lookup("GET", webAuthnRoute); handle == nil { r.GET(webAuthnRoute, func(w http.ResponseWriter, r *http.Request, _ httprouter.Params) { diff --git a/session/handler.go b/session/handler.go index 1800016be73a..af55b2cf3e49 100644 --- a/session/handler.go +++ b/session/handler.go @@ -112,7 +112,7 @@ type toSession struct { // swagger:route GET /sessions/whoami v0alpha2 toSession // -// Check Who the Current HTTP Session Belongs To +// # Check Who the Current HTTP Session Belongs To // // Uses the HTTP Headers in the GET request to determine (e.g. by using checking the cookies) who is authenticated. // Returns a session object in the body or 401 if the credentials are invalid or no credentials were sent. @@ -132,13 +132,13 @@ type toSession struct { // // When calling this endpoint from a non-browser application (e.g. mobile app) you must include the session token: // -// ```js -// // pseudo-code example -// // ... -// const session = await client.toSession("the-session-token") +// ```js +// // pseudo-code example +// // ... +// const session = await client.toSession("the-session-token") // -// // console.log(session) -// ``` +// // console.log(session) +// ``` // // Depending on your configuration this endpoint might return a 403 status code if the session has a lower Authenticator // Assurance Level (AAL) than is possible for the identity. This can happen if the identity has password + webauthn @@ -151,7 +151,7 @@ type toSession struct { // - Reverse proxies and API Gateways // - Server-side calls - use the `X-Session-Token` header! // -// This endpoint authenticates users by checking +// # This endpoint authenticates users by checking // // - if the `Cookie` HTTP header was set containing an Ory Kratos Session Cookie; // - if the `Authorization: bearer ` HTTP header was set with a valid Ory Kratos Session Token; @@ -164,16 +164,16 @@ type toSession struct { // - `session_inactive`: No active session was found in the request (e.g. no Ory Session Cookie / Ory Session Token). // - `session_aal2_required`: An active session was found but it does not fulfil the Authenticator Assurance Level, implying that the session must (e.g.) authenticate the second factor. // -// Produces: -// - application/json +// Produces: +// - application/json // -// Schemes: http, https +// Schemes: http, https // -// Responses: -// 200: session -// 401: jsonError -// 403: jsonError -// 500: jsonError +// Responses: +// 200: session +// 401: jsonError +// 403: jsonError +// 500: jsonError func (h *Handler) whoami(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { s, err := h.r.SessionManager().FetchFromRequest(r.Context(), r) if err != nil { @@ -227,17 +227,17 @@ type adminDeleteIdentitySessions struct { // // - To forcefully logout Identity from all devices and sessions // -// Schemes: http, https +// Schemes: http, https // -// Security: -// oryAccessToken: +// Security: +// oryAccessToken: // -// Responses: -// 204: emptyResponse -// 400: jsonError -// 401: jsonError -// 404: jsonError -// 500: jsonError +// Responses: +// 204: emptyResponse +// 400: jsonError +// 401: jsonError +// 404: jsonError +// 500: jsonError func (h *Handler) adminDeleteIdentitySessions(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { iID, err := uuid.FromString(ps.ByName("id")) if err != nil { @@ -273,17 +273,17 @@ type adminListIdentitySessions struct { // // - Listing all sessions that belong to an Identity in an administrative context. // -// Schemes: http, https +// Schemes: http, https // -// Security: -// oryAccessToken: +// Security: +// oryAccessToken: // -// Responses: -// 200: sessionList -// 400: jsonError -// 401: jsonError -// 404: jsonError -// 500: jsonError +// Responses: +// 200: sessionList +// 400: jsonError +// 401: jsonError +// 404: jsonError +// 500: jsonError func (h *Handler) adminListIdentitySessions(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { iID, err := uuid.FromString(ps.ByName("id")) if err != nil { @@ -328,14 +328,14 @@ type revokeSessions struct { // // - To forcefully logout the current user from all other devices and sessions // -// Schemes: http, https +// Schemes: http, https // -// Responses: -// 200: revokedSessions -// 400: jsonError -// 401: jsonError -// 404: jsonError -// 500: jsonError +// Responses: +// 200: revokedSessions +// 400: jsonError +// 401: jsonError +// 404: jsonError +// 500: jsonError func (h *Handler) revokeSessions(w http.ResponseWriter, r *http.Request, _ httprouter.Params) { s, err := h.r.SessionManager().FetchFromRequest(r.Context(), r) if err != nil { @@ -372,13 +372,13 @@ type revokeSession struct { // // - To forcefully logout the current user from another device or session // -// Schemes: http, https +// Schemes: http, https // -// Responses: -// 204: emptyResponse -// 400: jsonError -// 401: jsonError -// 500: jsonError +// Responses: +// 204: emptyResponse +// 400: jsonError +// 401: jsonError +// 500: jsonError func (h *Handler) revokeSession(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { sid := ps.ByName("id") if sid == "whoami" { @@ -431,14 +431,14 @@ type sessionList []*Session // // - Displaying all other sessions that belong to the logged-in user // -// Schemes: http, https +// Schemes: http, https // -// Responses: -// 200: sessionList -// 400: jsonError -// 401: jsonError -// 404: jsonError -// 500: jsonError +// Responses: +// 200: sessionList +// 400: jsonError +// 401: jsonError +// 404: jsonError +// 500: jsonError func (h *Handler) listSessions(w http.ResponseWriter, r *http.Request, _ httprouter.Params) { s, err := h.r.SessionManager().FetchFromRequest(r.Context(), r) if err != nil { @@ -490,16 +490,16 @@ type adminExtendSession struct { // // Retrieve the session ID from the `/sessions/whoami` endpoint / `toSession` SDK method. // -// Schemes: http, https +// Schemes: http, https // -// Security: -// oryAccessToken: +// Security: +// oryAccessToken: // -// Responses: -// 200: session -// 400: jsonError -// 404: jsonError -// 500: jsonError +// Responses: +// 200: session +// 400: jsonError +// 404: jsonError +// 500: jsonError func (h *Handler) adminSessionExtend(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { iID, err := uuid.FromString(ps.ByName("id")) if err != nil { diff --git a/spec/api.json b/spec/api.json index 857e8714c219..31bed6667208 100755 --- a/spec/api.json +++ b/spec/api.json @@ -49,36 +49,8 @@ "title": "JSONRawMessage represents a json.RawMessage that works well with JSON, SQL, and Swagger.", "type": "object" }, - "RecoveryAddress": { - "properties": { - "created_at": { - "description": "CreatedAt is a helper struct field for gobuffalo.pop.", - "format": "date-time", - "type": "string" - }, - "id": { - "$ref": "#/components/schemas/UUID" - }, - "updated_at": { - "description": "UpdatedAt is a helper struct field for gobuffalo.pop.", - "format": "date-time", - "type": "string" - }, - "value": { - "type": "string" - }, - "via": { - "$ref": "#/components/schemas/RecoveryAddressType" - } - }, - "required": [ - "id", - "value", - "via" - ], - "type": "object" - }, "RecoveryAddressType": { + "title": "RecoveryAddressType must not exceed 16 characters as that is the limitation in the SQL Schema.", "type": "string" }, "UUID": { @@ -99,7 +71,7 @@ "recovery_addresses": { "description": "RecoveryAddresses contains all the addresses that can be used to recover an identity.\n\nUse this structure to import recovery addresses for an identity. Please keep in mind\nthat the address needs to be represented in the Identity Schema or this field will be overwritten\non the next identity update.", "items": { - "$ref": "#/components/schemas/RecoveryAddress" + "$ref": "#/components/schemas/recoveryIdentityAddress" }, "type": "array" }, @@ -197,7 +169,9 @@ "type": "string" }, "identity_id": { - "$ref": "#/components/schemas/UUID" + "description": "Identity to Recover\n\nThe identity's ID you wish to recover.", + "format": "uuid", + "type": "string" } }, "required": [ @@ -241,7 +215,7 @@ "type": "string" }, "details": { - "additionalProperties": true, + "additionalProperties": {}, "description": "Further error details", "type": "object" }, @@ -364,7 +338,9 @@ "type": "object" }, "id": { - "$ref": "#/components/schemas/UUID" + "description": "ID is the identity's unique identifier.\n\nThe Identity ID can not be changed and can not be chosen. This ensures future\ncompatibility and optimization for distributed stores such as CockroachDB.", + "format": "uuid", + "type": "string" }, "metadata_admin": { "$ref": "#/components/schemas/nullJsonRawMessage" @@ -375,7 +351,7 @@ "recovery_addresses": { "description": "RecoveryAddresses contains all the addresses that can be used to recover an identity.", "items": { - "$ref": "#/components/schemas/RecoveryAddress" + "$ref": "#/components/schemas/recoveryIdentityAddress" }, "type": "array", "x-omitempty": true @@ -622,7 +598,7 @@ "type": "string" }, "details": { - "additionalProperties": true, + "additionalProperties": {}, "description": "Further error details", "type": "object" }, @@ -690,6 +666,36 @@ }, "type": "object" }, + "recoveryIdentityAddress": { + "properties": { + "created_at": { + "description": "CreatedAt is a helper struct field for gobuffalo.pop.", + "format": "date-time", + "type": "string" + }, + "id": { + "format": "uuid", + "type": "string" + }, + "updated_at": { + "description": "UpdatedAt is a helper struct field for gobuffalo.pop.", + "format": "date-time", + "type": "string" + }, + "value": { + "type": "string" + }, + "via": { + "$ref": "#/components/schemas/RecoveryAddressType" + } + }, + "required": [ + "id", + "value", + "via" + ], + "type": "object" + }, "revokedSessions": { "properties": { "count": { @@ -714,7 +720,7 @@ "type": "string" }, "details": { - "additionalProperties": true, + "additionalProperties": {}, "description": "Further error details", "type": "object" }, @@ -764,7 +770,9 @@ "type": "object" }, "id": { - "$ref": "#/components/schemas/UUID" + "description": "ID of the error container.", + "format": "uuid", + "type": "string" }, "updated_at": { "description": "UpdatedAt is a helper struct field for gobuffalo.pop.", @@ -792,7 +800,7 @@ "type": "string" }, "details": { - "additionalProperties": true, + "additionalProperties": {}, "description": "Further error details", "type": "object" }, @@ -824,7 +832,9 @@ "type": "string" }, "use_flow_id": { - "$ref": "#/components/schemas/UUID" + "description": "The flow ID that should be used for the new flow as it contains the correct messages.", + "format": "uuid", + "type": "string" } }, "required": [ @@ -854,7 +864,9 @@ "type": "string" }, "id": { - "$ref": "#/components/schemas/UUID" + "description": "ID represents the flow's unique ID. When performing the login flow, this\nrepresents the id in the login UI's query parameter: http://\u003cselfservice.flows.login.ui_url\u003e/?flow=\u003cflow_id\u003e", + "format": "uuid", + "type": "string" }, "issued_at": { "description": "IssuedAt is the time (UTC) when the flow started.", @@ -929,7 +941,9 @@ "type": "string" }, "id": { - "$ref": "#/components/schemas/UUID" + "description": "ID represents the request's unique ID. When performing the recovery flow, this\nrepresents the id in the recovery ui's query parameter: http://\u003cselfservice.flows.recovery.ui_url\u003e?request=\u003cid\u003e", + "format": "uuid", + "type": "string" }, "issued_at": { "description": "IssuedAt is the time (UTC) when the request occurred.", @@ -1004,7 +1018,9 @@ "type": "string" }, "id": { - "$ref": "#/components/schemas/UUID" + "description": "ID represents the flow's unique ID. When performing the registration flow, this\nrepresents the id in the registration ui's query parameter: http://\u003cselfservice.flows.registration.ui_url\u003e/?flow=\u003cid\u003e", + "format": "uuid", + "type": "string" }, "issued_at": { "description": "IssuedAt is the time (UTC) when the flow occurred.", @@ -1049,7 +1065,9 @@ "type": "string" }, "id": { - "$ref": "#/components/schemas/UUID" + "description": "ID represents the flow's unique ID. When performing the settings flow, this\nrepresents the id in the settings ui's query parameter: http://\u003cselfservice.flows.settings.ui_url\u003e?flow=\u003cid\u003e", + "format": "uuid", + "type": "string" }, "identity": { "$ref": "#/components/schemas/identity" @@ -1112,7 +1130,9 @@ "type": "string" }, "id": { - "$ref": "#/components/schemas/UUID" + "description": "ID represents the request's unique ID. When performing the verification flow, this\nrepresents the id in the verify ui's query parameter: http://\u003cselfservice.flows.verification.ui_url\u003e?request=\u003cid\u003e\n\ntype: string\nformat: uuid", + "format": "uuid", + "type": "string" }, "issued_at": { "description": "IssuedAt is the time (UTC) when the request occurred.", @@ -1180,7 +1200,9 @@ "type": "string" }, "id": { - "$ref": "#/components/schemas/UUID" + "description": "Session ID", + "format": "uuid", + "type": "string" }, "identity": { "$ref": "#/components/schemas/identity" @@ -1917,7 +1939,7 @@ "$ref": "#/components/schemas/uiNodeAttributes" }, "group": { - "description": "Group specifies which group (e.g. password authenticator) this node belongs to.", + "description": "Group specifies which group (e.g. password authenticator) this node belongs to.\ndefault DefaultGroup\npassword PasswordGroup\noidc OpenIDConnectGroup\nprofile ProfileGroup\nlink LinkGroup\ntotp TOTPGroup\nlookup_secret LookupGroup\nwebauthn WebAuthnGroup", "enum": [ "default", "password", @@ -1928,7 +1950,8 @@ "lookup_secret", "webauthn" ], - "type": "string" + "type": "string", + "x-go-enum-desc": "default DefaultGroup\npassword PasswordGroup\noidc OpenIDConnectGroup\nprofile ProfileGroup\nlink LinkGroup\ntotp TOTPGroup\nlookup_secret LookupGroup\nwebauthn WebAuthnGroup" }, "messages": { "$ref": "#/components/schemas/uiTexts" @@ -1937,7 +1960,7 @@ "$ref": "#/components/schemas/uiNodeMeta" }, "type": { - "description": "The node's type", + "description": "The node's type\ntext Text\ninput Input\nimg Image\na Anchor\nscript Script", "enum": [ "text", "input", @@ -1945,7 +1968,8 @@ "a", "script" ], - "type": "string" + "type": "string", + "x-go-enum-desc": "text Text\ninput Input\nimg Image\na Anchor\nscript Script" } }, "required": [ @@ -2054,7 +2078,7 @@ "description": "InputAttributes represents the attributes of an input node", "properties": { "autocomplete": { - "description": "The autocomplete attribute for the input.", + "description": "The autocomplete attribute for the input.\nemail InputAttributeAutocompleteEmail\ntel InputAttributeAutocompleteTel\nurl InputAttributeAutocompleteUrl\ncurrent-password InputAttributeAutocompleteCurrentPassword\nnew-password InputAttributeAutocompleteNewPassword\none-time-code InputAttributeAutocompleteOneTimeCode", "enum": [ "email", "tel", @@ -2063,7 +2087,8 @@ "new-password", "one-time-code" ], - "type": "string" + "type": "string", + "x-go-enum-desc": "email InputAttributeAutocompleteEmail\ntel InputAttributeAutocompleteTel\nurl InputAttributeAutocompleteUrl\ncurrent-password InputAttributeAutocompleteCurrentPassword\nnew-password InputAttributeAutocompleteNewPassword\none-time-code InputAttributeAutocompleteOneTimeCode" }, "disabled": { "description": "Sets the input's disabled field to true or false.", @@ -2093,7 +2118,7 @@ "type": "boolean" }, "type": { - "description": "The input's element type.", + "description": "The input's element type.\ntext InputAttributeTypeText\npassword InputAttributeTypePassword\nnumber InputAttributeTypeNumber\ncheckbox InputAttributeTypeCheckbox\nhidden InputAttributeTypeHidden\nemail InputAttributeTypeEmail\ntel InputAttributeTypeTel\nsubmit InputAttributeTypeSubmit\nbutton InputAttributeTypeButton\ndatetime-local InputAttributeTypeDateTimeLocal\ndate InputAttributeTypeDate\nurl InputAttributeTypeURI", "enum": [ "text", "password", @@ -2108,7 +2133,8 @@ "date", "url" ], - "type": "string" + "type": "string", + "x-go-enum-desc": "text InputAttributeTypeText\npassword InputAttributeTypePassword\nnumber InputAttributeTypeNumber\ncheckbox InputAttributeTypeCheckbox\nhidden InputAttributeTypeHidden\nemail InputAttributeTypeEmail\ntel InputAttributeTypeTel\nsubmit InputAttributeTypeSubmit\nbutton InputAttributeTypeButton\ndatetime-local InputAttributeTypeDateTimeLocal\ndate InputAttributeTypeDate\nurl InputAttributeTypeURI" }, "value": { "description": "The input's value.", @@ -2257,7 +2283,9 @@ "type": "string" }, "id": { - "$ref": "#/components/schemas/UUID" + "description": "The ID", + "format": "uuid", + "type": "string" }, "status": { "$ref": "#/components/schemas/identityVerifiableAddressStatus" @@ -3910,7 +3938,7 @@ }, "/self-service/recovery/api": { "get": { - "description": "This endpoint initiates a recovery flow for API clients such as mobile devices, smart TVs, and so on.\n\nIf a valid provided session cookie or session token is provided, a 400 Bad Request error.\n\nTo fetch an existing recovery flow call `/self-service/recovery/flows?flow=\u003cflow_id\u003e`.\n\nYou MUST NOT use this endpoint in client-side (Single Page Apps, ReactJS, AngularJS) nor server-side (Java Server\nPages, NodeJS, PHP, Golang, ...) browser applications. Using this endpoint in these applications will make\nyou vulnerable to a variety of CSRF attacks.\n\nThis endpoint MUST ONLY be used in scenarios such as native mobile apps (React Native, Objective C, Swift, Java, ...).\n\n\nMore information can be found at [Ory Kratos Account Recovery Documentation](../self-service/flows/account-recovery).", + "description": "This endpoint initiates a recovery flow for API clients such as mobile devices, smart TVs, and so on.\n\nIf a valid provided session cookie or session token is provided, a 400 Bad Request error.\n\nTo fetch an existing recovery flow call `/self-service/recovery/flows?flow=\u003cflow_id\u003e`.\n\nYou MUST NOT use this endpoint in client-side (Single Page Apps, ReactJS, AngularJS) nor server-side (Java Server\nPages, NodeJS, PHP, Golang, ...) browser applications. Using this endpoint in these applications will make\nyou vulnerable to a variety of CSRF attacks.\n\nThis endpoint MUST ONLY be used in scenarios such as native mobile apps (React Native, Objective C, Swift, Java, ...).\n\nMore information can be found at [Ory Kratos Account Recovery Documentation](../self-service/flows/account-recovery).", "operationId": "initializeSelfServiceRecoveryFlowWithoutBrowser", "responses": { "200": { @@ -4795,7 +4823,7 @@ "description": "jsonError" } }, - "summary": "# Complete Verification Flow", + "summary": "Complete Verification Flow", "tags": [ "v0alpha2" ] @@ -4953,7 +4981,7 @@ "description": "jsonError" } }, - "summary": "# Get Verification Flow", + "summary": "Get Verification Flow", "tags": [ "v0alpha2" ] @@ -5142,7 +5170,7 @@ }, "/sessions/whoami": { "get": { - "description": "Uses the HTTP Headers in the GET request to determine (e.g. by using checking the cookies) who is authenticated.\nReturns a session object in the body or 401 if the credentials are invalid or no credentials were sent.\nAdditionally when the request it successful it adds the user ID to the 'X-Kratos-Authenticated-Identity-Id' header\nin the response.\n\nIf you call this endpoint from a server-side application, you must forward the HTTP Cookie Header to this endpoint:\n\n```js\npseudo-code example\nrouter.get('/protected-endpoint', async function (req, res) {\nconst session = await client.toSession(undefined, req.header('cookie'))\n\nconsole.log(session)\n})\n```\n\nWhen calling this endpoint from a non-browser application (e.g. mobile app) you must include the session token:\n\n```js\npseudo-code example\n...\nconst session = await client.toSession(\"the-session-token\")\n\nconsole.log(session)\n```\n\nDepending on your configuration this endpoint might return a 403 status code if the session has a lower Authenticator\nAssurance Level (AAL) than is possible for the identity. This can happen if the identity has password + webauthn\ncredentials (which would result in AAL2) but the session has only AAL1. If this error occurs, ask the user\nto sign in with the second factor or change the configuration.\n\nThis endpoint is useful for:\n\nAJAX calls. Remember to send credentials and set up CORS correctly!\nReverse proxies and API Gateways\nServer-side calls - use the `X-Session-Token` header!\n\nThis endpoint authenticates users by checking\n\nif the `Cookie` HTTP header was set containing an Ory Kratos Session Cookie;\nif the `Authorization: bearer \u003cory-session-token\u003e` HTTP header was set with a valid Ory Kratos Session Token;\nif the `X-Session-Token` HTTP header was set with a valid Ory Kratos Session Token.\n\nIf none of these headers are set or the cooke or token are invalid, the endpoint returns a HTTP 401 status code.\n\nAs explained above, this request may fail due to several reasons. The `error.id` can be one of:\n\n`session_inactive`: No active session was found in the request (e.g. no Ory Session Cookie / Ory Session Token).\n`session_aal2_required`: An active session was found but it does not fulfil the Authenticator Assurance Level, implying that the session must (e.g.) authenticate the second factor.", + "description": "Uses the HTTP Headers in the GET request to determine (e.g. by using checking the cookies) who is authenticated.\nReturns a session object in the body or 401 if the credentials are invalid or no credentials were sent.\nAdditionally when the request it successful it adds the user ID to the 'X-Kratos-Authenticated-Identity-Id' header\nin the response.\n\nIf you call this endpoint from a server-side application, you must forward the HTTP Cookie Header to this endpoint:\n\n```js\npseudo-code example\nrouter.get('/protected-endpoint', async function (req, res) {\nconst session = await client.toSession(undefined, req.header('cookie'))\n\nconsole.log(session)\n})\n```\n\nWhen calling this endpoint from a non-browser application (e.g. mobile app) you must include the session token:\n\n```js\npseudo-code example\n...\nconst session = await client.toSession(\"the-session-token\")\n\nconsole.log(session)\n```\n\nDepending on your configuration this endpoint might return a 403 status code if the session has a lower Authenticator\nAssurance Level (AAL) than is possible for the identity. This can happen if the identity has password + webauthn\ncredentials (which would result in AAL2) but the session has only AAL1. If this error occurs, ask the user\nto sign in with the second factor or change the configuration.\n\nThis endpoint is useful for:\n\nAJAX calls. Remember to send credentials and set up CORS correctly!\nReverse proxies and API Gateways\nServer-side calls - use the `X-Session-Token` header!\n\n# This endpoint authenticates users by checking\n\nif the `Cookie` HTTP header was set containing an Ory Kratos Session Cookie;\nif the `Authorization: bearer \u003cory-session-token\u003e` HTTP header was set with a valid Ory Kratos Session Token;\nif the `X-Session-Token` HTTP header was set with a valid Ory Kratos Session Token.\n\nIf none of these headers are set or the cooke or token are invalid, the endpoint returns a HTTP 401 status code.\n\nAs explained above, this request may fail due to several reasons. The `error.id` can be one of:\n\n`session_inactive`: No active session was found in the request (e.g. no Ory Session Cookie / Ory Session Token).\n`session_aal2_required`: An active session was found but it does not fulfil the Authenticator Assurance Level, implying that the session must (e.g.) authenticate the second factor.", "operationId": "toSession", "parameters": [ { diff --git a/spec/swagger.json b/spec/swagger.json index d0f5cdc3275e..6fccc7547d1a 100755 --- a/spec/swagger.json +++ b/spec/swagger.json @@ -1346,7 +1346,7 @@ }, "/self-service/recovery/api": { "get": { - "description": "This endpoint initiates a recovery flow for API clients such as mobile devices, smart TVs, and so on.\n\nIf a valid provided session cookie or session token is provided, a 400 Bad Request error.\n\nTo fetch an existing recovery flow call `/self-service/recovery/flows?flow=\u003cflow_id\u003e`.\n\nYou MUST NOT use this endpoint in client-side (Single Page Apps, ReactJS, AngularJS) nor server-side (Java Server\nPages, NodeJS, PHP, Golang, ...) browser applications. Using this endpoint in these applications will make\nyou vulnerable to a variety of CSRF attacks.\n\nThis endpoint MUST ONLY be used in scenarios such as native mobile apps (React Native, Objective C, Swift, Java, ...).\n\n\nMore information can be found at [Ory Kratos Account Recovery Documentation](../self-service/flows/account-recovery).", + "description": "This endpoint initiates a recovery flow for API clients such as mobile devices, smart TVs, and so on.\n\nIf a valid provided session cookie or session token is provided, a 400 Bad Request error.\n\nTo fetch an existing recovery flow call `/self-service/recovery/flows?flow=\u003cflow_id\u003e`.\n\nYou MUST NOT use this endpoint in client-side (Single Page Apps, ReactJS, AngularJS) nor server-side (Java Server\nPages, NodeJS, PHP, Golang, ...) browser applications. Using this endpoint in these applications will make\nyou vulnerable to a variety of CSRF attacks.\n\nThis endpoint MUST ONLY be used in scenarios such as native mobile apps (React Native, Objective C, Swift, Java, ...).\n\nMore information can be found at [Ory Kratos Account Recovery Documentation](../self-service/flows/account-recovery).", "schemes": [ "http", "https" @@ -1994,7 +1994,7 @@ "tags": [ "v0alpha2" ], - "summary": "# Complete Verification Flow", + "summary": "Complete Verification Flow", "operationId": "submitSelfServiceVerificationFlow", "parameters": [ { @@ -2142,7 +2142,7 @@ "tags": [ "v0alpha2" ], - "summary": "# Get Verification Flow", + "summary": "Get Verification Flow", "operationId": "getSelfServiceVerificationFlow", "parameters": [ { @@ -2326,7 +2326,7 @@ }, "/sessions/whoami": { "get": { - "description": "Uses the HTTP Headers in the GET request to determine (e.g. by using checking the cookies) who is authenticated.\nReturns a session object in the body or 401 if the credentials are invalid or no credentials were sent.\nAdditionally when the request it successful it adds the user ID to the 'X-Kratos-Authenticated-Identity-Id' header\nin the response.\n\nIf you call this endpoint from a server-side application, you must forward the HTTP Cookie Header to this endpoint:\n\n```js\npseudo-code example\nrouter.get('/protected-endpoint', async function (req, res) {\nconst session = await client.toSession(undefined, req.header('cookie'))\n\nconsole.log(session)\n})\n```\n\nWhen calling this endpoint from a non-browser application (e.g. mobile app) you must include the session token:\n\n```js\npseudo-code example\n...\nconst session = await client.toSession(\"the-session-token\")\n\nconsole.log(session)\n```\n\nDepending on your configuration this endpoint might return a 403 status code if the session has a lower Authenticator\nAssurance Level (AAL) than is possible for the identity. This can happen if the identity has password + webauthn\ncredentials (which would result in AAL2) but the session has only AAL1. If this error occurs, ask the user\nto sign in with the second factor or change the configuration.\n\nThis endpoint is useful for:\n\nAJAX calls. Remember to send credentials and set up CORS correctly!\nReverse proxies and API Gateways\nServer-side calls - use the `X-Session-Token` header!\n\nThis endpoint authenticates users by checking\n\nif the `Cookie` HTTP header was set containing an Ory Kratos Session Cookie;\nif the `Authorization: bearer \u003cory-session-token\u003e` HTTP header was set with a valid Ory Kratos Session Token;\nif the `X-Session-Token` HTTP header was set with a valid Ory Kratos Session Token.\n\nIf none of these headers are set or the cooke or token are invalid, the endpoint returns a HTTP 401 status code.\n\nAs explained above, this request may fail due to several reasons. The `error.id` can be one of:\n\n`session_inactive`: No active session was found in the request (e.g. no Ory Session Cookie / Ory Session Token).\n`session_aal2_required`: An active session was found but it does not fulfil the Authenticator Assurance Level, implying that the session must (e.g.) authenticate the second factor.", + "description": "Uses the HTTP Headers in the GET request to determine (e.g. by using checking the cookies) who is authenticated.\nReturns a session object in the body or 401 if the credentials are invalid or no credentials were sent.\nAdditionally when the request it successful it adds the user ID to the 'X-Kratos-Authenticated-Identity-Id' header\nin the response.\n\nIf you call this endpoint from a server-side application, you must forward the HTTP Cookie Header to this endpoint:\n\n```js\npseudo-code example\nrouter.get('/protected-endpoint', async function (req, res) {\nconst session = await client.toSession(undefined, req.header('cookie'))\n\nconsole.log(session)\n})\n```\n\nWhen calling this endpoint from a non-browser application (e.g. mobile app) you must include the session token:\n\n```js\npseudo-code example\n...\nconst session = await client.toSession(\"the-session-token\")\n\nconsole.log(session)\n```\n\nDepending on your configuration this endpoint might return a 403 status code if the session has a lower Authenticator\nAssurance Level (AAL) than is possible for the identity. This can happen if the identity has password + webauthn\ncredentials (which would result in AAL2) but the session has only AAL1. If this error occurs, ask the user\nto sign in with the second factor or change the configuration.\n\nThis endpoint is useful for:\n\nAJAX calls. Remember to send credentials and set up CORS correctly!\nReverse proxies and API Gateways\nServer-side calls - use the `X-Session-Token` header!\n\n# This endpoint authenticates users by checking\n\nif the `Cookie` HTTP header was set containing an Ory Kratos Session Cookie;\nif the `Authorization: bearer \u003cory-session-token\u003e` HTTP header was set with a valid Ory Kratos Session Token;\nif the `X-Session-Token` HTTP header was set with a valid Ory Kratos Session Token.\n\nIf none of these headers are set or the cooke or token are invalid, the endpoint returns a HTTP 401 status code.\n\nAs explained above, this request may fail due to several reasons. The `error.id` can be one of:\n\n`session_inactive`: No active session was found in the request (e.g. no Ory Session Cookie / Ory Session Token).\n`session_aal2_required`: An active session was found but it does not fulfil the Authenticator Assurance Level, implying that the session must (e.g.) authenticate the second factor.", "produces": [ "application/json" ], @@ -2495,37 +2495,9 @@ "type": "object", "title": "JSONRawMessage represents a json.RawMessage that works well with JSON, SQL, and Swagger." }, - "RecoveryAddress": { - "type": "object", - "required": [ - "id", - "value", - "via" - ], - "properties": { - "created_at": { - "description": "CreatedAt is a helper struct field for gobuffalo.pop.", - "type": "string", - "format": "date-time" - }, - "id": { - "$ref": "#/definitions/UUID" - }, - "updated_at": { - "description": "UpdatedAt is a helper struct field for gobuffalo.pop.", - "type": "string", - "format": "date-time" - }, - "value": { - "type": "string" - }, - "via": { - "$ref": "#/definitions/RecoveryAddressType" - } - } - }, "RecoveryAddressType": { - "type": "string" + "type": "string", + "title": "RecoveryAddressType must not exceed 16 characters as that is the limitation in the SQL Schema." }, "UUID": {"type": "string", "format": "uuid4"}, "adminCreateIdentityBody": { @@ -2550,7 +2522,7 @@ "description": "RecoveryAddresses contains all the addresses that can be used to recover an identity.\n\nUse this structure to import recovery addresses for an identity. Please keep in mind\nthat the address needs to be represented in the Identity Schema or this field will be overwritten\non the next identity update.", "type": "array", "items": { - "$ref": "#/definitions/RecoveryAddress" + "$ref": "#/definitions/recoveryIdentityAddress" } }, "schema_id": { @@ -2646,7 +2618,9 @@ "pattern": "^[0-9]+(ns|us|ms|s|m|h)$" }, "identity_id": { - "$ref": "#/definitions/UUID" + "description": "Identity to Recover\n\nThe identity's ID you wish to recover.", + "type": "string", + "format": "uuid" } } }, @@ -2687,7 +2661,7 @@ "details": { "description": "Further error details", "type": "object", - "additionalProperties": true + "additionalProperties": {} }, "id": { "description": "The error ID\n\nUseful when trying to identify various errors in application logic.", @@ -2738,7 +2712,7 @@ "details": { "description": "Further error details", "type": "object", - "additionalProperties": true + "additionalProperties": {} }, "id": { "description": "The error ID\n\nUseful when trying to identify various errors in application logic.", @@ -2811,7 +2785,9 @@ } }, "id": { - "$ref": "#/definitions/UUID" + "description": "ID is the identity's unique identifier.\n\nThe Identity ID can not be changed and can not be chosen. This ensures future\ncompatibility and optimization for distributed stores such as CockroachDB.", + "type": "string", + "format": "uuid" }, "metadata_admin": { "$ref": "#/definitions/nullJsonRawMessage" @@ -2823,7 +2799,7 @@ "description": "RecoveryAddresses contains all the addresses that can be used to recover an identity.", "type": "array", "items": { - "$ref": "#/definitions/RecoveryAddress" + "$ref": "#/definitions/recoveryIdentityAddress" }, "x-omitempty": true }, @@ -3026,7 +3002,6 @@ }, "value": { "description": "The value to be used within the operations.\n\nLearn more [about JSON Pointers](https://datatracker.ietf.org/doc/html/rfc6901#section-5).", - "type": "object", "example": "foobar" } } @@ -3060,7 +3035,7 @@ "details": { "description": "Further error details", "type": "object", - "additionalProperties": true + "additionalProperties": {} }, "id": { "description": "The error ID\n\nUseful when trying to identify various errors in application logic.", @@ -3121,6 +3096,36 @@ } } }, + "recoveryIdentityAddress": { + "type": "object", + "required": [ + "id", + "value", + "via" + ], + "properties": { + "created_at": { + "description": "CreatedAt is a helper struct field for gobuffalo.pop.", + "type": "string", + "format": "date-time" + }, + "id": { + "type": "string", + "format": "uuid" + }, + "updated_at": { + "description": "UpdatedAt is a helper struct field for gobuffalo.pop.", + "type": "string", + "format": "date-time" + }, + "value": { + "type": "string" + }, + "via": { + "$ref": "#/definitions/RecoveryAddressType" + } + } + }, "revokedSessions": { "type": "object", "properties": { @@ -3152,7 +3157,7 @@ "details": { "description": "Further error details", "type": "object", - "additionalProperties": true + "additionalProperties": {} }, "id": { "description": "The error ID\n\nUseful when trying to identify various errors in application logic.", @@ -3200,7 +3205,9 @@ "type": "object" }, "id": { - "$ref": "#/definitions/UUID" + "description": "ID of the error container.", + "type": "string", + "format": "uuid" }, "updated_at": { "description": "UpdatedAt is a helper struct field for gobuffalo.pop.", @@ -3230,7 +3237,7 @@ "details": { "description": "Further error details", "type": "object", - "additionalProperties": true + "additionalProperties": {} }, "id": { "description": "The error ID\n\nUseful when trying to identify various errors in application logic.", @@ -3260,7 +3267,9 @@ "example": "Not Found" }, "use_flow_id": { - "$ref": "#/definitions/UUID" + "description": "The flow ID that should be used for the new flow as it contains the correct messages.", + "type": "string", + "format": "uuid" } } }, @@ -3296,7 +3305,9 @@ "format": "date-time" }, "id": { - "$ref": "#/definitions/UUID" + "description": "ID represents the flow's unique ID. When performing the login flow, this\nrepresents the id in the login UI's query parameter: http://\u003cselfservice.flows.login.ui_url\u003e/?flow=\u003cflow_id\u003e", + "type": "string", + "format": "uuid" }, "issued_at": { "description": "IssuedAt is the time (UTC) when the flow started.", @@ -3372,7 +3383,9 @@ "format": "date-time" }, "id": { - "$ref": "#/definitions/UUID" + "description": "ID represents the request's unique ID. When performing the recovery flow, this\nrepresents the id in the recovery ui's query parameter: http://\u003cselfservice.flows.recovery.ui_url\u003e?request=\u003cid\u003e", + "type": "string", + "format": "uuid" }, "issued_at": { "description": "IssuedAt is the time (UTC) when the request occurred.", @@ -3440,7 +3453,9 @@ "format": "date-time" }, "id": { - "$ref": "#/definitions/UUID" + "description": "ID represents the flow's unique ID. When performing the registration flow, this\nrepresents the id in the registration ui's query parameter: http://\u003cselfservice.flows.registration.ui_url\u003e/?flow=\u003cid\u003e", + "type": "string", + "format": "uuid" }, "issued_at": { "description": "IssuedAt is the time (UTC) when the flow occurred.", @@ -3488,7 +3503,9 @@ "format": "date-time" }, "id": { - "$ref": "#/definitions/UUID" + "description": "ID represents the flow's unique ID. When performing the settings flow, this\nrepresents the id in the settings ui's query parameter: http://\u003cselfservice.flows.settings.ui_url\u003e?flow=\u003cid\u003e", + "type": "string", + "format": "uuid" }, "identity": { "$ref": "#/definitions/identity" @@ -3543,7 +3560,9 @@ "format": "date-time" }, "id": { - "$ref": "#/definitions/UUID" + "description": "ID represents the request's unique ID. When performing the verification flow, this\nrepresents the id in the verify ui's query parameter: http://\u003cselfservice.flows.verification.ui_url\u003e?request=\u003cid\u003e\n\ntype: string\nformat: uuid", + "type": "string", + "format": "uuid" }, "issued_at": { "description": "IssuedAt is the time (UTC) when the request occurred.", @@ -3603,7 +3622,9 @@ "format": "date-time" }, "id": { - "$ref": "#/definitions/UUID" + "description": "Session ID", + "type": "string", + "format": "uuid" }, "identity": { "$ref": "#/definitions/identity" @@ -4237,7 +4258,7 @@ "$ref": "#/definitions/uiNodeAttributes" }, "group": { - "description": "Group specifies which group (e.g. password authenticator) this node belongs to.", + "description": "Group specifies which group (e.g. password authenticator) this node belongs to.\ndefault DefaultGroup\npassword PasswordGroup\noidc OpenIDConnectGroup\nprofile ProfileGroup\nlink LinkGroup\ntotp TOTPGroup\nlookup_secret LookupGroup\nwebauthn WebAuthnGroup", "type": "string", "enum": [ "default", @@ -4248,7 +4269,8 @@ "totp", "lookup_secret", "webauthn" - ] + ], + "x-go-enum-desc": "default DefaultGroup\npassword PasswordGroup\noidc OpenIDConnectGroup\nprofile ProfileGroup\nlink LinkGroup\ntotp TOTPGroup\nlookup_secret LookupGroup\nwebauthn WebAuthnGroup" }, "messages": { "$ref": "#/definitions/uiTexts" @@ -4257,7 +4279,7 @@ "$ref": "#/definitions/uiNodeMeta" }, "type": { - "description": "The node's type", + "description": "The node's type\ntext Text\ninput Input\nimg Image\na Anchor\nscript Script", "type": "string", "enum": [ "text", @@ -4265,7 +4287,8 @@ "img", "a", "script" - ] + ], + "x-go-enum-desc": "text Text\ninput Input\nimg Image\na Anchor\nscript Script" } } }, @@ -4346,7 +4369,7 @@ ], "properties": { "autocomplete": { - "description": "The autocomplete attribute for the input.", + "description": "The autocomplete attribute for the input.\nemail InputAttributeAutocompleteEmail\ntel InputAttributeAutocompleteTel\nurl InputAttributeAutocompleteUrl\ncurrent-password InputAttributeAutocompleteCurrentPassword\nnew-password InputAttributeAutocompleteNewPassword\none-time-code InputAttributeAutocompleteOneTimeCode", "type": "string", "enum": [ "email", @@ -4355,7 +4378,8 @@ "current-password", "new-password", "one-time-code" - ] + ], + "x-go-enum-desc": "email InputAttributeAutocompleteEmail\ntel InputAttributeAutocompleteTel\nurl InputAttributeAutocompleteUrl\ncurrent-password InputAttributeAutocompleteCurrentPassword\nnew-password InputAttributeAutocompleteNewPassword\none-time-code InputAttributeAutocompleteOneTimeCode" }, "disabled": { "description": "Sets the input's disabled field to true or false.", @@ -4385,7 +4409,7 @@ "type": "boolean" }, "type": { - "description": "The input's element type.", + "description": "The input's element type.\ntext InputAttributeTypeText\npassword InputAttributeTypePassword\nnumber InputAttributeTypeNumber\ncheckbox InputAttributeTypeCheckbox\nhidden InputAttributeTypeHidden\nemail InputAttributeTypeEmail\ntel InputAttributeTypeTel\nsubmit InputAttributeTypeSubmit\nbutton InputAttributeTypeButton\ndatetime-local InputAttributeTypeDateTimeLocal\ndate InputAttributeTypeDate\nurl InputAttributeTypeURI", "type": "string", "enum": [ "text", @@ -4400,11 +4424,11 @@ "datetime-local", "date", "url" - ] + ], + "x-go-enum-desc": "text InputAttributeTypeText\npassword InputAttributeTypePassword\nnumber InputAttributeTypeNumber\ncheckbox InputAttributeTypeCheckbox\nhidden InputAttributeTypeHidden\nemail InputAttributeTypeEmail\ntel InputAttributeTypeTel\nsubmit InputAttributeTypeSubmit\nbutton InputAttributeTypeButton\ndatetime-local InputAttributeTypeDateTimeLocal\ndate InputAttributeTypeDate\nurl InputAttributeTypeURI" }, "value": { - "description": "The input's value.", - "type": "object" + "description": "The input's value." } } }, @@ -4549,7 +4573,9 @@ "example": "2014-01-01T23:28:56.782Z" }, "id": { - "$ref": "#/definitions/UUID" + "description": "The ID", + "type": "string", + "format": "uuid" }, "status": { "$ref": "#/definitions/identityVerifiableAddressStatus" diff --git a/swagger_meta.go b/swagger_meta.go index 707c2b97627c..bd9a2d4917ba 100644 --- a/swagger_meta.go +++ b/swagger_meta.go @@ -2,29 +2,29 @@ // // Welcome to the Ory Kratos HTTP API documentation! // -// Schemes: http, https -// Host: -// BasePath: / -// Version: latest +// Schemes: http, https +// Host: +// BasePath: / +// Version: latest // -// Consumes: -// - application/json -// - application/x-www-form-urlencoded +// Consumes: +// - application/json +// - application/x-www-form-urlencoded // -// Produces: -// - application/json +// Produces: +// - application/json // -// SecurityDefinitions: -// oryAccessToken: -// type: apiKey -// name: Authorization -// in: header +// SecurityDefinitions: +// oryAccessToken: +// type: apiKey +// name: Authorization +// in: header // -// Extensions: -// --- -// x-request-id: string -// x-forwarded-proto: string -// --- +// Extensions: +// --- +// x-request-id: string +// x-forwarded-proto: string +// --- // // swagger:meta package main diff --git a/ui/node/attributes.go b/ui/node/attributes.go index 4300d218f233..a26b13c88f1b 100644 --- a/ui/node/attributes.go +++ b/ui/node/attributes.go @@ -158,7 +158,6 @@ type AnchorAttributes struct { // TextAttributes represents the attributes of a text node. // -// // swagger:model uiNodeTextAttributes type TextAttributes struct { // The text of the text node. diff --git a/x/doc.go b/x/doc.go index 3582cb8b79da..64aa08a21794 100644 --- a/x/doc.go +++ b/x/doc.go @@ -2,7 +2,7 @@ Package x provides various helpers that do not have an obvious home elsewhere. The contract implied here, is that: - - Package x does not depend on other parts of kratos - - Packages outside kratos do not depend on x. + - Package x does not depend on other parts of kratos + - Packages outside kratos do not depend on x. */ package x diff --git a/x/time.go b/x/time.go index 28635fa7431e..950cb93953e9 100644 --- a/x/time.go +++ b/x/time.go @@ -26,7 +26,7 @@ func RequireEqualTime(t *testing.T, expected, actual time.Time) { // To produce a different normal distribution, callers can // adjust the output using: // -// sample = NormFloat64() * desiredStdDev + desiredMean +// sample = NormFloat64() * desiredStdDev + desiredMean // // Since 99.73% of values in a normal distribution lie within three standard deviations from the mean (https://en.wikipedia.org/wiki/68%E2%80%9395%E2%80%9399.7_rule), // by taking the standard deviation to be deviation/3, we can get a distribution which fits our bounds nicely with minimal clipping when we take max/mins to cut off the tails. From 8fe9de6d60a381611e07226614241a83b0010126 Mon Sep 17 00:00:00 2001 From: aeneasr <3372410+aeneasr@users.noreply.github.com> Date: Tue, 30 Aug 2022 12:51:42 +0200 Subject: [PATCH 239/411] feat: add missing config entry --- embedx/config.schema.json | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/embedx/config.schema.json b/embedx/config.schema.json index f2c4ef9696ab..0fb733ca9806 100644 --- a/embedx/config.schema.json +++ b/embedx/config.schema.json @@ -2334,6 +2334,16 @@ "description": "Disallow all outgoing HTTP calls to private IP ranges. This feature can help protect against SSRF attacks.", "type": "boolean", "default": false + }, + "private_ip_exception_urls": { + "title": "Add exempt URLs to private IP ranges", + "description": "Allows the given URLs to be called despite them being in the private IP range. URLs need to have an exact and case-sensitive match to be excempt.", + "type": "array", + "items": { + "type": "string", + "format": "uri-reference" + }, + "default": [] } } } From a0d2bfba0b27edf90aaa7f2cb757affda918bd70 Mon Sep 17 00:00:00 2001 From: ory-bot <60093411+ory-bot@users.noreply.github.com> Date: Fri, 2 Sep 2022 09:50:04 +0000 Subject: [PATCH 240/411] autogen(openapi): regenerate swagger spec and internal client [skip ci] --- internal/httpclient/README.md | 52 ++-- internal/httpclient/api/openapi.yaml | 52 ++-- internal/httpclient/api_metadata.go | 26 +- internal/httpclient/api_v0alpha2.go | 371 ++++++++++++------------ internal/httpclient/docs/V0alpha2Api.md | 104 +++---- spec/api.json | 52 ++-- spec/swagger.json | 52 ++-- 7 files changed, 346 insertions(+), 363 deletions(-) diff --git a/internal/httpclient/README.md b/internal/httpclient/README.md index d6b83db12981..ec39a91a1ac8 100644 --- a/internal/httpclient/README.md +++ b/internal/httpclient/README.md @@ -86,47 +86,47 @@ Class | Method | HTTP request | Description *MetadataApi* | [**GetVersion**](docs/MetadataApi.md#getversion) | **Get** /version | Return Running Software Version. *MetadataApi* | [**IsAlive**](docs/MetadataApi.md#isalive) | **Get** /health/alive | Check HTTP Server Status *MetadataApi* | [**IsReady**](docs/MetadataApi.md#isready) | **Get** /health/ready | Check HTTP Server and Database Status -*V0alpha2Api* | [**AdminCreateIdentity**](docs/V0alpha2Api.md#admincreateidentity) | **Post** /admin/identities | Create an Identity -*V0alpha2Api* | [**AdminCreateSelfServiceRecoveryLink**](docs/V0alpha2Api.md#admincreateselfservicerecoverylink) | **Post** /admin/recovery/link | Create a Recovery Link -*V0alpha2Api* | [**AdminDeleteIdentity**](docs/V0alpha2Api.md#admindeleteidentity) | **Delete** /admin/identities/{id} | Delete an Identity +*V0alpha2Api* | [**AdminCreateIdentity**](docs/V0alpha2Api.md#admincreateidentity) | **Post** /admin/identities | # Create an Identity +*V0alpha2Api* | [**AdminCreateSelfServiceRecoveryLink**](docs/V0alpha2Api.md#admincreateselfservicerecoverylink) | **Post** /admin/recovery/link | # Create a Recovery Link +*V0alpha2Api* | [**AdminDeleteIdentity**](docs/V0alpha2Api.md#admindeleteidentity) | **Delete** /admin/identities/{id} | # Delete an Identity *V0alpha2Api* | [**AdminDeleteIdentitySessions**](docs/V0alpha2Api.md#admindeleteidentitysessions) | **Delete** /admin/identities/{id}/sessions | Calling this endpoint irrecoverably and permanently deletes and invalidates all sessions that belong to the given Identity. *V0alpha2Api* | [**AdminExtendSession**](docs/V0alpha2Api.md#adminextendsession) | **Patch** /admin/sessions/{id}/extend | Calling this endpoint extends the given session ID. If `session.earliest_possible_extend` is set it will only extend the session after the specified time has passed. -*V0alpha2Api* | [**AdminGetIdentity**](docs/V0alpha2Api.md#admingetidentity) | **Get** /admin/identities/{id} | Get an Identity -*V0alpha2Api* | [**AdminListIdentities**](docs/V0alpha2Api.md#adminlistidentities) | **Get** /admin/identities | List Identities +*V0alpha2Api* | [**AdminGetIdentity**](docs/V0alpha2Api.md#admingetidentity) | **Get** /admin/identities/{id} | # Get an Identity +*V0alpha2Api* | [**AdminListIdentities**](docs/V0alpha2Api.md#adminlistidentities) | **Get** /admin/identities | # List Identities *V0alpha2Api* | [**AdminListIdentitySessions**](docs/V0alpha2Api.md#adminlistidentitysessions) | **Get** /admin/identities/{id}/sessions | This endpoint returns all sessions that belong to the given Identity. *V0alpha2Api* | [**AdminPatchIdentity**](docs/V0alpha2Api.md#adminpatchidentity) | **Patch** /admin/identities/{id} | Partially updates an Identity's field using [JSON Patch](https://jsonpatch.com/) -*V0alpha2Api* | [**AdminUpdateIdentity**](docs/V0alpha2Api.md#adminupdateidentity) | **Put** /admin/identities/{id} | Update an Identity -*V0alpha2Api* | [**CreateSelfServiceLogoutFlowUrlForBrowsers**](docs/V0alpha2Api.md#createselfservicelogoutflowurlforbrowsers) | **Get** /self-service/logout/browser | Create a Logout URL for Browsers +*V0alpha2Api* | [**AdminUpdateIdentity**](docs/V0alpha2Api.md#adminupdateidentity) | **Put** /admin/identities/{id} | # Update an Identity +*V0alpha2Api* | [**CreateSelfServiceLogoutFlowUrlForBrowsers**](docs/V0alpha2Api.md#createselfservicelogoutflowurlforbrowsers) | **Get** /self-service/logout/browser | # Create a Logout URL for Browsers *V0alpha2Api* | [**GetIdentitySchema**](docs/V0alpha2Api.md#getidentityschema) | **Get** /schemas/{id} | -*V0alpha2Api* | [**GetSelfServiceError**](docs/V0alpha2Api.md#getselfserviceerror) | **Get** /self-service/errors | Get Self-Service Errors -*V0alpha2Api* | [**GetSelfServiceLoginFlow**](docs/V0alpha2Api.md#getselfserviceloginflow) | **Get** /self-service/login/flows | Get Login Flow -*V0alpha2Api* | [**GetSelfServiceRecoveryFlow**](docs/V0alpha2Api.md#getselfservicerecoveryflow) | **Get** /self-service/recovery/flows | Get Recovery Flow -*V0alpha2Api* | [**GetSelfServiceRegistrationFlow**](docs/V0alpha2Api.md#getselfserviceregistrationflow) | **Get** /self-service/registration/flows | Get Registration Flow -*V0alpha2Api* | [**GetSelfServiceSettingsFlow**](docs/V0alpha2Api.md#getselfservicesettingsflow) | **Get** /self-service/settings/flows | Get Settings Flow -*V0alpha2Api* | [**GetSelfServiceVerificationFlow**](docs/V0alpha2Api.md#getselfserviceverificationflow) | **Get** /self-service/verification/flows | Get Verification Flow -*V0alpha2Api* | [**GetWebAuthnJavaScript**](docs/V0alpha2Api.md#getwebauthnjavascript) | **Get** /.well-known/ory/webauthn.js | Get WebAuthn JavaScript -*V0alpha2Api* | [**InitializeSelfServiceLoginFlowForBrowsers**](docs/V0alpha2Api.md#initializeselfserviceloginflowforbrowsers) | **Get** /self-service/login/browser | Initialize Login Flow for Browsers +*V0alpha2Api* | [**GetSelfServiceError**](docs/V0alpha2Api.md#getselfserviceerror) | **Get** /self-service/errors | # Get Self-Service Errors +*V0alpha2Api* | [**GetSelfServiceLoginFlow**](docs/V0alpha2Api.md#getselfserviceloginflow) | **Get** /self-service/login/flows | # Get Login Flow +*V0alpha2Api* | [**GetSelfServiceRecoveryFlow**](docs/V0alpha2Api.md#getselfservicerecoveryflow) | **Get** /self-service/recovery/flows | # Get Recovery Flow +*V0alpha2Api* | [**GetSelfServiceRegistrationFlow**](docs/V0alpha2Api.md#getselfserviceregistrationflow) | **Get** /self-service/registration/flows | # Get Registration Flow +*V0alpha2Api* | [**GetSelfServiceSettingsFlow**](docs/V0alpha2Api.md#getselfservicesettingsflow) | **Get** /self-service/settings/flows | # Get Settings Flow +*V0alpha2Api* | [**GetSelfServiceVerificationFlow**](docs/V0alpha2Api.md#getselfserviceverificationflow) | **Get** /self-service/verification/flows | # Get Verification Flow +*V0alpha2Api* | [**GetWebAuthnJavaScript**](docs/V0alpha2Api.md#getwebauthnjavascript) | **Get** /.well-known/ory/webauthn.js | # Get WebAuthn JavaScript +*V0alpha2Api* | [**InitializeSelfServiceLoginFlowForBrowsers**](docs/V0alpha2Api.md#initializeselfserviceloginflowforbrowsers) | **Get** /self-service/login/browser | # Initialize Login Flow for Browsers *V0alpha2Api* | [**InitializeSelfServiceLoginFlowWithoutBrowser**](docs/V0alpha2Api.md#initializeselfserviceloginflowwithoutbrowser) | **Get** /self-service/login/api | Initialize Login Flow for APIs, Services, Apps, ... -*V0alpha2Api* | [**InitializeSelfServiceRecoveryFlowForBrowsers**](docs/V0alpha2Api.md#initializeselfservicerecoveryflowforbrowsers) | **Get** /self-service/recovery/browser | Initialize Recovery Flow for Browsers +*V0alpha2Api* | [**InitializeSelfServiceRecoveryFlowForBrowsers**](docs/V0alpha2Api.md#initializeselfservicerecoveryflowforbrowsers) | **Get** /self-service/recovery/browser | # Initialize Recovery Flow for Browsers *V0alpha2Api* | [**InitializeSelfServiceRecoveryFlowWithoutBrowser**](docs/V0alpha2Api.md#initializeselfservicerecoveryflowwithoutbrowser) | **Get** /self-service/recovery/api | Initialize Recovery Flow for APIs, Services, Apps, ... -*V0alpha2Api* | [**InitializeSelfServiceRegistrationFlowForBrowsers**](docs/V0alpha2Api.md#initializeselfserviceregistrationflowforbrowsers) | **Get** /self-service/registration/browser | Initialize Registration Flow for Browsers +*V0alpha2Api* | [**InitializeSelfServiceRegistrationFlowForBrowsers**](docs/V0alpha2Api.md#initializeselfserviceregistrationflowforbrowsers) | **Get** /self-service/registration/browser | # Initialize Registration Flow for Browsers *V0alpha2Api* | [**InitializeSelfServiceRegistrationFlowWithoutBrowser**](docs/V0alpha2Api.md#initializeselfserviceregistrationflowwithoutbrowser) | **Get** /self-service/registration/api | Initialize Registration Flow for APIs, Services, Apps, ... -*V0alpha2Api* | [**InitializeSelfServiceSettingsFlowForBrowsers**](docs/V0alpha2Api.md#initializeselfservicesettingsflowforbrowsers) | **Get** /self-service/settings/browser | Initialize Settings Flow for Browsers +*V0alpha2Api* | [**InitializeSelfServiceSettingsFlowForBrowsers**](docs/V0alpha2Api.md#initializeselfservicesettingsflowforbrowsers) | **Get** /self-service/settings/browser | # Initialize Settings Flow for Browsers *V0alpha2Api* | [**InitializeSelfServiceSettingsFlowWithoutBrowser**](docs/V0alpha2Api.md#initializeselfservicesettingsflowwithoutbrowser) | **Get** /self-service/settings/api | Initialize Settings Flow for APIs, Services, Apps, ... -*V0alpha2Api* | [**InitializeSelfServiceVerificationFlowForBrowsers**](docs/V0alpha2Api.md#initializeselfserviceverificationflowforbrowsers) | **Get** /self-service/verification/browser | Initialize Verification Flow for Browser Clients +*V0alpha2Api* | [**InitializeSelfServiceVerificationFlowForBrowsers**](docs/V0alpha2Api.md#initializeselfserviceverificationflowforbrowsers) | **Get** /self-service/verification/browser | # Initialize Verification Flow for Browser Clients *V0alpha2Api* | [**InitializeSelfServiceVerificationFlowWithoutBrowser**](docs/V0alpha2Api.md#initializeselfserviceverificationflowwithoutbrowser) | **Get** /self-service/verification/api | Initialize Verification Flow for APIs, Services, Apps, ... *V0alpha2Api* | [**ListIdentitySchemas**](docs/V0alpha2Api.md#listidentityschemas) | **Get** /schemas | *V0alpha2Api* | [**ListSessions**](docs/V0alpha2Api.md#listsessions) | **Get** /sessions | This endpoints returns all other active sessions that belong to the logged-in user. The current session can be retrieved by calling the `/sessions/whoami` endpoint. *V0alpha2Api* | [**RevokeSession**](docs/V0alpha2Api.md#revokesession) | **Delete** /sessions/{id} | Calling this endpoint invalidates the specified session. The current session cannot be revoked. Session data are not deleted. *V0alpha2Api* | [**RevokeSessions**](docs/V0alpha2Api.md#revokesessions) | **Delete** /sessions | Calling this endpoint invalidates all except the current session that belong to the logged-in user. Session data are not deleted. -*V0alpha2Api* | [**SubmitSelfServiceLoginFlow**](docs/V0alpha2Api.md#submitselfserviceloginflow) | **Post** /self-service/login | Submit a Login Flow -*V0alpha2Api* | [**SubmitSelfServiceLogoutFlow**](docs/V0alpha2Api.md#submitselfservicelogoutflow) | **Get** /self-service/logout | Complete Self-Service Logout +*V0alpha2Api* | [**SubmitSelfServiceLoginFlow**](docs/V0alpha2Api.md#submitselfserviceloginflow) | **Post** /self-service/login | # Submit a Login Flow +*V0alpha2Api* | [**SubmitSelfServiceLogoutFlow**](docs/V0alpha2Api.md#submitselfservicelogoutflow) | **Get** /self-service/logout | # Complete Self-Service Logout *V0alpha2Api* | [**SubmitSelfServiceLogoutFlowWithoutBrowser**](docs/V0alpha2Api.md#submitselfservicelogoutflowwithoutbrowser) | **Delete** /self-service/logout/api | Perform Logout for APIs, Services, Apps, ... -*V0alpha2Api* | [**SubmitSelfServiceRecoveryFlow**](docs/V0alpha2Api.md#submitselfservicerecoveryflow) | **Post** /self-service/recovery | Complete Recovery Flow -*V0alpha2Api* | [**SubmitSelfServiceRegistrationFlow**](docs/V0alpha2Api.md#submitselfserviceregistrationflow) | **Post** /self-service/registration | Submit a Registration Flow -*V0alpha2Api* | [**SubmitSelfServiceSettingsFlow**](docs/V0alpha2Api.md#submitselfservicesettingsflow) | **Post** /self-service/settings | Complete Settings Flow -*V0alpha2Api* | [**SubmitSelfServiceVerificationFlow**](docs/V0alpha2Api.md#submitselfserviceverificationflow) | **Post** /self-service/verification | Complete Verification Flow -*V0alpha2Api* | [**ToSession**](docs/V0alpha2Api.md#tosession) | **Get** /sessions/whoami | Check Who the Current HTTP Session Belongs To +*V0alpha2Api* | [**SubmitSelfServiceRecoveryFlow**](docs/V0alpha2Api.md#submitselfservicerecoveryflow) | **Post** /self-service/recovery | # Complete Recovery Flow +*V0alpha2Api* | [**SubmitSelfServiceRegistrationFlow**](docs/V0alpha2Api.md#submitselfserviceregistrationflow) | **Post** /self-service/registration | # Submit a Registration Flow +*V0alpha2Api* | [**SubmitSelfServiceSettingsFlow**](docs/V0alpha2Api.md#submitselfservicesettingsflow) | **Post** /self-service/settings | # Complete Settings Flow +*V0alpha2Api* | [**SubmitSelfServiceVerificationFlow**](docs/V0alpha2Api.md#submitselfserviceverificationflow) | **Post** /self-service/verification | # Complete Verification Flow +*V0alpha2Api* | [**ToSession**](docs/V0alpha2Api.md#tosession) | **Get** /sessions/whoami | # Check Who the Current HTTP Session Belongs To ## Documentation For Models diff --git a/internal/httpclient/api/openapi.yaml b/internal/httpclient/api/openapi.yaml index 95e0f74c8b34..2f7e8e4ebe8a 100644 --- a/internal/httpclient/api/openapi.yaml +++ b/internal/httpclient/api/openapi.yaml @@ -34,7 +34,7 @@ paths: schema: $ref: '#/components/schemas/webAuthnJavaScript' description: webAuthnJavaScript - summary: Get WebAuthn JavaScript + summary: '# Get WebAuthn JavaScript' tags: - v0alpha2 /admin/identities: @@ -92,7 +92,7 @@ paths: description: jsonError security: - oryAccessToken: [] - summary: List Identities + summary: '# List Identities' tags: - v0alpha2 post: @@ -132,7 +132,7 @@ paths: description: jsonError security: - oryAccessToken: [] - summary: Create an Identity + summary: '# Create an Identity' tags: - v0alpha2 /admin/identities/{id}: @@ -171,7 +171,7 @@ paths: description: jsonError security: - oryAccessToken: [] - summary: Delete an Identity + summary: '# Delete an Identity' tags: - v0alpha2 get: @@ -222,7 +222,7 @@ paths: description: jsonError security: - oryAccessToken: [] - summary: Get an Identity + summary: '# Get an Identity' tags: - v0alpha2 patch: @@ -336,7 +336,7 @@ paths: description: jsonError security: - oryAccessToken: [] - summary: Update an Identity + summary: '# Update an Identity' tags: - v0alpha2 /admin/identities/{id}/sessions: @@ -518,7 +518,7 @@ paths: schema: $ref: '#/components/schemas/jsonError' description: jsonError - summary: Create a Recovery Link + summary: '# Create a Recovery Link' tags: - v0alpha2 /admin/sessions/{id}/extend: @@ -754,7 +754,7 @@ paths: schema: $ref: '#/components/schemas/jsonError' description: jsonError - summary: Get Self-Service Errors + summary: '# Get Self-Service Errors' tags: - v0alpha2 /self-service/login: @@ -871,7 +871,7 @@ paths: schema: $ref: '#/components/schemas/jsonError' description: jsonError - summary: Submit a Login Flow + summary: '# Submit a Login Flow' tags: - v0alpha2 /self-service/login/api: @@ -1037,7 +1037,7 @@ paths: schema: $ref: '#/components/schemas/jsonError' description: jsonError - summary: Initialize Login Flow for Browsers + summary: '# Initialize Login Flow for Browsers' tags: - v0alpha2 /self-service/login/flows: @@ -1123,7 +1123,7 @@ paths: schema: $ref: '#/components/schemas/jsonError' description: jsonError - summary: Get Login Flow + summary: '# Get Login Flow' tags: - v0alpha2 /self-service/logout: @@ -1177,7 +1177,7 @@ paths: schema: $ref: '#/components/schemas/jsonError' description: jsonError - summary: Complete Self-Service Logout + summary: '# Complete Self-Service Logout' tags: - v0alpha2 /self-service/logout/api: @@ -1264,7 +1264,7 @@ paths: schema: $ref: '#/components/schemas/jsonError' description: jsonError - summary: Create a Logout URL for Browsers + summary: '# Create a Logout URL for Browsers' tags: - v0alpha2 /self-service/recovery: @@ -1364,7 +1364,7 @@ paths: schema: $ref: '#/components/schemas/jsonError' description: jsonError - summary: Complete Recovery Flow + summary: '# Complete Recovery Flow' tags: - v0alpha2 /self-service/recovery/api: @@ -1451,7 +1451,7 @@ paths: schema: $ref: '#/components/schemas/jsonError' description: jsonError - summary: Initialize Recovery Flow for Browsers + summary: '# Initialize Recovery Flow for Browsers' tags: - v0alpha2 /self-service/recovery/flows: @@ -1526,7 +1526,7 @@ paths: schema: $ref: '#/components/schemas/jsonError' description: jsonError - summary: Get Recovery Flow + summary: '# Get Recovery Flow' tags: - v0alpha2 /self-service/registration: @@ -1630,7 +1630,7 @@ paths: schema: $ref: '#/components/schemas/jsonError' description: jsonError - summary: Submit a Registration Flow + summary: '# Submit a Registration Flow' tags: - v0alpha2 /self-service/registration/api: @@ -1732,7 +1732,7 @@ paths: schema: $ref: '#/components/schemas/jsonError' description: jsonError - summary: Initialize Registration Flow for Browsers + summary: '# Initialize Registration Flow for Browsers' tags: - v0alpha2 /self-service/registration/flows: @@ -1818,7 +1818,7 @@ paths: schema: $ref: '#/components/schemas/jsonError' description: jsonError - summary: Get Registration Flow + summary: '# Get Registration Flow' tags: - v0alpha2 /self-service/settings: @@ -1959,7 +1959,7 @@ paths: description: jsonError security: - sessionToken: [] - summary: Complete Settings Flow + summary: '# Complete Settings Flow' tags: - v0alpha2 /self-service/settings/api: @@ -2092,7 +2092,7 @@ paths: schema: $ref: '#/components/schemas/jsonError' description: jsonError - summary: Initialize Settings Flow for Browsers + summary: '# Initialize Settings Flow for Browsers' tags: - v0alpha2 /self-service/settings/flows: @@ -2192,7 +2192,7 @@ paths: schema: $ref: '#/components/schemas/jsonError' description: jsonError - summary: Get Settings Flow + summary: '# Get Settings Flow' tags: - v0alpha2 /self-service/verification: @@ -2292,7 +2292,7 @@ paths: schema: $ref: '#/components/schemas/jsonError' description: jsonError - summary: Complete Verification Flow + summary: '# Complete Verification Flow' tags: - v0alpha2 /self-service/verification/api: @@ -2369,7 +2369,7 @@ paths: schema: $ref: '#/components/schemas/jsonError' description: jsonError - summary: Initialize Verification Flow for Browser Clients + summary: '# Initialize Verification Flow for Browser Clients' tags: - v0alpha2 /self-service/verification/flows: @@ -2443,7 +2443,7 @@ paths: schema: $ref: '#/components/schemas/jsonError' description: jsonError - summary: Get Verification Flow + summary: '# Get Verification Flow' tags: - v0alpha2 /sessions: @@ -2712,7 +2712,7 @@ paths: schema: $ref: '#/components/schemas/jsonError' description: jsonError - summary: Check Who the Current HTTP Session Belongs To + summary: '# Check Who the Current HTTP Session Belongs To' tags: - v0alpha2 /sessions/{id}: diff --git a/internal/httpclient/api_metadata.go b/internal/httpclient/api_metadata.go index eec994165b53..a63febb073aa 100644 --- a/internal/httpclient/api_metadata.go +++ b/internal/httpclient/api_metadata.go @@ -102,16 +102,16 @@ func (r MetadataApiApiGetVersionRequest) Execute() (*InlineResponse2001, *http.R } /* - - GetVersion Return Running Software Version. - - This endpoint returns the version of Ory Kratos. + * GetVersion Return Running Software Version. + * This endpoint returns the version of Ory Kratos. If the service supports TLS Edge Termination, this endpoint does not require the `X-Forwarded-Proto` header to be set. Be aware that if you are running multiple nodes of this service, the version will never refer to the cluster state, only to a single instance. - - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - - @return MetadataApiApiGetVersionRequest + * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + * @return MetadataApiApiGetVersionRequest */ func (a *MetadataApiService) GetVersion(ctx context.Context) MetadataApiApiGetVersionRequest { return MetadataApiApiGetVersionRequest{ @@ -209,9 +209,8 @@ func (r MetadataApiApiIsAliveRequest) Execute() (*InlineResponse200, *http.Respo } /* - - IsAlive Check HTTP Server Status - - This endpoint returns a HTTP 200 status code when Ory Kratos is accepting incoming - + * IsAlive Check HTTP Server Status + * This endpoint returns a HTTP 200 status code when Ory Kratos is accepting incoming HTTP requests. This status does currently not include checks whether the database connection is working. If the service supports TLS Edge Termination, this endpoint does not require the @@ -219,8 +218,8 @@ If the service supports TLS Edge Termination, this endpoint does not require the Be aware that if you are running multiple nodes of this service, the health status will never refer to the cluster state, only to a single instance. - - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - - @return MetadataApiApiIsAliveRequest + * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + * @return MetadataApiApiIsAliveRequest */ func (a *MetadataApiService) IsAlive(ctx context.Context) MetadataApiApiIsAliveRequest { return MetadataApiApiIsAliveRequest{ @@ -327,9 +326,8 @@ func (r MetadataApiApiIsReadyRequest) Execute() (*InlineResponse200, *http.Respo } /* - - IsReady Check HTTP Server and Database Status - - This endpoint returns a HTTP 200 status code when Ory Kratos is up running and the environment dependencies (e.g. - + * IsReady Check HTTP Server and Database Status + * This endpoint returns a HTTP 200 status code when Ory Kratos is up running and the environment dependencies (e.g. the database) are responsive as well. If the service supports TLS Edge Termination, this endpoint does not require the @@ -337,8 +335,8 @@ If the service supports TLS Edge Termination, this endpoint does not require the Be aware that if you are running multiple nodes of Ory Kratos, the health status will never refer to the cluster state, only to a single instance. - - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - - @return MetadataApiApiIsReadyRequest + * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + * @return MetadataApiApiIsReadyRequest */ func (a *MetadataApiService) IsReady(ctx context.Context) MetadataApiApiIsReadyRequest { return MetadataApiApiIsReadyRequest{ diff --git a/internal/httpclient/api_v0alpha2.go b/internal/httpclient/api_v0alpha2.go index 93d81fd80c6a..0dbb947a95a6 100644 --- a/internal/httpclient/api_v0alpha2.go +++ b/internal/httpclient/api_v0alpha2.go @@ -29,7 +29,7 @@ var ( type V0alpha2Api interface { /* - * AdminCreateIdentity Create an Identity + * AdminCreateIdentity # Create an Identity * This endpoint creates an identity. Learn how identities work in [Ory Kratos' User And Identity Model Documentation](https://www.ory.sh/docs/next/kratos/concepts/identity-user-model). * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). * @return V0alpha2ApiApiAdminCreateIdentityRequest @@ -43,7 +43,7 @@ type V0alpha2Api interface { AdminCreateIdentityExecute(r V0alpha2ApiApiAdminCreateIdentityRequest) (*Identity, *http.Response, error) /* - * AdminCreateSelfServiceRecoveryLink Create a Recovery Link + * AdminCreateSelfServiceRecoveryLink # Create a Recovery Link * This endpoint creates a recovery link which should be given to the user in order for them to recover (or activate) their account. * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). @@ -58,7 +58,7 @@ type V0alpha2Api interface { AdminCreateSelfServiceRecoveryLinkExecute(r V0alpha2ApiApiAdminCreateSelfServiceRecoveryLinkRequest) (*SelfServiceRecoveryLink, *http.Response, error) /* - * AdminDeleteIdentity Delete an Identity + * AdminDeleteIdentity # Delete an Identity * Calling this endpoint irrecoverably and permanently deletes the identity given its ID. This action can not be undone. This endpoint returns 204 when the identity was deleted or when the identity was not found, in which case it is assumed that is has been deleted already. @@ -107,7 +107,7 @@ type V0alpha2Api interface { AdminExtendSessionExecute(r V0alpha2ApiApiAdminExtendSessionRequest) (*Session, *http.Response, error) /* - * AdminGetIdentity Get an Identity + * AdminGetIdentity # Get an Identity * Learn how identities work in [Ory Kratos' User And Identity Model Documentation](https://www.ory.sh/docs/next/kratos/concepts/identity-user-model). * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). * @param id ID must be set to the ID of identity you want to get @@ -122,7 +122,7 @@ type V0alpha2Api interface { AdminGetIdentityExecute(r V0alpha2ApiApiAdminGetIdentityRequest) (*Identity, *http.Response, error) /* - * AdminListIdentities List Identities + * AdminListIdentities # List Identities * Lists all identities. Does not support search at the moment. Learn how identities work in [Ory Kratos' User And Identity Model Documentation](https://www.ory.sh/docs/next/kratos/concepts/identity-user-model). @@ -172,7 +172,7 @@ type V0alpha2Api interface { AdminPatchIdentityExecute(r V0alpha2ApiApiAdminPatchIdentityRequest) (*Identity, *http.Response, error) /* - * AdminUpdateIdentity Update an Identity + * AdminUpdateIdentity # Update an Identity * This endpoint updates an identity. The full identity payload (except credentials) is expected. This endpoint does not support patching. Learn how identities work in [Ory Kratos' User And Identity Model Documentation](https://www.ory.sh/docs/next/kratos/concepts/identity-user-model). @@ -189,7 +189,7 @@ type V0alpha2Api interface { AdminUpdateIdentityExecute(r V0alpha2ApiApiAdminUpdateIdentityRequest) (*Identity, *http.Response, error) /* - * CreateSelfServiceLogoutFlowUrlForBrowsers Create a Logout URL for Browsers + * CreateSelfServiceLogoutFlowUrlForBrowsers # Create a Logout URL for Browsers * This endpoint initializes a browser-based user logout flow and a URL which can be used to log out the user. This endpoint is NOT INTENDED for API clients and only works @@ -227,7 +227,7 @@ type V0alpha2Api interface { GetIdentitySchemaExecute(r V0alpha2ApiApiGetIdentitySchemaRequest) (map[string]interface{}, *http.Response, error) /* - * GetSelfServiceError Get Self-Service Errors + * GetSelfServiceError # Get Self-Service Errors * This endpoint returns the error associated with a user-facing self service errors. This endpoint supports stub values to help you implement the error UI: @@ -247,7 +247,7 @@ type V0alpha2Api interface { GetSelfServiceErrorExecute(r V0alpha2ApiApiGetSelfServiceErrorRequest) (*SelfServiceError, *http.Response, error) /* - * GetSelfServiceLoginFlow Get Login Flow + * GetSelfServiceLoginFlow # Get Login Flow * This endpoint returns a login flow's context with, for example, error details and other information. Browser flows expect the anti-CSRF cookie to be included in the request's HTTP Cookie Header. @@ -283,7 +283,7 @@ type V0alpha2Api interface { GetSelfServiceLoginFlowExecute(r V0alpha2ApiApiGetSelfServiceLoginFlowRequest) (*SelfServiceLoginFlow, *http.Response, error) /* - * GetSelfServiceRecoveryFlow Get Recovery Flow + * GetSelfServiceRecoveryFlow # Get Recovery Flow * This endpoint returns a recovery flow's context with, for example, error details and other information. Browser flows expect the anti-CSRF cookie to be included in the request's HTTP Cookie Header. @@ -314,7 +314,7 @@ type V0alpha2Api interface { GetSelfServiceRecoveryFlowExecute(r V0alpha2ApiApiGetSelfServiceRecoveryFlowRequest) (*SelfServiceRecoveryFlow, *http.Response, error) /* - * GetSelfServiceRegistrationFlow Get Registration Flow + * GetSelfServiceRegistrationFlow # Get Registration Flow * This endpoint returns a registration flow's context with, for example, error details and other information. Browser flows expect the anti-CSRF cookie to be included in the request's HTTP Cookie Header. @@ -350,7 +350,7 @@ type V0alpha2Api interface { GetSelfServiceRegistrationFlowExecute(r V0alpha2ApiApiGetSelfServiceRegistrationFlowRequest) (*SelfServiceRegistrationFlow, *http.Response, error) /* - * GetSelfServiceSettingsFlow Get Settings Flow + * GetSelfServiceSettingsFlow # Get Settings Flow * When accessing this endpoint through Ory Kratos' Public API you must ensure that either the Ory Kratos Session Cookie or the Ory Kratos Session Token are set. @@ -382,7 +382,7 @@ type V0alpha2Api interface { GetSelfServiceSettingsFlowExecute(r V0alpha2ApiApiGetSelfServiceSettingsFlowRequest) (*SelfServiceSettingsFlow, *http.Response, error) /* - * GetSelfServiceVerificationFlow Get Verification Flow + * GetSelfServiceVerificationFlow # Get Verification Flow * This endpoint returns a verification flow's context with, for example, error details and other information. Browser flows expect the anti-CSRF cookie to be included in the request's HTTP Cookie Header. @@ -412,7 +412,7 @@ type V0alpha2Api interface { GetSelfServiceVerificationFlowExecute(r V0alpha2ApiApiGetSelfServiceVerificationFlowRequest) (*SelfServiceVerificationFlow, *http.Response, error) /* - * GetWebAuthnJavaScript Get WebAuthn JavaScript + * GetWebAuthnJavaScript # Get WebAuthn JavaScript * This endpoint provides JavaScript which is needed in order to perform WebAuthn login and registration. If you are building a JavaScript Browser App (e.g. in ReactJS or AngularJS) you will need to load this file: @@ -434,7 +434,7 @@ type V0alpha2Api interface { GetWebAuthnJavaScriptExecute(r V0alpha2ApiApiGetWebAuthnJavaScriptRequest) (string, *http.Response, error) /* - * InitializeSelfServiceLoginFlowForBrowsers Initialize Login Flow for Browsers + * InitializeSelfServiceLoginFlowForBrowsers # Initialize Login Flow for Browsers * This endpoint initializes a browser-based user login flow. This endpoint will set the appropriate cookies and anti-CSRF measures required for browser-based flows. @@ -499,7 +499,7 @@ type V0alpha2Api interface { InitializeSelfServiceLoginFlowWithoutBrowserExecute(r V0alpha2ApiApiInitializeSelfServiceLoginFlowWithoutBrowserRequest) (*SelfServiceLoginFlow, *http.Response, error) /* - * InitializeSelfServiceRecoveryFlowForBrowsers Initialize Recovery Flow for Browsers + * InitializeSelfServiceRecoveryFlowForBrowsers # Initialize Recovery Flow for Browsers * This endpoint initializes a browser-based account recovery flow. Once initialized, the browser will be redirected to `selfservice.flows.recovery.ui_url` with the flow ID set as the query parameter `?flow=`. If a valid user session exists, the browser is returned to the configured return URL. @@ -548,7 +548,7 @@ type V0alpha2Api interface { InitializeSelfServiceRecoveryFlowWithoutBrowserExecute(r V0alpha2ApiApiInitializeSelfServiceRecoveryFlowWithoutBrowserRequest) (*SelfServiceRecoveryFlow, *http.Response, error) /* - * InitializeSelfServiceRegistrationFlowForBrowsers Initialize Registration Flow for Browsers + * InitializeSelfServiceRegistrationFlowForBrowsers # Initialize Registration Flow for Browsers * This endpoint initializes a browser-based user registration flow. This endpoint will set the appropriate cookies and anti-CSRF measures required for browser-based flows. @@ -618,7 +618,7 @@ type V0alpha2Api interface { InitializeSelfServiceRegistrationFlowWithoutBrowserExecute(r V0alpha2ApiApiInitializeSelfServiceRegistrationFlowWithoutBrowserRequest) (*SelfServiceRegistrationFlow, *http.Response, error) /* - * InitializeSelfServiceSettingsFlowForBrowsers Initialize Settings Flow for Browsers + * InitializeSelfServiceSettingsFlowForBrowsers # Initialize Settings Flow for Browsers * This endpoint initializes a browser-based user settings flow. Once initialized, the browser will be redirected to `selfservice.flows.settings.ui_url` with the flow ID set as the query parameter `?flow=`. If no valid Ory Kratos Session Cookie is included in the request, a login flow will be initialized. @@ -692,7 +692,7 @@ type V0alpha2Api interface { InitializeSelfServiceSettingsFlowWithoutBrowserExecute(r V0alpha2ApiApiInitializeSelfServiceSettingsFlowWithoutBrowserRequest) (*SelfServiceSettingsFlow, *http.Response, error) /* - * InitializeSelfServiceVerificationFlowForBrowsers Initialize Verification Flow for Browser Clients + * InitializeSelfServiceVerificationFlowForBrowsers # Initialize Verification Flow for Browser Clients * This endpoint initializes a browser-based account verification flow. Once initialized, the browser will be redirected to `selfservice.flows.verification.ui_url` with the flow ID set as the query parameter `?flow=`. @@ -799,7 +799,7 @@ type V0alpha2Api interface { RevokeSessionsExecute(r V0alpha2ApiApiRevokeSessionsRequest) (*RevokedSessions, *http.Response, error) /* - * SubmitSelfServiceLoginFlow Submit a Login Flow + * SubmitSelfServiceLoginFlow # Submit a Login Flow * :::info This endpoint is EXPERIMENTAL and subject to potential breaking changes in the future. @@ -845,7 +845,7 @@ type V0alpha2Api interface { SubmitSelfServiceLoginFlowExecute(r V0alpha2ApiApiSubmitSelfServiceLoginFlowRequest) (*SuccessfulSelfServiceLoginWithoutBrowser, *http.Response, error) /* - * SubmitSelfServiceLogoutFlow Complete Self-Service Logout + * SubmitSelfServiceLogoutFlow # Complete Self-Service Logout * This endpoint logs out an identity in a self-service manner. If the `Accept` HTTP header is not set to `application/json`, the browser will be redirected (HTTP 303 See Other) @@ -890,7 +890,7 @@ type V0alpha2Api interface { SubmitSelfServiceLogoutFlowWithoutBrowserExecute(r V0alpha2ApiApiSubmitSelfServiceLogoutFlowWithoutBrowserRequest) (*http.Response, error) /* - * SubmitSelfServiceRecoveryFlow Complete Recovery Flow + * SubmitSelfServiceRecoveryFlow # Complete Recovery Flow * Use this endpoint to complete a recovery flow. This endpoint behaves differently for API and browser flows and has several states: @@ -919,7 +919,7 @@ type V0alpha2Api interface { SubmitSelfServiceRecoveryFlowExecute(r V0alpha2ApiApiSubmitSelfServiceRecoveryFlowRequest) (*SelfServiceRecoveryFlow, *http.Response, error) /* - * SubmitSelfServiceRegistrationFlow Submit a Registration Flow + * SubmitSelfServiceRegistrationFlow # Submit a Registration Flow * Use this endpoint to complete a registration flow by sending an identity's traits and password. This endpoint behaves differently for API and browser flows. @@ -960,7 +960,7 @@ type V0alpha2Api interface { SubmitSelfServiceRegistrationFlowExecute(r V0alpha2ApiApiSubmitSelfServiceRegistrationFlowRequest) (*SuccessfulSelfServiceRegistrationWithoutBrowser, *http.Response, error) /* - * SubmitSelfServiceSettingsFlow Complete Settings Flow + * SubmitSelfServiceSettingsFlow # Complete Settings Flow * Use this endpoint to complete a settings flow by sending an identity's updated password. This endpoint behaves differently for API and browser flows. @@ -1016,7 +1016,7 @@ type V0alpha2Api interface { SubmitSelfServiceSettingsFlowExecute(r V0alpha2ApiApiSubmitSelfServiceSettingsFlowRequest) (*SelfServiceSettingsFlow, *http.Response, error) /* - * SubmitSelfServiceVerificationFlow Complete Verification Flow + * SubmitSelfServiceVerificationFlow # Complete Verification Flow * Use this endpoint to complete a verification flow. This endpoint behaves differently for API and browser flows and has several states: @@ -1045,7 +1045,7 @@ type V0alpha2Api interface { SubmitSelfServiceVerificationFlowExecute(r V0alpha2ApiApiSubmitSelfServiceVerificationFlowRequest) (*SelfServiceVerificationFlow, *http.Response, error) /* - * ToSession Check Who the Current HTTP Session Belongs To + * ToSession # Check Who the Current HTTP Session Belongs To * Uses the HTTP Headers in the GET request to determine (e.g. by using checking the cookies) who is authenticated. Returns a session object in the body or 401 if the credentials are invalid or no credentials were sent. Additionally when the request it successful it adds the user ID to the 'X-Kratos-Authenticated-Identity-Id' header @@ -1126,7 +1126,7 @@ func (r V0alpha2ApiApiAdminCreateIdentityRequest) Execute() (*Identity, *http.Re } /* - * AdminCreateIdentity Create an Identity + * AdminCreateIdentity # Create an Identity * This endpoint creates an identity. Learn how identities work in [Ory Kratos' User And Identity Model Documentation](https://www.ory.sh/docs/next/kratos/concepts/identity-user-model). * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). * @return V0alpha2ApiApiAdminCreateIdentityRequest @@ -1278,12 +1278,11 @@ func (r V0alpha2ApiApiAdminCreateSelfServiceRecoveryLinkRequest) Execute() (*Sel } /* - - AdminCreateSelfServiceRecoveryLink Create a Recovery Link - - This endpoint creates a recovery link which should be given to the user in order for them to recover - + * AdminCreateSelfServiceRecoveryLink # Create a Recovery Link + * This endpoint creates a recovery link which should be given to the user in order for them to recover (or activate) their account. - - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - - @return V0alpha2ApiApiAdminCreateSelfServiceRecoveryLinkRequest + * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + * @return V0alpha2ApiApiAdminCreateSelfServiceRecoveryLinkRequest */ func (a *V0alpha2ApiService) AdminCreateSelfServiceRecoveryLink(ctx context.Context) V0alpha2ApiApiAdminCreateSelfServiceRecoveryLinkRequest { return V0alpha2ApiApiAdminCreateSelfServiceRecoveryLinkRequest{ @@ -1413,16 +1412,15 @@ func (r V0alpha2ApiApiAdminDeleteIdentityRequest) Execute() (*http.Response, err } /* - - AdminDeleteIdentity Delete an Identity - - Calling this endpoint irrecoverably and permanently deletes the identity given its ID. This action can not be undone. - + * AdminDeleteIdentity # Delete an Identity + * Calling this endpoint irrecoverably and permanently deletes the identity given its ID. This action can not be undone. This endpoint returns 204 when the identity was deleted or when the identity was not found, in which case it is assumed that is has been deleted already. Learn how identities work in [Ory Kratos' User And Identity Model Documentation](https://www.ory.sh/docs/next/kratos/concepts/identity-user-model). - - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - - @param id ID is the identity's ID. - - @return V0alpha2ApiApiAdminDeleteIdentityRequest + * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + * @param id ID is the identity's ID. + * @return V0alpha2ApiApiAdminDeleteIdentityRequest */ func (a *V0alpha2ApiService) AdminDeleteIdentity(ctx context.Context, id string) V0alpha2ApiApiAdminDeleteIdentityRequest { return V0alpha2ApiApiAdminDeleteIdentityRequest{ @@ -1545,13 +1543,13 @@ func (r V0alpha2ApiApiAdminDeleteIdentitySessionsRequest) Execute() (*http.Respo } /* - - AdminDeleteIdentitySessions Calling this endpoint irrecoverably and permanently deletes and invalidates all sessions that belong to the given Identity. - - This endpoint is useful for: + * AdminDeleteIdentitySessions Calling this endpoint irrecoverably and permanently deletes and invalidates all sessions that belong to the given Identity. + * This endpoint is useful for: To forcefully logout Identity from all devices and sessions - - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - - @param id ID is the identity's ID. - - @return V0alpha2ApiApiAdminDeleteIdentitySessionsRequest + * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + * @param id ID is the identity's ID. + * @return V0alpha2ApiApiAdminDeleteIdentitySessionsRequest */ func (a *V0alpha2ApiService) AdminDeleteIdentitySessions(ctx context.Context, id string) V0alpha2ApiApiAdminDeleteIdentitySessionsRequest { return V0alpha2ApiApiAdminDeleteIdentitySessionsRequest{ @@ -1848,7 +1846,7 @@ func (r V0alpha2ApiApiAdminGetIdentityRequest) Execute() (*Identity, *http.Respo } /* - * AdminGetIdentity Get an Identity + * AdminGetIdentity # Get an Identity * Learn how identities work in [Ory Kratos' User And Identity Model Documentation](https://www.ory.sh/docs/next/kratos/concepts/identity-user-model). * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). * @param id ID must be set to the ID of identity you want to get @@ -2007,12 +2005,12 @@ func (r V0alpha2ApiApiAdminListIdentitiesRequest) Execute() ([]Identity, *http.R } /* - - AdminListIdentities List Identities - - Lists all identities. Does not support search at the moment. + * AdminListIdentities # List Identities + * Lists all identities. Does not support search at the moment. Learn how identities work in [Ory Kratos' User And Identity Model Documentation](https://www.ory.sh/docs/next/kratos/concepts/identity-user-model). - - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - - @return V0alpha2ApiApiAdminListIdentitiesRequest + * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + * @return V0alpha2ApiApiAdminListIdentitiesRequest */ func (a *V0alpha2ApiService) AdminListIdentities(ctx context.Context) V0alpha2ApiApiAdminListIdentitiesRequest { return V0alpha2ApiApiAdminListIdentitiesRequest{ @@ -2156,13 +2154,13 @@ func (r V0alpha2ApiApiAdminListIdentitySessionsRequest) Execute() ([]Session, *h } /* - - AdminListIdentitySessions This endpoint returns all sessions that belong to the given Identity. - - This endpoint is useful for: + * AdminListIdentitySessions This endpoint returns all sessions that belong to the given Identity. + * This endpoint is useful for: Listing all sessions that belong to an Identity in an administrative context. - - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - - @param id ID is the identity's ID. - - @return V0alpha2ApiApiAdminListIdentitySessionsRequest + * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + * @param id ID is the identity's ID. + * @return V0alpha2ApiApiAdminListIdentitySessionsRequest */ func (a *V0alpha2ApiService) AdminListIdentitySessions(ctx context.Context, id string) V0alpha2ApiApiAdminListIdentitySessionsRequest { return V0alpha2ApiApiAdminListIdentitySessionsRequest{ @@ -2331,13 +2329,13 @@ func (r V0alpha2ApiApiAdminPatchIdentityRequest) Execute() (*Identity, *http.Res } /* - - AdminPatchIdentity Partially updates an Identity's field using [JSON Patch](https://jsonpatch.com/) - - NOTE: The fields `id`, `stateChangedAt` and `credentials` are not updateable. + * AdminPatchIdentity Partially updates an Identity's field using [JSON Patch](https://jsonpatch.com/) + * NOTE: The fields `id`, `stateChangedAt` and `credentials` are not updateable. Learn how identities work in [Ory Kratos' User And Identity Model Documentation](https://www.ory.sh/docs/next/kratos/concepts/identity-user-model). - - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - - @param id ID must be set to the ID of identity you want to update - - @return V0alpha2ApiApiAdminPatchIdentityRequest + * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + * @param id ID must be set to the ID of identity you want to update + * @return V0alpha2ApiApiAdminPatchIdentityRequest */ func (a *V0alpha2ApiService) AdminPatchIdentity(ctx context.Context, id string) V0alpha2ApiApiAdminPatchIdentityRequest { return V0alpha2ApiApiAdminPatchIdentityRequest{ @@ -2499,13 +2497,13 @@ func (r V0alpha2ApiApiAdminUpdateIdentityRequest) Execute() (*Identity, *http.Re } /* - - AdminUpdateIdentity Update an Identity - - This endpoint updates an identity. The full identity payload (except credentials) is expected. This endpoint does not support patching. + * AdminUpdateIdentity # Update an Identity + * This endpoint updates an identity. The full identity payload (except credentials) is expected. This endpoint does not support patching. Learn how identities work in [Ory Kratos' User And Identity Model Documentation](https://www.ory.sh/docs/next/kratos/concepts/identity-user-model). - - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - - @param id ID must be set to the ID of identity you want to update - - @return V0alpha2ApiApiAdminUpdateIdentityRequest + * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + * @param id ID must be set to the ID of identity you want to update + * @return V0alpha2ApiApiAdminUpdateIdentityRequest */ func (a *V0alpha2ApiService) AdminUpdateIdentity(ctx context.Context, id string) V0alpha2ApiApiAdminUpdateIdentityRequest { return V0alpha2ApiApiAdminUpdateIdentityRequest{ @@ -2666,8 +2664,8 @@ func (r V0alpha2ApiApiCreateSelfServiceLogoutFlowUrlForBrowsersRequest) Execute( } /* - - CreateSelfServiceLogoutFlowUrlForBrowsers Create a Logout URL for Browsers - - This endpoint initializes a browser-based user logout flow and a URL which can be used to log out the user. + * CreateSelfServiceLogoutFlowUrlForBrowsers # Create a Logout URL for Browsers + * This endpoint initializes a browser-based user logout flow and a URL which can be used to log out the user. This endpoint is NOT INTENDED for API clients and only works with browsers (Chrome, Firefox, ...). For API clients you can @@ -2677,8 +2675,8 @@ The URL is only valid for the currently signed in user. If no user is signed in, a 401 error. When calling this endpoint from a backend, please ensure to properly forward the HTTP cookies. - - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - - @return V0alpha2ApiApiCreateSelfServiceLogoutFlowUrlForBrowsersRequest + * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + * @return V0alpha2ApiApiCreateSelfServiceLogoutFlowUrlForBrowsersRequest */ func (a *V0alpha2ApiService) CreateSelfServiceLogoutFlowUrlForBrowsers(ctx context.Context) V0alpha2ApiApiCreateSelfServiceLogoutFlowUrlForBrowsersRequest { return V0alpha2ApiApiCreateSelfServiceLogoutFlowUrlForBrowsersRequest{ @@ -2928,16 +2926,16 @@ func (r V0alpha2ApiApiGetSelfServiceErrorRequest) Execute() (*SelfServiceError, } /* - - GetSelfServiceError Get Self-Service Errors - - This endpoint returns the error associated with a user-facing self service errors. + * GetSelfServiceError # Get Self-Service Errors + * This endpoint returns the error associated with a user-facing self service errors. This endpoint supports stub values to help you implement the error UI: `?id=stub:500` - returns a stub 500 (Internal Server Error) error. More information can be found at [Ory Kratos User User Facing Error Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-facing-errors). - - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - - @return V0alpha2ApiApiGetSelfServiceErrorRequest + * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + * @return V0alpha2ApiApiGetSelfServiceErrorRequest */ func (a *V0alpha2ApiService) GetSelfServiceError(ctx context.Context) V0alpha2ApiApiGetSelfServiceErrorRequest { return V0alpha2ApiApiGetSelfServiceErrorRequest{ @@ -3079,8 +3077,8 @@ func (r V0alpha2ApiApiGetSelfServiceLoginFlowRequest) Execute() (*SelfServiceLog } /* - - GetSelfServiceLoginFlow Get Login Flow - - This endpoint returns a login flow's context with, for example, error details and other information. + * GetSelfServiceLoginFlow # Get Login Flow + * This endpoint returns a login flow's context with, for example, error details and other information. Browser flows expect the anti-CSRF cookie to be included in the request's HTTP Cookie Header. For AJAX requests you must ensure that cookies are included in the request or requests will fail. @@ -3103,8 +3101,8 @@ This request may fail due to several reasons. The `error.id` can be one of: `self_service_flow_expired`: The flow is expired and you should request a new one. More information can be found at [Ory Kratos User Login](https://www.ory.sh/docs/kratos/self-service/flows/user-login) and [User Registration Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-registration). - - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - - @return V0alpha2ApiApiGetSelfServiceLoginFlowRequest + * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + * @return V0alpha2ApiApiGetSelfServiceLoginFlowRequest */ func (a *V0alpha2ApiService) GetSelfServiceLoginFlow(ctx context.Context) V0alpha2ApiApiGetSelfServiceLoginFlowRequest { return V0alpha2ApiApiGetSelfServiceLoginFlowRequest{ @@ -3259,8 +3257,8 @@ func (r V0alpha2ApiApiGetSelfServiceRecoveryFlowRequest) Execute() (*SelfService } /* - - GetSelfServiceRecoveryFlow Get Recovery Flow - - This endpoint returns a recovery flow's context with, for example, error details and other information. + * GetSelfServiceRecoveryFlow # Get Recovery Flow + * This endpoint returns a recovery flow's context with, for example, error details and other information. Browser flows expect the anti-CSRF cookie to be included in the request's HTTP Cookie Header. For AJAX requests you must ensure that cookies are included in the request or requests will fail. @@ -3278,8 +3276,8 @@ res.render('recovery', flow) ``` More information can be found at [Ory Kratos Account Recovery Documentation](../self-service/flows/account-recovery). - - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - - @return V0alpha2ApiApiGetSelfServiceRecoveryFlowRequest + * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + * @return V0alpha2ApiApiGetSelfServiceRecoveryFlowRequest */ func (a *V0alpha2ApiService) GetSelfServiceRecoveryFlow(ctx context.Context) V0alpha2ApiApiGetSelfServiceRecoveryFlowRequest { return V0alpha2ApiApiGetSelfServiceRecoveryFlowRequest{ @@ -3424,8 +3422,8 @@ func (r V0alpha2ApiApiGetSelfServiceRegistrationFlowRequest) Execute() (*SelfSer } /* - - GetSelfServiceRegistrationFlow Get Registration Flow - - This endpoint returns a registration flow's context with, for example, error details and other information. + * GetSelfServiceRegistrationFlow # Get Registration Flow + * This endpoint returns a registration flow's context with, for example, error details and other information. Browser flows expect the anti-CSRF cookie to be included in the request's HTTP Cookie Header. For AJAX requests you must ensure that cookies are included in the request or requests will fail. @@ -3448,8 +3446,8 @@ This request may fail due to several reasons. The `error.id` can be one of: `self_service_flow_expired`: The flow is expired and you should request a new one. More information can be found at [Ory Kratos User Login](https://www.ory.sh/docs/kratos/self-service/flows/user-login) and [User Registration Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-registration). - - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - - @return V0alpha2ApiApiGetSelfServiceRegistrationFlowRequest + * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + * @return V0alpha2ApiApiGetSelfServiceRegistrationFlowRequest */ func (a *V0alpha2ApiService) GetSelfServiceRegistrationFlow(ctx context.Context) V0alpha2ApiApiGetSelfServiceRegistrationFlowRequest { return V0alpha2ApiApiGetSelfServiceRegistrationFlowRequest{ @@ -3609,9 +3607,8 @@ func (r V0alpha2ApiApiGetSelfServiceSettingsFlowRequest) Execute() (*SelfService } /* - - GetSelfServiceSettingsFlow Get Settings Flow - - When accessing this endpoint through Ory Kratos' Public API you must ensure that either the Ory Kratos Session Cookie - + * GetSelfServiceSettingsFlow # Get Settings Flow + * When accessing this endpoint through Ory Kratos' Public API you must ensure that either the Ory Kratos Session Cookie or the Ory Kratos Session Token are set. Depending on your configuration this endpoint might return a 403 error if the session has a lower Authenticator @@ -3630,8 +3627,8 @@ case of an error, the `error.id` of the JSON response body can be one of: identity logged in instead. More information can be found at [Ory Kratos User Settings & Profile Management Documentation](../self-service/flows/user-settings). - - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - - @return V0alpha2ApiApiGetSelfServiceSettingsFlowRequest + * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + * @return V0alpha2ApiApiGetSelfServiceSettingsFlowRequest */ func (a *V0alpha2ApiService) GetSelfServiceSettingsFlow(ctx context.Context) V0alpha2ApiApiGetSelfServiceSettingsFlowRequest { return V0alpha2ApiApiGetSelfServiceSettingsFlowRequest{ @@ -3799,8 +3796,8 @@ func (r V0alpha2ApiApiGetSelfServiceVerificationFlowRequest) Execute() (*SelfSer } /* - - GetSelfServiceVerificationFlow Get Verification Flow - - This endpoint returns a verification flow's context with, for example, error details and other information. + * GetSelfServiceVerificationFlow # Get Verification Flow + * This endpoint returns a verification flow's context with, for example, error details and other information. Browser flows expect the anti-CSRF cookie to be included in the request's HTTP Cookie Header. For AJAX requests you must ensure that cookies are included in the request or requests will fail. @@ -3817,8 +3814,8 @@ res.render('verification', flow) }) More information can be found at [Ory Kratos Email and Phone Verification Documentation](https://www.ory.sh/docs/kratos/selfservice/flows/verify-email-account-activation). - - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - - @return V0alpha2ApiApiGetSelfServiceVerificationFlowRequest + * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + * @return V0alpha2ApiApiGetSelfServiceVerificationFlowRequest */ func (a *V0alpha2ApiService) GetSelfServiceVerificationFlow(ctx context.Context) V0alpha2ApiApiGetSelfServiceVerificationFlowRequest { return V0alpha2ApiApiGetSelfServiceVerificationFlowRequest{ @@ -3952,8 +3949,8 @@ func (r V0alpha2ApiApiGetWebAuthnJavaScriptRequest) Execute() (string, *http.Res } /* - - GetWebAuthnJavaScript Get WebAuthn JavaScript - - This endpoint provides JavaScript which is needed in order to perform WebAuthn login and registration. + * GetWebAuthnJavaScript # Get WebAuthn JavaScript + * This endpoint provides JavaScript which is needed in order to perform WebAuthn login and registration. If you are building a JavaScript Browser App (e.g. in ReactJS or AngularJS) you will need to load this file: @@ -3962,8 +3959,8 @@ If you are building a JavaScript Browser App (e.g. in ReactJS or AngularJS) you ``` More information can be found at [Ory Kratos User Login](https://www.ory.sh/docs/kratos/self-service/flows/user-login) and [User Registration Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-registration). - - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - - @return V0alpha2ApiApiGetWebAuthnJavaScriptRequest + * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + * @return V0alpha2ApiApiGetWebAuthnJavaScriptRequest */ func (a *V0alpha2ApiService) GetWebAuthnJavaScript(ctx context.Context) V0alpha2ApiApiGetWebAuthnJavaScriptRequest { return V0alpha2ApiApiGetWebAuthnJavaScriptRequest{ @@ -4077,9 +4074,8 @@ func (r V0alpha2ApiApiInitializeSelfServiceLoginFlowForBrowsersRequest) Execute( } /* - - InitializeSelfServiceLoginFlowForBrowsers Initialize Login Flow for Browsers - - This endpoint initializes a browser-based user login flow. This endpoint will set the appropriate - + * InitializeSelfServiceLoginFlowForBrowsers # Initialize Login Flow for Browsers + * This endpoint initializes a browser-based user login flow. This endpoint will set the appropriate cookies and anti-CSRF measures required for browser-based flows. If this endpoint is opened as a link in the browser, it will be redirected to @@ -4098,8 +4094,8 @@ case of an error, the `error.id` of the JSON response body can be one of: This endpoint is NOT INTENDED for clients that do not have a browser (Chrome, Firefox, ...) as cookies are needed. More information can be found at [Ory Kratos User Login](https://www.ory.sh/docs/kratos/self-service/flows/user-login) and [User Registration Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-registration). - - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - - @return V0alpha2ApiApiInitializeSelfServiceLoginFlowForBrowsersRequest + * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + * @return V0alpha2ApiApiInitializeSelfServiceLoginFlowForBrowsersRequest */ func (a *V0alpha2ApiService) InitializeSelfServiceLoginFlowForBrowsers(ctx context.Context) V0alpha2ApiApiInitializeSelfServiceLoginFlowForBrowsersRequest { return V0alpha2ApiApiInitializeSelfServiceLoginFlowForBrowsersRequest{ @@ -4241,8 +4237,8 @@ func (r V0alpha2ApiApiInitializeSelfServiceLoginFlowWithoutBrowserRequest) Execu } /* - - InitializeSelfServiceLoginFlowWithoutBrowser Initialize Login Flow for APIs, Services, Apps, ... - - This endpoint initiates a login flow for API clients that do not use a browser, such as mobile devices, smart TVs, and so on. + * InitializeSelfServiceLoginFlowWithoutBrowser Initialize Login Flow for APIs, Services, Apps, ... + * This endpoint initiates a login flow for API clients that do not use a browser, such as mobile devices, smart TVs, and so on. If a valid provided session cookie or session token is provided, a 400 Bad Request error will be returned unless the URL query parameter `?refresh=true` is set. @@ -4262,8 +4258,8 @@ In the case of an error, the `error.id` of the JSON response body can be one of: This endpoint MUST ONLY be used in scenarios such as native mobile apps (React Native, Objective C, Swift, Java, ...). More information can be found at [Ory Kratos User Login](https://www.ory.sh/docs/kratos/self-service/flows/user-login) and [User Registration Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-registration). - - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - - @return V0alpha2ApiApiInitializeSelfServiceLoginFlowWithoutBrowserRequest + * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + * @return V0alpha2ApiApiInitializeSelfServiceLoginFlowWithoutBrowserRequest */ func (a *V0alpha2ApiService) InitializeSelfServiceLoginFlowWithoutBrowser(ctx context.Context) V0alpha2ApiApiInitializeSelfServiceLoginFlowWithoutBrowserRequest { return V0alpha2ApiApiInitializeSelfServiceLoginFlowWithoutBrowserRequest{ @@ -4395,9 +4391,8 @@ func (r V0alpha2ApiApiInitializeSelfServiceRecoveryFlowForBrowsersRequest) Execu } /* - - InitializeSelfServiceRecoveryFlowForBrowsers Initialize Recovery Flow for Browsers - - This endpoint initializes a browser-based account recovery flow. Once initialized, the browser will be redirected to - + * InitializeSelfServiceRecoveryFlowForBrowsers # Initialize Recovery Flow for Browsers + * This endpoint initializes a browser-based account recovery flow. Once initialized, the browser will be redirected to `selfservice.flows.recovery.ui_url` with the flow ID set as the query parameter `?flow=`. If a valid user session exists, the browser is returned to the configured return URL. @@ -4407,8 +4402,8 @@ or a 400 bad request error if the user is already authenticated. This endpoint is NOT INTENDED for clients that do not have a browser (Chrome, Firefox, ...) as cookies are needed. More information can be found at [Ory Kratos Account Recovery Documentation](../self-service/flows/account-recovery). - - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - - @return V0alpha2ApiApiInitializeSelfServiceRecoveryFlowForBrowsersRequest + * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + * @return V0alpha2ApiApiInitializeSelfServiceRecoveryFlowForBrowsersRequest */ func (a *V0alpha2ApiService) InitializeSelfServiceRecoveryFlowForBrowsers(ctx context.Context) V0alpha2ApiApiInitializeSelfServiceRecoveryFlowForBrowsersRequest { return V0alpha2ApiApiInitializeSelfServiceRecoveryFlowForBrowsersRequest{ @@ -4528,8 +4523,8 @@ func (r V0alpha2ApiApiInitializeSelfServiceRecoveryFlowWithoutBrowserRequest) Ex } /* - - InitializeSelfServiceRecoveryFlowWithoutBrowser Initialize Recovery Flow for APIs, Services, Apps, ... - - This endpoint initiates a recovery flow for API clients such as mobile devices, smart TVs, and so on. + * InitializeSelfServiceRecoveryFlowWithoutBrowser Initialize Recovery Flow for APIs, Services, Apps, ... + * This endpoint initiates a recovery flow for API clients such as mobile devices, smart TVs, and so on. If a valid provided session cookie or session token is provided, a 400 Bad Request error. @@ -4542,8 +4537,8 @@ you vulnerable to a variety of CSRF attacks. This endpoint MUST ONLY be used in scenarios such as native mobile apps (React Native, Objective C, Swift, Java, ...). More information can be found at [Ory Kratos Account Recovery Documentation](../self-service/flows/account-recovery). - - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - - @return V0alpha2ApiApiInitializeSelfServiceRecoveryFlowWithoutBrowserRequest + * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + * @return V0alpha2ApiApiInitializeSelfServiceRecoveryFlowWithoutBrowserRequest */ func (a *V0alpha2ApiService) InitializeSelfServiceRecoveryFlowWithoutBrowser(ctx context.Context) V0alpha2ApiApiInitializeSelfServiceRecoveryFlowWithoutBrowserRequest { return V0alpha2ApiApiInitializeSelfServiceRecoveryFlowWithoutBrowserRequest{ @@ -4666,9 +4661,8 @@ func (r V0alpha2ApiApiInitializeSelfServiceRegistrationFlowForBrowsersRequest) E } /* - - InitializeSelfServiceRegistrationFlowForBrowsers Initialize Registration Flow for Browsers - - This endpoint initializes a browser-based user registration flow. This endpoint will set the appropriate - + * InitializeSelfServiceRegistrationFlowForBrowsers # Initialize Registration Flow for Browsers + * This endpoint initializes a browser-based user registration flow. This endpoint will set the appropriate cookies and anti-CSRF measures required for browser-based flows. :::info @@ -4693,8 +4687,8 @@ If this endpoint is called via an AJAX request, the response contains the regist This endpoint is NOT INTENDED for clients that do not have a browser (Chrome, Firefox, ...) as cookies are needed. More information can be found at [Ory Kratos User Login](https://www.ory.sh/docs/kratos/self-service/flows/user-login) and [User Registration Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-registration). - - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - - @return V0alpha2ApiApiInitializeSelfServiceRegistrationFlowForBrowsersRequest + * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + * @return V0alpha2ApiApiInitializeSelfServiceRegistrationFlowForBrowsersRequest */ func (a *V0alpha2ApiService) InitializeSelfServiceRegistrationFlowForBrowsers(ctx context.Context) V0alpha2ApiApiInitializeSelfServiceRegistrationFlowForBrowsersRequest { return V0alpha2ApiApiInitializeSelfServiceRegistrationFlowForBrowsersRequest{ @@ -4804,8 +4798,8 @@ func (r V0alpha2ApiApiInitializeSelfServiceRegistrationFlowWithoutBrowserRequest } /* - - InitializeSelfServiceRegistrationFlowWithoutBrowser Initialize Registration Flow for APIs, Services, Apps, ... - - This endpoint initiates a registration flow for API clients such as mobile devices, smart TVs, and so on. + * InitializeSelfServiceRegistrationFlowWithoutBrowser Initialize Registration Flow for APIs, Services, Apps, ... + * This endpoint initiates a registration flow for API clients such as mobile devices, smart TVs, and so on. If a valid provided session cookie or session token is provided, a 400 Bad Request error will be returned unless the URL query parameter `?refresh=true` is set. @@ -4824,8 +4818,8 @@ In the case of an error, the `error.id` of the JSON response body can be one of: This endpoint MUST ONLY be used in scenarios such as native mobile apps (React Native, Objective C, Swift, Java, ...). More information can be found at [Ory Kratos User Login](https://www.ory.sh/docs/kratos/self-service/flows/user-login) and [User Registration Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-registration). - - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - - @return V0alpha2ApiApiInitializeSelfServiceRegistrationFlowWithoutBrowserRequest + * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + * @return V0alpha2ApiApiInitializeSelfServiceRegistrationFlowWithoutBrowserRequest */ func (a *V0alpha2ApiService) InitializeSelfServiceRegistrationFlowWithoutBrowser(ctx context.Context) V0alpha2ApiApiInitializeSelfServiceRegistrationFlowWithoutBrowserRequest { return V0alpha2ApiApiInitializeSelfServiceRegistrationFlowWithoutBrowserRequest{ @@ -4948,9 +4942,8 @@ func (r V0alpha2ApiApiInitializeSelfServiceSettingsFlowForBrowsersRequest) Execu } /* - - InitializeSelfServiceSettingsFlowForBrowsers Initialize Settings Flow for Browsers - - This endpoint initializes a browser-based user settings flow. Once initialized, the browser will be redirected to - + * InitializeSelfServiceSettingsFlowForBrowsers # Initialize Settings Flow for Browsers + * This endpoint initializes a browser-based user settings flow. Once initialized, the browser will be redirected to `selfservice.flows.settings.ui_url` with the flow ID set as the query parameter `?flow=`. If no valid Ory Kratos Session Cookie is included in the request, a login flow will be initialized. @@ -4976,8 +4969,8 @@ case of an error, the `error.id` of the JSON response body can be one of: This endpoint is NOT INTENDED for clients that do not have a browser (Chrome, Firefox, ...) as cookies are needed. More information can be found at [Ory Kratos User Settings & Profile Management Documentation](../self-service/flows/user-settings). - - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - - @return V0alpha2ApiApiInitializeSelfServiceSettingsFlowForBrowsersRequest + * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + * @return V0alpha2ApiApiInitializeSelfServiceSettingsFlowForBrowsersRequest */ func (a *V0alpha2ApiService) InitializeSelfServiceSettingsFlowForBrowsers(ctx context.Context) V0alpha2ApiApiInitializeSelfServiceSettingsFlowForBrowsersRequest { return V0alpha2ApiApiInitializeSelfServiceSettingsFlowForBrowsersRequest{ @@ -5123,9 +5116,8 @@ func (r V0alpha2ApiApiInitializeSelfServiceSettingsFlowWithoutBrowserRequest) Ex } /* - - InitializeSelfServiceSettingsFlowWithoutBrowser Initialize Settings Flow for APIs, Services, Apps, ... - - This endpoint initiates a settings flow for API clients such as mobile devices, smart TVs, and so on. - + * InitializeSelfServiceSettingsFlowWithoutBrowser Initialize Settings Flow for APIs, Services, Apps, ... + * This endpoint initiates a settings flow for API clients such as mobile devices, smart TVs, and so on. You must provide a valid Ory Kratos Session Token for this endpoint to respond with HTTP 200 OK. To fetch an existing settings flow call `/self-service/settings/flows?flow=`. @@ -5147,8 +5139,8 @@ In the case of an error, the `error.id` of the JSON response body can be one of: This endpoint MUST ONLY be used in scenarios such as native mobile apps (React Native, Objective C, Swift, Java, ...). More information can be found at [Ory Kratos User Settings & Profile Management Documentation](../self-service/flows/user-settings). - - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - - @return V0alpha2ApiApiInitializeSelfServiceSettingsFlowWithoutBrowserRequest + * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + * @return V0alpha2ApiApiInitializeSelfServiceSettingsFlowWithoutBrowserRequest */ func (a *V0alpha2ApiService) InitializeSelfServiceSettingsFlowWithoutBrowser(ctx context.Context) V0alpha2ApiApiInitializeSelfServiceSettingsFlowWithoutBrowserRequest { return V0alpha2ApiApiInitializeSelfServiceSettingsFlowWithoutBrowserRequest{ @@ -5274,9 +5266,8 @@ func (r V0alpha2ApiApiInitializeSelfServiceVerificationFlowForBrowsersRequest) E } /* - - InitializeSelfServiceVerificationFlowForBrowsers Initialize Verification Flow for Browser Clients - - This endpoint initializes a browser-based account verification flow. Once initialized, the browser will be redirected to - + * InitializeSelfServiceVerificationFlowForBrowsers # Initialize Verification Flow for Browser Clients + * This endpoint initializes a browser-based account verification flow. Once initialized, the browser will be redirected to `selfservice.flows.verification.ui_url` with the flow ID set as the query parameter `?flow=`. If this endpoint is called via an AJAX request, the response contains the recovery flow without any redirects. @@ -5284,8 +5275,8 @@ If this endpoint is called via an AJAX request, the response contains the recove This endpoint is NOT INTENDED for API clients and only works with browsers (Chrome, Firefox, ...). More information can be found at [Ory Kratos Email and Phone Verification Documentation](https://www.ory.sh/docs/kratos/selfservice/flows/verify-email-account-activation). - - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - - @return V0alpha2ApiApiInitializeSelfServiceVerificationFlowForBrowsersRequest + * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + * @return V0alpha2ApiApiInitializeSelfServiceVerificationFlowForBrowsersRequest */ func (a *V0alpha2ApiService) InitializeSelfServiceVerificationFlowForBrowsers(ctx context.Context) V0alpha2ApiApiInitializeSelfServiceVerificationFlowForBrowsersRequest { return V0alpha2ApiApiInitializeSelfServiceVerificationFlowForBrowsersRequest{ @@ -5395,8 +5386,8 @@ func (r V0alpha2ApiApiInitializeSelfServiceVerificationFlowWithoutBrowserRequest } /* - - InitializeSelfServiceVerificationFlowWithoutBrowser Initialize Verification Flow for APIs, Services, Apps, ... - - This endpoint initiates a verification flow for API clients such as mobile devices, smart TVs, and so on. + * InitializeSelfServiceVerificationFlowWithoutBrowser Initialize Verification Flow for APIs, Services, Apps, ... + * This endpoint initiates a verification flow for API clients such as mobile devices, smart TVs, and so on. To fetch an existing verification flow call `/self-service/verification/flows?flow=`. @@ -5407,8 +5398,8 @@ you vulnerable to a variety of CSRF attacks. This endpoint MUST ONLY be used in scenarios such as native mobile apps (React Native, Objective C, Swift, Java, ...). More information can be found at [Ory Kratos Email and Phone Verification Documentation](https://www.ory.sh/docs/kratos/self-service/flows/verify-email-account-activation). - - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - - @return V0alpha2ApiApiInitializeSelfServiceVerificationFlowWithoutBrowserRequest + * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + * @return V0alpha2ApiApiInitializeSelfServiceVerificationFlowWithoutBrowserRequest */ func (a *V0alpha2ApiService) InitializeSelfServiceVerificationFlowWithoutBrowser(ctx context.Context) V0alpha2ApiApiInitializeSelfServiceVerificationFlowWithoutBrowserRequest { return V0alpha2ApiApiInitializeSelfServiceVerificationFlowWithoutBrowserRequest{ @@ -5673,12 +5664,12 @@ func (r V0alpha2ApiApiListSessionsRequest) Execute() ([]Session, *http.Response, } /* - - ListSessions This endpoints returns all other active sessions that belong to the logged-in user. The current session can be retrieved by calling the `/sessions/whoami` endpoint. - - This endpoint is useful for: + * ListSessions This endpoints returns all other active sessions that belong to the logged-in user. The current session can be retrieved by calling the `/sessions/whoami` endpoint. + * This endpoint is useful for: Displaying all other sessions that belong to the logged-in user - - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - - @return V0alpha2ApiApiListSessionsRequest + * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + * @return V0alpha2ApiApiListSessionsRequest */ func (a *V0alpha2ApiService) ListSessions(ctx context.Context) V0alpha2ApiApiListSessionsRequest { return V0alpha2ApiApiListSessionsRequest{ @@ -5828,13 +5819,13 @@ func (r V0alpha2ApiApiRevokeSessionRequest) Execute() (*http.Response, error) { } /* - - RevokeSession Calling this endpoint invalidates the specified session. The current session cannot be revoked. Session data are not deleted. - - This endpoint is useful for: + * RevokeSession Calling this endpoint invalidates the specified session. The current session cannot be revoked. Session data are not deleted. + * This endpoint is useful for: To forcefully logout the current user from another device or session - - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - - @param id ID is the session's ID. - - @return V0alpha2ApiApiRevokeSessionRequest + * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + * @param id ID is the session's ID. + * @return V0alpha2ApiApiRevokeSessionRequest */ func (a *V0alpha2ApiService) RevokeSession(ctx context.Context, id string) V0alpha2ApiApiRevokeSessionRequest { return V0alpha2ApiApiRevokeSessionRequest{ @@ -5963,12 +5954,12 @@ func (r V0alpha2ApiApiRevokeSessionsRequest) Execute() (*RevokedSessions, *http. } /* - - RevokeSessions Calling this endpoint invalidates all except the current session that belong to the logged-in user. Session data are not deleted. - - This endpoint is useful for: + * RevokeSessions Calling this endpoint invalidates all except the current session that belong to the logged-in user. Session data are not deleted. + * This endpoint is useful for: To forcefully logout the current user from all other devices and sessions - - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - - @return V0alpha2ApiApiRevokeSessionsRequest + * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + * @return V0alpha2ApiApiRevokeSessionsRequest */ func (a *V0alpha2ApiService) RevokeSessions(ctx context.Context) V0alpha2ApiApiRevokeSessionsRequest { return V0alpha2ApiApiRevokeSessionsRequest{ @@ -6132,8 +6123,8 @@ func (r V0alpha2ApiApiSubmitSelfServiceLoginFlowRequest) Execute() (*SuccessfulS } /* - - SubmitSelfServiceLoginFlow Submit a Login Flow - - :::info + * SubmitSelfServiceLoginFlow # Submit a Login Flow + * :::info This endpoint is EXPERIMENTAL and subject to potential breaking changes in the future. @@ -6166,8 +6157,8 @@ case of an error, the `error.id` of the JSON response body can be one of: Most likely used in Social Sign In flows. More information can be found at [Ory Kratos User Login](https://www.ory.sh/docs/kratos/self-service/flows/user-login) and [User Registration Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-registration). - - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - - @return V0alpha2ApiApiSubmitSelfServiceLoginFlowRequest + * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + * @return V0alpha2ApiApiSubmitSelfServiceLoginFlowRequest */ func (a *V0alpha2ApiService) SubmitSelfServiceLoginFlow(ctx context.Context) V0alpha2ApiApiSubmitSelfServiceLoginFlowRequest { return V0alpha2ApiApiSubmitSelfServiceLoginFlowRequest{ @@ -6330,8 +6321,8 @@ func (r V0alpha2ApiApiSubmitSelfServiceLogoutFlowRequest) Execute() (*http.Respo } /* - - SubmitSelfServiceLogoutFlow Complete Self-Service Logout - - This endpoint logs out an identity in a self-service manner. + * SubmitSelfServiceLogoutFlow # Complete Self-Service Logout + * This endpoint logs out an identity in a self-service manner. If the `Accept` HTTP header is not set to `application/json`, the browser will be redirected (HTTP 303 See Other) to the `return_to` parameter of the initial request or fall back to `urls.default_return_to`. @@ -6344,8 +6335,8 @@ with browsers (Chrome, Firefox, ...). For API clients you can call the `/self-service/logout/api` URL directly with the Ory Session Token. More information can be found at [Ory Kratos User Logout Documentation](https://www.ory.sh/docs/next/kratos/self-service/flows/user-logout). - - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - - @return V0alpha2ApiApiSubmitSelfServiceLogoutFlowRequest + * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + * @return V0alpha2ApiApiSubmitSelfServiceLogoutFlowRequest */ func (a *V0alpha2ApiService) SubmitSelfServiceLogoutFlow(ctx context.Context) V0alpha2ApiApiSubmitSelfServiceLogoutFlowRequest { return V0alpha2ApiApiSubmitSelfServiceLogoutFlowRequest{ @@ -6453,9 +6444,8 @@ func (r V0alpha2ApiApiSubmitSelfServiceLogoutFlowWithoutBrowserRequest) Execute( } /* - - SubmitSelfServiceLogoutFlowWithoutBrowser Perform Logout for APIs, Services, Apps, ... - - Use this endpoint to log out an identity using an Ory Session Token. If the Ory Session Token was successfully - + * SubmitSelfServiceLogoutFlowWithoutBrowser Perform Logout for APIs, Services, Apps, ... + * Use this endpoint to log out an identity using an Ory Session Token. If the Ory Session Token was successfully revoked, the server returns a 204 No Content response. A 204 No Content response is also sent when the Ory Session Token has been revoked already before. @@ -6463,8 +6453,8 @@ If the Ory Session Token is malformed or does not exist a 403 Forbidden response This endpoint does not remove any HTTP Cookies - use the Browser-Based Self-Service Logout Flow instead. - - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - - @return V0alpha2ApiApiSubmitSelfServiceLogoutFlowWithoutBrowserRequest + * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + * @return V0alpha2ApiApiSubmitSelfServiceLogoutFlowWithoutBrowserRequest */ func (a *V0alpha2ApiService) SubmitSelfServiceLogoutFlowWithoutBrowser(ctx context.Context) V0alpha2ApiApiSubmitSelfServiceLogoutFlowWithoutBrowserRequest { return V0alpha2ApiApiSubmitSelfServiceLogoutFlowWithoutBrowserRequest{ @@ -6596,9 +6586,8 @@ func (r V0alpha2ApiApiSubmitSelfServiceRecoveryFlowRequest) Execute() (*SelfServ } /* - - SubmitSelfServiceRecoveryFlow Complete Recovery Flow - - Use this endpoint to complete a recovery flow. This endpoint - + * SubmitSelfServiceRecoveryFlow # Complete Recovery Flow + * Use this endpoint to complete a recovery flow. This endpoint behaves differently for API and browser flows and has several states: `choose_method` expects `flow` (in the URL query) and `email` (in the body) to be sent @@ -6614,8 +6603,8 @@ does not have any API capabilities. The server responds with a HTTP 303 See Othe a new Recovery Flow ID which contains an error message that the recovery link was invalid. More information can be found at [Ory Kratos Account Recovery Documentation](../self-service/flows/account-recovery). - - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - - @return V0alpha2ApiApiSubmitSelfServiceRecoveryFlowRequest + * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + * @return V0alpha2ApiApiSubmitSelfServiceRecoveryFlowRequest */ func (a *V0alpha2ApiService) SubmitSelfServiceRecoveryFlow(ctx context.Context) V0alpha2ApiApiSubmitSelfServiceRecoveryFlowRequest { return V0alpha2ApiApiSubmitSelfServiceRecoveryFlowRequest{ @@ -6773,9 +6762,8 @@ func (r V0alpha2ApiApiSubmitSelfServiceRegistrationFlowRequest) Execute() (*Succ } /* - - SubmitSelfServiceRegistrationFlow Submit a Registration Flow - - Use this endpoint to complete a registration flow by sending an identity's traits and password. This endpoint - + * SubmitSelfServiceRegistrationFlow # Submit a Registration Flow + * Use this endpoint to complete a registration flow by sending an identity's traits and password. This endpoint behaves differently for API and browser flows. API flows expect `application/json` to be sent in the body and respond with @@ -6803,8 +6791,8 @@ case of an error, the `error.id` of the JSON response body can be one of: Most likely used in Social Sign In flows. More information can be found at [Ory Kratos User Login](https://www.ory.sh/docs/kratos/self-service/flows/user-login) and [User Registration Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-registration). - - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - - @return V0alpha2ApiApiSubmitSelfServiceRegistrationFlowRequest + * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + * @return V0alpha2ApiApiSubmitSelfServiceRegistrationFlowRequest */ func (a *V0alpha2ApiService) SubmitSelfServiceRegistrationFlow(ctx context.Context) V0alpha2ApiApiSubmitSelfServiceRegistrationFlowRequest { return V0alpha2ApiApiSubmitSelfServiceRegistrationFlowRequest{ @@ -6974,9 +6962,8 @@ func (r V0alpha2ApiApiSubmitSelfServiceSettingsFlowRequest) Execute() (*SelfServ } /* - - SubmitSelfServiceSettingsFlow Complete Settings Flow - - Use this endpoint to complete a settings flow by sending an identity's updated password. This endpoint - + * SubmitSelfServiceSettingsFlow # Complete Settings Flow + * Use this endpoint to complete a settings flow by sending an identity's updated password. This endpoint behaves differently for API and browser flows. API-initiated flows expect `application/json` to be sent in the body and respond with @@ -7019,8 +7006,8 @@ identity logged in instead. Most likely used in Social Sign In flows. More information can be found at [Ory Kratos User Settings & Profile Management Documentation](../self-service/flows/user-settings). - - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - - @return V0alpha2ApiApiSubmitSelfServiceSettingsFlowRequest + * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + * @return V0alpha2ApiApiSubmitSelfServiceSettingsFlowRequest */ func (a *V0alpha2ApiService) SubmitSelfServiceSettingsFlow(ctx context.Context) V0alpha2ApiApiSubmitSelfServiceSettingsFlowRequest { return V0alpha2ApiApiSubmitSelfServiceSettingsFlowRequest{ @@ -7213,9 +7200,8 @@ func (r V0alpha2ApiApiSubmitSelfServiceVerificationFlowRequest) Execute() (*Self } /* - - SubmitSelfServiceVerificationFlow Complete Verification Flow - - Use this endpoint to complete a verification flow. This endpoint - + * SubmitSelfServiceVerificationFlow # Complete Verification Flow + * Use this endpoint to complete a verification flow. This endpoint behaves differently for API and browser flows and has several states: `choose_method` expects `flow` (in the URL query) and `email` (in the body) to be sent @@ -7231,8 +7217,8 @@ does not have any API capabilities. The server responds with a HTTP 303 See Othe a new Verification Flow ID which contains an error message that the verification link was invalid. More information can be found at [Ory Kratos Email and Phone Verification Documentation](https://www.ory.sh/docs/kratos/selfservice/flows/verify-email-account-activation). - - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - - @return V0alpha2ApiApiSubmitSelfServiceVerificationFlowRequest + * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + * @return V0alpha2ApiApiSubmitSelfServiceVerificationFlowRequest */ func (a *V0alpha2ApiService) SubmitSelfServiceVerificationFlow(ctx context.Context) V0alpha2ApiApiSubmitSelfServiceVerificationFlowRequest { return V0alpha2ApiApiSubmitSelfServiceVerificationFlowRequest{ @@ -7385,9 +7371,8 @@ func (r V0alpha2ApiApiToSessionRequest) Execute() (*Session, *http.Response, err } /* - - ToSession Check Who the Current HTTP Session Belongs To - - Uses the HTTP Headers in the GET request to determine (e.g. by using checking the cookies) who is authenticated. - + * ToSession # Check Who the Current HTTP Session Belongs To + * Uses the HTTP Headers in the GET request to determine (e.g. by using checking the cookies) who is authenticated. Returns a session object in the body or 401 if the credentials are invalid or no credentials were sent. Additionally when the request it successful it adds the user ID to the 'X-Kratos-Authenticated-Identity-Id' header in the response. @@ -7436,8 +7421,8 @@ As explained above, this request may fail due to several reasons. The `error.id` `session_inactive`: No active session was found in the request (e.g. no Ory Session Cookie / Ory Session Token). `session_aal2_required`: An active session was found but it does not fulfil the Authenticator Assurance Level, implying that the session must (e.g.) authenticate the second factor. - - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - - @return V0alpha2ApiApiToSessionRequest + * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + * @return V0alpha2ApiApiToSessionRequest */ func (a *V0alpha2ApiService) ToSession(ctx context.Context) V0alpha2ApiApiToSessionRequest { return V0alpha2ApiApiToSessionRequest{ diff --git a/internal/httpclient/docs/V0alpha2Api.md b/internal/httpclient/docs/V0alpha2Api.md index 1dbbfcc10d52..9a931c37a8a6 100644 --- a/internal/httpclient/docs/V0alpha2Api.md +++ b/internal/httpclient/docs/V0alpha2Api.md @@ -4,47 +4,47 @@ All URIs are relative to *http://localhost* Method | HTTP request | Description ------------- | ------------- | ------------- -[**AdminCreateIdentity**](V0alpha2Api.md#AdminCreateIdentity) | **Post** /admin/identities | Create an Identity -[**AdminCreateSelfServiceRecoveryLink**](V0alpha2Api.md#AdminCreateSelfServiceRecoveryLink) | **Post** /admin/recovery/link | Create a Recovery Link -[**AdminDeleteIdentity**](V0alpha2Api.md#AdminDeleteIdentity) | **Delete** /admin/identities/{id} | Delete an Identity +[**AdminCreateIdentity**](V0alpha2Api.md#AdminCreateIdentity) | **Post** /admin/identities | # Create an Identity +[**AdminCreateSelfServiceRecoveryLink**](V0alpha2Api.md#AdminCreateSelfServiceRecoveryLink) | **Post** /admin/recovery/link | # Create a Recovery Link +[**AdminDeleteIdentity**](V0alpha2Api.md#AdminDeleteIdentity) | **Delete** /admin/identities/{id} | # Delete an Identity [**AdminDeleteIdentitySessions**](V0alpha2Api.md#AdminDeleteIdentitySessions) | **Delete** /admin/identities/{id}/sessions | Calling this endpoint irrecoverably and permanently deletes and invalidates all sessions that belong to the given Identity. [**AdminExtendSession**](V0alpha2Api.md#AdminExtendSession) | **Patch** /admin/sessions/{id}/extend | Calling this endpoint extends the given session ID. If `session.earliest_possible_extend` is set it will only extend the session after the specified time has passed. -[**AdminGetIdentity**](V0alpha2Api.md#AdminGetIdentity) | **Get** /admin/identities/{id} | Get an Identity -[**AdminListIdentities**](V0alpha2Api.md#AdminListIdentities) | **Get** /admin/identities | List Identities +[**AdminGetIdentity**](V0alpha2Api.md#AdminGetIdentity) | **Get** /admin/identities/{id} | # Get an Identity +[**AdminListIdentities**](V0alpha2Api.md#AdminListIdentities) | **Get** /admin/identities | # List Identities [**AdminListIdentitySessions**](V0alpha2Api.md#AdminListIdentitySessions) | **Get** /admin/identities/{id}/sessions | This endpoint returns all sessions that belong to the given Identity. [**AdminPatchIdentity**](V0alpha2Api.md#AdminPatchIdentity) | **Patch** /admin/identities/{id} | Partially updates an Identity's field using [JSON Patch](https://jsonpatch.com/) -[**AdminUpdateIdentity**](V0alpha2Api.md#AdminUpdateIdentity) | **Put** /admin/identities/{id} | Update an Identity -[**CreateSelfServiceLogoutFlowUrlForBrowsers**](V0alpha2Api.md#CreateSelfServiceLogoutFlowUrlForBrowsers) | **Get** /self-service/logout/browser | Create a Logout URL for Browsers +[**AdminUpdateIdentity**](V0alpha2Api.md#AdminUpdateIdentity) | **Put** /admin/identities/{id} | # Update an Identity +[**CreateSelfServiceLogoutFlowUrlForBrowsers**](V0alpha2Api.md#CreateSelfServiceLogoutFlowUrlForBrowsers) | **Get** /self-service/logout/browser | # Create a Logout URL for Browsers [**GetIdentitySchema**](V0alpha2Api.md#GetIdentitySchema) | **Get** /schemas/{id} | -[**GetSelfServiceError**](V0alpha2Api.md#GetSelfServiceError) | **Get** /self-service/errors | Get Self-Service Errors -[**GetSelfServiceLoginFlow**](V0alpha2Api.md#GetSelfServiceLoginFlow) | **Get** /self-service/login/flows | Get Login Flow -[**GetSelfServiceRecoveryFlow**](V0alpha2Api.md#GetSelfServiceRecoveryFlow) | **Get** /self-service/recovery/flows | Get Recovery Flow -[**GetSelfServiceRegistrationFlow**](V0alpha2Api.md#GetSelfServiceRegistrationFlow) | **Get** /self-service/registration/flows | Get Registration Flow -[**GetSelfServiceSettingsFlow**](V0alpha2Api.md#GetSelfServiceSettingsFlow) | **Get** /self-service/settings/flows | Get Settings Flow -[**GetSelfServiceVerificationFlow**](V0alpha2Api.md#GetSelfServiceVerificationFlow) | **Get** /self-service/verification/flows | Get Verification Flow -[**GetWebAuthnJavaScript**](V0alpha2Api.md#GetWebAuthnJavaScript) | **Get** /.well-known/ory/webauthn.js | Get WebAuthn JavaScript -[**InitializeSelfServiceLoginFlowForBrowsers**](V0alpha2Api.md#InitializeSelfServiceLoginFlowForBrowsers) | **Get** /self-service/login/browser | Initialize Login Flow for Browsers +[**GetSelfServiceError**](V0alpha2Api.md#GetSelfServiceError) | **Get** /self-service/errors | # Get Self-Service Errors +[**GetSelfServiceLoginFlow**](V0alpha2Api.md#GetSelfServiceLoginFlow) | **Get** /self-service/login/flows | # Get Login Flow +[**GetSelfServiceRecoveryFlow**](V0alpha2Api.md#GetSelfServiceRecoveryFlow) | **Get** /self-service/recovery/flows | # Get Recovery Flow +[**GetSelfServiceRegistrationFlow**](V0alpha2Api.md#GetSelfServiceRegistrationFlow) | **Get** /self-service/registration/flows | # Get Registration Flow +[**GetSelfServiceSettingsFlow**](V0alpha2Api.md#GetSelfServiceSettingsFlow) | **Get** /self-service/settings/flows | # Get Settings Flow +[**GetSelfServiceVerificationFlow**](V0alpha2Api.md#GetSelfServiceVerificationFlow) | **Get** /self-service/verification/flows | # Get Verification Flow +[**GetWebAuthnJavaScript**](V0alpha2Api.md#GetWebAuthnJavaScript) | **Get** /.well-known/ory/webauthn.js | # Get WebAuthn JavaScript +[**InitializeSelfServiceLoginFlowForBrowsers**](V0alpha2Api.md#InitializeSelfServiceLoginFlowForBrowsers) | **Get** /self-service/login/browser | # Initialize Login Flow for Browsers [**InitializeSelfServiceLoginFlowWithoutBrowser**](V0alpha2Api.md#InitializeSelfServiceLoginFlowWithoutBrowser) | **Get** /self-service/login/api | Initialize Login Flow for APIs, Services, Apps, ... -[**InitializeSelfServiceRecoveryFlowForBrowsers**](V0alpha2Api.md#InitializeSelfServiceRecoveryFlowForBrowsers) | **Get** /self-service/recovery/browser | Initialize Recovery Flow for Browsers +[**InitializeSelfServiceRecoveryFlowForBrowsers**](V0alpha2Api.md#InitializeSelfServiceRecoveryFlowForBrowsers) | **Get** /self-service/recovery/browser | # Initialize Recovery Flow for Browsers [**InitializeSelfServiceRecoveryFlowWithoutBrowser**](V0alpha2Api.md#InitializeSelfServiceRecoveryFlowWithoutBrowser) | **Get** /self-service/recovery/api | Initialize Recovery Flow for APIs, Services, Apps, ... -[**InitializeSelfServiceRegistrationFlowForBrowsers**](V0alpha2Api.md#InitializeSelfServiceRegistrationFlowForBrowsers) | **Get** /self-service/registration/browser | Initialize Registration Flow for Browsers +[**InitializeSelfServiceRegistrationFlowForBrowsers**](V0alpha2Api.md#InitializeSelfServiceRegistrationFlowForBrowsers) | **Get** /self-service/registration/browser | # Initialize Registration Flow for Browsers [**InitializeSelfServiceRegistrationFlowWithoutBrowser**](V0alpha2Api.md#InitializeSelfServiceRegistrationFlowWithoutBrowser) | **Get** /self-service/registration/api | Initialize Registration Flow for APIs, Services, Apps, ... -[**InitializeSelfServiceSettingsFlowForBrowsers**](V0alpha2Api.md#InitializeSelfServiceSettingsFlowForBrowsers) | **Get** /self-service/settings/browser | Initialize Settings Flow for Browsers +[**InitializeSelfServiceSettingsFlowForBrowsers**](V0alpha2Api.md#InitializeSelfServiceSettingsFlowForBrowsers) | **Get** /self-service/settings/browser | # Initialize Settings Flow for Browsers [**InitializeSelfServiceSettingsFlowWithoutBrowser**](V0alpha2Api.md#InitializeSelfServiceSettingsFlowWithoutBrowser) | **Get** /self-service/settings/api | Initialize Settings Flow for APIs, Services, Apps, ... -[**InitializeSelfServiceVerificationFlowForBrowsers**](V0alpha2Api.md#InitializeSelfServiceVerificationFlowForBrowsers) | **Get** /self-service/verification/browser | Initialize Verification Flow for Browser Clients +[**InitializeSelfServiceVerificationFlowForBrowsers**](V0alpha2Api.md#InitializeSelfServiceVerificationFlowForBrowsers) | **Get** /self-service/verification/browser | # Initialize Verification Flow for Browser Clients [**InitializeSelfServiceVerificationFlowWithoutBrowser**](V0alpha2Api.md#InitializeSelfServiceVerificationFlowWithoutBrowser) | **Get** /self-service/verification/api | Initialize Verification Flow for APIs, Services, Apps, ... [**ListIdentitySchemas**](V0alpha2Api.md#ListIdentitySchemas) | **Get** /schemas | [**ListSessions**](V0alpha2Api.md#ListSessions) | **Get** /sessions | This endpoints returns all other active sessions that belong to the logged-in user. The current session can be retrieved by calling the `/sessions/whoami` endpoint. [**RevokeSession**](V0alpha2Api.md#RevokeSession) | **Delete** /sessions/{id} | Calling this endpoint invalidates the specified session. The current session cannot be revoked. Session data are not deleted. [**RevokeSessions**](V0alpha2Api.md#RevokeSessions) | **Delete** /sessions | Calling this endpoint invalidates all except the current session that belong to the logged-in user. Session data are not deleted. -[**SubmitSelfServiceLoginFlow**](V0alpha2Api.md#SubmitSelfServiceLoginFlow) | **Post** /self-service/login | Submit a Login Flow -[**SubmitSelfServiceLogoutFlow**](V0alpha2Api.md#SubmitSelfServiceLogoutFlow) | **Get** /self-service/logout | Complete Self-Service Logout +[**SubmitSelfServiceLoginFlow**](V0alpha2Api.md#SubmitSelfServiceLoginFlow) | **Post** /self-service/login | # Submit a Login Flow +[**SubmitSelfServiceLogoutFlow**](V0alpha2Api.md#SubmitSelfServiceLogoutFlow) | **Get** /self-service/logout | # Complete Self-Service Logout [**SubmitSelfServiceLogoutFlowWithoutBrowser**](V0alpha2Api.md#SubmitSelfServiceLogoutFlowWithoutBrowser) | **Delete** /self-service/logout/api | Perform Logout for APIs, Services, Apps, ... -[**SubmitSelfServiceRecoveryFlow**](V0alpha2Api.md#SubmitSelfServiceRecoveryFlow) | **Post** /self-service/recovery | Complete Recovery Flow -[**SubmitSelfServiceRegistrationFlow**](V0alpha2Api.md#SubmitSelfServiceRegistrationFlow) | **Post** /self-service/registration | Submit a Registration Flow -[**SubmitSelfServiceSettingsFlow**](V0alpha2Api.md#SubmitSelfServiceSettingsFlow) | **Post** /self-service/settings | Complete Settings Flow -[**SubmitSelfServiceVerificationFlow**](V0alpha2Api.md#SubmitSelfServiceVerificationFlow) | **Post** /self-service/verification | Complete Verification Flow -[**ToSession**](V0alpha2Api.md#ToSession) | **Get** /sessions/whoami | Check Who the Current HTTP Session Belongs To +[**SubmitSelfServiceRecoveryFlow**](V0alpha2Api.md#SubmitSelfServiceRecoveryFlow) | **Post** /self-service/recovery | # Complete Recovery Flow +[**SubmitSelfServiceRegistrationFlow**](V0alpha2Api.md#SubmitSelfServiceRegistrationFlow) | **Post** /self-service/registration | # Submit a Registration Flow +[**SubmitSelfServiceSettingsFlow**](V0alpha2Api.md#SubmitSelfServiceSettingsFlow) | **Post** /self-service/settings | # Complete Settings Flow +[**SubmitSelfServiceVerificationFlow**](V0alpha2Api.md#SubmitSelfServiceVerificationFlow) | **Post** /self-service/verification | # Complete Verification Flow +[**ToSession**](V0alpha2Api.md#ToSession) | **Get** /sessions/whoami | # Check Who the Current HTTP Session Belongs To @@ -52,7 +52,7 @@ Method | HTTP request | Description > Identity AdminCreateIdentity(ctx).AdminCreateIdentityBody(adminCreateIdentityBody).Execute() -Create an Identity +# Create an Identity @@ -118,7 +118,7 @@ Name | Type | Description | Notes > SelfServiceRecoveryLink AdminCreateSelfServiceRecoveryLink(ctx).AdminCreateSelfServiceRecoveryLinkBody(adminCreateSelfServiceRecoveryLinkBody).Execute() -Create a Recovery Link +# Create a Recovery Link @@ -184,7 +184,7 @@ No authorization required > AdminDeleteIdentity(ctx, id).Execute() -Delete an Identity +# Delete an Identity @@ -390,7 +390,7 @@ Name | Type | Description | Notes > Identity AdminGetIdentity(ctx, id).IncludeCredential(includeCredential).Execute() -Get an Identity +# Get an Identity @@ -462,7 +462,7 @@ Name | Type | Description | Notes > []Identity AdminListIdentities(ctx).PerPage(perPage).Page(page).Execute() -List Identities +# List Identities @@ -678,7 +678,7 @@ Name | Type | Description | Notes > Identity AdminUpdateIdentity(ctx, id).AdminUpdateIdentityBody(adminUpdateIdentityBody).Execute() -Update an Identity +# Update an Identity @@ -750,7 +750,7 @@ Name | Type | Description | Notes > SelfServiceLogoutUrl CreateSelfServiceLogoutFlowUrlForBrowsers(ctx).Cookie(cookie).Execute() -Create a Logout URL for Browsers +# Create a Logout URL for Browsers @@ -886,7 +886,7 @@ No authorization required > SelfServiceError GetSelfServiceError(ctx).Id(id).Execute() -Get Self-Service Errors +# Get Self-Service Errors @@ -952,7 +952,7 @@ No authorization required > SelfServiceLoginFlow GetSelfServiceLoginFlow(ctx).Id(id).Cookie(cookie).Execute() -Get Login Flow +# Get Login Flow @@ -1020,7 +1020,7 @@ No authorization required > SelfServiceRecoveryFlow GetSelfServiceRecoveryFlow(ctx).Id(id).Cookie(cookie).Execute() -Get Recovery Flow +# Get Recovery Flow @@ -1088,7 +1088,7 @@ No authorization required > SelfServiceRegistrationFlow GetSelfServiceRegistrationFlow(ctx).Id(id).Cookie(cookie).Execute() -Get Registration Flow +# Get Registration Flow @@ -1156,7 +1156,7 @@ No authorization required > SelfServiceSettingsFlow GetSelfServiceSettingsFlow(ctx).Id(id).XSessionToken(xSessionToken).Cookie(cookie).Execute() -Get Settings Flow +# Get Settings Flow @@ -1226,7 +1226,7 @@ No authorization required > SelfServiceVerificationFlow GetSelfServiceVerificationFlow(ctx).Id(id).Cookie(cookie).Execute() -Get Verification Flow +# Get Verification Flow @@ -1294,7 +1294,7 @@ No authorization required > string GetWebAuthnJavaScript(ctx).Execute() -Get WebAuthn JavaScript +# Get WebAuthn JavaScript @@ -1355,7 +1355,7 @@ No authorization required > SelfServiceLoginFlow InitializeSelfServiceLoginFlowForBrowsers(ctx).Refresh(refresh).Aal(aal).ReturnTo(returnTo).Execute() -Initialize Login Flow for Browsers +# Initialize Login Flow for Browsers @@ -1495,7 +1495,7 @@ No authorization required > SelfServiceRecoveryFlow InitializeSelfServiceRecoveryFlowForBrowsers(ctx).ReturnTo(returnTo).Execute() -Initialize Recovery Flow for Browsers +# Initialize Recovery Flow for Browsers @@ -1622,7 +1622,7 @@ No authorization required > SelfServiceRegistrationFlow InitializeSelfServiceRegistrationFlowForBrowsers(ctx).ReturnTo(returnTo).Execute() -Initialize Registration Flow for Browsers +# Initialize Registration Flow for Browsers @@ -1749,7 +1749,7 @@ No authorization required > SelfServiceSettingsFlow InitializeSelfServiceSettingsFlowForBrowsers(ctx).ReturnTo(returnTo).Execute() -Initialize Settings Flow for Browsers +# Initialize Settings Flow for Browsers @@ -1881,7 +1881,7 @@ No authorization required > SelfServiceVerificationFlow InitializeSelfServiceVerificationFlowForBrowsers(ctx).ReturnTo(returnTo).Execute() -Initialize Verification Flow for Browser Clients +# Initialize Verification Flow for Browser Clients @@ -2284,7 +2284,7 @@ No authorization required > SuccessfulSelfServiceLoginWithoutBrowser SubmitSelfServiceLoginFlow(ctx).Flow(flow).SubmitSelfServiceLoginFlowBody(submitSelfServiceLoginFlowBody).XSessionToken(xSessionToken).Cookie(cookie).Execute() -Submit a Login Flow +# Submit a Login Flow @@ -2356,7 +2356,7 @@ No authorization required > SubmitSelfServiceLogoutFlow(ctx).Token(token).ReturnTo(returnTo).Execute() -Complete Self-Service Logout +# Complete Self-Service Logout @@ -2486,7 +2486,7 @@ No authorization required > SelfServiceRecoveryFlow SubmitSelfServiceRecoveryFlow(ctx).Flow(flow).SubmitSelfServiceRecoveryFlowBody(submitSelfServiceRecoveryFlowBody).Token(token).Cookie(cookie).Execute() -Complete Recovery Flow +# Complete Recovery Flow @@ -2558,7 +2558,7 @@ No authorization required > SuccessfulSelfServiceRegistrationWithoutBrowser SubmitSelfServiceRegistrationFlow(ctx).Flow(flow).SubmitSelfServiceRegistrationFlowBody(submitSelfServiceRegistrationFlowBody).Cookie(cookie).Execute() -Submit a Registration Flow +# Submit a Registration Flow @@ -2628,7 +2628,7 @@ No authorization required > SelfServiceSettingsFlow SubmitSelfServiceSettingsFlow(ctx).Flow(flow).SubmitSelfServiceSettingsFlowBody(submitSelfServiceSettingsFlowBody).XSessionToken(xSessionToken).Cookie(cookie).Execute() -Complete Settings Flow +# Complete Settings Flow @@ -2700,7 +2700,7 @@ No authorization required > SelfServiceVerificationFlow SubmitSelfServiceVerificationFlow(ctx).Flow(flow).SubmitSelfServiceVerificationFlowBody(submitSelfServiceVerificationFlowBody).Token(token).Cookie(cookie).Execute() -Complete Verification Flow +# Complete Verification Flow @@ -2772,7 +2772,7 @@ No authorization required > Session ToSession(ctx).XSessionToken(xSessionToken).Cookie(cookie).Execute() -Check Who the Current HTTP Session Belongs To +# Check Who the Current HTTP Session Belongs To diff --git a/spec/api.json b/spec/api.json index 31bed6667208..9b334dbb5e22 100755 --- a/spec/api.json +++ b/spec/api.json @@ -2370,7 +2370,7 @@ "description": "webAuthnJavaScript" } }, - "summary": "Get WebAuthn JavaScript", + "summary": "# Get WebAuthn JavaScript", "tags": [ "v0alpha2" ] @@ -2432,7 +2432,7 @@ "oryAccessToken": [] } ], - "summary": "List Identities", + "summary": "# List Identities", "tags": [ "v0alpha2" ] @@ -2497,7 +2497,7 @@ "oryAccessToken": [] } ], - "summary": "Create an Identity", + "summary": "# Create an Identity", "tags": [ "v0alpha2" ] @@ -2548,7 +2548,7 @@ "oryAccessToken": [] } ], - "summary": "Delete an Identity", + "summary": "# Delete an Identity", "tags": [ "v0alpha2" ] @@ -2615,7 +2615,7 @@ "oryAccessToken": [] } ], - "summary": "Get an Identity", + "summary": "# Get an Identity", "tags": [ "v0alpha2" ] @@ -2787,7 +2787,7 @@ "oryAccessToken": [] } ], - "summary": "Update an Identity", + "summary": "# Update an Identity", "tags": [ "v0alpha2" ] @@ -3027,7 +3027,7 @@ "description": "jsonError" } }, - "summary": "Create a Recovery Link", + "summary": "# Create a Recovery Link", "tags": [ "v0alpha2" ] @@ -3360,7 +3360,7 @@ "description": "jsonError" } }, - "summary": "Get Self-Service Errors", + "summary": "# Get Self-Service Errors", "tags": [ "v0alpha2" ] @@ -3468,7 +3468,7 @@ "description": "jsonError" } }, - "summary": "Submit a Login Flow", + "summary": "# Submit a Login Flow", "tags": [ "v0alpha2" ] @@ -3607,7 +3607,7 @@ "description": "jsonError" } }, - "summary": "Initialize Login Flow for Browsers", + "summary": "# Initialize Login Flow for Browsers", "tags": [ "v0alpha2" ] @@ -3688,7 +3688,7 @@ "description": "jsonError" } }, - "summary": "Get Login Flow", + "summary": "# Get Login Flow", "tags": [ "v0alpha2" ] @@ -3734,7 +3734,7 @@ "description": "jsonError" } }, - "summary": "Complete Self-Service Logout", + "summary": "# Complete Self-Service Logout", "tags": [ "v0alpha2" ] @@ -3832,7 +3832,7 @@ "description": "jsonError" } }, - "summary": "Create a Logout URL for Browsers", + "summary": "# Create a Logout URL for Browsers", "tags": [ "v0alpha2" ] @@ -3930,7 +3930,7 @@ "description": "jsonError" } }, - "summary": "Complete Recovery Flow", + "summary": "# Complete Recovery Flow", "tags": [ "v0alpha2" ] @@ -4027,7 +4027,7 @@ "description": "jsonError" } }, - "summary": "Initialize Recovery Flow for Browsers", + "summary": "# Initialize Recovery Flow for Browsers", "tags": [ "v0alpha2" ] @@ -4098,7 +4098,7 @@ "description": "jsonError" } }, - "summary": "Get Recovery Flow", + "summary": "# Get Recovery Flow", "tags": [ "v0alpha2" ] @@ -4198,7 +4198,7 @@ "description": "jsonError" } }, - "summary": "Submit a Registration Flow", + "summary": "# Submit a Registration Flow", "tags": [ "v0alpha2" ] @@ -4285,7 +4285,7 @@ "description": "jsonError" } }, - "summary": "Initialize Registration Flow for Browsers", + "summary": "# Initialize Registration Flow for Browsers", "tags": [ "v0alpha2" ] @@ -4366,7 +4366,7 @@ "description": "jsonError" } }, - "summary": "Get Registration Flow", + "summary": "# Get Registration Flow", "tags": [ "v0alpha2" ] @@ -4499,7 +4499,7 @@ "sessionToken": [] } ], - "summary": "Complete Settings Flow", + "summary": "# Complete Settings Flow", "tags": [ "v0alpha2" ] @@ -4626,7 +4626,7 @@ "description": "jsonError" } }, - "summary": "Initialize Settings Flow for Browsers", + "summary": "# Initialize Settings Flow for Browsers", "tags": [ "v0alpha2" ] @@ -4725,7 +4725,7 @@ "description": "jsonError" } }, - "summary": "Get Settings Flow", + "summary": "# Get Settings Flow", "tags": [ "v0alpha2" ] @@ -4823,7 +4823,7 @@ "description": "jsonError" } }, - "summary": "Complete Verification Flow", + "summary": "# Complete Verification Flow", "tags": [ "v0alpha2" ] @@ -4910,7 +4910,7 @@ "description": "jsonError" } }, - "summary": "Initialize Verification Flow for Browser Clients", + "summary": "# Initialize Verification Flow for Browser Clients", "tags": [ "v0alpha2" ] @@ -4981,7 +4981,7 @@ "description": "jsonError" } }, - "summary": "Get Verification Flow", + "summary": "# Get Verification Flow", "tags": [ "v0alpha2" ] @@ -5234,7 +5234,7 @@ "description": "jsonError" } }, - "summary": "Check Who the Current HTTP Session Belongs To", + "summary": "# Check Who the Current HTTP Session Belongs To", "tags": [ "v0alpha2" ] diff --git a/spec/swagger.json b/spec/swagger.json index 6fccc7547d1a..33af83314e77 100755 --- a/spec/swagger.json +++ b/spec/swagger.json @@ -31,7 +31,7 @@ "tags": [ "v0alpha2" ], - "summary": "Get WebAuthn JavaScript", + "summary": "# Get WebAuthn JavaScript", "operationId": "getWebAuthnJavaScript", "responses": { "200": { @@ -61,7 +61,7 @@ "tags": [ "v0alpha2" ], - "summary": "List Identities", + "summary": "# List Identities", "operationId": "adminListIdentities", "parameters": [ { @@ -119,7 +119,7 @@ "tags": [ "v0alpha2" ], - "summary": "Create an Identity", + "summary": "# Create an Identity", "operationId": "adminCreateIdentity", "parameters": [ { @@ -179,7 +179,7 @@ "tags": [ "v0alpha2" ], - "summary": "Get an Identity", + "summary": "# Get an Identity", "operationId": "adminGetIdentity", "parameters": [ { @@ -240,7 +240,7 @@ "tags": [ "v0alpha2" ], - "summary": "Update an Identity", + "summary": "# Update an Identity", "operationId": "adminUpdateIdentity", "parameters": [ { @@ -308,7 +308,7 @@ "tags": [ "v0alpha2" ], - "summary": "Delete an Identity", + "summary": "# Delete an Identity", "operationId": "adminDeleteIdentity", "parameters": [ { @@ -565,7 +565,7 @@ "tags": [ "v0alpha2" ], - "summary": "Create a Recovery Link", + "summary": "# Create a Recovery Link", "operationId": "adminCreateSelfServiceRecoveryLink", "parameters": [ { @@ -821,7 +821,7 @@ "tags": [ "v0alpha2" ], - "summary": "Get Self-Service Errors", + "summary": "# Get Self-Service Errors", "operationId": "getSelfServiceError", "parameters": [ { @@ -879,7 +879,7 @@ "tags": [ "v0alpha2" ], - "summary": "Submit a Login Flow", + "summary": "# Submit a Login Flow", "operationId": "submitSelfServiceLoginFlow", "parameters": [ { @@ -1017,7 +1017,7 @@ "tags": [ "v0alpha2" ], - "summary": "Initialize Login Flow for Browsers", + "summary": "# Initialize Login Flow for Browsers", "operationId": "initializeSelfServiceLoginFlowForBrowsers", "parameters": [ { @@ -1077,7 +1077,7 @@ "tags": [ "v0alpha2" ], - "summary": "Get Login Flow", + "summary": "# Get Login Flow", "operationId": "getSelfServiceLoginFlow", "parameters": [ { @@ -1141,7 +1141,7 @@ "tags": [ "v0alpha2" ], - "summary": "Complete Self-Service Logout", + "summary": "# Complete Self-Service Logout", "operationId": "submitSelfServiceLogoutFlow", "parameters": [ { @@ -1233,7 +1233,7 @@ "tags": [ "v0alpha2" ], - "summary": "Create a Logout URL for Browsers", + "summary": "# Create a Logout URL for Browsers", "operationId": "createSelfServiceLogoutFlowUrlForBrowsers", "parameters": [ { @@ -1282,7 +1282,7 @@ "tags": [ "v0alpha2" ], - "summary": "Complete Recovery Flow", + "summary": "# Complete Recovery Flow", "operationId": "submitSelfServiceRecoveryFlow", "parameters": [ { @@ -1388,7 +1388,7 @@ "tags": [ "v0alpha2" ], - "summary": "Initialize Recovery Flow for Browsers", + "summary": "# Initialize Recovery Flow for Browsers", "operationId": "initializeSelfServiceRecoveryFlowForBrowsers", "parameters": [ { @@ -1436,7 +1436,7 @@ "tags": [ "v0alpha2" ], - "summary": "Get Recovery Flow", + "summary": "# Get Recovery Flow", "operationId": "getSelfServiceRecoveryFlow", "parameters": [ { @@ -1498,7 +1498,7 @@ "tags": [ "v0alpha2" ], - "summary": "Submit a Registration Flow", + "summary": "# Submit a Registration Flow", "operationId": "submitSelfServiceRegistrationFlow", "parameters": [ { @@ -1607,7 +1607,7 @@ "tags": [ "v0alpha2" ], - "summary": "Initialize Registration Flow for Browsers", + "summary": "# Initialize Registration Flow for Browsers", "operationId": "initializeSelfServiceRegistrationFlowForBrowsers", "parameters": [ { @@ -1649,7 +1649,7 @@ "tags": [ "v0alpha2" ], - "summary": "Get Registration Flow", + "summary": "# Get Registration Flow", "operationId": "getSelfServiceRegistrationFlow", "parameters": [ { @@ -1722,7 +1722,7 @@ "tags": [ "v0alpha2" ], - "summary": "Complete Settings Flow", + "summary": "# Complete Settings Flow", "operationId": "submitSelfServiceSettingsFlow", "parameters": [ { @@ -1854,7 +1854,7 @@ "tags": [ "v0alpha2" ], - "summary": "Initialize Settings Flow for Browsers", + "summary": "# Initialize Settings Flow for Browsers", "operationId": "initializeSelfServiceSettingsFlowForBrowsers", "parameters": [ { @@ -1914,7 +1914,7 @@ "tags": [ "v0alpha2" ], - "summary": "Get Settings Flow", + "summary": "# Get Settings Flow", "operationId": "getSelfServiceSettingsFlow", "parameters": [ { @@ -1994,7 +1994,7 @@ "tags": [ "v0alpha2" ], - "summary": "Complete Verification Flow", + "summary": "# Complete Verification Flow", "operationId": "submitSelfServiceVerificationFlow", "parameters": [ { @@ -2100,7 +2100,7 @@ "tags": [ "v0alpha2" ], - "summary": "Initialize Verification Flow for Browser Clients", + "summary": "# Initialize Verification Flow for Browser Clients", "operationId": "initializeSelfServiceVerificationFlowForBrowsers", "parameters": [ { @@ -2142,7 +2142,7 @@ "tags": [ "v0alpha2" ], - "summary": "Get Verification Flow", + "summary": "# Get Verification Flow", "operationId": "getSelfServiceVerificationFlow", "parameters": [ { @@ -2337,7 +2337,7 @@ "tags": [ "v0alpha2" ], - "summary": "Check Who the Current HTTP Session Belongs To", + "summary": "# Check Who the Current HTTP Session Belongs To", "operationId": "toSession", "parameters": [ { From 1689bb9f0a52387f699568da6bc773929b1201ae Mon Sep 17 00:00:00 2001 From: Henning Perl Date: Fri, 2 Sep 2022 13:32:23 +0200 Subject: [PATCH 241/411] fix: do not invalidate recovery addr on update (#2699) --- go.mod | 2 +- identity/identity_recovery.go | 6 ++ identity/identity_recovery_test.go | 41 ++++++- identity/identity_verification.go | 6 ++ identity/identity_verification_test.go | 76 +++++++++++++ package-lock.json | 5 +- persistence/sql/persister_identity.go | 101 ++++++++++++++---- persistence/sql/persister_test.go | 2 +- selfservice/strategy/link/test/persistence.go | 27 ++++- 9 files changed, 238 insertions(+), 28 deletions(-) diff --git a/go.mod b/go.mod index c6a2050066ca..e3ddbb6d09b7 100644 --- a/go.mod +++ b/go.mod @@ -1,6 +1,6 @@ module github.com/ory/kratos -go 1.17 +go 1.18 replace ( github.com/bradleyjkemp/cupaloy/v2 => github.com/aeneasr/cupaloy/v2 v2.6.1-0.20210924214125-3dfdd01210a3 diff --git a/identity/identity_recovery.go b/identity/identity_recovery.go index 0a3a2b662086..234b0341d460 100644 --- a/identity/identity_recovery.go +++ b/identity/identity_recovery.go @@ -2,6 +2,7 @@ package identity import ( "context" + "fmt" "time" "github.com/gofrs/uuid" @@ -55,6 +56,11 @@ func (a RecoveryAddress) ValidateNID() error { return nil } +// Hash returns a unique string representation for the recovery address. +func (a RecoveryAddress) Hash() string { + return fmt.Sprintf("%v|%v|%v|%v", a.Value, a.Via, a.IdentityID, a.NID) +} + func NewRecoveryEmailAddress( value string, identity uuid.UUID, diff --git a/identity/identity_recovery_test.go b/identity/identity_recovery_test.go index f3f2dd71de32..b96fac0f9ed9 100644 --- a/identity/identity_recovery_test.go +++ b/identity/identity_recovery_test.go @@ -2,9 +2,9 @@ package identity import ( "testing" + "time" "github.com/gofrs/uuid" - "github.com/stretchr/testify/assert" "github.com/ory/kratos/x" @@ -19,3 +19,42 @@ func TestNewRecoveryEmailAddress(t *testing.T) { assert.Equal(t, iid, a.IdentityID) assert.Equal(t, uuid.Nil, a.ID) } + +// TestRecoveryAddress_Hash tests that the hash considers all fields that are +// written to the database (ignoring some well-known fields like the ID or +// timestamps). +func TestRecoveryAddress_Hash(t *testing.T) { + cases := []struct { + name string + a RecoveryAddress + }{ + { + name: "full fields", + a: RecoveryAddress{ + ID: x.NewUUID(), + Value: "foo@bar.me", + Via: AddressTypeEmail, + CreatedAt: time.Now(), + UpdatedAt: time.Now(), + IdentityID: x.NewUUID(), + NID: x.NewUUID(), + }, + }, { + name: "empty fields", + a: RecoveryAddress{}, + }, { + name: "constructor", + a: *NewRecoveryEmailAddress("foo@ory.sh", x.NewUUID()), + }, + } + + for _, tc := range cases { + t.Run("case="+tc.name, func(t *testing.T) { + assert.Equal(t, + reflectiveHash(tc.a), + tc.a.Hash(), + ) + }) + } + +} diff --git a/identity/identity_verification.go b/identity/identity_verification.go index 0fc757d1418c..d1e6e55c3a43 100644 --- a/identity/identity_verification.go +++ b/identity/identity_verification.go @@ -2,6 +2,7 @@ package identity import ( "context" + "fmt" "time" "github.com/gofrs/uuid" @@ -129,3 +130,8 @@ func (a VerifiableAddress) GetNID() uuid.UUID { func (a VerifiableAddress) ValidateNID() error { return nil } + +// Hash returns a unique string representation for the recovery address. +func (a VerifiableAddress) Hash() string { + return fmt.Sprintf("%v|%v|%v|%v|%v|%v", a.Value, a.Verified, a.Via, a.Status, a.IdentityID, a.NID) +} diff --git a/identity/identity_verification_test.go b/identity/identity_verification_test.go index e81901d88211..5750c225d5be 100644 --- a/identity/identity_verification_test.go +++ b/identity/identity_verification_test.go @@ -1,7 +1,11 @@ package identity import ( + "fmt" + "reflect" + "strings" "testing" + "time" "github.com/gofrs/uuid" @@ -25,3 +29,75 @@ func TestNewVerifiableEmailAddress(t *testing.T) { assert.Equal(t, iid, a.IdentityID) assert.Equal(t, uuid.Nil, a.ID) } + +var tagsIgnoredForHashing = map[string]struct{}{ + "id": {}, + "created_at": {}, + "updated_at": {}, + "verified_at": {}, +} + +func reflectiveHash(record any) string { + var ( + val = reflect.ValueOf(record) + typ = reflect.TypeOf(record) + values = []string{} + ) + for i := 0; i < val.NumField(); i++ { + dbTag, ok := typ.Field(i).Tag.Lookup("db") + if !ok { + continue + } + if _, ignore := tagsIgnoredForHashing[dbTag]; ignore { + continue + } + if !val.Field(i).CanInterface() { + continue + } + values = append(values, fmt.Sprintf("%v", val.Field(i).Interface())) + } + return strings.Join(values, "|") +} + +// TestVerifiableAddress_Hash tests that the hash considers all fields that are +// written to the database (ignoring some well-known fields like the ID or +// timestamps). +func TestVerifiableAddress_Hash(t *testing.T) { + now := sqlxx.NullTime(time.Now()) + cases := []struct { + name string + a VerifiableAddress + }{ + { + name: "full fields", + a: VerifiableAddress{ + ID: x.NewUUID(), + Value: "foo@bar.me", + Verified: false, + Via: AddressTypeEmail, + Status: VerifiableAddressStatusPending, + VerifiedAt: &now, + CreatedAt: time.Now(), + UpdatedAt: time.Now(), + IdentityID: x.NewUUID(), + NID: x.NewUUID(), + }, + }, { + name: "empty fields", + a: VerifiableAddress{}, + }, { + name: "constructor", + a: *NewVerifiableEmailAddress("foo@ory.sh", x.NewUUID()), + }, + } + + for _, tc := range cases { + t.Run("case="+tc.name, func(t *testing.T) { + assert.Equal(t, + reflectiveHash(tc.a), + tc.a.Hash(), + ) + }) + } + +} diff --git a/package-lock.json b/package-lock.json index cb26077ca427..6429c6d8531f 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,5 +1,5 @@ { - "name": "tmp.T01PPIJfY2", + "name": "kratos", "lockfileVersion": 2, "requires": true, "packages": { @@ -5088,7 +5088,8 @@ "version": "7.5.7", "resolved": "https://registry.npmjs.org/ws/-/ws-7.5.7.tgz", "integrity": "sha512-KMvVuFzpKBuiIXW3E4u3mySRO2/mCHSyZDJQM5NQ9Q9KHWHWh0NHgfbRMLLrceUK5qAL4ytALJbpRMjixFZh8A==", - "dev": true + "dev": true, + "requires": {} }, "y18n": { "version": "5.0.8", diff --git a/persistence/sql/persister_identity.go b/persistence/sql/persister_identity.go index 22e13f1b5e62..d6bdba318cca 100644 --- a/persistence/sql/persister_identity.go +++ b/persistence/sql/persister_identity.go @@ -192,9 +192,6 @@ func (p *Persister) createVerifiableAddresses(ctx context.Context, i *identity.I defer span.End() for k := range i.VerifiableAddresses { - i.VerifiableAddresses[k].IdentityID = i.ID - i.VerifiableAddresses[k].NID = p.NetworkID(ctx) - i.VerifiableAddresses[k].Value = stringToLowerTrim(i.VerifiableAddresses[k].Value) if err := p.GetConnection(ctx).Create(&i.VerifiableAddresses[k]); err != nil { return err } @@ -202,14 +199,76 @@ func (p *Persister) createVerifiableAddresses(ctx context.Context, i *identity.I return nil } +func updateAssociation[T interface { + Hash() string +}](ctx context.Context, p *Persister, i *identity.Identity, inID []T) error { + var inDB []T + if err := p.GetConnection(ctx). + Where("identity_id = ? AND nid = ?", i.ID, p.NetworkID(ctx)). + Order("id ASC"). + All(&inDB); err != nil { + + return sqlcon.HandleError(err) + } + + newAssocs := make(map[string]*T) + oldAssocs := make(map[string]*T) + for i, a := range inID { + newAssocs[a.Hash()] = &inID[i] + } + for i, a := range inDB { + oldAssocs[a.Hash()] = &inDB[i] + } + + // Subtle: we delete the old associations from the DB first, because else + // they could cause UNIQUE constraints to fail on insert. + for h, a := range oldAssocs { + if _, found := newAssocs[h]; found { + newAssocs[h] = nil // Ignore associations that are already in the db. + } else { + if err := p.GetConnection(ctx).Destroy(a); err != nil { + return sqlcon.HandleError(err) + } + } + } + + for _, a := range newAssocs { + if a != nil { + if err := p.GetConnection(ctx).Create(a); err != nil { + return sqlcon.HandleError(err) + } + } + } + + return nil +} + +func (p *Persister) normalizeAllAddressess(ctx context.Context, id *identity.Identity) { + p.normalizeRecoveryAddresses(ctx, id) + p.normalizeVerifiableAddresses(ctx, id) +} + +func (p *Persister) normalizeVerifiableAddresses(ctx context.Context, id *identity.Identity) { + for k := range id.VerifiableAddresses { + id.VerifiableAddresses[k].IdentityID = id.ID + id.VerifiableAddresses[k].NID = p.NetworkID(ctx) + id.VerifiableAddresses[k].Value = stringToLowerTrim(id.VerifiableAddresses[k].Value) + } +} + +func (p *Persister) normalizeRecoveryAddresses(ctx context.Context, id *identity.Identity) { + for k := range id.RecoveryAddresses { + id.RecoveryAddresses[k].IdentityID = id.ID + id.RecoveryAddresses[k].NID = p.NetworkID(ctx) + id.RecoveryAddresses[k].Value = stringToLowerTrim(id.RecoveryAddresses[k].Value) + } +} + func (p *Persister) createRecoveryAddresses(ctx context.Context, i *identity.Identity) error { ctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, "persistence.sql.createRecoveryAddresses") defer span.End() for k := range i.RecoveryAddresses { - i.RecoveryAddresses[k].IdentityID = i.ID - i.RecoveryAddresses[k].NID = p.NetworkID(ctx) - i.RecoveryAddresses[k].Value = stringToLowerTrim(i.RecoveryAddresses[k].Value) if err := p.GetConnection(ctx).Create(&i.RecoveryAddresses[k]); err != nil { return err } @@ -285,6 +344,8 @@ func (p *Persister) CreateIdentity(ctx context.Context, i *identity.Identity) er return sqlcon.HandleError(err) } + p.normalizeAllAddressess(ctx, i) + if err := p.createVerifiableAddresses(ctx, i); err != nil { return sqlcon.HandleError(err) } @@ -350,27 +411,25 @@ func (p *Persister) UpdateIdentity(ctx context.Context, i *identity.Identity) er return sql.ErrNoRows } - for _, tn := range []string{ - new(identity.Credentials).TableName(ctx), - new(identity.VerifiableAddress).TableName(ctx), - new(identity.RecoveryAddress).TableName(ctx), - } { - /* #nosec G201 TableName is static */ - if err := tx.RawQuery(fmt.Sprintf( - `DELETE FROM %s WHERE identity_id = ? AND nid = ?`, tn), i.ID, p.NetworkID(ctx)).Exec(); err != nil { - return err - } + p.normalizeAllAddressess(ctx, i) + if err := updateAssociation(ctx, p, i, i.RecoveryAddresses); err != nil { + return err } - - if err := p.update(WithTransaction(ctx, tx), i); err != nil { + if err := updateAssociation(ctx, p, i, i.VerifiableAddresses); err != nil { return err } - if err := p.createVerifiableAddresses(ctx, i); err != nil { - return err + /* #nosec G201 TableName is static */ + if err := tx.RawQuery( + fmt.Sprintf( + `DELETE FROM %s WHERE identity_id = ? AND nid = ?`, + new(identity.Credentials).TableName(ctx)), + i.ID, p.NetworkID(ctx)).Exec(); err != nil { + + return sqlcon.HandleError(err) } - if err := p.createRecoveryAddresses(ctx, i); err != nil { + if err := p.update(WithTransaction(ctx, tx), i); err != nil { return err } diff --git a/persistence/sql/persister_test.go b/persistence/sql/persister_test.go index 0474a6b7324f..ae3eb1f8e001 100644 --- a/persistence/sql/persister_test.go +++ b/persistence/sql/persister_test.go @@ -285,7 +285,7 @@ func TestPersister_Transaction(t *testing.T) { Traits: ri.Traits(`{}`), } errMessage := "failing because why not" - err := p.Transaction(context.Background(), func(ctx context.Context, connection *pop.Connection) error { + err := p.Transaction(context.Background(), func(_ context.Context, connection *pop.Connection) error { require.NoError(t, connection.Create(i)) return errors.Errorf(errMessage) }) diff --git a/selfservice/strategy/link/test/persistence.go b/selfservice/strategy/link/test/persistence.go index b6ed26f00c61..f8648bf82676 100644 --- a/selfservice/strategy/link/test/persistence.go +++ b/selfservice/strategy/link/test/persistence.go @@ -93,8 +93,31 @@ func TestPersister(ctx context.Context, conf *config.Config, p interface { assert.NotEqual(t, expected.Token, actual.Token) assert.EqualValues(t, expected.FlowID, actual.FlowID) - _, err = p.UseRecoveryToken(ctx, f.ID, expected.Token) - require.Error(t, err) + t.Run("double spend", func(t *testing.T) { + _, err = p.UseRecoveryToken(ctx, f.ID, expected.Token) + require.Error(t, err) + }) + }) + + t.Run("case=update to identity should not invalidate token", func(t *testing.T) { + expected, f := newRecoveryToken(t, "some-user@ory.sh") + + require.NoError(t, p.CreateRecoveryToken(ctx, expected)) + id, err := p.GetIdentity(ctx, expected.IdentityID) + require.NoError(t, err) + require.NoError(t, p.UpdateIdentity(ctx, id)) + + actual, err := p.UseRecoveryToken(ctx, f.ID, expected.Token) + require.NoError(t, err) + assert.Equal(t, nid, actual.NID) + assert.Equal(t, expected.IdentityID, actual.IdentityID) + assert.NotEqual(t, expected.Token, actual.Token) + assert.EqualValues(t, expected.FlowID, actual.FlowID) + + t.Run("double spend", func(t *testing.T) { + _, err = p.UseRecoveryToken(ctx, f.ID, expected.Token) + require.Error(t, err) + }) }) }) From 1787e686cade72626db8627f073358cccfd7ce6e Mon Sep 17 00:00:00 2001 From: ory-bot <60093411+ory-bot@users.noreply.github.com> Date: Fri, 2 Sep 2022 12:13:34 +0000 Subject: [PATCH 242/411] autogen(docs): regenerate and update changelog [skip ci] --- CHANGELOG.md | 29 +++++++++++++++++++++++++++-- 1 file changed, 27 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 4f2cd8b81e1b..161c153badf8 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,7 +4,7 @@ **Table of Contents** -- [ (2022-08-24)](#2022-08-24) +- [ (2022-09-02)](#2022-09-02) - [Breaking Changes](#breaking-changes) - [Bug Fixes](#bug-fixes) - [Code Refactoring](#code-refactoring) @@ -264,10 +264,13 @@ -# [](https://github.com/ory/kratos/compare/v0.10.1...v) (2022-08-24) +# [](https://github.com/ory/kratos/compare/v0.10.1...v) (2022-09-02) ## Breaking Changes +This patch invalidates recovery flows initiated using the Admin API. Please +re-generate any admin-generated recovery flows and tokens. + This is a breaking change, as it removes the `courier.message_ttl` config key and replaces it with a counter `courier.message_retries`. @@ -307,6 +310,9 @@ SDK Method `getJsonSchema` was renamed to `getIdentitySchema`. ([#2613](https://github.com/ory/kratos/issues/2613)) ([29aa3b6](https://github.com/ory/kratos/commit/29aa3b6c37b3a173dcfeb02fdad4abc83774bc0b)), closes [#2591](https://github.com/ory/kratos/issues/2591) +- Do not invalidate recovery addr on update + ([#2699](https://github.com/ory/kratos/issues/2699)) + ([1689bb9](https://github.com/ory/kratos/commit/1689bb9f0a52387f699568da6bc773929b1201ae)) - **docker:** Add missing dependencies ([#2643](https://github.com/ory/kratos/issues/2643)) ([c589520](https://github.com/ory/kratos/commit/c589520ff865cefdb287e597b9e858851a778755)) @@ -323,6 +329,8 @@ SDK Method `getJsonSchema` was renamed to `getIdentitySchema`. ([#2517](https://github.com/ory/kratos/issues/2517)) ([c058e23](https://github.com/ory/kratos/commit/c058e23599d994e12b676e87f7282c1f2b2e089c)), closes [#2426](https://github.com/ory/kratos/issues/2426) +- Ignore commata in HIBP response + ([0856bd7](https://github.com/ory/kratos/commit/0856bd719b7e06a6d2163bf428ff6513d86376db)) - Ignore CSRF for session extension on public route ([866b472](https://github.com/ory/kratos/commit/866b472750fba7bf498d359796f24867af7270ad)) - Ignore error explicitly @@ -330,6 +338,16 @@ SDK Method `getJsonSchema` was renamed to `getIdentitySchema`. - Improve migration status speed ([#2637](https://github.com/ory/kratos/issues/2637)) ([a2e3c41](https://github.com/ory/kratos/commit/a2e3c41f9e513e1de47f6320f6a10acd1fed5eea)) +- Include flow id in use recovery token query + ([#2679](https://github.com/ory/kratos/issues/2679)) + ([d56586b](https://github.com/ory/kratos/commit/d56586b028d79387886f880c1455edb5e4df2209)): + + This PR adds the `selfservice_recovery_flow_id` to the query used when "using" + a token in the recovery flow. + + This PR also adds a new enum field for `identity_recovery_tokens` to + distinguish the two flows: admin versus self-service recovery. + - Make hydra consistently localhost ([70211a1](https://github.com/ory/kratos/commit/70211a17a452d5ced8317822afda3f8e6185cc71)) - Make ID field in VerifiableAddress struct optional @@ -338,6 +356,8 @@ SDK Method `getJsonSchema` was renamed to `getIdentitySchema`. closes [#2506](https://github.com/ory/kratos/issues/2506) - Make servicelocator explicit ([4f841da](https://github.com/ory/kratos/commit/4f841dae5423acf3514d50add9e99d28bc339fbb)) +- Make swagger/openapi go 1.19 compatible + ([fec6772](https://github.com/ory/kratos/commit/fec6772739129e0d5bb4103c717b1ac60df45aa8)) - Mark gosec false positives ([13eaddb](https://github.com/ory/kratos/commit/13eaddb7babe630750361c6d8f3ffc736898ddec)) - Metadata should not be required @@ -439,6 +459,8 @@ SDK Method `getJsonSchema` was renamed to `getIdentitySchema`. - Add identity id to "account disabled" error ([#2557](https://github.com/ory/kratos/issues/2557)) ([f09b1b3](https://github.com/ory/kratos/commit/f09b1b3701c6deda4d25cebb7ccf2e97089be32a)) +- Add missing config entry + ([8fe9de6](https://github.com/ory/kratos/commit/8fe9de6d60a381611e07226614241a83b0010126)) - Add PATCH to adminUpdateIdentity ([#2380](https://github.com/ory/kratos/issues/2380)) ([#2471](https://github.com/ory/kratos/issues/2471)) @@ -470,6 +492,9 @@ SDK Method `getJsonSchema` was renamed to `getIdentitySchema`. `courier.message_retries` option to limit how often the sending of a message is retried before it is marked as `abandoned`. +- Support ip exceptions + ([de46c08](https://github.com/ory/kratos/commit/de46c08534dfae6165f6a570cc59829f367c0b57)) + ### Reverts - Revert "autogen(openapi): regenerate swagger spec and internal client" From c0ceaf31f9327cca903c19b77597cae4587737e6 Mon Sep 17 00:00:00 2001 From: aeneasr <3372410+aeneasr@users.noreply.github.com> Date: Thu, 1 Sep 2022 11:45:26 +0200 Subject: [PATCH 243/411] feat: add pre-hooks to settings, verification, recovery --- driver/config/config.go | 15 +++ driver/registry_default_recovery.go | 9 ++ driver/registry_default_settings.go | 9 ++ driver/registry_default_test.go | 117 +++++++++++++++++++++ driver/registry_default_verify.go | 9 ++ embedx/config.schema.json | 36 +++++++ internal/testhelpers/selfservice.go | 18 +++- selfservice/flow/recovery/handler.go | 11 ++ selfservice/flow/recovery/hook.go | 20 ++++ selfservice/flow/recovery/hook_test.go | 18 ++++ selfservice/flow/registration/hook.go | 2 + selfservice/flow/registration/hook_test.go | 27 ++--- selfservice/flow/settings/error.go | 2 +- selfservice/flow/settings/handler.go | 5 + selfservice/flow/settings/hook.go | 31 +++++- selfservice/flow/settings/hook_test.go | 23 +++- selfservice/flow/verification/handler.go | 45 +++++--- selfservice/flow/verification/hook.go | 20 ++++ selfservice/flow/verification/hook_test.go | 19 ++++ selfservice/hook/error.go | 21 +++- selfservice/hook/web_hook.go | 30 ++++++ selfservice/strategy/link/strategy.go | 1 + 22 files changed, 447 insertions(+), 41 deletions(-) diff --git a/driver/config/config.go b/driver/config/config.go index d5e7d9455690..ab0449a5c5e5 100644 --- a/driver/config/config.go +++ b/driver/config/config.go @@ -129,10 +129,12 @@ const ( ViperKeySelfServiceLogoutBrowserDefaultReturnTo = "selfservice.flows.logout.after." + DefaultBrowserReturnURL ViperKeySelfServiceSettingsURL = "selfservice.flows.settings.ui_url" ViperKeySelfServiceSettingsAfter = "selfservice.flows.settings.after" + ViperKeySelfServiceSettingsBeforeHooks = "selfservice.flows.settings.before.hooks" ViperKeySelfServiceSettingsRequestLifespan = "selfservice.flows.settings.lifespan" ViperKeySelfServiceSettingsPrivilegedAuthenticationAfter = "selfservice.flows.settings.privileged_session_max_age" ViperKeySelfServiceSettingsRequiredAAL = "selfservice.flows.settings.required_aal" ViperKeySelfServiceRecoveryAfter = "selfservice.flows.recovery.after" + ViperKeySelfServiceRecoveryBeforeHooks = "selfservice.flows.recovery.before.hooks" ViperKeySelfServiceRecoveryEnabled = "selfservice.flows.recovery.enabled" ViperKeySelfServiceRecoveryUI = "selfservice.flows.recovery.ui_url" ViperKeySelfServiceRecoveryRequestLifespan = "selfservice.flows.recovery.lifespan" @@ -142,6 +144,7 @@ const ( ViperKeySelfServiceVerificationRequestLifespan = "selfservice.flows.verification.lifespan" ViperKeySelfServiceVerificationBrowserDefaultReturnTo = "selfservice.flows.verification.after." + DefaultBrowserReturnURL ViperKeySelfServiceVerificationAfter = "selfservice.flows.verification.after" + ViperKeySelfServiceVerificationBeforeHooks = "selfservice.flows.verification.before.hooks" ViperKeyDefaultIdentitySchemaID = "identity.default_schema_id" ViperKeyIdentitySchemas = "identity.schemas" ViperKeyHasherAlgorithm = "hashers.algorithm" @@ -623,6 +626,18 @@ func (p *Config) SelfServiceFlowLoginBeforeHooks(ctx context.Context) []SelfServ return p.selfServiceHooks(ctx, ViperKeySelfServiceLoginBeforeHooks) } +func (p *Config) SelfServiceFlowRecoveryBeforeHooks(ctx context.Context) []SelfServiceHook { + return p.selfServiceHooks(ctx, ViperKeySelfServiceRecoveryBeforeHooks) +} + +func (p *Config) SelfServiceFlowVerificationBeforeHooks(ctx context.Context) []SelfServiceHook { + return p.selfServiceHooks(ctx, ViperKeySelfServiceVerificationBeforeHooks) +} + +func (p *Config) SelfServiceFlowSettingsBeforeHooks(ctx context.Context) []SelfServiceHook { + return p.selfServiceHooks(ctx, ViperKeySelfServiceSettingsBeforeHooks) +} + func (p *Config) SelfServiceFlowRegistrationBeforeHooks(ctx context.Context) []SelfServiceHook { return p.selfServiceHooks(ctx, ViperKeySelfServiceRegistrationBeforeHooks) } diff --git a/driver/registry_default_recovery.go b/driver/registry_default_recovery.go index 6981edfbd6c1..eddd170e8d13 100644 --- a/driver/registry_default_recovery.go +++ b/driver/registry_default_recovery.go @@ -50,6 +50,15 @@ func (m *RegistryDefault) RecoveryExecutor() *recovery.HookExecutor { return m.selfserviceRecoveryExecutor } +func (m *RegistryDefault) PreRecoveryHooks(ctx context.Context) (b []recovery.PreHookExecutor) { + for _, v := range m.getHooks("", m.Config().SelfServiceFlowRecoveryBeforeHooks(ctx)) { + if hook, ok := v.(recovery.PreHookExecutor); ok { + b = append(b, hook) + } + } + return +} + func (m *RegistryDefault) PostRecoveryHooks(ctx context.Context) (b []recovery.PostHookExecutor) { for _, v := range m.getHooks(config.HookGlobal, m.Config().SelfServiceFlowRecoveryAfterHooks(ctx, config.HookGlobal)) { if hook, ok := v.(recovery.PostHookExecutor); ok { diff --git a/driver/registry_default_settings.go b/driver/registry_default_settings.go index 567c06959d4b..22e6ad509fd4 100644 --- a/driver/registry_default_settings.go +++ b/driver/registry_default_settings.go @@ -16,6 +16,15 @@ func (m *RegistryDefault) PostSettingsPrePersistHooks(ctx context.Context, setti return } +func (m *RegistryDefault) PreSettingsHooks(ctx context.Context) (b []settings.PreHookExecutor) { + for _, v := range m.getHooks("", m.Config().SelfServiceFlowSettingsBeforeHooks(ctx)) { + if hook, ok := v.(settings.PreHookExecutor); ok { + b = append(b, hook) + } + } + return +} + func (m *RegistryDefault) PostSettingsPostPersistHooks(ctx context.Context, settingsType string) (b []settings.PostHookPostPersistExecutor) { initialHookCount := 0 if m.Config().SelfServiceFlowVerificationEnabled(ctx) { diff --git a/driver/registry_default_test.go b/driver/registry_default_test.go index 96ac14a7944f..356d81b67d00 100644 --- a/driver/registry_default_test.go +++ b/driver/registry_default_test.go @@ -31,6 +31,45 @@ func TestDriverDefault_Hooks(t *testing.T) { ctx := context.Background() t.Run("type=verification", func(t *testing.T) { + // BEFORE hooks + for _, tc := range []struct { + uc string + prep func(conf *config.Config) + expect func(reg *driver.RegistryDefault) []verification.PreHookExecutor + }{ + { + uc: "No hooks configured", + prep: func(conf *config.Config) {}, + expect: func(reg *driver.RegistryDefault) []verification.PreHookExecutor { return nil }, + }, + { + uc: "Two web_hooks are configured", + prep: func(conf *config.Config) { + conf.MustSet(ctx, config.ViperKeySelfServiceVerificationBeforeHooks, []map[string]interface{}{ + {"hook": "web_hook", "config": map[string]interface{}{"url": "foo", "method": "POST"}}, + {"hook": "web_hook", "config": map[string]interface{}{"url": "bar", "method": "GET"}}, + }) + }, + expect: func(reg *driver.RegistryDefault) []verification.PreHookExecutor { + return []verification.PreHookExecutor{ + hook.NewWebHook(reg, json.RawMessage(`{"method":"POST","url":"foo"}`)), + hook.NewWebHook(reg, json.RawMessage(`{"method":"GET","url":"bar"}`)), + } + }, + }, + } { + t.Run(fmt.Sprintf("before/uc=%s", tc.uc), func(t *testing.T) { + conf, reg := internal.NewFastRegistryWithMocks(t) + tc.prep(conf) + + h := reg.PreVerificationHooks(ctx) + + expectedExecutors := tc.expect(reg) + require.Len(t, h, len(expectedExecutors)) + assert.Equal(t, expectedExecutors, h) + }) + } + // AFTER hooks for _, tc := range []struct { uc string @@ -72,6 +111,45 @@ func TestDriverDefault_Hooks(t *testing.T) { }) t.Run("type=recovery", func(t *testing.T) { + // BEFORE hooks + for _, tc := range []struct { + uc string + prep func(conf *config.Config) + expect func(reg *driver.RegistryDefault) []recovery.PreHookExecutor + }{ + { + uc: "No hooks configured", + prep: func(conf *config.Config) {}, + expect: func(reg *driver.RegistryDefault) []recovery.PreHookExecutor { return nil }, + }, + { + uc: "Two web_hooks are configured", + prep: func(conf *config.Config) { + conf.MustSet(ctx, config.ViperKeySelfServiceRecoveryBeforeHooks, []map[string]interface{}{ + {"hook": "web_hook", "config": map[string]interface{}{"url": "foo", "method": "POST"}}, + {"hook": "web_hook", "config": map[string]interface{}{"url": "bar", "method": "GET"}}, + }) + }, + expect: func(reg *driver.RegistryDefault) []recovery.PreHookExecutor { + return []recovery.PreHookExecutor{ + hook.NewWebHook(reg, json.RawMessage(`{"method":"POST","url":"foo"}`)), + hook.NewWebHook(reg, json.RawMessage(`{"method":"GET","url":"bar"}`)), + } + }, + }, + } { + t.Run(fmt.Sprintf("before/uc=%s", tc.uc), func(t *testing.T) { + conf, reg := internal.NewFastRegistryWithMocks(t) + tc.prep(conf) + + h := reg.PreRecoveryHooks(ctx) + + expectedExecutors := tc.expect(reg) + require.Len(t, h, len(expectedExecutors)) + assert.Equal(t, expectedExecutors, h) + }) + } + // AFTER hooks for _, tc := range []struct { uc string @@ -388,6 +466,45 @@ func TestDriverDefault_Hooks(t *testing.T) { }) t.Run("type=settings", func(t *testing.T) { + // BEFORE hooks + for _, tc := range []struct { + uc string + prep func(conf *config.Config) + expect func(reg *driver.RegistryDefault) []settings.PreHookExecutor + }{ + { + uc: "No hooks configured", + prep: func(conf *config.Config) {}, + expect: func(reg *driver.RegistryDefault) []settings.PreHookExecutor { return nil }, + }, + { + uc: "Two web_hooks are configured", + prep: func(conf *config.Config) { + conf.MustSet(ctx, config.ViperKeySelfServiceSettingsBeforeHooks, []map[string]interface{}{ + {"hook": "web_hook", "config": map[string]interface{}{"url": "foo", "method": "POST"}}, + {"hook": "web_hook", "config": map[string]interface{}{"url": "bar", "method": "GET"}}, + }) + }, + expect: func(reg *driver.RegistryDefault) []settings.PreHookExecutor { + return []settings.PreHookExecutor{ + hook.NewWebHook(reg, json.RawMessage(`{"method":"POST","url":"foo"}`)), + hook.NewWebHook(reg, json.RawMessage(`{"method":"GET","url":"bar"}`)), + } + }, + }, + } { + t.Run(fmt.Sprintf("before/uc=%s", tc.uc), func(t *testing.T) { + conf, reg := internal.NewFastRegistryWithMocks(t) + tc.prep(conf) + + h := reg.PreSettingsHooks(ctx) + + expectedExecutors := tc.expect(reg) + require.Len(t, h, len(expectedExecutors)) + assert.Equal(t, expectedExecutors, h) + }) + } + // AFTER hooks for _, tc := range []struct { uc string diff --git a/driver/registry_default_verify.go b/driver/registry_default_verify.go index 7fdca0f71bec..0cb1a8ab2e8e 100644 --- a/driver/registry_default_verify.go +++ b/driver/registry_default_verify.go @@ -73,6 +73,15 @@ func (m *RegistryDefault) VerificationExecutor() *verification.HookExecutor { return m.selfserviceVerificationExecutor } +func (m *RegistryDefault) PreVerificationHooks(ctx context.Context) (b []verification.PreHookExecutor) { + for _, v := range m.getHooks("", m.Config().SelfServiceFlowVerificationBeforeHooks(ctx)) { + if hook, ok := v.(verification.PreHookExecutor); ok { + b = append(b, hook) + } + } + return +} + func (m *RegistryDefault) PostVerificationHooks(ctx context.Context) (b []verification.PostHookExecutor) { for _, v := range m.getHooks(config.HookGlobal, m.Config().SelfServiceFlowVerificationAfterHooks(ctx, config.HookGlobal)) { if hook, ok := v.(verification.PostHookExecutor); ok { diff --git a/embedx/config.schema.json b/embedx/config.schema.json index 0fb733ca9806..423482e974e2 100644 --- a/embedx/config.schema.json +++ b/embedx/config.schema.json @@ -790,6 +790,33 @@ } } }, + "selfServiceBeforeSettings": { + "type": "object", + "additionalProperties": false, + "properties": { + "hooks": { + "$ref": "#/definitions/selfServiceHooks" + } + } + }, + "selfServiceBeforeRecovery": { + "type": "object", + "additionalProperties": false, + "properties": { + "hooks": { + "$ref": "#/definitions/selfServiceHooks" + } + } + }, + "selfServiceBeforeVerification": { + "type": "object", + "additionalProperties": false, + "properties": { + "hooks": { + "$ref": "#/definitions/selfServiceHooks" + } + } + }, "selfServiceAfterRegistration": { "type": "object", "additionalProperties": false, @@ -1023,6 +1050,9 @@ }, "after": { "$ref": "#/definitions/selfServiceAfterSettings" + }, + "before": { + "$ref": "#/definitions/selfServiceBeforeSettings" } } }, @@ -1146,6 +1176,9 @@ "1m", "1s" ] + }, + "before": { + "$ref": "#/definitions/selfServiceBeforeVerification" } } }, @@ -1184,6 +1217,9 @@ "1m", "1s" ] + }, + "before": { + "$ref": "#/definitions/selfServiceBeforeRecovery" } } }, diff --git a/internal/testhelpers/selfservice.go b/internal/testhelpers/selfservice.go index 8a21cb0aad89..b55be5557b2a 100644 --- a/internal/testhelpers/selfservice.go +++ b/internal/testhelpers/selfservice.go @@ -46,7 +46,7 @@ func TestSelfServicePreHook( t.Run("case=err if hooks err", func(t *testing.T) { t.Cleanup(SelfServiceHookConfigReset(t, conf)) - conf.MustSet(ctx, configKey, []config.SelfServiceHook{{Name: "err", Config: []byte(`{"ExecuteLoginPreHook": "err","ExecuteRegistrationPreHook": "err"}`)}}) + conf.MustSet(ctx, configKey, []config.SelfServiceHook{{Name: "err", Config: []byte(`{"ExecuteLoginPreHook": "err","ExecuteRegistrationPreHook": "err","ExecuteSettingsPreHook": "err","ExecuteVerificationPreHook": "err","ExecuteRecoveryPreHook": "err"}`)}}) res, body := makeRequestPre(t, newServer(t)) assert.EqualValues(t, http.StatusInternalServerError, res.StatusCode, "%s", body) @@ -55,7 +55,7 @@ func TestSelfServicePreHook( t.Run("case=abort if hooks aborts", func(t *testing.T) { t.Cleanup(SelfServiceHookConfigReset(t, conf)) - conf.MustSet(ctx, configKey, []config.SelfServiceHook{{Name: "err", Config: []byte(`{"ExecuteLoginPreHook": "abort","ExecuteRegistrationPreHook": "abort"}`)}}) + conf.MustSet(ctx, configKey, []config.SelfServiceHook{{Name: "err", Config: []byte(`{"ExecuteLoginPreHook": "abort","ExecuteRegistrationPreHook": "abort","ExecuteSettingsPreHook": "abort","ExecuteVerificationPreHook": "abort","ExecuteRecoveryPreHook": "abort"}`)}}) res, body := makeRequestPre(t, newServer(t)) assert.EqualValues(t, http.StatusOK, res.StatusCode) @@ -154,7 +154,7 @@ func SelfServiceHookRegistrationErrorHandler(t *testing.T, w http.ResponseWriter } func SelfServiceHookSettingsErrorHandler(t *testing.T, w http.ResponseWriter, r *http.Request, err error) bool { - return SelfServiceHookErrorHandler(t, w, r, settings.ErrHookAbortRequest, err) + return SelfServiceHookErrorHandler(t, w, r, settings.ErrHookAbortFlow, err) } func SelfServiceHookErrorHandler(t *testing.T, w http.ResponseWriter, r *http.Request, abortErr error, actualErr error) bool { @@ -182,6 +182,18 @@ func SelfServiceMakeRegistrationPreHookRequest(t *testing.T, ts *httptest.Server return SelfServiceMakeHookRequest(t, ts, "/registration/pre", false, url.Values{}) } +func SelfServiceMakeSettingsPreHookRequest(t *testing.T, ts *httptest.Server) (*http.Response, string) { + return SelfServiceMakeHookRequest(t, ts, "/settings/pre", false, url.Values{}) +} + +func SelfServiceMakeRecoveryPreHookRequest(t *testing.T, ts *httptest.Server) (*http.Response, string) { + return SelfServiceMakeHookRequest(t, ts, "/recovery/pre", false, url.Values{}) +} + +func SelfServiceMakeVerificationPreHookRequest(t *testing.T, ts *httptest.Server) (*http.Response, string) { + return SelfServiceMakeHookRequest(t, ts, "/verification/pre", false, url.Values{}) +} + func SelfServiceMakeRegistrationPostHookRequest(t *testing.T, ts *httptest.Server, asAPI bool, query url.Values) (*http.Response, string) { return SelfServiceMakeHookRequest(t, ts, "/registration/post", asAPI, query) } diff --git a/selfservice/flow/recovery/handler.go b/selfservice/flow/recovery/handler.go index 1da77912af28..664f2d9a7f2f 100644 --- a/selfservice/flow/recovery/handler.go +++ b/selfservice/flow/recovery/handler.go @@ -51,6 +51,7 @@ type ( x.CSRFProvider config.Provider ErrorHandlerProvider + HookExecutorProvider } Handler struct { d handlerDependencies @@ -127,6 +128,11 @@ func (h *Handler) initAPIFlow(w http.ResponseWriter, r *http.Request, _ httprout return } + if err := h.d.RecoveryExecutor().PreRecoveryHook(w, r, req); err != nil { + h.d.Writer().WriteError(w, r, err) + return + } + if err := h.d.RecoveryFlowPersister().CreateRecoveryFlow(r.Context(), req); err != nil { h.d.Writer().WriteError(w, r, err) return @@ -178,6 +184,11 @@ func (h *Handler) initBrowserFlow(w http.ResponseWriter, r *http.Request, _ http return } + if err := h.d.RecoveryExecutor().PreRecoveryHook(w, r, f); err != nil { + h.d.Writer().WriteError(w, r, err) + return + } + if err := h.d.RecoveryFlowPersister().CreateRecoveryFlow(r.Context(), f); err != nil { h.d.SelfServiceErrorManager().Forward(r.Context(), w, r, err) return diff --git a/selfservice/flow/recovery/hook.go b/selfservice/flow/recovery/hook.go index 9fe1fb20d8e6..7c75f2f4b333 100644 --- a/selfservice/flow/recovery/hook.go +++ b/selfservice/flow/recovery/hook.go @@ -14,12 +14,18 @@ import ( ) type ( + PreHookExecutor interface { + ExecuteRecoveryPreHook(w http.ResponseWriter, r *http.Request, a *Flow) error + } + PreHookExecutorFunc func(w http.ResponseWriter, r *http.Request, a *Flow) error + PostHookExecutor interface { ExecutePostRecoveryHook(w http.ResponseWriter, r *http.Request, a *Flow, s *session.Session) error } PostHookExecutorFunc func(w http.ResponseWriter, r *http.Request, a *Flow, s *session.Session) error HooksProvider interface { + PreRecoveryHooks(ctx context.Context) []PreHookExecutor PostRecoveryHooks(ctx context.Context) []PostHookExecutor } ) @@ -32,6 +38,10 @@ func PostHookRecoveryExecutorNames(e []PostHookExecutor) []string { return names } +func (f PreHookExecutorFunc) ExecuteRecoveryPreHook(w http.ResponseWriter, r *http.Request, a *Flow) error { + return f(w, r, a) +} + func (f PostHookExecutorFunc) ExecutePostRecoveryHook(w http.ResponseWriter, r *http.Request, a *Flow, s *session.Session) error { return f(w, r, a, s) } @@ -92,3 +102,13 @@ func (e *HookExecutor) PostRecoveryHook(w http.ResponseWriter, r *http.Request, return nil } + +func (e *HookExecutor) PreRecoveryHook(w http.ResponseWriter, r *http.Request, a *Flow) error { + for _, executor := range e.d.PreRecoveryHooks(r.Context()) { + if err := executor.ExecuteRecoveryPreHook(w, r, a); err != nil { + return err + } + } + + return nil +} diff --git a/selfservice/flow/recovery/hook_test.go b/selfservice/flow/recovery/hook_test.go index 32e164009c91..44bdba6efbfa 100644 --- a/selfservice/flow/recovery/hook_test.go +++ b/selfservice/flow/recovery/hook_test.go @@ -30,6 +30,13 @@ func TestRecoveryExecutor(t *testing.T) { newServer := func(t *testing.T, i *identity.Identity, ft flow.Type) *httptest.Server { router := httprouter.New() + router.GET("/recovery/pre", func(w http.ResponseWriter, r *http.Request, _ httprouter.Params) { + a, err := recovery.NewFlow(conf, time.Minute, x.FakeCSRFToken, r, reg.RecoveryStrategies(context.Background()), ft) + require.NoError(t, err) + if testhelpers.SelfServiceHookErrorHandler(t, w, r, recovery.ErrHookAbortFlow, reg.RecoveryExecutor().PreRecoveryHook(w, r, a)) { + _, _ = w.Write([]byte("ok")) + } + }) router.GET("/recovery/post", func(w http.ResponseWriter, r *http.Request, _ httprouter.Params) { a, err := recovery.NewFlow(conf, time.Minute, x.FakeCSRFToken, r, reg.RecoveryStrategies(context.Background()), ft) @@ -89,4 +96,15 @@ func TestRecoveryExecutor(t *testing.T) { assert.Equal(t, "", body) }) }) + + for _, kind := range []flow.Type{flow.TypeBrowser, flow.TypeAPI} { + t.Run("type="+string(kind)+"/method=PreRecoveryHook", testhelpers.TestSelfServicePreHook( + config.ViperKeySelfServiceRecoveryBeforeHooks, + testhelpers.SelfServiceMakeRecoveryPreHookRequest, + func(t *testing.T) *httptest.Server { + return newServer(t, nil, kind) + }, + conf, + )) + } } diff --git a/selfservice/flow/registration/hook.go b/selfservice/flow/registration/hook.go index 2974f56faa39..2c017c0ed8be 100644 --- a/selfservice/flow/registration/hook.go +++ b/selfservice/flow/registration/hook.go @@ -52,9 +52,11 @@ func PostHookPostPersistExecutorNames(e []PostHookPostPersistExecutor) []string func (f PreHookExecutorFunc) ExecuteRegistrationPreHook(w http.ResponseWriter, r *http.Request, a *Flow) error { return f(w, r, a) } + func (f PostHookPostPersistExecutorFunc) ExecutePostRegistrationPostPersistHook(w http.ResponseWriter, r *http.Request, a *Flow, s *session.Session) error { return f(w, r, a, s) } + func (f PostHookPrePersistExecutorFunc) ExecutePostRegistrationPrePersistHook(w http.ResponseWriter, r *http.Request, a *Flow, i *identity.Identity) error { return f(w, r, a, i) } diff --git a/selfservice/flow/registration/hook_test.go b/selfservice/flow/registration/hook_test.go index 8eb3490df458..cbe439df48b8 100644 --- a/selfservice/flow/registration/hook_test.go +++ b/selfservice/flow/registration/hook_test.go @@ -158,23 +158,16 @@ func TestRegistrationExecutor(t *testing.T) { }) }) - t.Run("type=browser/method=PreRegistrationHook", testhelpers.TestSelfServicePreHook( - config.ViperKeySelfServiceRegistrationBeforeHooks, - testhelpers.SelfServiceMakeRegistrationPreHookRequest, - func(t *testing.T) *httptest.Server { - return newServer(t, nil, flow.TypeBrowser) - }, - conf, - )) - - t.Run("type=api/method=PreRegistrationHook", testhelpers.TestSelfServicePreHook( - config.ViperKeySelfServiceRegistrationBeforeHooks, - testhelpers.SelfServiceMakeRegistrationPreHookRequest, - func(t *testing.T) *httptest.Server { - return newServer(t, nil, flow.TypeAPI) - }, - conf, - )) + for _, kind := range []flow.Type{flow.TypeBrowser, flow.TypeAPI} { + t.Run("type="+string(kind)+"/method=PreRegistrationHook", testhelpers.TestSelfServicePreHook( + config.ViperKeySelfServiceRegistrationBeforeHooks, + testhelpers.SelfServiceMakeRegistrationPreHookRequest, + func(t *testing.T) *httptest.Server { + return newServer(t, nil, kind) + }, + conf, + )) + } }) } } diff --git a/selfservice/flow/settings/error.go b/selfservice/flow/settings/error.go index b749b5ca4505..86b20be7fa73 100644 --- a/selfservice/flow/settings/error.go +++ b/selfservice/flow/settings/error.go @@ -25,7 +25,7 @@ import ( ) var ( - ErrHookAbortRequest = errors.New("aborted settings hook execution") + ErrHookAbortFlow = errors.New("aborted settings hook execution") ) type ( diff --git a/selfservice/flow/settings/handler.go b/selfservice/flow/settings/handler.go index 0ce280d38bff..0fd30070793b 100644 --- a/selfservice/flow/settings/handler.go +++ b/selfservice/flow/settings/handler.go @@ -111,6 +111,11 @@ func (h *Handler) NewFlow(w http.ResponseWriter, r *http.Request, i *identity.Id if err != nil { return nil, err } + + if err := h.d.SettingsHookExecutor().PreSettingsHook(w, r, f); err != nil { + return nil, err + } + for _, strategy := range h.d.SettingsStrategies(r.Context()) { if err := h.d.ContinuityManager().Abort(r.Context(), w, r, ContinuityKey(strategy.SettingsStrategyID())); err != nil { return nil, err diff --git a/selfservice/flow/settings/hook.go b/selfservice/flow/settings/hook.go index 6690891f8d42..02c3c338892d 100644 --- a/selfservice/flow/settings/hook.go +++ b/selfservice/flow/settings/hook.go @@ -24,18 +24,27 @@ import ( ) type ( + PreHookExecutor interface { + ExecuteSettingsPreHook(w http.ResponseWriter, r *http.Request, a *Flow) error + } + PreHookExecutorFunc func(w http.ResponseWriter, r *http.Request, a *Flow) error + PostHookPrePersistExecutor interface { ExecuteSettingsPrePersistHook(w http.ResponseWriter, r *http.Request, a *Flow, s *identity.Identity) error } PostHookPrePersistExecutorFunc func(w http.ResponseWriter, r *http.Request, a *Flow, s *identity.Identity) error - PostHookPostPersistExecutor interface { + + PostHookPostPersistExecutor interface { ExecuteSettingsPostPersistHook(w http.ResponseWriter, r *http.Request, a *Flow, s *identity.Identity) error } PostHookPostPersistExecutorFunc func(w http.ResponseWriter, r *http.Request, a *Flow, s *identity.Identity) error - HooksProvider interface { + + HooksProvider interface { + PreSettingsHooks(ctx context.Context) []PreHookExecutor PostSettingsPrePersistHooks(ctx context.Context, settingsType string) []PostHookPrePersistExecutor PostSettingsPostPersistHooks(ctx context.Context, settingsType string) []PostHookPostPersistExecutor } + executorDependencies interface { identity.ManagementProvider identity.ValidationProvider @@ -57,6 +66,10 @@ type ( } ) +func (f PreHookExecutorFunc) ExecuteSettingsPreHook(w http.ResponseWriter, r *http.Request, a *Flow) error { + return f(w, r, a) +} + func (f PostHookPrePersistExecutorFunc) ExecuteSettingsPrePersistHook(w http.ResponseWriter, r *http.Request, a *Flow, s *identity.Identity) error { return f(w, r, a, s) } @@ -164,7 +177,7 @@ func (e *HookExecutor) PostSettingsHook(w http.ResponseWriter, r *http.Request, } if err := executor.ExecuteSettingsPrePersistHook(w, r, ctxUpdate.Flow, i); err != nil { - if errors.Is(err, ErrHookAbortRequest) { + if errors.Is(err, ErrHookAbortFlow) { e.d.Logger().WithRequest(r).WithFields(logFields). Debug("A ExecuteSettingsPrePersistHook hook aborted early.") return nil @@ -229,7 +242,7 @@ func (e *HookExecutor) PostSettingsHook(w http.ResponseWriter, r *http.Request, for k, executor := range e.d.PostSettingsPostPersistHooks(r.Context(), settingsType) { if err := executor.ExecuteSettingsPostPersistHook(w, r, ctxUpdate.Flow, i); err != nil { - if errors.Is(err, ErrHookAbortRequest) { + if errors.Is(err, ErrHookAbortFlow) { e.d.Logger(). WithRequest(r). WithField("executor", fmt.Sprintf("%T", executor)). @@ -271,3 +284,13 @@ func (e *HookExecutor) PostSettingsHook(w http.ResponseWriter, r *http.Request, x.ContentNegotiationRedirection(w, r, i.CopyWithoutCredentials(), e.d.Writer(), returnTo.String()) return nil } + +func (e *HookExecutor) PreSettingsHook(w http.ResponseWriter, r *http.Request, a *Flow) error { + for _, executor := range e.d.PreSettingsHooks(r.Context()) { + if err := executor.ExecuteSettingsPreHook(w, r, a); err != nil { + return err + } + } + + return nil +} diff --git a/selfservice/flow/settings/hook_test.go b/selfservice/flow/settings/hook_test.go index 4ed6ba035d99..f5fa15bbf61b 100644 --- a/selfservice/flow/settings/hook_test.go +++ b/selfservice/flow/settings/hook_test.go @@ -46,6 +46,17 @@ func TestSettingsExecutor(t *testing.T) { newServer := func(t *testing.T, ft flow.Type) *httptest.Server { router := httprouter.New() handleErr := testhelpers.SelfServiceHookSettingsErrorHandler + router.GET("/settings/pre", func(w http.ResponseWriter, r *http.Request, _ httprouter.Params) { + i := testhelpers.SelfServiceHookCreateFakeIdentity(t, reg) + sess, _ := session.NewActiveSession(ctx, i, conf, time.Now().UTC(), identity.CredentialsTypePassword, identity.AuthenticatorAssuranceLevel1) + + f, err := settings.NewFlow(conf, time.Minute, r, sess.Identity, ft) + require.NoError(t, err) + if handleErr(t, w, r, reg.SettingsHookExecutor().PreSettingsHook(w, r, f)) { + _, _ = w.Write([]byte("ok")) + } + }) + router.GET("/settings/post", func(w http.ResponseWriter, r *http.Request, _ httprouter.Params) { i := testhelpers.SelfServiceHookCreateFakeIdentity(t, reg) sess, _ := session.NewActiveSession(ctx, i, conf, time.Now().UTC(), identity.CredentialsTypePassword, identity.AuthenticatorAssuranceLevel1) @@ -74,7 +85,6 @@ func TestSettingsExecutor(t *testing.T) { conf.MustSet(ctx, config.ViperKeySelfServiceSettingsURL, uiURL) t.Run("method=PostSettingsHook", func(t *testing.T) { - t.Run("case=pass without hooks", func(t *testing.T) { t.Cleanup(testhelpers.SelfServiceHookConfigReset(t, conf)) @@ -154,6 +164,17 @@ func TestSettingsExecutor(t *testing.T) { assert.NotEmpty(t, gjson.Get(body, "identity.id")) }) }) + + for _, kind := range []flow.Type{flow.TypeBrowser, flow.TypeAPI} { + t.Run("type="+string(kind)+"/method=PreSettingsHook", testhelpers.TestSelfServicePreHook( + config.ViperKeySelfServiceSettingsBeforeHooks, + testhelpers.SelfServiceMakeSettingsPreHookRequest, + func(t *testing.T) *httptest.Server { + return newServer(t, kind) + }, + conf, + )) + } }) } } diff --git a/selfservice/flow/verification/handler.go b/selfservice/flow/verification/handler.go index 5a4de45c18ea..e9efc3a37678 100644 --- a/selfservice/flow/verification/handler.go +++ b/selfservice/flow/verification/handler.go @@ -49,6 +49,7 @@ type ( FlowPersistenceProvider ErrorHandlerProvider StrategyProvider + HookExecutorProvider } Handler struct { d handlerDependencies @@ -80,6 +81,34 @@ func (h *Handler) RegisterAdminRoutes(admin *x.RouterAdmin) { admin.GET(RouteSubmitFlow, x.RedirectToPublicRoute(h.d)) } +type FlowOption func(f *Flow) + +func WithFlowReturnTo(returnTo string) FlowOption { + return func(f *Flow) { + f.ReturnTo = returnTo + } +} + +func (h *Handler) NewVerificationFlow(w http.ResponseWriter, r *http.Request, ft flow.Type, opts ...FlowOption) (*Flow, error) { + f, err := NewFlow(h.d.Config(), h.d.Config().SelfServiceFlowVerificationRequestLifespan(r.Context()), h.d.GenerateCSRFToken(r), r, h.d.AllVerificationStrategies(), ft) + if err != nil { + return nil, err + } + for _, o := range opts { + o(f) + } + + if err := h.d.VerificationExecutor().PreVerificationHook(w, r, f); err != nil { + return nil, err + } + + if err := h.d.VerificationFlowPersister().CreateVerificationFlow(r.Context(), f); err != nil { + return nil, err + } + + return f, nil +} + // swagger:route GET /self-service/verification/api v0alpha2 initializeSelfServiceVerificationFlowWithoutBrowser // // Initialize Verification Flow for APIs, Services, Apps, ... @@ -108,17 +137,12 @@ func (h *Handler) initAPIFlow(w http.ResponseWriter, r *http.Request, _ httprout return } - req, err := NewFlow(h.d.Config(), h.d.Config().SelfServiceFlowVerificationRequestLifespan(r.Context()), h.d.GenerateCSRFToken(r), r, h.d.VerificationStrategies(r.Context()), flow.TypeAPI) + req, err := h.NewVerificationFlow(w, r, flow.TypeAPI) if err != nil { h.d.Writer().WriteError(w, r, err) return } - if err := h.d.VerificationFlowPersister().CreateVerificationFlow(r.Context(), req); err != nil { - h.d.Writer().WriteError(w, r, err) - return - } - h.d.Writer().Write(w, r, req) } @@ -156,14 +180,9 @@ func (h *Handler) initBrowserFlow(w http.ResponseWriter, r *http.Request, ps htt return } - req, err := NewFlow(h.d.Config(), h.d.Config().SelfServiceFlowVerificationRequestLifespan(r.Context()), h.d.GenerateCSRFToken(r), r, h.d.VerificationStrategies(r.Context()), flow.TypeBrowser) + req, err := h.NewVerificationFlow(w, r, flow.TypeBrowser) if err != nil { - h.d.SelfServiceErrorManager().Forward(r.Context(), w, r, err) - return - } - - if err := h.d.VerificationFlowPersister().CreateVerificationFlow(r.Context(), req); err != nil { - h.d.SelfServiceErrorManager().Forward(r.Context(), w, r, err) + h.d.Writer().WriteError(w, r, err) return } diff --git a/selfservice/flow/verification/hook.go b/selfservice/flow/verification/hook.go index b7e90e3389e4..39eaa0395b54 100644 --- a/selfservice/flow/verification/hook.go +++ b/selfservice/flow/verification/hook.go @@ -14,6 +14,11 @@ import ( ) type ( + PreHookExecutor interface { + ExecuteVerificationPreHook(w http.ResponseWriter, r *http.Request, a *Flow) error + } + PreHookExecutorFunc func(w http.ResponseWriter, r *http.Request, a *Flow) error + PostHookExecutor interface { ExecutePostVerificationHook(w http.ResponseWriter, r *http.Request, a *Flow, i *identity.Identity) error } @@ -21,6 +26,7 @@ type ( HooksProvider interface { PostVerificationHooks(ctx context.Context) []PostHookExecutor + PreVerificationHooks(ctx context.Context) []PreHookExecutor } ) @@ -32,6 +38,10 @@ func PostHookVerificationExecutorNames(e []PostHookExecutor) []string { return names } +func (f PreHookExecutorFunc) ExecuteVerificationPreHook(w http.ResponseWriter, r *http.Request, a *Flow) error { + return f(w, r, a) +} + func (f PostHookExecutorFunc) ExecutePostVerificationHook(w http.ResponseWriter, r *http.Request, a *Flow, i *identity.Identity) error { return f(w, r, a, i) } @@ -63,6 +73,16 @@ func NewHookExecutor(d executorDependencies) *HookExecutor { } } +func (e *HookExecutor) PreVerificationHook(w http.ResponseWriter, r *http.Request, a *Flow) error { + for _, executor := range e.d.PreVerificationHooks(r.Context()) { + if err := executor.ExecuteVerificationPreHook(w, r, a); err != nil { + return err + } + } + + return nil +} + func (e *HookExecutor) PostVerificationHook(w http.ResponseWriter, r *http.Request, a *Flow, i *identity.Identity) error { e.d.Logger(). WithRequest(r). diff --git a/selfservice/flow/verification/hook_test.go b/selfservice/flow/verification/hook_test.go index 75b9bafc3caf..d84bfb14d6f4 100644 --- a/selfservice/flow/verification/hook_test.go +++ b/selfservice/flow/verification/hook_test.go @@ -28,6 +28,13 @@ func TestVerificationExecutor(t *testing.T) { newServer := func(t *testing.T, i *identity.Identity, ft flow.Type) *httptest.Server { router := httprouter.New() + router.GET("/verification/pre", func(w http.ResponseWriter, r *http.Request, _ httprouter.Params) { + a, err := verification.NewFlow(conf, time.Minute, x.FakeCSRFToken, r, reg.VerificationStrategies(context.Background()), ft) + require.NoError(t, err) + if testhelpers.SelfServiceHookErrorHandler(t, w, r, verification.ErrHookAbortFlow, reg.VerificationExecutor().PreVerificationHook(w, r, a)) { + _, _ = w.Write([]byte("ok")) + } + }) router.GET("/verification/post", func(w http.ResponseWriter, r *http.Request, _ httprouter.Params) { a, err := verification.NewFlow(conf, time.Minute, x.FakeCSRFToken, r, reg.VerificationStrategies(context.Background()), ft) @@ -79,5 +86,17 @@ func TestVerificationExecutor(t *testing.T) { assert.EqualValues(t, http.StatusOK, res.StatusCode) assert.Equal(t, "", body) }) + + for _, kind := range []flow.Type{flow.TypeBrowser, flow.TypeAPI} { + t.Run("type="+string(kind)+"/method=PreVerificationHook", testhelpers.TestSelfServicePreHook( + config.ViperKeySelfServiceVerificationBeforeHooks, + testhelpers.SelfServiceMakeVerificationPreHookRequest, + func(t *testing.T) *httptest.Server { + i := testhelpers.SelfServiceHookFakeIdentity(t) + return newServer(t, i, kind) + }, + conf, + )) + } }) } diff --git a/selfservice/hook/error.go b/selfservice/hook/error.go index fc28d45b8e3c..0f8c6046ec13 100644 --- a/selfservice/hook/error.go +++ b/selfservice/hook/error.go @@ -25,9 +25,14 @@ var ( _ login.PreHookExecutor = new(Error) _ login.PostHookExecutor = new(Error) + _ login.PreHookExecutor = new(Error) _ settings.PostHookPostPersistExecutor = new(Error) _ settings.PostHookPrePersistExecutor = new(Error) + _ settings.PreHookExecutor = new(Error) + + _ verification.PreHookExecutor = new(Error) + _ recovery.PreHookExecutor = new(Error) ) type Error struct { @@ -44,12 +49,16 @@ func (e Error) err(path string, abort error) error { return nil } +func (e Error) ExecuteSettingsPreHook(w http.ResponseWriter, r *http.Request, a *settings.Flow) error { + return e.err("ExecuteSettingsPreHook", settings.ErrHookAbortFlow) +} + func (e Error) ExecuteSettingsPrePersistHook(w http.ResponseWriter, r *http.Request, a *settings.Flow, s *identity.Identity) error { - return e.err("ExecuteSettingsPrePersistHook", settings.ErrHookAbortRequest) + return e.err("ExecuteSettingsPrePersistHook", settings.ErrHookAbortFlow) } func (e Error) ExecuteSettingsPostPersistHook(w http.ResponseWriter, r *http.Request, a *settings.Flow, s *identity.Identity) error { - return e.err("ExecuteSettingsPostPersistHook", settings.ErrHookAbortRequest) + return e.err("ExecuteSettingsPostPersistHook", settings.ErrHookAbortFlow) } func (e Error) ExecuteLoginPostHook(w http.ResponseWriter, r *http.Request, g node.UiNodeGroup, a *login.Flow, s *session.Session) error { @@ -72,10 +81,18 @@ func (e Error) ExecutePostRegistrationPrePersistHook(w http.ResponseWriter, r *h return e.err("ExecutePostRegistrationPrePersistHook", registration.ErrHookAbortFlow) } +func (e Error) ExecuteRecoveryPreHook(w http.ResponseWriter, r *http.Request, a *recovery.Flow) error { + return e.err("ExecuteRecoveryPreHook", recovery.ErrHookAbortFlow) +} + func (e Error) ExecutePostRecoveryHook(w http.ResponseWriter, r *http.Request, a *recovery.Flow, s *session.Session) error { return e.err("ExecutePostRecoveryHook", recovery.ErrHookAbortFlow) } +func (e Error) ExecuteVerificationPreHook(w http.ResponseWriter, r *http.Request, a *verification.Flow) error { + return e.err("ExecuteVerificationPreHook", verification.ErrHookAbortFlow) +} + func (e Error) ExecutePostVerificationHook(w http.ResponseWriter, r *http.Request, a *verification.Flow, i *identity.Identity) error { return e.err("ExecutePostVerificationHook", verification.ErrHookAbortFlow) } diff --git a/selfservice/hook/web_hook.go b/selfservice/hook/web_hook.go index 0d90fe5121fe..df53cb0a6379 100644 --- a/selfservice/hook/web_hook.go +++ b/selfservice/hook/web_hook.go @@ -96,6 +96,16 @@ func (e *WebHook) ExecuteLoginPostHook(_ http.ResponseWriter, req *http.Request, }) } +func (e *WebHook) ExecuteVerificationPreHook(_ http.ResponseWriter, req *http.Request, flow *verification.Flow) error { + ctx, _ := e.deps.Tracer(req.Context()).Tracer().Start(req.Context(), "selfservice.hook.ExecutePreVerificationHook") + return e.execute(ctx, &templateContext{ + Flow: flow, + RequestHeaders: req.Header, + RequestMethod: req.Method, + RequestURL: x.RequestURL(req).String(), + }) +} + func (e *WebHook) ExecutePostVerificationHook(_ http.ResponseWriter, req *http.Request, flow *verification.Flow, id *identity.Identity) error { ctx, _ := e.deps.Tracer(req.Context()).Tracer().Start(req.Context(), "selfservice.hook.ExecutePostVerificationHook") return e.execute(ctx, &templateContext{ @@ -107,6 +117,16 @@ func (e *WebHook) ExecutePostVerificationHook(_ http.ResponseWriter, req *http.R }) } +func (e *WebHook) ExecuteRecoveryPreHook(_ http.ResponseWriter, req *http.Request, flow *recovery.Flow) error { + ctx, _ := e.deps.Tracer(req.Context()).Tracer().Start(req.Context(), "selfservice.hook.ExecutePreRecoveryHook") + return e.execute(ctx, &templateContext{ + Flow: flow, + RequestHeaders: req.Header, + RequestMethod: req.Method, + RequestURL: x.RequestURL(req).String(), + }) +} + func (e *WebHook) ExecutePostRecoveryHook(_ http.ResponseWriter, req *http.Request, flow *recovery.Flow, session *session.Session) error { ctx, _ := e.deps.Tracer(req.Context()).Tracer().Start(req.Context(), "selfservice.hook.ExecutePostRecoveryHook") return e.execute(ctx, &templateContext{ @@ -150,6 +170,16 @@ func (e *WebHook) ExecutePostRegistrationPostPersistHook(_ http.ResponseWriter, }) } +func (e *WebHook) ExecuteSettingsPreHook(_ http.ResponseWriter, req *http.Request, flow *settings.Flow) error { + ctx, _ := e.deps.Tracer(req.Context()).Tracer().Start(req.Context(), "selfservice.hook.ExecutePreSettingsHook") + return e.execute(ctx, &templateContext{ + Flow: flow, + RequestHeaders: req.Header, + RequestMethod: req.Method, + RequestURL: x.RequestURL(req).String(), + }) +} + func (e *WebHook) ExecuteSettingsPostPersistHook(_ http.ResponseWriter, req *http.Request, flow *settings.Flow, id *identity.Identity) error { ctx, _ := e.deps.Tracer(req.Context()).Tracer().Start(req.Context(), "selfservice.hook.ExecuteSettingsPostPersistHook") return e.execute(ctx, &templateContext{ diff --git a/selfservice/strategy/link/strategy.go b/selfservice/strategy/link/strategy.go index e9b02cd88800..9514e80a805f 100644 --- a/selfservice/strategy/link/strategy.go +++ b/selfservice/strategy/link/strategy.go @@ -61,6 +61,7 @@ type ( verification.FlowPersistenceProvider verification.StrategyProvider verification.HookExecutorProvider + verification.HandlerProvider RecoveryTokenPersistenceProvider VerificationTokenPersistenceProvider From db8c345f52670c8a2ec2181e62c638c063e73a7a Mon Sep 17 00:00:00 2001 From: ory-bot <60093411+ory-bot@users.noreply.github.com> Date: Mon, 5 Sep 2022 13:17:25 +0000 Subject: [PATCH 244/411] autogen(docs): regenerate and update changelog [skip ci] --- CHANGELOG.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 161c153badf8..09409d08f60d 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,7 +4,7 @@ **Table of Contents** -- [ (2022-09-02)](#2022-09-02) +- [ (2022-09-05)](#2022-09-05) - [Breaking Changes](#breaking-changes) - [Bug Fixes](#bug-fixes) - [Code Refactoring](#code-refactoring) @@ -264,7 +264,7 @@ -# [](https://github.com/ory/kratos/compare/v0.10.1...v) (2022-09-02) +# [](https://github.com/ory/kratos/compare/v0.10.1...v) (2022-09-05) ## Breaking Changes @@ -465,6 +465,8 @@ SDK Method `getJsonSchema` was renamed to `getIdentitySchema`. ([#2380](https://github.com/ory/kratos/issues/2380)) ([#2471](https://github.com/ory/kratos/issues/2471)) ([94a3741](https://github.com/ory/kratos/commit/94a37416011086582e309f62dc2c45ca84083a33)) +- Add pre-hooks to settings, verification, recovery + ([c0ceaf3](https://github.com/ory/kratos/commit/c0ceaf31f9327cca903c19b77597cae4587737e6)) - Allow setting public and admin metadata with the jsonnet data mapper ([#2569](https://github.com/ory/kratos/issues/2569)) ([aa6eb13](https://github.com/ory/kratos/commit/aa6eb13c1c42c11354074553fac9c90ee0a8999e)), From 5e8c184ec5bad89185394efdcb943e7ed3ebf08b Mon Sep 17 00:00:00 2001 From: Kevin Goslar Date: Wed, 7 Sep 2022 04:00:46 -0500 Subject: [PATCH 245/411] chore: improve package-lock.json package.json (#2712) --- package-lock.json | 663 +++++++++++++++++++++++++++++++++++++++++++++- package.json | 25 +- 2 files changed, 669 insertions(+), 19 deletions(-) diff --git a/package-lock.json b/package-lock.json index 6429c6d8531f..de6603327384 100644 --- a/package-lock.json +++ b/package-lock.json @@ -18,7 +18,8 @@ "got": "^11.8.2", "ory-prettier-styles": "1.1.2", "otplib": "^12.0.1", - "prettier": "2.3.2", + "prettier": "^2.7.1", + "prettier-plugin-packagejson": "^2.2.18", "typescript": "^4.4.3", "wait-on": "5.3.0" } @@ -167,6 +168,41 @@ "resolved": "https://registry.npmjs.org/tslib/-/tslib-2.3.1.tgz", "integrity": "sha512-77EbyPPpMz+FRFRuAFlWMtmgUWGe9UOG2Z25NqCwiIjRhOf5iKGuzSe5P2w1laq+FkRy4p+PCuVkJSGkzTEKVw==" }, + "node_modules/@nodelib/fs.scandir": { + "version": "2.1.5", + "resolved": "https://registry.npmjs.org/@nodelib/fs.scandir/-/fs.scandir-2.1.5.tgz", + "integrity": "sha512-vq24Bq3ym5HEQm2NKCr3yXDwjc7vTsEThRDnkp2DK9p1uqLR+DHurm/NOTo0KG7HYHU7eppKZj3MyqYuMBf62g==", + "dev": true, + "dependencies": { + "@nodelib/fs.stat": "2.0.5", + "run-parallel": "^1.1.9" + }, + "engines": { + "node": ">= 8" + } + }, + "node_modules/@nodelib/fs.stat": { + "version": "2.0.5", + "resolved": "https://registry.npmjs.org/@nodelib/fs.stat/-/fs.stat-2.0.5.tgz", + "integrity": "sha512-RkhPPp2zrqDAQA/2jNhnztcPAlv64XdhIp7a7454A5ovI7Bukxgt7MX7udwAu3zg1DcpPU0rz3VV1SeaqvY4+A==", + "dev": true, + "engines": { + "node": ">= 8" + } + }, + "node_modules/@nodelib/fs.walk": { + "version": "1.2.8", + "resolved": "https://registry.npmjs.org/@nodelib/fs.walk/-/fs.walk-1.2.8.tgz", + "integrity": "sha512-oGB+UxlgWcgQkgwo8GcEGwemoTFt3FIO9ababBmaGwXIoBKZ+GTy0pP185beGg7Llih/NSHSV2XAs1lnznocSg==", + "dev": true, + "dependencies": { + "@nodelib/fs.scandir": "2.1.5", + "fastq": "^1.6.0" + }, + "engines": { + "node": ">= 8" + } + }, "node_modules/@nuxtjs/opencollective": { "version": "0.3.2", "resolved": "https://registry.npmjs.org/@nuxtjs/opencollective/-/opencollective-0.3.2.tgz", @@ -339,6 +375,16 @@ "@types/responselike": "*" } }, + "node_modules/@types/glob": { + "version": "7.2.0", + "resolved": "https://registry.npmjs.org/@types/glob/-/glob-7.2.0.tgz", + "integrity": "sha512-ZUxbzKl0IfJILTS6t7ip5fQQM/J3TJYubDm3nMbgubNNYS62eXeUpoLUC8/7fJNiFYHTrGPQn7hspDUzIHX3UA==", + "dev": true, + "dependencies": { + "@types/minimatch": "*", + "@types/node": "*" + } + }, "node_modules/@types/http-cache-semantics": { "version": "4.0.1", "resolved": "https://registry.npmjs.org/@types/http-cache-semantics/-/http-cache-semantics-4.0.1.tgz", @@ -354,6 +400,12 @@ "@types/node": "*" } }, + "node_modules/@types/minimatch": { + "version": "5.1.2", + "resolved": "https://registry.npmjs.org/@types/minimatch/-/minimatch-5.1.2.tgz", + "integrity": "sha512-K0VQKziLUWkVKiRVrx4a40iPaxTUefQmjtkQofBkYRcoaaL/8rhwDWww9qWbrgicNOgnpIsMxyNIUM4+n6dUIA==", + "dev": true + }, "node_modules/@types/node": { "version": "16.11.24", "resolved": "https://registry.npmjs.org/@types/node/-/node-16.11.24.tgz", @@ -483,6 +535,15 @@ "sprintf-js": "~1.0.2" } }, + "node_modules/array-union": { + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/array-union/-/array-union-2.1.0.tgz", + "integrity": "sha512-HGyxoOTYUyCM6stUe6EJgnd4EoewAI7zMdfqO+kGjnlZmBDz/cR5pf8r/cR4Wq60sL/p0IkcjUEEPwS3GFrIyw==", + "dev": true, + "engines": { + "node": ">=8" + } + }, "node_modules/asn1": { "version": "0.2.6", "resolved": "https://registry.npmjs.org/asn1/-/asn1-0.2.6.tgz", @@ -618,6 +679,18 @@ "concat-map": "0.0.1" } }, + "node_modules/braces": { + "version": "3.0.2", + "resolved": "https://registry.npmjs.org/braces/-/braces-3.0.2.tgz", + "integrity": "sha512-b8um+L1RzM3WDSzvhm6gIz1yfTbBt6YTlcEKAvsmqCZZFw46z626lVj9j1yEPW33H5H+lBQpZMP1k8l+78Ha0A==", + "dev": true, + "dependencies": { + "fill-range": "^7.0.1" + }, + "engines": { + "node": ">=8" + } + }, "node_modules/buffer": { "version": "5.7.1", "resolved": "https://registry.npmjs.org/buffer/-/buffer-5.7.1.tgz", @@ -1203,6 +1276,36 @@ "node": ">=0.4.0" } }, + "node_modules/detect-indent": { + "version": "6.1.0", + "resolved": "https://registry.npmjs.org/detect-indent/-/detect-indent-6.1.0.tgz", + "integrity": "sha512-reYkTUJAZb9gUuZ2RvVCNhVHdg62RHnJ7WJl8ftMi4diZ6NWlciOzQN88pUhSELEwflJht4oQDv0F0BMlwaYtA==", + "dev": true, + "engines": { + "node": ">=8" + } + }, + "node_modules/detect-newline": { + "version": "3.1.0", + "resolved": "https://registry.npmjs.org/detect-newline/-/detect-newline-3.1.0.tgz", + "integrity": "sha512-TLz+x/vEXm/Y7P7wn1EJFNLxYpUD4TgMosxY6fAVJUnJMbupHBOncxyWUG9OpTaH9EBD7uFI5LfEgmMOc54DsA==", + "dev": true, + "engines": { + "node": ">=8" + } + }, + "node_modules/dir-glob": { + "version": "3.0.1", + "resolved": "https://registry.npmjs.org/dir-glob/-/dir-glob-3.0.1.tgz", + "integrity": "sha512-WkrWp9GR4KXfKGYzOLmTuGVi1UWFfws377n9cc55/tb6DuqyF6pcQ5AbiHEshaDpY9v6oaSr2XCDidGmMwdzIA==", + "dev": true, + "dependencies": { + "path-type": "^4.0.0" + }, + "engines": { + "node": ">=8" + } + }, "node_modules/easy-table": { "version": "1.1.0", "resolved": "https://registry.npmjs.org/easy-table/-/easy-table-1.1.0.tgz", @@ -1363,11 +1466,36 @@ "node >=0.6.0" ] }, + "node_modules/fast-glob": { + "version": "3.2.11", + "resolved": "https://registry.npmjs.org/fast-glob/-/fast-glob-3.2.11.tgz", + "integrity": "sha512-xrO3+1bxSo3ZVHAnqzyuewYT6aMFHRAd4Kcs92MAonjwQZLsK9d0SF1IyQ3k5PoirxTW0Oe/RqFgMQ6TcNE5Ew==", + "dev": true, + "dependencies": { + "@nodelib/fs.stat": "^2.0.2", + "@nodelib/fs.walk": "^1.2.3", + "glob-parent": "^5.1.2", + "merge2": "^1.3.0", + "micromatch": "^4.0.4" + }, + "engines": { + "node": ">=8.6.0" + } + }, "node_modules/fast-safe-stringify": { "version": "2.1.1", "resolved": "https://registry.npmjs.org/fast-safe-stringify/-/fast-safe-stringify-2.1.1.tgz", "integrity": "sha512-W+KJc2dmILlPplD/H4K9l9LcAHAfPtP6BY84uVLXQ6Evcz9Lcg33Y2z1IVblT6xdY54PXYVHEv+0Wpq8Io6zkA==" }, + "node_modules/fastq": { + "version": "1.13.0", + "resolved": "https://registry.npmjs.org/fastq/-/fastq-1.13.0.tgz", + "integrity": "sha512-YpkpUnK8od0o1hmeSc7UUs/eB/vIPWJYjKck2QKIzAf71Vm1AAQ3EbuZB3g2JIy+pg+ERD0vqI79KyZiB2e2Nw==", + "dev": true, + "dependencies": { + "reusify": "^1.0.4" + } + }, "node_modules/fd-slicer": { "version": "1.1.0", "resolved": "https://registry.npmjs.org/fd-slicer/-/fd-slicer-1.1.0.tgz", @@ -1391,6 +1519,18 @@ "url": "https://github.com/sponsors/sindresorhus" } }, + "node_modules/fill-range": { + "version": "7.0.1", + "resolved": "https://registry.npmjs.org/fill-range/-/fill-range-7.0.1.tgz", + "integrity": "sha512-qOo9F+dMUmC2Lcb4BbVvnKJxTPjCm+RRpe4gDuGrzkL7mEVl/djYSu2OdQ2Pa302N4oqkSg9ir6jaLWJ2USVpQ==", + "dev": true, + "dependencies": { + "to-regex-range": "^5.0.1" + }, + "engines": { + "node": ">=8" + } + }, "node_modules/follow-redirects": { "version": "1.14.8", "resolved": "https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.14.8.tgz", @@ -1492,6 +1632,15 @@ "assert-plus": "^1.0.0" } }, + "node_modules/git-hooks-list": { + "version": "1.0.3", + "resolved": "https://registry.npmjs.org/git-hooks-list/-/git-hooks-list-1.0.3.tgz", + "integrity": "sha512-Y7wLWcrLUXwk2noSka166byGCvhMtDRpgHdzCno1UQv/n/Hegp++a2xBWJL1lJarnKD3SWaljD+0z1ztqxuKyQ==", + "dev": true, + "funding": { + "url": "https://github.com/fisker/git-hooks-list?sponsor=1" + } + }, "node_modules/glob": { "version": "7.1.6", "resolved": "https://registry.npmjs.org/glob/-/glob-7.1.6.tgz", @@ -1511,6 +1660,18 @@ "url": "https://github.com/sponsors/isaacs" } }, + "node_modules/glob-parent": { + "version": "5.1.2", + "resolved": "https://registry.npmjs.org/glob-parent/-/glob-parent-5.1.2.tgz", + "integrity": "sha512-AOIgSQCepiJYwP3ARnGx+5VnTu2HBYdzbGP45eLw1vr3zB3vZLeyed1sC9hnbcOc9/SrMyM5RPQrkGz4aS9Zow==", + "dev": true, + "dependencies": { + "is-glob": "^4.0.1" + }, + "engines": { + "node": ">= 6" + } + }, "node_modules/global-dirs": { "version": "3.0.0", "resolved": "https://registry.npmjs.org/global-dirs/-/global-dirs-3.0.0.tgz", @@ -1526,6 +1687,25 @@ "url": "https://github.com/sponsors/sindresorhus" } }, + "node_modules/globby": { + "version": "10.0.0", + "resolved": "https://registry.npmjs.org/globby/-/globby-10.0.0.tgz", + "integrity": "sha512-3LifW9M4joGZasyYPz2A1U74zbC/45fvpXUvO/9KbSa+VV0aGZarWkfdgKyR9sExNP0t0x0ss/UMJpNpcaTspw==", + "dev": true, + "dependencies": { + "@types/glob": "^7.1.1", + "array-union": "^2.1.0", + "dir-glob": "^3.0.1", + "fast-glob": "^3.0.3", + "glob": "^7.1.3", + "ignore": "^5.1.1", + "merge2": "^1.2.3", + "slash": "^3.0.0" + }, + "engines": { + "node": ">=8" + } + }, "node_modules/got": { "version": "11.8.3", "resolved": "https://registry.npmjs.org/got/-/got-11.8.3.tgz", @@ -1636,6 +1816,15 @@ } ] }, + "node_modules/ignore": { + "version": "5.2.0", + "resolved": "https://registry.npmjs.org/ignore/-/ignore-5.2.0.tgz", + "integrity": "sha512-CmxgYGiEPCLhfLnpPp1MoRmifwEIOgjcHXxOBjv7mY96c+eWScsOP9c112ZyLdWHi0FxHjI+4uVhKYp/gcdRmQ==", + "dev": true, + "engines": { + "node": ">= 4" + } + }, "node_modules/indent-string": { "version": "4.0.0", "resolved": "https://registry.npmjs.org/indent-string/-/indent-string-4.0.0.tgz", @@ -1704,6 +1893,15 @@ "is-ci": "bin.js" } }, + "node_modules/is-extglob": { + "version": "2.1.1", + "resolved": "https://registry.npmjs.org/is-extglob/-/is-extglob-2.1.1.tgz", + "integrity": "sha512-SbKbANkN603Vi4jEZv49LeVJMn4yGwsbzZworEoyEiutsN3nJYdbO36zfhGJ6QEDpOZIFkDtnq5JRxmvl3jsoQ==", + "dev": true, + "engines": { + "node": ">=0.10.0" + } + }, "node_modules/is-fullwidth-code-point": { "version": "3.0.0", "resolved": "https://registry.npmjs.org/is-fullwidth-code-point/-/is-fullwidth-code-point-3.0.0.tgz", @@ -1712,6 +1910,18 @@ "node": ">=8" } }, + "node_modules/is-glob": { + "version": "4.0.3", + "resolved": "https://registry.npmjs.org/is-glob/-/is-glob-4.0.3.tgz", + "integrity": "sha512-xelSayHH36ZgE7ZWhli7pW34hNbNl8Ojv5KVmkJD4hBdD3th8Tfk9vYasLM+mXWOZhFkgZfxhLSnrwRr4elSSg==", + "dev": true, + "dependencies": { + "is-extglob": "^2.1.1" + }, + "engines": { + "node": ">=0.10.0" + } + }, "node_modules/is-installed-globally": { "version": "0.4.0", "resolved": "https://registry.npmjs.org/is-installed-globally/-/is-installed-globally-0.4.0.tgz", @@ -1736,6 +1946,15 @@ "node": ">=8" } }, + "node_modules/is-number": { + "version": "7.0.0", + "resolved": "https://registry.npmjs.org/is-number/-/is-number-7.0.0.tgz", + "integrity": "sha512-41Cifkg6e8TylSpdtTpeLVMqvSBEVzTttHvERD741+pnZ8ANv0004MRL43QKPDlK9cGvNp6NZWZUBlbGXYxxng==", + "dev": true, + "engines": { + "node": ">=0.12.0" + } + }, "node_modules/is-path-inside": { "version": "3.0.3", "resolved": "https://registry.npmjs.org/is-path-inside/-/is-path-inside-3.0.3.tgz", @@ -1745,6 +1964,15 @@ "node": ">=8" } }, + "node_modules/is-plain-obj": { + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/is-plain-obj/-/is-plain-obj-2.1.0.tgz", + "integrity": "sha512-YWnfyRwxL/+SsrWYfOpUtz5b3YD+nyfkHvjbcanzk8zgyO4ASD67uVMRt8k5bM4lLMDnXfriRhOpemw+NfT1eA==", + "dev": true, + "engines": { + "node": ">=8" + } + }, "node_modules/is-stream": { "version": "2.0.1", "resolved": "https://registry.npmjs.org/is-stream/-/is-stream-2.0.1.tgz", @@ -2004,6 +2232,28 @@ "integrity": "sha512-abv/qOcuPfk3URPfDzmZU1LKmuw8kT+0nIHvKrKgFrwifol/doWcdA4ZqsWQ8ENrFKkd67Mfpo/LovbIUsbt3w==", "dev": true }, + "node_modules/merge2": { + "version": "1.4.1", + "resolved": "https://registry.npmjs.org/merge2/-/merge2-1.4.1.tgz", + "integrity": "sha512-8q7VEgMJW4J8tcfVPy8g09NcQwZdbwFEqhe/WZkoIzjn/3TGDwtOCYtXGxA3O8tPzpczCCDgv+P2P5y00ZJOOg==", + "dev": true, + "engines": { + "node": ">= 8" + } + }, + "node_modules/micromatch": { + "version": "4.0.5", + "resolved": "https://registry.npmjs.org/micromatch/-/micromatch-4.0.5.tgz", + "integrity": "sha512-DMy+ERcEW2q8Z2Po+WNXuw3c5YaUSFjAO5GsJqfEl7UjvtIuFKO6ZrKvcItdy98dwFI2N1tg3zNIdKaQT+aNdA==", + "dev": true, + "dependencies": { + "braces": "^3.0.2", + "picomatch": "^2.3.1" + }, + "engines": { + "node": ">=8.6" + } + }, "node_modules/mime-db": { "version": "1.51.0", "resolved": "https://registry.npmjs.org/mime-db/-/mime-db-1.51.0.tgz", @@ -2242,6 +2492,15 @@ "resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-3.2.0.tgz", "integrity": "sha512-jczvQbCUS7XmS7o+y1aEO9OBVFeZBQ1MDSEqmO7xSoPgOPoowY/SxLpZ6Vh97/8qHZOteiCKb7gkG9gA2ZUxJA==" }, + "node_modules/path-type": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/path-type/-/path-type-4.0.0.tgz", + "integrity": "sha512-gDKb8aZMDeD/tZWs9P6+q0J9Mwkdl6xMV8TjnGP3qJVJ06bdMgkbBlLU8IdfOsIsFz2BW1rNVT3XuNEl8zPAvw==", + "dev": true, + "engines": { + "node": ">=8" + } + }, "node_modules/pend": { "version": "1.2.0", "resolved": "https://registry.npmjs.org/pend/-/pend-1.2.0.tgz", @@ -2254,6 +2513,18 @@ "integrity": "sha1-Ywn04OX6kT7BxpMHrjZLSzd8nns=", "dev": true }, + "node_modules/picomatch": { + "version": "2.3.1", + "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-2.3.1.tgz", + "integrity": "sha512-JU3teHTNjmE2VCGFzuY8EXzCDVwEqB2a8fsIvwaStHhAWJEeVd1o1QD80CU6+ZdEXXSLbSsuLwJjkCBWqRQUVA==", + "dev": true, + "engines": { + "node": ">=8.6" + }, + "funding": { + "url": "https://github.com/sponsors/jonschlinkert" + } + }, "node_modules/pify": { "version": "2.3.0", "resolved": "https://registry.npmjs.org/pify/-/pify-2.3.0.tgz", @@ -2264,15 +2535,30 @@ } }, "node_modules/prettier": { - "version": "2.3.2", - "resolved": "https://registry.npmjs.org/prettier/-/prettier-2.3.2.tgz", - "integrity": "sha512-lnJzDfJ66zkMy58OL5/NY5zp70S7Nz6KqcKkXYzn2tMVrNxvbqaBpg7H3qHaLxCJ5lNMsGuM8+ohS7cZrthdLQ==", + "version": "2.7.1", + "resolved": "https://registry.npmjs.org/prettier/-/prettier-2.7.1.tgz", + "integrity": "sha512-ujppO+MkdPqoVINuDFDRLClm7D78qbDt0/NR+wp5FqEZOoTNAjPHWj17QRhu7geIHJfcNhRk1XVQmF8Bp3ye+g==", "dev": true, "bin": { "prettier": "bin-prettier.js" }, "engines": { "node": ">=10.13.0" + }, + "funding": { + "url": "https://github.com/prettier/prettier?sponsor=1" + } + }, + "node_modules/prettier-plugin-packagejson": { + "version": "2.2.18", + "resolved": "https://registry.npmjs.org/prettier-plugin-packagejson/-/prettier-plugin-packagejson-2.2.18.tgz", + "integrity": "sha512-iBjQ3IY6IayFrQHhXvg+YvKprPUUiIJ04Vr9+EbeQPfwGajznArIqrN33c5bi4JcIvmLHGROIMOm9aYakJj/CA==", + "dev": true, + "dependencies": { + "sort-package-json": "1.57.0" + }, + "peerDependencies": { + "prettier": ">= 1.16.0" } }, "node_modules/pretty-bytes": { @@ -2327,6 +2613,26 @@ "node": ">=0.6" } }, + "node_modules/queue-microtask": { + "version": "1.2.3", + "resolved": "https://registry.npmjs.org/queue-microtask/-/queue-microtask-1.2.3.tgz", + "integrity": "sha512-NuaNSa6flKT5JaSYQzJok04JzTL1CA6aGhv5rfLW3PgqA+M2ChpZQnAC8h8i4ZFkBS8X5RqkDBHA7r4hej3K9A==", + "dev": true, + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/feross" + }, + { + "type": "patreon", + "url": "https://www.patreon.com/feross" + }, + { + "type": "consulting", + "url": "https://feross.org/support" + } + ] + }, "node_modules/quick-lru": { "version": "5.1.1", "resolved": "https://registry.npmjs.org/quick-lru/-/quick-lru-5.1.1.tgz", @@ -2401,6 +2707,16 @@ "node": ">=8" } }, + "node_modules/reusify": { + "version": "1.0.4", + "resolved": "https://registry.npmjs.org/reusify/-/reusify-1.0.4.tgz", + "integrity": "sha512-U9nH88a3fc/ekCF1l0/UP1IosiuIjyTh7hBvXVMHYgVcfGvt897Xguj2UOLDeI5BG2m7/uwyaLVT6fbtCwTyzw==", + "dev": true, + "engines": { + "iojs": ">=1.0.0", + "node": ">=0.10.0" + } + }, "node_modules/rfdc": { "version": "1.3.0", "resolved": "https://registry.npmjs.org/rfdc/-/rfdc-1.3.0.tgz", @@ -2430,6 +2746,29 @@ "node": ">=0.12.0" } }, + "node_modules/run-parallel": { + "version": "1.2.0", + "resolved": "https://registry.npmjs.org/run-parallel/-/run-parallel-1.2.0.tgz", + "integrity": "sha512-5l4VyZR86LZ/lDxZTR6jqL8AFE2S0IFLMP26AbjsLVADxHdhB/c0GUsH+y39UfCi3dzz8OlQuPmnaJOMoDHQBA==", + "dev": true, + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/feross" + }, + { + "type": "patreon", + "url": "https://www.patreon.com/feross" + }, + { + "type": "consulting", + "url": "https://feross.org/support" + } + ], + "dependencies": { + "queue-microtask": "^1.2.2" + } + }, "node_modules/rxjs": { "version": "7.5.2", "resolved": "https://registry.npmjs.org/rxjs/-/rxjs-7.5.2.tgz", @@ -2508,6 +2847,15 @@ "resolved": "https://registry.npmjs.org/signal-exit/-/signal-exit-3.0.7.tgz", "integrity": "sha512-wnD2ZE+l+SPC/uoS0vXeE9L1+0wuaMqKlfz9AMUo38JsyLSBWSFcHR1Rri62LZc12vLr1gb3jl7iwQhgwpAbGQ==" }, + "node_modules/slash": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/slash/-/slash-3.0.0.tgz", + "integrity": "sha512-g9Q1haeby36OSStwb4ntCGGGaKsaVSjQ68fBxoQcutl5fS1vuY18H3wSt3jFyFtrkx+Kz0V1G85A4MyAdDMi2Q==", + "dev": true, + "engines": { + "node": ">=8" + } + }, "node_modules/slice-ansi": { "version": "3.0.0", "resolved": "https://registry.npmjs.org/slice-ansi/-/slice-ansi-3.0.0.tgz", @@ -2522,6 +2870,29 @@ "node": ">=8" } }, + "node_modules/sort-object-keys": { + "version": "1.1.3", + "resolved": "https://registry.npmjs.org/sort-object-keys/-/sort-object-keys-1.1.3.tgz", + "integrity": "sha512-855pvK+VkU7PaKYPc+Jjnmt4EzejQHyhhF33q31qG8x7maDzkeFhAAThdCYay11CISO+qAMwjOBP+fPZe0IPyg==", + "dev": true + }, + "node_modules/sort-package-json": { + "version": "1.57.0", + "resolved": "https://registry.npmjs.org/sort-package-json/-/sort-package-json-1.57.0.tgz", + "integrity": "sha512-FYsjYn2dHTRb41wqnv+uEqCUvBpK3jZcTp9rbz2qDTmel7Pmdtf+i2rLaaPMRZeSVM60V3Se31GyWFpmKs4Q5Q==", + "dev": true, + "dependencies": { + "detect-indent": "^6.0.0", + "detect-newline": "3.1.0", + "git-hooks-list": "1.0.3", + "globby": "10.0.0", + "is-plain-obj": "2.1.0", + "sort-object-keys": "^1.1.3" + }, + "bin": { + "sort-package-json": "cli.js" + } + }, "node_modules/spawn-command": { "version": "0.0.2-1", "resolved": "https://registry.npmjs.org/spawn-command/-/spawn-command-0.0.2-1.tgz", @@ -2641,6 +3012,18 @@ "node": ">=8.17.0" } }, + "node_modules/to-regex-range": { + "version": "5.0.1", + "resolved": "https://registry.npmjs.org/to-regex-range/-/to-regex-range-5.0.1.tgz", + "integrity": "sha512-65P7iz6X5yEr1cwcgvQxbbIw7Uk3gOy5dIdtZ4rDveLqhrdJP+Li/Hx6tyK0NEb+2GCyneCMJiGqrADCSNk8sQ==", + "dev": true, + "dependencies": { + "is-number": "^7.0.0" + }, + "engines": { + "node": ">=8.0" + } + }, "node_modules/tough-cookie": { "version": "2.5.0", "resolved": "https://registry.npmjs.org/tough-cookie/-/tough-cookie-2.5.0.tgz", @@ -3048,6 +3431,32 @@ } } }, + "@nodelib/fs.scandir": { + "version": "2.1.5", + "resolved": "https://registry.npmjs.org/@nodelib/fs.scandir/-/fs.scandir-2.1.5.tgz", + "integrity": "sha512-vq24Bq3ym5HEQm2NKCr3yXDwjc7vTsEThRDnkp2DK9p1uqLR+DHurm/NOTo0KG7HYHU7eppKZj3MyqYuMBf62g==", + "dev": true, + "requires": { + "@nodelib/fs.stat": "2.0.5", + "run-parallel": "^1.1.9" + } + }, + "@nodelib/fs.stat": { + "version": "2.0.5", + "resolved": "https://registry.npmjs.org/@nodelib/fs.stat/-/fs.stat-2.0.5.tgz", + "integrity": "sha512-RkhPPp2zrqDAQA/2jNhnztcPAlv64XdhIp7a7454A5ovI7Bukxgt7MX7udwAu3zg1DcpPU0rz3VV1SeaqvY4+A==", + "dev": true + }, + "@nodelib/fs.walk": { + "version": "1.2.8", + "resolved": "https://registry.npmjs.org/@nodelib/fs.walk/-/fs.walk-1.2.8.tgz", + "integrity": "sha512-oGB+UxlgWcgQkgwo8GcEGwemoTFt3FIO9ababBmaGwXIoBKZ+GTy0pP185beGg7Llih/NSHSV2XAs1lnznocSg==", + "dev": true, + "requires": { + "@nodelib/fs.scandir": "2.1.5", + "fastq": "^1.6.0" + } + }, "@nuxtjs/opencollective": { "version": "0.3.2", "resolved": "https://registry.npmjs.org/@nuxtjs/opencollective/-/opencollective-0.3.2.tgz", @@ -3195,6 +3604,16 @@ "@types/responselike": "*" } }, + "@types/glob": { + "version": "7.2.0", + "resolved": "https://registry.npmjs.org/@types/glob/-/glob-7.2.0.tgz", + "integrity": "sha512-ZUxbzKl0IfJILTS6t7ip5fQQM/J3TJYubDm3nMbgubNNYS62eXeUpoLUC8/7fJNiFYHTrGPQn7hspDUzIHX3UA==", + "dev": true, + "requires": { + "@types/minimatch": "*", + "@types/node": "*" + } + }, "@types/http-cache-semantics": { "version": "4.0.1", "resolved": "https://registry.npmjs.org/@types/http-cache-semantics/-/http-cache-semantics-4.0.1.tgz", @@ -3210,6 +3629,12 @@ "@types/node": "*" } }, + "@types/minimatch": { + "version": "5.1.2", + "resolved": "https://registry.npmjs.org/@types/minimatch/-/minimatch-5.1.2.tgz", + "integrity": "sha512-K0VQKziLUWkVKiRVrx4a40iPaxTUefQmjtkQofBkYRcoaaL/8rhwDWww9qWbrgicNOgnpIsMxyNIUM4+n6dUIA==", + "dev": true + }, "@types/node": { "version": "16.11.24", "resolved": "https://registry.npmjs.org/@types/node/-/node-16.11.24.tgz", @@ -3304,6 +3729,12 @@ "sprintf-js": "~1.0.2" } }, + "array-union": { + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/array-union/-/array-union-2.1.0.tgz", + "integrity": "sha512-HGyxoOTYUyCM6stUe6EJgnd4EoewAI7zMdfqO+kGjnlZmBDz/cR5pf8r/cR4Wq60sL/p0IkcjUEEPwS3GFrIyw==", + "dev": true + }, "asn1": { "version": "0.2.6", "resolved": "https://registry.npmjs.org/asn1/-/asn1-0.2.6.tgz", @@ -3413,6 +3844,15 @@ "concat-map": "0.0.1" } }, + "braces": { + "version": "3.0.2", + "resolved": "https://registry.npmjs.org/braces/-/braces-3.0.2.tgz", + "integrity": "sha512-b8um+L1RzM3WDSzvhm6gIz1yfTbBt6YTlcEKAvsmqCZZFw46z626lVj9j1yEPW33H5H+lBQpZMP1k8l+78Ha0A==", + "dev": true, + "requires": { + "fill-range": "^7.0.1" + } + }, "buffer": { "version": "5.7.1", "resolved": "https://registry.npmjs.org/buffer/-/buffer-5.7.1.tgz", @@ -3848,6 +4288,27 @@ "integrity": "sha1-3zrhmayt+31ECqrgsp4icrJOxhk=", "dev": true }, + "detect-indent": { + "version": "6.1.0", + "resolved": "https://registry.npmjs.org/detect-indent/-/detect-indent-6.1.0.tgz", + "integrity": "sha512-reYkTUJAZb9gUuZ2RvVCNhVHdg62RHnJ7WJl8ftMi4diZ6NWlciOzQN88pUhSELEwflJht4oQDv0F0BMlwaYtA==", + "dev": true + }, + "detect-newline": { + "version": "3.1.0", + "resolved": "https://registry.npmjs.org/detect-newline/-/detect-newline-3.1.0.tgz", + "integrity": "sha512-TLz+x/vEXm/Y7P7wn1EJFNLxYpUD4TgMosxY6fAVJUnJMbupHBOncxyWUG9OpTaH9EBD7uFI5LfEgmMOc54DsA==", + "dev": true + }, + "dir-glob": { + "version": "3.0.1", + "resolved": "https://registry.npmjs.org/dir-glob/-/dir-glob-3.0.1.tgz", + "integrity": "sha512-WkrWp9GR4KXfKGYzOLmTuGVi1UWFfws377n9cc55/tb6DuqyF6pcQ5AbiHEshaDpY9v6oaSr2XCDidGmMwdzIA==", + "dev": true, + "requires": { + "path-type": "^4.0.0" + } + }, "easy-table": { "version": "1.1.0", "resolved": "https://registry.npmjs.org/easy-table/-/easy-table-1.1.0.tgz", @@ -3975,11 +4436,33 @@ "integrity": "sha1-lpGEQOMEGnpBT4xS48V06zw+HgU=", "dev": true }, + "fast-glob": { + "version": "3.2.11", + "resolved": "https://registry.npmjs.org/fast-glob/-/fast-glob-3.2.11.tgz", + "integrity": "sha512-xrO3+1bxSo3ZVHAnqzyuewYT6aMFHRAd4Kcs92MAonjwQZLsK9d0SF1IyQ3k5PoirxTW0Oe/RqFgMQ6TcNE5Ew==", + "dev": true, + "requires": { + "@nodelib/fs.stat": "^2.0.2", + "@nodelib/fs.walk": "^1.2.3", + "glob-parent": "^5.1.2", + "merge2": "^1.3.0", + "micromatch": "^4.0.4" + } + }, "fast-safe-stringify": { "version": "2.1.1", "resolved": "https://registry.npmjs.org/fast-safe-stringify/-/fast-safe-stringify-2.1.1.tgz", "integrity": "sha512-W+KJc2dmILlPplD/H4K9l9LcAHAfPtP6BY84uVLXQ6Evcz9Lcg33Y2z1IVblT6xdY54PXYVHEv+0Wpq8Io6zkA==" }, + "fastq": { + "version": "1.13.0", + "resolved": "https://registry.npmjs.org/fastq/-/fastq-1.13.0.tgz", + "integrity": "sha512-YpkpUnK8od0o1hmeSc7UUs/eB/vIPWJYjKck2QKIzAf71Vm1AAQ3EbuZB3g2JIy+pg+ERD0vqI79KyZiB2e2Nw==", + "dev": true, + "requires": { + "reusify": "^1.0.4" + } + }, "fd-slicer": { "version": "1.1.0", "resolved": "https://registry.npmjs.org/fd-slicer/-/fd-slicer-1.1.0.tgz", @@ -3997,6 +4480,15 @@ "escape-string-regexp": "^1.0.5" } }, + "fill-range": { + "version": "7.0.1", + "resolved": "https://registry.npmjs.org/fill-range/-/fill-range-7.0.1.tgz", + "integrity": "sha512-qOo9F+dMUmC2Lcb4BbVvnKJxTPjCm+RRpe4gDuGrzkL7mEVl/djYSu2OdQ2Pa302N4oqkSg9ir6jaLWJ2USVpQ==", + "dev": true, + "requires": { + "to-regex-range": "^5.0.1" + } + }, "follow-redirects": { "version": "1.14.8", "resolved": "https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.14.8.tgz", @@ -4066,6 +4558,12 @@ "assert-plus": "^1.0.0" } }, + "git-hooks-list": { + "version": "1.0.3", + "resolved": "https://registry.npmjs.org/git-hooks-list/-/git-hooks-list-1.0.3.tgz", + "integrity": "sha512-Y7wLWcrLUXwk2noSka166byGCvhMtDRpgHdzCno1UQv/n/Hegp++a2xBWJL1lJarnKD3SWaljD+0z1ztqxuKyQ==", + "dev": true + }, "glob": { "version": "7.1.6", "resolved": "https://registry.npmjs.org/glob/-/glob-7.1.6.tgz", @@ -4079,6 +4577,15 @@ "path-is-absolute": "^1.0.0" } }, + "glob-parent": { + "version": "5.1.2", + "resolved": "https://registry.npmjs.org/glob-parent/-/glob-parent-5.1.2.tgz", + "integrity": "sha512-AOIgSQCepiJYwP3ARnGx+5VnTu2HBYdzbGP45eLw1vr3zB3vZLeyed1sC9hnbcOc9/SrMyM5RPQrkGz4aS9Zow==", + "dev": true, + "requires": { + "is-glob": "^4.0.1" + } + }, "global-dirs": { "version": "3.0.0", "resolved": "https://registry.npmjs.org/global-dirs/-/global-dirs-3.0.0.tgz", @@ -4088,6 +4595,22 @@ "ini": "2.0.0" } }, + "globby": { + "version": "10.0.0", + "resolved": "https://registry.npmjs.org/globby/-/globby-10.0.0.tgz", + "integrity": "sha512-3LifW9M4joGZasyYPz2A1U74zbC/45fvpXUvO/9KbSa+VV0aGZarWkfdgKyR9sExNP0t0x0ss/UMJpNpcaTspw==", + "dev": true, + "requires": { + "@types/glob": "^7.1.1", + "array-union": "^2.1.0", + "dir-glob": "^3.0.1", + "fast-glob": "^3.0.3", + "glob": "^7.1.3", + "ignore": "^5.1.1", + "merge2": "^1.2.3", + "slash": "^3.0.0" + } + }, "got": { "version": "11.8.3", "resolved": "https://registry.npmjs.org/got/-/got-11.8.3.tgz", @@ -4163,6 +4686,12 @@ "resolved": "https://registry.npmjs.org/ieee754/-/ieee754-1.2.1.tgz", "integrity": "sha512-dcyqhDvX1C46lXZcVqCpK+FtMRQVdIMN6/Df5js2zouUsqG7I6sFxitIC+7KYK29KdXOLHdu9zL4sFnoVQnqaA==" }, + "ignore": { + "version": "5.2.0", + "resolved": "https://registry.npmjs.org/ignore/-/ignore-5.2.0.tgz", + "integrity": "sha512-CmxgYGiEPCLhfLnpPp1MoRmifwEIOgjcHXxOBjv7mY96c+eWScsOP9c112ZyLdWHi0FxHjI+4uVhKYp/gcdRmQ==", + "dev": true + }, "indent-string": { "version": "4.0.0", "resolved": "https://registry.npmjs.org/indent-string/-/indent-string-4.0.0.tgz", @@ -4219,11 +4748,26 @@ "ci-info": "^3.2.0" } }, + "is-extglob": { + "version": "2.1.1", + "resolved": "https://registry.npmjs.org/is-extglob/-/is-extglob-2.1.1.tgz", + "integrity": "sha512-SbKbANkN603Vi4jEZv49LeVJMn4yGwsbzZworEoyEiutsN3nJYdbO36zfhGJ6QEDpOZIFkDtnq5JRxmvl3jsoQ==", + "dev": true + }, "is-fullwidth-code-point": { "version": "3.0.0", "resolved": "https://registry.npmjs.org/is-fullwidth-code-point/-/is-fullwidth-code-point-3.0.0.tgz", "integrity": "sha512-zymm5+u+sCsSWyD9qNaejV3DFvhCKclKdizYaJUuHA83RLjb7nSuGnddCHGv0hk+KY7BMAlsWeK4Ueg6EV6XQg==" }, + "is-glob": { + "version": "4.0.3", + "resolved": "https://registry.npmjs.org/is-glob/-/is-glob-4.0.3.tgz", + "integrity": "sha512-xelSayHH36ZgE7ZWhli7pW34hNbNl8Ojv5KVmkJD4hBdD3th8Tfk9vYasLM+mXWOZhFkgZfxhLSnrwRr4elSSg==", + "dev": true, + "requires": { + "is-extglob": "^2.1.1" + } + }, "is-installed-globally": { "version": "0.4.0", "resolved": "https://registry.npmjs.org/is-installed-globally/-/is-installed-globally-0.4.0.tgz", @@ -4239,12 +4783,24 @@ "resolved": "https://registry.npmjs.org/is-interactive/-/is-interactive-1.0.0.tgz", "integrity": "sha512-2HvIEKRoqS62guEC+qBjpvRubdX910WCMuJTZ+I9yvqKU2/12eSL549HMwtabb4oupdj2sMP50k+XJfB/8JE6w==" }, + "is-number": { + "version": "7.0.0", + "resolved": "https://registry.npmjs.org/is-number/-/is-number-7.0.0.tgz", + "integrity": "sha512-41Cifkg6e8TylSpdtTpeLVMqvSBEVzTttHvERD741+pnZ8ANv0004MRL43QKPDlK9cGvNp6NZWZUBlbGXYxxng==", + "dev": true + }, "is-path-inside": { "version": "3.0.3", "resolved": "https://registry.npmjs.org/is-path-inside/-/is-path-inside-3.0.3.tgz", "integrity": "sha512-Fd4gABb+ycGAmKou8eMftCupSir5lRxqf4aD/vd0cD2qc4HL07OjCeuHMr8Ro4CoMaeCKDB0/ECBOVWjTwUvPQ==", "dev": true }, + "is-plain-obj": { + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/is-plain-obj/-/is-plain-obj-2.1.0.tgz", + "integrity": "sha512-YWnfyRwxL/+SsrWYfOpUtz5b3YD+nyfkHvjbcanzk8zgyO4ASD67uVMRt8k5bM4lLMDnXfriRhOpemw+NfT1eA==", + "dev": true + }, "is-stream": { "version": "2.0.1", "resolved": "https://registry.npmjs.org/is-stream/-/is-stream-2.0.1.tgz", @@ -4445,6 +5001,22 @@ "integrity": "sha512-abv/qOcuPfk3URPfDzmZU1LKmuw8kT+0nIHvKrKgFrwifol/doWcdA4ZqsWQ8ENrFKkd67Mfpo/LovbIUsbt3w==", "dev": true }, + "merge2": { + "version": "1.4.1", + "resolved": "https://registry.npmjs.org/merge2/-/merge2-1.4.1.tgz", + "integrity": "sha512-8q7VEgMJW4J8tcfVPy8g09NcQwZdbwFEqhe/WZkoIzjn/3TGDwtOCYtXGxA3O8tPzpczCCDgv+P2P5y00ZJOOg==", + "dev": true + }, + "micromatch": { + "version": "4.0.5", + "resolved": "https://registry.npmjs.org/micromatch/-/micromatch-4.0.5.tgz", + "integrity": "sha512-DMy+ERcEW2q8Z2Po+WNXuw3c5YaUSFjAO5GsJqfEl7UjvtIuFKO6ZrKvcItdy98dwFI2N1tg3zNIdKaQT+aNdA==", + "dev": true, + "requires": { + "braces": "^3.0.2", + "picomatch": "^2.3.1" + } + }, "mime-db": { "version": "1.51.0", "resolved": "https://registry.npmjs.org/mime-db/-/mime-db-1.51.0.tgz", @@ -4615,6 +5187,12 @@ "resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-3.2.0.tgz", "integrity": "sha512-jczvQbCUS7XmS7o+y1aEO9OBVFeZBQ1MDSEqmO7xSoPgOPoowY/SxLpZ6Vh97/8qHZOteiCKb7gkG9gA2ZUxJA==" }, + "path-type": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/path-type/-/path-type-4.0.0.tgz", + "integrity": "sha512-gDKb8aZMDeD/tZWs9P6+q0J9Mwkdl6xMV8TjnGP3qJVJ06bdMgkbBlLU8IdfOsIsFz2BW1rNVT3XuNEl8zPAvw==", + "dev": true + }, "pend": { "version": "1.2.0", "resolved": "https://registry.npmjs.org/pend/-/pend-1.2.0.tgz", @@ -4627,6 +5205,12 @@ "integrity": "sha1-Ywn04OX6kT7BxpMHrjZLSzd8nns=", "dev": true }, + "picomatch": { + "version": "2.3.1", + "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-2.3.1.tgz", + "integrity": "sha512-JU3teHTNjmE2VCGFzuY8EXzCDVwEqB2a8fsIvwaStHhAWJEeVd1o1QD80CU6+ZdEXXSLbSsuLwJjkCBWqRQUVA==", + "dev": true + }, "pify": { "version": "2.3.0", "resolved": "https://registry.npmjs.org/pify/-/pify-2.3.0.tgz", @@ -4634,11 +5218,20 @@ "dev": true }, "prettier": { - "version": "2.3.2", - "resolved": "https://registry.npmjs.org/prettier/-/prettier-2.3.2.tgz", - "integrity": "sha512-lnJzDfJ66zkMy58OL5/NY5zp70S7Nz6KqcKkXYzn2tMVrNxvbqaBpg7H3qHaLxCJ5lNMsGuM8+ohS7cZrthdLQ==", + "version": "2.7.1", + "resolved": "https://registry.npmjs.org/prettier/-/prettier-2.7.1.tgz", + "integrity": "sha512-ujppO+MkdPqoVINuDFDRLClm7D78qbDt0/NR+wp5FqEZOoTNAjPHWj17QRhu7geIHJfcNhRk1XVQmF8Bp3ye+g==", "dev": true }, + "prettier-plugin-packagejson": { + "version": "2.2.18", + "resolved": "https://registry.npmjs.org/prettier-plugin-packagejson/-/prettier-plugin-packagejson-2.2.18.tgz", + "integrity": "sha512-iBjQ3IY6IayFrQHhXvg+YvKprPUUiIJ04Vr9+EbeQPfwGajznArIqrN33c5bi4JcIvmLHGROIMOm9aYakJj/CA==", + "dev": true, + "requires": { + "sort-package-json": "1.57.0" + } + }, "pretty-bytes": { "version": "5.6.0", "resolved": "https://registry.npmjs.org/pretty-bytes/-/pretty-bytes-5.6.0.tgz", @@ -4679,6 +5272,12 @@ "integrity": "sha512-qxXIEh4pCGfHICj1mAJQ2/2XVZkjCDTcEgfoSQxc/fYivUZxTkk7L3bDBJSoNrEzXI17oUO5Dp07ktqE5KzczA==", "dev": true }, + "queue-microtask": { + "version": "1.2.3", + "resolved": "https://registry.npmjs.org/queue-microtask/-/queue-microtask-1.2.3.tgz", + "integrity": "sha512-NuaNSa6flKT5JaSYQzJok04JzTL1CA6aGhv5rfLW3PgqA+M2ChpZQnAC8h8i4ZFkBS8X5RqkDBHA7r4hej3K9A==", + "dev": true + }, "quick-lru": { "version": "5.1.1", "resolved": "https://registry.npmjs.org/quick-lru/-/quick-lru-5.1.1.tgz", @@ -4738,6 +5337,12 @@ "signal-exit": "^3.0.2" } }, + "reusify": { + "version": "1.0.4", + "resolved": "https://registry.npmjs.org/reusify/-/reusify-1.0.4.tgz", + "integrity": "sha512-U9nH88a3fc/ekCF1l0/UP1IosiuIjyTh7hBvXVMHYgVcfGvt897Xguj2UOLDeI5BG2m7/uwyaLVT6fbtCwTyzw==", + "dev": true + }, "rfdc": { "version": "1.3.0", "resolved": "https://registry.npmjs.org/rfdc/-/rfdc-1.3.0.tgz", @@ -4758,6 +5363,15 @@ "resolved": "https://registry.npmjs.org/run-async/-/run-async-2.4.1.tgz", "integrity": "sha512-tvVnVv01b8c1RrA6Ep7JkStj85Guv/YrMcwqYQnwjsAS2cTmmPGBBjAjpCW7RrSodNSoE2/qg9O4bceNvUuDgQ==" }, + "run-parallel": { + "version": "1.2.0", + "resolved": "https://registry.npmjs.org/run-parallel/-/run-parallel-1.2.0.tgz", + "integrity": "sha512-5l4VyZR86LZ/lDxZTR6jqL8AFE2S0IFLMP26AbjsLVADxHdhB/c0GUsH+y39UfCi3dzz8OlQuPmnaJOMoDHQBA==", + "dev": true, + "requires": { + "queue-microtask": "^1.2.2" + } + }, "rxjs": { "version": "7.5.2", "resolved": "https://registry.npmjs.org/rxjs/-/rxjs-7.5.2.tgz", @@ -4812,6 +5426,12 @@ "resolved": "https://registry.npmjs.org/signal-exit/-/signal-exit-3.0.7.tgz", "integrity": "sha512-wnD2ZE+l+SPC/uoS0vXeE9L1+0wuaMqKlfz9AMUo38JsyLSBWSFcHR1Rri62LZc12vLr1gb3jl7iwQhgwpAbGQ==" }, + "slash": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/slash/-/slash-3.0.0.tgz", + "integrity": "sha512-g9Q1haeby36OSStwb4ntCGGGaKsaVSjQ68fBxoQcutl5fS1vuY18H3wSt3jFyFtrkx+Kz0V1G85A4MyAdDMi2Q==", + "dev": true + }, "slice-ansi": { "version": "3.0.0", "resolved": "https://registry.npmjs.org/slice-ansi/-/slice-ansi-3.0.0.tgz", @@ -4823,6 +5443,26 @@ "is-fullwidth-code-point": "^3.0.0" } }, + "sort-object-keys": { + "version": "1.1.3", + "resolved": "https://registry.npmjs.org/sort-object-keys/-/sort-object-keys-1.1.3.tgz", + "integrity": "sha512-855pvK+VkU7PaKYPc+Jjnmt4EzejQHyhhF33q31qG8x7maDzkeFhAAThdCYay11CISO+qAMwjOBP+fPZe0IPyg==", + "dev": true + }, + "sort-package-json": { + "version": "1.57.0", + "resolved": "https://registry.npmjs.org/sort-package-json/-/sort-package-json-1.57.0.tgz", + "integrity": "sha512-FYsjYn2dHTRb41wqnv+uEqCUvBpK3jZcTp9rbz2qDTmel7Pmdtf+i2rLaaPMRZeSVM60V3Se31GyWFpmKs4Q5Q==", + "dev": true, + "requires": { + "detect-indent": "^6.0.0", + "detect-newline": "3.1.0", + "git-hooks-list": "1.0.3", + "globby": "10.0.0", + "is-plain-obj": "2.1.0", + "sort-object-keys": "^1.1.3" + } + }, "spawn-command": { "version": "0.0.2-1", "resolved": "https://registry.npmjs.org/spawn-command/-/spawn-command-0.0.2-1.tgz", @@ -4916,6 +5556,15 @@ "rimraf": "^3.0.0" } }, + "to-regex-range": { + "version": "5.0.1", + "resolved": "https://registry.npmjs.org/to-regex-range/-/to-regex-range-5.0.1.tgz", + "integrity": "sha512-65P7iz6X5yEr1cwcgvQxbbIw7Uk3gOy5dIdtZ4rDveLqhrdJP+Li/Hx6tyK0NEb+2GCyneCMJiGqrADCSNk8sQ==", + "dev": true, + "requires": { + "is-number": "^7.0.0" + } + }, "tough-cookie": { "version": "2.5.0", "resolved": "https://registry.npmjs.org/tough-cookie/-/tough-cookie-2.5.0.tgz", diff --git a/package.json b/package.json index 4d931468c412..c87c3561ee1b 100644 --- a/package.json +++ b/package.json @@ -1,17 +1,21 @@ { "private": true, - "prettier": "ory-prettier-styles", - "config": { - "prettierTarget": "test/e2e/**/*{.ts,.js}" - }, "scripts": { "format": "prettier --write ${npm_package_config_prettierTarget}", "format:check": "prettier --check ${npm_package_config_prettierTarget}", + "openapi-generator-cli": "openapi-generator-cli", "test": "cypress run --browser chrome", "test:watch": "cypress open --browser chrome", - "openapi-generator-cli": "openapi-generator-cli", - "wait-on": "wait-on", - "text-run": "exit 0" + "text-run": "exit 0", + "wait-on": "wait-on" + }, + "config": { + "prettierTarget": "test/e2e/**/*{.ts,.js}" + }, + "prettier": "ory-prettier-styles", + "dependencies": { + "@openapitools/openapi-generator-cli": "^2.1.18", + "yamljs": "^0.3.0" }, "devDependencies": { "@ory/kratos-client": "0.0.0-next.8d3b018594f7", @@ -23,12 +27,9 @@ "got": "^11.8.2", "ory-prettier-styles": "1.1.2", "otplib": "^12.0.1", - "prettier": "2.3.2", + "prettier": "^2.7.1", + "prettier-plugin-packagejson": "^2.2.18", "typescript": "^4.4.3", "wait-on": "5.3.0" - }, - "dependencies": { - "@openapitools/openapi-generator-cli": "^2.1.18", - "yamljs": "^0.3.0" } } From e126586dfbd7c1e9b1828a42c001608c31e6d200 Mon Sep 17 00:00:00 2001 From: ory-bot <60093411+ory-bot@users.noreply.github.com> Date: Wed, 7 Sep 2022 09:43:25 +0000 Subject: [PATCH 246/411] autogen(docs): regenerate and update changelog [skip ci] --- CHANGELOG.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 09409d08f60d..b19f75abcf59 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,7 +4,7 @@ **Table of Contents** -- [ (2022-09-05)](#2022-09-05) +- [ (2022-09-07)](#2022-09-07) - [Breaking Changes](#breaking-changes) - [Bug Fixes](#bug-fixes) - [Code Refactoring](#code-refactoring) @@ -264,7 +264,7 @@ -# [](https://github.com/ory/kratos/compare/v0.10.1...v) (2022-09-05) +# [](https://github.com/ory/kratos/compare/v0.10.1...v) (2022-09-07) ## Breaking Changes From 54c64fcea40ede17a87253042259fd97eeb780fe Mon Sep 17 00:00:00 2001 From: Jonas Hungershausen Date: Wed, 7 Sep 2022 13:38:21 +0200 Subject: [PATCH 247/411] feat: add flow id check to use verification token (#2695) --- .../ee56574d-2f1c-43f6-8d26-0062938ae330.json | 6 +++ .../testdata/20220902141902_testdata.sql | 2 + ...erification_token_without_flow_id.down.sql | 0 ..._verification_token_without_flow_id.up.sql | 2 + ...traint_verification_token_flow_id.down.sql | 5 +++ ..._verification_token_flow_id.mysql.down.sql | 5 +++ ...nt_verification_token_flow_id.mysql.up.sql | 5 +++ ...erification_token_flow_id.sqlite3.down.sql | 37 +++++++++++++++++++ ..._verification_token_flow_id.sqlite3.up.sql | 37 +++++++++++++++++++ ...nstraint_verification_token_flow_id.up.sql | 5 +++ persistence/sql/persister_verification.go | 4 +- selfservice/strategy/link/persistence.go | 2 +- .../strategy/link/strategy_verification.go | 23 ++---------- .../link/strategy_verification_test.go | 19 ++++++++++ selfservice/strategy/link/test/persistence.go | 36 +++++++++--------- .../strategy/link/token_verification.go | 7 ++-- 16 files changed, 152 insertions(+), 43 deletions(-) create mode 100644 persistence/sql/migratest/fixtures/verification_token/ee56574d-2f1c-43f6-8d26-0062938ae330.json create mode 100644 persistence/sql/migratest/testdata/20220902141902_testdata.sql create mode 100644 persistence/sql/migrations/sql/20220825134336000000_delete_verification_token_without_flow_id.down.sql create mode 100644 persistence/sql/migrations/sql/20220825134336000000_delete_verification_token_without_flow_id.up.sql create mode 100644 persistence/sql/migrations/sql/20220825134336000001_not_null_constraint_verification_token_flow_id.down.sql create mode 100644 persistence/sql/migrations/sql/20220825134336000001_not_null_constraint_verification_token_flow_id.mysql.down.sql create mode 100644 persistence/sql/migrations/sql/20220825134336000001_not_null_constraint_verification_token_flow_id.mysql.up.sql create mode 100644 persistence/sql/migrations/sql/20220825134336000001_not_null_constraint_verification_token_flow_id.sqlite3.down.sql create mode 100644 persistence/sql/migrations/sql/20220825134336000001_not_null_constraint_verification_token_flow_id.sqlite3.up.sql create mode 100644 persistence/sql/migrations/sql/20220825134336000001_not_null_constraint_verification_token_flow_id.up.sql diff --git a/persistence/sql/migratest/fixtures/verification_token/ee56574d-2f1c-43f6-8d26-0062938ae330.json b/persistence/sql/migratest/fixtures/verification_token/ee56574d-2f1c-43f6-8d26-0062938ae330.json new file mode 100644 index 000000000000..93b643ac0077 --- /dev/null +++ b/persistence/sql/migratest/fixtures/verification_token/ee56574d-2f1c-43f6-8d26-0062938ae330.json @@ -0,0 +1,6 @@ +{ + "id": "ee56574d-2f1c-43f6-8d26-0062938ae330", + "verification_address": null, + "expires_at": "2013-10-07T08:23:19Z", + "issued_at": "2013-10-07T08:23:19Z" +} diff --git a/persistence/sql/migratest/testdata/20220902141902_testdata.sql b/persistence/sql/migratest/testdata/20220902141902_testdata.sql new file mode 100644 index 000000000000..50181c40cd92 --- /dev/null +++ b/persistence/sql/migratest/testdata/20220902141902_testdata.sql @@ -0,0 +1,2 @@ +INSERT INTO identity_verification_tokens (id, token, used, used_at, identity_verifiable_address_id, selfservice_verification_flow_id, created_at, updated_at, expires_at, issued_at, nid) +VALUES ('ee56574d-2f1c-43f6-8d26-0062938ae330', '1001ba7ddd644cb68478e8947e4jfhe', false, null, '45e867e9-2745-4f16-8dd4-84334a252b61', '5385c962-0295-4575-9b1b-d7eef13c0eda', '2013-10-07 08:23:19', '2013-10-07 08:23:19', '2013-10-07 08:23:19', '2013-10-07 08:23:19', '884f556e-eb3a-4b9f-bee3-11345642c6c0'); diff --git a/persistence/sql/migrations/sql/20220825134336000000_delete_verification_token_without_flow_id.down.sql b/persistence/sql/migrations/sql/20220825134336000000_delete_verification_token_without_flow_id.down.sql new file mode 100644 index 000000000000..e69de29bb2d1 diff --git a/persistence/sql/migrations/sql/20220825134336000000_delete_verification_token_without_flow_id.up.sql b/persistence/sql/migrations/sql/20220825134336000000_delete_verification_token_without_flow_id.up.sql new file mode 100644 index 000000000000..4e7eba1ac487 --- /dev/null +++ b/persistence/sql/migrations/sql/20220825134336000000_delete_verification_token_without_flow_id.up.sql @@ -0,0 +1,2 @@ +DELETE FROM identity_verification_tokens +WHERE selfservice_verification_flow_id IS NULL; diff --git a/persistence/sql/migrations/sql/20220825134336000001_not_null_constraint_verification_token_flow_id.down.sql b/persistence/sql/migrations/sql/20220825134336000001_not_null_constraint_verification_token_flow_id.down.sql new file mode 100644 index 000000000000..5e755e406568 --- /dev/null +++ b/persistence/sql/migrations/sql/20220825134336000001_not_null_constraint_verification_token_flow_id.down.sql @@ -0,0 +1,5 @@ +ALTER TABLE identity_verification_tokens +ALTER selfservice_verification_flow_id DROP NOT NULL; + +DROP INDEX identity_verification_tokens_token_nid_used_flow_id_idx; +CREATE INDEX identity_verification_tokens_token_nid_used_idx ON identity_verification_tokens (nid, token, used); diff --git a/persistence/sql/migrations/sql/20220825134336000001_not_null_constraint_verification_token_flow_id.mysql.down.sql b/persistence/sql/migrations/sql/20220825134336000001_not_null_constraint_verification_token_flow_id.mysql.down.sql new file mode 100644 index 000000000000..726a40c2472c --- /dev/null +++ b/persistence/sql/migrations/sql/20220825134336000001_not_null_constraint_verification_token_flow_id.mysql.down.sql @@ -0,0 +1,5 @@ +ALTER TABLE identity_verification_tokens +MODIFY selfservice_verification_flow_id CHAR(36) NULL; + +DROP INDEX identity_verification_tokens_token_nid_used_flow_id_idx ON identity_verification_tokens; +CREATE INDEX identity_verification_tokens_token_nid_used_idx ON identity_verification_tokens (nid, token, used); diff --git a/persistence/sql/migrations/sql/20220825134336000001_not_null_constraint_verification_token_flow_id.mysql.up.sql b/persistence/sql/migrations/sql/20220825134336000001_not_null_constraint_verification_token_flow_id.mysql.up.sql new file mode 100644 index 000000000000..53d22bee7080 --- /dev/null +++ b/persistence/sql/migrations/sql/20220825134336000001_not_null_constraint_verification_token_flow_id.mysql.up.sql @@ -0,0 +1,5 @@ +ALTER TABLE identity_verification_tokens +MODIFY selfservice_verification_flow_id CHAR(36) NOT NULL; + +DROP INDEX identity_verification_tokens_token_nid_used_idx ON identity_verification_tokens; +CREATE INDEX identity_verification_tokens_token_nid_used_flow_id_idx ON identity_verification_tokens (nid, token, used, selfservice_verification_flow_id); diff --git a/persistence/sql/migrations/sql/20220825134336000001_not_null_constraint_verification_token_flow_id.sqlite3.down.sql b/persistence/sql/migrations/sql/20220825134336000001_not_null_constraint_verification_token_flow_id.sqlite3.down.sql new file mode 100644 index 000000000000..325516f79435 --- /dev/null +++ b/persistence/sql/migrations/sql/20220825134336000001_not_null_constraint_verification_token_flow_id.sqlite3.down.sql @@ -0,0 +1,37 @@ +ALTER TABLE identity_verification_tokens +RENAME TO identity_verification_tokens_; + +CREATE TABLE "identity_verification_tokens" ( +"id" TEXT PRIMARY KEY, +"token" TEXT NOT NULL, +"used" bool NOT NULL DEFAULT 'false', +"used_at" DATETIME, +"expires_at" DATETIME NOT NULL, +"issued_at" DATETIME NOT NULL, +"identity_verifiable_address_id" char(36) NOT NULL, +"selfservice_verification_flow_id" char(36), +"created_at" DATETIME NOT NULL, +"updated_at" DATETIME NOT NULL, +"nid" char(36), +FOREIGN KEY (selfservice_verification_flow_id) REFERENCES selfservice_verification_flows (id) ON UPDATE NO ACTION ON DELETE CASCADE, +FOREIGN KEY (identity_verifiable_address_id) REFERENCES identity_verifiable_addresses (id) ON UPDATE NO ACTION ON DELETE CASCADE +); + +DROP INDEX identity_verification_tokens_id_nid_idx; +DROP INDEX identity_verification_tokens_nid_id_idx; +DROP INDEX identity_verification_tokens_token_nid_used_flow_id_idx; +DROP INDEX identity_verification_tokens_token_uq_idx; +DROP INDEX identity_verification_tokens_verifiable_address_id_idx; +DROP INDEX identity_verification_tokens_verification_flow_id_idx; + +CREATE INDEX identity_verification_tokens_id_nid_idx ON identity_verification_tokens (id, nid); +CREATE INDEX identity_verification_tokens_nid_id_idx ON identity_verification_tokens (nid, id); +CREATE INDEX identity_verification_tokens_token_nid_used_idx ON identity_verification_tokens (nid, token, used); +CREATE UNIQUE INDEX "identity_verification_tokens_token_uq_idx" ON "identity_verification_tokens" (token); +CREATE INDEX "identity_verification_tokens_verifiable_address_id_idx" ON "identity_verification_tokens" (identity_verifiable_address_id); +CREATE INDEX "identity_verification_tokens_verification_flow_id_idx" ON "identity_verification_tokens" (selfservice_verification_flow_id); + +INSERT INTO identity_verification_tokens +SELECT * FROM identity_verification_tokens_; + +DROP TABLE identity_verification_tokens_; diff --git a/persistence/sql/migrations/sql/20220825134336000001_not_null_constraint_verification_token_flow_id.sqlite3.up.sql b/persistence/sql/migrations/sql/20220825134336000001_not_null_constraint_verification_token_flow_id.sqlite3.up.sql new file mode 100644 index 000000000000..b417f6e54690 --- /dev/null +++ b/persistence/sql/migrations/sql/20220825134336000001_not_null_constraint_verification_token_flow_id.sqlite3.up.sql @@ -0,0 +1,37 @@ +ALTER TABLE identity_verification_tokens +RENAME TO identity_verification_tokens_; + +CREATE TABLE "identity_verification_tokens" ( +"id" TEXT PRIMARY KEY, +"token" TEXT NOT NULL, +"used" bool NOT NULL DEFAULT 'false', +"used_at" DATETIME, +"expires_at" DATETIME NOT NULL, +"issued_at" DATETIME NOT NULL, +"identity_verifiable_address_id" char(36) NOT NULL, +"selfservice_verification_flow_id" char(36) NOT NULL, +"created_at" DATETIME NOT NULL, +"updated_at" DATETIME NOT NULL, +"nid" char(36), +FOREIGN KEY (selfservice_verification_flow_id) REFERENCES selfservice_verification_flows (id) ON UPDATE NO ACTION ON DELETE CASCADE, +FOREIGN KEY (identity_verifiable_address_id) REFERENCES identity_verifiable_addresses (id) ON UPDATE NO ACTION ON DELETE CASCADE +); + +DROP INDEX identity_verification_tokens_id_nid_idx; +DROP INDEX identity_verification_tokens_nid_id_idx; +DROP INDEX identity_verification_tokens_token_nid_used_idx; +DROP INDEX identity_verification_tokens_token_uq_idx; +DROP INDEX identity_verification_tokens_verifiable_address_id_idx; +DROP INDEX identity_verification_tokens_verification_flow_id_idx; + +CREATE INDEX identity_verification_tokens_id_nid_idx ON identity_verification_tokens (id, nid); +CREATE INDEX identity_verification_tokens_nid_id_idx ON identity_verification_tokens (nid, id); +CREATE INDEX identity_verification_tokens_token_nid_used_flow_id_idx ON identity_verification_tokens (nid, token, used, selfservice_verification_flow_id); +CREATE UNIQUE INDEX "identity_verification_tokens_token_uq_idx" ON "identity_verification_tokens" (token); +CREATE INDEX "identity_verification_tokens_verifiable_address_id_idx" ON "identity_verification_tokens" (identity_verifiable_address_id); +CREATE INDEX "identity_verification_tokens_verification_flow_id_idx" ON "identity_verification_tokens" (selfservice_verification_flow_id); + +INSERT INTO identity_verification_tokens +SELECT * FROM identity_verification_tokens_; + +DROP TABLE identity_verification_tokens_; \ No newline at end of file diff --git a/persistence/sql/migrations/sql/20220825134336000001_not_null_constraint_verification_token_flow_id.up.sql b/persistence/sql/migrations/sql/20220825134336000001_not_null_constraint_verification_token_flow_id.up.sql new file mode 100644 index 000000000000..3d4173ce4381 --- /dev/null +++ b/persistence/sql/migrations/sql/20220825134336000001_not_null_constraint_verification_token_flow_id.up.sql @@ -0,0 +1,5 @@ +ALTER TABLE identity_verification_tokens +ALTER selfservice_verification_flow_id SET NOT NULL; + +DROP INDEX identity_verification_tokens_token_nid_used_idx; +CREATE INDEX identity_verification_tokens_token_nid_used_flow_id_idx ON identity_verification_tokens (nid, token, used, selfservice_verification_flow_id); diff --git a/persistence/sql/persister_verification.go b/persistence/sql/persister_verification.go index 77a0e22e2b50..8ea41836d451 100644 --- a/persistence/sql/persister_verification.go +++ b/persistence/sql/persister_verification.go @@ -67,7 +67,7 @@ func (p *Persister) CreateVerificationToken(ctx context.Context, token *link.Ver return nil } -func (p *Persister) UseVerificationToken(ctx context.Context, token string) (*link.VerificationToken, error) { +func (p *Persister) UseVerificationToken(ctx context.Context, fID uuid.UUID, token string) (*link.VerificationToken, error) { ctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, "persistence.sql.UseVerificationToken") defer span.End() @@ -76,7 +76,7 @@ func (p *Persister) UseVerificationToken(ctx context.Context, token string) (*li nid := p.NetworkID(ctx) if err := sqlcon.HandleError(p.Transaction(ctx, func(ctx context.Context, tx *pop.Connection) (err error) { for _, secret := range p.r.Config().SecretsSession(ctx) { - if err = tx.Where("token = ? AND nid = ? AND NOT used", p.hmacValueWithSecret(ctx, token, secret), nid).First(&rt); err != nil { + if err = tx.Where("token = ? AND nid = ? AND NOT used AND selfservice_verification_flow_id = ?", p.hmacValueWithSecret(ctx, token, secret), nid, fID).First(&rt); err != nil { if !errors.Is(sqlcon.HandleError(err), sqlcon.ErrNoRows) { return err } diff --git a/selfservice/strategy/link/persistence.go b/selfservice/strategy/link/persistence.go index 1caff3221bb4..930b6750dc28 100644 --- a/selfservice/strategy/link/persistence.go +++ b/selfservice/strategy/link/persistence.go @@ -19,7 +19,7 @@ type ( VerificationTokenPersister interface { CreateVerificationToken(ctx context.Context, token *VerificationToken) error - UseVerificationToken(ctx context.Context, token string) (*VerificationToken, error) + UseVerificationToken(ctx context.Context, fID uuid.UUID, token string) (*VerificationToken, error) DeleteVerificationToken(ctx context.Context, token string) error } diff --git a/selfservice/strategy/link/strategy_verification.go b/selfservice/strategy/link/strategy_verification.go index 22f005ecb23f..9815abcaf3f4 100644 --- a/selfservice/strategy/link/strategy_verification.go +++ b/selfservice/strategy/link/strategy_verification.go @@ -117,7 +117,7 @@ func (s *Strategy) Verify(w http.ResponseWriter, r *http.Request, f *verificatio return s.handleVerificationError(w, r, nil, body, err) } - return s.verificationUseToken(w, r, body) + return s.verificationUseToken(w, r, body, f) } if err := flow.MethodEnabledAndAllowed(r.Context(), s.VerificationStrategyID(), body.Method, s.d); err != nil { @@ -187,8 +187,8 @@ type selfServiceBrowserVerifyParameters struct { Token string `json:"token"` } -func (s *Strategy) verificationUseToken(w http.ResponseWriter, r *http.Request, body *verificationSubmitPayload) error { - token, err := s.d.VerificationTokenPersister().UseVerificationToken(r.Context(), body.Token) +func (s *Strategy) verificationUseToken(w http.ResponseWriter, r *http.Request, body *verificationSubmitPayload, f *verification.Flow) error { + token, err := s.d.VerificationTokenPersister().UseVerificationToken(r.Context(), f.ID, body.Token) if err != nil { if errors.Is(err, sqlcon.ErrNoRows) { return s.retryVerificationFlowWithMessage(w, r, flow.TypeBrowser, text.NewErrorValidationVerificationTokenInvalidOrAlreadyUsed()) @@ -197,23 +197,6 @@ func (s *Strategy) verificationUseToken(w http.ResponseWriter, r *http.Request, return s.retryVerificationFlowWithError(w, r, flow.TypeBrowser, err) } - var f *verification.Flow - if !token.FlowID.Valid { - f, err = verification.NewFlow(s.d.Config(), s.d.Config().SelfServiceFlowVerificationRequestLifespan(r.Context()), s.d.GenerateCSRFToken(r), r, s.d.VerificationStrategies(r.Context()), flow.TypeBrowser) - if err != nil { - return s.retryVerificationFlowWithError(w, r, flow.TypeBrowser, err) - } - - if err := s.d.VerificationFlowPersister().CreateVerificationFlow(r.Context(), f); err != nil { - return s.retryVerificationFlowWithError(w, r, flow.TypeBrowser, err) - } - } else { - f, err = s.d.VerificationFlowPersister().GetVerificationFlow(r.Context(), token.FlowID.UUID) - if err != nil { - return s.retryVerificationFlowWithError(w, r, flow.TypeBrowser, err) - } - } - if err := token.Valid(); err != nil { return s.retryVerificationFlowWithError(w, r, flow.TypeBrowser, err) } diff --git a/selfservice/strategy/link/strategy_verification_test.go b/selfservice/strategy/link/strategy_verification_test.go index e3edb984c502..420f688664d9 100644 --- a/selfservice/strategy/link/strategy_verification_test.go +++ b/selfservice/strategy/link/strategy_verification_test.go @@ -383,4 +383,23 @@ func TestVerification(t *testing.T) { require.NoError(t, err) assert.Equal(t, returnToURL+"?flow="+flow.ID.String(), redirectURL.String()) }) + + t.Run("case=should not be able to use code from different flow", func(t *testing.T) { + + f1, _ := newValidFlow(t, public.URL+verification.RouteInitBrowserFlow) + + _, t2 := newValidFlow(t, public.URL+verification.RouteInitBrowserFlow) + + formValues := url.Values{ + "flow": {f1.ID.String()}, + "token": {t2.Token}, + } + submitUrl := public.URL + verification.RouteSubmitFlow + "?" + formValues.Encode() + + res, err := public.Client().Get(submitUrl) + require.NoError(t, err) + body := ioutilx.MustReadAll(res.Body) + + assert.Equal(t, "The verification token is invalid or has already been used. Please retry the flow.", gjson.GetBytes(body, "ui.messages.0.text").String()) + }) } diff --git a/selfservice/strategy/link/test/persistence.go b/selfservice/strategy/link/test/persistence.go index f8648bf82676..a2d3375eec2e 100644 --- a/selfservice/strategy/link/test/persistence.go +++ b/selfservice/strategy/link/test/persistence.go @@ -123,15 +123,10 @@ func TestPersister(ctx context.Context, conf *config.Config, p interface { }) t.Run("token=verification", func(t *testing.T) { - t.Run("case=should error when the verification token does not exist", func(t *testing.T) { - _, err := p.UseVerificationToken(ctx, "i-do-not-exist") - require.Error(t, err) - }) - - newVerificationToken := func(t *testing.T, email string) *link.VerificationToken { - var req verification.Flow - require.NoError(t, faker.FakeData(&req)) - require.NoError(t, p.CreateVerificationFlow(ctx, &req)) + newVerificationToken := func(t *testing.T, email string) (*verification.Flow, *link.VerificationToken) { + var f verification.Flow + require.NoError(t, faker.FakeData(&f)) + require.NoError(t, p.CreateVerificationFlow(ctx, &f)) var i identity.Identity require.NoError(t, faker.FakeData(&i)) @@ -140,9 +135,9 @@ func TestPersister(ctx context.Context, conf *config.Config, p interface { i.VerifiableAddresses = append(i.VerifiableAddresses, *address) require.NoError(t, p.CreateIdentity(ctx, &i)) - return &link.VerificationToken{ + return &f, &link.VerificationToken{ Token: x.NewUUID().String(), - FlowID: uuid.NullUUID{UUID: req.ID, Valid: true}, + FlowID: f.ID, VerifiableAddress: &i.VerifiableAddresses[0], ExpiresAt: time.Now(), IssuedAt: time.Now(), @@ -150,26 +145,33 @@ func TestPersister(ctx context.Context, conf *config.Config, p interface { } t.Run("case=should error when the verification token does not exist", func(t *testing.T) { - _, err := p.UseVerificationToken(ctx, "i-do-not-exist") + _, err := p.UseVerificationToken(ctx, x.NewUUID(), "i-do-not-exist") + require.Error(t, err) + }) + + t.Run("case=should error when the verification token does exist but the flow does not", func(t *testing.T) { + _, token := newVerificationToken(t, x.NewUUID().String()+"@ory.sh") + require.NoError(t, p.CreateVerificationToken(ctx, token)) + _, err := p.UseVerificationToken(ctx, x.NewUUID(), token.Token) require.Error(t, err) }) t.Run("case=should create a new verification token", func(t *testing.T) { - token := newVerificationToken(t, "foo-user@ory.sh") + _, token := newVerificationToken(t, "foo-user@ory.sh") require.NoError(t, p.CreateVerificationToken(ctx, token)) }) t.Run("case=should create a verification token and use it", func(t *testing.T) { - expected := newVerificationToken(t, "other-user@ory.sh") + f, expected := newVerificationToken(t, "other-user@ory.sh") require.NoError(t, p.CreateVerificationToken(ctx, expected)) t.Run("not work on another network", func(t *testing.T) { _, p := testhelpers.NewNetwork(t, ctx, p) - _, err := p.UseVerificationToken(ctx, expected.Token) + _, err := p.UseVerificationToken(ctx, f.ID, expected.Token) require.ErrorIs(t, err, sqlcon.ErrNoRows) }) - actual, err := p.UseVerificationToken(ctx, expected.Token) + actual, err := p.UseVerificationToken(ctx, f.ID, expected.Token) require.NoError(t, err) assertx.EqualAsJSONExcept(t, expected.VerifiableAddress, actual.VerifiableAddress, []string{"created_at", "updated_at"}) assert.Equal(t, nid, actual.NID) @@ -177,7 +179,7 @@ func TestPersister(ctx context.Context, conf *config.Config, p interface { assert.NotEqual(t, expected.Token, actual.Token) assert.EqualValues(t, expected.FlowID, actual.FlowID) - _, err = p.UseVerificationToken(ctx, expected.Token) + _, err = p.UseVerificationToken(ctx, f.ID, expected.Token) require.Error(t, err) }) }) diff --git a/selfservice/strategy/link/token_verification.go b/selfservice/strategy/link/token_verification.go index 93454725b47d..b7c8fe3bd5c6 100644 --- a/selfservice/strategy/link/token_verification.go +++ b/selfservice/strategy/link/token_verification.go @@ -44,8 +44,8 @@ type VerificationToken struct { // VerifiableAddressID is a helper struct field for gobuffalo.pop. VerifiableAddressID uuid.UUID `json:"-" faker:"-" db:"identity_verifiable_address_id"` // FlowID is a helper struct field for gobuffalo.pop. - FlowID uuid.NullUUID `json:"-" faker:"-" db:"selfservice_verification_flow_id"` - NID uuid.UUID `json:"-" faker:"-" db:"nid"` + FlowID uuid.UUID `json:"-" faker:"-" db:"selfservice_verification_flow_id"` + NID uuid.UUID `json:"-" faker:"-" db:"nid"` } func (VerificationToken) TableName(ctx context.Context) string { @@ -60,7 +60,8 @@ func NewSelfServiceVerificationToken(address *identity.VerifiableAddress, f *ver VerifiableAddress: address, ExpiresAt: now.Add(expiresIn), IssuedAt: now, - FlowID: uuid.NullUUID{UUID: f.ID, Valid: true}} + FlowID: f.ID, + } } func (f *VerificationToken) Valid() error { From fa4b59b8acdbef866aa1860756d04dab0813e32e Mon Sep 17 00:00:00 2001 From: ory-bot <60093411+ory-bot@users.noreply.github.com> Date: Wed, 7 Sep 2022 12:21:08 +0000 Subject: [PATCH 248/411] autogen(docs): regenerate and update changelog [skip ci] --- CHANGELOG.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index b19f75abcf59..90236bdd4f51 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -456,6 +456,9 @@ SDK Method `getJsonSchema` was renamed to `getIdentitySchema`. ([90da0bb](https://github.com/ory/kratos/commit/90da0bb4aeb50ed697c998342300cc56de5d5e1c)) - Add DingTalk social login ([#2494](https://github.com/ory/kratos/issues/2494)) ([7b966bd](https://github.com/ory/kratos/commit/7b966bd16333f419b2a57f2a0b8684d6d86b34e6)) +- Add flow id check to use verification token + ([#2695](https://github.com/ory/kratos/issues/2695)) + ([54c64fc](https://github.com/ory/kratos/commit/54c64fcea40ede17a87253042259fd97eeb780fe)) - Add identity id to "account disabled" error ([#2557](https://github.com/ory/kratos/issues/2557)) ([f09b1b3](https://github.com/ory/kratos/commit/f09b1b3701c6deda4d25cebb7ccf2e97089be32a)) From 3e3b59e53de8cb89e9fd01cfec75a0f8a601035b Mon Sep 17 00:00:00 2001 From: Landon Pattison <67596936+LandonPattison@users.noreply.github.com> Date: Thu, 8 Sep 2022 03:43:53 -0500 Subject: [PATCH 249/411] feat: allow importing scrypt hashing algorithm (#2689) It is now possible to import scrypt-hashed passwords. See #2422 --- hash/hash_comparator.go | 61 +++++++++++++++++++ hash/hasher_scrypt.go | 9 +++ hash/hasher_test.go | 11 ++++ ..._to_import_users-with_scrypt_password.json | 20 ++++++ identity/handler_import.go | 2 +- identity/handler_test.go | 12 ++++ 6 files changed, 114 insertions(+), 1 deletion(-) create mode 100644 hash/hasher_scrypt.go create mode 100644 identity/.snapshots/TestHandler-case=should_be_able_to_import_users-with_scrypt_password.json diff --git a/hash/hash_comparator.go b/hash/hash_comparator.go index dc4ab0914b97..7514dc7c999c 100644 --- a/hash/hash_comparator.go +++ b/hash/hash_comparator.go @@ -12,6 +12,7 @@ import ( "golang.org/x/crypto/argon2" "golang.org/x/crypto/bcrypt" "golang.org/x/crypto/pbkdf2" + "golang.org/x/crypto/scrypt" "github.com/ory/kratos/driver/config" ) @@ -28,6 +29,8 @@ func Compare(ctx context.Context, password []byte, hash []byte) error { return CompareArgon2i(ctx, password, hash) case IsPbkdf2Hash(hash): return ComparePbkdf2(ctx, password, hash) + case IsScryptHash(hash): + return CompareScrypt(ctx, password, hash) default: return errors.WithStack(ErrUnknownHashAlgorithm) } @@ -106,11 +109,35 @@ func ComparePbkdf2(_ context.Context, password []byte, hash []byte) error { return errors.WithStack(ErrMismatchedHashAndPassword) } +func CompareScrypt(_ context.Context, password []byte, hash []byte) error { + // Extract the parameters, salt and derived key from the encoded password + // hash. + p, salt, hash, err := decodeScryptHash(string(hash)) + if err != nil { + return err + } + + // Derive the key from the other password using the same parameters. + otherHash, err := scrypt.Key(password, salt, int(p.Cost), int(p.Block), int(p.Parrellization), int(p.KeyLength)) + if err != nil { + return errors.WithStack(err) + } + + // Check that the contents of the hashed passwords are identical. Note + // that we are using the subtle.ConstantTimeCompare() function for this + // to help prevent timing attacks. + if subtle.ConstantTimeCompare(hash, otherHash) == 1 { + return nil + } + return errors.WithStack(ErrMismatchedHashAndPassword) +} + var ( isBcryptHash = regexp.MustCompile(`^\$2[abzy]?\$`) isArgon2idHash = regexp.MustCompile(`^\$argon2id\$`) isArgon2iHash = regexp.MustCompile(`^\$argon2i\$`) isPbkdf2Hash = regexp.MustCompile(`^\$pbkdf2-sha[0-9]{1,3}\$`) + isScryptHash = regexp.MustCompile(`^\$scrypt\$`) ) func IsBcryptHash(hash []byte) bool { @@ -129,6 +156,10 @@ func IsPbkdf2Hash(hash []byte) bool { return isPbkdf2Hash.Match(hash) } +func IsScryptHash(hash []byte) bool { + return isScryptHash.Match(hash) +} + func decodeArgon2idHash(encodedHash string) (p *config.Argon2, salt, hash []byte, err error) { parts := strings.Split(encodedHash, "$") if len(parts) != 6 { @@ -199,3 +230,33 @@ func decodePbkdf2Hash(encodedHash string) (p *Pbkdf2, salt, hash []byte, err err return p, salt, hash, nil } + +// decodeScryptHash decodes Scrypt encoded password hash. +// format: $scrypt$ln=,r=,p=$$ +func decodeScryptHash(encodedHash string) (p *Scrypt, salt, hash []byte, err error) { + parts := strings.Split(encodedHash, "$") + if len(parts) != 5 { + return nil, nil, nil, ErrInvalidHash + } + + p = new(Scrypt) + + _, err = fmt.Sscanf(parts[2], "ln=%d,r=%d,p=%d", &p.Cost, &p.Block, &p.Parrellization) + if err != nil { + return nil, nil, nil, err + } + + salt, err = base64.StdEncoding.Strict().DecodeString(parts[3]) + if err != nil { + return nil, nil, nil, err + } + p.SaltLength = uint32(len(salt)) + + hash, err = base64.StdEncoding.Strict().DecodeString(parts[4]) + if err != nil { + return nil, nil, nil, err + } + p.KeyLength = uint32(len(hash)) + + return p, salt, hash, nil +} diff --git a/hash/hasher_scrypt.go b/hash/hasher_scrypt.go new file mode 100644 index 000000000000..9075c6b9e07d --- /dev/null +++ b/hash/hasher_scrypt.go @@ -0,0 +1,9 @@ +package hash + +type Scrypt struct { + Cost uint32 + Block uint32 + Parrellization uint32 + SaltLength uint32 + KeyLength uint32 +} diff --git a/hash/hasher_test.go b/hash/hasher_test.go index 14e88a6a1483..cde1e3f00756 100644 --- a/hash/hasher_test.go +++ b/hash/hasher_test.go @@ -231,4 +231,15 @@ func TestCompare(t *testing.T) { assert.Error(t, hash.Compare(context.Background(), []byte("test"), []byte("$pbkdf2-sha256$i=100000,l=32$1jP+5Zxpxgtee/iPxGgOz0RfE9/KJuDElP1ley4VxXcc$QJxzfvdbHYBpydCbHoFg3GJEqMFULwskiuqiJctoYpI"))) assert.Error(t, hash.Compare(context.Background(), []byte("test"), []byte("$pbkdf2-sha256$i=100000,l=32$1jP+5Zxpxgtee/iPxGgOz0RfE9/KJuDElP1ley4VxXc$QJxzfvdbHYBpydCbHoFg3GJEqMFULwskiuqiJctoYpII"))) assert.Error(t, hash.Compare(context.Background(), []byte("test"), []byte("$pbkdf2-sha512$I=100000,l=32$bdHBpn7OWOivJMVJypy2UqR0UnaD5prQXRZevj/05YU$+wArTfv1a+bNGO1iZrmEdVjhA+lL11wF4/IxpgYfPwc"))) + + assert.Nil(t, hash.Compare(context.Background(), []byte("test"), []byte("$scrypt$ln=16384,r=8,p=1$2npRo7P03Mt8keSoMbyD/tKFWyUzjiQf2svUaNDSrhA=$MiCzNcIplSMqSBrm4HckjYqYhaVPPjTARTzwB1cVNYE="))) + assert.Nil(t, hash.CompareScrypt(context.Background(), []byte("test"), []byte("$scrypt$ln=16384,r=8,p=1$2npRo7P03Mt8keSoMbyD/tKFWyUzjiQf2svUaNDSrhA=$MiCzNcIplSMqSBrm4HckjYqYhaVPPjTARTzwB1cVNYE="))) + assert.Error(t, hash.Compare(context.Background(), []byte("test"), []byte("$scrypt$ln=16384,r=8,p=1$2npRo7P03Mt8keSoMbyD/tKFWyUzjiQf2svUaNDSrhA=$MiCzNcIplSMqSBrm4HckjYqYhaVPPjTARTzwB1cVNYF="))) + + assert.Error(t, hash.Compare(context.Background(), []byte("test"), []byte("$scrypt$2npRo7P03Mt8keSoMbyD/tKFWyUzjiQf2svUaNDSrhA=$MiCzNcIplSMqSBrm4HckjYqYhaVPPjTARTzwB1cVNYE="))) + assert.Error(t, hash.Compare(context.Background(), []byte("test"), []byte("$scrypt$ln=16384,r=8,p=1$(2npRo7P03Mt8keSoMbyD/tKFWyUzjiQf2svUaNDSrhA=$MiCzNcIplSMqSBrm4HckjYqYhaVPPjTARTzwB1cVNYE="))) + assert.Error(t, hash.Compare(context.Background(), []byte("test"), []byte("$scrypt$ln=16384,r=8,p=1$(2npRo7P03Mt8keSoMbyD/tKFWyUzjiQf2svUaNDSrhA=$(MiCzNcIplSMqSBrm4HckjYqYhaVPPjTARTzwB1cVNYE="))) + assert.Error(t, hash.Compare(context.Background(), []byte("test"), []byte("$scrypt$ln=16385,r=8,p=1$2npRo7P03Mt8keSoMbyD/tKFWyUzjiQf2svUaNDSrhA=$MiCzNcIplSMqSBrm4HckjYqYhaVPPjTARTzwB1cVNYE="))) + assert.Error(t, hash.Compare(context.Background(), []byte("tesu"), []byte("$scrypt$ln=16384,r=8,p=1$2npRo7P03Mt8keSoMbyD/tKFWyUzjiQf2svUaNDSrhA=$MiCzNcIplSMqSBrm4HckjYqYhaVPPjTARTzwB1cVNYE="))) + assert.Error(t, hash.Compare(context.Background(), []byte("tesu"), []byte("$scrypt$ln=abc,r=8,p=1$2npRo7P03Mt8keSoMbyD/tKFWyUzjiQf2svUaNDSrhA=$MiCzNcIplSMqSBrm4HckjYqYhaVPPjTARTzwB1cVNYE="))) } diff --git a/identity/.snapshots/TestHandler-case=should_be_able_to_import_users-with_scrypt_password.json b/identity/.snapshots/TestHandler-case=should_be_able_to_import_users-with_scrypt_password.json new file mode 100644 index 000000000000..20f96677c816 --- /dev/null +++ b/identity/.snapshots/TestHandler-case=should_be_able_to_import_users-with_scrypt_password.json @@ -0,0 +1,20 @@ +{ + "credentials": { + "password": { + "type": "password", + "identifiers": [ + "import-7@ory.sh" + ], + "config": { + }, + "version": 0 + } + }, + "schema_id": "default", + "state": "active", + "traits": { + "email": "import-7@ory.sh" + }, + "metadata_public": null, + "metadata_admin": null +} diff --git a/identity/handler_import.go b/identity/handler_import.go index 5e27cc287d50..40d3c3849553 100644 --- a/identity/handler_import.go +++ b/identity/handler_import.go @@ -45,7 +45,7 @@ func (h *Handler) importPasswordCredentials(ctx context.Context, i *Identity, cr creds.Config.HashedPassword = string(hashed) } - if !(hash.IsArgon2idHash(hashed) || hash.IsArgon2iHash(hashed) || hash.IsBcryptHash(hashed) || hash.IsPbkdf2Hash(hashed)) { + if !(hash.IsArgon2idHash(hashed) || hash.IsArgon2iHash(hashed) || hash.IsBcryptHash(hashed) || hash.IsPbkdf2Hash(hashed) || hash.IsScryptHash(hashed)) { return errors.WithStack(herodot.ErrBadRequest.WithReasonf("The imported password does not match any known hash format. For more information see https://www.ory.sh/dr/2")) } diff --git a/identity/handler_test.go b/identity/handler_test.go index f3bce9668f33..c3ea255284e7 100644 --- a/identity/handler_test.go +++ b/identity/handler_test.go @@ -266,6 +266,18 @@ func TestHandler(t *testing.T) { require.NoError(t, hash.Compare(ctx, []byte("123456"), []byte(gjson.GetBytes(actual.Credentials[identity.CredentialsTypePassword].Config, "hashed_password").String()))) }) + + t.Run("with scrypt password", func(t *testing.T) { + res := send(t, adminTS, "POST", "/identities", http.StatusCreated, identity.AdminCreateIdentityBody{Traits: []byte(`{"email": "import-7@ory.sh"}`), + Credentials: &identity.AdminIdentityImportCredentials{Password: &identity.AdminIdentityImportCredentialsPassword{ + Config: identity.AdminIdentityImportCredentialsPasswordConfig{HashedPassword: "$scrypt$ln=16384,r=8,p=1$ZtQva9xCHzlSELH/mA7Kj5KjH2tCrkbwYzdxknkL0QQ=$pnTcXKaWVT+FwFDdk3vO1K0J7ZgOxdSU1tCJNYmn8zI="}}}}) + actual, err := reg.PrivilegedIdentityPool().GetIdentityConfidential(ctx, uuid.FromStringOrNil(res.Get("id").String())) + require.NoError(t, err) + + snapshotx.SnapshotTExceptMatchingKeys(t, identity.WithCredentialsAndAdminMetadataInJSON(*actual), append(ignoreDefault, "hashed_password")) + + require.NoError(t, hash.Compare(ctx, []byte("123456"), []byte(gjson.GetBytes(actual.Credentials[identity.CredentialsTypePassword].Config, "hashed_password").String()))) + }) }) t.Run("case=unable to set ID itself", func(t *testing.T) { From 9de4705fcba40ce875a846e21ac1de5ff80a1033 Mon Sep 17 00:00:00 2001 From: ory-bot <60093411+ory-bot@users.noreply.github.com> Date: Thu, 8 Sep 2022 09:28:11 +0000 Subject: [PATCH 250/411] autogen(docs): regenerate and update changelog [skip ci] --- CHANGELOG.md | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 90236bdd4f51..c19064d71f0a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,7 +4,7 @@ **Table of Contents** -- [ (2022-09-07)](#2022-09-07) +- [ (2022-09-08)](#2022-09-08) - [Breaking Changes](#breaking-changes) - [Bug Fixes](#bug-fixes) - [Code Refactoring](#code-refactoring) @@ -264,7 +264,7 @@ -# [](https://github.com/ory/kratos/compare/v0.10.1...v) (2022-09-07) +# [](https://github.com/ory/kratos/compare/v0.10.1...v) (2022-09-08) ## Breaking Changes @@ -470,6 +470,13 @@ SDK Method `getJsonSchema` was renamed to `getIdentitySchema`. ([94a3741](https://github.com/ory/kratos/commit/94a37416011086582e309f62dc2c45ca84083a33)) - Add pre-hooks to settings, verification, recovery ([c0ceaf3](https://github.com/ory/kratos/commit/c0ceaf31f9327cca903c19b77597cae4587737e6)) +- Allow importing scrypt hashing algorithm + ([#2689](https://github.com/ory/kratos/issues/2689)) + ([3e3b59e](https://github.com/ory/kratos/commit/3e3b59e53de8cb89e9fd01cfec75a0f8a601035b)), + closes [#2422](https://github.com/ory/kratos/issues/2422): + + It is now possible to import scrypt-hashed passwords. + - Allow setting public and admin metadata with the jsonnet data mapper ([#2569](https://github.com/ory/kratos/issues/2569)) ([aa6eb13](https://github.com/ory/kratos/commit/aa6eb13c1c42c11354074553fac9c90ee0a8999e)), From c4d95afac590136acd14efa093f48c301fd07164 Mon Sep 17 00:00:00 2001 From: Jonas Hungershausen Date: Sun, 11 Sep 2022 17:50:07 +0200 Subject: [PATCH 251/411] fix: patch invalidates credentials (#2721) Fixes ory/cloud#148 --- identity/handler.go | 6 +++++ identity/handler_test.go | 50 ++++++++++++++++++++++++++++++++++++++++ 2 files changed, 56 insertions(+) diff --git a/identity/handler.go b/identity/handler.go index 7c9a99bedd78..1ce8aae4a723 100644 --- a/identity/handler.go +++ b/identity/handler.go @@ -597,6 +597,8 @@ func (h *Handler) patch(w http.ResponseWriter, r *http.Request, ps httprouter.Pa return } + credentials := identity.Credentials + oldState := identity.State if err := jsonx.ApplyJSONPatch(requestBody, identity, "/id", "/stateChangedAt", "/credentials"); err != nil { @@ -604,6 +606,10 @@ func (h *Handler) patch(w http.ResponseWriter, r *http.Request, ps httprouter.Pa return } + // See https://github.com/ory/cloud/issues/148 + // The apply patch operation overrides the credentials with an empty map. + identity.Credentials = credentials + if oldState != identity.State { // Check if the changed state was actually valid if err := identity.State.IsValid(); err != nil { diff --git a/identity/handler_test.go b/identity/handler_test.go index c3ea255284e7..d0f52e1ec8fa 100644 --- a/identity/handler_test.go +++ b/identity/handler_test.go @@ -8,6 +8,7 @@ import ( "io" "net/http" "net/http/httptest" + "net/url" "testing" "time" @@ -654,6 +655,55 @@ func TestHandler(t *testing.T) { } }) + t.Run("case=PATCH should not invalidate credentials ory/cloud#148", func(t *testing.T) { + // see https://github.com/ory/cloud/issues/148 + + createCredentials := func(t *testing.T) (*identity.Identity, string, string) { + t.Helper() + uuid := x.NewUUID().String() + email := uuid + "@ory.sh" + password := "ljanf123akf" + p, err := reg.Hasher(ctx).Generate(context.Background(), []byte(password)) + require.NoError(t, err) + i := &identity.Identity{Traits: identity.Traits(`{"email":"` + email + `"}`)} + i.SetCredentials(identity.CredentialsTypePassword, identity.Credentials{ + Type: identity.CredentialsTypePassword, + Identifiers: []string{email}, + Config: sqlxx.JSONRawMessage(`{"hashed_password":"` + string(p) + `"}`), + }) + require.NoError(t, reg.PrivilegedIdentityPool().CreateIdentity(context.Background(), i)) + return i, email, password + } + + for name, ts := range map[string]*httptest.Server{"public": publicTS, "admin": adminTS} { + t.Run("endpoint="+name, func(t *testing.T) { + i, email, password := createCredentials(t) + values := func(v url.Values) { + v.Set("identifier", email) + v.Set("password", password) + } + + // verify login works initially + loginResponse := testhelpers.SubmitLoginForm(t, true, ts.Client(), ts, values, false, true, 200, "") + require.NotEmpty(t, gjson.Get(loginResponse, "session_token").String(), "expected to find a session token, found none") + + ur := makePatch(t, patch{ + "op": "replace", "path": "/metadata_public", "value": map[string]string{ + "role": "user", + }, + }) + + res := send(t, ts, "PATCH", "/identities/"+i.ID.String(), http.StatusOK, &ur) + assert.EqualValues(t, "user", res.Get("metadata_public.role").String(), "%s", res.Raw) + assert.NotEqualValues(t, i.StateChangedAt, sqlxx.NullTime(res.Get("state_changed_at").Time()), "%s", res.Raw) + + loginResponse = testhelpers.SubmitLoginForm(t, true, ts.Client(), ts, values, false, true, 200, "") + msgs := gjson.Get(loginResponse, "ui.messages") + require.Empty(t, msgs.Array(), "expected to find no messages: %s", msgs.String()) + }) + } + }) + t.Run("case=should delete a user and no longer be able to retrieve it", func(t *testing.T) { for name, ts := range map[string]*httptest.Server{"public": publicTS, "admin": adminTS} { t.Run("endpoint="+name, func(t *testing.T) { From de363c6f0b2da29513ca99a711c2de08227c64e2 Mon Sep 17 00:00:00 2001 From: ory-bot <60093411+ory-bot@users.noreply.github.com> Date: Sun, 11 Sep 2022 16:29:11 +0000 Subject: [PATCH 252/411] autogen(docs): regenerate and update changelog [skip ci] --- CHANGELOG.md | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index c19064d71f0a..e102f286f62b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,7 +4,7 @@ **Table of Contents** -- [ (2022-09-08)](#2022-09-08) +- [ (2022-09-11)](#2022-09-11) - [Breaking Changes](#breaking-changes) - [Bug Fixes](#bug-fixes) - [Code Refactoring](#code-refactoring) @@ -264,7 +264,7 @@ -# [](https://github.com/ory/kratos/compare/v0.10.1...v) (2022-09-08) +# [](https://github.com/ory/kratos/compare/v0.10.1...v) (2022-09-11) ## Breaking Changes @@ -366,6 +366,10 @@ SDK Method `getJsonSchema` was renamed to `getIdentitySchema`. ([a115486](https://github.com/ory/kratos/commit/a11548603a4c9b46ba238d2a7ee58fffb7f6d857)) - Panic ([1182278](https://github.com/ory/kratos/commit/11822789c1561b27c2d769c9ea53a81835702f4a)) +- Patch invalidates credentials + ([#2721](https://github.com/ory/kratos/issues/2721)) + ([c4d95af](https://github.com/ory/kratos/commit/c4d95afac590136acd14efa093f48c301fd07164)), + closes [ory/cloud#148](https://github.com/ory/cloud/issues/148) - Potentially resolve tx issue in crdb ([#2595](https://github.com/ory/kratos/issues/2595)) ([9d22035](https://github.com/ory/kratos/commit/9d22035695b6a793ac4bc5e2bd0a68b3aeea039c)) From 32e32d1b98404ac14a44b2f0ccefa8c02d38c5f7 Mon Sep 17 00:00:00 2001 From: hackerman <3372410+aeneasr@users.noreply.github.com> Date: Mon, 12 Sep 2022 08:39:20 +0200 Subject: [PATCH 253/411] feat: add missing cookie headers to SDK methods (#2720) See https://github.com/ory/kratos/discussions/2583 --- internal/httpclient/README.md | 52 ++-- internal/httpclient/api/openapi.yaml | 76 +++-- internal/httpclient/api_metadata.go | 26 +- internal/httpclient/api_v0alpha2.go | 387 +++++++++++++----------- internal/httpclient/docs/V0alpha2Api.md | 116 +++---- selfservice/flow/login/handler.go | 9 + selfservice/flow/settings/handler.go | 9 + spec/api.json | 68 +++-- spec/swagger.json | 64 ++-- 9 files changed, 457 insertions(+), 350 deletions(-) diff --git a/internal/httpclient/README.md b/internal/httpclient/README.md index ec39a91a1ac8..d6b83db12981 100644 --- a/internal/httpclient/README.md +++ b/internal/httpclient/README.md @@ -86,47 +86,47 @@ Class | Method | HTTP request | Description *MetadataApi* | [**GetVersion**](docs/MetadataApi.md#getversion) | **Get** /version | Return Running Software Version. *MetadataApi* | [**IsAlive**](docs/MetadataApi.md#isalive) | **Get** /health/alive | Check HTTP Server Status *MetadataApi* | [**IsReady**](docs/MetadataApi.md#isready) | **Get** /health/ready | Check HTTP Server and Database Status -*V0alpha2Api* | [**AdminCreateIdentity**](docs/V0alpha2Api.md#admincreateidentity) | **Post** /admin/identities | # Create an Identity -*V0alpha2Api* | [**AdminCreateSelfServiceRecoveryLink**](docs/V0alpha2Api.md#admincreateselfservicerecoverylink) | **Post** /admin/recovery/link | # Create a Recovery Link -*V0alpha2Api* | [**AdminDeleteIdentity**](docs/V0alpha2Api.md#admindeleteidentity) | **Delete** /admin/identities/{id} | # Delete an Identity +*V0alpha2Api* | [**AdminCreateIdentity**](docs/V0alpha2Api.md#admincreateidentity) | **Post** /admin/identities | Create an Identity +*V0alpha2Api* | [**AdminCreateSelfServiceRecoveryLink**](docs/V0alpha2Api.md#admincreateselfservicerecoverylink) | **Post** /admin/recovery/link | Create a Recovery Link +*V0alpha2Api* | [**AdminDeleteIdentity**](docs/V0alpha2Api.md#admindeleteidentity) | **Delete** /admin/identities/{id} | Delete an Identity *V0alpha2Api* | [**AdminDeleteIdentitySessions**](docs/V0alpha2Api.md#admindeleteidentitysessions) | **Delete** /admin/identities/{id}/sessions | Calling this endpoint irrecoverably and permanently deletes and invalidates all sessions that belong to the given Identity. *V0alpha2Api* | [**AdminExtendSession**](docs/V0alpha2Api.md#adminextendsession) | **Patch** /admin/sessions/{id}/extend | Calling this endpoint extends the given session ID. If `session.earliest_possible_extend` is set it will only extend the session after the specified time has passed. -*V0alpha2Api* | [**AdminGetIdentity**](docs/V0alpha2Api.md#admingetidentity) | **Get** /admin/identities/{id} | # Get an Identity -*V0alpha2Api* | [**AdminListIdentities**](docs/V0alpha2Api.md#adminlistidentities) | **Get** /admin/identities | # List Identities +*V0alpha2Api* | [**AdminGetIdentity**](docs/V0alpha2Api.md#admingetidentity) | **Get** /admin/identities/{id} | Get an Identity +*V0alpha2Api* | [**AdminListIdentities**](docs/V0alpha2Api.md#adminlistidentities) | **Get** /admin/identities | List Identities *V0alpha2Api* | [**AdminListIdentitySessions**](docs/V0alpha2Api.md#adminlistidentitysessions) | **Get** /admin/identities/{id}/sessions | This endpoint returns all sessions that belong to the given Identity. *V0alpha2Api* | [**AdminPatchIdentity**](docs/V0alpha2Api.md#adminpatchidentity) | **Patch** /admin/identities/{id} | Partially updates an Identity's field using [JSON Patch](https://jsonpatch.com/) -*V0alpha2Api* | [**AdminUpdateIdentity**](docs/V0alpha2Api.md#adminupdateidentity) | **Put** /admin/identities/{id} | # Update an Identity -*V0alpha2Api* | [**CreateSelfServiceLogoutFlowUrlForBrowsers**](docs/V0alpha2Api.md#createselfservicelogoutflowurlforbrowsers) | **Get** /self-service/logout/browser | # Create a Logout URL for Browsers +*V0alpha2Api* | [**AdminUpdateIdentity**](docs/V0alpha2Api.md#adminupdateidentity) | **Put** /admin/identities/{id} | Update an Identity +*V0alpha2Api* | [**CreateSelfServiceLogoutFlowUrlForBrowsers**](docs/V0alpha2Api.md#createselfservicelogoutflowurlforbrowsers) | **Get** /self-service/logout/browser | Create a Logout URL for Browsers *V0alpha2Api* | [**GetIdentitySchema**](docs/V0alpha2Api.md#getidentityschema) | **Get** /schemas/{id} | -*V0alpha2Api* | [**GetSelfServiceError**](docs/V0alpha2Api.md#getselfserviceerror) | **Get** /self-service/errors | # Get Self-Service Errors -*V0alpha2Api* | [**GetSelfServiceLoginFlow**](docs/V0alpha2Api.md#getselfserviceloginflow) | **Get** /self-service/login/flows | # Get Login Flow -*V0alpha2Api* | [**GetSelfServiceRecoveryFlow**](docs/V0alpha2Api.md#getselfservicerecoveryflow) | **Get** /self-service/recovery/flows | # Get Recovery Flow -*V0alpha2Api* | [**GetSelfServiceRegistrationFlow**](docs/V0alpha2Api.md#getselfserviceregistrationflow) | **Get** /self-service/registration/flows | # Get Registration Flow -*V0alpha2Api* | [**GetSelfServiceSettingsFlow**](docs/V0alpha2Api.md#getselfservicesettingsflow) | **Get** /self-service/settings/flows | # Get Settings Flow -*V0alpha2Api* | [**GetSelfServiceVerificationFlow**](docs/V0alpha2Api.md#getselfserviceverificationflow) | **Get** /self-service/verification/flows | # Get Verification Flow -*V0alpha2Api* | [**GetWebAuthnJavaScript**](docs/V0alpha2Api.md#getwebauthnjavascript) | **Get** /.well-known/ory/webauthn.js | # Get WebAuthn JavaScript -*V0alpha2Api* | [**InitializeSelfServiceLoginFlowForBrowsers**](docs/V0alpha2Api.md#initializeselfserviceloginflowforbrowsers) | **Get** /self-service/login/browser | # Initialize Login Flow for Browsers +*V0alpha2Api* | [**GetSelfServiceError**](docs/V0alpha2Api.md#getselfserviceerror) | **Get** /self-service/errors | Get Self-Service Errors +*V0alpha2Api* | [**GetSelfServiceLoginFlow**](docs/V0alpha2Api.md#getselfserviceloginflow) | **Get** /self-service/login/flows | Get Login Flow +*V0alpha2Api* | [**GetSelfServiceRecoveryFlow**](docs/V0alpha2Api.md#getselfservicerecoveryflow) | **Get** /self-service/recovery/flows | Get Recovery Flow +*V0alpha2Api* | [**GetSelfServiceRegistrationFlow**](docs/V0alpha2Api.md#getselfserviceregistrationflow) | **Get** /self-service/registration/flows | Get Registration Flow +*V0alpha2Api* | [**GetSelfServiceSettingsFlow**](docs/V0alpha2Api.md#getselfservicesettingsflow) | **Get** /self-service/settings/flows | Get Settings Flow +*V0alpha2Api* | [**GetSelfServiceVerificationFlow**](docs/V0alpha2Api.md#getselfserviceverificationflow) | **Get** /self-service/verification/flows | Get Verification Flow +*V0alpha2Api* | [**GetWebAuthnJavaScript**](docs/V0alpha2Api.md#getwebauthnjavascript) | **Get** /.well-known/ory/webauthn.js | Get WebAuthn JavaScript +*V0alpha2Api* | [**InitializeSelfServiceLoginFlowForBrowsers**](docs/V0alpha2Api.md#initializeselfserviceloginflowforbrowsers) | **Get** /self-service/login/browser | Initialize Login Flow for Browsers *V0alpha2Api* | [**InitializeSelfServiceLoginFlowWithoutBrowser**](docs/V0alpha2Api.md#initializeselfserviceloginflowwithoutbrowser) | **Get** /self-service/login/api | Initialize Login Flow for APIs, Services, Apps, ... -*V0alpha2Api* | [**InitializeSelfServiceRecoveryFlowForBrowsers**](docs/V0alpha2Api.md#initializeselfservicerecoveryflowforbrowsers) | **Get** /self-service/recovery/browser | # Initialize Recovery Flow for Browsers +*V0alpha2Api* | [**InitializeSelfServiceRecoveryFlowForBrowsers**](docs/V0alpha2Api.md#initializeselfservicerecoveryflowforbrowsers) | **Get** /self-service/recovery/browser | Initialize Recovery Flow for Browsers *V0alpha2Api* | [**InitializeSelfServiceRecoveryFlowWithoutBrowser**](docs/V0alpha2Api.md#initializeselfservicerecoveryflowwithoutbrowser) | **Get** /self-service/recovery/api | Initialize Recovery Flow for APIs, Services, Apps, ... -*V0alpha2Api* | [**InitializeSelfServiceRegistrationFlowForBrowsers**](docs/V0alpha2Api.md#initializeselfserviceregistrationflowforbrowsers) | **Get** /self-service/registration/browser | # Initialize Registration Flow for Browsers +*V0alpha2Api* | [**InitializeSelfServiceRegistrationFlowForBrowsers**](docs/V0alpha2Api.md#initializeselfserviceregistrationflowforbrowsers) | **Get** /self-service/registration/browser | Initialize Registration Flow for Browsers *V0alpha2Api* | [**InitializeSelfServiceRegistrationFlowWithoutBrowser**](docs/V0alpha2Api.md#initializeselfserviceregistrationflowwithoutbrowser) | **Get** /self-service/registration/api | Initialize Registration Flow for APIs, Services, Apps, ... -*V0alpha2Api* | [**InitializeSelfServiceSettingsFlowForBrowsers**](docs/V0alpha2Api.md#initializeselfservicesettingsflowforbrowsers) | **Get** /self-service/settings/browser | # Initialize Settings Flow for Browsers +*V0alpha2Api* | [**InitializeSelfServiceSettingsFlowForBrowsers**](docs/V0alpha2Api.md#initializeselfservicesettingsflowforbrowsers) | **Get** /self-service/settings/browser | Initialize Settings Flow for Browsers *V0alpha2Api* | [**InitializeSelfServiceSettingsFlowWithoutBrowser**](docs/V0alpha2Api.md#initializeselfservicesettingsflowwithoutbrowser) | **Get** /self-service/settings/api | Initialize Settings Flow for APIs, Services, Apps, ... -*V0alpha2Api* | [**InitializeSelfServiceVerificationFlowForBrowsers**](docs/V0alpha2Api.md#initializeselfserviceverificationflowforbrowsers) | **Get** /self-service/verification/browser | # Initialize Verification Flow for Browser Clients +*V0alpha2Api* | [**InitializeSelfServiceVerificationFlowForBrowsers**](docs/V0alpha2Api.md#initializeselfserviceverificationflowforbrowsers) | **Get** /self-service/verification/browser | Initialize Verification Flow for Browser Clients *V0alpha2Api* | [**InitializeSelfServiceVerificationFlowWithoutBrowser**](docs/V0alpha2Api.md#initializeselfserviceverificationflowwithoutbrowser) | **Get** /self-service/verification/api | Initialize Verification Flow for APIs, Services, Apps, ... *V0alpha2Api* | [**ListIdentitySchemas**](docs/V0alpha2Api.md#listidentityschemas) | **Get** /schemas | *V0alpha2Api* | [**ListSessions**](docs/V0alpha2Api.md#listsessions) | **Get** /sessions | This endpoints returns all other active sessions that belong to the logged-in user. The current session can be retrieved by calling the `/sessions/whoami` endpoint. *V0alpha2Api* | [**RevokeSession**](docs/V0alpha2Api.md#revokesession) | **Delete** /sessions/{id} | Calling this endpoint invalidates the specified session. The current session cannot be revoked. Session data are not deleted. *V0alpha2Api* | [**RevokeSessions**](docs/V0alpha2Api.md#revokesessions) | **Delete** /sessions | Calling this endpoint invalidates all except the current session that belong to the logged-in user. Session data are not deleted. -*V0alpha2Api* | [**SubmitSelfServiceLoginFlow**](docs/V0alpha2Api.md#submitselfserviceloginflow) | **Post** /self-service/login | # Submit a Login Flow -*V0alpha2Api* | [**SubmitSelfServiceLogoutFlow**](docs/V0alpha2Api.md#submitselfservicelogoutflow) | **Get** /self-service/logout | # Complete Self-Service Logout +*V0alpha2Api* | [**SubmitSelfServiceLoginFlow**](docs/V0alpha2Api.md#submitselfserviceloginflow) | **Post** /self-service/login | Submit a Login Flow +*V0alpha2Api* | [**SubmitSelfServiceLogoutFlow**](docs/V0alpha2Api.md#submitselfservicelogoutflow) | **Get** /self-service/logout | Complete Self-Service Logout *V0alpha2Api* | [**SubmitSelfServiceLogoutFlowWithoutBrowser**](docs/V0alpha2Api.md#submitselfservicelogoutflowwithoutbrowser) | **Delete** /self-service/logout/api | Perform Logout for APIs, Services, Apps, ... -*V0alpha2Api* | [**SubmitSelfServiceRecoveryFlow**](docs/V0alpha2Api.md#submitselfservicerecoveryflow) | **Post** /self-service/recovery | # Complete Recovery Flow -*V0alpha2Api* | [**SubmitSelfServiceRegistrationFlow**](docs/V0alpha2Api.md#submitselfserviceregistrationflow) | **Post** /self-service/registration | # Submit a Registration Flow -*V0alpha2Api* | [**SubmitSelfServiceSettingsFlow**](docs/V0alpha2Api.md#submitselfservicesettingsflow) | **Post** /self-service/settings | # Complete Settings Flow -*V0alpha2Api* | [**SubmitSelfServiceVerificationFlow**](docs/V0alpha2Api.md#submitselfserviceverificationflow) | **Post** /self-service/verification | # Complete Verification Flow -*V0alpha2Api* | [**ToSession**](docs/V0alpha2Api.md#tosession) | **Get** /sessions/whoami | # Check Who the Current HTTP Session Belongs To +*V0alpha2Api* | [**SubmitSelfServiceRecoveryFlow**](docs/V0alpha2Api.md#submitselfservicerecoveryflow) | **Post** /self-service/recovery | Complete Recovery Flow +*V0alpha2Api* | [**SubmitSelfServiceRegistrationFlow**](docs/V0alpha2Api.md#submitselfserviceregistrationflow) | **Post** /self-service/registration | Submit a Registration Flow +*V0alpha2Api* | [**SubmitSelfServiceSettingsFlow**](docs/V0alpha2Api.md#submitselfservicesettingsflow) | **Post** /self-service/settings | Complete Settings Flow +*V0alpha2Api* | [**SubmitSelfServiceVerificationFlow**](docs/V0alpha2Api.md#submitselfserviceverificationflow) | **Post** /self-service/verification | Complete Verification Flow +*V0alpha2Api* | [**ToSession**](docs/V0alpha2Api.md#tosession) | **Get** /sessions/whoami | Check Who the Current HTTP Session Belongs To ## Documentation For Models diff --git a/internal/httpclient/api/openapi.yaml b/internal/httpclient/api/openapi.yaml index 2f7e8e4ebe8a..c0d2097fc94b 100644 --- a/internal/httpclient/api/openapi.yaml +++ b/internal/httpclient/api/openapi.yaml @@ -34,7 +34,7 @@ paths: schema: $ref: '#/components/schemas/webAuthnJavaScript' description: webAuthnJavaScript - summary: '# Get WebAuthn JavaScript' + summary: Get WebAuthn JavaScript tags: - v0alpha2 /admin/identities: @@ -92,7 +92,7 @@ paths: description: jsonError security: - oryAccessToken: [] - summary: '# List Identities' + summary: List Identities tags: - v0alpha2 post: @@ -132,7 +132,7 @@ paths: description: jsonError security: - oryAccessToken: [] - summary: '# Create an Identity' + summary: Create an Identity tags: - v0alpha2 /admin/identities/{id}: @@ -171,7 +171,7 @@ paths: description: jsonError security: - oryAccessToken: [] - summary: '# Delete an Identity' + summary: Delete an Identity tags: - v0alpha2 get: @@ -222,7 +222,7 @@ paths: description: jsonError security: - oryAccessToken: [] - summary: '# Get an Identity' + summary: Get an Identity tags: - v0alpha2 patch: @@ -336,7 +336,7 @@ paths: description: jsonError security: - oryAccessToken: [] - summary: '# Update an Identity' + summary: Update an Identity tags: - v0alpha2 /admin/identities/{id}/sessions: @@ -518,7 +518,7 @@ paths: schema: $ref: '#/components/schemas/jsonError' description: jsonError - summary: '# Create a Recovery Link' + summary: Create a Recovery Link tags: - v0alpha2 /admin/sessions/{id}/extend: @@ -754,7 +754,7 @@ paths: schema: $ref: '#/components/schemas/jsonError' description: jsonError - summary: '# Get Self-Service Errors' + summary: Get Self-Service Errors tags: - v0alpha2 /self-service/login: @@ -871,7 +871,7 @@ paths: schema: $ref: '#/components/schemas/jsonError' description: jsonError - summary: '# Submit a Login Flow' + summary: Submit a Login Flow tags: - v0alpha2 /self-service/login/api: @@ -1015,6 +1015,18 @@ paths: schema: type: string style: form + - description: |- + HTTP Cookies + + When using the SDK in a browser app, on the server side you must include the HTTP Cookie Header + sent by the client to your server here. This ensures that CSRF and session cookies are respected. + explode: false + in: header + name: Cookie + required: false + schema: + type: string + style: simple responses: "200": content: @@ -1037,7 +1049,7 @@ paths: schema: $ref: '#/components/schemas/jsonError' description: jsonError - summary: '# Initialize Login Flow for Browsers' + summary: Initialize Login Flow for Browsers tags: - v0alpha2 /self-service/login/flows: @@ -1123,7 +1135,7 @@ paths: schema: $ref: '#/components/schemas/jsonError' description: jsonError - summary: '# Get Login Flow' + summary: Get Login Flow tags: - v0alpha2 /self-service/logout: @@ -1177,7 +1189,7 @@ paths: schema: $ref: '#/components/schemas/jsonError' description: jsonError - summary: '# Complete Self-Service Logout' + summary: Complete Self-Service Logout tags: - v0alpha2 /self-service/logout/api: @@ -1264,7 +1276,7 @@ paths: schema: $ref: '#/components/schemas/jsonError' description: jsonError - summary: '# Create a Logout URL for Browsers' + summary: Create a Logout URL for Browsers tags: - v0alpha2 /self-service/recovery: @@ -1364,7 +1376,7 @@ paths: schema: $ref: '#/components/schemas/jsonError' description: jsonError - summary: '# Complete Recovery Flow' + summary: Complete Recovery Flow tags: - v0alpha2 /self-service/recovery/api: @@ -1451,7 +1463,7 @@ paths: schema: $ref: '#/components/schemas/jsonError' description: jsonError - summary: '# Initialize Recovery Flow for Browsers' + summary: Initialize Recovery Flow for Browsers tags: - v0alpha2 /self-service/recovery/flows: @@ -1526,7 +1538,7 @@ paths: schema: $ref: '#/components/schemas/jsonError' description: jsonError - summary: '# Get Recovery Flow' + summary: Get Recovery Flow tags: - v0alpha2 /self-service/registration: @@ -1630,7 +1642,7 @@ paths: schema: $ref: '#/components/schemas/jsonError' description: jsonError - summary: '# Submit a Registration Flow' + summary: Submit a Registration Flow tags: - v0alpha2 /self-service/registration/api: @@ -1732,7 +1744,7 @@ paths: schema: $ref: '#/components/schemas/jsonError' description: jsonError - summary: '# Initialize Registration Flow for Browsers' + summary: Initialize Registration Flow for Browsers tags: - v0alpha2 /self-service/registration/flows: @@ -1818,7 +1830,7 @@ paths: schema: $ref: '#/components/schemas/jsonError' description: jsonError - summary: '# Get Registration Flow' + summary: Get Registration Flow tags: - v0alpha2 /self-service/settings: @@ -1959,7 +1971,7 @@ paths: description: jsonError security: - sessionToken: [] - summary: '# Complete Settings Flow' + summary: Complete Settings Flow tags: - v0alpha2 /self-service/settings/api: @@ -2058,6 +2070,18 @@ paths: schema: type: string style: form + - description: |- + HTTP Cookies + + When using the SDK in a browser app, on the server side you must include the HTTP Cookie Header + sent by the client to your server here. This ensures that CSRF and session cookies are respected. + explode: false + in: header + name: Cookie + required: false + schema: + type: string + style: simple responses: "200": content: @@ -2092,7 +2116,7 @@ paths: schema: $ref: '#/components/schemas/jsonError' description: jsonError - summary: '# Initialize Settings Flow for Browsers' + summary: Initialize Settings Flow for Browsers tags: - v0alpha2 /self-service/settings/flows: @@ -2192,7 +2216,7 @@ paths: schema: $ref: '#/components/schemas/jsonError' description: jsonError - summary: '# Get Settings Flow' + summary: Get Settings Flow tags: - v0alpha2 /self-service/verification: @@ -2292,7 +2316,7 @@ paths: schema: $ref: '#/components/schemas/jsonError' description: jsonError - summary: '# Complete Verification Flow' + summary: Complete Verification Flow tags: - v0alpha2 /self-service/verification/api: @@ -2369,7 +2393,7 @@ paths: schema: $ref: '#/components/schemas/jsonError' description: jsonError - summary: '# Initialize Verification Flow for Browser Clients' + summary: Initialize Verification Flow for Browser Clients tags: - v0alpha2 /self-service/verification/flows: @@ -2443,7 +2467,7 @@ paths: schema: $ref: '#/components/schemas/jsonError' description: jsonError - summary: '# Get Verification Flow' + summary: Get Verification Flow tags: - v0alpha2 /sessions: @@ -2712,7 +2736,7 @@ paths: schema: $ref: '#/components/schemas/jsonError' description: jsonError - summary: '# Check Who the Current HTTP Session Belongs To' + summary: Check Who the Current HTTP Session Belongs To tags: - v0alpha2 /sessions/{id}: diff --git a/internal/httpclient/api_metadata.go b/internal/httpclient/api_metadata.go index a63febb073aa..eec994165b53 100644 --- a/internal/httpclient/api_metadata.go +++ b/internal/httpclient/api_metadata.go @@ -102,16 +102,16 @@ func (r MetadataApiApiGetVersionRequest) Execute() (*InlineResponse2001, *http.R } /* - * GetVersion Return Running Software Version. - * This endpoint returns the version of Ory Kratos. + - GetVersion Return Running Software Version. + - This endpoint returns the version of Ory Kratos. If the service supports TLS Edge Termination, this endpoint does not require the `X-Forwarded-Proto` header to be set. Be aware that if you are running multiple nodes of this service, the version will never refer to the cluster state, only to a single instance. - * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - * @return MetadataApiApiGetVersionRequest + - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + - @return MetadataApiApiGetVersionRequest */ func (a *MetadataApiService) GetVersion(ctx context.Context) MetadataApiApiGetVersionRequest { return MetadataApiApiGetVersionRequest{ @@ -209,8 +209,9 @@ func (r MetadataApiApiIsAliveRequest) Execute() (*InlineResponse200, *http.Respo } /* - * IsAlive Check HTTP Server Status - * This endpoint returns a HTTP 200 status code when Ory Kratos is accepting incoming + - IsAlive Check HTTP Server Status + - This endpoint returns a HTTP 200 status code when Ory Kratos is accepting incoming + HTTP requests. This status does currently not include checks whether the database connection is working. If the service supports TLS Edge Termination, this endpoint does not require the @@ -218,8 +219,8 @@ If the service supports TLS Edge Termination, this endpoint does not require the Be aware that if you are running multiple nodes of this service, the health status will never refer to the cluster state, only to a single instance. - * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - * @return MetadataApiApiIsAliveRequest + - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + - @return MetadataApiApiIsAliveRequest */ func (a *MetadataApiService) IsAlive(ctx context.Context) MetadataApiApiIsAliveRequest { return MetadataApiApiIsAliveRequest{ @@ -326,8 +327,9 @@ func (r MetadataApiApiIsReadyRequest) Execute() (*InlineResponse200, *http.Respo } /* - * IsReady Check HTTP Server and Database Status - * This endpoint returns a HTTP 200 status code when Ory Kratos is up running and the environment dependencies (e.g. + - IsReady Check HTTP Server and Database Status + - This endpoint returns a HTTP 200 status code when Ory Kratos is up running and the environment dependencies (e.g. + the database) are responsive as well. If the service supports TLS Edge Termination, this endpoint does not require the @@ -335,8 +337,8 @@ If the service supports TLS Edge Termination, this endpoint does not require the Be aware that if you are running multiple nodes of Ory Kratos, the health status will never refer to the cluster state, only to a single instance. - * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - * @return MetadataApiApiIsReadyRequest + - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + - @return MetadataApiApiIsReadyRequest */ func (a *MetadataApiService) IsReady(ctx context.Context) MetadataApiApiIsReadyRequest { return MetadataApiApiIsReadyRequest{ diff --git a/internal/httpclient/api_v0alpha2.go b/internal/httpclient/api_v0alpha2.go index 0dbb947a95a6..3136bc16a966 100644 --- a/internal/httpclient/api_v0alpha2.go +++ b/internal/httpclient/api_v0alpha2.go @@ -29,7 +29,7 @@ var ( type V0alpha2Api interface { /* - * AdminCreateIdentity # Create an Identity + * AdminCreateIdentity Create an Identity * This endpoint creates an identity. Learn how identities work in [Ory Kratos' User And Identity Model Documentation](https://www.ory.sh/docs/next/kratos/concepts/identity-user-model). * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). * @return V0alpha2ApiApiAdminCreateIdentityRequest @@ -43,7 +43,7 @@ type V0alpha2Api interface { AdminCreateIdentityExecute(r V0alpha2ApiApiAdminCreateIdentityRequest) (*Identity, *http.Response, error) /* - * AdminCreateSelfServiceRecoveryLink # Create a Recovery Link + * AdminCreateSelfServiceRecoveryLink Create a Recovery Link * This endpoint creates a recovery link which should be given to the user in order for them to recover (or activate) their account. * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). @@ -58,7 +58,7 @@ type V0alpha2Api interface { AdminCreateSelfServiceRecoveryLinkExecute(r V0alpha2ApiApiAdminCreateSelfServiceRecoveryLinkRequest) (*SelfServiceRecoveryLink, *http.Response, error) /* - * AdminDeleteIdentity # Delete an Identity + * AdminDeleteIdentity Delete an Identity * Calling this endpoint irrecoverably and permanently deletes the identity given its ID. This action can not be undone. This endpoint returns 204 when the identity was deleted or when the identity was not found, in which case it is assumed that is has been deleted already. @@ -107,7 +107,7 @@ type V0alpha2Api interface { AdminExtendSessionExecute(r V0alpha2ApiApiAdminExtendSessionRequest) (*Session, *http.Response, error) /* - * AdminGetIdentity # Get an Identity + * AdminGetIdentity Get an Identity * Learn how identities work in [Ory Kratos' User And Identity Model Documentation](https://www.ory.sh/docs/next/kratos/concepts/identity-user-model). * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). * @param id ID must be set to the ID of identity you want to get @@ -122,7 +122,7 @@ type V0alpha2Api interface { AdminGetIdentityExecute(r V0alpha2ApiApiAdminGetIdentityRequest) (*Identity, *http.Response, error) /* - * AdminListIdentities # List Identities + * AdminListIdentities List Identities * Lists all identities. Does not support search at the moment. Learn how identities work in [Ory Kratos' User And Identity Model Documentation](https://www.ory.sh/docs/next/kratos/concepts/identity-user-model). @@ -172,7 +172,7 @@ type V0alpha2Api interface { AdminPatchIdentityExecute(r V0alpha2ApiApiAdminPatchIdentityRequest) (*Identity, *http.Response, error) /* - * AdminUpdateIdentity # Update an Identity + * AdminUpdateIdentity Update an Identity * This endpoint updates an identity. The full identity payload (except credentials) is expected. This endpoint does not support patching. Learn how identities work in [Ory Kratos' User And Identity Model Documentation](https://www.ory.sh/docs/next/kratos/concepts/identity-user-model). @@ -189,7 +189,7 @@ type V0alpha2Api interface { AdminUpdateIdentityExecute(r V0alpha2ApiApiAdminUpdateIdentityRequest) (*Identity, *http.Response, error) /* - * CreateSelfServiceLogoutFlowUrlForBrowsers # Create a Logout URL for Browsers + * CreateSelfServiceLogoutFlowUrlForBrowsers Create a Logout URL for Browsers * This endpoint initializes a browser-based user logout flow and a URL which can be used to log out the user. This endpoint is NOT INTENDED for API clients and only works @@ -227,7 +227,7 @@ type V0alpha2Api interface { GetIdentitySchemaExecute(r V0alpha2ApiApiGetIdentitySchemaRequest) (map[string]interface{}, *http.Response, error) /* - * GetSelfServiceError # Get Self-Service Errors + * GetSelfServiceError Get Self-Service Errors * This endpoint returns the error associated with a user-facing self service errors. This endpoint supports stub values to help you implement the error UI: @@ -247,7 +247,7 @@ type V0alpha2Api interface { GetSelfServiceErrorExecute(r V0alpha2ApiApiGetSelfServiceErrorRequest) (*SelfServiceError, *http.Response, error) /* - * GetSelfServiceLoginFlow # Get Login Flow + * GetSelfServiceLoginFlow Get Login Flow * This endpoint returns a login flow's context with, for example, error details and other information. Browser flows expect the anti-CSRF cookie to be included in the request's HTTP Cookie Header. @@ -283,7 +283,7 @@ type V0alpha2Api interface { GetSelfServiceLoginFlowExecute(r V0alpha2ApiApiGetSelfServiceLoginFlowRequest) (*SelfServiceLoginFlow, *http.Response, error) /* - * GetSelfServiceRecoveryFlow # Get Recovery Flow + * GetSelfServiceRecoveryFlow Get Recovery Flow * This endpoint returns a recovery flow's context with, for example, error details and other information. Browser flows expect the anti-CSRF cookie to be included in the request's HTTP Cookie Header. @@ -314,7 +314,7 @@ type V0alpha2Api interface { GetSelfServiceRecoveryFlowExecute(r V0alpha2ApiApiGetSelfServiceRecoveryFlowRequest) (*SelfServiceRecoveryFlow, *http.Response, error) /* - * GetSelfServiceRegistrationFlow # Get Registration Flow + * GetSelfServiceRegistrationFlow Get Registration Flow * This endpoint returns a registration flow's context with, for example, error details and other information. Browser flows expect the anti-CSRF cookie to be included in the request's HTTP Cookie Header. @@ -350,7 +350,7 @@ type V0alpha2Api interface { GetSelfServiceRegistrationFlowExecute(r V0alpha2ApiApiGetSelfServiceRegistrationFlowRequest) (*SelfServiceRegistrationFlow, *http.Response, error) /* - * GetSelfServiceSettingsFlow # Get Settings Flow + * GetSelfServiceSettingsFlow Get Settings Flow * When accessing this endpoint through Ory Kratos' Public API you must ensure that either the Ory Kratos Session Cookie or the Ory Kratos Session Token are set. @@ -382,7 +382,7 @@ type V0alpha2Api interface { GetSelfServiceSettingsFlowExecute(r V0alpha2ApiApiGetSelfServiceSettingsFlowRequest) (*SelfServiceSettingsFlow, *http.Response, error) /* - * GetSelfServiceVerificationFlow # Get Verification Flow + * GetSelfServiceVerificationFlow Get Verification Flow * This endpoint returns a verification flow's context with, for example, error details and other information. Browser flows expect the anti-CSRF cookie to be included in the request's HTTP Cookie Header. @@ -412,7 +412,7 @@ type V0alpha2Api interface { GetSelfServiceVerificationFlowExecute(r V0alpha2ApiApiGetSelfServiceVerificationFlowRequest) (*SelfServiceVerificationFlow, *http.Response, error) /* - * GetWebAuthnJavaScript # Get WebAuthn JavaScript + * GetWebAuthnJavaScript Get WebAuthn JavaScript * This endpoint provides JavaScript which is needed in order to perform WebAuthn login and registration. If you are building a JavaScript Browser App (e.g. in ReactJS or AngularJS) you will need to load this file: @@ -434,7 +434,7 @@ type V0alpha2Api interface { GetWebAuthnJavaScriptExecute(r V0alpha2ApiApiGetWebAuthnJavaScriptRequest) (string, *http.Response, error) /* - * InitializeSelfServiceLoginFlowForBrowsers # Initialize Login Flow for Browsers + * InitializeSelfServiceLoginFlowForBrowsers Initialize Login Flow for Browsers * This endpoint initializes a browser-based user login flow. This endpoint will set the appropriate cookies and anti-CSRF measures required for browser-based flows. @@ -499,7 +499,7 @@ type V0alpha2Api interface { InitializeSelfServiceLoginFlowWithoutBrowserExecute(r V0alpha2ApiApiInitializeSelfServiceLoginFlowWithoutBrowserRequest) (*SelfServiceLoginFlow, *http.Response, error) /* - * InitializeSelfServiceRecoveryFlowForBrowsers # Initialize Recovery Flow for Browsers + * InitializeSelfServiceRecoveryFlowForBrowsers Initialize Recovery Flow for Browsers * This endpoint initializes a browser-based account recovery flow. Once initialized, the browser will be redirected to `selfservice.flows.recovery.ui_url` with the flow ID set as the query parameter `?flow=`. If a valid user session exists, the browser is returned to the configured return URL. @@ -548,7 +548,7 @@ type V0alpha2Api interface { InitializeSelfServiceRecoveryFlowWithoutBrowserExecute(r V0alpha2ApiApiInitializeSelfServiceRecoveryFlowWithoutBrowserRequest) (*SelfServiceRecoveryFlow, *http.Response, error) /* - * InitializeSelfServiceRegistrationFlowForBrowsers # Initialize Registration Flow for Browsers + * InitializeSelfServiceRegistrationFlowForBrowsers Initialize Registration Flow for Browsers * This endpoint initializes a browser-based user registration flow. This endpoint will set the appropriate cookies and anti-CSRF measures required for browser-based flows. @@ -618,7 +618,7 @@ type V0alpha2Api interface { InitializeSelfServiceRegistrationFlowWithoutBrowserExecute(r V0alpha2ApiApiInitializeSelfServiceRegistrationFlowWithoutBrowserRequest) (*SelfServiceRegistrationFlow, *http.Response, error) /* - * InitializeSelfServiceSettingsFlowForBrowsers # Initialize Settings Flow for Browsers + * InitializeSelfServiceSettingsFlowForBrowsers Initialize Settings Flow for Browsers * This endpoint initializes a browser-based user settings flow. Once initialized, the browser will be redirected to `selfservice.flows.settings.ui_url` with the flow ID set as the query parameter `?flow=`. If no valid Ory Kratos Session Cookie is included in the request, a login flow will be initialized. @@ -692,7 +692,7 @@ type V0alpha2Api interface { InitializeSelfServiceSettingsFlowWithoutBrowserExecute(r V0alpha2ApiApiInitializeSelfServiceSettingsFlowWithoutBrowserRequest) (*SelfServiceSettingsFlow, *http.Response, error) /* - * InitializeSelfServiceVerificationFlowForBrowsers # Initialize Verification Flow for Browser Clients + * InitializeSelfServiceVerificationFlowForBrowsers Initialize Verification Flow for Browser Clients * This endpoint initializes a browser-based account verification flow. Once initialized, the browser will be redirected to `selfservice.flows.verification.ui_url` with the flow ID set as the query parameter `?flow=`. @@ -799,7 +799,7 @@ type V0alpha2Api interface { RevokeSessionsExecute(r V0alpha2ApiApiRevokeSessionsRequest) (*RevokedSessions, *http.Response, error) /* - * SubmitSelfServiceLoginFlow # Submit a Login Flow + * SubmitSelfServiceLoginFlow Submit a Login Flow * :::info This endpoint is EXPERIMENTAL and subject to potential breaking changes in the future. @@ -845,7 +845,7 @@ type V0alpha2Api interface { SubmitSelfServiceLoginFlowExecute(r V0alpha2ApiApiSubmitSelfServiceLoginFlowRequest) (*SuccessfulSelfServiceLoginWithoutBrowser, *http.Response, error) /* - * SubmitSelfServiceLogoutFlow # Complete Self-Service Logout + * SubmitSelfServiceLogoutFlow Complete Self-Service Logout * This endpoint logs out an identity in a self-service manner. If the `Accept` HTTP header is not set to `application/json`, the browser will be redirected (HTTP 303 See Other) @@ -890,7 +890,7 @@ type V0alpha2Api interface { SubmitSelfServiceLogoutFlowWithoutBrowserExecute(r V0alpha2ApiApiSubmitSelfServiceLogoutFlowWithoutBrowserRequest) (*http.Response, error) /* - * SubmitSelfServiceRecoveryFlow # Complete Recovery Flow + * SubmitSelfServiceRecoveryFlow Complete Recovery Flow * Use this endpoint to complete a recovery flow. This endpoint behaves differently for API and browser flows and has several states: @@ -919,7 +919,7 @@ type V0alpha2Api interface { SubmitSelfServiceRecoveryFlowExecute(r V0alpha2ApiApiSubmitSelfServiceRecoveryFlowRequest) (*SelfServiceRecoveryFlow, *http.Response, error) /* - * SubmitSelfServiceRegistrationFlow # Submit a Registration Flow + * SubmitSelfServiceRegistrationFlow Submit a Registration Flow * Use this endpoint to complete a registration flow by sending an identity's traits and password. This endpoint behaves differently for API and browser flows. @@ -960,7 +960,7 @@ type V0alpha2Api interface { SubmitSelfServiceRegistrationFlowExecute(r V0alpha2ApiApiSubmitSelfServiceRegistrationFlowRequest) (*SuccessfulSelfServiceRegistrationWithoutBrowser, *http.Response, error) /* - * SubmitSelfServiceSettingsFlow # Complete Settings Flow + * SubmitSelfServiceSettingsFlow Complete Settings Flow * Use this endpoint to complete a settings flow by sending an identity's updated password. This endpoint behaves differently for API and browser flows. @@ -1016,7 +1016,7 @@ type V0alpha2Api interface { SubmitSelfServiceSettingsFlowExecute(r V0alpha2ApiApiSubmitSelfServiceSettingsFlowRequest) (*SelfServiceSettingsFlow, *http.Response, error) /* - * SubmitSelfServiceVerificationFlow # Complete Verification Flow + * SubmitSelfServiceVerificationFlow Complete Verification Flow * Use this endpoint to complete a verification flow. This endpoint behaves differently for API and browser flows and has several states: @@ -1045,7 +1045,7 @@ type V0alpha2Api interface { SubmitSelfServiceVerificationFlowExecute(r V0alpha2ApiApiSubmitSelfServiceVerificationFlowRequest) (*SelfServiceVerificationFlow, *http.Response, error) /* - * ToSession # Check Who the Current HTTP Session Belongs To + * ToSession Check Who the Current HTTP Session Belongs To * Uses the HTTP Headers in the GET request to determine (e.g. by using checking the cookies) who is authenticated. Returns a session object in the body or 401 if the credentials are invalid or no credentials were sent. Additionally when the request it successful it adds the user ID to the 'X-Kratos-Authenticated-Identity-Id' header @@ -1126,7 +1126,7 @@ func (r V0alpha2ApiApiAdminCreateIdentityRequest) Execute() (*Identity, *http.Re } /* - * AdminCreateIdentity # Create an Identity + * AdminCreateIdentity Create an Identity * This endpoint creates an identity. Learn how identities work in [Ory Kratos' User And Identity Model Documentation](https://www.ory.sh/docs/next/kratos/concepts/identity-user-model). * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). * @return V0alpha2ApiApiAdminCreateIdentityRequest @@ -1278,11 +1278,12 @@ func (r V0alpha2ApiApiAdminCreateSelfServiceRecoveryLinkRequest) Execute() (*Sel } /* - * AdminCreateSelfServiceRecoveryLink # Create a Recovery Link - * This endpoint creates a recovery link which should be given to the user in order for them to recover + - AdminCreateSelfServiceRecoveryLink Create a Recovery Link + - This endpoint creates a recovery link which should be given to the user in order for them to recover + (or activate) their account. - * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - * @return V0alpha2ApiApiAdminCreateSelfServiceRecoveryLinkRequest + - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + - @return V0alpha2ApiApiAdminCreateSelfServiceRecoveryLinkRequest */ func (a *V0alpha2ApiService) AdminCreateSelfServiceRecoveryLink(ctx context.Context) V0alpha2ApiApiAdminCreateSelfServiceRecoveryLinkRequest { return V0alpha2ApiApiAdminCreateSelfServiceRecoveryLinkRequest{ @@ -1412,15 +1413,16 @@ func (r V0alpha2ApiApiAdminDeleteIdentityRequest) Execute() (*http.Response, err } /* - * AdminDeleteIdentity # Delete an Identity - * Calling this endpoint irrecoverably and permanently deletes the identity given its ID. This action can not be undone. + - AdminDeleteIdentity Delete an Identity + - Calling this endpoint irrecoverably and permanently deletes the identity given its ID. This action can not be undone. + This endpoint returns 204 when the identity was deleted or when the identity was not found, in which case it is assumed that is has been deleted already. Learn how identities work in [Ory Kratos' User And Identity Model Documentation](https://www.ory.sh/docs/next/kratos/concepts/identity-user-model). - * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - * @param id ID is the identity's ID. - * @return V0alpha2ApiApiAdminDeleteIdentityRequest + - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + - @param id ID is the identity's ID. + - @return V0alpha2ApiApiAdminDeleteIdentityRequest */ func (a *V0alpha2ApiService) AdminDeleteIdentity(ctx context.Context, id string) V0alpha2ApiApiAdminDeleteIdentityRequest { return V0alpha2ApiApiAdminDeleteIdentityRequest{ @@ -1543,13 +1545,13 @@ func (r V0alpha2ApiApiAdminDeleteIdentitySessionsRequest) Execute() (*http.Respo } /* - * AdminDeleteIdentitySessions Calling this endpoint irrecoverably and permanently deletes and invalidates all sessions that belong to the given Identity. - * This endpoint is useful for: + - AdminDeleteIdentitySessions Calling this endpoint irrecoverably and permanently deletes and invalidates all sessions that belong to the given Identity. + - This endpoint is useful for: To forcefully logout Identity from all devices and sessions - * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - * @param id ID is the identity's ID. - * @return V0alpha2ApiApiAdminDeleteIdentitySessionsRequest + - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + - @param id ID is the identity's ID. + - @return V0alpha2ApiApiAdminDeleteIdentitySessionsRequest */ func (a *V0alpha2ApiService) AdminDeleteIdentitySessions(ctx context.Context, id string) V0alpha2ApiApiAdminDeleteIdentitySessionsRequest { return V0alpha2ApiApiAdminDeleteIdentitySessionsRequest{ @@ -1846,7 +1848,7 @@ func (r V0alpha2ApiApiAdminGetIdentityRequest) Execute() (*Identity, *http.Respo } /* - * AdminGetIdentity # Get an Identity + * AdminGetIdentity Get an Identity * Learn how identities work in [Ory Kratos' User And Identity Model Documentation](https://www.ory.sh/docs/next/kratos/concepts/identity-user-model). * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). * @param id ID must be set to the ID of identity you want to get @@ -2005,12 +2007,12 @@ func (r V0alpha2ApiApiAdminListIdentitiesRequest) Execute() ([]Identity, *http.R } /* - * AdminListIdentities # List Identities - * Lists all identities. Does not support search at the moment. + - AdminListIdentities List Identities + - Lists all identities. Does not support search at the moment. Learn how identities work in [Ory Kratos' User And Identity Model Documentation](https://www.ory.sh/docs/next/kratos/concepts/identity-user-model). - * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - * @return V0alpha2ApiApiAdminListIdentitiesRequest + - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + - @return V0alpha2ApiApiAdminListIdentitiesRequest */ func (a *V0alpha2ApiService) AdminListIdentities(ctx context.Context) V0alpha2ApiApiAdminListIdentitiesRequest { return V0alpha2ApiApiAdminListIdentitiesRequest{ @@ -2154,13 +2156,13 @@ func (r V0alpha2ApiApiAdminListIdentitySessionsRequest) Execute() ([]Session, *h } /* - * AdminListIdentitySessions This endpoint returns all sessions that belong to the given Identity. - * This endpoint is useful for: + - AdminListIdentitySessions This endpoint returns all sessions that belong to the given Identity. + - This endpoint is useful for: Listing all sessions that belong to an Identity in an administrative context. - * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - * @param id ID is the identity's ID. - * @return V0alpha2ApiApiAdminListIdentitySessionsRequest + - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + - @param id ID is the identity's ID. + - @return V0alpha2ApiApiAdminListIdentitySessionsRequest */ func (a *V0alpha2ApiService) AdminListIdentitySessions(ctx context.Context, id string) V0alpha2ApiApiAdminListIdentitySessionsRequest { return V0alpha2ApiApiAdminListIdentitySessionsRequest{ @@ -2329,13 +2331,13 @@ func (r V0alpha2ApiApiAdminPatchIdentityRequest) Execute() (*Identity, *http.Res } /* - * AdminPatchIdentity Partially updates an Identity's field using [JSON Patch](https://jsonpatch.com/) - * NOTE: The fields `id`, `stateChangedAt` and `credentials` are not updateable. + - AdminPatchIdentity Partially updates an Identity's field using [JSON Patch](https://jsonpatch.com/) + - NOTE: The fields `id`, `stateChangedAt` and `credentials` are not updateable. Learn how identities work in [Ory Kratos' User And Identity Model Documentation](https://www.ory.sh/docs/next/kratos/concepts/identity-user-model). - * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - * @param id ID must be set to the ID of identity you want to update - * @return V0alpha2ApiApiAdminPatchIdentityRequest + - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + - @param id ID must be set to the ID of identity you want to update + - @return V0alpha2ApiApiAdminPatchIdentityRequest */ func (a *V0alpha2ApiService) AdminPatchIdentity(ctx context.Context, id string) V0alpha2ApiApiAdminPatchIdentityRequest { return V0alpha2ApiApiAdminPatchIdentityRequest{ @@ -2497,13 +2499,13 @@ func (r V0alpha2ApiApiAdminUpdateIdentityRequest) Execute() (*Identity, *http.Re } /* - * AdminUpdateIdentity # Update an Identity - * This endpoint updates an identity. The full identity payload (except credentials) is expected. This endpoint does not support patching. + - AdminUpdateIdentity Update an Identity + - This endpoint updates an identity. The full identity payload (except credentials) is expected. This endpoint does not support patching. Learn how identities work in [Ory Kratos' User And Identity Model Documentation](https://www.ory.sh/docs/next/kratos/concepts/identity-user-model). - * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - * @param id ID must be set to the ID of identity you want to update - * @return V0alpha2ApiApiAdminUpdateIdentityRequest + - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + - @param id ID must be set to the ID of identity you want to update + - @return V0alpha2ApiApiAdminUpdateIdentityRequest */ func (a *V0alpha2ApiService) AdminUpdateIdentity(ctx context.Context, id string) V0alpha2ApiApiAdminUpdateIdentityRequest { return V0alpha2ApiApiAdminUpdateIdentityRequest{ @@ -2664,8 +2666,8 @@ func (r V0alpha2ApiApiCreateSelfServiceLogoutFlowUrlForBrowsersRequest) Execute( } /* - * CreateSelfServiceLogoutFlowUrlForBrowsers # Create a Logout URL for Browsers - * This endpoint initializes a browser-based user logout flow and a URL which can be used to log out the user. + - CreateSelfServiceLogoutFlowUrlForBrowsers Create a Logout URL for Browsers + - This endpoint initializes a browser-based user logout flow and a URL which can be used to log out the user. This endpoint is NOT INTENDED for API clients and only works with browsers (Chrome, Firefox, ...). For API clients you can @@ -2675,8 +2677,8 @@ The URL is only valid for the currently signed in user. If no user is signed in, a 401 error. When calling this endpoint from a backend, please ensure to properly forward the HTTP cookies. - * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - * @return V0alpha2ApiApiCreateSelfServiceLogoutFlowUrlForBrowsersRequest + - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + - @return V0alpha2ApiApiCreateSelfServiceLogoutFlowUrlForBrowsersRequest */ func (a *V0alpha2ApiService) CreateSelfServiceLogoutFlowUrlForBrowsers(ctx context.Context) V0alpha2ApiApiCreateSelfServiceLogoutFlowUrlForBrowsersRequest { return V0alpha2ApiApiCreateSelfServiceLogoutFlowUrlForBrowsersRequest{ @@ -2926,16 +2928,16 @@ func (r V0alpha2ApiApiGetSelfServiceErrorRequest) Execute() (*SelfServiceError, } /* - * GetSelfServiceError # Get Self-Service Errors - * This endpoint returns the error associated with a user-facing self service errors. + - GetSelfServiceError Get Self-Service Errors + - This endpoint returns the error associated with a user-facing self service errors. This endpoint supports stub values to help you implement the error UI: `?id=stub:500` - returns a stub 500 (Internal Server Error) error. More information can be found at [Ory Kratos User User Facing Error Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-facing-errors). - * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - * @return V0alpha2ApiApiGetSelfServiceErrorRequest + - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + - @return V0alpha2ApiApiGetSelfServiceErrorRequest */ func (a *V0alpha2ApiService) GetSelfServiceError(ctx context.Context) V0alpha2ApiApiGetSelfServiceErrorRequest { return V0alpha2ApiApiGetSelfServiceErrorRequest{ @@ -3077,8 +3079,8 @@ func (r V0alpha2ApiApiGetSelfServiceLoginFlowRequest) Execute() (*SelfServiceLog } /* - * GetSelfServiceLoginFlow # Get Login Flow - * This endpoint returns a login flow's context with, for example, error details and other information. + - GetSelfServiceLoginFlow Get Login Flow + - This endpoint returns a login flow's context with, for example, error details and other information. Browser flows expect the anti-CSRF cookie to be included in the request's HTTP Cookie Header. For AJAX requests you must ensure that cookies are included in the request or requests will fail. @@ -3101,8 +3103,8 @@ This request may fail due to several reasons. The `error.id` can be one of: `self_service_flow_expired`: The flow is expired and you should request a new one. More information can be found at [Ory Kratos User Login](https://www.ory.sh/docs/kratos/self-service/flows/user-login) and [User Registration Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-registration). - * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - * @return V0alpha2ApiApiGetSelfServiceLoginFlowRequest + - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + - @return V0alpha2ApiApiGetSelfServiceLoginFlowRequest */ func (a *V0alpha2ApiService) GetSelfServiceLoginFlow(ctx context.Context) V0alpha2ApiApiGetSelfServiceLoginFlowRequest { return V0alpha2ApiApiGetSelfServiceLoginFlowRequest{ @@ -3257,8 +3259,8 @@ func (r V0alpha2ApiApiGetSelfServiceRecoveryFlowRequest) Execute() (*SelfService } /* - * GetSelfServiceRecoveryFlow # Get Recovery Flow - * This endpoint returns a recovery flow's context with, for example, error details and other information. + - GetSelfServiceRecoveryFlow Get Recovery Flow + - This endpoint returns a recovery flow's context with, for example, error details and other information. Browser flows expect the anti-CSRF cookie to be included in the request's HTTP Cookie Header. For AJAX requests you must ensure that cookies are included in the request or requests will fail. @@ -3276,8 +3278,8 @@ res.render('recovery', flow) ``` More information can be found at [Ory Kratos Account Recovery Documentation](../self-service/flows/account-recovery). - * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - * @return V0alpha2ApiApiGetSelfServiceRecoveryFlowRequest + - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + - @return V0alpha2ApiApiGetSelfServiceRecoveryFlowRequest */ func (a *V0alpha2ApiService) GetSelfServiceRecoveryFlow(ctx context.Context) V0alpha2ApiApiGetSelfServiceRecoveryFlowRequest { return V0alpha2ApiApiGetSelfServiceRecoveryFlowRequest{ @@ -3422,8 +3424,8 @@ func (r V0alpha2ApiApiGetSelfServiceRegistrationFlowRequest) Execute() (*SelfSer } /* - * GetSelfServiceRegistrationFlow # Get Registration Flow - * This endpoint returns a registration flow's context with, for example, error details and other information. + - GetSelfServiceRegistrationFlow Get Registration Flow + - This endpoint returns a registration flow's context with, for example, error details and other information. Browser flows expect the anti-CSRF cookie to be included in the request's HTTP Cookie Header. For AJAX requests you must ensure that cookies are included in the request or requests will fail. @@ -3446,8 +3448,8 @@ This request may fail due to several reasons. The `error.id` can be one of: `self_service_flow_expired`: The flow is expired and you should request a new one. More information can be found at [Ory Kratos User Login](https://www.ory.sh/docs/kratos/self-service/flows/user-login) and [User Registration Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-registration). - * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - * @return V0alpha2ApiApiGetSelfServiceRegistrationFlowRequest + - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + - @return V0alpha2ApiApiGetSelfServiceRegistrationFlowRequest */ func (a *V0alpha2ApiService) GetSelfServiceRegistrationFlow(ctx context.Context) V0alpha2ApiApiGetSelfServiceRegistrationFlowRequest { return V0alpha2ApiApiGetSelfServiceRegistrationFlowRequest{ @@ -3607,8 +3609,9 @@ func (r V0alpha2ApiApiGetSelfServiceSettingsFlowRequest) Execute() (*SelfService } /* - * GetSelfServiceSettingsFlow # Get Settings Flow - * When accessing this endpoint through Ory Kratos' Public API you must ensure that either the Ory Kratos Session Cookie + - GetSelfServiceSettingsFlow Get Settings Flow + - When accessing this endpoint through Ory Kratos' Public API you must ensure that either the Ory Kratos Session Cookie + or the Ory Kratos Session Token are set. Depending on your configuration this endpoint might return a 403 error if the session has a lower Authenticator @@ -3627,8 +3630,8 @@ case of an error, the `error.id` of the JSON response body can be one of: identity logged in instead. More information can be found at [Ory Kratos User Settings & Profile Management Documentation](../self-service/flows/user-settings). - * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - * @return V0alpha2ApiApiGetSelfServiceSettingsFlowRequest + - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + - @return V0alpha2ApiApiGetSelfServiceSettingsFlowRequest */ func (a *V0alpha2ApiService) GetSelfServiceSettingsFlow(ctx context.Context) V0alpha2ApiApiGetSelfServiceSettingsFlowRequest { return V0alpha2ApiApiGetSelfServiceSettingsFlowRequest{ @@ -3796,8 +3799,8 @@ func (r V0alpha2ApiApiGetSelfServiceVerificationFlowRequest) Execute() (*SelfSer } /* - * GetSelfServiceVerificationFlow # Get Verification Flow - * This endpoint returns a verification flow's context with, for example, error details and other information. + - GetSelfServiceVerificationFlow Get Verification Flow + - This endpoint returns a verification flow's context with, for example, error details and other information. Browser flows expect the anti-CSRF cookie to be included in the request's HTTP Cookie Header. For AJAX requests you must ensure that cookies are included in the request or requests will fail. @@ -3814,8 +3817,8 @@ res.render('verification', flow) }) More information can be found at [Ory Kratos Email and Phone Verification Documentation](https://www.ory.sh/docs/kratos/selfservice/flows/verify-email-account-activation). - * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - * @return V0alpha2ApiApiGetSelfServiceVerificationFlowRequest + - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + - @return V0alpha2ApiApiGetSelfServiceVerificationFlowRequest */ func (a *V0alpha2ApiService) GetSelfServiceVerificationFlow(ctx context.Context) V0alpha2ApiApiGetSelfServiceVerificationFlowRequest { return V0alpha2ApiApiGetSelfServiceVerificationFlowRequest{ @@ -3949,8 +3952,8 @@ func (r V0alpha2ApiApiGetWebAuthnJavaScriptRequest) Execute() (string, *http.Res } /* - * GetWebAuthnJavaScript # Get WebAuthn JavaScript - * This endpoint provides JavaScript which is needed in order to perform WebAuthn login and registration. + - GetWebAuthnJavaScript Get WebAuthn JavaScript + - This endpoint provides JavaScript which is needed in order to perform WebAuthn login and registration. If you are building a JavaScript Browser App (e.g. in ReactJS or AngularJS) you will need to load this file: @@ -3959,8 +3962,8 @@ If you are building a JavaScript Browser App (e.g. in ReactJS or AngularJS) you ``` More information can be found at [Ory Kratos User Login](https://www.ory.sh/docs/kratos/self-service/flows/user-login) and [User Registration Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-registration). - * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - * @return V0alpha2ApiApiGetWebAuthnJavaScriptRequest + - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + - @return V0alpha2ApiApiGetWebAuthnJavaScriptRequest */ func (a *V0alpha2ApiService) GetWebAuthnJavaScript(ctx context.Context) V0alpha2ApiApiGetWebAuthnJavaScriptRequest { return V0alpha2ApiApiGetWebAuthnJavaScriptRequest{ @@ -4054,6 +4057,7 @@ type V0alpha2ApiApiInitializeSelfServiceLoginFlowForBrowsersRequest struct { refresh *bool aal *string returnTo *string + cookie *string } func (r V0alpha2ApiApiInitializeSelfServiceLoginFlowForBrowsersRequest) Refresh(refresh bool) V0alpha2ApiApiInitializeSelfServiceLoginFlowForBrowsersRequest { @@ -4068,14 +4072,19 @@ func (r V0alpha2ApiApiInitializeSelfServiceLoginFlowForBrowsersRequest) ReturnTo r.returnTo = &returnTo return r } +func (r V0alpha2ApiApiInitializeSelfServiceLoginFlowForBrowsersRequest) Cookie(cookie string) V0alpha2ApiApiInitializeSelfServiceLoginFlowForBrowsersRequest { + r.cookie = &cookie + return r +} func (r V0alpha2ApiApiInitializeSelfServiceLoginFlowForBrowsersRequest) Execute() (*SelfServiceLoginFlow, *http.Response, error) { return r.ApiService.InitializeSelfServiceLoginFlowForBrowsersExecute(r) } /* - * InitializeSelfServiceLoginFlowForBrowsers # Initialize Login Flow for Browsers - * This endpoint initializes a browser-based user login flow. This endpoint will set the appropriate + - InitializeSelfServiceLoginFlowForBrowsers Initialize Login Flow for Browsers + - This endpoint initializes a browser-based user login flow. This endpoint will set the appropriate + cookies and anti-CSRF measures required for browser-based flows. If this endpoint is opened as a link in the browser, it will be redirected to @@ -4094,8 +4103,8 @@ case of an error, the `error.id` of the JSON response body can be one of: This endpoint is NOT INTENDED for clients that do not have a browser (Chrome, Firefox, ...) as cookies are needed. More information can be found at [Ory Kratos User Login](https://www.ory.sh/docs/kratos/self-service/flows/user-login) and [User Registration Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-registration). - * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - * @return V0alpha2ApiApiInitializeSelfServiceLoginFlowForBrowsersRequest + - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + - @return V0alpha2ApiApiInitializeSelfServiceLoginFlowForBrowsersRequest */ func (a *V0alpha2ApiService) InitializeSelfServiceLoginFlowForBrowsers(ctx context.Context) V0alpha2ApiApiInitializeSelfServiceLoginFlowForBrowsersRequest { return V0alpha2ApiApiInitializeSelfServiceLoginFlowForBrowsersRequest{ @@ -4155,6 +4164,9 @@ func (a *V0alpha2ApiService) InitializeSelfServiceLoginFlowForBrowsersExecute(r if localVarHTTPHeaderAccept != "" { localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept } + if r.cookie != nil { + localVarHeaderParams["Cookie"] = parameterToString(*r.cookie, "") + } req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, localVarFormFileName, localVarFileName, localVarFileBytes) if err != nil { return localVarReturnValue, nil, err @@ -4237,8 +4249,8 @@ func (r V0alpha2ApiApiInitializeSelfServiceLoginFlowWithoutBrowserRequest) Execu } /* - * InitializeSelfServiceLoginFlowWithoutBrowser Initialize Login Flow for APIs, Services, Apps, ... - * This endpoint initiates a login flow for API clients that do not use a browser, such as mobile devices, smart TVs, and so on. + - InitializeSelfServiceLoginFlowWithoutBrowser Initialize Login Flow for APIs, Services, Apps, ... + - This endpoint initiates a login flow for API clients that do not use a browser, such as mobile devices, smart TVs, and so on. If a valid provided session cookie or session token is provided, a 400 Bad Request error will be returned unless the URL query parameter `?refresh=true` is set. @@ -4258,8 +4270,8 @@ In the case of an error, the `error.id` of the JSON response body can be one of: This endpoint MUST ONLY be used in scenarios such as native mobile apps (React Native, Objective C, Swift, Java, ...). More information can be found at [Ory Kratos User Login](https://www.ory.sh/docs/kratos/self-service/flows/user-login) and [User Registration Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-registration). - * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - * @return V0alpha2ApiApiInitializeSelfServiceLoginFlowWithoutBrowserRequest + - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + - @return V0alpha2ApiApiInitializeSelfServiceLoginFlowWithoutBrowserRequest */ func (a *V0alpha2ApiService) InitializeSelfServiceLoginFlowWithoutBrowser(ctx context.Context) V0alpha2ApiApiInitializeSelfServiceLoginFlowWithoutBrowserRequest { return V0alpha2ApiApiInitializeSelfServiceLoginFlowWithoutBrowserRequest{ @@ -4391,8 +4403,9 @@ func (r V0alpha2ApiApiInitializeSelfServiceRecoveryFlowForBrowsersRequest) Execu } /* - * InitializeSelfServiceRecoveryFlowForBrowsers # Initialize Recovery Flow for Browsers - * This endpoint initializes a browser-based account recovery flow. Once initialized, the browser will be redirected to + - InitializeSelfServiceRecoveryFlowForBrowsers Initialize Recovery Flow for Browsers + - This endpoint initializes a browser-based account recovery flow. Once initialized, the browser will be redirected to + `selfservice.flows.recovery.ui_url` with the flow ID set as the query parameter `?flow=`. If a valid user session exists, the browser is returned to the configured return URL. @@ -4402,8 +4415,8 @@ or a 400 bad request error if the user is already authenticated. This endpoint is NOT INTENDED for clients that do not have a browser (Chrome, Firefox, ...) as cookies are needed. More information can be found at [Ory Kratos Account Recovery Documentation](../self-service/flows/account-recovery). - * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - * @return V0alpha2ApiApiInitializeSelfServiceRecoveryFlowForBrowsersRequest + - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + - @return V0alpha2ApiApiInitializeSelfServiceRecoveryFlowForBrowsersRequest */ func (a *V0alpha2ApiService) InitializeSelfServiceRecoveryFlowForBrowsers(ctx context.Context) V0alpha2ApiApiInitializeSelfServiceRecoveryFlowForBrowsersRequest { return V0alpha2ApiApiInitializeSelfServiceRecoveryFlowForBrowsersRequest{ @@ -4523,8 +4536,8 @@ func (r V0alpha2ApiApiInitializeSelfServiceRecoveryFlowWithoutBrowserRequest) Ex } /* - * InitializeSelfServiceRecoveryFlowWithoutBrowser Initialize Recovery Flow for APIs, Services, Apps, ... - * This endpoint initiates a recovery flow for API clients such as mobile devices, smart TVs, and so on. + - InitializeSelfServiceRecoveryFlowWithoutBrowser Initialize Recovery Flow for APIs, Services, Apps, ... + - This endpoint initiates a recovery flow for API clients such as mobile devices, smart TVs, and so on. If a valid provided session cookie or session token is provided, a 400 Bad Request error. @@ -4537,8 +4550,8 @@ you vulnerable to a variety of CSRF attacks. This endpoint MUST ONLY be used in scenarios such as native mobile apps (React Native, Objective C, Swift, Java, ...). More information can be found at [Ory Kratos Account Recovery Documentation](../self-service/flows/account-recovery). - * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - * @return V0alpha2ApiApiInitializeSelfServiceRecoveryFlowWithoutBrowserRequest + - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + - @return V0alpha2ApiApiInitializeSelfServiceRecoveryFlowWithoutBrowserRequest */ func (a *V0alpha2ApiService) InitializeSelfServiceRecoveryFlowWithoutBrowser(ctx context.Context) V0alpha2ApiApiInitializeSelfServiceRecoveryFlowWithoutBrowserRequest { return V0alpha2ApiApiInitializeSelfServiceRecoveryFlowWithoutBrowserRequest{ @@ -4661,8 +4674,9 @@ func (r V0alpha2ApiApiInitializeSelfServiceRegistrationFlowForBrowsersRequest) E } /* - * InitializeSelfServiceRegistrationFlowForBrowsers # Initialize Registration Flow for Browsers - * This endpoint initializes a browser-based user registration flow. This endpoint will set the appropriate + - InitializeSelfServiceRegistrationFlowForBrowsers Initialize Registration Flow for Browsers + - This endpoint initializes a browser-based user registration flow. This endpoint will set the appropriate + cookies and anti-CSRF measures required for browser-based flows. :::info @@ -4687,8 +4701,8 @@ If this endpoint is called via an AJAX request, the response contains the regist This endpoint is NOT INTENDED for clients that do not have a browser (Chrome, Firefox, ...) as cookies are needed. More information can be found at [Ory Kratos User Login](https://www.ory.sh/docs/kratos/self-service/flows/user-login) and [User Registration Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-registration). - * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - * @return V0alpha2ApiApiInitializeSelfServiceRegistrationFlowForBrowsersRequest + - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + - @return V0alpha2ApiApiInitializeSelfServiceRegistrationFlowForBrowsersRequest */ func (a *V0alpha2ApiService) InitializeSelfServiceRegistrationFlowForBrowsers(ctx context.Context) V0alpha2ApiApiInitializeSelfServiceRegistrationFlowForBrowsersRequest { return V0alpha2ApiApiInitializeSelfServiceRegistrationFlowForBrowsersRequest{ @@ -4798,8 +4812,8 @@ func (r V0alpha2ApiApiInitializeSelfServiceRegistrationFlowWithoutBrowserRequest } /* - * InitializeSelfServiceRegistrationFlowWithoutBrowser Initialize Registration Flow for APIs, Services, Apps, ... - * This endpoint initiates a registration flow for API clients such as mobile devices, smart TVs, and so on. + - InitializeSelfServiceRegistrationFlowWithoutBrowser Initialize Registration Flow for APIs, Services, Apps, ... + - This endpoint initiates a registration flow for API clients such as mobile devices, smart TVs, and so on. If a valid provided session cookie or session token is provided, a 400 Bad Request error will be returned unless the URL query parameter `?refresh=true` is set. @@ -4818,8 +4832,8 @@ In the case of an error, the `error.id` of the JSON response body can be one of: This endpoint MUST ONLY be used in scenarios such as native mobile apps (React Native, Objective C, Swift, Java, ...). More information can be found at [Ory Kratos User Login](https://www.ory.sh/docs/kratos/self-service/flows/user-login) and [User Registration Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-registration). - * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - * @return V0alpha2ApiApiInitializeSelfServiceRegistrationFlowWithoutBrowserRequest + - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + - @return V0alpha2ApiApiInitializeSelfServiceRegistrationFlowWithoutBrowserRequest */ func (a *V0alpha2ApiService) InitializeSelfServiceRegistrationFlowWithoutBrowser(ctx context.Context) V0alpha2ApiApiInitializeSelfServiceRegistrationFlowWithoutBrowserRequest { return V0alpha2ApiApiInitializeSelfServiceRegistrationFlowWithoutBrowserRequest{ @@ -4930,20 +4944,26 @@ type V0alpha2ApiApiInitializeSelfServiceSettingsFlowForBrowsersRequest struct { ctx context.Context ApiService V0alpha2Api returnTo *string + cookie *string } func (r V0alpha2ApiApiInitializeSelfServiceSettingsFlowForBrowsersRequest) ReturnTo(returnTo string) V0alpha2ApiApiInitializeSelfServiceSettingsFlowForBrowsersRequest { r.returnTo = &returnTo return r } +func (r V0alpha2ApiApiInitializeSelfServiceSettingsFlowForBrowsersRequest) Cookie(cookie string) V0alpha2ApiApiInitializeSelfServiceSettingsFlowForBrowsersRequest { + r.cookie = &cookie + return r +} func (r V0alpha2ApiApiInitializeSelfServiceSettingsFlowForBrowsersRequest) Execute() (*SelfServiceSettingsFlow, *http.Response, error) { return r.ApiService.InitializeSelfServiceSettingsFlowForBrowsersExecute(r) } /* - * InitializeSelfServiceSettingsFlowForBrowsers # Initialize Settings Flow for Browsers - * This endpoint initializes a browser-based user settings flow. Once initialized, the browser will be redirected to + - InitializeSelfServiceSettingsFlowForBrowsers Initialize Settings Flow for Browsers + - This endpoint initializes a browser-based user settings flow. Once initialized, the browser will be redirected to + `selfservice.flows.settings.ui_url` with the flow ID set as the query parameter `?flow=`. If no valid Ory Kratos Session Cookie is included in the request, a login flow will be initialized. @@ -4969,8 +4989,8 @@ case of an error, the `error.id` of the JSON response body can be one of: This endpoint is NOT INTENDED for clients that do not have a browser (Chrome, Firefox, ...) as cookies are needed. More information can be found at [Ory Kratos User Settings & Profile Management Documentation](../self-service/flows/user-settings). - * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - * @return V0alpha2ApiApiInitializeSelfServiceSettingsFlowForBrowsersRequest + - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + - @return V0alpha2ApiApiInitializeSelfServiceSettingsFlowForBrowsersRequest */ func (a *V0alpha2ApiService) InitializeSelfServiceSettingsFlowForBrowsers(ctx context.Context) V0alpha2ApiApiInitializeSelfServiceSettingsFlowForBrowsersRequest { return V0alpha2ApiApiInitializeSelfServiceSettingsFlowForBrowsersRequest{ @@ -5024,6 +5044,9 @@ func (a *V0alpha2ApiService) InitializeSelfServiceSettingsFlowForBrowsersExecute if localVarHTTPHeaderAccept != "" { localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept } + if r.cookie != nil { + localVarHeaderParams["Cookie"] = parameterToString(*r.cookie, "") + } req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, localVarFormFileName, localVarFileName, localVarFileBytes) if err != nil { return localVarReturnValue, nil, err @@ -5116,8 +5139,9 @@ func (r V0alpha2ApiApiInitializeSelfServiceSettingsFlowWithoutBrowserRequest) Ex } /* - * InitializeSelfServiceSettingsFlowWithoutBrowser Initialize Settings Flow for APIs, Services, Apps, ... - * This endpoint initiates a settings flow for API clients such as mobile devices, smart TVs, and so on. + - InitializeSelfServiceSettingsFlowWithoutBrowser Initialize Settings Flow for APIs, Services, Apps, ... + - This endpoint initiates a settings flow for API clients such as mobile devices, smart TVs, and so on. + You must provide a valid Ory Kratos Session Token for this endpoint to respond with HTTP 200 OK. To fetch an existing settings flow call `/self-service/settings/flows?flow=`. @@ -5139,8 +5163,8 @@ In the case of an error, the `error.id` of the JSON response body can be one of: This endpoint MUST ONLY be used in scenarios such as native mobile apps (React Native, Objective C, Swift, Java, ...). More information can be found at [Ory Kratos User Settings & Profile Management Documentation](../self-service/flows/user-settings). - * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - * @return V0alpha2ApiApiInitializeSelfServiceSettingsFlowWithoutBrowserRequest + - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + - @return V0alpha2ApiApiInitializeSelfServiceSettingsFlowWithoutBrowserRequest */ func (a *V0alpha2ApiService) InitializeSelfServiceSettingsFlowWithoutBrowser(ctx context.Context) V0alpha2ApiApiInitializeSelfServiceSettingsFlowWithoutBrowserRequest { return V0alpha2ApiApiInitializeSelfServiceSettingsFlowWithoutBrowserRequest{ @@ -5266,8 +5290,9 @@ func (r V0alpha2ApiApiInitializeSelfServiceVerificationFlowForBrowsersRequest) E } /* - * InitializeSelfServiceVerificationFlowForBrowsers # Initialize Verification Flow for Browser Clients - * This endpoint initializes a browser-based account verification flow. Once initialized, the browser will be redirected to + - InitializeSelfServiceVerificationFlowForBrowsers Initialize Verification Flow for Browser Clients + - This endpoint initializes a browser-based account verification flow. Once initialized, the browser will be redirected to + `selfservice.flows.verification.ui_url` with the flow ID set as the query parameter `?flow=`. If this endpoint is called via an AJAX request, the response contains the recovery flow without any redirects. @@ -5275,8 +5300,8 @@ If this endpoint is called via an AJAX request, the response contains the recove This endpoint is NOT INTENDED for API clients and only works with browsers (Chrome, Firefox, ...). More information can be found at [Ory Kratos Email and Phone Verification Documentation](https://www.ory.sh/docs/kratos/selfservice/flows/verify-email-account-activation). - * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - * @return V0alpha2ApiApiInitializeSelfServiceVerificationFlowForBrowsersRequest + - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + - @return V0alpha2ApiApiInitializeSelfServiceVerificationFlowForBrowsersRequest */ func (a *V0alpha2ApiService) InitializeSelfServiceVerificationFlowForBrowsers(ctx context.Context) V0alpha2ApiApiInitializeSelfServiceVerificationFlowForBrowsersRequest { return V0alpha2ApiApiInitializeSelfServiceVerificationFlowForBrowsersRequest{ @@ -5386,8 +5411,8 @@ func (r V0alpha2ApiApiInitializeSelfServiceVerificationFlowWithoutBrowserRequest } /* - * InitializeSelfServiceVerificationFlowWithoutBrowser Initialize Verification Flow for APIs, Services, Apps, ... - * This endpoint initiates a verification flow for API clients such as mobile devices, smart TVs, and so on. + - InitializeSelfServiceVerificationFlowWithoutBrowser Initialize Verification Flow for APIs, Services, Apps, ... + - This endpoint initiates a verification flow for API clients such as mobile devices, smart TVs, and so on. To fetch an existing verification flow call `/self-service/verification/flows?flow=`. @@ -5398,8 +5423,8 @@ you vulnerable to a variety of CSRF attacks. This endpoint MUST ONLY be used in scenarios such as native mobile apps (React Native, Objective C, Swift, Java, ...). More information can be found at [Ory Kratos Email and Phone Verification Documentation](https://www.ory.sh/docs/kratos/self-service/flows/verify-email-account-activation). - * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - * @return V0alpha2ApiApiInitializeSelfServiceVerificationFlowWithoutBrowserRequest + - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + - @return V0alpha2ApiApiInitializeSelfServiceVerificationFlowWithoutBrowserRequest */ func (a *V0alpha2ApiService) InitializeSelfServiceVerificationFlowWithoutBrowser(ctx context.Context) V0alpha2ApiApiInitializeSelfServiceVerificationFlowWithoutBrowserRequest { return V0alpha2ApiApiInitializeSelfServiceVerificationFlowWithoutBrowserRequest{ @@ -5664,12 +5689,12 @@ func (r V0alpha2ApiApiListSessionsRequest) Execute() ([]Session, *http.Response, } /* - * ListSessions This endpoints returns all other active sessions that belong to the logged-in user. The current session can be retrieved by calling the `/sessions/whoami` endpoint. - * This endpoint is useful for: + - ListSessions This endpoints returns all other active sessions that belong to the logged-in user. The current session can be retrieved by calling the `/sessions/whoami` endpoint. + - This endpoint is useful for: Displaying all other sessions that belong to the logged-in user - * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - * @return V0alpha2ApiApiListSessionsRequest + - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + - @return V0alpha2ApiApiListSessionsRequest */ func (a *V0alpha2ApiService) ListSessions(ctx context.Context) V0alpha2ApiApiListSessionsRequest { return V0alpha2ApiApiListSessionsRequest{ @@ -5819,13 +5844,13 @@ func (r V0alpha2ApiApiRevokeSessionRequest) Execute() (*http.Response, error) { } /* - * RevokeSession Calling this endpoint invalidates the specified session. The current session cannot be revoked. Session data are not deleted. - * This endpoint is useful for: + - RevokeSession Calling this endpoint invalidates the specified session. The current session cannot be revoked. Session data are not deleted. + - This endpoint is useful for: To forcefully logout the current user from another device or session - * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - * @param id ID is the session's ID. - * @return V0alpha2ApiApiRevokeSessionRequest + - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + - @param id ID is the session's ID. + - @return V0alpha2ApiApiRevokeSessionRequest */ func (a *V0alpha2ApiService) RevokeSession(ctx context.Context, id string) V0alpha2ApiApiRevokeSessionRequest { return V0alpha2ApiApiRevokeSessionRequest{ @@ -5954,12 +5979,12 @@ func (r V0alpha2ApiApiRevokeSessionsRequest) Execute() (*RevokedSessions, *http. } /* - * RevokeSessions Calling this endpoint invalidates all except the current session that belong to the logged-in user. Session data are not deleted. - * This endpoint is useful for: + - RevokeSessions Calling this endpoint invalidates all except the current session that belong to the logged-in user. Session data are not deleted. + - This endpoint is useful for: To forcefully logout the current user from all other devices and sessions - * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - * @return V0alpha2ApiApiRevokeSessionsRequest + - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + - @return V0alpha2ApiApiRevokeSessionsRequest */ func (a *V0alpha2ApiService) RevokeSessions(ctx context.Context) V0alpha2ApiApiRevokeSessionsRequest { return V0alpha2ApiApiRevokeSessionsRequest{ @@ -6123,8 +6148,8 @@ func (r V0alpha2ApiApiSubmitSelfServiceLoginFlowRequest) Execute() (*SuccessfulS } /* - * SubmitSelfServiceLoginFlow # Submit a Login Flow - * :::info + - SubmitSelfServiceLoginFlow Submit a Login Flow + - :::info This endpoint is EXPERIMENTAL and subject to potential breaking changes in the future. @@ -6157,8 +6182,8 @@ case of an error, the `error.id` of the JSON response body can be one of: Most likely used in Social Sign In flows. More information can be found at [Ory Kratos User Login](https://www.ory.sh/docs/kratos/self-service/flows/user-login) and [User Registration Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-registration). - * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - * @return V0alpha2ApiApiSubmitSelfServiceLoginFlowRequest + - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + - @return V0alpha2ApiApiSubmitSelfServiceLoginFlowRequest */ func (a *V0alpha2ApiService) SubmitSelfServiceLoginFlow(ctx context.Context) V0alpha2ApiApiSubmitSelfServiceLoginFlowRequest { return V0alpha2ApiApiSubmitSelfServiceLoginFlowRequest{ @@ -6321,8 +6346,8 @@ func (r V0alpha2ApiApiSubmitSelfServiceLogoutFlowRequest) Execute() (*http.Respo } /* - * SubmitSelfServiceLogoutFlow # Complete Self-Service Logout - * This endpoint logs out an identity in a self-service manner. + - SubmitSelfServiceLogoutFlow Complete Self-Service Logout + - This endpoint logs out an identity in a self-service manner. If the `Accept` HTTP header is not set to `application/json`, the browser will be redirected (HTTP 303 See Other) to the `return_to` parameter of the initial request or fall back to `urls.default_return_to`. @@ -6335,8 +6360,8 @@ with browsers (Chrome, Firefox, ...). For API clients you can call the `/self-service/logout/api` URL directly with the Ory Session Token. More information can be found at [Ory Kratos User Logout Documentation](https://www.ory.sh/docs/next/kratos/self-service/flows/user-logout). - * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - * @return V0alpha2ApiApiSubmitSelfServiceLogoutFlowRequest + - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + - @return V0alpha2ApiApiSubmitSelfServiceLogoutFlowRequest */ func (a *V0alpha2ApiService) SubmitSelfServiceLogoutFlow(ctx context.Context) V0alpha2ApiApiSubmitSelfServiceLogoutFlowRequest { return V0alpha2ApiApiSubmitSelfServiceLogoutFlowRequest{ @@ -6444,8 +6469,9 @@ func (r V0alpha2ApiApiSubmitSelfServiceLogoutFlowWithoutBrowserRequest) Execute( } /* - * SubmitSelfServiceLogoutFlowWithoutBrowser Perform Logout for APIs, Services, Apps, ... - * Use this endpoint to log out an identity using an Ory Session Token. If the Ory Session Token was successfully + - SubmitSelfServiceLogoutFlowWithoutBrowser Perform Logout for APIs, Services, Apps, ... + - Use this endpoint to log out an identity using an Ory Session Token. If the Ory Session Token was successfully + revoked, the server returns a 204 No Content response. A 204 No Content response is also sent when the Ory Session Token has been revoked already before. @@ -6453,8 +6479,8 @@ If the Ory Session Token is malformed or does not exist a 403 Forbidden response This endpoint does not remove any HTTP Cookies - use the Browser-Based Self-Service Logout Flow instead. - * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - * @return V0alpha2ApiApiSubmitSelfServiceLogoutFlowWithoutBrowserRequest + - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + - @return V0alpha2ApiApiSubmitSelfServiceLogoutFlowWithoutBrowserRequest */ func (a *V0alpha2ApiService) SubmitSelfServiceLogoutFlowWithoutBrowser(ctx context.Context) V0alpha2ApiApiSubmitSelfServiceLogoutFlowWithoutBrowserRequest { return V0alpha2ApiApiSubmitSelfServiceLogoutFlowWithoutBrowserRequest{ @@ -6586,8 +6612,9 @@ func (r V0alpha2ApiApiSubmitSelfServiceRecoveryFlowRequest) Execute() (*SelfServ } /* - * SubmitSelfServiceRecoveryFlow # Complete Recovery Flow - * Use this endpoint to complete a recovery flow. This endpoint + - SubmitSelfServiceRecoveryFlow Complete Recovery Flow + - Use this endpoint to complete a recovery flow. This endpoint + behaves differently for API and browser flows and has several states: `choose_method` expects `flow` (in the URL query) and `email` (in the body) to be sent @@ -6603,8 +6630,8 @@ does not have any API capabilities. The server responds with a HTTP 303 See Othe a new Recovery Flow ID which contains an error message that the recovery link was invalid. More information can be found at [Ory Kratos Account Recovery Documentation](../self-service/flows/account-recovery). - * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - * @return V0alpha2ApiApiSubmitSelfServiceRecoveryFlowRequest + - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + - @return V0alpha2ApiApiSubmitSelfServiceRecoveryFlowRequest */ func (a *V0alpha2ApiService) SubmitSelfServiceRecoveryFlow(ctx context.Context) V0alpha2ApiApiSubmitSelfServiceRecoveryFlowRequest { return V0alpha2ApiApiSubmitSelfServiceRecoveryFlowRequest{ @@ -6762,8 +6789,9 @@ func (r V0alpha2ApiApiSubmitSelfServiceRegistrationFlowRequest) Execute() (*Succ } /* - * SubmitSelfServiceRegistrationFlow # Submit a Registration Flow - * Use this endpoint to complete a registration flow by sending an identity's traits and password. This endpoint + - SubmitSelfServiceRegistrationFlow Submit a Registration Flow + - Use this endpoint to complete a registration flow by sending an identity's traits and password. This endpoint + behaves differently for API and browser flows. API flows expect `application/json` to be sent in the body and respond with @@ -6791,8 +6819,8 @@ case of an error, the `error.id` of the JSON response body can be one of: Most likely used in Social Sign In flows. More information can be found at [Ory Kratos User Login](https://www.ory.sh/docs/kratos/self-service/flows/user-login) and [User Registration Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-registration). - * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - * @return V0alpha2ApiApiSubmitSelfServiceRegistrationFlowRequest + - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + - @return V0alpha2ApiApiSubmitSelfServiceRegistrationFlowRequest */ func (a *V0alpha2ApiService) SubmitSelfServiceRegistrationFlow(ctx context.Context) V0alpha2ApiApiSubmitSelfServiceRegistrationFlowRequest { return V0alpha2ApiApiSubmitSelfServiceRegistrationFlowRequest{ @@ -6962,8 +6990,9 @@ func (r V0alpha2ApiApiSubmitSelfServiceSettingsFlowRequest) Execute() (*SelfServ } /* - * SubmitSelfServiceSettingsFlow # Complete Settings Flow - * Use this endpoint to complete a settings flow by sending an identity's updated password. This endpoint + - SubmitSelfServiceSettingsFlow Complete Settings Flow + - Use this endpoint to complete a settings flow by sending an identity's updated password. This endpoint + behaves differently for API and browser flows. API-initiated flows expect `application/json` to be sent in the body and respond with @@ -7006,8 +7035,8 @@ identity logged in instead. Most likely used in Social Sign In flows. More information can be found at [Ory Kratos User Settings & Profile Management Documentation](../self-service/flows/user-settings). - * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - * @return V0alpha2ApiApiSubmitSelfServiceSettingsFlowRequest + - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + - @return V0alpha2ApiApiSubmitSelfServiceSettingsFlowRequest */ func (a *V0alpha2ApiService) SubmitSelfServiceSettingsFlow(ctx context.Context) V0alpha2ApiApiSubmitSelfServiceSettingsFlowRequest { return V0alpha2ApiApiSubmitSelfServiceSettingsFlowRequest{ @@ -7200,8 +7229,9 @@ func (r V0alpha2ApiApiSubmitSelfServiceVerificationFlowRequest) Execute() (*Self } /* - * SubmitSelfServiceVerificationFlow # Complete Verification Flow - * Use this endpoint to complete a verification flow. This endpoint + - SubmitSelfServiceVerificationFlow Complete Verification Flow + - Use this endpoint to complete a verification flow. This endpoint + behaves differently for API and browser flows and has several states: `choose_method` expects `flow` (in the URL query) and `email` (in the body) to be sent @@ -7217,8 +7247,8 @@ does not have any API capabilities. The server responds with a HTTP 303 See Othe a new Verification Flow ID which contains an error message that the verification link was invalid. More information can be found at [Ory Kratos Email and Phone Verification Documentation](https://www.ory.sh/docs/kratos/selfservice/flows/verify-email-account-activation). - * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - * @return V0alpha2ApiApiSubmitSelfServiceVerificationFlowRequest + - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + - @return V0alpha2ApiApiSubmitSelfServiceVerificationFlowRequest */ func (a *V0alpha2ApiService) SubmitSelfServiceVerificationFlow(ctx context.Context) V0alpha2ApiApiSubmitSelfServiceVerificationFlowRequest { return V0alpha2ApiApiSubmitSelfServiceVerificationFlowRequest{ @@ -7371,8 +7401,9 @@ func (r V0alpha2ApiApiToSessionRequest) Execute() (*Session, *http.Response, err } /* - * ToSession # Check Who the Current HTTP Session Belongs To - * Uses the HTTP Headers in the GET request to determine (e.g. by using checking the cookies) who is authenticated. + - ToSession Check Who the Current HTTP Session Belongs To + - Uses the HTTP Headers in the GET request to determine (e.g. by using checking the cookies) who is authenticated. + Returns a session object in the body or 401 if the credentials are invalid or no credentials were sent. Additionally when the request it successful it adds the user ID to the 'X-Kratos-Authenticated-Identity-Id' header in the response. @@ -7421,8 +7452,8 @@ As explained above, this request may fail due to several reasons. The `error.id` `session_inactive`: No active session was found in the request (e.g. no Ory Session Cookie / Ory Session Token). `session_aal2_required`: An active session was found but it does not fulfil the Authenticator Assurance Level, implying that the session must (e.g.) authenticate the second factor. - * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - * @return V0alpha2ApiApiToSessionRequest + - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + - @return V0alpha2ApiApiToSessionRequest */ func (a *V0alpha2ApiService) ToSession(ctx context.Context) V0alpha2ApiApiToSessionRequest { return V0alpha2ApiApiToSessionRequest{ diff --git a/internal/httpclient/docs/V0alpha2Api.md b/internal/httpclient/docs/V0alpha2Api.md index 9a931c37a8a6..3d24ab0eb7e6 100644 --- a/internal/httpclient/docs/V0alpha2Api.md +++ b/internal/httpclient/docs/V0alpha2Api.md @@ -4,47 +4,47 @@ All URIs are relative to *http://localhost* Method | HTTP request | Description ------------- | ------------- | ------------- -[**AdminCreateIdentity**](V0alpha2Api.md#AdminCreateIdentity) | **Post** /admin/identities | # Create an Identity -[**AdminCreateSelfServiceRecoveryLink**](V0alpha2Api.md#AdminCreateSelfServiceRecoveryLink) | **Post** /admin/recovery/link | # Create a Recovery Link -[**AdminDeleteIdentity**](V0alpha2Api.md#AdminDeleteIdentity) | **Delete** /admin/identities/{id} | # Delete an Identity +[**AdminCreateIdentity**](V0alpha2Api.md#AdminCreateIdentity) | **Post** /admin/identities | Create an Identity +[**AdminCreateSelfServiceRecoveryLink**](V0alpha2Api.md#AdminCreateSelfServiceRecoveryLink) | **Post** /admin/recovery/link | Create a Recovery Link +[**AdminDeleteIdentity**](V0alpha2Api.md#AdminDeleteIdentity) | **Delete** /admin/identities/{id} | Delete an Identity [**AdminDeleteIdentitySessions**](V0alpha2Api.md#AdminDeleteIdentitySessions) | **Delete** /admin/identities/{id}/sessions | Calling this endpoint irrecoverably and permanently deletes and invalidates all sessions that belong to the given Identity. [**AdminExtendSession**](V0alpha2Api.md#AdminExtendSession) | **Patch** /admin/sessions/{id}/extend | Calling this endpoint extends the given session ID. If `session.earliest_possible_extend` is set it will only extend the session after the specified time has passed. -[**AdminGetIdentity**](V0alpha2Api.md#AdminGetIdentity) | **Get** /admin/identities/{id} | # Get an Identity -[**AdminListIdentities**](V0alpha2Api.md#AdminListIdentities) | **Get** /admin/identities | # List Identities +[**AdminGetIdentity**](V0alpha2Api.md#AdminGetIdentity) | **Get** /admin/identities/{id} | Get an Identity +[**AdminListIdentities**](V0alpha2Api.md#AdminListIdentities) | **Get** /admin/identities | List Identities [**AdminListIdentitySessions**](V0alpha2Api.md#AdminListIdentitySessions) | **Get** /admin/identities/{id}/sessions | This endpoint returns all sessions that belong to the given Identity. [**AdminPatchIdentity**](V0alpha2Api.md#AdminPatchIdentity) | **Patch** /admin/identities/{id} | Partially updates an Identity's field using [JSON Patch](https://jsonpatch.com/) -[**AdminUpdateIdentity**](V0alpha2Api.md#AdminUpdateIdentity) | **Put** /admin/identities/{id} | # Update an Identity -[**CreateSelfServiceLogoutFlowUrlForBrowsers**](V0alpha2Api.md#CreateSelfServiceLogoutFlowUrlForBrowsers) | **Get** /self-service/logout/browser | # Create a Logout URL for Browsers +[**AdminUpdateIdentity**](V0alpha2Api.md#AdminUpdateIdentity) | **Put** /admin/identities/{id} | Update an Identity +[**CreateSelfServiceLogoutFlowUrlForBrowsers**](V0alpha2Api.md#CreateSelfServiceLogoutFlowUrlForBrowsers) | **Get** /self-service/logout/browser | Create a Logout URL for Browsers [**GetIdentitySchema**](V0alpha2Api.md#GetIdentitySchema) | **Get** /schemas/{id} | -[**GetSelfServiceError**](V0alpha2Api.md#GetSelfServiceError) | **Get** /self-service/errors | # Get Self-Service Errors -[**GetSelfServiceLoginFlow**](V0alpha2Api.md#GetSelfServiceLoginFlow) | **Get** /self-service/login/flows | # Get Login Flow -[**GetSelfServiceRecoveryFlow**](V0alpha2Api.md#GetSelfServiceRecoveryFlow) | **Get** /self-service/recovery/flows | # Get Recovery Flow -[**GetSelfServiceRegistrationFlow**](V0alpha2Api.md#GetSelfServiceRegistrationFlow) | **Get** /self-service/registration/flows | # Get Registration Flow -[**GetSelfServiceSettingsFlow**](V0alpha2Api.md#GetSelfServiceSettingsFlow) | **Get** /self-service/settings/flows | # Get Settings Flow -[**GetSelfServiceVerificationFlow**](V0alpha2Api.md#GetSelfServiceVerificationFlow) | **Get** /self-service/verification/flows | # Get Verification Flow -[**GetWebAuthnJavaScript**](V0alpha2Api.md#GetWebAuthnJavaScript) | **Get** /.well-known/ory/webauthn.js | # Get WebAuthn JavaScript -[**InitializeSelfServiceLoginFlowForBrowsers**](V0alpha2Api.md#InitializeSelfServiceLoginFlowForBrowsers) | **Get** /self-service/login/browser | # Initialize Login Flow for Browsers +[**GetSelfServiceError**](V0alpha2Api.md#GetSelfServiceError) | **Get** /self-service/errors | Get Self-Service Errors +[**GetSelfServiceLoginFlow**](V0alpha2Api.md#GetSelfServiceLoginFlow) | **Get** /self-service/login/flows | Get Login Flow +[**GetSelfServiceRecoveryFlow**](V0alpha2Api.md#GetSelfServiceRecoveryFlow) | **Get** /self-service/recovery/flows | Get Recovery Flow +[**GetSelfServiceRegistrationFlow**](V0alpha2Api.md#GetSelfServiceRegistrationFlow) | **Get** /self-service/registration/flows | Get Registration Flow +[**GetSelfServiceSettingsFlow**](V0alpha2Api.md#GetSelfServiceSettingsFlow) | **Get** /self-service/settings/flows | Get Settings Flow +[**GetSelfServiceVerificationFlow**](V0alpha2Api.md#GetSelfServiceVerificationFlow) | **Get** /self-service/verification/flows | Get Verification Flow +[**GetWebAuthnJavaScript**](V0alpha2Api.md#GetWebAuthnJavaScript) | **Get** /.well-known/ory/webauthn.js | Get WebAuthn JavaScript +[**InitializeSelfServiceLoginFlowForBrowsers**](V0alpha2Api.md#InitializeSelfServiceLoginFlowForBrowsers) | **Get** /self-service/login/browser | Initialize Login Flow for Browsers [**InitializeSelfServiceLoginFlowWithoutBrowser**](V0alpha2Api.md#InitializeSelfServiceLoginFlowWithoutBrowser) | **Get** /self-service/login/api | Initialize Login Flow for APIs, Services, Apps, ... -[**InitializeSelfServiceRecoveryFlowForBrowsers**](V0alpha2Api.md#InitializeSelfServiceRecoveryFlowForBrowsers) | **Get** /self-service/recovery/browser | # Initialize Recovery Flow for Browsers +[**InitializeSelfServiceRecoveryFlowForBrowsers**](V0alpha2Api.md#InitializeSelfServiceRecoveryFlowForBrowsers) | **Get** /self-service/recovery/browser | Initialize Recovery Flow for Browsers [**InitializeSelfServiceRecoveryFlowWithoutBrowser**](V0alpha2Api.md#InitializeSelfServiceRecoveryFlowWithoutBrowser) | **Get** /self-service/recovery/api | Initialize Recovery Flow for APIs, Services, Apps, ... -[**InitializeSelfServiceRegistrationFlowForBrowsers**](V0alpha2Api.md#InitializeSelfServiceRegistrationFlowForBrowsers) | **Get** /self-service/registration/browser | # Initialize Registration Flow for Browsers +[**InitializeSelfServiceRegistrationFlowForBrowsers**](V0alpha2Api.md#InitializeSelfServiceRegistrationFlowForBrowsers) | **Get** /self-service/registration/browser | Initialize Registration Flow for Browsers [**InitializeSelfServiceRegistrationFlowWithoutBrowser**](V0alpha2Api.md#InitializeSelfServiceRegistrationFlowWithoutBrowser) | **Get** /self-service/registration/api | Initialize Registration Flow for APIs, Services, Apps, ... -[**InitializeSelfServiceSettingsFlowForBrowsers**](V0alpha2Api.md#InitializeSelfServiceSettingsFlowForBrowsers) | **Get** /self-service/settings/browser | # Initialize Settings Flow for Browsers +[**InitializeSelfServiceSettingsFlowForBrowsers**](V0alpha2Api.md#InitializeSelfServiceSettingsFlowForBrowsers) | **Get** /self-service/settings/browser | Initialize Settings Flow for Browsers [**InitializeSelfServiceSettingsFlowWithoutBrowser**](V0alpha2Api.md#InitializeSelfServiceSettingsFlowWithoutBrowser) | **Get** /self-service/settings/api | Initialize Settings Flow for APIs, Services, Apps, ... -[**InitializeSelfServiceVerificationFlowForBrowsers**](V0alpha2Api.md#InitializeSelfServiceVerificationFlowForBrowsers) | **Get** /self-service/verification/browser | # Initialize Verification Flow for Browser Clients +[**InitializeSelfServiceVerificationFlowForBrowsers**](V0alpha2Api.md#InitializeSelfServiceVerificationFlowForBrowsers) | **Get** /self-service/verification/browser | Initialize Verification Flow for Browser Clients [**InitializeSelfServiceVerificationFlowWithoutBrowser**](V0alpha2Api.md#InitializeSelfServiceVerificationFlowWithoutBrowser) | **Get** /self-service/verification/api | Initialize Verification Flow for APIs, Services, Apps, ... [**ListIdentitySchemas**](V0alpha2Api.md#ListIdentitySchemas) | **Get** /schemas | [**ListSessions**](V0alpha2Api.md#ListSessions) | **Get** /sessions | This endpoints returns all other active sessions that belong to the logged-in user. The current session can be retrieved by calling the `/sessions/whoami` endpoint. [**RevokeSession**](V0alpha2Api.md#RevokeSession) | **Delete** /sessions/{id} | Calling this endpoint invalidates the specified session. The current session cannot be revoked. Session data are not deleted. [**RevokeSessions**](V0alpha2Api.md#RevokeSessions) | **Delete** /sessions | Calling this endpoint invalidates all except the current session that belong to the logged-in user. Session data are not deleted. -[**SubmitSelfServiceLoginFlow**](V0alpha2Api.md#SubmitSelfServiceLoginFlow) | **Post** /self-service/login | # Submit a Login Flow -[**SubmitSelfServiceLogoutFlow**](V0alpha2Api.md#SubmitSelfServiceLogoutFlow) | **Get** /self-service/logout | # Complete Self-Service Logout +[**SubmitSelfServiceLoginFlow**](V0alpha2Api.md#SubmitSelfServiceLoginFlow) | **Post** /self-service/login | Submit a Login Flow +[**SubmitSelfServiceLogoutFlow**](V0alpha2Api.md#SubmitSelfServiceLogoutFlow) | **Get** /self-service/logout | Complete Self-Service Logout [**SubmitSelfServiceLogoutFlowWithoutBrowser**](V0alpha2Api.md#SubmitSelfServiceLogoutFlowWithoutBrowser) | **Delete** /self-service/logout/api | Perform Logout for APIs, Services, Apps, ... -[**SubmitSelfServiceRecoveryFlow**](V0alpha2Api.md#SubmitSelfServiceRecoveryFlow) | **Post** /self-service/recovery | # Complete Recovery Flow -[**SubmitSelfServiceRegistrationFlow**](V0alpha2Api.md#SubmitSelfServiceRegistrationFlow) | **Post** /self-service/registration | # Submit a Registration Flow -[**SubmitSelfServiceSettingsFlow**](V0alpha2Api.md#SubmitSelfServiceSettingsFlow) | **Post** /self-service/settings | # Complete Settings Flow -[**SubmitSelfServiceVerificationFlow**](V0alpha2Api.md#SubmitSelfServiceVerificationFlow) | **Post** /self-service/verification | # Complete Verification Flow -[**ToSession**](V0alpha2Api.md#ToSession) | **Get** /sessions/whoami | # Check Who the Current HTTP Session Belongs To +[**SubmitSelfServiceRecoveryFlow**](V0alpha2Api.md#SubmitSelfServiceRecoveryFlow) | **Post** /self-service/recovery | Complete Recovery Flow +[**SubmitSelfServiceRegistrationFlow**](V0alpha2Api.md#SubmitSelfServiceRegistrationFlow) | **Post** /self-service/registration | Submit a Registration Flow +[**SubmitSelfServiceSettingsFlow**](V0alpha2Api.md#SubmitSelfServiceSettingsFlow) | **Post** /self-service/settings | Complete Settings Flow +[**SubmitSelfServiceVerificationFlow**](V0alpha2Api.md#SubmitSelfServiceVerificationFlow) | **Post** /self-service/verification | Complete Verification Flow +[**ToSession**](V0alpha2Api.md#ToSession) | **Get** /sessions/whoami | Check Who the Current HTTP Session Belongs To @@ -52,7 +52,7 @@ Method | HTTP request | Description > Identity AdminCreateIdentity(ctx).AdminCreateIdentityBody(adminCreateIdentityBody).Execute() -# Create an Identity +Create an Identity @@ -118,7 +118,7 @@ Name | Type | Description | Notes > SelfServiceRecoveryLink AdminCreateSelfServiceRecoveryLink(ctx).AdminCreateSelfServiceRecoveryLinkBody(adminCreateSelfServiceRecoveryLinkBody).Execute() -# Create a Recovery Link +Create a Recovery Link @@ -184,7 +184,7 @@ No authorization required > AdminDeleteIdentity(ctx, id).Execute() -# Delete an Identity +Delete an Identity @@ -390,7 +390,7 @@ Name | Type | Description | Notes > Identity AdminGetIdentity(ctx, id).IncludeCredential(includeCredential).Execute() -# Get an Identity +Get an Identity @@ -462,7 +462,7 @@ Name | Type | Description | Notes > []Identity AdminListIdentities(ctx).PerPage(perPage).Page(page).Execute() -# List Identities +List Identities @@ -678,7 +678,7 @@ Name | Type | Description | Notes > Identity AdminUpdateIdentity(ctx, id).AdminUpdateIdentityBody(adminUpdateIdentityBody).Execute() -# Update an Identity +Update an Identity @@ -750,7 +750,7 @@ Name | Type | Description | Notes > SelfServiceLogoutUrl CreateSelfServiceLogoutFlowUrlForBrowsers(ctx).Cookie(cookie).Execute() -# Create a Logout URL for Browsers +Create a Logout URL for Browsers @@ -886,7 +886,7 @@ No authorization required > SelfServiceError GetSelfServiceError(ctx).Id(id).Execute() -# Get Self-Service Errors +Get Self-Service Errors @@ -952,7 +952,7 @@ No authorization required > SelfServiceLoginFlow GetSelfServiceLoginFlow(ctx).Id(id).Cookie(cookie).Execute() -# Get Login Flow +Get Login Flow @@ -1020,7 +1020,7 @@ No authorization required > SelfServiceRecoveryFlow GetSelfServiceRecoveryFlow(ctx).Id(id).Cookie(cookie).Execute() -# Get Recovery Flow +Get Recovery Flow @@ -1088,7 +1088,7 @@ No authorization required > SelfServiceRegistrationFlow GetSelfServiceRegistrationFlow(ctx).Id(id).Cookie(cookie).Execute() -# Get Registration Flow +Get Registration Flow @@ -1156,7 +1156,7 @@ No authorization required > SelfServiceSettingsFlow GetSelfServiceSettingsFlow(ctx).Id(id).XSessionToken(xSessionToken).Cookie(cookie).Execute() -# Get Settings Flow +Get Settings Flow @@ -1226,7 +1226,7 @@ No authorization required > SelfServiceVerificationFlow GetSelfServiceVerificationFlow(ctx).Id(id).Cookie(cookie).Execute() -# Get Verification Flow +Get Verification Flow @@ -1294,7 +1294,7 @@ No authorization required > string GetWebAuthnJavaScript(ctx).Execute() -# Get WebAuthn JavaScript +Get WebAuthn JavaScript @@ -1353,9 +1353,9 @@ No authorization required ## InitializeSelfServiceLoginFlowForBrowsers -> SelfServiceLoginFlow InitializeSelfServiceLoginFlowForBrowsers(ctx).Refresh(refresh).Aal(aal).ReturnTo(returnTo).Execute() +> SelfServiceLoginFlow InitializeSelfServiceLoginFlowForBrowsers(ctx).Refresh(refresh).Aal(aal).ReturnTo(returnTo).Cookie(cookie).Execute() -# Initialize Login Flow for Browsers +Initialize Login Flow for Browsers @@ -1375,10 +1375,11 @@ func main() { refresh := true // bool | Refresh a login session If set to true, this will refresh an existing login session by asking the user to sign in again. This will reset the authenticated_at time of the session. (optional) aal := "aal_example" // string | Request a Specific AuthenticationMethod Assurance Level Use this parameter to upgrade an existing session's authenticator assurance level (AAL). This allows you to ask for multi-factor authentication. When an identity sign in using e.g. username+password, the AAL is 1. If you wish to \"upgrade\" the session's security by asking the user to perform TOTP / WebAuth/ ... you would set this to \"aal2\". (optional) returnTo := "returnTo_example" // string | The URL to return the browser to after the flow was completed. (optional) + cookie := "cookie_example" // string | HTTP Cookies When using the SDK in a browser app, on the server side you must include the HTTP Cookie Header sent by the client to your server here. This ensures that CSRF and session cookies are respected. (optional) configuration := openapiclient.NewConfiguration() apiClient := openapiclient.NewAPIClient(configuration) - resp, r, err := apiClient.V0alpha2Api.InitializeSelfServiceLoginFlowForBrowsers(context.Background()).Refresh(refresh).Aal(aal).ReturnTo(returnTo).Execute() + resp, r, err := apiClient.V0alpha2Api.InitializeSelfServiceLoginFlowForBrowsers(context.Background()).Refresh(refresh).Aal(aal).ReturnTo(returnTo).Cookie(cookie).Execute() if err != nil { fmt.Fprintf(os.Stderr, "Error when calling `V0alpha2Api.InitializeSelfServiceLoginFlowForBrowsers``: %v\n", err) fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r) @@ -1402,6 +1403,7 @@ Name | Type | Description | Notes **refresh** | **bool** | Refresh a login session If set to true, this will refresh an existing login session by asking the user to sign in again. This will reset the authenticated_at time of the session. | **aal** | **string** | Request a Specific AuthenticationMethod Assurance Level Use this parameter to upgrade an existing session's authenticator assurance level (AAL). This allows you to ask for multi-factor authentication. When an identity sign in using e.g. username+password, the AAL is 1. If you wish to \"upgrade\" the session's security by asking the user to perform TOTP / WebAuth/ ... you would set this to \"aal2\". | **returnTo** | **string** | The URL to return the browser to after the flow was completed. | + **cookie** | **string** | HTTP Cookies When using the SDK in a browser app, on the server side you must include the HTTP Cookie Header sent by the client to your server here. This ensures that CSRF and session cookies are respected. | ### Return type @@ -1495,7 +1497,7 @@ No authorization required > SelfServiceRecoveryFlow InitializeSelfServiceRecoveryFlowForBrowsers(ctx).ReturnTo(returnTo).Execute() -# Initialize Recovery Flow for Browsers +Initialize Recovery Flow for Browsers @@ -1622,7 +1624,7 @@ No authorization required > SelfServiceRegistrationFlow InitializeSelfServiceRegistrationFlowForBrowsers(ctx).ReturnTo(returnTo).Execute() -# Initialize Registration Flow for Browsers +Initialize Registration Flow for Browsers @@ -1747,9 +1749,9 @@ No authorization required ## InitializeSelfServiceSettingsFlowForBrowsers -> SelfServiceSettingsFlow InitializeSelfServiceSettingsFlowForBrowsers(ctx).ReturnTo(returnTo).Execute() +> SelfServiceSettingsFlow InitializeSelfServiceSettingsFlowForBrowsers(ctx).ReturnTo(returnTo).Cookie(cookie).Execute() -# Initialize Settings Flow for Browsers +Initialize Settings Flow for Browsers @@ -1767,10 +1769,11 @@ import ( func main() { returnTo := "returnTo_example" // string | The URL to return the browser to after the flow was completed. (optional) + cookie := "cookie_example" // string | HTTP Cookies When using the SDK in a browser app, on the server side you must include the HTTP Cookie Header sent by the client to your server here. This ensures that CSRF and session cookies are respected. (optional) configuration := openapiclient.NewConfiguration() apiClient := openapiclient.NewAPIClient(configuration) - resp, r, err := apiClient.V0alpha2Api.InitializeSelfServiceSettingsFlowForBrowsers(context.Background()).ReturnTo(returnTo).Execute() + resp, r, err := apiClient.V0alpha2Api.InitializeSelfServiceSettingsFlowForBrowsers(context.Background()).ReturnTo(returnTo).Cookie(cookie).Execute() if err != nil { fmt.Fprintf(os.Stderr, "Error when calling `V0alpha2Api.InitializeSelfServiceSettingsFlowForBrowsers``: %v\n", err) fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r) @@ -1792,6 +1795,7 @@ Other parameters are passed through a pointer to a apiInitializeSelfServiceSetti Name | Type | Description | Notes ------------- | ------------- | ------------- | ------------- **returnTo** | **string** | The URL to return the browser to after the flow was completed. | + **cookie** | **string** | HTTP Cookies When using the SDK in a browser app, on the server side you must include the HTTP Cookie Header sent by the client to your server here. This ensures that CSRF and session cookies are respected. | ### Return type @@ -1881,7 +1885,7 @@ No authorization required > SelfServiceVerificationFlow InitializeSelfServiceVerificationFlowForBrowsers(ctx).ReturnTo(returnTo).Execute() -# Initialize Verification Flow for Browser Clients +Initialize Verification Flow for Browser Clients @@ -2284,7 +2288,7 @@ No authorization required > SuccessfulSelfServiceLoginWithoutBrowser SubmitSelfServiceLoginFlow(ctx).Flow(flow).SubmitSelfServiceLoginFlowBody(submitSelfServiceLoginFlowBody).XSessionToken(xSessionToken).Cookie(cookie).Execute() -# Submit a Login Flow +Submit a Login Flow @@ -2356,7 +2360,7 @@ No authorization required > SubmitSelfServiceLogoutFlow(ctx).Token(token).ReturnTo(returnTo).Execute() -# Complete Self-Service Logout +Complete Self-Service Logout @@ -2486,7 +2490,7 @@ No authorization required > SelfServiceRecoveryFlow SubmitSelfServiceRecoveryFlow(ctx).Flow(flow).SubmitSelfServiceRecoveryFlowBody(submitSelfServiceRecoveryFlowBody).Token(token).Cookie(cookie).Execute() -# Complete Recovery Flow +Complete Recovery Flow @@ -2558,7 +2562,7 @@ No authorization required > SuccessfulSelfServiceRegistrationWithoutBrowser SubmitSelfServiceRegistrationFlow(ctx).Flow(flow).SubmitSelfServiceRegistrationFlowBody(submitSelfServiceRegistrationFlowBody).Cookie(cookie).Execute() -# Submit a Registration Flow +Submit a Registration Flow @@ -2628,7 +2632,7 @@ No authorization required > SelfServiceSettingsFlow SubmitSelfServiceSettingsFlow(ctx).Flow(flow).SubmitSelfServiceSettingsFlowBody(submitSelfServiceSettingsFlowBody).XSessionToken(xSessionToken).Cookie(cookie).Execute() -# Complete Settings Flow +Complete Settings Flow @@ -2700,7 +2704,7 @@ No authorization required > SelfServiceVerificationFlow SubmitSelfServiceVerificationFlow(ctx).Flow(flow).SubmitSelfServiceVerificationFlowBody(submitSelfServiceVerificationFlowBody).Token(token).Cookie(cookie).Execute() -# Complete Verification Flow +Complete Verification Flow @@ -2772,7 +2776,7 @@ No authorization required > Session ToSession(ctx).XSessionToken(xSessionToken).Cookie(cookie).Execute() -# Check Who the Current HTTP Session Belongs To +Check Who the Current HTTP Session Belongs To diff --git a/selfservice/flow/login/handler.go b/selfservice/flow/login/handler.go index f895ca9a4215..1612a30ef9c7 100644 --- a/selfservice/flow/login/handler.go +++ b/selfservice/flow/login/handler.go @@ -302,6 +302,15 @@ type initializeSelfServiceLoginFlowForBrowsers struct { // // in: query ReturnTo string `json:"return_to"` + + // HTTP Cookies + // + // When using the SDK in a browser app, on the server side you must include the HTTP Cookie Header + // sent by the client to your server here. This ensures that CSRF and session cookies are respected. + // + // in: header + // name: Cookie + Cookies string `json:"Cookie"` } // swagger:route GET /self-service/login/browser v0alpha2 initializeSelfServiceLoginFlowForBrowsers diff --git a/selfservice/flow/settings/handler.go b/selfservice/flow/settings/handler.go index 0fd30070793b..73f94986b7c9 100644 --- a/selfservice/flow/settings/handler.go +++ b/selfservice/flow/settings/handler.go @@ -222,6 +222,15 @@ type initializeSelfServiceSettingsFlowForBrowsers struct { // // in: query ReturnTo string `json:"return_to"` + + // HTTP Cookies + // + // When using the SDK in a browser app, on the server side you must include the HTTP Cookie Header + // sent by the client to your server here. This ensures that CSRF and session cookies are respected. + // + // in: header + // name: Cookie + Cookies string `json:"Cookie"` } // swagger:route GET /self-service/settings/browser v0alpha2 initializeSelfServiceSettingsFlowForBrowsers diff --git a/spec/api.json b/spec/api.json index 9b334dbb5e22..919eb8825fc3 100755 --- a/spec/api.json +++ b/spec/api.json @@ -2370,7 +2370,7 @@ "description": "webAuthnJavaScript" } }, - "summary": "# Get WebAuthn JavaScript", + "summary": "Get WebAuthn JavaScript", "tags": [ "v0alpha2" ] @@ -2432,7 +2432,7 @@ "oryAccessToken": [] } ], - "summary": "# List Identities", + "summary": "List Identities", "tags": [ "v0alpha2" ] @@ -2497,7 +2497,7 @@ "oryAccessToken": [] } ], - "summary": "# Create an Identity", + "summary": "Create an Identity", "tags": [ "v0alpha2" ] @@ -2548,7 +2548,7 @@ "oryAccessToken": [] } ], - "summary": "# Delete an Identity", + "summary": "Delete an Identity", "tags": [ "v0alpha2" ] @@ -2615,7 +2615,7 @@ "oryAccessToken": [] } ], - "summary": "# Get an Identity", + "summary": "Get an Identity", "tags": [ "v0alpha2" ] @@ -2787,7 +2787,7 @@ "oryAccessToken": [] } ], - "summary": "# Update an Identity", + "summary": "Update an Identity", "tags": [ "v0alpha2" ] @@ -3027,7 +3027,7 @@ "description": "jsonError" } }, - "summary": "# Create a Recovery Link", + "summary": "Create a Recovery Link", "tags": [ "v0alpha2" ] @@ -3360,7 +3360,7 @@ "description": "jsonError" } }, - "summary": "# Get Self-Service Errors", + "summary": "Get Self-Service Errors", "tags": [ "v0alpha2" ] @@ -3468,7 +3468,7 @@ "description": "jsonError" } }, - "summary": "# Submit a Login Flow", + "summary": "Submit a Login Flow", "tags": [ "v0alpha2" ] @@ -3570,6 +3570,14 @@ "schema": { "type": "string" } + }, + { + "description": "HTTP Cookies\n\nWhen using the SDK in a browser app, on the server side you must include the HTTP Cookie Header\nsent by the client to your server here. This ensures that CSRF and session cookies are respected.", + "in": "header", + "name": "Cookie", + "schema": { + "type": "string" + } } ], "responses": { @@ -3607,7 +3615,7 @@ "description": "jsonError" } }, - "summary": "# Initialize Login Flow for Browsers", + "summary": "Initialize Login Flow for Browsers", "tags": [ "v0alpha2" ] @@ -3688,7 +3696,7 @@ "description": "jsonError" } }, - "summary": "# Get Login Flow", + "summary": "Get Login Flow", "tags": [ "v0alpha2" ] @@ -3734,7 +3742,7 @@ "description": "jsonError" } }, - "summary": "# Complete Self-Service Logout", + "summary": "Complete Self-Service Logout", "tags": [ "v0alpha2" ] @@ -3832,7 +3840,7 @@ "description": "jsonError" } }, - "summary": "# Create a Logout URL for Browsers", + "summary": "Create a Logout URL for Browsers", "tags": [ "v0alpha2" ] @@ -3930,7 +3938,7 @@ "description": "jsonError" } }, - "summary": "# Complete Recovery Flow", + "summary": "Complete Recovery Flow", "tags": [ "v0alpha2" ] @@ -4027,7 +4035,7 @@ "description": "jsonError" } }, - "summary": "# Initialize Recovery Flow for Browsers", + "summary": "Initialize Recovery Flow for Browsers", "tags": [ "v0alpha2" ] @@ -4098,7 +4106,7 @@ "description": "jsonError" } }, - "summary": "# Get Recovery Flow", + "summary": "Get Recovery Flow", "tags": [ "v0alpha2" ] @@ -4198,7 +4206,7 @@ "description": "jsonError" } }, - "summary": "# Submit a Registration Flow", + "summary": "Submit a Registration Flow", "tags": [ "v0alpha2" ] @@ -4285,7 +4293,7 @@ "description": "jsonError" } }, - "summary": "# Initialize Registration Flow for Browsers", + "summary": "Initialize Registration Flow for Browsers", "tags": [ "v0alpha2" ] @@ -4366,7 +4374,7 @@ "description": "jsonError" } }, - "summary": "# Get Registration Flow", + "summary": "Get Registration Flow", "tags": [ "v0alpha2" ] @@ -4499,7 +4507,7 @@ "sessionToken": [] } ], - "summary": "# Complete Settings Flow", + "summary": "Complete Settings Flow", "tags": [ "v0alpha2" ] @@ -4569,6 +4577,14 @@ "schema": { "type": "string" } + }, + { + "description": "HTTP Cookies\n\nWhen using the SDK in a browser app, on the server side you must include the HTTP Cookie Header\nsent by the client to your server here. This ensures that CSRF and session cookies are respected.", + "in": "header", + "name": "Cookie", + "schema": { + "type": "string" + } } ], "responses": { @@ -4626,7 +4642,7 @@ "description": "jsonError" } }, - "summary": "# Initialize Settings Flow for Browsers", + "summary": "Initialize Settings Flow for Browsers", "tags": [ "v0alpha2" ] @@ -4725,7 +4741,7 @@ "description": "jsonError" } }, - "summary": "# Get Settings Flow", + "summary": "Get Settings Flow", "tags": [ "v0alpha2" ] @@ -4823,7 +4839,7 @@ "description": "jsonError" } }, - "summary": "# Complete Verification Flow", + "summary": "Complete Verification Flow", "tags": [ "v0alpha2" ] @@ -4910,7 +4926,7 @@ "description": "jsonError" } }, - "summary": "# Initialize Verification Flow for Browser Clients", + "summary": "Initialize Verification Flow for Browser Clients", "tags": [ "v0alpha2" ] @@ -4981,7 +4997,7 @@ "description": "jsonError" } }, - "summary": "# Get Verification Flow", + "summary": "Get Verification Flow", "tags": [ "v0alpha2" ] @@ -5234,7 +5250,7 @@ "description": "jsonError" } }, - "summary": "# Check Who the Current HTTP Session Belongs To", + "summary": "Check Who the Current HTTP Session Belongs To", "tags": [ "v0alpha2" ] diff --git a/spec/swagger.json b/spec/swagger.json index 33af83314e77..1d3b7a5c1e19 100755 --- a/spec/swagger.json +++ b/spec/swagger.json @@ -31,7 +31,7 @@ "tags": [ "v0alpha2" ], - "summary": "# Get WebAuthn JavaScript", + "summary": "Get WebAuthn JavaScript", "operationId": "getWebAuthnJavaScript", "responses": { "200": { @@ -61,7 +61,7 @@ "tags": [ "v0alpha2" ], - "summary": "# List Identities", + "summary": "List Identities", "operationId": "adminListIdentities", "parameters": [ { @@ -119,7 +119,7 @@ "tags": [ "v0alpha2" ], - "summary": "# Create an Identity", + "summary": "Create an Identity", "operationId": "adminCreateIdentity", "parameters": [ { @@ -179,7 +179,7 @@ "tags": [ "v0alpha2" ], - "summary": "# Get an Identity", + "summary": "Get an Identity", "operationId": "adminGetIdentity", "parameters": [ { @@ -240,7 +240,7 @@ "tags": [ "v0alpha2" ], - "summary": "# Update an Identity", + "summary": "Update an Identity", "operationId": "adminUpdateIdentity", "parameters": [ { @@ -308,7 +308,7 @@ "tags": [ "v0alpha2" ], - "summary": "# Delete an Identity", + "summary": "Delete an Identity", "operationId": "adminDeleteIdentity", "parameters": [ { @@ -565,7 +565,7 @@ "tags": [ "v0alpha2" ], - "summary": "# Create a Recovery Link", + "summary": "Create a Recovery Link", "operationId": "adminCreateSelfServiceRecoveryLink", "parameters": [ { @@ -821,7 +821,7 @@ "tags": [ "v0alpha2" ], - "summary": "# Get Self-Service Errors", + "summary": "Get Self-Service Errors", "operationId": "getSelfServiceError", "parameters": [ { @@ -879,7 +879,7 @@ "tags": [ "v0alpha2" ], - "summary": "# Submit a Login Flow", + "summary": "Submit a Login Flow", "operationId": "submitSelfServiceLoginFlow", "parameters": [ { @@ -1017,7 +1017,7 @@ "tags": [ "v0alpha2" ], - "summary": "# Initialize Login Flow for Browsers", + "summary": "Initialize Login Flow for Browsers", "operationId": "initializeSelfServiceLoginFlowForBrowsers", "parameters": [ { @@ -1037,6 +1037,12 @@ "description": "The URL to return the browser to after the flow was completed.", "name": "return_to", "in": "query" + }, + { + "type": "string", + "description": "HTTP Cookies\n\nWhen using the SDK in a browser app, on the server side you must include the HTTP Cookie Header\nsent by the client to your server here. This ensures that CSRF and session cookies are respected.", + "name": "Cookie", + "in": "header" } ], "responses": { @@ -1077,7 +1083,7 @@ "tags": [ "v0alpha2" ], - "summary": "# Get Login Flow", + "summary": "Get Login Flow", "operationId": "getSelfServiceLoginFlow", "parameters": [ { @@ -1141,7 +1147,7 @@ "tags": [ "v0alpha2" ], - "summary": "# Complete Self-Service Logout", + "summary": "Complete Self-Service Logout", "operationId": "submitSelfServiceLogoutFlow", "parameters": [ { @@ -1233,7 +1239,7 @@ "tags": [ "v0alpha2" ], - "summary": "# Create a Logout URL for Browsers", + "summary": "Create a Logout URL for Browsers", "operationId": "createSelfServiceLogoutFlowUrlForBrowsers", "parameters": [ { @@ -1282,7 +1288,7 @@ "tags": [ "v0alpha2" ], - "summary": "# Complete Recovery Flow", + "summary": "Complete Recovery Flow", "operationId": "submitSelfServiceRecoveryFlow", "parameters": [ { @@ -1388,7 +1394,7 @@ "tags": [ "v0alpha2" ], - "summary": "# Initialize Recovery Flow for Browsers", + "summary": "Initialize Recovery Flow for Browsers", "operationId": "initializeSelfServiceRecoveryFlowForBrowsers", "parameters": [ { @@ -1436,7 +1442,7 @@ "tags": [ "v0alpha2" ], - "summary": "# Get Recovery Flow", + "summary": "Get Recovery Flow", "operationId": "getSelfServiceRecoveryFlow", "parameters": [ { @@ -1498,7 +1504,7 @@ "tags": [ "v0alpha2" ], - "summary": "# Submit a Registration Flow", + "summary": "Submit a Registration Flow", "operationId": "submitSelfServiceRegistrationFlow", "parameters": [ { @@ -1607,7 +1613,7 @@ "tags": [ "v0alpha2" ], - "summary": "# Initialize Registration Flow for Browsers", + "summary": "Initialize Registration Flow for Browsers", "operationId": "initializeSelfServiceRegistrationFlowForBrowsers", "parameters": [ { @@ -1649,7 +1655,7 @@ "tags": [ "v0alpha2" ], - "summary": "# Get Registration Flow", + "summary": "Get Registration Flow", "operationId": "getSelfServiceRegistrationFlow", "parameters": [ { @@ -1722,7 +1728,7 @@ "tags": [ "v0alpha2" ], - "summary": "# Complete Settings Flow", + "summary": "Complete Settings Flow", "operationId": "submitSelfServiceSettingsFlow", "parameters": [ { @@ -1854,7 +1860,7 @@ "tags": [ "v0alpha2" ], - "summary": "# Initialize Settings Flow for Browsers", + "summary": "Initialize Settings Flow for Browsers", "operationId": "initializeSelfServiceSettingsFlowForBrowsers", "parameters": [ { @@ -1862,6 +1868,12 @@ "description": "The URL to return the browser to after the flow was completed.", "name": "return_to", "in": "query" + }, + { + "type": "string", + "description": "HTTP Cookies\n\nWhen using the SDK in a browser app, on the server side you must include the HTTP Cookie Header\nsent by the client to your server here. This ensures that CSRF and session cookies are respected.", + "name": "Cookie", + "in": "header" } ], "responses": { @@ -1914,7 +1926,7 @@ "tags": [ "v0alpha2" ], - "summary": "# Get Settings Flow", + "summary": "Get Settings Flow", "operationId": "getSelfServiceSettingsFlow", "parameters": [ { @@ -1994,7 +2006,7 @@ "tags": [ "v0alpha2" ], - "summary": "# Complete Verification Flow", + "summary": "Complete Verification Flow", "operationId": "submitSelfServiceVerificationFlow", "parameters": [ { @@ -2100,7 +2112,7 @@ "tags": [ "v0alpha2" ], - "summary": "# Initialize Verification Flow for Browser Clients", + "summary": "Initialize Verification Flow for Browser Clients", "operationId": "initializeSelfServiceVerificationFlowForBrowsers", "parameters": [ { @@ -2142,7 +2154,7 @@ "tags": [ "v0alpha2" ], - "summary": "# Get Verification Flow", + "summary": "Get Verification Flow", "operationId": "getSelfServiceVerificationFlow", "parameters": [ { @@ -2337,7 +2349,7 @@ "tags": [ "v0alpha2" ], - "summary": "# Check Who the Current HTTP Session Belongs To", + "summary": "Check Who the Current HTTP Session Belongs To", "operationId": "toSession", "parameters": [ { From d7ce190fc5b27e5c5c154eb9c57fbd9ec1d05332 Mon Sep 17 00:00:00 2001 From: ory-bot <60093411+ory-bot@users.noreply.github.com> Date: Mon, 12 Sep 2022 06:40:58 +0000 Subject: [PATCH 254/411] autogen(openapi): regenerate swagger spec and internal client [skip ci] --- internal/httpclient/README.md | 52 ++-- internal/httpclient/api/openapi.yaml | 52 ++-- internal/httpclient/api_metadata.go | 26 +- internal/httpclient/api_v0alpha2.go | 371 ++++++++++++------------ internal/httpclient/docs/V0alpha2Api.md | 104 +++---- spec/api.json | 52 ++-- spec/swagger.json | 52 ++-- 7 files changed, 346 insertions(+), 363 deletions(-) diff --git a/internal/httpclient/README.md b/internal/httpclient/README.md index d6b83db12981..ec39a91a1ac8 100644 --- a/internal/httpclient/README.md +++ b/internal/httpclient/README.md @@ -86,47 +86,47 @@ Class | Method | HTTP request | Description *MetadataApi* | [**GetVersion**](docs/MetadataApi.md#getversion) | **Get** /version | Return Running Software Version. *MetadataApi* | [**IsAlive**](docs/MetadataApi.md#isalive) | **Get** /health/alive | Check HTTP Server Status *MetadataApi* | [**IsReady**](docs/MetadataApi.md#isready) | **Get** /health/ready | Check HTTP Server and Database Status -*V0alpha2Api* | [**AdminCreateIdentity**](docs/V0alpha2Api.md#admincreateidentity) | **Post** /admin/identities | Create an Identity -*V0alpha2Api* | [**AdminCreateSelfServiceRecoveryLink**](docs/V0alpha2Api.md#admincreateselfservicerecoverylink) | **Post** /admin/recovery/link | Create a Recovery Link -*V0alpha2Api* | [**AdminDeleteIdentity**](docs/V0alpha2Api.md#admindeleteidentity) | **Delete** /admin/identities/{id} | Delete an Identity +*V0alpha2Api* | [**AdminCreateIdentity**](docs/V0alpha2Api.md#admincreateidentity) | **Post** /admin/identities | # Create an Identity +*V0alpha2Api* | [**AdminCreateSelfServiceRecoveryLink**](docs/V0alpha2Api.md#admincreateselfservicerecoverylink) | **Post** /admin/recovery/link | # Create a Recovery Link +*V0alpha2Api* | [**AdminDeleteIdentity**](docs/V0alpha2Api.md#admindeleteidentity) | **Delete** /admin/identities/{id} | # Delete an Identity *V0alpha2Api* | [**AdminDeleteIdentitySessions**](docs/V0alpha2Api.md#admindeleteidentitysessions) | **Delete** /admin/identities/{id}/sessions | Calling this endpoint irrecoverably and permanently deletes and invalidates all sessions that belong to the given Identity. *V0alpha2Api* | [**AdminExtendSession**](docs/V0alpha2Api.md#adminextendsession) | **Patch** /admin/sessions/{id}/extend | Calling this endpoint extends the given session ID. If `session.earliest_possible_extend` is set it will only extend the session after the specified time has passed. -*V0alpha2Api* | [**AdminGetIdentity**](docs/V0alpha2Api.md#admingetidentity) | **Get** /admin/identities/{id} | Get an Identity -*V0alpha2Api* | [**AdminListIdentities**](docs/V0alpha2Api.md#adminlistidentities) | **Get** /admin/identities | List Identities +*V0alpha2Api* | [**AdminGetIdentity**](docs/V0alpha2Api.md#admingetidentity) | **Get** /admin/identities/{id} | # Get an Identity +*V0alpha2Api* | [**AdminListIdentities**](docs/V0alpha2Api.md#adminlistidentities) | **Get** /admin/identities | # List Identities *V0alpha2Api* | [**AdminListIdentitySessions**](docs/V0alpha2Api.md#adminlistidentitysessions) | **Get** /admin/identities/{id}/sessions | This endpoint returns all sessions that belong to the given Identity. *V0alpha2Api* | [**AdminPatchIdentity**](docs/V0alpha2Api.md#adminpatchidentity) | **Patch** /admin/identities/{id} | Partially updates an Identity's field using [JSON Patch](https://jsonpatch.com/) -*V0alpha2Api* | [**AdminUpdateIdentity**](docs/V0alpha2Api.md#adminupdateidentity) | **Put** /admin/identities/{id} | Update an Identity -*V0alpha2Api* | [**CreateSelfServiceLogoutFlowUrlForBrowsers**](docs/V0alpha2Api.md#createselfservicelogoutflowurlforbrowsers) | **Get** /self-service/logout/browser | Create a Logout URL for Browsers +*V0alpha2Api* | [**AdminUpdateIdentity**](docs/V0alpha2Api.md#adminupdateidentity) | **Put** /admin/identities/{id} | # Update an Identity +*V0alpha2Api* | [**CreateSelfServiceLogoutFlowUrlForBrowsers**](docs/V0alpha2Api.md#createselfservicelogoutflowurlforbrowsers) | **Get** /self-service/logout/browser | # Create a Logout URL for Browsers *V0alpha2Api* | [**GetIdentitySchema**](docs/V0alpha2Api.md#getidentityschema) | **Get** /schemas/{id} | -*V0alpha2Api* | [**GetSelfServiceError**](docs/V0alpha2Api.md#getselfserviceerror) | **Get** /self-service/errors | Get Self-Service Errors -*V0alpha2Api* | [**GetSelfServiceLoginFlow**](docs/V0alpha2Api.md#getselfserviceloginflow) | **Get** /self-service/login/flows | Get Login Flow -*V0alpha2Api* | [**GetSelfServiceRecoveryFlow**](docs/V0alpha2Api.md#getselfservicerecoveryflow) | **Get** /self-service/recovery/flows | Get Recovery Flow -*V0alpha2Api* | [**GetSelfServiceRegistrationFlow**](docs/V0alpha2Api.md#getselfserviceregistrationflow) | **Get** /self-service/registration/flows | Get Registration Flow -*V0alpha2Api* | [**GetSelfServiceSettingsFlow**](docs/V0alpha2Api.md#getselfservicesettingsflow) | **Get** /self-service/settings/flows | Get Settings Flow -*V0alpha2Api* | [**GetSelfServiceVerificationFlow**](docs/V0alpha2Api.md#getselfserviceverificationflow) | **Get** /self-service/verification/flows | Get Verification Flow -*V0alpha2Api* | [**GetWebAuthnJavaScript**](docs/V0alpha2Api.md#getwebauthnjavascript) | **Get** /.well-known/ory/webauthn.js | Get WebAuthn JavaScript -*V0alpha2Api* | [**InitializeSelfServiceLoginFlowForBrowsers**](docs/V0alpha2Api.md#initializeselfserviceloginflowforbrowsers) | **Get** /self-service/login/browser | Initialize Login Flow for Browsers +*V0alpha2Api* | [**GetSelfServiceError**](docs/V0alpha2Api.md#getselfserviceerror) | **Get** /self-service/errors | # Get Self-Service Errors +*V0alpha2Api* | [**GetSelfServiceLoginFlow**](docs/V0alpha2Api.md#getselfserviceloginflow) | **Get** /self-service/login/flows | # Get Login Flow +*V0alpha2Api* | [**GetSelfServiceRecoveryFlow**](docs/V0alpha2Api.md#getselfservicerecoveryflow) | **Get** /self-service/recovery/flows | # Get Recovery Flow +*V0alpha2Api* | [**GetSelfServiceRegistrationFlow**](docs/V0alpha2Api.md#getselfserviceregistrationflow) | **Get** /self-service/registration/flows | # Get Registration Flow +*V0alpha2Api* | [**GetSelfServiceSettingsFlow**](docs/V0alpha2Api.md#getselfservicesettingsflow) | **Get** /self-service/settings/flows | # Get Settings Flow +*V0alpha2Api* | [**GetSelfServiceVerificationFlow**](docs/V0alpha2Api.md#getselfserviceverificationflow) | **Get** /self-service/verification/flows | # Get Verification Flow +*V0alpha2Api* | [**GetWebAuthnJavaScript**](docs/V0alpha2Api.md#getwebauthnjavascript) | **Get** /.well-known/ory/webauthn.js | # Get WebAuthn JavaScript +*V0alpha2Api* | [**InitializeSelfServiceLoginFlowForBrowsers**](docs/V0alpha2Api.md#initializeselfserviceloginflowforbrowsers) | **Get** /self-service/login/browser | # Initialize Login Flow for Browsers *V0alpha2Api* | [**InitializeSelfServiceLoginFlowWithoutBrowser**](docs/V0alpha2Api.md#initializeselfserviceloginflowwithoutbrowser) | **Get** /self-service/login/api | Initialize Login Flow for APIs, Services, Apps, ... -*V0alpha2Api* | [**InitializeSelfServiceRecoveryFlowForBrowsers**](docs/V0alpha2Api.md#initializeselfservicerecoveryflowforbrowsers) | **Get** /self-service/recovery/browser | Initialize Recovery Flow for Browsers +*V0alpha2Api* | [**InitializeSelfServiceRecoveryFlowForBrowsers**](docs/V0alpha2Api.md#initializeselfservicerecoveryflowforbrowsers) | **Get** /self-service/recovery/browser | # Initialize Recovery Flow for Browsers *V0alpha2Api* | [**InitializeSelfServiceRecoveryFlowWithoutBrowser**](docs/V0alpha2Api.md#initializeselfservicerecoveryflowwithoutbrowser) | **Get** /self-service/recovery/api | Initialize Recovery Flow for APIs, Services, Apps, ... -*V0alpha2Api* | [**InitializeSelfServiceRegistrationFlowForBrowsers**](docs/V0alpha2Api.md#initializeselfserviceregistrationflowforbrowsers) | **Get** /self-service/registration/browser | Initialize Registration Flow for Browsers +*V0alpha2Api* | [**InitializeSelfServiceRegistrationFlowForBrowsers**](docs/V0alpha2Api.md#initializeselfserviceregistrationflowforbrowsers) | **Get** /self-service/registration/browser | # Initialize Registration Flow for Browsers *V0alpha2Api* | [**InitializeSelfServiceRegistrationFlowWithoutBrowser**](docs/V0alpha2Api.md#initializeselfserviceregistrationflowwithoutbrowser) | **Get** /self-service/registration/api | Initialize Registration Flow for APIs, Services, Apps, ... -*V0alpha2Api* | [**InitializeSelfServiceSettingsFlowForBrowsers**](docs/V0alpha2Api.md#initializeselfservicesettingsflowforbrowsers) | **Get** /self-service/settings/browser | Initialize Settings Flow for Browsers +*V0alpha2Api* | [**InitializeSelfServiceSettingsFlowForBrowsers**](docs/V0alpha2Api.md#initializeselfservicesettingsflowforbrowsers) | **Get** /self-service/settings/browser | # Initialize Settings Flow for Browsers *V0alpha2Api* | [**InitializeSelfServiceSettingsFlowWithoutBrowser**](docs/V0alpha2Api.md#initializeselfservicesettingsflowwithoutbrowser) | **Get** /self-service/settings/api | Initialize Settings Flow for APIs, Services, Apps, ... -*V0alpha2Api* | [**InitializeSelfServiceVerificationFlowForBrowsers**](docs/V0alpha2Api.md#initializeselfserviceverificationflowforbrowsers) | **Get** /self-service/verification/browser | Initialize Verification Flow for Browser Clients +*V0alpha2Api* | [**InitializeSelfServiceVerificationFlowForBrowsers**](docs/V0alpha2Api.md#initializeselfserviceverificationflowforbrowsers) | **Get** /self-service/verification/browser | # Initialize Verification Flow for Browser Clients *V0alpha2Api* | [**InitializeSelfServiceVerificationFlowWithoutBrowser**](docs/V0alpha2Api.md#initializeselfserviceverificationflowwithoutbrowser) | **Get** /self-service/verification/api | Initialize Verification Flow for APIs, Services, Apps, ... *V0alpha2Api* | [**ListIdentitySchemas**](docs/V0alpha2Api.md#listidentityschemas) | **Get** /schemas | *V0alpha2Api* | [**ListSessions**](docs/V0alpha2Api.md#listsessions) | **Get** /sessions | This endpoints returns all other active sessions that belong to the logged-in user. The current session can be retrieved by calling the `/sessions/whoami` endpoint. *V0alpha2Api* | [**RevokeSession**](docs/V0alpha2Api.md#revokesession) | **Delete** /sessions/{id} | Calling this endpoint invalidates the specified session. The current session cannot be revoked. Session data are not deleted. *V0alpha2Api* | [**RevokeSessions**](docs/V0alpha2Api.md#revokesessions) | **Delete** /sessions | Calling this endpoint invalidates all except the current session that belong to the logged-in user. Session data are not deleted. -*V0alpha2Api* | [**SubmitSelfServiceLoginFlow**](docs/V0alpha2Api.md#submitselfserviceloginflow) | **Post** /self-service/login | Submit a Login Flow -*V0alpha2Api* | [**SubmitSelfServiceLogoutFlow**](docs/V0alpha2Api.md#submitselfservicelogoutflow) | **Get** /self-service/logout | Complete Self-Service Logout +*V0alpha2Api* | [**SubmitSelfServiceLoginFlow**](docs/V0alpha2Api.md#submitselfserviceloginflow) | **Post** /self-service/login | # Submit a Login Flow +*V0alpha2Api* | [**SubmitSelfServiceLogoutFlow**](docs/V0alpha2Api.md#submitselfservicelogoutflow) | **Get** /self-service/logout | # Complete Self-Service Logout *V0alpha2Api* | [**SubmitSelfServiceLogoutFlowWithoutBrowser**](docs/V0alpha2Api.md#submitselfservicelogoutflowwithoutbrowser) | **Delete** /self-service/logout/api | Perform Logout for APIs, Services, Apps, ... -*V0alpha2Api* | [**SubmitSelfServiceRecoveryFlow**](docs/V0alpha2Api.md#submitselfservicerecoveryflow) | **Post** /self-service/recovery | Complete Recovery Flow -*V0alpha2Api* | [**SubmitSelfServiceRegistrationFlow**](docs/V0alpha2Api.md#submitselfserviceregistrationflow) | **Post** /self-service/registration | Submit a Registration Flow -*V0alpha2Api* | [**SubmitSelfServiceSettingsFlow**](docs/V0alpha2Api.md#submitselfservicesettingsflow) | **Post** /self-service/settings | Complete Settings Flow -*V0alpha2Api* | [**SubmitSelfServiceVerificationFlow**](docs/V0alpha2Api.md#submitselfserviceverificationflow) | **Post** /self-service/verification | Complete Verification Flow -*V0alpha2Api* | [**ToSession**](docs/V0alpha2Api.md#tosession) | **Get** /sessions/whoami | Check Who the Current HTTP Session Belongs To +*V0alpha2Api* | [**SubmitSelfServiceRecoveryFlow**](docs/V0alpha2Api.md#submitselfservicerecoveryflow) | **Post** /self-service/recovery | # Complete Recovery Flow +*V0alpha2Api* | [**SubmitSelfServiceRegistrationFlow**](docs/V0alpha2Api.md#submitselfserviceregistrationflow) | **Post** /self-service/registration | # Submit a Registration Flow +*V0alpha2Api* | [**SubmitSelfServiceSettingsFlow**](docs/V0alpha2Api.md#submitselfservicesettingsflow) | **Post** /self-service/settings | # Complete Settings Flow +*V0alpha2Api* | [**SubmitSelfServiceVerificationFlow**](docs/V0alpha2Api.md#submitselfserviceverificationflow) | **Post** /self-service/verification | # Complete Verification Flow +*V0alpha2Api* | [**ToSession**](docs/V0alpha2Api.md#tosession) | **Get** /sessions/whoami | # Check Who the Current HTTP Session Belongs To ## Documentation For Models diff --git a/internal/httpclient/api/openapi.yaml b/internal/httpclient/api/openapi.yaml index c0d2097fc94b..f4e9f3973108 100644 --- a/internal/httpclient/api/openapi.yaml +++ b/internal/httpclient/api/openapi.yaml @@ -34,7 +34,7 @@ paths: schema: $ref: '#/components/schemas/webAuthnJavaScript' description: webAuthnJavaScript - summary: Get WebAuthn JavaScript + summary: '# Get WebAuthn JavaScript' tags: - v0alpha2 /admin/identities: @@ -92,7 +92,7 @@ paths: description: jsonError security: - oryAccessToken: [] - summary: List Identities + summary: '# List Identities' tags: - v0alpha2 post: @@ -132,7 +132,7 @@ paths: description: jsonError security: - oryAccessToken: [] - summary: Create an Identity + summary: '# Create an Identity' tags: - v0alpha2 /admin/identities/{id}: @@ -171,7 +171,7 @@ paths: description: jsonError security: - oryAccessToken: [] - summary: Delete an Identity + summary: '# Delete an Identity' tags: - v0alpha2 get: @@ -222,7 +222,7 @@ paths: description: jsonError security: - oryAccessToken: [] - summary: Get an Identity + summary: '# Get an Identity' tags: - v0alpha2 patch: @@ -336,7 +336,7 @@ paths: description: jsonError security: - oryAccessToken: [] - summary: Update an Identity + summary: '# Update an Identity' tags: - v0alpha2 /admin/identities/{id}/sessions: @@ -518,7 +518,7 @@ paths: schema: $ref: '#/components/schemas/jsonError' description: jsonError - summary: Create a Recovery Link + summary: '# Create a Recovery Link' tags: - v0alpha2 /admin/sessions/{id}/extend: @@ -754,7 +754,7 @@ paths: schema: $ref: '#/components/schemas/jsonError' description: jsonError - summary: Get Self-Service Errors + summary: '# Get Self-Service Errors' tags: - v0alpha2 /self-service/login: @@ -871,7 +871,7 @@ paths: schema: $ref: '#/components/schemas/jsonError' description: jsonError - summary: Submit a Login Flow + summary: '# Submit a Login Flow' tags: - v0alpha2 /self-service/login/api: @@ -1049,7 +1049,7 @@ paths: schema: $ref: '#/components/schemas/jsonError' description: jsonError - summary: Initialize Login Flow for Browsers + summary: '# Initialize Login Flow for Browsers' tags: - v0alpha2 /self-service/login/flows: @@ -1135,7 +1135,7 @@ paths: schema: $ref: '#/components/schemas/jsonError' description: jsonError - summary: Get Login Flow + summary: '# Get Login Flow' tags: - v0alpha2 /self-service/logout: @@ -1189,7 +1189,7 @@ paths: schema: $ref: '#/components/schemas/jsonError' description: jsonError - summary: Complete Self-Service Logout + summary: '# Complete Self-Service Logout' tags: - v0alpha2 /self-service/logout/api: @@ -1276,7 +1276,7 @@ paths: schema: $ref: '#/components/schemas/jsonError' description: jsonError - summary: Create a Logout URL for Browsers + summary: '# Create a Logout URL for Browsers' tags: - v0alpha2 /self-service/recovery: @@ -1376,7 +1376,7 @@ paths: schema: $ref: '#/components/schemas/jsonError' description: jsonError - summary: Complete Recovery Flow + summary: '# Complete Recovery Flow' tags: - v0alpha2 /self-service/recovery/api: @@ -1463,7 +1463,7 @@ paths: schema: $ref: '#/components/schemas/jsonError' description: jsonError - summary: Initialize Recovery Flow for Browsers + summary: '# Initialize Recovery Flow for Browsers' tags: - v0alpha2 /self-service/recovery/flows: @@ -1538,7 +1538,7 @@ paths: schema: $ref: '#/components/schemas/jsonError' description: jsonError - summary: Get Recovery Flow + summary: '# Get Recovery Flow' tags: - v0alpha2 /self-service/registration: @@ -1642,7 +1642,7 @@ paths: schema: $ref: '#/components/schemas/jsonError' description: jsonError - summary: Submit a Registration Flow + summary: '# Submit a Registration Flow' tags: - v0alpha2 /self-service/registration/api: @@ -1744,7 +1744,7 @@ paths: schema: $ref: '#/components/schemas/jsonError' description: jsonError - summary: Initialize Registration Flow for Browsers + summary: '# Initialize Registration Flow for Browsers' tags: - v0alpha2 /self-service/registration/flows: @@ -1830,7 +1830,7 @@ paths: schema: $ref: '#/components/schemas/jsonError' description: jsonError - summary: Get Registration Flow + summary: '# Get Registration Flow' tags: - v0alpha2 /self-service/settings: @@ -1971,7 +1971,7 @@ paths: description: jsonError security: - sessionToken: [] - summary: Complete Settings Flow + summary: '# Complete Settings Flow' tags: - v0alpha2 /self-service/settings/api: @@ -2116,7 +2116,7 @@ paths: schema: $ref: '#/components/schemas/jsonError' description: jsonError - summary: Initialize Settings Flow for Browsers + summary: '# Initialize Settings Flow for Browsers' tags: - v0alpha2 /self-service/settings/flows: @@ -2216,7 +2216,7 @@ paths: schema: $ref: '#/components/schemas/jsonError' description: jsonError - summary: Get Settings Flow + summary: '# Get Settings Flow' tags: - v0alpha2 /self-service/verification: @@ -2316,7 +2316,7 @@ paths: schema: $ref: '#/components/schemas/jsonError' description: jsonError - summary: Complete Verification Flow + summary: '# Complete Verification Flow' tags: - v0alpha2 /self-service/verification/api: @@ -2393,7 +2393,7 @@ paths: schema: $ref: '#/components/schemas/jsonError' description: jsonError - summary: Initialize Verification Flow for Browser Clients + summary: '# Initialize Verification Flow for Browser Clients' tags: - v0alpha2 /self-service/verification/flows: @@ -2467,7 +2467,7 @@ paths: schema: $ref: '#/components/schemas/jsonError' description: jsonError - summary: Get Verification Flow + summary: '# Get Verification Flow' tags: - v0alpha2 /sessions: @@ -2736,7 +2736,7 @@ paths: schema: $ref: '#/components/schemas/jsonError' description: jsonError - summary: Check Who the Current HTTP Session Belongs To + summary: '# Check Who the Current HTTP Session Belongs To' tags: - v0alpha2 /sessions/{id}: diff --git a/internal/httpclient/api_metadata.go b/internal/httpclient/api_metadata.go index eec994165b53..a63febb073aa 100644 --- a/internal/httpclient/api_metadata.go +++ b/internal/httpclient/api_metadata.go @@ -102,16 +102,16 @@ func (r MetadataApiApiGetVersionRequest) Execute() (*InlineResponse2001, *http.R } /* - - GetVersion Return Running Software Version. - - This endpoint returns the version of Ory Kratos. + * GetVersion Return Running Software Version. + * This endpoint returns the version of Ory Kratos. If the service supports TLS Edge Termination, this endpoint does not require the `X-Forwarded-Proto` header to be set. Be aware that if you are running multiple nodes of this service, the version will never refer to the cluster state, only to a single instance. - - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - - @return MetadataApiApiGetVersionRequest + * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + * @return MetadataApiApiGetVersionRequest */ func (a *MetadataApiService) GetVersion(ctx context.Context) MetadataApiApiGetVersionRequest { return MetadataApiApiGetVersionRequest{ @@ -209,9 +209,8 @@ func (r MetadataApiApiIsAliveRequest) Execute() (*InlineResponse200, *http.Respo } /* - - IsAlive Check HTTP Server Status - - This endpoint returns a HTTP 200 status code when Ory Kratos is accepting incoming - + * IsAlive Check HTTP Server Status + * This endpoint returns a HTTP 200 status code when Ory Kratos is accepting incoming HTTP requests. This status does currently not include checks whether the database connection is working. If the service supports TLS Edge Termination, this endpoint does not require the @@ -219,8 +218,8 @@ If the service supports TLS Edge Termination, this endpoint does not require the Be aware that if you are running multiple nodes of this service, the health status will never refer to the cluster state, only to a single instance. - - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - - @return MetadataApiApiIsAliveRequest + * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + * @return MetadataApiApiIsAliveRequest */ func (a *MetadataApiService) IsAlive(ctx context.Context) MetadataApiApiIsAliveRequest { return MetadataApiApiIsAliveRequest{ @@ -327,9 +326,8 @@ func (r MetadataApiApiIsReadyRequest) Execute() (*InlineResponse200, *http.Respo } /* - - IsReady Check HTTP Server and Database Status - - This endpoint returns a HTTP 200 status code when Ory Kratos is up running and the environment dependencies (e.g. - + * IsReady Check HTTP Server and Database Status + * This endpoint returns a HTTP 200 status code when Ory Kratos is up running and the environment dependencies (e.g. the database) are responsive as well. If the service supports TLS Edge Termination, this endpoint does not require the @@ -337,8 +335,8 @@ If the service supports TLS Edge Termination, this endpoint does not require the Be aware that if you are running multiple nodes of Ory Kratos, the health status will never refer to the cluster state, only to a single instance. - - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - - @return MetadataApiApiIsReadyRequest + * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + * @return MetadataApiApiIsReadyRequest */ func (a *MetadataApiService) IsReady(ctx context.Context) MetadataApiApiIsReadyRequest { return MetadataApiApiIsReadyRequest{ diff --git a/internal/httpclient/api_v0alpha2.go b/internal/httpclient/api_v0alpha2.go index 3136bc16a966..4ebe7a218f4e 100644 --- a/internal/httpclient/api_v0alpha2.go +++ b/internal/httpclient/api_v0alpha2.go @@ -29,7 +29,7 @@ var ( type V0alpha2Api interface { /* - * AdminCreateIdentity Create an Identity + * AdminCreateIdentity # Create an Identity * This endpoint creates an identity. Learn how identities work in [Ory Kratos' User And Identity Model Documentation](https://www.ory.sh/docs/next/kratos/concepts/identity-user-model). * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). * @return V0alpha2ApiApiAdminCreateIdentityRequest @@ -43,7 +43,7 @@ type V0alpha2Api interface { AdminCreateIdentityExecute(r V0alpha2ApiApiAdminCreateIdentityRequest) (*Identity, *http.Response, error) /* - * AdminCreateSelfServiceRecoveryLink Create a Recovery Link + * AdminCreateSelfServiceRecoveryLink # Create a Recovery Link * This endpoint creates a recovery link which should be given to the user in order for them to recover (or activate) their account. * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). @@ -58,7 +58,7 @@ type V0alpha2Api interface { AdminCreateSelfServiceRecoveryLinkExecute(r V0alpha2ApiApiAdminCreateSelfServiceRecoveryLinkRequest) (*SelfServiceRecoveryLink, *http.Response, error) /* - * AdminDeleteIdentity Delete an Identity + * AdminDeleteIdentity # Delete an Identity * Calling this endpoint irrecoverably and permanently deletes the identity given its ID. This action can not be undone. This endpoint returns 204 when the identity was deleted or when the identity was not found, in which case it is assumed that is has been deleted already. @@ -107,7 +107,7 @@ type V0alpha2Api interface { AdminExtendSessionExecute(r V0alpha2ApiApiAdminExtendSessionRequest) (*Session, *http.Response, error) /* - * AdminGetIdentity Get an Identity + * AdminGetIdentity # Get an Identity * Learn how identities work in [Ory Kratos' User And Identity Model Documentation](https://www.ory.sh/docs/next/kratos/concepts/identity-user-model). * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). * @param id ID must be set to the ID of identity you want to get @@ -122,7 +122,7 @@ type V0alpha2Api interface { AdminGetIdentityExecute(r V0alpha2ApiApiAdminGetIdentityRequest) (*Identity, *http.Response, error) /* - * AdminListIdentities List Identities + * AdminListIdentities # List Identities * Lists all identities. Does not support search at the moment. Learn how identities work in [Ory Kratos' User And Identity Model Documentation](https://www.ory.sh/docs/next/kratos/concepts/identity-user-model). @@ -172,7 +172,7 @@ type V0alpha2Api interface { AdminPatchIdentityExecute(r V0alpha2ApiApiAdminPatchIdentityRequest) (*Identity, *http.Response, error) /* - * AdminUpdateIdentity Update an Identity + * AdminUpdateIdentity # Update an Identity * This endpoint updates an identity. The full identity payload (except credentials) is expected. This endpoint does not support patching. Learn how identities work in [Ory Kratos' User And Identity Model Documentation](https://www.ory.sh/docs/next/kratos/concepts/identity-user-model). @@ -189,7 +189,7 @@ type V0alpha2Api interface { AdminUpdateIdentityExecute(r V0alpha2ApiApiAdminUpdateIdentityRequest) (*Identity, *http.Response, error) /* - * CreateSelfServiceLogoutFlowUrlForBrowsers Create a Logout URL for Browsers + * CreateSelfServiceLogoutFlowUrlForBrowsers # Create a Logout URL for Browsers * This endpoint initializes a browser-based user logout flow and a URL which can be used to log out the user. This endpoint is NOT INTENDED for API clients and only works @@ -227,7 +227,7 @@ type V0alpha2Api interface { GetIdentitySchemaExecute(r V0alpha2ApiApiGetIdentitySchemaRequest) (map[string]interface{}, *http.Response, error) /* - * GetSelfServiceError Get Self-Service Errors + * GetSelfServiceError # Get Self-Service Errors * This endpoint returns the error associated with a user-facing self service errors. This endpoint supports stub values to help you implement the error UI: @@ -247,7 +247,7 @@ type V0alpha2Api interface { GetSelfServiceErrorExecute(r V0alpha2ApiApiGetSelfServiceErrorRequest) (*SelfServiceError, *http.Response, error) /* - * GetSelfServiceLoginFlow Get Login Flow + * GetSelfServiceLoginFlow # Get Login Flow * This endpoint returns a login flow's context with, for example, error details and other information. Browser flows expect the anti-CSRF cookie to be included in the request's HTTP Cookie Header. @@ -283,7 +283,7 @@ type V0alpha2Api interface { GetSelfServiceLoginFlowExecute(r V0alpha2ApiApiGetSelfServiceLoginFlowRequest) (*SelfServiceLoginFlow, *http.Response, error) /* - * GetSelfServiceRecoveryFlow Get Recovery Flow + * GetSelfServiceRecoveryFlow # Get Recovery Flow * This endpoint returns a recovery flow's context with, for example, error details and other information. Browser flows expect the anti-CSRF cookie to be included in the request's HTTP Cookie Header. @@ -314,7 +314,7 @@ type V0alpha2Api interface { GetSelfServiceRecoveryFlowExecute(r V0alpha2ApiApiGetSelfServiceRecoveryFlowRequest) (*SelfServiceRecoveryFlow, *http.Response, error) /* - * GetSelfServiceRegistrationFlow Get Registration Flow + * GetSelfServiceRegistrationFlow # Get Registration Flow * This endpoint returns a registration flow's context with, for example, error details and other information. Browser flows expect the anti-CSRF cookie to be included in the request's HTTP Cookie Header. @@ -350,7 +350,7 @@ type V0alpha2Api interface { GetSelfServiceRegistrationFlowExecute(r V0alpha2ApiApiGetSelfServiceRegistrationFlowRequest) (*SelfServiceRegistrationFlow, *http.Response, error) /* - * GetSelfServiceSettingsFlow Get Settings Flow + * GetSelfServiceSettingsFlow # Get Settings Flow * When accessing this endpoint through Ory Kratos' Public API you must ensure that either the Ory Kratos Session Cookie or the Ory Kratos Session Token are set. @@ -382,7 +382,7 @@ type V0alpha2Api interface { GetSelfServiceSettingsFlowExecute(r V0alpha2ApiApiGetSelfServiceSettingsFlowRequest) (*SelfServiceSettingsFlow, *http.Response, error) /* - * GetSelfServiceVerificationFlow Get Verification Flow + * GetSelfServiceVerificationFlow # Get Verification Flow * This endpoint returns a verification flow's context with, for example, error details and other information. Browser flows expect the anti-CSRF cookie to be included in the request's HTTP Cookie Header. @@ -412,7 +412,7 @@ type V0alpha2Api interface { GetSelfServiceVerificationFlowExecute(r V0alpha2ApiApiGetSelfServiceVerificationFlowRequest) (*SelfServiceVerificationFlow, *http.Response, error) /* - * GetWebAuthnJavaScript Get WebAuthn JavaScript + * GetWebAuthnJavaScript # Get WebAuthn JavaScript * This endpoint provides JavaScript which is needed in order to perform WebAuthn login and registration. If you are building a JavaScript Browser App (e.g. in ReactJS or AngularJS) you will need to load this file: @@ -434,7 +434,7 @@ type V0alpha2Api interface { GetWebAuthnJavaScriptExecute(r V0alpha2ApiApiGetWebAuthnJavaScriptRequest) (string, *http.Response, error) /* - * InitializeSelfServiceLoginFlowForBrowsers Initialize Login Flow for Browsers + * InitializeSelfServiceLoginFlowForBrowsers # Initialize Login Flow for Browsers * This endpoint initializes a browser-based user login flow. This endpoint will set the appropriate cookies and anti-CSRF measures required for browser-based flows. @@ -499,7 +499,7 @@ type V0alpha2Api interface { InitializeSelfServiceLoginFlowWithoutBrowserExecute(r V0alpha2ApiApiInitializeSelfServiceLoginFlowWithoutBrowserRequest) (*SelfServiceLoginFlow, *http.Response, error) /* - * InitializeSelfServiceRecoveryFlowForBrowsers Initialize Recovery Flow for Browsers + * InitializeSelfServiceRecoveryFlowForBrowsers # Initialize Recovery Flow for Browsers * This endpoint initializes a browser-based account recovery flow. Once initialized, the browser will be redirected to `selfservice.flows.recovery.ui_url` with the flow ID set as the query parameter `?flow=`. If a valid user session exists, the browser is returned to the configured return URL. @@ -548,7 +548,7 @@ type V0alpha2Api interface { InitializeSelfServiceRecoveryFlowWithoutBrowserExecute(r V0alpha2ApiApiInitializeSelfServiceRecoveryFlowWithoutBrowserRequest) (*SelfServiceRecoveryFlow, *http.Response, error) /* - * InitializeSelfServiceRegistrationFlowForBrowsers Initialize Registration Flow for Browsers + * InitializeSelfServiceRegistrationFlowForBrowsers # Initialize Registration Flow for Browsers * This endpoint initializes a browser-based user registration flow. This endpoint will set the appropriate cookies and anti-CSRF measures required for browser-based flows. @@ -618,7 +618,7 @@ type V0alpha2Api interface { InitializeSelfServiceRegistrationFlowWithoutBrowserExecute(r V0alpha2ApiApiInitializeSelfServiceRegistrationFlowWithoutBrowserRequest) (*SelfServiceRegistrationFlow, *http.Response, error) /* - * InitializeSelfServiceSettingsFlowForBrowsers Initialize Settings Flow for Browsers + * InitializeSelfServiceSettingsFlowForBrowsers # Initialize Settings Flow for Browsers * This endpoint initializes a browser-based user settings flow. Once initialized, the browser will be redirected to `selfservice.flows.settings.ui_url` with the flow ID set as the query parameter `?flow=`. If no valid Ory Kratos Session Cookie is included in the request, a login flow will be initialized. @@ -692,7 +692,7 @@ type V0alpha2Api interface { InitializeSelfServiceSettingsFlowWithoutBrowserExecute(r V0alpha2ApiApiInitializeSelfServiceSettingsFlowWithoutBrowserRequest) (*SelfServiceSettingsFlow, *http.Response, error) /* - * InitializeSelfServiceVerificationFlowForBrowsers Initialize Verification Flow for Browser Clients + * InitializeSelfServiceVerificationFlowForBrowsers # Initialize Verification Flow for Browser Clients * This endpoint initializes a browser-based account verification flow. Once initialized, the browser will be redirected to `selfservice.flows.verification.ui_url` with the flow ID set as the query parameter `?flow=`. @@ -799,7 +799,7 @@ type V0alpha2Api interface { RevokeSessionsExecute(r V0alpha2ApiApiRevokeSessionsRequest) (*RevokedSessions, *http.Response, error) /* - * SubmitSelfServiceLoginFlow Submit a Login Flow + * SubmitSelfServiceLoginFlow # Submit a Login Flow * :::info This endpoint is EXPERIMENTAL and subject to potential breaking changes in the future. @@ -845,7 +845,7 @@ type V0alpha2Api interface { SubmitSelfServiceLoginFlowExecute(r V0alpha2ApiApiSubmitSelfServiceLoginFlowRequest) (*SuccessfulSelfServiceLoginWithoutBrowser, *http.Response, error) /* - * SubmitSelfServiceLogoutFlow Complete Self-Service Logout + * SubmitSelfServiceLogoutFlow # Complete Self-Service Logout * This endpoint logs out an identity in a self-service manner. If the `Accept` HTTP header is not set to `application/json`, the browser will be redirected (HTTP 303 See Other) @@ -890,7 +890,7 @@ type V0alpha2Api interface { SubmitSelfServiceLogoutFlowWithoutBrowserExecute(r V0alpha2ApiApiSubmitSelfServiceLogoutFlowWithoutBrowserRequest) (*http.Response, error) /* - * SubmitSelfServiceRecoveryFlow Complete Recovery Flow + * SubmitSelfServiceRecoveryFlow # Complete Recovery Flow * Use this endpoint to complete a recovery flow. This endpoint behaves differently for API and browser flows and has several states: @@ -919,7 +919,7 @@ type V0alpha2Api interface { SubmitSelfServiceRecoveryFlowExecute(r V0alpha2ApiApiSubmitSelfServiceRecoveryFlowRequest) (*SelfServiceRecoveryFlow, *http.Response, error) /* - * SubmitSelfServiceRegistrationFlow Submit a Registration Flow + * SubmitSelfServiceRegistrationFlow # Submit a Registration Flow * Use this endpoint to complete a registration flow by sending an identity's traits and password. This endpoint behaves differently for API and browser flows. @@ -960,7 +960,7 @@ type V0alpha2Api interface { SubmitSelfServiceRegistrationFlowExecute(r V0alpha2ApiApiSubmitSelfServiceRegistrationFlowRequest) (*SuccessfulSelfServiceRegistrationWithoutBrowser, *http.Response, error) /* - * SubmitSelfServiceSettingsFlow Complete Settings Flow + * SubmitSelfServiceSettingsFlow # Complete Settings Flow * Use this endpoint to complete a settings flow by sending an identity's updated password. This endpoint behaves differently for API and browser flows. @@ -1016,7 +1016,7 @@ type V0alpha2Api interface { SubmitSelfServiceSettingsFlowExecute(r V0alpha2ApiApiSubmitSelfServiceSettingsFlowRequest) (*SelfServiceSettingsFlow, *http.Response, error) /* - * SubmitSelfServiceVerificationFlow Complete Verification Flow + * SubmitSelfServiceVerificationFlow # Complete Verification Flow * Use this endpoint to complete a verification flow. This endpoint behaves differently for API and browser flows and has several states: @@ -1045,7 +1045,7 @@ type V0alpha2Api interface { SubmitSelfServiceVerificationFlowExecute(r V0alpha2ApiApiSubmitSelfServiceVerificationFlowRequest) (*SelfServiceVerificationFlow, *http.Response, error) /* - * ToSession Check Who the Current HTTP Session Belongs To + * ToSession # Check Who the Current HTTP Session Belongs To * Uses the HTTP Headers in the GET request to determine (e.g. by using checking the cookies) who is authenticated. Returns a session object in the body or 401 if the credentials are invalid or no credentials were sent. Additionally when the request it successful it adds the user ID to the 'X-Kratos-Authenticated-Identity-Id' header @@ -1126,7 +1126,7 @@ func (r V0alpha2ApiApiAdminCreateIdentityRequest) Execute() (*Identity, *http.Re } /* - * AdminCreateIdentity Create an Identity + * AdminCreateIdentity # Create an Identity * This endpoint creates an identity. Learn how identities work in [Ory Kratos' User And Identity Model Documentation](https://www.ory.sh/docs/next/kratos/concepts/identity-user-model). * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). * @return V0alpha2ApiApiAdminCreateIdentityRequest @@ -1278,12 +1278,11 @@ func (r V0alpha2ApiApiAdminCreateSelfServiceRecoveryLinkRequest) Execute() (*Sel } /* - - AdminCreateSelfServiceRecoveryLink Create a Recovery Link - - This endpoint creates a recovery link which should be given to the user in order for them to recover - + * AdminCreateSelfServiceRecoveryLink # Create a Recovery Link + * This endpoint creates a recovery link which should be given to the user in order for them to recover (or activate) their account. - - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - - @return V0alpha2ApiApiAdminCreateSelfServiceRecoveryLinkRequest + * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + * @return V0alpha2ApiApiAdminCreateSelfServiceRecoveryLinkRequest */ func (a *V0alpha2ApiService) AdminCreateSelfServiceRecoveryLink(ctx context.Context) V0alpha2ApiApiAdminCreateSelfServiceRecoveryLinkRequest { return V0alpha2ApiApiAdminCreateSelfServiceRecoveryLinkRequest{ @@ -1413,16 +1412,15 @@ func (r V0alpha2ApiApiAdminDeleteIdentityRequest) Execute() (*http.Response, err } /* - - AdminDeleteIdentity Delete an Identity - - Calling this endpoint irrecoverably and permanently deletes the identity given its ID. This action can not be undone. - + * AdminDeleteIdentity # Delete an Identity + * Calling this endpoint irrecoverably and permanently deletes the identity given its ID. This action can not be undone. This endpoint returns 204 when the identity was deleted or when the identity was not found, in which case it is assumed that is has been deleted already. Learn how identities work in [Ory Kratos' User And Identity Model Documentation](https://www.ory.sh/docs/next/kratos/concepts/identity-user-model). - - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - - @param id ID is the identity's ID. - - @return V0alpha2ApiApiAdminDeleteIdentityRequest + * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + * @param id ID is the identity's ID. + * @return V0alpha2ApiApiAdminDeleteIdentityRequest */ func (a *V0alpha2ApiService) AdminDeleteIdentity(ctx context.Context, id string) V0alpha2ApiApiAdminDeleteIdentityRequest { return V0alpha2ApiApiAdminDeleteIdentityRequest{ @@ -1545,13 +1543,13 @@ func (r V0alpha2ApiApiAdminDeleteIdentitySessionsRequest) Execute() (*http.Respo } /* - - AdminDeleteIdentitySessions Calling this endpoint irrecoverably and permanently deletes and invalidates all sessions that belong to the given Identity. - - This endpoint is useful for: + * AdminDeleteIdentitySessions Calling this endpoint irrecoverably and permanently deletes and invalidates all sessions that belong to the given Identity. + * This endpoint is useful for: To forcefully logout Identity from all devices and sessions - - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - - @param id ID is the identity's ID. - - @return V0alpha2ApiApiAdminDeleteIdentitySessionsRequest + * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + * @param id ID is the identity's ID. + * @return V0alpha2ApiApiAdminDeleteIdentitySessionsRequest */ func (a *V0alpha2ApiService) AdminDeleteIdentitySessions(ctx context.Context, id string) V0alpha2ApiApiAdminDeleteIdentitySessionsRequest { return V0alpha2ApiApiAdminDeleteIdentitySessionsRequest{ @@ -1848,7 +1846,7 @@ func (r V0alpha2ApiApiAdminGetIdentityRequest) Execute() (*Identity, *http.Respo } /* - * AdminGetIdentity Get an Identity + * AdminGetIdentity # Get an Identity * Learn how identities work in [Ory Kratos' User And Identity Model Documentation](https://www.ory.sh/docs/next/kratos/concepts/identity-user-model). * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). * @param id ID must be set to the ID of identity you want to get @@ -2007,12 +2005,12 @@ func (r V0alpha2ApiApiAdminListIdentitiesRequest) Execute() ([]Identity, *http.R } /* - - AdminListIdentities List Identities - - Lists all identities. Does not support search at the moment. + * AdminListIdentities # List Identities + * Lists all identities. Does not support search at the moment. Learn how identities work in [Ory Kratos' User And Identity Model Documentation](https://www.ory.sh/docs/next/kratos/concepts/identity-user-model). - - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - - @return V0alpha2ApiApiAdminListIdentitiesRequest + * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + * @return V0alpha2ApiApiAdminListIdentitiesRequest */ func (a *V0alpha2ApiService) AdminListIdentities(ctx context.Context) V0alpha2ApiApiAdminListIdentitiesRequest { return V0alpha2ApiApiAdminListIdentitiesRequest{ @@ -2156,13 +2154,13 @@ func (r V0alpha2ApiApiAdminListIdentitySessionsRequest) Execute() ([]Session, *h } /* - - AdminListIdentitySessions This endpoint returns all sessions that belong to the given Identity. - - This endpoint is useful for: + * AdminListIdentitySessions This endpoint returns all sessions that belong to the given Identity. + * This endpoint is useful for: Listing all sessions that belong to an Identity in an administrative context. - - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - - @param id ID is the identity's ID. - - @return V0alpha2ApiApiAdminListIdentitySessionsRequest + * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + * @param id ID is the identity's ID. + * @return V0alpha2ApiApiAdminListIdentitySessionsRequest */ func (a *V0alpha2ApiService) AdminListIdentitySessions(ctx context.Context, id string) V0alpha2ApiApiAdminListIdentitySessionsRequest { return V0alpha2ApiApiAdminListIdentitySessionsRequest{ @@ -2331,13 +2329,13 @@ func (r V0alpha2ApiApiAdminPatchIdentityRequest) Execute() (*Identity, *http.Res } /* - - AdminPatchIdentity Partially updates an Identity's field using [JSON Patch](https://jsonpatch.com/) - - NOTE: The fields `id`, `stateChangedAt` and `credentials` are not updateable. + * AdminPatchIdentity Partially updates an Identity's field using [JSON Patch](https://jsonpatch.com/) + * NOTE: The fields `id`, `stateChangedAt` and `credentials` are not updateable. Learn how identities work in [Ory Kratos' User And Identity Model Documentation](https://www.ory.sh/docs/next/kratos/concepts/identity-user-model). - - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - - @param id ID must be set to the ID of identity you want to update - - @return V0alpha2ApiApiAdminPatchIdentityRequest + * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + * @param id ID must be set to the ID of identity you want to update + * @return V0alpha2ApiApiAdminPatchIdentityRequest */ func (a *V0alpha2ApiService) AdminPatchIdentity(ctx context.Context, id string) V0alpha2ApiApiAdminPatchIdentityRequest { return V0alpha2ApiApiAdminPatchIdentityRequest{ @@ -2499,13 +2497,13 @@ func (r V0alpha2ApiApiAdminUpdateIdentityRequest) Execute() (*Identity, *http.Re } /* - - AdminUpdateIdentity Update an Identity - - This endpoint updates an identity. The full identity payload (except credentials) is expected. This endpoint does not support patching. + * AdminUpdateIdentity # Update an Identity + * This endpoint updates an identity. The full identity payload (except credentials) is expected. This endpoint does not support patching. Learn how identities work in [Ory Kratos' User And Identity Model Documentation](https://www.ory.sh/docs/next/kratos/concepts/identity-user-model). - - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - - @param id ID must be set to the ID of identity you want to update - - @return V0alpha2ApiApiAdminUpdateIdentityRequest + * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + * @param id ID must be set to the ID of identity you want to update + * @return V0alpha2ApiApiAdminUpdateIdentityRequest */ func (a *V0alpha2ApiService) AdminUpdateIdentity(ctx context.Context, id string) V0alpha2ApiApiAdminUpdateIdentityRequest { return V0alpha2ApiApiAdminUpdateIdentityRequest{ @@ -2666,8 +2664,8 @@ func (r V0alpha2ApiApiCreateSelfServiceLogoutFlowUrlForBrowsersRequest) Execute( } /* - - CreateSelfServiceLogoutFlowUrlForBrowsers Create a Logout URL for Browsers - - This endpoint initializes a browser-based user logout flow and a URL which can be used to log out the user. + * CreateSelfServiceLogoutFlowUrlForBrowsers # Create a Logout URL for Browsers + * This endpoint initializes a browser-based user logout flow and a URL which can be used to log out the user. This endpoint is NOT INTENDED for API clients and only works with browsers (Chrome, Firefox, ...). For API clients you can @@ -2677,8 +2675,8 @@ The URL is only valid for the currently signed in user. If no user is signed in, a 401 error. When calling this endpoint from a backend, please ensure to properly forward the HTTP cookies. - - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - - @return V0alpha2ApiApiCreateSelfServiceLogoutFlowUrlForBrowsersRequest + * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + * @return V0alpha2ApiApiCreateSelfServiceLogoutFlowUrlForBrowsersRequest */ func (a *V0alpha2ApiService) CreateSelfServiceLogoutFlowUrlForBrowsers(ctx context.Context) V0alpha2ApiApiCreateSelfServiceLogoutFlowUrlForBrowsersRequest { return V0alpha2ApiApiCreateSelfServiceLogoutFlowUrlForBrowsersRequest{ @@ -2928,16 +2926,16 @@ func (r V0alpha2ApiApiGetSelfServiceErrorRequest) Execute() (*SelfServiceError, } /* - - GetSelfServiceError Get Self-Service Errors - - This endpoint returns the error associated with a user-facing self service errors. + * GetSelfServiceError # Get Self-Service Errors + * This endpoint returns the error associated with a user-facing self service errors. This endpoint supports stub values to help you implement the error UI: `?id=stub:500` - returns a stub 500 (Internal Server Error) error. More information can be found at [Ory Kratos User User Facing Error Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-facing-errors). - - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - - @return V0alpha2ApiApiGetSelfServiceErrorRequest + * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + * @return V0alpha2ApiApiGetSelfServiceErrorRequest */ func (a *V0alpha2ApiService) GetSelfServiceError(ctx context.Context) V0alpha2ApiApiGetSelfServiceErrorRequest { return V0alpha2ApiApiGetSelfServiceErrorRequest{ @@ -3079,8 +3077,8 @@ func (r V0alpha2ApiApiGetSelfServiceLoginFlowRequest) Execute() (*SelfServiceLog } /* - - GetSelfServiceLoginFlow Get Login Flow - - This endpoint returns a login flow's context with, for example, error details and other information. + * GetSelfServiceLoginFlow # Get Login Flow + * This endpoint returns a login flow's context with, for example, error details and other information. Browser flows expect the anti-CSRF cookie to be included in the request's HTTP Cookie Header. For AJAX requests you must ensure that cookies are included in the request or requests will fail. @@ -3103,8 +3101,8 @@ This request may fail due to several reasons. The `error.id` can be one of: `self_service_flow_expired`: The flow is expired and you should request a new one. More information can be found at [Ory Kratos User Login](https://www.ory.sh/docs/kratos/self-service/flows/user-login) and [User Registration Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-registration). - - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - - @return V0alpha2ApiApiGetSelfServiceLoginFlowRequest + * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + * @return V0alpha2ApiApiGetSelfServiceLoginFlowRequest */ func (a *V0alpha2ApiService) GetSelfServiceLoginFlow(ctx context.Context) V0alpha2ApiApiGetSelfServiceLoginFlowRequest { return V0alpha2ApiApiGetSelfServiceLoginFlowRequest{ @@ -3259,8 +3257,8 @@ func (r V0alpha2ApiApiGetSelfServiceRecoveryFlowRequest) Execute() (*SelfService } /* - - GetSelfServiceRecoveryFlow Get Recovery Flow - - This endpoint returns a recovery flow's context with, for example, error details and other information. + * GetSelfServiceRecoveryFlow # Get Recovery Flow + * This endpoint returns a recovery flow's context with, for example, error details and other information. Browser flows expect the anti-CSRF cookie to be included in the request's HTTP Cookie Header. For AJAX requests you must ensure that cookies are included in the request or requests will fail. @@ -3278,8 +3276,8 @@ res.render('recovery', flow) ``` More information can be found at [Ory Kratos Account Recovery Documentation](../self-service/flows/account-recovery). - - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - - @return V0alpha2ApiApiGetSelfServiceRecoveryFlowRequest + * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + * @return V0alpha2ApiApiGetSelfServiceRecoveryFlowRequest */ func (a *V0alpha2ApiService) GetSelfServiceRecoveryFlow(ctx context.Context) V0alpha2ApiApiGetSelfServiceRecoveryFlowRequest { return V0alpha2ApiApiGetSelfServiceRecoveryFlowRequest{ @@ -3424,8 +3422,8 @@ func (r V0alpha2ApiApiGetSelfServiceRegistrationFlowRequest) Execute() (*SelfSer } /* - - GetSelfServiceRegistrationFlow Get Registration Flow - - This endpoint returns a registration flow's context with, for example, error details and other information. + * GetSelfServiceRegistrationFlow # Get Registration Flow + * This endpoint returns a registration flow's context with, for example, error details and other information. Browser flows expect the anti-CSRF cookie to be included in the request's HTTP Cookie Header. For AJAX requests you must ensure that cookies are included in the request or requests will fail. @@ -3448,8 +3446,8 @@ This request may fail due to several reasons. The `error.id` can be one of: `self_service_flow_expired`: The flow is expired and you should request a new one. More information can be found at [Ory Kratos User Login](https://www.ory.sh/docs/kratos/self-service/flows/user-login) and [User Registration Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-registration). - - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - - @return V0alpha2ApiApiGetSelfServiceRegistrationFlowRequest + * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + * @return V0alpha2ApiApiGetSelfServiceRegistrationFlowRequest */ func (a *V0alpha2ApiService) GetSelfServiceRegistrationFlow(ctx context.Context) V0alpha2ApiApiGetSelfServiceRegistrationFlowRequest { return V0alpha2ApiApiGetSelfServiceRegistrationFlowRequest{ @@ -3609,9 +3607,8 @@ func (r V0alpha2ApiApiGetSelfServiceSettingsFlowRequest) Execute() (*SelfService } /* - - GetSelfServiceSettingsFlow Get Settings Flow - - When accessing this endpoint through Ory Kratos' Public API you must ensure that either the Ory Kratos Session Cookie - + * GetSelfServiceSettingsFlow # Get Settings Flow + * When accessing this endpoint through Ory Kratos' Public API you must ensure that either the Ory Kratos Session Cookie or the Ory Kratos Session Token are set. Depending on your configuration this endpoint might return a 403 error if the session has a lower Authenticator @@ -3630,8 +3627,8 @@ case of an error, the `error.id` of the JSON response body can be one of: identity logged in instead. More information can be found at [Ory Kratos User Settings & Profile Management Documentation](../self-service/flows/user-settings). - - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - - @return V0alpha2ApiApiGetSelfServiceSettingsFlowRequest + * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + * @return V0alpha2ApiApiGetSelfServiceSettingsFlowRequest */ func (a *V0alpha2ApiService) GetSelfServiceSettingsFlow(ctx context.Context) V0alpha2ApiApiGetSelfServiceSettingsFlowRequest { return V0alpha2ApiApiGetSelfServiceSettingsFlowRequest{ @@ -3799,8 +3796,8 @@ func (r V0alpha2ApiApiGetSelfServiceVerificationFlowRequest) Execute() (*SelfSer } /* - - GetSelfServiceVerificationFlow Get Verification Flow - - This endpoint returns a verification flow's context with, for example, error details and other information. + * GetSelfServiceVerificationFlow # Get Verification Flow + * This endpoint returns a verification flow's context with, for example, error details and other information. Browser flows expect the anti-CSRF cookie to be included in the request's HTTP Cookie Header. For AJAX requests you must ensure that cookies are included in the request or requests will fail. @@ -3817,8 +3814,8 @@ res.render('verification', flow) }) More information can be found at [Ory Kratos Email and Phone Verification Documentation](https://www.ory.sh/docs/kratos/selfservice/flows/verify-email-account-activation). - - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - - @return V0alpha2ApiApiGetSelfServiceVerificationFlowRequest + * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + * @return V0alpha2ApiApiGetSelfServiceVerificationFlowRequest */ func (a *V0alpha2ApiService) GetSelfServiceVerificationFlow(ctx context.Context) V0alpha2ApiApiGetSelfServiceVerificationFlowRequest { return V0alpha2ApiApiGetSelfServiceVerificationFlowRequest{ @@ -3952,8 +3949,8 @@ func (r V0alpha2ApiApiGetWebAuthnJavaScriptRequest) Execute() (string, *http.Res } /* - - GetWebAuthnJavaScript Get WebAuthn JavaScript - - This endpoint provides JavaScript which is needed in order to perform WebAuthn login and registration. + * GetWebAuthnJavaScript # Get WebAuthn JavaScript + * This endpoint provides JavaScript which is needed in order to perform WebAuthn login and registration. If you are building a JavaScript Browser App (e.g. in ReactJS or AngularJS) you will need to load this file: @@ -3962,8 +3959,8 @@ If you are building a JavaScript Browser App (e.g. in ReactJS or AngularJS) you ``` More information can be found at [Ory Kratos User Login](https://www.ory.sh/docs/kratos/self-service/flows/user-login) and [User Registration Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-registration). - - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - - @return V0alpha2ApiApiGetWebAuthnJavaScriptRequest + * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + * @return V0alpha2ApiApiGetWebAuthnJavaScriptRequest */ func (a *V0alpha2ApiService) GetWebAuthnJavaScript(ctx context.Context) V0alpha2ApiApiGetWebAuthnJavaScriptRequest { return V0alpha2ApiApiGetWebAuthnJavaScriptRequest{ @@ -4082,9 +4079,8 @@ func (r V0alpha2ApiApiInitializeSelfServiceLoginFlowForBrowsersRequest) Execute( } /* - - InitializeSelfServiceLoginFlowForBrowsers Initialize Login Flow for Browsers - - This endpoint initializes a browser-based user login flow. This endpoint will set the appropriate - + * InitializeSelfServiceLoginFlowForBrowsers # Initialize Login Flow for Browsers + * This endpoint initializes a browser-based user login flow. This endpoint will set the appropriate cookies and anti-CSRF measures required for browser-based flows. If this endpoint is opened as a link in the browser, it will be redirected to @@ -4103,8 +4099,8 @@ case of an error, the `error.id` of the JSON response body can be one of: This endpoint is NOT INTENDED for clients that do not have a browser (Chrome, Firefox, ...) as cookies are needed. More information can be found at [Ory Kratos User Login](https://www.ory.sh/docs/kratos/self-service/flows/user-login) and [User Registration Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-registration). - - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - - @return V0alpha2ApiApiInitializeSelfServiceLoginFlowForBrowsersRequest + * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + * @return V0alpha2ApiApiInitializeSelfServiceLoginFlowForBrowsersRequest */ func (a *V0alpha2ApiService) InitializeSelfServiceLoginFlowForBrowsers(ctx context.Context) V0alpha2ApiApiInitializeSelfServiceLoginFlowForBrowsersRequest { return V0alpha2ApiApiInitializeSelfServiceLoginFlowForBrowsersRequest{ @@ -4249,8 +4245,8 @@ func (r V0alpha2ApiApiInitializeSelfServiceLoginFlowWithoutBrowserRequest) Execu } /* - - InitializeSelfServiceLoginFlowWithoutBrowser Initialize Login Flow for APIs, Services, Apps, ... - - This endpoint initiates a login flow for API clients that do not use a browser, such as mobile devices, smart TVs, and so on. + * InitializeSelfServiceLoginFlowWithoutBrowser Initialize Login Flow for APIs, Services, Apps, ... + * This endpoint initiates a login flow for API clients that do not use a browser, such as mobile devices, smart TVs, and so on. If a valid provided session cookie or session token is provided, a 400 Bad Request error will be returned unless the URL query parameter `?refresh=true` is set. @@ -4270,8 +4266,8 @@ In the case of an error, the `error.id` of the JSON response body can be one of: This endpoint MUST ONLY be used in scenarios such as native mobile apps (React Native, Objective C, Swift, Java, ...). More information can be found at [Ory Kratos User Login](https://www.ory.sh/docs/kratos/self-service/flows/user-login) and [User Registration Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-registration). - - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - - @return V0alpha2ApiApiInitializeSelfServiceLoginFlowWithoutBrowserRequest + * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + * @return V0alpha2ApiApiInitializeSelfServiceLoginFlowWithoutBrowserRequest */ func (a *V0alpha2ApiService) InitializeSelfServiceLoginFlowWithoutBrowser(ctx context.Context) V0alpha2ApiApiInitializeSelfServiceLoginFlowWithoutBrowserRequest { return V0alpha2ApiApiInitializeSelfServiceLoginFlowWithoutBrowserRequest{ @@ -4403,9 +4399,8 @@ func (r V0alpha2ApiApiInitializeSelfServiceRecoveryFlowForBrowsersRequest) Execu } /* - - InitializeSelfServiceRecoveryFlowForBrowsers Initialize Recovery Flow for Browsers - - This endpoint initializes a browser-based account recovery flow. Once initialized, the browser will be redirected to - + * InitializeSelfServiceRecoveryFlowForBrowsers # Initialize Recovery Flow for Browsers + * This endpoint initializes a browser-based account recovery flow. Once initialized, the browser will be redirected to `selfservice.flows.recovery.ui_url` with the flow ID set as the query parameter `?flow=`. If a valid user session exists, the browser is returned to the configured return URL. @@ -4415,8 +4410,8 @@ or a 400 bad request error if the user is already authenticated. This endpoint is NOT INTENDED for clients that do not have a browser (Chrome, Firefox, ...) as cookies are needed. More information can be found at [Ory Kratos Account Recovery Documentation](../self-service/flows/account-recovery). - - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - - @return V0alpha2ApiApiInitializeSelfServiceRecoveryFlowForBrowsersRequest + * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + * @return V0alpha2ApiApiInitializeSelfServiceRecoveryFlowForBrowsersRequest */ func (a *V0alpha2ApiService) InitializeSelfServiceRecoveryFlowForBrowsers(ctx context.Context) V0alpha2ApiApiInitializeSelfServiceRecoveryFlowForBrowsersRequest { return V0alpha2ApiApiInitializeSelfServiceRecoveryFlowForBrowsersRequest{ @@ -4536,8 +4531,8 @@ func (r V0alpha2ApiApiInitializeSelfServiceRecoveryFlowWithoutBrowserRequest) Ex } /* - - InitializeSelfServiceRecoveryFlowWithoutBrowser Initialize Recovery Flow for APIs, Services, Apps, ... - - This endpoint initiates a recovery flow for API clients such as mobile devices, smart TVs, and so on. + * InitializeSelfServiceRecoveryFlowWithoutBrowser Initialize Recovery Flow for APIs, Services, Apps, ... + * This endpoint initiates a recovery flow for API clients such as mobile devices, smart TVs, and so on. If a valid provided session cookie or session token is provided, a 400 Bad Request error. @@ -4550,8 +4545,8 @@ you vulnerable to a variety of CSRF attacks. This endpoint MUST ONLY be used in scenarios such as native mobile apps (React Native, Objective C, Swift, Java, ...). More information can be found at [Ory Kratos Account Recovery Documentation](../self-service/flows/account-recovery). - - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - - @return V0alpha2ApiApiInitializeSelfServiceRecoveryFlowWithoutBrowserRequest + * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + * @return V0alpha2ApiApiInitializeSelfServiceRecoveryFlowWithoutBrowserRequest */ func (a *V0alpha2ApiService) InitializeSelfServiceRecoveryFlowWithoutBrowser(ctx context.Context) V0alpha2ApiApiInitializeSelfServiceRecoveryFlowWithoutBrowserRequest { return V0alpha2ApiApiInitializeSelfServiceRecoveryFlowWithoutBrowserRequest{ @@ -4674,9 +4669,8 @@ func (r V0alpha2ApiApiInitializeSelfServiceRegistrationFlowForBrowsersRequest) E } /* - - InitializeSelfServiceRegistrationFlowForBrowsers Initialize Registration Flow for Browsers - - This endpoint initializes a browser-based user registration flow. This endpoint will set the appropriate - + * InitializeSelfServiceRegistrationFlowForBrowsers # Initialize Registration Flow for Browsers + * This endpoint initializes a browser-based user registration flow. This endpoint will set the appropriate cookies and anti-CSRF measures required for browser-based flows. :::info @@ -4701,8 +4695,8 @@ If this endpoint is called via an AJAX request, the response contains the regist This endpoint is NOT INTENDED for clients that do not have a browser (Chrome, Firefox, ...) as cookies are needed. More information can be found at [Ory Kratos User Login](https://www.ory.sh/docs/kratos/self-service/flows/user-login) and [User Registration Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-registration). - - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - - @return V0alpha2ApiApiInitializeSelfServiceRegistrationFlowForBrowsersRequest + * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + * @return V0alpha2ApiApiInitializeSelfServiceRegistrationFlowForBrowsersRequest */ func (a *V0alpha2ApiService) InitializeSelfServiceRegistrationFlowForBrowsers(ctx context.Context) V0alpha2ApiApiInitializeSelfServiceRegistrationFlowForBrowsersRequest { return V0alpha2ApiApiInitializeSelfServiceRegistrationFlowForBrowsersRequest{ @@ -4812,8 +4806,8 @@ func (r V0alpha2ApiApiInitializeSelfServiceRegistrationFlowWithoutBrowserRequest } /* - - InitializeSelfServiceRegistrationFlowWithoutBrowser Initialize Registration Flow for APIs, Services, Apps, ... - - This endpoint initiates a registration flow for API clients such as mobile devices, smart TVs, and so on. + * InitializeSelfServiceRegistrationFlowWithoutBrowser Initialize Registration Flow for APIs, Services, Apps, ... + * This endpoint initiates a registration flow for API clients such as mobile devices, smart TVs, and so on. If a valid provided session cookie or session token is provided, a 400 Bad Request error will be returned unless the URL query parameter `?refresh=true` is set. @@ -4832,8 +4826,8 @@ In the case of an error, the `error.id` of the JSON response body can be one of: This endpoint MUST ONLY be used in scenarios such as native mobile apps (React Native, Objective C, Swift, Java, ...). More information can be found at [Ory Kratos User Login](https://www.ory.sh/docs/kratos/self-service/flows/user-login) and [User Registration Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-registration). - - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - - @return V0alpha2ApiApiInitializeSelfServiceRegistrationFlowWithoutBrowserRequest + * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + * @return V0alpha2ApiApiInitializeSelfServiceRegistrationFlowWithoutBrowserRequest */ func (a *V0alpha2ApiService) InitializeSelfServiceRegistrationFlowWithoutBrowser(ctx context.Context) V0alpha2ApiApiInitializeSelfServiceRegistrationFlowWithoutBrowserRequest { return V0alpha2ApiApiInitializeSelfServiceRegistrationFlowWithoutBrowserRequest{ @@ -4961,9 +4955,8 @@ func (r V0alpha2ApiApiInitializeSelfServiceSettingsFlowForBrowsersRequest) Execu } /* - - InitializeSelfServiceSettingsFlowForBrowsers Initialize Settings Flow for Browsers - - This endpoint initializes a browser-based user settings flow. Once initialized, the browser will be redirected to - + * InitializeSelfServiceSettingsFlowForBrowsers # Initialize Settings Flow for Browsers + * This endpoint initializes a browser-based user settings flow. Once initialized, the browser will be redirected to `selfservice.flows.settings.ui_url` with the flow ID set as the query parameter `?flow=`. If no valid Ory Kratos Session Cookie is included in the request, a login flow will be initialized. @@ -4989,8 +4982,8 @@ case of an error, the `error.id` of the JSON response body can be one of: This endpoint is NOT INTENDED for clients that do not have a browser (Chrome, Firefox, ...) as cookies are needed. More information can be found at [Ory Kratos User Settings & Profile Management Documentation](../self-service/flows/user-settings). - - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - - @return V0alpha2ApiApiInitializeSelfServiceSettingsFlowForBrowsersRequest + * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + * @return V0alpha2ApiApiInitializeSelfServiceSettingsFlowForBrowsersRequest */ func (a *V0alpha2ApiService) InitializeSelfServiceSettingsFlowForBrowsers(ctx context.Context) V0alpha2ApiApiInitializeSelfServiceSettingsFlowForBrowsersRequest { return V0alpha2ApiApiInitializeSelfServiceSettingsFlowForBrowsersRequest{ @@ -5139,9 +5132,8 @@ func (r V0alpha2ApiApiInitializeSelfServiceSettingsFlowWithoutBrowserRequest) Ex } /* - - InitializeSelfServiceSettingsFlowWithoutBrowser Initialize Settings Flow for APIs, Services, Apps, ... - - This endpoint initiates a settings flow for API clients such as mobile devices, smart TVs, and so on. - + * InitializeSelfServiceSettingsFlowWithoutBrowser Initialize Settings Flow for APIs, Services, Apps, ... + * This endpoint initiates a settings flow for API clients such as mobile devices, smart TVs, and so on. You must provide a valid Ory Kratos Session Token for this endpoint to respond with HTTP 200 OK. To fetch an existing settings flow call `/self-service/settings/flows?flow=`. @@ -5163,8 +5155,8 @@ In the case of an error, the `error.id` of the JSON response body can be one of: This endpoint MUST ONLY be used in scenarios such as native mobile apps (React Native, Objective C, Swift, Java, ...). More information can be found at [Ory Kratos User Settings & Profile Management Documentation](../self-service/flows/user-settings). - - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - - @return V0alpha2ApiApiInitializeSelfServiceSettingsFlowWithoutBrowserRequest + * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + * @return V0alpha2ApiApiInitializeSelfServiceSettingsFlowWithoutBrowserRequest */ func (a *V0alpha2ApiService) InitializeSelfServiceSettingsFlowWithoutBrowser(ctx context.Context) V0alpha2ApiApiInitializeSelfServiceSettingsFlowWithoutBrowserRequest { return V0alpha2ApiApiInitializeSelfServiceSettingsFlowWithoutBrowserRequest{ @@ -5290,9 +5282,8 @@ func (r V0alpha2ApiApiInitializeSelfServiceVerificationFlowForBrowsersRequest) E } /* - - InitializeSelfServiceVerificationFlowForBrowsers Initialize Verification Flow for Browser Clients - - This endpoint initializes a browser-based account verification flow. Once initialized, the browser will be redirected to - + * InitializeSelfServiceVerificationFlowForBrowsers # Initialize Verification Flow for Browser Clients + * This endpoint initializes a browser-based account verification flow. Once initialized, the browser will be redirected to `selfservice.flows.verification.ui_url` with the flow ID set as the query parameter `?flow=`. If this endpoint is called via an AJAX request, the response contains the recovery flow without any redirects. @@ -5300,8 +5291,8 @@ If this endpoint is called via an AJAX request, the response contains the recove This endpoint is NOT INTENDED for API clients and only works with browsers (Chrome, Firefox, ...). More information can be found at [Ory Kratos Email and Phone Verification Documentation](https://www.ory.sh/docs/kratos/selfservice/flows/verify-email-account-activation). - - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - - @return V0alpha2ApiApiInitializeSelfServiceVerificationFlowForBrowsersRequest + * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + * @return V0alpha2ApiApiInitializeSelfServiceVerificationFlowForBrowsersRequest */ func (a *V0alpha2ApiService) InitializeSelfServiceVerificationFlowForBrowsers(ctx context.Context) V0alpha2ApiApiInitializeSelfServiceVerificationFlowForBrowsersRequest { return V0alpha2ApiApiInitializeSelfServiceVerificationFlowForBrowsersRequest{ @@ -5411,8 +5402,8 @@ func (r V0alpha2ApiApiInitializeSelfServiceVerificationFlowWithoutBrowserRequest } /* - - InitializeSelfServiceVerificationFlowWithoutBrowser Initialize Verification Flow for APIs, Services, Apps, ... - - This endpoint initiates a verification flow for API clients such as mobile devices, smart TVs, and so on. + * InitializeSelfServiceVerificationFlowWithoutBrowser Initialize Verification Flow for APIs, Services, Apps, ... + * This endpoint initiates a verification flow for API clients such as mobile devices, smart TVs, and so on. To fetch an existing verification flow call `/self-service/verification/flows?flow=`. @@ -5423,8 +5414,8 @@ you vulnerable to a variety of CSRF attacks. This endpoint MUST ONLY be used in scenarios such as native mobile apps (React Native, Objective C, Swift, Java, ...). More information can be found at [Ory Kratos Email and Phone Verification Documentation](https://www.ory.sh/docs/kratos/self-service/flows/verify-email-account-activation). - - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - - @return V0alpha2ApiApiInitializeSelfServiceVerificationFlowWithoutBrowserRequest + * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + * @return V0alpha2ApiApiInitializeSelfServiceVerificationFlowWithoutBrowserRequest */ func (a *V0alpha2ApiService) InitializeSelfServiceVerificationFlowWithoutBrowser(ctx context.Context) V0alpha2ApiApiInitializeSelfServiceVerificationFlowWithoutBrowserRequest { return V0alpha2ApiApiInitializeSelfServiceVerificationFlowWithoutBrowserRequest{ @@ -5689,12 +5680,12 @@ func (r V0alpha2ApiApiListSessionsRequest) Execute() ([]Session, *http.Response, } /* - - ListSessions This endpoints returns all other active sessions that belong to the logged-in user. The current session can be retrieved by calling the `/sessions/whoami` endpoint. - - This endpoint is useful for: + * ListSessions This endpoints returns all other active sessions that belong to the logged-in user. The current session can be retrieved by calling the `/sessions/whoami` endpoint. + * This endpoint is useful for: Displaying all other sessions that belong to the logged-in user - - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - - @return V0alpha2ApiApiListSessionsRequest + * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + * @return V0alpha2ApiApiListSessionsRequest */ func (a *V0alpha2ApiService) ListSessions(ctx context.Context) V0alpha2ApiApiListSessionsRequest { return V0alpha2ApiApiListSessionsRequest{ @@ -5844,13 +5835,13 @@ func (r V0alpha2ApiApiRevokeSessionRequest) Execute() (*http.Response, error) { } /* - - RevokeSession Calling this endpoint invalidates the specified session. The current session cannot be revoked. Session data are not deleted. - - This endpoint is useful for: + * RevokeSession Calling this endpoint invalidates the specified session. The current session cannot be revoked. Session data are not deleted. + * This endpoint is useful for: To forcefully logout the current user from another device or session - - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - - @param id ID is the session's ID. - - @return V0alpha2ApiApiRevokeSessionRequest + * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + * @param id ID is the session's ID. + * @return V0alpha2ApiApiRevokeSessionRequest */ func (a *V0alpha2ApiService) RevokeSession(ctx context.Context, id string) V0alpha2ApiApiRevokeSessionRequest { return V0alpha2ApiApiRevokeSessionRequest{ @@ -5979,12 +5970,12 @@ func (r V0alpha2ApiApiRevokeSessionsRequest) Execute() (*RevokedSessions, *http. } /* - - RevokeSessions Calling this endpoint invalidates all except the current session that belong to the logged-in user. Session data are not deleted. - - This endpoint is useful for: + * RevokeSessions Calling this endpoint invalidates all except the current session that belong to the logged-in user. Session data are not deleted. + * This endpoint is useful for: To forcefully logout the current user from all other devices and sessions - - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - - @return V0alpha2ApiApiRevokeSessionsRequest + * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + * @return V0alpha2ApiApiRevokeSessionsRequest */ func (a *V0alpha2ApiService) RevokeSessions(ctx context.Context) V0alpha2ApiApiRevokeSessionsRequest { return V0alpha2ApiApiRevokeSessionsRequest{ @@ -6148,8 +6139,8 @@ func (r V0alpha2ApiApiSubmitSelfServiceLoginFlowRequest) Execute() (*SuccessfulS } /* - - SubmitSelfServiceLoginFlow Submit a Login Flow - - :::info + * SubmitSelfServiceLoginFlow # Submit a Login Flow + * :::info This endpoint is EXPERIMENTAL and subject to potential breaking changes in the future. @@ -6182,8 +6173,8 @@ case of an error, the `error.id` of the JSON response body can be one of: Most likely used in Social Sign In flows. More information can be found at [Ory Kratos User Login](https://www.ory.sh/docs/kratos/self-service/flows/user-login) and [User Registration Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-registration). - - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - - @return V0alpha2ApiApiSubmitSelfServiceLoginFlowRequest + * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + * @return V0alpha2ApiApiSubmitSelfServiceLoginFlowRequest */ func (a *V0alpha2ApiService) SubmitSelfServiceLoginFlow(ctx context.Context) V0alpha2ApiApiSubmitSelfServiceLoginFlowRequest { return V0alpha2ApiApiSubmitSelfServiceLoginFlowRequest{ @@ -6346,8 +6337,8 @@ func (r V0alpha2ApiApiSubmitSelfServiceLogoutFlowRequest) Execute() (*http.Respo } /* - - SubmitSelfServiceLogoutFlow Complete Self-Service Logout - - This endpoint logs out an identity in a self-service manner. + * SubmitSelfServiceLogoutFlow # Complete Self-Service Logout + * This endpoint logs out an identity in a self-service manner. If the `Accept` HTTP header is not set to `application/json`, the browser will be redirected (HTTP 303 See Other) to the `return_to` parameter of the initial request or fall back to `urls.default_return_to`. @@ -6360,8 +6351,8 @@ with browsers (Chrome, Firefox, ...). For API clients you can call the `/self-service/logout/api` URL directly with the Ory Session Token. More information can be found at [Ory Kratos User Logout Documentation](https://www.ory.sh/docs/next/kratos/self-service/flows/user-logout). - - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - - @return V0alpha2ApiApiSubmitSelfServiceLogoutFlowRequest + * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + * @return V0alpha2ApiApiSubmitSelfServiceLogoutFlowRequest */ func (a *V0alpha2ApiService) SubmitSelfServiceLogoutFlow(ctx context.Context) V0alpha2ApiApiSubmitSelfServiceLogoutFlowRequest { return V0alpha2ApiApiSubmitSelfServiceLogoutFlowRequest{ @@ -6469,9 +6460,8 @@ func (r V0alpha2ApiApiSubmitSelfServiceLogoutFlowWithoutBrowserRequest) Execute( } /* - - SubmitSelfServiceLogoutFlowWithoutBrowser Perform Logout for APIs, Services, Apps, ... - - Use this endpoint to log out an identity using an Ory Session Token. If the Ory Session Token was successfully - + * SubmitSelfServiceLogoutFlowWithoutBrowser Perform Logout for APIs, Services, Apps, ... + * Use this endpoint to log out an identity using an Ory Session Token. If the Ory Session Token was successfully revoked, the server returns a 204 No Content response. A 204 No Content response is also sent when the Ory Session Token has been revoked already before. @@ -6479,8 +6469,8 @@ If the Ory Session Token is malformed or does not exist a 403 Forbidden response This endpoint does not remove any HTTP Cookies - use the Browser-Based Self-Service Logout Flow instead. - - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - - @return V0alpha2ApiApiSubmitSelfServiceLogoutFlowWithoutBrowserRequest + * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + * @return V0alpha2ApiApiSubmitSelfServiceLogoutFlowWithoutBrowserRequest */ func (a *V0alpha2ApiService) SubmitSelfServiceLogoutFlowWithoutBrowser(ctx context.Context) V0alpha2ApiApiSubmitSelfServiceLogoutFlowWithoutBrowserRequest { return V0alpha2ApiApiSubmitSelfServiceLogoutFlowWithoutBrowserRequest{ @@ -6612,9 +6602,8 @@ func (r V0alpha2ApiApiSubmitSelfServiceRecoveryFlowRequest) Execute() (*SelfServ } /* - - SubmitSelfServiceRecoveryFlow Complete Recovery Flow - - Use this endpoint to complete a recovery flow. This endpoint - + * SubmitSelfServiceRecoveryFlow # Complete Recovery Flow + * Use this endpoint to complete a recovery flow. This endpoint behaves differently for API and browser flows and has several states: `choose_method` expects `flow` (in the URL query) and `email` (in the body) to be sent @@ -6630,8 +6619,8 @@ does not have any API capabilities. The server responds with a HTTP 303 See Othe a new Recovery Flow ID which contains an error message that the recovery link was invalid. More information can be found at [Ory Kratos Account Recovery Documentation](../self-service/flows/account-recovery). - - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - - @return V0alpha2ApiApiSubmitSelfServiceRecoveryFlowRequest + * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + * @return V0alpha2ApiApiSubmitSelfServiceRecoveryFlowRequest */ func (a *V0alpha2ApiService) SubmitSelfServiceRecoveryFlow(ctx context.Context) V0alpha2ApiApiSubmitSelfServiceRecoveryFlowRequest { return V0alpha2ApiApiSubmitSelfServiceRecoveryFlowRequest{ @@ -6789,9 +6778,8 @@ func (r V0alpha2ApiApiSubmitSelfServiceRegistrationFlowRequest) Execute() (*Succ } /* - - SubmitSelfServiceRegistrationFlow Submit a Registration Flow - - Use this endpoint to complete a registration flow by sending an identity's traits and password. This endpoint - + * SubmitSelfServiceRegistrationFlow # Submit a Registration Flow + * Use this endpoint to complete a registration flow by sending an identity's traits and password. This endpoint behaves differently for API and browser flows. API flows expect `application/json` to be sent in the body and respond with @@ -6819,8 +6807,8 @@ case of an error, the `error.id` of the JSON response body can be one of: Most likely used in Social Sign In flows. More information can be found at [Ory Kratos User Login](https://www.ory.sh/docs/kratos/self-service/flows/user-login) and [User Registration Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-registration). - - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - - @return V0alpha2ApiApiSubmitSelfServiceRegistrationFlowRequest + * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + * @return V0alpha2ApiApiSubmitSelfServiceRegistrationFlowRequest */ func (a *V0alpha2ApiService) SubmitSelfServiceRegistrationFlow(ctx context.Context) V0alpha2ApiApiSubmitSelfServiceRegistrationFlowRequest { return V0alpha2ApiApiSubmitSelfServiceRegistrationFlowRequest{ @@ -6990,9 +6978,8 @@ func (r V0alpha2ApiApiSubmitSelfServiceSettingsFlowRequest) Execute() (*SelfServ } /* - - SubmitSelfServiceSettingsFlow Complete Settings Flow - - Use this endpoint to complete a settings flow by sending an identity's updated password. This endpoint - + * SubmitSelfServiceSettingsFlow # Complete Settings Flow + * Use this endpoint to complete a settings flow by sending an identity's updated password. This endpoint behaves differently for API and browser flows. API-initiated flows expect `application/json` to be sent in the body and respond with @@ -7035,8 +7022,8 @@ identity logged in instead. Most likely used in Social Sign In flows. More information can be found at [Ory Kratos User Settings & Profile Management Documentation](../self-service/flows/user-settings). - - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - - @return V0alpha2ApiApiSubmitSelfServiceSettingsFlowRequest + * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + * @return V0alpha2ApiApiSubmitSelfServiceSettingsFlowRequest */ func (a *V0alpha2ApiService) SubmitSelfServiceSettingsFlow(ctx context.Context) V0alpha2ApiApiSubmitSelfServiceSettingsFlowRequest { return V0alpha2ApiApiSubmitSelfServiceSettingsFlowRequest{ @@ -7229,9 +7216,8 @@ func (r V0alpha2ApiApiSubmitSelfServiceVerificationFlowRequest) Execute() (*Self } /* - - SubmitSelfServiceVerificationFlow Complete Verification Flow - - Use this endpoint to complete a verification flow. This endpoint - + * SubmitSelfServiceVerificationFlow # Complete Verification Flow + * Use this endpoint to complete a verification flow. This endpoint behaves differently for API and browser flows and has several states: `choose_method` expects `flow` (in the URL query) and `email` (in the body) to be sent @@ -7247,8 +7233,8 @@ does not have any API capabilities. The server responds with a HTTP 303 See Othe a new Verification Flow ID which contains an error message that the verification link was invalid. More information can be found at [Ory Kratos Email and Phone Verification Documentation](https://www.ory.sh/docs/kratos/selfservice/flows/verify-email-account-activation). - - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - - @return V0alpha2ApiApiSubmitSelfServiceVerificationFlowRequest + * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + * @return V0alpha2ApiApiSubmitSelfServiceVerificationFlowRequest */ func (a *V0alpha2ApiService) SubmitSelfServiceVerificationFlow(ctx context.Context) V0alpha2ApiApiSubmitSelfServiceVerificationFlowRequest { return V0alpha2ApiApiSubmitSelfServiceVerificationFlowRequest{ @@ -7401,9 +7387,8 @@ func (r V0alpha2ApiApiToSessionRequest) Execute() (*Session, *http.Response, err } /* - - ToSession Check Who the Current HTTP Session Belongs To - - Uses the HTTP Headers in the GET request to determine (e.g. by using checking the cookies) who is authenticated. - + * ToSession # Check Who the Current HTTP Session Belongs To + * Uses the HTTP Headers in the GET request to determine (e.g. by using checking the cookies) who is authenticated. Returns a session object in the body or 401 if the credentials are invalid or no credentials were sent. Additionally when the request it successful it adds the user ID to the 'X-Kratos-Authenticated-Identity-Id' header in the response. @@ -7452,8 +7437,8 @@ As explained above, this request may fail due to several reasons. The `error.id` `session_inactive`: No active session was found in the request (e.g. no Ory Session Cookie / Ory Session Token). `session_aal2_required`: An active session was found but it does not fulfil the Authenticator Assurance Level, implying that the session must (e.g.) authenticate the second factor. - - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - - @return V0alpha2ApiApiToSessionRequest + * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + * @return V0alpha2ApiApiToSessionRequest */ func (a *V0alpha2ApiService) ToSession(ctx context.Context) V0alpha2ApiApiToSessionRequest { return V0alpha2ApiApiToSessionRequest{ diff --git a/internal/httpclient/docs/V0alpha2Api.md b/internal/httpclient/docs/V0alpha2Api.md index 3d24ab0eb7e6..330f54d9f483 100644 --- a/internal/httpclient/docs/V0alpha2Api.md +++ b/internal/httpclient/docs/V0alpha2Api.md @@ -4,47 +4,47 @@ All URIs are relative to *http://localhost* Method | HTTP request | Description ------------- | ------------- | ------------- -[**AdminCreateIdentity**](V0alpha2Api.md#AdminCreateIdentity) | **Post** /admin/identities | Create an Identity -[**AdminCreateSelfServiceRecoveryLink**](V0alpha2Api.md#AdminCreateSelfServiceRecoveryLink) | **Post** /admin/recovery/link | Create a Recovery Link -[**AdminDeleteIdentity**](V0alpha2Api.md#AdminDeleteIdentity) | **Delete** /admin/identities/{id} | Delete an Identity +[**AdminCreateIdentity**](V0alpha2Api.md#AdminCreateIdentity) | **Post** /admin/identities | # Create an Identity +[**AdminCreateSelfServiceRecoveryLink**](V0alpha2Api.md#AdminCreateSelfServiceRecoveryLink) | **Post** /admin/recovery/link | # Create a Recovery Link +[**AdminDeleteIdentity**](V0alpha2Api.md#AdminDeleteIdentity) | **Delete** /admin/identities/{id} | # Delete an Identity [**AdminDeleteIdentitySessions**](V0alpha2Api.md#AdminDeleteIdentitySessions) | **Delete** /admin/identities/{id}/sessions | Calling this endpoint irrecoverably and permanently deletes and invalidates all sessions that belong to the given Identity. [**AdminExtendSession**](V0alpha2Api.md#AdminExtendSession) | **Patch** /admin/sessions/{id}/extend | Calling this endpoint extends the given session ID. If `session.earliest_possible_extend` is set it will only extend the session after the specified time has passed. -[**AdminGetIdentity**](V0alpha2Api.md#AdminGetIdentity) | **Get** /admin/identities/{id} | Get an Identity -[**AdminListIdentities**](V0alpha2Api.md#AdminListIdentities) | **Get** /admin/identities | List Identities +[**AdminGetIdentity**](V0alpha2Api.md#AdminGetIdentity) | **Get** /admin/identities/{id} | # Get an Identity +[**AdminListIdentities**](V0alpha2Api.md#AdminListIdentities) | **Get** /admin/identities | # List Identities [**AdminListIdentitySessions**](V0alpha2Api.md#AdminListIdentitySessions) | **Get** /admin/identities/{id}/sessions | This endpoint returns all sessions that belong to the given Identity. [**AdminPatchIdentity**](V0alpha2Api.md#AdminPatchIdentity) | **Patch** /admin/identities/{id} | Partially updates an Identity's field using [JSON Patch](https://jsonpatch.com/) -[**AdminUpdateIdentity**](V0alpha2Api.md#AdminUpdateIdentity) | **Put** /admin/identities/{id} | Update an Identity -[**CreateSelfServiceLogoutFlowUrlForBrowsers**](V0alpha2Api.md#CreateSelfServiceLogoutFlowUrlForBrowsers) | **Get** /self-service/logout/browser | Create a Logout URL for Browsers +[**AdminUpdateIdentity**](V0alpha2Api.md#AdminUpdateIdentity) | **Put** /admin/identities/{id} | # Update an Identity +[**CreateSelfServiceLogoutFlowUrlForBrowsers**](V0alpha2Api.md#CreateSelfServiceLogoutFlowUrlForBrowsers) | **Get** /self-service/logout/browser | # Create a Logout URL for Browsers [**GetIdentitySchema**](V0alpha2Api.md#GetIdentitySchema) | **Get** /schemas/{id} | -[**GetSelfServiceError**](V0alpha2Api.md#GetSelfServiceError) | **Get** /self-service/errors | Get Self-Service Errors -[**GetSelfServiceLoginFlow**](V0alpha2Api.md#GetSelfServiceLoginFlow) | **Get** /self-service/login/flows | Get Login Flow -[**GetSelfServiceRecoveryFlow**](V0alpha2Api.md#GetSelfServiceRecoveryFlow) | **Get** /self-service/recovery/flows | Get Recovery Flow -[**GetSelfServiceRegistrationFlow**](V0alpha2Api.md#GetSelfServiceRegistrationFlow) | **Get** /self-service/registration/flows | Get Registration Flow -[**GetSelfServiceSettingsFlow**](V0alpha2Api.md#GetSelfServiceSettingsFlow) | **Get** /self-service/settings/flows | Get Settings Flow -[**GetSelfServiceVerificationFlow**](V0alpha2Api.md#GetSelfServiceVerificationFlow) | **Get** /self-service/verification/flows | Get Verification Flow -[**GetWebAuthnJavaScript**](V0alpha2Api.md#GetWebAuthnJavaScript) | **Get** /.well-known/ory/webauthn.js | Get WebAuthn JavaScript -[**InitializeSelfServiceLoginFlowForBrowsers**](V0alpha2Api.md#InitializeSelfServiceLoginFlowForBrowsers) | **Get** /self-service/login/browser | Initialize Login Flow for Browsers +[**GetSelfServiceError**](V0alpha2Api.md#GetSelfServiceError) | **Get** /self-service/errors | # Get Self-Service Errors +[**GetSelfServiceLoginFlow**](V0alpha2Api.md#GetSelfServiceLoginFlow) | **Get** /self-service/login/flows | # Get Login Flow +[**GetSelfServiceRecoveryFlow**](V0alpha2Api.md#GetSelfServiceRecoveryFlow) | **Get** /self-service/recovery/flows | # Get Recovery Flow +[**GetSelfServiceRegistrationFlow**](V0alpha2Api.md#GetSelfServiceRegistrationFlow) | **Get** /self-service/registration/flows | # Get Registration Flow +[**GetSelfServiceSettingsFlow**](V0alpha2Api.md#GetSelfServiceSettingsFlow) | **Get** /self-service/settings/flows | # Get Settings Flow +[**GetSelfServiceVerificationFlow**](V0alpha2Api.md#GetSelfServiceVerificationFlow) | **Get** /self-service/verification/flows | # Get Verification Flow +[**GetWebAuthnJavaScript**](V0alpha2Api.md#GetWebAuthnJavaScript) | **Get** /.well-known/ory/webauthn.js | # Get WebAuthn JavaScript +[**InitializeSelfServiceLoginFlowForBrowsers**](V0alpha2Api.md#InitializeSelfServiceLoginFlowForBrowsers) | **Get** /self-service/login/browser | # Initialize Login Flow for Browsers [**InitializeSelfServiceLoginFlowWithoutBrowser**](V0alpha2Api.md#InitializeSelfServiceLoginFlowWithoutBrowser) | **Get** /self-service/login/api | Initialize Login Flow for APIs, Services, Apps, ... -[**InitializeSelfServiceRecoveryFlowForBrowsers**](V0alpha2Api.md#InitializeSelfServiceRecoveryFlowForBrowsers) | **Get** /self-service/recovery/browser | Initialize Recovery Flow for Browsers +[**InitializeSelfServiceRecoveryFlowForBrowsers**](V0alpha2Api.md#InitializeSelfServiceRecoveryFlowForBrowsers) | **Get** /self-service/recovery/browser | # Initialize Recovery Flow for Browsers [**InitializeSelfServiceRecoveryFlowWithoutBrowser**](V0alpha2Api.md#InitializeSelfServiceRecoveryFlowWithoutBrowser) | **Get** /self-service/recovery/api | Initialize Recovery Flow for APIs, Services, Apps, ... -[**InitializeSelfServiceRegistrationFlowForBrowsers**](V0alpha2Api.md#InitializeSelfServiceRegistrationFlowForBrowsers) | **Get** /self-service/registration/browser | Initialize Registration Flow for Browsers +[**InitializeSelfServiceRegistrationFlowForBrowsers**](V0alpha2Api.md#InitializeSelfServiceRegistrationFlowForBrowsers) | **Get** /self-service/registration/browser | # Initialize Registration Flow for Browsers [**InitializeSelfServiceRegistrationFlowWithoutBrowser**](V0alpha2Api.md#InitializeSelfServiceRegistrationFlowWithoutBrowser) | **Get** /self-service/registration/api | Initialize Registration Flow for APIs, Services, Apps, ... -[**InitializeSelfServiceSettingsFlowForBrowsers**](V0alpha2Api.md#InitializeSelfServiceSettingsFlowForBrowsers) | **Get** /self-service/settings/browser | Initialize Settings Flow for Browsers +[**InitializeSelfServiceSettingsFlowForBrowsers**](V0alpha2Api.md#InitializeSelfServiceSettingsFlowForBrowsers) | **Get** /self-service/settings/browser | # Initialize Settings Flow for Browsers [**InitializeSelfServiceSettingsFlowWithoutBrowser**](V0alpha2Api.md#InitializeSelfServiceSettingsFlowWithoutBrowser) | **Get** /self-service/settings/api | Initialize Settings Flow for APIs, Services, Apps, ... -[**InitializeSelfServiceVerificationFlowForBrowsers**](V0alpha2Api.md#InitializeSelfServiceVerificationFlowForBrowsers) | **Get** /self-service/verification/browser | Initialize Verification Flow for Browser Clients +[**InitializeSelfServiceVerificationFlowForBrowsers**](V0alpha2Api.md#InitializeSelfServiceVerificationFlowForBrowsers) | **Get** /self-service/verification/browser | # Initialize Verification Flow for Browser Clients [**InitializeSelfServiceVerificationFlowWithoutBrowser**](V0alpha2Api.md#InitializeSelfServiceVerificationFlowWithoutBrowser) | **Get** /self-service/verification/api | Initialize Verification Flow for APIs, Services, Apps, ... [**ListIdentitySchemas**](V0alpha2Api.md#ListIdentitySchemas) | **Get** /schemas | [**ListSessions**](V0alpha2Api.md#ListSessions) | **Get** /sessions | This endpoints returns all other active sessions that belong to the logged-in user. The current session can be retrieved by calling the `/sessions/whoami` endpoint. [**RevokeSession**](V0alpha2Api.md#RevokeSession) | **Delete** /sessions/{id} | Calling this endpoint invalidates the specified session. The current session cannot be revoked. Session data are not deleted. [**RevokeSessions**](V0alpha2Api.md#RevokeSessions) | **Delete** /sessions | Calling this endpoint invalidates all except the current session that belong to the logged-in user. Session data are not deleted. -[**SubmitSelfServiceLoginFlow**](V0alpha2Api.md#SubmitSelfServiceLoginFlow) | **Post** /self-service/login | Submit a Login Flow -[**SubmitSelfServiceLogoutFlow**](V0alpha2Api.md#SubmitSelfServiceLogoutFlow) | **Get** /self-service/logout | Complete Self-Service Logout +[**SubmitSelfServiceLoginFlow**](V0alpha2Api.md#SubmitSelfServiceLoginFlow) | **Post** /self-service/login | # Submit a Login Flow +[**SubmitSelfServiceLogoutFlow**](V0alpha2Api.md#SubmitSelfServiceLogoutFlow) | **Get** /self-service/logout | # Complete Self-Service Logout [**SubmitSelfServiceLogoutFlowWithoutBrowser**](V0alpha2Api.md#SubmitSelfServiceLogoutFlowWithoutBrowser) | **Delete** /self-service/logout/api | Perform Logout for APIs, Services, Apps, ... -[**SubmitSelfServiceRecoveryFlow**](V0alpha2Api.md#SubmitSelfServiceRecoveryFlow) | **Post** /self-service/recovery | Complete Recovery Flow -[**SubmitSelfServiceRegistrationFlow**](V0alpha2Api.md#SubmitSelfServiceRegistrationFlow) | **Post** /self-service/registration | Submit a Registration Flow -[**SubmitSelfServiceSettingsFlow**](V0alpha2Api.md#SubmitSelfServiceSettingsFlow) | **Post** /self-service/settings | Complete Settings Flow -[**SubmitSelfServiceVerificationFlow**](V0alpha2Api.md#SubmitSelfServiceVerificationFlow) | **Post** /self-service/verification | Complete Verification Flow -[**ToSession**](V0alpha2Api.md#ToSession) | **Get** /sessions/whoami | Check Who the Current HTTP Session Belongs To +[**SubmitSelfServiceRecoveryFlow**](V0alpha2Api.md#SubmitSelfServiceRecoveryFlow) | **Post** /self-service/recovery | # Complete Recovery Flow +[**SubmitSelfServiceRegistrationFlow**](V0alpha2Api.md#SubmitSelfServiceRegistrationFlow) | **Post** /self-service/registration | # Submit a Registration Flow +[**SubmitSelfServiceSettingsFlow**](V0alpha2Api.md#SubmitSelfServiceSettingsFlow) | **Post** /self-service/settings | # Complete Settings Flow +[**SubmitSelfServiceVerificationFlow**](V0alpha2Api.md#SubmitSelfServiceVerificationFlow) | **Post** /self-service/verification | # Complete Verification Flow +[**ToSession**](V0alpha2Api.md#ToSession) | **Get** /sessions/whoami | # Check Who the Current HTTP Session Belongs To @@ -52,7 +52,7 @@ Method | HTTP request | Description > Identity AdminCreateIdentity(ctx).AdminCreateIdentityBody(adminCreateIdentityBody).Execute() -Create an Identity +# Create an Identity @@ -118,7 +118,7 @@ Name | Type | Description | Notes > SelfServiceRecoveryLink AdminCreateSelfServiceRecoveryLink(ctx).AdminCreateSelfServiceRecoveryLinkBody(adminCreateSelfServiceRecoveryLinkBody).Execute() -Create a Recovery Link +# Create a Recovery Link @@ -184,7 +184,7 @@ No authorization required > AdminDeleteIdentity(ctx, id).Execute() -Delete an Identity +# Delete an Identity @@ -390,7 +390,7 @@ Name | Type | Description | Notes > Identity AdminGetIdentity(ctx, id).IncludeCredential(includeCredential).Execute() -Get an Identity +# Get an Identity @@ -462,7 +462,7 @@ Name | Type | Description | Notes > []Identity AdminListIdentities(ctx).PerPage(perPage).Page(page).Execute() -List Identities +# List Identities @@ -678,7 +678,7 @@ Name | Type | Description | Notes > Identity AdminUpdateIdentity(ctx, id).AdminUpdateIdentityBody(adminUpdateIdentityBody).Execute() -Update an Identity +# Update an Identity @@ -750,7 +750,7 @@ Name | Type | Description | Notes > SelfServiceLogoutUrl CreateSelfServiceLogoutFlowUrlForBrowsers(ctx).Cookie(cookie).Execute() -Create a Logout URL for Browsers +# Create a Logout URL for Browsers @@ -886,7 +886,7 @@ No authorization required > SelfServiceError GetSelfServiceError(ctx).Id(id).Execute() -Get Self-Service Errors +# Get Self-Service Errors @@ -952,7 +952,7 @@ No authorization required > SelfServiceLoginFlow GetSelfServiceLoginFlow(ctx).Id(id).Cookie(cookie).Execute() -Get Login Flow +# Get Login Flow @@ -1020,7 +1020,7 @@ No authorization required > SelfServiceRecoveryFlow GetSelfServiceRecoveryFlow(ctx).Id(id).Cookie(cookie).Execute() -Get Recovery Flow +# Get Recovery Flow @@ -1088,7 +1088,7 @@ No authorization required > SelfServiceRegistrationFlow GetSelfServiceRegistrationFlow(ctx).Id(id).Cookie(cookie).Execute() -Get Registration Flow +# Get Registration Flow @@ -1156,7 +1156,7 @@ No authorization required > SelfServiceSettingsFlow GetSelfServiceSettingsFlow(ctx).Id(id).XSessionToken(xSessionToken).Cookie(cookie).Execute() -Get Settings Flow +# Get Settings Flow @@ -1226,7 +1226,7 @@ No authorization required > SelfServiceVerificationFlow GetSelfServiceVerificationFlow(ctx).Id(id).Cookie(cookie).Execute() -Get Verification Flow +# Get Verification Flow @@ -1294,7 +1294,7 @@ No authorization required > string GetWebAuthnJavaScript(ctx).Execute() -Get WebAuthn JavaScript +# Get WebAuthn JavaScript @@ -1355,7 +1355,7 @@ No authorization required > SelfServiceLoginFlow InitializeSelfServiceLoginFlowForBrowsers(ctx).Refresh(refresh).Aal(aal).ReturnTo(returnTo).Cookie(cookie).Execute() -Initialize Login Flow for Browsers +# Initialize Login Flow for Browsers @@ -1497,7 +1497,7 @@ No authorization required > SelfServiceRecoveryFlow InitializeSelfServiceRecoveryFlowForBrowsers(ctx).ReturnTo(returnTo).Execute() -Initialize Recovery Flow for Browsers +# Initialize Recovery Flow for Browsers @@ -1624,7 +1624,7 @@ No authorization required > SelfServiceRegistrationFlow InitializeSelfServiceRegistrationFlowForBrowsers(ctx).ReturnTo(returnTo).Execute() -Initialize Registration Flow for Browsers +# Initialize Registration Flow for Browsers @@ -1751,7 +1751,7 @@ No authorization required > SelfServiceSettingsFlow InitializeSelfServiceSettingsFlowForBrowsers(ctx).ReturnTo(returnTo).Cookie(cookie).Execute() -Initialize Settings Flow for Browsers +# Initialize Settings Flow for Browsers @@ -1885,7 +1885,7 @@ No authorization required > SelfServiceVerificationFlow InitializeSelfServiceVerificationFlowForBrowsers(ctx).ReturnTo(returnTo).Execute() -Initialize Verification Flow for Browser Clients +# Initialize Verification Flow for Browser Clients @@ -2288,7 +2288,7 @@ No authorization required > SuccessfulSelfServiceLoginWithoutBrowser SubmitSelfServiceLoginFlow(ctx).Flow(flow).SubmitSelfServiceLoginFlowBody(submitSelfServiceLoginFlowBody).XSessionToken(xSessionToken).Cookie(cookie).Execute() -Submit a Login Flow +# Submit a Login Flow @@ -2360,7 +2360,7 @@ No authorization required > SubmitSelfServiceLogoutFlow(ctx).Token(token).ReturnTo(returnTo).Execute() -Complete Self-Service Logout +# Complete Self-Service Logout @@ -2490,7 +2490,7 @@ No authorization required > SelfServiceRecoveryFlow SubmitSelfServiceRecoveryFlow(ctx).Flow(flow).SubmitSelfServiceRecoveryFlowBody(submitSelfServiceRecoveryFlowBody).Token(token).Cookie(cookie).Execute() -Complete Recovery Flow +# Complete Recovery Flow @@ -2562,7 +2562,7 @@ No authorization required > SuccessfulSelfServiceRegistrationWithoutBrowser SubmitSelfServiceRegistrationFlow(ctx).Flow(flow).SubmitSelfServiceRegistrationFlowBody(submitSelfServiceRegistrationFlowBody).Cookie(cookie).Execute() -Submit a Registration Flow +# Submit a Registration Flow @@ -2632,7 +2632,7 @@ No authorization required > SelfServiceSettingsFlow SubmitSelfServiceSettingsFlow(ctx).Flow(flow).SubmitSelfServiceSettingsFlowBody(submitSelfServiceSettingsFlowBody).XSessionToken(xSessionToken).Cookie(cookie).Execute() -Complete Settings Flow +# Complete Settings Flow @@ -2704,7 +2704,7 @@ No authorization required > SelfServiceVerificationFlow SubmitSelfServiceVerificationFlow(ctx).Flow(flow).SubmitSelfServiceVerificationFlowBody(submitSelfServiceVerificationFlowBody).Token(token).Cookie(cookie).Execute() -Complete Verification Flow +# Complete Verification Flow @@ -2776,7 +2776,7 @@ No authorization required > Session ToSession(ctx).XSessionToken(xSessionToken).Cookie(cookie).Execute() -Check Who the Current HTTP Session Belongs To +# Check Who the Current HTTP Session Belongs To diff --git a/spec/api.json b/spec/api.json index 919eb8825fc3..3608c8028814 100755 --- a/spec/api.json +++ b/spec/api.json @@ -2370,7 +2370,7 @@ "description": "webAuthnJavaScript" } }, - "summary": "Get WebAuthn JavaScript", + "summary": "# Get WebAuthn JavaScript", "tags": [ "v0alpha2" ] @@ -2432,7 +2432,7 @@ "oryAccessToken": [] } ], - "summary": "List Identities", + "summary": "# List Identities", "tags": [ "v0alpha2" ] @@ -2497,7 +2497,7 @@ "oryAccessToken": [] } ], - "summary": "Create an Identity", + "summary": "# Create an Identity", "tags": [ "v0alpha2" ] @@ -2548,7 +2548,7 @@ "oryAccessToken": [] } ], - "summary": "Delete an Identity", + "summary": "# Delete an Identity", "tags": [ "v0alpha2" ] @@ -2615,7 +2615,7 @@ "oryAccessToken": [] } ], - "summary": "Get an Identity", + "summary": "# Get an Identity", "tags": [ "v0alpha2" ] @@ -2787,7 +2787,7 @@ "oryAccessToken": [] } ], - "summary": "Update an Identity", + "summary": "# Update an Identity", "tags": [ "v0alpha2" ] @@ -3027,7 +3027,7 @@ "description": "jsonError" } }, - "summary": "Create a Recovery Link", + "summary": "# Create a Recovery Link", "tags": [ "v0alpha2" ] @@ -3360,7 +3360,7 @@ "description": "jsonError" } }, - "summary": "Get Self-Service Errors", + "summary": "# Get Self-Service Errors", "tags": [ "v0alpha2" ] @@ -3468,7 +3468,7 @@ "description": "jsonError" } }, - "summary": "Submit a Login Flow", + "summary": "# Submit a Login Flow", "tags": [ "v0alpha2" ] @@ -3615,7 +3615,7 @@ "description": "jsonError" } }, - "summary": "Initialize Login Flow for Browsers", + "summary": "# Initialize Login Flow for Browsers", "tags": [ "v0alpha2" ] @@ -3696,7 +3696,7 @@ "description": "jsonError" } }, - "summary": "Get Login Flow", + "summary": "# Get Login Flow", "tags": [ "v0alpha2" ] @@ -3742,7 +3742,7 @@ "description": "jsonError" } }, - "summary": "Complete Self-Service Logout", + "summary": "# Complete Self-Service Logout", "tags": [ "v0alpha2" ] @@ -3840,7 +3840,7 @@ "description": "jsonError" } }, - "summary": "Create a Logout URL for Browsers", + "summary": "# Create a Logout URL for Browsers", "tags": [ "v0alpha2" ] @@ -3938,7 +3938,7 @@ "description": "jsonError" } }, - "summary": "Complete Recovery Flow", + "summary": "# Complete Recovery Flow", "tags": [ "v0alpha2" ] @@ -4035,7 +4035,7 @@ "description": "jsonError" } }, - "summary": "Initialize Recovery Flow for Browsers", + "summary": "# Initialize Recovery Flow for Browsers", "tags": [ "v0alpha2" ] @@ -4106,7 +4106,7 @@ "description": "jsonError" } }, - "summary": "Get Recovery Flow", + "summary": "# Get Recovery Flow", "tags": [ "v0alpha2" ] @@ -4206,7 +4206,7 @@ "description": "jsonError" } }, - "summary": "Submit a Registration Flow", + "summary": "# Submit a Registration Flow", "tags": [ "v0alpha2" ] @@ -4293,7 +4293,7 @@ "description": "jsonError" } }, - "summary": "Initialize Registration Flow for Browsers", + "summary": "# Initialize Registration Flow for Browsers", "tags": [ "v0alpha2" ] @@ -4374,7 +4374,7 @@ "description": "jsonError" } }, - "summary": "Get Registration Flow", + "summary": "# Get Registration Flow", "tags": [ "v0alpha2" ] @@ -4507,7 +4507,7 @@ "sessionToken": [] } ], - "summary": "Complete Settings Flow", + "summary": "# Complete Settings Flow", "tags": [ "v0alpha2" ] @@ -4642,7 +4642,7 @@ "description": "jsonError" } }, - "summary": "Initialize Settings Flow for Browsers", + "summary": "# Initialize Settings Flow for Browsers", "tags": [ "v0alpha2" ] @@ -4741,7 +4741,7 @@ "description": "jsonError" } }, - "summary": "Get Settings Flow", + "summary": "# Get Settings Flow", "tags": [ "v0alpha2" ] @@ -4839,7 +4839,7 @@ "description": "jsonError" } }, - "summary": "Complete Verification Flow", + "summary": "# Complete Verification Flow", "tags": [ "v0alpha2" ] @@ -4926,7 +4926,7 @@ "description": "jsonError" } }, - "summary": "Initialize Verification Flow for Browser Clients", + "summary": "# Initialize Verification Flow for Browser Clients", "tags": [ "v0alpha2" ] @@ -4997,7 +4997,7 @@ "description": "jsonError" } }, - "summary": "Get Verification Flow", + "summary": "# Get Verification Flow", "tags": [ "v0alpha2" ] @@ -5250,7 +5250,7 @@ "description": "jsonError" } }, - "summary": "Check Who the Current HTTP Session Belongs To", + "summary": "# Check Who the Current HTTP Session Belongs To", "tags": [ "v0alpha2" ] diff --git a/spec/swagger.json b/spec/swagger.json index 1d3b7a5c1e19..df7b37129a7f 100755 --- a/spec/swagger.json +++ b/spec/swagger.json @@ -31,7 +31,7 @@ "tags": [ "v0alpha2" ], - "summary": "Get WebAuthn JavaScript", + "summary": "# Get WebAuthn JavaScript", "operationId": "getWebAuthnJavaScript", "responses": { "200": { @@ -61,7 +61,7 @@ "tags": [ "v0alpha2" ], - "summary": "List Identities", + "summary": "# List Identities", "operationId": "adminListIdentities", "parameters": [ { @@ -119,7 +119,7 @@ "tags": [ "v0alpha2" ], - "summary": "Create an Identity", + "summary": "# Create an Identity", "operationId": "adminCreateIdentity", "parameters": [ { @@ -179,7 +179,7 @@ "tags": [ "v0alpha2" ], - "summary": "Get an Identity", + "summary": "# Get an Identity", "operationId": "adminGetIdentity", "parameters": [ { @@ -240,7 +240,7 @@ "tags": [ "v0alpha2" ], - "summary": "Update an Identity", + "summary": "# Update an Identity", "operationId": "adminUpdateIdentity", "parameters": [ { @@ -308,7 +308,7 @@ "tags": [ "v0alpha2" ], - "summary": "Delete an Identity", + "summary": "# Delete an Identity", "operationId": "adminDeleteIdentity", "parameters": [ { @@ -565,7 +565,7 @@ "tags": [ "v0alpha2" ], - "summary": "Create a Recovery Link", + "summary": "# Create a Recovery Link", "operationId": "adminCreateSelfServiceRecoveryLink", "parameters": [ { @@ -821,7 +821,7 @@ "tags": [ "v0alpha2" ], - "summary": "Get Self-Service Errors", + "summary": "# Get Self-Service Errors", "operationId": "getSelfServiceError", "parameters": [ { @@ -879,7 +879,7 @@ "tags": [ "v0alpha2" ], - "summary": "Submit a Login Flow", + "summary": "# Submit a Login Flow", "operationId": "submitSelfServiceLoginFlow", "parameters": [ { @@ -1017,7 +1017,7 @@ "tags": [ "v0alpha2" ], - "summary": "Initialize Login Flow for Browsers", + "summary": "# Initialize Login Flow for Browsers", "operationId": "initializeSelfServiceLoginFlowForBrowsers", "parameters": [ { @@ -1083,7 +1083,7 @@ "tags": [ "v0alpha2" ], - "summary": "Get Login Flow", + "summary": "# Get Login Flow", "operationId": "getSelfServiceLoginFlow", "parameters": [ { @@ -1147,7 +1147,7 @@ "tags": [ "v0alpha2" ], - "summary": "Complete Self-Service Logout", + "summary": "# Complete Self-Service Logout", "operationId": "submitSelfServiceLogoutFlow", "parameters": [ { @@ -1239,7 +1239,7 @@ "tags": [ "v0alpha2" ], - "summary": "Create a Logout URL for Browsers", + "summary": "# Create a Logout URL for Browsers", "operationId": "createSelfServiceLogoutFlowUrlForBrowsers", "parameters": [ { @@ -1288,7 +1288,7 @@ "tags": [ "v0alpha2" ], - "summary": "Complete Recovery Flow", + "summary": "# Complete Recovery Flow", "operationId": "submitSelfServiceRecoveryFlow", "parameters": [ { @@ -1394,7 +1394,7 @@ "tags": [ "v0alpha2" ], - "summary": "Initialize Recovery Flow for Browsers", + "summary": "# Initialize Recovery Flow for Browsers", "operationId": "initializeSelfServiceRecoveryFlowForBrowsers", "parameters": [ { @@ -1442,7 +1442,7 @@ "tags": [ "v0alpha2" ], - "summary": "Get Recovery Flow", + "summary": "# Get Recovery Flow", "operationId": "getSelfServiceRecoveryFlow", "parameters": [ { @@ -1504,7 +1504,7 @@ "tags": [ "v0alpha2" ], - "summary": "Submit a Registration Flow", + "summary": "# Submit a Registration Flow", "operationId": "submitSelfServiceRegistrationFlow", "parameters": [ { @@ -1613,7 +1613,7 @@ "tags": [ "v0alpha2" ], - "summary": "Initialize Registration Flow for Browsers", + "summary": "# Initialize Registration Flow for Browsers", "operationId": "initializeSelfServiceRegistrationFlowForBrowsers", "parameters": [ { @@ -1655,7 +1655,7 @@ "tags": [ "v0alpha2" ], - "summary": "Get Registration Flow", + "summary": "# Get Registration Flow", "operationId": "getSelfServiceRegistrationFlow", "parameters": [ { @@ -1728,7 +1728,7 @@ "tags": [ "v0alpha2" ], - "summary": "Complete Settings Flow", + "summary": "# Complete Settings Flow", "operationId": "submitSelfServiceSettingsFlow", "parameters": [ { @@ -1860,7 +1860,7 @@ "tags": [ "v0alpha2" ], - "summary": "Initialize Settings Flow for Browsers", + "summary": "# Initialize Settings Flow for Browsers", "operationId": "initializeSelfServiceSettingsFlowForBrowsers", "parameters": [ { @@ -1926,7 +1926,7 @@ "tags": [ "v0alpha2" ], - "summary": "Get Settings Flow", + "summary": "# Get Settings Flow", "operationId": "getSelfServiceSettingsFlow", "parameters": [ { @@ -2006,7 +2006,7 @@ "tags": [ "v0alpha2" ], - "summary": "Complete Verification Flow", + "summary": "# Complete Verification Flow", "operationId": "submitSelfServiceVerificationFlow", "parameters": [ { @@ -2112,7 +2112,7 @@ "tags": [ "v0alpha2" ], - "summary": "Initialize Verification Flow for Browser Clients", + "summary": "# Initialize Verification Flow for Browser Clients", "operationId": "initializeSelfServiceVerificationFlowForBrowsers", "parameters": [ { @@ -2154,7 +2154,7 @@ "tags": [ "v0alpha2" ], - "summary": "Get Verification Flow", + "summary": "# Get Verification Flow", "operationId": "getSelfServiceVerificationFlow", "parameters": [ { @@ -2349,7 +2349,7 @@ "tags": [ "v0alpha2" ], - "summary": "Check Who the Current HTTP Session Belongs To", + "summary": "# Check Who the Current HTTP Session Belongs To", "operationId": "toSession", "parameters": [ { From 3f490a31cddc53ce5d9958454f41c352580904c9 Mon Sep 17 00:00:00 2001 From: Florian Kramer Date: Mon, 12 Sep 2022 11:05:40 +0200 Subject: [PATCH 255/411] fix: check return code of ms graphapi /me request. (#2647) Co-authored-by: Jonas Hungershausen --- selfservice/strategy/oidc/provider_microsoft.go | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/selfservice/strategy/oidc/provider_microsoft.go b/selfservice/strategy/oidc/provider_microsoft.go index 9f8edfc36fc2..57fe21647342 100644 --- a/selfservice/strategy/oidc/provider_microsoft.go +++ b/selfservice/strategy/oidc/provider_microsoft.go @@ -3,6 +3,7 @@ package oidc import ( "context" "encoding/json" + "net/http" "net/url" "strings" @@ -99,6 +100,10 @@ func (m *ProviderMicrosoft) updateSubject(ctx context.Context, claims *Claims, e } defer resp.Body.Close() + if resp.StatusCode != http.StatusOK { + return nil, errors.WithStack(herodot.ErrInternalServerError.WithReasonf("Unable to fetch from `https://graph.microsoft.com/v1.0/me: Got Status %s", resp.Status)) + } + var user struct { ID string `json:"id"` } From 5fddcbf6554264766301e63ed3889ba746f0cd1a Mon Sep 17 00:00:00 2001 From: Erol Keskin Date: Mon, 12 Sep 2022 15:43:37 +0300 Subject: [PATCH 256/411] feat: add api endpoint to fetch messages (#2651) Closes https://github.com/ory/kratos/issues/2639 Co-authored-by: aeneasr <3372410+aeneasr@users.noreply.github.com> --- .schema/openapi/patches/courier.yaml | 29 + Makefile | 3 +- courier/handler.go | 128 +++++ courier/handler_test.go | 193 +++++++ courier/message.go | 142 ++++- courier/message_test.go | 58 ++ courier/persistence.go | 4 + courier/test/persistence.go | 26 + driver/registry.go | 3 + driver/registry_default.go | 11 + internal/httpclient/.openapi-generator/FILES | 6 + internal/httpclient/README.md | 56 +- internal/httpclient/api/openapi.yaml | 191 ++++++- internal/httpclient/api_metadata.go | 26 +- internal/httpclient/api_v0alpha2.go | 538 ++++++++++++------ .../httpclient/docs/CourierMessageStatus.md | 17 + .../httpclient/docs/CourierMessageType.md | 13 + internal/httpclient/docs/Message.md | 290 ++++++++++ internal/httpclient/docs/V0alpha2Api.md | 177 ++++-- .../model_courier_message_status.go | 86 +++ .../httpclient/model_courier_message_type.go | 84 +++ internal/httpclient/model_message.go | 441 ++++++++++++++ persistence/sql/persister_courier.go | 27 + spec/api.json | 205 ++++++- spec/swagger.json | 185 +++++- 25 files changed, 2591 insertions(+), 348 deletions(-) create mode 100644 .schema/openapi/patches/courier.yaml create mode 100644 courier/handler.go create mode 100644 courier/handler_test.go create mode 100644 courier/message_test.go create mode 100644 internal/httpclient/docs/CourierMessageStatus.md create mode 100644 internal/httpclient/docs/CourierMessageType.md create mode 100644 internal/httpclient/docs/Message.md create mode 100644 internal/httpclient/model_courier_message_status.go create mode 100644 internal/httpclient/model_courier_message_type.go create mode 100644 internal/httpclient/model_message.go diff --git a/.schema/openapi/patches/courier.yaml b/.schema/openapi/patches/courier.yaml new file mode 100644 index 000000000000..31f7bf8ef56d --- /dev/null +++ b/.schema/openapi/patches/courier.yaml @@ -0,0 +1,29 @@ +# Makes courierMessageStatus a string enum +- op: remove + path: /components/schemas/courierMessageStatus/format +- op: replace + path: /components/schemas/courierMessageStatus/type + value: string +- op: add + path: /components/schemas/courierMessageStatus/enum + value: + - queued + - sent + - processing + - abandoned +# Makes courierMessageType a string enum +- op: remove + path: /components/schemas/courierMessageType/format +- op: replace + path: /components/schemas/courierMessageType/type + value: string +- op: add + path: /components/schemas/courierMessageType/enum + value: + - email + - phone +# Fix courierMessageStatus query parameter in listMessages endpoint +- op: replace + path: /paths/~1admin~1courier~1messages/get/parameters/2/schema + value: + $ref: "#/components/schemas/courierMessageStatus" diff --git a/Makefile b/Makefile index 0efcffb34ed3..7d04d6f2c5c1 100644 --- a/Makefile +++ b/Makefile @@ -55,7 +55,7 @@ node_modules: package.json Makefile npm ci .bin/golangci-lint: Makefile - curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -d -b .bin v1.47.0 + curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -d -b .bin v1.47.3 .bin/hydra: Makefile bash <(curl https://raw.githubusercontent.com/ory/meta/master/install.sh) -d -b .bin hydra v1.11.0 @@ -103,6 +103,7 @@ sdk: .bin/swagger .bin/ory node_modules -p file://.schema/openapi/patches/security.yaml \ -p file://.schema/openapi/patches/session.yaml \ -p file://.schema/openapi/patches/identity.yaml \ + -p file://.schema/openapi/patches/courier.yaml \ -p file://.schema/openapi/patches/generic_error.yaml \ -p file://.schema/openapi/patches/common.yaml \ spec/swagger.json spec/api.json diff --git a/courier/handler.go b/courier/handler.go new file mode 100644 index 000000000000..86db0106d2fa --- /dev/null +++ b/courier/handler.go @@ -0,0 +1,128 @@ +package courier + +import ( + "net/http" + + "github.com/julienschmidt/httprouter" + + "github.com/ory/kratos/driver/config" + "github.com/ory/kratos/x" + "github.com/ory/x/urlx" +) + +const AdminRouteCourier = "/courier" +const AdminRouteMessages = AdminRouteCourier + "/messages" + +type ( + handlerDependencies interface { + x.WriterProvider + x.LoggingProvider + x.CSRFProvider + PersistenceProvider + config.Provider + } + Handler struct { + r handlerDependencies + } + HandlerProvider interface { + CourierHandler() *Handler + } +) + +func NewHandler(r handlerDependencies) *Handler { + return &Handler{r: r} +} + +func (h *Handler) RegisterPublicRoutes(public *x.RouterPublic) { + h.r.CSRFHandler().IgnoreGlobs(x.AdminPrefix+AdminRouteMessages, AdminRouteMessages) + public.GET(x.AdminPrefix+AdminRouteMessages, x.RedirectToAdminRoute(h.r)) +} + +func (h *Handler) RegisterAdminRoutes(admin *x.RouterAdmin) { + admin.GET(AdminRouteMessages, h.adminListCourierMessages) +} + +// A list of messages. +// swagger:model courierMessageList +// nolint:deadcode,unused +type courierMessageList []Message + +// nolint:deadcode,unused +// swagger:parameters adminListCourierMessages +type MessagesFilter struct { + x.PaginationParams + // Status filters out messages based on status. + // If no value is provided, it doesn't take effect on filter. + // + // required: false + // in: query + Status *MessageStatus `json:"status"` + // Recipient filters out messages based on recipient. + // If no value is provided, it doesn't take effect on filter. + // + // required: false + // in: query + Recipient string `json:"recipient"` +} + +// swagger:route GET /admin/courier/messages v0alpha2 adminListCourierMessages +// +// # List Messages +// +// Lists all messages by given status and recipient. +// +// Produces: +// - application/json +// +// Schemes: http, https +// +// Responses: +// 200: courierMessageList +// 400: jsonError +// 500: jsonError +func (h *Handler) adminListCourierMessages(w http.ResponseWriter, r *http.Request, _ httprouter.Params) { + filter, err := parseMessagesFilter(r) + if err != nil { + h.r.Writer().WriteErrorCode(w, r, http.StatusBadRequest, err) + return + } + + l, tc, err := h.r.CourierPersister().ListMessages(r.Context(), filter) + if err != nil { + h.r.Writer().WriteError(w, r, err) + return + } + + if !h.r.Config().IsInsecureDevMode(r.Context()) { + for i := range l { + l[i].Body = "" + } + } + + x.PaginationHeader(w, urlx.AppendPaths(h.r.Config().SelfAdminURL(r.Context()), AdminRouteMessages), int64(tc), filter.Page, filter.PerPage) + h.r.Writer().Write(w, r, l) +} + +func parseMessagesFilter(r *http.Request) (MessagesFilter, error) { + var status *MessageStatus + + if r.URL.Query().Has("status") { + ms, err := ToMessageStatus(r.URL.Query().Get("status")) + + if err != nil { + return MessagesFilter{}, err + } + + status = &ms + } + + page, itemsPerPage := x.ParsePagination(r) + return MessagesFilter{ + PaginationParams: x.PaginationParams{ + Page: page, + PerPage: itemsPerPage, + }, + Status: status, + Recipient: r.URL.Query().Get("recipient"), + }, nil +} diff --git a/courier/handler_test.go b/courier/handler_test.go new file mode 100644 index 000000000000..beb7aa12891f --- /dev/null +++ b/courier/handler_test.go @@ -0,0 +1,193 @@ +package courier_test + +import ( + "context" + "fmt" + "io/ioutil" + "net/http" + "net/http/httptest" + "testing" + + "github.com/bxcodec/faker/v3" + "github.com/tidwall/gjson" + + "github.com/ory/kratos/courier" + "github.com/ory/kratos/driver/config" + "github.com/ory/kratos/internal" + "github.com/ory/kratos/internal/testhelpers" + "github.com/ory/kratos/x" + "github.com/ory/x/urlx" + + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" +) + +func TestHandler(t *testing.T) { + ctx := context.Background() + conf, reg := internal.NewFastRegistryWithMocks(t) + // Start kratos server + publicTS, adminTS := testhelpers.NewKratosServerWithCSRF(t, reg) + + mockServerURL := urlx.ParseOrPanic(publicTS.URL) + conf.MustSet(ctx, config.ViperKeyAdminBaseURL, adminTS.URL) + conf.MustSet(ctx, config.ViperKeyPublicBaseURL, mockServerURL.String()) + + var get = func(t *testing.T, base *httptest.Server, href string, expectCode int) gjson.Result { + t.Helper() + res, err := base.Client().Get(base.URL + href) + require.NoError(t, err) + body, err := ioutil.ReadAll(res.Body) + require.NoError(t, err) + require.NoError(t, res.Body.Close()) + + require.EqualValues(t, expectCode, res.StatusCode, "%s", body) + return gjson.ParseBytes(body) + } + + var getList = func(t *testing.T, tsName string, qs string) gjson.Result { + t.Helper() + href := courier.AdminRouteMessages + qs + ts := adminTS + + if tsName == "public" { + href = x.AdminPrefix + href + ts = publicTS + } + + parsed := get(t, ts, href, http.StatusOK) + require.True(t, parsed.IsArray(), "%s", parsed.Raw) + return parsed + } + + t.Run("case=should return an empty list of messages", func(t *testing.T) { + for _, name := range []string{"public", "admin"} { + t.Run("endpoint="+name, func(t *testing.T) { + parsed := getList(t, name, "") + assert.Len(t, parsed.Array(), 0) + }) + } + }) + + t.Run("case=list messages", func(t *testing.T) { + // Arrange test data + const msgCount = 10 // total message count + const procCount = 5 // how many messages' status should be equal to `processing` + const rcptOryCount = 2 // how many messages' recipient should be equal to `noreply@ory.sh` + messages := make([]courier.Message, msgCount) + + for i := range messages { + require.NoError(t, faker.FakeData(&messages[i])) + messages[i].Type = courier.MessageTypeEmail + messages[i].Body = "body content" + if i < rcptOryCount { + messages[i].Recipient = "noreply@ory.sh" + } + require.NoError(t, reg.CourierPersister().AddMessage(context.Background(), &messages[i])) + } + for i := 0; i < procCount; i++ { + require.NoError(t, reg.CourierPersister().SetMessageStatus(context.Background(), messages[i].ID, courier.MessageStatusProcessing)) + } + + tss := [...]string{"public", "admin"} + + t.Run("paging", func(t *testing.T) { + t.Run("case=should return half of the messages", func(t *testing.T) { + qs := fmt.Sprintf("?page=1&per_page=%d", msgCount/2) + + for _, name := range tss { + t.Run("endpoint="+name, func(t *testing.T) { + parsed := getList(t, name, qs) + assert.Len(t, parsed.Array(), msgCount/2) + }) + } + }) + t.Run("case=should return no message", func(t *testing.T) { + qs := `?page=2&per_page=250` + + for _, name := range tss { + t.Run("endpoint="+name, func(t *testing.T) { + parsed := getList(t, name, qs) + assert.Len(t, parsed.Array(), 0) + }) + } + }) + }) + t.Run("filtering", func(t *testing.T) { + t.Run("case=should return all queued messages", func(t *testing.T) { + qs := `?page=1&per_page=250&status=queued` + + for _, name := range tss { + t.Run("endpoint="+name, func(t *testing.T) { + parsed := getList(t, name, qs) + assert.Len(t, parsed.Array(), msgCount-procCount) + + for _, item := range parsed.Array() { + assert.Equal(t, "queued", item.Get("status").String()) + } + }) + } + }) + t.Run("case=should return all processing messages", func(t *testing.T) { + qs := `?page=1&per_page=250&status=processing` + + for _, name := range tss { + t.Run("endpoint="+name, func(t *testing.T) { + parsed := getList(t, name, qs) + assert.Len(t, parsed.Array(), procCount) + + for _, item := range parsed.Array() { + assert.Equal(t, "processing", item.Get("status").String()) + } + }) + } + }) + t.Run("case=should return all messages with recipient equals to noreply@ory.sh", func(t *testing.T) { + qs := `?page=1&per_page=250&recipient=noreply@ory.sh` + + for _, name := range tss { + t.Run("endpoint="+name, func(t *testing.T) { + parsed := getList(t, name, qs) + assert.Len(t, parsed.Array(), rcptOryCount) + + for _, item := range parsed.Array() { + assert.Equal(t, "noreply@ory.sh", item.Get("recipient").String()) + } + }) + } + }) + }) + t.Run("case=body should be redacted if kratos is not in dev mode", func(t *testing.T) { + conf.MustSet(ctx, "dev", false) + for _, name := range tss { + t.Run("endpoint="+name, func(t *testing.T) { + parsed := getList(t, name, "") + require.Len(t, parsed.Array(), msgCount, "%s", parsed.Raw) + + for _, item := range parsed.Array() { + assert.Equal(t, "", item.Get("body").String()) + } + }) + } + }) + t.Run("case=body should not be redacted if kratos is in dev mode", func(t *testing.T) { + conf.MustSet(ctx, "dev", true) + for _, name := range tss { + t.Run("endpoint="+name, func(t *testing.T) { + parsed := getList(t, name, "") + require.Len(t, parsed.Array(), msgCount, "%s", parsed.Raw) + + for _, item := range parsed.Array() { + assert.Equal(t, "body content", item.Get("body").String()) + } + }) + } + }) + t.Run("case=should return with http status BadRequest when given status is invalid", func(t *testing.T) { + qs := `?page=1&status=invalid_status` + res, err := adminTS.Client().Get(adminTS.URL + courier.AdminRouteMessages + qs) + + require.NoError(t, err) + assert.Equal(t, http.StatusBadRequest, res.StatusCode, "status code should be equal to StatusBadRequest") + }) + }) +} diff --git a/courier/message.go b/courier/message.go index 52228d4a8358..fda1437c4a2c 100644 --- a/courier/message.go +++ b/courier/message.go @@ -2,11 +2,19 @@ package courier import ( "context" + "encoding/json" "time" "github.com/gofrs/uuid" + "github.com/pkg/errors" + + "github.com/ory/herodot" + "github.com/ory/x/stringsx" ) +// A Message's Status +// +// swagger:model courierMessageStatus type MessageStatus int const ( @@ -16,6 +24,80 @@ const ( MessageStatusAbandoned ) +const ( + messageStatusQueuedText = "queued" + messageStatusSentText = "sent" + messageStatusProcessingText = "processing" + messageStatusAbandonedText = "abandoned" +) + +func ToMessageStatus(str string) (MessageStatus, error) { + switch s := stringsx.SwitchExact(str); { + case s.AddCase(MessageStatusQueued.String()): + return MessageStatusQueued, nil + case s.AddCase(MessageStatusSent.String()): + return MessageStatusSent, nil + case s.AddCase(MessageStatusProcessing.String()): + return MessageStatusProcessing, nil + case s.AddCase(MessageStatusAbandoned.String()): + return MessageStatusAbandoned, nil + default: + return 0, errors.WithStack(herodot.ErrBadRequest.WithWrap(s.ToUnknownCaseErr()).WithReason("Message status is not valid")) + } +} + +func (ms MessageStatus) String() string { + switch ms { + case MessageStatusQueued: + return messageStatusQueuedText + case MessageStatusSent: + return messageStatusSentText + case MessageStatusProcessing: + return messageStatusProcessingText + case MessageStatusAbandoned: + return messageStatusAbandonedText + default: + return "" + } +} + +func (ms MessageStatus) IsValid() error { + switch ms { + case MessageStatusQueued, MessageStatusSent, MessageStatusProcessing, MessageStatusAbandoned: + return nil + default: + return errors.WithStack(herodot.ErrBadRequest.WithReason("Message status is not valid")) + } +} + +func (ms MessageStatus) MarshalJSON() ([]byte, error) { + if err := ms.IsValid(); err != nil { + return nil, err + } + return json.Marshal(ms.String()) +} + +func (ms *MessageStatus) UnmarshalJSON(data []byte) error { + var str string + if err := json.Unmarshal(data, &str); err != nil { + return err + } + + s, err := ToMessageStatus(str) + + if err != nil { + return err + } + + *ms = s + return nil +} + +// A Message's Type +// +// It can either be `email` or `phone` +// +// swagger:model courierMessageType type MessageType int const ( @@ -23,7 +105,65 @@ const ( MessageTypePhone ) -// swagger:ignore +const ( + messageTypeEmailText = "email" + messageTypePhoneText = "phone" +) + +func ToMessageType(str string) (MessageType, error) { + switch s := stringsx.SwitchExact(str); { + case s.AddCase(messageTypeEmailText): + return MessageTypeEmail, nil + case s.AddCase(messageTypePhoneText): + return MessageTypePhone, nil + default: + return 0, errors.WithStack(herodot.ErrBadRequest.WithWrap(s.ToUnknownCaseErr()).WithReason("Message type is not valid")) + } +} + +func (mt MessageType) String() string { + switch mt { + case MessageTypeEmail: + return messageTypeEmailText + case MessageTypePhone: + return messageTypePhoneText + default: + return "" + } +} + +func (mt MessageType) IsValid() error { + switch mt { + case MessageTypeEmail, MessageTypePhone: + return nil + default: + return errors.WithStack(herodot.ErrBadRequest.WithReason("Message type is not valid")) + } +} + +func (mt MessageType) MarshalJSON() ([]byte, error) { + if err := mt.IsValid(); err != nil { + return nil, err + } + return json.Marshal(mt.String()) +} + +func (mt *MessageType) UnmarshalJSON(data []byte) error { + var str string + if err := json.Unmarshal(data, &str); err != nil { + return err + } + + t, err := ToMessageType(str) + if err != nil { + return err + } + + *mt = t + return nil +} + +// swagger:model message type Message struct { ID uuid.UUID `json:"id" faker:"-" db:"id"` NID uuid.UUID `json:"-" faker:"-" db:"nid"` diff --git a/courier/message_test.go b/courier/message_test.go new file mode 100644 index 000000000000..6d5ac1c8cdd3 --- /dev/null +++ b/courier/message_test.go @@ -0,0 +1,58 @@ +package courier_test + +import ( + "testing" + + "github.com/stretchr/testify/require" + + "github.com/ory/herodot" + "github.com/ory/kratos/courier" +) + +func TestMessageStatusValidity(t *testing.T) { + invalid := courier.MessageStatus(0) + require.ErrorIs(t, invalid.IsValid(), herodot.ErrBadRequest, "IsValid() should return an error when message status is invalid") +} + +func TestToMessageStatus(t *testing.T) { + t.Run("case=should return corresponding MessageStatus for given str", func(t *testing.T) { + for str, exp := range map[string]courier.MessageStatus{ + "queued": courier.MessageStatusQueued, + "sent": courier.MessageStatusSent, + "processing": courier.MessageStatusProcessing, + "abandoned": courier.MessageStatusAbandoned, + } { + result, err := courier.ToMessageStatus(str) + require.NoError(t, err) + require.Equal(t, exp, result) + } + }) + t.Run("case=should return error for invalid message status str", func(t *testing.T) { + result, err := courier.ToMessageStatus("invalid") + require.Error(t, err, herodot.ErrBadRequest) + require.Error(t, result.IsValid(), herodot.ErrBadRequest) + }) +} + +func TestMessageTypeValidity(t *testing.T) { + invalid := courier.MessageType(0) + require.ErrorIs(t, invalid.IsValid(), herodot.ErrBadRequest, "IsValid() should return an error when message type is invalid") +} + +func TestToMessageType(t *testing.T) { + t.Run("case=should return corresponding MessageType for given str", func(t *testing.T) { + for str, exp := range map[string]courier.MessageType{ + "email": courier.MessageTypeEmail, + "phone": courier.MessageTypePhone, + } { + result, err := courier.ToMessageType(str) + require.NoError(t, err) + require.Equal(t, exp, result) + } + }) + t.Run("case=should return error for invalid message type str", func(t *testing.T) { + result, err := courier.ToMessageType("invalid") + require.ErrorIs(t, err, herodot.ErrBadRequest) + require.ErrorIs(t, result.IsValid(), herodot.ErrBadRequest) + }) +} diff --git a/courier/persistence.go b/courier/persistence.go index dcccfebb7222..2555c1b4f420 100644 --- a/courier/persistence.go +++ b/courier/persistence.go @@ -20,6 +20,10 @@ type ( LatestQueuedMessage(ctx context.Context) (*Message, error) IncrementMessageSendCount(context.Context, uuid.UUID) error + + // ListMessages lists all messages in the store given the page, itemsPerPage, status and recipient. + // Returns list of messages, total count of messages satisfied by given filter, and error if any + ListMessages(ctx context.Context, filter MessagesFilter) ([]Message, int64, error) } PersistenceProvider interface { CourierPersister() Persister diff --git a/courier/test/persistence.go b/courier/test/persistence.go index 12323715a434..98183fd295ac 100644 --- a/courier/test/persistence.go +++ b/courier/test/persistence.go @@ -107,6 +107,32 @@ func TestPersister(ctx context.Context, newNetworkUnlessExisting NetworkWrapper, assert.Equal(t, originalSendCount+1, ms[0].SendCount) }) + t.Run("case=list messages", func(t *testing.T) { + status := courier.MessageStatusProcessing + filter := courier.MessagesFilter{ + Status: &status, + PaginationParams: x.PaginationParams{ + Page: 1, + PerPage: 100, + }, + } + ms, tc, err := p.ListMessages(ctx, filter) + + require.NoError(t, err) + assert.Len(t, ms, len(messages)) + assert.Equal(t, int64(len(messages)), tc) + assert.Equal(t, messages[len(messages)-1].ID, ms[0].ID) + + t.Run("on another network", func(t *testing.T) { + _, p := newNetwork(t, ctx) + ms, tc, err := p.ListMessages(ctx, filter) + + require.NoError(t, err) + require.Len(t, ms, 0) + require.Equal(t, int64(0), tc) + }) + }) + t.Run("case=network", func(t *testing.T) { id := x.NewUUID() diff --git a/driver/registry.go b/driver/registry.go index dde98c0e9983..619bfb4ab674 100644 --- a/driver/registry.go +++ b/driver/registry.go @@ -92,6 +92,9 @@ type Registry interface { identity.ManagementProvider identity.ActiveCredentialsCounterStrategyProvider + courier.HandlerProvider + courier.PersistenceProvider + schema.HandlerProvider password2.ValidationProvider diff --git a/driver/registry_default.go b/driver/registry_default.go index 37ebe9c72424..298aae71f604 100644 --- a/driver/registry_default.go +++ b/driver/registry_default.go @@ -99,6 +99,8 @@ type RegistryDefault struct { identityValidator *identity.Validator identityManager *identity.Manager + courierHandler *courier.Handler + continuityManager continuity.Manager schemaHandler *schema.Handler @@ -159,6 +161,7 @@ func (m *RegistryDefault) RegisterPublicRoutes(ctx context.Context, router *x.Ro m.LogoutHandler().RegisterPublicRoutes(router) m.SettingsHandler().RegisterPublicRoutes(router) m.IdentityHandler().RegisterPublicRoutes(router) + m.CourierHandler().RegisterPublicRoutes(router) m.AllLoginStrategies().RegisterPublicRoutes(router) m.AllSettingsStrategies().RegisterPublicRoutes(router) m.AllRegistrationStrategies().RegisterPublicRoutes(router) @@ -182,6 +185,7 @@ func (m *RegistryDefault) RegisterAdminRoutes(ctx context.Context, router *x.Rou m.SchemaHandler().RegisterAdminRoutes(router) m.SettingsHandler().RegisterAdminRoutes(router) m.IdentityHandler().RegisterAdminRoutes(router) + m.CourierHandler().RegisterAdminRoutes(router) m.SelfServiceErrorHandler().RegisterAdminRoutes(router) m.RecoveryHandler().RegisterAdminRoutes(router) @@ -381,6 +385,13 @@ func (m *RegistryDefault) IdentityHandler() *identity.Handler { return m.identityHandler } +func (m *RegistryDefault) CourierHandler() *courier.Handler { + if m.courierHandler == nil { + m.courierHandler = courier.NewHandler(m) + } + return m.courierHandler +} + func (m *RegistryDefault) SchemaHandler() *schema.Handler { if m.schemaHandler == nil { m.schemaHandler = schema.NewHandler(m) diff --git a/internal/httpclient/.openapi-generator/FILES b/internal/httpclient/.openapi-generator/FILES index 408bd69aade9..3ae906a20559 100644 --- a/internal/httpclient/.openapi-generator/FILES +++ b/internal/httpclient/.openapi-generator/FILES @@ -17,6 +17,8 @@ docs/AdminCreateSelfServiceRecoveryLinkBody.md docs/AdminIdentityImportCredentials.md docs/AdminUpdateIdentityBody.md docs/AuthenticatorAssuranceLevel.md +docs/CourierMessageStatus.md +docs/CourierMessageType.md docs/ErrorAuthenticatorAssuranceLevelNotSatisfied.md docs/GenericError.md docs/HealthNotReadyStatus.md @@ -34,6 +36,7 @@ docs/InlineResponse2001.md docs/InlineResponse503.md docs/JsonError.md docs/JsonPatch.md +docs/Message.md docs/MetadataApi.md docs/NeedsPrivilegedSessionError.md docs/Pagination.md @@ -109,6 +112,8 @@ model_admin_create_self_service_recovery_link_body.go model_admin_identity_import_credentials.go model_admin_update_identity_body.go model_authenticator_assurance_level.go +model_courier_message_status.go +model_courier_message_type.go model_error_authenticator_assurance_level_not_satisfied.go model_generic_error.go model_health_not_ready_status.go @@ -126,6 +131,7 @@ model_inline_response_200_1.go model_inline_response_503.go model_json_error.go model_json_patch.go +model_message.go model_needs_privileged_session_error.go model_pagination.go model_recovery_identity_address.go diff --git a/internal/httpclient/README.md b/internal/httpclient/README.md index ec39a91a1ac8..1ff33d03f07c 100644 --- a/internal/httpclient/README.md +++ b/internal/httpclient/README.md @@ -86,47 +86,48 @@ Class | Method | HTTP request | Description *MetadataApi* | [**GetVersion**](docs/MetadataApi.md#getversion) | **Get** /version | Return Running Software Version. *MetadataApi* | [**IsAlive**](docs/MetadataApi.md#isalive) | **Get** /health/alive | Check HTTP Server Status *MetadataApi* | [**IsReady**](docs/MetadataApi.md#isready) | **Get** /health/ready | Check HTTP Server and Database Status -*V0alpha2Api* | [**AdminCreateIdentity**](docs/V0alpha2Api.md#admincreateidentity) | **Post** /admin/identities | # Create an Identity -*V0alpha2Api* | [**AdminCreateSelfServiceRecoveryLink**](docs/V0alpha2Api.md#admincreateselfservicerecoverylink) | **Post** /admin/recovery/link | # Create a Recovery Link -*V0alpha2Api* | [**AdminDeleteIdentity**](docs/V0alpha2Api.md#admindeleteidentity) | **Delete** /admin/identities/{id} | # Delete an Identity +*V0alpha2Api* | [**AdminCreateIdentity**](docs/V0alpha2Api.md#admincreateidentity) | **Post** /admin/identities | Create an Identity +*V0alpha2Api* | [**AdminCreateSelfServiceRecoveryLink**](docs/V0alpha2Api.md#admincreateselfservicerecoverylink) | **Post** /admin/recovery/link | Create a Recovery Link +*V0alpha2Api* | [**AdminDeleteIdentity**](docs/V0alpha2Api.md#admindeleteidentity) | **Delete** /admin/identities/{id} | Delete an Identity *V0alpha2Api* | [**AdminDeleteIdentitySessions**](docs/V0alpha2Api.md#admindeleteidentitysessions) | **Delete** /admin/identities/{id}/sessions | Calling this endpoint irrecoverably and permanently deletes and invalidates all sessions that belong to the given Identity. *V0alpha2Api* | [**AdminExtendSession**](docs/V0alpha2Api.md#adminextendsession) | **Patch** /admin/sessions/{id}/extend | Calling this endpoint extends the given session ID. If `session.earliest_possible_extend` is set it will only extend the session after the specified time has passed. -*V0alpha2Api* | [**AdminGetIdentity**](docs/V0alpha2Api.md#admingetidentity) | **Get** /admin/identities/{id} | # Get an Identity -*V0alpha2Api* | [**AdminListIdentities**](docs/V0alpha2Api.md#adminlistidentities) | **Get** /admin/identities | # List Identities +*V0alpha2Api* | [**AdminGetIdentity**](docs/V0alpha2Api.md#admingetidentity) | **Get** /admin/identities/{id} | Get an Identity +*V0alpha2Api* | [**AdminListCourierMessages**](docs/V0alpha2Api.md#adminlistcouriermessages) | **Get** /admin/courier/messages | List Messages +*V0alpha2Api* | [**AdminListIdentities**](docs/V0alpha2Api.md#adminlistidentities) | **Get** /admin/identities | List Identities *V0alpha2Api* | [**AdminListIdentitySessions**](docs/V0alpha2Api.md#adminlistidentitysessions) | **Get** /admin/identities/{id}/sessions | This endpoint returns all sessions that belong to the given Identity. *V0alpha2Api* | [**AdminPatchIdentity**](docs/V0alpha2Api.md#adminpatchidentity) | **Patch** /admin/identities/{id} | Partially updates an Identity's field using [JSON Patch](https://jsonpatch.com/) -*V0alpha2Api* | [**AdminUpdateIdentity**](docs/V0alpha2Api.md#adminupdateidentity) | **Put** /admin/identities/{id} | # Update an Identity -*V0alpha2Api* | [**CreateSelfServiceLogoutFlowUrlForBrowsers**](docs/V0alpha2Api.md#createselfservicelogoutflowurlforbrowsers) | **Get** /self-service/logout/browser | # Create a Logout URL for Browsers +*V0alpha2Api* | [**AdminUpdateIdentity**](docs/V0alpha2Api.md#adminupdateidentity) | **Put** /admin/identities/{id} | Update an Identity +*V0alpha2Api* | [**CreateSelfServiceLogoutFlowUrlForBrowsers**](docs/V0alpha2Api.md#createselfservicelogoutflowurlforbrowsers) | **Get** /self-service/logout/browser | Create a Logout URL for Browsers *V0alpha2Api* | [**GetIdentitySchema**](docs/V0alpha2Api.md#getidentityschema) | **Get** /schemas/{id} | -*V0alpha2Api* | [**GetSelfServiceError**](docs/V0alpha2Api.md#getselfserviceerror) | **Get** /self-service/errors | # Get Self-Service Errors -*V0alpha2Api* | [**GetSelfServiceLoginFlow**](docs/V0alpha2Api.md#getselfserviceloginflow) | **Get** /self-service/login/flows | # Get Login Flow -*V0alpha2Api* | [**GetSelfServiceRecoveryFlow**](docs/V0alpha2Api.md#getselfservicerecoveryflow) | **Get** /self-service/recovery/flows | # Get Recovery Flow -*V0alpha2Api* | [**GetSelfServiceRegistrationFlow**](docs/V0alpha2Api.md#getselfserviceregistrationflow) | **Get** /self-service/registration/flows | # Get Registration Flow -*V0alpha2Api* | [**GetSelfServiceSettingsFlow**](docs/V0alpha2Api.md#getselfservicesettingsflow) | **Get** /self-service/settings/flows | # Get Settings Flow -*V0alpha2Api* | [**GetSelfServiceVerificationFlow**](docs/V0alpha2Api.md#getselfserviceverificationflow) | **Get** /self-service/verification/flows | # Get Verification Flow -*V0alpha2Api* | [**GetWebAuthnJavaScript**](docs/V0alpha2Api.md#getwebauthnjavascript) | **Get** /.well-known/ory/webauthn.js | # Get WebAuthn JavaScript -*V0alpha2Api* | [**InitializeSelfServiceLoginFlowForBrowsers**](docs/V0alpha2Api.md#initializeselfserviceloginflowforbrowsers) | **Get** /self-service/login/browser | # Initialize Login Flow for Browsers +*V0alpha2Api* | [**GetSelfServiceError**](docs/V0alpha2Api.md#getselfserviceerror) | **Get** /self-service/errors | Get Self-Service Errors +*V0alpha2Api* | [**GetSelfServiceLoginFlow**](docs/V0alpha2Api.md#getselfserviceloginflow) | **Get** /self-service/login/flows | Get Login Flow +*V0alpha2Api* | [**GetSelfServiceRecoveryFlow**](docs/V0alpha2Api.md#getselfservicerecoveryflow) | **Get** /self-service/recovery/flows | Get Recovery Flow +*V0alpha2Api* | [**GetSelfServiceRegistrationFlow**](docs/V0alpha2Api.md#getselfserviceregistrationflow) | **Get** /self-service/registration/flows | Get Registration Flow +*V0alpha2Api* | [**GetSelfServiceSettingsFlow**](docs/V0alpha2Api.md#getselfservicesettingsflow) | **Get** /self-service/settings/flows | Get Settings Flow +*V0alpha2Api* | [**GetSelfServiceVerificationFlow**](docs/V0alpha2Api.md#getselfserviceverificationflow) | **Get** /self-service/verification/flows | Get Verification Flow +*V0alpha2Api* | [**GetWebAuthnJavaScript**](docs/V0alpha2Api.md#getwebauthnjavascript) | **Get** /.well-known/ory/webauthn.js | Get WebAuthn JavaScript +*V0alpha2Api* | [**InitializeSelfServiceLoginFlowForBrowsers**](docs/V0alpha2Api.md#initializeselfserviceloginflowforbrowsers) | **Get** /self-service/login/browser | Initialize Login Flow for Browsers *V0alpha2Api* | [**InitializeSelfServiceLoginFlowWithoutBrowser**](docs/V0alpha2Api.md#initializeselfserviceloginflowwithoutbrowser) | **Get** /self-service/login/api | Initialize Login Flow for APIs, Services, Apps, ... -*V0alpha2Api* | [**InitializeSelfServiceRecoveryFlowForBrowsers**](docs/V0alpha2Api.md#initializeselfservicerecoveryflowforbrowsers) | **Get** /self-service/recovery/browser | # Initialize Recovery Flow for Browsers +*V0alpha2Api* | [**InitializeSelfServiceRecoveryFlowForBrowsers**](docs/V0alpha2Api.md#initializeselfservicerecoveryflowforbrowsers) | **Get** /self-service/recovery/browser | Initialize Recovery Flow for Browsers *V0alpha2Api* | [**InitializeSelfServiceRecoveryFlowWithoutBrowser**](docs/V0alpha2Api.md#initializeselfservicerecoveryflowwithoutbrowser) | **Get** /self-service/recovery/api | Initialize Recovery Flow for APIs, Services, Apps, ... -*V0alpha2Api* | [**InitializeSelfServiceRegistrationFlowForBrowsers**](docs/V0alpha2Api.md#initializeselfserviceregistrationflowforbrowsers) | **Get** /self-service/registration/browser | # Initialize Registration Flow for Browsers +*V0alpha2Api* | [**InitializeSelfServiceRegistrationFlowForBrowsers**](docs/V0alpha2Api.md#initializeselfserviceregistrationflowforbrowsers) | **Get** /self-service/registration/browser | Initialize Registration Flow for Browsers *V0alpha2Api* | [**InitializeSelfServiceRegistrationFlowWithoutBrowser**](docs/V0alpha2Api.md#initializeselfserviceregistrationflowwithoutbrowser) | **Get** /self-service/registration/api | Initialize Registration Flow for APIs, Services, Apps, ... -*V0alpha2Api* | [**InitializeSelfServiceSettingsFlowForBrowsers**](docs/V0alpha2Api.md#initializeselfservicesettingsflowforbrowsers) | **Get** /self-service/settings/browser | # Initialize Settings Flow for Browsers +*V0alpha2Api* | [**InitializeSelfServiceSettingsFlowForBrowsers**](docs/V0alpha2Api.md#initializeselfservicesettingsflowforbrowsers) | **Get** /self-service/settings/browser | Initialize Settings Flow for Browsers *V0alpha2Api* | [**InitializeSelfServiceSettingsFlowWithoutBrowser**](docs/V0alpha2Api.md#initializeselfservicesettingsflowwithoutbrowser) | **Get** /self-service/settings/api | Initialize Settings Flow for APIs, Services, Apps, ... -*V0alpha2Api* | [**InitializeSelfServiceVerificationFlowForBrowsers**](docs/V0alpha2Api.md#initializeselfserviceverificationflowforbrowsers) | **Get** /self-service/verification/browser | # Initialize Verification Flow for Browser Clients +*V0alpha2Api* | [**InitializeSelfServiceVerificationFlowForBrowsers**](docs/V0alpha2Api.md#initializeselfserviceverificationflowforbrowsers) | **Get** /self-service/verification/browser | Initialize Verification Flow for Browser Clients *V0alpha2Api* | [**InitializeSelfServiceVerificationFlowWithoutBrowser**](docs/V0alpha2Api.md#initializeselfserviceverificationflowwithoutbrowser) | **Get** /self-service/verification/api | Initialize Verification Flow for APIs, Services, Apps, ... *V0alpha2Api* | [**ListIdentitySchemas**](docs/V0alpha2Api.md#listidentityschemas) | **Get** /schemas | *V0alpha2Api* | [**ListSessions**](docs/V0alpha2Api.md#listsessions) | **Get** /sessions | This endpoints returns all other active sessions that belong to the logged-in user. The current session can be retrieved by calling the `/sessions/whoami` endpoint. *V0alpha2Api* | [**RevokeSession**](docs/V0alpha2Api.md#revokesession) | **Delete** /sessions/{id} | Calling this endpoint invalidates the specified session. The current session cannot be revoked. Session data are not deleted. *V0alpha2Api* | [**RevokeSessions**](docs/V0alpha2Api.md#revokesessions) | **Delete** /sessions | Calling this endpoint invalidates all except the current session that belong to the logged-in user. Session data are not deleted. -*V0alpha2Api* | [**SubmitSelfServiceLoginFlow**](docs/V0alpha2Api.md#submitselfserviceloginflow) | **Post** /self-service/login | # Submit a Login Flow -*V0alpha2Api* | [**SubmitSelfServiceLogoutFlow**](docs/V0alpha2Api.md#submitselfservicelogoutflow) | **Get** /self-service/logout | # Complete Self-Service Logout +*V0alpha2Api* | [**SubmitSelfServiceLoginFlow**](docs/V0alpha2Api.md#submitselfserviceloginflow) | **Post** /self-service/login | Submit a Login Flow +*V0alpha2Api* | [**SubmitSelfServiceLogoutFlow**](docs/V0alpha2Api.md#submitselfservicelogoutflow) | **Get** /self-service/logout | Complete Self-Service Logout *V0alpha2Api* | [**SubmitSelfServiceLogoutFlowWithoutBrowser**](docs/V0alpha2Api.md#submitselfservicelogoutflowwithoutbrowser) | **Delete** /self-service/logout/api | Perform Logout for APIs, Services, Apps, ... -*V0alpha2Api* | [**SubmitSelfServiceRecoveryFlow**](docs/V0alpha2Api.md#submitselfservicerecoveryflow) | **Post** /self-service/recovery | # Complete Recovery Flow -*V0alpha2Api* | [**SubmitSelfServiceRegistrationFlow**](docs/V0alpha2Api.md#submitselfserviceregistrationflow) | **Post** /self-service/registration | # Submit a Registration Flow -*V0alpha2Api* | [**SubmitSelfServiceSettingsFlow**](docs/V0alpha2Api.md#submitselfservicesettingsflow) | **Post** /self-service/settings | # Complete Settings Flow -*V0alpha2Api* | [**SubmitSelfServiceVerificationFlow**](docs/V0alpha2Api.md#submitselfserviceverificationflow) | **Post** /self-service/verification | # Complete Verification Flow -*V0alpha2Api* | [**ToSession**](docs/V0alpha2Api.md#tosession) | **Get** /sessions/whoami | # Check Who the Current HTTP Session Belongs To +*V0alpha2Api* | [**SubmitSelfServiceRecoveryFlow**](docs/V0alpha2Api.md#submitselfservicerecoveryflow) | **Post** /self-service/recovery | Complete Recovery Flow +*V0alpha2Api* | [**SubmitSelfServiceRegistrationFlow**](docs/V0alpha2Api.md#submitselfserviceregistrationflow) | **Post** /self-service/registration | Submit a Registration Flow +*V0alpha2Api* | [**SubmitSelfServiceSettingsFlow**](docs/V0alpha2Api.md#submitselfservicesettingsflow) | **Post** /self-service/settings | Complete Settings Flow +*V0alpha2Api* | [**SubmitSelfServiceVerificationFlow**](docs/V0alpha2Api.md#submitselfserviceverificationflow) | **Post** /self-service/verification | Complete Verification Flow +*V0alpha2Api* | [**ToSession**](docs/V0alpha2Api.md#tosession) | **Get** /sessions/whoami | Check Who the Current HTTP Session Belongs To ## Documentation For Models @@ -141,6 +142,8 @@ Class | Method | HTTP request | Description - [AdminIdentityImportCredentials](docs/AdminIdentityImportCredentials.md) - [AdminUpdateIdentityBody](docs/AdminUpdateIdentityBody.md) - [AuthenticatorAssuranceLevel](docs/AuthenticatorAssuranceLevel.md) + - [CourierMessageStatus](docs/CourierMessageStatus.md) + - [CourierMessageType](docs/CourierMessageType.md) - [ErrorAuthenticatorAssuranceLevelNotSatisfied](docs/ErrorAuthenticatorAssuranceLevelNotSatisfied.md) - [GenericError](docs/GenericError.md) - [HealthNotReadyStatus](docs/HealthNotReadyStatus.md) @@ -158,6 +161,7 @@ Class | Method | HTTP request | Description - [InlineResponse503](docs/InlineResponse503.md) - [JsonError](docs/JsonError.md) - [JsonPatch](docs/JsonPatch.md) + - [Message](docs/Message.md) - [NeedsPrivilegedSessionError](docs/NeedsPrivilegedSessionError.md) - [Pagination](docs/Pagination.md) - [RecoveryIdentityAddress](docs/RecoveryIdentityAddress.md) diff --git a/internal/httpclient/api/openapi.yaml b/internal/httpclient/api/openapi.yaml index f4e9f3973108..8a0aac89e787 100644 --- a/internal/httpclient/api/openapi.yaml +++ b/internal/httpclient/api/openapi.yaml @@ -34,7 +34,86 @@ paths: schema: $ref: '#/components/schemas/webAuthnJavaScript' description: webAuthnJavaScript - summary: '# Get WebAuthn JavaScript' + summary: Get WebAuthn JavaScript + tags: + - v0alpha2 + /admin/courier/messages: + get: + description: Lists all messages by given status and recipient. + operationId: adminListCourierMessages + parameters: + - description: |- + Items per Page + + This is the number of items per page. + explode: true + in: query + name: per_page + required: false + schema: + default: 250 + format: int64 + maximum: 1000 + minimum: 1 + type: integer + style: form + - description: |- + Pagination Page + + This value is currently an integer, but it is not sequential. The value is not the page number, but a + reference. The next page can be any number and some numbers might return an empty list. + + For example, page 2 might not follow after page 1. And even if page 3 and 5 exist, but page 4 might not exist. + explode: true + in: query + name: page + required: false + schema: + default: 1 + format: int64 + minimum: 1 + type: integer + style: form + - description: |- + Status filters out messages based on status. + If no value is provided, it doesn't take effect on filter. + explode: true + in: query + name: status + required: false + schema: + $ref: '#/components/schemas/courierMessageStatus' + style: form + - description: |- + Recipient filters out messages based on recipient. + If no value is provided, it doesn't take effect on filter. + explode: true + in: query + name: recipient + required: false + schema: + type: string + style: form + responses: + "200": + content: + application/json: + schema: + $ref: '#/components/schemas/courierMessageList' + description: courierMessageList + "400": + content: + application/json: + schema: + $ref: '#/components/schemas/jsonError' + description: jsonError + "500": + content: + application/json: + schema: + $ref: '#/components/schemas/jsonError' + description: jsonError + summary: List Messages tags: - v0alpha2 /admin/identities: @@ -92,7 +171,7 @@ paths: description: jsonError security: - oryAccessToken: [] - summary: '# List Identities' + summary: List Identities tags: - v0alpha2 post: @@ -132,7 +211,7 @@ paths: description: jsonError security: - oryAccessToken: [] - summary: '# Create an Identity' + summary: Create an Identity tags: - v0alpha2 /admin/identities/{id}: @@ -171,7 +250,7 @@ paths: description: jsonError security: - oryAccessToken: [] - summary: '# Delete an Identity' + summary: Delete an Identity tags: - v0alpha2 get: @@ -222,7 +301,7 @@ paths: description: jsonError security: - oryAccessToken: [] - summary: '# Get an Identity' + summary: Get an Identity tags: - v0alpha2 patch: @@ -336,7 +415,7 @@ paths: description: jsonError security: - oryAccessToken: [] - summary: '# Update an Identity' + summary: Update an Identity tags: - v0alpha2 /admin/identities/{id}/sessions: @@ -518,7 +597,7 @@ paths: schema: $ref: '#/components/schemas/jsonError' description: jsonError - summary: '# Create a Recovery Link' + summary: Create a Recovery Link tags: - v0alpha2 /admin/sessions/{id}/extend: @@ -754,7 +833,7 @@ paths: schema: $ref: '#/components/schemas/jsonError' description: jsonError - summary: '# Get Self-Service Errors' + summary: Get Self-Service Errors tags: - v0alpha2 /self-service/login: @@ -871,7 +950,7 @@ paths: schema: $ref: '#/components/schemas/jsonError' description: jsonError - summary: '# Submit a Login Flow' + summary: Submit a Login Flow tags: - v0alpha2 /self-service/login/api: @@ -1049,7 +1128,7 @@ paths: schema: $ref: '#/components/schemas/jsonError' description: jsonError - summary: '# Initialize Login Flow for Browsers' + summary: Initialize Login Flow for Browsers tags: - v0alpha2 /self-service/login/flows: @@ -1135,7 +1214,7 @@ paths: schema: $ref: '#/components/schemas/jsonError' description: jsonError - summary: '# Get Login Flow' + summary: Get Login Flow tags: - v0alpha2 /self-service/logout: @@ -1189,7 +1268,7 @@ paths: schema: $ref: '#/components/schemas/jsonError' description: jsonError - summary: '# Complete Self-Service Logout' + summary: Complete Self-Service Logout tags: - v0alpha2 /self-service/logout/api: @@ -1276,7 +1355,7 @@ paths: schema: $ref: '#/components/schemas/jsonError' description: jsonError - summary: '# Create a Logout URL for Browsers' + summary: Create a Logout URL for Browsers tags: - v0alpha2 /self-service/recovery: @@ -1376,7 +1455,7 @@ paths: schema: $ref: '#/components/schemas/jsonError' description: jsonError - summary: '# Complete Recovery Flow' + summary: Complete Recovery Flow tags: - v0alpha2 /self-service/recovery/api: @@ -1463,7 +1542,7 @@ paths: schema: $ref: '#/components/schemas/jsonError' description: jsonError - summary: '# Initialize Recovery Flow for Browsers' + summary: Initialize Recovery Flow for Browsers tags: - v0alpha2 /self-service/recovery/flows: @@ -1538,7 +1617,7 @@ paths: schema: $ref: '#/components/schemas/jsonError' description: jsonError - summary: '# Get Recovery Flow' + summary: Get Recovery Flow tags: - v0alpha2 /self-service/registration: @@ -1642,7 +1721,7 @@ paths: schema: $ref: '#/components/schemas/jsonError' description: jsonError - summary: '# Submit a Registration Flow' + summary: Submit a Registration Flow tags: - v0alpha2 /self-service/registration/api: @@ -1744,7 +1823,7 @@ paths: schema: $ref: '#/components/schemas/jsonError' description: jsonError - summary: '# Initialize Registration Flow for Browsers' + summary: Initialize Registration Flow for Browsers tags: - v0alpha2 /self-service/registration/flows: @@ -1830,7 +1909,7 @@ paths: schema: $ref: '#/components/schemas/jsonError' description: jsonError - summary: '# Get Registration Flow' + summary: Get Registration Flow tags: - v0alpha2 /self-service/settings: @@ -1971,7 +2050,7 @@ paths: description: jsonError security: - sessionToken: [] - summary: '# Complete Settings Flow' + summary: Complete Settings Flow tags: - v0alpha2 /self-service/settings/api: @@ -2116,7 +2195,7 @@ paths: schema: $ref: '#/components/schemas/jsonError' description: jsonError - summary: '# Initialize Settings Flow for Browsers' + summary: Initialize Settings Flow for Browsers tags: - v0alpha2 /self-service/settings/flows: @@ -2216,7 +2295,7 @@ paths: schema: $ref: '#/components/schemas/jsonError' description: jsonError - summary: '# Get Settings Flow' + summary: Get Settings Flow tags: - v0alpha2 /self-service/verification: @@ -2316,7 +2395,7 @@ paths: schema: $ref: '#/components/schemas/jsonError' description: jsonError - summary: '# Complete Verification Flow' + summary: Complete Verification Flow tags: - v0alpha2 /self-service/verification/api: @@ -2393,7 +2472,7 @@ paths: schema: $ref: '#/components/schemas/jsonError' description: jsonError - summary: '# Initialize Verification Flow for Browser Clients' + summary: Initialize Verification Flow for Browser Clients tags: - v0alpha2 /self-service/verification/flows: @@ -2467,7 +2546,7 @@ paths: schema: $ref: '#/components/schemas/jsonError' description: jsonError - summary: '# Get Verification Flow' + summary: Get Verification Flow tags: - v0alpha2 /sessions: @@ -2736,7 +2815,7 @@ paths: schema: $ref: '#/components/schemas/jsonError' description: jsonError - summary: '# Check Who the Current HTTP Session Belongs To' + summary: Check Who the Current HTTP Session Belongs To tags: - v0alpha2 /sessions/{id}: @@ -2876,6 +2955,8 @@ components: title: RecoveryAddressType must not exceed 16 characters as that is the limitation in the SQL Schema. type: string + TemplateType: + type: string UUID: format: uuid4 type: string @@ -3056,6 +3137,26 @@ components: - aal3 title: Authenticator Assurance Level (AAL) type: string + courierMessageList: + items: + $ref: '#/components/schemas/message' + title: A list of messages. + type: array + courierMessageStatus: + description: A Message's Status + enum: + - queued + - sent + - processing + - abandoned + type: string + courierMessageType: + description: It can either be `email` or `phone` + enum: + - email + - phone + title: A Message's Type + type: string errorAuthenticatorAssuranceLevelNotSatisfied: properties: code: @@ -3470,6 +3571,44 @@ components: items: $ref: '#/components/schemas/jsonPatch' type: array + message: + example: + updated_at: 2000-01-23T04:56:07.000+00:00 + subject: subject + recipient: recipient + created_at: 2000-01-23T04:56:07.000+00:00 + send_count: 0 + template_type: template_type + id: 046b6c7f-0b8a-43b9-b35d-6489e6daee91 + body: body + properties: + body: + type: string + created_at: + description: CreatedAt is a helper struct field for gobuffalo.pop. + format: date-time + type: string + id: + format: uuid + type: string + recipient: + type: string + send_count: + format: int64 + type: integer + status: + $ref: '#/components/schemas/courierMessageStatus' + subject: + type: string + template_type: + type: string + type: + $ref: '#/components/schemas/courierMessageType' + updated_at: + description: UpdatedAt is a helper struct field for gobuffalo.pop. + format: date-time + type: string + type: object needsPrivilegedSessionError: properties: code: diff --git a/internal/httpclient/api_metadata.go b/internal/httpclient/api_metadata.go index a63febb073aa..eec994165b53 100644 --- a/internal/httpclient/api_metadata.go +++ b/internal/httpclient/api_metadata.go @@ -102,16 +102,16 @@ func (r MetadataApiApiGetVersionRequest) Execute() (*InlineResponse2001, *http.R } /* - * GetVersion Return Running Software Version. - * This endpoint returns the version of Ory Kratos. + - GetVersion Return Running Software Version. + - This endpoint returns the version of Ory Kratos. If the service supports TLS Edge Termination, this endpoint does not require the `X-Forwarded-Proto` header to be set. Be aware that if you are running multiple nodes of this service, the version will never refer to the cluster state, only to a single instance. - * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - * @return MetadataApiApiGetVersionRequest + - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + - @return MetadataApiApiGetVersionRequest */ func (a *MetadataApiService) GetVersion(ctx context.Context) MetadataApiApiGetVersionRequest { return MetadataApiApiGetVersionRequest{ @@ -209,8 +209,9 @@ func (r MetadataApiApiIsAliveRequest) Execute() (*InlineResponse200, *http.Respo } /* - * IsAlive Check HTTP Server Status - * This endpoint returns a HTTP 200 status code when Ory Kratos is accepting incoming + - IsAlive Check HTTP Server Status + - This endpoint returns a HTTP 200 status code when Ory Kratos is accepting incoming + HTTP requests. This status does currently not include checks whether the database connection is working. If the service supports TLS Edge Termination, this endpoint does not require the @@ -218,8 +219,8 @@ If the service supports TLS Edge Termination, this endpoint does not require the Be aware that if you are running multiple nodes of this service, the health status will never refer to the cluster state, only to a single instance. - * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - * @return MetadataApiApiIsAliveRequest + - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + - @return MetadataApiApiIsAliveRequest */ func (a *MetadataApiService) IsAlive(ctx context.Context) MetadataApiApiIsAliveRequest { return MetadataApiApiIsAliveRequest{ @@ -326,8 +327,9 @@ func (r MetadataApiApiIsReadyRequest) Execute() (*InlineResponse200, *http.Respo } /* - * IsReady Check HTTP Server and Database Status - * This endpoint returns a HTTP 200 status code when Ory Kratos is up running and the environment dependencies (e.g. + - IsReady Check HTTP Server and Database Status + - This endpoint returns a HTTP 200 status code when Ory Kratos is up running and the environment dependencies (e.g. + the database) are responsive as well. If the service supports TLS Edge Termination, this endpoint does not require the @@ -335,8 +337,8 @@ If the service supports TLS Edge Termination, this endpoint does not require the Be aware that if you are running multiple nodes of Ory Kratos, the health status will never refer to the cluster state, only to a single instance. - * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - * @return MetadataApiApiIsReadyRequest + - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + - @return MetadataApiApiIsReadyRequest */ func (a *MetadataApiService) IsReady(ctx context.Context) MetadataApiApiIsReadyRequest { return MetadataApiApiIsReadyRequest{ diff --git a/internal/httpclient/api_v0alpha2.go b/internal/httpclient/api_v0alpha2.go index 4ebe7a218f4e..1c1dc81a93f1 100644 --- a/internal/httpclient/api_v0alpha2.go +++ b/internal/httpclient/api_v0alpha2.go @@ -29,7 +29,7 @@ var ( type V0alpha2Api interface { /* - * AdminCreateIdentity # Create an Identity + * AdminCreateIdentity Create an Identity * This endpoint creates an identity. Learn how identities work in [Ory Kratos' User And Identity Model Documentation](https://www.ory.sh/docs/next/kratos/concepts/identity-user-model). * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). * @return V0alpha2ApiApiAdminCreateIdentityRequest @@ -43,7 +43,7 @@ type V0alpha2Api interface { AdminCreateIdentityExecute(r V0alpha2ApiApiAdminCreateIdentityRequest) (*Identity, *http.Response, error) /* - * AdminCreateSelfServiceRecoveryLink # Create a Recovery Link + * AdminCreateSelfServiceRecoveryLink Create a Recovery Link * This endpoint creates a recovery link which should be given to the user in order for them to recover (or activate) their account. * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). @@ -58,7 +58,7 @@ type V0alpha2Api interface { AdminCreateSelfServiceRecoveryLinkExecute(r V0alpha2ApiApiAdminCreateSelfServiceRecoveryLinkRequest) (*SelfServiceRecoveryLink, *http.Response, error) /* - * AdminDeleteIdentity # Delete an Identity + * AdminDeleteIdentity Delete an Identity * Calling this endpoint irrecoverably and permanently deletes the identity given its ID. This action can not be undone. This endpoint returns 204 when the identity was deleted or when the identity was not found, in which case it is assumed that is has been deleted already. @@ -107,7 +107,7 @@ type V0alpha2Api interface { AdminExtendSessionExecute(r V0alpha2ApiApiAdminExtendSessionRequest) (*Session, *http.Response, error) /* - * AdminGetIdentity # Get an Identity + * AdminGetIdentity Get an Identity * Learn how identities work in [Ory Kratos' User And Identity Model Documentation](https://www.ory.sh/docs/next/kratos/concepts/identity-user-model). * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). * @param id ID must be set to the ID of identity you want to get @@ -122,7 +122,21 @@ type V0alpha2Api interface { AdminGetIdentityExecute(r V0alpha2ApiApiAdminGetIdentityRequest) (*Identity, *http.Response, error) /* - * AdminListIdentities # List Identities + * AdminListCourierMessages List Messages + * Lists all messages by given status and recipient. + * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + * @return V0alpha2ApiApiAdminListCourierMessagesRequest + */ + AdminListCourierMessages(ctx context.Context) V0alpha2ApiApiAdminListCourierMessagesRequest + + /* + * AdminListCourierMessagesExecute executes the request + * @return []Message + */ + AdminListCourierMessagesExecute(r V0alpha2ApiApiAdminListCourierMessagesRequest) ([]Message, *http.Response, error) + + /* + * AdminListIdentities List Identities * Lists all identities. Does not support search at the moment. Learn how identities work in [Ory Kratos' User And Identity Model Documentation](https://www.ory.sh/docs/next/kratos/concepts/identity-user-model). @@ -172,7 +186,7 @@ type V0alpha2Api interface { AdminPatchIdentityExecute(r V0alpha2ApiApiAdminPatchIdentityRequest) (*Identity, *http.Response, error) /* - * AdminUpdateIdentity # Update an Identity + * AdminUpdateIdentity Update an Identity * This endpoint updates an identity. The full identity payload (except credentials) is expected. This endpoint does not support patching. Learn how identities work in [Ory Kratos' User And Identity Model Documentation](https://www.ory.sh/docs/next/kratos/concepts/identity-user-model). @@ -189,7 +203,7 @@ type V0alpha2Api interface { AdminUpdateIdentityExecute(r V0alpha2ApiApiAdminUpdateIdentityRequest) (*Identity, *http.Response, error) /* - * CreateSelfServiceLogoutFlowUrlForBrowsers # Create a Logout URL for Browsers + * CreateSelfServiceLogoutFlowUrlForBrowsers Create a Logout URL for Browsers * This endpoint initializes a browser-based user logout flow and a URL which can be used to log out the user. This endpoint is NOT INTENDED for API clients and only works @@ -227,7 +241,7 @@ type V0alpha2Api interface { GetIdentitySchemaExecute(r V0alpha2ApiApiGetIdentitySchemaRequest) (map[string]interface{}, *http.Response, error) /* - * GetSelfServiceError # Get Self-Service Errors + * GetSelfServiceError Get Self-Service Errors * This endpoint returns the error associated with a user-facing self service errors. This endpoint supports stub values to help you implement the error UI: @@ -247,7 +261,7 @@ type V0alpha2Api interface { GetSelfServiceErrorExecute(r V0alpha2ApiApiGetSelfServiceErrorRequest) (*SelfServiceError, *http.Response, error) /* - * GetSelfServiceLoginFlow # Get Login Flow + * GetSelfServiceLoginFlow Get Login Flow * This endpoint returns a login flow's context with, for example, error details and other information. Browser flows expect the anti-CSRF cookie to be included in the request's HTTP Cookie Header. @@ -283,7 +297,7 @@ type V0alpha2Api interface { GetSelfServiceLoginFlowExecute(r V0alpha2ApiApiGetSelfServiceLoginFlowRequest) (*SelfServiceLoginFlow, *http.Response, error) /* - * GetSelfServiceRecoveryFlow # Get Recovery Flow + * GetSelfServiceRecoveryFlow Get Recovery Flow * This endpoint returns a recovery flow's context with, for example, error details and other information. Browser flows expect the anti-CSRF cookie to be included in the request's HTTP Cookie Header. @@ -314,7 +328,7 @@ type V0alpha2Api interface { GetSelfServiceRecoveryFlowExecute(r V0alpha2ApiApiGetSelfServiceRecoveryFlowRequest) (*SelfServiceRecoveryFlow, *http.Response, error) /* - * GetSelfServiceRegistrationFlow # Get Registration Flow + * GetSelfServiceRegistrationFlow Get Registration Flow * This endpoint returns a registration flow's context with, for example, error details and other information. Browser flows expect the anti-CSRF cookie to be included in the request's HTTP Cookie Header. @@ -350,7 +364,7 @@ type V0alpha2Api interface { GetSelfServiceRegistrationFlowExecute(r V0alpha2ApiApiGetSelfServiceRegistrationFlowRequest) (*SelfServiceRegistrationFlow, *http.Response, error) /* - * GetSelfServiceSettingsFlow # Get Settings Flow + * GetSelfServiceSettingsFlow Get Settings Flow * When accessing this endpoint through Ory Kratos' Public API you must ensure that either the Ory Kratos Session Cookie or the Ory Kratos Session Token are set. @@ -382,7 +396,7 @@ type V0alpha2Api interface { GetSelfServiceSettingsFlowExecute(r V0alpha2ApiApiGetSelfServiceSettingsFlowRequest) (*SelfServiceSettingsFlow, *http.Response, error) /* - * GetSelfServiceVerificationFlow # Get Verification Flow + * GetSelfServiceVerificationFlow Get Verification Flow * This endpoint returns a verification flow's context with, for example, error details and other information. Browser flows expect the anti-CSRF cookie to be included in the request's HTTP Cookie Header. @@ -412,7 +426,7 @@ type V0alpha2Api interface { GetSelfServiceVerificationFlowExecute(r V0alpha2ApiApiGetSelfServiceVerificationFlowRequest) (*SelfServiceVerificationFlow, *http.Response, error) /* - * GetWebAuthnJavaScript # Get WebAuthn JavaScript + * GetWebAuthnJavaScript Get WebAuthn JavaScript * This endpoint provides JavaScript which is needed in order to perform WebAuthn login and registration. If you are building a JavaScript Browser App (e.g. in ReactJS or AngularJS) you will need to load this file: @@ -434,7 +448,7 @@ type V0alpha2Api interface { GetWebAuthnJavaScriptExecute(r V0alpha2ApiApiGetWebAuthnJavaScriptRequest) (string, *http.Response, error) /* - * InitializeSelfServiceLoginFlowForBrowsers # Initialize Login Flow for Browsers + * InitializeSelfServiceLoginFlowForBrowsers Initialize Login Flow for Browsers * This endpoint initializes a browser-based user login flow. This endpoint will set the appropriate cookies and anti-CSRF measures required for browser-based flows. @@ -499,7 +513,7 @@ type V0alpha2Api interface { InitializeSelfServiceLoginFlowWithoutBrowserExecute(r V0alpha2ApiApiInitializeSelfServiceLoginFlowWithoutBrowserRequest) (*SelfServiceLoginFlow, *http.Response, error) /* - * InitializeSelfServiceRecoveryFlowForBrowsers # Initialize Recovery Flow for Browsers + * InitializeSelfServiceRecoveryFlowForBrowsers Initialize Recovery Flow for Browsers * This endpoint initializes a browser-based account recovery flow. Once initialized, the browser will be redirected to `selfservice.flows.recovery.ui_url` with the flow ID set as the query parameter `?flow=`. If a valid user session exists, the browser is returned to the configured return URL. @@ -548,7 +562,7 @@ type V0alpha2Api interface { InitializeSelfServiceRecoveryFlowWithoutBrowserExecute(r V0alpha2ApiApiInitializeSelfServiceRecoveryFlowWithoutBrowserRequest) (*SelfServiceRecoveryFlow, *http.Response, error) /* - * InitializeSelfServiceRegistrationFlowForBrowsers # Initialize Registration Flow for Browsers + * InitializeSelfServiceRegistrationFlowForBrowsers Initialize Registration Flow for Browsers * This endpoint initializes a browser-based user registration flow. This endpoint will set the appropriate cookies and anti-CSRF measures required for browser-based flows. @@ -618,7 +632,7 @@ type V0alpha2Api interface { InitializeSelfServiceRegistrationFlowWithoutBrowserExecute(r V0alpha2ApiApiInitializeSelfServiceRegistrationFlowWithoutBrowserRequest) (*SelfServiceRegistrationFlow, *http.Response, error) /* - * InitializeSelfServiceSettingsFlowForBrowsers # Initialize Settings Flow for Browsers + * InitializeSelfServiceSettingsFlowForBrowsers Initialize Settings Flow for Browsers * This endpoint initializes a browser-based user settings flow. Once initialized, the browser will be redirected to `selfservice.flows.settings.ui_url` with the flow ID set as the query parameter `?flow=`. If no valid Ory Kratos Session Cookie is included in the request, a login flow will be initialized. @@ -692,7 +706,7 @@ type V0alpha2Api interface { InitializeSelfServiceSettingsFlowWithoutBrowserExecute(r V0alpha2ApiApiInitializeSelfServiceSettingsFlowWithoutBrowserRequest) (*SelfServiceSettingsFlow, *http.Response, error) /* - * InitializeSelfServiceVerificationFlowForBrowsers # Initialize Verification Flow for Browser Clients + * InitializeSelfServiceVerificationFlowForBrowsers Initialize Verification Flow for Browser Clients * This endpoint initializes a browser-based account verification flow. Once initialized, the browser will be redirected to `selfservice.flows.verification.ui_url` with the flow ID set as the query parameter `?flow=`. @@ -799,7 +813,7 @@ type V0alpha2Api interface { RevokeSessionsExecute(r V0alpha2ApiApiRevokeSessionsRequest) (*RevokedSessions, *http.Response, error) /* - * SubmitSelfServiceLoginFlow # Submit a Login Flow + * SubmitSelfServiceLoginFlow Submit a Login Flow * :::info This endpoint is EXPERIMENTAL and subject to potential breaking changes in the future. @@ -845,7 +859,7 @@ type V0alpha2Api interface { SubmitSelfServiceLoginFlowExecute(r V0alpha2ApiApiSubmitSelfServiceLoginFlowRequest) (*SuccessfulSelfServiceLoginWithoutBrowser, *http.Response, error) /* - * SubmitSelfServiceLogoutFlow # Complete Self-Service Logout + * SubmitSelfServiceLogoutFlow Complete Self-Service Logout * This endpoint logs out an identity in a self-service manner. If the `Accept` HTTP header is not set to `application/json`, the browser will be redirected (HTTP 303 See Other) @@ -890,7 +904,7 @@ type V0alpha2Api interface { SubmitSelfServiceLogoutFlowWithoutBrowserExecute(r V0alpha2ApiApiSubmitSelfServiceLogoutFlowWithoutBrowserRequest) (*http.Response, error) /* - * SubmitSelfServiceRecoveryFlow # Complete Recovery Flow + * SubmitSelfServiceRecoveryFlow Complete Recovery Flow * Use this endpoint to complete a recovery flow. This endpoint behaves differently for API and browser flows and has several states: @@ -919,7 +933,7 @@ type V0alpha2Api interface { SubmitSelfServiceRecoveryFlowExecute(r V0alpha2ApiApiSubmitSelfServiceRecoveryFlowRequest) (*SelfServiceRecoveryFlow, *http.Response, error) /* - * SubmitSelfServiceRegistrationFlow # Submit a Registration Flow + * SubmitSelfServiceRegistrationFlow Submit a Registration Flow * Use this endpoint to complete a registration flow by sending an identity's traits and password. This endpoint behaves differently for API and browser flows. @@ -960,7 +974,7 @@ type V0alpha2Api interface { SubmitSelfServiceRegistrationFlowExecute(r V0alpha2ApiApiSubmitSelfServiceRegistrationFlowRequest) (*SuccessfulSelfServiceRegistrationWithoutBrowser, *http.Response, error) /* - * SubmitSelfServiceSettingsFlow # Complete Settings Flow + * SubmitSelfServiceSettingsFlow Complete Settings Flow * Use this endpoint to complete a settings flow by sending an identity's updated password. This endpoint behaves differently for API and browser flows. @@ -1016,7 +1030,7 @@ type V0alpha2Api interface { SubmitSelfServiceSettingsFlowExecute(r V0alpha2ApiApiSubmitSelfServiceSettingsFlowRequest) (*SelfServiceSettingsFlow, *http.Response, error) /* - * SubmitSelfServiceVerificationFlow # Complete Verification Flow + * SubmitSelfServiceVerificationFlow Complete Verification Flow * Use this endpoint to complete a verification flow. This endpoint behaves differently for API and browser flows and has several states: @@ -1045,7 +1059,7 @@ type V0alpha2Api interface { SubmitSelfServiceVerificationFlowExecute(r V0alpha2ApiApiSubmitSelfServiceVerificationFlowRequest) (*SelfServiceVerificationFlow, *http.Response, error) /* - * ToSession # Check Who the Current HTTP Session Belongs To + * ToSession Check Who the Current HTTP Session Belongs To * Uses the HTTP Headers in the GET request to determine (e.g. by using checking the cookies) who is authenticated. Returns a session object in the body or 401 if the credentials are invalid or no credentials were sent. Additionally when the request it successful it adds the user ID to the 'X-Kratos-Authenticated-Identity-Id' header @@ -1126,7 +1140,7 @@ func (r V0alpha2ApiApiAdminCreateIdentityRequest) Execute() (*Identity, *http.Re } /* - * AdminCreateIdentity # Create an Identity + * AdminCreateIdentity Create an Identity * This endpoint creates an identity. Learn how identities work in [Ory Kratos' User And Identity Model Documentation](https://www.ory.sh/docs/next/kratos/concepts/identity-user-model). * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). * @return V0alpha2ApiApiAdminCreateIdentityRequest @@ -1278,11 +1292,12 @@ func (r V0alpha2ApiApiAdminCreateSelfServiceRecoveryLinkRequest) Execute() (*Sel } /* - * AdminCreateSelfServiceRecoveryLink # Create a Recovery Link - * This endpoint creates a recovery link which should be given to the user in order for them to recover + - AdminCreateSelfServiceRecoveryLink Create a Recovery Link + - This endpoint creates a recovery link which should be given to the user in order for them to recover + (or activate) their account. - * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - * @return V0alpha2ApiApiAdminCreateSelfServiceRecoveryLinkRequest + - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + - @return V0alpha2ApiApiAdminCreateSelfServiceRecoveryLinkRequest */ func (a *V0alpha2ApiService) AdminCreateSelfServiceRecoveryLink(ctx context.Context) V0alpha2ApiApiAdminCreateSelfServiceRecoveryLinkRequest { return V0alpha2ApiApiAdminCreateSelfServiceRecoveryLinkRequest{ @@ -1412,15 +1427,16 @@ func (r V0alpha2ApiApiAdminDeleteIdentityRequest) Execute() (*http.Response, err } /* - * AdminDeleteIdentity # Delete an Identity - * Calling this endpoint irrecoverably and permanently deletes the identity given its ID. This action can not be undone. + - AdminDeleteIdentity Delete an Identity + - Calling this endpoint irrecoverably and permanently deletes the identity given its ID. This action can not be undone. + This endpoint returns 204 when the identity was deleted or when the identity was not found, in which case it is assumed that is has been deleted already. Learn how identities work in [Ory Kratos' User And Identity Model Documentation](https://www.ory.sh/docs/next/kratos/concepts/identity-user-model). - * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - * @param id ID is the identity's ID. - * @return V0alpha2ApiApiAdminDeleteIdentityRequest + - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + - @param id ID is the identity's ID. + - @return V0alpha2ApiApiAdminDeleteIdentityRequest */ func (a *V0alpha2ApiService) AdminDeleteIdentity(ctx context.Context, id string) V0alpha2ApiApiAdminDeleteIdentityRequest { return V0alpha2ApiApiAdminDeleteIdentityRequest{ @@ -1543,13 +1559,13 @@ func (r V0alpha2ApiApiAdminDeleteIdentitySessionsRequest) Execute() (*http.Respo } /* - * AdminDeleteIdentitySessions Calling this endpoint irrecoverably and permanently deletes and invalidates all sessions that belong to the given Identity. - * This endpoint is useful for: + - AdminDeleteIdentitySessions Calling this endpoint irrecoverably and permanently deletes and invalidates all sessions that belong to the given Identity. + - This endpoint is useful for: To forcefully logout Identity from all devices and sessions - * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - * @param id ID is the identity's ID. - * @return V0alpha2ApiApiAdminDeleteIdentitySessionsRequest + - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + - @param id ID is the identity's ID. + - @return V0alpha2ApiApiAdminDeleteIdentitySessionsRequest */ func (a *V0alpha2ApiService) AdminDeleteIdentitySessions(ctx context.Context, id string) V0alpha2ApiApiAdminDeleteIdentitySessionsRequest { return V0alpha2ApiApiAdminDeleteIdentitySessionsRequest{ @@ -1846,7 +1862,7 @@ func (r V0alpha2ApiApiAdminGetIdentityRequest) Execute() (*Identity, *http.Respo } /* - * AdminGetIdentity # Get an Identity + * AdminGetIdentity Get an Identity * Learn how identities work in [Ory Kratos' User And Identity Model Documentation](https://www.ory.sh/docs/next/kratos/concepts/identity-user-model). * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). * @param id ID must be set to the ID of identity you want to get @@ -1984,6 +2000,159 @@ func (a *V0alpha2ApiService) AdminGetIdentityExecute(r V0alpha2ApiApiAdminGetIde return localVarReturnValue, localVarHTTPResponse, nil } +type V0alpha2ApiApiAdminListCourierMessagesRequest struct { + ctx context.Context + ApiService V0alpha2Api + perPage *int64 + page *int64 + status *CourierMessageStatus + recipient *string +} + +func (r V0alpha2ApiApiAdminListCourierMessagesRequest) PerPage(perPage int64) V0alpha2ApiApiAdminListCourierMessagesRequest { + r.perPage = &perPage + return r +} +func (r V0alpha2ApiApiAdminListCourierMessagesRequest) Page(page int64) V0alpha2ApiApiAdminListCourierMessagesRequest { + r.page = &page + return r +} +func (r V0alpha2ApiApiAdminListCourierMessagesRequest) Status(status CourierMessageStatus) V0alpha2ApiApiAdminListCourierMessagesRequest { + r.status = &status + return r +} +func (r V0alpha2ApiApiAdminListCourierMessagesRequest) Recipient(recipient string) V0alpha2ApiApiAdminListCourierMessagesRequest { + r.recipient = &recipient + return r +} + +func (r V0alpha2ApiApiAdminListCourierMessagesRequest) Execute() ([]Message, *http.Response, error) { + return r.ApiService.AdminListCourierMessagesExecute(r) +} + +/* + * AdminListCourierMessages List Messages + * Lists all messages by given status and recipient. + * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + * @return V0alpha2ApiApiAdminListCourierMessagesRequest + */ +func (a *V0alpha2ApiService) AdminListCourierMessages(ctx context.Context) V0alpha2ApiApiAdminListCourierMessagesRequest { + return V0alpha2ApiApiAdminListCourierMessagesRequest{ + ApiService: a, + ctx: ctx, + } +} + +/* + * Execute executes the request + * @return []Message + */ +func (a *V0alpha2ApiService) AdminListCourierMessagesExecute(r V0alpha2ApiApiAdminListCourierMessagesRequest) ([]Message, *http.Response, error) { + var ( + localVarHTTPMethod = http.MethodGet + localVarPostBody interface{} + localVarFormFileName string + localVarFileName string + localVarFileBytes []byte + localVarReturnValue []Message + ) + + localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "V0alpha2ApiService.AdminListCourierMessages") + if err != nil { + return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()} + } + + localVarPath := localBasePath + "/admin/courier/messages" + + localVarHeaderParams := make(map[string]string) + localVarQueryParams := url.Values{} + localVarFormParams := url.Values{} + + if r.perPage != nil { + localVarQueryParams.Add("per_page", parameterToString(*r.perPage, "")) + } + if r.page != nil { + localVarQueryParams.Add("page", parameterToString(*r.page, "")) + } + if r.status != nil { + localVarQueryParams.Add("status", parameterToString(*r.status, "")) + } + if r.recipient != nil { + localVarQueryParams.Add("recipient", parameterToString(*r.recipient, "")) + } + // to determine the Content-Type header + localVarHTTPContentTypes := []string{} + + // set Content-Type header + localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes) + if localVarHTTPContentType != "" { + localVarHeaderParams["Content-Type"] = localVarHTTPContentType + } + + // to determine the Accept header + localVarHTTPHeaderAccepts := []string{"application/json"} + + // set Accept header + localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts) + if localVarHTTPHeaderAccept != "" { + localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept + } + req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, localVarFormFileName, localVarFileName, localVarFileBytes) + if err != nil { + return localVarReturnValue, nil, err + } + + localVarHTTPResponse, err := a.client.callAPI(req) + if err != nil || localVarHTTPResponse == nil { + return localVarReturnValue, localVarHTTPResponse, err + } + + localVarBody, err := io.ReadAll(localVarHTTPResponse.Body) + localVarHTTPResponse.Body.Close() + localVarHTTPResponse.Body = io.NopCloser(bytes.NewBuffer(localVarBody)) + if err != nil { + return localVarReturnValue, localVarHTTPResponse, err + } + + if localVarHTTPResponse.StatusCode >= 300 { + newErr := &GenericOpenAPIError{ + body: localVarBody, + error: localVarHTTPResponse.Status, + } + if localVarHTTPResponse.StatusCode == 400 { + var v JsonError + err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type")) + if err != nil { + newErr.error = err.Error() + return localVarReturnValue, localVarHTTPResponse, newErr + } + newErr.model = v + return localVarReturnValue, localVarHTTPResponse, newErr + } + if localVarHTTPResponse.StatusCode == 500 { + var v JsonError + err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type")) + if err != nil { + newErr.error = err.Error() + return localVarReturnValue, localVarHTTPResponse, newErr + } + newErr.model = v + } + return localVarReturnValue, localVarHTTPResponse, newErr + } + + err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type")) + if err != nil { + newErr := &GenericOpenAPIError{ + body: localVarBody, + error: err.Error(), + } + return localVarReturnValue, localVarHTTPResponse, newErr + } + + return localVarReturnValue, localVarHTTPResponse, nil +} + type V0alpha2ApiApiAdminListIdentitiesRequest struct { ctx context.Context ApiService V0alpha2Api @@ -2005,12 +2174,12 @@ func (r V0alpha2ApiApiAdminListIdentitiesRequest) Execute() ([]Identity, *http.R } /* - * AdminListIdentities # List Identities - * Lists all identities. Does not support search at the moment. + - AdminListIdentities List Identities + - Lists all identities. Does not support search at the moment. Learn how identities work in [Ory Kratos' User And Identity Model Documentation](https://www.ory.sh/docs/next/kratos/concepts/identity-user-model). - * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - * @return V0alpha2ApiApiAdminListIdentitiesRequest + - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + - @return V0alpha2ApiApiAdminListIdentitiesRequest */ func (a *V0alpha2ApiService) AdminListIdentities(ctx context.Context) V0alpha2ApiApiAdminListIdentitiesRequest { return V0alpha2ApiApiAdminListIdentitiesRequest{ @@ -2154,13 +2323,13 @@ func (r V0alpha2ApiApiAdminListIdentitySessionsRequest) Execute() ([]Session, *h } /* - * AdminListIdentitySessions This endpoint returns all sessions that belong to the given Identity. - * This endpoint is useful for: + - AdminListIdentitySessions This endpoint returns all sessions that belong to the given Identity. + - This endpoint is useful for: Listing all sessions that belong to an Identity in an administrative context. - * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - * @param id ID is the identity's ID. - * @return V0alpha2ApiApiAdminListIdentitySessionsRequest + - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + - @param id ID is the identity's ID. + - @return V0alpha2ApiApiAdminListIdentitySessionsRequest */ func (a *V0alpha2ApiService) AdminListIdentitySessions(ctx context.Context, id string) V0alpha2ApiApiAdminListIdentitySessionsRequest { return V0alpha2ApiApiAdminListIdentitySessionsRequest{ @@ -2329,13 +2498,13 @@ func (r V0alpha2ApiApiAdminPatchIdentityRequest) Execute() (*Identity, *http.Res } /* - * AdminPatchIdentity Partially updates an Identity's field using [JSON Patch](https://jsonpatch.com/) - * NOTE: The fields `id`, `stateChangedAt` and `credentials` are not updateable. + - AdminPatchIdentity Partially updates an Identity's field using [JSON Patch](https://jsonpatch.com/) + - NOTE: The fields `id`, `stateChangedAt` and `credentials` are not updateable. Learn how identities work in [Ory Kratos' User And Identity Model Documentation](https://www.ory.sh/docs/next/kratos/concepts/identity-user-model). - * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - * @param id ID must be set to the ID of identity you want to update - * @return V0alpha2ApiApiAdminPatchIdentityRequest + - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + - @param id ID must be set to the ID of identity you want to update + - @return V0alpha2ApiApiAdminPatchIdentityRequest */ func (a *V0alpha2ApiService) AdminPatchIdentity(ctx context.Context, id string) V0alpha2ApiApiAdminPatchIdentityRequest { return V0alpha2ApiApiAdminPatchIdentityRequest{ @@ -2497,13 +2666,13 @@ func (r V0alpha2ApiApiAdminUpdateIdentityRequest) Execute() (*Identity, *http.Re } /* - * AdminUpdateIdentity # Update an Identity - * This endpoint updates an identity. The full identity payload (except credentials) is expected. This endpoint does not support patching. + - AdminUpdateIdentity Update an Identity + - This endpoint updates an identity. The full identity payload (except credentials) is expected. This endpoint does not support patching. Learn how identities work in [Ory Kratos' User And Identity Model Documentation](https://www.ory.sh/docs/next/kratos/concepts/identity-user-model). - * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - * @param id ID must be set to the ID of identity you want to update - * @return V0alpha2ApiApiAdminUpdateIdentityRequest + - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + - @param id ID must be set to the ID of identity you want to update + - @return V0alpha2ApiApiAdminUpdateIdentityRequest */ func (a *V0alpha2ApiService) AdminUpdateIdentity(ctx context.Context, id string) V0alpha2ApiApiAdminUpdateIdentityRequest { return V0alpha2ApiApiAdminUpdateIdentityRequest{ @@ -2664,8 +2833,8 @@ func (r V0alpha2ApiApiCreateSelfServiceLogoutFlowUrlForBrowsersRequest) Execute( } /* - * CreateSelfServiceLogoutFlowUrlForBrowsers # Create a Logout URL for Browsers - * This endpoint initializes a browser-based user logout flow and a URL which can be used to log out the user. + - CreateSelfServiceLogoutFlowUrlForBrowsers Create a Logout URL for Browsers + - This endpoint initializes a browser-based user logout flow and a URL which can be used to log out the user. This endpoint is NOT INTENDED for API clients and only works with browsers (Chrome, Firefox, ...). For API clients you can @@ -2675,8 +2844,8 @@ The URL is only valid for the currently signed in user. If no user is signed in, a 401 error. When calling this endpoint from a backend, please ensure to properly forward the HTTP cookies. - * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - * @return V0alpha2ApiApiCreateSelfServiceLogoutFlowUrlForBrowsersRequest + - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + - @return V0alpha2ApiApiCreateSelfServiceLogoutFlowUrlForBrowsersRequest */ func (a *V0alpha2ApiService) CreateSelfServiceLogoutFlowUrlForBrowsers(ctx context.Context) V0alpha2ApiApiCreateSelfServiceLogoutFlowUrlForBrowsersRequest { return V0alpha2ApiApiCreateSelfServiceLogoutFlowUrlForBrowsersRequest{ @@ -2926,16 +3095,16 @@ func (r V0alpha2ApiApiGetSelfServiceErrorRequest) Execute() (*SelfServiceError, } /* - * GetSelfServiceError # Get Self-Service Errors - * This endpoint returns the error associated with a user-facing self service errors. + - GetSelfServiceError Get Self-Service Errors + - This endpoint returns the error associated with a user-facing self service errors. This endpoint supports stub values to help you implement the error UI: `?id=stub:500` - returns a stub 500 (Internal Server Error) error. More information can be found at [Ory Kratos User User Facing Error Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-facing-errors). - * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - * @return V0alpha2ApiApiGetSelfServiceErrorRequest + - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + - @return V0alpha2ApiApiGetSelfServiceErrorRequest */ func (a *V0alpha2ApiService) GetSelfServiceError(ctx context.Context) V0alpha2ApiApiGetSelfServiceErrorRequest { return V0alpha2ApiApiGetSelfServiceErrorRequest{ @@ -3077,8 +3246,8 @@ func (r V0alpha2ApiApiGetSelfServiceLoginFlowRequest) Execute() (*SelfServiceLog } /* - * GetSelfServiceLoginFlow # Get Login Flow - * This endpoint returns a login flow's context with, for example, error details and other information. + - GetSelfServiceLoginFlow Get Login Flow + - This endpoint returns a login flow's context with, for example, error details and other information. Browser flows expect the anti-CSRF cookie to be included in the request's HTTP Cookie Header. For AJAX requests you must ensure that cookies are included in the request or requests will fail. @@ -3101,8 +3270,8 @@ This request may fail due to several reasons. The `error.id` can be one of: `self_service_flow_expired`: The flow is expired and you should request a new one. More information can be found at [Ory Kratos User Login](https://www.ory.sh/docs/kratos/self-service/flows/user-login) and [User Registration Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-registration). - * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - * @return V0alpha2ApiApiGetSelfServiceLoginFlowRequest + - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + - @return V0alpha2ApiApiGetSelfServiceLoginFlowRequest */ func (a *V0alpha2ApiService) GetSelfServiceLoginFlow(ctx context.Context) V0alpha2ApiApiGetSelfServiceLoginFlowRequest { return V0alpha2ApiApiGetSelfServiceLoginFlowRequest{ @@ -3257,8 +3426,8 @@ func (r V0alpha2ApiApiGetSelfServiceRecoveryFlowRequest) Execute() (*SelfService } /* - * GetSelfServiceRecoveryFlow # Get Recovery Flow - * This endpoint returns a recovery flow's context with, for example, error details and other information. + - GetSelfServiceRecoveryFlow Get Recovery Flow + - This endpoint returns a recovery flow's context with, for example, error details and other information. Browser flows expect the anti-CSRF cookie to be included in the request's HTTP Cookie Header. For AJAX requests you must ensure that cookies are included in the request or requests will fail. @@ -3276,8 +3445,8 @@ res.render('recovery', flow) ``` More information can be found at [Ory Kratos Account Recovery Documentation](../self-service/flows/account-recovery). - * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - * @return V0alpha2ApiApiGetSelfServiceRecoveryFlowRequest + - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + - @return V0alpha2ApiApiGetSelfServiceRecoveryFlowRequest */ func (a *V0alpha2ApiService) GetSelfServiceRecoveryFlow(ctx context.Context) V0alpha2ApiApiGetSelfServiceRecoveryFlowRequest { return V0alpha2ApiApiGetSelfServiceRecoveryFlowRequest{ @@ -3422,8 +3591,8 @@ func (r V0alpha2ApiApiGetSelfServiceRegistrationFlowRequest) Execute() (*SelfSer } /* - * GetSelfServiceRegistrationFlow # Get Registration Flow - * This endpoint returns a registration flow's context with, for example, error details and other information. + - GetSelfServiceRegistrationFlow Get Registration Flow + - This endpoint returns a registration flow's context with, for example, error details and other information. Browser flows expect the anti-CSRF cookie to be included in the request's HTTP Cookie Header. For AJAX requests you must ensure that cookies are included in the request or requests will fail. @@ -3446,8 +3615,8 @@ This request may fail due to several reasons. The `error.id` can be one of: `self_service_flow_expired`: The flow is expired and you should request a new one. More information can be found at [Ory Kratos User Login](https://www.ory.sh/docs/kratos/self-service/flows/user-login) and [User Registration Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-registration). - * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - * @return V0alpha2ApiApiGetSelfServiceRegistrationFlowRequest + - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + - @return V0alpha2ApiApiGetSelfServiceRegistrationFlowRequest */ func (a *V0alpha2ApiService) GetSelfServiceRegistrationFlow(ctx context.Context) V0alpha2ApiApiGetSelfServiceRegistrationFlowRequest { return V0alpha2ApiApiGetSelfServiceRegistrationFlowRequest{ @@ -3607,8 +3776,9 @@ func (r V0alpha2ApiApiGetSelfServiceSettingsFlowRequest) Execute() (*SelfService } /* - * GetSelfServiceSettingsFlow # Get Settings Flow - * When accessing this endpoint through Ory Kratos' Public API you must ensure that either the Ory Kratos Session Cookie + - GetSelfServiceSettingsFlow Get Settings Flow + - When accessing this endpoint through Ory Kratos' Public API you must ensure that either the Ory Kratos Session Cookie + or the Ory Kratos Session Token are set. Depending on your configuration this endpoint might return a 403 error if the session has a lower Authenticator @@ -3627,8 +3797,8 @@ case of an error, the `error.id` of the JSON response body can be one of: identity logged in instead. More information can be found at [Ory Kratos User Settings & Profile Management Documentation](../self-service/flows/user-settings). - * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - * @return V0alpha2ApiApiGetSelfServiceSettingsFlowRequest + - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + - @return V0alpha2ApiApiGetSelfServiceSettingsFlowRequest */ func (a *V0alpha2ApiService) GetSelfServiceSettingsFlow(ctx context.Context) V0alpha2ApiApiGetSelfServiceSettingsFlowRequest { return V0alpha2ApiApiGetSelfServiceSettingsFlowRequest{ @@ -3796,8 +3966,8 @@ func (r V0alpha2ApiApiGetSelfServiceVerificationFlowRequest) Execute() (*SelfSer } /* - * GetSelfServiceVerificationFlow # Get Verification Flow - * This endpoint returns a verification flow's context with, for example, error details and other information. + - GetSelfServiceVerificationFlow Get Verification Flow + - This endpoint returns a verification flow's context with, for example, error details and other information. Browser flows expect the anti-CSRF cookie to be included in the request's HTTP Cookie Header. For AJAX requests you must ensure that cookies are included in the request or requests will fail. @@ -3814,8 +3984,8 @@ res.render('verification', flow) }) More information can be found at [Ory Kratos Email and Phone Verification Documentation](https://www.ory.sh/docs/kratos/selfservice/flows/verify-email-account-activation). - * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - * @return V0alpha2ApiApiGetSelfServiceVerificationFlowRequest + - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + - @return V0alpha2ApiApiGetSelfServiceVerificationFlowRequest */ func (a *V0alpha2ApiService) GetSelfServiceVerificationFlow(ctx context.Context) V0alpha2ApiApiGetSelfServiceVerificationFlowRequest { return V0alpha2ApiApiGetSelfServiceVerificationFlowRequest{ @@ -3949,8 +4119,8 @@ func (r V0alpha2ApiApiGetWebAuthnJavaScriptRequest) Execute() (string, *http.Res } /* - * GetWebAuthnJavaScript # Get WebAuthn JavaScript - * This endpoint provides JavaScript which is needed in order to perform WebAuthn login and registration. + - GetWebAuthnJavaScript Get WebAuthn JavaScript + - This endpoint provides JavaScript which is needed in order to perform WebAuthn login and registration. If you are building a JavaScript Browser App (e.g. in ReactJS or AngularJS) you will need to load this file: @@ -3959,8 +4129,8 @@ If you are building a JavaScript Browser App (e.g. in ReactJS or AngularJS) you ``` More information can be found at [Ory Kratos User Login](https://www.ory.sh/docs/kratos/self-service/flows/user-login) and [User Registration Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-registration). - * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - * @return V0alpha2ApiApiGetWebAuthnJavaScriptRequest + - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + - @return V0alpha2ApiApiGetWebAuthnJavaScriptRequest */ func (a *V0alpha2ApiService) GetWebAuthnJavaScript(ctx context.Context) V0alpha2ApiApiGetWebAuthnJavaScriptRequest { return V0alpha2ApiApiGetWebAuthnJavaScriptRequest{ @@ -4079,8 +4249,9 @@ func (r V0alpha2ApiApiInitializeSelfServiceLoginFlowForBrowsersRequest) Execute( } /* - * InitializeSelfServiceLoginFlowForBrowsers # Initialize Login Flow for Browsers - * This endpoint initializes a browser-based user login flow. This endpoint will set the appropriate + - InitializeSelfServiceLoginFlowForBrowsers Initialize Login Flow for Browsers + - This endpoint initializes a browser-based user login flow. This endpoint will set the appropriate + cookies and anti-CSRF measures required for browser-based flows. If this endpoint is opened as a link in the browser, it will be redirected to @@ -4099,8 +4270,8 @@ case of an error, the `error.id` of the JSON response body can be one of: This endpoint is NOT INTENDED for clients that do not have a browser (Chrome, Firefox, ...) as cookies are needed. More information can be found at [Ory Kratos User Login](https://www.ory.sh/docs/kratos/self-service/flows/user-login) and [User Registration Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-registration). - * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - * @return V0alpha2ApiApiInitializeSelfServiceLoginFlowForBrowsersRequest + - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + - @return V0alpha2ApiApiInitializeSelfServiceLoginFlowForBrowsersRequest */ func (a *V0alpha2ApiService) InitializeSelfServiceLoginFlowForBrowsers(ctx context.Context) V0alpha2ApiApiInitializeSelfServiceLoginFlowForBrowsersRequest { return V0alpha2ApiApiInitializeSelfServiceLoginFlowForBrowsersRequest{ @@ -4245,8 +4416,8 @@ func (r V0alpha2ApiApiInitializeSelfServiceLoginFlowWithoutBrowserRequest) Execu } /* - * InitializeSelfServiceLoginFlowWithoutBrowser Initialize Login Flow for APIs, Services, Apps, ... - * This endpoint initiates a login flow for API clients that do not use a browser, such as mobile devices, smart TVs, and so on. + - InitializeSelfServiceLoginFlowWithoutBrowser Initialize Login Flow for APIs, Services, Apps, ... + - This endpoint initiates a login flow for API clients that do not use a browser, such as mobile devices, smart TVs, and so on. If a valid provided session cookie or session token is provided, a 400 Bad Request error will be returned unless the URL query parameter `?refresh=true` is set. @@ -4266,8 +4437,8 @@ In the case of an error, the `error.id` of the JSON response body can be one of: This endpoint MUST ONLY be used in scenarios such as native mobile apps (React Native, Objective C, Swift, Java, ...). More information can be found at [Ory Kratos User Login](https://www.ory.sh/docs/kratos/self-service/flows/user-login) and [User Registration Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-registration). - * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - * @return V0alpha2ApiApiInitializeSelfServiceLoginFlowWithoutBrowserRequest + - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + - @return V0alpha2ApiApiInitializeSelfServiceLoginFlowWithoutBrowserRequest */ func (a *V0alpha2ApiService) InitializeSelfServiceLoginFlowWithoutBrowser(ctx context.Context) V0alpha2ApiApiInitializeSelfServiceLoginFlowWithoutBrowserRequest { return V0alpha2ApiApiInitializeSelfServiceLoginFlowWithoutBrowserRequest{ @@ -4399,8 +4570,9 @@ func (r V0alpha2ApiApiInitializeSelfServiceRecoveryFlowForBrowsersRequest) Execu } /* - * InitializeSelfServiceRecoveryFlowForBrowsers # Initialize Recovery Flow for Browsers - * This endpoint initializes a browser-based account recovery flow. Once initialized, the browser will be redirected to + - InitializeSelfServiceRecoveryFlowForBrowsers Initialize Recovery Flow for Browsers + - This endpoint initializes a browser-based account recovery flow. Once initialized, the browser will be redirected to + `selfservice.flows.recovery.ui_url` with the flow ID set as the query parameter `?flow=`. If a valid user session exists, the browser is returned to the configured return URL. @@ -4410,8 +4582,8 @@ or a 400 bad request error if the user is already authenticated. This endpoint is NOT INTENDED for clients that do not have a browser (Chrome, Firefox, ...) as cookies are needed. More information can be found at [Ory Kratos Account Recovery Documentation](../self-service/flows/account-recovery). - * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - * @return V0alpha2ApiApiInitializeSelfServiceRecoveryFlowForBrowsersRequest + - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + - @return V0alpha2ApiApiInitializeSelfServiceRecoveryFlowForBrowsersRequest */ func (a *V0alpha2ApiService) InitializeSelfServiceRecoveryFlowForBrowsers(ctx context.Context) V0alpha2ApiApiInitializeSelfServiceRecoveryFlowForBrowsersRequest { return V0alpha2ApiApiInitializeSelfServiceRecoveryFlowForBrowsersRequest{ @@ -4531,8 +4703,8 @@ func (r V0alpha2ApiApiInitializeSelfServiceRecoveryFlowWithoutBrowserRequest) Ex } /* - * InitializeSelfServiceRecoveryFlowWithoutBrowser Initialize Recovery Flow for APIs, Services, Apps, ... - * This endpoint initiates a recovery flow for API clients such as mobile devices, smart TVs, and so on. + - InitializeSelfServiceRecoveryFlowWithoutBrowser Initialize Recovery Flow for APIs, Services, Apps, ... + - This endpoint initiates a recovery flow for API clients such as mobile devices, smart TVs, and so on. If a valid provided session cookie or session token is provided, a 400 Bad Request error. @@ -4545,8 +4717,8 @@ you vulnerable to a variety of CSRF attacks. This endpoint MUST ONLY be used in scenarios such as native mobile apps (React Native, Objective C, Swift, Java, ...). More information can be found at [Ory Kratos Account Recovery Documentation](../self-service/flows/account-recovery). - * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - * @return V0alpha2ApiApiInitializeSelfServiceRecoveryFlowWithoutBrowserRequest + - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + - @return V0alpha2ApiApiInitializeSelfServiceRecoveryFlowWithoutBrowserRequest */ func (a *V0alpha2ApiService) InitializeSelfServiceRecoveryFlowWithoutBrowser(ctx context.Context) V0alpha2ApiApiInitializeSelfServiceRecoveryFlowWithoutBrowserRequest { return V0alpha2ApiApiInitializeSelfServiceRecoveryFlowWithoutBrowserRequest{ @@ -4669,8 +4841,9 @@ func (r V0alpha2ApiApiInitializeSelfServiceRegistrationFlowForBrowsersRequest) E } /* - * InitializeSelfServiceRegistrationFlowForBrowsers # Initialize Registration Flow for Browsers - * This endpoint initializes a browser-based user registration flow. This endpoint will set the appropriate + - InitializeSelfServiceRegistrationFlowForBrowsers Initialize Registration Flow for Browsers + - This endpoint initializes a browser-based user registration flow. This endpoint will set the appropriate + cookies and anti-CSRF measures required for browser-based flows. :::info @@ -4695,8 +4868,8 @@ If this endpoint is called via an AJAX request, the response contains the regist This endpoint is NOT INTENDED for clients that do not have a browser (Chrome, Firefox, ...) as cookies are needed. More information can be found at [Ory Kratos User Login](https://www.ory.sh/docs/kratos/self-service/flows/user-login) and [User Registration Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-registration). - * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - * @return V0alpha2ApiApiInitializeSelfServiceRegistrationFlowForBrowsersRequest + - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + - @return V0alpha2ApiApiInitializeSelfServiceRegistrationFlowForBrowsersRequest */ func (a *V0alpha2ApiService) InitializeSelfServiceRegistrationFlowForBrowsers(ctx context.Context) V0alpha2ApiApiInitializeSelfServiceRegistrationFlowForBrowsersRequest { return V0alpha2ApiApiInitializeSelfServiceRegistrationFlowForBrowsersRequest{ @@ -4806,8 +4979,8 @@ func (r V0alpha2ApiApiInitializeSelfServiceRegistrationFlowWithoutBrowserRequest } /* - * InitializeSelfServiceRegistrationFlowWithoutBrowser Initialize Registration Flow for APIs, Services, Apps, ... - * This endpoint initiates a registration flow for API clients such as mobile devices, smart TVs, and so on. + - InitializeSelfServiceRegistrationFlowWithoutBrowser Initialize Registration Flow for APIs, Services, Apps, ... + - This endpoint initiates a registration flow for API clients such as mobile devices, smart TVs, and so on. If a valid provided session cookie or session token is provided, a 400 Bad Request error will be returned unless the URL query parameter `?refresh=true` is set. @@ -4826,8 +4999,8 @@ In the case of an error, the `error.id` of the JSON response body can be one of: This endpoint MUST ONLY be used in scenarios such as native mobile apps (React Native, Objective C, Swift, Java, ...). More information can be found at [Ory Kratos User Login](https://www.ory.sh/docs/kratos/self-service/flows/user-login) and [User Registration Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-registration). - * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - * @return V0alpha2ApiApiInitializeSelfServiceRegistrationFlowWithoutBrowserRequest + - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + - @return V0alpha2ApiApiInitializeSelfServiceRegistrationFlowWithoutBrowserRequest */ func (a *V0alpha2ApiService) InitializeSelfServiceRegistrationFlowWithoutBrowser(ctx context.Context) V0alpha2ApiApiInitializeSelfServiceRegistrationFlowWithoutBrowserRequest { return V0alpha2ApiApiInitializeSelfServiceRegistrationFlowWithoutBrowserRequest{ @@ -4955,8 +5128,9 @@ func (r V0alpha2ApiApiInitializeSelfServiceSettingsFlowForBrowsersRequest) Execu } /* - * InitializeSelfServiceSettingsFlowForBrowsers # Initialize Settings Flow for Browsers - * This endpoint initializes a browser-based user settings flow. Once initialized, the browser will be redirected to + - InitializeSelfServiceSettingsFlowForBrowsers Initialize Settings Flow for Browsers + - This endpoint initializes a browser-based user settings flow. Once initialized, the browser will be redirected to + `selfservice.flows.settings.ui_url` with the flow ID set as the query parameter `?flow=`. If no valid Ory Kratos Session Cookie is included in the request, a login flow will be initialized. @@ -4982,8 +5156,8 @@ case of an error, the `error.id` of the JSON response body can be one of: This endpoint is NOT INTENDED for clients that do not have a browser (Chrome, Firefox, ...) as cookies are needed. More information can be found at [Ory Kratos User Settings & Profile Management Documentation](../self-service/flows/user-settings). - * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - * @return V0alpha2ApiApiInitializeSelfServiceSettingsFlowForBrowsersRequest + - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + - @return V0alpha2ApiApiInitializeSelfServiceSettingsFlowForBrowsersRequest */ func (a *V0alpha2ApiService) InitializeSelfServiceSettingsFlowForBrowsers(ctx context.Context) V0alpha2ApiApiInitializeSelfServiceSettingsFlowForBrowsersRequest { return V0alpha2ApiApiInitializeSelfServiceSettingsFlowForBrowsersRequest{ @@ -5132,8 +5306,9 @@ func (r V0alpha2ApiApiInitializeSelfServiceSettingsFlowWithoutBrowserRequest) Ex } /* - * InitializeSelfServiceSettingsFlowWithoutBrowser Initialize Settings Flow for APIs, Services, Apps, ... - * This endpoint initiates a settings flow for API clients such as mobile devices, smart TVs, and so on. + - InitializeSelfServiceSettingsFlowWithoutBrowser Initialize Settings Flow for APIs, Services, Apps, ... + - This endpoint initiates a settings flow for API clients such as mobile devices, smart TVs, and so on. + You must provide a valid Ory Kratos Session Token for this endpoint to respond with HTTP 200 OK. To fetch an existing settings flow call `/self-service/settings/flows?flow=`. @@ -5155,8 +5330,8 @@ In the case of an error, the `error.id` of the JSON response body can be one of: This endpoint MUST ONLY be used in scenarios such as native mobile apps (React Native, Objective C, Swift, Java, ...). More information can be found at [Ory Kratos User Settings & Profile Management Documentation](../self-service/flows/user-settings). - * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - * @return V0alpha2ApiApiInitializeSelfServiceSettingsFlowWithoutBrowserRequest + - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + - @return V0alpha2ApiApiInitializeSelfServiceSettingsFlowWithoutBrowserRequest */ func (a *V0alpha2ApiService) InitializeSelfServiceSettingsFlowWithoutBrowser(ctx context.Context) V0alpha2ApiApiInitializeSelfServiceSettingsFlowWithoutBrowserRequest { return V0alpha2ApiApiInitializeSelfServiceSettingsFlowWithoutBrowserRequest{ @@ -5282,8 +5457,9 @@ func (r V0alpha2ApiApiInitializeSelfServiceVerificationFlowForBrowsersRequest) E } /* - * InitializeSelfServiceVerificationFlowForBrowsers # Initialize Verification Flow for Browser Clients - * This endpoint initializes a browser-based account verification flow. Once initialized, the browser will be redirected to + - InitializeSelfServiceVerificationFlowForBrowsers Initialize Verification Flow for Browser Clients + - This endpoint initializes a browser-based account verification flow. Once initialized, the browser will be redirected to + `selfservice.flows.verification.ui_url` with the flow ID set as the query parameter `?flow=`. If this endpoint is called via an AJAX request, the response contains the recovery flow without any redirects. @@ -5291,8 +5467,8 @@ If this endpoint is called via an AJAX request, the response contains the recove This endpoint is NOT INTENDED for API clients and only works with browsers (Chrome, Firefox, ...). More information can be found at [Ory Kratos Email and Phone Verification Documentation](https://www.ory.sh/docs/kratos/selfservice/flows/verify-email-account-activation). - * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - * @return V0alpha2ApiApiInitializeSelfServiceVerificationFlowForBrowsersRequest + - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + - @return V0alpha2ApiApiInitializeSelfServiceVerificationFlowForBrowsersRequest */ func (a *V0alpha2ApiService) InitializeSelfServiceVerificationFlowForBrowsers(ctx context.Context) V0alpha2ApiApiInitializeSelfServiceVerificationFlowForBrowsersRequest { return V0alpha2ApiApiInitializeSelfServiceVerificationFlowForBrowsersRequest{ @@ -5402,8 +5578,8 @@ func (r V0alpha2ApiApiInitializeSelfServiceVerificationFlowWithoutBrowserRequest } /* - * InitializeSelfServiceVerificationFlowWithoutBrowser Initialize Verification Flow for APIs, Services, Apps, ... - * This endpoint initiates a verification flow for API clients such as mobile devices, smart TVs, and so on. + - InitializeSelfServiceVerificationFlowWithoutBrowser Initialize Verification Flow for APIs, Services, Apps, ... + - This endpoint initiates a verification flow for API clients such as mobile devices, smart TVs, and so on. To fetch an existing verification flow call `/self-service/verification/flows?flow=`. @@ -5414,8 +5590,8 @@ you vulnerable to a variety of CSRF attacks. This endpoint MUST ONLY be used in scenarios such as native mobile apps (React Native, Objective C, Swift, Java, ...). More information can be found at [Ory Kratos Email and Phone Verification Documentation](https://www.ory.sh/docs/kratos/self-service/flows/verify-email-account-activation). - * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - * @return V0alpha2ApiApiInitializeSelfServiceVerificationFlowWithoutBrowserRequest + - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + - @return V0alpha2ApiApiInitializeSelfServiceVerificationFlowWithoutBrowserRequest */ func (a *V0alpha2ApiService) InitializeSelfServiceVerificationFlowWithoutBrowser(ctx context.Context) V0alpha2ApiApiInitializeSelfServiceVerificationFlowWithoutBrowserRequest { return V0alpha2ApiApiInitializeSelfServiceVerificationFlowWithoutBrowserRequest{ @@ -5680,12 +5856,12 @@ func (r V0alpha2ApiApiListSessionsRequest) Execute() ([]Session, *http.Response, } /* - * ListSessions This endpoints returns all other active sessions that belong to the logged-in user. The current session can be retrieved by calling the `/sessions/whoami` endpoint. - * This endpoint is useful for: + - ListSessions This endpoints returns all other active sessions that belong to the logged-in user. The current session can be retrieved by calling the `/sessions/whoami` endpoint. + - This endpoint is useful for: Displaying all other sessions that belong to the logged-in user - * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - * @return V0alpha2ApiApiListSessionsRequest + - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + - @return V0alpha2ApiApiListSessionsRequest */ func (a *V0alpha2ApiService) ListSessions(ctx context.Context) V0alpha2ApiApiListSessionsRequest { return V0alpha2ApiApiListSessionsRequest{ @@ -5835,13 +6011,13 @@ func (r V0alpha2ApiApiRevokeSessionRequest) Execute() (*http.Response, error) { } /* - * RevokeSession Calling this endpoint invalidates the specified session. The current session cannot be revoked. Session data are not deleted. - * This endpoint is useful for: + - RevokeSession Calling this endpoint invalidates the specified session. The current session cannot be revoked. Session data are not deleted. + - This endpoint is useful for: To forcefully logout the current user from another device or session - * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - * @param id ID is the session's ID. - * @return V0alpha2ApiApiRevokeSessionRequest + - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + - @param id ID is the session's ID. + - @return V0alpha2ApiApiRevokeSessionRequest */ func (a *V0alpha2ApiService) RevokeSession(ctx context.Context, id string) V0alpha2ApiApiRevokeSessionRequest { return V0alpha2ApiApiRevokeSessionRequest{ @@ -5970,12 +6146,12 @@ func (r V0alpha2ApiApiRevokeSessionsRequest) Execute() (*RevokedSessions, *http. } /* - * RevokeSessions Calling this endpoint invalidates all except the current session that belong to the logged-in user. Session data are not deleted. - * This endpoint is useful for: + - RevokeSessions Calling this endpoint invalidates all except the current session that belong to the logged-in user. Session data are not deleted. + - This endpoint is useful for: To forcefully logout the current user from all other devices and sessions - * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - * @return V0alpha2ApiApiRevokeSessionsRequest + - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + - @return V0alpha2ApiApiRevokeSessionsRequest */ func (a *V0alpha2ApiService) RevokeSessions(ctx context.Context) V0alpha2ApiApiRevokeSessionsRequest { return V0alpha2ApiApiRevokeSessionsRequest{ @@ -6139,8 +6315,8 @@ func (r V0alpha2ApiApiSubmitSelfServiceLoginFlowRequest) Execute() (*SuccessfulS } /* - * SubmitSelfServiceLoginFlow # Submit a Login Flow - * :::info + - SubmitSelfServiceLoginFlow Submit a Login Flow + - :::info This endpoint is EXPERIMENTAL and subject to potential breaking changes in the future. @@ -6173,8 +6349,8 @@ case of an error, the `error.id` of the JSON response body can be one of: Most likely used in Social Sign In flows. More information can be found at [Ory Kratos User Login](https://www.ory.sh/docs/kratos/self-service/flows/user-login) and [User Registration Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-registration). - * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - * @return V0alpha2ApiApiSubmitSelfServiceLoginFlowRequest + - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + - @return V0alpha2ApiApiSubmitSelfServiceLoginFlowRequest */ func (a *V0alpha2ApiService) SubmitSelfServiceLoginFlow(ctx context.Context) V0alpha2ApiApiSubmitSelfServiceLoginFlowRequest { return V0alpha2ApiApiSubmitSelfServiceLoginFlowRequest{ @@ -6337,8 +6513,8 @@ func (r V0alpha2ApiApiSubmitSelfServiceLogoutFlowRequest) Execute() (*http.Respo } /* - * SubmitSelfServiceLogoutFlow # Complete Self-Service Logout - * This endpoint logs out an identity in a self-service manner. + - SubmitSelfServiceLogoutFlow Complete Self-Service Logout + - This endpoint logs out an identity in a self-service manner. If the `Accept` HTTP header is not set to `application/json`, the browser will be redirected (HTTP 303 See Other) to the `return_to` parameter of the initial request or fall back to `urls.default_return_to`. @@ -6351,8 +6527,8 @@ with browsers (Chrome, Firefox, ...). For API clients you can call the `/self-service/logout/api` URL directly with the Ory Session Token. More information can be found at [Ory Kratos User Logout Documentation](https://www.ory.sh/docs/next/kratos/self-service/flows/user-logout). - * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - * @return V0alpha2ApiApiSubmitSelfServiceLogoutFlowRequest + - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + - @return V0alpha2ApiApiSubmitSelfServiceLogoutFlowRequest */ func (a *V0alpha2ApiService) SubmitSelfServiceLogoutFlow(ctx context.Context) V0alpha2ApiApiSubmitSelfServiceLogoutFlowRequest { return V0alpha2ApiApiSubmitSelfServiceLogoutFlowRequest{ @@ -6460,8 +6636,9 @@ func (r V0alpha2ApiApiSubmitSelfServiceLogoutFlowWithoutBrowserRequest) Execute( } /* - * SubmitSelfServiceLogoutFlowWithoutBrowser Perform Logout for APIs, Services, Apps, ... - * Use this endpoint to log out an identity using an Ory Session Token. If the Ory Session Token was successfully + - SubmitSelfServiceLogoutFlowWithoutBrowser Perform Logout for APIs, Services, Apps, ... + - Use this endpoint to log out an identity using an Ory Session Token. If the Ory Session Token was successfully + revoked, the server returns a 204 No Content response. A 204 No Content response is also sent when the Ory Session Token has been revoked already before. @@ -6469,8 +6646,8 @@ If the Ory Session Token is malformed or does not exist a 403 Forbidden response This endpoint does not remove any HTTP Cookies - use the Browser-Based Self-Service Logout Flow instead. - * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - * @return V0alpha2ApiApiSubmitSelfServiceLogoutFlowWithoutBrowserRequest + - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + - @return V0alpha2ApiApiSubmitSelfServiceLogoutFlowWithoutBrowserRequest */ func (a *V0alpha2ApiService) SubmitSelfServiceLogoutFlowWithoutBrowser(ctx context.Context) V0alpha2ApiApiSubmitSelfServiceLogoutFlowWithoutBrowserRequest { return V0alpha2ApiApiSubmitSelfServiceLogoutFlowWithoutBrowserRequest{ @@ -6602,8 +6779,9 @@ func (r V0alpha2ApiApiSubmitSelfServiceRecoveryFlowRequest) Execute() (*SelfServ } /* - * SubmitSelfServiceRecoveryFlow # Complete Recovery Flow - * Use this endpoint to complete a recovery flow. This endpoint + - SubmitSelfServiceRecoveryFlow Complete Recovery Flow + - Use this endpoint to complete a recovery flow. This endpoint + behaves differently for API and browser flows and has several states: `choose_method` expects `flow` (in the URL query) and `email` (in the body) to be sent @@ -6619,8 +6797,8 @@ does not have any API capabilities. The server responds with a HTTP 303 See Othe a new Recovery Flow ID which contains an error message that the recovery link was invalid. More information can be found at [Ory Kratos Account Recovery Documentation](../self-service/flows/account-recovery). - * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - * @return V0alpha2ApiApiSubmitSelfServiceRecoveryFlowRequest + - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + - @return V0alpha2ApiApiSubmitSelfServiceRecoveryFlowRequest */ func (a *V0alpha2ApiService) SubmitSelfServiceRecoveryFlow(ctx context.Context) V0alpha2ApiApiSubmitSelfServiceRecoveryFlowRequest { return V0alpha2ApiApiSubmitSelfServiceRecoveryFlowRequest{ @@ -6778,8 +6956,9 @@ func (r V0alpha2ApiApiSubmitSelfServiceRegistrationFlowRequest) Execute() (*Succ } /* - * SubmitSelfServiceRegistrationFlow # Submit a Registration Flow - * Use this endpoint to complete a registration flow by sending an identity's traits and password. This endpoint + - SubmitSelfServiceRegistrationFlow Submit a Registration Flow + - Use this endpoint to complete a registration flow by sending an identity's traits and password. This endpoint + behaves differently for API and browser flows. API flows expect `application/json` to be sent in the body and respond with @@ -6807,8 +6986,8 @@ case of an error, the `error.id` of the JSON response body can be one of: Most likely used in Social Sign In flows. More information can be found at [Ory Kratos User Login](https://www.ory.sh/docs/kratos/self-service/flows/user-login) and [User Registration Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-registration). - * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - * @return V0alpha2ApiApiSubmitSelfServiceRegistrationFlowRequest + - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + - @return V0alpha2ApiApiSubmitSelfServiceRegistrationFlowRequest */ func (a *V0alpha2ApiService) SubmitSelfServiceRegistrationFlow(ctx context.Context) V0alpha2ApiApiSubmitSelfServiceRegistrationFlowRequest { return V0alpha2ApiApiSubmitSelfServiceRegistrationFlowRequest{ @@ -6978,8 +7157,9 @@ func (r V0alpha2ApiApiSubmitSelfServiceSettingsFlowRequest) Execute() (*SelfServ } /* - * SubmitSelfServiceSettingsFlow # Complete Settings Flow - * Use this endpoint to complete a settings flow by sending an identity's updated password. This endpoint + - SubmitSelfServiceSettingsFlow Complete Settings Flow + - Use this endpoint to complete a settings flow by sending an identity's updated password. This endpoint + behaves differently for API and browser flows. API-initiated flows expect `application/json` to be sent in the body and respond with @@ -7022,8 +7202,8 @@ identity logged in instead. Most likely used in Social Sign In flows. More information can be found at [Ory Kratos User Settings & Profile Management Documentation](../self-service/flows/user-settings). - * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - * @return V0alpha2ApiApiSubmitSelfServiceSettingsFlowRequest + - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + - @return V0alpha2ApiApiSubmitSelfServiceSettingsFlowRequest */ func (a *V0alpha2ApiService) SubmitSelfServiceSettingsFlow(ctx context.Context) V0alpha2ApiApiSubmitSelfServiceSettingsFlowRequest { return V0alpha2ApiApiSubmitSelfServiceSettingsFlowRequest{ @@ -7216,8 +7396,9 @@ func (r V0alpha2ApiApiSubmitSelfServiceVerificationFlowRequest) Execute() (*Self } /* - * SubmitSelfServiceVerificationFlow # Complete Verification Flow - * Use this endpoint to complete a verification flow. This endpoint + - SubmitSelfServiceVerificationFlow Complete Verification Flow + - Use this endpoint to complete a verification flow. This endpoint + behaves differently for API and browser flows and has several states: `choose_method` expects `flow` (in the URL query) and `email` (in the body) to be sent @@ -7233,8 +7414,8 @@ does not have any API capabilities. The server responds with a HTTP 303 See Othe a new Verification Flow ID which contains an error message that the verification link was invalid. More information can be found at [Ory Kratos Email and Phone Verification Documentation](https://www.ory.sh/docs/kratos/selfservice/flows/verify-email-account-activation). - * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - * @return V0alpha2ApiApiSubmitSelfServiceVerificationFlowRequest + - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + - @return V0alpha2ApiApiSubmitSelfServiceVerificationFlowRequest */ func (a *V0alpha2ApiService) SubmitSelfServiceVerificationFlow(ctx context.Context) V0alpha2ApiApiSubmitSelfServiceVerificationFlowRequest { return V0alpha2ApiApiSubmitSelfServiceVerificationFlowRequest{ @@ -7387,8 +7568,9 @@ func (r V0alpha2ApiApiToSessionRequest) Execute() (*Session, *http.Response, err } /* - * ToSession # Check Who the Current HTTP Session Belongs To - * Uses the HTTP Headers in the GET request to determine (e.g. by using checking the cookies) who is authenticated. + - ToSession Check Who the Current HTTP Session Belongs To + - Uses the HTTP Headers in the GET request to determine (e.g. by using checking the cookies) who is authenticated. + Returns a session object in the body or 401 if the credentials are invalid or no credentials were sent. Additionally when the request it successful it adds the user ID to the 'X-Kratos-Authenticated-Identity-Id' header in the response. @@ -7437,8 +7619,8 @@ As explained above, this request may fail due to several reasons. The `error.id` `session_inactive`: No active session was found in the request (e.g. no Ory Session Cookie / Ory Session Token). `session_aal2_required`: An active session was found but it does not fulfil the Authenticator Assurance Level, implying that the session must (e.g.) authenticate the second factor. - * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - * @return V0alpha2ApiApiToSessionRequest + - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + - @return V0alpha2ApiApiToSessionRequest */ func (a *V0alpha2ApiService) ToSession(ctx context.Context) V0alpha2ApiApiToSessionRequest { return V0alpha2ApiApiToSessionRequest{ diff --git a/internal/httpclient/docs/CourierMessageStatus.md b/internal/httpclient/docs/CourierMessageStatus.md new file mode 100644 index 000000000000..1ba53d9ff474 --- /dev/null +++ b/internal/httpclient/docs/CourierMessageStatus.md @@ -0,0 +1,17 @@ +# CourierMessageStatus + +## Enum + + +* `QUEUED` (value: `"queued"`) + +* `SENT` (value: `"sent"`) + +* `PROCESSING` (value: `"processing"`) + +* `ABANDONED` (value: `"abandoned"`) + + +[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md) + + diff --git a/internal/httpclient/docs/CourierMessageType.md b/internal/httpclient/docs/CourierMessageType.md new file mode 100644 index 000000000000..729d6b893e94 --- /dev/null +++ b/internal/httpclient/docs/CourierMessageType.md @@ -0,0 +1,13 @@ +# CourierMessageType + +## Enum + + +* `EMAIL` (value: `"email"`) + +* `PHONE` (value: `"phone"`) + + +[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md) + + diff --git a/internal/httpclient/docs/Message.md b/internal/httpclient/docs/Message.md new file mode 100644 index 000000000000..6fc7a087c455 --- /dev/null +++ b/internal/httpclient/docs/Message.md @@ -0,0 +1,290 @@ +# Message + +## Properties + +Name | Type | Description | Notes +------------ | ------------- | ------------- | ------------- +**Body** | Pointer to **string** | | [optional] +**CreatedAt** | Pointer to **time.Time** | CreatedAt is a helper struct field for gobuffalo.pop. | [optional] +**Id** | Pointer to **string** | | [optional] +**Recipient** | Pointer to **string** | | [optional] +**SendCount** | Pointer to **int64** | | [optional] +**Status** | Pointer to [**CourierMessageStatus**](CourierMessageStatus.md) | | [optional] +**Subject** | Pointer to **string** | | [optional] +**TemplateType** | Pointer to **string** | | [optional] +**Type** | Pointer to [**CourierMessageType**](CourierMessageType.md) | | [optional] +**UpdatedAt** | Pointer to **time.Time** | UpdatedAt is a helper struct field for gobuffalo.pop. | [optional] + +## Methods + +### NewMessage + +`func NewMessage() *Message` + +NewMessage instantiates a new Message object +This constructor will assign default values to properties that have it defined, +and makes sure properties required by API are set, but the set of arguments +will change when the set of required properties is changed + +### NewMessageWithDefaults + +`func NewMessageWithDefaults() *Message` + +NewMessageWithDefaults instantiates a new Message object +This constructor will only assign default values to properties that have it defined, +but it doesn't guarantee that properties required by API are set + +### GetBody + +`func (o *Message) GetBody() string` + +GetBody returns the Body field if non-nil, zero value otherwise. + +### GetBodyOk + +`func (o *Message) GetBodyOk() (*string, bool)` + +GetBodyOk returns a tuple with the Body field if it's non-nil, zero value otherwise +and a boolean to check if the value has been set. + +### SetBody + +`func (o *Message) SetBody(v string)` + +SetBody sets Body field to given value. + +### HasBody + +`func (o *Message) HasBody() bool` + +HasBody returns a boolean if a field has been set. + +### GetCreatedAt + +`func (o *Message) GetCreatedAt() time.Time` + +GetCreatedAt returns the CreatedAt field if non-nil, zero value otherwise. + +### GetCreatedAtOk + +`func (o *Message) GetCreatedAtOk() (*time.Time, bool)` + +GetCreatedAtOk returns a tuple with the CreatedAt field if it's non-nil, zero value otherwise +and a boolean to check if the value has been set. + +### SetCreatedAt + +`func (o *Message) SetCreatedAt(v time.Time)` + +SetCreatedAt sets CreatedAt field to given value. + +### HasCreatedAt + +`func (o *Message) HasCreatedAt() bool` + +HasCreatedAt returns a boolean if a field has been set. + +### GetId + +`func (o *Message) GetId() string` + +GetId returns the Id field if non-nil, zero value otherwise. + +### GetIdOk + +`func (o *Message) GetIdOk() (*string, bool)` + +GetIdOk returns a tuple with the Id field if it's non-nil, zero value otherwise +and a boolean to check if the value has been set. + +### SetId + +`func (o *Message) SetId(v string)` + +SetId sets Id field to given value. + +### HasId + +`func (o *Message) HasId() bool` + +HasId returns a boolean if a field has been set. + +### GetRecipient + +`func (o *Message) GetRecipient() string` + +GetRecipient returns the Recipient field if non-nil, zero value otherwise. + +### GetRecipientOk + +`func (o *Message) GetRecipientOk() (*string, bool)` + +GetRecipientOk returns a tuple with the Recipient field if it's non-nil, zero value otherwise +and a boolean to check if the value has been set. + +### SetRecipient + +`func (o *Message) SetRecipient(v string)` + +SetRecipient sets Recipient field to given value. + +### HasRecipient + +`func (o *Message) HasRecipient() bool` + +HasRecipient returns a boolean if a field has been set. + +### GetSendCount + +`func (o *Message) GetSendCount() int64` + +GetSendCount returns the SendCount field if non-nil, zero value otherwise. + +### GetSendCountOk + +`func (o *Message) GetSendCountOk() (*int64, bool)` + +GetSendCountOk returns a tuple with the SendCount field if it's non-nil, zero value otherwise +and a boolean to check if the value has been set. + +### SetSendCount + +`func (o *Message) SetSendCount(v int64)` + +SetSendCount sets SendCount field to given value. + +### HasSendCount + +`func (o *Message) HasSendCount() bool` + +HasSendCount returns a boolean if a field has been set. + +### GetStatus + +`func (o *Message) GetStatus() CourierMessageStatus` + +GetStatus returns the Status field if non-nil, zero value otherwise. + +### GetStatusOk + +`func (o *Message) GetStatusOk() (*CourierMessageStatus, bool)` + +GetStatusOk returns a tuple with the Status field if it's non-nil, zero value otherwise +and a boolean to check if the value has been set. + +### SetStatus + +`func (o *Message) SetStatus(v CourierMessageStatus)` + +SetStatus sets Status field to given value. + +### HasStatus + +`func (o *Message) HasStatus() bool` + +HasStatus returns a boolean if a field has been set. + +### GetSubject + +`func (o *Message) GetSubject() string` + +GetSubject returns the Subject field if non-nil, zero value otherwise. + +### GetSubjectOk + +`func (o *Message) GetSubjectOk() (*string, bool)` + +GetSubjectOk returns a tuple with the Subject field if it's non-nil, zero value otherwise +and a boolean to check if the value has been set. + +### SetSubject + +`func (o *Message) SetSubject(v string)` + +SetSubject sets Subject field to given value. + +### HasSubject + +`func (o *Message) HasSubject() bool` + +HasSubject returns a boolean if a field has been set. + +### GetTemplateType + +`func (o *Message) GetTemplateType() string` + +GetTemplateType returns the TemplateType field if non-nil, zero value otherwise. + +### GetTemplateTypeOk + +`func (o *Message) GetTemplateTypeOk() (*string, bool)` + +GetTemplateTypeOk returns a tuple with the TemplateType field if it's non-nil, zero value otherwise +and a boolean to check if the value has been set. + +### SetTemplateType + +`func (o *Message) SetTemplateType(v string)` + +SetTemplateType sets TemplateType field to given value. + +### HasTemplateType + +`func (o *Message) HasTemplateType() bool` + +HasTemplateType returns a boolean if a field has been set. + +### GetType + +`func (o *Message) GetType() CourierMessageType` + +GetType returns the Type field if non-nil, zero value otherwise. + +### GetTypeOk + +`func (o *Message) GetTypeOk() (*CourierMessageType, bool)` + +GetTypeOk returns a tuple with the Type field if it's non-nil, zero value otherwise +and a boolean to check if the value has been set. + +### SetType + +`func (o *Message) SetType(v CourierMessageType)` + +SetType sets Type field to given value. + +### HasType + +`func (o *Message) HasType() bool` + +HasType returns a boolean if a field has been set. + +### GetUpdatedAt + +`func (o *Message) GetUpdatedAt() time.Time` + +GetUpdatedAt returns the UpdatedAt field if non-nil, zero value otherwise. + +### GetUpdatedAtOk + +`func (o *Message) GetUpdatedAtOk() (*time.Time, bool)` + +GetUpdatedAtOk returns a tuple with the UpdatedAt field if it's non-nil, zero value otherwise +and a boolean to check if the value has been set. + +### SetUpdatedAt + +`func (o *Message) SetUpdatedAt(v time.Time)` + +SetUpdatedAt sets UpdatedAt field to given value. + +### HasUpdatedAt + +`func (o *Message) HasUpdatedAt() bool` + +HasUpdatedAt returns a boolean if a field has been set. + + +[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md) + + diff --git a/internal/httpclient/docs/V0alpha2Api.md b/internal/httpclient/docs/V0alpha2Api.md index 330f54d9f483..52ccd5b4d10f 100644 --- a/internal/httpclient/docs/V0alpha2Api.md +++ b/internal/httpclient/docs/V0alpha2Api.md @@ -4,47 +4,48 @@ All URIs are relative to *http://localhost* Method | HTTP request | Description ------------- | ------------- | ------------- -[**AdminCreateIdentity**](V0alpha2Api.md#AdminCreateIdentity) | **Post** /admin/identities | # Create an Identity -[**AdminCreateSelfServiceRecoveryLink**](V0alpha2Api.md#AdminCreateSelfServiceRecoveryLink) | **Post** /admin/recovery/link | # Create a Recovery Link -[**AdminDeleteIdentity**](V0alpha2Api.md#AdminDeleteIdentity) | **Delete** /admin/identities/{id} | # Delete an Identity +[**AdminCreateIdentity**](V0alpha2Api.md#AdminCreateIdentity) | **Post** /admin/identities | Create an Identity +[**AdminCreateSelfServiceRecoveryLink**](V0alpha2Api.md#AdminCreateSelfServiceRecoveryLink) | **Post** /admin/recovery/link | Create a Recovery Link +[**AdminDeleteIdentity**](V0alpha2Api.md#AdminDeleteIdentity) | **Delete** /admin/identities/{id} | Delete an Identity [**AdminDeleteIdentitySessions**](V0alpha2Api.md#AdminDeleteIdentitySessions) | **Delete** /admin/identities/{id}/sessions | Calling this endpoint irrecoverably and permanently deletes and invalidates all sessions that belong to the given Identity. [**AdminExtendSession**](V0alpha2Api.md#AdminExtendSession) | **Patch** /admin/sessions/{id}/extend | Calling this endpoint extends the given session ID. If `session.earliest_possible_extend` is set it will only extend the session after the specified time has passed. -[**AdminGetIdentity**](V0alpha2Api.md#AdminGetIdentity) | **Get** /admin/identities/{id} | # Get an Identity -[**AdminListIdentities**](V0alpha2Api.md#AdminListIdentities) | **Get** /admin/identities | # List Identities +[**AdminGetIdentity**](V0alpha2Api.md#AdminGetIdentity) | **Get** /admin/identities/{id} | Get an Identity +[**AdminListCourierMessages**](V0alpha2Api.md#AdminListCourierMessages) | **Get** /admin/courier/messages | List Messages +[**AdminListIdentities**](V0alpha2Api.md#AdminListIdentities) | **Get** /admin/identities | List Identities [**AdminListIdentitySessions**](V0alpha2Api.md#AdminListIdentitySessions) | **Get** /admin/identities/{id}/sessions | This endpoint returns all sessions that belong to the given Identity. [**AdminPatchIdentity**](V0alpha2Api.md#AdminPatchIdentity) | **Patch** /admin/identities/{id} | Partially updates an Identity's field using [JSON Patch](https://jsonpatch.com/) -[**AdminUpdateIdentity**](V0alpha2Api.md#AdminUpdateIdentity) | **Put** /admin/identities/{id} | # Update an Identity -[**CreateSelfServiceLogoutFlowUrlForBrowsers**](V0alpha2Api.md#CreateSelfServiceLogoutFlowUrlForBrowsers) | **Get** /self-service/logout/browser | # Create a Logout URL for Browsers +[**AdminUpdateIdentity**](V0alpha2Api.md#AdminUpdateIdentity) | **Put** /admin/identities/{id} | Update an Identity +[**CreateSelfServiceLogoutFlowUrlForBrowsers**](V0alpha2Api.md#CreateSelfServiceLogoutFlowUrlForBrowsers) | **Get** /self-service/logout/browser | Create a Logout URL for Browsers [**GetIdentitySchema**](V0alpha2Api.md#GetIdentitySchema) | **Get** /schemas/{id} | -[**GetSelfServiceError**](V0alpha2Api.md#GetSelfServiceError) | **Get** /self-service/errors | # Get Self-Service Errors -[**GetSelfServiceLoginFlow**](V0alpha2Api.md#GetSelfServiceLoginFlow) | **Get** /self-service/login/flows | # Get Login Flow -[**GetSelfServiceRecoveryFlow**](V0alpha2Api.md#GetSelfServiceRecoveryFlow) | **Get** /self-service/recovery/flows | # Get Recovery Flow -[**GetSelfServiceRegistrationFlow**](V0alpha2Api.md#GetSelfServiceRegistrationFlow) | **Get** /self-service/registration/flows | # Get Registration Flow -[**GetSelfServiceSettingsFlow**](V0alpha2Api.md#GetSelfServiceSettingsFlow) | **Get** /self-service/settings/flows | # Get Settings Flow -[**GetSelfServiceVerificationFlow**](V0alpha2Api.md#GetSelfServiceVerificationFlow) | **Get** /self-service/verification/flows | # Get Verification Flow -[**GetWebAuthnJavaScript**](V0alpha2Api.md#GetWebAuthnJavaScript) | **Get** /.well-known/ory/webauthn.js | # Get WebAuthn JavaScript -[**InitializeSelfServiceLoginFlowForBrowsers**](V0alpha2Api.md#InitializeSelfServiceLoginFlowForBrowsers) | **Get** /self-service/login/browser | # Initialize Login Flow for Browsers +[**GetSelfServiceError**](V0alpha2Api.md#GetSelfServiceError) | **Get** /self-service/errors | Get Self-Service Errors +[**GetSelfServiceLoginFlow**](V0alpha2Api.md#GetSelfServiceLoginFlow) | **Get** /self-service/login/flows | Get Login Flow +[**GetSelfServiceRecoveryFlow**](V0alpha2Api.md#GetSelfServiceRecoveryFlow) | **Get** /self-service/recovery/flows | Get Recovery Flow +[**GetSelfServiceRegistrationFlow**](V0alpha2Api.md#GetSelfServiceRegistrationFlow) | **Get** /self-service/registration/flows | Get Registration Flow +[**GetSelfServiceSettingsFlow**](V0alpha2Api.md#GetSelfServiceSettingsFlow) | **Get** /self-service/settings/flows | Get Settings Flow +[**GetSelfServiceVerificationFlow**](V0alpha2Api.md#GetSelfServiceVerificationFlow) | **Get** /self-service/verification/flows | Get Verification Flow +[**GetWebAuthnJavaScript**](V0alpha2Api.md#GetWebAuthnJavaScript) | **Get** /.well-known/ory/webauthn.js | Get WebAuthn JavaScript +[**InitializeSelfServiceLoginFlowForBrowsers**](V0alpha2Api.md#InitializeSelfServiceLoginFlowForBrowsers) | **Get** /self-service/login/browser | Initialize Login Flow for Browsers [**InitializeSelfServiceLoginFlowWithoutBrowser**](V0alpha2Api.md#InitializeSelfServiceLoginFlowWithoutBrowser) | **Get** /self-service/login/api | Initialize Login Flow for APIs, Services, Apps, ... -[**InitializeSelfServiceRecoveryFlowForBrowsers**](V0alpha2Api.md#InitializeSelfServiceRecoveryFlowForBrowsers) | **Get** /self-service/recovery/browser | # Initialize Recovery Flow for Browsers +[**InitializeSelfServiceRecoveryFlowForBrowsers**](V0alpha2Api.md#InitializeSelfServiceRecoveryFlowForBrowsers) | **Get** /self-service/recovery/browser | Initialize Recovery Flow for Browsers [**InitializeSelfServiceRecoveryFlowWithoutBrowser**](V0alpha2Api.md#InitializeSelfServiceRecoveryFlowWithoutBrowser) | **Get** /self-service/recovery/api | Initialize Recovery Flow for APIs, Services, Apps, ... -[**InitializeSelfServiceRegistrationFlowForBrowsers**](V0alpha2Api.md#InitializeSelfServiceRegistrationFlowForBrowsers) | **Get** /self-service/registration/browser | # Initialize Registration Flow for Browsers +[**InitializeSelfServiceRegistrationFlowForBrowsers**](V0alpha2Api.md#InitializeSelfServiceRegistrationFlowForBrowsers) | **Get** /self-service/registration/browser | Initialize Registration Flow for Browsers [**InitializeSelfServiceRegistrationFlowWithoutBrowser**](V0alpha2Api.md#InitializeSelfServiceRegistrationFlowWithoutBrowser) | **Get** /self-service/registration/api | Initialize Registration Flow for APIs, Services, Apps, ... -[**InitializeSelfServiceSettingsFlowForBrowsers**](V0alpha2Api.md#InitializeSelfServiceSettingsFlowForBrowsers) | **Get** /self-service/settings/browser | # Initialize Settings Flow for Browsers +[**InitializeSelfServiceSettingsFlowForBrowsers**](V0alpha2Api.md#InitializeSelfServiceSettingsFlowForBrowsers) | **Get** /self-service/settings/browser | Initialize Settings Flow for Browsers [**InitializeSelfServiceSettingsFlowWithoutBrowser**](V0alpha2Api.md#InitializeSelfServiceSettingsFlowWithoutBrowser) | **Get** /self-service/settings/api | Initialize Settings Flow for APIs, Services, Apps, ... -[**InitializeSelfServiceVerificationFlowForBrowsers**](V0alpha2Api.md#InitializeSelfServiceVerificationFlowForBrowsers) | **Get** /self-service/verification/browser | # Initialize Verification Flow for Browser Clients +[**InitializeSelfServiceVerificationFlowForBrowsers**](V0alpha2Api.md#InitializeSelfServiceVerificationFlowForBrowsers) | **Get** /self-service/verification/browser | Initialize Verification Flow for Browser Clients [**InitializeSelfServiceVerificationFlowWithoutBrowser**](V0alpha2Api.md#InitializeSelfServiceVerificationFlowWithoutBrowser) | **Get** /self-service/verification/api | Initialize Verification Flow for APIs, Services, Apps, ... [**ListIdentitySchemas**](V0alpha2Api.md#ListIdentitySchemas) | **Get** /schemas | [**ListSessions**](V0alpha2Api.md#ListSessions) | **Get** /sessions | This endpoints returns all other active sessions that belong to the logged-in user. The current session can be retrieved by calling the `/sessions/whoami` endpoint. [**RevokeSession**](V0alpha2Api.md#RevokeSession) | **Delete** /sessions/{id} | Calling this endpoint invalidates the specified session. The current session cannot be revoked. Session data are not deleted. [**RevokeSessions**](V0alpha2Api.md#RevokeSessions) | **Delete** /sessions | Calling this endpoint invalidates all except the current session that belong to the logged-in user. Session data are not deleted. -[**SubmitSelfServiceLoginFlow**](V0alpha2Api.md#SubmitSelfServiceLoginFlow) | **Post** /self-service/login | # Submit a Login Flow -[**SubmitSelfServiceLogoutFlow**](V0alpha2Api.md#SubmitSelfServiceLogoutFlow) | **Get** /self-service/logout | # Complete Self-Service Logout +[**SubmitSelfServiceLoginFlow**](V0alpha2Api.md#SubmitSelfServiceLoginFlow) | **Post** /self-service/login | Submit a Login Flow +[**SubmitSelfServiceLogoutFlow**](V0alpha2Api.md#SubmitSelfServiceLogoutFlow) | **Get** /self-service/logout | Complete Self-Service Logout [**SubmitSelfServiceLogoutFlowWithoutBrowser**](V0alpha2Api.md#SubmitSelfServiceLogoutFlowWithoutBrowser) | **Delete** /self-service/logout/api | Perform Logout for APIs, Services, Apps, ... -[**SubmitSelfServiceRecoveryFlow**](V0alpha2Api.md#SubmitSelfServiceRecoveryFlow) | **Post** /self-service/recovery | # Complete Recovery Flow -[**SubmitSelfServiceRegistrationFlow**](V0alpha2Api.md#SubmitSelfServiceRegistrationFlow) | **Post** /self-service/registration | # Submit a Registration Flow -[**SubmitSelfServiceSettingsFlow**](V0alpha2Api.md#SubmitSelfServiceSettingsFlow) | **Post** /self-service/settings | # Complete Settings Flow -[**SubmitSelfServiceVerificationFlow**](V0alpha2Api.md#SubmitSelfServiceVerificationFlow) | **Post** /self-service/verification | # Complete Verification Flow -[**ToSession**](V0alpha2Api.md#ToSession) | **Get** /sessions/whoami | # Check Who the Current HTTP Session Belongs To +[**SubmitSelfServiceRecoveryFlow**](V0alpha2Api.md#SubmitSelfServiceRecoveryFlow) | **Post** /self-service/recovery | Complete Recovery Flow +[**SubmitSelfServiceRegistrationFlow**](V0alpha2Api.md#SubmitSelfServiceRegistrationFlow) | **Post** /self-service/registration | Submit a Registration Flow +[**SubmitSelfServiceSettingsFlow**](V0alpha2Api.md#SubmitSelfServiceSettingsFlow) | **Post** /self-service/settings | Complete Settings Flow +[**SubmitSelfServiceVerificationFlow**](V0alpha2Api.md#SubmitSelfServiceVerificationFlow) | **Post** /self-service/verification | Complete Verification Flow +[**ToSession**](V0alpha2Api.md#ToSession) | **Get** /sessions/whoami | Check Who the Current HTTP Session Belongs To @@ -52,7 +53,7 @@ Method | HTTP request | Description > Identity AdminCreateIdentity(ctx).AdminCreateIdentityBody(adminCreateIdentityBody).Execute() -# Create an Identity +Create an Identity @@ -118,7 +119,7 @@ Name | Type | Description | Notes > SelfServiceRecoveryLink AdminCreateSelfServiceRecoveryLink(ctx).AdminCreateSelfServiceRecoveryLinkBody(adminCreateSelfServiceRecoveryLinkBody).Execute() -# Create a Recovery Link +Create a Recovery Link @@ -184,7 +185,7 @@ No authorization required > AdminDeleteIdentity(ctx, id).Execute() -# Delete an Identity +Delete an Identity @@ -390,7 +391,7 @@ Name | Type | Description | Notes > Identity AdminGetIdentity(ctx, id).IncludeCredential(includeCredential).Execute() -# Get an Identity +Get an Identity @@ -458,11 +459,83 @@ Name | Type | Description | Notes [[Back to README]](../README.md) +## AdminListCourierMessages + +> []Message AdminListCourierMessages(ctx).PerPage(perPage).Page(page).Status(status).Recipient(recipient).Execute() + +List Messages + + + +### Example + +```go +package main + +import ( + "context" + "fmt" + "os" + openapiclient "./openapi" +) + +func main() { + perPage := int64(789) // int64 | Items per Page This is the number of items per page. (optional) (default to 250) + page := int64(789) // int64 | Pagination Page This value is currently an integer, but it is not sequential. The value is not the page number, but a reference. The next page can be any number and some numbers might return an empty list. For example, page 2 might not follow after page 1. And even if page 3 and 5 exist, but page 4 might not exist. (optional) (default to 1) + status := openapiclient.courierMessageStatus("queued") // CourierMessageStatus | Status filters out messages based on status. If no value is provided, it doesn't take effect on filter. (optional) + recipient := "recipient_example" // string | Recipient filters out messages based on recipient. If no value is provided, it doesn't take effect on filter. (optional) + + configuration := openapiclient.NewConfiguration() + apiClient := openapiclient.NewAPIClient(configuration) + resp, r, err := apiClient.V0alpha2Api.AdminListCourierMessages(context.Background()).PerPage(perPage).Page(page).Status(status).Recipient(recipient).Execute() + if err != nil { + fmt.Fprintf(os.Stderr, "Error when calling `V0alpha2Api.AdminListCourierMessages``: %v\n", err) + fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r) + } + // response from `AdminListCourierMessages`: []Message + fmt.Fprintf(os.Stdout, "Response from `V0alpha2Api.AdminListCourierMessages`: %v\n", resp) +} +``` + +### Path Parameters + + + +### Other Parameters + +Other parameters are passed through a pointer to a apiAdminListCourierMessagesRequest struct via the builder pattern + + +Name | Type | Description | Notes +------------- | ------------- | ------------- | ------------- + **perPage** | **int64** | Items per Page This is the number of items per page. | [default to 250] + **page** | **int64** | Pagination Page This value is currently an integer, but it is not sequential. The value is not the page number, but a reference. The next page can be any number and some numbers might return an empty list. For example, page 2 might not follow after page 1. And even if page 3 and 5 exist, but page 4 might not exist. | [default to 1] + **status** | [**CourierMessageStatus**](CourierMessageStatus.md) | Status filters out messages based on status. If no value is provided, it doesn't take effect on filter. | + **recipient** | **string** | Recipient filters out messages based on recipient. If no value is provided, it doesn't take effect on filter. | + +### Return type + +[**[]Message**](Message.md) + +### Authorization + +No authorization required + +### HTTP request headers + +- **Content-Type**: Not defined +- **Accept**: application/json + +[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints) +[[Back to Model list]](../README.md#documentation-for-models) +[[Back to README]](../README.md) + + ## AdminListIdentities > []Identity AdminListIdentities(ctx).PerPage(perPage).Page(page).Execute() -# List Identities +List Identities @@ -678,7 +751,7 @@ Name | Type | Description | Notes > Identity AdminUpdateIdentity(ctx, id).AdminUpdateIdentityBody(adminUpdateIdentityBody).Execute() -# Update an Identity +Update an Identity @@ -750,7 +823,7 @@ Name | Type | Description | Notes > SelfServiceLogoutUrl CreateSelfServiceLogoutFlowUrlForBrowsers(ctx).Cookie(cookie).Execute() -# Create a Logout URL for Browsers +Create a Logout URL for Browsers @@ -886,7 +959,7 @@ No authorization required > SelfServiceError GetSelfServiceError(ctx).Id(id).Execute() -# Get Self-Service Errors +Get Self-Service Errors @@ -952,7 +1025,7 @@ No authorization required > SelfServiceLoginFlow GetSelfServiceLoginFlow(ctx).Id(id).Cookie(cookie).Execute() -# Get Login Flow +Get Login Flow @@ -1020,7 +1093,7 @@ No authorization required > SelfServiceRecoveryFlow GetSelfServiceRecoveryFlow(ctx).Id(id).Cookie(cookie).Execute() -# Get Recovery Flow +Get Recovery Flow @@ -1088,7 +1161,7 @@ No authorization required > SelfServiceRegistrationFlow GetSelfServiceRegistrationFlow(ctx).Id(id).Cookie(cookie).Execute() -# Get Registration Flow +Get Registration Flow @@ -1156,7 +1229,7 @@ No authorization required > SelfServiceSettingsFlow GetSelfServiceSettingsFlow(ctx).Id(id).XSessionToken(xSessionToken).Cookie(cookie).Execute() -# Get Settings Flow +Get Settings Flow @@ -1226,7 +1299,7 @@ No authorization required > SelfServiceVerificationFlow GetSelfServiceVerificationFlow(ctx).Id(id).Cookie(cookie).Execute() -# Get Verification Flow +Get Verification Flow @@ -1294,7 +1367,7 @@ No authorization required > string GetWebAuthnJavaScript(ctx).Execute() -# Get WebAuthn JavaScript +Get WebAuthn JavaScript @@ -1355,7 +1428,7 @@ No authorization required > SelfServiceLoginFlow InitializeSelfServiceLoginFlowForBrowsers(ctx).Refresh(refresh).Aal(aal).ReturnTo(returnTo).Cookie(cookie).Execute() -# Initialize Login Flow for Browsers +Initialize Login Flow for Browsers @@ -1497,7 +1570,7 @@ No authorization required > SelfServiceRecoveryFlow InitializeSelfServiceRecoveryFlowForBrowsers(ctx).ReturnTo(returnTo).Execute() -# Initialize Recovery Flow for Browsers +Initialize Recovery Flow for Browsers @@ -1624,7 +1697,7 @@ No authorization required > SelfServiceRegistrationFlow InitializeSelfServiceRegistrationFlowForBrowsers(ctx).ReturnTo(returnTo).Execute() -# Initialize Registration Flow for Browsers +Initialize Registration Flow for Browsers @@ -1751,7 +1824,7 @@ No authorization required > SelfServiceSettingsFlow InitializeSelfServiceSettingsFlowForBrowsers(ctx).ReturnTo(returnTo).Cookie(cookie).Execute() -# Initialize Settings Flow for Browsers +Initialize Settings Flow for Browsers @@ -1885,7 +1958,7 @@ No authorization required > SelfServiceVerificationFlow InitializeSelfServiceVerificationFlowForBrowsers(ctx).ReturnTo(returnTo).Execute() -# Initialize Verification Flow for Browser Clients +Initialize Verification Flow for Browser Clients @@ -2288,7 +2361,7 @@ No authorization required > SuccessfulSelfServiceLoginWithoutBrowser SubmitSelfServiceLoginFlow(ctx).Flow(flow).SubmitSelfServiceLoginFlowBody(submitSelfServiceLoginFlowBody).XSessionToken(xSessionToken).Cookie(cookie).Execute() -# Submit a Login Flow +Submit a Login Flow @@ -2360,7 +2433,7 @@ No authorization required > SubmitSelfServiceLogoutFlow(ctx).Token(token).ReturnTo(returnTo).Execute() -# Complete Self-Service Logout +Complete Self-Service Logout @@ -2490,7 +2563,7 @@ No authorization required > SelfServiceRecoveryFlow SubmitSelfServiceRecoveryFlow(ctx).Flow(flow).SubmitSelfServiceRecoveryFlowBody(submitSelfServiceRecoveryFlowBody).Token(token).Cookie(cookie).Execute() -# Complete Recovery Flow +Complete Recovery Flow @@ -2562,7 +2635,7 @@ No authorization required > SuccessfulSelfServiceRegistrationWithoutBrowser SubmitSelfServiceRegistrationFlow(ctx).Flow(flow).SubmitSelfServiceRegistrationFlowBody(submitSelfServiceRegistrationFlowBody).Cookie(cookie).Execute() -# Submit a Registration Flow +Submit a Registration Flow @@ -2632,7 +2705,7 @@ No authorization required > SelfServiceSettingsFlow SubmitSelfServiceSettingsFlow(ctx).Flow(flow).SubmitSelfServiceSettingsFlowBody(submitSelfServiceSettingsFlowBody).XSessionToken(xSessionToken).Cookie(cookie).Execute() -# Complete Settings Flow +Complete Settings Flow @@ -2704,7 +2777,7 @@ No authorization required > SelfServiceVerificationFlow SubmitSelfServiceVerificationFlow(ctx).Flow(flow).SubmitSelfServiceVerificationFlowBody(submitSelfServiceVerificationFlowBody).Token(token).Cookie(cookie).Execute() -# Complete Verification Flow +Complete Verification Flow @@ -2776,7 +2849,7 @@ No authorization required > Session ToSession(ctx).XSessionToken(xSessionToken).Cookie(cookie).Execute() -# Check Who the Current HTTP Session Belongs To +Check Who the Current HTTP Session Belongs To diff --git a/internal/httpclient/model_courier_message_status.go b/internal/httpclient/model_courier_message_status.go new file mode 100644 index 000000000000..4dc4e591ea21 --- /dev/null +++ b/internal/httpclient/model_courier_message_status.go @@ -0,0 +1,86 @@ +/* + * Ory Kratos API + * + * Documentation for all public and administrative Ory Kratos APIs. Public and administrative APIs are exposed on different ports. Public APIs can face the public internet without any protection while administrative APIs should never be exposed without prior authorization. To protect the administative API port you should use something like Nginx, Ory Oathkeeper, or any other technology capable of authorizing incoming requests. + * + * API version: 1.0.0 + * Contact: hi@ory.sh + */ + +// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT. + +package client + +import ( + "encoding/json" + "fmt" +) + +// CourierMessageStatus A Message's Status +type CourierMessageStatus string + +// List of courierMessageStatus +const ( + COURIERMESSAGESTATUS_QUEUED CourierMessageStatus = "queued" + COURIERMESSAGESTATUS_SENT CourierMessageStatus = "sent" + COURIERMESSAGESTATUS_PROCESSING CourierMessageStatus = "processing" + COURIERMESSAGESTATUS_ABANDONED CourierMessageStatus = "abandoned" +) + +func (v *CourierMessageStatus) UnmarshalJSON(src []byte) error { + var value string + err := json.Unmarshal(src, &value) + if err != nil { + return err + } + enumTypeValue := CourierMessageStatus(value) + for _, existing := range []CourierMessageStatus{"queued", "sent", "processing", "abandoned"} { + if existing == enumTypeValue { + *v = enumTypeValue + return nil + } + } + + return fmt.Errorf("%+v is not a valid CourierMessageStatus", value) +} + +// Ptr returns reference to courierMessageStatus value +func (v CourierMessageStatus) Ptr() *CourierMessageStatus { + return &v +} + +type NullableCourierMessageStatus struct { + value *CourierMessageStatus + isSet bool +} + +func (v NullableCourierMessageStatus) Get() *CourierMessageStatus { + return v.value +} + +func (v *NullableCourierMessageStatus) Set(val *CourierMessageStatus) { + v.value = val + v.isSet = true +} + +func (v NullableCourierMessageStatus) IsSet() bool { + return v.isSet +} + +func (v *NullableCourierMessageStatus) Unset() { + v.value = nil + v.isSet = false +} + +func NewNullableCourierMessageStatus(val *CourierMessageStatus) *NullableCourierMessageStatus { + return &NullableCourierMessageStatus{value: val, isSet: true} +} + +func (v NullableCourierMessageStatus) MarshalJSON() ([]byte, error) { + return json.Marshal(v.value) +} + +func (v *NullableCourierMessageStatus) UnmarshalJSON(src []byte) error { + v.isSet = true + return json.Unmarshal(src, &v.value) +} diff --git a/internal/httpclient/model_courier_message_type.go b/internal/httpclient/model_courier_message_type.go new file mode 100644 index 000000000000..ccad53deffc4 --- /dev/null +++ b/internal/httpclient/model_courier_message_type.go @@ -0,0 +1,84 @@ +/* + * Ory Kratos API + * + * Documentation for all public and administrative Ory Kratos APIs. Public and administrative APIs are exposed on different ports. Public APIs can face the public internet without any protection while administrative APIs should never be exposed without prior authorization. To protect the administative API port you should use something like Nginx, Ory Oathkeeper, or any other technology capable of authorizing incoming requests. + * + * API version: 1.0.0 + * Contact: hi@ory.sh + */ + +// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT. + +package client + +import ( + "encoding/json" + "fmt" +) + +// CourierMessageType It can either be `email` or `phone` +type CourierMessageType string + +// List of courierMessageType +const ( + COURIERMESSAGETYPE_EMAIL CourierMessageType = "email" + COURIERMESSAGETYPE_PHONE CourierMessageType = "phone" +) + +func (v *CourierMessageType) UnmarshalJSON(src []byte) error { + var value string + err := json.Unmarshal(src, &value) + if err != nil { + return err + } + enumTypeValue := CourierMessageType(value) + for _, existing := range []CourierMessageType{"email", "phone"} { + if existing == enumTypeValue { + *v = enumTypeValue + return nil + } + } + + return fmt.Errorf("%+v is not a valid CourierMessageType", value) +} + +// Ptr returns reference to courierMessageType value +func (v CourierMessageType) Ptr() *CourierMessageType { + return &v +} + +type NullableCourierMessageType struct { + value *CourierMessageType + isSet bool +} + +func (v NullableCourierMessageType) Get() *CourierMessageType { + return v.value +} + +func (v *NullableCourierMessageType) Set(val *CourierMessageType) { + v.value = val + v.isSet = true +} + +func (v NullableCourierMessageType) IsSet() bool { + return v.isSet +} + +func (v *NullableCourierMessageType) Unset() { + v.value = nil + v.isSet = false +} + +func NewNullableCourierMessageType(val *CourierMessageType) *NullableCourierMessageType { + return &NullableCourierMessageType{value: val, isSet: true} +} + +func (v NullableCourierMessageType) MarshalJSON() ([]byte, error) { + return json.Marshal(v.value) +} + +func (v *NullableCourierMessageType) UnmarshalJSON(src []byte) error { + v.isSet = true + return json.Unmarshal(src, &v.value) +} diff --git a/internal/httpclient/model_message.go b/internal/httpclient/model_message.go new file mode 100644 index 000000000000..6d89483bc105 --- /dev/null +++ b/internal/httpclient/model_message.go @@ -0,0 +1,441 @@ +/* + * Ory Kratos API + * + * Documentation for all public and administrative Ory Kratos APIs. Public and administrative APIs are exposed on different ports. Public APIs can face the public internet without any protection while administrative APIs should never be exposed without prior authorization. To protect the administative API port you should use something like Nginx, Ory Oathkeeper, or any other technology capable of authorizing incoming requests. + * + * API version: 1.0.0 + * Contact: hi@ory.sh + */ + +// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT. + +package client + +import ( + "encoding/json" + "time" +) + +// Message struct for Message +type Message struct { + Body *string `json:"body,omitempty"` + // CreatedAt is a helper struct field for gobuffalo.pop. + CreatedAt *time.Time `json:"created_at,omitempty"` + Id *string `json:"id,omitempty"` + Recipient *string `json:"recipient,omitempty"` + SendCount *int64 `json:"send_count,omitempty"` + Status *CourierMessageStatus `json:"status,omitempty"` + Subject *string `json:"subject,omitempty"` + TemplateType *string `json:"template_type,omitempty"` + Type *CourierMessageType `json:"type,omitempty"` + // UpdatedAt is a helper struct field for gobuffalo.pop. + UpdatedAt *time.Time `json:"updated_at,omitempty"` +} + +// NewMessage instantiates a new Message object +// This constructor will assign default values to properties that have it defined, +// and makes sure properties required by API are set, but the set of arguments +// will change when the set of required properties is changed +func NewMessage() *Message { + this := Message{} + return &this +} + +// NewMessageWithDefaults instantiates a new Message object +// This constructor will only assign default values to properties that have it defined, +// but it doesn't guarantee that properties required by API are set +func NewMessageWithDefaults() *Message { + this := Message{} + return &this +} + +// GetBody returns the Body field value if set, zero value otherwise. +func (o *Message) GetBody() string { + if o == nil || o.Body == nil { + var ret string + return ret + } + return *o.Body +} + +// GetBodyOk returns a tuple with the Body field value if set, nil otherwise +// and a boolean to check if the value has been set. +func (o *Message) GetBodyOk() (*string, bool) { + if o == nil || o.Body == nil { + return nil, false + } + return o.Body, true +} + +// HasBody returns a boolean if a field has been set. +func (o *Message) HasBody() bool { + if o != nil && o.Body != nil { + return true + } + + return false +} + +// SetBody gets a reference to the given string and assigns it to the Body field. +func (o *Message) SetBody(v string) { + o.Body = &v +} + +// GetCreatedAt returns the CreatedAt field value if set, zero value otherwise. +func (o *Message) GetCreatedAt() time.Time { + if o == nil || o.CreatedAt == nil { + var ret time.Time + return ret + } + return *o.CreatedAt +} + +// GetCreatedAtOk returns a tuple with the CreatedAt field value if set, nil otherwise +// and a boolean to check if the value has been set. +func (o *Message) GetCreatedAtOk() (*time.Time, bool) { + if o == nil || o.CreatedAt == nil { + return nil, false + } + return o.CreatedAt, true +} + +// HasCreatedAt returns a boolean if a field has been set. +func (o *Message) HasCreatedAt() bool { + if o != nil && o.CreatedAt != nil { + return true + } + + return false +} + +// SetCreatedAt gets a reference to the given time.Time and assigns it to the CreatedAt field. +func (o *Message) SetCreatedAt(v time.Time) { + o.CreatedAt = &v +} + +// GetId returns the Id field value if set, zero value otherwise. +func (o *Message) GetId() string { + if o == nil || o.Id == nil { + var ret string + return ret + } + return *o.Id +} + +// GetIdOk returns a tuple with the Id field value if set, nil otherwise +// and a boolean to check if the value has been set. +func (o *Message) GetIdOk() (*string, bool) { + if o == nil || o.Id == nil { + return nil, false + } + return o.Id, true +} + +// HasId returns a boolean if a field has been set. +func (o *Message) HasId() bool { + if o != nil && o.Id != nil { + return true + } + + return false +} + +// SetId gets a reference to the given string and assigns it to the Id field. +func (o *Message) SetId(v string) { + o.Id = &v +} + +// GetRecipient returns the Recipient field value if set, zero value otherwise. +func (o *Message) GetRecipient() string { + if o == nil || o.Recipient == nil { + var ret string + return ret + } + return *o.Recipient +} + +// GetRecipientOk returns a tuple with the Recipient field value if set, nil otherwise +// and a boolean to check if the value has been set. +func (o *Message) GetRecipientOk() (*string, bool) { + if o == nil || o.Recipient == nil { + return nil, false + } + return o.Recipient, true +} + +// HasRecipient returns a boolean if a field has been set. +func (o *Message) HasRecipient() bool { + if o != nil && o.Recipient != nil { + return true + } + + return false +} + +// SetRecipient gets a reference to the given string and assigns it to the Recipient field. +func (o *Message) SetRecipient(v string) { + o.Recipient = &v +} + +// GetSendCount returns the SendCount field value if set, zero value otherwise. +func (o *Message) GetSendCount() int64 { + if o == nil || o.SendCount == nil { + var ret int64 + return ret + } + return *o.SendCount +} + +// GetSendCountOk returns a tuple with the SendCount field value if set, nil otherwise +// and a boolean to check if the value has been set. +func (o *Message) GetSendCountOk() (*int64, bool) { + if o == nil || o.SendCount == nil { + return nil, false + } + return o.SendCount, true +} + +// HasSendCount returns a boolean if a field has been set. +func (o *Message) HasSendCount() bool { + if o != nil && o.SendCount != nil { + return true + } + + return false +} + +// SetSendCount gets a reference to the given int64 and assigns it to the SendCount field. +func (o *Message) SetSendCount(v int64) { + o.SendCount = &v +} + +// GetStatus returns the Status field value if set, zero value otherwise. +func (o *Message) GetStatus() CourierMessageStatus { + if o == nil || o.Status == nil { + var ret CourierMessageStatus + return ret + } + return *o.Status +} + +// GetStatusOk returns a tuple with the Status field value if set, nil otherwise +// and a boolean to check if the value has been set. +func (o *Message) GetStatusOk() (*CourierMessageStatus, bool) { + if o == nil || o.Status == nil { + return nil, false + } + return o.Status, true +} + +// HasStatus returns a boolean if a field has been set. +func (o *Message) HasStatus() bool { + if o != nil && o.Status != nil { + return true + } + + return false +} + +// SetStatus gets a reference to the given CourierMessageStatus and assigns it to the Status field. +func (o *Message) SetStatus(v CourierMessageStatus) { + o.Status = &v +} + +// GetSubject returns the Subject field value if set, zero value otherwise. +func (o *Message) GetSubject() string { + if o == nil || o.Subject == nil { + var ret string + return ret + } + return *o.Subject +} + +// GetSubjectOk returns a tuple with the Subject field value if set, nil otherwise +// and a boolean to check if the value has been set. +func (o *Message) GetSubjectOk() (*string, bool) { + if o == nil || o.Subject == nil { + return nil, false + } + return o.Subject, true +} + +// HasSubject returns a boolean if a field has been set. +func (o *Message) HasSubject() bool { + if o != nil && o.Subject != nil { + return true + } + + return false +} + +// SetSubject gets a reference to the given string and assigns it to the Subject field. +func (o *Message) SetSubject(v string) { + o.Subject = &v +} + +// GetTemplateType returns the TemplateType field value if set, zero value otherwise. +func (o *Message) GetTemplateType() string { + if o == nil || o.TemplateType == nil { + var ret string + return ret + } + return *o.TemplateType +} + +// GetTemplateTypeOk returns a tuple with the TemplateType field value if set, nil otherwise +// and a boolean to check if the value has been set. +func (o *Message) GetTemplateTypeOk() (*string, bool) { + if o == nil || o.TemplateType == nil { + return nil, false + } + return o.TemplateType, true +} + +// HasTemplateType returns a boolean if a field has been set. +func (o *Message) HasTemplateType() bool { + if o != nil && o.TemplateType != nil { + return true + } + + return false +} + +// SetTemplateType gets a reference to the given string and assigns it to the TemplateType field. +func (o *Message) SetTemplateType(v string) { + o.TemplateType = &v +} + +// GetType returns the Type field value if set, zero value otherwise. +func (o *Message) GetType() CourierMessageType { + if o == nil || o.Type == nil { + var ret CourierMessageType + return ret + } + return *o.Type +} + +// GetTypeOk returns a tuple with the Type field value if set, nil otherwise +// and a boolean to check if the value has been set. +func (o *Message) GetTypeOk() (*CourierMessageType, bool) { + if o == nil || o.Type == nil { + return nil, false + } + return o.Type, true +} + +// HasType returns a boolean if a field has been set. +func (o *Message) HasType() bool { + if o != nil && o.Type != nil { + return true + } + + return false +} + +// SetType gets a reference to the given CourierMessageType and assigns it to the Type field. +func (o *Message) SetType(v CourierMessageType) { + o.Type = &v +} + +// GetUpdatedAt returns the UpdatedAt field value if set, zero value otherwise. +func (o *Message) GetUpdatedAt() time.Time { + if o == nil || o.UpdatedAt == nil { + var ret time.Time + return ret + } + return *o.UpdatedAt +} + +// GetUpdatedAtOk returns a tuple with the UpdatedAt field value if set, nil otherwise +// and a boolean to check if the value has been set. +func (o *Message) GetUpdatedAtOk() (*time.Time, bool) { + if o == nil || o.UpdatedAt == nil { + return nil, false + } + return o.UpdatedAt, true +} + +// HasUpdatedAt returns a boolean if a field has been set. +func (o *Message) HasUpdatedAt() bool { + if o != nil && o.UpdatedAt != nil { + return true + } + + return false +} + +// SetUpdatedAt gets a reference to the given time.Time and assigns it to the UpdatedAt field. +func (o *Message) SetUpdatedAt(v time.Time) { + o.UpdatedAt = &v +} + +func (o Message) MarshalJSON() ([]byte, error) { + toSerialize := map[string]interface{}{} + if o.Body != nil { + toSerialize["body"] = o.Body + } + if o.CreatedAt != nil { + toSerialize["created_at"] = o.CreatedAt + } + if o.Id != nil { + toSerialize["id"] = o.Id + } + if o.Recipient != nil { + toSerialize["recipient"] = o.Recipient + } + if o.SendCount != nil { + toSerialize["send_count"] = o.SendCount + } + if o.Status != nil { + toSerialize["status"] = o.Status + } + if o.Subject != nil { + toSerialize["subject"] = o.Subject + } + if o.TemplateType != nil { + toSerialize["template_type"] = o.TemplateType + } + if o.Type != nil { + toSerialize["type"] = o.Type + } + if o.UpdatedAt != nil { + toSerialize["updated_at"] = o.UpdatedAt + } + return json.Marshal(toSerialize) +} + +type NullableMessage struct { + value *Message + isSet bool +} + +func (v NullableMessage) Get() *Message { + return v.value +} + +func (v *NullableMessage) Set(val *Message) { + v.value = val + v.isSet = true +} + +func (v NullableMessage) IsSet() bool { + return v.isSet +} + +func (v *NullableMessage) Unset() { + v.value = nil + v.isSet = false +} + +func NewNullableMessage(val *Message) *NullableMessage { + return &NullableMessage{value: val, isSet: true} +} + +func (v NullableMessage) MarshalJSON() ([]byte, error) { + return json.Marshal(v.value) +} + +func (v *NullableMessage) UnmarshalJSON(src []byte) error { + v.isSet = true + return json.Unmarshal(src, &v.value) +} diff --git a/persistence/sql/persister_courier.go b/persistence/sql/persister_courier.go index 81b92edbe6d7..9530e7aff7b0 100644 --- a/persistence/sql/persister_courier.go +++ b/persistence/sql/persister_courier.go @@ -25,6 +25,33 @@ func (p *Persister) AddMessage(ctx context.Context, m *courier.Message) error { return sqlcon.HandleError(p.GetConnection(ctx).Create(m)) // do not create eager to avoid identity injection. } +func (p *Persister) ListMessages(ctx context.Context, filter courier.MessagesFilter) ([]courier.Message, int64, error) { + ctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, "persistence.sql.ListMessages") + defer span.End() + + q := p.GetConnection(ctx).Where("nid=?", p.NetworkID(ctx)) + + if filter.Status != nil { + q = q.Where("status=?", *filter.Status) + } + + if filter.Recipient != "" { + q = q.Where("recipient=?", filter.Recipient) + } + + messages := make([]courier.Message, 0) + if err := q.Paginate(filter.Page, filter.PerPage).Order("created_at DESC").All(&messages); err != nil { + return nil, 0, sqlcon.HandleError(err) + } + + count, err := q.Count(&courier.Message{}) + if err != nil { + return nil, 0, sqlcon.HandleError(err) + } + + return messages, int64(count), nil +} + func (p *Persister) NextMessages(ctx context.Context, limit uint8) (messages []courier.Message, err error) { ctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, "persistence.sql.NextMessages") defer span.End() diff --git a/spec/api.json b/spec/api.json index 3608c8028814..4c2715777f82 100755 --- a/spec/api.json +++ b/spec/api.json @@ -53,6 +53,9 @@ "title": "RecoveryAddressType must not exceed 16 characters as that is the limitation in the SQL Schema.", "type": "string" }, + "TemplateType": { + "type": "string" + }, "UUID": { "format": "uuid4", "type": "string" @@ -201,6 +204,32 @@ "title": "Authenticator Assurance Level (AAL)", "type": "string" }, + "courierMessageList": { + "items": { + "$ref": "#/components/schemas/message" + }, + "title": "A list of messages.", + "type": "array" + }, + "courierMessageStatus": { + "description": "A Message's Status", + "enum": [ + "queued", + "sent", + "processing", + "abandoned" + ], + "type": "string" + }, + "courierMessageType": { + "description": "It can either be `email` or `phone`", + "enum": [ + "email", + "phone" + ], + "title": "A Message's Type", + "type": "string" + }, "errorAuthenticatorAssuranceLevelNotSatisfied": { "properties": { "code": { @@ -584,6 +613,47 @@ }, "type": "array" }, + "message": { + "properties": { + "body": { + "type": "string" + }, + "created_at": { + "description": "CreatedAt is a helper struct field for gobuffalo.pop.", + "format": "date-time", + "type": "string" + }, + "id": { + "format": "uuid", + "type": "string" + }, + "recipient": { + "type": "string" + }, + "send_count": { + "format": "int64", + "type": "integer" + }, + "status": { + "$ref": "#/components/schemas/courierMessageStatus" + }, + "subject": { + "type": "string" + }, + "template_type": { + "$ref": "#/components/schemas/TemplateType" + }, + "type": { + "$ref": "#/components/schemas/courierMessageType" + }, + "updated_at": { + "description": "UpdatedAt is a helper struct field for gobuffalo.pop.", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, "needsPrivilegedSessionError": { "properties": { "code": { @@ -2370,7 +2440,90 @@ "description": "webAuthnJavaScript" } }, - "summary": "# Get WebAuthn JavaScript", + "summary": "Get WebAuthn JavaScript", + "tags": [ + "v0alpha2" + ] + } + }, + "/admin/courier/messages": { + "get": { + "description": "Lists all messages by given status and recipient.", + "operationId": "adminListCourierMessages", + "parameters": [ + { + "description": "Items per Page\n\nThis is the number of items per page.", + "in": "query", + "name": "per_page", + "schema": { + "default": 250, + "format": "int64", + "maximum": 1000, + "minimum": 1, + "type": "integer" + } + }, + { + "description": "Pagination Page\n\nThis value is currently an integer, but it is not sequential. The value is not the page number, but a\nreference. The next page can be any number and some numbers might return an empty list.\n\nFor example, page 2 might not follow after page 1. And even if page 3 and 5 exist, but page 4 might not exist.", + "in": "query", + "name": "page", + "schema": { + "default": 1, + "format": "int64", + "minimum": 1, + "type": "integer" + } + }, + { + "description": "Status filters out messages based on status.\nIf no value is provided, it doesn't take effect on filter.", + "in": "query", + "name": "status", + "schema": { + "$ref": "#/components/schemas/courierMessageStatus" + } + }, + { + "description": "Recipient filters out messages based on recipient.\nIf no value is provided, it doesn't take effect on filter.", + "in": "query", + "name": "recipient", + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/courierMessageList" + } + } + }, + "description": "courierMessageList" + }, + "400": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/jsonError" + } + } + }, + "description": "jsonError" + }, + "500": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/jsonError" + } + } + }, + "description": "jsonError" + } + }, + "summary": "List Messages", "tags": [ "v0alpha2" ] @@ -2432,7 +2585,7 @@ "oryAccessToken": [] } ], - "summary": "# List Identities", + "summary": "List Identities", "tags": [ "v0alpha2" ] @@ -2497,7 +2650,7 @@ "oryAccessToken": [] } ], - "summary": "# Create an Identity", + "summary": "Create an Identity", "tags": [ "v0alpha2" ] @@ -2548,7 +2701,7 @@ "oryAccessToken": [] } ], - "summary": "# Delete an Identity", + "summary": "Delete an Identity", "tags": [ "v0alpha2" ] @@ -2615,7 +2768,7 @@ "oryAccessToken": [] } ], - "summary": "# Get an Identity", + "summary": "Get an Identity", "tags": [ "v0alpha2" ] @@ -2787,7 +2940,7 @@ "oryAccessToken": [] } ], - "summary": "# Update an Identity", + "summary": "Update an Identity", "tags": [ "v0alpha2" ] @@ -3027,7 +3180,7 @@ "description": "jsonError" } }, - "summary": "# Create a Recovery Link", + "summary": "Create a Recovery Link", "tags": [ "v0alpha2" ] @@ -3360,7 +3513,7 @@ "description": "jsonError" } }, - "summary": "# Get Self-Service Errors", + "summary": "Get Self-Service Errors", "tags": [ "v0alpha2" ] @@ -3468,7 +3621,7 @@ "description": "jsonError" } }, - "summary": "# Submit a Login Flow", + "summary": "Submit a Login Flow", "tags": [ "v0alpha2" ] @@ -3615,7 +3768,7 @@ "description": "jsonError" } }, - "summary": "# Initialize Login Flow for Browsers", + "summary": "Initialize Login Flow for Browsers", "tags": [ "v0alpha2" ] @@ -3696,7 +3849,7 @@ "description": "jsonError" } }, - "summary": "# Get Login Flow", + "summary": "Get Login Flow", "tags": [ "v0alpha2" ] @@ -3742,7 +3895,7 @@ "description": "jsonError" } }, - "summary": "# Complete Self-Service Logout", + "summary": "Complete Self-Service Logout", "tags": [ "v0alpha2" ] @@ -3840,7 +3993,7 @@ "description": "jsonError" } }, - "summary": "# Create a Logout URL for Browsers", + "summary": "Create a Logout URL for Browsers", "tags": [ "v0alpha2" ] @@ -3938,7 +4091,7 @@ "description": "jsonError" } }, - "summary": "# Complete Recovery Flow", + "summary": "Complete Recovery Flow", "tags": [ "v0alpha2" ] @@ -4035,7 +4188,7 @@ "description": "jsonError" } }, - "summary": "# Initialize Recovery Flow for Browsers", + "summary": "Initialize Recovery Flow for Browsers", "tags": [ "v0alpha2" ] @@ -4106,7 +4259,7 @@ "description": "jsonError" } }, - "summary": "# Get Recovery Flow", + "summary": "Get Recovery Flow", "tags": [ "v0alpha2" ] @@ -4206,7 +4359,7 @@ "description": "jsonError" } }, - "summary": "# Submit a Registration Flow", + "summary": "Submit a Registration Flow", "tags": [ "v0alpha2" ] @@ -4293,7 +4446,7 @@ "description": "jsonError" } }, - "summary": "# Initialize Registration Flow for Browsers", + "summary": "Initialize Registration Flow for Browsers", "tags": [ "v0alpha2" ] @@ -4374,7 +4527,7 @@ "description": "jsonError" } }, - "summary": "# Get Registration Flow", + "summary": "Get Registration Flow", "tags": [ "v0alpha2" ] @@ -4507,7 +4660,7 @@ "sessionToken": [] } ], - "summary": "# Complete Settings Flow", + "summary": "Complete Settings Flow", "tags": [ "v0alpha2" ] @@ -4642,7 +4795,7 @@ "description": "jsonError" } }, - "summary": "# Initialize Settings Flow for Browsers", + "summary": "Initialize Settings Flow for Browsers", "tags": [ "v0alpha2" ] @@ -4741,7 +4894,7 @@ "description": "jsonError" } }, - "summary": "# Get Settings Flow", + "summary": "Get Settings Flow", "tags": [ "v0alpha2" ] @@ -4839,7 +4992,7 @@ "description": "jsonError" } }, - "summary": "# Complete Verification Flow", + "summary": "Complete Verification Flow", "tags": [ "v0alpha2" ] @@ -4926,7 +5079,7 @@ "description": "jsonError" } }, - "summary": "# Initialize Verification Flow for Browser Clients", + "summary": "Initialize Verification Flow for Browser Clients", "tags": [ "v0alpha2" ] @@ -4997,7 +5150,7 @@ "description": "jsonError" } }, - "summary": "# Get Verification Flow", + "summary": "Get Verification Flow", "tags": [ "v0alpha2" ] @@ -5250,7 +5403,7 @@ "description": "jsonError" } }, - "summary": "# Check Who the Current HTTP Session Belongs To", + "summary": "Check Who the Current HTTP Session Belongs To", "tags": [ "v0alpha2" ] diff --git a/spec/swagger.json b/spec/swagger.json index df7b37129a7f..480a2afa8d09 100755 --- a/spec/swagger.json +++ b/spec/swagger.json @@ -31,7 +31,7 @@ "tags": [ "v0alpha2" ], - "summary": "# Get WebAuthn JavaScript", + "summary": "Get WebAuthn JavaScript", "operationId": "getWebAuthnJavaScript", "responses": { "200": { @@ -43,6 +43,77 @@ } } }, + "/admin/courier/messages": { + "get": { + "description": "Lists all messages by given status and recipient.", + "produces": [ + "application/json" + ], + "schemes": [ + "http", + "https" + ], + "tags": [ + "v0alpha2" + ], + "summary": "List Messages", + "operationId": "adminListCourierMessages", + "parameters": [ + { + "maximum": 1000, + "minimum": 1, + "type": "integer", + "format": "int64", + "default": 250, + "description": "Items per Page\n\nThis is the number of items per page.", + "name": "per_page", + "in": "query" + }, + { + "minimum": 1, + "type": "integer", + "format": "int64", + "default": 1, + "description": "Pagination Page\n\nThis value is currently an integer, but it is not sequential. The value is not the page number, but a\nreference. The next page can be any number and some numbers might return an empty list.\n\nFor example, page 2 might not follow after page 1. And even if page 3 and 5 exist, but page 4 might not exist.", + "name": "page", + "in": "query" + }, + { + "type": "integer", + "format": "int64", + "description": "Status filters out messages based on status.\nIf no value is provided, it doesn't take effect on filter.", + "name": "status", + "in": "query" + }, + { + "type": "string", + "description": "Recipient filters out messages based on recipient.\nIf no value is provided, it doesn't take effect on filter.", + "name": "recipient", + "in": "query" + } + ], + "responses": { + "200": { + "description": "courierMessageList", + "schema": { + "$ref": "#/definitions/courierMessageList" + } + }, + "400": { + "description": "jsonError", + "schema": { + "$ref": "#/definitions/jsonError" + } + }, + "500": { + "description": "jsonError", + "schema": { + "$ref": "#/definitions/jsonError" + } + } + } + } + }, "/admin/identities": { "get": { "security": [ @@ -61,7 +132,7 @@ "tags": [ "v0alpha2" ], - "summary": "# List Identities", + "summary": "List Identities", "operationId": "adminListIdentities", "parameters": [ { @@ -119,7 +190,7 @@ "tags": [ "v0alpha2" ], - "summary": "# Create an Identity", + "summary": "Create an Identity", "operationId": "adminCreateIdentity", "parameters": [ { @@ -179,7 +250,7 @@ "tags": [ "v0alpha2" ], - "summary": "# Get an Identity", + "summary": "Get an Identity", "operationId": "adminGetIdentity", "parameters": [ { @@ -240,7 +311,7 @@ "tags": [ "v0alpha2" ], - "summary": "# Update an Identity", + "summary": "Update an Identity", "operationId": "adminUpdateIdentity", "parameters": [ { @@ -308,7 +379,7 @@ "tags": [ "v0alpha2" ], - "summary": "# Delete an Identity", + "summary": "Delete an Identity", "operationId": "adminDeleteIdentity", "parameters": [ { @@ -565,7 +636,7 @@ "tags": [ "v0alpha2" ], - "summary": "# Create a Recovery Link", + "summary": "Create a Recovery Link", "operationId": "adminCreateSelfServiceRecoveryLink", "parameters": [ { @@ -821,7 +892,7 @@ "tags": [ "v0alpha2" ], - "summary": "# Get Self-Service Errors", + "summary": "Get Self-Service Errors", "operationId": "getSelfServiceError", "parameters": [ { @@ -879,7 +950,7 @@ "tags": [ "v0alpha2" ], - "summary": "# Submit a Login Flow", + "summary": "Submit a Login Flow", "operationId": "submitSelfServiceLoginFlow", "parameters": [ { @@ -1017,7 +1088,7 @@ "tags": [ "v0alpha2" ], - "summary": "# Initialize Login Flow for Browsers", + "summary": "Initialize Login Flow for Browsers", "operationId": "initializeSelfServiceLoginFlowForBrowsers", "parameters": [ { @@ -1083,7 +1154,7 @@ "tags": [ "v0alpha2" ], - "summary": "# Get Login Flow", + "summary": "Get Login Flow", "operationId": "getSelfServiceLoginFlow", "parameters": [ { @@ -1147,7 +1218,7 @@ "tags": [ "v0alpha2" ], - "summary": "# Complete Self-Service Logout", + "summary": "Complete Self-Service Logout", "operationId": "submitSelfServiceLogoutFlow", "parameters": [ { @@ -1239,7 +1310,7 @@ "tags": [ "v0alpha2" ], - "summary": "# Create a Logout URL for Browsers", + "summary": "Create a Logout URL for Browsers", "operationId": "createSelfServiceLogoutFlowUrlForBrowsers", "parameters": [ { @@ -1288,7 +1359,7 @@ "tags": [ "v0alpha2" ], - "summary": "# Complete Recovery Flow", + "summary": "Complete Recovery Flow", "operationId": "submitSelfServiceRecoveryFlow", "parameters": [ { @@ -1394,7 +1465,7 @@ "tags": [ "v0alpha2" ], - "summary": "# Initialize Recovery Flow for Browsers", + "summary": "Initialize Recovery Flow for Browsers", "operationId": "initializeSelfServiceRecoveryFlowForBrowsers", "parameters": [ { @@ -1442,7 +1513,7 @@ "tags": [ "v0alpha2" ], - "summary": "# Get Recovery Flow", + "summary": "Get Recovery Flow", "operationId": "getSelfServiceRecoveryFlow", "parameters": [ { @@ -1504,7 +1575,7 @@ "tags": [ "v0alpha2" ], - "summary": "# Submit a Registration Flow", + "summary": "Submit a Registration Flow", "operationId": "submitSelfServiceRegistrationFlow", "parameters": [ { @@ -1613,7 +1684,7 @@ "tags": [ "v0alpha2" ], - "summary": "# Initialize Registration Flow for Browsers", + "summary": "Initialize Registration Flow for Browsers", "operationId": "initializeSelfServiceRegistrationFlowForBrowsers", "parameters": [ { @@ -1655,7 +1726,7 @@ "tags": [ "v0alpha2" ], - "summary": "# Get Registration Flow", + "summary": "Get Registration Flow", "operationId": "getSelfServiceRegistrationFlow", "parameters": [ { @@ -1728,7 +1799,7 @@ "tags": [ "v0alpha2" ], - "summary": "# Complete Settings Flow", + "summary": "Complete Settings Flow", "operationId": "submitSelfServiceSettingsFlow", "parameters": [ { @@ -1860,7 +1931,7 @@ "tags": [ "v0alpha2" ], - "summary": "# Initialize Settings Flow for Browsers", + "summary": "Initialize Settings Flow for Browsers", "operationId": "initializeSelfServiceSettingsFlowForBrowsers", "parameters": [ { @@ -1926,7 +1997,7 @@ "tags": [ "v0alpha2" ], - "summary": "# Get Settings Flow", + "summary": "Get Settings Flow", "operationId": "getSelfServiceSettingsFlow", "parameters": [ { @@ -2006,7 +2077,7 @@ "tags": [ "v0alpha2" ], - "summary": "# Complete Verification Flow", + "summary": "Complete Verification Flow", "operationId": "submitSelfServiceVerificationFlow", "parameters": [ { @@ -2112,7 +2183,7 @@ "tags": [ "v0alpha2" ], - "summary": "# Initialize Verification Flow for Browser Clients", + "summary": "Initialize Verification Flow for Browser Clients", "operationId": "initializeSelfServiceVerificationFlowForBrowsers", "parameters": [ { @@ -2154,7 +2225,7 @@ "tags": [ "v0alpha2" ], - "summary": "# Get Verification Flow", + "summary": "Get Verification Flow", "operationId": "getSelfServiceVerificationFlow", "parameters": [ { @@ -2349,7 +2420,7 @@ "tags": [ "v0alpha2" ], - "summary": "# Check Who the Current HTTP Session Belongs To", + "summary": "Check Who the Current HTTP Session Belongs To", "operationId": "toSession", "parameters": [ { @@ -2511,6 +2582,9 @@ "type": "string", "title": "RecoveryAddressType must not exceed 16 characters as that is the limitation in the SQL Schema." }, + "TemplateType": { + "type": "string" + }, "UUID": {"type": "string", "format": "uuid4"}, "adminCreateIdentityBody": { "type": "object", @@ -2652,6 +2726,24 @@ "type": "string", "title": "Authenticator Assurance Level (AAL)" }, + "courierMessageList": { + "type": "array", + "title": "A list of messages.", + "items": { + "$ref": "#/definitions/message" + } + }, + "courierMessageStatus": { + "description": "A Message's Status", + "type": "integer", + "format": "int64" + }, + "courierMessageType": { + "description": "It can either be `email` or `phone`", + "type": "integer", + "format": "int64", + "title": "A Message's Type" + }, "errorAuthenticatorAssuranceLevelNotSatisfied": { "type": "object", "title": "ErrAALNotSatisfied is returned when an active session was found but the requested AAL is not satisfied.", @@ -3025,6 +3117,47 @@ "$ref": "#/definitions/jsonPatch" } }, + "message": { + "type": "object", + "properties": { + "body": { + "type": "string" + }, + "created_at": { + "description": "CreatedAt is a helper struct field for gobuffalo.pop.", + "type": "string", + "format": "date-time" + }, + "id": { + "type": "string", + "format": "uuid" + }, + "recipient": { + "type": "string" + }, + "send_count": { + "type": "integer", + "format": "int64" + }, + "status": { + "$ref": "#/definitions/courierMessageStatus" + }, + "subject": { + "type": "string" + }, + "template_type": { + "$ref": "#/definitions/TemplateType" + }, + "type": { + "$ref": "#/definitions/courierMessageType" + }, + "updated_at": { + "description": "UpdatedAt is a helper struct field for gobuffalo.pop.", + "type": "string", + "format": "date-time" + } + } + }, "needsPrivilegedSessionError": { "type": "object", "title": "Is sent when a privileged session is required to perform the settings update.", From 182ed14fcc93875179fa669aa89991d5c0ba4132 Mon Sep 17 00:00:00 2001 From: ory-bot <60093411+ory-bot@users.noreply.github.com> Date: Mon, 12 Sep 2022 12:45:11 +0000 Subject: [PATCH 257/411] autogen(openapi): regenerate swagger spec and internal client [skip ci] --- internal/httpclient/README.md | 54 ++-- internal/httpclient/api/openapi.yaml | 54 ++-- internal/httpclient/api_metadata.go | 26 +- internal/httpclient/api_v0alpha2.go | 375 ++++++++++++------------ internal/httpclient/docs/V0alpha2Api.md | 108 +++---- spec/api.json | 54 ++-- spec/swagger.json | 54 ++-- 7 files changed, 354 insertions(+), 371 deletions(-) diff --git a/internal/httpclient/README.md b/internal/httpclient/README.md index 1ff33d03f07c..f80f5f7f8d7b 100644 --- a/internal/httpclient/README.md +++ b/internal/httpclient/README.md @@ -86,48 +86,48 @@ Class | Method | HTTP request | Description *MetadataApi* | [**GetVersion**](docs/MetadataApi.md#getversion) | **Get** /version | Return Running Software Version. *MetadataApi* | [**IsAlive**](docs/MetadataApi.md#isalive) | **Get** /health/alive | Check HTTP Server Status *MetadataApi* | [**IsReady**](docs/MetadataApi.md#isready) | **Get** /health/ready | Check HTTP Server and Database Status -*V0alpha2Api* | [**AdminCreateIdentity**](docs/V0alpha2Api.md#admincreateidentity) | **Post** /admin/identities | Create an Identity -*V0alpha2Api* | [**AdminCreateSelfServiceRecoveryLink**](docs/V0alpha2Api.md#admincreateselfservicerecoverylink) | **Post** /admin/recovery/link | Create a Recovery Link -*V0alpha2Api* | [**AdminDeleteIdentity**](docs/V0alpha2Api.md#admindeleteidentity) | **Delete** /admin/identities/{id} | Delete an Identity +*V0alpha2Api* | [**AdminCreateIdentity**](docs/V0alpha2Api.md#admincreateidentity) | **Post** /admin/identities | # Create an Identity +*V0alpha2Api* | [**AdminCreateSelfServiceRecoveryLink**](docs/V0alpha2Api.md#admincreateselfservicerecoverylink) | **Post** /admin/recovery/link | # Create a Recovery Link +*V0alpha2Api* | [**AdminDeleteIdentity**](docs/V0alpha2Api.md#admindeleteidentity) | **Delete** /admin/identities/{id} | # Delete an Identity *V0alpha2Api* | [**AdminDeleteIdentitySessions**](docs/V0alpha2Api.md#admindeleteidentitysessions) | **Delete** /admin/identities/{id}/sessions | Calling this endpoint irrecoverably and permanently deletes and invalidates all sessions that belong to the given Identity. *V0alpha2Api* | [**AdminExtendSession**](docs/V0alpha2Api.md#adminextendsession) | **Patch** /admin/sessions/{id}/extend | Calling this endpoint extends the given session ID. If `session.earliest_possible_extend` is set it will only extend the session after the specified time has passed. -*V0alpha2Api* | [**AdminGetIdentity**](docs/V0alpha2Api.md#admingetidentity) | **Get** /admin/identities/{id} | Get an Identity -*V0alpha2Api* | [**AdminListCourierMessages**](docs/V0alpha2Api.md#adminlistcouriermessages) | **Get** /admin/courier/messages | List Messages -*V0alpha2Api* | [**AdminListIdentities**](docs/V0alpha2Api.md#adminlistidentities) | **Get** /admin/identities | List Identities +*V0alpha2Api* | [**AdminGetIdentity**](docs/V0alpha2Api.md#admingetidentity) | **Get** /admin/identities/{id} | # Get an Identity +*V0alpha2Api* | [**AdminListCourierMessages**](docs/V0alpha2Api.md#adminlistcouriermessages) | **Get** /admin/courier/messages | # List Messages +*V0alpha2Api* | [**AdminListIdentities**](docs/V0alpha2Api.md#adminlistidentities) | **Get** /admin/identities | # List Identities *V0alpha2Api* | [**AdminListIdentitySessions**](docs/V0alpha2Api.md#adminlistidentitysessions) | **Get** /admin/identities/{id}/sessions | This endpoint returns all sessions that belong to the given Identity. *V0alpha2Api* | [**AdminPatchIdentity**](docs/V0alpha2Api.md#adminpatchidentity) | **Patch** /admin/identities/{id} | Partially updates an Identity's field using [JSON Patch](https://jsonpatch.com/) -*V0alpha2Api* | [**AdminUpdateIdentity**](docs/V0alpha2Api.md#adminupdateidentity) | **Put** /admin/identities/{id} | Update an Identity -*V0alpha2Api* | [**CreateSelfServiceLogoutFlowUrlForBrowsers**](docs/V0alpha2Api.md#createselfservicelogoutflowurlforbrowsers) | **Get** /self-service/logout/browser | Create a Logout URL for Browsers +*V0alpha2Api* | [**AdminUpdateIdentity**](docs/V0alpha2Api.md#adminupdateidentity) | **Put** /admin/identities/{id} | # Update an Identity +*V0alpha2Api* | [**CreateSelfServiceLogoutFlowUrlForBrowsers**](docs/V0alpha2Api.md#createselfservicelogoutflowurlforbrowsers) | **Get** /self-service/logout/browser | # Create a Logout URL for Browsers *V0alpha2Api* | [**GetIdentitySchema**](docs/V0alpha2Api.md#getidentityschema) | **Get** /schemas/{id} | -*V0alpha2Api* | [**GetSelfServiceError**](docs/V0alpha2Api.md#getselfserviceerror) | **Get** /self-service/errors | Get Self-Service Errors -*V0alpha2Api* | [**GetSelfServiceLoginFlow**](docs/V0alpha2Api.md#getselfserviceloginflow) | **Get** /self-service/login/flows | Get Login Flow -*V0alpha2Api* | [**GetSelfServiceRecoveryFlow**](docs/V0alpha2Api.md#getselfservicerecoveryflow) | **Get** /self-service/recovery/flows | Get Recovery Flow -*V0alpha2Api* | [**GetSelfServiceRegistrationFlow**](docs/V0alpha2Api.md#getselfserviceregistrationflow) | **Get** /self-service/registration/flows | Get Registration Flow -*V0alpha2Api* | [**GetSelfServiceSettingsFlow**](docs/V0alpha2Api.md#getselfservicesettingsflow) | **Get** /self-service/settings/flows | Get Settings Flow -*V0alpha2Api* | [**GetSelfServiceVerificationFlow**](docs/V0alpha2Api.md#getselfserviceverificationflow) | **Get** /self-service/verification/flows | Get Verification Flow -*V0alpha2Api* | [**GetWebAuthnJavaScript**](docs/V0alpha2Api.md#getwebauthnjavascript) | **Get** /.well-known/ory/webauthn.js | Get WebAuthn JavaScript -*V0alpha2Api* | [**InitializeSelfServiceLoginFlowForBrowsers**](docs/V0alpha2Api.md#initializeselfserviceloginflowforbrowsers) | **Get** /self-service/login/browser | Initialize Login Flow for Browsers +*V0alpha2Api* | [**GetSelfServiceError**](docs/V0alpha2Api.md#getselfserviceerror) | **Get** /self-service/errors | # Get Self-Service Errors +*V0alpha2Api* | [**GetSelfServiceLoginFlow**](docs/V0alpha2Api.md#getselfserviceloginflow) | **Get** /self-service/login/flows | # Get Login Flow +*V0alpha2Api* | [**GetSelfServiceRecoveryFlow**](docs/V0alpha2Api.md#getselfservicerecoveryflow) | **Get** /self-service/recovery/flows | # Get Recovery Flow +*V0alpha2Api* | [**GetSelfServiceRegistrationFlow**](docs/V0alpha2Api.md#getselfserviceregistrationflow) | **Get** /self-service/registration/flows | # Get Registration Flow +*V0alpha2Api* | [**GetSelfServiceSettingsFlow**](docs/V0alpha2Api.md#getselfservicesettingsflow) | **Get** /self-service/settings/flows | # Get Settings Flow +*V0alpha2Api* | [**GetSelfServiceVerificationFlow**](docs/V0alpha2Api.md#getselfserviceverificationflow) | **Get** /self-service/verification/flows | # Get Verification Flow +*V0alpha2Api* | [**GetWebAuthnJavaScript**](docs/V0alpha2Api.md#getwebauthnjavascript) | **Get** /.well-known/ory/webauthn.js | # Get WebAuthn JavaScript +*V0alpha2Api* | [**InitializeSelfServiceLoginFlowForBrowsers**](docs/V0alpha2Api.md#initializeselfserviceloginflowforbrowsers) | **Get** /self-service/login/browser | # Initialize Login Flow for Browsers *V0alpha2Api* | [**InitializeSelfServiceLoginFlowWithoutBrowser**](docs/V0alpha2Api.md#initializeselfserviceloginflowwithoutbrowser) | **Get** /self-service/login/api | Initialize Login Flow for APIs, Services, Apps, ... -*V0alpha2Api* | [**InitializeSelfServiceRecoveryFlowForBrowsers**](docs/V0alpha2Api.md#initializeselfservicerecoveryflowforbrowsers) | **Get** /self-service/recovery/browser | Initialize Recovery Flow for Browsers +*V0alpha2Api* | [**InitializeSelfServiceRecoveryFlowForBrowsers**](docs/V0alpha2Api.md#initializeselfservicerecoveryflowforbrowsers) | **Get** /self-service/recovery/browser | # Initialize Recovery Flow for Browsers *V0alpha2Api* | [**InitializeSelfServiceRecoveryFlowWithoutBrowser**](docs/V0alpha2Api.md#initializeselfservicerecoveryflowwithoutbrowser) | **Get** /self-service/recovery/api | Initialize Recovery Flow for APIs, Services, Apps, ... -*V0alpha2Api* | [**InitializeSelfServiceRegistrationFlowForBrowsers**](docs/V0alpha2Api.md#initializeselfserviceregistrationflowforbrowsers) | **Get** /self-service/registration/browser | Initialize Registration Flow for Browsers +*V0alpha2Api* | [**InitializeSelfServiceRegistrationFlowForBrowsers**](docs/V0alpha2Api.md#initializeselfserviceregistrationflowforbrowsers) | **Get** /self-service/registration/browser | # Initialize Registration Flow for Browsers *V0alpha2Api* | [**InitializeSelfServiceRegistrationFlowWithoutBrowser**](docs/V0alpha2Api.md#initializeselfserviceregistrationflowwithoutbrowser) | **Get** /self-service/registration/api | Initialize Registration Flow for APIs, Services, Apps, ... -*V0alpha2Api* | [**InitializeSelfServiceSettingsFlowForBrowsers**](docs/V0alpha2Api.md#initializeselfservicesettingsflowforbrowsers) | **Get** /self-service/settings/browser | Initialize Settings Flow for Browsers +*V0alpha2Api* | [**InitializeSelfServiceSettingsFlowForBrowsers**](docs/V0alpha2Api.md#initializeselfservicesettingsflowforbrowsers) | **Get** /self-service/settings/browser | # Initialize Settings Flow for Browsers *V0alpha2Api* | [**InitializeSelfServiceSettingsFlowWithoutBrowser**](docs/V0alpha2Api.md#initializeselfservicesettingsflowwithoutbrowser) | **Get** /self-service/settings/api | Initialize Settings Flow for APIs, Services, Apps, ... -*V0alpha2Api* | [**InitializeSelfServiceVerificationFlowForBrowsers**](docs/V0alpha2Api.md#initializeselfserviceverificationflowforbrowsers) | **Get** /self-service/verification/browser | Initialize Verification Flow for Browser Clients +*V0alpha2Api* | [**InitializeSelfServiceVerificationFlowForBrowsers**](docs/V0alpha2Api.md#initializeselfserviceverificationflowforbrowsers) | **Get** /self-service/verification/browser | # Initialize Verification Flow for Browser Clients *V0alpha2Api* | [**InitializeSelfServiceVerificationFlowWithoutBrowser**](docs/V0alpha2Api.md#initializeselfserviceverificationflowwithoutbrowser) | **Get** /self-service/verification/api | Initialize Verification Flow for APIs, Services, Apps, ... *V0alpha2Api* | [**ListIdentitySchemas**](docs/V0alpha2Api.md#listidentityschemas) | **Get** /schemas | *V0alpha2Api* | [**ListSessions**](docs/V0alpha2Api.md#listsessions) | **Get** /sessions | This endpoints returns all other active sessions that belong to the logged-in user. The current session can be retrieved by calling the `/sessions/whoami` endpoint. *V0alpha2Api* | [**RevokeSession**](docs/V0alpha2Api.md#revokesession) | **Delete** /sessions/{id} | Calling this endpoint invalidates the specified session. The current session cannot be revoked. Session data are not deleted. *V0alpha2Api* | [**RevokeSessions**](docs/V0alpha2Api.md#revokesessions) | **Delete** /sessions | Calling this endpoint invalidates all except the current session that belong to the logged-in user. Session data are not deleted. -*V0alpha2Api* | [**SubmitSelfServiceLoginFlow**](docs/V0alpha2Api.md#submitselfserviceloginflow) | **Post** /self-service/login | Submit a Login Flow -*V0alpha2Api* | [**SubmitSelfServiceLogoutFlow**](docs/V0alpha2Api.md#submitselfservicelogoutflow) | **Get** /self-service/logout | Complete Self-Service Logout +*V0alpha2Api* | [**SubmitSelfServiceLoginFlow**](docs/V0alpha2Api.md#submitselfserviceloginflow) | **Post** /self-service/login | # Submit a Login Flow +*V0alpha2Api* | [**SubmitSelfServiceLogoutFlow**](docs/V0alpha2Api.md#submitselfservicelogoutflow) | **Get** /self-service/logout | # Complete Self-Service Logout *V0alpha2Api* | [**SubmitSelfServiceLogoutFlowWithoutBrowser**](docs/V0alpha2Api.md#submitselfservicelogoutflowwithoutbrowser) | **Delete** /self-service/logout/api | Perform Logout for APIs, Services, Apps, ... -*V0alpha2Api* | [**SubmitSelfServiceRecoveryFlow**](docs/V0alpha2Api.md#submitselfservicerecoveryflow) | **Post** /self-service/recovery | Complete Recovery Flow -*V0alpha2Api* | [**SubmitSelfServiceRegistrationFlow**](docs/V0alpha2Api.md#submitselfserviceregistrationflow) | **Post** /self-service/registration | Submit a Registration Flow -*V0alpha2Api* | [**SubmitSelfServiceSettingsFlow**](docs/V0alpha2Api.md#submitselfservicesettingsflow) | **Post** /self-service/settings | Complete Settings Flow -*V0alpha2Api* | [**SubmitSelfServiceVerificationFlow**](docs/V0alpha2Api.md#submitselfserviceverificationflow) | **Post** /self-service/verification | Complete Verification Flow -*V0alpha2Api* | [**ToSession**](docs/V0alpha2Api.md#tosession) | **Get** /sessions/whoami | Check Who the Current HTTP Session Belongs To +*V0alpha2Api* | [**SubmitSelfServiceRecoveryFlow**](docs/V0alpha2Api.md#submitselfservicerecoveryflow) | **Post** /self-service/recovery | # Complete Recovery Flow +*V0alpha2Api* | [**SubmitSelfServiceRegistrationFlow**](docs/V0alpha2Api.md#submitselfserviceregistrationflow) | **Post** /self-service/registration | # Submit a Registration Flow +*V0alpha2Api* | [**SubmitSelfServiceSettingsFlow**](docs/V0alpha2Api.md#submitselfservicesettingsflow) | **Post** /self-service/settings | # Complete Settings Flow +*V0alpha2Api* | [**SubmitSelfServiceVerificationFlow**](docs/V0alpha2Api.md#submitselfserviceverificationflow) | **Post** /self-service/verification | # Complete Verification Flow +*V0alpha2Api* | [**ToSession**](docs/V0alpha2Api.md#tosession) | **Get** /sessions/whoami | # Check Who the Current HTTP Session Belongs To ## Documentation For Models diff --git a/internal/httpclient/api/openapi.yaml b/internal/httpclient/api/openapi.yaml index 8a0aac89e787..35f3e26ee2f0 100644 --- a/internal/httpclient/api/openapi.yaml +++ b/internal/httpclient/api/openapi.yaml @@ -34,7 +34,7 @@ paths: schema: $ref: '#/components/schemas/webAuthnJavaScript' description: webAuthnJavaScript - summary: Get WebAuthn JavaScript + summary: '# Get WebAuthn JavaScript' tags: - v0alpha2 /admin/courier/messages: @@ -113,7 +113,7 @@ paths: schema: $ref: '#/components/schemas/jsonError' description: jsonError - summary: List Messages + summary: '# List Messages' tags: - v0alpha2 /admin/identities: @@ -171,7 +171,7 @@ paths: description: jsonError security: - oryAccessToken: [] - summary: List Identities + summary: '# List Identities' tags: - v0alpha2 post: @@ -211,7 +211,7 @@ paths: description: jsonError security: - oryAccessToken: [] - summary: Create an Identity + summary: '# Create an Identity' tags: - v0alpha2 /admin/identities/{id}: @@ -250,7 +250,7 @@ paths: description: jsonError security: - oryAccessToken: [] - summary: Delete an Identity + summary: '# Delete an Identity' tags: - v0alpha2 get: @@ -301,7 +301,7 @@ paths: description: jsonError security: - oryAccessToken: [] - summary: Get an Identity + summary: '# Get an Identity' tags: - v0alpha2 patch: @@ -415,7 +415,7 @@ paths: description: jsonError security: - oryAccessToken: [] - summary: Update an Identity + summary: '# Update an Identity' tags: - v0alpha2 /admin/identities/{id}/sessions: @@ -597,7 +597,7 @@ paths: schema: $ref: '#/components/schemas/jsonError' description: jsonError - summary: Create a Recovery Link + summary: '# Create a Recovery Link' tags: - v0alpha2 /admin/sessions/{id}/extend: @@ -833,7 +833,7 @@ paths: schema: $ref: '#/components/schemas/jsonError' description: jsonError - summary: Get Self-Service Errors + summary: '# Get Self-Service Errors' tags: - v0alpha2 /self-service/login: @@ -950,7 +950,7 @@ paths: schema: $ref: '#/components/schemas/jsonError' description: jsonError - summary: Submit a Login Flow + summary: '# Submit a Login Flow' tags: - v0alpha2 /self-service/login/api: @@ -1128,7 +1128,7 @@ paths: schema: $ref: '#/components/schemas/jsonError' description: jsonError - summary: Initialize Login Flow for Browsers + summary: '# Initialize Login Flow for Browsers' tags: - v0alpha2 /self-service/login/flows: @@ -1214,7 +1214,7 @@ paths: schema: $ref: '#/components/schemas/jsonError' description: jsonError - summary: Get Login Flow + summary: '# Get Login Flow' tags: - v0alpha2 /self-service/logout: @@ -1268,7 +1268,7 @@ paths: schema: $ref: '#/components/schemas/jsonError' description: jsonError - summary: Complete Self-Service Logout + summary: '# Complete Self-Service Logout' tags: - v0alpha2 /self-service/logout/api: @@ -1355,7 +1355,7 @@ paths: schema: $ref: '#/components/schemas/jsonError' description: jsonError - summary: Create a Logout URL for Browsers + summary: '# Create a Logout URL for Browsers' tags: - v0alpha2 /self-service/recovery: @@ -1455,7 +1455,7 @@ paths: schema: $ref: '#/components/schemas/jsonError' description: jsonError - summary: Complete Recovery Flow + summary: '# Complete Recovery Flow' tags: - v0alpha2 /self-service/recovery/api: @@ -1542,7 +1542,7 @@ paths: schema: $ref: '#/components/schemas/jsonError' description: jsonError - summary: Initialize Recovery Flow for Browsers + summary: '# Initialize Recovery Flow for Browsers' tags: - v0alpha2 /self-service/recovery/flows: @@ -1617,7 +1617,7 @@ paths: schema: $ref: '#/components/schemas/jsonError' description: jsonError - summary: Get Recovery Flow + summary: '# Get Recovery Flow' tags: - v0alpha2 /self-service/registration: @@ -1721,7 +1721,7 @@ paths: schema: $ref: '#/components/schemas/jsonError' description: jsonError - summary: Submit a Registration Flow + summary: '# Submit a Registration Flow' tags: - v0alpha2 /self-service/registration/api: @@ -1823,7 +1823,7 @@ paths: schema: $ref: '#/components/schemas/jsonError' description: jsonError - summary: Initialize Registration Flow for Browsers + summary: '# Initialize Registration Flow for Browsers' tags: - v0alpha2 /self-service/registration/flows: @@ -1909,7 +1909,7 @@ paths: schema: $ref: '#/components/schemas/jsonError' description: jsonError - summary: Get Registration Flow + summary: '# Get Registration Flow' tags: - v0alpha2 /self-service/settings: @@ -2050,7 +2050,7 @@ paths: description: jsonError security: - sessionToken: [] - summary: Complete Settings Flow + summary: '# Complete Settings Flow' tags: - v0alpha2 /self-service/settings/api: @@ -2195,7 +2195,7 @@ paths: schema: $ref: '#/components/schemas/jsonError' description: jsonError - summary: Initialize Settings Flow for Browsers + summary: '# Initialize Settings Flow for Browsers' tags: - v0alpha2 /self-service/settings/flows: @@ -2295,7 +2295,7 @@ paths: schema: $ref: '#/components/schemas/jsonError' description: jsonError - summary: Get Settings Flow + summary: '# Get Settings Flow' tags: - v0alpha2 /self-service/verification: @@ -2395,7 +2395,7 @@ paths: schema: $ref: '#/components/schemas/jsonError' description: jsonError - summary: Complete Verification Flow + summary: '# Complete Verification Flow' tags: - v0alpha2 /self-service/verification/api: @@ -2472,7 +2472,7 @@ paths: schema: $ref: '#/components/schemas/jsonError' description: jsonError - summary: Initialize Verification Flow for Browser Clients + summary: '# Initialize Verification Flow for Browser Clients' tags: - v0alpha2 /self-service/verification/flows: @@ -2546,7 +2546,7 @@ paths: schema: $ref: '#/components/schemas/jsonError' description: jsonError - summary: Get Verification Flow + summary: '# Get Verification Flow' tags: - v0alpha2 /sessions: @@ -2815,7 +2815,7 @@ paths: schema: $ref: '#/components/schemas/jsonError' description: jsonError - summary: Check Who the Current HTTP Session Belongs To + summary: '# Check Who the Current HTTP Session Belongs To' tags: - v0alpha2 /sessions/{id}: diff --git a/internal/httpclient/api_metadata.go b/internal/httpclient/api_metadata.go index eec994165b53..a63febb073aa 100644 --- a/internal/httpclient/api_metadata.go +++ b/internal/httpclient/api_metadata.go @@ -102,16 +102,16 @@ func (r MetadataApiApiGetVersionRequest) Execute() (*InlineResponse2001, *http.R } /* - - GetVersion Return Running Software Version. - - This endpoint returns the version of Ory Kratos. + * GetVersion Return Running Software Version. + * This endpoint returns the version of Ory Kratos. If the service supports TLS Edge Termination, this endpoint does not require the `X-Forwarded-Proto` header to be set. Be aware that if you are running multiple nodes of this service, the version will never refer to the cluster state, only to a single instance. - - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - - @return MetadataApiApiGetVersionRequest + * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + * @return MetadataApiApiGetVersionRequest */ func (a *MetadataApiService) GetVersion(ctx context.Context) MetadataApiApiGetVersionRequest { return MetadataApiApiGetVersionRequest{ @@ -209,9 +209,8 @@ func (r MetadataApiApiIsAliveRequest) Execute() (*InlineResponse200, *http.Respo } /* - - IsAlive Check HTTP Server Status - - This endpoint returns a HTTP 200 status code when Ory Kratos is accepting incoming - + * IsAlive Check HTTP Server Status + * This endpoint returns a HTTP 200 status code when Ory Kratos is accepting incoming HTTP requests. This status does currently not include checks whether the database connection is working. If the service supports TLS Edge Termination, this endpoint does not require the @@ -219,8 +218,8 @@ If the service supports TLS Edge Termination, this endpoint does not require the Be aware that if you are running multiple nodes of this service, the health status will never refer to the cluster state, only to a single instance. - - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - - @return MetadataApiApiIsAliveRequest + * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + * @return MetadataApiApiIsAliveRequest */ func (a *MetadataApiService) IsAlive(ctx context.Context) MetadataApiApiIsAliveRequest { return MetadataApiApiIsAliveRequest{ @@ -327,9 +326,8 @@ func (r MetadataApiApiIsReadyRequest) Execute() (*InlineResponse200, *http.Respo } /* - - IsReady Check HTTP Server and Database Status - - This endpoint returns a HTTP 200 status code when Ory Kratos is up running and the environment dependencies (e.g. - + * IsReady Check HTTP Server and Database Status + * This endpoint returns a HTTP 200 status code when Ory Kratos is up running and the environment dependencies (e.g. the database) are responsive as well. If the service supports TLS Edge Termination, this endpoint does not require the @@ -337,8 +335,8 @@ If the service supports TLS Edge Termination, this endpoint does not require the Be aware that if you are running multiple nodes of Ory Kratos, the health status will never refer to the cluster state, only to a single instance. - - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - - @return MetadataApiApiIsReadyRequest + * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + * @return MetadataApiApiIsReadyRequest */ func (a *MetadataApiService) IsReady(ctx context.Context) MetadataApiApiIsReadyRequest { return MetadataApiApiIsReadyRequest{ diff --git a/internal/httpclient/api_v0alpha2.go b/internal/httpclient/api_v0alpha2.go index 1c1dc81a93f1..9a364f251342 100644 --- a/internal/httpclient/api_v0alpha2.go +++ b/internal/httpclient/api_v0alpha2.go @@ -29,7 +29,7 @@ var ( type V0alpha2Api interface { /* - * AdminCreateIdentity Create an Identity + * AdminCreateIdentity # Create an Identity * This endpoint creates an identity. Learn how identities work in [Ory Kratos' User And Identity Model Documentation](https://www.ory.sh/docs/next/kratos/concepts/identity-user-model). * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). * @return V0alpha2ApiApiAdminCreateIdentityRequest @@ -43,7 +43,7 @@ type V0alpha2Api interface { AdminCreateIdentityExecute(r V0alpha2ApiApiAdminCreateIdentityRequest) (*Identity, *http.Response, error) /* - * AdminCreateSelfServiceRecoveryLink Create a Recovery Link + * AdminCreateSelfServiceRecoveryLink # Create a Recovery Link * This endpoint creates a recovery link which should be given to the user in order for them to recover (or activate) their account. * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). @@ -58,7 +58,7 @@ type V0alpha2Api interface { AdminCreateSelfServiceRecoveryLinkExecute(r V0alpha2ApiApiAdminCreateSelfServiceRecoveryLinkRequest) (*SelfServiceRecoveryLink, *http.Response, error) /* - * AdminDeleteIdentity Delete an Identity + * AdminDeleteIdentity # Delete an Identity * Calling this endpoint irrecoverably and permanently deletes the identity given its ID. This action can not be undone. This endpoint returns 204 when the identity was deleted or when the identity was not found, in which case it is assumed that is has been deleted already. @@ -107,7 +107,7 @@ type V0alpha2Api interface { AdminExtendSessionExecute(r V0alpha2ApiApiAdminExtendSessionRequest) (*Session, *http.Response, error) /* - * AdminGetIdentity Get an Identity + * AdminGetIdentity # Get an Identity * Learn how identities work in [Ory Kratos' User And Identity Model Documentation](https://www.ory.sh/docs/next/kratos/concepts/identity-user-model). * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). * @param id ID must be set to the ID of identity you want to get @@ -122,7 +122,7 @@ type V0alpha2Api interface { AdminGetIdentityExecute(r V0alpha2ApiApiAdminGetIdentityRequest) (*Identity, *http.Response, error) /* - * AdminListCourierMessages List Messages + * AdminListCourierMessages # List Messages * Lists all messages by given status and recipient. * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). * @return V0alpha2ApiApiAdminListCourierMessagesRequest @@ -136,7 +136,7 @@ type V0alpha2Api interface { AdminListCourierMessagesExecute(r V0alpha2ApiApiAdminListCourierMessagesRequest) ([]Message, *http.Response, error) /* - * AdminListIdentities List Identities + * AdminListIdentities # List Identities * Lists all identities. Does not support search at the moment. Learn how identities work in [Ory Kratos' User And Identity Model Documentation](https://www.ory.sh/docs/next/kratos/concepts/identity-user-model). @@ -186,7 +186,7 @@ type V0alpha2Api interface { AdminPatchIdentityExecute(r V0alpha2ApiApiAdminPatchIdentityRequest) (*Identity, *http.Response, error) /* - * AdminUpdateIdentity Update an Identity + * AdminUpdateIdentity # Update an Identity * This endpoint updates an identity. The full identity payload (except credentials) is expected. This endpoint does not support patching. Learn how identities work in [Ory Kratos' User And Identity Model Documentation](https://www.ory.sh/docs/next/kratos/concepts/identity-user-model). @@ -203,7 +203,7 @@ type V0alpha2Api interface { AdminUpdateIdentityExecute(r V0alpha2ApiApiAdminUpdateIdentityRequest) (*Identity, *http.Response, error) /* - * CreateSelfServiceLogoutFlowUrlForBrowsers Create a Logout URL for Browsers + * CreateSelfServiceLogoutFlowUrlForBrowsers # Create a Logout URL for Browsers * This endpoint initializes a browser-based user logout flow and a URL which can be used to log out the user. This endpoint is NOT INTENDED for API clients and only works @@ -241,7 +241,7 @@ type V0alpha2Api interface { GetIdentitySchemaExecute(r V0alpha2ApiApiGetIdentitySchemaRequest) (map[string]interface{}, *http.Response, error) /* - * GetSelfServiceError Get Self-Service Errors + * GetSelfServiceError # Get Self-Service Errors * This endpoint returns the error associated with a user-facing self service errors. This endpoint supports stub values to help you implement the error UI: @@ -261,7 +261,7 @@ type V0alpha2Api interface { GetSelfServiceErrorExecute(r V0alpha2ApiApiGetSelfServiceErrorRequest) (*SelfServiceError, *http.Response, error) /* - * GetSelfServiceLoginFlow Get Login Flow + * GetSelfServiceLoginFlow # Get Login Flow * This endpoint returns a login flow's context with, for example, error details and other information. Browser flows expect the anti-CSRF cookie to be included in the request's HTTP Cookie Header. @@ -297,7 +297,7 @@ type V0alpha2Api interface { GetSelfServiceLoginFlowExecute(r V0alpha2ApiApiGetSelfServiceLoginFlowRequest) (*SelfServiceLoginFlow, *http.Response, error) /* - * GetSelfServiceRecoveryFlow Get Recovery Flow + * GetSelfServiceRecoveryFlow # Get Recovery Flow * This endpoint returns a recovery flow's context with, for example, error details and other information. Browser flows expect the anti-CSRF cookie to be included in the request's HTTP Cookie Header. @@ -328,7 +328,7 @@ type V0alpha2Api interface { GetSelfServiceRecoveryFlowExecute(r V0alpha2ApiApiGetSelfServiceRecoveryFlowRequest) (*SelfServiceRecoveryFlow, *http.Response, error) /* - * GetSelfServiceRegistrationFlow Get Registration Flow + * GetSelfServiceRegistrationFlow # Get Registration Flow * This endpoint returns a registration flow's context with, for example, error details and other information. Browser flows expect the anti-CSRF cookie to be included in the request's HTTP Cookie Header. @@ -364,7 +364,7 @@ type V0alpha2Api interface { GetSelfServiceRegistrationFlowExecute(r V0alpha2ApiApiGetSelfServiceRegistrationFlowRequest) (*SelfServiceRegistrationFlow, *http.Response, error) /* - * GetSelfServiceSettingsFlow Get Settings Flow + * GetSelfServiceSettingsFlow # Get Settings Flow * When accessing this endpoint through Ory Kratos' Public API you must ensure that either the Ory Kratos Session Cookie or the Ory Kratos Session Token are set. @@ -396,7 +396,7 @@ type V0alpha2Api interface { GetSelfServiceSettingsFlowExecute(r V0alpha2ApiApiGetSelfServiceSettingsFlowRequest) (*SelfServiceSettingsFlow, *http.Response, error) /* - * GetSelfServiceVerificationFlow Get Verification Flow + * GetSelfServiceVerificationFlow # Get Verification Flow * This endpoint returns a verification flow's context with, for example, error details and other information. Browser flows expect the anti-CSRF cookie to be included in the request's HTTP Cookie Header. @@ -426,7 +426,7 @@ type V0alpha2Api interface { GetSelfServiceVerificationFlowExecute(r V0alpha2ApiApiGetSelfServiceVerificationFlowRequest) (*SelfServiceVerificationFlow, *http.Response, error) /* - * GetWebAuthnJavaScript Get WebAuthn JavaScript + * GetWebAuthnJavaScript # Get WebAuthn JavaScript * This endpoint provides JavaScript which is needed in order to perform WebAuthn login and registration. If you are building a JavaScript Browser App (e.g. in ReactJS or AngularJS) you will need to load this file: @@ -448,7 +448,7 @@ type V0alpha2Api interface { GetWebAuthnJavaScriptExecute(r V0alpha2ApiApiGetWebAuthnJavaScriptRequest) (string, *http.Response, error) /* - * InitializeSelfServiceLoginFlowForBrowsers Initialize Login Flow for Browsers + * InitializeSelfServiceLoginFlowForBrowsers # Initialize Login Flow for Browsers * This endpoint initializes a browser-based user login flow. This endpoint will set the appropriate cookies and anti-CSRF measures required for browser-based flows. @@ -513,7 +513,7 @@ type V0alpha2Api interface { InitializeSelfServiceLoginFlowWithoutBrowserExecute(r V0alpha2ApiApiInitializeSelfServiceLoginFlowWithoutBrowserRequest) (*SelfServiceLoginFlow, *http.Response, error) /* - * InitializeSelfServiceRecoveryFlowForBrowsers Initialize Recovery Flow for Browsers + * InitializeSelfServiceRecoveryFlowForBrowsers # Initialize Recovery Flow for Browsers * This endpoint initializes a browser-based account recovery flow. Once initialized, the browser will be redirected to `selfservice.flows.recovery.ui_url` with the flow ID set as the query parameter `?flow=`. If a valid user session exists, the browser is returned to the configured return URL. @@ -562,7 +562,7 @@ type V0alpha2Api interface { InitializeSelfServiceRecoveryFlowWithoutBrowserExecute(r V0alpha2ApiApiInitializeSelfServiceRecoveryFlowWithoutBrowserRequest) (*SelfServiceRecoveryFlow, *http.Response, error) /* - * InitializeSelfServiceRegistrationFlowForBrowsers Initialize Registration Flow for Browsers + * InitializeSelfServiceRegistrationFlowForBrowsers # Initialize Registration Flow for Browsers * This endpoint initializes a browser-based user registration flow. This endpoint will set the appropriate cookies and anti-CSRF measures required for browser-based flows. @@ -632,7 +632,7 @@ type V0alpha2Api interface { InitializeSelfServiceRegistrationFlowWithoutBrowserExecute(r V0alpha2ApiApiInitializeSelfServiceRegistrationFlowWithoutBrowserRequest) (*SelfServiceRegistrationFlow, *http.Response, error) /* - * InitializeSelfServiceSettingsFlowForBrowsers Initialize Settings Flow for Browsers + * InitializeSelfServiceSettingsFlowForBrowsers # Initialize Settings Flow for Browsers * This endpoint initializes a browser-based user settings flow. Once initialized, the browser will be redirected to `selfservice.flows.settings.ui_url` with the flow ID set as the query parameter `?flow=`. If no valid Ory Kratos Session Cookie is included in the request, a login flow will be initialized. @@ -706,7 +706,7 @@ type V0alpha2Api interface { InitializeSelfServiceSettingsFlowWithoutBrowserExecute(r V0alpha2ApiApiInitializeSelfServiceSettingsFlowWithoutBrowserRequest) (*SelfServiceSettingsFlow, *http.Response, error) /* - * InitializeSelfServiceVerificationFlowForBrowsers Initialize Verification Flow for Browser Clients + * InitializeSelfServiceVerificationFlowForBrowsers # Initialize Verification Flow for Browser Clients * This endpoint initializes a browser-based account verification flow. Once initialized, the browser will be redirected to `selfservice.flows.verification.ui_url` with the flow ID set as the query parameter `?flow=`. @@ -813,7 +813,7 @@ type V0alpha2Api interface { RevokeSessionsExecute(r V0alpha2ApiApiRevokeSessionsRequest) (*RevokedSessions, *http.Response, error) /* - * SubmitSelfServiceLoginFlow Submit a Login Flow + * SubmitSelfServiceLoginFlow # Submit a Login Flow * :::info This endpoint is EXPERIMENTAL and subject to potential breaking changes in the future. @@ -859,7 +859,7 @@ type V0alpha2Api interface { SubmitSelfServiceLoginFlowExecute(r V0alpha2ApiApiSubmitSelfServiceLoginFlowRequest) (*SuccessfulSelfServiceLoginWithoutBrowser, *http.Response, error) /* - * SubmitSelfServiceLogoutFlow Complete Self-Service Logout + * SubmitSelfServiceLogoutFlow # Complete Self-Service Logout * This endpoint logs out an identity in a self-service manner. If the `Accept` HTTP header is not set to `application/json`, the browser will be redirected (HTTP 303 See Other) @@ -904,7 +904,7 @@ type V0alpha2Api interface { SubmitSelfServiceLogoutFlowWithoutBrowserExecute(r V0alpha2ApiApiSubmitSelfServiceLogoutFlowWithoutBrowserRequest) (*http.Response, error) /* - * SubmitSelfServiceRecoveryFlow Complete Recovery Flow + * SubmitSelfServiceRecoveryFlow # Complete Recovery Flow * Use this endpoint to complete a recovery flow. This endpoint behaves differently for API and browser flows and has several states: @@ -933,7 +933,7 @@ type V0alpha2Api interface { SubmitSelfServiceRecoveryFlowExecute(r V0alpha2ApiApiSubmitSelfServiceRecoveryFlowRequest) (*SelfServiceRecoveryFlow, *http.Response, error) /* - * SubmitSelfServiceRegistrationFlow Submit a Registration Flow + * SubmitSelfServiceRegistrationFlow # Submit a Registration Flow * Use this endpoint to complete a registration flow by sending an identity's traits and password. This endpoint behaves differently for API and browser flows. @@ -974,7 +974,7 @@ type V0alpha2Api interface { SubmitSelfServiceRegistrationFlowExecute(r V0alpha2ApiApiSubmitSelfServiceRegistrationFlowRequest) (*SuccessfulSelfServiceRegistrationWithoutBrowser, *http.Response, error) /* - * SubmitSelfServiceSettingsFlow Complete Settings Flow + * SubmitSelfServiceSettingsFlow # Complete Settings Flow * Use this endpoint to complete a settings flow by sending an identity's updated password. This endpoint behaves differently for API and browser flows. @@ -1030,7 +1030,7 @@ type V0alpha2Api interface { SubmitSelfServiceSettingsFlowExecute(r V0alpha2ApiApiSubmitSelfServiceSettingsFlowRequest) (*SelfServiceSettingsFlow, *http.Response, error) /* - * SubmitSelfServiceVerificationFlow Complete Verification Flow + * SubmitSelfServiceVerificationFlow # Complete Verification Flow * Use this endpoint to complete a verification flow. This endpoint behaves differently for API and browser flows and has several states: @@ -1059,7 +1059,7 @@ type V0alpha2Api interface { SubmitSelfServiceVerificationFlowExecute(r V0alpha2ApiApiSubmitSelfServiceVerificationFlowRequest) (*SelfServiceVerificationFlow, *http.Response, error) /* - * ToSession Check Who the Current HTTP Session Belongs To + * ToSession # Check Who the Current HTTP Session Belongs To * Uses the HTTP Headers in the GET request to determine (e.g. by using checking the cookies) who is authenticated. Returns a session object in the body or 401 if the credentials are invalid or no credentials were sent. Additionally when the request it successful it adds the user ID to the 'X-Kratos-Authenticated-Identity-Id' header @@ -1140,7 +1140,7 @@ func (r V0alpha2ApiApiAdminCreateIdentityRequest) Execute() (*Identity, *http.Re } /* - * AdminCreateIdentity Create an Identity + * AdminCreateIdentity # Create an Identity * This endpoint creates an identity. Learn how identities work in [Ory Kratos' User And Identity Model Documentation](https://www.ory.sh/docs/next/kratos/concepts/identity-user-model). * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). * @return V0alpha2ApiApiAdminCreateIdentityRequest @@ -1292,12 +1292,11 @@ func (r V0alpha2ApiApiAdminCreateSelfServiceRecoveryLinkRequest) Execute() (*Sel } /* - - AdminCreateSelfServiceRecoveryLink Create a Recovery Link - - This endpoint creates a recovery link which should be given to the user in order for them to recover - + * AdminCreateSelfServiceRecoveryLink # Create a Recovery Link + * This endpoint creates a recovery link which should be given to the user in order for them to recover (or activate) their account. - - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - - @return V0alpha2ApiApiAdminCreateSelfServiceRecoveryLinkRequest + * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + * @return V0alpha2ApiApiAdminCreateSelfServiceRecoveryLinkRequest */ func (a *V0alpha2ApiService) AdminCreateSelfServiceRecoveryLink(ctx context.Context) V0alpha2ApiApiAdminCreateSelfServiceRecoveryLinkRequest { return V0alpha2ApiApiAdminCreateSelfServiceRecoveryLinkRequest{ @@ -1427,16 +1426,15 @@ func (r V0alpha2ApiApiAdminDeleteIdentityRequest) Execute() (*http.Response, err } /* - - AdminDeleteIdentity Delete an Identity - - Calling this endpoint irrecoverably and permanently deletes the identity given its ID. This action can not be undone. - + * AdminDeleteIdentity # Delete an Identity + * Calling this endpoint irrecoverably and permanently deletes the identity given its ID. This action can not be undone. This endpoint returns 204 when the identity was deleted or when the identity was not found, in which case it is assumed that is has been deleted already. Learn how identities work in [Ory Kratos' User And Identity Model Documentation](https://www.ory.sh/docs/next/kratos/concepts/identity-user-model). - - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - - @param id ID is the identity's ID. - - @return V0alpha2ApiApiAdminDeleteIdentityRequest + * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + * @param id ID is the identity's ID. + * @return V0alpha2ApiApiAdminDeleteIdentityRequest */ func (a *V0alpha2ApiService) AdminDeleteIdentity(ctx context.Context, id string) V0alpha2ApiApiAdminDeleteIdentityRequest { return V0alpha2ApiApiAdminDeleteIdentityRequest{ @@ -1559,13 +1557,13 @@ func (r V0alpha2ApiApiAdminDeleteIdentitySessionsRequest) Execute() (*http.Respo } /* - - AdminDeleteIdentitySessions Calling this endpoint irrecoverably and permanently deletes and invalidates all sessions that belong to the given Identity. - - This endpoint is useful for: + * AdminDeleteIdentitySessions Calling this endpoint irrecoverably and permanently deletes and invalidates all sessions that belong to the given Identity. + * This endpoint is useful for: To forcefully logout Identity from all devices and sessions - - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - - @param id ID is the identity's ID. - - @return V0alpha2ApiApiAdminDeleteIdentitySessionsRequest + * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + * @param id ID is the identity's ID. + * @return V0alpha2ApiApiAdminDeleteIdentitySessionsRequest */ func (a *V0alpha2ApiService) AdminDeleteIdentitySessions(ctx context.Context, id string) V0alpha2ApiApiAdminDeleteIdentitySessionsRequest { return V0alpha2ApiApiAdminDeleteIdentitySessionsRequest{ @@ -1862,7 +1860,7 @@ func (r V0alpha2ApiApiAdminGetIdentityRequest) Execute() (*Identity, *http.Respo } /* - * AdminGetIdentity Get an Identity + * AdminGetIdentity # Get an Identity * Learn how identities work in [Ory Kratos' User And Identity Model Documentation](https://www.ory.sh/docs/next/kratos/concepts/identity-user-model). * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). * @param id ID must be set to the ID of identity you want to get @@ -2031,7 +2029,7 @@ func (r V0alpha2ApiApiAdminListCourierMessagesRequest) Execute() ([]Message, *ht } /* - * AdminListCourierMessages List Messages + * AdminListCourierMessages # List Messages * Lists all messages by given status and recipient. * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). * @return V0alpha2ApiApiAdminListCourierMessagesRequest @@ -2174,12 +2172,12 @@ func (r V0alpha2ApiApiAdminListIdentitiesRequest) Execute() ([]Identity, *http.R } /* - - AdminListIdentities List Identities - - Lists all identities. Does not support search at the moment. + * AdminListIdentities # List Identities + * Lists all identities. Does not support search at the moment. Learn how identities work in [Ory Kratos' User And Identity Model Documentation](https://www.ory.sh/docs/next/kratos/concepts/identity-user-model). - - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - - @return V0alpha2ApiApiAdminListIdentitiesRequest + * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + * @return V0alpha2ApiApiAdminListIdentitiesRequest */ func (a *V0alpha2ApiService) AdminListIdentities(ctx context.Context) V0alpha2ApiApiAdminListIdentitiesRequest { return V0alpha2ApiApiAdminListIdentitiesRequest{ @@ -2323,13 +2321,13 @@ func (r V0alpha2ApiApiAdminListIdentitySessionsRequest) Execute() ([]Session, *h } /* - - AdminListIdentitySessions This endpoint returns all sessions that belong to the given Identity. - - This endpoint is useful for: + * AdminListIdentitySessions This endpoint returns all sessions that belong to the given Identity. + * This endpoint is useful for: Listing all sessions that belong to an Identity in an administrative context. - - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - - @param id ID is the identity's ID. - - @return V0alpha2ApiApiAdminListIdentitySessionsRequest + * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + * @param id ID is the identity's ID. + * @return V0alpha2ApiApiAdminListIdentitySessionsRequest */ func (a *V0alpha2ApiService) AdminListIdentitySessions(ctx context.Context, id string) V0alpha2ApiApiAdminListIdentitySessionsRequest { return V0alpha2ApiApiAdminListIdentitySessionsRequest{ @@ -2498,13 +2496,13 @@ func (r V0alpha2ApiApiAdminPatchIdentityRequest) Execute() (*Identity, *http.Res } /* - - AdminPatchIdentity Partially updates an Identity's field using [JSON Patch](https://jsonpatch.com/) - - NOTE: The fields `id`, `stateChangedAt` and `credentials` are not updateable. + * AdminPatchIdentity Partially updates an Identity's field using [JSON Patch](https://jsonpatch.com/) + * NOTE: The fields `id`, `stateChangedAt` and `credentials` are not updateable. Learn how identities work in [Ory Kratos' User And Identity Model Documentation](https://www.ory.sh/docs/next/kratos/concepts/identity-user-model). - - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - - @param id ID must be set to the ID of identity you want to update - - @return V0alpha2ApiApiAdminPatchIdentityRequest + * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + * @param id ID must be set to the ID of identity you want to update + * @return V0alpha2ApiApiAdminPatchIdentityRequest */ func (a *V0alpha2ApiService) AdminPatchIdentity(ctx context.Context, id string) V0alpha2ApiApiAdminPatchIdentityRequest { return V0alpha2ApiApiAdminPatchIdentityRequest{ @@ -2666,13 +2664,13 @@ func (r V0alpha2ApiApiAdminUpdateIdentityRequest) Execute() (*Identity, *http.Re } /* - - AdminUpdateIdentity Update an Identity - - This endpoint updates an identity. The full identity payload (except credentials) is expected. This endpoint does not support patching. + * AdminUpdateIdentity # Update an Identity + * This endpoint updates an identity. The full identity payload (except credentials) is expected. This endpoint does not support patching. Learn how identities work in [Ory Kratos' User And Identity Model Documentation](https://www.ory.sh/docs/next/kratos/concepts/identity-user-model). - - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - - @param id ID must be set to the ID of identity you want to update - - @return V0alpha2ApiApiAdminUpdateIdentityRequest + * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + * @param id ID must be set to the ID of identity you want to update + * @return V0alpha2ApiApiAdminUpdateIdentityRequest */ func (a *V0alpha2ApiService) AdminUpdateIdentity(ctx context.Context, id string) V0alpha2ApiApiAdminUpdateIdentityRequest { return V0alpha2ApiApiAdminUpdateIdentityRequest{ @@ -2833,8 +2831,8 @@ func (r V0alpha2ApiApiCreateSelfServiceLogoutFlowUrlForBrowsersRequest) Execute( } /* - - CreateSelfServiceLogoutFlowUrlForBrowsers Create a Logout URL for Browsers - - This endpoint initializes a browser-based user logout flow and a URL which can be used to log out the user. + * CreateSelfServiceLogoutFlowUrlForBrowsers # Create a Logout URL for Browsers + * This endpoint initializes a browser-based user logout flow and a URL which can be used to log out the user. This endpoint is NOT INTENDED for API clients and only works with browsers (Chrome, Firefox, ...). For API clients you can @@ -2844,8 +2842,8 @@ The URL is only valid for the currently signed in user. If no user is signed in, a 401 error. When calling this endpoint from a backend, please ensure to properly forward the HTTP cookies. - - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - - @return V0alpha2ApiApiCreateSelfServiceLogoutFlowUrlForBrowsersRequest + * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + * @return V0alpha2ApiApiCreateSelfServiceLogoutFlowUrlForBrowsersRequest */ func (a *V0alpha2ApiService) CreateSelfServiceLogoutFlowUrlForBrowsers(ctx context.Context) V0alpha2ApiApiCreateSelfServiceLogoutFlowUrlForBrowsersRequest { return V0alpha2ApiApiCreateSelfServiceLogoutFlowUrlForBrowsersRequest{ @@ -3095,16 +3093,16 @@ func (r V0alpha2ApiApiGetSelfServiceErrorRequest) Execute() (*SelfServiceError, } /* - - GetSelfServiceError Get Self-Service Errors - - This endpoint returns the error associated with a user-facing self service errors. + * GetSelfServiceError # Get Self-Service Errors + * This endpoint returns the error associated with a user-facing self service errors. This endpoint supports stub values to help you implement the error UI: `?id=stub:500` - returns a stub 500 (Internal Server Error) error. More information can be found at [Ory Kratos User User Facing Error Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-facing-errors). - - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - - @return V0alpha2ApiApiGetSelfServiceErrorRequest + * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + * @return V0alpha2ApiApiGetSelfServiceErrorRequest */ func (a *V0alpha2ApiService) GetSelfServiceError(ctx context.Context) V0alpha2ApiApiGetSelfServiceErrorRequest { return V0alpha2ApiApiGetSelfServiceErrorRequest{ @@ -3246,8 +3244,8 @@ func (r V0alpha2ApiApiGetSelfServiceLoginFlowRequest) Execute() (*SelfServiceLog } /* - - GetSelfServiceLoginFlow Get Login Flow - - This endpoint returns a login flow's context with, for example, error details and other information. + * GetSelfServiceLoginFlow # Get Login Flow + * This endpoint returns a login flow's context with, for example, error details and other information. Browser flows expect the anti-CSRF cookie to be included in the request's HTTP Cookie Header. For AJAX requests you must ensure that cookies are included in the request or requests will fail. @@ -3270,8 +3268,8 @@ This request may fail due to several reasons. The `error.id` can be one of: `self_service_flow_expired`: The flow is expired and you should request a new one. More information can be found at [Ory Kratos User Login](https://www.ory.sh/docs/kratos/self-service/flows/user-login) and [User Registration Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-registration). - - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - - @return V0alpha2ApiApiGetSelfServiceLoginFlowRequest + * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + * @return V0alpha2ApiApiGetSelfServiceLoginFlowRequest */ func (a *V0alpha2ApiService) GetSelfServiceLoginFlow(ctx context.Context) V0alpha2ApiApiGetSelfServiceLoginFlowRequest { return V0alpha2ApiApiGetSelfServiceLoginFlowRequest{ @@ -3426,8 +3424,8 @@ func (r V0alpha2ApiApiGetSelfServiceRecoveryFlowRequest) Execute() (*SelfService } /* - - GetSelfServiceRecoveryFlow Get Recovery Flow - - This endpoint returns a recovery flow's context with, for example, error details and other information. + * GetSelfServiceRecoveryFlow # Get Recovery Flow + * This endpoint returns a recovery flow's context with, for example, error details and other information. Browser flows expect the anti-CSRF cookie to be included in the request's HTTP Cookie Header. For AJAX requests you must ensure that cookies are included in the request or requests will fail. @@ -3445,8 +3443,8 @@ res.render('recovery', flow) ``` More information can be found at [Ory Kratos Account Recovery Documentation](../self-service/flows/account-recovery). - - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - - @return V0alpha2ApiApiGetSelfServiceRecoveryFlowRequest + * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + * @return V0alpha2ApiApiGetSelfServiceRecoveryFlowRequest */ func (a *V0alpha2ApiService) GetSelfServiceRecoveryFlow(ctx context.Context) V0alpha2ApiApiGetSelfServiceRecoveryFlowRequest { return V0alpha2ApiApiGetSelfServiceRecoveryFlowRequest{ @@ -3591,8 +3589,8 @@ func (r V0alpha2ApiApiGetSelfServiceRegistrationFlowRequest) Execute() (*SelfSer } /* - - GetSelfServiceRegistrationFlow Get Registration Flow - - This endpoint returns a registration flow's context with, for example, error details and other information. + * GetSelfServiceRegistrationFlow # Get Registration Flow + * This endpoint returns a registration flow's context with, for example, error details and other information. Browser flows expect the anti-CSRF cookie to be included in the request's HTTP Cookie Header. For AJAX requests you must ensure that cookies are included in the request or requests will fail. @@ -3615,8 +3613,8 @@ This request may fail due to several reasons. The `error.id` can be one of: `self_service_flow_expired`: The flow is expired and you should request a new one. More information can be found at [Ory Kratos User Login](https://www.ory.sh/docs/kratos/self-service/flows/user-login) and [User Registration Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-registration). - - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - - @return V0alpha2ApiApiGetSelfServiceRegistrationFlowRequest + * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + * @return V0alpha2ApiApiGetSelfServiceRegistrationFlowRequest */ func (a *V0alpha2ApiService) GetSelfServiceRegistrationFlow(ctx context.Context) V0alpha2ApiApiGetSelfServiceRegistrationFlowRequest { return V0alpha2ApiApiGetSelfServiceRegistrationFlowRequest{ @@ -3776,9 +3774,8 @@ func (r V0alpha2ApiApiGetSelfServiceSettingsFlowRequest) Execute() (*SelfService } /* - - GetSelfServiceSettingsFlow Get Settings Flow - - When accessing this endpoint through Ory Kratos' Public API you must ensure that either the Ory Kratos Session Cookie - + * GetSelfServiceSettingsFlow # Get Settings Flow + * When accessing this endpoint through Ory Kratos' Public API you must ensure that either the Ory Kratos Session Cookie or the Ory Kratos Session Token are set. Depending on your configuration this endpoint might return a 403 error if the session has a lower Authenticator @@ -3797,8 +3794,8 @@ case of an error, the `error.id` of the JSON response body can be one of: identity logged in instead. More information can be found at [Ory Kratos User Settings & Profile Management Documentation](../self-service/flows/user-settings). - - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - - @return V0alpha2ApiApiGetSelfServiceSettingsFlowRequest + * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + * @return V0alpha2ApiApiGetSelfServiceSettingsFlowRequest */ func (a *V0alpha2ApiService) GetSelfServiceSettingsFlow(ctx context.Context) V0alpha2ApiApiGetSelfServiceSettingsFlowRequest { return V0alpha2ApiApiGetSelfServiceSettingsFlowRequest{ @@ -3966,8 +3963,8 @@ func (r V0alpha2ApiApiGetSelfServiceVerificationFlowRequest) Execute() (*SelfSer } /* - - GetSelfServiceVerificationFlow Get Verification Flow - - This endpoint returns a verification flow's context with, for example, error details and other information. + * GetSelfServiceVerificationFlow # Get Verification Flow + * This endpoint returns a verification flow's context with, for example, error details and other information. Browser flows expect the anti-CSRF cookie to be included in the request's HTTP Cookie Header. For AJAX requests you must ensure that cookies are included in the request or requests will fail. @@ -3984,8 +3981,8 @@ res.render('verification', flow) }) More information can be found at [Ory Kratos Email and Phone Verification Documentation](https://www.ory.sh/docs/kratos/selfservice/flows/verify-email-account-activation). - - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - - @return V0alpha2ApiApiGetSelfServiceVerificationFlowRequest + * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + * @return V0alpha2ApiApiGetSelfServiceVerificationFlowRequest */ func (a *V0alpha2ApiService) GetSelfServiceVerificationFlow(ctx context.Context) V0alpha2ApiApiGetSelfServiceVerificationFlowRequest { return V0alpha2ApiApiGetSelfServiceVerificationFlowRequest{ @@ -4119,8 +4116,8 @@ func (r V0alpha2ApiApiGetWebAuthnJavaScriptRequest) Execute() (string, *http.Res } /* - - GetWebAuthnJavaScript Get WebAuthn JavaScript - - This endpoint provides JavaScript which is needed in order to perform WebAuthn login and registration. + * GetWebAuthnJavaScript # Get WebAuthn JavaScript + * This endpoint provides JavaScript which is needed in order to perform WebAuthn login and registration. If you are building a JavaScript Browser App (e.g. in ReactJS or AngularJS) you will need to load this file: @@ -4129,8 +4126,8 @@ If you are building a JavaScript Browser App (e.g. in ReactJS or AngularJS) you ``` More information can be found at [Ory Kratos User Login](https://www.ory.sh/docs/kratos/self-service/flows/user-login) and [User Registration Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-registration). - - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - - @return V0alpha2ApiApiGetWebAuthnJavaScriptRequest + * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + * @return V0alpha2ApiApiGetWebAuthnJavaScriptRequest */ func (a *V0alpha2ApiService) GetWebAuthnJavaScript(ctx context.Context) V0alpha2ApiApiGetWebAuthnJavaScriptRequest { return V0alpha2ApiApiGetWebAuthnJavaScriptRequest{ @@ -4249,9 +4246,8 @@ func (r V0alpha2ApiApiInitializeSelfServiceLoginFlowForBrowsersRequest) Execute( } /* - - InitializeSelfServiceLoginFlowForBrowsers Initialize Login Flow for Browsers - - This endpoint initializes a browser-based user login flow. This endpoint will set the appropriate - + * InitializeSelfServiceLoginFlowForBrowsers # Initialize Login Flow for Browsers + * This endpoint initializes a browser-based user login flow. This endpoint will set the appropriate cookies and anti-CSRF measures required for browser-based flows. If this endpoint is opened as a link in the browser, it will be redirected to @@ -4270,8 +4266,8 @@ case of an error, the `error.id` of the JSON response body can be one of: This endpoint is NOT INTENDED for clients that do not have a browser (Chrome, Firefox, ...) as cookies are needed. More information can be found at [Ory Kratos User Login](https://www.ory.sh/docs/kratos/self-service/flows/user-login) and [User Registration Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-registration). - - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - - @return V0alpha2ApiApiInitializeSelfServiceLoginFlowForBrowsersRequest + * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + * @return V0alpha2ApiApiInitializeSelfServiceLoginFlowForBrowsersRequest */ func (a *V0alpha2ApiService) InitializeSelfServiceLoginFlowForBrowsers(ctx context.Context) V0alpha2ApiApiInitializeSelfServiceLoginFlowForBrowsersRequest { return V0alpha2ApiApiInitializeSelfServiceLoginFlowForBrowsersRequest{ @@ -4416,8 +4412,8 @@ func (r V0alpha2ApiApiInitializeSelfServiceLoginFlowWithoutBrowserRequest) Execu } /* - - InitializeSelfServiceLoginFlowWithoutBrowser Initialize Login Flow for APIs, Services, Apps, ... - - This endpoint initiates a login flow for API clients that do not use a browser, such as mobile devices, smart TVs, and so on. + * InitializeSelfServiceLoginFlowWithoutBrowser Initialize Login Flow for APIs, Services, Apps, ... + * This endpoint initiates a login flow for API clients that do not use a browser, such as mobile devices, smart TVs, and so on. If a valid provided session cookie or session token is provided, a 400 Bad Request error will be returned unless the URL query parameter `?refresh=true` is set. @@ -4437,8 +4433,8 @@ In the case of an error, the `error.id` of the JSON response body can be one of: This endpoint MUST ONLY be used in scenarios such as native mobile apps (React Native, Objective C, Swift, Java, ...). More information can be found at [Ory Kratos User Login](https://www.ory.sh/docs/kratos/self-service/flows/user-login) and [User Registration Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-registration). - - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - - @return V0alpha2ApiApiInitializeSelfServiceLoginFlowWithoutBrowserRequest + * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + * @return V0alpha2ApiApiInitializeSelfServiceLoginFlowWithoutBrowserRequest */ func (a *V0alpha2ApiService) InitializeSelfServiceLoginFlowWithoutBrowser(ctx context.Context) V0alpha2ApiApiInitializeSelfServiceLoginFlowWithoutBrowserRequest { return V0alpha2ApiApiInitializeSelfServiceLoginFlowWithoutBrowserRequest{ @@ -4570,9 +4566,8 @@ func (r V0alpha2ApiApiInitializeSelfServiceRecoveryFlowForBrowsersRequest) Execu } /* - - InitializeSelfServiceRecoveryFlowForBrowsers Initialize Recovery Flow for Browsers - - This endpoint initializes a browser-based account recovery flow. Once initialized, the browser will be redirected to - + * InitializeSelfServiceRecoveryFlowForBrowsers # Initialize Recovery Flow for Browsers + * This endpoint initializes a browser-based account recovery flow. Once initialized, the browser will be redirected to `selfservice.flows.recovery.ui_url` with the flow ID set as the query parameter `?flow=`. If a valid user session exists, the browser is returned to the configured return URL. @@ -4582,8 +4577,8 @@ or a 400 bad request error if the user is already authenticated. This endpoint is NOT INTENDED for clients that do not have a browser (Chrome, Firefox, ...) as cookies are needed. More information can be found at [Ory Kratos Account Recovery Documentation](../self-service/flows/account-recovery). - - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - - @return V0alpha2ApiApiInitializeSelfServiceRecoveryFlowForBrowsersRequest + * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + * @return V0alpha2ApiApiInitializeSelfServiceRecoveryFlowForBrowsersRequest */ func (a *V0alpha2ApiService) InitializeSelfServiceRecoveryFlowForBrowsers(ctx context.Context) V0alpha2ApiApiInitializeSelfServiceRecoveryFlowForBrowsersRequest { return V0alpha2ApiApiInitializeSelfServiceRecoveryFlowForBrowsersRequest{ @@ -4703,8 +4698,8 @@ func (r V0alpha2ApiApiInitializeSelfServiceRecoveryFlowWithoutBrowserRequest) Ex } /* - - InitializeSelfServiceRecoveryFlowWithoutBrowser Initialize Recovery Flow for APIs, Services, Apps, ... - - This endpoint initiates a recovery flow for API clients such as mobile devices, smart TVs, and so on. + * InitializeSelfServiceRecoveryFlowWithoutBrowser Initialize Recovery Flow for APIs, Services, Apps, ... + * This endpoint initiates a recovery flow for API clients such as mobile devices, smart TVs, and so on. If a valid provided session cookie or session token is provided, a 400 Bad Request error. @@ -4717,8 +4712,8 @@ you vulnerable to a variety of CSRF attacks. This endpoint MUST ONLY be used in scenarios such as native mobile apps (React Native, Objective C, Swift, Java, ...). More information can be found at [Ory Kratos Account Recovery Documentation](../self-service/flows/account-recovery). - - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - - @return V0alpha2ApiApiInitializeSelfServiceRecoveryFlowWithoutBrowserRequest + * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + * @return V0alpha2ApiApiInitializeSelfServiceRecoveryFlowWithoutBrowserRequest */ func (a *V0alpha2ApiService) InitializeSelfServiceRecoveryFlowWithoutBrowser(ctx context.Context) V0alpha2ApiApiInitializeSelfServiceRecoveryFlowWithoutBrowserRequest { return V0alpha2ApiApiInitializeSelfServiceRecoveryFlowWithoutBrowserRequest{ @@ -4841,9 +4836,8 @@ func (r V0alpha2ApiApiInitializeSelfServiceRegistrationFlowForBrowsersRequest) E } /* - - InitializeSelfServiceRegistrationFlowForBrowsers Initialize Registration Flow for Browsers - - This endpoint initializes a browser-based user registration flow. This endpoint will set the appropriate - + * InitializeSelfServiceRegistrationFlowForBrowsers # Initialize Registration Flow for Browsers + * This endpoint initializes a browser-based user registration flow. This endpoint will set the appropriate cookies and anti-CSRF measures required for browser-based flows. :::info @@ -4868,8 +4862,8 @@ If this endpoint is called via an AJAX request, the response contains the regist This endpoint is NOT INTENDED for clients that do not have a browser (Chrome, Firefox, ...) as cookies are needed. More information can be found at [Ory Kratos User Login](https://www.ory.sh/docs/kratos/self-service/flows/user-login) and [User Registration Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-registration). - - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - - @return V0alpha2ApiApiInitializeSelfServiceRegistrationFlowForBrowsersRequest + * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + * @return V0alpha2ApiApiInitializeSelfServiceRegistrationFlowForBrowsersRequest */ func (a *V0alpha2ApiService) InitializeSelfServiceRegistrationFlowForBrowsers(ctx context.Context) V0alpha2ApiApiInitializeSelfServiceRegistrationFlowForBrowsersRequest { return V0alpha2ApiApiInitializeSelfServiceRegistrationFlowForBrowsersRequest{ @@ -4979,8 +4973,8 @@ func (r V0alpha2ApiApiInitializeSelfServiceRegistrationFlowWithoutBrowserRequest } /* - - InitializeSelfServiceRegistrationFlowWithoutBrowser Initialize Registration Flow for APIs, Services, Apps, ... - - This endpoint initiates a registration flow for API clients such as mobile devices, smart TVs, and so on. + * InitializeSelfServiceRegistrationFlowWithoutBrowser Initialize Registration Flow for APIs, Services, Apps, ... + * This endpoint initiates a registration flow for API clients such as mobile devices, smart TVs, and so on. If a valid provided session cookie or session token is provided, a 400 Bad Request error will be returned unless the URL query parameter `?refresh=true` is set. @@ -4999,8 +4993,8 @@ In the case of an error, the `error.id` of the JSON response body can be one of: This endpoint MUST ONLY be used in scenarios such as native mobile apps (React Native, Objective C, Swift, Java, ...). More information can be found at [Ory Kratos User Login](https://www.ory.sh/docs/kratos/self-service/flows/user-login) and [User Registration Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-registration). - - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - - @return V0alpha2ApiApiInitializeSelfServiceRegistrationFlowWithoutBrowserRequest + * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + * @return V0alpha2ApiApiInitializeSelfServiceRegistrationFlowWithoutBrowserRequest */ func (a *V0alpha2ApiService) InitializeSelfServiceRegistrationFlowWithoutBrowser(ctx context.Context) V0alpha2ApiApiInitializeSelfServiceRegistrationFlowWithoutBrowserRequest { return V0alpha2ApiApiInitializeSelfServiceRegistrationFlowWithoutBrowserRequest{ @@ -5128,9 +5122,8 @@ func (r V0alpha2ApiApiInitializeSelfServiceSettingsFlowForBrowsersRequest) Execu } /* - - InitializeSelfServiceSettingsFlowForBrowsers Initialize Settings Flow for Browsers - - This endpoint initializes a browser-based user settings flow. Once initialized, the browser will be redirected to - + * InitializeSelfServiceSettingsFlowForBrowsers # Initialize Settings Flow for Browsers + * This endpoint initializes a browser-based user settings flow. Once initialized, the browser will be redirected to `selfservice.flows.settings.ui_url` with the flow ID set as the query parameter `?flow=`. If no valid Ory Kratos Session Cookie is included in the request, a login flow will be initialized. @@ -5156,8 +5149,8 @@ case of an error, the `error.id` of the JSON response body can be one of: This endpoint is NOT INTENDED for clients that do not have a browser (Chrome, Firefox, ...) as cookies are needed. More information can be found at [Ory Kratos User Settings & Profile Management Documentation](../self-service/flows/user-settings). - - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - - @return V0alpha2ApiApiInitializeSelfServiceSettingsFlowForBrowsersRequest + * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + * @return V0alpha2ApiApiInitializeSelfServiceSettingsFlowForBrowsersRequest */ func (a *V0alpha2ApiService) InitializeSelfServiceSettingsFlowForBrowsers(ctx context.Context) V0alpha2ApiApiInitializeSelfServiceSettingsFlowForBrowsersRequest { return V0alpha2ApiApiInitializeSelfServiceSettingsFlowForBrowsersRequest{ @@ -5306,9 +5299,8 @@ func (r V0alpha2ApiApiInitializeSelfServiceSettingsFlowWithoutBrowserRequest) Ex } /* - - InitializeSelfServiceSettingsFlowWithoutBrowser Initialize Settings Flow for APIs, Services, Apps, ... - - This endpoint initiates a settings flow for API clients such as mobile devices, smart TVs, and so on. - + * InitializeSelfServiceSettingsFlowWithoutBrowser Initialize Settings Flow for APIs, Services, Apps, ... + * This endpoint initiates a settings flow for API clients such as mobile devices, smart TVs, and so on. You must provide a valid Ory Kratos Session Token for this endpoint to respond with HTTP 200 OK. To fetch an existing settings flow call `/self-service/settings/flows?flow=`. @@ -5330,8 +5322,8 @@ In the case of an error, the `error.id` of the JSON response body can be one of: This endpoint MUST ONLY be used in scenarios such as native mobile apps (React Native, Objective C, Swift, Java, ...). More information can be found at [Ory Kratos User Settings & Profile Management Documentation](../self-service/flows/user-settings). - - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - - @return V0alpha2ApiApiInitializeSelfServiceSettingsFlowWithoutBrowserRequest + * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + * @return V0alpha2ApiApiInitializeSelfServiceSettingsFlowWithoutBrowserRequest */ func (a *V0alpha2ApiService) InitializeSelfServiceSettingsFlowWithoutBrowser(ctx context.Context) V0alpha2ApiApiInitializeSelfServiceSettingsFlowWithoutBrowserRequest { return V0alpha2ApiApiInitializeSelfServiceSettingsFlowWithoutBrowserRequest{ @@ -5457,9 +5449,8 @@ func (r V0alpha2ApiApiInitializeSelfServiceVerificationFlowForBrowsersRequest) E } /* - - InitializeSelfServiceVerificationFlowForBrowsers Initialize Verification Flow for Browser Clients - - This endpoint initializes a browser-based account verification flow. Once initialized, the browser will be redirected to - + * InitializeSelfServiceVerificationFlowForBrowsers # Initialize Verification Flow for Browser Clients + * This endpoint initializes a browser-based account verification flow. Once initialized, the browser will be redirected to `selfservice.flows.verification.ui_url` with the flow ID set as the query parameter `?flow=`. If this endpoint is called via an AJAX request, the response contains the recovery flow without any redirects. @@ -5467,8 +5458,8 @@ If this endpoint is called via an AJAX request, the response contains the recove This endpoint is NOT INTENDED for API clients and only works with browsers (Chrome, Firefox, ...). More information can be found at [Ory Kratos Email and Phone Verification Documentation](https://www.ory.sh/docs/kratos/selfservice/flows/verify-email-account-activation). - - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - - @return V0alpha2ApiApiInitializeSelfServiceVerificationFlowForBrowsersRequest + * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + * @return V0alpha2ApiApiInitializeSelfServiceVerificationFlowForBrowsersRequest */ func (a *V0alpha2ApiService) InitializeSelfServiceVerificationFlowForBrowsers(ctx context.Context) V0alpha2ApiApiInitializeSelfServiceVerificationFlowForBrowsersRequest { return V0alpha2ApiApiInitializeSelfServiceVerificationFlowForBrowsersRequest{ @@ -5578,8 +5569,8 @@ func (r V0alpha2ApiApiInitializeSelfServiceVerificationFlowWithoutBrowserRequest } /* - - InitializeSelfServiceVerificationFlowWithoutBrowser Initialize Verification Flow for APIs, Services, Apps, ... - - This endpoint initiates a verification flow for API clients such as mobile devices, smart TVs, and so on. + * InitializeSelfServiceVerificationFlowWithoutBrowser Initialize Verification Flow for APIs, Services, Apps, ... + * This endpoint initiates a verification flow for API clients such as mobile devices, smart TVs, and so on. To fetch an existing verification flow call `/self-service/verification/flows?flow=`. @@ -5590,8 +5581,8 @@ you vulnerable to a variety of CSRF attacks. This endpoint MUST ONLY be used in scenarios such as native mobile apps (React Native, Objective C, Swift, Java, ...). More information can be found at [Ory Kratos Email and Phone Verification Documentation](https://www.ory.sh/docs/kratos/self-service/flows/verify-email-account-activation). - - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - - @return V0alpha2ApiApiInitializeSelfServiceVerificationFlowWithoutBrowserRequest + * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + * @return V0alpha2ApiApiInitializeSelfServiceVerificationFlowWithoutBrowserRequest */ func (a *V0alpha2ApiService) InitializeSelfServiceVerificationFlowWithoutBrowser(ctx context.Context) V0alpha2ApiApiInitializeSelfServiceVerificationFlowWithoutBrowserRequest { return V0alpha2ApiApiInitializeSelfServiceVerificationFlowWithoutBrowserRequest{ @@ -5856,12 +5847,12 @@ func (r V0alpha2ApiApiListSessionsRequest) Execute() ([]Session, *http.Response, } /* - - ListSessions This endpoints returns all other active sessions that belong to the logged-in user. The current session can be retrieved by calling the `/sessions/whoami` endpoint. - - This endpoint is useful for: + * ListSessions This endpoints returns all other active sessions that belong to the logged-in user. The current session can be retrieved by calling the `/sessions/whoami` endpoint. + * This endpoint is useful for: Displaying all other sessions that belong to the logged-in user - - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - - @return V0alpha2ApiApiListSessionsRequest + * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + * @return V0alpha2ApiApiListSessionsRequest */ func (a *V0alpha2ApiService) ListSessions(ctx context.Context) V0alpha2ApiApiListSessionsRequest { return V0alpha2ApiApiListSessionsRequest{ @@ -6011,13 +6002,13 @@ func (r V0alpha2ApiApiRevokeSessionRequest) Execute() (*http.Response, error) { } /* - - RevokeSession Calling this endpoint invalidates the specified session. The current session cannot be revoked. Session data are not deleted. - - This endpoint is useful for: + * RevokeSession Calling this endpoint invalidates the specified session. The current session cannot be revoked. Session data are not deleted. + * This endpoint is useful for: To forcefully logout the current user from another device or session - - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - - @param id ID is the session's ID. - - @return V0alpha2ApiApiRevokeSessionRequest + * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + * @param id ID is the session's ID. + * @return V0alpha2ApiApiRevokeSessionRequest */ func (a *V0alpha2ApiService) RevokeSession(ctx context.Context, id string) V0alpha2ApiApiRevokeSessionRequest { return V0alpha2ApiApiRevokeSessionRequest{ @@ -6146,12 +6137,12 @@ func (r V0alpha2ApiApiRevokeSessionsRequest) Execute() (*RevokedSessions, *http. } /* - - RevokeSessions Calling this endpoint invalidates all except the current session that belong to the logged-in user. Session data are not deleted. - - This endpoint is useful for: + * RevokeSessions Calling this endpoint invalidates all except the current session that belong to the logged-in user. Session data are not deleted. + * This endpoint is useful for: To forcefully logout the current user from all other devices and sessions - - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - - @return V0alpha2ApiApiRevokeSessionsRequest + * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + * @return V0alpha2ApiApiRevokeSessionsRequest */ func (a *V0alpha2ApiService) RevokeSessions(ctx context.Context) V0alpha2ApiApiRevokeSessionsRequest { return V0alpha2ApiApiRevokeSessionsRequest{ @@ -6315,8 +6306,8 @@ func (r V0alpha2ApiApiSubmitSelfServiceLoginFlowRequest) Execute() (*SuccessfulS } /* - - SubmitSelfServiceLoginFlow Submit a Login Flow - - :::info + * SubmitSelfServiceLoginFlow # Submit a Login Flow + * :::info This endpoint is EXPERIMENTAL and subject to potential breaking changes in the future. @@ -6349,8 +6340,8 @@ case of an error, the `error.id` of the JSON response body can be one of: Most likely used in Social Sign In flows. More information can be found at [Ory Kratos User Login](https://www.ory.sh/docs/kratos/self-service/flows/user-login) and [User Registration Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-registration). - - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - - @return V0alpha2ApiApiSubmitSelfServiceLoginFlowRequest + * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + * @return V0alpha2ApiApiSubmitSelfServiceLoginFlowRequest */ func (a *V0alpha2ApiService) SubmitSelfServiceLoginFlow(ctx context.Context) V0alpha2ApiApiSubmitSelfServiceLoginFlowRequest { return V0alpha2ApiApiSubmitSelfServiceLoginFlowRequest{ @@ -6513,8 +6504,8 @@ func (r V0alpha2ApiApiSubmitSelfServiceLogoutFlowRequest) Execute() (*http.Respo } /* - - SubmitSelfServiceLogoutFlow Complete Self-Service Logout - - This endpoint logs out an identity in a self-service manner. + * SubmitSelfServiceLogoutFlow # Complete Self-Service Logout + * This endpoint logs out an identity in a self-service manner. If the `Accept` HTTP header is not set to `application/json`, the browser will be redirected (HTTP 303 See Other) to the `return_to` parameter of the initial request or fall back to `urls.default_return_to`. @@ -6527,8 +6518,8 @@ with browsers (Chrome, Firefox, ...). For API clients you can call the `/self-service/logout/api` URL directly with the Ory Session Token. More information can be found at [Ory Kratos User Logout Documentation](https://www.ory.sh/docs/next/kratos/self-service/flows/user-logout). - - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - - @return V0alpha2ApiApiSubmitSelfServiceLogoutFlowRequest + * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + * @return V0alpha2ApiApiSubmitSelfServiceLogoutFlowRequest */ func (a *V0alpha2ApiService) SubmitSelfServiceLogoutFlow(ctx context.Context) V0alpha2ApiApiSubmitSelfServiceLogoutFlowRequest { return V0alpha2ApiApiSubmitSelfServiceLogoutFlowRequest{ @@ -6636,9 +6627,8 @@ func (r V0alpha2ApiApiSubmitSelfServiceLogoutFlowWithoutBrowserRequest) Execute( } /* - - SubmitSelfServiceLogoutFlowWithoutBrowser Perform Logout for APIs, Services, Apps, ... - - Use this endpoint to log out an identity using an Ory Session Token. If the Ory Session Token was successfully - + * SubmitSelfServiceLogoutFlowWithoutBrowser Perform Logout for APIs, Services, Apps, ... + * Use this endpoint to log out an identity using an Ory Session Token. If the Ory Session Token was successfully revoked, the server returns a 204 No Content response. A 204 No Content response is also sent when the Ory Session Token has been revoked already before. @@ -6646,8 +6636,8 @@ If the Ory Session Token is malformed or does not exist a 403 Forbidden response This endpoint does not remove any HTTP Cookies - use the Browser-Based Self-Service Logout Flow instead. - - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - - @return V0alpha2ApiApiSubmitSelfServiceLogoutFlowWithoutBrowserRequest + * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + * @return V0alpha2ApiApiSubmitSelfServiceLogoutFlowWithoutBrowserRequest */ func (a *V0alpha2ApiService) SubmitSelfServiceLogoutFlowWithoutBrowser(ctx context.Context) V0alpha2ApiApiSubmitSelfServiceLogoutFlowWithoutBrowserRequest { return V0alpha2ApiApiSubmitSelfServiceLogoutFlowWithoutBrowserRequest{ @@ -6779,9 +6769,8 @@ func (r V0alpha2ApiApiSubmitSelfServiceRecoveryFlowRequest) Execute() (*SelfServ } /* - - SubmitSelfServiceRecoveryFlow Complete Recovery Flow - - Use this endpoint to complete a recovery flow. This endpoint - + * SubmitSelfServiceRecoveryFlow # Complete Recovery Flow + * Use this endpoint to complete a recovery flow. This endpoint behaves differently for API and browser flows and has several states: `choose_method` expects `flow` (in the URL query) and `email` (in the body) to be sent @@ -6797,8 +6786,8 @@ does not have any API capabilities. The server responds with a HTTP 303 See Othe a new Recovery Flow ID which contains an error message that the recovery link was invalid. More information can be found at [Ory Kratos Account Recovery Documentation](../self-service/flows/account-recovery). - - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - - @return V0alpha2ApiApiSubmitSelfServiceRecoveryFlowRequest + * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + * @return V0alpha2ApiApiSubmitSelfServiceRecoveryFlowRequest */ func (a *V0alpha2ApiService) SubmitSelfServiceRecoveryFlow(ctx context.Context) V0alpha2ApiApiSubmitSelfServiceRecoveryFlowRequest { return V0alpha2ApiApiSubmitSelfServiceRecoveryFlowRequest{ @@ -6956,9 +6945,8 @@ func (r V0alpha2ApiApiSubmitSelfServiceRegistrationFlowRequest) Execute() (*Succ } /* - - SubmitSelfServiceRegistrationFlow Submit a Registration Flow - - Use this endpoint to complete a registration flow by sending an identity's traits and password. This endpoint - + * SubmitSelfServiceRegistrationFlow # Submit a Registration Flow + * Use this endpoint to complete a registration flow by sending an identity's traits and password. This endpoint behaves differently for API and browser flows. API flows expect `application/json` to be sent in the body and respond with @@ -6986,8 +6974,8 @@ case of an error, the `error.id` of the JSON response body can be one of: Most likely used in Social Sign In flows. More information can be found at [Ory Kratos User Login](https://www.ory.sh/docs/kratos/self-service/flows/user-login) and [User Registration Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-registration). - - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - - @return V0alpha2ApiApiSubmitSelfServiceRegistrationFlowRequest + * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + * @return V0alpha2ApiApiSubmitSelfServiceRegistrationFlowRequest */ func (a *V0alpha2ApiService) SubmitSelfServiceRegistrationFlow(ctx context.Context) V0alpha2ApiApiSubmitSelfServiceRegistrationFlowRequest { return V0alpha2ApiApiSubmitSelfServiceRegistrationFlowRequest{ @@ -7157,9 +7145,8 @@ func (r V0alpha2ApiApiSubmitSelfServiceSettingsFlowRequest) Execute() (*SelfServ } /* - - SubmitSelfServiceSettingsFlow Complete Settings Flow - - Use this endpoint to complete a settings flow by sending an identity's updated password. This endpoint - + * SubmitSelfServiceSettingsFlow # Complete Settings Flow + * Use this endpoint to complete a settings flow by sending an identity's updated password. This endpoint behaves differently for API and browser flows. API-initiated flows expect `application/json` to be sent in the body and respond with @@ -7202,8 +7189,8 @@ identity logged in instead. Most likely used in Social Sign In flows. More information can be found at [Ory Kratos User Settings & Profile Management Documentation](../self-service/flows/user-settings). - - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - - @return V0alpha2ApiApiSubmitSelfServiceSettingsFlowRequest + * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + * @return V0alpha2ApiApiSubmitSelfServiceSettingsFlowRequest */ func (a *V0alpha2ApiService) SubmitSelfServiceSettingsFlow(ctx context.Context) V0alpha2ApiApiSubmitSelfServiceSettingsFlowRequest { return V0alpha2ApiApiSubmitSelfServiceSettingsFlowRequest{ @@ -7396,9 +7383,8 @@ func (r V0alpha2ApiApiSubmitSelfServiceVerificationFlowRequest) Execute() (*Self } /* - - SubmitSelfServiceVerificationFlow Complete Verification Flow - - Use this endpoint to complete a verification flow. This endpoint - + * SubmitSelfServiceVerificationFlow # Complete Verification Flow + * Use this endpoint to complete a verification flow. This endpoint behaves differently for API and browser flows and has several states: `choose_method` expects `flow` (in the URL query) and `email` (in the body) to be sent @@ -7414,8 +7400,8 @@ does not have any API capabilities. The server responds with a HTTP 303 See Othe a new Verification Flow ID which contains an error message that the verification link was invalid. More information can be found at [Ory Kratos Email and Phone Verification Documentation](https://www.ory.sh/docs/kratos/selfservice/flows/verify-email-account-activation). - - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - - @return V0alpha2ApiApiSubmitSelfServiceVerificationFlowRequest + * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + * @return V0alpha2ApiApiSubmitSelfServiceVerificationFlowRequest */ func (a *V0alpha2ApiService) SubmitSelfServiceVerificationFlow(ctx context.Context) V0alpha2ApiApiSubmitSelfServiceVerificationFlowRequest { return V0alpha2ApiApiSubmitSelfServiceVerificationFlowRequest{ @@ -7568,9 +7554,8 @@ func (r V0alpha2ApiApiToSessionRequest) Execute() (*Session, *http.Response, err } /* - - ToSession Check Who the Current HTTP Session Belongs To - - Uses the HTTP Headers in the GET request to determine (e.g. by using checking the cookies) who is authenticated. - + * ToSession # Check Who the Current HTTP Session Belongs To + * Uses the HTTP Headers in the GET request to determine (e.g. by using checking the cookies) who is authenticated. Returns a session object in the body or 401 if the credentials are invalid or no credentials were sent. Additionally when the request it successful it adds the user ID to the 'X-Kratos-Authenticated-Identity-Id' header in the response. @@ -7619,8 +7604,8 @@ As explained above, this request may fail due to several reasons. The `error.id` `session_inactive`: No active session was found in the request (e.g. no Ory Session Cookie / Ory Session Token). `session_aal2_required`: An active session was found but it does not fulfil the Authenticator Assurance Level, implying that the session must (e.g.) authenticate the second factor. - - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - - @return V0alpha2ApiApiToSessionRequest + * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + * @return V0alpha2ApiApiToSessionRequest */ func (a *V0alpha2ApiService) ToSession(ctx context.Context) V0alpha2ApiApiToSessionRequest { return V0alpha2ApiApiToSessionRequest{ diff --git a/internal/httpclient/docs/V0alpha2Api.md b/internal/httpclient/docs/V0alpha2Api.md index 52ccd5b4d10f..489096d3b6b8 100644 --- a/internal/httpclient/docs/V0alpha2Api.md +++ b/internal/httpclient/docs/V0alpha2Api.md @@ -4,48 +4,48 @@ All URIs are relative to *http://localhost* Method | HTTP request | Description ------------- | ------------- | ------------- -[**AdminCreateIdentity**](V0alpha2Api.md#AdminCreateIdentity) | **Post** /admin/identities | Create an Identity -[**AdminCreateSelfServiceRecoveryLink**](V0alpha2Api.md#AdminCreateSelfServiceRecoveryLink) | **Post** /admin/recovery/link | Create a Recovery Link -[**AdminDeleteIdentity**](V0alpha2Api.md#AdminDeleteIdentity) | **Delete** /admin/identities/{id} | Delete an Identity +[**AdminCreateIdentity**](V0alpha2Api.md#AdminCreateIdentity) | **Post** /admin/identities | # Create an Identity +[**AdminCreateSelfServiceRecoveryLink**](V0alpha2Api.md#AdminCreateSelfServiceRecoveryLink) | **Post** /admin/recovery/link | # Create a Recovery Link +[**AdminDeleteIdentity**](V0alpha2Api.md#AdminDeleteIdentity) | **Delete** /admin/identities/{id} | # Delete an Identity [**AdminDeleteIdentitySessions**](V0alpha2Api.md#AdminDeleteIdentitySessions) | **Delete** /admin/identities/{id}/sessions | Calling this endpoint irrecoverably and permanently deletes and invalidates all sessions that belong to the given Identity. [**AdminExtendSession**](V0alpha2Api.md#AdminExtendSession) | **Patch** /admin/sessions/{id}/extend | Calling this endpoint extends the given session ID. If `session.earliest_possible_extend` is set it will only extend the session after the specified time has passed. -[**AdminGetIdentity**](V0alpha2Api.md#AdminGetIdentity) | **Get** /admin/identities/{id} | Get an Identity -[**AdminListCourierMessages**](V0alpha2Api.md#AdminListCourierMessages) | **Get** /admin/courier/messages | List Messages -[**AdminListIdentities**](V0alpha2Api.md#AdminListIdentities) | **Get** /admin/identities | List Identities +[**AdminGetIdentity**](V0alpha2Api.md#AdminGetIdentity) | **Get** /admin/identities/{id} | # Get an Identity +[**AdminListCourierMessages**](V0alpha2Api.md#AdminListCourierMessages) | **Get** /admin/courier/messages | # List Messages +[**AdminListIdentities**](V0alpha2Api.md#AdminListIdentities) | **Get** /admin/identities | # List Identities [**AdminListIdentitySessions**](V0alpha2Api.md#AdminListIdentitySessions) | **Get** /admin/identities/{id}/sessions | This endpoint returns all sessions that belong to the given Identity. [**AdminPatchIdentity**](V0alpha2Api.md#AdminPatchIdentity) | **Patch** /admin/identities/{id} | Partially updates an Identity's field using [JSON Patch](https://jsonpatch.com/) -[**AdminUpdateIdentity**](V0alpha2Api.md#AdminUpdateIdentity) | **Put** /admin/identities/{id} | Update an Identity -[**CreateSelfServiceLogoutFlowUrlForBrowsers**](V0alpha2Api.md#CreateSelfServiceLogoutFlowUrlForBrowsers) | **Get** /self-service/logout/browser | Create a Logout URL for Browsers +[**AdminUpdateIdentity**](V0alpha2Api.md#AdminUpdateIdentity) | **Put** /admin/identities/{id} | # Update an Identity +[**CreateSelfServiceLogoutFlowUrlForBrowsers**](V0alpha2Api.md#CreateSelfServiceLogoutFlowUrlForBrowsers) | **Get** /self-service/logout/browser | # Create a Logout URL for Browsers [**GetIdentitySchema**](V0alpha2Api.md#GetIdentitySchema) | **Get** /schemas/{id} | -[**GetSelfServiceError**](V0alpha2Api.md#GetSelfServiceError) | **Get** /self-service/errors | Get Self-Service Errors -[**GetSelfServiceLoginFlow**](V0alpha2Api.md#GetSelfServiceLoginFlow) | **Get** /self-service/login/flows | Get Login Flow -[**GetSelfServiceRecoveryFlow**](V0alpha2Api.md#GetSelfServiceRecoveryFlow) | **Get** /self-service/recovery/flows | Get Recovery Flow -[**GetSelfServiceRegistrationFlow**](V0alpha2Api.md#GetSelfServiceRegistrationFlow) | **Get** /self-service/registration/flows | Get Registration Flow -[**GetSelfServiceSettingsFlow**](V0alpha2Api.md#GetSelfServiceSettingsFlow) | **Get** /self-service/settings/flows | Get Settings Flow -[**GetSelfServiceVerificationFlow**](V0alpha2Api.md#GetSelfServiceVerificationFlow) | **Get** /self-service/verification/flows | Get Verification Flow -[**GetWebAuthnJavaScript**](V0alpha2Api.md#GetWebAuthnJavaScript) | **Get** /.well-known/ory/webauthn.js | Get WebAuthn JavaScript -[**InitializeSelfServiceLoginFlowForBrowsers**](V0alpha2Api.md#InitializeSelfServiceLoginFlowForBrowsers) | **Get** /self-service/login/browser | Initialize Login Flow for Browsers +[**GetSelfServiceError**](V0alpha2Api.md#GetSelfServiceError) | **Get** /self-service/errors | # Get Self-Service Errors +[**GetSelfServiceLoginFlow**](V0alpha2Api.md#GetSelfServiceLoginFlow) | **Get** /self-service/login/flows | # Get Login Flow +[**GetSelfServiceRecoveryFlow**](V0alpha2Api.md#GetSelfServiceRecoveryFlow) | **Get** /self-service/recovery/flows | # Get Recovery Flow +[**GetSelfServiceRegistrationFlow**](V0alpha2Api.md#GetSelfServiceRegistrationFlow) | **Get** /self-service/registration/flows | # Get Registration Flow +[**GetSelfServiceSettingsFlow**](V0alpha2Api.md#GetSelfServiceSettingsFlow) | **Get** /self-service/settings/flows | # Get Settings Flow +[**GetSelfServiceVerificationFlow**](V0alpha2Api.md#GetSelfServiceVerificationFlow) | **Get** /self-service/verification/flows | # Get Verification Flow +[**GetWebAuthnJavaScript**](V0alpha2Api.md#GetWebAuthnJavaScript) | **Get** /.well-known/ory/webauthn.js | # Get WebAuthn JavaScript +[**InitializeSelfServiceLoginFlowForBrowsers**](V0alpha2Api.md#InitializeSelfServiceLoginFlowForBrowsers) | **Get** /self-service/login/browser | # Initialize Login Flow for Browsers [**InitializeSelfServiceLoginFlowWithoutBrowser**](V0alpha2Api.md#InitializeSelfServiceLoginFlowWithoutBrowser) | **Get** /self-service/login/api | Initialize Login Flow for APIs, Services, Apps, ... -[**InitializeSelfServiceRecoveryFlowForBrowsers**](V0alpha2Api.md#InitializeSelfServiceRecoveryFlowForBrowsers) | **Get** /self-service/recovery/browser | Initialize Recovery Flow for Browsers +[**InitializeSelfServiceRecoveryFlowForBrowsers**](V0alpha2Api.md#InitializeSelfServiceRecoveryFlowForBrowsers) | **Get** /self-service/recovery/browser | # Initialize Recovery Flow for Browsers [**InitializeSelfServiceRecoveryFlowWithoutBrowser**](V0alpha2Api.md#InitializeSelfServiceRecoveryFlowWithoutBrowser) | **Get** /self-service/recovery/api | Initialize Recovery Flow for APIs, Services, Apps, ... -[**InitializeSelfServiceRegistrationFlowForBrowsers**](V0alpha2Api.md#InitializeSelfServiceRegistrationFlowForBrowsers) | **Get** /self-service/registration/browser | Initialize Registration Flow for Browsers +[**InitializeSelfServiceRegistrationFlowForBrowsers**](V0alpha2Api.md#InitializeSelfServiceRegistrationFlowForBrowsers) | **Get** /self-service/registration/browser | # Initialize Registration Flow for Browsers [**InitializeSelfServiceRegistrationFlowWithoutBrowser**](V0alpha2Api.md#InitializeSelfServiceRegistrationFlowWithoutBrowser) | **Get** /self-service/registration/api | Initialize Registration Flow for APIs, Services, Apps, ... -[**InitializeSelfServiceSettingsFlowForBrowsers**](V0alpha2Api.md#InitializeSelfServiceSettingsFlowForBrowsers) | **Get** /self-service/settings/browser | Initialize Settings Flow for Browsers +[**InitializeSelfServiceSettingsFlowForBrowsers**](V0alpha2Api.md#InitializeSelfServiceSettingsFlowForBrowsers) | **Get** /self-service/settings/browser | # Initialize Settings Flow for Browsers [**InitializeSelfServiceSettingsFlowWithoutBrowser**](V0alpha2Api.md#InitializeSelfServiceSettingsFlowWithoutBrowser) | **Get** /self-service/settings/api | Initialize Settings Flow for APIs, Services, Apps, ... -[**InitializeSelfServiceVerificationFlowForBrowsers**](V0alpha2Api.md#InitializeSelfServiceVerificationFlowForBrowsers) | **Get** /self-service/verification/browser | Initialize Verification Flow for Browser Clients +[**InitializeSelfServiceVerificationFlowForBrowsers**](V0alpha2Api.md#InitializeSelfServiceVerificationFlowForBrowsers) | **Get** /self-service/verification/browser | # Initialize Verification Flow for Browser Clients [**InitializeSelfServiceVerificationFlowWithoutBrowser**](V0alpha2Api.md#InitializeSelfServiceVerificationFlowWithoutBrowser) | **Get** /self-service/verification/api | Initialize Verification Flow for APIs, Services, Apps, ... [**ListIdentitySchemas**](V0alpha2Api.md#ListIdentitySchemas) | **Get** /schemas | [**ListSessions**](V0alpha2Api.md#ListSessions) | **Get** /sessions | This endpoints returns all other active sessions that belong to the logged-in user. The current session can be retrieved by calling the `/sessions/whoami` endpoint. [**RevokeSession**](V0alpha2Api.md#RevokeSession) | **Delete** /sessions/{id} | Calling this endpoint invalidates the specified session. The current session cannot be revoked. Session data are not deleted. [**RevokeSessions**](V0alpha2Api.md#RevokeSessions) | **Delete** /sessions | Calling this endpoint invalidates all except the current session that belong to the logged-in user. Session data are not deleted. -[**SubmitSelfServiceLoginFlow**](V0alpha2Api.md#SubmitSelfServiceLoginFlow) | **Post** /self-service/login | Submit a Login Flow -[**SubmitSelfServiceLogoutFlow**](V0alpha2Api.md#SubmitSelfServiceLogoutFlow) | **Get** /self-service/logout | Complete Self-Service Logout +[**SubmitSelfServiceLoginFlow**](V0alpha2Api.md#SubmitSelfServiceLoginFlow) | **Post** /self-service/login | # Submit a Login Flow +[**SubmitSelfServiceLogoutFlow**](V0alpha2Api.md#SubmitSelfServiceLogoutFlow) | **Get** /self-service/logout | # Complete Self-Service Logout [**SubmitSelfServiceLogoutFlowWithoutBrowser**](V0alpha2Api.md#SubmitSelfServiceLogoutFlowWithoutBrowser) | **Delete** /self-service/logout/api | Perform Logout for APIs, Services, Apps, ... -[**SubmitSelfServiceRecoveryFlow**](V0alpha2Api.md#SubmitSelfServiceRecoveryFlow) | **Post** /self-service/recovery | Complete Recovery Flow -[**SubmitSelfServiceRegistrationFlow**](V0alpha2Api.md#SubmitSelfServiceRegistrationFlow) | **Post** /self-service/registration | Submit a Registration Flow -[**SubmitSelfServiceSettingsFlow**](V0alpha2Api.md#SubmitSelfServiceSettingsFlow) | **Post** /self-service/settings | Complete Settings Flow -[**SubmitSelfServiceVerificationFlow**](V0alpha2Api.md#SubmitSelfServiceVerificationFlow) | **Post** /self-service/verification | Complete Verification Flow -[**ToSession**](V0alpha2Api.md#ToSession) | **Get** /sessions/whoami | Check Who the Current HTTP Session Belongs To +[**SubmitSelfServiceRecoveryFlow**](V0alpha2Api.md#SubmitSelfServiceRecoveryFlow) | **Post** /self-service/recovery | # Complete Recovery Flow +[**SubmitSelfServiceRegistrationFlow**](V0alpha2Api.md#SubmitSelfServiceRegistrationFlow) | **Post** /self-service/registration | # Submit a Registration Flow +[**SubmitSelfServiceSettingsFlow**](V0alpha2Api.md#SubmitSelfServiceSettingsFlow) | **Post** /self-service/settings | # Complete Settings Flow +[**SubmitSelfServiceVerificationFlow**](V0alpha2Api.md#SubmitSelfServiceVerificationFlow) | **Post** /self-service/verification | # Complete Verification Flow +[**ToSession**](V0alpha2Api.md#ToSession) | **Get** /sessions/whoami | # Check Who the Current HTTP Session Belongs To @@ -53,7 +53,7 @@ Method | HTTP request | Description > Identity AdminCreateIdentity(ctx).AdminCreateIdentityBody(adminCreateIdentityBody).Execute() -Create an Identity +# Create an Identity @@ -119,7 +119,7 @@ Name | Type | Description | Notes > SelfServiceRecoveryLink AdminCreateSelfServiceRecoveryLink(ctx).AdminCreateSelfServiceRecoveryLinkBody(adminCreateSelfServiceRecoveryLinkBody).Execute() -Create a Recovery Link +# Create a Recovery Link @@ -185,7 +185,7 @@ No authorization required > AdminDeleteIdentity(ctx, id).Execute() -Delete an Identity +# Delete an Identity @@ -391,7 +391,7 @@ Name | Type | Description | Notes > Identity AdminGetIdentity(ctx, id).IncludeCredential(includeCredential).Execute() -Get an Identity +# Get an Identity @@ -463,7 +463,7 @@ Name | Type | Description | Notes > []Message AdminListCourierMessages(ctx).PerPage(perPage).Page(page).Status(status).Recipient(recipient).Execute() -List Messages +# List Messages @@ -535,7 +535,7 @@ No authorization required > []Identity AdminListIdentities(ctx).PerPage(perPage).Page(page).Execute() -List Identities +# List Identities @@ -751,7 +751,7 @@ Name | Type | Description | Notes > Identity AdminUpdateIdentity(ctx, id).AdminUpdateIdentityBody(adminUpdateIdentityBody).Execute() -Update an Identity +# Update an Identity @@ -823,7 +823,7 @@ Name | Type | Description | Notes > SelfServiceLogoutUrl CreateSelfServiceLogoutFlowUrlForBrowsers(ctx).Cookie(cookie).Execute() -Create a Logout URL for Browsers +# Create a Logout URL for Browsers @@ -959,7 +959,7 @@ No authorization required > SelfServiceError GetSelfServiceError(ctx).Id(id).Execute() -Get Self-Service Errors +# Get Self-Service Errors @@ -1025,7 +1025,7 @@ No authorization required > SelfServiceLoginFlow GetSelfServiceLoginFlow(ctx).Id(id).Cookie(cookie).Execute() -Get Login Flow +# Get Login Flow @@ -1093,7 +1093,7 @@ No authorization required > SelfServiceRecoveryFlow GetSelfServiceRecoveryFlow(ctx).Id(id).Cookie(cookie).Execute() -Get Recovery Flow +# Get Recovery Flow @@ -1161,7 +1161,7 @@ No authorization required > SelfServiceRegistrationFlow GetSelfServiceRegistrationFlow(ctx).Id(id).Cookie(cookie).Execute() -Get Registration Flow +# Get Registration Flow @@ -1229,7 +1229,7 @@ No authorization required > SelfServiceSettingsFlow GetSelfServiceSettingsFlow(ctx).Id(id).XSessionToken(xSessionToken).Cookie(cookie).Execute() -Get Settings Flow +# Get Settings Flow @@ -1299,7 +1299,7 @@ No authorization required > SelfServiceVerificationFlow GetSelfServiceVerificationFlow(ctx).Id(id).Cookie(cookie).Execute() -Get Verification Flow +# Get Verification Flow @@ -1367,7 +1367,7 @@ No authorization required > string GetWebAuthnJavaScript(ctx).Execute() -Get WebAuthn JavaScript +# Get WebAuthn JavaScript @@ -1428,7 +1428,7 @@ No authorization required > SelfServiceLoginFlow InitializeSelfServiceLoginFlowForBrowsers(ctx).Refresh(refresh).Aal(aal).ReturnTo(returnTo).Cookie(cookie).Execute() -Initialize Login Flow for Browsers +# Initialize Login Flow for Browsers @@ -1570,7 +1570,7 @@ No authorization required > SelfServiceRecoveryFlow InitializeSelfServiceRecoveryFlowForBrowsers(ctx).ReturnTo(returnTo).Execute() -Initialize Recovery Flow for Browsers +# Initialize Recovery Flow for Browsers @@ -1697,7 +1697,7 @@ No authorization required > SelfServiceRegistrationFlow InitializeSelfServiceRegistrationFlowForBrowsers(ctx).ReturnTo(returnTo).Execute() -Initialize Registration Flow for Browsers +# Initialize Registration Flow for Browsers @@ -1824,7 +1824,7 @@ No authorization required > SelfServiceSettingsFlow InitializeSelfServiceSettingsFlowForBrowsers(ctx).ReturnTo(returnTo).Cookie(cookie).Execute() -Initialize Settings Flow for Browsers +# Initialize Settings Flow for Browsers @@ -1958,7 +1958,7 @@ No authorization required > SelfServiceVerificationFlow InitializeSelfServiceVerificationFlowForBrowsers(ctx).ReturnTo(returnTo).Execute() -Initialize Verification Flow for Browser Clients +# Initialize Verification Flow for Browser Clients @@ -2361,7 +2361,7 @@ No authorization required > SuccessfulSelfServiceLoginWithoutBrowser SubmitSelfServiceLoginFlow(ctx).Flow(flow).SubmitSelfServiceLoginFlowBody(submitSelfServiceLoginFlowBody).XSessionToken(xSessionToken).Cookie(cookie).Execute() -Submit a Login Flow +# Submit a Login Flow @@ -2433,7 +2433,7 @@ No authorization required > SubmitSelfServiceLogoutFlow(ctx).Token(token).ReturnTo(returnTo).Execute() -Complete Self-Service Logout +# Complete Self-Service Logout @@ -2563,7 +2563,7 @@ No authorization required > SelfServiceRecoveryFlow SubmitSelfServiceRecoveryFlow(ctx).Flow(flow).SubmitSelfServiceRecoveryFlowBody(submitSelfServiceRecoveryFlowBody).Token(token).Cookie(cookie).Execute() -Complete Recovery Flow +# Complete Recovery Flow @@ -2635,7 +2635,7 @@ No authorization required > SuccessfulSelfServiceRegistrationWithoutBrowser SubmitSelfServiceRegistrationFlow(ctx).Flow(flow).SubmitSelfServiceRegistrationFlowBody(submitSelfServiceRegistrationFlowBody).Cookie(cookie).Execute() -Submit a Registration Flow +# Submit a Registration Flow @@ -2705,7 +2705,7 @@ No authorization required > SelfServiceSettingsFlow SubmitSelfServiceSettingsFlow(ctx).Flow(flow).SubmitSelfServiceSettingsFlowBody(submitSelfServiceSettingsFlowBody).XSessionToken(xSessionToken).Cookie(cookie).Execute() -Complete Settings Flow +# Complete Settings Flow @@ -2777,7 +2777,7 @@ No authorization required > SelfServiceVerificationFlow SubmitSelfServiceVerificationFlow(ctx).Flow(flow).SubmitSelfServiceVerificationFlowBody(submitSelfServiceVerificationFlowBody).Token(token).Cookie(cookie).Execute() -Complete Verification Flow +# Complete Verification Flow @@ -2849,7 +2849,7 @@ No authorization required > Session ToSession(ctx).XSessionToken(xSessionToken).Cookie(cookie).Execute() -Check Who the Current HTTP Session Belongs To +# Check Who the Current HTTP Session Belongs To diff --git a/spec/api.json b/spec/api.json index 4c2715777f82..4ea203bc8040 100755 --- a/spec/api.json +++ b/spec/api.json @@ -2440,7 +2440,7 @@ "description": "webAuthnJavaScript" } }, - "summary": "Get WebAuthn JavaScript", + "summary": "# Get WebAuthn JavaScript", "tags": [ "v0alpha2" ] @@ -2523,7 +2523,7 @@ "description": "jsonError" } }, - "summary": "List Messages", + "summary": "# List Messages", "tags": [ "v0alpha2" ] @@ -2585,7 +2585,7 @@ "oryAccessToken": [] } ], - "summary": "List Identities", + "summary": "# List Identities", "tags": [ "v0alpha2" ] @@ -2650,7 +2650,7 @@ "oryAccessToken": [] } ], - "summary": "Create an Identity", + "summary": "# Create an Identity", "tags": [ "v0alpha2" ] @@ -2701,7 +2701,7 @@ "oryAccessToken": [] } ], - "summary": "Delete an Identity", + "summary": "# Delete an Identity", "tags": [ "v0alpha2" ] @@ -2768,7 +2768,7 @@ "oryAccessToken": [] } ], - "summary": "Get an Identity", + "summary": "# Get an Identity", "tags": [ "v0alpha2" ] @@ -2940,7 +2940,7 @@ "oryAccessToken": [] } ], - "summary": "Update an Identity", + "summary": "# Update an Identity", "tags": [ "v0alpha2" ] @@ -3180,7 +3180,7 @@ "description": "jsonError" } }, - "summary": "Create a Recovery Link", + "summary": "# Create a Recovery Link", "tags": [ "v0alpha2" ] @@ -3513,7 +3513,7 @@ "description": "jsonError" } }, - "summary": "Get Self-Service Errors", + "summary": "# Get Self-Service Errors", "tags": [ "v0alpha2" ] @@ -3621,7 +3621,7 @@ "description": "jsonError" } }, - "summary": "Submit a Login Flow", + "summary": "# Submit a Login Flow", "tags": [ "v0alpha2" ] @@ -3768,7 +3768,7 @@ "description": "jsonError" } }, - "summary": "Initialize Login Flow for Browsers", + "summary": "# Initialize Login Flow for Browsers", "tags": [ "v0alpha2" ] @@ -3849,7 +3849,7 @@ "description": "jsonError" } }, - "summary": "Get Login Flow", + "summary": "# Get Login Flow", "tags": [ "v0alpha2" ] @@ -3895,7 +3895,7 @@ "description": "jsonError" } }, - "summary": "Complete Self-Service Logout", + "summary": "# Complete Self-Service Logout", "tags": [ "v0alpha2" ] @@ -3993,7 +3993,7 @@ "description": "jsonError" } }, - "summary": "Create a Logout URL for Browsers", + "summary": "# Create a Logout URL for Browsers", "tags": [ "v0alpha2" ] @@ -4091,7 +4091,7 @@ "description": "jsonError" } }, - "summary": "Complete Recovery Flow", + "summary": "# Complete Recovery Flow", "tags": [ "v0alpha2" ] @@ -4188,7 +4188,7 @@ "description": "jsonError" } }, - "summary": "Initialize Recovery Flow for Browsers", + "summary": "# Initialize Recovery Flow for Browsers", "tags": [ "v0alpha2" ] @@ -4259,7 +4259,7 @@ "description": "jsonError" } }, - "summary": "Get Recovery Flow", + "summary": "# Get Recovery Flow", "tags": [ "v0alpha2" ] @@ -4359,7 +4359,7 @@ "description": "jsonError" } }, - "summary": "Submit a Registration Flow", + "summary": "# Submit a Registration Flow", "tags": [ "v0alpha2" ] @@ -4446,7 +4446,7 @@ "description": "jsonError" } }, - "summary": "Initialize Registration Flow for Browsers", + "summary": "# Initialize Registration Flow for Browsers", "tags": [ "v0alpha2" ] @@ -4527,7 +4527,7 @@ "description": "jsonError" } }, - "summary": "Get Registration Flow", + "summary": "# Get Registration Flow", "tags": [ "v0alpha2" ] @@ -4660,7 +4660,7 @@ "sessionToken": [] } ], - "summary": "Complete Settings Flow", + "summary": "# Complete Settings Flow", "tags": [ "v0alpha2" ] @@ -4795,7 +4795,7 @@ "description": "jsonError" } }, - "summary": "Initialize Settings Flow for Browsers", + "summary": "# Initialize Settings Flow for Browsers", "tags": [ "v0alpha2" ] @@ -4894,7 +4894,7 @@ "description": "jsonError" } }, - "summary": "Get Settings Flow", + "summary": "# Get Settings Flow", "tags": [ "v0alpha2" ] @@ -4992,7 +4992,7 @@ "description": "jsonError" } }, - "summary": "Complete Verification Flow", + "summary": "# Complete Verification Flow", "tags": [ "v0alpha2" ] @@ -5079,7 +5079,7 @@ "description": "jsonError" } }, - "summary": "Initialize Verification Flow for Browser Clients", + "summary": "# Initialize Verification Flow for Browser Clients", "tags": [ "v0alpha2" ] @@ -5150,7 +5150,7 @@ "description": "jsonError" } }, - "summary": "Get Verification Flow", + "summary": "# Get Verification Flow", "tags": [ "v0alpha2" ] @@ -5403,7 +5403,7 @@ "description": "jsonError" } }, - "summary": "Check Who the Current HTTP Session Belongs To", + "summary": "# Check Who the Current HTTP Session Belongs To", "tags": [ "v0alpha2" ] diff --git a/spec/swagger.json b/spec/swagger.json index 480a2afa8d09..7511d85d643b 100755 --- a/spec/swagger.json +++ b/spec/swagger.json @@ -31,7 +31,7 @@ "tags": [ "v0alpha2" ], - "summary": "Get WebAuthn JavaScript", + "summary": "# Get WebAuthn JavaScript", "operationId": "getWebAuthnJavaScript", "responses": { "200": { @@ -56,7 +56,7 @@ "tags": [ "v0alpha2" ], - "summary": "List Messages", + "summary": "# List Messages", "operationId": "adminListCourierMessages", "parameters": [ { @@ -132,7 +132,7 @@ "tags": [ "v0alpha2" ], - "summary": "List Identities", + "summary": "# List Identities", "operationId": "adminListIdentities", "parameters": [ { @@ -190,7 +190,7 @@ "tags": [ "v0alpha2" ], - "summary": "Create an Identity", + "summary": "# Create an Identity", "operationId": "adminCreateIdentity", "parameters": [ { @@ -250,7 +250,7 @@ "tags": [ "v0alpha2" ], - "summary": "Get an Identity", + "summary": "# Get an Identity", "operationId": "adminGetIdentity", "parameters": [ { @@ -311,7 +311,7 @@ "tags": [ "v0alpha2" ], - "summary": "Update an Identity", + "summary": "# Update an Identity", "operationId": "adminUpdateIdentity", "parameters": [ { @@ -379,7 +379,7 @@ "tags": [ "v0alpha2" ], - "summary": "Delete an Identity", + "summary": "# Delete an Identity", "operationId": "adminDeleteIdentity", "parameters": [ { @@ -636,7 +636,7 @@ "tags": [ "v0alpha2" ], - "summary": "Create a Recovery Link", + "summary": "# Create a Recovery Link", "operationId": "adminCreateSelfServiceRecoveryLink", "parameters": [ { @@ -892,7 +892,7 @@ "tags": [ "v0alpha2" ], - "summary": "Get Self-Service Errors", + "summary": "# Get Self-Service Errors", "operationId": "getSelfServiceError", "parameters": [ { @@ -950,7 +950,7 @@ "tags": [ "v0alpha2" ], - "summary": "Submit a Login Flow", + "summary": "# Submit a Login Flow", "operationId": "submitSelfServiceLoginFlow", "parameters": [ { @@ -1088,7 +1088,7 @@ "tags": [ "v0alpha2" ], - "summary": "Initialize Login Flow for Browsers", + "summary": "# Initialize Login Flow for Browsers", "operationId": "initializeSelfServiceLoginFlowForBrowsers", "parameters": [ { @@ -1154,7 +1154,7 @@ "tags": [ "v0alpha2" ], - "summary": "Get Login Flow", + "summary": "# Get Login Flow", "operationId": "getSelfServiceLoginFlow", "parameters": [ { @@ -1218,7 +1218,7 @@ "tags": [ "v0alpha2" ], - "summary": "Complete Self-Service Logout", + "summary": "# Complete Self-Service Logout", "operationId": "submitSelfServiceLogoutFlow", "parameters": [ { @@ -1310,7 +1310,7 @@ "tags": [ "v0alpha2" ], - "summary": "Create a Logout URL for Browsers", + "summary": "# Create a Logout URL for Browsers", "operationId": "createSelfServiceLogoutFlowUrlForBrowsers", "parameters": [ { @@ -1359,7 +1359,7 @@ "tags": [ "v0alpha2" ], - "summary": "Complete Recovery Flow", + "summary": "# Complete Recovery Flow", "operationId": "submitSelfServiceRecoveryFlow", "parameters": [ { @@ -1465,7 +1465,7 @@ "tags": [ "v0alpha2" ], - "summary": "Initialize Recovery Flow for Browsers", + "summary": "# Initialize Recovery Flow for Browsers", "operationId": "initializeSelfServiceRecoveryFlowForBrowsers", "parameters": [ { @@ -1513,7 +1513,7 @@ "tags": [ "v0alpha2" ], - "summary": "Get Recovery Flow", + "summary": "# Get Recovery Flow", "operationId": "getSelfServiceRecoveryFlow", "parameters": [ { @@ -1575,7 +1575,7 @@ "tags": [ "v0alpha2" ], - "summary": "Submit a Registration Flow", + "summary": "# Submit a Registration Flow", "operationId": "submitSelfServiceRegistrationFlow", "parameters": [ { @@ -1684,7 +1684,7 @@ "tags": [ "v0alpha2" ], - "summary": "Initialize Registration Flow for Browsers", + "summary": "# Initialize Registration Flow for Browsers", "operationId": "initializeSelfServiceRegistrationFlowForBrowsers", "parameters": [ { @@ -1726,7 +1726,7 @@ "tags": [ "v0alpha2" ], - "summary": "Get Registration Flow", + "summary": "# Get Registration Flow", "operationId": "getSelfServiceRegistrationFlow", "parameters": [ { @@ -1799,7 +1799,7 @@ "tags": [ "v0alpha2" ], - "summary": "Complete Settings Flow", + "summary": "# Complete Settings Flow", "operationId": "submitSelfServiceSettingsFlow", "parameters": [ { @@ -1931,7 +1931,7 @@ "tags": [ "v0alpha2" ], - "summary": "Initialize Settings Flow for Browsers", + "summary": "# Initialize Settings Flow for Browsers", "operationId": "initializeSelfServiceSettingsFlowForBrowsers", "parameters": [ { @@ -1997,7 +1997,7 @@ "tags": [ "v0alpha2" ], - "summary": "Get Settings Flow", + "summary": "# Get Settings Flow", "operationId": "getSelfServiceSettingsFlow", "parameters": [ { @@ -2077,7 +2077,7 @@ "tags": [ "v0alpha2" ], - "summary": "Complete Verification Flow", + "summary": "# Complete Verification Flow", "operationId": "submitSelfServiceVerificationFlow", "parameters": [ { @@ -2183,7 +2183,7 @@ "tags": [ "v0alpha2" ], - "summary": "Initialize Verification Flow for Browser Clients", + "summary": "# Initialize Verification Flow for Browser Clients", "operationId": "initializeSelfServiceVerificationFlowForBrowsers", "parameters": [ { @@ -2225,7 +2225,7 @@ "tags": [ "v0alpha2" ], - "summary": "Get Verification Flow", + "summary": "# Get Verification Flow", "operationId": "getSelfServiceVerificationFlow", "parameters": [ { @@ -2420,7 +2420,7 @@ "tags": [ "v0alpha2" ], - "summary": "Check Who the Current HTTP Session Belongs To", + "summary": "# Check Who the Current HTTP Session Belongs To", "operationId": "toSession", "parameters": [ { From af32ba8485abe9c930c2900425208c00c7049e9a Mon Sep 17 00:00:00 2001 From: aeneasr <3372410+aeneasr@users.noreply.github.com> Date: Wed, 14 Sep 2022 18:52:19 +0000 Subject: [PATCH 258/411] chore: update repository templates [skip ci] - updated repository templates to https://github.com/ory/meta/commit/ac6bef904ee4d135b9d5ee85418716237cf09df0 --- .github/ISSUE_TEMPLATE/BUG-REPORT.yml | 50 ++-- .github/ISSUE_TEMPLATE/DESIGN-DOC.yml | 32 +- .github/ISSUE_TEMPLATE/FEATURE-REQUEST.yml | 30 +- .github/codeql/codeql-config.yml | 3 +- .github/config.yml | 2 +- .github/labels.json | 48 +-- .github/pull_request_template.md | 17 +- .github/workflows/ci.yaml | 15 +- .github/workflows/closed_references.yml | 6 +- .github/workflows/codeql-analysis.yml | 60 ++-- .github/workflows/milestone.yml | 6 +- .github/workflows/stale.yml | 10 +- CHANGELOG.md | 223 +++++++------- CONTRIBUTING.md | 24 +- README.md | 325 +++++++++++++++------ package-lock.json | 3 +- 16 files changed, 489 insertions(+), 365 deletions(-) diff --git a/.github/ISSUE_TEMPLATE/BUG-REPORT.yml b/.github/ISSUE_TEMPLATE/BUG-REPORT.yml index 7536eaa976be..ad9a73f3fbb2 100644 --- a/.github/ISSUE_TEMPLATE/BUG-REPORT.yml +++ b/.github/ISSUE_TEMPLATE/BUG-REPORT.yml @@ -1,17 +1,17 @@ -description: "Create a bug report" +description: 'Create a bug report' labels: - bug -name: "Bug Report" +name: 'Bug Report' body: - attributes: value: "Thank you for taking the time to fill out this bug report!\n" type: markdown - attributes: - label: "Preflight checklist" + label: 'Preflight checklist' options: - label: - "I could not find a solution in the existing issues, docs, nor - discussions." + 'I could not find a solution in the existing issues, docs, nor + discussions.' required: true - label: "I agree to follow this project's [Code of @@ -22,18 +22,18 @@ body: Guidelines](https://github.com/ory/kratos/blob/master/CONTRIBUTING.md)." required: true - label: - "This issue affects my [Ory Cloud](https://www.ory.sh/) project." + 'This issue affects my [Ory Cloud](https://www.ory.sh/) project.' - label: - "I have joined the [Ory Community Slack](https://slack.ory.sh)." + 'I have joined the [Ory Community Slack](https://slack.ory.sh).' - label: - "I am signed up to the [Ory Security Patch - Newsletter](https://ory.us10.list-manage.com/subscribe?u=ffb1a878e4ec6c0ed312a3480&id=f605a41b53)." + 'I am signed up to the [Ory Security Patch + Newsletter](https://ory.us10.list-manage.com/subscribe?u=ffb1a878e4ec6c0ed312a3480&id=f605a41b53).' id: checklist type: checkboxes - attributes: - description: "A clear and concise description of what the bug is." - label: "Describe the bug" - placeholder: "Tell us what you see!" + description: 'A clear and concise description of what the bug is.' + label: 'Describe the bug' + placeholder: 'Tell us what you see!' id: describe-bug type: textarea validations: @@ -47,17 +47,17 @@ body: 1. Run `docker run ....` 2. Make API Request to with `curl ...` 3. Request fails with response: `{"some": "error"}` - label: "Reproducing the bug" + label: 'Reproducing the bug' id: reproduce-bug type: textarea validations: required: true - attributes: description: - "Please copy and paste any relevant log output. This will be + 'Please copy and paste any relevant log output. This will be automatically formatted into code, so no need for backticks. Please - redact any sensitive information" - label: "Relevant log output" + redact any sensitive information' + label: 'Relevant log output' render: shell placeholder: | log=error .... @@ -65,10 +65,10 @@ body: type: textarea - attributes: description: - "Please copy and paste any relevant configuration. This will be + 'Please copy and paste any relevant configuration. This will be automatically formatted into code, so no need for backticks. Please - redact any sensitive information!" - label: "Relevant configuration" + redact any sensitive information!' + label: 'Relevant configuration' render: yml placeholder: | server: @@ -77,14 +77,14 @@ body: id: config type: textarea - attributes: - description: "What version of our software are you running?" + description: 'What version of our software are you running?' label: Version id: version type: input validations: required: true - attributes: - label: "On which operating system are you observing this issue?" + label: 'On which operating system are you observing this issue?' options: - Ory Cloud - macOS @@ -95,19 +95,19 @@ body: id: operating-system type: dropdown - attributes: - label: "In which environment are you deploying?" + label: 'In which environment are you deploying?' options: - Ory Cloud - Docker - - "Docker Compose" - - "Kubernetes with Helm" + - 'Docker Compose' + - 'Kubernetes with Helm' - Kubernetes - Binary - Other id: deployment type: dropdown - attributes: - description: "Add any other context about the problem here." + description: 'Add any other context about the problem here.' label: Additional Context id: additional type: textarea diff --git a/.github/ISSUE_TEMPLATE/DESIGN-DOC.yml b/.github/ISSUE_TEMPLATE/DESIGN-DOC.yml index 1dded7966f0b..e48e0df13f3f 100644 --- a/.github/ISSUE_TEMPLATE/DESIGN-DOC.yml +++ b/.github/ISSUE_TEMPLATE/DESIGN-DOC.yml @@ -1,8 +1,8 @@ description: - "A design document is needed for non-trivial changes to the code base." + 'A design document is needed for non-trivial changes to the code base.' labels: - rfc -name: "Design Document" +name: 'Design Document' body: - attributes: value: | @@ -18,11 +18,11 @@ body: after code reviews, and your pull requests will be merged faster. type: markdown - attributes: - label: "Preflight checklist" + label: 'Preflight checklist' options: - label: - "I could not find a solution in the existing issues, docs, nor - discussions." + 'I could not find a solution in the existing issues, docs, nor + discussions.' required: true - label: "I agree to follow this project's [Code of @@ -33,18 +33,18 @@ body: Guidelines](https://github.com/ory/kratos/blob/master/CONTRIBUTING.md)." required: true - label: - "This issue affects my [Ory Cloud](https://www.ory.sh/) project." + 'This issue affects my [Ory Cloud](https://www.ory.sh/) project.' - label: - "I have joined the [Ory Community Slack](https://slack.ory.sh)." + 'I have joined the [Ory Community Slack](https://slack.ory.sh).' - label: - "I am signed up to the [Ory Security Patch - Newsletter](https://ory.us10.list-manage.com/subscribe?u=ffb1a878e4ec6c0ed312a3480&id=f605a41b53)." + 'I am signed up to the [Ory Security Patch + Newsletter](https://ory.us10.list-manage.com/subscribe?u=ffb1a878e4ec6c0ed312a3480&id=f605a41b53).' id: checklist type: checkboxes - attributes: description: | This section gives the reader a very rough overview of the landscape in which the new system is being built and what is actually being built. This isn’t a requirements doc. Keep it succinct! The goal is that readers are brought up to speed but some previous knowledge can be assumed and detailed info can be linked to. This section should be entirely focused on objective background facts. - label: "Context and scope" + label: 'Context and scope' id: scope type: textarea validations: @@ -53,7 +53,7 @@ body: - attributes: description: | A short list of bullet points of what the goals of the system are, and, sometimes more importantly, what non-goals are. Note, that non-goals aren’t negated goals like “The system shouldn’t crash”, but rather things that could reasonably be goals, but are explicitly chosen not to be goals. A good example would be “ACID compliance”; when designing a database, you’d certainly want to know whether that is a goal or non-goal. And if it is a non-goal you might still select a solution that provides it, if it doesn’t introduce trade-offs that prevent achieving the goals. - label: "Goals and non-goals" + label: 'Goals and non-goals' id: goals type: textarea validations: @@ -65,7 +65,7 @@ body: The design doc is the place to write down the trade-offs you made in designing your software. Focus on those trade-offs to produce a useful document with long-term value. That is, given the context (facts), goals and non-goals (requirements), the design doc is the place to suggest solutions and show why a particular solution best satisfies those goals. The point of writing a document over a more formal medium is to provide the flexibility to express the problem set at hand in an appropriate manner. Because of this, there is no explicit guidance for how to actually describe the design. - label: "The design" + label: 'The design' id: design type: textarea validations: @@ -74,21 +74,21 @@ body: - attributes: description: | If the system under design exposes an API, then sketching out that API is usually a good idea. In most cases, however, one should withstand the temptation to copy-paste formal interface or data definitions into the doc as these are often verbose, contain unnecessary detail and quickly get out of date. Instead focus on the parts that are relevant to the design and its trade-offs. - label: "APIs" + label: 'APIs' id: apis type: textarea - attributes: description: | Systems that store data should likely discuss how and in what rough form this happens. Similar to the advice on APIs, and for the same reasons, copy-pasting complete schema definitions should be avoided. Instead focus on the parts that are relevant to the design and its trade-offs. - label: "Data storage" + label: 'Data storage' id: persistence type: textarea - attributes: description: | Design docs should rarely contain code, or pseudo-code except in situations where novel algorithms are described. As appropriate, link to prototypes that show the implementability of the design. - label: "Code and pseudo-code" + label: 'Code and pseudo-code' id: pseudocode type: textarea @@ -101,7 +101,7 @@ body: On the other end are systems where the possible solutions are very well defined, but it isn’t at all obvious how they could even be combined to achieve the goals. This may be a legacy system that is difficult to change and wasn’t designed to do what you want it to do or a library design that needs to operate within the constraints of the host programming language. In this situation you may be able to enumerate all the things you can do relatively easily, but you need to creatively put those things together to achieve the goals. There may be multiple solutions, and none of them are really great, and hence such a document should focus on selecting the best way given all identified trade-offs. - label: "Degree of constraint" + label: 'Degree of constraint' id: constrait type: textarea diff --git a/.github/ISSUE_TEMPLATE/FEATURE-REQUEST.yml b/.github/ISSUE_TEMPLATE/FEATURE-REQUEST.yml index af71f0896133..132862134e9e 100644 --- a/.github/ISSUE_TEMPLATE/FEATURE-REQUEST.yml +++ b/.github/ISSUE_TEMPLATE/FEATURE-REQUEST.yml @@ -1,8 +1,8 @@ description: - "Suggest an idea for this project without a plan for implementation" + 'Suggest an idea for this project without a plan for implementation' labels: - feat -name: "Feature Request" +name: 'Feature Request' body: - attributes: value: | @@ -11,11 +11,11 @@ body: If you already have a plan to implement a feature or a change, please create a [design document](https://github.com/aeneasr/gh-template-test/issues/new?assignees=&labels=rfc&template=DESIGN-DOC.yml) instead if the change is non-trivial! type: markdown - attributes: - label: "Preflight checklist" + label: 'Preflight checklist' options: - label: - "I could not find a solution in the existing issues, docs, nor - discussions." + 'I could not find a solution in the existing issues, docs, nor + discussions.' required: true - label: "I agree to follow this project's [Code of @@ -26,18 +26,18 @@ body: Guidelines](https://github.com/ory/kratos/blob/master/CONTRIBUTING.md)." required: true - label: - "This issue affects my [Ory Cloud](https://www.ory.sh/) project." + 'This issue affects my [Ory Cloud](https://www.ory.sh/) project.' - label: - "I have joined the [Ory Community Slack](https://slack.ory.sh)." + 'I have joined the [Ory Community Slack](https://slack.ory.sh).' - label: - "I am signed up to the [Ory Security Patch - Newsletter](https://ory.us10.list-manage.com/subscribe?u=ffb1a878e4ec6c0ed312a3480&id=f605a41b53)." + 'I am signed up to the [Ory Security Patch + Newsletter](https://ory.us10.list-manage.com/subscribe?u=ffb1a878e4ec6c0ed312a3480&id=f605a41b53).' id: checklist type: checkboxes - attributes: description: - "Is your feature request related to a problem? Please describe." - label: "Describe your problem" + 'Is your feature request related to a problem? Please describe.' + label: 'Describe your problem' placeholder: "A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]" @@ -50,20 +50,20 @@ body: Describe the solution you'd like placeholder: | A clear and concise description of what you want to happen. - label: "Describe your ideal solution" + label: 'Describe your ideal solution' id: solution type: textarea validations: required: true - attributes: description: "Describe alternatives you've considered" - label: "Workarounds or alternatives" + label: 'Workarounds or alternatives' id: alternatives type: textarea validations: required: true - attributes: - description: "What version of our software are you running?" + description: 'What version of our software are you running?' label: Version id: version type: input @@ -71,7 +71,7 @@ body: required: true - attributes: description: - "Add any other context or screenshots about the feature request here." + 'Add any other context or screenshots about the feature request here.' label: Additional Context id: additional type: textarea diff --git a/.github/codeql/codeql-config.yml b/.github/codeql/codeql-config.yml index 43b77c441e14..150e308daa68 100644 --- a/.github/codeql/codeql-config.yml +++ b/.github/codeql/codeql-config.yml @@ -1,5 +1,4 @@ - -name: "CodeQL config" +name: 'CodeQL config' queries: - uses: security-and-quality diff --git a/.github/config.yml b/.github/config.yml index ea335697979b..0d121fe184f9 100644 --- a/.github/config.yml +++ b/.github/config.yml @@ -1,3 +1,3 @@ todo: - keyword: "@todo" + keyword: '@todo' label: todo diff --git a/.github/labels.json b/.github/labels.json index 5172fc78be8b..8246b68d918b 100644 --- a/.github/labels.json +++ b/.github/labels.json @@ -2,79 +2,57 @@ { "name": "package/2fa", "color": "0A28FD", - "aliases": [ - "module:2fa" - ] + "aliases": ["module:2fa"] }, { "name": "package/cli", "color": "0A28FD", - "aliases": [ - "module:cli" - ] + "aliases": ["module:cli"] }, { "name": "package/courier", "color": "0A28FD", - "aliases": [ - "module:courier" - ] + "aliases": ["module:courier"] }, { "name": "package/courier", "color": "0A28FD", - "aliases": [ - "module:docs" - ] + "aliases": ["module:docs"] }, { "name": "package/selfservice/errorx", "color": "0A28FD", - "aliases": [ - "module:errorx" - ] + "aliases": ["module:errorx"] }, { "name": "package/identity", "color": "0A28FD", - "aliases": [ - "module:identity" - ] + "aliases": ["module:identity"] }, { "name": "package/persistence/sql", "color": "0A28FD", - "aliases": [ - "module:migrations" - ] + "aliases": ["module:migrations"] }, { "name": "package/selfservice", "color": "0A28FD", - "aliases": [ - "module:selfservice" - ] + "aliases": ["module:selfservice"] }, { "name": "package/selfservice/oidc", "color": "0A28FD", - "aliases": [ - "module:ss/oidc" - ] + "aliases": ["module:ss/oidc"] }, { "name": "package/selfservice/password", "color": "0A28FD", - "aliases": [ - "module:ss/password" - ] + "aliases": ["module:ss/password"] }, { "name": "package/selfservice/verification", "color": "0A28FD", - "aliases": [ - "module:verification" - ] + "aliases": ["module:verification"] }, { "name": "package/selfservice/recovery", @@ -84,8 +62,6 @@ { "name": "package/session", "color": "0A28FD", - "aliases": [ - "module:session" - ] + "aliases": ["module:session"] } ] diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md index 3d85438b24f5..6c2f057ac039 100644 --- a/.github/pull_request_template.md +++ b/.github/pull_request_template.md @@ -38,13 +38,18 @@ If you're unsure about any of them, don't hesitate to ask. We're here to help! --> - [ ] I have read the [contributing guidelines](../blob/master/CONTRIBUTING.md). -- [ ] I have referenced an issue containing the design document if my change introduces a new feature. -- [ ] I am following the [contributing code guidelines](../blob/master/CONTRIBUTING.md#contributing-code). +- [ ] I have referenced an issue containing the design document if my change + introduces a new feature. +- [ ] I am following the + [contributing code guidelines](../blob/master/CONTRIBUTING.md#contributing-code). - [ ] I have read the [security policy](../security/policy). -- [ ] I confirm that this pull request does not address a security vulnerability. - If this pull request addresses a security. vulnerability, - I confirm that I got green light (please contact [security@ory.sh](mailto:security@ory.sh)) from the maintainers to push the changes. -- [ ] I have added tests that prove my fix is effective or that my feature works. +- [ ] I confirm that this pull request does not address a security + vulnerability. If this pull request addresses a security. vulnerability, I + confirm that I got green light (please contact + [security@ory.sh](mailto:security@ory.sh)) from the maintainers to push + the changes. +- [ ] I have added tests that prove my fix is effective or that my feature + works. - [ ] I have added or changed [the documentation](https://github.com/ory/docs). ## Further Comments diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index f9b05910bd19..b96d74ca776b 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -42,14 +42,14 @@ jobs: ports: - 3306:3306 env: - TEST_MAILHOG_SMTP: "smtp://test:test@127.0.0.1:1025/?disable_starttls=true" + TEST_MAILHOG_SMTP: 'smtp://test:test@127.0.0.1:1025/?disable_starttls=true' TEST_MAILHOG_API: http://127.0.0.1:8025 TEST_SELFSERVICE_OIDC_HYDRA_ADMIN: http://localhost:4445 TEST_SELFSERVICE_OIDC_HYDRA_PUBLIC: http://localhost:4444 TEST_SELFSERVICE_OIDC_HYDRA_INTEGRATION_ADDR: http://127.0.0.1:4499 - TEST_DATABASE_POSTGRESQL: "postgres://test:test@localhost:5432/postgres?sslmode=disable" - TEST_DATABASE_MYSQL: "mysql://root:test@(localhost:3306)/mysql?parseTime=true&multiStatements=true" - TEST_DATABASE_COCKROACHDB: "cockroach://root@localhost:26257/defaultdb?sslmode=disable" + TEST_DATABASE_POSTGRESQL: 'postgres://test:test@localhost:5432/postgres?sslmode=disable' + TEST_DATABASE_MYSQL: 'mysql://root:test@(localhost:3306)/mysql?parseTime=true&multiStatements=true' + TEST_DATABASE_COCKROACHDB: 'cockroach://root@localhost:26257/defaultdb?sslmode=disable' steps: - run: | docker create --name cockroach -p 26257:26257 \ @@ -133,9 +133,9 @@ jobs: - 4437:4437 - 1025:1025 env: - TEST_DATABASE_POSTGRESQL: "postgres://test:test@localhost:5432/postgres?sslmode=disable" - TEST_DATABASE_MYSQL: "mysql://root:test@(localhost:3306)/mysql?parseTime=true&multiStatements=true" - TEST_DATABASE_COCKROACHDB: "cockroach://root@localhost:26257/defaultdb?sslmode=disable" + TEST_DATABASE_POSTGRESQL: 'postgres://test:test@localhost:5432/postgres?sslmode=disable' + TEST_DATABASE_MYSQL: 'mysql://root:test@(localhost:3306)/mysql?parseTime=true&multiStatements=true' + TEST_DATABASE_COCKROACHDB: 'cockroach://root@localhost:26257/defaultdb?sslmode=disable' strategy: matrix: database: ['postgres', 'cockroach', 'sqlite', 'mysql'] @@ -193,7 +193,6 @@ jobs: name: logs path: test/e2e/*.e2e.log - docs-cli: runs-on: ubuntu-latest name: Build CLI docs diff --git a/.github/workflows/closed_references.yml b/.github/workflows/closed_references.yml index 2789ac42c2c7..ebafc8a71af4 100644 --- a/.github/workflows/closed_references.yml +++ b/.github/workflows/closed_references.yml @@ -2,13 +2,13 @@ name: Closed Reference Notifier on: schedule: - - cron: "0 0 * * *" + - cron: '0 0 * * *' workflow_dispatch: inputs: issueLimit: description: Max. number of issues to create required: true - default: "5" + default: '5' jobs: find_closed_references: @@ -19,7 +19,7 @@ jobs: - uses: actions/checkout@v2 - uses: actions/setup-node@v2-beta with: - node-version: "14" + node-version: '14' - uses: ory/closed-reference-notifier@v1 with: token: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 51a257754308..5748d218807d 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -9,14 +9,14 @@ # the `language` matrix defined below to confirm you have the correct set of # supported CodeQL languages. # -name: "CodeQL" +name: 'CodeQL' on: push: - branches: [ master ] + branches: [master] pull_request: # The branches below must be a subset of the branches above - branches: [ master ] + branches: [master] schedule: - cron: '26 21 * * 3' @@ -28,41 +28,41 @@ jobs: strategy: fail-fast: false matrix: - language: [ 'go', 'javascript' ] + language: ['go', 'javascript'] # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python' ] # Learn more: # https://docs.github.com/en/free-pro-team@latest/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#changing-the-languages-that-are-analyzed steps: - - name: Checkout repository - uses: actions/checkout@v2 + - name: Checkout repository + uses: actions/checkout@v2 - # Initializes the CodeQL tools for scanning. - - name: Initialize CodeQL - uses: github/codeql-action/init@v1 - with: - languages: ${{ matrix.language }} - config-file: ./.github/codeql/codeql-config.yml - # If you wish to specify custom queries, you can do so here or in a config file. - # By default, queries listed here will override any specified in a config file. - # Prefix the list here with "+" to use these queries and those in the config file. - # queries: ./path/to/local/query, your-org/your-repo/queries@main + # Initializes the CodeQL tools for scanning. + - name: Initialize CodeQL + uses: github/codeql-action/init@v1 + with: + languages: ${{ matrix.language }} + config-file: ./.github/codeql/codeql-config.yml + # If you wish to specify custom queries, you can do so here or in a config file. + # By default, queries listed here will override any specified in a config file. + # Prefix the list here with "+" to use these queries and those in the config file. + # queries: ./path/to/local/query, your-org/your-repo/queries@main - # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). - # If this step fails, then you should remove it and run the build manually (see below) - - name: Autobuild - uses: github/codeql-action/autobuild@v1 + # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). + # If this step fails, then you should remove it and run the build manually (see below) + - name: Autobuild + uses: github/codeql-action/autobuild@v1 - # ℹ️ Command-line programs to run using the OS shell. - # 📚 https://git.io/JvXDl + # ℹ️ Command-line programs to run using the OS shell. + # 📚 https://git.io/JvXDl - # ✏️ If the Autobuild fails above, remove it and uncomment the following three lines - # and modify them (or add more) to build your code if your project - # uses a compiled language + # ✏️ If the Autobuild fails above, remove it and uncomment the following three lines + # and modify them (or add more) to build your code if your project + # uses a compiled language - #- run: | - # make bootstrap - # make release + #- run: | + # make bootstrap + # make release - - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v1 + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v1 diff --git a/.github/workflows/milestone.yml b/.github/workflows/milestone.yml index fb47e4a78f0f..b4a30699f010 100644 --- a/.github/workflows/milestone.yml +++ b/.github/workflows/milestone.yml @@ -3,7 +3,7 @@ name: Generate and Publish Milestone Document on: workflow_dispatch: schedule: - - cron: "0 0 * * *" + - cron: '0 0 * * *' jobs: milestone: @@ -23,8 +23,8 @@ jobs: - name: Commit Milestone Documentation uses: EndBug/add-and-commit@v4.4.0 with: - message: "autogen(docs): update milestone document" + message: 'autogen(docs): update milestone document' author_name: aeneasr - author_email: "3372410+aeneasr@users.noreply.github.com" + author_email: '3372410+aeneasr@users.noreply.github.com' env: GITHUB_TOKEN: ${{ secrets.TOKEN_PRIVILEGED }} diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml index eb36db174bba..395cb69206da 100644 --- a/.github/workflows/stale.yml +++ b/.github/workflows/stale.yml @@ -1,8 +1,8 @@ -name: "Close Stale Issues" +name: 'Close Stale Issues' on: workflow_dispatch: schedule: - - cron: "0 0 * * *" + - cron: '0 0 * * *' jobs: stale: @@ -35,10 +35,10 @@ jobs: Thank you for your understanding and to anyone who participated in the conversation! And as written above, please do participate in the conversation if this topic is important to you! Thank you 🙏✌️ - stale-issue-label: "stale" - exempt-issue-labels: "bug,blocking,docs,backlog" + stale-issue-label: 'stale' + exempt-issue-labels: 'bug,blocking,docs,backlog' days-before-stale: 365 days-before-close: 30 exempt-milestones: true exempt-assignees: true - only-pr-labels: "stale" + only-pr-labels: 'stale' diff --git a/CHANGELOG.md b/CHANGELOG.md index e102f286f62b..73b129a56973 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,7 @@ + **Table of Contents** - [ (2022-09-11)](#2022-09-11) @@ -13,8 +14,8 @@ - [Reverts](#reverts) - [Tests](#tests) - [0.10.1 (2022-06-01)](#0101-2022-06-01) - - [Bug Fixes](#bug-fixes-1) - - [Code Generation](#code-generation) + - [Bug Fixes](#bug-fixes-1) + - [Code Generation](#code-generation) - [0.10.0 (2022-05-30)](#0100-2022-05-30) - [Breaking Changes](#breaking-changes-1) - [Bug Fixes](#bug-fixes-2) @@ -30,8 +31,8 @@ - [Code Generation](#code-generation-2) - [Documentation](#documentation-2) - [0.9.0-alpha.2 (2022-03-22)](#090-alpha2-2022-03-22) - - [Bug Fixes](#bug-fixes-4) - - [Code Generation](#code-generation-3) + - [Bug Fixes](#bug-fixes-4) + - [Code Generation](#code-generation-3) - [0.9.0-alpha.1 (2022-03-21)](#090-alpha1-2022-03-21) - [Breaking Changes](#breaking-changes-3) - [Bug Fixes](#bug-fixes-5) @@ -42,9 +43,9 @@ - [Tests](#tests-2) - [Unclassified](#unclassified-1) - [0.8.2-alpha.1 (2021-12-17)](#082-alpha1-2021-12-17) - - [Bug Fixes](#bug-fixes-6) - - [Code Generation](#code-generation-5) - - [Documentation](#documentation-4) + - [Bug Fixes](#bug-fixes-6) + - [Code Generation](#code-generation-5) + - [Documentation](#documentation-4) - [0.8.1-alpha.1 (2021-12-13)](#081-alpha1-2021-12-13) - [Breaking Changes](#breaking-changes-4) - [Bug Fixes](#bug-fixes-7) @@ -53,10 +54,10 @@ - [Features](#features-3) - [Tests](#tests-3) - [0.8.0-alpha.3 (2021-10-28)](#080-alpha3-2021-10-28) - - [Bug Fixes](#bug-fixes-8) - - [Code Generation](#code-generation-7) + - [Bug Fixes](#bug-fixes-8) + - [Code Generation](#code-generation-7) - [0.8.0-alpha.2 (2021-10-28)](#080-alpha2-2021-10-28) - - [Code Generation](#code-generation-8) + - [Code Generation](#code-generation-8) - [0.8.0-alpha.1 (2021-10-27)](#080-alpha1-2021-10-27) - [Breaking Changes](#breaking-changes-5) - [Bug Fixes](#bug-fixes-9) @@ -68,25 +69,25 @@ - [Tests](#tests-4) - [Unclassified](#unclassified-2) - [0.7.6-alpha.1 (2021-09-12)](#076-alpha1-2021-09-12) - - [Code Generation](#code-generation-10) + - [Code Generation](#code-generation-10) - [0.7.5-alpha.1 (2021-09-11)](#075-alpha1-2021-09-11) - - [Code Generation](#code-generation-11) + - [Code Generation](#code-generation-11) - [0.7.4-alpha.1 (2021-09-09)](#074-alpha1-2021-09-09) - - [Bug Fixes](#bug-fixes-10) - - [Code Generation](#code-generation-12) - - [Documentation](#documentation-7) - - [Features](#features-5) - - [Tests](#tests-5) + - [Bug Fixes](#bug-fixes-10) + - [Code Generation](#code-generation-12) + - [Documentation](#documentation-7) + - [Features](#features-5) + - [Tests](#tests-5) - [0.7.3-alpha.1 (2021-08-28)](#073-alpha1-2021-08-28) - - [Bug Fixes](#bug-fixes-11) - - [Code Generation](#code-generation-13) - - [Documentation](#documentation-8) - - [Features](#features-6) + - [Bug Fixes](#bug-fixes-11) + - [Code Generation](#code-generation-13) + - [Documentation](#documentation-8) + - [Features](#features-6) - [0.7.1-alpha.1 (2021-07-22)](#071-alpha1-2021-07-22) - - [Bug Fixes](#bug-fixes-12) - - [Code Generation](#code-generation-14) - - [Documentation](#documentation-9) - - [Tests](#tests-6) + - [Bug Fixes](#bug-fixes-12) + - [Code Generation](#code-generation-14) + - [Documentation](#documentation-9) + - [Tests](#tests-6) - [0.7.0-alpha.1 (2021-07-13)](#070-alpha1-2021-07-13) - [Breaking Changes](#breaking-changes-6) - [Bug Fixes](#bug-fixes-13) @@ -102,15 +103,15 @@ - [Code Generation](#code-generation-16) - [Code Refactoring](#code-refactoring-5) - [0.6.2-alpha.1 (2021-05-14)](#062-alpha1-2021-05-14) - - [Code Generation](#code-generation-17) - - [Documentation](#documentation-11) + - [Code Generation](#code-generation-17) + - [Documentation](#documentation-11) - [0.6.1-alpha.1 (2021-05-11)](#061-alpha1-2021-05-11) - - [Code Generation](#code-generation-18) - - [Features](#features-8) + - [Code Generation](#code-generation-18) + - [Features](#features-8) - [0.6.0-alpha.2 (2021-05-07)](#060-alpha2-2021-05-07) - - [Bug Fixes](#bug-fixes-15) - - [Code Generation](#code-generation-19) - - [Features](#features-9) + - [Bug Fixes](#bug-fixes-15) + - [Code Generation](#code-generation-19) + - [Features](#features-9) - [0.6.0-alpha.1 (2021-05-05)](#060-alpha1-2021-05-05) - [Breaking Changes](#breaking-changes-8) - [Bug Fixes](#bug-fixes-16) @@ -121,36 +122,36 @@ - [Tests](#tests-8) - [Unclassified](#unclassified-4) - [0.5.5-alpha.1 (2020-12-09)](#055-alpha1-2020-12-09) - - [Bug Fixes](#bug-fixes-17) - - [Code Generation](#code-generation-21) - - [Documentation](#documentation-13) - - [Features](#features-11) - - [Tests](#tests-9) - - [Unclassified](#unclassified-5) + - [Bug Fixes](#bug-fixes-17) + - [Code Generation](#code-generation-21) + - [Documentation](#documentation-13) + - [Features](#features-11) + - [Tests](#tests-9) + - [Unclassified](#unclassified-5) - [0.5.4-alpha.1 (2020-11-11)](#054-alpha1-2020-11-11) - - [Bug Fixes](#bug-fixes-18) - - [Code Generation](#code-generation-22) - - [Code Refactoring](#code-refactoring-7) - - [Documentation](#documentation-14) - - [Features](#features-12) + - [Bug Fixes](#bug-fixes-18) + - [Code Generation](#code-generation-22) + - [Code Refactoring](#code-refactoring-7) + - [Documentation](#documentation-14) + - [Features](#features-12) - [0.5.3-alpha.1 (2020-10-27)](#053-alpha1-2020-10-27) - - [Bug Fixes](#bug-fixes-19) - - [Code Generation](#code-generation-23) - - [Documentation](#documentation-15) - - [Features](#features-13) - - [Tests](#tests-10) + - [Bug Fixes](#bug-fixes-19) + - [Code Generation](#code-generation-23) + - [Documentation](#documentation-15) + - [Features](#features-13) + - [Tests](#tests-10) - [0.5.2-alpha.1 (2020-10-22)](#052-alpha1-2020-10-22) - - [Bug Fixes](#bug-fixes-20) - - [Code Generation](#code-generation-24) - - [Documentation](#documentation-16) - - [Tests](#tests-11) + - [Bug Fixes](#bug-fixes-20) + - [Code Generation](#code-generation-24) + - [Documentation](#documentation-16) + - [Tests](#tests-11) - [0.5.1-alpha.1 (2020-10-20)](#051-alpha1-2020-10-20) - - [Bug Fixes](#bug-fixes-21) - - [Code Generation](#code-generation-25) - - [Documentation](#documentation-17) - - [Features](#features-14) - - [Tests](#tests-12) - - [Unclassified](#unclassified-6) + - [Bug Fixes](#bug-fixes-21) + - [Code Generation](#code-generation-25) + - [Documentation](#documentation-17) + - [Features](#features-14) + - [Tests](#tests-12) + - [Unclassified](#unclassified-6) - [0.5.0-alpha.1 (2020-10-15)](#050-alpha1-2020-10-15) - [Breaking Changes](#breaking-changes-9) - [Bug Fixes](#bug-fixes-22) @@ -161,21 +162,21 @@ - [Tests](#tests-13) - [Unclassified](#unclassified-7) - [0.4.6-alpha.1 (2020-07-13)](#046-alpha1-2020-07-13) - - [Bug Fixes](#bug-fixes-23) - - [Code Generation](#code-generation-27) + - [Bug Fixes](#bug-fixes-23) + - [Code Generation](#code-generation-27) - [0.4.5-alpha.1 (2020-07-13)](#045-alpha1-2020-07-13) - - [Bug Fixes](#bug-fixes-24) - - [Code Generation](#code-generation-28) + - [Bug Fixes](#bug-fixes-24) + - [Code Generation](#code-generation-28) - [0.4.4-alpha.1 (2020-07-10)](#044-alpha1-2020-07-10) - - [Bug Fixes](#bug-fixes-25) - - [Code Generation](#code-generation-29) - - [Documentation](#documentation-19) + - [Bug Fixes](#bug-fixes-25) + - [Code Generation](#code-generation-29) + - [Documentation](#documentation-19) - [0.4.3-alpha.1 (2020-07-08)](#043-alpha1-2020-07-08) - - [Bug Fixes](#bug-fixes-26) - - [Code Generation](#code-generation-30) + - [Bug Fixes](#bug-fixes-26) + - [Code Generation](#code-generation-30) - [0.4.2-alpha.1 (2020-07-08)](#042-alpha1-2020-07-08) - - [Bug Fixes](#bug-fixes-27) - - [Code Generation](#code-generation-31) + - [Bug Fixes](#bug-fixes-27) + - [Code Generation](#code-generation-31) - [0.4.0-alpha.1 (2020-07-08)](#040-alpha1-2020-07-08) - [Breaking Changes](#breaking-changes-10) - [Bug Fixes](#bug-fixes-28) @@ -193,8 +194,8 @@ - [Features](#features-17) - [Unclassified](#unclassified-9) - [0.2.1-alpha.1 (2020-05-05)](#021-alpha1-2020-05-05) - - [Chores](#chores-1) - - [Documentation](#documentation-22) + - [Chores](#chores-1) + - [Documentation](#documentation-22) - [0.2.0-alpha.2 (2020-05-04)](#020-alpha2-2020-05-04) - [Breaking Changes](#breaking-changes-12) - [Bug Fixes](#bug-fixes-30) @@ -204,63 +205,63 @@ - [Features](#features-18) - [Unclassified](#unclassified-10) - [0.1.1-alpha.1 (2020-02-18)](#011-alpha1-2020-02-18) - - [Bug Fixes](#bug-fixes-31) - - [Code Refactoring](#code-refactoring-12) - - [Documentation](#documentation-24) + - [Bug Fixes](#bug-fixes-31) + - [Code Refactoring](#code-refactoring-12) + - [Documentation](#documentation-24) - [0.1.0-alpha.6 (2020-02-16)](#010-alpha6-2020-02-16) - - [Bug Fixes](#bug-fixes-32) - - [Code Refactoring](#code-refactoring-13) - - [Documentation](#documentation-25) - - [Features](#features-19) + - [Bug Fixes](#bug-fixes-32) + - [Code Refactoring](#code-refactoring-13) + - [Documentation](#documentation-25) + - [Features](#features-19) - [0.1.0-alpha.5 (2020-02-06)](#010-alpha5-2020-02-06) - - [Documentation](#documentation-26) - - [Features](#features-20) + - [Documentation](#documentation-26) + - [Features](#features-20) - [0.1.0-alpha.4 (2020-02-06)](#010-alpha4-2020-02-06) - - [Continuous Integration](#continuous-integration) - - [Documentation](#documentation-27) + - [Continuous Integration](#continuous-integration) + - [Documentation](#documentation-27) - [0.1.0-alpha.3 (2020-02-06)](#010-alpha3-2020-02-06) - - [Continuous Integration](#continuous-integration-1) + - [Continuous Integration](#continuous-integration-1) - [0.1.0-alpha.2 (2020-02-03)](#010-alpha2-2020-02-03) - - [Bug Fixes](#bug-fixes-33) - - [Documentation](#documentation-28) - - [Features](#features-21) - - [Unclassified](#unclassified-11) + - [Bug Fixes](#bug-fixes-33) + - [Documentation](#documentation-28) + - [Features](#features-21) + - [Unclassified](#unclassified-11) - [0.1.0-alpha.1 (2020-01-31)](#010-alpha1-2020-01-31) - - [Documentation](#documentation-29) + - [Documentation](#documentation-29) - [0.0.3-alpha.15 (2020-01-31)](#003-alpha15-2020-01-31) - - [Unclassified](#unclassified-12) + - [Unclassified](#unclassified-12) - [0.0.3-alpha.14 (2020-01-31)](#003-alpha14-2020-01-31) - - [Unclassified](#unclassified-13) + - [Unclassified](#unclassified-13) - [0.0.3-alpha.13 (2020-01-31)](#003-alpha13-2020-01-31) - - [Unclassified](#unclassified-14) + - [Unclassified](#unclassified-14) - [0.0.3-alpha.11 (2020-01-31)](#003-alpha11-2020-01-31) - - [Unclassified](#unclassified-15) + - [Unclassified](#unclassified-15) - [0.0.3-alpha.10 (2020-01-31)](#003-alpha10-2020-01-31) - - [Unclassified](#unclassified-16) + - [Unclassified](#unclassified-16) - [0.0.3-alpha.7 (2020-01-30)](#003-alpha7-2020-01-30) - - [Unclassified](#unclassified-17) + - [Unclassified](#unclassified-17) - [0.0.3-alpha.5 (2020-01-30)](#003-alpha5-2020-01-30) - - [Continuous Integration](#continuous-integration-2) - - [Unclassified](#unclassified-18) + - [Continuous Integration](#continuous-integration-2) + - [Unclassified](#unclassified-18) - [0.0.3-alpha.4 (2020-01-30)](#003-alpha4-2020-01-30) - - [Unclassified](#unclassified-19) + - [Unclassified](#unclassified-19) - [0.0.3-alpha.2 (2020-01-30)](#003-alpha2-2020-01-30) - - [Unclassified](#unclassified-20) + - [Unclassified](#unclassified-20) - [0.0.3-alpha.1 (2020-01-30)](#003-alpha1-2020-01-30) - - [Unclassified](#unclassified-21) + - [Unclassified](#unclassified-21) - [0.0.1-alpha.9 (2020-01-29)](#001-alpha9-2020-01-29) - - [Continuous Integration](#continuous-integration-3) + - [Continuous Integration](#continuous-integration-3) - [0.0.2-alpha.1 (2020-01-29)](#002-alpha1-2020-01-29) - - [Unclassified](#unclassified-22) + - [Unclassified](#unclassified-22) - [0.0.1-alpha.6 (2020-01-29)](#001-alpha6-2020-01-29) - - [Continuous Integration](#continuous-integration-4) + - [Continuous Integration](#continuous-integration-4) - [0.0.1-alpha.5 (2020-01-29)](#001-alpha5-2020-01-29) - - [Continuous Integration](#continuous-integration-5) - - [Unclassified](#unclassified-23) + - [Continuous Integration](#continuous-integration-5) + - [Unclassified](#unclassified-23) - [0.0.1-alpha.3 (2020-01-28)](#001-alpha3-2020-01-28) - - [Continuous Integration](#continuous-integration-6) - - [Documentation](#documentation-30) - - [Unclassified](#unclassified-24) + - [Continuous Integration](#continuous-integration-6) + - [Documentation](#documentation-30) + - [Unclassified](#unclassified-24) @@ -3448,15 +3449,15 @@ We also streamlined how credentials are used. We now differentiate between: const kratos = new V0Alpha0( new Configuration({ basePath: config.kratos.admin, - accessToken: "some-token", - }), + accessToken: 'some-token' + }) ) kratosAdmin.adminCreateIdentity({ - schema_id: "default", + schema_id: 'default', traits: { /* ... */ - }, + } }) ``` diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 1bd379680b0e..17fb09f446b2 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -30,8 +30,8 @@ https://github.com/ory/meta/blob/master/templates/repository/common/CONTRIBUTING ## Introduction _Please note_: We take Ory Kratos's security and our users' trust very -seriously. If you believe you have found a security issue in Ory Kratos, -please disclose by contacting us at security@ory.sh. +seriously. If you believe you have found a security issue in Ory Kratos, please +disclose by contacting us at security@ory.sh. There are many ways in which you can contribute. The goal of this document is to provide a high-level overview of how you can get involved in Ory. @@ -47,11 +47,9 @@ contributions, and don't want a wall of rules to get in the way of that. That said, if you want to ensure that a pull request is likely to be merged, talk to us! You can find out our thoughts and ensure that your contribution -won't clash with Ory -Kratos's direction. A great way to -do this is via -[Ory Kratos Discussions](https://github.com/ory/kratos/discussions) -or the [Ory Chat](https://www.ory.sh/chat). +won't clash with Ory Kratos's direction. A great way to do this is via +[Ory Kratos Discussions](https://github.com/ory/kratos/discussions) or the +[Ory Chat](https://www.ory.sh/chat). ## FAQ @@ -68,8 +66,7 @@ or the [Ory Chat](https://www.ory.sh/chat). - I want to talk to other Ory Kratos users. [How can I become a part of the community?](#communication) -- I would like to know what I am agreeing to when I contribute to Ory - Kratos. +- I would like to know what I am agreeing to when I contribute to Ory Kratos. Does Ory have [a Contributors License Agreement?](https://cla-assistant.io/ory/kratos) @@ -119,8 +116,9 @@ to help out: We use [Slack](https://www.ory.sh/chat). You are welcome to drop in and ask questions, discuss bugs and feature requests, talk to other users of Ory, etc. -Check out [Ory Kratos Discussions](https://github.com/ory/kratos/discussions). This is a great place for -in-depth discussions and lots of code examples, logs and similar data. +Check out [Ory Kratos Discussions](https://github.com/ory/kratos/discussions). +This is a great place for in-depth discussions and lots of code examples, logs +and similar data. You can also join our community calls, if you want to speak to the Ory team directly or ask some questions. You can find more info and participate in @@ -185,10 +183,6 @@ request, go through this checklist: Please refer to this [list of prefixes for Kratos](https://github.com/ory/kratos/blob/master/.github/semantic.yml) for an overview. -1. Sign-up with CircleCI so that it has access to your repository with the - branch containing your PR. Simply creating a CircleCI account is sufficient - for the CI jobs to run, you do not need to setup a CircleCI project for the - branch. If a pull request is not ready to be reviewed yet [it should be marked as a "Draft"](https://docs.github.com/en/github/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/changing-the-stage-of-a-pull-request). diff --git a/README.md b/README.md index 7a3dce3f435a..ab74c72d6615 100644 --- a/README.md +++ b/README.md @@ -22,14 +22,18 @@ -Ory Kratos is the first cloud native Identity and User Management System in the world. Finally, it is no longer necessary to implement a User Login process for the umpteenth time! +Ory Kratos is the first cloud native Identity and User Management System in the +world. Finally, it is no longer necessary to implement a User Login process for +the umpteenth time! ## Ory Kratos in Ory Cloud -The easiest way to get started with Ory Software is in Ory Cloud! -Ory Cloud is [**free forever for developers**](https://console.ory.sh/registration?utm_source=github&utm_medium=banner&utm_campaign=kratos-readme), no credit card required. +The easiest way to get started with Ory Software is in Ory Cloud! Ory Cloud is +[**free forever for developers**](https://console.ory.sh/registration?utm_source=github&utm_medium=banner&utm_campaign=kratos-readme), +no credit card required. -Install the [Ory CLI](https://www.ory.sh/docs/guides/cli/installation) and create a new project to get started with Ory Kratos right away: +Install the [Ory CLI](https://www.ory.sh/docs/guides/cli/installation) and +create a new project to get started with Ory Kratos right away: ``` # If you don't have Ory CLI installed yet: @@ -43,10 +47,13 @@ ory auth ory create project ``` -Ory Cloud ships administrative user interfaces, hosted pages (e.g. for login or registration), support for custom domains, collaborative features for your colleagues, integration services, and much more! +Ory Cloud ships administrative user interfaces, hosted pages (e.g. for login or +registration), support for custom domains, collaborative features for your +colleagues, integration services, and much more! + **Table of Contents** - [What is Ory Kratos?](#what-is-ory-kratos) @@ -105,9 +112,10 @@ deal with: addresses, linked social profiles using secure flows. - **Admin APIs**: Import, update, delete identities. -We highly recommend reading the [Ory Kratos introduction docs](https://www.ory.sh/kratos/docs/) -to learn more about Ory Krato's background, feature set, and differentiation -from other products. +We highly recommend reading the +[Ory Kratos introduction docs](https://www.ory.sh/kratos/docs/) to learn more +about Ory Krato's background, feature set, and differentiation from other +products. ### Who is using it? @@ -142,159 +150,322 @@ that your company deserves a spot here, reach out to Sponsor Raspberry PI Foundation - Raspberry PI Foundation + + + + Raspberry PI Foundation + + raspberrypi.org Contributor Kyma Project - Kyma Project + + + + Kyma Project + + kyma-project.io Sponsor Tulip - Tulip Retail + + + + Tulip Retail + + tulip.com Sponsor Cashdeck / All My Funds - All My Funds + + + + All My Funds + + cashdeck.com.au Contributor Hootsuite - Hootsuite + + + + Hootsuite + + hootsuite.com Adopter * Segment - Segment + + + + Segment + + segment.com Adopter * Arduino - Arduino + + + + Arduino + + arduino.cc Adopter * DataDetect - Datadetect + + + + Datadetect + + unifiedglobalarchiving.com/data-detect/ Adopter * Sainsbury's - Sainsbury's + + + + Sainsbury's + + sainsburys.co.uk Adopter * Contraste - Contraste + + + + Contraste + + contraste.com Adopter * Reyah - Reyah + + + + Reyah + + reyah.eu Adopter * Zero - Project Zero by Commit + + + + Project Zero by Commit + + getzero.dev Adopter * Padis - Padis + + + + Padis + + padis.io Adopter * Cloudbear - Cloudbear + + + + Cloudbear + + cloudbear.eu Adopter * Security Onion Solutions - Security Onion Solutions + + + + Security Onion Solutions + + securityonionsolutions.com Adopter * Factly - Factly + + + + Factly + + factlylabs.com Adopter * Nortal - Nortal + + + + Nortal + + nortal.com Sponsor OrderMyGear - OrderMyGear + + + + OrderMyGear + + ordermygear.com Sponsor Spiri.bo - Spiri.bo + + + + Spiri.bo + + spiri.bo Sponsor Strivacity - Strivacity + + + + Spiri.bo + + strivacity.com Adopter * Hanko - Hanko + + + + Hanko + + hanko.io Adopter * Rabbit - Rabbit + + + + Rabbit + + rabbit.co.th Adopter * inMusic - InMusic + + + + InMusic + + inmusicbrands.com Adopter * Buhta - Buhta + + + + Buhta + + buhta.com Adopter * Connctd - Connctd + + + + Connctd + + connctd.com Adopter * Paralus - Paralus + + + + Paralus + + paralus.io + + Adopter * + TIER IV + + + + TIER IV + + + tier4.jp + + + Adopter * + R2Devops + + + + R2Devops + + + r2devops.io + + + Adopter * + LunaSec + + + + LunaSec + + + lunasec.io + @@ -315,31 +486,17 @@ TheCrealm. - - - - - - - - - - - - - - - - - - ## Getting Started -To get started with some easy examples, head over to the [Get Started Documentation](https://www.ory.sh/docs/guides/protect-page-login/). +To get started with some easy examples, head over to the +[Get Started Documentation](https://www.ory.sh/docs/guides/protect-page-login/). ### Installation -Head over to the [Ory Developer Documentation](https://www.ory.sh/kratos/docs/install) to learn how to install Ory Kratos on Linux, macOS, Windows, and Docker and how to build Ory Kratos from source. +Head over to the +[Ory Developer Documentation](https://www.ory.sh/kratos/docs/install) to learn +how to install Ory Kratos on Linux, macOS, Windows, and Docker and how to build +Ory Kratos from source. ## Ecosystem @@ -393,36 +550,21 @@ to perform a certain action on a resource. - - - - - - - - - - - - - - - - - ## Security -Running identity infrastructure requires [attention and knowledge of threat models](https://www.ory.sh/kratos/docs/concepts/security). +Running identity infrastructure requires +[attention and knowledge of threat models](https://www.ory.sh/kratos/docs/concepts/security). ### Disclosing vulnerabilities -If you think you found a security vulnerability, please refrain from posting it publicly on the forums, the chat, or GitHub -and send us an email to [hi@ory.am](mailto:hi@ory.sh) instead. +If you think you found a security vulnerability, please refrain from posting it +publicly on the forums, the chat, or GitHub and send us an email to +[hi@ory.am](mailto:hi@ory.sh) instead. ## Telemetry -Ory's services collect summarized, anonymized data that can optionally be turned off. Click -[here](https://www.ory.sh/docs/ecosystem/sqa) to learn more. +Ory's services collect summarized, anonymized data that can optionally be turned +off. Click [here](https://www.ory.sh/docs/ecosystem/sqa) to learn more. ## Documentation @@ -436,8 +578,10 @@ The HTTP API is documented [here](https://www.ory.sh/kratos/docs/sdk/api). ### Upgrading and Changelog -New releases might introduce breaking changes. To help you identify and incorporate those changes, we document these -changes in the [CHANGELOG.md](./CHANGELOG.md). For upgrading, please visit the [upgrade guide](https://www.ory.sh/kratos/docs/guides/upgrade). +New releases might introduce breaking changes. To help you identify and +incorporate those changes, we document these changes in the +[CHANGELOG.md](./CHANGELOG.md). For upgrading, please visit the +[upgrade guide](https://www.ory.sh/kratos/docs/guides/upgrade). ### Command line documentation @@ -446,7 +590,8 @@ Run kratos -h or ### Develop -We encourage all contributions and encourage you to read our [contribution guidelines](./CONTRIBUTING.md) +We encourage all contributions and encourage you to read our +[contribution guidelines](./CONTRIBUTING.md) #### Dependencies @@ -456,7 +601,8 @@ You need Go 1.16+ and (for the test suites): - Makefile - NodeJS / npm -It is possible to develop Ory Kratos on Windows, but please be aware that all guides assume a Unix shell like bash or zsh. +It is possible to develop Ory Kratos on Windows, but please be aware that all +guides assume a Unix shell like bash or zsh. #### Install from source @@ -466,7 +612,8 @@ make install #### Formatting Code -You can format all code using make format. Our CI checks if your code is properly formatted. +You can format all code using make format. Our +CI checks if your code is properly formatted. #### Running Tests @@ -492,9 +639,10 @@ cd client; go test -tags sqlite -short . ##### Regular Tests -Regular tests require a database set up. Our test suite is able to work with docker directly (using [ory/dockertest](https://github.com/ory/dockertest)) -but we encourage to use the Makefile instead. Using dockertest can bloat the number of Docker Images on your system -and are quite slow. Instead we recommend doing: +Regular tests require a database set up. Our test suite is able to work with +docker directly (using [ory/dockertest](https://github.com/ory/dockertest)) but +we encourage to use the Makefile instead. Using dockertest can bloat the number +of Docker Images on your system and are quite slow. Instead we recommend doing: 
 make test
@@ -579,10 +727,13 @@ it.only('invalid remote recovery email template', () => {
 
 **Run a subset of tests**
 
-This will require editing the `cypress.json` file located in the `test/e2e/` folder.
+This will require editing the `cypress.json` file located in the `test/e2e/`
+folder.
+
+Add the `testFiles` option and specify the test to run inside the
+`cypress/integration` folder. As an example we will add only the `network`
+tests.
 
-Add the `testFiles` option and specify the test to run inside the `cypress/integration` folder.
-As an example we will add only the `network` tests.
 ```json
 "testFiles": ["profiles/network/*"],
 ```
diff --git a/package-lock.json b/package-lock.json
index de6603327384..4d6d08500f34 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -5737,8 +5737,7 @@
       "version": "7.5.7",
       "resolved": "https://registry.npmjs.org/ws/-/ws-7.5.7.tgz",
       "integrity": "sha512-KMvVuFzpKBuiIXW3E4u3mySRO2/mCHSyZDJQM5NQ9Q9KHWHWh0NHgfbRMLLrceUK5qAL4ytALJbpRMjixFZh8A==",
-      "dev": true,
-      "requires": {}
+      "dev": true
     },
     "y18n": {
       "version": "5.0.8",

From d708c81abbec424e4376a68140e5008bdba4eaaf Mon Sep 17 00:00:00 2001
From: aeneasr <3372410+aeneasr@users.noreply.github.com>
Date: Thu, 15 Sep 2022 19:28:27 +0200
Subject: [PATCH 259/411] fix: remove jsonnet import support

---
 cmd/jsonnet/lint.go                           |   4 +-
 go.mod                                        |   2 +-
 go.sum                                        | 211 +-----------
 internal/httpclient/api_metadata.go           |  26 +-
 internal/httpclient/api_v0alpha2.go           | 315 +++++++++---------
 request/builder.go                            |   6 +-
 .../strategy/oidc/strategy_registration.go    |   6 +-
 7 files changed, 191 insertions(+), 379 deletions(-)

diff --git a/cmd/jsonnet/lint.go b/cmd/jsonnet/lint.go
index 09cd3475ed11..8a2cbf56cc57 100644
--- a/cmd/jsonnet/lint.go
+++ b/cmd/jsonnet/lint.go
@@ -6,11 +6,11 @@ import (
 	"path/filepath"
 	"strings"
 
-	"github.com/google/go-jsonnet"
 	"github.com/google/go-jsonnet/linter"
 	"github.com/spf13/cobra"
 
 	"github.com/ory/x/cmdx"
+	"github.com/ory/x/jsonnetsecure"
 )
 
 func NewLintCmd() *cobra.Command {
@@ -30,7 +30,7 @@ func NewJsonnetLintCmd() *cobra.Command {
 ` + GlobHelp,
 		Args: cobra.MinimumNArgs(1),
 		Run: func(cmd *cobra.Command, args []string) {
-			vm := jsonnet.MakeVM()
+			vm := jsonnetsecure.MakeSecureVM()
 
 			for _, pattern := range args {
 				files, err := filepath.Glob(pattern)
diff --git a/go.mod b/go.mod
index e3ddbb6d09b7..003ba3113219 100644
--- a/go.mod
+++ b/go.mod
@@ -76,7 +76,7 @@ require (
 	github.com/ory/kratos-client-go v0.6.3-alpha.1
 	github.com/ory/mail/v3 v3.0.0
 	github.com/ory/nosurf v1.2.7
-	github.com/ory/x v0.0.460
+	github.com/ory/x v0.0.470
 	github.com/phayes/freeport v0.0.0-20180830031419-95f893ade6f2
 	github.com/pkg/errors v0.9.1
 	github.com/pquerna/otp v1.3.0
diff --git a/go.sum b/go.sum
index 01c22baf056f..30d6d7bd5b8a 100644
--- a/go.sum
+++ b/go.sum
@@ -32,10 +32,8 @@ cloud.google.com/go v0.90.0/go.mod h1:kRX0mNRHe0e2rC6oNakvwQqzyDmg57xJ+SZU1eT2aD
 cloud.google.com/go v0.93.3/go.mod h1:8utlLll2EF5XMAV15woO4lSbWQlk8rer9aLOfLh7+YI=
 cloud.google.com/go v0.94.1/go.mod h1:qAlAugsXlC+JWO+Bke5vCtc9ONxjQT3drlTTnAplMW4=
 cloud.google.com/go v0.97.0/go.mod h1:GF7l59pYBVlXQIBLx3a761cZ41F9bBH3JUlihCt2Udc=
-cloud.google.com/go v0.98.0/go.mod h1:ua6Ush4NALrHk5QXDWnjvZHN93OuF0HfuEPq9I1X0cM=
 cloud.google.com/go v0.99.0/go.mod h1:w0Xx2nLzqWJPuozYQX+hFfCSI8WioryfRDzkoI/Y2ZA=
 cloud.google.com/go v0.100.2/go.mod h1:4Xra9TjzAeYHrl5+oeLlzbM2k3mjVhZh4UqTZ//w99A=
-cloud.google.com/go v0.102.0 h1:DAq3r8y4mDgyB/ZPJ9v/5VJNqjgJAxTn6ZYLlUywOu8=
 cloud.google.com/go v0.102.0/go.mod h1:oWcCzKlqJ5zgHQt9YsaeTY9KzIvjyy0ArmiBUgpQ+nc=
 cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o=
 cloud.google.com/go/bigquery v1.3.0/go.mod h1:PjpwJnslEMmckchkHFfq+HTD2DmtT67aNFKH1/VBDHE=
@@ -53,7 +51,6 @@ cloud.google.com/go/compute v1.7.0/go.mod h1:435lt8av5oL9P3fv1OEzSbSUe+ybHXGMPQH
 cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE=
 cloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1b3c64qFpCk=
 cloud.google.com/go/firestore v1.1.0/go.mod h1:ulACoGHTpvq5r8rxGJ4ddJZBZqakUQqClKRT5SZwBmk=
-cloud.google.com/go/firestore v1.6.1/go.mod h1:asNXNOzBdyVQmEU+ggO8UPodTkEVFW5Qx+rwHnAz+EY=
 cloud.google.com/go/iam v0.3.0/go.mod h1:XzJPvDayI+9zsASAFO68Hk07u3z+f+JrT2xXNdp4bnY=
 cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I=
 cloud.google.com/go/pubsub v1.1.0/go.mod h1:EwwdRX2sKPjnvnqCa270oGRyludottCI76h+R3AArQw=
@@ -75,7 +72,6 @@ contrib.go.opencensus.io/exporter/stackdriver v0.13.5/go.mod h1:aXENhDJ1Y4lIg4EU
 contrib.go.opencensus.io/integrations/ocsql v0.1.4/go.mod h1:8DsSdjz3F+APR+0z0WkU1aRorQCFfRxvqjUUPMbF3fE=
 contrib.go.opencensus.io/resource v0.1.1/go.mod h1:F361eGI91LCmW1I/Saf+rX0+OFcigGlFvXwEGEnkRLA=
 dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU=
-gioui.org v0.0.0-20210308172011-57750fc8a0a6/go.mod h1:RSH6KIUZ0p2xy5zHDxgAM4zumjgTw83q2ge/PI+yyw8=
 github.com/Azure/azure-amqp-common-go/v2 v2.1.0/go.mod h1:R8rea+gJRuJR6QxTir/XuEd+YuKoUiazDC/N96FiDEU=
 github.com/Azure/azure-pipeline-go v0.2.1/go.mod h1:UGSo8XybXnIGZ3epmeBw7Jdz+HiUVpqIlpz/HKHylF4=
 github.com/Azure/azure-sdk-for-go v16.2.1+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc=
@@ -99,15 +95,10 @@ github.com/Azure/go-autorest/logger v0.2.0/go.mod h1:T9E3cAhj2VqvPOtCYAvby9aBXkZ
 github.com/Azure/go-autorest/tracing v0.6.0/go.mod h1:+vhtPC754Xsa23ID7GlGsrdKBpUA79WCAKPPZVC2DeU=
 github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
 github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo=
-github.com/DataDog/datadog-agent/pkg/obfuscate v0.0.0-20211129110424-6491aa3bf583/go.mod h1:EP9f4GqaDJyP1F5jTNMtzdIpw3JpNs3rMSJOnYywCiw=
 github.com/DataDog/datadog-go v3.2.0+incompatible/go.mod h1:LButxg5PwREeZtORoXG3tL4fMGNddJ+vMq1mwgfaqoQ=
-github.com/DataDog/datadog-go v4.8.2+incompatible/go.mod h1:LButxg5PwREeZtORoXG3tL4fMGNddJ+vMq1mwgfaqoQ=
-github.com/DataDog/datadog-go/v5 v5.0.2/go.mod h1:ZI9JFB4ewXbw1sBnF4sxsR2k1H3xjV+PUAOUsHvKpcU=
-github.com/DataDog/sketches-go v1.2.1/go.mod h1:1xYmPLY1So10AwxV6MJV0J53XVH+WL9Ad1KetxVivVI=
 github.com/GeertJohan/go.incremental v1.0.0/go.mod h1:6fAjUhbVuX1KcMD3c8TEgVUqmo4seqhv0i0kdATSkM0=
 github.com/GeertJohan/go.rice v1.0.2/go.mod h1:af5vUNlDNkCjOZeSGFgIJxDje9qdjsO6hshx0gTmZt4=
 github.com/GoogleCloudPlatform/cloudsql-proxy v0.0.0-20191009163259-e802c2cb94ae/go.mod h1:mjwGPas4yKduTyubHvD1Atl9r1rUq8DfVy+gkVvZ+oo=
-github.com/HdrHistogram/hdrhistogram-go v1.1.2/go.mod h1:yDgFjdqOqDEKOvasDdhWNXYg9BVp4O+o5f6V/ehm6Oo=
 github.com/Knetic/govaluate v3.0.1-0.20171022003610-9aa49832a739+incompatible/go.mod h1:r7JcOSlj0wfOMncg0iLm8Leh48TZaKVeNIfJntJ2wa0=
 github.com/Masterminds/goutils v1.1.0/go.mod h1:8cTjp+g8YejhMuvIA5y2vz3BpJxksy863GQaJW2MFNU=
 github.com/Masterminds/goutils v1.1.1 h1:5nUrii3FMTL5diU80unEVvNevw1nH4+ZV4DSLVJLSYI=
@@ -120,7 +111,6 @@ github.com/Masterminds/semver/v3 v3.1.0/go.mod h1:VPu/7SZ7ePZ3QOrcuXROw5FAcLl4a0
 github.com/Masterminds/semver/v3 v3.1.1 h1:hLg3sBzpNErnxhQtUy/mmLR2I9foDujNK030IGemrRc=
 github.com/Masterminds/semver/v3 v3.1.1/go.mod h1:VPu/7SZ7ePZ3QOrcuXROw5FAcLl4a0cBrbBpGY/8hQs=
 github.com/Masterminds/sprig v2.15.0+incompatible/go.mod h1:y6hNFY5UBTIWBxnzTeuNhlNS5hqE0NB0E6fgfo2Br3o=
-github.com/Masterminds/sprig v2.22.0+incompatible h1:z4yfnGrZ7netVz+0EDJ0Wi+5VZCSYp4Z0m2dk6cEM60=
 github.com/Masterminds/sprig v2.22.0+incompatible/go.mod h1:y6hNFY5UBTIWBxnzTeuNhlNS5hqE0NB0E6fgfo2Br3o=
 github.com/Masterminds/sprig/v3 v3.2.2 h1:17jRggJu518dr3QaafizSXOjKYp94wKfABxUmyxvxX8=
 github.com/Masterminds/sprig/v3 v3.2.2/go.mod h1:UoaO7Yp8KlPnJIYWTFkMaqPUYKTfGFPhxNuwnnxkKlk=
@@ -132,8 +122,6 @@ github.com/Microsoft/go-winio v0.4.16/go.mod h1:XB6nPKklQyQ7GC9LdcBEcBl8PF76WugX
 github.com/Microsoft/go-winio v0.4.17-0.20210211115548-6eac466e5fa3/go.mod h1:JPGBdM1cNvN/6ISo+n8V5iA4v8pBzdOpzfwIujj1a84=
 github.com/Microsoft/go-winio v0.4.17-0.20210324224401-5516f17a5958/go.mod h1:JPGBdM1cNvN/6ISo+n8V5iA4v8pBzdOpzfwIujj1a84=
 github.com/Microsoft/go-winio v0.4.17/go.mod h1:JPGBdM1cNvN/6ISo+n8V5iA4v8pBzdOpzfwIujj1a84=
-github.com/Microsoft/go-winio v0.5.0/go.mod h1:JPGBdM1cNvN/6ISo+n8V5iA4v8pBzdOpzfwIujj1a84=
-github.com/Microsoft/go-winio v0.5.1/go.mod h1:JPGBdM1cNvN/6ISo+n8V5iA4v8pBzdOpzfwIujj1a84=
 github.com/Microsoft/go-winio v0.5.2 h1:a9IhgEQBCUEk6QCdml9CiJGhAws+YwffDHEMp1VMrpA=
 github.com/Microsoft/go-winio v0.5.2/go.mod h1:WpS1mjBmmwHBEWmogvA2mj8546UReBk4v8QkMxJ6pZY=
 github.com/Microsoft/hcsshim v0.8.6/go.mod h1:Op3hHsoHPAvb6lceZHDtd9OkTew38wNoXnJs8iY7rUg=
@@ -150,7 +138,6 @@ github.com/NYTimes/gziphandler v0.0.0-20170623195520-56545f4a5d46/go.mod h1:3wb0
 github.com/Nvveen/Gotty v0.0.0-20120604004816-cd527374f1e5 h1:TngWCqHvy9oXAN6lEVMRuU21PR1EtLVZJmdB18Gu3Rw=
 github.com/Nvveen/Gotty v0.0.0-20120604004816-cd527374f1e5/go.mod h1:lmUJ/7eu/Q8D7ML55dXQrVaamCz2vxCfdQBasLZfHKk=
 github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU=
-github.com/PuerkitoBio/purell v1.1.0/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0=
 github.com/PuerkitoBio/purell v1.1.1/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0=
 github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE=
 github.com/Shopify/logrus-bugsnag v0.0.0-20171204204709-577dee27f20d/go.mod h1:HI8ITrYtUY+O+ZhtlqUnD8+KwNPOyugEhfP9fdUIaEQ=
@@ -168,8 +155,6 @@ github.com/aeneasr/koanf v0.14.1-0.20211230115640-aa3902b3267a/go.mod h1:1cfH522
 github.com/afex/hystrix-go v0.0.0-20180502004556-fa1af6a1f4f5/go.mod h1:SkGFH1ia65gfNATL8TAiHDNxPzPdmEL5uirI2Uyuz6c=
 github.com/ajg/form v0.0.0-20160822230020-523a5da1a92f h1:zvClvFQwU++UpIUBGC8YmDlfhUrweEy1R1Fj1gu5iIM=
 github.com/ajg/form v0.0.0-20160822230020-523a5da1a92f/go.mod h1:uL1WgH+h2mgNtvBq0339dVnzXdBETtL2LeUXaIv25UY=
-github.com/ajstarks/svgo v0.0.0-20180226025133-644b8db467af/go.mod h1:K08gAheRH3/J6wwsYMMT4xOr94bZjxIelGM0+d/wbFw=
-github.com/ajstarks/svgo v0.0.0-20210923152817-c3b6e2f0c527/go.mod h1:K08gAheRH3/J6wwsYMMT4xOr94bZjxIelGM0+d/wbFw=
 github.com/akavel/rsrc v0.8.0/go.mod h1:uLoCtb9J+EyAqh+26kdrTgmzRBFPGOolLWKpdxkKq+c=
 github.com/alcortesm/tgz v0.0.0-20161220082320-9c5fe88206d7/go.mod h1:6zEj6s6u/ghQa61ZWa/C2Aw3RkjiTBOix7dkqa1VLIs=
 github.com/alecthomas/kingpin v2.2.6+incompatible/go.mod h1:59OFYbFVLKQKq+mqrL6Rw5bR0c3ACQaawgXx0QYndlE=
@@ -203,10 +188,7 @@ github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj
 github.com/armon/go-radix v1.0.0/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8=
 github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs=
 github.com/aryann/difflib v0.0.0-20170710044230-e206f873d14a/go.mod h1:DAHtR1m6lCRdSC2Tm3DSWRPvIPr6xNKyeHdqDQSQT+A=
-github.com/asaskevich/govalidator v0.0.0-20180720115003-f9ffefc3facf/go.mod h1:lB+ZfQJz7igIIfQNfa7Ml4HSf2uFQQRzpGGRXenZAgY=
 github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a/go.mod h1:lB+ZfQJz7igIIfQNfa7Ml4HSf2uFQQRzpGGRXenZAgY=
-github.com/asaskevich/govalidator v0.0.0-20200108200545-475eaeb16496/go.mod h1:oGkLhpf+kjZl6xBf758TQhh5XrAeiJv/7FRz/2spLIg=
-github.com/asaskevich/govalidator v0.0.0-20200428143746-21a406dcc535/go.mod h1:oGkLhpf+kjZl6xBf758TQhh5XrAeiJv/7FRz/2spLIg=
 github.com/asaskevich/govalidator v0.0.0-20200907205600-7a23bdc65eef/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw=
 github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d h1:Byv0BzEl3/e6D5CLfI0j/7hiIEtvGVFPCZ7Ei2oq8iQ=
 github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw=
@@ -253,10 +235,8 @@ github.com/blang/semver v3.1.0+incompatible/go.mod h1:kRBLl5iJ+tD4TcOOxsy/0fnweb
 github.com/blang/semver v3.5.1+incompatible/go.mod h1:kRBLl5iJ+tD4TcOOxsy/0fnwebNt5EWlYSAyrTnjyyk=
 github.com/bmatcuk/doublestar v1.3.4 h1:gPypJ5xD31uhX6Tf54sDPUOBXTqKH4c9aPY66CyQrS0=
 github.com/bmatcuk/doublestar v1.3.4/go.mod h1:wiQtGV+rzVYxB7WIlirSN++5HPtPlXEo9MEoZQC/PmE=
-github.com/bmatcuk/doublestar/v2 v2.0.4/go.mod h1:QMmcs3H2AUQICWhfzLXz+IYln8lRQmTZRptLie8RgRw=
 github.com/bmizerany/assert v0.0.0-20160611221934-b7ed37b82869 h1:DDGfHa7BWjL4YnC6+E63dPcxHo2sUxDIu8g3QgEJdRY=
 github.com/bmizerany/assert v0.0.0-20160611221934-b7ed37b82869/go.mod h1:Ekp36dRnpXw/yCqJaO+ZrUyxD+3VXMFFr56k5XYrpB4=
-github.com/boombuler/barcode v1.0.0/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl3JlRe0mD8=
 github.com/boombuler/barcode v1.0.1-0.20190219062509-6c824513bacc/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl3JlRe0mD8=
 github.com/boombuler/barcode v1.0.1 h1:NDBbPmhS+EqABEs5Kg3n/5ZNjy73Pz7SIV+KCeqyXcs=
 github.com/boombuler/barcode v1.0.1/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl3JlRe0mD8=
@@ -284,7 +264,6 @@ github.com/census-instrumentation/opencensus-proto v0.3.0/go.mod h1:f6KPmirojxKA
 github.com/certifi/gocertifi v0.0.0-20191021191039-0944d244cd40/go.mod h1:sGbDF6GwGcLpkNXPUTkMRoywsNa/ol15pxFe6ERfguA=
 github.com/certifi/gocertifi v0.0.0-20210507211836-431795d63e8d h1:S2NE3iHSwP0XV47EEXL8mWmRdEfGscSJ+7EgePNgt0s=
 github.com/certifi/gocertifi v0.0.0-20210507211836-431795d63e8d/go.mod h1:sGbDF6GwGcLpkNXPUTkMRoywsNa/ol15pxFe6ERfguA=
-github.com/cespare/xxhash v1.1.0 h1:a6HrQnmkObjyL+Gs60czilIUGqrzKutQD6XZog3p+ko=
 github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc=
 github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
 github.com/cespare/xxhash/v2 v2.1.2 h1:YRXhKfTDauu4ajMg1TPgFO5jnlC2HCbmLXMcTG5cbYE=
@@ -435,7 +414,6 @@ github.com/coreos/go-semver v0.3.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3Ee
 github.com/coreos/go-systemd v0.0.0-20161114122254-48702e0da86b/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4=
 github.com/coreos/go-systemd v0.0.0-20180511133405-39ca1b05acc7/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4=
 github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4=
-github.com/coreos/go-systemd v0.0.0-20190719114852-fd7a80b32e1f h1:JOrtw2xFKzlg+cbHpyrpLDmnN1HqhBfnX7WDiW7eG2c=
 github.com/coreos/go-systemd v0.0.0-20190719114852-fd7a80b32e1f/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4=
 github.com/coreos/go-systemd/v22 v22.0.0/go.mod h1:xO0FLkIi5MaZafQlIrOotqXZ90ih+1atmu1JpKERPPk=
 github.com/coreos/go-systemd/v22 v22.1.0/go.mod h1:xO0FLkIi5MaZafQlIrOotqXZ90ih+1atmu1JpKERPPk=
@@ -449,11 +427,9 @@ github.com/cortesi/moddwatch v0.0.0-20210222043437-a6aaad86a36e h1:vNbhR09qtq9EL
 github.com/cortesi/moddwatch v0.0.0-20210222043437-a6aaad86a36e/go.mod h1:MUkYRZrwFTHATqCI5tDJRPqmBt9xf3q4+Avfut7kCCE=
 github.com/cortesi/termlog v0.0.0-20210222042314-a1eec763abec h1:v7D8uHsIKsyjfyhhNdY4qivqN558Ejiq+CDXiUljZ+4=
 github.com/cortesi/termlog v0.0.0-20210222042314-a1eec763abec/go.mod h1:10Fm2kasJmcKf1FSMQGSWb976sfR29hejNtfS9AydB4=
-github.com/cpuguy83/go-md2man v1.0.10 h1:BSKMNlYxDvnunlTymqtgONjNnaRV1sTpcovwwjF22jk=
 github.com/cpuguy83/go-md2man v1.0.10/go.mod h1:SmD6nW6nTyfqj6ABTjUi3V3JVMnlJmwcJI5acqYI6dE=
 github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU=
 github.com/cpuguy83/go-md2man/v2 v2.0.0/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU=
-github.com/cpuguy83/go-md2man/v2 v2.0.1/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
 github.com/cpuguy83/go-md2man/v2 v2.0.2 h1:p1EgwI/C7NhT0JmVkwCD2ZBK8j4aeHQX2pMHHBfMQ6w=
 github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
 github.com/creack/pty v1.1.7/go.mod h1:lj5s0c3V2DBrqTV7llrYr5NG6My20zk30Fl46Y7DoTY=
@@ -495,7 +471,6 @@ github.com/docker/distribution v2.7.1-0.20190205005809-0d3efadf0154+incompatible
 github.com/docker/distribution v2.7.1+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
 github.com/docker/distribution v2.8.1+incompatible h1:Q50tZOPR6T/hjNsyc9g8/syEs6bk8XXApsHjKukMl68=
 github.com/docker/distribution v2.8.1+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
-github.com/docker/docker v20.10.7+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
 github.com/docker/docker v20.10.9+incompatible h1:JlsVnETOjM2RLQa0Cc1XCIspUdXW3Zenq9P54uXBm6k=
 github.com/docker/docker v20.10.9+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
 github.com/docker/go-connections v0.4.0 h1:El9xVISelRB7BuFusrZozjnkIM5YnzCViNKohAFqRJQ=
@@ -504,7 +479,6 @@ github.com/docker/go-events v0.0.0-20170721190031-9461782956ad/go.mod h1:Uw6Uezg
 github.com/docker/go-events v0.0.0-20190806004212-e31b211e4f1c/go.mod h1:Uw6UezgYA44ePAFQYUehOuCzmy5zmg/+nl2ZfMWGkpA=
 github.com/docker/go-metrics v0.0.0-20180209012529-399ea8c73916/go.mod h1:/u0gXw0Gay3ceNrsHubL3BtdOL2fHf93USgMTe0W5dI=
 github.com/docker/go-metrics v0.0.1/go.mod h1:cG1hvH2utMXtqgqqYE9plW6lDxS3/5ayHzueweSI3Vw=
-github.com/docker/go-units v0.3.3/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk=
 github.com/docker/go-units v0.4.0 h1:3uh0PgVws3nIA0Q+MwDC8yjEPf9zjRfZZWXZYDct3Tw=
 github.com/docker/go-units v0.4.0/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk=
 github.com/docker/libtrust v0.0.0-20150114040149-fa567046d9b1/go.mod h1:cyGadeNEkKy96OOhEzfZl+yxihPEzKnqJwvfuSUqbZE=
@@ -520,9 +494,6 @@ github.com/eapache/go-resiliency v1.2.0/go.mod h1:kFI+JgMyC7bLPUVY133qvEBtVayf5m
 github.com/eapache/go-xerial-snappy v0.0.0-20180814174437-776d5712da21/go.mod h1:+020luEh2TKB4/GOp8oxxtq0Daoen/Cii55CzbTV6DU=
 github.com/eapache/queue v1.1.0/go.mod h1:6eCeP0CKFpHLu8blIFXhExK/dRa7WDZfr6jVFPTqq+I=
 github.com/edsrzf/mmap-go v1.0.0/go.mod h1:YO35OhQPt3KJa3ryjFM5Bs14WD66h8eGKpfaBNrHW5M=
-github.com/elastic/go-licenser v0.3.1/go.mod h1:D8eNQk70FOCVBl3smCGQt/lv7meBeQno2eI1S5apiHQ=
-github.com/elastic/go-sysinfo v1.1.1/go.mod h1:i1ZYdU10oLNfRzq4vq62BEwD2fH8KaWh6eh0ikPT9F0=
-github.com/elastic/go-windows v1.0.0/go.mod h1:TsU0Nrp7/y3+VwE82FoZF8gC/XFg/Elz6CcloAxnPgU=
 github.com/elazarl/goproxy v0.0.0-20180725130230-947c36da3153/go.mod h1:/Zj4wYkgs4iZTTu3o/KG3Itv/qCCa8VVMlb3i9OVuzc=
 github.com/elliotchance/orderedmap v1.4.0 h1:wZtfeEONCbx6in1CZyE6bELEt/vFayMvsxqI5SgsR+A=
 github.com/elliotchance/orderedmap v1.4.0/go.mod h1:wsDwEaX5jEoyhbs7x93zk2H/qv0zwuhg4inXhDkYqys=
@@ -538,7 +509,6 @@ github.com/envoyproxy/go-control-plane v0.9.9-0.20201210154907-fd9021fe5dad/go.m
 github.com/envoyproxy/go-control-plane v0.9.9-0.20210217033140-668b12f5399d/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk=
 github.com/envoyproxy/go-control-plane v0.9.9-0.20210512163311-63b5d3c536b0/go.mod h1:hliV/p42l8fGbc6Y9bQ70uLwIvmJyVE5k4iMKlh8wCQ=
 github.com/envoyproxy/go-control-plane v0.9.10-0.20210907150352-cf90f659a021/go.mod h1:AFq3mo9L8Lqqiid3OhADV3RfLJnjiw63cSpi+fDTRC0=
-github.com/envoyproxy/go-control-plane v0.10.1/go.mod h1:AY7fTTXNdv/aJ2O5jwpxAPOWUZ7hQAEvzN5Pf27BkQQ=
 github.com/envoyproxy/go-control-plane v0.10.2-0.20220325020618-49ff273808a1 h1:xvqufLtNVwAhN8NMyWklVgxnWohi+wtMGQMhtxexlm0=
 github.com/envoyproxy/go-control-plane v0.10.2-0.20220325020618-49ff273808a1/go.mod h1:KJwIaB5Mv44NWtYuAOFCVOjcI94vtpEz2JU/D2v6IjE=
 github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
@@ -562,8 +532,6 @@ github.com/felixge/httpsnoop v1.0.2/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSw
 github.com/felixge/httpsnoop v1.0.3 h1:s/nj+GCswXYzN5v2DpNMuMQYe+0DDwt5WVCU6CWBdXk=
 github.com/felixge/httpsnoop v1.0.3/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U=
 github.com/flynn/go-shlex v0.0.0-20150515145356-3f9db97f8568/go.mod h1:xEzjJPgXI435gkrCt3MPfRiAkVrwSbHsst4LCFVfpJc=
-github.com/fogleman/gg v1.2.1-0.20190220221249-0403632d5b90/go.mod h1:R/bRT+9gY/C5z7JzPU0zXsXHKM4/ayA+zqcVNZzPa1k=
-github.com/fogleman/gg v1.3.0/go.mod h1:R/bRT+9gY/C5z7JzPU0zXsXHKM4/ayA+zqcVNZzPa1k=
 github.com/form3tech-oss/jwt-go v3.2.2+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k=
 github.com/form3tech-oss/jwt-go v3.2.3+incompatible h1:7ZaBxOI7TMoYBfyA3cQHErNNyAWIKUMIwqxEtgHOs5c=
 github.com/form3tech-oss/jwt-go v3.2.3+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k=
@@ -573,10 +541,8 @@ github.com/franela/goblin v0.0.0-20200105215937-c9ffbefa60db/go.mod h1:7dvUGVsVB
 github.com/franela/goreq v0.0.0-20171204163338-bcd34c9993f8/go.mod h1:ZhphrRTfi2rbfLwlschooIH4+wKKDR4Pdxhh+TRoA20=
 github.com/frankban/quicktest v1.11.3/go.mod h1:wRf/ReqHper53s+kmmSZizM8NamnL3IM0I9ntUbOk+k=
 github.com/frankban/quicktest v1.14.3 h1:FJKSZTDHjyhriyC81FLQ0LY93eSai0ZyR/ZIkd3ZUKE=
-github.com/frankban/quicktest v1.14.3/go.mod h1:mgiwOwqx65TmIk1wJ6Q7wvnVMocbUorkibMOrVTHZps=
 github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo=
 github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ=
-github.com/fsnotify/fsnotify v1.5.1/go.mod h1:T3375wBYaZdLLcVNkcVbzGHY7f1l/uK5T5Ai1i3InKU=
 github.com/fsnotify/fsnotify v1.5.4 h1:jRbGcIw6P2Meqdwuo0H1p6JVLbL5DHKAKlYndzMwVZI=
 github.com/fsnotify/fsnotify v1.5.4/go.mod h1:OVB6XrOHzAwXMpEM7uPOzcehqUV2UqJxmVXmkdnm1bU=
 github.com/fullsailor/pkcs7 v0.0.0-20190404230743-d7302db945fa/go.mod h1:KnogPXtdwXqoenmZCw6S+25EAm2MkxbG0deNDu4cbSA=
@@ -592,16 +558,8 @@ github.com/ghodss/yaml v0.0.0-20150909031657-73d445a93680/go.mod h1:4dBDuWmgqj2H
 github.com/ghodss/yaml v1.0.0 h1:wQHKEahhL6wmXdzwWG11gIVCkOv05bNOh+Rxn0yngAk=
 github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
 github.com/gliderlabs/ssh v0.2.2/go.mod h1:U7qILu1NlMHj9FlMhZLlkCdDnU1DBEAqr0aevW3Awn0=
-github.com/globalsign/mgo v0.0.0-20180905125535-1ca0a4f7cbcb/go.mod h1:xkRDCp4j0OGD1HRkm4kmhM+pmpv3AKq5SU7GMg4oO/Q=
-github.com/globalsign/mgo v0.0.0-20181015135952-eeefdecb41b8/go.mod h1:xkRDCp4j0OGD1HRkm4kmhM+pmpv3AKq5SU7GMg4oO/Q=
-github.com/go-bindata/go-bindata v3.1.2+incompatible/go.mod h1:xK8Dsgwmeed+BBsSy2XTopBn/8uK2HWuGSnA11C3Joo=
 github.com/go-errors/errors v1.0.1 h1:LUHzmkK3GUKUrL/1gfBUxAHzcev3apQlezX/+O7ma6w=
 github.com/go-errors/errors v1.0.1/go.mod h1:f4zRHt4oKfwPJE5k8C9vpYG+aDHdBFUsgrm6/TyX73Q=
-github.com/go-fonts/dejavu v0.1.0/go.mod h1:4Wt4I4OU2Nq9asgDCteaAaWZOV24E+0/Pwo0gppep4g=
-github.com/go-fonts/latin-modern v0.2.0/go.mod h1:rQVLdDMK+mK1xscDwsqM5J8U2jrRa3T0ecnM9pNujks=
-github.com/go-fonts/liberation v0.1.1/go.mod h1:K6qoJYypsmfVjWg8KOVDQhLc8UDgIK2HYqyqAO9z7GY=
-github.com/go-fonts/liberation v0.2.0/go.mod h1:K6qoJYypsmfVjWg8KOVDQhLc8UDgIK2HYqyqAO9z7GY=
-github.com/go-fonts/stix v0.1.0/go.mod h1:w/c1f0ldAUlJmLBvlbkvVXLAD+tAMqobIIQpmnUIzUY=
 github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU=
 github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
 github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
@@ -610,8 +568,6 @@ github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2
 github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
 github.com/go-kit/kit v0.10.0/go.mod h1:xUsJbQ/Fp4kEt7AFgCuvyX4a71u8h9jB8tj/ORgOZ7o=
 github.com/go-kit/log v0.1.0/go.mod h1:zbhenjAZHb184qTLMA9ZjW7ThYL0H2mk7Q6pNt4vbaY=
-github.com/go-latex/latex v0.0.0-20210118124228-b3d85cf34e07/go.mod h1:CO1AlKB2CSIqUrmQPqA0gdRIlnLEY0gK5JGjh37zN5U=
-github.com/go-latex/latex v0.0.0-20210823091927-c0d11ff05a81/go.mod h1:SX0U8uGpxhq9o2S/CELCSUxEWWAuoCUcVCQWv7G2OCk=
 github.com/go-ldap/ldap v3.0.2+incompatible/go.mod h1:qfd9rJvER9Q0/D/Sqn1DfHRoBp40uXYvFoEVrNEPqRc=
 github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE=
 github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk=
@@ -623,98 +579,49 @@ github.com/go-logr/logr v1.2.3 h1:2DntVwHkVopvECVRSlL5PSo9eG+cAkDCuckLubN+rq0=
 github.com/go-logr/logr v1.2.3/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
 github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag=
 github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE=
-github.com/go-openapi/analysis v0.0.0-20180825180245-b006789cd277/go.mod h1:k70tL6pCuVxPJOHXQ+wIac1FUrvNkHolPie/cLEU6hI=
-github.com/go-openapi/analysis v0.17.0/go.mod h1:IowGgpVeD0vNm45So8nr+IcQ3pxVtpRoBWb8PVZO0ik=
-github.com/go-openapi/analysis v0.18.0/go.mod h1:IowGgpVeD0vNm45So8nr+IcQ3pxVtpRoBWb8PVZO0ik=
-github.com/go-openapi/analysis v0.19.2/go.mod h1:3P1osvZa9jKjb8ed2TPng3f0i/UY9snX6gxi44djMjk=
-github.com/go-openapi/analysis v0.19.4/go.mod h1:3P1osvZa9jKjb8ed2TPng3f0i/UY9snX6gxi44djMjk=
-github.com/go-openapi/analysis v0.19.5/go.mod h1:hkEAkxagaIvIP7VTn8ygJNkd4kAYON2rCu0v0ObL0AU=
-github.com/go-openapi/analysis v0.19.10/go.mod h1:qmhS3VNFxBlquFJ0RGoDtylO9y4pgTAUNE9AEEMdlJQ=
 github.com/go-openapi/analysis v0.21.2/go.mod h1:HZwRk4RRisyG8vx2Oe6aqeSQcoxRp47Xkp3+K6q+LdY=
 github.com/go-openapi/analysis v0.21.4 h1:ZDFLvSNxpDaomuCueM0BlSXxpANBlFYiBvr+GXrvIHc=
 github.com/go-openapi/analysis v0.21.4/go.mod h1:4zQ35W4neeZTqh3ol0rv/O8JBbka9QyAgQRPp9y3pfo=
-github.com/go-openapi/errors v0.17.0/go.mod h1:LcZQpmvG4wyF5j4IhA73wkLFQg+QJXOQHVjmcZxhka0=
-github.com/go-openapi/errors v0.18.0/go.mod h1:LcZQpmvG4wyF5j4IhA73wkLFQg+QJXOQHVjmcZxhka0=
-github.com/go-openapi/errors v0.19.2/go.mod h1:qX0BLWsyaKfvhluLejVpVNwNRdXZhEbTA4kxxpKBC94=
-github.com/go-openapi/errors v0.19.3/go.mod h1:qX0BLWsyaKfvhluLejVpVNwNRdXZhEbTA4kxxpKBC94=
-github.com/go-openapi/errors v0.19.6/go.mod h1:cM//ZKUKyO06HSwqAelJ5NsEMMcpa6VpXe8DOa1Mi1M=
 github.com/go-openapi/errors v0.19.8/go.mod h1:cM//ZKUKyO06HSwqAelJ5NsEMMcpa6VpXe8DOa1Mi1M=
 github.com/go-openapi/errors v0.19.9/go.mod h1:cM//ZKUKyO06HSwqAelJ5NsEMMcpa6VpXe8DOa1Mi1M=
-github.com/go-openapi/errors v0.20.0/go.mod h1:cM//ZKUKyO06HSwqAelJ5NsEMMcpa6VpXe8DOa1Mi1M=
 github.com/go-openapi/errors v0.20.2/go.mod h1:cM//ZKUKyO06HSwqAelJ5NsEMMcpa6VpXe8DOa1Mi1M=
 github.com/go-openapi/errors v0.20.3 h1:rz6kiC84sqNQoqrtulzaL/VERgkoCyB6WdEkc2ujzUc=
 github.com/go-openapi/errors v0.20.3/go.mod h1:Z3FlZ4I8jEGxjUK+bugx3on2mIAk4txuAOhlsB1FSgk=
 github.com/go-openapi/inflect v0.19.0 h1:9jCH9scKIbHeV9m12SmPilScz6krDxKRasNNSNPXu/4=
 github.com/go-openapi/inflect v0.19.0/go.mod h1:lHpZVlpIQqLyKwJ4N+YSc9hchQy/i12fJykb83CRBH4=
-github.com/go-openapi/jsonpointer v0.17.0/go.mod h1:cOnomiV+CVVwFLk0A/MExoFMjwdsUdVpsRhURCKh+3M=
-github.com/go-openapi/jsonpointer v0.18.0/go.mod h1:cOnomiV+CVVwFLk0A/MExoFMjwdsUdVpsRhURCKh+3M=
 github.com/go-openapi/jsonpointer v0.19.2/go.mod h1:3akKfEdA7DF1sugOqz1dVQHBcuDBPKZGEoHC/NkiQRg=
 github.com/go-openapi/jsonpointer v0.19.3/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg=
 github.com/go-openapi/jsonpointer v0.19.5 h1:gZr+CIYByUqjcgeLXnQu2gHYQC9o73G2XUeOFYEICuY=
 github.com/go-openapi/jsonpointer v0.19.5/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg=
-github.com/go-openapi/jsonreference v0.17.0/go.mod h1:g4xxGn04lDIRh0GJb5QlpE3HfopLOL6uZrK/VgnsK9I=
-github.com/go-openapi/jsonreference v0.18.0/go.mod h1:g4xxGn04lDIRh0GJb5QlpE3HfopLOL6uZrK/VgnsK9I=
 github.com/go-openapi/jsonreference v0.19.2/go.mod h1:jMjeRr2HHw6nAVajTXJ4eiUwohSTlpa0o73RUL1owJc=
 github.com/go-openapi/jsonreference v0.19.3/go.mod h1:rjx6GuL8TTa9VaixXglHmQmIL98+wF9xc8zWvFonSJ8=
 github.com/go-openapi/jsonreference v0.19.6/go.mod h1:diGHMEHg2IqXZGKxqyvWdfWU/aim5Dprw5bqpKkTvns=
 github.com/go-openapi/jsonreference v0.20.0 h1:MYlu0sBgChmCfJxxUKZ8g1cPWFOB37YSZqewK7OKeyA=
 github.com/go-openapi/jsonreference v0.20.0/go.mod h1:Ag74Ico3lPc+zR+qjn4XBUmXymS4zJbYVCZmcgkasdo=
-github.com/go-openapi/loads v0.17.0/go.mod h1:72tmFy5wsWx89uEVddd0RjRWPZm92WRLhf7AC+0+OOU=
-github.com/go-openapi/loads v0.18.0/go.mod h1:72tmFy5wsWx89uEVddd0RjRWPZm92WRLhf7AC+0+OOU=
-github.com/go-openapi/loads v0.19.0/go.mod h1:72tmFy5wsWx89uEVddd0RjRWPZm92WRLhf7AC+0+OOU=
-github.com/go-openapi/loads v0.19.2/go.mod h1:QAskZPMX5V0C2gvfkGZzJlINuP7Hx/4+ix5jWFxsNPs=
-github.com/go-openapi/loads v0.19.3/go.mod h1:YVfqhUCdahYwR3f3iiwQLhicVRvLlU/WO5WPaZvcvSI=
-github.com/go-openapi/loads v0.19.5/go.mod h1:dswLCAdonkRufe/gSUC3gN8nTSaB9uaS2es0x5/IbjY=
 github.com/go-openapi/loads v0.21.1/go.mod h1:/DtAMXXneXFjbQMGEtbamCZb+4x7eGwkvZCvBmwUG+g=
 github.com/go-openapi/loads v0.21.2 h1:r2a/xFIYeZ4Qd2TnGpWDIQNcP80dIaZgf704za8enro=
 github.com/go-openapi/loads v0.21.2/go.mod h1:Jq58Os6SSGz0rzh62ptiu8Z31I+OTHqmULx5e/gJbNw=
-github.com/go-openapi/runtime v0.0.0-20180920151709-4f900dc2ade9/go.mod h1:6v9a6LTXWQCdL8k1AO3cvqx5OtZY/Y9wKTgaoP6YRfA=
-github.com/go-openapi/runtime v0.19.0/go.mod h1:OwNfisksmmaZse4+gpV3Ne9AyMOlP1lt4sK4FXt0O64=
-github.com/go-openapi/runtime v0.19.4/go.mod h1:X277bwSUBxVlCYR3r7xgZZGKVvBd/29gLDlFGtJ8NL4=
-github.com/go-openapi/runtime v0.19.15/go.mod h1:dhGWCTKRXlAfGnQG0ONViOZpjfg0m2gUt9nTQPQZuoo=
-github.com/go-openapi/runtime v0.20.0/go.mod h1:2WnLRxMiOUWNN0UZskSkxW0+WXdfB1KmqRKCFH+ZWYk=
 github.com/go-openapi/runtime v0.24.1 h1:Sml5cgQKGYQHF+M7yYSHaH1eOjvTykrddTE/KtQVjqo=
 github.com/go-openapi/runtime v0.24.1/go.mod h1:AKurw9fNre+h3ELZfk6ILsfvPN+bvvlaU/M9q/r9hpk=
-github.com/go-openapi/spec v0.17.0/go.mod h1:XkF/MOi14NmjsfZ8VtAKf8pIlbZzyoTvZsdfssdxcBI=
-github.com/go-openapi/spec v0.18.0/go.mod h1:XkF/MOi14NmjsfZ8VtAKf8pIlbZzyoTvZsdfssdxcBI=
-github.com/go-openapi/spec v0.19.2/go.mod h1:sCxk3jxKgioEJikev4fgkNmwS+3kuYdJtcsZsD5zxMY=
 github.com/go-openapi/spec v0.19.3/go.mod h1:FpwSN1ksY1eteniUU7X0N/BgJ7a4WvBFVA8Lj9mJglo=
-github.com/go-openapi/spec v0.19.6/go.mod h1:Hm2Jr4jv8G1ciIAo+frC/Ft+rR2kQDh8JHKHb3gWUSk=
-github.com/go-openapi/spec v0.19.8/go.mod h1:Hm2Jr4jv8G1ciIAo+frC/Ft+rR2kQDh8JHKHb3gWUSk=
 github.com/go-openapi/spec v0.20.4/go.mod h1:faYFR1CvsJZ0mNsmsphTMSoRrNV3TEDoAM7FOEWeq8I=
 github.com/go-openapi/spec v0.20.6/go.mod h1:2OpW+JddWPrpXSCIX8eOx7lZ5iyuWj3RYR6VaaBKcWA=
 github.com/go-openapi/spec v0.20.7 h1:1Rlu/ZrOCCob0n+JKKJAWhNWMPW8bOZRg8FJaY+0SKI=
 github.com/go-openapi/spec v0.20.7/go.mod h1:2OpW+JddWPrpXSCIX8eOx7lZ5iyuWj3RYR6VaaBKcWA=
-github.com/go-openapi/strfmt v0.17.0/go.mod h1:P82hnJI0CXkErkXi8IKjPbNBM6lV6+5pLP5l494TcyU=
-github.com/go-openapi/strfmt v0.18.0/go.mod h1:P82hnJI0CXkErkXi8IKjPbNBM6lV6+5pLP5l494TcyU=
-github.com/go-openapi/strfmt v0.19.0/go.mod h1:+uW+93UVvGGq2qGaZxdDeJqSAqBqBdl+ZPMF/cC8nDY=
-github.com/go-openapi/strfmt v0.19.2/go.mod h1:0yX7dbo8mKIvc3XSKp7MNfxw4JytCfCD6+bY1AVL9LU=
-github.com/go-openapi/strfmt v0.19.3/go.mod h1:0yX7dbo8mKIvc3XSKp7MNfxw4JytCfCD6+bY1AVL9LU=
-github.com/go-openapi/strfmt v0.19.4/go.mod h1:eftuHTlB/dI8Uq8JJOyRlieZf+WkkxUuk0dgdHXr2Qk=
-github.com/go-openapi/strfmt v0.19.5/go.mod h1:eftuHTlB/dI8Uq8JJOyRlieZf+WkkxUuk0dgdHXr2Qk=
 github.com/go-openapi/strfmt v0.21.0/go.mod h1:ZRQ409bWMj+SOgXofQAGTIo2Ebu72Gs+WaRADcS5iNg=
 github.com/go-openapi/strfmt v0.21.1/go.mod h1:I/XVKeLc5+MM5oPNN7P6urMOpuLXEcNrCX/rPGuWb0k=
 github.com/go-openapi/strfmt v0.21.2/go.mod h1:I/XVKeLc5+MM5oPNN7P6urMOpuLXEcNrCX/rPGuWb0k=
 github.com/go-openapi/strfmt v0.21.3 h1:xwhj5X6CjXEZZHMWy1zKJxvW9AfHC9pkyUjLvHtKG7o=
 github.com/go-openapi/strfmt v0.21.3/go.mod h1:k+RzNO0Da+k3FrrynSNN8F7n/peCmQQqbbXjtDfvmGg=
-github.com/go-openapi/swag v0.17.0/go.mod h1:AByQ+nYG6gQg71GINrmuDXCPWdL640yX49/kXLo40Tg=
-github.com/go-openapi/swag v0.18.0/go.mod h1:AByQ+nYG6gQg71GINrmuDXCPWdL640yX49/kXLo40Tg=
 github.com/go-openapi/swag v0.19.2/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh66Z9tfKk=
 github.com/go-openapi/swag v0.19.5/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh66Z9tfKk=
-github.com/go-openapi/swag v0.19.7/go.mod h1:ao+8BpOPyKdpQz3AOJfbeEVpLmWAvlT1IfTe5McPyhY=
-github.com/go-openapi/swag v0.19.9/go.mod h1:ao+8BpOPyKdpQz3AOJfbeEVpLmWAvlT1IfTe5McPyhY=
 github.com/go-openapi/swag v0.19.15/go.mod h1:QYRuS/SOXUCsnplDa677K7+DxSOj6IPNl/eQntq43wQ=
 github.com/go-openapi/swag v0.21.1/go.mod h1:QYRuS/SOXUCsnplDa677K7+DxSOj6IPNl/eQntq43wQ=
 github.com/go-openapi/swag v0.22.3 h1:yMBqmnQ0gyZvEb/+KzuWZOXgllrXT4SADYbvDaXHv/g=
 github.com/go-openapi/swag v0.22.3/go.mod h1:UzaqsxGiab7freDnrUUra0MwWfN/q7tE4j+VcZ0yl14=
-github.com/go-openapi/validate v0.18.0/go.mod h1:Uh4HdOzKt19xGIGm1qHf/ofbX1YQ4Y+MYsct2VUrAJ4=
-github.com/go-openapi/validate v0.19.2/go.mod h1:1tRCw7m3jtI8eNWEEliiAqUIcBztB2KDnRCRMUi7GTA=
-github.com/go-openapi/validate v0.19.3/go.mod h1:90Vh6jjkTn+OT1Eefm0ZixWNFjhtOH7vS9k0lo6zwJo=
-github.com/go-openapi/validate v0.19.10/go.mod h1:RKEZTUWDkxKQxN2jDT7ZnZi2bhZlbNMAuKvKB+IaGx8=
 github.com/go-openapi/validate v0.21.0/go.mod h1:rjnrwK57VJ7A8xqfpAOEKRH8yQSGUriMu5/zuPSQ1hg=
 github.com/go-openapi/validate v0.22.0 h1:b0QecH6VslW/TxtpKgzpO1SNG7GU2FsaqKdP1E2T50Y=
 github.com/go-openapi/validate v0.22.0/go.mod h1:rjnrwK57VJ7A8xqfpAOEKRH8yQSGUriMu5/zuPSQ1hg=
-github.com/go-pdf/fpdf v0.5.0/go.mod h1:HzcnA+A23uwogo0tp9yU+l3V+KXhiESpt1PMayhOh5M=
 github.com/go-playground/assert/v2 v2.0.1 h1:MsBgLAaY856+nPRTKrp3/OZK38U/wa0CcBYNjji3q3A=
 github.com/go-playground/assert/v2 v2.0.1/go.mod h1:VDjEfimB/XKnb+ZQfWdccd7VUvScMdVu0Titje2rxJ4=
 github.com/go-playground/locales v0.13.0 h1:HyWk6mgj5qFqCT5fjGBuRArbVDfE4hi8+e8ceBS/t7Q=
@@ -735,7 +642,6 @@ github.com/go-stack/stack v1.8.1/go.mod h1:dcoOX6HbPZSZptuspn9bctJ+N/CnF5gGygcUP
 github.com/go-swagger/go-swagger v0.30.0 h1:HakSyutD7Ek9ndkR8Fxy6WAoQtgu7UcAmZCTa6SzawA=
 github.com/go-swagger/go-swagger v0.30.0/go.mod h1:GhZVX/KIBM4VpGp4P7AJOIrlTuBeRVPS+j9kk6rFmfY=
 github.com/go-swagger/scan-repo-boundary v0.0.0-20180623220736-973b3573c013 h1:l9rI6sNaZgNC0LnF3MiE+qTmyBA/tZAg1rtyrGbUMK0=
-github.com/go-swagger/scan-repo-boundary v0.0.0-20180623220736-973b3573c013/go.mod h1:b65mBPzqzZWxOZGxSWrqs4GInLIn+u99Q9q7p+GKni0=
 github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0/go.mod h1:fyg7847qk6SyHyPtNmDHnmrv/HOrqktSC+C9fM+CJOE=
 github.com/go-test/deep v1.0.2-0.20181118220953-042da051cf31/go.mod h1:wGDj63lr65AM2AQyKZd/NYHGb0R+1RLqB8NKt3aSFNA=
 github.com/go-test/deep v1.0.4 h1:u2CU3YKy9I2pmu9pX0eq50wCgjfGIt539SqR7FbHiho=
@@ -769,7 +675,6 @@ github.com/gobuffalo/gogen v0.1.1/go.mod h1:y8iBtmHmGc4qa3urIyo1shvOD8JftTtfcKi+
 github.com/gobuffalo/helpers v0.6.5 h1:Quf1KAUae97sdDmm/QP5V9P/0XYpK+HrhnYXU+nf65M=
 github.com/gobuffalo/helpers v0.6.5/go.mod h1:LA4zcc89tkZsfKpJIWsXLibiqTgZQ4EvDszfxdqr9ZA=
 github.com/gobuffalo/here v0.6.0 h1:hYrd0a6gDmWxBM4TnrGw8mQg24iSVoIkHEk7FodQcBI=
-github.com/gobuffalo/here v0.6.0/go.mod h1:wAG085dHOYqUpf+Ap+WOdrPTp5IYcDAs/x7PLa8Y5fM=
 github.com/gobuffalo/httptest v1.0.2 h1:LWp2khlgA697h4BIYWW2aRxvB93jMnBrbakQ/r2KLzs=
 github.com/gobuffalo/httptest v1.0.2/go.mod h1:7T1IbSrg60ankme0aDLVnEY0h056g9M1/ZvpVThtB7E=
 github.com/gobuffalo/logger v0.0.0-20190315122211-86e12af44bc2/go.mod h1:QdxcLw541hSGtBnhUc4gaNIXRjiDppFGaDqzbrBd3v8=
@@ -817,11 +722,8 @@ github.com/gogo/protobuf v1.3.0/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXP
 github.com/gogo/protobuf v1.3.1/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXPKa29o=
 github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q=
 github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q=
-github.com/golang-jwt/jwt v3.2.2+incompatible h1:IfV12K8xAKAnZqdXVzCZ+TOjboZ2keLg81eXfW3O+oY=
-github.com/golang-jwt/jwt v3.2.2+incompatible/go.mod h1:8pz2t5EyA70fFQQSrl6XZXzqecmYZeUEB8OUGHkxJ+I=
 github.com/golang-jwt/jwt/v4 v4.1.0 h1:XUgk2Ex5veyVFVeLm0xhusUTQybEbexJXrvPNOKkSY0=
 github.com/golang-jwt/jwt/v4 v4.1.0/go.mod h1:/xlHOz8bRuivTWchD4jCa+NbatV+wEUSzwAxVc6locg=
-github.com/golang/freetype v0.0.0-20170609003504-e2365dfdc4a0/go.mod h1:E/TSTwGwJL78qG/PmXZO1EjYhfJinVAhrmmHX6Z8B9k=
 github.com/golang/gddo v0.0.0-20190904175337-72a348e765d2 h1:xisWqjiKEff2B0KfFYGpCqc3M3zdTz+OHQHRc09FeYk=
 github.com/golang/gddo v0.0.0-20190904175337-72a348e765d2/go.mod h1:xEhNfoBDX1hzLm2Nf80qUvZ2sVwoMZ8d6IE2SrsQfh4=
 github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
@@ -895,7 +797,6 @@ github.com/google/go-github/v27 v27.0.1/go.mod h1:/0Gr8pJ55COkmv+S/yPKCczSkUPIM/
 github.com/google/go-github/v28 v28.1.1/go.mod h1:bsqJWQX05omyWVmc00nEUql9mhQyv38lDZ8kPZcQVoM=
 github.com/google/go-github/v38 v38.1.0 h1:C6h1FkaITcBFK7gAmq4eFzt6gbhEhk7L5z6R3Uva+po=
 github.com/google/go-github/v38 v38.1.0/go.mod h1:cStvrz/7nFr0FoENgG6GLbp53WaelXucT+BBz/3VKx4=
-github.com/google/go-jsonnet v0.17.0/go.mod h1:sOcuej3UW1vpPTZOr8L7RQimqai1a57bt5j22LzGZCw=
 github.com/google/go-jsonnet v0.18.0 h1:/6pTy6g+Jh1a1I2UMoAODkqELFiVIdOxbNwv0DDzoOg=
 github.com/google/go-jsonnet v0.18.0/go.mod h1:C3fTzyVJDslXdiTqw/bTFk7vSGyCtH3MGRbDfvEwGd0=
 github.com/google/go-licenses v0.0.0-20210329231322-ce1d9163b77d/go.mod h1:+TYOmkVoJOpwnS0wfdsJCV9CoD5nJYsHoFk/0CrTK4M=
@@ -905,7 +806,6 @@ github.com/google/go-replayers/grpcreplay v0.1.0/go.mod h1:8Ig2Idjpr6gifRd6pNVgg
 github.com/google/go-replayers/httpreplay v0.1.0/go.mod h1:YKZViNhiGgqdBlUbI2MwGpq4pXxNmhJLPHQ7cv2b5no=
 github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
 github.com/google/gofuzz v1.1.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
-github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
 github.com/google/licenseclassifier v0.0.0-20210325184830-bb04aff29e72/go.mod h1:qsqn2hxC+vURpyBRygGUuinTO42MFRLcsmQ/P8v94+M=
 github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs=
 github.com/google/martian v2.1.1-0.20190517191504-25dcb96d9e51+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs=
@@ -997,7 +897,6 @@ github.com/gtank/cryptopasta v0.0.0-20170601214702-1f550f6f2f69 h1:7xsUJsB2Nrdct
 github.com/gtank/cryptopasta v0.0.0-20170601214702-1f550f6f2f69/go.mod h1:YLEMZOtU+AZ7dhN9T/IpGhXVGly2bvkJQ+zxj3WeVQo=
 github.com/hashicorp/consul/api v1.1.0/go.mod h1:VmuI/Lkw1nC05EYQWNKwWGbkg+FbDBtguAZLlVdkD9Q=
 github.com/hashicorp/consul/api v1.3.0/go.mod h1:MmDNSzIMUjNpY/mQ398R4bk2FnqQLoPndWW5VkKPlCE=
-github.com/hashicorp/consul/api v1.11.0/go.mod h1:XjsvQN+RJGWI2TWy1/kqaE16HrR2J/FWgkYjdZQsX9M=
 github.com/hashicorp/consul/api v1.12.0 h1:k3y1FYv6nuKyNTqj6w9gXOx5r5CfLj/k/euUeBXj1OY=
 github.com/hashicorp/consul/api v1.12.0/go.mod h1:6pVBMo0ebnYdt2S3H87XhekM/HHrUoTD2XXb/VrZVy0=
 github.com/hashicorp/consul/sdk v0.1.1/go.mod h1:VKf9jXwCTEY1QZP2MOLRhb5i/I/ssyNV1vwHyQBF0x8=
@@ -1015,7 +914,6 @@ github.com/hashicorp/go-hclog v0.0.0-20180709165350-ff2cf002a8dd/go.mod h1:9bjs9
 github.com/hashicorp/go-hclog v0.8.0/go.mod h1:5CU+agLiy3J7N7QjHK5d05KxGsuXiQLrjA0H7acj2lQ=
 github.com/hashicorp/go-hclog v0.9.2/go.mod h1:5CU+agLiy3J7N7QjHK5d05KxGsuXiQLrjA0H7acj2lQ=
 github.com/hashicorp/go-hclog v0.12.0/go.mod h1:whpDNt7SSdeAju8AWKIWsul05p54N/39EeqMAyrmvFQ=
-github.com/hashicorp/go-hclog v1.0.0/go.mod h1:whpDNt7SSdeAju8AWKIWsul05p54N/39EeqMAyrmvFQ=
 github.com/hashicorp/go-hclog v1.2.0 h1:La19f8d7WIlm4ogzNHB0JGqs5AUDAZ2UfCY4sJXcJdM=
 github.com/hashicorp/go-hclog v1.2.0/go.mod h1:whpDNt7SSdeAju8AWKIWsul05p54N/39EeqMAyrmvFQ=
 github.com/hashicorp/go-immutable-radix v1.0.0/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60=
@@ -1057,14 +955,11 @@ github.com/hashicorp/hcl v1.0.0 h1:0Anlzjpi4vEasTeNFn2mLJgTSwt0+6sfsiTG8qcWGx4=
 github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ=
 github.com/hashicorp/logutils v1.0.0/go.mod h1:QIAnNjmIWmVIIkWDTG1z5v++HQmx9WQRO+LraFDTW64=
 github.com/hashicorp/mdns v1.0.0/go.mod h1:tL+uN++7HEJ6SQLQ2/p+z2pH24WQKWjBPkE0mNTz8vQ=
-github.com/hashicorp/mdns v1.0.1/go.mod h1:4gW7WsVCke5TE7EPeYliwHlRUyBtfCwuFwuMg2DmyNY=
 github.com/hashicorp/mdns v1.0.4/go.mod h1:mtBihi+LeNXGtG8L9dX59gAEa12BDtBQSp4v/YAJqrc=
 github.com/hashicorp/memberlist v0.1.3/go.mod h1:ajVTdAv/9Im8oMAAj5G31PhhMCZJV2pPBoIllUwCN7I=
-github.com/hashicorp/memberlist v0.2.2/go.mod h1:MS2lj3INKhZjWNqd3N0m3J+Jxf3DAOnAH9VT3Sh9MUE=
 github.com/hashicorp/memberlist v0.3.0 h1:8+567mCcFDnS5ADl7lrpxPMWiFCElyUEeW0gtj34fMA=
 github.com/hashicorp/memberlist v0.3.0/go.mod h1:MS2lj3INKhZjWNqd3N0m3J+Jxf3DAOnAH9VT3Sh9MUE=
 github.com/hashicorp/serf v0.8.2/go.mod h1:6hOLApaqBFA1NXqRQAsxw9QxuDEvNxSQRwA/JwenrHc=
-github.com/hashicorp/serf v0.9.5/go.mod h1:UWDWwZeL5cuWDJdl0C6wrvrUwEqtQ4ZKBKKENpqIUyk=
 github.com/hashicorp/serf v0.9.6/go.mod h1:TXZNMjZQijwlDvp+r0b63xZ45H7JmCmgg4gpTwn9UV4=
 github.com/hashicorp/serf v0.9.7 h1:hkdgbqizGQHuU5IPqYM1JdSMV8nKfpuOnZYXssk9muY=
 github.com/hashicorp/serf v0.9.7/go.mod h1:TXZNMjZQijwlDvp+r0b63xZ45H7JmCmgg4gpTwn9UV4=
@@ -1096,11 +991,8 @@ github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANyt
 github.com/influxdata/influxdb1-client v0.0.0-20191209144304-8bf82d3c094d/go.mod h1:qj24IKcXYK6Iy9ceXlo3Tc+vtHo9lIhSX5JddghvEPo=
 github.com/inhies/go-bytesize v0.0.0-20210819104631-275770b98743 h1:X3Xxno5Ji8idrNiUoFc7QyXpqhSYlDRYQmc7mlpMBzU=
 github.com/inhies/go-bytesize v0.0.0-20210819104631-275770b98743/go.mod h1:KrtyD5PFj++GKkFS/7/RRrfnRhAMGQwy75GLCHWrCNs=
-github.com/instana/go-sensor v1.41.1/go.mod h1:E42MelHWFz11qqaLwvgt0j98v2s2O/bq22UDkGaG0Gg=
 github.com/instana/testify v1.6.2-0.20200721153833-94b1851f4d65 h1:T25FL3WEzgmKB0m6XCJNZ65nw09/QIp3T1yXr487D+A=
-github.com/instana/testify v1.6.2-0.20200721153833-94b1851f4d65/go.mod h1:nYhEREG/B7HUY7P+LKOrqy53TpIqmJ9JyUShcaEKtGw=
 github.com/j-keck/arping v0.0.0-20160618110441-2cf9dc699c56/go.mod h1:ymszkNOg6tORTn+6F6j+Jc8TOr5osrynvN6ivFWZ2GA=
-github.com/jackc/chunkreader v1.0.0 h1:4s39bBR8ByfqH+DKm8rQA3E1LHZWB9XWcrz8fqaZbe0=
 github.com/jackc/chunkreader v1.0.0/go.mod h1:RT6O25fNZIuasFJRyZ4R/Y2BbhasbmZXF9QQ7T3kePo=
 github.com/jackc/chunkreader/v2 v2.0.0/go.mod h1:odVSm741yZoC3dpHEUXIqA9tQRhFrgOHwnPIn9lDKlk=
 github.com/jackc/chunkreader/v2 v2.0.1 h1:i+RDz65UE+mmpjTfyz0MoVTnzeYxroil2G82ki7MGG8=
@@ -1122,7 +1014,6 @@ github.com/jackc/pgmock v0.0.0-20210724152146-4ad1a8207f65 h1:DadwsjnMwFjfWc9y5W
 github.com/jackc/pgmock v0.0.0-20210724152146-4ad1a8207f65/go.mod h1:5R2h2EEX+qri8jOWMbJCtaPWkrrNc7OHwsp2TCqp7ak=
 github.com/jackc/pgpassfile v1.0.0 h1:/6Hmqy13Ss2zCq62VdNG8tM1wchn8zjSGOBJ6icpsIM=
 github.com/jackc/pgpassfile v1.0.0/go.mod h1:CEx0iS5ambNFdcRtxPj5JhEz+xB6uRky5eyVu/W2HEg=
-github.com/jackc/pgproto3 v1.1.0 h1:FYYE4yRw+AgI8wXIinMlNjBbp/UitDJwfj5LqqewP1A=
 github.com/jackc/pgproto3 v1.1.0/go.mod h1:eR5FA3leWg7p9aeAqi37XOTgTIbkABlvcPB3E5rlc78=
 github.com/jackc/pgproto3/v2 v2.0.0-alpha1.0.20190420180111-c116219b62db/go.mod h1:bhq50y+xrl9n5mRYyCBFKkpRVTLYJVWeCc+mEAI3yXA=
 github.com/jackc/pgproto3/v2 v2.0.0-alpha1.0.20190609003834-432c2951c711/go.mod h1:uH0AWtUmuShn0bcesswc4aBTWGvw0cAxIJp+6OB//Wg=
@@ -1157,7 +1048,6 @@ github.com/jandelgado/gcov2lcov v1.0.5/go.mod h1:NnSxK6TMlg1oGDBfGelGbjgorT5/L3c
 github.com/jarcoal/httpmock v1.0.5 h1:cHtVEcTxRSX4J0je7mWPfc9BpDpqzXSJ5HbymZmyHck=
 github.com/jarcoal/httpmock v1.0.5/go.mod h1:ATjnClrvW/3tijVmpL/va5Z3aAyGvqU3gCT8nX0Txik=
 github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99/go.mod h1:1lJo3i6rXxKeerYnT8Nvf0QmHCRC1n8sfWVwXF2Frvo=
-github.com/jcchavezs/porto v0.1.0/go.mod h1:fESH0gzDHiutHRdX2hv27ojnOVFco37hg1W6E9EZF4A=
 github.com/jcmturner/aescts/v2 v2.0.0/go.mod h1:AiaICIRyfYg35RUkr8yESTqvSy7csK90qZ5xfvvsoNs=
 github.com/jcmturner/dnsutils/v2 v2.0.0/go.mod h1:b0TnjGOvI/n42bZa+hmXL+kFJZsFT7G4t3HTlQ184QM=
 github.com/jcmturner/gofork v1.0.0/go.mod h1:MK8+TM0La+2rjBD4jE12Kj1pCCxK7d2LK/UM3ncEo0o=
@@ -1184,7 +1074,6 @@ github.com/jmoiron/sqlx v1.3.3/go.mod h1:2BljVx/86SuTyjE+aPYlHCTNvZrnJXghYGpNiXL
 github.com/jmoiron/sqlx v1.3.4/go.mod h1:2BljVx/86SuTyjE+aPYlHCTNvZrnJXghYGpNiXLBMCQ=
 github.com/jmoiron/sqlx v1.3.5 h1:vFFPA71p1o5gAeqtEAwLU4dnX2napprKtHr7PYIcN3g=
 github.com/jmoiron/sqlx v1.3.5/go.mod h1:nRVWtLre0KfCLJvgxzCsLVMogSvQ1zNJtpYr2Ccp0mQ=
-github.com/joeshaw/multierror v0.0.0-20140124173710-69b34d4ec901/go.mod h1:Z86h9688Y0wesXCyonoVr47MasHilkuLMqGhRZ4Hpak=
 github.com/joho/godotenv v1.3.0/go.mod h1:7hK45KPybAkOC6peb+G5yklZfMxEjkZhHbwpqxOKXbg=
 github.com/joho/godotenv v1.4.0 h1:3l4+N6zfMWnkbPEXKng2o2/MR5mSwTrBih4ZEkkz1lg=
 github.com/joho/godotenv v1.4.0/go.mod h1:f4LDr5Voq0i2e/R5DDNOoa2zzDfwtkZa6DnEwAbqwq4=
@@ -1212,8 +1101,6 @@ github.com/juju/ratelimit v1.0.1/go.mod h1:qapgC/Gy+xNh9UxzV13HGGl/6UXNN+ct+vwSg
 github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w=
 github.com/julienschmidt/httprouter v1.3.0 h1:U0609e9tgbseu3rBINet9P48AI/D3oJs4dN7jwJOQ1U=
 github.com/julienschmidt/httprouter v1.3.0/go.mod h1:JR6WtHb+2LUe8TCKY3cZOxFyyO8IZAc4RVcycCCAKdM=
-github.com/jung-kurt/gofpdf v1.0.0/go.mod h1:7Id9E/uU8ce6rXgefFLlgrJj/GYY22cpxn+r32jIOes=
-github.com/jung-kurt/gofpdf v1.0.3-0.20190309125859-24315acbbda5/go.mod h1:7Id9E/uU8ce6rXgefFLlgrJj/GYY22cpxn+r32jIOes=
 github.com/karrick/godirwalk v1.8.0/go.mod h1:H5KPZjojv4lE+QYImBI8xVtrBRgYrIVsaRPx4tDPEn4=
 github.com/karrick/godirwalk v1.10.3/go.mod h1:RoGL9dQei4vP9ilrpETWE8CLOZ1kiN0LhBygSwrAsHA=
 github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51 h1:Z9n2FFNUXsshfwJMBgNA0RU6/i7WVaAegv3PtuIHPMs=
@@ -1250,7 +1137,6 @@ github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+
 github.com/leodido/go-urn v1.2.0 h1:hpXL4XnriNwQ/ABnpepYM/1vCLWNDfUNts8dX3xTG6Y=
 github.com/leodido/go-urn v1.2.0/go.mod h1:+8+nEpDfqqsY+g338gtMEUOtuK+4dEMhiQEgxpxOKII=
 github.com/letsencrypt/pkcs11key/v4 v4.0.0/go.mod h1:EFUvBDay26dErnNb70Nd0/VW3tJiIbETBPTl9ATXQag=
-github.com/lib/pq v0.0.0-20180327071824-d34b9ff171c2/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo=
 github.com/lib/pq v1.0.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo=
 github.com/lib/pq v1.1.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo=
 github.com/lib/pq v1.1.1/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo=
@@ -1261,7 +1147,6 @@ github.com/lib/pq v1.10.6 h1:jbk+ZieJ0D7EVGJYpL9QTz7/YW6UHbmdnZWYyK5cdBs=
 github.com/lib/pq v1.10.6/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o=
 github.com/lightstep/lightstep-tracer-common/golang/gogo v0.0.0-20190605223551-bc2310a04743/go.mod h1:qklhhLq1aX+mtWk9cPHPzaBjWImj5ULL6C7HFJtXQMM=
 github.com/lightstep/lightstep-tracer-go v0.18.1/go.mod h1:jlF1pusYV4pidLvZ+XD0UBX0ZE6WURAspgAczcDHrL4=
-github.com/looplab/fsm v0.1.0/go.mod h1:m2VaOfDHxqXBBMgc26m6yUOwkFn8H2AlJDE+jd/uafI=
 github.com/luna-duclos/instrumentedsql v1.1.3 h1:t7mvC0z1jUt5A0UQ6I/0H31ryymuQRnJcWCiqV3lSAA=
 github.com/luna-duclos/instrumentedsql v1.1.3/go.mod h1:9J1njvFds+zN7y85EDhN9XNQLANWwZt2ULeIC8yMNYs=
 github.com/lyft/protoc-gen-star v0.5.1/go.mod h1:9toiA3cC7z5uVbODF7kEQ91Xn7XNFkVUl+SrEe+ZORU=
@@ -1270,15 +1155,11 @@ github.com/lyft/protoc-gen-validate v0.0.13/go.mod h1:XbGvPuh87YZc5TdIa2/I4pLk0Q
 github.com/magiconair/properties v1.8.0/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ=
 github.com/magiconair/properties v1.8.1/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ=
 github.com/magiconair/properties v1.8.4/go.mod h1:y3VJvCyxH9uVvJTWEGAELF3aiYNyPKd5NZ3oSwXrF60=
-github.com/magiconair/properties v1.8.5/go.mod h1:y3VJvCyxH9uVvJTWEGAELF3aiYNyPKd5NZ3oSwXrF60=
 github.com/magiconair/properties v1.8.6 h1:5ibWZ6iY0NctNGWo87LalDlEZ6R41TqbbDamhfG/Qzo=
 github.com/magiconair/properties v1.8.6/go.mod h1:y3VJvCyxH9uVvJTWEGAELF3aiYNyPKd5NZ3oSwXrF60=
-github.com/mailru/easyjson v0.0.0-20180823135443-60711f1a8329/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
-github.com/mailru/easyjson v0.0.0-20190312143242-1de009706dbe/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
 github.com/mailru/easyjson v0.0.0-20190614124828-94de47d64c63/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
 github.com/mailru/easyjson v0.0.0-20190626092158-b2ccc519800e/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
 github.com/mailru/easyjson v0.7.0/go.mod h1:KAzv3t3aY1NaHWoQz1+4F1ccyAH66Jk7yos7ldAVICs=
-github.com/mailru/easyjson v0.7.1/go.mod h1:KAzv3t3aY1NaHWoQz1+4F1ccyAH66Jk7yos7ldAVICs=
 github.com/mailru/easyjson v0.7.6/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc=
 github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0=
 github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc=
@@ -1286,7 +1167,6 @@ github.com/markbates/hmax v1.0.0 h1:yo2N0gBoCnUMKhV/VRLHomT6Y9wUm+oQQENuWJqCdlM=
 github.com/markbates/hmax v1.0.0/go.mod h1:cOkR9dktiESxIMu+65oc/r/bdY4bE8zZw3OLhLx0X2c=
 github.com/markbates/oncer v0.0.0-20181203154359-bf2de49a0be2/go.mod h1:Ld9puTsIW75CHf65OeIOkyKbteujpZVXDpWK6YGZbxE=
 github.com/markbates/pkger v0.17.1 h1:/MKEtWqtc0mZvu9OinB9UzVN9iYCwLWuyUv4Bw+PCno=
-github.com/markbates/pkger v0.17.1/go.mod h1:0JoVlrol20BSywW79rN3kdFFsE5xYM+rSCQDXbLhiuI=
 github.com/markbates/safe v1.0.1/go.mod h1:nAqgmRi7cY2nqMc92/bSEeQA+R4OheNU2T1kNSCBdG0=
 github.com/marstr/guid v1.1.0/go.mod h1:74gB1z2wpxxInTG6yaqA7KrtM0NZ+RbrcqDvYHefzho=
 github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU=
@@ -1296,7 +1176,6 @@ github.com/mattn/go-colorable v0.1.4/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVc
 github.com/mattn/go-colorable v0.1.6/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc=
 github.com/mattn/go-colorable v0.1.8/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc=
 github.com/mattn/go-colorable v0.1.9/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc=
-github.com/mattn/go-colorable v0.1.11/go.mod h1:u5H1YNBxpqRaxsYJYSkiCWKzEfiAb1Gb520KVy5xxl4=
 github.com/mattn/go-colorable v0.1.12 h1:jF+Du6AlPIjs2BiUiQlKOX0rt3SujHxPnksPKZbaA40=
 github.com/mattn/go-colorable v0.1.12/go.mod h1:u5H1YNBxpqRaxsYJYSkiCWKzEfiAb1Gb520KVy5xxl4=
 github.com/mattn/go-ieproxy v0.0.0-20190610004146-91bb50d98149/go.mod h1:31jz6HNzdxOmlERGGEc4v/dMssOfmp2p5bT/okiKFFc=
@@ -1356,7 +1235,6 @@ github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh
 github.com/mitchellh/mapstructure v1.3.2/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
 github.com/mitchellh/mapstructure v1.3.3/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
 github.com/mitchellh/mapstructure v1.4.1/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
-github.com/mitchellh/mapstructure v1.4.2/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
 github.com/mitchellh/mapstructure v1.4.3/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
 github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyuac5Z2hdY=
 github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
@@ -1371,7 +1249,6 @@ github.com/moby/sys/mountinfo v0.4.1/go.mod h1:rEr8tzG/lsIZHBtN/JjGG+LMYx9eXgW2J
 github.com/moby/sys/mountinfo v0.5.0/go.mod h1:3bMD3Rg+zkqx8MRYPi7Pyb0Ie97QEBmdxbhnCLlSvSU=
 github.com/moby/sys/symlink v0.1.0/go.mod h1:GGDODQmbFOjFsXvfLVn3+ZRxkch54RkSiGqsZeMYowQ=
 github.com/moby/term v0.0.0-20200312100748-672ec06f55cd/go.mod h1:DdlQx2hp0Ss5/fLikoLlEeIYiATotOjgB//nb973jeo=
-github.com/moby/term v0.0.0-20201216013528-df9cb8a40635/go.mod h1:FBS0z0QWA44HXygs7VXDUOGoN/1TV3RuWkLO04am3wc=
 github.com/moby/term v0.0.0-20210619224110-3f7ff695adc6 h1:dcztxKSvZ4Id8iPpHERQBbIJfabdt4wUm5qy3wOL2Zc=
 github.com/moby/term v0.0.0-20210619224110-3f7ff695adc6/go.mod h1:E2VnQOmVuvZB6UYnnDB0qG5Nq/1tD9acaOpo6xmt0Kw=
 github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
@@ -1386,7 +1263,6 @@ github.com/mohae/deepcopy v0.0.0-20170929034955-c48cc78d4826/go.mod h1:TaXosZuwd
 github.com/montanaflynn/stats v0.0.0-20171201202039-1bf9dbcd8cbe h1:iruDEfMl2E6fbMZ9s0scYfZQ84/6SPL6zC8ACM2oIL0=
 github.com/montanaflynn/stats v0.0.0-20171201202039-1bf9dbcd8cbe/go.mod h1:wL8QJuTMNUDYhXwkmfOly8iTdp5TEcJFWZD2D7SIkUc=
 github.com/morikuni/aec v1.0.0 h1:nP9CBfwrvYnBRgY6qfDQkygYDmYwOilePFkwzv4dU8A=
-github.com/morikuni/aec v1.0.0/go.mod h1:BbKIizmSmc5MMPqRYbxO4ZU0S0+P200+tUnFx7PXmsc=
 github.com/mreiferson/go-httpclient v0.0.0-20160630210159-31f0106b4474/go.mod h1:OQA4XLvDbMgS8P0CevmM4m9Q3Jq4phKUzcocxuGJ5m8=
 github.com/mrunalp/fileutils v0.5.0/go.mod h1:M1WthSahJixYnrXQl/DFQuteStB1weuxD2QJNHXfbSQ=
 github.com/munnerz/goautoneg v0.0.0-20120707110453-a547fc61f48d/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ=
@@ -1495,7 +1371,6 @@ github.com/ory/herodot v0.9.13 h1:cN/Z4eOkErl/9W7hDIDLb79IO/bfsH+8yscBjRpB4IU=
 github.com/ory/herodot v0.9.13/go.mod h1:IWDs9kSvFQqw/cQ8zi5ksyYvITiUU4dI7glUrhZcJYo=
 github.com/ory/jsonschema/v3 v3.0.7 h1:GQ9qfZDiJqs4l2d3p56dozCChvejQFZyLKGHYzDzOSo=
 github.com/ory/jsonschema/v3 v3.0.7/go.mod h1:g8c8YOtN4TrR2wYeMdT02GDmzJDI0fEW2nI26BECafY=
-github.com/ory/mail v2.3.1+incompatible h1:vHntHDHtQXamt2T+iwTTlCoBkDvILUeujE9Ocwe9md4=
 github.com/ory/mail v2.3.1+incompatible/go.mod h1:87D9/1gB6ewElQoN0lXJ0ayfqcj3cW3qCTXh+5E9mfU=
 github.com/ory/mail/v3 v3.0.0 h1:8LFMRj473vGahFD/ntiotWEd4S80FKYFtiZTDfOQ+sM=
 github.com/ory/mail/v3 v3.0.0/go.mod h1:JGAVeZF8YAlxbaFDUHqRZAKBCSeW2w1vuxf28hFbZAw=
@@ -1505,8 +1380,8 @@ github.com/ory/sessions v1.2.2-0.20220110165800-b09c17334dc2 h1:zm6sDvHy/U9XrGpi
 github.com/ory/sessions v1.2.2-0.20220110165800-b09c17334dc2/go.mod h1:dk2InVEVJ0sfLlnXv9EAgkf6ecYs/i80K/zI+bUmuGM=
 github.com/ory/viper v1.7.5 h1:+xVdq7SU3e1vNaCsk/ixsfxE4zylk1TJUiJrY647jUE=
 github.com/ory/viper v1.7.5/go.mod h1:ypOuyJmEUb3oENywQZRgeAMwqgOyDqwboO1tj3DjTaM=
-github.com/ory/x v0.0.460 h1:p5sYRjtHeVVMvCWtd8PWzoPl7Br0IfoalNJr22qnZCE=
-github.com/ory/x v0.0.460/go.mod h1:w2gwqgw3XqKTxW8wURVxUFI2NuDyIC2rGxvEsnBJqjs=
+github.com/ory/x v0.0.470 h1:o/Ftf0o+q/K7zgWJ/I6lBkqBusWAsZNnDf6Gq/wYwU4=
+github.com/ory/x v0.0.470/go.mod h1:w2gwqgw3XqKTxW8wURVxUFI2NuDyIC2rGxvEsnBJqjs=
 github.com/otiai10/copy v1.2.0/go.mod h1:rrF5dJ5F0t/EWSYODDu4j9/vEeYHMkc8jt0zJChqQWw=
 github.com/otiai10/curr v0.0.0-20150429015615-9b4961190c95/go.mod h1:9qAhocn7zKJG+0mI8eUu6xqkFDYS2kb2saOteoSB3cE=
 github.com/otiai10/curr v1.0.0/go.mod h1:LskTG5wDwr8Rs+nNQ+1LlxRjAtTZZjtJW4rMXl6j4vs=
@@ -1524,7 +1399,6 @@ github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/9
 github.com/pelletier/go-toml v1.7.0/go.mod h1:vwGMzjaWMwyfHwgIBhI2YUM4fB6nL6lVAvS1LBMMhTE=
 github.com/pelletier/go-toml v1.8.0/go.mod h1:D6yutnOGMveHEPV7VQOuvI/gXY61bv+9bAOTRnLElKs=
 github.com/pelletier/go-toml v1.8.1/go.mod h1:T2/BmBdy8dvIRq1a/8aqjN41wvWlN4lrapLU/GW4pbc=
-github.com/pelletier/go-toml v1.9.4/go.mod h1:u1nR/EPcESfeI/szUZKdtJ0xRNbUoANCkoOuaOx1Y+c=
 github.com/pelletier/go-toml v1.9.5 h1:4yBQzkHv+7BHq2PQUZF3Mx0IYxG7LsP222s7Agd3ve8=
 github.com/pelletier/go-toml v1.9.5/go.mod h1:u1nR/EPcESfeI/szUZKdtJ0xRNbUoANCkoOuaOx1Y+c=
 github.com/pelletier/go-toml/v2 v2.0.1 h1:8e3L2cCQzLFi2CR4g7vGFuFxX7Jl1kKX8gW+iV0GUKU=
@@ -1533,10 +1407,6 @@ github.com/performancecopilot/speed v3.0.0+incompatible/go.mod h1:/CLtqpZ5gBg1M9
 github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR/tNboyR3/BZd58JJSHlUSCU=
 github.com/phayes/freeport v0.0.0-20180830031419-95f893ade6f2 h1:JhzVVoYvbOACxoUmOs6V/G4D5nPVUW73rKvXxP4XUJc=
 github.com/phayes/freeport v0.0.0-20180830031419-95f893ade6f2/go.mod h1:iIss55rKnNBTvrwdmkUpLnDpZoAHvWaiq5+iMmen4AE=
-github.com/philhofer/fwd v1.1.1/go.mod h1:gk3iGcWd9+svBvR0sR+KPcfE+RNWozjowpeBVG3ZVNU=
-github.com/phpdave11/gofpdf v1.4.2/go.mod h1:zpO6xFn9yxo3YLyMvW8HcKWVdbNqgIfOOp2dXMnm1mY=
-github.com/phpdave11/gofpdi v1.0.12/go.mod h1:vBmVV0Do6hSBHC8uKUQ71JGW+ZGQq74llk/7bXwjDoI=
-github.com/phpdave11/gofpdi v1.0.13/go.mod h1:vBmVV0Do6hSBHC8uKUQ71JGW+ZGQq74llk/7bXwjDoI=
 github.com/pierrec/lz4 v1.0.2-0.20190131084431-473cd7ce01a1/go.mod h1:3/3N9NVKO0jef7pBehbT1qWhCMrIgbYNnFAZCqQ5LRc=
 github.com/pierrec/lz4 v2.0.5+incompatible/go.mod h1:pdkljMzZIN41W+lC3N2tnIh5sFi+IEE17M5jbnwPHcY=
 github.com/pierrec/lz4 v2.6.1+incompatible/go.mod h1:pdkljMzZIN41W+lC3N2tnIh5sFi+IEE17M5jbnwPHcY=
@@ -1603,7 +1473,6 @@ github.com/prometheus/common v0.32.1/go.mod h1:vu+V0TpY+O6vW9J44gczi3Ap/oXXR10b+
 github.com/prometheus/procfs v0.0.0-20180125133057-cb4147076ac7/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
 github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
 github.com/prometheus/procfs v0.0.0-20190117184657-bf6a532e95b1/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
-github.com/prometheus/procfs v0.0.0-20190425082905-87a4384529e0/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA=
 github.com/prometheus/procfs v0.0.0-20190507164030-5867b95ac084/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA=
 github.com/prometheus/procfs v0.0.0-20190522114515-bc1a522cf7b1/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA=
 github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA=
@@ -1645,21 +1514,15 @@ github.com/rs/cors v1.8.2/go.mod h1:XyqrcTp5zjWr1wsJ8PIRZssZ8b/WMcMf71DJnit4EMU=
 github.com/rs/xid v1.2.1/go.mod h1:+uKXf+4Djp6Md1KODXJxgGQPKngRmWyn10oCKFzNHOQ=
 github.com/rs/zerolog v1.13.0/go.mod h1:YbFCdg8HfsridGWAh22vktObvhZbQsZXe4/zB0OKkWU=
 github.com/rs/zerolog v1.15.0/go.mod h1:xYTKnLHcpfU2225ny5qZjxnj9NvkumZYjJHlAThCjNc=
-github.com/russross/blackfriday v1.5.2 h1:HyvC0ARfnZBqnXwABFeSZHpKvJHJJfPz81GNueLj0oo=
 github.com/russross/blackfriday v1.5.2/go.mod h1:JO/DiYxRf+HjHt06OyowR9PTA263kcR/rfWxYHBV53g=
 github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
 github.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf35Ld67mk=
 github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
-github.com/ruudk/golang-pdf417 v0.0.0-20181029194003-1af4ab5afa58/go.mod h1:6lfFZQK844Gfx8o5WFuvpxWRwnSoipWe/p622j1v06w=
-github.com/ruudk/golang-pdf417 v0.0.0-20201230142125-a7e3863a1245/go.mod h1:pQAZKsJ8yyVxGRWYNEm9oFB8ieLgKFnamEyDmSA0BRk=
 github.com/ryanuber/columnize v0.0.0-20160712163229-9b3edd62028f/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts=
 github.com/ryanuber/columnize v2.1.0+incompatible/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts=
 github.com/ryanuber/go-glob v1.0.0/go.mod h1:807d1WSdnB0XRJzKNil9Om6lcp/3a0v4qIHxIXzX/Yc=
 github.com/safchain/ethtool v0.0.0-20190326074333-42ed695e3de8/go.mod h1:Z0q5wiBQGYcxhMZ6gUqHn6pYNLypFAvaL3UvgZLR0U4=
-github.com/sagikazarmark/crypt v0.3.0/go.mod h1:uD/D+6UF4SrIR1uGEv7bBNkNqLGqUr43MRiaGWX1Nig=
-github.com/sagikazarmark/crypt v0.6.0/go.mod h1:U8+INwJo3nBv1m6A/8OBXAq7Jnpspk5AxSgDyEQcea8=
 github.com/samuel/go-zookeeper v0.0.0-20190923202752-2cc03de413da/go.mod h1:gi+0XIa01GRL2eRQVjQkKGqKF3SF9vZR/HnPullcV2E=
-github.com/santhosh-tekuri/jsonschema v1.2.4/go.mod h1:TEAUOeZSmIxTTuHatJzrvARHiuO9LYd+cIxzgEHCQI4=
 github.com/sassoftware/go-rpmutils v0.0.0-20190420191620-a8f1baeba37b/go.mod h1:am+Fp8Bt506lA3Rk3QCmSqmYmLMnPDhdDUcosQCAx+I=
 github.com/satori/go.uuid v1.2.0/go.mod h1:dA0hQrYB0VpLJoorglMZABFdXlWrHn1NEOzdhQKdks0=
 github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529 h1:nn5Wsu0esKSJiIVhscUtVbo7ada43DJhG55ua/hjS5I=
@@ -1723,7 +1586,6 @@ github.com/spf13/afero v1.8.2/go.mod h1:CtAatgMJh6bJEIs48Ay/FOnkljP3WeGUG0MC1RfA
 github.com/spf13/cast v1.3.0/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE=
 github.com/spf13/cast v1.3.1/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE=
 github.com/spf13/cast v1.3.2-0.20200723214538-8d17101741c8/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE=
-github.com/spf13/cast v1.4.1/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE=
 github.com/spf13/cast v1.5.0 h1:rj3WzYc11XZaIZMPKmwP96zkFEnnAmV8s6XbB2aY32w=
 github.com/spf13/cast v1.5.0/go.mod h1:SpXXQ5YoyJw6s3/6cMTQuxvgRl3PCJiyaX9p6b155UU=
 github.com/spf13/cobra v0.0.2-0.20171109065643-2da4a54c5cee/go.mod h1:1l0Ry5zgKvJasoi3XT1TypsSe7PqH0Sj9dhYf7v3XqQ=
@@ -1732,7 +1594,6 @@ github.com/spf13/cobra v0.0.5/go.mod h1:3K3wKZymM7VvHMDS9+Akkh4K60UwM26emMESw8tL
 github.com/spf13/cobra v1.0.0/go.mod h1:/6GTrnGXV9HjY+aR4k0oJ5tcvakLuG6EuKReYlHNrgE=
 github.com/spf13/cobra v1.1.1/go.mod h1:WnodtKOvamDL/PwE2M4iKs8aMDBZ5Q5klgD3qfVJQMI=
 github.com/spf13/cobra v1.1.3/go.mod h1:pGADOWyqRD/YMrPZigI/zbliZ2wVD/23d+is3pSWzOo=
-github.com/spf13/cobra v1.3.0/go.mod h1:BrRVncBjOJa/eUcVVm9CE+oC6as8k+VYr4NY7WCi9V4=
 github.com/spf13/cobra v1.5.0 h1:X+jTBEBqF0bHN+9cSMgmfuvv2VHJ9ezmFNf9Y/XstYU=
 github.com/spf13/cobra v1.5.0/go.mod h1:dWXEIy2H428czQCjInthrTRUg7yKbok+2Qi/yBIJoUM=
 github.com/spf13/jwalterweatherman v1.0.0/go.mod h1:cQK4TGJAtQXfYWX+Ddv3mKDzgVb68N+wFjFa4jdeBTo=
@@ -1747,12 +1608,10 @@ github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An
 github.com/spf13/viper v1.3.2/go.mod h1:ZiWeW+zYFKm7srdB9IoDzzZXaJaI5eL9QjNiN/DMA2s=
 github.com/spf13/viper v1.4.0/go.mod h1:PTJ7Z/lr49W6bUbkmS1V3by4uWynFiR9p7+dSq/yZzE=
 github.com/spf13/viper v1.7.0/go.mod h1:8WkrPz2fc9jxqZNCJI/76HCieCp4Q8HaLFoCha5qpdg=
-github.com/spf13/viper v1.10.0/go.mod h1:SoyBPwAtKDzypXNDFKN5kzH7ppppbGZtls1UpIy5AsM=
 github.com/spf13/viper v1.12.0 h1:CZ7eSOd3kZoaYDLbXnmzgQI5RlciuXBMA+18HwHRfZQ=
 github.com/spf13/viper v1.12.0/go.mod h1:b6COn30jlNxbm/V2IqWiNWkJ+vZNiMNksliPCiuKtSI=
 github.com/sqs/goreturns v0.0.0-20181028201513-538ac6014518 h1:iD+PFTQwKEmbwSdwfvP5ld2WEI/g7qbdhmHJ2ASfYGs=
 github.com/sqs/goreturns v0.0.0-20181028201513-538ac6014518/go.mod h1:CKI4AZ4XmGV240rTHfO0hfE83S6/a3/Q1siZJ/vXf7A=
-github.com/square/go-jose/v3 v3.0.0-20200630053402-0a67ce9b0693/go.mod h1:6hSY48PjDm4UObWmGLyJE9DxYVKTgR9kbCspXXJEhcU=
 github.com/src-d/gcfg v1.4.0/go.mod h1:p/UMsR43ujA89BJY9duynAwIpvqEujIH/jFlfL7jWoI=
 github.com/stefanberger/go-pkcs11uri v0.0.0-20201008174630-78d3cae3a980/go.mod h1:AO3tvPzVZ/ayst6UlUKUv6rcPQInYe3IknH3jYhAKu8=
 github.com/streadway/amqp v0.0.0-20190404075320-75d898a42a94/go.mod h1:AZpEONHx3DKn8O/DFsRAY58/XVQiIPMTMB1SddzLXVw=
@@ -1773,7 +1632,6 @@ github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5
 github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
-github.com/stretchr/testify v1.7.2/go.mod h1:R6va5+xMeoiuVRoj+gSkQ7d3FALtqAAGI1FQKckRals=
 github.com/stretchr/testify v1.8.0 h1:pSgiaMZlXftHpm5L7V1+rVB+AZJydKsMxsQBIJw4PKk=
 github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
 github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69rRypqCw=
@@ -1797,7 +1655,6 @@ github.com/timtadh/data-structures v0.5.3 h1:F2tEjoG9qWIyUjbvXVgJqEOGJPMIiYn7U5W
 github.com/timtadh/data-structures v0.5.3/go.mod h1:9R4XODhJ8JdWFEI8P/HJKqxuJctfBQw6fDibMQny2oU=
 github.com/timtadh/lexmachine v0.2.2 h1:g55RnjdYazm5wnKv59pwFcBJHOyvTPfDEoz21s4PHmY=
 github.com/timtadh/lexmachine v0.2.2/go.mod h1:GBJvD5OAfRn/gnp92zb9KTgHLB7akKyxmVivoYCcjQI=
-github.com/tinylib/msgp v1.1.2/go.mod h1:+d+yLhGm8mzTaHzB+wgMYrodPfmZrzkirds8fDWklFE=
 github.com/tj/assert v0.0.0-20171129193455-018094318fb0/go.mod h1:mZ9/Rh9oLWpLLDRpvE+3b7gP/C2YyLFYxNmcLnPTMe0=
 github.com/tj/go-elastic v0.0.0-20171221160941-36157cbbebc2/go.mod h1:WjeM0Oo1eNAjXGDx2yma7uG2XoyRZTq1uv3M/o7imD0=
 github.com/tj/go-kinesis v0.0.0-20171128231115-08b17f58cb1b/go.mod h1:/yhzCV0xPfx6jb1bBgRFjl5lytqVqZXEaeqWP8lTEao=
@@ -1811,8 +1668,6 @@ github.com/tomasen/realip v0.0.0-20180522021738-f0c99a92ddce/go.mod h1:o8v6yHRoi
 github.com/toqueteos/webbrowser v1.2.0 h1:tVP/gpK69Fx+qMJKsLE7TD8LuGWPnEV71wBN9rrstGQ=
 github.com/toqueteos/webbrowser v1.2.0/go.mod h1:XWoZq4cyp9WeUeak7w7LXRUQf1F1ATJMir8RTqb4ayM=
 github.com/tv42/httpunix v0.0.0-20150427012821-b75d8614f926/go.mod h1:9ESjWnEqriFuLhtthL60Sar/7RFoluCcXsuvEwTV5KM=
-github.com/uber/jaeger-client-go v2.30.0+incompatible/go.mod h1:WVhlPFC8FDjOFMMWRy2pZqQJSXxYSwNYOkTr/Z6d3Kk=
-github.com/uber/jaeger-lib v2.4.1+incompatible/go.mod h1:ComeNDZlWwrWnDv8aPp0Ba6+uUTzImX/AauajbLI56U=
 github.com/ugorji/go v1.1.4/go.mod h1:uQMGLiO92mf5W77hV/PUCpI3pbzQx3CRekS0kk+RGrc=
 github.com/ugorji/go/codec v0.0.0-20181204163529-d75b2dcb6bc8/go.mod h1:VFNgLljTbGfSG7qAOspJ7OScBnGdDN/yBr0sguwnwf0=
 github.com/ulikunitz/xz v0.5.6/go.mod h1:2bypXElzHzzJZwzH67Y6wb67pO62Rzfn7BSiF4ABRW8=
@@ -1869,7 +1724,6 @@ github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9dec
 github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k=
 github.com/yuin/goldmark v1.4.0/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k=
 github.com/yuin/goldmark v1.4.1/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k=
-github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
 github.com/yvasiyarov/go-metrics v0.0.0-20140926110328-57bccd1ccd43/go.mod h1:aX5oPXxHm3bOH+xeAttToC8pqch2ScQN/JoXYupl6xs=
 github.com/yvasiyarov/gorelic v0.0.0-20141212073537-a9bba5b9ab50/go.mod h1:NUSPSUX/bi6SeDMUh6brw0nXpxHnc96TguQh0+r/ssA=
 github.com/yvasiyarov/newrelic_platform_go v0.0.0-20140908184405-b21fdbd4370f/go.mod h1:GlGEuHIJweS1mbCqG+7vt2nvWLzLLnRHbXz5JKd/Qbg=
@@ -1882,26 +1736,18 @@ github.com/zmap/zcrypto v0.0.0-20210511125630-18f1e0152cfc/go.mod h1:FM4U1E3NzlN
 github.com/zmap/zlint/v3 v3.1.0/go.mod h1:L7t8s3sEKkb0A2BxGy1IWrxt1ZATa1R4QfJZaQOD3zU=
 github.com/zmb3/spotify/v2 v2.0.0 h1:NHW9btztNZTrJ0+3yMNyfY5qcu1ck9s36wwzc7zrCic=
 github.com/zmb3/spotify/v2 v2.0.0/go.mod h1:+LVh9CafHu7SedyqYmEf12Rd01dIVlEL845yNhksW0E=
-go.elastic.co/apm v1.15.0/go.mod h1:dylGv2HKR0tiCV+wliJz1KHtDyuD8SPe69oV7VyK6WY=
-go.elastic.co/apm/module/apmhttp v1.15.0/go.mod h1:NruY6Jq8ALLzWUVUQ7t4wIzn+onKoiP5woJJdTV7GMg=
-go.elastic.co/apm/module/apmot v1.15.0/go.mod h1:BjFz2KOlnjXdnSo0p6nhDDaIEYYX8c6uVHwvkZiLqtQ=
-go.elastic.co/fastjson v1.1.0/go.mod h1:boNGISWMjQsUPy/t6yqt2/1Wx4YNPSe+mZjlyw9vKKI=
 go.etcd.io/bbolt v1.3.2/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU=
 go.etcd.io/bbolt v1.3.3/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU=
 go.etcd.io/bbolt v1.3.5 h1:XAzx9gjCb0Rxj7EoqcClPD1d5ZBxZJk0jbuoPHenBt0=
 go.etcd.io/bbolt v1.3.5/go.mod h1:G5EMThwa9y8QZGBClrRx5EY+Yw9kAhnjy3bSjsnlVTQ=
 go.etcd.io/etcd v0.0.0-20191023171146-3cf2f69b5738/go.mod h1:dnLIgRNXwCJa5e+c6mIZCrds/GIG4ncV9HhK5PX7jPg=
-go.etcd.io/etcd v0.5.0-alpha.5.0.20200910180754-dd1b699fc489 h1:1JFLBqwIgdyHN1ZtgjTBwO+blA6gVOmZurpiMEsETKo=
 go.etcd.io/etcd v0.5.0-alpha.5.0.20200910180754-dd1b699fc489/go.mod h1:yVHk9ub3CSBatqGNg7GRmsnfLWtoW60w4eDYfh7vHDg=
 go.etcd.io/etcd/api/v3 v3.5.0-alpha.0/go.mod h1:mPcW6aZJukV6Aa81LSKpBjQXTWlXB5r74ymPoSWa3Sw=
-go.etcd.io/etcd/api/v3 v3.5.1/go.mod h1:cbVKeC6lCfl7j/8jBhAK6aIYO9XOjdptoxU/nLQcPvs=
 go.etcd.io/etcd/api/v3 v3.5.4 h1:OHVyt3TopwtUQ2GKdd5wu3PmmipR4FTwCqoEjSyRdIc=
 go.etcd.io/etcd/api/v3 v3.5.4/go.mod h1:5GB2vv4A4AOn3yk7MftYGHkUfGtDHnEraIjym4dYz5A=
-go.etcd.io/etcd/client/pkg/v3 v3.5.1/go.mod h1:IJHfcCEKxYu1Os13ZdwCwIUTUVGYTSAM3YSwc9/Ac1g=
 go.etcd.io/etcd/client/pkg/v3 v3.5.4 h1:lrneYvz923dvC14R54XcA7FXoZ3mlGZAgmwhfm7HqOg=
 go.etcd.io/etcd/client/pkg/v3 v3.5.4/go.mod h1:IJHfcCEKxYu1Os13ZdwCwIUTUVGYTSAM3YSwc9/Ac1g=
 go.etcd.io/etcd/client/v2 v2.305.0-alpha.0/go.mod h1:kdV+xzCJ3luEBSIeQyB/OEKkWKd8Zkux4sbDeANrosU=
-go.etcd.io/etcd/client/v2 v2.305.1/go.mod h1:pMEacxZW7o8pg4CrFE7pquyCJJzZvkvdD2RibOCCCGs=
 go.etcd.io/etcd/client/v2 v2.305.4 h1:Dcx3/MYyfKcPNLpR4VVQUP5KgYrBeJtktBwEKkw08Ao=
 go.etcd.io/etcd/client/v2 v2.305.4/go.mod h1:Ud+VUwIi9/uQHOMA+4ekToJ12lTxlv0zB/+DHwTGEbU=
 go.etcd.io/etcd/client/v3 v3.5.0-alpha.0/go.mod h1:wKt7jgDgf/OfKiYmCq5WFGxOFAkVMLxiiXgLDFhECr8=
@@ -1947,7 +1793,6 @@ go.opentelemetry.io/otel v1.4.0/go.mod h1:jeAqMFKy2uLIxCtKxoFj0FAL5zAPKQagc3+GtB
 go.opentelemetry.io/otel v1.4.1/go.mod h1:StM6F/0fSwpd8dKWDCdRr7uRvEPYdW0hBSlbdTiUde4=
 go.opentelemetry.io/otel v1.9.0 h1:8WZNQFIB2a71LnANS9JeyidJKKGOOremcUtb/OtHISw=
 go.opentelemetry.io/otel v1.9.0/go.mod h1:np4EoPGzoPs3O67xUVNoPPcmSvsfOxNlNA4F4AC+0Eo=
-go.opentelemetry.io/otel/bridge/opentracing v1.9.0/go.mod h1:QYKRAmt+MWDoudzsVKYSutcVs9scYhc2K6YspGV/LLw=
 go.opentelemetry.io/otel/exporters/jaeger v1.9.0 h1:gAEgEVGDWwFjcis9jJTOJqZNxDzoZfR12WNIxr7g9Ww=
 go.opentelemetry.io/otel/exporters/jaeger v1.9.0/go.mod h1:hquezOLVAybNW6vanIxkdLXTXvzlj2Vn3wevSP15RYs=
 go.opentelemetry.io/otel/exporters/otlp/internal/retry v1.9.0 h1:ggqApEjDKczicksfvZUCxuvoyDmR6Sbm56LwiK8DVR0=
@@ -2002,7 +1847,6 @@ golang.org/x/crypto v0.0.0-20181030102418-4d3f4d9ffa16/go.mod h1:6SG95UA2DQfeDnf
 golang.org/x/crypto v0.0.0-20181203042331-505ab145d0a9/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
 golang.org/x/crypto v0.0.0-20190219172222-a4c6cb3142f2/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
-golang.org/x/crypto v0.0.0-20190320223903-b7391e95e576/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20190411191339-88737f569e3a/go.mod h1:WFFai1msRO1wXaEeE5yQxYXgSfI8pQAWXbQop6sCtWE=
 golang.org/x/crypto v0.0.0-20190422162423-af44ce270edf/go.mod h1:WFFai1msRO1wXaEeE5yQxYXgSfI8pQAWXbQop6sCtWE=
 golang.org/x/crypto v0.0.0-20190426145343-a29dc8fdc734/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
@@ -2010,10 +1854,8 @@ golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8U
 golang.org/x/crypto v0.0.0-20190530122614-20be4c3c3ed5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20190611184440-5c40567a22f8/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
-golang.org/x/crypto v0.0.0-20190617133340-57b3e21c3d56/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20190701094942-4def268fd1a4/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20190820162420-60c769a6c586/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
-golang.org/x/crypto v0.0.0-20190911031432-227b76d455e7/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20190923035154-9ee001bba392/go.mod h1:/lpIB1dKB+9EgE3H3cr1v9wB50oz8l4C4h62xy7jSTY=
 golang.org/x/crypto v0.0.0-20191002192127-34f69633bfdc/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
@@ -2032,22 +1874,16 @@ golang.org/x/crypto v0.0.0-20210421170649-83a5a9bb288b/go.mod h1:T9bdIzuCu7OtxOm
 golang.org/x/crypto v0.0.0-20210506145944-38f3c27a63bf/go.mod h1:P+XmwS30IXTQdn5tA2iutPOUgjI07+tq3H3K9MVA1s8=
 golang.org/x/crypto v0.0.0-20210616213533-5ff15b29337e/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/crypto v0.0.0-20210711020723-a769d52b0f97/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
-golang.org/x/crypto v0.0.0-20210817164053-32db794688a5/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/crypto v0.0.0-20210920023735-84f357641f63/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/crypto v0.0.0-20211108221036-ceb1ce70b4fa/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
-golang.org/x/crypto v0.0.0-20220411220226-7b82a4e95df4/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/crypto v0.0.0-20220517005047-85d78b3ac167/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/crypto v0.0.0-20220817201139-bc19a97f63c8 h1:GIAS/yBem/gq2MUqgNIzUHW7cJMmx3TGZOrnyYaNQ6c=
 golang.org/x/crypto v0.0.0-20220817201139-bc19a97f63c8/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
-golang.org/x/exp v0.0.0-20180321215751-8460e604b9de/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
-golang.org/x/exp v0.0.0-20180807140117-3d87b88a115f/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
-golang.org/x/exp v0.0.0-20190125153040-c74c464bbbf2/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
 golang.org/x/exp v0.0.0-20190829153037-c13cbed26979/go.mod h1:86+5VVa7VpoJ4kLfm080zCjGlMRFzhUhsZKEZO7MGek=
-golang.org/x/exp v0.0.0-20191002040644-a1355ae1e2c3/go.mod h1:NOZ3BPKG0ec/BKJQgnvsSFpcKLM5xXVWnvZS97DWHgE=
 golang.org/x/exp v0.0.0-20191030013958-a1ab85dbe136/go.mod h1:JXzH8nQsPlswgeRAPE3MuO9GYsAcnJvJ4vnMwN/5qkY=
 golang.org/x/exp v0.0.0-20191129062945-2f5052295587/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4=
 golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4=
@@ -2055,17 +1891,8 @@ golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u0
 golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM=
 golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU=
 golang.org/x/exp v0.0.0-20200331195152-e8c3332aa8e5/go.mod h1:4M0jN8W1tt0AVLNr8HDosyJCDCDuyL9N9+3m7wDWgKw=
-golang.org/x/image v0.0.0-20180708004352-c73c2afc3b81/go.mod h1:ux5Hcp/YLpHSI86hEcLt0YII63i6oz57MZXIpbrjZUs=
 golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js=
 golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0=
-golang.org/x/image v0.0.0-20190910094157-69e4b8554b2a/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0=
-golang.org/x/image v0.0.0-20200119044424-58c23975cae1/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0=
-golang.org/x/image v0.0.0-20200430140353-33d19683fad8/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0=
-golang.org/x/image v0.0.0-20200618115811-c13761719519/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0=
-golang.org/x/image v0.0.0-20201208152932-35266b937fa6/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0=
-golang.org/x/image v0.0.0-20210216034530-4410531fe030/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0=
-golang.org/x/image v0.0.0-20210607152325-775e3b0c77b9/go.mod h1:023OzeP/+EPmXeapQh35lcL3II3LrY8Ic+EFFKVhULM=
-golang.org/x/image v0.0.0-20210628002857-a66eb6448b8d/go.mod h1:023OzeP/+EPmXeapQh35lcL3II3LrY8Ic+EFFKVhULM=
 golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
 golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU=
 golang.org/x/lint v0.0.0-20190301231843-5614ed5bae6f/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
@@ -2095,7 +1922,6 @@ golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91
 golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20181005035420-146acd28ed58/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20181011144130-49bb7cea24b1/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20181023162649-9b4f9f5ad519/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20181108082009-03003ca0c849/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
@@ -2106,7 +1932,6 @@ golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73r
 golang.org/x/net v0.0.0-20190125091013-d26f9f9a57f3/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
-golang.org/x/net v0.0.0-20190320064053-1272bf9dcd53/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20190501004415-9ce7a6920f09/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20190503192946-f4e77d36d62c/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
@@ -2136,7 +1961,6 @@ golang.org/x/net v0.0.0-20200506145744-7e3656a0809f/go.mod h1:qpuaurCH72eLCgpAm/
 golang.org/x/net v0.0.0-20200513185701-a91f0712d120/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
 golang.org/x/net v0.0.0-20200520004742-59133d7f0dd7/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
 golang.org/x/net v0.0.0-20200520182314-0ba52f642ac2/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
-golang.org/x/net v0.0.0-20200602114024-627f9648deb9/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
 golang.org/x/net v0.0.0-20200625001655-4c5254603344/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
 golang.org/x/net v0.0.0-20200707034311-ab3426394381/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
 golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
@@ -2170,10 +1994,7 @@ golang.org/x/net v0.0.0-20220225172249-27dd8689420f/go.mod h1:CfG3xpIq0wQ8r1q4Su
 golang.org/x/net v0.0.0-20220325170049-de3da57026de/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
 golang.org/x/net v0.0.0-20220412020605-290c469a71a5/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
 golang.org/x/net v0.0.0-20220425223048-2871e0cb64e4/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
-golang.org/x/net v0.0.0-20220520000938-2e3eb7b945c2/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
 golang.org/x/net v0.0.0-20220607020251-c690dde0001d/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
-golang.org/x/net v0.0.0-20220624214902-1bab6f366d9e/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
-golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
 golang.org/x/net v0.0.0-20220826154423-83b083e8dc8b h1:ZmngSVLe/wycRns9MKikG9OWIEjGcGAkacif7oYQaUY=
 golang.org/x/net v0.0.0-20220826154423-83b083e8dc8b/go.mod h1:YDH+HFinaLZZlnHAfSS6ZXJJ9M9t4Dl22yv3iI2vPwk=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
@@ -2196,7 +2017,6 @@ golang.org/x/oauth2 v0.0.0-20210628180205-a41e5a781914/go.mod h1:KelEdhl1UZF7XfJ
 golang.org/x/oauth2 v0.0.0-20210805134026-6f1e6394065a/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
 golang.org/x/oauth2 v0.0.0-20210810183815-faf39c7919d5/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
 golang.org/x/oauth2 v0.0.0-20210819190943-2bc19b11175f/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
-golang.org/x/oauth2 v0.0.0-20211005180243-6b3c2da341f1/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
 golang.org/x/oauth2 v0.0.0-20211104180415-d3ed0bb246c8/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
 golang.org/x/oauth2 v0.0.0-20220223155221-ee480838109b/go.mod h1:DAh4E804XQdzx2j+YRIaUnCqCV2RuMz24cGBJ5QYIrc=
 golang.org/x/oauth2 v0.0.0-20220309155454-6242fa91716a/go.mod h1:DAh4E804XQdzx2j+YRIaUnCqCV2RuMz24cGBJ5QYIrc=
@@ -2216,7 +2036,6 @@ golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJ
 golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20220513210516-0976fa681c29/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20220601150217-0de741cfad7f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4 h1:uVc8UZUe6tr40fFVnUP5Oj+veunVezqYl9z7DYw9xzw=
 golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@@ -2249,12 +2068,10 @@ golang.org/x/time v0.0.0-20210220033141-f8bda1e9f3ba/go.mod h1:tRJNPiyCQ0inRvYxb
 golang.org/x/time v0.0.0-20211116232009-f0f3c7e86c11 h1:GZokNIeuVkl3aZHJchRrr13WCsols02MLUcz1U9is6M=
 golang.org/x/time v0.0.0-20211116232009-f0f3c7e86c11/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/tools v0.0.0-20180221164845-07fd8470d635/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
-golang.org/x/tools v0.0.0-20180525024113-a5b4c53f6e8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20180828015842-6cd1fcedba52/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20181030221726-6c7e314b6563/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
-golang.org/x/tools v0.0.0-20190206041539-40960b6deb8e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY=
 golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
 golang.org/x/tools v0.0.0-20190312151545-0bb0c0a6e846/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
@@ -2271,7 +2088,6 @@ golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBn
 golang.org/x/tools v0.0.0-20190531172133-b3315ee88b7d/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
 golang.org/x/tools v0.0.0-20190606124116-d0a3d012864b/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
 golang.org/x/tools v0.0.0-20190614205625-5aca471b1d59/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
-golang.org/x/tools v0.0.0-20190617190820-da514acc4774/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
 golang.org/x/tools v0.0.0-20190621195816-6e04913cbbac/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
 golang.org/x/tools v0.0.0-20190624222133-a101b041ded4/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
 golang.org/x/tools v0.0.0-20190628153133-6cdbf07be9d0/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
@@ -2280,7 +2096,6 @@ golang.org/x/tools v0.0.0-20190816200558-6889da9d5479/go.mod h1:b+2E5dAYhXwXZwtn
 golang.org/x/tools v0.0.0-20190823170909-c4a336ef6a2f/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20190907020128-2ca718005c18/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20190911174233-4f2ddba30aff/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20190927191325-030b2cf1153e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20191010075000-0337d82405ff/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20191012152004-8de300cfc20a/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20191029041327-9cc4af7d6b2c/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
@@ -2308,7 +2123,6 @@ golang.org/x/tools v0.0.0-20200312045724-11d5b4c81c7d/go.mod h1:o4KQGtdN14AW+yjs
 golang.org/x/tools v0.0.0-20200331025713-a30bf2db82d4/go.mod h1:Sl4aGygMT6LrqrWclx+PTx3U+LnKx/seiNR+3G19Ar8=
 golang.org/x/tools v0.0.0-20200426102838-f3a5411a4c3b/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
 golang.org/x/tools v0.0.0-20200501065659-ab2804fb9c9d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
-golang.org/x/tools v0.0.0-20200509030707-2212a7e161a5/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
 golang.org/x/tools v0.0.0-20200512131952-2bc93b1c0c88/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
 golang.org/x/tools v0.0.0-20200515010526-7d3b6ebf133d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
 golang.org/x/tools v0.0.0-20200522201501-cb1345f3a375/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
@@ -2347,13 +2161,6 @@ golang.org/x/xerrors v0.0.0-20220411194840-2f41105eb62f/go.mod h1:I/5z698sn9Ka8T
 golang.org/x/xerrors v0.0.0-20220517211312-f3a8303e98df/go.mod h1:K8+ghG5WaK9qNqU5K3HdILfMLy1f3aNYFI/wnl100a8=
 golang.org/x/xerrors v0.0.0-20220609144429-65e65417b02f h1:uF6paiQQebLeSXkrTqHqz0MXhXXS1KgF41eUdBNvxK0=
 golang.org/x/xerrors v0.0.0-20220609144429-65e65417b02f/go.mod h1:K8+ghG5WaK9qNqU5K3HdILfMLy1f3aNYFI/wnl100a8=
-gonum.org/v1/gonum v0.0.0-20180816165407-929014505bf4/go.mod h1:Y+Yx5eoAFn32cQvJDxZx5Dpnq+c3wtXuadVZAcxbbBo=
-gonum.org/v1/gonum v0.8.2/go.mod h1:oe/vMfY3deqTw+1EZJhuvEW2iwGF1bW9wwu7XCu0+v0=
-gonum.org/v1/gonum v0.9.3/go.mod h1:TZumC3NeyVQskjXqmyWt4S3bINhy7B4eYwW69EbyX+0=
-gonum.org/v1/netlib v0.0.0-20190313105609-8cb42192e0e0/go.mod h1:wa6Ws7BG/ESfp6dHfk7C6KdzKA7wR7u/rKwOGE66zvw=
-gonum.org/v1/plot v0.0.0-20190515093506-e2840ee46a6b/go.mod h1:Wt8AAjI+ypCyYX3nZBvf6cAIx93T+c/OS2HFAYskSZc=
-gonum.org/v1/plot v0.9.0/go.mod h1:3Pcqqmp6RHvJI72kgb8fThyUnav364FOsdDo2aGW5lY=
-gonum.org/v1/plot v0.10.0/go.mod h1:JWIHJ7U20drSQb/aDpTetJzfC1KlAPldJLpkSy88dvQ=
 google.golang.org/api v0.0.0-20160322025152-9bf6e6e569ff/go.mod h1:4mhQ8q/RsB7i+udVvVy5NUi08OU8ZlA0gRVgrF7VFY0=
 google.golang.org/api v0.3.1/go.mod h1:6wY9I6uQWHQ8EM57III9mq/AjF+i8G65rmVagqKMtkk=
 google.golang.org/api v0.4.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE=
@@ -2389,9 +2196,7 @@ google.golang.org/api v0.54.0/go.mod h1:7C4bFFOvVDGXjfDTAsgGwDgAxRDeQ4X8NvUedIt6
 google.golang.org/api v0.55.0/go.mod h1:38yMfeP1kfjsl8isn0tliTjIb1rJXcQi4UXlbqivdVE=
 google.golang.org/api v0.56.0/go.mod h1:38yMfeP1kfjsl8isn0tliTjIb1rJXcQi4UXlbqivdVE=
 google.golang.org/api v0.57.0/go.mod h1:dVPlbZyBo2/OjBpmvNdpn2GRm6rPy75jyU7bmhdrMgI=
-google.golang.org/api v0.59.0/go.mod h1:sT2boj7M9YJxZzgeZqXogmhfmRWDtPzT31xkieUbuZU=
 google.golang.org/api v0.61.0/go.mod h1:xQRti5UdCmoCEqFxcz93fTl338AVqDgyaDRuOZ3hg9I=
-google.golang.org/api v0.62.0/go.mod h1:dKmwPCydfsad4qCH08MSdgWjfHOyfpd4VtDGgRFdavw=
 google.golang.org/api v0.63.0/go.mod h1:gs4ij2ffTRXwuzzgJl/56BdwJaA194ijkfn++9tDuPo=
 google.golang.org/api v0.67.0/go.mod h1:ShHKP8E60yPsKNw/w8w+VYaj9H6buA5UqDp8dhbQZ6g=
 google.golang.org/api v0.70.0/go.mod h1:Bs4ZM2HGifEvXwd50TtW70ovgJffJYw2oRCOFU/SkfA=
@@ -2400,7 +2205,6 @@ google.golang.org/api v0.74.0/go.mod h1:ZpfMZOVRMywNyvJFeqL9HRWBgAuRfSjJFpe9QtRR
 google.golang.org/api v0.75.0/go.mod h1:pU9QmyHLnzlpar1Mjt4IbapUCy8J+6HD6GeELN69ljA=
 google.golang.org/api v0.78.0/go.mod h1:1Sg78yoMLOhlQTeF+ARBoytAcH1NNyyl390YMy6rKmw=
 google.golang.org/api v0.80.0/go.mod h1:xY3nI94gbvBrE0J6NHXhxOmW97HG7Khjkku6AFB3Hyg=
-google.golang.org/api v0.81.0/go.mod h1:FA6Mb/bZxj706H2j+j2d6mHEEaHBmbbWnkfvmorOCko=
 google.golang.org/api v0.84.0/go.mod h1:NTsGnUFJMYROtiquksZHBWtHfeMC7iYthki7Eq3pa8o=
 google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
 google.golang.org/appengine v1.2.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
@@ -2487,12 +2291,8 @@ google.golang.org/genproto v0.0.0-20210831024726-fe130286e0e2/go.mod h1:eFjDcFEc
 google.golang.org/genproto v0.0.0-20210903162649-d08c68adba83/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY=
 google.golang.org/genproto v0.0.0-20210909211513-a8c4777a87af/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY=
 google.golang.org/genproto v0.0.0-20210924002016-3dee208752a0/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
-google.golang.org/genproto v0.0.0-20211008145708-270636b82663/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
 google.golang.org/genproto v0.0.0-20211020151524-b7c3a969101a/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
-google.golang.org/genproto v0.0.0-20211028162531-8db9c33dc351/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
 google.golang.org/genproto v0.0.0-20211118181313-81c1377c94b1/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
-google.golang.org/genproto v0.0.0-20211129164237-f09f9a12af12/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
-google.golang.org/genproto v0.0.0-20211203200212-54befc351ae9/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
 google.golang.org/genproto v0.0.0-20211206160659-862468c7d6e0/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
 google.golang.org/genproto v0.0.0-20211208223120-3a66f561d7aa/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
 google.golang.org/genproto v0.0.0-20211221195035-429b39de9b1c/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
@@ -2510,7 +2310,6 @@ google.golang.org/genproto v0.0.0-20220421151946-72621c1f0bd3/go.mod h1:8w6bsBMX
 google.golang.org/genproto v0.0.0-20220429170224-98d788798c3e/go.mod h1:8w6bsBMX6yCPbAVTeqQHvzxW0EIFigd5lZyahWgyfDo=
 google.golang.org/genproto v0.0.0-20220505152158-f39f71e6c8f3/go.mod h1:RAyBrSAP7Fh3Nc84ghnVLDPuV51xc9agzmm4Ph6i0Q4=
 google.golang.org/genproto v0.0.0-20220518221133-4f43b3371335/go.mod h1:RAyBrSAP7Fh3Nc84ghnVLDPuV51xc9agzmm4Ph6i0Q4=
-google.golang.org/genproto v0.0.0-20220519153652-3a47de7e79bd/go.mod h1:RAyBrSAP7Fh3Nc84ghnVLDPuV51xc9agzmm4Ph6i0Q4=
 google.golang.org/genproto v0.0.0-20220523171625-347a074981d8/go.mod h1:RAyBrSAP7Fh3Nc84ghnVLDPuV51xc9agzmm4Ph6i0Q4=
 google.golang.org/genproto v0.0.0-20220608133413-ed9918b62aac/go.mod h1:KEWEmljWE5zPzLBa/oHl6DaEt9LmfH6WtH1OHIvleBA=
 google.golang.org/genproto v0.0.0-20220616135557-88e70c0c3a90 h1:4SPz2GL2CXJt28MTF8V6Ap/9ZiVbQlJeGSd9qtA7DLs=
@@ -2580,7 +2379,6 @@ google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQ
 google.golang.org/protobuf v1.28.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
 google.golang.org/protobuf v1.28.1 h1:d0NfwRgPtno5B1Wa6L2DAG+KivqkdutMf1UhdNx175w=
 google.golang.org/protobuf v1.28.1/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
-gopkg.in/DataDog/dd-trace-go.v1 v1.27.1-0.20201005154917-54b73b3e126a/go.mod h1:Sp1lku8WJMvNV0kjDI4Ni/T7J/U3BO5ct5kEaoVU8+I=
 gopkg.in/airbrake/gobrake.v2 v2.0.9/go.mod h1:/h5ZAUhDkGaJfjzjKLSjv6zCL6O0LLBxU4K+aSYdM/U=
 gopkg.in/alecthomas/kingpin.v2 v2.2.6 h1:jMFz6MfLP0/4fUyZle81rXUoxOBFi19VUFKVDOQfozc=
 gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw=
@@ -2608,7 +2406,6 @@ gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw=
 gopkg.in/ini.v1 v1.51.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
 gopkg.in/ini.v1 v1.57.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
 gopkg.in/ini.v1 v1.62.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
-gopkg.in/ini.v1 v1.66.2/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
 gopkg.in/ini.v1 v1.66.4 h1:SsAcf+mM7mRZo2nJNGt8mZCjG8ZRaNGMURJw7BsIST4=
 gopkg.in/ini.v1 v1.66.4/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
 gopkg.in/mail.v2 v2.3.1/go.mod h1:htwXN1Qh09vZJ1NVKxQqHPBaCBbzKhp5GzuJEA4VJWw=
@@ -2642,7 +2439,6 @@ gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C
 gopkg.in/yaml.v3 v3.0.0-20200605160147-a5ece683394c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gopkg.in/yaml.v3 v3.0.0-20200615113413-eeeca48fe776/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
-gopkg.in/yaml.v3 v3.0.0/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gorm.io/driver/postgres v1.3.5/go.mod h1:EGCWefLFQSVFrHGy4J8EtiHCWX5Q8t0yz2Jt9aKkGzU=
@@ -2653,7 +2449,6 @@ gotest.tools v2.2.0+incompatible/go.mod h1:DsYFclhRJ6vuDpmuTbkuFWG+y2sxOXAzmJt81
 gotest.tools/v3 v3.0.2/go.mod h1:3SzNCllyD9/Y+b5r9JIKQ474KzkZyqLqEfYqMsX94Bk=
 gotest.tools/v3 v3.0.3/go.mod h1:Z7Lb0S5l+klDB31fvDQX8ss/FlKDxtlFlw3Oa8Ymbl8=
 gotest.tools/v3 v3.2.0 h1:I0DwBVMGAx26dttAj1BtJLAkVGncrkkUXfJLC4Flt/I=
-gotest.tools/v3 v3.2.0/go.mod h1:Mcr9QNxkg0uMvy/YElmo4SpXgJKWgQvYrT7Kw5RzJ1A=
 honnef.co/go/tools v0.0.0-20180728063816-88497007e858/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
@@ -2663,7 +2458,6 @@ honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt
 honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
 honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
 honnef.co/go/tools v0.1.4/go.mod h1:NgwopIslSNH47DimFoV78dnkksY2EFtX0ajyb3K/las=
-howett.net/plist v0.0.0-20181124034731-591f970eefbb/go.mod h1:vMygbs4qMhSZSc4lCUl2OEE+rDiIIJAIdR4m7MiMcm0=
 k8s.io/api v0.20.1/go.mod h1:KqwcCVogGxQY3nBlRpwt+wpAMF/KjaCc7RpywacvqUo=
 k8s.io/api v0.20.4/go.mod h1:++lNL1AJMkDymriNniQsWRkMDzRaX2Y/POTUi8yvqYQ=
 k8s.io/api v0.20.6/go.mod h1:X9e8Qag6JV/bL5G6bU8sdVRltWKmdHsFUGS3eVndqE8=
@@ -2694,7 +2488,6 @@ mvdan.cc/sh/v3 v3.3.0-0.dev.0.20210224101809-fb5052e7a010 h1:0xJA1YM0Ppa63jEfcdP
 mvdan.cc/sh/v3 v3.3.0-0.dev.0.20210224101809-fb5052e7a010/go.mod h1:fPQmabBpREM/XQ9YXSU5ZFZ/Sm+PmKP9/vkFHgYKJEI=
 pack.ag/amqp v0.11.2/go.mod h1:4/cbmt4EJXSKlG6LCfWHoqmN0uFdy5i/+YFz+fTfhV4=
 rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8=
-rsc.io/pdf v0.1.1/go.mod h1:n8OzWcQ6Sp37PL01nO98y4iUCRdTGarVfzxY20ICaU4=
 rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0=
 rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA=
 sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.14/go.mod h1:LEScyzhFmoF5pso/YSeBstl57mOzx9xlU9n85RGrDQg=
diff --git a/internal/httpclient/api_metadata.go b/internal/httpclient/api_metadata.go
index a63febb073aa..eec994165b53 100644
--- a/internal/httpclient/api_metadata.go
+++ b/internal/httpclient/api_metadata.go
@@ -102,16 +102,16 @@ func (r MetadataApiApiGetVersionRequest) Execute() (*InlineResponse2001, *http.R
 }
 
 /*
- * GetVersion Return Running Software Version.
- * This endpoint returns the version of Ory Kratos.
+  - GetVersion Return Running Software Version.
+  - This endpoint returns the version of Ory Kratos.
 
 If the service supports TLS Edge Termination, this endpoint does not require the
 `X-Forwarded-Proto` header to be set.
 
 Be aware that if you are running multiple nodes of this service, the version will never
 refer to the cluster state, only to a single instance.
- * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
- * @return MetadataApiApiGetVersionRequest
+  - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+  - @return MetadataApiApiGetVersionRequest
 */
 func (a *MetadataApiService) GetVersion(ctx context.Context) MetadataApiApiGetVersionRequest {
 	return MetadataApiApiGetVersionRequest{
@@ -209,8 +209,9 @@ func (r MetadataApiApiIsAliveRequest) Execute() (*InlineResponse200, *http.Respo
 }
 
 /*
- * IsAlive Check HTTP Server Status
- * This endpoint returns a HTTP 200 status code when Ory Kratos is accepting incoming
+  - IsAlive Check HTTP Server Status
+  - This endpoint returns a HTTP 200 status code when Ory Kratos is accepting incoming
+
 HTTP requests. This status does currently not include checks whether the database connection is working.
 
 If the service supports TLS Edge Termination, this endpoint does not require the
@@ -218,8 +219,8 @@ If the service supports TLS Edge Termination, this endpoint does not require the
 
 Be aware that if you are running multiple nodes of this service, the health status will never
 refer to the cluster state, only to a single instance.
- * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
- * @return MetadataApiApiIsAliveRequest
+  - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+  - @return MetadataApiApiIsAliveRequest
 */
 func (a *MetadataApiService) IsAlive(ctx context.Context) MetadataApiApiIsAliveRequest {
 	return MetadataApiApiIsAliveRequest{
@@ -326,8 +327,9 @@ func (r MetadataApiApiIsReadyRequest) Execute() (*InlineResponse200, *http.Respo
 }
 
 /*
- * IsReady Check HTTP Server and Database Status
- * This endpoint returns a HTTP 200 status code when Ory Kratos is up running and the environment dependencies (e.g.
+  - IsReady Check HTTP Server and Database Status
+  - This endpoint returns a HTTP 200 status code when Ory Kratos is up running and the environment dependencies (e.g.
+
 the database) are responsive as well.
 
 If the service supports TLS Edge Termination, this endpoint does not require the
@@ -335,8 +337,8 @@ If the service supports TLS Edge Termination, this endpoint does not require the
 
 Be aware that if you are running multiple nodes of Ory Kratos, the health status will never
 refer to the cluster state, only to a single instance.
- * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
- * @return MetadataApiApiIsReadyRequest
+  - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+  - @return MetadataApiApiIsReadyRequest
 */
 func (a *MetadataApiService) IsReady(ctx context.Context) MetadataApiApiIsReadyRequest {
 	return MetadataApiApiIsReadyRequest{
diff --git a/internal/httpclient/api_v0alpha2.go b/internal/httpclient/api_v0alpha2.go
index 9a364f251342..28ee4d1f4359 100644
--- a/internal/httpclient/api_v0alpha2.go
+++ b/internal/httpclient/api_v0alpha2.go
@@ -1292,11 +1292,12 @@ func (r V0alpha2ApiApiAdminCreateSelfServiceRecoveryLinkRequest) Execute() (*Sel
 }
 
 /*
- * AdminCreateSelfServiceRecoveryLink # Create a Recovery Link
- * This endpoint creates a recovery link which should be given to the user in order for them to recover
+  - AdminCreateSelfServiceRecoveryLink # Create a Recovery Link
+  - This endpoint creates a recovery link which should be given to the user in order for them to recover
+
 (or activate) their account.
- * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
- * @return V0alpha2ApiApiAdminCreateSelfServiceRecoveryLinkRequest
+  - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+  - @return V0alpha2ApiApiAdminCreateSelfServiceRecoveryLinkRequest
 */
 func (a *V0alpha2ApiService) AdminCreateSelfServiceRecoveryLink(ctx context.Context) V0alpha2ApiApiAdminCreateSelfServiceRecoveryLinkRequest {
 	return V0alpha2ApiApiAdminCreateSelfServiceRecoveryLinkRequest{
@@ -1426,15 +1427,16 @@ func (r V0alpha2ApiApiAdminDeleteIdentityRequest) Execute() (*http.Response, err
 }
 
 /*
- * AdminDeleteIdentity # Delete an Identity
- * Calling this endpoint irrecoverably and permanently deletes the identity given its ID. This action can not be undone.
+  - AdminDeleteIdentity # Delete an Identity
+  - Calling this endpoint irrecoverably and permanently deletes the identity given its ID. This action can not be undone.
+
 This endpoint returns 204 when the identity was deleted or when the identity was not found, in which case it is
 assumed that is has been deleted already.
 
 Learn how identities work in [Ory Kratos' User And Identity Model Documentation](https://www.ory.sh/docs/next/kratos/concepts/identity-user-model).
- * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
- * @param id ID is the identity's ID.
- * @return V0alpha2ApiApiAdminDeleteIdentityRequest
+  - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+  - @param id ID is the identity's ID.
+  - @return V0alpha2ApiApiAdminDeleteIdentityRequest
 */
 func (a *V0alpha2ApiService) AdminDeleteIdentity(ctx context.Context, id string) V0alpha2ApiApiAdminDeleteIdentityRequest {
 	return V0alpha2ApiApiAdminDeleteIdentityRequest{
@@ -1557,13 +1559,13 @@ func (r V0alpha2ApiApiAdminDeleteIdentitySessionsRequest) Execute() (*http.Respo
 }
 
 /*
- * AdminDeleteIdentitySessions Calling this endpoint irrecoverably and permanently deletes and invalidates all sessions that belong to the given Identity.
- * This endpoint is useful for:
+  - AdminDeleteIdentitySessions Calling this endpoint irrecoverably and permanently deletes and invalidates all sessions that belong to the given Identity.
+  - This endpoint is useful for:
 
 To forcefully logout Identity from all devices and sessions
- * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
- * @param id ID is the identity's ID.
- * @return V0alpha2ApiApiAdminDeleteIdentitySessionsRequest
+  - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+  - @param id ID is the identity's ID.
+  - @return V0alpha2ApiApiAdminDeleteIdentitySessionsRequest
 */
 func (a *V0alpha2ApiService) AdminDeleteIdentitySessions(ctx context.Context, id string) V0alpha2ApiApiAdminDeleteIdentitySessionsRequest {
 	return V0alpha2ApiApiAdminDeleteIdentitySessionsRequest{
@@ -2172,12 +2174,12 @@ func (r V0alpha2ApiApiAdminListIdentitiesRequest) Execute() ([]Identity, *http.R
 }
 
 /*
- * AdminListIdentities # List Identities
- * Lists all identities. Does not support search at the moment.
+  - AdminListIdentities # List Identities
+  - Lists all identities. Does not support search at the moment.
 
 Learn how identities work in [Ory Kratos' User And Identity Model Documentation](https://www.ory.sh/docs/next/kratos/concepts/identity-user-model).
- * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
- * @return V0alpha2ApiApiAdminListIdentitiesRequest
+  - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+  - @return V0alpha2ApiApiAdminListIdentitiesRequest
 */
 func (a *V0alpha2ApiService) AdminListIdentities(ctx context.Context) V0alpha2ApiApiAdminListIdentitiesRequest {
 	return V0alpha2ApiApiAdminListIdentitiesRequest{
@@ -2321,13 +2323,13 @@ func (r V0alpha2ApiApiAdminListIdentitySessionsRequest) Execute() ([]Session, *h
 }
 
 /*
- * AdminListIdentitySessions This endpoint returns all sessions that belong to the given Identity.
- * This endpoint is useful for:
+  - AdminListIdentitySessions This endpoint returns all sessions that belong to the given Identity.
+  - This endpoint is useful for:
 
 Listing all sessions that belong to an Identity in an administrative context.
- * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
- * @param id ID is the identity's ID.
- * @return V0alpha2ApiApiAdminListIdentitySessionsRequest
+  - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+  - @param id ID is the identity's ID.
+  - @return V0alpha2ApiApiAdminListIdentitySessionsRequest
 */
 func (a *V0alpha2ApiService) AdminListIdentitySessions(ctx context.Context, id string) V0alpha2ApiApiAdminListIdentitySessionsRequest {
 	return V0alpha2ApiApiAdminListIdentitySessionsRequest{
@@ -2496,13 +2498,13 @@ func (r V0alpha2ApiApiAdminPatchIdentityRequest) Execute() (*Identity, *http.Res
 }
 
 /*
- * AdminPatchIdentity Partially updates an Identity's field using [JSON Patch](https://jsonpatch.com/)
- * NOTE: The fields `id`, `stateChangedAt` and `credentials` are not updateable.
+  - AdminPatchIdentity Partially updates an Identity's field using [JSON Patch](https://jsonpatch.com/)
+  - NOTE: The fields `id`, `stateChangedAt` and `credentials` are not updateable.
 
 Learn how identities work in [Ory Kratos' User And Identity Model Documentation](https://www.ory.sh/docs/next/kratos/concepts/identity-user-model).
- * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
- * @param id ID must be set to the ID of identity you want to update
- * @return V0alpha2ApiApiAdminPatchIdentityRequest
+  - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+  - @param id ID must be set to the ID of identity you want to update
+  - @return V0alpha2ApiApiAdminPatchIdentityRequest
 */
 func (a *V0alpha2ApiService) AdminPatchIdentity(ctx context.Context, id string) V0alpha2ApiApiAdminPatchIdentityRequest {
 	return V0alpha2ApiApiAdminPatchIdentityRequest{
@@ -2664,13 +2666,13 @@ func (r V0alpha2ApiApiAdminUpdateIdentityRequest) Execute() (*Identity, *http.Re
 }
 
 /*
- * AdminUpdateIdentity # Update an Identity
- * This endpoint updates an identity. The full identity payload (except credentials) is expected. This endpoint does not support patching.
+  - AdminUpdateIdentity # Update an Identity
+  - This endpoint updates an identity. The full identity payload (except credentials) is expected. This endpoint does not support patching.
 
 Learn how identities work in [Ory Kratos' User And Identity Model Documentation](https://www.ory.sh/docs/next/kratos/concepts/identity-user-model).
- * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
- * @param id ID must be set to the ID of identity you want to update
- * @return V0alpha2ApiApiAdminUpdateIdentityRequest
+  - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+  - @param id ID must be set to the ID of identity you want to update
+  - @return V0alpha2ApiApiAdminUpdateIdentityRequest
 */
 func (a *V0alpha2ApiService) AdminUpdateIdentity(ctx context.Context, id string) V0alpha2ApiApiAdminUpdateIdentityRequest {
 	return V0alpha2ApiApiAdminUpdateIdentityRequest{
@@ -2831,8 +2833,8 @@ func (r V0alpha2ApiApiCreateSelfServiceLogoutFlowUrlForBrowsersRequest) Execute(
 }
 
 /*
- * CreateSelfServiceLogoutFlowUrlForBrowsers # Create a Logout URL for Browsers
- * This endpoint initializes a browser-based user logout flow and a URL which can be used to log out the user.
+  - CreateSelfServiceLogoutFlowUrlForBrowsers # Create a Logout URL for Browsers
+  - This endpoint initializes a browser-based user logout flow and a URL which can be used to log out the user.
 
 This endpoint is NOT INTENDED for API clients and only works
 with browsers (Chrome, Firefox, ...). For API clients you can
@@ -2842,8 +2844,8 @@ The URL is only valid for the currently signed in user. If no user is signed in,
 a 401 error.
 
 When calling this endpoint from a backend, please ensure to properly forward the HTTP cookies.
- * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
- * @return V0alpha2ApiApiCreateSelfServiceLogoutFlowUrlForBrowsersRequest
+  - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+  - @return V0alpha2ApiApiCreateSelfServiceLogoutFlowUrlForBrowsersRequest
 */
 func (a *V0alpha2ApiService) CreateSelfServiceLogoutFlowUrlForBrowsers(ctx context.Context) V0alpha2ApiApiCreateSelfServiceLogoutFlowUrlForBrowsersRequest {
 	return V0alpha2ApiApiCreateSelfServiceLogoutFlowUrlForBrowsersRequest{
@@ -3093,16 +3095,16 @@ func (r V0alpha2ApiApiGetSelfServiceErrorRequest) Execute() (*SelfServiceError,
 }
 
 /*
- * GetSelfServiceError # Get Self-Service Errors
- * This endpoint returns the error associated with a user-facing self service errors.
+  - GetSelfServiceError # Get Self-Service Errors
+  - This endpoint returns the error associated with a user-facing self service errors.
 
 This endpoint supports stub values to help you implement the error UI:
 
 `?id=stub:500` - returns a stub 500 (Internal Server Error) error.
 
 More information can be found at [Ory Kratos User User Facing Error Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-facing-errors).
- * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
- * @return V0alpha2ApiApiGetSelfServiceErrorRequest
+  - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+  - @return V0alpha2ApiApiGetSelfServiceErrorRequest
 */
 func (a *V0alpha2ApiService) GetSelfServiceError(ctx context.Context) V0alpha2ApiApiGetSelfServiceErrorRequest {
 	return V0alpha2ApiApiGetSelfServiceErrorRequest{
@@ -3244,8 +3246,8 @@ func (r V0alpha2ApiApiGetSelfServiceLoginFlowRequest) Execute() (*SelfServiceLog
 }
 
 /*
- * GetSelfServiceLoginFlow # Get Login Flow
- * This endpoint returns a login flow's context with, for example, error details and other information.
+  - GetSelfServiceLoginFlow # Get Login Flow
+  - This endpoint returns a login flow's context with, for example, error details and other information.
 
 Browser flows expect the anti-CSRF cookie to be included in the request's HTTP Cookie Header.
 For AJAX requests you must ensure that cookies are included in the request or requests will fail.
@@ -3268,8 +3270,8 @@ This request may fail due to several reasons. The `error.id` can be one of:
 `self_service_flow_expired`: The flow is expired and you should request a new one.
 
 More information can be found at [Ory Kratos User Login](https://www.ory.sh/docs/kratos/self-service/flows/user-login) and [User Registration Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-registration).
- * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
- * @return V0alpha2ApiApiGetSelfServiceLoginFlowRequest
+  - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+  - @return V0alpha2ApiApiGetSelfServiceLoginFlowRequest
 */
 func (a *V0alpha2ApiService) GetSelfServiceLoginFlow(ctx context.Context) V0alpha2ApiApiGetSelfServiceLoginFlowRequest {
 	return V0alpha2ApiApiGetSelfServiceLoginFlowRequest{
@@ -3424,8 +3426,8 @@ func (r V0alpha2ApiApiGetSelfServiceRecoveryFlowRequest) Execute() (*SelfService
 }
 
 /*
- * GetSelfServiceRecoveryFlow # Get Recovery Flow
- * This endpoint returns a recovery flow's context with, for example, error details and other information.
+  - GetSelfServiceRecoveryFlow # Get Recovery Flow
+  - This endpoint returns a recovery flow's context with, for example, error details and other information.
 
 Browser flows expect the anti-CSRF cookie to be included in the request's HTTP Cookie Header.
 For AJAX requests you must ensure that cookies are included in the request or requests will fail.
@@ -3443,8 +3445,8 @@ res.render('recovery', flow)
 ```
 
 More information can be found at [Ory Kratos Account Recovery Documentation](../self-service/flows/account-recovery).
- * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
- * @return V0alpha2ApiApiGetSelfServiceRecoveryFlowRequest
+  - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+  - @return V0alpha2ApiApiGetSelfServiceRecoveryFlowRequest
 */
 func (a *V0alpha2ApiService) GetSelfServiceRecoveryFlow(ctx context.Context) V0alpha2ApiApiGetSelfServiceRecoveryFlowRequest {
 	return V0alpha2ApiApiGetSelfServiceRecoveryFlowRequest{
@@ -3589,8 +3591,8 @@ func (r V0alpha2ApiApiGetSelfServiceRegistrationFlowRequest) Execute() (*SelfSer
 }
 
 /*
- * GetSelfServiceRegistrationFlow # Get Registration Flow
- * This endpoint returns a registration flow's context with, for example, error details and other information.
+  - GetSelfServiceRegistrationFlow # Get Registration Flow
+  - This endpoint returns a registration flow's context with, for example, error details and other information.
 
 Browser flows expect the anti-CSRF cookie to be included in the request's HTTP Cookie Header.
 For AJAX requests you must ensure that cookies are included in the request or requests will fail.
@@ -3613,8 +3615,8 @@ This request may fail due to several reasons. The `error.id` can be one of:
 `self_service_flow_expired`: The flow is expired and you should request a new one.
 
 More information can be found at [Ory Kratos User Login](https://www.ory.sh/docs/kratos/self-service/flows/user-login) and [User Registration Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-registration).
- * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
- * @return V0alpha2ApiApiGetSelfServiceRegistrationFlowRequest
+  - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+  - @return V0alpha2ApiApiGetSelfServiceRegistrationFlowRequest
 */
 func (a *V0alpha2ApiService) GetSelfServiceRegistrationFlow(ctx context.Context) V0alpha2ApiApiGetSelfServiceRegistrationFlowRequest {
 	return V0alpha2ApiApiGetSelfServiceRegistrationFlowRequest{
@@ -3774,8 +3776,9 @@ func (r V0alpha2ApiApiGetSelfServiceSettingsFlowRequest) Execute() (*SelfService
 }
 
 /*
- * GetSelfServiceSettingsFlow # Get Settings Flow
- * When accessing this endpoint through Ory Kratos' Public API you must ensure that either the Ory Kratos Session Cookie
+  - GetSelfServiceSettingsFlow # Get Settings Flow
+  - When accessing this endpoint through Ory Kratos' Public API you must ensure that either the Ory Kratos Session Cookie
+
 or the Ory Kratos Session Token are set.
 
 Depending on your configuration this endpoint might return a 403 error if the session has a lower Authenticator
@@ -3794,8 +3797,8 @@ case of an error, the `error.id` of the JSON response body can be one of:
 identity logged in instead.
 
 More information can be found at [Ory Kratos User Settings & Profile Management Documentation](../self-service/flows/user-settings).
- * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
- * @return V0alpha2ApiApiGetSelfServiceSettingsFlowRequest
+  - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+  - @return V0alpha2ApiApiGetSelfServiceSettingsFlowRequest
 */
 func (a *V0alpha2ApiService) GetSelfServiceSettingsFlow(ctx context.Context) V0alpha2ApiApiGetSelfServiceSettingsFlowRequest {
 	return V0alpha2ApiApiGetSelfServiceSettingsFlowRequest{
@@ -3963,8 +3966,8 @@ func (r V0alpha2ApiApiGetSelfServiceVerificationFlowRequest) Execute() (*SelfSer
 }
 
 /*
- * GetSelfServiceVerificationFlow # Get Verification Flow
- * This endpoint returns a verification flow's context with, for example, error details and other information.
+  - GetSelfServiceVerificationFlow # Get Verification Flow
+  - This endpoint returns a verification flow's context with, for example, error details and other information.
 
 Browser flows expect the anti-CSRF cookie to be included in the request's HTTP Cookie Header.
 For AJAX requests you must ensure that cookies are included in the request or requests will fail.
@@ -3981,8 +3984,8 @@ res.render('verification', flow)
 })
 
 More information can be found at [Ory Kratos Email and Phone Verification Documentation](https://www.ory.sh/docs/kratos/selfservice/flows/verify-email-account-activation).
- * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
- * @return V0alpha2ApiApiGetSelfServiceVerificationFlowRequest
+  - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+  - @return V0alpha2ApiApiGetSelfServiceVerificationFlowRequest
 */
 func (a *V0alpha2ApiService) GetSelfServiceVerificationFlow(ctx context.Context) V0alpha2ApiApiGetSelfServiceVerificationFlowRequest {
 	return V0alpha2ApiApiGetSelfServiceVerificationFlowRequest{
@@ -4116,8 +4119,8 @@ func (r V0alpha2ApiApiGetWebAuthnJavaScriptRequest) Execute() (string, *http.Res
 }
 
 /*
- * GetWebAuthnJavaScript # Get WebAuthn JavaScript
- * This endpoint provides JavaScript which is needed in order to perform WebAuthn login and registration.
+  - GetWebAuthnJavaScript # Get WebAuthn JavaScript
+  - This endpoint provides JavaScript which is needed in order to perform WebAuthn login and registration.
 
 If you are building a JavaScript Browser App (e.g. in ReactJS or AngularJS) you will need to load this file:
 
@@ -4126,8 +4129,8 @@ If you are building a JavaScript Browser App (e.g. in ReactJS or AngularJS) you
 ```
 
 More information can be found at [Ory Kratos User Login](https://www.ory.sh/docs/kratos/self-service/flows/user-login) and [User Registration Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-registration).
- * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
- * @return V0alpha2ApiApiGetWebAuthnJavaScriptRequest
+  - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+  - @return V0alpha2ApiApiGetWebAuthnJavaScriptRequest
 */
 func (a *V0alpha2ApiService) GetWebAuthnJavaScript(ctx context.Context) V0alpha2ApiApiGetWebAuthnJavaScriptRequest {
 	return V0alpha2ApiApiGetWebAuthnJavaScriptRequest{
@@ -4246,8 +4249,9 @@ func (r V0alpha2ApiApiInitializeSelfServiceLoginFlowForBrowsersRequest) Execute(
 }
 
 /*
- * InitializeSelfServiceLoginFlowForBrowsers # Initialize Login Flow for Browsers
- * This endpoint initializes a browser-based user login flow. This endpoint will set the appropriate
+  - InitializeSelfServiceLoginFlowForBrowsers # Initialize Login Flow for Browsers
+  - This endpoint initializes a browser-based user login flow. This endpoint will set the appropriate
+
 cookies and anti-CSRF measures required for browser-based flows.
 
 If this endpoint is opened as a link in the browser, it will be redirected to
@@ -4266,8 +4270,8 @@ case of an error, the `error.id` of the JSON response body can be one of:
 This endpoint is NOT INTENDED for clients that do not have a browser (Chrome, Firefox, ...) as cookies are needed.
 
 More information can be found at [Ory Kratos User Login](https://www.ory.sh/docs/kratos/self-service/flows/user-login) and [User Registration Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-registration).
- * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
- * @return V0alpha2ApiApiInitializeSelfServiceLoginFlowForBrowsersRequest
+  - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+  - @return V0alpha2ApiApiInitializeSelfServiceLoginFlowForBrowsersRequest
 */
 func (a *V0alpha2ApiService) InitializeSelfServiceLoginFlowForBrowsers(ctx context.Context) V0alpha2ApiApiInitializeSelfServiceLoginFlowForBrowsersRequest {
 	return V0alpha2ApiApiInitializeSelfServiceLoginFlowForBrowsersRequest{
@@ -4412,8 +4416,8 @@ func (r V0alpha2ApiApiInitializeSelfServiceLoginFlowWithoutBrowserRequest) Execu
 }
 
 /*
- * InitializeSelfServiceLoginFlowWithoutBrowser Initialize Login Flow for APIs, Services, Apps, ...
- * This endpoint initiates a login flow for API clients that do not use a browser, such as mobile devices, smart TVs, and so on.
+  - InitializeSelfServiceLoginFlowWithoutBrowser Initialize Login Flow for APIs, Services, Apps, ...
+  - This endpoint initiates a login flow for API clients that do not use a browser, such as mobile devices, smart TVs, and so on.
 
 If a valid provided session cookie or session token is provided, a 400 Bad Request error
 will be returned unless the URL query parameter `?refresh=true` is set.
@@ -4433,8 +4437,8 @@ In the case of an error, the `error.id` of the JSON response body can be one of:
 This endpoint MUST ONLY be used in scenarios such as native mobile apps (React Native, Objective C, Swift, Java, ...).
 
 More information can be found at [Ory Kratos User Login](https://www.ory.sh/docs/kratos/self-service/flows/user-login) and [User Registration Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-registration).
- * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
- * @return V0alpha2ApiApiInitializeSelfServiceLoginFlowWithoutBrowserRequest
+  - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+  - @return V0alpha2ApiApiInitializeSelfServiceLoginFlowWithoutBrowserRequest
 */
 func (a *V0alpha2ApiService) InitializeSelfServiceLoginFlowWithoutBrowser(ctx context.Context) V0alpha2ApiApiInitializeSelfServiceLoginFlowWithoutBrowserRequest {
 	return V0alpha2ApiApiInitializeSelfServiceLoginFlowWithoutBrowserRequest{
@@ -4566,8 +4570,9 @@ func (r V0alpha2ApiApiInitializeSelfServiceRecoveryFlowForBrowsersRequest) Execu
 }
 
 /*
- * InitializeSelfServiceRecoveryFlowForBrowsers # Initialize Recovery Flow for Browsers
- * This endpoint initializes a browser-based account recovery flow. Once initialized, the browser will be redirected to
+  - InitializeSelfServiceRecoveryFlowForBrowsers # Initialize Recovery Flow for Browsers
+  - This endpoint initializes a browser-based account recovery flow. Once initialized, the browser will be redirected to
+
 `selfservice.flows.recovery.ui_url` with the flow ID set as the query parameter `?flow=`. If a valid user session
 exists, the browser is returned to the configured return URL.
 
@@ -4577,8 +4582,8 @@ or a 400 bad request error if the user is already authenticated.
 This endpoint is NOT INTENDED for clients that do not have a browser (Chrome, Firefox, ...) as cookies are needed.
 
 More information can be found at [Ory Kratos Account Recovery Documentation](../self-service/flows/account-recovery).
- * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
- * @return V0alpha2ApiApiInitializeSelfServiceRecoveryFlowForBrowsersRequest
+  - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+  - @return V0alpha2ApiApiInitializeSelfServiceRecoveryFlowForBrowsersRequest
 */
 func (a *V0alpha2ApiService) InitializeSelfServiceRecoveryFlowForBrowsers(ctx context.Context) V0alpha2ApiApiInitializeSelfServiceRecoveryFlowForBrowsersRequest {
 	return V0alpha2ApiApiInitializeSelfServiceRecoveryFlowForBrowsersRequest{
@@ -4698,8 +4703,8 @@ func (r V0alpha2ApiApiInitializeSelfServiceRecoveryFlowWithoutBrowserRequest) Ex
 }
 
 /*
- * InitializeSelfServiceRecoveryFlowWithoutBrowser Initialize Recovery Flow for APIs, Services, Apps, ...
- * This endpoint initiates a recovery flow for API clients such as mobile devices, smart TVs, and so on.
+  - InitializeSelfServiceRecoveryFlowWithoutBrowser Initialize Recovery Flow for APIs, Services, Apps, ...
+  - This endpoint initiates a recovery flow for API clients such as mobile devices, smart TVs, and so on.
 
 If a valid provided session cookie or session token is provided, a 400 Bad Request error.
 
@@ -4712,8 +4717,8 @@ you vulnerable to a variety of CSRF attacks.
 This endpoint MUST ONLY be used in scenarios such as native mobile apps (React Native, Objective C, Swift, Java, ...).
 
 More information can be found at [Ory Kratos Account Recovery Documentation](../self-service/flows/account-recovery).
- * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
- * @return V0alpha2ApiApiInitializeSelfServiceRecoveryFlowWithoutBrowserRequest
+  - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+  - @return V0alpha2ApiApiInitializeSelfServiceRecoveryFlowWithoutBrowserRequest
 */
 func (a *V0alpha2ApiService) InitializeSelfServiceRecoveryFlowWithoutBrowser(ctx context.Context) V0alpha2ApiApiInitializeSelfServiceRecoveryFlowWithoutBrowserRequest {
 	return V0alpha2ApiApiInitializeSelfServiceRecoveryFlowWithoutBrowserRequest{
@@ -4836,8 +4841,9 @@ func (r V0alpha2ApiApiInitializeSelfServiceRegistrationFlowForBrowsersRequest) E
 }
 
 /*
- * InitializeSelfServiceRegistrationFlowForBrowsers # Initialize Registration Flow for Browsers
- * This endpoint initializes a browser-based user registration flow. This endpoint will set the appropriate
+  - InitializeSelfServiceRegistrationFlowForBrowsers # Initialize Registration Flow for Browsers
+  - This endpoint initializes a browser-based user registration flow. This endpoint will set the appropriate
+
 cookies and anti-CSRF measures required for browser-based flows.
 
 :::info
@@ -4862,8 +4868,8 @@ If this endpoint is called via an AJAX request, the response contains the regist
 This endpoint is NOT INTENDED for clients that do not have a browser (Chrome, Firefox, ...) as cookies are needed.
 
 More information can be found at [Ory Kratos User Login](https://www.ory.sh/docs/kratos/self-service/flows/user-login) and [User Registration Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-registration).
- * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
- * @return V0alpha2ApiApiInitializeSelfServiceRegistrationFlowForBrowsersRequest
+  - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+  - @return V0alpha2ApiApiInitializeSelfServiceRegistrationFlowForBrowsersRequest
 */
 func (a *V0alpha2ApiService) InitializeSelfServiceRegistrationFlowForBrowsers(ctx context.Context) V0alpha2ApiApiInitializeSelfServiceRegistrationFlowForBrowsersRequest {
 	return V0alpha2ApiApiInitializeSelfServiceRegistrationFlowForBrowsersRequest{
@@ -4973,8 +4979,8 @@ func (r V0alpha2ApiApiInitializeSelfServiceRegistrationFlowWithoutBrowserRequest
 }
 
 /*
- * InitializeSelfServiceRegistrationFlowWithoutBrowser Initialize Registration Flow for APIs, Services, Apps, ...
- * This endpoint initiates a registration flow for API clients such as mobile devices, smart TVs, and so on.
+  - InitializeSelfServiceRegistrationFlowWithoutBrowser Initialize Registration Flow for APIs, Services, Apps, ...
+  - This endpoint initiates a registration flow for API clients such as mobile devices, smart TVs, and so on.
 
 If a valid provided session cookie or session token is provided, a 400 Bad Request error
 will be returned unless the URL query parameter `?refresh=true` is set.
@@ -4993,8 +4999,8 @@ In the case of an error, the `error.id` of the JSON response body can be one of:
 This endpoint MUST ONLY be used in scenarios such as native mobile apps (React Native, Objective C, Swift, Java, ...).
 
 More information can be found at [Ory Kratos User Login](https://www.ory.sh/docs/kratos/self-service/flows/user-login) and [User Registration Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-registration).
- * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
- * @return V0alpha2ApiApiInitializeSelfServiceRegistrationFlowWithoutBrowserRequest
+  - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+  - @return V0alpha2ApiApiInitializeSelfServiceRegistrationFlowWithoutBrowserRequest
 */
 func (a *V0alpha2ApiService) InitializeSelfServiceRegistrationFlowWithoutBrowser(ctx context.Context) V0alpha2ApiApiInitializeSelfServiceRegistrationFlowWithoutBrowserRequest {
 	return V0alpha2ApiApiInitializeSelfServiceRegistrationFlowWithoutBrowserRequest{
@@ -5122,8 +5128,9 @@ func (r V0alpha2ApiApiInitializeSelfServiceSettingsFlowForBrowsersRequest) Execu
 }
 
 /*
- * InitializeSelfServiceSettingsFlowForBrowsers # Initialize Settings Flow for Browsers
- * This endpoint initializes a browser-based user settings flow. Once initialized, the browser will be redirected to
+  - InitializeSelfServiceSettingsFlowForBrowsers # Initialize Settings Flow for Browsers
+  - This endpoint initializes a browser-based user settings flow. Once initialized, the browser will be redirected to
+
 `selfservice.flows.settings.ui_url` with the flow ID set as the query parameter `?flow=`. If no valid
 Ory Kratos Session Cookie is included in the request, a login flow will be initialized.
 
@@ -5149,8 +5156,8 @@ case of an error, the `error.id` of the JSON response body can be one of:
 This endpoint is NOT INTENDED for clients that do not have a browser (Chrome, Firefox, ...) as cookies are needed.
 
 More information can be found at [Ory Kratos User Settings & Profile Management Documentation](../self-service/flows/user-settings).
- * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
- * @return V0alpha2ApiApiInitializeSelfServiceSettingsFlowForBrowsersRequest
+  - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+  - @return V0alpha2ApiApiInitializeSelfServiceSettingsFlowForBrowsersRequest
 */
 func (a *V0alpha2ApiService) InitializeSelfServiceSettingsFlowForBrowsers(ctx context.Context) V0alpha2ApiApiInitializeSelfServiceSettingsFlowForBrowsersRequest {
 	return V0alpha2ApiApiInitializeSelfServiceSettingsFlowForBrowsersRequest{
@@ -5299,8 +5306,9 @@ func (r V0alpha2ApiApiInitializeSelfServiceSettingsFlowWithoutBrowserRequest) Ex
 }
 
 /*
- * InitializeSelfServiceSettingsFlowWithoutBrowser Initialize Settings Flow for APIs, Services, Apps, ...
- * This endpoint initiates a settings flow for API clients such as mobile devices, smart TVs, and so on.
+  - InitializeSelfServiceSettingsFlowWithoutBrowser Initialize Settings Flow for APIs, Services, Apps, ...
+  - This endpoint initiates a settings flow for API clients such as mobile devices, smart TVs, and so on.
+
 You must provide a valid Ory Kratos Session Token for this endpoint to respond with HTTP 200 OK.
 
 To fetch an existing settings flow call `/self-service/settings/flows?flow=`.
@@ -5322,8 +5330,8 @@ In the case of an error, the `error.id` of the JSON response body can be one of:
 This endpoint MUST ONLY be used in scenarios such as native mobile apps (React Native, Objective C, Swift, Java, ...).
 
 More information can be found at [Ory Kratos User Settings & Profile Management Documentation](../self-service/flows/user-settings).
- * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
- * @return V0alpha2ApiApiInitializeSelfServiceSettingsFlowWithoutBrowserRequest
+  - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+  - @return V0alpha2ApiApiInitializeSelfServiceSettingsFlowWithoutBrowserRequest
 */
 func (a *V0alpha2ApiService) InitializeSelfServiceSettingsFlowWithoutBrowser(ctx context.Context) V0alpha2ApiApiInitializeSelfServiceSettingsFlowWithoutBrowserRequest {
 	return V0alpha2ApiApiInitializeSelfServiceSettingsFlowWithoutBrowserRequest{
@@ -5449,8 +5457,9 @@ func (r V0alpha2ApiApiInitializeSelfServiceVerificationFlowForBrowsersRequest) E
 }
 
 /*
- * InitializeSelfServiceVerificationFlowForBrowsers # Initialize Verification Flow for Browser Clients
- * This endpoint initializes a browser-based account verification flow. Once initialized, the browser will be redirected to
+  - InitializeSelfServiceVerificationFlowForBrowsers # Initialize Verification Flow for Browser Clients
+  - This endpoint initializes a browser-based account verification flow. Once initialized, the browser will be redirected to
+
 `selfservice.flows.verification.ui_url` with the flow ID set as the query parameter `?flow=`.
 
 If this endpoint is called via an AJAX request, the response contains the recovery flow without any redirects.
@@ -5458,8 +5467,8 @@ If this endpoint is called via an AJAX request, the response contains the recove
 This endpoint is NOT INTENDED for API clients and only works with browsers (Chrome, Firefox, ...).
 
 More information can be found at [Ory Kratos Email and Phone Verification Documentation](https://www.ory.sh/docs/kratos/selfservice/flows/verify-email-account-activation).
- * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
- * @return V0alpha2ApiApiInitializeSelfServiceVerificationFlowForBrowsersRequest
+  - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+  - @return V0alpha2ApiApiInitializeSelfServiceVerificationFlowForBrowsersRequest
 */
 func (a *V0alpha2ApiService) InitializeSelfServiceVerificationFlowForBrowsers(ctx context.Context) V0alpha2ApiApiInitializeSelfServiceVerificationFlowForBrowsersRequest {
 	return V0alpha2ApiApiInitializeSelfServiceVerificationFlowForBrowsersRequest{
@@ -5569,8 +5578,8 @@ func (r V0alpha2ApiApiInitializeSelfServiceVerificationFlowWithoutBrowserRequest
 }
 
 /*
- * InitializeSelfServiceVerificationFlowWithoutBrowser Initialize Verification Flow for APIs, Services, Apps, ...
- * This endpoint initiates a verification flow for API clients such as mobile devices, smart TVs, and so on.
+  - InitializeSelfServiceVerificationFlowWithoutBrowser Initialize Verification Flow for APIs, Services, Apps, ...
+  - This endpoint initiates a verification flow for API clients such as mobile devices, smart TVs, and so on.
 
 To fetch an existing verification flow call `/self-service/verification/flows?flow=`.
 
@@ -5581,8 +5590,8 @@ you vulnerable to a variety of CSRF attacks.
 This endpoint MUST ONLY be used in scenarios such as native mobile apps (React Native, Objective C, Swift, Java, ...).
 
 More information can be found at [Ory Kratos Email and Phone Verification Documentation](https://www.ory.sh/docs/kratos/self-service/flows/verify-email-account-activation).
- * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
- * @return V0alpha2ApiApiInitializeSelfServiceVerificationFlowWithoutBrowserRequest
+  - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+  - @return V0alpha2ApiApiInitializeSelfServiceVerificationFlowWithoutBrowserRequest
 */
 func (a *V0alpha2ApiService) InitializeSelfServiceVerificationFlowWithoutBrowser(ctx context.Context) V0alpha2ApiApiInitializeSelfServiceVerificationFlowWithoutBrowserRequest {
 	return V0alpha2ApiApiInitializeSelfServiceVerificationFlowWithoutBrowserRequest{
@@ -5847,12 +5856,12 @@ func (r V0alpha2ApiApiListSessionsRequest) Execute() ([]Session, *http.Response,
 }
 
 /*
- * ListSessions This endpoints returns all other active sessions that belong to the logged-in user. The current session can be retrieved by calling the `/sessions/whoami` endpoint.
- * This endpoint is useful for:
+  - ListSessions This endpoints returns all other active sessions that belong to the logged-in user. The current session can be retrieved by calling the `/sessions/whoami` endpoint.
+  - This endpoint is useful for:
 
 Displaying all other sessions that belong to the logged-in user
- * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
- * @return V0alpha2ApiApiListSessionsRequest
+  - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+  - @return V0alpha2ApiApiListSessionsRequest
 */
 func (a *V0alpha2ApiService) ListSessions(ctx context.Context) V0alpha2ApiApiListSessionsRequest {
 	return V0alpha2ApiApiListSessionsRequest{
@@ -6002,13 +6011,13 @@ func (r V0alpha2ApiApiRevokeSessionRequest) Execute() (*http.Response, error) {
 }
 
 /*
- * RevokeSession Calling this endpoint invalidates the specified session. The current session cannot be revoked. Session data are not deleted.
- * This endpoint is useful for:
+  - RevokeSession Calling this endpoint invalidates the specified session. The current session cannot be revoked. Session data are not deleted.
+  - This endpoint is useful for:
 
 To forcefully logout the current user from another device or session
- * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
- * @param id ID is the session's ID.
- * @return V0alpha2ApiApiRevokeSessionRequest
+  - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+  - @param id ID is the session's ID.
+  - @return V0alpha2ApiApiRevokeSessionRequest
 */
 func (a *V0alpha2ApiService) RevokeSession(ctx context.Context, id string) V0alpha2ApiApiRevokeSessionRequest {
 	return V0alpha2ApiApiRevokeSessionRequest{
@@ -6137,12 +6146,12 @@ func (r V0alpha2ApiApiRevokeSessionsRequest) Execute() (*RevokedSessions, *http.
 }
 
 /*
- * RevokeSessions Calling this endpoint invalidates all except the current session that belong to the logged-in user. Session data are not deleted.
- * This endpoint is useful for:
+  - RevokeSessions Calling this endpoint invalidates all except the current session that belong to the logged-in user. Session data are not deleted.
+  - This endpoint is useful for:
 
 To forcefully logout the current user from all other devices and sessions
- * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
- * @return V0alpha2ApiApiRevokeSessionsRequest
+  - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+  - @return V0alpha2ApiApiRevokeSessionsRequest
 */
 func (a *V0alpha2ApiService) RevokeSessions(ctx context.Context) V0alpha2ApiApiRevokeSessionsRequest {
 	return V0alpha2ApiApiRevokeSessionsRequest{
@@ -6306,8 +6315,8 @@ func (r V0alpha2ApiApiSubmitSelfServiceLoginFlowRequest) Execute() (*SuccessfulS
 }
 
 /*
- * SubmitSelfServiceLoginFlow # Submit a Login Flow
- * :::info
+  - SubmitSelfServiceLoginFlow # Submit a Login Flow
+  - :::info
 
 This endpoint is EXPERIMENTAL and subject to potential breaking changes in the future.
 
@@ -6340,8 +6349,8 @@ case of an error, the `error.id` of the JSON response body can be one of:
 Most likely used in Social Sign In flows.
 
 More information can be found at [Ory Kratos User Login](https://www.ory.sh/docs/kratos/self-service/flows/user-login) and [User Registration Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-registration).
- * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
- * @return V0alpha2ApiApiSubmitSelfServiceLoginFlowRequest
+  - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+  - @return V0alpha2ApiApiSubmitSelfServiceLoginFlowRequest
 */
 func (a *V0alpha2ApiService) SubmitSelfServiceLoginFlow(ctx context.Context) V0alpha2ApiApiSubmitSelfServiceLoginFlowRequest {
 	return V0alpha2ApiApiSubmitSelfServiceLoginFlowRequest{
@@ -6504,8 +6513,8 @@ func (r V0alpha2ApiApiSubmitSelfServiceLogoutFlowRequest) Execute() (*http.Respo
 }
 
 /*
- * SubmitSelfServiceLogoutFlow # Complete Self-Service Logout
- * This endpoint logs out an identity in a self-service manner.
+  - SubmitSelfServiceLogoutFlow # Complete Self-Service Logout
+  - This endpoint logs out an identity in a self-service manner.
 
 If the `Accept` HTTP header is not set to `application/json`, the browser will be redirected (HTTP 303 See Other)
 to the `return_to` parameter of the initial request or fall back to `urls.default_return_to`.
@@ -6518,8 +6527,8 @@ with browsers (Chrome, Firefox, ...). For API clients you can
 call the `/self-service/logout/api` URL directly with the Ory Session Token.
 
 More information can be found at [Ory Kratos User Logout Documentation](https://www.ory.sh/docs/next/kratos/self-service/flows/user-logout).
- * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
- * @return V0alpha2ApiApiSubmitSelfServiceLogoutFlowRequest
+  - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+  - @return V0alpha2ApiApiSubmitSelfServiceLogoutFlowRequest
 */
 func (a *V0alpha2ApiService) SubmitSelfServiceLogoutFlow(ctx context.Context) V0alpha2ApiApiSubmitSelfServiceLogoutFlowRequest {
 	return V0alpha2ApiApiSubmitSelfServiceLogoutFlowRequest{
@@ -6627,8 +6636,9 @@ func (r V0alpha2ApiApiSubmitSelfServiceLogoutFlowWithoutBrowserRequest) Execute(
 }
 
 /*
- * SubmitSelfServiceLogoutFlowWithoutBrowser Perform Logout for APIs, Services, Apps, ...
- * Use this endpoint to log out an identity using an Ory Session Token. If the Ory Session Token was successfully
+  - SubmitSelfServiceLogoutFlowWithoutBrowser Perform Logout for APIs, Services, Apps, ...
+  - Use this endpoint to log out an identity using an Ory Session Token. If the Ory Session Token was successfully
+
 revoked, the server returns a 204 No Content response. A 204 No Content response is also sent when
 the Ory Session Token has been revoked already before.
 
@@ -6636,8 +6646,8 @@ If the Ory Session Token is malformed or does not exist a 403 Forbidden response
 
 This endpoint does not remove any HTTP
 Cookies - use the Browser-Based Self-Service Logout Flow instead.
- * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
- * @return V0alpha2ApiApiSubmitSelfServiceLogoutFlowWithoutBrowserRequest
+  - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+  - @return V0alpha2ApiApiSubmitSelfServiceLogoutFlowWithoutBrowserRequest
 */
 func (a *V0alpha2ApiService) SubmitSelfServiceLogoutFlowWithoutBrowser(ctx context.Context) V0alpha2ApiApiSubmitSelfServiceLogoutFlowWithoutBrowserRequest {
 	return V0alpha2ApiApiSubmitSelfServiceLogoutFlowWithoutBrowserRequest{
@@ -6769,8 +6779,9 @@ func (r V0alpha2ApiApiSubmitSelfServiceRecoveryFlowRequest) Execute() (*SelfServ
 }
 
 /*
- * SubmitSelfServiceRecoveryFlow # Complete Recovery Flow
- * Use this endpoint to complete a recovery flow. This endpoint
+  - SubmitSelfServiceRecoveryFlow # Complete Recovery Flow
+  - Use this endpoint to complete a recovery flow. This endpoint
+
 behaves differently for API and browser flows and has several states:
 
 `choose_method` expects `flow` (in the URL query) and `email` (in the body) to be sent
@@ -6786,8 +6797,8 @@ does not have any API capabilities. The server responds with a HTTP 303 See Othe
 a new Recovery Flow ID which contains an error message that the recovery link was invalid.
 
 More information can be found at [Ory Kratos Account Recovery Documentation](../self-service/flows/account-recovery).
- * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
- * @return V0alpha2ApiApiSubmitSelfServiceRecoveryFlowRequest
+  - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+  - @return V0alpha2ApiApiSubmitSelfServiceRecoveryFlowRequest
 */
 func (a *V0alpha2ApiService) SubmitSelfServiceRecoveryFlow(ctx context.Context) V0alpha2ApiApiSubmitSelfServiceRecoveryFlowRequest {
 	return V0alpha2ApiApiSubmitSelfServiceRecoveryFlowRequest{
@@ -6945,8 +6956,9 @@ func (r V0alpha2ApiApiSubmitSelfServiceRegistrationFlowRequest) Execute() (*Succ
 }
 
 /*
- * SubmitSelfServiceRegistrationFlow # Submit a Registration Flow
- * Use this endpoint to complete a registration flow by sending an identity's traits and password. This endpoint
+  - SubmitSelfServiceRegistrationFlow # Submit a Registration Flow
+  - Use this endpoint to complete a registration flow by sending an identity's traits and password. This endpoint
+
 behaves differently for API and browser flows.
 
 API flows expect `application/json` to be sent in the body and respond with
@@ -6974,8 +6986,8 @@ case of an error, the `error.id` of the JSON response body can be one of:
 Most likely used in Social Sign In flows.
 
 More information can be found at [Ory Kratos User Login](https://www.ory.sh/docs/kratos/self-service/flows/user-login) and [User Registration Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-registration).
- * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
- * @return V0alpha2ApiApiSubmitSelfServiceRegistrationFlowRequest
+  - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+  - @return V0alpha2ApiApiSubmitSelfServiceRegistrationFlowRequest
 */
 func (a *V0alpha2ApiService) SubmitSelfServiceRegistrationFlow(ctx context.Context) V0alpha2ApiApiSubmitSelfServiceRegistrationFlowRequest {
 	return V0alpha2ApiApiSubmitSelfServiceRegistrationFlowRequest{
@@ -7145,8 +7157,9 @@ func (r V0alpha2ApiApiSubmitSelfServiceSettingsFlowRequest) Execute() (*SelfServ
 }
 
 /*
- * SubmitSelfServiceSettingsFlow # Complete Settings Flow
- * Use this endpoint to complete a settings flow by sending an identity's updated password. This endpoint
+  - SubmitSelfServiceSettingsFlow # Complete Settings Flow
+  - Use this endpoint to complete a settings flow by sending an identity's updated password. This endpoint
+
 behaves differently for API and browser flows.
 
 API-initiated flows expect `application/json` to be sent in the body and respond with
@@ -7189,8 +7202,8 @@ identity logged in instead.
 Most likely used in Social Sign In flows.
 
 More information can be found at [Ory Kratos User Settings & Profile Management Documentation](../self-service/flows/user-settings).
- * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
- * @return V0alpha2ApiApiSubmitSelfServiceSettingsFlowRequest
+  - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+  - @return V0alpha2ApiApiSubmitSelfServiceSettingsFlowRequest
 */
 func (a *V0alpha2ApiService) SubmitSelfServiceSettingsFlow(ctx context.Context) V0alpha2ApiApiSubmitSelfServiceSettingsFlowRequest {
 	return V0alpha2ApiApiSubmitSelfServiceSettingsFlowRequest{
@@ -7383,8 +7396,9 @@ func (r V0alpha2ApiApiSubmitSelfServiceVerificationFlowRequest) Execute() (*Self
 }
 
 /*
- * SubmitSelfServiceVerificationFlow # Complete Verification Flow
- * Use this endpoint to complete a verification flow. This endpoint
+  - SubmitSelfServiceVerificationFlow # Complete Verification Flow
+  - Use this endpoint to complete a verification flow. This endpoint
+
 behaves differently for API and browser flows and has several states:
 
 `choose_method` expects `flow` (in the URL query) and `email` (in the body) to be sent
@@ -7400,8 +7414,8 @@ does not have any API capabilities. The server responds with a HTTP 303 See Othe
 a new Verification Flow ID which contains an error message that the verification link was invalid.
 
 More information can be found at [Ory Kratos Email and Phone Verification Documentation](https://www.ory.sh/docs/kratos/selfservice/flows/verify-email-account-activation).
- * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
- * @return V0alpha2ApiApiSubmitSelfServiceVerificationFlowRequest
+  - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+  - @return V0alpha2ApiApiSubmitSelfServiceVerificationFlowRequest
 */
 func (a *V0alpha2ApiService) SubmitSelfServiceVerificationFlow(ctx context.Context) V0alpha2ApiApiSubmitSelfServiceVerificationFlowRequest {
 	return V0alpha2ApiApiSubmitSelfServiceVerificationFlowRequest{
@@ -7554,8 +7568,9 @@ func (r V0alpha2ApiApiToSessionRequest) Execute() (*Session, *http.Response, err
 }
 
 /*
- * ToSession # Check Who the Current HTTP Session Belongs To
- * Uses the HTTP Headers in the GET request to determine (e.g. by using checking the cookies) who is authenticated.
+  - ToSession # Check Who the Current HTTP Session Belongs To
+  - Uses the HTTP Headers in the GET request to determine (e.g. by using checking the cookies) who is authenticated.
+
 Returns a session object in the body or 401 if the credentials are invalid or no credentials were sent.
 Additionally when the request it successful it adds the user ID to the 'X-Kratos-Authenticated-Identity-Id' header
 in the response.
@@ -7604,8 +7619,8 @@ As explained above, this request may fail due to several reasons. The `error.id`
 
 `session_inactive`: No active session was found in the request (e.g. no Ory Session Cookie / Ory Session Token).
 `session_aal2_required`: An active session was found but it does not fulfil the Authenticator Assurance Level, implying that the session must (e.g.) authenticate the second factor.
- * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
- * @return V0alpha2ApiApiToSessionRequest
+  - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+  - @return V0alpha2ApiApiToSessionRequest
 */
 func (a *V0alpha2ApiService) ToSession(ctx context.Context) V0alpha2ApiApiToSessionRequest {
 	return V0alpha2ApiApiToSessionRequest{
diff --git a/request/builder.go b/request/builder.go
index e85dac0d7f66..9771d4457263 100644
--- a/request/builder.go
+++ b/request/builder.go
@@ -9,6 +9,8 @@ import (
 	"reflect"
 	"strings"
 
+	"github.com/ory/x/jsonnetsecure"
+
 	"github.com/pkg/errors"
 
 	"github.com/google/go-jsonnet"
@@ -106,7 +108,7 @@ func (b *Builder) addJSONBody(template *bytes.Buffer, body interface{}) error {
 		return errors.WithStack(err)
 	}
 
-	vm := jsonnet.MakeVM()
+	vm := jsonnetsecure.MakeSecureVM()
 	vm.TLACode("ctx", buf.String())
 
 	res, err := vm.EvaluateAnonymousSnippet(b.conf.TemplateURI, template.String())
@@ -138,7 +140,7 @@ func (b *Builder) addURLEncodedBody(template *bytes.Buffer, body interface{}) er
 		return err
 	}
 
-	vm := jsonnet.MakeVM()
+	vm := jsonnetsecure.MakeSecureVM()
 	vm.TLACode("ctx", buf.String())
 
 	res, err := vm.EvaluateAnonymousSnippet(b.conf.TemplateURI, template.String())
diff --git a/selfservice/strategy/oidc/strategy_registration.go b/selfservice/strategy/oidc/strategy_registration.go
index b4bb59b0a21c..b7257c8a79e5 100644
--- a/selfservice/strategy/oidc/strategy_registration.go
+++ b/selfservice/strategy/oidc/strategy_registration.go
@@ -6,9 +6,9 @@ import (
 	"net/http"
 	"time"
 
-	"github.com/ory/herodot"
+	"github.com/ory/x/jsonnetsecure"
 
-	"github.com/google/go-jsonnet"
+	"github.com/ory/herodot"
 
 	"github.com/ory/x/fetcher"
 
@@ -247,7 +247,7 @@ func (s *Strategy) createIdentity(w http.ResponseWriter, r *http.Request, a *reg
 		return nil, s.handleError(w, r, a, provider.Config().ID, nil, err)
 	}
 
-	vm := jsonnet.MakeVM()
+	vm := jsonnetsecure.MakeSecureVM()
 	vm.ExtCode("claims", jsonClaims.String())
 	evaluated, err := vm.EvaluateAnonymousSnippet(provider.Config().Mapper, jn.String())
 	if err != nil {

From 60f4a2c2d651ce694ce494c7585cbed8e0461e8b Mon Sep 17 00:00:00 2001
From: ory-bot <60093411+ory-bot@users.noreply.github.com>
Date: Thu, 15 Sep 2022 18:46:29 +0000
Subject: [PATCH 260/411] autogen(openapi): regenerate swagger spec and
 internal client

[skip ci]
---
 internal/httpclient/api_metadata.go |  26 ++-
 internal/httpclient/api_v0alpha2.go | 315 +++++++++++++---------------
 2 files changed, 162 insertions(+), 179 deletions(-)

diff --git a/internal/httpclient/api_metadata.go b/internal/httpclient/api_metadata.go
index eec994165b53..a63febb073aa 100644
--- a/internal/httpclient/api_metadata.go
+++ b/internal/httpclient/api_metadata.go
@@ -102,16 +102,16 @@ func (r MetadataApiApiGetVersionRequest) Execute() (*InlineResponse2001, *http.R
 }
 
 /*
-  - GetVersion Return Running Software Version.
-  - This endpoint returns the version of Ory Kratos.
+ * GetVersion Return Running Software Version.
+ * This endpoint returns the version of Ory Kratos.
 
 If the service supports TLS Edge Termination, this endpoint does not require the
 `X-Forwarded-Proto` header to be set.
 
 Be aware that if you are running multiple nodes of this service, the version will never
 refer to the cluster state, only to a single instance.
-  - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
-  - @return MetadataApiApiGetVersionRequest
+ * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+ * @return MetadataApiApiGetVersionRequest
 */
 func (a *MetadataApiService) GetVersion(ctx context.Context) MetadataApiApiGetVersionRequest {
 	return MetadataApiApiGetVersionRequest{
@@ -209,9 +209,8 @@ func (r MetadataApiApiIsAliveRequest) Execute() (*InlineResponse200, *http.Respo
 }
 
 /*
-  - IsAlive Check HTTP Server Status
-  - This endpoint returns a HTTP 200 status code when Ory Kratos is accepting incoming
-
+ * IsAlive Check HTTP Server Status
+ * This endpoint returns a HTTP 200 status code when Ory Kratos is accepting incoming
 HTTP requests. This status does currently not include checks whether the database connection is working.
 
 If the service supports TLS Edge Termination, this endpoint does not require the
@@ -219,8 +218,8 @@ If the service supports TLS Edge Termination, this endpoint does not require the
 
 Be aware that if you are running multiple nodes of this service, the health status will never
 refer to the cluster state, only to a single instance.
-  - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
-  - @return MetadataApiApiIsAliveRequest
+ * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+ * @return MetadataApiApiIsAliveRequest
 */
 func (a *MetadataApiService) IsAlive(ctx context.Context) MetadataApiApiIsAliveRequest {
 	return MetadataApiApiIsAliveRequest{
@@ -327,9 +326,8 @@ func (r MetadataApiApiIsReadyRequest) Execute() (*InlineResponse200, *http.Respo
 }
 
 /*
-  - IsReady Check HTTP Server and Database Status
-  - This endpoint returns a HTTP 200 status code when Ory Kratos is up running and the environment dependencies (e.g.
-
+ * IsReady Check HTTP Server and Database Status
+ * This endpoint returns a HTTP 200 status code when Ory Kratos is up running and the environment dependencies (e.g.
 the database) are responsive as well.
 
 If the service supports TLS Edge Termination, this endpoint does not require the
@@ -337,8 +335,8 @@ If the service supports TLS Edge Termination, this endpoint does not require the
 
 Be aware that if you are running multiple nodes of Ory Kratos, the health status will never
 refer to the cluster state, only to a single instance.
-  - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
-  - @return MetadataApiApiIsReadyRequest
+ * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+ * @return MetadataApiApiIsReadyRequest
 */
 func (a *MetadataApiService) IsReady(ctx context.Context) MetadataApiApiIsReadyRequest {
 	return MetadataApiApiIsReadyRequest{
diff --git a/internal/httpclient/api_v0alpha2.go b/internal/httpclient/api_v0alpha2.go
index 28ee4d1f4359..9a364f251342 100644
--- a/internal/httpclient/api_v0alpha2.go
+++ b/internal/httpclient/api_v0alpha2.go
@@ -1292,12 +1292,11 @@ func (r V0alpha2ApiApiAdminCreateSelfServiceRecoveryLinkRequest) Execute() (*Sel
 }
 
 /*
-  - AdminCreateSelfServiceRecoveryLink # Create a Recovery Link
-  - This endpoint creates a recovery link which should be given to the user in order for them to recover
-
+ * AdminCreateSelfServiceRecoveryLink # Create a Recovery Link
+ * This endpoint creates a recovery link which should be given to the user in order for them to recover
 (or activate) their account.
-  - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
-  - @return V0alpha2ApiApiAdminCreateSelfServiceRecoveryLinkRequest
+ * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+ * @return V0alpha2ApiApiAdminCreateSelfServiceRecoveryLinkRequest
 */
 func (a *V0alpha2ApiService) AdminCreateSelfServiceRecoveryLink(ctx context.Context) V0alpha2ApiApiAdminCreateSelfServiceRecoveryLinkRequest {
 	return V0alpha2ApiApiAdminCreateSelfServiceRecoveryLinkRequest{
@@ -1427,16 +1426,15 @@ func (r V0alpha2ApiApiAdminDeleteIdentityRequest) Execute() (*http.Response, err
 }
 
 /*
-  - AdminDeleteIdentity # Delete an Identity
-  - Calling this endpoint irrecoverably and permanently deletes the identity given its ID. This action can not be undone.
-
+ * AdminDeleteIdentity # Delete an Identity
+ * Calling this endpoint irrecoverably and permanently deletes the identity given its ID. This action can not be undone.
 This endpoint returns 204 when the identity was deleted or when the identity was not found, in which case it is
 assumed that is has been deleted already.
 
 Learn how identities work in [Ory Kratos' User And Identity Model Documentation](https://www.ory.sh/docs/next/kratos/concepts/identity-user-model).
-  - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
-  - @param id ID is the identity's ID.
-  - @return V0alpha2ApiApiAdminDeleteIdentityRequest
+ * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+ * @param id ID is the identity's ID.
+ * @return V0alpha2ApiApiAdminDeleteIdentityRequest
 */
 func (a *V0alpha2ApiService) AdminDeleteIdentity(ctx context.Context, id string) V0alpha2ApiApiAdminDeleteIdentityRequest {
 	return V0alpha2ApiApiAdminDeleteIdentityRequest{
@@ -1559,13 +1557,13 @@ func (r V0alpha2ApiApiAdminDeleteIdentitySessionsRequest) Execute() (*http.Respo
 }
 
 /*
-  - AdminDeleteIdentitySessions Calling this endpoint irrecoverably and permanently deletes and invalidates all sessions that belong to the given Identity.
-  - This endpoint is useful for:
+ * AdminDeleteIdentitySessions Calling this endpoint irrecoverably and permanently deletes and invalidates all sessions that belong to the given Identity.
+ * This endpoint is useful for:
 
 To forcefully logout Identity from all devices and sessions
-  - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
-  - @param id ID is the identity's ID.
-  - @return V0alpha2ApiApiAdminDeleteIdentitySessionsRequest
+ * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+ * @param id ID is the identity's ID.
+ * @return V0alpha2ApiApiAdminDeleteIdentitySessionsRequest
 */
 func (a *V0alpha2ApiService) AdminDeleteIdentitySessions(ctx context.Context, id string) V0alpha2ApiApiAdminDeleteIdentitySessionsRequest {
 	return V0alpha2ApiApiAdminDeleteIdentitySessionsRequest{
@@ -2174,12 +2172,12 @@ func (r V0alpha2ApiApiAdminListIdentitiesRequest) Execute() ([]Identity, *http.R
 }
 
 /*
-  - AdminListIdentities # List Identities
-  - Lists all identities. Does not support search at the moment.
+ * AdminListIdentities # List Identities
+ * Lists all identities. Does not support search at the moment.
 
 Learn how identities work in [Ory Kratos' User And Identity Model Documentation](https://www.ory.sh/docs/next/kratos/concepts/identity-user-model).
-  - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
-  - @return V0alpha2ApiApiAdminListIdentitiesRequest
+ * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+ * @return V0alpha2ApiApiAdminListIdentitiesRequest
 */
 func (a *V0alpha2ApiService) AdminListIdentities(ctx context.Context) V0alpha2ApiApiAdminListIdentitiesRequest {
 	return V0alpha2ApiApiAdminListIdentitiesRequest{
@@ -2323,13 +2321,13 @@ func (r V0alpha2ApiApiAdminListIdentitySessionsRequest) Execute() ([]Session, *h
 }
 
 /*
-  - AdminListIdentitySessions This endpoint returns all sessions that belong to the given Identity.
-  - This endpoint is useful for:
+ * AdminListIdentitySessions This endpoint returns all sessions that belong to the given Identity.
+ * This endpoint is useful for:
 
 Listing all sessions that belong to an Identity in an administrative context.
-  - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
-  - @param id ID is the identity's ID.
-  - @return V0alpha2ApiApiAdminListIdentitySessionsRequest
+ * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+ * @param id ID is the identity's ID.
+ * @return V0alpha2ApiApiAdminListIdentitySessionsRequest
 */
 func (a *V0alpha2ApiService) AdminListIdentitySessions(ctx context.Context, id string) V0alpha2ApiApiAdminListIdentitySessionsRequest {
 	return V0alpha2ApiApiAdminListIdentitySessionsRequest{
@@ -2498,13 +2496,13 @@ func (r V0alpha2ApiApiAdminPatchIdentityRequest) Execute() (*Identity, *http.Res
 }
 
 /*
-  - AdminPatchIdentity Partially updates an Identity's field using [JSON Patch](https://jsonpatch.com/)
-  - NOTE: The fields `id`, `stateChangedAt` and `credentials` are not updateable.
+ * AdminPatchIdentity Partially updates an Identity's field using [JSON Patch](https://jsonpatch.com/)
+ * NOTE: The fields `id`, `stateChangedAt` and `credentials` are not updateable.
 
 Learn how identities work in [Ory Kratos' User And Identity Model Documentation](https://www.ory.sh/docs/next/kratos/concepts/identity-user-model).
-  - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
-  - @param id ID must be set to the ID of identity you want to update
-  - @return V0alpha2ApiApiAdminPatchIdentityRequest
+ * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+ * @param id ID must be set to the ID of identity you want to update
+ * @return V0alpha2ApiApiAdminPatchIdentityRequest
 */
 func (a *V0alpha2ApiService) AdminPatchIdentity(ctx context.Context, id string) V0alpha2ApiApiAdminPatchIdentityRequest {
 	return V0alpha2ApiApiAdminPatchIdentityRequest{
@@ -2666,13 +2664,13 @@ func (r V0alpha2ApiApiAdminUpdateIdentityRequest) Execute() (*Identity, *http.Re
 }
 
 /*
-  - AdminUpdateIdentity # Update an Identity
-  - This endpoint updates an identity. The full identity payload (except credentials) is expected. This endpoint does not support patching.
+ * AdminUpdateIdentity # Update an Identity
+ * This endpoint updates an identity. The full identity payload (except credentials) is expected. This endpoint does not support patching.
 
 Learn how identities work in [Ory Kratos' User And Identity Model Documentation](https://www.ory.sh/docs/next/kratos/concepts/identity-user-model).
-  - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
-  - @param id ID must be set to the ID of identity you want to update
-  - @return V0alpha2ApiApiAdminUpdateIdentityRequest
+ * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+ * @param id ID must be set to the ID of identity you want to update
+ * @return V0alpha2ApiApiAdminUpdateIdentityRequest
 */
 func (a *V0alpha2ApiService) AdminUpdateIdentity(ctx context.Context, id string) V0alpha2ApiApiAdminUpdateIdentityRequest {
 	return V0alpha2ApiApiAdminUpdateIdentityRequest{
@@ -2833,8 +2831,8 @@ func (r V0alpha2ApiApiCreateSelfServiceLogoutFlowUrlForBrowsersRequest) Execute(
 }
 
 /*
-  - CreateSelfServiceLogoutFlowUrlForBrowsers # Create a Logout URL for Browsers
-  - This endpoint initializes a browser-based user logout flow and a URL which can be used to log out the user.
+ * CreateSelfServiceLogoutFlowUrlForBrowsers # Create a Logout URL for Browsers
+ * This endpoint initializes a browser-based user logout flow and a URL which can be used to log out the user.
 
 This endpoint is NOT INTENDED for API clients and only works
 with browsers (Chrome, Firefox, ...). For API clients you can
@@ -2844,8 +2842,8 @@ The URL is only valid for the currently signed in user. If no user is signed in,
 a 401 error.
 
 When calling this endpoint from a backend, please ensure to properly forward the HTTP cookies.
-  - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
-  - @return V0alpha2ApiApiCreateSelfServiceLogoutFlowUrlForBrowsersRequest
+ * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+ * @return V0alpha2ApiApiCreateSelfServiceLogoutFlowUrlForBrowsersRequest
 */
 func (a *V0alpha2ApiService) CreateSelfServiceLogoutFlowUrlForBrowsers(ctx context.Context) V0alpha2ApiApiCreateSelfServiceLogoutFlowUrlForBrowsersRequest {
 	return V0alpha2ApiApiCreateSelfServiceLogoutFlowUrlForBrowsersRequest{
@@ -3095,16 +3093,16 @@ func (r V0alpha2ApiApiGetSelfServiceErrorRequest) Execute() (*SelfServiceError,
 }
 
 /*
-  - GetSelfServiceError # Get Self-Service Errors
-  - This endpoint returns the error associated with a user-facing self service errors.
+ * GetSelfServiceError # Get Self-Service Errors
+ * This endpoint returns the error associated with a user-facing self service errors.
 
 This endpoint supports stub values to help you implement the error UI:
 
 `?id=stub:500` - returns a stub 500 (Internal Server Error) error.
 
 More information can be found at [Ory Kratos User User Facing Error Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-facing-errors).
-  - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
-  - @return V0alpha2ApiApiGetSelfServiceErrorRequest
+ * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+ * @return V0alpha2ApiApiGetSelfServiceErrorRequest
 */
 func (a *V0alpha2ApiService) GetSelfServiceError(ctx context.Context) V0alpha2ApiApiGetSelfServiceErrorRequest {
 	return V0alpha2ApiApiGetSelfServiceErrorRequest{
@@ -3246,8 +3244,8 @@ func (r V0alpha2ApiApiGetSelfServiceLoginFlowRequest) Execute() (*SelfServiceLog
 }
 
 /*
-  - GetSelfServiceLoginFlow # Get Login Flow
-  - This endpoint returns a login flow's context with, for example, error details and other information.
+ * GetSelfServiceLoginFlow # Get Login Flow
+ * This endpoint returns a login flow's context with, for example, error details and other information.
 
 Browser flows expect the anti-CSRF cookie to be included in the request's HTTP Cookie Header.
 For AJAX requests you must ensure that cookies are included in the request or requests will fail.
@@ -3270,8 +3268,8 @@ This request may fail due to several reasons. The `error.id` can be one of:
 `self_service_flow_expired`: The flow is expired and you should request a new one.
 
 More information can be found at [Ory Kratos User Login](https://www.ory.sh/docs/kratos/self-service/flows/user-login) and [User Registration Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-registration).
-  - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
-  - @return V0alpha2ApiApiGetSelfServiceLoginFlowRequest
+ * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+ * @return V0alpha2ApiApiGetSelfServiceLoginFlowRequest
 */
 func (a *V0alpha2ApiService) GetSelfServiceLoginFlow(ctx context.Context) V0alpha2ApiApiGetSelfServiceLoginFlowRequest {
 	return V0alpha2ApiApiGetSelfServiceLoginFlowRequest{
@@ -3426,8 +3424,8 @@ func (r V0alpha2ApiApiGetSelfServiceRecoveryFlowRequest) Execute() (*SelfService
 }
 
 /*
-  - GetSelfServiceRecoveryFlow # Get Recovery Flow
-  - This endpoint returns a recovery flow's context with, for example, error details and other information.
+ * GetSelfServiceRecoveryFlow # Get Recovery Flow
+ * This endpoint returns a recovery flow's context with, for example, error details and other information.
 
 Browser flows expect the anti-CSRF cookie to be included in the request's HTTP Cookie Header.
 For AJAX requests you must ensure that cookies are included in the request or requests will fail.
@@ -3445,8 +3443,8 @@ res.render('recovery', flow)
 ```
 
 More information can be found at [Ory Kratos Account Recovery Documentation](../self-service/flows/account-recovery).
-  - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
-  - @return V0alpha2ApiApiGetSelfServiceRecoveryFlowRequest
+ * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+ * @return V0alpha2ApiApiGetSelfServiceRecoveryFlowRequest
 */
 func (a *V0alpha2ApiService) GetSelfServiceRecoveryFlow(ctx context.Context) V0alpha2ApiApiGetSelfServiceRecoveryFlowRequest {
 	return V0alpha2ApiApiGetSelfServiceRecoveryFlowRequest{
@@ -3591,8 +3589,8 @@ func (r V0alpha2ApiApiGetSelfServiceRegistrationFlowRequest) Execute() (*SelfSer
 }
 
 /*
-  - GetSelfServiceRegistrationFlow # Get Registration Flow
-  - This endpoint returns a registration flow's context with, for example, error details and other information.
+ * GetSelfServiceRegistrationFlow # Get Registration Flow
+ * This endpoint returns a registration flow's context with, for example, error details and other information.
 
 Browser flows expect the anti-CSRF cookie to be included in the request's HTTP Cookie Header.
 For AJAX requests you must ensure that cookies are included in the request or requests will fail.
@@ -3615,8 +3613,8 @@ This request may fail due to several reasons. The `error.id` can be one of:
 `self_service_flow_expired`: The flow is expired and you should request a new one.
 
 More information can be found at [Ory Kratos User Login](https://www.ory.sh/docs/kratos/self-service/flows/user-login) and [User Registration Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-registration).
-  - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
-  - @return V0alpha2ApiApiGetSelfServiceRegistrationFlowRequest
+ * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+ * @return V0alpha2ApiApiGetSelfServiceRegistrationFlowRequest
 */
 func (a *V0alpha2ApiService) GetSelfServiceRegistrationFlow(ctx context.Context) V0alpha2ApiApiGetSelfServiceRegistrationFlowRequest {
 	return V0alpha2ApiApiGetSelfServiceRegistrationFlowRequest{
@@ -3776,9 +3774,8 @@ func (r V0alpha2ApiApiGetSelfServiceSettingsFlowRequest) Execute() (*SelfService
 }
 
 /*
-  - GetSelfServiceSettingsFlow # Get Settings Flow
-  - When accessing this endpoint through Ory Kratos' Public API you must ensure that either the Ory Kratos Session Cookie
-
+ * GetSelfServiceSettingsFlow # Get Settings Flow
+ * When accessing this endpoint through Ory Kratos' Public API you must ensure that either the Ory Kratos Session Cookie
 or the Ory Kratos Session Token are set.
 
 Depending on your configuration this endpoint might return a 403 error if the session has a lower Authenticator
@@ -3797,8 +3794,8 @@ case of an error, the `error.id` of the JSON response body can be one of:
 identity logged in instead.
 
 More information can be found at [Ory Kratos User Settings & Profile Management Documentation](../self-service/flows/user-settings).
-  - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
-  - @return V0alpha2ApiApiGetSelfServiceSettingsFlowRequest
+ * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+ * @return V0alpha2ApiApiGetSelfServiceSettingsFlowRequest
 */
 func (a *V0alpha2ApiService) GetSelfServiceSettingsFlow(ctx context.Context) V0alpha2ApiApiGetSelfServiceSettingsFlowRequest {
 	return V0alpha2ApiApiGetSelfServiceSettingsFlowRequest{
@@ -3966,8 +3963,8 @@ func (r V0alpha2ApiApiGetSelfServiceVerificationFlowRequest) Execute() (*SelfSer
 }
 
 /*
-  - GetSelfServiceVerificationFlow # Get Verification Flow
-  - This endpoint returns a verification flow's context with, for example, error details and other information.
+ * GetSelfServiceVerificationFlow # Get Verification Flow
+ * This endpoint returns a verification flow's context with, for example, error details and other information.
 
 Browser flows expect the anti-CSRF cookie to be included in the request's HTTP Cookie Header.
 For AJAX requests you must ensure that cookies are included in the request or requests will fail.
@@ -3984,8 +3981,8 @@ res.render('verification', flow)
 })
 
 More information can be found at [Ory Kratos Email and Phone Verification Documentation](https://www.ory.sh/docs/kratos/selfservice/flows/verify-email-account-activation).
-  - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
-  - @return V0alpha2ApiApiGetSelfServiceVerificationFlowRequest
+ * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+ * @return V0alpha2ApiApiGetSelfServiceVerificationFlowRequest
 */
 func (a *V0alpha2ApiService) GetSelfServiceVerificationFlow(ctx context.Context) V0alpha2ApiApiGetSelfServiceVerificationFlowRequest {
 	return V0alpha2ApiApiGetSelfServiceVerificationFlowRequest{
@@ -4119,8 +4116,8 @@ func (r V0alpha2ApiApiGetWebAuthnJavaScriptRequest) Execute() (string, *http.Res
 }
 
 /*
-  - GetWebAuthnJavaScript # Get WebAuthn JavaScript
-  - This endpoint provides JavaScript which is needed in order to perform WebAuthn login and registration.
+ * GetWebAuthnJavaScript # Get WebAuthn JavaScript
+ * This endpoint provides JavaScript which is needed in order to perform WebAuthn login and registration.
 
 If you are building a JavaScript Browser App (e.g. in ReactJS or AngularJS) you will need to load this file:
 
@@ -4129,8 +4126,8 @@ If you are building a JavaScript Browser App (e.g. in ReactJS or AngularJS) you
 ```
 
 More information can be found at [Ory Kratos User Login](https://www.ory.sh/docs/kratos/self-service/flows/user-login) and [User Registration Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-registration).
-  - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
-  - @return V0alpha2ApiApiGetWebAuthnJavaScriptRequest
+ * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+ * @return V0alpha2ApiApiGetWebAuthnJavaScriptRequest
 */
 func (a *V0alpha2ApiService) GetWebAuthnJavaScript(ctx context.Context) V0alpha2ApiApiGetWebAuthnJavaScriptRequest {
 	return V0alpha2ApiApiGetWebAuthnJavaScriptRequest{
@@ -4249,9 +4246,8 @@ func (r V0alpha2ApiApiInitializeSelfServiceLoginFlowForBrowsersRequest) Execute(
 }
 
 /*
-  - InitializeSelfServiceLoginFlowForBrowsers # Initialize Login Flow for Browsers
-  - This endpoint initializes a browser-based user login flow. This endpoint will set the appropriate
-
+ * InitializeSelfServiceLoginFlowForBrowsers # Initialize Login Flow for Browsers
+ * This endpoint initializes a browser-based user login flow. This endpoint will set the appropriate
 cookies and anti-CSRF measures required for browser-based flows.
 
 If this endpoint is opened as a link in the browser, it will be redirected to
@@ -4270,8 +4266,8 @@ case of an error, the `error.id` of the JSON response body can be one of:
 This endpoint is NOT INTENDED for clients that do not have a browser (Chrome, Firefox, ...) as cookies are needed.
 
 More information can be found at [Ory Kratos User Login](https://www.ory.sh/docs/kratos/self-service/flows/user-login) and [User Registration Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-registration).
-  - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
-  - @return V0alpha2ApiApiInitializeSelfServiceLoginFlowForBrowsersRequest
+ * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+ * @return V0alpha2ApiApiInitializeSelfServiceLoginFlowForBrowsersRequest
 */
 func (a *V0alpha2ApiService) InitializeSelfServiceLoginFlowForBrowsers(ctx context.Context) V0alpha2ApiApiInitializeSelfServiceLoginFlowForBrowsersRequest {
 	return V0alpha2ApiApiInitializeSelfServiceLoginFlowForBrowsersRequest{
@@ -4416,8 +4412,8 @@ func (r V0alpha2ApiApiInitializeSelfServiceLoginFlowWithoutBrowserRequest) Execu
 }
 
 /*
-  - InitializeSelfServiceLoginFlowWithoutBrowser Initialize Login Flow for APIs, Services, Apps, ...
-  - This endpoint initiates a login flow for API clients that do not use a browser, such as mobile devices, smart TVs, and so on.
+ * InitializeSelfServiceLoginFlowWithoutBrowser Initialize Login Flow for APIs, Services, Apps, ...
+ * This endpoint initiates a login flow for API clients that do not use a browser, such as mobile devices, smart TVs, and so on.
 
 If a valid provided session cookie or session token is provided, a 400 Bad Request error
 will be returned unless the URL query parameter `?refresh=true` is set.
@@ -4437,8 +4433,8 @@ In the case of an error, the `error.id` of the JSON response body can be one of:
 This endpoint MUST ONLY be used in scenarios such as native mobile apps (React Native, Objective C, Swift, Java, ...).
 
 More information can be found at [Ory Kratos User Login](https://www.ory.sh/docs/kratos/self-service/flows/user-login) and [User Registration Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-registration).
-  - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
-  - @return V0alpha2ApiApiInitializeSelfServiceLoginFlowWithoutBrowserRequest
+ * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+ * @return V0alpha2ApiApiInitializeSelfServiceLoginFlowWithoutBrowserRequest
 */
 func (a *V0alpha2ApiService) InitializeSelfServiceLoginFlowWithoutBrowser(ctx context.Context) V0alpha2ApiApiInitializeSelfServiceLoginFlowWithoutBrowserRequest {
 	return V0alpha2ApiApiInitializeSelfServiceLoginFlowWithoutBrowserRequest{
@@ -4570,9 +4566,8 @@ func (r V0alpha2ApiApiInitializeSelfServiceRecoveryFlowForBrowsersRequest) Execu
 }
 
 /*
-  - InitializeSelfServiceRecoveryFlowForBrowsers # Initialize Recovery Flow for Browsers
-  - This endpoint initializes a browser-based account recovery flow. Once initialized, the browser will be redirected to
-
+ * InitializeSelfServiceRecoveryFlowForBrowsers # Initialize Recovery Flow for Browsers
+ * This endpoint initializes a browser-based account recovery flow. Once initialized, the browser will be redirected to
 `selfservice.flows.recovery.ui_url` with the flow ID set as the query parameter `?flow=`. If a valid user session
 exists, the browser is returned to the configured return URL.
 
@@ -4582,8 +4577,8 @@ or a 400 bad request error if the user is already authenticated.
 This endpoint is NOT INTENDED for clients that do not have a browser (Chrome, Firefox, ...) as cookies are needed.
 
 More information can be found at [Ory Kratos Account Recovery Documentation](../self-service/flows/account-recovery).
-  - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
-  - @return V0alpha2ApiApiInitializeSelfServiceRecoveryFlowForBrowsersRequest
+ * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+ * @return V0alpha2ApiApiInitializeSelfServiceRecoveryFlowForBrowsersRequest
 */
 func (a *V0alpha2ApiService) InitializeSelfServiceRecoveryFlowForBrowsers(ctx context.Context) V0alpha2ApiApiInitializeSelfServiceRecoveryFlowForBrowsersRequest {
 	return V0alpha2ApiApiInitializeSelfServiceRecoveryFlowForBrowsersRequest{
@@ -4703,8 +4698,8 @@ func (r V0alpha2ApiApiInitializeSelfServiceRecoveryFlowWithoutBrowserRequest) Ex
 }
 
 /*
-  - InitializeSelfServiceRecoveryFlowWithoutBrowser Initialize Recovery Flow for APIs, Services, Apps, ...
-  - This endpoint initiates a recovery flow for API clients such as mobile devices, smart TVs, and so on.
+ * InitializeSelfServiceRecoveryFlowWithoutBrowser Initialize Recovery Flow for APIs, Services, Apps, ...
+ * This endpoint initiates a recovery flow for API clients such as mobile devices, smart TVs, and so on.
 
 If a valid provided session cookie or session token is provided, a 400 Bad Request error.
 
@@ -4717,8 +4712,8 @@ you vulnerable to a variety of CSRF attacks.
 This endpoint MUST ONLY be used in scenarios such as native mobile apps (React Native, Objective C, Swift, Java, ...).
 
 More information can be found at [Ory Kratos Account Recovery Documentation](../self-service/flows/account-recovery).
-  - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
-  - @return V0alpha2ApiApiInitializeSelfServiceRecoveryFlowWithoutBrowserRequest
+ * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+ * @return V0alpha2ApiApiInitializeSelfServiceRecoveryFlowWithoutBrowserRequest
 */
 func (a *V0alpha2ApiService) InitializeSelfServiceRecoveryFlowWithoutBrowser(ctx context.Context) V0alpha2ApiApiInitializeSelfServiceRecoveryFlowWithoutBrowserRequest {
 	return V0alpha2ApiApiInitializeSelfServiceRecoveryFlowWithoutBrowserRequest{
@@ -4841,9 +4836,8 @@ func (r V0alpha2ApiApiInitializeSelfServiceRegistrationFlowForBrowsersRequest) E
 }
 
 /*
-  - InitializeSelfServiceRegistrationFlowForBrowsers # Initialize Registration Flow for Browsers
-  - This endpoint initializes a browser-based user registration flow. This endpoint will set the appropriate
-
+ * InitializeSelfServiceRegistrationFlowForBrowsers # Initialize Registration Flow for Browsers
+ * This endpoint initializes a browser-based user registration flow. This endpoint will set the appropriate
 cookies and anti-CSRF measures required for browser-based flows.
 
 :::info
@@ -4868,8 +4862,8 @@ If this endpoint is called via an AJAX request, the response contains the regist
 This endpoint is NOT INTENDED for clients that do not have a browser (Chrome, Firefox, ...) as cookies are needed.
 
 More information can be found at [Ory Kratos User Login](https://www.ory.sh/docs/kratos/self-service/flows/user-login) and [User Registration Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-registration).
-  - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
-  - @return V0alpha2ApiApiInitializeSelfServiceRegistrationFlowForBrowsersRequest
+ * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+ * @return V0alpha2ApiApiInitializeSelfServiceRegistrationFlowForBrowsersRequest
 */
 func (a *V0alpha2ApiService) InitializeSelfServiceRegistrationFlowForBrowsers(ctx context.Context) V0alpha2ApiApiInitializeSelfServiceRegistrationFlowForBrowsersRequest {
 	return V0alpha2ApiApiInitializeSelfServiceRegistrationFlowForBrowsersRequest{
@@ -4979,8 +4973,8 @@ func (r V0alpha2ApiApiInitializeSelfServiceRegistrationFlowWithoutBrowserRequest
 }
 
 /*
-  - InitializeSelfServiceRegistrationFlowWithoutBrowser Initialize Registration Flow for APIs, Services, Apps, ...
-  - This endpoint initiates a registration flow for API clients such as mobile devices, smart TVs, and so on.
+ * InitializeSelfServiceRegistrationFlowWithoutBrowser Initialize Registration Flow for APIs, Services, Apps, ...
+ * This endpoint initiates a registration flow for API clients such as mobile devices, smart TVs, and so on.
 
 If a valid provided session cookie or session token is provided, a 400 Bad Request error
 will be returned unless the URL query parameter `?refresh=true` is set.
@@ -4999,8 +4993,8 @@ In the case of an error, the `error.id` of the JSON response body can be one of:
 This endpoint MUST ONLY be used in scenarios such as native mobile apps (React Native, Objective C, Swift, Java, ...).
 
 More information can be found at [Ory Kratos User Login](https://www.ory.sh/docs/kratos/self-service/flows/user-login) and [User Registration Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-registration).
-  - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
-  - @return V0alpha2ApiApiInitializeSelfServiceRegistrationFlowWithoutBrowserRequest
+ * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+ * @return V0alpha2ApiApiInitializeSelfServiceRegistrationFlowWithoutBrowserRequest
 */
 func (a *V0alpha2ApiService) InitializeSelfServiceRegistrationFlowWithoutBrowser(ctx context.Context) V0alpha2ApiApiInitializeSelfServiceRegistrationFlowWithoutBrowserRequest {
 	return V0alpha2ApiApiInitializeSelfServiceRegistrationFlowWithoutBrowserRequest{
@@ -5128,9 +5122,8 @@ func (r V0alpha2ApiApiInitializeSelfServiceSettingsFlowForBrowsersRequest) Execu
 }
 
 /*
-  - InitializeSelfServiceSettingsFlowForBrowsers # Initialize Settings Flow for Browsers
-  - This endpoint initializes a browser-based user settings flow. Once initialized, the browser will be redirected to
-
+ * InitializeSelfServiceSettingsFlowForBrowsers # Initialize Settings Flow for Browsers
+ * This endpoint initializes a browser-based user settings flow. Once initialized, the browser will be redirected to
 `selfservice.flows.settings.ui_url` with the flow ID set as the query parameter `?flow=`. If no valid
 Ory Kratos Session Cookie is included in the request, a login flow will be initialized.
 
@@ -5156,8 +5149,8 @@ case of an error, the `error.id` of the JSON response body can be one of:
 This endpoint is NOT INTENDED for clients that do not have a browser (Chrome, Firefox, ...) as cookies are needed.
 
 More information can be found at [Ory Kratos User Settings & Profile Management Documentation](../self-service/flows/user-settings).
-  - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
-  - @return V0alpha2ApiApiInitializeSelfServiceSettingsFlowForBrowsersRequest
+ * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+ * @return V0alpha2ApiApiInitializeSelfServiceSettingsFlowForBrowsersRequest
 */
 func (a *V0alpha2ApiService) InitializeSelfServiceSettingsFlowForBrowsers(ctx context.Context) V0alpha2ApiApiInitializeSelfServiceSettingsFlowForBrowsersRequest {
 	return V0alpha2ApiApiInitializeSelfServiceSettingsFlowForBrowsersRequest{
@@ -5306,9 +5299,8 @@ func (r V0alpha2ApiApiInitializeSelfServiceSettingsFlowWithoutBrowserRequest) Ex
 }
 
 /*
-  - InitializeSelfServiceSettingsFlowWithoutBrowser Initialize Settings Flow for APIs, Services, Apps, ...
-  - This endpoint initiates a settings flow for API clients such as mobile devices, smart TVs, and so on.
-
+ * InitializeSelfServiceSettingsFlowWithoutBrowser Initialize Settings Flow for APIs, Services, Apps, ...
+ * This endpoint initiates a settings flow for API clients such as mobile devices, smart TVs, and so on.
 You must provide a valid Ory Kratos Session Token for this endpoint to respond with HTTP 200 OK.
 
 To fetch an existing settings flow call `/self-service/settings/flows?flow=`.
@@ -5330,8 +5322,8 @@ In the case of an error, the `error.id` of the JSON response body can be one of:
 This endpoint MUST ONLY be used in scenarios such as native mobile apps (React Native, Objective C, Swift, Java, ...).
 
 More information can be found at [Ory Kratos User Settings & Profile Management Documentation](../self-service/flows/user-settings).
-  - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
-  - @return V0alpha2ApiApiInitializeSelfServiceSettingsFlowWithoutBrowserRequest
+ * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+ * @return V0alpha2ApiApiInitializeSelfServiceSettingsFlowWithoutBrowserRequest
 */
 func (a *V0alpha2ApiService) InitializeSelfServiceSettingsFlowWithoutBrowser(ctx context.Context) V0alpha2ApiApiInitializeSelfServiceSettingsFlowWithoutBrowserRequest {
 	return V0alpha2ApiApiInitializeSelfServiceSettingsFlowWithoutBrowserRequest{
@@ -5457,9 +5449,8 @@ func (r V0alpha2ApiApiInitializeSelfServiceVerificationFlowForBrowsersRequest) E
 }
 
 /*
-  - InitializeSelfServiceVerificationFlowForBrowsers # Initialize Verification Flow for Browser Clients
-  - This endpoint initializes a browser-based account verification flow. Once initialized, the browser will be redirected to
-
+ * InitializeSelfServiceVerificationFlowForBrowsers # Initialize Verification Flow for Browser Clients
+ * This endpoint initializes a browser-based account verification flow. Once initialized, the browser will be redirected to
 `selfservice.flows.verification.ui_url` with the flow ID set as the query parameter `?flow=`.
 
 If this endpoint is called via an AJAX request, the response contains the recovery flow without any redirects.
@@ -5467,8 +5458,8 @@ If this endpoint is called via an AJAX request, the response contains the recove
 This endpoint is NOT INTENDED for API clients and only works with browsers (Chrome, Firefox, ...).
 
 More information can be found at [Ory Kratos Email and Phone Verification Documentation](https://www.ory.sh/docs/kratos/selfservice/flows/verify-email-account-activation).
-  - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
-  - @return V0alpha2ApiApiInitializeSelfServiceVerificationFlowForBrowsersRequest
+ * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+ * @return V0alpha2ApiApiInitializeSelfServiceVerificationFlowForBrowsersRequest
 */
 func (a *V0alpha2ApiService) InitializeSelfServiceVerificationFlowForBrowsers(ctx context.Context) V0alpha2ApiApiInitializeSelfServiceVerificationFlowForBrowsersRequest {
 	return V0alpha2ApiApiInitializeSelfServiceVerificationFlowForBrowsersRequest{
@@ -5578,8 +5569,8 @@ func (r V0alpha2ApiApiInitializeSelfServiceVerificationFlowWithoutBrowserRequest
 }
 
 /*
-  - InitializeSelfServiceVerificationFlowWithoutBrowser Initialize Verification Flow for APIs, Services, Apps, ...
-  - This endpoint initiates a verification flow for API clients such as mobile devices, smart TVs, and so on.
+ * InitializeSelfServiceVerificationFlowWithoutBrowser Initialize Verification Flow for APIs, Services, Apps, ...
+ * This endpoint initiates a verification flow for API clients such as mobile devices, smart TVs, and so on.
 
 To fetch an existing verification flow call `/self-service/verification/flows?flow=`.
 
@@ -5590,8 +5581,8 @@ you vulnerable to a variety of CSRF attacks.
 This endpoint MUST ONLY be used in scenarios such as native mobile apps (React Native, Objective C, Swift, Java, ...).
 
 More information can be found at [Ory Kratos Email and Phone Verification Documentation](https://www.ory.sh/docs/kratos/self-service/flows/verify-email-account-activation).
-  - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
-  - @return V0alpha2ApiApiInitializeSelfServiceVerificationFlowWithoutBrowserRequest
+ * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+ * @return V0alpha2ApiApiInitializeSelfServiceVerificationFlowWithoutBrowserRequest
 */
 func (a *V0alpha2ApiService) InitializeSelfServiceVerificationFlowWithoutBrowser(ctx context.Context) V0alpha2ApiApiInitializeSelfServiceVerificationFlowWithoutBrowserRequest {
 	return V0alpha2ApiApiInitializeSelfServiceVerificationFlowWithoutBrowserRequest{
@@ -5856,12 +5847,12 @@ func (r V0alpha2ApiApiListSessionsRequest) Execute() ([]Session, *http.Response,
 }
 
 /*
-  - ListSessions This endpoints returns all other active sessions that belong to the logged-in user. The current session can be retrieved by calling the `/sessions/whoami` endpoint.
-  - This endpoint is useful for:
+ * ListSessions This endpoints returns all other active sessions that belong to the logged-in user. The current session can be retrieved by calling the `/sessions/whoami` endpoint.
+ * This endpoint is useful for:
 
 Displaying all other sessions that belong to the logged-in user
-  - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
-  - @return V0alpha2ApiApiListSessionsRequest
+ * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+ * @return V0alpha2ApiApiListSessionsRequest
 */
 func (a *V0alpha2ApiService) ListSessions(ctx context.Context) V0alpha2ApiApiListSessionsRequest {
 	return V0alpha2ApiApiListSessionsRequest{
@@ -6011,13 +6002,13 @@ func (r V0alpha2ApiApiRevokeSessionRequest) Execute() (*http.Response, error) {
 }
 
 /*
-  - RevokeSession Calling this endpoint invalidates the specified session. The current session cannot be revoked. Session data are not deleted.
-  - This endpoint is useful for:
+ * RevokeSession Calling this endpoint invalidates the specified session. The current session cannot be revoked. Session data are not deleted.
+ * This endpoint is useful for:
 
 To forcefully logout the current user from another device or session
-  - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
-  - @param id ID is the session's ID.
-  - @return V0alpha2ApiApiRevokeSessionRequest
+ * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+ * @param id ID is the session's ID.
+ * @return V0alpha2ApiApiRevokeSessionRequest
 */
 func (a *V0alpha2ApiService) RevokeSession(ctx context.Context, id string) V0alpha2ApiApiRevokeSessionRequest {
 	return V0alpha2ApiApiRevokeSessionRequest{
@@ -6146,12 +6137,12 @@ func (r V0alpha2ApiApiRevokeSessionsRequest) Execute() (*RevokedSessions, *http.
 }
 
 /*
-  - RevokeSessions Calling this endpoint invalidates all except the current session that belong to the logged-in user. Session data are not deleted.
-  - This endpoint is useful for:
+ * RevokeSessions Calling this endpoint invalidates all except the current session that belong to the logged-in user. Session data are not deleted.
+ * This endpoint is useful for:
 
 To forcefully logout the current user from all other devices and sessions
-  - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
-  - @return V0alpha2ApiApiRevokeSessionsRequest
+ * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+ * @return V0alpha2ApiApiRevokeSessionsRequest
 */
 func (a *V0alpha2ApiService) RevokeSessions(ctx context.Context) V0alpha2ApiApiRevokeSessionsRequest {
 	return V0alpha2ApiApiRevokeSessionsRequest{
@@ -6315,8 +6306,8 @@ func (r V0alpha2ApiApiSubmitSelfServiceLoginFlowRequest) Execute() (*SuccessfulS
 }
 
 /*
-  - SubmitSelfServiceLoginFlow # Submit a Login Flow
-  - :::info
+ * SubmitSelfServiceLoginFlow # Submit a Login Flow
+ * :::info
 
 This endpoint is EXPERIMENTAL and subject to potential breaking changes in the future.
 
@@ -6349,8 +6340,8 @@ case of an error, the `error.id` of the JSON response body can be one of:
 Most likely used in Social Sign In flows.
 
 More information can be found at [Ory Kratos User Login](https://www.ory.sh/docs/kratos/self-service/flows/user-login) and [User Registration Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-registration).
-  - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
-  - @return V0alpha2ApiApiSubmitSelfServiceLoginFlowRequest
+ * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+ * @return V0alpha2ApiApiSubmitSelfServiceLoginFlowRequest
 */
 func (a *V0alpha2ApiService) SubmitSelfServiceLoginFlow(ctx context.Context) V0alpha2ApiApiSubmitSelfServiceLoginFlowRequest {
 	return V0alpha2ApiApiSubmitSelfServiceLoginFlowRequest{
@@ -6513,8 +6504,8 @@ func (r V0alpha2ApiApiSubmitSelfServiceLogoutFlowRequest) Execute() (*http.Respo
 }
 
 /*
-  - SubmitSelfServiceLogoutFlow # Complete Self-Service Logout
-  - This endpoint logs out an identity in a self-service manner.
+ * SubmitSelfServiceLogoutFlow # Complete Self-Service Logout
+ * This endpoint logs out an identity in a self-service manner.
 
 If the `Accept` HTTP header is not set to `application/json`, the browser will be redirected (HTTP 303 See Other)
 to the `return_to` parameter of the initial request or fall back to `urls.default_return_to`.
@@ -6527,8 +6518,8 @@ with browsers (Chrome, Firefox, ...). For API clients you can
 call the `/self-service/logout/api` URL directly with the Ory Session Token.
 
 More information can be found at [Ory Kratos User Logout Documentation](https://www.ory.sh/docs/next/kratos/self-service/flows/user-logout).
-  - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
-  - @return V0alpha2ApiApiSubmitSelfServiceLogoutFlowRequest
+ * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+ * @return V0alpha2ApiApiSubmitSelfServiceLogoutFlowRequest
 */
 func (a *V0alpha2ApiService) SubmitSelfServiceLogoutFlow(ctx context.Context) V0alpha2ApiApiSubmitSelfServiceLogoutFlowRequest {
 	return V0alpha2ApiApiSubmitSelfServiceLogoutFlowRequest{
@@ -6636,9 +6627,8 @@ func (r V0alpha2ApiApiSubmitSelfServiceLogoutFlowWithoutBrowserRequest) Execute(
 }
 
 /*
-  - SubmitSelfServiceLogoutFlowWithoutBrowser Perform Logout for APIs, Services, Apps, ...
-  - Use this endpoint to log out an identity using an Ory Session Token. If the Ory Session Token was successfully
-
+ * SubmitSelfServiceLogoutFlowWithoutBrowser Perform Logout for APIs, Services, Apps, ...
+ * Use this endpoint to log out an identity using an Ory Session Token. If the Ory Session Token was successfully
 revoked, the server returns a 204 No Content response. A 204 No Content response is also sent when
 the Ory Session Token has been revoked already before.
 
@@ -6646,8 +6636,8 @@ If the Ory Session Token is malformed or does not exist a 403 Forbidden response
 
 This endpoint does not remove any HTTP
 Cookies - use the Browser-Based Self-Service Logout Flow instead.
-  - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
-  - @return V0alpha2ApiApiSubmitSelfServiceLogoutFlowWithoutBrowserRequest
+ * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+ * @return V0alpha2ApiApiSubmitSelfServiceLogoutFlowWithoutBrowserRequest
 */
 func (a *V0alpha2ApiService) SubmitSelfServiceLogoutFlowWithoutBrowser(ctx context.Context) V0alpha2ApiApiSubmitSelfServiceLogoutFlowWithoutBrowserRequest {
 	return V0alpha2ApiApiSubmitSelfServiceLogoutFlowWithoutBrowserRequest{
@@ -6779,9 +6769,8 @@ func (r V0alpha2ApiApiSubmitSelfServiceRecoveryFlowRequest) Execute() (*SelfServ
 }
 
 /*
-  - SubmitSelfServiceRecoveryFlow # Complete Recovery Flow
-  - Use this endpoint to complete a recovery flow. This endpoint
-
+ * SubmitSelfServiceRecoveryFlow # Complete Recovery Flow
+ * Use this endpoint to complete a recovery flow. This endpoint
 behaves differently for API and browser flows and has several states:
 
 `choose_method` expects `flow` (in the URL query) and `email` (in the body) to be sent
@@ -6797,8 +6786,8 @@ does not have any API capabilities. The server responds with a HTTP 303 See Othe
 a new Recovery Flow ID which contains an error message that the recovery link was invalid.
 
 More information can be found at [Ory Kratos Account Recovery Documentation](../self-service/flows/account-recovery).
-  - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
-  - @return V0alpha2ApiApiSubmitSelfServiceRecoveryFlowRequest
+ * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+ * @return V0alpha2ApiApiSubmitSelfServiceRecoveryFlowRequest
 */
 func (a *V0alpha2ApiService) SubmitSelfServiceRecoveryFlow(ctx context.Context) V0alpha2ApiApiSubmitSelfServiceRecoveryFlowRequest {
 	return V0alpha2ApiApiSubmitSelfServiceRecoveryFlowRequest{
@@ -6956,9 +6945,8 @@ func (r V0alpha2ApiApiSubmitSelfServiceRegistrationFlowRequest) Execute() (*Succ
 }
 
 /*
-  - SubmitSelfServiceRegistrationFlow # Submit a Registration Flow
-  - Use this endpoint to complete a registration flow by sending an identity's traits and password. This endpoint
-
+ * SubmitSelfServiceRegistrationFlow # Submit a Registration Flow
+ * Use this endpoint to complete a registration flow by sending an identity's traits and password. This endpoint
 behaves differently for API and browser flows.
 
 API flows expect `application/json` to be sent in the body and respond with
@@ -6986,8 +6974,8 @@ case of an error, the `error.id` of the JSON response body can be one of:
 Most likely used in Social Sign In flows.
 
 More information can be found at [Ory Kratos User Login](https://www.ory.sh/docs/kratos/self-service/flows/user-login) and [User Registration Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-registration).
-  - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
-  - @return V0alpha2ApiApiSubmitSelfServiceRegistrationFlowRequest
+ * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+ * @return V0alpha2ApiApiSubmitSelfServiceRegistrationFlowRequest
 */
 func (a *V0alpha2ApiService) SubmitSelfServiceRegistrationFlow(ctx context.Context) V0alpha2ApiApiSubmitSelfServiceRegistrationFlowRequest {
 	return V0alpha2ApiApiSubmitSelfServiceRegistrationFlowRequest{
@@ -7157,9 +7145,8 @@ func (r V0alpha2ApiApiSubmitSelfServiceSettingsFlowRequest) Execute() (*SelfServ
 }
 
 /*
-  - SubmitSelfServiceSettingsFlow # Complete Settings Flow
-  - Use this endpoint to complete a settings flow by sending an identity's updated password. This endpoint
-
+ * SubmitSelfServiceSettingsFlow # Complete Settings Flow
+ * Use this endpoint to complete a settings flow by sending an identity's updated password. This endpoint
 behaves differently for API and browser flows.
 
 API-initiated flows expect `application/json` to be sent in the body and respond with
@@ -7202,8 +7189,8 @@ identity logged in instead.
 Most likely used in Social Sign In flows.
 
 More information can be found at [Ory Kratos User Settings & Profile Management Documentation](../self-service/flows/user-settings).
-  - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
-  - @return V0alpha2ApiApiSubmitSelfServiceSettingsFlowRequest
+ * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+ * @return V0alpha2ApiApiSubmitSelfServiceSettingsFlowRequest
 */
 func (a *V0alpha2ApiService) SubmitSelfServiceSettingsFlow(ctx context.Context) V0alpha2ApiApiSubmitSelfServiceSettingsFlowRequest {
 	return V0alpha2ApiApiSubmitSelfServiceSettingsFlowRequest{
@@ -7396,9 +7383,8 @@ func (r V0alpha2ApiApiSubmitSelfServiceVerificationFlowRequest) Execute() (*Self
 }
 
 /*
-  - SubmitSelfServiceVerificationFlow # Complete Verification Flow
-  - Use this endpoint to complete a verification flow. This endpoint
-
+ * SubmitSelfServiceVerificationFlow # Complete Verification Flow
+ * Use this endpoint to complete a verification flow. This endpoint
 behaves differently for API and browser flows and has several states:
 
 `choose_method` expects `flow` (in the URL query) and `email` (in the body) to be sent
@@ -7414,8 +7400,8 @@ does not have any API capabilities. The server responds with a HTTP 303 See Othe
 a new Verification Flow ID which contains an error message that the verification link was invalid.
 
 More information can be found at [Ory Kratos Email and Phone Verification Documentation](https://www.ory.sh/docs/kratos/selfservice/flows/verify-email-account-activation).
-  - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
-  - @return V0alpha2ApiApiSubmitSelfServiceVerificationFlowRequest
+ * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+ * @return V0alpha2ApiApiSubmitSelfServiceVerificationFlowRequest
 */
 func (a *V0alpha2ApiService) SubmitSelfServiceVerificationFlow(ctx context.Context) V0alpha2ApiApiSubmitSelfServiceVerificationFlowRequest {
 	return V0alpha2ApiApiSubmitSelfServiceVerificationFlowRequest{
@@ -7568,9 +7554,8 @@ func (r V0alpha2ApiApiToSessionRequest) Execute() (*Session, *http.Response, err
 }
 
 /*
-  - ToSession # Check Who the Current HTTP Session Belongs To
-  - Uses the HTTP Headers in the GET request to determine (e.g. by using checking the cookies) who is authenticated.
-
+ * ToSession # Check Who the Current HTTP Session Belongs To
+ * Uses the HTTP Headers in the GET request to determine (e.g. by using checking the cookies) who is authenticated.
 Returns a session object in the body or 401 if the credentials are invalid or no credentials were sent.
 Additionally when the request it successful it adds the user ID to the 'X-Kratos-Authenticated-Identity-Id' header
 in the response.
@@ -7619,8 +7604,8 @@ As explained above, this request may fail due to several reasons. The `error.id`
 
 `session_inactive`: No active session was found in the request (e.g. no Ory Session Cookie / Ory Session Token).
 `session_aal2_required`: An active session was found but it does not fulfil the Authenticator Assurance Level, implying that the session must (e.g.) authenticate the second factor.
-  - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
-  - @return V0alpha2ApiApiToSessionRequest
+ * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+ * @return V0alpha2ApiApiToSessionRequest
 */
 func (a *V0alpha2ApiService) ToSession(ctx context.Context) V0alpha2ApiApiToSessionRequest {
 	return V0alpha2ApiApiToSessionRequest{

From 20fdfe8ddfe8f2922a8fa6c544319ebd8fa5d524 Mon Sep 17 00:00:00 2001
From: Kevin Goslar 
Date: Fri, 16 Sep 2022 02:19:03 -0500
Subject: [PATCH 261/411] chore: format using Make (#2736)

---
 .github/workflows/format.yml | 17 +++++++++++++++++
 Makefile                     |  5 +++--
 package.json                 |  6 +-----
 3 files changed, 21 insertions(+), 7 deletions(-)
 create mode 100644 .github/workflows/format.yml

diff --git a/.github/workflows/format.yml b/.github/workflows/format.yml
new file mode 100644
index 000000000000..aa4c19537fe4
--- /dev/null
+++ b/.github/workflows/format.yml
@@ -0,0 +1,17 @@
+name: Format
+
+on:
+  pull_request:
+  push:
+
+jobs:
+  format:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - uses: actions/setup-go@v3
+        with:
+          go-version: 1.18
+      - run: make format
+      - name: Indicate formatting issues
+        run: git diff HEAD --exit-code --color
diff --git a/Makefile b/Makefile
index 7d04d6f2c5c1..31dff407bef4 100644
--- a/Makefile
+++ b/Makefile
@@ -51,8 +51,9 @@ docs/swagger:
 		bash <(curl https://raw.githubusercontent.com/ory/meta/master/install.sh) -d -b .bin ory v0.1.33
 		touch -a -m .bin/ory
 
-node_modules: package.json Makefile
+node_modules: package.json
 		npm ci
+		touch node_modules
 
 .bin/golangci-lint: Makefile
 		curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -d -b .bin v1.47.3
@@ -136,7 +137,7 @@ quickstart-dev:
 .PHONY: format
 format: .bin/goimports node_modules
 		goimports -w -local github.com/ory .
-		npm run format
+		npm exec -- prettier --write 'test/e2e/**/*{.ts,.js}'
 
 # Build local docker image
 .PHONY: docker
diff --git a/package.json b/package.json
index c87c3561ee1b..45d73c43055b 100644
--- a/package.json
+++ b/package.json
@@ -1,17 +1,13 @@
 {
   "private": true,
   "scripts": {
-    "format": "prettier --write ${npm_package_config_prettierTarget}",
-    "format:check": "prettier --check ${npm_package_config_prettierTarget}",
+    "format": "",
     "openapi-generator-cli": "openapi-generator-cli",
     "test": "cypress run --browser chrome",
     "test:watch": "cypress open --browser chrome",
     "text-run": "exit 0",
     "wait-on": "wait-on"
   },
-  "config": {
-    "prettierTarget": "test/e2e/**/*{.ts,.js}"
-  },
   "prettier": "ory-prettier-styles",
   "dependencies": {
     "@openapitools/openapi-generator-cli": "^2.1.18",

From bbe44632de77cfb3d4983b68647107d914cd4c46 Mon Sep 17 00:00:00 2001
From: Ajay Kelkar 
Date: Fri, 16 Sep 2022 13:15:22 +0200
Subject: [PATCH 262/411] fix: format check stage in the CI (#2737)

---
 .github/workflows/ci.yaml    |  6 +++---
 .github/workflows/format.yml | 17 -----------------
 package-lock.json            |  3 ++-
 3 files changed, 5 insertions(+), 21 deletions(-)
 delete mode 100644 .github/workflows/format.yml

diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
index b96d74ca776b..e7b564479528 100644
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@@ -83,8 +83,8 @@ jobs:
         uses: sonatype-nexus-community/nancy-github-action@v1.0.2
       - run: npm install
         name: Install node deps
-      - name: Run prettier
-        run: npm run format:check
+      - run: make format && git diff HEAD --exit-code --color
+        name: Check formatting issues
       - name: Run golangci-lint
         uses: golangci/golangci-lint-action@v2
         env:
@@ -138,7 +138,7 @@ jobs:
       TEST_DATABASE_COCKROACHDB: 'cockroach://root@localhost:26257/defaultdb?sslmode=disable'
     strategy:
       matrix:
-        database: ['postgres', 'cockroach', 'sqlite', 'mysql']
+        database: [ 'postgres', 'cockroach', 'sqlite', 'mysql' ]
     steps:
       - run: |
           docker create --name cockroach -p 26257:26257 \
diff --git a/.github/workflows/format.yml b/.github/workflows/format.yml
deleted file mode 100644
index aa4c19537fe4..000000000000
--- a/.github/workflows/format.yml
+++ /dev/null
@@ -1,17 +0,0 @@
-name: Format
-
-on:
-  pull_request:
-  push:
-
-jobs:
-  format:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v3
-      - uses: actions/setup-go@v3
-        with:
-          go-version: 1.18
-      - run: make format
-      - name: Indicate formatting issues
-        run: git diff HEAD --exit-code --color
diff --git a/package-lock.json b/package-lock.json
index 4d6d08500f34..de6603327384 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -5737,7 +5737,8 @@
       "version": "7.5.7",
       "resolved": "https://registry.npmjs.org/ws/-/ws-7.5.7.tgz",
       "integrity": "sha512-KMvVuFzpKBuiIXW3E4u3mySRO2/mCHSyZDJQM5NQ9Q9KHWHWh0NHgfbRMLLrceUK5qAL4ytALJbpRMjixFZh8A==",
-      "dev": true
+      "dev": true,
+      "requires": {}
     },
     "y18n": {
       "version": "5.0.8",

From 1515b839f52044d6c9674d4a2df43dfeda3bb15b Mon Sep 17 00:00:00 2001
From: Kevin Goslar 
Date: Fri, 16 Sep 2022 11:52:02 -0500
Subject: [PATCH 263/411] Remove empty script (#2739)

---
 package.json | 1 -
 1 file changed, 1 deletion(-)

diff --git a/package.json b/package.json
index 45d73c43055b..e4a8e60b2627 100644
--- a/package.json
+++ b/package.json
@@ -1,7 +1,6 @@
 {
   "private": true,
   "scripts": {
-    "format": "",
     "openapi-generator-cli": "openapi-generator-cli",
     "test": "cypress run --browser chrome",
     "test:watch": "cypress open --browser chrome",

From bdc3797aa496c98cd744fd7d600e84b2c004304a Mon Sep 17 00:00:00 2001
From: ory-bot <60093411+ory-bot@users.noreply.github.com>
Date: Wed, 21 Sep 2022 09:37:53 +0000
Subject: [PATCH 264/411] autogen(docs): regenerate and update changelog

[skip ci]
---
 CHANGELOG.md | 89 ++++++++++++++++++++++++++++++++++------------------
 1 file changed, 58 insertions(+), 31 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 73b129a56973..de01cbadea53 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -5,7 +5,7 @@
 
 **Table of Contents**
 
-- [ (2022-09-11)](#2022-09-11)
+- [ (2022-09-21)](#2022-09-21)
   - [Breaking Changes](#breaking-changes)
     - [Bug Fixes](#bug-fixes)
     - [Code Refactoring](#code-refactoring)
@@ -13,6 +13,7 @@
     - [Features](#features)
     - [Reverts](#reverts)
     - [Tests](#tests)
+    - [Unclassified](#unclassified)
 - [0.10.1 (2022-06-01)](#0101-2022-06-01)
   - [Bug Fixes](#bug-fixes-1)
   - [Code Generation](#code-generation)
@@ -24,7 +25,7 @@
     - [Documentation](#documentation-1)
     - [Features](#features-1)
     - [Tests](#tests-1)
-    - [Unclassified](#unclassified)
+    - [Unclassified](#unclassified-1)
 - [0.9.0-alpha.3 (2022-03-25)](#090-alpha3-2022-03-25)
   - [Breaking Changes](#breaking-changes-2)
     - [Bug Fixes](#bug-fixes-3)
@@ -41,7 +42,7 @@
     - [Documentation](#documentation-3)
     - [Features](#features-2)
     - [Tests](#tests-2)
-    - [Unclassified](#unclassified-1)
+    - [Unclassified](#unclassified-2)
 - [0.8.2-alpha.1 (2021-12-17)](#082-alpha1-2021-12-17)
   - [Bug Fixes](#bug-fixes-6)
   - [Code Generation](#code-generation-5)
@@ -67,7 +68,7 @@
     - [Features](#features-4)
     - [Reverts](#reverts-1)
     - [Tests](#tests-4)
-    - [Unclassified](#unclassified-2)
+    - [Unclassified](#unclassified-3)
 - [0.7.6-alpha.1 (2021-09-12)](#076-alpha1-2021-09-12)
   - [Code Generation](#code-generation-10)
 - [0.7.5-alpha.1 (2021-09-11)](#075-alpha1-2021-09-11)
@@ -96,7 +97,7 @@
     - [Documentation](#documentation-10)
     - [Features](#features-7)
     - [Tests](#tests-7)
-    - [Unclassified](#unclassified-3)
+    - [Unclassified](#unclassified-4)
 - [0.6.3-alpha.1 (2021-05-17)](#063-alpha1-2021-05-17)
   - [Breaking Changes](#breaking-changes-7)
     - [Bug Fixes](#bug-fixes-14)
@@ -120,14 +121,14 @@
     - [Documentation](#documentation-12)
     - [Features](#features-10)
     - [Tests](#tests-8)
-    - [Unclassified](#unclassified-4)
+    - [Unclassified](#unclassified-5)
 - [0.5.5-alpha.1 (2020-12-09)](#055-alpha1-2020-12-09)
   - [Bug Fixes](#bug-fixes-17)
   - [Code Generation](#code-generation-21)
   - [Documentation](#documentation-13)
   - [Features](#features-11)
   - [Tests](#tests-9)
-  - [Unclassified](#unclassified-5)
+  - [Unclassified](#unclassified-6)
 - [0.5.4-alpha.1 (2020-11-11)](#054-alpha1-2020-11-11)
   - [Bug Fixes](#bug-fixes-18)
   - [Code Generation](#code-generation-22)
@@ -151,7 +152,7 @@
   - [Documentation](#documentation-17)
   - [Features](#features-14)
   - [Tests](#tests-12)
-  - [Unclassified](#unclassified-6)
+  - [Unclassified](#unclassified-7)
 - [0.5.0-alpha.1 (2020-10-15)](#050-alpha1-2020-10-15)
   - [Breaking Changes](#breaking-changes-9)
     - [Bug Fixes](#bug-fixes-22)
@@ -160,7 +161,7 @@
     - [Documentation](#documentation-18)
     - [Features](#features-15)
     - [Tests](#tests-13)
-    - [Unclassified](#unclassified-7)
+    - [Unclassified](#unclassified-8)
 - [0.4.6-alpha.1 (2020-07-13)](#046-alpha1-2020-07-13)
   - [Bug Fixes](#bug-fixes-23)
   - [Code Generation](#code-generation-27)
@@ -184,7 +185,7 @@
     - [Code Refactoring](#code-refactoring-9)
     - [Documentation](#documentation-20)
     - [Features](#features-16)
-    - [Unclassified](#unclassified-8)
+    - [Unclassified](#unclassified-9)
 - [0.3.0-alpha.1 (2020-05-15)](#030-alpha1-2020-05-15)
   - [Breaking Changes](#breaking-changes-11)
     - [Bug Fixes](#bug-fixes-29)
@@ -192,7 +193,7 @@
     - [Code Refactoring](#code-refactoring-10)
     - [Documentation](#documentation-21)
     - [Features](#features-17)
-    - [Unclassified](#unclassified-9)
+    - [Unclassified](#unclassified-10)
 - [0.2.1-alpha.1 (2020-05-05)](#021-alpha1-2020-05-05)
   - [Chores](#chores-1)
   - [Documentation](#documentation-22)
@@ -203,7 +204,7 @@
     - [Code Refactoring](#code-refactoring-11)
     - [Documentation](#documentation-23)
     - [Features](#features-18)
-    - [Unclassified](#unclassified-10)
+    - [Unclassified](#unclassified-11)
 - [0.1.1-alpha.1 (2020-02-18)](#011-alpha1-2020-02-18)
   - [Bug Fixes](#bug-fixes-31)
   - [Code Refactoring](#code-refactoring-12)
@@ -225,47 +226,47 @@
   - [Bug Fixes](#bug-fixes-33)
   - [Documentation](#documentation-28)
   - [Features](#features-21)
-  - [Unclassified](#unclassified-11)
+  - [Unclassified](#unclassified-12)
 - [0.1.0-alpha.1 (2020-01-31)](#010-alpha1-2020-01-31)
   - [Documentation](#documentation-29)
 - [0.0.3-alpha.15 (2020-01-31)](#003-alpha15-2020-01-31)
-  - [Unclassified](#unclassified-12)
-- [0.0.3-alpha.14 (2020-01-31)](#003-alpha14-2020-01-31)
   - [Unclassified](#unclassified-13)
-- [0.0.3-alpha.13 (2020-01-31)](#003-alpha13-2020-01-31)
+- [0.0.3-alpha.14 (2020-01-31)](#003-alpha14-2020-01-31)
   - [Unclassified](#unclassified-14)
-- [0.0.3-alpha.11 (2020-01-31)](#003-alpha11-2020-01-31)
+- [0.0.3-alpha.13 (2020-01-31)](#003-alpha13-2020-01-31)
   - [Unclassified](#unclassified-15)
-- [0.0.3-alpha.10 (2020-01-31)](#003-alpha10-2020-01-31)
+- [0.0.3-alpha.11 (2020-01-31)](#003-alpha11-2020-01-31)
   - [Unclassified](#unclassified-16)
-- [0.0.3-alpha.7 (2020-01-30)](#003-alpha7-2020-01-30)
+- [0.0.3-alpha.10 (2020-01-31)](#003-alpha10-2020-01-31)
   - [Unclassified](#unclassified-17)
+- [0.0.3-alpha.7 (2020-01-30)](#003-alpha7-2020-01-30)
+  - [Unclassified](#unclassified-18)
 - [0.0.3-alpha.5 (2020-01-30)](#003-alpha5-2020-01-30)
   - [Continuous Integration](#continuous-integration-2)
-  - [Unclassified](#unclassified-18)
-- [0.0.3-alpha.4 (2020-01-30)](#003-alpha4-2020-01-30)
   - [Unclassified](#unclassified-19)
-- [0.0.3-alpha.2 (2020-01-30)](#003-alpha2-2020-01-30)
+- [0.0.3-alpha.4 (2020-01-30)](#003-alpha4-2020-01-30)
   - [Unclassified](#unclassified-20)
-- [0.0.3-alpha.1 (2020-01-30)](#003-alpha1-2020-01-30)
+- [0.0.3-alpha.2 (2020-01-30)](#003-alpha2-2020-01-30)
   - [Unclassified](#unclassified-21)
+- [0.0.3-alpha.1 (2020-01-30)](#003-alpha1-2020-01-30)
+  - [Unclassified](#unclassified-22)
 - [0.0.1-alpha.9 (2020-01-29)](#001-alpha9-2020-01-29)
   - [Continuous Integration](#continuous-integration-3)
 - [0.0.2-alpha.1 (2020-01-29)](#002-alpha1-2020-01-29)
-  - [Unclassified](#unclassified-22)
+  - [Unclassified](#unclassified-23)
 - [0.0.1-alpha.6 (2020-01-29)](#001-alpha6-2020-01-29)
   - [Continuous Integration](#continuous-integration-4)
 - [0.0.1-alpha.5 (2020-01-29)](#001-alpha5-2020-01-29)
   - [Continuous Integration](#continuous-integration-5)
-  - [Unclassified](#unclassified-23)
+  - [Unclassified](#unclassified-24)
 - [0.0.1-alpha.3 (2020-01-28)](#001-alpha3-2020-01-28)
   - [Continuous Integration](#continuous-integration-6)
   - [Documentation](#documentation-30)
-  - [Unclassified](#unclassified-24)
+  - [Unclassified](#unclassified-25)
 
 
 
-# [](https://github.com/ory/kratos/compare/v0.10.1...v) (2022-09-11)
+# [](https://github.com/ory/kratos/compare/v0.10.1...v) (2022-09-21)
 
 ## Breaking Changes
 
@@ -303,6 +304,9 @@ SDK Method `getJsonSchema` was renamed to `getIdentitySchema`.
 
   See https://github.com/ory-corp/cloud/issues/2691
 
+- Check return code of ms graphapi /me request.
+  ([#2647](https://github.com/ory/kratos/issues/2647))
+  ([3f490a3](https://github.com/ory/kratos/commit/3f490a31cddc53ce5d9958454f41c352580904c9))
 - **cli:** Dry up code ([#2572](https://github.com/ory/kratos/issues/2572))
   ([d1b6b40](https://github.com/ory/kratos/commit/d1b6b40aa9dcc7a3ec9237eec28c4fa55f0b8627))
 - Debugging Docker setup ([#2616](https://github.com/ory/kratos/issues/2616))
@@ -324,6 +328,9 @@ SDK Method `getJsonSchema` was renamed to `getIdentitySchema`.
   ([43fcc51](https://github.com/ory/kratos/commit/43fcc51b9bf6996fc4f7b0ef797189eb8f3978dc))
 - Format
   ([0934def](https://github.com/ory/kratos/commit/0934defff7a0d56e712af98c1cec87c60b3c934b))
+- Format check stage in the CI
+  ([#2737](https://github.com/ory/kratos/issues/2737))
+  ([bbe4463](https://github.com/ory/kratos/commit/bbe44632de77cfb3d4983b68647107d914cd4c46))
 - Gosec false positives
   ([e3e7ed0](https://github.com/ory/kratos/commit/e3e7ed08f5ce47fc794bd5c093018cee51baf689))
 - **identity:** Migrate identity_addresses to lower case
@@ -382,6 +389,8 @@ SDK Method `getJsonSchema` was renamed to `getIdentitySchema`.
   closes [#2562](https://github.com/ory/kratos/issues/2562)
 - Remove jackc rewrites ([#2634](https://github.com/ory/kratos/issues/2634))
   ([fe00c5b](https://github.com/ory/kratos/commit/fe00c5be72b0cdcc8d462a97aa04c413f758e8e3))
+- Remove jsonnet import support
+  ([d708c81](https://github.com/ory/kratos/commit/d708c81abbec424e4376a68140e5008bdba4eaaf))
 - Remove newline sign from email subject
   ([#2576](https://github.com/ory/kratos/issues/2576))
   ([ca3d9c2](https://github.com/ory/kratos/commit/ca3d9c24e25ce501e9eae23547f87e1c35b2ea97))
@@ -453,6 +462,12 @@ SDK Method `getJsonSchema` was renamed to `getIdentitySchema`.
 
 ### Features
 
+- Add api endpoint to fetch messages
+  ([#2651](https://github.com/ory/kratos/issues/2651))
+  ([5fddcbf](https://github.com/ory/kratos/commit/5fddcbf6554264766301e63ed3889ba746f0cd1a)):
+
+  Closes https://github.com/ory/kratos/issues/2639
+
 - Add autocomplete attributes
   ([#2523](https://github.com/ory/kratos/issues/2523))
   ([6284a9a](https://github.com/ory/kratos/commit/6284a9a5152924018d85f306e5758e9d8d759283)),
@@ -469,6 +484,12 @@ SDK Method `getJsonSchema` was renamed to `getIdentitySchema`.
   ([f09b1b3](https://github.com/ory/kratos/commit/f09b1b3701c6deda4d25cebb7ccf2e97089be32a))
 - Add missing config entry
   ([8fe9de6](https://github.com/ory/kratos/commit/8fe9de6d60a381611e07226614241a83b0010126))
+- Add missing cookie headers to SDK methods
+  ([#2720](https://github.com/ory/kratos/issues/2720))
+  ([32e32d1](https://github.com/ory/kratos/commit/32e32d1b98404ac14a44b2f0ccefa8c02d38c5f7)):
+
+  See https://github.com/ory/kratos/discussions/2583
+
 - Add PATCH to adminUpdateIdentity
   ([#2380](https://github.com/ory/kratos/issues/2380))
   ([#2471](https://github.com/ory/kratos/issues/2471))
@@ -547,6 +568,12 @@ SDK Method `getJsonSchema` was renamed to `getIdentitySchema`.
 - Try and recover from allocated port error
   ([3b5ac5f](https://github.com/ory/kratos/commit/3b5ac5ff03b653191c1979fe1e4e9a4ea3ed7d36))
 
+### Unclassified
+
+- Remove empty script (#2739)
+  ([1515b83](https://github.com/ory/kratos/commit/1515b839f52044d6c9674d4a2df43dfeda3bb15b)),
+  closes [#2739](https://github.com/ory/kratos/issues/2739)
+
 # [0.10.1](https://github.com/ory/kratos/compare/v0.10.0...v0.10.1) (2022-06-01)
 
 Re-release the SDK.
@@ -3449,15 +3476,15 @@ We also streamlined how credentials are used. We now differentiate between:
   const kratos = new V0Alpha0(
     new Configuration({
       basePath: config.kratos.admin,
-      accessToken: 'some-token'
-    })
+      accessToken: "some-token",
+    }),
   )
 
   kratosAdmin.adminCreateIdentity({
-    schema_id: 'default',
+    schema_id: "default",
     traits: {
       /* ... */
-    }
+    },
   })
   ```
 

From b024e09efadb565e596eadb60e2df43707a6f7ea Mon Sep 17 00:00:00 2001
From: aeneasr <3372410+aeneasr@users.noreply.github.com>
Date: Thu, 22 Sep 2022 12:38:40 +0000
Subject: [PATCH 265/411] chore: update repository templates to
 https://github.com/ory/meta/commit/935cc0443464fd76fbf41dff1081b368080c9353

---
 .github/workflows/ci.yaml |  2 +-
 CHANGELOG.md              |  8 ++++----
 CONTRIBUTING.md           | 12 +++---------
 package-lock.json         |  3 +--
 4 files changed, 9 insertions(+), 16 deletions(-)

diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
index e7b564479528..fd42a7c5c26f 100644
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@@ -138,7 +138,7 @@ jobs:
       TEST_DATABASE_COCKROACHDB: 'cockroach://root@localhost:26257/defaultdb?sslmode=disable'
     strategy:
       matrix:
-        database: [ 'postgres', 'cockroach', 'sqlite', 'mysql' ]
+        database: ['postgres', 'cockroach', 'sqlite', 'mysql']
     steps:
       - run: |
           docker create --name cockroach -p 26257:26257 \
diff --git a/CHANGELOG.md b/CHANGELOG.md
index de01cbadea53..6346d5bae7ef 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -3476,15 +3476,15 @@ We also streamlined how credentials are used. We now differentiate between:
   const kratos = new V0Alpha0(
     new Configuration({
       basePath: config.kratos.admin,
-      accessToken: "some-token",
-    }),
+      accessToken: 'some-token'
+    })
   )
 
   kratosAdmin.adminCreateIdentity({
-    schema_id: "default",
+    schema_id: 'default',
     traits: {
       /* ... */
-    },
+    }
   })
   ```
 
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index 17fb09f446b2..cdc002848624 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -176,11 +176,9 @@ request, go through this checklist:
    changes against the `master` branch.
 1. Run the full project test suite with the `go test -tags sqlite ./...` (or
    equivalent) command and confirm that it passes.
-1. Run `make format` if a `Makefile` is available, `gofmt -s` if the project is
-   written in Go, `npm run format` if the project is written for NodeJS.
+1. Run `make format`
 1. Add a descriptive prefix to commits. This ensures a uniform commit history
-   and helps structure the changelog.  
-   Please refer to this
+   and helps structure the changelog. Please refer to this
    [list of prefixes for Kratos](https://github.com/ory/kratos/blob/master/.github/semantic.yml)
    for an overview.
 
@@ -232,11 +230,7 @@ Please disclose vulnerabilities exclusively to
 
 ## Code style
 
-Please follow these guidelines when formatting source code:
-
-- Go code should match the output of `gofmt -s` and pass `golangci-lint run`.
-- NodeJS and JavaScript code should be prettified using `npm run format` where
-  appropriate.
+Please run `make format` to format all source code following the Ory standard.
 
 ### Working with forks
 
diff --git a/package-lock.json b/package-lock.json
index de6603327384..4d6d08500f34 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -5737,8 +5737,7 @@
       "version": "7.5.7",
       "resolved": "https://registry.npmjs.org/ws/-/ws-7.5.7.tgz",
       "integrity": "sha512-KMvVuFzpKBuiIXW3E4u3mySRO2/mCHSyZDJQM5NQ9Q9KHWHWh0NHgfbRMLLrceUK5qAL4ytALJbpRMjixFZh8A==",
-      "dev": true,
-      "requires": {}
+      "dev": true
     },
     "y18n": {
       "version": "5.0.8",

From 62261773e2db1e990973fd3a9c633ccb97120b2b Mon Sep 17 00:00:00 2001
From: Kevin Goslar 
Date: Thu, 22 Sep 2022 18:02:35 -0500
Subject: [PATCH 266/411] chore: update ory-prettier-styles (#2749)

---
 .github/codeql/codeql-config.yml              |   6 +-
 .github/config.yml                            |   2 +-
 .github/workflows/ci.yaml                     |  30 +-
 .github/workflows/closed_references.yml       |   6 +-
 .github/workflows/codeql-analysis.yml         |   6 +-
 .github/workflows/cve-scan.yaml               |  14 +-
 .github/workflows/milestone.yml               |   6 +-
 .github/workflows/stale.yml                   |  10 +-
 .prettierignore                               |   1 +
 Makefile                                      |   1 +
 internal/httpclient/api_metadata.go           |  26 +-
 internal/httpclient/api_v0alpha2.go           | 315 ++++-----
 package-lock.json                             |  19 +-
 package.json                                  |   4 +-
 test/e2e/cypress.config.ts                    |  38 +-
 test/e2e/cypress/helpers/express.ts           |  12 +-
 test/e2e/cypress/helpers/index.ts             |  42 +-
 test/e2e/cypress/helpers/react.ts             |  12 +-
 .../profiles/email/error/ui.spec.ts           |  26 +-
 .../profiles/email/login/error.spec.ts        |  62 +-
 .../profiles/email/login/success.spec.ts      |  60 +-
 .../profiles/email/login/ui.spec.ts           |  34 +-
 .../profiles/email/logout/success.spec.ts     |  30 +-
 .../email/registration/errors.spec.ts         | 130 ++--
 .../email/registration/success.spec.ts        |  70 +-
 .../profiles/email/registration/ui.spec.ts    |  36 +-
 .../profiles/email/settings/errors.spec.ts    | 116 ++--
 .../profiles/email/settings/success.spec.ts   | 102 +--
 .../profiles/email/settings/ui.spec.ts        |  38 +-
 .../profiles/import/import.spec.ts            |  88 +--
 .../integration/profiles/mfa/lookup.spec.ts   | 154 ++---
 .../integration/profiles/mfa/mix.spec.ts      | 134 ++--
 .../integration/profiles/mfa/settings.spec.ts |  48 +-
 .../integration/profiles/mfa/totp.spec.ts     | 154 ++---
 .../integration/profiles/mfa/webauthn.spec.ts | 224 +++----
 .../profiles/mobile/login/errors.spec.ts      |  36 +-
 .../profiles/mobile/login/success.spec.ts     |  18 +-
 .../profiles/mobile/mfa/backup.spec.ts        |  70 +-
 .../profiles/mobile/mfa/mix.spec.ts           |  36 +-
 .../profiles/mobile/mfa/totp.spec.ts          |  56 +-
 .../mobile/registration/errors.spec.ts        |  64 +-
 .../mobile/registration/success.spec.ts       |  16 +-
 .../profiles/mobile/settings/errors.spec.ts   |  32 +-
 .../profiles/mobile/settings/success.spec.ts  |  68 +-
 .../profiles/network/errors.spec.ts           |  52 +-
 .../profiles/oidc/login/error.spec.ts         |  74 +--
 .../profiles/oidc/login/success.spec.ts       |  30 +-
 .../profiles/oidc/logout/success.spec.ts      |  22 +-
 .../profiles/oidc/registration/error.spec.ts  |  58 +-
 .../oidc/registration/success.spec.ts         | 112 ++--
 .../profiles/oidc/settings/error.spec.ts      |  32 +-
 .../profiles/oidc/settings/success.spec.ts    | 100 +--
 .../profiles/passwordless/flows.spec.ts       | 190 +++---
 .../profiles/recovery/recovery/errors.spec.ts | 102 +--
 .../recovery/recovery/success.spec.ts         |  52 +-
 .../recovery/settings/success.spec.ts         |  24 +-
 .../verification/login/errors.spec.ts         |  22 +-
 .../verification/login/success.spec.ts        |  22 +-
 .../verification/registration/errors.spec.ts  |  42 +-
 .../verification/registration/success.spec.ts |  36 +-
 .../verification/settings/error.spec.ts       |  36 +-
 .../verification/settings/success.spec.ts     |  28 +-
 .../verification/verify/errors.spec.ts        |  66 +-
 .../verification/verify/success.spec.ts       |  57 +-
 .../profiles/webhoooks/login/error.spec.ts    |  18 +-
 .../profiles/webhoooks/login/success.spec.ts  |  20 +-
 .../webhoooks/registration/errors.spec.ts     |  22 +-
 .../webhoooks/registration/success.spec.ts    |  20 +-
 test/e2e/cypress/plugins/index.js             |   8 +-
 test/e2e/cypress/support/commands.ts          | 628 +++++++++---------
 test/e2e/cypress/support/index.d.ts           |  16 +-
 test/e2e/cypress/support/index.js             |   2 +-
 test/e2e/proxy/proxy.js                       |  28 +-
 73 files changed, 2197 insertions(+), 2174 deletions(-)

diff --git a/.github/codeql/codeql-config.yml b/.github/codeql/codeql-config.yml
index 150e308daa68..44de096b978b 100644
--- a/.github/codeql/codeql-config.yml
+++ b/.github/codeql/codeql-config.yml
@@ -1,8 +1,8 @@
-name: 'CodeQL config'
+name: "CodeQL config"
 
 queries:
   - uses: security-and-quality
 
 paths-ignore:
-  - '/test/'
-  - '/internal/testhelpers'
+  - "/test/"
+  - "/internal/testhelpers"
diff --git a/.github/config.yml b/.github/config.yml
index 0d121fe184f9..ea335697979b 100644
--- a/.github/config.yml
+++ b/.github/config.yml
@@ -1,3 +1,3 @@
 todo:
-  keyword: '@todo'
+  keyword: "@todo"
   label: todo
diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
index fd42a7c5c26f..b1e98fc98d4b 100644
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@@ -4,7 +4,7 @@ on:
     branches:
       - master
     tags:
-      - '*'
+      - "*"
   pull_request:
 
 # Cancel in-progress runs in current workflow.
@@ -42,14 +42,14 @@ jobs:
         ports:
           - 3306:3306
     env:
-      TEST_MAILHOG_SMTP: 'smtp://test:test@127.0.0.1:1025/?disable_starttls=true'
+      TEST_MAILHOG_SMTP: "smtp://test:test@127.0.0.1:1025/?disable_starttls=true"
       TEST_MAILHOG_API: http://127.0.0.1:8025
       TEST_SELFSERVICE_OIDC_HYDRA_ADMIN: http://localhost:4445
       TEST_SELFSERVICE_OIDC_HYDRA_PUBLIC: http://localhost:4444
       TEST_SELFSERVICE_OIDC_HYDRA_INTEGRATION_ADDR: http://127.0.0.1:4499
-      TEST_DATABASE_POSTGRESQL: 'postgres://test:test@localhost:5432/postgres?sslmode=disable'
-      TEST_DATABASE_MYSQL: 'mysql://root:test@(localhost:3306)/mysql?parseTime=true&multiStatements=true'
-      TEST_DATABASE_COCKROACHDB: 'cockroach://root@localhost:26257/defaultdb?sslmode=disable'
+      TEST_DATABASE_POSTGRESQL: "postgres://test:test@localhost:5432/postgres?sslmode=disable"
+      TEST_DATABASE_MYSQL: "mysql://root:test@(localhost:3306)/mysql?parseTime=true&multiStatements=true"
+      TEST_DATABASE_COCKROACHDB: "cockroach://root@localhost:26257/defaultdb?sslmode=disable"
     steps:
       - run: |
           docker create --name cockroach -p 26257:26257 \
@@ -77,7 +77,7 @@ jobs:
           fetch-depth: 2
       - uses: actions/setup-go@v2
         with:
-          go-version: '~1.18'
+          go-version: "~1.18"
       - run: go list -json > go.list
       - name: Run nancy
         uses: sonatype-nexus-community/nancy-github-action@v1.0.2
@@ -133,12 +133,12 @@ jobs:
           - 4437:4437
           - 1025:1025
     env:
-      TEST_DATABASE_POSTGRESQL: 'postgres://test:test@localhost:5432/postgres?sslmode=disable'
-      TEST_DATABASE_MYSQL: 'mysql://root:test@(localhost:3306)/mysql?parseTime=true&multiStatements=true'
-      TEST_DATABASE_COCKROACHDB: 'cockroach://root@localhost:26257/defaultdb?sslmode=disable'
+      TEST_DATABASE_POSTGRESQL: "postgres://test:test@localhost:5432/postgres?sslmode=disable"
+      TEST_DATABASE_MYSQL: "mysql://root:test@(localhost:3306)/mysql?parseTime=true&multiStatements=true"
+      TEST_DATABASE_COCKROACHDB: "cockroach://root@localhost:26257/defaultdb?sslmode=disable"
     strategy:
       matrix:
-        database: ['postgres', 'cockroach', 'sqlite', 'mysql']
+        database: ["postgres", "cockroach", "sqlite", "mysql"]
     steps:
       - run: |
           docker create --name cockroach -p 26257:26257 \
@@ -162,7 +162,7 @@ jobs:
       - name: Setup Go
         uses: actions/setup-go@v2
         with:
-          go-version: '~1.18'
+          go-version: "~1.18"
       - name: Install selfservice-ui-react-native
         uses: actions/checkout@v2
         with:
@@ -202,7 +202,7 @@ jobs:
       - uses: ory/ci/docs/cli-next@master
         with:
           token: ${{ secrets.ORY_BOT_PAT }}
-          arg: '.'
+          arg: "."
           output-dir: docs/kratos
 
   changelog:
@@ -230,7 +230,7 @@ jobs:
       - uses: ory/ci/sdk/release@master
         with:
           token: ${{ secrets.ORY_BOT_PAT }}
-          swag-spec-location: 'spec/api.json'
+          swag-spec-location: "spec/api.json"
 
   release:
     name: Generate release
@@ -273,7 +273,7 @@ jobs:
           mailchimp_list_id: f605a41b53
           mailchmip_segment_id: 6479477
           mailchimp_api_key: ${{ secrets.MAILCHIMP_API_KEY }}
-          draft: 'true'
+          draft: "true"
           ssh_key: ${{ secrets.ORY_BOT_SSH_KEY }}
 
   slack-approval-notification:
@@ -300,5 +300,5 @@ jobs:
           mailchimp_list_id: f605a41b53
           mailchmip_segment_id: 6479477
           mailchimp_api_key: ${{ secrets.MAILCHIMP_API_KEY }}
-          draft: 'false'
+          draft: "false"
           ssh_key: ${{ secrets.ORY_BOT_SSH_KEY }}
diff --git a/.github/workflows/closed_references.yml b/.github/workflows/closed_references.yml
index ebafc8a71af4..2789ac42c2c7 100644
--- a/.github/workflows/closed_references.yml
+++ b/.github/workflows/closed_references.yml
@@ -2,13 +2,13 @@ name: Closed Reference Notifier
 
 on:
   schedule:
-    - cron: '0 0 * * *'
+    - cron: "0 0 * * *"
   workflow_dispatch:
     inputs:
       issueLimit:
         description: Max. number of issues to create
         required: true
-        default: '5'
+        default: "5"
 
 jobs:
   find_closed_references:
@@ -19,7 +19,7 @@ jobs:
       - uses: actions/checkout@v2
       - uses: actions/setup-node@v2-beta
         with:
-          node-version: '14'
+          node-version: "14"
       - uses: ory/closed-reference-notifier@v1
         with:
           token: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
index 5748d218807d..a4d098e9826a 100644
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -9,7 +9,7 @@
 # the `language` matrix defined below to confirm you have the correct set of
 # supported CodeQL languages.
 #
-name: 'CodeQL'
+name: "CodeQL"
 
 on:
   push:
@@ -18,7 +18,7 @@ on:
     # The branches below must be a subset of the branches above
     branches: [master]
   schedule:
-    - cron: '26 21 * * 3'
+    - cron: "26 21 * * 3"
 
 jobs:
   analyze:
@@ -28,7 +28,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        language: ['go', 'javascript']
+        language: ["go", "javascript"]
         # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python' ]
         # Learn more:
         # https://docs.github.com/en/free-pro-team@latest/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#changing-the-languages-that-are-analyzed
diff --git a/.github/workflows/cve-scan.yaml b/.github/workflows/cve-scan.yaml
index b6f169ebc6b4..91cee707752e 100644
--- a/.github/workflows/cve-scan.yaml
+++ b/.github/workflows/cve-scan.yaml
@@ -2,12 +2,12 @@ name: Docker Image Scanners
 on:
   push:
     branches:
-      - 'master'
+      - "master"
     tags:
-      - 'v*.*.*'
+      - "v*.*.*"
   pull_request:
     branches:
-      - 'master'
+      - "master"
 
 jobs:
   scanners:
@@ -50,11 +50,11 @@ jobs:
         if: ${{ always() }}
         with:
           image-ref: oryd/kratos:${{ steps.vars.outputs.sha_short }}
-          format: 'table'
-          exit-code: '42'
+          format: "table"
+          exit-code: "42"
           ignore-unfixed: true
-          vuln-type: 'os,library'
-          severity: 'CRITICAL,HIGH'
+          vuln-type: "os,library"
+          severity: "CRITICAL,HIGH"
       - name: Dockle Linter
         uses: erzz/dockle-action@v1.3.1
         if: ${{ always() }}
diff --git a/.github/workflows/milestone.yml b/.github/workflows/milestone.yml
index b4a30699f010..fb47e4a78f0f 100644
--- a/.github/workflows/milestone.yml
+++ b/.github/workflows/milestone.yml
@@ -3,7 +3,7 @@ name: Generate and Publish Milestone Document
 on:
   workflow_dispatch:
   schedule:
-    - cron: '0 0 * * *'
+    - cron: "0 0 * * *"
 
 jobs:
   milestone:
@@ -23,8 +23,8 @@ jobs:
       - name: Commit Milestone Documentation
         uses: EndBug/add-and-commit@v4.4.0
         with:
-          message: 'autogen(docs): update milestone document'
+          message: "autogen(docs): update milestone document"
           author_name: aeneasr
-          author_email: '3372410+aeneasr@users.noreply.github.com'
+          author_email: "3372410+aeneasr@users.noreply.github.com"
         env:
           GITHUB_TOKEN: ${{ secrets.TOKEN_PRIVILEGED }}
diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml
index 395cb69206da..eb36db174bba 100644
--- a/.github/workflows/stale.yml
+++ b/.github/workflows/stale.yml
@@ -1,8 +1,8 @@
-name: 'Close Stale Issues'
+name: "Close Stale Issues"
 on:
   workflow_dispatch:
   schedule:
-    - cron: '0 0 * * *'
+    - cron: "0 0 * * *"
 
 jobs:
   stale:
@@ -35,10 +35,10 @@ jobs:
             Thank you for your understanding and to anyone who participated in the conversation! And as written above, please do participate in the conversation if this topic is important to you!
 
             Thank you 🙏✌️
-          stale-issue-label: 'stale'
-          exempt-issue-labels: 'bug,blocking,docs,backlog'
+          stale-issue-label: "stale"
+          exempt-issue-labels: "bug,blocking,docs,backlog"
           days-before-stale: 365
           days-before-close: 30
           exempt-milestones: true
           exempt-assignees: true
-          only-pr-labels: 'stale'
+          only-pr-labels: "stale"
diff --git a/.prettierignore b/.prettierignore
index 7ecf7b391740..f17dca413604 100644
--- a/.prettierignore
+++ b/.prettierignore
@@ -1 +1,2 @@
 .schema/
+.github/ISSUE_TEMPLATE
diff --git a/Makefile b/Makefile
index 31dff407bef4..b2e009ef6c3a 100644
--- a/Makefile
+++ b/Makefile
@@ -138,6 +138,7 @@ quickstart-dev:
 format: .bin/goimports node_modules
 		goimports -w -local github.com/ory .
 		npm exec -- prettier --write 'test/e2e/**/*{.ts,.js}'
+		npm exec -- prettier --write '.github'
 
 # Build local docker image
 .PHONY: docker
diff --git a/internal/httpclient/api_metadata.go b/internal/httpclient/api_metadata.go
index a63febb073aa..eec994165b53 100644
--- a/internal/httpclient/api_metadata.go
+++ b/internal/httpclient/api_metadata.go
@@ -102,16 +102,16 @@ func (r MetadataApiApiGetVersionRequest) Execute() (*InlineResponse2001, *http.R
 }
 
 /*
- * GetVersion Return Running Software Version.
- * This endpoint returns the version of Ory Kratos.
+  - GetVersion Return Running Software Version.
+  - This endpoint returns the version of Ory Kratos.
 
 If the service supports TLS Edge Termination, this endpoint does not require the
 `X-Forwarded-Proto` header to be set.
 
 Be aware that if you are running multiple nodes of this service, the version will never
 refer to the cluster state, only to a single instance.
- * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
- * @return MetadataApiApiGetVersionRequest
+  - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+  - @return MetadataApiApiGetVersionRequest
 */
 func (a *MetadataApiService) GetVersion(ctx context.Context) MetadataApiApiGetVersionRequest {
 	return MetadataApiApiGetVersionRequest{
@@ -209,8 +209,9 @@ func (r MetadataApiApiIsAliveRequest) Execute() (*InlineResponse200, *http.Respo
 }
 
 /*
- * IsAlive Check HTTP Server Status
- * This endpoint returns a HTTP 200 status code when Ory Kratos is accepting incoming
+  - IsAlive Check HTTP Server Status
+  - This endpoint returns a HTTP 200 status code when Ory Kratos is accepting incoming
+
 HTTP requests. This status does currently not include checks whether the database connection is working.
 
 If the service supports TLS Edge Termination, this endpoint does not require the
@@ -218,8 +219,8 @@ If the service supports TLS Edge Termination, this endpoint does not require the
 
 Be aware that if you are running multiple nodes of this service, the health status will never
 refer to the cluster state, only to a single instance.
- * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
- * @return MetadataApiApiIsAliveRequest
+  - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+  - @return MetadataApiApiIsAliveRequest
 */
 func (a *MetadataApiService) IsAlive(ctx context.Context) MetadataApiApiIsAliveRequest {
 	return MetadataApiApiIsAliveRequest{
@@ -326,8 +327,9 @@ func (r MetadataApiApiIsReadyRequest) Execute() (*InlineResponse200, *http.Respo
 }
 
 /*
- * IsReady Check HTTP Server and Database Status
- * This endpoint returns a HTTP 200 status code when Ory Kratos is up running and the environment dependencies (e.g.
+  - IsReady Check HTTP Server and Database Status
+  - This endpoint returns a HTTP 200 status code when Ory Kratos is up running and the environment dependencies (e.g.
+
 the database) are responsive as well.
 
 If the service supports TLS Edge Termination, this endpoint does not require the
@@ -335,8 +337,8 @@ If the service supports TLS Edge Termination, this endpoint does not require the
 
 Be aware that if you are running multiple nodes of Ory Kratos, the health status will never
 refer to the cluster state, only to a single instance.
- * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
- * @return MetadataApiApiIsReadyRequest
+  - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+  - @return MetadataApiApiIsReadyRequest
 */
 func (a *MetadataApiService) IsReady(ctx context.Context) MetadataApiApiIsReadyRequest {
 	return MetadataApiApiIsReadyRequest{
diff --git a/internal/httpclient/api_v0alpha2.go b/internal/httpclient/api_v0alpha2.go
index 9a364f251342..28ee4d1f4359 100644
--- a/internal/httpclient/api_v0alpha2.go
+++ b/internal/httpclient/api_v0alpha2.go
@@ -1292,11 +1292,12 @@ func (r V0alpha2ApiApiAdminCreateSelfServiceRecoveryLinkRequest) Execute() (*Sel
 }
 
 /*
- * AdminCreateSelfServiceRecoveryLink # Create a Recovery Link
- * This endpoint creates a recovery link which should be given to the user in order for them to recover
+  - AdminCreateSelfServiceRecoveryLink # Create a Recovery Link
+  - This endpoint creates a recovery link which should be given to the user in order for them to recover
+
 (or activate) their account.
- * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
- * @return V0alpha2ApiApiAdminCreateSelfServiceRecoveryLinkRequest
+  - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+  - @return V0alpha2ApiApiAdminCreateSelfServiceRecoveryLinkRequest
 */
 func (a *V0alpha2ApiService) AdminCreateSelfServiceRecoveryLink(ctx context.Context) V0alpha2ApiApiAdminCreateSelfServiceRecoveryLinkRequest {
 	return V0alpha2ApiApiAdminCreateSelfServiceRecoveryLinkRequest{
@@ -1426,15 +1427,16 @@ func (r V0alpha2ApiApiAdminDeleteIdentityRequest) Execute() (*http.Response, err
 }
 
 /*
- * AdminDeleteIdentity # Delete an Identity
- * Calling this endpoint irrecoverably and permanently deletes the identity given its ID. This action can not be undone.
+  - AdminDeleteIdentity # Delete an Identity
+  - Calling this endpoint irrecoverably and permanently deletes the identity given its ID. This action can not be undone.
+
 This endpoint returns 204 when the identity was deleted or when the identity was not found, in which case it is
 assumed that is has been deleted already.
 
 Learn how identities work in [Ory Kratos' User And Identity Model Documentation](https://www.ory.sh/docs/next/kratos/concepts/identity-user-model).
- * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
- * @param id ID is the identity's ID.
- * @return V0alpha2ApiApiAdminDeleteIdentityRequest
+  - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+  - @param id ID is the identity's ID.
+  - @return V0alpha2ApiApiAdminDeleteIdentityRequest
 */
 func (a *V0alpha2ApiService) AdminDeleteIdentity(ctx context.Context, id string) V0alpha2ApiApiAdminDeleteIdentityRequest {
 	return V0alpha2ApiApiAdminDeleteIdentityRequest{
@@ -1557,13 +1559,13 @@ func (r V0alpha2ApiApiAdminDeleteIdentitySessionsRequest) Execute() (*http.Respo
 }
 
 /*
- * AdminDeleteIdentitySessions Calling this endpoint irrecoverably and permanently deletes and invalidates all sessions that belong to the given Identity.
- * This endpoint is useful for:
+  - AdminDeleteIdentitySessions Calling this endpoint irrecoverably and permanently deletes and invalidates all sessions that belong to the given Identity.
+  - This endpoint is useful for:
 
 To forcefully logout Identity from all devices and sessions
- * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
- * @param id ID is the identity's ID.
- * @return V0alpha2ApiApiAdminDeleteIdentitySessionsRequest
+  - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+  - @param id ID is the identity's ID.
+  - @return V0alpha2ApiApiAdminDeleteIdentitySessionsRequest
 */
 func (a *V0alpha2ApiService) AdminDeleteIdentitySessions(ctx context.Context, id string) V0alpha2ApiApiAdminDeleteIdentitySessionsRequest {
 	return V0alpha2ApiApiAdminDeleteIdentitySessionsRequest{
@@ -2172,12 +2174,12 @@ func (r V0alpha2ApiApiAdminListIdentitiesRequest) Execute() ([]Identity, *http.R
 }
 
 /*
- * AdminListIdentities # List Identities
- * Lists all identities. Does not support search at the moment.
+  - AdminListIdentities # List Identities
+  - Lists all identities. Does not support search at the moment.
 
 Learn how identities work in [Ory Kratos' User And Identity Model Documentation](https://www.ory.sh/docs/next/kratos/concepts/identity-user-model).
- * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
- * @return V0alpha2ApiApiAdminListIdentitiesRequest
+  - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+  - @return V0alpha2ApiApiAdminListIdentitiesRequest
 */
 func (a *V0alpha2ApiService) AdminListIdentities(ctx context.Context) V0alpha2ApiApiAdminListIdentitiesRequest {
 	return V0alpha2ApiApiAdminListIdentitiesRequest{
@@ -2321,13 +2323,13 @@ func (r V0alpha2ApiApiAdminListIdentitySessionsRequest) Execute() ([]Session, *h
 }
 
 /*
- * AdminListIdentitySessions This endpoint returns all sessions that belong to the given Identity.
- * This endpoint is useful for:
+  - AdminListIdentitySessions This endpoint returns all sessions that belong to the given Identity.
+  - This endpoint is useful for:
 
 Listing all sessions that belong to an Identity in an administrative context.
- * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
- * @param id ID is the identity's ID.
- * @return V0alpha2ApiApiAdminListIdentitySessionsRequest
+  - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+  - @param id ID is the identity's ID.
+  - @return V0alpha2ApiApiAdminListIdentitySessionsRequest
 */
 func (a *V0alpha2ApiService) AdminListIdentitySessions(ctx context.Context, id string) V0alpha2ApiApiAdminListIdentitySessionsRequest {
 	return V0alpha2ApiApiAdminListIdentitySessionsRequest{
@@ -2496,13 +2498,13 @@ func (r V0alpha2ApiApiAdminPatchIdentityRequest) Execute() (*Identity, *http.Res
 }
 
 /*
- * AdminPatchIdentity Partially updates an Identity's field using [JSON Patch](https://jsonpatch.com/)
- * NOTE: The fields `id`, `stateChangedAt` and `credentials` are not updateable.
+  - AdminPatchIdentity Partially updates an Identity's field using [JSON Patch](https://jsonpatch.com/)
+  - NOTE: The fields `id`, `stateChangedAt` and `credentials` are not updateable.
 
 Learn how identities work in [Ory Kratos' User And Identity Model Documentation](https://www.ory.sh/docs/next/kratos/concepts/identity-user-model).
- * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
- * @param id ID must be set to the ID of identity you want to update
- * @return V0alpha2ApiApiAdminPatchIdentityRequest
+  - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+  - @param id ID must be set to the ID of identity you want to update
+  - @return V0alpha2ApiApiAdminPatchIdentityRequest
 */
 func (a *V0alpha2ApiService) AdminPatchIdentity(ctx context.Context, id string) V0alpha2ApiApiAdminPatchIdentityRequest {
 	return V0alpha2ApiApiAdminPatchIdentityRequest{
@@ -2664,13 +2666,13 @@ func (r V0alpha2ApiApiAdminUpdateIdentityRequest) Execute() (*Identity, *http.Re
 }
 
 /*
- * AdminUpdateIdentity # Update an Identity
- * This endpoint updates an identity. The full identity payload (except credentials) is expected. This endpoint does not support patching.
+  - AdminUpdateIdentity # Update an Identity
+  - This endpoint updates an identity. The full identity payload (except credentials) is expected. This endpoint does not support patching.
 
 Learn how identities work in [Ory Kratos' User And Identity Model Documentation](https://www.ory.sh/docs/next/kratos/concepts/identity-user-model).
- * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
- * @param id ID must be set to the ID of identity you want to update
- * @return V0alpha2ApiApiAdminUpdateIdentityRequest
+  - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+  - @param id ID must be set to the ID of identity you want to update
+  - @return V0alpha2ApiApiAdminUpdateIdentityRequest
 */
 func (a *V0alpha2ApiService) AdminUpdateIdentity(ctx context.Context, id string) V0alpha2ApiApiAdminUpdateIdentityRequest {
 	return V0alpha2ApiApiAdminUpdateIdentityRequest{
@@ -2831,8 +2833,8 @@ func (r V0alpha2ApiApiCreateSelfServiceLogoutFlowUrlForBrowsersRequest) Execute(
 }
 
 /*
- * CreateSelfServiceLogoutFlowUrlForBrowsers # Create a Logout URL for Browsers
- * This endpoint initializes a browser-based user logout flow and a URL which can be used to log out the user.
+  - CreateSelfServiceLogoutFlowUrlForBrowsers # Create a Logout URL for Browsers
+  - This endpoint initializes a browser-based user logout flow and a URL which can be used to log out the user.
 
 This endpoint is NOT INTENDED for API clients and only works
 with browsers (Chrome, Firefox, ...). For API clients you can
@@ -2842,8 +2844,8 @@ The URL is only valid for the currently signed in user. If no user is signed in,
 a 401 error.
 
 When calling this endpoint from a backend, please ensure to properly forward the HTTP cookies.
- * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
- * @return V0alpha2ApiApiCreateSelfServiceLogoutFlowUrlForBrowsersRequest
+  - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+  - @return V0alpha2ApiApiCreateSelfServiceLogoutFlowUrlForBrowsersRequest
 */
 func (a *V0alpha2ApiService) CreateSelfServiceLogoutFlowUrlForBrowsers(ctx context.Context) V0alpha2ApiApiCreateSelfServiceLogoutFlowUrlForBrowsersRequest {
 	return V0alpha2ApiApiCreateSelfServiceLogoutFlowUrlForBrowsersRequest{
@@ -3093,16 +3095,16 @@ func (r V0alpha2ApiApiGetSelfServiceErrorRequest) Execute() (*SelfServiceError,
 }
 
 /*
- * GetSelfServiceError # Get Self-Service Errors
- * This endpoint returns the error associated with a user-facing self service errors.
+  - GetSelfServiceError # Get Self-Service Errors
+  - This endpoint returns the error associated with a user-facing self service errors.
 
 This endpoint supports stub values to help you implement the error UI:
 
 `?id=stub:500` - returns a stub 500 (Internal Server Error) error.
 
 More information can be found at [Ory Kratos User User Facing Error Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-facing-errors).
- * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
- * @return V0alpha2ApiApiGetSelfServiceErrorRequest
+  - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+  - @return V0alpha2ApiApiGetSelfServiceErrorRequest
 */
 func (a *V0alpha2ApiService) GetSelfServiceError(ctx context.Context) V0alpha2ApiApiGetSelfServiceErrorRequest {
 	return V0alpha2ApiApiGetSelfServiceErrorRequest{
@@ -3244,8 +3246,8 @@ func (r V0alpha2ApiApiGetSelfServiceLoginFlowRequest) Execute() (*SelfServiceLog
 }
 
 /*
- * GetSelfServiceLoginFlow # Get Login Flow
- * This endpoint returns a login flow's context with, for example, error details and other information.
+  - GetSelfServiceLoginFlow # Get Login Flow
+  - This endpoint returns a login flow's context with, for example, error details and other information.
 
 Browser flows expect the anti-CSRF cookie to be included in the request's HTTP Cookie Header.
 For AJAX requests you must ensure that cookies are included in the request or requests will fail.
@@ -3268,8 +3270,8 @@ This request may fail due to several reasons. The `error.id` can be one of:
 `self_service_flow_expired`: The flow is expired and you should request a new one.
 
 More information can be found at [Ory Kratos User Login](https://www.ory.sh/docs/kratos/self-service/flows/user-login) and [User Registration Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-registration).
- * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
- * @return V0alpha2ApiApiGetSelfServiceLoginFlowRequest
+  - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+  - @return V0alpha2ApiApiGetSelfServiceLoginFlowRequest
 */
 func (a *V0alpha2ApiService) GetSelfServiceLoginFlow(ctx context.Context) V0alpha2ApiApiGetSelfServiceLoginFlowRequest {
 	return V0alpha2ApiApiGetSelfServiceLoginFlowRequest{
@@ -3424,8 +3426,8 @@ func (r V0alpha2ApiApiGetSelfServiceRecoveryFlowRequest) Execute() (*SelfService
 }
 
 /*
- * GetSelfServiceRecoveryFlow # Get Recovery Flow
- * This endpoint returns a recovery flow's context with, for example, error details and other information.
+  - GetSelfServiceRecoveryFlow # Get Recovery Flow
+  - This endpoint returns a recovery flow's context with, for example, error details and other information.
 
 Browser flows expect the anti-CSRF cookie to be included in the request's HTTP Cookie Header.
 For AJAX requests you must ensure that cookies are included in the request or requests will fail.
@@ -3443,8 +3445,8 @@ res.render('recovery', flow)
 ```
 
 More information can be found at [Ory Kratos Account Recovery Documentation](../self-service/flows/account-recovery).
- * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
- * @return V0alpha2ApiApiGetSelfServiceRecoveryFlowRequest
+  - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+  - @return V0alpha2ApiApiGetSelfServiceRecoveryFlowRequest
 */
 func (a *V0alpha2ApiService) GetSelfServiceRecoveryFlow(ctx context.Context) V0alpha2ApiApiGetSelfServiceRecoveryFlowRequest {
 	return V0alpha2ApiApiGetSelfServiceRecoveryFlowRequest{
@@ -3589,8 +3591,8 @@ func (r V0alpha2ApiApiGetSelfServiceRegistrationFlowRequest) Execute() (*SelfSer
 }
 
 /*
- * GetSelfServiceRegistrationFlow # Get Registration Flow
- * This endpoint returns a registration flow's context with, for example, error details and other information.
+  - GetSelfServiceRegistrationFlow # Get Registration Flow
+  - This endpoint returns a registration flow's context with, for example, error details and other information.
 
 Browser flows expect the anti-CSRF cookie to be included in the request's HTTP Cookie Header.
 For AJAX requests you must ensure that cookies are included in the request or requests will fail.
@@ -3613,8 +3615,8 @@ This request may fail due to several reasons. The `error.id` can be one of:
 `self_service_flow_expired`: The flow is expired and you should request a new one.
 
 More information can be found at [Ory Kratos User Login](https://www.ory.sh/docs/kratos/self-service/flows/user-login) and [User Registration Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-registration).
- * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
- * @return V0alpha2ApiApiGetSelfServiceRegistrationFlowRequest
+  - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+  - @return V0alpha2ApiApiGetSelfServiceRegistrationFlowRequest
 */
 func (a *V0alpha2ApiService) GetSelfServiceRegistrationFlow(ctx context.Context) V0alpha2ApiApiGetSelfServiceRegistrationFlowRequest {
 	return V0alpha2ApiApiGetSelfServiceRegistrationFlowRequest{
@@ -3774,8 +3776,9 @@ func (r V0alpha2ApiApiGetSelfServiceSettingsFlowRequest) Execute() (*SelfService
 }
 
 /*
- * GetSelfServiceSettingsFlow # Get Settings Flow
- * When accessing this endpoint through Ory Kratos' Public API you must ensure that either the Ory Kratos Session Cookie
+  - GetSelfServiceSettingsFlow # Get Settings Flow
+  - When accessing this endpoint through Ory Kratos' Public API you must ensure that either the Ory Kratos Session Cookie
+
 or the Ory Kratos Session Token are set.
 
 Depending on your configuration this endpoint might return a 403 error if the session has a lower Authenticator
@@ -3794,8 +3797,8 @@ case of an error, the `error.id` of the JSON response body can be one of:
 identity logged in instead.
 
 More information can be found at [Ory Kratos User Settings & Profile Management Documentation](../self-service/flows/user-settings).
- * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
- * @return V0alpha2ApiApiGetSelfServiceSettingsFlowRequest
+  - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+  - @return V0alpha2ApiApiGetSelfServiceSettingsFlowRequest
 */
 func (a *V0alpha2ApiService) GetSelfServiceSettingsFlow(ctx context.Context) V0alpha2ApiApiGetSelfServiceSettingsFlowRequest {
 	return V0alpha2ApiApiGetSelfServiceSettingsFlowRequest{
@@ -3963,8 +3966,8 @@ func (r V0alpha2ApiApiGetSelfServiceVerificationFlowRequest) Execute() (*SelfSer
 }
 
 /*
- * GetSelfServiceVerificationFlow # Get Verification Flow
- * This endpoint returns a verification flow's context with, for example, error details and other information.
+  - GetSelfServiceVerificationFlow # Get Verification Flow
+  - This endpoint returns a verification flow's context with, for example, error details and other information.
 
 Browser flows expect the anti-CSRF cookie to be included in the request's HTTP Cookie Header.
 For AJAX requests you must ensure that cookies are included in the request or requests will fail.
@@ -3981,8 +3984,8 @@ res.render('verification', flow)
 })
 
 More information can be found at [Ory Kratos Email and Phone Verification Documentation](https://www.ory.sh/docs/kratos/selfservice/flows/verify-email-account-activation).
- * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
- * @return V0alpha2ApiApiGetSelfServiceVerificationFlowRequest
+  - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+  - @return V0alpha2ApiApiGetSelfServiceVerificationFlowRequest
 */
 func (a *V0alpha2ApiService) GetSelfServiceVerificationFlow(ctx context.Context) V0alpha2ApiApiGetSelfServiceVerificationFlowRequest {
 	return V0alpha2ApiApiGetSelfServiceVerificationFlowRequest{
@@ -4116,8 +4119,8 @@ func (r V0alpha2ApiApiGetWebAuthnJavaScriptRequest) Execute() (string, *http.Res
 }
 
 /*
- * GetWebAuthnJavaScript # Get WebAuthn JavaScript
- * This endpoint provides JavaScript which is needed in order to perform WebAuthn login and registration.
+  - GetWebAuthnJavaScript # Get WebAuthn JavaScript
+  - This endpoint provides JavaScript which is needed in order to perform WebAuthn login and registration.
 
 If you are building a JavaScript Browser App (e.g. in ReactJS or AngularJS) you will need to load this file:
 
@@ -4126,8 +4129,8 @@ If you are building a JavaScript Browser App (e.g. in ReactJS or AngularJS) you
 ```
 
 More information can be found at [Ory Kratos User Login](https://www.ory.sh/docs/kratos/self-service/flows/user-login) and [User Registration Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-registration).
- * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
- * @return V0alpha2ApiApiGetWebAuthnJavaScriptRequest
+  - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+  - @return V0alpha2ApiApiGetWebAuthnJavaScriptRequest
 */
 func (a *V0alpha2ApiService) GetWebAuthnJavaScript(ctx context.Context) V0alpha2ApiApiGetWebAuthnJavaScriptRequest {
 	return V0alpha2ApiApiGetWebAuthnJavaScriptRequest{
@@ -4246,8 +4249,9 @@ func (r V0alpha2ApiApiInitializeSelfServiceLoginFlowForBrowsersRequest) Execute(
 }
 
 /*
- * InitializeSelfServiceLoginFlowForBrowsers # Initialize Login Flow for Browsers
- * This endpoint initializes a browser-based user login flow. This endpoint will set the appropriate
+  - InitializeSelfServiceLoginFlowForBrowsers # Initialize Login Flow for Browsers
+  - This endpoint initializes a browser-based user login flow. This endpoint will set the appropriate
+
 cookies and anti-CSRF measures required for browser-based flows.
 
 If this endpoint is opened as a link in the browser, it will be redirected to
@@ -4266,8 +4270,8 @@ case of an error, the `error.id` of the JSON response body can be one of:
 This endpoint is NOT INTENDED for clients that do not have a browser (Chrome, Firefox, ...) as cookies are needed.
 
 More information can be found at [Ory Kratos User Login](https://www.ory.sh/docs/kratos/self-service/flows/user-login) and [User Registration Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-registration).
- * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
- * @return V0alpha2ApiApiInitializeSelfServiceLoginFlowForBrowsersRequest
+  - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+  - @return V0alpha2ApiApiInitializeSelfServiceLoginFlowForBrowsersRequest
 */
 func (a *V0alpha2ApiService) InitializeSelfServiceLoginFlowForBrowsers(ctx context.Context) V0alpha2ApiApiInitializeSelfServiceLoginFlowForBrowsersRequest {
 	return V0alpha2ApiApiInitializeSelfServiceLoginFlowForBrowsersRequest{
@@ -4412,8 +4416,8 @@ func (r V0alpha2ApiApiInitializeSelfServiceLoginFlowWithoutBrowserRequest) Execu
 }
 
 /*
- * InitializeSelfServiceLoginFlowWithoutBrowser Initialize Login Flow for APIs, Services, Apps, ...
- * This endpoint initiates a login flow for API clients that do not use a browser, such as mobile devices, smart TVs, and so on.
+  - InitializeSelfServiceLoginFlowWithoutBrowser Initialize Login Flow for APIs, Services, Apps, ...
+  - This endpoint initiates a login flow for API clients that do not use a browser, such as mobile devices, smart TVs, and so on.
 
 If a valid provided session cookie or session token is provided, a 400 Bad Request error
 will be returned unless the URL query parameter `?refresh=true` is set.
@@ -4433,8 +4437,8 @@ In the case of an error, the `error.id` of the JSON response body can be one of:
 This endpoint MUST ONLY be used in scenarios such as native mobile apps (React Native, Objective C, Swift, Java, ...).
 
 More information can be found at [Ory Kratos User Login](https://www.ory.sh/docs/kratos/self-service/flows/user-login) and [User Registration Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-registration).
- * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
- * @return V0alpha2ApiApiInitializeSelfServiceLoginFlowWithoutBrowserRequest
+  - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+  - @return V0alpha2ApiApiInitializeSelfServiceLoginFlowWithoutBrowserRequest
 */
 func (a *V0alpha2ApiService) InitializeSelfServiceLoginFlowWithoutBrowser(ctx context.Context) V0alpha2ApiApiInitializeSelfServiceLoginFlowWithoutBrowserRequest {
 	return V0alpha2ApiApiInitializeSelfServiceLoginFlowWithoutBrowserRequest{
@@ -4566,8 +4570,9 @@ func (r V0alpha2ApiApiInitializeSelfServiceRecoveryFlowForBrowsersRequest) Execu
 }
 
 /*
- * InitializeSelfServiceRecoveryFlowForBrowsers # Initialize Recovery Flow for Browsers
- * This endpoint initializes a browser-based account recovery flow. Once initialized, the browser will be redirected to
+  - InitializeSelfServiceRecoveryFlowForBrowsers # Initialize Recovery Flow for Browsers
+  - This endpoint initializes a browser-based account recovery flow. Once initialized, the browser will be redirected to
+
 `selfservice.flows.recovery.ui_url` with the flow ID set as the query parameter `?flow=`. If a valid user session
 exists, the browser is returned to the configured return URL.
 
@@ -4577,8 +4582,8 @@ or a 400 bad request error if the user is already authenticated.
 This endpoint is NOT INTENDED for clients that do not have a browser (Chrome, Firefox, ...) as cookies are needed.
 
 More information can be found at [Ory Kratos Account Recovery Documentation](../self-service/flows/account-recovery).
- * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
- * @return V0alpha2ApiApiInitializeSelfServiceRecoveryFlowForBrowsersRequest
+  - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+  - @return V0alpha2ApiApiInitializeSelfServiceRecoveryFlowForBrowsersRequest
 */
 func (a *V0alpha2ApiService) InitializeSelfServiceRecoveryFlowForBrowsers(ctx context.Context) V0alpha2ApiApiInitializeSelfServiceRecoveryFlowForBrowsersRequest {
 	return V0alpha2ApiApiInitializeSelfServiceRecoveryFlowForBrowsersRequest{
@@ -4698,8 +4703,8 @@ func (r V0alpha2ApiApiInitializeSelfServiceRecoveryFlowWithoutBrowserRequest) Ex
 }
 
 /*
- * InitializeSelfServiceRecoveryFlowWithoutBrowser Initialize Recovery Flow for APIs, Services, Apps, ...
- * This endpoint initiates a recovery flow for API clients such as mobile devices, smart TVs, and so on.
+  - InitializeSelfServiceRecoveryFlowWithoutBrowser Initialize Recovery Flow for APIs, Services, Apps, ...
+  - This endpoint initiates a recovery flow for API clients such as mobile devices, smart TVs, and so on.
 
 If a valid provided session cookie or session token is provided, a 400 Bad Request error.
 
@@ -4712,8 +4717,8 @@ you vulnerable to a variety of CSRF attacks.
 This endpoint MUST ONLY be used in scenarios such as native mobile apps (React Native, Objective C, Swift, Java, ...).
 
 More information can be found at [Ory Kratos Account Recovery Documentation](../self-service/flows/account-recovery).
- * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
- * @return V0alpha2ApiApiInitializeSelfServiceRecoveryFlowWithoutBrowserRequest
+  - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+  - @return V0alpha2ApiApiInitializeSelfServiceRecoveryFlowWithoutBrowserRequest
 */
 func (a *V0alpha2ApiService) InitializeSelfServiceRecoveryFlowWithoutBrowser(ctx context.Context) V0alpha2ApiApiInitializeSelfServiceRecoveryFlowWithoutBrowserRequest {
 	return V0alpha2ApiApiInitializeSelfServiceRecoveryFlowWithoutBrowserRequest{
@@ -4836,8 +4841,9 @@ func (r V0alpha2ApiApiInitializeSelfServiceRegistrationFlowForBrowsersRequest) E
 }
 
 /*
- * InitializeSelfServiceRegistrationFlowForBrowsers # Initialize Registration Flow for Browsers
- * This endpoint initializes a browser-based user registration flow. This endpoint will set the appropriate
+  - InitializeSelfServiceRegistrationFlowForBrowsers # Initialize Registration Flow for Browsers
+  - This endpoint initializes a browser-based user registration flow. This endpoint will set the appropriate
+
 cookies and anti-CSRF measures required for browser-based flows.
 
 :::info
@@ -4862,8 +4868,8 @@ If this endpoint is called via an AJAX request, the response contains the regist
 This endpoint is NOT INTENDED for clients that do not have a browser (Chrome, Firefox, ...) as cookies are needed.
 
 More information can be found at [Ory Kratos User Login](https://www.ory.sh/docs/kratos/self-service/flows/user-login) and [User Registration Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-registration).
- * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
- * @return V0alpha2ApiApiInitializeSelfServiceRegistrationFlowForBrowsersRequest
+  - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+  - @return V0alpha2ApiApiInitializeSelfServiceRegistrationFlowForBrowsersRequest
 */
 func (a *V0alpha2ApiService) InitializeSelfServiceRegistrationFlowForBrowsers(ctx context.Context) V0alpha2ApiApiInitializeSelfServiceRegistrationFlowForBrowsersRequest {
 	return V0alpha2ApiApiInitializeSelfServiceRegistrationFlowForBrowsersRequest{
@@ -4973,8 +4979,8 @@ func (r V0alpha2ApiApiInitializeSelfServiceRegistrationFlowWithoutBrowserRequest
 }
 
 /*
- * InitializeSelfServiceRegistrationFlowWithoutBrowser Initialize Registration Flow for APIs, Services, Apps, ...
- * This endpoint initiates a registration flow for API clients such as mobile devices, smart TVs, and so on.
+  - InitializeSelfServiceRegistrationFlowWithoutBrowser Initialize Registration Flow for APIs, Services, Apps, ...
+  - This endpoint initiates a registration flow for API clients such as mobile devices, smart TVs, and so on.
 
 If a valid provided session cookie or session token is provided, a 400 Bad Request error
 will be returned unless the URL query parameter `?refresh=true` is set.
@@ -4993,8 +4999,8 @@ In the case of an error, the `error.id` of the JSON response body can be one of:
 This endpoint MUST ONLY be used in scenarios such as native mobile apps (React Native, Objective C, Swift, Java, ...).
 
 More information can be found at [Ory Kratos User Login](https://www.ory.sh/docs/kratos/self-service/flows/user-login) and [User Registration Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-registration).
- * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
- * @return V0alpha2ApiApiInitializeSelfServiceRegistrationFlowWithoutBrowserRequest
+  - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+  - @return V0alpha2ApiApiInitializeSelfServiceRegistrationFlowWithoutBrowserRequest
 */
 func (a *V0alpha2ApiService) InitializeSelfServiceRegistrationFlowWithoutBrowser(ctx context.Context) V0alpha2ApiApiInitializeSelfServiceRegistrationFlowWithoutBrowserRequest {
 	return V0alpha2ApiApiInitializeSelfServiceRegistrationFlowWithoutBrowserRequest{
@@ -5122,8 +5128,9 @@ func (r V0alpha2ApiApiInitializeSelfServiceSettingsFlowForBrowsersRequest) Execu
 }
 
 /*
- * InitializeSelfServiceSettingsFlowForBrowsers # Initialize Settings Flow for Browsers
- * This endpoint initializes a browser-based user settings flow. Once initialized, the browser will be redirected to
+  - InitializeSelfServiceSettingsFlowForBrowsers # Initialize Settings Flow for Browsers
+  - This endpoint initializes a browser-based user settings flow. Once initialized, the browser will be redirected to
+
 `selfservice.flows.settings.ui_url` with the flow ID set as the query parameter `?flow=`. If no valid
 Ory Kratos Session Cookie is included in the request, a login flow will be initialized.
 
@@ -5149,8 +5156,8 @@ case of an error, the `error.id` of the JSON response body can be one of:
 This endpoint is NOT INTENDED for clients that do not have a browser (Chrome, Firefox, ...) as cookies are needed.
 
 More information can be found at [Ory Kratos User Settings & Profile Management Documentation](../self-service/flows/user-settings).
- * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
- * @return V0alpha2ApiApiInitializeSelfServiceSettingsFlowForBrowsersRequest
+  - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+  - @return V0alpha2ApiApiInitializeSelfServiceSettingsFlowForBrowsersRequest
 */
 func (a *V0alpha2ApiService) InitializeSelfServiceSettingsFlowForBrowsers(ctx context.Context) V0alpha2ApiApiInitializeSelfServiceSettingsFlowForBrowsersRequest {
 	return V0alpha2ApiApiInitializeSelfServiceSettingsFlowForBrowsersRequest{
@@ -5299,8 +5306,9 @@ func (r V0alpha2ApiApiInitializeSelfServiceSettingsFlowWithoutBrowserRequest) Ex
 }
 
 /*
- * InitializeSelfServiceSettingsFlowWithoutBrowser Initialize Settings Flow for APIs, Services, Apps, ...
- * This endpoint initiates a settings flow for API clients such as mobile devices, smart TVs, and so on.
+  - InitializeSelfServiceSettingsFlowWithoutBrowser Initialize Settings Flow for APIs, Services, Apps, ...
+  - This endpoint initiates a settings flow for API clients such as mobile devices, smart TVs, and so on.
+
 You must provide a valid Ory Kratos Session Token for this endpoint to respond with HTTP 200 OK.
 
 To fetch an existing settings flow call `/self-service/settings/flows?flow=`.
@@ -5322,8 +5330,8 @@ In the case of an error, the `error.id` of the JSON response body can be one of:
 This endpoint MUST ONLY be used in scenarios such as native mobile apps (React Native, Objective C, Swift, Java, ...).
 
 More information can be found at [Ory Kratos User Settings & Profile Management Documentation](../self-service/flows/user-settings).
- * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
- * @return V0alpha2ApiApiInitializeSelfServiceSettingsFlowWithoutBrowserRequest
+  - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+  - @return V0alpha2ApiApiInitializeSelfServiceSettingsFlowWithoutBrowserRequest
 */
 func (a *V0alpha2ApiService) InitializeSelfServiceSettingsFlowWithoutBrowser(ctx context.Context) V0alpha2ApiApiInitializeSelfServiceSettingsFlowWithoutBrowserRequest {
 	return V0alpha2ApiApiInitializeSelfServiceSettingsFlowWithoutBrowserRequest{
@@ -5449,8 +5457,9 @@ func (r V0alpha2ApiApiInitializeSelfServiceVerificationFlowForBrowsersRequest) E
 }
 
 /*
- * InitializeSelfServiceVerificationFlowForBrowsers # Initialize Verification Flow for Browser Clients
- * This endpoint initializes a browser-based account verification flow. Once initialized, the browser will be redirected to
+  - InitializeSelfServiceVerificationFlowForBrowsers # Initialize Verification Flow for Browser Clients
+  - This endpoint initializes a browser-based account verification flow. Once initialized, the browser will be redirected to
+
 `selfservice.flows.verification.ui_url` with the flow ID set as the query parameter `?flow=`.
 
 If this endpoint is called via an AJAX request, the response contains the recovery flow without any redirects.
@@ -5458,8 +5467,8 @@ If this endpoint is called via an AJAX request, the response contains the recove
 This endpoint is NOT INTENDED for API clients and only works with browsers (Chrome, Firefox, ...).
 
 More information can be found at [Ory Kratos Email and Phone Verification Documentation](https://www.ory.sh/docs/kratos/selfservice/flows/verify-email-account-activation).
- * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
- * @return V0alpha2ApiApiInitializeSelfServiceVerificationFlowForBrowsersRequest
+  - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+  - @return V0alpha2ApiApiInitializeSelfServiceVerificationFlowForBrowsersRequest
 */
 func (a *V0alpha2ApiService) InitializeSelfServiceVerificationFlowForBrowsers(ctx context.Context) V0alpha2ApiApiInitializeSelfServiceVerificationFlowForBrowsersRequest {
 	return V0alpha2ApiApiInitializeSelfServiceVerificationFlowForBrowsersRequest{
@@ -5569,8 +5578,8 @@ func (r V0alpha2ApiApiInitializeSelfServiceVerificationFlowWithoutBrowserRequest
 }
 
 /*
- * InitializeSelfServiceVerificationFlowWithoutBrowser Initialize Verification Flow for APIs, Services, Apps, ...
- * This endpoint initiates a verification flow for API clients such as mobile devices, smart TVs, and so on.
+  - InitializeSelfServiceVerificationFlowWithoutBrowser Initialize Verification Flow for APIs, Services, Apps, ...
+  - This endpoint initiates a verification flow for API clients such as mobile devices, smart TVs, and so on.
 
 To fetch an existing verification flow call `/self-service/verification/flows?flow=`.
 
@@ -5581,8 +5590,8 @@ you vulnerable to a variety of CSRF attacks.
 This endpoint MUST ONLY be used in scenarios such as native mobile apps (React Native, Objective C, Swift, Java, ...).
 
 More information can be found at [Ory Kratos Email and Phone Verification Documentation](https://www.ory.sh/docs/kratos/self-service/flows/verify-email-account-activation).
- * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
- * @return V0alpha2ApiApiInitializeSelfServiceVerificationFlowWithoutBrowserRequest
+  - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+  - @return V0alpha2ApiApiInitializeSelfServiceVerificationFlowWithoutBrowserRequest
 */
 func (a *V0alpha2ApiService) InitializeSelfServiceVerificationFlowWithoutBrowser(ctx context.Context) V0alpha2ApiApiInitializeSelfServiceVerificationFlowWithoutBrowserRequest {
 	return V0alpha2ApiApiInitializeSelfServiceVerificationFlowWithoutBrowserRequest{
@@ -5847,12 +5856,12 @@ func (r V0alpha2ApiApiListSessionsRequest) Execute() ([]Session, *http.Response,
 }
 
 /*
- * ListSessions This endpoints returns all other active sessions that belong to the logged-in user. The current session can be retrieved by calling the `/sessions/whoami` endpoint.
- * This endpoint is useful for:
+  - ListSessions This endpoints returns all other active sessions that belong to the logged-in user. The current session can be retrieved by calling the `/sessions/whoami` endpoint.
+  - This endpoint is useful for:
 
 Displaying all other sessions that belong to the logged-in user
- * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
- * @return V0alpha2ApiApiListSessionsRequest
+  - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+  - @return V0alpha2ApiApiListSessionsRequest
 */
 func (a *V0alpha2ApiService) ListSessions(ctx context.Context) V0alpha2ApiApiListSessionsRequest {
 	return V0alpha2ApiApiListSessionsRequest{
@@ -6002,13 +6011,13 @@ func (r V0alpha2ApiApiRevokeSessionRequest) Execute() (*http.Response, error) {
 }
 
 /*
- * RevokeSession Calling this endpoint invalidates the specified session. The current session cannot be revoked. Session data are not deleted.
- * This endpoint is useful for:
+  - RevokeSession Calling this endpoint invalidates the specified session. The current session cannot be revoked. Session data are not deleted.
+  - This endpoint is useful for:
 
 To forcefully logout the current user from another device or session
- * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
- * @param id ID is the session's ID.
- * @return V0alpha2ApiApiRevokeSessionRequest
+  - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+  - @param id ID is the session's ID.
+  - @return V0alpha2ApiApiRevokeSessionRequest
 */
 func (a *V0alpha2ApiService) RevokeSession(ctx context.Context, id string) V0alpha2ApiApiRevokeSessionRequest {
 	return V0alpha2ApiApiRevokeSessionRequest{
@@ -6137,12 +6146,12 @@ func (r V0alpha2ApiApiRevokeSessionsRequest) Execute() (*RevokedSessions, *http.
 }
 
 /*
- * RevokeSessions Calling this endpoint invalidates all except the current session that belong to the logged-in user. Session data are not deleted.
- * This endpoint is useful for:
+  - RevokeSessions Calling this endpoint invalidates all except the current session that belong to the logged-in user. Session data are not deleted.
+  - This endpoint is useful for:
 
 To forcefully logout the current user from all other devices and sessions
- * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
- * @return V0alpha2ApiApiRevokeSessionsRequest
+  - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+  - @return V0alpha2ApiApiRevokeSessionsRequest
 */
 func (a *V0alpha2ApiService) RevokeSessions(ctx context.Context) V0alpha2ApiApiRevokeSessionsRequest {
 	return V0alpha2ApiApiRevokeSessionsRequest{
@@ -6306,8 +6315,8 @@ func (r V0alpha2ApiApiSubmitSelfServiceLoginFlowRequest) Execute() (*SuccessfulS
 }
 
 /*
- * SubmitSelfServiceLoginFlow # Submit a Login Flow
- * :::info
+  - SubmitSelfServiceLoginFlow # Submit a Login Flow
+  - :::info
 
 This endpoint is EXPERIMENTAL and subject to potential breaking changes in the future.
 
@@ -6340,8 +6349,8 @@ case of an error, the `error.id` of the JSON response body can be one of:
 Most likely used in Social Sign In flows.
 
 More information can be found at [Ory Kratos User Login](https://www.ory.sh/docs/kratos/self-service/flows/user-login) and [User Registration Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-registration).
- * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
- * @return V0alpha2ApiApiSubmitSelfServiceLoginFlowRequest
+  - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+  - @return V0alpha2ApiApiSubmitSelfServiceLoginFlowRequest
 */
 func (a *V0alpha2ApiService) SubmitSelfServiceLoginFlow(ctx context.Context) V0alpha2ApiApiSubmitSelfServiceLoginFlowRequest {
 	return V0alpha2ApiApiSubmitSelfServiceLoginFlowRequest{
@@ -6504,8 +6513,8 @@ func (r V0alpha2ApiApiSubmitSelfServiceLogoutFlowRequest) Execute() (*http.Respo
 }
 
 /*
- * SubmitSelfServiceLogoutFlow # Complete Self-Service Logout
- * This endpoint logs out an identity in a self-service manner.
+  - SubmitSelfServiceLogoutFlow # Complete Self-Service Logout
+  - This endpoint logs out an identity in a self-service manner.
 
 If the `Accept` HTTP header is not set to `application/json`, the browser will be redirected (HTTP 303 See Other)
 to the `return_to` parameter of the initial request or fall back to `urls.default_return_to`.
@@ -6518,8 +6527,8 @@ with browsers (Chrome, Firefox, ...). For API clients you can
 call the `/self-service/logout/api` URL directly with the Ory Session Token.
 
 More information can be found at [Ory Kratos User Logout Documentation](https://www.ory.sh/docs/next/kratos/self-service/flows/user-logout).
- * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
- * @return V0alpha2ApiApiSubmitSelfServiceLogoutFlowRequest
+  - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+  - @return V0alpha2ApiApiSubmitSelfServiceLogoutFlowRequest
 */
 func (a *V0alpha2ApiService) SubmitSelfServiceLogoutFlow(ctx context.Context) V0alpha2ApiApiSubmitSelfServiceLogoutFlowRequest {
 	return V0alpha2ApiApiSubmitSelfServiceLogoutFlowRequest{
@@ -6627,8 +6636,9 @@ func (r V0alpha2ApiApiSubmitSelfServiceLogoutFlowWithoutBrowserRequest) Execute(
 }
 
 /*
- * SubmitSelfServiceLogoutFlowWithoutBrowser Perform Logout for APIs, Services, Apps, ...
- * Use this endpoint to log out an identity using an Ory Session Token. If the Ory Session Token was successfully
+  - SubmitSelfServiceLogoutFlowWithoutBrowser Perform Logout for APIs, Services, Apps, ...
+  - Use this endpoint to log out an identity using an Ory Session Token. If the Ory Session Token was successfully
+
 revoked, the server returns a 204 No Content response. A 204 No Content response is also sent when
 the Ory Session Token has been revoked already before.
 
@@ -6636,8 +6646,8 @@ If the Ory Session Token is malformed or does not exist a 403 Forbidden response
 
 This endpoint does not remove any HTTP
 Cookies - use the Browser-Based Self-Service Logout Flow instead.
- * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
- * @return V0alpha2ApiApiSubmitSelfServiceLogoutFlowWithoutBrowserRequest
+  - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+  - @return V0alpha2ApiApiSubmitSelfServiceLogoutFlowWithoutBrowserRequest
 */
 func (a *V0alpha2ApiService) SubmitSelfServiceLogoutFlowWithoutBrowser(ctx context.Context) V0alpha2ApiApiSubmitSelfServiceLogoutFlowWithoutBrowserRequest {
 	return V0alpha2ApiApiSubmitSelfServiceLogoutFlowWithoutBrowserRequest{
@@ -6769,8 +6779,9 @@ func (r V0alpha2ApiApiSubmitSelfServiceRecoveryFlowRequest) Execute() (*SelfServ
 }
 
 /*
- * SubmitSelfServiceRecoveryFlow # Complete Recovery Flow
- * Use this endpoint to complete a recovery flow. This endpoint
+  - SubmitSelfServiceRecoveryFlow # Complete Recovery Flow
+  - Use this endpoint to complete a recovery flow. This endpoint
+
 behaves differently for API and browser flows and has several states:
 
 `choose_method` expects `flow` (in the URL query) and `email` (in the body) to be sent
@@ -6786,8 +6797,8 @@ does not have any API capabilities. The server responds with a HTTP 303 See Othe
 a new Recovery Flow ID which contains an error message that the recovery link was invalid.
 
 More information can be found at [Ory Kratos Account Recovery Documentation](../self-service/flows/account-recovery).
- * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
- * @return V0alpha2ApiApiSubmitSelfServiceRecoveryFlowRequest
+  - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+  - @return V0alpha2ApiApiSubmitSelfServiceRecoveryFlowRequest
 */
 func (a *V0alpha2ApiService) SubmitSelfServiceRecoveryFlow(ctx context.Context) V0alpha2ApiApiSubmitSelfServiceRecoveryFlowRequest {
 	return V0alpha2ApiApiSubmitSelfServiceRecoveryFlowRequest{
@@ -6945,8 +6956,9 @@ func (r V0alpha2ApiApiSubmitSelfServiceRegistrationFlowRequest) Execute() (*Succ
 }
 
 /*
- * SubmitSelfServiceRegistrationFlow # Submit a Registration Flow
- * Use this endpoint to complete a registration flow by sending an identity's traits and password. This endpoint
+  - SubmitSelfServiceRegistrationFlow # Submit a Registration Flow
+  - Use this endpoint to complete a registration flow by sending an identity's traits and password. This endpoint
+
 behaves differently for API and browser flows.
 
 API flows expect `application/json` to be sent in the body and respond with
@@ -6974,8 +6986,8 @@ case of an error, the `error.id` of the JSON response body can be one of:
 Most likely used in Social Sign In flows.
 
 More information can be found at [Ory Kratos User Login](https://www.ory.sh/docs/kratos/self-service/flows/user-login) and [User Registration Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-registration).
- * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
- * @return V0alpha2ApiApiSubmitSelfServiceRegistrationFlowRequest
+  - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+  - @return V0alpha2ApiApiSubmitSelfServiceRegistrationFlowRequest
 */
 func (a *V0alpha2ApiService) SubmitSelfServiceRegistrationFlow(ctx context.Context) V0alpha2ApiApiSubmitSelfServiceRegistrationFlowRequest {
 	return V0alpha2ApiApiSubmitSelfServiceRegistrationFlowRequest{
@@ -7145,8 +7157,9 @@ func (r V0alpha2ApiApiSubmitSelfServiceSettingsFlowRequest) Execute() (*SelfServ
 }
 
 /*
- * SubmitSelfServiceSettingsFlow # Complete Settings Flow
- * Use this endpoint to complete a settings flow by sending an identity's updated password. This endpoint
+  - SubmitSelfServiceSettingsFlow # Complete Settings Flow
+  - Use this endpoint to complete a settings flow by sending an identity's updated password. This endpoint
+
 behaves differently for API and browser flows.
 
 API-initiated flows expect `application/json` to be sent in the body and respond with
@@ -7189,8 +7202,8 @@ identity logged in instead.
 Most likely used in Social Sign In flows.
 
 More information can be found at [Ory Kratos User Settings & Profile Management Documentation](../self-service/flows/user-settings).
- * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
- * @return V0alpha2ApiApiSubmitSelfServiceSettingsFlowRequest
+  - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+  - @return V0alpha2ApiApiSubmitSelfServiceSettingsFlowRequest
 */
 func (a *V0alpha2ApiService) SubmitSelfServiceSettingsFlow(ctx context.Context) V0alpha2ApiApiSubmitSelfServiceSettingsFlowRequest {
 	return V0alpha2ApiApiSubmitSelfServiceSettingsFlowRequest{
@@ -7383,8 +7396,9 @@ func (r V0alpha2ApiApiSubmitSelfServiceVerificationFlowRequest) Execute() (*Self
 }
 
 /*
- * SubmitSelfServiceVerificationFlow # Complete Verification Flow
- * Use this endpoint to complete a verification flow. This endpoint
+  - SubmitSelfServiceVerificationFlow # Complete Verification Flow
+  - Use this endpoint to complete a verification flow. This endpoint
+
 behaves differently for API and browser flows and has several states:
 
 `choose_method` expects `flow` (in the URL query) and `email` (in the body) to be sent
@@ -7400,8 +7414,8 @@ does not have any API capabilities. The server responds with a HTTP 303 See Othe
 a new Verification Flow ID which contains an error message that the verification link was invalid.
 
 More information can be found at [Ory Kratos Email and Phone Verification Documentation](https://www.ory.sh/docs/kratos/selfservice/flows/verify-email-account-activation).
- * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
- * @return V0alpha2ApiApiSubmitSelfServiceVerificationFlowRequest
+  - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+  - @return V0alpha2ApiApiSubmitSelfServiceVerificationFlowRequest
 */
 func (a *V0alpha2ApiService) SubmitSelfServiceVerificationFlow(ctx context.Context) V0alpha2ApiApiSubmitSelfServiceVerificationFlowRequest {
 	return V0alpha2ApiApiSubmitSelfServiceVerificationFlowRequest{
@@ -7554,8 +7568,9 @@ func (r V0alpha2ApiApiToSessionRequest) Execute() (*Session, *http.Response, err
 }
 
 /*
- * ToSession # Check Who the Current HTTP Session Belongs To
- * Uses the HTTP Headers in the GET request to determine (e.g. by using checking the cookies) who is authenticated.
+  - ToSession # Check Who the Current HTTP Session Belongs To
+  - Uses the HTTP Headers in the GET request to determine (e.g. by using checking the cookies) who is authenticated.
+
 Returns a session object in the body or 401 if the credentials are invalid or no credentials were sent.
 Additionally when the request it successful it adds the user ID to the 'X-Kratos-Authenticated-Identity-Id' header
 in the response.
@@ -7604,8 +7619,8 @@ As explained above, this request may fail due to several reasons. The `error.id`
 
 `session_inactive`: No active session was found in the request (e.g. no Ory Session Cookie / Ory Session Token).
 `session_aal2_required`: An active session was found but it does not fulfil the Authenticator Assurance Level, implying that the session must (e.g.) authenticate the second factor.
- * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
- * @return V0alpha2ApiApiToSessionRequest
+  - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+  - @return V0alpha2ApiApiToSessionRequest
 */
 func (a *V0alpha2ApiService) ToSession(ctx context.Context) V0alpha2ApiApiToSessionRequest {
 	return V0alpha2ApiApiToSessionRequest{
diff --git a/package-lock.json b/package-lock.json
index 4d6d08500f34..20bc1051908a 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -16,9 +16,9 @@
         "cypress": "^9.5.1",
         "dayjs": "^1.10.4",
         "got": "^11.8.2",
-        "ory-prettier-styles": "1.1.2",
+        "ory-prettier-styles": "1.3.0",
         "otplib": "^12.0.1",
-        "prettier": "^2.7.1",
+        "prettier": "2.7.1",
         "prettier-plugin-packagejson": "^2.2.18",
         "typescript": "^4.4.3",
         "wait-on": "5.3.0"
@@ -2416,9 +2416,9 @@
       }
     },
     "node_modules/ory-prettier-styles": {
-      "version": "1.1.2",
-      "resolved": "https://registry.npmjs.org/ory-prettier-styles/-/ory-prettier-styles-1.1.2.tgz",
-      "integrity": "sha512-J7YcNdGlfTKCXAHEoFl9lp5EhnIASGgM5ua9Y+8OdWtS9tXJTik5xFYCF6xS46tpI3sk8cxFguKWhZeaeb6Z/A==",
+      "version": "1.3.0",
+      "resolved": "https://registry.npmjs.org/ory-prettier-styles/-/ory-prettier-styles-1.3.0.tgz",
+      "integrity": "sha512-Vfn0G6CyLaadwcCamwe1SQCf37ZQfBDgMrhRI70dE/2fbE3Q43/xu7K5c32I5FGt/EliroWty5yBjmdkj0eWug==",
       "dev": true
     },
     "node_modules/os-tmpdir": {
@@ -5129,9 +5129,9 @@
       }
     },
     "ory-prettier-styles": {
-      "version": "1.1.2",
-      "resolved": "https://registry.npmjs.org/ory-prettier-styles/-/ory-prettier-styles-1.1.2.tgz",
-      "integrity": "sha512-J7YcNdGlfTKCXAHEoFl9lp5EhnIASGgM5ua9Y+8OdWtS9tXJTik5xFYCF6xS46tpI3sk8cxFguKWhZeaeb6Z/A==",
+      "version": "1.3.0",
+      "resolved": "https://registry.npmjs.org/ory-prettier-styles/-/ory-prettier-styles-1.3.0.tgz",
+      "integrity": "sha512-Vfn0G6CyLaadwcCamwe1SQCf37ZQfBDgMrhRI70dE/2fbE3Q43/xu7K5c32I5FGt/EliroWty5yBjmdkj0eWug==",
       "dev": true
     },
     "os-tmpdir": {
@@ -5737,7 +5737,8 @@
       "version": "7.5.7",
       "resolved": "https://registry.npmjs.org/ws/-/ws-7.5.7.tgz",
       "integrity": "sha512-KMvVuFzpKBuiIXW3E4u3mySRO2/mCHSyZDJQM5NQ9Q9KHWHWh0NHgfbRMLLrceUK5qAL4ytALJbpRMjixFZh8A==",
-      "dev": true
+      "dev": true,
+      "requires": {}
     },
     "y18n": {
       "version": "5.0.8",
diff --git a/package.json b/package.json
index e4a8e60b2627..81f8e1fef445 100644
--- a/package.json
+++ b/package.json
@@ -20,9 +20,9 @@
     "cypress": "^9.5.1",
     "dayjs": "^1.10.4",
     "got": "^11.8.2",
-    "ory-prettier-styles": "1.1.2",
+    "ory-prettier-styles": "1.3.0",
     "otplib": "^12.0.1",
-    "prettier": "^2.7.1",
+    "prettier": "2.7.1",
     "prettier-plugin-packagejson": "^2.2.18",
     "typescript": "^4.4.3",
     "wait-on": "5.3.0"
diff --git a/test/e2e/cypress.config.ts b/test/e2e/cypress.config.ts
index a9a55def40b6..1e2c0e612114 100644
--- a/test/e2e/cypress.config.ts
+++ b/test/e2e/cypress.config.ts
@@ -1,6 +1,6 @@
-import { defineConfig } from 'cypress'
-import got from 'got'
-const CRI = require('chrome-remote-interface')
+import { defineConfig } from "cypress"
+import got from "got"
+const CRI = require("chrome-remote-interface")
 let criPort = 0,
   criClient = null
 
@@ -8,28 +8,28 @@ export default defineConfig({
   chromeWebSecurity: false,
   defaultCommandTimeout: 10000,
   requestTimeout: 10000,
-  projectId: 'bc48bg',
+  projectId: "bc48bg",
   video: true,
   videoCompression: false,
   screenshotOnRunFailure: true,
   e2e: {
     retries: {
       runMode: 6,
-      openMode: 1
+      openMode: 1,
     },
-    videosFolder: 'cypress/videos',
-    screenshotsFolder: 'cypress/screenshots',
-    excludeSpecPattern: '**/*snapshots.js',
-    supportFile: 'cypress/support/index.js',
-    specPattern: '**/*.spec.{js,ts}',
-    baseUrl: 'http://localhost:4455/',
+    videosFolder: "cypress/videos",
+    screenshotsFolder: "cypress/screenshots",
+    excludeSpecPattern: "**/*snapshots.js",
+    supportFile: "cypress/support/index.js",
+    specPattern: "**/*.spec.{js,ts}",
+    baseUrl: "http://localhost:4455/",
     setupNodeEvents(on, config) {
-      on('before:browser:launch', (browser, args) => {
+      on("before:browser:launch", (browser, args) => {
         criPort = ensureRdpPort(args.args)
-        console.log('criPort is', criPort)
+        console.log("criPort is", criPort)
       })
 
-      on('task', {
+      on("task", {
         httpRequest(params) {
           return got(params).then(({ body }) => body)
         },
@@ -50,19 +50,19 @@ export default defineConfig({
           }
 
           return criClient.send(args.query, args.opts)
-        }
+        },
       })
-    }
-  }
+    },
+  },
 })
 
 function ensureRdpPort(args) {
   const existing = args.find(
-    (arg) => arg.slice(0, 23) === '--remote-debugging-port'
+    (arg) => arg.slice(0, 23) === "--remote-debugging-port",
   )
 
   if (existing) {
-    return Number(existing.split('=')[1])
+    return Number(existing.split("=")[1])
   }
 
   const port = 40000 + Math.round(Math.random() * 25000)
diff --git a/test/e2e/cypress/helpers/express.ts b/test/e2e/cypress/helpers/express.ts
index cb8ea52292cc..51bd49f35439 100644
--- a/test/e2e/cypress/helpers/express.ts
+++ b/test/e2e/cypress/helpers/express.ts
@@ -1,10 +1,10 @@
-import { APP_URL, SPA_URL } from './index'
+import { APP_URL, SPA_URL } from "./index"
 
 export const routes = {
   base: APP_URL,
-  login: APP_URL + '/login',
-  registration: APP_URL + '/registration',
-  settings: APP_URL + '/settings',
-  recovery: APP_URL + '/recovery',
-  verification: APP_URL + '/verification'
+  login: APP_URL + "/login",
+  registration: APP_URL + "/registration",
+  settings: APP_URL + "/settings",
+  recovery: APP_URL + "/recovery",
+  verification: APP_URL + "/verification",
 }
diff --git a/test/e2e/cypress/helpers/index.ts b/test/e2e/cypress/helpers/index.ts
index 439ec483414b..48e365e381a8 100644
--- a/test/e2e/cypress/helpers/index.ts
+++ b/test/e2e/cypress/helpers/index.ts
@@ -1,6 +1,6 @@
-export const email = () => Math.random().toString(36) + '@ory.sh'
+export const email = () => Math.random().toString(36) + "@ory.sh"
 export const blockedEmail = () =>
-  Math.random().toString(36) + '_blocked' + '@ory.sh'
+  Math.random().toString(36) + "_blocked" + "@ory.sh"
 
 export const password = () => Math.random().toString(36)
 
@@ -8,7 +8,7 @@ export const assertVerifiableAddress =
   ({ isVerified, email }) =>
   (session) => {
     const { identity } = session
-    expect(identity).to.have.property('verifiable_addresses')
+    expect(identity).to.have.property("verifiable_addresses")
     expect(identity.verifiable_addresses).to.have.length(1)
 
     const address = identity.verifiable_addresses[0]
@@ -19,14 +19,14 @@ export const assertVerifiableAddress =
     if (isVerified) {
       expect(address.verified_at).to.not.be.null
     } else {
-      expect(address).to.not.have.property('verified_at')
+      expect(address).to.not.have.property("verified_at")
     }
   }
 
 export const assertRecoveryAddress =
   ({ email }) =>
   ({ identity }) => {
-    expect(identity).to.have.property('recovery_addresses')
+    expect(identity).to.have.property("recovery_addresses")
     expect(identity.recovery_addresses).to.have.length(1)
 
     const address = identity.recovery_addresses[0]
@@ -35,35 +35,35 @@ export const assertRecoveryAddress =
   }
 
 export const parseHtml = (html) =>
-  new DOMParser().parseFromString(html, 'text/html')
+  new DOMParser().parseFromString(html, "text/html")
 
 export const APP_URL = (
-  Cypress.env('app_url') || 'http://localhost:4455'
-).replace(/\/$/, '')
+  Cypress.env("app_url") || "http://localhost:4455"
+).replace(/\/$/, "")
 
 export const MOBILE_URL = (
-  Cypress.env('mobile_url') || 'http://localhost:4457'
-).replace(/\/$/, '')
+  Cypress.env("mobile_url") || "http://localhost:4457"
+).replace(/\/$/, "")
 export const SPA_URL = (
-  Cypress.env('react_url') || 'http://localhost:4455'
-).replace(/\/$/, '')
+  Cypress.env("react_url") || "http://localhost:4455"
+).replace(/\/$/, "")
 export const KRATOS_ADMIN = (
-  Cypress.env('kratos_admin') || 'http://localhost:4434'
+  Cypress.env("kratos_admin") || "http://localhost:4434"
 )
   .replace()
-  .replace(/\/$/, '')
+  .replace(/\/$/, "")
 
 export const KRATOS_PUBLIC = (
-  Cypress.env('kratos_public') || 'http://localhost:4433'
+  Cypress.env("kratos_public") || "http://localhost:4433"
 )
   .replace()
-  .replace(/\/$/, '')
+  .replace(/\/$/, "")
 
 export const MAIL_API = (
-  Cypress.env('mail_url') || 'http://localhost:4437'
-).replace(/\/$/, '')
+  Cypress.env("mail_url") || "http://localhost:4437"
+).replace(/\/$/, "")
 
-export const website = 'https://www.ory.sh/'
+export const website = "https://www.ory.sh/"
 
 export const gen = {
   email,
@@ -73,8 +73,8 @@ export const gen = {
   identityWithWebsite: () => ({
     email: email(),
     password: password(),
-    fields: { 'traits.website': 'https://www.ory.sh' }
-  })
+    fields: { "traits.website": "https://www.ory.sh" },
+  }),
 }
 
 // Format is
diff --git a/test/e2e/cypress/helpers/react.ts b/test/e2e/cypress/helpers/react.ts
index 26cc97230180..e5a3fd4e5d61 100644
--- a/test/e2e/cypress/helpers/react.ts
+++ b/test/e2e/cypress/helpers/react.ts
@@ -1,10 +1,10 @@
-import { SPA_URL } from './index'
+import { SPA_URL } from "./index"
 
 export const routes = {
   base: SPA_URL,
-  login: SPA_URL + '/login',
-  registration: SPA_URL + '/registration',
-  settings: SPA_URL + '/settings',
-  recovery: SPA_URL + '/recovery',
-  verification: SPA_URL + '/verification'
+  login: SPA_URL + "/login",
+  registration: SPA_URL + "/registration",
+  settings: SPA_URL + "/settings",
+  recovery: SPA_URL + "/recovery",
+  verification: SPA_URL + "/verification",
 }
diff --git a/test/e2e/cypress/integration/profiles/email/error/ui.spec.ts b/test/e2e/cypress/integration/profiles/email/error/ui.spec.ts
index be7bb5d407d6..d2e8874d364b 100644
--- a/test/e2e/cypress/integration/profiles/email/error/ui.spec.ts
+++ b/test/e2e/cypress/integration/profiles/email/error/ui.spec.ts
@@ -1,19 +1,19 @@
-import { routes as express } from '../../../../helpers/express'
-import { routes as react } from '../../../../helpers/react'
-import { appPrefix } from '../../../../helpers'
+import { routes as express } from "../../../../helpers/express"
+import { routes as react } from "../../../../helpers/react"
+import { appPrefix } from "../../../../helpers"
 
-describe('Handling self-service error flows', () => {
+describe("Handling self-service error flows", () => {
   ;[
     {
       route: express.base,
-      app: 'express' as 'express',
-      profile: 'email'
+      app: "express" as "express",
+      profile: "email",
     },
     {
       route: react.base,
-      app: 'react' as 'react',
-      profile: 'spa'
-    }
+      app: "react" as "react",
+      profile: "spa",
+    },
   ].forEach(({ route, app, profile }) => {
     describe(`for app ${app}`, () => {
       before(() => {
@@ -21,14 +21,14 @@ describe('Handling self-service error flows', () => {
         cy.proxy(app)
       })
 
-      it('should show the error', () => {
+      it("should show the error", () => {
         cy.visit(`${route}/error?id=stub:500`, {
-          failOnStatusCode: false
+          failOnStatusCode: false,
         })
 
         cy.get(`${appPrefix(app)}code`).should(
-          'contain.text',
-          'This is a stub error.'
+          "contain.text",
+          "This is a stub error.",
         )
       })
     })
diff --git a/test/e2e/cypress/integration/profiles/email/login/error.spec.ts b/test/e2e/cypress/integration/profiles/email/login/error.spec.ts
index 90873f9cb882..58cd061a0a74 100644
--- a/test/e2e/cypress/integration/profiles/email/login/error.spec.ts
+++ b/test/e2e/cypress/integration/profiles/email/login/error.spec.ts
@@ -1,19 +1,19 @@
-import { appPrefix, gen } from '../../../../helpers'
-import { routes as express } from '../../../../helpers/express'
-import { routes as react } from '../../../../helpers/react'
+import { appPrefix, gen } from "../../../../helpers"
+import { routes as express } from "../../../../helpers/express"
+import { routes as react } from "../../../../helpers/react"
 
-describe('Basic email profile with failing login flows', () => {
+describe("Basic email profile with failing login flows", () => {
   ;[
     {
       route: express.login,
-      app: 'express' as 'express',
-      profile: 'email'
+      app: "express" as "express",
+      profile: "email",
     },
     {
       route: react.login,
-      app: 'react' as 'react',
-      profile: 'spa'
-    }
+      app: "react" as "react",
+      profile: "spa",
+    },
   ].forEach(({ route, profile, app }) => {
     describe(`for app ${app}`, () => {
       before(() => {
@@ -26,60 +26,60 @@ describe('Basic email profile with failing login flows', () => {
         cy.visit(route)
       })
 
-      it('fails when CSRF cookies are missing', () => {
+      it("fails when CSRF cookies are missing", () => {
         cy.get(`${appPrefix(app)}input[name="identifier"]`).type(
-          'i-do-not-exist'
+          "i-do-not-exist",
         )
-        cy.get('input[name="password"]').type('invalid-password')
+        cy.get('input[name="password"]').type("invalid-password")
 
         cy.shouldHaveCsrfError({ app })
       })
 
-      it('fails when a disallowed return_to url is requested', () => {
+      it("fails when a disallowed return_to url is requested", () => {
         cy.shouldErrorOnDisallowedReturnTo(
-          route + '?return_to=https://not-allowed',
-          { app }
+          route + "?return_to=https://not-allowed",
+          { app },
         )
       })
 
-      describe('shows validation errors when invalid signup data is used', () => {
-        it('should show an error when the identifier is missing', () => {
+      describe("shows validation errors when invalid signup data is used", () => {
+        it("should show an error when the identifier is missing", () => {
           cy.submitPasswordForm()
           cy.get('*[data-testid="ui/message/4000002"]').should(
-            'contain.text',
-            'Property identifier is missing'
+            "contain.text",
+            "Property identifier is missing",
           )
           cy.get('*[data-testid="ui/message/4000002"]').should(
-            'contain.text',
-            'Property password is missing'
+            "contain.text",
+            "Property password is missing",
           )
         })
 
-        it('should show an error when the password is missing', () => {
+        it("should show an error when the password is missing", () => {
           const identity = gen.email()
           cy.get('input[name="identifier"]')
             .type(identity)
-            .should('have.value', identity)
+            .should("have.value", identity)
 
           cy.submitPasswordForm()
           cy.get('*[data-testid^="ui/message/"]')
-            .invoke('text')
+            .invoke("text")
             .then((text) => {
               expect(text).to.be.oneOf([
-                'length must be >= 1, but got 0',
-                'Property password is missing.'
+                "length must be >= 1, but got 0",
+                "Property password is missing.",
               ])
             })
         })
 
-        it('should show fail to sign in', () => {
-          cy.get('input[name="identifier"]').type('i-do-not-exist')
-          cy.get('input[name="password"]').type('invalid-password')
+        it("should show fail to sign in", () => {
+          cy.get('input[name="identifier"]').type("i-do-not-exist")
+          cy.get('input[name="password"]').type("invalid-password")
 
           cy.submitPasswordForm()
           cy.get('*[data-testid="ui/message/4000006"]').should(
-            'contain.text',
-            'credentials are invalid'
+            "contain.text",
+            "credentials are invalid",
           )
         })
       })
diff --git a/test/e2e/cypress/integration/profiles/email/login/success.spec.ts b/test/e2e/cypress/integration/profiles/email/login/success.spec.ts
index 4a8c5f846f6f..d3244366b63f 100644
--- a/test/e2e/cypress/integration/profiles/email/login/success.spec.ts
+++ b/test/e2e/cypress/integration/profiles/email/login/success.spec.ts
@@ -1,25 +1,25 @@
-import { APP_URL, appPrefix, gen, website } from '../../../../helpers'
-import { routes as express } from '../../../../helpers/express'
-import { routes as react } from '../../../../helpers/react'
+import { APP_URL, appPrefix, gen, website } from "../../../../helpers"
+import { routes as express } from "../../../../helpers/express"
+import { routes as react } from "../../../../helpers/react"
 
-describe('Basic email profile with succeeding login flows', () => {
+describe("Basic email profile with succeeding login flows", () => {
   const email = gen.email()
   const password = gen.password()
 
   before(() => {
-    cy.registerApi({ email, password, fields: { 'traits.website': website } })
+    cy.registerApi({ email, password, fields: { "traits.website": website } })
   })
   ;[
     {
       route: express.login,
-      app: 'express' as 'express',
-      profile: 'email'
+      app: "express" as "express",
+      profile: "email",
     },
     {
       route: react.login,
-      app: 'react' as 'react',
-      profile: 'spa'
-    }
+      app: "react" as "react",
+      profile: "spa",
+    },
   ].forEach(({ route, profile, app }) => {
     describe(`for app ${app}`, () => {
       before(() => {
@@ -32,57 +32,57 @@ describe('Basic email profile with succeeding login flows', () => {
         cy.visit(route)
       })
 
-      it('should sign in and be logged in', () => {
+      it("should sign in and be logged in", () => {
         cy.get(`${appPrefix(app)}input[name="identifier"]`).type(email)
         cy.get('input[name="password"]').type(password)
         cy.submitPasswordForm()
-        cy.location('pathname').should('not.contain', '/login')
+        cy.location("pathname").should("not.contain", "/login")
 
         cy.getSession().should((session) => {
           const { identity } = session
           expect(identity.id).to.not.be.empty
-          expect(identity.schema_id).to.equal('default')
+          expect(identity.schema_id).to.equal("default")
           expect(identity.schema_url).to.equal(`${APP_URL}/schemas/ZGVmYXVsdA`)
           expect(identity.traits.website).to.equal(website)
           expect(identity.traits.email).to.equal(email)
         })
       })
 
-      it('should sign in with case insensitive identifier surrounded by whitespace', () => {
+      it("should sign in with case insensitive identifier surrounded by whitespace", () => {
         cy.get('input[name="identifier"]').type(
-          '  ' + email.toUpperCase() + '  '
+          "  " + email.toUpperCase() + "  ",
         )
         cy.get('input[name="password"]').type(password)
         cy.submitPasswordForm()
-        cy.location('pathname').should('not.contain', '/login')
+        cy.location("pathname").should("not.contain", "/login")
 
         cy.getSession().should((session) => {
           const { identity } = session
           expect(identity.id).to.not.be.empty
-          expect(identity.schema_id).to.equal('default')
+          expect(identity.schema_id).to.equal("default")
           expect(identity.schema_url).to.equal(`${APP_URL}/schemas/ZGVmYXVsdA`)
           expect(identity.traits.website).to.equal(website)
           expect(identity.traits.email).to.equal(email)
         })
       })
 
-      it('should sign in and be redirected', () => {
+      it("should sign in and be redirected", () => {
         cy.browserReturnUrlOry()
-        cy.visit(route + '?return_to=https://www.example.org/')
+        cy.visit(route + "?return_to=https://www.example.org/")
 
         cy.get('input[name="identifier"]').type(email.toUpperCase())
         cy.get('input[name="password"]').type(password)
         cy.submitPasswordForm()
 
-        cy.url().should('eq', 'https://www.example.org/')
+        cy.url().should("eq", "https://www.example.org/")
       })
     })
   })
 
-  describe('for app express handle return_to correctly for expired flows', () => {
+  describe("for app express handle return_to correctly for expired flows", () => {
     before(() => {
-      cy.proxy('express')
-      cy.useConfigProfile('email')
+      cy.proxy("express")
+      cy.useConfigProfile("email")
 
       cy.browserReturnUrlOry()
     })
@@ -91,23 +91,23 @@ describe('Basic email profile with succeeding login flows', () => {
       cy.clearAllCookies()
     })
 
-    it('should redirect to return_to when retrying expired flow', () => {
+    it("should redirect to return_to when retrying expired flow", () => {
       cy.shortLoginLifespan()
       cy.wait(500)
 
-      cy.visit(express.login + '?return_to=https://www.example.org/')
+      cy.visit(express.login + "?return_to=https://www.example.org/")
 
       cy.longLoginLifespan()
 
-      cy.get(appPrefix('express') + 'input[name="identifier"]').type(
-        email.toUpperCase()
+      cy.get(appPrefix("express") + 'input[name="identifier"]').type(
+        email.toUpperCase(),
       )
       cy.get('input[name="password"]').type(password)
 
       cy.submitPasswordForm()
       cy.get('[data-testid="ui/message/4010001"]').should(
-        'contain.text',
-        'The login flow expired'
+        "contain.text",
+        "The login flow expired",
       )
 
       // try again with long lifespan set
@@ -116,7 +116,7 @@ describe('Basic email profile with succeeding login flows', () => {
       cy.submitPasswordForm()
 
       // check that redirection has happened
-      cy.url().should('eq', 'https://www.example.org/')
+      cy.url().should("eq", "https://www.example.org/")
     })
   })
 })
diff --git a/test/e2e/cypress/integration/profiles/email/login/ui.spec.ts b/test/e2e/cypress/integration/profiles/email/login/ui.spec.ts
index 883a7f9a28d9..b8293fc01889 100644
--- a/test/e2e/cypress/integration/profiles/email/login/ui.spec.ts
+++ b/test/e2e/cypress/integration/profiles/email/login/ui.spec.ts
@@ -1,19 +1,19 @@
-import { routes as express } from '../../../../helpers/express'
-import { routes as react } from '../../../../helpers/react'
-import { appPrefix } from '../../../../helpers'
+import { routes as express } from "../../../../helpers/express"
+import { routes as react } from "../../../../helpers/react"
+import { appPrefix } from "../../../../helpers"
 
-context('UI tests using the email profile', () => {
+context("UI tests using the email profile", () => {
   ;[
     {
       route: express.login,
-      app: 'express' as 'express',
-      profile: 'email'
+      app: "express" as "express",
+      profile: "email",
     },
     {
       route: react.login,
-      app: 'react' as 'react',
-      profile: 'spa'
-    }
+      app: "react" as "react",
+      profile: "spa",
+    },
   ].forEach(({ route, profile, app }) => {
     describe(`for app ${app}`, () => {
       before(() => {
@@ -25,22 +25,22 @@ context('UI tests using the email profile', () => {
         cy.visit(route)
       })
 
-      it('should use the json schema titles', () => {
+      it("should use the json schema titles", () => {
         cy.get(`${appPrefix(app)}input[name="identifier"]`)
           .parent()
-          .should('contain.text', 'ID')
+          .should("contain.text", "ID")
         cy.get('input[name="password"]')
           .parent()
-          .should('contain.text', 'Password')
-        cy.get('button[value="password"]').should('contain.text', 'Sign in')
+          .should("contain.text", "Password")
+        cy.get('button[value="password"]').should("contain.text", "Sign in")
       })
 
-      it('clicks the log in link', () => {
+      it("clicks the log in link", () => {
         cy.get('a[href*="registration"]').click()
-        cy.location('pathname').should('include', 'registration')
+        cy.location("pathname").should("include", "registration")
 
-        if (app === 'express') {
-          cy.location('search').should('not.be.empty')
+        if (app === "express") {
+          cy.location("search").should("not.be.empty")
         }
       })
     })
diff --git a/test/e2e/cypress/integration/profiles/email/logout/success.spec.ts b/test/e2e/cypress/integration/profiles/email/logout/success.spec.ts
index 03c3a3ecb85b..946301f9941f 100644
--- a/test/e2e/cypress/integration/profiles/email/logout/success.spec.ts
+++ b/test/e2e/cypress/integration/profiles/email/logout/success.spec.ts
@@ -1,19 +1,19 @@
-import { appPrefix, gen, website } from '../../../../helpers'
-import { routes as express } from '../../../../helpers/express'
-import { routes as react } from '../../../../helpers/react'
+import { appPrefix, gen, website } from "../../../../helpers"
+import { routes as express } from "../../../../helpers/express"
+import { routes as react } from "../../../../helpers/react"
 
-context('Testing logout flows', () => {
+context("Testing logout flows", () => {
   ;[
     {
       route: express.login,
-      app: 'express' as 'express',
-      profile: 'email'
+      app: "express" as "express",
+      profile: "email",
     },
     {
       route: react.login,
-      app: 'react' as 'react',
-      profile: 'spa'
-    }
+      app: "react" as "react",
+      profile: "spa",
+    },
   ].forEach(({ route, profile, app }) => {
     describe(`for app ${app}`, () => {
       const email = gen.email()
@@ -26,7 +26,7 @@ context('Testing logout flows', () => {
         cy.registerApi({
           email,
           password,
-          fields: { 'traits.website': website }
+          fields: { "traits.website": website },
         })
       })
 
@@ -36,15 +36,15 @@ context('Testing logout flows', () => {
         cy.visit(route)
       })
 
-      it('should sign out and be able to sign in again', () => {
+      it("should sign out and be able to sign in again", () => {
         cy.getSession()
-        cy.getCookie('ory_kratos_session').should('not.be.null')
+        cy.getCookie("ory_kratos_session").should("not.be.null")
         cy.get(
-          `${appPrefix(app)} [data-testid="logout"]:not(.disabled)`
+          `${appPrefix(app)} [data-testid="logout"]:not(.disabled)`,
         ).click()
         cy.noSession()
-        cy.url().should('include', '/login')
-        cy.getCookie('ory_kratos_session').should('be.null')
+        cy.url().should("include", "/login")
+        cy.getCookie("ory_kratos_session").should("be.null")
       })
     })
   })
diff --git a/test/e2e/cypress/integration/profiles/email/registration/errors.spec.ts b/test/e2e/cypress/integration/profiles/email/registration/errors.spec.ts
index 5be1bac5aafb..9c6559c5dc42 100644
--- a/test/e2e/cypress/integration/profiles/email/registration/errors.spec.ts
+++ b/test/e2e/cypress/integration/profiles/email/registration/errors.spec.ts
@@ -1,19 +1,19 @@
-import { appPrefix, gen } from '../../../../helpers'
-import { routes as express } from '../../../../helpers/express'
-import { routes as react } from '../../../../helpers/react'
+import { appPrefix, gen } from "../../../../helpers"
+import { routes as express } from "../../../../helpers/express"
+import { routes as react } from "../../../../helpers/react"
 
-describe('Registration failures with email profile', () => {
+describe("Registration failures with email profile", () => {
   ;[
     {
       route: express.registration,
-      app: 'express' as 'express',
-      profile: 'email'
+      app: "express" as "express",
+      profile: "email",
     },
     {
       route: react.registration,
-      app: 'react' as 'react',
-      profile: 'spa'
-    }
+      app: "react" as "react",
+      profile: "spa",
+    },
   ].forEach(({ route, profile, app }) => {
     describe(`for app ${app}`, () => {
       before(() => {
@@ -28,146 +28,146 @@ describe('Registration failures with email profile', () => {
       const identity = gen.email()
       const password = gen.password()
 
-      it('fails when CSRF cookies are missing', () => {
+      it("fails when CSRF cookies are missing", () => {
         cy.get(`${appPrefix(app)}input[name="traits.website"]`).type(
-          'https://www.ory.sh'
+          "https://www.ory.sh",
         )
         cy.get('input[name="traits.email"]')
           .type(identity)
-          .should('have.value', identity)
+          .should("have.value", identity)
         cy.get('input[name="password"]')
-          .type('12345678')
-          .should('have.value', '12345678')
+          .type("12345678")
+          .should("have.value", "12345678")
 
         cy.shouldHaveCsrfError({ app })
       })
 
-      it('fails when a disallowed return_to url is requested', () => {
+      it("fails when a disallowed return_to url is requested", () => {
         cy.shouldErrorOnDisallowedReturnTo(
-          route + '?return_to=https://not-allowed',
-          { app }
+          route + "?return_to=https://not-allowed",
+          { app },
         )
       })
 
-      describe('show errors when invalid signup data is used', () => {
-        it('should show an error when the password has leaked before', () => {
-          cy.get('input[name="traits.website"]').type('https://www.ory.sh')
+      describe("show errors when invalid signup data is used", () => {
+        it("should show an error when the password has leaked before", () => {
+          cy.get('input[name="traits.website"]').type("https://www.ory.sh")
           cy.get('input[name="traits.email"]')
             .type(identity)
-            .should('have.value', identity)
+            .should("have.value", identity)
           cy.get('input[name="password"]')
-            .type('12345678')
-            .should('have.value', '12345678')
+            .type("12345678")
+            .should("have.value", "12345678")
 
           cy.submitPasswordForm()
           cy.get('*[data-testid^="ui/message"]').should(
-            'contain.text',
-            'data breaches'
+            "contain.text",
+            "data breaches",
           )
         })
 
-        it('should show an error when the password is too similar', () => {
-          cy.get('input[name="traits.website"]').type('https://www.ory.sh')
+        it("should show an error when the password is too similar", () => {
+          cy.get('input[name="traits.website"]').type("https://www.ory.sh")
           cy.get('input[name="traits.email"]').type(identity)
           cy.get('input[name="password"]').type(identity)
 
           cy.submitPasswordForm()
           cy.get('*[data-testid^="ui/message"]').should(
-            'contain.text',
-            'too similar'
+            "contain.text",
+            "too similar",
           )
         })
 
-        it('should show an error when the password is empty', () => {
-          cy.get('input[name="traits.website"]').type('https://www.ory.sh')
+        it("should show an error when the password is empty", () => {
+          cy.get('input[name="traits.website"]').type("https://www.ory.sh")
           cy.get('input[name="traits.email"]').type(identity)
 
           cy.submitPasswordForm()
           cy.get('*[data-testid^="ui/message/"]')
-            .invoke('text')
+            .invoke("text")
             .then((text) => {
               expect(text).to.be.oneOf([
-                'length must be >= 1, but got 0',
-                'Property password is missing.'
+                "length must be >= 1, but got 0",
+                "Property password is missing.",
               ])
             })
         })
 
-        it('should show an error when the email is empty', () => {
-          cy.get('input[name="traits.website"]').type('https://www.ory.sh')
+        it("should show an error when the email is empty", () => {
+          cy.get('input[name="traits.website"]').type("https://www.ory.sh")
           cy.get('input[name="password"]').type(password)
 
           cy.submitPasswordForm()
           cy.get('*[data-testid^="ui/message/"]')
-            .invoke('text')
+            .invoke("text")
             .then((text) => {
               expect(text).to.be.oneOf([
                 '"" is not valid "email"length must be >= 3, but got 0',
-                'Property email is missing.'
+                "Property email is missing.",
               ])
             })
         })
 
-        it('should show an error when the email is not an email', () => {
-          cy.get('input[name="traits.website"]').type('https://www.ory.sh')
-          cy.get('input[name="password"]').type('not-an-email')
+        it("should show an error when the email is not an email", () => {
+          cy.get('input[name="traits.website"]').type("https://www.ory.sh")
+          cy.get('input[name="password"]').type("not-an-email")
 
           cy.submitPasswordForm()
           cy.get(
-            '*[data-testid="ui/message/4000001"], *[data-testid="ui/message/4000002"]'
-          ).should('exist')
+            '*[data-testid="ui/message/4000001"], *[data-testid="ui/message/4000002"]',
+          ).should("exist")
         })
 
-        it('should show a missing indicator if no fields are set', () => {
+        it("should show a missing indicator if no fields are set", () => {
           cy.submitPasswordForm()
           cy.get(
-            '*[data-testid="ui/message/4000001"], *[data-testid="ui/message/4000002"]'
-          ).should('exist')
+            '*[data-testid="ui/message/4000001"], *[data-testid="ui/message/4000002"]',
+          ).should("exist")
         })
 
-        it('should show an error when the website is not a valid URI', () => {
+        it("should show an error when the website is not a valid URI", () => {
           cy.get('input[name="traits.website"]')
-            .type('1234')
+            .type("1234")
             .then(($input) => {
               expect(
-                ($input[0] as HTMLInputElement).validationMessage
-              ).to.contain('URL')
+                ($input[0] as HTMLInputElement).validationMessage,
+              ).to.contain("URL")
             })
         })
 
-        it('should show an error when the website is too short', () => {
-          cy.get('input[name="traits.website"]').type('http://s')
+        it("should show an error when the website is too short", () => {
+          cy.get('input[name="traits.website"]').type("http://s")
 
           cy.submitPasswordForm()
           cy.get('*[data-testid^="ui/message"]').should(
-            'contain.text',
-            'length must be >= 10'
+            "contain.text",
+            "length must be >= 10",
           )
         })
 
-        it('should show an error when required params are missing', () => {
+        it("should show an error when required params are missing", () => {
           cy.submitPasswordForm()
           cy.get('*[data-testid^="ui/message"]').should(
-            'contain.text',
-            'Property website is missing.'
+            "contain.text",
+            "Property website is missing.",
           )
           cy.get('*[data-testid^="ui/message"]').should(
-            'contain.text',
-            'Property email is missing.'
+            "contain.text",
+            "Property email is missing.",
           )
           cy.get('*[data-testid^="ui/message"]').should(
-            'contain.text',
-            'Property password is missing.'
+            "contain.text",
+            "Property password is missing.",
           )
         })
 
-        it('should show an error when the age is too high', () => {
-          cy.get('input[name="traits.age"]').type('600')
+        it("should show an error when the age is too high", () => {
+          cy.get('input[name="traits.age"]').type("600")
 
           cy.submitPasswordForm()
           cy.get('*[data-testid^="ui/message"]').should(
-            'contain.text',
-            'must be <= 300 but found 600'
+            "contain.text",
+            "must be <= 300 but found 600",
           )
         })
       })
diff --git a/test/e2e/cypress/integration/profiles/email/registration/success.spec.ts b/test/e2e/cypress/integration/profiles/email/registration/success.spec.ts
index 725c41b08b30..3e645593c2b8 100644
--- a/test/e2e/cypress/integration/profiles/email/registration/success.spec.ts
+++ b/test/e2e/cypress/integration/profiles/email/registration/success.spec.ts
@@ -1,19 +1,19 @@
-import { APP_URL, appPrefix, gen } from '../../../../helpers'
-import { routes as express } from '../../../../helpers/express'
-import { routes as react } from '../../../../helpers/react'
+import { APP_URL, appPrefix, gen } from "../../../../helpers"
+import { routes as express } from "../../../../helpers/express"
+import { routes as react } from "../../../../helpers/react"
 
-context('Registration success with email profile', () => {
+context("Registration success with email profile", () => {
   ;[
     {
       route: express.registration,
-      app: 'express' as 'express',
-      profile: 'email'
+      app: "express" as "express",
+      profile: "email",
     },
     {
       route: react.registration,
-      app: 'react' as 'react',
-      profile: 'spa'
-    }
+      app: "react" as "react",
+      profile: "spa",
+    },
   ].forEach(({ route, profile, app }) => {
     describe(`for app ${app}`, () => {
       before(() => {
@@ -26,13 +26,13 @@ context('Registration success with email profile', () => {
         cy.visit(route)
       })
 
-      it('should sign up and be logged in', () => {
+      it("should sign up and be logged in", () => {
         const email = gen.email()
         const password = gen.password()
-        const website = 'https://www.example.org/'
+        const website = "https://www.example.org/"
         const age = 30
 
-        cy.get(appPrefix(app) + 'input[name="traits"]').should('not.exist')
+        cy.get(appPrefix(app) + 'input[name="traits"]').should("not.exist")
         cy.get('input[name="traits.email"]').type(email)
         cy.get('input[name="password"]').type(password)
         cy.get('input[name="traits.website').type(website)
@@ -40,13 +40,13 @@ context('Registration success with email profile', () => {
         cy.get('[type="checkbox"][name="traits.tos"]').click({ force: true })
 
         cy.submitPasswordForm()
-        cy.get('pre').should('contain.text', email)
+        cy.get("pre").should("contain.text", email)
 
         cy.getSession().should((session) => {
           const { identity } = session
           expect(identity.id).to.not.be.empty
           expect(identity.verifiable_addresses).to.have.length(1)
-          expect(identity.schema_id).to.equal('default')
+          expect(identity.schema_id).to.equal("default")
           expect(identity.schema_url).to.equal(`${APP_URL}/schemas/ZGVmYXVsdA`)
           expect(identity.traits.website).to.equal(website)
           expect(identity.traits.email).to.equal(email)
@@ -55,24 +55,24 @@ context('Registration success with email profile', () => {
         })
       })
 
-      it('should sign up with advanced form field values be logged in', () => {
+      it("should sign up with advanced form field values be logged in", () => {
         const email = gen.email()
         const password = gen.password()
 
-        cy.get('input[name="traits"]').should('not.exist')
+        cy.get('input[name="traits"]').should("not.exist")
         cy.get('input[name="traits.email"]').type(email)
         cy.get('input[name="password"]').type(password)
-        const website = 'https://www.example.org/'
+        const website = "https://www.example.org/"
         cy.get('input[name="traits.website"]').type(website)
 
         cy.submitPasswordForm()
-        cy.get('pre').should('contain.text', email)
+        cy.get("pre").should("contain.text", email)
 
         cy.getSession().should((session) => {
           const { identity } = session
           expect(identity.id).to.not.be.empty
           expect(identity.verifiable_addresses).to.have.length(1)
-          expect(identity.schema_id).to.equal('default')
+          expect(identity.schema_id).to.equal("default")
           expect(identity.schema_url).to.equal(`${APP_URL}/schemas/ZGVmYXVsdA`)
           expect(identity.traits.website).to.equal(website)
           expect(identity.traits.email).to.equal(email)
@@ -81,39 +81,39 @@ context('Registration success with email profile', () => {
         })
       })
 
-      it('should sign up and be redirected', () => {
+      it("should sign up and be redirected", () => {
         cy.browserReturnUrlOry()
-        cy.visit(route + '?return_to=https://www.example.org/')
+        cy.visit(route + "?return_to=https://www.example.org/")
 
         const email = gen.email()
         const password = gen.password()
-        const website = 'https://www.example.org/'
+        const website = "https://www.example.org/"
 
-        cy.get('input[name="traits"]').should('not.exist')
+        cy.get('input[name="traits"]').should("not.exist")
         cy.get('input[name="traits.email"]').type(email)
         cy.get('input[name="traits.website').type(website)
         cy.get('input[name="password"]').type(password)
         cy.submitPasswordForm()
-        cy.url().should('eq', 'https://www.example.org/')
+        cy.url().should("eq", "https://www.example.org/")
       })
     })
   })
 
-  describe('redirect for express app', () => {
-    it('should redirect to return_to after flow expires', () => {
+  describe("redirect for express app", () => {
+    it("should redirect to return_to after flow expires", () => {
       // Wait for flow to expire
-      cy.useConfigProfile('email')
+      cy.useConfigProfile("email")
       cy.shortRegisterLifespan()
       cy.browserReturnUrlOry()
-      cy.proxy('express')
-      cy.visit(express.registration + '?return_to=https://www.example.org/')
+      cy.proxy("express")
+      cy.visit(express.registration + "?return_to=https://www.example.org/")
       cy.wait(105)
 
       const email = gen.email()
       const password = gen.password()
-      const website = 'https://www.example.org/'
+      const website = "https://www.example.org/"
 
-      cy.get(appPrefix('express') + 'input[name="traits"]').should('not.exist')
+      cy.get(appPrefix("express") + 'input[name="traits"]').should("not.exist")
       cy.get('input[name="traits.email"]').type(email)
       cy.get('input[name="traits.website').type(website)
       cy.get('input[name="password"]').type(password)
@@ -122,18 +122,18 @@ context('Registration success with email profile', () => {
       cy.submitPasswordForm()
 
       cy.get('*[data-testid^="ui/message/"]').should(
-        'contain.text',
-        'The registration flow expired'
+        "contain.text",
+        "The registration flow expired",
       )
 
       // Try again with long lifespan set
-      cy.get('input[name="traits"]').should('not.exist')
+      cy.get('input[name="traits"]').should("not.exist")
       cy.get('input[name="traits.email"]').type(email)
       cy.get('input[name="traits.website').type(website)
       cy.get('input[name="password"]').type(password)
       cy.submitPasswordForm()
 
-      cy.url().should('eq', 'https://www.example.org/')
+      cy.url().should("eq", "https://www.example.org/")
     })
   })
 })
diff --git a/test/e2e/cypress/integration/profiles/email/registration/ui.spec.ts b/test/e2e/cypress/integration/profiles/email/registration/ui.spec.ts
index 6ddb33286994..122adfc974bc 100644
--- a/test/e2e/cypress/integration/profiles/email/registration/ui.spec.ts
+++ b/test/e2e/cypress/integration/profiles/email/registration/ui.spec.ts
@@ -1,19 +1,19 @@
-import { routes as express } from '../../../../helpers/express'
-import { routes as react } from '../../../../helpers/react'
-import { appPrefix } from '../../../../helpers'
+import { routes as express } from "../../../../helpers/express"
+import { routes as react } from "../../../../helpers/react"
+import { appPrefix } from "../../../../helpers"
 
-describe('Registration UI for email flows', () => {
+describe("Registration UI for email flows", () => {
   ;[
     {
       route: express.registration,
-      app: 'express' as 'express',
-      profile: 'email'
+      app: "express" as "express",
+      profile: "email",
     },
     {
       route: react.registration,
-      app: 'react' as 'react',
-      profile: 'spa'
-    }
+      app: "react" as "react",
+      profile: "spa",
+    },
   ].forEach(({ route, profile, app }) => {
     describe(`for app ${app}`, () => {
       before(() => {
@@ -25,22 +25,22 @@ describe('Registration UI for email flows', () => {
         cy.visit(route)
       })
 
-      describe('use ui elements', () => {
-        it('should use the json schema titles', () => {
+      describe("use ui elements", () => {
+        it("should use the json schema titles", () => {
           cy.get(appPrefix(app) + 'input[name="traits.email"]')
             .parent()
-            .should('contain.text', 'Your E-Mail')
+            .should("contain.text", "Your E-Mail")
           cy.get('input[name="traits.website"]')
             .parent()
-            .should('contain.text', 'Your website')
-          cy.get('button[value="password"]').should('contain.text', 'Sign up')
+            .should("contain.text", "Your website")
+          cy.get('button[value="password"]').should("contain.text", "Sign up")
         })
 
-        it('clicks the log in link', () => {
+        it("clicks the log in link", () => {
           cy.get('*[data-testid="cta-link"]').click()
-          cy.location('pathname').should('include', '/login')
-          if (app === 'express') {
-            cy.location('search').should('not.be.empty')
+          cy.location("pathname").should("include", "/login")
+          if (app === "express") {
+            cy.location("search").should("not.be.empty")
           }
         })
       })
diff --git a/test/e2e/cypress/integration/profiles/email/settings/errors.spec.ts b/test/e2e/cypress/integration/profiles/email/settings/errors.spec.ts
index b0cc0815ce2f..68880c25eb4f 100644
--- a/test/e2e/cypress/integration/profiles/email/settings/errors.spec.ts
+++ b/test/e2e/cypress/integration/profiles/email/settings/errors.spec.ts
@@ -1,21 +1,21 @@
-import { appPrefix, gen, website } from '../../../../helpers'
-import { routes as react } from '../../../../helpers/react'
-import { routes as express } from '../../../../helpers/express'
+import { appPrefix, gen, website } from "../../../../helpers"
+import { routes as react } from "../../../../helpers/react"
+import { routes as express } from "../../../../helpers/express"
 
-context('Settings failures with email profile', () => {
+context("Settings failures with email profile", () => {
   ;[
     {
       route: express.settings,
       base: express.base,
-      app: 'express' as 'express',
-      profile: 'email'
+      app: "express" as "express",
+      profile: "email",
     },
     {
       route: react.settings,
       base: react.base,
-      app: 'react' as 'react',
-      profile: 'spa'
-    }
+      app: "react" as "react",
+      profile: "spa",
+    },
   ].forEach(({ route, profile, app, base }) => {
     describe(`for app ${app}`, () => {
       let email = gen.email()
@@ -32,12 +32,12 @@ context('Settings failures with email profile', () => {
         cy.registerApi({
           email: emailSecond,
           password: passwordSecond,
-          fields: { 'traits.website': 'https://github.com/ory/kratos' }
+          fields: { "traits.website": "https://github.com/ory/kratos" },
         })
         cy.registerApi({
           email,
           password,
-          fields: { 'traits.website': website }
+          fields: { "traits.website": website },
         })
       })
 
@@ -51,21 +51,21 @@ context('Settings failures with email profile', () => {
         cy.visit(route)
       })
 
-      describe('profile', () => {
+      describe("profile", () => {
         beforeEach(() => {
           cy.visit(route)
         })
 
-        it('fails with validation errors', () => {
-          cy.get('input[name="traits.website"]').clear().type('http://s')
+        it("fails with validation errors", () => {
+          cy.get('input[name="traits.website"]').clear().type("http://s")
           cy.get('[name="method"][value="profile"]').click()
           cy.get('[data-testid^="ui/message"]').should(
-            'contain.text',
-            'length must be >= 10'
+            "contain.text",
+            "length must be >= 10",
           )
         })
 
-        it('fails because reauth is another person', () => {
+        it("fails because reauth is another person", () => {
           // Force this because it is hidden
           cy.get('input[name="traits.email"]').clear().type(up(email))
           cy.shortPrivilegedSessionTime()
@@ -76,14 +76,14 @@ context('Settings failures with email profile', () => {
             cy.reauthWithOtherAccount({
               previousUrl: loc.toString(),
               expect: { email },
-              type: { email: emailSecond, password: passwordSecond }
+              type: { email: emailSecond, password: passwordSecond },
             })
 
-            cy.location('pathname').should('contain', '/settings')
+            cy.location("pathname").should("contain", "/settings")
           })
 
           // We end up in a new settings flow for the second user
-          cy.get('input[name="traits.email"]').should('have.value', emailSecond)
+          cy.get('input[name="traits.email"]').should("have.value", emailSecond)
 
           // Try to log in with updated credentials -> should fail
           cy.clearAllCookies()
@@ -91,11 +91,11 @@ context('Settings failures with email profile', () => {
             email: up(email),
             password,
             expectSession: false,
-            cookieUrl: base
+            cookieUrl: base,
           })
         })
 
-        it('does not update data because resumable session was removed', () => {
+        it("does not update data because resumable session was removed", () => {
           cy.get('input[name="traits.email"]').clear().type(up(email))
           cy.shortPrivilegedSessionTime()
           cy.get('button[value="profile"]').click()
@@ -109,7 +109,7 @@ context('Settings failures with email profile', () => {
           })
         })
 
-        it('does not update without re-auth', () => {
+        it("does not update without re-auth", () => {
           cy.get('input[name="traits.email"]').clear().type(up(email))
           cy.shortPrivilegedSessionTime() // wait for the privileged session to time out
           cy.get('button[value="profile"]').click()
@@ -122,17 +122,17 @@ context('Settings failures with email profile', () => {
           })
         })
 
-        it('does not resume another failed request', () => {
+        it("does not resume another failed request", () => {
           // checks here that we're checking settingsRequest.id == cookie.stored.id
           cy.get('input[name="traits.email"]').clear().type(up(email))
           cy.shortPrivilegedSessionTime() // wait for the privileged session to time out
           cy.get('button[value="profile"]').click()
-          cy.location('pathname').should('not.contain', '/settings')
+          cy.location("pathname").should("not.contain", "/settings")
 
           cy.visit(route)
           cy.get('input[name="traits.website"]')
             .clear()
-            .type('http://github.com/aeneasr')
+            .type("http://github.com/aeneasr")
           cy.get('button[value="profile"]').click()
           cy.expectSettingsSaved()
 
@@ -140,13 +140,13 @@ context('Settings failures with email profile', () => {
             const { identity } = session
             expect(identity.traits.email).to.equal(email) // this is NOT up(email)
             expect(identity.traits.website).to.equal(
-              'http://github.com/aeneasr'
+              "http://github.com/aeneasr",
             ) // this is NOT up(email)
           })
         })
       })
 
-      describe('password', () => {
+      describe("password", () => {
         beforeEach(() => {
           cy.longPrivilegedSessionTime()
         })
@@ -155,16 +155,16 @@ context('Settings failures with email profile', () => {
           cy.longPrivilegedSessionTime()
         })
 
-        it('fails if password policy is violated', () => {
-          cy.get('input[name="password"]').clear().type('12345678')
+        it("fails if password policy is violated", () => {
+          cy.get('input[name="password"]').clear().type("12345678")
           cy.get('button[value="password"]').click()
           cy.get('*[data-testid^="ui/message"]').should(
-            'contain.text',
-            'data breaches'
+            "contain.text",
+            "data breaches",
           )
         })
 
-        it('fails because reauth is another person', () => {
+        it("fails because reauth is another person", () => {
           cy.shortPrivilegedSessionTime() // wait for the privileged session to time out
           cy.get('input[name="password"]').clear().type(up(password))
 
@@ -179,10 +179,10 @@ context('Settings failures with email profile', () => {
             cy.reauthWithOtherAccount({
               previousUrl: loc.toString(),
               expect: { email },
-              type: { email: emailSecond, password: passwordSecond }
+              type: { email: emailSecond, password: passwordSecond },
             })
 
-            cy.location('pathname').should('contain', '/settings')
+            cy.location("pathname").should("contain", "/settings")
           })
 
           // We want to ensure that the reauth session is completely different from the one we had in the first place.
@@ -192,12 +192,12 @@ context('Settings failures with email profile', () => {
             expect(session.id).to.not.eq(firstSession.id)
             expect(session.identity.id).to.not.eq(firstSession.identity.id)
             expect(session.authenticated_at).to.not.eq(
-              firstSession.authenticated_at
+              firstSession.authenticated_at,
             )
           })
 
           // We end up in a new settings flow for the second user
-          cy.get('input[name="traits.email"]').should('have.value', emailSecond)
+          cy.get('input[name="traits.email"]').should("have.value", emailSecond)
 
           // Try to log in with updated credentials -> should fail
           cy.clearAllCookies()
@@ -205,11 +205,11 @@ context('Settings failures with email profile', () => {
             email,
             password: up(password),
             expectSession: false,
-            cookieUrl: base
+            cookieUrl: base,
           })
         })
 
-        it('does not update without re-auth', () => {
+        it("does not update without re-auth", () => {
           cy.get('input[name="password"]').clear().type(up(password))
           cy.shortPrivilegedSessionTime() // wait for the privileged session to time out
           cy.get('button[value="password"]').click()
@@ -220,11 +220,11 @@ context('Settings failures with email profile', () => {
             email,
             password: up(password),
             expectSession: false,
-            cookieUrl: base
+            cookieUrl: base,
           })
         })
 
-        it('does not update data because resumable session was removed', () => {
+        it("does not update data because resumable session was removed", () => {
           cy.get('input[name="password"]').clear().type(up(password))
           cy.shortPrivilegedSessionTime() // wait for the privileged session to time out
           cy.get('button[value="password"]').click()
@@ -236,38 +236,38 @@ context('Settings failures with email profile', () => {
             email,
             password: up(password),
             expectSession: false,
-            cookieUrl: base
+            cookieUrl: base,
           })
         })
 
-        it('does not resume another queued request', () => {
+        it("does not resume another queued request", () => {
           const email = gen.email()
           const password = gen.password()
           cy.clearAllCookies()
           cy.register({
             email,
             password,
-            fields: { 'traits.website': website }
+            fields: { "traits.website": website },
           })
           cy.visit(route)
 
           // checks here that we're checking settingsRequest.id == cookie.stored.id
-          const invalidPassword = 'invalid-' + gen.password()
+          const invalidPassword = "invalid-" + gen.password()
           cy.get('input[name="password"]').clear().type(invalidPassword)
           cy.shortPrivilegedSessionTime() // wait for the privileged session to time out
           cy.get('button[value="password"]').click()
-          cy.location('pathname').should('include', '/login')
+          cy.location("pathname").should("include", "/login")
 
-          const validPassword = 'valid-' + gen.password()
+          const validPassword = "valid-" + gen.password()
           cy.visit(route)
           cy.get('input[name="password"]').clear().type(validPassword)
           cy.get('button[value="password"]').click()
 
-          cy.location('pathname').should('include', '/login')
+          cy.location("pathname").should("include", "/login")
           cy.reauth({ expect: { email }, type: { password: password } })
 
-          cy.location('pathname').should('include', '/settings')
-          cy.get('input[name="password"]').should('exist')
+          cy.location("pathname").should("include", "/settings")
+          cy.get('input[name="password"]').should("exist")
 
           // This should pass because it is the correct password
           cy.clearAllCookies()
@@ -279,7 +279,7 @@ context('Settings failures with email profile', () => {
             email,
             password: invalidPassword,
             expectSession: false,
-            cookieUrl: base
+            cookieUrl: base,
           })
 
           cy.clearAllCookies()
@@ -287,21 +287,21 @@ context('Settings failures with email profile', () => {
             email,
             password: password,
             expectSession: false,
-            cookieUrl: base
+            cookieUrl: base,
           })
         })
       })
 
-      describe('global errors', () => {
-        it('fails when CSRF is incorrect', () => {
-          cy.get(appPrefix(app) + 'input[name="password"]').type('12345678')
+      describe("global errors", () => {
+        it("fails when CSRF is incorrect", () => {
+          cy.get(appPrefix(app) + 'input[name="password"]').type("12345678")
           cy.shouldHaveCsrfError({ app })
         })
 
-        it('fails when a disallowed return_to url is requested', () => {
+        it("fails when a disallowed return_to url is requested", () => {
           cy.shouldErrorOnDisallowedReturnTo(
-            route + '?return_to=https://not-allowed',
-            { app }
+            route + "?return_to=https://not-allowed",
+            { app },
           )
         })
       })
diff --git a/test/e2e/cypress/integration/profiles/email/settings/success.spec.ts b/test/e2e/cypress/integration/profiles/email/settings/success.spec.ts
index df55207f0e7a..183279abbb9e 100644
--- a/test/e2e/cypress/integration/profiles/email/settings/success.spec.ts
+++ b/test/e2e/cypress/integration/profiles/email/settings/success.spec.ts
@@ -1,37 +1,37 @@
-import { APP_URL, appPrefix, gen, website } from '../../../../helpers'
-import { routes as express } from '../../../../helpers/express'
-import { routes as react } from '../../../../helpers/react'
+import { APP_URL, appPrefix, gen, website } from "../../../../helpers"
+import { routes as express } from "../../../../helpers/express"
+import { routes as react } from "../../../../helpers/react"
 
-context('Settings success with email profile', () => {
+context("Settings success with email profile", () => {
   ;[
     {
       route: express.settings,
       base: express.base,
-      app: 'express' as 'express',
-      profile: 'email',
-      login: express.login
+      app: "express" as "express",
+      profile: "email",
+      login: express.login,
     },
     {
       route: react.settings,
       base: react.base,
-      app: 'react' as 'react',
-      profile: 'spa',
-      login: react.login
-    }
+      app: "react" as "react",
+      profile: "spa",
+      login: react.login,
+    },
   ].forEach(({ route, profile, app, base, login }) => {
     describe(`for app ${app}`, () => {
       let email = gen.email()
       let password = gen.password()
 
       const up = (value) => `not-${value}`
-      const down = (value) => value.replace(/not-/, '')
+      const down = (value) => value.replace(/not-/, "")
 
       before(() => {
         cy.useConfigProfile(profile)
         cy.registerApi({
           email,
           password,
-          fields: { 'traits.website': website }
+          fields: { "traits.website": website },
         })
         cy.proxy(app)
       })
@@ -42,33 +42,33 @@ context('Settings success with email profile', () => {
         cy.visit(route)
       })
 
-      it('shows all settings forms', () => {
-        cy.get(appPrefix(app) + 'h3').should('contain.text', 'Profile')
-        cy.get('input[name="traits.email"]').should('contain.value', email)
-        cy.get('input[name="traits.website"]').should('contain.value', website)
+      it("shows all settings forms", () => {
+        cy.get(appPrefix(app) + "h3").should("contain.text", "Profile")
+        cy.get('input[name="traits.email"]').should("contain.value", email)
+        cy.get('input[name="traits.website"]').should("contain.value", website)
 
-        cy.get('h3').should('contain.text', 'Password')
-        cy.get('input[name="password"]').should('be.empty')
+        cy.get("h3").should("contain.text", "Password")
+        cy.get('input[name="password"]').should("be.empty")
       })
 
-      describe('password', () => {
-        it('modifies the password with privileged session', () => {
+      describe("password", () => {
+        it("modifies the password with privileged session", () => {
           // Once input weak password to test which error message is cleared after updating successfully
-          cy.get('input[name="password"]').clear().type('123')
+          cy.get('input[name="password"]').clear().type("123")
           cy.get('button[value="password"]').click()
-          cy.get('[data-testid="ui/message/1050001"]').should('not.exist')
-          cy.get('[data-testid="ui/message/4000005"]').should('exist')
-          cy.get('input[name="password"]').should('be.empty')
+          cy.get('[data-testid="ui/message/1050001"]').should("not.exist")
+          cy.get('[data-testid="ui/message/4000005"]').should("exist")
+          cy.get('input[name="password"]').should("be.empty")
 
           password = up(password)
           cy.get('input[name="password"]').clear().type(password)
           cy.get('button[value="password"]').click()
           cy.expectSettingsSaved()
-          cy.get('[data-testid="ui/message/4000005"]').should('not.exist')
-          cy.get('input[name="password"]').should('be.empty')
+          cy.get('[data-testid="ui/message/4000005"]').should("not.exist")
+          cy.get('input[name="password"]').should("be.empty")
         })
 
-        it('is unable to log in with the old password', () => {
+        it("is unable to log in with the old password", () => {
           cy.visit(base)
           cy.clearAllCookies()
           cy.visit(login)
@@ -76,11 +76,11 @@ context('Settings success with email profile', () => {
             email: email,
             password: down(password),
             expectSession: false,
-            cookieUrl: base
+            cookieUrl: base,
           })
         })
 
-        it('modifies the password with an unprivileged session', () => {
+        it("modifies the password with an unprivileged session", () => {
           password = up(password)
           cy.get('input[name="password"]').clear().type(password)
           cy.shortPrivilegedSessionTime() // wait for the privileged session to time out
@@ -88,54 +88,54 @@ context('Settings success with email profile', () => {
 
           cy.reauth({ expect: { email }, type: { password: down(password) } })
 
-          cy.url().should('include', '/settings')
+          cy.url().should("include", "/settings")
           cy.expectSettingsSaved()
-          cy.get('input[name="password"]').should('be.empty')
+          cy.get('input[name="password"]').should("be.empty")
         })
       })
 
-      describe('profile', () => {
-        it('modifies an unprotected traits', () => {
+      describe("profile", () => {
+        it("modifies an unprotected traits", () => {
           cy.get('input[name="traits.website"]')
             .clear()
-            .type('https://github.com/ory')
-          cy.get('input[name="traits.age"]').clear().type('30')
+            .type("https://github.com/ory")
+          cy.get('input[name="traits.age"]').clear().type("30")
           cy.get('input[type="checkbox"][name="traits.tos"]').click({
-            force: true
+            force: true,
           })
           cy.submitProfileForm()
           cy.expectSettingsSaved()
 
           cy.get('input[name="traits.website"]').should(
-            'contain.value',
-            'https://github.com/ory'
+            "contain.value",
+            "https://github.com/ory",
           )
           cy.get('input[type="checkbox"][name="traits.tos"]')
-            .should('be.checked')
+            .should("be.checked")
             .click({ force: true })
           cy.get('input[name="traits.age"]')
-            .should('have.value', '30')
+            .should("have.value", "30")
             .clear()
-            .type('90')
+            .type("90")
 
           cy.submitProfileForm()
           cy.expectSettingsSaved()
 
           cy.get('input[type="checkbox"][name="traits.tos"]').should(
-            'not.be.checked'
+            "not.be.checked",
           )
-          cy.get('input[name="traits.age"]').should('have.value', '90')
+          cy.get('input[name="traits.age"]').should("have.value", "90")
         })
 
-        it('modifies a protected trait with privileged session', () => {
+        it("modifies a protected trait with privileged session", () => {
           email = up(email)
           cy.get('input[name="traits.email"]').clear().type(email)
           cy.get('button[value="profile"]').click()
           cy.expectSettingsSaved()
-          cy.get('input[name="traits.email"]').should('contain.value', email)
+          cy.get('input[name="traits.email"]').should("contain.value", email)
         })
 
-        it('is unable to log in with the old email', () => {
+        it("is unable to log in with the old email", () => {
           cy.visit(base)
           cy.clearAllCookies()
           cy.visit(login)
@@ -143,11 +143,11 @@ context('Settings success with email profile', () => {
             email: down(email),
             password,
             expectSession: false,
-            cookieUrl: base
+            cookieUrl: base,
           })
         })
 
-        it('modifies a protected trait with unprivileged session', () => {
+        it("modifies a protected trait with unprivileged session", () => {
           email = up(email)
           cy.get('input[name="traits.email"]').clear().type(email)
           cy.shortPrivilegedSessionTime() // wait for the privileged session to time out
@@ -155,9 +155,9 @@ context('Settings success with email profile', () => {
 
           cy.reauth({ expect: { email: down(email) }, type: { password } })
 
-          cy.url().should('include', '/settings')
+          cy.url().should("include", "/settings")
           cy.expectSettingsSaved()
-          cy.get('input[name="traits.email"]').should('contain.value', email)
+          cy.get('input[name="traits.email"]').should("contain.value", email)
         })
       })
     })
diff --git a/test/e2e/cypress/integration/profiles/email/settings/ui.spec.ts b/test/e2e/cypress/integration/profiles/email/settings/ui.spec.ts
index 4668c056cd8d..3e421d9a53e8 100644
--- a/test/e2e/cypress/integration/profiles/email/settings/ui.spec.ts
+++ b/test/e2e/cypress/integration/profiles/email/settings/ui.spec.ts
@@ -1,19 +1,19 @@
-import { appPrefix, gen } from '../../../../helpers'
-import { routes as express } from '../../../../helpers/express'
-import { routes as react } from '../../../../helpers/react'
+import { appPrefix, gen } from "../../../../helpers"
+import { routes as express } from "../../../../helpers/express"
+import { routes as react } from "../../../../helpers/react"
 
-context('Settings errors with email profile', () => {
+context("Settings errors with email profile", () => {
   ;[
     {
       base: express.base,
-      app: 'express' as 'express',
-      profile: 'email'
+      app: "express" as "express",
+      profile: "email",
     },
     {
       base: react.base,
-      app: 'react' as 'react',
-      profile: 'spa'
-    }
+      app: "react" as "react",
+      profile: "spa",
+    },
   ].forEach(({ profile, app, base }) => {
     describe(`for app ${app}`, () => {
       const identity = gen.identity()
@@ -22,7 +22,7 @@ context('Settings errors with email profile', () => {
         cy.useConfigProfile(profile)
         cy.registerApi({
           ...identity,
-          fields: { 'traits.website': 'https://www.ory.sh/' }
+          fields: { "traits.website": "https://www.ory.sh/" },
         })
         cy.proxy(app)
       })
@@ -32,25 +32,25 @@ context('Settings errors with email profile', () => {
         cy.visit(base)
       })
 
-      describe('use ui elements', () => {
-        it('should use the json schema titles', () => {
+      describe("use ui elements", () => {
+        it("should use the json schema titles", () => {
           cy.get(appPrefix(app) + 'a[href*="settings"]').click()
           cy.get('input[name="traits.email"]')
             .parent()
-            .should('contain.text', 'Your E-Mail')
+            .should("contain.text", "Your E-Mail")
           cy.get('input[name="traits.website"]')
             .parent()
-            .should('contain.text', 'Your website')
+            .should("contain.text", "Your website")
           cy.get('input[name="password"]')
             .parent()
-            .should('contain.text', 'Password')
-          cy.get('button[value="profile"]').should('contain.text', 'Save')
-          cy.get('button[value="password"]').should('contain.text', 'Save')
+            .should("contain.text", "Password")
+          cy.get('button[value="profile"]').should("contain.text", "Save")
+          cy.get('button[value="password"]').should("contain.text", "Save")
         })
 
-        it('clicks the settings link', () => {
+        it("clicks the settings link", () => {
           cy.get('a[href*="settings"]').click()
-          cy.location('pathname').should('include', 'settings')
+          cy.location("pathname").should("include", "settings")
         })
       })
     })
diff --git a/test/e2e/cypress/integration/profiles/import/import.spec.ts b/test/e2e/cypress/integration/profiles/import/import.spec.ts
index c539809924bb..ccbfabaaafff 100644
--- a/test/e2e/cypress/integration/profiles/import/import.spec.ts
+++ b/test/e2e/cypress/integration/profiles/import/import.spec.ts
@@ -1,10 +1,10 @@
-import { routes as express } from '../../../helpers/express'
-import { gen, KRATOS_ADMIN, website } from '../../../helpers'
+import { routes as express } from "../../../helpers/express"
+import { gen, KRATOS_ADMIN, website } from "../../../helpers"
 
-context('Import Identities', () => {
+context("Import Identities", () => {
   before(() => {
-    cy.useConfigProfile('oidc')
-    cy.proxy('express')
+    cy.useConfigProfile("oidc")
+    cy.proxy("express")
   })
 
   beforeEach(() => {
@@ -14,68 +14,68 @@ context('Import Identities', () => {
   const password = gen.password()
   for (const tc of [
     {
-      name: 'cleartext',
+      name: "cleartext",
       config: {
-        password
+        password,
       },
-      checkPassword: password
+      checkPassword: password,
     },
     {
-      name: 'pbkdf2',
+      name: "pbkdf2",
       config: {
         hashed_password:
-          '$pbkdf2-sha256$i=1000,l=128$e8/arsEf4cvQihdNgqj0Nw$5xQQKNTyeTHx2Ld5/JDE7A'
+          "$pbkdf2-sha256$i=1000,l=128$e8/arsEf4cvQihdNgqj0Nw$5xQQKNTyeTHx2Ld5/JDE7A",
       },
-      checkPassword: '123456'
+      checkPassword: "123456",
     },
     {
-      name: 'bcrypt',
+      name: "bcrypt",
       config: {
         hashed_password:
-          '$2a$10$ZsCsoVQ3xfBG/K2z2XpBf.tm90GZmtOqtqWcB5.pYd5Eq8y7RlDyq'
+          "$2a$10$ZsCsoVQ3xfBG/K2z2XpBf.tm90GZmtOqtqWcB5.pYd5Eq8y7RlDyq",
       },
-      checkPassword: '123456'
+      checkPassword: "123456",
     },
     {
-      name: 'argon2id',
+      name: "argon2id",
       config: {
         hashed_password:
-          '$argon2id$v=19$m=16,t=2,p=1$bVI1aE1SaTV6SGQ3bzdXdw$fnjCcZYmEPOUOjYXsT92Cg'
+          "$argon2id$v=19$m=16,t=2,p=1$bVI1aE1SaTV6SGQ3bzdXdw$fnjCcZYmEPOUOjYXsT92Cg",
       },
-      checkPassword: '123456'
-    }
+      checkPassword: "123456",
+    },
   ]) {
     it(`should be able to sign in using an imported password (${tc.name})`, () => {
       const email = gen.email()
-      cy.request('POST', `${KRATOS_ADMIN}/identities`, {
-        schema_id: 'default',
+      cy.request("POST", `${KRATOS_ADMIN}/identities`, {
+        schema_id: "default",
         traits: {
           email,
-          website
+          website,
         },
         credentials: {
           password: {
-            config: tc.config
-          }
-        }
+            config: tc.config,
+          },
+        },
       })
 
       cy.visit(express.login)
 
       // Try to sign in with an incorrect password
       cy.get('input[name="identifier"]').type(email)
-      cy.get('input[name="password"]').type('invalid-password')
+      cy.get('input[name="password"]').type("invalid-password")
       cy.submitPasswordForm()
       cy.get('*[data-testid="ui/message/4000006"]').should(
-        'contain.text',
-        'credentials are invalid'
+        "contain.text",
+        "credentials are invalid",
       )
 
       // But with correct password it succeeds
       cy.get('input[name="password"]').type(tc.checkPassword)
       cy.submitPasswordForm()
 
-      cy.location('pathname').should('not.contain', '/login')
+      cy.location("pathname").should("not.contain", "/login")
       cy.getSession().should((session) => {
         const { identity } = session
         expect(identity.id).to.not.be.empty
@@ -86,36 +86,36 @@ context('Import Identities', () => {
 
   it(`should be able to sign in using imported oidc credentials`, () => {
     const email = gen.email()
-    const website = 'https://' + gen.password() + '.com'
-    cy.request('POST', `${KRATOS_ADMIN}/identities`, {
-      schema_id: 'default',
+    const website = "https://" + gen.password() + ".com"
+    cy.request("POST", `${KRATOS_ADMIN}/identities`, {
+      schema_id: "default",
       traits: {
         email,
-        website
+        website,
       },
       credentials: {
         oidc: {
           config: {
             providers: [
               {
-                provider: 'hydra',
-                subject: email
-              }
-            ]
-          }
-        }
-      }
+                provider: "hydra",
+                subject: email,
+              },
+            ],
+          },
+        },
+      },
     })
 
     cy.visit(express.login)
     cy.triggerOidc({ url: express.login })
 
-    cy.get('#username').clear().type(email)
-    cy.get('#remember').click()
-    cy.get('#accept').click()
+    cy.get("#username").clear().type(email)
+    cy.get("#remember").click()
+    cy.get("#accept").click()
     cy.get('[name="scope"]').each(($el) => cy.wrap($el).click())
-    cy.get('#remember').click()
-    cy.get('#accept').click()
+    cy.get("#remember").click()
+    cy.get("#accept").click()
 
     cy.getSession().should((session) => {
       const { identity } = session
diff --git a/test/e2e/cypress/integration/profiles/mfa/lookup.spec.ts b/test/e2e/cypress/integration/profiles/mfa/lookup.spec.ts
index 513b73e55e43..e2cc66e84db1 100644
--- a/test/e2e/cypress/integration/profiles/mfa/lookup.spec.ts
+++ b/test/e2e/cypress/integration/profiles/mfa/lookup.spec.ts
@@ -1,23 +1,23 @@
-import { appPrefix, gen, website } from '../../../helpers'
-import { routes as express } from '../../../helpers/express'
-import { routes as react } from '../../../helpers/react'
+import { appPrefix, gen, website } from "../../../helpers"
+import { routes as express } from "../../../helpers/express"
+import { routes as react } from "../../../helpers/react"
 
-context('2FA lookup secrets', () => {
+context("2FA lookup secrets", () => {
   ;[
     {
       login: react.login,
       settings: react.settings,
       base: react.base,
-      app: 'react' as 'react',
-      profile: 'spa'
+      app: "react" as "react",
+      profile: "spa",
     },
     {
       login: express.login,
       settings: express.settings,
       base: express.base,
-      app: 'express' as 'express',
-      profile: 'mfa'
-    }
+      app: "express" as "express",
+      profile: "mfa",
+    },
   ].forEach(({ settings, login, profile, app, base }) => {
     describe(`for app ${app}`, () => {
       before(() => {
@@ -36,7 +36,7 @@ context('2FA lookup secrets', () => {
         cy.registerApi({
           email,
           password,
-          fields: { 'traits.website': website }
+          fields: { "traits.website": website },
         })
         cy.login({ email, password, cookieUrl: base })
 
@@ -44,12 +44,12 @@ context('2FA lookup secrets', () => {
         cy.sessionRequiresNo2fa()
       })
 
-      it('should be able to remove lookup codes', () => {
+      it("should be able to remove lookup codes", () => {
         cy.sessionRequires2fa()
         cy.longPrivilegedSessionTime()
         cy.visit(settings)
         cy.get(
-          appPrefix(app) + 'button[name="lookup_secret_regenerate"]'
+          appPrefix(app) + 'button[name="lookup_secret_regenerate"]',
         ).click()
         cy.get('button[name="lookup_secret_confirm"]').click()
         cy.expectSettingsSaved()
@@ -59,37 +59,37 @@ context('2FA lookup secrets', () => {
         cy.get('button[name="lookup_secret_disable"]').click()
         cy.reauth({
           expect: { email },
-          type: { email: email, password: password }
+          type: { email: email, password: password },
         })
         cy.expectSettingsSaved()
 
         cy.clearAllCookies()
         cy.login({ email: email, password: password, cookieUrl: base })
 
-        cy.visit(login + '?aal=aal2')
-        cy.get('h2').should('contain.text', 'Two-Factor Authentication')
-        cy.get('*[name="method"][value="totp"]').should('not.exist')
-        cy.get('*[name="method"][value="lookup_secret"]').should('not.exist')
-        cy.get('*[name="method"][value="password"]').should('not.exist')
+        cy.visit(login + "?aal=aal2")
+        cy.get("h2").should("contain.text", "Two-Factor Authentication")
+        cy.get('*[name="method"][value="totp"]').should("not.exist")
+        cy.get('*[name="method"][value="lookup_secret"]').should("not.exist")
+        cy.get('*[name="method"][value="password"]').should("not.exist")
       })
 
-      it('should go through several lookup secret lifecycles', () => {
+      it("should go through several lookup secret lifecycles", () => {
         cy.visit(settings)
 
         cy.get('[data-testid="node/text/lookup_secret_codes/label"]').should(
-          'not.exist'
+          "not.exist",
         )
         cy.get('[data-testid="text-lookup_secret_codes-content"] code').should(
-          'not.exist'
+          "not.exist",
         )
-        cy.get('button[name="lookup_secret_confirm"]').should('not.exist')
+        cy.get('button[name="lookup_secret_confirm"]').should("not.exist")
         cy.get('button[name="lookup_secret_regenerate"]').click()
         cy.get('[data-testid="node/text/lookup_secret_codes/label"]').should(
-          'contain.text',
-          'These are your back up recovery codes.'
+          "contain.text",
+          "These are your back up recovery codes.",
         )
         cy.get('[data-testid="text-lookup_secret_codes-content"] code').should(
-          'not.be.empty'
+          "not.be.empty",
         )
 
         let codes
@@ -100,12 +100,12 @@ context('2FA lookup secrets', () => {
         cy.get('button[name="lookup_secret_confirm"]').click()
         cy.expectSettingsSaved()
 
-        cy.get('button[name="lookup_secret_reveal"]').should('exist')
+        cy.get('button[name="lookup_secret_reveal"]').should("exist")
         cy.get('[data-testid="text-lookup_secret_codes-content"] code').should(
-          'not.exist'
+          "not.exist",
         )
-        cy.get('button[name="lookup_secret_confirm"]').should('not.exist')
-        cy.get('button[name="lookup_secret_regenerate"]').should('not.exist')
+        cy.get('button[name="lookup_secret_confirm"]').should("not.exist")
+        cy.get('button[name="lookup_secret_regenerate"]').should("not.exist")
 
         cy.get('button[name="lookup_secret_reveal"]').click()
         cy.getLookupSecrets().should((c) => {
@@ -113,48 +113,48 @@ context('2FA lookup secrets', () => {
         })
 
         cy.getSession({
-          expectAal: 'aal2',
-          expectMethods: ['password', 'lookup_secret']
+          expectAal: "aal2",
+          expectMethods: ["password", "lookup_secret"],
         })
 
         // Try to log in with a recovery code now
-        cy.visit(login + '?aal=aal2&refresh=true')
-        cy.location('pathname').should('contain', 'login')
+        cy.visit(login + "?aal=aal2&refresh=true")
+        cy.location("pathname").should("contain", "login")
 
-        cy.get('*[name="method"][value="lookup_secret"]').should('exist')
-        cy.get('*[name="method"][value="password"]').should('not.exist')
+        cy.get('*[name="method"][value="lookup_secret"]').should("exist")
+        cy.get('*[name="method"][value="password"]').should("not.exist")
 
         // Type an invalid code
-        cy.get('input[name="lookup_secret"]').should('exist')
-        cy.get('input[name="lookup_secret"]').type('invalid-code')
+        cy.get('input[name="lookup_secret"]').should("exist")
+        cy.get('input[name="lookup_secret"]').type("invalid-code")
         cy.get('*[name="method"][value="lookup_secret"]').click()
         cy.get('[data-testid="ui/message/4000016"]').should(
-          'contain.text',
-          'The backup recovery code is not valid.'
+          "contain.text",
+          "The backup recovery code is not valid.",
         )
 
         // Type a valid code
-        cy.get('input[name="lookup_secret"]').should('exist')
-        cy.get('input[name="lookup_secret"]').should('have.value', '')
+        cy.get('input[name="lookup_secret"]').should("exist")
+        cy.get('input[name="lookup_secret"]').should("have.value", "")
         cy.get('input[name="lookup_secret"]').then(($e) => {
           cy.wrap($e).type(codes[0])
         })
         cy.get('*[name="method"][value="lookup_secret"]').click()
-        cy.location('pathname').should('not.contain', 'login')
+        cy.location("pathname").should("not.contain", "login")
 
         let authenticatedAt
         cy.getSession({
-          expectAal: 'aal2',
-          expectMethods: ['password', 'lookup_secret', 'lookup_secret']
+          expectAal: "aal2",
+          expectMethods: ["password", "lookup_secret", "lookup_secret"],
         }).then((session) => {
           authenticatedAt = session.authenticated_at
-          expect(session.authenticator_assurance_level).to.equal('aal2')
+          expect(session.authenticator_assurance_level).to.equal("aal2")
         })
 
         // Retry auth with the used code
-        cy.visit(login + '?aal=aal2&refresh=true')
+        cy.visit(login + "?aal=aal2&refresh=true")
         cy.location().should((loc) => {
-          expect(loc.href).to.include('/login')
+          expect(loc.href).to.include("/login")
         })
         cy.get('input[name="lookup_secret"]').then(($e) => {
           cy.wrap($e).type(codes[0])
@@ -162,24 +162,24 @@ context('2FA lookup secrets', () => {
         cy.get('*[name="method"][value="lookup_secret"]').click()
         // Use a valid code
         cy.get('[data-testid="ui/message/4000012"]').should(
-          'contain.text',
-          'This backup recovery code has already been used.'
+          "contain.text",
+          "This backup recovery code has already been used.",
         )
 
         cy.get('input[name="lookup_secret"]').then(($e) => {
           cy.wrap($e).type(codes[1])
         })
         cy.get('*[name="method"][value="lookup_secret"]').click()
-        cy.location('pathname').should('not.contain', 'login')
+        cy.location("pathname").should("not.contain", "login")
 
         cy.getSession({
-          expectAal: 'aal2',
+          expectAal: "aal2",
           expectMethods: [
-            'password',
-            'lookup_secret',
-            'lookup_secret',
-            'lookup_secret'
-          ]
+            "password",
+            "lookup_secret",
+            "lookup_secret",
+            "lookup_secret",
+          ],
         }).then((session) => {
           expect(session.authenticated_at).to.not.equal(authenticatedAt)
         })
@@ -189,61 +189,61 @@ context('2FA lookup secrets', () => {
         cy.get('button[name="lookup_secret_reveal"]').click()
         cy.getLookupSecrets().should((c) => {
           let newCodes = codes
-          newCodes[0] = 'Used'
-          newCodes[1] = 'Used'
+          newCodes[0] = "Used"
+          newCodes[1] = "Used"
           expect(c).to.eql(newCodes)
         })
 
         // Regenerating the codes means the old one become invalid
-        cy.get('*[name=lookup_secret_regenerate]').click()
-        cy.get('*[name=lookup_secret_confirm]').should('exist')
+        cy.get("*[name=lookup_secret_regenerate]").click()
+        cy.get("*[name=lookup_secret_confirm]").should("exist")
         let regenCodes
         cy.getLookupSecrets().should((c) => {
           regenCodes = c
         })
 
         // Confirm it
-        cy.get('*[name=lookup_secret_confirm]').click()
+        cy.get("*[name=lookup_secret_confirm]").click()
         cy.get('*[name="lookup_secret_reveal"]').click()
         cy.getLookupSecrets().should((c) => {
           expect(c).to.eql(regenCodes)
         })
 
         // Log in and see if we can use the old / new keys
-        cy.visit(login + '?aal=aal2&refresh=true')
-        cy.location('pathname').should('contain', 'login')
+        cy.visit(login + "?aal=aal2&refresh=true")
+        cy.location("pathname").should("contain", "login")
 
         // Using an old code fails
         cy.get('input[name="lookup_secret"]').then(($e) => {
           cy.wrap($e).type(codes[3])
         })
         cy.get('*[name="method"][value="lookup_secret"]').click()
-        cy.get('[data-testid="ui/message/4000016"]').should('exist')
+        cy.get('[data-testid="ui/message/4000016"]').should("exist")
 
         // Using a new code succeeds
         cy.get('input[name="lookup_secret"]').then(($e) => {
           cy.wrap($e).type(regenCodes[0])
         })
         cy.get('*[name="method"][value="lookup_secret"]').click()
-        cy.location('pathname').should('not.contain', 'login')
+        cy.location("pathname").should("not.contain", "login")
 
         // Going back to the settings UI we should see that the codes have been "used"
         cy.visit(settings)
         cy.get('button[name="lookup_secret_reveal"]').click()
         cy.getLookupSecrets().should((c) => {
           let newCodes = regenCodes
-          newCodes[0] = 'Used'
+          newCodes[0] = "Used"
           expect(c).to.eql(newCodes)
         })
       })
 
-      it('should end up at login screen if trying to reveal without privileged session', () => {
+      it("should end up at login screen if trying to reveal without privileged session", () => {
         cy.shortPrivilegedSessionTime()
         cy.visit(settings)
         cy.get('button[name="lookup_secret_regenerate"]').click()
         cy.reauth({
           expect: { email },
-          type: { email: email, password: password }
+          type: { email: email, password: password },
         })
 
         let codes
@@ -255,7 +255,7 @@ context('2FA lookup secrets', () => {
         cy.get('button[name="lookup_secret_confirm"]').click()
         cy.reauth({
           expect: { email },
-          type: { email: email, password: password }
+          type: { email: email, password: password },
         })
         cy.expectSettingsSaved()
 
@@ -263,22 +263,22 @@ context('2FA lookup secrets', () => {
         cy.get('button[name="lookup_secret_reveal"]').click()
         cy.reauth({
           expect: { email },
-          type: { email: email, password: password }
+          type: { email: email, password: password },
         })
         cy.getLookupSecrets().should((c) => {
           expect(c).to.not.be.empty
         })
         cy.getSession({
-          expectAal: 'aal2'
+          expectAal: "aal2",
         })
       })
 
-      it('should not show lookup as an option if not configured', () => {
-        cy.visit(login + '?aal=aal2')
-        cy.get('*[name="method"][value="totp"]').should('not.exist')
-        cy.get('*[name="method"][value="lookup_secret"]').should('not.exist')
-        cy.get('*[name="method"][value="password"]').should('not.exist')
-        cy.get('h2').should('contain.text', 'Two-Factor Authentication')
+      it("should not show lookup as an option if not configured", () => {
+        cy.visit(login + "?aal=aal2")
+        cy.get('*[name="method"][value="totp"]').should("not.exist")
+        cy.get('*[name="method"][value="lookup_secret"]').should("not.exist")
+        cy.get('*[name="method"][value="password"]').should("not.exist")
+        cy.get("h2").should("contain.text", "Two-Factor Authentication")
       })
     })
   })
diff --git a/test/e2e/cypress/integration/profiles/mfa/mix.spec.ts b/test/e2e/cypress/integration/profiles/mfa/mix.spec.ts
index 0e186c580d37..2fb63f181484 100644
--- a/test/e2e/cypress/integration/profiles/mfa/mix.spec.ts
+++ b/test/e2e/cypress/integration/profiles/mfa/mix.spec.ts
@@ -1,27 +1,27 @@
-import { APP_URL, appPrefix, gen, website } from '../../../helpers'
-import { authenticator } from 'otplib'
-import { routes as react } from '../../../helpers/react'
-import { routes as express } from '../../../helpers/express'
+import { APP_URL, appPrefix, gen, website } from "../../../helpers"
+import { authenticator } from "otplib"
+import { routes as react } from "../../../helpers/react"
+import { routes as express } from "../../../helpers/express"
 
-context('2FA with various methods', () => {
+context("2FA with various methods", () => {
   beforeEach(() => {
-    cy.task('resetCRI', {})
+    cy.task("resetCRI", {})
   })
   ;[
     {
       login: react.login,
       settings: react.settings,
       base: react.base,
-      app: 'react' as 'react',
-      profile: 'spa'
+      app: "react" as "react",
+      profile: "spa",
     },
     {
       login: express.login,
       settings: express.settings,
       base: express.base,
-      app: 'express' as 'express',
-      profile: 'mfa'
-    }
+      app: "express" as "express",
+      profile: "mfa",
+    },
   ].forEach(({ settings, login, profile, app, base }) => {
     describe(`for app ${app}`, () => {
       before(() => {
@@ -38,45 +38,45 @@ context('2FA with various methods', () => {
         cy.registerApi({
           email,
           password,
-          fields: { 'traits.website': website }
+          fields: { "traits.website": website },
         })
         cy.clearAllCookies()
         cy.login({ email, password, cookieUrl: base })
         cy.longPrivilegedSessionTime()
-        cy.task('sendCRI', {
-          query: 'WebAuthn.disable',
-          opts: {}
+        cy.task("sendCRI", {
+          query: "WebAuthn.disable",
+          opts: {},
         })
       })
 
-      it('should set up an use all mfa combinations', () => {
+      it("should set up an use all mfa combinations", () => {
         cy.visit(settings)
-        cy.task('sendCRI', {
-          query: 'WebAuthn.enable',
-          opts: {}
+        cy.task("sendCRI", {
+          query: "WebAuthn.enable",
+          opts: {},
         }).then(() => {
-          cy.task('sendCRI', {
-            query: 'WebAuthn.addVirtualAuthenticator',
+          cy.task("sendCRI", {
+            query: "WebAuthn.addVirtualAuthenticator",
             opts: {
               options: {
-                protocol: 'ctap2',
-                transport: 'usb',
+                protocol: "ctap2",
+                transport: "usb",
                 hasResidentKey: true,
                 hasUserVerification: true,
-                isUserVerified: true
-              }
-            }
+                isUserVerified: true,
+              },
+            },
           }).then(() => {
             cy.getSession({
-              expectAal: 'aal1',
-              expectMethods: ['password']
+              expectAal: "aal1",
+              expectMethods: ["password"],
             })
 
             cy.visit(settings)
             // Set up TOTP
             let secret
             cy.get(
-              appPrefix(app) + '[data-testid="node/text/totp_secret_key/text"]'
+              appPrefix(app) + '[data-testid="node/text/totp_secret_key/text"]',
             ).then(($e) => {
               secret = $e.text().trim()
             })
@@ -86,8 +86,8 @@ context('2FA with various methods', () => {
             cy.get('[name="method"][value="totp"]').click()
             cy.expectSettingsSaved()
             cy.getSession({
-              expectAal: 'aal2',
-              expectMethods: ['password', 'totp']
+              expectAal: "aal2",
+              expectMethods: ["password", "totp"],
             })
 
             // Set up lookup secrets
@@ -100,73 +100,73 @@ context('2FA with various methods', () => {
             cy.get('[name="lookup_secret_confirm"]').click()
             cy.expectSettingsSaved()
             cy.getSession({
-              expectAal: 'aal2',
-              expectMethods: ['password', 'totp', 'lookup_secret']
+              expectAal: "aal2",
+              expectMethods: ["password", "totp", "lookup_secret"],
             })
 
             // Set up WebAuthn
             cy.visit(settings)
-            cy.get('[name="webauthn_register_displayname"]').type('my-key')
+            cy.get('[name="webauthn_register_displayname"]').type("my-key")
             // We need a workaround here. So first we click, then we submit
-            cy.clickWebAuthButton('register')
+            cy.clickWebAuthButton("register")
             cy.expectSettingsSaved()
             cy.getSession({
-              expectAal: 'aal2',
-              expectMethods: ['password', 'totp', 'webauthn', 'lookup_secret']
+              expectAal: "aal2",
+              expectMethods: ["password", "totp", "webauthn", "lookup_secret"],
             })
 
-            cy.visit(login + '?aal=aal2&refresh=true')
+            cy.visit(login + "?aal=aal2&refresh=true")
             cy.get('[name="totp_code"]').then(($e) => {
               cy.wrap($e).type(authenticator.generate(secret))
             })
             cy.get('[name="method"][value="totp"]').click()
-            cy.location('pathname').should('not.include', '/login')
+            cy.location("pathname").should("not.include", "/login")
 
             cy.getSession({
-              expectAal: 'aal2',
+              expectAal: "aal2",
               expectMethods: [
-                'password',
-                'totp',
-                'webauthn',
-                'lookup_secret',
-                'totp'
-              ]
+                "password",
+                "totp",
+                "webauthn",
+                "lookup_secret",
+                "totp",
+              ],
             })
 
             // Use TOTP
-            cy.visit(login + '?aal=aal2&refresh=true')
-            cy.clickWebAuthButton('login')
+            cy.visit(login + "?aal=aal2&refresh=true")
+            cy.clickWebAuthButton("login")
             cy.getSession({
-              expectAal: 'aal2',
+              expectAal: "aal2",
               expectMethods: [
-                'password',
-                'totp',
-                'webauthn',
-                'lookup_secret',
-                'totp',
-                'webauthn'
-              ]
+                "password",
+                "totp",
+                "webauthn",
+                "lookup_secret",
+                "totp",
+                "webauthn",
+              ],
             })
 
             // Use lookup
-            cy.visit(login + '?aal=aal2&refresh=true')
+            cy.visit(login + "?aal=aal2&refresh=true")
             cy.get('[name="lookup_secret"]').then(($e) => {
               cy.wrap($e).type(codes[1])
             })
             cy.get('[name="method"][value="lookup_secret"]').click()
-            cy.location('pathname').should('not.include', '/login')
+            cy.location("pathname").should("not.include", "/login")
 
             cy.getSession({
-              expectAal: 'aal2',
+              expectAal: "aal2",
               expectMethods: [
-                'password',
-                'totp',
-                'webauthn',
-                'lookup_secret',
-                'totp',
-                'webauthn',
-                'lookup_secret'
-              ]
+                "password",
+                "totp",
+                "webauthn",
+                "lookup_secret",
+                "totp",
+                "webauthn",
+                "lookup_secret",
+              ],
             })
           })
         })
diff --git a/test/e2e/cypress/integration/profiles/mfa/settings.spec.ts b/test/e2e/cypress/integration/profiles/mfa/settings.spec.ts
index 9e1de8d58eb6..0947f574de05 100644
--- a/test/e2e/cypress/integration/profiles/mfa/settings.spec.ts
+++ b/test/e2e/cypress/integration/profiles/mfa/settings.spec.ts
@@ -1,21 +1,21 @@
-import { appPrefix, gen, website } from '../../../helpers'
-import { routes as express } from '../../../helpers/express'
-import { routes as react } from '../../../helpers/react'
+import { appPrefix, gen, website } from "../../../helpers"
+import { routes as express } from "../../../helpers/express"
+import { routes as react } from "../../../helpers/react"
 
-context('2FA UI settings tests', () => {
+context("2FA UI settings tests", () => {
   ;[
     {
       settings: react.settings,
       base: react.base,
-      app: 'react' as 'react',
-      profile: 'spa'
+      app: "react" as "react",
+      profile: "spa",
     },
     {
       settings: express.settings,
       base: express.base,
-      app: 'express' as 'express',
-      profile: 'mfa'
-    }
+      app: "express" as "express",
+      profile: "mfa",
+    },
   ].forEach(({ settings, profile, base, app }) => {
     describe(`for app ${app}`, () => {
       before(() => {
@@ -30,7 +30,7 @@ context('2FA UI settings tests', () => {
         cy.registerApi({
           email,
           password,
-          fields: { 'traits.website': website }
+          fields: { "traits.website": website },
         })
       })
 
@@ -40,24 +40,24 @@ context('2FA UI settings tests', () => {
         cy.visit(settings)
       })
 
-      it('shows all settings forms', () => {
-        cy.get(appPrefix(app) + 'h3').should('contain.text', 'Profile Settings')
-        cy.get('h3').should('contain.text', 'Change Password')
-        cy.get('h3').should('contain.text', 'Manage 2FA Backup Recovery Codes')
-        cy.get('h3').should('contain.text', 'Manage 2FA TOTP Authenticator App')
-        cy.get('h3').should('contain.text', 'Manage Hardware Tokens')
-        cy.get('input[name="traits.email"]').should('contain.value', email)
-        cy.get('input[name="traits.website"]').should('contain.value', website)
+      it("shows all settings forms", () => {
+        cy.get(appPrefix(app) + "h3").should("contain.text", "Profile Settings")
+        cy.get("h3").should("contain.text", "Change Password")
+        cy.get("h3").should("contain.text", "Manage 2FA Backup Recovery Codes")
+        cy.get("h3").should("contain.text", "Manage 2FA TOTP Authenticator App")
+        cy.get("h3").should("contain.text", "Manage Hardware Tokens")
+        cy.get('input[name="traits.email"]').should("contain.value", email)
+        cy.get('input[name="traits.website"]').should("contain.value", website)
 
         cy.get('[data-testid="node/text/totp_secret_key/label"]').should(
-          'contain.text',
-          'This is your authenticator app secret'
+          "contain.text",
+          "This is your authenticator app secret",
         )
-        cy.get('button').should(
-          'contain.text',
-          'Generate new backup recovery codes'
+        cy.get("button").should(
+          "contain.text",
+          "Generate new backup recovery codes",
         )
-        cy.get('button').should('contain.text', 'Add security key')
+        cy.get("button").should("contain.text", "Add security key")
       })
     })
   })
diff --git a/test/e2e/cypress/integration/profiles/mfa/totp.spec.ts b/test/e2e/cypress/integration/profiles/mfa/totp.spec.ts
index 073f38e4b293..075d1fd6bfcd 100644
--- a/test/e2e/cypress/integration/profiles/mfa/totp.spec.ts
+++ b/test/e2e/cypress/integration/profiles/mfa/totp.spec.ts
@@ -1,24 +1,24 @@
-import { gen, website } from '../../../helpers'
-import { authenticator } from 'otplib'
-import { routes as react } from '../../../helpers/react'
-import { routes as express } from '../../../helpers/express'
+import { gen, website } from "../../../helpers"
+import { authenticator } from "otplib"
+import { routes as react } from "../../../helpers/react"
+import { routes as express } from "../../../helpers/express"
 
-context('2FA lookup secrets', () => {
+context("2FA lookup secrets", () => {
   ;[
     {
       login: react.login,
       settings: react.settings,
       base: react.base,
-      app: 'react' as 'react',
-      profile: 'spa'
+      app: "react" as "react",
+      profile: "spa",
     },
     {
       login: express.login,
       settings: express.settings,
       base: express.base,
-      app: 'express' as 'express',
-      profile: 'mfa'
-    }
+      app: "express" as "express",
+      profile: "mfa",
+    },
   ].forEach(({ settings, login, profile, app, base }) => {
     describe(`for app ${app}`, () => {
       before(() => {
@@ -38,11 +38,11 @@ context('2FA lookup secrets', () => {
         cy.register({
           email,
           password,
-          fields: { 'traits.website': website }
+          fields: { "traits.website": website },
         })
       })
 
-      it('should be be asked to sign in with 2fa if set up', () => {
+      it("should be be asked to sign in with 2fa if set up", () => {
         cy.visit(settings)
         cy.requireStrictAal()
 
@@ -56,8 +56,8 @@ context('2FA lookup secrets', () => {
         cy.get('*[name="method"][value="totp"]').click()
         cy.expectSettingsSaved()
         cy.getSession({
-          expectAal: 'aal2',
-          expectMethods: ['password', 'totp']
+          expectAal: "aal2",
+          expectMethods: ["password", "totp"],
         })
 
         cy.clearAllCookies()
@@ -72,8 +72,8 @@ context('2FA lookup secrets', () => {
 
         // If we visit settings page we still end up at 2fa screen
         cy.visit(settings)
-        cy.location('pathname').should((loc) => {
-          expect(loc).to.include('/login')
+        cy.location("pathname").should((loc) => {
+          expect(loc).to.include("/login")
         })
 
         cy.shouldShow2FAScreen()
@@ -81,17 +81,17 @@ context('2FA lookup secrets', () => {
           cy.wrap($e).type(authenticator.generate(secret))
         })
         cy.get('*[name="method"][value="totp"]').click()
-        cy.location('pathname').should((loc) => {
-          expect(loc).to.oneOf(['/welcome', '/'])
+        cy.location("pathname").should((loc) => {
+          expect(loc).to.oneOf(["/welcome", "/"])
         })
         cy.getSession({
-          expectAal: 'aal2',
-          expectMethods: ['password', 'totp']
+          expectAal: "aal2",
+          expectMethods: ["password", "totp"],
         })
       })
 
-      it('signin with 2fa and be redirected', () => {
-        if (app !== 'express') {
+      it("signin with 2fa and be redirected", () => {
+        if (app !== "express") {
           return
         }
 
@@ -108,8 +108,8 @@ context('2FA lookup secrets', () => {
         cy.get('*[name="method"][value="totp"]').click()
         cy.expectSettingsSaved()
         cy.getSession({
-          expectAal: 'aal2',
-          expectMethods: ['password', 'totp']
+          expectAal: "aal2",
+          expectMethods: ["password", "totp"],
         })
 
         cy.clearAllCookies()
@@ -120,13 +120,13 @@ context('2FA lookup secrets', () => {
         cy.submitPasswordForm()
 
         // MFA is now requested
-        cy.location('pathname').should((loc) => {
-          expect(loc).to.include('/login')
+        cy.location("pathname").should((loc) => {
+          expect(loc).to.include("/login")
         })
         cy.shouldShow2FAScreen()
 
-        cy.location('pathname').should((loc) => {
-          expect(loc).to.include('/login')
+        cy.location("pathname").should((loc) => {
+          expect(loc).to.include("/login")
         })
 
         cy.shouldShow2FAScreen()
@@ -134,14 +134,14 @@ context('2FA lookup secrets', () => {
           cy.wrap($e).type(authenticator.generate(secret))
         })
         cy.get('*[name="method"][value="totp"]').click()
-        cy.url().should('eq', 'https://www.example.org/')
+        cy.url().should("eq", "https://www.example.org/")
       })
 
-      it('should go through several totp lifecycles', () => {
+      it("should go through several totp lifecycles", () => {
         cy.visit(settings)
 
-        cy.get('[data-testid="node/text/totp_secret_key/text"]').should('exist')
-        cy.get('img[data-testid="node/image/totp_qr"]').should('exist')
+        cy.get('[data-testid="node/text/totp_secret_key/text"]').should("exist")
+        cy.get('img[data-testid="node/image/totp_qr"]').should("exist")
 
         // Set up TOTP
         let secret
@@ -154,52 +154,52 @@ context('2FA lookup secrets', () => {
         cy.get('*[name="method"][value="totp"]').click()
         cy.expectSettingsSaved()
         cy.get('[data-testid="node/text/totp_secret_key/text"]').should(
-          'not.exist'
+          "not.exist",
         )
-        cy.get('img[data-testid="node/image/totp_qr"]').should('not.exist')
-        cy.get('*[name="method"][value="totp"]').should('not.exist')
-        cy.get('*[name="totp_unlink"]').should('exist')
+        cy.get('img[data-testid="node/image/totp_qr"]').should("not.exist")
+        cy.get('*[name="method"][value="totp"]').should("not.exist")
+        cy.get('*[name="totp_unlink"]').should("exist")
 
         // Let's try to do 2FA
-        cy.visit(login + '?aal=aal2&refresh=true')
-        cy.location('pathname').should((loc) => {
-          expect(loc).to.include('/login')
+        cy.visit(login + "?aal=aal2&refresh=true")
+        cy.location("pathname").should((loc) => {
+          expect(loc).to.include("/login")
         })
-        cy.get('*[name="method"][value="password"]').should('not.exist')
+        cy.get('*[name="method"][value="password"]').should("not.exist")
 
         // Typing a wrong code leaves us with an error message
-        cy.get('*[name="totp_code"]').type('111111')
+        cy.get('*[name="totp_code"]').type("111111")
         cy.get('*[name="method"][value="totp"]').click()
 
         cy.get('[data-testid="ui/message/4000008"]').should(
-          'contain.text',
-          'The provided authentication code is invalid, please try again.'
+          "contain.text",
+          "The provided authentication code is invalid, please try again.",
         )
         cy.get('input[name="totp_code"]').then(($e) => {
           cy.wrap($e).type(authenticator.generate(secret))
         })
         cy.get('*[name="method"][value="totp"]').click()
-        cy.location('pathname').should('not.contain', '/login')
+        cy.location("pathname").should("not.contain", "/login")
         cy.getSession({
-          expectAal: 'aal2',
-          expectMethods: ['password', 'totp', 'totp']
+          expectAal: "aal2",
+          expectMethods: ["password", "totp", "totp"],
         })
 
         // Going to settings and unlinking the device
         cy.visit(settings)
         cy.get('*[name="totp_unlink"]').click()
         cy.expectSettingsSaved()
-        cy.get('[data-testid="node/text/totp_secret_key/text"]').should('exist')
-        cy.get('img[data-testid="node/image/totp_qr"]').should('exist')
-        cy.get('*[name="method"][value="totp"]').should('exist')
-        cy.get('*[name="totp_unlink"]').should('not.exist')
+        cy.get('[data-testid="node/text/totp_secret_key/text"]').should("exist")
+        cy.get('img[data-testid="node/image/totp_qr"]').should("exist")
+        cy.get('*[name="method"][value="totp"]').should("exist")
+        cy.get('*[name="totp_unlink"]').should("not.exist")
 
         // 2FA should be gone
-        cy.visit(login + '?aal=aal2&refresh=true')
-        cy.location('pathname').should((loc) => {
-          expect(loc).to.include('/login')
+        cy.visit(login + "?aal=aal2&refresh=true")
+        cy.location("pathname").should((loc) => {
+          expect(loc).to.include("/login")
         })
-        cy.get('*[name="method"][value="totp"]').should('not.exist')
+        cy.get('*[name="method"][value="totp"]').should("not.exist")
 
         // Linking a new device works
         cy.visit(settings)
@@ -214,17 +214,17 @@ context('2FA lookup secrets', () => {
         cy.expectSettingsSaved()
 
         // Old secret no longer works in login
-        cy.visit(login + '?aal=aal2&refresh=true')
-        cy.location('pathname').should((loc) => {
-          expect(loc).to.include('/login')
+        cy.visit(login + "?aal=aal2&refresh=true")
+        cy.location("pathname").should((loc) => {
+          expect(loc).to.include("/login")
         })
         cy.get('input[name="totp_code"]').then(($e) => {
           cy.wrap($e).type(authenticator.generate(secret))
         })
         cy.get('*[name="method"][value="totp"]').click()
         cy.get('[data-testid="ui/message/4000008"]').should(
-          'contain.text',
-          'The provided authentication code is invalid, please try again.'
+          "contain.text",
+          "The provided authentication code is invalid, please try again.",
         )
 
         // But new one does!
@@ -232,43 +232,43 @@ context('2FA lookup secrets', () => {
           cy.wrap($e).type(authenticator.generate(newSecret))
         })
         cy.get('*[name="method"][value="totp"]').click()
-        cy.location('pathname').should((loc) => {
-          expect(loc).to.not.include('/login')
+        cy.location("pathname").should((loc) => {
+          expect(loc).to.not.include("/login")
         })
 
         cy.getSession({
-          expectAal: 'aal2',
-          expectMethods: ['password', 'totp', 'totp', 'totp', 'totp']
+          expectAal: "aal2",
+          expectMethods: ["password", "totp", "totp", "totp", "totp"],
         })
       })
 
-      it('should not show totp as an option if not configured', () => {
-        cy.visit(login + '?aal=aal2')
-        cy.location('pathname').should((loc) => {
-          expect(loc).to.include('/login')
+      it("should not show totp as an option if not configured", () => {
+        cy.visit(login + "?aal=aal2")
+        cy.location("pathname").should((loc) => {
+          expect(loc).to.include("/login")
         })
 
-        cy.get('*[name="method"][value="totp"]').should('not.exist')
-        cy.get('*[name="method"][value="password"]').should('not.exist')
+        cy.get('*[name="method"][value="totp"]').should("not.exist")
+        cy.get('*[name="method"][value="password"]').should("not.exist")
         cy.shouldShow2FAScreen()
 
         cy.get('[data-testid="logout-link"]').click()
         cy.location().should((loc) => {
-          expect(loc.href).to.include('/login')
-          expect(loc.search).to.not.include('aal')
-          expect(loc.search).to.not.include('refresh')
+          expect(loc.href).to.include("/login")
+          expect(loc.search).to.not.include("aal")
+          expect(loc.search).to.not.include("refresh")
         })
-        cy.get('h2').should('contain.text', 'Sign In')
+        cy.get("h2").should("contain.text", "Sign In")
         cy.noSession()
       })
 
-      it('should fail to set up totp if verify code is wrong', () => {
+      it("should fail to set up totp if verify code is wrong", () => {
         cy.visit(settings)
-        cy.get('input[name="totp_code"]').type('12345678')
+        cy.get('input[name="totp_code"]').type("12345678")
         cy.get('*[name="method"][value="totp"]').click()
         cy.get('[data-testid="ui/message/4000008"]').should(
-          'contain.text',
-          'The provided authentication code is invalid, please try again.'
+          "contain.text",
+          "The provided authentication code is invalid, please try again.",
         )
       })
     })
diff --git a/test/e2e/cypress/integration/profiles/mfa/webauthn.spec.ts b/test/e2e/cypress/integration/profiles/mfa/webauthn.spec.ts
index 2be497f5d93d..bbacd55498a7 100644
--- a/test/e2e/cypress/integration/profiles/mfa/webauthn.spec.ts
+++ b/test/e2e/cypress/integration/profiles/mfa/webauthn.spec.ts
@@ -1,26 +1,26 @@
-import { appPrefix, gen, website } from '../../../helpers'
-import { routes as react } from '../../../helpers/react'
-import { routes as express } from '../../../helpers/express'
+import { appPrefix, gen, website } from "../../../helpers"
+import { routes as react } from "../../../helpers/react"
+import { routes as express } from "../../../helpers/express"
 
-context('2FA WebAuthn', () => {
+context("2FA WebAuthn", () => {
   beforeEach(() => {
-    cy.task('resetCRI', {})
+    cy.task("resetCRI", {})
   })
   ;[
     {
       login: express.login,
       settings: express.settings,
       base: express.base,
-      app: 'express' as 'express',
-      profile: 'mfa'
+      app: "express" as "express",
+      profile: "mfa",
     },
     {
       login: react.login,
       settings: react.settings,
       base: react.base,
-      app: 'react' as 'react',
-      profile: 'spa'
-    }
+      app: "react" as "react",
+      profile: "spa",
+    },
   ].forEach(({ settings, login, profile, app, base }) => {
     describe(`for app ${app}`, () => {
       before(() => {
@@ -39,88 +39,88 @@ context('2FA WebAuthn', () => {
         cy.registerApi({
           email,
           password,
-          fields: { 'traits.website': website }
+          fields: { "traits.website": website },
         })
 
         cy.login({ email, password })
 
         cy.longPrivilegedSessionTime()
-        cy.task('sendCRI', {
-          query: 'WebAuthn.disable',
-          opts: {}
+        cy.task("sendCRI", {
+          query: "WebAuthn.disable",
+          opts: {},
         })
       })
 
-      it('should be able to identify if the authenticator is wrong', () => {
+      it("should be able to identify if the authenticator is wrong", () => {
         cy.visit(settings)
 
         // Set up virtual authenticator
-        cy.task('sendCRI', {
-          query: 'WebAuthn.enable',
-          opts: {}
+        cy.task("sendCRI", {
+          query: "WebAuthn.enable",
+          opts: {},
         }).then(() => {
-          cy.task('sendCRI', {
-            query: 'WebAuthn.addVirtualAuthenticator',
+          cy.task("sendCRI", {
+            query: "WebAuthn.addVirtualAuthenticator",
             opts: {
               options: {
-                protocol: 'ctap2',
-                transport: 'usb',
+                protocol: "ctap2",
+                transport: "usb",
                 hasResidentKey: true,
                 hasUserVerification: true,
-                isUserVerified: true
-              }
-            }
+                isUserVerified: true,
+              },
+            },
           }).then((addResult) => {
             cy.get(
-              appPrefix(app) + '[name="webauthn_register_displayname"]'
-            ).type('key1')
+              appPrefix(app) + '[name="webauthn_register_displayname"]',
+            ).type("key1")
 
-            cy.clickWebAuthButton('register')
+            cy.clickWebAuthButton("register")
 
-            cy.get('*[name="webauthn_remove"]').should('have.length', 1)
+            cy.get('*[name="webauthn_remove"]').should("have.length", 1)
 
-            cy.task('sendCRI', {
-              query: 'WebAuthn.removeVirtualAuthenticator',
-              opts: addResult
+            cy.task("sendCRI", {
+              query: "WebAuthn.removeVirtualAuthenticator",
+              opts: addResult,
             }).then(() => {
-              cy.visit(login + '?aal=aal2&refresh=true')
+              cy.visit(login + "?aal=aal2&refresh=true")
               cy.location().should((loc) => {
-                expect(loc.href).to.include('/login')
+                expect(loc.href).to.include("/login")
               })
-              cy.clickWebAuthButton('login')
+              cy.clickWebAuthButton("login")
               cy.location().should((loc) => {
-                expect(loc.href).to.include('/login')
+                expect(loc.href).to.include("/login")
               })
               cy.getSession({
-                expectAal: 'aal2',
-                expectMethods: ['password', 'webauthn']
+                expectAal: "aal2",
+                expectMethods: ["password", "webauthn"],
               })
 
-              cy.task('sendCRI', {
-                query: 'WebAuthn.addVirtualAuthenticator',
+              cy.task("sendCRI", {
+                query: "WebAuthn.addVirtualAuthenticator",
                 opts: {
                   options: {
-                    protocol: 'ctap2',
-                    transport: 'usb',
+                    protocol: "ctap2",
+                    transport: "usb",
                     hasResidentKey: true,
                     hasUserVerification: true,
-                    isUserVerified: true
-                  }
-                }
+                    isUserVerified: true,
+                  },
+                },
               }).then((addResult) => {
-                cy.visit(login + '?aal=aal2&refresh=true')
+                cy.visit(login + "?aal=aal2&refresh=true")
                 cy.location().should((loc) => {
-                  expect(loc.href).to.include('/login')
+                  expect(loc.href).to.include("/login")
                 })
-                cy.clickWebAuthButton('login')
+                cy.clickWebAuthButton("login")
 
                 cy.location().should((loc) => {
-                  expect(loc.href).to.include('/login')
+                  expect(loc.href).to.include("/login")
                 })
 
                 cy.getSession({
-                  expectAal: 'aal2',
-                  expectMethods: ['password', 'webauthn']
+                  expectAal: "aal2",
+                  expectMethods: ["password", "webauthn"],
                 })
               })
             })
@@ -128,135 +128,135 @@ context('2FA WebAuthn', () => {
         })
       })
 
-      it('should be able to link multiple authenticators', () => {
+      it("should be able to link multiple authenticators", () => {
         cy.visit(settings)
 
         // Set up virtual authenticator
-        cy.task('sendCRI', {
-          query: 'WebAuthn.enable',
-          opts: {}
+        cy.task("sendCRI", {
+          query: "WebAuthn.enable",
+          opts: {},
         }).then(() => {
-          cy.task('sendCRI', {
-            query: 'WebAuthn.addVirtualAuthenticator',
+          cy.task("sendCRI", {
+            query: "WebAuthn.addVirtualAuthenticator",
             opts: {
               options: {
-                protocol: 'ctap2',
-                transport: 'usb',
+                protocol: "ctap2",
+                transport: "usb",
                 hasResidentKey: true,
                 hasUserVerification: true,
-                isUserVerified: true
-              }
-            }
+                isUserVerified: true,
+              },
+            },
           }).then((addResult) => {
-            cy.get('*[name="webauthn_register_displayname"]').type('key1')
-            cy.clickWebAuthButton('register')
+            cy.get('*[name="webauthn_register_displayname"]').type("key1")
+            cy.clickWebAuthButton("register")
 
-            cy.get('*[name="webauthn_register_displayname"]').type('key2')
-            cy.clickWebAuthButton('register')
+            cy.get('*[name="webauthn_register_displayname"]').type("key2")
+            cy.clickWebAuthButton("register")
 
-            cy.get('*[name="webauthn_remove"]').should('have.length', 2)
+            cy.get('*[name="webauthn_remove"]').should("have.length", 2)
 
-            cy.visit(login + '?aal=aal2&refresh=true')
+            cy.visit(login + "?aal=aal2&refresh=true")
             cy.location().should((loc) => {
-              expect(loc.href).to.include('/login')
+              expect(loc.href).to.include("/login")
             })
-            cy.get('*[name="webauthn_login_trigger"]').should('have.length', 1)
-            cy.clickWebAuthButton('login')
+            cy.get('*[name="webauthn_login_trigger"]').should("have.length", 1)
+            cy.clickWebAuthButton("login")
           })
         })
       })
 
-      it('should be not be able to link provider if webauth is not enabled', () => {
+      it("should be not be able to link provider if webauth is not enabled", () => {
         cy.visit(settings)
-        cy.get('*[name="webauthn_register_displayname"]').type('my-key')
-        cy.clickWebAuthButton('register')
-        cy.get('*[name="webauthn_remove"]').should('not.exist')
+        cy.get('*[name="webauthn_register_displayname"]').type("my-key")
+        cy.clickWebAuthButton("register")
+        cy.get('*[name="webauthn_remove"]').should("not.exist")
       })
 
-      it('should be able to link a webauthn provider', () => {
+      it("should be able to link a webauthn provider", () => {
         cy.visit(settings)
 
         // Set up virtual authenticator
-        cy.task('sendCRI', {
-          query: 'WebAuthn.enable',
-          opts: {}
+        cy.task("sendCRI", {
+          query: "WebAuthn.enable",
+          opts: {},
         }).then(() => {
-          cy.task('sendCRI', {
-            query: 'WebAuthn.addVirtualAuthenticator',
+          cy.task("sendCRI", {
+            query: "WebAuthn.addVirtualAuthenticator",
             opts: {
               options: {
-                protocol: 'ctap2',
-                transport: 'usb',
+                protocol: "ctap2",
+                transport: "usb",
                 hasResidentKey: true,
                 hasUserVerification: true,
-                isUserVerified: true
-              }
-            }
+                isUserVerified: true,
+              },
+            },
           }).then((addResult) => {
             // Signing up without a display name causes an error
-            cy.get('*[name="webauthn_remove"]').should('not.exist')
+            cy.get('*[name="webauthn_remove"]').should("not.exist")
 
-            cy.clickWebAuthButton('register')
+            cy.clickWebAuthButton("register")
 
             cy.get('[data-testid="ui/message/4000002"]').should(
-              'contain.text',
-              'Property webauthn_register_displayname is missing.'
+              "contain.text",
+              "Property webauthn_register_displayname is missing.",
             )
 
             // Setting up with key works
-            cy.get('*[name="webauthn_register_displayname"]').type('my-key')
+            cy.get('*[name="webauthn_register_displayname"]').type("my-key")
 
             // We need a workaround here. So first we click, then we submit
-            cy.clickWebAuthButton('register')
+            cy.clickWebAuthButton("register")
 
             cy.expectSettingsSaved()
-            cy.get('*[name="webauthn_remove"]').should('exist')
+            cy.get('*[name="webauthn_remove"]').should("exist")
 
             // Login without refresh
             cy.login({ email, password })
-            cy.visit(login + '?aal=aal2')
+            cy.visit(login + "?aal=aal2")
             cy.location().should((loc) => {
-              expect(loc.href).to.include('/login')
+              expect(loc.href).to.include("/login")
             })
 
-            cy.get('*[name="webauthn_login_trigger"]').should('have.length', 1)
-            cy.clickWebAuthButton('login')
+            cy.get('*[name="webauthn_login_trigger"]').should("have.length", 1)
+            cy.clickWebAuthButton("login")
             cy.location().should((loc) => {
-              expect(loc.href).to.not.include('/login')
+              expect(loc.href).to.not.include("/login")
             })
 
             cy.getSession({
-              expectAal: 'aal2',
-              expectMethods: ['password', 'webauthn']
+              expectAal: "aal2",
+              expectMethods: ["password", "webauthn"],
             })
 
             // Login with refresh
-            cy.visit(login + '?aal=aal2&refresh=true')
+            cy.visit(login + "?aal=aal2&refresh=true")
             cy.location().should((loc) => {
-              expect(loc.href).to.include('/login')
+              expect(loc.href).to.include("/login")
             })
 
-            cy.get('*[name="webauthn_login_trigger"]').should('have.length', 1)
-            cy.clickWebAuthButton('login')
+            cy.get('*[name="webauthn_login_trigger"]').should("have.length", 1)
+            cy.clickWebAuthButton("login")
             cy.location().should((loc) => {
-              expect(loc.href).to.not.include('/login')
+              expect(loc.href).to.not.include("/login")
             })
 
             cy.getSession({
-              expectAal: 'aal2',
-              expectMethods: ['password', 'webauthn', 'webauthn']
+              expectAal: "aal2",
+              expectMethods: ["password", "webauthn", "webauthn"],
             })
             cy.visit(settings)
             cy.get('*[name="webauthn_remove"]').click()
-            cy.get('*[name="webauthn_remove"]').should('not.exist')
+            cy.get('*[name="webauthn_remove"]').should("not.exist")
 
-            cy.visit(login + '?aal=aal2&refresh=true')
+            cy.visit(login + "?aal=aal2&refresh=true")
             cy.location().should((loc) => {
-              expect(loc.href).to.include('/login')
+              expect(loc.href).to.include("/login")
             })
 
-            cy.get('button[name="webauthn_login_trigger"]').should('not.exist')
-            cy.get('[data-testid="ui/message/1010003"]').should('exist')
+            cy.get('button[name="webauthn_login_trigger"]').should("not.exist")
+            cy.get('[data-testid="ui/message/1010003"]').should("exist")
           })
         })
       })
diff --git a/test/e2e/cypress/integration/profiles/mobile/login/errors.spec.ts b/test/e2e/cypress/integration/profiles/mobile/login/errors.spec.ts
index 8eb44b7c607a..a16be43ff03f 100644
--- a/test/e2e/cypress/integration/profiles/mobile/login/errors.spec.ts
+++ b/test/e2e/cypress/integration/profiles/mobile/login/errors.spec.ts
@@ -1,54 +1,54 @@
-import { gen, MOBILE_URL } from '../../../../helpers'
+import { gen, MOBILE_URL } from "../../../../helpers"
 
-context('Mobile Profile', () => {
-  describe('Login Flow Errors', () => {
+context("Mobile Profile", () => {
+  describe("Login Flow Errors", () => {
     before(() => {
       cy.clearAllCookies()
-      cy.useConfigProfile('mobile')
+      cy.useConfigProfile("mobile")
     })
 
     beforeEach(() => {
-      cy.visit(MOBILE_URL + '/Login')
+      cy.visit(MOBILE_URL + "/Login")
     })
 
-    describe('shows validation errors when invalid signup data is used', () => {
-      it('should show an error when the identifier is missing', () => {
+    describe("shows validation errors when invalid signup data is used", () => {
+      it("should show an error when the identifier is missing", () => {
         cy.get('input[data-testid="password"]').type(gen.password())
 
         cy.get('div[data-testid="submit-form"]').click()
 
         cy.get('*[data-testid="field/identifier"]').should(
-          'contain.text',
-          'Property identifier is missing.'
+          "contain.text",
+          "Property identifier is missing.",
         )
 
         cy.get('*[data-testid="field/password"]').should(
-          'not.contain.text',
-          'Property password is missing.'
+          "not.contain.text",
+          "Property password is missing.",
         )
       })
 
-      it('should show an error when the password is missing', () => {
+      it("should show an error when the password is missing", () => {
         const email = gen.email()
         cy.get('input[data-testid="identifier"]')
           .type(email)
-          .should('have.value', email)
+          .should("have.value", email)
 
         cy.get('div[data-testid="submit-form"]').click()
 
         cy.get('*[data-testid="field/password"]').should(
-          'contain.text',
-          'Property password is missing.'
+          "contain.text",
+          "Property password is missing.",
         )
       })
 
-      it('should show fail to sign in', () => {
+      it("should show fail to sign in", () => {
         cy.get('input[data-testid="identifier"]').type(gen.email())
         cy.get('input[data-testid="password"]').type(gen.password())
         cy.get('*[data-testid="submit-form"]').click()
         cy.get('*[data-testid="form-messages"]').should(
-          'contain.text',
-          'credentials are invalid'
+          "contain.text",
+          "credentials are invalid",
         )
       })
     })
diff --git a/test/e2e/cypress/integration/profiles/mobile/login/success.spec.ts b/test/e2e/cypress/integration/profiles/mobile/login/success.spec.ts
index 37d4cd391b79..94552b6eb3ff 100644
--- a/test/e2e/cypress/integration/profiles/mobile/login/success.spec.ts
+++ b/test/e2e/cypress/integration/profiles/mobile/login/success.spec.ts
@@ -1,29 +1,29 @@
-import { gen, MOBILE_URL, website } from '../../../../helpers'
+import { gen, MOBILE_URL, website } from "../../../../helpers"
 
-context('Mobile Profile', () => {
-  describe('Login Flow Success', () => {
+context("Mobile Profile", () => {
+  describe("Login Flow Success", () => {
     before(() => {
-      cy.useConfigProfile('mobile')
+      cy.useConfigProfile("mobile")
     })
 
     const email = gen.email()
     const password = gen.password()
 
     before(() => {
-      cy.registerApi({ email, password, fields: { 'traits.website': website } })
+      cy.registerApi({ email, password, fields: { "traits.website": website } })
     })
 
     beforeEach(() => {
-      cy.visit(MOBILE_URL + '/Login')
+      cy.visit(MOBILE_URL + "/Login")
     })
 
-    it('should sign up and be logged in', () => {
+    it("should sign up and be logged in", () => {
       cy.get('input[data-testid="identifier"]').type(email)
       cy.get('input[data-testid="password"]').type(password)
       cy.get('div[data-testid="submit-form"]').click()
 
-      cy.get('[data-testid="session-content"]').should('contain', email)
-      cy.get('[data-testid="session-token"]').should('not.be.empty')
+      cy.get('[data-testid="session-content"]').should("contain", email)
+      cy.get('[data-testid="session-token"]').should("not.be.empty")
     })
   })
 })
diff --git a/test/e2e/cypress/integration/profiles/mobile/mfa/backup.spec.ts b/test/e2e/cypress/integration/profiles/mobile/mfa/backup.spec.ts
index 7a1a43f334f1..e92637552ad9 100644
--- a/test/e2e/cypress/integration/profiles/mobile/mfa/backup.spec.ts
+++ b/test/e2e/cypress/integration/profiles/mobile/mfa/backup.spec.ts
@@ -1,12 +1,12 @@
-import { gen, MOBILE_URL, website } from '../../../../helpers'
+import { gen, MOBILE_URL, website } from "../../../../helpers"
 
-context('Mobile Profile', () => {
-  describe('TOTP 2FA Flow', () => {
+context("Mobile Profile", () => {
+  describe("TOTP 2FA Flow", () => {
     before(() => {
-      cy.useConfigProfile('mobile')
+      cy.useConfigProfile("mobile")
     })
 
-    describe('password', () => {
+    describe("password", () => {
       let email = gen.email()
       let password = gen.password()
 
@@ -21,91 +21,91 @@ context('Mobile Profile', () => {
         cy.registerApi({
           email,
           password,
-          fields: { 'traits.website': website }
+          fields: { "traits.website": website },
         })
 
         cy.loginMobile({ email, password })
-        cy.visit(MOBILE_URL + '/Settings')
+        cy.visit(MOBILE_URL + "/Settings")
       })
 
-      it('should be able to lifecycle through lookup_secret flows', () => {
-        cy.get('[data-testid="field/lookup_secret_codes"]').should('not.exist')
+      it("should be able to lifecycle through lookup_secret flows", () => {
+        cy.get('[data-testid="field/lookup_secret_codes"]').should("not.exist")
         cy.get('[data-testid="field/lookup_secret_confirm/true"]').should(
-          'not.exist'
+          "not.exist",
         )
         cy.get('[data-testid="field/lookup_secret_reveal/true"]').should(
-          'not.exist'
+          "not.exist",
         )
         cy.get('[data-testid="field/lookup_secret_regenerate/true"]').click()
 
         cy.get('[data-testid="field/lookup_secret_reveal/true"]').should(
-          'not.exist'
+          "not.exist",
         )
-        cy.get('[data-testid="field/lookup_secret_codes"]').should('exist')
+        cy.get('[data-testid="field/lookup_secret_codes"]').should("exist")
         let codes
         cy.get('[data-testid="field/lookup_secret_codes/text"]').then(($e) => {
-          codes = $e.text().trim().split(', ')
+          codes = $e.text().trim().split(", ")
         })
         cy.get('[data-testid="field/lookup_secret_confirm/true"]').click()
         cy.expectSettingsSaved()
 
         cy.get('[data-testid="field/lookup_secret_confirm/true"]').should(
-          'not.exist'
+          "not.exist",
         )
         cy.get('[data-testid="field/lookup_secret_regenerate/true"]').should(
-          'not.exist'
+          "not.exist",
         )
         cy.get('[data-testid="field/lookup_secret_codes/true"]').should(
-          'not.exist'
+          "not.exist",
         )
 
         cy.get('[data-testid="field/lookup_secret_reveal/true"]').click()
         cy.get('[data-testid="field/lookup_secret_regenerate/true"]').should(
-          'exist'
+          "exist",
         )
         cy.get('[data-testid="field/lookup_secret_codes/text"]').then(($e) => {
-          const actualCodes = $e.text().trim().split(', ')
-          expect(actualCodes.join(', ')).to.eq(codes.join(', '))
+          const actualCodes = $e.text().trim().split(", ")
+          expect(actualCodes.join(", ")).to.eq(codes.join(", "))
         })
 
         let newCodes
         cy.get('[data-testid="field/lookup_secret_regenerate/true"]').click()
         cy.get(
-          '[data-testid="field/lookup_secret_regenerate/true"]:disabled'
-        ).should('not.exist')
+          '[data-testid="field/lookup_secret_regenerate/true"]:disabled',
+        ).should("not.exist")
         cy.get('[data-testid="field/lookup_secret_codes/text"]').then(($e) => {
-          newCodes = $e.text().trim().split(', ')
-          expect(newCodes.join(', ')).to.not.eq(codes.join(', '))
+          newCodes = $e.text().trim().split(", ")
+          expect(newCodes.join(", ")).to.not.eq(codes.join(", "))
         })
         cy.get('[data-testid="field/lookup_secret_confirm/true"]').click()
         cy.expectSettingsSaved()
 
         cy.get('[data-testid="field/lookup_secret_reveal/true"]').click()
         cy.get('[data-testid="field/lookup_secret_codes/text"]').then(($e) => {
-          const actualCodes = $e.text().trim().split(', ')
-          expect(actualCodes.join(', ')).to.eq(newCodes.join(', '))
+          const actualCodes = $e.text().trim().split(", ")
+          expect(actualCodes.join(", ")).to.eq(newCodes.join(", "))
         })
 
-        cy.visit(MOBILE_URL + '/Login?aal=aal2&refresh=true')
+        cy.visit(MOBILE_URL + "/Login?aal=aal2&refresh=true")
 
         // First use a wrong code
-        cy.get('[data-testid=lookup_secret]').then(($e) => {
+        cy.get("[data-testid=lookup_secret]").then(($e) => {
           console.log(codes)
-          cy.wrap($e).type('1234')
+          cy.wrap($e).type("1234")
         })
         cy.get('[data-testid="field/method/lookup_secret"]').click()
         cy.get('[data-testid="form-messages"]').should(
-          'contain.text',
-          'The backup recovery code is not valid.'
+          "contain.text",
+          "The backup recovery code is not valid.",
         )
-        cy.get('[data-testid=lookup_secret]').then(($e) => {
+        cy.get("[data-testid=lookup_secret]").then(($e) => {
           cy.wrap($e).type(newCodes[0])
         })
         cy.get('[data-testid="field/method/lookup_secret"]').click()
-        cy.get('[data-testid="session-content"]').should('contain', 'aal2')
+        cy.get('[data-testid="session-content"]').should("contain", "aal2")
         cy.get('[data-testid="session-content"]').should(
-          'contain',
-          'lookup_secret'
+          "contain",
+          "lookup_secret",
         )
       })
     })
diff --git a/test/e2e/cypress/integration/profiles/mobile/mfa/mix.spec.ts b/test/e2e/cypress/integration/profiles/mobile/mfa/mix.spec.ts
index 31e8b7433498..93b288467d64 100644
--- a/test/e2e/cypress/integration/profiles/mobile/mfa/mix.spec.ts
+++ b/test/e2e/cypress/integration/profiles/mobile/mfa/mix.spec.ts
@@ -1,13 +1,13 @@
-import { APP_URL, gen, MOBILE_URL, website } from '../../../../helpers'
-import { authenticator } from 'otplib'
+import { APP_URL, gen, MOBILE_URL, website } from "../../../../helpers"
+import { authenticator } from "otplib"
 
-context('Mobile Profile', () => {
-  describe('TOTP 2FA Flow', () => {
+context("Mobile Profile", () => {
+  describe("TOTP 2FA Flow", () => {
     before(() => {
-      cy.useConfigProfile('mobile')
+      cy.useConfigProfile("mobile")
     })
 
-    describe('password', () => {
+    describe("password", () => {
       let email = gen.email()
       let password = gen.password()
 
@@ -22,13 +22,13 @@ context('Mobile Profile', () => {
         cy.registerApi({
           email,
           password,
-          fields: { 'traits.website': website }
+          fields: { "traits.website": website },
         })
         cy.loginMobile({ email, password })
-        cy.visit(MOBILE_URL + '/Settings')
+        cy.visit(MOBILE_URL + "/Settings")
       })
 
-      it('should be able to use both TOTP and lookup', () => {
+      it("should be able to use both TOTP and lookup", () => {
         // set up totp
         let totpSecret
         cy.get('*[data-testid="field/totp_secret_key/text"]').then(($e) => {
@@ -44,35 +44,35 @@ context('Mobile Profile', () => {
         cy.get('*[data-testid="field/lookup_secret_regenerate/true"]').click()
         let recoveryCodes
         cy.get('*[data-testid="field/lookup_secret_codes/text"]').then(($e) => {
-          recoveryCodes = $e.text().trim().split(', ')
+          recoveryCodes = $e.text().trim().split(", ")
         })
         cy.get('*[data-testid="field/lookup_secret_confirm/true"]').click()
         cy.expectSettingsSaved()
 
         // Lets sign in with TOTP
-        cy.visit(MOBILE_URL + '/Login?aal=aal2&refresh=true')
+        cy.visit(MOBILE_URL + "/Login?aal=aal2&refresh=true")
         cy.get('*[data-testid="field/totp_code"]').then(($e) => {
           cy.wrap($e).type(authenticator.generate(totpSecret))
         })
         cy.get('*[data-testid="field/method/totp"]').click()
 
         // We have AAL now
-        cy.get('[data-testid="session-content"]').should('contain', 'aal2')
-        cy.get('[data-testid="session-content"]').should('contain', 'totp')
+        cy.get('[data-testid="session-content"]').should("contain", "aal2")
+        cy.get('[data-testid="session-content"]').should("contain", "totp")
 
         // Lets sign in with lookup secret
-        cy.visit(MOBILE_URL + '/Login?aal=aal2&refresh=true')
+        cy.visit(MOBILE_URL + "/Login?aal=aal2&refresh=true")
         cy.get('*[data-testid="field/lookup_secret"]').then(($e) => {
           cy.wrap($e).type(recoveryCodes[0])
         })
         cy.get('*[data-testid="field/method/lookup_secret"]').click()
 
         // We have AAL now
-        cy.get('[data-testid="session-content"]').should('contain', 'aal2')
-        cy.get('[data-testid="session-content"]').should('contain', 'totp')
+        cy.get('[data-testid="session-content"]').should("contain", "aal2")
+        cy.get('[data-testid="session-content"]').should("contain", "totp")
         cy.get('[data-testid="session-content"]').should(
-          'contain',
-          'lookup_secret'
+          "contain",
+          "lookup_secret",
         )
       })
     })
diff --git a/test/e2e/cypress/integration/profiles/mobile/mfa/totp.spec.ts b/test/e2e/cypress/integration/profiles/mobile/mfa/totp.spec.ts
index f24331139765..2fcdb937676b 100644
--- a/test/e2e/cypress/integration/profiles/mobile/mfa/totp.spec.ts
+++ b/test/e2e/cypress/integration/profiles/mobile/mfa/totp.spec.ts
@@ -1,13 +1,13 @@
-import { APP_URL, gen, MOBILE_URL, website } from '../../../../helpers'
-import { authenticator } from 'otplib'
+import { APP_URL, gen, MOBILE_URL, website } from "../../../../helpers"
+import { authenticator } from "otplib"
 
-context('Mobile Profile', () => {
-  describe('TOTP 2FA Flow', () => {
+context("Mobile Profile", () => {
+  describe("TOTP 2FA Flow", () => {
     before(() => {
-      cy.useConfigProfile('mobile')
+      cy.useConfigProfile("mobile")
     })
 
-    describe('password', () => {
+    describe("password", () => {
       let email = gen.email()
       let password = gen.password()
 
@@ -22,22 +22,22 @@ context('Mobile Profile', () => {
         cy.registerApi({
           email,
           password,
-          fields: { 'traits.website': website }
+          fields: { "traits.website": website },
         })
         cy.loginMobile({ email, password })
-        cy.visit(MOBILE_URL + '/Settings')
+        cy.visit(MOBILE_URL + "/Settings")
       })
 
-      it('should be able to lifecycle through TOTP flows', () => {
-        cy.get('*[data-testid="field/totp_qr"]').should('exist')
-        cy.get('*[data-testid="field/totp_code"]').should('exist')
+      it("should be able to lifecycle through TOTP flows", () => {
+        cy.get('*[data-testid="field/totp_qr"]').should("exist")
+        cy.get('*[data-testid="field/totp_code"]').should("exist")
 
         // Set up TOTP with invalid key
-        cy.get('*[data-testid="field/totp_code"]').type('111111')
+        cy.get('*[data-testid="field/totp_code"]').type("111111")
         cy.get('*[data-testid="field/method/totp"]').click()
         cy.get('*[data-testid="field/totp_code"]').should(
-          'contain.text',
-          'The provided authentication code is invalid, please try again.'
+          "contain.text",
+          "The provided authentication code is invalid, please try again.",
         )
 
         // Set up TOTP with valid key
@@ -53,21 +53,21 @@ context('Mobile Profile', () => {
 
         // Form should look different now
         cy.get('*[data-testid="field/totp_secret_key/text"]').should(
-          'not.exist'
+          "not.exist",
         )
-        cy.get('*[data-testid="field/totp_code"]').should('not.exist')
-        cy.get('*[data-testid="field/totp_qr"]').should('not.exist')
-        cy.get('*[data-testid="field/totp_unlink/true"]').should('exist')
+        cy.get('*[data-testid="field/totp_code"]').should("not.exist")
+        cy.get('*[data-testid="field/totp_qr"]').should("not.exist")
+        cy.get('*[data-testid="field/totp_unlink/true"]').should("exist")
 
         // Lets sign in
-        cy.visit(MOBILE_URL + '/Login?aal=aal2&refresh=true')
+        cy.visit(MOBILE_URL + "/Login?aal=aal2&refresh=true")
 
         // First use a wrong code
-        cy.get('*[data-testid="field/totp_code"]').type('111111')
+        cy.get('*[data-testid="field/totp_code"]').type("111111")
         cy.get('*[data-testid="field/method/totp"]').click()
         cy.get('*[data-testid="form-messages"]').should(
-          'contain.text',
-          'The provided authentication code is invalid, please try again.'
+          "contain.text",
+          "The provided authentication code is invalid, please try again.",
         )
 
         // Use the correct code
@@ -77,15 +77,15 @@ context('Mobile Profile', () => {
         cy.get('*[data-testid="field/method/totp"]').click()
 
         // We have AAL now
-        cy.get('[data-testid="session-content"]').should('contain', 'aal2')
-        cy.get('[data-testid="session-content"]').should('contain', 'totp')
+        cy.get('[data-testid="session-content"]').should("contain", "aal2")
+        cy.get('[data-testid="session-content"]').should("contain", "totp")
 
         // Go back to settings and unlink
-        cy.visit(MOBILE_URL + '/Settings')
+        cy.visit(MOBILE_URL + "/Settings")
         cy.get('*[data-testid="field/totp_unlink/true"]').click()
-        cy.get('*[data-testid="field/totp_unlink/true"]').should('not.exist')
-        cy.get('*[data-testid="field/totp_qr"]').should('exist')
-        cy.get('*[data-testid="field/totp_code"]').should('exist')
+        cy.get('*[data-testid="field/totp_unlink/true"]').should("not.exist")
+        cy.get('*[data-testid="field/totp_qr"]').should("exist")
+        cy.get('*[data-testid="field/totp_code"]').should("exist")
       })
     })
   })
diff --git a/test/e2e/cypress/integration/profiles/mobile/registration/errors.spec.ts b/test/e2e/cypress/integration/profiles/mobile/registration/errors.spec.ts
index c5e3d04cd93d..180a7b8da224 100644
--- a/test/e2e/cypress/integration/profiles/mobile/registration/errors.spec.ts
+++ b/test/e2e/cypress/integration/profiles/mobile/registration/errors.spec.ts
@@ -1,93 +1,93 @@
-import { gen, MOBILE_URL, website } from '../../../../helpers'
+import { gen, MOBILE_URL, website } from "../../../../helpers"
 
-context('Mobile Profile', () => {
-  describe('Registration Flow Errors', () => {
+context("Mobile Profile", () => {
+  describe("Registration Flow Errors", () => {
     before(() => {
-      cy.useConfigProfile('mobile')
+      cy.useConfigProfile("mobile")
     })
 
     beforeEach(() => {
-      cy.visit(MOBILE_URL + '/Registration')
+      cy.visit(MOBILE_URL + "/Registration")
     })
 
     const email = gen.email()
     const password = gen.password()
 
-    describe('show errors when invalid signup data is used', () => {
-      it('should show an error when the password has leaked before', () => {
+    describe("show errors when invalid signup data is used", () => {
+      it("should show an error when the password has leaked before", () => {
         cy.get('input[data-testid="traits.email"]').type(email)
-        cy.get('input[data-testid="password"]').type('12345678')
+        cy.get('input[data-testid="password"]').type("12345678")
         cy.get('input[data-testid="traits.website"]').type(website)
         cy.get('div[data-testid="submit-form"]').click()
 
         cy.get('*[data-testid="field/password"]').should(
-          'contain.text',
-          'data breaches'
+          "contain.text",
+          "data breaches",
         )
       })
 
-      it('should show an error when the password is too similar', () => {
+      it("should show an error when the password is too similar", () => {
         cy.get('input[data-testid="traits.email"]').type(email)
         cy.get('input[data-testid="password"]').type(email)
         cy.get('input[data-testid="traits.website"]').type(website)
         cy.get('div[data-testid="submit-form"]').click()
 
         cy.get('*[data-testid="field/password"]').should(
-          'contain.text',
-          'too similar'
+          "contain.text",
+          "too similar",
         )
       })
 
-      it('should show an error when the password is empty', () => {
+      it("should show an error when the password is empty", () => {
         cy.get('input[data-testid="traits.website"]').type(website)
         cy.get('input[data-testid="traits.email"]').type(email)
 
         cy.get('div[data-testid="submit-form"]').click()
         cy.get('*[data-testid="field/password"]').should(
-          'contain.text',
-          'Property password is missing'
+          "contain.text",
+          "Property password is missing",
         )
       })
 
-      it('should show an error when the email is empty', () => {
-        cy.get('input[data-testid="traits.website"]').type('https://www.ory.sh')
+      it("should show an error when the email is empty", () => {
+        cy.get('input[data-testid="traits.website"]').type("https://www.ory.sh")
         cy.get('input[data-testid="password"]').type(password)
 
         cy.get('div[data-testid="submit-form"]').click()
         cy.get('*[data-testid="field/traits.email"]').should(
-          'contain.text',
-          'Property email is missing'
+          "contain.text",
+          "Property email is missing",
         )
       })
 
-      it('should show an error when the email is not an email', () => {
-        cy.get('input[data-testid="traits.website"]').type('https://www.ory.sh')
-        cy.get('input[data-testid="traits.email"]').type('not-an-email')
+      it("should show an error when the email is not an email", () => {
+        cy.get('input[data-testid="traits.website"]').type("https://www.ory.sh")
+        cy.get('input[data-testid="traits.email"]').type("not-an-email")
         cy.get('input[data-testid="password"]').type(password)
 
         cy.get('div[data-testid="submit-form"]').click()
         cy.get('*[data-testid="field/traits.email"]').should(
-          'contain.text',
-          'valid "email"'
+          "contain.text",
+          'valid "email"',
         )
       })
 
-      it('should show a missing indicator if no fields are set', () => {
+      it("should show a missing indicator if no fields are set", () => {
         cy.get('div[data-testid="submit-form"]').click()
         cy.get('*[data-testid="field/password"]').should(
-          'contain.text',
-          'Property password is missing'
+          "contain.text",
+          "Property password is missing",
         )
       })
 
-      it('should show an error when the website is too short', () => {
-        cy.get('input[data-testid="traits.website"]').type('http://s')
+      it("should show an error when the website is too short", () => {
+        cy.get('input[data-testid="traits.website"]').type("http://s")
         cy.get('input[data-testid="traits.email"]').type(email)
 
         cy.get('div[data-testid="submit-form"]').click()
         cy.get('*[data-testid="field/traits.website"]').should(
-          'contain.text',
-          'length must be >= 10'
+          "contain.text",
+          "length must be >= 10",
         )
       })
     })
diff --git a/test/e2e/cypress/integration/profiles/mobile/registration/success.spec.ts b/test/e2e/cypress/integration/profiles/mobile/registration/success.spec.ts
index 47af10321ace..06b1c842080b 100644
--- a/test/e2e/cypress/integration/profiles/mobile/registration/success.spec.ts
+++ b/test/e2e/cypress/integration/profiles/mobile/registration/success.spec.ts
@@ -1,16 +1,16 @@
-import { MOBILE_URL, gen, website } from '../../../../helpers'
+import { MOBILE_URL, gen, website } from "../../../../helpers"
 
-context('Mobile Profile', () => {
-  describe('Login Flow Success', () => {
+context("Mobile Profile", () => {
+  describe("Login Flow Success", () => {
     before(() => {
-      cy.useConfigProfile('mobile')
+      cy.useConfigProfile("mobile")
     })
 
     beforeEach(() => {
-      cy.visit(MOBILE_URL + '/Registration')
+      cy.visit(MOBILE_URL + "/Registration")
     })
 
-    it('should sign up and be logged in', () => {
+    it("should sign up and be logged in", () => {
       const email = gen.email()
       const password = gen.password()
 
@@ -19,8 +19,8 @@ context('Mobile Profile', () => {
       cy.get('input[data-testid="traits.website"]').type(website)
       cy.get('div[data-testid="submit-form"]').click()
 
-      cy.get('[data-testid="session-content"]').should('contain', email)
-      cy.get('[data-testid="session-token"]').should('not.be.empty')
+      cy.get('[data-testid="session-content"]').should("contain", email)
+      cy.get('[data-testid="session-token"]').should("not.be.empty")
     })
   })
 })
diff --git a/test/e2e/cypress/integration/profiles/mobile/settings/errors.spec.ts b/test/e2e/cypress/integration/profiles/mobile/settings/errors.spec.ts
index 4a3a3b41dcb3..d159dff2eeaa 100644
--- a/test/e2e/cypress/integration/profiles/mobile/settings/errors.spec.ts
+++ b/test/e2e/cypress/integration/profiles/mobile/settings/errors.spec.ts
@@ -1,9 +1,9 @@
-import { gen, MOBILE_URL, website } from '../../../../helpers'
+import { gen, MOBILE_URL, website } from "../../../../helpers"
 
-context('Mobile Profile', () => {
-  describe('Settings Flow Errors', () => {
+context("Mobile Profile", () => {
+  describe("Settings Flow Errors", () => {
     before(() => {
-      cy.useConfigProfile('mobile')
+      cy.useConfigProfile("mobile")
     })
 
     let email, password
@@ -11,35 +11,35 @@ context('Mobile Profile', () => {
     before(() => {
       email = gen.email()
       password = gen.password()
-      cy.registerApi({ email, password, fields: { 'traits.website': website } })
+      cy.registerApi({ email, password, fields: { "traits.website": website } })
     })
 
     beforeEach(() => {
       cy.loginMobile({ email, password })
-      cy.visit(MOBILE_URL + '/Settings')
+      cy.visit(MOBILE_URL + "/Settings")
     })
 
-    describe('profile', () => {
-      it('fails with validation errors', () => {
+    describe("profile", () => {
+      it("fails with validation errors", () => {
         cy.get(
-          '*[data-testid="settings-profile"] input[data-testid="traits.website"]'
+          '*[data-testid="settings-profile"] input[data-testid="traits.website"]',
         )
           .clear()
-          .type('http://s')
+          .type("http://s")
         cy.get(
-          '*[data-testid="settings-profile"] div[data-testid="submit-form"]'
+          '*[data-testid="settings-profile"] div[data-testid="submit-form"]',
         ).click()
 
         cy.get(
-          '*[data-testid="settings-profile"] div[data-testid="submit-form"]'
-        ).should('have.attr', 'data-focusable', 'true')
+          '*[data-testid="settings-profile"] div[data-testid="submit-form"]',
+        ).should("have.attr", "data-focusable", "true")
 
         cy.get('*[data-testid="field/traits.website"]').should(
-          'contain.text',
-          'length must be >= 10'
+          "contain.text",
+          "length must be >= 10",
         )
 
-        cy.get('*[data-testid="settings-password"]').should('exist')
+        cy.get('*[data-testid="settings-password"]').should("exist")
       })
     })
   })
diff --git a/test/e2e/cypress/integration/profiles/mobile/settings/success.spec.ts b/test/e2e/cypress/integration/profiles/mobile/settings/success.spec.ts
index 6e410350249b..193ce29475fa 100644
--- a/test/e2e/cypress/integration/profiles/mobile/settings/success.spec.ts
+++ b/test/e2e/cypress/integration/profiles/mobile/settings/success.spec.ts
@@ -1,14 +1,14 @@
-import { gen, MOBILE_URL, website } from '../../../../helpers'
+import { gen, MOBILE_URL, website } from "../../../../helpers"
 
-context('Mobile Profile', () => {
-  describe('Login Flow Success', () => {
+context("Mobile Profile", () => {
+  describe("Login Flow Success", () => {
     before(() => {
-      cy.useConfigProfile('mobile')
+      cy.useConfigProfile("mobile")
     })
 
     const up = (value) => `not-${value}`
 
-    describe('password', () => {
+    describe("password", () => {
       const email = gen.email()
       const password = gen.password()
 
@@ -16,40 +16,40 @@ context('Mobile Profile', () => {
         cy.registerApi({
           email,
           password,
-          fields: { 'traits.website': website }
+          fields: { "traits.website": website },
         })
       })
 
       beforeEach(() => {
         cy.loginMobile({ email, password })
-        cy.visit(MOBILE_URL + '/Settings')
+        cy.visit(MOBILE_URL + "/Settings")
       })
 
-      it('modifies the password', () => {
+      it("modifies the password", () => {
         const newPassword = up(password)
         cy.get(
-          '*[data-testid="settings-password"] input[data-testid="password"]'
+          '*[data-testid="settings-password"] input[data-testid="password"]',
         )
           .clear()
           .type(newPassword)
         cy.get(
-          '*[data-testid="settings-password"] div[data-testid="submit-form"]'
+          '*[data-testid="settings-password"] div[data-testid="submit-form"]',
         ).click()
 
         cy.get(
-          '*[data-testid="settings-password"] div[data-testid="submit-form"]'
-        ).should('have.attr', 'data-focusable', 'true')
+          '*[data-testid="settings-password"] div[data-testid="submit-form"]',
+        ).should("have.attr", "data-focusable", "true")
         cy.get('*[data-testid="logout"]').click()
 
-        cy.visit(MOBILE_URL + '/Home')
+        cy.visit(MOBILE_URL + "/Home")
         cy.loginMobile({ email, password })
-        cy.get('[data-testid="session-token"]').should('not.exist')
+        cy.get('[data-testid="session-token"]').should("not.exist")
         cy.loginMobile({ email, password: newPassword })
-        cy.get('[data-testid="session-token"]').should('not.be.empty')
+        cy.get('[data-testid="session-token"]').should("not.be.empty")
       })
     })
 
-    describe('profile', () => {
+    describe("profile", () => {
       const email = gen.email()
       const password = gen.password()
 
@@ -57,51 +57,51 @@ context('Mobile Profile', () => {
         cy.registerApi({
           email,
           password,
-          fields: { 'traits.website': website }
+          fields: { "traits.website": website },
         })
       })
 
       beforeEach(() => {
         cy.loginMobile({ email, password })
-        cy.visit(MOBILE_URL + '/Settings')
+        cy.visit(MOBILE_URL + "/Settings")
       })
 
-      it('modifies an unprotected trait', () => {
+      it("modifies an unprotected trait", () => {
         cy.get(
-          '*[data-testid="settings-profile"] input[data-testid="traits.website"]'
+          '*[data-testid="settings-profile"] input[data-testid="traits.website"]',
         )
           .clear()
-          .type('https://github.com/ory')
+          .type("https://github.com/ory")
         cy.get(
-          '*[data-testid="settings-profile"] div[data-testid="submit-form"]'
+          '*[data-testid="settings-profile"] div[data-testid="submit-form"]',
         ).click()
         cy.get(
-          '*[data-testid="settings-profile"] div[data-testid="submit-form"]'
-        ).should('have.attr', 'data-focusable', 'true')
+          '*[data-testid="settings-profile"] div[data-testid="submit-form"]',
+        ).should("have.attr", "data-focusable", "true")
 
-        cy.visit(MOBILE_URL + '/Home')
+        cy.visit(MOBILE_URL + "/Home")
         cy.get('[data-testid="session-content"]').should(
-          'contain',
-          'https://github.com/ory'
+          "contain",
+          "https://github.com/ory",
         )
       })
 
-      it('modifies a protected trait', () => {
+      it("modifies a protected trait", () => {
         const newEmail = up(email)
         cy.get(
-          '*[data-testid="settings-profile"] input[data-testid="traits.email"]'
+          '*[data-testid="settings-profile"] input[data-testid="traits.email"]',
         )
           .clear()
           .type(newEmail)
         cy.get(
-          '*[data-testid="settings-profile"] div[data-testid="submit-form"]'
+          '*[data-testid="settings-profile"] div[data-testid="submit-form"]',
         ).click()
         cy.get(
-          '*[data-testid="settings-profile"] div[data-testid="submit-form"]'
-        ).should('have.attr', 'data-focusable', 'true')
+          '*[data-testid="settings-profile"] div[data-testid="submit-form"]',
+        ).should("have.attr", "data-focusable", "true")
 
-        cy.visit(MOBILE_URL + '/Home')
-        cy.get('[data-testid="session-content"]').should('contain', newEmail)
+        cy.visit(MOBILE_URL + "/Home")
+        cy.get('[data-testid="session-content"]').should("contain", newEmail)
       })
     })
   })
diff --git a/test/e2e/cypress/integration/profiles/network/errors.spec.ts b/test/e2e/cypress/integration/profiles/network/errors.spec.ts
index f551106fb833..427f090d9c6e 100644
--- a/test/e2e/cypress/integration/profiles/network/errors.spec.ts
+++ b/test/e2e/cypress/integration/profiles/network/errors.spec.ts
@@ -1,51 +1,51 @@
-import { routes as express } from '../../../helpers/express'
-import { gen } from '../../../helpers'
+import { routes as express } from "../../../helpers/express"
+import { gen } from "../../../helpers"
 
-describe('Registration failures with email profile', () => {
+describe("Registration failures with email profile", () => {
   before(() => {
-    cy.useConfigProfile('network')
-    cy.proxy('express')
+    cy.useConfigProfile("network")
+    cy.proxy("express")
   })
 
-  it('should not be able to register if we need a localhost schema', () => {
-    cy.setDefaultIdentitySchema('localhost')
+  it("should not be able to register if we need a localhost schema", () => {
+    cy.setDefaultIdentitySchema("localhost")
     cy.visit(express.registration, { failOnStatusCode: false })
-    cy.get('.code-box').should(
-      'contain.text',
-      'ip 127.0.0.1 is in the 127.0.0.0/8'
+    cy.get(".code-box").should(
+      "contain.text",
+      "ip 127.0.0.1 is in the 127.0.0.0/8",
     )
   })
 
-  it('should not be able to register if we schema has a local ref', () => {
-    cy.setDefaultIdentitySchema('ref')
+  it("should not be able to register if we schema has a local ref", () => {
+    cy.setDefaultIdentitySchema("ref")
     cy.visit(express.registration, { failOnStatusCode: false })
-    cy.get('.code-box').should(
-      'contain.text',
-      'ip 192.168.178.1 is in the 192.168.0.0/16 range'
+    cy.get(".code-box").should(
+      "contain.text",
+      "ip 192.168.178.1 is in the 192.168.0.0/16 range",
     )
   })
 
-  it('should not be able to login because pre webhook uses local url', () => {
-    cy.setDefaultIdentitySchema('working')
+  it("should not be able to login because pre webhook uses local url", () => {
+    cy.setDefaultIdentitySchema("working")
     cy.visit(express.login, { failOnStatusCode: false })
-    cy.get('.code-box').should(
-      'contain.text',
-      'ip 192.168.178.2 is in the 192.168.0.0/16 range'
+    cy.get(".code-box").should(
+      "contain.text",
+      "ip 192.168.178.2 is in the 192.168.0.0/16 range",
     )
   })
 
-  it('should not be able to verify because post webhook uses local jsonnet', () => {
-    cy.setDefaultIdentitySchema('working')
+  it("should not be able to verify because post webhook uses local jsonnet", () => {
+    cy.setDefaultIdentitySchema("working")
     cy.visit(express.registration, { failOnStatusCode: false })
     cy.get('[data-testid="node/input/traits.email"] input').type(gen.email())
     cy.get('[data-testid="node/input/traits.website"] input').type(
-      'https://google.com/'
+      "https://google.com/",
     )
     cy.get('[data-testid="node/input/password"] input').type(gen.password())
     cy.get('[type="submit"]').click()
-    cy.get('.code-box').should(
-      'contain.text',
-      'ip 192.168.178.3 is in the 192.168.0.0/16 range'
+    cy.get(".code-box").should(
+      "contain.text",
+      "ip 192.168.178.3 is in the 192.168.0.0/16 range",
     )
   })
 })
diff --git a/test/e2e/cypress/integration/profiles/oidc/login/error.spec.ts b/test/e2e/cypress/integration/profiles/oidc/login/error.spec.ts
index 47bb7dae43be..83d84c157e54 100644
--- a/test/e2e/cypress/integration/profiles/oidc/login/error.spec.ts
+++ b/test/e2e/cypress/integration/profiles/oidc/login/error.spec.ts
@@ -1,19 +1,19 @@
-import { appPrefix, gen, website } from '../../../../helpers'
-import { routes as react } from '../../../../helpers/react'
-import { routes as express } from '../../../../helpers/express'
+import { appPrefix, gen, website } from "../../../../helpers"
+import { routes as react } from "../../../../helpers/react"
+import { routes as express } from "../../../../helpers/express"
 
-context('Social Sign In Errors', () => {
+context("Social Sign In Errors", () => {
   ;[
     {
       login: react.login,
-      app: 'react' as 'react',
-      profile: 'spa'
+      app: "react" as "react",
+      profile: "spa",
     },
     {
       login: express.login,
-      app: 'express' as 'express',
-      profile: 'oidc'
-    }
+      app: "express" as "express",
+      profile: "oidc",
+    },
   ].forEach(({ login, profile, app }) => {
     describe(`for app ${app}`, () => {
       before(() => {
@@ -26,62 +26,62 @@ context('Social Sign In Errors', () => {
         cy.visit(login)
       })
 
-      it('should fail when the login request is rejected', () => {
+      it("should fail when the login request is rejected", () => {
         cy.triggerOidc(app)
-        cy.get('#reject').click()
-        cy.location('pathname').should('equal', '/login')
+        cy.get("#reject").click()
+        cy.location("pathname").should("equal", "/login")
         cy.get(appPrefix(app) + '[data-testid="ui/message/4000001"]').should(
-          'contain.text',
-          'login rejected request'
+          "contain.text",
+          "login rejected request",
         )
         cy.noSession()
       })
 
-      it('should fail when the consent request is rejected', () => {
+      it("should fail when the consent request is rejected", () => {
         const email = gen.email()
         cy.triggerOidc(app)
-        cy.get('#username').type(email)
-        cy.get('#accept').click()
-        cy.get('#reject').click()
-        cy.location('pathname').should('equal', '/login')
+        cy.get("#username").type(email)
+        cy.get("#accept").click()
+        cy.get("#reject").click()
+        cy.location("pathname").should("equal", "/login")
         cy.get('[data-testid="ui/message/4000001"]').should(
-          'contain.text',
-          'consent rejected request'
+          "contain.text",
+          "consent rejected request",
         )
         cy.noSession()
       })
 
-      it('should fail when the id_token is missing', () => {
+      it("should fail when the id_token is missing", () => {
         const email = gen.email()
         cy.triggerOidc(app)
-        cy.get('#username').type(email)
-        cy.get('#accept').click()
-        cy.get('#website').type(website)
-        cy.get('#accept').click()
-        cy.location('pathname').should('equal', '/login')
+        cy.get("#username").type(email)
+        cy.get("#accept").click()
+        cy.get("#website").type(website)
+        cy.get("#accept").click()
+        cy.location("pathname").should("equal", "/login")
         cy.get('[data-testid="ui/message/4000001"]').should(
-          'contain.text',
-          'no id_token'
+          "contain.text",
+          "no id_token",
         )
       })
 
-      it('should fail to convert a sign in flow to a sign up flow when registration is disabled', () => {
+      it("should fail to convert a sign in flow to a sign up flow when registration is disabled", () => {
         cy.disableRegistration()
 
         const email = gen.email()
         cy.visit(login)
         cy.triggerOidc(app)
 
-        cy.get('#username').clear().type(email)
-        cy.get('#remember').click()
-        cy.get('#accept').click()
+        cy.get("#username").clear().type(email)
+        cy.get("#remember").click()
+        cy.get("#accept").click()
         cy.get('[name="scope"]').each(($el) => cy.wrap($el).click())
-        cy.get('#remember').click()
-        cy.get('#accept').click()
+        cy.get("#remember").click()
+        cy.get("#accept").click()
 
         cy.get('[data-testid="ui/message/4000001"]').should(
-          'contain.text',
-          'Registration is not allowed because it was disabled'
+          "contain.text",
+          "Registration is not allowed because it was disabled",
         )
 
         cy.noSession()
diff --git a/test/e2e/cypress/integration/profiles/oidc/login/success.spec.ts b/test/e2e/cypress/integration/profiles/oidc/login/success.spec.ts
index 4abd1b77b60e..442185815075 100644
--- a/test/e2e/cypress/integration/profiles/oidc/login/success.spec.ts
+++ b/test/e2e/cypress/integration/profiles/oidc/login/success.spec.ts
@@ -1,21 +1,21 @@
-import { gen, website } from '../../../../helpers'
-import { routes as react } from '../../../../helpers/react'
-import { routes as express } from '../../../../helpers/express'
+import { gen, website } from "../../../../helpers"
+import { routes as react } from "../../../../helpers/react"
+import { routes as express } from "../../../../helpers/express"
 
-context('Social Sign In Successes', () => {
+context("Social Sign In Successes", () => {
   ;[
     {
       login: react.login,
       registration: react.registration,
-      app: 'react' as 'react',
-      profile: 'spa'
+      app: "react" as "react",
+      profile: "spa",
     },
     {
       login: express.login,
       registration: express.registration,
-      app: 'express' as 'express',
-      profile: 'oidc'
-    }
+      app: "express" as "express",
+      profile: "oidc",
+    },
   ].forEach(({ login, registration, profile, app }) => {
     describe(`for app ${app}`, () => {
       before(() => {
@@ -27,7 +27,7 @@ context('Social Sign In Successes', () => {
         cy.clearAllCookies()
       })
 
-      it('should be able to sign up, sign out, and then sign in', () => {
+      it("should be able to sign up, sign out, and then sign in", () => {
         const email = gen.email()
         cy.registerOidc({ email, website, route: registration })
         cy.logout()
@@ -35,18 +35,18 @@ context('Social Sign In Successes', () => {
         cy.loginOidc({ url: login })
       })
 
-      it('should be able to sign up with redirects', () => {
+      it("should be able to sign up with redirects", () => {
         const email = gen.email()
         cy.registerOidc({
           email,
           website,
-          route: registration + '?return_to=https://www.example.org/'
+          route: registration + "?return_to=https://www.example.org/",
         })
-        cy.location('href').should('eq', 'https://www.example.org/')
+        cy.location("href").should("eq", "https://www.example.org/")
         cy.logout()
         cy.noSession()
-        cy.loginOidc({ url: login + '?return_to=https://www.example.org/' })
-        cy.location('href').should('eq', 'https://www.example.org/')
+        cy.loginOidc({ url: login + "?return_to=https://www.example.org/" })
+        cy.location("href").should("eq", "https://www.example.org/")
       })
     })
   })
diff --git a/test/e2e/cypress/integration/profiles/oidc/logout/success.spec.ts b/test/e2e/cypress/integration/profiles/oidc/logout/success.spec.ts
index 26efcf214201..ea4a07dd2091 100644
--- a/test/e2e/cypress/integration/profiles/oidc/logout/success.spec.ts
+++ b/test/e2e/cypress/integration/profiles/oidc/logout/success.spec.ts
@@ -1,21 +1,21 @@
-import { appPrefix, gen, website } from '../../../../helpers'
-import { routes as react } from '../../../../helpers/react'
-import { routes as express } from '../../../../helpers/express'
+import { appPrefix, gen, website } from "../../../../helpers"
+import { routes as react } from "../../../../helpers/react"
+import { routes as express } from "../../../../helpers/express"
 
-context('Social Sign Out Successes', () => {
+context("Social Sign Out Successes", () => {
   ;[
     {
       base: react.base,
       registration: react.registration,
-      app: 'react' as 'react',
-      profile: 'spa'
+      app: "react" as "react",
+      profile: "spa",
     },
     {
       base: express.base,
       registration: express.registration,
-      app: 'express' as 'express',
-      profile: 'oidc'
-    }
+      app: "express" as "express",
+      profile: "oidc",
+    },
   ].forEach(({ base, registration, profile, app }) => {
     describe(`for app ${app}`, () => {
       before(() => {
@@ -33,10 +33,10 @@ context('Social Sign Out Successes', () => {
         cy.registerOidc({ email, website, route: registration })
       })
 
-      it('should sign out and be able to sign in again', () => {
+      it("should sign out and be able to sign in again", () => {
         cy.get(`${appPrefix(app)} [data-testid="logout"]:not(disabled)`).click()
         cy.noSession()
-        cy.url().should('include', '/login')
+        cy.url().should("include", "/login")
       })
     })
   })
diff --git a/test/e2e/cypress/integration/profiles/oidc/registration/error.spec.ts b/test/e2e/cypress/integration/profiles/oidc/registration/error.spec.ts
index b323ef1dfb5e..793c67d0c760 100644
--- a/test/e2e/cypress/integration/profiles/oidc/registration/error.spec.ts
+++ b/test/e2e/cypress/integration/profiles/oidc/registration/error.spec.ts
@@ -1,19 +1,19 @@
-import { appPrefix, gen, website } from '../../../../helpers'
-import { routes as react } from '../../../../helpers/react'
-import { routes as express } from '../../../../helpers/express'
+import { appPrefix, gen, website } from "../../../../helpers"
+import { routes as react } from "../../../../helpers/react"
+import { routes as express } from "../../../../helpers/express"
 
-context('Social Sign Up Errors', () => {
+context("Social Sign Up Errors", () => {
   ;[
     {
       registration: react.registration,
-      app: 'react' as 'react',
-      profile: 'spa'
+      app: "react" as "react",
+      profile: "spa",
     },
     {
       registration: express.registration,
-      app: 'express' as 'express',
-      profile: 'oidc'
-    }
+      app: "express" as "express",
+      profile: "oidc",
+    },
   ].forEach(({ registration, profile, app }) => {
     describe(`for app ${app}`, () => {
       before(() => {
@@ -26,42 +26,42 @@ context('Social Sign Up Errors', () => {
         cy.visit(registration)
       })
 
-      it('should fail when the login request is rejected', () => {
+      it("should fail when the login request is rejected", () => {
         cy.triggerOidc(app)
-        cy.get('#reject').click()
-        cy.location('pathname').should('equal', '/registration')
+        cy.get("#reject").click()
+        cy.location("pathname").should("equal", "/registration")
         cy.get(appPrefix(app) + '[data-testid="ui/message/4000001"]').should(
-          'contain.text',
-          'login rejected request'
+          "contain.text",
+          "login rejected request",
         )
         cy.noSession()
       })
 
-      it('should fail when the consent request is rejected', () => {
+      it("should fail when the consent request is rejected", () => {
         const email = gen.email()
         cy.triggerOidc(app)
-        cy.get('#username').type(email)
-        cy.get('#accept').click()
-        cy.get('#reject').click()
-        cy.location('pathname').should('equal', '/registration')
+        cy.get("#username").type(email)
+        cy.get("#accept").click()
+        cy.get("#reject").click()
+        cy.location("pathname").should("equal", "/registration")
         cy.get('[data-testid="ui/message/4000001"]').should(
-          'contain.text',
-          'consent rejected request'
+          "contain.text",
+          "consent rejected request",
         )
         cy.noSession()
       })
 
-      it('should fail when the id_token is missing', () => {
+      it("should fail when the id_token is missing", () => {
         const email = gen.email()
         cy.triggerOidc(app)
-        cy.get('#username').type(email)
-        cy.get('#accept').click()
-        cy.get('#website').type(website)
-        cy.get('#accept').click()
-        cy.location('pathname').should('equal', '/registration')
+        cy.get("#username").type(email)
+        cy.get("#accept").click()
+        cy.get("#website").type(website)
+        cy.get("#accept").click()
+        cy.location("pathname").should("equal", "/registration")
         cy.get('[data-testid="ui/message/4000001"]').should(
-          'contain.text',
-          'no id_token'
+          "contain.text",
+          "no id_token",
         )
       })
     })
diff --git a/test/e2e/cypress/integration/profiles/oidc/registration/success.spec.ts b/test/e2e/cypress/integration/profiles/oidc/registration/success.spec.ts
index bb0385a36f62..3536dc0b8a8f 100644
--- a/test/e2e/cypress/integration/profiles/oidc/registration/success.spec.ts
+++ b/test/e2e/cypress/integration/profiles/oidc/registration/success.spec.ts
@@ -1,21 +1,21 @@
-import { appPrefix, gen, website } from '../../../../helpers'
-import { routes as react } from '../../../../helpers/react'
-import { routes as express } from '../../../../helpers/express'
+import { appPrefix, gen, website } from "../../../../helpers"
+import { routes as react } from "../../../../helpers/react"
+import { routes as express } from "../../../../helpers/express"
 
-context('Social Sign Up Successes', () => {
+context("Social Sign Up Successes", () => {
   ;[
     {
       login: react.login,
       registration: react.registration,
-      app: 'react' as 'react',
-      profile: 'spa'
+      app: "react" as "react",
+      profile: "spa",
     },
     {
       login: express.login,
       registration: express.registration,
-      app: 'express' as 'express',
-      profile: 'oidc'
-    }
+      app: "express" as "express",
+      profile: "oidc",
+    },
   ].forEach(({ registration, login, profile, app }) => {
     describe(`for app ${app}`, () => {
       before(() => {
@@ -27,7 +27,7 @@ context('Social Sign Up Successes', () => {
         cy.clearAllCookies()
         cy.visit(registration)
         cy.setIdentitySchema(
-          'file://test/e2e/profiles/oidc/identity.traits.schema.json'
+          "file://test/e2e/profiles/oidc/identity.traits.schema.json",
         )
       })
 
@@ -38,54 +38,54 @@ context('Social Sign Up Successes', () => {
         expect(identity.traits.email).to.equal(email)
       }
 
-      it('should be able to sign up with incomplete data and finally be signed in', () => {
+      it("should be able to sign up with incomplete data and finally be signed in", () => {
         const email = gen.email()
 
         cy.registerOidc({ email, expectSession: false, route: registration })
 
-        cy.get('#registration-password').should('not.exist')
+        cy.get("#registration-password").should("not.exist")
         cy.get(appPrefix(app) + '[name="traits.email"]').should(
-          'have.value',
-          email
+          "have.value",
+          email,
         )
         cy.get('[data-testid="ui/message/4000002"]').should(
-          'contain.text',
-          'Property website is missing'
+          "contain.text",
+          "Property website is missing",
         )
 
         cy.get('[name="traits.consent"][type="checkbox"]')
-          .siblings('label')
+          .siblings("label")
           .click()
         cy.get('[name="traits.newsletter"][type="checkbox"]')
-          .siblings('label')
+          .siblings("label")
           .click()
-        cy.get('[name="traits.website"]').type('http://s')
+        cy.get('[name="traits.website"]').type("http://s")
 
         cy.get('[name="provider"]')
-          .should('have.length', 1)
-          .should('have.value', 'hydra')
-          .should('contain.text', 'Continue')
+          .should("have.length", 1)
+          .should("have.value", "hydra")
+          .should("contain.text", "Continue")
           .click()
 
-        cy.get('#registration-password').should('not.exist')
-        cy.get('[name="traits.email"]').should('have.value', email)
-        cy.get('[name="traits.website"]').should('have.value', 'http://s')
+        cy.get("#registration-password").should("not.exist")
+        cy.get('[name="traits.email"]').should("have.value", email)
+        cy.get('[name="traits.website"]').should("have.value", "http://s")
         cy.get('[data-testid="ui/message/4000001"]').should(
-          'contain.text',
-          'length must be >= 10'
+          "contain.text",
+          "length must be >= 10",
         )
         cy.get('[name="traits.website"]')
-          .should('have.value', 'http://s')
+          .should("have.value", "http://s")
           .clear()
           .type(website)
 
-        cy.get('[name="traits.consent"]').should('be.checked')
-        cy.get('[name="traits.newsletter"]').should('be.checked')
+        cy.get('[name="traits.consent"]').should("be.checked")
+        cy.get('[name="traits.newsletter"]').should("be.checked")
 
         cy.triggerOidc(app)
 
-        cy.location('pathname').should((loc) => {
-          expect(loc).to.be.oneOf(['/welcome', '/'])
+        cy.location("pathname").should((loc) => {
+          expect(loc).to.be.oneOf(["/welcome", "/"])
         })
 
         cy.getSession().should((session) => {
@@ -94,14 +94,14 @@ context('Social Sign Up Successes', () => {
         })
       })
 
-      it('should be able to sign up with complete data', () => {
+      it("should be able to sign up with complete data", () => {
         const email = gen.email()
 
         cy.registerOidc({ email, website, route: registration })
         cy.getSession().should(shouldSession(email))
       })
 
-      it('should be able to convert a sign up flow to a sign in flow', () => {
+      it("should be able to convert a sign up flow to a sign in flow", () => {
         const email = gen.email()
 
         cy.registerOidc({ email, website, route: registration })
@@ -110,63 +110,63 @@ context('Social Sign Up Successes', () => {
         cy.visit(registration)
         cy.triggerOidc(app)
 
-        cy.location('pathname').should((path) => {
-          expect(path).to.oneOf(['/', '/welcome'])
+        cy.location("pathname").should((path) => {
+          expect(path).to.oneOf(["/", "/welcome"])
         })
 
         cy.getSession().should(shouldSession(email))
       })
 
-      it('should be able to convert a sign in flow to a sign up flow', () => {
+      it("should be able to convert a sign in flow to a sign up flow", () => {
         cy.setIdentitySchema(
-          'file://test/e2e/profiles/oidc/identity-required.traits.schema.json'
+          "file://test/e2e/profiles/oidc/identity-required.traits.schema.json",
         )
 
         const email = gen.email()
         cy.visit(login)
         cy.triggerOidc(app)
 
-        cy.get('#username').clear().type(email)
-        cy.get('#remember').click()
-        cy.get('#accept').click()
+        cy.get("#username").clear().type(email)
+        cy.get("#remember").click()
+        cy.get("#accept").click()
         cy.get('[name="scope"]').each(($el) => cy.wrap($el).click())
-        cy.get('#remember').click()
-        cy.get('#accept').click()
+        cy.get("#remember").click()
+        cy.get("#accept").click()
 
         cy.get('[data-testid="ui/message/4000002"]').should(
-          'contain.text',
-          'Property website is missing'
+          "contain.text",
+          "Property website is missing",
         )
-        cy.get('[name="traits.website"]').type('http://s')
+        cy.get('[name="traits.website"]').type("http://s")
 
         cy.triggerOidc(app)
 
         cy.get('[data-testid="ui/message/4000001"]').should(
-          'contain.text',
-          'length must be >= 10'
+          "contain.text",
+          "length must be >= 10",
         )
-        cy.get('[name="traits.requirednested"]').should('not.exist')
-        cy.get('[name="traits.requirednested.a"]').siblings('label').click()
-        cy.get('[name="traits.consent"]').siblings('label').click()
+        cy.get('[name="traits.requirednested"]').should("not.exist")
+        cy.get('[name="traits.requirednested.a"]').siblings("label").click()
+        cy.get('[name="traits.consent"]').siblings("label").click()
         cy.get('[name="traits.website"]')
-          .should('have.value', 'http://s')
+          .should("have.value", "http://s")
           .clear()
           .type(website)
         cy.triggerOidc(app)
 
-        cy.location('pathname').should('not.contain', '/registration')
+        cy.location("pathname").should("not.contain", "/registration")
 
         cy.getSession().should(shouldSession(email))
       })
 
-      it('should be able to sign up with redirects', () => {
+      it("should be able to sign up with redirects", () => {
         const email = gen.email()
         cy.registerOidc({
           email,
           website,
-          route: registration + '?return_to=https://www.ory.sh/'
+          route: registration + "?return_to=https://www.ory.sh/",
         })
-        cy.location('href').should('eq', 'https://www.ory.sh/')
+        cy.location("href").should("eq", "https://www.ory.sh/")
         cy.logout()
       })
     })
diff --git a/test/e2e/cypress/integration/profiles/oidc/settings/error.spec.ts b/test/e2e/cypress/integration/profiles/oidc/settings/error.spec.ts
index bcaf48ae13a4..efb08096611c 100644
--- a/test/e2e/cypress/integration/profiles/oidc/settings/error.spec.ts
+++ b/test/e2e/cypress/integration/profiles/oidc/settings/error.spec.ts
@@ -1,21 +1,21 @@
-import { APP_URL, appPrefix, gen, website } from '../../../../helpers'
-import { routes as react } from '../../../../helpers/react'
-import { routes as express } from '../../../../helpers/express'
+import { APP_URL, appPrefix, gen, website } from "../../../../helpers"
+import { routes as react } from "../../../../helpers/react"
+import { routes as express } from "../../../../helpers/express"
 
-context('Social Sign In Settings Errors', () => {
+context("Social Sign In Settings Errors", () => {
   ;[
     {
       registration: react.registration,
       settings: react.settings,
-      app: 'react' as 'react',
-      profile: 'spa'
+      app: "react" as "react",
+      profile: "spa",
     },
     {
       registration: express.registration,
       settings: express.settings,
-      app: 'express' as 'express',
-      profile: 'oidc'
-    }
+      app: "express" as "express",
+      profile: "oidc",
+    },
   ].forEach(({ registration, profile, app, settings }) => {
     describe(`for app ${app}`, () => {
       before(() => {
@@ -32,20 +32,20 @@ context('Social Sign In Settings Errors', () => {
           email,
           expectSession: true,
           website,
-          route: registration
+          route: registration,
         })
         cy.visit(settings)
       })
 
-      describe('oidc', () => {
-        it('should fail to link google because id token is missing', () => {
+      describe("oidc", () => {
+        it("should fail to link google because id token is missing", () => {
           cy.get(appPrefix(app) + 'button[value="google"]').click()
-          cy.get('#remember').click()
-          cy.get('#accept').click()
+          cy.get("#remember").click()
+          cy.get("#accept").click()
 
           cy.get('[data-testid="ui/message/4000001"]').should(
-            'contain.text',
-            'Authentication failed because no id_token was returned. Please accept the "openid" permission and try again.'
+            "contain.text",
+            'Authentication failed because no id_token was returned. Please accept the "openid" permission and try again.',
           )
         })
       })
diff --git a/test/e2e/cypress/integration/profiles/oidc/settings/success.spec.ts b/test/e2e/cypress/integration/profiles/oidc/settings/success.spec.ts
index 4746520753ad..23ed564a439b 100644
--- a/test/e2e/cypress/integration/profiles/oidc/settings/success.spec.ts
+++ b/test/e2e/cypress/integration/profiles/oidc/settings/success.spec.ts
@@ -1,23 +1,23 @@
-import { appPrefix, gen, website } from '../../../../helpers'
-import { routes as react } from '../../../../helpers/react'
-import { routes as express } from '../../../../helpers/express'
+import { appPrefix, gen, website } from "../../../../helpers"
+import { routes as react } from "../../../../helpers/react"
+import { routes as express } from "../../../../helpers/express"
 
-context('Social Sign In Settings Success', () => {
+context("Social Sign In Settings Success", () => {
   ;[
     {
       registration: react.registration,
       settings: react.settings,
       login: react.login,
-      app: 'react' as 'react',
-      profile: 'spa'
+      app: "react" as "react",
+      profile: "spa",
     },
     {
       registration: express.registration,
       settings: express.settings,
       login: express.login,
-      app: 'express' as 'express',
-      profile: 'oidc'
-    }
+      app: "express" as "express",
+      profile: "oidc",
+    },
   ].forEach(({ registration, login, profile, app, settings }) => {
     describe(`for app ${app}`, () => {
       before(() => {
@@ -32,16 +32,16 @@ context('Social Sign In Settings Success', () => {
         cy.visit(login)
         cy.get(appPrefix(app) + '[value="hydra"]').click()
 
-        cy.get('#username').type(email)
-        cy.get('#remember').click()
-        cy.get('#accept').click()
+        cy.get("#username").type(email)
+        cy.get("#remember").click()
+        cy.get("#accept").click()
 
         cy.get('input[name="traits.website"]').clear().type(website)
-        cy.triggerOidc(app, 'hydra')
+        cy.triggerOidc(app, "hydra")
 
         cy.get('[data-testid="ui/message/4000007"]').should(
-          'contain.text',
-          'An account with the same identifier'
+          "contain.text",
+          "An account with the same identifier",
         )
 
         cy.noSession()
@@ -55,53 +55,53 @@ context('Social Sign In Settings Success', () => {
           email,
           expectSession: true,
           website,
-          route: registration
+          route: registration,
         })
         cy.visit(settings)
       })
 
-      describe('oidc', () => {
+      describe("oidc", () => {
         beforeEach(() => {
           cy.longRecoveryLifespan()
           cy.longVerificationLifespan()
           cy.longPrivilegedSessionTime()
         })
 
-        it('should show the correct options', () => {
-          cy.get('[value="hydra"]').should('not.exist')
+        it("should show the correct options", () => {
+          cy.get('[value="hydra"]').should("not.exist")
 
           cy.get('[value="google"]')
-            .should('have.attr', 'name', 'link')
-            .should('contain.text', 'Link google')
+            .should("have.attr", "name", "link")
+            .should("contain.text", "Link google")
 
           cy.get('[value="github"]')
-            .should('have.attr', 'name', 'link')
-            .should('contain.text', 'Link github')
+            .should("have.attr", "name", "link")
+            .should("contain.text", "Link github")
         })
 
-        it('should show the unlink once password is set', () => {
-          cy.get('[value="hydra"]').should('not.exist')
+        it("should show the unlink once password is set", () => {
+          cy.get('[value="hydra"]').should("not.exist")
 
           cy.get('input[name="password"]').type(gen.password())
           cy.get('button[value="password"]').click()
 
           cy.get('[value="hydra"]')
-            .should('have.attr', 'name', 'unlink')
-            .should('contain.text', 'Unlink hydra')
+            .should("have.attr", "name", "unlink")
+            .should("contain.text", "Unlink hydra")
         })
 
-        it('should link google', () => {
+        it("should link google", () => {
           cy.get('[value="google"]').click()
 
           cy.get('input[name="scope"]').each(($el) => cy.wrap($el).click())
-          cy.get('#remember').click()
-          cy.get('#accept').click()
+          cy.get("#remember").click()
+          cy.get("#accept").click()
 
           cy.visit(settings)
 
           cy.get('[value="google"]')
-            .should('have.attr', 'name', 'unlink')
-            .should('contain.text', 'Unlink google')
+            .should("have.attr", "name", "unlink")
+            .should("contain.text", "Unlink google")
 
           cy.logout()
 
@@ -110,39 +110,39 @@ context('Social Sign In Settings Success', () => {
           cy.getSession()
         })
 
-        it('should link google after re-auth', () => {
+        it("should link google after re-auth", () => {
           cy.shortPrivilegedSessionTime()
           cy.get('[value="google"]').click()
-          cy.location('pathname').should('equal', '/login')
+          cy.location("pathname").should("equal", "/login")
 
           cy.longPrivilegedSessionTime()
           cy.get('[value="hydra"]').click()
 
           // prompt=login means that we need to re-auth!
-          cy.get('#username').type(email)
-          cy.get('#accept').click()
+          cy.get("#username").type(email)
+          cy.get("#accept").click()
 
           // we re-authed, now we do the google oauth2 dance
-          cy.get('#username').type(gen.email())
-          cy.get('#accept').click()
+          cy.get("#username").type(gen.email())
+          cy.get("#accept").click()
           cy.get('input[name="scope"]').each(($el) => cy.wrap($el).click())
-          cy.get('#accept').click()
+          cy.get("#accept").click()
 
           cy.expectSettingsSaved()
 
           cy.get('[value="google"]')
-            .should('have.attr', 'name', 'unlink')
-            .should('contain.text', 'Unlink google')
+            .should("have.attr", "name", "unlink")
+            .should("contain.text", "Unlink google")
 
           cy.visit(settings)
 
           cy.get('[value="google"]')
-            .should('have.attr', 'name', 'unlink')
-            .should('contain.text', 'Unlink google')
+            .should("have.attr", "name", "unlink")
+            .should("contain.text", "Unlink google")
         })
 
-        it('should unlink hydra and no longer be able to sign in', () => {
-          cy.get('[value="hydra"]').should('not.exist')
+        it("should unlink hydra and no longer be able to sign in", () => {
+          cy.get('[value="hydra"]').should("not.exist")
           cy.get('input[name="password"]').type(gen.password())
           cy.get('[value="password"]').click()
           cy.expectSettingsSaved()
@@ -157,8 +157,8 @@ context('Social Sign In Settings Success', () => {
           hydraReauthFails()
         })
 
-        it('should unlink hydra after reauth', () => {
-          cy.get('[value="hydra"]').should('not.exist')
+        it("should unlink hydra after reauth", () => {
+          cy.get('[value="hydra"]').should("not.exist")
 
           cy.get('input[name="password"]').type(gen.password())
           cy.get('[value="password"]').click()
@@ -169,12 +169,12 @@ context('Social Sign In Settings Success', () => {
           cy.get('[value="hydra"]').click()
 
           cy.longPrivilegedSessionTime()
-          cy.location('pathname').should('equal', '/login')
+          cy.location("pathname").should("equal", "/login")
           cy.get('[value="hydra"]').click()
 
           // prompt=login means that we need to re-auth!
-          cy.get('#username').type(email)
-          cy.get('#accept').click()
+          cy.get("#username").type(email)
+          cy.get("#accept").click()
           cy.expectSettingsSaved()
 
           hydraReauthFails()
diff --git a/test/e2e/cypress/integration/profiles/passwordless/flows.spec.ts b/test/e2e/cypress/integration/profiles/passwordless/flows.spec.ts
index e10be28b1235..ed3e25daa7e6 100644
--- a/test/e2e/cypress/integration/profiles/passwordless/flows.spec.ts
+++ b/test/e2e/cypress/integration/profiles/passwordless/flows.spec.ts
@@ -1,29 +1,29 @@
-import { appPrefix, gen } from '../../../helpers'
-import { routes as express } from '../../../helpers/express'
-import { routes as react } from '../../../helpers/react'
+import { appPrefix, gen } from "../../../helpers"
+import { routes as express } from "../../../helpers/express"
+import { routes as react } from "../../../helpers/react"
 
 const signup = (registration: string, email = gen.email()) => {
   cy.visit(registration)
 
-  cy.get('[name="webauthn_register_displayname"]').type('key1')
+  cy.get('[name="webauthn_register_displayname"]').type("key1")
   cy.get('[name="traits.email"]').type(email)
-  cy.get('[name="traits.website"]').type('https://www.ory.sh')
-  cy.clickWebAuthButton('register')
+  cy.get('[name="traits.website"]').type("https://www.ory.sh")
+  cy.clickWebAuthButton("register")
   cy.getSession({
-    expectAal: 'aal1',
-    expectMethods: ['webauthn']
+    expectAal: "aal1",
+    expectMethods: ["webauthn"],
   }).then((session) => {
     expect(session.identity.traits.email).to.equal(email)
-    expect(session.identity.traits.website).to.equal('https://www.ory.sh')
+    expect(session.identity.traits.website).to.equal("https://www.ory.sh")
   })
 }
 
-context('Passwordless registration', () => {
+context("Passwordless registration", () => {
   before(() => {
-    cy.task('resetCRI', {})
+    cy.task("resetCRI", {})
   })
   after(() => {
-    cy.task('resetCRI', {})
+    cy.task("resetCRI", {})
   })
   ;[
     {
@@ -31,17 +31,17 @@ context('Passwordless registration', () => {
       registration: express.registration,
       settings: react.settings,
       base: react.base,
-      app: 'react' as 'react',
-      profile: 'passwordless'
+      app: "react" as "react",
+      profile: "passwordless",
     },
     {
       login: express.login,
       registration: express.registration,
       settings: express.settings,
       base: express.base,
-      app: 'express' as 'express',
-      profile: 'passwordless'
-    }
+      app: "express" as "express",
+      profile: "passwordless",
+    },
   ].forEach(({ registration, login, profile, app, base, settings }) => {
     describe(`for app ${app}`, () => {
       let authenticator
@@ -59,74 +59,74 @@ context('Passwordless registration', () => {
       })
 
       after(() => {
-        cy.task('sendCRI', {
-          query: 'WebAuthn.removeVirtualAuthenticator',
-          opts: authenticator
+        cy.task("sendCRI", {
+          query: "WebAuthn.removeVirtualAuthenticator",
+          opts: authenticator,
         })
       })
 
-      it('should register after validation errors', () => {
+      it("should register after validation errors", () => {
         cy.visit(registration)
 
         cy.get(appPrefix(app) + '[name="webauthn_register_displayname"]').type(
-          'key1'
+          "key1",
         )
-        cy.get('[name="traits.website"]').type('b')
-        cy.clickWebAuthButton('register')
+        cy.get('[name="traits.website"]').type("b")
+        cy.clickWebAuthButton("register")
 
-        cy.get('[data-testid="ui/message/4000002"]').should('to.exist')
-        cy.get('[data-testid="ui/message/4000001"]').should('to.exist')
-        cy.get('[name="traits.website"]').should('have.value', 'b')
+        cy.get('[data-testid="ui/message/4000002"]').should("to.exist")
+        cy.get('[data-testid="ui/message/4000001"]').should("to.exist")
+        cy.get('[name="traits.website"]').should("have.value", "b")
         const email = gen.email()
         cy.get('[name="traits.email"]').type(email)
-        cy.clickWebAuthButton('register')
+        cy.clickWebAuthButton("register")
 
-        cy.get('[data-testid="ui/message/4000001"]').should('to.exist')
-        cy.get('[name="traits.website"]').should('have.value', 'b')
-        cy.get('[name="traits.email"]').should('have.value', email)
-        cy.get('[name="traits.website"]').clear().type('https://www.ory.sh')
-        cy.clickWebAuthButton('register')
+        cy.get('[data-testid="ui/message/4000001"]').should("to.exist")
+        cy.get('[name="traits.website"]').should("have.value", "b")
+        cy.get('[name="traits.email"]').should("have.value", email)
+        cy.get('[name="traits.website"]').clear().type("https://www.ory.sh")
+        cy.clickWebAuthButton("register")
         cy.getSession({
-          expectAal: 'aal1',
-          expectMethods: ['webauthn']
+          expectAal: "aal1",
+          expectMethods: ["webauthn"],
         }).then((session) => {
           expect(session.identity.traits.email).to.equal(email)
-          expect(session.identity.traits.website).to.equal('https://www.ory.sh')
+          expect(session.identity.traits.website).to.equal("https://www.ory.sh")
         })
       })
 
-      it('should be able to login with registered account', () => {
+      it("should be able to login with registered account", () => {
         const email = gen.email()
         signup(registration, email)
         cy.logout()
         cy.visit(login)
         cy.get('[name="identifier"]').type(email)
         cy.get('[value="webauthn"]').click()
-        cy.get('[data-testid="ui/message/1010012"]').should('to.exist')
-        cy.get('[name="password"]').should('to.not.exist')
-        cy.clickWebAuthButton('login')
+        cy.get('[data-testid="ui/message/1010012"]').should("to.exist")
+        cy.get('[name="password"]').should("to.not.exist")
+        cy.clickWebAuthButton("login")
         cy.getSession({
-          expectAal: 'aal1',
-          expectMethods: ['webauthn']
+          expectAal: "aal1",
+          expectMethods: ["webauthn"],
         }).then((session) => {
           expect(session.identity.traits.email).to.equal(email)
-          expect(session.identity.traits.website).to.equal('https://www.ory.sh')
+          expect(session.identity.traits.website).to.equal("https://www.ory.sh")
         })
       })
 
-      it('should not be able to unlink last security key', () => {
+      it("should not be able to unlink last security key", () => {
         const email = gen.email()
         signup(registration, email)
         cy.visit(settings)
-        cy.get('[name="webauthn_remove"]').should('not.exist')
+        cy.get('[name="webauthn_remove"]').should("not.exist")
       })
 
-      it('should be able to link password and use both methods for sign in', () => {
+      it("should be able to link password and use both methods for sign in", () => {
         const email = gen.email()
         const password = gen.password()
         signup(registration, email)
         cy.visit(settings)
-        cy.get('[name="webauthn_remove"]').should('not.exist')
+        cy.get('[name="webauthn_remove"]').should("not.exist")
         cy.get('[name="password"]').type(password)
         cy.get('[value="password"]').click()
         cy.expectSettingsSaved()
@@ -136,108 +136,108 @@ context('Passwordless registration', () => {
         cy.visit(login)
         cy.get('[name="identifier"]').type(email)
         cy.get('[value="webauthn"]').click()
-        cy.get('[data-testid="ui/message/4000015"]').should('to.exist')
-        cy.get('[name="identifier"]').should('exist')
-        cy.get('[name="password"]').should('exist')
-        cy.get('[value="password"]').should('exist')
+        cy.get('[data-testid="ui/message/4000015"]').should("to.exist")
+        cy.get('[name="identifier"]').should("exist")
+        cy.get('[name="password"]').should("exist")
+        cy.get('[value="password"]').should("exist")
       })
 
-      it('should be able to refresh', () => {
+      it("should be able to refresh", () => {
         const email = gen.email()
         signup(registration, email)
-        cy.visit(login + '?refresh=true')
-        cy.get('[name="identifier"][type="hidden"]').should('exist')
-        cy.get('[name="identifier"][type="input"]').should('not.exist')
-        cy.get('[name="password"]').should('not.exist')
-        cy.get('[value="password"]').should('not.exist')
-        cy.clickWebAuthButton('login')
+        cy.visit(login + "?refresh=true")
+        cy.get('[name="identifier"][type="hidden"]').should("exist")
+        cy.get('[name="identifier"][type="input"]').should("not.exist")
+        cy.get('[name="password"]').should("not.exist")
+        cy.get('[value="password"]').should("not.exist")
+        cy.clickWebAuthButton("login")
         cy.getSession({
-          expectAal: 'aal1',
-          expectMethods: ['webauthn', 'webauthn']
+          expectAal: "aal1",
+          expectMethods: ["webauthn", "webauthn"],
         }).then((session) => {
           expect(session.identity.traits.email).to.equal(email)
-          expect(session.identity.traits.website).to.equal('https://www.ory.sh')
+          expect(session.identity.traits.website).to.equal("https://www.ory.sh")
         })
       })
 
-      it('should not be able to use for MFA', () => {
+      it("should not be able to use for MFA", () => {
         const email = gen.email()
         signup(registration, email)
-        cy.visit(login + '?aal=aal2')
-        cy.get('[value="webauthn"]').should('not.exist')
-        cy.get('[name="webauthn_login_trigger"]').should('not.exist')
+        cy.visit(login + "?aal=aal2")
+        cy.get('[value="webauthn"]').should("not.exist")
+        cy.get('[name="webauthn_login_trigger"]').should("not.exist")
       })
 
-      it('should be able to add method later and try a variety of refresh flows', () => {
+      it("should be able to add method later and try a variety of refresh flows", () => {
         const email = gen.email()
         const password = gen.password()
         cy.visit(registration)
 
         cy.get('[name="traits.email"]').type(email)
         cy.get('[name="password"]').type(password)
-        cy.get('[name="traits.website"]').type('https://www.ory.sh')
+        cy.get('[name="traits.website"]').type("https://www.ory.sh")
         cy.get('[value="password"]').click()
-        cy.location('pathname').should('not.contain', '/registration')
+        cy.location("pathname").should("not.contain", "/registration")
         cy.getSession({
-          expectAal: 'aal1',
-          expectMethods: ['password']
+          expectAal: "aal1",
+          expectMethods: ["password"],
         })
 
         cy.visit(settings)
-        cy.get('[name="webauthn_register_displayname"]').type('key2')
-        cy.clickWebAuthButton('register')
+        cy.get('[name="webauthn_register_displayname"]').type("key2")
+        cy.clickWebAuthButton("register")
         cy.expectSettingsSaved()
 
-        cy.visit(login + '?refresh=true')
-        cy.get('[name="password"]').should('exist')
-        cy.clickWebAuthButton('login')
-        cy.location('pathname').should('not.contain', '/login')
+        cy.visit(login + "?refresh=true")
+        cy.get('[name="password"]').should("exist")
+        cy.clickWebAuthButton("login")
+        cy.location("pathname").should("not.contain", "/login")
         cy.getSession({
-          expectAal: 'aal1',
-          expectMethods: ['password', 'webauthn', 'webauthn']
+          expectAal: "aal1",
+          expectMethods: ["password", "webauthn", "webauthn"],
         })
 
-        cy.visit(login + '?refresh=true')
+        cy.visit(login + "?refresh=true")
         cy.get('[name="password"]').type(password)
         cy.get('[value="password"]').click()
         cy.getSession({
-          expectAal: 'aal1',
-          expectMethods: ['password', 'webauthn', 'webauthn', 'password']
+          expectAal: "aal1",
+          expectMethods: ["password", "webauthn", "webauthn", "password"],
         })
 
         cy.logout()
         cy.visit(login)
         cy.get('[name="identifier"]').type(email)
         cy.get('[value="webauthn"]').click()
-        cy.clickWebAuthButton('login')
+        cy.clickWebAuthButton("login")
         cy.getSession({
-          expectAal: 'aal1',
-          expectMethods: ['webauthn']
+          expectAal: "aal1",
+          expectMethods: ["webauthn"],
         })
       })
 
-      it('should not be able to use for MFA even when passwordless is false', () => {
+      it("should not be able to use for MFA even when passwordless is false", () => {
         const email = gen.email()
         signup(registration, email)
         cy.updateConfigFile((config) => {
           config.selfservice.methods.webauthn.config.passwordless = false
           return config
         })
-        cy.visit(login + '?aal=aal2')
-        cy.get('[value="webauthn"]').should('not.exist')
-        cy.get('[name="webauthn_login_trigger"]').should('not.exist')
+        cy.visit(login + "?aal=aal2")
+        cy.get('[value="webauthn"]').should("not.exist")
+        cy.get('[name="webauthn_login_trigger"]').should("not.exist")
 
         cy.visit(settings)
-        cy.get('[name="webauthn_remove"]').should('not.exist')
-        cy.get('[name="webauthn_register_displayname"]').type('key2')
-        cy.clickWebAuthButton('register')
+        cy.get('[name="webauthn_remove"]').should("not.exist")
+        cy.get('[name="webauthn_register_displayname"]').type("key2")
+        cy.clickWebAuthButton("register")
         cy.expectSettingsSaved()
 
-        cy.visit(login + '?aal=aal2&refresh=true')
-        cy.clickWebAuthButton('login')
+        cy.visit(login + "?aal=aal2&refresh=true")
+        cy.clickWebAuthButton("login")
         cy.getSession({
-          expectAal: 'aal2',
-          expectMethods: ['webauthn', 'webauthn', 'webauthn']
+          expectAal: "aal2",
+          expectMethods: ["webauthn", "webauthn", "webauthn"],
         })
       })
     })
diff --git a/test/e2e/cypress/integration/profiles/recovery/recovery/errors.spec.ts b/test/e2e/cypress/integration/profiles/recovery/recovery/errors.spec.ts
index 0d98f2563c2a..4fafa0f14e1e 100644
--- a/test/e2e/cypress/integration/profiles/recovery/recovery/errors.spec.ts
+++ b/test/e2e/cypress/integration/profiles/recovery/recovery/errors.spec.ts
@@ -1,19 +1,19 @@
-import { APP_URL, appPrefix, gen, parseHtml } from '../../../../helpers'
-import { routes as react } from '../../../../helpers/react'
-import { routes as express } from '../../../../helpers/express'
+import { APP_URL, appPrefix, gen, parseHtml } from "../../../../helpers"
+import { routes as react } from "../../../../helpers/react"
+import { routes as express } from "../../../../helpers/express"
 
-context('Account Recovery Errors', () => {
+context("Account Recovery Errors", () => {
   ;[
     {
       recovery: react.recovery,
-      app: 'react' as 'react',
-      profile: 'spa'
+      app: "react" as "react",
+      profile: "spa",
     },
     {
       recovery: express.recovery,
-      app: 'express' as 'express',
-      profile: 'recovery'
-    }
+      app: "express" as "express",
+      profile: "recovery",
+    },
   ].forEach(({ recovery, profile, app }) => {
     describe(`for app ${app}`, () => {
       before(() => {
@@ -30,7 +30,7 @@ context('Account Recovery Errors', () => {
         cy.enableRecovery()
       })
 
-      it('responds with a HTML response on link click of an API flow if the link is expired', () => {
+      it("responds with a HTML response on link click of an API flow if the link is expired", () => {
         cy.visit(recovery)
 
         cy.shortLinkLifespan()
@@ -41,18 +41,18 @@ context('Account Recovery Errors', () => {
         cy.recoverEmailButExpired({ expect: { email: identity.email } })
 
         cy.get('[data-testid="ui/message/4060005"]').should(
-          'contain.text',
-          'The recovery flow expired'
+          "contain.text",
+          "The recovery flow expired",
         )
 
         cy.noSession()
       })
 
-      it('responds with a HTML response on link click of an API flow if the flow is expired', () => {
+      it("responds with a HTML response on link click of an API flow if the flow is expired", () => {
         cy.visit(recovery)
 
         cy.updateConfigFile((config) => {
-          config.selfservice.flows.recovery.lifespan = '1s'
+          config.selfservice.flows.recovery.lifespan = "1s"
           return config
         })
 
@@ -62,75 +62,75 @@ context('Account Recovery Errors', () => {
         cy.wait(1000)
 
         cy.getMail().should((message) => {
-          expect(message.subject).to.equal('Recover access to your account')
+          expect(message.subject).to.equal("Recover access to your account")
           expect(message.toAddresses[0].trim()).to.equal(identity.email)
 
-          const link = parseHtml(message.body).querySelector('a')
+          const link = parseHtml(message.body).querySelector("a")
           cy.longRecoveryLifespan()
           cy.visit(link.href)
         })
 
         cy.get('[data-testid="ui/message/4060005"]').should(
-          'contain.text',
-          'The recovery flow expired'
+          "contain.text",
+          "The recovery flow expired",
         )
 
         cy.noSession()
       })
 
-      it('should receive a stub email when recovering a non-existent account', () => {
+      it("should receive a stub email when recovering a non-existent account", () => {
         cy.visit(recovery)
 
         const email = gen.email()
         cy.get(appPrefix(app) + 'input[name="email"]').type(email)
         cy.get('button[value="link"]').click()
 
-        cy.location('pathname').should('eq', '/recovery')
+        cy.location("pathname").should("eq", "/recovery")
         cy.get('[data-testid="ui/message/1060002"]').should(
-          'have.text',
-          'An email containing a recovery link has been sent to the email address you provided.'
+          "have.text",
+          "An email containing a recovery link has been sent to the email address you provided.",
         )
-        cy.get('input[name="email"]').should('have.value', email)
+        cy.get('input[name="email"]').should("have.value", email)
 
         cy.getMail().should((message) => {
-          expect(message.subject).to.equal('Account access attempted')
-          expect(message.fromAddress.trim()).to.equal('no-reply@ory.kratos.sh')
+          expect(message.subject).to.equal("Account access attempted")
+          expect(message.fromAddress.trim()).to.equal("no-reply@ory.kratos.sh")
           expect(message.toAddresses).to.have.length(1)
           expect(message.toAddresses[0].trim()).to.equal(email)
 
-          const link = parseHtml(message.body).querySelector('a')
+          const link = parseHtml(message.body).querySelector("a")
           expect(link).to.be.null
         })
       })
 
-      it('should cause form errors', () => {
+      it("should cause form errors", () => {
         cy.visit(recovery)
 
         cy.get('button[value="link"]').click()
         cy.get('[data-testid="ui/message/4000002"]').should(
-          'contain.text',
-          'Property email is missing.'
+          "contain.text",
+          "Property email is missing.",
         )
-        cy.get('[name="method"][value="link"]').should('exist')
+        cy.get('[name="method"][value="link"]').should("exist")
       })
 
-      it('should cause non-repeating form errors after submitting empty form twice. see: #2512', () => {
+      it("should cause non-repeating form errors after submitting empty form twice. see: #2512", () => {
         cy.visit(recovery)
         cy.get('button[value="link"]').click()
-        cy.location('pathname').should('eq', '/recovery')
+        cy.location("pathname").should("eq", "/recovery")
 
         cy.get('button[value="link"]').click()
         cy.get('[data-testid="ui/message/4000002"]').should(
-          'contain.text',
-          'Property email is missing.'
+          "contain.text",
+          "Property email is missing.",
         )
-        cy.get('form')
+        cy.get("form")
           .find('[data-testid="ui/message/4000002"]')
-          .should('have.length', 1)
-        cy.get('[name="method"][value="link"]').should('exist')
+          .should("have.length", 1)
+        cy.get('[name="method"][value="link"]').should("exist")
       })
 
-      it('is unable to recover the email address if the code is expired', () => {
+      it("is unable to recover the email address if the code is expired", () => {
         cy.shortLinkLifespan()
         const identity = gen.identityWithWebsite()
         cy.registerApi(identity)
@@ -138,37 +138,37 @@ context('Account Recovery Errors', () => {
         cy.recoverEmailButExpired({ expect: { email: identity.email } })
 
         cy.get('[data-testid="ui/message/4060005"]').should(
-          'contain.text',
-          'The recovery flow expired'
+          "contain.text",
+          "The recovery flow expired",
         )
 
         cy.noSession()
       })
 
-      it('is unable to recover the account if the code is incorrect', () => {
+      it("is unable to recover the account if the code is incorrect", () => {
         const identity = gen.identityWithWebsite()
         cy.registerApi(identity)
         cy.recoverApi({ email: identity.email })
 
         cy.getMail().then((mail) => {
           console.log(mail)
-          const link = parseHtml(mail.body).querySelector('a')
-          cy.visit(link.href + '-not') // add random stuff to the confirm challenge
+          const link = parseHtml(mail.body).querySelector("a")
+          cy.visit(link.href + "-not") // add random stuff to the confirm challenge
           cy.get('[data-testid="ui/message/4060004"]').should(
-            'have.text',
-            'The recovery token is invalid or has already been used. Please retry the flow.'
+            "have.text",
+            "The recovery token is invalid or has already been used. Please retry the flow.",
           )
           cy.noSession()
         })
       })
 
-      it('is unable to recover the account using the token twice', () => {
+      it("is unable to recover the account using the token twice", () => {
         const identity = gen.identityWithWebsite()
         cy.registerApi(identity)
         cy.recoverApi({ email: identity.email })
 
         cy.getMail().then((mail) => {
-          const link = parseHtml(mail.body).querySelector('a')
+          const link = parseHtml(mail.body).querySelector("a")
 
           // Workaround for cypress cy.visit limitation.
           cy.request(link.href).should((response) => {
@@ -180,21 +180,21 @@ context('Account Recovery Errors', () => {
 
           cy.visit(link.href)
           cy.get('[data-testid="ui/message/4060004"]').should(
-            'have.text',
-            'The recovery token is invalid or has already been used. Please retry the flow.'
+            "have.text",
+            "The recovery token is invalid or has already been used. Please retry the flow.",
           )
           cy.noSession()
         })
       })
 
-      it('invalid remote recovery email template', () => {
+      it("invalid remote recovery email template", () => {
         cy.remoteCourierRecoveryTemplates()
         const identity = gen.identityWithWebsite()
         cy.recoverApi({ email: identity.email })
 
         cy.getMail().then((mail) => {
           expect(mail.body).to.include(
-            'this is a remote invalid recovery template'
+            "this is a remote invalid recovery template",
           )
         })
       })
diff --git a/test/e2e/cypress/integration/profiles/recovery/recovery/success.spec.ts b/test/e2e/cypress/integration/profiles/recovery/recovery/success.spec.ts
index 15fd59aed50c..20a00bcdf6a5 100644
--- a/test/e2e/cypress/integration/profiles/recovery/recovery/success.spec.ts
+++ b/test/e2e/cypress/integration/profiles/recovery/recovery/success.spec.ts
@@ -1,21 +1,21 @@
-import { appPrefix, assertRecoveryAddress, gen } from '../../../../helpers'
-import { routes as react } from '../../../../helpers/react'
-import { routes as express } from '../../../../helpers/express'
+import { appPrefix, assertRecoveryAddress, gen } from "../../../../helpers"
+import { routes as react } from "../../../../helpers/react"
+import { routes as express } from "../../../../helpers/express"
 
-context('Account Recovery Success', () => {
+context("Account Recovery Success", () => {
   ;[
     {
       recovery: react.recovery,
       base: react.base,
-      app: 'react' as 'react',
-      profile: 'spa'
+      app: "react" as "react",
+      profile: "spa",
     },
     {
       recovery: express.recovery,
       base: express.base,
-      app: 'express' as 'express',
-      profile: 'recovery'
-    }
+      app: "express" as "express",
+      profile: "recovery",
+    },
   ].forEach(({ recovery, profile, base, app }) => {
     describe(`for app ${app}`, () => {
       before(() => {
@@ -37,19 +37,19 @@ context('Account Recovery Success', () => {
         cy.registerApi(identity)
       })
 
-      it('should contain the recovery address in the session', () => {
+      it("should contain the recovery address in the session", () => {
         cy.visit(recovery)
         cy.login({ ...identity, cookieUrl: base })
         cy.getSession().should(assertRecoveryAddress(identity))
       })
 
-      it('should perform a recovery flow', () => {
+      it("should perform a recovery flow", () => {
         cy.recoverApi({ email: identity.email })
 
         cy.recoverEmail({ expect: identity })
 
         cy.getSession()
-        cy.location('pathname').should('eq', '/settings')
+        cy.location("pathname").should("eq", "/settings")
 
         const newPassword = gen.password()
         cy.get(appPrefix(app) + 'input[name="password"]')
@@ -57,23 +57,23 @@ context('Account Recovery Success', () => {
           .type(newPassword)
         cy.get('button[value="password"]').click()
         cy.expectSettingsSaved()
-        cy.get('input[name="password"]').should('be.empty')
+        cy.get('input[name="password"]').should("be.empty")
 
         cy.logout()
         cy.login({
           email: identity.email,
           password: newPassword,
-          cookieUrl: base
+          cookieUrl: base,
         })
       })
     })
   })
 
-  it('should recover, set password and be redirected', () => {
-    const app = 'express' as 'express'
+  it("should recover, set password and be redirected", () => {
+    const app = "express" as "express"
 
     cy.deleteMail()
-    cy.useConfigProfile('recovery')
+    cy.useConfigProfile("recovery")
     cy.proxy(app)
 
     cy.deleteMail()
@@ -85,25 +85,25 @@ context('Account Recovery Success', () => {
     const identity = gen.identityWithWebsite()
     cy.registerApi(identity)
 
-    cy.recoverApi({ email: identity.email, returnTo: 'https://www.ory.sh/' })
+    cy.recoverApi({ email: identity.email, returnTo: "https://www.ory.sh/" })
 
     cy.recoverEmail({ expect: identity })
 
     cy.getSession()
-    cy.location('pathname').should('eq', '/settings')
+    cy.location("pathname").should("eq", "/settings")
 
     cy.get(appPrefix(app) + 'input[name="password"]')
       .clear()
       .type(gen.password())
     cy.get('button[value="password"]').click()
-    cy.url().should('eq', 'https://www.ory.sh/')
+    cy.url().should("eq", "https://www.ory.sh/")
   })
 
-  it('should recover even if already logged into another account', () => {
-    const app = 'express' as 'express'
+  it("should recover even if already logged into another account", () => {
+    const app = "express" as "express"
 
     cy.deleteMail()
-    cy.useConfigProfile('recovery')
+    cy.useConfigProfile("recovery")
     cy.proxy(app)
 
     cy.deleteMail()
@@ -124,14 +124,14 @@ context('Account Recovery Success', () => {
     cy.get('input[name="password"]').type(identity1.password)
     cy.get('button[value="password"]').click()
 
-    cy.location('pathname').should('not.contain', '/login')
+    cy.location("pathname").should("not.contain", "/login")
 
     // then recover identity2, while still logged in as identity1
 
     cy.recoverEmail({ expect: identity2 })
 
     cy.getSession()
-    cy.location('pathname').should('eq', '/settings')
-    cy.get('input[name="traits.email"]').should('have.value', identity2.email)
+    cy.location("pathname").should("eq", "/settings")
+    cy.get('input[name="traits.email"]').should("have.value", identity2.email)
   })
 })
diff --git a/test/e2e/cypress/integration/profiles/recovery/settings/success.spec.ts b/test/e2e/cypress/integration/profiles/recovery/settings/success.spec.ts
index 8d931b67026e..e6cfd2103324 100644
--- a/test/e2e/cypress/integration/profiles/recovery/settings/success.spec.ts
+++ b/test/e2e/cypress/integration/profiles/recovery/settings/success.spec.ts
@@ -1,21 +1,21 @@
-import { appPrefix, assertRecoveryAddress, gen } from '../../../../helpers'
-import { routes as react } from '../../../../helpers/react'
-import { routes as express } from '../../../../helpers/express'
+import { appPrefix, assertRecoveryAddress, gen } from "../../../../helpers"
+import { routes as react } from "../../../../helpers/react"
+import { routes as express } from "../../../../helpers/express"
 
-context('Account Recovery Success', () => {
+context("Account Recovery Success", () => {
   ;[
     {
       settings: react.settings,
       base: react.base,
-      app: 'react' as 'react',
-      profile: 'spa'
+      app: "react" as "react",
+      profile: "spa",
     },
     {
       settings: express.settings,
       base: express.base,
-      app: 'express' as 'express',
-      profile: 'recovery'
-    }
+      app: "express" as "express",
+      profile: "recovery",
+    },
   ].forEach(({ settings, profile, base, app }) => {
     describe(`for app ${app}`, () => {
       before(() => {
@@ -38,7 +38,7 @@ context('Account Recovery Success', () => {
         cy.login({ ...identity, cookieUrl: base })
       })
 
-      it('should update the recovery address when updating the email', () => {
+      it("should update the recovery address when updating the email", () => {
         cy.visit(settings)
         const email = gen.email()
         cy.get(appPrefix(app) + 'input[name="traits.email"]')
@@ -46,12 +46,12 @@ context('Account Recovery Success', () => {
           .type(email)
         cy.get('button[value="profile"]').click()
         cy.expectSettingsSaved()
-        cy.get('input[name="traits.email"]').should('contain.value', email)
+        cy.get('input[name="traits.email"]').should("contain.value", email)
 
         cy.getSession().should(assertRecoveryAddress({ email }))
       })
 
-      xit('should not show an immediate error when a recovery address already exists', () => {
+      xit("should not show an immediate error when a recovery address already exists", () => {
         // account enumeration prevention, needs to be implemented.
       })
     })
diff --git a/test/e2e/cypress/integration/profiles/verification/login/errors.spec.ts b/test/e2e/cypress/integration/profiles/verification/login/errors.spec.ts
index 560953f7207a..708de14430d4 100644
--- a/test/e2e/cypress/integration/profiles/verification/login/errors.spec.ts
+++ b/test/e2e/cypress/integration/profiles/verification/login/errors.spec.ts
@@ -1,19 +1,19 @@
-import { appPrefix, gen } from '../../../../helpers'
-import { routes as react } from '../../../../helpers/react'
-import { routes as express } from '../../../../helpers/express'
+import { appPrefix, gen } from "../../../../helpers"
+import { routes as react } from "../../../../helpers/react"
+import { routes as express } from "../../../../helpers/express"
 
-context('Account Verification Login Errors', () => {
+context("Account Verification Login Errors", () => {
   ;[
     {
       login: react.login,
-      app: 'react' as 'react',
-      profile: 'verification'
+      app: "react" as "react",
+      profile: "verification",
     },
     {
       login: express.login,
-      app: 'express' as 'express',
-      profile: 'verification'
-    }
+      app: "express" as "express",
+      profile: "verification",
+    },
   ].forEach(({ profile, login, app }) => {
     describe(`for app ${app}`, () => {
       before(() => {
@@ -23,7 +23,7 @@ context('Account Verification Login Errors', () => {
         cy.proxy(app)
       })
 
-      it('is unable to login as long as the email is not verified', () => {
+      it("is unable to login as long as the email is not verified", () => {
         cy.deleteMail()
 
         const identity = gen.identityWithWebsite()
@@ -35,7 +35,7 @@ context('Account Verification Login Errors', () => {
         cy.get('[value="password"]').click()
 
         cy.get('[data-testid="ui/message/4000010"]').contains(
-          'Account not active yet'
+          "Account not active yet",
         )
 
         cy.noSession()
diff --git a/test/e2e/cypress/integration/profiles/verification/login/success.spec.ts b/test/e2e/cypress/integration/profiles/verification/login/success.spec.ts
index 9bb83bc704ee..58247bdda0b0 100644
--- a/test/e2e/cypress/integration/profiles/verification/login/success.spec.ts
+++ b/test/e2e/cypress/integration/profiles/verification/login/success.spec.ts
@@ -1,19 +1,19 @@
-import { appPrefix, gen } from '../../../../helpers'
-import { routes as react } from '../../../../helpers/react'
-import { routes as express } from '../../../../helpers/express'
+import { appPrefix, gen } from "../../../../helpers"
+import { routes as react } from "../../../../helpers/react"
+import { routes as express } from "../../../../helpers/express"
 
-context('Account Verification Login Success', () => {
+context("Account Verification Login Success", () => {
   ;[
     {
       login: react.login,
-      app: 'react' as 'react',
-      profile: 'verification'
+      app: "react" as "react",
+      profile: "verification",
     },
     {
       login: express.login,
-      app: 'express' as 'express',
-      profile: 'verification'
-    }
+      app: "express" as "express",
+      profile: "verification",
+    },
   ].forEach(({ profile, login, app }) => {
     describe(`for app ${app}`, () => {
       before(() => {
@@ -23,7 +23,7 @@ context('Account Verification Login Success', () => {
         cy.proxy(app)
       })
 
-      it('is able to login after successful email verification', () => {
+      it("is able to login after successful email verification", () => {
         cy.deleteMail()
 
         const identity = gen.identityWithWebsite()
@@ -36,7 +36,7 @@ context('Account Verification Login Success', () => {
         cy.get('input[name="password"]').type(identity.password)
         cy.get('button[value="password"]').click()
 
-        cy.location('pathname').should('not.contain', '/login')
+        cy.location("pathname").should("not.contain", "/login")
 
         cy.getSession()
       })
diff --git a/test/e2e/cypress/integration/profiles/verification/registration/errors.spec.ts b/test/e2e/cypress/integration/profiles/verification/registration/errors.spec.ts
index b45193f83c56..948b0c029b0a 100644
--- a/test/e2e/cypress/integration/profiles/verification/registration/errors.spec.ts
+++ b/test/e2e/cypress/integration/profiles/verification/registration/errors.spec.ts
@@ -3,24 +3,24 @@ import {
   assertVerifiableAddress,
   gen,
   parseHtml,
-  verifyHrefPattern
-} from '../../../../helpers'
+  verifyHrefPattern,
+} from "../../../../helpers"
 
-import { routes as react } from '../../../../helpers/react'
-import { routes as express } from '../../../../helpers/express'
+import { routes as react } from "../../../../helpers/react"
+import { routes as express } from "../../../../helpers/express"
 
-context('Account Verification Registration Errors', () => {
+context("Account Verification Registration Errors", () => {
   ;[
     {
       login: react.login,
-      app: 'react' as 'react',
-      profile: 'verification'
+      app: "react" as "react",
+      profile: "verification",
     },
     {
       login: express.login,
-      app: 'express' as 'express',
-      profile: 'verification'
-    }
+      app: "express" as "express",
+      profile: "verification",
+    },
   ].forEach(({ profile, login, app }) => {
     describe(`for app ${app}`, () => {
       before(() => {
@@ -43,38 +43,38 @@ context('Account Verification Registration Errors', () => {
         cy.login(identity)
       })
 
-      it('is unable to verify the email address if the code is no longer valid and resend the code', () => {
+      it("is unable to verify the email address if the code is no longer valid and resend the code", () => {
         cy.shortLinkLifespan()
         cy.verifyEmailButExpired({
-          expect: { email: identity.email, password: identity.password }
+          expect: { email: identity.email, password: identity.password },
         })
 
         cy.longLinkLifespan()
 
-        cy.get(appPrefix(app) + 'input[name="email"]').should('be.empty')
+        cy.get(appPrefix(app) + 'input[name="email"]').should("be.empty")
         cy.get('input[name="email"]').type(identity.email)
         cy.get('button[value="link"]').click()
         cy.get('[data-testid="ui/message/1080001"]').should(
-          'contain.text',
-          'An email containing a verification'
+          "contain.text",
+          "An email containing a verification",
         )
         cy.verifyEmail({
-          expect: { email: identity.email, password: identity.password }
+          expect: { email: identity.email, password: identity.password },
         })
       })
 
-      it('is unable to verify the email address if the code is incorrect', () => {
+      it("is unable to verify the email address if the code is incorrect", () => {
         cy.getMail().then((mail) => {
-          const link = parseHtml(mail.body).querySelector('a')
+          const link = parseHtml(mail.body).querySelector("a")
 
           expect(verifyHrefPattern.test(link.href)).to.be.true
 
-          cy.visit(link.href + '-not') // add random stuff to the confirm challenge
+          cy.visit(link.href + "-not") // add random stuff to the confirm challenge
           cy.getSession().should((session) =>
             assertVerifiableAddress({
               isVerified: false,
-              email: identity.email
-            })(session)
+              email: identity.email,
+            })(session),
           )
         })
       })
diff --git a/test/e2e/cypress/integration/profiles/verification/registration/success.spec.ts b/test/e2e/cypress/integration/profiles/verification/registration/success.spec.ts
index fe0eaa77af71..f3064b3df286 100644
--- a/test/e2e/cypress/integration/profiles/verification/registration/success.spec.ts
+++ b/test/e2e/cypress/integration/profiles/verification/registration/success.spec.ts
@@ -1,20 +1,20 @@
-import { assertVerifiableAddress, gen } from '../../../../helpers'
+import { assertVerifiableAddress, gen } from "../../../../helpers"
 
-import { routes as react } from '../../../../helpers/react'
-import { routes as express } from '../../../../helpers/express'
+import { routes as react } from "../../../../helpers/react"
+import { routes as express } from "../../../../helpers/express"
 
-context('Account Verification Registration Success', () => {
+context("Account Verification Registration Success", () => {
   ;[
     {
       registration: react.registration,
-      app: 'react' as 'react',
-      profile: 'verification'
+      app: "react" as "react",
+      profile: "verification",
     },
     {
       registration: express.registration,
-      app: 'express' as 'express',
-      profile: 'verification'
-    }
+      app: "express" as "express",
+      profile: "verification",
+    },
   ].forEach(({ profile, registration, app }) => {
     describe(`for app ${app}`, () => {
       before(() => {
@@ -35,7 +35,7 @@ context('Account Verification Registration Success', () => {
       const up = (value) => `up-${value}`
       const { email, password } = gen.identity()
 
-      it('is able to verify the email address after sign up', () => {
+      it("is able to verify the email address after sign up", () => {
         const identity = gen.identityWithWebsite()
         const { email, password } = identity
         cy.registerApi(identity)
@@ -43,14 +43,14 @@ context('Account Verification Registration Success', () => {
         cy.getSession().should((session) =>
           assertVerifiableAddress({
             isVerified: false,
-            email
-          })(session)
+            email,
+          })(session),
         )
 
         cy.verifyEmail({ expect: { email, password } })
       })
 
-      xit('sends the warning email on double sign up', () => {
+      xit("sends the warning email on double sign up", () => {
         // FIXME https://github.com/ory/kratos/issues/133
         cy.clearAllCookies()
         cy.register({ email, password: up(password) })
@@ -60,7 +60,7 @@ context('Account Verification Registration Success', () => {
         cy.verifyEmail({ expect: { email, password } })
       })
 
-      it('is redirected to after_verification_return_to after verification', () => {
+      it("is redirected to after_verification_return_to after verification", () => {
         cy.clearAllCookies()
         const { email, password } = gen.identity()
         cy.register({
@@ -68,16 +68,16 @@ context('Account Verification Registration Success', () => {
           password,
           query: {
             after_verification_return_to:
-              'http://localhost:4455/verification_callback'
-          }
+              "http://localhost:4455/verification_callback",
+          },
         })
         cy.login({ email, password })
         cy.verifyEmail({
           expect: {
             email,
             password,
-            redirectTo: 'http://localhost:4455/verification_callback'
-          }
+            redirectTo: "http://localhost:4455/verification_callback",
+          },
         })
       })
     })
diff --git a/test/e2e/cypress/integration/profiles/verification/settings/error.spec.ts b/test/e2e/cypress/integration/profiles/verification/settings/error.spec.ts
index 6065f9eb4629..8967b9bd1250 100644
--- a/test/e2e/cypress/integration/profiles/verification/settings/error.spec.ts
+++ b/test/e2e/cypress/integration/profiles/verification/settings/error.spec.ts
@@ -3,26 +3,26 @@ import {
   assertVerifiableAddress,
   gen,
   parseHtml,
-  verifyHrefPattern
-} from '../../../../helpers'
+  verifyHrefPattern,
+} from "../../../../helpers"
 
-import { routes as react } from '../../../../helpers/react'
-import { routes as express } from '../../../../helpers/express'
+import { routes as react } from "../../../../helpers/react"
+import { routes as express } from "../../../../helpers/express"
 
-context('Account Verification Settings Error', () => {
+context("Account Verification Settings Error", () => {
   ;[
     {
       settings: react.settings,
       base: react.base,
-      app: 'react' as 'react',
-      profile: 'verification'
+      app: "react" as "react",
+      profile: "verification",
     },
     {
       settings: express.settings,
       base: express.base,
-      app: 'express' as 'express',
-      profile: 'verification'
-    }
+      app: "express" as "express",
+      profile: "verification",
+    },
   ].forEach(({ profile, settings, app, base }) => {
     describe(`for app ${app}`, () => {
       before(() => {
@@ -31,7 +31,7 @@ context('Account Verification Settings Error', () => {
         cy.proxy(app)
       })
 
-      describe('error flow', () => {
+      describe("error flow", () => {
         let identity
         before(() => {
           cy.deleteMail()
@@ -48,7 +48,7 @@ context('Account Verification Settings Error', () => {
           cy.visit(settings)
         })
 
-        it('is unable to verify the email address if the code is no longer valid', () => {
+        it("is unable to verify the email address if the code is no longer valid", () => {
           cy.shortLinkLifespan()
           cy.visit(settings)
 
@@ -59,29 +59,29 @@ context('Account Verification Settings Error', () => {
           cy.get('button[value="profile"]').click()
 
           cy.verifyEmailButExpired({
-            expect: { email, password: identity.password }
+            expect: { email, password: identity.password },
           })
         })
 
-        it('is unable to verify the email address if the code is incorrect', () => {
+        it("is unable to verify the email address if the code is incorrect", () => {
           const email = `not-${identity.email}`
           cy.get('input[name="traits.email"]').clear().type(email)
           cy.get('button[value="profile"]').click()
 
           cy.getMail().then((mail) => {
-            const link = parseHtml(mail.body).querySelector('a')
+            const link = parseHtml(mail.body).querySelector("a")
 
             expect(verifyHrefPattern.test(link.href)).to.be.true
 
-            cy.visit(link.href + '-not') // add random stuff to the confirm challenge
+            cy.visit(link.href + "-not") // add random stuff to the confirm challenge
             cy.log(link.href)
             cy.getSession().then(
-              assertVerifiableAddress({ isVerified: false, email })
+              assertVerifiableAddress({ isVerified: false, email }),
             )
           })
         })
 
-        xit('should not update the traits until the email has been verified and the old email has accepted the change', () => {
+        xit("should not update the traits until the email has been verified and the old email has accepted the change", () => {
           // FIXME https://github.com/ory/kratos/issues/292
         })
       })
diff --git a/test/e2e/cypress/integration/profiles/verification/settings/success.spec.ts b/test/e2e/cypress/integration/profiles/verification/settings/success.spec.ts
index ce0ad1e48218..cbd78400b5c2 100644
--- a/test/e2e/cypress/integration/profiles/verification/settings/success.spec.ts
+++ b/test/e2e/cypress/integration/profiles/verification/settings/success.spec.ts
@@ -2,23 +2,23 @@ import {
   APP_URL,
   appPrefix,
   assertVerifiableAddress,
-  gen
-} from '../../../../helpers'
-import { routes as react } from '../../../../helpers/react'
-import { routes as express } from '../../../../helpers/express'
+  gen,
+} from "../../../../helpers"
+import { routes as react } from "../../../../helpers/react"
+import { routes as express } from "../../../../helpers/express"
 
-context('Account Verification Settings Success', () => {
+context("Account Verification Settings Success", () => {
   ;[
     {
       settings: react.settings,
-      app: 'react' as 'react',
-      profile: 'verification'
+      app: "react" as "react",
+      profile: "verification",
     },
     {
       settings: express.settings,
-      app: 'express' as 'express',
-      profile: 'verification'
-    }
+      app: "express" as "express",
+      profile: "verification",
+    },
   ].forEach(({ profile, settings, app }) => {
     describe(`for app ${app}`, () => {
       before(() => {
@@ -41,22 +41,22 @@ context('Account Verification Settings Success', () => {
         cy.visit(settings)
       })
 
-      it('should update the verify address and request a verification email', () => {
+      it("should update the verify address and request a verification email", () => {
         const email = `not-${identity.email}`
         cy.get(appPrefix(app) + 'input[name="traits.email"]')
           .clear()
           .type(email)
         cy.get('[value="profile"]').click()
         cy.expectSettingsSaved()
-        cy.get('input[name="traits.email"]').should('contain.value', email)
+        cy.get('input[name="traits.email"]').should("contain.value", email)
         cy.getSession().then(
-          assertVerifiableAddress({ isVerified: false, email })
+          assertVerifiableAddress({ isVerified: false, email }),
         )
 
         cy.verifyEmail({ expect: { email } })
       })
 
-      xit('should should be able to allow or deny (and revert?) the address change', () => {
+      xit("should should be able to allow or deny (and revert?) the address change", () => {
         // FIXME https://github.com/ory/kratos/issues/292
       })
     })
diff --git a/test/e2e/cypress/integration/profiles/verification/verify/errors.spec.ts b/test/e2e/cypress/integration/profiles/verification/verify/errors.spec.ts
index a9418784b6f7..586f2da9390d 100644
--- a/test/e2e/cypress/integration/profiles/verification/verify/errors.spec.ts
+++ b/test/e2e/cypress/integration/profiles/verification/verify/errors.spec.ts
@@ -3,25 +3,25 @@ import {
   assertVerifiableAddress,
   gen,
   parseHtml,
-  verifyHrefPattern
-} from '../../../../helpers'
-import { routes as react } from '../../../../helpers/react'
-import { routes as express } from '../../../../helpers/express'
+  verifyHrefPattern,
+} from "../../../../helpers"
+import { routes as react } from "../../../../helpers/react"
+import { routes as express } from "../../../../helpers/express"
 
-context('Account Verification Error', () => {
+context("Account Verification Error", () => {
   ;[
     {
       verification: react.verification,
       base: react.base,
-      app: 'react' as 'react',
-      profile: 'verification'
+      app: "react" as "react",
+      profile: "verification",
     },
     {
       verification: express.verification,
       base: express.base,
-      app: 'express' as 'express',
-      profile: 'verification'
-    }
+      app: "express" as "express",
+      profile: "verification",
+    },
   ].forEach(({ profile, verification, app, base }) => {
     describe(`for app ${app}`, () => {
       before(() => {
@@ -43,53 +43,53 @@ context('Account Verification Error', () => {
         cy.visit(verification)
       })
 
-      it('responds with a HTML response on link click of an API flow if the flow is expired', () => {
+      it("responds with a HTML response on link click of an API flow if the flow is expired", () => {
         cy.updateConfigFile((config) => {
-          config.selfservice.flows.verification.lifespan = '1s'
+          config.selfservice.flows.verification.lifespan = "1s"
           return config
         })
 
         cy.verificationApi({
-          email: identity.email
+          email: identity.email,
         })
 
         cy.wait(1000)
         cy.shortVerificationLifespan()
 
         cy.getMail().then((message) => {
-          expect(message.subject).to.equal('Please verify your email address')
+          expect(message.subject).to.equal("Please verify your email address")
           expect(message.toAddresses[0].trim()).to.equal(identity.email)
 
-          const link = parseHtml(message.body).querySelector('a')
+          const link = parseHtml(message.body).querySelector("a")
 
           cy.longVerificationLifespan()
           cy.visit(link.href)
           cy.get('[data-testid="ui/message/4070005"]').should(
-            'contain.text',
-            'verification flow expired'
+            "contain.text",
+            "verification flow expired",
           )
 
           cy.getSession().should((session) => {
             assertVerifiableAddress({
               isVerified: false,
-              email: identity.email
+              email: identity.email,
             })(session)
           })
         })
       })
 
-      it('responds with a HTML response on link click of an API flow if the link is expired', () => {
+      it("responds with a HTML response on link click of an API flow if the link is expired", () => {
         cy.shortLinkLifespan()
 
         // Init expired flow
         cy.verificationApi({
-          email: identity.email
+          email: identity.email,
         })
 
         cy.verifyEmailButExpired({ expect: { email: identity.email } })
       })
 
-      it('is unable to verify the email address if the code is expired', () => {
+      it("is unable to verify the email address if the code is expired", () => {
         cy.shortLinkLifespan()
 
         cy.visit(verification)
@@ -97,43 +97,43 @@ context('Account Verification Error', () => {
         cy.get('button[value="link"]').click()
 
         cy.get('[data-testid="ui/message/1080001"]').should(
-          'contain.text',
-          'An email containing a verification'
+          "contain.text",
+          "An email containing a verification",
         )
-        cy.get('[name="method"][value="link"]').should('exist')
+        cy.get('[name="method"][value="link"]').should("exist")
         cy.verifyEmailButExpired({ expect: { email: identity.email } })
       })
 
-      it('is unable to verify the email address if the code is incorrect', () => {
+      it("is unable to verify the email address if the code is incorrect", () => {
         cy.get('input[name="email"]').type(identity.email)
         cy.get('button[value="link"]').click()
 
         cy.get('[data-testid="ui/message/1080001"]').should(
-          'contain.text',
-          'An email containing a verification'
+          "contain.text",
+          "An email containing a verification",
         )
 
         cy.getMail().then((mail) => {
-          const link = parseHtml(mail.body).querySelector('a')
+          const link = parseHtml(mail.body).querySelector("a")
 
           expect(verifyHrefPattern.test(link.href)).to.be.true
 
-          cy.visit(link.href + '-not') // add random stuff to the confirm challenge
+          cy.visit(link.href + "-not") // add random stuff to the confirm challenge
           cy.getSession().then(
             assertVerifiableAddress({
               isVerified: false,
-              email: identity.email
-            })
+              email: identity.email,
+            }),
           )
         })
       })
 
-      it('unable to verify non-existent account', async () => {
+      it("unable to verify non-existent account", async () => {
         cy.get('input[name="email"]').type(gen.identity().email)
         cy.get('button[value="link"]').click()
         cy.getMail().then((mail) => {
           expect(mail.subject).eq(
-            'Someone tried to verify this email address (remote)'
+            "Someone tried to verify this email address (remote)",
           )
         })
       })
diff --git a/test/e2e/cypress/integration/profiles/verification/verify/success.spec.ts b/test/e2e/cypress/integration/profiles/verification/verify/success.spec.ts
index 58d540ed9c63..367e144f4e64 100644
--- a/test/e2e/cypress/integration/profiles/verification/verify/success.spec.ts
+++ b/test/e2e/cypress/integration/profiles/verification/verify/success.spec.ts
@@ -1,19 +1,19 @@
-import { APP_URL, assertVerifiableAddress, gen } from '../../../../helpers'
-import { routes as react } from '../../../../helpers/react'
-import { routes as express } from '../../../../helpers/express'
+import { APP_URL, assertVerifiableAddress, gen } from "../../../../helpers"
+import { routes as react } from "../../../../helpers/react"
+import { routes as express } from "../../../../helpers/express"
 
-context('Account Verification Settings Success', () => {
+context("Account Verification Settings Success", () => {
   ;[
     {
       verification: react.verification,
-      app: 'react' as 'react',
-      profile: 'verification'
+      app: "react" as "react",
+      profile: "verification",
     },
     {
       verification: express.verification,
-      app: 'express' as 'express',
-      profile: 'verification'
-    }
+      app: "express" as "express",
+      profile: "verification",
+    },
   ].forEach(({ profile, verification, app }) => {
     describe(`for app ${app}`, () => {
       before(() => {
@@ -33,45 +33,45 @@ context('Account Verification Settings Success', () => {
         cy.visit(verification)
       })
 
-      it('should request verification and receive an email and verify it', () => {
+      it("should request verification and receive an email and verify it", () => {
         cy.get('input[name="email"]').type(identity.email)
         cy.get('button[value="link"]').click()
 
         cy.get('[data-testid="ui/message/1080001"]').should(
-          'contain.text',
-          'An email containing a verification'
+          "contain.text",
+          "An email containing a verification",
         )
 
-        cy.get('[name="method"][value="link"]').should('exist')
+        cy.get('[name="method"][value="link"]').should("exist")
 
         cy.verifyEmail({ expect: { email: identity.email } })
       })
 
-      it('should request verification for an email that does not exist yet', () => {
+      it("should request verification for an email that does not exist yet", () => {
         const email = `not-${identity.email}`
         cy.get('input[name="email"]').type(email)
         cy.get('button[value="link"]').click()
 
         cy.get('[data-testid="ui/message/1080001"]').should(
-          'contain.text',
-          'An email containing a verification'
+          "contain.text",
+          "An email containing a verification",
         )
 
         cy.getMail().should((message) => {
           expect(message.subject.trim()).to.equal(
-            'Someone tried to verify this email address'
+            "Someone tried to verify this email address",
           )
-          expect(message.fromAddress.trim()).to.equal('no-reply@ory.kratos.sh')
+          expect(message.fromAddress.trim()).to.equal("no-reply@ory.kratos.sh")
           expect(message.toAddresses).to.have.length(1)
           expect(message.toAddresses[0].trim()).to.equal(email)
         })
 
         cy.getSession().then(
-          assertVerifiableAddress({ isVerified: false, email: identity.email })
+          assertVerifiableAddress({ isVerified: false, email: identity.email }),
         )
       })
 
-      it('should not verify email when clicking on link received on different address', () => {
+      it("should not verify email when clicking on link received on different address", () => {
         cy.get('input[name="email"]').type(identity.email)
         cy.get('button[value="link"]').click()
 
@@ -87,7 +87,7 @@ context('Account Verification Settings Success', () => {
 
         cy.login(identity2)
 
-        cy.visit(APP_URL + '/verification')
+        cy.visit(APP_URL + "/verification")
 
         // request verification link for identity
         cy.get('input[name="email"]').type(identity.email)
@@ -97,11 +97,14 @@ context('Account Verification Settings Success', () => {
 
         // expect current session to still not have a verified email address
         cy.getSession().should(
-          assertVerifiableAddress({ email: identity2.email, isVerified: false })
+          assertVerifiableAddress({
+            email: identity2.email,
+            isVerified: false,
+          }),
         )
       })
 
-      it('should redirect to return_to after completing verification', () => {
+      it("should redirect to return_to after completing verification", () => {
         cy.clearAllCookies()
         // registered with other email address
         const identity2 = gen.identity()
@@ -110,8 +113,8 @@ context('Account Verification Settings Success', () => {
 
         cy.login(identity2)
 
-        cy.visit(APP_URL + '/self-service/verification/browser', {
-          qs: { return_to: 'http://localhost:4455/verification_callback' }
+        cy.visit(APP_URL + "/self-service/verification/browser", {
+          qs: { return_to: "http://localhost:4455/verification_callback" },
         })
         // request verification link for identity
         cy.get('input[name="email"]').type(identity2.email)
@@ -119,8 +122,8 @@ context('Account Verification Settings Success', () => {
         cy.verifyEmail({
           expect: {
             email: identity2.email,
-            redirectTo: 'http://localhost:4455/verification_callback'
-          }
+            redirectTo: "http://localhost:4455/verification_callback",
+          },
         })
       })
     })
diff --git a/test/e2e/cypress/integration/profiles/webhoooks/login/error.spec.ts b/test/e2e/cypress/integration/profiles/webhoooks/login/error.spec.ts
index acd6b9b649a8..6a30594b70fd 100644
--- a/test/e2e/cypress/integration/profiles/webhoooks/login/error.spec.ts
+++ b/test/e2e/cypress/integration/profiles/webhoooks/login/error.spec.ts
@@ -1,13 +1,13 @@
-import { gen } from '../../../../helpers'
-import { routes as express } from '../../../../helpers/express'
+import { gen } from "../../../../helpers"
+import { routes as express } from "../../../../helpers/express"
 
-describe('Basic email profile with failing login flows with webhooks', () => {
+describe("Basic email profile with failing login flows with webhooks", () => {
   ;[
     {
       route: express.login,
-      app: 'express' as 'express',
-      profile: 'webhooks'
-    }
+      app: "express" as "express",
+      profile: "webhooks",
+    },
   ].forEach(({ route, profile, app }) => {
     describe(`for app ${app}`, () => {
       before(() => {
@@ -20,7 +20,7 @@ describe('Basic email profile with failing login flows with webhooks', () => {
         cy.visit(route)
       })
 
-      it('should show fail to sign in when webhooks rejects login', () => {
+      it("should show fail to sign in when webhooks rejects login", () => {
         const email = gen.blockedEmail()
         const password = gen.password()
 
@@ -30,8 +30,8 @@ describe('Basic email profile with failing login flows with webhooks', () => {
 
         cy.submitPasswordForm()
         cy.get('*[data-testid="ui/message/1234"]').should(
-          'contain.text',
-          'email could not be validated'
+          "contain.text",
+          "email could not be validated",
         )
       })
     })
diff --git a/test/e2e/cypress/integration/profiles/webhoooks/login/success.spec.ts b/test/e2e/cypress/integration/profiles/webhoooks/login/success.spec.ts
index deb4a544df02..99f950e8d84d 100644
--- a/test/e2e/cypress/integration/profiles/webhoooks/login/success.spec.ts
+++ b/test/e2e/cypress/integration/profiles/webhoooks/login/success.spec.ts
@@ -1,19 +1,19 @@
-import { APP_URL, appPrefix, gen, website } from '../../../../helpers'
-import { routes as express } from '../../../../helpers/express'
+import { APP_URL, appPrefix, gen, website } from "../../../../helpers"
+import { routes as express } from "../../../../helpers/express"
 
-describe('Basic email profile with succeeding login flows with webhooks', () => {
+describe("Basic email profile with succeeding login flows with webhooks", () => {
   const email = gen.email()
   const password = gen.password()
 
   before(() => {
-    cy.registerApi({ email, password, fields: { 'traits.website': website } })
+    cy.registerApi({ email, password, fields: { "traits.website": website } })
   })
   ;[
     {
       route: express.login,
-      app: 'express' as 'express',
-      profile: 'webhooks'
-    }
+      app: "express" as "express",
+      profile: "webhooks",
+    },
   ].forEach(({ route, profile, app }) => {
     describe(`for app ${app}`, () => {
       before(() => {
@@ -26,16 +26,16 @@ describe('Basic email profile with succeeding login flows with webhooks', () =>
         cy.visit(route)
       })
 
-      it('should sign in and be logged in', () => {
+      it("should sign in and be logged in", () => {
         cy.get(`${appPrefix(app)}input[name="identifier"]`).type(email)
         cy.get('input[name="password"]').type(password)
         cy.submitPasswordForm()
-        cy.location('pathname').should('not.contain', '/login')
+        cy.location("pathname").should("not.contain", "/login")
 
         cy.getSession().should((session) => {
           const { identity } = session
           expect(identity.id).to.not.be.empty
-          expect(identity.schema_id).to.equal('default')
+          expect(identity.schema_id).to.equal("default")
           expect(identity.schema_url).to.equal(`${APP_URL}/schemas/ZGVmYXVsdA`)
           expect(identity.traits.email).to.equal(email)
         })
diff --git a/test/e2e/cypress/integration/profiles/webhoooks/registration/errors.spec.ts b/test/e2e/cypress/integration/profiles/webhoooks/registration/errors.spec.ts
index 4bd2637a9134..98a6704c4eb1 100644
--- a/test/e2e/cypress/integration/profiles/webhoooks/registration/errors.spec.ts
+++ b/test/e2e/cypress/integration/profiles/webhoooks/registration/errors.spec.ts
@@ -1,13 +1,13 @@
-import { gen } from '../../../../helpers'
-import { routes as express } from '../../../../helpers/express'
+import { gen } from "../../../../helpers"
+import { routes as express } from "../../../../helpers/express"
 
-describe('Registration failures with email profile with webhooks', () => {
+describe("Registration failures with email profile with webhooks", () => {
   ;[
     {
       route: express.registration,
-      app: 'express' as 'express',
-      profile: 'webhooks'
-    }
+      app: "express" as "express",
+      profile: "webhooks",
+    },
   ].forEach(({ route, profile, app }) => {
     describe(`for app ${app}`, () => {
       before(() => {
@@ -22,18 +22,18 @@ describe('Registration failures with email profile with webhooks', () => {
       const blockedIdentity = gen.blockedEmail()
       const password = gen.password()
 
-      it('should show an error when the webhook is blocking registration', () => {
+      it("should show an error when the webhook is blocking registration", () => {
         cy.get('input[name="traits.email"]').type(blockedIdentity)
         cy.get('input[name="password"]').type(password)
 
         cy.submitPasswordForm()
         cy.get('input[name="traits.email"]').should(
-          'have.value',
-          blockedIdentity
+          "have.value",
+          blockedIdentity,
         )
         cy.get('*[data-testid="ui/message/1234"]').should(
-          'contain.text',
-          'email could not be validated'
+          "contain.text",
+          "email could not be validated",
         )
       })
     })
diff --git a/test/e2e/cypress/integration/profiles/webhoooks/registration/success.spec.ts b/test/e2e/cypress/integration/profiles/webhoooks/registration/success.spec.ts
index b9d8bc5f6a52..026020699ed5 100644
--- a/test/e2e/cypress/integration/profiles/webhoooks/registration/success.spec.ts
+++ b/test/e2e/cypress/integration/profiles/webhoooks/registration/success.spec.ts
@@ -1,13 +1,13 @@
-import { APP_URL, appPrefix, gen } from '../../../../helpers'
-import { routes as express } from '../../../../helpers/express'
+import { APP_URL, appPrefix, gen } from "../../../../helpers"
+import { routes as express } from "../../../../helpers/express"
 
-context('Registration success with email profile with webhooks', () => {
+context("Registration success with email profile with webhooks", () => {
   ;[
     {
       route: express.registration,
-      app: 'express' as 'express',
-      profile: 'webhooks'
-    }
+      app: "express" as "express",
+      profile: "webhooks",
+    },
   ].forEach(({ route, profile, app }) => {
     describe(`for app ${app}`, () => {
       before(() => {
@@ -20,21 +20,21 @@ context('Registration success with email profile with webhooks', () => {
         cy.visit(route)
       })
 
-      it('should sign up and be logged in', () => {
+      it("should sign up and be logged in", () => {
         const email = gen.email()
         const password = gen.password()
 
-        cy.get(appPrefix(app) + 'input[name="traits"]').should('not.exist')
+        cy.get(appPrefix(app) + 'input[name="traits"]').should("not.exist")
         cy.get('input[name="traits.email"]').type(email)
         cy.get('input[name="password"]').type(password)
 
         cy.submitPasswordForm()
-        cy.get('pre').should('contain.text', email)
+        cy.get("pre").should("contain.text", email)
 
         cy.getSession().should((session) => {
           const { identity } = session
           expect(identity.id).to.not.be.empty
-          expect(identity.schema_id).to.equal('default')
+          expect(identity.schema_id).to.equal("default")
           expect(identity.schema_url).to.equal(`${APP_URL}/schemas/ZGVmYXVsdA`)
           expect(identity.traits.email).to.equal(email)
         })
diff --git a/test/e2e/cypress/plugins/index.js b/test/e2e/cypress/plugins/index.js
index 6f7c44ee22a2..c62ffbe0b5ff 100644
--- a/test/e2e/cypress/plugins/index.js
+++ b/test/e2e/cypress/plugins/index.js
@@ -1,7 +1,7 @@
 /// 
 
-const got = require('got')
-const CRI = require('chrome-remote-interface')
+const got = require("got")
+const CRI = require("chrome-remote-interface")
 let criPort = 0,
   criClient = null
 
@@ -15,11 +15,11 @@ module.exports = (on) => {
 
 function ensureRdpPort(args) {
   const existing = args.find(
-    (arg) => arg.slice(0, 23) === '--remote-debugging-port'
+    (arg) => arg.slice(0, 23) === "--remote-debugging-port",
   )
 
   if (existing) {
-    return Number(existing.split('=')[1])
+    return Number(existing.split("=")[1])
   }
 
   const port = 40000 + Math.round(Math.random() * 25000)
diff --git a/test/e2e/cypress/support/commands.ts b/test/e2e/cypress/support/commands.ts
index deb093b2d462..e80e0fc69205 100644
--- a/test/e2e/cypress/support/commands.ts
+++ b/test/e2e/cypress/support/commands.ts
@@ -8,19 +8,19 @@ import {
   MOBILE_URL,
   parseHtml,
   pollInterval,
-  privilegedLifespan
-} from '../helpers'
+  privilegedLifespan,
+} from "../helpers"
 
-import dayjs from 'dayjs'
-import YAML from 'yamljs'
-import { Session } from '@ory/kratos-client'
+import dayjs from "dayjs"
+import YAML from "yamljs"
+import { Session } from "@ory/kratos-client"
 
-const configFile = 'kratos.generated.yml'
+const configFile = "kratos.generated.yml"
 
 const mergeFields = (form, fields) => {
   const result = {}
   form.nodes.forEach(({ attributes, type }) => {
-    if (type === 'input') {
+    if (type === "input") {
       result[attributes.name] = attributes.value
     }
   })
@@ -30,12 +30,12 @@ const mergeFields = (form, fields) => {
 
 function checkConfigVersion(previous, tries = 0) {
   cy.wait(50)
-  cy.request('GET', KRATOS_ADMIN + '/health/config').then(({ body }) => {
+  cy.request("GET", KRATOS_ADMIN + "/health/config").then(({ body }) => {
     if (previous !== body) {
       return
     } else if (tries > 8) {
       console.warn(
-        'Config version did not change after 5 tries, maybe the changes did not have an effect?'
+        "Config version did not change after 5 tries, maybe the changes did not have an effect?",
       )
       return
     }
@@ -45,7 +45,7 @@ function checkConfigVersion(previous, tries = 0) {
 }
 
 const updateConfigFile = (cb: (arg: any) => any) => {
-  cy.request('GET', KRATOS_ADMIN + '/health/config').then(({ body }) => {
+  cy.request("GET", KRATOS_ADMIN + "/health/config").then(({ body }) => {
     cy.readFile(configFile).then((contents) => {
       cy.writeFile(configFile, YAML.stringify(cb(YAML.parse(contents))))
       cy.wait(500)
@@ -54,34 +54,34 @@ const updateConfigFile = (cb: (arg: any) => any) => {
   })
 }
 
-Cypress.Commands.add('useConfigProfile', (profile: string) => {
-  cy.request('GET', KRATOS_ADMIN + '/health/config').then(({ body }) => {
-    console.log('Switching config profile to:', profile)
+Cypress.Commands.add("useConfigProfile", (profile: string) => {
+  cy.request("GET", KRATOS_ADMIN + "/health/config").then(({ body }) => {
+    console.log("Switching config profile to:", profile)
     cy.readFile(`kratos.${profile}.yml`).then((contents) =>
-      cy.writeFile(configFile, contents)
+      cy.writeFile(configFile, contents),
     )
     checkConfigVersion(body)
   })
 })
 
-Cypress.Commands.add('proxy', (app: string) => {
-  console.log('Switching proxy profile to:', app)
+Cypress.Commands.add("proxy", (app: string) => {
+  console.log("Switching proxy profile to:", app)
   cy.writeFile(`proxy.json`, `"${app}"`)
-  cy.request(APP_URL + '/')
-    .its('body', { log: false })
+  cy.request(APP_URL + "/")
+    .its("body", { log: false })
     .then((body) => {
       expect(body.indexOf(`data-testid="app-${app}"`) > -1).to.be.true
     })
 })
 
-Cypress.Commands.add('shortPrivilegedSessionTime', ({} = {}) => {
+Cypress.Commands.add("shortPrivilegedSessionTime", ({} = {}) => {
   updateConfigFile((config) => {
-    config.selfservice.flows.settings.privileged_session_max_age = '1ms'
+    config.selfservice.flows.settings.privileged_session_max_age = "1ms"
     return config
   })
 })
 
-Cypress.Commands.add('setIdentitySchema', (schema: string) => {
+Cypress.Commands.add("setIdentitySchema", (schema: string) => {
   updateConfigFile((config) => {
     const id = gen.password()
     config.identity.default_schema_id = id
@@ -89,189 +89,189 @@ Cypress.Commands.add('setIdentitySchema', (schema: string) => {
       ...(config.identity.schemas || []),
       {
         id,
-        url: schema
-      }
+        url: schema,
+      },
     ]
     return config
   })
 })
 
-Cypress.Commands.add('setDefaultIdentitySchema', (id: string) => {
+Cypress.Commands.add("setDefaultIdentitySchema", (id: string) => {
   updateConfigFile((config) => {
     config.identity.default_schema_id = id
     return config
   })
 })
 
-Cypress.Commands.add('longPrivilegedSessionTime', ({} = {}) => {
+Cypress.Commands.add("longPrivilegedSessionTime", ({} = {}) => {
   updateConfigFile((config) => {
-    config.selfservice.flows.settings.privileged_session_max_age = '5m'
+    config.selfservice.flows.settings.privileged_session_max_age = "5m"
     return config
   })
 })
-Cypress.Commands.add('longVerificationLifespan', ({} = {}) => {
+Cypress.Commands.add("longVerificationLifespan", ({} = {}) => {
   updateConfigFile((config) => {
-    config.selfservice.flows.verification.lifespan = '1m'
+    config.selfservice.flows.verification.lifespan = "1m"
     return config
   })
 })
-Cypress.Commands.add('shortVerificationLifespan', ({} = {}) => {
+Cypress.Commands.add("shortVerificationLifespan", ({} = {}) => {
   updateConfigFile((config) => {
-    config.selfservice.flows.verification.lifespan = '1ms'
+    config.selfservice.flows.verification.lifespan = "1ms"
     return config
   })
 })
-Cypress.Commands.add('sessionRequiresNo2fa', ({} = {}) => {
+Cypress.Commands.add("sessionRequiresNo2fa", ({} = {}) => {
   updateConfigFile((config) => {
-    config.session.whoami.required_aal = 'aal1'
+    config.session.whoami.required_aal = "aal1"
     return config
   })
 })
-Cypress.Commands.add('sessionRequires2fa', ({} = {}) => {
+Cypress.Commands.add("sessionRequires2fa", ({} = {}) => {
   updateConfigFile((config) => {
-    config.session.whoami.required_aal = 'highest_available'
+    config.session.whoami.required_aal = "highest_available"
     return config
   })
 })
-Cypress.Commands.add('shortLinkLifespan', ({} = {}) => {
+Cypress.Commands.add("shortLinkLifespan", ({} = {}) => {
   updateConfigFile((config) => {
-    config.selfservice.methods.link.config.lifespan = '1ms'
+    config.selfservice.methods.link.config.lifespan = "1ms"
     return config
   })
 })
-Cypress.Commands.add('longLinkLifespan', ({} = {}) => {
+Cypress.Commands.add("longLinkLifespan", ({} = {}) => {
   updateConfigFile((config) => {
-    config.selfservice.methods.link.config.lifespan = '1m'
+    config.selfservice.methods.link.config.lifespan = "1m"
     return config
   })
 })
 
-Cypress.Commands.add('longRecoveryLifespan', ({} = {}) => {
+Cypress.Commands.add("longRecoveryLifespan", ({} = {}) => {
   updateConfigFile((config) => {
-    config.selfservice.flows.recovery.lifespan = '1m'
+    config.selfservice.flows.recovery.lifespan = "1m"
     return config
   })
 })
 
-Cypress.Commands.add('enableLoginForVerifiedAddressOnly', () => {
+Cypress.Commands.add("enableLoginForVerifiedAddressOnly", () => {
   updateConfigFile((config) => {
-    config.selfservice.flows.login['after'] = {
-      password: { hooks: [{ hook: 'require_verified_address' }] }
+    config.selfservice.flows.login["after"] = {
+      password: { hooks: [{ hook: "require_verified_address" }] },
     }
     return config
   })
 })
 
-Cypress.Commands.add('shortLoginLifespan', ({} = {}) => {
+Cypress.Commands.add("shortLoginLifespan", ({} = {}) => {
   updateConfigFile((config) => {
-    config.selfservice.flows.login.lifespan = '100ms'
+    config.selfservice.flows.login.lifespan = "100ms"
     return config
   })
 })
-Cypress.Commands.add('longLoginLifespan', ({} = {}) => {
+Cypress.Commands.add("longLoginLifespan", ({} = {}) => {
   updateConfigFile((config) => {
-    config.selfservice.flows.login.lifespan = '1h'
+    config.selfservice.flows.login.lifespan = "1h"
     return config
   })
 })
 
-Cypress.Commands.add('shortRecoveryLifespan', ({} = {}) => {
+Cypress.Commands.add("shortRecoveryLifespan", ({} = {}) => {
   updateConfigFile((config) => {
-    config.selfservice.flows.recovery.lifespan = '1ms'
+    config.selfservice.flows.recovery.lifespan = "1ms"
     return config
   })
 })
 
-Cypress.Commands.add('requireStrictAal', () => {
+Cypress.Commands.add("requireStrictAal", () => {
   updateConfigFile((config) => {
-    config.selfservice.flows.settings.required_aal = 'highest_available'
-    config.session.whoami.required_aal = 'highest_available'
+    config.selfservice.flows.settings.required_aal = "highest_available"
+    config.session.whoami.required_aal = "highest_available"
     return config
   })
 })
 
-Cypress.Commands.add('useLaxAal', ({} = {}) => {
+Cypress.Commands.add("useLaxAal", ({} = {}) => {
   updateConfigFile((config) => {
-    config.selfservice.flows.settings.required_aal = 'aal1'
-    config.session.whoami.required_aal = 'aal1'
+    config.selfservice.flows.settings.required_aal = "aal1"
+    config.session.whoami.required_aal = "aal1"
     return config
   })
 })
 
-Cypress.Commands.add('disableVerification', ({} = {}) => {
+Cypress.Commands.add("disableVerification", ({} = {}) => {
   updateConfigFile((config) => {
     config.selfservice.flows.verification.enabled = false
     return config
   })
 })
 
-Cypress.Commands.add('enableVerification', ({} = {}) => {
+Cypress.Commands.add("enableVerification", ({} = {}) => {
   updateConfigFile((config) => {
     config.selfservice.flows.verification.enabled = true
     return config
   })
 })
 
-Cypress.Commands.add('enableRecovery', ({} = {}) => {
+Cypress.Commands.add("enableRecovery", ({} = {}) => {
   updateConfigFile((config) => {
     config.selfservice.flows.recovery.enabled = true
     return config
   })
 })
 
-Cypress.Commands.add('disableRecovery', ({} = {}) => {
+Cypress.Commands.add("disableRecovery", ({} = {}) => {
   updateConfigFile((config) => {
     config.selfservice.flows.recovery.enabled = false
     return config
   })
 })
 
-Cypress.Commands.add('disableRegistration', ({} = {}) => {
+Cypress.Commands.add("disableRegistration", ({} = {}) => {
   updateConfigFile((config) => {
     config.selfservice.flows.registration.enabled = false
     return config
   })
 })
 
-Cypress.Commands.add('enableRegistration', ({} = {}) => {
+Cypress.Commands.add("enableRegistration", ({} = {}) => {
   updateConfigFile((config) => {
     config.selfservice.flows.registration.enabled = true
     return config
   })
 })
 
-Cypress.Commands.add('useLaxAal', ({} = {}) => {
+Cypress.Commands.add("useLaxAal", ({} = {}) => {
   updateConfigFile((config) => {
-    config.selfservice.flows.settings.required_aal = 'aal1'
-    config.session.whoami.required_aal = 'aal1'
+    config.selfservice.flows.settings.required_aal = "aal1"
+    config.session.whoami.required_aal = "aal1"
     return config
   })
 })
 
-Cypress.Commands.add('updateConfigFile', (cb: (arg: any) => any) => {
+Cypress.Commands.add("updateConfigFile", (cb: (arg: any) => any) => {
   updateConfigFile(cb)
 })
 
 Cypress.Commands.add(
-  'register',
+  "register",
   ({
     email = gen.email(),
     password = gen.password(),
     query = {},
-    fields = {}
+    fields = {},
   } = {}) => {
-    console.log('Creating user account: ', { email, password })
+    console.log("Creating user account: ", { email, password })
 
     // see https://github.com/cypress-io/cypress/issues/408
     cy.clearAllCookies()
 
     cy.request({
-      url: APP_URL + '/self-service/registration/browser',
+      url: APP_URL + "/self-service/registration/browser",
       followRedirect: false,
       headers: {
-        Accept: 'application/json'
+        Accept: "application/json",
       },
-      qs: query
+      qs: query,
     })
       .then(({ body, status }) => {
         expect(status).to.eq(200)
@@ -280,26 +280,26 @@ Cypress.Commands.add(
           method: form.method,
           body: mergeFields(form, {
             ...fields,
-            'traits.email': email,
+            "traits.email": email,
             password,
-            method: 'password'
+            method: "password",
           }),
           url: form.action,
-          followRedirect: false
+          followRedirect: false,
         })
       })
       .then(({ body }) => {
         expect(body.identity.traits.email).to.contain(email)
       })
-  }
+  },
 )
 
 Cypress.Commands.add(
-  'registerApi',
+  "registerApi",
   ({ email = gen.email(), password = gen.password(), fields = {} } = {}) =>
     cy
       .request({
-        url: APP_URL + '/self-service/registration/api'
+        url: APP_URL + "/self-service/registration/api",
       })
       .then(({ body }) => {
         const form = body.ui
@@ -307,42 +307,42 @@ Cypress.Commands.add(
           method: form.method,
           body: mergeFields(form, {
             ...fields,
-            'traits.email': email,
+            "traits.email": email,
             password,
-            method: 'password'
+            method: "password",
           }),
-          url: form.action
+          url: form.action,
         })
       })
       .then(({ body }) => {
         expect(body.identity.traits.email).to.contain(email)
-      })
+      }),
 )
 
-Cypress.Commands.add('settingsApi', ({ fields = {} } = {}) =>
+Cypress.Commands.add("settingsApi", ({ fields = {} } = {}) =>
   cy
     .request({
-      url: APP_URL + '/self-service/settings/api'
+      url: APP_URL + "/self-service/settings/api",
     })
     .then(({ body }) => {
       const form = body.ui
       return cy.request({
         method: form.method,
         body: mergeFields(form, {
-          ...fields
+          ...fields,
         }),
-        url: form.action
+        url: form.action,
       })
     })
     .then(({ body }) => {
       expect(body.statusCode).to.eq(200)
-    })
+    }),
 )
 
-Cypress.Commands.add('loginApi', ({ email, password } = {}) =>
+Cypress.Commands.add("loginApi", ({ email, password } = {}) =>
   cy
     .request({
-      url: APP_URL + '/self-service/login/api'
+      url: APP_URL + "/self-service/login/api",
     })
     .then(({ body }) => {
       const form = body.ui
@@ -351,36 +351,36 @@ Cypress.Commands.add('loginApi', ({ email, password } = {}) =>
         body: mergeFields(form, {
           identifier: email,
           password,
-          method: 'password'
+          method: "password",
         }),
-        url: form.action
+        url: form.action,
       })
     })
     .then(({ body }) => {
       expect(body.session.identity.traits.email).to.contain(email)
-    })
+    }),
 )
 
-Cypress.Commands.add('loginApiWithoutCookies', ({ email, password } = {}) => {
-  cy.task('httpRequest', {
-    url: APP_URL + '/self-service/login/api',
+Cypress.Commands.add("loginApiWithoutCookies", ({ email, password } = {}) => {
+  cy.task("httpRequest", {
+    url: APP_URL + "/self-service/login/api",
     headers: {
-      Accept: 'application/json'
+      Accept: "application/json",
     },
-    responseType: 'json'
+    responseType: "json",
   }).should((body: any) => {
-    cy.task('httpRequest', {
+    cy.task("httpRequest", {
       method: body.ui.method,
       json: mergeFields(body.ui, {
         identifier: email,
         password,
-        method: 'password'
+        method: "password",
       }),
       headers: {
-        Accept: 'application/json'
+        Accept: "application/json",
       },
-      responseType: 'json',
-      url: body.ui.action
+      responseType: "json",
+      url: body.ui.action,
     }).should((body: any) => {
       expect(body.session.identity.traits.email).to.contain(email)
       return body
@@ -388,10 +388,10 @@ Cypress.Commands.add('loginApiWithoutCookies', ({ email, password } = {}) => {
   })
 })
 
-Cypress.Commands.add('recoverApi', ({ email, returnTo }) => {
-  let url = APP_URL + '/self-service/recovery/api'
+Cypress.Commands.add("recoverApi", ({ email, returnTo }) => {
+  let url = APP_URL + "/self-service/recovery/api"
   if (returnTo) {
-    url += '?return_to=' + returnTo
+    url += "?return_to=" + returnTo
   }
   cy.request({ url })
     .then(({ body }) => {
@@ -399,23 +399,23 @@ Cypress.Commands.add('recoverApi', ({ email, returnTo }) => {
       // label should still exist after request, for more detail: #2591
       expect(form.nodes[1].meta).to.not.be.null
       expect(form.nodes[1].meta.label).to.not.be.null
-      expect(form.nodes[1].meta.label.text).to.equal('Email')
+      expect(form.nodes[1].meta.label.text).to.equal("Email")
 
       return cy.request({
         method: form.method,
-        body: mergeFields(form, { email, method: 'link' }),
-        url: form.action
+        body: mergeFields(form, { email, method: "link" }),
+        url: form.action,
       })
     })
     .then(({ body }) => {
-      expect(body.state).to.contain('sent_email')
+      expect(body.state).to.contain("sent_email")
     })
 })
 
-Cypress.Commands.add('verificationApi', ({ email, returnTo }) => {
-  let url = APP_URL + '/self-service/verification/api'
+Cypress.Commands.add("verificationApi", ({ email, returnTo }) => {
+  let url = APP_URL + "/self-service/verification/api"
   if (returnTo) {
-    url += '?return_to=' + returnTo
+    url += "?return_to=" + returnTo
   }
   cy.request({ url })
     .then(({ body }) => {
@@ -423,88 +423,88 @@ Cypress.Commands.add('verificationApi', ({ email, returnTo }) => {
       // label should still exist after request, for more detail: #2591
       expect(form.nodes[1].meta).to.not.be.null
       expect(form.nodes[1].meta.label).to.not.be.null
-      expect(form.nodes[1].meta.label.text).to.equal('Email')
+      expect(form.nodes[1].meta.label.text).to.equal("Email")
 
       return cy.request({
         method: form.method,
-        body: mergeFields(form, { email, method: 'link' }),
-        url: form.action
+        body: mergeFields(form, { email, method: "link" }),
+        url: form.action,
       })
     })
     .then(({ body }) => {
-      expect(body.state).to.contain('sent_email')
+      expect(body.state).to.contain("sent_email")
     })
 })
 
-Cypress.Commands.add('verificationApiExpired', ({ email, returnTo }) => {
+Cypress.Commands.add("verificationApiExpired", ({ email, returnTo }) => {
   cy.shortVerificationLifespan()
-  let url = APP_URL + '/self-service/verification/api'
+  let url = APP_URL + "/self-service/verification/api"
   if (returnTo) {
-    url += '?return_to=' + returnTo
+    url += "?return_to=" + returnTo
   }
   cy.request({ url })
     .then(({ body }) => {
       const form = body.ui
       return cy.request({
         method: form.method,
-        body: mergeFields(form, { email, method: 'link' }),
+        body: mergeFields(form, { email, method: "link" }),
         url: form.action,
-        failOnStatusCode: false
+        failOnStatusCode: false,
       })
     })
     .then((response) => {
       expect(response.status).to.eq(410)
       expect(response.body.error.reason).to.eq(
-        'The verification flow has expired. Redirect the user to the verification flow init endpoint to initialize a new verification flow.'
+        "The verification flow has expired. Redirect the user to the verification flow init endpoint to initialize a new verification flow.",
       )
       expect(response.body.error.details.redirect_to).to.eq(
-        'http://localhost:4455/self-service/verification/browser'
+        "http://localhost:4455/self-service/verification/browser",
       )
     })
 })
 
-Cypress.Commands.add('verificationBrowser', ({ email, returnTo }) => {
-  let url = APP_URL + '/self-service/verification/browser'
+Cypress.Commands.add("verificationBrowser", ({ email, returnTo }) => {
+  let url = APP_URL + "/self-service/verification/browser"
   if (returnTo) {
-    url += '?return_to=' + returnTo
+    url += "?return_to=" + returnTo
   }
   cy.request({ url })
     .then(({ body }) => {
       const form = body.ui
       return cy.request({
         method: form.method,
-        body: mergeFields(form, { email, method: 'link' }),
-        url: form.action
+        body: mergeFields(form, { email, method: "link" }),
+        url: form.action,
       })
     })
     .then(({ body }) => {
-      expect(body.state).to.contain('sent_email')
+      expect(body.state).to.contain("sent_email")
     })
 })
-Cypress.Commands.add('addVirtualAuthenticator', () =>
+Cypress.Commands.add("addVirtualAuthenticator", () =>
   cy
-    .task('sendCRI', {
-      query: 'WebAuthn.enable',
-      opts: {}
+    .task("sendCRI", {
+      query: "WebAuthn.enable",
+      opts: {},
     })
     .then(() =>
-      cy.task('sendCRI', {
-        query: 'WebAuthn.addVirtualAuthenticator',
+      cy.task("sendCRI", {
+        query: "WebAuthn.addVirtualAuthenticator",
         opts: {
           options: {
-            protocol: 'ctap2',
-            transport: 'usb',
+            protocol: "ctap2",
+            transport: "usb",
             hasResidentKey: true,
             hasUserVerification: true,
-            isUserVerified: true
-          }
-        }
-      })
-    )
+            isUserVerified: true,
+          },
+        },
+      }),
+    ),
 )
 
 Cypress.Commands.add(
-  'registerOidc',
+  "registerOidc",
   ({
     email,
     website,
@@ -514,128 +514,128 @@ Cypress.Commands.add(
     acceptLogin = true,
     acceptConsent = true,
     expectSession = true,
-    route = APP_URL + '/registration'
+    route = APP_URL + "/registration",
   }) => {
     cy.visit(route)
 
     cy.triggerOidc()
 
-    cy.get('#username').type(email)
+    cy.get("#username").type(email)
     if (rememberLogin) {
-      cy.get('#remember').click()
+      cy.get("#remember").click()
     }
     if (acceptLogin) {
-      cy.get('#accept').click()
+      cy.get("#accept").click()
     } else {
-      cy.get('#reject').click()
+      cy.get("#reject").click()
     }
 
     if (scopes) {
       scopes.forEach((scope) => {
-        cy.get('#' + scope).click()
+        cy.get("#" + scope).click()
       })
     } else {
       cy.get('input[name="scope"]').each(($el) => cy.wrap($el).click())
     }
 
     if (website) {
-      cy.get('#website').clear().type(website)
+      cy.get("#website").clear().type(website)
     }
 
     if (rememberConsent) {
-      cy.get('#remember').click()
+      cy.get("#remember").click()
     }
 
     if (acceptConsent) {
-      cy.get('#accept').click()
+      cy.get("#accept").click()
     } else {
-      cy.get('#reject').click()
+      cy.get("#reject").click()
     }
-    cy.location('pathname').should('not.include', 'consent')
+    cy.location("pathname").should("not.include", "consent")
 
     if (expectSession) {
       cy.getSession()
     } else {
       cy.noSession()
     }
-  }
+  },
 )
 
-Cypress.Commands.add('shortRegisterLifespan', ({} = {}) => {
+Cypress.Commands.add("shortRegisterLifespan", ({} = {}) => {
   updateConfigFile((config) => {
-    config.selfservice.flows.registration.lifespan = '100ms'
+    config.selfservice.flows.registration.lifespan = "100ms"
     return config
   })
 })
 
-Cypress.Commands.add('longRegisterLifespan', ({} = {}) => {
+Cypress.Commands.add("longRegisterLifespan", ({} = {}) => {
   updateConfigFile((config) => {
-    config.selfservice.flows.registration.lifespan = '1h'
+    config.selfservice.flows.registration.lifespan = "1h"
     return config
   })
 })
 
-Cypress.Commands.add('browserReturnUrlOry', ({} = {}) => {
+Cypress.Commands.add("browserReturnUrlOry", ({} = {}) => {
   updateConfigFile((config) => {
     config.selfservice.allowed_return_urls = [
-      'https://www.ory.sh/',
-      'https://www.example.org/'
+      "https://www.ory.sh/",
+      "https://www.example.org/",
     ]
     return config
   })
 })
 
-Cypress.Commands.add('remoteCourierRecoveryTemplates', ({} = {}) => {
+Cypress.Commands.add("remoteCourierRecoveryTemplates", ({} = {}) => {
   updateConfigFile((config) => {
     config.courier.templates = {
       recovery: {
         invalid: {
           email: {
             body: {
-              html: 'base64://SGksCgp0aGlzIGlzIGEgcmVtb3RlIGludmFsaWQgcmVjb3ZlcnkgdGVtcGxhdGU=',
+              html: "base64://SGksCgp0aGlzIGlzIGEgcmVtb3RlIGludmFsaWQgcmVjb3ZlcnkgdGVtcGxhdGU=",
               plaintext:
-                'base64://SGksCgp0aGlzIGlzIGEgcmVtb3RlIGludmFsaWQgcmVjb3ZlcnkgdGVtcGxhdGU='
+                "base64://SGksCgp0aGlzIGlzIGEgcmVtb3RlIGludmFsaWQgcmVjb3ZlcnkgdGVtcGxhdGU=",
             },
-            subject: 'base64://QWNjb3VudCBBY2Nlc3MgQXR0ZW1wdGVk'
-          }
+            subject: "base64://QWNjb3VudCBBY2Nlc3MgQXR0ZW1wdGVk",
+          },
         },
         valid: {
           email: {
             body: {
-              html: 'base64://SGksCgp0aGlzIGlzIGEgcmVtb3RlIHRlbXBsYXRlCnBsZWFzZSByZWNvdmVyIGFjY2VzcyB0byB5b3VyIGFjY291bnQgYnkgY2xpY2tpbmcgdGhlIGZvbGxvd2luZyBsaW5rOgo8YSBocmVmPSJ7eyAuUmVjb3ZlcnlVUkwgfX0iPnt7IC5SZWNvdmVyeVVSTCB9fTwvYT4=',
+              html: "base64://SGksCgp0aGlzIGlzIGEgcmVtb3RlIHRlbXBsYXRlCnBsZWFzZSByZWNvdmVyIGFjY2VzcyB0byB5b3VyIGFjY291bnQgYnkgY2xpY2tpbmcgdGhlIGZvbGxvd2luZyBsaW5rOgo8YSBocmVmPSJ7eyAuUmVjb3ZlcnlVUkwgfX0iPnt7IC5SZWNvdmVyeVVSTCB9fTwvYT4=",
               plaintext:
-                'base64://SGksCgp0aGlzIGlzIGEgcmVtb3RlIHRlbXBsYXRlCnBsZWFzZSByZWNvdmVyIGFjY2VzcyB0byB5b3VyIGFjY291bnQgYnkgY2xpY2tpbmcgdGhlIGZvbGxvd2luZyBsaW5rOgp7eyAuUmVjb3ZlcnlVUkwgfX0='
+                "base64://SGksCgp0aGlzIGlzIGEgcmVtb3RlIHRlbXBsYXRlCnBsZWFzZSByZWNvdmVyIGFjY2VzcyB0byB5b3VyIGFjY291bnQgYnkgY2xpY2tpbmcgdGhlIGZvbGxvd2luZyBsaW5rOgp7eyAuUmVjb3ZlcnlVUkwgfX0=",
             },
-            subject: 'base64://UmVjb3ZlciBhY2Nlc3MgdG8geW91ciBhY2NvdW50'
-          }
-        }
-      }
+            subject: "base64://UmVjb3ZlciBhY2Nlc3MgdG8geW91ciBhY2NvdW50",
+          },
+        },
+      },
     }
     return config
   })
 })
 
 Cypress.Commands.add(
-  'loginOidc',
-  ({ expectSession = true, url = APP_URL + '/login' }) => {
+  "loginOidc",
+  ({ expectSession = true, url = APP_URL + "/login" }) => {
     cy.visit(url)
-    cy.triggerOidc('hydra')
-    cy.location('href').should('not.eq', '/consent')
+    cy.triggerOidc("hydra")
+    cy.location("href").should("not.eq", "/consent")
     if (expectSession) {
       cy.getSession()
     } else {
       cy.noSession()
     }
-  }
+  },
 )
 
 Cypress.Commands.add(
-  'login',
+  "login",
   ({ email, password, expectSession = true, cookieUrl = APP_URL }) => {
     if (expectSession) {
-      console.log('Singing in user: ', { email, password })
+      console.log("Singing in user: ", { email, password })
     } else {
-      console.log('Attempting user sign in: ', { email, password })
+      console.log("Attempting user sign in: ", { email, password })
     }
 
     // see https://github.com/cypress-io/cypress/issues/408
@@ -644,12 +644,12 @@ Cypress.Commands.add(
 
     cy.longPrivilegedSessionTime()
     cy.request({
-      url: APP_URL + '/self-service/login/browser',
+      url: APP_URL + "/self-service/login/browser",
       followRedirect: false,
       failOnStatusCode: false,
       headers: {
-        Accept: 'application/json'
-      }
+        Accept: "application/json",
+      },
     })
       .then(({ body, status }) => {
         expect(status).to.eq(200)
@@ -659,21 +659,21 @@ Cypress.Commands.add(
           body: mergeFields(form, {
             identifier: email,
             password,
-            method: 'password'
+            method: "password",
           }),
           headers: {
-            Accept: 'application/json'
+            Accept: "application/json",
           },
           url: form.action,
           followRedirect: false,
-          failOnStatusCode: false
+          failOnStatusCode: false,
         })
       })
       .then(({ status }) => {
-        console.log('Login sequence completed: ', {
+        console.log("Login sequence completed: ", {
           email,
           password,
-          expectSession
+          expectSession,
         })
         if (expectSession) {
           expect(status).to.eq(200)
@@ -683,20 +683,20 @@ Cypress.Commands.add(
           return cy.noSession()
         }
       })
-  }
+  },
 )
 
-Cypress.Commands.add('loginMobile', ({ email, password }) => {
-  cy.visit(MOBILE_URL + '/Login')
+Cypress.Commands.add("loginMobile", ({ email, password }) => {
+  cy.visit(MOBILE_URL + "/Login")
   cy.get('input[data-testid="identifier"]').type(email)
   cy.get('input[data-testid="password"]').type(password)
   cy.get('div[data-testid="submit-form"]').click()
 })
 
-Cypress.Commands.add('logout', () => {
+Cypress.Commands.add("logout", () => {
   cy.getCookies().should((cookies) => {
     const c = cookies.find(
-      ({ name }) => name.indexOf('ory_kratos_session') > -1
+      ({ name }) => name.indexOf("ory_kratos_session") > -1,
     )
     expect(c).to.not.be.undefined
     cy.clearCookie(c.name)
@@ -705,27 +705,27 @@ Cypress.Commands.add('logout', () => {
 })
 
 Cypress.Commands.add(
-  'reauthWithOtherAccount',
+  "reauthWithOtherAccount",
   ({
     previousUrl,
     expect: { email, success = true },
     type: { email: temail, password: tpassword } = {
       email: undefined,
-      password: undefined
-    }
+      password: undefined,
+    },
   }) => {
-    cy.location('pathname').should('contain', '/login')
+    cy.location("pathname").should("contain", "/login")
     cy.location().then((loc) => {
       const uri = new URLSearchParams(loc.search)
-      const flow = uri.get('flow')
+      const flow = uri.get("flow")
       expect(flow).to.not.be.empty
       cy.request({
         url: APP_URL + `/self-service/login/flows?id=${flow}`,
         followRedirect: false,
         failOnStatusCode: false,
         headers: {
-          Accept: 'application/json'
-        }
+          Accept: "application/json",
+        },
       }).then(({ body, status }) => {
         expect(status).to.eq(200)
         const form = body.ui
@@ -736,15 +736,15 @@ Cypress.Commands.add(
             body: mergeFields(form, {
               identifier: temail || email,
               password: tpassword,
-              method: 'password'
+              method: "password",
             }),
             headers: {
-              Accept: 'application/json',
-              ContentType: 'application/json'
+              Accept: "application/json",
+              ContentType: "application/json",
             },
             url: form.action,
             followRedirect: false,
-            failOnStatusCode: false
+            failOnStatusCode: false,
           })
           .then((res) => {
             expect(res.status).to.eq(200)
@@ -752,21 +752,21 @@ Cypress.Commands.add(
           })
       })
     })
-  }
+  },
 )
 Cypress.Commands.add(
-  'reauth',
+  "reauth",
   ({
     expect: { email, success = true },
     type: { email: temail, password: tpassword } = {
       email: undefined,
-      password: undefined
-    }
+      password: undefined,
+    },
   }) => {
-    cy.location('pathname').should('contain', '/login')
-    cy.get('input[name="identifier"]').should('have.value', email)
+    cy.location("pathname").should("contain", "/login")
+    cy.get('input[name="identifier"]').should("have.value", email)
     if (temail) {
-      cy.get('input[name="identifier"]').invoke('attr', 'value', temail)
+      cy.get('input[name="identifier"]').invoke("attr", "value", temail)
     }
     if (tpassword) {
       cy.get('input[name="password"]').clear().type(tpassword)
@@ -774,22 +774,22 @@ Cypress.Commands.add(
     cy.longPrivilegedSessionTime()
     cy.get('button[value="password"]').click()
     if (success) {
-      cy.location('pathname').should('not.contain', '/login')
+      cy.location("pathname").should("not.contain", "/login")
     }
-  }
+  },
 )
 
-Cypress.Commands.add('deleteMail', ({ atLeast = 0 } = {}) => {
+Cypress.Commands.add("deleteMail", ({ atLeast = 0 } = {}) => {
   let tries = 0
   let count = 0
   const req = () =>
     cy
-      .request('DELETE', `${MAIL_API}/mail`, { pruneCode: 'all' })
+      .request("DELETE", `${MAIL_API}/mail`, { pruneCode: "all" })
       .then(({ body }) => {
         count += parseInt(body)
         if (count < atLeast && tries < 100) {
           cy.log(
-            `Expected at least ${atLeast} messages but deleteted only ${count} so far (body: ${body})`
+            `Expected at least ${atLeast} messages but deleteted only ${count} so far (body: ${body})`,
           )
           tries++
           cy.wait(pollInterval)
@@ -803,27 +803,27 @@ Cypress.Commands.add('deleteMail', ({ atLeast = 0 } = {}) => {
 })
 
 Cypress.Commands.add(
-  'getSession',
-  ({ expectAal = 'aal1', expectMethods = [] } = {}) => {
+  "getSession",
+  ({ expectAal = "aal1", expectMethods = [] } = {}) => {
     // Do the request once to ensure we have a session (with retry)
-    cy.request('GET', `${KRATOS_PUBLIC}/sessions/whoami`)
-      .its('status')
-      .should('eq', 200)
+    cy.request("GET", `${KRATOS_PUBLIC}/sessions/whoami`)
+      .its("status")
+      .should("eq", 200)
 
     // Return the session for further propagation
     return cy
-      .request('GET', `${KRATOS_PUBLIC}/sessions/whoami`)
+      .request("GET", `${KRATOS_PUBLIC}/sessions/whoami`)
       .then((response) => {
         expect(response.body.id).to.not.be.empty
         expect(dayjs().isBefore(dayjs(response.body.expires_at))).to.be.true
 
         // Add a grace second for MySQL which does not support millisecs.
-        expect(dayjs().isAfter(dayjs(response.body.issued_at).subtract(1, 's')))
+        expect(dayjs().isAfter(dayjs(response.body.issued_at).subtract(1, "s")))
           .to.be.true
         expect(
           dayjs().isAfter(
-            dayjs(response.body.authenticated_at).subtract(1, 's')
-          )
+            dayjs(response.body.authenticated_at).subtract(1, "s"),
+          ),
         ).to.be.true
 
         expect(response.body.identity).to.exist
@@ -831,60 +831,60 @@ Cypress.Commands.add(
         expect(response.body.authenticator_assurance_level).to.equal(expectAal)
         if (expectMethods.length > 0) {
           expect(response.body.authentication_methods).to.have.lengthOf(
-            expectMethods.length
+            expectMethods.length,
           )
           expectMethods.forEach((value) => {
             expect(
               response.body.authentication_methods.find(
-                ({ method }) => method === value
-              )
+                ({ method }) => method === value,
+              ),
             ).to.exist
           })
         }
 
         return response.body
       })
-  }
+  },
 )
 
-Cypress.Commands.add('noSession', () =>
+Cypress.Commands.add("noSession", () =>
   cy
     .request({
-      method: 'GET',
+      method: "GET",
       url: `${KRATOS_PUBLIC}/sessions/whoami`,
-      failOnStatusCode: false
+      failOnStatusCode: false,
     })
     .then((request) => {
       expect(request.status).to.eq(401)
       return request
-    })
+    }),
 )
-Cypress.Commands.add('getIdentityByEmail', ({ email }) =>
+Cypress.Commands.add("getIdentityByEmail", ({ email }) =>
   cy
     .request({
-      method: 'GET',
+      method: "GET",
       url: `${KRATOS_ADMIN}/identities`,
-      failOnStatusCode: false
+      failOnStatusCode: false,
     })
     .then((response) => {
       expect(response.status).to.eq(200)
       return response.body.find((identity) => identity.traits.email === email)
-    })
+    }),
 )
 
 Cypress.Commands.add(
-  'performEmailVerification',
+  "performEmailVerification",
   ({
-    expect: { email, redirectTo } = { email: undefined, redirectTo: undefined }
+    expect: { email, redirectTo } = { email: undefined, redirectTo: undefined },
   } = {}) =>
     cy.getMail().then((message) => {
-      expect(message.subject).to.equal('Please verify your email address')
-      expect(message.fromAddress.trim()).to.equal('no-reply@ory.kratos.sh')
+      expect(message.subject).to.equal("Please verify your email address")
+      expect(message.fromAddress.trim()).to.equal("no-reply@ory.kratos.sh")
       expect(message.toAddresses).to.have.length(1)
       expect(message.toAddresses[0].trim()).to.equal(email)
 
-      const link = parseHtml(message.body).querySelector('a')
-      const flow = new URL(link.href).searchParams.get('flow')
+      const link = parseHtml(message.body).querySelector("a")
+      const flow = new URL(link.href).searchParams.get("flow")
 
       expect(link).to.not.be.null
       expect(link.href).to.contain(APP_URL)
@@ -895,30 +895,30 @@ Cypress.Commands.add(
           if (redirectTo) {
             expect(response.redirectedToUrl).to.eq(`${redirectTo}?flow=${flow}`)
           } else {
-            expect(response.redirectedToUrl).to.not.contain('verification')
+            expect(response.redirectedToUrl).to.not.contain("verification")
           }
-        }
+        },
       )
-    })
+    }),
 )
 
 Cypress.Commands.add(
-  'verifyEmail',
+  "verifyEmail",
   ({ expect: { email, password, redirectTo } }) =>
     cy.performEmailVerification({ expect: { email, redirectTo } }).then(() => {
       cy.getSession().should((session) =>
-        assertVerifiableAddress({ email, isVerified: true })(session)
+        assertVerifiableAddress({ email, isVerified: true })(session),
       )
-    })
+    }),
 )
 
 // Uses the verification email but waits so that it expires
-Cypress.Commands.add('recoverEmailButExpired', ({ expect: { email } }) => {
+Cypress.Commands.add("recoverEmailButExpired", ({ expect: { email } }) => {
   cy.getMail().should((message) => {
-    expect(message.subject).to.equal('Recover access to your account')
+    expect(message.subject).to.equal("Recover access to your account")
     expect(message.toAddresses[0].trim()).to.equal(email)
 
-    const link = parseHtml(message.body).querySelector('a')
+    const link = parseHtml(message.body).querySelector("a")
     expect(link).to.not.be.null
     expect(link.href).to.contain(APP_URL)
 
@@ -927,15 +927,15 @@ Cypress.Commands.add('recoverEmailButExpired', ({ expect: { email } }) => {
 })
 
 Cypress.Commands.add(
-  'recoverEmail',
+  "recoverEmail",
   ({ expect: { email }, shouldVisit = true }) =>
     cy.getMail().should((message) => {
-      expect(message.subject).to.equal('Recover access to your account')
-      expect(message.fromAddress.trim()).to.equal('no-reply@ory.kratos.sh')
+      expect(message.subject).to.equal("Recover access to your account")
+      expect(message.fromAddress.trim()).to.equal("no-reply@ory.kratos.sh")
       expect(message.toAddresses).to.have.length(1)
       expect(message.toAddresses[0].trim()).to.equal(email)
 
-      const link = parseHtml(message.body).querySelector('a')
+      const link = parseHtml(message.body).querySelector("a")
       expect(link).to.not.be.null
       expect(link.href).to.contain(APP_URL)
 
@@ -943,71 +943,71 @@ Cypress.Commands.add(
         cy.visit(link.href)
       }
       return link.href
-    })
+    }),
 )
 
 // Uses the verification email but waits so that it expires
 Cypress.Commands.add(
-  'verifyEmailButExpired',
+  "verifyEmailButExpired",
   ({ expect: { email, password } }) =>
     cy.getMail().then((message) => {
-      expect(message.subject).to.equal('Please verify your email address')
+      expect(message.subject).to.equal("Please verify your email address")
 
-      expect(message.fromAddress.trim()).to.equal('no-reply@ory.kratos.sh')
+      expect(message.fromAddress.trim()).to.equal("no-reply@ory.kratos.sh")
       expect(message.toAddresses).to.have.length(1)
       expect(message.toAddresses[0].trim()).to.equal(email)
 
-      const link = parseHtml(message.body).querySelector('a')
+      const link = parseHtml(message.body).querySelector("a")
       cy.getSession().should((session) => {
         assertVerifiableAddress({
           isVerified: false,
-          email: email
+          email: email,
         })(session)
       })
 
       cy.visit(link.href)
-      cy.location('pathname').should('include', 'verification')
+      cy.location("pathname").should("include", "verification")
       cy.get('[data-testid="ui/message/4070005"]').should(
-        'contain.text',
-        'verification flow expired'
+        "contain.text",
+        "verification flow expired",
       )
 
       cy.getSession().should((session) => {
         assertVerifiableAddress({
           isVerified: false,
-          email: email
+          email: email,
         })(session)
       })
-    })
+    }),
 )
 
 // Uses the verification email but waits so that it expires
-Cypress.Commands.add('waitForPrivilegedSessionToExpire', () => {
+Cypress.Commands.add("waitForPrivilegedSessionToExpire", () => {
   cy.getSession().should((session: Session) => {
     expect(session.authenticated_at).to.not.be.empty
     cy.wait(
       dayjs(session.authenticated_at).add(privilegedLifespan).diff(dayjs()) +
-        100
+        100,
     )
   })
 })
 
-Cypress.Commands.add('getLookupSecrets', () =>
+Cypress.Commands.add("getLookupSecrets", () =>
   cy
     .get('[data-testid="node/text/lookup_secret_codes/text"] code')
-    .then(($e) => $e.map((_, e) => e.innerText.trim()).toArray())
+    .then(($e) => $e.map((_, e) => e.innerText.trim()).toArray()),
 )
-Cypress.Commands.add('expectSettingsSaved', () =>
+Cypress.Commands.add("expectSettingsSaved", () =>
   cy
     .get('[data-testid="ui/message/1050001"]')
-    .should('contain.text', 'Your changes have been saved')
+    .should("contain.text", "Your changes have been saved"),
 )
 
-Cypress.Commands.add('getMail', ({ removeMail = true } = {}) => {
+Cypress.Commands.add("getMail", ({ removeMail = true } = {}) => {
   let tries = 0
   const req = () =>
     cy.request(`${MAIL_API}/mail`).then((response) => {
-      expect(response.body).to.have.property('mailItems')
+      expect(response.body).to.have.property("mailItems")
       const count = response.body.mailItems.length
       if (count === 0 && tries < 100) {
         tries++
@@ -1028,61 +1028,61 @@ Cypress.Commands.add('getMail', ({ removeMail = true } = {}) => {
   return req()
 })
 
-Cypress.Commands.add('clearAllCookies', () => {
+Cypress.Commands.add("clearAllCookies", () => {
   cy.clearCookies({ domain: null })
 })
 
-Cypress.Commands.add('submitPasswordForm', () => {
+Cypress.Commands.add("submitPasswordForm", () => {
   cy.get('[name="method"][value="password"]').click()
-  cy.get('[name="method"][value="password"]:disabled').should('not.exist')
+  cy.get('[name="method"][value="password"]:disabled').should("not.exist")
 })
 
-Cypress.Commands.add('submitProfileForm', () => {
+Cypress.Commands.add("submitProfileForm", () => {
   cy.get('[name="method"][value="profile"]').click()
-  cy.get('[name="method"][value="profile"]:disabled').should('not.exist')
+  cy.get('[name="method"][value="profile"]:disabled').should("not.exist")
 })
 
-Cypress.Commands.add('clickWebAuthButton', (type: string) => {
-  cy.get('*[data-testid="node/script/webauthn_script"]').should('exist')
+Cypress.Commands.add("clickWebAuthButton", (type: string) => {
+  cy.get('*[data-testid="node/script/webauthn_script"]').should("exist")
   cy.wait(500) // Wait for script to load
   cy.get('*[name="webauthn_' + type + '_trigger"]').click()
   cy.wait(500) // Wait webauth to pass
 })
 
-Cypress.Commands.add('shouldShow2FAScreen', () => {
+Cypress.Commands.add("shouldShow2FAScreen", () => {
   cy.location().should((loc) => {
-    expect(loc.pathname).to.include('/login')
+    expect(loc.pathname).to.include("/login")
   })
-  cy.get('h2').should('contain.text', 'Two-Factor Authentication')
+  cy.get("h2").should("contain.text", "Two-Factor Authentication")
   cy.get('[data-testid="ui/message/1010004"]').should(
-    'contain.text',
-    'Please complete the second authentication challenge.'
+    "contain.text",
+    "Please complete the second authentication challenge.",
   )
 })
 
 Cypress.Commands.add(
-  'shouldErrorOnDisallowedReturnTo',
-  (init: string, { app }: { app: 'express' | 'react' }) => {
+  "shouldErrorOnDisallowedReturnTo",
+  (init: string, { app }: { app: "express" | "react" }) => {
     cy.visit(init, { failOnStatusCode: false })
-    if (app === 'react') {
-      cy.location('href').should('include', init.split('?')[0])
-      cy.get('.Toastify').should(
-        'contain.text',
-        'The return_to address is not allowed.'
+    if (app === "react") {
+      cy.location("href").should("include", init.split("?")[0])
+      cy.get(".Toastify").should(
+        "contain.text",
+        "The return_to address is not allowed.",
       )
     } else {
-      cy.location('pathname').should('contain', 'error')
-      cy.get('code').should(
-        'contain.text',
-        'Requested return_to URL \\"https://not-allowed\\" is not allowed.'
+      cy.location("pathname").should("contain", "error")
+      cy.get("code").should(
+        "contain.text",
+        'Requested return_to URL \\"https://not-allowed\\" is not allowed.',
       )
     }
-  }
+  },
 )
 
 Cypress.Commands.add(
-  'shouldHaveCsrfError',
-  ({ app }: { app: 'express' | 'react' }) => {
+  "shouldHaveCsrfError",
+  ({ app }: { app: "express" | "react" }) => {
     let initial
     let pathname
     cy.location().should((location) => {
@@ -1091,36 +1091,36 @@ Cypress.Commands.add(
     })
 
     cy.getCookies().should((cookies) => {
-      const csrf = cookies.find(({ name }) => name.indexOf('csrf') > -1)
+      const csrf = cookies.find(({ name }) => name.indexOf("csrf") > -1)
       expect(csrf).to.not.be.undefined
       cy.clearCookie(csrf.name)
     })
     cy.submitPasswordForm()
 
     // We end up at a new flow
-    if (app === 'express') {
+    if (app === "express") {
       cy.location().should((location) => {
         expect(initial).to.not.be.empty
         expect(location.search).to.not.eq(initial)
       })
 
-      cy.location('pathname').should('include', '/error')
-      cy.get('code').should('contain.text', 'csrf_token')
+      cy.location("pathname").should("include", "/error")
+      cy.get("code").should("contain.text", "csrf_token")
     } else {
-      cy.location('pathname').should((got) => {
+      cy.location("pathname").should((got) => {
         expect(got).to.eql(pathname)
       })
-      cy.get('.Toastify').should(
-        'contain.text',
-        'A security violation was detected, please fill out the form again.'
+      cy.get(".Toastify").should(
+        "contain.text",
+        "A security violation was detected, please fill out the form again.",
       )
     }
-  }
+  },
 )
 
 Cypress.Commands.add(
-  'triggerOidc',
-  (app: 'react' | 'express', provider: string = 'hydra') => {
+  "triggerOidc",
+  (app: "react" | "express", provider: string = "hydra") => {
     let initial, didHaveSearch
     cy.location().then((loc) => {
       didHaveSearch = loc.search.length > 0
@@ -1128,10 +1128,10 @@ Cypress.Commands.add(
     })
     cy.get('[name="provider"][value="' + provider + '"]').click()
     cy.location().should((loc) => {
-      if (app === 'express' || didHaveSearch) {
+      if (app === "express" || didHaveSearch) {
         return
       }
       expect(loc.pathname + loc.search).not.to.eql(initial)
     })
-  }
+  },
 )
diff --git a/test/e2e/cypress/support/index.d.ts b/test/e2e/cypress/support/index.d.ts
index 98a3cc0a4168..4fe1fea58b29 100644
--- a/test/e2e/cypress/support/index.d.ts
+++ b/test/e2e/cypress/support/index.d.ts
@@ -1,4 +1,4 @@
-import { Session } from '@ory/kratos-client'
+import { Session } from "@ory/kratos-client"
 
 export interface MailMessage {
   fromAddress: string
@@ -28,9 +28,9 @@ declare global {
        * @param opts
        */
       getSession(opts?: {
-        expectAal?: 'aal2' | 'aal1'
+        expectAal?: "aal2" | "aal1"
         expectMethods?: Array<
-          'password' | 'webauthn' | 'lookup_secret' | 'totp'
+          "password" | "webauthn" | "lookup_secret" | "totp"
         >
       }): Chainable
 
@@ -256,7 +256,7 @@ declare global {
       expectSettingsSaved(): Chainable
 
       clearCookies(
-        options?: Partial
+        options?: Partial,
       ): Chainable
 
       /**
@@ -289,7 +289,7 @@ declare global {
        */
       shouldErrorOnDisallowedReturnTo(
         init: string,
-        opts: { app: string }
+        opts: { app: string },
       ): Chainable
 
       /**
@@ -301,7 +301,7 @@ declare global {
        *
        * @param type
        */
-      clickWebAuthButton(type: 'login' | 'register'): Chainable
+      clickWebAuthButton(type: "login" | "register"): Chainable
 
       /**
        * Sign up a user using Social Sign In
@@ -336,7 +336,7 @@ declare global {
        * @param app
        * @param provider
        */
-      triggerOidc(app: 'react' | 'express', provider?: string): Chainable
+      triggerOidc(app: "react" | "express", provider?: string): Chainable
 
       /**
        * Changes the config so that the recovery privileged lifespan is very long.
@@ -500,7 +500,7 @@ declare global {
       /**
        * Which app to proxy
        */
-      proxy(app: 'react' | 'express'): Chainable
+      proxy(app: "react" | "express"): Chainable
 
       /**
        * Log a user in on mobile
diff --git a/test/e2e/cypress/support/index.js b/test/e2e/cypress/support/index.js
index 9d39bfd290ea..a010c9a5b2ed 100644
--- a/test/e2e/cypress/support/index.js
+++ b/test/e2e/cypress/support/index.js
@@ -1,3 +1,3 @@
-import './commands'
+import "./commands"
 
 Cypress.Cookies.debug(true)
diff --git a/test/e2e/proxy/proxy.js b/test/e2e/proxy/proxy.js
index e7cab7ef7345..31150db4b332 100644
--- a/test/e2e/proxy/proxy.js
+++ b/test/e2e/proxy/proxy.js
@@ -1,7 +1,7 @@
-const request = require('request')
-const urljoin = require('url-join')
-const express = require('express')
-const fs = require('fs')
+const request = require("request")
+const urljoin = require("url-join")
+const express = require("express")
+const fs = require("fs")
 
 const app = express()
 
@@ -13,26 +13,26 @@ const proxy =
       url = urljoin(base, prefix, req.url)
     }
     req
-      .pipe(request(url, { followRedirect: false }).on('error', next))
+      .pipe(request(url, { followRedirect: false }).on("error", next))
       .pipe(res)
   }
 
 app.use(
-  '/self-service/',
-  proxy(process.env.KRATOS_PUBLIC_URL, '/self-service/')
+  "/self-service/",
+  proxy(process.env.KRATOS_PUBLIC_URL, "/self-service/"),
 )
-app.use('/schemas/', proxy(process.env.KRATOS_PUBLIC_URL, '/schemas/'))
-app.use('/.well-known/', proxy(process.env.KRATOS_PUBLIC_URL, '/.well-known/'))
+app.use("/schemas/", proxy(process.env.KRATOS_PUBLIC_URL, "/schemas/"))
+app.use("/.well-known/", proxy(process.env.KRATOS_PUBLIC_URL, "/.well-known/"))
 
-app.use('/', (req, res, next) => {
+app.use("/", (req, res, next) => {
   const pc = JSON.parse(
-    fs.readFileSync(require.resolve('../proxy.json')).toString()
+    fs.readFileSync(require.resolve("../proxy.json")).toString(),
   )
   switch (pc) {
-    case 'react':
+    case "react":
       proxy(process.env.KRATOS_UI_REACT_URL)(req, res, next)
       return
-    case 'react-native':
+    case "react-native":
       proxy(process.env.KRATOS_UI_REACT_NATIVE_URL)(req, res, next)
       return
   }
@@ -45,4 +45,4 @@ let listener = () => {
   console.log(`Listening on http://0.0.0.0:${port}`)
 }
 
-app.listen(port, '0.0.0.0', listener)
+app.listen(port, "0.0.0.0", listener)

From 04111f84678b3838d0a4f30a8582a7785d5d7100 Mon Sep 17 00:00:00 2001
From: ory-bot <60093411+ory-bot@users.noreply.github.com>
Date: Thu, 22 Sep 2022 23:04:09 +0000
Subject: [PATCH 267/411] autogen(openapi): regenerate swagger spec and
 internal client

[skip ci]
---
 internal/httpclient/api_metadata.go |  26 ++-
 internal/httpclient/api_v0alpha2.go | 315 +++++++++++++---------------
 2 files changed, 162 insertions(+), 179 deletions(-)

diff --git a/internal/httpclient/api_metadata.go b/internal/httpclient/api_metadata.go
index eec994165b53..a63febb073aa 100644
--- a/internal/httpclient/api_metadata.go
+++ b/internal/httpclient/api_metadata.go
@@ -102,16 +102,16 @@ func (r MetadataApiApiGetVersionRequest) Execute() (*InlineResponse2001, *http.R
 }
 
 /*
-  - GetVersion Return Running Software Version.
-  - This endpoint returns the version of Ory Kratos.
+ * GetVersion Return Running Software Version.
+ * This endpoint returns the version of Ory Kratos.
 
 If the service supports TLS Edge Termination, this endpoint does not require the
 `X-Forwarded-Proto` header to be set.
 
 Be aware that if you are running multiple nodes of this service, the version will never
 refer to the cluster state, only to a single instance.
-  - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
-  - @return MetadataApiApiGetVersionRequest
+ * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+ * @return MetadataApiApiGetVersionRequest
 */
 func (a *MetadataApiService) GetVersion(ctx context.Context) MetadataApiApiGetVersionRequest {
 	return MetadataApiApiGetVersionRequest{
@@ -209,9 +209,8 @@ func (r MetadataApiApiIsAliveRequest) Execute() (*InlineResponse200, *http.Respo
 }
 
 /*
-  - IsAlive Check HTTP Server Status
-  - This endpoint returns a HTTP 200 status code when Ory Kratos is accepting incoming
-
+ * IsAlive Check HTTP Server Status
+ * This endpoint returns a HTTP 200 status code when Ory Kratos is accepting incoming
 HTTP requests. This status does currently not include checks whether the database connection is working.
 
 If the service supports TLS Edge Termination, this endpoint does not require the
@@ -219,8 +218,8 @@ If the service supports TLS Edge Termination, this endpoint does not require the
 
 Be aware that if you are running multiple nodes of this service, the health status will never
 refer to the cluster state, only to a single instance.
-  - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
-  - @return MetadataApiApiIsAliveRequest
+ * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+ * @return MetadataApiApiIsAliveRequest
 */
 func (a *MetadataApiService) IsAlive(ctx context.Context) MetadataApiApiIsAliveRequest {
 	return MetadataApiApiIsAliveRequest{
@@ -327,9 +326,8 @@ func (r MetadataApiApiIsReadyRequest) Execute() (*InlineResponse200, *http.Respo
 }
 
 /*
-  - IsReady Check HTTP Server and Database Status
-  - This endpoint returns a HTTP 200 status code when Ory Kratos is up running and the environment dependencies (e.g.
-
+ * IsReady Check HTTP Server and Database Status
+ * This endpoint returns a HTTP 200 status code when Ory Kratos is up running and the environment dependencies (e.g.
 the database) are responsive as well.
 
 If the service supports TLS Edge Termination, this endpoint does not require the
@@ -337,8 +335,8 @@ If the service supports TLS Edge Termination, this endpoint does not require the
 
 Be aware that if you are running multiple nodes of Ory Kratos, the health status will never
 refer to the cluster state, only to a single instance.
-  - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
-  - @return MetadataApiApiIsReadyRequest
+ * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+ * @return MetadataApiApiIsReadyRequest
 */
 func (a *MetadataApiService) IsReady(ctx context.Context) MetadataApiApiIsReadyRequest {
 	return MetadataApiApiIsReadyRequest{
diff --git a/internal/httpclient/api_v0alpha2.go b/internal/httpclient/api_v0alpha2.go
index 28ee4d1f4359..9a364f251342 100644
--- a/internal/httpclient/api_v0alpha2.go
+++ b/internal/httpclient/api_v0alpha2.go
@@ -1292,12 +1292,11 @@ func (r V0alpha2ApiApiAdminCreateSelfServiceRecoveryLinkRequest) Execute() (*Sel
 }
 
 /*
-  - AdminCreateSelfServiceRecoveryLink # Create a Recovery Link
-  - This endpoint creates a recovery link which should be given to the user in order for them to recover
-
+ * AdminCreateSelfServiceRecoveryLink # Create a Recovery Link
+ * This endpoint creates a recovery link which should be given to the user in order for them to recover
 (or activate) their account.
-  - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
-  - @return V0alpha2ApiApiAdminCreateSelfServiceRecoveryLinkRequest
+ * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+ * @return V0alpha2ApiApiAdminCreateSelfServiceRecoveryLinkRequest
 */
 func (a *V0alpha2ApiService) AdminCreateSelfServiceRecoveryLink(ctx context.Context) V0alpha2ApiApiAdminCreateSelfServiceRecoveryLinkRequest {
 	return V0alpha2ApiApiAdminCreateSelfServiceRecoveryLinkRequest{
@@ -1427,16 +1426,15 @@ func (r V0alpha2ApiApiAdminDeleteIdentityRequest) Execute() (*http.Response, err
 }
 
 /*
-  - AdminDeleteIdentity # Delete an Identity
-  - Calling this endpoint irrecoverably and permanently deletes the identity given its ID. This action can not be undone.
-
+ * AdminDeleteIdentity # Delete an Identity
+ * Calling this endpoint irrecoverably and permanently deletes the identity given its ID. This action can not be undone.
 This endpoint returns 204 when the identity was deleted or when the identity was not found, in which case it is
 assumed that is has been deleted already.
 
 Learn how identities work in [Ory Kratos' User And Identity Model Documentation](https://www.ory.sh/docs/next/kratos/concepts/identity-user-model).
-  - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
-  - @param id ID is the identity's ID.
-  - @return V0alpha2ApiApiAdminDeleteIdentityRequest
+ * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+ * @param id ID is the identity's ID.
+ * @return V0alpha2ApiApiAdminDeleteIdentityRequest
 */
 func (a *V0alpha2ApiService) AdminDeleteIdentity(ctx context.Context, id string) V0alpha2ApiApiAdminDeleteIdentityRequest {
 	return V0alpha2ApiApiAdminDeleteIdentityRequest{
@@ -1559,13 +1557,13 @@ func (r V0alpha2ApiApiAdminDeleteIdentitySessionsRequest) Execute() (*http.Respo
 }
 
 /*
-  - AdminDeleteIdentitySessions Calling this endpoint irrecoverably and permanently deletes and invalidates all sessions that belong to the given Identity.
-  - This endpoint is useful for:
+ * AdminDeleteIdentitySessions Calling this endpoint irrecoverably and permanently deletes and invalidates all sessions that belong to the given Identity.
+ * This endpoint is useful for:
 
 To forcefully logout Identity from all devices and sessions
-  - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
-  - @param id ID is the identity's ID.
-  - @return V0alpha2ApiApiAdminDeleteIdentitySessionsRequest
+ * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+ * @param id ID is the identity's ID.
+ * @return V0alpha2ApiApiAdminDeleteIdentitySessionsRequest
 */
 func (a *V0alpha2ApiService) AdminDeleteIdentitySessions(ctx context.Context, id string) V0alpha2ApiApiAdminDeleteIdentitySessionsRequest {
 	return V0alpha2ApiApiAdminDeleteIdentitySessionsRequest{
@@ -2174,12 +2172,12 @@ func (r V0alpha2ApiApiAdminListIdentitiesRequest) Execute() ([]Identity, *http.R
 }
 
 /*
-  - AdminListIdentities # List Identities
-  - Lists all identities. Does not support search at the moment.
+ * AdminListIdentities # List Identities
+ * Lists all identities. Does not support search at the moment.
 
 Learn how identities work in [Ory Kratos' User And Identity Model Documentation](https://www.ory.sh/docs/next/kratos/concepts/identity-user-model).
-  - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
-  - @return V0alpha2ApiApiAdminListIdentitiesRequest
+ * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+ * @return V0alpha2ApiApiAdminListIdentitiesRequest
 */
 func (a *V0alpha2ApiService) AdminListIdentities(ctx context.Context) V0alpha2ApiApiAdminListIdentitiesRequest {
 	return V0alpha2ApiApiAdminListIdentitiesRequest{
@@ -2323,13 +2321,13 @@ func (r V0alpha2ApiApiAdminListIdentitySessionsRequest) Execute() ([]Session, *h
 }
 
 /*
-  - AdminListIdentitySessions This endpoint returns all sessions that belong to the given Identity.
-  - This endpoint is useful for:
+ * AdminListIdentitySessions This endpoint returns all sessions that belong to the given Identity.
+ * This endpoint is useful for:
 
 Listing all sessions that belong to an Identity in an administrative context.
-  - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
-  - @param id ID is the identity's ID.
-  - @return V0alpha2ApiApiAdminListIdentitySessionsRequest
+ * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+ * @param id ID is the identity's ID.
+ * @return V0alpha2ApiApiAdminListIdentitySessionsRequest
 */
 func (a *V0alpha2ApiService) AdminListIdentitySessions(ctx context.Context, id string) V0alpha2ApiApiAdminListIdentitySessionsRequest {
 	return V0alpha2ApiApiAdminListIdentitySessionsRequest{
@@ -2498,13 +2496,13 @@ func (r V0alpha2ApiApiAdminPatchIdentityRequest) Execute() (*Identity, *http.Res
 }
 
 /*
-  - AdminPatchIdentity Partially updates an Identity's field using [JSON Patch](https://jsonpatch.com/)
-  - NOTE: The fields `id`, `stateChangedAt` and `credentials` are not updateable.
+ * AdminPatchIdentity Partially updates an Identity's field using [JSON Patch](https://jsonpatch.com/)
+ * NOTE: The fields `id`, `stateChangedAt` and `credentials` are not updateable.
 
 Learn how identities work in [Ory Kratos' User And Identity Model Documentation](https://www.ory.sh/docs/next/kratos/concepts/identity-user-model).
-  - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
-  - @param id ID must be set to the ID of identity you want to update
-  - @return V0alpha2ApiApiAdminPatchIdentityRequest
+ * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+ * @param id ID must be set to the ID of identity you want to update
+ * @return V0alpha2ApiApiAdminPatchIdentityRequest
 */
 func (a *V0alpha2ApiService) AdminPatchIdentity(ctx context.Context, id string) V0alpha2ApiApiAdminPatchIdentityRequest {
 	return V0alpha2ApiApiAdminPatchIdentityRequest{
@@ -2666,13 +2664,13 @@ func (r V0alpha2ApiApiAdminUpdateIdentityRequest) Execute() (*Identity, *http.Re
 }
 
 /*
-  - AdminUpdateIdentity # Update an Identity
-  - This endpoint updates an identity. The full identity payload (except credentials) is expected. This endpoint does not support patching.
+ * AdminUpdateIdentity # Update an Identity
+ * This endpoint updates an identity. The full identity payload (except credentials) is expected. This endpoint does not support patching.
 
 Learn how identities work in [Ory Kratos' User And Identity Model Documentation](https://www.ory.sh/docs/next/kratos/concepts/identity-user-model).
-  - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
-  - @param id ID must be set to the ID of identity you want to update
-  - @return V0alpha2ApiApiAdminUpdateIdentityRequest
+ * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+ * @param id ID must be set to the ID of identity you want to update
+ * @return V0alpha2ApiApiAdminUpdateIdentityRequest
 */
 func (a *V0alpha2ApiService) AdminUpdateIdentity(ctx context.Context, id string) V0alpha2ApiApiAdminUpdateIdentityRequest {
 	return V0alpha2ApiApiAdminUpdateIdentityRequest{
@@ -2833,8 +2831,8 @@ func (r V0alpha2ApiApiCreateSelfServiceLogoutFlowUrlForBrowsersRequest) Execute(
 }
 
 /*
-  - CreateSelfServiceLogoutFlowUrlForBrowsers # Create a Logout URL for Browsers
-  - This endpoint initializes a browser-based user logout flow and a URL which can be used to log out the user.
+ * CreateSelfServiceLogoutFlowUrlForBrowsers # Create a Logout URL for Browsers
+ * This endpoint initializes a browser-based user logout flow and a URL which can be used to log out the user.
 
 This endpoint is NOT INTENDED for API clients and only works
 with browsers (Chrome, Firefox, ...). For API clients you can
@@ -2844,8 +2842,8 @@ The URL is only valid for the currently signed in user. If no user is signed in,
 a 401 error.
 
 When calling this endpoint from a backend, please ensure to properly forward the HTTP cookies.
-  - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
-  - @return V0alpha2ApiApiCreateSelfServiceLogoutFlowUrlForBrowsersRequest
+ * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+ * @return V0alpha2ApiApiCreateSelfServiceLogoutFlowUrlForBrowsersRequest
 */
 func (a *V0alpha2ApiService) CreateSelfServiceLogoutFlowUrlForBrowsers(ctx context.Context) V0alpha2ApiApiCreateSelfServiceLogoutFlowUrlForBrowsersRequest {
 	return V0alpha2ApiApiCreateSelfServiceLogoutFlowUrlForBrowsersRequest{
@@ -3095,16 +3093,16 @@ func (r V0alpha2ApiApiGetSelfServiceErrorRequest) Execute() (*SelfServiceError,
 }
 
 /*
-  - GetSelfServiceError # Get Self-Service Errors
-  - This endpoint returns the error associated with a user-facing self service errors.
+ * GetSelfServiceError # Get Self-Service Errors
+ * This endpoint returns the error associated with a user-facing self service errors.
 
 This endpoint supports stub values to help you implement the error UI:
 
 `?id=stub:500` - returns a stub 500 (Internal Server Error) error.
 
 More information can be found at [Ory Kratos User User Facing Error Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-facing-errors).
-  - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
-  - @return V0alpha2ApiApiGetSelfServiceErrorRequest
+ * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+ * @return V0alpha2ApiApiGetSelfServiceErrorRequest
 */
 func (a *V0alpha2ApiService) GetSelfServiceError(ctx context.Context) V0alpha2ApiApiGetSelfServiceErrorRequest {
 	return V0alpha2ApiApiGetSelfServiceErrorRequest{
@@ -3246,8 +3244,8 @@ func (r V0alpha2ApiApiGetSelfServiceLoginFlowRequest) Execute() (*SelfServiceLog
 }
 
 /*
-  - GetSelfServiceLoginFlow # Get Login Flow
-  - This endpoint returns a login flow's context with, for example, error details and other information.
+ * GetSelfServiceLoginFlow # Get Login Flow
+ * This endpoint returns a login flow's context with, for example, error details and other information.
 
 Browser flows expect the anti-CSRF cookie to be included in the request's HTTP Cookie Header.
 For AJAX requests you must ensure that cookies are included in the request or requests will fail.
@@ -3270,8 +3268,8 @@ This request may fail due to several reasons. The `error.id` can be one of:
 `self_service_flow_expired`: The flow is expired and you should request a new one.
 
 More information can be found at [Ory Kratos User Login](https://www.ory.sh/docs/kratos/self-service/flows/user-login) and [User Registration Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-registration).
-  - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
-  - @return V0alpha2ApiApiGetSelfServiceLoginFlowRequest
+ * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+ * @return V0alpha2ApiApiGetSelfServiceLoginFlowRequest
 */
 func (a *V0alpha2ApiService) GetSelfServiceLoginFlow(ctx context.Context) V0alpha2ApiApiGetSelfServiceLoginFlowRequest {
 	return V0alpha2ApiApiGetSelfServiceLoginFlowRequest{
@@ -3426,8 +3424,8 @@ func (r V0alpha2ApiApiGetSelfServiceRecoveryFlowRequest) Execute() (*SelfService
 }
 
 /*
-  - GetSelfServiceRecoveryFlow # Get Recovery Flow
-  - This endpoint returns a recovery flow's context with, for example, error details and other information.
+ * GetSelfServiceRecoveryFlow # Get Recovery Flow
+ * This endpoint returns a recovery flow's context with, for example, error details and other information.
 
 Browser flows expect the anti-CSRF cookie to be included in the request's HTTP Cookie Header.
 For AJAX requests you must ensure that cookies are included in the request or requests will fail.
@@ -3445,8 +3443,8 @@ res.render('recovery', flow)
 ```
 
 More information can be found at [Ory Kratos Account Recovery Documentation](../self-service/flows/account-recovery).
-  - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
-  - @return V0alpha2ApiApiGetSelfServiceRecoveryFlowRequest
+ * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+ * @return V0alpha2ApiApiGetSelfServiceRecoveryFlowRequest
 */
 func (a *V0alpha2ApiService) GetSelfServiceRecoveryFlow(ctx context.Context) V0alpha2ApiApiGetSelfServiceRecoveryFlowRequest {
 	return V0alpha2ApiApiGetSelfServiceRecoveryFlowRequest{
@@ -3591,8 +3589,8 @@ func (r V0alpha2ApiApiGetSelfServiceRegistrationFlowRequest) Execute() (*SelfSer
 }
 
 /*
-  - GetSelfServiceRegistrationFlow # Get Registration Flow
-  - This endpoint returns a registration flow's context with, for example, error details and other information.
+ * GetSelfServiceRegistrationFlow # Get Registration Flow
+ * This endpoint returns a registration flow's context with, for example, error details and other information.
 
 Browser flows expect the anti-CSRF cookie to be included in the request's HTTP Cookie Header.
 For AJAX requests you must ensure that cookies are included in the request or requests will fail.
@@ -3615,8 +3613,8 @@ This request may fail due to several reasons. The `error.id` can be one of:
 `self_service_flow_expired`: The flow is expired and you should request a new one.
 
 More information can be found at [Ory Kratos User Login](https://www.ory.sh/docs/kratos/self-service/flows/user-login) and [User Registration Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-registration).
-  - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
-  - @return V0alpha2ApiApiGetSelfServiceRegistrationFlowRequest
+ * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+ * @return V0alpha2ApiApiGetSelfServiceRegistrationFlowRequest
 */
 func (a *V0alpha2ApiService) GetSelfServiceRegistrationFlow(ctx context.Context) V0alpha2ApiApiGetSelfServiceRegistrationFlowRequest {
 	return V0alpha2ApiApiGetSelfServiceRegistrationFlowRequest{
@@ -3776,9 +3774,8 @@ func (r V0alpha2ApiApiGetSelfServiceSettingsFlowRequest) Execute() (*SelfService
 }
 
 /*
-  - GetSelfServiceSettingsFlow # Get Settings Flow
-  - When accessing this endpoint through Ory Kratos' Public API you must ensure that either the Ory Kratos Session Cookie
-
+ * GetSelfServiceSettingsFlow # Get Settings Flow
+ * When accessing this endpoint through Ory Kratos' Public API you must ensure that either the Ory Kratos Session Cookie
 or the Ory Kratos Session Token are set.
 
 Depending on your configuration this endpoint might return a 403 error if the session has a lower Authenticator
@@ -3797,8 +3794,8 @@ case of an error, the `error.id` of the JSON response body can be one of:
 identity logged in instead.
 
 More information can be found at [Ory Kratos User Settings & Profile Management Documentation](../self-service/flows/user-settings).
-  - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
-  - @return V0alpha2ApiApiGetSelfServiceSettingsFlowRequest
+ * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+ * @return V0alpha2ApiApiGetSelfServiceSettingsFlowRequest
 */
 func (a *V0alpha2ApiService) GetSelfServiceSettingsFlow(ctx context.Context) V0alpha2ApiApiGetSelfServiceSettingsFlowRequest {
 	return V0alpha2ApiApiGetSelfServiceSettingsFlowRequest{
@@ -3966,8 +3963,8 @@ func (r V0alpha2ApiApiGetSelfServiceVerificationFlowRequest) Execute() (*SelfSer
 }
 
 /*
-  - GetSelfServiceVerificationFlow # Get Verification Flow
-  - This endpoint returns a verification flow's context with, for example, error details and other information.
+ * GetSelfServiceVerificationFlow # Get Verification Flow
+ * This endpoint returns a verification flow's context with, for example, error details and other information.
 
 Browser flows expect the anti-CSRF cookie to be included in the request's HTTP Cookie Header.
 For AJAX requests you must ensure that cookies are included in the request or requests will fail.
@@ -3984,8 +3981,8 @@ res.render('verification', flow)
 })
 
 More information can be found at [Ory Kratos Email and Phone Verification Documentation](https://www.ory.sh/docs/kratos/selfservice/flows/verify-email-account-activation).
-  - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
-  - @return V0alpha2ApiApiGetSelfServiceVerificationFlowRequest
+ * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+ * @return V0alpha2ApiApiGetSelfServiceVerificationFlowRequest
 */
 func (a *V0alpha2ApiService) GetSelfServiceVerificationFlow(ctx context.Context) V0alpha2ApiApiGetSelfServiceVerificationFlowRequest {
 	return V0alpha2ApiApiGetSelfServiceVerificationFlowRequest{
@@ -4119,8 +4116,8 @@ func (r V0alpha2ApiApiGetWebAuthnJavaScriptRequest) Execute() (string, *http.Res
 }
 
 /*
-  - GetWebAuthnJavaScript # Get WebAuthn JavaScript
-  - This endpoint provides JavaScript which is needed in order to perform WebAuthn login and registration.
+ * GetWebAuthnJavaScript # Get WebAuthn JavaScript
+ * This endpoint provides JavaScript which is needed in order to perform WebAuthn login and registration.
 
 If you are building a JavaScript Browser App (e.g. in ReactJS or AngularJS) you will need to load this file:
 
@@ -4129,8 +4126,8 @@ If you are building a JavaScript Browser App (e.g. in ReactJS or AngularJS) you
 ```
 
 More information can be found at [Ory Kratos User Login](https://www.ory.sh/docs/kratos/self-service/flows/user-login) and [User Registration Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-registration).
-  - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
-  - @return V0alpha2ApiApiGetWebAuthnJavaScriptRequest
+ * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+ * @return V0alpha2ApiApiGetWebAuthnJavaScriptRequest
 */
 func (a *V0alpha2ApiService) GetWebAuthnJavaScript(ctx context.Context) V0alpha2ApiApiGetWebAuthnJavaScriptRequest {
 	return V0alpha2ApiApiGetWebAuthnJavaScriptRequest{
@@ -4249,9 +4246,8 @@ func (r V0alpha2ApiApiInitializeSelfServiceLoginFlowForBrowsersRequest) Execute(
 }
 
 /*
-  - InitializeSelfServiceLoginFlowForBrowsers # Initialize Login Flow for Browsers
-  - This endpoint initializes a browser-based user login flow. This endpoint will set the appropriate
-
+ * InitializeSelfServiceLoginFlowForBrowsers # Initialize Login Flow for Browsers
+ * This endpoint initializes a browser-based user login flow. This endpoint will set the appropriate
 cookies and anti-CSRF measures required for browser-based flows.
 
 If this endpoint is opened as a link in the browser, it will be redirected to
@@ -4270,8 +4266,8 @@ case of an error, the `error.id` of the JSON response body can be one of:
 This endpoint is NOT INTENDED for clients that do not have a browser (Chrome, Firefox, ...) as cookies are needed.
 
 More information can be found at [Ory Kratos User Login](https://www.ory.sh/docs/kratos/self-service/flows/user-login) and [User Registration Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-registration).
-  - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
-  - @return V0alpha2ApiApiInitializeSelfServiceLoginFlowForBrowsersRequest
+ * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+ * @return V0alpha2ApiApiInitializeSelfServiceLoginFlowForBrowsersRequest
 */
 func (a *V0alpha2ApiService) InitializeSelfServiceLoginFlowForBrowsers(ctx context.Context) V0alpha2ApiApiInitializeSelfServiceLoginFlowForBrowsersRequest {
 	return V0alpha2ApiApiInitializeSelfServiceLoginFlowForBrowsersRequest{
@@ -4416,8 +4412,8 @@ func (r V0alpha2ApiApiInitializeSelfServiceLoginFlowWithoutBrowserRequest) Execu
 }
 
 /*
-  - InitializeSelfServiceLoginFlowWithoutBrowser Initialize Login Flow for APIs, Services, Apps, ...
-  - This endpoint initiates a login flow for API clients that do not use a browser, such as mobile devices, smart TVs, and so on.
+ * InitializeSelfServiceLoginFlowWithoutBrowser Initialize Login Flow for APIs, Services, Apps, ...
+ * This endpoint initiates a login flow for API clients that do not use a browser, such as mobile devices, smart TVs, and so on.
 
 If a valid provided session cookie or session token is provided, a 400 Bad Request error
 will be returned unless the URL query parameter `?refresh=true` is set.
@@ -4437,8 +4433,8 @@ In the case of an error, the `error.id` of the JSON response body can be one of:
 This endpoint MUST ONLY be used in scenarios such as native mobile apps (React Native, Objective C, Swift, Java, ...).
 
 More information can be found at [Ory Kratos User Login](https://www.ory.sh/docs/kratos/self-service/flows/user-login) and [User Registration Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-registration).
-  - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
-  - @return V0alpha2ApiApiInitializeSelfServiceLoginFlowWithoutBrowserRequest
+ * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+ * @return V0alpha2ApiApiInitializeSelfServiceLoginFlowWithoutBrowserRequest
 */
 func (a *V0alpha2ApiService) InitializeSelfServiceLoginFlowWithoutBrowser(ctx context.Context) V0alpha2ApiApiInitializeSelfServiceLoginFlowWithoutBrowserRequest {
 	return V0alpha2ApiApiInitializeSelfServiceLoginFlowWithoutBrowserRequest{
@@ -4570,9 +4566,8 @@ func (r V0alpha2ApiApiInitializeSelfServiceRecoveryFlowForBrowsersRequest) Execu
 }
 
 /*
-  - InitializeSelfServiceRecoveryFlowForBrowsers # Initialize Recovery Flow for Browsers
-  - This endpoint initializes a browser-based account recovery flow. Once initialized, the browser will be redirected to
-
+ * InitializeSelfServiceRecoveryFlowForBrowsers # Initialize Recovery Flow for Browsers
+ * This endpoint initializes a browser-based account recovery flow. Once initialized, the browser will be redirected to
 `selfservice.flows.recovery.ui_url` with the flow ID set as the query parameter `?flow=`. If a valid user session
 exists, the browser is returned to the configured return URL.
 
@@ -4582,8 +4577,8 @@ or a 400 bad request error if the user is already authenticated.
 This endpoint is NOT INTENDED for clients that do not have a browser (Chrome, Firefox, ...) as cookies are needed.
 
 More information can be found at [Ory Kratos Account Recovery Documentation](../self-service/flows/account-recovery).
-  - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
-  - @return V0alpha2ApiApiInitializeSelfServiceRecoveryFlowForBrowsersRequest
+ * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+ * @return V0alpha2ApiApiInitializeSelfServiceRecoveryFlowForBrowsersRequest
 */
 func (a *V0alpha2ApiService) InitializeSelfServiceRecoveryFlowForBrowsers(ctx context.Context) V0alpha2ApiApiInitializeSelfServiceRecoveryFlowForBrowsersRequest {
 	return V0alpha2ApiApiInitializeSelfServiceRecoveryFlowForBrowsersRequest{
@@ -4703,8 +4698,8 @@ func (r V0alpha2ApiApiInitializeSelfServiceRecoveryFlowWithoutBrowserRequest) Ex
 }
 
 /*
-  - InitializeSelfServiceRecoveryFlowWithoutBrowser Initialize Recovery Flow for APIs, Services, Apps, ...
-  - This endpoint initiates a recovery flow for API clients such as mobile devices, smart TVs, and so on.
+ * InitializeSelfServiceRecoveryFlowWithoutBrowser Initialize Recovery Flow for APIs, Services, Apps, ...
+ * This endpoint initiates a recovery flow for API clients such as mobile devices, smart TVs, and so on.
 
 If a valid provided session cookie or session token is provided, a 400 Bad Request error.
 
@@ -4717,8 +4712,8 @@ you vulnerable to a variety of CSRF attacks.
 This endpoint MUST ONLY be used in scenarios such as native mobile apps (React Native, Objective C, Swift, Java, ...).
 
 More information can be found at [Ory Kratos Account Recovery Documentation](../self-service/flows/account-recovery).
-  - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
-  - @return V0alpha2ApiApiInitializeSelfServiceRecoveryFlowWithoutBrowserRequest
+ * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+ * @return V0alpha2ApiApiInitializeSelfServiceRecoveryFlowWithoutBrowserRequest
 */
 func (a *V0alpha2ApiService) InitializeSelfServiceRecoveryFlowWithoutBrowser(ctx context.Context) V0alpha2ApiApiInitializeSelfServiceRecoveryFlowWithoutBrowserRequest {
 	return V0alpha2ApiApiInitializeSelfServiceRecoveryFlowWithoutBrowserRequest{
@@ -4841,9 +4836,8 @@ func (r V0alpha2ApiApiInitializeSelfServiceRegistrationFlowForBrowsersRequest) E
 }
 
 /*
-  - InitializeSelfServiceRegistrationFlowForBrowsers # Initialize Registration Flow for Browsers
-  - This endpoint initializes a browser-based user registration flow. This endpoint will set the appropriate
-
+ * InitializeSelfServiceRegistrationFlowForBrowsers # Initialize Registration Flow for Browsers
+ * This endpoint initializes a browser-based user registration flow. This endpoint will set the appropriate
 cookies and anti-CSRF measures required for browser-based flows.
 
 :::info
@@ -4868,8 +4862,8 @@ If this endpoint is called via an AJAX request, the response contains the regist
 This endpoint is NOT INTENDED for clients that do not have a browser (Chrome, Firefox, ...) as cookies are needed.
 
 More information can be found at [Ory Kratos User Login](https://www.ory.sh/docs/kratos/self-service/flows/user-login) and [User Registration Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-registration).
-  - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
-  - @return V0alpha2ApiApiInitializeSelfServiceRegistrationFlowForBrowsersRequest
+ * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+ * @return V0alpha2ApiApiInitializeSelfServiceRegistrationFlowForBrowsersRequest
 */
 func (a *V0alpha2ApiService) InitializeSelfServiceRegistrationFlowForBrowsers(ctx context.Context) V0alpha2ApiApiInitializeSelfServiceRegistrationFlowForBrowsersRequest {
 	return V0alpha2ApiApiInitializeSelfServiceRegistrationFlowForBrowsersRequest{
@@ -4979,8 +4973,8 @@ func (r V0alpha2ApiApiInitializeSelfServiceRegistrationFlowWithoutBrowserRequest
 }
 
 /*
-  - InitializeSelfServiceRegistrationFlowWithoutBrowser Initialize Registration Flow for APIs, Services, Apps, ...
-  - This endpoint initiates a registration flow for API clients such as mobile devices, smart TVs, and so on.
+ * InitializeSelfServiceRegistrationFlowWithoutBrowser Initialize Registration Flow for APIs, Services, Apps, ...
+ * This endpoint initiates a registration flow for API clients such as mobile devices, smart TVs, and so on.
 
 If a valid provided session cookie or session token is provided, a 400 Bad Request error
 will be returned unless the URL query parameter `?refresh=true` is set.
@@ -4999,8 +4993,8 @@ In the case of an error, the `error.id` of the JSON response body can be one of:
 This endpoint MUST ONLY be used in scenarios such as native mobile apps (React Native, Objective C, Swift, Java, ...).
 
 More information can be found at [Ory Kratos User Login](https://www.ory.sh/docs/kratos/self-service/flows/user-login) and [User Registration Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-registration).
-  - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
-  - @return V0alpha2ApiApiInitializeSelfServiceRegistrationFlowWithoutBrowserRequest
+ * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+ * @return V0alpha2ApiApiInitializeSelfServiceRegistrationFlowWithoutBrowserRequest
 */
 func (a *V0alpha2ApiService) InitializeSelfServiceRegistrationFlowWithoutBrowser(ctx context.Context) V0alpha2ApiApiInitializeSelfServiceRegistrationFlowWithoutBrowserRequest {
 	return V0alpha2ApiApiInitializeSelfServiceRegistrationFlowWithoutBrowserRequest{
@@ -5128,9 +5122,8 @@ func (r V0alpha2ApiApiInitializeSelfServiceSettingsFlowForBrowsersRequest) Execu
 }
 
 /*
-  - InitializeSelfServiceSettingsFlowForBrowsers # Initialize Settings Flow for Browsers
-  - This endpoint initializes a browser-based user settings flow. Once initialized, the browser will be redirected to
-
+ * InitializeSelfServiceSettingsFlowForBrowsers # Initialize Settings Flow for Browsers
+ * This endpoint initializes a browser-based user settings flow. Once initialized, the browser will be redirected to
 `selfservice.flows.settings.ui_url` with the flow ID set as the query parameter `?flow=`. If no valid
 Ory Kratos Session Cookie is included in the request, a login flow will be initialized.
 
@@ -5156,8 +5149,8 @@ case of an error, the `error.id` of the JSON response body can be one of:
 This endpoint is NOT INTENDED for clients that do not have a browser (Chrome, Firefox, ...) as cookies are needed.
 
 More information can be found at [Ory Kratos User Settings & Profile Management Documentation](../self-service/flows/user-settings).
-  - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
-  - @return V0alpha2ApiApiInitializeSelfServiceSettingsFlowForBrowsersRequest
+ * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+ * @return V0alpha2ApiApiInitializeSelfServiceSettingsFlowForBrowsersRequest
 */
 func (a *V0alpha2ApiService) InitializeSelfServiceSettingsFlowForBrowsers(ctx context.Context) V0alpha2ApiApiInitializeSelfServiceSettingsFlowForBrowsersRequest {
 	return V0alpha2ApiApiInitializeSelfServiceSettingsFlowForBrowsersRequest{
@@ -5306,9 +5299,8 @@ func (r V0alpha2ApiApiInitializeSelfServiceSettingsFlowWithoutBrowserRequest) Ex
 }
 
 /*
-  - InitializeSelfServiceSettingsFlowWithoutBrowser Initialize Settings Flow for APIs, Services, Apps, ...
-  - This endpoint initiates a settings flow for API clients such as mobile devices, smart TVs, and so on.
-
+ * InitializeSelfServiceSettingsFlowWithoutBrowser Initialize Settings Flow for APIs, Services, Apps, ...
+ * This endpoint initiates a settings flow for API clients such as mobile devices, smart TVs, and so on.
 You must provide a valid Ory Kratos Session Token for this endpoint to respond with HTTP 200 OK.
 
 To fetch an existing settings flow call `/self-service/settings/flows?flow=`.
@@ -5330,8 +5322,8 @@ In the case of an error, the `error.id` of the JSON response body can be one of:
 This endpoint MUST ONLY be used in scenarios such as native mobile apps (React Native, Objective C, Swift, Java, ...).
 
 More information can be found at [Ory Kratos User Settings & Profile Management Documentation](../self-service/flows/user-settings).
-  - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
-  - @return V0alpha2ApiApiInitializeSelfServiceSettingsFlowWithoutBrowserRequest
+ * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+ * @return V0alpha2ApiApiInitializeSelfServiceSettingsFlowWithoutBrowserRequest
 */
 func (a *V0alpha2ApiService) InitializeSelfServiceSettingsFlowWithoutBrowser(ctx context.Context) V0alpha2ApiApiInitializeSelfServiceSettingsFlowWithoutBrowserRequest {
 	return V0alpha2ApiApiInitializeSelfServiceSettingsFlowWithoutBrowserRequest{
@@ -5457,9 +5449,8 @@ func (r V0alpha2ApiApiInitializeSelfServiceVerificationFlowForBrowsersRequest) E
 }
 
 /*
-  - InitializeSelfServiceVerificationFlowForBrowsers # Initialize Verification Flow for Browser Clients
-  - This endpoint initializes a browser-based account verification flow. Once initialized, the browser will be redirected to
-
+ * InitializeSelfServiceVerificationFlowForBrowsers # Initialize Verification Flow for Browser Clients
+ * This endpoint initializes a browser-based account verification flow. Once initialized, the browser will be redirected to
 `selfservice.flows.verification.ui_url` with the flow ID set as the query parameter `?flow=`.
 
 If this endpoint is called via an AJAX request, the response contains the recovery flow without any redirects.
@@ -5467,8 +5458,8 @@ If this endpoint is called via an AJAX request, the response contains the recove
 This endpoint is NOT INTENDED for API clients and only works with browsers (Chrome, Firefox, ...).
 
 More information can be found at [Ory Kratos Email and Phone Verification Documentation](https://www.ory.sh/docs/kratos/selfservice/flows/verify-email-account-activation).
-  - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
-  - @return V0alpha2ApiApiInitializeSelfServiceVerificationFlowForBrowsersRequest
+ * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+ * @return V0alpha2ApiApiInitializeSelfServiceVerificationFlowForBrowsersRequest
 */
 func (a *V0alpha2ApiService) InitializeSelfServiceVerificationFlowForBrowsers(ctx context.Context) V0alpha2ApiApiInitializeSelfServiceVerificationFlowForBrowsersRequest {
 	return V0alpha2ApiApiInitializeSelfServiceVerificationFlowForBrowsersRequest{
@@ -5578,8 +5569,8 @@ func (r V0alpha2ApiApiInitializeSelfServiceVerificationFlowWithoutBrowserRequest
 }
 
 /*
-  - InitializeSelfServiceVerificationFlowWithoutBrowser Initialize Verification Flow for APIs, Services, Apps, ...
-  - This endpoint initiates a verification flow for API clients such as mobile devices, smart TVs, and so on.
+ * InitializeSelfServiceVerificationFlowWithoutBrowser Initialize Verification Flow for APIs, Services, Apps, ...
+ * This endpoint initiates a verification flow for API clients such as mobile devices, smart TVs, and so on.
 
 To fetch an existing verification flow call `/self-service/verification/flows?flow=`.
 
@@ -5590,8 +5581,8 @@ you vulnerable to a variety of CSRF attacks.
 This endpoint MUST ONLY be used in scenarios such as native mobile apps (React Native, Objective C, Swift, Java, ...).
 
 More information can be found at [Ory Kratos Email and Phone Verification Documentation](https://www.ory.sh/docs/kratos/self-service/flows/verify-email-account-activation).
-  - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
-  - @return V0alpha2ApiApiInitializeSelfServiceVerificationFlowWithoutBrowserRequest
+ * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+ * @return V0alpha2ApiApiInitializeSelfServiceVerificationFlowWithoutBrowserRequest
 */
 func (a *V0alpha2ApiService) InitializeSelfServiceVerificationFlowWithoutBrowser(ctx context.Context) V0alpha2ApiApiInitializeSelfServiceVerificationFlowWithoutBrowserRequest {
 	return V0alpha2ApiApiInitializeSelfServiceVerificationFlowWithoutBrowserRequest{
@@ -5856,12 +5847,12 @@ func (r V0alpha2ApiApiListSessionsRequest) Execute() ([]Session, *http.Response,
 }
 
 /*
-  - ListSessions This endpoints returns all other active sessions that belong to the logged-in user. The current session can be retrieved by calling the `/sessions/whoami` endpoint.
-  - This endpoint is useful for:
+ * ListSessions This endpoints returns all other active sessions that belong to the logged-in user. The current session can be retrieved by calling the `/sessions/whoami` endpoint.
+ * This endpoint is useful for:
 
 Displaying all other sessions that belong to the logged-in user
-  - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
-  - @return V0alpha2ApiApiListSessionsRequest
+ * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+ * @return V0alpha2ApiApiListSessionsRequest
 */
 func (a *V0alpha2ApiService) ListSessions(ctx context.Context) V0alpha2ApiApiListSessionsRequest {
 	return V0alpha2ApiApiListSessionsRequest{
@@ -6011,13 +6002,13 @@ func (r V0alpha2ApiApiRevokeSessionRequest) Execute() (*http.Response, error) {
 }
 
 /*
-  - RevokeSession Calling this endpoint invalidates the specified session. The current session cannot be revoked. Session data are not deleted.
-  - This endpoint is useful for:
+ * RevokeSession Calling this endpoint invalidates the specified session. The current session cannot be revoked. Session data are not deleted.
+ * This endpoint is useful for:
 
 To forcefully logout the current user from another device or session
-  - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
-  - @param id ID is the session's ID.
-  - @return V0alpha2ApiApiRevokeSessionRequest
+ * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+ * @param id ID is the session's ID.
+ * @return V0alpha2ApiApiRevokeSessionRequest
 */
 func (a *V0alpha2ApiService) RevokeSession(ctx context.Context, id string) V0alpha2ApiApiRevokeSessionRequest {
 	return V0alpha2ApiApiRevokeSessionRequest{
@@ -6146,12 +6137,12 @@ func (r V0alpha2ApiApiRevokeSessionsRequest) Execute() (*RevokedSessions, *http.
 }
 
 /*
-  - RevokeSessions Calling this endpoint invalidates all except the current session that belong to the logged-in user. Session data are not deleted.
-  - This endpoint is useful for:
+ * RevokeSessions Calling this endpoint invalidates all except the current session that belong to the logged-in user. Session data are not deleted.
+ * This endpoint is useful for:
 
 To forcefully logout the current user from all other devices and sessions
-  - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
-  - @return V0alpha2ApiApiRevokeSessionsRequest
+ * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+ * @return V0alpha2ApiApiRevokeSessionsRequest
 */
 func (a *V0alpha2ApiService) RevokeSessions(ctx context.Context) V0alpha2ApiApiRevokeSessionsRequest {
 	return V0alpha2ApiApiRevokeSessionsRequest{
@@ -6315,8 +6306,8 @@ func (r V0alpha2ApiApiSubmitSelfServiceLoginFlowRequest) Execute() (*SuccessfulS
 }
 
 /*
-  - SubmitSelfServiceLoginFlow # Submit a Login Flow
-  - :::info
+ * SubmitSelfServiceLoginFlow # Submit a Login Flow
+ * :::info
 
 This endpoint is EXPERIMENTAL and subject to potential breaking changes in the future.
 
@@ -6349,8 +6340,8 @@ case of an error, the `error.id` of the JSON response body can be one of:
 Most likely used in Social Sign In flows.
 
 More information can be found at [Ory Kratos User Login](https://www.ory.sh/docs/kratos/self-service/flows/user-login) and [User Registration Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-registration).
-  - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
-  - @return V0alpha2ApiApiSubmitSelfServiceLoginFlowRequest
+ * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+ * @return V0alpha2ApiApiSubmitSelfServiceLoginFlowRequest
 */
 func (a *V0alpha2ApiService) SubmitSelfServiceLoginFlow(ctx context.Context) V0alpha2ApiApiSubmitSelfServiceLoginFlowRequest {
 	return V0alpha2ApiApiSubmitSelfServiceLoginFlowRequest{
@@ -6513,8 +6504,8 @@ func (r V0alpha2ApiApiSubmitSelfServiceLogoutFlowRequest) Execute() (*http.Respo
 }
 
 /*
-  - SubmitSelfServiceLogoutFlow # Complete Self-Service Logout
-  - This endpoint logs out an identity in a self-service manner.
+ * SubmitSelfServiceLogoutFlow # Complete Self-Service Logout
+ * This endpoint logs out an identity in a self-service manner.
 
 If the `Accept` HTTP header is not set to `application/json`, the browser will be redirected (HTTP 303 See Other)
 to the `return_to` parameter of the initial request or fall back to `urls.default_return_to`.
@@ -6527,8 +6518,8 @@ with browsers (Chrome, Firefox, ...). For API clients you can
 call the `/self-service/logout/api` URL directly with the Ory Session Token.
 
 More information can be found at [Ory Kratos User Logout Documentation](https://www.ory.sh/docs/next/kratos/self-service/flows/user-logout).
-  - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
-  - @return V0alpha2ApiApiSubmitSelfServiceLogoutFlowRequest
+ * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+ * @return V0alpha2ApiApiSubmitSelfServiceLogoutFlowRequest
 */
 func (a *V0alpha2ApiService) SubmitSelfServiceLogoutFlow(ctx context.Context) V0alpha2ApiApiSubmitSelfServiceLogoutFlowRequest {
 	return V0alpha2ApiApiSubmitSelfServiceLogoutFlowRequest{
@@ -6636,9 +6627,8 @@ func (r V0alpha2ApiApiSubmitSelfServiceLogoutFlowWithoutBrowserRequest) Execute(
 }
 
 /*
-  - SubmitSelfServiceLogoutFlowWithoutBrowser Perform Logout for APIs, Services, Apps, ...
-  - Use this endpoint to log out an identity using an Ory Session Token. If the Ory Session Token was successfully
-
+ * SubmitSelfServiceLogoutFlowWithoutBrowser Perform Logout for APIs, Services, Apps, ...
+ * Use this endpoint to log out an identity using an Ory Session Token. If the Ory Session Token was successfully
 revoked, the server returns a 204 No Content response. A 204 No Content response is also sent when
 the Ory Session Token has been revoked already before.
 
@@ -6646,8 +6636,8 @@ If the Ory Session Token is malformed or does not exist a 403 Forbidden response
 
 This endpoint does not remove any HTTP
 Cookies - use the Browser-Based Self-Service Logout Flow instead.
-  - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
-  - @return V0alpha2ApiApiSubmitSelfServiceLogoutFlowWithoutBrowserRequest
+ * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+ * @return V0alpha2ApiApiSubmitSelfServiceLogoutFlowWithoutBrowserRequest
 */
 func (a *V0alpha2ApiService) SubmitSelfServiceLogoutFlowWithoutBrowser(ctx context.Context) V0alpha2ApiApiSubmitSelfServiceLogoutFlowWithoutBrowserRequest {
 	return V0alpha2ApiApiSubmitSelfServiceLogoutFlowWithoutBrowserRequest{
@@ -6779,9 +6769,8 @@ func (r V0alpha2ApiApiSubmitSelfServiceRecoveryFlowRequest) Execute() (*SelfServ
 }
 
 /*
-  - SubmitSelfServiceRecoveryFlow # Complete Recovery Flow
-  - Use this endpoint to complete a recovery flow. This endpoint
-
+ * SubmitSelfServiceRecoveryFlow # Complete Recovery Flow
+ * Use this endpoint to complete a recovery flow. This endpoint
 behaves differently for API and browser flows and has several states:
 
 `choose_method` expects `flow` (in the URL query) and `email` (in the body) to be sent
@@ -6797,8 +6786,8 @@ does not have any API capabilities. The server responds with a HTTP 303 See Othe
 a new Recovery Flow ID which contains an error message that the recovery link was invalid.
 
 More information can be found at [Ory Kratos Account Recovery Documentation](../self-service/flows/account-recovery).
-  - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
-  - @return V0alpha2ApiApiSubmitSelfServiceRecoveryFlowRequest
+ * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+ * @return V0alpha2ApiApiSubmitSelfServiceRecoveryFlowRequest
 */
 func (a *V0alpha2ApiService) SubmitSelfServiceRecoveryFlow(ctx context.Context) V0alpha2ApiApiSubmitSelfServiceRecoveryFlowRequest {
 	return V0alpha2ApiApiSubmitSelfServiceRecoveryFlowRequest{
@@ -6956,9 +6945,8 @@ func (r V0alpha2ApiApiSubmitSelfServiceRegistrationFlowRequest) Execute() (*Succ
 }
 
 /*
-  - SubmitSelfServiceRegistrationFlow # Submit a Registration Flow
-  - Use this endpoint to complete a registration flow by sending an identity's traits and password. This endpoint
-
+ * SubmitSelfServiceRegistrationFlow # Submit a Registration Flow
+ * Use this endpoint to complete a registration flow by sending an identity's traits and password. This endpoint
 behaves differently for API and browser flows.
 
 API flows expect `application/json` to be sent in the body and respond with
@@ -6986,8 +6974,8 @@ case of an error, the `error.id` of the JSON response body can be one of:
 Most likely used in Social Sign In flows.
 
 More information can be found at [Ory Kratos User Login](https://www.ory.sh/docs/kratos/self-service/flows/user-login) and [User Registration Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-registration).
-  - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
-  - @return V0alpha2ApiApiSubmitSelfServiceRegistrationFlowRequest
+ * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+ * @return V0alpha2ApiApiSubmitSelfServiceRegistrationFlowRequest
 */
 func (a *V0alpha2ApiService) SubmitSelfServiceRegistrationFlow(ctx context.Context) V0alpha2ApiApiSubmitSelfServiceRegistrationFlowRequest {
 	return V0alpha2ApiApiSubmitSelfServiceRegistrationFlowRequest{
@@ -7157,9 +7145,8 @@ func (r V0alpha2ApiApiSubmitSelfServiceSettingsFlowRequest) Execute() (*SelfServ
 }
 
 /*
-  - SubmitSelfServiceSettingsFlow # Complete Settings Flow
-  - Use this endpoint to complete a settings flow by sending an identity's updated password. This endpoint
-
+ * SubmitSelfServiceSettingsFlow # Complete Settings Flow
+ * Use this endpoint to complete a settings flow by sending an identity's updated password. This endpoint
 behaves differently for API and browser flows.
 
 API-initiated flows expect `application/json` to be sent in the body and respond with
@@ -7202,8 +7189,8 @@ identity logged in instead.
 Most likely used in Social Sign In flows.
 
 More information can be found at [Ory Kratos User Settings & Profile Management Documentation](../self-service/flows/user-settings).
-  - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
-  - @return V0alpha2ApiApiSubmitSelfServiceSettingsFlowRequest
+ * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+ * @return V0alpha2ApiApiSubmitSelfServiceSettingsFlowRequest
 */
 func (a *V0alpha2ApiService) SubmitSelfServiceSettingsFlow(ctx context.Context) V0alpha2ApiApiSubmitSelfServiceSettingsFlowRequest {
 	return V0alpha2ApiApiSubmitSelfServiceSettingsFlowRequest{
@@ -7396,9 +7383,8 @@ func (r V0alpha2ApiApiSubmitSelfServiceVerificationFlowRequest) Execute() (*Self
 }
 
 /*
-  - SubmitSelfServiceVerificationFlow # Complete Verification Flow
-  - Use this endpoint to complete a verification flow. This endpoint
-
+ * SubmitSelfServiceVerificationFlow # Complete Verification Flow
+ * Use this endpoint to complete a verification flow. This endpoint
 behaves differently for API and browser flows and has several states:
 
 `choose_method` expects `flow` (in the URL query) and `email` (in the body) to be sent
@@ -7414,8 +7400,8 @@ does not have any API capabilities. The server responds with a HTTP 303 See Othe
 a new Verification Flow ID which contains an error message that the verification link was invalid.
 
 More information can be found at [Ory Kratos Email and Phone Verification Documentation](https://www.ory.sh/docs/kratos/selfservice/flows/verify-email-account-activation).
-  - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
-  - @return V0alpha2ApiApiSubmitSelfServiceVerificationFlowRequest
+ * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+ * @return V0alpha2ApiApiSubmitSelfServiceVerificationFlowRequest
 */
 func (a *V0alpha2ApiService) SubmitSelfServiceVerificationFlow(ctx context.Context) V0alpha2ApiApiSubmitSelfServiceVerificationFlowRequest {
 	return V0alpha2ApiApiSubmitSelfServiceVerificationFlowRequest{
@@ -7568,9 +7554,8 @@ func (r V0alpha2ApiApiToSessionRequest) Execute() (*Session, *http.Response, err
 }
 
 /*
-  - ToSession # Check Who the Current HTTP Session Belongs To
-  - Uses the HTTP Headers in the GET request to determine (e.g. by using checking the cookies) who is authenticated.
-
+ * ToSession # Check Who the Current HTTP Session Belongs To
+ * Uses the HTTP Headers in the GET request to determine (e.g. by using checking the cookies) who is authenticated.
 Returns a session object in the body or 401 if the credentials are invalid or no credentials were sent.
 Additionally when the request it successful it adds the user ID to the 'X-Kratos-Authenticated-Identity-Id' header
 in the response.
@@ -7619,8 +7604,8 @@ As explained above, this request may fail due to several reasons. The `error.id`
 
 `session_inactive`: No active session was found in the request (e.g. no Ory Session Cookie / Ory Session Token).
 `session_aal2_required`: An active session was found but it does not fulfil the Authenticator Assurance Level, implying that the session must (e.g.) authenticate the second factor.
-  - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
-  - @return V0alpha2ApiApiToSessionRequest
+ * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+ * @return V0alpha2ApiApiToSessionRequest
 */
 func (a *V0alpha2ApiService) ToSession(ctx context.Context) V0alpha2ApiApiToSessionRequest {
 	return V0alpha2ApiApiToSessionRequest{

From 8cebb8b2003cd3bc2fffe6907069a88236410f4b Mon Sep 17 00:00:00 2001
From: aeneasr <3372410+aeneasr@users.noreply.github.com>
Date: Fri, 23 Sep 2022 12:42:41 +0000
Subject: [PATCH 268/411] chore: update repository templates to
 https://github.com/ory/meta/commit/4ef13422e91f15b9f70014a0d67b92498ab728d1

---
 .github/ISSUE_TEMPLATE/BUG-REPORT.yml      | 50 +++++++++++-----------
 .github/ISSUE_TEMPLATE/DESIGN-DOC.yml      | 50 +++++++++++-----------
 .github/ISSUE_TEMPLATE/FEATURE-REQUEST.yml | 30 ++++++-------
 .github/pull_request_template.md           |  8 ++--
 .github/workflows/stale.yml                |  8 ++--
 CHANGELOG.md                               |  8 ++--
 CONTRIBUTING.md                            | 33 +++++++-------
 README.md                                  |  4 +-
 SECURITY.md                                |  4 +-
 package-lock.json                          |  3 +-
 10 files changed, 99 insertions(+), 99 deletions(-)

diff --git a/.github/ISSUE_TEMPLATE/BUG-REPORT.yml b/.github/ISSUE_TEMPLATE/BUG-REPORT.yml
index ad9a73f3fbb2..7536eaa976be 100644
--- a/.github/ISSUE_TEMPLATE/BUG-REPORT.yml
+++ b/.github/ISSUE_TEMPLATE/BUG-REPORT.yml
@@ -1,17 +1,17 @@
-description: 'Create a bug report'
+description: "Create a bug report"
 labels:
   - bug
-name: 'Bug Report'
+name: "Bug Report"
 body:
   - attributes:
       value: "Thank you for taking the time to fill out this bug report!\n"
     type: markdown
   - attributes:
-      label: 'Preflight checklist'
+      label: "Preflight checklist"
       options:
         - label:
-            'I could not find a solution in the existing issues, docs, nor
-            discussions.'
+            "I could not find a solution in the existing issues, docs, nor
+            discussions."
           required: true
         - label:
             "I agree to follow this project's [Code of
@@ -22,18 +22,18 @@ body:
             Guidelines](https://github.com/ory/kratos/blob/master/CONTRIBUTING.md)."
           required: true
         - label:
-            'This issue affects my [Ory Cloud](https://www.ory.sh/) project.'
+            "This issue affects my [Ory Cloud](https://www.ory.sh/) project."
         - label:
-            'I have joined the [Ory Community Slack](https://slack.ory.sh).'
+            "I have joined the [Ory Community Slack](https://slack.ory.sh)."
         - label:
-            'I am signed up to the [Ory Security Patch
-            Newsletter](https://ory.us10.list-manage.com/subscribe?u=ffb1a878e4ec6c0ed312a3480&id=f605a41b53).'
+            "I am signed up to the [Ory Security Patch
+            Newsletter](https://ory.us10.list-manage.com/subscribe?u=ffb1a878e4ec6c0ed312a3480&id=f605a41b53)."
     id: checklist
     type: checkboxes
   - attributes:
-      description: 'A clear and concise description of what the bug is.'
-      label: 'Describe the bug'
-      placeholder: 'Tell us what you see!'
+      description: "A clear and concise description of what the bug is."
+      label: "Describe the bug"
+      placeholder: "Tell us what you see!"
     id: describe-bug
     type: textarea
     validations:
@@ -47,17 +47,17 @@ body:
         1. Run `docker run ....`
         2. Make API Request to with `curl ...`
         3. Request fails with response: `{"some": "error"}`
-      label: 'Reproducing the bug'
+      label: "Reproducing the bug"
     id: reproduce-bug
     type: textarea
     validations:
       required: true
   - attributes:
       description:
-        'Please copy and paste any relevant log output. This will be
+        "Please copy and paste any relevant log output. This will be
         automatically formatted into code, so no need for backticks. Please
-        redact any sensitive information'
-      label: 'Relevant log output'
+        redact any sensitive information"
+      label: "Relevant log output"
       render: shell
       placeholder: |
         log=error ....
@@ -65,10 +65,10 @@ body:
     type: textarea
   - attributes:
       description:
-        'Please copy and paste any relevant configuration. This will be
+        "Please copy and paste any relevant configuration. This will be
         automatically formatted into code, so no need for backticks. Please
-        redact any sensitive information!'
-      label: 'Relevant configuration'
+        redact any sensitive information!"
+      label: "Relevant configuration"
       render: yml
       placeholder: |
         server:
@@ -77,14 +77,14 @@ body:
     id: config
     type: textarea
   - attributes:
-      description: 'What version of our software are you running?'
+      description: "What version of our software are you running?"
       label: Version
     id: version
     type: input
     validations:
       required: true
   - attributes:
-      label: 'On which operating system are you observing this issue?'
+      label: "On which operating system are you observing this issue?"
       options:
         - Ory Cloud
         - macOS
@@ -95,19 +95,19 @@ body:
     id: operating-system
     type: dropdown
   - attributes:
-      label: 'In which environment are you deploying?'
+      label: "In which environment are you deploying?"
       options:
         - Ory Cloud
         - Docker
-        - 'Docker Compose'
-        - 'Kubernetes with Helm'
+        - "Docker Compose"
+        - "Kubernetes with Helm"
         - Kubernetes
         - Binary
         - Other
     id: deployment
     type: dropdown
   - attributes:
-      description: 'Add any other context about the problem here.'
+      description: "Add any other context about the problem here."
       label: Additional Context
     id: additional
     type: textarea
diff --git a/.github/ISSUE_TEMPLATE/DESIGN-DOC.yml b/.github/ISSUE_TEMPLATE/DESIGN-DOC.yml
index e48e0df13f3f..6be238ca0ebd 100644
--- a/.github/ISSUE_TEMPLATE/DESIGN-DOC.yml
+++ b/.github/ISSUE_TEMPLATE/DESIGN-DOC.yml
@@ -1,8 +1,8 @@
 description:
-  'A design document is needed for non-trivial changes to the code base.'
+  "A design document is needed for non-trivial changes to the code base."
 labels:
   - rfc
-name: 'Design Document'
+name: "Design Document"
 body:
   - attributes:
       value: |
@@ -13,16 +13,16 @@ body:
         Ory is leaning heavily on [Google's design docs process](https://www.industrialempathy.com/posts/design-docs-at-google/)
         and [Golang Proposals](https://github.com/golang/proposal).
 
-        Writing a design doc prior to contributing your change ensures that your ideas are checked with
-        the community and maintainers. It will save you a lot of time developing things which might need changed
+        Writing a design doc before contributing your change ensures that your ideas are checked with
+        the community and maintainers. It will save you a lot of time developing things that might need to be changed
         after code reviews, and your pull requests will be merged faster.
     type: markdown
   - attributes:
-      label: 'Preflight checklist'
+      label: "Preflight checklist"
       options:
         - label:
-            'I could not find a solution in the existing issues, docs, nor
-            discussions.'
+            "I could not find a solution in the existing issues, docs, nor
+            discussions."
           required: true
         - label:
             "I agree to follow this project's [Code of
@@ -33,18 +33,18 @@ body:
             Guidelines](https://github.com/ory/kratos/blob/master/CONTRIBUTING.md)."
           required: true
         - label:
-            'This issue affects my [Ory Cloud](https://www.ory.sh/) project.'
+            "This issue affects my [Ory Cloud](https://www.ory.sh/) project."
         - label:
-            'I have joined the [Ory Community Slack](https://slack.ory.sh).'
+            "I have joined the [Ory Community Slack](https://slack.ory.sh)."
         - label:
-            'I am signed up to the [Ory Security Patch
-            Newsletter](https://ory.us10.list-manage.com/subscribe?u=ffb1a878e4ec6c0ed312a3480&id=f605a41b53).'
+            "I am signed up to the [Ory Security Patch
+            Newsletter](https://ory.us10.list-manage.com/subscribe?u=ffb1a878e4ec6c0ed312a3480&id=f605a41b53)."
     id: checklist
     type: checkboxes
   - attributes:
       description: |
         This section gives the reader a very rough overview of the landscape in which the new system is being built and what is actually being built. This isn’t a requirements doc. Keep it succinct! The goal is that readers are brought up to speed but some previous knowledge can be assumed and detailed info can be linked to. This section should be entirely focused on objective background facts.
-      label: 'Context and scope'
+      label: "Context and scope"
     id: scope
     type: textarea
     validations:
@@ -53,7 +53,7 @@ body:
   - attributes:
       description: |
         A short list of bullet points of what the goals of the system are, and, sometimes more importantly, what non-goals are. Note, that non-goals aren’t negated goals like “The system shouldn’t crash”, but rather things that could reasonably be goals, but are explicitly chosen not to be goals. A good example would be “ACID compliance”; when designing a database, you’d certainly want to know whether that is a goal or non-goal. And if it is a non-goal you might still select a solution that provides it, if it doesn’t introduce trade-offs that prevent achieving the goals.
-      label: 'Goals and non-goals'
+      label: "Goals and non-goals"
     id: goals
     type: textarea
     validations:
@@ -64,8 +64,8 @@ body:
         This section should start with an overview and then go into details.
         The design doc is the place to write down the trade-offs you made in designing your software. Focus on those trade-offs to produce a useful document with long-term value. That is, given the context (facts), goals and non-goals (requirements), the design doc is the place to suggest solutions and show why a particular solution best satisfies those goals.
 
-        The point of writing a document over a more formal medium is to provide the flexibility to express the problem set at hand in an appropriate manner. Because of this, there is no explicit guidance for how to actually describe the design.
-      label: 'The design'
+        The point of writing a document over a more formal medium is to provide the flexibility to express the problem at hand in an appropriate manner. Because of this, there is no explicit guidance on how to actually describe the design.
+      label: "The design"
     id: design
     type: textarea
     validations:
@@ -73,22 +73,22 @@ body:
 
   - attributes:
       description: |
-        If the system under design exposes an API, then sketching out that API is usually a good idea. In most cases, however, one should withstand the temptation to copy-paste formal interface or data definitions into the doc as these are often verbose, contain unnecessary detail and quickly get out of date. Instead focus on the parts that are relevant to the design and its trade-offs.
-      label: 'APIs'
+        If the system under design exposes an API, then sketching out that API is usually a good idea. In most cases, however, one should withstand the temptation to copy-paste formal interface or data definitions into the doc as these are often verbose, contain unnecessary detail and quickly get out of date. Instead, focus on the parts that are relevant to the design and its trade-offs.
+      label: "APIs"
     id: apis
     type: textarea
 
   - attributes:
       description: |
-        Systems that store data should likely discuss how and in what rough form this happens. Similar to the advice on APIs, and for the same reasons, copy-pasting complete schema definitions should be avoided. Instead focus on the parts that are relevant to the design and its trade-offs.
-      label: 'Data storage'
+        Systems that store data should likely discuss how and in what rough form this happens. Similar to the advice on APIs, and for the same reasons, copy-pasting complete schema definitions should be avoided. Instead, focus on the parts that are relevant to the design and its trade-offs.
+      label: "Data storage"
     id: persistence
     type: textarea
 
   - attributes:
       description: |
-        Design docs should rarely contain code, or pseudo-code except in situations where novel algorithms are described. As appropriate, link to prototypes that show the implementability of the design.
-      label: 'Code and pseudo-code'
+        Design docs should rarely contain code, or pseudo-code except in situations where novel algorithms are described. As appropriate, link to prototypes that show the feasibility of the design.
+      label: "Code and pseudo-code"
     id: pseudocode
     type: textarea
 
@@ -98,10 +98,10 @@ body:
 
         On one end of the extreme is the “greenfield software project”, where all we know are the goals, and the solution can be whatever makes the most sense. Such a document may be wide-ranging, but it also needs to quickly define a set of rules that allow zooming in on a manageable set of solutions.
 
-        On the other end are systems where the possible solutions are very well defined, but it isn’t at all obvious how they could even be combined to achieve the goals. This may be a legacy system that is difficult to change and wasn’t designed to do what you want it to do or a library design that needs to operate within the constraints of the host programming language.
+        On the other end are systems where the possible solutions are very well defined, but it isn't at all obvious how they could even be combined to achieve the goals. This may be a legacy system that is difficult to change and wasn't designed to do what you want it to do or a library design that needs to operate within the constraints of the host programming language.
 
-        In this situation you may be able to enumerate all the things you can do relatively easily, but you need to creatively put those things together to achieve the goals. There may be multiple solutions, and none of them are really great, and hence such a document should focus on selecting the best way given all identified trade-offs.
-      label: 'Degree of constraint'
+        In this situation, you may be able to enumerate all the things you can do relatively easily, but you need to creatively put those things together to achieve the goals. There may be multiple solutions, and none of them are great, and hence such a document should focus on selecting the best way given all identified trade-offs.
+      label: "Degree of constraint"
     id: constrait
     type: textarea
 
@@ -109,7 +109,7 @@ body:
       description: |
         This section lists alternative designs that would have reasonably achieved similar outcomes. The focus should be on the trade-offs that each respective design makes and how those trade-offs led to the decision to select the design that is the primary topic of the document.
 
-        While it is fine to be succinct about solution that ended up not being selected, this section is one of the most important ones as it shows very explicitly why the selected solution is the best given the project goals and how other solutions, that the reader may be wondering about, introduce trade-offs that are less desirable given the goals.
+        While it is fine to be succinct about a solution that ended up not being selected, this section is one of the most important ones as it shows very explicitly why the selected solution is the best given the project goals and how other solutions, that the reader may be wondering about, introduce trade-offs that are less desirable given the goals.
 
       label: Alternatives considered
     id: alternatives
diff --git a/.github/ISSUE_TEMPLATE/FEATURE-REQUEST.yml b/.github/ISSUE_TEMPLATE/FEATURE-REQUEST.yml
index 132862134e9e..af71f0896133 100644
--- a/.github/ISSUE_TEMPLATE/FEATURE-REQUEST.yml
+++ b/.github/ISSUE_TEMPLATE/FEATURE-REQUEST.yml
@@ -1,8 +1,8 @@
 description:
-  'Suggest an idea for this project without a plan for implementation'
+  "Suggest an idea for this project without a plan for implementation"
 labels:
   - feat
-name: 'Feature Request'
+name: "Feature Request"
 body:
   - attributes:
       value: |
@@ -11,11 +11,11 @@ body:
         If you already have a plan to implement a feature or a change, please create a [design document](https://github.com/aeneasr/gh-template-test/issues/new?assignees=&labels=rfc&template=DESIGN-DOC.yml) instead if the change is non-trivial!
     type: markdown
   - attributes:
-      label: 'Preflight checklist'
+      label: "Preflight checklist"
       options:
         - label:
-            'I could not find a solution in the existing issues, docs, nor
-            discussions.'
+            "I could not find a solution in the existing issues, docs, nor
+            discussions."
           required: true
         - label:
             "I agree to follow this project's [Code of
@@ -26,18 +26,18 @@ body:
             Guidelines](https://github.com/ory/kratos/blob/master/CONTRIBUTING.md)."
           required: true
         - label:
-            'This issue affects my [Ory Cloud](https://www.ory.sh/) project.'
+            "This issue affects my [Ory Cloud](https://www.ory.sh/) project."
         - label:
-            'I have joined the [Ory Community Slack](https://slack.ory.sh).'
+            "I have joined the [Ory Community Slack](https://slack.ory.sh)."
         - label:
-            'I am signed up to the [Ory Security Patch
-            Newsletter](https://ory.us10.list-manage.com/subscribe?u=ffb1a878e4ec6c0ed312a3480&id=f605a41b53).'
+            "I am signed up to the [Ory Security Patch
+            Newsletter](https://ory.us10.list-manage.com/subscribe?u=ffb1a878e4ec6c0ed312a3480&id=f605a41b53)."
     id: checklist
     type: checkboxes
   - attributes:
       description:
-        'Is your feature request related to a problem? Please describe.'
-      label: 'Describe your problem'
+        "Is your feature request related to a problem? Please describe."
+      label: "Describe your problem"
       placeholder:
         "A clear and concise description of what the problem is. Ex. I'm always
         frustrated when [...]"
@@ -50,20 +50,20 @@ body:
         Describe the solution you'd like
       placeholder: |
         A clear and concise description of what you want to happen.
-      label: 'Describe your ideal solution'
+      label: "Describe your ideal solution"
     id: solution
     type: textarea
     validations:
       required: true
   - attributes:
       description: "Describe alternatives you've considered"
-      label: 'Workarounds or alternatives'
+      label: "Workarounds or alternatives"
     id: alternatives
     type: textarea
     validations:
       required: true
   - attributes:
-      description: 'What version of our software are you running?'
+      description: "What version of our software are you running?"
       label: Version
     id: version
     type: input
@@ -71,7 +71,7 @@ body:
       required: true
   - attributes:
       description:
-        'Add any other context or screenshots about the feature request here.'
+        "Add any other context or screenshots about the feature request here."
       label: Additional Context
     id: additional
     type: textarea
diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md
index 6c2f057ac039..deef18980d0f 100644
--- a/.github/pull_request_template.md
+++ b/.github/pull_request_template.md
@@ -2,7 +2,7 @@
 Describe the big picture of your changes here to communicate to the maintainers why we should accept this pull request.
 
 This text will be included in the changelog. If applicable, include links to documentation or pieces of code.
-If your change includes breaking changes please add a codeblock documenting the breaking change:
+If your change includes breaking changes please add a code block documenting the breaking change:
 
 ```
 BREAKING CHANGES: This patch changes the behavior of configuration item `foo` to do bar. To keep the existing
@@ -23,7 +23,7 @@ If this pull request
 Pull requests introducing new features, which do not have a design document linked are more likely to be rejected and take on average 2-8 weeks longer to
 get merged.
 
-You can discuss changes with maintainers either in the Github Discusssions in this repository or
+You can discuss changes with maintainers either in the Github Discussions in this repository or
 join the [Ory Chat](https://www.ory.sh/chat).
 -->
 
@@ -44,8 +44,8 @@ If you're unsure about any of them, don't hesitate to ask. We're here to help!
       [contributing code guidelines](../blob/master/CONTRIBUTING.md#contributing-code).
 - [ ] I have read the [security policy](../security/policy).
 - [ ] I confirm that this pull request does not address a security
-      vulnerability. If this pull request addresses a security. vulnerability, I
-      confirm that I got green light (please contact
+      vulnerability. If this pull request addresses a security vulnerability, I
+      confirm that I got the approval (please contact
       [security@ory.sh](mailto:security@ory.sh)) from the maintainers to push
       the changes.
 - [ ] I have added tests that prove my fix is effective or that my feature
diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml
index eb36db174bba..666299c49773 100644
--- a/.github/workflows/stale.yml
+++ b/.github/workflows/stale.yml
@@ -15,12 +15,12 @@ jobs:
           stale-issue-message: |
             Hello contributors!
 
-            I am marking this issue as stale as it has not received any engagement from the community or maintainers a year. That does not imply that the issue has no merit! If you feel strongly about this issue
+            I am marking this issue as stale as it has not received any engagement from the community or maintainers for a year. That does not imply that the issue has no merit! If you feel strongly about this issue
 
             - open a PR referencing and resolving the issue;
-            - leave a comment on it and discuss ideas how you could contribute towards resolving it;
+            - leave a comment on it and discuss ideas on how you could contribute towards resolving it;
             - leave a comment and describe in detail why this issue is critical for your use case;
-            - open a new issue with updated details and a plan on resolving the issue.
+            - open a new issue with updated details and a plan for resolving the issue.
 
             Throughout its lifetime, Ory has received over 10.000 issues and PRs. To sustain that growth, we need to prioritize and focus on issues that are important to the community. A good indication of importance, and thus priority, is activity on a topic.
 
@@ -30,7 +30,7 @@ jobs:
 
             The motivation for this automation is to help prioritize issues in the backlog and not ignore, reject, or belittle anyone.
 
-            If this issue was marked as stale erroneous you can exempt it by adding the `backlog` label, assigning someone, or setting a milestone for it.
+            If this issue was marked as stale erroneously you can exempt it by adding the `backlog` label, assigning someone, or setting a milestone for it.
 
             Thank you for your understanding and to anyone who participated in the conversation! And as written above, please do participate in the conversation if this topic is important to you!
 
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 6346d5bae7ef..de01cbadea53 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -3476,15 +3476,15 @@ We also streamlined how credentials are used. We now differentiate between:
   const kratos = new V0Alpha0(
     new Configuration({
       basePath: config.kratos.admin,
-      accessToken: 'some-token'
-    })
+      accessToken: "some-token",
+    }),
   )
 
   kratosAdmin.adminCreateIdentity({
-    schema_id: 'default',
+    schema_id: "default",
     traits: {
       /* ... */
-    }
+    },
   })
   ```
 
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index cdc002848624..0a1a07ca6d80 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -31,19 +31,19 @@ https://github.com/ory/meta/blob/master/templates/repository/common/CONTRIBUTING
 
 _Please note_: We take Ory Kratos's security and our users' trust very
 seriously. If you believe you have found a security issue in Ory Kratos, please
-disclose by contacting us at security@ory.sh.
+disclose it by contacting us at security@ory.sh.
 
 There are many ways in which you can contribute. The goal of this document is to
 provide a high-level overview of how you can get involved in Ory.
 
 As a potential contributor, your changes and ideas are welcome at any hour of
-the day or night, weekdays, weekends, and holidays. Please do not ever hesitate
-to ask a question or send a pull request.
+the day or night, on weekdays, weekends, and holidays. Please do not ever
+hesitate to ask a question or send a pull request.
 
 If you are unsure, just ask or submit the issue or pull request anyways. You
 won't be yelled at for giving it your best effort. The worst that can happen is
 that you'll be politely asked to change something. We appreciate any sort of
-contributions, and don't want a wall of rules to get in the way of that.
+contributions and don't want a wall of rules to get in the way of that.
 
 That said, if you want to ensure that a pull request is likely to be merged,
 talk to us! You can find out our thoughts and ensure that your contribution
@@ -90,8 +90,8 @@ to help out:
   look at discussions in the forum and take part in community events. More info
   on this in [Communication](#communication).
 
-- **Answer discussions.** There are at all times a number of unanswered
-  discussions on GitHub, you can see an
+- **Answer discussions.** At all times, there are several unanswered discussions
+  on GitHub. You can see an
   [overview here](https://github.com/discussions?discussions_q=is%3Aunanswered+org%3Aory+sort%3Aupdated-desc).
   If you think you know an answer or can provide some information that might
   help, please share it! Bonus: You get GitHub achievements for answered
@@ -100,13 +100,13 @@ to help out:
 - **Help with open issues.** We have a lot of open issues for Ory Kratos and
   some of them may lack necessary information, some are duplicates of older
   issues. You can help out by guiding people through the process of filling out
-  the issue template, asking for clarifying information, or pointing them to
+  the issue template, asking for clarifying information or pointing them to
   existing issues that match their description of the problem.
 
 - **Review documentation changes.** Most documentation just needs a review for
   proper spelling and grammar. If you think a document can be improved in any
   way, feel free to hit the `edit` button at the top of the page. More info on
-  contributing to documentation [here](#contribute-documentation).
+  contributing to the documentation [here](#contribute-documentation).
 
 - **Help with tests.** Pull requests may lack proper tests or test plans. These
   are needed for the change to be implemented safely.
@@ -120,7 +120,7 @@ Check out [Ory Kratos Discussions](https://github.com/ory/kratos/discussions).
 This is a great place for in-depth discussions and lots of code examples, logs
 and similar data.
 
-You can also join our community calls, if you want to speak to the Ory team
+You can also join our community calls if you want to speak to the Ory team
 directly or ask some questions. You can find more info and participate in
 [Slack](https://www.ory.sh/chat) in the #community-call channel.
 
@@ -128,12 +128,12 @@ If you want to receive regular notifications about updates to Ory Kratos,
 consider joining the mailing list. We will _only_ send you vital information on
 the projects that you are interested in.
 
-Also [follow us on twitter](https://twitter.com/orycorp).
+Also, [follow us on Twitter](https://twitter.com/orycorp).
 
 ## Contribute examples
 
-One of the most impactful ways to make a contribution is adding examples. You
-can find an overview of examples using Ory services in the
+One of the most impactful ways to contribute is by adding examples. You can find
+an overview of examples using Ory services on the
 [documentation examples page](https://www.ory.sh/docs/examples). Source code for
 examples can be found in most cases in the
 [ory/examples](https://github.com/ory/examples) repository.
@@ -145,7 +145,7 @@ describe your example before you start working on it. We would love to provide
 guidance to make for a pleasant contribution experience. Go through this
 checklist to contribute an example:
 
-1. Create a github issue proposing a new example and make sure it's different
+1. Create a GitHub issue proposing a new example and make sure it's different
    from an existing one.
 1. Fork the repo and create a feature branch off of `master` so that changes do
    not get mixed up.
@@ -194,13 +194,14 @@ us the rights to use your contribution. You can see the Apache 2.0 license under
 which our projects are published
 [here](https://github.com/ory/meta/blob/master/LICENSE).
 
-When pull requests fail testing, authors are expected to update their pull
-requests to address the failures until the tests pass.
+When pull requests fail the automated testing stages (for example unit or E2E
+tests), authors are expected to update their pull requests to address the
+failures until the tests pass.
 
 Pull requests eligible for review
 
 1. follow the repository's code formatting conventions;
-2. include tests which prove that the change works as intended and does not add
+2. include tests that prove that the change works as intended and does not add
    regressions;
 3. document the changes in the code and/or the project's documentation;
 4. pass the CI pipeline;
diff --git a/README.md b/README.md
index ab74c72d6615..e2c1c6daa6f8 100644
--- a/README.md
+++ b/README.md
@@ -529,8 +529,8 @@ deal with: Self-service Login and Registration, Multi-Factor Authentication
 
 [Ory Hydra](https://github.com/ory/hydra) is an OpenID Certified™ OAuth2 and
 OpenID Connect Provider which easily connects to any existing identity system by
-writing a tiny "bridge" application. Gives absolute control over user interface
-and user experience flows.
+writing a tiny "bridge" application. It gives absolute control over the user
+interface and user experience flows.
 
 ### Ory Oathkeeper: Identity & Access Proxy
 
diff --git a/SECURITY.md b/SECURITY.md
index 70f1ef4ddb7d..52387a3a8899 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -21,8 +21,8 @@ https://github.com/ory/meta/blob/master/templates/repository/SECURITY.md
 
 ## Supported Versions
 
-We release patches for security vulnerabilities. Which versions are eligible
-receiving such patches depend on the CVSS v3.0 Rating:
+We release patches for security vulnerabilities. Which versions are eligible for
+receiving such patches depends on the CVSS v3.0 Rating:
 
 | CVSS v3.0 | Supported Versions                        |
 | --------- | ----------------------------------------- |
diff --git a/package-lock.json b/package-lock.json
index 20bc1051908a..9895f8a50f48 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -5737,8 +5737,7 @@
       "version": "7.5.7",
       "resolved": "https://registry.npmjs.org/ws/-/ws-7.5.7.tgz",
       "integrity": "sha512-KMvVuFzpKBuiIXW3E4u3mySRO2/mCHSyZDJQM5NQ9Q9KHWHWh0NHgfbRMLLrceUK5qAL4ytALJbpRMjixFZh8A==",
-      "dev": true,
-      "requires": {}
+      "dev": true
     },
     "y18n": {
       "version": "5.0.8",

From 77c53fdc25345068d2ffaee624a250510aa8f596 Mon Sep 17 00:00:00 2001
From: Kevin Goslar 
Date: Fri, 23 Sep 2022 14:49:16 -0500
Subject: [PATCH 269/411] chore: fix formatting (#2753)

---
 internal/httpclient/api_metadata.go |  26 +--
 internal/httpclient/api_v0alpha2.go | 315 +++++++++++++++-------------
 package-lock.json                   |   3 +-
 3 files changed, 181 insertions(+), 163 deletions(-)

diff --git a/internal/httpclient/api_metadata.go b/internal/httpclient/api_metadata.go
index a63febb073aa..eec994165b53 100644
--- a/internal/httpclient/api_metadata.go
+++ b/internal/httpclient/api_metadata.go
@@ -102,16 +102,16 @@ func (r MetadataApiApiGetVersionRequest) Execute() (*InlineResponse2001, *http.R
 }
 
 /*
- * GetVersion Return Running Software Version.
- * This endpoint returns the version of Ory Kratos.
+  - GetVersion Return Running Software Version.
+  - This endpoint returns the version of Ory Kratos.
 
 If the service supports TLS Edge Termination, this endpoint does not require the
 `X-Forwarded-Proto` header to be set.
 
 Be aware that if you are running multiple nodes of this service, the version will never
 refer to the cluster state, only to a single instance.
- * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
- * @return MetadataApiApiGetVersionRequest
+  - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+  - @return MetadataApiApiGetVersionRequest
 */
 func (a *MetadataApiService) GetVersion(ctx context.Context) MetadataApiApiGetVersionRequest {
 	return MetadataApiApiGetVersionRequest{
@@ -209,8 +209,9 @@ func (r MetadataApiApiIsAliveRequest) Execute() (*InlineResponse200, *http.Respo
 }
 
 /*
- * IsAlive Check HTTP Server Status
- * This endpoint returns a HTTP 200 status code when Ory Kratos is accepting incoming
+  - IsAlive Check HTTP Server Status
+  - This endpoint returns a HTTP 200 status code when Ory Kratos is accepting incoming
+
 HTTP requests. This status does currently not include checks whether the database connection is working.
 
 If the service supports TLS Edge Termination, this endpoint does not require the
@@ -218,8 +219,8 @@ If the service supports TLS Edge Termination, this endpoint does not require the
 
 Be aware that if you are running multiple nodes of this service, the health status will never
 refer to the cluster state, only to a single instance.
- * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
- * @return MetadataApiApiIsAliveRequest
+  - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+  - @return MetadataApiApiIsAliveRequest
 */
 func (a *MetadataApiService) IsAlive(ctx context.Context) MetadataApiApiIsAliveRequest {
 	return MetadataApiApiIsAliveRequest{
@@ -326,8 +327,9 @@ func (r MetadataApiApiIsReadyRequest) Execute() (*InlineResponse200, *http.Respo
 }
 
 /*
- * IsReady Check HTTP Server and Database Status
- * This endpoint returns a HTTP 200 status code when Ory Kratos is up running and the environment dependencies (e.g.
+  - IsReady Check HTTP Server and Database Status
+  - This endpoint returns a HTTP 200 status code when Ory Kratos is up running and the environment dependencies (e.g.
+
 the database) are responsive as well.
 
 If the service supports TLS Edge Termination, this endpoint does not require the
@@ -335,8 +337,8 @@ If the service supports TLS Edge Termination, this endpoint does not require the
 
 Be aware that if you are running multiple nodes of Ory Kratos, the health status will never
 refer to the cluster state, only to a single instance.
- * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
- * @return MetadataApiApiIsReadyRequest
+  - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+  - @return MetadataApiApiIsReadyRequest
 */
 func (a *MetadataApiService) IsReady(ctx context.Context) MetadataApiApiIsReadyRequest {
 	return MetadataApiApiIsReadyRequest{
diff --git a/internal/httpclient/api_v0alpha2.go b/internal/httpclient/api_v0alpha2.go
index 9a364f251342..28ee4d1f4359 100644
--- a/internal/httpclient/api_v0alpha2.go
+++ b/internal/httpclient/api_v0alpha2.go
@@ -1292,11 +1292,12 @@ func (r V0alpha2ApiApiAdminCreateSelfServiceRecoveryLinkRequest) Execute() (*Sel
 }
 
 /*
- * AdminCreateSelfServiceRecoveryLink # Create a Recovery Link
- * This endpoint creates a recovery link which should be given to the user in order for them to recover
+  - AdminCreateSelfServiceRecoveryLink # Create a Recovery Link
+  - This endpoint creates a recovery link which should be given to the user in order for them to recover
+
 (or activate) their account.
- * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
- * @return V0alpha2ApiApiAdminCreateSelfServiceRecoveryLinkRequest
+  - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+  - @return V0alpha2ApiApiAdminCreateSelfServiceRecoveryLinkRequest
 */
 func (a *V0alpha2ApiService) AdminCreateSelfServiceRecoveryLink(ctx context.Context) V0alpha2ApiApiAdminCreateSelfServiceRecoveryLinkRequest {
 	return V0alpha2ApiApiAdminCreateSelfServiceRecoveryLinkRequest{
@@ -1426,15 +1427,16 @@ func (r V0alpha2ApiApiAdminDeleteIdentityRequest) Execute() (*http.Response, err
 }
 
 /*
- * AdminDeleteIdentity # Delete an Identity
- * Calling this endpoint irrecoverably and permanently deletes the identity given its ID. This action can not be undone.
+  - AdminDeleteIdentity # Delete an Identity
+  - Calling this endpoint irrecoverably and permanently deletes the identity given its ID. This action can not be undone.
+
 This endpoint returns 204 when the identity was deleted or when the identity was not found, in which case it is
 assumed that is has been deleted already.
 
 Learn how identities work in [Ory Kratos' User And Identity Model Documentation](https://www.ory.sh/docs/next/kratos/concepts/identity-user-model).
- * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
- * @param id ID is the identity's ID.
- * @return V0alpha2ApiApiAdminDeleteIdentityRequest
+  - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+  - @param id ID is the identity's ID.
+  - @return V0alpha2ApiApiAdminDeleteIdentityRequest
 */
 func (a *V0alpha2ApiService) AdminDeleteIdentity(ctx context.Context, id string) V0alpha2ApiApiAdminDeleteIdentityRequest {
 	return V0alpha2ApiApiAdminDeleteIdentityRequest{
@@ -1557,13 +1559,13 @@ func (r V0alpha2ApiApiAdminDeleteIdentitySessionsRequest) Execute() (*http.Respo
 }
 
 /*
- * AdminDeleteIdentitySessions Calling this endpoint irrecoverably and permanently deletes and invalidates all sessions that belong to the given Identity.
- * This endpoint is useful for:
+  - AdminDeleteIdentitySessions Calling this endpoint irrecoverably and permanently deletes and invalidates all sessions that belong to the given Identity.
+  - This endpoint is useful for:
 
 To forcefully logout Identity from all devices and sessions
- * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
- * @param id ID is the identity's ID.
- * @return V0alpha2ApiApiAdminDeleteIdentitySessionsRequest
+  - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+  - @param id ID is the identity's ID.
+  - @return V0alpha2ApiApiAdminDeleteIdentitySessionsRequest
 */
 func (a *V0alpha2ApiService) AdminDeleteIdentitySessions(ctx context.Context, id string) V0alpha2ApiApiAdminDeleteIdentitySessionsRequest {
 	return V0alpha2ApiApiAdminDeleteIdentitySessionsRequest{
@@ -2172,12 +2174,12 @@ func (r V0alpha2ApiApiAdminListIdentitiesRequest) Execute() ([]Identity, *http.R
 }
 
 /*
- * AdminListIdentities # List Identities
- * Lists all identities. Does not support search at the moment.
+  - AdminListIdentities # List Identities
+  - Lists all identities. Does not support search at the moment.
 
 Learn how identities work in [Ory Kratos' User And Identity Model Documentation](https://www.ory.sh/docs/next/kratos/concepts/identity-user-model).
- * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
- * @return V0alpha2ApiApiAdminListIdentitiesRequest
+  - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+  - @return V0alpha2ApiApiAdminListIdentitiesRequest
 */
 func (a *V0alpha2ApiService) AdminListIdentities(ctx context.Context) V0alpha2ApiApiAdminListIdentitiesRequest {
 	return V0alpha2ApiApiAdminListIdentitiesRequest{
@@ -2321,13 +2323,13 @@ func (r V0alpha2ApiApiAdminListIdentitySessionsRequest) Execute() ([]Session, *h
 }
 
 /*
- * AdminListIdentitySessions This endpoint returns all sessions that belong to the given Identity.
- * This endpoint is useful for:
+  - AdminListIdentitySessions This endpoint returns all sessions that belong to the given Identity.
+  - This endpoint is useful for:
 
 Listing all sessions that belong to an Identity in an administrative context.
- * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
- * @param id ID is the identity's ID.
- * @return V0alpha2ApiApiAdminListIdentitySessionsRequest
+  - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+  - @param id ID is the identity's ID.
+  - @return V0alpha2ApiApiAdminListIdentitySessionsRequest
 */
 func (a *V0alpha2ApiService) AdminListIdentitySessions(ctx context.Context, id string) V0alpha2ApiApiAdminListIdentitySessionsRequest {
 	return V0alpha2ApiApiAdminListIdentitySessionsRequest{
@@ -2496,13 +2498,13 @@ func (r V0alpha2ApiApiAdminPatchIdentityRequest) Execute() (*Identity, *http.Res
 }
 
 /*
- * AdminPatchIdentity Partially updates an Identity's field using [JSON Patch](https://jsonpatch.com/)
- * NOTE: The fields `id`, `stateChangedAt` and `credentials` are not updateable.
+  - AdminPatchIdentity Partially updates an Identity's field using [JSON Patch](https://jsonpatch.com/)
+  - NOTE: The fields `id`, `stateChangedAt` and `credentials` are not updateable.
 
 Learn how identities work in [Ory Kratos' User And Identity Model Documentation](https://www.ory.sh/docs/next/kratos/concepts/identity-user-model).
- * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
- * @param id ID must be set to the ID of identity you want to update
- * @return V0alpha2ApiApiAdminPatchIdentityRequest
+  - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+  - @param id ID must be set to the ID of identity you want to update
+  - @return V0alpha2ApiApiAdminPatchIdentityRequest
 */
 func (a *V0alpha2ApiService) AdminPatchIdentity(ctx context.Context, id string) V0alpha2ApiApiAdminPatchIdentityRequest {
 	return V0alpha2ApiApiAdminPatchIdentityRequest{
@@ -2664,13 +2666,13 @@ func (r V0alpha2ApiApiAdminUpdateIdentityRequest) Execute() (*Identity, *http.Re
 }
 
 /*
- * AdminUpdateIdentity # Update an Identity
- * This endpoint updates an identity. The full identity payload (except credentials) is expected. This endpoint does not support patching.
+  - AdminUpdateIdentity # Update an Identity
+  - This endpoint updates an identity. The full identity payload (except credentials) is expected. This endpoint does not support patching.
 
 Learn how identities work in [Ory Kratos' User And Identity Model Documentation](https://www.ory.sh/docs/next/kratos/concepts/identity-user-model).
- * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
- * @param id ID must be set to the ID of identity you want to update
- * @return V0alpha2ApiApiAdminUpdateIdentityRequest
+  - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+  - @param id ID must be set to the ID of identity you want to update
+  - @return V0alpha2ApiApiAdminUpdateIdentityRequest
 */
 func (a *V0alpha2ApiService) AdminUpdateIdentity(ctx context.Context, id string) V0alpha2ApiApiAdminUpdateIdentityRequest {
 	return V0alpha2ApiApiAdminUpdateIdentityRequest{
@@ -2831,8 +2833,8 @@ func (r V0alpha2ApiApiCreateSelfServiceLogoutFlowUrlForBrowsersRequest) Execute(
 }
 
 /*
- * CreateSelfServiceLogoutFlowUrlForBrowsers # Create a Logout URL for Browsers
- * This endpoint initializes a browser-based user logout flow and a URL which can be used to log out the user.
+  - CreateSelfServiceLogoutFlowUrlForBrowsers # Create a Logout URL for Browsers
+  - This endpoint initializes a browser-based user logout flow and a URL which can be used to log out the user.
 
 This endpoint is NOT INTENDED for API clients and only works
 with browsers (Chrome, Firefox, ...). For API clients you can
@@ -2842,8 +2844,8 @@ The URL is only valid for the currently signed in user. If no user is signed in,
 a 401 error.
 
 When calling this endpoint from a backend, please ensure to properly forward the HTTP cookies.
- * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
- * @return V0alpha2ApiApiCreateSelfServiceLogoutFlowUrlForBrowsersRequest
+  - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+  - @return V0alpha2ApiApiCreateSelfServiceLogoutFlowUrlForBrowsersRequest
 */
 func (a *V0alpha2ApiService) CreateSelfServiceLogoutFlowUrlForBrowsers(ctx context.Context) V0alpha2ApiApiCreateSelfServiceLogoutFlowUrlForBrowsersRequest {
 	return V0alpha2ApiApiCreateSelfServiceLogoutFlowUrlForBrowsersRequest{
@@ -3093,16 +3095,16 @@ func (r V0alpha2ApiApiGetSelfServiceErrorRequest) Execute() (*SelfServiceError,
 }
 
 /*
- * GetSelfServiceError # Get Self-Service Errors
- * This endpoint returns the error associated with a user-facing self service errors.
+  - GetSelfServiceError # Get Self-Service Errors
+  - This endpoint returns the error associated with a user-facing self service errors.
 
 This endpoint supports stub values to help you implement the error UI:
 
 `?id=stub:500` - returns a stub 500 (Internal Server Error) error.
 
 More information can be found at [Ory Kratos User User Facing Error Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-facing-errors).
- * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
- * @return V0alpha2ApiApiGetSelfServiceErrorRequest
+  - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+  - @return V0alpha2ApiApiGetSelfServiceErrorRequest
 */
 func (a *V0alpha2ApiService) GetSelfServiceError(ctx context.Context) V0alpha2ApiApiGetSelfServiceErrorRequest {
 	return V0alpha2ApiApiGetSelfServiceErrorRequest{
@@ -3244,8 +3246,8 @@ func (r V0alpha2ApiApiGetSelfServiceLoginFlowRequest) Execute() (*SelfServiceLog
 }
 
 /*
- * GetSelfServiceLoginFlow # Get Login Flow
- * This endpoint returns a login flow's context with, for example, error details and other information.
+  - GetSelfServiceLoginFlow # Get Login Flow
+  - This endpoint returns a login flow's context with, for example, error details and other information.
 
 Browser flows expect the anti-CSRF cookie to be included in the request's HTTP Cookie Header.
 For AJAX requests you must ensure that cookies are included in the request or requests will fail.
@@ -3268,8 +3270,8 @@ This request may fail due to several reasons. The `error.id` can be one of:
 `self_service_flow_expired`: The flow is expired and you should request a new one.
 
 More information can be found at [Ory Kratos User Login](https://www.ory.sh/docs/kratos/self-service/flows/user-login) and [User Registration Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-registration).
- * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
- * @return V0alpha2ApiApiGetSelfServiceLoginFlowRequest
+  - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+  - @return V0alpha2ApiApiGetSelfServiceLoginFlowRequest
 */
 func (a *V0alpha2ApiService) GetSelfServiceLoginFlow(ctx context.Context) V0alpha2ApiApiGetSelfServiceLoginFlowRequest {
 	return V0alpha2ApiApiGetSelfServiceLoginFlowRequest{
@@ -3424,8 +3426,8 @@ func (r V0alpha2ApiApiGetSelfServiceRecoveryFlowRequest) Execute() (*SelfService
 }
 
 /*
- * GetSelfServiceRecoveryFlow # Get Recovery Flow
- * This endpoint returns a recovery flow's context with, for example, error details and other information.
+  - GetSelfServiceRecoveryFlow # Get Recovery Flow
+  - This endpoint returns a recovery flow's context with, for example, error details and other information.
 
 Browser flows expect the anti-CSRF cookie to be included in the request's HTTP Cookie Header.
 For AJAX requests you must ensure that cookies are included in the request or requests will fail.
@@ -3443,8 +3445,8 @@ res.render('recovery', flow)
 ```
 
 More information can be found at [Ory Kratos Account Recovery Documentation](../self-service/flows/account-recovery).
- * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
- * @return V0alpha2ApiApiGetSelfServiceRecoveryFlowRequest
+  - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+  - @return V0alpha2ApiApiGetSelfServiceRecoveryFlowRequest
 */
 func (a *V0alpha2ApiService) GetSelfServiceRecoveryFlow(ctx context.Context) V0alpha2ApiApiGetSelfServiceRecoveryFlowRequest {
 	return V0alpha2ApiApiGetSelfServiceRecoveryFlowRequest{
@@ -3589,8 +3591,8 @@ func (r V0alpha2ApiApiGetSelfServiceRegistrationFlowRequest) Execute() (*SelfSer
 }
 
 /*
- * GetSelfServiceRegistrationFlow # Get Registration Flow
- * This endpoint returns a registration flow's context with, for example, error details and other information.
+  - GetSelfServiceRegistrationFlow # Get Registration Flow
+  - This endpoint returns a registration flow's context with, for example, error details and other information.
 
 Browser flows expect the anti-CSRF cookie to be included in the request's HTTP Cookie Header.
 For AJAX requests you must ensure that cookies are included in the request or requests will fail.
@@ -3613,8 +3615,8 @@ This request may fail due to several reasons. The `error.id` can be one of:
 `self_service_flow_expired`: The flow is expired and you should request a new one.
 
 More information can be found at [Ory Kratos User Login](https://www.ory.sh/docs/kratos/self-service/flows/user-login) and [User Registration Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-registration).
- * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
- * @return V0alpha2ApiApiGetSelfServiceRegistrationFlowRequest
+  - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+  - @return V0alpha2ApiApiGetSelfServiceRegistrationFlowRequest
 */
 func (a *V0alpha2ApiService) GetSelfServiceRegistrationFlow(ctx context.Context) V0alpha2ApiApiGetSelfServiceRegistrationFlowRequest {
 	return V0alpha2ApiApiGetSelfServiceRegistrationFlowRequest{
@@ -3774,8 +3776,9 @@ func (r V0alpha2ApiApiGetSelfServiceSettingsFlowRequest) Execute() (*SelfService
 }
 
 /*
- * GetSelfServiceSettingsFlow # Get Settings Flow
- * When accessing this endpoint through Ory Kratos' Public API you must ensure that either the Ory Kratos Session Cookie
+  - GetSelfServiceSettingsFlow # Get Settings Flow
+  - When accessing this endpoint through Ory Kratos' Public API you must ensure that either the Ory Kratos Session Cookie
+
 or the Ory Kratos Session Token are set.
 
 Depending on your configuration this endpoint might return a 403 error if the session has a lower Authenticator
@@ -3794,8 +3797,8 @@ case of an error, the `error.id` of the JSON response body can be one of:
 identity logged in instead.
 
 More information can be found at [Ory Kratos User Settings & Profile Management Documentation](../self-service/flows/user-settings).
- * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
- * @return V0alpha2ApiApiGetSelfServiceSettingsFlowRequest
+  - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+  - @return V0alpha2ApiApiGetSelfServiceSettingsFlowRequest
 */
 func (a *V0alpha2ApiService) GetSelfServiceSettingsFlow(ctx context.Context) V0alpha2ApiApiGetSelfServiceSettingsFlowRequest {
 	return V0alpha2ApiApiGetSelfServiceSettingsFlowRequest{
@@ -3963,8 +3966,8 @@ func (r V0alpha2ApiApiGetSelfServiceVerificationFlowRequest) Execute() (*SelfSer
 }
 
 /*
- * GetSelfServiceVerificationFlow # Get Verification Flow
- * This endpoint returns a verification flow's context with, for example, error details and other information.
+  - GetSelfServiceVerificationFlow # Get Verification Flow
+  - This endpoint returns a verification flow's context with, for example, error details and other information.
 
 Browser flows expect the anti-CSRF cookie to be included in the request's HTTP Cookie Header.
 For AJAX requests you must ensure that cookies are included in the request or requests will fail.
@@ -3981,8 +3984,8 @@ res.render('verification', flow)
 })
 
 More information can be found at [Ory Kratos Email and Phone Verification Documentation](https://www.ory.sh/docs/kratos/selfservice/flows/verify-email-account-activation).
- * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
- * @return V0alpha2ApiApiGetSelfServiceVerificationFlowRequest
+  - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+  - @return V0alpha2ApiApiGetSelfServiceVerificationFlowRequest
 */
 func (a *V0alpha2ApiService) GetSelfServiceVerificationFlow(ctx context.Context) V0alpha2ApiApiGetSelfServiceVerificationFlowRequest {
 	return V0alpha2ApiApiGetSelfServiceVerificationFlowRequest{
@@ -4116,8 +4119,8 @@ func (r V0alpha2ApiApiGetWebAuthnJavaScriptRequest) Execute() (string, *http.Res
 }
 
 /*
- * GetWebAuthnJavaScript # Get WebAuthn JavaScript
- * This endpoint provides JavaScript which is needed in order to perform WebAuthn login and registration.
+  - GetWebAuthnJavaScript # Get WebAuthn JavaScript
+  - This endpoint provides JavaScript which is needed in order to perform WebAuthn login and registration.
 
 If you are building a JavaScript Browser App (e.g. in ReactJS or AngularJS) you will need to load this file:
 
@@ -4126,8 +4129,8 @@ If you are building a JavaScript Browser App (e.g. in ReactJS or AngularJS) you
 ```
 
 More information can be found at [Ory Kratos User Login](https://www.ory.sh/docs/kratos/self-service/flows/user-login) and [User Registration Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-registration).
- * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
- * @return V0alpha2ApiApiGetWebAuthnJavaScriptRequest
+  - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+  - @return V0alpha2ApiApiGetWebAuthnJavaScriptRequest
 */
 func (a *V0alpha2ApiService) GetWebAuthnJavaScript(ctx context.Context) V0alpha2ApiApiGetWebAuthnJavaScriptRequest {
 	return V0alpha2ApiApiGetWebAuthnJavaScriptRequest{
@@ -4246,8 +4249,9 @@ func (r V0alpha2ApiApiInitializeSelfServiceLoginFlowForBrowsersRequest) Execute(
 }
 
 /*
- * InitializeSelfServiceLoginFlowForBrowsers # Initialize Login Flow for Browsers
- * This endpoint initializes a browser-based user login flow. This endpoint will set the appropriate
+  - InitializeSelfServiceLoginFlowForBrowsers # Initialize Login Flow for Browsers
+  - This endpoint initializes a browser-based user login flow. This endpoint will set the appropriate
+
 cookies and anti-CSRF measures required for browser-based flows.
 
 If this endpoint is opened as a link in the browser, it will be redirected to
@@ -4266,8 +4270,8 @@ case of an error, the `error.id` of the JSON response body can be one of:
 This endpoint is NOT INTENDED for clients that do not have a browser (Chrome, Firefox, ...) as cookies are needed.
 
 More information can be found at [Ory Kratos User Login](https://www.ory.sh/docs/kratos/self-service/flows/user-login) and [User Registration Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-registration).
- * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
- * @return V0alpha2ApiApiInitializeSelfServiceLoginFlowForBrowsersRequest
+  - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+  - @return V0alpha2ApiApiInitializeSelfServiceLoginFlowForBrowsersRequest
 */
 func (a *V0alpha2ApiService) InitializeSelfServiceLoginFlowForBrowsers(ctx context.Context) V0alpha2ApiApiInitializeSelfServiceLoginFlowForBrowsersRequest {
 	return V0alpha2ApiApiInitializeSelfServiceLoginFlowForBrowsersRequest{
@@ -4412,8 +4416,8 @@ func (r V0alpha2ApiApiInitializeSelfServiceLoginFlowWithoutBrowserRequest) Execu
 }
 
 /*
- * InitializeSelfServiceLoginFlowWithoutBrowser Initialize Login Flow for APIs, Services, Apps, ...
- * This endpoint initiates a login flow for API clients that do not use a browser, such as mobile devices, smart TVs, and so on.
+  - InitializeSelfServiceLoginFlowWithoutBrowser Initialize Login Flow for APIs, Services, Apps, ...
+  - This endpoint initiates a login flow for API clients that do not use a browser, such as mobile devices, smart TVs, and so on.
 
 If a valid provided session cookie or session token is provided, a 400 Bad Request error
 will be returned unless the URL query parameter `?refresh=true` is set.
@@ -4433,8 +4437,8 @@ In the case of an error, the `error.id` of the JSON response body can be one of:
 This endpoint MUST ONLY be used in scenarios such as native mobile apps (React Native, Objective C, Swift, Java, ...).
 
 More information can be found at [Ory Kratos User Login](https://www.ory.sh/docs/kratos/self-service/flows/user-login) and [User Registration Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-registration).
- * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
- * @return V0alpha2ApiApiInitializeSelfServiceLoginFlowWithoutBrowserRequest
+  - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+  - @return V0alpha2ApiApiInitializeSelfServiceLoginFlowWithoutBrowserRequest
 */
 func (a *V0alpha2ApiService) InitializeSelfServiceLoginFlowWithoutBrowser(ctx context.Context) V0alpha2ApiApiInitializeSelfServiceLoginFlowWithoutBrowserRequest {
 	return V0alpha2ApiApiInitializeSelfServiceLoginFlowWithoutBrowserRequest{
@@ -4566,8 +4570,9 @@ func (r V0alpha2ApiApiInitializeSelfServiceRecoveryFlowForBrowsersRequest) Execu
 }
 
 /*
- * InitializeSelfServiceRecoveryFlowForBrowsers # Initialize Recovery Flow for Browsers
- * This endpoint initializes a browser-based account recovery flow. Once initialized, the browser will be redirected to
+  - InitializeSelfServiceRecoveryFlowForBrowsers # Initialize Recovery Flow for Browsers
+  - This endpoint initializes a browser-based account recovery flow. Once initialized, the browser will be redirected to
+
 `selfservice.flows.recovery.ui_url` with the flow ID set as the query parameter `?flow=`. If a valid user session
 exists, the browser is returned to the configured return URL.
 
@@ -4577,8 +4582,8 @@ or a 400 bad request error if the user is already authenticated.
 This endpoint is NOT INTENDED for clients that do not have a browser (Chrome, Firefox, ...) as cookies are needed.
 
 More information can be found at [Ory Kratos Account Recovery Documentation](../self-service/flows/account-recovery).
- * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
- * @return V0alpha2ApiApiInitializeSelfServiceRecoveryFlowForBrowsersRequest
+  - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+  - @return V0alpha2ApiApiInitializeSelfServiceRecoveryFlowForBrowsersRequest
 */
 func (a *V0alpha2ApiService) InitializeSelfServiceRecoveryFlowForBrowsers(ctx context.Context) V0alpha2ApiApiInitializeSelfServiceRecoveryFlowForBrowsersRequest {
 	return V0alpha2ApiApiInitializeSelfServiceRecoveryFlowForBrowsersRequest{
@@ -4698,8 +4703,8 @@ func (r V0alpha2ApiApiInitializeSelfServiceRecoveryFlowWithoutBrowserRequest) Ex
 }
 
 /*
- * InitializeSelfServiceRecoveryFlowWithoutBrowser Initialize Recovery Flow for APIs, Services, Apps, ...
- * This endpoint initiates a recovery flow for API clients such as mobile devices, smart TVs, and so on.
+  - InitializeSelfServiceRecoveryFlowWithoutBrowser Initialize Recovery Flow for APIs, Services, Apps, ...
+  - This endpoint initiates a recovery flow for API clients such as mobile devices, smart TVs, and so on.
 
 If a valid provided session cookie or session token is provided, a 400 Bad Request error.
 
@@ -4712,8 +4717,8 @@ you vulnerable to a variety of CSRF attacks.
 This endpoint MUST ONLY be used in scenarios such as native mobile apps (React Native, Objective C, Swift, Java, ...).
 
 More information can be found at [Ory Kratos Account Recovery Documentation](../self-service/flows/account-recovery).
- * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
- * @return V0alpha2ApiApiInitializeSelfServiceRecoveryFlowWithoutBrowserRequest
+  - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+  - @return V0alpha2ApiApiInitializeSelfServiceRecoveryFlowWithoutBrowserRequest
 */
 func (a *V0alpha2ApiService) InitializeSelfServiceRecoveryFlowWithoutBrowser(ctx context.Context) V0alpha2ApiApiInitializeSelfServiceRecoveryFlowWithoutBrowserRequest {
 	return V0alpha2ApiApiInitializeSelfServiceRecoveryFlowWithoutBrowserRequest{
@@ -4836,8 +4841,9 @@ func (r V0alpha2ApiApiInitializeSelfServiceRegistrationFlowForBrowsersRequest) E
 }
 
 /*
- * InitializeSelfServiceRegistrationFlowForBrowsers # Initialize Registration Flow for Browsers
- * This endpoint initializes a browser-based user registration flow. This endpoint will set the appropriate
+  - InitializeSelfServiceRegistrationFlowForBrowsers # Initialize Registration Flow for Browsers
+  - This endpoint initializes a browser-based user registration flow. This endpoint will set the appropriate
+
 cookies and anti-CSRF measures required for browser-based flows.
 
 :::info
@@ -4862,8 +4868,8 @@ If this endpoint is called via an AJAX request, the response contains the regist
 This endpoint is NOT INTENDED for clients that do not have a browser (Chrome, Firefox, ...) as cookies are needed.
 
 More information can be found at [Ory Kratos User Login](https://www.ory.sh/docs/kratos/self-service/flows/user-login) and [User Registration Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-registration).
- * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
- * @return V0alpha2ApiApiInitializeSelfServiceRegistrationFlowForBrowsersRequest
+  - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+  - @return V0alpha2ApiApiInitializeSelfServiceRegistrationFlowForBrowsersRequest
 */
 func (a *V0alpha2ApiService) InitializeSelfServiceRegistrationFlowForBrowsers(ctx context.Context) V0alpha2ApiApiInitializeSelfServiceRegistrationFlowForBrowsersRequest {
 	return V0alpha2ApiApiInitializeSelfServiceRegistrationFlowForBrowsersRequest{
@@ -4973,8 +4979,8 @@ func (r V0alpha2ApiApiInitializeSelfServiceRegistrationFlowWithoutBrowserRequest
 }
 
 /*
- * InitializeSelfServiceRegistrationFlowWithoutBrowser Initialize Registration Flow for APIs, Services, Apps, ...
- * This endpoint initiates a registration flow for API clients such as mobile devices, smart TVs, and so on.
+  - InitializeSelfServiceRegistrationFlowWithoutBrowser Initialize Registration Flow for APIs, Services, Apps, ...
+  - This endpoint initiates a registration flow for API clients such as mobile devices, smart TVs, and so on.
 
 If a valid provided session cookie or session token is provided, a 400 Bad Request error
 will be returned unless the URL query parameter `?refresh=true` is set.
@@ -4993,8 +4999,8 @@ In the case of an error, the `error.id` of the JSON response body can be one of:
 This endpoint MUST ONLY be used in scenarios such as native mobile apps (React Native, Objective C, Swift, Java, ...).
 
 More information can be found at [Ory Kratos User Login](https://www.ory.sh/docs/kratos/self-service/flows/user-login) and [User Registration Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-registration).
- * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
- * @return V0alpha2ApiApiInitializeSelfServiceRegistrationFlowWithoutBrowserRequest
+  - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+  - @return V0alpha2ApiApiInitializeSelfServiceRegistrationFlowWithoutBrowserRequest
 */
 func (a *V0alpha2ApiService) InitializeSelfServiceRegistrationFlowWithoutBrowser(ctx context.Context) V0alpha2ApiApiInitializeSelfServiceRegistrationFlowWithoutBrowserRequest {
 	return V0alpha2ApiApiInitializeSelfServiceRegistrationFlowWithoutBrowserRequest{
@@ -5122,8 +5128,9 @@ func (r V0alpha2ApiApiInitializeSelfServiceSettingsFlowForBrowsersRequest) Execu
 }
 
 /*
- * InitializeSelfServiceSettingsFlowForBrowsers # Initialize Settings Flow for Browsers
- * This endpoint initializes a browser-based user settings flow. Once initialized, the browser will be redirected to
+  - InitializeSelfServiceSettingsFlowForBrowsers # Initialize Settings Flow for Browsers
+  - This endpoint initializes a browser-based user settings flow. Once initialized, the browser will be redirected to
+
 `selfservice.flows.settings.ui_url` with the flow ID set as the query parameter `?flow=`. If no valid
 Ory Kratos Session Cookie is included in the request, a login flow will be initialized.
 
@@ -5149,8 +5156,8 @@ case of an error, the `error.id` of the JSON response body can be one of:
 This endpoint is NOT INTENDED for clients that do not have a browser (Chrome, Firefox, ...) as cookies are needed.
 
 More information can be found at [Ory Kratos User Settings & Profile Management Documentation](../self-service/flows/user-settings).
- * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
- * @return V0alpha2ApiApiInitializeSelfServiceSettingsFlowForBrowsersRequest
+  - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+  - @return V0alpha2ApiApiInitializeSelfServiceSettingsFlowForBrowsersRequest
 */
 func (a *V0alpha2ApiService) InitializeSelfServiceSettingsFlowForBrowsers(ctx context.Context) V0alpha2ApiApiInitializeSelfServiceSettingsFlowForBrowsersRequest {
 	return V0alpha2ApiApiInitializeSelfServiceSettingsFlowForBrowsersRequest{
@@ -5299,8 +5306,9 @@ func (r V0alpha2ApiApiInitializeSelfServiceSettingsFlowWithoutBrowserRequest) Ex
 }
 
 /*
- * InitializeSelfServiceSettingsFlowWithoutBrowser Initialize Settings Flow for APIs, Services, Apps, ...
- * This endpoint initiates a settings flow for API clients such as mobile devices, smart TVs, and so on.
+  - InitializeSelfServiceSettingsFlowWithoutBrowser Initialize Settings Flow for APIs, Services, Apps, ...
+  - This endpoint initiates a settings flow for API clients such as mobile devices, smart TVs, and so on.
+
 You must provide a valid Ory Kratos Session Token for this endpoint to respond with HTTP 200 OK.
 
 To fetch an existing settings flow call `/self-service/settings/flows?flow=`.
@@ -5322,8 +5330,8 @@ In the case of an error, the `error.id` of the JSON response body can be one of:
 This endpoint MUST ONLY be used in scenarios such as native mobile apps (React Native, Objective C, Swift, Java, ...).
 
 More information can be found at [Ory Kratos User Settings & Profile Management Documentation](../self-service/flows/user-settings).
- * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
- * @return V0alpha2ApiApiInitializeSelfServiceSettingsFlowWithoutBrowserRequest
+  - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+  - @return V0alpha2ApiApiInitializeSelfServiceSettingsFlowWithoutBrowserRequest
 */
 func (a *V0alpha2ApiService) InitializeSelfServiceSettingsFlowWithoutBrowser(ctx context.Context) V0alpha2ApiApiInitializeSelfServiceSettingsFlowWithoutBrowserRequest {
 	return V0alpha2ApiApiInitializeSelfServiceSettingsFlowWithoutBrowserRequest{
@@ -5449,8 +5457,9 @@ func (r V0alpha2ApiApiInitializeSelfServiceVerificationFlowForBrowsersRequest) E
 }
 
 /*
- * InitializeSelfServiceVerificationFlowForBrowsers # Initialize Verification Flow for Browser Clients
- * This endpoint initializes a browser-based account verification flow. Once initialized, the browser will be redirected to
+  - InitializeSelfServiceVerificationFlowForBrowsers # Initialize Verification Flow for Browser Clients
+  - This endpoint initializes a browser-based account verification flow. Once initialized, the browser will be redirected to
+
 `selfservice.flows.verification.ui_url` with the flow ID set as the query parameter `?flow=`.
 
 If this endpoint is called via an AJAX request, the response contains the recovery flow without any redirects.
@@ -5458,8 +5467,8 @@ If this endpoint is called via an AJAX request, the response contains the recove
 This endpoint is NOT INTENDED for API clients and only works with browsers (Chrome, Firefox, ...).
 
 More information can be found at [Ory Kratos Email and Phone Verification Documentation](https://www.ory.sh/docs/kratos/selfservice/flows/verify-email-account-activation).
- * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
- * @return V0alpha2ApiApiInitializeSelfServiceVerificationFlowForBrowsersRequest
+  - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+  - @return V0alpha2ApiApiInitializeSelfServiceVerificationFlowForBrowsersRequest
 */
 func (a *V0alpha2ApiService) InitializeSelfServiceVerificationFlowForBrowsers(ctx context.Context) V0alpha2ApiApiInitializeSelfServiceVerificationFlowForBrowsersRequest {
 	return V0alpha2ApiApiInitializeSelfServiceVerificationFlowForBrowsersRequest{
@@ -5569,8 +5578,8 @@ func (r V0alpha2ApiApiInitializeSelfServiceVerificationFlowWithoutBrowserRequest
 }
 
 /*
- * InitializeSelfServiceVerificationFlowWithoutBrowser Initialize Verification Flow for APIs, Services, Apps, ...
- * This endpoint initiates a verification flow for API clients such as mobile devices, smart TVs, and so on.
+  - InitializeSelfServiceVerificationFlowWithoutBrowser Initialize Verification Flow for APIs, Services, Apps, ...
+  - This endpoint initiates a verification flow for API clients such as mobile devices, smart TVs, and so on.
 
 To fetch an existing verification flow call `/self-service/verification/flows?flow=`.
 
@@ -5581,8 +5590,8 @@ you vulnerable to a variety of CSRF attacks.
 This endpoint MUST ONLY be used in scenarios such as native mobile apps (React Native, Objective C, Swift, Java, ...).
 
 More information can be found at [Ory Kratos Email and Phone Verification Documentation](https://www.ory.sh/docs/kratos/self-service/flows/verify-email-account-activation).
- * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
- * @return V0alpha2ApiApiInitializeSelfServiceVerificationFlowWithoutBrowserRequest
+  - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+  - @return V0alpha2ApiApiInitializeSelfServiceVerificationFlowWithoutBrowserRequest
 */
 func (a *V0alpha2ApiService) InitializeSelfServiceVerificationFlowWithoutBrowser(ctx context.Context) V0alpha2ApiApiInitializeSelfServiceVerificationFlowWithoutBrowserRequest {
 	return V0alpha2ApiApiInitializeSelfServiceVerificationFlowWithoutBrowserRequest{
@@ -5847,12 +5856,12 @@ func (r V0alpha2ApiApiListSessionsRequest) Execute() ([]Session, *http.Response,
 }
 
 /*
- * ListSessions This endpoints returns all other active sessions that belong to the logged-in user. The current session can be retrieved by calling the `/sessions/whoami` endpoint.
- * This endpoint is useful for:
+  - ListSessions This endpoints returns all other active sessions that belong to the logged-in user. The current session can be retrieved by calling the `/sessions/whoami` endpoint.
+  - This endpoint is useful for:
 
 Displaying all other sessions that belong to the logged-in user
- * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
- * @return V0alpha2ApiApiListSessionsRequest
+  - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+  - @return V0alpha2ApiApiListSessionsRequest
 */
 func (a *V0alpha2ApiService) ListSessions(ctx context.Context) V0alpha2ApiApiListSessionsRequest {
 	return V0alpha2ApiApiListSessionsRequest{
@@ -6002,13 +6011,13 @@ func (r V0alpha2ApiApiRevokeSessionRequest) Execute() (*http.Response, error) {
 }
 
 /*
- * RevokeSession Calling this endpoint invalidates the specified session. The current session cannot be revoked. Session data are not deleted.
- * This endpoint is useful for:
+  - RevokeSession Calling this endpoint invalidates the specified session. The current session cannot be revoked. Session data are not deleted.
+  - This endpoint is useful for:
 
 To forcefully logout the current user from another device or session
- * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
- * @param id ID is the session's ID.
- * @return V0alpha2ApiApiRevokeSessionRequest
+  - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+  - @param id ID is the session's ID.
+  - @return V0alpha2ApiApiRevokeSessionRequest
 */
 func (a *V0alpha2ApiService) RevokeSession(ctx context.Context, id string) V0alpha2ApiApiRevokeSessionRequest {
 	return V0alpha2ApiApiRevokeSessionRequest{
@@ -6137,12 +6146,12 @@ func (r V0alpha2ApiApiRevokeSessionsRequest) Execute() (*RevokedSessions, *http.
 }
 
 /*
- * RevokeSessions Calling this endpoint invalidates all except the current session that belong to the logged-in user. Session data are not deleted.
- * This endpoint is useful for:
+  - RevokeSessions Calling this endpoint invalidates all except the current session that belong to the logged-in user. Session data are not deleted.
+  - This endpoint is useful for:
 
 To forcefully logout the current user from all other devices and sessions
- * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
- * @return V0alpha2ApiApiRevokeSessionsRequest
+  - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+  - @return V0alpha2ApiApiRevokeSessionsRequest
 */
 func (a *V0alpha2ApiService) RevokeSessions(ctx context.Context) V0alpha2ApiApiRevokeSessionsRequest {
 	return V0alpha2ApiApiRevokeSessionsRequest{
@@ -6306,8 +6315,8 @@ func (r V0alpha2ApiApiSubmitSelfServiceLoginFlowRequest) Execute() (*SuccessfulS
 }
 
 /*
- * SubmitSelfServiceLoginFlow # Submit a Login Flow
- * :::info
+  - SubmitSelfServiceLoginFlow # Submit a Login Flow
+  - :::info
 
 This endpoint is EXPERIMENTAL and subject to potential breaking changes in the future.
 
@@ -6340,8 +6349,8 @@ case of an error, the `error.id` of the JSON response body can be one of:
 Most likely used in Social Sign In flows.
 
 More information can be found at [Ory Kratos User Login](https://www.ory.sh/docs/kratos/self-service/flows/user-login) and [User Registration Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-registration).
- * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
- * @return V0alpha2ApiApiSubmitSelfServiceLoginFlowRequest
+  - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+  - @return V0alpha2ApiApiSubmitSelfServiceLoginFlowRequest
 */
 func (a *V0alpha2ApiService) SubmitSelfServiceLoginFlow(ctx context.Context) V0alpha2ApiApiSubmitSelfServiceLoginFlowRequest {
 	return V0alpha2ApiApiSubmitSelfServiceLoginFlowRequest{
@@ -6504,8 +6513,8 @@ func (r V0alpha2ApiApiSubmitSelfServiceLogoutFlowRequest) Execute() (*http.Respo
 }
 
 /*
- * SubmitSelfServiceLogoutFlow # Complete Self-Service Logout
- * This endpoint logs out an identity in a self-service manner.
+  - SubmitSelfServiceLogoutFlow # Complete Self-Service Logout
+  - This endpoint logs out an identity in a self-service manner.
 
 If the `Accept` HTTP header is not set to `application/json`, the browser will be redirected (HTTP 303 See Other)
 to the `return_to` parameter of the initial request or fall back to `urls.default_return_to`.
@@ -6518,8 +6527,8 @@ with browsers (Chrome, Firefox, ...). For API clients you can
 call the `/self-service/logout/api` URL directly with the Ory Session Token.
 
 More information can be found at [Ory Kratos User Logout Documentation](https://www.ory.sh/docs/next/kratos/self-service/flows/user-logout).
- * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
- * @return V0alpha2ApiApiSubmitSelfServiceLogoutFlowRequest
+  - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+  - @return V0alpha2ApiApiSubmitSelfServiceLogoutFlowRequest
 */
 func (a *V0alpha2ApiService) SubmitSelfServiceLogoutFlow(ctx context.Context) V0alpha2ApiApiSubmitSelfServiceLogoutFlowRequest {
 	return V0alpha2ApiApiSubmitSelfServiceLogoutFlowRequest{
@@ -6627,8 +6636,9 @@ func (r V0alpha2ApiApiSubmitSelfServiceLogoutFlowWithoutBrowserRequest) Execute(
 }
 
 /*
- * SubmitSelfServiceLogoutFlowWithoutBrowser Perform Logout for APIs, Services, Apps, ...
- * Use this endpoint to log out an identity using an Ory Session Token. If the Ory Session Token was successfully
+  - SubmitSelfServiceLogoutFlowWithoutBrowser Perform Logout for APIs, Services, Apps, ...
+  - Use this endpoint to log out an identity using an Ory Session Token. If the Ory Session Token was successfully
+
 revoked, the server returns a 204 No Content response. A 204 No Content response is also sent when
 the Ory Session Token has been revoked already before.
 
@@ -6636,8 +6646,8 @@ If the Ory Session Token is malformed or does not exist a 403 Forbidden response
 
 This endpoint does not remove any HTTP
 Cookies - use the Browser-Based Self-Service Logout Flow instead.
- * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
- * @return V0alpha2ApiApiSubmitSelfServiceLogoutFlowWithoutBrowserRequest
+  - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+  - @return V0alpha2ApiApiSubmitSelfServiceLogoutFlowWithoutBrowserRequest
 */
 func (a *V0alpha2ApiService) SubmitSelfServiceLogoutFlowWithoutBrowser(ctx context.Context) V0alpha2ApiApiSubmitSelfServiceLogoutFlowWithoutBrowserRequest {
 	return V0alpha2ApiApiSubmitSelfServiceLogoutFlowWithoutBrowserRequest{
@@ -6769,8 +6779,9 @@ func (r V0alpha2ApiApiSubmitSelfServiceRecoveryFlowRequest) Execute() (*SelfServ
 }
 
 /*
- * SubmitSelfServiceRecoveryFlow # Complete Recovery Flow
- * Use this endpoint to complete a recovery flow. This endpoint
+  - SubmitSelfServiceRecoveryFlow # Complete Recovery Flow
+  - Use this endpoint to complete a recovery flow. This endpoint
+
 behaves differently for API and browser flows and has several states:
 
 `choose_method` expects `flow` (in the URL query) and `email` (in the body) to be sent
@@ -6786,8 +6797,8 @@ does not have any API capabilities. The server responds with a HTTP 303 See Othe
 a new Recovery Flow ID which contains an error message that the recovery link was invalid.
 
 More information can be found at [Ory Kratos Account Recovery Documentation](../self-service/flows/account-recovery).
- * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
- * @return V0alpha2ApiApiSubmitSelfServiceRecoveryFlowRequest
+  - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+  - @return V0alpha2ApiApiSubmitSelfServiceRecoveryFlowRequest
 */
 func (a *V0alpha2ApiService) SubmitSelfServiceRecoveryFlow(ctx context.Context) V0alpha2ApiApiSubmitSelfServiceRecoveryFlowRequest {
 	return V0alpha2ApiApiSubmitSelfServiceRecoveryFlowRequest{
@@ -6945,8 +6956,9 @@ func (r V0alpha2ApiApiSubmitSelfServiceRegistrationFlowRequest) Execute() (*Succ
 }
 
 /*
- * SubmitSelfServiceRegistrationFlow # Submit a Registration Flow
- * Use this endpoint to complete a registration flow by sending an identity's traits and password. This endpoint
+  - SubmitSelfServiceRegistrationFlow # Submit a Registration Flow
+  - Use this endpoint to complete a registration flow by sending an identity's traits and password. This endpoint
+
 behaves differently for API and browser flows.
 
 API flows expect `application/json` to be sent in the body and respond with
@@ -6974,8 +6986,8 @@ case of an error, the `error.id` of the JSON response body can be one of:
 Most likely used in Social Sign In flows.
 
 More information can be found at [Ory Kratos User Login](https://www.ory.sh/docs/kratos/self-service/flows/user-login) and [User Registration Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-registration).
- * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
- * @return V0alpha2ApiApiSubmitSelfServiceRegistrationFlowRequest
+  - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+  - @return V0alpha2ApiApiSubmitSelfServiceRegistrationFlowRequest
 */
 func (a *V0alpha2ApiService) SubmitSelfServiceRegistrationFlow(ctx context.Context) V0alpha2ApiApiSubmitSelfServiceRegistrationFlowRequest {
 	return V0alpha2ApiApiSubmitSelfServiceRegistrationFlowRequest{
@@ -7145,8 +7157,9 @@ func (r V0alpha2ApiApiSubmitSelfServiceSettingsFlowRequest) Execute() (*SelfServ
 }
 
 /*
- * SubmitSelfServiceSettingsFlow # Complete Settings Flow
- * Use this endpoint to complete a settings flow by sending an identity's updated password. This endpoint
+  - SubmitSelfServiceSettingsFlow # Complete Settings Flow
+  - Use this endpoint to complete a settings flow by sending an identity's updated password. This endpoint
+
 behaves differently for API and browser flows.
 
 API-initiated flows expect `application/json` to be sent in the body and respond with
@@ -7189,8 +7202,8 @@ identity logged in instead.
 Most likely used in Social Sign In flows.
 
 More information can be found at [Ory Kratos User Settings & Profile Management Documentation](../self-service/flows/user-settings).
- * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
- * @return V0alpha2ApiApiSubmitSelfServiceSettingsFlowRequest
+  - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+  - @return V0alpha2ApiApiSubmitSelfServiceSettingsFlowRequest
 */
 func (a *V0alpha2ApiService) SubmitSelfServiceSettingsFlow(ctx context.Context) V0alpha2ApiApiSubmitSelfServiceSettingsFlowRequest {
 	return V0alpha2ApiApiSubmitSelfServiceSettingsFlowRequest{
@@ -7383,8 +7396,9 @@ func (r V0alpha2ApiApiSubmitSelfServiceVerificationFlowRequest) Execute() (*Self
 }
 
 /*
- * SubmitSelfServiceVerificationFlow # Complete Verification Flow
- * Use this endpoint to complete a verification flow. This endpoint
+  - SubmitSelfServiceVerificationFlow # Complete Verification Flow
+  - Use this endpoint to complete a verification flow. This endpoint
+
 behaves differently for API and browser flows and has several states:
 
 `choose_method` expects `flow` (in the URL query) and `email` (in the body) to be sent
@@ -7400,8 +7414,8 @@ does not have any API capabilities. The server responds with a HTTP 303 See Othe
 a new Verification Flow ID which contains an error message that the verification link was invalid.
 
 More information can be found at [Ory Kratos Email and Phone Verification Documentation](https://www.ory.sh/docs/kratos/selfservice/flows/verify-email-account-activation).
- * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
- * @return V0alpha2ApiApiSubmitSelfServiceVerificationFlowRequest
+  - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+  - @return V0alpha2ApiApiSubmitSelfServiceVerificationFlowRequest
 */
 func (a *V0alpha2ApiService) SubmitSelfServiceVerificationFlow(ctx context.Context) V0alpha2ApiApiSubmitSelfServiceVerificationFlowRequest {
 	return V0alpha2ApiApiSubmitSelfServiceVerificationFlowRequest{
@@ -7554,8 +7568,9 @@ func (r V0alpha2ApiApiToSessionRequest) Execute() (*Session, *http.Response, err
 }
 
 /*
- * ToSession # Check Who the Current HTTP Session Belongs To
- * Uses the HTTP Headers in the GET request to determine (e.g. by using checking the cookies) who is authenticated.
+  - ToSession # Check Who the Current HTTP Session Belongs To
+  - Uses the HTTP Headers in the GET request to determine (e.g. by using checking the cookies) who is authenticated.
+
 Returns a session object in the body or 401 if the credentials are invalid or no credentials were sent.
 Additionally when the request it successful it adds the user ID to the 'X-Kratos-Authenticated-Identity-Id' header
 in the response.
@@ -7604,8 +7619,8 @@ As explained above, this request may fail due to several reasons. The `error.id`
 
 `session_inactive`: No active session was found in the request (e.g. no Ory Session Cookie / Ory Session Token).
 `session_aal2_required`: An active session was found but it does not fulfil the Authenticator Assurance Level, implying that the session must (e.g.) authenticate the second factor.
- * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
- * @return V0alpha2ApiApiToSessionRequest
+  - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+  - @return V0alpha2ApiApiToSessionRequest
 */
 func (a *V0alpha2ApiService) ToSession(ctx context.Context) V0alpha2ApiApiToSessionRequest {
 	return V0alpha2ApiApiToSessionRequest{
diff --git a/package-lock.json b/package-lock.json
index 9895f8a50f48..20bc1051908a 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -5737,7 +5737,8 @@
       "version": "7.5.7",
       "resolved": "https://registry.npmjs.org/ws/-/ws-7.5.7.tgz",
       "integrity": "sha512-KMvVuFzpKBuiIXW3E4u3mySRO2/mCHSyZDJQM5NQ9Q9KHWHWh0NHgfbRMLLrceUK5qAL4ytALJbpRMjixFZh8A==",
-      "dev": true
+      "dev": true,
+      "requires": {}
     },
     "y18n": {
       "version": "5.0.8",

From 3e1c444ade6dc6bae2aec05dc70044782b925d2a Mon Sep 17 00:00:00 2001
From: ory-bot <60093411+ory-bot@users.noreply.github.com>
Date: Fri, 23 Sep 2022 19:51:40 +0000
Subject: [PATCH 270/411] autogen(openapi): regenerate swagger spec and
 internal client

[skip ci]
---
 internal/httpclient/README.md           |  54 ++++++------
 internal/httpclient/api/openapi.yaml    |  54 ++++++------
 internal/httpclient/api_v0alpha2.go     | 108 ++++++++++++------------
 internal/httpclient/docs/V0alpha2Api.md | 108 ++++++++++++------------
 spec/api.json                           |  54 ++++++------
 spec/swagger.json                       |  54 ++++++------
 6 files changed, 216 insertions(+), 216 deletions(-)

diff --git a/internal/httpclient/README.md b/internal/httpclient/README.md
index f80f5f7f8d7b..1ff33d03f07c 100644
--- a/internal/httpclient/README.md
+++ b/internal/httpclient/README.md
@@ -86,48 +86,48 @@ Class | Method | HTTP request | Description
 *MetadataApi* | [**GetVersion**](docs/MetadataApi.md#getversion) | **Get** /version | Return Running Software Version.
 *MetadataApi* | [**IsAlive**](docs/MetadataApi.md#isalive) | **Get** /health/alive | Check HTTP Server Status
 *MetadataApi* | [**IsReady**](docs/MetadataApi.md#isready) | **Get** /health/ready | Check HTTP Server and Database Status
-*V0alpha2Api* | [**AdminCreateIdentity**](docs/V0alpha2Api.md#admincreateidentity) | **Post** /admin/identities | # Create an Identity
-*V0alpha2Api* | [**AdminCreateSelfServiceRecoveryLink**](docs/V0alpha2Api.md#admincreateselfservicerecoverylink) | **Post** /admin/recovery/link | # Create a Recovery Link
-*V0alpha2Api* | [**AdminDeleteIdentity**](docs/V0alpha2Api.md#admindeleteidentity) | **Delete** /admin/identities/{id} | # Delete an Identity
+*V0alpha2Api* | [**AdminCreateIdentity**](docs/V0alpha2Api.md#admincreateidentity) | **Post** /admin/identities | Create an Identity
+*V0alpha2Api* | [**AdminCreateSelfServiceRecoveryLink**](docs/V0alpha2Api.md#admincreateselfservicerecoverylink) | **Post** /admin/recovery/link | Create a Recovery Link
+*V0alpha2Api* | [**AdminDeleteIdentity**](docs/V0alpha2Api.md#admindeleteidentity) | **Delete** /admin/identities/{id} | Delete an Identity
 *V0alpha2Api* | [**AdminDeleteIdentitySessions**](docs/V0alpha2Api.md#admindeleteidentitysessions) | **Delete** /admin/identities/{id}/sessions | Calling this endpoint irrecoverably and permanently deletes and invalidates all sessions that belong to the given Identity.
 *V0alpha2Api* | [**AdminExtendSession**](docs/V0alpha2Api.md#adminextendsession) | **Patch** /admin/sessions/{id}/extend | Calling this endpoint extends the given session ID. If `session.earliest_possible_extend` is set it will only extend the session after the specified time has passed.
-*V0alpha2Api* | [**AdminGetIdentity**](docs/V0alpha2Api.md#admingetidentity) | **Get** /admin/identities/{id} | # Get an Identity
-*V0alpha2Api* | [**AdminListCourierMessages**](docs/V0alpha2Api.md#adminlistcouriermessages) | **Get** /admin/courier/messages | # List Messages
-*V0alpha2Api* | [**AdminListIdentities**](docs/V0alpha2Api.md#adminlistidentities) | **Get** /admin/identities | # List Identities
+*V0alpha2Api* | [**AdminGetIdentity**](docs/V0alpha2Api.md#admingetidentity) | **Get** /admin/identities/{id} | Get an Identity
+*V0alpha2Api* | [**AdminListCourierMessages**](docs/V0alpha2Api.md#adminlistcouriermessages) | **Get** /admin/courier/messages | List Messages
+*V0alpha2Api* | [**AdminListIdentities**](docs/V0alpha2Api.md#adminlistidentities) | **Get** /admin/identities | List Identities
 *V0alpha2Api* | [**AdminListIdentitySessions**](docs/V0alpha2Api.md#adminlistidentitysessions) | **Get** /admin/identities/{id}/sessions | This endpoint returns all sessions that belong to the given Identity.
 *V0alpha2Api* | [**AdminPatchIdentity**](docs/V0alpha2Api.md#adminpatchidentity) | **Patch** /admin/identities/{id} | Partially updates an Identity's field using [JSON Patch](https://jsonpatch.com/)
-*V0alpha2Api* | [**AdminUpdateIdentity**](docs/V0alpha2Api.md#adminupdateidentity) | **Put** /admin/identities/{id} | # Update an Identity
-*V0alpha2Api* | [**CreateSelfServiceLogoutFlowUrlForBrowsers**](docs/V0alpha2Api.md#createselfservicelogoutflowurlforbrowsers) | **Get** /self-service/logout/browser | # Create a Logout URL for Browsers
+*V0alpha2Api* | [**AdminUpdateIdentity**](docs/V0alpha2Api.md#adminupdateidentity) | **Put** /admin/identities/{id} | Update an Identity
+*V0alpha2Api* | [**CreateSelfServiceLogoutFlowUrlForBrowsers**](docs/V0alpha2Api.md#createselfservicelogoutflowurlforbrowsers) | **Get** /self-service/logout/browser | Create a Logout URL for Browsers
 *V0alpha2Api* | [**GetIdentitySchema**](docs/V0alpha2Api.md#getidentityschema) | **Get** /schemas/{id} | 
-*V0alpha2Api* | [**GetSelfServiceError**](docs/V0alpha2Api.md#getselfserviceerror) | **Get** /self-service/errors | # Get Self-Service Errors
-*V0alpha2Api* | [**GetSelfServiceLoginFlow**](docs/V0alpha2Api.md#getselfserviceloginflow) | **Get** /self-service/login/flows | # Get Login Flow
-*V0alpha2Api* | [**GetSelfServiceRecoveryFlow**](docs/V0alpha2Api.md#getselfservicerecoveryflow) | **Get** /self-service/recovery/flows | # Get Recovery Flow
-*V0alpha2Api* | [**GetSelfServiceRegistrationFlow**](docs/V0alpha2Api.md#getselfserviceregistrationflow) | **Get** /self-service/registration/flows | # Get Registration Flow
-*V0alpha2Api* | [**GetSelfServiceSettingsFlow**](docs/V0alpha2Api.md#getselfservicesettingsflow) | **Get** /self-service/settings/flows | # Get Settings Flow
-*V0alpha2Api* | [**GetSelfServiceVerificationFlow**](docs/V0alpha2Api.md#getselfserviceverificationflow) | **Get** /self-service/verification/flows | # Get Verification Flow
-*V0alpha2Api* | [**GetWebAuthnJavaScript**](docs/V0alpha2Api.md#getwebauthnjavascript) | **Get** /.well-known/ory/webauthn.js | # Get WebAuthn JavaScript
-*V0alpha2Api* | [**InitializeSelfServiceLoginFlowForBrowsers**](docs/V0alpha2Api.md#initializeselfserviceloginflowforbrowsers) | **Get** /self-service/login/browser | # Initialize Login Flow for Browsers
+*V0alpha2Api* | [**GetSelfServiceError**](docs/V0alpha2Api.md#getselfserviceerror) | **Get** /self-service/errors | Get Self-Service Errors
+*V0alpha2Api* | [**GetSelfServiceLoginFlow**](docs/V0alpha2Api.md#getselfserviceloginflow) | **Get** /self-service/login/flows | Get Login Flow
+*V0alpha2Api* | [**GetSelfServiceRecoveryFlow**](docs/V0alpha2Api.md#getselfservicerecoveryflow) | **Get** /self-service/recovery/flows | Get Recovery Flow
+*V0alpha2Api* | [**GetSelfServiceRegistrationFlow**](docs/V0alpha2Api.md#getselfserviceregistrationflow) | **Get** /self-service/registration/flows | Get Registration Flow
+*V0alpha2Api* | [**GetSelfServiceSettingsFlow**](docs/V0alpha2Api.md#getselfservicesettingsflow) | **Get** /self-service/settings/flows | Get Settings Flow
+*V0alpha2Api* | [**GetSelfServiceVerificationFlow**](docs/V0alpha2Api.md#getselfserviceverificationflow) | **Get** /self-service/verification/flows | Get Verification Flow
+*V0alpha2Api* | [**GetWebAuthnJavaScript**](docs/V0alpha2Api.md#getwebauthnjavascript) | **Get** /.well-known/ory/webauthn.js | Get WebAuthn JavaScript
+*V0alpha2Api* | [**InitializeSelfServiceLoginFlowForBrowsers**](docs/V0alpha2Api.md#initializeselfserviceloginflowforbrowsers) | **Get** /self-service/login/browser | Initialize Login Flow for Browsers
 *V0alpha2Api* | [**InitializeSelfServiceLoginFlowWithoutBrowser**](docs/V0alpha2Api.md#initializeselfserviceloginflowwithoutbrowser) | **Get** /self-service/login/api | Initialize Login Flow for APIs, Services, Apps, ...
-*V0alpha2Api* | [**InitializeSelfServiceRecoveryFlowForBrowsers**](docs/V0alpha2Api.md#initializeselfservicerecoveryflowforbrowsers) | **Get** /self-service/recovery/browser | # Initialize Recovery Flow for Browsers
+*V0alpha2Api* | [**InitializeSelfServiceRecoveryFlowForBrowsers**](docs/V0alpha2Api.md#initializeselfservicerecoveryflowforbrowsers) | **Get** /self-service/recovery/browser | Initialize Recovery Flow for Browsers
 *V0alpha2Api* | [**InitializeSelfServiceRecoveryFlowWithoutBrowser**](docs/V0alpha2Api.md#initializeselfservicerecoveryflowwithoutbrowser) | **Get** /self-service/recovery/api | Initialize Recovery Flow for APIs, Services, Apps, ...
-*V0alpha2Api* | [**InitializeSelfServiceRegistrationFlowForBrowsers**](docs/V0alpha2Api.md#initializeselfserviceregistrationflowforbrowsers) | **Get** /self-service/registration/browser | # Initialize Registration Flow for Browsers
+*V0alpha2Api* | [**InitializeSelfServiceRegistrationFlowForBrowsers**](docs/V0alpha2Api.md#initializeselfserviceregistrationflowforbrowsers) | **Get** /self-service/registration/browser | Initialize Registration Flow for Browsers
 *V0alpha2Api* | [**InitializeSelfServiceRegistrationFlowWithoutBrowser**](docs/V0alpha2Api.md#initializeselfserviceregistrationflowwithoutbrowser) | **Get** /self-service/registration/api | Initialize Registration Flow for APIs, Services, Apps, ...
-*V0alpha2Api* | [**InitializeSelfServiceSettingsFlowForBrowsers**](docs/V0alpha2Api.md#initializeselfservicesettingsflowforbrowsers) | **Get** /self-service/settings/browser | # Initialize Settings Flow for Browsers
+*V0alpha2Api* | [**InitializeSelfServiceSettingsFlowForBrowsers**](docs/V0alpha2Api.md#initializeselfservicesettingsflowforbrowsers) | **Get** /self-service/settings/browser | Initialize Settings Flow for Browsers
 *V0alpha2Api* | [**InitializeSelfServiceSettingsFlowWithoutBrowser**](docs/V0alpha2Api.md#initializeselfservicesettingsflowwithoutbrowser) | **Get** /self-service/settings/api | Initialize Settings Flow for APIs, Services, Apps, ...
-*V0alpha2Api* | [**InitializeSelfServiceVerificationFlowForBrowsers**](docs/V0alpha2Api.md#initializeselfserviceverificationflowforbrowsers) | **Get** /self-service/verification/browser | # Initialize Verification Flow for Browser Clients
+*V0alpha2Api* | [**InitializeSelfServiceVerificationFlowForBrowsers**](docs/V0alpha2Api.md#initializeselfserviceverificationflowforbrowsers) | **Get** /self-service/verification/browser | Initialize Verification Flow for Browser Clients
 *V0alpha2Api* | [**InitializeSelfServiceVerificationFlowWithoutBrowser**](docs/V0alpha2Api.md#initializeselfserviceverificationflowwithoutbrowser) | **Get** /self-service/verification/api | Initialize Verification Flow for APIs, Services, Apps, ...
 *V0alpha2Api* | [**ListIdentitySchemas**](docs/V0alpha2Api.md#listidentityschemas) | **Get** /schemas | 
 *V0alpha2Api* | [**ListSessions**](docs/V0alpha2Api.md#listsessions) | **Get** /sessions | This endpoints returns all other active sessions that belong to the logged-in user. The current session can be retrieved by calling the `/sessions/whoami` endpoint.
 *V0alpha2Api* | [**RevokeSession**](docs/V0alpha2Api.md#revokesession) | **Delete** /sessions/{id} | Calling this endpoint invalidates the specified session. The current session cannot be revoked. Session data are not deleted.
 *V0alpha2Api* | [**RevokeSessions**](docs/V0alpha2Api.md#revokesessions) | **Delete** /sessions | Calling this endpoint invalidates all except the current session that belong to the logged-in user. Session data are not deleted.
-*V0alpha2Api* | [**SubmitSelfServiceLoginFlow**](docs/V0alpha2Api.md#submitselfserviceloginflow) | **Post** /self-service/login | # Submit a Login Flow
-*V0alpha2Api* | [**SubmitSelfServiceLogoutFlow**](docs/V0alpha2Api.md#submitselfservicelogoutflow) | **Get** /self-service/logout | # Complete Self-Service Logout
+*V0alpha2Api* | [**SubmitSelfServiceLoginFlow**](docs/V0alpha2Api.md#submitselfserviceloginflow) | **Post** /self-service/login | Submit a Login Flow
+*V0alpha2Api* | [**SubmitSelfServiceLogoutFlow**](docs/V0alpha2Api.md#submitselfservicelogoutflow) | **Get** /self-service/logout | Complete Self-Service Logout
 *V0alpha2Api* | [**SubmitSelfServiceLogoutFlowWithoutBrowser**](docs/V0alpha2Api.md#submitselfservicelogoutflowwithoutbrowser) | **Delete** /self-service/logout/api | Perform Logout for APIs, Services, Apps, ...
-*V0alpha2Api* | [**SubmitSelfServiceRecoveryFlow**](docs/V0alpha2Api.md#submitselfservicerecoveryflow) | **Post** /self-service/recovery | # Complete Recovery Flow
-*V0alpha2Api* | [**SubmitSelfServiceRegistrationFlow**](docs/V0alpha2Api.md#submitselfserviceregistrationflow) | **Post** /self-service/registration | # Submit a Registration Flow
-*V0alpha2Api* | [**SubmitSelfServiceSettingsFlow**](docs/V0alpha2Api.md#submitselfservicesettingsflow) | **Post** /self-service/settings | # Complete Settings Flow
-*V0alpha2Api* | [**SubmitSelfServiceVerificationFlow**](docs/V0alpha2Api.md#submitselfserviceverificationflow) | **Post** /self-service/verification | # Complete Verification Flow
-*V0alpha2Api* | [**ToSession**](docs/V0alpha2Api.md#tosession) | **Get** /sessions/whoami | # Check Who the Current HTTP Session Belongs To
+*V0alpha2Api* | [**SubmitSelfServiceRecoveryFlow**](docs/V0alpha2Api.md#submitselfservicerecoveryflow) | **Post** /self-service/recovery | Complete Recovery Flow
+*V0alpha2Api* | [**SubmitSelfServiceRegistrationFlow**](docs/V0alpha2Api.md#submitselfserviceregistrationflow) | **Post** /self-service/registration | Submit a Registration Flow
+*V0alpha2Api* | [**SubmitSelfServiceSettingsFlow**](docs/V0alpha2Api.md#submitselfservicesettingsflow) | **Post** /self-service/settings | Complete Settings Flow
+*V0alpha2Api* | [**SubmitSelfServiceVerificationFlow**](docs/V0alpha2Api.md#submitselfserviceverificationflow) | **Post** /self-service/verification | Complete Verification Flow
+*V0alpha2Api* | [**ToSession**](docs/V0alpha2Api.md#tosession) | **Get** /sessions/whoami | Check Who the Current HTTP Session Belongs To
 
 
 ## Documentation For Models
diff --git a/internal/httpclient/api/openapi.yaml b/internal/httpclient/api/openapi.yaml
index 35f3e26ee2f0..8a0aac89e787 100644
--- a/internal/httpclient/api/openapi.yaml
+++ b/internal/httpclient/api/openapi.yaml
@@ -34,7 +34,7 @@ paths:
               schema:
                 $ref: '#/components/schemas/webAuthnJavaScript'
           description: webAuthnJavaScript
-      summary: '# Get WebAuthn JavaScript'
+      summary: Get WebAuthn JavaScript
       tags:
       - v0alpha2
   /admin/courier/messages:
@@ -113,7 +113,7 @@ paths:
               schema:
                 $ref: '#/components/schemas/jsonError'
           description: jsonError
-      summary: '# List Messages'
+      summary: List Messages
       tags:
       - v0alpha2
   /admin/identities:
@@ -171,7 +171,7 @@ paths:
           description: jsonError
       security:
       - oryAccessToken: []
-      summary: '# List Identities'
+      summary: List Identities
       tags:
       - v0alpha2
     post:
@@ -211,7 +211,7 @@ paths:
           description: jsonError
       security:
       - oryAccessToken: []
-      summary: '# Create an Identity'
+      summary: Create an Identity
       tags:
       - v0alpha2
   /admin/identities/{id}:
@@ -250,7 +250,7 @@ paths:
           description: jsonError
       security:
       - oryAccessToken: []
-      summary: '# Delete an Identity'
+      summary: Delete an Identity
       tags:
       - v0alpha2
     get:
@@ -301,7 +301,7 @@ paths:
           description: jsonError
       security:
       - oryAccessToken: []
-      summary: '# Get an Identity'
+      summary: Get an Identity
       tags:
       - v0alpha2
     patch:
@@ -415,7 +415,7 @@ paths:
           description: jsonError
       security:
       - oryAccessToken: []
-      summary: '# Update an Identity'
+      summary: Update an Identity
       tags:
       - v0alpha2
   /admin/identities/{id}/sessions:
@@ -597,7 +597,7 @@ paths:
               schema:
                 $ref: '#/components/schemas/jsonError'
           description: jsonError
-      summary: '# Create a Recovery Link'
+      summary: Create a Recovery Link
       tags:
       - v0alpha2
   /admin/sessions/{id}/extend:
@@ -833,7 +833,7 @@ paths:
               schema:
                 $ref: '#/components/schemas/jsonError'
           description: jsonError
-      summary: '# Get Self-Service Errors'
+      summary: Get Self-Service Errors
       tags:
       - v0alpha2
   /self-service/login:
@@ -950,7 +950,7 @@ paths:
               schema:
                 $ref: '#/components/schemas/jsonError'
           description: jsonError
-      summary: '# Submit a Login Flow'
+      summary: Submit a Login Flow
       tags:
       - v0alpha2
   /self-service/login/api:
@@ -1128,7 +1128,7 @@ paths:
               schema:
                 $ref: '#/components/schemas/jsonError'
           description: jsonError
-      summary: '# Initialize Login Flow for Browsers'
+      summary: Initialize Login Flow for Browsers
       tags:
       - v0alpha2
   /self-service/login/flows:
@@ -1214,7 +1214,7 @@ paths:
               schema:
                 $ref: '#/components/schemas/jsonError'
           description: jsonError
-      summary: '# Get Login Flow'
+      summary: Get Login Flow
       tags:
       - v0alpha2
   /self-service/logout:
@@ -1268,7 +1268,7 @@ paths:
               schema:
                 $ref: '#/components/schemas/jsonError'
           description: jsonError
-      summary: '# Complete Self-Service Logout'
+      summary: Complete Self-Service Logout
       tags:
       - v0alpha2
   /self-service/logout/api:
@@ -1355,7 +1355,7 @@ paths:
               schema:
                 $ref: '#/components/schemas/jsonError'
           description: jsonError
-      summary: '# Create a Logout URL for Browsers'
+      summary: Create a Logout URL for Browsers
       tags:
       - v0alpha2
   /self-service/recovery:
@@ -1455,7 +1455,7 @@ paths:
               schema:
                 $ref: '#/components/schemas/jsonError'
           description: jsonError
-      summary: '# Complete Recovery Flow'
+      summary: Complete Recovery Flow
       tags:
       - v0alpha2
   /self-service/recovery/api:
@@ -1542,7 +1542,7 @@ paths:
               schema:
                 $ref: '#/components/schemas/jsonError'
           description: jsonError
-      summary: '# Initialize Recovery Flow for Browsers'
+      summary: Initialize Recovery Flow for Browsers
       tags:
       - v0alpha2
   /self-service/recovery/flows:
@@ -1617,7 +1617,7 @@ paths:
               schema:
                 $ref: '#/components/schemas/jsonError'
           description: jsonError
-      summary: '# Get Recovery Flow'
+      summary: Get Recovery Flow
       tags:
       - v0alpha2
   /self-service/registration:
@@ -1721,7 +1721,7 @@ paths:
               schema:
                 $ref: '#/components/schemas/jsonError'
           description: jsonError
-      summary: '# Submit a Registration Flow'
+      summary: Submit a Registration Flow
       tags:
       - v0alpha2
   /self-service/registration/api:
@@ -1823,7 +1823,7 @@ paths:
               schema:
                 $ref: '#/components/schemas/jsonError'
           description: jsonError
-      summary: '# Initialize Registration Flow for Browsers'
+      summary: Initialize Registration Flow for Browsers
       tags:
       - v0alpha2
   /self-service/registration/flows:
@@ -1909,7 +1909,7 @@ paths:
               schema:
                 $ref: '#/components/schemas/jsonError'
           description: jsonError
-      summary: '# Get Registration Flow'
+      summary: Get Registration Flow
       tags:
       - v0alpha2
   /self-service/settings:
@@ -2050,7 +2050,7 @@ paths:
           description: jsonError
       security:
       - sessionToken: []
-      summary: '# Complete Settings Flow'
+      summary: Complete Settings Flow
       tags:
       - v0alpha2
   /self-service/settings/api:
@@ -2195,7 +2195,7 @@ paths:
               schema:
                 $ref: '#/components/schemas/jsonError'
           description: jsonError
-      summary: '# Initialize Settings Flow for Browsers'
+      summary: Initialize Settings Flow for Browsers
       tags:
       - v0alpha2
   /self-service/settings/flows:
@@ -2295,7 +2295,7 @@ paths:
               schema:
                 $ref: '#/components/schemas/jsonError'
           description: jsonError
-      summary: '# Get Settings Flow'
+      summary: Get Settings Flow
       tags:
       - v0alpha2
   /self-service/verification:
@@ -2395,7 +2395,7 @@ paths:
               schema:
                 $ref: '#/components/schemas/jsonError'
           description: jsonError
-      summary: '# Complete Verification Flow'
+      summary: Complete Verification Flow
       tags:
       - v0alpha2
   /self-service/verification/api:
@@ -2472,7 +2472,7 @@ paths:
               schema:
                 $ref: '#/components/schemas/jsonError'
           description: jsonError
-      summary: '# Initialize Verification Flow for Browser Clients'
+      summary: Initialize Verification Flow for Browser Clients
       tags:
       - v0alpha2
   /self-service/verification/flows:
@@ -2546,7 +2546,7 @@ paths:
               schema:
                 $ref: '#/components/schemas/jsonError'
           description: jsonError
-      summary: '# Get Verification Flow'
+      summary: Get Verification Flow
       tags:
       - v0alpha2
   /sessions:
@@ -2815,7 +2815,7 @@ paths:
               schema:
                 $ref: '#/components/schemas/jsonError'
           description: jsonError
-      summary: '# Check Who the Current HTTP Session Belongs To'
+      summary: Check Who the Current HTTP Session Belongs To
       tags:
       - v0alpha2
   /sessions/{id}:
diff --git a/internal/httpclient/api_v0alpha2.go b/internal/httpclient/api_v0alpha2.go
index 28ee4d1f4359..1c1dc81a93f1 100644
--- a/internal/httpclient/api_v0alpha2.go
+++ b/internal/httpclient/api_v0alpha2.go
@@ -29,7 +29,7 @@ var (
 type V0alpha2Api interface {
 
 	/*
-	 * AdminCreateIdentity # Create an Identity
+	 * AdminCreateIdentity Create an Identity
 	 * This endpoint creates an identity. Learn how identities work in [Ory Kratos' User And Identity Model Documentation](https://www.ory.sh/docs/next/kratos/concepts/identity-user-model).
 	 * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
 	 * @return V0alpha2ApiApiAdminCreateIdentityRequest
@@ -43,7 +43,7 @@ type V0alpha2Api interface {
 	AdminCreateIdentityExecute(r V0alpha2ApiApiAdminCreateIdentityRequest) (*Identity, *http.Response, error)
 
 	/*
-			 * AdminCreateSelfServiceRecoveryLink # Create a Recovery Link
+			 * AdminCreateSelfServiceRecoveryLink Create a Recovery Link
 			 * This endpoint creates a recovery link which should be given to the user in order for them to recover
 		(or activate) their account.
 			 * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
@@ -58,7 +58,7 @@ type V0alpha2Api interface {
 	AdminCreateSelfServiceRecoveryLinkExecute(r V0alpha2ApiApiAdminCreateSelfServiceRecoveryLinkRequest) (*SelfServiceRecoveryLink, *http.Response, error)
 
 	/*
-			 * AdminDeleteIdentity # Delete an Identity
+			 * AdminDeleteIdentity Delete an Identity
 			 * Calling this endpoint irrecoverably and permanently deletes the identity given its ID. This action can not be undone.
 		This endpoint returns 204 when the identity was deleted or when the identity was not found, in which case it is
 		assumed that is has been deleted already.
@@ -107,7 +107,7 @@ type V0alpha2Api interface {
 	AdminExtendSessionExecute(r V0alpha2ApiApiAdminExtendSessionRequest) (*Session, *http.Response, error)
 
 	/*
-	 * AdminGetIdentity # Get an Identity
+	 * AdminGetIdentity Get an Identity
 	 * Learn how identities work in [Ory Kratos' User And Identity Model Documentation](https://www.ory.sh/docs/next/kratos/concepts/identity-user-model).
 	 * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
 	 * @param id ID must be set to the ID of identity you want to get
@@ -122,7 +122,7 @@ type V0alpha2Api interface {
 	AdminGetIdentityExecute(r V0alpha2ApiApiAdminGetIdentityRequest) (*Identity, *http.Response, error)
 
 	/*
-	 * AdminListCourierMessages # List Messages
+	 * AdminListCourierMessages List Messages
 	 * Lists all messages by given status and recipient.
 	 * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
 	 * @return V0alpha2ApiApiAdminListCourierMessagesRequest
@@ -136,7 +136,7 @@ type V0alpha2Api interface {
 	AdminListCourierMessagesExecute(r V0alpha2ApiApiAdminListCourierMessagesRequest) ([]Message, *http.Response, error)
 
 	/*
-			 * AdminListIdentities # List Identities
+			 * AdminListIdentities List Identities
 			 * Lists all identities. Does not support search at the moment.
 
 		Learn how identities work in [Ory Kratos' User And Identity Model Documentation](https://www.ory.sh/docs/next/kratos/concepts/identity-user-model).
@@ -186,7 +186,7 @@ type V0alpha2Api interface {
 	AdminPatchIdentityExecute(r V0alpha2ApiApiAdminPatchIdentityRequest) (*Identity, *http.Response, error)
 
 	/*
-			 * AdminUpdateIdentity # Update an Identity
+			 * AdminUpdateIdentity Update an Identity
 			 * This endpoint updates an identity. The full identity payload (except credentials) is expected. This endpoint does not support patching.
 
 		Learn how identities work in [Ory Kratos' User And Identity Model Documentation](https://www.ory.sh/docs/next/kratos/concepts/identity-user-model).
@@ -203,7 +203,7 @@ type V0alpha2Api interface {
 	AdminUpdateIdentityExecute(r V0alpha2ApiApiAdminUpdateIdentityRequest) (*Identity, *http.Response, error)
 
 	/*
-			 * CreateSelfServiceLogoutFlowUrlForBrowsers # Create a Logout URL for Browsers
+			 * CreateSelfServiceLogoutFlowUrlForBrowsers Create a Logout URL for Browsers
 			 * This endpoint initializes a browser-based user logout flow and a URL which can be used to log out the user.
 
 		This endpoint is NOT INTENDED for API clients and only works
@@ -241,7 +241,7 @@ type V0alpha2Api interface {
 	GetIdentitySchemaExecute(r V0alpha2ApiApiGetIdentitySchemaRequest) (map[string]interface{}, *http.Response, error)
 
 	/*
-			 * GetSelfServiceError # Get Self-Service Errors
+			 * GetSelfServiceError Get Self-Service Errors
 			 * This endpoint returns the error associated with a user-facing self service errors.
 
 		This endpoint supports stub values to help you implement the error UI:
@@ -261,7 +261,7 @@ type V0alpha2Api interface {
 	GetSelfServiceErrorExecute(r V0alpha2ApiApiGetSelfServiceErrorRequest) (*SelfServiceError, *http.Response, error)
 
 	/*
-			 * GetSelfServiceLoginFlow # Get Login Flow
+			 * GetSelfServiceLoginFlow Get Login Flow
 			 * This endpoint returns a login flow's context with, for example, error details and other information.
 
 		Browser flows expect the anti-CSRF cookie to be included in the request's HTTP Cookie Header.
@@ -297,7 +297,7 @@ type V0alpha2Api interface {
 	GetSelfServiceLoginFlowExecute(r V0alpha2ApiApiGetSelfServiceLoginFlowRequest) (*SelfServiceLoginFlow, *http.Response, error)
 
 	/*
-			 * GetSelfServiceRecoveryFlow # Get Recovery Flow
+			 * GetSelfServiceRecoveryFlow Get Recovery Flow
 			 * This endpoint returns a recovery flow's context with, for example, error details and other information.
 
 		Browser flows expect the anti-CSRF cookie to be included in the request's HTTP Cookie Header.
@@ -328,7 +328,7 @@ type V0alpha2Api interface {
 	GetSelfServiceRecoveryFlowExecute(r V0alpha2ApiApiGetSelfServiceRecoveryFlowRequest) (*SelfServiceRecoveryFlow, *http.Response, error)
 
 	/*
-			 * GetSelfServiceRegistrationFlow # Get Registration Flow
+			 * GetSelfServiceRegistrationFlow Get Registration Flow
 			 * This endpoint returns a registration flow's context with, for example, error details and other information.
 
 		Browser flows expect the anti-CSRF cookie to be included in the request's HTTP Cookie Header.
@@ -364,7 +364,7 @@ type V0alpha2Api interface {
 	GetSelfServiceRegistrationFlowExecute(r V0alpha2ApiApiGetSelfServiceRegistrationFlowRequest) (*SelfServiceRegistrationFlow, *http.Response, error)
 
 	/*
-			 * GetSelfServiceSettingsFlow # Get Settings Flow
+			 * GetSelfServiceSettingsFlow Get Settings Flow
 			 * When accessing this endpoint through Ory Kratos' Public API you must ensure that either the Ory Kratos Session Cookie
 		or the Ory Kratos Session Token are set.
 
@@ -396,7 +396,7 @@ type V0alpha2Api interface {
 	GetSelfServiceSettingsFlowExecute(r V0alpha2ApiApiGetSelfServiceSettingsFlowRequest) (*SelfServiceSettingsFlow, *http.Response, error)
 
 	/*
-			 * GetSelfServiceVerificationFlow # Get Verification Flow
+			 * GetSelfServiceVerificationFlow Get Verification Flow
 			 * This endpoint returns a verification flow's context with, for example, error details and other information.
 
 		Browser flows expect the anti-CSRF cookie to be included in the request's HTTP Cookie Header.
@@ -426,7 +426,7 @@ type V0alpha2Api interface {
 	GetSelfServiceVerificationFlowExecute(r V0alpha2ApiApiGetSelfServiceVerificationFlowRequest) (*SelfServiceVerificationFlow, *http.Response, error)
 
 	/*
-			 * GetWebAuthnJavaScript # Get WebAuthn JavaScript
+			 * GetWebAuthnJavaScript Get WebAuthn JavaScript
 			 * This endpoint provides JavaScript which is needed in order to perform WebAuthn login and registration.
 
 		If you are building a JavaScript Browser App (e.g. in ReactJS or AngularJS) you will need to load this file:
@@ -448,7 +448,7 @@ type V0alpha2Api interface {
 	GetWebAuthnJavaScriptExecute(r V0alpha2ApiApiGetWebAuthnJavaScriptRequest) (string, *http.Response, error)
 
 	/*
-			 * InitializeSelfServiceLoginFlowForBrowsers # Initialize Login Flow for Browsers
+			 * InitializeSelfServiceLoginFlowForBrowsers Initialize Login Flow for Browsers
 			 * This endpoint initializes a browser-based user login flow. This endpoint will set the appropriate
 		cookies and anti-CSRF measures required for browser-based flows.
 
@@ -513,7 +513,7 @@ type V0alpha2Api interface {
 	InitializeSelfServiceLoginFlowWithoutBrowserExecute(r V0alpha2ApiApiInitializeSelfServiceLoginFlowWithoutBrowserRequest) (*SelfServiceLoginFlow, *http.Response, error)
 
 	/*
-			 * InitializeSelfServiceRecoveryFlowForBrowsers # Initialize Recovery Flow for Browsers
+			 * InitializeSelfServiceRecoveryFlowForBrowsers Initialize Recovery Flow for Browsers
 			 * This endpoint initializes a browser-based account recovery flow. Once initialized, the browser will be redirected to
 		`selfservice.flows.recovery.ui_url` with the flow ID set as the query parameter `?flow=`. If a valid user session
 		exists, the browser is returned to the configured return URL.
@@ -562,7 +562,7 @@ type V0alpha2Api interface {
 	InitializeSelfServiceRecoveryFlowWithoutBrowserExecute(r V0alpha2ApiApiInitializeSelfServiceRecoveryFlowWithoutBrowserRequest) (*SelfServiceRecoveryFlow, *http.Response, error)
 
 	/*
-			 * InitializeSelfServiceRegistrationFlowForBrowsers # Initialize Registration Flow for Browsers
+			 * InitializeSelfServiceRegistrationFlowForBrowsers Initialize Registration Flow for Browsers
 			 * This endpoint initializes a browser-based user registration flow. This endpoint will set the appropriate
 		cookies and anti-CSRF measures required for browser-based flows.
 
@@ -632,7 +632,7 @@ type V0alpha2Api interface {
 	InitializeSelfServiceRegistrationFlowWithoutBrowserExecute(r V0alpha2ApiApiInitializeSelfServiceRegistrationFlowWithoutBrowserRequest) (*SelfServiceRegistrationFlow, *http.Response, error)
 
 	/*
-			 * InitializeSelfServiceSettingsFlowForBrowsers # Initialize Settings Flow for Browsers
+			 * InitializeSelfServiceSettingsFlowForBrowsers Initialize Settings Flow for Browsers
 			 * This endpoint initializes a browser-based user settings flow. Once initialized, the browser will be redirected to
 		`selfservice.flows.settings.ui_url` with the flow ID set as the query parameter `?flow=`. If no valid
 		Ory Kratos Session Cookie is included in the request, a login flow will be initialized.
@@ -706,7 +706,7 @@ type V0alpha2Api interface {
 	InitializeSelfServiceSettingsFlowWithoutBrowserExecute(r V0alpha2ApiApiInitializeSelfServiceSettingsFlowWithoutBrowserRequest) (*SelfServiceSettingsFlow, *http.Response, error)
 
 	/*
-			 * InitializeSelfServiceVerificationFlowForBrowsers # Initialize Verification Flow for Browser Clients
+			 * InitializeSelfServiceVerificationFlowForBrowsers Initialize Verification Flow for Browser Clients
 			 * This endpoint initializes a browser-based account verification flow. Once initialized, the browser will be redirected to
 		`selfservice.flows.verification.ui_url` with the flow ID set as the query parameter `?flow=`.
 
@@ -813,7 +813,7 @@ type V0alpha2Api interface {
 	RevokeSessionsExecute(r V0alpha2ApiApiRevokeSessionsRequest) (*RevokedSessions, *http.Response, error)
 
 	/*
-			 * SubmitSelfServiceLoginFlow # Submit a Login Flow
+			 * SubmitSelfServiceLoginFlow Submit a Login Flow
 			 * :::info
 
 		This endpoint is EXPERIMENTAL and subject to potential breaking changes in the future.
@@ -859,7 +859,7 @@ type V0alpha2Api interface {
 	SubmitSelfServiceLoginFlowExecute(r V0alpha2ApiApiSubmitSelfServiceLoginFlowRequest) (*SuccessfulSelfServiceLoginWithoutBrowser, *http.Response, error)
 
 	/*
-			 * SubmitSelfServiceLogoutFlow # Complete Self-Service Logout
+			 * SubmitSelfServiceLogoutFlow Complete Self-Service Logout
 			 * This endpoint logs out an identity in a self-service manner.
 
 		If the `Accept` HTTP header is not set to `application/json`, the browser will be redirected (HTTP 303 See Other)
@@ -904,7 +904,7 @@ type V0alpha2Api interface {
 	SubmitSelfServiceLogoutFlowWithoutBrowserExecute(r V0alpha2ApiApiSubmitSelfServiceLogoutFlowWithoutBrowserRequest) (*http.Response, error)
 
 	/*
-			 * SubmitSelfServiceRecoveryFlow # Complete Recovery Flow
+			 * SubmitSelfServiceRecoveryFlow Complete Recovery Flow
 			 * Use this endpoint to complete a recovery flow. This endpoint
 		behaves differently for API and browser flows and has several states:
 
@@ -933,7 +933,7 @@ type V0alpha2Api interface {
 	SubmitSelfServiceRecoveryFlowExecute(r V0alpha2ApiApiSubmitSelfServiceRecoveryFlowRequest) (*SelfServiceRecoveryFlow, *http.Response, error)
 
 	/*
-			 * SubmitSelfServiceRegistrationFlow # Submit a Registration Flow
+			 * SubmitSelfServiceRegistrationFlow Submit a Registration Flow
 			 * Use this endpoint to complete a registration flow by sending an identity's traits and password. This endpoint
 		behaves differently for API and browser flows.
 
@@ -974,7 +974,7 @@ type V0alpha2Api interface {
 	SubmitSelfServiceRegistrationFlowExecute(r V0alpha2ApiApiSubmitSelfServiceRegistrationFlowRequest) (*SuccessfulSelfServiceRegistrationWithoutBrowser, *http.Response, error)
 
 	/*
-			 * SubmitSelfServiceSettingsFlow # Complete Settings Flow
+			 * SubmitSelfServiceSettingsFlow Complete Settings Flow
 			 * Use this endpoint to complete a settings flow by sending an identity's updated password. This endpoint
 		behaves differently for API and browser flows.
 
@@ -1030,7 +1030,7 @@ type V0alpha2Api interface {
 	SubmitSelfServiceSettingsFlowExecute(r V0alpha2ApiApiSubmitSelfServiceSettingsFlowRequest) (*SelfServiceSettingsFlow, *http.Response, error)
 
 	/*
-			 * SubmitSelfServiceVerificationFlow # Complete Verification Flow
+			 * SubmitSelfServiceVerificationFlow Complete Verification Flow
 			 * Use this endpoint to complete a verification flow. This endpoint
 		behaves differently for API and browser flows and has several states:
 
@@ -1059,7 +1059,7 @@ type V0alpha2Api interface {
 	SubmitSelfServiceVerificationFlowExecute(r V0alpha2ApiApiSubmitSelfServiceVerificationFlowRequest) (*SelfServiceVerificationFlow, *http.Response, error)
 
 	/*
-			 * ToSession # Check Who the Current HTTP Session Belongs To
+			 * ToSession Check Who the Current HTTP Session Belongs To
 			 * Uses the HTTP Headers in the GET request to determine (e.g. by using checking the cookies) who is authenticated.
 		Returns a session object in the body or 401 if the credentials are invalid or no credentials were sent.
 		Additionally when the request it successful it adds the user ID to the 'X-Kratos-Authenticated-Identity-Id' header
@@ -1140,7 +1140,7 @@ func (r V0alpha2ApiApiAdminCreateIdentityRequest) Execute() (*Identity, *http.Re
 }
 
 /*
- * AdminCreateIdentity # Create an Identity
+ * AdminCreateIdentity Create an Identity
  * This endpoint creates an identity. Learn how identities work in [Ory Kratos' User And Identity Model Documentation](https://www.ory.sh/docs/next/kratos/concepts/identity-user-model).
  * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
  * @return V0alpha2ApiApiAdminCreateIdentityRequest
@@ -1292,7 +1292,7 @@ func (r V0alpha2ApiApiAdminCreateSelfServiceRecoveryLinkRequest) Execute() (*Sel
 }
 
 /*
-  - AdminCreateSelfServiceRecoveryLink # Create a Recovery Link
+  - AdminCreateSelfServiceRecoveryLink Create a Recovery Link
   - This endpoint creates a recovery link which should be given to the user in order for them to recover
 
 (or activate) their account.
@@ -1427,7 +1427,7 @@ func (r V0alpha2ApiApiAdminDeleteIdentityRequest) Execute() (*http.Response, err
 }
 
 /*
-  - AdminDeleteIdentity # Delete an Identity
+  - AdminDeleteIdentity Delete an Identity
   - Calling this endpoint irrecoverably and permanently deletes the identity given its ID. This action can not be undone.
 
 This endpoint returns 204 when the identity was deleted or when the identity was not found, in which case it is
@@ -1862,7 +1862,7 @@ func (r V0alpha2ApiApiAdminGetIdentityRequest) Execute() (*Identity, *http.Respo
 }
 
 /*
- * AdminGetIdentity # Get an Identity
+ * AdminGetIdentity Get an Identity
  * Learn how identities work in [Ory Kratos' User And Identity Model Documentation](https://www.ory.sh/docs/next/kratos/concepts/identity-user-model).
  * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
  * @param id ID must be set to the ID of identity you want to get
@@ -2031,7 +2031,7 @@ func (r V0alpha2ApiApiAdminListCourierMessagesRequest) Execute() ([]Message, *ht
 }
 
 /*
- * AdminListCourierMessages # List Messages
+ * AdminListCourierMessages List Messages
  * Lists all messages by given status and recipient.
  * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
  * @return V0alpha2ApiApiAdminListCourierMessagesRequest
@@ -2174,7 +2174,7 @@ func (r V0alpha2ApiApiAdminListIdentitiesRequest) Execute() ([]Identity, *http.R
 }
 
 /*
-  - AdminListIdentities # List Identities
+  - AdminListIdentities List Identities
   - Lists all identities. Does not support search at the moment.
 
 Learn how identities work in [Ory Kratos' User And Identity Model Documentation](https://www.ory.sh/docs/next/kratos/concepts/identity-user-model).
@@ -2666,7 +2666,7 @@ func (r V0alpha2ApiApiAdminUpdateIdentityRequest) Execute() (*Identity, *http.Re
 }
 
 /*
-  - AdminUpdateIdentity # Update an Identity
+  - AdminUpdateIdentity Update an Identity
   - This endpoint updates an identity. The full identity payload (except credentials) is expected. This endpoint does not support patching.
 
 Learn how identities work in [Ory Kratos' User And Identity Model Documentation](https://www.ory.sh/docs/next/kratos/concepts/identity-user-model).
@@ -2833,7 +2833,7 @@ func (r V0alpha2ApiApiCreateSelfServiceLogoutFlowUrlForBrowsersRequest) Execute(
 }
 
 /*
-  - CreateSelfServiceLogoutFlowUrlForBrowsers # Create a Logout URL for Browsers
+  - CreateSelfServiceLogoutFlowUrlForBrowsers Create a Logout URL for Browsers
   - This endpoint initializes a browser-based user logout flow and a URL which can be used to log out the user.
 
 This endpoint is NOT INTENDED for API clients and only works
@@ -3095,7 +3095,7 @@ func (r V0alpha2ApiApiGetSelfServiceErrorRequest) Execute() (*SelfServiceError,
 }
 
 /*
-  - GetSelfServiceError # Get Self-Service Errors
+  - GetSelfServiceError Get Self-Service Errors
   - This endpoint returns the error associated with a user-facing self service errors.
 
 This endpoint supports stub values to help you implement the error UI:
@@ -3246,7 +3246,7 @@ func (r V0alpha2ApiApiGetSelfServiceLoginFlowRequest) Execute() (*SelfServiceLog
 }
 
 /*
-  - GetSelfServiceLoginFlow # Get Login Flow
+  - GetSelfServiceLoginFlow Get Login Flow
   - This endpoint returns a login flow's context with, for example, error details and other information.
 
 Browser flows expect the anti-CSRF cookie to be included in the request's HTTP Cookie Header.
@@ -3426,7 +3426,7 @@ func (r V0alpha2ApiApiGetSelfServiceRecoveryFlowRequest) Execute() (*SelfService
 }
 
 /*
-  - GetSelfServiceRecoveryFlow # Get Recovery Flow
+  - GetSelfServiceRecoveryFlow Get Recovery Flow
   - This endpoint returns a recovery flow's context with, for example, error details and other information.
 
 Browser flows expect the anti-CSRF cookie to be included in the request's HTTP Cookie Header.
@@ -3591,7 +3591,7 @@ func (r V0alpha2ApiApiGetSelfServiceRegistrationFlowRequest) Execute() (*SelfSer
 }
 
 /*
-  - GetSelfServiceRegistrationFlow # Get Registration Flow
+  - GetSelfServiceRegistrationFlow Get Registration Flow
   - This endpoint returns a registration flow's context with, for example, error details and other information.
 
 Browser flows expect the anti-CSRF cookie to be included in the request's HTTP Cookie Header.
@@ -3776,7 +3776,7 @@ func (r V0alpha2ApiApiGetSelfServiceSettingsFlowRequest) Execute() (*SelfService
 }
 
 /*
-  - GetSelfServiceSettingsFlow # Get Settings Flow
+  - GetSelfServiceSettingsFlow Get Settings Flow
   - When accessing this endpoint through Ory Kratos' Public API you must ensure that either the Ory Kratos Session Cookie
 
 or the Ory Kratos Session Token are set.
@@ -3966,7 +3966,7 @@ func (r V0alpha2ApiApiGetSelfServiceVerificationFlowRequest) Execute() (*SelfSer
 }
 
 /*
-  - GetSelfServiceVerificationFlow # Get Verification Flow
+  - GetSelfServiceVerificationFlow Get Verification Flow
   - This endpoint returns a verification flow's context with, for example, error details and other information.
 
 Browser flows expect the anti-CSRF cookie to be included in the request's HTTP Cookie Header.
@@ -4119,7 +4119,7 @@ func (r V0alpha2ApiApiGetWebAuthnJavaScriptRequest) Execute() (string, *http.Res
 }
 
 /*
-  - GetWebAuthnJavaScript # Get WebAuthn JavaScript
+  - GetWebAuthnJavaScript Get WebAuthn JavaScript
   - This endpoint provides JavaScript which is needed in order to perform WebAuthn login and registration.
 
 If you are building a JavaScript Browser App (e.g. in ReactJS or AngularJS) you will need to load this file:
@@ -4249,7 +4249,7 @@ func (r V0alpha2ApiApiInitializeSelfServiceLoginFlowForBrowsersRequest) Execute(
 }
 
 /*
-  - InitializeSelfServiceLoginFlowForBrowsers # Initialize Login Flow for Browsers
+  - InitializeSelfServiceLoginFlowForBrowsers Initialize Login Flow for Browsers
   - This endpoint initializes a browser-based user login flow. This endpoint will set the appropriate
 
 cookies and anti-CSRF measures required for browser-based flows.
@@ -4570,7 +4570,7 @@ func (r V0alpha2ApiApiInitializeSelfServiceRecoveryFlowForBrowsersRequest) Execu
 }
 
 /*
-  - InitializeSelfServiceRecoveryFlowForBrowsers # Initialize Recovery Flow for Browsers
+  - InitializeSelfServiceRecoveryFlowForBrowsers Initialize Recovery Flow for Browsers
   - This endpoint initializes a browser-based account recovery flow. Once initialized, the browser will be redirected to
 
 `selfservice.flows.recovery.ui_url` with the flow ID set as the query parameter `?flow=`. If a valid user session
@@ -4841,7 +4841,7 @@ func (r V0alpha2ApiApiInitializeSelfServiceRegistrationFlowForBrowsersRequest) E
 }
 
 /*
-  - InitializeSelfServiceRegistrationFlowForBrowsers # Initialize Registration Flow for Browsers
+  - InitializeSelfServiceRegistrationFlowForBrowsers Initialize Registration Flow for Browsers
   - This endpoint initializes a browser-based user registration flow. This endpoint will set the appropriate
 
 cookies and anti-CSRF measures required for browser-based flows.
@@ -5128,7 +5128,7 @@ func (r V0alpha2ApiApiInitializeSelfServiceSettingsFlowForBrowsersRequest) Execu
 }
 
 /*
-  - InitializeSelfServiceSettingsFlowForBrowsers # Initialize Settings Flow for Browsers
+  - InitializeSelfServiceSettingsFlowForBrowsers Initialize Settings Flow for Browsers
   - This endpoint initializes a browser-based user settings flow. Once initialized, the browser will be redirected to
 
 `selfservice.flows.settings.ui_url` with the flow ID set as the query parameter `?flow=`. If no valid
@@ -5457,7 +5457,7 @@ func (r V0alpha2ApiApiInitializeSelfServiceVerificationFlowForBrowsersRequest) E
 }
 
 /*
-  - InitializeSelfServiceVerificationFlowForBrowsers # Initialize Verification Flow for Browser Clients
+  - InitializeSelfServiceVerificationFlowForBrowsers Initialize Verification Flow for Browser Clients
   - This endpoint initializes a browser-based account verification flow. Once initialized, the browser will be redirected to
 
 `selfservice.flows.verification.ui_url` with the flow ID set as the query parameter `?flow=`.
@@ -6315,7 +6315,7 @@ func (r V0alpha2ApiApiSubmitSelfServiceLoginFlowRequest) Execute() (*SuccessfulS
 }
 
 /*
-  - SubmitSelfServiceLoginFlow # Submit a Login Flow
+  - SubmitSelfServiceLoginFlow Submit a Login Flow
   - :::info
 
 This endpoint is EXPERIMENTAL and subject to potential breaking changes in the future.
@@ -6513,7 +6513,7 @@ func (r V0alpha2ApiApiSubmitSelfServiceLogoutFlowRequest) Execute() (*http.Respo
 }
 
 /*
-  - SubmitSelfServiceLogoutFlow # Complete Self-Service Logout
+  - SubmitSelfServiceLogoutFlow Complete Self-Service Logout
   - This endpoint logs out an identity in a self-service manner.
 
 If the `Accept` HTTP header is not set to `application/json`, the browser will be redirected (HTTP 303 See Other)
@@ -6779,7 +6779,7 @@ func (r V0alpha2ApiApiSubmitSelfServiceRecoveryFlowRequest) Execute() (*SelfServ
 }
 
 /*
-  - SubmitSelfServiceRecoveryFlow # Complete Recovery Flow
+  - SubmitSelfServiceRecoveryFlow Complete Recovery Flow
   - Use this endpoint to complete a recovery flow. This endpoint
 
 behaves differently for API and browser flows and has several states:
@@ -6956,7 +6956,7 @@ func (r V0alpha2ApiApiSubmitSelfServiceRegistrationFlowRequest) Execute() (*Succ
 }
 
 /*
-  - SubmitSelfServiceRegistrationFlow # Submit a Registration Flow
+  - SubmitSelfServiceRegistrationFlow Submit a Registration Flow
   - Use this endpoint to complete a registration flow by sending an identity's traits and password. This endpoint
 
 behaves differently for API and browser flows.
@@ -7157,7 +7157,7 @@ func (r V0alpha2ApiApiSubmitSelfServiceSettingsFlowRequest) Execute() (*SelfServ
 }
 
 /*
-  - SubmitSelfServiceSettingsFlow # Complete Settings Flow
+  - SubmitSelfServiceSettingsFlow Complete Settings Flow
   - Use this endpoint to complete a settings flow by sending an identity's updated password. This endpoint
 
 behaves differently for API and browser flows.
@@ -7396,7 +7396,7 @@ func (r V0alpha2ApiApiSubmitSelfServiceVerificationFlowRequest) Execute() (*Self
 }
 
 /*
-  - SubmitSelfServiceVerificationFlow # Complete Verification Flow
+  - SubmitSelfServiceVerificationFlow Complete Verification Flow
   - Use this endpoint to complete a verification flow. This endpoint
 
 behaves differently for API and browser flows and has several states:
@@ -7568,7 +7568,7 @@ func (r V0alpha2ApiApiToSessionRequest) Execute() (*Session, *http.Response, err
 }
 
 /*
-  - ToSession # Check Who the Current HTTP Session Belongs To
+  - ToSession Check Who the Current HTTP Session Belongs To
   - Uses the HTTP Headers in the GET request to determine (e.g. by using checking the cookies) who is authenticated.
 
 Returns a session object in the body or 401 if the credentials are invalid or no credentials were sent.
diff --git a/internal/httpclient/docs/V0alpha2Api.md b/internal/httpclient/docs/V0alpha2Api.md
index 489096d3b6b8..52ccd5b4d10f 100644
--- a/internal/httpclient/docs/V0alpha2Api.md
+++ b/internal/httpclient/docs/V0alpha2Api.md
@@ -4,48 +4,48 @@ All URIs are relative to *http://localhost*
 
 Method | HTTP request | Description
 ------------- | ------------- | -------------
-[**AdminCreateIdentity**](V0alpha2Api.md#AdminCreateIdentity) | **Post** /admin/identities | # Create an Identity
-[**AdminCreateSelfServiceRecoveryLink**](V0alpha2Api.md#AdminCreateSelfServiceRecoveryLink) | **Post** /admin/recovery/link | # Create a Recovery Link
-[**AdminDeleteIdentity**](V0alpha2Api.md#AdminDeleteIdentity) | **Delete** /admin/identities/{id} | # Delete an Identity
+[**AdminCreateIdentity**](V0alpha2Api.md#AdminCreateIdentity) | **Post** /admin/identities | Create an Identity
+[**AdminCreateSelfServiceRecoveryLink**](V0alpha2Api.md#AdminCreateSelfServiceRecoveryLink) | **Post** /admin/recovery/link | Create a Recovery Link
+[**AdminDeleteIdentity**](V0alpha2Api.md#AdminDeleteIdentity) | **Delete** /admin/identities/{id} | Delete an Identity
 [**AdminDeleteIdentitySessions**](V0alpha2Api.md#AdminDeleteIdentitySessions) | **Delete** /admin/identities/{id}/sessions | Calling this endpoint irrecoverably and permanently deletes and invalidates all sessions that belong to the given Identity.
 [**AdminExtendSession**](V0alpha2Api.md#AdminExtendSession) | **Patch** /admin/sessions/{id}/extend | Calling this endpoint extends the given session ID. If `session.earliest_possible_extend` is set it will only extend the session after the specified time has passed.
-[**AdminGetIdentity**](V0alpha2Api.md#AdminGetIdentity) | **Get** /admin/identities/{id} | # Get an Identity
-[**AdminListCourierMessages**](V0alpha2Api.md#AdminListCourierMessages) | **Get** /admin/courier/messages | # List Messages
-[**AdminListIdentities**](V0alpha2Api.md#AdminListIdentities) | **Get** /admin/identities | # List Identities
+[**AdminGetIdentity**](V0alpha2Api.md#AdminGetIdentity) | **Get** /admin/identities/{id} | Get an Identity
+[**AdminListCourierMessages**](V0alpha2Api.md#AdminListCourierMessages) | **Get** /admin/courier/messages | List Messages
+[**AdminListIdentities**](V0alpha2Api.md#AdminListIdentities) | **Get** /admin/identities | List Identities
 [**AdminListIdentitySessions**](V0alpha2Api.md#AdminListIdentitySessions) | **Get** /admin/identities/{id}/sessions | This endpoint returns all sessions that belong to the given Identity.
 [**AdminPatchIdentity**](V0alpha2Api.md#AdminPatchIdentity) | **Patch** /admin/identities/{id} | Partially updates an Identity's field using [JSON Patch](https://jsonpatch.com/)
-[**AdminUpdateIdentity**](V0alpha2Api.md#AdminUpdateIdentity) | **Put** /admin/identities/{id} | # Update an Identity
-[**CreateSelfServiceLogoutFlowUrlForBrowsers**](V0alpha2Api.md#CreateSelfServiceLogoutFlowUrlForBrowsers) | **Get** /self-service/logout/browser | # Create a Logout URL for Browsers
+[**AdminUpdateIdentity**](V0alpha2Api.md#AdminUpdateIdentity) | **Put** /admin/identities/{id} | Update an Identity
+[**CreateSelfServiceLogoutFlowUrlForBrowsers**](V0alpha2Api.md#CreateSelfServiceLogoutFlowUrlForBrowsers) | **Get** /self-service/logout/browser | Create a Logout URL for Browsers
 [**GetIdentitySchema**](V0alpha2Api.md#GetIdentitySchema) | **Get** /schemas/{id} | 
-[**GetSelfServiceError**](V0alpha2Api.md#GetSelfServiceError) | **Get** /self-service/errors | # Get Self-Service Errors
-[**GetSelfServiceLoginFlow**](V0alpha2Api.md#GetSelfServiceLoginFlow) | **Get** /self-service/login/flows | # Get Login Flow
-[**GetSelfServiceRecoveryFlow**](V0alpha2Api.md#GetSelfServiceRecoveryFlow) | **Get** /self-service/recovery/flows | # Get Recovery Flow
-[**GetSelfServiceRegistrationFlow**](V0alpha2Api.md#GetSelfServiceRegistrationFlow) | **Get** /self-service/registration/flows | # Get Registration Flow
-[**GetSelfServiceSettingsFlow**](V0alpha2Api.md#GetSelfServiceSettingsFlow) | **Get** /self-service/settings/flows | # Get Settings Flow
-[**GetSelfServiceVerificationFlow**](V0alpha2Api.md#GetSelfServiceVerificationFlow) | **Get** /self-service/verification/flows | # Get Verification Flow
-[**GetWebAuthnJavaScript**](V0alpha2Api.md#GetWebAuthnJavaScript) | **Get** /.well-known/ory/webauthn.js | # Get WebAuthn JavaScript
-[**InitializeSelfServiceLoginFlowForBrowsers**](V0alpha2Api.md#InitializeSelfServiceLoginFlowForBrowsers) | **Get** /self-service/login/browser | # Initialize Login Flow for Browsers
+[**GetSelfServiceError**](V0alpha2Api.md#GetSelfServiceError) | **Get** /self-service/errors | Get Self-Service Errors
+[**GetSelfServiceLoginFlow**](V0alpha2Api.md#GetSelfServiceLoginFlow) | **Get** /self-service/login/flows | Get Login Flow
+[**GetSelfServiceRecoveryFlow**](V0alpha2Api.md#GetSelfServiceRecoveryFlow) | **Get** /self-service/recovery/flows | Get Recovery Flow
+[**GetSelfServiceRegistrationFlow**](V0alpha2Api.md#GetSelfServiceRegistrationFlow) | **Get** /self-service/registration/flows | Get Registration Flow
+[**GetSelfServiceSettingsFlow**](V0alpha2Api.md#GetSelfServiceSettingsFlow) | **Get** /self-service/settings/flows | Get Settings Flow
+[**GetSelfServiceVerificationFlow**](V0alpha2Api.md#GetSelfServiceVerificationFlow) | **Get** /self-service/verification/flows | Get Verification Flow
+[**GetWebAuthnJavaScript**](V0alpha2Api.md#GetWebAuthnJavaScript) | **Get** /.well-known/ory/webauthn.js | Get WebAuthn JavaScript
+[**InitializeSelfServiceLoginFlowForBrowsers**](V0alpha2Api.md#InitializeSelfServiceLoginFlowForBrowsers) | **Get** /self-service/login/browser | Initialize Login Flow for Browsers
 [**InitializeSelfServiceLoginFlowWithoutBrowser**](V0alpha2Api.md#InitializeSelfServiceLoginFlowWithoutBrowser) | **Get** /self-service/login/api | Initialize Login Flow for APIs, Services, Apps, ...
-[**InitializeSelfServiceRecoveryFlowForBrowsers**](V0alpha2Api.md#InitializeSelfServiceRecoveryFlowForBrowsers) | **Get** /self-service/recovery/browser | # Initialize Recovery Flow for Browsers
+[**InitializeSelfServiceRecoveryFlowForBrowsers**](V0alpha2Api.md#InitializeSelfServiceRecoveryFlowForBrowsers) | **Get** /self-service/recovery/browser | Initialize Recovery Flow for Browsers
 [**InitializeSelfServiceRecoveryFlowWithoutBrowser**](V0alpha2Api.md#InitializeSelfServiceRecoveryFlowWithoutBrowser) | **Get** /self-service/recovery/api | Initialize Recovery Flow for APIs, Services, Apps, ...
-[**InitializeSelfServiceRegistrationFlowForBrowsers**](V0alpha2Api.md#InitializeSelfServiceRegistrationFlowForBrowsers) | **Get** /self-service/registration/browser | # Initialize Registration Flow for Browsers
+[**InitializeSelfServiceRegistrationFlowForBrowsers**](V0alpha2Api.md#InitializeSelfServiceRegistrationFlowForBrowsers) | **Get** /self-service/registration/browser | Initialize Registration Flow for Browsers
 [**InitializeSelfServiceRegistrationFlowWithoutBrowser**](V0alpha2Api.md#InitializeSelfServiceRegistrationFlowWithoutBrowser) | **Get** /self-service/registration/api | Initialize Registration Flow for APIs, Services, Apps, ...
-[**InitializeSelfServiceSettingsFlowForBrowsers**](V0alpha2Api.md#InitializeSelfServiceSettingsFlowForBrowsers) | **Get** /self-service/settings/browser | # Initialize Settings Flow for Browsers
+[**InitializeSelfServiceSettingsFlowForBrowsers**](V0alpha2Api.md#InitializeSelfServiceSettingsFlowForBrowsers) | **Get** /self-service/settings/browser | Initialize Settings Flow for Browsers
 [**InitializeSelfServiceSettingsFlowWithoutBrowser**](V0alpha2Api.md#InitializeSelfServiceSettingsFlowWithoutBrowser) | **Get** /self-service/settings/api | Initialize Settings Flow for APIs, Services, Apps, ...
-[**InitializeSelfServiceVerificationFlowForBrowsers**](V0alpha2Api.md#InitializeSelfServiceVerificationFlowForBrowsers) | **Get** /self-service/verification/browser | # Initialize Verification Flow for Browser Clients
+[**InitializeSelfServiceVerificationFlowForBrowsers**](V0alpha2Api.md#InitializeSelfServiceVerificationFlowForBrowsers) | **Get** /self-service/verification/browser | Initialize Verification Flow for Browser Clients
 [**InitializeSelfServiceVerificationFlowWithoutBrowser**](V0alpha2Api.md#InitializeSelfServiceVerificationFlowWithoutBrowser) | **Get** /self-service/verification/api | Initialize Verification Flow for APIs, Services, Apps, ...
 [**ListIdentitySchemas**](V0alpha2Api.md#ListIdentitySchemas) | **Get** /schemas | 
 [**ListSessions**](V0alpha2Api.md#ListSessions) | **Get** /sessions | This endpoints returns all other active sessions that belong to the logged-in user. The current session can be retrieved by calling the `/sessions/whoami` endpoint.
 [**RevokeSession**](V0alpha2Api.md#RevokeSession) | **Delete** /sessions/{id} | Calling this endpoint invalidates the specified session. The current session cannot be revoked. Session data are not deleted.
 [**RevokeSessions**](V0alpha2Api.md#RevokeSessions) | **Delete** /sessions | Calling this endpoint invalidates all except the current session that belong to the logged-in user. Session data are not deleted.
-[**SubmitSelfServiceLoginFlow**](V0alpha2Api.md#SubmitSelfServiceLoginFlow) | **Post** /self-service/login | # Submit a Login Flow
-[**SubmitSelfServiceLogoutFlow**](V0alpha2Api.md#SubmitSelfServiceLogoutFlow) | **Get** /self-service/logout | # Complete Self-Service Logout
+[**SubmitSelfServiceLoginFlow**](V0alpha2Api.md#SubmitSelfServiceLoginFlow) | **Post** /self-service/login | Submit a Login Flow
+[**SubmitSelfServiceLogoutFlow**](V0alpha2Api.md#SubmitSelfServiceLogoutFlow) | **Get** /self-service/logout | Complete Self-Service Logout
 [**SubmitSelfServiceLogoutFlowWithoutBrowser**](V0alpha2Api.md#SubmitSelfServiceLogoutFlowWithoutBrowser) | **Delete** /self-service/logout/api | Perform Logout for APIs, Services, Apps, ...
-[**SubmitSelfServiceRecoveryFlow**](V0alpha2Api.md#SubmitSelfServiceRecoveryFlow) | **Post** /self-service/recovery | # Complete Recovery Flow
-[**SubmitSelfServiceRegistrationFlow**](V0alpha2Api.md#SubmitSelfServiceRegistrationFlow) | **Post** /self-service/registration | # Submit a Registration Flow
-[**SubmitSelfServiceSettingsFlow**](V0alpha2Api.md#SubmitSelfServiceSettingsFlow) | **Post** /self-service/settings | # Complete Settings Flow
-[**SubmitSelfServiceVerificationFlow**](V0alpha2Api.md#SubmitSelfServiceVerificationFlow) | **Post** /self-service/verification | # Complete Verification Flow
-[**ToSession**](V0alpha2Api.md#ToSession) | **Get** /sessions/whoami | # Check Who the Current HTTP Session Belongs To
+[**SubmitSelfServiceRecoveryFlow**](V0alpha2Api.md#SubmitSelfServiceRecoveryFlow) | **Post** /self-service/recovery | Complete Recovery Flow
+[**SubmitSelfServiceRegistrationFlow**](V0alpha2Api.md#SubmitSelfServiceRegistrationFlow) | **Post** /self-service/registration | Submit a Registration Flow
+[**SubmitSelfServiceSettingsFlow**](V0alpha2Api.md#SubmitSelfServiceSettingsFlow) | **Post** /self-service/settings | Complete Settings Flow
+[**SubmitSelfServiceVerificationFlow**](V0alpha2Api.md#SubmitSelfServiceVerificationFlow) | **Post** /self-service/verification | Complete Verification Flow
+[**ToSession**](V0alpha2Api.md#ToSession) | **Get** /sessions/whoami | Check Who the Current HTTP Session Belongs To
 
 
 
@@ -53,7 +53,7 @@ Method | HTTP request | Description
 
 > Identity AdminCreateIdentity(ctx).AdminCreateIdentityBody(adminCreateIdentityBody).Execute()
 
-# Create an Identity
+Create an Identity
 
 
 
@@ -119,7 +119,7 @@ Name | Type | Description  | Notes
 
 > SelfServiceRecoveryLink AdminCreateSelfServiceRecoveryLink(ctx).AdminCreateSelfServiceRecoveryLinkBody(adminCreateSelfServiceRecoveryLinkBody).Execute()
 
-# Create a Recovery Link
+Create a Recovery Link
 
 
 
@@ -185,7 +185,7 @@ No authorization required
 
 > AdminDeleteIdentity(ctx, id).Execute()
 
-# Delete an Identity
+Delete an Identity
 
 
 
@@ -391,7 +391,7 @@ Name | Type | Description  | Notes
 
 > Identity AdminGetIdentity(ctx, id).IncludeCredential(includeCredential).Execute()
 
-# Get an Identity
+Get an Identity
 
 
 
@@ -463,7 +463,7 @@ Name | Type | Description  | Notes
 
 > []Message AdminListCourierMessages(ctx).PerPage(perPage).Page(page).Status(status).Recipient(recipient).Execute()
 
-# List Messages
+List Messages
 
 
 
@@ -535,7 +535,7 @@ No authorization required
 
 > []Identity AdminListIdentities(ctx).PerPage(perPage).Page(page).Execute()
 
-# List Identities
+List Identities
 
 
 
@@ -751,7 +751,7 @@ Name | Type | Description  | Notes
 
 > Identity AdminUpdateIdentity(ctx, id).AdminUpdateIdentityBody(adminUpdateIdentityBody).Execute()
 
-# Update an Identity
+Update an Identity
 
 
 
@@ -823,7 +823,7 @@ Name | Type | Description  | Notes
 
 > SelfServiceLogoutUrl CreateSelfServiceLogoutFlowUrlForBrowsers(ctx).Cookie(cookie).Execute()
 
-# Create a Logout URL for Browsers
+Create a Logout URL for Browsers
 
 
 
@@ -959,7 +959,7 @@ No authorization required
 
 > SelfServiceError GetSelfServiceError(ctx).Id(id).Execute()
 
-# Get Self-Service Errors
+Get Self-Service Errors
 
 
 
@@ -1025,7 +1025,7 @@ No authorization required
 
 > SelfServiceLoginFlow GetSelfServiceLoginFlow(ctx).Id(id).Cookie(cookie).Execute()
 
-# Get Login Flow
+Get Login Flow
 
 
 
@@ -1093,7 +1093,7 @@ No authorization required
 
 > SelfServiceRecoveryFlow GetSelfServiceRecoveryFlow(ctx).Id(id).Cookie(cookie).Execute()
 
-# Get Recovery Flow
+Get Recovery Flow
 
 
 
@@ -1161,7 +1161,7 @@ No authorization required
 
 > SelfServiceRegistrationFlow GetSelfServiceRegistrationFlow(ctx).Id(id).Cookie(cookie).Execute()
 
-# Get Registration Flow
+Get Registration Flow
 
 
 
@@ -1229,7 +1229,7 @@ No authorization required
 
 > SelfServiceSettingsFlow GetSelfServiceSettingsFlow(ctx).Id(id).XSessionToken(xSessionToken).Cookie(cookie).Execute()
 
-# Get Settings Flow
+Get Settings Flow
 
 
 
@@ -1299,7 +1299,7 @@ No authorization required
 
 > SelfServiceVerificationFlow GetSelfServiceVerificationFlow(ctx).Id(id).Cookie(cookie).Execute()
 
-# Get Verification Flow
+Get Verification Flow
 
 
 
@@ -1367,7 +1367,7 @@ No authorization required
 
 > string GetWebAuthnJavaScript(ctx).Execute()
 
-# Get WebAuthn JavaScript
+Get WebAuthn JavaScript
 
 
 
@@ -1428,7 +1428,7 @@ No authorization required
 
 > SelfServiceLoginFlow InitializeSelfServiceLoginFlowForBrowsers(ctx).Refresh(refresh).Aal(aal).ReturnTo(returnTo).Cookie(cookie).Execute()
 
-# Initialize Login Flow for Browsers
+Initialize Login Flow for Browsers
 
 
 
@@ -1570,7 +1570,7 @@ No authorization required
 
 > SelfServiceRecoveryFlow InitializeSelfServiceRecoveryFlowForBrowsers(ctx).ReturnTo(returnTo).Execute()
 
-# Initialize Recovery Flow for Browsers
+Initialize Recovery Flow for Browsers
 
 
 
@@ -1697,7 +1697,7 @@ No authorization required
 
 > SelfServiceRegistrationFlow InitializeSelfServiceRegistrationFlowForBrowsers(ctx).ReturnTo(returnTo).Execute()
 
-# Initialize Registration Flow for Browsers
+Initialize Registration Flow for Browsers
 
 
 
@@ -1824,7 +1824,7 @@ No authorization required
 
 > SelfServiceSettingsFlow InitializeSelfServiceSettingsFlowForBrowsers(ctx).ReturnTo(returnTo).Cookie(cookie).Execute()
 
-# Initialize Settings Flow for Browsers
+Initialize Settings Flow for Browsers
 
 
 
@@ -1958,7 +1958,7 @@ No authorization required
 
 > SelfServiceVerificationFlow InitializeSelfServiceVerificationFlowForBrowsers(ctx).ReturnTo(returnTo).Execute()
 
-# Initialize Verification Flow for Browser Clients
+Initialize Verification Flow for Browser Clients
 
 
 
@@ -2361,7 +2361,7 @@ No authorization required
 
 > SuccessfulSelfServiceLoginWithoutBrowser SubmitSelfServiceLoginFlow(ctx).Flow(flow).SubmitSelfServiceLoginFlowBody(submitSelfServiceLoginFlowBody).XSessionToken(xSessionToken).Cookie(cookie).Execute()
 
-# Submit a Login Flow
+Submit a Login Flow
 
 
 
@@ -2433,7 +2433,7 @@ No authorization required
 
 > SubmitSelfServiceLogoutFlow(ctx).Token(token).ReturnTo(returnTo).Execute()
 
-# Complete Self-Service Logout
+Complete Self-Service Logout
 
 
 
@@ -2563,7 +2563,7 @@ No authorization required
 
 > SelfServiceRecoveryFlow SubmitSelfServiceRecoveryFlow(ctx).Flow(flow).SubmitSelfServiceRecoveryFlowBody(submitSelfServiceRecoveryFlowBody).Token(token).Cookie(cookie).Execute()
 
-# Complete Recovery Flow
+Complete Recovery Flow
 
 
 
@@ -2635,7 +2635,7 @@ No authorization required
 
 > SuccessfulSelfServiceRegistrationWithoutBrowser SubmitSelfServiceRegistrationFlow(ctx).Flow(flow).SubmitSelfServiceRegistrationFlowBody(submitSelfServiceRegistrationFlowBody).Cookie(cookie).Execute()
 
-# Submit a Registration Flow
+Submit a Registration Flow
 
 
 
@@ -2705,7 +2705,7 @@ No authorization required
 
 > SelfServiceSettingsFlow SubmitSelfServiceSettingsFlow(ctx).Flow(flow).SubmitSelfServiceSettingsFlowBody(submitSelfServiceSettingsFlowBody).XSessionToken(xSessionToken).Cookie(cookie).Execute()
 
-# Complete Settings Flow
+Complete Settings Flow
 
 
 
@@ -2777,7 +2777,7 @@ No authorization required
 
 > SelfServiceVerificationFlow SubmitSelfServiceVerificationFlow(ctx).Flow(flow).SubmitSelfServiceVerificationFlowBody(submitSelfServiceVerificationFlowBody).Token(token).Cookie(cookie).Execute()
 
-# Complete Verification Flow
+Complete Verification Flow
 
 
 
@@ -2849,7 +2849,7 @@ No authorization required
 
 > Session ToSession(ctx).XSessionToken(xSessionToken).Cookie(cookie).Execute()
 
-# Check Who the Current HTTP Session Belongs To
+Check Who the Current HTTP Session Belongs To
 
 
 
diff --git a/spec/api.json b/spec/api.json
index 4ea203bc8040..4c2715777f82 100755
--- a/spec/api.json
+++ b/spec/api.json
@@ -2440,7 +2440,7 @@
             "description": "webAuthnJavaScript"
           }
         },
-        "summary": "# Get WebAuthn JavaScript",
+        "summary": "Get WebAuthn JavaScript",
         "tags": [
           "v0alpha2"
         ]
@@ -2523,7 +2523,7 @@
             "description": "jsonError"
           }
         },
-        "summary": "# List Messages",
+        "summary": "List Messages",
         "tags": [
           "v0alpha2"
         ]
@@ -2585,7 +2585,7 @@
             "oryAccessToken": []
           }
         ],
-        "summary": "# List Identities",
+        "summary": "List Identities",
         "tags": [
           "v0alpha2"
         ]
@@ -2650,7 +2650,7 @@
             "oryAccessToken": []
           }
         ],
-        "summary": "# Create an Identity",
+        "summary": "Create an Identity",
         "tags": [
           "v0alpha2"
         ]
@@ -2701,7 +2701,7 @@
             "oryAccessToken": []
           }
         ],
-        "summary": "# Delete an Identity",
+        "summary": "Delete an Identity",
         "tags": [
           "v0alpha2"
         ]
@@ -2768,7 +2768,7 @@
             "oryAccessToken": []
           }
         ],
-        "summary": "# Get an Identity",
+        "summary": "Get an Identity",
         "tags": [
           "v0alpha2"
         ]
@@ -2940,7 +2940,7 @@
             "oryAccessToken": []
           }
         ],
-        "summary": "# Update an Identity",
+        "summary": "Update an Identity",
         "tags": [
           "v0alpha2"
         ]
@@ -3180,7 +3180,7 @@
             "description": "jsonError"
           }
         },
-        "summary": "# Create a Recovery Link",
+        "summary": "Create a Recovery Link",
         "tags": [
           "v0alpha2"
         ]
@@ -3513,7 +3513,7 @@
             "description": "jsonError"
           }
         },
-        "summary": "# Get Self-Service Errors",
+        "summary": "Get Self-Service Errors",
         "tags": [
           "v0alpha2"
         ]
@@ -3621,7 +3621,7 @@
             "description": "jsonError"
           }
         },
-        "summary": "# Submit a Login Flow",
+        "summary": "Submit a Login Flow",
         "tags": [
           "v0alpha2"
         ]
@@ -3768,7 +3768,7 @@
             "description": "jsonError"
           }
         },
-        "summary": "# Initialize Login Flow for Browsers",
+        "summary": "Initialize Login Flow for Browsers",
         "tags": [
           "v0alpha2"
         ]
@@ -3849,7 +3849,7 @@
             "description": "jsonError"
           }
         },
-        "summary": "# Get Login Flow",
+        "summary": "Get Login Flow",
         "tags": [
           "v0alpha2"
         ]
@@ -3895,7 +3895,7 @@
             "description": "jsonError"
           }
         },
-        "summary": "# Complete Self-Service Logout",
+        "summary": "Complete Self-Service Logout",
         "tags": [
           "v0alpha2"
         ]
@@ -3993,7 +3993,7 @@
             "description": "jsonError"
           }
         },
-        "summary": "# Create a Logout URL for Browsers",
+        "summary": "Create a Logout URL for Browsers",
         "tags": [
           "v0alpha2"
         ]
@@ -4091,7 +4091,7 @@
             "description": "jsonError"
           }
         },
-        "summary": "# Complete Recovery Flow",
+        "summary": "Complete Recovery Flow",
         "tags": [
           "v0alpha2"
         ]
@@ -4188,7 +4188,7 @@
             "description": "jsonError"
           }
         },
-        "summary": "# Initialize Recovery Flow for Browsers",
+        "summary": "Initialize Recovery Flow for Browsers",
         "tags": [
           "v0alpha2"
         ]
@@ -4259,7 +4259,7 @@
             "description": "jsonError"
           }
         },
-        "summary": "# Get Recovery Flow",
+        "summary": "Get Recovery Flow",
         "tags": [
           "v0alpha2"
         ]
@@ -4359,7 +4359,7 @@
             "description": "jsonError"
           }
         },
-        "summary": "# Submit a Registration Flow",
+        "summary": "Submit a Registration Flow",
         "tags": [
           "v0alpha2"
         ]
@@ -4446,7 +4446,7 @@
             "description": "jsonError"
           }
         },
-        "summary": "# Initialize Registration Flow for Browsers",
+        "summary": "Initialize Registration Flow for Browsers",
         "tags": [
           "v0alpha2"
         ]
@@ -4527,7 +4527,7 @@
             "description": "jsonError"
           }
         },
-        "summary": "# Get Registration Flow",
+        "summary": "Get Registration Flow",
         "tags": [
           "v0alpha2"
         ]
@@ -4660,7 +4660,7 @@
             "sessionToken": []
           }
         ],
-        "summary": "# Complete Settings Flow",
+        "summary": "Complete Settings Flow",
         "tags": [
           "v0alpha2"
         ]
@@ -4795,7 +4795,7 @@
             "description": "jsonError"
           }
         },
-        "summary": "# Initialize Settings Flow for Browsers",
+        "summary": "Initialize Settings Flow for Browsers",
         "tags": [
           "v0alpha2"
         ]
@@ -4894,7 +4894,7 @@
             "description": "jsonError"
           }
         },
-        "summary": "# Get Settings Flow",
+        "summary": "Get Settings Flow",
         "tags": [
           "v0alpha2"
         ]
@@ -4992,7 +4992,7 @@
             "description": "jsonError"
           }
         },
-        "summary": "# Complete Verification Flow",
+        "summary": "Complete Verification Flow",
         "tags": [
           "v0alpha2"
         ]
@@ -5079,7 +5079,7 @@
             "description": "jsonError"
           }
         },
-        "summary": "# Initialize Verification Flow for Browser Clients",
+        "summary": "Initialize Verification Flow for Browser Clients",
         "tags": [
           "v0alpha2"
         ]
@@ -5150,7 +5150,7 @@
             "description": "jsonError"
           }
         },
-        "summary": "# Get Verification Flow",
+        "summary": "Get Verification Flow",
         "tags": [
           "v0alpha2"
         ]
@@ -5403,7 +5403,7 @@
             "description": "jsonError"
           }
         },
-        "summary": "# Check Who the Current HTTP Session Belongs To",
+        "summary": "Check Who the Current HTTP Session Belongs To",
         "tags": [
           "v0alpha2"
         ]
diff --git a/spec/swagger.json b/spec/swagger.json
index 7511d85d643b..480a2afa8d09 100755
--- a/spec/swagger.json
+++ b/spec/swagger.json
@@ -31,7 +31,7 @@
         "tags": [
           "v0alpha2"
         ],
-        "summary": "# Get WebAuthn JavaScript",
+        "summary": "Get WebAuthn JavaScript",
         "operationId": "getWebAuthnJavaScript",
         "responses": {
           "200": {
@@ -56,7 +56,7 @@
         "tags": [
           "v0alpha2"
         ],
-        "summary": "# List Messages",
+        "summary": "List Messages",
         "operationId": "adminListCourierMessages",
         "parameters": [
           {
@@ -132,7 +132,7 @@
         "tags": [
           "v0alpha2"
         ],
-        "summary": "# List Identities",
+        "summary": "List Identities",
         "operationId": "adminListIdentities",
         "parameters": [
           {
@@ -190,7 +190,7 @@
         "tags": [
           "v0alpha2"
         ],
-        "summary": "# Create an Identity",
+        "summary": "Create an Identity",
         "operationId": "adminCreateIdentity",
         "parameters": [
           {
@@ -250,7 +250,7 @@
         "tags": [
           "v0alpha2"
         ],
-        "summary": "# Get an Identity",
+        "summary": "Get an Identity",
         "operationId": "adminGetIdentity",
         "parameters": [
           {
@@ -311,7 +311,7 @@
         "tags": [
           "v0alpha2"
         ],
-        "summary": "# Update an Identity",
+        "summary": "Update an Identity",
         "operationId": "adminUpdateIdentity",
         "parameters": [
           {
@@ -379,7 +379,7 @@
         "tags": [
           "v0alpha2"
         ],
-        "summary": "# Delete an Identity",
+        "summary": "Delete an Identity",
         "operationId": "adminDeleteIdentity",
         "parameters": [
           {
@@ -636,7 +636,7 @@
         "tags": [
           "v0alpha2"
         ],
-        "summary": "# Create a Recovery Link",
+        "summary": "Create a Recovery Link",
         "operationId": "adminCreateSelfServiceRecoveryLink",
         "parameters": [
           {
@@ -892,7 +892,7 @@
         "tags": [
           "v0alpha2"
         ],
-        "summary": "# Get Self-Service Errors",
+        "summary": "Get Self-Service Errors",
         "operationId": "getSelfServiceError",
         "parameters": [
           {
@@ -950,7 +950,7 @@
         "tags": [
           "v0alpha2"
         ],
-        "summary": "# Submit a Login Flow",
+        "summary": "Submit a Login Flow",
         "operationId": "submitSelfServiceLoginFlow",
         "parameters": [
           {
@@ -1088,7 +1088,7 @@
         "tags": [
           "v0alpha2"
         ],
-        "summary": "# Initialize Login Flow for Browsers",
+        "summary": "Initialize Login Flow for Browsers",
         "operationId": "initializeSelfServiceLoginFlowForBrowsers",
         "parameters": [
           {
@@ -1154,7 +1154,7 @@
         "tags": [
           "v0alpha2"
         ],
-        "summary": "# Get Login Flow",
+        "summary": "Get Login Flow",
         "operationId": "getSelfServiceLoginFlow",
         "parameters": [
           {
@@ -1218,7 +1218,7 @@
         "tags": [
           "v0alpha2"
         ],
-        "summary": "# Complete Self-Service Logout",
+        "summary": "Complete Self-Service Logout",
         "operationId": "submitSelfServiceLogoutFlow",
         "parameters": [
           {
@@ -1310,7 +1310,7 @@
         "tags": [
           "v0alpha2"
         ],
-        "summary": "# Create a Logout URL for Browsers",
+        "summary": "Create a Logout URL for Browsers",
         "operationId": "createSelfServiceLogoutFlowUrlForBrowsers",
         "parameters": [
           {
@@ -1359,7 +1359,7 @@
         "tags": [
           "v0alpha2"
         ],
-        "summary": "# Complete Recovery Flow",
+        "summary": "Complete Recovery Flow",
         "operationId": "submitSelfServiceRecoveryFlow",
         "parameters": [
           {
@@ -1465,7 +1465,7 @@
         "tags": [
           "v0alpha2"
         ],
-        "summary": "# Initialize Recovery Flow for Browsers",
+        "summary": "Initialize Recovery Flow for Browsers",
         "operationId": "initializeSelfServiceRecoveryFlowForBrowsers",
         "parameters": [
           {
@@ -1513,7 +1513,7 @@
         "tags": [
           "v0alpha2"
         ],
-        "summary": "# Get Recovery Flow",
+        "summary": "Get Recovery Flow",
         "operationId": "getSelfServiceRecoveryFlow",
         "parameters": [
           {
@@ -1575,7 +1575,7 @@
         "tags": [
           "v0alpha2"
         ],
-        "summary": "# Submit a Registration Flow",
+        "summary": "Submit a Registration Flow",
         "operationId": "submitSelfServiceRegistrationFlow",
         "parameters": [
           {
@@ -1684,7 +1684,7 @@
         "tags": [
           "v0alpha2"
         ],
-        "summary": "# Initialize Registration Flow for Browsers",
+        "summary": "Initialize Registration Flow for Browsers",
         "operationId": "initializeSelfServiceRegistrationFlowForBrowsers",
         "parameters": [
           {
@@ -1726,7 +1726,7 @@
         "tags": [
           "v0alpha2"
         ],
-        "summary": "# Get Registration Flow",
+        "summary": "Get Registration Flow",
         "operationId": "getSelfServiceRegistrationFlow",
         "parameters": [
           {
@@ -1799,7 +1799,7 @@
         "tags": [
           "v0alpha2"
         ],
-        "summary": "# Complete Settings Flow",
+        "summary": "Complete Settings Flow",
         "operationId": "submitSelfServiceSettingsFlow",
         "parameters": [
           {
@@ -1931,7 +1931,7 @@
         "tags": [
           "v0alpha2"
         ],
-        "summary": "# Initialize Settings Flow for Browsers",
+        "summary": "Initialize Settings Flow for Browsers",
         "operationId": "initializeSelfServiceSettingsFlowForBrowsers",
         "parameters": [
           {
@@ -1997,7 +1997,7 @@
         "tags": [
           "v0alpha2"
         ],
-        "summary": "# Get Settings Flow",
+        "summary": "Get Settings Flow",
         "operationId": "getSelfServiceSettingsFlow",
         "parameters": [
           {
@@ -2077,7 +2077,7 @@
         "tags": [
           "v0alpha2"
         ],
-        "summary": "# Complete Verification Flow",
+        "summary": "Complete Verification Flow",
         "operationId": "submitSelfServiceVerificationFlow",
         "parameters": [
           {
@@ -2183,7 +2183,7 @@
         "tags": [
           "v0alpha2"
         ],
-        "summary": "# Initialize Verification Flow for Browser Clients",
+        "summary": "Initialize Verification Flow for Browser Clients",
         "operationId": "initializeSelfServiceVerificationFlowForBrowsers",
         "parameters": [
           {
@@ -2225,7 +2225,7 @@
         "tags": [
           "v0alpha2"
         ],
-        "summary": "# Get Verification Flow",
+        "summary": "Get Verification Flow",
         "operationId": "getSelfServiceVerificationFlow",
         "parameters": [
           {
@@ -2420,7 +2420,7 @@
         "tags": [
           "v0alpha2"
         ],
-        "summary": "# Check Who the Current HTTP Session Belongs To",
+        "summary": "Check Who the Current HTTP Session Belongs To",
         "operationId": "toSession",
         "parameters": [
           {

From 1736d80dac85db97e2ba4077a365b7360e7e7d1b Mon Sep 17 00:00:00 2001
From: Kevin Goslar 
Date: Mon, 26 Sep 2022 08:29:02 -0500
Subject: [PATCH 271/411] chore: remove double-tabs in Makefile (#2747)

---
 Makefile | 144 +++++++++++++++++++++++++++----------------------------
 1 file changed, 72 insertions(+), 72 deletions(-)

diff --git a/Makefile b/Makefile
index b2e009ef6c3a..3a329ab85d58 100644
--- a/Makefile
+++ b/Makefile
@@ -28,147 +28,147 @@ $(foreach dep, $(GO_DEPENDENCIES), $(eval $(call make-go-dependency, $(dep))))
 $(call make-lint-dependency)
 
 .bin/clidoc:
-		echo "deprecated usage, use docs/cli instead"
-		go build -o .bin/clidoc ./cmd/clidoc/.
+	echo "deprecated usage, use docs/cli instead"
+	go build -o .bin/clidoc ./cmd/clidoc/.
 
 .PHONY: .bin/yq
 .bin/yq:
-		go build -o .bin/yq github.com/mikefarah/yq/v4
+	go build -o .bin/yq github.com/mikefarah/yq/v4
 
 .PHONY: docs/cli
 docs/cli:
-		go run ./cmd/clidoc/. .
+	go run ./cmd/clidoc/. .
 
 .PHONY: docs/api
 docs/api:
-		npx @redocly/openapi-cli preview-docs spec/api.json
+	npx @redocly/openapi-cli preview-docs spec/api.json
 
 .PHONY: docs/swagger
 docs/swagger:
-		npx @redocly/openapi-cli preview-docs spec/swagger.json
+	npx @redocly/openapi-cli preview-docs spec/swagger.json
 
 .bin/ory: Makefile
-		bash <(curl https://raw.githubusercontent.com/ory/meta/master/install.sh) -d -b .bin ory v0.1.33
-		touch -a -m .bin/ory
+	bash <(curl https://raw.githubusercontent.com/ory/meta/master/install.sh) -d -b .bin ory v0.1.33
+	touch -a -m .bin/ory
 
 node_modules: package.json
-		npm ci
-		touch node_modules
+	npm ci
+	touch node_modules
 
 .bin/golangci-lint: Makefile
-		curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -d -b .bin v1.47.3
+	curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -d -b .bin v1.47.3
 
 .bin/hydra: Makefile
-		bash <(curl https://raw.githubusercontent.com/ory/meta/master/install.sh) -d -b .bin hydra v1.11.0
+	bash <(curl https://raw.githubusercontent.com/ory/meta/master/install.sh) -d -b .bin hydra v1.11.0
 
 .PHONY: lint
 lint: .bin/golangci-lint
-		golangci-lint run -v --timeout 10m ./...
+	golangci-lint run -v --timeout 10m ./...
 
 .PHONY: mocks
 mocks: .bin/mockgen
-		mockgen -mock_names Manager=MockLoginExecutorDependencies -package internal -destination internal/hook_login_executor_dependencies.go github.com/ory/kratos/selfservice loginExecutorDependencies
+	mockgen -mock_names Manager=MockLoginExecutorDependencies -package internal -destination internal/hook_login_executor_dependencies.go github.com/ory/kratos/selfservice loginExecutorDependencies
 
 .PHONY: install
 install:
-		GO111MODULE=on go install -tags sqlite .
+	GO111MODULE=on go install -tags sqlite .
 
 .PHONY: test-resetdb
 test-resetdb:
-		script/testenv.sh
+	script/testenv.sh
 
 .PHONY: test
 test:
-		go test -p 1 -tags sqlite -count=1 -failfast ./...
+	go test -p 1 -tags sqlite -count=1 -failfast ./...
 
 .PHONY: test-coverage
 test-coverage: .bin/go-acc .bin/goveralls
-		go-acc -o coverage.out ./... -- -v -failfast -timeout=20m -tags sqlite
+	go-acc -o coverage.out ./... -- -v -failfast -timeout=20m -tags sqlite
 
 # Generates the SDK
 .PHONY: sdk
 sdk: .bin/swagger .bin/ory node_modules
-		swagger generate spec -m -o spec/swagger.json \
-			-c github.com/ory/kratos \
-			-c github.com/ory/x/healthx \
-			-c github.com/ory/x/openapix
-		ory dev swagger sanitize ./spec/swagger.json
-		swagger validate ./spec/swagger.json
-		CIRCLE_PROJECT_USERNAME=ory CIRCLE_PROJECT_REPONAME=kratos \
-				ory dev openapi migrate \
-					--health-path-tags metadata \
-					-p https://raw.githubusercontent.com/ory/x/master/healthx/openapi/patch.yaml \
-					-p file://.schema/openapi/patches/meta.yaml \
-					-p file://.schema/openapi/patches/schema.yaml \
-					-p file://.schema/openapi/patches/selfservice.yaml \
-					-p file://.schema/openapi/patches/security.yaml \
-					-p file://.schema/openapi/patches/session.yaml \
-					-p file://.schema/openapi/patches/identity.yaml \
-					-p file://.schema/openapi/patches/courier.yaml \
-					-p file://.schema/openapi/patches/generic_error.yaml \
-					-p file://.schema/openapi/patches/common.yaml \
-					spec/swagger.json spec/api.json
-
-		rm -rf internal/httpclient
-		mkdir -p internal/httpclient/
-		npm run openapi-generator-cli -- generate -i "spec/api.json" \
-				-g go \
-				-o "internal/httpclient" \
-				--git-user-id ory \
-				--git-repo-id kratos-client-go \
-				--git-host github.com \
-				-t .schema/openapi/templates/go \
-				-c .schema/openapi/gen.go.yml
-
-		make format
+	swagger generate spec -m -o spec/swagger.json \
+		-c github.com/ory/kratos \
+		-c github.com/ory/x/healthx \
+		-c github.com/ory/x/openapix
+	ory dev swagger sanitize ./spec/swagger.json
+	swagger validate ./spec/swagger.json
+	CIRCLE_PROJECT_USERNAME=ory CIRCLE_PROJECT_REPONAME=kratos \
+		ory dev openapi migrate \
+			--health-path-tags metadata \
+			-p https://raw.githubusercontent.com/ory/x/master/healthx/openapi/patch.yaml \
+			-p file://.schema/openapi/patches/meta.yaml \
+			-p file://.schema/openapi/patches/schema.yaml \
+			-p file://.schema/openapi/patches/selfservice.yaml \
+			-p file://.schema/openapi/patches/security.yaml \
+			-p file://.schema/openapi/patches/session.yaml \
+			-p file://.schema/openapi/patches/identity.yaml \
+			-p file://.schema/openapi/patches/courier.yaml \
+			-p file://.schema/openapi/patches/generic_error.yaml \
+			-p file://.schema/openapi/patches/common.yaml \
+			spec/swagger.json spec/api.json
+
+	rm -rf internal/httpclient
+	mkdir -p internal/httpclient/
+	npm run openapi-generator-cli -- generate -i "spec/api.json" \
+		-g go \
+		-o "internal/httpclient" \
+		--git-user-id ory \
+		--git-repo-id kratos-client-go \
+		--git-host github.com \
+		-t .schema/openapi/templates/go \
+		-c .schema/openapi/gen.go.yml
+
+	make format
 
 .PHONY: quickstart
 quickstart:
-		docker pull oryd/kratos:latest
-		docker pull oryd/kratos-selfservice-ui-node:latest
-		docker-compose -f quickstart.yml -f quickstart-standalone.yml up --build --force-recreate
+	docker pull oryd/kratos:latest
+	docker pull oryd/kratos-selfservice-ui-node:latest
+	docker-compose -f quickstart.yml -f quickstart-standalone.yml up --build --force-recreate
 
 .PHONY: quickstart-dev
 quickstart-dev:
-		docker build -f .docker/Dockerfile-build -t oryd/kratos:latest .
-		docker-compose -f quickstart.yml -f quickstart-standalone.yml -f quickstart-latest.yml $(QUICKSTART_OPTIONS) up --build --force-recreate
+	docker build -f .docker/Dockerfile-build -t oryd/kratos:latest .
+	docker-compose -f quickstart.yml -f quickstart-standalone.yml -f quickstart-latest.yml $(QUICKSTART_OPTIONS) up --build --force-recreate
 
 # Formats the code
 .PHONY: format
 format: .bin/goimports node_modules
-		goimports -w -local github.com/ory .
-		npm exec -- prettier --write 'test/e2e/**/*{.ts,.js}'
-		npm exec -- prettier --write '.github'
+	goimports -w -local github.com/ory .
+	npm exec -- prettier --write 'test/e2e/**/*{.ts,.js}'
+	npm exec -- prettier --write '.github'
 
 # Build local docker image
 .PHONY: docker
 docker:
-		DOCKER_BUILDKIT=1 docker build -f .docker/Dockerfile-build --build-arg=COMMIT=$(VCS_REF) --build-arg=BUILD_DATE=$(BUILD_DATE) -t oryd/kratos:latest .
+	DOCKER_BUILDKIT=1 docker build -f .docker/Dockerfile-build --build-arg=COMMIT=$(VCS_REF) --build-arg=BUILD_DATE=$(BUILD_DATE) -t oryd/kratos:latest .
 
 # Runs the documentation tests
 .PHONY: test-docs
 test-docs: node_modules
-		npm run text-run
+	npm run text-run
 
 .PHONY: test-e2e
 test-e2e: node_modules test-resetdb
-		source script/test-envs.sh
-		test/e2e/run.sh sqlite
-		test/e2e/run.sh postgres
-		test/e2e/run.sh cockroach
-		test/e2e/run.sh mysql
+	source script/test-envs.sh
+	test/e2e/run.sh sqlite
+	test/e2e/run.sh postgres
+	test/e2e/run.sh cockroach
+	test/e2e/run.sh mysql
 
 .PHONY: migrations-sync
 migrations-sync: .bin/ory
-		ory dev pop migration sync persistence/sql/migrations/templates persistence/sql/migratest/testdata
-		script/add-down-migrations.sh
+	ory dev pop migration sync persistence/sql/migrations/templates persistence/sql/migratest/testdata
+	script/add-down-migrations.sh
 
 .PHONY: test-update-snapshots
 test-update-snapshots:
-		UPDATE_SNAPSHOTS=true go test -p 4 -tags sqlite -short ./...
+	UPDATE_SNAPSHOTS=true go test -p 4 -tags sqlite -short ./...
 
 .PHONY: post-release
 post-release: .bin/yq
-		cat quickstart.yml | yq '.services.kratos.image = "oryd/kratos:'$$DOCKER_TAG'"' | sponge quickstart.yml
-		cat quickstart.yml | yq '.services.kratos-migrate.image = "oryd/kratos:'$$DOCKER_TAG'"' | sponge quickstart.yml
-		cat quickstart.yml | yq '.services.kratos-selfservice-ui-node.image = "oryd/kratos-selfservice-ui-node:'$$DOCKER_TAG'"' | sponge quickstart.yml
+	cat quickstart.yml | yq '.services.kratos.image = "oryd/kratos:'$$DOCKER_TAG'"' | sponge quickstart.yml
+	cat quickstart.yml | yq '.services.kratos-migrate.image = "oryd/kratos:'$$DOCKER_TAG'"' | sponge quickstart.yml
+	cat quickstart.yml | yq '.services.kratos-selfservice-ui-node.image = "oryd/kratos-selfservice-ui-node:'$$DOCKER_TAG'"' | sponge quickstart.yml

From 1ff40ae6ee5c680fad8adfdbc8089ed07be1e088 Mon Sep 17 00:00:00 2001
From: Kevin Goslar 
Date: Mon, 26 Sep 2022 08:29:48 -0500
Subject: [PATCH 272/411] chore: format using Make (#2748)

---
 .github/workflows/ci.yaml    |  2 --
 .github/workflows/format.yml | 17 +++++++++++++++++
 2 files changed, 17 insertions(+), 2 deletions(-)
 create mode 100644 .github/workflows/format.yml

diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
index b1e98fc98d4b..8e825bae2859 100644
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@@ -83,8 +83,6 @@ jobs:
         uses: sonatype-nexus-community/nancy-github-action@v1.0.2
       - run: npm install
         name: Install node deps
-      - run: make format && git diff HEAD --exit-code --color
-        name: Check formatting issues
       - name: Run golangci-lint
         uses: golangci/golangci-lint-action@v2
         env:
diff --git a/.github/workflows/format.yml b/.github/workflows/format.yml
new file mode 100644
index 000000000000..a7a720ebc0a7
--- /dev/null
+++ b/.github/workflows/format.yml
@@ -0,0 +1,17 @@
+name: Format
+
+on:
+  pull_request:
+  push:
+
+jobs:
+  format:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - uses: actions/setup-go@v3
+        with:
+          go-version: 1.19
+      - run: make format
+      - name: Indicate formatting issues
+        run: git diff HEAD --exit-code --color

From 439f015825d704e395d1c23127ba968eda9c961d Mon Sep 17 00:00:00 2001
From: aeneasr <3372410+aeneasr@users.noreply.github.com>
Date: Mon, 26 Sep 2022 19:47:24 +0000
Subject: [PATCH 273/411] chore: update repository templates to
 https://github.com/ory/meta/commit/19eed817e5d5b64509887ef5f1e3eff3e3ce03a1

---
 README.md         | 11 +++++++++++
 package-lock.json |  3 +--
 2 files changed, 12 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index e2c1c6daa6f8..a41de0deedd8 100644
--- a/README.md
+++ b/README.md
@@ -465,6 +465,17 @@ that your company deserves a spot here, reach out to
                 
             
             lunasec.io
+        
+                
+            Adopter *
+            Serlo
+            
+                
+                    
+                    Serlo
+                
+            
+            serlo.org
         
     
 
diff --git a/package-lock.json b/package-lock.json
index 20bc1051908a..9895f8a50f48 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -5737,8 +5737,7 @@
       "version": "7.5.7",
       "resolved": "https://registry.npmjs.org/ws/-/ws-7.5.7.tgz",
       "integrity": "sha512-KMvVuFzpKBuiIXW3E4u3mySRO2/mCHSyZDJQM5NQ9Q9KHWHWh0NHgfbRMLLrceUK5qAL4ytALJbpRMjixFZh8A==",
-      "dev": true,
-      "requires": {}
+      "dev": true
     },
     "y18n": {
       "version": "5.0.8",

From 70976e6505f02c7a3b029e083d1b59cc9495a1a1 Mon Sep 17 00:00:00 2001
From: Kevin Goslar 
Date: Wed, 28 Sep 2022 11:36:36 -0500
Subject: [PATCH 274/411] chore: remove listx dependency (#2752)

---
 Makefile                | 1 -
 go_mod_indirect_pins.go | 1 -
 2 files changed, 2 deletions(-)

diff --git a/Makefile b/Makefile
index 3a329ab85d58..5fc2f9f86aef 100644
--- a/Makefile
+++ b/Makefile
@@ -12,7 +12,6 @@ export VCS_REF            := $(shell git rev-parse HEAD)
 export QUICKSTART_OPTIONS ?= ""
 
 GO_DEPENDENCIES = github.com/ory/go-acc \
-				  github.com/ory/x/tools/listx \
 				  github.com/golang/mock/mockgen \
 				  github.com/go-swagger/go-swagger/cmd/swagger \
 				  golang.org/x/tools/cmd/goimports \
diff --git a/go_mod_indirect_pins.go b/go_mod_indirect_pins.go
index fe353af458ca..80db14c9d02f 100644
--- a/go_mod_indirect_pins.go
+++ b/go_mod_indirect_pins.go
@@ -12,7 +12,6 @@ import (
 	_ "github.com/gobuffalo/fizz"
 
 	_ "github.com/ory/go-acc"
-	_ "github.com/ory/x/tools/listx"
 
 	_ "github.com/jteeuwen/go-bindata"
 

From 8e01e61d577bc022a813341ab06377208f5e1fb4 Mon Sep 17 00:00:00 2001
From: Ajay Kelkar 
Date: Tue, 4 Oct 2022 08:09:31 +0200
Subject: [PATCH 275/411] chore: remove dead code (#2769)

---
 session/persistence.go | 116 -----------------------------------------
 1 file changed, 116 deletions(-)

diff --git a/session/persistence.go b/session/persistence.go
index ed3cd882aefb..ad3bb4550c1b 100644
--- a/session/persistence.go
+++ b/session/persistence.go
@@ -2,17 +2,9 @@ package session
 
 import (
 	"context"
-	"testing"
 	"time"
 
-	"github.com/bxcodec/faker/v3"
 	"github.com/gofrs/uuid"
-	"github.com/stretchr/testify/assert"
-	"github.com/stretchr/testify/require"
-
-	"github.com/ory/kratos/driver/config"
-	"github.com/ory/kratos/identity"
-	"github.com/ory/kratos/x"
 )
 
 type PersistenceProvider interface {
@@ -59,111 +51,3 @@ type Persister interface {
 	// RevokeSessionsIdentityExcept marks all except the given session of an identity inactive. It returns the number of sessions that were revoked.
 	RevokeSessionsIdentityExcept(ctx context.Context, iID, sID uuid.UUID) (int, error)
 }
-
-func TestPersister(ctx context.Context, conf *config.Config, p interface {
-	Persister
-	identity.PrivilegedPool
-}) func(t *testing.T) {
-	return func(t *testing.T) {
-		conf.MustSet(ctx, config.ViperKeyIdentitySchemas, config.Schemas{
-			{ID: "default", URL: "file://./stub/identity.schema.json"},
-		})
-
-		t.Run("case=not found", func(t *testing.T) {
-			_, err := p.GetSession(ctx, x.NewUUID())
-			require.Error(t, err)
-		})
-
-		t.Run("case=create session", func(t *testing.T) {
-			var expected Session
-			require.NoError(t, faker.FakeData(&expected))
-			expected.Active = true
-			require.NoError(t, p.CreateIdentity(ctx, expected.Identity))
-
-			assert.Equal(t, uuid.Nil, expected.ID)
-			require.NoError(t, p.UpsertSession(ctx, &expected))
-			assert.NotEqual(t, uuid.Nil, expected.ID)
-
-			check := func(actual *Session, err error) {
-				require.NoError(t, err)
-				assert.Equal(t, expected.Identity.ID, actual.Identity.ID)
-				assert.NotEmpty(t, actual.Identity.SchemaURL)
-				assert.NotEmpty(t, actual.Identity.SchemaID)
-				assert.Equal(t, expected.ID, actual.ID)
-				assert.Equal(t, expected.Active, actual.Active)
-				assert.Equal(t, expected.Token, actual.Token)
-				assert.EqualValues(t, expected.ExpiresAt.Unix(), actual.ExpiresAt.Unix())
-				assert.Equal(t, expected.AuthenticatedAt.Unix(), actual.AuthenticatedAt.Unix())
-				assert.Equal(t, expected.IssuedAt.Unix(), actual.IssuedAt.Unix())
-			}
-
-			t.Run("method=get by id", func(t *testing.T) {
-				check(p.GetSession(ctx, expected.ID))
-			})
-
-			t.Run("method=get by token", func(t *testing.T) {
-				check(p.GetSessionByToken(ctx, expected.Token))
-			})
-		})
-
-		t.Run("case=delete session", func(t *testing.T) {
-			var expected Session
-			require.NoError(t, faker.FakeData(&expected))
-			require.NoError(t, p.CreateIdentity(ctx, expected.Identity))
-			require.NoError(t, p.UpsertSession(ctx, &expected))
-
-			require.NoError(t, p.DeleteSession(ctx, expected.ID))
-			_, err := p.GetSession(ctx, expected.ID)
-			require.Error(t, err)
-		})
-
-		t.Run("case=delete session by token", func(t *testing.T) {
-			var expected Session
-			require.NoError(t, faker.FakeData(&expected))
-			require.NoError(t, p.CreateIdentity(ctx, expected.Identity))
-			require.NoError(t, p.UpsertSession(ctx, &expected))
-
-			require.NoError(t, p.DeleteSessionByToken(ctx, expected.Token))
-			_, err := p.GetSession(ctx, expected.ID)
-			require.Error(t, err)
-		})
-
-		t.Run("case=revoke session by token", func(t *testing.T) {
-			var expected Session
-			require.NoError(t, faker.FakeData(&expected))
-			expected.Active = true
-			require.NoError(t, p.CreateIdentity(ctx, expected.Identity))
-			require.NoError(t, p.UpsertSession(ctx, &expected))
-
-			actual, err := p.GetSession(ctx, expected.ID)
-			require.NoError(t, err)
-			assert.True(t, actual.Active)
-
-			require.NoError(t, p.RevokeSessionByToken(ctx, expected.Token))
-
-			actual, err = p.GetSession(ctx, expected.ID)
-			require.NoError(t, err)
-			assert.False(t, actual.Active)
-		})
-
-		t.Run("case=delete session for", func(t *testing.T) {
-			var expected1 Session
-			var expected2 Session
-			require.NoError(t, faker.FakeData(&expected1))
-			require.NoError(t, p.CreateIdentity(ctx, expected1.Identity))
-
-			require.NoError(t, p.UpsertSession(ctx, &expected1))
-
-			require.NoError(t, faker.FakeData(&expected2))
-			expected2.Identity = expected1.Identity
-			expected2.IdentityID = expected1.IdentityID
-			require.NoError(t, p.UpsertSession(ctx, &expected2))
-
-			require.NoError(t, p.DeleteSessionsByIdentity(ctx, expected2.IdentityID))
-			_, err := p.GetSession(ctx, expected1.ID)
-			require.Error(t, err)
-			_, err = p.GetSession(ctx, expected2.ID)
-			require.Error(t, err)
-		})
-	}
-}

From 3852eb460251a079bad68d08bee2aef23516d168 Mon Sep 17 00:00:00 2001
From: Jordan May 
Date: Tue, 4 Oct 2022 02:26:52 -0400
Subject: [PATCH 276/411] feat: add support for firebase scrypt hashes on
 identity import and login hash upgrade (#2734)

See #2422
---
 hash/hash_comparator.go    | 97 ++++++++++++++++++++++++++++++++++++--
 hash/hasher_test.go        |  4 ++
 identity/handler_import.go |  2 +-
 3 files changed, 97 insertions(+), 6 deletions(-)

diff --git a/hash/hash_comparator.go b/hash/hash_comparator.go
index 7514dc7c999c..246d7204edf5 100644
--- a/hash/hash_comparator.go
+++ b/hash/hash_comparator.go
@@ -2,6 +2,8 @@ package hash
 
 import (
 	"context"
+	"crypto/aes"
+	"crypto/cipher"
 	"crypto/subtle"
 	"encoding/base64"
 	"fmt"
@@ -31,6 +33,8 @@ func Compare(ctx context.Context, password []byte, hash []byte) error {
 		return ComparePbkdf2(ctx, password, hash)
 	case IsScryptHash(hash):
 		return CompareScrypt(ctx, password, hash)
+	case IsFirebaseScryptHash(hash):
+		return CompareFirebaseScrypt(ctx, password, hash)
 	default:
 		return errors.WithStack(ErrUnknownHashAlgorithm)
 	}
@@ -132,12 +136,47 @@ func CompareScrypt(_ context.Context, password []byte, hash []byte) error {
 	return errors.WithStack(ErrMismatchedHashAndPassword)
 }
 
+func CompareFirebaseScrypt(_ context.Context, password []byte, hash []byte) error {
+	// Extract the parameters, salt and derived key from the encoded password
+	// hash.
+	p, salt, saltSeparator, hash, signerKey, err := decodeFirebaseScryptHash(string(hash))
+	if err != nil {
+		return err
+	}
+
+	// Derive the key from the other password using the same parameters.
+	// FirebaseScript algorithm implementation from https://github.com/Aoang/firebase-scrypt
+	ck, err := scrypt.Key(password, append(salt, saltSeparator...), int(p.Cost), int(p.Block), int(p.Parrellization), 32)
+	if err != nil {
+		return errors.WithStack(err)
+	}
+
+	var block cipher.Block
+	if block, err = aes.NewCipher(ck); err != nil {
+		return errors.WithStack(err)
+	}
+
+	cipherText := make([]byte, aes.BlockSize+len(signerKey))
+	stream := cipher.NewCTR(block, cipherText[:aes.BlockSize])
+	stream.XORKeyStream(cipherText[aes.BlockSize:], signerKey)
+	otherHash := cipherText[aes.BlockSize:]
+
+	// Check that the contents of the hashed passwords are identical. Note
+	// that we are using the subtle.ConstantTimeCompare() function for this
+	// to help prevent timing attacks.
+	if subtle.ConstantTimeCompare(hash, otherHash) == 1 {
+		return nil
+	}
+	return errors.WithStack(ErrMismatchedHashAndPassword)
+}
+
 var (
-	isBcryptHash   = regexp.MustCompile(`^\$2[abzy]?\$`)
-	isArgon2idHash = regexp.MustCompile(`^\$argon2id\$`)
-	isArgon2iHash  = regexp.MustCompile(`^\$argon2i\$`)
-	isPbkdf2Hash   = regexp.MustCompile(`^\$pbkdf2-sha[0-9]{1,3}\$`)
-	isScryptHash   = regexp.MustCompile(`^\$scrypt\$`)
+	isBcryptHash         = regexp.MustCompile(`^\$2[abzy]?\$`)
+	isArgon2idHash       = regexp.MustCompile(`^\$argon2id\$`)
+	isArgon2iHash        = regexp.MustCompile(`^\$argon2i\$`)
+	isPbkdf2Hash         = regexp.MustCompile(`^\$pbkdf2-sha[0-9]{1,3}\$`)
+	isScryptHash         = regexp.MustCompile(`^\$scrypt\$`)
+	isFirebaseScryptHash = regexp.MustCompile(`^\$firescrypt\$`)
 )
 
 func IsBcryptHash(hash []byte) bool {
@@ -160,6 +199,10 @@ func IsScryptHash(hash []byte) bool {
 	return isScryptHash.Match(hash)
 }
 
+func IsFirebaseScryptHash(hash []byte) bool {
+	return isFirebaseScryptHash.Match(hash)
+}
+
 func decodeArgon2idHash(encodedHash string) (p *config.Argon2, salt, hash []byte, err error) {
 	parts := strings.Split(encodedHash, "$")
 	if len(parts) != 6 {
@@ -260,3 +303,47 @@ func decodeScryptHash(encodedHash string) (p *Scrypt, salt, hash []byte, err err
 
 	return p, salt, hash, nil
 }
+
+// decodeFirebaseScryptHash decodes Firebase Scrypt encoded password hash.
+// format: $firescrypt$ln=,r=,p=$$$$
+func decodeFirebaseScryptHash(encodedHash string) (p *Scrypt, salt, saltSeparator, hash, signerKey []byte, err error) {
+	parts := strings.Split(encodedHash, "$")
+	if len(parts) != 7 {
+		return nil, nil, nil, nil, nil, ErrInvalidHash
+	}
+
+	p = new(Scrypt)
+
+	_, err = fmt.Sscanf(parts[2], "ln=%d,r=%d,p=%d", &p.Cost, &p.Block, &p.Parrellization)
+	if err != nil {
+		return nil, nil, nil, nil, nil, err
+	}
+	// convert from firebase config "mem_cost" to
+	// scrypt CPU/memory cost parameter, which must be a power of two greater than 1.
+	p.Cost = 1 << p.Cost
+
+	salt, err = base64.StdEncoding.Strict().DecodeString(parts[3])
+	if err != nil {
+		return nil, nil, nil, nil, nil, err
+	}
+	p.SaltLength = uint32(len(salt))
+
+	hash, err = base64.StdEncoding.Strict().DecodeString(parts[4])
+	if err != nil {
+		return nil, nil, nil, nil, nil, err
+	}
+	// Are all firebase script hashes of length 32?
+	p.KeyLength = 32
+
+	saltSeparator, err = base64.StdEncoding.Strict().DecodeString(parts[5])
+	if err != nil {
+		return nil, nil, nil, nil, nil, err
+	}
+
+	signerKey, err = base64.StdEncoding.Strict().DecodeString(parts[6])
+	if err != nil {
+		return nil, nil, nil, nil, nil, err
+	}
+
+	return p, salt, saltSeparator, hash, signerKey, nil
+}
diff --git a/hash/hasher_test.go b/hash/hasher_test.go
index cde1e3f00756..9d8bea0e9eb2 100644
--- a/hash/hasher_test.go
+++ b/hash/hasher_test.go
@@ -236,6 +236,10 @@ func TestCompare(t *testing.T) {
 	assert.Nil(t, hash.CompareScrypt(context.Background(), []byte("test"), []byte("$scrypt$ln=16384,r=8,p=1$2npRo7P03Mt8keSoMbyD/tKFWyUzjiQf2svUaNDSrhA=$MiCzNcIplSMqSBrm4HckjYqYhaVPPjTARTzwB1cVNYE=")))
 	assert.Error(t, hash.Compare(context.Background(), []byte("test"), []byte("$scrypt$ln=16384,r=8,p=1$2npRo7P03Mt8keSoMbyD/tKFWyUzjiQf2svUaNDSrhA=$MiCzNcIplSMqSBrm4HckjYqYhaVPPjTARTzwB1cVNYF=")))
 
+	assert.Nil(t, hash.Compare(context.Background(), []byte("8x4WjoDbSxJZdR"), []byte("$firescrypt$ln=14,r=8,p=1$sPtDhWcd1MfdAw==$xbSou7FOl6mChCyzpCPIQ7tku7nsQMTFtyOZSXXd7tjBa4NtimOx7v42Gv2SfzPQu1oxM2/k4SsbOu73wlKe1A==$Bw==$YE0dO4bwD4JnJafh6lZZfkp1MtKzuKAXQcDCJNJNyeCHairWHKENOkbh3dzwaCdizzOspwr/FITUVlnOAwPKyw==")))
+	assert.Nil(t, hash.CompareFirebaseScrypt(context.Background(), []byte("8x4WjoDbSxJZdR"), []byte("$firescrypt$ln=14,r=8,p=1$sPtDhWcd1MfdAw==$xbSou7FOl6mChCyzpCPIQ7tku7nsQMTFtyOZSXXd7tjBa4NtimOx7v42Gv2SfzPQu1oxM2/k4SsbOu73wlKe1A==$Bw==$YE0dO4bwD4JnJafh6lZZfkp1MtKzuKAXQcDCJNJNyeCHairWHKENOkbh3dzwaCdizzOspwr/FITUVlnOAwPKyw==")))
+	assert.Error(t, hash.Compare(context.Background(), []byte("8x4WjoDbSxJZdR"), []byte("$firescrypt$ln=14,r=8,p=1$sPtDhWcd1MfdAw==$xbSou7FOl6mChCyzpCPIQ7tku7nsQMTFtyOZSXXd7tjBa4NtimOx7v42Gv2SfzPQu1oxM2/k4SsbOu73wlKe1A==$Bw==$YE0dO4bwD4JnJafh6lZZfkp1MtKzuKAXQcDCJNJNyeCHairWHKENOkbh3dzwaCdizzOspwr/FITUVlnOAwPKyc==")))
+
 	assert.Error(t, hash.Compare(context.Background(), []byte("test"), []byte("$scrypt$2npRo7P03Mt8keSoMbyD/tKFWyUzjiQf2svUaNDSrhA=$MiCzNcIplSMqSBrm4HckjYqYhaVPPjTARTzwB1cVNYE=")))
 	assert.Error(t, hash.Compare(context.Background(), []byte("test"), []byte("$scrypt$ln=16384,r=8,p=1$(2npRo7P03Mt8keSoMbyD/tKFWyUzjiQf2svUaNDSrhA=$MiCzNcIplSMqSBrm4HckjYqYhaVPPjTARTzwB1cVNYE=")))
 	assert.Error(t, hash.Compare(context.Background(), []byte("test"), []byte("$scrypt$ln=16384,r=8,p=1$(2npRo7P03Mt8keSoMbyD/tKFWyUzjiQf2svUaNDSrhA=$(MiCzNcIplSMqSBrm4HckjYqYhaVPPjTARTzwB1cVNYE=")))
diff --git a/identity/handler_import.go b/identity/handler_import.go
index 40d3c3849553..75cff06a834b 100644
--- a/identity/handler_import.go
+++ b/identity/handler_import.go
@@ -45,7 +45,7 @@ func (h *Handler) importPasswordCredentials(ctx context.Context, i *Identity, cr
 		creds.Config.HashedPassword = string(hashed)
 	}
 
-	if !(hash.IsArgon2idHash(hashed) || hash.IsArgon2iHash(hashed) || hash.IsBcryptHash(hashed) || hash.IsPbkdf2Hash(hashed) || hash.IsScryptHash(hashed)) {
+	if !(hash.IsArgon2idHash(hashed) || hash.IsArgon2iHash(hashed) || hash.IsBcryptHash(hashed) || hash.IsPbkdf2Hash(hashed) || hash.IsScryptHash(hashed) || hash.IsFirebaseScryptHash(hashed)) {
 		return errors.WithStack(herodot.ErrBadRequest.WithReasonf("The imported password does not match any known hash format. For more information see https://www.ory.sh/dr/2"))
 	}
 

From 1d22b235291ce7102dd186a53a431b55780973d3 Mon Sep 17 00:00:00 2001
From: Patrik 
Date: Tue, 4 Oct 2022 08:27:34 +0200
Subject: [PATCH 277/411] refactor: use gotemplates for command usage (#2770)

---
 cmd/identities/delete.go | 10 +++++-----
 cmd/identities/get.go    | 10 +++++-----
 cmd/identities/import.go | 12 ++++++------
 cmd/identities/list.go   | 10 ++++------
 cmd/root.go              | 11 ++++++-----
 cmd/root_test.go         | 24 ++++++++++++++++++++++++
 go.mod                   |  8 ++++----
 go.sum                   | 12 ++++++------
 8 files changed, 60 insertions(+), 37 deletions(-)
 create mode 100644 cmd/root_test.go

diff --git a/cmd/identities/delete.go b/cmd/identities/delete.go
index e8514edff4c6..2d73548f4609 100644
--- a/cmd/identities/delete.go
+++ b/cmd/identities/delete.go
@@ -10,27 +10,27 @@ import (
 	"github.com/ory/x/cmdx"
 )
 
-func NewDeleteCmd(root *cobra.Command) *cobra.Command {
+func NewDeleteCmd() *cobra.Command {
 	cmd := &cobra.Command{
 		Use:   "delete",
 		Short: "Delete resources",
 	}
-	cmd.AddCommand(NewDeleteIdentityCmd(root))
+	cmd.AddCommand(NewDeleteIdentityCmd())
 	cliclient.RegisterClientFlags(cmd.PersistentFlags())
 	cmdx.RegisterFormatFlags(cmd.PersistentFlags())
 	return cmd
 }
 
-func NewDeleteIdentityCmd(root *cobra.Command) *cobra.Command {
+func NewDeleteIdentityCmd() *cobra.Command {
 	return &cobra.Command{
 		Use:   "identity id-0 [id-1] [id-2] [id-n]",
 		Short: "Delete one or more identities by their ID(s)",
 		Long: fmt.Sprintf(`This command deletes one or more identities by ID. To delete an identity by some selector, e.g. the recovery email address, use the list command in combination with jq.
 
 %s`, clihelpers.WarningJQIsComplicated),
-		Example: fmt.Sprintf(`To delete the identity with the recovery email address "foo@bar.com", run:
+		Example: `To delete the identity with the recovery email address "foo@bar.com", run:
 
-	%[1]s delete identity $(%[1]s list identities --format json | jq -r 'map(select(.recovery_addresses[].value == "foo@bar.com")) | .[].id')`, root.Use),
+	{{ .CommandPath }} $({{ .Root.Name }} list identities --format json | jq -r 'map(select(.recovery_addresses[].value == "foo@bar.com")) | .[].id')`,
 		Args: cobra.MinimumNArgs(1),
 		RunE: func(cmd *cobra.Command, args []string) error {
 			c, err := cliclient.NewClient(cmd)
diff --git a/cmd/identities/get.go b/cmd/identities/get.go
index ed34feb30775..8a7cdadf1f45 100644
--- a/cmd/identities/get.go
+++ b/cmd/identities/get.go
@@ -19,18 +19,18 @@ const (
 	FlagIncludeCreds = "include-credentials"
 )
 
-func NewGetCmd(root *cobra.Command) *cobra.Command {
+func NewGetCmd() *cobra.Command {
 	var cmd = &cobra.Command{
 		Use:   "get",
 		Short: "Get resources",
 	}
-	cmd.AddCommand(NewGetIdentityCmd(root))
+	cmd.AddCommand(NewGetIdentityCmd())
 	cliclient.RegisterClientFlags(cmd.PersistentFlags())
 	cmdx.RegisterFormatFlags(cmd.PersistentFlags())
 	return cmd
 }
 
-func NewGetIdentityCmd(root *cobra.Command) *cobra.Command {
+func NewGetIdentityCmd() *cobra.Command {
 	var (
 		includeCreds []string
 	)
@@ -41,9 +41,9 @@ func NewGetIdentityCmd(root *cobra.Command) *cobra.Command {
 		Long: fmt.Sprintf(`This command gets all the details about an identity. To get an identity by some selector, e.g. the recovery email address, use the list command in combination with jq.
 
 %s`, clihelpers.WarningJQIsComplicated),
-		Example: fmt.Sprintf(`To get the identities with the recovery email address at the domain "ory.sh", run:
+		Example: `To get the identities with the recovery email address at the domain "ory.sh", run:
 
-	%s get identity $(%[1]s ls identities --format json | jq -r 'map(select(.recovery_addresses[].value | endswith("@ory.sh"))) | .[].id')`, root.Use),
+	{{ .CommandPath }} $({{ .Root.Name }} ls identities --format json | jq -r 'map(select(.recovery_addresses[].value | endswith("@ory.sh"))) | .[].id')`,
 		Args: cobra.MinimumNArgs(1),
 		RunE: func(cmd *cobra.Command, args []string) error {
 			c, err := cliclient.NewClient(cmd)
diff --git a/cmd/identities/import.go b/cmd/identities/import.go
index ddaa280f1ac8..a89ac013bd9e 100644
--- a/cmd/identities/import.go
+++ b/cmd/identities/import.go
@@ -13,23 +13,23 @@ import (
 	"github.com/ory/kratos/cmd/cliclient"
 )
 
-func NewImportCmd(root *cobra.Command) *cobra.Command {
+func NewImportCmd() *cobra.Command {
 	var cmd = &cobra.Command{
 		Use:   "import",
 		Short: "Import resources",
 	}
-	cmd.AddCommand(NewImportIdentitiesCmd(root))
+	cmd.AddCommand(NewImportIdentitiesCmd())
 	cliclient.RegisterClientFlags(cmd.PersistentFlags())
 	cmdx.RegisterFormatFlags(cmd.PersistentFlags())
 	return cmd
 }
 
 // NewImportIdentitiesCmd represents the import command
-func NewImportIdentitiesCmd(root *cobra.Command) *cobra.Command {
+func NewImportIdentitiesCmd() *cobra.Command {
 	return &cobra.Command{
 		Use:   "identities file-1.json [file-2.json] [file-3.json] [file-n.json]",
 		Short: "Import one or more identities from files or STD_IN",
-		Example: fmt.Sprintf(`Create an example identity:
+		Example: `Create an example identity:
 
 	cat > ./file.json < ]",
 		Short:   "List identities",
 		Long:    "List identities (paginated)",
-		Example: fmt.Sprintf("%[1]s ls identities 100 1", root.Use),
+		Example: "{{ .CommandPath }} 100 1",
 		Args:    cmdx.ZeroOrTwoArgs,
 		Aliases: []string{"ls"},
 		RunE: func(cmd *cobra.Command, args []string) error {
diff --git a/cmd/root.go b/cmd/root.go
index d2cb518320af..641f81612cc9 100644
--- a/cmd/root.go
+++ b/cmd/root.go
@@ -23,19 +23,20 @@ import (
 	"github.com/spf13/cobra"
 )
 
-// RootCmd represents the base command when called without any subcommands
 func NewRootCmd() (cmd *cobra.Command) {
 	cmd = &cobra.Command{
 		Use: "kratos",
 	}
+	cmdx.EnableUsageTemplating(cmd)
+
 	courier.RegisterCommandRecursive(cmd, nil, nil)
-	cmd.AddCommand(identities.NewGetCmd(cmd))
-	cmd.AddCommand(identities.NewDeleteCmd(cmd))
+	cmd.AddCommand(identities.NewGetCmd())
+	cmd.AddCommand(identities.NewDeleteCmd())
 	cmd.AddCommand(jsonnet.NewFormatCmd())
 	hashers.RegisterCommandRecursive(cmd)
-	cmd.AddCommand(identities.NewImportCmd(cmd))
+	cmd.AddCommand(identities.NewImportCmd())
 	cmd.AddCommand(jsonnet.NewLintCmd())
-	cmd.AddCommand(identities.NewListCmd(cmd))
+	cmd.AddCommand(identities.NewListCmd())
 	migrate.RegisterCommandRecursive(cmd)
 	serve.RegisterCommandRecursive(cmd, nil, nil)
 	cleanup.RegisterCommandRecursive(cmd)
diff --git a/cmd/root_test.go b/cmd/root_test.go
new file mode 100644
index 000000000000..0a500dee6581
--- /dev/null
+++ b/cmd/root_test.go
@@ -0,0 +1,24 @@
+package cmd
+
+import (
+	"testing"
+
+	"github.com/spf13/cobra"
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+func assertUsageWorks(t *testing.T, cmd *cobra.Command) {
+	var usage string
+	require.NotPanics(t, func() {
+		usage = cmd.UsageString()
+	})
+	assert.NotContains(t, usage, "{{")
+	for _, child := range cmd.Commands() {
+		assertUsageWorks(t, child)
+	}
+}
+
+func TestUsageStrings(t *testing.T) {
+	assertUsageWorks(t, NewRootCmd())
+}
diff --git a/go.mod b/go.mod
index 003ba3113219..38185ea0a203 100644
--- a/go.mod
+++ b/go.mod
@@ -38,7 +38,7 @@ require (
 	github.com/go-errors/errors v1.0.1
 	github.com/go-openapi/strfmt v0.21.3
 	github.com/go-playground/validator/v10 v10.4.1
-	github.com/go-swagger/go-swagger v0.30.0
+	github.com/go-swagger/go-swagger v0.30.3
 	github.com/gobuffalo/fizz v1.14.2
 	github.com/gobuffalo/httptest v1.0.2
 	github.com/gobuffalo/pop/v6 v6.0.6
@@ -76,7 +76,7 @@ require (
 	github.com/ory/kratos-client-go v0.6.3-alpha.1
 	github.com/ory/mail/v3 v3.0.0
 	github.com/ory/nosurf v1.2.7
-	github.com/ory/x v0.0.470
+	github.com/ory/x v0.0.478
 	github.com/phayes/freeport v0.0.0-20180830031419-95f893ade6f2
 	github.com/pkg/errors v0.9.1
 	github.com/pquerna/otp v1.3.0
@@ -93,7 +93,7 @@ require (
 	github.com/zmb3/spotify/v2 v2.0.0
 	go.opentelemetry.io/otel v1.9.0
 	go.opentelemetry.io/otel/trace v1.9.0
-	golang.org/x/crypto v0.0.0-20220817201139-bc19a97f63c8
+	golang.org/x/crypto v0.0.0-20220829220503-c86fa9a7ed90
 	golang.org/x/net v0.0.0-20220826154423-83b083e8dc8b
 	golang.org/x/oauth2 v0.0.0-20220822191816-0ebed06d0094
 	golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4
@@ -315,7 +315,7 @@ require (
 	go.uber.org/multierr v1.7.0 // indirect
 	go.uber.org/zap v1.17.0 // indirect
 	golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4 // indirect
-	golang.org/x/sys v0.0.0-20220817070843-5a390386f1f2 // indirect
+	golang.org/x/sys v0.0.0-20220829200755-d48e67d00261 // indirect
 	golang.org/x/term v0.0.0-20210927222741-03fcf44c2211 // indirect
 	golang.org/x/text v0.3.7 // indirect
 	golang.org/x/time v0.0.0-20211116232009-f0f3c7e86c11 // indirect
diff --git a/go.sum b/go.sum
index 30d6d7bd5b8a..d03c0ac6ad24 100644
--- a/go.sum
+++ b/go.sum
@@ -639,8 +639,8 @@ github.com/go-sql-driver/mysql v1.6.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LB
 github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY=
 github.com/go-stack/stack v1.8.1 h1:ntEHSVwIt7PNXNpgPmVfMrNhLtgjlmnZha2kOpuRiDw=
 github.com/go-stack/stack v1.8.1/go.mod h1:dcoOX6HbPZSZptuspn9bctJ+N/CnF5gGygcUP3XYfe4=
-github.com/go-swagger/go-swagger v0.30.0 h1:HakSyutD7Ek9ndkR8Fxy6WAoQtgu7UcAmZCTa6SzawA=
-github.com/go-swagger/go-swagger v0.30.0/go.mod h1:GhZVX/KIBM4VpGp4P7AJOIrlTuBeRVPS+j9kk6rFmfY=
+github.com/go-swagger/go-swagger v0.30.3 h1:HuzvdMRed/9Q8vmzVcfNBQByZVtT79DNZxZ18OprdoI=
+github.com/go-swagger/go-swagger v0.30.3/go.mod h1:neDPes8r8PCz2JPvHRDj8BTULLh4VJUt7n6MpQqxhHM=
 github.com/go-swagger/scan-repo-boundary v0.0.0-20180623220736-973b3573c013 h1:l9rI6sNaZgNC0LnF3MiE+qTmyBA/tZAg1rtyrGbUMK0=
 github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0/go.mod h1:fyg7847qk6SyHyPtNmDHnmrv/HOrqktSC+C9fM+CJOE=
 github.com/go-test/deep v1.0.2-0.20181118220953-042da051cf31/go.mod h1:wGDj63lr65AM2AQyKZd/NYHGb0R+1RLqB8NKt3aSFNA=
@@ -1380,8 +1380,8 @@ github.com/ory/sessions v1.2.2-0.20220110165800-b09c17334dc2 h1:zm6sDvHy/U9XrGpi
 github.com/ory/sessions v1.2.2-0.20220110165800-b09c17334dc2/go.mod h1:dk2InVEVJ0sfLlnXv9EAgkf6ecYs/i80K/zI+bUmuGM=
 github.com/ory/viper v1.7.5 h1:+xVdq7SU3e1vNaCsk/ixsfxE4zylk1TJUiJrY647jUE=
 github.com/ory/viper v1.7.5/go.mod h1:ypOuyJmEUb3oENywQZRgeAMwqgOyDqwboO1tj3DjTaM=
-github.com/ory/x v0.0.470 h1:o/Ftf0o+q/K7zgWJ/I6lBkqBusWAsZNnDf6Gq/wYwU4=
-github.com/ory/x v0.0.470/go.mod h1:w2gwqgw3XqKTxW8wURVxUFI2NuDyIC2rGxvEsnBJqjs=
+github.com/ory/x v0.0.478 h1:xnVPCfDL+pZVejkc638yYDQlPV/Yajb7lNfdQ7HiUG8=
+github.com/ory/x v0.0.478/go.mod h1:w2gwqgw3XqKTxW8wURVxUFI2NuDyIC2rGxvEsnBJqjs=
 github.com/otiai10/copy v1.2.0/go.mod h1:rrF5dJ5F0t/EWSYODDu4j9/vEeYHMkc8jt0zJChqQWw=
 github.com/otiai10/curr v0.0.0-20150429015615-9b4961190c95/go.mod h1:9qAhocn7zKJG+0mI8eUu6xqkFDYS2kb2saOteoSB3cE=
 github.com/otiai10/curr v1.0.0/go.mod h1:LskTG5wDwr8Rs+nNQ+1LlxRjAtTZZjtJW4rMXl6j4vs=
@@ -1878,8 +1878,8 @@ golang.org/x/crypto v0.0.0-20210920023735-84f357641f63/go.mod h1:GvvjBRRGRdwPK5y
 golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/crypto v0.0.0-20211108221036-ceb1ce70b4fa/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/crypto v0.0.0-20220517005047-85d78b3ac167/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
-golang.org/x/crypto v0.0.0-20220817201139-bc19a97f63c8 h1:GIAS/yBem/gq2MUqgNIzUHW7cJMmx3TGZOrnyYaNQ6c=
-golang.org/x/crypto v0.0.0-20220817201139-bc19a97f63c8/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
+golang.org/x/crypto v0.0.0-20220829220503-c86fa9a7ed90 h1:Y/gsMcFOcR+6S6f3YeMKl5g+dZMEWqcz5Czj/GWYbkM=
+golang.org/x/crypto v0.0.0-20220829220503-c86fa9a7ed90/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=

From d612612313dc26f1ddaaa84dbca65139b967d52c Mon Sep 17 00:00:00 2001
From: hackerman <3372410+aeneasr@users.noreply.github.com>
Date: Tue, 4 Oct 2022 08:46:03 +0200
Subject: [PATCH 278/411] Revert "refactor: use gotemplates for command usage
 (#2770)" (#2778)

This reverts commit 1d22b235291ce7102dd186a53a431b55780973d3.
---
 cmd/identities/delete.go | 10 +++++-----
 cmd/identities/get.go    | 10 +++++-----
 cmd/identities/import.go | 12 ++++++------
 cmd/identities/list.go   | 10 ++++++----
 cmd/root.go              | 11 +++++------
 cmd/root_test.go         | 24 ------------------------
 go.mod                   |  8 ++++----
 go.sum                   | 12 ++++++------
 8 files changed, 37 insertions(+), 60 deletions(-)
 delete mode 100644 cmd/root_test.go

diff --git a/cmd/identities/delete.go b/cmd/identities/delete.go
index 2d73548f4609..e8514edff4c6 100644
--- a/cmd/identities/delete.go
+++ b/cmd/identities/delete.go
@@ -10,27 +10,27 @@ import (
 	"github.com/ory/x/cmdx"
 )
 
-func NewDeleteCmd() *cobra.Command {
+func NewDeleteCmd(root *cobra.Command) *cobra.Command {
 	cmd := &cobra.Command{
 		Use:   "delete",
 		Short: "Delete resources",
 	}
-	cmd.AddCommand(NewDeleteIdentityCmd())
+	cmd.AddCommand(NewDeleteIdentityCmd(root))
 	cliclient.RegisterClientFlags(cmd.PersistentFlags())
 	cmdx.RegisterFormatFlags(cmd.PersistentFlags())
 	return cmd
 }
 
-func NewDeleteIdentityCmd() *cobra.Command {
+func NewDeleteIdentityCmd(root *cobra.Command) *cobra.Command {
 	return &cobra.Command{
 		Use:   "identity id-0 [id-1] [id-2] [id-n]",
 		Short: "Delete one or more identities by their ID(s)",
 		Long: fmt.Sprintf(`This command deletes one or more identities by ID. To delete an identity by some selector, e.g. the recovery email address, use the list command in combination with jq.
 
 %s`, clihelpers.WarningJQIsComplicated),
-		Example: `To delete the identity with the recovery email address "foo@bar.com", run:
+		Example: fmt.Sprintf(`To delete the identity with the recovery email address "foo@bar.com", run:
 
-	{{ .CommandPath }} $({{ .Root.Name }} list identities --format json | jq -r 'map(select(.recovery_addresses[].value == "foo@bar.com")) | .[].id')`,
+	%[1]s delete identity $(%[1]s list identities --format json | jq -r 'map(select(.recovery_addresses[].value == "foo@bar.com")) | .[].id')`, root.Use),
 		Args: cobra.MinimumNArgs(1),
 		RunE: func(cmd *cobra.Command, args []string) error {
 			c, err := cliclient.NewClient(cmd)
diff --git a/cmd/identities/get.go b/cmd/identities/get.go
index 8a7cdadf1f45..ed34feb30775 100644
--- a/cmd/identities/get.go
+++ b/cmd/identities/get.go
@@ -19,18 +19,18 @@ const (
 	FlagIncludeCreds = "include-credentials"
 )
 
-func NewGetCmd() *cobra.Command {
+func NewGetCmd(root *cobra.Command) *cobra.Command {
 	var cmd = &cobra.Command{
 		Use:   "get",
 		Short: "Get resources",
 	}
-	cmd.AddCommand(NewGetIdentityCmd())
+	cmd.AddCommand(NewGetIdentityCmd(root))
 	cliclient.RegisterClientFlags(cmd.PersistentFlags())
 	cmdx.RegisterFormatFlags(cmd.PersistentFlags())
 	return cmd
 }
 
-func NewGetIdentityCmd() *cobra.Command {
+func NewGetIdentityCmd(root *cobra.Command) *cobra.Command {
 	var (
 		includeCreds []string
 	)
@@ -41,9 +41,9 @@ func NewGetIdentityCmd() *cobra.Command {
 		Long: fmt.Sprintf(`This command gets all the details about an identity. To get an identity by some selector, e.g. the recovery email address, use the list command in combination with jq.
 
 %s`, clihelpers.WarningJQIsComplicated),
-		Example: `To get the identities with the recovery email address at the domain "ory.sh", run:
+		Example: fmt.Sprintf(`To get the identities with the recovery email address at the domain "ory.sh", run:
 
-	{{ .CommandPath }} $({{ .Root.Name }} ls identities --format json | jq -r 'map(select(.recovery_addresses[].value | endswith("@ory.sh"))) | .[].id')`,
+	%s get identity $(%[1]s ls identities --format json | jq -r 'map(select(.recovery_addresses[].value | endswith("@ory.sh"))) | .[].id')`, root.Use),
 		Args: cobra.MinimumNArgs(1),
 		RunE: func(cmd *cobra.Command, args []string) error {
 			c, err := cliclient.NewClient(cmd)
diff --git a/cmd/identities/import.go b/cmd/identities/import.go
index a89ac013bd9e..ddaa280f1ac8 100644
--- a/cmd/identities/import.go
+++ b/cmd/identities/import.go
@@ -13,23 +13,23 @@ import (
 	"github.com/ory/kratos/cmd/cliclient"
 )
 
-func NewImportCmd() *cobra.Command {
+func NewImportCmd(root *cobra.Command) *cobra.Command {
 	var cmd = &cobra.Command{
 		Use:   "import",
 		Short: "Import resources",
 	}
-	cmd.AddCommand(NewImportIdentitiesCmd())
+	cmd.AddCommand(NewImportIdentitiesCmd(root))
 	cliclient.RegisterClientFlags(cmd.PersistentFlags())
 	cmdx.RegisterFormatFlags(cmd.PersistentFlags())
 	return cmd
 }
 
 // NewImportIdentitiesCmd represents the import command
-func NewImportIdentitiesCmd() *cobra.Command {
+func NewImportIdentitiesCmd(root *cobra.Command) *cobra.Command {
 	return &cobra.Command{
 		Use:   "identities file-1.json [file-2.json] [file-3.json] [file-n.json]",
 		Short: "Import one or more identities from files or STD_IN",
-		Example: `Create an example identity:
+		Example: fmt.Sprintf(`Create an example identity:
 
 	cat > ./file.json < ]",
 		Short:   "List identities",
 		Long:    "List identities (paginated)",
-		Example: "{{ .CommandPath }} 100 1",
+		Example: fmt.Sprintf("%[1]s ls identities 100 1", root.Use),
 		Args:    cmdx.ZeroOrTwoArgs,
 		Aliases: []string{"ls"},
 		RunE: func(cmd *cobra.Command, args []string) error {
diff --git a/cmd/root.go b/cmd/root.go
index 641f81612cc9..d2cb518320af 100644
--- a/cmd/root.go
+++ b/cmd/root.go
@@ -23,20 +23,19 @@ import (
 	"github.com/spf13/cobra"
 )
 
+// RootCmd represents the base command when called without any subcommands
 func NewRootCmd() (cmd *cobra.Command) {
 	cmd = &cobra.Command{
 		Use: "kratos",
 	}
-	cmdx.EnableUsageTemplating(cmd)
-
 	courier.RegisterCommandRecursive(cmd, nil, nil)
-	cmd.AddCommand(identities.NewGetCmd())
-	cmd.AddCommand(identities.NewDeleteCmd())
+	cmd.AddCommand(identities.NewGetCmd(cmd))
+	cmd.AddCommand(identities.NewDeleteCmd(cmd))
 	cmd.AddCommand(jsonnet.NewFormatCmd())
 	hashers.RegisterCommandRecursive(cmd)
-	cmd.AddCommand(identities.NewImportCmd())
+	cmd.AddCommand(identities.NewImportCmd(cmd))
 	cmd.AddCommand(jsonnet.NewLintCmd())
-	cmd.AddCommand(identities.NewListCmd())
+	cmd.AddCommand(identities.NewListCmd(cmd))
 	migrate.RegisterCommandRecursive(cmd)
 	serve.RegisterCommandRecursive(cmd, nil, nil)
 	cleanup.RegisterCommandRecursive(cmd)
diff --git a/cmd/root_test.go b/cmd/root_test.go
deleted file mode 100644
index 0a500dee6581..000000000000
--- a/cmd/root_test.go
+++ /dev/null
@@ -1,24 +0,0 @@
-package cmd
-
-import (
-	"testing"
-
-	"github.com/spf13/cobra"
-	"github.com/stretchr/testify/assert"
-	"github.com/stretchr/testify/require"
-)
-
-func assertUsageWorks(t *testing.T, cmd *cobra.Command) {
-	var usage string
-	require.NotPanics(t, func() {
-		usage = cmd.UsageString()
-	})
-	assert.NotContains(t, usage, "{{")
-	for _, child := range cmd.Commands() {
-		assertUsageWorks(t, child)
-	}
-}
-
-func TestUsageStrings(t *testing.T) {
-	assertUsageWorks(t, NewRootCmd())
-}
diff --git a/go.mod b/go.mod
index 38185ea0a203..003ba3113219 100644
--- a/go.mod
+++ b/go.mod
@@ -38,7 +38,7 @@ require (
 	github.com/go-errors/errors v1.0.1
 	github.com/go-openapi/strfmt v0.21.3
 	github.com/go-playground/validator/v10 v10.4.1
-	github.com/go-swagger/go-swagger v0.30.3
+	github.com/go-swagger/go-swagger v0.30.0
 	github.com/gobuffalo/fizz v1.14.2
 	github.com/gobuffalo/httptest v1.0.2
 	github.com/gobuffalo/pop/v6 v6.0.6
@@ -76,7 +76,7 @@ require (
 	github.com/ory/kratos-client-go v0.6.3-alpha.1
 	github.com/ory/mail/v3 v3.0.0
 	github.com/ory/nosurf v1.2.7
-	github.com/ory/x v0.0.478
+	github.com/ory/x v0.0.470
 	github.com/phayes/freeport v0.0.0-20180830031419-95f893ade6f2
 	github.com/pkg/errors v0.9.1
 	github.com/pquerna/otp v1.3.0
@@ -93,7 +93,7 @@ require (
 	github.com/zmb3/spotify/v2 v2.0.0
 	go.opentelemetry.io/otel v1.9.0
 	go.opentelemetry.io/otel/trace v1.9.0
-	golang.org/x/crypto v0.0.0-20220829220503-c86fa9a7ed90
+	golang.org/x/crypto v0.0.0-20220817201139-bc19a97f63c8
 	golang.org/x/net v0.0.0-20220826154423-83b083e8dc8b
 	golang.org/x/oauth2 v0.0.0-20220822191816-0ebed06d0094
 	golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4
@@ -315,7 +315,7 @@ require (
 	go.uber.org/multierr v1.7.0 // indirect
 	go.uber.org/zap v1.17.0 // indirect
 	golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4 // indirect
-	golang.org/x/sys v0.0.0-20220829200755-d48e67d00261 // indirect
+	golang.org/x/sys v0.0.0-20220817070843-5a390386f1f2 // indirect
 	golang.org/x/term v0.0.0-20210927222741-03fcf44c2211 // indirect
 	golang.org/x/text v0.3.7 // indirect
 	golang.org/x/time v0.0.0-20211116232009-f0f3c7e86c11 // indirect
diff --git a/go.sum b/go.sum
index d03c0ac6ad24..30d6d7bd5b8a 100644
--- a/go.sum
+++ b/go.sum
@@ -639,8 +639,8 @@ github.com/go-sql-driver/mysql v1.6.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LB
 github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY=
 github.com/go-stack/stack v1.8.1 h1:ntEHSVwIt7PNXNpgPmVfMrNhLtgjlmnZha2kOpuRiDw=
 github.com/go-stack/stack v1.8.1/go.mod h1:dcoOX6HbPZSZptuspn9bctJ+N/CnF5gGygcUP3XYfe4=
-github.com/go-swagger/go-swagger v0.30.3 h1:HuzvdMRed/9Q8vmzVcfNBQByZVtT79DNZxZ18OprdoI=
-github.com/go-swagger/go-swagger v0.30.3/go.mod h1:neDPes8r8PCz2JPvHRDj8BTULLh4VJUt7n6MpQqxhHM=
+github.com/go-swagger/go-swagger v0.30.0 h1:HakSyutD7Ek9ndkR8Fxy6WAoQtgu7UcAmZCTa6SzawA=
+github.com/go-swagger/go-swagger v0.30.0/go.mod h1:GhZVX/KIBM4VpGp4P7AJOIrlTuBeRVPS+j9kk6rFmfY=
 github.com/go-swagger/scan-repo-boundary v0.0.0-20180623220736-973b3573c013 h1:l9rI6sNaZgNC0LnF3MiE+qTmyBA/tZAg1rtyrGbUMK0=
 github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0/go.mod h1:fyg7847qk6SyHyPtNmDHnmrv/HOrqktSC+C9fM+CJOE=
 github.com/go-test/deep v1.0.2-0.20181118220953-042da051cf31/go.mod h1:wGDj63lr65AM2AQyKZd/NYHGb0R+1RLqB8NKt3aSFNA=
@@ -1380,8 +1380,8 @@ github.com/ory/sessions v1.2.2-0.20220110165800-b09c17334dc2 h1:zm6sDvHy/U9XrGpi
 github.com/ory/sessions v1.2.2-0.20220110165800-b09c17334dc2/go.mod h1:dk2InVEVJ0sfLlnXv9EAgkf6ecYs/i80K/zI+bUmuGM=
 github.com/ory/viper v1.7.5 h1:+xVdq7SU3e1vNaCsk/ixsfxE4zylk1TJUiJrY647jUE=
 github.com/ory/viper v1.7.5/go.mod h1:ypOuyJmEUb3oENywQZRgeAMwqgOyDqwboO1tj3DjTaM=
-github.com/ory/x v0.0.478 h1:xnVPCfDL+pZVejkc638yYDQlPV/Yajb7lNfdQ7HiUG8=
-github.com/ory/x v0.0.478/go.mod h1:w2gwqgw3XqKTxW8wURVxUFI2NuDyIC2rGxvEsnBJqjs=
+github.com/ory/x v0.0.470 h1:o/Ftf0o+q/K7zgWJ/I6lBkqBusWAsZNnDf6Gq/wYwU4=
+github.com/ory/x v0.0.470/go.mod h1:w2gwqgw3XqKTxW8wURVxUFI2NuDyIC2rGxvEsnBJqjs=
 github.com/otiai10/copy v1.2.0/go.mod h1:rrF5dJ5F0t/EWSYODDu4j9/vEeYHMkc8jt0zJChqQWw=
 github.com/otiai10/curr v0.0.0-20150429015615-9b4961190c95/go.mod h1:9qAhocn7zKJG+0mI8eUu6xqkFDYS2kb2saOteoSB3cE=
 github.com/otiai10/curr v1.0.0/go.mod h1:LskTG5wDwr8Rs+nNQ+1LlxRjAtTZZjtJW4rMXl6j4vs=
@@ -1878,8 +1878,8 @@ golang.org/x/crypto v0.0.0-20210920023735-84f357641f63/go.mod h1:GvvjBRRGRdwPK5y
 golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/crypto v0.0.0-20211108221036-ceb1ce70b4fa/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/crypto v0.0.0-20220517005047-85d78b3ac167/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
-golang.org/x/crypto v0.0.0-20220829220503-c86fa9a7ed90 h1:Y/gsMcFOcR+6S6f3YeMKl5g+dZMEWqcz5Czj/GWYbkM=
-golang.org/x/crypto v0.0.0-20220829220503-c86fa9a7ed90/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
+golang.org/x/crypto v0.0.0-20220817201139-bc19a97f63c8 h1:GIAS/yBem/gq2MUqgNIzUHW7cJMmx3TGZOrnyYaNQ6c=
+golang.org/x/crypto v0.0.0-20220817201139-bc19a97f63c8/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=

From 09751e6a03783701af60ce606633694ef67deacc Mon Sep 17 00:00:00 2001
From: Arne 
Date: Tue, 4 Oct 2022 13:08:17 +0200
Subject: [PATCH 279/411] feat: automatic TLS certificate reloading (#2744)

---
 cmd/daemon/serve.go                |   8 +-
 cmd/serve/root_test.go             |  26 +-----
 driver/config/config.go            |  43 +++++++---
 driver/config/config_test.go       | 128 ++++++++++++-----------------
 go.mod                             |  12 +--
 go.sum                             |  19 +++--
 internal/testhelpers/e2e_server.go |  56 ++++++++-----
 7 files changed, 143 insertions(+), 149 deletions(-)

diff --git a/cmd/daemon/serve.go b/cmd/daemon/serve.go
index a952448af803..fa8256833295 100644
--- a/cmd/daemon/serve.go
+++ b/cmd/daemon/serve.go
@@ -121,7 +121,7 @@ func ServePublic(r driver.Registry, cmd *cobra.Command, args []string, slOpts *s
 		handler = cors.New(options).Handler(handler)
 	}
 
-	certs := c.GetTSLCertificatesForPublic(ctx)
+	certs := c.GetTLSCertificatesForPublic(ctx)
 
 	if tracer := r.Tracer(ctx); tracer.IsLoaded() {
 		handler = x.TraceHandler(handler)
@@ -130,7 +130,7 @@ func ServePublic(r driver.Registry, cmd *cobra.Command, args []string, slOpts *s
 	// #nosec G112 - the correct settings are set by graceful.WithDefaults
 	server := graceful.WithDefaults(&http.Server{
 		Handler:   handler,
-		TLSConfig: &tls.Config{Certificates: certs, MinVersion: tls.VersionTLS12},
+		TLSConfig: &tls.Config{GetCertificate: certs, MinVersion: tls.VersionTLS12},
 	})
 	addr := c.PublicListenOn(ctx)
 
@@ -186,7 +186,7 @@ func ServeAdmin(r driver.Registry, cmd *cobra.Command, args []string, slOpts *se
 	r.PrometheusManager().RegisterRouter(router.Router)
 
 	n.UseHandler(router)
-	certs := c.GetTSLCertificatesForAdmin(ctx)
+	certs := c.GetTLSCertificatesForAdmin(ctx)
 
 	var handler http.Handler = n
 	if tracer := r.Tracer(ctx); tracer.IsLoaded() {
@@ -196,7 +196,7 @@ func ServeAdmin(r driver.Registry, cmd *cobra.Command, args []string, slOpts *se
 	// #nosec G112 - the correct settings are set by graceful.WithDefaults
 	server := graceful.WithDefaults(&http.Server{
 		Handler:   handler,
-		TLSConfig: &tls.Config{Certificates: certs, MinVersion: tls.VersionTLS12},
+		TLSConfig: &tls.Config{GetCertificate: certs, MinVersion: tls.VersionTLS12},
 	})
 
 	addr := c.AdminListenOn(ctx)
diff --git a/cmd/serve/root_test.go b/cmd/serve/root_test.go
index bb0827c373e5..bd1f2f805dee 100644
--- a/cmd/serve/root_test.go
+++ b/cmd/serve/root_test.go
@@ -1,15 +1,8 @@
 package serve_test
 
 import (
-	"encoding/base64"
-	"os"
-	"path/filepath"
 	"testing"
 
-	"github.com/stretchr/testify/require"
-
-	"github.com/ory/kratos/x"
-
 	"github.com/ory/kratos/internal/testhelpers"
 )
 
@@ -18,19 +11,7 @@ func TestServe(t *testing.T) {
 }
 
 func TestServeTLSBase64(t *testing.T) {
-	certPath := filepath.Join(os.TempDir(), "e2e_test_cert_"+x.NewUUID().String()+".pem")
-	keyPath := filepath.Join(os.TempDir(), "e2e_test_key_"+x.NewUUID().String()+".pem")
-
-	testhelpers.GenerateTLSCertificateFilesForTests(t, certPath, keyPath)
-
-	certRaw, err := os.ReadFile(certPath)
-	require.NoError(t, err)
-
-	keyRaw, err := os.ReadFile(keyPath)
-	require.NoError(t, err)
-
-	certBase64 := base64.StdEncoding.EncodeToString(certRaw)
-	keyBase64 := base64.StdEncoding.EncodeToString(keyRaw)
+	_, _, certBase64, keyBase64 := testhelpers.GenerateTLSCertificateFilesForTests(t)
 	publicPort, adminPort := testhelpers.StartE2EServerOnly(t,
 		"./stub/kratos.yml",
 		true,
@@ -45,10 +26,7 @@ func TestServeTLSBase64(t *testing.T) {
 }
 
 func TestServeTLSPaths(t *testing.T) {
-	certPath := filepath.Join(os.TempDir(), "e2e_test_cert_"+x.NewUUID().String()+".pem")
-	keyPath := filepath.Join(os.TempDir(), "e2e_test_key_"+x.NewUUID().String()+".pem")
-
-	testhelpers.GenerateTLSCertificateFilesForTests(t, certPath, keyPath)
+	certPath, keyPath, _, _ := testhelpers.GenerateTLSCertificateFilesForTests(t)
 
 	publicPort, adminPort := testhelpers.StartE2EServerOnly(t,
 		"./stub/kratos.yml",
diff --git a/driver/config/config.go b/driver/config/config.go
index ab0449a5c5e5..b0e50013cfc2 100644
--- a/driver/config/config.go
+++ b/driver/config/config.go
@@ -1284,8 +1284,11 @@ func (p *Config) CipherAlgorithm(ctx context.Context) string {
 	}
 }
 
-func (p *Config) GetTSLCertificatesForPublic(ctx context.Context) []tls.Certificate {
-	return p.getTSLCertificates(
+type CertFunc = func(*tls.ClientHelloInfo) (*tls.Certificate, error)
+
+func (p *Config) GetTLSCertificatesForPublic(ctx context.Context) CertFunc {
+	return p.getTLSCertificates(
+		ctx,
 		"public",
 		p.GetProvider(ctx).String(ViperKeyPublicTLSCertBase64),
 		p.GetProvider(ctx).String(ViperKeyPublicTLSKeyBase64),
@@ -1294,8 +1297,9 @@ func (p *Config) GetTSLCertificatesForPublic(ctx context.Context) []tls.Certific
 	)
 }
 
-func (p *Config) GetTSLCertificatesForAdmin(ctx context.Context) []tls.Certificate {
-	return p.getTSLCertificates(
+func (p *Config) GetTLSCertificatesForAdmin(ctx context.Context) CertFunc {
+	return p.getTLSCertificates(
+		ctx,
 		"admin",
 		p.GetProvider(ctx).String(ViperKeyAdminTLSCertBase64),
 		p.GetProvider(ctx).String(ViperKeyAdminTLSKeyBase64),
@@ -1304,16 +1308,31 @@ func (p *Config) GetTSLCertificatesForAdmin(ctx context.Context) []tls.Certifica
 	)
 }
 
-func (p *Config) getTSLCertificates(daemon, certBase64, keyBase64, certPath, keyPath string) []tls.Certificate {
-	cert, err := tlsx.Certificate(certBase64, keyBase64, certPath, keyPath)
-
-	if err == nil {
+func (p *Config) getTLSCertificates(ctx context.Context, daemon, certBase64, keyBase64, certPath, keyPath string) CertFunc {
+	if certBase64 != "" && keyBase64 != "" {
+		cert, err := tlsx.CertificateFromBase64(certBase64, keyBase64)
+		if err != nil {
+			p.l.WithError(err).Fatalf("Unable to load HTTPS TLS Certificate")
+			return nil // reachable in unit tests when Fatalf is hooked
+		}
 		p.l.Infof("Setting up HTTPS for %s", daemon)
-		return cert
-	} else if !errors.Is(err, tlsx.ErrNoCertificatesConfigured) {
-		p.l.WithError(err).Fatalf("Unable to load HTTPS TLS Certificate")
+		return func(*tls.ClientHelloInfo) (*tls.Certificate, error) { return &cert, nil }
+	}
+	if certPath != "" && keyPath != "" {
+		errs := make(chan error, 1)
+		getCert, err := tlsx.GetCertificate(ctx, certPath, keyPath, errs)
+		if err != nil {
+			p.l.WithError(err).Fatalf("Unable to load HTTPS TLS Certificate")
+			return nil // reachable in unit tests when Fatalf is hooked
+		}
+		go func() {
+			for err := range errs {
+				p.l.WithError(err).Error("Failed to reload TLS certificates, using previous certificates")
+			}
+		}()
+		p.l.Infof("Setting up HTTPS for %s (automatic certificate reloading active)", daemon)
+		return getCert
 	}
-
 	p.l.Infof("TLS has not been configured for %s, skipping", daemon)
 	return nil
 }
diff --git a/driver/config/config_test.go b/driver/config/config_test.go
index 97189b3c963c..7ca8588e302c 100644
--- a/driver/config/config_test.go
+++ b/driver/config/config_test.go
@@ -24,8 +24,6 @@ import (
 
 	"github.com/ory/x/watcherx"
 
-	"github.com/ory/kratos/x"
-
 	"github.com/ory/kratos/internal/testhelpers"
 
 	"github.com/ory/x/configx"
@@ -775,126 +773,106 @@ func TestViperProvider_HaveIBeenPwned(t *testing.T) {
 	})
 }
 
+func newTestConfig(t *testing.T) (_ *config.Config, _ *test.Hook, exited *bool) {
+	l := logrusx.New("", "")
+	h := new(test.Hook)
+	exited = new(bool)
+	l.Logger.Hooks.Add(h)
+	l.Logger.ExitFunc = func(code int) { *exited = true }
+	config := config.MustNew(t, l, os.Stderr, configx.SkipValidation())
+	return config, h, exited
+}
+
 func TestLoadingTLSConfig(t *testing.T) {
 	ctx := context.Background()
 	t.Parallel()
 
-	certPath := filepath.Join(os.TempDir(), "e2e_test_cert_"+x.NewUUID().String()+".pem")
-	keyPath := filepath.Join(os.TempDir(), "e2e_test_key_"+x.NewUUID().String()+".pem")
-
-	testhelpers.GenerateTLSCertificateFilesForTests(t, certPath, keyPath)
-
-	certRaw, err := os.ReadFile(certPath)
-	assert.Nil(t, err)
+	certPath, keyPath, certBase64, keyBase64 := testhelpers.GenerateTLSCertificateFilesForTests(t)
 
-	keyRaw, err := os.ReadFile(keyPath)
-	assert.Nil(t, err)
+	t.Run("case=public: no TLS config", func(t *testing.T) {
+		p, hook, exited := newTestConfig(t)
+		assert.Nil(t, p.GetTLSCertificatesForPublic(ctx))
+		assert.Equal(t, "TLS has not been configured for public, skipping", hook.LastEntry().Message)
+		assert.False(t, *exited)
+	})
 
-	certBase64 := base64.StdEncoding.EncodeToString(certRaw)
-	keyBase64 := base64.StdEncoding.EncodeToString(keyRaw)
+	t.Run("case=admin: no TLS config", func(t *testing.T) {
+		p, hook, exited := newTestConfig(t)
+		assert.Nil(t, p.GetTLSCertificatesForAdmin(ctx))
+		assert.Equal(t, "TLS has not been configured for admin, skipping", hook.LastEntry().Message)
+		assert.False(t, *exited)
+	})
 
 	t.Run("case=public: loading inline base64 certificate", func(t *testing.T) {
-		logger := logrusx.New("", "")
-		logger.Logger.ExitFunc = func(code int) { panic("") }
-		hook := new(test.Hook)
-		logger.Logger.Hooks.Add(hook)
-
-		p := config.MustNew(t, logger, os.Stderr, configx.SkipValidation())
+		p, hook, exited := newTestConfig(t)
 		p.MustSet(ctx, config.ViperKeyPublicTLSKeyBase64, keyBase64)
 		p.MustSet(ctx, config.ViperKeyPublicTLSCertBase64, certBase64)
-		assert.NotNil(t, p.GetTSLCertificatesForPublic(ctx))
+		assert.NotNil(t, p.GetTLSCertificatesForPublic(ctx))
 		assert.Equal(t, "Setting up HTTPS for public", hook.LastEntry().Message)
+		assert.False(t, *exited)
 	})
 
 	t.Run("case=public: loading certificate from a file", func(t *testing.T) {
-		logger := logrusx.New("", "")
-		logger.Logger.ExitFunc = func(code int) { panic("") }
-		hook := new(test.Hook)
-		logger.Logger.Hooks.Add(hook)
-
-		p := config.MustNew(t, logger, os.Stderr, configx.SkipValidation())
+		p, hook, exited := newTestConfig(t)
 		p.MustSet(ctx, config.ViperKeyPublicTLSKeyPath, keyPath)
 		p.MustSet(ctx, config.ViperKeyPublicTLSCertPath, certPath)
-		assert.NotNil(t, p.GetTSLCertificatesForPublic(ctx))
-		assert.Equal(t, "Setting up HTTPS for public", hook.LastEntry().Message)
+		assert.NotNil(t, p.GetTLSCertificatesForPublic(ctx))
+		assert.Equal(t, "Setting up HTTPS for public (automatic certificate reloading active)", hook.LastEntry().Message)
+		assert.False(t, *exited)
 	})
 
 	t.Run("case=public: failing to load inline base64 certificate", func(t *testing.T) {
-		logger := logrusx.New("", "")
-		logger.Logger.ExitFunc = func(code int) {}
-		hook := new(test.Hook)
-		logger.Logger.Hooks.Add(hook)
-
-		p := config.MustNew(t, logger, os.Stderr, configx.SkipValidation())
+		p, hook, exited := newTestConfig(t)
 		p.MustSet(ctx, config.ViperKeyPublicTLSKeyBase64, "empty")
 		p.MustSet(ctx, config.ViperKeyPublicTLSCertBase64, certBase64)
-		assert.Nil(t, p.GetTSLCertificatesForPublic(ctx))
-		assert.Equal(t, "TLS has not been configured for public, skipping", hook.LastEntry().Message)
+		assert.Nil(t, p.GetTLSCertificatesForPublic(ctx))
+		assert.Equal(t, "Unable to load HTTPS TLS Certificate", hook.LastEntry().Message)
+		assert.True(t, *exited)
 	})
 
 	t.Run("case=public: failing to load certificate from a file", func(t *testing.T) {
-		logger := logrusx.New("", "")
-		logger.Logger.ExitFunc = func(code int) {}
-		hook := new(test.Hook)
-		logger.Logger.Hooks.Add(hook)
-
-		p := config.MustNew(t, logger, os.Stderr, configx.SkipValidation())
+		p, hook, exited := newTestConfig(t)
 		p.MustSet(ctx, config.ViperKeyPublicTLSKeyPath, "/dev/null")
 		p.MustSet(ctx, config.ViperKeyPublicTLSCertPath, certPath)
-		assert.Nil(t, p.GetTSLCertificatesForPublic(ctx))
-		assert.Equal(t, "TLS has not been configured for public, skipping", hook.LastEntry().Message)
+		assert.Nil(t, p.GetTLSCertificatesForPublic(ctx))
+		assert.Equal(t, "Unable to load HTTPS TLS Certificate", hook.LastEntry().Message)
+		assert.True(t, *exited)
 	})
 
 	t.Run("case=admin: loading inline base64 certificate", func(t *testing.T) {
-		logger := logrusx.New("", "")
-		logger.Logger.ExitFunc = func(code int) { panic("") }
-		hook := new(test.Hook)
-		logger.Logger.Hooks.Add(hook)
-
-		p := config.MustNew(t, logger, os.Stderr, configx.SkipValidation())
+		p, hook, exited := newTestConfig(t)
 		p.MustSet(ctx, config.ViperKeyAdminTLSKeyBase64, keyBase64)
 		p.MustSet(ctx, config.ViperKeyAdminTLSCertBase64, certBase64)
-		assert.NotNil(t, p.GetTSLCertificatesForAdmin(ctx))
+		assert.NotNil(t, p.GetTLSCertificatesForAdmin(ctx))
 		assert.Equal(t, "Setting up HTTPS for admin", hook.LastEntry().Message)
+		assert.False(t, *exited)
 	})
 
 	t.Run("case=admin: loading certificate from a file", func(t *testing.T) {
-		logger := logrusx.New("", "")
-		logger.Logger.ExitFunc = func(code int) { panic("") }
-		hook := new(test.Hook)
-		logger.Logger.Hooks.Add(hook)
-
-		p := config.MustNew(t, logger, os.Stderr, configx.SkipValidation())
+		p, hook, exited := newTestConfig(t)
 		p.MustSet(ctx, config.ViperKeyAdminTLSKeyPath, keyPath)
 		p.MustSet(ctx, config.ViperKeyAdminTLSCertPath, certPath)
-		assert.NotNil(t, p.GetTSLCertificatesForAdmin(ctx))
-		assert.Equal(t, "Setting up HTTPS for admin", hook.LastEntry().Message)
+		assert.NotNil(t, p.GetTLSCertificatesForAdmin(ctx))
+		assert.Equal(t, "Setting up HTTPS for admin (automatic certificate reloading active)", hook.LastEntry().Message)
+		assert.False(t, *exited)
 	})
 
 	t.Run("case=admin: failing to load inline base64 certificate", func(t *testing.T) {
-		logger := logrusx.New("", "")
-		logger.Logger.ExitFunc = func(code int) {}
-		hook := new(test.Hook)
-		logger.Logger.Hooks.Add(hook)
-
-		p := config.MustNew(t, logger, os.Stderr, configx.SkipValidation())
+		p, hook, exited := newTestConfig(t)
 		p.MustSet(ctx, config.ViperKeyAdminTLSKeyBase64, "empty")
 		p.MustSet(ctx, config.ViperKeyAdminTLSCertBase64, certBase64)
-		assert.Nil(t, p.GetTSLCertificatesForAdmin(ctx))
-		assert.Equal(t, "TLS has not been configured for admin, skipping", hook.LastEntry().Message)
+		assert.Nil(t, p.GetTLSCertificatesForAdmin(ctx))
+		assert.Equal(t, "Unable to load HTTPS TLS Certificate", hook.LastEntry().Message)
+		assert.True(t, *exited)
 	})
 
 	t.Run("case=admin: failing to load certificate from a file", func(t *testing.T) {
-		logger := logrusx.New("", "")
-		logger.Logger.ExitFunc = func(code int) {}
-		hook := new(test.Hook)
-		logger.Logger.Hooks.Add(hook)
-
-		p := config.MustNew(t, logger, os.Stderr, configx.SkipValidation())
+		p, hook, exited := newTestConfig(t)
 		p.MustSet(ctx, config.ViperKeyAdminTLSKeyPath, "/dev/null")
 		p.MustSet(ctx, config.ViperKeyAdminTLSCertPath, certPath)
-		assert.Nil(t, p.GetTSLCertificatesForAdmin(ctx))
-		assert.Equal(t, "TLS has not been configured for admin, skipping", hook.LastEntry().Message)
+		assert.Nil(t, p.GetTLSCertificatesForAdmin(ctx))
+		assert.Equal(t, "Unable to load HTTPS TLS Certificate", hook.LastEntry().Message)
+		assert.True(t, *exited)
 	})
 
 }
diff --git a/go.mod b/go.mod
index 003ba3113219..7c5da3e213d1 100644
--- a/go.mod
+++ b/go.mod
@@ -76,7 +76,7 @@ require (
 	github.com/ory/kratos-client-go v0.6.3-alpha.1
 	github.com/ory/mail/v3 v3.0.0
 	github.com/ory/nosurf v1.2.7
-	github.com/ory/x v0.0.470
+	github.com/ory/x v0.0.474
 	github.com/phayes/freeport v0.0.0-20180830031419-95f893ade6f2
 	github.com/pkg/errors v0.9.1
 	github.com/pquerna/otp v1.3.0
@@ -199,7 +199,7 @@ require (
 	github.com/hashicorp/hcl v1.0.0 // indirect
 	github.com/hashicorp/serf v0.9.7 // indirect
 	github.com/huandu/xstrings v1.3.2 // indirect
-	github.com/inconshreveable/mousetrap v1.0.0 // indirect
+	github.com/inconshreveable/mousetrap v1.0.1 // indirect
 	github.com/jackc/chunkreader/v2 v2.0.1 // indirect
 	github.com/jackc/pgconn v1.12.1 // indirect
 	github.com/jackc/pgio v1.0.0 // indirect
@@ -267,11 +267,11 @@ require (
 	github.com/soheilhy/cmux v0.1.5 // indirect
 	github.com/sourcegraph/annotate v0.0.0-20160123013949-f4cad6c6324d // indirect
 	github.com/sourcegraph/syntaxhighlight v0.0.0-20170531221838-bd320f5d308e // indirect
-	github.com/spf13/afero v1.8.2 // indirect
+	github.com/spf13/afero v1.9.2 // indirect
 	github.com/spf13/cast v1.5.0 // indirect
 	github.com/spf13/jwalterweatherman v1.1.0 // indirect
 	github.com/spf13/viper v1.12.0 // indirect
-	github.com/subosito/gotenv v1.3.0 // indirect
+	github.com/subosito/gotenv v1.4.1 // indirect
 	github.com/tidwall/match v1.1.1 // indirect
 	github.com/tidwall/pretty v1.2.0 // indirect
 	github.com/timtadh/data-structures v0.5.3 // indirect
@@ -315,7 +315,7 @@ require (
 	go.uber.org/multierr v1.7.0 // indirect
 	go.uber.org/zap v1.17.0 // indirect
 	golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4 // indirect
-	golang.org/x/sys v0.0.0-20220817070843-5a390386f1f2 // indirect
+	golang.org/x/sys v0.0.0-20220919091848-fb04ddd9f9c8 // indirect
 	golang.org/x/term v0.0.0-20210927222741-03fcf44c2211 // indirect
 	golang.org/x/text v0.3.7 // indirect
 	golang.org/x/time v0.0.0-20211116232009-f0f3c7e86c11 // indirect
@@ -327,7 +327,7 @@ require (
 	gopkg.in/alecthomas/kingpin.v2 v2.2.6 // indirect
 	gopkg.in/alexcesaro/quotedprintable.v3 v3.0.0-20150716171945-2caba252f4dc // indirect
 	gopkg.in/cheggaaa/pb.v1 v1.0.28 // indirect
-	gopkg.in/ini.v1 v1.66.4 // indirect
+	gopkg.in/ini.v1 v1.67.0 // indirect
 	gopkg.in/op/go-logging.v1 v1.0.0-20160211212156-b2cb9fa56473 // indirect
 	gopkg.in/square/go-jose.v2 v2.6.0 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
diff --git a/go.sum b/go.sum
index 30d6d7bd5b8a..5fe0fe82e50e 100644
--- a/go.sum
+++ b/go.sum
@@ -986,8 +986,9 @@ github.com/imdario/mergo v0.3.10/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH
 github.com/imdario/mergo v0.3.11/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA=
 github.com/imdario/mergo v0.3.12 h1:b6R2BslTbIEToALKP7LxUvijTsNI9TAe80pLWN2g/HU=
 github.com/imdario/mergo v0.3.12/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA=
-github.com/inconshreveable/mousetrap v1.0.0 h1:Z8tu5sraLXCXIcARxBp/8cbvlwVa7Z1NHg9XEKhtSvM=
 github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8=
+github.com/inconshreveable/mousetrap v1.0.1 h1:U3uMjPSQEBMNp1lFxmllqCPM6P5u/Xq7Pgzkat/bFNc=
+github.com/inconshreveable/mousetrap v1.0.1/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw=
 github.com/influxdata/influxdb1-client v0.0.0-20191209144304-8bf82d3c094d/go.mod h1:qj24IKcXYK6Iy9ceXlo3Tc+vtHo9lIhSX5JddghvEPo=
 github.com/inhies/go-bytesize v0.0.0-20210819104631-275770b98743 h1:X3Xxno5Ji8idrNiUoFc7QyXpqhSYlDRYQmc7mlpMBzU=
 github.com/inhies/go-bytesize v0.0.0-20210819104631-275770b98743/go.mod h1:KrtyD5PFj++GKkFS/7/RRrfnRhAMGQwy75GLCHWrCNs=
@@ -1380,8 +1381,8 @@ github.com/ory/sessions v1.2.2-0.20220110165800-b09c17334dc2 h1:zm6sDvHy/U9XrGpi
 github.com/ory/sessions v1.2.2-0.20220110165800-b09c17334dc2/go.mod h1:dk2InVEVJ0sfLlnXv9EAgkf6ecYs/i80K/zI+bUmuGM=
 github.com/ory/viper v1.7.5 h1:+xVdq7SU3e1vNaCsk/ixsfxE4zylk1TJUiJrY647jUE=
 github.com/ory/viper v1.7.5/go.mod h1:ypOuyJmEUb3oENywQZRgeAMwqgOyDqwboO1tj3DjTaM=
-github.com/ory/x v0.0.470 h1:o/Ftf0o+q/K7zgWJ/I6lBkqBusWAsZNnDf6Gq/wYwU4=
-github.com/ory/x v0.0.470/go.mod h1:w2gwqgw3XqKTxW8wURVxUFI2NuDyIC2rGxvEsnBJqjs=
+github.com/ory/x v0.0.474 h1:AZT+RGoKw33hOxUiSi3x2/mD0POmMKEB/lYpJpJPlrw=
+github.com/ory/x v0.0.474/go.mod h1:w2gwqgw3XqKTxW8wURVxUFI2NuDyIC2rGxvEsnBJqjs=
 github.com/otiai10/copy v1.2.0/go.mod h1:rrF5dJ5F0t/EWSYODDu4j9/vEeYHMkc8jt0zJChqQWw=
 github.com/otiai10/curr v0.0.0-20150429015615-9b4961190c95/go.mod h1:9qAhocn7zKJG+0mI8eUu6xqkFDYS2kb2saOteoSB3cE=
 github.com/otiai10/curr v1.0.0/go.mod h1:LskTG5wDwr8Rs+nNQ+1LlxRjAtTZZjtJW4rMXl6j4vs=
@@ -1581,8 +1582,8 @@ github.com/spf13/afero v1.3.3/go.mod h1:5KUK8ByomD5Ti5Artl0RtHeI5pTF7MIDuXL3yY52
 github.com/spf13/afero v1.3.4/go.mod h1:Ai8FlHk4v/PARR026UzYexafAt9roJ7LcLMAmO6Z93I=
 github.com/spf13/afero v1.5.1/go.mod h1:Ai8FlHk4v/PARR026UzYexafAt9roJ7LcLMAmO6Z93I=
 github.com/spf13/afero v1.6.0/go.mod h1:Ai8FlHk4v/PARR026UzYexafAt9roJ7LcLMAmO6Z93I=
-github.com/spf13/afero v1.8.2 h1:xehSyVa0YnHWsJ49JFljMpg1HX19V6NDZ1fkm1Xznbo=
-github.com/spf13/afero v1.8.2/go.mod h1:CtAatgMJh6bJEIs48Ay/FOnkljP3WeGUG0MC1RfAqwo=
+github.com/spf13/afero v1.9.2 h1:j49Hj62F0n+DaZ1dDCvhABaPNSGNkt32oRFxI33IEMw=
+github.com/spf13/afero v1.9.2/go.mod h1:iUV7ddyEEZPO5gA3zD4fJt6iStLlL+Lg4m2cihcDf8Y=
 github.com/spf13/cast v1.3.0/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE=
 github.com/spf13/cast v1.3.1/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE=
 github.com/spf13/cast v1.3.2-0.20200723214538-8d17101741c8/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE=
@@ -1635,8 +1636,8 @@ github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/
 github.com/stretchr/testify v1.8.0 h1:pSgiaMZlXftHpm5L7V1+rVB+AZJydKsMxsQBIJw4PKk=
 github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
 github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69rRypqCw=
-github.com/subosito/gotenv v1.3.0 h1:mjC+YW8QpAdXibNi+vNWgzmgBH4+5l5dCXv8cNysBLI=
-github.com/subosito/gotenv v1.3.0/go.mod h1:YzJjq/33h7nrwdY+iHMhEOEEbW0ovIz0tB6t6PwAXzs=
+github.com/subosito/gotenv v1.4.1 h1:jyEFiXpy21Wm81FBN71l9VoMMV8H8jG+qIK3GCpY6Qs=
+github.com/subosito/gotenv v1.4.1/go.mod h1:ayKnFf/c6rvx/2iiLrJUk1e6plDbT3edrFNGqEflhK0=
 github.com/syndtr/gocapability v0.0.0-20170704070218-db04d3cc01c8/go.mod h1:hkRG7XYTFWNJGYcbNJQlaLq0fg1yr4J4t/NcTQtrfww=
 github.com/syndtr/gocapability v0.0.0-20180916011248-d98352740cb2/go.mod h1:hkRG7XYTFWNJGYcbNJQlaLq0fg1yr4J4t/NcTQtrfww=
 github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635/go.mod h1:hkRG7XYTFWNJGYcbNJQlaLq0fg1yr4J4t/NcTQtrfww=
@@ -2406,8 +2407,8 @@ gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw=
 gopkg.in/ini.v1 v1.51.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
 gopkg.in/ini.v1 v1.57.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
 gopkg.in/ini.v1 v1.62.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
-gopkg.in/ini.v1 v1.66.4 h1:SsAcf+mM7mRZo2nJNGt8mZCjG8ZRaNGMURJw7BsIST4=
-gopkg.in/ini.v1 v1.66.4/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
+gopkg.in/ini.v1 v1.67.0 h1:Dgnx+6+nfE+IfzjUEISNeydPJh9AXNNsWbGP9KzCsOA=
+gopkg.in/ini.v1 v1.67.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
 gopkg.in/mail.v2 v2.3.1/go.mod h1:htwXN1Qh09vZJ1NVKxQqHPBaCBbzKhp5GzuJEA4VJWw=
 gopkg.in/natefinch/lumberjack.v2 v2.0.0/go.mod h1:l0ndWWf7gzL7RNwBG7wST/UCcT4T24xpD6X8LsfU/+k=
 gopkg.in/op/go-logging.v1 v1.0.0-20160211212156-b2cb9fa56473 h1:6D+BvnJ/j6e222UW8s2qTSe3wGBtvo0MbVQG/c5k8RE=
diff --git a/internal/testhelpers/e2e_server.go b/internal/testhelpers/e2e_server.go
index 671ad9e1671d..9a645841ebb4 100644
--- a/internal/testhelpers/e2e_server.go
+++ b/internal/testhelpers/e2e_server.go
@@ -7,9 +7,11 @@ import (
 	"crypto/rsa"
 	"crypto/tls"
 	"crypto/x509"
+	"encoding/base64"
 	"encoding/pem"
 	"errors"
 	"fmt"
+	"io"
 	"net/http"
 	"os"
 	"path/filepath"
@@ -181,35 +183,51 @@ func CheckE2EServerOnHTTPS(t *testing.T, publicPort, adminPort int) (publicUrl,
 	return
 }
 
-func GenerateTLSCertificateFilesForTests(t *testing.T, certPath, keyPath string) {
+// GenerateTLSCertificateFilesForTests writes a new, self-signed TLS
+// certificate+key (in PEM format) to a temporary location on disk and returns
+// the paths to both, as well as the respective contents in base64 encoding. The
+// files are automatically cleaned up when the given *testing.T concludes its
+// tests.
+func GenerateTLSCertificateFilesForTests(t *testing.T) (certPath, keyPath, certBase64, keyBase64 string) {
+	tmpDir := t.TempDir()
+
 	privateKey, err := rsa.GenerateKey(rand.Reader, 2048)
 	require.NoError(t, err)
 
 	cert, err := tlsx.CreateSelfSignedCertificate(privateKey)
 	require.NoError(t, err)
 
-	certOut, err := os.Create(certPath)
-	require.NoError(t, err, "Failed to open cert.pem for writing: %v", err)
+	// write cert
+	certFile, err := os.CreateTemp(tmpDir, "test-*-cert.pem")
+	require.NoError(t, err, "Failed to create temp file for certificate: %v", err)
+	certPath = certFile.Name()
 
+	var buf bytes.Buffer
+	enc := base64.NewEncoder(base64.StdEncoding, &buf)
+	certOut := io.MultiWriter(enc, certFile)
 	err = pem.Encode(certOut, &pem.Block{Type: "CERTIFICATE", Bytes: cert.Raw})
-	require.NoError(t, err, "Failed to write data to cert.pem: %v", err)
-
-	err = certOut.Close()
-	require.NoError(t, err, "Error closing cert.pem: %v", err)
-
-	t.Logf("wrote cert.pem")
-
-	keyOut, err := os.OpenFile(keyPath, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0600)
-	require.NoError(t, err, "Failed to open key.pem for writing: %v", err)
+	require.NoError(t, err, "Failed to write data to %q: %v", certPath, err)
+	err = certFile.Close()
+	require.NoError(t, err, "Error closing %q: %v", certPath, err)
+	certBase64 = buf.String()
+	t.Log("wrote", certPath)
+
+	// write key
+	keyFile, err := os.CreateTemp(tmpDir, "test-*-key.pem")
+	require.NoError(t, err, "Failed to create temp file for key: %v", err)
+	keyPath = keyFile.Name()
+	buf.Reset()
+	enc = base64.NewEncoder(base64.StdEncoding, &buf)
+	keyOut := io.MultiWriter(enc, keyFile)
 
 	privBytes, err := x509.MarshalPKCS8PrivateKey(privateKey)
-	require.NoError(t, err, "Unable to marshal private key: %v", err)
+	require.NoError(t, err, "Failed to marshal private key: %v", err)
 
 	err = pem.Encode(keyOut, &pem.Block{Type: "PRIVATE KEY", Bytes: privBytes})
-	require.NoError(t, err, "Failed to write data to key.pem: %v", err)
-
-	err = keyOut.Close()
-	require.NoError(t, err, "Error closing key.pem: %v", err)
-
-	t.Logf("wrote key.pem")
+	require.NoError(t, err, "Failed to write data to %q: %v", keyPath, err)
+	err = keyFile.Close()
+	require.NoError(t, err, "Error closing %q: %v", keyPath, err)
+	keyBase64 = buf.String()
+	t.Log("wrote", keyPath)
+	return
 }

From 37ff495d601dfb1968d9d51f6275eea5bb4ac416 Mon Sep 17 00:00:00 2001
From: Patrik 
Date: Tue, 4 Oct 2022 11:08:16 +0200
Subject: [PATCH 280/411] ci: remove deprecated linters (replaced by `unused`)

---
 .github/workflows/ci.yaml | 2 +-
 .golangci.yml             | 3 ---
 2 files changed, 1 insertion(+), 4 deletions(-)

diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
index 8e825bae2859..01c0f8856550 100644
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@@ -89,7 +89,7 @@ jobs:
           GOGC: 100
         with:
           args: --timeout 10m0s
-          version: v1.47.3
+          version: v1.49.0
           skip-go-installation: true
           skip-pkg-cache: true
       - name: Build Kratos
diff --git a/.golangci.yml b/.golangci.yml
index bdd1945fa090..079e952252ba 100644
--- a/.golangci.yml
+++ b/.golangci.yml
@@ -1,15 +1,12 @@
 linters:
   enable:
-    - deadcode
     - errcheck
     - gosimple
     - govet
     - staticcheck
-    - structcheck
     - typecheck
     - unused
     - gosec
-    - varcheck
 #    - golint
     - goimports
   disable:

From baa84c681b0c7fa29d653bd7226e792a5f44cb4c Mon Sep 17 00:00:00 2001
From: Patrik 
Date: Tue, 4 Oct 2022 11:08:31 +0200
Subject: [PATCH 281/411] refactor: use gotemplates for command usage

---
 cmd/identities/delete.go      | 10 +++++-----
 cmd/identities/delete_test.go |  4 +---
 cmd/identities/get.go         | 10 +++++-----
 cmd/identities/get_test.go    |  4 +---
 cmd/identities/import.go      | 12 ++++++------
 cmd/identities/import_test.go |  4 +---
 cmd/identities/list.go        | 10 ++++------
 cmd/identities/list_test.go   |  4 +---
 cmd/root.go                   | 11 ++++++-----
 cmd/root_test.go              | 11 +++++++++++
 go.mod                        |  6 +++---
 11 files changed, 44 insertions(+), 42 deletions(-)
 create mode 100644 cmd/root_test.go

diff --git a/cmd/identities/delete.go b/cmd/identities/delete.go
index e8514edff4c6..2d73548f4609 100644
--- a/cmd/identities/delete.go
+++ b/cmd/identities/delete.go
@@ -10,27 +10,27 @@ import (
 	"github.com/ory/x/cmdx"
 )
 
-func NewDeleteCmd(root *cobra.Command) *cobra.Command {
+func NewDeleteCmd() *cobra.Command {
 	cmd := &cobra.Command{
 		Use:   "delete",
 		Short: "Delete resources",
 	}
-	cmd.AddCommand(NewDeleteIdentityCmd(root))
+	cmd.AddCommand(NewDeleteIdentityCmd())
 	cliclient.RegisterClientFlags(cmd.PersistentFlags())
 	cmdx.RegisterFormatFlags(cmd.PersistentFlags())
 	return cmd
 }
 
-func NewDeleteIdentityCmd(root *cobra.Command) *cobra.Command {
+func NewDeleteIdentityCmd() *cobra.Command {
 	return &cobra.Command{
 		Use:   "identity id-0 [id-1] [id-2] [id-n]",
 		Short: "Delete one or more identities by their ID(s)",
 		Long: fmt.Sprintf(`This command deletes one or more identities by ID. To delete an identity by some selector, e.g. the recovery email address, use the list command in combination with jq.
 
 %s`, clihelpers.WarningJQIsComplicated),
-		Example: fmt.Sprintf(`To delete the identity with the recovery email address "foo@bar.com", run:
+		Example: `To delete the identity with the recovery email address "foo@bar.com", run:
 
-	%[1]s delete identity $(%[1]s list identities --format json | jq -r 'map(select(.recovery_addresses[].value == "foo@bar.com")) | .[].id')`, root.Use),
+	{{ .CommandPath }} $({{ .Root.Name }} list identities --format json | jq -r 'map(select(.recovery_addresses[].value == "foo@bar.com")) | .[].id')`,
 		Args: cobra.MinimumNArgs(1),
 		RunE: func(cmd *cobra.Command, args []string) error {
 			c, err := cliclient.NewClient(cmd)
diff --git a/cmd/identities/delete_test.go b/cmd/identities/delete_test.go
index 034fd280a558..eec1c9aca7c1 100644
--- a/cmd/identities/delete_test.go
+++ b/cmd/identities/delete_test.go
@@ -8,8 +8,6 @@ import (
 
 	"github.com/tidwall/gjson"
 
-	"github.com/spf13/cobra"
-
 	"github.com/ory/kratos/cmd/identities"
 
 	"github.com/stretchr/testify/assert"
@@ -22,7 +20,7 @@ import (
 )
 
 func TestDeleteCmd(t *testing.T) {
-	c := identities.NewDeleteIdentityCmd(new(cobra.Command))
+	c := identities.NewDeleteIdentityCmd()
 	reg := setup(t, c)
 
 	t.Run("case=deletes successfully", func(t *testing.T) {
diff --git a/cmd/identities/get.go b/cmd/identities/get.go
index ed34feb30775..8a7cdadf1f45 100644
--- a/cmd/identities/get.go
+++ b/cmd/identities/get.go
@@ -19,18 +19,18 @@ const (
 	FlagIncludeCreds = "include-credentials"
 )
 
-func NewGetCmd(root *cobra.Command) *cobra.Command {
+func NewGetCmd() *cobra.Command {
 	var cmd = &cobra.Command{
 		Use:   "get",
 		Short: "Get resources",
 	}
-	cmd.AddCommand(NewGetIdentityCmd(root))
+	cmd.AddCommand(NewGetIdentityCmd())
 	cliclient.RegisterClientFlags(cmd.PersistentFlags())
 	cmdx.RegisterFormatFlags(cmd.PersistentFlags())
 	return cmd
 }
 
-func NewGetIdentityCmd(root *cobra.Command) *cobra.Command {
+func NewGetIdentityCmd() *cobra.Command {
 	var (
 		includeCreds []string
 	)
@@ -41,9 +41,9 @@ func NewGetIdentityCmd(root *cobra.Command) *cobra.Command {
 		Long: fmt.Sprintf(`This command gets all the details about an identity. To get an identity by some selector, e.g. the recovery email address, use the list command in combination with jq.
 
 %s`, clihelpers.WarningJQIsComplicated),
-		Example: fmt.Sprintf(`To get the identities with the recovery email address at the domain "ory.sh", run:
+		Example: `To get the identities with the recovery email address at the domain "ory.sh", run:
 
-	%s get identity $(%[1]s ls identities --format json | jq -r 'map(select(.recovery_addresses[].value | endswith("@ory.sh"))) | .[].id')`, root.Use),
+	{{ .CommandPath }} $({{ .Root.Name }} ls identities --format json | jq -r 'map(select(.recovery_addresses[].value | endswith("@ory.sh"))) | .[].id')`,
 		Args: cobra.MinimumNArgs(1),
 		RunE: func(cmd *cobra.Command, args []string) error {
 			c, err := cliclient.NewClient(cmd)
diff --git a/cmd/identities/get_test.go b/cmd/identities/get_test.go
index 5ffcc5dbbdd6..1c9efc4685ad 100644
--- a/cmd/identities/get_test.go
+++ b/cmd/identities/get_test.go
@@ -6,8 +6,6 @@ import (
 	"encoding/json"
 	"testing"
 
-	"github.com/spf13/cobra"
-
 	"github.com/ory/kratos/cmd/identities"
 	"github.com/ory/x/assertx"
 
@@ -21,7 +19,7 @@ import (
 )
 
 func TestGetCmd(t *testing.T) {
-	c := identities.NewGetIdentityCmd(new(cobra.Command))
+	c := identities.NewGetIdentityCmd()
 	reg := setup(t, c)
 
 	t.Run("case=gets a single identity", func(t *testing.T) {
diff --git a/cmd/identities/import.go b/cmd/identities/import.go
index ddaa280f1ac8..a89ac013bd9e 100644
--- a/cmd/identities/import.go
+++ b/cmd/identities/import.go
@@ -13,23 +13,23 @@ import (
 	"github.com/ory/kratos/cmd/cliclient"
 )
 
-func NewImportCmd(root *cobra.Command) *cobra.Command {
+func NewImportCmd() *cobra.Command {
 	var cmd = &cobra.Command{
 		Use:   "import",
 		Short: "Import resources",
 	}
-	cmd.AddCommand(NewImportIdentitiesCmd(root))
+	cmd.AddCommand(NewImportIdentitiesCmd())
 	cliclient.RegisterClientFlags(cmd.PersistentFlags())
 	cmdx.RegisterFormatFlags(cmd.PersistentFlags())
 	return cmd
 }
 
 // NewImportIdentitiesCmd represents the import command
-func NewImportIdentitiesCmd(root *cobra.Command) *cobra.Command {
+func NewImportIdentitiesCmd() *cobra.Command {
 	return &cobra.Command{
 		Use:   "identities file-1.json [file-2.json] [file-3.json] [file-n.json]",
 		Short: "Import one or more identities from files or STD_IN",
-		Example: fmt.Sprintf(`Create an example identity:
+		Example: `Create an example identity:
 
 	cat > ./file.json < ]",
 		Short:   "List identities",
 		Long:    "List identities (paginated)",
-		Example: fmt.Sprintf("%[1]s ls identities 100 1", root.Use),
+		Example: "{{ .CommandPath }} 100 1",
 		Args:    cmdx.ZeroOrTwoArgs,
 		Aliases: []string{"ls"},
 		RunE: func(cmd *cobra.Command, args []string) error {
diff --git a/cmd/identities/list_test.go b/cmd/identities/list_test.go
index 2a26a8b7a270..7eba3c0e1b97 100644
--- a/cmd/identities/list_test.go
+++ b/cmd/identities/list_test.go
@@ -5,8 +5,6 @@ import (
 	"strings"
 	"testing"
 
-	"github.com/spf13/cobra"
-
 	"github.com/ory/kratos/cmd/identities"
 
 	"github.com/ory/x/cmdx"
@@ -18,7 +16,7 @@ import (
 )
 
 func TestListCmd(t *testing.T) {
-	c := identities.NewListIdentitiesCmd(new(cobra.Command))
+	c := identities.NewListIdentitiesCmd()
 	reg := setup(t, c)
 	require.NoError(t, c.Flags().Set(cmdx.FlagQuiet, "true"))
 
diff --git a/cmd/root.go b/cmd/root.go
index d2cb518320af..641f81612cc9 100644
--- a/cmd/root.go
+++ b/cmd/root.go
@@ -23,19 +23,20 @@ import (
 	"github.com/spf13/cobra"
 )
 
-// RootCmd represents the base command when called without any subcommands
 func NewRootCmd() (cmd *cobra.Command) {
 	cmd = &cobra.Command{
 		Use: "kratos",
 	}
+	cmdx.EnableUsageTemplating(cmd)
+
 	courier.RegisterCommandRecursive(cmd, nil, nil)
-	cmd.AddCommand(identities.NewGetCmd(cmd))
-	cmd.AddCommand(identities.NewDeleteCmd(cmd))
+	cmd.AddCommand(identities.NewGetCmd())
+	cmd.AddCommand(identities.NewDeleteCmd())
 	cmd.AddCommand(jsonnet.NewFormatCmd())
 	hashers.RegisterCommandRecursive(cmd)
-	cmd.AddCommand(identities.NewImportCmd(cmd))
+	cmd.AddCommand(identities.NewImportCmd())
 	cmd.AddCommand(jsonnet.NewLintCmd())
-	cmd.AddCommand(identities.NewListCmd(cmd))
+	cmd.AddCommand(identities.NewListCmd())
 	migrate.RegisterCommandRecursive(cmd)
 	serve.RegisterCommandRecursive(cmd, nil, nil)
 	cleanup.RegisterCommandRecursive(cmd)
diff --git a/cmd/root_test.go b/cmd/root_test.go
new file mode 100644
index 000000000000..ec9e100dd110
--- /dev/null
+++ b/cmd/root_test.go
@@ -0,0 +1,11 @@
+package cmd
+
+import (
+	"testing"
+
+	"github.com/ory/x/cmdx"
+)
+
+func TestUsageStrings(t *testing.T) {
+	cmdx.AssertUsageTemplates(t, NewRootCmd())
+}
diff --git a/go.mod b/go.mod
index 7c5da3e213d1..66b103dfc387 100644
--- a/go.mod
+++ b/go.mod
@@ -38,7 +38,7 @@ require (
 	github.com/go-errors/errors v1.0.1
 	github.com/go-openapi/strfmt v0.21.3
 	github.com/go-playground/validator/v10 v10.4.1
-	github.com/go-swagger/go-swagger v0.30.0
+	github.com/go-swagger/go-swagger v0.30.3
 	github.com/gobuffalo/fizz v1.14.2
 	github.com/gobuffalo/httptest v1.0.2
 	github.com/gobuffalo/pop/v6 v6.0.6
@@ -76,7 +76,7 @@ require (
 	github.com/ory/kratos-client-go v0.6.3-alpha.1
 	github.com/ory/mail/v3 v3.0.0
 	github.com/ory/nosurf v1.2.7
-	github.com/ory/x v0.0.474
+	github.com/ory/x v0.0.480
 	github.com/phayes/freeport v0.0.0-20180830031419-95f893ade6f2
 	github.com/pkg/errors v0.9.1
 	github.com/pquerna/otp v1.3.0
@@ -93,7 +93,7 @@ require (
 	github.com/zmb3/spotify/v2 v2.0.0
 	go.opentelemetry.io/otel v1.9.0
 	go.opentelemetry.io/otel/trace v1.9.0
-	golang.org/x/crypto v0.0.0-20220817201139-bc19a97f63c8
+	golang.org/x/crypto v0.0.0-20220829220503-c86fa9a7ed90
 	golang.org/x/net v0.0.0-20220826154423-83b083e8dc8b
 	golang.org/x/oauth2 v0.0.0-20220822191816-0ebed06d0094
 	golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4

From 8d9242548fd03359876a9df3b62da35ad75bb141 Mon Sep 17 00:00:00 2001
From: Patrik 
Date: Tue, 4 Oct 2022 11:30:23 +0200
Subject: [PATCH 282/411] chore: bump go to 1.19

---
 .docker/Dockerfile-build         |  2 +-
 .docker/Dockerfile-debug         |  2 +-
 .github/workflows/ci.yaml        |  4 ++--
 go.mod                           |  2 +-
 go.sum                           | 12 ++++++------
 test/e2e/mock/webhook/Dockerfile |  2 +-
 6 files changed, 12 insertions(+), 12 deletions(-)

diff --git a/.docker/Dockerfile-build b/.docker/Dockerfile-build
index 71791df2b7d6..d77285e78e09 100644
--- a/.docker/Dockerfile-build
+++ b/.docker/Dockerfile-build
@@ -1,5 +1,5 @@
 # syntax = docker/dockerfile:1-experimental
-FROM golang:1.18-alpine3.16 AS base
+FROM golang:1.19-alpine3.16 AS base
 
 RUN apk --update upgrade && apk --no-cache --update-cache --upgrade --latest add ca-certificates build-base gcc
 
diff --git a/.docker/Dockerfile-debug b/.docker/Dockerfile-debug
index 3d1b4ea052d9..a5365a546da3 100644
--- a/.docker/Dockerfile-debug
+++ b/.docker/Dockerfile-debug
@@ -1,4 +1,4 @@
-FROM golang:1.18-buster
+FROM golang:1.19-buster
 ENV CGO_ENABLED 1
 
 RUN apt-get update && apt-get install -y --no-install-recommends inotify-tools psmisc
diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
index 01c0f8856550..2651d1bac2e1 100644
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@@ -77,7 +77,7 @@ jobs:
           fetch-depth: 2
       - uses: actions/setup-go@v2
         with:
-          go-version: "~1.18"
+          go-version: "1.19"
       - run: go list -json > go.list
       - name: Run nancy
         uses: sonatype-nexus-community/nancy-github-action@v1.0.2
@@ -160,7 +160,7 @@ jobs:
       - name: Setup Go
         uses: actions/setup-go@v2
         with:
-          go-version: "~1.18"
+          go-version: "1.19"
       - name: Install selfservice-ui-react-native
         uses: actions/checkout@v2
         with:
diff --git a/go.mod b/go.mod
index 66b103dfc387..78d7d9e640c3 100644
--- a/go.mod
+++ b/go.mod
@@ -1,6 +1,6 @@
 module github.com/ory/kratos
 
-go 1.18
+go 1.19
 
 replace (
 	github.com/bradleyjkemp/cupaloy/v2 => github.com/aeneasr/cupaloy/v2 v2.6.1-0.20210924214125-3dfdd01210a3
diff --git a/go.sum b/go.sum
index 5fe0fe82e50e..d7737cc3771e 100644
--- a/go.sum
+++ b/go.sum
@@ -639,8 +639,8 @@ github.com/go-sql-driver/mysql v1.6.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LB
 github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY=
 github.com/go-stack/stack v1.8.1 h1:ntEHSVwIt7PNXNpgPmVfMrNhLtgjlmnZha2kOpuRiDw=
 github.com/go-stack/stack v1.8.1/go.mod h1:dcoOX6HbPZSZptuspn9bctJ+N/CnF5gGygcUP3XYfe4=
-github.com/go-swagger/go-swagger v0.30.0 h1:HakSyutD7Ek9ndkR8Fxy6WAoQtgu7UcAmZCTa6SzawA=
-github.com/go-swagger/go-swagger v0.30.0/go.mod h1:GhZVX/KIBM4VpGp4P7AJOIrlTuBeRVPS+j9kk6rFmfY=
+github.com/go-swagger/go-swagger v0.30.3 h1:HuzvdMRed/9Q8vmzVcfNBQByZVtT79DNZxZ18OprdoI=
+github.com/go-swagger/go-swagger v0.30.3/go.mod h1:neDPes8r8PCz2JPvHRDj8BTULLh4VJUt7n6MpQqxhHM=
 github.com/go-swagger/scan-repo-boundary v0.0.0-20180623220736-973b3573c013 h1:l9rI6sNaZgNC0LnF3MiE+qTmyBA/tZAg1rtyrGbUMK0=
 github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0/go.mod h1:fyg7847qk6SyHyPtNmDHnmrv/HOrqktSC+C9fM+CJOE=
 github.com/go-test/deep v1.0.2-0.20181118220953-042da051cf31/go.mod h1:wGDj63lr65AM2AQyKZd/NYHGb0R+1RLqB8NKt3aSFNA=
@@ -1381,8 +1381,8 @@ github.com/ory/sessions v1.2.2-0.20220110165800-b09c17334dc2 h1:zm6sDvHy/U9XrGpi
 github.com/ory/sessions v1.2.2-0.20220110165800-b09c17334dc2/go.mod h1:dk2InVEVJ0sfLlnXv9EAgkf6ecYs/i80K/zI+bUmuGM=
 github.com/ory/viper v1.7.5 h1:+xVdq7SU3e1vNaCsk/ixsfxE4zylk1TJUiJrY647jUE=
 github.com/ory/viper v1.7.5/go.mod h1:ypOuyJmEUb3oENywQZRgeAMwqgOyDqwboO1tj3DjTaM=
-github.com/ory/x v0.0.474 h1:AZT+RGoKw33hOxUiSi3x2/mD0POmMKEB/lYpJpJPlrw=
-github.com/ory/x v0.0.474/go.mod h1:w2gwqgw3XqKTxW8wURVxUFI2NuDyIC2rGxvEsnBJqjs=
+github.com/ory/x v0.0.480 h1:IAflszUfmpy/bVnd8gxIgKuL9pL1oLjytxqCmAMC14o=
+github.com/ory/x v0.0.480/go.mod h1:w2gwqgw3XqKTxW8wURVxUFI2NuDyIC2rGxvEsnBJqjs=
 github.com/otiai10/copy v1.2.0/go.mod h1:rrF5dJ5F0t/EWSYODDu4j9/vEeYHMkc8jt0zJChqQWw=
 github.com/otiai10/curr v0.0.0-20150429015615-9b4961190c95/go.mod h1:9qAhocn7zKJG+0mI8eUu6xqkFDYS2kb2saOteoSB3cE=
 github.com/otiai10/curr v1.0.0/go.mod h1:LskTG5wDwr8Rs+nNQ+1LlxRjAtTZZjtJW4rMXl6j4vs=
@@ -1879,8 +1879,8 @@ golang.org/x/crypto v0.0.0-20210920023735-84f357641f63/go.mod h1:GvvjBRRGRdwPK5y
 golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/crypto v0.0.0-20211108221036-ceb1ce70b4fa/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/crypto v0.0.0-20220517005047-85d78b3ac167/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
-golang.org/x/crypto v0.0.0-20220817201139-bc19a97f63c8 h1:GIAS/yBem/gq2MUqgNIzUHW7cJMmx3TGZOrnyYaNQ6c=
-golang.org/x/crypto v0.0.0-20220817201139-bc19a97f63c8/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
+golang.org/x/crypto v0.0.0-20220829220503-c86fa9a7ed90 h1:Y/gsMcFOcR+6S6f3YeMKl5g+dZMEWqcz5Czj/GWYbkM=
+golang.org/x/crypto v0.0.0-20220829220503-c86fa9a7ed90/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
diff --git a/test/e2e/mock/webhook/Dockerfile b/test/e2e/mock/webhook/Dockerfile
index 5453e95f0ae1..1806cdf396e9 100644
--- a/test/e2e/mock/webhook/Dockerfile
+++ b/test/e2e/mock/webhook/Dockerfile
@@ -1,4 +1,4 @@
-FROM golang:1.18-alpine AS build
+FROM golang:1.19-alpine AS build
 
 WORKDIR /build
 

From 7e7e58bc1837c7afdf910a1534a55e60999ceee7 Mon Sep 17 00:00:00 2001
From: Jonas Hungershausen 
Date: Tue, 4 Oct 2022 14:28:53 +0200
Subject: [PATCH 283/411] chore: add node version check to test/e2e/run.sh
 (#2745)

Resolves #2738
---
 .github/workflows/ci.yaml |  3 +++
 test/e2e/run.sh           | 20 ++++++++++++++++++++
 2 files changed, 23 insertions(+)

diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
index 2651d1bac2e1..92373c798d60 100644
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@@ -138,6 +138,9 @@ jobs:
       matrix:
         database: ["postgres", "cockroach", "sqlite", "mysql"]
     steps:
+      - uses: actions/setup-node@v3
+        with:
+          node-version: 16
       - run: |
           docker create --name cockroach -p 26257:26257 \
             cockroachdb/cockroach:v20.2.5 start-single-node --insecure
diff --git a/test/e2e/run.sh b/test/e2e/run.sh
index e8ec2cc0e9a1..364a3587921c 100755
--- a/test/e2e/run.sh
+++ b/test/e2e/run.sh
@@ -1,5 +1,25 @@
 #!/bin/bash
 
+echo "Running Ory Kratos E2E Tests..."
+echo ""
+
+NODE_VERSION=$(node -v)
+
+if [[ $NODE_VERSION =~ v([0-9]{1,2}).* ]]; then
+  MAJOR_NODE_VERSION=${BASH_REMATCH[1]}
+  if [[ $MAJOR_NODE_VERSION -gt 16 ]]; then
+    echo "It seems you are running this script using a node version newer than 16 ($NODE_VERSION)."
+    echo "Currently, this script will not work if not run using Node 16 (or lower) due to changes in the way Node 18 does network requests."
+    echo "Please use Node 16 instead."
+    echo ""
+    echo "  Using nvm (https://github.com/nvm-sh/nvm):"
+    echo "   $ nvm install 16"
+    exit
+  fi
+else
+  echo "could not detect node version from string $NODE_VERSION. Continuing..."
+fi
+
 set -euxo pipefail
 
 cd "$(dirname "${BASH_SOURCE[0]}")/../.."

From f002649d45658a1486fac551d8ca6b37b3d03026 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Miko=C5=82aj=20Meller?=
 <52668809+mmeller-wikia@users.noreply.github.com>
Date: Tue, 4 Oct 2022 14:33:24 +0200
Subject: [PATCH 284/411] fix: preserve return_to param between flows (#2644)

---
 .../strategy/link/strategy_recovery.go        | 11 +-----
 selfservice/strategy/oidc/strategy_login.go   |  5 +++
 .../strategy/oidc/strategy_registration.go    |  5 +++
 selfservice/strategy/oidc/strategy_test.go    | 36 +++++++++++++++++++
 x/http_secure_redirect.go                     | 20 +++++++++++
 x/http_secure_redirect_test.go                | 21 +++++++++++
 6 files changed, 88 insertions(+), 10 deletions(-)

diff --git a/selfservice/strategy/link/strategy_recovery.go b/selfservice/strategy/link/strategy_recovery.go
index c2b636a18fb5..383ed31b2060 100644
--- a/selfservice/strategy/link/strategy_recovery.go
+++ b/selfservice/strategy/link/strategy_recovery.go
@@ -286,19 +286,10 @@ func (s *Strategy) recoveryIssueSession(w http.ResponseWriter, r *http.Request,
 		return s.retryRecoveryFlowWithError(w, r, flow.TypeBrowser, err)
 	}
 
-	// Take over `return_to` parameter from recovery flow
-	sfRequestURL, err := url.Parse(sf.RequestURL)
+	sf.RequestURL, err = x.TakeOverReturnToParameter(f.RequestURL, sf.RequestURL)
 	if err != nil {
 		return s.retryRecoveryFlowWithError(w, r, flow.TypeBrowser, err)
 	}
-	fRequestURL, err := url.Parse(f.RequestURL)
-	if err != nil {
-		return s.retryRecoveryFlowWithError(w, r, flow.TypeBrowser, err)
-	}
-	sfQuery := sfRequestURL.Query()
-	sfQuery.Set("return_to", fRequestURL.Query().Get("return_to"))
-	sfRequestURL.RawQuery = sfQuery.Encode()
-	sf.RequestURL = sfRequestURL.String()
 
 	if err := s.d.RecoveryExecutor().PostRecoveryHook(w, r, f, sess); err != nil {
 		return s.retryRecoveryFlowWithError(w, r, flow.TypeBrowser, err)
diff --git a/selfservice/strategy/oidc/strategy_login.go b/selfservice/strategy/oidc/strategy_login.go
index c43a70ad2a3c..92b1a9e3183a 100644
--- a/selfservice/strategy/oidc/strategy_login.go
+++ b/selfservice/strategy/oidc/strategy_login.go
@@ -100,6 +100,11 @@ func (s *Strategy) processLogin(w http.ResponseWriter, r *http.Request, a *login
 				return nil, s.handleError(w, r, a, provider.Config().ID, nil, err)
 			}
 
+			aa.RequestURL, err = x.TakeOverReturnToParameter(a.RequestURL, aa.RequestURL)
+			if err != nil {
+				return nil, s.handleError(w, r, a, provider.Config().ID, nil, err)
+			}
+
 			if _, err := s.processRegistration(w, r, aa, token, claims, provider, container); err != nil {
 				return aa, err
 			}
diff --git a/selfservice/strategy/oidc/strategy_registration.go b/selfservice/strategy/oidc/strategy_registration.go
index b7257c8a79e5..05c9f624c7d3 100644
--- a/selfservice/strategy/oidc/strategy_registration.go
+++ b/selfservice/strategy/oidc/strategy_registration.go
@@ -189,6 +189,11 @@ func (s *Strategy) processRegistration(w http.ResponseWriter, r *http.Request, a
 			return nil, s.handleError(w, r, a, provider.Config().ID, nil, err)
 		}
 
+		ar.RequestURL, err = x.TakeOverReturnToParameter(a.RequestURL, ar.RequestURL)
+		if err != nil {
+			return nil, s.handleError(w, r, a, provider.Config().ID, nil, err)
+		}
+
 		if _, err := s.processLogin(w, r, ar, token, claims, provider, container); err != nil {
 			return ar, err
 		}
diff --git a/selfservice/strategy/oidc/strategy_test.go b/selfservice/strategy/oidc/strategy_test.go
index b2b8064c8496..9e4b896e2a1b 100644
--- a/selfservice/strategy/oidc/strategy_test.go
+++ b/selfservice/strategy/oidc/strategy_test.go
@@ -323,6 +323,42 @@ func TestStrategy(t *testing.T) {
 		assert.Contains(t, gjson.GetBytes(body, "ui.nodes.#(attributes.name==traits.subject).messages.0.text").String(), "is not valid", "%s\n%s", gjson.GetBytes(body, "ui.nodes.#(attributes.name==traits.subject)").Raw, body)
 	})
 
+	t.Run("case=cannot register multiple accounts with the same OIDC account", func(t *testing.T) {
+		subject = "oidc-register-then-login@ory.sh"
+		scope = []string{"openid", "offline"}
+
+		expectTokens := func(t *testing.T, provider string, body []byte) {
+			i, err := reg.PrivilegedIdentityPool().GetIdentityConfidential(context.Background(), uuid.FromStringOrNil(gjson.GetBytes(body, "identity.id").String()))
+			require.NoError(t, err)
+			c := i.Credentials[identity.CredentialsTypeOIDC].Config
+			assert.NotEmpty(t, gjson.GetBytes(c, "providers.0.initial_access_token").String())
+			assertx.EqualAsJSONExcept(
+				t,
+				json.RawMessage(fmt.Sprintf(`{"providers": [{"subject":"%s","provider":"%s"}]}`, subject, provider)),
+				json.RawMessage(c),
+				[]string{"providers.0.initial_id_token", "providers.0.initial_access_token", "providers.0.initial_refresh_token"},
+			)
+		}
+
+		t.Run("case=should pass registration", func(t *testing.T) {
+			r := newRegistrationFlow(t, returnTS.URL, time.Minute)
+			action := afv(t, r.ID, "valid")
+			res, body := makeRequest(t, "valid", action, url.Values{})
+			ai(t, res, body)
+			expectTokens(t, "valid", body)
+		})
+
+		t.Run("case=try another registration", func(t *testing.T) {
+			returnTo := fmt.Sprintf("%s/home?query=true", returnTS.URL)
+			r := newRegistrationFlow(t, fmt.Sprintf("%s?return_to=%s", returnTS.URL, url.QueryEscape(returnTo)), time.Minute)
+			action := afv(t, r.ID, "valid")
+			res, body := makeRequest(t, "valid", action, url.Values{})
+			assert.Equal(t, returnTo, res.Request.URL.String())
+			ai(t, res, body)
+			expectTokens(t, "valid", body)
+		})
+	})
+
 	t.Run("case=register and then login", func(t *testing.T) {
 		subject = "register-then-login@ory.sh"
 		scope = []string{"openid", "offline"}
diff --git a/x/http_secure_redirect.go b/x/http_secure_redirect.go
index 972461c0720f..2f79035f7e7b 100644
--- a/x/http_secure_redirect.go
+++ b/x/http_secure_redirect.go
@@ -73,6 +73,26 @@ func SecureRedirectToIsAllowedHost(returnTo *url.URL, allowed url.URL) bool {
 	return strings.EqualFold(allowed.Host, returnTo.Host)
 }
 
+func TakeOverReturnToParameter(from string, to string) (string, error) {
+	fromURL, err := url.Parse(from)
+	if err != nil {
+		return "", err
+	}
+	returnTo := fromURL.Query().Get("return_to")
+	// Empty return_to parameter, return early
+	if returnTo == "" {
+		return to, nil
+	}
+	toURL, err := url.Parse(to)
+	if err != nil {
+		return "", err
+	}
+	toQuery := toURL.Query()
+	toQuery.Set("return_to", returnTo)
+	toURL.RawQuery = toQuery.Encode()
+	return toURL.String(), nil
+}
+
 // SecureRedirectTo implements a HTTP redirector who mitigates open redirect vulnerabilities by
 // working with allow lists.
 func SecureRedirectTo(r *http.Request, defaultReturnTo *url.URL, opts ...SecureRedirectOption) (returnTo *url.URL, err error) {
diff --git a/x/http_secure_redirect_test.go b/x/http_secure_redirect_test.go
index 078c1e8dff73..aa1293804fcc 100644
--- a/x/http_secure_redirect_test.go
+++ b/x/http_secure_redirect_test.go
@@ -101,6 +101,27 @@ func TestSecureRedirectToIsAllowedHost(t *testing.T) {
 	}
 }
 
+func TestTakeOverReturnToParameter(t *testing.T) {
+	type testCase struct {
+		fromUrl           string
+		toURL             string
+		expectedOutputUrl string
+	}
+	tests := map[string]testCase{
+		"case=return_to is taken over":                                             {fromUrl: "https://original.bar?return_to=https://allowed.domain", toURL: "https://output.bar", expectedOutputUrl: "https://output.bar?return_to=https%3A%2F%2Fallowed.domain"},
+		"case=only return_to is taken over when multiple query parameters are set": {fromUrl: "https://original.bar?return_to=https://allowed.domain&flow=12312", toURL: "https://output.bar", expectedOutputUrl: "https://output.bar?return_to=https%3A%2F%2Fallowed.domain"},
+		"case=output query parameters are preserved":                               {fromUrl: "https://original.bar?return_to=https://allowed.domain", toURL: "https://output.bar?flow=123321", expectedOutputUrl: "https://output.bar?flow=123321&return_to=https%3A%2F%2Fallowed.domain"},
+		"case=when original return_to is empty do nothing":                         {fromUrl: "https://original.bar?return_to=", toURL: "https://output.bar?flow=123123", expectedOutputUrl: "https://output.bar?flow=123123"},
+	}
+	for name, tc := range tests {
+		t.Run(name, func(t *testing.T) {
+			output, err := x.TakeOverReturnToParameter(tc.fromUrl, tc.toURL)
+			require.NoError(t, err)
+			assert.Equal(t, output, tc.expectedOutputUrl)
+		})
+	}
+}
+
 func TestSecureRedirectTo(t *testing.T) {
 
 	var newServer = func(t *testing.T, isTLS bool, isRelative bool, expectErr bool, opts func(ts *httptest.Server) []x.SecureRedirectOption) *httptest.Server {

From 82bc9ce00d44085287e6d8d9e3fb67e107be2503 Mon Sep 17 00:00:00 2001
From: Ajay Kelkar 
Date: Tue, 4 Oct 2022 17:48:12 +0200
Subject: [PATCH 285/411] feat: adding device information to the session
 (#2715)

Closes https://github.com/ory/kratos/issues/2091
See https://github.com/ory-corp/cloud/issues/3011

Co-authored-by: hackerman <3372410+aeneasr@users.noreply.github.com>
Co-authored-by: Patrik 
---
 corpx/faker.go                                |  22 ++++
 internal/testhelpers/handler_mock.go          |   2 +-
 internal/testhelpers/identity.go              |  11 +-
 internal/testhelpers/session.go               |  22 ++--
 .../7458af86-c1d8-401c-978a-8da89133f78b.json |   3 +-
 .../7458af86-c1d8-401c-978a-8da89133f98b.json |  51 ++++++++
 .../8571e374-38f2-4f46-8ad3-b9d914e174d3.json |   3 +-
 .../dcde5aaa-f789-4d3d-ae1f-76da8d57e67c.json |   3 +-
 .../f38cdebe-e567-42c9-a562-1bd4dee40998.json |   3 +-
 persistence/sql/migratest/migration_test.go   |   2 +-
 .../testdata/20220907132836_testdata.sql      |  12 ++
 ...6000000_add_session_devices_table.down.sql |   1 +
 ...0_add_session_devices_table.mysql.down.sql |   1 +
 ...000_add_session_devices_table.mysql.up.sql |  17 +++
 ...836000000_add_session_devices_table.up.sql |  16 +++
 persistence/sql/persister_session.go          | 119 +++++++++++++-----
 selfservice/flow/login/hook.go                |   2 +-
 selfservice/flow/logout/handler_test.go       |   4 +-
 selfservice/flow/recovery/hook_test.go        |   2 +-
 selfservice/flow/registration/hook.go         |   2 +-
 selfservice/flow/settings/error_test.go       |   4 +-
 selfservice/flow/settings/hook_test.go        |   4 +-
 selfservice/flowhelpers/login_test.go         |   5 +-
 selfservice/hook/session_destroyer_test.go    |   4 +-
 selfservice/hook/session_issuer_test.go       |   6 +-
 .../strategy/link/strategy_recovery.go        |   2 +-
 .../strategy/link/strategy_recovery_test.go   |  10 +-
 session/expand.go                             |  56 +++++++++
 session/expand_test.go                        |  33 +++++
 session/handler.go                            |   6 +-
 session/handler_test.go                       |  10 +-
 session/manager_http.go                       |   4 +-
 session/manager_http_test.go                  |  45 ++++---
 session/persistence.go                        |   6 +-
 session/session.go                            |  88 +++++++++++--
 session/session_test.go                       |  74 ++++++++++-
 session/test/persistence.go                   |  86 ++++++++-----
 x/xsql/sql.go                                 |   1 +
 38 files changed, 599 insertions(+), 143 deletions(-)
 create mode 100644 persistence/sql/migratest/fixtures/session/7458af86-c1d8-401c-978a-8da89133f98b.json
 create mode 100644 persistence/sql/migratest/testdata/20220907132836_testdata.sql
 create mode 100644 persistence/sql/migrations/sql/20220907132836000000_add_session_devices_table.down.sql
 create mode 100644 persistence/sql/migrations/sql/20220907132836000000_add_session_devices_table.mysql.down.sql
 create mode 100644 persistence/sql/migrations/sql/20220907132836000000_add_session_devices_table.mysql.up.sql
 create mode 100644 persistence/sql/migrations/sql/20220907132836000000_add_session_devices_table.up.sql
 create mode 100644 session/expand.go
 create mode 100644 session/expand_test.go

diff --git a/corpx/faker.go b/corpx/faker.go
index bbf2e31d7ec3..bbfe80f6b1d8 100644
--- a/corpx/faker.go
+++ b/corpx/faker.go
@@ -6,6 +6,9 @@ import (
 	"reflect"
 	"time"
 
+	"github.com/ory/kratos/session"
+	"github.com/ory/x/stringsx"
+
 	"github.com/bxcodec/faker/v3"
 
 	"github.com/ory/kratos/identity"
@@ -25,6 +28,18 @@ func RegisterFakes() {
 
 	_ = faker.SetRandomMapAndSliceSize(4)
 
+	if err := faker.AddProvider("ptr_geo_location", func(v reflect.Value) (interface{}, error) {
+		return stringsx.GetPointer("Munich, Germany"), nil
+	}); err != nil {
+		panic(err)
+	}
+
+	if err := faker.AddProvider("ptr_ipv4", func(v reflect.Value) (interface{}, error) {
+		return stringsx.GetPointer(faker.IPv4()), nil
+	}); err != nil {
+		panic(err)
+	}
+
 	if err := faker.AddProvider("birthdate", func(v reflect.Value) (interface{}, error) {
 		return time.Now().Add(time.Duration(rand.Int())).Round(time.Second).UTC(), nil
 	}); err != nil {
@@ -124,4 +139,11 @@ func RegisterFakes() {
 	}); err != nil {
 		panic(err)
 	}
+
+	if err := faker.AddProvider("session_device", func(v reflect.Value) (interface{}, error) {
+		var d session.Device
+		return &d, faker.FakeData(&d)
+	}); err != nil {
+		panic(err)
+	}
 }
diff --git a/internal/testhelpers/handler_mock.go b/internal/testhelpers/handler_mock.go
index 07c1787e552c..dab6a68d283a 100644
--- a/internal/testhelpers/handler_mock.go
+++ b/internal/testhelpers/handler_mock.go
@@ -39,7 +39,7 @@ func MockSetSession(t *testing.T, reg mockDeps, conf *config.Config) httprouter.
 
 func MockSetSessionWithIdentity(t *testing.T, reg mockDeps, conf *config.Config, i *identity.Identity) httprouter.Handle {
 	return func(w http.ResponseWriter, r *http.Request, _ httprouter.Params) {
-		activeSession, _ := session.NewActiveSession(r.Context(), i, conf, time.Now().UTC(), identity.CredentialsTypePassword, identity.AuthenticatorAssuranceLevel1)
+		activeSession, _ := session.NewActiveSession(r, i, conf, time.Now().UTC(), identity.CredentialsTypePassword, identity.AuthenticatorAssuranceLevel1)
 		if aal := r.URL.Query().Get("set_aal"); len(aal) > 0 {
 			activeSession.AuthenticatorAssuranceLevel = identity.AuthenticatorAssuranceLevel(aal)
 		}
diff --git a/internal/testhelpers/identity.go b/internal/testhelpers/identity.go
index 76c6cf10f7ea..c80dca9274a3 100644
--- a/internal/testhelpers/identity.go
+++ b/internal/testhelpers/identity.go
@@ -1,10 +1,11 @@
 package testhelpers
 
 import (
-	"context"
 	"testing"
 	"time"
 
+	"github.com/ory/kratos/x"
+
 	"github.com/stretchr/testify/require"
 
 	"github.com/ory/kratos/driver"
@@ -14,11 +15,11 @@ import (
 )
 
 func CreateSession(t *testing.T, reg driver.Registry) *session.Session {
-	ctx := context.Background()
+	req := x.NewTestHTTPRequest(t, "GET", "/sessions/whoami", nil)
 	i := identity.NewIdentity(config.DefaultIdentityTraitsSchemaID)
-	require.NoError(t, reg.PrivilegedIdentityPool().CreateIdentity(ctx, i))
-	sess, err := session.NewActiveSession(ctx, i, reg.Config(), time.Now().UTC(), identity.CredentialsTypePassword, identity.AuthenticatorAssuranceLevel1)
+	require.NoError(t, reg.PrivilegedIdentityPool().CreateIdentity(req.Context(), i))
+	sess, err := session.NewActiveSession(req, i, reg.Config(), time.Now().UTC(), identity.CredentialsTypePassword, identity.AuthenticatorAssuranceLevel1)
 	require.NoError(t, err)
-	require.NoError(t, reg.SessionPersister().UpsertSession(ctx, sess))
+	require.NoError(t, reg.SessionPersister().UpsertSession(req.Context(), sess))
 	return sess
 }
diff --git a/internal/testhelpers/session.go b/internal/testhelpers/session.go
index 550f8dbac839..81657463d305 100644
--- a/internal/testhelpers/session.go
+++ b/internal/testhelpers/session.go
@@ -137,8 +137,8 @@ func NewHTTPClientWithSessionToken(t *testing.T, reg *driver.RegistryDefault, se
 }
 
 func NewHTTPClientWithArbitrarySessionToken(t *testing.T, reg *driver.RegistryDefault) *http.Client {
-	ctx := context.Background()
-	s, err := session.NewActiveSession(ctx,
+	req := x.NewTestHTTPRequest(t, "GET", "/sessions/whoami", nil)
+	s, err := session.NewActiveSession(req,
 		&identity.Identity{ID: x.NewUUID(), State: identity.StateActive},
 		NewSessionLifespanProvider(time.Hour),
 		time.Now(),
@@ -151,8 +151,8 @@ func NewHTTPClientWithArbitrarySessionToken(t *testing.T, reg *driver.RegistryDe
 }
 
 func NewHTTPClientWithArbitrarySessionCookie(t *testing.T, reg *driver.RegistryDefault) *http.Client {
-	ctx := context.Background()
-	s, err := session.NewActiveSession(ctx,
+	req := x.NewTestHTTPRequest(t, "GET", "/sessions/whoami", nil)
+	s, err := session.NewActiveSession(req,
 		&identity.Identity{ID: x.NewUUID(), State: identity.StateActive},
 		NewSessionLifespanProvider(time.Hour),
 		time.Now(),
@@ -165,8 +165,8 @@ func NewHTTPClientWithArbitrarySessionCookie(t *testing.T, reg *driver.RegistryD
 }
 
 func NewNoRedirectHTTPClientWithArbitrarySessionCookie(t *testing.T, reg *driver.RegistryDefault) *http.Client {
-	ctx := context.Background()
-	s, err := session.NewActiveSession(ctx,
+	req := x.NewTestHTTPRequest(t, "GET", "/sessions/whoami", nil)
+	s, err := session.NewActiveSession(req,
 		&identity.Identity{ID: x.NewUUID(), State: identity.StateActive},
 		NewSessionLifespanProvider(time.Hour),
 		time.Now(),
@@ -179,8 +179,9 @@ func NewNoRedirectHTTPClientWithArbitrarySessionCookie(t *testing.T, reg *driver
 }
 
 func NewHTTPClientWithIdentitySessionCookie(t *testing.T, reg *driver.RegistryDefault, id *identity.Identity) *http.Client {
-	ctx := context.Background()
-	s, err := session.NewActiveSession(ctx, id,
+	req := x.NewTestHTTPRequest(t, "GET", "/sessions/whoami", nil)
+	s, err := session.NewActiveSession(req,
+		id,
 		NewSessionLifespanProvider(time.Hour),
 		time.Now(),
 		identity.CredentialsTypePassword,
@@ -192,8 +193,9 @@ func NewHTTPClientWithIdentitySessionCookie(t *testing.T, reg *driver.RegistryDe
 }
 
 func NewHTTPClientWithIdentitySessionToken(t *testing.T, reg *driver.RegistryDefault, id *identity.Identity) *http.Client {
-	ctx := context.Background()
-	s, err := session.NewActiveSession(ctx, id,
+	req := x.NewTestHTTPRequest(t, "GET", "/sessions/whoami", nil)
+	s, err := session.NewActiveSession(req,
+		id,
 		NewSessionLifespanProvider(time.Hour),
 		time.Now(),
 		identity.CredentialsTypePassword,
diff --git a/persistence/sql/migratest/fixtures/session/7458af86-c1d8-401c-978a-8da89133f78b.json b/persistence/sql/migratest/fixtures/session/7458af86-c1d8-401c-978a-8da89133f78b.json
index 467fbad037aa..f523ad4bc08e 100644
--- a/persistence/sql/migratest/fixtures/session/7458af86-c1d8-401c-978a-8da89133f78b.json
+++ b/persistence/sql/migratest/fixtures/session/7458af86-c1d8-401c-978a-8da89133f78b.json
@@ -39,5 +39,6 @@
     "metadata_public": null,
     "created_at": "2013-10-07T08:23:19Z",
     "updated_at": "2013-10-07T08:23:19Z"
-  }
+  },
+  "devices": []
 }
diff --git a/persistence/sql/migratest/fixtures/session/7458af86-c1d8-401c-978a-8da89133f98b.json b/persistence/sql/migratest/fixtures/session/7458af86-c1d8-401c-978a-8da89133f98b.json
new file mode 100644
index 000000000000..932c9e9e68ce
--- /dev/null
+++ b/persistence/sql/migratest/fixtures/session/7458af86-c1d8-401c-978a-8da89133f98b.json
@@ -0,0 +1,51 @@
+{
+  "id": "7458af86-c1d8-401c-978a-8da89133f98b",
+  "active": true,
+  "expires_at": "2013-10-07T08:23:19Z",
+  "authenticated_at": "2013-10-07T08:23:19Z",
+  "authenticator_assurance_level": "aal2",
+  "authentication_methods": [
+    {
+      "method": "password",
+      "aal": "",
+      "completed_at": "0001-01-01T00:00:00Z"
+    },
+    {
+      "method": "totp",
+      "aal": "",
+      "completed_at": "0001-01-01T00:00:00Z"
+    }
+  ],
+  "issued_at": "2013-10-07T08:23:19Z",
+  "identity": {
+    "id": "5ff66179-c240-4703-b0d8-494592cefff5",
+    "schema_id": "default",
+    "schema_url": "https://www.ory.sh/schemas/ZGVmYXVsdA",
+    "state": "active",
+    "traits": {
+      "email": "bazbar@ory.sh"
+    },
+    "verifiable_addresses": [
+      {
+        "id": "45e867e9-2745-4f16-8dd4-84334a252b61",
+        "value": "foo@ory.sh",
+        "verified": false,
+        "via": "email",
+        "status": "pending",
+        "created_at": "2013-10-07T08:23:19Z",
+        "updated_at": "2013-10-07T08:23:19Z"
+      }
+    ],
+    "metadata_public": null,
+    "created_at": "2013-10-07T08:23:19Z",
+    "updated_at": "2013-10-07T08:23:19Z"
+  },
+  "devices": [
+    {
+      "id": "884f556e-eb3a-4b9f-bee3-11763642c6c0",
+      "ip_address": "54.155.246.232",
+      "user_agent": "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36",
+      "location": "Munich, Germany"
+    }
+  ]
+}
diff --git a/persistence/sql/migratest/fixtures/session/8571e374-38f2-4f46-8ad3-b9d914e174d3.json b/persistence/sql/migratest/fixtures/session/8571e374-38f2-4f46-8ad3-b9d914e174d3.json
index d22479db856a..24e7ac8f3535 100644
--- a/persistence/sql/migratest/fixtures/session/8571e374-38f2-4f46-8ad3-b9d914e174d3.json
+++ b/persistence/sql/migratest/fixtures/session/8571e374-38f2-4f46-8ad3-b9d914e174d3.json
@@ -34,5 +34,6 @@
     "metadata_public": null,
     "created_at": "2013-10-07T08:23:19Z",
     "updated_at": "2013-10-07T08:23:19Z"
-  }
+  },
+  "devices": []
 }
diff --git a/persistence/sql/migratest/fixtures/session/dcde5aaa-f789-4d3d-ae1f-76da8d57e67c.json b/persistence/sql/migratest/fixtures/session/dcde5aaa-f789-4d3d-ae1f-76da8d57e67c.json
index 1d660b99d580..f3138143ed24 100644
--- a/persistence/sql/migratest/fixtures/session/dcde5aaa-f789-4d3d-ae1f-76da8d57e67c.json
+++ b/persistence/sql/migratest/fixtures/session/dcde5aaa-f789-4d3d-ae1f-76da8d57e67c.json
@@ -34,5 +34,6 @@
     "metadata_public": null,
     "created_at": "2013-10-07T08:23:19Z",
     "updated_at": "2013-10-07T08:23:19Z"
-  }
+  },
+  "devices": []
 }
diff --git a/persistence/sql/migratest/fixtures/session/f38cdebe-e567-42c9-a562-1bd4dee40998.json b/persistence/sql/migratest/fixtures/session/f38cdebe-e567-42c9-a562-1bd4dee40998.json
index 13f1c2a6fdac..9821c94ab942 100644
--- a/persistence/sql/migratest/fixtures/session/f38cdebe-e567-42c9-a562-1bd4dee40998.json
+++ b/persistence/sql/migratest/fixtures/session/f38cdebe-e567-42c9-a562-1bd4dee40998.json
@@ -34,5 +34,6 @@
     "metadata_public": null,
     "created_at": "2013-10-07T08:23:19Z",
     "updated_at": "2013-10-07T08:23:19Z"
-  }
+  },
+  "devices": []
 }
diff --git a/persistence/sql/migratest/migration_test.go b/persistence/sql/migratest/migration_test.go
index 772ba39c80a8..8a27375f2c02 100644
--- a/persistence/sql/migratest/migration_test.go
+++ b/persistence/sql/migratest/migration_test.go
@@ -191,7 +191,7 @@ func TestMigrations(t *testing.T) {
 					var found []string
 					for _, id := range ids {
 						found = append(found, id.ID.String())
-						actual, err := d.SessionPersister().GetSession(context.Background(), id.ID)
+						actual, err := d.SessionPersister().GetSession(context.Background(), id.ID, session.ExpandEverything)
 						require.NoErrorf(t, err, "Trying to get session: %s", id.ID)
 						require.NotEmpty(t, actual.LogoutToken, "check if migrations have generated a logout token for existing sessions")
 						CompareWithFixture(t, actual, "session", id.ID.String())
diff --git a/persistence/sql/migratest/testdata/20220907132836_testdata.sql b/persistence/sql/migratest/testdata/20220907132836_testdata.sql
new file mode 100644
index 000000000000..0c3d3ec1e282
--- /dev/null
+++ b/persistence/sql/migratest/testdata/20220907132836_testdata.sql
@@ -0,0 +1,12 @@
+INSERT INTO sessions (id, nid, issued_at, expires_at, authenticated_at, created_at, updated_at, token, identity_id,
+                      active, logout_token, aal, authentication_methods)
+VALUES ('7458af86-c1d8-401c-978a-8da89133f98b', '884f556e-eb3a-4b9f-bee3-11345642c6c0', '2013-10-07 08:23:19',
+        '2013-10-07 08:23:19', '2013-10-07 08:23:19', '2013-10-07 08:23:19', '2013-10-07 08:23:19',
+        'eVwBt7UAAAAVwBt7XAMw', '5ff66179-c240-4703-b0d8-494592cefff5', true, '123eVwBt7UAAAeVwBt7XAMw', 'aal2',
+        '[{"method":"password"},{"method":"totp"}]');
+
+INSERT INTO session_devices (id, nid, session_id, ip_address, user_agent, location, created_at, updated_at)
+VALUES ('884f556e-eb3a-4b9f-bee3-11763642c6c0', '884f556e-eb3a-4b9f-bee3-11345642c6c0',
+        '7458af86-c1d8-401c-978a-8da89133f98b', '54.155.246.232',
+        'Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36',
+        'Munich, Germany', '2022-08-07 08:23:19', '2022-08-09 08:35:19');
diff --git a/persistence/sql/migrations/sql/20220907132836000000_add_session_devices_table.down.sql b/persistence/sql/migrations/sql/20220907132836000000_add_session_devices_table.down.sql
new file mode 100644
index 000000000000..350a54577b90
--- /dev/null
+++ b/persistence/sql/migrations/sql/20220907132836000000_add_session_devices_table.down.sql
@@ -0,0 +1 @@
+DROP TABLE "session_devices";
diff --git a/persistence/sql/migrations/sql/20220907132836000000_add_session_devices_table.mysql.down.sql b/persistence/sql/migrations/sql/20220907132836000000_add_session_devices_table.mysql.down.sql
new file mode 100644
index 000000000000..10b4309004ca
--- /dev/null
+++ b/persistence/sql/migrations/sql/20220907132836000000_add_session_devices_table.mysql.down.sql
@@ -0,0 +1 @@
+DROP TABLE session_devices;
diff --git a/persistence/sql/migrations/sql/20220907132836000000_add_session_devices_table.mysql.up.sql b/persistence/sql/migrations/sql/20220907132836000000_add_session_devices_table.mysql.up.sql
new file mode 100644
index 000000000000..ce15c6f0e6b1
--- /dev/null
+++ b/persistence/sql/migrations/sql/20220907132836000000_add_session_devices_table.mysql.up.sql
@@ -0,0 +1,17 @@
+CREATE TABLE `session_devices`
+(
+  `id`         char(36) NOT NULL,
+  PRIMARY KEY (`id`),
+  `ip_address` VARCHAR(50)  DEFAULT '',
+  `user_agent` VARCHAR(512) DEFAULT '',
+  `location`   VARCHAR(512) DEFAULT '',
+  `session_id` char(36) NOT NULL,
+  `nid`        char(36) NOT NULL,
+  `created_at` DATETIME NOT NULL,
+  `updated_at` DATETIME NOT NULL,
+  FOREIGN KEY (`session_id`) REFERENCES `sessions` (`id`) ON DELETE cascade,
+  FOREIGN KEY (`nid`) REFERENCES `networks` (`id`) ON DELETE cascade,
+  CONSTRAINT unique_session_device UNIQUE (nid, session_id, ip_address, user_agent)
+) ENGINE = InnoDB;
+CREATE INDEX `session_devices_id_nid_idx` ON `session_devices` (`id`, `nid`);
+CREATE INDEX `session_devices_session_id_nid_idx` ON `session_devices` (`session_id`, `nid`);
diff --git a/persistence/sql/migrations/sql/20220907132836000000_add_session_devices_table.up.sql b/persistence/sql/migrations/sql/20220907132836000000_add_session_devices_table.up.sql
new file mode 100644
index 000000000000..7f69848ca6b3
--- /dev/null
+++ b/persistence/sql/migrations/sql/20220907132836000000_add_session_devices_table.up.sql
@@ -0,0 +1,16 @@
+CREATE TABLE "session_devices"
+(
+  "id"         UUID PRIMARY KEY NOT NULL,
+  "ip_address" VARCHAR(50)  DEFAULT '',
+  "user_agent" VARCHAR(512) DEFAULT '',
+  "location"   VARCHAR(512) DEFAULT '',
+  "nid"        UUID             NOT NULL,
+  "session_id" UUID             NOT NULL,
+  "created_at" timestamp        NOT NULL,
+  "updated_at" timestamp        NOT NULL,
+  CONSTRAINT "session_metadata_sessions_id_fk" FOREIGN KEY ("session_id") REFERENCES "sessions" ("id") ON DELETE cascade,
+  CONSTRAINT "session_metadata_nid_fk" FOREIGN KEY ("nid") REFERENCES "networks" ("id") ON DELETE cascade,
+  CONSTRAINT unique_session_device UNIQUE (nid, session_id, ip_address, user_agent)
+);
+CREATE INDEX "session_devices_id_nid_idx" ON "session_devices" (id, nid);
+CREATE INDEX "session_devices_session_id_nid_idx" ON "session_devices" (session_id, nid);
diff --git a/persistence/sql/persister_session.go b/persistence/sql/persister_session.go
index b37c2562cadb..6b5203bbd700 100644
--- a/persistence/sql/persister_session.go
+++ b/persistence/sql/persister_session.go
@@ -2,10 +2,11 @@ package sql
 
 import (
 	"context"
-	"database/sql"
 	"fmt"
 	"time"
 
+	"github.com/ory/x/stringsx"
+
 	"github.com/gobuffalo/pop/v6"
 
 	"github.com/pkg/errors"
@@ -19,29 +20,41 @@ import (
 
 var _ session.Persister = new(Persister)
 
-func (p *Persister) GetSession(ctx context.Context, sid uuid.UUID) (*session.Session, error) {
+const SessionDeviceUserAgentMaxLength = 512
+const SessionDeviceLocationMaxLength = 512
+
+func (p *Persister) GetSession(ctx context.Context, sid uuid.UUID, expandables session.Expandables) (*session.Session, error) {
 	ctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, "persistence.sql.GetSession")
 	defer span.End()
 
 	var s session.Session
+	s.Devices = make([]session.Device, 0)
 	nid := p.NetworkID(ctx)
-	if err := p.GetConnection(ctx).Where("id = ? AND nid = ?", sid, nid).First(&s); err != nil {
+
+	q := p.GetConnection(ctx).Q()
+	if len(expandables) > 0 {
+		q = q.Eager(expandables.ToEager()...)
+	}
+
+	if err := q.Where("id = ? AND nid = ?", sid, nid).First(&s); err != nil {
 		return nil, sqlcon.HandleError(err)
 	}
 
-	// This is needed because of how identities are fetched from the store (if we use eager not all fields are
-	// available!).
-	i, err := p.GetIdentity(ctx, s.IdentityID)
-	if err != nil {
-		return nil, err
+	if expandables.Has(session.ExpandSessionIdentity) {
+		// This is needed because of how identities are fetched from the store (if we use eager not all fields are
+		// available!).
+		i, err := p.GetIdentity(ctx, s.IdentityID)
+		if err != nil {
+			return nil, err
+		}
+		s.Identity = i
 	}
 
-	s.Identity = i
 	return &s, nil
 }
 
 // ListSessionsByIdentity retrieves sessions for an identity from the store.
-func (p *Persister) ListSessionsByIdentity(ctx context.Context, iID uuid.UUID, active *bool, page, perPage int, except uuid.UUID) ([]*session.Session, error) {
+func (p *Persister) ListSessionsByIdentity(ctx context.Context, iID uuid.UUID, active *bool, page, perPage int, except uuid.UUID, expandables session.Expandables) ([]*session.Session, error) {
 	ctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, "persistence.sql.ListSessionsByIdentity")
 	defer span.End()
 
@@ -56,17 +69,22 @@ func (p *Persister) ListSessionsByIdentity(ctx context.Context, iID uuid.UUID, a
 		if active != nil {
 			q = q.Where("active = ?", *active)
 		}
+		if len(expandables) > 0 {
+			q = q.Eager(expandables.ToEager()...)
+		}
 		if err := q.All(&s); err != nil {
 			return sqlcon.HandleError(err)
 		}
 
-		for _, s := range s {
-			i, err := p.GetIdentity(ctx, s.IdentityID)
-			if err != nil {
-				return err
-			}
+		if expandables.Has(session.ExpandSessionIdentity) {
+			for _, s := range s {
+				i, err := p.GetIdentity(ctx, s.IdentityID)
+				if err != nil {
+					return err
+				}
 
-			s.Identity = i
+				s.Identity = i
+			}
 		}
 		return nil
 	}); err != nil {
@@ -76,21 +94,51 @@ func (p *Persister) ListSessionsByIdentity(ctx context.Context, iID uuid.UUID, a
 	return s, nil
 }
 
+// UpsertSession creates a session if not found else updates.
+// This operation also inserts Session device records when a session is being created.
+// The update operation skips updating Session device records since only one record would need to be updated in this case.
 func (p *Persister) UpsertSession(ctx context.Context, s *session.Session) error {
 	ctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, "persistence.sql.UpsertSession")
 	defer span.End()
 
 	s.NID = p.NetworkID(ctx)
 
-	if err := p.Connection(ctx).Find(new(session.Session), s.ID); errors.Is(err, sql.ErrNoRows) {
+	return errors.WithStack(p.Transaction(ctx, func(ctx context.Context, tx *pop.Connection) error {
+		exists, err := tx.Where("id = ? AND nid = ?", s.ID, s.NID).Exists(new(session.Session))
+		if err != nil {
+			return sqlcon.HandleError(err)
+		}
+
+		if exists {
+			// This must not be eager or identities will be created / updated
+			// Only update session and not corresponding session device records
+			return sqlcon.HandleError(tx.Update(s))
+		}
+
 		// This must not be eager or identities will be created / updated
-		return errors.WithStack(p.GetConnection(ctx).Create(s))
-	} else if err != nil {
-		return errors.WithStack(err)
-	}
+		if err := sqlcon.HandleError(tx.Create(s)); err != nil {
+			return err
+		}
+
+		for i := range s.Devices {
+			device := &(s.Devices[i])
+			device.SessionID = s.ID
+			device.NID = s.NID
+
+			if device.Location != nil {
+				device.Location = stringsx.GetPointer(stringsx.TruncateByteLen(*device.Location, SessionDeviceLocationMaxLength))
+			}
+			if device.UserAgent != nil {
+				device.UserAgent = stringsx.GetPointer(stringsx.TruncateByteLen(*device.UserAgent, SessionDeviceUserAgentMaxLength))
+			}
 
-	// This must not be eager or identities will be created / updated
-	return p.GetConnection(ctx).Update(s)
+			if err := sqlcon.HandleError(tx.Create(device)); err != nil {
+				return err
+			}
+		}
+
+		return nil
+	}))
 }
 
 func (p *Persister) DeleteSession(ctx context.Context, sid uuid.UUID) error {
@@ -121,25 +169,32 @@ func (p *Persister) DeleteSessionsByIdentity(ctx context.Context, identityID uui
 	return nil
 }
 
-func (p *Persister) GetSessionByToken(ctx context.Context, token string) (*session.Session, error) {
+func (p *Persister) GetSessionByToken(ctx context.Context, token string, expandables session.Expandables) (*session.Session, error) {
 	ctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, "persistence.sql.GetSessionByToken")
 	defer span.End()
 
 	var s session.Session
-	if err := p.GetConnection(ctx).Where("token = ? AND nid = ?",
-		token,
-		p.NetworkID(ctx),
-	).First(&s); err != nil {
+	s.Devices = make([]session.Device, 0)
+	nid := p.NetworkID(ctx)
+
+	q := p.GetConnection(ctx).Q()
+	if len(expandables) > 0 {
+		q = q.Eager(expandables.ToEager()...)
+	}
+
+	if err := q.Where("token = ? AND nid = ?", token, nid).First(&s); err != nil {
 		return nil, sqlcon.HandleError(err)
 	}
 
 	// This is needed because of how identities are fetched from the store (if we use eager not all fields are
 	// available!).
-	i, err := p.GetIdentity(ctx, s.IdentityID)
-	if err != nil {
-		return nil, err
+	if expandables.Has(session.ExpandSessionIdentity) {
+		i, err := p.GetIdentity(ctx, s.IdentityID)
+		if err != nil {
+			return nil, err
+		}
+		s.Identity = i
 	}
-	s.Identity = i
 	return &s, nil
 }
 
diff --git a/selfservice/flow/login/hook.go b/selfservice/flow/login/hook.go
index 3893fc070327..ff1f98d9b635 100644
--- a/selfservice/flow/login/hook.go
+++ b/selfservice/flow/login/hook.go
@@ -101,7 +101,7 @@ func (e *HookExecutor) handleLoginError(_ http.ResponseWriter, r *http.Request,
 }
 
 func (e *HookExecutor) PostLoginHook(w http.ResponseWriter, r *http.Request, g node.UiNodeGroup, a *Flow, i *identity.Identity, s *session.Session) error {
-	if err := s.Activate(r.Context(), i, e.d.Config(), time.Now().UTC()); err != nil {
+	if err := s.Activate(r, i, e.d.Config(), time.Now().UTC()); err != nil {
 		return err
 	}
 
diff --git a/selfservice/flow/logout/handler_test.go b/selfservice/flow/logout/handler_test.go
index dcfe709e2d75..27d1d62173c0 100644
--- a/selfservice/flow/logout/handler_test.go
+++ b/selfservice/flow/logout/handler_test.go
@@ -9,6 +9,8 @@ import (
 	"net/url"
 	"testing"
 
+	"github.com/ory/kratos/session"
+
 	"github.com/julienschmidt/httprouter"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
@@ -51,7 +53,7 @@ func TestLogout(t *testing.T) {
 		_, res := testhelpers.HTTPRequestJSON(t, hc, "DELETE", public.URL+"/self-service/logout/api", json.RawMessage(`{"session_token": "`+sess.Token+`"}`))
 		assert.Equal(t, http.StatusNoContent, res.StatusCode)
 
-		actual, err := reg.SessionPersister().GetSession(ctx, sess.ID)
+		actual, err := reg.SessionPersister().GetSession(ctx, sess.ID, session.ExpandNothing)
 		require.NoError(t, err)
 		assert.False(t, actual.IsActive())
 
diff --git a/selfservice/flow/recovery/hook_test.go b/selfservice/flow/recovery/hook_test.go
index 44bdba6efbfa..9ad2b87f8f87 100644
--- a/selfservice/flow/recovery/hook_test.go
+++ b/selfservice/flow/recovery/hook_test.go
@@ -41,7 +41,7 @@ func TestRecoveryExecutor(t *testing.T) {
 		router.GET("/recovery/post", func(w http.ResponseWriter, r *http.Request, _ httprouter.Params) {
 			a, err := recovery.NewFlow(conf, time.Minute, x.FakeCSRFToken, r, reg.RecoveryStrategies(context.Background()), ft)
 			require.NoError(t, err)
-			s, _ := session.NewActiveSession(ctx,
+			s, _ := session.NewActiveSession(r,
 				i,
 				conf,
 				time.Now().UTC(),
diff --git a/selfservice/flow/registration/hook.go b/selfservice/flow/registration/hook.go
index 2c017c0ed8be..3fe483a72b87 100644
--- a/selfservice/flow/registration/hook.go
+++ b/selfservice/flow/registration/hook.go
@@ -151,7 +151,7 @@ func (e *HookExecutor) PostRegistrationHook(w http.ResponseWriter, r *http.Reque
 		WithField("identity_id", i.ID).
 		Info("A new identity has registered using self-service registration.")
 
-	s, err := session.NewActiveSession(r.Context(), i, e.d.Config(), time.Now().UTC(), ct, identity.AuthenticatorAssuranceLevel1)
+	s, err := session.NewActiveSession(r, i, e.d.Config(), time.Now().UTC(), ct, identity.AuthenticatorAssuranceLevel1)
 	if err != nil {
 		return err
 	}
diff --git a/selfservice/flow/settings/error_test.go b/selfservice/flow/settings/error_test.go
index 56ced4f9cf4b..658a57e064dc 100644
--- a/selfservice/flow/settings/error_test.go
+++ b/selfservice/flow/settings/error_test.go
@@ -141,8 +141,10 @@ func TestHandleError(t *testing.T) {
 			t.Run("case=expired error", func(t *testing.T) {
 				t.Cleanup(reset)
 
+				req := httptest.NewRequest("GET", "/sessions/whoami", nil)
+
 				// This needs an authenticated client in order to call the RouteGetFlow endpoint
-				s, err := session.NewActiveSession(ctx, &id, testhelpers.NewSessionLifespanProvider(time.Hour), time.Now(), identity.CredentialsTypePassword, identity.AuthenticatorAssuranceLevel1)
+				s, err := session.NewActiveSession(req, &id, testhelpers.NewSessionLifespanProvider(time.Hour), time.Now(), identity.CredentialsTypePassword, identity.AuthenticatorAssuranceLevel1)
 				require.NoError(t, err)
 				c := testhelpers.NewHTTPClientWithSessionToken(t, reg, s)
 
diff --git a/selfservice/flow/settings/hook_test.go b/selfservice/flow/settings/hook_test.go
index f5fa15bbf61b..0f8ae0e0eb4e 100644
--- a/selfservice/flow/settings/hook_test.go
+++ b/selfservice/flow/settings/hook_test.go
@@ -48,7 +48,7 @@ func TestSettingsExecutor(t *testing.T) {
 				handleErr := testhelpers.SelfServiceHookSettingsErrorHandler
 				router.GET("/settings/pre", func(w http.ResponseWriter, r *http.Request, _ httprouter.Params) {
 					i := testhelpers.SelfServiceHookCreateFakeIdentity(t, reg)
-					sess, _ := session.NewActiveSession(ctx, i, conf, time.Now().UTC(), identity.CredentialsTypePassword, identity.AuthenticatorAssuranceLevel1)
+					sess, _ := session.NewActiveSession(r, i, conf, time.Now().UTC(), identity.CredentialsTypePassword, identity.AuthenticatorAssuranceLevel1)
 
 					f, err := settings.NewFlow(conf, time.Minute, r, sess.Identity, ft)
 					require.NoError(t, err)
@@ -59,7 +59,7 @@ func TestSettingsExecutor(t *testing.T) {
 
 				router.GET("/settings/post", func(w http.ResponseWriter, r *http.Request, _ httprouter.Params) {
 					i := testhelpers.SelfServiceHookCreateFakeIdentity(t, reg)
-					sess, _ := session.NewActiveSession(ctx, i, conf, time.Now().UTC(), identity.CredentialsTypePassword, identity.AuthenticatorAssuranceLevel1)
+					sess, _ := session.NewActiveSession(r, i, conf, time.Now().UTC(), identity.CredentialsTypePassword, identity.AuthenticatorAssuranceLevel1)
 
 					a, err := settings.NewFlow(conf, time.Minute, r, sess.Identity, ft)
 					require.NoError(t, err)
diff --git a/selfservice/flowhelpers/login_test.go b/selfservice/flowhelpers/login_test.go
index 277f9ead813c..5a0c8084e04a 100644
--- a/selfservice/flowhelpers/login_test.go
+++ b/selfservice/flowhelpers/login_test.go
@@ -18,7 +18,6 @@ import (
 )
 
 func TestGuessForcedLoginIdentifier(t *testing.T) {
-	ctx := context.Background()
 	conf, reg := internal.NewFastRegistryWithMocks(t)
 	testhelpers.SetDefaultIdentitySchema(conf, "file://./stub/login.schema.json")
 
@@ -30,7 +29,9 @@ func TestGuessForcedLoginIdentifier(t *testing.T) {
 	i.Credentials[identity.CredentialsTypePassword] = ic
 	require.NoError(t, reg.IdentityManager().Create(context.Background(), i))
 
-	sess, err := session.NewActiveSession(ctx, i, conf, time.Now(), identity.CredentialsTypePassword, identity.AuthenticatorAssuranceLevel1)
+	req := httptest.NewRequest("GET", "/sessions/whoami", nil)
+
+	sess, err := session.NewActiveSession(req, i, conf, time.Now(), identity.CredentialsTypePassword, identity.AuthenticatorAssuranceLevel1)
 	require.NoError(t, err)
 	reg.SessionPersister().UpsertSession(context.Background(), sess)
 
diff --git a/selfservice/hook/session_destroyer_test.go b/selfservice/hook/session_destroyer_test.go
index 4ef51279b552..91a8d4f878f7 100644
--- a/selfservice/hook/session_destroyer_test.go
+++ b/selfservice/hook/session_destroyer_test.go
@@ -82,7 +82,7 @@ func TestSessionDestroyer(t *testing.T) {
 			}
 
 			for k := range sessions {
-				sess, err := reg.SessionPersister().GetSession(context.Background(), sessions[k].ID)
+				sess, err := reg.SessionPersister().GetSession(context.Background(), sessions[k].ID, session.ExpandNothing)
 				require.NoError(t, err)
 				assert.True(t, sess.IsActive())
 			}
@@ -91,7 +91,7 @@ func TestSessionDestroyer(t *testing.T) {
 			require.NoError(t, tc.hook(&i))
 
 			for k := range sessions {
-				sess, err := reg.SessionPersister().GetSession(context.Background(), sessions[k].ID)
+				sess, err := reg.SessionPersister().GetSession(context.Background(), sessions[k].ID, session.ExpandNothing)
 				require.NoError(t, err)
 				assert.False(t, sess.IsActive())
 			}
diff --git a/selfservice/hook/session_issuer_test.go b/selfservice/hook/session_issuer_test.go
index a4641e752b2a..c7cedc3d8886 100644
--- a/selfservice/hook/session_issuer_test.go
+++ b/selfservice/hook/session_issuer_test.go
@@ -44,7 +44,7 @@ func TestSessionIssuer(t *testing.T) {
 			require.NoError(t, h.ExecutePostRegistrationPostPersistHook(w, &r,
 				®istration.Flow{Type: flow.TypeBrowser}, &session.Session{ID: sid, Identity: i, Token: randx.MustString(12, randx.AlphaLowerNum)}))
 
-			got, err := reg.SessionPersister().GetSession(context.Background(), sid)
+			got, err := reg.SessionPersister().GetSession(context.Background(), sid, session.ExpandNothing)
 			require.NoError(t, err)
 			assert.Equal(t, sid, got.ID)
 			assert.True(t, got.AuthenticatedAt.After(time.Now().Add(-time.Minute)))
@@ -63,7 +63,7 @@ func TestSessionIssuer(t *testing.T) {
 			err := h.ExecutePostRegistrationPostPersistHook(w, &http.Request{Header: http.Header{"Accept": {"application/json"}}}, f, s)
 			require.True(t, errors.Is(err, registration.ErrHookAbortFlow), "%+v", err)
 
-			got, err := reg.SessionPersister().GetSession(context.Background(), s.ID)
+			got, err := reg.SessionPersister().GetSession(context.Background(), s.ID, session.ExpandNothing)
 			require.NoError(t, err)
 			assert.Equal(t, s.ID.String(), got.ID.String())
 			assert.True(t, got.AuthenticatedAt.After(time.Now().Add(-time.Minute)))
@@ -86,7 +86,7 @@ func TestSessionIssuer(t *testing.T) {
 			err := h.ExecutePostRegistrationPostPersistHook(w, &http.Request{Header: http.Header{"Accept": {"application/json"}}}, f, s)
 			require.True(t, errors.Is(err, registration.ErrHookAbortFlow), "%+v", err)
 
-			got, err := reg.SessionPersister().GetSession(context.Background(), s.ID)
+			got, err := reg.SessionPersister().GetSession(context.Background(), s.ID, session.ExpandNothing)
 			require.NoError(t, err)
 			assert.Equal(t, s.ID.String(), got.ID.String())
 			assert.True(t, got.AuthenticatedAt.After(time.Now().Add(-time.Minute)))
diff --git a/selfservice/strategy/link/strategy_recovery.go b/selfservice/strategy/link/strategy_recovery.go
index 383ed31b2060..12e2a80a79cd 100644
--- a/selfservice/strategy/link/strategy_recovery.go
+++ b/selfservice/strategy/link/strategy_recovery.go
@@ -272,7 +272,7 @@ func (s *Strategy) recoveryIssueSession(w http.ResponseWriter, r *http.Request,
 		return s.retryRecoveryFlowWithError(w, r, flow.TypeBrowser, err)
 	}
 
-	sess, err := session.NewActiveSession(r.Context(), id, s.d.Config(), time.Now().UTC(), identity.CredentialsTypeRecoveryLink, identity.AuthenticatorAssuranceLevel1)
+	sess, err := session.NewActiveSession(r, id, s.d.Config(), time.Now().UTC(), identity.CredentialsTypeRecoveryLink, identity.AuthenticatorAssuranceLevel1)
 	if err != nil {
 		return s.retryRecoveryFlowWithError(w, r, flow.TypeBrowser, err)
 	}
diff --git a/selfservice/strategy/link/strategy_recovery_test.go b/selfservice/strategy/link/strategy_recovery_test.go
index 2f72ff41a476..dc4685237b94 100644
--- a/selfservice/strategy/link/strategy_recovery_test.go
+++ b/selfservice/strategy/link/strategy_recovery_test.go
@@ -379,7 +379,8 @@ func TestRecovery(t *testing.T) {
 
 			authClient := testhelpers.NewHTTPClientWithArbitrarySessionToken(t, reg)
 			if isAPI {
-				s, err := session.NewActiveSession(ctx,
+				req := httptest.NewRequest("GET", "/sessions/whoami", nil)
+				s, err := session.NewActiveSession(req,
 					&identity.Identity{ID: x.NewUUID(), State: identity.StateActive},
 					testhelpers.NewSessionLifespanProvider(time.Hour),
 					time.Now(),
@@ -660,11 +661,12 @@ func TestRecovery(t *testing.T) {
 		email := recoveryEmail
 		id := createIdentityToRecover(t, reg, email)
 
-		sess, err := session.NewActiveSession(ctx, id, conf, time.Now(), identity.CredentialsTypePassword, identity.AuthenticatorAssuranceLevel1)
+		req := httptest.NewRequest("GET", "/sessions/whoami", nil)
+		sess, err := session.NewActiveSession(req, id, conf, time.Now(), identity.CredentialsTypePassword, identity.AuthenticatorAssuranceLevel1)
 		require.NoError(t, err)
 		require.NoError(t, reg.SessionPersister().UpsertSession(context.Background(), sess))
 
-		actualSession, err := reg.SessionPersister().GetSession(context.Background(), sess.ID)
+		actualSession, err := reg.SessionPersister().GetSession(context.Background(), sess.ID, session.ExpandNothing)
 		require.NoError(t, err)
 		assert.True(t, actualSession.IsActive())
 
@@ -684,7 +686,7 @@ func TestRecovery(t *testing.T) {
 			cookies := spew.Sdump(cl.Jar.Cookies(urlx.ParseOrPanic(public.URL)))
 			assert.Contains(t, cookies, "ory_kratos_session")
 
-			actualSession, err := reg.SessionPersister().GetSession(context.Background(), sess.ID)
+			actualSession, err := reg.SessionPersister().GetSession(context.Background(), sess.ID, session.ExpandNothing)
 			require.NoError(t, err)
 			assert.False(t, actualSession.IsActive())
 		}
diff --git a/session/expand.go b/session/expand.go
new file mode 100644
index 000000000000..19a257320a15
--- /dev/null
+++ b/session/expand.go
@@ -0,0 +1,56 @@
+package session
+
+// Expandable controls what fields to expand for sessions.
+type Expandable string
+
+// Expandables is a list of Expandable values.
+type Expandables []Expandable
+
+// String returns a string representation of the Expandable.
+func (e Expandable) String() string {
+	return string(e)
+}
+
+// ToEager returns the fields used by pop's Eager command.
+func (e Expandables) ToEager() []string {
+	var s []string
+	for _, e := range e {
+		if e == ExpandSessionIdentity {
+			continue
+		}
+		s = append(s, e.String())
+	}
+	return s
+}
+
+// Has returns true if the Expandable is in the list.
+func (e Expandables) Has(search Expandable) bool {
+	for _, e := range e {
+		if e == search {
+			return true
+		}
+	}
+	return false
+}
+
+const (
+	// ExpandSessionDevices expands devices related to the session
+	ExpandSessionDevices Expandable = "Devices"
+	// ExpandSessionIdentity expands Identity related to the session
+	ExpandSessionIdentity Expandable = "Identity"
+)
+
+// ExpandNothing expands nothing
+var ExpandNothing []Expandable
+
+// ExpandDefault expands the default fields of a session
+// - Associated Identity
+var ExpandDefault = Expandables{
+	ExpandSessionIdentity,
+}
+
+// ExpandEverything expands all the fields of a session.
+var ExpandEverything = Expandables{
+	ExpandSessionDevices,
+	ExpandSessionIdentity,
+}
diff --git a/session/expand_test.go b/session/expand_test.go
new file mode 100644
index 000000000000..4525a8f76f26
--- /dev/null
+++ b/session/expand_test.go
@@ -0,0 +1,33 @@
+package session
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestExpandableSearch_ExistingExpand(t *testing.T) {
+	e := ExpandEverything
+
+	assert.True(t, e.Has(ExpandSessionDevices))
+}
+
+func TestExpandableSearch_NonExistingExpandOption(t *testing.T) {
+	e := ExpandEverything
+
+	assert.False(t, e.Has("SomeExpand"))
+}
+
+func TestExpandables_ToEager_skips_Identity(t *testing.T) {
+	e := ExpandEverything
+
+	res := e.ToEager()
+	assert.Equal(t, 1, len(res))
+	assert.Equal(t, []string{string(ExpandSessionDevices)}, res)
+}
+
+func TestExpandables_ExpandNothing_IsEmpty(t *testing.T) {
+	e := ExpandNothing
+
+	assert.True(t, len(e) == 0)
+}
diff --git a/session/handler.go b/session/handler.go
index af55b2cf3e49..a69a8c486724 100644
--- a/session/handler.go
+++ b/session/handler.go
@@ -304,7 +304,7 @@ func (h *Handler) adminListIdentitySessions(w http.ResponseWriter, r *http.Reque
 	}
 
 	page, perPage := x.ParsePagination(r)
-	sess, err := h.r.SessionPersister().ListSessionsByIdentity(r.Context(), iID, active, page, perPage, uuid.Nil)
+	sess, err := h.r.SessionPersister().ListSessionsByIdentity(r.Context(), iID, active, page, perPage, uuid.Nil, ExpandEverything)
 	if err != nil {
 		h.r.Writer().WriteError(w, r, err)
 		return
@@ -448,7 +448,7 @@ func (h *Handler) listSessions(w http.ResponseWriter, r *http.Request, _ httprou
 	}
 
 	page, perPage := x.ParsePagination(r)
-	sess, err := h.r.SessionPersister().ListSessionsByIdentity(r.Context(), s.IdentityID, pointerx.Bool(true), page, perPage, s.ID)
+	sess, err := h.r.SessionPersister().ListSessionsByIdentity(r.Context(), s.IdentityID, pointerx.Bool(true), page, perPage, s.ID, ExpandEverything)
 	if err != nil {
 		h.r.Writer().WriteError(w, r, err)
 		return
@@ -507,7 +507,7 @@ func (h *Handler) adminSessionExtend(w http.ResponseWriter, r *http.Request, ps
 		return
 	}
 
-	s, err := h.r.SessionPersister().GetSession(r.Context(), iID)
+	s, err := h.r.SessionPersister().GetSession(r.Context(), iID, ExpandNothing)
 	if err != nil {
 		h.r.Writer().WriteError(w, r, err)
 		return
diff --git a/session/handler_test.go b/session/handler_test.go
index 90652d109772..127511caae89 100644
--- a/session/handler_test.go
+++ b/session/handler_test.go
@@ -438,7 +438,7 @@ func TestHandlerAdminSessionManagement(t *testing.T) {
 		require.NoError(t, err)
 		require.Equal(t, http.StatusNoContent, res.StatusCode)
 
-		_, err = reg.SessionPersister().GetSession(ctx, s.ID)
+		_, err = reg.SessionPersister().GetSession(ctx, s.ID, ExpandNothing)
 		require.True(t, errors.Is(err, sqlcon.ErrNoRows))
 
 		t.Run("should not list session", func(t *testing.T) {
@@ -576,11 +576,11 @@ func TestHandlerSelfServiceSessionManagement(t *testing.T) {
 		require.NoError(t, err)
 		assert.Equal(t, int64(1), gjson.GetBytes(body, "count").Int(), "%s", body)
 
-		actualOther, err := reg.SessionPersister().GetSession(ctx, otherSess.ID)
+		actualOther, err := reg.SessionPersister().GetSession(ctx, otherSess.ID, ExpandNothing)
 		require.NoError(t, err)
 		assert.False(t, actualOther.Active)
 
-		actualCurr, err := reg.SessionPersister().GetSession(ctx, currSess.ID)
+		actualCurr, err := reg.SessionPersister().GetSession(ctx, currSess.ID, ExpandNothing)
 		require.NoError(t, err)
 		assert.True(t, actualCurr.Active)
 	})
@@ -601,7 +601,7 @@ func TestHandlerSelfServiceSessionManagement(t *testing.T) {
 		require.NoError(t, err)
 		require.Equal(t, http.StatusNoContent, res.StatusCode)
 
-		actualOthers, err := reg.SessionPersister().ListSessionsByIdentity(ctx, i.ID, nil, 1, 10, uuid.Nil)
+		actualOthers, err := reg.SessionPersister().ListSessionsByIdentity(ctx, i.ID, nil, 1, 10, uuid.Nil, ExpandNothing)
 		require.NoError(t, err)
 		require.Len(t, actualOthers, 3)
 
@@ -712,7 +712,7 @@ func TestHandlerRefreshSessionBySessionID(t *testing.T) {
 		require.NoError(t, err)
 		require.Equal(t, http.StatusOK, res.StatusCode)
 
-		s, err = reg.SessionPersister().GetSession(context.Background(), s.ID)
+		s, err = reg.SessionPersister().GetSession(context.Background(), s.ID, ExpandNothing)
 		require.Nil(t, err)
 	})
 
diff --git a/session/manager_http.go b/session/manager_http.go
index 3b1e7a339601..8828e59d520a 100644
--- a/session/manager_http.go
+++ b/session/manager_http.go
@@ -185,7 +185,7 @@ func (s *ManagerHTTP) FetchFromRequest(ctx context.Context, r *http.Request) (*S
 		return nil, errors.WithStack(NewErrNoActiveSessionFound())
 	}
 
-	se, err := s.r.SessionPersister().GetSessionByToken(ctx, token)
+	se, err := s.r.SessionPersister().GetSessionByToken(ctx, token, ExpandEverything)
 	if err != nil {
 		if errors.Is(err, herodot.ErrNotFound) || errors.Is(err, sqlcon.ErrNoRows) {
 			return nil, errors.WithStack(NewErrNoActiveSessionFound())
@@ -261,7 +261,7 @@ func (s *ManagerHTTP) DoesSessionSatisfy(r *http.Request, sess *Session, request
 
 func (s *ManagerHTTP) SessionAddAuthenticationMethods(ctx context.Context, sid uuid.UUID, ams ...AuthenticationMethod) error {
 	// Since we added the method, it also means that we have authenticated it
-	sess, err := s.r.SessionPersister().GetSession(ctx, sid)
+	sess, err := s.r.SessionPersister().GetSession(ctx, sid, ExpandNothing)
 	if err != nil {
 		return err
 	}
diff --git a/session/manager_http_test.go b/session/manager_http_test.go
index 4c93292bd89b..cf744c8dee30 100644
--- a/session/manager_http_test.go
+++ b/session/manager_http_test.go
@@ -141,13 +141,15 @@ func TestManagerHTTP(t *testing.T) {
 	})
 
 	t.Run("suite=SessionAddAuthenticationMethod", func(t *testing.T) {
+		req := x.NewTestHTTPRequest(t, "GET", "/sessions/whoami", nil)
+
 		conf, reg := internal.NewFastRegistryWithMocks(t)
 		testhelpers.SetDefaultIdentitySchema(conf, "file://./stub/identity.schema.json")
 
 		i := &identity.Identity{Traits: []byte("{}"), State: identity.StateActive}
 		require.NoError(t, reg.PrivilegedIdentityPool().CreateIdentity(context.Background(), i))
 		sess := session.NewInactiveSession()
-		require.NoError(t, sess.Activate(ctx, i, conf, time.Now()))
+		require.NoError(t, sess.Activate(req, i, conf, time.Now()))
 		require.NoError(t, reg.SessionPersister().UpsertSession(context.Background(), sess))
 		require.NoError(t, reg.SessionManager().SessionAddAuthenticationMethods(context.Background(), sess.ID,
 			session.AuthenticationMethod{
@@ -160,7 +162,7 @@ func TestManagerHTTP(t *testing.T) {
 			}))
 		assert.Len(t, sess.AMR, 0)
 
-		actual, err := reg.SessionPersister().GetSession(context.Background(), sess.ID)
+		actual, err := reg.SessionPersister().GetSession(context.Background(), sess.ID, session.ExpandNothing)
 		require.NoError(t, err)
 		assert.EqualValues(t, identity.AuthenticatorAssuranceLevel2, actual.AuthenticatorAssuranceLevel)
 		for _, amr := range actual.AMR {
@@ -202,11 +204,12 @@ func TestManagerHTTP(t *testing.T) {
 		reg.RegisterPublicRoutes(context.Background(), rp)
 
 		t.Run("case=valid", func(t *testing.T) {
-			conf.MustSet(ctx, config.ViperKeySessionLifespan, "1m")
+			req := x.NewTestHTTPRequest(t, "GET", "/sessions/whoami", nil)
+			conf.MustSet(req.Context(), config.ViperKeySessionLifespan, "1m")
 
 			i := identity.Identity{Traits: []byte("{}")}
 			require.NoError(t, reg.PrivilegedIdentityPool().CreateIdentity(context.Background(), &i))
-			s, _ = session.NewActiveSession(ctx, &i, conf, time.Now(), identity.CredentialsTypePassword, identity.AuthenticatorAssuranceLevel1)
+			s, _ = session.NewActiveSession(req, &i, conf, time.Now(), identity.CredentialsTypePassword, identity.AuthenticatorAssuranceLevel1)
 
 			c := testhelpers.NewClientWithCookies(t)
 			testhelpers.MockHydrateCookieClient(t, c, pts.URL+"/session/set")
@@ -217,6 +220,7 @@ func TestManagerHTTP(t *testing.T) {
 		})
 
 		t.Run("case=key rotation", func(t *testing.T) {
+			req := x.NewTestHTTPRequest(t, "GET", "/sessions/whoami", nil)
 			original := conf.GetProvider(ctx).Strings(config.ViperKeySecretsCookie)
 			t.Cleanup(func() {
 				conf.MustSet(ctx, config.ViperKeySecretsCookie, original)
@@ -226,7 +230,7 @@ func TestManagerHTTP(t *testing.T) {
 
 			i := identity.Identity{Traits: []byte("{}")}
 			require.NoError(t, reg.PrivilegedIdentityPool().CreateIdentity(context.Background(), &i))
-			s, _ = session.NewActiveSession(ctx, &i, conf, time.Now(), identity.CredentialsTypePassword, identity.AuthenticatorAssuranceLevel1)
+			s, _ = session.NewActiveSession(req, &i, conf, time.Now(), identity.CredentialsTypePassword, identity.AuthenticatorAssuranceLevel1)
 
 			c := testhelpers.NewClientWithCookies(t)
 			testhelpers.MockHydrateCookieClient(t, c, pts.URL+"/session/set")
@@ -242,6 +246,7 @@ func TestManagerHTTP(t *testing.T) {
 		})
 
 		t.Run("case=no panic on invalid cookie name", func(t *testing.T) {
+			req := x.NewTestHTTPRequest(t, "GET", "/sessions/whoami", nil)
 			conf.MustSet(ctx, config.ViperKeySessionLifespan, "1m")
 			conf.MustSet(ctx, config.ViperKeySessionName, "$%˜\"")
 			t.Cleanup(func() {
@@ -255,7 +260,7 @@ func TestManagerHTTP(t *testing.T) {
 
 			i := identity.Identity{Traits: []byte("{}")}
 			require.NoError(t, reg.PrivilegedIdentityPool().CreateIdentity(context.Background(), &i))
-			s, _ = session.NewActiveSession(ctx, &i, conf, time.Now(), identity.CredentialsTypePassword, identity.AuthenticatorAssuranceLevel1)
+			s, _ = session.NewActiveSession(req, &i, conf, time.Now(), identity.CredentialsTypePassword, identity.AuthenticatorAssuranceLevel1)
 
 			c := testhelpers.NewClientWithCookies(t)
 			res, err := c.Get(pts.URL + "/session/set/invalid")
@@ -264,11 +269,12 @@ func TestManagerHTTP(t *testing.T) {
 		})
 
 		t.Run("case=valid and uses x-session-cookie", func(t *testing.T) {
+			req := x.NewTestHTTPRequest(t, "GET", "/sessions/whoami", nil)
 			conf.MustSet(ctx, config.ViperKeySessionLifespan, "1m")
 
 			i := identity.Identity{Traits: []byte("{}")}
 			require.NoError(t, reg.PrivilegedIdentityPool().CreateIdentity(context.Background(), &i))
-			s, _ = session.NewActiveSession(ctx, &i, conf, time.Now(), identity.CredentialsTypePassword, identity.AuthenticatorAssuranceLevel1)
+			s, _ = session.NewActiveSession(req, &i, conf, time.Now(), identity.CredentialsTypePassword, identity.AuthenticatorAssuranceLevel1)
 
 			c := testhelpers.NewClientWithCookies(t)
 			testhelpers.MockHydrateCookieClient(t, c, pts.URL+"/session/set")
@@ -297,16 +303,17 @@ func TestManagerHTTP(t *testing.T) {
 		})
 
 		t.Run("case=valid bearer auth as fallback", func(t *testing.T) {
+			req := x.NewTestHTTPRequest(t, "GET", "/sessions/whoami", nil)
 			conf.MustSet(ctx, config.ViperKeySessionLifespan, "1m")
 
 			i := identity.Identity{Traits: []byte("{}"), State: identity.StateActive}
 			require.NoError(t, reg.PrivilegedIdentityPool().CreateIdentity(context.Background(), &i))
-			s, err := session.NewActiveSession(ctx, &i, conf, time.Now(), identity.CredentialsTypePassword, identity.AuthenticatorAssuranceLevel1)
+			s, err := session.NewActiveSession(req, &i, conf, time.Now(), identity.CredentialsTypePassword, identity.AuthenticatorAssuranceLevel1)
 			require.NoError(t, err)
 			require.NoError(t, reg.SessionPersister().UpsertSession(context.Background(), s))
 			require.NotEmpty(t, s.Token)
 
-			req, err := http.NewRequest("GET", pts.URL+"/session/get", nil)
+			req, err = http.NewRequest("GET", pts.URL+"/session/get", nil)
 			require.NoError(t, err)
 			req.Header.Set("Authorization", "Bearer "+s.Token)
 
@@ -317,15 +324,16 @@ func TestManagerHTTP(t *testing.T) {
 		})
 
 		t.Run("case=valid x-session-token auth even if bearer is set", func(t *testing.T) {
+			req := x.NewTestHTTPRequest(t, "GET", "/sessions/whoami", nil)
 			conf.MustSet(ctx, config.ViperKeySessionLifespan, "1m")
 
 			i := identity.Identity{Traits: []byte("{}"), State: identity.StateActive}
 			require.NoError(t, reg.PrivilegedIdentityPool().CreateIdentity(context.Background(), &i))
-			s, err := session.NewActiveSession(ctx, &i, conf, time.Now(), identity.CredentialsTypePassword, identity.AuthenticatorAssuranceLevel1)
+			s, err := session.NewActiveSession(req, &i, conf, time.Now(), identity.CredentialsTypePassword, identity.AuthenticatorAssuranceLevel1)
 			require.NoError(t, err)
 			require.NoError(t, reg.SessionPersister().UpsertSession(context.Background(), s))
 
-			req, err := http.NewRequest("GET", pts.URL+"/session/get", nil)
+			req, err = http.NewRequest("GET", pts.URL+"/session/get", nil)
 			require.NoError(t, err)
 			req.Header.Set("Authorization", "Bearer invalid")
 			req.Header.Set("X-Session-Token", s.Token)
@@ -337,6 +345,7 @@ func TestManagerHTTP(t *testing.T) {
 		})
 
 		t.Run("case=expired", func(t *testing.T) {
+			req := x.NewTestHTTPRequest(t, "GET", "/sessions/whoami", nil)
 			conf.MustSet(ctx, config.ViperKeySessionLifespan, "1ns")
 			t.Cleanup(func() {
 				conf.MustSet(ctx, config.ViperKeySessionLifespan, "1m")
@@ -344,7 +353,7 @@ func TestManagerHTTP(t *testing.T) {
 
 			i := identity.Identity{Traits: []byte("{}")}
 			require.NoError(t, reg.PrivilegedIdentityPool().CreateIdentity(context.Background(), &i))
-			s, _ = session.NewActiveSession(ctx, &i, conf, time.Now(), identity.CredentialsTypePassword, identity.AuthenticatorAssuranceLevel1)
+			s, _ = session.NewActiveSession(req, &i, conf, time.Now(), identity.CredentialsTypePassword, identity.AuthenticatorAssuranceLevel1)
 
 			c := testhelpers.NewClientWithCookies(t)
 			testhelpers.MockHydrateCookieClient(t, c, pts.URL+"/session/set")
@@ -357,11 +366,12 @@ func TestManagerHTTP(t *testing.T) {
 		})
 
 		t.Run("case=revoked", func(t *testing.T) {
+			req := x.NewTestHTTPRequest(t, "GET", "/sessions/whoami", nil)
 			i := identity.Identity{Traits: []byte("{}")}
 			require.NoError(t, reg.PrivilegedIdentityPool().CreateIdentity(context.Background(), &i))
-			s, _ = session.NewActiveSession(ctx, &i, conf, time.Now(), identity.CredentialsTypePassword, identity.AuthenticatorAssuranceLevel1)
+			s, _ = session.NewActiveSession(req, &i, conf, time.Now(), identity.CredentialsTypePassword, identity.AuthenticatorAssuranceLevel1)
 
-			s, _ = session.NewActiveSession(ctx, &i, conf, time.Now(), identity.CredentialsTypePassword, identity.AuthenticatorAssuranceLevel1)
+			s, _ = session.NewActiveSession(req, &i, conf, time.Now(), identity.CredentialsTypePassword, identity.AuthenticatorAssuranceLevel1)
 
 			c := testhelpers.NewClientWithCookies(t)
 			testhelpers.MockHydrateCookieClient(t, c, pts.URL+"/session/set")
@@ -379,6 +389,7 @@ func TestManagerHTTP(t *testing.T) {
 			conf.MustSet(ctx, config.ViperKeySessionLifespan, "1m")
 
 			t.Run("required_aal=aal2", func(t *testing.T) {
+				req := x.NewTestHTTPRequest(t, "GET", "/sessions/whoami", nil)
 				idAAL2 := createAAL2Identity(t, reg)
 				idAAL1 := createAAL1Identity(t, reg)
 				require.NoError(t, reg.PrivilegedIdentityPool().CreateIdentity(context.Background(), idAAL1))
@@ -389,7 +400,7 @@ func TestManagerHTTP(t *testing.T) {
 					for _, m := range complete {
 						s.CompletedLoginFor(m, "")
 					}
-					require.NoError(t, s.Activate(ctx, i, conf, time.Now().UTC()))
+					require.NoError(t, s.Activate(req, i, conf, time.Now().UTC()))
 					err := reg.SessionManager().DoesSessionSatisfy((&http.Request{}).WithContext(context.Background()), s, requested)
 					if expectedError != nil {
 						require.ErrorAs(t, err, &expectedError)
@@ -424,7 +435,6 @@ func TestManagerHTTP(t *testing.T) {
 }
 
 func TestDoesSessionSatisfy(t *testing.T) {
-	ctx := context.Background()
 	conf, reg := internal.NewFastRegistryWithMocks(t)
 	testhelpers.SetDefaultIdentitySchema(conf, "file://./stub/identity.schema.json")
 
@@ -552,11 +562,12 @@ func TestDoesSessionSatisfy(t *testing.T) {
 				require.NoError(t, reg.PrivilegedIdentityPool().DeleteIdentity(context.Background(), id.ID))
 			})
 
+			req := x.NewTestHTTPRequest(t, "GET", "/sessions/whoami", nil)
 			s := session.NewInactiveSession()
 			for _, m := range tc.amr {
 				s.CompletedLoginFor(m.Method, m.AAL)
 			}
-			require.NoError(t, s.Activate(ctx, id, conf, time.Now().UTC()))
+			require.NoError(t, s.Activate(req, id, conf, time.Now().UTC()))
 
 			err := reg.SessionManager().DoesSessionSatisfy((&http.Request{}).WithContext(context.Background()), s, string(tc.requested))
 			if tc.err != nil {
diff --git a/session/persistence.go b/session/persistence.go
index ad3bb4550c1b..2244dff96987 100644
--- a/session/persistence.go
+++ b/session/persistence.go
@@ -13,10 +13,10 @@ type PersistenceProvider interface {
 
 type Persister interface {
 	// GetSession retrieves a session from the store.
-	GetSession(ctx context.Context, sid uuid.UUID) (*Session, error)
+	GetSession(ctx context.Context, sid uuid.UUID, expandables Expandables) (*Session, error)
 
 	// ListSessionsByIdentity retrieves sessions for an identity from the store.
-	ListSessionsByIdentity(ctx context.Context, iID uuid.UUID, active *bool, page, perPage int, except uuid.UUID) ([]*Session, error)
+	ListSessionsByIdentity(ctx context.Context, iID uuid.UUID, active *bool, page, perPage int, except uuid.UUID, expandables Expandables) ([]*Session, error)
 
 	// UpsertSession inserts or updates a session into / in the store.
 	UpsertSession(ctx context.Context, s *Session) error
@@ -31,7 +31,7 @@ type Persister interface {
 	//
 	// Functionality is similar to GetSession but accepts a session token
 	// instead of a session ID.
-	GetSessionByToken(context.Context, string) (*Session, error)
+	GetSessionByToken(ctx context.Context, token string, expandables Expandables) (*Session, error)
 
 	// DeleteExpiredSessions deletes sessions that expired before the given time.
 	DeleteExpiredSessions(context.Context, time.Time, int) error
diff --git a/session/session.go b/session/session.go
index f8dd18cdb1f6..56824e8fc1cf 100644
--- a/session/session.go
+++ b/session/session.go
@@ -5,8 +5,13 @@ import (
 	"database/sql/driver"
 	"encoding/json"
 	"fmt"
+	"net/http"
+	"strings"
 	"time"
 
+	"github.com/ory/x/httpx"
+	"github.com/ory/x/stringsx"
+
 	"github.com/pkg/errors"
 
 	"github.com/gofrs/uuid"
@@ -27,6 +32,40 @@ type refreshWindowProvider interface {
 	SessionRefreshMinTimeLeft(ctx context.Context) time.Duration
 }
 
+// Device corresponding to a Session
+//
+// swagger:model sessionDevice
+type Device struct {
+	// Device record ID
+	//
+	// required: true
+	ID uuid.UUID `json:"id" faker:"-" db:"id"`
+
+	// SessionID is a helper struct field for gobuffalo.pop.
+	SessionID uuid.UUID `json:"-" faker:"-" db:"session_id"`
+
+	// IPAddress of the client
+	IPAddress *string `json:"ip_address" faker:"ptr_ipv4" db:"ip_address"`
+
+	// UserAgent of the client
+	UserAgent *string `json:"user_agent" faker:"-" db:"user_agent"`
+
+	// Geo Location corresponding to the IP Address
+	Location *string `json:"location" faker:"ptr_geo_location" db:"location"`
+
+	// Time of capture
+	CreatedAt time.Time `json:"-" faker:"-" db:"created_at"`
+
+	// Last updated at
+	UpdatedAt time.Time `json:"-" faker:"-" db:"updated_at"`
+
+	NID uuid.UUID `json:"-"  faker:"-" db:"nid"`
+}
+
+func (m Device) TableName(ctx context.Context) string {
+	return "session_devices"
+}
+
 // A Session
 //
 // swagger:model session
@@ -79,6 +118,9 @@ type Session struct {
 	// required: true
 	Identity *identity.Identity `json:"identity" faker:"identity" db:"-" belongs_to:"identities" fk_id:"IdentityID"`
 
+	// Devices has history of all endpoints where the session was used
+	Devices []Device `json:"devices" faker:"-" has_many:"session_devices" fk_id:"session_id"`
+
 	// IdentityID is a helper struct field for gobuffalo.pop.
 	IdentityID uuid.UUID `json:"-" faker:"-" db:"identity_id"`
 
@@ -148,10 +190,10 @@ func (s *Session) SetAuthenticatorAssuranceLevel() {
 	}
 }
 
-func NewActiveSession(ctx context.Context, i *identity.Identity, c lifespanProvider, authenticatedAt time.Time, completedLoginFor identity.CredentialsType, completedLoginAAL identity.AuthenticatorAssuranceLevel) (*Session, error) {
+func NewActiveSession(r *http.Request, i *identity.Identity, c lifespanProvider, authenticatedAt time.Time, completedLoginFor identity.CredentialsType, completedLoginAAL identity.AuthenticatorAssuranceLevel) (*Session, error) {
 	s := NewInactiveSession()
 	s.CompletedLoginFor(completedLoginFor, completedLoginAAL)
-	if err := s.Activate(ctx, i, c, authenticatedAt); err != nil {
+	if err := s.Activate(r, i, c, authenticatedAt); err != nil {
 		return nil, err
 	}
 	return s, nil
@@ -167,26 +209,56 @@ func NewInactiveSession() *Session {
 	}
 }
 
-func (s *Session) Activate(ctx context.Context, i *identity.Identity, c lifespanProvider, authenticatedAt time.Time) error {
+func (s *Session) Activate(r *http.Request, i *identity.Identity, c lifespanProvider, authenticatedAt time.Time) error {
 	if i != nil && !i.IsActive() {
 		return ErrIdentityDisabled.WithDetail("identity_id", i.ID)
 	}
 
 	s.Active = true
-	s.ExpiresAt = authenticatedAt.Add(c.SessionLifespan(ctx))
+	s.ExpiresAt = authenticatedAt.Add(c.SessionLifespan(r.Context()))
 	s.AuthenticatedAt = authenticatedAt
 	s.IssuedAt = authenticatedAt
 	s.Identity = i
 	s.IdentityID = i.ID
 
+	s.SaveSessionDeviceInformation(r)
 	s.SetAuthenticatorAssuranceLevel()
 	return nil
 }
 
-// swagger:model sessionDevice
-type Device struct {
-	// UserAgent of this device
-	UserAgent string `json:"user_agent"`
+func (s *Session) SaveSessionDeviceInformation(r *http.Request) {
+	var device Device
+
+	device.ID = x.NewUUID()
+	device.SessionID = s.ID
+
+	agent := r.Header["User-Agent"]
+	if len(agent) > 0 {
+		device.UserAgent = stringsx.GetPointer(strings.Join(agent, " "))
+	}
+
+	if trueClientIP := r.Header.Get("True-Client-IP"); trueClientIP != "" {
+		device.IPAddress = &trueClientIP
+	} else if realClientIP := r.Header.Get("X-Real-IP"); realClientIP != "" {
+		device.IPAddress = &realClientIP
+	} else if forwardedIP := r.Header["X-Forwarded-For"]; len(forwardedIP) != 0 {
+		ip, _ := httpx.GetClientIPAddress(forwardedIP, httpx.InternalIPSet)
+		device.IPAddress = &ip
+	} else {
+		device.IPAddress = &r.RemoteAddr
+	}
+
+	var clientGeoLocation []string
+
+	if r.Header.Get("Cf-Ipcity") != "" {
+		clientGeoLocation = append(clientGeoLocation, r.Header.Get("Cf-Ipcity"))
+	}
+	if r.Header.Get("Cf-Ipcountry") != "" {
+		clientGeoLocation = append(clientGeoLocation, r.Header.Get("Cf-Ipcountry"))
+	}
+	device.Location = stringsx.GetPointer(strings.Join(clientGeoLocation, ", "))
+
+	s.Devices = append(s.Devices, device)
 }
 
 func (s *Session) Declassify() *Session {
diff --git a/session/session_test.go b/session/session_test.go
index cbc6ad2c2341..b3c8585064e8 100644
--- a/session/session_test.go
+++ b/session/session_test.go
@@ -6,6 +6,8 @@ import (
 	"testing"
 	"time"
 
+	"github.com/ory/kratos/x"
+
 	"github.com/stretchr/testify/require"
 
 	"github.com/stretchr/testify/assert"
@@ -22,16 +24,18 @@ func TestSession(t *testing.T) {
 	authAt := time.Now()
 
 	t.Run("case=active session", func(t *testing.T) {
+		req := x.NewTestHTTPRequest(t, "GET", "/sessions/whoami", nil)
+
 		i := new(identity.Identity)
 		i.State = identity.StateActive
-		s, _ := session.NewActiveSession(ctx, i, conf, authAt, identity.CredentialsTypePassword, identity.AuthenticatorAssuranceLevel1)
+		s, _ := session.NewActiveSession(req, i, conf, authAt, identity.CredentialsTypePassword, identity.AuthenticatorAssuranceLevel1)
 		assert.True(t, s.IsActive())
 		require.NotEmpty(t, s.Token)
 		require.NotEmpty(t, s.LogoutToken)
 		assert.EqualValues(t, identity.CredentialsTypePassword, s.AMR[0].Method)
 
 		i = new(identity.Identity)
-		s, err := session.NewActiveSession(ctx, i, conf, authAt, identity.CredentialsTypePassword, identity.AuthenticatorAssuranceLevel1)
+		s, err := session.NewActiveSession(req, i, conf, authAt, identity.CredentialsTypePassword, identity.AuthenticatorAssuranceLevel1)
 		assert.Nil(t, s)
 		assert.ErrorIs(t, err, session.ErrIdentityDisabled)
 	})
@@ -51,19 +55,77 @@ func TestSession(t *testing.T) {
 	})
 
 	t.Run("case=activate", func(t *testing.T) {
+		req := x.NewTestHTTPRequest(t, "GET", "/sessions/whoami", nil)
+
 		s := session.NewInactiveSession()
-		require.NoError(t, s.Activate(ctx, &identity.Identity{State: identity.StateActive}, conf, authAt))
+		require.NoError(t, s.Activate(req, &identity.Identity{State: identity.StateActive}, conf, authAt))
 		assert.True(t, s.Active)
 		assert.Equal(t, identity.NoAuthenticatorAssuranceLevel, s.AuthenticatorAssuranceLevel)
 		assert.Equal(t, authAt, s.AuthenticatedAt)
 
 		s = session.NewInactiveSession()
-		require.ErrorIs(t, s.Activate(ctx, &identity.Identity{State: identity.StateInactive}, conf, authAt), session.ErrIdentityDisabled)
+		require.ErrorIs(t, s.Activate(req, &identity.Identity{State: identity.StateInactive}, conf, authAt), session.ErrIdentityDisabled)
 		assert.False(t, s.Active)
 		assert.Equal(t, identity.NoAuthenticatorAssuranceLevel, s.AuthenticatorAssuranceLevel)
 		assert.Empty(t, s.AuthenticatedAt)
 	})
 
+	t.Run("case=client information reverse proxy forward", func(t *testing.T) {
+		req := x.NewTestHTTPRequest(t, "GET", "/sessions/whoami", nil)
+		req.Header["User-Agent"] = []string{"Mozilla/5.0 (X11; Linux x86_64)", "AppleWebKit/537.36 (KHTML, like Gecko)", "Chrome/51.0.2704.103 Safari/537.36"}
+		req.Header["X-Forwarded-For"] = []string{"54.155.246.232", "10.145.1.10"}
+
+		s := session.NewInactiveSession()
+		require.NoError(t, s.Activate(req, &identity.Identity{State: identity.StateActive}, conf, authAt))
+		assert.True(t, s.Active)
+		assert.Equal(t, identity.NoAuthenticatorAssuranceLevel, s.AuthenticatorAssuranceLevel)
+		assert.Equal(t, authAt, s.AuthenticatedAt)
+		assert.Equal(t, 1, len(s.Devices))
+		assert.Equal(t, s.ID.String(), s.Devices[0].SessionID.String())
+		assert.Equal(t, "54.155.246.232", *s.Devices[0].IPAddress)
+		assert.Equal(t, "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36", *s.Devices[0].UserAgent)
+		assert.Equal(t, "", *s.Devices[0].Location)
+	})
+
+	t.Run("case=client information reverse proxy real IP set", func(t *testing.T) {
+		req := x.NewTestHTTPRequest(t, "GET", "/sessions/whoami", nil)
+		req.Header["User-Agent"] = []string{"Mozilla/5.0 (X11; Linux x86_64)", "AppleWebKit/537.36 (KHTML, like Gecko)", "Chrome/51.0.2704.103 Safari/537.36"}
+		req.Header.Set("X-Real-IP", "54.155.246.155")
+		req.Header["X-Forwarded-For"] = []string{"54.155.246.232", "10.145.1.10"}
+
+		s := session.NewInactiveSession()
+		require.NoError(t, s.Activate(req, &identity.Identity{State: identity.StateActive}, conf, authAt))
+		assert.True(t, s.Active)
+		assert.Equal(t, identity.NoAuthenticatorAssuranceLevel, s.AuthenticatorAssuranceLevel)
+		assert.Equal(t, authAt, s.AuthenticatedAt)
+		assert.Equal(t, 1, len(s.Devices))
+		assert.Equal(t, s.ID.String(), s.Devices[0].SessionID.String())
+		assert.NotNil(t, s.Devices[0].UpdatedAt)
+		assert.NotNil(t, s.Devices[0].CreatedAt)
+		assert.Equal(t, "54.155.246.155", *s.Devices[0].IPAddress)
+		assert.Equal(t, "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36", *s.Devices[0].UserAgent)
+		assert.Equal(t, "", *s.Devices[0].Location)
+	})
+
+	t.Run("case=client information CF", func(t *testing.T) {
+		req := x.NewTestHTTPRequest(t, "GET", "/sessions/whoami", nil)
+		req.Header["User-Agent"] = []string{"Mozilla/5.0 (X11; Linux x86_64)", "AppleWebKit/537.36 (KHTML, like Gecko)", "Chrome/51.0.2704.103 Safari/537.36"}
+		req.Header.Set("True-Client-IP", "54.155.246.232")
+		req.Header.Set("Cf-Ipcity", "Munich")
+		req.Header.Set("Cf-Ipcountry", "Germany")
+
+		s := session.NewInactiveSession()
+		require.NoError(t, s.Activate(req, &identity.Identity{State: identity.StateActive}, conf, authAt))
+		assert.True(t, s.Active)
+		assert.Equal(t, identity.NoAuthenticatorAssuranceLevel, s.AuthenticatorAssuranceLevel)
+		assert.Equal(t, authAt, s.AuthenticatedAt)
+		assert.Equal(t, 1, len(s.Devices))
+		assert.Equal(t, s.ID.String(), s.Devices[0].SessionID.String())
+		assert.Equal(t, "54.155.246.232", *s.Devices[0].IPAddress)
+		assert.Equal(t, "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36", *s.Devices[0].UserAgent)
+		assert.Equal(t, "Munich, Germany", *s.Devices[0].Location)
+	})
+
 	for k, tc := range []struct {
 		d        string
 		methods  []session.AuthenticationMethod
@@ -192,6 +254,8 @@ func TestSession(t *testing.T) {
 	}
 
 	t.Run("case=session refresh", func(t *testing.T) {
+		req := x.NewTestHTTPRequest(t, "GET", "/sessions/whoami", nil)
+
 		conf.MustSet(ctx, config.ViperKeySessionLifespan, "24h")
 		conf.MustSet(ctx, config.ViperKeySessionRefreshMinTimeLeft, "12h")
 		t.Cleanup(func() {
@@ -200,7 +264,7 @@ func TestSession(t *testing.T) {
 		})
 		i := new(identity.Identity)
 		i.State = identity.StateActive
-		s, _ := session.NewActiveSession(ctx, i, conf, authAt, identity.CredentialsTypePassword, identity.AuthenticatorAssuranceLevel1)
+		s, _ := session.NewActiveSession(req, i, conf, authAt, identity.CredentialsTypePassword, identity.AuthenticatorAssuranceLevel1)
 		assert.False(t, s.CanBeRefreshed(ctx, conf), "fresh session is not refreshable")
 
 		s.ExpiresAt = s.ExpiresAt.Add(-12 * time.Hour)
diff --git a/session/test/persistence.go b/session/test/persistence.go
index 15e7eeb96b5f..3cc8482156cb 100644
--- a/session/test/persistence.go
+++ b/session/test/persistence.go
@@ -32,7 +32,7 @@ func TestPersister(ctx context.Context, conf *config.Config, p interface {
 		testhelpers.SetDefaultIdentitySchema(conf, "file://./stub/identity.schema.json")
 
 		t.Run("case=not found", func(t *testing.T) {
-			_, err := p.GetSession(ctx, x.NewUUID())
+			_, err := p.GetSession(ctx, x.NewUUID(), session.ExpandNothing)
 			require.Error(t, err)
 		})
 
@@ -46,6 +46,12 @@ func TestPersister(ctx context.Context, conf *config.Config, p interface {
 			}
 			require.NoError(t, p.CreateIdentity(ctx, expected.Identity))
 
+			var expectedSessionDevice session.Device
+			require.NoError(t, faker.FakeData(&expectedSessionDevice))
+			expected.Devices = []session.Device{
+				expectedSessionDevice,
+			}
+
 			assert.Equal(t, uuid.Nil, expected.ID)
 			require.NoError(t, p.UpsertSession(ctx, &expected))
 			assert.NotEqual(t, uuid.Nil, expected.ID)
@@ -65,22 +71,39 @@ func TestPersister(ctx context.Context, conf *config.Config, p interface {
 				assert.Equal(t, expected.AMR, actual.AMR)
 			}
 
+			checkDevices := func(actual []session.Device, err error) {
+				require.NoError(t, err)
+				assert.Equal(t, len(expected.Devices), len(actual))
+
+				for i, d := range actual {
+					assert.Equal(t, expected.Devices[i].SessionID, d.SessionID)
+					assert.Equal(t, expected.Devices[i].NID, d.NID)
+					assert.Equal(t, *expected.Devices[i].IPAddress, *d.IPAddress)
+					assert.Equal(t, expected.Devices[i].UserAgent, d.UserAgent)
+					assert.Equal(t, *expected.Devices[i].Location, *d.Location)
+				}
+			}
+
 			t.Run("method=get by id", func(t *testing.T) {
-				check(p.GetSession(ctx, expected.ID))
+				sess, err := p.GetSession(ctx, expected.ID, session.ExpandEverything)
+				check(sess, err)
+				checkDevices(sess.Devices, err)
 
 				t.Run("on another network", func(t *testing.T) {
 					_, p := testhelpers.NewNetwork(t, ctx, p)
-					_, err := p.GetSession(ctx, expected.ID)
+					_, err := p.GetSession(ctx, expected.ID, session.ExpandEverything)
 					assert.ErrorIs(t, err, sqlcon.ErrNoRows)
 				})
 			})
 
 			t.Run("method=get by token", func(t *testing.T) {
-				check(p.GetSessionByToken(ctx, expected.Token))
+				sess, err := p.GetSessionByToken(ctx, expected.Token, session.ExpandEverything)
+				check(sess, err)
+				checkDevices(sess.Devices, err)
 
 				t.Run("on another network", func(t *testing.T) {
 					_, p := testhelpers.NewNetwork(t, ctx, p)
-					_, err := p.GetSessionByToken(ctx, expected.Token)
+					_, err := p.GetSessionByToken(ctx, expected.Token, session.ExpandNothing)
 					assert.ErrorIs(t, err, sqlcon.ErrNoRows)
 				})
 			})
@@ -93,6 +116,12 @@ func TestPersister(ctx context.Context, conf *config.Config, p interface {
 					require.NoError(t, faker.FakeData(&sess[j]))
 					sess[j].Identity = i
 					sess[j].Active = j%2 == 0
+
+					var device session.Device
+					require.NoError(t, faker.FakeData(&device))
+					sess[j].Devices = []session.Device{
+						device,
+					}
 					require.NoError(t, p.UpsertSession(ctx, &sess[j]))
 				}
 
@@ -149,7 +178,7 @@ func TestPersister(ctx context.Context, conf *config.Config, p interface {
 					},
 				} {
 					t.Run("case="+tc.desc, func(t *testing.T) {
-						actual, err := p.ListSessionsByIdentity(ctx, i.ID, tc.active, 1, 10, tc.except)
+						actual, err := p.ListSessionsByIdentity(ctx, i.ID, tc.active, 1, 10, tc.except, session.ExpandEverything)
 						require.NoError(t, err)
 
 						require.Equal(t, len(tc.expected), len(actual))
@@ -158,6 +187,7 @@ func TestPersister(ctx context.Context, conf *config.Config, p interface {
 							for _, as := range actual {
 								if as.ID == es.ID {
 									found = true
+									assert.Equal(t, len(es.Devices), len(as.Devices))
 								}
 							}
 							assert.True(t, found)
@@ -167,7 +197,7 @@ func TestPersister(ctx context.Context, conf *config.Config, p interface {
 
 				t.Run("other network", func(t *testing.T) {
 					_, other := testhelpers.NewNetwork(t, ctx, p)
-					actual, err := other.ListSessionsByIdentity(ctx, i.ID, nil, 1, 10, uuid.Nil)
+					actual, err := other.ListSessionsByIdentity(ctx, i.ID, nil, 1, 10, uuid.Nil, session.ExpandNothing)
 					require.NoError(t, err)
 					assert.Len(t, actual, 0)
 				})
@@ -177,7 +207,7 @@ func TestPersister(ctx context.Context, conf *config.Config, p interface {
 				expected.AuthenticatorAssuranceLevel = identity.AuthenticatorAssuranceLevel3
 				require.NoError(t, p.UpsertSession(ctx, &expected))
 
-				actual, err := p.GetSessionByToken(ctx, expected.Token)
+				actual, err := p.GetSessionByToken(ctx, expected.Token, session.ExpandDefault)
 				check(actual, err)
 				assert.Equal(t, identity.AuthenticatorAssuranceLevel3, actual.AuthenticatorAssuranceLevel)
 			})
@@ -186,7 +216,7 @@ func TestPersister(ctx context.Context, conf *config.Config, p interface {
 				expected.AMR = nil
 				require.NoError(t, p.UpsertSession(ctx, &expected))
 
-				actual, err := p.GetSessionByToken(ctx, expected.Token)
+				actual, err := p.GetSessionByToken(ctx, expected.Token, session.ExpandDefault)
 				check(actual, err)
 				assert.Empty(t, actual.AMR)
 			})
@@ -203,12 +233,12 @@ func TestPersister(ctx context.Context, conf *config.Config, p interface {
 				err := other.DeleteSession(ctx, expected.ID)
 				assert.ErrorIs(t, err, sqlcon.ErrNoRows)
 
-				_, err = p.GetSession(ctx, expected.ID)
+				_, err = p.GetSession(ctx, expected.ID, session.ExpandNothing)
 				assert.NoError(t, err)
 			})
 
 			require.NoError(t, p.DeleteSession(ctx, expected.ID))
-			_, err := p.GetSession(ctx, expected.ID)
+			_, err := p.GetSession(ctx, expected.ID, session.ExpandNothing)
 			assert.ErrorIs(t, err, sqlcon.ErrNoRows)
 		})
 
@@ -223,12 +253,12 @@ func TestPersister(ctx context.Context, conf *config.Config, p interface {
 				err := other.DeleteSessionByToken(ctx, expected.Token)
 				assert.ErrorIs(t, err, sqlcon.ErrNoRows)
 
-				_, err = p.GetSessionByToken(ctx, expected.Token)
+				_, err = p.GetSessionByToken(ctx, expected.Token, session.ExpandNothing)
 				assert.NoError(t, err)
 			})
 
 			require.NoError(t, p.DeleteSessionByToken(ctx, expected.Token))
-			_, err := p.GetSession(ctx, expected.ID)
+			_, err := p.GetSession(ctx, expected.ID, session.ExpandNothing)
 			require.Error(t, err)
 		})
 
@@ -239,7 +269,7 @@ func TestPersister(ctx context.Context, conf *config.Config, p interface {
 			require.NoError(t, p.CreateIdentity(ctx, expected.Identity))
 			require.NoError(t, p.UpsertSession(ctx, &expected))
 
-			actual, err := p.GetSession(ctx, expected.ID)
+			actual, err := p.GetSession(ctx, expected.ID, session.ExpandNothing)
 			require.NoError(t, err)
 			assert.True(t, actual.Active)
 
@@ -248,14 +278,14 @@ func TestPersister(ctx context.Context, conf *config.Config, p interface {
 				err := other.RevokeSessionByToken(ctx, expected.Token)
 				assert.ErrorIs(t, err, sqlcon.ErrNoRows)
 
-				actual, err = p.GetSession(ctx, expected.ID)
+				actual, err = p.GetSession(ctx, expected.ID, session.ExpandNothing)
 				require.NoError(t, err)
 				assert.True(t, actual.Active)
 			})
 
 			require.NoError(t, p.RevokeSessionByToken(ctx, expected.Token))
 
-			actual, err = p.GetSession(ctx, expected.ID)
+			actual, err = p.GetSession(ctx, expected.ID, session.ExpandNothing)
 			require.NoError(t, err)
 			assert.False(t, actual.Active)
 		})
@@ -282,7 +312,7 @@ func TestPersister(ctx context.Context, conf *config.Config, p interface {
 				assert.Equal(t, 0, n)
 
 				for _, s := range sessions {
-					actual, err := p.GetSession(ctx, s.ID)
+					actual, err := p.GetSession(ctx, s.ID, session.ExpandNothing)
 					require.NoError(t, err)
 					assert.True(t, actual.Active)
 				}
@@ -292,7 +322,7 @@ func TestPersister(ctx context.Context, conf *config.Config, p interface {
 			require.NoError(t, err)
 			assert.Equal(t, 1, n)
 
-			actual, err := p.ListSessionsByIdentity(ctx, sessions[0].IdentityID, nil, 1, 10, uuid.Nil)
+			actual, err := p.ListSessionsByIdentity(ctx, sessions[0].IdentityID, nil, 1, 10, uuid.Nil, session.ExpandNothing)
 			require.NoError(t, err)
 			require.Len(t, actual, 2)
 
@@ -305,7 +335,7 @@ func TestPersister(ctx context.Context, conf *config.Config, p interface {
 				assert.False(t, actual[0].Active)
 			}
 
-			otherIdentitiesSessions, err := p.ListSessionsByIdentity(ctx, sessions[2].IdentityID, nil, 1, 10, uuid.Nil)
+			otherIdentitiesSessions, err := p.ListSessionsByIdentity(ctx, sessions[2].IdentityID, nil, 1, 10, uuid.Nil, session.ExpandNothing)
 			require.NoError(t, err)
 			require.Len(t, actual, 2)
 
@@ -331,7 +361,7 @@ func TestPersister(ctx context.Context, conf *config.Config, p interface {
 				require.NoError(t, other.RevokeSession(ctx, sessions[0].IdentityID, sessions[0].ID))
 
 				for _, s := range sessions {
-					actual, err := p.GetSession(ctx, s.ID)
+					actual, err := p.GetSession(ctx, s.ID, session.ExpandNothing)
 					require.NoError(t, err)
 					assert.True(t, actual.Active)
 				}
@@ -339,7 +369,7 @@ func TestPersister(ctx context.Context, conf *config.Config, p interface {
 
 			require.NoError(t, p.RevokeSession(ctx, sessions[0].IdentityID, sessions[0].ID))
 
-			actual, err := p.ListSessionsByIdentity(ctx, sessions[0].IdentityID, nil, 1, 10, uuid.Nil)
+			actual, err := p.ListSessionsByIdentity(ctx, sessions[0].IdentityID, nil, 1, 10, uuid.Nil, session.ExpandNothing)
 			require.NoError(t, err)
 			require.Len(t, actual, 2)
 
@@ -371,14 +401,14 @@ func TestPersister(ctx context.Context, conf *config.Config, p interface {
 				err := other.DeleteSessionsByIdentity(ctx, expected2.IdentityID)
 				assert.ErrorIs(t, err, sqlcon.ErrNoRows)
 
-				_, err = p.GetSession(ctx, expected1.ID)
+				_, err = p.GetSession(ctx, expected1.ID, session.ExpandNothing)
 				require.NoError(t, err)
 			})
 
 			require.NoError(t, p.DeleteSessionsByIdentity(ctx, expected2.IdentityID))
-			_, err := p.GetSession(ctx, expected1.ID)
+			_, err := p.GetSession(ctx, expected1.ID, session.ExpandNothing)
 			require.Error(t, err)
-			_, err = p.GetSession(ctx, expected2.ID)
+			_, err = p.GetSession(ctx, expected2.ID, session.ExpandNothing)
 			require.Error(t, err)
 		})
 
@@ -395,14 +425,14 @@ func TestPersister(ctx context.Context, conf *config.Config, p interface {
 			require.NoError(t, p.GetConnection(ctx).RawQuery("INSERT INTO sessions (id, nid, identity_id, token, expires_at,authenticated_at, created_at, updated_at, logout_token, authentication_methods) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)", sid1, nid1, iid1, t1, time.Now().Add(time.Hour), time.Now(), time.Now(), time.Now(), randx.MustString(32, randx.AlphaNum), "[]").Exec())
 			require.NoError(t, p.GetConnection(ctx).RawQuery("INSERT INTO sessions (id, nid, identity_id, token, expires_at,authenticated_at, created_at, updated_at, logout_token, authentication_methods) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)", sid2, nid2, iid2, t2, time.Now().Add(time.Hour), time.Now(), time.Now(), time.Now(), randx.MustString(32, randx.AlphaNum), "[]").Exec())
 
-			_, err := p.GetSession(ctx, sid1)
+			_, err := p.GetSession(ctx, sid1, session.ExpandEverything)
 			require.NoError(t, err)
-			_, err = p.GetSession(ctx, sid2)
+			_, err = p.GetSession(ctx, sid2, session.ExpandNothing)
 			require.ErrorIs(t, err, sqlcon.ErrNoRows)
 
-			_, err = p.GetSessionByToken(ctx, t1)
+			_, err = p.GetSessionByToken(ctx, t1, session.ExpandNothing)
 			require.NoError(t, err)
-			_, err = p.GetSessionByToken(ctx, t2)
+			_, err = p.GetSessionByToken(ctx, t2, session.ExpandNothing)
 			require.ErrorIs(t, err, sqlcon.ErrNoRows)
 		})
 	}
diff --git a/x/xsql/sql.go b/x/xsql/sql.go
index bea6ac506dc1..c4f2d5634f7b 100644
--- a/x/xsql/sql.go
+++ b/x/xsql/sql.go
@@ -26,6 +26,7 @@ func CleanSQL(t *testing.T, c *pop.Connection) {
 		new(continuity.Container).TableName(ctx),
 		new(courier.Message).TableName(ctx),
 
+		new(session.Device).TableName(ctx),
 		new(session.Session).TableName(ctx),
 		new(login.Flow).TableName(ctx),
 		new(registration.Flow).TableName(ctx),

From f040c9dd5e147374609717f7684c44cde9ed9d4f Mon Sep 17 00:00:00 2001
From: ory-bot <60093411+ory-bot@users.noreply.github.com>
Date: Tue, 4 Oct 2022 15:50:32 +0000
Subject: [PATCH 286/411] autogen(openapi): regenerate swagger spec and
 internal client

[skip ci]
---
 internal/httpclient/api/openapi.yaml        |  53 +++++++++-
 internal/httpclient/docs/Session.md         |  26 +++++
 internal/httpclient/docs/SessionDevice.md   |  77 +++++++++++++-
 internal/httpclient/model_session.go        |  37 +++++++
 internal/httpclient/model_session_device.go | 110 +++++++++++++++++++-
 spec/api.json                               |  26 ++++-
 spec/swagger.json                           |  26 ++++-
 7 files changed, 347 insertions(+), 8 deletions(-)

diff --git a/internal/httpclient/api/openapi.yaml b/internal/httpclient/api/openapi.yaml
index 8a0aac89e787..21047826b47a 100644
--- a/internal/httpclient/api/openapi.yaml
+++ b/internal/httpclient/api/openapi.yaml
@@ -4554,6 +4554,15 @@ components:
       description: A Session
       example:
         expires_at: 2000-01-23T04:56:07.000+00:00
+        devices:
+        - location: location
+          id: 046b6c7f-0b8a-43b9-b35d-6489e6daee91
+          ip_address: ip_address
+          user_agent: user_agent
+        - location: location
+          id: 046b6c7f-0b8a-43b9-b35d-6489e6daee91
+          ip_address: ip_address
+          user_agent: user_agent
         authentication_methods:
         - completed_at: 2000-01-23T04:56:07.000+00:00
           method: link_recovery
@@ -4631,6 +4640,12 @@ components:
           type: array
         authenticator_assurance_level:
           $ref: '#/components/schemas/authenticatorAssuranceLevel'
+        devices:
+          description: Devices has history of all endpoints where the session was
+            used
+          items:
+            $ref: '#/components/schemas/sessionDevice'
+          type: array
         expires_at:
           description: |-
             The Session Expiry
@@ -4687,10 +4702,28 @@ components:
       title: List of (Used) AuthenticationMethods
       type: array
     sessionDevice:
+      description: Device corresponding to a Session
+      example:
+        location: location
+        id: 046b6c7f-0b8a-43b9-b35d-6489e6daee91
+        ip_address: ip_address
+        user_agent: user_agent
       properties:
+        id:
+          description: Device record ID
+          format: uuid
+          type: string
+        ip_address:
+          description: IPAddress of the client
+          type: string
+        location:
+          description: Geo Location corresponding to the IP Address
+          type: string
         user_agent:
-          description: UserAgent of this device
+          description: UserAgent of the client
           type: string
+      required:
+      - id
       type: object
     sessionList:
       items:
@@ -5219,6 +5252,15 @@ components:
         session_token: session_token
         session:
           expires_at: 2000-01-23T04:56:07.000+00:00
+          devices:
+          - location: location
+            id: 046b6c7f-0b8a-43b9-b35d-6489e6daee91
+            ip_address: ip_address
+            user_agent: user_agent
+          - location: location
+            id: 046b6c7f-0b8a-43b9-b35d-6489e6daee91
+            ip_address: ip_address
+            user_agent: user_agent
           authentication_methods:
           - completed_at: 2000-01-23T04:56:07.000+00:00
             method: link_recovery
@@ -5345,6 +5387,15 @@ components:
           metadata_public: ""
         session:
           expires_at: 2000-01-23T04:56:07.000+00:00
+          devices:
+          - location: location
+            id: 046b6c7f-0b8a-43b9-b35d-6489e6daee91
+            ip_address: ip_address
+            user_agent: user_agent
+          - location: location
+            id: 046b6c7f-0b8a-43b9-b35d-6489e6daee91
+            ip_address: ip_address
+            user_agent: user_agent
           authentication_methods:
           - completed_at: 2000-01-23T04:56:07.000+00:00
             method: link_recovery
diff --git a/internal/httpclient/docs/Session.md b/internal/httpclient/docs/Session.md
index 3d47e8c490e4..eb7c1c7eb667 100644
--- a/internal/httpclient/docs/Session.md
+++ b/internal/httpclient/docs/Session.md
@@ -8,6 +8,7 @@ Name | Type | Description | Notes
 **AuthenticatedAt** | Pointer to **time.Time** | The Session Authentication Timestamp  When this session was authenticated at. If multi-factor authentication was used this is the time when the last factor was authenticated (e.g. the TOTP code challenge was completed). | [optional] 
 **AuthenticationMethods** | Pointer to [**[]SessionAuthenticationMethod**](SessionAuthenticationMethod.md) | A list of authenticators which were used to authenticate the session. | [optional] 
 **AuthenticatorAssuranceLevel** | Pointer to [**AuthenticatorAssuranceLevel**](AuthenticatorAssuranceLevel.md) |  | [optional] 
+**Devices** | Pointer to [**[]SessionDevice**](SessionDevice.md) | Devices has history of all endpoints where the session was used | [optional] 
 **ExpiresAt** | Pointer to **time.Time** | The Session Expiry  When this session expires at. | [optional] 
 **Id** | **string** | Session ID | 
 **Identity** | [**Identity**](Identity.md) |  | 
@@ -132,6 +133,31 @@ SetAuthenticatorAssuranceLevel sets AuthenticatorAssuranceLevel field to given v
 
 HasAuthenticatorAssuranceLevel returns a boolean if a field has been set.
 
+### GetDevices
+
+`func (o *Session) GetDevices() []SessionDevice`
+
+GetDevices returns the Devices field if non-nil, zero value otherwise.
+
+### GetDevicesOk
+
+`func (o *Session) GetDevicesOk() (*[]SessionDevice, bool)`
+
+GetDevicesOk returns a tuple with the Devices field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetDevices
+
+`func (o *Session) SetDevices(v []SessionDevice)`
+
+SetDevices sets Devices field to given value.
+
+### HasDevices
+
+`func (o *Session) HasDevices() bool`
+
+HasDevices returns a boolean if a field has been set.
+
 ### GetExpiresAt
 
 `func (o *Session) GetExpiresAt() time.Time`
diff --git a/internal/httpclient/docs/SessionDevice.md b/internal/httpclient/docs/SessionDevice.md
index 3d8840d4938d..a7fba82a6e14 100644
--- a/internal/httpclient/docs/SessionDevice.md
+++ b/internal/httpclient/docs/SessionDevice.md
@@ -4,13 +4,16 @@
 
 Name | Type | Description | Notes
 ------------ | ------------- | ------------- | -------------
-**UserAgent** | Pointer to **string** | UserAgent of this device | [optional] 
+**Id** | **string** | Device record ID | 
+**IpAddress** | Pointer to **string** | IPAddress of the client | [optional] 
+**Location** | Pointer to **string** | Geo Location corresponding to the IP Address | [optional] 
+**UserAgent** | Pointer to **string** | UserAgent of the client | [optional] 
 
 ## Methods
 
 ### NewSessionDevice
 
-`func NewSessionDevice() *SessionDevice`
+`func NewSessionDevice(id string, ) *SessionDevice`
 
 NewSessionDevice instantiates a new SessionDevice object
 This constructor will assign default values to properties that have it defined,
@@ -25,6 +28,76 @@ NewSessionDeviceWithDefaults instantiates a new SessionDevice object
 This constructor will only assign default values to properties that have it defined,
 but it doesn't guarantee that properties required by API are set
 
+### GetId
+
+`func (o *SessionDevice) GetId() string`
+
+GetId returns the Id field if non-nil, zero value otherwise.
+
+### GetIdOk
+
+`func (o *SessionDevice) GetIdOk() (*string, bool)`
+
+GetIdOk returns a tuple with the Id field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetId
+
+`func (o *SessionDevice) SetId(v string)`
+
+SetId sets Id field to given value.
+
+
+### GetIpAddress
+
+`func (o *SessionDevice) GetIpAddress() string`
+
+GetIpAddress returns the IpAddress field if non-nil, zero value otherwise.
+
+### GetIpAddressOk
+
+`func (o *SessionDevice) GetIpAddressOk() (*string, bool)`
+
+GetIpAddressOk returns a tuple with the IpAddress field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetIpAddress
+
+`func (o *SessionDevice) SetIpAddress(v string)`
+
+SetIpAddress sets IpAddress field to given value.
+
+### HasIpAddress
+
+`func (o *SessionDevice) HasIpAddress() bool`
+
+HasIpAddress returns a boolean if a field has been set.
+
+### GetLocation
+
+`func (o *SessionDevice) GetLocation() string`
+
+GetLocation returns the Location field if non-nil, zero value otherwise.
+
+### GetLocationOk
+
+`func (o *SessionDevice) GetLocationOk() (*string, bool)`
+
+GetLocationOk returns a tuple with the Location field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetLocation
+
+`func (o *SessionDevice) SetLocation(v string)`
+
+SetLocation sets Location field to given value.
+
+### HasLocation
+
+`func (o *SessionDevice) HasLocation() bool`
+
+HasLocation returns a boolean if a field has been set.
+
 ### GetUserAgent
 
 `func (o *SessionDevice) GetUserAgent() string`
diff --git a/internal/httpclient/model_session.go b/internal/httpclient/model_session.go
index cbf8ac2bc7ad..d81c11c20a94 100644
--- a/internal/httpclient/model_session.go
+++ b/internal/httpclient/model_session.go
@@ -25,6 +25,8 @@ type Session struct {
 	// A list of authenticators which were used to authenticate the session.
 	AuthenticationMethods       []SessionAuthenticationMethod `json:"authentication_methods,omitempty"`
 	AuthenticatorAssuranceLevel *AuthenticatorAssuranceLevel  `json:"authenticator_assurance_level,omitempty"`
+	// Devices has history of all endpoints where the session was used
+	Devices []SessionDevice `json:"devices,omitempty"`
 	// The Session Expiry  When this session expires at.
 	ExpiresAt *time.Time `json:"expires_at,omitempty"`
 	// Session ID
@@ -181,6 +183,38 @@ func (o *Session) SetAuthenticatorAssuranceLevel(v AuthenticatorAssuranceLevel)
 	o.AuthenticatorAssuranceLevel = &v
 }
 
+// GetDevices returns the Devices field value if set, zero value otherwise.
+func (o *Session) GetDevices() []SessionDevice {
+	if o == nil || o.Devices == nil {
+		var ret []SessionDevice
+		return ret
+	}
+	return o.Devices
+}
+
+// GetDevicesOk returns a tuple with the Devices field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *Session) GetDevicesOk() ([]SessionDevice, bool) {
+	if o == nil || o.Devices == nil {
+		return nil, false
+	}
+	return o.Devices, true
+}
+
+// HasDevices returns a boolean if a field has been set.
+func (o *Session) HasDevices() bool {
+	if o != nil && o.Devices != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetDevices gets a reference to the given []SessionDevice and assigns it to the Devices field.
+func (o *Session) SetDevices(v []SessionDevice) {
+	o.Devices = v
+}
+
 // GetExpiresAt returns the ExpiresAt field value if set, zero value otherwise.
 func (o *Session) GetExpiresAt() time.Time {
 	if o == nil || o.ExpiresAt == nil {
@@ -307,6 +341,9 @@ func (o Session) MarshalJSON() ([]byte, error) {
 	if o.AuthenticatorAssuranceLevel != nil {
 		toSerialize["authenticator_assurance_level"] = o.AuthenticatorAssuranceLevel
 	}
+	if o.Devices != nil {
+		toSerialize["devices"] = o.Devices
+	}
 	if o.ExpiresAt != nil {
 		toSerialize["expires_at"] = o.ExpiresAt
 	}
diff --git a/internal/httpclient/model_session_device.go b/internal/httpclient/model_session_device.go
index faf33bd2fb4b..8f07fedd7806 100644
--- a/internal/httpclient/model_session_device.go
+++ b/internal/httpclient/model_session_device.go
@@ -15,9 +15,15 @@ import (
 	"encoding/json"
 )
 
-// SessionDevice struct for SessionDevice
+// SessionDevice Device corresponding to a Session
 type SessionDevice struct {
-	// UserAgent of this device
+	// Device record ID
+	Id string `json:"id"`
+	// IPAddress of the client
+	IpAddress *string `json:"ip_address,omitempty"`
+	// Geo Location corresponding to the IP Address
+	Location *string `json:"location,omitempty"`
+	// UserAgent of the client
 	UserAgent *string `json:"user_agent,omitempty"`
 }
 
@@ -25,8 +31,9 @@ type SessionDevice struct {
 // This constructor will assign default values to properties that have it defined,
 // and makes sure properties required by API are set, but the set of arguments
 // will change when the set of required properties is changed
-func NewSessionDevice() *SessionDevice {
+func NewSessionDevice(id string) *SessionDevice {
 	this := SessionDevice{}
+	this.Id = id
 	return &this
 }
 
@@ -38,6 +45,94 @@ func NewSessionDeviceWithDefaults() *SessionDevice {
 	return &this
 }
 
+// GetId returns the Id field value
+func (o *SessionDevice) GetId() string {
+	if o == nil {
+		var ret string
+		return ret
+	}
+
+	return o.Id
+}
+
+// GetIdOk returns a tuple with the Id field value
+// and a boolean to check if the value has been set.
+func (o *SessionDevice) GetIdOk() (*string, bool) {
+	if o == nil {
+		return nil, false
+	}
+	return &o.Id, true
+}
+
+// SetId sets field value
+func (o *SessionDevice) SetId(v string) {
+	o.Id = v
+}
+
+// GetIpAddress returns the IpAddress field value if set, zero value otherwise.
+func (o *SessionDevice) GetIpAddress() string {
+	if o == nil || o.IpAddress == nil {
+		var ret string
+		return ret
+	}
+	return *o.IpAddress
+}
+
+// GetIpAddressOk returns a tuple with the IpAddress field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *SessionDevice) GetIpAddressOk() (*string, bool) {
+	if o == nil || o.IpAddress == nil {
+		return nil, false
+	}
+	return o.IpAddress, true
+}
+
+// HasIpAddress returns a boolean if a field has been set.
+func (o *SessionDevice) HasIpAddress() bool {
+	if o != nil && o.IpAddress != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetIpAddress gets a reference to the given string and assigns it to the IpAddress field.
+func (o *SessionDevice) SetIpAddress(v string) {
+	o.IpAddress = &v
+}
+
+// GetLocation returns the Location field value if set, zero value otherwise.
+func (o *SessionDevice) GetLocation() string {
+	if o == nil || o.Location == nil {
+		var ret string
+		return ret
+	}
+	return *o.Location
+}
+
+// GetLocationOk returns a tuple with the Location field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *SessionDevice) GetLocationOk() (*string, bool) {
+	if o == nil || o.Location == nil {
+		return nil, false
+	}
+	return o.Location, true
+}
+
+// HasLocation returns a boolean if a field has been set.
+func (o *SessionDevice) HasLocation() bool {
+	if o != nil && o.Location != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetLocation gets a reference to the given string and assigns it to the Location field.
+func (o *SessionDevice) SetLocation(v string) {
+	o.Location = &v
+}
+
 // GetUserAgent returns the UserAgent field value if set, zero value otherwise.
 func (o *SessionDevice) GetUserAgent() string {
 	if o == nil || o.UserAgent == nil {
@@ -72,6 +167,15 @@ func (o *SessionDevice) SetUserAgent(v string) {
 
 func (o SessionDevice) MarshalJSON() ([]byte, error) {
 	toSerialize := map[string]interface{}{}
+	if true {
+		toSerialize["id"] = o.Id
+	}
+	if o.IpAddress != nil {
+		toSerialize["ip_address"] = o.IpAddress
+	}
+	if o.Location != nil {
+		toSerialize["location"] = o.Location
+	}
 	if o.UserAgent != nil {
 		toSerialize["user_agent"] = o.UserAgent
 	}
diff --git a/spec/api.json b/spec/api.json
index 4c2715777f82..6622fe7eec42 100755
--- a/spec/api.json
+++ b/spec/api.json
@@ -1264,6 +1264,13 @@
           "authenticator_assurance_level": {
             "$ref": "#/components/schemas/authenticatorAssuranceLevel"
           },
+          "devices": {
+            "description": "Devices has history of all endpoints where the session was used",
+            "items": {
+              "$ref": "#/components/schemas/sessionDevice"
+            },
+            "type": "array"
+          },
           "expires_at": {
             "description": "The Session Expiry\n\nWhen this session expires at.",
             "format": "date-time",
@@ -1326,12 +1333,29 @@
         "type": "array"
       },
       "sessionDevice": {
+        "description": "Device corresponding to a Session",
         "properties": {
+          "id": {
+            "description": "Device record ID",
+            "format": "uuid",
+            "type": "string"
+          },
+          "ip_address": {
+            "description": "IPAddress of the client",
+            "type": "string"
+          },
+          "location": {
+            "description": "Geo Location corresponding to the IP Address",
+            "type": "string"
+          },
           "user_agent": {
-            "description": "UserAgent of this device",
+            "description": "UserAgent of the client",
             "type": "string"
           }
         },
+        "required": [
+          "id"
+        ],
         "type": "object"
       },
       "sessionList": {
diff --git a/spec/swagger.json b/spec/swagger.json
index 480a2afa8d09..ef39bba5fcd6 100755
--- a/spec/swagger.json
+++ b/spec/swagger.json
@@ -3761,6 +3761,13 @@
         "authenticator_assurance_level": {
           "$ref": "#/definitions/authenticatorAssuranceLevel"
         },
+        "devices": {
+          "description": "Devices has history of all endpoints where the session was used",
+          "type": "array",
+          "items": {
+            "$ref": "#/definitions/sessionDevice"
+          }
+        },
         "expires_at": {
           "description": "The Session Expiry\n\nWhen this session expires at.",
           "type": "string",
@@ -3808,10 +3815,27 @@
       }
     },
     "sessionDevice": {
+      "description": "Device corresponding to a Session",
       "type": "object",
+      "required": [
+        "id"
+      ],
       "properties": {
+        "id": {
+          "description": "Device record ID",
+          "type": "string",
+          "format": "uuid"
+        },
+        "ip_address": {
+          "description": "IPAddress of the client",
+          "type": "string"
+        },
+        "location": {
+          "description": "Geo Location corresponding to the IP Address",
+          "type": "string"
+        },
         "user_agent": {
-          "description": "UserAgent of this device",
+          "description": "UserAgent of the client",
           "type": "string"
         }
       }

From 5af2c0ac34e4ec3db3fa4da0a8c4ee2250659250 Mon Sep 17 00:00:00 2001
From: aeneasr <3372410+aeneasr@users.noreply.github.com>
Date: Tue, 4 Oct 2022 18:04:58 +0200
Subject: [PATCH 287/411] chore: update x/sys for M1

---
 test/e2e/mock/webhook/go.mod | 2 +-
 test/e2e/mock/webhook/go.sum | 2 ++
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/test/e2e/mock/webhook/go.mod b/test/e2e/mock/webhook/go.mod
index caa97834c392..fb09fb3b0c0d 100644
--- a/test/e2e/mock/webhook/go.mod
+++ b/test/e2e/mock/webhook/go.mod
@@ -4,4 +4,4 @@ go 1.17
 
 require github.com/sirupsen/logrus v1.8.1
 
-require golang.org/x/sys v0.0.0-20191026070338-33540a1f6037 // indirect
+require golang.org/x/sys v0.0.0-20220928140112-f11e5e49a4ec // indirect
diff --git a/test/e2e/mock/webhook/go.sum b/test/e2e/mock/webhook/go.sum
index 59bd790e9378..e220394fc0c8 100644
--- a/test/e2e/mock/webhook/go.sum
+++ b/test/e2e/mock/webhook/go.sum
@@ -8,3 +8,5 @@ github.com/stretchr/testify v1.2.2 h1:bSDNvY7ZPG5RlJ8otE/7V6gMiyenm9RtJ7IUVIAoJ1
 github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
 golang.org/x/sys v0.0.0-20191026070338-33540a1f6037 h1:YyJpGZS1sBuBCzLAR1VEpK193GlqGZbnPFnPV/5Rsb4=
 golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20220928140112-f11e5e49a4ec h1:BkDtF2Ih9xZ7le9ndzTA7KJow28VbQW3odyk/8drmuI=
+golang.org/x/sys v0.0.0-20220928140112-f11e5e49a4ec/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=

From 1da0cf62b3f0ed8a81bca22123474baa7cf6de65 Mon Sep 17 00:00:00 2001
From: Nichlas Lendal <62498670+pr1ze@users.noreply.github.com>
Date: Wed, 5 Oct 2022 07:58:05 +0200
Subject: [PATCH 288/411] feat: parse all id token claims into raw_claims
 (#2765)

All ID Token claims resulting from the Social Sign In flow are now available in `raw_claims` and can be used in the Social Sign In JsonNet Mapper.

Closes #2528
---
 selfservice/strategy/oidc/provider.go         | 47 ++++++++++---------
 .../strategy/oidc/provider_generic_oidc.go    |  6 +++
 .../strategy/oidc/strategy_helper_test.go     | 29 +++++++++++-
 selfservice/strategy/oidc/strategy_test.go    |  2 +
 .../strategy/oidc/stub/oidc.hydra.jsonnet     |  1 +
 .../oidc/stub/registration.schema.json        |  6 +++
 6 files changed, 66 insertions(+), 25 deletions(-)

diff --git a/selfservice/strategy/oidc/provider.go b/selfservice/strategy/oidc/provider.go
index 5804fd7a9a70..99282893a3a2 100644
--- a/selfservice/strategy/oidc/provider.go
+++ b/selfservice/strategy/oidc/provider.go
@@ -22,27 +22,28 @@ type TokenExchanger interface {
 
 // ConvertibleBoolean is used as Apple casually sends the email_verified field as a string.
 type Claims struct {
-	Issuer              string               `json:"iss,omitempty"`
-	Subject             string               `json:"sub,omitempty"`
-	Name                string               `json:"name,omitempty"`
-	GivenName           string               `json:"given_name,omitempty"`
-	FamilyName          string               `json:"family_name,omitempty"`
-	LastName            string               `json:"last_name,omitempty"`
-	MiddleName          string               `json:"middle_name,omitempty"`
-	Nickname            string               `json:"nickname,omitempty"`
-	PreferredUsername   string               `json:"preferred_username,omitempty"`
-	Profile             string               `json:"profile,omitempty"`
-	Picture             string               `json:"picture,omitempty"`
-	Website             string               `json:"website,omitempty"`
-	Email               string               `json:"email,omitempty"`
-	EmailVerified       x.ConvertibleBoolean `json:"email_verified,omitempty"`
-	Gender              string               `json:"gender,omitempty"`
-	Birthdate           string               `json:"birthdate,omitempty"`
-	Zoneinfo            string               `json:"zoneinfo,omitempty"`
-	Locale              string               `json:"locale,omitempty"`
-	PhoneNumber         string               `json:"phone_number,omitempty"`
-	PhoneNumberVerified bool                 `json:"phone_number_verified,omitempty"`
-	UpdatedAt           int64                `json:"updated_at,omitempty"`
-	HD                  string               `json:"hd,omitempty"`
-	Team                string               `json:"team,omitempty"`
+	Issuer              string                 `json:"iss,omitempty"`
+	Subject             string                 `json:"sub,omitempty"`
+	Name                string                 `json:"name,omitempty"`
+	GivenName           string                 `json:"given_name,omitempty"`
+	FamilyName          string                 `json:"family_name,omitempty"`
+	LastName            string                 `json:"last_name,omitempty"`
+	MiddleName          string                 `json:"middle_name,omitempty"`
+	Nickname            string                 `json:"nickname,omitempty"`
+	PreferredUsername   string                 `json:"preferred_username,omitempty"`
+	Profile             string                 `json:"profile,omitempty"`
+	Picture             string                 `json:"picture,omitempty"`
+	Website             string                 `json:"website,omitempty"`
+	Email               string                 `json:"email,omitempty"`
+	EmailVerified       x.ConvertibleBoolean   `json:"email_verified,omitempty"`
+	Gender              string                 `json:"gender,omitempty"`
+	Birthdate           string                 `json:"birthdate,omitempty"`
+	Zoneinfo            string                 `json:"zoneinfo,omitempty"`
+	Locale              string                 `json:"locale,omitempty"`
+	PhoneNumber         string                 `json:"phone_number,omitempty"`
+	PhoneNumberVerified bool                   `json:"phone_number_verified,omitempty"`
+	UpdatedAt           int64                  `json:"updated_at,omitempty"`
+	HD                  string                 `json:"hd,omitempty"`
+	Team                string                 `json:"team,omitempty"`
+	RawClaims           map[string]interface{} `json:"raw_claims,omitempty"`
 }
diff --git a/selfservice/strategy/oidc/provider_generic_oidc.go b/selfservice/strategy/oidc/provider_generic_oidc.go
index 9548eb488773..983e6031c504 100644
--- a/selfservice/strategy/oidc/provider_generic_oidc.go
+++ b/selfservice/strategy/oidc/provider_generic_oidc.go
@@ -95,6 +95,12 @@ func (g *ProviderGenericOIDC) verifyAndDecodeClaimsWithProvider(ctx context.Cont
 		return nil, errors.WithStack(herodot.ErrBadRequest.WithReasonf("%s", err))
 	}
 
+	var rawClaims map[string]interface{}
+	if err := token.Claims(&rawClaims); err != nil {
+		return nil, errors.WithStack(herodot.ErrBadRequest.WithReasonf("%s", err))
+	}
+	claims.RawClaims = rawClaims
+
 	return &claims, nil
 }
 
diff --git a/selfservice/strategy/oidc/strategy_helper_test.go b/selfservice/strategy/oidc/strategy_helper_test.go
index 6c061c2a5196..2f072cd96d64 100644
--- a/selfservice/strategy/oidc/strategy_helper_test.go
+++ b/selfservice/strategy/oidc/strategy_helper_test.go
@@ -37,6 +37,7 @@ import (
 type idTokenClaims struct {
 	traits struct {
 		website string
+		groups  []string
 	}
 	metadataPublic struct {
 		picture string
@@ -46,6 +47,29 @@ type idTokenClaims struct {
 	}
 }
 
+func (token *idTokenClaims) MarshalJSON() ([]byte, error) {
+	return json.Marshal(struct {
+		IdToken struct {
+			Website     string   `json:"website,omitempty"`
+			Groups      []string `json:"groups,omitempty"`
+			Picture     string   `json:"picture,omitempty"`
+			PhoneNumber string   `json:"phone_number,omitempty"`
+		} `json:"id_token"`
+	}{
+		IdToken: struct {
+			Website     string   `json:"website,omitempty"`
+			Groups      []string `json:"groups,omitempty"`
+			Picture     string   `json:"picture,omitempty"`
+			PhoneNumber string   `json:"phone_number,omitempty"`
+		}{
+			Website:     token.traits.website,
+			Groups:      token.traits.groups,
+			Picture:     token.metadataPublic.picture,
+			PhoneNumber: token.metadataAdmin.phoneNumber,
+		},
+	})
+}
+
 func createClient(t *testing.T, remote string, redir, id string) {
 	require.NoError(t, resilience.Retry(logrusx.New("", ""), time.Second*10, time.Minute*2, func() error {
 		if req, err := http.NewRequest("DELETE", remote+"/clients/"+id, nil); err != nil {
@@ -137,8 +161,9 @@ func newHydraIntegration(t *testing.T, remote *string, subject *string, claims *
 		require.NotEmpty(t, challenge)
 
 		var b bytes.Buffer
-		var msg = `{"id_token":{"website":"` + claims.traits.website + `","picture":"` + *&claims.metadataPublic.picture + `","phone_number":"` + *&claims.metadataAdmin.phoneNumber + `"}}`
-		require.NoError(t, json.NewEncoder(&b).Encode(&p{GrantScope: *scope, Session: json.RawMessage(msg)}))
+		msg, err := json.Marshal(claims)
+		require.NoError(t, err)
+		require.NoError(t, json.NewEncoder(&b).Encode(&p{GrantScope: *scope, Session: msg}))
 		href := urlx.MustJoin(*remote, "/oauth2/auth/requests/consent/accept") + "?consent_challenge=" + challenge
 		do(w, r, href, &b)
 	})
diff --git a/selfservice/strategy/oidc/strategy_test.go b/selfservice/strategy/oidc/strategy_test.go
index 9e4b896e2a1b..91a08f00a42c 100644
--- a/selfservice/strategy/oidc/strategy_test.go
+++ b/selfservice/strategy/oidc/strategy_test.go
@@ -452,6 +452,7 @@ func TestStrategy(t *testing.T) {
 		scope = []string{"openid"}
 		claims = idTokenClaims{}
 		claims.traits.website = "https://www.ory.sh/kratos"
+		claims.traits.groups = []string{"group1", "group2"}
 		claims.metadataPublic.picture = "picture.png"
 		claims.metadataAdmin.phoneNumber = "911"
 
@@ -474,6 +475,7 @@ func TestStrategy(t *testing.T) {
 			ai(t, res, body)
 			assert.Equal(t, "https://www.ory.sh/kratos", gjson.GetBytes(body, "identity.traits.website").String(), "%s", body)
 			assert.Equal(t, "valid-name", gjson.GetBytes(body, "identity.traits.name").String(), "%s", body)
+			assert.Equal(t, "[\"group1\",\"group2\"]", gjson.GetBytes(body, "identity.traits.groups").String(), "%s", body)
 		})
 	})
 
diff --git a/selfservice/strategy/oidc/stub/oidc.hydra.jsonnet b/selfservice/strategy/oidc/stub/oidc.hydra.jsonnet
index fddb99eae77a..c36630e1e334 100644
--- a/selfservice/strategy/oidc/stub/oidc.hydra.jsonnet
+++ b/selfservice/strategy/oidc/stub/oidc.hydra.jsonnet
@@ -8,6 +8,7 @@ else
       traits: {
         subject: claims.sub,
         [if "website" in claims then "website" else null]: claims.website,
+        [if "groups" in claims.raw_claims then "groups" else null]: claims.raw_claims.groups,
       },
       metadata_public: {
         [if "picture" in claims then "picture" else null]: claims.picture,
diff --git a/selfservice/strategy/oidc/stub/registration.schema.json b/selfservice/strategy/oidc/stub/registration.schema.json
index f97ef53f501e..5d623ed87b90 100644
--- a/selfservice/strategy/oidc/stub/registration.schema.json
+++ b/selfservice/strategy/oidc/stub/registration.schema.json
@@ -25,6 +25,12 @@
         "website": {
           "type": "string",
           "format": "uri"
+        },
+        "groups": {
+          "type": "array",
+          "items": {
+            "type": "string"
+          }
         }
       },
       "required": [

From 0cbfe410c50cfe551693683881b4145d115c1aa3 Mon Sep 17 00:00:00 2001
From: hackerman <3372410+aeneasr@users.noreply.github.com>
Date: Wed, 5 Oct 2022 08:22:29 +0200
Subject: [PATCH 289/411] fix: proper annotation for patch (#2784)

---
 identity/handler.go | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/identity/handler.go b/identity/handler.go
index 1ce8aae4a723..6cca18e574d3 100644
--- a/identity/handler.go
+++ b/identity/handler.go
@@ -560,6 +560,8 @@ type adminPatchIdentity struct {
 
 // swagger:route PATCH /admin/identities/{id} v0alpha2 adminPatchIdentity
 //
+// # Patch an Identity
+//
 // Partially updates an Identity's field using [JSON Patch](https://jsonpatch.com/)
 //
 // NOTE: The fields `id`, `stateChangedAt` and `credentials` are not updateable.

From bd4af9ab9f872b5dacf6e7abaf2cad5ffc83ddd6 Mon Sep 17 00:00:00 2001
From: ory-bot <60093411+ory-bot@users.noreply.github.com>
Date: Wed, 5 Oct 2022 06:24:45 +0000
Subject: [PATCH 290/411] autogen(openapi): regenerate swagger spec and
 internal client

[skip ci]
---
 internal/httpclient/README.md           |  2 +-
 internal/httpclient/api/openapi.yaml    |  4 +++-
 internal/httpclient/api_v0alpha2.go     | 12 ++++++++----
 internal/httpclient/docs/V0alpha2Api.md |  4 ++--
 spec/api.json                           |  4 ++--
 spec/swagger.json                       |  4 ++--
 6 files changed, 18 insertions(+), 12 deletions(-)

diff --git a/internal/httpclient/README.md b/internal/httpclient/README.md
index 1ff33d03f07c..9cd44b046d24 100644
--- a/internal/httpclient/README.md
+++ b/internal/httpclient/README.md
@@ -95,7 +95,7 @@ Class | Method | HTTP request | Description
 *V0alpha2Api* | [**AdminListCourierMessages**](docs/V0alpha2Api.md#adminlistcouriermessages) | **Get** /admin/courier/messages | List Messages
 *V0alpha2Api* | [**AdminListIdentities**](docs/V0alpha2Api.md#adminlistidentities) | **Get** /admin/identities | List Identities
 *V0alpha2Api* | [**AdminListIdentitySessions**](docs/V0alpha2Api.md#adminlistidentitysessions) | **Get** /admin/identities/{id}/sessions | This endpoint returns all sessions that belong to the given Identity.
-*V0alpha2Api* | [**AdminPatchIdentity**](docs/V0alpha2Api.md#adminpatchidentity) | **Patch** /admin/identities/{id} | Partially updates an Identity's field using [JSON Patch](https://jsonpatch.com/)
+*V0alpha2Api* | [**AdminPatchIdentity**](docs/V0alpha2Api.md#adminpatchidentity) | **Patch** /admin/identities/{id} | Patch an Identity
 *V0alpha2Api* | [**AdminUpdateIdentity**](docs/V0alpha2Api.md#adminupdateidentity) | **Put** /admin/identities/{id} | Update an Identity
 *V0alpha2Api* | [**CreateSelfServiceLogoutFlowUrlForBrowsers**](docs/V0alpha2Api.md#createselfservicelogoutflowurlforbrowsers) | **Get** /self-service/logout/browser | Create a Logout URL for Browsers
 *V0alpha2Api* | [**GetIdentitySchema**](docs/V0alpha2Api.md#getidentityschema) | **Get** /schemas/{id} | 
diff --git a/internal/httpclient/api/openapi.yaml b/internal/httpclient/api/openapi.yaml
index 21047826b47a..bded33640091 100644
--- a/internal/httpclient/api/openapi.yaml
+++ b/internal/httpclient/api/openapi.yaml
@@ -306,6 +306,8 @@ paths:
       - v0alpha2
     patch:
       description: |-
+        Partially updates an Identity's field using [JSON Patch](https://jsonpatch.com/)
+
         NOTE: The fields `id`, `stateChangedAt` and `credentials` are not updateable.
 
         Learn how identities work in [Ory Kratos' User And Identity Model Documentation](https://www.ory.sh/docs/next/kratos/concepts/identity-user-model).
@@ -358,7 +360,7 @@ paths:
           description: jsonError
       security:
       - oryAccessToken: []
-      summary: Partially updates an Identity's field using [JSON Patch](https://jsonpatch.com/)
+      summary: Patch an Identity
       tags:
       - v0alpha2
     put:
diff --git a/internal/httpclient/api_v0alpha2.go b/internal/httpclient/api_v0alpha2.go
index 1c1dc81a93f1..983834306116 100644
--- a/internal/httpclient/api_v0alpha2.go
+++ b/internal/httpclient/api_v0alpha2.go
@@ -169,8 +169,10 @@ type V0alpha2Api interface {
 	AdminListIdentitySessionsExecute(r V0alpha2ApiApiAdminListIdentitySessionsRequest) ([]Session, *http.Response, error)
 
 	/*
-			 * AdminPatchIdentity Partially updates an Identity's field using [JSON Patch](https://jsonpatch.com/)
-			 * NOTE: The fields `id`, `stateChangedAt` and `credentials` are not updateable.
+			 * AdminPatchIdentity Patch an Identity
+			 * Partially updates an Identity's field using [JSON Patch](https://jsonpatch.com/)
+
+		NOTE: The fields `id`, `stateChangedAt` and `credentials` are not updateable.
 
 		Learn how identities work in [Ory Kratos' User And Identity Model Documentation](https://www.ory.sh/docs/next/kratos/concepts/identity-user-model).
 			 * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
@@ -2498,8 +2500,10 @@ func (r V0alpha2ApiApiAdminPatchIdentityRequest) Execute() (*Identity, *http.Res
 }
 
 /*
-  - AdminPatchIdentity Partially updates an Identity's field using [JSON Patch](https://jsonpatch.com/)
-  - NOTE: The fields `id`, `stateChangedAt` and `credentials` are not updateable.
+  - AdminPatchIdentity Patch an Identity
+  - Partially updates an Identity's field using [JSON Patch](https://jsonpatch.com/)
+
+NOTE: The fields `id`, `stateChangedAt` and `credentials` are not updateable.
 
 Learn how identities work in [Ory Kratos' User And Identity Model Documentation](https://www.ory.sh/docs/next/kratos/concepts/identity-user-model).
   - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
diff --git a/internal/httpclient/docs/V0alpha2Api.md b/internal/httpclient/docs/V0alpha2Api.md
index 52ccd5b4d10f..5303d296ecf5 100644
--- a/internal/httpclient/docs/V0alpha2Api.md
+++ b/internal/httpclient/docs/V0alpha2Api.md
@@ -13,7 +13,7 @@ Method | HTTP request | Description
 [**AdminListCourierMessages**](V0alpha2Api.md#AdminListCourierMessages) | **Get** /admin/courier/messages | List Messages
 [**AdminListIdentities**](V0alpha2Api.md#AdminListIdentities) | **Get** /admin/identities | List Identities
 [**AdminListIdentitySessions**](V0alpha2Api.md#AdminListIdentitySessions) | **Get** /admin/identities/{id}/sessions | This endpoint returns all sessions that belong to the given Identity.
-[**AdminPatchIdentity**](V0alpha2Api.md#AdminPatchIdentity) | **Patch** /admin/identities/{id} | Partially updates an Identity's field using [JSON Patch](https://jsonpatch.com/)
+[**AdminPatchIdentity**](V0alpha2Api.md#AdminPatchIdentity) | **Patch** /admin/identities/{id} | Patch an Identity
 [**AdminUpdateIdentity**](V0alpha2Api.md#AdminUpdateIdentity) | **Put** /admin/identities/{id} | Update an Identity
 [**CreateSelfServiceLogoutFlowUrlForBrowsers**](V0alpha2Api.md#CreateSelfServiceLogoutFlowUrlForBrowsers) | **Get** /self-service/logout/browser | Create a Logout URL for Browsers
 [**GetIdentitySchema**](V0alpha2Api.md#GetIdentitySchema) | **Get** /schemas/{id} | 
@@ -679,7 +679,7 @@ Name | Type | Description  | Notes
 
 > Identity AdminPatchIdentity(ctx, id).JsonPatch(jsonPatch).Execute()
 
-Partially updates an Identity's field using [JSON Patch](https://jsonpatch.com/)
+Patch an Identity
 
 
 
diff --git a/spec/api.json b/spec/api.json
index 6622fe7eec42..e80eb209e36c 100755
--- a/spec/api.json
+++ b/spec/api.json
@@ -2798,7 +2798,7 @@
         ]
       },
       "patch": {
-        "description": "NOTE: The fields `id`, `stateChangedAt` and `credentials` are not updateable.\n\nLearn how identities work in [Ory Kratos' User And Identity Model Documentation](https://www.ory.sh/docs/next/kratos/concepts/identity-user-model).",
+        "description": "Partially updates an Identity's field using [JSON Patch](https://jsonpatch.com/)\n\nNOTE: The fields `id`, `stateChangedAt` and `credentials` are not updateable.\n\nLearn how identities work in [Ory Kratos' User And Identity Model Documentation](https://www.ory.sh/docs/next/kratos/concepts/identity-user-model).",
         "operationId": "adminPatchIdentity",
         "parameters": [
           {
@@ -2878,7 +2878,7 @@
             "oryAccessToken": []
           }
         ],
-        "summary": "Partially updates an Identity's field using [JSON Patch](https://jsonpatch.com/)",
+        "summary": "Patch an Identity",
         "tags": [
           "v0alpha2"
         ]
diff --git a/spec/swagger.json b/spec/swagger.json
index ef39bba5fcd6..8d007e348b10 100755
--- a/spec/swagger.json
+++ b/spec/swagger.json
@@ -414,7 +414,7 @@
             "oryAccessToken": []
           }
         ],
-        "description": "NOTE: The fields `id`, `stateChangedAt` and `credentials` are not updateable.\n\nLearn how identities work in [Ory Kratos' User And Identity Model Documentation](https://www.ory.sh/docs/next/kratos/concepts/identity-user-model).",
+        "description": "Partially updates an Identity's field using [JSON Patch](https://jsonpatch.com/)\n\nNOTE: The fields `id`, `stateChangedAt` and `credentials` are not updateable.\n\nLearn how identities work in [Ory Kratos' User And Identity Model Documentation](https://www.ory.sh/docs/next/kratos/concepts/identity-user-model).",
         "consumes": [
           "application/json"
         ],
@@ -428,7 +428,7 @@
         "tags": [
           "v0alpha2"
         ],
-        "summary": "Partially updates an Identity's field using [JSON Patch](https://jsonpatch.com/)",
+        "summary": "Patch an Identity",
         "operationId": "adminPatchIdentity",
         "parameters": [
           {

From a1532ba79722ccfc9c8608ef6f51a6d9ecb24a8e Mon Sep 17 00:00:00 2001
From: Jonas Hungershausen 
Date: Thu, 6 Oct 2022 14:28:54 +0200
Subject: [PATCH 291/411] feat: replace magic links with one time codes in
 recovery flow (#2645)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

This feature introduces a new `code` strategy to recover an account.

Currently, if a user needs to initiate a recovery flow to recover a lost password/MFA/etc., they’ll receive an email containing a “magic link”. This link contains a flow_id and a recovery_token. This is problematic because some antivirus software opens links in emails to check for malicious content, etc.

Instead of the magic link, we send an 8-digit code that is clearly displayed in the email or SMS. A user can now copy/paste or type it manually into the text-field that is shown after the user clicks “submit” on the initiate flow page.

Closes #1451

BREAKING CHANGES: This patch changes the behavior of the recovery flow. It introduces a new strategy for account recovery that sends out short "one-time passwords" (`code`) that a user can use to prove ownership of their account and recovery access to it. This PR also updates the default recovery strategy to `code`.
---
 .github/workflows/ci.yaml                     |   1 +
 .schema/openapi/patches/selfservice.yaml      |   2 +
 .schema/openapi/patches/session.yaml          |   1 +
 cmd/clidoc/main.go                            |   3 +
 .../kratos/email-password/kratos.yml          |   8 +-
 courier/email_templates.go                    |   6 +
 .../recovery_code/invalid/email.body.gotmpl   |   9 +
 .../invalid/email.body.plaintext.gotmpl       |   9 +
 .../invalid/email.subject.gotmpl              |   1 +
 .../recovery_code/valid/email.body.gotmpl     |   5 +
 .../valid/email.body.plaintext.gotmpl         |   5 +
 .../recovery_code/valid/email.subject.gotmpl  |   1 +
 .../template/email/recovery_code_invalid.go   |  49 +
 .../email/recovery_code_invalid_test.go       |  27 +
 courier/template/email/recovery_code_valid.go |  48 +
 .../email/recovery_code_valid_test.go         |  27 +
 courier/template/testhelpers/testhelpers.go   |   4 +
 driver/config/config.go                       |  24 +-
 driver/config/config_test.go                  |   7 +-
 driver/registry.go                            |   4 +
 driver/registry_default.go                    |   7 +
 driver/registry_default_recovery.go           |  16 +
 driver/registry_default_test.go               |   6 +-
 embedx/config.schema.json                     |  44 +-
 examples/go/pkg/stub/kratos.yaml              |   6 +-
 identity/credentials.go                       |   1 +
 internal/httpclient/.openapi-generator/FILES  |   6 +
 internal/httpclient/README.md                 |   4 +
 internal/httpclient/api/openapi.yaml          | 129 ++-
 internal/httpclient/api_v0alpha2.go           | 165 +++
 .../AdminCreateSelfServiceRecoveryCodeBody.md |  77 ++
 .../docs/SelfServiceRecoveryCode.md           |  98 ++
 .../docs/SelfServiceRecoveryFlow.md           |   2 +-
 .../docs/SubmitSelfServiceRecoveryFlowBody.md |  28 +-
 ...lfServiceRecoveryFlowWithCodeMethodBody.md | 129 +++
 internal/httpclient/docs/UiNode.md            |   2 +-
 internal/httpclient/docs/V0alpha2Api.md       |  69 +-
 ..._create_self_service_recovery_code_body.go | 145 +++
 .../model_self_service_recovery_code.go       | 176 ++++
 .../model_self_service_recovery_flow.go       |   2 +-
 ..._submit_self_service_recovery_flow_body.go |  30 +
 ...ice_recovery_flow_with_code_method_body.go | 219 ++++
 internal/httpclient/model_ui_node.go          |   2 +-
 internal/testhelpers/courier.go               |  12 +-
 .../testhelpers/selfservice_verification.go   |  28 +-
 internal/testhelpers/session.go               |   8 +
 persistence/reference.go                      |   2 +
 .../8f75f5d9-9cb4-4848-9a73-9344f686f8a6.json |   7 +
 persistence/sql/migratest/migration_test.go   |  14 +
 .../testdata/20220929124401_testdata.sql      |  14 +
 ...0220901123209000000_recovery_code.down.sql |   5 +
 ...1123209000000_recovery_code.mysql.down.sql |   5 +
 ...901123209000000_recovery_code.mysql.up.sql |  37 +
 .../20220901123209000000_recovery_code.up.sql |  37 +
 persistence/sql/persister_recovery.go         | 149 ++-
 persistence/sql/persister_test.go             |   5 +
 selfservice/flow/recovery/error.go            |  11 +-
 selfservice/flow/recovery/error_test.go       |  47 +-
 selfservice/flow/recovery/flow.go             |  23 +-
 selfservice/flow/recovery/flow_test.go        |   2 +-
 selfservice/flow/recovery/handler.go          |  38 +-
 selfservice/flow/recovery/handler_test.go     |   4 +
 selfservice/flow/recovery/hook_test.go        |   6 +-
 selfservice/flow/recovery/strategy.go         |   9 +-
 selfservice/flow/type.go                      |   8 +
 .../code/.schema/recovery.schema.json         |  29 +
 ...=should_fail_on_malformed_expiry_time.json |   8 +
 ...n=should_fail_on_negative_expiry_time.json |   8 +
 ...ecover_an_account_that_does_not_exist.json |   8 +
 ...set_all_the_correct_recovery_payloads.json |  53 +
 ...ct_recovery_payloads_after_submission.json |  85 ++
 selfservice/strategy/code/code_recovery.go    | 108 ++
 .../strategy/code/code_recovery_test.go       |  91 ++
 selfservice/strategy/code/persistence.go      |  19 +
 selfservice/strategy/code/schema.go           |   8 +
 selfservice/strategy/code/sender.go           | 125 +++
 selfservice/strategy/code/sender_test.go      |  64 ++
 selfservice/strategy/code/strategy.go         |  77 ++
 .../strategy/code/strategy_recovery.go        | 607 +++++++++++
 .../strategy/code/strategy_recovery_test.go   | 993 ++++++++++++++++++
 selfservice/strategy/code/strategy_test.go    |  23 +
 .../strategy/code/stub/default.schema.json    |  29 +
 selfservice/strategy/code/test/persistence.go | 145 +++
 selfservice/strategy/link/sender_test.go      |   5 +-
 .../strategy/link/strategy_recovery.go        |  10 +-
 .../strategy/link/strategy_recovery_test.go   |  13 +-
 selfservice/strategy/link/strategy_test.go    |   1 +
 session/session.go                            |   1 +
 session/session_test.go                       |  50 +-
 spec/api.json                                 | 148 ++-
 spec/swagger.json                             | 132 ++-
 test/e2e/cypress/helpers/index.ts             |   9 +
 .../profiles/recovery/code/errors.spec.ts     | 186 ++++
 .../profiles/recovery/code/success.spec.ts    | 185 ++++
 .../{recovery => link}/errors.spec.ts         |   3 +
 .../{recovery => link}/success.spec.ts        |   1 +
 test/e2e/cypress/support/commands.ts          | 104 ++
 test/e2e/cypress/support/index.d.ts           |  46 +
 test/e2e/mock/webhook/go.mod                  |   2 +-
 test/e2e/mock/webhook/go.sum                  |   4 +-
 test/e2e/profiles/kratos.base.yml             |   3 +
 test/e2e/profiles/mobile/.kratos.yml          |   5 +-
 text/id.go                                    |   9 +-
 text/id_test.go                               |   3 +
 text/message_node.go                          |   8 +
 text/message_recovery.go                      |  18 +
 ui/node/node.go                               |   1 +
 x/xsql/sql.go                                 |   2 +
 108 files changed, 5418 insertions(+), 86 deletions(-)
 create mode 100644 courier/template/courier/builtin/templates/recovery_code/invalid/email.body.gotmpl
 create mode 100644 courier/template/courier/builtin/templates/recovery_code/invalid/email.body.plaintext.gotmpl
 create mode 100644 courier/template/courier/builtin/templates/recovery_code/invalid/email.subject.gotmpl
 create mode 100644 courier/template/courier/builtin/templates/recovery_code/valid/email.body.gotmpl
 create mode 100644 courier/template/courier/builtin/templates/recovery_code/valid/email.body.plaintext.gotmpl
 create mode 100644 courier/template/courier/builtin/templates/recovery_code/valid/email.subject.gotmpl
 create mode 100644 courier/template/email/recovery_code_invalid.go
 create mode 100644 courier/template/email/recovery_code_invalid_test.go
 create mode 100644 courier/template/email/recovery_code_valid.go
 create mode 100644 courier/template/email/recovery_code_valid_test.go
 create mode 100644 internal/httpclient/docs/AdminCreateSelfServiceRecoveryCodeBody.md
 create mode 100644 internal/httpclient/docs/SelfServiceRecoveryCode.md
 create mode 100644 internal/httpclient/docs/SubmitSelfServiceRecoveryFlowWithCodeMethodBody.md
 create mode 100644 internal/httpclient/model_admin_create_self_service_recovery_code_body.go
 create mode 100644 internal/httpclient/model_self_service_recovery_code.go
 create mode 100644 internal/httpclient/model_submit_self_service_recovery_flow_with_code_method_body.go
 create mode 100644 persistence/sql/migratest/fixtures/recovery_code/8f75f5d9-9cb4-4848-9a73-9344f686f8a6.json
 create mode 100644 persistence/sql/migratest/testdata/20220929124401_testdata.sql
 create mode 100644 persistence/sql/migrations/sql/20220901123209000000_recovery_code.down.sql
 create mode 100644 persistence/sql/migrations/sql/20220901123209000000_recovery_code.mysql.down.sql
 create mode 100644 persistence/sql/migrations/sql/20220901123209000000_recovery_code.mysql.up.sql
 create mode 100644 persistence/sql/migrations/sql/20220901123209000000_recovery_code.up.sql
 create mode 100644 selfservice/strategy/code/.schema/recovery.schema.json
 create mode 100644 selfservice/strategy/code/.snapshots/TestAdminStrategy-description=should_fail_on_malformed_expiry_time.json
 create mode 100644 selfservice/strategy/code/.snapshots/TestAdminStrategy-description=should_fail_on_negative_expiry_time.json
 create mode 100644 selfservice/strategy/code/.snapshots/TestAdminStrategy-description=should_not_be_able_to_recover_an_account_that_does_not_exist.json
 create mode 100644 selfservice/strategy/code/.snapshots/TestRecovery-description=should_set_all_the_correct_recovery_payloads.json
 create mode 100644 selfservice/strategy/code/.snapshots/TestRecovery-description=should_set_all_the_correct_recovery_payloads_after_submission.json
 create mode 100644 selfservice/strategy/code/code_recovery.go
 create mode 100644 selfservice/strategy/code/code_recovery_test.go
 create mode 100644 selfservice/strategy/code/persistence.go
 create mode 100644 selfservice/strategy/code/schema.go
 create mode 100644 selfservice/strategy/code/sender.go
 create mode 100644 selfservice/strategy/code/sender_test.go
 create mode 100644 selfservice/strategy/code/strategy.go
 create mode 100644 selfservice/strategy/code/strategy_recovery.go
 create mode 100644 selfservice/strategy/code/strategy_recovery_test.go
 create mode 100644 selfservice/strategy/code/strategy_test.go
 create mode 100644 selfservice/strategy/code/stub/default.schema.json
 create mode 100644 selfservice/strategy/code/test/persistence.go
 create mode 100644 test/e2e/cypress/integration/profiles/recovery/code/errors.spec.ts
 create mode 100644 test/e2e/cypress/integration/profiles/recovery/code/success.spec.ts
 rename test/e2e/cypress/integration/profiles/recovery/{recovery => link}/errors.spec.ts (98%)
 rename test/e2e/cypress/integration/profiles/recovery/{recovery => link}/success.spec.ts (98%)

diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
index 92373c798d60..43f1408b4b7c 100644
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@@ -188,6 +188,7 @@ jobs:
         env:
           RN_UI_PATH: react-native-ui
           NODE_UI_PATH: node-ui
+          CYPRESS_RECORD_KEY: ${{ secrets.CYPRESS_RECORD_KEY }}
       - if: failure()
         uses: actions/upload-artifact@v2
         with:
diff --git a/.schema/openapi/patches/selfservice.yaml b/.schema/openapi/patches/selfservice.yaml
index 42bf8c4874dd..9da5ed771fb1 100644
--- a/.schema/openapi/patches/selfservice.yaml
+++ b/.schema/openapi/patches/selfservice.yaml
@@ -57,12 +57,14 @@
   path: /components/schemas/submitSelfServiceRecoveryFlowBody/oneOf
   value:
     - "$ref": "#/components/schemas/submitSelfServiceRecoveryFlowWithLinkMethodBody"
+    - "$ref": "#/components/schemas/submitSelfServiceRecoveryFlowWithCodeMethodBody"
 - op: add
   path: /components/schemas/submitSelfServiceRecoveryFlowBody/discriminator
   value:
     propertyName: method
     mapping:
       link: "#/components/schemas/submitSelfServiceRecoveryFlowWithLinkMethodBody"
+      code: "#/components/schemas/submitSelfServiceRecoveryFlowWithCodeMethodBody"
 - op: add
   path: /components/schemas/selfServiceRecoveryFlowState/enum
   value:
diff --git a/.schema/openapi/patches/session.yaml b/.schema/openapi/patches/session.yaml
index 3b302334d129..cc6387e1407e 100644
--- a/.schema/openapi/patches/session.yaml
+++ b/.schema/openapi/patches/session.yaml
@@ -18,6 +18,7 @@
     type: string
     enum:
       - link_recovery
+      - code_recovery
       - password
       - totp
       - oidc
diff --git a/cmd/clidoc/main.go b/cmd/clidoc/main.go
index 968ba312f5c7..a8689c859759 100644
--- a/cmd/clidoc/main.go
+++ b/cmd/clidoc/main.go
@@ -111,10 +111,13 @@ func init() {
 		"NewErrorValidationRecoveryFlowExpired":                   text.NewErrorValidationRecoveryFlowExpired(time.Second),
 		"NewRecoverySuccessful":                                   text.NewRecoverySuccessful(inAMinute),
 		"NewRecoveryEmailSent":                                    text.NewRecoveryEmailSent(),
+		"NewRecoveryEmailWithCodeSent":                            text.NewRecoveryEmailWithCodeSent(),
 		"NewErrorValidationRecoveryTokenInvalidOrAlreadyUsed":     text.NewErrorValidationRecoveryTokenInvalidOrAlreadyUsed(),
+		"NewErrorValidationRecoveryCodeInvalidOrAlreadyUsed":      text.NewErrorValidationRecoveryCodeInvalidOrAlreadyUsed(),
 		"NewErrorValidationRecoveryRetrySuccess":                  text.NewErrorValidationRecoveryRetrySuccess(),
 		"NewErrorValidationRecoveryStateFailure":                  text.NewErrorValidationRecoveryStateFailure(),
 		"NewInfoNodeInputEmail":                                   text.NewInfoNodeInputEmail(),
+		"NewInfoNodeResendOTP":                                    text.NewInfoNodeResendOTP(),
 		"NewInfoSelfServiceSettingsRegisterWebAuthn":              text.NewInfoSelfServiceSettingsRegisterWebAuthn(),
 		"NewInfoLoginWebAuthnPasswordless":                        text.NewInfoLoginWebAuthnPasswordless(),
 		"NewInfoSelfServiceRegistrationRegisterWebAuthn":          text.NewInfoSelfServiceRegistrationRegisterWebAuthn(),
diff --git a/contrib/quickstart/kratos/email-password/kratos.yml b/contrib/quickstart/kratos/email-password/kratos.yml
index 127d757618ff..e232bf441616 100644
--- a/contrib/quickstart/kratos/email-password/kratos.yml
+++ b/contrib/quickstart/kratos/email-password/kratos.yml
@@ -18,6 +18,10 @@ selfservice:
   methods:
     password:
       enabled: true
+    link:
+      enabled: false
+    code:
+      enabled: true
 
   flows:
     error:
@@ -30,6 +34,7 @@ selfservice:
     recovery:
       enabled: true
       ui_url: http://127.0.0.1:4455/recovery
+      use: code
 
     verification:
       enabled: true
@@ -51,8 +56,7 @@ selfservice:
       after:
         password:
           hooks:
-            -
-              hook: session
+            - hook: session
 
 log:
   level: debug
diff --git a/courier/email_templates.go b/courier/email_templates.go
index 401d517881ae..fef44ee5ffa5 100644
--- a/courier/email_templates.go
+++ b/courier/email_templates.go
@@ -26,6 +26,8 @@ type (
 const (
 	TypeRecoveryInvalid     TemplateType = "recovery_invalid"
 	TypeRecoveryValid       TemplateType = "recovery_valid"
+	TypeRecoveryCodeInvalid TemplateType = "recovery_code_invalid"
+	TypeRecoveryCodeValid   TemplateType = "recovery_code_valid"
 	TypeVerificationInvalid TemplateType = "verification_invalid"
 	TypeVerificationValid   TemplateType = "verification_valid"
 	TypeOTP                 TemplateType = "otp"
@@ -38,6 +40,10 @@ func GetEmailTemplateType(t EmailTemplate) (TemplateType, error) {
 		return TypeRecoveryInvalid, nil
 	case *email.RecoveryValid:
 		return TypeRecoveryValid, nil
+	case *email.RecoveryCodeInvalid:
+		return TypeRecoveryCodeInvalid, nil
+	case *email.RecoveryCodeValid:
+		return TypeRecoveryCodeValid, nil
 	case *email.VerificationInvalid:
 		return TypeVerificationInvalid, nil
 	case *email.VerificationValid:
diff --git a/courier/template/courier/builtin/templates/recovery_code/invalid/email.body.gotmpl b/courier/template/courier/builtin/templates/recovery_code/invalid/email.body.gotmpl
new file mode 100644
index 000000000000..b8d9188c5975
--- /dev/null
+++ b/courier/template/courier/builtin/templates/recovery_code/invalid/email.body.gotmpl
@@ -0,0 +1,9 @@
+Hi,
+
+you (or someone else) entered this email address when trying to recover access to an account.
+
+However, this email address is not on our database of registered users and therefore the attempt has failed.
+
+If this was you, check if you signed up using a different address.
+
+If this was not you, please ignore this email.
diff --git a/courier/template/courier/builtin/templates/recovery_code/invalid/email.body.plaintext.gotmpl b/courier/template/courier/builtin/templates/recovery_code/invalid/email.body.plaintext.gotmpl
new file mode 100644
index 000000000000..b8d9188c5975
--- /dev/null
+++ b/courier/template/courier/builtin/templates/recovery_code/invalid/email.body.plaintext.gotmpl
@@ -0,0 +1,9 @@
+Hi,
+
+you (or someone else) entered this email address when trying to recover access to an account.
+
+However, this email address is not on our database of registered users and therefore the attempt has failed.
+
+If this was you, check if you signed up using a different address.
+
+If this was not you, please ignore this email.
diff --git a/courier/template/courier/builtin/templates/recovery_code/invalid/email.subject.gotmpl b/courier/template/courier/builtin/templates/recovery_code/invalid/email.subject.gotmpl
new file mode 100644
index 000000000000..403d0dd4a883
--- /dev/null
+++ b/courier/template/courier/builtin/templates/recovery_code/invalid/email.subject.gotmpl
@@ -0,0 +1 @@
+Account access attempted
diff --git a/courier/template/courier/builtin/templates/recovery_code/valid/email.body.gotmpl b/courier/template/courier/builtin/templates/recovery_code/valid/email.body.gotmpl
new file mode 100644
index 000000000000..5037d753998e
--- /dev/null
+++ b/courier/template/courier/builtin/templates/recovery_code/valid/email.body.gotmpl
@@ -0,0 +1,5 @@
+Hi,
+
+please recover access to your account by entering the following code:
+
+{{ .RecoveryCode }}
diff --git a/courier/template/courier/builtin/templates/recovery_code/valid/email.body.plaintext.gotmpl b/courier/template/courier/builtin/templates/recovery_code/valid/email.body.plaintext.gotmpl
new file mode 100644
index 000000000000..5037d753998e
--- /dev/null
+++ b/courier/template/courier/builtin/templates/recovery_code/valid/email.body.plaintext.gotmpl
@@ -0,0 +1,5 @@
+Hi,
+
+please recover access to your account by entering the following code:
+
+{{ .RecoveryCode }}
diff --git a/courier/template/courier/builtin/templates/recovery_code/valid/email.subject.gotmpl b/courier/template/courier/builtin/templates/recovery_code/valid/email.subject.gotmpl
new file mode 100644
index 000000000000..9a47d5f5814a
--- /dev/null
+++ b/courier/template/courier/builtin/templates/recovery_code/valid/email.subject.gotmpl
@@ -0,0 +1 @@
+Recover access to your account
diff --git a/courier/template/email/recovery_code_invalid.go b/courier/template/email/recovery_code_invalid.go
new file mode 100644
index 000000000000..af127cc97256
--- /dev/null
+++ b/courier/template/email/recovery_code_invalid.go
@@ -0,0 +1,49 @@
+package email
+
+import (
+	"context"
+	"encoding/json"
+	"os"
+	"strings"
+
+	"github.com/ory/kratos/courier/template"
+)
+
+type (
+	RecoveryCodeInvalid struct {
+		deps  template.Dependencies
+		model *RecoveryCodeInvalidModel
+	}
+	RecoveryCodeInvalidModel struct {
+		To string
+	}
+)
+
+func NewRecoveryCodeInvalid(d template.Dependencies, m *RecoveryCodeInvalidModel) *RecoveryCodeInvalid {
+	return &RecoveryCodeInvalid{deps: d, model: m}
+}
+
+func (t *RecoveryCodeInvalid) EmailRecipient() (string, error) {
+	return t.model.To, nil
+}
+
+func (t *RecoveryCodeInvalid) EmailSubject(ctx context.Context) (string, error) {
+	filesystem := os.DirFS(t.deps.CourierConfig().CourierTemplatesRoot(ctx))
+	remoteURL := t.deps.CourierConfig().CourierTemplatesRecoveryCodeInvalid(ctx).Subject
+
+	subject, err := template.LoadText(ctx, t.deps, filesystem, "recovery_code/invalid/email.subject.gotmpl", "recovery_code/invalid/email.subject*", t.model, remoteURL)
+
+	return strings.TrimSpace(subject), err
+}
+
+func (t *RecoveryCodeInvalid) EmailBody(ctx context.Context) (string, error) {
+	return template.LoadHTML(ctx, t.deps, os.DirFS(t.deps.CourierConfig().CourierTemplatesRoot(ctx)), "recovery_code/invalid/email.body.gotmpl", "recovery_code/invalid/email.body*", t.model, t.deps.CourierConfig().CourierTemplatesRecoveryCodeInvalid(ctx).Body.HTML)
+}
+
+func (t *RecoveryCodeInvalid) EmailBodyPlaintext(ctx context.Context) (string, error) {
+	return template.LoadText(ctx, t.deps, os.DirFS(t.deps.CourierConfig().CourierTemplatesRoot(ctx)), "recovery_code/invalid/email.body.plaintext.gotmpl", "recovery_code/invalid/email.body.plaintext*", t.model, t.deps.CourierConfig().CourierTemplatesRecoveryCodeInvalid(ctx).Body.PlainText)
+}
+
+func (t *RecoveryCodeInvalid) MarshalJSON() ([]byte, error) {
+	return json.Marshal(t.model)
+}
diff --git a/courier/template/email/recovery_code_invalid_test.go b/courier/template/email/recovery_code_invalid_test.go
new file mode 100644
index 000000000000..b41c4fd64c8e
--- /dev/null
+++ b/courier/template/email/recovery_code_invalid_test.go
@@ -0,0 +1,27 @@
+package email_test
+
+import (
+	"context"
+	"testing"
+
+	"github.com/ory/kratos/courier"
+	"github.com/ory/kratos/courier/template/email"
+	"github.com/ory/kratos/courier/template/testhelpers"
+	"github.com/ory/kratos/internal"
+)
+
+func TestRecoveryCodeInvalid(t *testing.T) {
+	ctx, cancel := context.WithCancel(context.Background())
+	t.Cleanup(cancel)
+
+	t.Run("test=with courier templates directory", func(t *testing.T) {
+		_, reg := internal.NewFastRegistryWithMocks(t)
+		tpl := email.NewRecoveryCodeInvalid(reg, &email.RecoveryCodeInvalidModel{})
+
+		testhelpers.TestRendered(t, ctx, tpl)
+	})
+
+	t.Run("case=test remote resources", func(t *testing.T) {
+		testhelpers.TestRemoteTemplates(t, "../courier/builtin/templates/recovery_code/invalid", courier.TypeRecoveryCodeInvalid)
+	})
+}
diff --git a/courier/template/email/recovery_code_valid.go b/courier/template/email/recovery_code_valid.go
new file mode 100644
index 000000000000..9094c5247deb
--- /dev/null
+++ b/courier/template/email/recovery_code_valid.go
@@ -0,0 +1,48 @@
+package email
+
+import (
+	"context"
+	"encoding/json"
+	"os"
+	"strings"
+
+	"github.com/ory/kratos/courier/template"
+)
+
+type (
+	RecoveryCodeValid struct {
+		deps  template.Dependencies
+		model *RecoveryCodeValidModel
+	}
+	RecoveryCodeValidModel struct {
+		To           string
+		RecoveryCode string
+		Identity     map[string]interface{}
+	}
+)
+
+func NewRecoveryCodeValid(d template.Dependencies, m *RecoveryCodeValidModel) *RecoveryCodeValid {
+	return &RecoveryCodeValid{deps: d, model: m}
+}
+
+func (t *RecoveryCodeValid) EmailRecipient() (string, error) {
+	return t.model.To, nil
+}
+
+func (t *RecoveryCodeValid) EmailSubject(ctx context.Context) (string, error) {
+	subject, err := template.LoadText(ctx, t.deps, os.DirFS(t.deps.CourierConfig().CourierTemplatesRoot(ctx)), "recovery_code/valid/email.subject.gotmpl", "recovery_code/valid/email.subject*", t.model, t.deps.CourierConfig().CourierTemplatesRecoveryCodeValid(ctx).Subject)
+
+	return strings.TrimSpace(subject), err
+}
+
+func (t *RecoveryCodeValid) EmailBody(ctx context.Context) (string, error) {
+	return template.LoadHTML(ctx, t.deps, os.DirFS(t.deps.CourierConfig().CourierTemplatesRoot(ctx)), "recovery_code/valid/email.body.gotmpl", "recovery_code/valid/email.body*", t.model, t.deps.CourierConfig().CourierTemplatesRecoveryCodeValid(ctx).Body.HTML)
+}
+
+func (t *RecoveryCodeValid) EmailBodyPlaintext(ctx context.Context) (string, error) {
+	return template.LoadText(ctx, t.deps, os.DirFS(t.deps.CourierConfig().CourierTemplatesRoot(ctx)), "recovery_code/valid/email.body.plaintext.gotmpl", "recovery_code/valid/email.body.plaintext*", t.model, t.deps.CourierConfig().CourierTemplatesRecoveryCodeValid(ctx).Body.PlainText)
+}
+
+func (t *RecoveryCodeValid) MarshalJSON() ([]byte, error) {
+	return json.Marshal(t.model)
+}
diff --git a/courier/template/email/recovery_code_valid_test.go b/courier/template/email/recovery_code_valid_test.go
new file mode 100644
index 000000000000..6afd5665c89e
--- /dev/null
+++ b/courier/template/email/recovery_code_valid_test.go
@@ -0,0 +1,27 @@
+package email_test
+
+import (
+	"context"
+	"testing"
+
+	"github.com/ory/kratos/courier"
+	"github.com/ory/kratos/courier/template/email"
+	"github.com/ory/kratos/courier/template/testhelpers"
+	"github.com/ory/kratos/internal"
+)
+
+func TestRecoveryCodeValid(t *testing.T) {
+	ctx, cancel := context.WithCancel(context.Background())
+	t.Cleanup(cancel)
+
+	t.Run("test=with courier templates directory", func(t *testing.T) {
+		_, reg := internal.NewFastRegistryWithMocks(t)
+		tpl := email.NewRecoveryCodeValid(reg, &email.RecoveryCodeValidModel{})
+
+		testhelpers.TestRendered(t, ctx, tpl)
+	})
+
+	t.Run("test=with remote resources", func(t *testing.T) {
+		testhelpers.TestRemoteTemplates(t, "../courier/builtin/templates/recovery_code/valid", courier.TypeRecoveryCodeValid)
+	})
+}
diff --git a/courier/template/testhelpers/testhelpers.go b/courier/template/testhelpers/testhelpers.go
index 8a50fcee271f..08049d77e961 100644
--- a/courier/template/testhelpers/testhelpers.go
+++ b/courier/template/testhelpers/testhelpers.go
@@ -66,6 +66,10 @@ func TestRemoteTemplates(t *testing.T, basePath string, tmplType courier.Templat
 			return email.NewRecoveryInvalid(d, &email.RecoveryInvalidModel{})
 		case courier.TypeRecoveryValid:
 			return email.NewRecoveryValid(d, &email.RecoveryValidModel{})
+		case courier.TypeRecoveryCodeValid:
+			return email.NewRecoveryCodeValid(d, &email.RecoveryCodeValidModel{})
+		case courier.TypeRecoveryCodeInvalid:
+			return email.NewRecoveryCodeInvalid(d, &email.RecoveryCodeInvalidModel{})
 		case courier.TypeTestStub:
 			return email.NewTestStub(d, &email.TestStubModel{})
 		case courier.TypeVerificationInvalid:
diff --git a/driver/config/config.go b/driver/config/config.go
index b0e50013cfc2..3e6b52ae3e0a 100644
--- a/driver/config/config.go
+++ b/driver/config/config.go
@@ -67,6 +67,8 @@ const (
 	ViperKeyCourierTemplatesPath                             = "courier.template_override_path"
 	ViperKeyCourierTemplatesRecoveryInvalidEmail             = "courier.templates.recovery.invalid.email"
 	ViperKeyCourierTemplatesRecoveryValidEmail               = "courier.templates.recovery.valid.email"
+	ViperKeyCourierTemplatesRecoveryCodeInvalidEmail         = "courier.templates.recovery_code.invalid.email"
+	ViperKeyCourierTemplatesRecoveryCodeValidEmail           = "courier.templates.recovery_code.valid.email"
 	ViperKeyCourierTemplatesVerificationInvalidEmail         = "courier.templates.verification.invalid.email"
 	ViperKeyCourierTemplatesVerificationValidEmail           = "courier.templates.verification.valid.email"
 	ViperKeyCourierSMTPFrom                                  = "courier.smtp.from_address"
@@ -136,6 +138,7 @@ const (
 	ViperKeySelfServiceRecoveryAfter                         = "selfservice.flows.recovery.after"
 	ViperKeySelfServiceRecoveryBeforeHooks                   = "selfservice.flows.recovery.before.hooks"
 	ViperKeySelfServiceRecoveryEnabled                       = "selfservice.flows.recovery.enabled"
+	ViperKeySelfServiceRecoveryUse                           = "selfservice.flows.recovery.use"
 	ViperKeySelfServiceRecoveryUI                            = "selfservice.flows.recovery.ui_url"
 	ViperKeySelfServiceRecoveryRequestLifespan               = "selfservice.flows.recovery.lifespan"
 	ViperKeySelfServiceRecoveryBrowserDefaultReturnTo        = "selfservice.flows.recovery.after." + DefaultBrowserReturnURL
@@ -162,6 +165,7 @@ const (
 	ViperKeyDatabaseCleanupBatchSize                         = "database.cleanup.batch_size"
 	ViperKeyLinkLifespan                                     = "selfservice.methods.link.config.lifespan"
 	ViperKeyLinkBaseURL                                      = "selfservice.methods.link.config.base_url"
+	ViperKeyCodeLifespan                                     = "selfservice.methods.code.config.lifespan"
 	ViperKeyPasswordHaveIBeenPwnedHost                       = "selfservice.methods.password.config.haveibeenpwned_host"
 	ViperKeyPasswordHaveIBeenPwnedEnabled                    = "selfservice.methods.password.config.haveibeenpwned_enabled"
 	ViperKeyPasswordMaxBreaches                              = "selfservice.methods.password.config.max_breaches"
@@ -264,6 +268,8 @@ type (
 		CourierTemplatesVerificationValid(ctx context.Context) *CourierEmailTemplate
 		CourierTemplatesRecoveryInvalid(ctx context.Context) *CourierEmailTemplate
 		CourierTemplatesRecoveryValid(ctx context.Context) *CourierEmailTemplate
+		CourierTemplatesRecoveryCodeInvalid(ctx context.Context) *CourierEmailTemplate
+		CourierTemplatesRecoveryCodeValid(ctx context.Context) *CourierEmailTemplate
 		CourierMessageRetries(ctx context.Context) int
 	}
 )
@@ -622,6 +628,10 @@ func (p *Config) SelfServiceFlowRecoveryEnabled(ctx context.Context) bool {
 	return p.GetProvider(ctx).Bool(ViperKeySelfServiceRecoveryEnabled)
 }
 
+func (p *Config) SelfServiceFlowRecoveryUse(ctx context.Context) string {
+	return p.GetProvider(ctx).String(ViperKeySelfServiceRecoveryUse)
+}
+
 func (p *Config) SelfServiceFlowLoginBeforeHooks(ctx context.Context) []SelfServiceHook {
 	return p.selfServiceHooks(ctx, ViperKeySelfServiceLoginBeforeHooks)
 }
@@ -711,7 +721,7 @@ func (p *Config) SelfServiceStrategy(ctx context.Context, strategy string) *Self
 			fallthrough
 		case "profile":
 			fallthrough
-		case "link":
+		case "code":
 			s.Enabled = true
 		}
 	}
@@ -985,6 +995,14 @@ func (p *Config) CourierTemplatesRecoveryValid(ctx context.Context) *CourierEmai
 	return p.CourierTemplatesHelper(ctx, ViperKeyCourierTemplatesRecoveryValidEmail)
 }
 
+func (p *Config) CourierTemplatesRecoveryCodeInvalid(ctx context.Context) *CourierEmailTemplate {
+	return p.CourierTemplatesHelper(ctx, ViperKeyCourierTemplatesRecoveryCodeInvalidEmail)
+}
+
+func (p *Config) CourierTemplatesRecoveryCodeValid(ctx context.Context) *CourierEmailTemplate {
+	return p.CourierTemplatesHelper(ctx, ViperKeyCourierTemplatesRecoveryCodeValidEmail)
+}
+
 func (p *Config) CourierMessageRetries(ctx context.Context) int {
 	return p.GetProvider(ctx).IntF(ViperKeyCourierMessageRetries, 5)
 }
@@ -1123,6 +1141,10 @@ func (p *Config) SelfServiceLinkMethodBaseURL(ctx context.Context) *url.URL {
 	return p.GetProvider(ctx).RequestURIF(ViperKeyLinkBaseURL, p.SelfPublicURL(ctx))
 }
 
+func (p *Config) SelfServiceCodeMethodLifespan(ctx context.Context) time.Duration {
+	return p.GetProvider(ctx).DurationF(ViperKeyCodeLifespan, time.Hour)
+}
+
 func (p *Config) DatabaseCleanupSleepTables(ctx context.Context) time.Duration {
 	return p.GetProvider(ctx).Duration(ViperKeyDatabaseCleanupSleepTables)
 }
diff --git a/driver/config/config_test.go b/driver/config/config_test.go
index 7ca8588e302c..b1fbd3d8a849 100644
--- a/driver/config/config_test.go
+++ b/driver/config/config_test.go
@@ -509,6 +509,7 @@ func TestViperProvider_Defaults(t *testing.T) {
 				assert.True(t, p.SelfServiceStrategy(ctx, "password").Enabled)
 				assert.True(t, p.SelfServiceStrategy(ctx, "profile").Enabled)
 				assert.True(t, p.SelfServiceStrategy(ctx, "link").Enabled)
+				assert.True(t, p.SelfServiceStrategy(ctx, "code").Enabled)
 				assert.False(t, p.SelfServiceStrategy(ctx, "oidc").Enabled)
 			},
 		},
@@ -535,7 +536,8 @@ func TestViperProvider_Defaults(t *testing.T) {
 				assert.False(t, p.SelfServiceFlowVerificationEnabled(ctx))
 				assert.True(t, p.SelfServiceStrategy(ctx, "password").Enabled)
 				assert.True(t, p.SelfServiceStrategy(ctx, "profile").Enabled)
-				assert.True(t, p.SelfServiceStrategy(ctx, "link").Enabled)
+				assert.False(t, p.SelfServiceStrategy(ctx, "link").Enabled)
+				assert.True(t, p.SelfServiceStrategy(ctx, "code").Enabled)
 				assert.True(t, p.SelfServiceStrategy(ctx, "oidc").Enabled)
 			},
 		},
@@ -551,7 +553,8 @@ func TestViperProvider_Defaults(t *testing.T) {
 			assert.False(t, p.SelfServiceFlowVerificationEnabled(ctx))
 			assert.True(t, p.SelfServiceStrategy(ctx, "password").Enabled)
 			assert.True(t, p.SelfServiceStrategy(ctx, "profile").Enabled)
-			assert.True(t, p.SelfServiceStrategy(ctx, "link").Enabled)
+			assert.False(t, p.SelfServiceStrategy(ctx, "link").Enabled)
+			assert.True(t, p.SelfServiceStrategy(ctx, "code").Enabled)
 			assert.False(t, p.SelfServiceStrategy(ctx, "oidc").Enabled)
 		})
 	}
diff --git a/driver/registry.go b/driver/registry.go
index 619bfb4ab674..12f4eb652e1b 100644
--- a/driver/registry.go
+++ b/driver/registry.go
@@ -21,6 +21,7 @@ import (
 	"github.com/ory/kratos/selfservice/flow/recovery"
 	"github.com/ory/kratos/selfservice/flow/settings"
 	"github.com/ory/kratos/selfservice/flow/verification"
+	"github.com/ory/kratos/selfservice/strategy/code"
 	"github.com/ory/kratos/selfservice/strategy/link"
 
 	"github.com/ory/x/healthx"
@@ -133,6 +134,9 @@ type Registry interface {
 	link.VerificationTokenPersistenceProvider
 	link.RecoveryTokenPersistenceProvider
 
+	code.RecoveryCodeSenderProvider
+	code.RecoveryCodePersistenceProvider
+
 	recovery.FlowPersistenceProvider
 	recovery.ErrorHandlerProvider
 	recovery.HandlerProvider
diff --git a/driver/registry_default.go b/driver/registry_default.go
index 298aae71f604..691854a0e3b5 100644
--- a/driver/registry_default.go
+++ b/driver/registry_default.go
@@ -22,6 +22,7 @@ import (
 
 	"github.com/ory/nosurf"
 
+	"github.com/ory/kratos/selfservice/strategy/code"
 	"github.com/ory/kratos/selfservice/strategy/webauthn"
 
 	"github.com/ory/kratos/selfservice/strategy/lookup"
@@ -135,6 +136,7 @@ type RegistryDefault struct {
 	selfserviceVerificationExecutor *verification.HookExecutor
 
 	selfserviceLinkSender *link.Sender
+	selfserviceCodeSender *code.RecoveryCodeSender
 
 	selfserviceRecoveryErrorHandler *recovery.ErrorHandler
 	selfserviceRecoveryHandler      *recovery.Handler
@@ -289,6 +291,7 @@ func (m *RegistryDefault) selfServiceStrategies() []interface{} {
 			password2.NewStrategy(m),
 			oidc.NewStrategy(m),
 			profile.NewStrategy(m),
+			code.NewStrategy(m),
 			link.NewStrategy(m),
 			totp.NewStrategy(m),
 			webauthn.NewStrategy(m),
@@ -677,6 +680,10 @@ func (m *RegistryDefault) RecoveryTokenPersister() link.RecoveryTokenPersister {
 	return m.Persister()
 }
 
+func (m *RegistryDefault) RecoveryCodePersister() code.RecoveryCodePersister {
+	return m.Persister()
+}
+
 func (m *RegistryDefault) VerificationTokenPersister() link.VerificationTokenPersister {
 	return m.Persister()
 }
diff --git a/driver/registry_default_recovery.go b/driver/registry_default_recovery.go
index eddd170e8d13..cff44385b456 100644
--- a/driver/registry_default_recovery.go
+++ b/driver/registry_default_recovery.go
@@ -5,6 +5,7 @@ import (
 
 	"github.com/ory/kratos/driver/config"
 	"github.com/ory/kratos/selfservice/flow/recovery"
+	"github.com/ory/kratos/selfservice/strategy/code"
 )
 
 func (m *RegistryDefault) RecoveryFlowErrorHandler() *recovery.ErrorHandler {
@@ -34,6 +35,13 @@ func (m *RegistryDefault) RecoveryStrategies(ctx context.Context) (recoveryStrat
 	return
 }
 
+// GetActiveRecoveryStrategy returns the currently active recovery strategy
+// If no recovery strategy has been set, an error is returned
+func (m *RegistryDefault) GetActiveRecoveryStrategy(ctx context.Context) (recovery.Strategy, error) {
+	activeRecoveryStrategy := m.Config().SelfServiceFlowRecoveryUse(ctx)
+	return m.RecoveryStrategies(ctx).Strategy(activeRecoveryStrategy)
+}
+
 func (m *RegistryDefault) AllRecoveryStrategies() (recoveryStrategies recovery.Strategies) {
 	for _, strategy := range m.selfServiceStrategies() {
 		if s, ok := strategy.(recovery.Strategy); ok {
@@ -68,3 +76,11 @@ func (m *RegistryDefault) PostRecoveryHooks(ctx context.Context) (b []recovery.P
 
 	return
 }
+
+func (m *RegistryDefault) RecoveryCodeSender() *code.RecoveryCodeSender {
+	if m.selfserviceCodeSender == nil {
+		m.selfserviceCodeSender = code.NewSender(m)
+	}
+
+	return m.selfserviceCodeSender
+}
diff --git a/driver/registry_default_test.go b/driver/registry_default_test.go
index 356d81b67d00..4e256fb4ea20 100644
--- a/driver/registry_default_test.go
+++ b/driver/registry_default_test.go
@@ -690,13 +690,15 @@ func TestDriverDefault_Strategies(t *testing.T) {
 		}{
 			{
 				prep: func(conf *config.Config) {
+					conf.MustSet(ctx, config.ViperKeySelfServiceStrategyConfig+".code.enabled", false)
 					conf.MustSet(ctx, config.ViperKeySelfServiceStrategyConfig+".link.enabled", false)
 				},
 			},
 			{
 				prep: func(conf *config.Config) {
+					conf.MustSet(ctx, config.ViperKeySelfServiceStrategyConfig+".code.enabled", true)
 					conf.MustSet(ctx, config.ViperKeySelfServiceStrategyConfig+".link.enabled", true)
-				}, expect: []string{"link"},
+				}, expect: []string{"code", "link"},
 			},
 		} {
 			t.Run(fmt.Sprintf("run=%d", k), func(t *testing.T) {
@@ -831,7 +833,7 @@ func TestDefaultRegistry_AllStrategies(t *testing.T) {
 	})
 
 	t.Run("case=all recovery strategies", func(t *testing.T) {
-		expects := []string{"link"}
+		expects := []string{"code", "link"}
 		s := reg.AllRecoveryStrategies()
 		require.Len(t, s, len(expects))
 		for k, e := range expects {
diff --git a/embedx/config.schema.json b/embedx/config.schema.json
index 423482e974e2..60b4e8768949 100644
--- a/embedx/config.schema.json
+++ b/embedx/config.schema.json
@@ -1220,6 +1220,16 @@
                 },
                 "before": {
                   "$ref": "#/definitions/selfServiceBeforeRecovery"
+                },
+                "use": {
+                  "title": "Recovery Strategy",
+                  "description":"The strategy to use for recovery requests",
+                  "type": "string",
+                  "enum": [
+                    "link",
+                    "code"
+                  ],
+                  "default": "code"
                 }
               }
             },
@@ -1263,7 +1273,7 @@
                 "enabled": {
                   "type": "boolean",
                   "title": "Enables Link Method",
-                  "default": true
+                  "default": false
                 },
                 "config": {
                   "type": "object",
@@ -1292,6 +1302,35 @@
                 }
               }
             },
+            "code": {
+              "type": "object",
+              "additionalProperties": false,
+              "properties": {
+                "enabled": {
+                  "type": "boolean",
+                  "title": "Enables Code Method",
+                  "default": true
+                },
+                "config": {
+                  "type": "object",
+                  "title": "Code Configuration",
+                  "description": "Additional configuration for the code strategy.",
+                  "properties": {
+                    "lifespan": {
+                      "title": "How long a code is valid for",
+                      "type": "string",
+                      "pattern": "^([0-9]+(ns|us|ms|s|m|h))+$",
+                      "default": "1h",
+                      "examples": [
+                        "1h",
+                        "1m",
+                        "1s"
+                      ]
+                    }
+                  }
+                }
+              }
+            },
             "password": {
               "type": "object",
               "additionalProperties": false,
@@ -1572,6 +1611,9 @@
             "recovery": {
               "$ref": "#/definitions/courierTemplates"
             },
+            "recovery_code": {
+              "$ref": "#/definitions/courierTemplates"
+            },
             "verification": {
               "$ref": "#/definitions/courierTemplates"
             }
diff --git a/examples/go/pkg/stub/kratos.yaml b/examples/go/pkg/stub/kratos.yaml
index 74d50f42da38..26ebfe637e4f 100644
--- a/examples/go/pkg/stub/kratos.yaml
+++ b/examples/go/pkg/stub/kratos.yaml
@@ -15,6 +15,8 @@ selfservice:
   methods:
     password:
       enabled: true
+    link:
+      enabled: true
 
   flows:
     error:
@@ -27,6 +29,7 @@ selfservice:
     recovery:
       enabled: true
       ui_url: http://127.0.0.1:4455/recovery
+      use: link
 
     verification:
       enabled: true
@@ -48,8 +51,7 @@ selfservice:
       after:
         password:
           hooks:
-            -
-              hook: session
+            - hook: session
 
 log:
   level: debug
diff --git a/identity/credentials.go b/identity/credentials.go
index b650d7cc1e69..8b78232aa36a 100644
--- a/identity/credentials.go
+++ b/identity/credentials.go
@@ -72,6 +72,7 @@ const (
 	// CredentialsTypeRecoveryLink is a special credential type linked to the link strategy (recovery flow).
 	// It is not used within the credentials object itself.
 	CredentialsTypeRecoveryLink CredentialsType = "link_recovery"
+	CredentialsTypeRecoveryCode CredentialsType = "code_recovery"
 )
 
 // Credentials represents a specific credential type
diff --git a/internal/httpclient/.openapi-generator/FILES b/internal/httpclient/.openapi-generator/FILES
index 3ae906a20559..000360e64ecb 100644
--- a/internal/httpclient/.openapi-generator/FILES
+++ b/internal/httpclient/.openapi-generator/FILES
@@ -13,6 +13,7 @@ docs/AdminCreateIdentityImportCredentialsOidcConfig.md
 docs/AdminCreateIdentityImportCredentialsOidcProvider.md
 docs/AdminCreateIdentityImportCredentialsPassword.md
 docs/AdminCreateIdentityImportCredentialsPasswordConfig.md
+docs/AdminCreateSelfServiceRecoveryCodeBody.md
 docs/AdminCreateSelfServiceRecoveryLinkBody.md
 docs/AdminIdentityImportCredentials.md
 docs/AdminUpdateIdentityBody.md
@@ -47,6 +48,7 @@ docs/SelfServiceError.md
 docs/SelfServiceFlowExpiredError.md
 docs/SelfServiceLoginFlow.md
 docs/SelfServiceLogoutUrl.md
+docs/SelfServiceRecoveryCode.md
 docs/SelfServiceRecoveryFlow.md
 docs/SelfServiceRecoveryFlowState.md
 docs/SelfServiceRecoveryLink.md
@@ -68,6 +70,7 @@ docs/SubmitSelfServiceLoginFlowWithTotpMethodBody.md
 docs/SubmitSelfServiceLoginFlowWithWebAuthnMethodBody.md
 docs/SubmitSelfServiceLogoutFlowWithoutBrowserBody.md
 docs/SubmitSelfServiceRecoveryFlowBody.md
+docs/SubmitSelfServiceRecoveryFlowWithCodeMethodBody.md
 docs/SubmitSelfServiceRecoveryFlowWithLinkMethodBody.md
 docs/SubmitSelfServiceRegistrationFlowBody.md
 docs/SubmitSelfServiceRegistrationFlowWithOidcMethodBody.md
@@ -108,6 +111,7 @@ model_admin_create_identity_import_credentials_oidc_config.go
 model_admin_create_identity_import_credentials_oidc_provider.go
 model_admin_create_identity_import_credentials_password.go
 model_admin_create_identity_import_credentials_password_config.go
+model_admin_create_self_service_recovery_code_body.go
 model_admin_create_self_service_recovery_link_body.go
 model_admin_identity_import_credentials.go
 model_admin_update_identity_body.go
@@ -141,6 +145,7 @@ model_self_service_error.go
 model_self_service_flow_expired_error.go
 model_self_service_login_flow.go
 model_self_service_logout_url.go
+model_self_service_recovery_code.go
 model_self_service_recovery_flow.go
 model_self_service_recovery_flow_state.go
 model_self_service_recovery_link.go
@@ -162,6 +167,7 @@ model_submit_self_service_login_flow_with_totp_method_body.go
 model_submit_self_service_login_flow_with_web_authn_method_body.go
 model_submit_self_service_logout_flow_without_browser_body.go
 model_submit_self_service_recovery_flow_body.go
+model_submit_self_service_recovery_flow_with_code_method_body.go
 model_submit_self_service_recovery_flow_with_link_method_body.go
 model_submit_self_service_registration_flow_body.go
 model_submit_self_service_registration_flow_with_oidc_method_body.go
diff --git a/internal/httpclient/README.md b/internal/httpclient/README.md
index 9cd44b046d24..89d3b9e90498 100644
--- a/internal/httpclient/README.md
+++ b/internal/httpclient/README.md
@@ -87,6 +87,7 @@ Class | Method | HTTP request | Description
 *MetadataApi* | [**IsAlive**](docs/MetadataApi.md#isalive) | **Get** /health/alive | Check HTTP Server Status
 *MetadataApi* | [**IsReady**](docs/MetadataApi.md#isready) | **Get** /health/ready | Check HTTP Server and Database Status
 *V0alpha2Api* | [**AdminCreateIdentity**](docs/V0alpha2Api.md#admincreateidentity) | **Post** /admin/identities | Create an Identity
+*V0alpha2Api* | [**AdminCreateSelfServiceRecoveryCode**](docs/V0alpha2Api.md#admincreateselfservicerecoverycode) | **Post** /admin/recovery/code | Create a Recovery Link
 *V0alpha2Api* | [**AdminCreateSelfServiceRecoveryLink**](docs/V0alpha2Api.md#admincreateselfservicerecoverylink) | **Post** /admin/recovery/link | Create a Recovery Link
 *V0alpha2Api* | [**AdminDeleteIdentity**](docs/V0alpha2Api.md#admindeleteidentity) | **Delete** /admin/identities/{id} | Delete an Identity
 *V0alpha2Api* | [**AdminDeleteIdentitySessions**](docs/V0alpha2Api.md#admindeleteidentitysessions) | **Delete** /admin/identities/{id}/sessions | Calling this endpoint irrecoverably and permanently deletes and invalidates all sessions that belong to the given Identity.
@@ -138,6 +139,7 @@ Class | Method | HTTP request | Description
  - [AdminCreateIdentityImportCredentialsOidcProvider](docs/AdminCreateIdentityImportCredentialsOidcProvider.md)
  - [AdminCreateIdentityImportCredentialsPassword](docs/AdminCreateIdentityImportCredentialsPassword.md)
  - [AdminCreateIdentityImportCredentialsPasswordConfig](docs/AdminCreateIdentityImportCredentialsPasswordConfig.md)
+ - [AdminCreateSelfServiceRecoveryCodeBody](docs/AdminCreateSelfServiceRecoveryCodeBody.md)
  - [AdminCreateSelfServiceRecoveryLinkBody](docs/AdminCreateSelfServiceRecoveryLinkBody.md)
  - [AdminIdentityImportCredentials](docs/AdminIdentityImportCredentials.md)
  - [AdminUpdateIdentityBody](docs/AdminUpdateIdentityBody.md)
@@ -171,6 +173,7 @@ Class | Method | HTTP request | Description
  - [SelfServiceFlowExpiredError](docs/SelfServiceFlowExpiredError.md)
  - [SelfServiceLoginFlow](docs/SelfServiceLoginFlow.md)
  - [SelfServiceLogoutUrl](docs/SelfServiceLogoutUrl.md)
+ - [SelfServiceRecoveryCode](docs/SelfServiceRecoveryCode.md)
  - [SelfServiceRecoveryFlow](docs/SelfServiceRecoveryFlow.md)
  - [SelfServiceRecoveryFlowState](docs/SelfServiceRecoveryFlowState.md)
  - [SelfServiceRecoveryLink](docs/SelfServiceRecoveryLink.md)
@@ -192,6 +195,7 @@ Class | Method | HTTP request | Description
  - [SubmitSelfServiceLoginFlowWithWebAuthnMethodBody](docs/SubmitSelfServiceLoginFlowWithWebAuthnMethodBody.md)
  - [SubmitSelfServiceLogoutFlowWithoutBrowserBody](docs/SubmitSelfServiceLogoutFlowWithoutBrowserBody.md)
  - [SubmitSelfServiceRecoveryFlowBody](docs/SubmitSelfServiceRecoveryFlowBody.md)
+ - [SubmitSelfServiceRecoveryFlowWithCodeMethodBody](docs/SubmitSelfServiceRecoveryFlowWithCodeMethodBody.md)
  - [SubmitSelfServiceRecoveryFlowWithLinkMethodBody](docs/SubmitSelfServiceRecoveryFlowWithLinkMethodBody.md)
  - [SubmitSelfServiceRegistrationFlowBody](docs/SubmitSelfServiceRegistrationFlowBody.md)
  - [SubmitSelfServiceRegistrationFlowWithOidcMethodBody](docs/SubmitSelfServiceRegistrationFlowWithOidcMethodBody.md)
diff --git a/internal/httpclient/api/openapi.yaml b/internal/httpclient/api/openapi.yaml
index bded33640091..95edb4ae68e8 100644
--- a/internal/httpclient/api/openapi.yaml
+++ b/internal/httpclient/api/openapi.yaml
@@ -562,6 +562,46 @@ paths:
       summary: This endpoint returns all sessions that belong to the given Identity.
       tags:
       - v0alpha2
+  /admin/recovery/code:
+    post:
+      description: |-
+        This endpoint creates a recovery code which should be given to the user in order for them to recover
+        (or activate) their account.
+      operationId: adminCreateSelfServiceRecoveryCode
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/adminCreateSelfServiceRecoveryCodeBody'
+        x-originalParamName: Body
+      responses:
+        "201":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/selfServiceRecoveryCode'
+          description: selfServiceRecoveryCode
+        "400":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/jsonError'
+          description: jsonError
+        "404":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/jsonError'
+          description: jsonError
+        "500":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/jsonError'
+          description: jsonError
+      summary: Create a Recovery Link
+      tags:
+      - v0alpha2
   /admin/recovery/link:
     post:
       description: |-
@@ -1451,6 +1491,12 @@ paths:
               schema:
                 $ref: '#/components/schemas/jsonError'
           description: jsonError
+        "422":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/selfServiceBrowserLocationChangeRequiredError'
+          description: selfServiceBrowserLocationChangeRequiredError
         "500":
           content:
             application/json:
@@ -3081,6 +3127,26 @@ components:
           description: The password in plain text if no hash is available.
           type: string
       type: object
+    adminCreateSelfServiceRecoveryCodeBody:
+      properties:
+        expires_in:
+          description: |-
+            Code Expires In
+
+            The recovery code will expire at that point in time. Defaults to the configuration value of
+            `selfservice.flows.recovery.request_lifespan`.
+          pattern: ^([0-9]+(ns|us|ms|s|m|h))*$
+          type: string
+        identity_id:
+          description: |-
+            Identity to Recover
+
+            The identity's ID you wish to recover.
+          format: uuid
+          type: string
+      required:
+      - identity_id
+      type: object
     adminCreateSelfServiceRecoveryLinkBody:
       properties:
         expires_in:
@@ -4022,6 +4088,32 @@ components:
       - logout_token
       - logout_url
       type: object
+    selfServiceRecoveryCode:
+      example:
+        expires_at: 2000-01-23T04:56:07.000+00:00
+        recovery_code: recovery_code
+        recovery_link: recovery_link
+      properties:
+        expires_at:
+          description: |-
+            Expires At is the timestamp of when the recovery flow expires
+
+            The timestamp when the recovery link expires.
+          format: date-time
+          type: string
+        recovery_code:
+          description: RecoveryCode is the code that can be used to recover the account
+          type: string
+        recovery_link:
+          description: |-
+            RecoveryLink with flow
+
+            This link opens the recovery UI with an empty `code` field.
+          type: string
+      required:
+      - recovery_code
+      - recovery_link
+      type: object
     selfServiceRecoveryFlow:
       description: |-
         This request is used when an identity wants to recover their account.
@@ -4085,7 +4177,7 @@ components:
       properties:
         active:
           description: |-
-            Active, if set, contains the registration method that is being used. It is initially
+            Active, if set, contains the recovery method that is being used. It is initially
             not set.
           type: string
         expires_at:
@@ -4687,6 +4779,7 @@ components:
         method:
           enum:
           - link_recovery
+          - code_recovery
           - password
           - totp
           - oidc
@@ -4917,10 +5010,41 @@ components:
     submitSelfServiceRecoveryFlowBody:
       discriminator:
         mapping:
+          code: '#/components/schemas/submitSelfServiceRecoveryFlowWithCodeMethodBody'
           link: '#/components/schemas/submitSelfServiceRecoveryFlowWithLinkMethodBody'
         propertyName: method
       oneOf:
       - $ref: '#/components/schemas/submitSelfServiceRecoveryFlowWithLinkMethodBody'
+      - $ref: '#/components/schemas/submitSelfServiceRecoveryFlowWithCodeMethodBody'
+    submitSelfServiceRecoveryFlowWithCodeMethodBody:
+      properties:
+        code:
+          description: |-
+            Code from recovery email
+
+            Sent to the user once a recovery has been initiated and is used to prove
+            that the user is in possession of the email
+          type: string
+        csrf_token:
+          description: Sending the anti-csrf token is only required for browser login
+            flows.
+          type: string
+        email:
+          description: |-
+            Email to Recover
+
+            Needs to be set when initiating the flow. If the email is a registered
+            recovery email, a recovery link will be sent. If the email is not known,
+            a email with details on what happened will be sent instead.
+
+            format: email
+          type: string
+        method:
+          description: Method supports `link` and `code` only right now.
+          type: string
+      required:
+      - method
+      type: object
     submitSelfServiceRecoveryFlowWithLinkMethodBody:
       properties:
         csrf_token:
@@ -5619,6 +5743,7 @@ components:
             oidc OpenIDConnectGroup
             profile ProfileGroup
             link LinkGroup
+            code CodeGroup
             totp TOTPGroup
             lookup_secret LookupGroup
             webauthn WebAuthnGroup
@@ -5628,6 +5753,7 @@ components:
           - oidc
           - profile
           - link
+          - code
           - totp
           - lookup_secret
           - webauthn
@@ -5638,6 +5764,7 @@ components:
             oidc OpenIDConnectGroup
             profile ProfileGroup
             link LinkGroup
+            code CodeGroup
             totp TOTPGroup
             lookup_secret LookupGroup
             webauthn WebAuthnGroup
diff --git a/internal/httpclient/api_v0alpha2.go b/internal/httpclient/api_v0alpha2.go
index 983834306116..e090477a27c0 100644
--- a/internal/httpclient/api_v0alpha2.go
+++ b/internal/httpclient/api_v0alpha2.go
@@ -42,6 +42,21 @@ type V0alpha2Api interface {
 	 */
 	AdminCreateIdentityExecute(r V0alpha2ApiApiAdminCreateIdentityRequest) (*Identity, *http.Response, error)
 
+	/*
+			 * AdminCreateSelfServiceRecoveryCode Create a Recovery Link
+			 * This endpoint creates a recovery code which should be given to the user in order for them to recover
+		(or activate) their account.
+			 * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+			 * @return V0alpha2ApiApiAdminCreateSelfServiceRecoveryCodeRequest
+	*/
+	AdminCreateSelfServiceRecoveryCode(ctx context.Context) V0alpha2ApiApiAdminCreateSelfServiceRecoveryCodeRequest
+
+	/*
+	 * AdminCreateSelfServiceRecoveryCodeExecute executes the request
+	 * @return SelfServiceRecoveryCode
+	 */
+	AdminCreateSelfServiceRecoveryCodeExecute(r V0alpha2ApiApiAdminCreateSelfServiceRecoveryCodeRequest) (*SelfServiceRecoveryCode, *http.Response, error)
+
 	/*
 			 * AdminCreateSelfServiceRecoveryLink Create a Recovery Link
 			 * This endpoint creates a recovery link which should be given to the user in order for them to recover
@@ -1278,6 +1293,146 @@ func (a *V0alpha2ApiService) AdminCreateIdentityExecute(r V0alpha2ApiApiAdminCre
 	return localVarReturnValue, localVarHTTPResponse, nil
 }
 
+type V0alpha2ApiApiAdminCreateSelfServiceRecoveryCodeRequest struct {
+	ctx                                    context.Context
+	ApiService                             V0alpha2Api
+	adminCreateSelfServiceRecoveryCodeBody *AdminCreateSelfServiceRecoveryCodeBody
+}
+
+func (r V0alpha2ApiApiAdminCreateSelfServiceRecoveryCodeRequest) AdminCreateSelfServiceRecoveryCodeBody(adminCreateSelfServiceRecoveryCodeBody AdminCreateSelfServiceRecoveryCodeBody) V0alpha2ApiApiAdminCreateSelfServiceRecoveryCodeRequest {
+	r.adminCreateSelfServiceRecoveryCodeBody = &adminCreateSelfServiceRecoveryCodeBody
+	return r
+}
+
+func (r V0alpha2ApiApiAdminCreateSelfServiceRecoveryCodeRequest) Execute() (*SelfServiceRecoveryCode, *http.Response, error) {
+	return r.ApiService.AdminCreateSelfServiceRecoveryCodeExecute(r)
+}
+
+/*
+  - AdminCreateSelfServiceRecoveryCode Create a Recovery Link
+  - This endpoint creates a recovery code which should be given to the user in order for them to recover
+
+(or activate) their account.
+  - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+  - @return V0alpha2ApiApiAdminCreateSelfServiceRecoveryCodeRequest
+*/
+func (a *V0alpha2ApiService) AdminCreateSelfServiceRecoveryCode(ctx context.Context) V0alpha2ApiApiAdminCreateSelfServiceRecoveryCodeRequest {
+	return V0alpha2ApiApiAdminCreateSelfServiceRecoveryCodeRequest{
+		ApiService: a,
+		ctx:        ctx,
+	}
+}
+
+/*
+ * Execute executes the request
+ * @return SelfServiceRecoveryCode
+ */
+func (a *V0alpha2ApiService) AdminCreateSelfServiceRecoveryCodeExecute(r V0alpha2ApiApiAdminCreateSelfServiceRecoveryCodeRequest) (*SelfServiceRecoveryCode, *http.Response, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPost
+		localVarPostBody     interface{}
+		localVarFormFileName string
+		localVarFileName     string
+		localVarFileBytes    []byte
+		localVarReturnValue  *SelfServiceRecoveryCode
+	)
+
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "V0alpha2ApiService.AdminCreateSelfServiceRecoveryCode")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/admin/recovery/code"
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{"application/json"}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	// body params
+	localVarPostBody = r.adminCreateSelfServiceRecoveryCodeBody
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, localVarFormFileName, localVarFileName, localVarFileBytes)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+
+	localVarHTTPResponse, err := a.client.callAPI(req)
+	if err != nil || localVarHTTPResponse == nil {
+		return localVarReturnValue, localVarHTTPResponse, err
+	}
+
+	localVarBody, err := io.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = io.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		return localVarReturnValue, localVarHTTPResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 400 {
+			var v JsonError
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				return localVarReturnValue, localVarHTTPResponse, newErr
+			}
+			newErr.model = v
+			return localVarReturnValue, localVarHTTPResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v JsonError
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				return localVarReturnValue, localVarHTTPResponse, newErr
+			}
+			newErr.model = v
+			return localVarReturnValue, localVarHTTPResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 500 {
+			var v JsonError
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				return localVarReturnValue, localVarHTTPResponse, newErr
+			}
+			newErr.model = v
+		}
+		return localVarReturnValue, localVarHTTPResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		return localVarReturnValue, localVarHTTPResponse, newErr
+	}
+
+	return localVarReturnValue, localVarHTTPResponse, nil
+}
+
 type V0alpha2ApiApiAdminCreateSelfServiceRecoveryLinkRequest struct {
 	ctx                                    context.Context
 	ApiService                             V0alpha2Api
@@ -6910,6 +7065,16 @@ func (a *V0alpha2ApiService) SubmitSelfServiceRecoveryFlowExecute(r V0alpha2ApiA
 			newErr.model = v
 			return localVarReturnValue, localVarHTTPResponse, newErr
 		}
+		if localVarHTTPResponse.StatusCode == 422 {
+			var v SelfServiceBrowserLocationChangeRequiredError
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				return localVarReturnValue, localVarHTTPResponse, newErr
+			}
+			newErr.model = v
+			return localVarReturnValue, localVarHTTPResponse, newErr
+		}
 		if localVarHTTPResponse.StatusCode == 500 {
 			var v JsonError
 			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
diff --git a/internal/httpclient/docs/AdminCreateSelfServiceRecoveryCodeBody.md b/internal/httpclient/docs/AdminCreateSelfServiceRecoveryCodeBody.md
new file mode 100644
index 000000000000..7623689a81ad
--- /dev/null
+++ b/internal/httpclient/docs/AdminCreateSelfServiceRecoveryCodeBody.md
@@ -0,0 +1,77 @@
+# AdminCreateSelfServiceRecoveryCodeBody
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**ExpiresIn** | Pointer to **string** | Code Expires In  The recovery code will expire at that point in time. Defaults to the configuration value of `selfservice.flows.recovery.request_lifespan`. | [optional] 
+**IdentityId** | **string** | Identity to Recover  The identity's ID you wish to recover. | 
+
+## Methods
+
+### NewAdminCreateSelfServiceRecoveryCodeBody
+
+`func NewAdminCreateSelfServiceRecoveryCodeBody(identityId string, ) *AdminCreateSelfServiceRecoveryCodeBody`
+
+NewAdminCreateSelfServiceRecoveryCodeBody instantiates a new AdminCreateSelfServiceRecoveryCodeBody object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewAdminCreateSelfServiceRecoveryCodeBodyWithDefaults
+
+`func NewAdminCreateSelfServiceRecoveryCodeBodyWithDefaults() *AdminCreateSelfServiceRecoveryCodeBody`
+
+NewAdminCreateSelfServiceRecoveryCodeBodyWithDefaults instantiates a new AdminCreateSelfServiceRecoveryCodeBody object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetExpiresIn
+
+`func (o *AdminCreateSelfServiceRecoveryCodeBody) GetExpiresIn() string`
+
+GetExpiresIn returns the ExpiresIn field if non-nil, zero value otherwise.
+
+### GetExpiresInOk
+
+`func (o *AdminCreateSelfServiceRecoveryCodeBody) GetExpiresInOk() (*string, bool)`
+
+GetExpiresInOk returns a tuple with the ExpiresIn field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetExpiresIn
+
+`func (o *AdminCreateSelfServiceRecoveryCodeBody) SetExpiresIn(v string)`
+
+SetExpiresIn sets ExpiresIn field to given value.
+
+### HasExpiresIn
+
+`func (o *AdminCreateSelfServiceRecoveryCodeBody) HasExpiresIn() bool`
+
+HasExpiresIn returns a boolean if a field has been set.
+
+### GetIdentityId
+
+`func (o *AdminCreateSelfServiceRecoveryCodeBody) GetIdentityId() string`
+
+GetIdentityId returns the IdentityId field if non-nil, zero value otherwise.
+
+### GetIdentityIdOk
+
+`func (o *AdminCreateSelfServiceRecoveryCodeBody) GetIdentityIdOk() (*string, bool)`
+
+GetIdentityIdOk returns a tuple with the IdentityId field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetIdentityId
+
+`func (o *AdminCreateSelfServiceRecoveryCodeBody) SetIdentityId(v string)`
+
+SetIdentityId sets IdentityId field to given value.
+
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/internal/httpclient/docs/SelfServiceRecoveryCode.md b/internal/httpclient/docs/SelfServiceRecoveryCode.md
new file mode 100644
index 000000000000..202a7e9d52f8
--- /dev/null
+++ b/internal/httpclient/docs/SelfServiceRecoveryCode.md
@@ -0,0 +1,98 @@
+# SelfServiceRecoveryCode
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**ExpiresAt** | Pointer to **time.Time** | Expires At is the timestamp of when the recovery flow expires  The timestamp when the recovery link expires. | [optional] 
+**RecoveryCode** | **string** | RecoveryCode is the code that can be used to recover the account | 
+**RecoveryLink** | **string** | RecoveryLink with flow  This link opens the recovery UI with an empty `code` field. | 
+
+## Methods
+
+### NewSelfServiceRecoveryCode
+
+`func NewSelfServiceRecoveryCode(recoveryCode string, recoveryLink string, ) *SelfServiceRecoveryCode`
+
+NewSelfServiceRecoveryCode instantiates a new SelfServiceRecoveryCode object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewSelfServiceRecoveryCodeWithDefaults
+
+`func NewSelfServiceRecoveryCodeWithDefaults() *SelfServiceRecoveryCode`
+
+NewSelfServiceRecoveryCodeWithDefaults instantiates a new SelfServiceRecoveryCode object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetExpiresAt
+
+`func (o *SelfServiceRecoveryCode) GetExpiresAt() time.Time`
+
+GetExpiresAt returns the ExpiresAt field if non-nil, zero value otherwise.
+
+### GetExpiresAtOk
+
+`func (o *SelfServiceRecoveryCode) GetExpiresAtOk() (*time.Time, bool)`
+
+GetExpiresAtOk returns a tuple with the ExpiresAt field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetExpiresAt
+
+`func (o *SelfServiceRecoveryCode) SetExpiresAt(v time.Time)`
+
+SetExpiresAt sets ExpiresAt field to given value.
+
+### HasExpiresAt
+
+`func (o *SelfServiceRecoveryCode) HasExpiresAt() bool`
+
+HasExpiresAt returns a boolean if a field has been set.
+
+### GetRecoveryCode
+
+`func (o *SelfServiceRecoveryCode) GetRecoveryCode() string`
+
+GetRecoveryCode returns the RecoveryCode field if non-nil, zero value otherwise.
+
+### GetRecoveryCodeOk
+
+`func (o *SelfServiceRecoveryCode) GetRecoveryCodeOk() (*string, bool)`
+
+GetRecoveryCodeOk returns a tuple with the RecoveryCode field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetRecoveryCode
+
+`func (o *SelfServiceRecoveryCode) SetRecoveryCode(v string)`
+
+SetRecoveryCode sets RecoveryCode field to given value.
+
+
+### GetRecoveryLink
+
+`func (o *SelfServiceRecoveryCode) GetRecoveryLink() string`
+
+GetRecoveryLink returns the RecoveryLink field if non-nil, zero value otherwise.
+
+### GetRecoveryLinkOk
+
+`func (o *SelfServiceRecoveryCode) GetRecoveryLinkOk() (*string, bool)`
+
+GetRecoveryLinkOk returns a tuple with the RecoveryLink field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetRecoveryLink
+
+`func (o *SelfServiceRecoveryCode) SetRecoveryLink(v string)`
+
+SetRecoveryLink sets RecoveryLink field to given value.
+
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/internal/httpclient/docs/SelfServiceRecoveryFlow.md b/internal/httpclient/docs/SelfServiceRecoveryFlow.md
index 8f207707d7cc..dcc79ddc6609 100644
--- a/internal/httpclient/docs/SelfServiceRecoveryFlow.md
+++ b/internal/httpclient/docs/SelfServiceRecoveryFlow.md
@@ -4,7 +4,7 @@
 
 Name | Type | Description | Notes
 ------------ | ------------- | ------------- | -------------
-**Active** | Pointer to **string** | Active, if set, contains the registration method that is being used. It is initially not set. | [optional] 
+**Active** | Pointer to **string** | Active, if set, contains the recovery method that is being used. It is initially not set. | [optional] 
 **ExpiresAt** | **time.Time** | ExpiresAt is the time (UTC) when the request expires. If the user still wishes to update the setting, a new request has to be initiated. | 
 **Id** | **string** | ID represents the request's unique ID. When performing the recovery flow, this represents the id in the recovery ui's query parameter: http://<selfservice.flows.recovery.ui_url>?request=<id> | 
 **IssuedAt** | **time.Time** | IssuedAt is the time (UTC) when the request occurred. | 
diff --git a/internal/httpclient/docs/SubmitSelfServiceRecoveryFlowBody.md b/internal/httpclient/docs/SubmitSelfServiceRecoveryFlowBody.md
index 0d4cec157a3b..571e939f52e1 100644
--- a/internal/httpclient/docs/SubmitSelfServiceRecoveryFlowBody.md
+++ b/internal/httpclient/docs/SubmitSelfServiceRecoveryFlowBody.md
@@ -6,7 +6,8 @@ Name | Type | Description | Notes
 ------------ | ------------- | ------------- | -------------
 **CsrfToken** | Pointer to **string** | Sending the anti-csrf token is only required for browser login flows. | [optional] 
 **Email** | **string** | Email to Recover  Needs to be set when initiating the flow. If the email is a registered recovery email, a recovery link will be sent. If the email is not known, a email with details on what happened will be sent instead.  format: email | 
-**Method** | **string** | Method supports `link` only right now. | 
+**Method** | **string** | Method supports `link` and `code` only right now. | 
+**Code** | Pointer to **string** | Code from recovery email  Sent to the user once a recovery has been initiated and is used to prove that the user is in possession of the email | [optional] 
 
 ## Methods
 
@@ -92,6 +93,31 @@ and a boolean to check if the value has been set.
 SetMethod sets Method field to given value.
 
 
+### GetCode
+
+`func (o *SubmitSelfServiceRecoveryFlowBody) GetCode() string`
+
+GetCode returns the Code field if non-nil, zero value otherwise.
+
+### GetCodeOk
+
+`func (o *SubmitSelfServiceRecoveryFlowBody) GetCodeOk() (*string, bool)`
+
+GetCodeOk returns a tuple with the Code field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetCode
+
+`func (o *SubmitSelfServiceRecoveryFlowBody) SetCode(v string)`
+
+SetCode sets Code field to given value.
+
+### HasCode
+
+`func (o *SubmitSelfServiceRecoveryFlowBody) HasCode() bool`
+
+HasCode returns a boolean if a field has been set.
+
 
 [[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
 
diff --git a/internal/httpclient/docs/SubmitSelfServiceRecoveryFlowWithCodeMethodBody.md b/internal/httpclient/docs/SubmitSelfServiceRecoveryFlowWithCodeMethodBody.md
new file mode 100644
index 000000000000..d13d7de7209e
--- /dev/null
+++ b/internal/httpclient/docs/SubmitSelfServiceRecoveryFlowWithCodeMethodBody.md
@@ -0,0 +1,129 @@
+# SubmitSelfServiceRecoveryFlowWithCodeMethodBody
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Code** | Pointer to **string** | Code from recovery email  Sent to the user once a recovery has been initiated and is used to prove that the user is in possession of the email | [optional] 
+**CsrfToken** | Pointer to **string** | Sending the anti-csrf token is only required for browser login flows. | [optional] 
+**Email** | Pointer to **string** | Email to Recover  Needs to be set when initiating the flow. If the email is a registered recovery email, a recovery link will be sent. If the email is not known, a email with details on what happened will be sent instead.  format: email | [optional] 
+**Method** | **string** | Method supports `link` and `code` only right now. | 
+
+## Methods
+
+### NewSubmitSelfServiceRecoveryFlowWithCodeMethodBody
+
+`func NewSubmitSelfServiceRecoveryFlowWithCodeMethodBody(method string, ) *SubmitSelfServiceRecoveryFlowWithCodeMethodBody`
+
+NewSubmitSelfServiceRecoveryFlowWithCodeMethodBody instantiates a new SubmitSelfServiceRecoveryFlowWithCodeMethodBody object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewSubmitSelfServiceRecoveryFlowWithCodeMethodBodyWithDefaults
+
+`func NewSubmitSelfServiceRecoveryFlowWithCodeMethodBodyWithDefaults() *SubmitSelfServiceRecoveryFlowWithCodeMethodBody`
+
+NewSubmitSelfServiceRecoveryFlowWithCodeMethodBodyWithDefaults instantiates a new SubmitSelfServiceRecoveryFlowWithCodeMethodBody object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetCode
+
+`func (o *SubmitSelfServiceRecoveryFlowWithCodeMethodBody) GetCode() string`
+
+GetCode returns the Code field if non-nil, zero value otherwise.
+
+### GetCodeOk
+
+`func (o *SubmitSelfServiceRecoveryFlowWithCodeMethodBody) GetCodeOk() (*string, bool)`
+
+GetCodeOk returns a tuple with the Code field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetCode
+
+`func (o *SubmitSelfServiceRecoveryFlowWithCodeMethodBody) SetCode(v string)`
+
+SetCode sets Code field to given value.
+
+### HasCode
+
+`func (o *SubmitSelfServiceRecoveryFlowWithCodeMethodBody) HasCode() bool`
+
+HasCode returns a boolean if a field has been set.
+
+### GetCsrfToken
+
+`func (o *SubmitSelfServiceRecoveryFlowWithCodeMethodBody) GetCsrfToken() string`
+
+GetCsrfToken returns the CsrfToken field if non-nil, zero value otherwise.
+
+### GetCsrfTokenOk
+
+`func (o *SubmitSelfServiceRecoveryFlowWithCodeMethodBody) GetCsrfTokenOk() (*string, bool)`
+
+GetCsrfTokenOk returns a tuple with the CsrfToken field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetCsrfToken
+
+`func (o *SubmitSelfServiceRecoveryFlowWithCodeMethodBody) SetCsrfToken(v string)`
+
+SetCsrfToken sets CsrfToken field to given value.
+
+### HasCsrfToken
+
+`func (o *SubmitSelfServiceRecoveryFlowWithCodeMethodBody) HasCsrfToken() bool`
+
+HasCsrfToken returns a boolean if a field has been set.
+
+### GetEmail
+
+`func (o *SubmitSelfServiceRecoveryFlowWithCodeMethodBody) GetEmail() string`
+
+GetEmail returns the Email field if non-nil, zero value otherwise.
+
+### GetEmailOk
+
+`func (o *SubmitSelfServiceRecoveryFlowWithCodeMethodBody) GetEmailOk() (*string, bool)`
+
+GetEmailOk returns a tuple with the Email field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetEmail
+
+`func (o *SubmitSelfServiceRecoveryFlowWithCodeMethodBody) SetEmail(v string)`
+
+SetEmail sets Email field to given value.
+
+### HasEmail
+
+`func (o *SubmitSelfServiceRecoveryFlowWithCodeMethodBody) HasEmail() bool`
+
+HasEmail returns a boolean if a field has been set.
+
+### GetMethod
+
+`func (o *SubmitSelfServiceRecoveryFlowWithCodeMethodBody) GetMethod() string`
+
+GetMethod returns the Method field if non-nil, zero value otherwise.
+
+### GetMethodOk
+
+`func (o *SubmitSelfServiceRecoveryFlowWithCodeMethodBody) GetMethodOk() (*string, bool)`
+
+GetMethodOk returns a tuple with the Method field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetMethod
+
+`func (o *SubmitSelfServiceRecoveryFlowWithCodeMethodBody) SetMethod(v string)`
+
+SetMethod sets Method field to given value.
+
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/internal/httpclient/docs/UiNode.md b/internal/httpclient/docs/UiNode.md
index f37dca33cca3..83239f3ef154 100644
--- a/internal/httpclient/docs/UiNode.md
+++ b/internal/httpclient/docs/UiNode.md
@@ -5,7 +5,7 @@
 Name | Type | Description | Notes
 ------------ | ------------- | ------------- | -------------
 **Attributes** | [**UiNodeAttributes**](UiNodeAttributes.md) |  | 
-**Group** | **string** | Group specifies which group (e.g. password authenticator) this node belongs to. default DefaultGroup password PasswordGroup oidc OpenIDConnectGroup profile ProfileGroup link LinkGroup totp TOTPGroup lookup_secret LookupGroup webauthn WebAuthnGroup | 
+**Group** | **string** | Group specifies which group (e.g. password authenticator) this node belongs to. default DefaultGroup password PasswordGroup oidc OpenIDConnectGroup profile ProfileGroup link LinkGroup code CodeGroup totp TOTPGroup lookup_secret LookupGroup webauthn WebAuthnGroup | 
 **Messages** | [**[]UiText**](UiText.md) |  | 
 **Meta** | [**UiNodeMeta**](UiNodeMeta.md) |  | 
 **Type** | **string** | The node's type text Text input Input img Image a Anchor script Script | 
diff --git a/internal/httpclient/docs/V0alpha2Api.md b/internal/httpclient/docs/V0alpha2Api.md
index 5303d296ecf5..0ef013a78918 100644
--- a/internal/httpclient/docs/V0alpha2Api.md
+++ b/internal/httpclient/docs/V0alpha2Api.md
@@ -5,6 +5,7 @@ All URIs are relative to *http://localhost*
 Method | HTTP request | Description
 ------------- | ------------- | -------------
 [**AdminCreateIdentity**](V0alpha2Api.md#AdminCreateIdentity) | **Post** /admin/identities | Create an Identity
+[**AdminCreateSelfServiceRecoveryCode**](V0alpha2Api.md#AdminCreateSelfServiceRecoveryCode) | **Post** /admin/recovery/code | Create a Recovery Link
 [**AdminCreateSelfServiceRecoveryLink**](V0alpha2Api.md#AdminCreateSelfServiceRecoveryLink) | **Post** /admin/recovery/link | Create a Recovery Link
 [**AdminDeleteIdentity**](V0alpha2Api.md#AdminDeleteIdentity) | **Delete** /admin/identities/{id} | Delete an Identity
 [**AdminDeleteIdentitySessions**](V0alpha2Api.md#AdminDeleteIdentitySessions) | **Delete** /admin/identities/{id}/sessions | Calling this endpoint irrecoverably and permanently deletes and invalidates all sessions that belong to the given Identity.
@@ -115,6 +116,72 @@ Name | Type | Description  | Notes
 [[Back to README]](../README.md)
 
 
+## AdminCreateSelfServiceRecoveryCode
+
+> SelfServiceRecoveryCode AdminCreateSelfServiceRecoveryCode(ctx).AdminCreateSelfServiceRecoveryCodeBody(adminCreateSelfServiceRecoveryCodeBody).Execute()
+
+Create a Recovery Link
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    adminCreateSelfServiceRecoveryCodeBody := *openapiclient.NewAdminCreateSelfServiceRecoveryCodeBody("IdentityId_example") // AdminCreateSelfServiceRecoveryCodeBody |  (optional)
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.V0alpha2Api.AdminCreateSelfServiceRecoveryCode(context.Background()).AdminCreateSelfServiceRecoveryCodeBody(adminCreateSelfServiceRecoveryCodeBody).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `V0alpha2Api.AdminCreateSelfServiceRecoveryCode``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `AdminCreateSelfServiceRecoveryCode`: SelfServiceRecoveryCode
+    fmt.Fprintf(os.Stdout, "Response from `V0alpha2Api.AdminCreateSelfServiceRecoveryCode`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiAdminCreateSelfServiceRecoveryCodeRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+ **adminCreateSelfServiceRecoveryCodeBody** | [**AdminCreateSelfServiceRecoveryCodeBody**](AdminCreateSelfServiceRecoveryCodeBody.md) |  | 
+
+### Return type
+
+[**SelfServiceRecoveryCode**](SelfServiceRecoveryCode.md)
+
+### Authorization
+
+No authorization required
+
+### HTTP request headers
+
+- **Content-Type**: application/json
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
 ## AdminCreateSelfServiceRecoveryLink
 
 > SelfServiceRecoveryLink AdminCreateSelfServiceRecoveryLink(ctx).AdminCreateSelfServiceRecoveryLinkBody(adminCreateSelfServiceRecoveryLinkBody).Execute()
@@ -2581,7 +2648,7 @@ import (
 
 func main() {
     flow := "flow_example" // string | The Recovery Flow ID  The value for this parameter comes from `flow` URL Query parameter sent to your application (e.g. `/recovery?flow=abcde`).
-    submitSelfServiceRecoveryFlowBody := openapiclient.submitSelfServiceRecoveryFlowBody{SubmitSelfServiceRecoveryFlowWithLinkMethodBody: openapiclient.NewSubmitSelfServiceRecoveryFlowWithLinkMethodBody("Email_example", "Method_example")} // SubmitSelfServiceRecoveryFlowBody | 
+    submitSelfServiceRecoveryFlowBody := openapiclient.submitSelfServiceRecoveryFlowBody{SubmitSelfServiceRecoveryFlowWithCodeMethodBody: openapiclient.NewSubmitSelfServiceRecoveryFlowWithCodeMethodBody("Method_example")} // SubmitSelfServiceRecoveryFlowBody | 
     token := "token_example" // string | Recovery Token  The recovery token which completes the recovery request. If the token is invalid (e.g. expired) an error will be shown to the end-user.  This parameter is usually set in a link and not used by any direct API call. (optional)
     cookie := "cookie_example" // string | HTTP Cookies  When using the SDK in a browser app, on the server side you must include the HTTP Cookie Header sent by the client to your server here. This ensures that CSRF and session cookies are respected. (optional)
 
diff --git a/internal/httpclient/model_admin_create_self_service_recovery_code_body.go b/internal/httpclient/model_admin_create_self_service_recovery_code_body.go
new file mode 100644
index 000000000000..ed6ac0c17633
--- /dev/null
+++ b/internal/httpclient/model_admin_create_self_service_recovery_code_body.go
@@ -0,0 +1,145 @@
+/*
+ * Ory Kratos API
+ *
+ * Documentation for all public and administrative Ory Kratos APIs. Public and administrative APIs are exposed on different ports. Public APIs can face the public internet without any protection while administrative APIs should never be exposed without prior authorization. To protect the administative API port you should use something like Nginx, Ory Oathkeeper, or any other technology capable of authorizing incoming requests.
+ *
+ * API version: 1.0.0
+ * Contact: hi@ory.sh
+ */
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+
+package client
+
+import (
+	"encoding/json"
+)
+
+// AdminCreateSelfServiceRecoveryCodeBody struct for AdminCreateSelfServiceRecoveryCodeBody
+type AdminCreateSelfServiceRecoveryCodeBody struct {
+	// Code Expires In  The recovery code will expire at that point in time. Defaults to the configuration value of `selfservice.flows.recovery.request_lifespan`.
+	ExpiresIn *string `json:"expires_in,omitempty"`
+	// Identity to Recover  The identity's ID you wish to recover.
+	IdentityId string `json:"identity_id"`
+}
+
+// NewAdminCreateSelfServiceRecoveryCodeBody instantiates a new AdminCreateSelfServiceRecoveryCodeBody object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewAdminCreateSelfServiceRecoveryCodeBody(identityId string) *AdminCreateSelfServiceRecoveryCodeBody {
+	this := AdminCreateSelfServiceRecoveryCodeBody{}
+	this.IdentityId = identityId
+	return &this
+}
+
+// NewAdminCreateSelfServiceRecoveryCodeBodyWithDefaults instantiates a new AdminCreateSelfServiceRecoveryCodeBody object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewAdminCreateSelfServiceRecoveryCodeBodyWithDefaults() *AdminCreateSelfServiceRecoveryCodeBody {
+	this := AdminCreateSelfServiceRecoveryCodeBody{}
+	return &this
+}
+
+// GetExpiresIn returns the ExpiresIn field value if set, zero value otherwise.
+func (o *AdminCreateSelfServiceRecoveryCodeBody) GetExpiresIn() string {
+	if o == nil || o.ExpiresIn == nil {
+		var ret string
+		return ret
+	}
+	return *o.ExpiresIn
+}
+
+// GetExpiresInOk returns a tuple with the ExpiresIn field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *AdminCreateSelfServiceRecoveryCodeBody) GetExpiresInOk() (*string, bool) {
+	if o == nil || o.ExpiresIn == nil {
+		return nil, false
+	}
+	return o.ExpiresIn, true
+}
+
+// HasExpiresIn returns a boolean if a field has been set.
+func (o *AdminCreateSelfServiceRecoveryCodeBody) HasExpiresIn() bool {
+	if o != nil && o.ExpiresIn != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetExpiresIn gets a reference to the given string and assigns it to the ExpiresIn field.
+func (o *AdminCreateSelfServiceRecoveryCodeBody) SetExpiresIn(v string) {
+	o.ExpiresIn = &v
+}
+
+// GetIdentityId returns the IdentityId field value
+func (o *AdminCreateSelfServiceRecoveryCodeBody) GetIdentityId() string {
+	if o == nil {
+		var ret string
+		return ret
+	}
+
+	return o.IdentityId
+}
+
+// GetIdentityIdOk returns a tuple with the IdentityId field value
+// and a boolean to check if the value has been set.
+func (o *AdminCreateSelfServiceRecoveryCodeBody) GetIdentityIdOk() (*string, bool) {
+	if o == nil {
+		return nil, false
+	}
+	return &o.IdentityId, true
+}
+
+// SetIdentityId sets field value
+func (o *AdminCreateSelfServiceRecoveryCodeBody) SetIdentityId(v string) {
+	o.IdentityId = v
+}
+
+func (o AdminCreateSelfServiceRecoveryCodeBody) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.ExpiresIn != nil {
+		toSerialize["expires_in"] = o.ExpiresIn
+	}
+	if true {
+		toSerialize["identity_id"] = o.IdentityId
+	}
+	return json.Marshal(toSerialize)
+}
+
+type NullableAdminCreateSelfServiceRecoveryCodeBody struct {
+	value *AdminCreateSelfServiceRecoveryCodeBody
+	isSet bool
+}
+
+func (v NullableAdminCreateSelfServiceRecoveryCodeBody) Get() *AdminCreateSelfServiceRecoveryCodeBody {
+	return v.value
+}
+
+func (v *NullableAdminCreateSelfServiceRecoveryCodeBody) Set(val *AdminCreateSelfServiceRecoveryCodeBody) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableAdminCreateSelfServiceRecoveryCodeBody) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableAdminCreateSelfServiceRecoveryCodeBody) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableAdminCreateSelfServiceRecoveryCodeBody(val *AdminCreateSelfServiceRecoveryCodeBody) *NullableAdminCreateSelfServiceRecoveryCodeBody {
+	return &NullableAdminCreateSelfServiceRecoveryCodeBody{value: val, isSet: true}
+}
+
+func (v NullableAdminCreateSelfServiceRecoveryCodeBody) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableAdminCreateSelfServiceRecoveryCodeBody) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/internal/httpclient/model_self_service_recovery_code.go b/internal/httpclient/model_self_service_recovery_code.go
new file mode 100644
index 000000000000..e268a334f997
--- /dev/null
+++ b/internal/httpclient/model_self_service_recovery_code.go
@@ -0,0 +1,176 @@
+/*
+ * Ory Kratos API
+ *
+ * Documentation for all public and administrative Ory Kratos APIs. Public and administrative APIs are exposed on different ports. Public APIs can face the public internet without any protection while administrative APIs should never be exposed without prior authorization. To protect the administative API port you should use something like Nginx, Ory Oathkeeper, or any other technology capable of authorizing incoming requests.
+ *
+ * API version: 1.0.0
+ * Contact: hi@ory.sh
+ */
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+
+package client
+
+import (
+	"encoding/json"
+	"time"
+)
+
+// SelfServiceRecoveryCode struct for SelfServiceRecoveryCode
+type SelfServiceRecoveryCode struct {
+	// Expires At is the timestamp of when the recovery flow expires  The timestamp when the recovery link expires.
+	ExpiresAt *time.Time `json:"expires_at,omitempty"`
+	// RecoveryCode is the code that can be used to recover the account
+	RecoveryCode string `json:"recovery_code"`
+	// RecoveryLink with flow  This link opens the recovery UI with an empty `code` field.
+	RecoveryLink string `json:"recovery_link"`
+}
+
+// NewSelfServiceRecoveryCode instantiates a new SelfServiceRecoveryCode object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewSelfServiceRecoveryCode(recoveryCode string, recoveryLink string) *SelfServiceRecoveryCode {
+	this := SelfServiceRecoveryCode{}
+	this.RecoveryCode = recoveryCode
+	this.RecoveryLink = recoveryLink
+	return &this
+}
+
+// NewSelfServiceRecoveryCodeWithDefaults instantiates a new SelfServiceRecoveryCode object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewSelfServiceRecoveryCodeWithDefaults() *SelfServiceRecoveryCode {
+	this := SelfServiceRecoveryCode{}
+	return &this
+}
+
+// GetExpiresAt returns the ExpiresAt field value if set, zero value otherwise.
+func (o *SelfServiceRecoveryCode) GetExpiresAt() time.Time {
+	if o == nil || o.ExpiresAt == nil {
+		var ret time.Time
+		return ret
+	}
+	return *o.ExpiresAt
+}
+
+// GetExpiresAtOk returns a tuple with the ExpiresAt field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *SelfServiceRecoveryCode) GetExpiresAtOk() (*time.Time, bool) {
+	if o == nil || o.ExpiresAt == nil {
+		return nil, false
+	}
+	return o.ExpiresAt, true
+}
+
+// HasExpiresAt returns a boolean if a field has been set.
+func (o *SelfServiceRecoveryCode) HasExpiresAt() bool {
+	if o != nil && o.ExpiresAt != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetExpiresAt gets a reference to the given time.Time and assigns it to the ExpiresAt field.
+func (o *SelfServiceRecoveryCode) SetExpiresAt(v time.Time) {
+	o.ExpiresAt = &v
+}
+
+// GetRecoveryCode returns the RecoveryCode field value
+func (o *SelfServiceRecoveryCode) GetRecoveryCode() string {
+	if o == nil {
+		var ret string
+		return ret
+	}
+
+	return o.RecoveryCode
+}
+
+// GetRecoveryCodeOk returns a tuple with the RecoveryCode field value
+// and a boolean to check if the value has been set.
+func (o *SelfServiceRecoveryCode) GetRecoveryCodeOk() (*string, bool) {
+	if o == nil {
+		return nil, false
+	}
+	return &o.RecoveryCode, true
+}
+
+// SetRecoveryCode sets field value
+func (o *SelfServiceRecoveryCode) SetRecoveryCode(v string) {
+	o.RecoveryCode = v
+}
+
+// GetRecoveryLink returns the RecoveryLink field value
+func (o *SelfServiceRecoveryCode) GetRecoveryLink() string {
+	if o == nil {
+		var ret string
+		return ret
+	}
+
+	return o.RecoveryLink
+}
+
+// GetRecoveryLinkOk returns a tuple with the RecoveryLink field value
+// and a boolean to check if the value has been set.
+func (o *SelfServiceRecoveryCode) GetRecoveryLinkOk() (*string, bool) {
+	if o == nil {
+		return nil, false
+	}
+	return &o.RecoveryLink, true
+}
+
+// SetRecoveryLink sets field value
+func (o *SelfServiceRecoveryCode) SetRecoveryLink(v string) {
+	o.RecoveryLink = v
+}
+
+func (o SelfServiceRecoveryCode) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.ExpiresAt != nil {
+		toSerialize["expires_at"] = o.ExpiresAt
+	}
+	if true {
+		toSerialize["recovery_code"] = o.RecoveryCode
+	}
+	if true {
+		toSerialize["recovery_link"] = o.RecoveryLink
+	}
+	return json.Marshal(toSerialize)
+}
+
+type NullableSelfServiceRecoveryCode struct {
+	value *SelfServiceRecoveryCode
+	isSet bool
+}
+
+func (v NullableSelfServiceRecoveryCode) Get() *SelfServiceRecoveryCode {
+	return v.value
+}
+
+func (v *NullableSelfServiceRecoveryCode) Set(val *SelfServiceRecoveryCode) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableSelfServiceRecoveryCode) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableSelfServiceRecoveryCode) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableSelfServiceRecoveryCode(val *SelfServiceRecoveryCode) *NullableSelfServiceRecoveryCode {
+	return &NullableSelfServiceRecoveryCode{value: val, isSet: true}
+}
+
+func (v NullableSelfServiceRecoveryCode) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableSelfServiceRecoveryCode) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/internal/httpclient/model_self_service_recovery_flow.go b/internal/httpclient/model_self_service_recovery_flow.go
index e39e839f4893..951b20a14fd6 100644
--- a/internal/httpclient/model_self_service_recovery_flow.go
+++ b/internal/httpclient/model_self_service_recovery_flow.go
@@ -18,7 +18,7 @@ import (
 
 // SelfServiceRecoveryFlow This request is used when an identity wants to recover their account.  We recommend reading the [Account Recovery Documentation](../self-service/flows/password-reset-account-recovery)
 type SelfServiceRecoveryFlow struct {
-	// Active, if set, contains the registration method that is being used. It is initially not set.
+	// Active, if set, contains the recovery method that is being used. It is initially not set.
 	Active *string `json:"active,omitempty"`
 	// ExpiresAt is the time (UTC) when the request expires. If the user still wishes to update the setting, a new request has to be initiated.
 	ExpiresAt time.Time `json:"expires_at"`
diff --git a/internal/httpclient/model_submit_self_service_recovery_flow_body.go b/internal/httpclient/model_submit_self_service_recovery_flow_body.go
index d12ad9b4f96a..dad2287f6ad1 100644
--- a/internal/httpclient/model_submit_self_service_recovery_flow_body.go
+++ b/internal/httpclient/model_submit_self_service_recovery_flow_body.go
@@ -18,9 +18,17 @@ import (
 
 // SubmitSelfServiceRecoveryFlowBody - struct for SubmitSelfServiceRecoveryFlowBody
 type SubmitSelfServiceRecoveryFlowBody struct {
+	SubmitSelfServiceRecoveryFlowWithCodeMethodBody *SubmitSelfServiceRecoveryFlowWithCodeMethodBody
 	SubmitSelfServiceRecoveryFlowWithLinkMethodBody *SubmitSelfServiceRecoveryFlowWithLinkMethodBody
 }
 
+// SubmitSelfServiceRecoveryFlowWithCodeMethodBodyAsSubmitSelfServiceRecoveryFlowBody is a convenience function that returns SubmitSelfServiceRecoveryFlowWithCodeMethodBody wrapped in SubmitSelfServiceRecoveryFlowBody
+func SubmitSelfServiceRecoveryFlowWithCodeMethodBodyAsSubmitSelfServiceRecoveryFlowBody(v *SubmitSelfServiceRecoveryFlowWithCodeMethodBody) SubmitSelfServiceRecoveryFlowBody {
+	return SubmitSelfServiceRecoveryFlowBody{
+		SubmitSelfServiceRecoveryFlowWithCodeMethodBody: v,
+	}
+}
+
 // SubmitSelfServiceRecoveryFlowWithLinkMethodBodyAsSubmitSelfServiceRecoveryFlowBody is a convenience function that returns SubmitSelfServiceRecoveryFlowWithLinkMethodBody wrapped in SubmitSelfServiceRecoveryFlowBody
 func SubmitSelfServiceRecoveryFlowWithLinkMethodBodyAsSubmitSelfServiceRecoveryFlowBody(v *SubmitSelfServiceRecoveryFlowWithLinkMethodBody) SubmitSelfServiceRecoveryFlowBody {
 	return SubmitSelfServiceRecoveryFlowBody{
@@ -32,6 +40,19 @@ func SubmitSelfServiceRecoveryFlowWithLinkMethodBodyAsSubmitSelfServiceRecoveryF
 func (dst *SubmitSelfServiceRecoveryFlowBody) UnmarshalJSON(data []byte) error {
 	var err error
 	match := 0
+	// try to unmarshal data into SubmitSelfServiceRecoveryFlowWithCodeMethodBody
+	err = newStrictDecoder(data).Decode(&dst.SubmitSelfServiceRecoveryFlowWithCodeMethodBody)
+	if err == nil {
+		jsonSubmitSelfServiceRecoveryFlowWithCodeMethodBody, _ := json.Marshal(dst.SubmitSelfServiceRecoveryFlowWithCodeMethodBody)
+		if string(jsonSubmitSelfServiceRecoveryFlowWithCodeMethodBody) == "{}" { // empty struct
+			dst.SubmitSelfServiceRecoveryFlowWithCodeMethodBody = nil
+		} else {
+			match++
+		}
+	} else {
+		dst.SubmitSelfServiceRecoveryFlowWithCodeMethodBody = nil
+	}
+
 	// try to unmarshal data into SubmitSelfServiceRecoveryFlowWithLinkMethodBody
 	err = newStrictDecoder(data).Decode(&dst.SubmitSelfServiceRecoveryFlowWithLinkMethodBody)
 	if err == nil {
@@ -47,6 +68,7 @@ func (dst *SubmitSelfServiceRecoveryFlowBody) UnmarshalJSON(data []byte) error {
 
 	if match > 1 { // more than 1 match
 		// reset to nil
+		dst.SubmitSelfServiceRecoveryFlowWithCodeMethodBody = nil
 		dst.SubmitSelfServiceRecoveryFlowWithLinkMethodBody = nil
 
 		return fmt.Errorf("Data matches more than one schema in oneOf(SubmitSelfServiceRecoveryFlowBody)")
@@ -59,6 +81,10 @@ func (dst *SubmitSelfServiceRecoveryFlowBody) UnmarshalJSON(data []byte) error {
 
 // Marshal data from the first non-nil pointers in the struct to JSON
 func (src SubmitSelfServiceRecoveryFlowBody) MarshalJSON() ([]byte, error) {
+	if src.SubmitSelfServiceRecoveryFlowWithCodeMethodBody != nil {
+		return json.Marshal(&src.SubmitSelfServiceRecoveryFlowWithCodeMethodBody)
+	}
+
 	if src.SubmitSelfServiceRecoveryFlowWithLinkMethodBody != nil {
 		return json.Marshal(&src.SubmitSelfServiceRecoveryFlowWithLinkMethodBody)
 	}
@@ -71,6 +97,10 @@ func (obj *SubmitSelfServiceRecoveryFlowBody) GetActualInstance() interface{} {
 	if obj == nil {
 		return nil
 	}
+	if obj.SubmitSelfServiceRecoveryFlowWithCodeMethodBody != nil {
+		return obj.SubmitSelfServiceRecoveryFlowWithCodeMethodBody
+	}
+
 	if obj.SubmitSelfServiceRecoveryFlowWithLinkMethodBody != nil {
 		return obj.SubmitSelfServiceRecoveryFlowWithLinkMethodBody
 	}
diff --git a/internal/httpclient/model_submit_self_service_recovery_flow_with_code_method_body.go b/internal/httpclient/model_submit_self_service_recovery_flow_with_code_method_body.go
new file mode 100644
index 000000000000..ca4ec4aa7f2d
--- /dev/null
+++ b/internal/httpclient/model_submit_self_service_recovery_flow_with_code_method_body.go
@@ -0,0 +1,219 @@
+/*
+ * Ory Kratos API
+ *
+ * Documentation for all public and administrative Ory Kratos APIs. Public and administrative APIs are exposed on different ports. Public APIs can face the public internet without any protection while administrative APIs should never be exposed without prior authorization. To protect the administative API port you should use something like Nginx, Ory Oathkeeper, or any other technology capable of authorizing incoming requests.
+ *
+ * API version: 1.0.0
+ * Contact: hi@ory.sh
+ */
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+
+package client
+
+import (
+	"encoding/json"
+)
+
+// SubmitSelfServiceRecoveryFlowWithCodeMethodBody struct for SubmitSelfServiceRecoveryFlowWithCodeMethodBody
+type SubmitSelfServiceRecoveryFlowWithCodeMethodBody struct {
+	// Code from recovery email  Sent to the user once a recovery has been initiated and is used to prove that the user is in possession of the email
+	Code *string `json:"code,omitempty"`
+	// Sending the anti-csrf token is only required for browser login flows.
+	CsrfToken *string `json:"csrf_token,omitempty"`
+	// Email to Recover  Needs to be set when initiating the flow. If the email is a registered recovery email, a recovery link will be sent. If the email is not known, a email with details on what happened will be sent instead.  format: email
+	Email *string `json:"email,omitempty"`
+	// Method supports `link` and `code` only right now.
+	Method string `json:"method"`
+}
+
+// NewSubmitSelfServiceRecoveryFlowWithCodeMethodBody instantiates a new SubmitSelfServiceRecoveryFlowWithCodeMethodBody object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewSubmitSelfServiceRecoveryFlowWithCodeMethodBody(method string) *SubmitSelfServiceRecoveryFlowWithCodeMethodBody {
+	this := SubmitSelfServiceRecoveryFlowWithCodeMethodBody{}
+	this.Method = method
+	return &this
+}
+
+// NewSubmitSelfServiceRecoveryFlowWithCodeMethodBodyWithDefaults instantiates a new SubmitSelfServiceRecoveryFlowWithCodeMethodBody object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewSubmitSelfServiceRecoveryFlowWithCodeMethodBodyWithDefaults() *SubmitSelfServiceRecoveryFlowWithCodeMethodBody {
+	this := SubmitSelfServiceRecoveryFlowWithCodeMethodBody{}
+	return &this
+}
+
+// GetCode returns the Code field value if set, zero value otherwise.
+func (o *SubmitSelfServiceRecoveryFlowWithCodeMethodBody) GetCode() string {
+	if o == nil || o.Code == nil {
+		var ret string
+		return ret
+	}
+	return *o.Code
+}
+
+// GetCodeOk returns a tuple with the Code field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *SubmitSelfServiceRecoveryFlowWithCodeMethodBody) GetCodeOk() (*string, bool) {
+	if o == nil || o.Code == nil {
+		return nil, false
+	}
+	return o.Code, true
+}
+
+// HasCode returns a boolean if a field has been set.
+func (o *SubmitSelfServiceRecoveryFlowWithCodeMethodBody) HasCode() bool {
+	if o != nil && o.Code != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetCode gets a reference to the given string and assigns it to the Code field.
+func (o *SubmitSelfServiceRecoveryFlowWithCodeMethodBody) SetCode(v string) {
+	o.Code = &v
+}
+
+// GetCsrfToken returns the CsrfToken field value if set, zero value otherwise.
+func (o *SubmitSelfServiceRecoveryFlowWithCodeMethodBody) GetCsrfToken() string {
+	if o == nil || o.CsrfToken == nil {
+		var ret string
+		return ret
+	}
+	return *o.CsrfToken
+}
+
+// GetCsrfTokenOk returns a tuple with the CsrfToken field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *SubmitSelfServiceRecoveryFlowWithCodeMethodBody) GetCsrfTokenOk() (*string, bool) {
+	if o == nil || o.CsrfToken == nil {
+		return nil, false
+	}
+	return o.CsrfToken, true
+}
+
+// HasCsrfToken returns a boolean if a field has been set.
+func (o *SubmitSelfServiceRecoveryFlowWithCodeMethodBody) HasCsrfToken() bool {
+	if o != nil && o.CsrfToken != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetCsrfToken gets a reference to the given string and assigns it to the CsrfToken field.
+func (o *SubmitSelfServiceRecoveryFlowWithCodeMethodBody) SetCsrfToken(v string) {
+	o.CsrfToken = &v
+}
+
+// GetEmail returns the Email field value if set, zero value otherwise.
+func (o *SubmitSelfServiceRecoveryFlowWithCodeMethodBody) GetEmail() string {
+	if o == nil || o.Email == nil {
+		var ret string
+		return ret
+	}
+	return *o.Email
+}
+
+// GetEmailOk returns a tuple with the Email field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *SubmitSelfServiceRecoveryFlowWithCodeMethodBody) GetEmailOk() (*string, bool) {
+	if o == nil || o.Email == nil {
+		return nil, false
+	}
+	return o.Email, true
+}
+
+// HasEmail returns a boolean if a field has been set.
+func (o *SubmitSelfServiceRecoveryFlowWithCodeMethodBody) HasEmail() bool {
+	if o != nil && o.Email != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetEmail gets a reference to the given string and assigns it to the Email field.
+func (o *SubmitSelfServiceRecoveryFlowWithCodeMethodBody) SetEmail(v string) {
+	o.Email = &v
+}
+
+// GetMethod returns the Method field value
+func (o *SubmitSelfServiceRecoveryFlowWithCodeMethodBody) GetMethod() string {
+	if o == nil {
+		var ret string
+		return ret
+	}
+
+	return o.Method
+}
+
+// GetMethodOk returns a tuple with the Method field value
+// and a boolean to check if the value has been set.
+func (o *SubmitSelfServiceRecoveryFlowWithCodeMethodBody) GetMethodOk() (*string, bool) {
+	if o == nil {
+		return nil, false
+	}
+	return &o.Method, true
+}
+
+// SetMethod sets field value
+func (o *SubmitSelfServiceRecoveryFlowWithCodeMethodBody) SetMethod(v string) {
+	o.Method = v
+}
+
+func (o SubmitSelfServiceRecoveryFlowWithCodeMethodBody) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Code != nil {
+		toSerialize["code"] = o.Code
+	}
+	if o.CsrfToken != nil {
+		toSerialize["csrf_token"] = o.CsrfToken
+	}
+	if o.Email != nil {
+		toSerialize["email"] = o.Email
+	}
+	if true {
+		toSerialize["method"] = o.Method
+	}
+	return json.Marshal(toSerialize)
+}
+
+type NullableSubmitSelfServiceRecoveryFlowWithCodeMethodBody struct {
+	value *SubmitSelfServiceRecoveryFlowWithCodeMethodBody
+	isSet bool
+}
+
+func (v NullableSubmitSelfServiceRecoveryFlowWithCodeMethodBody) Get() *SubmitSelfServiceRecoveryFlowWithCodeMethodBody {
+	return v.value
+}
+
+func (v *NullableSubmitSelfServiceRecoveryFlowWithCodeMethodBody) Set(val *SubmitSelfServiceRecoveryFlowWithCodeMethodBody) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableSubmitSelfServiceRecoveryFlowWithCodeMethodBody) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableSubmitSelfServiceRecoveryFlowWithCodeMethodBody) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableSubmitSelfServiceRecoveryFlowWithCodeMethodBody(val *SubmitSelfServiceRecoveryFlowWithCodeMethodBody) *NullableSubmitSelfServiceRecoveryFlowWithCodeMethodBody {
+	return &NullableSubmitSelfServiceRecoveryFlowWithCodeMethodBody{value: val, isSet: true}
+}
+
+func (v NullableSubmitSelfServiceRecoveryFlowWithCodeMethodBody) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableSubmitSelfServiceRecoveryFlowWithCodeMethodBody) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/internal/httpclient/model_ui_node.go b/internal/httpclient/model_ui_node.go
index 4fa9c7d03905..fdd61560d93f 100644
--- a/internal/httpclient/model_ui_node.go
+++ b/internal/httpclient/model_ui_node.go
@@ -18,7 +18,7 @@ import (
 // UiNode Nodes are represented as HTML elements or their native UI equivalents. For example, a node can be an `` tag, or an `` but also `some plain text`.
 type UiNode struct {
 	Attributes UiNodeAttributes `json:"attributes"`
-	// Group specifies which group (e.g. password authenticator) this node belongs to. default DefaultGroup password PasswordGroup oidc OpenIDConnectGroup profile ProfileGroup link LinkGroup totp TOTPGroup lookup_secret LookupGroup webauthn WebAuthnGroup
+	// Group specifies which group (e.g. password authenticator) this node belongs to. default DefaultGroup password PasswordGroup oidc OpenIDConnectGroup profile ProfileGroup link LinkGroup code CodeGroup totp TOTPGroup lookup_secret LookupGroup webauthn WebAuthnGroup
 	Group    string     `json:"group"`
 	Messages []UiText   `json:"messages"`
 	Meta     UiNodeMeta `json:"meta"`
diff --git a/internal/testhelpers/courier.go b/internal/testhelpers/courier.go
index 0d6b2eccffa4..0996c25a374e 100644
--- a/internal/testhelpers/courier.go
+++ b/internal/testhelpers/courier.go
@@ -26,10 +26,20 @@ func CourierExpectMessage(t *testing.T, reg interface {
 
 func CourierExpectLinkInMessage(t *testing.T, message *courier.Message, offset int) string {
 	if offset == 0 {
-		offset++
+		offset = 1
 	}
 	match := regexp.MustCompile(`(http[^\s]+)`).FindStringSubmatch(message.Body)
 	require.Len(t, match, offset*2)
 
 	return match[offset]
 }
+
+func CourierExpectCodeInMessage(t *testing.T, message *courier.Message, offset int) string {
+	if offset == 0 {
+		offset = 1
+	}
+	match := regexp.MustCompile(`(\d{8})`).FindStringSubmatch(message.Body)
+	require.Len(t, match, offset*2)
+
+	return match[offset]
+}
diff --git a/internal/testhelpers/selfservice_verification.go b/internal/testhelpers/selfservice_verification.go
index c204a0b10598..9d4b56a8f78b 100644
--- a/internal/testhelpers/selfservice_verification.go
+++ b/internal/testhelpers/selfservice_verification.go
@@ -20,6 +20,7 @@ import (
 
 	"github.com/ory/kratos/driver"
 	"github.com/ory/kratos/driver/config"
+	"github.com/ory/kratos/selfservice/flow"
 	"github.com/ory/kratos/selfservice/flow/recovery"
 	"github.com/ory/kratos/x"
 )
@@ -43,9 +44,15 @@ func GetRecoveryFlow(t *testing.T, client *http.Client, ts *httptest.Server) *kr
 	require.NoError(t, err)
 	require.NoError(t, res.Body.Close())
 
-	rs, _, err := publicClient.V0alpha2Api.GetSelfServiceRecoveryFlow(context.Background()).Id(res.Request.URL.Query().Get("flow")).Execute()
-	require.NoError(t, err, "%s", res.Request.URL.String())
-	assert.Empty(t, rs.Active)
+	flowID := res.Request.URL.Query().Get("flow")
+	assert.NotEmpty(t, flowID, "expected to receive a flow id, got none")
+
+	rs, _, err := publicClient.V0alpha2Api.
+		GetSelfServiceRecoveryFlow(context.Background()).
+		Id(flowID).
+		Execute()
+	assert.NotEmpty(t, rs.Active)
+	require.NoError(t, err, "expected no error when fetching recovery flow: %s", err)
 
 	return rs
 }
@@ -77,7 +84,7 @@ func InitializeRecoveryFlowViaBrowser(t *testing.T, client *http.Client, isSPA b
 	require.NoError(t, res.Body.Close())
 	rs, _, err := publicClient.V0alpha2Api.GetSelfServiceRecoveryFlow(context.Background()).Id(res.Request.URL.Query().Get("flow")).Execute()
 	require.NoError(t, err)
-	assert.Empty(t, rs.Active)
+	assert.NotEmpty(t, rs.Active)
 
 	return rs
 }
@@ -87,7 +94,7 @@ func InitializeRecoveryFlowViaAPI(t *testing.T, client *http.Client, ts *httptes
 
 	rs, _, err := publicClient.V0alpha2Api.InitializeSelfServiceRecoveryFlowWithoutBrowser(context.Background()).Execute()
 	require.NoError(t, err)
-	assert.Empty(t, rs.Active)
+	assert.NotEmpty(t, rs.Active)
 
 	return rs
 }
@@ -139,3 +146,14 @@ func SubmitRecoveryForm(
 
 	return b
 }
+
+func PersistNewRecoveryFlow(t *testing.T, strategy recovery.Strategy, conf *config.Config, reg *driver.RegistryDefault) *recovery.Flow {
+	t.Helper()
+	req := x.NewTestHTTPRequest(t, "GET", conf.SelfPublicURL(context.Background()).String()+"/test", nil)
+	f, err := recovery.NewFlow(conf, conf.SelfServiceFlowRecoveryRequestLifespan(context.Background()), reg.GenerateCSRFToken(req), req, strategy, flow.TypeBrowser)
+	require.NoError(t, err, "Expected no error when creating a new recovery flow: %s", err)
+
+	err = reg.RecoveryFlowPersister().CreateRecoveryFlow(context.Background(), f)
+	require.NoError(t, err, "Expected no error when persisting a new recover flow: %s", err)
+	return f
+}
diff --git a/internal/testhelpers/session.go b/internal/testhelpers/session.go
index 81657463d305..b9282e573316 100644
--- a/internal/testhelpers/session.go
+++ b/internal/testhelpers/session.go
@@ -217,3 +217,11 @@ func EnsureAAL(t *testing.T, c *http.Client, ts *httptest.Server, aal string, me
 	}
 	assert.Len(t, gjson.GetBytes(sess, "authentication_methods").Array(), 1+len(methods))
 }
+
+func NewAuthorizedTransport(t *testing.T, reg *driver.RegistryDefault, sess *session.Session) *x.TransportWithHeader {
+	maybePersistSession(t, reg, sess)
+
+	return x.NewTransportWithHeader(http.Header{
+		"Authorization": {"Bearer " + sess.Token},
+	})
+}
diff --git a/persistence/reference.go b/persistence/reference.go
index b17b7e15d1dd..336d89ee218f 100644
--- a/persistence/reference.go
+++ b/persistence/reference.go
@@ -21,6 +21,7 @@ import (
 	"github.com/ory/kratos/selfservice/flow/registration"
 	"github.com/ory/kratos/selfservice/flow/settings"
 	"github.com/ory/kratos/selfservice/flow/verification"
+	"github.com/ory/kratos/selfservice/strategy/code"
 	"github.com/ory/kratos/selfservice/strategy/link"
 	"github.com/ory/kratos/session"
 )
@@ -43,6 +44,7 @@ type Persister interface {
 	recovery.FlowPersister
 	link.RecoveryTokenPersister
 	link.VerificationTokenPersister
+	code.RecoveryCodePersister
 
 	CleanupDatabase(context.Context, time.Duration, time.Duration, int) error
 	Close(context.Context) error
diff --git a/persistence/sql/migratest/fixtures/recovery_code/8f75f5d9-9cb4-4848-9a73-9344f686f8a6.json b/persistence/sql/migratest/fixtures/recovery_code/8f75f5d9-9cb4-4848-9a73-9344f686f8a6.json
new file mode 100644
index 000000000000..0c2de8150a4b
--- /dev/null
+++ b/persistence/sql/migratest/fixtures/recovery_code/8f75f5d9-9cb4-4848-9a73-9344f686f8a6.json
@@ -0,0 +1,7 @@
+{
+  "id": "8f75f5d9-9cb4-4848-9a73-9344f686f8a6",
+  "recovery_address": null,
+  "expires_at": "2022-08-18T08:28:18Z",
+  "issued_at": "2022-08-18T07:28:18Z",
+  "identity_id": "308929d3-41a2-43fe-a33c-75308539d841"
+}
diff --git a/persistence/sql/migratest/migration_test.go b/persistence/sql/migratest/migration_test.go
index 8a27375f2c02..8e3c1350664c 100644
--- a/persistence/sql/migratest/migration_test.go
+++ b/persistence/sql/migratest/migration_test.go
@@ -36,6 +36,7 @@ import (
 	"github.com/ory/kratos/selfservice/flow/registration"
 	"github.com/ory/kratos/selfservice/flow/settings"
 	"github.com/ory/kratos/selfservice/flow/verification"
+	"github.com/ory/kratos/selfservice/strategy/code"
 	"github.com/ory/kratos/selfservice/strategy/link"
 	"github.com/ory/kratos/session"
 	"github.com/ory/kratos/x"
@@ -287,6 +288,19 @@ func TestMigrations(t *testing.T) {
 					migratest.ContainsExpectedIds(t, filepath.Join("fixtures", "recovery_token"), found)
 				})
 
+				t.Run("case=recovery_code", func(t *testing.T) {
+					var ids []code.RecoveryCode
+					require.NoError(t, c.All(&ids))
+					require.NotEmpty(t, ids)
+
+					var found []string
+					for _, id := range ids {
+						found = append(found, id.ID.String())
+						CompareWithFixture(t, id, "recovery_code", id.ID.String())
+					}
+					migratest.ContainsExpectedIds(t, filepath.Join("fixtures", "recovery_code"), found)
+				})
+
 				t.Run("suite=constraints", func(t *testing.T) {
 					sr, err := d.SettingsFlowPersister().GetSettingsFlow(context.Background(), x.ParseUUID("a79bfcf1-68ae-49de-8b23-4f96921b8341"))
 					require.NoError(t, err)
diff --git a/persistence/sql/migratest/testdata/20220929124401_testdata.sql b/persistence/sql/migratest/testdata/20220929124401_testdata.sql
new file mode 100644
index 000000000000..8a73a98f4bb2
--- /dev/null
+++ b/persistence/sql/migratest/testdata/20220929124401_testdata.sql
@@ -0,0 +1,14 @@
+INSERT INTO identity_recovery_codes (id, code, used_at, identity_recovery_address_id, code_type, expires_at, issued_at, selfservice_recovery_flow_id, created_at, updated_at, nid, identity_id) VALUES (
+    '8f75f5d9-9cb4-4848-9a73-9344f686f8a6',
+    '7eb71370d8497734ec78dfe613bf0f08967e206d2b5c2fc1243be823cfcd57a7',
+    null,
+    'b8293f1c-010f-45d9-b809-f3fc5365ba80',
+    1,
+    '2022-08-18 08:28:18',
+    '2022-08-18 07:28:18',
+    '68fb4010-84a9-4d1e-9f92-2705978ee89e',
+    '2022-08-18 07:28:18',
+    '2022-08-18 07:28:18',
+    '884f556e-eb3a-4b9f-bee3-11345642c6c0',
+    '308929d3-41a2-43fe-a33c-75308539d841'
+)
\ No newline at end of file
diff --git a/persistence/sql/migrations/sql/20220901123209000000_recovery_code.down.sql b/persistence/sql/migrations/sql/20220901123209000000_recovery_code.down.sql
new file mode 100644
index 000000000000..f01e2223057a
--- /dev/null
+++ b/persistence/sql/migrations/sql/20220901123209000000_recovery_code.down.sql
@@ -0,0 +1,5 @@
+DROP TABLE identity_recovery_codes;
+
+ALTER TABLE selfservice_recovery_flows DROP submit_count;
+
+ALTER TABLE selfservice_recovery_flows DROP skip_csrf_check;
diff --git a/persistence/sql/migrations/sql/20220901123209000000_recovery_code.mysql.down.sql b/persistence/sql/migrations/sql/20220901123209000000_recovery_code.mysql.down.sql
new file mode 100644
index 000000000000..f01e2223057a
--- /dev/null
+++ b/persistence/sql/migrations/sql/20220901123209000000_recovery_code.mysql.down.sql
@@ -0,0 +1,5 @@
+DROP TABLE identity_recovery_codes;
+
+ALTER TABLE selfservice_recovery_flows DROP submit_count;
+
+ALTER TABLE selfservice_recovery_flows DROP skip_csrf_check;
diff --git a/persistence/sql/migrations/sql/20220901123209000000_recovery_code.mysql.up.sql b/persistence/sql/migrations/sql/20220901123209000000_recovery_code.mysql.up.sql
new file mode 100644
index 000000000000..d94117b2e7cb
--- /dev/null
+++ b/persistence/sql/migrations/sql/20220901123209000000_recovery_code.mysql.up.sql
@@ -0,0 +1,37 @@
+CREATE TABLE identity_recovery_codes
+(
+    id CHAR(36) NOT NULL PRIMARY KEY,
+    code VARCHAR (64) NOT NULL, -- HMACed value of the actual code
+    used_at timestamp NULL DEFAULT NULL,
+    identity_recovery_address_id CHAR(36),
+    code_type int NOT NULL,
+    expires_at timestamp NOT NULL DEFAULT '2000-01-01 00:00:00',
+    issued_at timestamp NOT NULL DEFAULT '2000-01-01 00:00:00',
+    selfservice_recovery_flow_id CHAR(36),
+    created_at timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,
+    updated_at timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,
+    nid CHAR(36) NOT NULL,
+    identity_id CHAR(36) NOT NULL,
+    CONSTRAINT identity_recovery_codes_identity_recovery_addresses_id_fk 
+        FOREIGN KEY (identity_recovery_address_id)
+        REFERENCES identity_recovery_addresses (id)
+        ON DELETE cascade,
+    CONSTRAINT identity_recovery_codes_selfservice_recovery_flows_id_fk 
+        FOREIGN KEY (selfservice_recovery_flow_id) 
+        REFERENCES selfservice_recovery_flows (id)
+        ON DELETE cascade,
+    CONSTRAINT identity_recovery_tokens_identity_id_fk 
+        FOREIGN KEY (identity_id) 
+        REFERENCES identities (id)
+        ON UPDATE RESTRICT ON DELETE CASCADE,
+    CONSTRAINT identity_recovery_codes_networks_id_fk
+        FOREIGN KEY (nid)
+        REFERENCES networks (id)
+        ON UPDATE RESTRICT ON DELETE CASCADE
+);
+
+CREATE INDEX identity_recovery_codes_nid_flow_id_idx ON identity_recovery_codes (nid, selfservice_recovery_flow_id);
+CREATE INDEX identity_recovery_codes_id_nid_idx ON identity_recovery_codes (id, nid);
+
+ALTER TABLE selfservice_recovery_flows ADD submit_count int NOT NULL DEFAULT 0;
+ALTER TABLE selfservice_recovery_flows ADD skip_csrf_check boolean NOT NULL DEFAULT FALSE;
diff --git a/persistence/sql/migrations/sql/20220901123209000000_recovery_code.up.sql b/persistence/sql/migrations/sql/20220901123209000000_recovery_code.up.sql
new file mode 100644
index 000000000000..4964d0a5ceb7
--- /dev/null
+++ b/persistence/sql/migrations/sql/20220901123209000000_recovery_code.up.sql
@@ -0,0 +1,37 @@
+CREATE TABLE identity_recovery_codes
+(
+    id UUID NOT NULL PRIMARY KEY,
+    code VARCHAR (64) NOT NULL, -- HMACed value of the actual code
+    used_at timestamp NULL DEFAULT NULL,
+    identity_recovery_address_id UUID,
+    code_type INT NOT NULL,
+    expires_at timestamp NOT NULL DEFAULT '2000-01-01 00:00:00',
+    issued_at timestamp NOT NULL DEFAULT '2000-01-01 00:00:00',
+    selfservice_recovery_flow_id UUID NOT NULL,
+    created_at timestamp NOT NULL,
+    updated_at timestamp NOT NULL,
+    nid UUID NOT NULL,
+    identity_id UUID NOT NULL,
+    CONSTRAINT identity_recovery_codes_identity_recovery_addresses_id_fk 
+        FOREIGN KEY (identity_recovery_address_id)
+        REFERENCES identity_recovery_addresses (id)
+        ON DELETE cascade,
+    CONSTRAINT identity_recovery_codes_selfservice_recovery_flows_id_fk 
+        FOREIGN KEY (selfservice_recovery_flow_id) 
+        REFERENCES selfservice_recovery_flows (id)
+        ON DELETE cascade,
+    CONSTRAINT identity_recovery_codes_identity_id_fk 
+        FOREIGN KEY (identity_id) 
+        REFERENCES identities (id)
+        ON UPDATE RESTRICT ON DELETE CASCADE,
+    CONSTRAINT identity_recovery_codes_networks_id_fk
+        FOREIGN KEY (nid)
+        REFERENCES networks (id)
+        ON UPDATE RESTRICT ON DELETE CASCADE
+);
+
+CREATE INDEX identity_recovery_codes_nid_flow_id_idx ON identity_recovery_codes (nid, selfservice_recovery_flow_id);
+CREATE INDEX identity_recovery_codes_id_nid_idx ON identity_recovery_codes (id, nid);
+
+ALTER TABLE selfservice_recovery_flows ADD submit_count int NOT NULL DEFAULT 0;
+ALTER TABLE selfservice_recovery_flows ADD skip_csrf_check boolean NOT NULL DEFAULT FALSE;
diff --git a/persistence/sql/persister_recovery.go b/persistence/sql/persister_recovery.go
index c13a75b48c96..6f3b93e9addd 100644
--- a/persistence/sql/persister_recovery.go
+++ b/persistence/sql/persister_recovery.go
@@ -2,16 +2,21 @@ package sql
 
 import (
 	"context"
-	"errors"
+	"crypto/subtle"
 	"fmt"
 	"time"
 
+	"github.com/pkg/errors"
+
 	"github.com/gobuffalo/pop/v6"
 	"github.com/gofrs/uuid"
 
 	"github.com/ory/kratos/identity"
+	"github.com/ory/kratos/selfservice/flow"
 	"github.com/ory/kratos/selfservice/flow/recovery"
+	"github.com/ory/kratos/selfservice/strategy/code"
 	"github.com/ory/kratos/selfservice/strategy/link"
+	"github.com/ory/kratos/x"
 	"github.com/ory/x/sqlcon"
 )
 
@@ -127,3 +132,145 @@ func (p *Persister) DeleteExpiredRecoveryFlows(ctx context.Context, expiresAt ti
 	}
 	return nil
 }
+
+func (p *Persister) CreateRecoveryCode(ctx context.Context, dto *code.CreateRecoveryCodeParams) (*code.RecoveryCode, error) {
+	ctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, "persistence.sql.CreateRecoveryCode")
+	defer span.End()
+
+	now := time.Now()
+
+	recoveryCode := &code.RecoveryCode{
+		ID:         x.NewUUID(),
+		CodeHMAC:   p.hmacValue(ctx, dto.RawCode),
+		ExpiresAt:  now.UTC().Add(dto.ExpiresIn),
+		IssuedAt:   now,
+		CodeType:   dto.CodeType,
+		FlowID:     dto.FlowID,
+		NID:        p.NetworkID(ctx),
+		IdentityID: dto.IdentityID,
+	}
+
+	if dto.RecoveryAddress != nil {
+		recoveryCode.RecoveryAddress = dto.RecoveryAddress
+		recoveryCode.RecoveryAddressID = uuid.NullUUID{
+			UUID:  dto.RecoveryAddress.ID,
+			Valid: true,
+		}
+	}
+
+	// This should not create the request eagerly because otherwise we might accidentally create an address that isn't
+	// supposed to be in the database.
+	if err := p.GetConnection(ctx).Create(recoveryCode); err != nil {
+		return nil, err
+	}
+
+	return recoveryCode, nil
+}
+
+// UseRecoveryCode attempts to "use" the supplied code in the flow
+//
+// If the supplied code matched a code from the flow, no error is returned
+// If an invalid code was submitted with this flow more than 5 times, an error is returned
+// TODO: Extract the business logic to a new service/manager (https://github.com/ory/kratos/issues/2785)
+func (p *Persister) UseRecoveryCode(ctx context.Context, fID uuid.UUID, codeVal string) (*code.RecoveryCode, error) {
+	ctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, "persistence.sql.UseRecoveryCode")
+	defer span.End()
+
+	var recoveryCode *code.RecoveryCode
+
+	nid := p.NetworkID(ctx)
+
+	flowTableName := new(recovery.Flow).TableName(ctx)
+
+	if err := sqlcon.HandleError(p.Transaction(ctx, func(ctx context.Context, tx *pop.Connection) (err error) {
+
+		/* #nosec G201 TableName is static */
+		if err := sqlcon.HandleError(tx.RawQuery(fmt.Sprintf("UPDATE %s SET submit_count = submit_count + 1 WHERE id = ? AND nid = ?", flowTableName), fID, nid).Exec()); err != nil {
+			return err
+		}
+
+		var submitCount int
+		// Because MySQL does not support "RETURNING" clauses, but we need the updated `submit_count` later on.
+		/* #nosec G201 TableName is static */
+		if err := sqlcon.HandleError(tx.RawQuery(fmt.Sprintf("SELECT submit_count FROM %s WHERE id = ? AND nid = ?", flowTableName), fID, nid).First(&submitCount)); err != nil {
+			if errors.Is(err, sqlcon.ErrNoRows) {
+				// Return no error, as that would roll back the transaction
+				return nil
+			}
+
+			return err
+		}
+
+		// This check prevents parallel brute force attacks to generate the recovery code
+		// by checking the submit count inside this database transaction.
+		// If the flow has been submitted more than 5 times, the transaction is aborted (regardless of whether the code was correct or not)
+		// and we thus give no indication whether the supplied code was correct or not. See also https://github.com/ory/kratos/pull/2645#discussion_r984732899
+		if submitCount > 5 {
+			return errors.WithStack(code.ErrCodeSubmittedTooOften)
+		}
+
+		var recoveryCodes []code.RecoveryCode
+		if err = sqlcon.HandleError(tx.Where("nid = ? AND selfservice_recovery_flow_id = ?", nid, fID).All(&recoveryCodes)); err != nil {
+			if errors.Is(err, sqlcon.ErrNoRows) {
+				// Return no error, as that would roll back the transaction
+				return nil
+			}
+
+			return err
+		}
+
+	secrets:
+		for _, secret := range p.r.Config().SecretsSession(ctx) {
+			suppliedCode := []byte(p.hmacValueWithSecret(ctx, codeVal, secret))
+			for i := range recoveryCodes {
+				code := recoveryCodes[i]
+				if subtle.ConstantTimeCompare([]byte(code.CodeHMAC), suppliedCode) == 0 {
+					// Not the supplied code
+					continue
+				}
+				recoveryCode = &code
+				break secrets
+			}
+		}
+
+		if recoveryCode == nil || !recoveryCode.IsValid() {
+			// Return no error, as that would roll back the transaction
+			return nil
+		}
+
+		var ra identity.RecoveryAddress
+		if err := tx.Where("id = ? AND nid = ?", recoveryCode.RecoveryAddressID, nid).First(&ra); err != nil {
+			if err = sqlcon.HandleError(err); !errors.Is(err, sqlcon.ErrNoRows) {
+				return err
+			}
+		}
+		recoveryCode.RecoveryAddress = &ra
+
+		/* #nosec G201 TableName is static */
+		return sqlcon.HandleError(tx.RawQuery(fmt.Sprintf("UPDATE %s SET used_at = ? WHERE id = ? AND nid = ?", recoveryCode.TableName(ctx)), time.Now().UTC(), recoveryCode.ID, nid).Exec())
+	})); err != nil {
+		return nil, err
+	}
+
+	if recoveryCode == nil {
+		return nil, code.ErrCodeNotFound
+	}
+
+	if recoveryCode.IsExpired() {
+		return nil, flow.NewFlowExpiredError(recoveryCode.ExpiresAt)
+	}
+
+	if recoveryCode.WasUsed() {
+		return nil, code.ErrCodeAlreadyUsed
+	}
+
+	return recoveryCode, nil
+}
+
+func (p *Persister) DeleteRecoveryCodesOfFlow(ctx context.Context, fID uuid.UUID) error {
+	ctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, "persistence.sql.DeleteRecoveryToken")
+	defer span.End()
+
+	/* #nosec G201 TableName is static */
+	return p.GetConnection(ctx).RawQuery(fmt.Sprintf("DELETE FROM %s WHERE selfservice_recovery_flow_id = ? AND nid = ?", new(code.RecoveryCode).TableName(ctx)), fID, p.NetworkID(ctx)).Exec()
+}
diff --git a/persistence/sql/persister_test.go b/persistence/sql/persister_test.go
index ae3eb1f8e001..f4849c3b5f84 100644
--- a/persistence/sql/persister_test.go
+++ b/persistence/sql/persister_test.go
@@ -41,6 +41,7 @@ import (
 	registration "github.com/ory/kratos/selfservice/flow/registration/test"
 	settings "github.com/ory/kratos/selfservice/flow/settings/test"
 	verification "github.com/ory/kratos/selfservice/flow/verification/test"
+	code "github.com/ory/kratos/selfservice/strategy/code/test"
 	link "github.com/ory/kratos/selfservice/strategy/link/test"
 	session "github.com/ory/kratos/session/test"
 	"github.com/ory/kratos/x"
@@ -255,6 +256,10 @@ func TestPersister(t *testing.T) {
 				pop.SetLogger(pl(t))
 				link.TestPersister(ctx, conf, p)(t)
 			})
+			t.Run("contract=code.TestPersister", func(t *testing.T) {
+				pop.SetLogger(pl(t))
+				code.TestPersister(ctx, conf, p)(t)
+			})
 			t.Run("contract=continuity.TestPersister", func(t *testing.T) {
 				pop.SetLogger(pl(t))
 				continuity.TestPersister(ctx, p)(t)
diff --git a/selfservice/flow/recovery/error.go b/selfservice/flow/recovery/error.go
index 927e6bc98e9e..925b098c1d0d 100644
--- a/selfservice/flow/recovery/error.go
+++ b/selfservice/flow/recovery/error.go
@@ -69,8 +69,17 @@ func (s *ErrorHandler) WriteFlowError(
 	}
 
 	if e := new(flow.ExpiredError); errors.As(err, &e) {
+		strategy, err := s.d.RecoveryStrategies(r.Context()).Strategy(f.Active.String())
+		if err != nil {
+			strategy, err = s.d.GetActiveRecoveryStrategy(r.Context())
+			// Can't retry the recovery if no strategy has been set
+			if err != nil {
+				s.d.SelfServiceErrorManager().Forward(r.Context(), w, r, err)
+				return
+			}
+		}
 		// create new flow because the old one is not valid
-		a, err := FromOldFlow(s.d.Config(), s.d.Config().SelfServiceFlowRecoveryRequestLifespan(r.Context()), s.d.GenerateCSRFToken(r), r, s.d.RecoveryStrategies(r.Context()), *f)
+		a, err := FromOldFlow(s.d.Config(), s.d.Config().SelfServiceFlowRecoveryRequestLifespan(r.Context()), s.d.GenerateCSRFToken(r), r, strategy, *f)
 		if err != nil {
 			// failed to create a new session and redirect to it, handle that error as a new one
 			s.WriteFlowError(w, r, f, group, err)
diff --git a/selfservice/flow/recovery/error_test.go b/selfservice/flow/recovery/error_test.go
index ae8b0015567f..a60b956189a7 100644
--- a/selfservice/flow/recovery/error_test.go
+++ b/selfservice/flow/recovery/error_test.go
@@ -38,6 +38,7 @@ func TestHandleError(t *testing.T) {
 	ctx := context.Background()
 	conf, reg := internal.NewFastRegistryWithMocks(t)
 	conf.MustSet(ctx, config.ViperKeySelfServiceRecoveryEnabled, true)
+	conf.MustSet(ctx, config.ViperKeySelfServiceRecoveryUse, "code")
 
 	public, _ := testhelpers.NewKratosServer(t, reg)
 
@@ -66,7 +67,9 @@ func TestHandleError(t *testing.T) {
 
 	newFlow := func(t *testing.T, ttl time.Duration, ft flow.Type) *recovery.Flow {
 		req := &http.Request{URL: urlx.ParseOrPanic("/")}
-		f, err := recovery.NewFlow(conf, ttl, x.FakeCSRFToken, req, reg.RecoveryStrategies(context.Background()), ft)
+		s, err := reg.GetActiveRecoveryStrategy(context.Background())
+		require.NoError(t, err)
+		f, err := recovery.NewFlow(conf, ttl, x.FakeCSRFToken, req, s, ft)
 		require.NoError(t, err)
 		require.NoError(t, reg.RecoveryFlowPersister().CreateRecoveryFlow(context.Background(), f))
 		f, err = reg.RecoveryFlowPersister().GetRecoveryFlow(context.Background(), f.ID)
@@ -226,5 +229,47 @@ func TestHandleError(t *testing.T) {
 			sse, _ := expectErrorUI(t)
 			assertx.EqualAsJSON(t, flowError, sse)
 		})
+
+		t.Run("case=new flow uses strategy of old flow", func(t *testing.T) {
+
+			t.Cleanup(reset)
+
+			recoveryFlow = &recovery.Flow{Type: flow.TypeBrowser, Active: "code"}
+			flowError = flow.NewFlowExpiredError(anHourAgo)
+
+			lf, _ := expectRecoveryUI(t)
+			require.Len(t, lf.UI.Messages, 1, "%s", jsonx.TestMarshalJSONString(t, lf))
+			assert.Equal(t, int(text.ErrorValidationRecoveryFlowExpired), int(lf.UI.Messages[0].ID))
+			assert.Equal(t, recoveryFlow.Active.String(), lf.Active.String())
+		})
+
+		t.Run("case=new flow uses current strategy if strategy of old flow does not exist", func(t *testing.T) {
+
+			t.Cleanup(reset)
+
+			recoveryFlow = &recovery.Flow{Type: flow.TypeBrowser, Active: "not-valid"}
+			flowError = flow.NewFlowExpiredError(anHourAgo)
+
+			lf, _ := expectRecoveryUI(t)
+			require.Len(t, lf.UI.Messages, 1, "%s", jsonx.TestMarshalJSONString(t, lf))
+			assert.Equal(t, int(text.ErrorValidationRecoveryFlowExpired), int(lf.UI.Messages[0].ID))
+			assert.Equal(t, "code", lf.Active.String())
+		})
+
+		t.Run("case=fails to retry flow if recovery strategy id is not valid", func(t *testing.T) {
+
+			t.Cleanup(func() {
+				reset()
+				conf.MustSet(ctx, config.ViperKeySelfServiceRecoveryUse, "code")
+			})
+
+			recoveryFlow = newFlow(t, 0, flow.TypeBrowser)
+			recoveryFlow.Active = "not-valid"
+			flowError = flow.NewFlowExpiredError(anHourAgo)
+
+			conf.MustSet(ctx, config.ViperKeySelfServiceRecoveryUse, "not-valid")
+			sse, _ := expectErrorUI(t)
+			assertx.EqualAsJSON(t, herodot.ErrInternalServerError.WithReason("unable to find strategy for not-valid have [code]"), sse)
+		})
 	})
 }
diff --git a/selfservice/flow/recovery/flow.go b/selfservice/flow/recovery/flow.go
index 72614138b193..ead70f9b8e5d 100644
--- a/selfservice/flow/recovery/flow.go
+++ b/selfservice/flow/recovery/flow.go
@@ -61,7 +61,7 @@ type Flow struct {
 	// ReturnTo contains the requested return_to URL.
 	ReturnTo string `json:"return_to,omitempty" db:"-"`
 
-	// Active, if set, contains the registration method that is being used. It is initially
+	// Active, if set, contains the recovery method that is being used. It is initially
 	// not set.
 	Active sqlxx.NullString `json:"active,omitempty" faker:"-" db:"active_method"`
 
@@ -91,9 +91,15 @@ type Flow struct {
 	// RecoveredIdentityID is a helper struct field for gobuffalo.pop.
 	RecoveredIdentityID uuid.NullUUID `json:"-" faker:"-" db:"recovered_identity_id"`
 	NID                 uuid.UUID     `json:"-"  faker:"-" db:"nid"`
+
+	// DangerousSkipCSRFCheck indicates whether anti CSRF measures should be enforced in this flow
+	//
+	// This is needed, because we can not enforce these measures, if the flow has been initialized by someone else than
+	// the user.
+	DangerousSkipCSRFCheck bool `json:"-" faker:"-" db:"skip_csrf_check"`
 }
 
-func NewFlow(conf *config.Config, exp time.Duration, csrf string, r *http.Request, strategies Strategies, ft flow.Type) (*Flow, error) {
+func NewFlow(conf *config.Config, exp time.Duration, csrf string, r *http.Request, strategy Strategy, ft flow.Type) (*Flow, error) {
 	now := time.Now().UTC()
 	id := x.NewUUID()
 
@@ -109,7 +115,7 @@ func NewFlow(conf *config.Config, exp time.Duration, csrf string, r *http.Reques
 		return nil, err
 	}
 
-	req := &Flow{
+	flow := &Flow{
 		ID:         id,
 		ExpiresAt:  now.Add(exp),
 		IssuedAt:   now,
@@ -123,22 +129,23 @@ func NewFlow(conf *config.Config, exp time.Duration, csrf string, r *http.Reques
 		Type:      ft,
 	}
 
-	for _, strategy := range strategies {
-		if err := strategy.PopulateRecoveryMethod(r, req); err != nil {
+	if strategy != nil {
+		flow.Active = sqlxx.NullString(strategy.RecoveryNodeGroup())
+		if err := strategy.PopulateRecoveryMethod(r, flow); err != nil {
 			return nil, err
 		}
 	}
 
-	return req, nil
+	return flow, nil
 }
 
-func FromOldFlow(conf *config.Config, exp time.Duration, csrf string, r *http.Request, strategies Strategies, of Flow) (*Flow, error) {
+func FromOldFlow(conf *config.Config, exp time.Duration, csrf string, r *http.Request, strategy Strategy, of Flow) (*Flow, error) {
 	f := of.Type
 	// Using the same flow in the recovery/verification context can lead to using API flow in a verification/recovery email
 	if of.Type == flow.TypeAPI {
 		f = flow.TypeBrowser
 	}
-	nf, err := NewFlow(conf, exp, csrf, r, strategies, f)
+	nf, err := NewFlow(conf, exp, csrf, r, strategy, f)
 	if err != nil {
 		return nil, err
 	}
diff --git a/selfservice/flow/recovery/flow_test.go b/selfservice/flow/recovery/flow_test.go
index b1358ee60101..2cd478b79bce 100644
--- a/selfservice/flow/recovery/flow_test.go
+++ b/selfservice/flow/recovery/flow_test.go
@@ -98,7 +98,7 @@ func TestFromOldFlow(t *testing.T) {
 		t.Run(fmt.Sprintf("case=original flow is %s", ft), func(t *testing.T) {
 			f, err := recovery.NewFlow(conf, 0, "csrf", &r, nil, ft)
 			require.NoError(t, err)
-			nF, err := recovery.FromOldFlow(conf, time.Duration(time.Hour), f.CSRFToken, &r, []recovery.Strategy{}, *f)
+			nF, err := recovery.FromOldFlow(conf, time.Duration(time.Hour), f.CSRFToken, &r, nil, *f)
 			require.NoError(t, err)
 			require.Equal(t, flow.TypeBrowser, nF.Type)
 		})
diff --git a/selfservice/flow/recovery/handler.go b/selfservice/flow/recovery/handler.go
index 664f2d9a7f2f..7f133291dc9b 100644
--- a/selfservice/flow/recovery/handler.go
+++ b/selfservice/flow/recovery/handler.go
@@ -117,12 +117,13 @@ func (h *Handler) RegisterAdminRoutes(admin *x.RouterAdmin) {
 //	  500: jsonError
 //	  400: jsonError
 func (h *Handler) initAPIFlow(w http.ResponseWriter, r *http.Request, _ httprouter.Params) {
-	if !h.d.Config().SelfServiceFlowRecoveryEnabled(r.Context()) {
+	activeRecoveryStrategy, err := h.d.GetActiveRecoveryStrategy(r.Context())
+	if !h.d.Config().SelfServiceFlowRecoveryEnabled(r.Context()) || err != nil {
 		h.d.SelfServiceErrorManager().Forward(r.Context(), w, r, errors.WithStack(herodot.ErrBadRequest.WithReasonf("Recovery is not allowed because it was disabled.")))
 		return
 	}
 
-	req, err := NewFlow(h.d.Config(), h.d.Config().SelfServiceFlowRecoveryRequestLifespan(r.Context()), h.d.GenerateCSRFToken(r), r, h.d.RecoveryStrategies(r.Context()), flow.TypeAPI)
+	req, err := NewFlow(h.d.Config(), h.d.Config().SelfServiceFlowRecoveryRequestLifespan(r.Context()), h.d.GenerateCSRFToken(r), r, activeRecoveryStrategy, flow.TypeAPI)
 	if err != nil {
 		h.d.Writer().WriteError(w, r, err)
 		return
@@ -173,12 +174,14 @@ type initializeSelfServiceRecoveryFlowWithoutBrowser struct {
 //	  400: jsonError
 //	  500: jsonError
 func (h *Handler) initBrowserFlow(w http.ResponseWriter, r *http.Request, _ httprouter.Params) {
-	if !h.d.Config().SelfServiceFlowRecoveryEnabled(r.Context()) {
+	activeRecoveryStrategy, err := h.d.GetActiveRecoveryStrategy(r.Context())
+
+	if !h.d.Config().SelfServiceFlowRecoveryEnabled(r.Context()) || err != nil {
 		h.d.SelfServiceErrorManager().Forward(r.Context(), w, r, errors.WithStack(herodot.ErrBadRequest.WithReasonf("Recovery is not allowed because it was disabled.")))
 		return
 	}
 
-	f, err := NewFlow(h.d.Config(), h.d.Config().SelfServiceFlowRecoveryRequestLifespan(r.Context()), h.d.GenerateCSRFToken(r), r, h.d.RecoveryStrategies(r.Context()), flow.TypeBrowser)
+	f, err := NewFlow(h.d.Config(), h.d.Config().SelfServiceFlowRecoveryRequestLifespan(r.Context()), h.d.GenerateCSRFToken(r), r, activeRecoveryStrategy, flow.TypeBrowser)
 	if err != nil {
 		h.d.SelfServiceErrorManager().Forward(r.Context(), w, r, err)
 		return
@@ -269,7 +272,7 @@ func (h *Handler) fetch(w http.ResponseWriter, r *http.Request, _ httprouter.Par
 	// Browser flows must include the CSRF token
 	//
 	// Resolves: https://github.com/ory/kratos/issues/1282
-	if f.Type == flow.TypeBrowser && !nosurf.VerifyToken(h.d.GenerateCSRFToken(r), f.CSRFToken) {
+	if f.Type.IsBrowser() && !f.DangerousSkipCSRFCheck && !nosurf.VerifyToken(h.d.GenerateCSRFToken(r), f.CSRFToken) {
 		h.d.Writer().WriteError(w, r, x.CSRFErrorReason(r, h.d))
 		return
 	}
@@ -354,21 +357,22 @@ type submitSelfServiceRecoveryFlowBody struct{}
 //
 // More information can be found at [Ory Kratos Account Recovery Documentation](../self-service/flows/account-recovery).
 //
-//	Consumes:
-//	- application/json
-//	- application/x-www-form-urlencoded
+//		Consumes:
+//		- application/json
+//		- application/x-www-form-urlencoded
 //
-//	Produces:
-//	- application/json
+//		Produces:
+//		- application/json
 //
-//	Schemes: http, https
+//		Schemes: http, https
 //
-//	Responses:
-//	  200: selfServiceRecoveryFlow
-//	  303: emptyResponse
-//	  400: selfServiceRecoveryFlow
-//	  410: jsonError
-//	  500: jsonError
+//	    Responses:
+//	      200: selfServiceRecoveryFlow
+//	      303: emptyResponse
+//	      400: selfServiceRecoveryFlow
+//	      410: jsonError
+//	      422: selfServiceBrowserLocationChangeRequiredError
+//	      500: jsonError
 func (h *Handler) submitFlow(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
 	rid, err := flow.GetFlowID(r)
 	if err != nil {
diff --git a/selfservice/flow/recovery/handler_test.go b/selfservice/flow/recovery/handler_test.go
index 2975aa21b57c..fa5ce08d310f 100644
--- a/selfservice/flow/recovery/handler_test.go
+++ b/selfservice/flow/recovery/handler_test.go
@@ -64,6 +64,8 @@ func TestInitFlow(t *testing.T) {
 	conf.MustSet(ctx, config.ViperKeySelfServiceRecoveryEnabled, true)
 	conf.MustSet(ctx, config.ViperKeySelfServiceStrategyConfig+"."+recovery.StrategyRecoveryLinkName,
 		map[string]interface{}{"enabled": true})
+	conf.MustSet(ctx, config.ViperKeySelfServiceStrategyConfig+"."+recovery.StrategyRecoveryCodeName,
+		map[string]interface{}{"enabled": true})
 
 	router := x.NewRouterPublic()
 	publicTS, _ := testhelpers.NewKratosServerWithRouters(t, reg, router, x.NewRouterAdmin())
@@ -200,6 +202,8 @@ func TestGetFlow(t *testing.T) {
 	conf.MustSet(ctx, config.ViperKeySelfServiceRecoveryEnabled, true)
 	conf.MustSet(ctx, config.ViperKeySelfServiceStrategyConfig+"."+recovery.StrategyRecoveryLinkName,
 		map[string]interface{}{"enabled": true})
+	conf.MustSet(ctx, config.ViperKeySelfServiceStrategyConfig+"."+recovery.StrategyRecoveryCodeName,
+		map[string]interface{}{"enabled": true})
 	testhelpers.SetDefaultIdentitySchema(conf, "file://./stub/identity.schema.json")
 
 	public, _ := testhelpers.NewKratosServerWithCSRF(t, reg)
diff --git a/selfservice/flow/recovery/hook_test.go b/selfservice/flow/recovery/hook_test.go
index 9ad2b87f8f87..894e604621f4 100644
--- a/selfservice/flow/recovery/hook_test.go
+++ b/selfservice/flow/recovery/hook_test.go
@@ -10,6 +10,7 @@ import (
 	"github.com/ory/kratos/session"
 
 	"github.com/ory/kratos/selfservice/flow/recovery"
+	"github.com/ory/kratos/selfservice/strategy/code"
 
 	"github.com/gobuffalo/httptest"
 	"github.com/julienschmidt/httprouter"
@@ -27,11 +28,12 @@ import (
 func TestRecoveryExecutor(t *testing.T) {
 	ctx := context.Background()
 	conf, reg := internal.NewFastRegistryWithMocks(t)
+	s := code.NewStrategy(reg)
 
 	newServer := func(t *testing.T, i *identity.Identity, ft flow.Type) *httptest.Server {
 		router := httprouter.New()
 		router.GET("/recovery/pre", func(w http.ResponseWriter, r *http.Request, _ httprouter.Params) {
-			a, err := recovery.NewFlow(conf, time.Minute, x.FakeCSRFToken, r, reg.RecoveryStrategies(context.Background()), ft)
+			a, err := recovery.NewFlow(conf, time.Minute, x.FakeCSRFToken, r, s, ft)
 			require.NoError(t, err)
 			if testhelpers.SelfServiceHookErrorHandler(t, w, r, recovery.ErrHookAbortFlow, reg.RecoveryExecutor().PreRecoveryHook(w, r, a)) {
 				_, _ = w.Write([]byte("ok"))
@@ -39,7 +41,7 @@ func TestRecoveryExecutor(t *testing.T) {
 		})
 
 		router.GET("/recovery/post", func(w http.ResponseWriter, r *http.Request, _ httprouter.Params) {
-			a, err := recovery.NewFlow(conf, time.Minute, x.FakeCSRFToken, r, reg.RecoveryStrategies(context.Background()), ft)
+			a, err := recovery.NewFlow(conf, time.Minute, x.FakeCSRFToken, r, s, ft)
 			require.NoError(t, err)
 			s, _ := session.NewActiveSession(r,
 				i,
diff --git a/selfservice/flow/recovery/strategy.go b/selfservice/flow/recovery/strategy.go
index c8e3ecbf5d3f..6239358c2151 100644
--- a/selfservice/flow/recovery/strategy.go
+++ b/selfservice/flow/recovery/strategy.go
@@ -4,15 +4,17 @@ import (
 	"context"
 	"net/http"
 
-	"github.com/ory/kratos/ui/node"
-
 	"github.com/pkg/errors"
 
+	"github.com/ory/herodot"
+	"github.com/ory/kratos/ui/node"
+
 	"github.com/ory/kratos/x"
 )
 
 const (
 	StrategyRecoveryLinkName = "link"
+	StrategyRecoveryCodeName = "code"
 )
 
 type (
@@ -32,6 +34,7 @@ type (
 	StrategyProvider interface {
 		AllRecoveryStrategies() Strategies
 		RecoveryStrategies(ctx context.Context) Strategies
+		GetActiveRecoveryStrategy(ctx context.Context) (Strategy, error)
 	}
 )
 
@@ -44,7 +47,7 @@ func (s Strategies) Strategy(id string) (Strategy, error) {
 		}
 	}
 
-	return nil, errors.Errorf(`unable to find strategy for %s have %v`, id, ids)
+	return nil, errors.WithStack(herodot.ErrInternalServerError.WithReasonf("unable to find strategy for %s have %v", id, ids))
 }
 
 func (s Strategies) MustStrategy(id string) Strategy {
diff --git a/selfservice/flow/type.go b/selfservice/flow/type.go
index d78e9c84b59a..95b99bbeb711 100644
--- a/selfservice/flow/type.go
+++ b/selfservice/flow/type.go
@@ -11,3 +11,11 @@ const (
 	TypeAPI     Type = "api"
 	TypeBrowser Type = "browser"
 )
+
+func (t Type) IsBrowser() bool {
+	return t == TypeBrowser
+}
+
+func (t Type) IsAPI() bool {
+	return t == TypeAPI
+}
diff --git a/selfservice/strategy/code/.schema/recovery.schema.json b/selfservice/strategy/code/.schema/recovery.schema.json
new file mode 100644
index 000000000000..4a072075d45e
--- /dev/null
+++ b/selfservice/strategy/code/.schema/recovery.schema.json
@@ -0,0 +1,29 @@
+{
+  "$id": "https://schemas.ory.sh/kratos/selfservice/strategy/profile/settings.schema.json",
+  "$schema": "http://json-schema.org/draft-07/schema#",
+  "type": "object",
+  "properties": {
+    "method": {
+      "type": "string",
+      "enum": [
+        "code",
+        "link"
+      ]
+    },
+    "code": {
+      "type": "string",
+      "pattern": "^\\d{8}$"
+    },
+    "email": {
+      "type": "string",
+      "format": "email"
+    },
+    "flow": {
+      "type": "string",
+      "format": "uuid"
+    },
+    "csrf_token": {
+      "type": "string"
+    }
+  }
+}
diff --git a/selfservice/strategy/code/.snapshots/TestAdminStrategy-description=should_fail_on_malformed_expiry_time.json b/selfservice/strategy/code/.snapshots/TestAdminStrategy-description=should_fail_on_malformed_expiry_time.json
new file mode 100644
index 000000000000..a6f2badb6b5e
--- /dev/null
+++ b/selfservice/strategy/code/.snapshots/TestAdminStrategy-description=should_fail_on_malformed_expiry_time.json
@@ -0,0 +1,8 @@
+{
+  "error": {
+    "code": 400,
+    "message": "The request was malformed or contained invalid parameters",
+    "reason": "Unable to parse \"expires_in\" whose format should match \"[0-9]+(ns|us|ms|s|m|h)\" but did not: not-a-valid-value",
+    "status": "Bad Request"
+  }
+}
diff --git a/selfservice/strategy/code/.snapshots/TestAdminStrategy-description=should_fail_on_negative_expiry_time.json b/selfservice/strategy/code/.snapshots/TestAdminStrategy-description=should_fail_on_negative_expiry_time.json
new file mode 100644
index 000000000000..0ebac1807073
--- /dev/null
+++ b/selfservice/strategy/code/.snapshots/TestAdminStrategy-description=should_fail_on_negative_expiry_time.json
@@ -0,0 +1,8 @@
+{
+  "error": {
+    "code": 400,
+    "message": "The request was malformed or contained invalid parameters",
+    "reason": "Value from \"expires_in\" must result to a future time: -1h",
+    "status": "Bad Request"
+  }
+}
diff --git a/selfservice/strategy/code/.snapshots/TestAdminStrategy-description=should_not_be_able_to_recover_an_account_that_does_not_exist.json b/selfservice/strategy/code/.snapshots/TestAdminStrategy-description=should_not_be_able_to_recover_an_account_that_does_not_exist.json
new file mode 100644
index 000000000000..6d8a9009d660
--- /dev/null
+++ b/selfservice/strategy/code/.snapshots/TestAdminStrategy-description=should_not_be_able_to_recover_an_account_that_does_not_exist.json
@@ -0,0 +1,8 @@
+{
+  "error": {
+    "code": 404,
+    "message": "Unable to locate the resource",
+    "reason": "could not find identity",
+    "status": "Not Found"
+  }
+}
diff --git a/selfservice/strategy/code/.snapshots/TestRecovery-description=should_set_all_the_correct_recovery_payloads.json b/selfservice/strategy/code/.snapshots/TestRecovery-description=should_set_all_the_correct_recovery_payloads.json
new file mode 100644
index 000000000000..ec1092ad77a6
--- /dev/null
+++ b/selfservice/strategy/code/.snapshots/TestRecovery-description=should_set_all_the_correct_recovery_payloads.json
@@ -0,0 +1,53 @@
+[
+  {
+    "attributes": {
+      "disabled": false,
+      "name": "csrf_token",
+      "node_type": "input",
+      "required": true,
+      "type": "hidden"
+    },
+    "group": "default",
+    "messages": [],
+    "meta": {},
+    "type": "input"
+  },
+  {
+    "attributes": {
+      "disabled": false,
+      "name": "email",
+      "node_type": "input",
+      "required": true,
+      "type": "email"
+    },
+    "group": "code",
+    "messages": [],
+    "meta": {
+      "label": {
+        "id": 1070007,
+        "text": "Email",
+        "type": "info"
+      }
+    },
+    "type": "input"
+  },
+  {
+    "attributes": {
+      "disabled": false,
+      "name": "method",
+      "node_type": "input",
+      "type": "submit",
+      "value": "code"
+    },
+    "group": "code",
+    "messages": [],
+    "meta": {
+      "label": {
+        "id": 1070005,
+        "text": "Submit",
+        "type": "info"
+      }
+    },
+    "type": "input"
+  }
+]
diff --git a/selfservice/strategy/code/.snapshots/TestRecovery-description=should_set_all_the_correct_recovery_payloads_after_submission.json b/selfservice/strategy/code/.snapshots/TestRecovery-description=should_set_all_the_correct_recovery_payloads_after_submission.json
new file mode 100644
index 000000000000..d2ae3266e086
--- /dev/null
+++ b/selfservice/strategy/code/.snapshots/TestRecovery-description=should_set_all_the_correct_recovery_payloads_after_submission.json
@@ -0,0 +1,85 @@
+[
+  {
+    "type": "input",
+    "group": "default",
+    "attributes": {
+      "name": "csrf_token",
+      "type": "hidden",
+      "required": true,
+      "disabled": false,
+      "node_type": "input"
+    },
+    "messages": [],
+    "meta": {}
+  },
+  {
+    "type": "input",
+    "group": "code",
+    "attributes": {
+      "name": "code",
+      "type": "number",
+      "required": true,
+      "disabled": false,
+      "node_type": "input"
+    },
+    "messages": [],
+    "meta": {
+      "label": {
+        "id": 1070006,
+        "text": "Verify code",
+        "type": "info"
+      }
+    }
+  },
+  {
+    "type": "input",
+    "group": "code",
+    "attributes": {
+      "name": "method",
+      "type": "hidden",
+      "value": "code",
+      "disabled": false,
+      "node_type": "input"
+    },
+    "messages": [],
+    "meta": {}
+  },
+  {
+    "type": "input",
+    "group": "code",
+    "attributes": {
+      "name": "method",
+      "type": "submit",
+      "value": "code",
+      "disabled": false,
+      "node_type": "input"
+    },
+    "messages": [],
+    "meta": {
+      "label": {
+        "id": 1070005,
+        "text": "Submit",
+        "type": "info"
+      }
+    }
+  },
+  {
+    "type": "input",
+    "group": "code",
+    "attributes": {
+      "name": "email",
+      "type": "submit",
+      "value": "test@ory.sh",
+      "disabled": false,
+      "node_type": "input"
+    },
+    "messages": [],
+    "meta": {
+      "label": {
+        "id": 1070007,
+        "text": "Resend code",
+        "type": "info"
+      }
+    }
+  }
+]
diff --git a/selfservice/strategy/code/code_recovery.go b/selfservice/strategy/code/code_recovery.go
new file mode 100644
index 000000000000..a4491d90c3f3
--- /dev/null
+++ b/selfservice/strategy/code/code_recovery.go
@@ -0,0 +1,108 @@
+package code
+
+import (
+	"context"
+	"database/sql"
+	"time"
+
+	"github.com/gofrs/uuid"
+
+	"github.com/ory/herodot"
+	"github.com/ory/x/randx"
+
+	"github.com/ory/kratos/identity"
+)
+
+type RecoveryCodeType int
+
+const (
+	RecoveryCodeTypeAdmin RecoveryCodeType = iota + 1
+	RecoveryCodeTypeSelfService
+)
+
+var (
+	ErrCodeNotFound          = herodot.ErrNotFound.WithReasonf("unknown recovery code")
+	ErrCodeAlreadyUsed       = herodot.ErrBadRequest.WithReasonf("recovery code was already used")
+	ErrCodeSubmittedTooOften = herodot.ErrBadRequest.WithReasonf("The recovery was submitted too often. Please try again.")
+)
+
+type RecoveryCode struct {
+	// ID represents the code's unique ID.
+	//
+	// required: true
+	// type: string
+	// format: uuid
+	ID uuid.UUID `json:"id" db:"id" faker:"-"`
+
+	// CodeHMAC represents the HMACed value of the recovery code
+	CodeHMAC string `json:"-" db:"code"`
+
+	// UsedAt is the timestamp of when the code was used or null if it wasn't yet
+	UsedAt sql.NullTime `json:"-" db:"used_at"`
+
+	// RecoveryAddress links this code to a recovery address.
+	// required: true
+	RecoveryAddress *identity.RecoveryAddress `json:"recovery_address" belongs_to:"identity_recovery_addresses" fk_id:"RecoveryAddressID"`
+
+	// CodeType is the type of the code - either "admin" or "selfservice"
+	CodeType RecoveryCodeType `json:"-" faker:"-" db:"code_type"`
+
+	// ExpiresAt is the time (UTC) when the code expires.
+	// required: true
+	ExpiresAt time.Time `json:"expires_at" faker:"time_type" db:"expires_at"`
+
+	// IssuedAt is the time (UTC) when the code was issued.
+	// required: true
+	IssuedAt time.Time `json:"issued_at" faker:"time_type" db:"issued_at"`
+
+	// CreatedAt is a helper struct field for gobuffalo.pop.
+	CreatedAt time.Time `json:"-" faker:"-" db:"created_at"`
+	// UpdatedAt is a helper struct field for gobuffalo.pop.
+	UpdatedAt time.Time `json:"-" faker:"-" db:"updated_at"`
+	// RecoveryAddressID is a helper struct field for gobuffalo.pop.
+	RecoveryAddressID uuid.NullUUID `json:"-" faker:"-" db:"identity_recovery_address_id"`
+	// FlowID is a helper struct field for gobuffalo.pop.
+	FlowID     uuid.UUID `json:"-" faker:"-" db:"selfservice_recovery_flow_id"`
+	NID        uuid.UUID `json:"-" faker:"-" db:"nid"`
+	IdentityID uuid.UUID `json:"identity_id" faker:"-" db:"identity_id"`
+}
+
+func (RecoveryCode) TableName(ctx context.Context) string {
+	return "identity_recovery_codes"
+}
+
+func (f RecoveryCode) IsExpired() bool {
+	return f.ExpiresAt.Before(time.Now())
+}
+
+func (r RecoveryCode) WasUsed() bool {
+	return r.UsedAt.Valid
+}
+
+func (f RecoveryCode) IsValid() bool {
+	return !f.IsExpired() && !f.WasUsed()
+}
+
+func GenerateRecoveryCode() string {
+	return randx.MustString(8, randx.Numeric)
+}
+
+type CreateRecoveryCodeParams struct {
+	// Code represents the recovery code
+	RawCode string
+
+	// CodeType is the type of the code - either "admin" or "selfservice"
+	CodeType RecoveryCodeType
+
+	// ExpiresAt is the time (UTC) when the code expires.
+	// required: true
+	ExpiresIn time.Duration
+
+	// RecoveryAddressID is a helper struct field for gobuffalo.pop.
+	RecoveryAddress *identity.RecoveryAddress
+
+	// FlowID is a helper struct field for gobuffalo.pop.
+	FlowID uuid.UUID
+
+	IdentityID uuid.UUID
+}
diff --git a/selfservice/strategy/code/code_recovery_test.go b/selfservice/strategy/code/code_recovery_test.go
new file mode 100644
index 000000000000..74534e2e33e9
--- /dev/null
+++ b/selfservice/strategy/code/code_recovery_test.go
@@ -0,0 +1,91 @@
+package code_test
+
+import (
+	"database/sql"
+	"net/http"
+	"testing"
+	"time"
+
+	"github.com/ory/kratos/internal"
+	"github.com/ory/kratos/selfservice/strategy/code"
+	"github.com/ory/kratos/x"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+
+	"github.com/ory/x/stringslice"
+	"github.com/ory/x/urlx"
+
+	"github.com/ory/kratos/selfservice/flow"
+	"github.com/ory/kratos/selfservice/flow/recovery"
+)
+
+func TestRecoveryCode(t *testing.T) {
+	conf, _ := internal.NewFastRegistryWithMocks(t)
+
+	newCode := func(expiresIn time.Duration, f *recovery.Flow) *code.RecoveryCode {
+		return &code.RecoveryCode{
+			ID:        x.NewUUID(),
+			FlowID:    f.ID,
+			ExpiresAt: time.Now().Add(expiresIn),
+		}
+	}
+
+	req := &http.Request{URL: urlx.ParseOrPanic("https://www.ory.sh/")}
+	t.Run("func=GenerateRecoveryCode", func(t *testing.T) {
+		t.Run("case=creates unique codes", func(t *testing.T) {
+			codes := make([]string, 100)
+			for k := range codes {
+				codes[k] = code.GenerateRecoveryCode()
+			}
+
+			assert.Len(t, stringslice.Unique(codes), len(codes))
+		})
+	})
+
+	t.Run("method=IsExpired", func(t *testing.T) {
+		t.Run("case=returns true if flow is expired", func(t *testing.T) {
+			f, err := recovery.NewFlow(conf, -time.Hour, "", req, nil, flow.TypeBrowser)
+			require.NoError(t, err)
+
+			c := newCode(-time.Hour, f)
+			require.True(t, c.IsExpired())
+		})
+		t.Run("case=returns false if flow is not expired", func(t *testing.T) {
+			f, err := recovery.NewFlow(conf, time.Hour, "", req, nil, flow.TypeBrowser)
+			require.NoError(t, err)
+
+			c := newCode(time.Hour, f)
+			require.False(t, c.IsExpired())
+		})
+	})
+
+	t.Run("method=WasUsed", func(t *testing.T) {
+		t.Run("case=returns true if flow has been used", func(t *testing.T) {
+			f, err := recovery.NewFlow(conf, -time.Hour, "", req, nil, flow.TypeBrowser)
+			require.NoError(t, err)
+
+			c := newCode(time.Hour, f)
+			c.UsedAt = sql.NullTime{
+				Time:  time.Now(),
+				Valid: true,
+			}
+			require.True(t, c.WasUsed())
+		})
+		t.Run("case=returns false if flow has not been used", func(t *testing.T) {
+			f, err := recovery.NewFlow(conf, -time.Hour, "", req, nil, flow.TypeBrowser)
+			require.NoError(t, err)
+
+			c := newCode(time.Hour, f)
+			c.UsedAt = sql.NullTime{
+				Valid: false,
+			}
+			require.False(t, c.WasUsed())
+		})
+	})
+}
+
+func TestRecoveryCodeType(t *testing.T) {
+	assert.Equal(t, 1, int(code.RecoveryCodeTypeAdmin))
+	assert.Equal(t, 2, int(code.RecoveryCodeTypeSelfService))
+}
diff --git a/selfservice/strategy/code/persistence.go b/selfservice/strategy/code/persistence.go
new file mode 100644
index 000000000000..45ce5338959f
--- /dev/null
+++ b/selfservice/strategy/code/persistence.go
@@ -0,0 +1,19 @@
+package code
+
+import (
+	"context"
+
+	"github.com/gofrs/uuid"
+)
+
+type (
+	RecoveryCodePersister interface {
+		CreateRecoveryCode(ctx context.Context, dto *CreateRecoveryCodeParams) (*RecoveryCode, error)
+		UseRecoveryCode(ctx context.Context, fID uuid.UUID, code string) (*RecoveryCode, error)
+		DeleteRecoveryCodesOfFlow(ctx context.Context, fID uuid.UUID) error
+	}
+
+	RecoveryCodePersistenceProvider interface {
+		RecoveryCodePersister() RecoveryCodePersister
+	}
+)
diff --git a/selfservice/strategy/code/schema.go b/selfservice/strategy/code/schema.go
new file mode 100644
index 000000000000..cb2f412b0371
--- /dev/null
+++ b/selfservice/strategy/code/schema.go
@@ -0,0 +1,8 @@
+package code
+
+import (
+	_ "embed"
+)
+
+//go:embed .schema/recovery.schema.json
+var recoveryMethodSchema []byte
diff --git a/selfservice/strategy/code/sender.go b/selfservice/strategy/code/sender.go
new file mode 100644
index 000000000000..aa45f7b27a70
--- /dev/null
+++ b/selfservice/strategy/code/sender.go
@@ -0,0 +1,125 @@
+package code
+
+import (
+	"context"
+	"net/http"
+
+	"github.com/hashicorp/go-retryablehttp"
+
+	"github.com/ory/herodot"
+	"github.com/ory/kratos/courier/template/email"
+
+	"github.com/ory/x/httpx"
+	"github.com/ory/x/stringsx"
+
+	"github.com/ory/kratos/courier"
+	"github.com/ory/kratos/driver/config"
+	"github.com/ory/kratos/identity"
+	"github.com/ory/kratos/selfservice/flow/recovery"
+	"github.com/ory/kratos/x"
+)
+
+type (
+	senderDependencies interface {
+		courier.Provider
+		courier.ConfigProvider
+
+		identity.PoolProvider
+		identity.ManagementProvider
+		identity.PrivilegedPoolProvider
+		x.LoggingProvider
+		config.Provider
+
+		RecoveryCodePersistenceProvider
+
+		HTTPClient(ctx context.Context, opts ...httpx.ResilientOptions) *retryablehttp.Client
+	}
+	RecoveryCodeSenderProvider interface {
+		RecoveryCodeSender() *RecoveryCodeSender
+	}
+
+	RecoveryCodeSender struct {
+		deps senderDependencies
+	}
+)
+
+var ErrUnknownAddress = herodot.ErrNotFound.WithReason("recovery requested for unknown address")
+
+func NewSender(deps senderDependencies) *RecoveryCodeSender {
+	return &RecoveryCodeSender{deps: deps}
+}
+
+// SendRecoveryCode sends a recovery code to the specified address.
+// If the address does not exist in the store, an email is still being sent to prevent account
+// enumeration attacks. In that case, this function returns the ErrUnknownAddress error.
+func (s *RecoveryCodeSender) SendRecoveryCode(ctx context.Context, r *http.Request, f *recovery.Flow, via identity.VerifiableAddressType, to string) error {
+	s.deps.Logger().
+		WithField("via", via).
+		WithSensitiveField("address", to).
+		Debug("Preparing recovery code.")
+
+	address, err := s.deps.IdentityPool().FindRecoveryAddressByValue(ctx, identity.RecoveryAddressTypeEmail, to)
+	if err != nil {
+		if err := s.send(ctx, string(via), email.NewRecoveryInvalid(s.deps, &email.RecoveryInvalidModel{To: to})); err != nil {
+			return err
+		}
+		return ErrUnknownAddress
+	}
+
+	// Get the identity associated with the recovery address
+	i, err := s.deps.IdentityPool().GetIdentity(ctx, address.IdentityID)
+	if err != nil {
+		return err
+	}
+
+	rawCode := GenerateRecoveryCode()
+
+	var code *RecoveryCode
+	if code, err = s.deps.
+		RecoveryCodePersister().
+		CreateRecoveryCode(ctx, &CreateRecoveryCodeParams{
+			RawCode:         rawCode,
+			CodeType:        RecoveryCodeTypeSelfService,
+			ExpiresIn:       s.deps.Config().SelfServiceCodeMethodLifespan(r.Context()),
+			RecoveryAddress: address,
+			FlowID:          f.ID,
+			IdentityID:      i.ID,
+		}); err != nil {
+		return err
+	}
+
+	return s.SendRecoveryCodeTo(ctx, i, rawCode, code)
+}
+
+func (s *RecoveryCodeSender) SendRecoveryCodeTo(ctx context.Context, i *identity.Identity, codeString string, code *RecoveryCode) error {
+	s.deps.Audit().
+		WithField("via", code.RecoveryAddress.Via).
+		WithField("identity_id", code.RecoveryAddress.IdentityID).
+		WithField("recovery_code_id", code.ID).
+		WithSensitiveField("email_address", code.RecoveryAddress.Value).
+		WithSensitiveField("recovery_code", codeString).
+		Info("Sending out recovery email with recovery code.")
+
+	model, err := x.StructToMap(i)
+	if err != nil {
+		return err
+	}
+
+	emailModel := email.RecoveryCodeValidModel{
+		To:           code.RecoveryAddress.Value,
+		RecoveryCode: codeString,
+		Identity:     model,
+	}
+
+	return s.send(ctx, string(code.RecoveryAddress.Via), email.NewRecoveryCodeValid(s.deps, &emailModel))
+}
+
+func (s *RecoveryCodeSender) send(ctx context.Context, via string, t courier.EmailTemplate) error {
+	switch f := stringsx.SwitchExact(via); {
+	case f.AddCase(identity.AddressTypeEmail):
+		_, err := s.deps.Courier(ctx).QueueEmail(ctx, t)
+		return err
+	default:
+		return f.ToUnknownCaseErr()
+	}
+}
diff --git a/selfservice/strategy/code/sender_test.go b/selfservice/strategy/code/sender_test.go
new file mode 100644
index 000000000000..1cf5043d18e6
--- /dev/null
+++ b/selfservice/strategy/code/sender_test.go
@@ -0,0 +1,64 @@
+package code_test
+
+import (
+	"context"
+	"net/http"
+	"net/http/httptest"
+	"testing"
+	"time"
+
+	"github.com/ory/kratos/internal/testhelpers"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+
+	"github.com/ory/kratos/driver/config"
+	"github.com/ory/kratos/identity"
+	"github.com/ory/kratos/internal"
+	"github.com/ory/kratos/selfservice/flow"
+	"github.com/ory/kratos/selfservice/flow/recovery"
+	"github.com/ory/kratos/selfservice/strategy/code"
+	"github.com/ory/x/urlx"
+)
+
+func TestSender(t *testing.T) {
+	ctx := context.Background()
+	conf, reg := internal.NewFastRegistryWithMocks(t)
+	testhelpers.SetDefaultIdentitySchema(conf, "file://./stub/default.schema.json")
+	conf.MustSet(ctx, config.ViperKeyPublicBaseURL, "https://www.ory.sh/")
+	conf.MustSet(ctx, config.ViperKeyCourierSMTPURL, "smtp://foo@bar@dev.null/")
+	conf.MustSet(ctx, config.ViperKeyLinkBaseURL, "https://link-url/")
+
+	u := &http.Request{URL: urlx.ParseOrPanic("https://www.ory.sh/")}
+
+	i := identity.NewIdentity(config.DefaultIdentityTraitsSchemaID)
+	i.Traits = identity.Traits(`{"email": "tracked@ory.sh"}`)
+	require.NoError(t, reg.IdentityManager().Create(context.Background(), i))
+
+	hr := httptest.NewRequest("GET", "https://www.ory.sh", nil)
+
+	t.Run("method=SendRecoveryCode", func(t *testing.T) {
+		f, err := recovery.NewFlow(conf, time.Hour, "", u, code.NewStrategy(reg), flow.TypeBrowser)
+		require.NoError(t, err)
+
+		require.NoError(t, reg.RecoveryFlowPersister().CreateRecoveryFlow(context.Background(), f))
+
+		require.NoError(t, reg.RecoveryCodeSender().SendRecoveryCode(context.Background(), hr, f, "email", "tracked@ory.sh"))
+		require.ErrorIs(t, reg.RecoveryCodeSender().SendRecoveryCode(context.Background(), hr, f, "email", "not-tracked@ory.sh"), code.ErrUnknownAddress)
+
+		messages, err := reg.CourierPersister().NextMessages(context.Background(), 12)
+		require.NoError(t, err)
+		require.Len(t, messages, 2)
+
+		assert.EqualValues(t, "tracked@ory.sh", messages[0].Recipient)
+		assert.Contains(t, messages[0].Subject, "Recover access to your account")
+
+		assert.Regexp(t, `(\d{8})`, messages[0].Body)
+
+		assert.EqualValues(t, "not-tracked@ory.sh", messages[1].Recipient)
+		assert.Contains(t, messages[1].Subject, "Account access attempted")
+
+		assert.NotRegexp(t, `(\d{8})`, messages[1].Body, "Expected message to not contain an 8 digit recovery code, but it did: ", messages[1].Body)
+	})
+
+}
diff --git a/selfservice/strategy/code/strategy.go b/selfservice/strategy/code/strategy.go
new file mode 100644
index 000000000000..d755db629e1f
--- /dev/null
+++ b/selfservice/strategy/code/strategy.go
@@ -0,0 +1,77 @@
+package code
+
+import (
+	"github.com/ory/kratos/courier"
+	"github.com/ory/kratos/driver/config"
+	"github.com/ory/kratos/identity"
+	"github.com/ory/kratos/schema"
+	"github.com/ory/kratos/selfservice/errorx"
+	"github.com/ory/kratos/selfservice/flow/recovery"
+	"github.com/ory/kratos/selfservice/flow/settings"
+	"github.com/ory/kratos/session"
+	"github.com/ory/kratos/ui/container"
+	"github.com/ory/kratos/ui/node"
+	"github.com/ory/kratos/x"
+	"github.com/ory/x/decoderx"
+)
+
+var _ recovery.Strategy = new(Strategy)
+var _ recovery.AdminHandler = new(Strategy)
+var _ recovery.PublicHandler = new(Strategy)
+
+type (
+	// FlowMethod contains the configuration for this selfservice strategy.
+	FlowMethod struct {
+		*container.Container
+	}
+
+	strategyDependencies interface {
+		x.CSRFProvider
+		x.CSRFTokenGeneratorProvider
+		x.WriterProvider
+		x.LoggingProvider
+
+		config.Provider
+
+		session.HandlerProvider
+		session.ManagementProvider
+		settings.HandlerProvider
+		settings.FlowPersistenceProvider
+
+		identity.ValidationProvider
+		identity.ManagementProvider
+		identity.PoolProvider
+		identity.PrivilegedPoolProvider
+
+		courier.Provider
+
+		errorx.ManagementProvider
+
+		recovery.ErrorHandlerProvider
+		recovery.FlowPersistenceProvider
+		recovery.StrategyProvider
+		recovery.HookExecutorProvider
+
+		RecoveryCodePersistenceProvider
+		RecoveryCodeSenderProvider
+
+		schema.IdentityTraitsProvider
+	}
+
+	Strategy struct {
+		deps strategyDependencies
+		dx   *decoderx.HTTP
+	}
+)
+
+func NewStrategy(deps strategyDependencies) *Strategy {
+	return &Strategy{deps: deps, dx: decoderx.NewHTTP()}
+}
+
+func (s *Strategy) RecoveryNodeGroup() node.UiNodeGroup {
+	return node.CodeGroup
+}
+
+func (s *Strategy) VerificationNodeGroup() node.UiNodeGroup {
+	return node.CodeGroup
+}
diff --git a/selfservice/strategy/code/strategy_recovery.go b/selfservice/strategy/code/strategy_recovery.go
new file mode 100644
index 000000000000..9e18108874db
--- /dev/null
+++ b/selfservice/strategy/code/strategy_recovery.go
@@ -0,0 +1,607 @@
+package code
+
+import (
+	"net/http"
+	"net/url"
+	"time"
+
+	"github.com/gofrs/uuid"
+	"github.com/julienschmidt/httprouter"
+	"github.com/pkg/errors"
+
+	"github.com/ory/herodot"
+	"github.com/ory/x/decoderx"
+	"github.com/ory/x/sqlcon"
+	"github.com/ory/x/sqlxx"
+	"github.com/ory/x/urlx"
+
+	"github.com/ory/kratos/identity"
+	"github.com/ory/kratos/schema"
+	"github.com/ory/kratos/selfservice/flow"
+	"github.com/ory/kratos/selfservice/flow/recovery"
+	"github.com/ory/kratos/selfservice/strategy"
+	"github.com/ory/kratos/session"
+	"github.com/ory/kratos/text"
+	"github.com/ory/kratos/ui/container"
+	"github.com/ory/kratos/ui/node"
+	"github.com/ory/kratos/x"
+)
+
+const (
+	RouteAdminCreateRecoveryCode = "/recovery/code"
+)
+
+func (s *Strategy) RecoveryStrategyID() string {
+	return recovery.StrategyRecoveryCodeName
+}
+
+func (s *Strategy) RegisterPublicRecoveryRoutes(public *x.RouterPublic) {
+	s.deps.CSRFHandler().IgnorePath(RouteAdminCreateRecoveryCode)
+	public.POST(RouteAdminCreateRecoveryCode, x.RedirectToAdminRoute(s.deps))
+
+}
+
+func (s *Strategy) RegisterAdminRecoveryRoutes(admin *x.RouterAdmin) {
+	wrappedCreateRecoveryCode := strategy.IsDisabled(s.deps, s.RecoveryStrategyID(), s.createRecoveryCode)
+	admin.POST(RouteAdminCreateRecoveryCode, wrappedCreateRecoveryCode)
+}
+
+func (s *Strategy) PopulateRecoveryMethod(r *http.Request, f *recovery.Flow) error {
+	f.UI.SetCSRF(s.deps.GenerateCSRFToken(r))
+	f.UI.GetNodes().Upsert(
+		node.NewInputField("email", nil, node.CodeGroup, node.InputAttributeTypeEmail, node.WithRequiredInputAttribute).
+			WithMetaLabel(text.NewInfoNodeInputEmail()),
+	)
+	f.UI.
+		GetNodes().
+		Append(node.NewInputField("method", s.RecoveryStrategyID(), node.CodeGroup, node.InputAttributeTypeSubmit).
+			WithMetaLabel(text.NewInfoNodeLabelSubmit()))
+
+	return nil
+}
+
+// swagger:parameters adminCreateSelfServiceRecoveryCode
+//
+// nolint
+type adminCreateSelfServiceRecoveryCode struct {
+	// in: body
+	Body adminCreateSelfServiceRecoveryCodeBody
+}
+
+// swagger:model adminCreateSelfServiceRecoveryCodeBody
+type adminCreateSelfServiceRecoveryCodeBody struct {
+	// Identity to Recover
+	//
+	// The identity's ID you wish to recover.
+	//
+	// required: true
+	IdentityID uuid.UUID `json:"identity_id"`
+
+	// Code Expires In
+	//
+	// The recovery code will expire at that point in time. Defaults to the configuration value of
+	// `selfservice.flows.recovery.request_lifespan`.
+	//
+	//
+	// pattern: ^([0-9]+(ns|us|ms|s|m|h))*$
+	// example:
+	//	- 1h
+	//	- 1m
+	//	- 1s
+	ExpiresIn string `json:"expires_in"`
+}
+
+// swagger:model selfServiceRecoveryCode
+// nolint
+type selfServiceRecoveryCode struct {
+	// RecoveryLink with flow
+	//
+	// This link opens the recovery UI with an empty `code` field.
+	//
+	// required: true
+	// format: uri
+	RecoveryLink string `json:"recovery_link"`
+
+	// RecoveryCode is the code that can be used to recover the account
+	//
+	// required: true
+	RecoveryCode string `json:"recovery_code"`
+
+	// Expires At is the timestamp of when the recovery flow expires
+	//
+	// The timestamp when the recovery link expires.
+	ExpiresAt time.Time `json:"expires_at"`
+}
+
+// swagger:route POST /admin/recovery/code v0alpha2 adminCreateSelfServiceRecoveryCode
+//
+// # Create a Recovery Link
+//
+// This endpoint creates a recovery code which should be given to the user in order for them to recover
+// (or activate) their account.
+//
+//	Consumes:
+//	- application/json
+//
+//	Produces:
+//	- application/json
+//
+//	Schemes: http, https
+//
+//	Responses:
+//		201: selfServiceRecoveryCode
+//		400: jsonError
+//		404: jsonError
+//		500: jsonError
+func (s *Strategy) createRecoveryCode(w http.ResponseWriter, r *http.Request, _ httprouter.Params) {
+	var p adminCreateSelfServiceRecoveryCodeBody
+	if err := s.dx.Decode(r, &p, decoderx.HTTPJSONDecoder()); err != nil {
+		s.deps.Writer().WriteError(w, r, err)
+		return
+	}
+
+	ctx := r.Context()
+	config := s.deps.Config()
+
+	expiresIn := config.SelfServiceCodeMethodLifespan(ctx)
+	if len(p.ExpiresIn) > 0 {
+		// If an expiration of the code was supplied use it instead of the default duration
+		var err error
+		expiresIn, err = time.ParseDuration(p.ExpiresIn)
+		if err != nil {
+			s.deps.Writer().WriteError(w, r, errors.WithStack(herodot.
+				ErrBadRequest.
+				WithReasonf(`Unable to parse "expires_in" whose format should match "[0-9]+(ns|us|ms|s|m|h)" but did not: %s`, p.ExpiresIn)))
+			return
+		}
+	}
+
+	if time.Now().Add(expiresIn).Before(time.Now()) {
+		s.deps.Writer().WriteError(w, r, errors.WithStack(herodot.ErrBadRequest.WithReasonf(`Value from "expires_in" must result to a future time: %s`, p.ExpiresIn)))
+		return
+	}
+
+	flow, err := recovery.NewFlow(config, expiresIn, s.deps.GenerateCSRFToken(r), r, s, flow.TypeBrowser)
+	if err != nil {
+		s.deps.Writer().WriteError(w, r, err)
+		return
+	}
+	flow.DangerousSkipCSRFCheck = true
+	flow.State = recovery.StateEmailSent
+	flow.UI.Nodes.Append(node.NewInputField("code", nil, node.CodeGroup, node.InputAttributeTypeNumber, node.WithRequiredInputAttribute).
+		WithMetaLabel(text.NewInfoNodeLabelVerifyOTP()),
+	)
+
+	flow.UI.Nodes.
+		Append(node.NewInputField("method", s.RecoveryStrategyID(), node.CodeGroup, node.InputAttributeTypeSubmit).
+			WithMetaLabel(text.NewInfoNodeLabelSubmit()))
+
+	if err := s.deps.RecoveryFlowPersister().CreateRecoveryFlow(ctx, flow); err != nil {
+		s.deps.Writer().WriteError(w, r, err)
+		return
+	}
+
+	id, err := s.deps.IdentityPool().GetIdentity(ctx, p.IdentityID)
+	if notFoundErr := sqlcon.ErrNoRows; errors.As(err, ¬FoundErr) {
+		s.deps.Writer().WriteError(w, r, notFoundErr.WithReasonf("could not find identity"))
+		return
+	} else if err != nil {
+		s.deps.Writer().WriteError(w, r, err)
+		return
+	}
+
+	rawCode := GenerateRecoveryCode()
+
+	if _, err := s.deps.RecoveryCodePersister().CreateRecoveryCode(ctx, &CreateRecoveryCodeParams{
+		RawCode:    rawCode,
+		CodeType:   RecoveryCodeTypeAdmin,
+		ExpiresIn:  expiresIn,
+		FlowID:     flow.ID,
+		IdentityID: id.ID,
+	}); err != nil {
+		s.deps.Writer().WriteError(w, r, err)
+		return
+	}
+
+	s.deps.Audit().
+		WithField("identity_id", id.ID).
+		WithSensitiveField("recovery_code", rawCode).
+		Info("A recovery code has been created.")
+
+	body := &selfServiceRecoveryCode{
+		ExpiresAt: flow.ExpiresAt.UTC(),
+		RecoveryLink: urlx.CopyWithQuery(
+			s.deps.Config().SelfServiceFlowRecoveryUI(ctx),
+			url.Values{
+				"flow": {flow.ID.String()},
+			}).String(),
+		RecoveryCode: rawCode,
+	}
+
+	s.deps.Writer().WriteCode(w, r, http.StatusCreated, body, herodot.UnescapedHTML)
+}
+
+// swagger:model submitSelfServiceRecoveryFlowWithCodeMethodBody
+// nolint:deadcode,unused
+type submitSelfServiceRecoveryFlowWithCodeMethodBody struct {
+	// Email to Recover
+	//
+	// Needs to be set when initiating the flow. If the email is a registered
+	// recovery email, a recovery link will be sent. If the email is not known,
+	// a email with details on what happened will be sent instead.
+	//
+	// format: email
+	// required: false
+	Email string `json:"email" form:"email"`
+
+	// Code from recovery email
+	//
+	// Sent to the user once a recovery has been initiated and is used to prove
+	// that the user is in possession of the email
+	//
+	// required: false
+	Code string `json:"code" form:"code"`
+
+	// Sending the anti-csrf token is only required for browser login flows.
+	CSRFToken string `form:"csrf_token" json:"csrf_token"`
+
+	// Method supports `link` and `code` only right now.
+	//
+	// required: true
+	Method string `json:"method"`
+}
+
+func (s Strategy) isCodeFlow(f *recovery.Flow) bool {
+	value, err := f.Active.Value()
+	if err != nil {
+		return false
+	}
+	return value == s.RecoveryNodeGroup().String()
+}
+
+func (s *Strategy) Recover(w http.ResponseWriter, r *http.Request, f *recovery.Flow) (err error) {
+	if !s.isCodeFlow(f) {
+		return errors.WithStack(flow.ErrStrategyNotResponsible)
+	}
+
+	body, err := s.decodeRecovery(r)
+	if err != nil {
+		return s.HandleRecoveryError(w, r, nil, body, err)
+	}
+	ctx := r.Context()
+
+	// If a CSRF violation occurs the flow is most likely FUBAR, as the user either lost the CSRF token, or an attack occured.
+	// In this case, we just issue a new flow and "abandon" the old flow.
+	if err := flow.EnsureCSRF(s.deps, r, f.Type, s.deps.Config().DisableAPIFlowEnforcement(ctx), s.deps.GenerateCSRFToken, body.CSRFToken); err != nil {
+		return s.retryRecoveryFlowWithError(w, r, flow.TypeBrowser, err)
+	}
+
+	sID := s.RecoveryStrategyID()
+
+	// If the email is present in the submission body, the user needs a new code via resend
+	if f.State != recovery.StateChooseMethod && len(body.Email) == 0 {
+		if err := flow.MethodEnabledAndAllowed(ctx, sID, sID, s.deps); err != nil {
+			return s.HandleRecoveryError(w, r, nil, body, err)
+		}
+		return s.recoveryUseCode(w, r, body, f)
+	}
+
+	if _, err := s.deps.SessionManager().FetchFromRequest(ctx, r); err == nil {
+		// User is already logged in
+		if x.IsJSONRequest(r) {
+			session.RespondWithJSONErrorOnAuthenticated(s.deps.Writer(), recovery.ErrAlreadyLoggedIn)(w, r, nil)
+		} else {
+			session.RedirectOnAuthenticated(s.deps)(w, r, nil)
+		}
+		return errors.WithStack(flow.ErrCompletedByStrategy)
+	}
+
+	if err := flow.MethodEnabledAndAllowed(ctx, sID, body.Method, s.deps); err != nil {
+		return s.HandleRecoveryError(w, r, nil, body, err)
+	}
+
+	flow, err := s.deps.RecoveryFlowPersister().GetRecoveryFlow(ctx, x.ParseUUID(body.Flow))
+	if err != nil {
+		return s.HandleRecoveryError(w, r, flow, body, err)
+	}
+
+	if err := flow.Valid(); err != nil {
+		return s.HandleRecoveryError(w, r, flow, body, err)
+	}
+
+	switch flow.State {
+	case recovery.StateChooseMethod:
+		fallthrough
+	case recovery.StateEmailSent:
+		return s.recoveryHandleFormSubmission(w, r, flow, body)
+	case recovery.StatePassedChallenge:
+		// was already handled, do not allow retry
+		return s.retryRecoveryFlowWithMessage(w, r, flow.Type, text.NewErrorValidationRecoveryRetrySuccess())
+	default:
+		return s.retryRecoveryFlowWithMessage(w, r, flow.Type, text.NewErrorValidationRecoveryStateFailure())
+	}
+}
+
+func (s *Strategy) recoveryIssueSession(w http.ResponseWriter, r *http.Request, f *recovery.Flow, id *identity.Identity) error {
+	ctx := r.Context()
+
+	f.UI.Messages.Clear()
+	f.State = recovery.StatePassedChallenge
+	f.SetCSRFToken(s.deps.CSRFHandler().RegenerateToken(w, r))
+	f.RecoveredIdentityID = uuid.NullUUID{
+		UUID:  id.ID,
+		Valid: true,
+	}
+	if err := s.deps.RecoveryFlowPersister().UpdateRecoveryFlow(ctx, f); err != nil {
+		return s.retryRecoveryFlowWithError(w, r, f.Type, err)
+	}
+
+	sess, err := session.NewActiveSession(r, id, s.deps.Config(), time.Now().UTC(),
+		identity.CredentialsTypeRecoveryCode, identity.AuthenticatorAssuranceLevel1)
+	if err != nil {
+		return s.retryRecoveryFlowWithError(w, r, f.Type, err)
+	}
+
+	// TODO: How does this work with Mobile?
+	if err := s.deps.SessionManager().UpsertAndIssueCookie(ctx, w, r, sess); err != nil {
+		return s.retryRecoveryFlowWithError(w, r, f.Type, err)
+	}
+
+	sf, err := s.deps.SettingsHandler().NewFlow(w, r, sess.Identity, f.Type)
+	if err != nil {
+		return s.retryRecoveryFlowWithError(w, r, f.Type, err)
+	}
+
+	// Carry `return_to` parameter over from recovery flow
+	sfRequestURL, err := url.Parse(sf.RequestURL)
+	if err != nil {
+		return s.retryRecoveryFlowWithError(w, r, f.Type, err)
+	}
+
+	fRequestURL, err := url.Parse(f.RequestURL)
+	if err != nil {
+		return s.retryRecoveryFlowWithError(w, r, f.Type, err)
+	}
+
+	sfQuery := sfRequestURL.Query()
+	sfQuery.Set("return_to", fRequestURL.Query().Get("return_to"))
+	sfRequestURL.RawQuery = sfQuery.Encode()
+	sf.RequestURL = sfRequestURL.String()
+
+	if err := s.deps.RecoveryExecutor().PostRecoveryHook(w, r, f, sess); err != nil {
+		return s.retryRecoveryFlowWithError(w, r, f.Type, err)
+	}
+
+	config := s.deps.Config()
+
+	sf.UI.Messages.Set(text.NewRecoverySuccessful(time.Now().Add(config.SelfServiceFlowSettingsPrivilegedSessionMaxAge(ctx))))
+	if err := s.deps.SettingsFlowPersister().UpdateSettingsFlow(r.Context(), sf); err != nil {
+		return s.retryRecoveryFlowWithError(w, r, f.Type, err)
+	}
+
+	if x.IsJSONRequest(r) {
+		s.deps.Writer().WriteError(w, r, flow.NewBrowserLocationChangeRequiredError(sf.AppendTo(s.deps.Config().SelfServiceFlowSettingsUI(r.Context())).String()))
+	} else {
+		http.Redirect(w, r, sf.AppendTo(s.deps.Config().SelfServiceFlowSettingsUI(r.Context())).String(), http.StatusSeeOther)
+	}
+
+	return errors.WithStack(flow.ErrCompletedByStrategy)
+}
+
+func (s *Strategy) recoveryUseCode(w http.ResponseWriter, r *http.Request, body *recoverySubmitPayload, f *recovery.Flow) error {
+	ctx := r.Context()
+	code, err := s.deps.RecoveryCodePersister().UseRecoveryCode(ctx, f.ID, body.Code)
+	if errors.Is(err, ErrCodeNotFound) {
+		f.UI.Messages.Clear()
+		f.UI.Messages.Add(text.NewErrorValidationRecoveryCodeInvalidOrAlreadyUsed())
+		if err := s.deps.RecoveryFlowPersister().UpdateRecoveryFlow(ctx, f); err != nil {
+			return s.retryRecoveryFlowWithError(w, r, f.Type, err)
+		}
+
+		// No error
+		return nil
+	} else if err != nil {
+		return s.retryRecoveryFlowWithError(w, r, f.Type, err)
+	}
+
+	recovered, err := s.deps.IdentityPool().GetIdentity(ctx, code.IdentityID)
+	if err != nil {
+		return s.HandleRecoveryError(w, r, f, nil, err)
+	}
+
+	// mark address as verified only for a self-service flow
+	if code.CodeType == RecoveryCodeTypeSelfService {
+		if err := s.markRecoveryAddressVerified(w, r, f, recovered, code.RecoveryAddress); err != nil {
+			return s.HandleRecoveryError(w, r, f, body, err)
+		}
+	}
+
+	return s.recoveryIssueSession(w, r, f, recovered)
+}
+
+func (s *Strategy) retryRecoveryFlowWithMessage(w http.ResponseWriter, r *http.Request, ft flow.Type, message *text.Message) error {
+	s.deps.Logger().
+		WithRequest(r).
+		WithField("message", message).
+		Debug("A recovery flow is being retried because a validation error occurred.")
+
+	ctx := r.Context()
+	config := s.deps.Config()
+
+	f, err := recovery.NewFlow(config, config.SelfServiceFlowRecoveryRequestLifespan(ctx), s.deps.CSRFHandler().RegenerateToken(w, r), r, s, ft)
+	if err != nil {
+		return err
+	}
+
+	f.UI.Messages.Add(message)
+	if err := s.deps.RecoveryFlowPersister().CreateRecoveryFlow(ctx, f); err != nil {
+		return err
+	}
+
+	if x.IsJSONRequest(r) {
+		http.Redirect(w, r, urlx.CopyWithQuery(urlx.AppendPaths(config.SelfPublicURL(ctx),
+			recovery.RouteGetFlow), url.Values{"id": {f.ID.String()}}).String(), http.StatusSeeOther)
+	} else {
+		http.Redirect(w, r, f.AppendTo(config.SelfServiceFlowRecoveryUI(ctx)).String(), http.StatusSeeOther)
+	}
+
+	return errors.WithStack(flow.ErrCompletedByStrategy)
+}
+
+func (s *Strategy) retryRecoveryFlowWithError(w http.ResponseWriter, r *http.Request, ft flow.Type, recErr error) error {
+	s.deps.Logger().
+		WithRequest(r).
+		WithError(recErr).
+		Debug("A recovery flow is being retried because a validation error occurred.")
+
+	ctx := r.Context()
+	config := s.deps.Config()
+
+	if expired := new(flow.ExpiredError); errors.As(recErr, &expired) {
+		return s.retryRecoveryFlowWithMessage(w, r, ft, text.NewErrorValidationRecoveryFlowExpired(expired.Ago))
+	}
+
+	f, err := recovery.NewFlow(config, config.SelfServiceFlowRecoveryRequestLifespan(ctx), s.deps.CSRFHandler().RegenerateToken(w, r), r, s, ft)
+	if err != nil {
+		return err
+	}
+	if err := f.UI.ParseError(node.CodeGroup, recErr); err != nil {
+		return err
+	}
+	if err := s.deps.RecoveryFlowPersister().CreateRecoveryFlow(ctx, f); err != nil {
+		return err
+	}
+
+	if x.IsJSONRequest(r) {
+		http.Redirect(w, r, urlx.CopyWithQuery(urlx.AppendPaths(config.SelfPublicURL(ctx),
+			recovery.RouteGetFlow), url.Values{"id": {f.ID.String()}}).String(), http.StatusSeeOther)
+	} else {
+		http.Redirect(w, r, f.AppendTo(config.SelfServiceFlowRecoveryUI(ctx)).String(), http.StatusSeeOther)
+	}
+
+	return errors.WithStack(flow.ErrCompletedByStrategy)
+}
+
+// recoveryHandleFormSubmission handles the submission of an Email for recovery
+func (s *Strategy) recoveryHandleFormSubmission(w http.ResponseWriter, r *http.Request, f *recovery.Flow, body *recoverySubmitPayload) error {
+	if len(body.Email) == 0 {
+		return s.HandleRecoveryError(w, r, f, body, schema.NewRequiredError("#/email", "email"))
+	}
+
+	ctx := r.Context()
+	config := s.deps.Config()
+
+	if err := flow.EnsureCSRF(s.deps, r, f.Type, config.DisableAPIFlowEnforcement(ctx), s.deps.GenerateCSRFToken, body.CSRFToken); err != nil {
+		return s.HandleRecoveryError(w, r, f, body, err)
+	}
+
+	if err := s.deps.RecoveryCodePersister().DeleteRecoveryCodesOfFlow(ctx, f.ID); err != nil {
+		return s.HandleRecoveryError(w, r, f, body, err)
+	}
+
+	if err := s.deps.RecoveryCodeSender().SendRecoveryCode(ctx, r, f, identity.VerifiableAddressTypeEmail, body.Email); err != nil {
+		if !errors.Is(err, ErrUnknownAddress) {
+			return s.HandleRecoveryError(w, r, f, body, err)
+		}
+		// Continue execution
+	}
+
+	// re-initialize the UI with a "clean" new state
+	f.UI = &container.Container{
+		Method: "POST",
+		Action: flow.AppendFlowTo(urlx.AppendPaths(s.deps.Config().SelfPublicURL(r.Context()), recovery.RouteSubmitFlow), f.ID).String(),
+	}
+
+	f.UI.SetCSRF(s.deps.GenerateCSRFToken(r))
+
+	f.Active = sqlxx.NullString(s.RecoveryNodeGroup())
+	f.State = recovery.StateEmailSent
+	f.UI.Messages.Set(text.NewRecoveryEmailWithCodeSent())
+	f.UI.Nodes.Append(node.NewInputField("code", nil, node.CodeGroup, node.InputAttributeTypeNumber, node.WithRequiredInputAttribute).
+		WithMetaLabel(text.NewInfoNodeLabelVerifyOTP()),
+	)
+	f.UI.Nodes.Append(node.NewInputField("method", s.RecoveryNodeGroup(), node.CodeGroup, node.InputAttributeTypeHidden))
+
+	f.UI.
+		GetNodes().
+		Append(node.NewInputField("method", s.RecoveryStrategyID(), node.CodeGroup, node.InputAttributeTypeSubmit).
+			WithMetaLabel(text.NewInfoNodeLabelSubmit()))
+
+	f.UI.Nodes.Append(node.NewInputField("email", body.Email, node.CodeGroup, node.InputAttributeTypeSubmit).
+		WithMetaLabel(text.NewInfoNodeResendOTP()),
+	)
+	if err := s.deps.RecoveryFlowPersister().UpdateRecoveryFlow(r.Context(), f); err != nil {
+		return s.HandleRecoveryError(w, r, f, body, err)
+	}
+
+	return nil
+}
+
+func (s *Strategy) markRecoveryAddressVerified(w http.ResponseWriter, r *http.Request, f *recovery.Flow, id *identity.Identity, recoveryAddress *identity.RecoveryAddress) error {
+	var address *identity.VerifiableAddress
+	for idx := range id.VerifiableAddresses {
+		va := id.VerifiableAddresses[idx]
+		if va.Value == recoveryAddress.Value {
+			address = &va
+			break
+		}
+	}
+
+	if address != nil && !address.Verified { // can it be that the address is nil?
+		address.Verified = true
+		verifiedAt := sqlxx.NullTime(time.Now().UTC())
+		address.VerifiedAt = &verifiedAt
+		address.Status = identity.VerifiableAddressStatusCompleted
+		if err := s.deps.PrivilegedIdentityPool().UpdateVerifiableAddress(r.Context(), address); err != nil {
+			return s.HandleRecoveryError(w, r, f, nil, err)
+		}
+	}
+
+	return nil
+}
+
+func (s *Strategy) HandleRecoveryError(w http.ResponseWriter, r *http.Request, flow *recovery.Flow, body *recoverySubmitPayload, err error) error {
+	if flow != nil {
+		email := ""
+		if body != nil {
+			email = body.Email
+		}
+
+		flow.UI.SetCSRF(s.deps.GenerateCSRFToken(r))
+		flow.UI.GetNodes().Upsert(
+			node.NewInputField("email", email, node.CodeGroup, node.InputAttributeTypeEmail, node.WithRequiredInputAttribute).
+				WithMetaLabel(text.NewInfoNodeInputEmail()),
+		)
+	}
+
+	return err
+}
+
+type recoverySubmitPayload struct {
+	Method    string `json:"method" form:"method"`
+	Code      string `json:"code" form:"code"`
+	CSRFToken string `json:"csrf_token" form:"csrf_token"`
+	Flow      string `json:"flow" form:"flow"`
+	Email     string `json:"email" form:"email"`
+}
+
+func (s *Strategy) decodeRecovery(r *http.Request) (*recoverySubmitPayload, error) {
+	var body recoverySubmitPayload
+
+	compiler, err := decoderx.HTTPRawJSONSchemaCompiler(recoveryMethodSchema)
+	if err != nil {
+		return nil, errors.WithStack(err)
+	}
+
+	if err := s.dx.Decode(r, &body, compiler,
+		decoderx.HTTPDecoderUseQueryAndBody(),
+		decoderx.HTTPKeepRequestBody(true),
+		decoderx.HTTPDecoderAllowedMethods("POST"),
+		decoderx.HTTPDecoderSetValidatePayloads(true),
+		decoderx.HTTPDecoderJSONFollowsFormFormat(),
+	); err != nil {
+		return nil, errors.WithStack(err)
+	}
+
+	return &body, nil
+}
diff --git a/selfservice/strategy/code/strategy_recovery_test.go b/selfservice/strategy/code/strategy_recovery_test.go
new file mode 100644
index 000000000000..1ee20a82259e
--- /dev/null
+++ b/selfservice/strategy/code/strategy_recovery_test.go
@@ -0,0 +1,993 @@
+package code_test
+
+import (
+	"bytes"
+	"context"
+	_ "embed"
+	"encoding/json"
+	"fmt"
+	"net/http"
+	"net/http/httptest"
+	"net/url"
+	"strings"
+	"testing"
+	"time"
+
+	"github.com/davecgh/go-spew/spew"
+	errors "github.com/pkg/errors"
+
+	"github.com/ory/kratos/driver"
+	"github.com/ory/kratos/session"
+
+	"github.com/ory/kratos/ui/node"
+
+	kratos "github.com/ory/kratos-client-go"
+
+	"github.com/ory/kratos/corpx"
+
+	"github.com/ory/x/ioutilx"
+	"github.com/ory/x/pointerx"
+	"github.com/ory/x/snapshotx"
+	"github.com/ory/x/urlx"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+	"github.com/tidwall/gjson"
+
+	"github.com/ory/x/sqlxx"
+
+	"github.com/ory/x/assertx"
+
+	"github.com/ory/kratos/driver/config"
+	"github.com/ory/kratos/identity"
+	"github.com/ory/kratos/internal"
+	"github.com/ory/kratos/internal/testhelpers"
+	"github.com/ory/kratos/selfservice/flow"
+	"github.com/ory/kratos/selfservice/flow/recovery"
+	"github.com/ory/kratos/selfservice/strategy/code"
+	"github.com/ory/kratos/text"
+	"github.com/ory/kratos/x"
+)
+
+func init() {
+	corpx.RegisterFakes()
+}
+
+func assertMessage(t *testing.T, body []byte, message string) {
+	t.Helper()
+	assert.Len(t, gjson.GetBytes(body, "ui.messages").Array(), 1)
+	assert.Equal(t, message, gjson.GetBytes(body, "ui.messages.0.text").String())
+}
+
+func extractCsrfToken(body []byte) string {
+	return gjson.GetBytes(body, "ui.nodes.#(attributes.name==csrf_token).attributes.value").String()
+}
+
+func TestAdminStrategy(t *testing.T) {
+	ctx := context.Background()
+	conf, reg := internal.NewFastRegistryWithMocks(t)
+	initViper(t, ctx, conf)
+
+	_ = testhelpers.NewRecoveryUIFlowEchoServer(t, reg)
+	_ = testhelpers.NewSettingsUIFlowEchoServer(t, reg)
+	_ = testhelpers.NewLoginUIFlowEchoServer(t, reg)
+	_ = testhelpers.NewErrorTestServer(t, reg)
+
+	publicTS, adminTS := testhelpers.NewKratosServer(t, reg)
+	adminSDK := testhelpers.NewSDKClient(adminTS)
+
+	createCode := func(id string, expiresIn *string) (*kratos.SelfServiceRecoveryCode, *http.Response, error) {
+		return adminSDK.V0alpha2Api.
+			AdminCreateSelfServiceRecoveryCode(context.Background()).
+			AdminCreateSelfServiceRecoveryCodeBody(
+				kratos.AdminCreateSelfServiceRecoveryCodeBody{
+					IdentityId: id,
+					ExpiresIn:  expiresIn,
+				}).
+			Execute()
+	}
+
+	t.Run("no panic on empty body #1384", func(t *testing.T) {
+		ctx := context.Background()
+		s, err := reg.RecoveryStrategies(ctx).Strategy("code")
+		require.NoError(t, err)
+		w := httptest.NewRecorder()
+		r := &http.Request{URL: new(url.URL)}
+		f, err := recovery.NewFlow(reg.Config(), time.Minute, "", r, s, flow.TypeBrowser)
+		require.NoError(t, err)
+		require.NotPanics(t, func() {
+			require.Error(t, s.(*code.Strategy).HandleRecoveryError(w, r, f, nil, errors.New("test")))
+		})
+	})
+
+	t.Run("description=should not be able to recover an account that does not exist", func(t *testing.T) {
+		_, _, err := createCode(x.NewUUID().String(), nil)
+
+		require.IsType(t, err, new(kratos.GenericOpenAPIError), "%T", err)
+		snapshotx.SnapshotT(t, err.(*kratos.GenericOpenAPIError).Model())
+	})
+
+	t.Run("description=should fail on malformed expiry time", func(t *testing.T) {
+		_, _, err := createCode(x.NewUUID().String(), pointerx.String("not-a-valid-value"))
+		require.IsType(t, err, new(kratos.GenericOpenAPIError), "%T", err)
+		snapshotx.SnapshotT(t, err.(*kratos.GenericOpenAPIError).Model())
+	})
+
+	t.Run("description=should fail on negative expiry time", func(t *testing.T) {
+		_, _, err := createCode(x.NewUUID().String(), pointerx.String("-1h"))
+		require.IsType(t, err, new(kratos.GenericOpenAPIError), "%T", err)
+		snapshotx.SnapshotT(t, err.(*kratos.GenericOpenAPIError).Model())
+	})
+
+	submitRecoveryLink := func(t *testing.T, link string, code string) []byte {
+		t.Helper()
+		res, err := publicTS.Client().Get(link)
+		require.NoError(t, err)
+		body := ioutilx.MustReadAll(res.Body)
+
+		action := gjson.GetBytes(body, "ui.action").String()
+		require.NotEmpty(t, action)
+		csrfToken := gjson.GetBytes(body, "ui.nodes.#(attributes.name==csrf_token).attributes.value").String()
+		require.NotEmpty(t, csrfToken)
+
+		res, err = publicTS.Client().PostForm(action, url.Values{
+			"csrf_token": {csrfToken},
+			"code":       {code},
+		})
+		assert.Equal(t, http.StatusOK, res.StatusCode)
+
+		return ioutilx.MustReadAll(res.Body)
+	}
+
+	t.Run("description=should create code without email", func(t *testing.T) {
+		id := identity.Identity{Traits: identity.Traits(`{}`)}
+
+		require.NoError(t, reg.IdentityManager().Create(context.Background(),
+			&id, identity.ManagerAllowWriteProtectedTraits))
+
+		code, _, err := createCode(id.ID.String(), nil)
+		require.NoError(t, err)
+
+		require.NotEmpty(t, code.RecoveryLink)
+		require.Contains(t, code.RecoveryLink, "flow=")
+		require.NotContains(t, code.RecoveryLink, "code=")
+		require.NotEmpty(t, code.RecoveryCode)
+		require.True(t, code.ExpiresAt.Before(time.Now().Add(conf.SelfServiceFlowRecoveryRequestLifespan(ctx))))
+
+		body := submitRecoveryLink(t, code.RecoveryLink, code.RecoveryCode)
+		assertMessage(t, body, "You successfully recovered your account. Please change your password or set up an alternative login method (e.g. social sign in) within the next 60.00 minutes.")
+	})
+
+	t.Run("description=should not be able to recover with expired code", func(t *testing.T) {
+		recoveryEmail := "recover.expired@ory.sh"
+		id := identity.Identity{Traits: identity.Traits(fmt.Sprintf(`{"email":"%s"}`, recoveryEmail))}
+
+		require.NoError(t, reg.IdentityManager().Create(context.Background(),
+			&id, identity.ManagerAllowWriteProtectedTraits))
+
+		code, _, err := createCode(id.ID.String(), pointerx.String("100ms"))
+		require.NoError(t, err)
+
+		time.Sleep(time.Millisecond * 100)
+		require.NotEmpty(t, code.RecoveryLink)
+		require.True(t, code.ExpiresAt.Before(time.Now().Add(conf.SelfServiceFlowRecoveryRequestLifespan(ctx))))
+
+		body := submitRecoveryLink(t, code.RecoveryLink, code.RecoveryCode)
+		assertMessage(t, body, "The recovery flow expired 0.00 minutes ago, please try again.")
+
+		// The recovery address should not be verified if the flow was initiated by the admins
+		addr, err := reg.IdentityPool().FindVerifiableAddressByValue(context.Background(), identity.VerifiableAddressTypeEmail, recoveryEmail)
+		assert.NoError(t, err)
+		assert.False(t, addr.Verified)
+		assert.Nil(t, addr.VerifiedAt)
+		assert.Equal(t, identity.VerifiableAddressStatusPending, addr.Status)
+	})
+
+	t.Run("description=should create a valid recovery link and set the expiry time as well and recover the account", func(t *testing.T) {
+		recoveryEmail := "recoverme@ory.sh"
+		id := identity.Identity{Traits: identity.Traits(fmt.Sprintf(`{"email":"%s"}`, recoveryEmail))}
+
+		require.NoError(t, reg.IdentityManager().Create(context.Background(),
+			&id, identity.ManagerAllowWriteProtectedTraits))
+
+		code, _, err := createCode(id.ID.String(), nil)
+		require.NoError(t, err)
+
+		require.NotEmpty(t, code.RecoveryLink)
+		require.True(t, code.ExpiresAt.Before(time.Now().Add(conf.SelfServiceFlowRecoveryRequestLifespan(ctx)+time.Second)))
+
+		body := submitRecoveryLink(t, code.RecoveryLink, code.RecoveryCode)
+
+		assertMessage(t, body, "You successfully recovered your account. Please change your password or set up an alternative login method (e.g. social sign in) within the next 60.00 minutes.")
+
+		addr, err := reg.IdentityPool().FindVerifiableAddressByValue(context.Background(), identity.VerifiableAddressTypeEmail, recoveryEmail)
+		assert.NoError(t, err)
+		assert.False(t, addr.Verified)
+		assert.Nil(t, addr.VerifiedAt)
+		assert.Equal(t, identity.VerifiableAddressStatusPending, addr.Status)
+	})
+
+	t.Run("case=should not be able to use code from different flow", func(t *testing.T) {
+		email := strings.ToLower(testhelpers.RandomEmail())
+		i := createIdentityToRecover(t, reg, email)
+
+		c1, _, err := createCode(i.ID.String(), pointerx.String("1h"))
+		require.NoError(t, err)
+		c2, _, err := createCode(i.ID.String(), pointerx.String("1h"))
+		require.NoError(t, err)
+		code2 := c2.RecoveryCode
+		require.NotEmpty(t, code2)
+
+		body := submitRecoveryLink(t, c1.RecoveryLink, c2.RecoveryCode)
+
+		assertMessage(t, body, "The recovery code is invalid or has already been used. Please try again.")
+	})
+}
+
+const (
+	RecoveryFlowTypeBrowser string = "browser"
+	RecoveryFlowTypeSPA     string = "spa"
+	RecoveryFlowTypeAPI     string = "api"
+)
+
+func apiHttpClient(t *testing.T) *http.Client {
+	return &http.Client{}
+}
+
+func spaHttpClient(t *testing.T) *http.Client {
+	return testhelpers.NewClientWithCookies(t)
+}
+
+func browserHttpClient(t *testing.T) *http.Client {
+	return testhelpers.NewClientWithCookies(t)
+}
+
+var flowTypes = []string{RecoveryFlowTypeBrowser, RecoveryFlowTypeAPI, RecoveryFlowTypeSPA}
+
+var flowTypeCases = []struct {
+	FlowType        string
+	GetClient       func(*testing.T) *http.Client
+	FormContentType string
+}{
+	{
+		FlowType:        RecoveryFlowTypeBrowser,
+		GetClient:       testhelpers.NewClientWithCookies,
+		FormContentType: "application/x-www-form-urlencoded",
+	},
+	{
+		FlowType: RecoveryFlowTypeAPI,
+		GetClient: func(_ *testing.T) *http.Client {
+			return &http.Client{}
+		},
+		FormContentType: "application/json",
+	},
+	{
+		FlowType:        RecoveryFlowTypeSPA,
+		GetClient:       testhelpers.NewClientWithCookies,
+		FormContentType: "application/json",
+	},
+}
+
+func withCSRFToken(t *testing.T, flowType, body string, v url.Values) string {
+	t.Helper()
+	csrfToken := gjson.Get(body, "ui.nodes.#(attributes.name==csrf_token).attributes.value").String()
+	if csrfToken != "" && flowType != RecoveryFlowTypeAPI {
+		v.Set("csrf_token", csrfToken)
+	}
+	if flowType == RecoveryFlowTypeBrowser {
+		return v.Encode()
+	}
+	return testhelpers.EncodeFormAsJSON(t, true, v)
+}
+
+func createIdentityToRecover(t *testing.T, reg *driver.RegistryDefault, email string) *identity.Identity {
+	t.Helper()
+	var id = &identity.Identity{
+		Credentials: map[identity.CredentialsType]identity.Credentials{
+			"password": {
+				Type:        "password",
+				Identifiers: []string{email},
+				Config:      sqlxx.JSONRawMessage(`{"hashed_password":"foo"}`),
+			},
+		},
+		Traits:   identity.Traits(fmt.Sprintf(`{"email":"%s"}`, email)),
+		SchemaID: config.DefaultIdentityTraitsSchemaID,
+	}
+	require.NoError(t, reg.IdentityManager().Create(context.Background(), id, identity.ManagerAllowWriteProtectedTraits))
+
+	addr, err := reg.IdentityPool().FindVerifiableAddressByValue(context.Background(), identity.VerifiableAddressTypeEmail, email)
+	assert.NoError(t, err)
+	assert.False(t, addr.Verified)
+	assert.Nil(t, addr.VerifiedAt)
+	assert.Equal(t, identity.VerifiableAddressStatusPending, addr.Status)
+	return id
+}
+
+func TestRecovery(t *testing.T) {
+	ctx := context.Background()
+	conf, reg := internal.NewFastRegistryWithMocks(t)
+	conf.MustSet(ctx, config.ViperKeySelfServiceStrategyConfig+"."+recovery.StrategyRecoveryLinkName+".enabled", false)
+	initViper(t, ctx, conf)
+
+	_ = testhelpers.NewRecoveryUIFlowEchoServer(t, reg)
+	_ = testhelpers.NewLoginUIFlowEchoServer(t, reg)
+	_ = testhelpers.NewSettingsUIFlowEchoServer(t, reg)
+	_ = testhelpers.NewErrorTestServer(t, reg)
+
+	public, _, _, _ := testhelpers.NewKratosServerWithCSRFAndRouters(t, reg)
+
+	var submitRecovery = func(t *testing.T, client *http.Client, flowType string, values func(url.Values), code int) string {
+		isSPA := flowType == RecoveryFlowTypeSPA
+		isAPI := flowType == RecoveryFlowTypeAPI
+		if client == nil {
+			client = testhelpers.NewDebugClient(t)
+			if !isAPI {
+				client = testhelpers.NewClientWithCookies(t)
+				client.Transport = testhelpers.NewTransportWithLogger(http.DefaultTransport, t).RoundTripper
+			}
+		}
+
+		expectedUrl := testhelpers.ExpectURL(isAPI || isSPA, public.URL+recovery.RouteSubmitFlow, conf.SelfServiceFlowRecoveryUI(ctx).String())
+		return testhelpers.SubmitRecoveryForm(t, isAPI, isSPA, client, public, values, code, expectedUrl)
+	}
+
+	var submitRecoveryCode = func(t *testing.T, client *http.Client, flow string, flowType string, recoveryCode string, statusCode int) string {
+		action := gjson.Get(flow, "ui.action").String()
+		assert.NotEmpty(t, action)
+
+		values := withCSRFToken(t, flowType, flow, url.Values{
+			"code":   {recoveryCode},
+			"method": {"code"},
+		})
+
+		contentType := "application/json"
+		if flowType == RecoveryFlowTypeBrowser {
+			contentType = "application/x-www-form-urlencoded"
+		}
+
+		res, err := client.Post(action, contentType, bytes.NewBufferString(values))
+		require.NoError(t, err)
+		assert.Equal(t, statusCode, res.StatusCode)
+
+		return string(ioutilx.MustReadAll(res.Body))
+	}
+
+	var resendRecoveryCode = func(t *testing.T, client *http.Client, flow string, flowType string, statusCode int) string {
+		action := gjson.Get(flow, "ui.action").String()
+		assert.NotEmpty(t, action)
+
+		email := gjson.Get(flow, "ui.nodes.#(attributes.name==email).attributes.value").String()
+
+		values := withCSRFToken(t, flowType, flow, url.Values{
+			"method": {"code"},
+			"email":  {email},
+		})
+
+		contentType := "application/json"
+		if flowType == RecoveryFlowTypeBrowser {
+			contentType = "application/x-www-form-urlencoded"
+		}
+
+		res, err := client.Post(action, contentType, bytes.NewBufferString(values))
+		require.NoError(t, err)
+		assert.Equal(t, statusCode, res.StatusCode)
+
+		return string(ioutilx.MustReadAll(res.Body))
+	}
+
+	var expectValidationError = func(t *testing.T, hc *http.Client, flowType string, values func(url.Values)) string {
+		code := testhelpers.ExpectStatusCode(flowType == RecoveryFlowTypeAPI || flowType == RecoveryFlowTypeSPA, http.StatusBadRequest, http.StatusOK)
+		return submitRecovery(t, hc, flowType, values, code)
+	}
+
+	var expectSuccessfulRecovery = func(t *testing.T, hc *http.Client, flowType string, values func(url.Values)) string {
+		code := testhelpers.ExpectStatusCode(flowType == RecoveryFlowTypeAPI || flowType == RecoveryFlowTypeSPA, http.StatusUnprocessableEntity, http.StatusOK)
+		return submitRecovery(t, hc, flowType, values, code)
+	}
+
+	var ExpectVerfiableAddressStatus = func(t *testing.T, email string, status identity.VerifiableAddressStatus) {
+		addr, err := reg.IdentityPool().
+			FindVerifiableAddressByValue(context.Background(), identity.VerifiableAddressTypeEmail, email)
+		assert.NoError(t, err)
+		assert.Equal(t, status, addr.Status, "verifiable address %s was not %s. instead %", email, status, addr.Status)
+	}
+
+	t.Run("description=should recover an account", func(t *testing.T) {
+		var checkRecovery = func(t *testing.T, client *http.Client, flowType, recoveryEmail, recoverySubmissionResponse, returnTo string) string {
+
+			ExpectVerfiableAddressStatus(t, recoveryEmail, identity.VerifiableAddressStatusPending)
+
+			assert.EqualValues(t, node.CodeGroup, gjson.Get(recoverySubmissionResponse, "active").String(), "%s", recoverySubmissionResponse)
+			assert.True(t, gjson.Get(recoverySubmissionResponse, "ui.nodes.#(attributes.name==code)").Exists(), "%s", recoverySubmissionResponse)
+			assert.Len(t, gjson.Get(recoverySubmissionResponse, "ui.messages").Array(), 1, "%s", recoverySubmissionResponse)
+			assertx.EqualAsJSON(t, text.NewRecoveryEmailWithCodeSent(), json.RawMessage(gjson.Get(recoverySubmissionResponse, "ui.messages.0").Raw))
+
+			message := testhelpers.CourierExpectMessage(t, reg, recoveryEmail, "Recover access to your account")
+			assert.Contains(t, message.Body, "please recover access to your account by entering the following code")
+
+			recoveryCode := testhelpers.CourierExpectCodeInMessage(t, message, 1)
+			assert.NotEmpty(t, recoveryCode)
+
+			statusCode := testhelpers.ExpectStatusCode(flowType == RecoveryFlowTypeAPI || flowType == RecoveryFlowTypeSPA, http.StatusUnprocessableEntity, http.StatusOK)
+			return submitRecoveryCode(t, client, recoverySubmissionResponse, flowType, recoveryCode, statusCode)
+		}
+
+		t.Run("type=browser", func(t *testing.T) {
+			client := testhelpers.NewClientWithCookies(t)
+			email := "recoverme1@ory.sh"
+			createIdentityToRecover(t, reg, email)
+			recoverySubmissionResponse := submitRecovery(t, client, RecoveryFlowTypeBrowser, func(v url.Values) {
+				v.Set("email", email)
+			}, http.StatusOK)
+			body := checkRecovery(t, client, RecoveryFlowTypeBrowser, email, recoverySubmissionResponse, "")
+
+			assert.Equal(t, text.NewRecoverySuccessful(time.Now().Add(time.Hour)).Text,
+				gjson.Get(body, "ui.messages.0.text").String())
+
+			res, err := client.Get(public.URL + session.RouteWhoami)
+			require.NoError(t, err)
+			body = string(x.MustReadAll(res.Body))
+			require.NoError(t, res.Body.Close())
+			assert.Equal(t, "code_recovery", gjson.Get(body, "authentication_methods.0.method").String(), "%s", body)
+			assert.Equal(t, "aal1", gjson.Get(body, "authenticator_assurance_level").String(), "%s", body)
+		})
+
+		t.Run("type=spa", func(t *testing.T) {
+			client := testhelpers.NewClientWithCookies(t)
+			email := "recoverme3@ory.sh"
+			createIdentityToRecover(t, reg, email)
+			recoverySubmissionResponse := submitRecovery(t, client, RecoveryFlowTypeSPA, func(v url.Values) {
+				v.Set("email", email)
+			}, http.StatusOK)
+			body := checkRecovery(t, client, RecoveryFlowTypeSPA, email, recoverySubmissionResponse, "")
+			assert.Equal(t, "browser_location_change_required", gjson.Get(body, "error.id").String())
+			assert.Contains(t, gjson.Get(body, "redirect_browser_to").String(), "settings-ts?")
+		})
+
+		t.Run("type=api", func(t *testing.T) {
+			client := &http.Client{}
+			email := "recoverme4@ory.sh"
+			createIdentityToRecover(t, reg, email)
+			recoverySubmissionResponse := submitRecovery(t, client, RecoveryFlowTypeAPI, func(v url.Values) {
+				v.Set("email", email)
+			}, http.StatusOK)
+			body := checkRecovery(t, client, RecoveryFlowTypeAPI, email, recoverySubmissionResponse, "")
+			assert.Equal(t, "browser_location_change_required", gjson.Get(body, "error.id").String())
+			assert.Contains(t, gjson.Get(body, "redirect_browser_to").String(), "settings-ts?")
+		})
+
+		t.Run("description=should return browser to return url", func(t *testing.T) {
+			client := testhelpers.NewClientWithCookies(t)
+			email := "recoverme@ory.sh"
+			returnTo := "https://www.ory.sh"
+			createIdentityToRecover(t, reg, email)
+
+			client.Transport = testhelpers.NewTransportWithLogger(http.DefaultTransport, t).RoundTripper
+
+			f := testhelpers.InitializeRecoveryFlowViaBrowser(t, client, false, public, url.Values{"return_to": []string{returnTo}})
+
+			formPayload := testhelpers.SDKFormFieldsToURLValues(f.Ui.Nodes)
+			formPayload.Set("email", email)
+
+			body, res := testhelpers.RecoveryMakeRequest(t, false, f, client, formPayload.Encode())
+			assert.EqualValues(t, http.StatusOK, res.StatusCode, "%s", body)
+			expectedURL := testhelpers.ExpectURL(false, public.URL+recovery.RouteSubmitFlow, conf.SelfServiceFlowRecoveryUI(ctx).String())
+			assert.Contains(t, res.Request.URL.String(), expectedURL, "%+v\n\t%s", res.Request, body)
+
+			body = checkRecovery(t, client, RecoveryFlowTypeBrowser, email, body, returnTo)
+
+			assert.Equal(t, text.NewRecoverySuccessful(time.Now().Add(time.Hour)).Text,
+				gjson.Get(body, "ui.messages.0.text").String())
+
+			res, err := client.Get(public.URL + session.RouteWhoami)
+			require.NoError(t, err)
+			body = string(x.MustReadAll(res.Body))
+			require.NoError(t, res.Body.Close())
+			assert.Equal(t, "code_recovery", gjson.Get(body, "authentication_methods.0.method").String(), "%s", body)
+			assert.Equal(t, "aal1", gjson.Get(body, "authenticator_assurance_level").String(), "%s", body)
+		})
+	})
+
+	t.Run("description=should set all the correct recovery payloads after submission", func(t *testing.T) {
+		body := expectSuccessfulRecovery(t, nil, RecoveryFlowTypeBrowser, func(v url.Values) {
+			v.Set("email", "test@ory.sh")
+		})
+		testhelpers.SnapshotTExcept(t, json.RawMessage(gjson.Get(body, "ui.nodes").String()), []string{"0.attributes.value"})
+	})
+
+	t.Run("description=should set all the correct recovery payloads", func(t *testing.T) {
+		c := testhelpers.NewClientWithCookies(t)
+		rs := testhelpers.GetRecoveryFlow(t, c, public)
+
+		testhelpers.SnapshotTExcept(t, rs.Ui.Nodes, []string{"0.attributes.value"})
+		assert.EqualValues(t, public.URL+recovery.RouteSubmitFlow+"?flow="+rs.Id, rs.Ui.Action)
+		assert.Empty(t, rs.Ui.Messages)
+	})
+
+	t.Run("description=should require an email to be sent", func(t *testing.T) {
+		for _, flowType := range flowTypes {
+			t.Run("type="+flowType, func(t *testing.T) {
+				body := expectValidationError(t, nil, flowType, func(v url.Values) {
+					v.Del("email")
+				})
+				assert.EqualValues(t, node.CodeGroup, gjson.Get(body, "active").String(), "%s", body)
+				assert.EqualValues(t, "Property email is missing.",
+					gjson.Get(body, "ui.nodes.#(attributes.name==email).messages.0.text").String(),
+					"%s", body)
+			})
+		}
+	})
+
+	t.Run("description=should require a valid email to be sent", func(t *testing.T) {
+
+		for _, flowType := range flowTypes {
+			for _, email := range []string{"\\", "asdf", "...", "aiacobelli.sec@gmail.com,alejandro.iacobelli@mercadolibre.com"} {
+				t.Run("type="+flowType, func(t *testing.T) {
+					responseJSON := expectValidationError(t, nil, flowType, func(v url.Values) {
+						v.Set("email", email)
+					})
+					activeMethod := gjson.Get(responseJSON, "active").String()
+					assert.EqualValues(t, node.CodeGroup, activeMethod, "expected method to be %s got %s", node.CodeGroup, activeMethod)
+					expectedMessage := fmt.Sprintf("%q is not valid \"email\"", email)
+					actualMessage := gjson.Get(responseJSON, "ui.nodes.#(attributes.name==email).messages.0.text").String()
+					assert.EqualValues(t, expectedMessage, actualMessage, "%s", responseJSON)
+				})
+			}
+		}
+	})
+
+	t.Run("description=should try to submit the form while authenticated", func(t *testing.T) {
+		for _, flowType := range flowTypes {
+			t.Run("type="+flowType, func(t *testing.T) {
+				isSPA := flowType == "spa"
+				isAPI := flowType == "api"
+				client := testhelpers.NewDebugClient(t)
+				if !isAPI {
+					client = testhelpers.NewClientWithCookies(t)
+					client.Transport = testhelpers.NewTransportWithLogger(http.DefaultTransport, t).RoundTripper
+				}
+
+				var f *kratos.SelfServiceRecoveryFlow
+				if isAPI {
+					f = testhelpers.InitializeRecoveryFlowViaAPI(t, client, public)
+				} else {
+					f = testhelpers.InitializeRecoveryFlowViaBrowser(t, client, isSPA, public, nil)
+				}
+				req := httptest.NewRequest("GET", "/sessions/whoami", nil)
+
+				session, err := session.NewActiveSession(
+					req,
+					&identity.Identity{ID: x.NewUUID(), State: identity.StateActive},
+					testhelpers.NewSessionLifespanProvider(time.Hour),
+					time.Now(),
+					identity.CredentialsTypePassword,
+					identity.AuthenticatorAssuranceLevel1,
+				)
+
+				require.NoError(t, err)
+
+				// Add the authentication to the request
+				client.Transport = testhelpers.NewTransportWithLogger(testhelpers.NewAuthorizedTransport(t, reg, session), t).RoundTripper
+
+				v := testhelpers.SDKFormFieldsToURLValues(f.Ui.Nodes)
+				v.Set("email", "some-email@example.org")
+				v.Set("method", "code")
+
+				body, res := testhelpers.RecoveryMakeRequest(t, isAPI || isSPA, f, client, testhelpers.EncodeFormAsJSON(t, isAPI || isSPA, v))
+
+				if isAPI || isSPA {
+					assert.EqualValues(t, http.StatusBadRequest, res.StatusCode, "%s", body)
+					assert.Contains(t, res.Request.URL.String(), recovery.RouteSubmitFlow, "%+v\n\t%s", res.Request, body)
+					assertx.EqualAsJSONExcept(t, recovery.ErrAlreadyLoggedIn, json.RawMessage(gjson.Get(body, "error").Raw), nil)
+				} else {
+					assert.EqualValues(t, http.StatusOK, res.StatusCode, "%s", body)
+					assert.Contains(t, res.Request.URL.String(), conf.SelfServiceBrowserDefaultReturnTo(ctx).String(), "%+v\n\t%s", res.Request, body)
+				}
+			})
+		}
+	})
+
+	t.Run("description=should not be able to recover account that does not exist", func(t *testing.T) {
+		var check = func(t *testing.T, c *http.Client, flowType, email string) {
+			withValues := func(v url.Values) {
+				v.Set("email", email)
+			}
+			body := submitRecovery(t, c, flowType, withValues, http.StatusOK)
+			assert.EqualValues(t, node.CodeGroup, gjson.Get(body, "active").String(), "%s", body)
+			assert.Empty(t, gjson.Get(body, "ui.nodes.#(attributes.name==code).attributes.value").String(), "%s", body)
+			assertx.EqualAsJSON(t, text.NewRecoveryEmailWithCodeSent(), json.RawMessage(gjson.Get(body, "ui.messages.0").Raw))
+
+			message := testhelpers.CourierExpectMessage(t, reg, email, "Account access attempted")
+			assert.Contains(t, message.Body, "If this was you, check if you signed up using a different address.")
+		}
+
+		t.Run("type=browser", func(t *testing.T) {
+			email := "recover_browser@ory.sh"
+			c := browserHttpClient(t)
+			check(t, c, RecoveryFlowTypeBrowser, email)
+		})
+
+		t.Run("type=spa", func(t *testing.T) {
+			email := "recover_spa@ory.sh"
+			c := spaHttpClient(t)
+			check(t, c, RecoveryFlowTypeSPA, email)
+		})
+
+		t.Run("type=api", func(t *testing.T) {
+			email := "recover_api@ory.sh"
+			c := apiHttpClient(t)
+			check(t, c, RecoveryFlowTypeAPI, email)
+		})
+	})
+
+	t.Run("description=should not be able to recover an inactive account", func(t *testing.T) {
+		for _, flowType := range flowTypeCases {
+			t.Run("type="+flowType.FlowType, func(t *testing.T) {
+				email := "recoverinactive_" + flowType.FlowType + "@ory.sh"
+				createIdentityToRecover(t, reg, email)
+				values := func(v url.Values) {
+					v.Set("email", email)
+				}
+				cl := testhelpers.NewClientWithCookies(t)
+
+				body := submitRecovery(t, cl, flowType.FlowType, values, http.StatusOK)
+				addr, err := reg.IdentityPool().FindVerifiableAddressByValue(context.Background(), identity.VerifiableAddressTypeEmail, email)
+				assert.NoError(t, err)
+
+				emailText := testhelpers.CourierExpectMessage(t, reg, email, "Recover access to your account")
+				recoveryCode := testhelpers.CourierExpectCodeInMessage(t, emailText, 1)
+
+				// Deactivate the identity
+				require.NoError(t, reg.Persister().GetConnection(context.Background()).RawQuery("UPDATE identities SET state=? WHERE id = ?", identity.StateInactive, addr.IdentityID).Exec())
+
+				if flowType.FlowType == RecoveryFlowTypeAPI || flowType.FlowType == RecoveryFlowTypeSPA {
+					body = submitRecoveryCode(t, cl, body, flowType.FlowType, recoveryCode, http.StatusUnauthorized)
+					assertx.EqualAsJSON(t, session.ErrIdentityDisabled.WithDetail("identity_id", addr.IdentityID), json.RawMessage(gjson.Get(body, "error").Raw), "%s", body)
+				} else {
+					body = submitRecoveryCode(t, cl, body, flowType.FlowType, recoveryCode, http.StatusOK)
+					assertx.EqualAsJSON(t, session.ErrIdentityDisabled.WithDetail("identity_id", addr.IdentityID), json.RawMessage(body), "%s", body)
+				}
+			})
+		}
+	})
+
+	t.Run("description=should recover and invalidate all other sessions if hook is set", func(t *testing.T) {
+		conf.MustSet(ctx, config.HookStrategyKey(config.ViperKeySelfServiceRecoveryAfter, config.HookGlobal), []config.SelfServiceHook{{Name: "revoke_active_sessions"}})
+		t.Cleanup(func() {
+			conf.MustSet(ctx, config.HookStrategyKey(config.ViperKeySelfServiceRegistrationAfter, identity.CredentialsTypePassword.String()), nil)
+		})
+
+		email := strings.ToLower(testhelpers.RandomEmail())
+		id := createIdentityToRecover(t, reg, email)
+
+		req := httptest.NewRequest("GET", "/sessions/whoami", nil)
+		sess, err := session.NewActiveSession(req, id, conf, time.Now(), identity.CredentialsTypePassword, identity.AuthenticatorAssuranceLevel1)
+		require.NoError(t, err)
+		require.NoError(t, reg.SessionPersister().UpsertSession(context.Background(), sess))
+
+		actualSession, err := reg.SessionPersister().GetSession(context.Background(), sess.ID, session.ExpandNothing)
+		require.NoError(t, err)
+		assert.True(t, actualSession.IsActive())
+
+		cl := testhelpers.NewClientWithCookies(t)
+		actual := expectSuccessfulRecovery(t, cl, RecoveryFlowTypeBrowser, func(v url.Values) {
+			v.Set("email", email)
+		})
+		message := testhelpers.CourierExpectMessage(t, reg, email, "Recover access to your account")
+		recoveryCode := testhelpers.CourierExpectCodeInMessage(t, message, 1)
+
+		cl.CheckRedirect = func(req *http.Request, via []*http.Request) error {
+			return http.ErrUseLastResponse
+		}
+
+		action := gjson.Get(actual, "ui.action").String()
+		require.NotEmpty(t, action)
+		csrf_token := gjson.Get(actual, "ui.nodes.#(attributes.name==csrf_token).attributes.value").String()
+		require.NotEmpty(t, csrf_token)
+
+		submitRecoveryCode(t, cl, actual, RecoveryFlowTypeBrowser, recoveryCode, http.StatusSeeOther)
+
+		require.Len(t, cl.Jar.Cookies(urlx.ParseOrPanic(public.URL)), 2)
+		cookies := spew.Sdump(cl.Jar.Cookies(urlx.ParseOrPanic(public.URL)))
+		assert.Contains(t, cookies, "ory_kratos_session")
+
+		actualSession, err = reg.SessionPersister().GetSession(context.Background(), sess.ID, session.ExpandNothing)
+		require.NoError(t, err)
+		assert.False(t, actualSession.IsActive())
+	})
+
+	t.Run("description=should not be able to use an invalid code more than 5 times", func(t *testing.T) {
+		email := strings.ToLower(testhelpers.RandomEmail())
+		createIdentityToRecover(t, reg, email)
+		c := testhelpers.NewClientWithCookies(t)
+		body := submitRecovery(t, c, RecoveryFlowTypeBrowser, func(v url.Values) {
+			v.Set("email", email)
+		}, http.StatusOK)
+		initialFlowId := gjson.Get(body, "id")
+
+		for submitTry := 0; submitTry < 5; submitTry++ {
+			body := submitRecoveryCode(t, c, body, RecoveryFlowTypeBrowser, "12312312", http.StatusOK)
+
+			assertMessage(t, []byte(body), "The recovery code is invalid or has already been used. Please try again.")
+		}
+
+		// submit an invalid code for the 6th time
+		body = submitRecoveryCode(t, c, body, RecoveryFlowTypeBrowser, "12312312", http.StatusOK)
+
+		require.Len(t, gjson.Get(body, "ui.messages").Array(), 1)
+		assert.Equal(t, "The recovery was submitted too often. Please try again.", gjson.Get(body, "ui.messages.0.text").String())
+
+		// check that a new flow has been created
+		assert.NotEqual(t, gjson.Get(body, "id"), initialFlowId)
+
+		assert.True(t, gjson.Get(body, "ui.nodes.#(attributes.name==email)").Exists())
+	})
+
+	t.Run("description=should be able to recover after using invalid code", func(t *testing.T) {
+		for _, testCase := range flowTypeCases {
+			t.Run("type="+testCase.FlowType, func(t *testing.T) {
+				c := testCase.GetClient(t)
+				recoveryEmail := strings.ToLower(testhelpers.RandomEmail())
+				_ = createIdentityToRecover(t, reg, recoveryEmail)
+
+				actual := submitRecovery(t, c, testCase.FlowType, func(v url.Values) {
+					v.Set("email", recoveryEmail)
+				}, http.StatusOK)
+
+				message := testhelpers.CourierExpectMessage(t, reg, recoveryEmail, "Recover access to your account")
+				recoveryCode := testhelpers.CourierExpectCodeInMessage(t, message, 1)
+
+				form := withCSRFToken(t, testCase.FlowType, actual, url.Values{
+					"code": {"12312312"},
+				})
+
+				action := gjson.Get(actual, "ui.action").String()
+				require.NotEmpty(t, action)
+
+				res, err := c.Post(action, testCase.FormContentType, bytes.NewBufferString(form))
+				require.NoError(t, err)
+				assert.Equal(t, http.StatusOK, res.StatusCode)
+
+				flowId := gjson.Get(actual, "id").String()
+				require.NotEmpty(t, flowId)
+
+				rs, res, err := testhelpers.
+					NewSDKCustomClient(public, c).
+					V0alpha2Api.
+					GetSelfServiceRecoveryFlow(context.Background()).
+					Id(flowId).
+					Execute()
+
+				body := ioutilx.MustReadAll(res.Body)
+				require.NotEmpty(t, body)
+
+				require.Len(t, rs.Ui.Messages, 1)
+				assert.Equal(t, "The recovery code is invalid or has already been used. Please try again.", rs.Ui.Messages[0].Text)
+
+				form = withCSRFToken(t, testCase.FlowType, actual, url.Values{
+					"code": {recoveryCode},
+				})
+				// Now submit the correct code
+				res, err = c.Post(action, testCase.FormContentType, bytes.NewBufferString(form))
+				require.NoError(t, err)
+				if testCase.FlowType == RecoveryFlowTypeBrowser {
+					assert.Equal(t, http.StatusOK, res.StatusCode)
+
+					json := ioutilx.MustReadAll(res.Body)
+
+					assert.Len(t, gjson.GetBytes(json, "ui.messages").Array(), 1)
+					assert.Contains(t, gjson.GetBytes(json, "ui.messages.0.text").String(), "You successfully recovered your account.")
+				} else if testCase.FlowType == RecoveryFlowTypeSPA {
+					assert.Equal(t, http.StatusUnprocessableEntity, res.StatusCode)
+
+					json := ioutilx.MustReadAll(res.Body)
+
+					assert.Equal(t, gjson.GetBytes(json, "error.id").String(), "browser_location_change_required")
+					assert.Contains(t, gjson.GetBytes(json, "redirect_browser_to").String(), "settings-ts?")
+				}
+			})
+		}
+	})
+
+	t.Run("description=should not be able to use an invalid code", func(t *testing.T) {
+		email := "recoverme+invalid_code@ory.sh"
+		createIdentityToRecover(t, reg, email)
+		c := testhelpers.NewClientWithCookies(t)
+
+		body := submitRecovery(t, c, RecoveryFlowTypeBrowser, func(v url.Values) {
+			v.Set("email", email)
+		}, http.StatusOK)
+
+		body = submitRecoveryCode(t, c, body, RecoveryFlowTypeBrowser, "12312312", http.StatusOK)
+
+		assertMessage(t, []byte(body), "The recovery code is invalid or has already been used. Please try again.")
+	})
+
+	t.Run("description=should not be able to submit recover address after flow expired", func(t *testing.T) {
+		recoveryEmail := "recoverme5@ory.sh"
+		createIdentityToRecover(t, reg, recoveryEmail)
+		conf.MustSet(ctx, config.ViperKeySelfServiceRecoveryRequestLifespan, time.Millisecond*200)
+		t.Cleanup(func() {
+			conf.MustSet(ctx, config.ViperKeySelfServiceRecoveryRequestLifespan, time.Minute)
+		})
+
+		c := testhelpers.NewClientWithCookies(t)
+		rs := testhelpers.GetRecoveryFlow(t, c, public)
+
+		time.Sleep(time.Millisecond * 201)
+
+		res, err := c.PostForm(rs.Ui.Action, url.Values{"email": {recoveryEmail}})
+		require.NoError(t, err)
+		assert.EqualValues(t, http.StatusOK, res.StatusCode)
+		assert.NotContains(t, res.Request.URL.String(), "flow="+rs.Id)
+		assert.Contains(t, res.Request.URL.String(), conf.SelfServiceFlowRecoveryUI(ctx).String())
+
+		addr, err := reg.IdentityPool().FindVerifiableAddressByValue(context.Background(), identity.VerifiableAddressTypeEmail, recoveryEmail)
+		assert.NoError(t, err)
+		assert.False(t, addr.Verified)
+		assert.Nil(t, addr.VerifiedAt)
+		assert.Equal(t, identity.VerifiableAddressStatusPending, addr.Status)
+	})
+
+	t.Run("description=should not be able to submit code after flow expired", func(t *testing.T) {
+		recoveryEmail := "recoverme6@ory.sh"
+		createIdentityToRecover(t, reg, recoveryEmail)
+		conf.MustSet(ctx, config.ViperKeySelfServiceRecoveryRequestLifespan, time.Millisecond*200)
+		t.Cleanup(func() {
+			conf.MustSet(ctx, config.ViperKeySelfServiceRecoveryRequestLifespan, time.Minute)
+		})
+
+		c := testhelpers.NewClientWithCookies(t)
+
+		body := expectSuccessfulRecovery(t, c, RecoveryFlowTypeBrowser, func(v url.Values) {
+			v.Set("email", recoveryEmail)
+		})
+
+		initialFlowId := gjson.Get(body, "id")
+
+		message := testhelpers.CourierExpectMessage(t, reg, recoveryEmail, "Recover access to your account")
+		assert.Contains(t, message.Body, "please recover access to your account by entering the following code")
+
+		recoveryCode := testhelpers.CourierExpectCodeInMessage(t, message, 1)
+
+		time.Sleep(time.Millisecond * 201)
+
+		body = submitRecoveryCode(t, c, body, RecoveryFlowTypeBrowser, recoveryCode, http.StatusOK)
+
+		assert.NotEqual(t, gjson.Get(body, "id"), initialFlowId)
+
+		assertMessage(t, []byte(body), "The recovery flow expired 0.00 minutes ago, please try again.")
+
+		addr, err := reg.IdentityPool().FindVerifiableAddressByValue(context.Background(), identity.VerifiableAddressTypeEmail, recoveryEmail)
+		require.NoError(t, err)
+		assert.False(t, addr.Verified)
+		assert.Nil(t, addr.VerifiedAt)
+		assert.Equal(t, identity.VerifiableAddressStatusPending, addr.Status)
+	})
+
+	t.Run("description=should not break ui if empty code is submitted", func(t *testing.T) {
+		recoveryEmail := "recoverme7@ory.sh"
+		createIdentityToRecover(t, reg, recoveryEmail)
+
+		c := testhelpers.NewClientWithCookies(t)
+		body := expectSuccessfulRecovery(t, c, RecoveryFlowTypeBrowser, func(v url.Values) {
+			v.Set("email", recoveryEmail)
+		})
+
+		action := gjson.Get(body, "ui.action").String()
+		require.NotEmpty(t, action)
+
+		body = submitRecoveryCode(t, c, body, RecoveryFlowTypeBrowser, "", http.StatusOK)
+
+		assert.NotContains(t, gjson.Get(body, "ui.nodes").String(), "Property email is missing.")
+		assertMessage(t, []byte(body), "The recovery code is invalid or has already been used. Please try again.")
+	})
+
+	t.Run("description=should be able to re-send the recovery code", func(t *testing.T) {
+		recoveryEmail := strings.ToLower(testhelpers.RandomEmail())
+		createIdentityToRecover(t, reg, recoveryEmail)
+
+		c := testhelpers.NewClientWithCookies(t)
+		body := expectSuccessfulRecovery(t, c, RecoveryFlowTypeBrowser, func(v url.Values) {
+			v.Set("email", recoveryEmail)
+		})
+
+		action := gjson.Get(body, "ui.action").String()
+		require.NotEmpty(t, action)
+		assert.Equal(t, recoveryEmail, gjson.Get(body, "ui.nodes.#(attributes.name==email).attributes.value").String())
+
+		body = resendRecoveryCode(t, c, body, RecoveryFlowTypeBrowser, http.StatusOK)
+		assert.True(t, gjson.Get(body, "ui.nodes.#(attributes.name==code)").Exists())
+		assert.Equal(t, recoveryEmail, gjson.Get(body, "ui.nodes.#(attributes.name==email).attributes.value").String())
+
+		message := testhelpers.CourierExpectMessage(t, reg, recoveryEmail, "Recover access to your account")
+		recoveryCode := testhelpers.CourierExpectCodeInMessage(t, message, 1)
+
+		submitRecoveryCode(t, c, body, RecoveryFlowTypeBrowser, recoveryCode, http.StatusOK)
+	})
+
+	t.Run("description=should not be able to use first code after re-sending email", func(t *testing.T) {
+		recoveryEmail := strings.ToLower(testhelpers.RandomEmail())
+		createIdentityToRecover(t, reg, recoveryEmail)
+
+		c := testhelpers.NewClientWithCookies(t)
+		body := expectSuccessfulRecovery(t, c, RecoveryFlowTypeBrowser, func(v url.Values) {
+			v.Set("email", recoveryEmail)
+		})
+
+		action := gjson.Get(body, "ui.action").String()
+		require.NotEmpty(t, action)
+		assert.Equal(t, recoveryEmail, gjson.Get(body, "ui.nodes.#(attributes.name==email).attributes.value").String())
+
+		message1 := testhelpers.CourierExpectMessage(t, reg, recoveryEmail, "Recover access to your account")
+		recoveryCode1 := testhelpers.CourierExpectCodeInMessage(t, message1, 1)
+
+		body = resendRecoveryCode(t, c, body, RecoveryFlowTypeBrowser, http.StatusOK)
+		assert.True(t, gjson.Get(body, "ui.nodes.#(attributes.name==code)").Exists())
+		assert.Equal(t, recoveryEmail, gjson.Get(body, "ui.nodes.#(attributes.name==email).attributes.value").String())
+
+		message2 := testhelpers.CourierExpectMessage(t, reg, recoveryEmail, "Recover access to your account")
+		recoveryCode2 := testhelpers.CourierExpectCodeInMessage(t, message2, 1)
+
+		body = submitRecoveryCode(t, c, body, RecoveryFlowTypeBrowser, recoveryCode1, http.StatusOK)
+		assertMessage(t, []byte(body), "The recovery code is invalid or has already been used. Please try again.")
+
+		// For good measure, check that the second code works!
+		body = submitRecoveryCode(t, c, body, RecoveryFlowTypeBrowser, recoveryCode2, http.StatusOK)
+		assertMessage(t, []byte(body), "You successfully recovered your account. Please change your password or set up an alternative login method (e.g. social sign in) within the next 60.00 minutes.")
+
+	})
+
+}
+
+func TestDisabledStrategy(t *testing.T) {
+	ctx := context.Background()
+	conf, reg := internal.NewFastRegistryWithMocks(t)
+	initViper(t, ctx, conf)
+	conf.MustSet(ctx, config.ViperKeySelfServiceStrategyConfig+"."+recovery.StrategyRecoveryLinkName+".enabled", false)
+	conf.MustSet(ctx, config.ViperKeySelfServiceStrategyConfig+"."+recovery.StrategyRecoveryCodeName+".enabled", false)
+
+	publicTS, adminTS := testhelpers.NewKratosServer(t, reg)
+	adminSDK := testhelpers.NewSDKClient(adminTS)
+	_ = testhelpers.NewErrorTestServer(t, reg)
+
+	t.Run("role=admin", func(t *testing.T) {
+		t.Run("description=can not create recovery link when link method is disabled", func(t *testing.T) {
+			id := identity.Identity{Traits: identity.Traits(`{"email":"recovery-endpoint-disabled@ory.sh"}`)}
+
+			require.NoError(t, reg.IdentityManager().Create(context.Background(),
+				&id, identity.ManagerAllowWriteProtectedTraits))
+
+			rl, _, err := adminSDK.V0alpha2Api.
+				AdminCreateSelfServiceRecoveryLink(context.Background()).
+				AdminCreateSelfServiceRecoveryLinkBody(kratos.AdminCreateSelfServiceRecoveryLinkBody{
+					IdentityId: id.ID.String(),
+				}).Execute()
+			assert.Nil(t, rl)
+			require.IsType(t, new(kratos.GenericOpenAPIError), err, "%s", err)
+
+			br, _ := err.(*kratos.GenericOpenAPIError)
+			assert.Contains(t, string(br.Body()), "This endpoint was disabled by system administrator", "%s", br.Body())
+		})
+	})
+
+	t.Run("role=public", func(t *testing.T) {
+		c := testhelpers.NewClientWithCookies(t)
+
+		t.Run("description=can not recover an account by post request when code method is disabled", func(t *testing.T) {
+			f := testhelpers.PersistNewRecoveryFlow(t, code.NewStrategy(reg), conf, reg)
+			u := publicTS.URL + recovery.RouteSubmitFlow + "?flow=" + f.ID.String()
+
+			res, err := c.PostForm(u, url.Values{
+				"email":      {"email@ory.sh"},
+				"method":     {"code"},
+				"csrf_token": {f.CSRFToken},
+			})
+			require.NoError(t, err)
+			assert.Equal(t, http.StatusOK, res.StatusCode)
+
+			b := ioutilx.MustReadAll(res.Body)
+			assert.Contains(t, string(b), "This endpoint was disabled by system administrator")
+		})
+	})
+}
diff --git a/selfservice/strategy/code/strategy_test.go b/selfservice/strategy/code/strategy_test.go
new file mode 100644
index 000000000000..0d870724af6f
--- /dev/null
+++ b/selfservice/strategy/code/strategy_test.go
@@ -0,0 +1,23 @@
+package code_test
+
+import (
+	"context"
+	"testing"
+
+	"github.com/ory/kratos/internal/testhelpers"
+
+	"github.com/ory/kratos/driver/config"
+	"github.com/ory/kratos/identity"
+	"github.com/ory/kratos/selfservice/flow/recovery"
+)
+
+func initViper(t *testing.T, ctx context.Context, c *config.Config) {
+	testhelpers.SetDefaultIdentitySchema(c, "file://./stub/default.schema.json")
+	c.MustSet(ctx, config.ViperKeySelfServiceBrowserDefaultReturnTo, "https://www.ory.sh")
+	c.MustSet(ctx, config.ViperKeyURLsAllowedReturnToDomains, []string{"https://www.ory.sh"})
+	c.MustSet(ctx, config.ViperKeySelfServiceStrategyConfig+"."+identity.CredentialsTypePassword.String()+".enabled", true)
+	c.MustSet(ctx, config.ViperKeySelfServiceStrategyConfig+"."+recovery.StrategyRecoveryCodeName+".enabled", true)
+	c.MustSet(ctx, config.ViperKeySelfServiceRecoveryEnabled, true)
+	c.MustSet(ctx, config.ViperKeySelfServiceRecoveryUse, "code")
+	c.MustSet(ctx, config.ViperKeySelfServiceVerificationEnabled, true)
+}
diff --git a/selfservice/strategy/code/stub/default.schema.json b/selfservice/strategy/code/stub/default.schema.json
new file mode 100644
index 000000000000..8dc923266050
--- /dev/null
+++ b/selfservice/strategy/code/stub/default.schema.json
@@ -0,0 +1,29 @@
+{
+  "$id": "https://example.com/person.schema.json",
+  "$schema": "http://json-schema.org/draft-07/schema#",
+  "title": "Person",
+  "type": "object",
+  "properties": {
+    "traits": {
+      "type": "object",
+      "properties": {
+        "email": {
+          "type": "string",
+          "ory.sh/kratos": {
+            "credentials": {
+              "password": {
+                "identifier": true
+              }
+            },
+            "verification": {
+              "via": "email"
+            },
+            "recovery": {
+              "via": "email"
+            }
+          }
+        }
+      }
+    }
+  }
+}
diff --git a/selfservice/strategy/code/test/persistence.go b/selfservice/strategy/code/test/persistence.go
new file mode 100644
index 000000000000..579ef41e980f
--- /dev/null
+++ b/selfservice/strategy/code/test/persistence.go
@@ -0,0 +1,145 @@
+package code
+
+import (
+	"context"
+	"testing"
+	"time"
+
+	"github.com/ory/kratos/internal/testhelpers"
+	"github.com/ory/kratos/persistence"
+	"github.com/ory/kratos/selfservice/strategy/code"
+	"github.com/ory/x/randx"
+
+	"github.com/bxcodec/faker/v3"
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+
+	"github.com/ory/kratos/driver/config"
+	"github.com/ory/kratos/identity"
+	"github.com/ory/kratos/selfservice/flow/recovery"
+	"github.com/ory/kratos/x"
+)
+
+func TestPersister(ctx context.Context, conf *config.Config, p interface {
+	persistence.Persister
+}) func(t *testing.T) {
+	return func(t *testing.T) {
+		nid, p := testhelpers.NewNetworkUnlessExisting(t, ctx, p)
+
+		testhelpers.SetDefaultIdentitySchema(conf, "file://./stub/identity.schema.json")
+		conf.MustSet(ctx, config.ViperKeySecretsDefault, []string{"secret-a", "secret-b"})
+
+		t.Run("code=recovery", func(t *testing.T) {
+
+			newRecoveryCodeDTO := func(t *testing.T, email string) (*code.CreateRecoveryCodeParams, *recovery.Flow, *identity.RecoveryAddress) {
+				var f recovery.Flow
+				require.NoError(t, faker.FakeData(&f))
+				require.NoError(t, p.CreateRecoveryFlow(ctx, &f))
+
+				var i identity.Identity
+				require.NoError(t, faker.FakeData(&i))
+
+				address := &identity.RecoveryAddress{Value: email, Via: identity.RecoveryAddressTypeEmail, IdentityID: i.ID}
+				i.RecoveryAddresses = append(i.RecoveryAddresses, *address)
+
+				require.NoError(t, p.CreateIdentity(ctx, &i))
+
+				return &code.CreateRecoveryCodeParams{
+					RawCode:         string(randx.MustString(8, randx.Numeric)),
+					FlowID:          f.ID,
+					RecoveryAddress: &i.RecoveryAddresses[0],
+					ExpiresIn:       time.Minute,
+					IdentityID:      i.ID,
+				}, &f, &i.RecoveryAddresses[0]
+			}
+
+			t.Run("case=should error when the recovery token does not exist", func(t *testing.T) {
+				_, err := p.UseRecoveryCode(ctx, x.NewUUID(), "i-do-not-exist")
+				require.Error(t, err)
+			})
+
+			t.Run("case=should create a new recovery code", func(t *testing.T) {
+				dto, f, a := newRecoveryCodeDTO(t, "foo-user@ory.sh")
+				rCode, err := p.CreateRecoveryCode(ctx, dto)
+				require.NoError(t, err)
+				assert.Equal(t, f.ID, rCode.FlowID)
+				assert.Equal(t, dto.IdentityID, rCode.IdentityID)
+				require.True(t, rCode.RecoveryAddressID.Valid)
+				assert.Equal(t, a.ID, rCode.RecoveryAddressID.UUID)
+				assert.Equal(t, a.ID, rCode.RecoveryAddress.ID)
+			})
+
+			t.Run("case=should create a recovery code and use it", func(t *testing.T) {
+				dto, f, _ := newRecoveryCodeDTO(t, "other-user@ory.sh")
+				_, err := p.CreateRecoveryCode(ctx, dto)
+				require.NoError(t, err)
+
+				t.Run("not work on another network", func(t *testing.T) {
+					_, p := testhelpers.NewNetwork(t, ctx, p)
+					_, err := p.UseRecoveryCode(ctx, f.ID, dto.RawCode)
+					require.ErrorIs(t, err, code.ErrCodeNotFound)
+				})
+
+				actual, err := p.UseRecoveryCode(ctx, f.ID, dto.RawCode)
+				require.NoError(t, err)
+				assert.Equal(t, nid, actual.NID)
+				assert.Equal(t, dto.IdentityID, actual.IdentityID)
+				assert.NotEqual(t, dto.RawCode, actual.CodeHMAC)
+				assert.EqualValues(t, f.ID, actual.FlowID)
+
+				_, err = p.UseRecoveryCode(ctx, f.ID, dto.RawCode)
+				require.ErrorIs(t, err, code.ErrCodeAlreadyUsed)
+			})
+
+			t.Run("case=should not be able to use expired codes", func(t *testing.T) {
+				dto, f, _ := newRecoveryCodeDTO(t, "expired-code@ory.sh")
+				dto.ExpiresIn = -time.Hour
+				_, err := p.CreateRecoveryCode(ctx, dto)
+				require.NoError(t, err)
+
+				_, err = p.UseRecoveryCode(ctx, f.ID, dto.RawCode)
+				assert.Error(t, err)
+			})
+
+			t.Run("case=should increment flow submit count and fail after too many tries", func(t *testing.T) {
+				dto, f, _ := newRecoveryCodeDTO(t, "submit-count@ory.sh")
+				_, err := p.CreateRecoveryCode(ctx, dto)
+				require.NoError(t, err)
+
+				for i := 1; i <= 5; i++ {
+					_, err = p.UseRecoveryCode(ctx, f.ID, "i-do-not-exist")
+					require.Error(t, err)
+				}
+
+				_, err = p.UseRecoveryCode(ctx, f.ID, "i-do-not-exist")
+				require.ErrorIs(t, err, code.ErrCodeSubmittedTooOften)
+
+				// Submit again, just to be sure
+				_, err = p.UseRecoveryCode(ctx, f.ID, "i-do-not-exist")
+				require.ErrorIs(t, err, code.ErrCodeSubmittedTooOften)
+			})
+
+			t.Run("case=should delete codes of flow", func(t *testing.T) {
+				dto, f, _ := newRecoveryCodeDTO(t, testhelpers.RandomEmail())
+				for i := 0; i < 10; i++ {
+					dto.RawCode = string(randx.MustString(8, randx.Numeric))
+					_, err := p.CreateRecoveryCode(ctx, dto)
+					require.NoError(t, err)
+				}
+
+				count, err := p.GetConnection(ctx).Where("selfservice_recovery_flow_id = ?", f.ID).Count(&code.RecoveryCode{})
+				require.NoError(t, err)
+				require.Equal(t, 10, count)
+
+				err = p.DeleteRecoveryCodesOfFlow(ctx, f.ID)
+				require.NoError(t, err)
+
+				// Count again, should be 0
+				count, err = p.GetConnection(ctx).Where("selfservice_recovery_flow_id = ?", f.ID).Count(&code.RecoveryCode{})
+				require.NoError(t, err)
+				require.Equal(t, 0, count)
+
+			})
+		})
+	}
+}
diff --git a/selfservice/strategy/link/sender_test.go b/selfservice/strategy/link/sender_test.go
index b8c8eabb4d70..779acba21d00 100644
--- a/selfservice/strategy/link/sender_test.go
+++ b/selfservice/strategy/link/sender_test.go
@@ -25,6 +25,7 @@ import (
 func TestManager(t *testing.T) {
 	ctx := context.Background()
 	conf, reg := internal.NewFastRegistryWithMocks(t)
+	initViper(t, conf)
 	testhelpers.SetDefaultIdentitySchema(conf, "file://./stub/default.schema.json")
 	conf.MustSet(ctx, config.ViperKeyPublicBaseURL, "https://www.ory.sh/")
 	conf.MustSet(ctx, config.ViperKeyCourierSMTPURL, "smtp://foo@bar@dev.null/")
@@ -39,7 +40,9 @@ func TestManager(t *testing.T) {
 	hr := httptest.NewRequest("GET", "https://www.ory.sh", nil)
 
 	t.Run("method=SendRecoveryLink", func(t *testing.T) {
-		f, err := recovery.NewFlow(conf, time.Hour, "", u, reg.RecoveryStrategies(context.Background()), flow.TypeBrowser)
+		s, err := reg.RecoveryStrategies(ctx).Strategy("link")
+		require.NoError(t, err)
+		f, err := recovery.NewFlow(conf, time.Hour, "", u, s, flow.TypeBrowser)
 		require.NoError(t, err)
 
 		require.NoError(t, reg.RecoveryFlowPersister().CreateRecoveryFlow(context.Background(), f))
diff --git a/selfservice/strategy/link/strategy_recovery.go b/selfservice/strategy/link/strategy_recovery.go
index 12e2a80a79cd..007b2194c25d 100644
--- a/selfservice/strategy/link/strategy_recovery.go
+++ b/selfservice/strategy/link/strategy_recovery.go
@@ -146,8 +146,7 @@ func (s *Strategy) createRecoveryLink(w http.ResponseWriter, r *http.Request, _
 		return
 	}
 
-	req, err := recovery.NewFlow(s.d.Config(), expiresIn, s.d.GenerateCSRFToken(r),
-		r, s.d.RecoveryStrategies(r.Context()), flow.TypeBrowser)
+	req, err := recovery.NewFlow(s.d.Config(), expiresIn, s.d.GenerateCSRFToken(r), r, s, flow.TypeBrowser)
 	if err != nil {
 		s.d.Writer().WriteError(w, r, err)
 		return
@@ -316,8 +315,7 @@ func (s *Strategy) recoveryUseToken(w http.ResponseWriter, r *http.Request, fID
 
 	var f *recovery.Flow
 	if !token.FlowID.Valid {
-		f, err = recovery.NewFlow(s.d.Config(), time.Until(token.ExpiresAt), s.d.GenerateCSRFToken(r),
-			r, s.d.RecoveryStrategies(r.Context()), flow.TypeBrowser)
+		f, err = recovery.NewFlow(s.d.Config(), time.Until(token.ExpiresAt), s.d.GenerateCSRFToken(r), r, s, flow.TypeBrowser)
 		if err != nil {
 			return s.retryRecoveryFlowWithError(w, r, flow.TypeBrowser, err)
 		}
@@ -354,7 +352,7 @@ func (s *Strategy) recoveryUseToken(w http.ResponseWriter, r *http.Request, fID
 func (s *Strategy) retryRecoveryFlowWithMessage(w http.ResponseWriter, r *http.Request, ft flow.Type, message *text.Message) error {
 	s.d.Logger().WithRequest(r).WithField("message", message).Debug("A recovery flow is being retried because a validation error occurred.")
 
-	req, err := recovery.NewFlow(s.d.Config(), s.d.Config().SelfServiceFlowRecoveryRequestLifespan(r.Context()), s.d.CSRFHandler().RegenerateToken(w, r), r, s.d.RecoveryStrategies(r.Context()), ft)
+	req, err := recovery.NewFlow(s.d.Config(), s.d.Config().SelfServiceFlowRecoveryRequestLifespan(r.Context()), s.d.CSRFHandler().RegenerateToken(w, r), r, s, ft)
 	if err != nil {
 		return err
 	}
@@ -377,7 +375,7 @@ func (s *Strategy) retryRecoveryFlowWithMessage(w http.ResponseWriter, r *http.R
 func (s *Strategy) retryRecoveryFlowWithError(w http.ResponseWriter, r *http.Request, ft flow.Type, recErr error) error {
 	s.d.Logger().WithRequest(r).WithError(recErr).Debug("A recovery flow is being retried because a validation error occurred.")
 
-	req, err := recovery.NewFlow(s.d.Config(), s.d.Config().SelfServiceFlowRecoveryRequestLifespan(r.Context()), s.d.CSRFHandler().RegenerateToken(w, r), r, s.d.RecoveryStrategies(r.Context()), ft)
+	req, err := recovery.NewFlow(s.d.Config(), s.d.Config().SelfServiceFlowRecoveryRequestLifespan(r.Context()), s.d.CSRFHandler().RegenerateToken(w, r), r, s, ft)
 	if err != nil {
 		return err
 	}
diff --git a/selfservice/strategy/link/strategy_recovery_test.go b/selfservice/strategy/link/strategy_recovery_test.go
index dc4685237b94..1d9eef1a57cd 100644
--- a/selfservice/strategy/link/strategy_recovery_test.go
+++ b/selfservice/strategy/link/strategy_recovery_test.go
@@ -101,7 +101,7 @@ func TestAdminStrategy(t *testing.T) {
 		require.NoError(t, err)
 		w := httptest.NewRecorder()
 		r := &http.Request{URL: new(url.URL)}
-		f, err := recovery.NewFlow(reg.Config(), time.Minute, "", r, reg.RecoveryStrategies(ctx), flow.TypeBrowser)
+		f, err := recovery.NewFlow(reg.Config(), time.Minute, "", r, s, flow.TypeBrowser)
 		require.NoError(t, err)
 		require.NotPanics(t, func() {
 			require.Error(t, s.(*link.Strategy).HandleRecoveryError(w, r, f, nil, errors.New("test")))
@@ -259,6 +259,8 @@ func TestAdminStrategy(t *testing.T) {
 func TestRecovery(t *testing.T) {
 	ctx := context.Background()
 	conf, reg := internal.NewFastRegistryWithMocks(t)
+	conf.MustSet(ctx, config.ViperKeySelfServiceStrategyConfig+".code.enabled", false)
+	conf.MustSet(ctx, config.ViperKeySelfServiceStrategyConfig+".link.enabled", true)
 	initViper(t, conf)
 
 	_ = testhelpers.NewRecoveryUIFlowEchoServer(t, reg)
@@ -785,6 +787,7 @@ func TestDisabledEndpoint(t *testing.T) {
 	conf, reg := internal.NewFastRegistryWithMocks(t)
 	initViper(t, conf)
 	conf.MustSet(ctx, config.ViperKeySelfServiceStrategyConfig+"."+recovery.StrategyRecoveryLinkName+".enabled", false)
+	conf.MustSet(ctx, config.ViperKeySelfServiceStrategyConfig+"."+recovery.StrategyRecoveryCodeName+".enabled", false)
 
 	publicTS, adminTS := testhelpers.NewKratosServer(t, reg)
 	adminSDK := testhelpers.NewSDKClient(adminTS)
@@ -812,8 +815,8 @@ func TestDisabledEndpoint(t *testing.T) {
 		c := testhelpers.NewClientWithCookies(t)
 
 		t.Run("description=can not recover an account by get request when link method is disabled", func(t *testing.T) {
-			f := testhelpers.InitializeRecoveryFlowViaBrowser(t, c, false, publicTS, nil)
-			u := publicTS.URL + recovery.RouteSubmitFlow + "?flow=" + f.Id + "&token=endpoint-disabled"
+			f := testhelpers.PersistNewRecoveryFlow(t, nil, conf, reg)
+			u := publicTS.URL + recovery.RouteSubmitFlow + "?flow=" + f.ID.String() + "&token=endpoint-disabled"
 			res, err := c.Get(u)
 			require.NoError(t, err)
 			assert.Equal(t, http.StatusOK, res.StatusCode)
@@ -823,8 +826,8 @@ func TestDisabledEndpoint(t *testing.T) {
 		})
 
 		t.Run("description=can not recover an account by post request when link method is disabled", func(t *testing.T) {
-			f := testhelpers.InitializeRecoveryFlowViaBrowser(t, c, false, publicTS, nil)
-			u := publicTS.URL + recovery.RouteSubmitFlow + "?flow=" + f.Id
+			f := testhelpers.PersistNewRecoveryFlow(t, nil, conf, reg)
+			u := publicTS.URL + recovery.RouteSubmitFlow + "?flow=" + f.ID.String()
 			res, err := c.PostForm(u, url.Values{"email": {"email@ory.sh"}, "method": {"link"}})
 			require.NoError(t, err)
 			assert.Equal(t, http.StatusOK, res.StatusCode)
diff --git a/selfservice/strategy/link/strategy_test.go b/selfservice/strategy/link/strategy_test.go
index fb8f6cd96283..7dead07c7907 100644
--- a/selfservice/strategy/link/strategy_test.go
+++ b/selfservice/strategy/link/strategy_test.go
@@ -18,6 +18,7 @@ func initViper(t *testing.T, c *config.Config) {
 	c.MustSet(ctx, config.ViperKeyURLsAllowedReturnToDomains, []string{"https://www.ory.sh"})
 	c.MustSet(ctx, config.ViperKeySelfServiceStrategyConfig+"."+identity.CredentialsTypePassword.String()+".enabled", true)
 	c.MustSet(ctx, config.ViperKeySelfServiceStrategyConfig+"."+recovery.StrategyRecoveryLinkName+".enabled", true)
+	c.MustSet(ctx, config.ViperKeySelfServiceRecoveryUse, "link")
 	c.MustSet(ctx, config.ViperKeySelfServiceRecoveryEnabled, true)
 	c.MustSet(ctx, config.ViperKeySelfServiceVerificationEnabled, true)
 }
diff --git a/session/session.go b/session/session.go
index 56824e8fc1cf..2dd60a21105c 100644
--- a/session/session.go
+++ b/session/session.go
@@ -163,6 +163,7 @@ func (s *Session) SetAuthenticatorAssuranceLevel() {
 			// be part of the AMR.
 			switch amr.Method {
 			case identity.CredentialsTypeRecoveryLink:
+			case identity.CredentialsTypeRecoveryCode:
 				isAAL1 = true
 			case identity.CredentialsTypeOIDC:
 				isAAL1 = true
diff --git a/session/session_test.go b/session/session_test.go
index b3c8585064e8..293f53a13834 100644
--- a/session/session_test.go
+++ b/session/session_test.go
@@ -52,6 +52,8 @@ func TestSession(t *testing.T) {
 		s.CompletedLoginFor(identity.CredentialsTypeRecoveryLink, identity.AuthenticatorAssuranceLevel1)
 		assert.EqualValues(t, identity.CredentialsTypeOIDC, s.AMR[0].Method)
 		assert.EqualValues(t, identity.CredentialsTypeRecoveryLink, s.AMR[1].Method)
+		s.CompletedLoginFor(identity.CredentialsTypeRecoveryCode, identity.AuthenticatorAssuranceLevel1)
+		assert.EqualValues(t, identity.CredentialsTypeRecoveryCode, s.AMR[2].Method)
 	})
 
 	t.Run("case=activate", func(t *testing.T) {
@@ -146,12 +148,21 @@ func TestSession(t *testing.T) {
 			expected: identity.AuthenticatorAssuranceLevel1,
 		},
 		{
-			d:        "recovery is aal1",
-			methods:  []session.AuthenticationMethod{{Method: identity.CredentialsTypeRecoveryLink}},
+			d: "recovery link is aal1",
+			methods: []session.AuthenticationMethod{
+				{Method: identity.CredentialsTypeRecoveryLink},
+			},
 			expected: identity.AuthenticatorAssuranceLevel1,
 		},
 		{
-			d: "mix of password, oidc, recovery is still aal1",
+			d: "recovery code is aal1",
+			methods: []session.AuthenticationMethod{
+				{Method: identity.CredentialsTypeRecoveryCode},
+			},
+			expected: identity.AuthenticatorAssuranceLevel1,
+		},
+		{
+			d: "mix of password, oidc, recovery link is still aal1",
 			methods: []session.AuthenticationMethod{
 				{Method: identity.CredentialsTypeRecoveryLink},
 				{Method: identity.CredentialsTypeOIDC},
@@ -159,6 +170,15 @@ func TestSession(t *testing.T) {
 			},
 			expected: identity.AuthenticatorAssuranceLevel1,
 		},
+		{
+			d: "mix of password, oidc, recovery code is still aal1",
+			methods: []session.AuthenticationMethod{
+				{Method: identity.CredentialsTypeRecoveryCode},
+				{Method: identity.CredentialsTypeOIDC},
+				{Method: identity.CredentialsTypePassword},
+			},
+			expected: identity.AuthenticatorAssuranceLevel1,
+		},
 		{
 			d:        "just totp is gracefully aal1",
 			methods:  []session.AuthenticationMethod{{Method: identity.CredentialsTypeTOTP}},
@@ -204,6 +224,14 @@ func TestSession(t *testing.T) {
 			},
 			expected: identity.AuthenticatorAssuranceLevel2,
 		},
+		{
+			d: "recovery code + totp is aal2",
+			methods: []session.AuthenticationMethod{
+				{Method: identity.CredentialsTypeRecoveryCode},
+				{Method: identity.CredentialsTypeTOTP},
+			},
+			expected: identity.AuthenticatorAssuranceLevel2,
+		},
 		{
 			d: "recovery link + lookup is aal2",
 			methods: []session.AuthenticationMethod{
@@ -212,6 +240,14 @@ func TestSession(t *testing.T) {
 			},
 			expected: identity.AuthenticatorAssuranceLevel2,
 		},
+		{
+			d: "recovery code + lookup is aal2",
+			methods: []session.AuthenticationMethod{
+				{Method: identity.CredentialsTypeRecoveryCode},
+				{Method: identity.CredentialsTypeLookup},
+			},
+			expected: identity.AuthenticatorAssuranceLevel2,
+		},
 		{
 			d: "recovery link + passwordless webauth is aal1",
 			methods: []session.AuthenticationMethod{
@@ -220,6 +256,14 @@ func TestSession(t *testing.T) {
 			},
 			expected: identity.AuthenticatorAssuranceLevel1,
 		},
+		{
+			d: "recovery code + passwordless webauth is aal1",
+			methods: []session.AuthenticationMethod{
+				{Method: identity.CredentialsTypeRecoveryCode},
+				{Method: identity.CredentialsTypeWebAuthn, AAL: identity.AuthenticatorAssuranceLevel1},
+			},
+			expected: identity.AuthenticatorAssuranceLevel1,
+		},
 		{
 			d: "respects AAL on AAL1",
 			methods: []session.AuthenticationMethod{
diff --git a/spec/api.json b/spec/api.json
index e80eb209e36c..1a71a55903ca 100755
--- a/spec/api.json
+++ b/spec/api.json
@@ -164,6 +164,24 @@
         },
         "type": "object"
       },
+      "adminCreateSelfServiceRecoveryCodeBody": {
+        "properties": {
+          "expires_in": {
+            "description": "Code Expires In\n\nThe recovery code will expire at that point in time. Defaults to the configuration value of\n`selfservice.flows.recovery.request_lifespan`.",
+            "pattern": "^([0-9]+(ns|us|ms|s|m|h))*$",
+            "type": "string"
+          },
+          "identity_id": {
+            "description": "Identity to Recover\n\nThe identity's ID you wish to recover.",
+            "format": "uuid",
+            "type": "string"
+          }
+        },
+        "required": [
+          "identity_id"
+        ],
+        "type": "object"
+      },
       "adminCreateSelfServiceRecoveryLinkBody": {
         "properties": {
           "expires_in": {
@@ -998,11 +1016,33 @@
         ],
         "type": "object"
       },
+      "selfServiceRecoveryCode": {
+        "properties": {
+          "expires_at": {
+            "description": "Expires At is the timestamp of when the recovery flow expires\n\nThe timestamp when the recovery link expires.",
+            "format": "date-time",
+            "type": "string"
+          },
+          "recovery_code": {
+            "description": "RecoveryCode is the code that can be used to recover the account",
+            "type": "string"
+          },
+          "recovery_link": {
+            "description": "RecoveryLink with flow\n\nThis link opens the recovery UI with an empty `code` field.",
+            "type": "string"
+          }
+        },
+        "required": [
+          "recovery_link",
+          "recovery_code"
+        ],
+        "type": "object"
+      },
       "selfServiceRecoveryFlow": {
         "description": "This request is used when an identity wants to recover their account.\n\nWe recommend reading the [Account Recovery Documentation](../self-service/flows/password-reset-account-recovery)",
         "properties": {
           "active": {
-            "description": "Active, if set, contains the registration method that is being used. It is initially\nnot set.",
+            "description": "Active, if set, contains the recovery method that is being used. It is initially\nnot set.",
             "type": "string"
           },
           "expires_at": {
@@ -1310,6 +1350,7 @@
           "method": {
             "enum": [
               "link_recovery",
+              "code_recovery",
               "password",
               "totp",
               "oidc",
@@ -1573,6 +1614,7 @@
       "submitSelfServiceRecoveryFlowBody": {
         "discriminator": {
           "mapping": {
+            "code": "#/components/schemas/submitSelfServiceRecoveryFlowWithCodeMethodBody",
             "link": "#/components/schemas/submitSelfServiceRecoveryFlowWithLinkMethodBody"
           },
           "propertyName": "method"
@@ -1580,9 +1622,36 @@
         "oneOf": [
           {
             "$ref": "#/components/schemas/submitSelfServiceRecoveryFlowWithLinkMethodBody"
+          },
+          {
+            "$ref": "#/components/schemas/submitSelfServiceRecoveryFlowWithCodeMethodBody"
           }
         ]
       },
+      "submitSelfServiceRecoveryFlowWithCodeMethodBody": {
+        "properties": {
+          "code": {
+            "description": "Code from recovery email\n\nSent to the user once a recovery has been initiated and is used to prove\nthat the user is in possession of the email",
+            "type": "string"
+          },
+          "csrf_token": {
+            "description": "Sending the anti-csrf token is only required for browser login flows.",
+            "type": "string"
+          },
+          "email": {
+            "description": "Email to Recover\n\nNeeds to be set when initiating the flow. If the email is a registered\nrecovery email, a recovery link will be sent. If the email is not known,\na email with details on what happened will be sent instead.\n\nformat: email",
+            "type": "string"
+          },
+          "method": {
+            "description": "Method supports `link` and `code` only right now.",
+            "type": "string"
+          }
+        },
+        "required": [
+          "method"
+        ],
+        "type": "object"
+      },
       "submitSelfServiceRecoveryFlowWithLinkMethodBody": {
         "properties": {
           "csrf_token": {
@@ -2033,19 +2102,20 @@
             "$ref": "#/components/schemas/uiNodeAttributes"
           },
           "group": {
-            "description": "Group specifies which group (e.g. password authenticator) this node belongs to.\ndefault DefaultGroup\npassword PasswordGroup\noidc OpenIDConnectGroup\nprofile ProfileGroup\nlink LinkGroup\ntotp TOTPGroup\nlookup_secret LookupGroup\nwebauthn WebAuthnGroup",
+            "description": "Group specifies which group (e.g. password authenticator) this node belongs to.\ndefault DefaultGroup\npassword PasswordGroup\noidc OpenIDConnectGroup\nprofile ProfileGroup\nlink LinkGroup\ncode CodeGroup\ntotp TOTPGroup\nlookup_secret LookupGroup\nwebauthn WebAuthnGroup",
             "enum": [
               "default",
               "password",
               "oidc",
               "profile",
               "link",
+              "code",
               "totp",
               "lookup_secret",
               "webauthn"
             ],
             "type": "string",
-            "x-go-enum-desc": "default DefaultGroup\npassword PasswordGroup\noidc OpenIDConnectGroup\nprofile ProfileGroup\nlink LinkGroup\ntotp TOTPGroup\nlookup_secret LookupGroup\nwebauthn WebAuthnGroup"
+            "x-go-enum-desc": "default DefaultGroup\npassword PasswordGroup\noidc OpenIDConnectGroup\nprofile ProfileGroup\nlink LinkGroup\ncode CodeGroup\ntotp TOTPGroup\nlookup_secret LookupGroup\nwebauthn WebAuthnGroup"
           },
           "messages": {
             "$ref": "#/components/schemas/uiTexts"
@@ -3148,6 +3218,68 @@
         ]
       }
     },
+    "/admin/recovery/code": {
+      "post": {
+        "description": "This endpoint creates a recovery code which should be given to the user in order for them to recover\n(or activate) their account.",
+        "operationId": "adminCreateSelfServiceRecoveryCode",
+        "requestBody": {
+          "content": {
+            "application/json": {
+              "schema": {
+                "$ref": "#/components/schemas/adminCreateSelfServiceRecoveryCodeBody"
+              }
+            }
+          },
+          "x-originalParamName": "Body"
+        },
+        "responses": {
+          "201": {
+            "content": {
+              "application/json": {
+                "schema": {
+                  "$ref": "#/components/schemas/selfServiceRecoveryCode"
+                }
+              }
+            },
+            "description": "selfServiceRecoveryCode"
+          },
+          "400": {
+            "content": {
+              "application/json": {
+                "schema": {
+                  "$ref": "#/components/schemas/jsonError"
+                }
+              }
+            },
+            "description": "jsonError"
+          },
+          "404": {
+            "content": {
+              "application/json": {
+                "schema": {
+                  "$ref": "#/components/schemas/jsonError"
+                }
+              }
+            },
+            "description": "jsonError"
+          },
+          "500": {
+            "content": {
+              "application/json": {
+                "schema": {
+                  "$ref": "#/components/schemas/jsonError"
+                }
+              }
+            },
+            "description": "jsonError"
+          }
+        },
+        "summary": "Create a Recovery Link",
+        "tags": [
+          "v0alpha2"
+        ]
+      }
+    },
     "/admin/recovery/link": {
       "post": {
         "description": "This endpoint creates a recovery link which should be given to the user in order for them to recover\n(or activate) their account.",
@@ -4104,6 +4236,16 @@
             },
             "description": "jsonError"
           },
+          "422": {
+            "content": {
+              "application/json": {
+                "schema": {
+                  "$ref": "#/components/schemas/selfServiceBrowserLocationChangeRequiredError"
+                }
+              }
+            },
+            "description": "selfServiceBrowserLocationChangeRequiredError"
+          },
           "500": {
             "content": {
               "application/json": {
diff --git a/spec/swagger.json b/spec/swagger.json
index 8d007e348b10..32aa534d3f89 100755
--- a/spec/swagger.json
+++ b/spec/swagger.json
@@ -620,6 +620,61 @@
         }
       }
     },
+    "/admin/recovery/code": {
+      "post": {
+        "description": "This endpoint creates a recovery code which should be given to the user in order for them to recover\n(or activate) their account.",
+        "consumes": [
+          "application/json"
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "schemes": [
+          "http",
+          "https"
+        ],
+        "tags": [
+          "v0alpha2"
+        ],
+        "summary": "Create a Recovery Link",
+        "operationId": "adminCreateSelfServiceRecoveryCode",
+        "parameters": [
+          {
+            "name": "Body",
+            "in": "body",
+            "schema": {
+              "$ref": "#/definitions/adminCreateSelfServiceRecoveryCodeBody"
+            }
+          }
+        ],
+        "responses": {
+          "201": {
+            "description": "selfServiceRecoveryCode",
+            "schema": {
+              "$ref": "#/definitions/selfServiceRecoveryCode"
+            }
+          },
+          "400": {
+            "description": "jsonError",
+            "schema": {
+              "$ref": "#/definitions/jsonError"
+            }
+          },
+          "404": {
+            "description": "jsonError",
+            "schema": {
+              "$ref": "#/definitions/jsonError"
+            }
+          },
+          "500": {
+            "description": "jsonError",
+            "schema": {
+              "$ref": "#/definitions/jsonError"
+            }
+          }
+        }
+      }
+    },
     "/admin/recovery/link": {
       "post": {
         "description": "This endpoint creates a recovery link which should be given to the user in order for them to recover\n(or activate) their account.",
@@ -1412,6 +1467,12 @@
               "$ref": "#/definitions/jsonError"
             }
           },
+          "422": {
+            "description": "selfServiceBrowserLocationChangeRequiredError",
+            "schema": {
+              "$ref": "#/definitions/selfServiceBrowserLocationChangeRequiredError"
+            }
+          },
           "500": {
             "description": "jsonError",
             "schema": {
@@ -2692,6 +2753,24 @@
         }
       }
     },
+    "adminCreateSelfServiceRecoveryCodeBody": {
+      "type": "object",
+      "required": [
+        "identity_id"
+      ],
+      "properties": {
+        "expires_in": {
+          "description": "Code Expires In\n\nThe recovery code will expire at that point in time. Defaults to the configuration value of\n`selfservice.flows.recovery.request_lifespan`.",
+          "type": "string",
+          "pattern": "^([0-9]+(ns|us|ms|s|m|h))*$"
+        },
+        "identity_id": {
+          "description": "Identity to Recover\n\nThe identity's ID you wish to recover.",
+          "type": "string",
+          "format": "uuid"
+        }
+      }
+    },
     "adminCreateSelfServiceRecoveryLinkBody": {
       "type": "object",
       "required": [
@@ -3504,6 +3583,28 @@
         }
       }
     },
+    "selfServiceRecoveryCode": {
+      "type": "object",
+      "required": [
+        "recovery_link",
+        "recovery_code"
+      ],
+      "properties": {
+        "expires_at": {
+          "description": "Expires At is the timestamp of when the recovery flow expires\n\nThe timestamp when the recovery link expires.",
+          "type": "string",
+          "format": "date-time"
+        },
+        "recovery_code": {
+          "description": "RecoveryCode is the code that can be used to recover the account",
+          "type": "string"
+        },
+        "recovery_link": {
+          "description": "RecoveryLink with flow\n\nThis link opens the recovery UI with an empty `code` field.",
+          "type": "string"
+        }
+      }
+    },
     "selfServiceRecoveryFlow": {
       "description": "This request is used when an identity wants to recover their account.\n\nWe recommend reading the [Account Recovery Documentation](../self-service/flows/password-reset-account-recovery)",
       "type": "object",
@@ -3519,7 +3620,7 @@
       ],
       "properties": {
         "active": {
-          "description": "Active, if set, contains the registration method that is being used. It is initially\nnot set.",
+          "description": "Active, if set, contains the recovery method that is being used. It is initially\nnot set.",
           "type": "string"
         },
         "expires_at": {
@@ -4029,6 +4130,30 @@
     "submitSelfServiceRecoveryFlowBody": {
       "type": "object"
     },
+    "submitSelfServiceRecoveryFlowWithCodeMethodBody": {
+      "type": "object",
+      "required": [
+        "method"
+      ],
+      "properties": {
+        "code": {
+          "description": "Code from recovery email\n\nSent to the user once a recovery has been initiated and is used to prove\nthat the user is in possession of the email",
+          "type": "string"
+        },
+        "csrf_token": {
+          "description": "Sending the anti-csrf token is only required for browser login flows.",
+          "type": "string"
+        },
+        "email": {
+          "description": "Email to Recover\n\nNeeds to be set when initiating the flow. If the email is a registered\nrecovery email, a recovery link will be sent. If the email is not known,\na email with details on what happened will be sent instead.\n\nformat: email",
+          "type": "string"
+        },
+        "method": {
+          "description": "Method supports `link` and `code` only right now.",
+          "type": "string"
+        }
+      }
+    },
     "submitSelfServiceRecoveryFlowWithLinkMethodBody": {
       "type": "object",
       "required": [
@@ -4427,7 +4552,7 @@
           "$ref": "#/definitions/uiNodeAttributes"
         },
         "group": {
-          "description": "Group specifies which group (e.g. password authenticator) this node belongs to.\ndefault DefaultGroup\npassword PasswordGroup\noidc OpenIDConnectGroup\nprofile ProfileGroup\nlink LinkGroup\ntotp TOTPGroup\nlookup_secret LookupGroup\nwebauthn WebAuthnGroup",
+          "description": "Group specifies which group (e.g. password authenticator) this node belongs to.\ndefault DefaultGroup\npassword PasswordGroup\noidc OpenIDConnectGroup\nprofile ProfileGroup\nlink LinkGroup\ncode CodeGroup\ntotp TOTPGroup\nlookup_secret LookupGroup\nwebauthn WebAuthnGroup",
           "type": "string",
           "enum": [
             "default",
@@ -4435,11 +4560,12 @@
             "oidc",
             "profile",
             "link",
+            "code",
             "totp",
             "lookup_secret",
             "webauthn"
           ],
-          "x-go-enum-desc": "default DefaultGroup\npassword PasswordGroup\noidc OpenIDConnectGroup\nprofile ProfileGroup\nlink LinkGroup\ntotp TOTPGroup\nlookup_secret LookupGroup\nwebauthn WebAuthnGroup"
+          "x-go-enum-desc": "default DefaultGroup\npassword PasswordGroup\noidc OpenIDConnectGroup\nprofile ProfileGroup\nlink LinkGroup\ncode CodeGroup\ntotp TOTPGroup\nlookup_secret LookupGroup\nwebauthn WebAuthnGroup"
         },
         "messages": {
           "$ref": "#/definitions/uiTexts"
diff --git a/test/e2e/cypress/helpers/index.ts b/test/e2e/cypress/helpers/index.ts
index 48e365e381a8..bc01da3725cc 100644
--- a/test/e2e/cypress/helpers/index.ts
+++ b/test/e2e/cypress/helpers/index.ts
@@ -89,3 +89,12 @@ export const verifyLifespan = 5000 + 1000
 export const privilegedLifespan = 5000 + 1000
 
 export const appPrefix = (app) => `[data-testid="app-${app}"] `
+
+export function extractRecoveryCode(body: string): string | null {
+  const codeRegex = /(\d{8})/
+  const result = codeRegex.exec(body)
+  if (result != null && result.length > 0) {
+    return result[0]
+  }
+  return null
+}
diff --git a/test/e2e/cypress/integration/profiles/recovery/code/errors.spec.ts b/test/e2e/cypress/integration/profiles/recovery/code/errors.spec.ts
new file mode 100644
index 000000000000..5188f3556657
--- /dev/null
+++ b/test/e2e/cypress/integration/profiles/recovery/code/errors.spec.ts
@@ -0,0 +1,186 @@
+import { extractRecoveryCode, appPrefix, gen } from "../../../../helpers"
+import { routes as react } from "../../../../helpers/react"
+import { routes as express } from "../../../../helpers/express"
+
+context("Account Recovery Errors", () => {
+  ;[
+    {
+      recovery: react.recovery,
+      app: "react" as "react",
+      profile: "spa",
+    },
+    {
+      recovery: express.recovery,
+      app: "express" as "express",
+      profile: "recovery",
+    },
+  ].forEach(({ recovery, profile, app }) => {
+    describe(`for app ${app}`, () => {
+      before(() => {
+        cy.deleteMail()
+        cy.useConfigProfile(profile)
+        cy.proxy(app)
+      })
+
+      beforeEach(() => {
+        cy.deleteMail()
+        cy.longRecoveryLifespan()
+        cy.longCodeLifespan()
+        cy.disableVerification()
+        cy.enableRecovery()
+        cy.useRecoveryStrategy("code")
+      })
+
+      it("should invalidate flow if wrong code is submitted too often", () => {
+        const identity = gen.identityWithWebsite()
+        cy.registerApi(identity)
+        cy.visit(recovery)
+        cy.get(appPrefix(app) + "input[name='email']").type(identity.email)
+        cy.get("button[value='code']").click()
+        cy.get('[data-testid="ui/message/1060003"]').should(
+          "have.text",
+          "An email containing a recovery code has been sent to the email address you provided.",
+        )
+        cy.recoveryEmailWithCode({
+          expect: { email: identity.email, enterCode: false },
+        })
+        for (let i = 0; i < 5; i++) {
+          cy.get("input[name='code']").type((i + "").repeat(8)) // Invalid code
+          cy.get("button[value='code']").click()
+          cy.get('[data-testid="ui/message/4060006"]').should(
+            "have.text",
+            "The recovery code is invalid or has already been used. Please try again.",
+          )
+          cy.noSession()
+        }
+
+        cy.get("input[name='code']").type("12312312") // Invalid code
+        cy.get("button[value='code']").click()
+        cy.get('[data-testid="ui/message/4000001"]').should(
+          "have.text",
+          "The recovery was submitted too often. Please try again.",
+        )
+        cy.noSession()
+        cy.get(appPrefix(app) + "input[name='email']").type(identity.email)
+        cy.get("button[value='code']").click()
+        cy.get('[data-testid="ui/message/1060003"]').should(
+          "have.text",
+          "An email containing a recovery code has been sent to the email address you provided.",
+        )
+        cy.recoveryEmailWithCode({
+          expect: { email: identity.email, enterCode: false },
+        })
+      })
+
+      it("shows code expired message if expired code is submitted", () => {
+        cy.visit(recovery)
+
+        cy.shortCodeLifespan()
+
+        const identity = gen.identityWithWebsite()
+        cy.registerApi(identity)
+        cy.get(appPrefix(app) + "input[name='email']").type(identity.email)
+        cy.get("button[value='code']").click()
+        cy.recoveryEmailWithCode({ expect: { email: identity.email } })
+        cy.get("button[value='code']").click()
+
+        cy.get('[data-testid="ui/message/4060005"]').should(
+          "contain.text",
+          "The recovery flow expired",
+        )
+
+        cy.noSession()
+      })
+
+      it("should receive a stub email when recovering a non-existent account", () => {
+        cy.visit(recovery)
+
+        const email = gen.email()
+        cy.get(appPrefix(app) + 'input[name="email"]').type(email)
+        cy.get('button[value="code"]').click()
+
+        cy.location("pathname").should("eq", "/recovery")
+        cy.get('[data-testid="ui/message/1060003"]').should(
+          "have.text",
+          "An email containing a recovery code has been sent to the email address you provided.",
+        )
+        cy.get('input[name="code"]').should("be.visible")
+
+        cy.getMail().should((message) => {
+          expect(message.subject).to.equal("Account access attempted")
+          expect(message.fromAddress.trim()).to.equal("no-reply@ory.kratos.sh")
+          expect(message.toAddresses).to.have.length(1)
+          expect(message.toAddresses[0].trim()).to.equal(email)
+
+          const code = extractRecoveryCode(message.body)
+          expect(code).to.be.null
+        })
+      })
+
+      it("should cause form errors", () => {
+        cy.visit(recovery)
+
+        cy.get('button[value="code"]').click()
+        cy.get('[data-testid="ui/message/4000002"]').should(
+          "contain.text",
+          "Property email is missing.",
+        )
+        cy.get('[name="method"][value="code"]').should("exist")
+      })
+
+      it("is unable to recover the account if the code is incorrect", () => {
+        const identity = gen.identityWithWebsite()
+        cy.registerApi(identity)
+        cy.visit(recovery)
+        cy.get(appPrefix(app) + "input[name='email']").type(identity.email)
+        cy.get("button[value='code']").click()
+        cy.get('[data-testid="ui/message/1060003"]').should(
+          "have.text",
+          "An email containing a recovery code has been sent to the email address you provided.",
+        )
+        cy.get("input[name='code']").type("01234567") // Invalid code
+        cy.get("button[value='code']").click()
+        cy.get('[data-testid="ui/message/4060006"]').should(
+          "have.text",
+          "The recovery code is invalid or has already been used. Please try again.",
+        )
+        cy.noSession()
+      })
+
+      it("should cause non-repeating form errors after submitting empty form twice. see: #2512", () => {
+        cy.visit(recovery)
+        cy.get('button[value="code"]').click()
+        cy.location("pathname").should("eq", "/recovery")
+
+        cy.get('button[value="code"]').click()
+        cy.get('[data-testid="ui/message/4000002"]').should(
+          "contain.text",
+          "Property email is missing.",
+        )
+        cy.get("form")
+          .find('[data-testid="ui/message/4000002"]')
+          .should("have.length", 1)
+        cy.get('[name="method"][value="code"]').should("exist")
+      })
+
+      it("invalid remote recovery email template", () => {
+        cy.remoteCourierRecoveryCodeTemplates()
+        const identity = gen.identityWithWebsite()
+        cy.registerApi(identity)
+        cy.visit(recovery)
+        cy.get(appPrefix(app) + "input[name='email']").type(identity.email)
+        cy.get("button[value='code']").click()
+        cy.get('[data-testid="ui/message/1060003"]').should(
+          "have.text",
+          "An email containing a recovery code has been sent to the email address you provided.",
+        )
+
+        cy.getMail().then((mail) => {
+          expect(mail.body).to.include(
+            "this is a remote invalid recovery template",
+          )
+        })
+      })
+    })
+  })
+})
diff --git a/test/e2e/cypress/integration/profiles/recovery/code/success.spec.ts b/test/e2e/cypress/integration/profiles/recovery/code/success.spec.ts
new file mode 100644
index 000000000000..d41affdc5496
--- /dev/null
+++ b/test/e2e/cypress/integration/profiles/recovery/code/success.spec.ts
@@ -0,0 +1,185 @@
+import { appPrefix, assertRecoveryAddress, gen } from "../../../../helpers"
+import { routes as react } from "../../../../helpers/react"
+import { routes as express } from "../../../../helpers/express"
+
+context("Account Recovery With Code Success", () => {
+  ;[
+    {
+      recovery: react.recovery,
+      base: react.base,
+      app: "react" as "react",
+      profile: "spa",
+    },
+    {
+      recovery: express.recovery,
+      base: express.base,
+      app: "express" as "express",
+      profile: "recovery",
+    },
+  ].forEach(({ recovery, profile, base, app }) => {
+    describe(`for app ${app}`, () => {
+      before(() => {
+        cy.deleteMail()
+        cy.useConfigProfile(profile)
+        cy.proxy(app)
+      })
+
+      let identity
+
+      beforeEach(() => {
+        cy.deleteMail()
+        cy.longRecoveryLifespan()
+        cy.longLinkLifespan()
+        cy.disableVerification()
+        cy.enableRecovery()
+        cy.useRecoveryStrategy("code")
+
+        identity = gen.identityWithWebsite()
+        cy.registerApi(identity)
+      })
+
+      it("should contain the recovery address in the session", () => {
+        cy.visit(recovery)
+        cy.login({ ...identity, cookieUrl: base })
+        cy.getSession().should(assertRecoveryAddress(identity))
+      })
+
+      it("should perform a recovery flow", () => {
+        cy.visit(recovery)
+        cy.get(appPrefix(app) + "input[name='email']").type(identity.email)
+        cy.get("button[value='code']").click()
+        cy.get('[data-testid="ui/message/1060003"]').should(
+          "have.text",
+          "An email containing a recovery code has been sent to the email address you provided.",
+        )
+
+        cy.recoveryEmailWithCode({ expect: { email: identity.email } })
+        cy.get("button[value='code']").click()
+
+        cy.get('[data-testid="ui/message/1060001"]', { timeout: 30000 }).should(
+          "contain.text",
+          "You successfully recovered your account. ",
+        )
+
+        cy.getSession()
+        cy.location("pathname").should("eq", "/settings")
+
+        const newPassword = gen.password()
+        cy.get(appPrefix(app) + 'input[name="password"]')
+          .clear()
+          .type(newPassword)
+        cy.get('button[value="password"]').click()
+        cy.expectSettingsSaved()
+        cy.get('input[name="password"]').should("be.empty")
+
+        cy.logout()
+        cy.login({
+          email: identity.email,
+          password: newPassword,
+          cookieUrl: base,
+        })
+      })
+
+      it("should recover account with correct code after entering wrong code", () => {
+        const identity = gen.identityWithWebsite()
+        cy.registerApi(identity)
+        cy.visit(recovery)
+        cy.get(appPrefix(app) + "input[name='email']").type(identity.email)
+        cy.get("button[value='code']").click()
+        cy.get('[data-testid="ui/message/1060003"]').should(
+          "have.text",
+          "An email containing a recovery code has been sent to the email address you provided.",
+        )
+        cy.get("input[name='code']").type("12312312") // Invalid code
+        cy.get("button[value='code']").click()
+        cy.get('[data-testid="ui/message/4060006"]').should(
+          "have.text",
+          "The recovery code is invalid or has already been used. Please try again.",
+        )
+        cy.noSession()
+        cy.recoveryEmailWithCode({ expect: { email: identity.email } })
+        cy.get("button[value='code']").click()
+
+        cy.get('[data-testid="ui/message/1060001"]', { timeout: 30000 }).should(
+          "contain.text",
+          "You successfully recovered your account. ",
+        )
+        cy.getSession()
+        cy.location("pathname").should("eq", "/settings")
+        cy.get('input[name="traits.email"]').should(
+          "have.value",
+          identity.email,
+        )
+      })
+
+      it("should recover account after resending code", () => {
+        const identity = gen.identityWithWebsite()
+        cy.registerApi(identity)
+        cy.visit(recovery)
+        cy.get(appPrefix(app) + "input[name='email']").type(identity.email)
+        cy.get("button[value='code']").click()
+        cy.get('[data-testid="ui/message/1060003"]').should(
+          "have.text",
+          "An email containing a recovery code has been sent to the email address you provided.",
+        )
+
+        cy.recoveryEmailWithCode({
+          expect: { email: identity.email, enterCode: false },
+        })
+
+        cy.get("button[name='email']").click() // resend code
+        cy.noSession()
+
+        cy.recoveryEmailWithCode({
+          expect: { email: identity.email },
+        })
+        cy.get("button[value='code']").click()
+
+        cy.get('[data-testid="ui/message/1060001"]', { timeout: 30000 }).should(
+          "contain.text",
+          "You successfully recovered your account. ",
+        )
+        cy.getSession()
+        cy.location("pathname").should("eq", "/settings")
+        cy.get('input[name="traits.email"]').should(
+          "have.value",
+          identity.email,
+        )
+      })
+    })
+  })
+
+  it("should recover, set password and be redirected", () => {
+    const app = "express" as "express"
+    cy.deleteMail()
+    cy.useConfigProfile("recovery")
+    cy.proxy(app)
+
+    cy.deleteMail()
+    cy.longRecoveryLifespan()
+    cy.longCodeLifespan()
+    cy.disableVerification()
+    cy.enableRecovery()
+    cy.useRecoveryStrategy("code")
+
+    const identity = gen.identityWithWebsite()
+    cy.registerApi(identity)
+    cy.visit(express.recovery + "?return_to=https://www.ory.sh/")
+    cy.get("input[name='email']").type(identity.email)
+    cy.get("button[value='code']").click()
+    cy.get('[data-testid="ui/message/1060003"]').should(
+      "have.text",
+      "An email containing a recovery code has been sent to the email address you provided.",
+    )
+
+    cy.recoveryEmailWithCode({ expect: { email: identity.email } })
+    cy.get("button[value='code']").click()
+
+    cy.getSession()
+    cy.location("pathname").should("eq", "/settings")
+
+    cy.get('input[name="password"]').clear().type(gen.password())
+    cy.get('button[value="password"]').click()
+    cy.url().should("eq", "https://www.ory.sh/")
+  })
+})
diff --git a/test/e2e/cypress/integration/profiles/recovery/recovery/errors.spec.ts b/test/e2e/cypress/integration/profiles/recovery/link/errors.spec.ts
similarity index 98%
rename from test/e2e/cypress/integration/profiles/recovery/recovery/errors.spec.ts
rename to test/e2e/cypress/integration/profiles/recovery/link/errors.spec.ts
index 4fafa0f14e1e..b88797fd6325 100644
--- a/test/e2e/cypress/integration/profiles/recovery/recovery/errors.spec.ts
+++ b/test/e2e/cypress/integration/profiles/recovery/link/errors.spec.ts
@@ -28,6 +28,9 @@ context("Account Recovery Errors", () => {
         cy.longLinkLifespan()
         cy.disableVerification()
         cy.enableRecovery()
+        cy.useRecoveryStrategy("link")
+        cy.disableRecoveryStrategy("code")
+        cy.clearAllCookies()
       })
 
       it("responds with a HTML response on link click of an API flow if the link is expired", () => {
diff --git a/test/e2e/cypress/integration/profiles/recovery/recovery/success.spec.ts b/test/e2e/cypress/integration/profiles/recovery/link/success.spec.ts
similarity index 98%
rename from test/e2e/cypress/integration/profiles/recovery/recovery/success.spec.ts
rename to test/e2e/cypress/integration/profiles/recovery/link/success.spec.ts
index 20a00bcdf6a5..7e43dd4cec1b 100644
--- a/test/e2e/cypress/integration/profiles/recovery/recovery/success.spec.ts
+++ b/test/e2e/cypress/integration/profiles/recovery/link/success.spec.ts
@@ -32,6 +32,7 @@ context("Account Recovery Success", () => {
         cy.longLinkLifespan()
         cy.disableVerification()
         cy.enableRecovery()
+        cy.useRecoveryStrategy("link")
 
         identity = gen.identityWithWebsite()
         cy.registerApi(identity)
diff --git a/test/e2e/cypress/support/commands.ts b/test/e2e/cypress/support/commands.ts
index e80e0fc69205..cdbfceea7450 100644
--- a/test/e2e/cypress/support/commands.ts
+++ b/test/e2e/cypress/support/commands.ts
@@ -9,11 +9,13 @@ import {
   parseHtml,
   pollInterval,
   privilegedLifespan,
+  extractRecoveryCode,
 } from "../helpers"
 
 import dayjs from "dayjs"
 import YAML from "yamljs"
 import { Session } from "@ory/kratos-client"
+import { RecoveryStrategy } from "."
 
 const configFile = "kratos.generated.yml"
 
@@ -146,6 +148,34 @@ Cypress.Commands.add("longLinkLifespan", ({} = {}) => {
   })
 })
 
+Cypress.Commands.add("shortCodeLifespan", ({} = {}) => {
+  updateConfigFile((config) => {
+    config.selfservice.methods.code.config.lifespan = "1ms"
+    return config
+  })
+})
+
+Cypress.Commands.add("longCodeLifespan", ({} = {}) => {
+  updateConfigFile((config) => {
+    config.selfservice.methods.code.config.lifespan = "1m"
+    return config
+  })
+})
+
+Cypress.Commands.add("shortCodeLifespan", ({} = {}) => {
+  updateConfigFile((config) => {
+    config.selfservice.methods.code.config.lifespan = "1ms"
+    return config
+  })
+})
+
+Cypress.Commands.add("longCodeLifespan", ({} = {}) => {
+  updateConfigFile((config) => {
+    config.selfservice.methods.code.config.lifespan = "1m"
+    return config
+  })
+})
+
 Cypress.Commands.add("longRecoveryLifespan", ({} = {}) => {
   updateConfigFile((config) => {
     config.selfservice.flows.recovery.lifespan = "1m"
@@ -214,11 +244,38 @@ Cypress.Commands.add("enableVerification", ({} = {}) => {
 
 Cypress.Commands.add("enableRecovery", ({} = {}) => {
   updateConfigFile((config) => {
+    if (!config.selfservice.flows.recovery) {
+      config.selfservice.flows.recovery = {}
+    }
     config.selfservice.flows.recovery.enabled = true
     return config
   })
 })
 
+Cypress.Commands.add("useRecoveryStrategy", (strategy: RecoveryStrategy) => {
+  updateConfigFile((config) => {
+    if (!config.selfservice.flows.recovery) {
+      config.selfservice.flows.recovery = {}
+    }
+    config.selfservice.flows.recovery.use = strategy
+    if (!config.selfservice.methods[strategy]) {
+      config.selfservice.methods[strategy] = {}
+    }
+    config.selfservice.methods[strategy].enabled = true
+    return config
+  })
+})
+
+Cypress.Commands.add(
+  "disableRecoveryStrategy",
+  (strategy: RecoveryStrategy) => {
+    updateConfigFile((config) => {
+      config.selfservice.methods[strategy].enabled = false
+      return config
+    })
+  },
+)
+
 Cypress.Commands.add("disableRecovery", ({} = {}) => {
   updateConfigFile((config) => {
     config.selfservice.flows.recovery.enabled = false
@@ -615,6 +672,36 @@ Cypress.Commands.add("remoteCourierRecoveryTemplates", ({} = {}) => {
   })
 })
 
+Cypress.Commands.add("remoteCourierRecoveryCodeTemplates", ({} = {}) => {
+  updateConfigFile((config) => {
+    config.courier.templates = {
+      recovery_code: {
+        invalid: {
+          email: {
+            body: {
+              html: "base64://SGksCgp0aGlzIGlzIGEgcmVtb3RlIGludmFsaWQgcmVjb3ZlcnkgdGVtcGxhdGU=",
+              plaintext:
+                "base64://SGksCgp0aGlzIGlzIGEgcmVtb3RlIGludmFsaWQgcmVjb3ZlcnkgdGVtcGxhdGU=",
+            },
+            subject: "base64://QWNjb3VudCBBY2Nlc3MgQXR0ZW1wdGVk",
+          },
+        },
+        valid: {
+          email: {
+            body: {
+              html: "base64://SGksCgp0aGlzIGlzIGEgcmVtb3RlIGludmFsaWQgcmVjb3ZlcnkgdGVtcGxhdGUKcGxlYXNlIHJlY292ZXIgYWNjZXNzIHRvIHlvdXIgYWNjb3VudCBieSBlbnRlcmluZyB0aGUgZm9sbG93aW5nIGNvZGU6Cgp7eyAuUmVjb3ZlcnlDb2RlIH19Cg==",
+              plaintext:
+                "base64://SGksCgp0aGlzIGlzIGEgcmVtb3RlIGludmFsaWQgcmVjb3ZlcnkgdGVtcGxhdGUKcGxlYXNlIHJlY292ZXIgYWNjZXNzIHRvIHlvdXIgYWNjb3VudCBieSBlbnRlcmluZyB0aGUgZm9sbG93aW5nIGNvZGU6Cgp7eyAuUmVjb3ZlcnlDb2RlIH19Cg==",
+            },
+            subject: "base64://UmVjb3ZlciBhY2Nlc3MgdG8geW91ciBhY2NvdW50",
+          },
+        },
+      },
+    }
+    return config
+  })
+})
+
 Cypress.Commands.add(
   "loginOidc",
   ({ expectSession = true, url = APP_URL + "/login" }) => {
@@ -926,6 +1013,23 @@ Cypress.Commands.add("recoverEmailButExpired", ({ expect: { email } }) => {
   })
 })
 
+Cypress.Commands.add(
+  "recoveryEmailWithCode",
+  ({ expect: { email, enterCode = true } }) => {
+    cy.getMail({ removeMail: true }).should((message) => {
+      expect(message.subject).to.equal("Recover access to your account")
+      expect(message.toAddresses[0].trim()).to.equal(email)
+
+      const code = extractRecoveryCode(message.body)
+      expect(code).to.not.be.undefined
+      expect(code.length).to.equal(8)
+      if (enterCode) {
+        cy.get("input[name='code']").type(code)
+      }
+    })
+  },
+)
+
 Cypress.Commands.add(
   "recoverEmail",
   ({ expect: { email }, shouldVisit = true }) =>
diff --git a/test/e2e/cypress/support/index.d.ts b/test/e2e/cypress/support/index.d.ts
index 4fe1fea58b29..d29a5f6d00ba 100644
--- a/test/e2e/cypress/support/index.d.ts
+++ b/test/e2e/cypress/support/index.d.ts
@@ -7,6 +7,8 @@ export interface MailMessage {
   subject: string
 }
 
+export type RecoveryStrategy = "code" | "link"
+
 declare global {
   namespace Cypress {
     interface Chainable {
@@ -180,6 +182,11 @@ declare global {
        */
       remoteCourierRecoveryTemplates(): Chainable
 
+      /**
+       * Change the courier recovery code invalid and valid templates to remote base64 strings
+       */
+      remoteCourierRecoveryCodeTemplates(): Chainable
+
       /**
        * Changes the config so that the registration flow lifespan is very short.
        *
@@ -404,6 +411,24 @@ declare global {
        */
       shortLinkLifespan(): Chainable
 
+      /**
+       * Changes the config so that the code lifespan is very short.
+       *
+       * Useful when testing recovery/verification flows.
+       *
+       * @see longCodeLifespan()
+       */
+      shortCodeLifespan(): Chainable
+
+      /**
+       * Changes the config so that the code lifespan is very long.
+       *
+       * Useful when testing recovery/verification flows.
+       *
+       * @see shortCodeLifespan()
+       */
+      longCodeLifespan(): Chainable
+
       /**
        * Expect a recovery email which is expired.
        *
@@ -413,6 +438,15 @@ declare global {
         expect: { email: string }
       }): Chainable
 
+      /**
+       * Expect a recovery email with a recovery code.
+       *
+       * @param opts
+       */
+      recoveryEmailWithCode(opts?: {
+        expect: { email: string; enterCode?: boolean }
+      }): Chainable
+
       /**
        * Expect a verification email which is expired.
        *
@@ -437,6 +471,18 @@ declare global {
        */
       enableRecovery(): Chainable
 
+      /**
+       * Sets the recovery strategy to use
+       */
+      useRecoveryStrategy(strategy: RecoveryStrategy): Chainable
+
+      /**
+       * Disables a specific recovery strategy
+       *
+       * @param strategy the recovery strategy to disable
+       */
+      disableRecoveryStrategy(strategy: RecoveryStrategy): Chainable
+
       /**
        * Disabled recovery
        */
diff --git a/test/e2e/mock/webhook/go.mod b/test/e2e/mock/webhook/go.mod
index fb09fb3b0c0d..9da3332be887 100644
--- a/test/e2e/mock/webhook/go.mod
+++ b/test/e2e/mock/webhook/go.mod
@@ -4,4 +4,4 @@ go 1.17
 
 require github.com/sirupsen/logrus v1.8.1
 
-require golang.org/x/sys v0.0.0-20220928140112-f11e5e49a4ec // indirect
+require golang.org/x/sys v0.0.0-20220818161305-2296e01440c6 // indirect
diff --git a/test/e2e/mock/webhook/go.sum b/test/e2e/mock/webhook/go.sum
index e220394fc0c8..684141838b11 100644
--- a/test/e2e/mock/webhook/go.sum
+++ b/test/e2e/mock/webhook/go.sum
@@ -8,5 +8,5 @@ github.com/stretchr/testify v1.2.2 h1:bSDNvY7ZPG5RlJ8otE/7V6gMiyenm9RtJ7IUVIAoJ1
 github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
 golang.org/x/sys v0.0.0-20191026070338-33540a1f6037 h1:YyJpGZS1sBuBCzLAR1VEpK193GlqGZbnPFnPV/5Rsb4=
 golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20220928140112-f11e5e49a4ec h1:BkDtF2Ih9xZ7le9ndzTA7KJow28VbQW3odyk/8drmuI=
-golang.org/x/sys v0.0.0-20220928140112-f11e5e49a4ec/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220818161305-2296e01440c6 h1:Sx/u41w+OwrInGdEckYmEuU5gHoGSL4QbDz3S9s6j4U=
+golang.org/x/sys v0.0.0-20220818161305-2296e01440c6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
diff --git a/test/e2e/profiles/kratos.base.yml b/test/e2e/profiles/kratos.base.yml
index 0a7bc25becfe..3b64785421f7 100644
--- a/test/e2e/profiles/kratos.base.yml
+++ b/test/e2e/profiles/kratos.base.yml
@@ -17,6 +17,9 @@ selfservice:
     link:
       config:
         lifespan: 1h
+    code:
+      config:
+        lifespan: 1h
 
 serve:
   public:
diff --git a/test/e2e/profiles/mobile/.kratos.yml b/test/e2e/profiles/mobile/.kratos.yml
index 174d8dcf0723..137b1623e333 100644
--- a/test/e2e/profiles/mobile/.kratos.yml
+++ b/test/e2e/profiles/mobile/.kratos.yml
@@ -12,8 +12,9 @@ selfservice:
       after:
         password:
           hooks:
-            -
-              hook: session
+            - hook: session
+    recovery:
+      enabled: true
 
   methods:
     totp:
diff --git a/text/id.go b/text/id.go
index 57d8abeaaebe..8e9cc4494145 100644
--- a/text/id.go
+++ b/text/id.go
@@ -61,9 +61,10 @@ const (
 )
 
 const (
-	InfoSelfServiceRecovery           ID = 1060000 + iota // 1060000
-	InfoSelfServiceRecoverySuccessful                     // 1060001
-	InfoSelfServiceRecoveryEmailSent                      // 1060002
+	InfoSelfServiceRecovery                  ID = 1060000 + iota // 1060000
+	InfoSelfServiceRecoverySuccessful                            // 1060001
+	InfoSelfServiceRecoveryEmailSent                             // 1060002
+	InfoSelfServiceRecoveryEmailWithCodeSent                     // 1060003
 )
 
 const (
@@ -75,6 +76,7 @@ const (
 	InfoNodeLabelSubmit                            // 1070005
 	InfoNodeLabelVerifyOTP                         // 1070006
 	InfoNodeLabelEmail                             // 1070007
+	InfoNodeLabelResendOTP                         // 1070008
 )
 
 const (
@@ -130,6 +132,7 @@ const (
 	ErrorValidationRecoveryMissingRecoveryToken                          // 4060003
 	ErrorValidationRecoveryTokenInvalidOrAlreadyUsed                     // 4060004
 	ErrorValidationRecoveryFlowExpired                                   // 4060005
+	ErrorValidationRecoveryCodeInvalidOrAlreadyUsed                      // 4060006
 )
 
 const (
diff --git a/text/id_test.go b/text/id_test.go
index 21038cd6c8e7..7213787ce0cb 100644
--- a/text/id_test.go
+++ b/text/id_test.go
@@ -22,6 +22,7 @@ func TestIDs(t *testing.T) {
 	assert.Equal(t, 1060000, int(InfoSelfServiceRecovery))
 	assert.Equal(t, 1060001, int(InfoSelfServiceRecoverySuccessful))
 	assert.Equal(t, 1060002, int(InfoSelfServiceRecoveryEmailSent))
+	assert.Equal(t, 1060003, int(InfoSelfServiceRecoveryEmailWithCodeSent))
 
 	assert.Equal(t, 1070000, int(InfoNodeLabel))
 	assert.Equal(t, 1080000, int(InfoSelfServiceVerification))
@@ -47,4 +48,6 @@ func TestIDs(t *testing.T) {
 	assert.Equal(t, 4070001, int(ErrorValidationVerificationTokenInvalidOrAlreadyUsed))
 
 	assert.Equal(t, 5000000, int(ErrorSystem))
+
+	assert.Equal(t, 4060006, int(ErrorValidationRecoveryCodeInvalidOrAlreadyUsed))
 }
diff --git a/text/message_node.go b/text/message_node.go
index 73083931913b..95b85141b93a 100644
--- a/text/message_node.go
+++ b/text/message_node.go
@@ -55,3 +55,11 @@ func NewInfoNodeInputEmail() *Message {
 		Type: Info,
 	}
 }
+
+func NewInfoNodeResendOTP() *Message {
+	return &Message{
+		ID:   InfoNodeLabelEmail,
+		Text: "Resend code",
+		Type: Info,
+	}
+}
diff --git a/text/message_recovery.go b/text/message_recovery.go
index ae13cbef9472..0ac63807e820 100644
--- a/text/message_recovery.go
+++ b/text/message_recovery.go
@@ -37,6 +37,15 @@ func NewRecoveryEmailSent() *Message {
 	}
 }
 
+func NewRecoveryEmailWithCodeSent() *Message {
+	return &Message{
+		ID:      InfoSelfServiceRecoveryEmailWithCodeSent,
+		Type:    Info,
+		Text:    "An email containing a recovery code has been sent to the email address you provided.",
+		Context: context(nil),
+	}
+}
+
 func NewErrorValidationRecoveryTokenInvalidOrAlreadyUsed() *Message {
 	return &Message{
 		ID:      ErrorValidationRecoveryTokenInvalidOrAlreadyUsed,
@@ -46,6 +55,15 @@ func NewErrorValidationRecoveryTokenInvalidOrAlreadyUsed() *Message {
 	}
 }
 
+func NewErrorValidationRecoveryCodeInvalidOrAlreadyUsed() *Message {
+	return &Message{
+		ID:      ErrorValidationRecoveryCodeInvalidOrAlreadyUsed,
+		Text:    "The recovery code is invalid or has already been used. Please try again.",
+		Type:    Error,
+		Context: context(nil),
+	}
+}
+
 func NewErrorValidationRecoveryRetrySuccess() *Message {
 	return &Message{
 		ID:      ErrorValidationRecoveryRetrySuccess,
diff --git a/ui/node/node.go b/ui/node/node.go
index 4856f6d8e9e7..8025cb175691 100644
--- a/ui/node/node.go
+++ b/ui/node/node.go
@@ -41,6 +41,7 @@ const (
 	OpenIDConnectGroup UiNodeGroup = "oidc"
 	ProfileGroup       UiNodeGroup = "profile"
 	LinkGroup          UiNodeGroup = "link"
+	CodeGroup          UiNodeGroup = "code"
 	TOTPGroup          UiNodeGroup = "totp"
 	LookupGroup        UiNodeGroup = "lookup_secret"
 	WebAuthnGroup      UiNodeGroup = "webauthn"
diff --git a/x/xsql/sql.go b/x/xsql/sql.go
index c4f2d5634f7b..ec6344a954c2 100644
--- a/x/xsql/sql.go
+++ b/x/xsql/sql.go
@@ -16,6 +16,7 @@ import (
 	"github.com/ory/kratos/selfservice/flow/registration"
 	"github.com/ory/kratos/selfservice/flow/settings"
 	"github.com/ory/kratos/selfservice/flow/verification"
+	"github.com/ory/kratos/selfservice/strategy/code"
 	"github.com/ory/kratos/selfservice/strategy/link"
 	"github.com/ory/kratos/session"
 )
@@ -34,6 +35,7 @@ func CleanSQL(t *testing.T, c *pop.Connection) {
 
 		new(link.RecoveryToken).TableName(ctx),
 		new(link.VerificationToken).TableName(ctx),
+		new(code.RecoveryCode).TableName(ctx),
 
 		new(recovery.Flow).TableName(ctx),
 

From 8043371e4f4530a186c8d830238a31afb262ed5d Mon Sep 17 00:00:00 2001
From: aeneasr <3372410+aeneasr@users.noreply.github.com>
Date: Thu, 6 Oct 2022 18:30:33 +0000
Subject: [PATCH 292/411] chore: update repository templates to
 https://github.com/ory/meta/commit/23d918a32533554c30d720dc44e821de3cda18f8

---
 CONTRIBUTING.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index 0a1a07ca6d80..fb6622916a76 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -8,7 +8,7 @@ https://github.com/ory/meta/blob/master/templates/repository/common/CONTRIBUTING
 
 -->
 
-# Contribute to Ory Kratos
+# Contribute to Ory Kratos
 
 
 

From aa698e03a3a96abf1563aea24273735bd9cc412d Mon Sep 17 00:00:00 2001
From: Brahm Lower 
Date: Tue, 11 Oct 2022 08:24:18 -0700
Subject: [PATCH 293/411] fix: include metadata_admin in admin identity list
 response (#2791)

Closes #2711
---
 identity/handler.go       |  8 +++++++-
 identity/handler_test.go  |  4 +++-
 identity/identity.go      |  8 ++++++++
 identity/identity_test.go | 11 ++++++++++-
 4 files changed, 28 insertions(+), 3 deletions(-)

diff --git a/identity/handler.go b/identity/handler.go
index 6cca18e574d3..787181cbc847 100644
--- a/identity/handler.go
+++ b/identity/handler.go
@@ -135,8 +135,14 @@ func (h *Handler) list(w http.ResponseWriter, r *http.Request, _ httprouter.Para
 		return
 	}
 
+	// Identities using the marshaler for including metadata_admin
+	isam := make([]WithAdminMetadataInJSON, len(is))
+	for i, identity := range is {
+		isam[i] = WithAdminMetadataInJSON(identity)
+	}
+
 	x.PaginationHeader(w, urlx.AppendPaths(h.r.Config().SelfAdminURL(r.Context()), RouteCollection), total, page, itemsPerPage)
-	h.r.Writer().Write(w, r, is)
+	h.r.Writer().Write(w, r, isam)
 }
 
 // swagger:parameters adminGetIdentity
diff --git a/identity/handler_test.go b/identity/handler_test.go
index d0f52e1ec8fa..0dad86c21409 100644
--- a/identity/handler_test.go
+++ b/identity/handler_test.go
@@ -939,7 +939,9 @@ func TestHandler(t *testing.T) {
 		for name, ts := range map[string]*httptest.Server{"public": publicTS, "admin": adminTS} {
 			t.Run("endpoint="+name, func(t *testing.T) {
 				res := get(t, ts, "/identities", http.StatusOK)
-				assert.Empty(t, res.Get("0.credentials").String(), "%s", res.Raw)
+				assert.False(t, res.Get("0.credentials").Exists(), "credentials config should be omitted: %s", res.Raw)
+				assert.True(t, res.Get("0.metadata_public").Exists(), "metadata_public config should be included: %s", res.Raw)
+				assert.True(t, res.Get("0.metadata_admin").Exists(), "metadata_admin config should be included: %s", res.Raw)
 				assert.EqualValues(t, "baz", res.Get(`#(traits.bar=="baz").traits.bar`).String(), "%s", res.Raw)
 			})
 		}
diff --git a/identity/identity.go b/identity/identity.go
index 9e72358b7af7..8677833f53fc 100644
--- a/identity/identity.go
+++ b/identity/identity.go
@@ -319,6 +319,14 @@ func (i *Identity) UnmarshalJSON(b []byte) error {
 	return err
 }
 
+type WithAdminMetadataInJSON Identity
+
+func (i WithAdminMetadataInJSON) MarshalJSON() ([]byte, error) {
+	type localIdentity Identity
+	i.Credentials = nil
+	return json.Marshal(localIdentity(i))
+}
+
 type WithCredentialsAndAdminMetadataInJSON Identity
 
 func (i WithCredentialsAndAdminMetadataInJSON) MarshalJSON() ([]byte, error) {
diff --git a/identity/identity_test.go b/identity/identity_test.go
index 1837ca925923..8727a4631c1d 100644
--- a/identity/identity_test.go
+++ b/identity/identity_test.go
@@ -169,6 +169,15 @@ func TestMarshalIdentityWithCredentialsWhenCredentialsNil(t *testing.T) {
 	assert.False(t, gjson.Get(b.String(), "credentials").Exists())
 }
 
+func TestMarshalIdentityWithAdminMetadata(t *testing.T) {
+	i := NewIdentity(config.DefaultIdentityTraitsSchemaID)
+	i.MetadataAdmin = []byte(`{"some":"metadata"}`)
+
+	var b bytes.Buffer
+	require.Nil(t, json.NewEncoder(&b).Encode(WithAdminMetadataInJSON(*i)))
+	assert.Equal(t, "metadata", gjson.GetBytes(i.MetadataAdmin, "some").String(), "Original metadata_admin should not be touched by marshalling")
+}
+
 func TestMarshalIdentityWithCredentialsMetadata(t *testing.T) {
 	i := NewIdentity(config.DefaultIdentityTraitsSchemaID)
 	credentials := map[CredentialsType]Credentials{
@@ -188,7 +197,7 @@ func TestMarshalIdentityWithCredentialsMetadata(t *testing.T) {
 
 	assert.JSONEq(t, "{\"password\":{\"type\":\"password\",\"identifiers\":null,\"updated_at\":\"0001-01-01T00:00:00Z\",\"created_at\":\"0001-01-01T00:00:00Z\",\"version\":0}}", credentialsInJson.Raw)
 	assert.Equal(t, credentials, i.Credentials, "Original credentials should not be touched by marshalling")
-	assert.Equal(t, "metadata", gjson.GetBytes(i.MetadataAdmin, "some").String(), "Original credentials should not be touched by marshalling")
+	assert.Equal(t, "metadata", gjson.GetBytes(i.MetadataAdmin, "some").String(), "Original metadata_admin should not be touched by marshalling")
 }
 
 func TestMarshalIdentityWithAll(t *testing.T) {

From d8514b50b5df9c098c77c5cb817602657b2a02ea Mon Sep 17 00:00:00 2001
From: Ajay Kelkar 
Date: Wed, 12 Oct 2022 13:41:02 +0200
Subject: [PATCH 294/411] docs: cypress on arm based mac (#2795)

---
 README.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/README.md b/README.md
index a41de0deedd8..193aef38a58b 100644
--- a/README.md
+++ b/README.md
@@ -706,6 +706,8 @@ You can also run this command from a sub folder.
 
 We use [Cypress](https://www.cypress.io) to run our e2e tests.
 
+⚠️ To run Cypress on ARM based Mac's, at the moment it is [necessary to install Rosetta 2](https://www.cypress.io/blog/2021/01/20/running-cypress-on-the-apple-m1-silicon-arm-architecture-using-rosetta-2/). To install, use the command - `softwareupdate --install-rosetta --agree-to-license`
+
 The simplest way to develop e2e tests is:
 
 

From 0c2efa2d4345c035649208a71332a64c225313c3 Mon Sep 17 00:00:00 2001
From: Brahm Lower 
Date: Thu, 13 Oct 2022 02:16:45 -0700
Subject: [PATCH 295/411] fix: identity sessions list response includes
 pagination headers (#2763)

Closes #2762
---
 persistence/sql/persister_session.go | 20 +++++--
 session/handler.go                   |  7 ++-
 session/handler_test.go              | 89 +++++++++++++++++++++++++++-
 session/persistence.go               |  2 +-
 session/test/persistence.go          | 15 +++--
 5 files changed, 119 insertions(+), 14 deletions(-)

diff --git a/persistence/sql/persister_session.go b/persistence/sql/persister_session.go
index 6b5203bbd700..3dfed9cf455b 100644
--- a/persistence/sql/persister_session.go
+++ b/persistence/sql/persister_session.go
@@ -54,15 +54,16 @@ func (p *Persister) GetSession(ctx context.Context, sid uuid.UUID, expandables s
 }
 
 // ListSessionsByIdentity retrieves sessions for an identity from the store.
-func (p *Persister) ListSessionsByIdentity(ctx context.Context, iID uuid.UUID, active *bool, page, perPage int, except uuid.UUID, expandables session.Expandables) ([]*session.Session, error) {
+func (p *Persister) ListSessionsByIdentity(ctx context.Context, iID uuid.UUID, active *bool, page, perPage int, except uuid.UUID, expandables session.Expandables) ([]*session.Session, int64, error) {
 	ctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, "persistence.sql.ListSessionsByIdentity")
 	defer span.End()
 
 	s := make([]*session.Session, 0)
+	t := int64(0)
 	nid := p.NetworkID(ctx)
 
 	if err := p.Transaction(ctx, func(ctx context.Context, c *pop.Connection) error {
-		q := c.Where("identity_id = ? AND nid = ?", iID, nid).Paginate(page, perPage)
+		q := c.Where("identity_id = ? AND nid = ?", iID, nid)
 		if except != uuid.Nil {
 			q = q.Where("id != ?", except)
 		}
@@ -72,7 +73,16 @@ func (p *Persister) ListSessionsByIdentity(ctx context.Context, iID uuid.UUID, a
 		if len(expandables) > 0 {
 			q = q.Eager(expandables.ToEager()...)
 		}
-		if err := q.All(&s); err != nil {
+
+		// Get the total count of matching items
+		total, err := q.Count(new(session.Session))
+		if err != nil {
+			return sqlcon.HandleError(err)
+		}
+		t = int64(total)
+
+		// Get the paginated list of matching items
+		if err := q.Paginate(page, perPage).All(&s); err != nil {
 			return sqlcon.HandleError(err)
 		}
 
@@ -88,10 +98,10 @@ func (p *Persister) ListSessionsByIdentity(ctx context.Context, iID uuid.UUID, a
 		}
 		return nil
 	}); err != nil {
-		return nil, err
+		return nil, 0, err
 	}
 
-	return s, nil
+	return s, t, nil
 }
 
 // UpsertSession creates a session if not found else updates.
diff --git a/session/handler.go b/session/handler.go
index a69a8c486724..59ef915fff25 100644
--- a/session/handler.go
+++ b/session/handler.go
@@ -11,6 +11,7 @@ import (
 	"github.com/pkg/errors"
 
 	"github.com/ory/x/decoderx"
+	"github.com/ory/x/urlx"
 
 	"github.com/ory/herodot"
 
@@ -304,12 +305,13 @@ func (h *Handler) adminListIdentitySessions(w http.ResponseWriter, r *http.Reque
 	}
 
 	page, perPage := x.ParsePagination(r)
-	sess, err := h.r.SessionPersister().ListSessionsByIdentity(r.Context(), iID, active, page, perPage, uuid.Nil, ExpandEverything)
+	sess, total, err := h.r.SessionPersister().ListSessionsByIdentity(r.Context(), iID, active, page, perPage, uuid.Nil, ExpandEverything)
 	if err != nil {
 		h.r.Writer().WriteError(w, r, err)
 		return
 	}
 
+	x.PaginationHeader(w, urlx.AppendPaths(h.r.Config().SelfAdminURL(r.Context()), RouteCollection), total, page, perPage)
 	h.r.Writer().Write(w, r, sess)
 }
 
@@ -448,12 +450,13 @@ func (h *Handler) listSessions(w http.ResponseWriter, r *http.Request, _ httprou
 	}
 
 	page, perPage := x.ParsePagination(r)
-	sess, err := h.r.SessionPersister().ListSessionsByIdentity(r.Context(), s.IdentityID, pointerx.Bool(true), page, perPage, s.ID, ExpandEverything)
+	sess, total, err := h.r.SessionPersister().ListSessionsByIdentity(r.Context(), s.IdentityID, pointerx.Bool(true), page, perPage, s.ID, ExpandEverything)
 	if err != nil {
 		h.r.Writer().WriteError(w, r, err)
 		return
 	}
 
+	x.PaginationHeader(w, urlx.AppendPaths(h.r.Config().SelfAdminURL(r.Context()), RouteCollection), total, page, perPage)
 	h.r.Writer().Write(w, r, sess)
 }
 
diff --git a/session/handler_test.go b/session/handler_test.go
index 127511caae89..d4afe9ac7800 100644
--- a/session/handler_test.go
+++ b/session/handler_test.go
@@ -7,6 +7,7 @@ import (
 	"io"
 	"net/http"
 	"net/http/httptest"
+	"strconv"
 	"strings"
 	"testing"
 	"time"
@@ -472,6 +473,61 @@ func TestHandlerAdminSessionManagement(t *testing.T) {
 		require.Equal(t, http.StatusNotFound, res.StatusCode)
 	})
 
+	t.Run("case=should return pagination headers on list response", func(t *testing.T) {
+		client := testhelpers.NewClientWithCookies(t)
+		i := identity.NewIdentity("")
+		require.NoError(t, reg.IdentityManager().Create(ctx, i))
+
+		numSessions := 5
+		numSessionsActive := 2
+
+		sess := make([]Session, numSessions)
+		for j := range sess {
+			require.NoError(t, faker.FakeData(&sess[j]))
+			sess[j].Identity = i
+			if j < numSessionsActive {
+				sess[j].Active = true
+			} else {
+				sess[j].Active = false
+			}
+			require.NoError(t, reg.SessionPersister().UpsertSession(ctx, &sess[j]))
+		}
+
+		for _, tc := range []struct {
+			activeOnly         string
+			expectedTotalCount int
+		}{
+			{
+				activeOnly:         "true",
+				expectedTotalCount: numSessionsActive,
+			},
+			{
+				activeOnly:         "false",
+				expectedTotalCount: numSessions - numSessionsActive,
+			},
+			{
+				activeOnly:         "",
+				expectedTotalCount: numSessions,
+			},
+		} {
+			t.Run(fmt.Sprintf("active=%#v", tc.activeOnly), func(t *testing.T) {
+				reqURL := ts.URL + "/admin/identities/" + i.ID.String() + "/sessions"
+				if tc.activeOnly != "" {
+					reqURL += "?active=" + tc.activeOnly
+				}
+				req, _ := http.NewRequest("GET", reqURL, nil)
+				res, err := client.Do(req)
+				require.NoError(t, err)
+				require.Equal(t, http.StatusOK, res.StatusCode)
+
+				totalCount, err := strconv.Atoi(res.Header.Get("X-Total-Count"))
+				require.NoError(t, err)
+				require.Equal(t, tc.expectedTotalCount, totalCount)
+				require.NotEqual(t, "", res.Header.Get("Link"))
+			})
+		}
+	})
+
 	t.Run("case=should respect active on list", func(t *testing.T) {
 		client := testhelpers.NewClientWithCookies(t)
 		i := identity.NewIdentity("")
@@ -559,6 +615,36 @@ func TestHandlerSelfServiceSessionManagement(t *testing.T) {
 		}
 	}
 
+	t.Run("case=list should return pagination headers", func(t *testing.T) {
+		client, i, _ := setup(t)
+
+		numSessions := 5
+		numSessionsActive := 2
+
+		sess := make([]Session, numSessions)
+		for j := range sess {
+			require.NoError(t, faker.FakeData(&sess[j]))
+			sess[j].Identity = i
+			if j < numSessionsActive {
+				sess[j].Active = true
+			} else {
+				sess[j].Active = false
+			}
+			require.NoError(t, reg.SessionPersister().UpsertSession(ctx, &sess[j]))
+		}
+
+		reqURL := ts.URL + "/sessions"
+		req, _ := http.NewRequest("GET", reqURL, nil)
+		res, err := client.Do(req)
+		require.NoError(t, err)
+		require.Equal(t, http.StatusOK, res.StatusCode)
+
+		totalCount, err := strconv.Atoi(res.Header.Get("X-Total-Count"))
+		require.NoError(t, err)
+		require.Equal(t, numSessionsActive, totalCount)
+		require.NotEqual(t, "", res.Header.Get("Link"))
+	})
+
 	t.Run("case=should return 200 and number after invalidating all other sessions", func(t *testing.T) {
 		client, i, currSess := setup(t)
 
@@ -601,9 +687,10 @@ func TestHandlerSelfServiceSessionManagement(t *testing.T) {
 		require.NoError(t, err)
 		require.Equal(t, http.StatusNoContent, res.StatusCode)
 
-		actualOthers, err := reg.SessionPersister().ListSessionsByIdentity(ctx, i.ID, nil, 1, 10, uuid.Nil, ExpandNothing)
+		actualOthers, total, err := reg.SessionPersister().ListSessionsByIdentity(ctx, i.ID, nil, 1, 10, uuid.Nil, ExpandNothing)
 		require.NoError(t, err)
 		require.Len(t, actualOthers, 3)
+		require.Equal(t, int64(3), total)
 
 		for _, s := range actualOthers {
 			if s.ID == others[0].ID {
diff --git a/session/persistence.go b/session/persistence.go
index 2244dff96987..256ae202abec 100644
--- a/session/persistence.go
+++ b/session/persistence.go
@@ -16,7 +16,7 @@ type Persister interface {
 	GetSession(ctx context.Context, sid uuid.UUID, expandables Expandables) (*Session, error)
 
 	// ListSessionsByIdentity retrieves sessions for an identity from the store.
-	ListSessionsByIdentity(ctx context.Context, iID uuid.UUID, active *bool, page, perPage int, except uuid.UUID, expandables Expandables) ([]*Session, error)
+	ListSessionsByIdentity(ctx context.Context, iID uuid.UUID, active *bool, page, perPage int, except uuid.UUID, expandables Expandables) ([]*Session, int64, error)
 
 	// UpsertSession inserts or updates a session into / in the store.
 	UpsertSession(ctx context.Context, s *Session) error
diff --git a/session/test/persistence.go b/session/test/persistence.go
index 3cc8482156cb..25896bcdb331 100644
--- a/session/test/persistence.go
+++ b/session/test/persistence.go
@@ -178,10 +178,11 @@ func TestPersister(ctx context.Context, conf *config.Config, p interface {
 					},
 				} {
 					t.Run("case="+tc.desc, func(t *testing.T) {
-						actual, err := p.ListSessionsByIdentity(ctx, i.ID, tc.active, 1, 10, tc.except, session.ExpandEverything)
+						actual, total, err := p.ListSessionsByIdentity(ctx, i.ID, tc.active, 1, 10, tc.except, session.ExpandEverything)
 						require.NoError(t, err)
 
 						require.Equal(t, len(tc.expected), len(actual))
+						require.Equal(t, int64(len(tc.expected)), total)
 						for _, es := range tc.expected {
 							found := false
 							for _, as := range actual {
@@ -197,8 +198,9 @@ func TestPersister(ctx context.Context, conf *config.Config, p interface {
 
 				t.Run("other network", func(t *testing.T) {
 					_, other := testhelpers.NewNetwork(t, ctx, p)
-					actual, err := other.ListSessionsByIdentity(ctx, i.ID, nil, 1, 10, uuid.Nil, session.ExpandNothing)
+					actual, total, err := other.ListSessionsByIdentity(ctx, i.ID, nil, 1, 10, uuid.Nil, session.ExpandNothing)
 					require.NoError(t, err)
+					require.Equal(t, int64(0), total)
 					assert.Len(t, actual, 0)
 				})
 			})
@@ -322,9 +324,10 @@ func TestPersister(ctx context.Context, conf *config.Config, p interface {
 			require.NoError(t, err)
 			assert.Equal(t, 1, n)
 
-			actual, err := p.ListSessionsByIdentity(ctx, sessions[0].IdentityID, nil, 1, 10, uuid.Nil, session.ExpandNothing)
+			actual, total, err := p.ListSessionsByIdentity(ctx, sessions[0].IdentityID, nil, 1, 10, uuid.Nil, session.ExpandNothing)
 			require.NoError(t, err)
 			require.Len(t, actual, 2)
+			require.Equal(t, int64(2), total)
 
 			if actual[0].ID == sessions[0].ID {
 				assert.True(t, actual[0].Active)
@@ -335,9 +338,10 @@ func TestPersister(ctx context.Context, conf *config.Config, p interface {
 				assert.False(t, actual[0].Active)
 			}
 
-			otherIdentitiesSessions, err := p.ListSessionsByIdentity(ctx, sessions[2].IdentityID, nil, 1, 10, uuid.Nil, session.ExpandNothing)
+			otherIdentitiesSessions, total, err := p.ListSessionsByIdentity(ctx, sessions[2].IdentityID, nil, 1, 10, uuid.Nil, session.ExpandNothing)
 			require.NoError(t, err)
 			require.Len(t, actual, 2)
+			require.Equal(t, int64(2), total)
 
 			for _, s := range otherIdentitiesSessions {
 				assert.True(t, s.Active)
@@ -369,9 +373,10 @@ func TestPersister(ctx context.Context, conf *config.Config, p interface {
 
 			require.NoError(t, p.RevokeSession(ctx, sessions[0].IdentityID, sessions[0].ID))
 
-			actual, err := p.ListSessionsByIdentity(ctx, sessions[0].IdentityID, nil, 1, 10, uuid.Nil, session.ExpandNothing)
+			actual, total, err := p.ListSessionsByIdentity(ctx, sessions[0].IdentityID, nil, 1, 10, uuid.Nil, session.ExpandNothing)
 			require.NoError(t, err)
 			require.Len(t, actual, 2)
+			require.Equal(t, int64(2), total)
 
 			if actual[0].ID == sessions[0].ID {
 				assert.False(t, actual[0].Active)

From 84ea0cf4c72b14f246835d435d22a31f96d9e644 Mon Sep 17 00:00:00 2001
From: Alano Terblanche <18033717+Benehiko@users.noreply.github.com>
Date: Thu, 13 Oct 2022 11:19:47 +0200
Subject: [PATCH 296/411] fix: express e2e tests for new account experience
 (#2708)

---
 .gitignore                                    |  2 +
 .../profiles/email/error/ui.spec.ts           | 15 ++-
 .../profiles/email/login/error.spec.ts        | 12 ++-
 .../profiles/email/logout/success.spec.ts     | 14 ++-
 .../email/registration/errors.spec.ts         | 59 +++++++++++-
 .../email/registration/success.spec.ts        |  8 +-
 .../profiles/email/settings/ui.spec.ts        | 14 ++-
 .../profiles/import/import.spec.ts            |  2 +-
 .../integration/profiles/mfa/mix.spec.ts      |  1 +
 .../integration/profiles/mfa/totp.spec.ts     |  2 +-
 .../profiles/network/errors.spec.ts           | 16 ++--
 .../profiles/oidc/login/success.spec.ts       | 10 +-
 .../profiles/oidc/logout/success.spec.ts      | 12 ++-
 .../oidc/registration/success.spec.ts         | 16 +++-
 .../profiles/oidc/settings/error.spec.ts      |  1 +
 .../profiles/oidc/settings/success.spec.ts    |  1 +
 .../profiles/passwordless/flows.spec.ts       | 94 ++++++++++++++-----
 .../profiles/recovery/code/errors.spec.ts     |  5 +-
 .../profiles/recovery/link/errors.spec.ts     | 10 ++
 .../webhoooks/registration/success.spec.ts    |  3 +
 test/e2e/cypress/support/commands.ts          | 37 ++++++--
 test/e2e/cypress/support/index.d.ts           |  8 ++
 22 files changed, 272 insertions(+), 70 deletions(-)

diff --git a/.gitignore b/.gitignore
index 0297bbc51271..a9babd9e6fa7 100644
--- a/.gitignore
+++ b/.gitignore
@@ -17,3 +17,5 @@ schema.sql
 heap_profiler/
 goroutine_dump/
 inflight_trace_dump/
+
+.vscode
\ No newline at end of file
diff --git a/test/e2e/cypress/integration/profiles/email/error/ui.spec.ts b/test/e2e/cypress/integration/profiles/email/error/ui.spec.ts
index d2e8874d364b..8712f8f4b22a 100644
--- a/test/e2e/cypress/integration/profiles/email/error/ui.spec.ts
+++ b/test/e2e/cypress/integration/profiles/email/error/ui.spec.ts
@@ -26,10 +26,17 @@ describe("Handling self-service error flows", () => {
           failOnStatusCode: false,
         })
 
-        cy.get(`${appPrefix(app)}code`).should(
-          "contain.text",
-          "This is a stub error.",
-        )
+        if (app === "express") {
+          cy.get(`${appPrefix(app)} [data-testid="ui/error/message"]`).should(
+            "contain.text",
+            "This is a stub error.",
+          )
+        } else {
+          cy.get(`${appPrefix(app)}code`).should(
+            "contain.text",
+            "This is a stub error.",
+          )
+        }
       })
     })
   })
diff --git a/test/e2e/cypress/integration/profiles/email/login/error.spec.ts b/test/e2e/cypress/integration/profiles/email/login/error.spec.ts
index 58cd061a0a74..10ea62bd6af6 100644
--- a/test/e2e/cypress/integration/profiles/email/login/error.spec.ts
+++ b/test/e2e/cypress/integration/profiles/email/login/error.spec.ts
@@ -44,6 +44,12 @@ describe("Basic email profile with failing login flows", () => {
 
       describe("shows validation errors when invalid signup data is used", () => {
         it("should show an error when the identifier is missing", () => {
+          // the browser will prevent the form from submitting if the fields are empty since they are required
+          // here we just remove the required attribute to make the form submit
+          cy.removeAttribute(
+            ['input[name="identifier"]', 'input[name="password"]'],
+            "required",
+          )
           cy.submitPasswordForm()
           cy.get('*[data-testid="ui/message/4000002"]').should(
             "contain.text",
@@ -61,11 +67,15 @@ describe("Basic email profile with failing login flows", () => {
             .type(identity)
             .should("have.value", identity)
 
+          // the browser will prevent the form from submitting if the fields are empty since they are required
+          // here we just remove the required attribute to make the form submit
+          cy.removeAttribute(['input[name="password"]'], "required")
+
           cy.submitPasswordForm()
           cy.get('*[data-testid^="ui/message/"]')
             .invoke("text")
             .then((text) => {
-              expect(text).to.be.oneOf([
+              expect(text.trim()).to.be.oneOf([
                 "length must be >= 1, but got 0",
                 "Property password is missing.",
               ])
diff --git a/test/e2e/cypress/integration/profiles/email/logout/success.spec.ts b/test/e2e/cypress/integration/profiles/email/logout/success.spec.ts
index 946301f9941f..942105472145 100644
--- a/test/e2e/cypress/integration/profiles/email/logout/success.spec.ts
+++ b/test/e2e/cypress/integration/profiles/email/logout/success.spec.ts
@@ -39,12 +39,18 @@ context("Testing logout flows", () => {
       it("should sign out and be able to sign in again", () => {
         cy.getSession()
         cy.getCookie("ory_kratos_session").should("not.be.null")
-        cy.get(
-          `${appPrefix(app)} [data-testid="logout"]:not(.disabled)`,
-        ).click()
+        if (app === "express") {
+          cy.get(
+            `${appPrefix(app)} [data-testid="logout"] a:not(.disabled)`,
+          ).click()
+        } else {
+          cy.get(
+            `${appPrefix(app)} [data-testid="logout"]:not(.disabled)`,
+          ).click()
+        }
+        cy.getCookie("ory_kratos_session").should("be.null")
         cy.noSession()
         cy.url().should("include", "/login")
-        cy.getCookie("ory_kratos_session").should("be.null")
       })
     })
   })
diff --git a/test/e2e/cypress/integration/profiles/email/registration/errors.spec.ts b/test/e2e/cypress/integration/profiles/email/registration/errors.spec.ts
index 9c6559c5dc42..a6f7c24878f0 100644
--- a/test/e2e/cypress/integration/profiles/email/registration/errors.spec.ts
+++ b/test/e2e/cypress/integration/profiles/email/registration/errors.spec.ts
@@ -29,7 +29,7 @@ describe("Registration failures with email profile", () => {
       const password = gen.password()
 
       it("fails when CSRF cookies are missing", () => {
-        cy.get(`${appPrefix(app)}input[name="traits.website"]`).type(
+        cy.get(`${appPrefix(app)} input[name="traits.website"]`).type(
           "https://www.ory.sh",
         )
         cy.get('input[name="traits.email"]')
@@ -82,11 +82,15 @@ describe("Registration failures with email profile", () => {
           cy.get('input[name="traits.website"]').type("https://www.ory.sh")
           cy.get('input[name="traits.email"]').type(identity)
 
+          // the browser will prevent the form from being submitted if the input field is required
+          // we should remove the required attribute to simulate the data not being sent
+          cy.removeAttribute(['input[name="password"]'], "required")
+
           cy.submitPasswordForm()
           cy.get('*[data-testid^="ui/message/"]')
             .invoke("text")
             .then((text) => {
-              expect(text).to.be.oneOf([
+              expect(text.trim()).to.be.oneOf([
                 "length must be >= 1, but got 0",
                 "Property password is missing.",
               ])
@@ -97,11 +101,15 @@ describe("Registration failures with email profile", () => {
           cy.get('input[name="traits.website"]').type("https://www.ory.sh")
           cy.get('input[name="password"]').type(password)
 
+          // the browser will prevent the form from being submitted if the input field is required
+          // we should remove the required attribute to simulate the data not being sent
+          cy.removeAttribute(['input[name="traits.email"]'], "required")
+
           cy.submitPasswordForm()
           cy.get('*[data-testid^="ui/message/"]')
             .invoke("text")
             .then((text) => {
-              expect(text).to.be.oneOf([
+              expect(text.trim()).to.be.oneOf([
                 '"" is not valid "email"length must be >= 3, but got 0',
                 "Property email is missing.",
               ])
@@ -110,7 +118,15 @@ describe("Registration failures with email profile", () => {
 
         it("should show an error when the email is not an email", () => {
           cy.get('input[name="traits.website"]').type("https://www.ory.sh")
-          cy.get('input[name="password"]').type("not-an-email")
+          cy.get('input[name="password"]').type(password)
+
+          // the browser will prevent the form from being submitted if the input data doesn't conform to the input field type
+          // in this case an invalid email will prevent the form from being submitted by the browser
+          // we should remove it to ensure kratos is validating the payload
+          cy.get('input[name="traits.email"]').then(($el) =>
+            $el.removeAttr("type"),
+          )
+          cy.get('input[name="traits.email"]').type("not-an-email")
 
           cy.submitPasswordForm()
           cy.get(
@@ -119,6 +135,17 @@ describe("Registration failures with email profile", () => {
         })
 
         it("should show a missing indicator if no fields are set", () => {
+          // the browser will prevent the form from being submitted if the input field is required
+          // we should remove the required attribute to simulate the data not being sent
+          cy.removeAttribute(
+            [
+              'input[name="traits.email"]',
+              'input[name="traits.website"]',
+              'input[name="password"]',
+            ],
+            "required",
+          )
+
           cy.submitPasswordForm()
           cy.get(
             '*[data-testid="ui/message/4000001"], *[data-testid="ui/message/4000002"]',
@@ -136,6 +163,13 @@ describe("Registration failures with email profile", () => {
         })
 
         it("should show an error when the website is too short", () => {
+          // the browser will prevent the form from being submitted if the input field is required
+          // we should remove the required attribute to simulate the data not being sent
+          cy.removeAttribute(
+            ['input[name="traits.email"]', 'input[name="password"]'],
+            "required",
+          )
+
           cy.get('input[name="traits.website"]').type("http://s")
 
           cy.submitPasswordForm()
@@ -146,6 +180,12 @@ describe("Registration failures with email profile", () => {
         })
 
         it("should show an error when required params are missing", () => {
+          // the browser will prevent the form from being submitted if the input field is required
+          // we should remove it from the DOM entirely to simulate the data not being sent
+          cy.get('input[name="traits.website"]').then(($el) => $el.remove())
+          cy.get('input[name="traits.email"]').then(($el) => $el.remove())
+          cy.get('input[name="password"]').then(($el) => $el.remove())
+
           cy.submitPasswordForm()
           cy.get('*[data-testid^="ui/message"]').should(
             "contain.text",
@@ -162,6 +202,17 @@ describe("Registration failures with email profile", () => {
         })
 
         it("should show an error when the age is too high", () => {
+          // the browser will prevent the form from being submitted if the input field is required
+          // we should remove the required attribute to simulate the data not being sent
+          cy.removeAttribute(
+            [
+              'input[name="traits.email"]',
+              'input[name="traits.website"]',
+              'input[name="password"]',
+            ],
+            "required",
+          )
+
           cy.get('input[name="traits.age"]').type("600")
 
           cy.submitPasswordForm()
diff --git a/test/e2e/cypress/integration/profiles/email/registration/success.spec.ts b/test/e2e/cypress/integration/profiles/email/registration/success.spec.ts
index 3e645593c2b8..702f2a905760 100644
--- a/test/e2e/cypress/integration/profiles/email/registration/success.spec.ts
+++ b/test/e2e/cypress/integration/profiles/email/registration/success.spec.ts
@@ -40,6 +40,9 @@ context("Registration success with email profile", () => {
         cy.get('[type="checkbox"][name="traits.tos"]').click({ force: true })
 
         cy.submitPasswordForm()
+        if (app === "express") {
+          cy.get('a[href*="sessions"').click()
+        }
         cy.get("pre").should("contain.text", email)
 
         cy.getSession().should((session) => {
@@ -66,6 +69,9 @@ context("Registration success with email profile", () => {
         cy.get('input[name="traits.website"]').type(website)
 
         cy.submitPasswordForm()
+        if (app === "express") {
+          cy.get('a[href*="sessions"').click()
+        }
         cy.get("pre").should("contain.text", email)
 
         cy.getSession().should((session) => {
@@ -113,7 +119,7 @@ context("Registration success with email profile", () => {
       const password = gen.password()
       const website = "https://www.example.org/"
 
-      cy.get(appPrefix("express") + 'input[name="traits"]').should("not.exist")
+      cy.get(`${appPrefix("express")} input[name="traits"]`).should("not.exist")
       cy.get('input[name="traits.email"]').type(email)
       cy.get('input[name="traits.website').type(website)
       cy.get('input[name="password"]').type(password)
diff --git a/test/e2e/cypress/integration/profiles/email/settings/ui.spec.ts b/test/e2e/cypress/integration/profiles/email/settings/ui.spec.ts
index 3e421d9a53e8..f2987b24b7c0 100644
--- a/test/e2e/cypress/integration/profiles/email/settings/ui.spec.ts
+++ b/test/e2e/cypress/integration/profiles/email/settings/ui.spec.ts
@@ -34,7 +34,12 @@ context("Settings errors with email profile", () => {
 
       describe("use ui elements", () => {
         it("should use the json schema titles", () => {
-          cy.get(appPrefix(app) + 'a[href*="settings"]').click()
+          const settingsLink = appPrefix(app) + 'a[href*="settings"]'
+          if (app === "express") {
+            cy.get(settingsLink).should("have.attr", "target", "_blank")
+            cy.removeAttribute([settingsLink], "target")
+          }
+          cy.get(settingsLink).click()
           cy.get('input[name="traits.email"]')
             .parent()
             .should("contain.text", "Your E-Mail")
@@ -49,7 +54,12 @@ context("Settings errors with email profile", () => {
         })
 
         it("clicks the settings link", () => {
-          cy.get('a[href*="settings"]').click()
+          const settingsLink = 'a[href*="settings"]'
+          if (app === "express") {
+            cy.get(settingsLink).should("have.attr", "target", "_blank")
+            cy.removeAttribute([settingsLink], "target")
+          }
+          cy.get(settingsLink).click()
           cy.location("pathname").should("include", "settings")
         })
       })
diff --git a/test/e2e/cypress/integration/profiles/import/import.spec.ts b/test/e2e/cypress/integration/profiles/import/import.spec.ts
index ccbfabaaafff..b9e8ec93cfe6 100644
--- a/test/e2e/cypress/integration/profiles/import/import.spec.ts
+++ b/test/e2e/cypress/integration/profiles/import/import.spec.ts
@@ -108,7 +108,7 @@ context("Import Identities", () => {
     })
 
     cy.visit(express.login)
-    cy.triggerOidc({ url: express.login })
+    cy.triggerOidc("express")
 
     cy.get("#username").clear().type(email)
     cy.get("#remember").click()
diff --git a/test/e2e/cypress/integration/profiles/mfa/mix.spec.ts b/test/e2e/cypress/integration/profiles/mfa/mix.spec.ts
index 2fb63f181484..4f49f9bc719b 100644
--- a/test/e2e/cypress/integration/profiles/mfa/mix.spec.ts
+++ b/test/e2e/cypress/integration/profiles/mfa/mix.spec.ts
@@ -119,6 +119,7 @@ context("2FA with various methods", () => {
             cy.get('[name="totp_code"]').then(($e) => {
               cy.wrap($e).type(authenticator.generate(secret))
             })
+
             cy.get('[name="method"][value="totp"]').click()
             cy.location("pathname").should("not.include", "/login")
 
diff --git a/test/e2e/cypress/integration/profiles/mfa/totp.spec.ts b/test/e2e/cypress/integration/profiles/mfa/totp.spec.ts
index 075d1fd6bfcd..9f759525311f 100644
--- a/test/e2e/cypress/integration/profiles/mfa/totp.spec.ts
+++ b/test/e2e/cypress/integration/profiles/mfa/totp.spec.ts
@@ -82,7 +82,7 @@ context("2FA lookup secrets", () => {
         })
         cy.get('*[name="method"][value="totp"]').click()
         cy.location("pathname").should((loc) => {
-          expect(loc).to.oneOf(["/welcome", "/"])
+          expect(loc).to.oneOf(["/welcome", "/", "/sessions"])
         })
         cy.getSession({
           expectAal: "aal2",
diff --git a/test/e2e/cypress/integration/profiles/network/errors.spec.ts b/test/e2e/cypress/integration/profiles/network/errors.spec.ts
index 427f090d9c6e..d69615a4854c 100644
--- a/test/e2e/cypress/integration/profiles/network/errors.spec.ts
+++ b/test/e2e/cypress/integration/profiles/network/errors.spec.ts
@@ -10,7 +10,7 @@ describe("Registration failures with email profile", () => {
   it("should not be able to register if we need a localhost schema", () => {
     cy.setDefaultIdentitySchema("localhost")
     cy.visit(express.registration, { failOnStatusCode: false })
-    cy.get(".code-box").should(
+    cy.get('[data-testid="code-box"]').should(
       "contain.text",
       "ip 127.0.0.1 is in the 127.0.0.0/8",
     )
@@ -19,7 +19,7 @@ describe("Registration failures with email profile", () => {
   it("should not be able to register if we schema has a local ref", () => {
     cy.setDefaultIdentitySchema("ref")
     cy.visit(express.registration, { failOnStatusCode: false })
-    cy.get(".code-box").should(
+    cy.get('[data-testid="code-box"]').should(
       "contain.text",
       "ip 192.168.178.1 is in the 192.168.0.0/16 range",
     )
@@ -28,7 +28,7 @@ describe("Registration failures with email profile", () => {
   it("should not be able to login because pre webhook uses local url", () => {
     cy.setDefaultIdentitySchema("working")
     cy.visit(express.login, { failOnStatusCode: false })
-    cy.get(".code-box").should(
+    cy.get('[data-testid="code-box"]').should(
       "contain.text",
       "ip 192.168.178.2 is in the 192.168.0.0/16 range",
     )
@@ -37,13 +37,11 @@ describe("Registration failures with email profile", () => {
   it("should not be able to verify because post webhook uses local jsonnet", () => {
     cy.setDefaultIdentitySchema("working")
     cy.visit(express.registration, { failOnStatusCode: false })
-    cy.get('[data-testid="node/input/traits.email"] input').type(gen.email())
-    cy.get('[data-testid="node/input/traits.website"] input').type(
-      "https://google.com/",
-    )
-    cy.get('[data-testid="node/input/password"] input').type(gen.password())
+    cy.get('input[name="traits.email"]').type(gen.email())
+    cy.get('input[name="traits.website"]').type("https://google.com/")
+    cy.get('input[name="password"]').type(gen.password())
     cy.get('[type="submit"]').click()
-    cy.get(".code-box").should(
+    cy.get('[data-testid="code-box"]').should(
       "contain.text",
       "ip 192.168.178.3 is in the 192.168.0.0/16 range",
     )
diff --git a/test/e2e/cypress/integration/profiles/oidc/login/success.spec.ts b/test/e2e/cypress/integration/profiles/oidc/login/success.spec.ts
index 442185815075..1c7e11f62ec9 100644
--- a/test/e2e/cypress/integration/profiles/oidc/login/success.spec.ts
+++ b/test/e2e/cypress/integration/profiles/oidc/login/success.spec.ts
@@ -29,15 +29,16 @@ context("Social Sign In Successes", () => {
 
       it("should be able to sign up, sign out, and then sign in", () => {
         const email = gen.email()
-        cy.registerOidc({ email, website, route: registration })
+        cy.registerOidc({ app, email, website, route: registration })
         cy.logout()
         cy.noSession()
-        cy.loginOidc({ url: login })
+        cy.loginOidc({ app, url: login })
       })
 
       it("should be able to sign up with redirects", () => {
         const email = gen.email()
         cy.registerOidc({
+          app,
           email,
           website,
           route: registration + "?return_to=https://www.example.org/",
@@ -45,7 +46,10 @@ context("Social Sign In Successes", () => {
         cy.location("href").should("eq", "https://www.example.org/")
         cy.logout()
         cy.noSession()
-        cy.loginOidc({ url: login + "?return_to=https://www.example.org/" })
+        cy.loginOidc({
+          app,
+          url: login + "?return_to=https://www.example.org/",
+        })
         cy.location("href").should("eq", "https://www.example.org/")
       })
     })
diff --git a/test/e2e/cypress/integration/profiles/oidc/logout/success.spec.ts b/test/e2e/cypress/integration/profiles/oidc/logout/success.spec.ts
index ea4a07dd2091..6e425561ace2 100644
--- a/test/e2e/cypress/integration/profiles/oidc/logout/success.spec.ts
+++ b/test/e2e/cypress/integration/profiles/oidc/logout/success.spec.ts
@@ -30,11 +30,19 @@ context("Social Sign Out Successes", () => {
       beforeEach(() => {
         cy.visit(base)
         const email = gen.email()
-        cy.registerOidc({ email, website, route: registration })
+        cy.registerOidc({ app, email, website, route: registration })
       })
 
       it("should sign out and be able to sign in again", () => {
-        cy.get(`${appPrefix(app)} [data-testid="logout"]:not(disabled)`).click()
+        if (app === "express") {
+          cy.get(
+            `${appPrefix(app)} [data-testid="logout"] a:not(disabled)`,
+          ).click()
+        } else {
+          cy.get(
+            `${appPrefix(app)} [data-testid="logout"]:not(disabled)`,
+          ).click()
+        }
         cy.noSession()
         cy.url().should("include", "/login")
       })
diff --git a/test/e2e/cypress/integration/profiles/oidc/registration/success.spec.ts b/test/e2e/cypress/integration/profiles/oidc/registration/success.spec.ts
index 3536dc0b8a8f..222c34eb3e38 100644
--- a/test/e2e/cypress/integration/profiles/oidc/registration/success.spec.ts
+++ b/test/e2e/cypress/integration/profiles/oidc/registration/success.spec.ts
@@ -41,7 +41,12 @@ context("Social Sign Up Successes", () => {
       it("should be able to sign up with incomplete data and finally be signed in", () => {
         const email = gen.email()
 
-        cy.registerOidc({ email, expectSession: false, route: registration })
+        cy.registerOidc({
+          app,
+          email,
+          expectSession: false,
+          route: registration,
+        })
 
         cy.get("#registration-password").should("not.exist")
         cy.get(appPrefix(app) + '[name="traits.email"]').should(
@@ -85,7 +90,7 @@ context("Social Sign Up Successes", () => {
         cy.triggerOidc(app)
 
         cy.location("pathname").should((loc) => {
-          expect(loc).to.be.oneOf(["/welcome", "/"])
+          expect(loc).to.be.oneOf(["/welcome", "/", "/sessions"])
         })
 
         cy.getSession().should((session) => {
@@ -97,21 +102,21 @@ context("Social Sign Up Successes", () => {
       it("should be able to sign up with complete data", () => {
         const email = gen.email()
 
-        cy.registerOidc({ email, website, route: registration })
+        cy.registerOidc({ app, email, website, route: registration })
         cy.getSession().should(shouldSession(email))
       })
 
       it("should be able to convert a sign up flow to a sign in flow", () => {
         const email = gen.email()
 
-        cy.registerOidc({ email, website, route: registration })
+        cy.registerOidc({ app, email, website, route: registration })
         cy.logout()
         cy.noSession()
         cy.visit(registration)
         cy.triggerOidc(app)
 
         cy.location("pathname").should((path) => {
-          expect(path).to.oneOf(["/", "/welcome"])
+          expect(path).to.oneOf(["/", "/welcome", "/sessions"])
         })
 
         cy.getSession().should(shouldSession(email))
@@ -162,6 +167,7 @@ context("Social Sign Up Successes", () => {
       it("should be able to sign up with redirects", () => {
         const email = gen.email()
         cy.registerOidc({
+          app,
           email,
           website,
           route: registration + "?return_to=https://www.ory.sh/",
diff --git a/test/e2e/cypress/integration/profiles/oidc/settings/error.spec.ts b/test/e2e/cypress/integration/profiles/oidc/settings/error.spec.ts
index efb08096611c..6f85d846cf34 100644
--- a/test/e2e/cypress/integration/profiles/oidc/settings/error.spec.ts
+++ b/test/e2e/cypress/integration/profiles/oidc/settings/error.spec.ts
@@ -29,6 +29,7 @@ context("Social Sign In Settings Errors", () => {
         email = gen.email()
 
         cy.registerOidc({
+          app,
           email,
           expectSession: true,
           website,
diff --git a/test/e2e/cypress/integration/profiles/oidc/settings/success.spec.ts b/test/e2e/cypress/integration/profiles/oidc/settings/success.spec.ts
index 23ed564a439b..84869e32d271 100644
--- a/test/e2e/cypress/integration/profiles/oidc/settings/success.spec.ts
+++ b/test/e2e/cypress/integration/profiles/oidc/settings/success.spec.ts
@@ -52,6 +52,7 @@ context("Social Sign In Settings Success", () => {
         email = gen.email()
 
         cy.registerOidc({
+          app,
           email,
           expectSession: true,
           website,
diff --git a/test/e2e/cypress/integration/profiles/passwordless/flows.spec.ts b/test/e2e/cypress/integration/profiles/passwordless/flows.spec.ts
index ed3e25daa7e6..efc704c449ff 100644
--- a/test/e2e/cypress/integration/profiles/passwordless/flows.spec.ts
+++ b/test/e2e/cypress/integration/profiles/passwordless/flows.spec.ts
@@ -1,13 +1,20 @@
-import { appPrefix, gen } from "../../../helpers"
+import { appPrefix, gen, website } from "../../../helpers"
 import { routes as express } from "../../../helpers/express"
 import { routes as react } from "../../../helpers/react"
 
-const signup = (registration: string, email = gen.email()) => {
+const signup = (registration: string, app: string, email = gen.email()) => {
   cy.visit(registration)
 
+  const emailTrait = `${
+    app === "express" ? '[data-testid="passwordless-flow"]' : ""
+  } [name="traits.email"]`
+  const websiteTrait = `${
+    app === "express" ? '[data-testid="passwordless-flow"]' : ""
+  } [name="traits.website"]`
+
   cy.get('[name="webauthn_register_displayname"]').type("key1")
-  cy.get('[name="traits.email"]').type(email)
-  cy.get('[name="traits.website"]').type("https://www.ory.sh")
+  cy.get(emailTrait).type(email)
+  cy.get(websiteTrait).type("https://www.ory.sh")
   cy.clickWebAuthButton("register")
   cy.getSession({
     expectAal: "aal1",
@@ -68,23 +75,43 @@ context("Passwordless registration", () => {
       it("should register after validation errors", () => {
         cy.visit(registration)
 
+        // the browser will prevent the form from being submitted if the input field is required
+        // we should remove the required attribute to simulate the data not being sent
+        cy.removeAttribute(
+          ['input[name="traits.email"]', 'input[name="traits.website"]'],
+          "required",
+        )
+
+        cy.get(`input[name="traits.website"]`).then(($el) => {
+          $el.removeAttr("type")
+        })
+
+        const websiteTrait = `${
+          app === "express" ? `[data-testid="passwordless-flow"]` : ""
+        } [name="traits.website"]`
+
+        const emailTrait = `${
+          app === "express" ? `[data-testid="passwordless-flow"]` : ""
+        } [name="traits.email"]`
+
         cy.get(appPrefix(app) + '[name="webauthn_register_displayname"]').type(
           "key1",
         )
-        cy.get('[name="traits.website"]').type("b")
+        cy.get(websiteTrait).type("b")
         cy.clickWebAuthButton("register")
 
         cy.get('[data-testid="ui/message/4000002"]').should("to.exist")
         cy.get('[data-testid="ui/message/4000001"]').should("to.exist")
-        cy.get('[name="traits.website"]').should("have.value", "b")
+        cy.get(websiteTrait).should("have.value", "b")
+
         const email = gen.email()
-        cy.get('[name="traits.email"]').type(email)
+        cy.get(emailTrait).type(email)
         cy.clickWebAuthButton("register")
 
         cy.get('[data-testid="ui/message/4000001"]').should("to.exist")
-        cy.get('[name="traits.website"]').should("have.value", "b")
-        cy.get('[name="traits.email"]').should("have.value", email)
-        cy.get('[name="traits.website"]').clear().type("https://www.ory.sh")
+        cy.get(websiteTrait).should("have.value", "b")
+        cy.get(emailTrait).should("have.value", email)
+        cy.get(websiteTrait).clear().type("https://www.ory.sh")
         cy.clickWebAuthButton("register")
         cy.getSession({
           expectAal: "aal1",
@@ -97,10 +124,16 @@ context("Passwordless registration", () => {
 
       it("should be able to login with registered account", () => {
         const email = gen.email()
-        signup(registration, email)
+
+        signup(registration, app, email)
         cy.logout()
         cy.visit(login)
-        cy.get('[name="identifier"]').type(email)
+
+        const identifierTrait = `${
+          app === "express" ? `[data-testid="passwordless-flow"]` : ""
+        } [name="identifier"]`
+
+        cy.get(identifierTrait).type(email)
         cy.get('[value="webauthn"]').click()
         cy.get('[data-testid="ui/message/1010012"]').should("to.exist")
         cy.get('[name="password"]').should("to.not.exist")
@@ -116,7 +149,7 @@ context("Passwordless registration", () => {
 
       it("should not be able to unlink last security key", () => {
         const email = gen.email()
-        signup(registration, email)
+        signup(registration, app, email)
         cy.visit(settings)
         cy.get('[name="webauthn_remove"]').should("not.exist")
       })
@@ -124,7 +157,7 @@ context("Passwordless registration", () => {
       it("should be able to link password and use both methods for sign in", () => {
         const email = gen.email()
         const password = gen.password()
-        signup(registration, email)
+        signup(registration, app, email)
         cy.visit(settings)
         cy.get('[name="webauthn_remove"]').should("not.exist")
         cy.get('[name="password"]').type(password)
@@ -134,17 +167,22 @@ context("Passwordless registration", () => {
         cy.expectSettingsSaved()
         cy.logout()
         cy.visit(login)
-        cy.get('[name="identifier"]').type(email)
+
+        const identifierTrait = `${
+          app === "express" ? `[data-testid="passwordless-flow"]` : ""
+        } [name="identifier"]`
+
+        cy.get(identifierTrait).type(email)
         cy.get('[value="webauthn"]').click()
         cy.get('[data-testid="ui/message/4000015"]').should("to.exist")
-        cy.get('[name="identifier"]').should("exist")
+        cy.get(identifierTrait).should("exist")
         cy.get('[name="password"]').should("exist")
         cy.get('[value="password"]').should("exist")
       })
 
       it("should be able to refresh", () => {
         const email = gen.email()
-        signup(registration, email)
+        signup(registration, app, email)
         cy.visit(login + "?refresh=true")
         cy.get('[name="identifier"][type="hidden"]').should("exist")
         cy.get('[name="identifier"][type="input"]').should("not.exist")
@@ -162,7 +200,7 @@ context("Passwordless registration", () => {
 
       it("should not be able to use for MFA", () => {
         const email = gen.email()
-        signup(registration, email)
+        signup(registration, app, email)
         cy.visit(login + "?aal=aal2")
         cy.get('[value="webauthn"]').should("not.exist")
         cy.get('[name="webauthn_login_trigger"]').should("not.exist")
@@ -173,9 +211,16 @@ context("Passwordless registration", () => {
         const password = gen.password()
         cy.visit(registration)
 
-        cy.get('[name="traits.email"]').type(email)
+        const emailTrait = `${
+          app === "express" ? `[data-testid="registration-flow"]` : ""
+        } [name="traits.email"]`
+        const websiteTrait = `${
+          app === "express" ? `[data-testid="registration-flow"]` : ""
+        } [name="traits.website"]`
+
+        cy.get(emailTrait).type(email)
         cy.get('[name="password"]').type(password)
-        cy.get('[name="traits.website"]').type("https://www.ory.sh")
+        cy.get(websiteTrait).type("https://www.ory.sh")
         cy.get('[value="password"]').click()
         cy.location("pathname").should("not.contain", "/registration")
         cy.getSession({
@@ -207,7 +252,12 @@ context("Passwordless registration", () => {
 
         cy.logout()
         cy.visit(login)
-        cy.get('[name="identifier"]').type(email)
+
+        const identifierTrait = `${
+          app === "express" ? `[data-testid="passwordless-flow"]` : ""
+        } [name="identifier"]`
+
+        cy.get(identifierTrait).type(email)
         cy.get('[value="webauthn"]').click()
         cy.clickWebAuthButton("login")
         cy.getSession({
@@ -218,7 +268,7 @@ context("Passwordless registration", () => {
 
       it("should not be able to use for MFA even when passwordless is false", () => {
         const email = gen.email()
-        signup(registration, email)
+        signup(registration, app, email)
         cy.updateConfigFile((config) => {
           config.selfservice.methods.webauthn.config.passwordless = false
           return config
diff --git a/test/e2e/cypress/integration/profiles/recovery/code/errors.spec.ts b/test/e2e/cypress/integration/profiles/recovery/code/errors.spec.ts
index 5188f3556657..2b2c1e93aa9f 100644
--- a/test/e2e/cypress/integration/profiles/recovery/code/errors.spec.ts
+++ b/test/e2e/cypress/integration/profiles/recovery/code/errors.spec.ts
@@ -119,7 +119,7 @@ context("Account Recovery Errors", () => {
 
       it("should cause form errors", () => {
         cy.visit(recovery)
-
+        cy.removeAttribute(["input[name='email']"], "required")
         cy.get('button[value="code"]').click()
         cy.get('[data-testid="ui/message/4000002"]').should(
           "contain.text",
@@ -149,9 +149,8 @@ context("Account Recovery Errors", () => {
 
       it("should cause non-repeating form errors after submitting empty form twice. see: #2512", () => {
         cy.visit(recovery)
-        cy.get('button[value="code"]').click()
         cy.location("pathname").should("eq", "/recovery")
-
+        cy.removeAttribute(["input[name='email']"], "required")
         cy.get('button[value="code"]').click()
         cy.get('[data-testid="ui/message/4000002"]').should(
           "contain.text",
diff --git a/test/e2e/cypress/integration/profiles/recovery/link/errors.spec.ts b/test/e2e/cypress/integration/profiles/recovery/link/errors.spec.ts
index b88797fd6325..c2295d4952df 100644
--- a/test/e2e/cypress/integration/profiles/recovery/link/errors.spec.ts
+++ b/test/e2e/cypress/integration/profiles/recovery/link/errors.spec.ts
@@ -109,6 +109,10 @@ context("Account Recovery Errors", () => {
       it("should cause form errors", () => {
         cy.visit(recovery)
 
+        // we need to remove the required attribute of the element since the browser prevents us from submitting the form
+        // this is to simulate the case where the form is submitted with an empty input field.
+        cy.removeAttribute(["input[name='email']"], "required")
+
         cy.get('button[value="link"]').click()
         cy.get('[data-testid="ui/message/4000002"]').should(
           "contain.text",
@@ -119,9 +123,15 @@ context("Account Recovery Errors", () => {
 
       it("should cause non-repeating form errors after submitting empty form twice. see: #2512", () => {
         cy.visit(recovery)
+        // we need to remove the required attribute of the element since the browser prevents us from submitting the form
+        // this is to simulate the case where the form is submitted with an empty input field.
+        cy.removeAttribute(["input[name='email']"], "required")
         cy.get('button[value="link"]').click()
         cy.location("pathname").should("eq", "/recovery")
 
+        // we need to remove the required attribute of the element since the browser prevents us from submitting the form
+        // this is to simulate the case where the form is submitted with an empty input field.
+        cy.removeAttribute(["input[name='email']"], "required")
         cy.get('button[value="link"]').click()
         cy.get('[data-testid="ui/message/4000002"]').should(
           "contain.text",
diff --git a/test/e2e/cypress/integration/profiles/webhoooks/registration/success.spec.ts b/test/e2e/cypress/integration/profiles/webhoooks/registration/success.spec.ts
index 026020699ed5..c0514110e3de 100644
--- a/test/e2e/cypress/integration/profiles/webhoooks/registration/success.spec.ts
+++ b/test/e2e/cypress/integration/profiles/webhoooks/registration/success.spec.ts
@@ -29,6 +29,9 @@ context("Registration success with email profile with webhooks", () => {
         cy.get('input[name="password"]').type(password)
 
         cy.submitPasswordForm()
+        if (app === "express") {
+          cy.get("a[href*='sessions']").click()
+        }
         cy.get("pre").should("contain.text", email)
 
         cy.getSession().should((session) => {
diff --git a/test/e2e/cypress/support/commands.ts b/test/e2e/cypress/support/commands.ts
index cdbfceea7450..3ec8eb89b5db 100644
--- a/test/e2e/cypress/support/commands.ts
+++ b/test/e2e/cypress/support/commands.ts
@@ -1,4 +1,5 @@
 import {
+  appPrefix,
   APP_URL,
   assertVerifiableAddress,
   gen,
@@ -563,6 +564,7 @@ Cypress.Commands.add("addVirtualAuthenticator", () =>
 Cypress.Commands.add(
   "registerOidc",
   ({
+    app,
     email,
     website,
     scopes,
@@ -575,7 +577,7 @@ Cypress.Commands.add(
   }) => {
     cy.visit(route)
 
-    cy.triggerOidc()
+    cy.triggerOidc(app)
 
     cy.get("#username").type(email)
     if (rememberLogin) {
@@ -608,6 +610,7 @@ Cypress.Commands.add(
     } else {
       cy.get("#reject").click()
     }
+
     cy.location("pathname").should("not.include", "consent")
 
     if (expectSession) {
@@ -704,11 +707,15 @@ Cypress.Commands.add("remoteCourierRecoveryCodeTemplates", ({} = {}) => {
 
 Cypress.Commands.add(
   "loginOidc",
-  ({ expectSession = true, url = APP_URL + "/login" }) => {
+  ({ app, expectSession = true, url = APP_URL + "/login" }) => {
     cy.visit(url)
-    cy.triggerOidc("hydra")
+    cy.triggerOidc(app, "hydra")
     cy.location("href").should("not.eq", "/consent")
     if (expectSession) {
+      // for some reason react flakes here although the login succeeded and there should be a session it fails
+      if (app === "react") {
+        cy.wait(2000) // adding arbitrary wait here. not sure if there is a better way in this case
+      }
       cy.getSession()
     } else {
       cy.noSession()
@@ -893,8 +900,11 @@ Cypress.Commands.add(
   "getSession",
   ({ expectAal = "aal1", expectMethods = [] } = {}) => {
     // Do the request once to ensure we have a session (with retry)
-    cy.request("GET", `${KRATOS_PUBLIC}/sessions/whoami`)
-      .its("status")
+    cy.request({
+      method: "GET",
+      url: `${KRATOS_PUBLIC}/sessions/whoami`,
+    })
+      .its("status") // adds retry
       .should("eq", 200)
 
     // Return the session for further propagation
@@ -1176,9 +1186,9 @@ Cypress.Commands.add(
       )
     } else {
       cy.location("pathname").should("contain", "error")
-      cy.get("code").should(
+      cy.get("div").should(
         "contain.text",
-        'Requested return_to URL \\"https://not-allowed\\" is not allowed.',
+        'Requested return_to URL "https://not-allowed" is not allowed.',
       )
     }
   },
@@ -1209,7 +1219,7 @@ Cypress.Commands.add(
       })
 
       cy.location("pathname").should("include", "/error")
-      cy.get("code").should("contain.text", "csrf_token")
+      cy.get(`div`).should("contain.text", "CSRF")
     } else {
       cy.location("pathname").should((got) => {
         expect(got).to.eql(pathname)
@@ -1239,3 +1249,14 @@ Cypress.Commands.add(
     })
   },
 )
+
+Cypress.Commands.add(
+  "removeAttribute",
+  (selectors: string[], attribute: string) => {
+    selectors.forEach((selector) => {
+      cy.get(selector).then(($el) => {
+        $el.removeAttr(attribute)
+      })
+    })
+  },
+)
diff --git a/test/e2e/cypress/support/index.d.ts b/test/e2e/cypress/support/index.d.ts
index d29a5f6d00ba..4221c2dfffc1 100644
--- a/test/e2e/cypress/support/index.d.ts
+++ b/test/e2e/cypress/support/index.d.ts
@@ -8,6 +8,7 @@ export interface MailMessage {
 }
 
 export type RecoveryStrategy = "code" | "link"
+type app = "express" | "react"
 
 declare global {
   namespace Cypress {
@@ -316,6 +317,7 @@ declare global {
        * @param opts
        */
       registerOidc(opts: {
+        app: app
         email?: string
         website?: string
         scopes?: Array
@@ -333,6 +335,7 @@ declare global {
        * @param opts
        */
       loginOidc(opts: {
+        app: app
         expectSession?: boolean
         url?: string
       }): Chainable
@@ -566,6 +569,11 @@ declare global {
        * @param id
        */
       setDefaultIdentitySchema(id: string): Chainable
+
+      /**
+       * Remove the specified attribute from the given HTML elements
+       */
+      removeAttribute(selectors: string[], attribute: string): Chainable
     }
   }
 }

From 5ac7553d191885957215b5a63f3bbdc2d020f3fe Mon Sep 17 00:00:00 2001
From: Jonas Hungershausen 
Date: Thu, 13 Oct 2022 14:29:34 +0200
Subject: [PATCH 297/411] fix: missing usage to recovery_code_invalid template
 (#2798)

---
 courier/email_templates.go                    | 12 ++++++
 courier/email_templates_test.go               |  2 +
 selfservice/strategy/code/sender.go           |  2 +-
 .../profiles/recovery/code/errors.spec.ts     | 23 ++++++++---
 test/e2e/cypress/support/commands.ts          | 38 ++++++++++++++++---
 test/e2e/cypress/support/index.d.ts           |  7 ++++
 6 files changed, 72 insertions(+), 12 deletions(-)

diff --git a/courier/email_templates.go b/courier/email_templates.go
index fef44ee5ffa5..e82858636869 100644
--- a/courier/email_templates.go
+++ b/courier/email_templates.go
@@ -69,6 +69,18 @@ func NewEmailTemplateFromMessage(d template.Dependencies, msg Message) (EmailTem
 			return nil, err
 		}
 		return email.NewRecoveryValid(d, &t), nil
+	case TypeRecoveryCodeInvalid:
+		var t email.RecoveryCodeInvalidModel
+		if err := json.Unmarshal(msg.TemplateData, &t); err != nil {
+			return nil, err
+		}
+		return email.NewRecoveryCodeInvalid(d, &t), nil
+	case TypeRecoveryCodeValid:
+		var t email.RecoveryCodeValidModel
+		if err := json.Unmarshal(msg.TemplateData, &t); err != nil {
+			return nil, err
+		}
+		return email.NewRecoveryCodeValid(d, &t), nil
 	case TypeVerificationInvalid:
 		var t email.VerificationInvalidModel
 		if err := json.Unmarshal(msg.TemplateData, &t); err != nil {
diff --git a/courier/email_templates_test.go b/courier/email_templates_test.go
index e6b97885e36d..6261f0a32b85 100644
--- a/courier/email_templates_test.go
+++ b/courier/email_templates_test.go
@@ -36,6 +36,8 @@ func TestNewEmailTemplateFromMessage(t *testing.T) {
 	for tmplType, expectedTmpl := range map[courier.TemplateType]courier.EmailTemplate{
 		courier.TypeRecoveryInvalid:     email.NewRecoveryInvalid(reg, &email.RecoveryInvalidModel{To: "foo"}),
 		courier.TypeRecoveryValid:       email.NewRecoveryValid(reg, &email.RecoveryValidModel{To: "bar", RecoveryURL: "http://foo.bar"}),
+		courier.TypeRecoveryCodeValid:   email.NewRecoveryCodeValid(reg, &email.RecoveryCodeValidModel{To: "bar", RecoveryCode: "12345678"}),
+		courier.TypeRecoveryCodeInvalid: email.NewRecoveryCodeInvalid(reg, &email.RecoveryCodeInvalidModel{To: "bar"}),
 		courier.TypeVerificationInvalid: email.NewVerificationInvalid(reg, &email.VerificationInvalidModel{To: "baz"}),
 		courier.TypeVerificationValid:   email.NewVerificationValid(reg, &email.VerificationValidModel{To: "faz", VerificationURL: "http://bar.foo"}),
 		courier.TypeTestStub:            email.NewTestStub(reg, &email.TestStubModel{To: "far", Subject: "test subject", Body: "test body"}),
diff --git a/selfservice/strategy/code/sender.go b/selfservice/strategy/code/sender.go
index aa45f7b27a70..e1aa07ed9b32 100644
--- a/selfservice/strategy/code/sender.go
+++ b/selfservice/strategy/code/sender.go
@@ -60,7 +60,7 @@ func (s *RecoveryCodeSender) SendRecoveryCode(ctx context.Context, r *http.Reque
 
 	address, err := s.deps.IdentityPool().FindRecoveryAddressByValue(ctx, identity.RecoveryAddressTypeEmail, to)
 	if err != nil {
-		if err := s.send(ctx, string(via), email.NewRecoveryInvalid(s.deps, &email.RecoveryInvalidModel{To: to})); err != nil {
+		if err := s.send(ctx, string(via), email.NewRecoveryCodeInvalid(s.deps, &email.RecoveryCodeInvalidModel{To: to})); err != nil {
 			return err
 		}
 		return ErrUnknownAddress
diff --git a/test/e2e/cypress/integration/profiles/recovery/code/errors.spec.ts b/test/e2e/cypress/integration/profiles/recovery/code/errors.spec.ts
index 2b2c1e93aa9f..7eaa984fbd29 100644
--- a/test/e2e/cypress/integration/profiles/recovery/code/errors.spec.ts
+++ b/test/e2e/cypress/integration/profiles/recovery/code/errors.spec.ts
@@ -1,4 +1,4 @@
-import { extractRecoveryCode, appPrefix, gen } from "../../../../helpers"
+import { extractRecoveryCode, appPrefix, gen, email } from "../../../../helpers"
 import { routes as react } from "../../../../helpers/react"
 import { routes as express } from "../../../../helpers/express"
 
@@ -162,7 +162,7 @@ context("Account Recovery Errors", () => {
         cy.get('[name="method"][value="code"]').should("exist")
       })
 
-      it("invalid remote recovery email template", () => {
+      it("remote recovery email template (recovery_code_valid)", () => {
         cy.remoteCourierRecoveryCodeTemplates()
         const identity = gen.identityWithWebsite()
         cy.registerApi(identity)
@@ -175,9 +175,22 @@ context("Account Recovery Errors", () => {
         )
 
         cy.getMail().then((mail) => {
-          expect(mail.body).to.include(
-            "this is a remote invalid recovery template",
-          )
+          expect(mail.body).to.include("recovery_code_valid REMOTE TEMPLATE")
+        })
+      })
+
+      it("remote recovery email template (recovery_code_invalid)", () => {
+        cy.remoteCourierRecoveryCodeTemplates()
+        cy.visit(recovery)
+        cy.get(appPrefix(app) + "input[name='email']").type(email())
+        cy.get("button[value='code']").click()
+        cy.get('[data-testid="ui/message/1060003"]').should(
+          "have.text",
+          "An email containing a recovery code has been sent to the email address you provided.",
+        )
+
+        cy.getMail().then((mail) => {
+          expect(mail.body).to.include("recovery_code_invalid REMOTE TEMPLATE")
         })
       })
     })
diff --git a/test/e2e/cypress/support/commands.ts b/test/e2e/cypress/support/commands.ts
index 3ec8eb89b5db..317106396845 100644
--- a/test/e2e/cypress/support/commands.ts
+++ b/test/e2e/cypress/support/commands.ts
@@ -682,21 +682,47 @@ Cypress.Commands.add("remoteCourierRecoveryCodeTemplates", ({} = {}) => {
         invalid: {
           email: {
             body: {
-              html: "base64://SGksCgp0aGlzIGlzIGEgcmVtb3RlIGludmFsaWQgcmVjb3ZlcnkgdGVtcGxhdGU=",
+              html: "base64://cmVjb3ZlcnlfY29kZV9pbnZhbGlkIFJFTU9URSBURU1QTEFURSBIVE1M", // only
               plaintext:
-                "base64://SGksCgp0aGlzIGlzIGEgcmVtb3RlIGludmFsaWQgcmVjb3ZlcnkgdGVtcGxhdGU=",
+                "base64://cmVjb3ZlcnlfY29kZV9pbnZhbGlkIFJFTU9URSBURU1QTEFURSBUWFQ=",
             },
-            subject: "base64://QWNjb3VudCBBY2Nlc3MgQXR0ZW1wdGVk",
+            subject:
+              "base64://cmVjb3ZlcnlfY29kZV9pbnZhbGlkIFJFTU9URSBURU1QTEFURSBTVUJKRUNU",
           },
         },
         valid: {
           email: {
             body: {
-              html: "base64://SGksCgp0aGlzIGlzIGEgcmVtb3RlIGludmFsaWQgcmVjb3ZlcnkgdGVtcGxhdGUKcGxlYXNlIHJlY292ZXIgYWNjZXNzIHRvIHlvdXIgYWNjb3VudCBieSBlbnRlcmluZyB0aGUgZm9sbG93aW5nIGNvZGU6Cgp7eyAuUmVjb3ZlcnlDb2RlIH19Cg==",
+              html: "base://cmVjb3ZlcnlfY29kZV92YWxpZCBSRU1PVEUgVEVNUExBVEUgSFRNTA==",
               plaintext:
-                "base64://SGksCgp0aGlzIGlzIGEgcmVtb3RlIGludmFsaWQgcmVjb3ZlcnkgdGVtcGxhdGUKcGxlYXNlIHJlY292ZXIgYWNjZXNzIHRvIHlvdXIgYWNjb3VudCBieSBlbnRlcmluZyB0aGUgZm9sbG93aW5nIGNvZGU6Cgp7eyAuUmVjb3ZlcnlDb2RlIH19Cg==",
+                "base64://cmVjb3ZlcnlfY29kZV92YWxpZCBSRU1PVEUgVEVNUExBVEUgVFhU",
+            },
+            subject:
+              "base64://cmVjb3ZlcnlfY29kZV92YWxpZCBSRU1PVEUgVEVNUExBVEUgU1VCSkVDVA==",
+          },
+        },
+      },
+    }
+    return config
+  })
+})
+
+Cypress.Commands.add("resetCourierTemplates", (type) => {
+  updateConfigFile((config) => {
+    config.courier.templates = {
+      [type]: {
+        invalid: {
+          email: {
+            body: {},
+            subject: "",
+          },
+        },
+        valid: {
+          email: {
+            body: {
+              body: {},
+              subject: "",
             },
-            subject: "base64://UmVjb3ZlciBhY2Nlc3MgdG8geW91ciBhY2NvdW50",
           },
         },
       },
diff --git a/test/e2e/cypress/support/index.d.ts b/test/e2e/cypress/support/index.d.ts
index 4221c2dfffc1..999d45de81db 100644
--- a/test/e2e/cypress/support/index.d.ts
+++ b/test/e2e/cypress/support/index.d.ts
@@ -183,6 +183,13 @@ declare global {
        */
       remoteCourierRecoveryTemplates(): Chainable
 
+      /**
+       * Resets the remote courier templates for the given template type to their default values
+       */
+      resetCourierTemplates(
+        type: "recovery_code" | "recovery" | "verification",
+      ): Chainable
+
       /**
        * Change the courier recovery code invalid and valid templates to remote base64 strings
        */

From cdaf68db8e6dd7bacfdb5fc6ff28e5d960f75c2c Mon Sep 17 00:00:00 2001
From: Jonas Hungershausen 
Date: Thu, 13 Oct 2022 17:10:42 +0200
Subject: [PATCH 298/411] fix: not cleared field validation message (#2800)

---
 .../strategy/code/strategy_recovery.go        |  2 ++
 .../strategy/code/strategy_recovery_test.go   | 30 ++++++++++++++++++-
 2 files changed, 31 insertions(+), 1 deletion(-)

diff --git a/selfservice/strategy/code/strategy_recovery.go b/selfservice/strategy/code/strategy_recovery.go
index 9e18108874db..f856d2a75662 100644
--- a/selfservice/strategy/code/strategy_recovery.go
+++ b/selfservice/strategy/code/strategy_recovery.go
@@ -278,6 +278,8 @@ func (s *Strategy) Recover(w http.ResponseWriter, r *http.Request, f *recovery.F
 
 	sID := s.RecoveryStrategyID()
 
+	f.UI.ResetMessages()
+
 	// If the email is present in the submission body, the user needs a new code via resend
 	if f.State != recovery.StateChooseMethod && len(body.Email) == 0 {
 		if err := flow.MethodEnabledAndAllowed(ctx, sID, sID, s.deps); err != nil {
diff --git a/selfservice/strategy/code/strategy_recovery_test.go b/selfservice/strategy/code/strategy_recovery_test.go
index 1ee20a82259e..f5d4086d7ee8 100644
--- a/selfservice/strategy/code/strategy_recovery_test.go
+++ b/selfservice/strategy/code/strategy_recovery_test.go
@@ -59,6 +59,13 @@ func assertMessage(t *testing.T, body []byte, message string) {
 	assert.Equal(t, message, gjson.GetBytes(body, "ui.messages.0.text").String())
 }
 
+func assertFieldMessage(t *testing.T, body []byte, fieldName string, message string) {
+	t.Helper()
+	messages := gjson.GetBytes(body, "ui.nodes.#(attributes.name=="+fieldName+").messages")
+	assert.Len(t, messages.Array(), 1, "expected field %s to have one message, got %s", fieldName, messages)
+	assert.Equal(t, message, messages.Get("0.text").String())
+}
+
 func extractCsrfToken(body []byte) string {
 	return gjson.GetBytes(body, "ui.nodes.#(attributes.name==csrf_token).attributes.value").String()
 }
@@ -935,9 +942,30 @@ func TestRecovery(t *testing.T) {
 		// For good measure, check that the second code works!
 		body = submitRecoveryCode(t, c, body, RecoveryFlowTypeBrowser, recoveryCode2, http.StatusOK)
 		assertMessage(t, []byte(body), "You successfully recovered your account. Please change your password or set up an alternative login method (e.g. social sign in) within the next 60.00 minutes.")
-
 	})
 
+	t.Run("description=should not show outdated validation message if newer message appears #2799", func(t *testing.T) {
+		recoveryEmail := strings.ToLower(testhelpers.RandomEmail())
+		createIdentityToRecover(t, reg, recoveryEmail)
+
+		c := testhelpers.NewClientWithCookies(t)
+		body := expectSuccessfulRecovery(t, c, RecoveryFlowTypeBrowser, func(v url.Values) {
+			v.Set("email", recoveryEmail)
+		})
+
+		action := gjson.Get(body, "ui.action").String()
+		require.NotEmpty(t, action)
+		assert.Equal(t, recoveryEmail, gjson.Get(body, "ui.nodes.#(attributes.name==email).attributes.value").String())
+
+		body = submitRecoveryCode(t, c, body, RecoveryFlowTypeBrowser, "123", http.StatusOK) // Send code that validates field schema
+
+		assertFieldMessage(t, []byte(body), "code", "does not match pattern \"^\\\\d{8}$\"")
+
+		body = submitRecoveryCode(t, c, body, RecoveryFlowTypeBrowser, "12312312", http.StatusOK) // Now send a wrong code that triggers "global" validation error
+
+		assert.Empty(t, gjson.Get(body, "ui.nodes.#(attributes.name==code).messages").Array())
+		assertMessage(t, []byte(body), "The recovery code is invalid or has already been used. Please try again.")
+	})
 }
 
 func TestDisabledStrategy(t *testing.T) {

From a6f27935ce17a7ff5b3deaa4973d72a7d83454fb Mon Sep 17 00:00:00 2001
From: Ajay Kelkar 
Date: Thu, 13 Oct 2022 17:11:35 +0200
Subject: [PATCH 299/411] feat: immutable cookie session values (#2761)

Closes #2701
---
 selfservice/flow/login/handler_test.go    | 69 +++++++++++++++++++++++
 selfservice/flow/settings/handler_test.go | 26 +++++++++
 selfservice/flow/settings/hook.go         | 19 ++++++-
 session/manager_http.go                   |  3 +
 session/manager_http_test.go              |  7 +++
 5 files changed, 123 insertions(+), 1 deletion(-)

diff --git a/selfservice/flow/login/handler_test.go b/selfservice/flow/login/handler_test.go
index b212dd58245a..b6c07ed858c1 100644
--- a/selfservice/flow/login/handler_test.go
+++ b/selfservice/flow/login/handler_test.go
@@ -11,6 +11,8 @@ import (
 	"testing"
 	"time"
 
+	"github.com/ory/x/urlx"
+
 	"github.com/ory/x/sqlxx"
 
 	"github.com/ory/kratos/selfservice/flow"
@@ -233,6 +235,73 @@ func TestFlowLifecycle(t *testing.T) {
 					assert.NotEqual(t, gjson.Get(b, "session.id").String(), gjson.Get(a, "id").String())
 				})
 			})
+
+			t.Run("case=changed kratos session identifiers when refresh is true", func(t *testing.T) {
+				t.Cleanup(func() {
+					conf.MustSet(ctx, config.ViperKeySelfServiceBrowserDefaultReturnTo, "https://www.ory.sh")
+				})
+
+				t.Run("type=browser", func(t *testing.T) {
+					// Setup flow
+					f := login.Flow{Type: flow.TypeBrowser, ExpiresAt: time.Now().Add(time.Minute), IssuedAt: time.Now(), UI: container.New(""), Refresh: false, RequestedAAL: "aal1"}
+					require.NoError(t, reg.LoginFlowPersister().CreateLoginFlow(context.Background(), &f))
+
+					// Submit Login
+					hc := testhelpers.NewClientWithCookies(t)
+					res, err := hc.PostForm(ts.URL+login.RouteSubmitFlow+"?flow="+f.ID.String(), url.Values{"method": {"password"}, "password_identifier": {id1mail}, "password": {"foobar"}, "csrf_token": {x.FakeCSRFToken}})
+					require.NoError(t, err)
+
+					// Check response and session cookie presence
+					assert.Equal(t, http.StatusOK, res.StatusCode)
+					require.Len(t, hc.Jar.Cookies(urlx.ParseOrPanic(ts.URL+login.RouteGetFlow)), 1)
+					require.Contains(t, fmt.Sprintf("%v", hc.Jar.Cookies(urlx.ParseOrPanic(ts.URL))), "ory_kratos_session")
+					cookies1 := hc.Jar.Cookies(urlx.ParseOrPanic(ts.URL + login.RouteGetFlow))
+
+					req, err := http.NewRequest("GET", ts.URL+"/sessions/whoami", nil)
+					require.NoError(t, err)
+
+					res, err = hc.Do(req)
+					require.NoError(t, err)
+					assert.Equal(t, http.StatusOK, res.StatusCode)
+					firstSession := x.MustReadAll(res.Body)
+					require.NoError(t, res.Body.Close())
+
+					// Refresh
+					f = login.Flow{Type: flow.TypeBrowser, ExpiresAt: time.Now().Add(time.Minute), IssuedAt: time.Now(), UI: container.New(""), Refresh: true, RequestedAAL: "aal1"}
+					require.NoError(t, reg.LoginFlowPersister().CreateLoginFlow(context.Background(), &f))
+
+					vv := testhelpers.EncodeFormAsJSON(t, false, url.Values{"method": {"password"}, "password_identifier": {id1mail}, "password": {"foobar"}, "csrf_token": {x.FakeCSRFToken}})
+
+					req, err = http.NewRequest("POST", ts.URL+login.RouteSubmitFlow+"?flow="+f.ID.String(), strings.NewReader(vv))
+					require.NoError(t, err)
+					req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
+
+					// Submit Login
+					res, err = hc.Do(req)
+					require.NoError(t, err)
+
+					// Check response and session cookie presence
+					assert.Equal(t, http.StatusOK, res.StatusCode)
+					require.Len(t, hc.Jar.Cookies(urlx.ParseOrPanic(ts.URL+login.RouteGetFlow)), 1)
+					require.Contains(t, fmt.Sprintf("%v", hc.Jar.Cookies(urlx.ParseOrPanic(ts.URL))), "ory_kratos_session")
+					cookies2 := hc.Jar.Cookies(urlx.ParseOrPanic(ts.URL + login.RouteGetFlow))
+
+					req, err = http.NewRequest("GET", ts.URL+"/sessions/whoami", nil)
+					require.NoError(t, err)
+
+					res, err = hc.Do(req)
+					require.NoError(t, err)
+					assert.Equal(t, http.StatusOK, res.StatusCode)
+					secondSession := x.MustReadAll(res.Body)
+					require.NoError(t, res.Body.Close())
+
+					// Sessions should still be resolvable despite different kratos session identifier due to nonce
+					assert.NotEqual(t, cookies1[0].String(), cookies2[0].String())
+					assert.Equal(t, id1mail, gjson.Get(string(firstSession), "identity.traits.username").String())
+					assert.Equal(t, id1mail, gjson.Get(string(secondSession), "identity.traits.username").String())
+					assert.Equal(t, gjson.Get(string(secondSession), "id").String(), gjson.Get(string(firstSession), "id").String())
+				})
+			})
 		})
 
 		t.Run("case=ensure aal is checked for upgradeability on session", func(t *testing.T) {
diff --git a/selfservice/flow/settings/handler_test.go b/selfservice/flow/settings/handler_test.go
index b457bc651f1c..9282ba936498 100644
--- a/selfservice/flow/settings/handler_test.go
+++ b/selfservice/flow/settings/handler_test.go
@@ -402,6 +402,32 @@ func TestHandler(t *testing.T) {
 				assert.Equal(t, "You must restart the flow because the resumable session was initiated by another person.", gjson.Get(actual, "ui.messages.0.text").String(), actual)
 			})
 		})
+
+		t.Run("description=submit - kratos session cookie issued", func(t *testing.T) {
+			t.Run("type=spa", func(t *testing.T) {
+				_, body := initFlow(t, primaryUser, false)
+				var f kratos.SelfServiceSettingsFlow
+				require.NoError(t, json.Unmarshal(body, &f))
+
+				actual, res := testhelpers.SettingsMakeRequest(t, false, true, &f, primaryUser, fmt.Sprintf(`{"method":"profile", "numby": 15, "csrf_token": "%s"}`, x.FakeCSRFToken))
+				assert.Equal(t, http.StatusOK, res.StatusCode)
+				require.Len(t, primaryUser.Jar.Cookies(urlx.ParseOrPanic(publicTS.URL+login.RouteGetFlow)), 1)
+				require.Contains(t, fmt.Sprintf("%v", primaryUser.Jar.Cookies(urlx.ParseOrPanic(publicTS.URL))), "ory_kratos_session")
+				assert.Equal(t, "Your changes have been saved!", gjson.Get(actual, "ui.messages.0.text").String(), actual)
+			})
+
+			t.Run("type=browser", func(t *testing.T) {
+				_, body := initFlow(t, primaryUser, false)
+				var f kratos.SelfServiceSettingsFlow
+				require.NoError(t, json.Unmarshal(body, &f))
+
+				actual, res := testhelpers.SettingsMakeRequest(t, false, false, &f, primaryUser, `method=profile&traits.numby=15&csrf_token=`+x.FakeCSRFToken)
+				assert.Equal(t, http.StatusOK, res.StatusCode)
+				require.Len(t, primaryUser.Jar.Cookies(urlx.ParseOrPanic(publicTS.URL+login.RouteGetFlow)), 1)
+				require.Contains(t, fmt.Sprintf("%v", primaryUser.Jar.Cookies(urlx.ParseOrPanic(publicTS.URL))), "ory_kratos_session")
+				assert.Equal(t, "Your changes have been saved!", gjson.Get(actual, "ui.messages.0.text").String(), actual)
+			})
+		})
 	})
 
 	t.Run("case=relative redirect when self-service settings ui is a relative url", func(t *testing.T) {
diff --git a/selfservice/flow/settings/hook.go b/selfservice/flow/settings/hook.go
index 02c3c338892d..7ce7ee8431af 100644
--- a/selfservice/flow/settings/hook.go
+++ b/selfservice/flow/settings/hook.go
@@ -6,6 +6,8 @@ import (
 	"net/http"
 	"time"
 
+	"github.com/ory/kratos/session"
+
 	"github.com/ory/kratos/text"
 	"github.com/ory/kratos/ui/container"
 	"github.com/ory/kratos/ui/node"
@@ -48,6 +50,7 @@ type (
 	executorDependencies interface {
 		identity.ManagementProvider
 		identity.ValidationProvider
+		session.ManagementProvider
 		config.Provider
 
 		HandlerProvider
@@ -271,7 +274,21 @@ func (e *HookExecutor) PostSettingsHook(w http.ResponseWriter, r *http.Request,
 		WithField("flow_method", settingsType).
 		Debug("Completed all PostSettingsPrePersistHooks and PostSettingsPostPersistHooks.")
 
-	if ctxUpdate.Flow.Type == flow.TypeAPI || x.IsJSONRequest(r) {
+	if ctxUpdate.Flow.Type == flow.TypeAPI {
+		updatedFlow, err := e.d.SettingsFlowPersister().GetSettingsFlow(r.Context(), ctxUpdate.Flow.ID)
+		if err != nil {
+			return err
+		}
+
+		e.d.Writer().Write(w, r, updatedFlow)
+		return nil
+	}
+
+	if err := e.d.SessionManager().IssueCookie(r.Context(), w, r, ctxUpdate.Session); err != nil {
+		return errors.WithStack(err)
+	}
+
+	if x.IsJSONRequest(r) {
 		updatedFlow, err := e.d.SettingsFlowPersister().GetSettingsFlow(r.Context(), ctxUpdate.Flow.ID)
 		if err != nil {
 			return err
diff --git a/session/manager_http.go b/session/manager_http.go
index 8828e59d520a..58c7c97650b0 100644
--- a/session/manager_http.go
+++ b/session/manager_http.go
@@ -6,6 +6,8 @@ import (
 	"net/url"
 	"time"
 
+	"github.com/ory/x/randx"
+
 	"github.com/gorilla/sessions"
 
 	"github.com/ory/x/urlx"
@@ -129,6 +131,7 @@ func (s *ManagerHTTP) IssueCookie(ctx context.Context, w http.ResponseWriter, r
 
 	cookie.Values["session_token"] = session.Token
 	cookie.Values["expires_at"] = session.ExpiresAt.UTC().Format(time.RFC3339Nano)
+	cookie.Values["nonce"] = randx.MustString(8, randx.Alpha) // Guarantee new kratos session identifier
 
 	if err := cookie.Save(r, w); err != nil {
 		return errors.WithStack(err)
diff --git a/session/manager_http_test.go b/session/manager_http_test.go
index cf744c8dee30..e544e25a05b7 100644
--- a/session/manager_http_test.go
+++ b/session/manager_http_test.go
@@ -104,6 +104,13 @@ func TestManagerHTTP(t *testing.T) {
 			return rec.Result().Cookies()[0]
 		}
 
+		t.Run("case=immutability", func(t *testing.T) {
+			cookie1 := getCookie(t, x.NewTestHTTPRequest(t, "GET", "https://baseurl.com/bar", nil))
+			cookie2 := getCookie(t, x.NewTestHTTPRequest(t, "GET", "https://baseurl.com/bar", nil))
+
+			assert.NotEqual(t, cookie1.Value, cookie2.Value)
+		})
+
 		t.Run("case=with default options", func(t *testing.T) {
 			actual := getCookie(t, httptest.NewRequest("GET", "https://baseurl.com/bar", nil))
 			assert.EqualValues(t, "", actual.Domain, "Domain is empty because unset as a config option")

From 4682afaca3655dc809582b775a5a1c56205a4b4a Mon Sep 17 00:00:00 2001
From: Ajay Kelkar 
Date: Sat, 15 Oct 2022 00:18:55 +0200
Subject: [PATCH 300/411] fix: x-forwarded-for header parsing (#2807)

---
 session/session.go      |  4 ++--
 session/session_test.go | 48 +++++++++++++++++++++++++++++++++++++----
 2 files changed, 46 insertions(+), 6 deletions(-)

diff --git a/session/session.go b/session/session.go
index 2dd60a21105c..25c2c122ff0f 100644
--- a/session/session.go
+++ b/session/session.go
@@ -242,8 +242,8 @@ func (s *Session) SaveSessionDeviceInformation(r *http.Request) {
 		device.IPAddress = &trueClientIP
 	} else if realClientIP := r.Header.Get("X-Real-IP"); realClientIP != "" {
 		device.IPAddress = &realClientIP
-	} else if forwardedIP := r.Header["X-Forwarded-For"]; len(forwardedIP) != 0 {
-		ip, _ := httpx.GetClientIPAddress(forwardedIP, httpx.InternalIPSet)
+	} else if forwardedIP := r.Header.Get("X-Forwarded-For"); forwardedIP != "" {
+		ip, _ := httpx.GetClientIPAddress(strings.Split(forwardedIP, ","), httpx.InternalIPSet)
 		device.IPAddress = &ip
 	} else {
 		device.IPAddress = &r.RemoteAddr
diff --git a/session/session_test.go b/session/session_test.go
index 293f53a13834..0d6cd7152c89 100644
--- a/session/session_test.go
+++ b/session/session_test.go
@@ -73,8 +73,46 @@ func TestSession(t *testing.T) {
 	})
 
 	t.Run("case=client information reverse proxy forward", func(t *testing.T) {
+		for _, tc := range []struct {
+			input    string
+			expected string
+		}{
+			{
+				input:    "10.10.8.1, 172.19.2.7",
+				expected: "",
+			},
+			{
+				input:    "217.73.188.139,162.158.203.149, 172.19.2.7",
+				expected: "162.158.203.149",
+			},
+			{
+				input:    "122.122.122.122 , 123.123.123.123",
+				expected: "123.123.123.123",
+			},
+		} {
+			t.Run("case=parse "+tc.input, func(t *testing.T) {
+				req := x.NewTestHTTPRequest(t, "GET", "/sessions/whoami", nil)
+				req.Header["User-Agent"] = []string{"Mozilla/5.0 (X11; Linux x86_64)", "AppleWebKit/537.36 (KHTML, like Gecko)", "Chrome/51.0.2704.103 Safari/537.36"}
+				req.Header.Set("X-Forwarded-For", tc.input)
+
+				s := session.NewInactiveSession()
+				require.NoError(t, s.Activate(req, &identity.Identity{State: identity.StateActive}, conf, authAt))
+				assert.True(t, s.Active)
+				assert.Equal(t, identity.NoAuthenticatorAssuranceLevel, s.AuthenticatorAssuranceLevel)
+				assert.Equal(t, authAt, s.AuthenticatedAt)
+				assert.Equal(t, 1, len(s.Devices))
+				assert.Equal(t, s.ID.String(), s.Devices[0].SessionID.String())
+				assert.Equal(t, tc.expected, *s.Devices[0].IPAddress)
+				assert.Equal(t, "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36", *s.Devices[0].UserAgent)
+				assert.Equal(t, "", *s.Devices[0].Location)
+			})
+		}
+	})
+
+	t.Run("case=client information reverse proxy real IP set", func(t *testing.T) {
 		req := x.NewTestHTTPRequest(t, "GET", "/sessions/whoami", nil)
 		req.Header["User-Agent"] = []string{"Mozilla/5.0 (X11; Linux x86_64)", "AppleWebKit/537.36 (KHTML, like Gecko)", "Chrome/51.0.2704.103 Safari/537.36"}
+		req.Header.Set("X-Real-IP", "54.155.246.155")
 		req.Header["X-Forwarded-For"] = []string{"54.155.246.232", "10.145.1.10"}
 
 		s := session.NewInactiveSession()
@@ -84,16 +122,18 @@ func TestSession(t *testing.T) {
 		assert.Equal(t, authAt, s.AuthenticatedAt)
 		assert.Equal(t, 1, len(s.Devices))
 		assert.Equal(t, s.ID.String(), s.Devices[0].SessionID.String())
-		assert.Equal(t, "54.155.246.232", *s.Devices[0].IPAddress)
+		assert.NotNil(t, s.Devices[0].UpdatedAt)
+		assert.NotNil(t, s.Devices[0].CreatedAt)
+		assert.Equal(t, "54.155.246.155", *s.Devices[0].IPAddress)
 		assert.Equal(t, "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36", *s.Devices[0].UserAgent)
 		assert.Equal(t, "", *s.Devices[0].Location)
 	})
 
-	t.Run("case=client information reverse proxy real IP set", func(t *testing.T) {
+	t.Run("case=client information CF true client IP set", func(t *testing.T) {
 		req := x.NewTestHTTPRequest(t, "GET", "/sessions/whoami", nil)
 		req.Header["User-Agent"] = []string{"Mozilla/5.0 (X11; Linux x86_64)", "AppleWebKit/537.36 (KHTML, like Gecko)", "Chrome/51.0.2704.103 Safari/537.36"}
-		req.Header.Set("X-Real-IP", "54.155.246.155")
-		req.Header["X-Forwarded-For"] = []string{"54.155.246.232", "10.145.1.10"}
+		req.Header.Set("True-Client-IP", "54.155.246.155")
+		req.Header.Set("X-Forwarded-For", "217.73.188.139,162.158.203.149, 172.19.2.7")
 
 		s := session.NewInactiveSession()
 		require.NoError(t, s.Activate(req, &identity.Identity{State: identity.StateActive}, conf, authAt))

From 71e2449d7038594e107f39934e4716f845be7bb7 Mon Sep 17 00:00:00 2001
From: hackerman <3372410+aeneasr@users.noreply.github.com>
Date: Tue, 18 Oct 2022 08:12:24 +0200
Subject: [PATCH 301/411] feat: add cache headers (#2817)

---
 session/handler.go      |  7 +++++++
 session/handler_test.go |  2 ++
 session/manager.go      | 10 ++++++++++
 session/manager_http.go |  2 +-
 4 files changed, 20 insertions(+), 1 deletion(-)

diff --git a/session/handler.go b/session/handler.go
index 59ef915fff25..38cf6805c84d 100644
--- a/session/handler.go
+++ b/session/handler.go
@@ -1,6 +1,7 @@
 package session
 
 import (
+	"fmt"
 	"net/http"
 	"strconv"
 
@@ -178,6 +179,11 @@ type toSession struct {
 func (h *Handler) whoami(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
 	s, err := h.r.SessionManager().FetchFromRequest(r.Context(), r)
 	if err != nil {
+		// We cache errors where no session was found.
+		if noSess := new(ErrNoActiveSessionFound); errors.As(err, &noSess) && noSess.credentialsMissing {
+			w.Header().Set("X-Ory-Cache-Until", "180")
+		}
+
 		h.r.Audit().WithRequest(r).WithError(err).Info("No valid session cookie found.")
 		h.r.Writer().WriteError(w, r, herodot.ErrUnauthorized.WithWrap(err).WithReasonf("No valid session cookie found."))
 		return
@@ -200,6 +206,7 @@ func (h *Handler) whoami(w http.ResponseWriter, r *http.Request, ps httprouter.P
 
 	// Set userId as the X-Kratos-Authenticated-Identity-Id header.
 	w.Header().Set("X-Kratos-Authenticated-Identity-Id", s.Identity.ID.String())
+	w.Header().Set("X-Ory-Cache-Until", fmt.Sprintf("%d", s.ExpiresAt.Unix()))
 
 	if err := h.r.SessionManager().RefreshCookie(r.Context(), w, r, s); err != nil {
 		h.r.Audit().WithRequest(r).WithError(err).Info("Could not re-issue cookie.")
diff --git a/session/handler_test.go b/session/handler_test.go
index d4afe9ac7800..8ee2231e52a3 100644
--- a/session/handler_test.go
+++ b/session/handler_test.go
@@ -150,6 +150,7 @@ func TestSessionWhoAmI(t *testing.T) {
 		res, err := client.Get(ts.URL + RouteWhoami)
 		require.NoError(t, err)
 		assertNoCSRFCookieInResponse(t, ts, client, res) // Test that no CSRF cookie is ever set here.
+		assert.NotEmpty(t, res.Header.Get("X-Ory-Session-Expires-At"))
 
 		// Set cookie
 		reg.CSRFHandler().IgnorePath("/set")
@@ -174,6 +175,7 @@ func TestSessionWhoAmI(t *testing.T) {
 
 				assert.EqualValues(t, http.StatusOK, res.StatusCode)
 				assert.NotEmpty(t, res.Header.Get("X-Kratos-Authenticated-Identity-Id"))
+				assert.NotEmpty(t, res.Header.Get("X-Ory-Session-Expires-At"))
 
 				assert.Empty(t, gjson.GetBytes(body, "identity.credentials"))
 				assert.Equal(t, "mp", gjson.GetBytes(body, "identity.metadata_public.public").String(), "%s", body)
diff --git a/session/manager.go b/session/manager.go
index 2e5821c06e31..9efe12b2ffba 100644
--- a/session/manager.go
+++ b/session/manager.go
@@ -15,6 +15,9 @@ import (
 // ErrNoActiveSessionFound is returned when no active cookie session could be found in the request.
 type ErrNoActiveSessionFound struct {
 	*herodot.DefaultError `json:"error"`
+
+	// True when the request had no credentials in it.
+	credentialsMissing bool
 }
 
 // NewErrNoActiveSessionFound creates a new ErrNoActiveSessionFound
@@ -24,6 +27,13 @@ func NewErrNoActiveSessionFound() *ErrNoActiveSessionFound {
 	}
 }
 
+// NewErrNoCredentialsForSession creates a new NewErrNoCredentialsForSession
+func NewErrNoCredentialsForSession() *ErrNoActiveSessionFound {
+	e := NewErrNoActiveSessionFound()
+	e.credentialsMissing = true
+	return e
+}
+
 func (e *ErrNoActiveSessionFound) EnhanceJSONError() interface{} {
 	return e
 }
diff --git a/session/manager_http.go b/session/manager_http.go
index 58c7c97650b0..b93881b10f8e 100644
--- a/session/manager_http.go
+++ b/session/manager_http.go
@@ -185,7 +185,7 @@ func (s *ManagerHTTP) extractToken(r *http.Request) string {
 func (s *ManagerHTTP) FetchFromRequest(ctx context.Context, r *http.Request) (*Session, error) {
 	token := s.extractToken(r)
 	if token == "" {
-		return nil, errors.WithStack(NewErrNoActiveSessionFound())
+		return nil, errors.WithStack(NewErrNoCredentialsForSession())
 	}
 
 	se, err := s.r.SessionPersister().GetSessionByToken(ctx, token, ExpandEverything)

From 6e8579b835d54d5ebb5371297ea60f24e915882d Mon Sep 17 00:00:00 2001
From: aeneasr <3372410+aeneasr@users.noreply.github.com>
Date: Tue, 18 Oct 2022 08:41:42 +0200
Subject: [PATCH 302/411] feat: improve cache handling

---
 session/handler.go      | 5 +++--
 session/handler_test.go | 4 ++--
 2 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/session/handler.go b/session/handler.go
index 38cf6805c84d..32d54b59dcc5 100644
--- a/session/handler.go
+++ b/session/handler.go
@@ -4,6 +4,7 @@ import (
 	"fmt"
 	"net/http"
 	"strconv"
+	"time"
 
 	"github.com/ory/x/pointerx"
 
@@ -181,7 +182,7 @@ func (h *Handler) whoami(w http.ResponseWriter, r *http.Request, ps httprouter.P
 	if err != nil {
 		// We cache errors where no session was found.
 		if noSess := new(ErrNoActiveSessionFound); errors.As(err, &noSess) && noSess.credentialsMissing {
-			w.Header().Set("X-Ory-Cache-Until", "180")
+			w.Header().Set("Ory-Session-Cache-For", fmt.Sprintf("%d", int64(time.Minute.Seconds())))
 		}
 
 		h.r.Audit().WithRequest(r).WithError(err).Info("No valid session cookie found.")
@@ -206,7 +207,7 @@ func (h *Handler) whoami(w http.ResponseWriter, r *http.Request, ps httprouter.P
 
 	// Set userId as the X-Kratos-Authenticated-Identity-Id header.
 	w.Header().Set("X-Kratos-Authenticated-Identity-Id", s.Identity.ID.String())
-	w.Header().Set("X-Ory-Cache-Until", fmt.Sprintf("%d", s.ExpiresAt.Unix()))
+	w.Header().Set("Ory-Session-Cache-For", fmt.Sprintf("%d", int64(s.ExpiresAt.Sub(time.Now()).Seconds())))
 
 	if err := h.r.SessionManager().RefreshCookie(r.Context(), w, r, s); err != nil {
 		h.r.Audit().WithRequest(r).WithError(err).Info("Could not re-issue cookie.")
diff --git a/session/handler_test.go b/session/handler_test.go
index 8ee2231e52a3..672db13a3237 100644
--- a/session/handler_test.go
+++ b/session/handler_test.go
@@ -150,7 +150,7 @@ func TestSessionWhoAmI(t *testing.T) {
 		res, err := client.Get(ts.URL + RouteWhoami)
 		require.NoError(t, err)
 		assertNoCSRFCookieInResponse(t, ts, client, res) // Test that no CSRF cookie is ever set here.
-		assert.NotEmpty(t, res.Header.Get("X-Ory-Session-Expires-At"))
+		assert.NotEmpty(t, res.Header.Get("Ory-Session-Cache-For"))
 
 		// Set cookie
 		reg.CSRFHandler().IgnorePath("/set")
@@ -175,7 +175,7 @@ func TestSessionWhoAmI(t *testing.T) {
 
 				assert.EqualValues(t, http.StatusOK, res.StatusCode)
 				assert.NotEmpty(t, res.Header.Get("X-Kratos-Authenticated-Identity-Id"))
-				assert.NotEmpty(t, res.Header.Get("X-Ory-Session-Expires-At"))
+				assert.NotEmpty(t, res.Header.Get("Ory-Session-Cache-For"))
 
 				assert.Empty(t, gjson.GetBytes(body, "identity.credentials"))
 				assert.Equal(t, "mp", gjson.GetBytes(body, "identity.metadata_public.public").String(), "%s", body)

From 3e09e58a695cf5d9d57b9f773e0f50b1fd794915 Mon Sep 17 00:00:00 2001
From: Klaus Herrmann <106238709+kmherrmann@users.noreply.github.com>
Date: Wed, 19 Oct 2022 13:23:52 +0200
Subject: [PATCH 303/411] feat: update for the Ory Network (#2814)

---
 .github/ISSUE_TEMPLATE/BUG-REPORT.yml      |  8 ++--
 .github/ISSUE_TEMPLATE/DESIGN-DOC.yml      |  2 +-
 .github/ISSUE_TEMPLATE/FEATURE-REQUEST.yml |  2 +-
 README.md                                  | 44 ++++++++++++++++------
 4 files changed, 39 insertions(+), 17 deletions(-)

diff --git a/.github/ISSUE_TEMPLATE/BUG-REPORT.yml b/.github/ISSUE_TEMPLATE/BUG-REPORT.yml
index 7536eaa976be..f037a9990b90 100644
--- a/.github/ISSUE_TEMPLATE/BUG-REPORT.yml
+++ b/.github/ISSUE_TEMPLATE/BUG-REPORT.yml
@@ -22,7 +22,7 @@ body:
             Guidelines](https://github.com/ory/kratos/blob/master/CONTRIBUTING.md)."
           required: true
         - label:
-            "This issue affects my [Ory Cloud](https://www.ory.sh/) project."
+            "This issue affects my [Ory Network](https://www.ory.sh/) project."
         - label:
             "I have joined the [Ory Community Slack](https://slack.ory.sh)."
         - label:
@@ -86,7 +86,7 @@ body:
   - attributes:
       label: "On which operating system are you observing this issue?"
       options:
-        - Ory Cloud
+        - Ory Network
         - macOS
         - Linux
         - Windows
@@ -95,9 +95,9 @@ body:
     id: operating-system
     type: dropdown
   - attributes:
-      label: "In which environment are you deploying?"
+      label: "In which environment are you running/deploying?"
       options:
-        - Ory Cloud
+        - Ory Network
         - Docker
         - "Docker Compose"
         - "Kubernetes with Helm"
diff --git a/.github/ISSUE_TEMPLATE/DESIGN-DOC.yml b/.github/ISSUE_TEMPLATE/DESIGN-DOC.yml
index 6be238ca0ebd..b716dd23d1df 100644
--- a/.github/ISSUE_TEMPLATE/DESIGN-DOC.yml
+++ b/.github/ISSUE_TEMPLATE/DESIGN-DOC.yml
@@ -33,7 +33,7 @@ body:
             Guidelines](https://github.com/ory/kratos/blob/master/CONTRIBUTING.md)."
           required: true
         - label:
-            "This issue affects my [Ory Cloud](https://www.ory.sh/) project."
+            "This issue affects my [Ory Network](https://www.ory.sh/) project."
         - label:
             "I have joined the [Ory Community Slack](https://slack.ory.sh)."
         - label:
diff --git a/.github/ISSUE_TEMPLATE/FEATURE-REQUEST.yml b/.github/ISSUE_TEMPLATE/FEATURE-REQUEST.yml
index af71f0896133..77ca05bacf60 100644
--- a/.github/ISSUE_TEMPLATE/FEATURE-REQUEST.yml
+++ b/.github/ISSUE_TEMPLATE/FEATURE-REQUEST.yml
@@ -26,7 +26,7 @@ body:
             Guidelines](https://github.com/ory/kratos/blob/master/CONTRIBUTING.md)."
           required: true
         - label:
-            "This issue affects my [Ory Cloud](https://www.ory.sh/) project."
+            "This issue affects my [Ory Network](https://www.ory.sh/) project."
         - label:
             "I have joined the [Ory Community Slack](https://slack.ory.sh)."
         - label:
diff --git a/README.md b/README.md
index 193aef38a58b..481b619b415b 100644
--- a/README.md
+++ b/README.md
@@ -22,18 +22,41 @@
     
 
 
-Ory Kratos is the first cloud native Identity and User Management System in the
-world. Finally, it is no longer necessary to implement a User Login process for
-the umpteenth time!
+Ory Kratos is _the_ developer-friendly, security-hardened and battle-test Identity, User Management and Authentication system for the Cloud. Finally, it is no longer necessary to implement User Login for the umpteenth time!
 
-## Ory Kratos in Ory Cloud
+## Ory Kratos on the Ory Network
 
-The easiest way to get started with Ory Software is in Ory Cloud! Ory Cloud is
-[**free forever for developers**](https://console.ory.sh/registration?utm_source=github&utm_medium=banner&utm_campaign=kratos-readme),
-no credit card required.
+The [Ory Network](https://www.ory.sh/cloud) is the fastest, most secure and worry-free way to use Ory's Services. **Ory Identities** is powered by the Ory Kratos open source identity server, and it's fully API-compatible.
 
+The Ory Network provides the infrastructure for modern end-to-end security:
+
+- **Identity & credential management scaling to billions of users and devices**
+- **Registration, Login and Account management flows for passkey, biometric,
+  social, SSO and multi-factor authentication**
+- **Pre-built login, registration and account management pages and components**
+- OAuth2 and OpenID provider for single sign on, API access and
+  machine-to-machine authorization
+- Low-latency permission checks based on Google's Zanzibar model and with
+  built-in support for the Ory Permission Language
+
+It's fully managed, highly available, developer & compliance-friendly!
+
+- GDPR-friendly secure storage with data locality
+- Cloud-native APIs, compatible with Ory's Open Source servers
+- Comprehensive admin tools with the web-based Ory Console and the Ory Command
+  Line Interface (CLI)
+- Extensive documentation, straightforward examples and easy-to-follow guides
+- Fair, usage-based [pricing](https://www.ory.sh/pricing)
+
+Sign up for a
+[**free developer account**](https://console.ory.sh/registration?utm_source=github&utm_medium=banner&utm_campaign=kratos-readme)
+today!
+
+
+### Quickstart
+  
 Install the [Ory CLI](https://www.ory.sh/docs/guides/cli/installation) and
-create a new project to get started with Ory Kratos right away:
+create a new project to get started with Ory Identities right away:
 
 ```
 # If you don't have Ory CLI installed yet:
@@ -47,15 +70,14 @@ ory auth
 ory create project
 ```
 
-Ory Cloud ships administrative user interfaces, hosted pages (e.g. for login or
-registration), support for custom domains, collaborative features for your
-colleagues, integration services, and much more!
 
 
 
 
 **Table of Contents**
 
+- [Ory Kratos on the Ory Network](#ory-kratos-on-the-ory-network)
+  - [Quickstart](#quickstart)
 - [What is Ory Kratos?](#what-is-ory-kratos)
   - [Who is using it?](#who-is-using-it)
 - [Getting Started](#getting-started)

From 53bf4d08650addc0f70c656feaef1b3d76a26685 Mon Sep 17 00:00:00 2001
From: aeneasr <3372410+aeneasr@users.noreply.github.com>
Date: Wed, 19 Oct 2022 11:31:13 +0000
Subject: [PATCH 304/411] chore: update repository templates to
 https://github.com/ory/meta/commit/6ab5ce6da0cc57d4492e932602bbfd4a76547795

---
 .github/ISSUE_TEMPLATE/BUG-REPORT.yml |  2 +-
 README.md                             | 17 +++++++++++------
 2 files changed, 12 insertions(+), 7 deletions(-)

diff --git a/.github/ISSUE_TEMPLATE/BUG-REPORT.yml b/.github/ISSUE_TEMPLATE/BUG-REPORT.yml
index f037a9990b90..e83bd3b6da9d 100644
--- a/.github/ISSUE_TEMPLATE/BUG-REPORT.yml
+++ b/.github/ISSUE_TEMPLATE/BUG-REPORT.yml
@@ -95,7 +95,7 @@ body:
     id: operating-system
     type: dropdown
   - attributes:
-      label: "In which environment are you running/deploying?"
+      label: "In which environment are you deploying?"
       options:
         - Ory Network
         - Docker
diff --git a/README.md b/README.md
index 481b619b415b..3911dd3282b3 100644
--- a/README.md
+++ b/README.md
@@ -22,11 +22,15 @@
     
 
 
-Ory Kratos is _the_ developer-friendly, security-hardened and battle-test Identity, User Management and Authentication system for the Cloud. Finally, it is no longer necessary to implement User Login for the umpteenth time!
+Ory Kratos is _the_ developer-friendly, security-hardened and battle-test
+Identity, User Management and Authentication system for the Cloud. Finally, it
+is no longer necessary to implement User Login for the umpteenth time!
 
 ## Ory Kratos on the Ory Network
 
-The [Ory Network](https://www.ory.sh/cloud) is the fastest, most secure and worry-free way to use Ory's Services. **Ory Identities** is powered by the Ory Kratos open source identity server, and it's fully API-compatible.
+The [Ory Network](https://www.ory.sh/cloud) is the fastest, most secure and
+worry-free way to use Ory's Services. **Ory Identities** is powered by the Ory
+Kratos open source identity server, and it's fully API-compatible.
 
 The Ory Network provides the infrastructure for modern end-to-end security:
 
@@ -52,9 +56,8 @@ Sign up for a
 [**free developer account**](https://console.ory.sh/registration?utm_source=github&utm_medium=banner&utm_campaign=kratos-readme)
 today!
 
-
 ### Quickstart
-  
+
 Install the [Ory CLI](https://www.ory.sh/docs/guides/cli/installation) and
 create a new project to get started with Ory Identities right away:
 
@@ -70,7 +73,6 @@ ory auth
 ory create project
 ```
 
-
 
 
 
@@ -728,7 +730,10 @@ You can also run this command from a sub folder.
 
 We use [Cypress](https://www.cypress.io) to run our e2e tests.
 
-⚠️ To run Cypress on ARM based Mac's, at the moment it is [necessary to install Rosetta 2](https://www.cypress.io/blog/2021/01/20/running-cypress-on-the-apple-m1-silicon-arm-architecture-using-rosetta-2/). To install, use the command - `softwareupdate --install-rosetta --agree-to-license`
+⚠️ To run Cypress on ARM based Mac's, at the moment it is
+[necessary to install Rosetta 2](https://www.cypress.io/blog/2021/01/20/running-cypress-on-the-apple-m1-silicon-arm-architecture-using-rosetta-2/).
+To install, use the command -
+`softwareupdate --install-rosetta --agree-to-license`
 
 The simplest way to develop e2e tests is:
 

From 44f775f45d47eff63379d77a2339b824a6ede235 Mon Sep 17 00:00:00 2001
From: Jonas Hungershausen 
Date: Wed, 19 Oct 2022 14:23:25 +0200
Subject: [PATCH 305/411] fix: correct name of span on recovery code deletion
 (#2823)

---
 persistence/sql/persister_recovery.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/persistence/sql/persister_recovery.go b/persistence/sql/persister_recovery.go
index 6f3b93e9addd..164a1f507c1d 100644
--- a/persistence/sql/persister_recovery.go
+++ b/persistence/sql/persister_recovery.go
@@ -268,7 +268,7 @@ func (p *Persister) UseRecoveryCode(ctx context.Context, fID uuid.UUID, codeVal
 }
 
 func (p *Persister) DeleteRecoveryCodesOfFlow(ctx context.Context, fID uuid.UUID) error {
-	ctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, "persistence.sql.DeleteRecoveryToken")
+	ctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, "persistence.sql.DeleteRecoveryCodesOfFlow")
 	defer span.End()
 
 	/* #nosec G201 TableName is static */

From db9a95b6d28f7db3416c9d1530be4fd63a17ac6b Mon Sep 17 00:00:00 2001
From: Brahm Lower 
Date: Wed, 19 Oct 2022 17:04:11 -0700
Subject: [PATCH 306/411] docs: cleanup v0alpha2 endpoint summaries

---
 internal/httpclient/README.md                 |  14 +--
 internal/httpclient/api/openapi.yaml          |  43 +++++---
 internal/httpclient/api_v0alpha2.go           | 104 ++++++++++++------
 internal/httpclient/docs/V0alpha2Api.md       |  28 ++---
 .../strategy/code/strategy_recovery.go        |   2 +-
 session/handler.go                            |  12 ++
 spec/api.json                                 |  26 ++---
 spec/swagger.json                             |  26 ++---
 8 files changed, 155 insertions(+), 100 deletions(-)

diff --git a/internal/httpclient/README.md b/internal/httpclient/README.md
index 89d3b9e90498..d1c42716e9dd 100644
--- a/internal/httpclient/README.md
+++ b/internal/httpclient/README.md
@@ -87,15 +87,15 @@ Class | Method | HTTP request | Description
 *MetadataApi* | [**IsAlive**](docs/MetadataApi.md#isalive) | **Get** /health/alive | Check HTTP Server Status
 *MetadataApi* | [**IsReady**](docs/MetadataApi.md#isready) | **Get** /health/ready | Check HTTP Server and Database Status
 *V0alpha2Api* | [**AdminCreateIdentity**](docs/V0alpha2Api.md#admincreateidentity) | **Post** /admin/identities | Create an Identity
-*V0alpha2Api* | [**AdminCreateSelfServiceRecoveryCode**](docs/V0alpha2Api.md#admincreateselfservicerecoverycode) | **Post** /admin/recovery/code | Create a Recovery Link
+*V0alpha2Api* | [**AdminCreateSelfServiceRecoveryCode**](docs/V0alpha2Api.md#admincreateselfservicerecoverycode) | **Post** /admin/recovery/code | Create a Recovery Code
 *V0alpha2Api* | [**AdminCreateSelfServiceRecoveryLink**](docs/V0alpha2Api.md#admincreateselfservicerecoverylink) | **Post** /admin/recovery/link | Create a Recovery Link
 *V0alpha2Api* | [**AdminDeleteIdentity**](docs/V0alpha2Api.md#admindeleteidentity) | **Delete** /admin/identities/{id} | Delete an Identity
-*V0alpha2Api* | [**AdminDeleteIdentitySessions**](docs/V0alpha2Api.md#admindeleteidentitysessions) | **Delete** /admin/identities/{id}/sessions | Calling this endpoint irrecoverably and permanently deletes and invalidates all sessions that belong to the given Identity.
-*V0alpha2Api* | [**AdminExtendSession**](docs/V0alpha2Api.md#adminextendsession) | **Patch** /admin/sessions/{id}/extend | Calling this endpoint extends the given session ID. If `session.earliest_possible_extend` is set it will only extend the session after the specified time has passed.
+*V0alpha2Api* | [**AdminDeleteIdentitySessions**](docs/V0alpha2Api.md#admindeleteidentitysessions) | **Delete** /admin/identities/{id}/sessions | Delete & Invalidate an Identity's Sessions
+*V0alpha2Api* | [**AdminExtendSession**](docs/V0alpha2Api.md#adminextendsession) | **Patch** /admin/sessions/{id}/extend | Extend a Session
 *V0alpha2Api* | [**AdminGetIdentity**](docs/V0alpha2Api.md#admingetidentity) | **Get** /admin/identities/{id} | Get an Identity
 *V0alpha2Api* | [**AdminListCourierMessages**](docs/V0alpha2Api.md#adminlistcouriermessages) | **Get** /admin/courier/messages | List Messages
 *V0alpha2Api* | [**AdminListIdentities**](docs/V0alpha2Api.md#adminlistidentities) | **Get** /admin/identities | List Identities
-*V0alpha2Api* | [**AdminListIdentitySessions**](docs/V0alpha2Api.md#adminlistidentitysessions) | **Get** /admin/identities/{id}/sessions | This endpoint returns all sessions that belong to the given Identity.
+*V0alpha2Api* | [**AdminListIdentitySessions**](docs/V0alpha2Api.md#adminlistidentitysessions) | **Get** /admin/identities/{id}/sessions | List an Identity's Sessions
 *V0alpha2Api* | [**AdminPatchIdentity**](docs/V0alpha2Api.md#adminpatchidentity) | **Patch** /admin/identities/{id} | Patch an Identity
 *V0alpha2Api* | [**AdminUpdateIdentity**](docs/V0alpha2Api.md#adminupdateidentity) | **Put** /admin/identities/{id} | Update an Identity
 *V0alpha2Api* | [**CreateSelfServiceLogoutFlowUrlForBrowsers**](docs/V0alpha2Api.md#createselfservicelogoutflowurlforbrowsers) | **Get** /self-service/logout/browser | Create a Logout URL for Browsers
@@ -118,9 +118,9 @@ Class | Method | HTTP request | Description
 *V0alpha2Api* | [**InitializeSelfServiceVerificationFlowForBrowsers**](docs/V0alpha2Api.md#initializeselfserviceverificationflowforbrowsers) | **Get** /self-service/verification/browser | Initialize Verification Flow for Browser Clients
 *V0alpha2Api* | [**InitializeSelfServiceVerificationFlowWithoutBrowser**](docs/V0alpha2Api.md#initializeselfserviceverificationflowwithoutbrowser) | **Get** /self-service/verification/api | Initialize Verification Flow for APIs, Services, Apps, ...
 *V0alpha2Api* | [**ListIdentitySchemas**](docs/V0alpha2Api.md#listidentityschemas) | **Get** /schemas | 
-*V0alpha2Api* | [**ListSessions**](docs/V0alpha2Api.md#listsessions) | **Get** /sessions | This endpoints returns all other active sessions that belong to the logged-in user. The current session can be retrieved by calling the `/sessions/whoami` endpoint.
-*V0alpha2Api* | [**RevokeSession**](docs/V0alpha2Api.md#revokesession) | **Delete** /sessions/{id} | Calling this endpoint invalidates the specified session. The current session cannot be revoked. Session data are not deleted.
-*V0alpha2Api* | [**RevokeSessions**](docs/V0alpha2Api.md#revokesessions) | **Delete** /sessions | Calling this endpoint invalidates all except the current session that belong to the logged-in user. Session data are not deleted.
+*V0alpha2Api* | [**ListSessions**](docs/V0alpha2Api.md#listsessions) | **Get** /sessions | Get Active Sessions
+*V0alpha2Api* | [**RevokeSession**](docs/V0alpha2Api.md#revokesession) | **Delete** /sessions/{id} | Invalidate a Session
+*V0alpha2Api* | [**RevokeSessions**](docs/V0alpha2Api.md#revokesessions) | **Delete** /sessions | Invalidate all Other Sessions
 *V0alpha2Api* | [**SubmitSelfServiceLoginFlow**](docs/V0alpha2Api.md#submitselfserviceloginflow) | **Post** /self-service/login | Submit a Login Flow
 *V0alpha2Api* | [**SubmitSelfServiceLogoutFlow**](docs/V0alpha2Api.md#submitselfservicelogoutflow) | **Get** /self-service/logout | Complete Self-Service Logout
 *V0alpha2Api* | [**SubmitSelfServiceLogoutFlowWithoutBrowser**](docs/V0alpha2Api.md#submitselfservicelogoutflowwithoutbrowser) | **Delete** /self-service/logout/api | Perform Logout for APIs, Services, Apps, ...
diff --git a/internal/httpclient/api/openapi.yaml b/internal/httpclient/api/openapi.yaml
index 95edb4ae68e8..5d2a2c59d54d 100644
--- a/internal/httpclient/api/openapi.yaml
+++ b/internal/httpclient/api/openapi.yaml
@@ -423,6 +423,8 @@ paths:
   /admin/identities/{id}/sessions:
     delete:
       description: |-
+        Calling this endpoint irrecoverably and permanently deletes and invalidates all sessions that belong to the given Identity.
+
         This endpoint is useful for:
 
         To forcefully logout Identity from all devices and sessions
@@ -466,12 +468,13 @@ paths:
           description: jsonError
       security:
       - oryAccessToken: []
-      summary: Calling this endpoint irrecoverably and permanently deletes and invalidates
-        all sessions that belong to the given Identity.
+      summary: Delete & Invalidate an Identity's Sessions
       tags:
       - v0alpha2
     get:
       description: |-
+        This endpoint returns all sessions that belong to the given Identity.
+
         This endpoint is useful for:
 
         Listing all sessions that belong to an Identity in an administrative context.
@@ -559,7 +562,7 @@ paths:
           description: jsonError
       security:
       - oryAccessToken: []
-      summary: This endpoint returns all sessions that belong to the given Identity.
+      summary: List an Identity's Sessions
       tags:
       - v0alpha2
   /admin/recovery/code:
@@ -599,7 +602,7 @@ paths:
               schema:
                 $ref: '#/components/schemas/jsonError'
           description: jsonError
-      summary: Create a Recovery Link
+      summary: Create a Recovery Code
       tags:
       - v0alpha2
   /admin/recovery/link:
@@ -644,8 +647,11 @@ paths:
       - v0alpha2
   /admin/sessions/{id}/extend:
     patch:
-      description: Retrieve the session ID from the `/sessions/whoami` endpoint /
-        `toSession` SDK method.
+      description: |-
+        Calling this endpoint extends the given session ID. If `session.earliest_possible_extend` is set it
+        will only extend the session after the specified time has passed.
+
+        Retrieve the session ID from the `/sessions/whoami` endpoint / `toSession` SDK method.
       operationId: adminExtendSession
       parameters:
       - description: ID is the session's ID.
@@ -683,9 +689,7 @@ paths:
           description: jsonError
       security:
       - oryAccessToken: []
-      summary: |-
-        Calling this endpoint extends the given session ID. If `session.earliest_possible_extend` is set it
-        will only extend the session after the specified time has passed.
+      summary: Extend a Session
       tags:
       - v0alpha2
   /health/alive:
@@ -2600,6 +2604,9 @@ paths:
   /sessions:
     delete:
       description: |-
+        Calling this endpoint invalidates all except the current session that belong to the logged-in user.
+        Session data are not deleted.
+
         This endpoint is useful for:
 
         To forcefully logout the current user from all other devices and sessions
@@ -2658,13 +2665,14 @@ paths:
               schema:
                 $ref: '#/components/schemas/jsonError'
           description: jsonError
-      summary: |-
-        Calling this endpoint invalidates all except the current session that belong to the logged-in user.
-        Session data are not deleted.
+      summary: Invalidate all Other Sessions
       tags:
       - v0alpha2
     get:
       description: |-
+        This endpoints returns all other active sessions that belong to the logged-in user.
+        The current session can be retrieved by calling the `/sessions/whoami` endpoint.
+
         This endpoint is useful for:
 
         Displaying all other sessions that belong to the logged-in user
@@ -2755,9 +2763,7 @@ paths:
               schema:
                 $ref: '#/components/schemas/jsonError'
           description: jsonError
-      summary: |-
-        This endpoints returns all other active sessions that belong to the logged-in user.
-        The current session can be retrieved by calling the `/sessions/whoami` endpoint.
+      summary: Get Active Sessions
       tags:
       - v0alpha2
   /sessions/whoami:
@@ -2869,6 +2875,9 @@ paths:
   /sessions/{id}:
     delete:
       description: |-
+        Calling this endpoint invalidates the specified session. The current session cannot be revoked.
+        Session data are not deleted.
+
         This endpoint is useful for:
 
         To forcefully logout the current user from another device or session
@@ -2904,9 +2913,7 @@ paths:
               schema:
                 $ref: '#/components/schemas/jsonError'
           description: jsonError
-      summary: |-
-        Calling this endpoint invalidates the specified session. The current session cannot be revoked.
-        Session data are not deleted.
+      summary: Invalidate a Session
       tags:
       - v0alpha2
   /version:
diff --git a/internal/httpclient/api_v0alpha2.go b/internal/httpclient/api_v0alpha2.go
index e090477a27c0..9069c26ad043 100644
--- a/internal/httpclient/api_v0alpha2.go
+++ b/internal/httpclient/api_v0alpha2.go
@@ -43,7 +43,7 @@ type V0alpha2Api interface {
 	AdminCreateIdentityExecute(r V0alpha2ApiApiAdminCreateIdentityRequest) (*Identity, *http.Response, error)
 
 	/*
-			 * AdminCreateSelfServiceRecoveryCode Create a Recovery Link
+			 * AdminCreateSelfServiceRecoveryCode Create a Recovery Code
 			 * This endpoint creates a recovery code which should be given to the user in order for them to recover
 		(or activate) their account.
 			 * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
@@ -91,8 +91,10 @@ type V0alpha2Api interface {
 	AdminDeleteIdentityExecute(r V0alpha2ApiApiAdminDeleteIdentityRequest) (*http.Response, error)
 
 	/*
-			 * AdminDeleteIdentitySessions Calling this endpoint irrecoverably and permanently deletes and invalidates all sessions that belong to the given Identity.
-			 * This endpoint is useful for:
+			 * AdminDeleteIdentitySessions Delete & Invalidate an Identity's Sessions
+			 * Calling this endpoint irrecoverably and permanently deletes and invalidates all sessions that belong to the given Identity.
+
+		This endpoint is useful for:
 
 		To forcefully logout Identity from all devices and sessions
 			 * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
@@ -107,12 +109,15 @@ type V0alpha2Api interface {
 	AdminDeleteIdentitySessionsExecute(r V0alpha2ApiApiAdminDeleteIdentitySessionsRequest) (*http.Response, error)
 
 	/*
-	 * AdminExtendSession Calling this endpoint extends the given session ID. If `session.earliest_possible_extend` is set it will only extend the session after the specified time has passed.
-	 * Retrieve the session ID from the `/sessions/whoami` endpoint / `toSession` SDK method.
-	 * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
-	 * @param id ID is the session's ID.
-	 * @return V0alpha2ApiApiAdminExtendSessionRequest
-	 */
+			 * AdminExtendSession Extend a Session
+			 * Calling this endpoint extends the given session ID. If `session.earliest_possible_extend` is set it
+		will only extend the session after the specified time has passed.
+
+		Retrieve the session ID from the `/sessions/whoami` endpoint / `toSession` SDK method.
+			 * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+			 * @param id ID is the session's ID.
+			 * @return V0alpha2ApiApiAdminExtendSessionRequest
+	*/
 	AdminExtendSession(ctx context.Context, id string) V0alpha2ApiApiAdminExtendSessionRequest
 
 	/*
@@ -167,8 +172,10 @@ type V0alpha2Api interface {
 	AdminListIdentitiesExecute(r V0alpha2ApiApiAdminListIdentitiesRequest) ([]Identity, *http.Response, error)
 
 	/*
-			 * AdminListIdentitySessions This endpoint returns all sessions that belong to the given Identity.
-			 * This endpoint is useful for:
+			 * AdminListIdentitySessions List an Identity's Sessions
+			 * This endpoint returns all sessions that belong to the given Identity.
+
+		This endpoint is useful for:
 
 		Listing all sessions that belong to an Identity in an administrative context.
 			 * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
@@ -782,8 +789,11 @@ type V0alpha2Api interface {
 	ListIdentitySchemasExecute(r V0alpha2ApiApiListIdentitySchemasRequest) ([]IdentitySchemaContainer, *http.Response, error)
 
 	/*
-			 * ListSessions This endpoints returns all other active sessions that belong to the logged-in user. The current session can be retrieved by calling the `/sessions/whoami` endpoint.
-			 * This endpoint is useful for:
+			 * ListSessions Get Active Sessions
+			 * This endpoints returns all other active sessions that belong to the logged-in user.
+		The current session can be retrieved by calling the `/sessions/whoami` endpoint.
+
+		This endpoint is useful for:
 
 		Displaying all other sessions that belong to the logged-in user
 			 * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
@@ -798,8 +808,11 @@ type V0alpha2Api interface {
 	ListSessionsExecute(r V0alpha2ApiApiListSessionsRequest) ([]Session, *http.Response, error)
 
 	/*
-			 * RevokeSession Calling this endpoint invalidates the specified session. The current session cannot be revoked. Session data are not deleted.
-			 * This endpoint is useful for:
+			 * RevokeSession Invalidate a Session
+			 * Calling this endpoint invalidates the specified session. The current session cannot be revoked.
+		Session data are not deleted.
+
+		This endpoint is useful for:
 
 		To forcefully logout the current user from another device or session
 			 * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
@@ -814,8 +827,11 @@ type V0alpha2Api interface {
 	RevokeSessionExecute(r V0alpha2ApiApiRevokeSessionRequest) (*http.Response, error)
 
 	/*
-			 * RevokeSessions Calling this endpoint invalidates all except the current session that belong to the logged-in user. Session data are not deleted.
-			 * This endpoint is useful for:
+			 * RevokeSessions Invalidate all Other Sessions
+			 * Calling this endpoint invalidates all except the current session that belong to the logged-in user.
+		Session data are not deleted.
+
+		This endpoint is useful for:
 
 		To forcefully logout the current user from all other devices and sessions
 			 * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
@@ -1309,7 +1325,7 @@ func (r V0alpha2ApiApiAdminCreateSelfServiceRecoveryCodeRequest) Execute() (*Sel
 }
 
 /*
-  - AdminCreateSelfServiceRecoveryCode Create a Recovery Link
+  - AdminCreateSelfServiceRecoveryCode Create a Recovery Code
   - This endpoint creates a recovery code which should be given to the user in order for them to recover
 
 (or activate) their account.
@@ -1716,8 +1732,10 @@ func (r V0alpha2ApiApiAdminDeleteIdentitySessionsRequest) Execute() (*http.Respo
 }
 
 /*
-  - AdminDeleteIdentitySessions Calling this endpoint irrecoverably and permanently deletes and invalidates all sessions that belong to the given Identity.
-  - This endpoint is useful for:
+  - AdminDeleteIdentitySessions Delete & Invalidate an Identity's Sessions
+  - Calling this endpoint irrecoverably and permanently deletes and invalidates all sessions that belong to the given Identity.
+
+This endpoint is useful for:
 
 To forcefully logout Identity from all devices and sessions
   - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
@@ -1865,12 +1883,16 @@ func (r V0alpha2ApiApiAdminExtendSessionRequest) Execute() (*Session, *http.Resp
 }
 
 /*
- * AdminExtendSession Calling this endpoint extends the given session ID. If `session.earliest_possible_extend` is set it will only extend the session after the specified time has passed.
- * Retrieve the session ID from the `/sessions/whoami` endpoint / `toSession` SDK method.
- * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
- * @param id ID is the session's ID.
- * @return V0alpha2ApiApiAdminExtendSessionRequest
- */
+  - AdminExtendSession Extend a Session
+  - Calling this endpoint extends the given session ID. If `session.earliest_possible_extend` is set it
+
+will only extend the session after the specified time has passed.
+
+Retrieve the session ID from the `/sessions/whoami` endpoint / `toSession` SDK method.
+  - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+  - @param id ID is the session's ID.
+  - @return V0alpha2ApiApiAdminExtendSessionRequest
+*/
 func (a *V0alpha2ApiService) AdminExtendSession(ctx context.Context, id string) V0alpha2ApiApiAdminExtendSessionRequest {
 	return V0alpha2ApiApiAdminExtendSessionRequest{
 		ApiService: a,
@@ -2480,8 +2502,10 @@ func (r V0alpha2ApiApiAdminListIdentitySessionsRequest) Execute() ([]Session, *h
 }
 
 /*
-  - AdminListIdentitySessions This endpoint returns all sessions that belong to the given Identity.
-  - This endpoint is useful for:
+  - AdminListIdentitySessions List an Identity's Sessions
+  - This endpoint returns all sessions that belong to the given Identity.
+
+This endpoint is useful for:
 
 Listing all sessions that belong to an Identity in an administrative context.
   - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
@@ -6015,8 +6039,12 @@ func (r V0alpha2ApiApiListSessionsRequest) Execute() ([]Session, *http.Response,
 }
 
 /*
-  - ListSessions This endpoints returns all other active sessions that belong to the logged-in user. The current session can be retrieved by calling the `/sessions/whoami` endpoint.
-  - This endpoint is useful for:
+  - ListSessions Get Active Sessions
+  - This endpoints returns all other active sessions that belong to the logged-in user.
+
+The current session can be retrieved by calling the `/sessions/whoami` endpoint.
+
+This endpoint is useful for:
 
 Displaying all other sessions that belong to the logged-in user
   - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
@@ -6170,8 +6198,12 @@ func (r V0alpha2ApiApiRevokeSessionRequest) Execute() (*http.Response, error) {
 }
 
 /*
-  - RevokeSession Calling this endpoint invalidates the specified session. The current session cannot be revoked. Session data are not deleted.
-  - This endpoint is useful for:
+  - RevokeSession Invalidate a Session
+  - Calling this endpoint invalidates the specified session. The current session cannot be revoked.
+
+Session data are not deleted.
+
+This endpoint is useful for:
 
 To forcefully logout the current user from another device or session
   - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
@@ -6305,8 +6337,12 @@ func (r V0alpha2ApiApiRevokeSessionsRequest) Execute() (*RevokedSessions, *http.
 }
 
 /*
-  - RevokeSessions Calling this endpoint invalidates all except the current session that belong to the logged-in user. Session data are not deleted.
-  - This endpoint is useful for:
+  - RevokeSessions Invalidate all Other Sessions
+  - Calling this endpoint invalidates all except the current session that belong to the logged-in user.
+
+Session data are not deleted.
+
+This endpoint is useful for:
 
 To forcefully logout the current user from all other devices and sessions
   - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
diff --git a/internal/httpclient/docs/V0alpha2Api.md b/internal/httpclient/docs/V0alpha2Api.md
index 0ef013a78918..a9146b4f6ff2 100644
--- a/internal/httpclient/docs/V0alpha2Api.md
+++ b/internal/httpclient/docs/V0alpha2Api.md
@@ -5,15 +5,15 @@ All URIs are relative to *http://localhost*
 Method | HTTP request | Description
 ------------- | ------------- | -------------
 [**AdminCreateIdentity**](V0alpha2Api.md#AdminCreateIdentity) | **Post** /admin/identities | Create an Identity
-[**AdminCreateSelfServiceRecoveryCode**](V0alpha2Api.md#AdminCreateSelfServiceRecoveryCode) | **Post** /admin/recovery/code | Create a Recovery Link
+[**AdminCreateSelfServiceRecoveryCode**](V0alpha2Api.md#AdminCreateSelfServiceRecoveryCode) | **Post** /admin/recovery/code | Create a Recovery Code
 [**AdminCreateSelfServiceRecoveryLink**](V0alpha2Api.md#AdminCreateSelfServiceRecoveryLink) | **Post** /admin/recovery/link | Create a Recovery Link
 [**AdminDeleteIdentity**](V0alpha2Api.md#AdminDeleteIdentity) | **Delete** /admin/identities/{id} | Delete an Identity
-[**AdminDeleteIdentitySessions**](V0alpha2Api.md#AdminDeleteIdentitySessions) | **Delete** /admin/identities/{id}/sessions | Calling this endpoint irrecoverably and permanently deletes and invalidates all sessions that belong to the given Identity.
-[**AdminExtendSession**](V0alpha2Api.md#AdminExtendSession) | **Patch** /admin/sessions/{id}/extend | Calling this endpoint extends the given session ID. If `session.earliest_possible_extend` is set it will only extend the session after the specified time has passed.
+[**AdminDeleteIdentitySessions**](V0alpha2Api.md#AdminDeleteIdentitySessions) | **Delete** /admin/identities/{id}/sessions | Delete & Invalidate an Identity's Sessions
+[**AdminExtendSession**](V0alpha2Api.md#AdminExtendSession) | **Patch** /admin/sessions/{id}/extend | Extend a Session
 [**AdminGetIdentity**](V0alpha2Api.md#AdminGetIdentity) | **Get** /admin/identities/{id} | Get an Identity
 [**AdminListCourierMessages**](V0alpha2Api.md#AdminListCourierMessages) | **Get** /admin/courier/messages | List Messages
 [**AdminListIdentities**](V0alpha2Api.md#AdminListIdentities) | **Get** /admin/identities | List Identities
-[**AdminListIdentitySessions**](V0alpha2Api.md#AdminListIdentitySessions) | **Get** /admin/identities/{id}/sessions | This endpoint returns all sessions that belong to the given Identity.
+[**AdminListIdentitySessions**](V0alpha2Api.md#AdminListIdentitySessions) | **Get** /admin/identities/{id}/sessions | List an Identity's Sessions
 [**AdminPatchIdentity**](V0alpha2Api.md#AdminPatchIdentity) | **Patch** /admin/identities/{id} | Patch an Identity
 [**AdminUpdateIdentity**](V0alpha2Api.md#AdminUpdateIdentity) | **Put** /admin/identities/{id} | Update an Identity
 [**CreateSelfServiceLogoutFlowUrlForBrowsers**](V0alpha2Api.md#CreateSelfServiceLogoutFlowUrlForBrowsers) | **Get** /self-service/logout/browser | Create a Logout URL for Browsers
@@ -36,9 +36,9 @@ Method | HTTP request | Description
 [**InitializeSelfServiceVerificationFlowForBrowsers**](V0alpha2Api.md#InitializeSelfServiceVerificationFlowForBrowsers) | **Get** /self-service/verification/browser | Initialize Verification Flow for Browser Clients
 [**InitializeSelfServiceVerificationFlowWithoutBrowser**](V0alpha2Api.md#InitializeSelfServiceVerificationFlowWithoutBrowser) | **Get** /self-service/verification/api | Initialize Verification Flow for APIs, Services, Apps, ...
 [**ListIdentitySchemas**](V0alpha2Api.md#ListIdentitySchemas) | **Get** /schemas | 
-[**ListSessions**](V0alpha2Api.md#ListSessions) | **Get** /sessions | This endpoints returns all other active sessions that belong to the logged-in user. The current session can be retrieved by calling the `/sessions/whoami` endpoint.
-[**RevokeSession**](V0alpha2Api.md#RevokeSession) | **Delete** /sessions/{id} | Calling this endpoint invalidates the specified session. The current session cannot be revoked. Session data are not deleted.
-[**RevokeSessions**](V0alpha2Api.md#RevokeSessions) | **Delete** /sessions | Calling this endpoint invalidates all except the current session that belong to the logged-in user. Session data are not deleted.
+[**ListSessions**](V0alpha2Api.md#ListSessions) | **Get** /sessions | Get Active Sessions
+[**RevokeSession**](V0alpha2Api.md#RevokeSession) | **Delete** /sessions/{id} | Invalidate a Session
+[**RevokeSessions**](V0alpha2Api.md#RevokeSessions) | **Delete** /sessions | Invalidate all Other Sessions
 [**SubmitSelfServiceLoginFlow**](V0alpha2Api.md#SubmitSelfServiceLoginFlow) | **Post** /self-service/login | Submit a Login Flow
 [**SubmitSelfServiceLogoutFlow**](V0alpha2Api.md#SubmitSelfServiceLogoutFlow) | **Get** /self-service/logout | Complete Self-Service Logout
 [**SubmitSelfServiceLogoutFlowWithoutBrowser**](V0alpha2Api.md#SubmitSelfServiceLogoutFlowWithoutBrowser) | **Delete** /self-service/logout/api | Perform Logout for APIs, Services, Apps, ...
@@ -120,7 +120,7 @@ Name | Type | Description  | Notes
 
 > SelfServiceRecoveryCode AdminCreateSelfServiceRecoveryCode(ctx).AdminCreateSelfServiceRecoveryCodeBody(adminCreateSelfServiceRecoveryCodeBody).Execute()
 
-Create a Recovery Link
+Create a Recovery Code
 
 
 
@@ -320,7 +320,7 @@ Name | Type | Description  | Notes
 
 > AdminDeleteIdentitySessions(ctx, id).Execute()
 
-Calling this endpoint irrecoverably and permanently deletes and invalidates all sessions that belong to the given Identity.
+Delete & Invalidate an Identity's Sessions
 
 
 
@@ -388,7 +388,7 @@ Name | Type | Description  | Notes
 
 > Session AdminExtendSession(ctx, id).Execute()
 
-Calling this endpoint extends the given session ID. If `session.earliest_possible_extend` is set it will only extend the session after the specified time has passed.
+Extend a Session
 
 
 
@@ -670,7 +670,7 @@ Name | Type | Description  | Notes
 
 > []Session AdminListIdentitySessions(ctx, id).PerPage(perPage).Page(page).Active(active).Execute()
 
-This endpoint returns all sessions that belong to the given Identity.
+List an Identity's Sessions
 
 
 
@@ -2220,7 +2220,7 @@ No authorization required
 
 > []Session ListSessions(ctx).XSessionToken(xSessionToken).Cookie(cookie).PerPage(perPage).Page(page).Execute()
 
-This endpoints returns all other active sessions that belong to the logged-in user. The current session can be retrieved by calling the `/sessions/whoami` endpoint.
+Get Active Sessions
 
 
 
@@ -2292,7 +2292,7 @@ No authorization required
 
 > RevokeSession(ctx, id).Execute()
 
-Calling this endpoint invalidates the specified session. The current session cannot be revoked. Session data are not deleted.
+Invalidate a Session
 
 
 
@@ -2360,7 +2360,7 @@ No authorization required
 
 > RevokedSessions RevokeSessions(ctx).XSessionToken(xSessionToken).Cookie(cookie).Execute()
 
-Calling this endpoint invalidates all except the current session that belong to the logged-in user. Session data are not deleted.
+Invalidate all Other Sessions
 
 
 
diff --git a/selfservice/strategy/code/strategy_recovery.go b/selfservice/strategy/code/strategy_recovery.go
index f856d2a75662..3e2f26bd7317 100644
--- a/selfservice/strategy/code/strategy_recovery.go
+++ b/selfservice/strategy/code/strategy_recovery.go
@@ -115,7 +115,7 @@ type selfServiceRecoveryCode struct {
 
 // swagger:route POST /admin/recovery/code v0alpha2 adminCreateSelfServiceRecoveryCode
 //
-// # Create a Recovery Link
+// # Create a Recovery Code
 //
 // This endpoint creates a recovery code which should be given to the user in order for them to recover
 // (or activate) their account.
diff --git a/session/handler.go b/session/handler.go
index 32d54b59dcc5..15c967370aeb 100644
--- a/session/handler.go
+++ b/session/handler.go
@@ -230,6 +230,8 @@ type adminDeleteIdentitySessions struct {
 
 // swagger:route DELETE /admin/identities/{id}/sessions v0alpha2 adminDeleteIdentitySessions
 //
+// # Delete & Invalidate an Identity's Sessions
+//
 // Calling this endpoint irrecoverably and permanently deletes and invalidates all sessions that belong to the given Identity.
 //
 // This endpoint is useful for:
@@ -276,6 +278,8 @@ type adminListIdentitySessions struct {
 
 // swagger:route GET /admin/identities/{id}/sessions v0alpha2 adminListIdentitySessions
 //
+// # List an Identity's Sessions
+//
 // This endpoint returns all sessions that belong to the given Identity.
 //
 // This endpoint is useful for:
@@ -331,6 +335,8 @@ type revokeSessions struct {
 
 // swagger:route DELETE /sessions v0alpha2 revokeSessions
 //
+// # Invalidate all Other Sessions
+//
 // Calling this endpoint invalidates all except the current session that belong to the logged-in user.
 // Session data are not deleted.
 //
@@ -375,6 +381,8 @@ type revokeSession struct {
 
 // swagger:route DELETE /sessions/{id} v0alpha2 revokeSession
 //
+// # Invalidate a Session
+//
 // Calling this endpoint invalidates the specified session. The current session cannot be revoked.
 // Session data are not deleted.
 //
@@ -434,6 +442,8 @@ type sessionList []*Session
 
 // swagger:route GET /sessions v0alpha2 listSessions
 //
+// # Get Active Sessions
+//
 // This endpoints returns all other active sessions that belong to the logged-in user.
 // The current session can be retrieved by calling the `/sessions/whoami` endpoint.
 //
@@ -496,6 +506,8 @@ type adminExtendSession struct {
 
 // swagger:route PATCH /admin/sessions/{id}/extend v0alpha2 adminExtendSession
 //
+// # Extend a Session
+//
 // Calling this endpoint extends the given session ID. If `session.earliest_possible_extend` is set it
 // will only extend the session after the specified time has passed.
 //
diff --git a/spec/api.json b/spec/api.json
index 1a71a55903ca..351803305209 100755
--- a/spec/api.json
+++ b/spec/api.json
@@ -3042,7 +3042,7 @@
     },
     "/admin/identities/{id}/sessions": {
       "delete": {
-        "description": "This endpoint is useful for:\n\nTo forcefully logout Identity from all devices and sessions",
+        "description": "Calling this endpoint irrecoverably and permanently deletes and invalidates all sessions that belong to the given Identity.\n\nThis endpoint is useful for:\n\nTo forcefully logout Identity from all devices and sessions",
         "operationId": "adminDeleteIdentitySessions",
         "parameters": [
           {
@@ -3105,13 +3105,13 @@
             "oryAccessToken": []
           }
         ],
-        "summary": "Calling this endpoint irrecoverably and permanently deletes and invalidates all sessions that belong to the given Identity.",
+        "summary": "Delete \u0026 Invalidate an Identity's Sessions",
         "tags": [
           "v0alpha2"
         ]
       },
       "get": {
-        "description": "This endpoint is useful for:\n\nListing all sessions that belong to an Identity in an administrative context.",
+        "description": "This endpoint returns all sessions that belong to the given Identity.\n\nThis endpoint is useful for:\n\nListing all sessions that belong to an Identity in an administrative context.",
         "operationId": "adminListIdentitySessions",
         "parameters": [
           {
@@ -3212,7 +3212,7 @@
             "oryAccessToken": []
           }
         ],
-        "summary": "This endpoint returns all sessions that belong to the given Identity.",
+        "summary": "List an Identity's Sessions",
         "tags": [
           "v0alpha2"
         ]
@@ -3274,7 +3274,7 @@
             "description": "jsonError"
           }
         },
-        "summary": "Create a Recovery Link",
+        "summary": "Create a Recovery Code",
         "tags": [
           "v0alpha2"
         ]
@@ -3344,7 +3344,7 @@
     },
     "/admin/sessions/{id}/extend": {
       "patch": {
-        "description": "Retrieve the session ID from the `/sessions/whoami` endpoint / `toSession` SDK method.",
+        "description": "Calling this endpoint extends the given session ID. If `session.earliest_possible_extend` is set it\nwill only extend the session after the specified time has passed.\n\nRetrieve the session ID from the `/sessions/whoami` endpoint / `toSession` SDK method.",
         "operationId": "adminExtendSession",
         "parameters": [
           {
@@ -3404,7 +3404,7 @@
             "oryAccessToken": []
           }
         ],
-        "summary": "Calling this endpoint extends the given session ID. If `session.earliest_possible_extend` is set it\nwill only extend the session after the specified time has passed.",
+        "summary": "Extend a Session",
         "tags": [
           "v0alpha2"
         ]
@@ -5324,7 +5324,7 @@
     },
     "/sessions": {
       "delete": {
-        "description": "This endpoint is useful for:\n\nTo forcefully logout the current user from all other devices and sessions",
+        "description": "Calling this endpoint invalidates all except the current session that belong to the logged-in user.\nSession data are not deleted.\n\nThis endpoint is useful for:\n\nTo forcefully logout the current user from all other devices and sessions",
         "operationId": "revokeSessions",
         "parameters": [
           {
@@ -5396,13 +5396,13 @@
             "description": "jsonError"
           }
         },
-        "summary": "Calling this endpoint invalidates all except the current session that belong to the logged-in user.\nSession data are not deleted.",
+        "summary": "Invalidate all Other Sessions",
         "tags": [
           "v0alpha2"
         ]
       },
       "get": {
-        "description": "This endpoint is useful for:\n\nDisplaying all other sessions that belong to the logged-in user",
+        "description": "This endpoints returns all other active sessions that belong to the logged-in user.\nThe current session can be retrieved by calling the `/sessions/whoami` endpoint.\n\nThis endpoint is useful for:\n\nDisplaying all other sessions that belong to the logged-in user",
         "operationId": "listSessions",
         "parameters": [
           {
@@ -5497,7 +5497,7 @@
             "description": "jsonError"
           }
         },
-        "summary": "This endpoints returns all other active sessions that belong to the logged-in user.\nThe current session can be retrieved by calling the `/sessions/whoami` endpoint.",
+        "summary": "Get Active Sessions",
         "tags": [
           "v0alpha2"
         ]
@@ -5577,7 +5577,7 @@
     },
     "/sessions/{id}": {
       "delete": {
-        "description": "This endpoint is useful for:\n\nTo forcefully logout the current user from another device or session",
+        "description": "Calling this endpoint invalidates the specified session. The current session cannot be revoked.\nSession data are not deleted.\n\nThis endpoint is useful for:\n\nTo forcefully logout the current user from another device or session",
         "operationId": "revokeSession",
         "parameters": [
           {
@@ -5625,7 +5625,7 @@
             "description": "jsonError"
           }
         },
-        "summary": "Calling this endpoint invalidates the specified session. The current session cannot be revoked.\nSession data are not deleted.",
+        "summary": "Invalidate a Session",
         "tags": [
           "v0alpha2"
         ]
diff --git a/spec/swagger.json b/spec/swagger.json
index 32aa534d3f89..f78bd655008c 100755
--- a/spec/swagger.json
+++ b/spec/swagger.json
@@ -487,7 +487,7 @@
             "oryAccessToken": []
           }
         ],
-        "description": "This endpoint is useful for:\n\nListing all sessions that belong to an Identity in an administrative context.",
+        "description": "This endpoint returns all sessions that belong to the given Identity.\n\nThis endpoint is useful for:\n\nListing all sessions that belong to an Identity in an administrative context.",
         "schemes": [
           "http",
           "https"
@@ -495,7 +495,7 @@
         "tags": [
           "v0alpha2"
         ],
-        "summary": "This endpoint returns all sessions that belong to the given Identity.",
+        "summary": "List an Identity's Sessions",
         "operationId": "adminListIdentitySessions",
         "parameters": [
           {
@@ -570,7 +570,7 @@
             "oryAccessToken": []
           }
         ],
-        "description": "This endpoint is useful for:\n\nTo forcefully logout Identity from all devices and sessions",
+        "description": "Calling this endpoint irrecoverably and permanently deletes and invalidates all sessions that belong to the given Identity.\n\nThis endpoint is useful for:\n\nTo forcefully logout Identity from all devices and sessions",
         "schemes": [
           "http",
           "https"
@@ -578,7 +578,7 @@
         "tags": [
           "v0alpha2"
         ],
-        "summary": "Calling this endpoint irrecoverably and permanently deletes and invalidates all sessions that belong to the given Identity.",
+        "summary": "Delete \u0026 Invalidate an Identity's Sessions",
         "operationId": "adminDeleteIdentitySessions",
         "parameters": [
           {
@@ -636,7 +636,7 @@
         "tags": [
           "v0alpha2"
         ],
-        "summary": "Create a Recovery Link",
+        "summary": "Create a Recovery Code",
         "operationId": "adminCreateSelfServiceRecoveryCode",
         "parameters": [
           {
@@ -737,7 +737,7 @@
             "oryAccessToken": []
           }
         ],
-        "description": "Retrieve the session ID from the `/sessions/whoami` endpoint / `toSession` SDK method.",
+        "description": "Calling this endpoint extends the given session ID. If `session.earliest_possible_extend` is set it\nwill only extend the session after the specified time has passed.\n\nRetrieve the session ID from the `/sessions/whoami` endpoint / `toSession` SDK method.",
         "schemes": [
           "http",
           "https"
@@ -745,7 +745,7 @@
         "tags": [
           "v0alpha2"
         ],
-        "summary": "Calling this endpoint extends the given session ID. If `session.earliest_possible_extend` is set it\nwill only extend the session after the specified time has passed.",
+        "summary": "Extend a Session",
         "operationId": "adminExtendSession",
         "parameters": [
           {
@@ -2333,7 +2333,7 @@
     },
     "/sessions": {
       "get": {
-        "description": "This endpoint is useful for:\n\nDisplaying all other sessions that belong to the logged-in user",
+        "description": "This endpoints returns all other active sessions that belong to the logged-in user.\nThe current session can be retrieved by calling the `/sessions/whoami` endpoint.\n\nThis endpoint is useful for:\n\nDisplaying all other sessions that belong to the logged-in user",
         "schemes": [
           "http",
           "https"
@@ -2341,7 +2341,7 @@
         "tags": [
           "v0alpha2"
         ],
-        "summary": "This endpoints returns all other active sessions that belong to the logged-in user.\nThe current session can be retrieved by calling the `/sessions/whoami` endpoint.",
+        "summary": "Get Active Sessions",
         "operationId": "listSessions",
         "parameters": [
           {
@@ -2410,7 +2410,7 @@
         }
       },
       "delete": {
-        "description": "This endpoint is useful for:\n\nTo forcefully logout the current user from all other devices and sessions",
+        "description": "Calling this endpoint invalidates all except the current session that belong to the logged-in user.\nSession data are not deleted.\n\nThis endpoint is useful for:\n\nTo forcefully logout the current user from all other devices and sessions",
         "schemes": [
           "http",
           "https"
@@ -2418,7 +2418,7 @@
         "tags": [
           "v0alpha2"
         ],
-        "summary": "Calling this endpoint invalidates all except the current session that belong to the logged-in user.\nSession data are not deleted.",
+        "summary": "Invalidate all Other Sessions",
         "operationId": "revokeSessions",
         "parameters": [
           {
@@ -2527,7 +2527,7 @@
     },
     "/sessions/{id}": {
       "delete": {
-        "description": "This endpoint is useful for:\n\nTo forcefully logout the current user from another device or session",
+        "description": "Calling this endpoint invalidates the specified session. The current session cannot be revoked.\nSession data are not deleted.\n\nThis endpoint is useful for:\n\nTo forcefully logout the current user from another device or session",
         "schemes": [
           "http",
           "https"
@@ -2535,7 +2535,7 @@
         "tags": [
           "v0alpha2"
         ],
-        "summary": "Calling this endpoint invalidates the specified session. The current session cannot be revoked.\nSession data are not deleted.",
+        "summary": "Invalidate a Session",
         "operationId": "revokeSession",
         "parameters": [
           {

From 4aab5e0114dd02b8b0ce45376a0fe4bf11e38221 Mon Sep 17 00:00:00 2001
From: Brahm Lower 
Date: Thu, 20 Oct 2022 09:01:52 -0700
Subject: [PATCH 307/411] fix(lint): fixed lint error causing ci failures

---
 session/handler.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/session/handler.go b/session/handler.go
index 15c967370aeb..5e77e6bb371e 100644
--- a/session/handler.go
+++ b/session/handler.go
@@ -207,7 +207,7 @@ func (h *Handler) whoami(w http.ResponseWriter, r *http.Request, ps httprouter.P
 
 	// Set userId as the X-Kratos-Authenticated-Identity-Id header.
 	w.Header().Set("X-Kratos-Authenticated-Identity-Id", s.Identity.ID.String())
-	w.Header().Set("Ory-Session-Cache-For", fmt.Sprintf("%d", int64(s.ExpiresAt.Sub(time.Now()).Seconds())))
+	w.Header().Set("Ory-Session-Cache-For", fmt.Sprintf("%d", int64(time.Until(s.ExpiresAt).Seconds())))
 
 	if err := h.r.SessionManager().RefreshCookie(r.Context(), w, r, s); err != nil {
 		h.r.Audit().WithRequest(r).WithError(err).Info("Could not re-issue cookie.")

From ddde43ec0d77a1214cd03e1f3e48ab4c34193779 Mon Sep 17 00:00:00 2001
From: Patrik 
Date: Tue, 25 Oct 2022 11:09:00 +0200
Subject: [PATCH 308/411] fix: correctly calculate `expired_at` timestamp for
 FlowExpired errors (#2836)

---
 cmd/clidoc/main.go                                 | 10 +++++-----
 internal/registrationhelpers/helpers.go            |  4 ++--
 selfservice/flow/error.go                          | 10 +++++++---
 selfservice/flow/login/error.go                    |  2 +-
 selfservice/flow/recovery/error.go                 |  2 +-
 selfservice/flow/registration/error.go             |  2 +-
 selfservice/flow/settings/error.go                 |  2 +-
 selfservice/flow/verification/error.go             |  2 +-
 selfservice/strategy/code/strategy_recovery.go     |  2 +-
 selfservice/strategy/link/strategy_recovery.go     |  2 +-
 selfservice/strategy/link/strategy_verification.go |  2 +-
 selfservice/strategy/password/login_test.go        |  4 ++--
 text/message_login.go                              |  6 +++---
 text/message_recovery.go                           |  6 +++---
 text/message_registration.go                       |  6 +++---
 text/message_settings.go                           |  6 +++---
 text/message_verification.go                       |  6 +++---
 17 files changed, 39 insertions(+), 35 deletions(-)

diff --git a/cmd/clidoc/main.go b/cmd/clidoc/main.go
index a8689c859759..4318216df143 100644
--- a/cmd/clidoc/main.go
+++ b/cmd/clidoc/main.go
@@ -44,7 +44,7 @@ func init() {
 		"NewInfoNodeLabelSave":                       text.NewInfoNodeLabelSave(),
 		"NewInfoNodeLabelSubmit":                     text.NewInfoNodeLabelSubmit(),
 		"NewInfoNodeLabelID":                         text.NewInfoNodeLabelID(),
-		"NewErrorValidationSettingsFlowExpired":      text.NewErrorValidationSettingsFlowExpired(time.Second),
+		"NewErrorValidationSettingsFlowExpired":      text.NewErrorValidationSettingsFlowExpired(aSecondAgo),
 		"NewInfoSelfServiceSettingsTOTPQRCode":       text.NewInfoSelfServiceSettingsTOTPQRCode(),
 		"NewInfoSelfServiceSettingsTOTPSecret":       text.NewInfoSelfServiceSettingsTOTPSecret("{secret}"),
 		"NewInfoSelfServiceSettingsTOTPSecretLabel":  text.NewInfoSelfServiceSettingsTOTPSecretLabel(),
@@ -66,7 +66,7 @@ func init() {
 		"NewInfoSelfServiceRegisterWebAuthn":                      text.NewInfoSelfServiceSettingsRegisterWebAuthn(),
 		"NewInfoSelfServiceRegisterWebAuthnDisplayName":           text.NewInfoSelfServiceRegisterWebAuthnDisplayName(),
 		"NewInfoSelfServiceRemoveWebAuthn":                        text.NewInfoSelfServiceRemoveWebAuthn("{name}", aSecondAgo),
-		"NewErrorValidationVerificationFlowExpired":               text.NewErrorValidationVerificationFlowExpired(-time.Second),
+		"NewErrorValidationVerificationFlowExpired":               text.NewErrorValidationVerificationFlowExpired(aSecondAgo),
 		"NewInfoSelfServiceVerificationSuccessful":                text.NewInfoSelfServiceVerificationSuccessful(),
 		"NewVerificationEmailSent":                                text.NewVerificationEmailSent(),
 		"NewErrorValidationVerificationTokenInvalidOrAlreadyUsed": text.NewErrorValidationVerificationTokenInvalidOrAlreadyUsed(),
@@ -97,7 +97,7 @@ func init() {
 		"NewInfoLoginLookup":                                      text.NewInfoLoginLookup(),
 		"NewInfoLoginVerify":                                      text.NewInfoLoginVerify(),
 		"NewInfoLoginWith":                                        text.NewInfoLoginWith("{provider}"),
-		"NewErrorValidationLoginFlowExpired":                      text.NewErrorValidationLoginFlowExpired(time.Second),
+		"NewErrorValidationLoginFlowExpired":                      text.NewErrorValidationLoginFlowExpired(aSecondAgo),
 		"NewErrorValidationLoginNoStrategyFound":                  text.NewErrorValidationLoginNoStrategyFound(),
 		"NewErrorValidationRegistrationNoStrategyFound":           text.NewErrorValidationRegistrationNoStrategyFound(),
 		"NewErrorValidationSettingsNoStrategyFound":               text.NewErrorValidationSettingsNoStrategyFound(),
@@ -107,8 +107,8 @@ func init() {
 		"NewInfoRegistration":                                     text.NewInfoRegistration(),
 		"NewInfoRegistrationWith":                                 text.NewInfoRegistrationWith("{provider}"),
 		"NewInfoRegistrationContinue":                             text.NewInfoRegistrationContinue(),
-		"NewErrorValidationRegistrationFlowExpired":               text.NewErrorValidationRegistrationFlowExpired(time.Second),
-		"NewErrorValidationRecoveryFlowExpired":                   text.NewErrorValidationRecoveryFlowExpired(time.Second),
+		"NewErrorValidationRegistrationFlowExpired":               text.NewErrorValidationRegistrationFlowExpired(aSecondAgo),
+		"NewErrorValidationRecoveryFlowExpired":                   text.NewErrorValidationRecoveryFlowExpired(aSecondAgo),
 		"NewRecoverySuccessful":                                   text.NewRecoverySuccessful(inAMinute),
 		"NewRecoveryEmailSent":                                    text.NewRecoveryEmailSent(),
 		"NewRecoveryEmailWithCodeSent":                            text.NewRecoveryEmailWithCodeSent(),
diff --git a/internal/registrationhelpers/helpers.go b/internal/registrationhelpers/helpers.go
index 5c14807505af..c6e16d249f28 100644
--- a/internal/registrationhelpers/helpers.go
+++ b/internal/registrationhelpers/helpers.go
@@ -452,7 +452,7 @@ func AssertCommonErrorCases(t *testing.T, reg *driver.RegistryDefault, flows []s
 			actual, res := testhelpers.RegistrationMakeRequest(t, true, false, f, apiClient, "{}")
 			assert.Contains(t, res.Request.URL.String(), publicTS.URL+registration.RouteSubmitFlow)
 			assert.NotEqual(t, "00000000-0000-0000-0000-000000000000", gjson.Get(actual, "use_flow_id").String())
-			assertx.EqualAsJSONExcept(t, flow.NewFlowExpiredError(time.Now()), json.RawMessage(actual), []string{"use_flow_id", "since"}, "expired", "%s", actual)
+			assertx.EqualAsJSONExcept(t, flow.NewFlowExpiredError(time.Now()), json.RawMessage(actual), []string{"use_flow_id", "expired_at", "since"}, "expired", "%s", actual)
 		})
 
 		t.Run("type=spa", func(t *testing.T) {
@@ -463,7 +463,7 @@ func AssertCommonErrorCases(t *testing.T, reg *driver.RegistryDefault, flows []s
 			actual, res := testhelpers.RegistrationMakeRequest(t, false, true, f, browserClient, "{}")
 			assert.Contains(t, res.Request.URL.String(), publicTS.URL+registration.RouteSubmitFlow)
 			assert.NotEqual(t, "00000000-0000-0000-0000-000000000000", gjson.Get(actual, "use_flow_id").String())
-			assertx.EqualAsJSONExcept(t, flow.NewFlowExpiredError(time.Now()), json.RawMessage(actual), []string{"use_flow_id", "since"}, "expired", "%s", actual)
+			assertx.EqualAsJSONExcept(t, flow.NewFlowExpiredError(time.Now()), json.RawMessage(actual), []string{"use_flow_id", "expired_at", "since"}, "expired", "%s", actual)
 		})
 
 		t.Run("type=browser", func(t *testing.T) {
diff --git a/selfservice/flow/error.go b/selfservice/flow/error.go
index 650a8bdc7b75..98747388ac10 100644
--- a/selfservice/flow/error.go
+++ b/selfservice/flow/error.go
@@ -33,8 +33,11 @@ var (
 type ExpiredError struct {
 	*herodot.DefaultError `json:"error"`
 
-	// Since when the flow has expired
-	Ago time.Duration `json:"since"`
+	// When the flow has expired
+	ExpiredAt time.Time `json:"expired_at"`
+
+	// DEPRECATED: Please use the "expired_at" field instead to have a more accurate result.
+	Since time.Duration `json:"since"`
 
 	// The flow ID that should be used for the new flow as it contains the correct messages.
 	FlowID uuid.UUID `json:"use_flow_id"`
@@ -59,7 +62,8 @@ func (e *ExpiredError) EnhanceJSONError() interface{} {
 func NewFlowExpiredError(at time.Time) *ExpiredError {
 	ago := time.Since(at)
 	return &ExpiredError{
-		Ago: ago,
+		ExpiredAt: at.UTC(),
+		Since:     ago,
 		DefaultError: x.ErrGone.WithID(text.ErrIDSelfServiceFlowExpired).
 			WithError("self-service flow expired").
 			WithReasonf("The self-service flow expired %.2f minutes ago, initialize a new one.", ago.Minutes()),
diff --git a/selfservice/flow/login/error.go b/selfservice/flow/login/error.go
index e14848eab56a..6a2447fc065f 100644
--- a/selfservice/flow/login/error.go
+++ b/selfservice/flow/login/error.go
@@ -62,7 +62,7 @@ func (s *ErrorHandler) PrepareReplacementForExpiredFlow(w http.ResponseWriter, r
 		return nil, err
 	}
 
-	a.UI.Messages.Add(text.NewErrorValidationLoginFlowExpired(e.Ago))
+	a.UI.Messages.Add(text.NewErrorValidationLoginFlowExpired(e.ExpiredAt))
 	if err := s.d.LoginFlowPersister().UpdateLoginFlow(r.Context(), a); err != nil {
 		return nil, err
 	}
diff --git a/selfservice/flow/recovery/error.go b/selfservice/flow/recovery/error.go
index 925b098c1d0d..4f57384238cc 100644
--- a/selfservice/flow/recovery/error.go
+++ b/selfservice/flow/recovery/error.go
@@ -86,7 +86,7 @@ func (s *ErrorHandler) WriteFlowError(
 			return
 		}
 
-		a.UI.Messages.Add(text.NewErrorValidationRecoveryFlowExpired(e.Ago))
+		a.UI.Messages.Add(text.NewErrorValidationRecoveryFlowExpired(e.ExpiredAt))
 		if err := s.d.RecoveryFlowPersister().CreateRecoveryFlow(r.Context(), a); err != nil {
 			s.forward(w, r, a, err)
 			return
diff --git a/selfservice/flow/registration/error.go b/selfservice/flow/registration/error.go
index 41cfadd8adf3..43d1f45bf66a 100644
--- a/selfservice/flow/registration/error.go
+++ b/selfservice/flow/registration/error.go
@@ -55,7 +55,7 @@ func (s *ErrorHandler) PrepareReplacementForExpiredFlow(w http.ResponseWriter, r
 		return nil, err
 	}
 
-	a.UI.Messages.Add(text.NewErrorValidationRegistrationFlowExpired(e.Ago))
+	a.UI.Messages.Add(text.NewErrorValidationRegistrationFlowExpired(e.ExpiredAt))
 	if err := s.d.RegistrationFlowPersister().UpdateRegistrationFlow(r.Context(), a); err != nil {
 		return nil, err
 	}
diff --git a/selfservice/flow/settings/error.go b/selfservice/flow/settings/error.go
index 86b20be7fa73..168b0ee857a7 100644
--- a/selfservice/flow/settings/error.go
+++ b/selfservice/flow/settings/error.go
@@ -104,7 +104,7 @@ func (s *ErrorHandler) PrepareReplacementForExpiredFlow(w http.ResponseWriter, r
 		return nil, err
 	}
 
-	a.UI.Messages.Add(text.NewErrorValidationSettingsFlowExpired(e.Ago))
+	a.UI.Messages.Add(text.NewErrorValidationSettingsFlowExpired(e.ExpiredAt))
 	if err := s.d.SettingsFlowPersister().UpdateSettingsFlow(r.Context(), a); err != nil {
 		return nil, err
 	}
diff --git a/selfservice/flow/verification/error.go b/selfservice/flow/verification/error.go
index 9d50f9623f1d..85470b19b235 100644
--- a/selfservice/flow/verification/error.go
+++ b/selfservice/flow/verification/error.go
@@ -75,7 +75,7 @@ func (s *ErrorHandler) WriteFlowError(
 			return
 		}
 
-		a.UI.Messages.Add(text.NewErrorValidationVerificationFlowExpired(e.Ago))
+		a.UI.Messages.Add(text.NewErrorValidationVerificationFlowExpired(e.ExpiredAt))
 		if err := s.d.VerificationFlowPersister().CreateVerificationFlow(r.Context(), a); err != nil {
 			s.forward(w, r, a, err)
 			return
diff --git a/selfservice/strategy/code/strategy_recovery.go b/selfservice/strategy/code/strategy_recovery.go
index 3e2f26bd7317..4e522374edaf 100644
--- a/selfservice/strategy/code/strategy_recovery.go
+++ b/selfservice/strategy/code/strategy_recovery.go
@@ -460,7 +460,7 @@ func (s *Strategy) retryRecoveryFlowWithError(w http.ResponseWriter, r *http.Req
 	config := s.deps.Config()
 
 	if expired := new(flow.ExpiredError); errors.As(recErr, &expired) {
-		return s.retryRecoveryFlowWithMessage(w, r, ft, text.NewErrorValidationRecoveryFlowExpired(expired.Ago))
+		return s.retryRecoveryFlowWithMessage(w, r, ft, text.NewErrorValidationRecoveryFlowExpired(expired.ExpiredAt))
 	}
 
 	f, err := recovery.NewFlow(config, config.SelfServiceFlowRecoveryRequestLifespan(ctx), s.deps.CSRFHandler().RegenerateToken(w, r), r, s, ft)
diff --git a/selfservice/strategy/link/strategy_recovery.go b/selfservice/strategy/link/strategy_recovery.go
index 007b2194c25d..5fd720dbff51 100644
--- a/selfservice/strategy/link/strategy_recovery.go
+++ b/selfservice/strategy/link/strategy_recovery.go
@@ -381,7 +381,7 @@ func (s *Strategy) retryRecoveryFlowWithError(w http.ResponseWriter, r *http.Req
 	}
 
 	if expired := new(flow.ExpiredError); errors.As(recErr, &expired) {
-		return s.retryRecoveryFlowWithMessage(w, r, ft, text.NewErrorValidationRecoveryFlowExpired(expired.Ago))
+		return s.retryRecoveryFlowWithMessage(w, r, ft, text.NewErrorValidationRecoveryFlowExpired(expired.ExpiredAt))
 	} else {
 		if err := req.UI.ParseError(node.LinkGroup, recErr); err != nil {
 			return err
diff --git a/selfservice/strategy/link/strategy_verification.go b/selfservice/strategy/link/strategy_verification.go
index 9815abcaf3f4..3dab75f92613 100644
--- a/selfservice/strategy/link/strategy_verification.go
+++ b/selfservice/strategy/link/strategy_verification.go
@@ -286,7 +286,7 @@ func (s *Strategy) retryVerificationFlowWithError(w http.ResponseWriter, r *http
 	}
 
 	if expired := new(flow.ExpiredError); errors.As(verErr, &expired) {
-		return s.retryVerificationFlowWithMessage(w, r, ft, text.NewErrorValidationVerificationFlowExpired(expired.Ago))
+		return s.retryVerificationFlowWithMessage(w, r, ft, text.NewErrorValidationVerificationFlowExpired(expired.ExpiredAt))
 	} else {
 		if err := f.UI.ParseError(node.LinkGroup, verErr); err != nil {
 			return err
diff --git a/selfservice/strategy/password/login_test.go b/selfservice/strategy/password/login_test.go
index b1ea33df3c73..746df44733fd 100644
--- a/selfservice/strategy/password/login_test.go
+++ b/selfservice/strategy/password/login_test.go
@@ -198,7 +198,7 @@ func TestCompleteLogin(t *testing.T) {
 			actual, res := testhelpers.LoginMakeRequest(t, true, false, f, apiClient, testhelpers.EncodeFormAsJSON(t, true, values))
 			assert.Contains(t, res.Request.URL.String(), publicTS.URL+login.RouteSubmitFlow)
 			assert.NotEqual(t, "00000000-0000-0000-0000-000000000000", gjson.Get(actual, "use_flow_id").String())
-			assertx.EqualAsJSONExcept(t, flow.NewFlowExpiredError(time.Now()), json.RawMessage(actual), []string{"use_flow_id", "since"}, "expired", "%s", actual)
+			assertx.EqualAsJSONExcept(t, flow.NewFlowExpiredError(time.Now()), json.RawMessage(actual), []string{"use_flow_id", "since", "expired_at"}, "expired", "%s", actual)
 		})
 
 		t.Run("type=browser", func(t *testing.T) {
@@ -220,7 +220,7 @@ func TestCompleteLogin(t *testing.T) {
 			actual, res := testhelpers.LoginMakeRequest(t, false, true, f, apiClient, testhelpers.EncodeFormAsJSON(t, true, values))
 			assert.Contains(t, res.Request.URL.String(), publicTS.URL+login.RouteSubmitFlow)
 			assert.NotEqual(t, "00000000-0000-0000-0000-000000000000", gjson.Get(actual, "use_flow_id").String())
-			assertx.EqualAsJSONExcept(t, flow.NewFlowExpiredError(time.Now()), json.RawMessage(actual), []string{"use_flow_id", "since"}, "expired", "%s", actual)
+			assertx.EqualAsJSONExcept(t, flow.NewFlowExpiredError(time.Now()), json.RawMessage(actual), []string{"use_flow_id", "since", "expired_at"}, "expired", "%s", actual)
 		})
 	})
 
diff --git a/text/message_login.go b/text/message_login.go
index 2543ab78edfc..3f268afd95e2 100644
--- a/text/message_login.go
+++ b/text/message_login.go
@@ -106,13 +106,13 @@ func NewInfoLoginWith(provider string) *Message {
 	}
 }
 
-func NewErrorValidationLoginFlowExpired(ago time.Duration) *Message {
+func NewErrorValidationLoginFlowExpired(expiredAt time.Time) *Message {
 	return &Message{
 		ID:   ErrorValidationLoginFlowExpired,
-		Text: fmt.Sprintf("The login flow expired %.2f minutes ago, please try again.", ago.Minutes()),
+		Text: fmt.Sprintf("The login flow expired %.2f minutes ago, please try again.", Now().Sub(expiredAt).Minutes()),
 		Type: Error,
 		Context: context(map[string]interface{}{
-			"expired_at": Now().UTC().Add(ago),
+			"expired_at": expiredAt,
 		}),
 	}
 }
diff --git a/text/message_recovery.go b/text/message_recovery.go
index 0ac63807e820..fb565a4c5cec 100644
--- a/text/message_recovery.go
+++ b/text/message_recovery.go
@@ -5,13 +5,13 @@ import (
 	"time"
 )
 
-func NewErrorValidationRecoveryFlowExpired(ago time.Duration) *Message {
+func NewErrorValidationRecoveryFlowExpired(expiredAt time.Time) *Message {
 	return &Message{
 		ID:   ErrorValidationRecoveryFlowExpired,
-		Text: fmt.Sprintf("The recovery flow expired %.2f minutes ago, please try again.", ago.Minutes()),
+		Text: fmt.Sprintf("The recovery flow expired %.2f minutes ago, please try again.", (-Until(expiredAt)).Minutes()),
 		Type: Error,
 		Context: context(map[string]interface{}{
-			"expired_at": Now().UTC().Add(ago),
+			"expired_at": expiredAt,
 		}),
 	}
 }
diff --git a/text/message_registration.go b/text/message_registration.go
index 56c06ebcaea7..53820640d91b 100644
--- a/text/message_registration.go
+++ b/text/message_registration.go
@@ -33,13 +33,13 @@ func NewInfoRegistrationContinue() *Message {
 	}
 }
 
-func NewErrorValidationRegistrationFlowExpired(ago time.Duration) *Message {
+func NewErrorValidationRegistrationFlowExpired(expiredAt time.Time) *Message {
 	return &Message{
 		ID:   ErrorValidationRegistrationFlowExpired,
-		Text: fmt.Sprintf("The registration flow expired %.2f minutes ago, please try again.", ago.Minutes()),
+		Text: fmt.Sprintf("The registration flow expired %.2f minutes ago, please try again.", (-Until(expiredAt)).Minutes()),
 		Type: Error,
 		Context: context(map[string]interface{}{
-			"expired_at": Now().UTC().Add(ago),
+			"expired_at": expiredAt,
 		}),
 	}
 }
diff --git a/text/message_settings.go b/text/message_settings.go
index 9b2a95a1236e..08611c95fe7f 100644
--- a/text/message_settings.go
+++ b/text/message_settings.go
@@ -6,13 +6,13 @@ import (
 	"time"
 )
 
-func NewErrorValidationSettingsFlowExpired(ago time.Duration) *Message {
+func NewErrorValidationSettingsFlowExpired(expiredAt time.Time) *Message {
 	return &Message{
 		ID:   ErrorValidationSettingsFlowExpired,
-		Text: fmt.Sprintf("The settings flow expired %.2f minutes ago, please try again.", ago.Minutes()),
+		Text: fmt.Sprintf("The settings flow expired %.2f minutes ago, please try again.", (-Until(expiredAt)).Minutes()),
 		Type: Error,
 		Context: context(map[string]interface{}{
-			"expired_at": Now().UTC().Add(ago),
+			"expired_at": expiredAt,
 		}),
 	}
 }
diff --git a/text/message_verification.go b/text/message_verification.go
index 2e7a1b54f498..4c7885392ab6 100644
--- a/text/message_verification.go
+++ b/text/message_verification.go
@@ -5,13 +5,13 @@ import (
 	"time"
 )
 
-func NewErrorValidationVerificationFlowExpired(ago time.Duration) *Message {
+func NewErrorValidationVerificationFlowExpired(expiredAt time.Time) *Message {
 	return &Message{
 		ID:   ErrorValidationVerificationFlowExpired,
-		Text: fmt.Sprintf("The verification flow expired %.2f minutes ago, please try again.", ago.Minutes()),
+		Text: fmt.Sprintf("The verification flow expired %.2f minutes ago, please try again.", (-Until(expiredAt)).Minutes()),
 		Type: Error,
 		Context: context(map[string]interface{}{
-			"expired_at": Now().UTC().Add(ago),
+			"expired_at": expiredAt,
 		}),
 	}
 }

From 816b029ed9015a670df9a931ecf3080700a42c35 Mon Sep 17 00:00:00 2001
From: ory-bot <60093411+ory-bot@users.noreply.github.com>
Date: Tue, 25 Oct 2022 09:11:05 +0000
Subject: [PATCH 309/411] autogen(openapi): regenerate swagger spec and
 internal client

[skip ci]
---
 internal/httpclient/api/openapi.yaml          |  4 ++
 .../docs/SelfServiceFlowExpiredError.md       | 26 +++++++++++++
 .../model_self_service_flow_expired_error.go  | 38 +++++++++++++++++++
 spec/api.json                                 |  5 +++
 spec/swagger.json                             |  5 +++
 5 files changed, 78 insertions(+)

diff --git a/internal/httpclient/api/openapi.yaml b/internal/httpclient/api/openapi.yaml
index 5d2a2c59d54d..1f83d9cb56d8 100644
--- a/internal/httpclient/api/openapi.yaml
+++ b/internal/httpclient/api/openapi.yaml
@@ -3911,6 +3911,10 @@ components:
           additionalProperties: {}
           description: Further error details
           type: object
+        expired_at:
+          description: When the flow has expired
+          format: date-time
+          type: string
         id:
           description: |-
             The error ID
diff --git a/internal/httpclient/docs/SelfServiceFlowExpiredError.md b/internal/httpclient/docs/SelfServiceFlowExpiredError.md
index 58b490b11469..8cef11b986e3 100644
--- a/internal/httpclient/docs/SelfServiceFlowExpiredError.md
+++ b/internal/httpclient/docs/SelfServiceFlowExpiredError.md
@@ -7,6 +7,7 @@ Name | Type | Description | Notes
 **Code** | Pointer to **int64** | The status code | [optional] 
 **Debug** | Pointer to **string** | Debug information  This field is often not exposed to protect against leaking sensitive information. | [optional] 
 **Details** | Pointer to **map[string]interface{}** | Further error details | [optional] 
+**ExpiredAt** | Pointer to **time.Time** | When the flow has expired | [optional] 
 **Id** | Pointer to **string** | The error ID  Useful when trying to identify various errors in application logic. | [optional] 
 **Message** | **string** | Error message  The error's message. | 
 **Reason** | Pointer to **string** | A human-readable reason for the error | [optional] 
@@ -109,6 +110,31 @@ SetDetails sets Details field to given value.
 
 HasDetails returns a boolean if a field has been set.
 
+### GetExpiredAt
+
+`func (o *SelfServiceFlowExpiredError) GetExpiredAt() time.Time`
+
+GetExpiredAt returns the ExpiredAt field if non-nil, zero value otherwise.
+
+### GetExpiredAtOk
+
+`func (o *SelfServiceFlowExpiredError) GetExpiredAtOk() (*time.Time, bool)`
+
+GetExpiredAtOk returns a tuple with the ExpiredAt field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetExpiredAt
+
+`func (o *SelfServiceFlowExpiredError) SetExpiredAt(v time.Time)`
+
+SetExpiredAt sets ExpiredAt field to given value.
+
+### HasExpiredAt
+
+`func (o *SelfServiceFlowExpiredError) HasExpiredAt() bool`
+
+HasExpiredAt returns a boolean if a field has been set.
+
 ### GetId
 
 `func (o *SelfServiceFlowExpiredError) GetId() string`
diff --git a/internal/httpclient/model_self_service_flow_expired_error.go b/internal/httpclient/model_self_service_flow_expired_error.go
index bf1d7c9da208..49d179f56a66 100644
--- a/internal/httpclient/model_self_service_flow_expired_error.go
+++ b/internal/httpclient/model_self_service_flow_expired_error.go
@@ -13,6 +13,7 @@ package client
 
 import (
 	"encoding/json"
+	"time"
 )
 
 // SelfServiceFlowExpiredError Is sent when a flow is expired
@@ -23,6 +24,8 @@ type SelfServiceFlowExpiredError struct {
 	Debug *string `json:"debug,omitempty"`
 	// Further error details
 	Details map[string]interface{} `json:"details,omitempty"`
+	// When the flow has expired
+	ExpiredAt *time.Time `json:"expired_at,omitempty"`
 	// The error ID  Useful when trying to identify various errors in application logic.
 	Id *string `json:"id,omitempty"`
 	// Error message  The error's message.
@@ -153,6 +156,38 @@ func (o *SelfServiceFlowExpiredError) SetDetails(v map[string]interface{}) {
 	o.Details = v
 }
 
+// GetExpiredAt returns the ExpiredAt field value if set, zero value otherwise.
+func (o *SelfServiceFlowExpiredError) GetExpiredAt() time.Time {
+	if o == nil || o.ExpiredAt == nil {
+		var ret time.Time
+		return ret
+	}
+	return *o.ExpiredAt
+}
+
+// GetExpiredAtOk returns a tuple with the ExpiredAt field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *SelfServiceFlowExpiredError) GetExpiredAtOk() (*time.Time, bool) {
+	if o == nil || o.ExpiredAt == nil {
+		return nil, false
+	}
+	return o.ExpiredAt, true
+}
+
+// HasExpiredAt returns a boolean if a field has been set.
+func (o *SelfServiceFlowExpiredError) HasExpiredAt() bool {
+	if o != nil && o.ExpiredAt != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetExpiredAt gets a reference to the given time.Time and assigns it to the ExpiredAt field.
+func (o *SelfServiceFlowExpiredError) SetExpiredAt(v time.Time) {
+	o.ExpiredAt = &v
+}
+
 // GetId returns the Id field value if set, zero value otherwise.
 func (o *SelfServiceFlowExpiredError) GetId() string {
 	if o == nil || o.Id == nil {
@@ -380,6 +415,9 @@ func (o SelfServiceFlowExpiredError) MarshalJSON() ([]byte, error) {
 	if o.Details != nil {
 		toSerialize["details"] = o.Details
 	}
+	if o.ExpiredAt != nil {
+		toSerialize["expired_at"] = o.ExpiredAt
+	}
 	if o.Id != nil {
 		toSerialize["id"] = o.Id
 	}
diff --git a/spec/api.json b/spec/api.json
index 351803305209..ced7ae677767 100755
--- a/spec/api.json
+++ b/spec/api.json
@@ -892,6 +892,11 @@
             "description": "Further error details",
             "type": "object"
           },
+          "expired_at": {
+            "description": "When the flow has expired",
+            "format": "date-time",
+            "type": "string"
+          },
           "id": {
             "description": "The error ID\n\nUseful when trying to identify various errors in application logic.",
             "type": "string"
diff --git a/spec/swagger.json b/spec/swagger.json
index f78bd655008c..5395823b09f6 100755
--- a/spec/swagger.json
+++ b/spec/swagger.json
@@ -3463,6 +3463,11 @@
           "type": "object",
           "additionalProperties": {}
         },
+        "expired_at": {
+          "description": "When the flow has expired",
+          "type": "string",
+          "format": "date-time"
+        },
         "id": {
           "description": "The error ID\n\nUseful when trying to identify various errors in application logic.",
           "type": "string"

From 7c6eb2a5128c6bc76ac7306edafaa54c4893ea82 Mon Sep 17 00:00:00 2001
From: hackerman <3372410+aeneasr@users.noreply.github.com>
Date: Wed, 26 Oct 2022 09:55:49 +0200
Subject: [PATCH 310/411] feat: OAuth2 integration (#2804)

This feature allows Ory Kratos to act as a login provider for Ory Hydra using the `oauth2_provider.url` configuration value.

Closes https://github.com/ory/kratos/issues/273
Closes https://github.com/ory/kratos/discussions/2293
See https://github.com/ory/kratos-selfservice-ui-node/pull/50
See https://github.com/ory/kratos-selfservice-ui-node/pull/68
See https://github.com/ory/kratos-selfservice-ui-node/pull/108
See https://github.com/ory/kratos-selfservice-ui-node/pull/111
See https://github.com/ory/kratos-selfservice-ui-node/pull/149
See https://github.com/ory/kratos-selfservice-ui-node/pull/170
See https://github.com/ory/kratos-selfservice-ui-node/pull/198
See https://github.com/ory/kratos-selfservice-ui-node/pull/207
---
 .github/workflows/cve-scan.yaml               |    2 +-
 .schema/openapi/patches/nulls.yaml            |   43 +
 Makefile                                      |    1 +
 driver/config/config.go                       |   35 +-
 driver/config/config_test.go                  |   17 +
 .../config/stub/.kratos.oauth2_provider.yaml  |    4 +
 driver/registry_default.go                    |   15 +
 embedx/config.schema.json                     |   58 +-
 go.mod                                        |    3 +-
 go.sum                                        |    7 +-
 hydra/fake.go                                 |   45 +
 hydra/hydra.go                                |  138 ++
 hydra/hydra_test.go                           |  100 ++
 internal/httpclient/.openapi-generator/FILES  |    6 +
 internal/httpclient/README.md                 |    3 +
 internal/httpclient/api/openapi.yaml          |  768 +++++++++-
 internal/httpclient/api_v0alpha2.go           |   42 +-
 internal/httpclient/docs/LoginRequest.md      |  264 ++++
 internal/httpclient/docs/OAuth2Client.md      |  940 ++++++++++++
 .../httpclient/docs/OpenIDConnectContext.md   |  160 ++
 .../httpclient/docs/SelfServiceLoginFlow.md   |   62 +
 .../docs/SelfServiceRegistrationFlow.md       |   62 +
 internal/httpclient/docs/V0alpha2Api.md       |   12 +-
 internal/httpclient/model_login_request.go    |  407 +++++
 internal/httpclient/model_o_auth2_client.go   | 1364 +++++++++++++++++
 .../model_open_id_connect_context.go          |  263 ++++
 .../model_self_service_login_flow.go          |   85 +-
 .../model_self_service_registration_flow.go   |   85 +-
 internal/registrationhelpers/helpers.go       |   24 +-
 internal/testhelpers/http.go                  |   25 +
 internal/testhelpers/selfservice_login.go     |   35 +-
 .../testhelpers/selfservice_registration.go   |   18 +-
 package-lock.json                             |  787 +++++-----
 package.json                                  |    3 +-
 .../0bc96cc9-dda4-4700-9e42-35731f2af91e.json |    1 +
 .../1fb23c75-b809-42cc-8984-6ca2d0a1192f.json |    1 +
 .../202c1981-1e25-47f0-8764-75ad506c2bec.json |    1 +
 .../349c945a-60f8-436a-a301-7a42c92604f9.json |   17 +
 .../38caf592-b042-4551-b92f-8d5223c2a4e2.json |    1 +
 .../3a9ea34f-0f12-469b-9417-3ae5795a7baa.json |    1 +
 .../43c99182-bb67-47e1-b564-bb23bd8d4393.json |    1 +
 .../47edd3a8-0998-4779-9469-f4b8ee4430df.json |    1 +
 .../56d94e8b-8a5d-4b7f-8a6e-3259d2b2903e.json |    1 +
 .../6d387820-f2f4-4f9f-9980-a90d89e7811f.json |    1 +
 .../916ded11-aa64-4a27-b06e-96e221a509d7.json |    1 +
 .../99974ce6-388c-4669-a95a-7757ee724020.json |    1 +
 .../b1fac7fb-d016-4a06-a7fe-e4eab2a0429f.json |    1 +
 .../d6aa1f23-88c9-4b9b-a850-392f48c7f9e8.json |    1 +
 .../05a7f09d-4ef3-41fb-958a-6ad74584b36a.json |    1 +
 .../22d58184-b97d-44a5-bbaf-0aa8b4000d81.json |    1 +
 .../2bf132e0-5d40-4df9-9a11-9106e5333735.json |    1 +
 .../696e7022-c466-44f6-89c6-8cf93c06a62a.json |    1 +
 .../87fa3f43-5155-42b4-a1ad-174c2595fdaf.json |    1 +
 .../8ef215a9-e8d5-43b3-9aa3-cb4333562e36.json |    1 +
 .../8f32efdc-f6fc-4c27-a3c2-579d109eff60.json |    1 +
 .../9edcf051-1cd0-44cc-bd2f-6ac21f0c24dd.json |    1 +
 .../e2150cdc-23ac-4940-a240-6c79c27ab029.json |    1 +
 .../ef18b06e-4700-4021-9949-ef783cd86be8.json |   14 +
 .../f1b5ed18-113a-4a98-aae7-d4eba007199c.json |    1 +
 .../testdata/20220607000001_testdata.sql      |   11 +
 ...0_hydra_login_challenge.cockroach.down.sql |    2 +
 ...000_hydra_login_challenge.cockroach.up.sql |    2 +
 ...00000_hydra_login_challenge.mysql.down.sql |    2 +
 ...1000000_hydra_login_challenge.mysql.up.sql |    2 +
 ...00_hydra_login_challenge.postgres.down.sql |    2 +
 ...0000_hydra_login_challenge.postgres.up.sql |    2 +
 ...000_hydra_login_challenge.sqlite3.down.sql |    2 +
 ...00000_hydra_login_challenge.sqlite3.up.sql |    2 +
 request/builder_test.go                       |    4 +-
 request/config.go                             |    4 +-
 selfservice/flow/login/export_test.go         |   11 +
 selfservice/flow/login/flow.go                |   27 +-
 selfservice/flow/login/flow_test.go           |   13 +
 selfservice/flow/login/handler.go             |  104 +-
 selfservice/flow/login/handler_test.go        |   15 +
 selfservice/flow/login/hook.go                |   43 +-
 selfservice/flow/login/hook_test.go           |    6 +
 selfservice/flow/registration/flow.go         |   29 +-
 selfservice/flow/registration/flow_test.go    |   12 +
 selfservice/flow/registration/handler.go      |   49 +-
 selfservice/flow/registration/hook.go         |   14 +-
 selfservice/strategy/lookup/login_test.go     |    2 +-
 .../strategy/oidc/strategy_helper_test.go     |   24 -
 .../strategy/oidc/strategy_registration.go    |    2 +-
 selfservice/strategy/oidc/strategy_test.go    |    6 +-
 selfservice/strategy/password/login_test.go   |   89 +-
 .../strategy/password/op_login_test.go        |  338 ++++
 .../strategy/password/op_registration_test.go |  276 ++++
 .../strategy/password/registration_test.go    |    8 +-
 selfservice/strategy/totp/login_test.go       |    8 +-
 ...ebauthn_login_is_invalid-type=browser.json |    1 +
 ...if_webauthn_login_is_invalid-type=spa.json |    1 +
 selfservice/strategy/webauthn/login_test.go   |   15 +-
 .../strategy/webauthn/registration_test.go    |    6 +-
 session/manager.go                            |   18 +-
 session/manager_test.go                       |   24 +-
 spec/api.json                                 |  309 +++-
 spec/swagger.json                             |  283 +++-
 test/e2e/cypress/helpers/httpbin.ts           |   36 +
 test/e2e/cypress/helpers/oauth2.ts            |  101 ++
 .../profiles/oidc-provider/error.spec.ts      |   34 +
 .../profiles/oidc-provider/login.spec.ts      |  144 ++
 .../profiles/oidc-provider/mfa.spec.ts        |  155 ++
 .../oidc-provider/registration.spec.ts        |   65 +
 .../e2e/hydra-kratos-login-consent/.gitignore |    1 +
 test/e2e/hydra-kratos-login-consent/go.mod    |   14 +
 test/e2e/hydra-kratos-login-consent/go.sum    | 1249 +++++++++++++++
 test/e2e/hydra-kratos-login-consent/main.go   |  183 +++
 test/e2e/mock/webhook/go.mod                  |    2 +-
 test/e2e/mock/webhook/go.sum                  |    4 +-
 test/e2e/package-lock.json                    |  186 ++-
 test/e2e/package.json                         |    2 +-
 .../profiles/oidc-provider-mfa/.kratos.yml    |   54 +
 .../identity.traits.schema.json               |   57 +
 test/e2e/profiles/oidc-provider/.kratos.yml   |   41 +
 .../oidc-provider/identity.traits.schema.json |   57 +
 test/e2e/run.sh                               |   64 +-
 .../root.courierSMS.yaml                      |    2 +-
 118 files changed, 9503 insertions(+), 653 deletions(-)
 create mode 100644 .schema/openapi/patches/nulls.yaml
 create mode 100644 driver/config/stub/.kratos.oauth2_provider.yaml
 create mode 100644 hydra/fake.go
 create mode 100644 hydra/hydra.go
 create mode 100644 hydra/hydra_test.go
 create mode 100644 internal/httpclient/docs/LoginRequest.md
 create mode 100644 internal/httpclient/docs/OAuth2Client.md
 create mode 100644 internal/httpclient/docs/OpenIDConnectContext.md
 create mode 100644 internal/httpclient/model_login_request.go
 create mode 100644 internal/httpclient/model_o_auth2_client.go
 create mode 100644 internal/httpclient/model_open_id_connect_context.go
 create mode 100644 persistence/sql/migratest/fixtures/login_flow/349c945a-60f8-436a-a301-7a42c92604f9.json
 create mode 100644 persistence/sql/migratest/fixtures/registration_flow/ef18b06e-4700-4021-9949-ef783cd86be8.json
 create mode 100644 persistence/sql/migratest/testdata/20220607000001_testdata.sql
 create mode 100644 persistence/sql/migrations/sql/20220607000001000000_hydra_login_challenge.cockroach.down.sql
 create mode 100644 persistence/sql/migrations/sql/20220607000001000000_hydra_login_challenge.cockroach.up.sql
 create mode 100644 persistence/sql/migrations/sql/20220607000001000000_hydra_login_challenge.mysql.down.sql
 create mode 100644 persistence/sql/migrations/sql/20220607000001000000_hydra_login_challenge.mysql.up.sql
 create mode 100644 persistence/sql/migrations/sql/20220607000001000000_hydra_login_challenge.postgres.down.sql
 create mode 100644 persistence/sql/migrations/sql/20220607000001000000_hydra_login_challenge.postgres.up.sql
 create mode 100644 persistence/sql/migrations/sql/20220607000001000000_hydra_login_challenge.sqlite3.down.sql
 create mode 100644 persistence/sql/migrations/sql/20220607000001000000_hydra_login_challenge.sqlite3.up.sql
 create mode 100644 selfservice/flow/login/export_test.go
 create mode 100644 selfservice/strategy/password/op_login_test.go
 create mode 100644 selfservice/strategy/password/op_registration_test.go
 create mode 100644 test/e2e/cypress/helpers/httpbin.ts
 create mode 100644 test/e2e/cypress/helpers/oauth2.ts
 create mode 100644 test/e2e/cypress/integration/profiles/oidc-provider/error.spec.ts
 create mode 100644 test/e2e/cypress/integration/profiles/oidc-provider/login.spec.ts
 create mode 100644 test/e2e/cypress/integration/profiles/oidc-provider/mfa.spec.ts
 create mode 100644 test/e2e/cypress/integration/profiles/oidc-provider/registration.spec.ts
 create mode 100644 test/e2e/hydra-kratos-login-consent/.gitignore
 create mode 100644 test/e2e/hydra-kratos-login-consent/go.mod
 create mode 100644 test/e2e/hydra-kratos-login-consent/go.sum
 create mode 100644 test/e2e/hydra-kratos-login-consent/main.go
 create mode 100644 test/e2e/profiles/oidc-provider-mfa/.kratos.yml
 create mode 100644 test/e2e/profiles/oidc-provider-mfa/identity.traits.schema.json
 create mode 100644 test/e2e/profiles/oidc-provider/.kratos.yml
 create mode 100644 test/e2e/profiles/oidc-provider/identity.traits.schema.json

diff --git a/.github/workflows/cve-scan.yaml b/.github/workflows/cve-scan.yaml
index 91cee707752e..63bb103aa715 100644
--- a/.github/workflows/cve-scan.yaml
+++ b/.github/workflows/cve-scan.yaml
@@ -42,7 +42,7 @@ jobs:
           acs-report-enable: true
       - name: Anchore upload scan SARIF report
         if: always()
-        uses: github/codeql-action/upload-sarif@v1
+        uses: github/codeql-action/upload-sarif@v2
         with:
           sarif_file: ${{ steps.grype-scan.outputs.sarif }}
       - name: Trivy Scanner
diff --git a/.schema/openapi/patches/nulls.yaml b/.schema/openapi/patches/nulls.yaml
new file mode 100644
index 000000000000..30bf028772f6
--- /dev/null
+++ b/.schema/openapi/patches/nulls.yaml
@@ -0,0 +1,43 @@
+- op: replace
+  path: "#/components/schemas/NullUUID"
+  value:
+    type: string
+    format: uuid4
+    nullable: true
+- op: replace
+  path: "#/components/schemas/NullTime"
+  value:
+    format: date-time
+    type: string
+    nullable: true
+- op: replace
+  path: "#/components/schemas/Time"
+  value:
+    format: date-time
+    type: string
+- op: replace
+  path: "#/components/schemas/NullString"
+  value:
+    type: string
+    nullable: true
+- op: replace
+  path: "#/components/schemas/NullBool"
+  value:
+    type: boolean
+    nullable: true
+- op: replace
+  path: "#/components/schemas/NullInt"
+  value:
+    type: integer
+    nullable: true
+- op: replace
+  path: "#/components/schemas/nullInt64"
+  value:
+    type: integer
+    nullable: true
+- op: replace
+  path: "#/components/schemas/nullDuration"
+  value:
+    type: string
+    nullable: true
+    pattern: ^[0-9]+(ns|us|ms|s|m|h)$
diff --git a/Makefile b/Makefile
index 5fc2f9f86aef..5ebd191226d1 100644
--- a/Makefile
+++ b/Makefile
@@ -105,6 +105,7 @@ sdk: .bin/swagger .bin/ory node_modules
 			-p file://.schema/openapi/patches/identity.yaml \
 			-p file://.schema/openapi/patches/courier.yaml \
 			-p file://.schema/openapi/patches/generic_error.yaml \
+			-p file://.schema/openapi/patches/nulls.yaml \
 			-p file://.schema/openapi/patches/common.yaml \
 			spec/swagger.json spec/api.json
 
diff --git a/driver/config/config.go b/driver/config/config.go
index 3e6b52ae3e0a..d70ec3113d27 100644
--- a/driver/config/config.go
+++ b/driver/config/config.go
@@ -179,6 +179,8 @@ const (
 	ViperKeyWebAuthnRPOrigin                                 = "selfservice.methods.webauthn.config.rp.origin"
 	ViperKeyWebAuthnRPIcon                                   = "selfservice.methods.webauthn.config.rp.issuer"
 	ViperKeyWebAuthnPasswordless                             = "selfservice.methods.webauthn.config.passwordless"
+	ViperKeyOAuth2ProviderURL                                = "oauth2_provider.url"
+	ViperKeyOAuth2ProviderHeader                             = "oauth2_provider.headers"
 	ViperKeyClientHTTPNoPrivateIPRanges                      = "clients.http.disallow_private_ip_ranges"
 	ViperKeyClientHTTPPrivateIPExceptionURLs                 = "clients.http.private_ip_exception_urls"
 	ViperKeyVersion                                          = "version"
@@ -848,6 +850,37 @@ func (p *Config) CourierSMTPURL(ctx context.Context) *url.URL {
 	return p.ParseURIOrFail(ctx, ViperKeyCourierSMTPURL)
 }
 
+func (p *Config) OAuth2ProviderHeader(ctx context.Context) http.Header {
+	hh := map[string]string{}
+	if err := p.GetProvider(ctx).Unmarshal(ViperKeyOAuth2ProviderHeader, &hh); err != nil {
+		p.l.WithError(errors.WithStack(err)).
+			Errorf("Configuration value from key %s could not be decoded.", ViperKeyOAuth2ProviderHeader)
+		return nil
+	}
+
+	h := make(http.Header)
+	for k, v := range hh {
+		h.Set(k, v)
+	}
+
+	return h
+}
+
+func (p *Config) OAuth2ProviderURL(ctx context.Context) *url.URL {
+	k := ViperKeyOAuth2ProviderURL
+	v := p.GetProvider(ctx).String(k)
+	if v == "" {
+		return nil
+	}
+	parsed, err := p.ParseAbsoluteOrRelativeURI(v)
+	if err != nil {
+		p.l.WithError(errors.WithStack(err)).
+			Errorf("Configuration value from key %s is not a valid URL: %s", k, v)
+		return nil
+	}
+	return parsed
+}
+
 func (p *Config) SelfServiceFlowLoginUI(ctx context.Context) *url.URL {
 	return p.ParseAbsoluteOrRelativeURIOrFail(ctx, ViperKeySelfServiceLoginUI)
 }
@@ -868,7 +901,7 @@ func (p *Config) SelfServiceFlowRecoveryUI(ctx context.Context) *url.URL {
 	return p.ParseAbsoluteOrRelativeURIOrFail(ctx, ViperKeySelfServiceRecoveryUI)
 }
 
-// SessionLifespan returns nil when the value is not set.
+// SessionLifespan returns time.Hour*24 when the value is not set.
 func (p *Config) SessionLifespan(ctx context.Context) time.Duration {
 	return p.GetProvider(ctx).DurationF(ViperKeySessionLifespan, time.Hour*24)
 }
diff --git a/driver/config/config_test.go b/driver/config/config_test.go
index b1fbd3d8a849..89e904f39f9f 100644
--- a/driver/config/config_test.go
+++ b/driver/config/config_test.go
@@ -1119,6 +1119,23 @@ func TestCourierMessageTTL(t *testing.T) {
 	})
 }
 
+func TestOAuth2Provider(t *testing.T) {
+	ctx := context.Background()
+
+	t.Run("case=configs set", func(t *testing.T) {
+		conf, _ := config.New(ctx, logrusx.New("", ""), os.Stderr,
+			configx.WithConfigFiles("stub/.kratos.oauth2_provider.yaml"), configx.SkipValidation())
+		assert.Equal(t, "https://oauth2_provider/", conf.OAuth2ProviderURL(ctx).String())
+		assert.Equal(t, http.Header{"Authorization": {"Basic"}}, conf.OAuth2ProviderHeader(ctx))
+	})
+
+	t.Run("case=defaults", func(t *testing.T) {
+		conf, _ := config.New(ctx, logrusx.New("", ""), os.Stderr, configx.SkipValidation())
+		assert.Empty(t, conf.OAuth2ProviderURL(ctx))
+		assert.Empty(t, conf.OAuth2ProviderHeader(ctx))
+	})
+}
+
 func TestCourierTemplatesConfig(t *testing.T) {
 	ctx := context.Background()
 
diff --git a/driver/config/stub/.kratos.oauth2_provider.yaml b/driver/config/stub/.kratos.oauth2_provider.yaml
new file mode 100644
index 000000000000..e7548822aba7
--- /dev/null
+++ b/driver/config/stub/.kratos.oauth2_provider.yaml
@@ -0,0 +1,4 @@
+oauth2_provider:
+  url: https://oauth2_provider/
+  headers:
+    Authorization: Basic
diff --git a/driver/registry_default.go b/driver/registry_default.go
index 691854a0e3b5..2f0a7006c197 100644
--- a/driver/registry_default.go
+++ b/driver/registry_default.go
@@ -22,6 +22,7 @@ import (
 
 	"github.com/ory/nosurf"
 
+	"github.com/ory/kratos/hydra"
 	"github.com/ory/kratos/selfservice/strategy/code"
 	"github.com/ory/kratos/selfservice/strategy/webauthn"
 
@@ -146,6 +147,8 @@ type RegistryDefault struct {
 
 	selfserviceStrategies []interface{}
 
+	hydra hydra.Hydra
+
 	buildVersion string
 	buildHash    string
 	buildDate    string
@@ -517,6 +520,18 @@ func (m *RegistryDefault) SessionManager() session.Manager {
 	return m.sessionManager
 }
 
+func (m *RegistryDefault) Hydra() hydra.Hydra {
+	if m.hydra == nil {
+		m.hydra = hydra.NewDefaultHydra(m)
+	}
+	return m.hydra
+}
+
+func (m *RegistryDefault) WithHydra(h hydra.Hydra) Registry {
+	m.hydra = h
+	return m
+}
+
 func (m *RegistryDefault) SelfServiceErrorManager() *errorx.Manager {
 	if m.errorManager == nil {
 		m.errorManager = errorx.NewManager(m)
diff --git a/embedx/config.schema.json b/embedx/config.schema.json
index 60b4e8768949..35df9b500d01 100644
--- a/embedx/config.schema.json
+++ b/embedx/config.schema.json
@@ -230,8 +230,7 @@
           },
           "anyOf": [
             {
-              "not":
-              {
+              "not": {
                 "properties": {
                   "response": {
                     "properties": {
@@ -241,10 +240,14 @@
                         ]
                       }
                     },
-                    "required": ["ignore"]
+                    "required": [
+                      "ignore"
+                    ]
                   }
                 },
-                "required": ["response"]
+                "required": [
+                  "response"
+                ]
               }
             },
             {
@@ -255,7 +258,9 @@
                   ]
                 }
               },
-              "require": ["can_interrupt"]
+              "require": [
+                "can_interrupt"
+              ]
             }
           ],
           "additionalProperties": false,
@@ -1223,7 +1228,7 @@
                 },
                 "use": {
                   "title": "Recovery Strategy",
-                  "description":"The strategy to use for recovery requests",
+                  "description": "The strategy to use for recovery requests",
                   "type": "string",
                   "enum": [
                     "link",
@@ -1545,7 +1550,7 @@
         }
       }
     },
-    "database":  {
+    "database": {
       "type": "object",
       "title": "Database related configuration",
       "description": "Miscellaneous settings used in database related tasks (cleanup, etc.)",
@@ -1555,7 +1560,7 @@
           "title": "Database cleanup settings",
           "description": "Settings that controls how the database cleanup process is configured (delays, batch size, etc.)",
           "properties": {
-            "batch_size" : {
+            "batch_size": {
               "type": "integer",
               "title": "Number of records to clean in one iteration",
               "description": "Controls how many records should be purged from one table during database cleanup task",
@@ -1687,6 +1692,9 @@
               "title": "SMTP Headers",
               "description": "These headers will be passed in the SMTP conversation -- e.g. when using the AWS SES SMTP interface for cross-account sending.",
               "type": "object",
+              "additionalProperties": {
+                "type": "string"
+              },
               "examples": [
                 {
                   "X-SES-SOURCE-ARN": "arn:aws:ses:us-west-2:123456789012:identity/example.com",
@@ -1739,7 +1747,7 @@
                   "type": "string",
                   "description": "The HTTP method to use (GET, POST, etc)."
                 },
-                "header": {
+                "headers": {
                   "type": "object",
                   "description": "The HTTP headers that must be applied to request",
                   "additionalProperties": {
@@ -1788,6 +1796,36 @@
       ],
       "additionalProperties": false
     },
+    "oauth2_provider": {
+      "title": "OAuth2 Provider Configuration",
+      "type": "object",
+      "properties": {
+        "url": {
+          "title": "OAuth 2.0 Provider URL.",
+          "description": "If set, the login and registration flows will handle the Ory OAuth 2.0 & OpenID `login_challenge` query parameter to serve as an OpenID Connect Provider. This URL should point to Ory Hydra when you are not running on the Ory Network and be left untouched otherwise.",
+          "type": "string",
+          "format": "uri",
+          "examples": [
+            "https://some-slug.projects.oryapis.com",
+            "https://domain-of-ory-hydra:4445"
+          ]
+        },
+        "headers": {
+          "title": "HTTP Request Headers",
+          "description": "These headers will be passed in HTTP request to the OAuth2 Provider.",
+          "type": "object",
+          "additionalProperties": {
+            "type": "string"
+          },
+          "examples": [
+            {
+              "Authorization": "Bearer some-token"
+            }
+          ]
+        }
+      },
+      "additionalProperties": false
+    },
     "serve": {
       "type": "object",
       "properties": {
@@ -2318,7 +2356,7 @@
             },
             "persistent": {
               "title": "Make Session Cookie Persistent",
-              "description": "If set to true will persist the cookie in the end-user's browser using the `max-age` parameter which is set to the `session.lifespan` value. Persistent cookies are not deleted when the browser is closed (e.g. on reboot or alt+f4).",
+              "description": "If set to true will persist the cookie in the end-user's browser using the `max-age` parameter which is set to the `session.lifespan` value. Persistent cookies are not deleted when the browser is closed (e.g. on reboot or alt+f4). This option affects the Ory OAuth2 and OpenID Provider's remember feature as well.",
               "type": "boolean",
               "default": true
             },
diff --git a/go.mod b/go.mod
index 78d7d9e640c3..617fc5141441 100644
--- a/go.mod
+++ b/go.mod
@@ -72,11 +72,12 @@ require (
 	github.com/ory/go-convenience v0.1.0
 	github.com/ory/graceful v0.1.3
 	github.com/ory/herodot v0.9.13
+	github.com/ory/hydra-client-go v1.11.8
 	github.com/ory/jsonschema/v3 v3.0.7
 	github.com/ory/kratos-client-go v0.6.3-alpha.1
 	github.com/ory/mail/v3 v3.0.0
 	github.com/ory/nosurf v1.2.7
-	github.com/ory/x v0.0.480
+	github.com/ory/x v0.0.488
 	github.com/phayes/freeport v0.0.0-20180830031419-95f893ade6f2
 	github.com/pkg/errors v0.9.1
 	github.com/pquerna/otp v1.3.0
diff --git a/go.sum b/go.sum
index d7737cc3771e..30e8196a74ae 100644
--- a/go.sum
+++ b/go.sum
@@ -1370,6 +1370,8 @@ github.com/ory/graceful v0.1.3 h1:FaeXcHZh168WzS+bqruqWEw/HgXWLdNv2nJ+fbhxbhc=
 github.com/ory/graceful v0.1.3/go.mod h1:4zFz687IAF7oNHHiB586U4iL+/4aV09o/PYLE34t2bA=
 github.com/ory/herodot v0.9.13 h1:cN/Z4eOkErl/9W7hDIDLb79IO/bfsH+8yscBjRpB4IU=
 github.com/ory/herodot v0.9.13/go.mod h1:IWDs9kSvFQqw/cQ8zi5ksyYvITiUU4dI7glUrhZcJYo=
+github.com/ory/hydra-client-go v1.11.8 h1:GwJjvH/DBcfYzoST4vUpi4pIRzDGH5oODKpIVuhwVyc=
+github.com/ory/hydra-client-go v1.11.8/go.mod h1:4YuBuwUEC4yiyDrnKjGYc1tB3gUXan4ZiUYMjXJbfxA=
 github.com/ory/jsonschema/v3 v3.0.7 h1:GQ9qfZDiJqs4l2d3p56dozCChvejQFZyLKGHYzDzOSo=
 github.com/ory/jsonschema/v3 v3.0.7/go.mod h1:g8c8YOtN4TrR2wYeMdT02GDmzJDI0fEW2nI26BECafY=
 github.com/ory/mail v2.3.1+incompatible/go.mod h1:87D9/1gB6ewElQoN0lXJ0ayfqcj3cW3qCTXh+5E9mfU=
@@ -1381,8 +1383,8 @@ github.com/ory/sessions v1.2.2-0.20220110165800-b09c17334dc2 h1:zm6sDvHy/U9XrGpi
 github.com/ory/sessions v1.2.2-0.20220110165800-b09c17334dc2/go.mod h1:dk2InVEVJ0sfLlnXv9EAgkf6ecYs/i80K/zI+bUmuGM=
 github.com/ory/viper v1.7.5 h1:+xVdq7SU3e1vNaCsk/ixsfxE4zylk1TJUiJrY647jUE=
 github.com/ory/viper v1.7.5/go.mod h1:ypOuyJmEUb3oENywQZRgeAMwqgOyDqwboO1tj3DjTaM=
-github.com/ory/x v0.0.480 h1:IAflszUfmpy/bVnd8gxIgKuL9pL1oLjytxqCmAMC14o=
-github.com/ory/x v0.0.480/go.mod h1:w2gwqgw3XqKTxW8wURVxUFI2NuDyIC2rGxvEsnBJqjs=
+github.com/ory/x v0.0.488 h1:EQLqYLPwNfs9OW9GFrxDEO11oEmKpvveN1wuUfU8yOU=
+github.com/ory/x v0.0.488/go.mod h1:dJ800rWC2/eNECWhXMyI9kSd7lO2LTOu6R8oS0lQZ38=
 github.com/otiai10/copy v1.2.0/go.mod h1:rrF5dJ5F0t/EWSYODDu4j9/vEeYHMkc8jt0zJChqQWw=
 github.com/otiai10/curr v0.0.0-20150429015615-9b4961190c95/go.mod h1:9qAhocn7zKJG+0mI8eUu6xqkFDYS2kb2saOteoSB3cE=
 github.com/otiai10/curr v1.0.0/go.mod h1:LskTG5wDwr8Rs+nNQ+1LlxRjAtTZZjtJW4rMXl6j4vs=
@@ -2011,6 +2013,7 @@ golang.org/x/oauth2 v0.0.0-20201208152858-08078c50e5b5/go.mod h1:KelEdhl1UZF7XfJ
 golang.org/x/oauth2 v0.0.0-20210218202405-ba52d332ba99/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
 golang.org/x/oauth2 v0.0.0-20210220000619-9bb904979d93/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
 golang.org/x/oauth2 v0.0.0-20210313182246-cd4f82c27b84/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
+golang.org/x/oauth2 v0.0.0-20210323180902-22b0adad7558/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
 golang.org/x/oauth2 v0.0.0-20210413134643-5e61552d6c78/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
 golang.org/x/oauth2 v0.0.0-20210427180440-81ed05c6b58c/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
 golang.org/x/oauth2 v0.0.0-20210514164344-f6687ab2804c/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
diff --git a/hydra/fake.go b/hydra/fake.go
new file mode 100644
index 000000000000..be9b19958ebe
--- /dev/null
+++ b/hydra/fake.go
@@ -0,0 +1,45 @@
+package hydra
+
+import (
+	"context"
+	"errors"
+
+	"github.com/gofrs/uuid"
+
+	hydraclientgo "github.com/ory/hydra-client-go"
+	"github.com/ory/kratos/session"
+)
+
+const (
+	FAKE_GET_LOGIN_REQUEST_RETURN_NIL_NIL = "b805f2d9-2f6d-4745-9d68-a17f48e25774"
+	FAKE_ACCEPT_REQUEST_FAIL              = "2e98454e-031b-4870-9ad6-8517df1ce604"
+	FAKE_SUCCESS                          = "5ff59a39-ecc5-467e-bb10-26644c0700ee"
+)
+
+type FakeHydra struct{}
+
+var _ Hydra = &FakeHydra{}
+
+func NewFakeHydra() *FakeHydra {
+	return &FakeHydra{}
+}
+
+func (h *FakeHydra) AcceptLoginRequest(ctx context.Context, hlc uuid.UUID, sub string, amr session.AuthenticationMethods) (string, error) {
+	switch hlc.String() {
+	case FAKE_ACCEPT_REQUEST_FAIL:
+		return "", errors.New("failed to accept login request")
+	default:
+		panic("unknown fake login_challenge " + hlc.String())
+	}
+}
+
+func (h *FakeHydra) GetLoginRequest(ctx context.Context, hlc uuid.NullUUID) (*hydraclientgo.LoginRequest, error) {
+	switch hlc.UUID.String() {
+	case FAKE_ACCEPT_REQUEST_FAIL:
+		return &hydraclientgo.LoginRequest{}, nil
+	case FAKE_SUCCESS:
+		return &hydraclientgo.LoginRequest{}, nil
+	default:
+		panic("unknown fake login_challenge " + hlc.UUID.String())
+	}
+}
diff --git a/hydra/hydra.go b/hydra/hydra.go
new file mode 100644
index 000000000000..cf367fb9804a
--- /dev/null
+++ b/hydra/hydra.go
@@ -0,0 +1,138 @@
+package hydra
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"time"
+
+	"github.com/ory/x/httpx"
+
+	"github.com/gofrs/uuid"
+	"github.com/pkg/errors"
+
+	"github.com/ory/herodot"
+	hydraclientgo "github.com/ory/hydra-client-go"
+	"github.com/ory/kratos/driver/config"
+	"github.com/ory/kratos/session"
+	"github.com/ory/kratos/x"
+)
+
+type (
+	hydraDependencies interface {
+		config.Provider
+		x.HTTPClientProvider
+	}
+	HydraProvider interface {
+		Hydra() Hydra
+	}
+	Hydra interface {
+		AcceptLoginRequest(ctx context.Context, hlc uuid.UUID, sub string, amr session.AuthenticationMethods) (string, error)
+		GetLoginRequest(ctx context.Context, hlc uuid.NullUUID) (*hydraclientgo.LoginRequest, error)
+	}
+	DefaultHydra struct {
+		d hydraDependencies
+	}
+)
+
+func NewDefaultHydra(d hydraDependencies) *DefaultHydra {
+	return &DefaultHydra{
+		d: d,
+	}
+}
+
+func GetLoginChallengeID(conf *config.Config, r *http.Request) (uuid.NullUUID, error) {
+	if !r.URL.Query().Has("login_challenge") {
+		return uuid.NullUUID{}, nil
+	} else if conf.OAuth2ProviderURL(r.Context()) == nil {
+		return uuid.NullUUID{}, errors.WithStack(herodot.ErrInternalServerError.WithReason("refusing to parse login_challenge query parameter because " + config.ViperKeyOAuth2ProviderURL + " is invalid or unset"))
+	}
+
+	hlc, err := uuid.FromString(r.URL.Query().Get("login_challenge"))
+	if err != nil || hlc.IsNil() {
+		return uuid.NullUUID{}, errors.WithStack(herodot.ErrBadRequest.WithReason("the login_challenge parameter is present but invalid or zero UUID"))
+	} else {
+		return uuid.NullUUID{UUID: hlc, Valid: true}, nil
+	}
+}
+
+func (h *DefaultHydra) getAdminURL(ctx context.Context) (string, error) {
+	u := h.d.Config().OAuth2ProviderURL(ctx)
+	if u == nil {
+		return "", errors.WithStack(herodot.ErrInternalServerError.WithReason(config.ViperKeyOAuth2ProviderURL + " is not configured"))
+	}
+	return u.String(), nil
+}
+
+func (h *DefaultHydra) getAdminAPIClient(ctx context.Context) (hydraclientgo.AdminApi, error) {
+	url, err := h.getAdminURL(ctx)
+	if err != nil {
+		return nil, err
+	}
+
+	configuration := hydraclientgo.NewConfiguration()
+	configuration.Servers = hydraclientgo.ServerConfigurations{{URL: url}}
+
+	client := h.d.HTTPClient(ctx).StandardClient()
+	if header := h.d.Config().OAuth2ProviderHeader(ctx); header != nil {
+		client.Transport = httpx.WrapTransportWithHeader(client.Transport, header)
+	}
+
+	configuration.HTTPClient = client
+	return hydraclientgo.NewAPIClient(configuration).AdminApi, nil
+}
+
+func (h *DefaultHydra) AcceptLoginRequest(ctx context.Context, hlc uuid.UUID, sub string, amr session.AuthenticationMethods) (string, error) {
+	remember := h.d.Config().SessionPersistentCookie(ctx)
+	rememberFor := int64(h.d.Config().SessionLifespan(ctx) / time.Second)
+
+	alr := hydraclientgo.NewAcceptLoginRequest(sub)
+	alr.Remember = &remember
+	alr.RememberFor = &rememberFor
+	alr.Amr = []string{}
+	for _, r := range amr {
+		alr.Amr = append(alr.Amr, string(r.Method))
+	}
+
+	aa, err := h.getAdminAPIClient(ctx)
+	if err != nil {
+		return "", err
+	}
+
+	resp, r, err := aa.AcceptLoginRequest(ctx).LoginChallenge(fmt.Sprintf("%x", hlc)).AcceptLoginRequest(*alr).Execute()
+	if err != nil {
+		innerErr := herodot.ErrInternalServerError.WithWrap(err).WithReasonf("Unable to accept OAuth 2.0 Login Challenge.")
+		if r != nil {
+			innerErr = innerErr.
+				WithDetail("status_code", r.StatusCode).
+				WithDebugf("error", err.Error())
+		}
+		return "", errors.WithStack(innerErr)
+	}
+
+	return resp.RedirectTo, nil
+}
+
+func (h *DefaultHydra) GetLoginRequest(ctx context.Context, hlc uuid.NullUUID) (*hydraclientgo.LoginRequest, error) {
+	if !hlc.Valid {
+		return nil, errors.WithStack(herodot.ErrBadRequest.WithReason("invalid login_challenge"))
+	}
+
+	aa, err := h.getAdminAPIClient(ctx)
+	if err != nil {
+		return nil, err
+	}
+
+	hlr, r, err := aa.GetLoginRequest(ctx).LoginChallenge(fmt.Sprintf("%x", hlc.UUID)).Execute()
+	if err != nil {
+		innerErr := herodot.ErrInternalServerError.WithWrap(err).WithReasonf("Unable to get OAuth 2.0 Login Challenge.")
+		if r != nil {
+			innerErr = innerErr.
+				WithDetail("status_code", r.StatusCode).
+				WithDebugf("error", err.Error())
+		}
+		return nil, errors.WithStack(innerErr)
+	}
+
+	return hlr, nil
+}
diff --git a/hydra/hydra_test.go b/hydra/hydra_test.go
new file mode 100644
index 000000000000..9fccdc9adf52
--- /dev/null
+++ b/hydra/hydra_test.go
@@ -0,0 +1,100 @@
+package hydra_test
+
+import (
+	"net/http"
+	"os"
+	"reflect"
+	"testing"
+
+	"github.com/gofrs/uuid"
+
+	"github.com/ory/kratos/driver/config"
+	"github.com/ory/kratos/hydra"
+	"github.com/ory/x/configx"
+	"github.com/ory/x/logrusx"
+	"github.com/ory/x/urlx"
+)
+
+func TestGetLoginChallengeID(t *testing.T) {
+	validChallenge := "https://hydra?login_challenge=b346a452-e8fb-4828-8ef8-a4dbc98dc23a"
+	invalidChallenge := "https://hydra?login_challenge=invalid"
+	defaultConfig := config.MustNew(t, logrusx.New("", ""), os.Stderr, configx.SkipValidation())
+	configWithHydra := config.MustNew(
+		t,
+		logrusx.New("", ""),
+		os.Stderr,
+		configx.SkipValidation(),
+		configx.WithValues(map[string]interface{}{
+			config.ViperKeyOAuth2ProviderURL: "https://hydra",
+		}),
+	)
+
+	type args struct {
+		conf *config.Config
+		r    *http.Request
+	}
+	tests := []struct {
+		name    string
+		args    args
+		want    uuid.NullUUID
+		wantErr bool
+	}{
+		{
+			name: "no login challenge; hydra is not configured",
+			args: args{
+				conf: defaultConfig,
+				r:    &http.Request{URL: urlx.ParseOrPanic("https://hydra")},
+			},
+			want:    uuid.NullUUID{Valid: false},
+			wantErr: false,
+		},
+		{
+			name: "no login challenge; hydra is configured",
+			args: args{
+				conf: configWithHydra,
+				r:    &http.Request{URL: urlx.ParseOrPanic("https://hydra")},
+			},
+			want:    uuid.NullUUID{Valid: false},
+			wantErr: false,
+		},
+		{
+			name: "login_challenge is present; Hydra is not configured",
+			args: args{
+				conf: defaultConfig,
+				r:    &http.Request{URL: urlx.ParseOrPanic(validChallenge)},
+			},
+			want:    uuid.NullUUID{Valid: false},
+			wantErr: true,
+		},
+		{
+			name: "login_challenge is present; hydra is configured",
+			args: args{
+				conf: configWithHydra,
+				r:    &http.Request{URL: urlx.ParseOrPanic(validChallenge)},
+			},
+			want:    uuid.NullUUID{Valid: true, UUID: uuid.FromStringOrNil("b346a452-e8fb-4828-8ef8-a4dbc98dc23a")},
+			wantErr: false,
+		},
+		{
+			name: "login_challenge is invalid; hydra is configured",
+			args: args{
+				conf: configWithHydra,
+				r:    &http.Request{URL: urlx.ParseOrPanic(invalidChallenge)},
+			},
+			want:    uuid.NullUUID{Valid: false},
+			wantErr: true,
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			got, err := hydra.GetLoginChallengeID(tt.args.conf, tt.args.r)
+			if (err != nil) != tt.wantErr {
+				t.Errorf("GetLoginChallengeID() error = %v, wantErr %v", err, tt.wantErr)
+				return
+			}
+			if !reflect.DeepEqual(got, tt.want) {
+				t.Errorf("GetLoginChallengeID() = %v, want %v", got, tt.want)
+			}
+		})
+	}
+}
diff --git a/internal/httpclient/.openapi-generator/FILES b/internal/httpclient/.openapi-generator/FILES
index 000360e64ecb..c277bccbc12a 100644
--- a/internal/httpclient/.openapi-generator/FILES
+++ b/internal/httpclient/.openapi-generator/FILES
@@ -37,9 +37,12 @@ docs/InlineResponse2001.md
 docs/InlineResponse503.md
 docs/JsonError.md
 docs/JsonPatch.md
+docs/LoginRequest.md
 docs/Message.md
 docs/MetadataApi.md
 docs/NeedsPrivilegedSessionError.md
+docs/OAuth2Client.md
+docs/OpenIDConnectContext.md
 docs/Pagination.md
 docs/RecoveryIdentityAddress.md
 docs/RevokedSessions.md
@@ -135,8 +138,11 @@ model_inline_response_200_1.go
 model_inline_response_503.go
 model_json_error.go
 model_json_patch.go
+model_login_request.go
 model_message.go
 model_needs_privileged_session_error.go
+model_o_auth2_client.go
+model_open_id_connect_context.go
 model_pagination.go
 model_recovery_identity_address.go
 model_revoked_sessions.go
diff --git a/internal/httpclient/README.md b/internal/httpclient/README.md
index d1c42716e9dd..f5b358e7fbfe 100644
--- a/internal/httpclient/README.md
+++ b/internal/httpclient/README.md
@@ -163,8 +163,11 @@ Class | Method | HTTP request | Description
  - [InlineResponse503](docs/InlineResponse503.md)
  - [JsonError](docs/JsonError.md)
  - [JsonPatch](docs/JsonPatch.md)
+ - [LoginRequest](docs/LoginRequest.md)
  - [Message](docs/Message.md)
  - [NeedsPrivilegedSessionError](docs/NeedsPrivilegedSessionError.md)
+ - [OAuth2Client](docs/OAuth2Client.md)
+ - [OpenIDConnectContext](docs/OpenIDConnectContext.md)
  - [Pagination](docs/Pagination.md)
  - [RecoveryIdentityAddress](docs/RecoveryIdentityAddress.md)
  - [RevokedSessions](docs/RevokedSessions.md)
diff --git a/internal/httpclient/api/openapi.yaml b/internal/httpclient/api/openapi.yaml
index 1f83d9cb56d8..7395a9740eec 100644
--- a/internal/httpclient/api/openapi.yaml
+++ b/internal/httpclient/api/openapi.yaml
@@ -1100,11 +1100,28 @@ paths:
         `security_csrf_violation`: Unable to fetch the flow because a CSRF violation occurred.
         `security_identity_mismatch`: The requested `?return_to` address is not allowed to be used. Adjust this in the configuration!
 
+        The optional query parameter login_challenge is set when using Kratos with
+        Hydra in an OAuth2 flow. See the oauth2_provider.url configuration
+        option.
+
         This endpoint is NOT INTENDED for clients that do not have a browser (Chrome, Firefox, ...) as cookies are needed.
 
         More information can be found at [Ory Kratos User Login](https://www.ory.sh/docs/kratos/self-service/flows/user-login) and [User Registration Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-registration).
       operationId: initializeSelfServiceLoginFlowForBrowsers
       parameters:
+      - description: |-
+          An optional Hydra login challenge. If present, Kratos will cooperate with
+          Ory Hydra to act as an OAuth2 identity provider.
+
+          The value for this parameter comes from `login_challenge` URL Query parameter sent to your
+          application (e.g. `/login?login_challenge=abcde`).
+        explode: true
+        in: query
+        name: login_challenge
+        required: false
+        schema:
+          type: string
+        style: form
       - description: |-
           Refresh a login session
 
@@ -1851,6 +1868,19 @@ paths:
         More information can be found at [Ory Kratos User Login](https://www.ory.sh/docs/kratos/self-service/flows/user-login) and [User Registration Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-registration).
       operationId: initializeSelfServiceRegistrationFlowForBrowsers
       parameters:
+      - description: |-
+          An optional Hydra login challenge. If present, Kratos will cooperate with
+          Ory Hydra to act as an OAuth2 identity provider.
+
+          The value for this parameter comes from `login_challenge` URL Query parameter sent to your
+          application (e.g. `/registration?login_challenge=abcde`).
+        explode: true
+        in: query
+        name: login_challenge
+        required: false
+        schema:
+          type: string
+        style: form
       - description: The URL to return the browser to after the flow was completed.
         explode: true
         in: query
@@ -3006,12 +3036,457 @@ components:
       title: JSONRawMessage represents a json.RawMessage that works well with JSON,
         SQL, and Swagger.
       type: object
+    LoginRequest:
+      description: LoginRequest struct for LoginRequest
+      example:
+        requested_access_token_audience:
+        - requested_access_token_audience
+        - requested_access_token_audience
+        subject: subject
+        oidc_context:
+          login_hint: login_hint
+          ui_locales:
+          - ui_locales
+          - ui_locales
+          id_token_hint_claims:
+            key: '{}'
+          acr_values:
+          - acr_values
+          - acr_values
+          display: display
+        challenge: challenge
+        client:
+          metadata:
+            key: ""
+          token_endpoint_auth_signing_alg: token_endpoint_auth_signing_alg
+          client_uri: client_uri
+          jwks:
+            key: ""
+          logo_uri: logo_uri
+          created_at: 2000-01-23T04:56:07.000+00:00
+          registration_client_uri: registration_client_uri
+          allowed_cors_origins:
+          - allowed_cors_origins
+          - allowed_cors_origins
+          registration_access_token: registration_access_token
+          client_id: client_id
+          token_endpoint_auth_method: token_endpoint_auth_method
+          userinfo_signed_response_alg: userinfo_signed_response_alg
+          updated_at: 2000-01-23T04:56:07.000+00:00
+          scope: scope
+          request_uris:
+          - request_uris
+          - request_uris
+          client_secret: client_secret
+          backchannel_logout_session_required: true
+          backchannel_logout_uri: backchannel_logout_uri
+          client_name: client_name
+          policy_uri: policy_uri
+          owner: owner
+          audience:
+          - audience
+          - audience
+          post_logout_redirect_uris:
+          - post_logout_redirect_uris
+          - post_logout_redirect_uris
+          grant_types:
+          - grant_types
+          - grant_types
+          subject_type: subject_type
+          redirect_uris:
+          - redirect_uris
+          - redirect_uris
+          sector_identifier_uri: sector_identifier_uri
+          frontchannel_logout_session_required: true
+          frontchannel_logout_uri: frontchannel_logout_uri
+          client_secret_expires_at: 0
+          jwks_uri: jwks_uri
+          request_object_signing_alg: request_object_signing_alg
+          tos_uri: tos_uri
+          contacts:
+          - contacts
+          - contacts
+          response_types:
+          - response_types
+          - response_types
+        session_id: session_id
+        skip: true
+        request_url: request_url
+        requested_scope:
+        - requested_scope
+        - requested_scope
+      properties:
+        challenge:
+          description: ID is the identifier (\"login challenge\") of the login request.
+            It is used to identify the session.
+          type: string
+        client:
+          $ref: '#/components/schemas/OAuth2Client'
+        oidc_context:
+          $ref: '#/components/schemas/OpenIDConnectContext'
+        request_url:
+          description: RequestURL is the original OAuth 2.0 Authorization URL requested
+            by the OAuth 2.0 client. It is the URL which initiates the OAuth 2.0 Authorization
+            Code or OAuth 2.0 Implicit flow. This URL is typically not needed, but
+            might come in handy if you want to deal with additional request parameters.
+          type: string
+        requested_access_token_audience:
+          items:
+            type: string
+          type: array
+        requested_scope:
+          items:
+            type: string
+          type: array
+        session_id:
+          description: SessionID is the login session ID. If the user-agent reuses
+            a login session (via cookie / remember flag) this ID will remain the same.
+            If the user-agent did not have an existing authentication session (e.g.
+            remember is false) this will be a new random value. This value is used
+            as the \"sid\" parameter in the ID Token and in OIDC Front-/Back- channel
+            logout. It's value can generally be used to associate consecutive login
+            requests by a certain user.
+          type: string
+        skip:
+          description: Skip, if true, implies that the client has requested the same
+            scopes from the same user previously. If true, you can skip asking the
+            user to grant the requested scopes, and simply forward the user to the
+            redirect URL.  This feature allows you to update / set session information.
+          type: boolean
+        subject:
+          description: Subject is the user ID of the end-user that authenticated.
+            Now, that end user needs to grant or deny the scope requested by the OAuth
+            2.0 client. If this value is set and `skip` is true, you MUST include
+            this subject type when accepting the login request, or the request will
+            fail.
+          type: string
+      type: object
+    NullBool:
+      nullable: true
+      type: boolean
+    NullInt:
+      nullable: true
+      type: integer
+    NullString:
+      nullable: true
+      type: string
+    NullTime:
+      format: date-time
+      nullable: true
+      type: string
+    NullUUID:
+      format: uuid4
+      nullable: true
+      type: string
+    OAuth2Client:
+      description: OAuth2Client struct for OAuth2Client
+      example:
+        metadata:
+          key: ""
+        token_endpoint_auth_signing_alg: token_endpoint_auth_signing_alg
+        client_uri: client_uri
+        jwks:
+          key: ""
+        logo_uri: logo_uri
+        created_at: 2000-01-23T04:56:07.000+00:00
+        registration_client_uri: registration_client_uri
+        allowed_cors_origins:
+        - allowed_cors_origins
+        - allowed_cors_origins
+        registration_access_token: registration_access_token
+        client_id: client_id
+        token_endpoint_auth_method: token_endpoint_auth_method
+        userinfo_signed_response_alg: userinfo_signed_response_alg
+        updated_at: 2000-01-23T04:56:07.000+00:00
+        scope: scope
+        request_uris:
+        - request_uris
+        - request_uris
+        client_secret: client_secret
+        backchannel_logout_session_required: true
+        backchannel_logout_uri: backchannel_logout_uri
+        client_name: client_name
+        policy_uri: policy_uri
+        owner: owner
+        audience:
+        - audience
+        - audience
+        post_logout_redirect_uris:
+        - post_logout_redirect_uris
+        - post_logout_redirect_uris
+        grant_types:
+        - grant_types
+        - grant_types
+        subject_type: subject_type
+        redirect_uris:
+        - redirect_uris
+        - redirect_uris
+        sector_identifier_uri: sector_identifier_uri
+        frontchannel_logout_session_required: true
+        frontchannel_logout_uri: frontchannel_logout_uri
+        client_secret_expires_at: 0
+        jwks_uri: jwks_uri
+        request_object_signing_alg: request_object_signing_alg
+        tos_uri: tos_uri
+        contacts:
+        - contacts
+        - contacts
+        response_types:
+        - response_types
+        - response_types
+      properties:
+        allowed_cors_origins:
+          items:
+            type: string
+          type: array
+        audience:
+          items:
+            type: string
+          type: array
+        backchannel_logout_session_required:
+          description: Boolean value specifying whether the RP requires that a sid
+            (session ID) Claim be included in the Logout Token to identify the RP
+            session with the OP when the backchannel_logout_uri is used. If omitted,
+            the default value is false.
+          type: boolean
+        backchannel_logout_uri:
+          description: RP URL that will cause the RP to log itself out when sent a
+            Logout Token by the OP.
+          type: string
+        client_id:
+          description: ID  is the id for this client.
+          type: string
+        client_name:
+          description: Name is the human-readable string name of the client to be
+            presented to the end-user during authorization.
+          type: string
+        client_secret:
+          description: Secret is the client's secret. The secret will be included
+            in the create request as cleartext, and then never again. The secret is
+            stored using BCrypt so it is impossible to recover it. Tell your users
+            that they need to write the secret down as it will not be made available
+            again.
+          type: string
+        client_secret_expires_at:
+          description: SecretExpiresAt is an integer holding the time at which the
+            client secret will expire or 0 if it will not expire. The time is represented
+            as the number of seconds from 1970-01-01T00:00:00Z as measured in UTC
+            until the date/time of expiration.  This feature is currently not supported
+            and it's value will always be set to 0.
+          format: int64
+          type: integer
+        client_uri:
+          description: ClientURI is an URL string of a web page providing information
+            about the client. If present, the server SHOULD display this URL to the
+            end-user in a clickable fashion.
+          type: string
+        contacts:
+          items:
+            type: string
+          type: array
+        created_at:
+          description: CreatedAt returns the timestamp of the client's creation.
+          format: date-time
+          type: string
+        frontchannel_logout_session_required:
+          description: Boolean value specifying whether the RP requires that iss (issuer)
+            and sid (session ID) query parameters be included to identify the RP session
+            with the OP when the frontchannel_logout_uri is used. If omitted, the
+            default value is false.
+          type: boolean
+        frontchannel_logout_uri:
+          description: RP URL that will cause the RP to log itself out when rendered
+            in an iframe by the OP. An iss (issuer) query parameter and a sid (session
+            ID) query parameter MAY be included by the OP to enable the RP to validate
+            the request and to determine which of the potentially multiple sessions
+            is to be logged out; if either is included, both MUST be.
+          type: string
+        grant_types:
+          items:
+            type: string
+          type: array
+        jwks:
+          additionalProperties: {}
+          type: object
+        jwks_uri:
+          description: URL for the Client's JSON Web Key Set [JWK] document. If the
+            Client signs requests to the Server, it contains the signing key(s) the
+            Server uses to validate signatures from the Client. The JWK Set MAY also
+            contain the Client's encryption keys(s), which are used by the Server
+            to encrypt responses to the Client. When both signing and encryption keys
+            are made available, a use (Key Use) parameter value is REQUIRED for all
+            keys in the referenced JWK Set to indicate each key's intended usage.
+            Although some algorithms allow the same key to be used for both signatures
+            and encryption, doing so is NOT RECOMMENDED, as it is less secure. The
+            JWK x5c parameter MAY be used to provide X.509 representations of keys
+            provided. When used, the bare key values MUST still be present and MUST
+            match those in the certificate.
+          type: string
+        logo_uri:
+          description: LogoURI is an URL string that references a logo for the client.
+          type: string
+        metadata:
+          additionalProperties: {}
+          type: object
+        owner:
+          description: Owner is a string identifying the owner of the OAuth 2.0 Client.
+          type: string
+        policy_uri:
+          description: PolicyURI is a URL string that points to a human-readable privacy
+            policy document that describes how the deployment organization collects,
+            uses, retains, and discloses personal data.
+          type: string
+        post_logout_redirect_uris:
+          items:
+            type: string
+          type: array
+        redirect_uris:
+          items:
+            type: string
+          type: array
+        registration_access_token:
+          description: RegistrationAccessToken can be used to update, get, or delete
+            the OAuth2 Client.
+          type: string
+        registration_client_uri:
+          description: RegistrationClientURI is the URL used to update, get, or delete
+            the OAuth2 Client.
+          type: string
+        request_object_signing_alg:
+          description: JWS [JWS] alg algorithm [JWA] that MUST be used for signing
+            Request Objects sent to the OP. All Request Objects from this Client MUST
+            be rejected, if not signed with this algorithm.
+          type: string
+        request_uris:
+          items:
+            type: string
+          type: array
+        response_types:
+          items:
+            type: string
+          type: array
+        scope:
+          description: Scope is a string containing a space-separated list of scope
+            values (as described in Section 3.3 of OAuth 2.0 [RFC6749]) that the client
+            can use when requesting access tokens.
+          type: string
+        sector_identifier_uri:
+          description: URL using the https scheme to be used in calculating Pseudonymous
+            Identifiers by the OP. The URL references a file with a single JSON array
+            of redirect_uri values.
+          type: string
+        subject_type:
+          description: SubjectType requested for responses to this Client. The subject_types_supported
+            Discovery parameter contains a list of the supported subject_type values
+            for this server. Valid types include `pairwise` and `public`.
+          type: string
+        token_endpoint_auth_method:
+          description: Requested Client Authentication method for the Token Endpoint.
+            The options are client_secret_post, client_secret_basic, private_key_jwt,
+            and none.
+          type: string
+        token_endpoint_auth_signing_alg:
+          description: Requested Client Authentication signing algorithm for the Token
+            Endpoint.
+          type: string
+        tos_uri:
+          description: TermsOfServiceURI is a URL string that points to a human-readable
+            terms of service document for the client that describes a contractual
+            relationship between the end-user and the client that the end-user accepts
+            when authorizing the client.
+          type: string
+        updated_at:
+          description: UpdatedAt returns the timestamp of the last update.
+          format: date-time
+          type: string
+        userinfo_signed_response_alg:
+          description: JWS alg algorithm [JWA] REQUIRED for signing UserInfo Responses.
+            If this is specified, the response will be JWT [JWT] serialized, and signed
+            using JWS. The default, if omitted, is for the UserInfo Response to return
+            the Claims as a UTF-8 encoded JSON object using the application/json content-type.
+          type: string
+      type: object
+    OpenIDConnectContext:
+      description: OpenIDConnectContext struct for OpenIDConnectContext
+      example:
+        login_hint: login_hint
+        ui_locales:
+        - ui_locales
+        - ui_locales
+        id_token_hint_claims:
+          key: '{}'
+        acr_values:
+        - acr_values
+        - acr_values
+        display: display
+      properties:
+        acr_values:
+          description: 'ACRValues is the Authentication AuthorizationContext Class
+            Reference requested in the OAuth 2.0 Authorization request. It is a parameter
+            defined by OpenID Connect and expresses which level of authentication
+            (e.g. 2FA) is required.  OpenID Connect defines it as follows: > Requested
+            Authentication AuthorizationContext Class Reference values. Space-separated
+            string that specifies the acr values that the Authorization Server is
+            being requested to use for processing this Authentication Request, with
+            the values appearing in order of preference. The Authentication AuthorizationContext
+            Class satisfied by the authentication performed is returned as the acr
+            Claim Value, as specified in Section 2. The acr Claim is requested as
+            a Voluntary Claim by this parameter.'
+          items:
+            type: string
+          type: array
+        display:
+          description: 'Display is a string value that specifies how the Authorization
+            Server displays the authentication and consent user interface pages to
+            the End-User. The defined values are: page: The Authorization Server SHOULD
+            display the authentication and consent UI consistent with a full User
+            Agent page view. If the display parameter is not specified, this is the
+            default display mode. popup: The Authorization Server SHOULD display the
+            authentication and consent UI consistent with a popup User Agent window.
+            The popup User Agent window should be of an appropriate size for a login-focused
+            dialog and should not obscure the entire window that it is popping up
+            over. touch: The Authorization Server SHOULD display the authentication
+            and consent UI consistent with a device that leverages a touch interface.
+            wap: The Authorization Server SHOULD display the authentication and consent
+            UI consistent with a \"feature phone\" type display.  The Authorization
+            Server MAY also attempt to detect the capabilities of the User Agent and
+            present an appropriate display.'
+          type: string
+        id_token_hint_claims:
+          additionalProperties: true
+          description: IDTokenHintClaims are the claims of the ID Token previously
+            issued by the Authorization Server being passed as a hint about the End-User's
+            current or past authenticated session with the Client.
+          type: object
+        login_hint:
+          description: LoginHint hints about the login identifier the End-User might
+            use to log in (if necessary). This hint can be used by an RP if it first
+            asks the End-User for their e-mail address (or other identifier) and then
+            wants to pass that value as a hint to the discovered authorization service.
+            This value MAY also be a phone number in the format specified for the
+            phone_number Claim. The use of this parameter is optional.
+          type: string
+        ui_locales:
+          description: UILocales is the End-User'id preferred languages and scripts
+            for the user interface, represented as a space-separated list of BCP47
+            [RFC5646] language tag values, ordered by preference. For instance, the
+            value \"fr-CA fr en\" represents a preference for French as spoken in
+            Canada, then French (without a region designation), followed by English
+            (without a region designation). An error SHOULD NOT result if some or
+            all of the requested locales are not supported by the OpenID Provider.
+          items:
+            type: string
+          type: array
+      type: object
     RecoveryAddressType:
       title: RecoveryAddressType must not exceed 16 characters as that is the limitation
         in the SQL Schema.
       type: string
     TemplateType:
       type: string
+    Time:
+      format: date-time
+      type: string
     UUID:
       format: uuid4
       type: string
@@ -3741,6 +4216,13 @@ components:
       title: Is sent when a privileged session is required to perform the settings
         update.
       type: object
+    nullDuration:
+      nullable: true
+      pattern: ^[0-9]+(ns|us|ms|s|m|h)$
+      type: string
+    nullInt64:
+      nullable: true
+      type: integer
     nullJsonRawMessage:
       description: NullJSONRawMessage represents a json.RawMessage that works well
         with JSON, SQL, and Swagger and is NULLable-
@@ -3970,22 +4452,105 @@ components:
 
         Once a login flow is completed successfully, a session cookie or session token will be issued.
       example:
+        created_at: 2000-01-23T04:56:07.000+00:00
+        refresh: true
+        return_to: return_to
+        type: type
+        issued_at: 2000-01-23T04:56:07.000+00:00
+        request_url: request_url
         expires_at: 2000-01-23T04:56:07.000+00:00
+        oauth2_login_request:
+          requested_access_token_audience:
+          - requested_access_token_audience
+          - requested_access_token_audience
+          subject: subject
+          oidc_context:
+            login_hint: login_hint
+            ui_locales:
+            - ui_locales
+            - ui_locales
+            id_token_hint_claims:
+              key: '{}'
+            acr_values:
+            - acr_values
+            - acr_values
+            display: display
+          challenge: challenge
+          client:
+            metadata:
+              key: ""
+            token_endpoint_auth_signing_alg: token_endpoint_auth_signing_alg
+            client_uri: client_uri
+            jwks:
+              key: ""
+            logo_uri: logo_uri
+            created_at: 2000-01-23T04:56:07.000+00:00
+            registration_client_uri: registration_client_uri
+            allowed_cors_origins:
+            - allowed_cors_origins
+            - allowed_cors_origins
+            registration_access_token: registration_access_token
+            client_id: client_id
+            token_endpoint_auth_method: token_endpoint_auth_method
+            userinfo_signed_response_alg: userinfo_signed_response_alg
+            updated_at: 2000-01-23T04:56:07.000+00:00
+            scope: scope
+            request_uris:
+            - request_uris
+            - request_uris
+            client_secret: client_secret
+            backchannel_logout_session_required: true
+            backchannel_logout_uri: backchannel_logout_uri
+            client_name: client_name
+            policy_uri: policy_uri
+            owner: owner
+            audience:
+            - audience
+            - audience
+            post_logout_redirect_uris:
+            - post_logout_redirect_uris
+            - post_logout_redirect_uris
+            grant_types:
+            - grant_types
+            - grant_types
+            subject_type: subject_type
+            redirect_uris:
+            - redirect_uris
+            - redirect_uris
+            sector_identifier_uri: sector_identifier_uri
+            frontchannel_logout_session_required: true
+            frontchannel_logout_uri: frontchannel_logout_uri
+            client_secret_expires_at: 0
+            jwks_uri: jwks_uri
+            request_object_signing_alg: request_object_signing_alg
+            tos_uri: tos_uri
+            contacts:
+            - contacts
+            - contacts
+            response_types:
+            - response_types
+            - response_types
+          session_id: session_id
+          skip: true
+          request_url: request_url
+          requested_scope:
+          - requested_scope
+          - requested_scope
         ui:
           nodes:
           - meta:
               label:
                 context: '{}'
-                id: 0
+                id: 6
                 text: text
                 type: type
             messages:
             - context: '{}'
-              id: 0
+              id: 6
               text: text
               type: type
             - context: '{}'
-              id: 0
+              id: 6
               text: text
               type: type
             type: text
@@ -3993,16 +4558,16 @@ components:
           - meta:
               label:
                 context: '{}'
-                id: 0
+                id: 6
                 text: text
                 type: type
             messages:
             - context: '{}'
-              id: 0
+              id: 6
               text: text
               type: type
             - context: '{}'
-              id: 0
+              id: 6
               text: text
               type: type
             type: text
@@ -4011,21 +4576,16 @@ components:
           action: action
           messages:
           - context: '{}'
-            id: 0
+            id: 6
             text: text
             type: type
           - context: '{}'
-            id: 0
+            id: 6
             text: text
             type: type
         updated_at: 2000-01-23T04:56:07.000+00:00
-        created_at: 2000-01-23T04:56:07.000+00:00
-        refresh: true
-        return_to: return_to
+        oauth2_login_challenge: oauth2_login_challenge
         id: 046b6c7f-0b8a-43b9-b35d-6489e6daee91
-        type: type
-        issued_at: 2000-01-23T04:56:07.000+00:00
-        request_url: request_url
       properties:
         active:
           $ref: '#/components/schemas/identityCredentialsType'
@@ -4049,6 +4609,12 @@ components:
           description: IssuedAt is the time (UTC) when the flow started.
           format: date-time
           type: string
+        oauth2_login_challenge:
+          format: uuid4
+          nullable: true
+          type: string
+        oauth2_login_request:
+          $ref: '#/components/schemas/LoginRequest'
         refresh:
           description: Refresh stores whether this login flow should enforce re-authentication.
           type: boolean
@@ -4137,16 +4703,16 @@ components:
           - meta:
               label:
                 context: '{}'
-                id: 0
+                id: 6
                 text: text
                 type: type
             messages:
             - context: '{}'
-              id: 0
+              id: 6
               text: text
               type: type
             - context: '{}'
-              id: 0
+              id: 6
               text: text
               type: type
             type: text
@@ -4154,16 +4720,16 @@ components:
           - meta:
               label:
                 context: '{}'
-                id: 0
+                id: 6
                 text: text
                 type: type
             messages:
             - context: '{}'
-              id: 0
+              id: 6
               text: text
               type: type
             - context: '{}'
-              id: 0
+              id: 6
               text: text
               type: type
             type: text
@@ -4172,11 +4738,11 @@ components:
           action: action
           messages:
           - context: '{}'
-            id: 0
+            id: 6
             text: text
             type: type
           - context: '{}'
-            id: 0
+            id: 6
             text: text
             type: type
         active: active
@@ -4270,21 +4836,98 @@ components:
     selfServiceRegistrationFlow:
       example:
         expires_at: 2000-01-23T04:56:07.000+00:00
+        oauth2_login_request:
+          requested_access_token_audience:
+          - requested_access_token_audience
+          - requested_access_token_audience
+          subject: subject
+          oidc_context:
+            login_hint: login_hint
+            ui_locales:
+            - ui_locales
+            - ui_locales
+            id_token_hint_claims:
+              key: '{}'
+            acr_values:
+            - acr_values
+            - acr_values
+            display: display
+          challenge: challenge
+          client:
+            metadata:
+              key: ""
+            token_endpoint_auth_signing_alg: token_endpoint_auth_signing_alg
+            client_uri: client_uri
+            jwks:
+              key: ""
+            logo_uri: logo_uri
+            created_at: 2000-01-23T04:56:07.000+00:00
+            registration_client_uri: registration_client_uri
+            allowed_cors_origins:
+            - allowed_cors_origins
+            - allowed_cors_origins
+            registration_access_token: registration_access_token
+            client_id: client_id
+            token_endpoint_auth_method: token_endpoint_auth_method
+            userinfo_signed_response_alg: userinfo_signed_response_alg
+            updated_at: 2000-01-23T04:56:07.000+00:00
+            scope: scope
+            request_uris:
+            - request_uris
+            - request_uris
+            client_secret: client_secret
+            backchannel_logout_session_required: true
+            backchannel_logout_uri: backchannel_logout_uri
+            client_name: client_name
+            policy_uri: policy_uri
+            owner: owner
+            audience:
+            - audience
+            - audience
+            post_logout_redirect_uris:
+            - post_logout_redirect_uris
+            - post_logout_redirect_uris
+            grant_types:
+            - grant_types
+            - grant_types
+            subject_type: subject_type
+            redirect_uris:
+            - redirect_uris
+            - redirect_uris
+            sector_identifier_uri: sector_identifier_uri
+            frontchannel_logout_session_required: true
+            frontchannel_logout_uri: frontchannel_logout_uri
+            client_secret_expires_at: 0
+            jwks_uri: jwks_uri
+            request_object_signing_alg: request_object_signing_alg
+            tos_uri: tos_uri
+            contacts:
+            - contacts
+            - contacts
+            response_types:
+            - response_types
+            - response_types
+          session_id: session_id
+          skip: true
+          request_url: request_url
+          requested_scope:
+          - requested_scope
+          - requested_scope
         ui:
           nodes:
           - meta:
               label:
                 context: '{}'
-                id: 0
+                id: 6
                 text: text
                 type: type
             messages:
             - context: '{}'
-              id: 0
+              id: 6
               text: text
               type: type
             - context: '{}'
-              id: 0
+              id: 6
               text: text
               type: type
             type: text
@@ -4292,16 +4935,16 @@ components:
           - meta:
               label:
                 context: '{}'
-                id: 0
+                id: 6
                 text: text
                 type: type
             messages:
             - context: '{}'
-              id: 0
+              id: 6
               text: text
               type: type
             - context: '{}'
-              id: 0
+              id: 6
               text: text
               type: type
             type: text
@@ -4310,13 +4953,14 @@ components:
           action: action
           messages:
           - context: '{}'
-            id: 0
+            id: 6
             text: text
             type: type
           - context: '{}'
-            id: 0
+            id: 6
             text: text
             type: type
+        oauth2_login_challenge: oauth2_login_challenge
         return_to: return_to
         id: 046b6c7f-0b8a-43b9-b35d-6489e6daee91
         type: type
@@ -4341,6 +4985,12 @@ components:
           description: IssuedAt is the time (UTC) when the flow occurred.
           format: date-time
           type: string
+        oauth2_login_challenge:
+          format: uuid4
+          nullable: true
+          type: string
+        oauth2_login_request:
+          $ref: '#/components/schemas/LoginRequest'
         request_url:
           description: |-
             RequestURL is the initial URL that was requested from Ory Kratos. It can be used
@@ -4376,16 +5026,16 @@ components:
           - meta:
               label:
                 context: '{}'
-                id: 0
+                id: 6
                 text: text
                 type: type
             messages:
             - context: '{}'
-              id: 0
+              id: 6
               text: text
               type: type
             - context: '{}'
-              id: 0
+              id: 6
               text: text
               type: type
             type: text
@@ -4393,16 +5043,16 @@ components:
           - meta:
               label:
                 context: '{}'
-                id: 0
+                id: 6
                 text: text
                 type: type
             messages:
             - context: '{}'
-              id: 0
+              id: 6
               text: text
               type: type
             - context: '{}'
-              id: 0
+              id: 6
               text: text
               type: type
             type: text
@@ -4411,11 +5061,11 @@ components:
           action: action
           messages:
           - context: '{}'
-            id: 0
+            id: 6
             text: text
             type: type
           - context: '{}'
-            id: 0
+            id: 6
             text: text
             type: type
         identity:
@@ -4546,16 +5196,16 @@ components:
           - meta:
               label:
                 context: '{}'
-                id: 0
+                id: 6
                 text: text
                 type: type
             messages:
             - context: '{}'
-              id: 0
+              id: 6
               text: text
               type: type
             - context: '{}'
-              id: 0
+              id: 6
               text: text
               type: type
             type: text
@@ -4563,16 +5213,16 @@ components:
           - meta:
               label:
                 context: '{}'
-                id: 0
+                id: 6
                 text: text
                 type: type
             messages:
             - context: '{}'
-              id: 0
+              id: 6
               text: text
               type: type
             - context: '{}'
-              id: 0
+              id: 6
               text: text
               type: type
             type: text
@@ -4581,11 +5231,11 @@ components:
           action: action
           messages:
           - context: '{}'
-            id: 0
+            id: 6
             text: text
             type: type
           - context: '{}'
-            id: 0
+            id: 6
             text: text
             type: type
         active: active
@@ -5658,16 +6308,16 @@ components:
         - meta:
             label:
               context: '{}'
-              id: 0
+              id: 6
               text: text
               type: type
           messages:
           - context: '{}'
-            id: 0
+            id: 6
             text: text
             type: type
           - context: '{}'
-            id: 0
+            id: 6
             text: text
             type: type
           type: text
@@ -5675,16 +6325,16 @@ components:
         - meta:
             label:
               context: '{}'
-              id: 0
+              id: 6
               text: text
               type: type
           messages:
           - context: '{}'
-            id: 0
+            id: 6
             text: text
             type: type
           - context: '{}'
-            id: 0
+            id: 6
             text: text
             type: type
           type: text
@@ -5693,11 +6343,11 @@ components:
         action: action
         messages:
         - context: '{}'
-          id: 0
+          id: 6
           text: text
           type: type
         - context: '{}'
-          id: 0
+          id: 6
           text: text
           type: type
       properties:
@@ -5729,16 +6379,16 @@ components:
         meta:
           label:
             context: '{}'
-            id: 0
+            id: 6
             text: text
             type: type
         messages:
         - context: '{}'
-          id: 0
+          id: 6
           text: text
           type: type
         - context: '{}'
-          id: 0
+          id: 6
           text: text
           type: type
         type: text
@@ -5996,7 +6646,7 @@ components:
       example:
         label:
           context: '{}'
-          id: 0
+          id: 6
           text: text
           type: type
       properties:
@@ -6077,7 +6727,7 @@ components:
     uiText:
       example:
         context: '{}'
-        id: 0
+        id: 6
         text: text
         type: type
       properties:
diff --git a/internal/httpclient/api_v0alpha2.go b/internal/httpclient/api_v0alpha2.go
index 9069c26ad043..0955abec27ff 100644
--- a/internal/httpclient/api_v0alpha2.go
+++ b/internal/httpclient/api_v0alpha2.go
@@ -489,6 +489,10 @@ type V0alpha2Api interface {
 		`security_csrf_violation`: Unable to fetch the flow because a CSRF violation occurred.
 		`security_identity_mismatch`: The requested `?return_to` address is not allowed to be used. Adjust this in the configuration!
 
+		The optional query parameter login_challenge is set when using Kratos with
+		Hydra in an OAuth2 flow. See the oauth2_provider.url configuration
+		option.
+
 		This endpoint is NOT INTENDED for clients that do not have a browser (Chrome, Firefox, ...) as cookies are needed.
 
 		More information can be found at [Ory Kratos User Login](https://www.ory.sh/docs/kratos/self-service/flows/user-login) and [User Registration Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-registration).
@@ -4402,14 +4406,19 @@ func (a *V0alpha2ApiService) GetWebAuthnJavaScriptExecute(r V0alpha2ApiApiGetWeb
 }
 
 type V0alpha2ApiApiInitializeSelfServiceLoginFlowForBrowsersRequest struct {
-	ctx        context.Context
-	ApiService V0alpha2Api
-	refresh    *bool
-	aal        *string
-	returnTo   *string
-	cookie     *string
+	ctx            context.Context
+	ApiService     V0alpha2Api
+	loginChallenge *string
+	refresh        *bool
+	aal            *string
+	returnTo       *string
+	cookie         *string
 }
 
+func (r V0alpha2ApiApiInitializeSelfServiceLoginFlowForBrowsersRequest) LoginChallenge(loginChallenge string) V0alpha2ApiApiInitializeSelfServiceLoginFlowForBrowsersRequest {
+	r.loginChallenge = &loginChallenge
+	return r
+}
 func (r V0alpha2ApiApiInitializeSelfServiceLoginFlowForBrowsersRequest) Refresh(refresh bool) V0alpha2ApiApiInitializeSelfServiceLoginFlowForBrowsersRequest {
 	r.refresh = &refresh
 	return r
@@ -4450,6 +4459,10 @@ case of an error, the `error.id` of the JSON response body can be one of:
 `security_csrf_violation`: Unable to fetch the flow because a CSRF violation occurred.
 `security_identity_mismatch`: The requested `?return_to` address is not allowed to be used. Adjust this in the configuration!
 
+The optional query parameter login_challenge is set when using Kratos with
+Hydra in an OAuth2 flow. See the oauth2_provider.url configuration
+option.
+
 This endpoint is NOT INTENDED for clients that do not have a browser (Chrome, Firefox, ...) as cookies are needed.
 
 More information can be found at [Ory Kratos User Login](https://www.ory.sh/docs/kratos/self-service/flows/user-login) and [User Registration Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-registration).
@@ -4488,6 +4501,9 @@ func (a *V0alpha2ApiService) InitializeSelfServiceLoginFlowForBrowsersExecute(r
 	localVarQueryParams := url.Values{}
 	localVarFormParams := url.Values{}
 
+	if r.loginChallenge != nil {
+		localVarQueryParams.Add("login_challenge", parameterToString(*r.loginChallenge, ""))
+	}
 	if r.refresh != nil {
 		localVarQueryParams.Add("refresh", parameterToString(*r.refresh, ""))
 	}
@@ -5009,11 +5025,16 @@ func (a *V0alpha2ApiService) InitializeSelfServiceRecoveryFlowWithoutBrowserExec
 }
 
 type V0alpha2ApiApiInitializeSelfServiceRegistrationFlowForBrowsersRequest struct {
-	ctx        context.Context
-	ApiService V0alpha2Api
-	returnTo   *string
+	ctx            context.Context
+	ApiService     V0alpha2Api
+	loginChallenge *string
+	returnTo       *string
 }
 
+func (r V0alpha2ApiApiInitializeSelfServiceRegistrationFlowForBrowsersRequest) LoginChallenge(loginChallenge string) V0alpha2ApiApiInitializeSelfServiceRegistrationFlowForBrowsersRequest {
+	r.loginChallenge = &loginChallenge
+	return r
+}
 func (r V0alpha2ApiApiInitializeSelfServiceRegistrationFlowForBrowsersRequest) ReturnTo(returnTo string) V0alpha2ApiApiInitializeSelfServiceRegistrationFlowForBrowsersRequest {
 	r.returnTo = &returnTo
 	return r
@@ -5086,6 +5107,9 @@ func (a *V0alpha2ApiService) InitializeSelfServiceRegistrationFlowForBrowsersExe
 	localVarQueryParams := url.Values{}
 	localVarFormParams := url.Values{}
 
+	if r.loginChallenge != nil {
+		localVarQueryParams.Add("login_challenge", parameterToString(*r.loginChallenge, ""))
+	}
 	if r.returnTo != nil {
 		localVarQueryParams.Add("return_to", parameterToString(*r.returnTo, ""))
 	}
diff --git a/internal/httpclient/docs/LoginRequest.md b/internal/httpclient/docs/LoginRequest.md
new file mode 100644
index 000000000000..6ca2ab9a7876
--- /dev/null
+++ b/internal/httpclient/docs/LoginRequest.md
@@ -0,0 +1,264 @@
+# LoginRequest
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Challenge** | Pointer to **string** | ID is the identifier (\\\"login challenge\\\") of the login request. It is used to identify the session. | [optional] 
+**Client** | Pointer to [**OAuth2Client**](OAuth2Client.md) |  | [optional] 
+**OidcContext** | Pointer to [**OpenIDConnectContext**](OpenIDConnectContext.md) |  | [optional] 
+**RequestUrl** | Pointer to **string** | RequestURL is the original OAuth 2.0 Authorization URL requested by the OAuth 2.0 client. It is the URL which initiates the OAuth 2.0 Authorization Code or OAuth 2.0 Implicit flow. This URL is typically not needed, but might come in handy if you want to deal with additional request parameters. | [optional] 
+**RequestedAccessTokenAudience** | Pointer to **[]string** |  | [optional] 
+**RequestedScope** | Pointer to **[]string** |  | [optional] 
+**SessionId** | Pointer to **string** | SessionID is the login session ID. If the user-agent reuses a login session (via cookie / remember flag) this ID will remain the same. If the user-agent did not have an existing authentication session (e.g. remember is false) this will be a new random value. This value is used as the \\\"sid\\\" parameter in the ID Token and in OIDC Front-/Back- channel logout. It's value can generally be used to associate consecutive login requests by a certain user. | [optional] 
+**Skip** | Pointer to **bool** | Skip, if true, implies that the client has requested the same scopes from the same user previously. If true, you can skip asking the user to grant the requested scopes, and simply forward the user to the redirect URL.  This feature allows you to update / set session information. | [optional] 
+**Subject** | Pointer to **string** | Subject is the user ID of the end-user that authenticated. Now, that end user needs to grant or deny the scope requested by the OAuth 2.0 client. If this value is set and `skip` is true, you MUST include this subject type when accepting the login request, or the request will fail. | [optional] 
+
+## Methods
+
+### NewLoginRequest
+
+`func NewLoginRequest() *LoginRequest`
+
+NewLoginRequest instantiates a new LoginRequest object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewLoginRequestWithDefaults
+
+`func NewLoginRequestWithDefaults() *LoginRequest`
+
+NewLoginRequestWithDefaults instantiates a new LoginRequest object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetChallenge
+
+`func (o *LoginRequest) GetChallenge() string`
+
+GetChallenge returns the Challenge field if non-nil, zero value otherwise.
+
+### GetChallengeOk
+
+`func (o *LoginRequest) GetChallengeOk() (*string, bool)`
+
+GetChallengeOk returns a tuple with the Challenge field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetChallenge
+
+`func (o *LoginRequest) SetChallenge(v string)`
+
+SetChallenge sets Challenge field to given value.
+
+### HasChallenge
+
+`func (o *LoginRequest) HasChallenge() bool`
+
+HasChallenge returns a boolean if a field has been set.
+
+### GetClient
+
+`func (o *LoginRequest) GetClient() OAuth2Client`
+
+GetClient returns the Client field if non-nil, zero value otherwise.
+
+### GetClientOk
+
+`func (o *LoginRequest) GetClientOk() (*OAuth2Client, bool)`
+
+GetClientOk returns a tuple with the Client field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetClient
+
+`func (o *LoginRequest) SetClient(v OAuth2Client)`
+
+SetClient sets Client field to given value.
+
+### HasClient
+
+`func (o *LoginRequest) HasClient() bool`
+
+HasClient returns a boolean if a field has been set.
+
+### GetOidcContext
+
+`func (o *LoginRequest) GetOidcContext() OpenIDConnectContext`
+
+GetOidcContext returns the OidcContext field if non-nil, zero value otherwise.
+
+### GetOidcContextOk
+
+`func (o *LoginRequest) GetOidcContextOk() (*OpenIDConnectContext, bool)`
+
+GetOidcContextOk returns a tuple with the OidcContext field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetOidcContext
+
+`func (o *LoginRequest) SetOidcContext(v OpenIDConnectContext)`
+
+SetOidcContext sets OidcContext field to given value.
+
+### HasOidcContext
+
+`func (o *LoginRequest) HasOidcContext() bool`
+
+HasOidcContext returns a boolean if a field has been set.
+
+### GetRequestUrl
+
+`func (o *LoginRequest) GetRequestUrl() string`
+
+GetRequestUrl returns the RequestUrl field if non-nil, zero value otherwise.
+
+### GetRequestUrlOk
+
+`func (o *LoginRequest) GetRequestUrlOk() (*string, bool)`
+
+GetRequestUrlOk returns a tuple with the RequestUrl field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetRequestUrl
+
+`func (o *LoginRequest) SetRequestUrl(v string)`
+
+SetRequestUrl sets RequestUrl field to given value.
+
+### HasRequestUrl
+
+`func (o *LoginRequest) HasRequestUrl() bool`
+
+HasRequestUrl returns a boolean if a field has been set.
+
+### GetRequestedAccessTokenAudience
+
+`func (o *LoginRequest) GetRequestedAccessTokenAudience() []string`
+
+GetRequestedAccessTokenAudience returns the RequestedAccessTokenAudience field if non-nil, zero value otherwise.
+
+### GetRequestedAccessTokenAudienceOk
+
+`func (o *LoginRequest) GetRequestedAccessTokenAudienceOk() (*[]string, bool)`
+
+GetRequestedAccessTokenAudienceOk returns a tuple with the RequestedAccessTokenAudience field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetRequestedAccessTokenAudience
+
+`func (o *LoginRequest) SetRequestedAccessTokenAudience(v []string)`
+
+SetRequestedAccessTokenAudience sets RequestedAccessTokenAudience field to given value.
+
+### HasRequestedAccessTokenAudience
+
+`func (o *LoginRequest) HasRequestedAccessTokenAudience() bool`
+
+HasRequestedAccessTokenAudience returns a boolean if a field has been set.
+
+### GetRequestedScope
+
+`func (o *LoginRequest) GetRequestedScope() []string`
+
+GetRequestedScope returns the RequestedScope field if non-nil, zero value otherwise.
+
+### GetRequestedScopeOk
+
+`func (o *LoginRequest) GetRequestedScopeOk() (*[]string, bool)`
+
+GetRequestedScopeOk returns a tuple with the RequestedScope field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetRequestedScope
+
+`func (o *LoginRequest) SetRequestedScope(v []string)`
+
+SetRequestedScope sets RequestedScope field to given value.
+
+### HasRequestedScope
+
+`func (o *LoginRequest) HasRequestedScope() bool`
+
+HasRequestedScope returns a boolean if a field has been set.
+
+### GetSessionId
+
+`func (o *LoginRequest) GetSessionId() string`
+
+GetSessionId returns the SessionId field if non-nil, zero value otherwise.
+
+### GetSessionIdOk
+
+`func (o *LoginRequest) GetSessionIdOk() (*string, bool)`
+
+GetSessionIdOk returns a tuple with the SessionId field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetSessionId
+
+`func (o *LoginRequest) SetSessionId(v string)`
+
+SetSessionId sets SessionId field to given value.
+
+### HasSessionId
+
+`func (o *LoginRequest) HasSessionId() bool`
+
+HasSessionId returns a boolean if a field has been set.
+
+### GetSkip
+
+`func (o *LoginRequest) GetSkip() bool`
+
+GetSkip returns the Skip field if non-nil, zero value otherwise.
+
+### GetSkipOk
+
+`func (o *LoginRequest) GetSkipOk() (*bool, bool)`
+
+GetSkipOk returns a tuple with the Skip field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetSkip
+
+`func (o *LoginRequest) SetSkip(v bool)`
+
+SetSkip sets Skip field to given value.
+
+### HasSkip
+
+`func (o *LoginRequest) HasSkip() bool`
+
+HasSkip returns a boolean if a field has been set.
+
+### GetSubject
+
+`func (o *LoginRequest) GetSubject() string`
+
+GetSubject returns the Subject field if non-nil, zero value otherwise.
+
+### GetSubjectOk
+
+`func (o *LoginRequest) GetSubjectOk() (*string, bool)`
+
+GetSubjectOk returns a tuple with the Subject field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetSubject
+
+`func (o *LoginRequest) SetSubject(v string)`
+
+SetSubject sets Subject field to given value.
+
+### HasSubject
+
+`func (o *LoginRequest) HasSubject() bool`
+
+HasSubject returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/internal/httpclient/docs/OAuth2Client.md b/internal/httpclient/docs/OAuth2Client.md
new file mode 100644
index 000000000000..030c3af4ed44
--- /dev/null
+++ b/internal/httpclient/docs/OAuth2Client.md
@@ -0,0 +1,940 @@
+# OAuth2Client
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**AllowedCorsOrigins** | Pointer to **[]string** |  | [optional] 
+**Audience** | Pointer to **[]string** |  | [optional] 
+**BackchannelLogoutSessionRequired** | Pointer to **bool** | Boolean value specifying whether the RP requires that a sid (session ID) Claim be included in the Logout Token to identify the RP session with the OP when the backchannel_logout_uri is used. If omitted, the default value is false. | [optional] 
+**BackchannelLogoutUri** | Pointer to **string** | RP URL that will cause the RP to log itself out when sent a Logout Token by the OP. | [optional] 
+**ClientId** | Pointer to **string** | ID  is the id for this client. | [optional] 
+**ClientName** | Pointer to **string** | Name is the human-readable string name of the client to be presented to the end-user during authorization. | [optional] 
+**ClientSecret** | Pointer to **string** | Secret is the client's secret. The secret will be included in the create request as cleartext, and then never again. The secret is stored using BCrypt so it is impossible to recover it. Tell your users that they need to write the secret down as it will not be made available again. | [optional] 
+**ClientSecretExpiresAt** | Pointer to **int64** | SecretExpiresAt is an integer holding the time at which the client secret will expire or 0 if it will not expire. The time is represented as the number of seconds from 1970-01-01T00:00:00Z as measured in UTC until the date/time of expiration.  This feature is currently not supported and it's value will always be set to 0. | [optional] 
+**ClientUri** | Pointer to **string** | ClientURI is an URL string of a web page providing information about the client. If present, the server SHOULD display this URL to the end-user in a clickable fashion. | [optional] 
+**Contacts** | Pointer to **[]string** |  | [optional] 
+**CreatedAt** | Pointer to **time.Time** | CreatedAt returns the timestamp of the client's creation. | [optional] 
+**FrontchannelLogoutSessionRequired** | Pointer to **bool** | Boolean value specifying whether the RP requires that iss (issuer) and sid (session ID) query parameters be included to identify the RP session with the OP when the frontchannel_logout_uri is used. If omitted, the default value is false. | [optional] 
+**FrontchannelLogoutUri** | Pointer to **string** | RP URL that will cause the RP to log itself out when rendered in an iframe by the OP. An iss (issuer) query parameter and a sid (session ID) query parameter MAY be included by the OP to enable the RP to validate the request and to determine which of the potentially multiple sessions is to be logged out; if either is included, both MUST be. | [optional] 
+**GrantTypes** | Pointer to **[]string** |  | [optional] 
+**Jwks** | Pointer to **map[string]interface{}** |  | [optional] 
+**JwksUri** | Pointer to **string** | URL for the Client's JSON Web Key Set [JWK] document. If the Client signs requests to the Server, it contains the signing key(s) the Server uses to validate signatures from the Client. The JWK Set MAY also contain the Client's encryption keys(s), which are used by the Server to encrypt responses to the Client. When both signing and encryption keys are made available, a use (Key Use) parameter value is REQUIRED for all keys in the referenced JWK Set to indicate each key's intended usage. Although some algorithms allow the same key to be used for both signatures and encryption, doing so is NOT RECOMMENDED, as it is less secure. The JWK x5c parameter MAY be used to provide X.509 representations of keys provided. When used, the bare key values MUST still be present and MUST match those in the certificate. | [optional] 
+**LogoUri** | Pointer to **string** | LogoURI is an URL string that references a logo for the client. | [optional] 
+**Metadata** | Pointer to **map[string]interface{}** |  | [optional] 
+**Owner** | Pointer to **string** | Owner is a string identifying the owner of the OAuth 2.0 Client. | [optional] 
+**PolicyUri** | Pointer to **string** | PolicyURI is a URL string that points to a human-readable privacy policy document that describes how the deployment organization collects, uses, retains, and discloses personal data. | [optional] 
+**PostLogoutRedirectUris** | Pointer to **[]string** |  | [optional] 
+**RedirectUris** | Pointer to **[]string** |  | [optional] 
+**RegistrationAccessToken** | Pointer to **string** | RegistrationAccessToken can be used to update, get, or delete the OAuth2 Client. | [optional] 
+**RegistrationClientUri** | Pointer to **string** | RegistrationClientURI is the URL used to update, get, or delete the OAuth2 Client. | [optional] 
+**RequestObjectSigningAlg** | Pointer to **string** | JWS [JWS] alg algorithm [JWA] that MUST be used for signing Request Objects sent to the OP. All Request Objects from this Client MUST be rejected, if not signed with this algorithm. | [optional] 
+**RequestUris** | Pointer to **[]string** |  | [optional] 
+**ResponseTypes** | Pointer to **[]string** |  | [optional] 
+**Scope** | Pointer to **string** | Scope is a string containing a space-separated list of scope values (as described in Section 3.3 of OAuth 2.0 [RFC6749]) that the client can use when requesting access tokens. | [optional] 
+**SectorIdentifierUri** | Pointer to **string** | URL using the https scheme to be used in calculating Pseudonymous Identifiers by the OP. The URL references a file with a single JSON array of redirect_uri values. | [optional] 
+**SubjectType** | Pointer to **string** | SubjectType requested for responses to this Client. The subject_types_supported Discovery parameter contains a list of the supported subject_type values for this server. Valid types include `pairwise` and `public`. | [optional] 
+**TokenEndpointAuthMethod** | Pointer to **string** | Requested Client Authentication method for the Token Endpoint. The options are client_secret_post, client_secret_basic, private_key_jwt, and none. | [optional] 
+**TokenEndpointAuthSigningAlg** | Pointer to **string** | Requested Client Authentication signing algorithm for the Token Endpoint. | [optional] 
+**TosUri** | Pointer to **string** | TermsOfServiceURI is a URL string that points to a human-readable terms of service document for the client that describes a contractual relationship between the end-user and the client that the end-user accepts when authorizing the client. | [optional] 
+**UpdatedAt** | Pointer to **time.Time** | UpdatedAt returns the timestamp of the last update. | [optional] 
+**UserinfoSignedResponseAlg** | Pointer to **string** | JWS alg algorithm [JWA] REQUIRED for signing UserInfo Responses. If this is specified, the response will be JWT [JWT] serialized, and signed using JWS. The default, if omitted, is for the UserInfo Response to return the Claims as a UTF-8 encoded JSON object using the application/json content-type. | [optional] 
+
+## Methods
+
+### NewOAuth2Client
+
+`func NewOAuth2Client() *OAuth2Client`
+
+NewOAuth2Client instantiates a new OAuth2Client object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewOAuth2ClientWithDefaults
+
+`func NewOAuth2ClientWithDefaults() *OAuth2Client`
+
+NewOAuth2ClientWithDefaults instantiates a new OAuth2Client object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetAllowedCorsOrigins
+
+`func (o *OAuth2Client) GetAllowedCorsOrigins() []string`
+
+GetAllowedCorsOrigins returns the AllowedCorsOrigins field if non-nil, zero value otherwise.
+
+### GetAllowedCorsOriginsOk
+
+`func (o *OAuth2Client) GetAllowedCorsOriginsOk() (*[]string, bool)`
+
+GetAllowedCorsOriginsOk returns a tuple with the AllowedCorsOrigins field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetAllowedCorsOrigins
+
+`func (o *OAuth2Client) SetAllowedCorsOrigins(v []string)`
+
+SetAllowedCorsOrigins sets AllowedCorsOrigins field to given value.
+
+### HasAllowedCorsOrigins
+
+`func (o *OAuth2Client) HasAllowedCorsOrigins() bool`
+
+HasAllowedCorsOrigins returns a boolean if a field has been set.
+
+### GetAudience
+
+`func (o *OAuth2Client) GetAudience() []string`
+
+GetAudience returns the Audience field if non-nil, zero value otherwise.
+
+### GetAudienceOk
+
+`func (o *OAuth2Client) GetAudienceOk() (*[]string, bool)`
+
+GetAudienceOk returns a tuple with the Audience field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetAudience
+
+`func (o *OAuth2Client) SetAudience(v []string)`
+
+SetAudience sets Audience field to given value.
+
+### HasAudience
+
+`func (o *OAuth2Client) HasAudience() bool`
+
+HasAudience returns a boolean if a field has been set.
+
+### GetBackchannelLogoutSessionRequired
+
+`func (o *OAuth2Client) GetBackchannelLogoutSessionRequired() bool`
+
+GetBackchannelLogoutSessionRequired returns the BackchannelLogoutSessionRequired field if non-nil, zero value otherwise.
+
+### GetBackchannelLogoutSessionRequiredOk
+
+`func (o *OAuth2Client) GetBackchannelLogoutSessionRequiredOk() (*bool, bool)`
+
+GetBackchannelLogoutSessionRequiredOk returns a tuple with the BackchannelLogoutSessionRequired field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetBackchannelLogoutSessionRequired
+
+`func (o *OAuth2Client) SetBackchannelLogoutSessionRequired(v bool)`
+
+SetBackchannelLogoutSessionRequired sets BackchannelLogoutSessionRequired field to given value.
+
+### HasBackchannelLogoutSessionRequired
+
+`func (o *OAuth2Client) HasBackchannelLogoutSessionRequired() bool`
+
+HasBackchannelLogoutSessionRequired returns a boolean if a field has been set.
+
+### GetBackchannelLogoutUri
+
+`func (o *OAuth2Client) GetBackchannelLogoutUri() string`
+
+GetBackchannelLogoutUri returns the BackchannelLogoutUri field if non-nil, zero value otherwise.
+
+### GetBackchannelLogoutUriOk
+
+`func (o *OAuth2Client) GetBackchannelLogoutUriOk() (*string, bool)`
+
+GetBackchannelLogoutUriOk returns a tuple with the BackchannelLogoutUri field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetBackchannelLogoutUri
+
+`func (o *OAuth2Client) SetBackchannelLogoutUri(v string)`
+
+SetBackchannelLogoutUri sets BackchannelLogoutUri field to given value.
+
+### HasBackchannelLogoutUri
+
+`func (o *OAuth2Client) HasBackchannelLogoutUri() bool`
+
+HasBackchannelLogoutUri returns a boolean if a field has been set.
+
+### GetClientId
+
+`func (o *OAuth2Client) GetClientId() string`
+
+GetClientId returns the ClientId field if non-nil, zero value otherwise.
+
+### GetClientIdOk
+
+`func (o *OAuth2Client) GetClientIdOk() (*string, bool)`
+
+GetClientIdOk returns a tuple with the ClientId field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetClientId
+
+`func (o *OAuth2Client) SetClientId(v string)`
+
+SetClientId sets ClientId field to given value.
+
+### HasClientId
+
+`func (o *OAuth2Client) HasClientId() bool`
+
+HasClientId returns a boolean if a field has been set.
+
+### GetClientName
+
+`func (o *OAuth2Client) GetClientName() string`
+
+GetClientName returns the ClientName field if non-nil, zero value otherwise.
+
+### GetClientNameOk
+
+`func (o *OAuth2Client) GetClientNameOk() (*string, bool)`
+
+GetClientNameOk returns a tuple with the ClientName field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetClientName
+
+`func (o *OAuth2Client) SetClientName(v string)`
+
+SetClientName sets ClientName field to given value.
+
+### HasClientName
+
+`func (o *OAuth2Client) HasClientName() bool`
+
+HasClientName returns a boolean if a field has been set.
+
+### GetClientSecret
+
+`func (o *OAuth2Client) GetClientSecret() string`
+
+GetClientSecret returns the ClientSecret field if non-nil, zero value otherwise.
+
+### GetClientSecretOk
+
+`func (o *OAuth2Client) GetClientSecretOk() (*string, bool)`
+
+GetClientSecretOk returns a tuple with the ClientSecret field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetClientSecret
+
+`func (o *OAuth2Client) SetClientSecret(v string)`
+
+SetClientSecret sets ClientSecret field to given value.
+
+### HasClientSecret
+
+`func (o *OAuth2Client) HasClientSecret() bool`
+
+HasClientSecret returns a boolean if a field has been set.
+
+### GetClientSecretExpiresAt
+
+`func (o *OAuth2Client) GetClientSecretExpiresAt() int64`
+
+GetClientSecretExpiresAt returns the ClientSecretExpiresAt field if non-nil, zero value otherwise.
+
+### GetClientSecretExpiresAtOk
+
+`func (o *OAuth2Client) GetClientSecretExpiresAtOk() (*int64, bool)`
+
+GetClientSecretExpiresAtOk returns a tuple with the ClientSecretExpiresAt field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetClientSecretExpiresAt
+
+`func (o *OAuth2Client) SetClientSecretExpiresAt(v int64)`
+
+SetClientSecretExpiresAt sets ClientSecretExpiresAt field to given value.
+
+### HasClientSecretExpiresAt
+
+`func (o *OAuth2Client) HasClientSecretExpiresAt() bool`
+
+HasClientSecretExpiresAt returns a boolean if a field has been set.
+
+### GetClientUri
+
+`func (o *OAuth2Client) GetClientUri() string`
+
+GetClientUri returns the ClientUri field if non-nil, zero value otherwise.
+
+### GetClientUriOk
+
+`func (o *OAuth2Client) GetClientUriOk() (*string, bool)`
+
+GetClientUriOk returns a tuple with the ClientUri field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetClientUri
+
+`func (o *OAuth2Client) SetClientUri(v string)`
+
+SetClientUri sets ClientUri field to given value.
+
+### HasClientUri
+
+`func (o *OAuth2Client) HasClientUri() bool`
+
+HasClientUri returns a boolean if a field has been set.
+
+### GetContacts
+
+`func (o *OAuth2Client) GetContacts() []string`
+
+GetContacts returns the Contacts field if non-nil, zero value otherwise.
+
+### GetContactsOk
+
+`func (o *OAuth2Client) GetContactsOk() (*[]string, bool)`
+
+GetContactsOk returns a tuple with the Contacts field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetContacts
+
+`func (o *OAuth2Client) SetContacts(v []string)`
+
+SetContacts sets Contacts field to given value.
+
+### HasContacts
+
+`func (o *OAuth2Client) HasContacts() bool`
+
+HasContacts returns a boolean if a field has been set.
+
+### GetCreatedAt
+
+`func (o *OAuth2Client) GetCreatedAt() time.Time`
+
+GetCreatedAt returns the CreatedAt field if non-nil, zero value otherwise.
+
+### GetCreatedAtOk
+
+`func (o *OAuth2Client) GetCreatedAtOk() (*time.Time, bool)`
+
+GetCreatedAtOk returns a tuple with the CreatedAt field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetCreatedAt
+
+`func (o *OAuth2Client) SetCreatedAt(v time.Time)`
+
+SetCreatedAt sets CreatedAt field to given value.
+
+### HasCreatedAt
+
+`func (o *OAuth2Client) HasCreatedAt() bool`
+
+HasCreatedAt returns a boolean if a field has been set.
+
+### GetFrontchannelLogoutSessionRequired
+
+`func (o *OAuth2Client) GetFrontchannelLogoutSessionRequired() bool`
+
+GetFrontchannelLogoutSessionRequired returns the FrontchannelLogoutSessionRequired field if non-nil, zero value otherwise.
+
+### GetFrontchannelLogoutSessionRequiredOk
+
+`func (o *OAuth2Client) GetFrontchannelLogoutSessionRequiredOk() (*bool, bool)`
+
+GetFrontchannelLogoutSessionRequiredOk returns a tuple with the FrontchannelLogoutSessionRequired field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetFrontchannelLogoutSessionRequired
+
+`func (o *OAuth2Client) SetFrontchannelLogoutSessionRequired(v bool)`
+
+SetFrontchannelLogoutSessionRequired sets FrontchannelLogoutSessionRequired field to given value.
+
+### HasFrontchannelLogoutSessionRequired
+
+`func (o *OAuth2Client) HasFrontchannelLogoutSessionRequired() bool`
+
+HasFrontchannelLogoutSessionRequired returns a boolean if a field has been set.
+
+### GetFrontchannelLogoutUri
+
+`func (o *OAuth2Client) GetFrontchannelLogoutUri() string`
+
+GetFrontchannelLogoutUri returns the FrontchannelLogoutUri field if non-nil, zero value otherwise.
+
+### GetFrontchannelLogoutUriOk
+
+`func (o *OAuth2Client) GetFrontchannelLogoutUriOk() (*string, bool)`
+
+GetFrontchannelLogoutUriOk returns a tuple with the FrontchannelLogoutUri field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetFrontchannelLogoutUri
+
+`func (o *OAuth2Client) SetFrontchannelLogoutUri(v string)`
+
+SetFrontchannelLogoutUri sets FrontchannelLogoutUri field to given value.
+
+### HasFrontchannelLogoutUri
+
+`func (o *OAuth2Client) HasFrontchannelLogoutUri() bool`
+
+HasFrontchannelLogoutUri returns a boolean if a field has been set.
+
+### GetGrantTypes
+
+`func (o *OAuth2Client) GetGrantTypes() []string`
+
+GetGrantTypes returns the GrantTypes field if non-nil, zero value otherwise.
+
+### GetGrantTypesOk
+
+`func (o *OAuth2Client) GetGrantTypesOk() (*[]string, bool)`
+
+GetGrantTypesOk returns a tuple with the GrantTypes field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetGrantTypes
+
+`func (o *OAuth2Client) SetGrantTypes(v []string)`
+
+SetGrantTypes sets GrantTypes field to given value.
+
+### HasGrantTypes
+
+`func (o *OAuth2Client) HasGrantTypes() bool`
+
+HasGrantTypes returns a boolean if a field has been set.
+
+### GetJwks
+
+`func (o *OAuth2Client) GetJwks() map[string]interface{}`
+
+GetJwks returns the Jwks field if non-nil, zero value otherwise.
+
+### GetJwksOk
+
+`func (o *OAuth2Client) GetJwksOk() (*map[string]interface{}, bool)`
+
+GetJwksOk returns a tuple with the Jwks field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetJwks
+
+`func (o *OAuth2Client) SetJwks(v map[string]interface{})`
+
+SetJwks sets Jwks field to given value.
+
+### HasJwks
+
+`func (o *OAuth2Client) HasJwks() bool`
+
+HasJwks returns a boolean if a field has been set.
+
+### GetJwksUri
+
+`func (o *OAuth2Client) GetJwksUri() string`
+
+GetJwksUri returns the JwksUri field if non-nil, zero value otherwise.
+
+### GetJwksUriOk
+
+`func (o *OAuth2Client) GetJwksUriOk() (*string, bool)`
+
+GetJwksUriOk returns a tuple with the JwksUri field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetJwksUri
+
+`func (o *OAuth2Client) SetJwksUri(v string)`
+
+SetJwksUri sets JwksUri field to given value.
+
+### HasJwksUri
+
+`func (o *OAuth2Client) HasJwksUri() bool`
+
+HasJwksUri returns a boolean if a field has been set.
+
+### GetLogoUri
+
+`func (o *OAuth2Client) GetLogoUri() string`
+
+GetLogoUri returns the LogoUri field if non-nil, zero value otherwise.
+
+### GetLogoUriOk
+
+`func (o *OAuth2Client) GetLogoUriOk() (*string, bool)`
+
+GetLogoUriOk returns a tuple with the LogoUri field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetLogoUri
+
+`func (o *OAuth2Client) SetLogoUri(v string)`
+
+SetLogoUri sets LogoUri field to given value.
+
+### HasLogoUri
+
+`func (o *OAuth2Client) HasLogoUri() bool`
+
+HasLogoUri returns a boolean if a field has been set.
+
+### GetMetadata
+
+`func (o *OAuth2Client) GetMetadata() map[string]interface{}`
+
+GetMetadata returns the Metadata field if non-nil, zero value otherwise.
+
+### GetMetadataOk
+
+`func (o *OAuth2Client) GetMetadataOk() (*map[string]interface{}, bool)`
+
+GetMetadataOk returns a tuple with the Metadata field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetMetadata
+
+`func (o *OAuth2Client) SetMetadata(v map[string]interface{})`
+
+SetMetadata sets Metadata field to given value.
+
+### HasMetadata
+
+`func (o *OAuth2Client) HasMetadata() bool`
+
+HasMetadata returns a boolean if a field has been set.
+
+### GetOwner
+
+`func (o *OAuth2Client) GetOwner() string`
+
+GetOwner returns the Owner field if non-nil, zero value otherwise.
+
+### GetOwnerOk
+
+`func (o *OAuth2Client) GetOwnerOk() (*string, bool)`
+
+GetOwnerOk returns a tuple with the Owner field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetOwner
+
+`func (o *OAuth2Client) SetOwner(v string)`
+
+SetOwner sets Owner field to given value.
+
+### HasOwner
+
+`func (o *OAuth2Client) HasOwner() bool`
+
+HasOwner returns a boolean if a field has been set.
+
+### GetPolicyUri
+
+`func (o *OAuth2Client) GetPolicyUri() string`
+
+GetPolicyUri returns the PolicyUri field if non-nil, zero value otherwise.
+
+### GetPolicyUriOk
+
+`func (o *OAuth2Client) GetPolicyUriOk() (*string, bool)`
+
+GetPolicyUriOk returns a tuple with the PolicyUri field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetPolicyUri
+
+`func (o *OAuth2Client) SetPolicyUri(v string)`
+
+SetPolicyUri sets PolicyUri field to given value.
+
+### HasPolicyUri
+
+`func (o *OAuth2Client) HasPolicyUri() bool`
+
+HasPolicyUri returns a boolean if a field has been set.
+
+### GetPostLogoutRedirectUris
+
+`func (o *OAuth2Client) GetPostLogoutRedirectUris() []string`
+
+GetPostLogoutRedirectUris returns the PostLogoutRedirectUris field if non-nil, zero value otherwise.
+
+### GetPostLogoutRedirectUrisOk
+
+`func (o *OAuth2Client) GetPostLogoutRedirectUrisOk() (*[]string, bool)`
+
+GetPostLogoutRedirectUrisOk returns a tuple with the PostLogoutRedirectUris field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetPostLogoutRedirectUris
+
+`func (o *OAuth2Client) SetPostLogoutRedirectUris(v []string)`
+
+SetPostLogoutRedirectUris sets PostLogoutRedirectUris field to given value.
+
+### HasPostLogoutRedirectUris
+
+`func (o *OAuth2Client) HasPostLogoutRedirectUris() bool`
+
+HasPostLogoutRedirectUris returns a boolean if a field has been set.
+
+### GetRedirectUris
+
+`func (o *OAuth2Client) GetRedirectUris() []string`
+
+GetRedirectUris returns the RedirectUris field if non-nil, zero value otherwise.
+
+### GetRedirectUrisOk
+
+`func (o *OAuth2Client) GetRedirectUrisOk() (*[]string, bool)`
+
+GetRedirectUrisOk returns a tuple with the RedirectUris field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetRedirectUris
+
+`func (o *OAuth2Client) SetRedirectUris(v []string)`
+
+SetRedirectUris sets RedirectUris field to given value.
+
+### HasRedirectUris
+
+`func (o *OAuth2Client) HasRedirectUris() bool`
+
+HasRedirectUris returns a boolean if a field has been set.
+
+### GetRegistrationAccessToken
+
+`func (o *OAuth2Client) GetRegistrationAccessToken() string`
+
+GetRegistrationAccessToken returns the RegistrationAccessToken field if non-nil, zero value otherwise.
+
+### GetRegistrationAccessTokenOk
+
+`func (o *OAuth2Client) GetRegistrationAccessTokenOk() (*string, bool)`
+
+GetRegistrationAccessTokenOk returns a tuple with the RegistrationAccessToken field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetRegistrationAccessToken
+
+`func (o *OAuth2Client) SetRegistrationAccessToken(v string)`
+
+SetRegistrationAccessToken sets RegistrationAccessToken field to given value.
+
+### HasRegistrationAccessToken
+
+`func (o *OAuth2Client) HasRegistrationAccessToken() bool`
+
+HasRegistrationAccessToken returns a boolean if a field has been set.
+
+### GetRegistrationClientUri
+
+`func (o *OAuth2Client) GetRegistrationClientUri() string`
+
+GetRegistrationClientUri returns the RegistrationClientUri field if non-nil, zero value otherwise.
+
+### GetRegistrationClientUriOk
+
+`func (o *OAuth2Client) GetRegistrationClientUriOk() (*string, bool)`
+
+GetRegistrationClientUriOk returns a tuple with the RegistrationClientUri field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetRegistrationClientUri
+
+`func (o *OAuth2Client) SetRegistrationClientUri(v string)`
+
+SetRegistrationClientUri sets RegistrationClientUri field to given value.
+
+### HasRegistrationClientUri
+
+`func (o *OAuth2Client) HasRegistrationClientUri() bool`
+
+HasRegistrationClientUri returns a boolean if a field has been set.
+
+### GetRequestObjectSigningAlg
+
+`func (o *OAuth2Client) GetRequestObjectSigningAlg() string`
+
+GetRequestObjectSigningAlg returns the RequestObjectSigningAlg field if non-nil, zero value otherwise.
+
+### GetRequestObjectSigningAlgOk
+
+`func (o *OAuth2Client) GetRequestObjectSigningAlgOk() (*string, bool)`
+
+GetRequestObjectSigningAlgOk returns a tuple with the RequestObjectSigningAlg field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetRequestObjectSigningAlg
+
+`func (o *OAuth2Client) SetRequestObjectSigningAlg(v string)`
+
+SetRequestObjectSigningAlg sets RequestObjectSigningAlg field to given value.
+
+### HasRequestObjectSigningAlg
+
+`func (o *OAuth2Client) HasRequestObjectSigningAlg() bool`
+
+HasRequestObjectSigningAlg returns a boolean if a field has been set.
+
+### GetRequestUris
+
+`func (o *OAuth2Client) GetRequestUris() []string`
+
+GetRequestUris returns the RequestUris field if non-nil, zero value otherwise.
+
+### GetRequestUrisOk
+
+`func (o *OAuth2Client) GetRequestUrisOk() (*[]string, bool)`
+
+GetRequestUrisOk returns a tuple with the RequestUris field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetRequestUris
+
+`func (o *OAuth2Client) SetRequestUris(v []string)`
+
+SetRequestUris sets RequestUris field to given value.
+
+### HasRequestUris
+
+`func (o *OAuth2Client) HasRequestUris() bool`
+
+HasRequestUris returns a boolean if a field has been set.
+
+### GetResponseTypes
+
+`func (o *OAuth2Client) GetResponseTypes() []string`
+
+GetResponseTypes returns the ResponseTypes field if non-nil, zero value otherwise.
+
+### GetResponseTypesOk
+
+`func (o *OAuth2Client) GetResponseTypesOk() (*[]string, bool)`
+
+GetResponseTypesOk returns a tuple with the ResponseTypes field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetResponseTypes
+
+`func (o *OAuth2Client) SetResponseTypes(v []string)`
+
+SetResponseTypes sets ResponseTypes field to given value.
+
+### HasResponseTypes
+
+`func (o *OAuth2Client) HasResponseTypes() bool`
+
+HasResponseTypes returns a boolean if a field has been set.
+
+### GetScope
+
+`func (o *OAuth2Client) GetScope() string`
+
+GetScope returns the Scope field if non-nil, zero value otherwise.
+
+### GetScopeOk
+
+`func (o *OAuth2Client) GetScopeOk() (*string, bool)`
+
+GetScopeOk returns a tuple with the Scope field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetScope
+
+`func (o *OAuth2Client) SetScope(v string)`
+
+SetScope sets Scope field to given value.
+
+### HasScope
+
+`func (o *OAuth2Client) HasScope() bool`
+
+HasScope returns a boolean if a field has been set.
+
+### GetSectorIdentifierUri
+
+`func (o *OAuth2Client) GetSectorIdentifierUri() string`
+
+GetSectorIdentifierUri returns the SectorIdentifierUri field if non-nil, zero value otherwise.
+
+### GetSectorIdentifierUriOk
+
+`func (o *OAuth2Client) GetSectorIdentifierUriOk() (*string, bool)`
+
+GetSectorIdentifierUriOk returns a tuple with the SectorIdentifierUri field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetSectorIdentifierUri
+
+`func (o *OAuth2Client) SetSectorIdentifierUri(v string)`
+
+SetSectorIdentifierUri sets SectorIdentifierUri field to given value.
+
+### HasSectorIdentifierUri
+
+`func (o *OAuth2Client) HasSectorIdentifierUri() bool`
+
+HasSectorIdentifierUri returns a boolean if a field has been set.
+
+### GetSubjectType
+
+`func (o *OAuth2Client) GetSubjectType() string`
+
+GetSubjectType returns the SubjectType field if non-nil, zero value otherwise.
+
+### GetSubjectTypeOk
+
+`func (o *OAuth2Client) GetSubjectTypeOk() (*string, bool)`
+
+GetSubjectTypeOk returns a tuple with the SubjectType field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetSubjectType
+
+`func (o *OAuth2Client) SetSubjectType(v string)`
+
+SetSubjectType sets SubjectType field to given value.
+
+### HasSubjectType
+
+`func (o *OAuth2Client) HasSubjectType() bool`
+
+HasSubjectType returns a boolean if a field has been set.
+
+### GetTokenEndpointAuthMethod
+
+`func (o *OAuth2Client) GetTokenEndpointAuthMethod() string`
+
+GetTokenEndpointAuthMethod returns the TokenEndpointAuthMethod field if non-nil, zero value otherwise.
+
+### GetTokenEndpointAuthMethodOk
+
+`func (o *OAuth2Client) GetTokenEndpointAuthMethodOk() (*string, bool)`
+
+GetTokenEndpointAuthMethodOk returns a tuple with the TokenEndpointAuthMethod field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetTokenEndpointAuthMethod
+
+`func (o *OAuth2Client) SetTokenEndpointAuthMethod(v string)`
+
+SetTokenEndpointAuthMethod sets TokenEndpointAuthMethod field to given value.
+
+### HasTokenEndpointAuthMethod
+
+`func (o *OAuth2Client) HasTokenEndpointAuthMethod() bool`
+
+HasTokenEndpointAuthMethod returns a boolean if a field has been set.
+
+### GetTokenEndpointAuthSigningAlg
+
+`func (o *OAuth2Client) GetTokenEndpointAuthSigningAlg() string`
+
+GetTokenEndpointAuthSigningAlg returns the TokenEndpointAuthSigningAlg field if non-nil, zero value otherwise.
+
+### GetTokenEndpointAuthSigningAlgOk
+
+`func (o *OAuth2Client) GetTokenEndpointAuthSigningAlgOk() (*string, bool)`
+
+GetTokenEndpointAuthSigningAlgOk returns a tuple with the TokenEndpointAuthSigningAlg field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetTokenEndpointAuthSigningAlg
+
+`func (o *OAuth2Client) SetTokenEndpointAuthSigningAlg(v string)`
+
+SetTokenEndpointAuthSigningAlg sets TokenEndpointAuthSigningAlg field to given value.
+
+### HasTokenEndpointAuthSigningAlg
+
+`func (o *OAuth2Client) HasTokenEndpointAuthSigningAlg() bool`
+
+HasTokenEndpointAuthSigningAlg returns a boolean if a field has been set.
+
+### GetTosUri
+
+`func (o *OAuth2Client) GetTosUri() string`
+
+GetTosUri returns the TosUri field if non-nil, zero value otherwise.
+
+### GetTosUriOk
+
+`func (o *OAuth2Client) GetTosUriOk() (*string, bool)`
+
+GetTosUriOk returns a tuple with the TosUri field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetTosUri
+
+`func (o *OAuth2Client) SetTosUri(v string)`
+
+SetTosUri sets TosUri field to given value.
+
+### HasTosUri
+
+`func (o *OAuth2Client) HasTosUri() bool`
+
+HasTosUri returns a boolean if a field has been set.
+
+### GetUpdatedAt
+
+`func (o *OAuth2Client) GetUpdatedAt() time.Time`
+
+GetUpdatedAt returns the UpdatedAt field if non-nil, zero value otherwise.
+
+### GetUpdatedAtOk
+
+`func (o *OAuth2Client) GetUpdatedAtOk() (*time.Time, bool)`
+
+GetUpdatedAtOk returns a tuple with the UpdatedAt field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetUpdatedAt
+
+`func (o *OAuth2Client) SetUpdatedAt(v time.Time)`
+
+SetUpdatedAt sets UpdatedAt field to given value.
+
+### HasUpdatedAt
+
+`func (o *OAuth2Client) HasUpdatedAt() bool`
+
+HasUpdatedAt returns a boolean if a field has been set.
+
+### GetUserinfoSignedResponseAlg
+
+`func (o *OAuth2Client) GetUserinfoSignedResponseAlg() string`
+
+GetUserinfoSignedResponseAlg returns the UserinfoSignedResponseAlg field if non-nil, zero value otherwise.
+
+### GetUserinfoSignedResponseAlgOk
+
+`func (o *OAuth2Client) GetUserinfoSignedResponseAlgOk() (*string, bool)`
+
+GetUserinfoSignedResponseAlgOk returns a tuple with the UserinfoSignedResponseAlg field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetUserinfoSignedResponseAlg
+
+`func (o *OAuth2Client) SetUserinfoSignedResponseAlg(v string)`
+
+SetUserinfoSignedResponseAlg sets UserinfoSignedResponseAlg field to given value.
+
+### HasUserinfoSignedResponseAlg
+
+`func (o *OAuth2Client) HasUserinfoSignedResponseAlg() bool`
+
+HasUserinfoSignedResponseAlg returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/internal/httpclient/docs/OpenIDConnectContext.md b/internal/httpclient/docs/OpenIDConnectContext.md
new file mode 100644
index 000000000000..9c36a97a7766
--- /dev/null
+++ b/internal/httpclient/docs/OpenIDConnectContext.md
@@ -0,0 +1,160 @@
+# OpenIDConnectContext
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**AcrValues** | Pointer to **[]string** | ACRValues is the Authentication AuthorizationContext Class Reference requested in the OAuth 2.0 Authorization request. It is a parameter defined by OpenID Connect and expresses which level of authentication (e.g. 2FA) is required.  OpenID Connect defines it as follows: > Requested Authentication AuthorizationContext Class Reference values. Space-separated string that specifies the acr values that the Authorization Server is being requested to use for processing this Authentication Request, with the values appearing in order of preference. The Authentication AuthorizationContext Class satisfied by the authentication performed is returned as the acr Claim Value, as specified in Section 2. The acr Claim is requested as a Voluntary Claim by this parameter. | [optional] 
+**Display** | Pointer to **string** | Display is a string value that specifies how the Authorization Server displays the authentication and consent user interface pages to the End-User. The defined values are: page: The Authorization Server SHOULD display the authentication and consent UI consistent with a full User Agent page view. If the display parameter is not specified, this is the default display mode. popup: The Authorization Server SHOULD display the authentication and consent UI consistent with a popup User Agent window. The popup User Agent window should be of an appropriate size for a login-focused dialog and should not obscure the entire window that it is popping up over. touch: The Authorization Server SHOULD display the authentication and consent UI consistent with a device that leverages a touch interface. wap: The Authorization Server SHOULD display the authentication and consent UI consistent with a \\\"feature phone\\\" type display.  The Authorization Server MAY also attempt to detect the capabilities of the User Agent and present an appropriate display. | [optional] 
+**IdTokenHintClaims** | Pointer to **map[string]map[string]interface{}** | IDTokenHintClaims are the claims of the ID Token previously issued by the Authorization Server being passed as a hint about the End-User's current or past authenticated session with the Client. | [optional] 
+**LoginHint** | Pointer to **string** | LoginHint hints about the login identifier the End-User might use to log in (if necessary). This hint can be used by an RP if it first asks the End-User for their e-mail address (or other identifier) and then wants to pass that value as a hint to the discovered authorization service. This value MAY also be a phone number in the format specified for the phone_number Claim. The use of this parameter is optional. | [optional] 
+**UiLocales** | Pointer to **[]string** | UILocales is the End-User'id preferred languages and scripts for the user interface, represented as a space-separated list of BCP47 [RFC5646] language tag values, ordered by preference. For instance, the value \\\"fr-CA fr en\\\" represents a preference for French as spoken in Canada, then French (without a region designation), followed by English (without a region designation). An error SHOULD NOT result if some or all of the requested locales are not supported by the OpenID Provider. | [optional] 
+
+## Methods
+
+### NewOpenIDConnectContext
+
+`func NewOpenIDConnectContext() *OpenIDConnectContext`
+
+NewOpenIDConnectContext instantiates a new OpenIDConnectContext object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewOpenIDConnectContextWithDefaults
+
+`func NewOpenIDConnectContextWithDefaults() *OpenIDConnectContext`
+
+NewOpenIDConnectContextWithDefaults instantiates a new OpenIDConnectContext object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetAcrValues
+
+`func (o *OpenIDConnectContext) GetAcrValues() []string`
+
+GetAcrValues returns the AcrValues field if non-nil, zero value otherwise.
+
+### GetAcrValuesOk
+
+`func (o *OpenIDConnectContext) GetAcrValuesOk() (*[]string, bool)`
+
+GetAcrValuesOk returns a tuple with the AcrValues field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetAcrValues
+
+`func (o *OpenIDConnectContext) SetAcrValues(v []string)`
+
+SetAcrValues sets AcrValues field to given value.
+
+### HasAcrValues
+
+`func (o *OpenIDConnectContext) HasAcrValues() bool`
+
+HasAcrValues returns a boolean if a field has been set.
+
+### GetDisplay
+
+`func (o *OpenIDConnectContext) GetDisplay() string`
+
+GetDisplay returns the Display field if non-nil, zero value otherwise.
+
+### GetDisplayOk
+
+`func (o *OpenIDConnectContext) GetDisplayOk() (*string, bool)`
+
+GetDisplayOk returns a tuple with the Display field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetDisplay
+
+`func (o *OpenIDConnectContext) SetDisplay(v string)`
+
+SetDisplay sets Display field to given value.
+
+### HasDisplay
+
+`func (o *OpenIDConnectContext) HasDisplay() bool`
+
+HasDisplay returns a boolean if a field has been set.
+
+### GetIdTokenHintClaims
+
+`func (o *OpenIDConnectContext) GetIdTokenHintClaims() map[string]map[string]interface{}`
+
+GetIdTokenHintClaims returns the IdTokenHintClaims field if non-nil, zero value otherwise.
+
+### GetIdTokenHintClaimsOk
+
+`func (o *OpenIDConnectContext) GetIdTokenHintClaimsOk() (*map[string]map[string]interface{}, bool)`
+
+GetIdTokenHintClaimsOk returns a tuple with the IdTokenHintClaims field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetIdTokenHintClaims
+
+`func (o *OpenIDConnectContext) SetIdTokenHintClaims(v map[string]map[string]interface{})`
+
+SetIdTokenHintClaims sets IdTokenHintClaims field to given value.
+
+### HasIdTokenHintClaims
+
+`func (o *OpenIDConnectContext) HasIdTokenHintClaims() bool`
+
+HasIdTokenHintClaims returns a boolean if a field has been set.
+
+### GetLoginHint
+
+`func (o *OpenIDConnectContext) GetLoginHint() string`
+
+GetLoginHint returns the LoginHint field if non-nil, zero value otherwise.
+
+### GetLoginHintOk
+
+`func (o *OpenIDConnectContext) GetLoginHintOk() (*string, bool)`
+
+GetLoginHintOk returns a tuple with the LoginHint field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetLoginHint
+
+`func (o *OpenIDConnectContext) SetLoginHint(v string)`
+
+SetLoginHint sets LoginHint field to given value.
+
+### HasLoginHint
+
+`func (o *OpenIDConnectContext) HasLoginHint() bool`
+
+HasLoginHint returns a boolean if a field has been set.
+
+### GetUiLocales
+
+`func (o *OpenIDConnectContext) GetUiLocales() []string`
+
+GetUiLocales returns the UiLocales field if non-nil, zero value otherwise.
+
+### GetUiLocalesOk
+
+`func (o *OpenIDConnectContext) GetUiLocalesOk() (*[]string, bool)`
+
+GetUiLocalesOk returns a tuple with the UiLocales field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetUiLocales
+
+`func (o *OpenIDConnectContext) SetUiLocales(v []string)`
+
+SetUiLocales sets UiLocales field to given value.
+
+### HasUiLocales
+
+`func (o *OpenIDConnectContext) HasUiLocales() bool`
+
+HasUiLocales returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/internal/httpclient/docs/SelfServiceLoginFlow.md b/internal/httpclient/docs/SelfServiceLoginFlow.md
index 3cb8c2336102..70d0259d3e0b 100644
--- a/internal/httpclient/docs/SelfServiceLoginFlow.md
+++ b/internal/httpclient/docs/SelfServiceLoginFlow.md
@@ -9,6 +9,8 @@ Name | Type | Description | Notes
 **ExpiresAt** | **time.Time** | ExpiresAt is the time (UTC) when the flow expires. If the user still wishes to log in, a new flow has to be initiated. | 
 **Id** | **string** | ID represents the flow's unique ID. When performing the login flow, this represents the id in the login UI's query parameter: http://<selfservice.flows.login.ui_url>/?flow=<flow_id> | 
 **IssuedAt** | **time.Time** | IssuedAt is the time (UTC) when the flow started. | 
+**Oauth2LoginChallenge** | Pointer to **NullableString** |  | [optional] 
+**Oauth2LoginRequest** | Pointer to [**LoginRequest**](LoginRequest.md) |  | [optional] 
 **Refresh** | Pointer to **bool** | Refresh stores whether this login flow should enforce re-authentication. | [optional] 
 **RequestUrl** | **string** | RequestURL is the initial URL that was requested from Ory Kratos. It can be used to forward information contained in the URL's path or query for example. | 
 **RequestedAal** | Pointer to [**AuthenticatorAssuranceLevel**](AuthenticatorAssuranceLevel.md) |  | [optional] 
@@ -146,6 +148,66 @@ and a boolean to check if the value has been set.
 SetIssuedAt sets IssuedAt field to given value.
 
 
+### GetOauth2LoginChallenge
+
+`func (o *SelfServiceLoginFlow) GetOauth2LoginChallenge() string`
+
+GetOauth2LoginChallenge returns the Oauth2LoginChallenge field if non-nil, zero value otherwise.
+
+### GetOauth2LoginChallengeOk
+
+`func (o *SelfServiceLoginFlow) GetOauth2LoginChallengeOk() (*string, bool)`
+
+GetOauth2LoginChallengeOk returns a tuple with the Oauth2LoginChallenge field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetOauth2LoginChallenge
+
+`func (o *SelfServiceLoginFlow) SetOauth2LoginChallenge(v string)`
+
+SetOauth2LoginChallenge sets Oauth2LoginChallenge field to given value.
+
+### HasOauth2LoginChallenge
+
+`func (o *SelfServiceLoginFlow) HasOauth2LoginChallenge() bool`
+
+HasOauth2LoginChallenge returns a boolean if a field has been set.
+
+### SetOauth2LoginChallengeNil
+
+`func (o *SelfServiceLoginFlow) SetOauth2LoginChallengeNil(b bool)`
+
+ SetOauth2LoginChallengeNil sets the value for Oauth2LoginChallenge to be an explicit nil
+
+### UnsetOauth2LoginChallenge
+`func (o *SelfServiceLoginFlow) UnsetOauth2LoginChallenge()`
+
+UnsetOauth2LoginChallenge ensures that no value is present for Oauth2LoginChallenge, not even an explicit nil
+### GetOauth2LoginRequest
+
+`func (o *SelfServiceLoginFlow) GetOauth2LoginRequest() LoginRequest`
+
+GetOauth2LoginRequest returns the Oauth2LoginRequest field if non-nil, zero value otherwise.
+
+### GetOauth2LoginRequestOk
+
+`func (o *SelfServiceLoginFlow) GetOauth2LoginRequestOk() (*LoginRequest, bool)`
+
+GetOauth2LoginRequestOk returns a tuple with the Oauth2LoginRequest field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetOauth2LoginRequest
+
+`func (o *SelfServiceLoginFlow) SetOauth2LoginRequest(v LoginRequest)`
+
+SetOauth2LoginRequest sets Oauth2LoginRequest field to given value.
+
+### HasOauth2LoginRequest
+
+`func (o *SelfServiceLoginFlow) HasOauth2LoginRequest() bool`
+
+HasOauth2LoginRequest returns a boolean if a field has been set.
+
 ### GetRefresh
 
 `func (o *SelfServiceLoginFlow) GetRefresh() bool`
diff --git a/internal/httpclient/docs/SelfServiceRegistrationFlow.md b/internal/httpclient/docs/SelfServiceRegistrationFlow.md
index 7f7f424a0db5..53668d515eb3 100644
--- a/internal/httpclient/docs/SelfServiceRegistrationFlow.md
+++ b/internal/httpclient/docs/SelfServiceRegistrationFlow.md
@@ -8,6 +8,8 @@ Name | Type | Description | Notes
 **ExpiresAt** | **time.Time** | ExpiresAt is the time (UTC) when the flow expires. If the user still wishes to log in, a new flow has to be initiated. | 
 **Id** | **string** | ID represents the flow's unique ID. When performing the registration flow, this represents the id in the registration ui's query parameter: http://<selfservice.flows.registration.ui_url>/?flow=<id> | 
 **IssuedAt** | **time.Time** | IssuedAt is the time (UTC) when the flow occurred. | 
+**Oauth2LoginChallenge** | Pointer to **NullableString** |  | [optional] 
+**Oauth2LoginRequest** | Pointer to [**LoginRequest**](LoginRequest.md) |  | [optional] 
 **RequestUrl** | **string** | RequestURL is the initial URL that was requested from Ory Kratos. It can be used to forward information contained in the URL's path or query for example. | 
 **ReturnTo** | Pointer to **string** | ReturnTo contains the requested return_to URL. | [optional] 
 **Type** | **string** | The flow type can either be `api` or `browser`. | 
@@ -117,6 +119,66 @@ and a boolean to check if the value has been set.
 SetIssuedAt sets IssuedAt field to given value.
 
 
+### GetOauth2LoginChallenge
+
+`func (o *SelfServiceRegistrationFlow) GetOauth2LoginChallenge() string`
+
+GetOauth2LoginChallenge returns the Oauth2LoginChallenge field if non-nil, zero value otherwise.
+
+### GetOauth2LoginChallengeOk
+
+`func (o *SelfServiceRegistrationFlow) GetOauth2LoginChallengeOk() (*string, bool)`
+
+GetOauth2LoginChallengeOk returns a tuple with the Oauth2LoginChallenge field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetOauth2LoginChallenge
+
+`func (o *SelfServiceRegistrationFlow) SetOauth2LoginChallenge(v string)`
+
+SetOauth2LoginChallenge sets Oauth2LoginChallenge field to given value.
+
+### HasOauth2LoginChallenge
+
+`func (o *SelfServiceRegistrationFlow) HasOauth2LoginChallenge() bool`
+
+HasOauth2LoginChallenge returns a boolean if a field has been set.
+
+### SetOauth2LoginChallengeNil
+
+`func (o *SelfServiceRegistrationFlow) SetOauth2LoginChallengeNil(b bool)`
+
+ SetOauth2LoginChallengeNil sets the value for Oauth2LoginChallenge to be an explicit nil
+
+### UnsetOauth2LoginChallenge
+`func (o *SelfServiceRegistrationFlow) UnsetOauth2LoginChallenge()`
+
+UnsetOauth2LoginChallenge ensures that no value is present for Oauth2LoginChallenge, not even an explicit nil
+### GetOauth2LoginRequest
+
+`func (o *SelfServiceRegistrationFlow) GetOauth2LoginRequest() LoginRequest`
+
+GetOauth2LoginRequest returns the Oauth2LoginRequest field if non-nil, zero value otherwise.
+
+### GetOauth2LoginRequestOk
+
+`func (o *SelfServiceRegistrationFlow) GetOauth2LoginRequestOk() (*LoginRequest, bool)`
+
+GetOauth2LoginRequestOk returns a tuple with the Oauth2LoginRequest field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetOauth2LoginRequest
+
+`func (o *SelfServiceRegistrationFlow) SetOauth2LoginRequest(v LoginRequest)`
+
+SetOauth2LoginRequest sets Oauth2LoginRequest field to given value.
+
+### HasOauth2LoginRequest
+
+`func (o *SelfServiceRegistrationFlow) HasOauth2LoginRequest() bool`
+
+HasOauth2LoginRequest returns a boolean if a field has been set.
+
 ### GetRequestUrl
 
 `func (o *SelfServiceRegistrationFlow) GetRequestUrl() string`
diff --git a/internal/httpclient/docs/V0alpha2Api.md b/internal/httpclient/docs/V0alpha2Api.md
index a9146b4f6ff2..4cc994fd84c9 100644
--- a/internal/httpclient/docs/V0alpha2Api.md
+++ b/internal/httpclient/docs/V0alpha2Api.md
@@ -1493,7 +1493,7 @@ No authorization required
 
 ## InitializeSelfServiceLoginFlowForBrowsers
 
-> SelfServiceLoginFlow InitializeSelfServiceLoginFlowForBrowsers(ctx).Refresh(refresh).Aal(aal).ReturnTo(returnTo).Cookie(cookie).Execute()
+> SelfServiceLoginFlow InitializeSelfServiceLoginFlowForBrowsers(ctx).LoginChallenge(loginChallenge).Refresh(refresh).Aal(aal).ReturnTo(returnTo).Cookie(cookie).Execute()
 
 Initialize Login Flow for Browsers
 
@@ -1512,6 +1512,7 @@ import (
 )
 
 func main() {
+    loginChallenge := "loginChallenge_example" // string | An optional Hydra login challenge. If present, Kratos will cooperate with Ory Hydra to act as an OAuth2 identity provider.  The value for this parameter comes from `login_challenge` URL Query parameter sent to your application (e.g. `/login?login_challenge=abcde`). (optional)
     refresh := true // bool | Refresh a login session  If set to true, this will refresh an existing login session by asking the user to sign in again. This will reset the authenticated_at time of the session. (optional)
     aal := "aal_example" // string | Request a Specific AuthenticationMethod Assurance Level  Use this parameter to upgrade an existing session's authenticator assurance level (AAL). This allows you to ask for multi-factor authentication. When an identity sign in using e.g. username+password, the AAL is 1. If you wish to \"upgrade\" the session's security by asking the user to perform TOTP / WebAuth/ ... you would set this to \"aal2\". (optional)
     returnTo := "returnTo_example" // string | The URL to return the browser to after the flow was completed. (optional)
@@ -1519,7 +1520,7 @@ func main() {
 
     configuration := openapiclient.NewConfiguration()
     apiClient := openapiclient.NewAPIClient(configuration)
-    resp, r, err := apiClient.V0alpha2Api.InitializeSelfServiceLoginFlowForBrowsers(context.Background()).Refresh(refresh).Aal(aal).ReturnTo(returnTo).Cookie(cookie).Execute()
+    resp, r, err := apiClient.V0alpha2Api.InitializeSelfServiceLoginFlowForBrowsers(context.Background()).LoginChallenge(loginChallenge).Refresh(refresh).Aal(aal).ReturnTo(returnTo).Cookie(cookie).Execute()
     if err != nil {
         fmt.Fprintf(os.Stderr, "Error when calling `V0alpha2Api.InitializeSelfServiceLoginFlowForBrowsers``: %v\n", err)
         fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
@@ -1540,6 +1541,7 @@ Other parameters are passed through a pointer to a apiInitializeSelfServiceLogin
 
 Name | Type | Description  | Notes
 ------------- | ------------- | ------------- | -------------
+ **loginChallenge** | **string** | An optional Hydra login challenge. If present, Kratos will cooperate with Ory Hydra to act as an OAuth2 identity provider.  The value for this parameter comes from `login_challenge` URL Query parameter sent to your application (e.g. `/login?login_challenge=abcde`). | 
  **refresh** | **bool** | Refresh a login session  If set to true, this will refresh an existing login session by asking the user to sign in again. This will reset the authenticated_at time of the session. | 
  **aal** | **string** | Request a Specific AuthenticationMethod Assurance Level  Use this parameter to upgrade an existing session's authenticator assurance level (AAL). This allows you to ask for multi-factor authentication. When an identity sign in using e.g. username+password, the AAL is 1. If you wish to \"upgrade\" the session's security by asking the user to perform TOTP / WebAuth/ ... you would set this to \"aal2\". | 
  **returnTo** | **string** | The URL to return the browser to after the flow was completed. | 
@@ -1762,7 +1764,7 @@ No authorization required
 
 ## InitializeSelfServiceRegistrationFlowForBrowsers
 
-> SelfServiceRegistrationFlow InitializeSelfServiceRegistrationFlowForBrowsers(ctx).ReturnTo(returnTo).Execute()
+> SelfServiceRegistrationFlow InitializeSelfServiceRegistrationFlowForBrowsers(ctx).LoginChallenge(loginChallenge).ReturnTo(returnTo).Execute()
 
 Initialize Registration Flow for Browsers
 
@@ -1781,11 +1783,12 @@ import (
 )
 
 func main() {
+    loginChallenge := "loginChallenge_example" // string | An optional Hydra login challenge. If present, Kratos will cooperate with Ory Hydra to act as an OAuth2 identity provider.  The value for this parameter comes from `login_challenge` URL Query parameter sent to your application (e.g. `/registration?login_challenge=abcde`). (optional)
     returnTo := "returnTo_example" // string | The URL to return the browser to after the flow was completed. (optional)
 
     configuration := openapiclient.NewConfiguration()
     apiClient := openapiclient.NewAPIClient(configuration)
-    resp, r, err := apiClient.V0alpha2Api.InitializeSelfServiceRegistrationFlowForBrowsers(context.Background()).ReturnTo(returnTo).Execute()
+    resp, r, err := apiClient.V0alpha2Api.InitializeSelfServiceRegistrationFlowForBrowsers(context.Background()).LoginChallenge(loginChallenge).ReturnTo(returnTo).Execute()
     if err != nil {
         fmt.Fprintf(os.Stderr, "Error when calling `V0alpha2Api.InitializeSelfServiceRegistrationFlowForBrowsers``: %v\n", err)
         fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
@@ -1806,6 +1809,7 @@ Other parameters are passed through a pointer to a apiInitializeSelfServiceRegis
 
 Name | Type | Description  | Notes
 ------------- | ------------- | ------------- | -------------
+ **loginChallenge** | **string** | An optional Hydra login challenge. If present, Kratos will cooperate with Ory Hydra to act as an OAuth2 identity provider.  The value for this parameter comes from `login_challenge` URL Query parameter sent to your application (e.g. `/registration?login_challenge=abcde`). | 
  **returnTo** | **string** | The URL to return the browser to after the flow was completed. | 
 
 ### Return type
diff --git a/internal/httpclient/model_login_request.go b/internal/httpclient/model_login_request.go
new file mode 100644
index 000000000000..5ac0ab85ec08
--- /dev/null
+++ b/internal/httpclient/model_login_request.go
@@ -0,0 +1,407 @@
+/*
+ * Ory Kratos API
+ *
+ * Documentation for all public and administrative Ory Kratos APIs. Public and administrative APIs are exposed on different ports. Public APIs can face the public internet without any protection while administrative APIs should never be exposed without prior authorization. To protect the administative API port you should use something like Nginx, Ory Oathkeeper, or any other technology capable of authorizing incoming requests.
+ *
+ * API version: 1.0.0
+ * Contact: hi@ory.sh
+ */
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+
+package client
+
+import (
+	"encoding/json"
+)
+
+// LoginRequest LoginRequest struct for LoginRequest
+type LoginRequest struct {
+	// ID is the identifier (\\\"login challenge\\\") of the login request. It is used to identify the session.
+	Challenge   *string               `json:"challenge,omitempty"`
+	Client      *OAuth2Client         `json:"client,omitempty"`
+	OidcContext *OpenIDConnectContext `json:"oidc_context,omitempty"`
+	// RequestURL is the original OAuth 2.0 Authorization URL requested by the OAuth 2.0 client. It is the URL which initiates the OAuth 2.0 Authorization Code or OAuth 2.0 Implicit flow. This URL is typically not needed, but might come in handy if you want to deal with additional request parameters.
+	RequestUrl                   *string  `json:"request_url,omitempty"`
+	RequestedAccessTokenAudience []string `json:"requested_access_token_audience,omitempty"`
+	RequestedScope               []string `json:"requested_scope,omitempty"`
+	// SessionID is the login session ID. If the user-agent reuses a login session (via cookie / remember flag) this ID will remain the same. If the user-agent did not have an existing authentication session (e.g. remember is false) this will be a new random value. This value is used as the \\\"sid\\\" parameter in the ID Token and in OIDC Front-/Back- channel logout. It's value can generally be used to associate consecutive login requests by a certain user.
+	SessionId *string `json:"session_id,omitempty"`
+	// Skip, if true, implies that the client has requested the same scopes from the same user previously. If true, you can skip asking the user to grant the requested scopes, and simply forward the user to the redirect URL.  This feature allows you to update / set session information.
+	Skip *bool `json:"skip,omitempty"`
+	// Subject is the user ID of the end-user that authenticated. Now, that end user needs to grant or deny the scope requested by the OAuth 2.0 client. If this value is set and `skip` is true, you MUST include this subject type when accepting the login request, or the request will fail.
+	Subject *string `json:"subject,omitempty"`
+}
+
+// NewLoginRequest instantiates a new LoginRequest object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewLoginRequest() *LoginRequest {
+	this := LoginRequest{}
+	return &this
+}
+
+// NewLoginRequestWithDefaults instantiates a new LoginRequest object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewLoginRequestWithDefaults() *LoginRequest {
+	this := LoginRequest{}
+	return &this
+}
+
+// GetChallenge returns the Challenge field value if set, zero value otherwise.
+func (o *LoginRequest) GetChallenge() string {
+	if o == nil || o.Challenge == nil {
+		var ret string
+		return ret
+	}
+	return *o.Challenge
+}
+
+// GetChallengeOk returns a tuple with the Challenge field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *LoginRequest) GetChallengeOk() (*string, bool) {
+	if o == nil || o.Challenge == nil {
+		return nil, false
+	}
+	return o.Challenge, true
+}
+
+// HasChallenge returns a boolean if a field has been set.
+func (o *LoginRequest) HasChallenge() bool {
+	if o != nil && o.Challenge != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetChallenge gets a reference to the given string and assigns it to the Challenge field.
+func (o *LoginRequest) SetChallenge(v string) {
+	o.Challenge = &v
+}
+
+// GetClient returns the Client field value if set, zero value otherwise.
+func (o *LoginRequest) GetClient() OAuth2Client {
+	if o == nil || o.Client == nil {
+		var ret OAuth2Client
+		return ret
+	}
+	return *o.Client
+}
+
+// GetClientOk returns a tuple with the Client field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *LoginRequest) GetClientOk() (*OAuth2Client, bool) {
+	if o == nil || o.Client == nil {
+		return nil, false
+	}
+	return o.Client, true
+}
+
+// HasClient returns a boolean if a field has been set.
+func (o *LoginRequest) HasClient() bool {
+	if o != nil && o.Client != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetClient gets a reference to the given OAuth2Client and assigns it to the Client field.
+func (o *LoginRequest) SetClient(v OAuth2Client) {
+	o.Client = &v
+}
+
+// GetOidcContext returns the OidcContext field value if set, zero value otherwise.
+func (o *LoginRequest) GetOidcContext() OpenIDConnectContext {
+	if o == nil || o.OidcContext == nil {
+		var ret OpenIDConnectContext
+		return ret
+	}
+	return *o.OidcContext
+}
+
+// GetOidcContextOk returns a tuple with the OidcContext field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *LoginRequest) GetOidcContextOk() (*OpenIDConnectContext, bool) {
+	if o == nil || o.OidcContext == nil {
+		return nil, false
+	}
+	return o.OidcContext, true
+}
+
+// HasOidcContext returns a boolean if a field has been set.
+func (o *LoginRequest) HasOidcContext() bool {
+	if o != nil && o.OidcContext != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetOidcContext gets a reference to the given OpenIDConnectContext and assigns it to the OidcContext field.
+func (o *LoginRequest) SetOidcContext(v OpenIDConnectContext) {
+	o.OidcContext = &v
+}
+
+// GetRequestUrl returns the RequestUrl field value if set, zero value otherwise.
+func (o *LoginRequest) GetRequestUrl() string {
+	if o == nil || o.RequestUrl == nil {
+		var ret string
+		return ret
+	}
+	return *o.RequestUrl
+}
+
+// GetRequestUrlOk returns a tuple with the RequestUrl field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *LoginRequest) GetRequestUrlOk() (*string, bool) {
+	if o == nil || o.RequestUrl == nil {
+		return nil, false
+	}
+	return o.RequestUrl, true
+}
+
+// HasRequestUrl returns a boolean if a field has been set.
+func (o *LoginRequest) HasRequestUrl() bool {
+	if o != nil && o.RequestUrl != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetRequestUrl gets a reference to the given string and assigns it to the RequestUrl field.
+func (o *LoginRequest) SetRequestUrl(v string) {
+	o.RequestUrl = &v
+}
+
+// GetRequestedAccessTokenAudience returns the RequestedAccessTokenAudience field value if set, zero value otherwise.
+func (o *LoginRequest) GetRequestedAccessTokenAudience() []string {
+	if o == nil || o.RequestedAccessTokenAudience == nil {
+		var ret []string
+		return ret
+	}
+	return o.RequestedAccessTokenAudience
+}
+
+// GetRequestedAccessTokenAudienceOk returns a tuple with the RequestedAccessTokenAudience field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *LoginRequest) GetRequestedAccessTokenAudienceOk() ([]string, bool) {
+	if o == nil || o.RequestedAccessTokenAudience == nil {
+		return nil, false
+	}
+	return o.RequestedAccessTokenAudience, true
+}
+
+// HasRequestedAccessTokenAudience returns a boolean if a field has been set.
+func (o *LoginRequest) HasRequestedAccessTokenAudience() bool {
+	if o != nil && o.RequestedAccessTokenAudience != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetRequestedAccessTokenAudience gets a reference to the given []string and assigns it to the RequestedAccessTokenAudience field.
+func (o *LoginRequest) SetRequestedAccessTokenAudience(v []string) {
+	o.RequestedAccessTokenAudience = v
+}
+
+// GetRequestedScope returns the RequestedScope field value if set, zero value otherwise.
+func (o *LoginRequest) GetRequestedScope() []string {
+	if o == nil || o.RequestedScope == nil {
+		var ret []string
+		return ret
+	}
+	return o.RequestedScope
+}
+
+// GetRequestedScopeOk returns a tuple with the RequestedScope field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *LoginRequest) GetRequestedScopeOk() ([]string, bool) {
+	if o == nil || o.RequestedScope == nil {
+		return nil, false
+	}
+	return o.RequestedScope, true
+}
+
+// HasRequestedScope returns a boolean if a field has been set.
+func (o *LoginRequest) HasRequestedScope() bool {
+	if o != nil && o.RequestedScope != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetRequestedScope gets a reference to the given []string and assigns it to the RequestedScope field.
+func (o *LoginRequest) SetRequestedScope(v []string) {
+	o.RequestedScope = v
+}
+
+// GetSessionId returns the SessionId field value if set, zero value otherwise.
+func (o *LoginRequest) GetSessionId() string {
+	if o == nil || o.SessionId == nil {
+		var ret string
+		return ret
+	}
+	return *o.SessionId
+}
+
+// GetSessionIdOk returns a tuple with the SessionId field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *LoginRequest) GetSessionIdOk() (*string, bool) {
+	if o == nil || o.SessionId == nil {
+		return nil, false
+	}
+	return o.SessionId, true
+}
+
+// HasSessionId returns a boolean if a field has been set.
+func (o *LoginRequest) HasSessionId() bool {
+	if o != nil && o.SessionId != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetSessionId gets a reference to the given string and assigns it to the SessionId field.
+func (o *LoginRequest) SetSessionId(v string) {
+	o.SessionId = &v
+}
+
+// GetSkip returns the Skip field value if set, zero value otherwise.
+func (o *LoginRequest) GetSkip() bool {
+	if o == nil || o.Skip == nil {
+		var ret bool
+		return ret
+	}
+	return *o.Skip
+}
+
+// GetSkipOk returns a tuple with the Skip field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *LoginRequest) GetSkipOk() (*bool, bool) {
+	if o == nil || o.Skip == nil {
+		return nil, false
+	}
+	return o.Skip, true
+}
+
+// HasSkip returns a boolean if a field has been set.
+func (o *LoginRequest) HasSkip() bool {
+	if o != nil && o.Skip != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetSkip gets a reference to the given bool and assigns it to the Skip field.
+func (o *LoginRequest) SetSkip(v bool) {
+	o.Skip = &v
+}
+
+// GetSubject returns the Subject field value if set, zero value otherwise.
+func (o *LoginRequest) GetSubject() string {
+	if o == nil || o.Subject == nil {
+		var ret string
+		return ret
+	}
+	return *o.Subject
+}
+
+// GetSubjectOk returns a tuple with the Subject field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *LoginRequest) GetSubjectOk() (*string, bool) {
+	if o == nil || o.Subject == nil {
+		return nil, false
+	}
+	return o.Subject, true
+}
+
+// HasSubject returns a boolean if a field has been set.
+func (o *LoginRequest) HasSubject() bool {
+	if o != nil && o.Subject != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetSubject gets a reference to the given string and assigns it to the Subject field.
+func (o *LoginRequest) SetSubject(v string) {
+	o.Subject = &v
+}
+
+func (o LoginRequest) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Challenge != nil {
+		toSerialize["challenge"] = o.Challenge
+	}
+	if o.Client != nil {
+		toSerialize["client"] = o.Client
+	}
+	if o.OidcContext != nil {
+		toSerialize["oidc_context"] = o.OidcContext
+	}
+	if o.RequestUrl != nil {
+		toSerialize["request_url"] = o.RequestUrl
+	}
+	if o.RequestedAccessTokenAudience != nil {
+		toSerialize["requested_access_token_audience"] = o.RequestedAccessTokenAudience
+	}
+	if o.RequestedScope != nil {
+		toSerialize["requested_scope"] = o.RequestedScope
+	}
+	if o.SessionId != nil {
+		toSerialize["session_id"] = o.SessionId
+	}
+	if o.Skip != nil {
+		toSerialize["skip"] = o.Skip
+	}
+	if o.Subject != nil {
+		toSerialize["subject"] = o.Subject
+	}
+	return json.Marshal(toSerialize)
+}
+
+type NullableLoginRequest struct {
+	value *LoginRequest
+	isSet bool
+}
+
+func (v NullableLoginRequest) Get() *LoginRequest {
+	return v.value
+}
+
+func (v *NullableLoginRequest) Set(val *LoginRequest) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableLoginRequest) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableLoginRequest) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableLoginRequest(val *LoginRequest) *NullableLoginRequest {
+	return &NullableLoginRequest{value: val, isSet: true}
+}
+
+func (v NullableLoginRequest) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableLoginRequest) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/internal/httpclient/model_o_auth2_client.go b/internal/httpclient/model_o_auth2_client.go
new file mode 100644
index 000000000000..6b7ec84ccb95
--- /dev/null
+++ b/internal/httpclient/model_o_auth2_client.go
@@ -0,0 +1,1364 @@
+/*
+ * Ory Kratos API
+ *
+ * Documentation for all public and administrative Ory Kratos APIs. Public and administrative APIs are exposed on different ports. Public APIs can face the public internet without any protection while administrative APIs should never be exposed without prior authorization. To protect the administative API port you should use something like Nginx, Ory Oathkeeper, or any other technology capable of authorizing incoming requests.
+ *
+ * API version: 1.0.0
+ * Contact: hi@ory.sh
+ */
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+
+package client
+
+import (
+	"encoding/json"
+	"time"
+)
+
+// OAuth2Client OAuth2Client struct for OAuth2Client
+type OAuth2Client struct {
+	AllowedCorsOrigins []string `json:"allowed_cors_origins,omitempty"`
+	Audience           []string `json:"audience,omitempty"`
+	// Boolean value specifying whether the RP requires that a sid (session ID) Claim be included in the Logout Token to identify the RP session with the OP when the backchannel_logout_uri is used. If omitted, the default value is false.
+	BackchannelLogoutSessionRequired *bool `json:"backchannel_logout_session_required,omitempty"`
+	// RP URL that will cause the RP to log itself out when sent a Logout Token by the OP.
+	BackchannelLogoutUri *string `json:"backchannel_logout_uri,omitempty"`
+	// ID  is the id for this client.
+	ClientId *string `json:"client_id,omitempty"`
+	// Name is the human-readable string name of the client to be presented to the end-user during authorization.
+	ClientName *string `json:"client_name,omitempty"`
+	// Secret is the client's secret. The secret will be included in the create request as cleartext, and then never again. The secret is stored using BCrypt so it is impossible to recover it. Tell your users that they need to write the secret down as it will not be made available again.
+	ClientSecret *string `json:"client_secret,omitempty"`
+	// SecretExpiresAt is an integer holding the time at which the client secret will expire or 0 if it will not expire. The time is represented as the number of seconds from 1970-01-01T00:00:00Z as measured in UTC until the date/time of expiration.  This feature is currently not supported and it's value will always be set to 0.
+	ClientSecretExpiresAt *int64 `json:"client_secret_expires_at,omitempty"`
+	// ClientURI is an URL string of a web page providing information about the client. If present, the server SHOULD display this URL to the end-user in a clickable fashion.
+	ClientUri *string  `json:"client_uri,omitempty"`
+	Contacts  []string `json:"contacts,omitempty"`
+	// CreatedAt returns the timestamp of the client's creation.
+	CreatedAt *time.Time `json:"created_at,omitempty"`
+	// Boolean value specifying whether the RP requires that iss (issuer) and sid (session ID) query parameters be included to identify the RP session with the OP when the frontchannel_logout_uri is used. If omitted, the default value is false.
+	FrontchannelLogoutSessionRequired *bool `json:"frontchannel_logout_session_required,omitempty"`
+	// RP URL that will cause the RP to log itself out when rendered in an iframe by the OP. An iss (issuer) query parameter and a sid (session ID) query parameter MAY be included by the OP to enable the RP to validate the request and to determine which of the potentially multiple sessions is to be logged out; if either is included, both MUST be.
+	FrontchannelLogoutUri *string                `json:"frontchannel_logout_uri,omitempty"`
+	GrantTypes            []string               `json:"grant_types,omitempty"`
+	Jwks                  map[string]interface{} `json:"jwks,omitempty"`
+	// URL for the Client's JSON Web Key Set [JWK] document. If the Client signs requests to the Server, it contains the signing key(s) the Server uses to validate signatures from the Client. The JWK Set MAY also contain the Client's encryption keys(s), which are used by the Server to encrypt responses to the Client. When both signing and encryption keys are made available, a use (Key Use) parameter value is REQUIRED for all keys in the referenced JWK Set to indicate each key's intended usage. Although some algorithms allow the same key to be used for both signatures and encryption, doing so is NOT RECOMMENDED, as it is less secure. The JWK x5c parameter MAY be used to provide X.509 representations of keys provided. When used, the bare key values MUST still be present and MUST match those in the certificate.
+	JwksUri *string `json:"jwks_uri,omitempty"`
+	// LogoURI is an URL string that references a logo for the client.
+	LogoUri  *string                `json:"logo_uri,omitempty"`
+	Metadata map[string]interface{} `json:"metadata,omitempty"`
+	// Owner is a string identifying the owner of the OAuth 2.0 Client.
+	Owner *string `json:"owner,omitempty"`
+	// PolicyURI is a URL string that points to a human-readable privacy policy document that describes how the deployment organization collects, uses, retains, and discloses personal data.
+	PolicyUri              *string  `json:"policy_uri,omitempty"`
+	PostLogoutRedirectUris []string `json:"post_logout_redirect_uris,omitempty"`
+	RedirectUris           []string `json:"redirect_uris,omitempty"`
+	// RegistrationAccessToken can be used to update, get, or delete the OAuth2 Client.
+	RegistrationAccessToken *string `json:"registration_access_token,omitempty"`
+	// RegistrationClientURI is the URL used to update, get, or delete the OAuth2 Client.
+	RegistrationClientUri *string `json:"registration_client_uri,omitempty"`
+	// JWS [JWS] alg algorithm [JWA] that MUST be used for signing Request Objects sent to the OP. All Request Objects from this Client MUST be rejected, if not signed with this algorithm.
+	RequestObjectSigningAlg *string  `json:"request_object_signing_alg,omitempty"`
+	RequestUris             []string `json:"request_uris,omitempty"`
+	ResponseTypes           []string `json:"response_types,omitempty"`
+	// Scope is a string containing a space-separated list of scope values (as described in Section 3.3 of OAuth 2.0 [RFC6749]) that the client can use when requesting access tokens.
+	Scope *string `json:"scope,omitempty"`
+	// URL using the https scheme to be used in calculating Pseudonymous Identifiers by the OP. The URL references a file with a single JSON array of redirect_uri values.
+	SectorIdentifierUri *string `json:"sector_identifier_uri,omitempty"`
+	// SubjectType requested for responses to this Client. The subject_types_supported Discovery parameter contains a list of the supported subject_type values for this server. Valid types include `pairwise` and `public`.
+	SubjectType *string `json:"subject_type,omitempty"`
+	// Requested Client Authentication method for the Token Endpoint. The options are client_secret_post, client_secret_basic, private_key_jwt, and none.
+	TokenEndpointAuthMethod *string `json:"token_endpoint_auth_method,omitempty"`
+	// Requested Client Authentication signing algorithm for the Token Endpoint.
+	TokenEndpointAuthSigningAlg *string `json:"token_endpoint_auth_signing_alg,omitempty"`
+	// TermsOfServiceURI is a URL string that points to a human-readable terms of service document for the client that describes a contractual relationship between the end-user and the client that the end-user accepts when authorizing the client.
+	TosUri *string `json:"tos_uri,omitempty"`
+	// UpdatedAt returns the timestamp of the last update.
+	UpdatedAt *time.Time `json:"updated_at,omitempty"`
+	// JWS alg algorithm [JWA] REQUIRED for signing UserInfo Responses. If this is specified, the response will be JWT [JWT] serialized, and signed using JWS. The default, if omitted, is for the UserInfo Response to return the Claims as a UTF-8 encoded JSON object using the application/json content-type.
+	UserinfoSignedResponseAlg *string `json:"userinfo_signed_response_alg,omitempty"`
+}
+
+// NewOAuth2Client instantiates a new OAuth2Client object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewOAuth2Client() *OAuth2Client {
+	this := OAuth2Client{}
+	return &this
+}
+
+// NewOAuth2ClientWithDefaults instantiates a new OAuth2Client object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewOAuth2ClientWithDefaults() *OAuth2Client {
+	this := OAuth2Client{}
+	return &this
+}
+
+// GetAllowedCorsOrigins returns the AllowedCorsOrigins field value if set, zero value otherwise.
+func (o *OAuth2Client) GetAllowedCorsOrigins() []string {
+	if o == nil || o.AllowedCorsOrigins == nil {
+		var ret []string
+		return ret
+	}
+	return o.AllowedCorsOrigins
+}
+
+// GetAllowedCorsOriginsOk returns a tuple with the AllowedCorsOrigins field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OAuth2Client) GetAllowedCorsOriginsOk() ([]string, bool) {
+	if o == nil || o.AllowedCorsOrigins == nil {
+		return nil, false
+	}
+	return o.AllowedCorsOrigins, true
+}
+
+// HasAllowedCorsOrigins returns a boolean if a field has been set.
+func (o *OAuth2Client) HasAllowedCorsOrigins() bool {
+	if o != nil && o.AllowedCorsOrigins != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetAllowedCorsOrigins gets a reference to the given []string and assigns it to the AllowedCorsOrigins field.
+func (o *OAuth2Client) SetAllowedCorsOrigins(v []string) {
+	o.AllowedCorsOrigins = v
+}
+
+// GetAudience returns the Audience field value if set, zero value otherwise.
+func (o *OAuth2Client) GetAudience() []string {
+	if o == nil || o.Audience == nil {
+		var ret []string
+		return ret
+	}
+	return o.Audience
+}
+
+// GetAudienceOk returns a tuple with the Audience field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OAuth2Client) GetAudienceOk() ([]string, bool) {
+	if o == nil || o.Audience == nil {
+		return nil, false
+	}
+	return o.Audience, true
+}
+
+// HasAudience returns a boolean if a field has been set.
+func (o *OAuth2Client) HasAudience() bool {
+	if o != nil && o.Audience != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetAudience gets a reference to the given []string and assigns it to the Audience field.
+func (o *OAuth2Client) SetAudience(v []string) {
+	o.Audience = v
+}
+
+// GetBackchannelLogoutSessionRequired returns the BackchannelLogoutSessionRequired field value if set, zero value otherwise.
+func (o *OAuth2Client) GetBackchannelLogoutSessionRequired() bool {
+	if o == nil || o.BackchannelLogoutSessionRequired == nil {
+		var ret bool
+		return ret
+	}
+	return *o.BackchannelLogoutSessionRequired
+}
+
+// GetBackchannelLogoutSessionRequiredOk returns a tuple with the BackchannelLogoutSessionRequired field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OAuth2Client) GetBackchannelLogoutSessionRequiredOk() (*bool, bool) {
+	if o == nil || o.BackchannelLogoutSessionRequired == nil {
+		return nil, false
+	}
+	return o.BackchannelLogoutSessionRequired, true
+}
+
+// HasBackchannelLogoutSessionRequired returns a boolean if a field has been set.
+func (o *OAuth2Client) HasBackchannelLogoutSessionRequired() bool {
+	if o != nil && o.BackchannelLogoutSessionRequired != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetBackchannelLogoutSessionRequired gets a reference to the given bool and assigns it to the BackchannelLogoutSessionRequired field.
+func (o *OAuth2Client) SetBackchannelLogoutSessionRequired(v bool) {
+	o.BackchannelLogoutSessionRequired = &v
+}
+
+// GetBackchannelLogoutUri returns the BackchannelLogoutUri field value if set, zero value otherwise.
+func (o *OAuth2Client) GetBackchannelLogoutUri() string {
+	if o == nil || o.BackchannelLogoutUri == nil {
+		var ret string
+		return ret
+	}
+	return *o.BackchannelLogoutUri
+}
+
+// GetBackchannelLogoutUriOk returns a tuple with the BackchannelLogoutUri field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OAuth2Client) GetBackchannelLogoutUriOk() (*string, bool) {
+	if o == nil || o.BackchannelLogoutUri == nil {
+		return nil, false
+	}
+	return o.BackchannelLogoutUri, true
+}
+
+// HasBackchannelLogoutUri returns a boolean if a field has been set.
+func (o *OAuth2Client) HasBackchannelLogoutUri() bool {
+	if o != nil && o.BackchannelLogoutUri != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetBackchannelLogoutUri gets a reference to the given string and assigns it to the BackchannelLogoutUri field.
+func (o *OAuth2Client) SetBackchannelLogoutUri(v string) {
+	o.BackchannelLogoutUri = &v
+}
+
+// GetClientId returns the ClientId field value if set, zero value otherwise.
+func (o *OAuth2Client) GetClientId() string {
+	if o == nil || o.ClientId == nil {
+		var ret string
+		return ret
+	}
+	return *o.ClientId
+}
+
+// GetClientIdOk returns a tuple with the ClientId field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OAuth2Client) GetClientIdOk() (*string, bool) {
+	if o == nil || o.ClientId == nil {
+		return nil, false
+	}
+	return o.ClientId, true
+}
+
+// HasClientId returns a boolean if a field has been set.
+func (o *OAuth2Client) HasClientId() bool {
+	if o != nil && o.ClientId != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetClientId gets a reference to the given string and assigns it to the ClientId field.
+func (o *OAuth2Client) SetClientId(v string) {
+	o.ClientId = &v
+}
+
+// GetClientName returns the ClientName field value if set, zero value otherwise.
+func (o *OAuth2Client) GetClientName() string {
+	if o == nil || o.ClientName == nil {
+		var ret string
+		return ret
+	}
+	return *o.ClientName
+}
+
+// GetClientNameOk returns a tuple with the ClientName field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OAuth2Client) GetClientNameOk() (*string, bool) {
+	if o == nil || o.ClientName == nil {
+		return nil, false
+	}
+	return o.ClientName, true
+}
+
+// HasClientName returns a boolean if a field has been set.
+func (o *OAuth2Client) HasClientName() bool {
+	if o != nil && o.ClientName != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetClientName gets a reference to the given string and assigns it to the ClientName field.
+func (o *OAuth2Client) SetClientName(v string) {
+	o.ClientName = &v
+}
+
+// GetClientSecret returns the ClientSecret field value if set, zero value otherwise.
+func (o *OAuth2Client) GetClientSecret() string {
+	if o == nil || o.ClientSecret == nil {
+		var ret string
+		return ret
+	}
+	return *o.ClientSecret
+}
+
+// GetClientSecretOk returns a tuple with the ClientSecret field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OAuth2Client) GetClientSecretOk() (*string, bool) {
+	if o == nil || o.ClientSecret == nil {
+		return nil, false
+	}
+	return o.ClientSecret, true
+}
+
+// HasClientSecret returns a boolean if a field has been set.
+func (o *OAuth2Client) HasClientSecret() bool {
+	if o != nil && o.ClientSecret != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetClientSecret gets a reference to the given string and assigns it to the ClientSecret field.
+func (o *OAuth2Client) SetClientSecret(v string) {
+	o.ClientSecret = &v
+}
+
+// GetClientSecretExpiresAt returns the ClientSecretExpiresAt field value if set, zero value otherwise.
+func (o *OAuth2Client) GetClientSecretExpiresAt() int64 {
+	if o == nil || o.ClientSecretExpiresAt == nil {
+		var ret int64
+		return ret
+	}
+	return *o.ClientSecretExpiresAt
+}
+
+// GetClientSecretExpiresAtOk returns a tuple with the ClientSecretExpiresAt field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OAuth2Client) GetClientSecretExpiresAtOk() (*int64, bool) {
+	if o == nil || o.ClientSecretExpiresAt == nil {
+		return nil, false
+	}
+	return o.ClientSecretExpiresAt, true
+}
+
+// HasClientSecretExpiresAt returns a boolean if a field has been set.
+func (o *OAuth2Client) HasClientSecretExpiresAt() bool {
+	if o != nil && o.ClientSecretExpiresAt != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetClientSecretExpiresAt gets a reference to the given int64 and assigns it to the ClientSecretExpiresAt field.
+func (o *OAuth2Client) SetClientSecretExpiresAt(v int64) {
+	o.ClientSecretExpiresAt = &v
+}
+
+// GetClientUri returns the ClientUri field value if set, zero value otherwise.
+func (o *OAuth2Client) GetClientUri() string {
+	if o == nil || o.ClientUri == nil {
+		var ret string
+		return ret
+	}
+	return *o.ClientUri
+}
+
+// GetClientUriOk returns a tuple with the ClientUri field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OAuth2Client) GetClientUriOk() (*string, bool) {
+	if o == nil || o.ClientUri == nil {
+		return nil, false
+	}
+	return o.ClientUri, true
+}
+
+// HasClientUri returns a boolean if a field has been set.
+func (o *OAuth2Client) HasClientUri() bool {
+	if o != nil && o.ClientUri != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetClientUri gets a reference to the given string and assigns it to the ClientUri field.
+func (o *OAuth2Client) SetClientUri(v string) {
+	o.ClientUri = &v
+}
+
+// GetContacts returns the Contacts field value if set, zero value otherwise.
+func (o *OAuth2Client) GetContacts() []string {
+	if o == nil || o.Contacts == nil {
+		var ret []string
+		return ret
+	}
+	return o.Contacts
+}
+
+// GetContactsOk returns a tuple with the Contacts field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OAuth2Client) GetContactsOk() ([]string, bool) {
+	if o == nil || o.Contacts == nil {
+		return nil, false
+	}
+	return o.Contacts, true
+}
+
+// HasContacts returns a boolean if a field has been set.
+func (o *OAuth2Client) HasContacts() bool {
+	if o != nil && o.Contacts != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetContacts gets a reference to the given []string and assigns it to the Contacts field.
+func (o *OAuth2Client) SetContacts(v []string) {
+	o.Contacts = v
+}
+
+// GetCreatedAt returns the CreatedAt field value if set, zero value otherwise.
+func (o *OAuth2Client) GetCreatedAt() time.Time {
+	if o == nil || o.CreatedAt == nil {
+		var ret time.Time
+		return ret
+	}
+	return *o.CreatedAt
+}
+
+// GetCreatedAtOk returns a tuple with the CreatedAt field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OAuth2Client) GetCreatedAtOk() (*time.Time, bool) {
+	if o == nil || o.CreatedAt == nil {
+		return nil, false
+	}
+	return o.CreatedAt, true
+}
+
+// HasCreatedAt returns a boolean if a field has been set.
+func (o *OAuth2Client) HasCreatedAt() bool {
+	if o != nil && o.CreatedAt != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetCreatedAt gets a reference to the given time.Time and assigns it to the CreatedAt field.
+func (o *OAuth2Client) SetCreatedAt(v time.Time) {
+	o.CreatedAt = &v
+}
+
+// GetFrontchannelLogoutSessionRequired returns the FrontchannelLogoutSessionRequired field value if set, zero value otherwise.
+func (o *OAuth2Client) GetFrontchannelLogoutSessionRequired() bool {
+	if o == nil || o.FrontchannelLogoutSessionRequired == nil {
+		var ret bool
+		return ret
+	}
+	return *o.FrontchannelLogoutSessionRequired
+}
+
+// GetFrontchannelLogoutSessionRequiredOk returns a tuple with the FrontchannelLogoutSessionRequired field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OAuth2Client) GetFrontchannelLogoutSessionRequiredOk() (*bool, bool) {
+	if o == nil || o.FrontchannelLogoutSessionRequired == nil {
+		return nil, false
+	}
+	return o.FrontchannelLogoutSessionRequired, true
+}
+
+// HasFrontchannelLogoutSessionRequired returns a boolean if a field has been set.
+func (o *OAuth2Client) HasFrontchannelLogoutSessionRequired() bool {
+	if o != nil && o.FrontchannelLogoutSessionRequired != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetFrontchannelLogoutSessionRequired gets a reference to the given bool and assigns it to the FrontchannelLogoutSessionRequired field.
+func (o *OAuth2Client) SetFrontchannelLogoutSessionRequired(v bool) {
+	o.FrontchannelLogoutSessionRequired = &v
+}
+
+// GetFrontchannelLogoutUri returns the FrontchannelLogoutUri field value if set, zero value otherwise.
+func (o *OAuth2Client) GetFrontchannelLogoutUri() string {
+	if o == nil || o.FrontchannelLogoutUri == nil {
+		var ret string
+		return ret
+	}
+	return *o.FrontchannelLogoutUri
+}
+
+// GetFrontchannelLogoutUriOk returns a tuple with the FrontchannelLogoutUri field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OAuth2Client) GetFrontchannelLogoutUriOk() (*string, bool) {
+	if o == nil || o.FrontchannelLogoutUri == nil {
+		return nil, false
+	}
+	return o.FrontchannelLogoutUri, true
+}
+
+// HasFrontchannelLogoutUri returns a boolean if a field has been set.
+func (o *OAuth2Client) HasFrontchannelLogoutUri() bool {
+	if o != nil && o.FrontchannelLogoutUri != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetFrontchannelLogoutUri gets a reference to the given string and assigns it to the FrontchannelLogoutUri field.
+func (o *OAuth2Client) SetFrontchannelLogoutUri(v string) {
+	o.FrontchannelLogoutUri = &v
+}
+
+// GetGrantTypes returns the GrantTypes field value if set, zero value otherwise.
+func (o *OAuth2Client) GetGrantTypes() []string {
+	if o == nil || o.GrantTypes == nil {
+		var ret []string
+		return ret
+	}
+	return o.GrantTypes
+}
+
+// GetGrantTypesOk returns a tuple with the GrantTypes field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OAuth2Client) GetGrantTypesOk() ([]string, bool) {
+	if o == nil || o.GrantTypes == nil {
+		return nil, false
+	}
+	return o.GrantTypes, true
+}
+
+// HasGrantTypes returns a boolean if a field has been set.
+func (o *OAuth2Client) HasGrantTypes() bool {
+	if o != nil && o.GrantTypes != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetGrantTypes gets a reference to the given []string and assigns it to the GrantTypes field.
+func (o *OAuth2Client) SetGrantTypes(v []string) {
+	o.GrantTypes = v
+}
+
+// GetJwks returns the Jwks field value if set, zero value otherwise.
+func (o *OAuth2Client) GetJwks() map[string]interface{} {
+	if o == nil || o.Jwks == nil {
+		var ret map[string]interface{}
+		return ret
+	}
+	return o.Jwks
+}
+
+// GetJwksOk returns a tuple with the Jwks field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OAuth2Client) GetJwksOk() (map[string]interface{}, bool) {
+	if o == nil || o.Jwks == nil {
+		return nil, false
+	}
+	return o.Jwks, true
+}
+
+// HasJwks returns a boolean if a field has been set.
+func (o *OAuth2Client) HasJwks() bool {
+	if o != nil && o.Jwks != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetJwks gets a reference to the given map[string]interface{} and assigns it to the Jwks field.
+func (o *OAuth2Client) SetJwks(v map[string]interface{}) {
+	o.Jwks = v
+}
+
+// GetJwksUri returns the JwksUri field value if set, zero value otherwise.
+func (o *OAuth2Client) GetJwksUri() string {
+	if o == nil || o.JwksUri == nil {
+		var ret string
+		return ret
+	}
+	return *o.JwksUri
+}
+
+// GetJwksUriOk returns a tuple with the JwksUri field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OAuth2Client) GetJwksUriOk() (*string, bool) {
+	if o == nil || o.JwksUri == nil {
+		return nil, false
+	}
+	return o.JwksUri, true
+}
+
+// HasJwksUri returns a boolean if a field has been set.
+func (o *OAuth2Client) HasJwksUri() bool {
+	if o != nil && o.JwksUri != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetJwksUri gets a reference to the given string and assigns it to the JwksUri field.
+func (o *OAuth2Client) SetJwksUri(v string) {
+	o.JwksUri = &v
+}
+
+// GetLogoUri returns the LogoUri field value if set, zero value otherwise.
+func (o *OAuth2Client) GetLogoUri() string {
+	if o == nil || o.LogoUri == nil {
+		var ret string
+		return ret
+	}
+	return *o.LogoUri
+}
+
+// GetLogoUriOk returns a tuple with the LogoUri field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OAuth2Client) GetLogoUriOk() (*string, bool) {
+	if o == nil || o.LogoUri == nil {
+		return nil, false
+	}
+	return o.LogoUri, true
+}
+
+// HasLogoUri returns a boolean if a field has been set.
+func (o *OAuth2Client) HasLogoUri() bool {
+	if o != nil && o.LogoUri != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetLogoUri gets a reference to the given string and assigns it to the LogoUri field.
+func (o *OAuth2Client) SetLogoUri(v string) {
+	o.LogoUri = &v
+}
+
+// GetMetadata returns the Metadata field value if set, zero value otherwise.
+func (o *OAuth2Client) GetMetadata() map[string]interface{} {
+	if o == nil || o.Metadata == nil {
+		var ret map[string]interface{}
+		return ret
+	}
+	return o.Metadata
+}
+
+// GetMetadataOk returns a tuple with the Metadata field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OAuth2Client) GetMetadataOk() (map[string]interface{}, bool) {
+	if o == nil || o.Metadata == nil {
+		return nil, false
+	}
+	return o.Metadata, true
+}
+
+// HasMetadata returns a boolean if a field has been set.
+func (o *OAuth2Client) HasMetadata() bool {
+	if o != nil && o.Metadata != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetMetadata gets a reference to the given map[string]interface{} and assigns it to the Metadata field.
+func (o *OAuth2Client) SetMetadata(v map[string]interface{}) {
+	o.Metadata = v
+}
+
+// GetOwner returns the Owner field value if set, zero value otherwise.
+func (o *OAuth2Client) GetOwner() string {
+	if o == nil || o.Owner == nil {
+		var ret string
+		return ret
+	}
+	return *o.Owner
+}
+
+// GetOwnerOk returns a tuple with the Owner field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OAuth2Client) GetOwnerOk() (*string, bool) {
+	if o == nil || o.Owner == nil {
+		return nil, false
+	}
+	return o.Owner, true
+}
+
+// HasOwner returns a boolean if a field has been set.
+func (o *OAuth2Client) HasOwner() bool {
+	if o != nil && o.Owner != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetOwner gets a reference to the given string and assigns it to the Owner field.
+func (o *OAuth2Client) SetOwner(v string) {
+	o.Owner = &v
+}
+
+// GetPolicyUri returns the PolicyUri field value if set, zero value otherwise.
+func (o *OAuth2Client) GetPolicyUri() string {
+	if o == nil || o.PolicyUri == nil {
+		var ret string
+		return ret
+	}
+	return *o.PolicyUri
+}
+
+// GetPolicyUriOk returns a tuple with the PolicyUri field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OAuth2Client) GetPolicyUriOk() (*string, bool) {
+	if o == nil || o.PolicyUri == nil {
+		return nil, false
+	}
+	return o.PolicyUri, true
+}
+
+// HasPolicyUri returns a boolean if a field has been set.
+func (o *OAuth2Client) HasPolicyUri() bool {
+	if o != nil && o.PolicyUri != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetPolicyUri gets a reference to the given string and assigns it to the PolicyUri field.
+func (o *OAuth2Client) SetPolicyUri(v string) {
+	o.PolicyUri = &v
+}
+
+// GetPostLogoutRedirectUris returns the PostLogoutRedirectUris field value if set, zero value otherwise.
+func (o *OAuth2Client) GetPostLogoutRedirectUris() []string {
+	if o == nil || o.PostLogoutRedirectUris == nil {
+		var ret []string
+		return ret
+	}
+	return o.PostLogoutRedirectUris
+}
+
+// GetPostLogoutRedirectUrisOk returns a tuple with the PostLogoutRedirectUris field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OAuth2Client) GetPostLogoutRedirectUrisOk() ([]string, bool) {
+	if o == nil || o.PostLogoutRedirectUris == nil {
+		return nil, false
+	}
+	return o.PostLogoutRedirectUris, true
+}
+
+// HasPostLogoutRedirectUris returns a boolean if a field has been set.
+func (o *OAuth2Client) HasPostLogoutRedirectUris() bool {
+	if o != nil && o.PostLogoutRedirectUris != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetPostLogoutRedirectUris gets a reference to the given []string and assigns it to the PostLogoutRedirectUris field.
+func (o *OAuth2Client) SetPostLogoutRedirectUris(v []string) {
+	o.PostLogoutRedirectUris = v
+}
+
+// GetRedirectUris returns the RedirectUris field value if set, zero value otherwise.
+func (o *OAuth2Client) GetRedirectUris() []string {
+	if o == nil || o.RedirectUris == nil {
+		var ret []string
+		return ret
+	}
+	return o.RedirectUris
+}
+
+// GetRedirectUrisOk returns a tuple with the RedirectUris field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OAuth2Client) GetRedirectUrisOk() ([]string, bool) {
+	if o == nil || o.RedirectUris == nil {
+		return nil, false
+	}
+	return o.RedirectUris, true
+}
+
+// HasRedirectUris returns a boolean if a field has been set.
+func (o *OAuth2Client) HasRedirectUris() bool {
+	if o != nil && o.RedirectUris != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetRedirectUris gets a reference to the given []string and assigns it to the RedirectUris field.
+func (o *OAuth2Client) SetRedirectUris(v []string) {
+	o.RedirectUris = v
+}
+
+// GetRegistrationAccessToken returns the RegistrationAccessToken field value if set, zero value otherwise.
+func (o *OAuth2Client) GetRegistrationAccessToken() string {
+	if o == nil || o.RegistrationAccessToken == nil {
+		var ret string
+		return ret
+	}
+	return *o.RegistrationAccessToken
+}
+
+// GetRegistrationAccessTokenOk returns a tuple with the RegistrationAccessToken field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OAuth2Client) GetRegistrationAccessTokenOk() (*string, bool) {
+	if o == nil || o.RegistrationAccessToken == nil {
+		return nil, false
+	}
+	return o.RegistrationAccessToken, true
+}
+
+// HasRegistrationAccessToken returns a boolean if a field has been set.
+func (o *OAuth2Client) HasRegistrationAccessToken() bool {
+	if o != nil && o.RegistrationAccessToken != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetRegistrationAccessToken gets a reference to the given string and assigns it to the RegistrationAccessToken field.
+func (o *OAuth2Client) SetRegistrationAccessToken(v string) {
+	o.RegistrationAccessToken = &v
+}
+
+// GetRegistrationClientUri returns the RegistrationClientUri field value if set, zero value otherwise.
+func (o *OAuth2Client) GetRegistrationClientUri() string {
+	if o == nil || o.RegistrationClientUri == nil {
+		var ret string
+		return ret
+	}
+	return *o.RegistrationClientUri
+}
+
+// GetRegistrationClientUriOk returns a tuple with the RegistrationClientUri field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OAuth2Client) GetRegistrationClientUriOk() (*string, bool) {
+	if o == nil || o.RegistrationClientUri == nil {
+		return nil, false
+	}
+	return o.RegistrationClientUri, true
+}
+
+// HasRegistrationClientUri returns a boolean if a field has been set.
+func (o *OAuth2Client) HasRegistrationClientUri() bool {
+	if o != nil && o.RegistrationClientUri != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetRegistrationClientUri gets a reference to the given string and assigns it to the RegistrationClientUri field.
+func (o *OAuth2Client) SetRegistrationClientUri(v string) {
+	o.RegistrationClientUri = &v
+}
+
+// GetRequestObjectSigningAlg returns the RequestObjectSigningAlg field value if set, zero value otherwise.
+func (o *OAuth2Client) GetRequestObjectSigningAlg() string {
+	if o == nil || o.RequestObjectSigningAlg == nil {
+		var ret string
+		return ret
+	}
+	return *o.RequestObjectSigningAlg
+}
+
+// GetRequestObjectSigningAlgOk returns a tuple with the RequestObjectSigningAlg field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OAuth2Client) GetRequestObjectSigningAlgOk() (*string, bool) {
+	if o == nil || o.RequestObjectSigningAlg == nil {
+		return nil, false
+	}
+	return o.RequestObjectSigningAlg, true
+}
+
+// HasRequestObjectSigningAlg returns a boolean if a field has been set.
+func (o *OAuth2Client) HasRequestObjectSigningAlg() bool {
+	if o != nil && o.RequestObjectSigningAlg != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetRequestObjectSigningAlg gets a reference to the given string and assigns it to the RequestObjectSigningAlg field.
+func (o *OAuth2Client) SetRequestObjectSigningAlg(v string) {
+	o.RequestObjectSigningAlg = &v
+}
+
+// GetRequestUris returns the RequestUris field value if set, zero value otherwise.
+func (o *OAuth2Client) GetRequestUris() []string {
+	if o == nil || o.RequestUris == nil {
+		var ret []string
+		return ret
+	}
+	return o.RequestUris
+}
+
+// GetRequestUrisOk returns a tuple with the RequestUris field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OAuth2Client) GetRequestUrisOk() ([]string, bool) {
+	if o == nil || o.RequestUris == nil {
+		return nil, false
+	}
+	return o.RequestUris, true
+}
+
+// HasRequestUris returns a boolean if a field has been set.
+func (o *OAuth2Client) HasRequestUris() bool {
+	if o != nil && o.RequestUris != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetRequestUris gets a reference to the given []string and assigns it to the RequestUris field.
+func (o *OAuth2Client) SetRequestUris(v []string) {
+	o.RequestUris = v
+}
+
+// GetResponseTypes returns the ResponseTypes field value if set, zero value otherwise.
+func (o *OAuth2Client) GetResponseTypes() []string {
+	if o == nil || o.ResponseTypes == nil {
+		var ret []string
+		return ret
+	}
+	return o.ResponseTypes
+}
+
+// GetResponseTypesOk returns a tuple with the ResponseTypes field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OAuth2Client) GetResponseTypesOk() ([]string, bool) {
+	if o == nil || o.ResponseTypes == nil {
+		return nil, false
+	}
+	return o.ResponseTypes, true
+}
+
+// HasResponseTypes returns a boolean if a field has been set.
+func (o *OAuth2Client) HasResponseTypes() bool {
+	if o != nil && o.ResponseTypes != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetResponseTypes gets a reference to the given []string and assigns it to the ResponseTypes field.
+func (o *OAuth2Client) SetResponseTypes(v []string) {
+	o.ResponseTypes = v
+}
+
+// GetScope returns the Scope field value if set, zero value otherwise.
+func (o *OAuth2Client) GetScope() string {
+	if o == nil || o.Scope == nil {
+		var ret string
+		return ret
+	}
+	return *o.Scope
+}
+
+// GetScopeOk returns a tuple with the Scope field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OAuth2Client) GetScopeOk() (*string, bool) {
+	if o == nil || o.Scope == nil {
+		return nil, false
+	}
+	return o.Scope, true
+}
+
+// HasScope returns a boolean if a field has been set.
+func (o *OAuth2Client) HasScope() bool {
+	if o != nil && o.Scope != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetScope gets a reference to the given string and assigns it to the Scope field.
+func (o *OAuth2Client) SetScope(v string) {
+	o.Scope = &v
+}
+
+// GetSectorIdentifierUri returns the SectorIdentifierUri field value if set, zero value otherwise.
+func (o *OAuth2Client) GetSectorIdentifierUri() string {
+	if o == nil || o.SectorIdentifierUri == nil {
+		var ret string
+		return ret
+	}
+	return *o.SectorIdentifierUri
+}
+
+// GetSectorIdentifierUriOk returns a tuple with the SectorIdentifierUri field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OAuth2Client) GetSectorIdentifierUriOk() (*string, bool) {
+	if o == nil || o.SectorIdentifierUri == nil {
+		return nil, false
+	}
+	return o.SectorIdentifierUri, true
+}
+
+// HasSectorIdentifierUri returns a boolean if a field has been set.
+func (o *OAuth2Client) HasSectorIdentifierUri() bool {
+	if o != nil && o.SectorIdentifierUri != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetSectorIdentifierUri gets a reference to the given string and assigns it to the SectorIdentifierUri field.
+func (o *OAuth2Client) SetSectorIdentifierUri(v string) {
+	o.SectorIdentifierUri = &v
+}
+
+// GetSubjectType returns the SubjectType field value if set, zero value otherwise.
+func (o *OAuth2Client) GetSubjectType() string {
+	if o == nil || o.SubjectType == nil {
+		var ret string
+		return ret
+	}
+	return *o.SubjectType
+}
+
+// GetSubjectTypeOk returns a tuple with the SubjectType field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OAuth2Client) GetSubjectTypeOk() (*string, bool) {
+	if o == nil || o.SubjectType == nil {
+		return nil, false
+	}
+	return o.SubjectType, true
+}
+
+// HasSubjectType returns a boolean if a field has been set.
+func (o *OAuth2Client) HasSubjectType() bool {
+	if o != nil && o.SubjectType != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetSubjectType gets a reference to the given string and assigns it to the SubjectType field.
+func (o *OAuth2Client) SetSubjectType(v string) {
+	o.SubjectType = &v
+}
+
+// GetTokenEndpointAuthMethod returns the TokenEndpointAuthMethod field value if set, zero value otherwise.
+func (o *OAuth2Client) GetTokenEndpointAuthMethod() string {
+	if o == nil || o.TokenEndpointAuthMethod == nil {
+		var ret string
+		return ret
+	}
+	return *o.TokenEndpointAuthMethod
+}
+
+// GetTokenEndpointAuthMethodOk returns a tuple with the TokenEndpointAuthMethod field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OAuth2Client) GetTokenEndpointAuthMethodOk() (*string, bool) {
+	if o == nil || o.TokenEndpointAuthMethod == nil {
+		return nil, false
+	}
+	return o.TokenEndpointAuthMethod, true
+}
+
+// HasTokenEndpointAuthMethod returns a boolean if a field has been set.
+func (o *OAuth2Client) HasTokenEndpointAuthMethod() bool {
+	if o != nil && o.TokenEndpointAuthMethod != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetTokenEndpointAuthMethod gets a reference to the given string and assigns it to the TokenEndpointAuthMethod field.
+func (o *OAuth2Client) SetTokenEndpointAuthMethod(v string) {
+	o.TokenEndpointAuthMethod = &v
+}
+
+// GetTokenEndpointAuthSigningAlg returns the TokenEndpointAuthSigningAlg field value if set, zero value otherwise.
+func (o *OAuth2Client) GetTokenEndpointAuthSigningAlg() string {
+	if o == nil || o.TokenEndpointAuthSigningAlg == nil {
+		var ret string
+		return ret
+	}
+	return *o.TokenEndpointAuthSigningAlg
+}
+
+// GetTokenEndpointAuthSigningAlgOk returns a tuple with the TokenEndpointAuthSigningAlg field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OAuth2Client) GetTokenEndpointAuthSigningAlgOk() (*string, bool) {
+	if o == nil || o.TokenEndpointAuthSigningAlg == nil {
+		return nil, false
+	}
+	return o.TokenEndpointAuthSigningAlg, true
+}
+
+// HasTokenEndpointAuthSigningAlg returns a boolean if a field has been set.
+func (o *OAuth2Client) HasTokenEndpointAuthSigningAlg() bool {
+	if o != nil && o.TokenEndpointAuthSigningAlg != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetTokenEndpointAuthSigningAlg gets a reference to the given string and assigns it to the TokenEndpointAuthSigningAlg field.
+func (o *OAuth2Client) SetTokenEndpointAuthSigningAlg(v string) {
+	o.TokenEndpointAuthSigningAlg = &v
+}
+
+// GetTosUri returns the TosUri field value if set, zero value otherwise.
+func (o *OAuth2Client) GetTosUri() string {
+	if o == nil || o.TosUri == nil {
+		var ret string
+		return ret
+	}
+	return *o.TosUri
+}
+
+// GetTosUriOk returns a tuple with the TosUri field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OAuth2Client) GetTosUriOk() (*string, bool) {
+	if o == nil || o.TosUri == nil {
+		return nil, false
+	}
+	return o.TosUri, true
+}
+
+// HasTosUri returns a boolean if a field has been set.
+func (o *OAuth2Client) HasTosUri() bool {
+	if o != nil && o.TosUri != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetTosUri gets a reference to the given string and assigns it to the TosUri field.
+func (o *OAuth2Client) SetTosUri(v string) {
+	o.TosUri = &v
+}
+
+// GetUpdatedAt returns the UpdatedAt field value if set, zero value otherwise.
+func (o *OAuth2Client) GetUpdatedAt() time.Time {
+	if o == nil || o.UpdatedAt == nil {
+		var ret time.Time
+		return ret
+	}
+	return *o.UpdatedAt
+}
+
+// GetUpdatedAtOk returns a tuple with the UpdatedAt field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OAuth2Client) GetUpdatedAtOk() (*time.Time, bool) {
+	if o == nil || o.UpdatedAt == nil {
+		return nil, false
+	}
+	return o.UpdatedAt, true
+}
+
+// HasUpdatedAt returns a boolean if a field has been set.
+func (o *OAuth2Client) HasUpdatedAt() bool {
+	if o != nil && o.UpdatedAt != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetUpdatedAt gets a reference to the given time.Time and assigns it to the UpdatedAt field.
+func (o *OAuth2Client) SetUpdatedAt(v time.Time) {
+	o.UpdatedAt = &v
+}
+
+// GetUserinfoSignedResponseAlg returns the UserinfoSignedResponseAlg field value if set, zero value otherwise.
+func (o *OAuth2Client) GetUserinfoSignedResponseAlg() string {
+	if o == nil || o.UserinfoSignedResponseAlg == nil {
+		var ret string
+		return ret
+	}
+	return *o.UserinfoSignedResponseAlg
+}
+
+// GetUserinfoSignedResponseAlgOk returns a tuple with the UserinfoSignedResponseAlg field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OAuth2Client) GetUserinfoSignedResponseAlgOk() (*string, bool) {
+	if o == nil || o.UserinfoSignedResponseAlg == nil {
+		return nil, false
+	}
+	return o.UserinfoSignedResponseAlg, true
+}
+
+// HasUserinfoSignedResponseAlg returns a boolean if a field has been set.
+func (o *OAuth2Client) HasUserinfoSignedResponseAlg() bool {
+	if o != nil && o.UserinfoSignedResponseAlg != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetUserinfoSignedResponseAlg gets a reference to the given string and assigns it to the UserinfoSignedResponseAlg field.
+func (o *OAuth2Client) SetUserinfoSignedResponseAlg(v string) {
+	o.UserinfoSignedResponseAlg = &v
+}
+
+func (o OAuth2Client) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.AllowedCorsOrigins != nil {
+		toSerialize["allowed_cors_origins"] = o.AllowedCorsOrigins
+	}
+	if o.Audience != nil {
+		toSerialize["audience"] = o.Audience
+	}
+	if o.BackchannelLogoutSessionRequired != nil {
+		toSerialize["backchannel_logout_session_required"] = o.BackchannelLogoutSessionRequired
+	}
+	if o.BackchannelLogoutUri != nil {
+		toSerialize["backchannel_logout_uri"] = o.BackchannelLogoutUri
+	}
+	if o.ClientId != nil {
+		toSerialize["client_id"] = o.ClientId
+	}
+	if o.ClientName != nil {
+		toSerialize["client_name"] = o.ClientName
+	}
+	if o.ClientSecret != nil {
+		toSerialize["client_secret"] = o.ClientSecret
+	}
+	if o.ClientSecretExpiresAt != nil {
+		toSerialize["client_secret_expires_at"] = o.ClientSecretExpiresAt
+	}
+	if o.ClientUri != nil {
+		toSerialize["client_uri"] = o.ClientUri
+	}
+	if o.Contacts != nil {
+		toSerialize["contacts"] = o.Contacts
+	}
+	if o.CreatedAt != nil {
+		toSerialize["created_at"] = o.CreatedAt
+	}
+	if o.FrontchannelLogoutSessionRequired != nil {
+		toSerialize["frontchannel_logout_session_required"] = o.FrontchannelLogoutSessionRequired
+	}
+	if o.FrontchannelLogoutUri != nil {
+		toSerialize["frontchannel_logout_uri"] = o.FrontchannelLogoutUri
+	}
+	if o.GrantTypes != nil {
+		toSerialize["grant_types"] = o.GrantTypes
+	}
+	if o.Jwks != nil {
+		toSerialize["jwks"] = o.Jwks
+	}
+	if o.JwksUri != nil {
+		toSerialize["jwks_uri"] = o.JwksUri
+	}
+	if o.LogoUri != nil {
+		toSerialize["logo_uri"] = o.LogoUri
+	}
+	if o.Metadata != nil {
+		toSerialize["metadata"] = o.Metadata
+	}
+	if o.Owner != nil {
+		toSerialize["owner"] = o.Owner
+	}
+	if o.PolicyUri != nil {
+		toSerialize["policy_uri"] = o.PolicyUri
+	}
+	if o.PostLogoutRedirectUris != nil {
+		toSerialize["post_logout_redirect_uris"] = o.PostLogoutRedirectUris
+	}
+	if o.RedirectUris != nil {
+		toSerialize["redirect_uris"] = o.RedirectUris
+	}
+	if o.RegistrationAccessToken != nil {
+		toSerialize["registration_access_token"] = o.RegistrationAccessToken
+	}
+	if o.RegistrationClientUri != nil {
+		toSerialize["registration_client_uri"] = o.RegistrationClientUri
+	}
+	if o.RequestObjectSigningAlg != nil {
+		toSerialize["request_object_signing_alg"] = o.RequestObjectSigningAlg
+	}
+	if o.RequestUris != nil {
+		toSerialize["request_uris"] = o.RequestUris
+	}
+	if o.ResponseTypes != nil {
+		toSerialize["response_types"] = o.ResponseTypes
+	}
+	if o.Scope != nil {
+		toSerialize["scope"] = o.Scope
+	}
+	if o.SectorIdentifierUri != nil {
+		toSerialize["sector_identifier_uri"] = o.SectorIdentifierUri
+	}
+	if o.SubjectType != nil {
+		toSerialize["subject_type"] = o.SubjectType
+	}
+	if o.TokenEndpointAuthMethod != nil {
+		toSerialize["token_endpoint_auth_method"] = o.TokenEndpointAuthMethod
+	}
+	if o.TokenEndpointAuthSigningAlg != nil {
+		toSerialize["token_endpoint_auth_signing_alg"] = o.TokenEndpointAuthSigningAlg
+	}
+	if o.TosUri != nil {
+		toSerialize["tos_uri"] = o.TosUri
+	}
+	if o.UpdatedAt != nil {
+		toSerialize["updated_at"] = o.UpdatedAt
+	}
+	if o.UserinfoSignedResponseAlg != nil {
+		toSerialize["userinfo_signed_response_alg"] = o.UserinfoSignedResponseAlg
+	}
+	return json.Marshal(toSerialize)
+}
+
+type NullableOAuth2Client struct {
+	value *OAuth2Client
+	isSet bool
+}
+
+func (v NullableOAuth2Client) Get() *OAuth2Client {
+	return v.value
+}
+
+func (v *NullableOAuth2Client) Set(val *OAuth2Client) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableOAuth2Client) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableOAuth2Client) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableOAuth2Client(val *OAuth2Client) *NullableOAuth2Client {
+	return &NullableOAuth2Client{value: val, isSet: true}
+}
+
+func (v NullableOAuth2Client) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableOAuth2Client) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/internal/httpclient/model_open_id_connect_context.go b/internal/httpclient/model_open_id_connect_context.go
new file mode 100644
index 000000000000..7df9c7ddab96
--- /dev/null
+++ b/internal/httpclient/model_open_id_connect_context.go
@@ -0,0 +1,263 @@
+/*
+ * Ory Kratos API
+ *
+ * Documentation for all public and administrative Ory Kratos APIs. Public and administrative APIs are exposed on different ports. Public APIs can face the public internet without any protection while administrative APIs should never be exposed without prior authorization. To protect the administative API port you should use something like Nginx, Ory Oathkeeper, or any other technology capable of authorizing incoming requests.
+ *
+ * API version: 1.0.0
+ * Contact: hi@ory.sh
+ */
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+
+package client
+
+import (
+	"encoding/json"
+)
+
+// OpenIDConnectContext OpenIDConnectContext struct for OpenIDConnectContext
+type OpenIDConnectContext struct {
+	// ACRValues is the Authentication AuthorizationContext Class Reference requested in the OAuth 2.0 Authorization request. It is a parameter defined by OpenID Connect and expresses which level of authentication (e.g. 2FA) is required.  OpenID Connect defines it as follows: > Requested Authentication AuthorizationContext Class Reference values. Space-separated string that specifies the acr values that the Authorization Server is being requested to use for processing this Authentication Request, with the values appearing in order of preference. The Authentication AuthorizationContext Class satisfied by the authentication performed is returned as the acr Claim Value, as specified in Section 2. The acr Claim is requested as a Voluntary Claim by this parameter.
+	AcrValues []string `json:"acr_values,omitempty"`
+	// Display is a string value that specifies how the Authorization Server displays the authentication and consent user interface pages to the End-User. The defined values are: page: The Authorization Server SHOULD display the authentication and consent UI consistent with a full User Agent page view. If the display parameter is not specified, this is the default display mode. popup: The Authorization Server SHOULD display the authentication and consent UI consistent with a popup User Agent window. The popup User Agent window should be of an appropriate size for a login-focused dialog and should not obscure the entire window that it is popping up over. touch: The Authorization Server SHOULD display the authentication and consent UI consistent with a device that leverages a touch interface. wap: The Authorization Server SHOULD display the authentication and consent UI consistent with a \\\"feature phone\\\" type display.  The Authorization Server MAY also attempt to detect the capabilities of the User Agent and present an appropriate display.
+	Display *string `json:"display,omitempty"`
+	// IDTokenHintClaims are the claims of the ID Token previously issued by the Authorization Server being passed as a hint about the End-User's current or past authenticated session with the Client.
+	IdTokenHintClaims map[string]map[string]interface{} `json:"id_token_hint_claims,omitempty"`
+	// LoginHint hints about the login identifier the End-User might use to log in (if necessary). This hint can be used by an RP if it first asks the End-User for their e-mail address (or other identifier) and then wants to pass that value as a hint to the discovered authorization service. This value MAY also be a phone number in the format specified for the phone_number Claim. The use of this parameter is optional.
+	LoginHint *string `json:"login_hint,omitempty"`
+	// UILocales is the End-User'id preferred languages and scripts for the user interface, represented as a space-separated list of BCP47 [RFC5646] language tag values, ordered by preference. For instance, the value \\\"fr-CA fr en\\\" represents a preference for French as spoken in Canada, then French (without a region designation), followed by English (without a region designation). An error SHOULD NOT result if some or all of the requested locales are not supported by the OpenID Provider.
+	UiLocales []string `json:"ui_locales,omitempty"`
+}
+
+// NewOpenIDConnectContext instantiates a new OpenIDConnectContext object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewOpenIDConnectContext() *OpenIDConnectContext {
+	this := OpenIDConnectContext{}
+	return &this
+}
+
+// NewOpenIDConnectContextWithDefaults instantiates a new OpenIDConnectContext object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewOpenIDConnectContextWithDefaults() *OpenIDConnectContext {
+	this := OpenIDConnectContext{}
+	return &this
+}
+
+// GetAcrValues returns the AcrValues field value if set, zero value otherwise.
+func (o *OpenIDConnectContext) GetAcrValues() []string {
+	if o == nil || o.AcrValues == nil {
+		var ret []string
+		return ret
+	}
+	return o.AcrValues
+}
+
+// GetAcrValuesOk returns a tuple with the AcrValues field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OpenIDConnectContext) GetAcrValuesOk() ([]string, bool) {
+	if o == nil || o.AcrValues == nil {
+		return nil, false
+	}
+	return o.AcrValues, true
+}
+
+// HasAcrValues returns a boolean if a field has been set.
+func (o *OpenIDConnectContext) HasAcrValues() bool {
+	if o != nil && o.AcrValues != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetAcrValues gets a reference to the given []string and assigns it to the AcrValues field.
+func (o *OpenIDConnectContext) SetAcrValues(v []string) {
+	o.AcrValues = v
+}
+
+// GetDisplay returns the Display field value if set, zero value otherwise.
+func (o *OpenIDConnectContext) GetDisplay() string {
+	if o == nil || o.Display == nil {
+		var ret string
+		return ret
+	}
+	return *o.Display
+}
+
+// GetDisplayOk returns a tuple with the Display field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OpenIDConnectContext) GetDisplayOk() (*string, bool) {
+	if o == nil || o.Display == nil {
+		return nil, false
+	}
+	return o.Display, true
+}
+
+// HasDisplay returns a boolean if a field has been set.
+func (o *OpenIDConnectContext) HasDisplay() bool {
+	if o != nil && o.Display != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetDisplay gets a reference to the given string and assigns it to the Display field.
+func (o *OpenIDConnectContext) SetDisplay(v string) {
+	o.Display = &v
+}
+
+// GetIdTokenHintClaims returns the IdTokenHintClaims field value if set, zero value otherwise.
+func (o *OpenIDConnectContext) GetIdTokenHintClaims() map[string]map[string]interface{} {
+	if o == nil || o.IdTokenHintClaims == nil {
+		var ret map[string]map[string]interface{}
+		return ret
+	}
+	return o.IdTokenHintClaims
+}
+
+// GetIdTokenHintClaimsOk returns a tuple with the IdTokenHintClaims field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OpenIDConnectContext) GetIdTokenHintClaimsOk() (map[string]map[string]interface{}, bool) {
+	if o == nil || o.IdTokenHintClaims == nil {
+		return nil, false
+	}
+	return o.IdTokenHintClaims, true
+}
+
+// HasIdTokenHintClaims returns a boolean if a field has been set.
+func (o *OpenIDConnectContext) HasIdTokenHintClaims() bool {
+	if o != nil && o.IdTokenHintClaims != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetIdTokenHintClaims gets a reference to the given map[string]map[string]interface{} and assigns it to the IdTokenHintClaims field.
+func (o *OpenIDConnectContext) SetIdTokenHintClaims(v map[string]map[string]interface{}) {
+	o.IdTokenHintClaims = v
+}
+
+// GetLoginHint returns the LoginHint field value if set, zero value otherwise.
+func (o *OpenIDConnectContext) GetLoginHint() string {
+	if o == nil || o.LoginHint == nil {
+		var ret string
+		return ret
+	}
+	return *o.LoginHint
+}
+
+// GetLoginHintOk returns a tuple with the LoginHint field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OpenIDConnectContext) GetLoginHintOk() (*string, bool) {
+	if o == nil || o.LoginHint == nil {
+		return nil, false
+	}
+	return o.LoginHint, true
+}
+
+// HasLoginHint returns a boolean if a field has been set.
+func (o *OpenIDConnectContext) HasLoginHint() bool {
+	if o != nil && o.LoginHint != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetLoginHint gets a reference to the given string and assigns it to the LoginHint field.
+func (o *OpenIDConnectContext) SetLoginHint(v string) {
+	o.LoginHint = &v
+}
+
+// GetUiLocales returns the UiLocales field value if set, zero value otherwise.
+func (o *OpenIDConnectContext) GetUiLocales() []string {
+	if o == nil || o.UiLocales == nil {
+		var ret []string
+		return ret
+	}
+	return o.UiLocales
+}
+
+// GetUiLocalesOk returns a tuple with the UiLocales field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OpenIDConnectContext) GetUiLocalesOk() ([]string, bool) {
+	if o == nil || o.UiLocales == nil {
+		return nil, false
+	}
+	return o.UiLocales, true
+}
+
+// HasUiLocales returns a boolean if a field has been set.
+func (o *OpenIDConnectContext) HasUiLocales() bool {
+	if o != nil && o.UiLocales != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetUiLocales gets a reference to the given []string and assigns it to the UiLocales field.
+func (o *OpenIDConnectContext) SetUiLocales(v []string) {
+	o.UiLocales = v
+}
+
+func (o OpenIDConnectContext) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.AcrValues != nil {
+		toSerialize["acr_values"] = o.AcrValues
+	}
+	if o.Display != nil {
+		toSerialize["display"] = o.Display
+	}
+	if o.IdTokenHintClaims != nil {
+		toSerialize["id_token_hint_claims"] = o.IdTokenHintClaims
+	}
+	if o.LoginHint != nil {
+		toSerialize["login_hint"] = o.LoginHint
+	}
+	if o.UiLocales != nil {
+		toSerialize["ui_locales"] = o.UiLocales
+	}
+	return json.Marshal(toSerialize)
+}
+
+type NullableOpenIDConnectContext struct {
+	value *OpenIDConnectContext
+	isSet bool
+}
+
+func (v NullableOpenIDConnectContext) Get() *OpenIDConnectContext {
+	return v.value
+}
+
+func (v *NullableOpenIDConnectContext) Set(val *OpenIDConnectContext) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableOpenIDConnectContext) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableOpenIDConnectContext) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableOpenIDConnectContext(val *OpenIDConnectContext) *NullableOpenIDConnectContext {
+	return &NullableOpenIDConnectContext{value: val, isSet: true}
+}
+
+func (v NullableOpenIDConnectContext) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableOpenIDConnectContext) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/internal/httpclient/model_self_service_login_flow.go b/internal/httpclient/model_self_service_login_flow.go
index dbdf326f6900..e766a45c7c96 100644
--- a/internal/httpclient/model_self_service_login_flow.go
+++ b/internal/httpclient/model_self_service_login_flow.go
@@ -26,7 +26,9 @@ type SelfServiceLoginFlow struct {
 	// ID represents the flow's unique ID. When performing the login flow, this represents the id in the login UI's query parameter: http:///?flow=
 	Id string `json:"id"`
 	// IssuedAt is the time (UTC) when the flow started.
-	IssuedAt time.Time `json:"issued_at"`
+	IssuedAt             time.Time      `json:"issued_at"`
+	Oauth2LoginChallenge NullableString `json:"oauth2_login_challenge,omitempty"`
+	Oauth2LoginRequest   *LoginRequest  `json:"oauth2_login_request,omitempty"`
 	// Refresh stores whether this login flow should enforce re-authentication.
 	Refresh *bool `json:"refresh,omitempty"`
 	// RequestURL is the initial URL that was requested from Ory Kratos. It can be used to forward information contained in the URL's path or query for example.
@@ -200,6 +202,81 @@ func (o *SelfServiceLoginFlow) SetIssuedAt(v time.Time) {
 	o.IssuedAt = v
 }
 
+// GetOauth2LoginChallenge returns the Oauth2LoginChallenge field value if set, zero value otherwise (both if not set or set to explicit null).
+func (o *SelfServiceLoginFlow) GetOauth2LoginChallenge() string {
+	if o == nil || o.Oauth2LoginChallenge.Get() == nil {
+		var ret string
+		return ret
+	}
+	return *o.Oauth2LoginChallenge.Get()
+}
+
+// GetOauth2LoginChallengeOk returns a tuple with the Oauth2LoginChallenge field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+// NOTE: If the value is an explicit nil, `nil, true` will be returned
+func (o *SelfServiceLoginFlow) GetOauth2LoginChallengeOk() (*string, bool) {
+	if o == nil {
+		return nil, false
+	}
+	return o.Oauth2LoginChallenge.Get(), o.Oauth2LoginChallenge.IsSet()
+}
+
+// HasOauth2LoginChallenge returns a boolean if a field has been set.
+func (o *SelfServiceLoginFlow) HasOauth2LoginChallenge() bool {
+	if o != nil && o.Oauth2LoginChallenge.IsSet() {
+		return true
+	}
+
+	return false
+}
+
+// SetOauth2LoginChallenge gets a reference to the given NullableString and assigns it to the Oauth2LoginChallenge field.
+func (o *SelfServiceLoginFlow) SetOauth2LoginChallenge(v string) {
+	o.Oauth2LoginChallenge.Set(&v)
+}
+
+// SetOauth2LoginChallengeNil sets the value for Oauth2LoginChallenge to be an explicit nil
+func (o *SelfServiceLoginFlow) SetOauth2LoginChallengeNil() {
+	o.Oauth2LoginChallenge.Set(nil)
+}
+
+// UnsetOauth2LoginChallenge ensures that no value is present for Oauth2LoginChallenge, not even an explicit nil
+func (o *SelfServiceLoginFlow) UnsetOauth2LoginChallenge() {
+	o.Oauth2LoginChallenge.Unset()
+}
+
+// GetOauth2LoginRequest returns the Oauth2LoginRequest field value if set, zero value otherwise.
+func (o *SelfServiceLoginFlow) GetOauth2LoginRequest() LoginRequest {
+	if o == nil || o.Oauth2LoginRequest == nil {
+		var ret LoginRequest
+		return ret
+	}
+	return *o.Oauth2LoginRequest
+}
+
+// GetOauth2LoginRequestOk returns a tuple with the Oauth2LoginRequest field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *SelfServiceLoginFlow) GetOauth2LoginRequestOk() (*LoginRequest, bool) {
+	if o == nil || o.Oauth2LoginRequest == nil {
+		return nil, false
+	}
+	return o.Oauth2LoginRequest, true
+}
+
+// HasOauth2LoginRequest returns a boolean if a field has been set.
+func (o *SelfServiceLoginFlow) HasOauth2LoginRequest() bool {
+	if o != nil && o.Oauth2LoginRequest != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetOauth2LoginRequest gets a reference to the given LoginRequest and assigns it to the Oauth2LoginRequest field.
+func (o *SelfServiceLoginFlow) SetOauth2LoginRequest(v LoginRequest) {
+	o.Oauth2LoginRequest = &v
+}
+
 // GetRefresh returns the Refresh field value if set, zero value otherwise.
 func (o *SelfServiceLoginFlow) GetRefresh() bool {
 	if o == nil || o.Refresh == nil {
@@ -417,6 +494,12 @@ func (o SelfServiceLoginFlow) MarshalJSON() ([]byte, error) {
 	if true {
 		toSerialize["issued_at"] = o.IssuedAt
 	}
+	if o.Oauth2LoginChallenge.IsSet() {
+		toSerialize["oauth2_login_challenge"] = o.Oauth2LoginChallenge.Get()
+	}
+	if o.Oauth2LoginRequest != nil {
+		toSerialize["oauth2_login_request"] = o.Oauth2LoginRequest
+	}
 	if o.Refresh != nil {
 		toSerialize["refresh"] = o.Refresh
 	}
diff --git a/internal/httpclient/model_self_service_registration_flow.go b/internal/httpclient/model_self_service_registration_flow.go
index ab11281c3d64..6ac174b259d1 100644
--- a/internal/httpclient/model_self_service_registration_flow.go
+++ b/internal/httpclient/model_self_service_registration_flow.go
@@ -24,7 +24,9 @@ type SelfServiceRegistrationFlow struct {
 	// ID represents the flow's unique ID. When performing the registration flow, this represents the id in the registration ui's query parameter: http:///?flow=
 	Id string `json:"id"`
 	// IssuedAt is the time (UTC) when the flow occurred.
-	IssuedAt time.Time `json:"issued_at"`
+	IssuedAt             time.Time      `json:"issued_at"`
+	Oauth2LoginChallenge NullableString `json:"oauth2_login_challenge,omitempty"`
+	Oauth2LoginRequest   *LoginRequest  `json:"oauth2_login_request,omitempty"`
 	// RequestURL is the initial URL that was requested from Ory Kratos. It can be used to forward information contained in the URL's path or query for example.
 	RequestUrl string `json:"request_url"`
 	// ReturnTo contains the requested return_to URL.
@@ -161,6 +163,81 @@ func (o *SelfServiceRegistrationFlow) SetIssuedAt(v time.Time) {
 	o.IssuedAt = v
 }
 
+// GetOauth2LoginChallenge returns the Oauth2LoginChallenge field value if set, zero value otherwise (both if not set or set to explicit null).
+func (o *SelfServiceRegistrationFlow) GetOauth2LoginChallenge() string {
+	if o == nil || o.Oauth2LoginChallenge.Get() == nil {
+		var ret string
+		return ret
+	}
+	return *o.Oauth2LoginChallenge.Get()
+}
+
+// GetOauth2LoginChallengeOk returns a tuple with the Oauth2LoginChallenge field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+// NOTE: If the value is an explicit nil, `nil, true` will be returned
+func (o *SelfServiceRegistrationFlow) GetOauth2LoginChallengeOk() (*string, bool) {
+	if o == nil {
+		return nil, false
+	}
+	return o.Oauth2LoginChallenge.Get(), o.Oauth2LoginChallenge.IsSet()
+}
+
+// HasOauth2LoginChallenge returns a boolean if a field has been set.
+func (o *SelfServiceRegistrationFlow) HasOauth2LoginChallenge() bool {
+	if o != nil && o.Oauth2LoginChallenge.IsSet() {
+		return true
+	}
+
+	return false
+}
+
+// SetOauth2LoginChallenge gets a reference to the given NullableString and assigns it to the Oauth2LoginChallenge field.
+func (o *SelfServiceRegistrationFlow) SetOauth2LoginChallenge(v string) {
+	o.Oauth2LoginChallenge.Set(&v)
+}
+
+// SetOauth2LoginChallengeNil sets the value for Oauth2LoginChallenge to be an explicit nil
+func (o *SelfServiceRegistrationFlow) SetOauth2LoginChallengeNil() {
+	o.Oauth2LoginChallenge.Set(nil)
+}
+
+// UnsetOauth2LoginChallenge ensures that no value is present for Oauth2LoginChallenge, not even an explicit nil
+func (o *SelfServiceRegistrationFlow) UnsetOauth2LoginChallenge() {
+	o.Oauth2LoginChallenge.Unset()
+}
+
+// GetOauth2LoginRequest returns the Oauth2LoginRequest field value if set, zero value otherwise.
+func (o *SelfServiceRegistrationFlow) GetOauth2LoginRequest() LoginRequest {
+	if o == nil || o.Oauth2LoginRequest == nil {
+		var ret LoginRequest
+		return ret
+	}
+	return *o.Oauth2LoginRequest
+}
+
+// GetOauth2LoginRequestOk returns a tuple with the Oauth2LoginRequest field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *SelfServiceRegistrationFlow) GetOauth2LoginRequestOk() (*LoginRequest, bool) {
+	if o == nil || o.Oauth2LoginRequest == nil {
+		return nil, false
+	}
+	return o.Oauth2LoginRequest, true
+}
+
+// HasOauth2LoginRequest returns a boolean if a field has been set.
+func (o *SelfServiceRegistrationFlow) HasOauth2LoginRequest() bool {
+	if o != nil && o.Oauth2LoginRequest != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetOauth2LoginRequest gets a reference to the given LoginRequest and assigns it to the Oauth2LoginRequest field.
+func (o *SelfServiceRegistrationFlow) SetOauth2LoginRequest(v LoginRequest) {
+	o.Oauth2LoginRequest = &v
+}
+
 // GetRequestUrl returns the RequestUrl field value
 func (o *SelfServiceRegistrationFlow) GetRequestUrl() string {
 	if o == nil {
@@ -279,6 +356,12 @@ func (o SelfServiceRegistrationFlow) MarshalJSON() ([]byte, error) {
 	if true {
 		toSerialize["issued_at"] = o.IssuedAt
 	}
+	if o.Oauth2LoginChallenge.IsSet() {
+		toSerialize["oauth2_login_challenge"] = o.Oauth2LoginChallenge.Get()
+	}
+	if o.Oauth2LoginRequest != nil {
+		toSerialize["oauth2_login_request"] = o.Oauth2LoginRequest
+	}
 	if true {
 		toSerialize["request_url"] = o.RequestUrl
 	}
diff --git a/internal/registrationhelpers/helpers.go b/internal/registrationhelpers/helpers.go
index c6e16d249f28..a5d284089d5b 100644
--- a/internal/registrationhelpers/helpers.go
+++ b/internal/registrationhelpers/helpers.go
@@ -130,7 +130,7 @@ func AssertSchemDoesNotExist(t *testing.T, reg *driver.RegistryDefault, flows []
 		t.Run("type=spa", func(t *testing.T) {
 			skipIfNotEnabled(t, flows, "spa")
 			browserClient := testhelpers.NewClientWithCookies(t)
-			f := testhelpers.InitializeRegistrationFlowViaBrowser(t, browserClient, publicTS, true)
+			f := testhelpers.InitializeRegistrationFlowViaBrowser(t, browserClient, publicTS, true, false, false)
 			testhelpers.SetDefaultIdentitySchema(conf, "file://./stub/i-do-not-exist.schema.json")
 			t.Cleanup(reset)
 
@@ -142,7 +142,7 @@ func AssertSchemDoesNotExist(t *testing.T, reg *driver.RegistryDefault, flows []
 		t.Run("type=browser", func(t *testing.T) {
 			skipIfNotEnabled(t, flows, "browser")
 			browserClient := testhelpers.NewClientWithCookies(t)
-			f := testhelpers.InitializeRegistrationFlowViaBrowser(t, browserClient, publicTS, false)
+			f := testhelpers.InitializeRegistrationFlowViaBrowser(t, browserClient, publicTS, false, false, false)
 			testhelpers.SetDefaultIdentitySchema(conf, "file://./stub/i-do-not-exist.schema.json")
 			t.Cleanup(reset)
 
@@ -173,7 +173,7 @@ func AssertCSRFFailures(t *testing.T, reg *driver.RegistryDefault, flows []strin
 		skipIfNotEnabled(t, flows, "browser")
 
 		browserClient := testhelpers.NewClientWithCookies(t)
-		f := testhelpers.InitializeRegistrationFlowViaBrowser(t, browserClient, publicTS, false)
+		f := testhelpers.InitializeRegistrationFlowViaBrowser(t, browserClient, publicTS, false, false, false)
 
 		actual, res := testhelpers.RegistrationMakeRequest(t, false, false, f, browserClient, values.Encode())
 		assert.EqualValues(t, http.StatusOK, res.StatusCode)
@@ -185,7 +185,7 @@ func AssertCSRFFailures(t *testing.T, reg *driver.RegistryDefault, flows []strin
 		skipIfNotEnabled(t, flows, "spa")
 
 		browserClient := testhelpers.NewClientWithCookies(t)
-		f := testhelpers.InitializeRegistrationFlowViaBrowser(t, browserClient, publicTS, true)
+		f := testhelpers.InitializeRegistrationFlowViaBrowser(t, browserClient, publicTS, true, false, false)
 
 		actual, res := testhelpers.RegistrationMakeRequest(t, false, true, f, browserClient, values.Encode())
 		assert.EqualValues(t, http.StatusForbidden, res.StatusCode)
@@ -312,7 +312,7 @@ func AssertCommonErrorCases(t *testing.T, reg *driver.RegistryDefault, flows []s
 		})
 
 		t.Run("type=spa", func(t *testing.T) {
-			f := testhelpers.InitializeRegistrationFlowViaBrowser(t, apiClient, publicTS, true)
+			f := testhelpers.InitializeRegistrationFlowViaBrowser(t, apiClient, publicTS, true, false, false)
 			body, res := testhelpers.RegistrationMakeRequest(t, true, false, f, apiClient, "14=)=!(%)$/ZP()GHIÖ")
 			assert.Contains(t, res.Request.URL.String(), publicTS.URL+registration.RouteSubmitFlow)
 			assert.NotEmpty(t, gjson.Get(body, "id").String(), "%s", body)
@@ -321,7 +321,7 @@ func AssertCommonErrorCases(t *testing.T, reg *driver.RegistryDefault, flows []s
 
 		t.Run("type=browser", func(t *testing.T) {
 			browserClient := testhelpers.NewClientWithCookies(t)
-			f := testhelpers.InitializeRegistrationFlowViaBrowser(t, browserClient, publicTS, false)
+			f := testhelpers.InitializeRegistrationFlowViaBrowser(t, browserClient, publicTS, false, false, false)
 			body, res := testhelpers.RegistrationMakeRequest(t, false, false, f, browserClient, "14=)=!(%)$/ZP()GHIÖ")
 			assert.Contains(t, res.Request.URL.String(), uiTS.URL+"/registration-ts")
 			assert.NotEmpty(t, gjson.Get(body, "id").String(), "%s", body)
@@ -361,7 +361,7 @@ func AssertCommonErrorCases(t *testing.T, reg *driver.RegistryDefault, flows []s
 		})
 
 		t.Run("type=spa", func(t *testing.T) {
-			f := testhelpers.InitializeRegistrationFlowViaBrowser(t, apiClient, publicTS, true)
+			f := testhelpers.InitializeRegistrationFlowViaBrowser(t, apiClient, publicTS, true, false, false)
 			body, res := testhelpers.RegistrationMakeRequest(t, true, false, f, apiClient, "14=)=!(%)$/ZP()GHIÖ")
 			assert.Contains(t, res.Request.URL.String(), publicTS.URL+registration.RouteSubmitFlow)
 			assert.NotEmpty(t, gjson.Get(body, "id").String(), "%s", body)
@@ -370,7 +370,7 @@ func AssertCommonErrorCases(t *testing.T, reg *driver.RegistryDefault, flows []s
 
 		t.Run("type=browser", func(t *testing.T) {
 			browserClient := testhelpers.NewClientWithCookies(t)
-			f := testhelpers.InitializeRegistrationFlowViaBrowser(t, browserClient, publicTS, false)
+			f := testhelpers.InitializeRegistrationFlowViaBrowser(t, browserClient, publicTS, false, false, false)
 			body, res := testhelpers.RegistrationMakeRequest(t, false, false, f, browserClient, "14=)=!(%)$/ZP()GHIÖ")
 			assert.Contains(t, res.Request.URL.String(), uiTS.URL+"/registration-ts")
 			assert.NotEmpty(t, gjson.Get(body, "id").String(), "%s", body)
@@ -390,7 +390,7 @@ func AssertCommonErrorCases(t *testing.T, reg *driver.RegistryDefault, flows []s
 
 		t.Run("type=spa", func(t *testing.T) {
 			browserClient := testhelpers.NewClientWithCookies(t)
-			f := testhelpers.InitializeRegistrationFlowViaBrowser(t, browserClient, publicTS, true)
+			f := testhelpers.InitializeRegistrationFlowViaBrowser(t, browserClient, publicTS, true, false, false)
 			body, res := testhelpers.RegistrationMakeRequest(t, false, true, f, browserClient, "{}}")
 			assert.Contains(t, res.Request.URL.String(), publicTS.URL+registration.RouteSubmitFlow)
 			assert.NotEmpty(t, gjson.Get(body, "id").String(), "%s", body)
@@ -399,7 +399,7 @@ func AssertCommonErrorCases(t *testing.T, reg *driver.RegistryDefault, flows []s
 
 		t.Run("type=browser", func(t *testing.T) {
 			browserClient := testhelpers.NewClientWithCookies(t)
-			f := testhelpers.InitializeRegistrationFlowViaBrowser(t, browserClient, publicTS, false)
+			f := testhelpers.InitializeRegistrationFlowViaBrowser(t, browserClient, publicTS, false, false, false)
 			body, res := testhelpers.RegistrationMakeRequest(t, false, false, f, browserClient, "foo=bar")
 			assert.Contains(t, res.Request.URL.String(), uiTS.URL+"/registration-ts")
 			assert.NotEmpty(t, gjson.Get(body, "id").String(), "%s", body)
@@ -457,7 +457,7 @@ func AssertCommonErrorCases(t *testing.T, reg *driver.RegistryDefault, flows []s
 
 		t.Run("type=spa", func(t *testing.T) {
 			browserClient := testhelpers.NewClientWithCookies(t)
-			f := testhelpers.InitializeRegistrationFlowViaBrowser(t, browserClient, publicTS, true)
+			f := testhelpers.InitializeRegistrationFlowViaBrowser(t, browserClient, publicTS, true, false, false)
 
 			time.Sleep(time.Millisecond * 600)
 			actual, res := testhelpers.RegistrationMakeRequest(t, false, true, f, browserClient, "{}")
@@ -468,7 +468,7 @@ func AssertCommonErrorCases(t *testing.T, reg *driver.RegistryDefault, flows []s
 
 		t.Run("type=browser", func(t *testing.T) {
 			browserClient := testhelpers.NewClientWithCookies(t)
-			f := testhelpers.InitializeRegistrationFlowViaBrowser(t, browserClient, publicTS, false)
+			f := testhelpers.InitializeRegistrationFlowViaBrowser(t, browserClient, publicTS, false, false, false)
 
 			time.Sleep(time.Millisecond * 600)
 			actual, res := testhelpers.RegistrationMakeRequest(t, false, false, f, browserClient, "")
diff --git a/internal/testhelpers/http.go b/internal/testhelpers/http.go
index 7e993fb0b140..6907fe0d7f04 100644
--- a/internal/testhelpers/http.go
+++ b/internal/testhelpers/http.go
@@ -3,8 +3,10 @@ package testhelpers
 import (
 	"bytes"
 	"encoding/json"
+	"errors"
 	"io"
 	"net/http"
+	"net/http/cookiejar"
 	"net/url"
 	"testing"
 
@@ -15,6 +17,29 @@ func NewDebugClient(t *testing.T) *http.Client {
 	return &http.Client{Transport: NewTransportWithLogger(http.DefaultTransport, t)}
 }
 
+func NewClientWithCookieJar(t *testing.T, jar *cookiejar.Jar, debugRedirects bool) *http.Client {
+	if jar == nil {
+		j, err := cookiejar.New(nil)
+		jar = j
+		require.NoError(t, err)
+	}
+	return &http.Client{
+		Jar: jar,
+		CheckRedirect: func(req *http.Request, via []*http.Request) error {
+			if debugRedirects {
+				t.Logf("Redirect: %s", req.URL.String())
+			}
+			if len(via) >= 20 {
+				for k, v := range via {
+					t.Logf("Failed with redirect (%d): %s", k, v.URL.String())
+				}
+				return errors.New("stopped after 20 redirects")
+			}
+			return nil
+		},
+	}
+}
+
 func NewRequest(t *testing.T, isAPI bool, method string, url string, payload io.Reader) *http.Request {
 	req, err := http.NewRequest("POST", url, payload)
 	require.NoError(t, err)
diff --git a/internal/testhelpers/selfservice_login.go b/internal/testhelpers/selfservice_login.go
index e4b16e63a236..d91bcf7dd6af 100644
--- a/internal/testhelpers/selfservice_login.go
+++ b/internal/testhelpers/selfservice_login.go
@@ -51,9 +51,10 @@ func NewLoginUIWith401Response(t *testing.T, c *config.Config) *httptest.Server
 }
 
 type initFlowOptions struct {
-	aal      identity.AuthenticatorAssuranceLevel
-	returnTo string
-	refresh  bool
+	aal                  identity.AuthenticatorAssuranceLevel
+	returnTo             string
+	refresh              bool
+	oauth2LoginChallenge string
 }
 
 func (o *initFlowOptions) apply(opts []InitFlowWithOption) *initFlowOptions {
@@ -79,6 +80,10 @@ func getURLFromInitOptions(ts *httptest.Server, path string, forced bool, opts .
 		q.Set("return_to", string(o.returnTo))
 	}
 
+	if o.oauth2LoginChallenge != "" {
+		q.Set("login_challenge", o.oauth2LoginChallenge)
+	}
+
 	u := urlx.ParseOrPanic(ts.URL + path)
 	u.RawQuery = q.Encode()
 	return u.String()
@@ -104,7 +109,13 @@ func InitFlowWithRefresh() InitFlowWithOption {
 	}
 }
 
-func InitializeLoginFlowViaBrowser(t *testing.T, client *http.Client, ts *httptest.Server, forced bool, isSPA bool, opts ...InitFlowWithOption) *kratos.SelfServiceLoginFlow {
+func InitFlowWithOAuth2LoginChallenge(hlc string) InitFlowWithOption {
+	return func(o *initFlowOptions) {
+		o.oauth2LoginChallenge = hlc
+	}
+}
+
+func InitializeLoginFlowViaBrowser(t *testing.T, client *http.Client, ts *httptest.Server, forced bool, isSPA bool, expectInitError bool, expectGetError bool, opts ...InitFlowWithOption) *kratos.SelfServiceLoginFlow {
 	publicClient := NewSDKCustomClient(ts, client)
 
 	req, err := http.NewRequest("GET", getURLFromInitOptions(ts, login.RouteInitBrowserFlow, forced, opts...), nil)
@@ -118,6 +129,11 @@ func InitializeLoginFlowViaBrowser(t *testing.T, client *http.Client, ts *httpte
 	require.NoError(t, err)
 	body := x.MustReadAll(res.Body)
 	require.NoError(t, res.Body.Close())
+	if expectInitError {
+		require.Equal(t, 200, res.StatusCode)
+		require.NotNil(t, res.Request.URL)
+		require.Contains(t, res.Request.URL.String(), "error-ts")
+	}
 
 	flowID := res.Request.URL.Query().Get("flow")
 	if isSPA {
@@ -125,8 +141,13 @@ func InitializeLoginFlowViaBrowser(t *testing.T, client *http.Client, ts *httpte
 	}
 
 	rs, _, err := publicClient.V0alpha2Api.GetSelfServiceLoginFlow(context.Background()).Id(flowID).Execute()
-	require.NoError(t, err)
-	assert.Empty(t, rs.Active)
+	if expectGetError {
+		require.Error(t, err)
+		require.Nil(t, rs)
+	} else {
+		require.NoError(t, err)
+		assert.Empty(t, rs.Active)
+	}
 
 	return rs
 }
@@ -195,7 +216,7 @@ func SubmitLoginForm(
 	if isAPI {
 		f = InitializeLoginFlowViaAPI(t, hc, publicTS, forced)
 	} else {
-		f = InitializeLoginFlowViaBrowser(t, hc, publicTS, forced, isSPA)
+		f = InitializeLoginFlowViaBrowser(t, hc, publicTS, forced, isSPA, false, false)
 	}
 
 	time.Sleep(time.Millisecond) // add a bit of delay to allow `1ns` to time out.
diff --git a/internal/testhelpers/selfservice_registration.go b/internal/testhelpers/selfservice_registration.go
index 1e7379e63839..1c04a522b6ca 100644
--- a/internal/testhelpers/selfservice_registration.go
+++ b/internal/testhelpers/selfservice_registration.go
@@ -39,7 +39,7 @@ func NewRegistrationUIFlowEchoServer(t *testing.T, reg driver.Registry) *httptes
 	return ts
 }
 
-func InitializeRegistrationFlowViaBrowser(t *testing.T, client *http.Client, ts *httptest.Server, isSPA bool, opts ...InitFlowWithOption) *kratos.SelfServiceRegistrationFlow {
+func InitializeRegistrationFlowViaBrowser(t *testing.T, client *http.Client, ts *httptest.Server, isSPA bool, expectInitError bool, expectGetError bool, opts ...InitFlowWithOption) *kratos.SelfServiceRegistrationFlow {
 	req, err := http.NewRequest("GET", getURLFromInitOptions(ts, registration.RouteInitBrowserFlow, false, opts...), nil)
 	require.NoError(t, err)
 
@@ -51,6 +51,11 @@ func InitializeRegistrationFlowViaBrowser(t *testing.T, client *http.Client, ts
 	require.NoError(t, err)
 	body := x.MustReadAll(res.Body)
 	require.NoError(t, res.Body.Close())
+	if expectInitError {
+		require.Equal(t, 200, res.StatusCode)
+		require.NotNil(t, res.Request.URL)
+		require.Contains(t, res.Request.URL.String(), "error-ts")
+	}
 
 	flowID := res.Request.URL.Query().Get("flow")
 	if isSPA {
@@ -58,8 +63,13 @@ func InitializeRegistrationFlowViaBrowser(t *testing.T, client *http.Client, ts
 	}
 
 	rs, _, err := NewSDKCustomClient(ts, client).V0alpha2Api.GetSelfServiceRegistrationFlow(context.Background()).Id(flowID).Execute()
-	require.NoError(t, err)
-	assert.Empty(t, rs.Active)
+	if expectGetError {
+		require.Error(t, err)
+		require.Nil(t, rs)
+	} else {
+		require.NoError(t, err)
+		assert.Empty(t, rs.Active)
+	}
 	return rs
 }
 
@@ -114,7 +124,7 @@ func SubmitRegistrationForm(
 	if isAPI {
 		payload = InitializeRegistrationFlowViaAPI(t, hc, publicTS)
 	} else {
-		payload = InitializeRegistrationFlowViaBrowser(t, hc, publicTS, isSPA)
+		payload = InitializeRegistrationFlowViaBrowser(t, hc, publicTS, isSPA, false, false)
 	}
 
 	time.Sleep(time.Millisecond) // add a bit of delay to allow `1ns` to time out.
diff --git a/package-lock.json b/package-lock.json
index 9895f8a50f48..27f1f71a24c1 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -11,9 +11,10 @@
       "devDependencies": {
         "@ory/kratos-client": "0.0.0-next.8d3b018594f7",
         "@types/node": "^16.9.6",
+        "@types/uuid": "^8.3.4",
         "@types/yamljs": "^0.2.31",
         "chrome-remote-interface": "^0.31.0",
-        "cypress": "^9.5.1",
+        "cypress": "^9.6.0",
         "dayjs": "^1.10.4",
         "got": "^11.8.2",
         "ory-prettier-styles": "1.3.0",
@@ -24,6 +25,16 @@
         "wait-on": "5.3.0"
       }
     },
+    "node_modules/@colors/colors": {
+      "version": "1.5.0",
+      "resolved": "https://registry.npmjs.org/@colors/colors/-/colors-1.5.0.tgz",
+      "integrity": "sha512-ooWCrlZP11i8GImSjTHYHLkvFDP48nS4+204nGb1RiX/WXYHmJA2III9/e2DWVabCESdW7hBAEzHRqUn9OUVvQ==",
+      "dev": true,
+      "optional": true,
+      "engines": {
+        "node": ">=0.1.90"
+      }
+    },
     "node_modules/@cypress/request": {
       "version": "2.88.10",
       "resolved": "https://registry.npmjs.org/@cypress/request/-/request-2.88.10.tgz",
@@ -73,9 +84,9 @@
       }
     },
     "node_modules/@hapi/hoek": {
-      "version": "9.2.1",
-      "resolved": "https://registry.npmjs.org/@hapi/hoek/-/hoek-9.2.1.tgz",
-      "integrity": "sha512-gfta+H8aziZsm8pZa0vj04KO6biEiisppNgA1kbJvFrrWu9Vm7eaUEy76DIxsuTaWvti5fkJVhllWc6ZTE+Mdw==",
+      "version": "9.3.0",
+      "resolved": "https://registry.npmjs.org/@hapi/hoek/-/hoek-9.3.0.tgz",
+      "integrity": "sha512-/c6rf4UJlmHlC9b5BaNvzAcFv7HZ2QHaV0D4/HNlBdvFnvQq8RI4kYdhyPCl7Xj+oWvTWQ8ujhqS53LIgAe6KQ==",
       "dev": true
     },
     "node_modules/@hapi/topo": {
@@ -88,11 +99,11 @@
       }
     },
     "node_modules/@nestjs/common": {
-      "version": "8.2.6",
-      "resolved": "https://registry.npmjs.org/@nestjs/common/-/common-8.2.6.tgz",
-      "integrity": "sha512-flLYSXunxcKyjbYddrhwbc49uE705MxBt85rS3mHyhDbAIPSGGeZEqME44YyAzCg1NTfJSNe7ztmOce5kNkb9A==",
+      "version": "8.4.4",
+      "resolved": "https://registry.npmjs.org/@nestjs/common/-/common-8.4.4.tgz",
+      "integrity": "sha512-QHi7QcgH/5Jinz+SCfIZJkFHc6Cch1YsAEGFEhi6wSp6MILb0sJMQ1CX06e9tCOAjSlBwaJj4PH0eFCVau5v9Q==",
       "dependencies": {
-        "axios": "0.24.0",
+        "axios": "0.26.1",
         "iterare": "1.2.1",
         "tslib": "2.3.1",
         "uuid": "8.3.2"
@@ -126,15 +137,15 @@
       "integrity": "sha512-77EbyPPpMz+FRFRuAFlWMtmgUWGe9UOG2Z25NqCwiIjRhOf5iKGuzSe5P2w1laq+FkRy4p+PCuVkJSGkzTEKVw=="
     },
     "node_modules/@nestjs/core": {
-      "version": "8.2.6",
-      "resolved": "https://registry.npmjs.org/@nestjs/core/-/core-8.2.6.tgz",
-      "integrity": "sha512-NwPcEIMmCsucs3QaDlQvkoU1FlFM2wm/WjaqLQhkSoIEmAR1gNtBo88f5io5cpMwCo1k5xYhqGlaSl6TfngwWQ==",
+      "version": "8.4.4",
+      "resolved": "https://registry.npmjs.org/@nestjs/core/-/core-8.4.4.tgz",
+      "integrity": "sha512-Ef3yJPuzAttpNfehnGqIV5kHIL9SHptB5F4ERxoU7pT61H3xiYpZw6hSjx68cJO7cc6rm7/N+b4zeuJvFHtvBg==",
       "hasInstallScript": true,
       "dependencies": {
         "@nuxtjs/opencollective": "0.3.2",
         "fast-safe-stringify": "2.1.1",
         "iterare": "1.2.1",
-        "object-hash": "2.2.0",
+        "object-hash": "3.0.0",
         "path-to-regexp": "3.2.0",
         "tslib": "2.3.1",
         "uuid": "8.3.2"
@@ -221,25 +232,25 @@
       }
     },
     "node_modules/@openapitools/openapi-generator-cli": {
-      "version": "2.4.26",
-      "resolved": "https://registry.npmjs.org/@openapitools/openapi-generator-cli/-/openapi-generator-cli-2.4.26.tgz",
-      "integrity": "sha512-O42H9q1HWGoIpcpMaUu318b6bmOgcjP3MieHwOrFdoG3KyttceBGlbLf9Kbf7WM91WSNCDXum7cnEKASuoGjAg==",
+      "version": "2.5.1",
+      "resolved": "https://registry.npmjs.org/@openapitools/openapi-generator-cli/-/openapi-generator-cli-2.5.1.tgz",
+      "integrity": "sha512-WSRQBU0dCSVD+0Qv8iCsv0C4iMaZe/NpJ/CT4SmrEYLH3txoKTE8wEfbdj/kqShS8Or0YEGDPUzhSIKY151L0w==",
       "hasInstallScript": true,
       "dependencies": {
-        "@nestjs/common": "8.2.6",
-        "@nestjs/core": "8.2.6",
+        "@nestjs/common": "8.4.4",
+        "@nestjs/core": "8.4.4",
         "@nuxtjs/opencollective": "0.3.2",
         "chalk": "4.1.2",
         "commander": "8.3.0",
-        "compare-versions": "3.6.0",
+        "compare-versions": "4.1.3",
         "concurrently": "6.5.1",
         "console.table": "0.10.0",
-        "fs-extra": "10.0.0",
+        "fs-extra": "10.0.1",
         "glob": "7.1.6",
-        "inquirer": "8.2.0",
+        "inquirer": "8.2.2",
         "lodash": "4.17.21",
         "reflect-metadata": "0.1.13",
-        "rxjs": "7.5.2",
+        "rxjs": "7.5.5",
         "tslib": "2.0.3"
       },
       "bin": {
@@ -319,9 +330,9 @@
       }
     },
     "node_modules/@sideway/address": {
-      "version": "4.1.3",
-      "resolved": "https://registry.npmjs.org/@sideway/address/-/address-4.1.3.tgz",
-      "integrity": "sha512-8ncEUtmnTsMmL7z1YPB47kPUq7LpKWJNFPsRzHiIajGC5uXlWGn+AmkYPcHNl8S4tcEGx+cnORnNYaw2wvL+LQ==",
+      "version": "4.1.4",
+      "resolved": "https://registry.npmjs.org/@sideway/address/-/address-4.1.4.tgz",
+      "integrity": "sha512-7vwq+rOHVWjyXxVlR76Agnvhy8I9rpzjosTESvmhNeXOXdZZB15Fl+TI9x1SiHZH5Jv2wTGduSxFDIaq0m3DUw==",
       "dev": true,
       "dependencies": {
         "@hapi/hoek": "^9.0.0"
@@ -340,9 +351,9 @@
       "dev": true
     },
     "node_modules/@sindresorhus/is": {
-      "version": "4.4.0",
-      "resolved": "https://registry.npmjs.org/@sindresorhus/is/-/is-4.4.0.tgz",
-      "integrity": "sha512-QppPM/8l3Mawvh4rn9CNEYIU9bxpXUCRMaX9yUpvBk1nMKusLKpfXGDEKExKaPhLzcn3lzil7pR6rnJ11HgeRQ==",
+      "version": "4.6.0",
+      "resolved": "https://registry.npmjs.org/@sindresorhus/is/-/is-4.6.0.tgz",
+      "integrity": "sha512-t09vSN3MdfsyCHoFcTRCH/iUtG7OJ0CsjzB8cjAmKc/va/kIgeDI/TxsigdncE/4be734m0cvIYwNaV4i2XqAw==",
       "dev": true,
       "engines": {
         "node": ">=10"
@@ -391,10 +402,16 @@
       "integrity": "sha512-SZs7ekbP8CN0txVG2xVRH6EgKmEm31BOxA07vkFaETzZz1xh+cbt8BcI0slpymvwhx5dlFnQG2rTlPVQn+iRPQ==",
       "dev": true
     },
+    "node_modules/@types/json-buffer": {
+      "version": "3.0.0",
+      "resolved": "https://registry.npmjs.org/@types/json-buffer/-/json-buffer-3.0.0.tgz",
+      "integrity": "sha512-3YP80IxxFJB4b5tYC2SUPwkg0XQLiu0nWvhRgEatgjf+29IcWO9X1k8xRv5DGssJ/lCrjYTjQPcobJr2yWIVuQ==",
+      "dev": true
+    },
     "node_modules/@types/keyv": {
-      "version": "3.1.3",
-      "resolved": "https://registry.npmjs.org/@types/keyv/-/keyv-3.1.3.tgz",
-      "integrity": "sha512-FXCJgyyN3ivVgRoml4h94G/p3kY+u/B86La+QptcqJaWtBWtmc6TtkNfS40n9bIvyLteHh7zXOtgbobORKPbDg==",
+      "version": "3.1.4",
+      "resolved": "https://registry.npmjs.org/@types/keyv/-/keyv-3.1.4.tgz",
+      "integrity": "sha512-BQ5aZNSCpj7D6K2ksrRCTmKRLEpnPvWDiLPfoGyhZ++8YtiK9d/3DBKPJgry359X/P1PfruyYwvnvwFjuEiEIg==",
       "dev": true,
       "dependencies": {
         "@types/node": "*"
@@ -407,9 +424,9 @@
       "dev": true
     },
     "node_modules/@types/node": {
-      "version": "16.11.24",
-      "resolved": "https://registry.npmjs.org/@types/node/-/node-16.11.24.tgz",
-      "integrity": "sha512-Ezv33Rl4mIi6YdSHfIRNBd4Q9kUe5okiaw/ikvJiJDmuQZNW5kfdg7+oQPF8NO6sTcr3woIpj3jANzTXdvEZXA==",
+      "version": "16.11.41",
+      "resolved": "https://registry.npmjs.org/@types/node/-/node-16.11.41.tgz",
+      "integrity": "sha512-mqoYK2TnVjdkGk8qXAVGc/x9nSaTpSrFaGFm43BUH3IdoBV0nta6hYaGmdOvIMlbHJbUEVen3gvwpwovAZKNdQ==",
       "dev": true
     },
     "node_modules/@types/responselike": {
@@ -433,6 +450,12 @@
       "integrity": "sha512-JYM8x9EGF163bEyhdJBpR2QX1R5naCJHC8ucJylJ3w9/CVBaskdQ8WqBf8MmQrd1kRvp/a4TS8HJ+bxzR7ZJYQ==",
       "dev": true
     },
+    "node_modules/@types/uuid": {
+      "version": "8.3.4",
+      "resolved": "https://registry.npmjs.org/@types/uuid/-/uuid-8.3.4.tgz",
+      "integrity": "sha512-c/I8ZRb51j+pYGAu5CrFMRxqZ2ke4y2grEBO5AUjgSkSk+qT2Ea+OdWElz/OiMf5MNpn2b17kuVBwZLQJXzihw==",
+      "dev": true
+    },
     "node_modules/@types/yamljs": {
       "version": "0.2.31",
       "resolved": "https://registry.npmjs.org/@types/yamljs/-/yamljs-0.2.31.tgz",
@@ -440,9 +463,9 @@
       "dev": true
     },
     "node_modules/@types/yauzl": {
-      "version": "2.9.2",
-      "resolved": "https://registry.npmjs.org/@types/yauzl/-/yauzl-2.9.2.tgz",
-      "integrity": "sha512-8uALY5LTvSuHgloDVUvWP3pIauILm+8/0pDMokuDYIoNsOkSwd5AiHBTSEJjKTDcZr5z8UpgOWZkxBF4iJftoA==",
+      "version": "2.10.0",
+      "resolved": "https://registry.npmjs.org/@types/yauzl/-/yauzl-2.10.0.tgz",
+      "integrity": "sha512-Cn6WYCm0tXv8p6k+A8PvbDG763EDpBoTzHdA+Q/MF6H3sapGjCm9NzoaJncJS9tUKSuCoDs9XHxYYsQDgxR6kw==",
       "dev": true,
       "optional": true,
       "dependencies": {
@@ -463,9 +486,9 @@
       }
     },
     "node_modules/ansi-colors": {
-      "version": "4.1.1",
-      "resolved": "https://registry.npmjs.org/ansi-colors/-/ansi-colors-4.1.1.tgz",
-      "integrity": "sha512-JoX0apGbHaUJBNl6yF+p6JAFYZ666/hhCGKN5t9QFjbJQKUU/g8MNbFDbvfrgKXvI1QpZplPOnwIo99lX/AAmA==",
+      "version": "4.1.3",
+      "resolved": "https://registry.npmjs.org/ansi-colors/-/ansi-colors-4.1.3.tgz",
+      "integrity": "sha512-/6w/C21Pm1A7aZitlI5Ni/2J6FFQN8i1Cvz3kHABAAbw93v/NlvKdVOqz7CCWz/3iv/JplRSEEZ83XION15ovw==",
       "dev": true,
       "engines": {
         "node": ">=6"
@@ -556,7 +579,7 @@
     "node_modules/assert-plus": {
       "version": "1.0.0",
       "resolved": "https://registry.npmjs.org/assert-plus/-/assert-plus-1.0.0.tgz",
-      "integrity": "sha1-8S4PPF13sLHN2RRpQuTpbB5N1SU=",
+      "integrity": "sha512-NfJ4UzBCcQGLDlQq7nHxH+tv3kyZ0hHQqF5BO6J7tNJeP5do1llPr8dZ8zHonfhAu0PHAdMkSo+8o0wxg9lZWw==",
       "dev": true,
       "engines": {
         "node": ">=0.8"
@@ -572,15 +595,15 @@
       }
     },
     "node_modules/async": {
-      "version": "3.2.3",
-      "resolved": "https://registry.npmjs.org/async/-/async-3.2.3.tgz",
-      "integrity": "sha512-spZRyzKL5l5BZQrr/6m/SqFdBN0q3OCI0f9rjfBzCMBIP4p75P620rR3gTmaksNOhmzgdxcaxdNfMy6anrbM0g==",
+      "version": "3.2.4",
+      "resolved": "https://registry.npmjs.org/async/-/async-3.2.4.tgz",
+      "integrity": "sha512-iAB+JbDEGXhyIUavoDl9WP/Jj106Kz9DEn1DPgYw5ruDn0e3Wgi3sKFm55sASdGBNOQB8F59d9qQ7deqrHA8wQ==",
       "dev": true
     },
     "node_modules/asynckit": {
       "version": "0.4.0",
       "resolved": "https://registry.npmjs.org/asynckit/-/asynckit-0.4.0.tgz",
-      "integrity": "sha1-x57Zf380y48robyXkLzDZkdLS3k=",
+      "integrity": "sha512-Oei9OH4tRh0YqU3GxhX79dM/mwVgvbZJaSNaRk+bshkj0S5cfHcgYakreBjrHwatXKbz+IoIdYLxrKim2MjW0Q==",
       "dev": true
     },
     "node_modules/at-least-node": {
@@ -595,7 +618,7 @@
     "node_modules/aws-sign2": {
       "version": "0.7.0",
       "resolved": "https://registry.npmjs.org/aws-sign2/-/aws-sign2-0.7.0.tgz",
-      "integrity": "sha1-tG6JCTSpWR8tL2+G1+ap8bP+dqg=",
+      "integrity": "sha512-08kcGqnYf/YmjoRhfxyu+CLxBjUtHLXLXX/vUfx9l2LYzG3c1m61nrpyFUZI6zeS+Li/wWMMidD9KgrqtGq3mA==",
       "dev": true,
       "engines": {
         "node": "*"
@@ -608,11 +631,11 @@
       "dev": true
     },
     "node_modules/axios": {
-      "version": "0.24.0",
-      "resolved": "https://registry.npmjs.org/axios/-/axios-0.24.0.tgz",
-      "integrity": "sha512-Q6cWsys88HoPgAaFAVUb0WpPk0O8iTeisR9IMqy9G8AbO4NlpVknrnQS03zzF9PGAWgO3cgletO3VjV/P7VztA==",
+      "version": "0.26.1",
+      "resolved": "https://registry.npmjs.org/axios/-/axios-0.26.1.tgz",
+      "integrity": "sha512-fPwcX4EvnSHuInCMItEhAGnaSEXRBjtzh9fOtsE6E1G6p7vl7edEeZe11QHf18+6+9gR5PbKV/sGKNaD8YaMeA==",
       "dependencies": {
-        "follow-redirects": "^1.14.4"
+        "follow-redirects": "^1.14.8"
       }
     },
     "node_modules/balanced-match": {
@@ -642,7 +665,7 @@
     "node_modules/bcrypt-pbkdf": {
       "version": "1.0.2",
       "resolved": "https://registry.npmjs.org/bcrypt-pbkdf/-/bcrypt-pbkdf-1.0.2.tgz",
-      "integrity": "sha1-pDAdOJtqQ/m2f/PKEaP2Y342Dp4=",
+      "integrity": "sha512-qeFIXtP4MSoi6NLqO12WfqARWWuCKi2Rn/9hJLEmtB5yTNr9DqFWkJRCf2qShWzPeAMRnOgCrq0sg/KLv5ES9w==",
       "dev": true,
       "dependencies": {
         "tweetnacl": "^0.14.3"
@@ -717,7 +740,7 @@
     "node_modules/buffer-crc32": {
       "version": "0.2.13",
       "resolved": "https://registry.npmjs.org/buffer-crc32/-/buffer-crc32-0.2.13.tgz",
-      "integrity": "sha1-DTM+PwDqxQqhRUq9MO+MKl2ackI=",
+      "integrity": "sha512-VO9Ht/+p3SN7SKWqcrgEzjGbRSJYTx+Q1pTQC0wrWqHx0vpJraQ6GtHx8tvcg1rlK1byhU5gccxgOgj7B0TDkQ==",
       "dev": true,
       "engines": {
         "node": "*"
@@ -762,7 +785,7 @@
     "node_modules/caseless": {
       "version": "0.12.0",
       "resolved": "https://registry.npmjs.org/caseless/-/caseless-0.12.0.tgz",
-      "integrity": "sha1-G2gcIf+EAzyCZUMJBolCDRhxUdw=",
+      "integrity": "sha512-4tYFyifaFfGacoiObjJegolkwSU4xQNGbVgUiNYVUxbQ2x2lUsFvY4hVgVzGiIe6WLOPqycWXA40l+PWsxthUw==",
       "dev": true
     },
     "node_modules/chalk": {
@@ -788,7 +811,7 @@
     "node_modules/check-more-types": {
       "version": "2.24.0",
       "resolved": "https://registry.npmjs.org/check-more-types/-/check-more-types-2.24.0.tgz",
-      "integrity": "sha1-FCD/sQ/URNz8ebQ4kbv//TKoRgA=",
+      "integrity": "sha512-Pj779qHxV2tuapviy1bSZNEL1maXr13bPYpsvSDB68HlYcYuhlDrmGd63i0JHMCLKzc7rUSNIrpdJlhVlNwrxA==",
       "dev": true,
       "engines": {
         "node": ">= 0.8.0"
@@ -814,9 +837,9 @@
       "dev": true
     },
     "node_modules/ci-info": {
-      "version": "3.3.0",
-      "resolved": "https://registry.npmjs.org/ci-info/-/ci-info-3.3.0.tgz",
-      "integrity": "sha512-riT/3vI5YpVH6/qomlDnJow6TBee2PBKSEpx3O32EGPYbWGIRsIlGRms3Sm74wYE1JMo8RnO04Hb12+v1J5ICw==",
+      "version": "3.3.2",
+      "resolved": "https://registry.npmjs.org/ci-info/-/ci-info-3.3.2.tgz",
+      "integrity": "sha512-xmDt/QIAdeZ9+nfdPsaBCpMvHNLFiLdjj59qjqn+6iPe6YmHGQ35sBnQ8uslRBXFmXkiZQOJRjvQeoGppoTjjg==",
       "dev": true
     },
     "node_modules/clean-stack": {
@@ -851,9 +874,9 @@
       }
     },
     "node_modules/cli-table3": {
-      "version": "0.6.1",
-      "resolved": "https://registry.npmjs.org/cli-table3/-/cli-table3-0.6.1.tgz",
-      "integrity": "sha512-w0q/enDHhPLq44ovMGdQeeDLvwxwavsJX7oQGYt/LrBlYsyaxyDnp6z3QzFut/6kLLKnlcUVJLrpB7KBfgG/RA==",
+      "version": "0.6.2",
+      "resolved": "https://registry.npmjs.org/cli-table3/-/cli-table3-0.6.2.tgz",
+      "integrity": "sha512-QyavHCaIC80cMivimWu4aWHilIpiDpfm3hGmqAmXVL1UsnbLuBSMd21hTX6VY4ZSDSM73ESLeF8TOYId3rBTbw==",
       "dev": true,
       "dependencies": {
         "string-width": "^4.2.0"
@@ -862,7 +885,7 @@
         "node": "10.* || >= 12.*"
       },
       "optionalDependencies": {
-        "colors": "1.4.0"
+        "@colors/colors": "1.5.0"
       }
     },
     "node_modules/cli-truncate": {
@@ -902,7 +925,7 @@
     "node_modules/clone": {
       "version": "1.0.4",
       "resolved": "https://registry.npmjs.org/clone/-/clone-1.0.4.tgz",
-      "integrity": "sha1-2jCcwmPfFZlMaIypAheco8fNfH4=",
+      "integrity": "sha512-JQHZ2QMW6l3aH/j6xCqQThY/9OH4D/9ls34cgkUBiEeocRTU04tHfKPBsUK1PqZCUQM7GiA0IIXJSuXHI64Kbg==",
       "engines": {
         "node": ">=0.8"
       }
@@ -910,7 +933,7 @@
     "node_modules/clone-response": {
       "version": "1.0.2",
       "resolved": "https://registry.npmjs.org/clone-response/-/clone-response-1.0.2.tgz",
-      "integrity": "sha1-0dyXOSAxTfZ/vrlCI7TuNQI56Ws=",
+      "integrity": "sha512-yjLXh88P599UOyPTFX0POsd7WxnbsVsGohcwzHOLspIhhpalPw1BcqED8NblyZLKcGrL8dTgMlcaZxV2jAD41Q==",
       "dev": true,
       "dependencies": {
         "mimic-response": "^1.0.0"
@@ -933,21 +956,11 @@
       "integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA=="
     },
     "node_modules/colorette": {
-      "version": "2.0.16",
-      "resolved": "https://registry.npmjs.org/colorette/-/colorette-2.0.16.tgz",
-      "integrity": "sha512-hUewv7oMjCp+wkBv5Rm0v87eJhq4woh5rSR+42YSQJKecCqgIqNkZ6lAlQms/BwHPJA5NKMRlpxPRv0n8HQW6g==",
+      "version": "2.0.19",
+      "resolved": "https://registry.npmjs.org/colorette/-/colorette-2.0.19.tgz",
+      "integrity": "sha512-3tlv/dIP7FWvj3BsbHrGLJ6l/oKh1O3TcgBqMn+yyCagOxc23fyzDS6HypQbgxWbkpDnf52p1LuR4eWDQ/K9WQ==",
       "dev": true
     },
-    "node_modules/colors": {
-      "version": "1.4.0",
-      "resolved": "https://registry.npmjs.org/colors/-/colors-1.4.0.tgz",
-      "integrity": "sha512-a+UqTh4kgZg/SlGvfbzDHpgRu7AAQOmmqRHJnxhRZICKFUT91brVhNNt58CMWU9PsBbv3PDCZUHbVxuDiH2mtA==",
-      "dev": true,
-      "optional": true,
-      "engines": {
-        "node": ">=0.1.90"
-      }
-    },
     "node_modules/combined-stream": {
       "version": "1.0.8",
       "resolved": "https://registry.npmjs.org/combined-stream/-/combined-stream-1.0.8.tgz",
@@ -978,14 +991,27 @@
       }
     },
     "node_modules/compare-versions": {
-      "version": "3.6.0",
-      "resolved": "https://registry.npmjs.org/compare-versions/-/compare-versions-3.6.0.tgz",
-      "integrity": "sha512-W6Af2Iw1z4CB7q4uU4hv646dW9GQuBM+YpC0UvUCWSD8w90SJjp+ujJuXaEMtAXBtSqGfMPuFOVn4/+FlaqfBA=="
+      "version": "4.1.3",
+      "resolved": "https://registry.npmjs.org/compare-versions/-/compare-versions-4.1.3.tgz",
+      "integrity": "sha512-WQfnbDcrYnGr55UwbxKiQKASnTtNnaAWVi8jZyy8NTpVAXWACSne8lMD1iaIo9AiU6mnuLvSVshCzewVuWxHUg=="
+    },
+    "node_modules/compress-brotli": {
+      "version": "1.3.8",
+      "resolved": "https://registry.npmjs.org/compress-brotli/-/compress-brotli-1.3.8.tgz",
+      "integrity": "sha512-lVcQsjhxhIXsuupfy9fmZUFtAIdBmXA7EGY6GBdgZ++qkM9zG4YFT8iU7FoBxzryNDMOpD1HIFHUSX4D87oqhQ==",
+      "dev": true,
+      "dependencies": {
+        "@types/json-buffer": "~3.0.0",
+        "json-buffer": "~3.0.1"
+      },
+      "engines": {
+        "node": ">= 12"
+      }
     },
     "node_modules/concat-map": {
       "version": "0.0.1",
       "resolved": "https://registry.npmjs.org/concat-map/-/concat-map-0.0.1.tgz",
-      "integrity": "sha1-2Klr13/Wjfd5OnMDajug1UBdR3s="
+      "integrity": "sha512-/Srv4dswyQNBfohGpz9o6Yb3Gz3SrUDqBH5rTuhGR7ahtlbYKnVxw2bCFMRljaA7EXHaXZ8wsHdodFvbkhKmqg=="
     },
     "node_modules/concurrently": {
       "version": "6.5.1",
@@ -1046,7 +1072,7 @@
     "node_modules/console.table": {
       "version": "0.10.0",
       "resolved": "https://registry.npmjs.org/console.table/-/console.table-0.10.0.tgz",
-      "integrity": "sha1-CRcCVYiHW+/XDPLv9L7yxuLXXQQ=",
+      "integrity": "sha512-dPyZofqggxuvSf7WXvNjuRfnsOk1YazkVP8FdxH4tcH2c37wc79/Yl6Bhr7Lsu00KMgy2ql/qCMuNu8xctZM8g==",
       "dependencies": {
         "easy-table": "1.1.0"
       },
@@ -1057,7 +1083,7 @@
     "node_modules/core-util-is": {
       "version": "1.0.2",
       "resolved": "https://registry.npmjs.org/core-util-is/-/core-util-is-1.0.2.tgz",
-      "integrity": "sha1-tf1UIgqivFq1eqtxQMlAdUUDwac=",
+      "integrity": "sha512-3lqz5YjWTYnW6dlDa5TLaTCcShfar1e40rmcJVwCBJC6mWlFuj0eCHIElmG1g5kyuJ/GD+8Wn4FFCcz4gJPfaQ==",
       "dev": true
     },
     "node_modules/cross-spawn": {
@@ -1075,9 +1101,9 @@
       }
     },
     "node_modules/cypress": {
-      "version": "9.5.1",
-      "resolved": "https://registry.npmjs.org/cypress/-/cypress-9.5.1.tgz",
-      "integrity": "sha512-H7lUWB3Svr44gz1rNnj941xmdsCljXoJa2cDneAltjI9leKLMQLm30x6jLlpQ730tiVtIbW5HdUmBzPzwzfUQg==",
+      "version": "9.7.0",
+      "resolved": "https://registry.npmjs.org/cypress/-/cypress-9.7.0.tgz",
+      "integrity": "sha512-+1EE1nuuuwIt/N1KXRR2iWHU+OiIt7H28jJDyyI4tiUftId/DrXYEwoDa5+kH2pki1zxnA0r6HrUGHV5eLbF5Q==",
       "dev": true,
       "hasInstallScript": true,
       "dependencies": {
@@ -1113,7 +1139,7 @@
         "listr2": "^3.8.3",
         "lodash": "^4.17.21",
         "log-symbols": "^4.0.0",
-        "minimist": "^1.2.5",
+        "minimist": "^1.2.6",
         "ospath": "^1.2.2",
         "pretty-bytes": "^5.6.0",
         "proxy-from-env": "1.0.0",
@@ -1132,9 +1158,9 @@
       }
     },
     "node_modules/cypress/node_modules/@types/node": {
-      "version": "14.18.11",
-      "resolved": "https://registry.npmjs.org/@types/node/-/node-14.18.11.tgz",
-      "integrity": "sha512-zCoCEMA+IPpsRkyCFBqew5vGb7r8RSiB3uwdu/map7uwLAfu1MTazW26/pUDWoNnF88vJz4W3U56i5gtXNqxGg==",
+      "version": "14.18.21",
+      "resolved": "https://registry.npmjs.org/@types/node/-/node-14.18.21.tgz",
+      "integrity": "sha512-x5W9s+8P4XteaxT/jKF0PSb7XEvo5VmqEWgsMlyeY4ZlLK8I6aH6g5TPPyDlLAep+GYf4kefb7HFyc7PAO3m+Q==",
       "dev": true
     },
     "node_modules/cypress/node_modules/commander": {
@@ -1179,7 +1205,7 @@
     "node_modules/dashdash": {
       "version": "1.14.1",
       "resolved": "https://registry.npmjs.org/dashdash/-/dashdash-1.14.1.tgz",
-      "integrity": "sha1-hTz6D3y+L+1d4gMmuN1YEDX24vA=",
+      "integrity": "sha512-jRFi8UDGo6j+odZiEpjazZaWqEal3w/basFjQHQEwVtZJGDpxbH1MeYluwCS8Xq5wmLJooDlMgvVarmWfGM44g==",
       "dev": true,
       "dependencies": {
         "assert-plus": "^1.0.0"
@@ -1201,15 +1227,15 @@
       }
     },
     "node_modules/dayjs": {
-      "version": "1.10.7",
-      "resolved": "https://registry.npmjs.org/dayjs/-/dayjs-1.10.7.tgz",
-      "integrity": "sha512-P6twpd70BcPK34K26uJ1KT3wlhpuOAPoMwJzpsIWUxHZ7wpmbdZL/hQqBDfz7hGurYSa5PhzdhDHtt319hL3ig==",
+      "version": "1.11.3",
+      "resolved": "https://registry.npmjs.org/dayjs/-/dayjs-1.11.3.tgz",
+      "integrity": "sha512-xxwlswWOlGhzgQ4TKzASQkUhqERI3egRNqgV4ScR8wlANA/A9tZ7miXa44vTTKEq5l7vWoL5G57bG3zA+Kow0A==",
       "dev": true
     },
     "node_modules/debug": {
-      "version": "4.3.3",
-      "resolved": "https://registry.npmjs.org/debug/-/debug-4.3.3.tgz",
-      "integrity": "sha512-/zxw5+vh1Tfv+4Qn7a5nsbcJKPaSvCDhojn6FEl9vupwK2VCSDtEiEtqr8DFtzYFOdz63LBkxec7DYuc2jon6Q==",
+      "version": "4.3.4",
+      "resolved": "https://registry.npmjs.org/debug/-/debug-4.3.4.tgz",
+      "integrity": "sha512-PRWFHuSU3eDtQJPvnNY7Jcket1j0t5OuOsFzPPzsekD52Zl8qUfFIPEiswXqIvHWGVHOgX+7G/vCNNhehwxfkQ==",
       "dev": true,
       "dependencies": {
         "ms": "2.1.2"
@@ -1253,7 +1279,7 @@
     "node_modules/defaults": {
       "version": "1.0.3",
       "resolved": "https://registry.npmjs.org/defaults/-/defaults-1.0.3.tgz",
-      "integrity": "sha1-xlYFHpgX2f8I7YgUd/P+QBnz730=",
+      "integrity": "sha512-s82itHOnYrN0Ib8r+z7laQz3sdE+4FP3d9Q7VLO7U+KRT+CR0GsWuyHxzdAY82I7cXv0G/twrqomTJLOssO5HA==",
       "dependencies": {
         "clone": "^1.0.2"
       }
@@ -1270,7 +1296,7 @@
     "node_modules/delayed-stream": {
       "version": "1.0.0",
       "resolved": "https://registry.npmjs.org/delayed-stream/-/delayed-stream-1.0.0.tgz",
-      "integrity": "sha1-3zrhmayt+31ECqrgsp4icrJOxhk=",
+      "integrity": "sha512-ZySD7Nf91aLB0RxL4KGrKHBXl7Eds1DAmEdcoVawXnLD7SDhpNgtuII2aAkg7a7QS41jxPSZ17p4VdGnMHk3MQ==",
       "dev": true,
       "engines": {
         "node": ">=0.4.0"
@@ -1309,7 +1335,7 @@
     "node_modules/easy-table": {
       "version": "1.1.0",
       "resolved": "https://registry.npmjs.org/easy-table/-/easy-table-1.1.0.tgz",
-      "integrity": "sha1-hvmrTBAvA3G3KXuSplHVgkvIy3M=",
+      "integrity": "sha512-oq33hWOSSnl2Hoh00tZWaIPi1ievrD9aFG82/IgjlycAnW9hHx5PkJiXpxPsgEE+H7BsbVQXFVFST8TEXS6/pA==",
       "optionalDependencies": {
         "wcwidth": ">=1.0.1"
       }
@@ -1317,7 +1343,7 @@
     "node_modules/ecc-jsbn": {
       "version": "0.1.2",
       "resolved": "https://registry.npmjs.org/ecc-jsbn/-/ecc-jsbn-0.1.2.tgz",
-      "integrity": "sha1-OoOpBOVDUyh4dMVkt1SThoSamMk=",
+      "integrity": "sha512-eh9O+hwRHNbG4BLTjEl3nw044CkGm5X6LoaCf7LPp7UU8Qrt47JYNi6nPX8xjW97TKGKm1ouctg0QSpZe9qrnw==",
       "dev": true,
       "dependencies": {
         "jsbn": "~0.1.0",
@@ -1361,7 +1387,7 @@
     "node_modules/escape-string-regexp": {
       "version": "1.0.5",
       "resolved": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-1.0.5.tgz",
-      "integrity": "sha1-G2HAViGQqN/2rjuyzwIAyhMLhtQ=",
+      "integrity": "sha512-vbRorB5FUQWvla16U8R/qgaFIya2qGzwDrNmCZuYKrbdSUMG6I1ZCGQRefkRVhuOkIGVne7BQ35DSfo1qvJqFg==",
       "engines": {
         "node": ">=0.8.0"
       }
@@ -1460,7 +1486,7 @@
     "node_modules/extsprintf": {
       "version": "1.3.0",
       "resolved": "https://registry.npmjs.org/extsprintf/-/extsprintf-1.3.0.tgz",
-      "integrity": "sha1-lpGEQOMEGnpBT4xS48V06zw+HgU=",
+      "integrity": "sha512-11Ndz7Nv+mvAC1j0ktTa7fAb0vLyGGX+rMHNBYQviQDGU0Hw7lhctJANqbPhu9nV9/izT/IntTgZ7Im/9LJs9g==",
       "dev": true,
       "engines": [
         "node >=0.6.0"
@@ -1499,7 +1525,7 @@
     "node_modules/fd-slicer": {
       "version": "1.1.0",
       "resolved": "https://registry.npmjs.org/fd-slicer/-/fd-slicer-1.1.0.tgz",
-      "integrity": "sha1-JcfInLH5B3+IkbvmHY85Dq4lbx4=",
+      "integrity": "sha512-cE1qsB/VwyQozZ+q1dGxR8LBYNZeofhEdUNGSMbQD3Gw2lAzX9Zb3uIU6Ebc/Fmyjo9AWWfnn0AUCHqtevs/8g==",
       "dev": true,
       "dependencies": {
         "pend": "~1.2.0"
@@ -1532,9 +1558,9 @@
       }
     },
     "node_modules/follow-redirects": {
-      "version": "1.14.8",
-      "resolved": "https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.14.8.tgz",
-      "integrity": "sha512-1x0S9UVJHsQprFcEC/qnNzBLcIxsjAV905f/UkQxbclCsoTWlacCNOpQa/anodLl2uaEKFhfWOvM2Qg77+15zA==",
+      "version": "1.15.1",
+      "resolved": "https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.15.1.tgz",
+      "integrity": "sha512-yLAMQs+k0b2m7cVxpS1VKJVvoz7SS9Td1zss3XRwXj+ZDH00RJgnuLx7E44wx02kQLrdM3aOOy+FpzS7+8OizA==",
       "funding": [
         {
           "type": "individual",
@@ -1553,7 +1579,7 @@
     "node_modules/forever-agent": {
       "version": "0.6.1",
       "resolved": "https://registry.npmjs.org/forever-agent/-/forever-agent-0.6.1.tgz",
-      "integrity": "sha1-+8cfDEGt6zf5bFd60e1C2P2sypE=",
+      "integrity": "sha512-j0KLYPhm6zeac4lz3oJ3o65qvgQCcPubiyotZrXqEaG4hNagNYO8qdlUrX5vwqv9ohqeT/Z3j6+yW067yWWdUw==",
       "dev": true,
       "engines": {
         "node": "*"
@@ -1574,9 +1600,9 @@
       }
     },
     "node_modules/fs-extra": {
-      "version": "10.0.0",
-      "resolved": "https://registry.npmjs.org/fs-extra/-/fs-extra-10.0.0.tgz",
-      "integrity": "sha512-C5owb14u9eJwizKGdchcDUQeFtlSHHthBk8pbX9Vc1PFZrLombudjDnNns88aYslCyF6IY5SUw3Roz6xShcEIQ==",
+      "version": "10.0.1",
+      "resolved": "https://registry.npmjs.org/fs-extra/-/fs-extra-10.0.1.tgz",
+      "integrity": "sha512-NbdoVMZso2Lsrn/QwLXOy6rm0ufY2zEOKCDzJR/0kBsb0E6qed0P3iYK+Ath3BfvXEeu4JhEtXLgILx5psUfag==",
       "dependencies": {
         "graceful-fs": "^4.2.0",
         "jsonfile": "^6.0.1",
@@ -1589,7 +1615,7 @@
     "node_modules/fs.realpath": {
       "version": "1.0.0",
       "resolved": "https://registry.npmjs.org/fs.realpath/-/fs.realpath-1.0.0.tgz",
-      "integrity": "sha1-FQStJSMVjKpA20onh8sBQRmU6k8="
+      "integrity": "sha512-OO0pH2lK6a0hZnAdau5ItzHPI6pUlvI7jMVnxUQRtw4owF2wk8lOSabtGDCTP4Ggrg2MbGnWO9X8K1t4+fGMDw=="
     },
     "node_modules/get-caller-file": {
       "version": "2.0.5",
@@ -1626,7 +1652,7 @@
     "node_modules/getpass": {
       "version": "0.1.7",
       "resolved": "https://registry.npmjs.org/getpass/-/getpass-0.1.7.tgz",
-      "integrity": "sha1-Xv+OPmhNVprkyysSgmBOi6YhSfo=",
+      "integrity": "sha512-0fzj9JxOLfJ+XGLhR8ze3unN0KZCgZwiSSDz168VERjK8Wl8kVSdcu2kspd4s4wtAa1y/qrVRiAA0WclVsu0ng==",
       "dev": true,
       "dependencies": {
         "assert-plus": "^1.0.0"
@@ -1707,9 +1733,9 @@
       }
     },
     "node_modules/got": {
-      "version": "11.8.3",
-      "resolved": "https://registry.npmjs.org/got/-/got-11.8.3.tgz",
-      "integrity": "sha512-7gtQ5KiPh1RtGS9/Jbv1ofDpBFuq42gyfEib+ejaRBJuj/3tQFeR5+gw57e4ipaU8c/rCjvX6fkQz2lyDlGAOg==",
+      "version": "11.8.5",
+      "resolved": "https://registry.npmjs.org/got/-/got-11.8.5.tgz",
+      "integrity": "sha512-o0Je4NvQObAuZPHLFoRSkdG2lTgtcynqymzg2Vupdx6PorhaT5MCbIyXG6d4D94kk8ZG57QeosgdiqfJWhEhlQ==",
       "dev": true,
       "dependencies": {
         "@sindresorhus/is": "^4.0.0",
@@ -1732,9 +1758,9 @@
       }
     },
     "node_modules/graceful-fs": {
-      "version": "4.2.9",
-      "resolved": "https://registry.npmjs.org/graceful-fs/-/graceful-fs-4.2.9.tgz",
-      "integrity": "sha512-NtNxqUcXgpW2iMrfqSfR73Glt39K+BLwWsPs94yR63v45T0Wbej7eRmL5cWfwEgqXnmjQp3zaJTshdRW/qC2ZQ=="
+      "version": "4.2.10",
+      "resolved": "https://registry.npmjs.org/graceful-fs/-/graceful-fs-4.2.10.tgz",
+      "integrity": "sha512-9ByhssR2fPVsNZj478qUUbKfmL0+t5BDVyjShtyZZLiK7ZDAArFFfopyOTj0M05wE2tJPisA4iTnnXl2YoPvOA=="
     },
     "node_modules/has-flag": {
       "version": "4.0.0",
@@ -1837,7 +1863,7 @@
     "node_modules/inflight": {
       "version": "1.0.6",
       "resolved": "https://registry.npmjs.org/inflight/-/inflight-1.0.6.tgz",
-      "integrity": "sha1-Sb1jMdfQLQwJvJEKEHW6gWW1bfk=",
+      "integrity": "sha512-k92I/b08q4wvFscXCLvqfsHCrjrF7yiXsQuIVvVE7N82W3+aqpzuUdBbfhWcy/FZR3/4IgflMgKLOsvPDrGCJA==",
       "dependencies": {
         "once": "^1.3.0",
         "wrappy": "1"
@@ -1858,9 +1884,9 @@
       }
     },
     "node_modules/inquirer": {
-      "version": "8.2.0",
-      "resolved": "https://registry.npmjs.org/inquirer/-/inquirer-8.2.0.tgz",
-      "integrity": "sha512-0crLweprevJ02tTuA6ThpoAERAGyVILC4sS74uib58Xf/zSr1/ZWtmm7D5CI+bSQEaA04f0K7idaHpQbSWgiVQ==",
+      "version": "8.2.2",
+      "resolved": "https://registry.npmjs.org/inquirer/-/inquirer-8.2.2.tgz",
+      "integrity": "sha512-pG7I/si6K/0X7p1qU+rfWnpTE1UIkTONN1wxtzh0d+dHXtT/JG6qBgLxoyHVsQa8cFABxAPh0pD6uUUHiAoaow==",
       "dependencies": {
         "ansi-escapes": "^4.2.1",
         "chalk": "^4.1.1",
@@ -1872,13 +1898,13 @@
         "mute-stream": "0.0.8",
         "ora": "^5.4.1",
         "run-async": "^2.4.0",
-        "rxjs": "^7.2.0",
+        "rxjs": "^7.5.5",
         "string-width": "^4.1.0",
         "strip-ansi": "^6.0.0",
         "through": "^2.3.6"
       },
       "engines": {
-        "node": ">=8.0.0"
+        "node": ">=12.0.0"
       }
     },
     "node_modules/is-ci": {
@@ -1988,7 +2014,7 @@
     "node_modules/is-typedarray": {
       "version": "1.0.0",
       "resolved": "https://registry.npmjs.org/is-typedarray/-/is-typedarray-1.0.0.tgz",
-      "integrity": "sha1-5HnICFjfDBsR3dppQPlgEfzaSpo=",
+      "integrity": "sha512-cyA56iCMHAh5CdzjJIa4aohJyeO1YbwLi3Jc35MmRU6poroFjIGZzUzupGiRPOjgHg9TLu43xbpwXk523fMxKA==",
       "dev": true
     },
     "node_modules/is-unicode-supported": {
@@ -2005,13 +2031,13 @@
     "node_modules/isexe": {
       "version": "2.0.0",
       "resolved": "https://registry.npmjs.org/isexe/-/isexe-2.0.0.tgz",
-      "integrity": "sha1-6PvzdNxVb/iUehDcsFctYz8s+hA=",
+      "integrity": "sha512-RHxMLp9lnKHGHRng9QFhRCMbYAcVpn69smSGcq3f36xjgVVWThj4qqLbTLlq7Ssj8B+fIQ1EuCEGI2lKsyQeIw==",
       "dev": true
     },
     "node_modules/isstream": {
       "version": "0.1.2",
       "resolved": "https://registry.npmjs.org/isstream/-/isstream-0.1.2.tgz",
-      "integrity": "sha1-R+Y/evVa+m+S4VAOaQ64uFKcCZo=",
+      "integrity": "sha512-Yljz7ffyPbrLpLngrMtZ7NduUgVvi6wG9RJ9IUcyCd59YQ911PBJphODUcbOVbqYfxe1wuYf/LJ8PauMRwsM/g==",
       "dev": true
     },
     "node_modules/iterare": {
@@ -2038,7 +2064,7 @@
     "node_modules/jsbn": {
       "version": "0.1.1",
       "resolved": "https://registry.npmjs.org/jsbn/-/jsbn-0.1.1.tgz",
-      "integrity": "sha1-peZUwuWi3rXyAdls77yoDA7y9RM=",
+      "integrity": "sha512-UVU9dibq2JcFWxQPA6KCqj5O42VOmAY3zQUfEKxU0KpTGXwNoCjkX1e13eHNvw/xPynt6pU0rZ1htjWTNTSXsg==",
       "dev": true
     },
     "node_modules/json-buffer": {
@@ -2056,7 +2082,7 @@
     "node_modules/json-stringify-safe": {
       "version": "5.0.1",
       "resolved": "https://registry.npmjs.org/json-stringify-safe/-/json-stringify-safe-5.0.1.tgz",
-      "integrity": "sha1-Epai1Y/UXxmg9s4B1lcB4sc1tus=",
+      "integrity": "sha512-ZClg6AaYvamvYEE82d3Iyd3vSSIjQ+odgjaTzRuO3s7toCdFKczob2i0zCh7JE8kWn17yvAWhUVxvqGwUalsRA==",
       "dev": true
     },
     "node_modules/jsonfile": {
@@ -2086,18 +2112,19 @@
       }
     },
     "node_modules/keyv": {
-      "version": "4.1.1",
-      "resolved": "https://registry.npmjs.org/keyv/-/keyv-4.1.1.tgz",
-      "integrity": "sha512-tGv1yP6snQVDSM4X6yxrv2zzq/EvpW+oYiUz6aueW1u9CtS8RzUQYxxmFwgZlO2jSgCxQbchhxaqXXp2hnKGpQ==",
+      "version": "4.3.2",
+      "resolved": "https://registry.npmjs.org/keyv/-/keyv-4.3.2.tgz",
+      "integrity": "sha512-kn8WmodVBe12lmHpA6W8OY7SNh6wVR+Z+wZESF4iF5FCazaVXGWOtnbnvX0tMQ1bO+/TmOD9LziuYMvrIIs0xw==",
       "dev": true,
       "dependencies": {
+        "compress-brotli": "^1.3.8",
         "json-buffer": "3.0.1"
       }
     },
     "node_modules/lazy-ass": {
       "version": "1.6.0",
       "resolved": "https://registry.npmjs.org/lazy-ass/-/lazy-ass-1.6.0.tgz",
-      "integrity": "sha1-eZllXoZGwX8In90YfRUNMyTVRRM=",
+      "integrity": "sha512-cc8oEVoctTvsFZ/Oje/kGnHbpWHYBe8IAJe4C0QNc3t8uM/0Y8+erSz/7Y1ALuXTEZTMvxXwO6YbX1ey3ujiZw==",
       "dev": true,
       "engines": {
         "node": "> 0.8"
@@ -2138,7 +2165,7 @@
     "node_modules/lodash.once": {
       "version": "4.1.1",
       "resolved": "https://registry.npmjs.org/lodash.once/-/lodash.once-4.1.1.tgz",
-      "integrity": "sha1-DdOXEhPHxW34gJd9UEyI+0cal6w=",
+      "integrity": "sha512-Sb487aTOCr9drQVL8pIxOzVhafOjZN9UU54hiN8PU3uAiSV7lx1yYNpbNmex2PK6dSJoNTSJUUswT651yww3Mg==",
       "dev": true
     },
     "node_modules/log-symbols": {
@@ -2255,21 +2282,21 @@
       }
     },
     "node_modules/mime-db": {
-      "version": "1.51.0",
-      "resolved": "https://registry.npmjs.org/mime-db/-/mime-db-1.51.0.tgz",
-      "integrity": "sha512-5y8A56jg7XVQx2mbv1lu49NR4dokRnhZYTtL+KGfaa27uq4pSTXkwQkFJl4pkRMyNFz/EtYDSkiiEHx3F7UN6g==",
+      "version": "1.52.0",
+      "resolved": "https://registry.npmjs.org/mime-db/-/mime-db-1.52.0.tgz",
+      "integrity": "sha512-sPU4uV7dYlvtWJxwwxHD0PuihVNiE7TyAbQ5SWxDCB9mUYvOgroQOwYQQOKPJ8CIbE+1ETVlOoK1UC2nU3gYvg==",
       "dev": true,
       "engines": {
         "node": ">= 0.6"
       }
     },
     "node_modules/mime-types": {
-      "version": "2.1.34",
-      "resolved": "https://registry.npmjs.org/mime-types/-/mime-types-2.1.34.tgz",
-      "integrity": "sha512-6cP692WwGIs9XXdOO4++N+7qjqv0rqxxVvJ3VHPh/Sc9mVZcQP+ZGhkKiTvWMQRr2tbHkJP/Yn7Y0npb3ZBs4A==",
+      "version": "2.1.35",
+      "resolved": "https://registry.npmjs.org/mime-types/-/mime-types-2.1.35.tgz",
+      "integrity": "sha512-ZDY+bPm5zTTF+YpCrAU9nK0UgICYPT0QtT1NZWFv4s++TNkcgVaT0g6+4R2uI4MjQjzysHB1zxuWL50hzaeXiw==",
       "dev": true,
       "dependencies": {
-        "mime-db": "1.51.0"
+        "mime-db": "1.52.0"
       },
       "engines": {
         "node": ">= 0.6"
@@ -2293,9 +2320,9 @@
       }
     },
     "node_modules/minimatch": {
-      "version": "3.1.1",
-      "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.1.tgz",
-      "integrity": "sha512-reLxBcKUPNBnc/sVtAbxgRVFSegoGeLaSjmphNhcwcolhYLRgtJscn5mRl6YRZNQv40Y7P6JM2YhSIsbL9OB5A==",
+      "version": "3.1.2",
+      "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz",
+      "integrity": "sha512-J7p63hRiAjw1NDEww1W7i37+ByIrOWO5XQQAzZ3VOcL0PNybwpfmV/N05zFAzwQ9USyEcX6t3UO+K5aqBQOIHw==",
       "dependencies": {
         "brace-expansion": "^1.1.7"
       },
@@ -2364,9 +2391,9 @@
       }
     },
     "node_modules/object-hash": {
-      "version": "2.2.0",
-      "resolved": "https://registry.npmjs.org/object-hash/-/object-hash-2.2.0.tgz",
-      "integrity": "sha512-gScRMn0bS5fH+IuwyIFgnh9zBdo4DV+6GhygmWM9HyNJSgS0hScp1f5vjtm7oIIOiT9trXrShAkLFSc2IqKNgw==",
+      "version": "3.0.0",
+      "resolved": "https://registry.npmjs.org/object-hash/-/object-hash-3.0.0.tgz",
+      "integrity": "sha512-RSn9F68PjH9HqtltsSnqYC1XXoWe9Bju5+213R98cNGttag9q9yAOTzdbsqvIa7aNm5WffBZFpWYr2aWrklWAw==",
       "engines": {
         "node": ">= 6"
       }
@@ -2374,7 +2401,7 @@
     "node_modules/once": {
       "version": "1.4.0",
       "resolved": "https://registry.npmjs.org/once/-/once-1.4.0.tgz",
-      "integrity": "sha1-WDsap3WWHUsROsF9nFC6753Xa9E=",
+      "integrity": "sha512-lNaJgI+2Q5URQBkccEKHTQOPaXdUxnZZElQTZY0MFUAuaEqe1E+Nyvgdz/aIyNi6Z9MzO5dv1H8n58/GELp3+w==",
       "dependencies": {
         "wrappy": "1"
       }
@@ -2424,7 +2451,7 @@
     "node_modules/os-tmpdir": {
       "version": "1.0.2",
       "resolved": "https://registry.npmjs.org/os-tmpdir/-/os-tmpdir-1.0.2.tgz",
-      "integrity": "sha1-u+Z0BseaqFxc/sdm/lc0VV36EnQ=",
+      "integrity": "sha512-D2FR03Vir7FIu45XBY20mTb+/ZSWB00sjU9jdQXt83gDrI4Ztz5Fs7/yy74g2N5SVQY4xY1qDr4rNddwYRVX0g==",
       "engines": {
         "node": ">=0.10.0"
       }
@@ -2432,7 +2459,7 @@
     "node_modules/ospath": {
       "version": "1.2.2",
       "resolved": "https://registry.npmjs.org/ospath/-/ospath-1.2.2.tgz",
-      "integrity": "sha1-EnZjl3Sj+O8lcvf+QoDg6kVQwHs=",
+      "integrity": "sha512-o6E5qJV5zkAbIDNhGSIlyOhScKXgQrSRMilfph0clDfM0nEnBOlKlH4sWDmG95BW/CvwNz0vmm7dJVtU2KlMiA==",
       "dev": true
     },
     "node_modules/otplib": {
@@ -2473,7 +2500,7 @@
     "node_modules/path-is-absolute": {
       "version": "1.0.1",
       "resolved": "https://registry.npmjs.org/path-is-absolute/-/path-is-absolute-1.0.1.tgz",
-      "integrity": "sha1-F0uSaHNVNP+8es5r9TpanhtcX18=",
+      "integrity": "sha512-AVbw3UJ2e9bq64vSaS9Am0fje1Pa8pbGqTTsmXfaIiMpnr5DlDhfJOuLj9Sf95ZPVDAUerDfEk88MPmPe7UCQg==",
       "engines": {
         "node": ">=0.10.0"
       }
@@ -2504,13 +2531,13 @@
     "node_modules/pend": {
       "version": "1.2.0",
       "resolved": "https://registry.npmjs.org/pend/-/pend-1.2.0.tgz",
-      "integrity": "sha1-elfrVQpng/kRUzH89GY9XI4AelA=",
+      "integrity": "sha512-F3asv42UuXchdzt+xXqfW1OGlVBe+mxa2mqI0pg5yAHZPvFmY3Y6drSf/GQ1A86WgWEN9Kzh/WrgKa6iGcHXLg==",
       "dev": true
     },
     "node_modules/performance-now": {
       "version": "2.1.0",
       "resolved": "https://registry.npmjs.org/performance-now/-/performance-now-2.1.0.tgz",
-      "integrity": "sha1-Ywn04OX6kT7BxpMHrjZLSzd8nns=",
+      "integrity": "sha512-7EAHlyLHI56VEIdK57uwHdHKIaAGbnXPiw0yWbarQZOKaKpvUIgW0jWRVLiatnM+XXlSwsanIBH/hzGMJulMow==",
       "dev": true
     },
     "node_modules/picomatch": {
@@ -2528,7 +2555,7 @@
     "node_modules/pify": {
       "version": "2.3.0",
       "resolved": "https://registry.npmjs.org/pify/-/pify-2.3.0.tgz",
-      "integrity": "sha1-7RQaasBDqEnqWISY59yosVMw6Qw=",
+      "integrity": "sha512-udgsAY+fTnvv7kI7aaxbqwWNb0AHiB0qBO89PZKPkoTmGOgdbrHDKD+0B2X4uTfJ/FT1R09r9gTsjUjNJotuog==",
       "dev": true,
       "engines": {
         "node": ">=0.10.0"
@@ -2576,7 +2603,7 @@
     "node_modules/proxy-from-env": {
       "version": "1.0.0",
       "resolved": "https://registry.npmjs.org/proxy-from-env/-/proxy-from-env-1.0.0.tgz",
-      "integrity": "sha1-M8UDmPcOp+uW0h97gXYwpVeRx+4=",
+      "integrity": "sha512-F2JHgJQ1iqwnHDcQjVBsq3n/uoaFL+iPW/eAeL7kVxy/2RrWaN4WroKjjvbsoRtv0ftelNyC01bjRhn/bhcf4A==",
       "dev": true
     },
     "node_modules/psl": {
@@ -2666,7 +2693,7 @@
     "node_modules/request-progress": {
       "version": "3.0.0",
       "resolved": "https://registry.npmjs.org/request-progress/-/request-progress-3.0.0.tgz",
-      "integrity": "sha1-TKdUCBx/7GP1BeT6qCWqBs1mnb4=",
+      "integrity": "sha512-MnWzEHHaxHO2iWiQuHrUPBi/1WeBf5PkxQqNyNvLl9VAYSdXkP8tQ3pBSeCPD+yw0v0Aq1zosWLz0BdeXpWwZg==",
       "dev": true,
       "dependencies": {
         "throttleit": "^1.0.0"
@@ -2675,7 +2702,7 @@
     "node_modules/require-directory": {
       "version": "2.1.1",
       "resolved": "https://registry.npmjs.org/require-directory/-/require-directory-2.1.1.tgz",
-      "integrity": "sha1-jGStX9MNqxyXbiNE/+f3kqam30I=",
+      "integrity": "sha512-fGxEI7+wsG9xrvdjsrlmL22OMTTiHRwAMroiEeMgq8gzoLC/PQr7RsRDSTLUg/bZAZtF+TVIkHc6/4RIKrui+Q==",
       "engines": {
         "node": ">=0.10.0"
       }
@@ -2770,17 +2797,17 @@
       }
     },
     "node_modules/rxjs": {
-      "version": "7.5.2",
-      "resolved": "https://registry.npmjs.org/rxjs/-/rxjs-7.5.2.tgz",
-      "integrity": "sha512-PwDt186XaL3QN5qXj/H9DGyHhP3/RYYgZZwqBv9Tv8rsAaiwFH1IsJJlcgD37J7UW5a6O67qX0KWKS3/pu0m4w==",
+      "version": "7.5.5",
+      "resolved": "https://registry.npmjs.org/rxjs/-/rxjs-7.5.5.tgz",
+      "integrity": "sha512-sy+H0pQofO95VDmFLzyaw9xNJU4KTRSwQIGM6+iG3SypAtCiLDzpeG8sJrNCWn2Up9km+KhkvTdbkrdy+yzZdw==",
       "dependencies": {
         "tslib": "^2.1.0"
       }
     },
     "node_modules/rxjs/node_modules/tslib": {
-      "version": "2.3.1",
-      "resolved": "https://registry.npmjs.org/tslib/-/tslib-2.3.1.tgz",
-      "integrity": "sha512-77EbyPPpMz+FRFRuAFlWMtmgUWGe9UOG2Z25NqCwiIjRhOf5iKGuzSe5P2w1laq+FkRy4p+PCuVkJSGkzTEKVw=="
+      "version": "2.4.0",
+      "resolved": "https://registry.npmjs.org/tslib/-/tslib-2.4.0.tgz",
+      "integrity": "sha512-d6xOpEDfsi2CZVlPQzGeux8XMwLT9hssAsaPYExaQMuYskwb+x1x7J371tWlbBdWHroy99KnVB6qIkUbs5X3UQ=="
     },
     "node_modules/safe-buffer": {
       "version": "5.2.1",
@@ -2807,9 +2834,9 @@
       "integrity": "sha512-YZo3K82SD7Riyi0E1EQPojLz7kpepnSQI9IyPbHHg1XXXevb5dJI7tpyN2ADxGcQbHG7vcyRHk0cbwqcQriUtg=="
     },
     "node_modules/semver": {
-      "version": "7.3.5",
-      "resolved": "https://registry.npmjs.org/semver/-/semver-7.3.5.tgz",
-      "integrity": "sha512-PoeGJYh8HK4BTO/a9Tf6ZG3veo/A7ZVsYrSA6J8ny9nb3B1VrpkuN+z9OE5wfE5p6H4LchYZsegiQgbJD94ZFQ==",
+      "version": "7.3.7",
+      "resolved": "https://registry.npmjs.org/semver/-/semver-7.3.7.tgz",
+      "integrity": "sha512-QlYTucUYOews+WeEujDoEGziz4K6c47V/Bd+LjSSYcA94p+DmINdf7ncaUinThfvZyu13lN9OY1XDxt8C0Tw0g==",
       "dev": true,
       "dependencies": {
         "lru-cache": "^6.0.0"
@@ -2896,12 +2923,12 @@
     "node_modules/spawn-command": {
       "version": "0.0.2-1",
       "resolved": "https://registry.npmjs.org/spawn-command/-/spawn-command-0.0.2-1.tgz",
-      "integrity": "sha1-YvXpRmmBwbeW3Fkpk34RycaSG9A="
+      "integrity": "sha512-n98l9E2RMSJ9ON1AKisHzz7V42VDiBQGY6PB1BwRglz99wpVsSuGzQ+jOi6lFXBGVTCrRpltvjm+/XA+tpeJrg=="
     },
     "node_modules/sprintf-js": {
       "version": "1.0.3",
       "resolved": "https://registry.npmjs.org/sprintf-js/-/sprintf-js-1.0.3.tgz",
-      "integrity": "sha1-BOaSb2YolTVPPdAVIDYzuFcpfiw="
+      "integrity": "sha512-D9cPgkvLlV3t3IzL0D0YLvGA9Ahk4PcvVwUbN0dSGr1aP0Nrt4AEnTUbuGvquEC0mA64Gqt1fzirlRs5ibXx8g=="
     },
     "node_modules/sshpk": {
       "version": "1.17.0",
@@ -2983,7 +3010,7 @@
     "node_modules/thirty-two": {
       "version": "1.0.2",
       "resolved": "https://registry.npmjs.org/thirty-two/-/thirty-two-1.0.2.tgz",
-      "integrity": "sha1-TKL//AKlEpDSdEueP1V2k8prYno=",
+      "integrity": "sha512-OEI0IWCe+Dw46019YLl6V10Us5bi574EvlJEOcAkB29IzQ/mYD1A6RyNHLjZPiHCmuodxvgF6U+vZO1L15lxVA==",
       "dev": true,
       "engines": {
         "node": ">=0.2.6"
@@ -2992,13 +3019,13 @@
     "node_modules/throttleit": {
       "version": "1.0.0",
       "resolved": "https://registry.npmjs.org/throttleit/-/throttleit-1.0.0.tgz",
-      "integrity": "sha1-nnhYNtr0Z0MUWlmEtiaNgoUorGw=",
+      "integrity": "sha512-rkTVqu6IjfQ/6+uNuuc3sZek4CEYxTJom3IktzgdSxcZqdARuebbA/f4QmAxMQIxqq9ZLEUkSYqvuk1I6VKq4g==",
       "dev": true
     },
     "node_modules/through": {
       "version": "2.3.8",
       "resolved": "https://registry.npmjs.org/through/-/through-2.3.8.tgz",
-      "integrity": "sha1-DdTJ/6q8NXlgsbckEV1+Doai4fU="
+      "integrity": "sha512-w89qg7PI8wAdvX60bMDP+bFoD5Dvhm9oLheFp5O4a2QF0cSBGsBX4qZmadPMvVqlLJBBci+WqGGOAPvcDeNSVg=="
     },
     "node_modules/tmp": {
       "version": "0.2.1",
@@ -3040,7 +3067,7 @@
     "node_modules/tr46": {
       "version": "0.0.3",
       "resolved": "https://registry.npmjs.org/tr46/-/tr46-0.0.3.tgz",
-      "integrity": "sha1-gYT9NH2snNwYWZLzpmIuFLnZq2o="
+      "integrity": "sha512-N3WMsuqV66lT30CrXNbEjx4GEwlow3v6rr4mCcv6prnfwhS01rkgyFdjPNBYd9br7LpXV1+Emh01fHnq2Gdgrw=="
     },
     "node_modules/tree-kill": {
       "version": "1.2.2",
@@ -3058,7 +3085,7 @@
     "node_modules/tunnel-agent": {
       "version": "0.6.0",
       "resolved": "https://registry.npmjs.org/tunnel-agent/-/tunnel-agent-0.6.0.tgz",
-      "integrity": "sha1-J6XeoGs2sEoKmWZ3SykIaPD8QP0=",
+      "integrity": "sha512-McnNiV1l8RYeY8tBgEpuodCC1mLUdbSN+CYBL7kJsJNInOP8UjDDEwdk6Mw60vdLLrr5NHKZhMAOSrR2NZuQ+w==",
       "dev": true,
       "dependencies": {
         "safe-buffer": "^5.0.1"
@@ -3070,7 +3097,7 @@
     "node_modules/tweetnacl": {
       "version": "0.14.5",
       "resolved": "https://registry.npmjs.org/tweetnacl/-/tweetnacl-0.14.5.tgz",
-      "integrity": "sha1-WuaBd/GS1EViadEIr6k/+HQ/T2Q=",
+      "integrity": "sha512-KXXFFdAbFXY4geFIwoyNK+f5Z1b7swfXABfL7HXCmoIWMKU3dmS26672A4EeQtDzLKy7SXmfBu51JolvEKwtGA==",
       "dev": true
     },
     "node_modules/type-fest": {
@@ -3085,9 +3112,9 @@
       }
     },
     "node_modules/typescript": {
-      "version": "4.5.5",
-      "resolved": "https://registry.npmjs.org/typescript/-/typescript-4.5.5.tgz",
-      "integrity": "sha512-TCTIul70LyWe6IJWT8QSYeA54WQe8EjQFU4wY52Fasj5UKx88LNYKCgBEHcOMOrFF1rKGbD8v/xcNWVUq9SymA==",
+      "version": "4.7.4",
+      "resolved": "https://registry.npmjs.org/typescript/-/typescript-4.7.4.tgz",
+      "integrity": "sha512-C0WQT0gezHuw6AdY1M2jxUO83Rjf0HP7Sk1DtXj6j1EwkQNZrHAg2XPWlq62oqEhYvONq5pkC2Y9oPljWToLmQ==",
       "dev": true,
       "bin": {
         "tsc": "bin/tsc",
@@ -3117,7 +3144,7 @@
     "node_modules/util-deprecate": {
       "version": "1.0.2",
       "resolved": "https://registry.npmjs.org/util-deprecate/-/util-deprecate-1.0.2.tgz",
-      "integrity": "sha1-RQ1Nyfpw3nMnYvvS1KKJgUGaDM8="
+      "integrity": "sha512-EPD5q1uXyFxJpCrLnCc1nHnq3gOa6DZBocAIiI2TaSCA7VCJ1UJDMagCzIkXNsUYfD1daK//LTEQ8xiIbrHtcw=="
     },
     "node_modules/uuid": {
       "version": "8.3.2",
@@ -3130,7 +3157,7 @@
     "node_modules/verror": {
       "version": "1.10.0",
       "resolved": "https://registry.npmjs.org/verror/-/verror-1.10.0.tgz",
-      "integrity": "sha1-OhBcoXBTr1XW4nDB+CiGguGNpAA=",
+      "integrity": "sha512-ZZKSmDAEFOijERBLkmYfJ+vmk3w+7hOLYDNkRCuRuMJGEmqYNCNLyBBFwWKVMhfwaEF3WOd0Zlw86U/WC/+nYw==",
       "dev": true,
       "engines": [
         "node >=0.6.0"
@@ -3190,7 +3217,7 @@
     "node_modules/wcwidth": {
       "version": "1.0.1",
       "resolved": "https://registry.npmjs.org/wcwidth/-/wcwidth-1.0.1.tgz",
-      "integrity": "sha1-8LDc+RW8X/FSivrbLA4XtTLaL+g=",
+      "integrity": "sha512-XHPEwS0q6TaxcvG85+8EYkbiCux2XtWG2mkc47Ng2A77BQu9+DqIOJldST4HgPkuea7dvKSj5VgX3P1d4rW8Tg==",
       "dependencies": {
         "defaults": "^1.0.3"
       }
@@ -3198,12 +3225,12 @@
     "node_modules/webidl-conversions": {
       "version": "3.0.1",
       "resolved": "https://registry.npmjs.org/webidl-conversions/-/webidl-conversions-3.0.1.tgz",
-      "integrity": "sha1-JFNCdeKnvGvnvIZhHMFq4KVlSHE="
+      "integrity": "sha512-2JAn3z8AR6rjK8Sm8orRC0h/bcl/DqL7tRPdGZ4I1CjdF+EaMLmYxBHyXuKL849eucPFhvBoxMsflfOb8kxaeQ=="
     },
     "node_modules/whatwg-url": {
       "version": "5.0.0",
       "resolved": "https://registry.npmjs.org/whatwg-url/-/whatwg-url-5.0.0.tgz",
-      "integrity": "sha1-lmRU6HZUYuN2RNNib2dCzotwll0=",
+      "integrity": "sha512-saE57nupxk6v3HY35+jzBwYa0rKSy0XR8JSxZPwgLr7ys0IBzhGviA1/TUGJLmSVqs8pb9AnvICXEuOHLprYTw==",
       "dependencies": {
         "tr46": "~0.0.3",
         "webidl-conversions": "^3.0.0"
@@ -3243,12 +3270,12 @@
     "node_modules/wrappy": {
       "version": "1.0.2",
       "resolved": "https://registry.npmjs.org/wrappy/-/wrappy-1.0.2.tgz",
-      "integrity": "sha1-tSQ9jz7BqjXxNkYFvA0QNuMKtp8="
+      "integrity": "sha512-l4Sp/DRseor9wL6EvV2+TuQn63dMkPjZ/sp9XkghTEbV9KlPS1xUsZ3u7/IQO4wxtcFB4bgpQPRcR3QCvezPcQ=="
     },
     "node_modules/ws": {
-      "version": "7.5.7",
-      "resolved": "https://registry.npmjs.org/ws/-/ws-7.5.7.tgz",
-      "integrity": "sha512-KMvVuFzpKBuiIXW3E4u3mySRO2/mCHSyZDJQM5NQ9Q9KHWHWh0NHgfbRMLLrceUK5qAL4ytALJbpRMjixFZh8A==",
+      "version": "7.5.8",
+      "resolved": "https://registry.npmjs.org/ws/-/ws-7.5.8.tgz",
+      "integrity": "sha512-ri1Id1WinAX5Jqn9HejiGb8crfRio0Qgu8+MtL36rlTA6RLsMdWt1Az/19A2Qij6uSHUMphEFaTKa4WG+UNHNw==",
       "dev": true,
       "engines": {
         "node": ">=8.3.0"
@@ -3321,7 +3348,7 @@
     "node_modules/yauzl": {
       "version": "2.10.0",
       "resolved": "https://registry.npmjs.org/yauzl/-/yauzl-2.10.0.tgz",
-      "integrity": "sha1-x+sXyT4RLLEIb6bY5R+wZnt5pfk=",
+      "integrity": "sha512-p4a9I6X6nu6IhoGmBqAcbJy1mlC4j27vEPZX9F4L4/vZT3Lyq1VkFHw/V/PUcB9Buo+DG3iHkT0x3Qya58zc3g==",
       "dev": true,
       "dependencies": {
         "buffer-crc32": "~0.2.3",
@@ -3330,6 +3357,13 @@
     }
   },
   "dependencies": {
+    "@colors/colors": {
+      "version": "1.5.0",
+      "resolved": "https://registry.npmjs.org/@colors/colors/-/colors-1.5.0.tgz",
+      "integrity": "sha512-ooWCrlZP11i8GImSjTHYHLkvFDP48nS4+204nGb1RiX/WXYHmJA2III9/e2DWVabCESdW7hBAEzHRqUn9OUVvQ==",
+      "dev": true,
+      "optional": true
+    },
     "@cypress/request": {
       "version": "2.88.10",
       "resolved": "https://registry.npmjs.org/@cypress/request/-/request-2.88.10.tgz",
@@ -3378,9 +3412,9 @@
       }
     },
     "@hapi/hoek": {
-      "version": "9.2.1",
-      "resolved": "https://registry.npmjs.org/@hapi/hoek/-/hoek-9.2.1.tgz",
-      "integrity": "sha512-gfta+H8aziZsm8pZa0vj04KO6biEiisppNgA1kbJvFrrWu9Vm7eaUEy76DIxsuTaWvti5fkJVhllWc6ZTE+Mdw==",
+      "version": "9.3.0",
+      "resolved": "https://registry.npmjs.org/@hapi/hoek/-/hoek-9.3.0.tgz",
+      "integrity": "sha512-/c6rf4UJlmHlC9b5BaNvzAcFv7HZ2QHaV0D4/HNlBdvFnvQq8RI4kYdhyPCl7Xj+oWvTWQ8ujhqS53LIgAe6KQ==",
       "dev": true
     },
     "@hapi/topo": {
@@ -3393,11 +3427,11 @@
       }
     },
     "@nestjs/common": {
-      "version": "8.2.6",
-      "resolved": "https://registry.npmjs.org/@nestjs/common/-/common-8.2.6.tgz",
-      "integrity": "sha512-flLYSXunxcKyjbYddrhwbc49uE705MxBt85rS3mHyhDbAIPSGGeZEqME44YyAzCg1NTfJSNe7ztmOce5kNkb9A==",
+      "version": "8.4.4",
+      "resolved": "https://registry.npmjs.org/@nestjs/common/-/common-8.4.4.tgz",
+      "integrity": "sha512-QHi7QcgH/5Jinz+SCfIZJkFHc6Cch1YsAEGFEhi6wSp6MILb0sJMQ1CX06e9tCOAjSlBwaJj4PH0eFCVau5v9Q==",
       "requires": {
-        "axios": "0.24.0",
+        "axios": "0.26.1",
         "iterare": "1.2.1",
         "tslib": "2.3.1",
         "uuid": "8.3.2"
@@ -3411,14 +3445,14 @@
       }
     },
     "@nestjs/core": {
-      "version": "8.2.6",
-      "resolved": "https://registry.npmjs.org/@nestjs/core/-/core-8.2.6.tgz",
-      "integrity": "sha512-NwPcEIMmCsucs3QaDlQvkoU1FlFM2wm/WjaqLQhkSoIEmAR1gNtBo88f5io5cpMwCo1k5xYhqGlaSl6TfngwWQ==",
+      "version": "8.4.4",
+      "resolved": "https://registry.npmjs.org/@nestjs/core/-/core-8.4.4.tgz",
+      "integrity": "sha512-Ef3yJPuzAttpNfehnGqIV5kHIL9SHptB5F4ERxoU7pT61H3xiYpZw6hSjx68cJO7cc6rm7/N+b4zeuJvFHtvBg==",
       "requires": {
         "@nuxtjs/opencollective": "0.3.2",
         "fast-safe-stringify": "2.1.1",
         "iterare": "1.2.1",
-        "object-hash": "2.2.0",
+        "object-hash": "3.0.0",
         "path-to-regexp": "3.2.0",
         "tslib": "2.3.1",
         "uuid": "8.3.2"
@@ -3468,24 +3502,24 @@
       }
     },
     "@openapitools/openapi-generator-cli": {
-      "version": "2.4.26",
-      "resolved": "https://registry.npmjs.org/@openapitools/openapi-generator-cli/-/openapi-generator-cli-2.4.26.tgz",
-      "integrity": "sha512-O42H9q1HWGoIpcpMaUu318b6bmOgcjP3MieHwOrFdoG3KyttceBGlbLf9Kbf7WM91WSNCDXum7cnEKASuoGjAg==",
+      "version": "2.5.1",
+      "resolved": "https://registry.npmjs.org/@openapitools/openapi-generator-cli/-/openapi-generator-cli-2.5.1.tgz",
+      "integrity": "sha512-WSRQBU0dCSVD+0Qv8iCsv0C4iMaZe/NpJ/CT4SmrEYLH3txoKTE8wEfbdj/kqShS8Or0YEGDPUzhSIKY151L0w==",
       "requires": {
-        "@nestjs/common": "8.2.6",
-        "@nestjs/core": "8.2.6",
+        "@nestjs/common": "8.4.4",
+        "@nestjs/core": "8.4.4",
         "@nuxtjs/opencollective": "0.3.2",
         "chalk": "4.1.2",
         "commander": "8.3.0",
-        "compare-versions": "3.6.0",
+        "compare-versions": "4.1.3",
         "concurrently": "6.5.1",
         "console.table": "0.10.0",
-        "fs-extra": "10.0.0",
+        "fs-extra": "10.0.1",
         "glob": "7.1.6",
-        "inquirer": "8.2.0",
+        "inquirer": "8.2.2",
         "lodash": "4.17.21",
         "reflect-metadata": "0.1.13",
-        "rxjs": "7.5.2",
+        "rxjs": "7.5.5",
         "tslib": "2.0.3"
       }
     },
@@ -3557,9 +3591,9 @@
       }
     },
     "@sideway/address": {
-      "version": "4.1.3",
-      "resolved": "https://registry.npmjs.org/@sideway/address/-/address-4.1.3.tgz",
-      "integrity": "sha512-8ncEUtmnTsMmL7z1YPB47kPUq7LpKWJNFPsRzHiIajGC5uXlWGn+AmkYPcHNl8S4tcEGx+cnORnNYaw2wvL+LQ==",
+      "version": "4.1.4",
+      "resolved": "https://registry.npmjs.org/@sideway/address/-/address-4.1.4.tgz",
+      "integrity": "sha512-7vwq+rOHVWjyXxVlR76Agnvhy8I9rpzjosTESvmhNeXOXdZZB15Fl+TI9x1SiHZH5Jv2wTGduSxFDIaq0m3DUw==",
       "dev": true,
       "requires": {
         "@hapi/hoek": "^9.0.0"
@@ -3578,9 +3612,9 @@
       "dev": true
     },
     "@sindresorhus/is": {
-      "version": "4.4.0",
-      "resolved": "https://registry.npmjs.org/@sindresorhus/is/-/is-4.4.0.tgz",
-      "integrity": "sha512-QppPM/8l3Mawvh4rn9CNEYIU9bxpXUCRMaX9yUpvBk1nMKusLKpfXGDEKExKaPhLzcn3lzil7pR6rnJ11HgeRQ==",
+      "version": "4.6.0",
+      "resolved": "https://registry.npmjs.org/@sindresorhus/is/-/is-4.6.0.tgz",
+      "integrity": "sha512-t09vSN3MdfsyCHoFcTRCH/iUtG7OJ0CsjzB8cjAmKc/va/kIgeDI/TxsigdncE/4be734m0cvIYwNaV4i2XqAw==",
       "dev": true
     },
     "@szmarczak/http-timer": {
@@ -3620,10 +3654,16 @@
       "integrity": "sha512-SZs7ekbP8CN0txVG2xVRH6EgKmEm31BOxA07vkFaETzZz1xh+cbt8BcI0slpymvwhx5dlFnQG2rTlPVQn+iRPQ==",
       "dev": true
     },
+    "@types/json-buffer": {
+      "version": "3.0.0",
+      "resolved": "https://registry.npmjs.org/@types/json-buffer/-/json-buffer-3.0.0.tgz",
+      "integrity": "sha512-3YP80IxxFJB4b5tYC2SUPwkg0XQLiu0nWvhRgEatgjf+29IcWO9X1k8xRv5DGssJ/lCrjYTjQPcobJr2yWIVuQ==",
+      "dev": true
+    },
     "@types/keyv": {
-      "version": "3.1.3",
-      "resolved": "https://registry.npmjs.org/@types/keyv/-/keyv-3.1.3.tgz",
-      "integrity": "sha512-FXCJgyyN3ivVgRoml4h94G/p3kY+u/B86La+QptcqJaWtBWtmc6TtkNfS40n9bIvyLteHh7zXOtgbobORKPbDg==",
+      "version": "3.1.4",
+      "resolved": "https://registry.npmjs.org/@types/keyv/-/keyv-3.1.4.tgz",
+      "integrity": "sha512-BQ5aZNSCpj7D6K2ksrRCTmKRLEpnPvWDiLPfoGyhZ++8YtiK9d/3DBKPJgry359X/P1PfruyYwvnvwFjuEiEIg==",
       "dev": true,
       "requires": {
         "@types/node": "*"
@@ -3636,9 +3676,9 @@
       "dev": true
     },
     "@types/node": {
-      "version": "16.11.24",
-      "resolved": "https://registry.npmjs.org/@types/node/-/node-16.11.24.tgz",
-      "integrity": "sha512-Ezv33Rl4mIi6YdSHfIRNBd4Q9kUe5okiaw/ikvJiJDmuQZNW5kfdg7+oQPF8NO6sTcr3woIpj3jANzTXdvEZXA==",
+      "version": "16.11.41",
+      "resolved": "https://registry.npmjs.org/@types/node/-/node-16.11.41.tgz",
+      "integrity": "sha512-mqoYK2TnVjdkGk8qXAVGc/x9nSaTpSrFaGFm43BUH3IdoBV0nta6hYaGmdOvIMlbHJbUEVen3gvwpwovAZKNdQ==",
       "dev": true
     },
     "@types/responselike": {
@@ -3662,6 +3702,12 @@
       "integrity": "sha512-JYM8x9EGF163bEyhdJBpR2QX1R5naCJHC8ucJylJ3w9/CVBaskdQ8WqBf8MmQrd1kRvp/a4TS8HJ+bxzR7ZJYQ==",
       "dev": true
     },
+    "@types/uuid": {
+      "version": "8.3.4",
+      "resolved": "https://registry.npmjs.org/@types/uuid/-/uuid-8.3.4.tgz",
+      "integrity": "sha512-c/I8ZRb51j+pYGAu5CrFMRxqZ2ke4y2grEBO5AUjgSkSk+qT2Ea+OdWElz/OiMf5MNpn2b17kuVBwZLQJXzihw==",
+      "dev": true
+    },
     "@types/yamljs": {
       "version": "0.2.31",
       "resolved": "https://registry.npmjs.org/@types/yamljs/-/yamljs-0.2.31.tgz",
@@ -3669,9 +3715,9 @@
       "dev": true
     },
     "@types/yauzl": {
-      "version": "2.9.2",
-      "resolved": "https://registry.npmjs.org/@types/yauzl/-/yauzl-2.9.2.tgz",
-      "integrity": "sha512-8uALY5LTvSuHgloDVUvWP3pIauILm+8/0pDMokuDYIoNsOkSwd5AiHBTSEJjKTDcZr5z8UpgOWZkxBF4iJftoA==",
+      "version": "2.10.0",
+      "resolved": "https://registry.npmjs.org/@types/yauzl/-/yauzl-2.10.0.tgz",
+      "integrity": "sha512-Cn6WYCm0tXv8p6k+A8PvbDG763EDpBoTzHdA+Q/MF6H3sapGjCm9NzoaJncJS9tUKSuCoDs9XHxYYsQDgxR6kw==",
       "dev": true,
       "optional": true,
       "requires": {
@@ -3689,9 +3735,9 @@
       }
     },
     "ansi-colors": {
-      "version": "4.1.1",
-      "resolved": "https://registry.npmjs.org/ansi-colors/-/ansi-colors-4.1.1.tgz",
-      "integrity": "sha512-JoX0apGbHaUJBNl6yF+p6JAFYZ666/hhCGKN5t9QFjbJQKUU/g8MNbFDbvfrgKXvI1QpZplPOnwIo99lX/AAmA==",
+      "version": "4.1.3",
+      "resolved": "https://registry.npmjs.org/ansi-colors/-/ansi-colors-4.1.3.tgz",
+      "integrity": "sha512-/6w/C21Pm1A7aZitlI5Ni/2J6FFQN8i1Cvz3kHABAAbw93v/NlvKdVOqz7CCWz/3iv/JplRSEEZ83XION15ovw==",
       "dev": true
     },
     "ansi-escapes": {
@@ -3747,7 +3793,7 @@
     "assert-plus": {
       "version": "1.0.0",
       "resolved": "https://registry.npmjs.org/assert-plus/-/assert-plus-1.0.0.tgz",
-      "integrity": "sha1-8S4PPF13sLHN2RRpQuTpbB5N1SU=",
+      "integrity": "sha512-NfJ4UzBCcQGLDlQq7nHxH+tv3kyZ0hHQqF5BO6J7tNJeP5do1llPr8dZ8zHonfhAu0PHAdMkSo+8o0wxg9lZWw==",
       "dev": true
     },
     "astral-regex": {
@@ -3757,15 +3803,15 @@
       "dev": true
     },
     "async": {
-      "version": "3.2.3",
-      "resolved": "https://registry.npmjs.org/async/-/async-3.2.3.tgz",
-      "integrity": "sha512-spZRyzKL5l5BZQrr/6m/SqFdBN0q3OCI0f9rjfBzCMBIP4p75P620rR3gTmaksNOhmzgdxcaxdNfMy6anrbM0g==",
+      "version": "3.2.4",
+      "resolved": "https://registry.npmjs.org/async/-/async-3.2.4.tgz",
+      "integrity": "sha512-iAB+JbDEGXhyIUavoDl9WP/Jj106Kz9DEn1DPgYw5ruDn0e3Wgi3sKFm55sASdGBNOQB8F59d9qQ7deqrHA8wQ==",
       "dev": true
     },
     "asynckit": {
       "version": "0.4.0",
       "resolved": "https://registry.npmjs.org/asynckit/-/asynckit-0.4.0.tgz",
-      "integrity": "sha1-x57Zf380y48robyXkLzDZkdLS3k=",
+      "integrity": "sha512-Oei9OH4tRh0YqU3GxhX79dM/mwVgvbZJaSNaRk+bshkj0S5cfHcgYakreBjrHwatXKbz+IoIdYLxrKim2MjW0Q==",
       "dev": true
     },
     "at-least-node": {
@@ -3777,7 +3823,7 @@
     "aws-sign2": {
       "version": "0.7.0",
       "resolved": "https://registry.npmjs.org/aws-sign2/-/aws-sign2-0.7.0.tgz",
-      "integrity": "sha1-tG6JCTSpWR8tL2+G1+ap8bP+dqg=",
+      "integrity": "sha512-08kcGqnYf/YmjoRhfxyu+CLxBjUtHLXLXX/vUfx9l2LYzG3c1m61nrpyFUZI6zeS+Li/wWMMidD9KgrqtGq3mA==",
       "dev": true
     },
     "aws4": {
@@ -3787,11 +3833,11 @@
       "dev": true
     },
     "axios": {
-      "version": "0.24.0",
-      "resolved": "https://registry.npmjs.org/axios/-/axios-0.24.0.tgz",
-      "integrity": "sha512-Q6cWsys88HoPgAaFAVUb0WpPk0O8iTeisR9IMqy9G8AbO4NlpVknrnQS03zzF9PGAWgO3cgletO3VjV/P7VztA==",
+      "version": "0.26.1",
+      "resolved": "https://registry.npmjs.org/axios/-/axios-0.26.1.tgz",
+      "integrity": "sha512-fPwcX4EvnSHuInCMItEhAGnaSEXRBjtzh9fOtsE6E1G6p7vl7edEeZe11QHf18+6+9gR5PbKV/sGKNaD8YaMeA==",
       "requires": {
-        "follow-redirects": "^1.14.4"
+        "follow-redirects": "^1.14.8"
       }
     },
     "balanced-match": {
@@ -3807,7 +3853,7 @@
     "bcrypt-pbkdf": {
       "version": "1.0.2",
       "resolved": "https://registry.npmjs.org/bcrypt-pbkdf/-/bcrypt-pbkdf-1.0.2.tgz",
-      "integrity": "sha1-pDAdOJtqQ/m2f/PKEaP2Y342Dp4=",
+      "integrity": "sha512-qeFIXtP4MSoi6NLqO12WfqARWWuCKi2Rn/9hJLEmtB5yTNr9DqFWkJRCf2qShWzPeAMRnOgCrq0sg/KLv5ES9w==",
       "dev": true,
       "requires": {
         "tweetnacl": "^0.14.3"
@@ -3865,7 +3911,7 @@
     "buffer-crc32": {
       "version": "0.2.13",
       "resolved": "https://registry.npmjs.org/buffer-crc32/-/buffer-crc32-0.2.13.tgz",
-      "integrity": "sha1-DTM+PwDqxQqhRUq9MO+MKl2ackI=",
+      "integrity": "sha512-VO9Ht/+p3SN7SKWqcrgEzjGbRSJYTx+Q1pTQC0wrWqHx0vpJraQ6GtHx8tvcg1rlK1byhU5gccxgOgj7B0TDkQ==",
       "dev": true
     },
     "cacheable-lookup": {
@@ -3898,7 +3944,7 @@
     "caseless": {
       "version": "0.12.0",
       "resolved": "https://registry.npmjs.org/caseless/-/caseless-0.12.0.tgz",
-      "integrity": "sha1-G2gcIf+EAzyCZUMJBolCDRhxUdw=",
+      "integrity": "sha512-4tYFyifaFfGacoiObjJegolkwSU4xQNGbVgUiNYVUxbQ2x2lUsFvY4hVgVzGiIe6WLOPqycWXA40l+PWsxthUw==",
       "dev": true
     },
     "chalk": {
@@ -3918,7 +3964,7 @@
     "check-more-types": {
       "version": "2.24.0",
       "resolved": "https://registry.npmjs.org/check-more-types/-/check-more-types-2.24.0.tgz",
-      "integrity": "sha1-FCD/sQ/URNz8ebQ4kbv//TKoRgA=",
+      "integrity": "sha512-Pj779qHxV2tuapviy1bSZNEL1maXr13bPYpsvSDB68HlYcYuhlDrmGd63i0JHMCLKzc7rUSNIrpdJlhVlNwrxA==",
       "dev": true
     },
     "chrome-remote-interface": {
@@ -3940,9 +3986,9 @@
       }
     },
     "ci-info": {
-      "version": "3.3.0",
-      "resolved": "https://registry.npmjs.org/ci-info/-/ci-info-3.3.0.tgz",
-      "integrity": "sha512-riT/3vI5YpVH6/qomlDnJow6TBee2PBKSEpx3O32EGPYbWGIRsIlGRms3Sm74wYE1JMo8RnO04Hb12+v1J5ICw==",
+      "version": "3.3.2",
+      "resolved": "https://registry.npmjs.org/ci-info/-/ci-info-3.3.2.tgz",
+      "integrity": "sha512-xmDt/QIAdeZ9+nfdPsaBCpMvHNLFiLdjj59qjqn+6iPe6YmHGQ35sBnQ8uslRBXFmXkiZQOJRjvQeoGppoTjjg==",
       "dev": true
     },
     "clean-stack": {
@@ -3965,12 +4011,12 @@
       "integrity": "sha512-x/5fWmGMnbKQAaNwN+UZlV79qBLM9JFnJuJ03gIi5whrob0xV0ofNVHy9DhwGdsMJQc2OKv0oGmLzvaqvAVv+g=="
     },
     "cli-table3": {
-      "version": "0.6.1",
-      "resolved": "https://registry.npmjs.org/cli-table3/-/cli-table3-0.6.1.tgz",
-      "integrity": "sha512-w0q/enDHhPLq44ovMGdQeeDLvwxwavsJX7oQGYt/LrBlYsyaxyDnp6z3QzFut/6kLLKnlcUVJLrpB7KBfgG/RA==",
+      "version": "0.6.2",
+      "resolved": "https://registry.npmjs.org/cli-table3/-/cli-table3-0.6.2.tgz",
+      "integrity": "sha512-QyavHCaIC80cMivimWu4aWHilIpiDpfm3hGmqAmXVL1UsnbLuBSMd21hTX6VY4ZSDSM73ESLeF8TOYId3rBTbw==",
       "dev": true,
       "requires": {
-        "colors": "1.4.0",
+        "@colors/colors": "1.5.0",
         "string-width": "^4.2.0"
       }
     },
@@ -4002,12 +4048,12 @@
     "clone": {
       "version": "1.0.4",
       "resolved": "https://registry.npmjs.org/clone/-/clone-1.0.4.tgz",
-      "integrity": "sha1-2jCcwmPfFZlMaIypAheco8fNfH4="
+      "integrity": "sha512-JQHZ2QMW6l3aH/j6xCqQThY/9OH4D/9ls34cgkUBiEeocRTU04tHfKPBsUK1PqZCUQM7GiA0IIXJSuXHI64Kbg=="
     },
     "clone-response": {
       "version": "1.0.2",
       "resolved": "https://registry.npmjs.org/clone-response/-/clone-response-1.0.2.tgz",
-      "integrity": "sha1-0dyXOSAxTfZ/vrlCI7TuNQI56Ws=",
+      "integrity": "sha512-yjLXh88P599UOyPTFX0POsd7WxnbsVsGohcwzHOLspIhhpalPw1BcqED8NblyZLKcGrL8dTgMlcaZxV2jAD41Q==",
       "dev": true,
       "requires": {
         "mimic-response": "^1.0.0"
@@ -4027,18 +4073,11 @@
       "integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA=="
     },
     "colorette": {
-      "version": "2.0.16",
-      "resolved": "https://registry.npmjs.org/colorette/-/colorette-2.0.16.tgz",
-      "integrity": "sha512-hUewv7oMjCp+wkBv5Rm0v87eJhq4woh5rSR+42YSQJKecCqgIqNkZ6lAlQms/BwHPJA5NKMRlpxPRv0n8HQW6g==",
+      "version": "2.0.19",
+      "resolved": "https://registry.npmjs.org/colorette/-/colorette-2.0.19.tgz",
+      "integrity": "sha512-3tlv/dIP7FWvj3BsbHrGLJ6l/oKh1O3TcgBqMn+yyCagOxc23fyzDS6HypQbgxWbkpDnf52p1LuR4eWDQ/K9WQ==",
       "dev": true
     },
-    "colors": {
-      "version": "1.4.0",
-      "resolved": "https://registry.npmjs.org/colors/-/colors-1.4.0.tgz",
-      "integrity": "sha512-a+UqTh4kgZg/SlGvfbzDHpgRu7AAQOmmqRHJnxhRZICKFUT91brVhNNt58CMWU9PsBbv3PDCZUHbVxuDiH2mtA==",
-      "dev": true,
-      "optional": true
-    },
     "combined-stream": {
       "version": "1.0.8",
       "resolved": "https://registry.npmjs.org/combined-stream/-/combined-stream-1.0.8.tgz",
@@ -4060,14 +4099,24 @@
       "dev": true
     },
     "compare-versions": {
-      "version": "3.6.0",
-      "resolved": "https://registry.npmjs.org/compare-versions/-/compare-versions-3.6.0.tgz",
-      "integrity": "sha512-W6Af2Iw1z4CB7q4uU4hv646dW9GQuBM+YpC0UvUCWSD8w90SJjp+ujJuXaEMtAXBtSqGfMPuFOVn4/+FlaqfBA=="
+      "version": "4.1.3",
+      "resolved": "https://registry.npmjs.org/compare-versions/-/compare-versions-4.1.3.tgz",
+      "integrity": "sha512-WQfnbDcrYnGr55UwbxKiQKASnTtNnaAWVi8jZyy8NTpVAXWACSne8lMD1iaIo9AiU6mnuLvSVshCzewVuWxHUg=="
+    },
+    "compress-brotli": {
+      "version": "1.3.8",
+      "resolved": "https://registry.npmjs.org/compress-brotli/-/compress-brotli-1.3.8.tgz",
+      "integrity": "sha512-lVcQsjhxhIXsuupfy9fmZUFtAIdBmXA7EGY6GBdgZ++qkM9zG4YFT8iU7FoBxzryNDMOpD1HIFHUSX4D87oqhQ==",
+      "dev": true,
+      "requires": {
+        "@types/json-buffer": "~3.0.0",
+        "json-buffer": "~3.0.1"
+      }
     },
     "concat-map": {
       "version": "0.0.1",
       "resolved": "https://registry.npmjs.org/concat-map/-/concat-map-0.0.1.tgz",
-      "integrity": "sha1-2Klr13/Wjfd5OnMDajug1UBdR3s="
+      "integrity": "sha512-/Srv4dswyQNBfohGpz9o6Yb3Gz3SrUDqBH5rTuhGR7ahtlbYKnVxw2bCFMRljaA7EXHaXZ8wsHdodFvbkhKmqg=="
     },
     "concurrently": {
       "version": "6.5.1",
@@ -4115,7 +4164,7 @@
     "console.table": {
       "version": "0.10.0",
       "resolved": "https://registry.npmjs.org/console.table/-/console.table-0.10.0.tgz",
-      "integrity": "sha1-CRcCVYiHW+/XDPLv9L7yxuLXXQQ=",
+      "integrity": "sha512-dPyZofqggxuvSf7WXvNjuRfnsOk1YazkVP8FdxH4tcH2c37wc79/Yl6Bhr7Lsu00KMgy2ql/qCMuNu8xctZM8g==",
       "requires": {
         "easy-table": "1.1.0"
       }
@@ -4123,7 +4172,7 @@
     "core-util-is": {
       "version": "1.0.2",
       "resolved": "https://registry.npmjs.org/core-util-is/-/core-util-is-1.0.2.tgz",
-      "integrity": "sha1-tf1UIgqivFq1eqtxQMlAdUUDwac=",
+      "integrity": "sha512-3lqz5YjWTYnW6dlDa5TLaTCcShfar1e40rmcJVwCBJC6mWlFuj0eCHIElmG1g5kyuJ/GD+8Wn4FFCcz4gJPfaQ==",
       "dev": true
     },
     "cross-spawn": {
@@ -4138,9 +4187,9 @@
       }
     },
     "cypress": {
-      "version": "9.5.1",
-      "resolved": "https://registry.npmjs.org/cypress/-/cypress-9.5.1.tgz",
-      "integrity": "sha512-H7lUWB3Svr44gz1rNnj941xmdsCljXoJa2cDneAltjI9leKLMQLm30x6jLlpQ730tiVtIbW5HdUmBzPzwzfUQg==",
+      "version": "9.7.0",
+      "resolved": "https://registry.npmjs.org/cypress/-/cypress-9.7.0.tgz",
+      "integrity": "sha512-+1EE1nuuuwIt/N1KXRR2iWHU+OiIt7H28jJDyyI4tiUftId/DrXYEwoDa5+kH2pki1zxnA0r6HrUGHV5eLbF5Q==",
       "dev": true,
       "requires": {
         "@cypress/request": "^2.88.10",
@@ -4175,7 +4224,7 @@
         "listr2": "^3.8.3",
         "lodash": "^4.17.21",
         "log-symbols": "^4.0.0",
-        "minimist": "^1.2.5",
+        "minimist": "^1.2.6",
         "ospath": "^1.2.2",
         "pretty-bytes": "^5.6.0",
         "proxy-from-env": "1.0.0",
@@ -4188,9 +4237,9 @@
       },
       "dependencies": {
         "@types/node": {
-          "version": "14.18.11",
-          "resolved": "https://registry.npmjs.org/@types/node/-/node-14.18.11.tgz",
-          "integrity": "sha512-zCoCEMA+IPpsRkyCFBqew5vGb7r8RSiB3uwdu/map7uwLAfu1MTazW26/pUDWoNnF88vJz4W3U56i5gtXNqxGg==",
+          "version": "14.18.21",
+          "resolved": "https://registry.npmjs.org/@types/node/-/node-14.18.21.tgz",
+          "integrity": "sha512-x5W9s+8P4XteaxT/jKF0PSb7XEvo5VmqEWgsMlyeY4ZlLK8I6aH6g5TPPyDlLAep+GYf4kefb7HFyc7PAO3m+Q==",
           "dev": true
         },
         "commander": {
@@ -4225,7 +4274,7 @@
     "dashdash": {
       "version": "1.14.1",
       "resolved": "https://registry.npmjs.org/dashdash/-/dashdash-1.14.1.tgz",
-      "integrity": "sha1-hTz6D3y+L+1d4gMmuN1YEDX24vA=",
+      "integrity": "sha512-jRFi8UDGo6j+odZiEpjazZaWqEal3w/basFjQHQEwVtZJGDpxbH1MeYluwCS8Xq5wmLJooDlMgvVarmWfGM44g==",
       "dev": true,
       "requires": {
         "assert-plus": "^1.0.0"
@@ -4237,15 +4286,15 @@
       "integrity": "sha512-8d35hViGYx/QH0icHYCeLmsLmMUheMmTyV9Fcm6gvNwdw31yXXH+O85sOBJ+OLnLQMKZowvpKb6FgMIQjcpvQw=="
     },
     "dayjs": {
-      "version": "1.10.7",
-      "resolved": "https://registry.npmjs.org/dayjs/-/dayjs-1.10.7.tgz",
-      "integrity": "sha512-P6twpd70BcPK34K26uJ1KT3wlhpuOAPoMwJzpsIWUxHZ7wpmbdZL/hQqBDfz7hGurYSa5PhzdhDHtt319hL3ig==",
+      "version": "1.11.3",
+      "resolved": "https://registry.npmjs.org/dayjs/-/dayjs-1.11.3.tgz",
+      "integrity": "sha512-xxwlswWOlGhzgQ4TKzASQkUhqERI3egRNqgV4ScR8wlANA/A9tZ7miXa44vTTKEq5l7vWoL5G57bG3zA+Kow0A==",
       "dev": true
     },
     "debug": {
-      "version": "4.3.3",
-      "resolved": "https://registry.npmjs.org/debug/-/debug-4.3.3.tgz",
-      "integrity": "sha512-/zxw5+vh1Tfv+4Qn7a5nsbcJKPaSvCDhojn6FEl9vupwK2VCSDtEiEtqr8DFtzYFOdz63LBkxec7DYuc2jon6Q==",
+      "version": "4.3.4",
+      "resolved": "https://registry.npmjs.org/debug/-/debug-4.3.4.tgz",
+      "integrity": "sha512-PRWFHuSU3eDtQJPvnNY7Jcket1j0t5OuOsFzPPzsekD52Zl8qUfFIPEiswXqIvHWGVHOgX+7G/vCNNhehwxfkQ==",
       "dev": true,
       "requires": {
         "ms": "2.1.2"
@@ -4271,7 +4320,7 @@
     "defaults": {
       "version": "1.0.3",
       "resolved": "https://registry.npmjs.org/defaults/-/defaults-1.0.3.tgz",
-      "integrity": "sha1-xlYFHpgX2f8I7YgUd/P+QBnz730=",
+      "integrity": "sha512-s82itHOnYrN0Ib8r+z7laQz3sdE+4FP3d9Q7VLO7U+KRT+CR0GsWuyHxzdAY82I7cXv0G/twrqomTJLOssO5HA==",
       "requires": {
         "clone": "^1.0.2"
       }
@@ -4285,7 +4334,7 @@
     "delayed-stream": {
       "version": "1.0.0",
       "resolved": "https://registry.npmjs.org/delayed-stream/-/delayed-stream-1.0.0.tgz",
-      "integrity": "sha1-3zrhmayt+31ECqrgsp4icrJOxhk=",
+      "integrity": "sha512-ZySD7Nf91aLB0RxL4KGrKHBXl7Eds1DAmEdcoVawXnLD7SDhpNgtuII2aAkg7a7QS41jxPSZ17p4VdGnMHk3MQ==",
       "dev": true
     },
     "detect-indent": {
@@ -4312,7 +4361,7 @@
     "easy-table": {
       "version": "1.1.0",
       "resolved": "https://registry.npmjs.org/easy-table/-/easy-table-1.1.0.tgz",
-      "integrity": "sha1-hvmrTBAvA3G3KXuSplHVgkvIy3M=",
+      "integrity": "sha512-oq33hWOSSnl2Hoh00tZWaIPi1ievrD9aFG82/IgjlycAnW9hHx5PkJiXpxPsgEE+H7BsbVQXFVFST8TEXS6/pA==",
       "requires": {
         "wcwidth": ">=1.0.1"
       }
@@ -4320,7 +4369,7 @@
     "ecc-jsbn": {
       "version": "0.1.2",
       "resolved": "https://registry.npmjs.org/ecc-jsbn/-/ecc-jsbn-0.1.2.tgz",
-      "integrity": "sha1-OoOpBOVDUyh4dMVkt1SThoSamMk=",
+      "integrity": "sha512-eh9O+hwRHNbG4BLTjEl3nw044CkGm5X6LoaCf7LPp7UU8Qrt47JYNi6nPX8xjW97TKGKm1ouctg0QSpZe9qrnw==",
       "dev": true,
       "requires": {
         "jsbn": "~0.1.0",
@@ -4358,7 +4407,7 @@
     "escape-string-regexp": {
       "version": "1.0.5",
       "resolved": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-1.0.5.tgz",
-      "integrity": "sha1-G2HAViGQqN/2rjuyzwIAyhMLhtQ="
+      "integrity": "sha512-vbRorB5FUQWvla16U8R/qgaFIya2qGzwDrNmCZuYKrbdSUMG6I1ZCGQRefkRVhuOkIGVne7BQ35DSfo1qvJqFg=="
     },
     "eventemitter2": {
       "version": "6.4.5",
@@ -4433,7 +4482,7 @@
     "extsprintf": {
       "version": "1.3.0",
       "resolved": "https://registry.npmjs.org/extsprintf/-/extsprintf-1.3.0.tgz",
-      "integrity": "sha1-lpGEQOMEGnpBT4xS48V06zw+HgU=",
+      "integrity": "sha512-11Ndz7Nv+mvAC1j0ktTa7fAb0vLyGGX+rMHNBYQviQDGU0Hw7lhctJANqbPhu9nV9/izT/IntTgZ7Im/9LJs9g==",
       "dev": true
     },
     "fast-glob": {
@@ -4466,7 +4515,7 @@
     "fd-slicer": {
       "version": "1.1.0",
       "resolved": "https://registry.npmjs.org/fd-slicer/-/fd-slicer-1.1.0.tgz",
-      "integrity": "sha1-JcfInLH5B3+IkbvmHY85Dq4lbx4=",
+      "integrity": "sha512-cE1qsB/VwyQozZ+q1dGxR8LBYNZeofhEdUNGSMbQD3Gw2lAzX9Zb3uIU6Ebc/Fmyjo9AWWfnn0AUCHqtevs/8g==",
       "dev": true,
       "requires": {
         "pend": "~1.2.0"
@@ -4490,14 +4539,14 @@
       }
     },
     "follow-redirects": {
-      "version": "1.14.8",
-      "resolved": "https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.14.8.tgz",
-      "integrity": "sha512-1x0S9UVJHsQprFcEC/qnNzBLcIxsjAV905f/UkQxbclCsoTWlacCNOpQa/anodLl2uaEKFhfWOvM2Qg77+15zA=="
+      "version": "1.15.1",
+      "resolved": "https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.15.1.tgz",
+      "integrity": "sha512-yLAMQs+k0b2m7cVxpS1VKJVvoz7SS9Td1zss3XRwXj+ZDH00RJgnuLx7E44wx02kQLrdM3aOOy+FpzS7+8OizA=="
     },
     "forever-agent": {
       "version": "0.6.1",
       "resolved": "https://registry.npmjs.org/forever-agent/-/forever-agent-0.6.1.tgz",
-      "integrity": "sha1-+8cfDEGt6zf5bFd60e1C2P2sypE=",
+      "integrity": "sha512-j0KLYPhm6zeac4lz3oJ3o65qvgQCcPubiyotZrXqEaG4hNagNYO8qdlUrX5vwqv9ohqeT/Z3j6+yW067yWWdUw==",
       "dev": true
     },
     "form-data": {
@@ -4512,9 +4561,9 @@
       }
     },
     "fs-extra": {
-      "version": "10.0.0",
-      "resolved": "https://registry.npmjs.org/fs-extra/-/fs-extra-10.0.0.tgz",
-      "integrity": "sha512-C5owb14u9eJwizKGdchcDUQeFtlSHHthBk8pbX9Vc1PFZrLombudjDnNns88aYslCyF6IY5SUw3Roz6xShcEIQ==",
+      "version": "10.0.1",
+      "resolved": "https://registry.npmjs.org/fs-extra/-/fs-extra-10.0.1.tgz",
+      "integrity": "sha512-NbdoVMZso2Lsrn/QwLXOy6rm0ufY2zEOKCDzJR/0kBsb0E6qed0P3iYK+Ath3BfvXEeu4JhEtXLgILx5psUfag==",
       "requires": {
         "graceful-fs": "^4.2.0",
         "jsonfile": "^6.0.1",
@@ -4524,7 +4573,7 @@
     "fs.realpath": {
       "version": "1.0.0",
       "resolved": "https://registry.npmjs.org/fs.realpath/-/fs.realpath-1.0.0.tgz",
-      "integrity": "sha1-FQStJSMVjKpA20onh8sBQRmU6k8="
+      "integrity": "sha512-OO0pH2lK6a0hZnAdau5ItzHPI6pUlvI7jMVnxUQRtw4owF2wk8lOSabtGDCTP4Ggrg2MbGnWO9X8K1t4+fGMDw=="
     },
     "get-caller-file": {
       "version": "2.0.5",
@@ -4552,7 +4601,7 @@
     "getpass": {
       "version": "0.1.7",
       "resolved": "https://registry.npmjs.org/getpass/-/getpass-0.1.7.tgz",
-      "integrity": "sha1-Xv+OPmhNVprkyysSgmBOi6YhSfo=",
+      "integrity": "sha512-0fzj9JxOLfJ+XGLhR8ze3unN0KZCgZwiSSDz168VERjK8Wl8kVSdcu2kspd4s4wtAa1y/qrVRiAA0WclVsu0ng==",
       "dev": true,
       "requires": {
         "assert-plus": "^1.0.0"
@@ -4612,9 +4661,9 @@
       }
     },
     "got": {
-      "version": "11.8.3",
-      "resolved": "https://registry.npmjs.org/got/-/got-11.8.3.tgz",
-      "integrity": "sha512-7gtQ5KiPh1RtGS9/Jbv1ofDpBFuq42gyfEib+ejaRBJuj/3tQFeR5+gw57e4ipaU8c/rCjvX6fkQz2lyDlGAOg==",
+      "version": "11.8.5",
+      "resolved": "https://registry.npmjs.org/got/-/got-11.8.5.tgz",
+      "integrity": "sha512-o0Je4NvQObAuZPHLFoRSkdG2lTgtcynqymzg2Vupdx6PorhaT5MCbIyXG6d4D94kk8ZG57QeosgdiqfJWhEhlQ==",
       "dev": true,
       "requires": {
         "@sindresorhus/is": "^4.0.0",
@@ -4631,9 +4680,9 @@
       }
     },
     "graceful-fs": {
-      "version": "4.2.9",
-      "resolved": "https://registry.npmjs.org/graceful-fs/-/graceful-fs-4.2.9.tgz",
-      "integrity": "sha512-NtNxqUcXgpW2iMrfqSfR73Glt39K+BLwWsPs94yR63v45T0Wbej7eRmL5cWfwEgqXnmjQp3zaJTshdRW/qC2ZQ=="
+      "version": "4.2.10",
+      "resolved": "https://registry.npmjs.org/graceful-fs/-/graceful-fs-4.2.10.tgz",
+      "integrity": "sha512-9ByhssR2fPVsNZj478qUUbKfmL0+t5BDVyjShtyZZLiK7ZDAArFFfopyOTj0M05wE2tJPisA4iTnnXl2YoPvOA=="
     },
     "has-flag": {
       "version": "4.0.0",
@@ -4701,7 +4750,7 @@
     "inflight": {
       "version": "1.0.6",
       "resolved": "https://registry.npmjs.org/inflight/-/inflight-1.0.6.tgz",
-      "integrity": "sha1-Sb1jMdfQLQwJvJEKEHW6gWW1bfk=",
+      "integrity": "sha512-k92I/b08q4wvFscXCLvqfsHCrjrF7yiXsQuIVvVE7N82W3+aqpzuUdBbfhWcy/FZR3/4IgflMgKLOsvPDrGCJA==",
       "requires": {
         "once": "^1.3.0",
         "wrappy": "1"
@@ -4719,9 +4768,9 @@
       "dev": true
     },
     "inquirer": {
-      "version": "8.2.0",
-      "resolved": "https://registry.npmjs.org/inquirer/-/inquirer-8.2.0.tgz",
-      "integrity": "sha512-0crLweprevJ02tTuA6ThpoAERAGyVILC4sS74uib58Xf/zSr1/ZWtmm7D5CI+bSQEaA04f0K7idaHpQbSWgiVQ==",
+      "version": "8.2.2",
+      "resolved": "https://registry.npmjs.org/inquirer/-/inquirer-8.2.2.tgz",
+      "integrity": "sha512-pG7I/si6K/0X7p1qU+rfWnpTE1UIkTONN1wxtzh0d+dHXtT/JG6qBgLxoyHVsQa8cFABxAPh0pD6uUUHiAoaow==",
       "requires": {
         "ansi-escapes": "^4.2.1",
         "chalk": "^4.1.1",
@@ -4733,7 +4782,7 @@
         "mute-stream": "0.0.8",
         "ora": "^5.4.1",
         "run-async": "^2.4.0",
-        "rxjs": "^7.2.0",
+        "rxjs": "^7.5.5",
         "string-width": "^4.1.0",
         "strip-ansi": "^6.0.0",
         "through": "^2.3.6"
@@ -4810,7 +4859,7 @@
     "is-typedarray": {
       "version": "1.0.0",
       "resolved": "https://registry.npmjs.org/is-typedarray/-/is-typedarray-1.0.0.tgz",
-      "integrity": "sha1-5HnICFjfDBsR3dppQPlgEfzaSpo=",
+      "integrity": "sha512-cyA56iCMHAh5CdzjJIa4aohJyeO1YbwLi3Jc35MmRU6poroFjIGZzUzupGiRPOjgHg9TLu43xbpwXk523fMxKA==",
       "dev": true
     },
     "is-unicode-supported": {
@@ -4821,13 +4870,13 @@
     "isexe": {
       "version": "2.0.0",
       "resolved": "https://registry.npmjs.org/isexe/-/isexe-2.0.0.tgz",
-      "integrity": "sha1-6PvzdNxVb/iUehDcsFctYz8s+hA=",
+      "integrity": "sha512-RHxMLp9lnKHGHRng9QFhRCMbYAcVpn69smSGcq3f36xjgVVWThj4qqLbTLlq7Ssj8B+fIQ1EuCEGI2lKsyQeIw==",
       "dev": true
     },
     "isstream": {
       "version": "0.1.2",
       "resolved": "https://registry.npmjs.org/isstream/-/isstream-0.1.2.tgz",
-      "integrity": "sha1-R+Y/evVa+m+S4VAOaQ64uFKcCZo=",
+      "integrity": "sha512-Yljz7ffyPbrLpLngrMtZ7NduUgVvi6wG9RJ9IUcyCd59YQ911PBJphODUcbOVbqYfxe1wuYf/LJ8PauMRwsM/g==",
       "dev": true
     },
     "iterare": {
@@ -4851,7 +4900,7 @@
     "jsbn": {
       "version": "0.1.1",
       "resolved": "https://registry.npmjs.org/jsbn/-/jsbn-0.1.1.tgz",
-      "integrity": "sha1-peZUwuWi3rXyAdls77yoDA7y9RM=",
+      "integrity": "sha512-UVU9dibq2JcFWxQPA6KCqj5O42VOmAY3zQUfEKxU0KpTGXwNoCjkX1e13eHNvw/xPynt6pU0rZ1htjWTNTSXsg==",
       "dev": true
     },
     "json-buffer": {
@@ -4869,7 +4918,7 @@
     "json-stringify-safe": {
       "version": "5.0.1",
       "resolved": "https://registry.npmjs.org/json-stringify-safe/-/json-stringify-safe-5.0.1.tgz",
-      "integrity": "sha1-Epai1Y/UXxmg9s4B1lcB4sc1tus=",
+      "integrity": "sha512-ZClg6AaYvamvYEE82d3Iyd3vSSIjQ+odgjaTzRuO3s7toCdFKczob2i0zCh7JE8kWn17yvAWhUVxvqGwUalsRA==",
       "dev": true
     },
     "jsonfile": {
@@ -4894,18 +4943,19 @@
       }
     },
     "keyv": {
-      "version": "4.1.1",
-      "resolved": "https://registry.npmjs.org/keyv/-/keyv-4.1.1.tgz",
-      "integrity": "sha512-tGv1yP6snQVDSM4X6yxrv2zzq/EvpW+oYiUz6aueW1u9CtS8RzUQYxxmFwgZlO2jSgCxQbchhxaqXXp2hnKGpQ==",
+      "version": "4.3.2",
+      "resolved": "https://registry.npmjs.org/keyv/-/keyv-4.3.2.tgz",
+      "integrity": "sha512-kn8WmodVBe12lmHpA6W8OY7SNh6wVR+Z+wZESF4iF5FCazaVXGWOtnbnvX0tMQ1bO+/TmOD9LziuYMvrIIs0xw==",
       "dev": true,
       "requires": {
+        "compress-brotli": "^1.3.8",
         "json-buffer": "3.0.1"
       }
     },
     "lazy-ass": {
       "version": "1.6.0",
       "resolved": "https://registry.npmjs.org/lazy-ass/-/lazy-ass-1.6.0.tgz",
-      "integrity": "sha1-eZllXoZGwX8In90YfRUNMyTVRRM=",
+      "integrity": "sha512-cc8oEVoctTvsFZ/Oje/kGnHbpWHYBe8IAJe4C0QNc3t8uM/0Y8+erSz/7Y1ALuXTEZTMvxXwO6YbX1ey3ujiZw==",
       "dev": true
     },
     "listr2": {
@@ -4932,7 +4982,7 @@
     "lodash.once": {
       "version": "4.1.1",
       "resolved": "https://registry.npmjs.org/lodash.once/-/lodash.once-4.1.1.tgz",
-      "integrity": "sha1-DdOXEhPHxW34gJd9UEyI+0cal6w=",
+      "integrity": "sha512-Sb487aTOCr9drQVL8pIxOzVhafOjZN9UU54hiN8PU3uAiSV7lx1yYNpbNmex2PK6dSJoNTSJUUswT651yww3Mg==",
       "dev": true
     },
     "log-symbols": {
@@ -5018,18 +5068,18 @@
       }
     },
     "mime-db": {
-      "version": "1.51.0",
-      "resolved": "https://registry.npmjs.org/mime-db/-/mime-db-1.51.0.tgz",
-      "integrity": "sha512-5y8A56jg7XVQx2mbv1lu49NR4dokRnhZYTtL+KGfaa27uq4pSTXkwQkFJl4pkRMyNFz/EtYDSkiiEHx3F7UN6g==",
+      "version": "1.52.0",
+      "resolved": "https://registry.npmjs.org/mime-db/-/mime-db-1.52.0.tgz",
+      "integrity": "sha512-sPU4uV7dYlvtWJxwwxHD0PuihVNiE7TyAbQ5SWxDCB9mUYvOgroQOwYQQOKPJ8CIbE+1ETVlOoK1UC2nU3gYvg==",
       "dev": true
     },
     "mime-types": {
-      "version": "2.1.34",
-      "resolved": "https://registry.npmjs.org/mime-types/-/mime-types-2.1.34.tgz",
-      "integrity": "sha512-6cP692WwGIs9XXdOO4++N+7qjqv0rqxxVvJ3VHPh/Sc9mVZcQP+ZGhkKiTvWMQRr2tbHkJP/Yn7Y0npb3ZBs4A==",
+      "version": "2.1.35",
+      "resolved": "https://registry.npmjs.org/mime-types/-/mime-types-2.1.35.tgz",
+      "integrity": "sha512-ZDY+bPm5zTTF+YpCrAU9nK0UgICYPT0QtT1NZWFv4s++TNkcgVaT0g6+4R2uI4MjQjzysHB1zxuWL50hzaeXiw==",
       "dev": true,
       "requires": {
-        "mime-db": "1.51.0"
+        "mime-db": "1.52.0"
       }
     },
     "mimic-fn": {
@@ -5044,9 +5094,9 @@
       "dev": true
     },
     "minimatch": {
-      "version": "3.1.1",
-      "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.1.tgz",
-      "integrity": "sha512-reLxBcKUPNBnc/sVtAbxgRVFSegoGeLaSjmphNhcwcolhYLRgtJscn5mRl6YRZNQv40Y7P6JM2YhSIsbL9OB5A==",
+      "version": "3.1.2",
+      "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz",
+      "integrity": "sha512-J7p63hRiAjw1NDEww1W7i37+ByIrOWO5XQQAzZ3VOcL0PNybwpfmV/N05zFAzwQ9USyEcX6t3UO+K5aqBQOIHw==",
       "requires": {
         "brace-expansion": "^1.1.7"
       }
@@ -5092,14 +5142,14 @@
       }
     },
     "object-hash": {
-      "version": "2.2.0",
-      "resolved": "https://registry.npmjs.org/object-hash/-/object-hash-2.2.0.tgz",
-      "integrity": "sha512-gScRMn0bS5fH+IuwyIFgnh9zBdo4DV+6GhygmWM9HyNJSgS0hScp1f5vjtm7oIIOiT9trXrShAkLFSc2IqKNgw=="
+      "version": "3.0.0",
+      "resolved": "https://registry.npmjs.org/object-hash/-/object-hash-3.0.0.tgz",
+      "integrity": "sha512-RSn9F68PjH9HqtltsSnqYC1XXoWe9Bju5+213R98cNGttag9q9yAOTzdbsqvIa7aNm5WffBZFpWYr2aWrklWAw=="
     },
     "once": {
       "version": "1.4.0",
       "resolved": "https://registry.npmjs.org/once/-/once-1.4.0.tgz",
-      "integrity": "sha1-WDsap3WWHUsROsF9nFC6753Xa9E=",
+      "integrity": "sha512-lNaJgI+2Q5URQBkccEKHTQOPaXdUxnZZElQTZY0MFUAuaEqe1E+Nyvgdz/aIyNi6Z9MzO5dv1H8n58/GELp3+w==",
       "requires": {
         "wrappy": "1"
       }
@@ -5137,12 +5187,12 @@
     "os-tmpdir": {
       "version": "1.0.2",
       "resolved": "https://registry.npmjs.org/os-tmpdir/-/os-tmpdir-1.0.2.tgz",
-      "integrity": "sha1-u+Z0BseaqFxc/sdm/lc0VV36EnQ="
+      "integrity": "sha512-D2FR03Vir7FIu45XBY20mTb+/ZSWB00sjU9jdQXt83gDrI4Ztz5Fs7/yy74g2N5SVQY4xY1qDr4rNddwYRVX0g=="
     },
     "ospath": {
       "version": "1.2.2",
       "resolved": "https://registry.npmjs.org/ospath/-/ospath-1.2.2.tgz",
-      "integrity": "sha1-EnZjl3Sj+O8lcvf+QoDg6kVQwHs=",
+      "integrity": "sha512-o6E5qJV5zkAbIDNhGSIlyOhScKXgQrSRMilfph0clDfM0nEnBOlKlH4sWDmG95BW/CvwNz0vmm7dJVtU2KlMiA==",
       "dev": true
     },
     "otplib": {
@@ -5174,7 +5224,7 @@
     "path-is-absolute": {
       "version": "1.0.1",
       "resolved": "https://registry.npmjs.org/path-is-absolute/-/path-is-absolute-1.0.1.tgz",
-      "integrity": "sha1-F0uSaHNVNP+8es5r9TpanhtcX18="
+      "integrity": "sha512-AVbw3UJ2e9bq64vSaS9Am0fje1Pa8pbGqTTsmXfaIiMpnr5DlDhfJOuLj9Sf95ZPVDAUerDfEk88MPmPe7UCQg=="
     },
     "path-key": {
       "version": "3.1.1",
@@ -5196,13 +5246,13 @@
     "pend": {
       "version": "1.2.0",
       "resolved": "https://registry.npmjs.org/pend/-/pend-1.2.0.tgz",
-      "integrity": "sha1-elfrVQpng/kRUzH89GY9XI4AelA=",
+      "integrity": "sha512-F3asv42UuXchdzt+xXqfW1OGlVBe+mxa2mqI0pg5yAHZPvFmY3Y6drSf/GQ1A86WgWEN9Kzh/WrgKa6iGcHXLg==",
       "dev": true
     },
     "performance-now": {
       "version": "2.1.0",
       "resolved": "https://registry.npmjs.org/performance-now/-/performance-now-2.1.0.tgz",
-      "integrity": "sha1-Ywn04OX6kT7BxpMHrjZLSzd8nns=",
+      "integrity": "sha512-7EAHlyLHI56VEIdK57uwHdHKIaAGbnXPiw0yWbarQZOKaKpvUIgW0jWRVLiatnM+XXlSwsanIBH/hzGMJulMow==",
       "dev": true
     },
     "picomatch": {
@@ -5214,7 +5264,7 @@
     "pify": {
       "version": "2.3.0",
       "resolved": "https://registry.npmjs.org/pify/-/pify-2.3.0.tgz",
-      "integrity": "sha1-7RQaasBDqEnqWISY59yosVMw6Qw=",
+      "integrity": "sha512-udgsAY+fTnvv7kI7aaxbqwWNb0AHiB0qBO89PZKPkoTmGOgdbrHDKD+0B2X4uTfJ/FT1R09r9gTsjUjNJotuog==",
       "dev": true
     },
     "prettier": {
@@ -5241,7 +5291,7 @@
     "proxy-from-env": {
       "version": "1.0.0",
       "resolved": "https://registry.npmjs.org/proxy-from-env/-/proxy-from-env-1.0.0.tgz",
-      "integrity": "sha1-M8UDmPcOp+uW0h97gXYwpVeRx+4=",
+      "integrity": "sha512-F2JHgJQ1iqwnHDcQjVBsq3n/uoaFL+iPW/eAeL7kVxy/2RrWaN4WroKjjvbsoRtv0ftelNyC01bjRhn/bhcf4A==",
       "dev": true
     },
     "psl": {
@@ -5302,7 +5352,7 @@
     "request-progress": {
       "version": "3.0.0",
       "resolved": "https://registry.npmjs.org/request-progress/-/request-progress-3.0.0.tgz",
-      "integrity": "sha1-TKdUCBx/7GP1BeT6qCWqBs1mnb4=",
+      "integrity": "sha512-MnWzEHHaxHO2iWiQuHrUPBi/1WeBf5PkxQqNyNvLl9VAYSdXkP8tQ3pBSeCPD+yw0v0Aq1zosWLz0BdeXpWwZg==",
       "dev": true,
       "requires": {
         "throttleit": "^1.0.0"
@@ -5311,7 +5361,7 @@
     "require-directory": {
       "version": "2.1.1",
       "resolved": "https://registry.npmjs.org/require-directory/-/require-directory-2.1.1.tgz",
-      "integrity": "sha1-jGStX9MNqxyXbiNE/+f3kqam30I="
+      "integrity": "sha512-fGxEI7+wsG9xrvdjsrlmL22OMTTiHRwAMroiEeMgq8gzoLC/PQr7RsRDSTLUg/bZAZtF+TVIkHc6/4RIKrui+Q=="
     },
     "resolve-alpn": {
       "version": "1.2.1",
@@ -5373,17 +5423,17 @@
       }
     },
     "rxjs": {
-      "version": "7.5.2",
-      "resolved": "https://registry.npmjs.org/rxjs/-/rxjs-7.5.2.tgz",
-      "integrity": "sha512-PwDt186XaL3QN5qXj/H9DGyHhP3/RYYgZZwqBv9Tv8rsAaiwFH1IsJJlcgD37J7UW5a6O67qX0KWKS3/pu0m4w==",
+      "version": "7.5.5",
+      "resolved": "https://registry.npmjs.org/rxjs/-/rxjs-7.5.5.tgz",
+      "integrity": "sha512-sy+H0pQofO95VDmFLzyaw9xNJU4KTRSwQIGM6+iG3SypAtCiLDzpeG8sJrNCWn2Up9km+KhkvTdbkrdy+yzZdw==",
       "requires": {
         "tslib": "^2.1.0"
       },
       "dependencies": {
         "tslib": {
-          "version": "2.3.1",
-          "resolved": "https://registry.npmjs.org/tslib/-/tslib-2.3.1.tgz",
-          "integrity": "sha512-77EbyPPpMz+FRFRuAFlWMtmgUWGe9UOG2Z25NqCwiIjRhOf5iKGuzSe5P2w1laq+FkRy4p+PCuVkJSGkzTEKVw=="
+          "version": "2.4.0",
+          "resolved": "https://registry.npmjs.org/tslib/-/tslib-2.4.0.tgz",
+          "integrity": "sha512-d6xOpEDfsi2CZVlPQzGeux8XMwLT9hssAsaPYExaQMuYskwb+x1x7J371tWlbBdWHroy99KnVB6qIkUbs5X3UQ=="
         }
       }
     },
@@ -5398,9 +5448,9 @@
       "integrity": "sha512-YZo3K82SD7Riyi0E1EQPojLz7kpepnSQI9IyPbHHg1XXXevb5dJI7tpyN2ADxGcQbHG7vcyRHk0cbwqcQriUtg=="
     },
     "semver": {
-      "version": "7.3.5",
-      "resolved": "https://registry.npmjs.org/semver/-/semver-7.3.5.tgz",
-      "integrity": "sha512-PoeGJYh8HK4BTO/a9Tf6ZG3veo/A7ZVsYrSA6J8ny9nb3B1VrpkuN+z9OE5wfE5p6H4LchYZsegiQgbJD94ZFQ==",
+      "version": "7.3.7",
+      "resolved": "https://registry.npmjs.org/semver/-/semver-7.3.7.tgz",
+      "integrity": "sha512-QlYTucUYOews+WeEujDoEGziz4K6c47V/Bd+LjSSYcA94p+DmINdf7ncaUinThfvZyu13lN9OY1XDxt8C0Tw0g==",
       "dev": true,
       "requires": {
         "lru-cache": "^6.0.0"
@@ -5466,12 +5516,12 @@
     "spawn-command": {
       "version": "0.0.2-1",
       "resolved": "https://registry.npmjs.org/spawn-command/-/spawn-command-0.0.2-1.tgz",
-      "integrity": "sha1-YvXpRmmBwbeW3Fkpk34RycaSG9A="
+      "integrity": "sha512-n98l9E2RMSJ9ON1AKisHzz7V42VDiBQGY6PB1BwRglz99wpVsSuGzQ+jOi6lFXBGVTCrRpltvjm+/XA+tpeJrg=="
     },
     "sprintf-js": {
       "version": "1.0.3",
       "resolved": "https://registry.npmjs.org/sprintf-js/-/sprintf-js-1.0.3.tgz",
-      "integrity": "sha1-BOaSb2YolTVPPdAVIDYzuFcpfiw="
+      "integrity": "sha512-D9cPgkvLlV3t3IzL0D0YLvGA9Ahk4PcvVwUbN0dSGr1aP0Nrt4AEnTUbuGvquEC0mA64Gqt1fzirlRs5ibXx8g=="
     },
     "sshpk": {
       "version": "1.17.0",
@@ -5533,19 +5583,19 @@
     "thirty-two": {
       "version": "1.0.2",
       "resolved": "https://registry.npmjs.org/thirty-two/-/thirty-two-1.0.2.tgz",
-      "integrity": "sha1-TKL//AKlEpDSdEueP1V2k8prYno=",
+      "integrity": "sha512-OEI0IWCe+Dw46019YLl6V10Us5bi574EvlJEOcAkB29IzQ/mYD1A6RyNHLjZPiHCmuodxvgF6U+vZO1L15lxVA==",
       "dev": true
     },
     "throttleit": {
       "version": "1.0.0",
       "resolved": "https://registry.npmjs.org/throttleit/-/throttleit-1.0.0.tgz",
-      "integrity": "sha1-nnhYNtr0Z0MUWlmEtiaNgoUorGw=",
+      "integrity": "sha512-rkTVqu6IjfQ/6+uNuuc3sZek4CEYxTJom3IktzgdSxcZqdARuebbA/f4QmAxMQIxqq9ZLEUkSYqvuk1I6VKq4g==",
       "dev": true
     },
     "through": {
       "version": "2.3.8",
       "resolved": "https://registry.npmjs.org/through/-/through-2.3.8.tgz",
-      "integrity": "sha1-DdTJ/6q8NXlgsbckEV1+Doai4fU="
+      "integrity": "sha512-w89qg7PI8wAdvX60bMDP+bFoD5Dvhm9oLheFp5O4a2QF0cSBGsBX4qZmadPMvVqlLJBBci+WqGGOAPvcDeNSVg=="
     },
     "tmp": {
       "version": "0.2.1",
@@ -5578,7 +5628,7 @@
     "tr46": {
       "version": "0.0.3",
       "resolved": "https://registry.npmjs.org/tr46/-/tr46-0.0.3.tgz",
-      "integrity": "sha1-gYT9NH2snNwYWZLzpmIuFLnZq2o="
+      "integrity": "sha512-N3WMsuqV66lT30CrXNbEjx4GEwlow3v6rr4mCcv6prnfwhS01rkgyFdjPNBYd9br7LpXV1+Emh01fHnq2Gdgrw=="
     },
     "tree-kill": {
       "version": "1.2.2",
@@ -5593,7 +5643,7 @@
     "tunnel-agent": {
       "version": "0.6.0",
       "resolved": "https://registry.npmjs.org/tunnel-agent/-/tunnel-agent-0.6.0.tgz",
-      "integrity": "sha1-J6XeoGs2sEoKmWZ3SykIaPD8QP0=",
+      "integrity": "sha512-McnNiV1l8RYeY8tBgEpuodCC1mLUdbSN+CYBL7kJsJNInOP8UjDDEwdk6Mw60vdLLrr5NHKZhMAOSrR2NZuQ+w==",
       "dev": true,
       "requires": {
         "safe-buffer": "^5.0.1"
@@ -5602,7 +5652,7 @@
     "tweetnacl": {
       "version": "0.14.5",
       "resolved": "https://registry.npmjs.org/tweetnacl/-/tweetnacl-0.14.5.tgz",
-      "integrity": "sha1-WuaBd/GS1EViadEIr6k/+HQ/T2Q=",
+      "integrity": "sha512-KXXFFdAbFXY4geFIwoyNK+f5Z1b7swfXABfL7HXCmoIWMKU3dmS26672A4EeQtDzLKy7SXmfBu51JolvEKwtGA==",
       "dev": true
     },
     "type-fest": {
@@ -5611,9 +5661,9 @@
       "integrity": "sha512-t0rzBq87m3fVcduHDUFhKmyyX+9eo6WQjZvf51Ea/M0Q7+T374Jp1aUiyUl0GKxp8M/OETVHSDvmkyPgvX+X2w=="
     },
     "typescript": {
-      "version": "4.5.5",
-      "resolved": "https://registry.npmjs.org/typescript/-/typescript-4.5.5.tgz",
-      "integrity": "sha512-TCTIul70LyWe6IJWT8QSYeA54WQe8EjQFU4wY52Fasj5UKx88LNYKCgBEHcOMOrFF1rKGbD8v/xcNWVUq9SymA==",
+      "version": "4.7.4",
+      "resolved": "https://registry.npmjs.org/typescript/-/typescript-4.7.4.tgz",
+      "integrity": "sha512-C0WQT0gezHuw6AdY1M2jxUO83Rjf0HP7Sk1DtXj6j1EwkQNZrHAg2XPWlq62oqEhYvONq5pkC2Y9oPljWToLmQ==",
       "dev": true
     },
     "universalify": {
@@ -5630,7 +5680,7 @@
     "util-deprecate": {
       "version": "1.0.2",
       "resolved": "https://registry.npmjs.org/util-deprecate/-/util-deprecate-1.0.2.tgz",
-      "integrity": "sha1-RQ1Nyfpw3nMnYvvS1KKJgUGaDM8="
+      "integrity": "sha512-EPD5q1uXyFxJpCrLnCc1nHnq3gOa6DZBocAIiI2TaSCA7VCJ1UJDMagCzIkXNsUYfD1daK//LTEQ8xiIbrHtcw=="
     },
     "uuid": {
       "version": "8.3.2",
@@ -5640,7 +5690,7 @@
     "verror": {
       "version": "1.10.0",
       "resolved": "https://registry.npmjs.org/verror/-/verror-1.10.0.tgz",
-      "integrity": "sha1-OhBcoXBTr1XW4nDB+CiGguGNpAA=",
+      "integrity": "sha512-ZZKSmDAEFOijERBLkmYfJ+vmk3w+7hOLYDNkRCuRuMJGEmqYNCNLyBBFwWKVMhfwaEF3WOd0Zlw86U/WC/+nYw==",
       "dev": true,
       "requires": {
         "assert-plus": "^1.0.0",
@@ -5690,7 +5740,7 @@
     "wcwidth": {
       "version": "1.0.1",
       "resolved": "https://registry.npmjs.org/wcwidth/-/wcwidth-1.0.1.tgz",
-      "integrity": "sha1-8LDc+RW8X/FSivrbLA4XtTLaL+g=",
+      "integrity": "sha512-XHPEwS0q6TaxcvG85+8EYkbiCux2XtWG2mkc47Ng2A77BQu9+DqIOJldST4HgPkuea7dvKSj5VgX3P1d4rW8Tg==",
       "requires": {
         "defaults": "^1.0.3"
       }
@@ -5698,12 +5748,12 @@
     "webidl-conversions": {
       "version": "3.0.1",
       "resolved": "https://registry.npmjs.org/webidl-conversions/-/webidl-conversions-3.0.1.tgz",
-      "integrity": "sha1-JFNCdeKnvGvnvIZhHMFq4KVlSHE="
+      "integrity": "sha512-2JAn3z8AR6rjK8Sm8orRC0h/bcl/DqL7tRPdGZ4I1CjdF+EaMLmYxBHyXuKL849eucPFhvBoxMsflfOb8kxaeQ=="
     },
     "whatwg-url": {
       "version": "5.0.0",
       "resolved": "https://registry.npmjs.org/whatwg-url/-/whatwg-url-5.0.0.tgz",
-      "integrity": "sha1-lmRU6HZUYuN2RNNib2dCzotwll0=",
+      "integrity": "sha512-saE57nupxk6v3HY35+jzBwYa0rKSy0XR8JSxZPwgLr7ys0IBzhGviA1/TUGJLmSVqs8pb9AnvICXEuOHLprYTw==",
       "requires": {
         "tr46": "~0.0.3",
         "webidl-conversions": "^3.0.0"
@@ -5731,13 +5781,14 @@
     "wrappy": {
       "version": "1.0.2",
       "resolved": "https://registry.npmjs.org/wrappy/-/wrappy-1.0.2.tgz",
-      "integrity": "sha1-tSQ9jz7BqjXxNkYFvA0QNuMKtp8="
+      "integrity": "sha512-l4Sp/DRseor9wL6EvV2+TuQn63dMkPjZ/sp9XkghTEbV9KlPS1xUsZ3u7/IQO4wxtcFB4bgpQPRcR3QCvezPcQ=="
     },
     "ws": {
-      "version": "7.5.7",
-      "resolved": "https://registry.npmjs.org/ws/-/ws-7.5.7.tgz",
-      "integrity": "sha512-KMvVuFzpKBuiIXW3E4u3mySRO2/mCHSyZDJQM5NQ9Q9KHWHWh0NHgfbRMLLrceUK5qAL4ytALJbpRMjixFZh8A==",
-      "dev": true
+      "version": "7.5.8",
+      "resolved": "https://registry.npmjs.org/ws/-/ws-7.5.8.tgz",
+      "integrity": "sha512-ri1Id1WinAX5Jqn9HejiGb8crfRio0Qgu8+MtL36rlTA6RLsMdWt1Az/19A2Qij6uSHUMphEFaTKa4WG+UNHNw==",
+      "dev": true,
+      "requires": {}
     },
     "y18n": {
       "version": "5.0.8",
@@ -5781,7 +5832,7 @@
     "yauzl": {
       "version": "2.10.0",
       "resolved": "https://registry.npmjs.org/yauzl/-/yauzl-2.10.0.tgz",
-      "integrity": "sha1-x+sXyT4RLLEIb6bY5R+wZnt5pfk=",
+      "integrity": "sha512-p4a9I6X6nu6IhoGmBqAcbJy1mlC4j27vEPZX9F4L4/vZT3Lyq1VkFHw/V/PUcB9Buo+DG3iHkT0x3Qya58zc3g==",
       "dev": true,
       "requires": {
         "buffer-crc32": "~0.2.3",
diff --git a/package.json b/package.json
index 81f8e1fef445..1fcc80b0a229 100644
--- a/package.json
+++ b/package.json
@@ -15,9 +15,10 @@
   "devDependencies": {
     "@ory/kratos-client": "0.0.0-next.8d3b018594f7",
     "@types/node": "^16.9.6",
+    "@types/uuid": "^8.3.4",
     "@types/yamljs": "^0.2.31",
     "chrome-remote-interface": "^0.31.0",
-    "cypress": "^9.5.1",
+    "cypress": "^9.6.0",
     "dayjs": "^1.10.4",
     "got": "^11.8.2",
     "ory-prettier-styles": "1.3.0",
diff --git a/persistence/sql/migratest/fixtures/login_flow/0bc96cc9-dda4-4700-9e42-35731f2af91e.json b/persistence/sql/migratest/fixtures/login_flow/0bc96cc9-dda4-4700-9e42-35731f2af91e.json
index e48e54d97a6b..ab5b570fb780 100644
--- a/persistence/sql/migratest/fixtures/login_flow/0bc96cc9-dda4-4700-9e42-35731f2af91e.json
+++ b/persistence/sql/migratest/fixtures/login_flow/0bc96cc9-dda4-4700-9e42-35731f2af91e.json
@@ -1,5 +1,6 @@
 {
   "id": "0bc96cc9-dda4-4700-9e42-35731f2af91e",
+  "oauth2_login_challenge": null,
   "type": "api",
   "expires_at": "2013-10-07T08:23:19Z",
   "issued_at": "2013-10-07T08:23:19Z",
diff --git a/persistence/sql/migratest/fixtures/login_flow/1fb23c75-b809-42cc-8984-6ca2d0a1192f.json b/persistence/sql/migratest/fixtures/login_flow/1fb23c75-b809-42cc-8984-6ca2d0a1192f.json
index 5f63a7ec006a..d955b7c462e6 100644
--- a/persistence/sql/migratest/fixtures/login_flow/1fb23c75-b809-42cc-8984-6ca2d0a1192f.json
+++ b/persistence/sql/migratest/fixtures/login_flow/1fb23c75-b809-42cc-8984-6ca2d0a1192f.json
@@ -1,5 +1,6 @@
 {
   "id": "1fb23c75-b809-42cc-8984-6ca2d0a1192f",
+  "oauth2_login_challenge": null,
   "type": "api",
   "expires_at": "2013-10-07T08:23:19Z",
   "issued_at": "2013-10-07T08:23:19Z",
diff --git a/persistence/sql/migratest/fixtures/login_flow/202c1981-1e25-47f0-8764-75ad506c2bec.json b/persistence/sql/migratest/fixtures/login_flow/202c1981-1e25-47f0-8764-75ad506c2bec.json
index efbd0740cdfb..3241be100fe9 100644
--- a/persistence/sql/migratest/fixtures/login_flow/202c1981-1e25-47f0-8764-75ad506c2bec.json
+++ b/persistence/sql/migratest/fixtures/login_flow/202c1981-1e25-47f0-8764-75ad506c2bec.json
@@ -1,5 +1,6 @@
 {
   "id": "202c1981-1e25-47f0-8764-75ad506c2bec",
+  "oauth2_login_challenge": null,
   "type": "browser",
   "expires_at": "2013-10-07T08:23:19Z",
   "issued_at": "2013-10-07T08:23:19Z",
diff --git a/persistence/sql/migratest/fixtures/login_flow/349c945a-60f8-436a-a301-7a42c92604f9.json b/persistence/sql/migratest/fixtures/login_flow/349c945a-60f8-436a-a301-7a42c92604f9.json
new file mode 100644
index 000000000000..58c5df35b673
--- /dev/null
+++ b/persistence/sql/migratest/fixtures/login_flow/349c945a-60f8-436a-a301-7a42c92604f9.json
@@ -0,0 +1,17 @@
+{
+  "id": "349c945a-60f8-436a-a301-7a42c92604f9",
+  "oauth2_login_challenge": "3caddfd5-9903-4bce-83ff-cae36f42dff7",
+  "type": "browser",
+  "expires_at": "2013-10-07T08:23:19Z",
+  "issued_at": "2013-10-07T08:23:19Z",
+  "request_url": "http://kratos:4433/self-service/browser/flows/login?login_challenge=3caddfd599034bce83ffcae36f42dff7",
+  "ui": {
+    "action": "",
+    "method": "",
+    "nodes": null
+  },
+  "created_at": "2013-10-07T08:23:19Z",
+  "updated_at": "2013-10-07T08:23:19Z",
+  "refresh": false,
+  "requested_aal": "aal2"
+}
diff --git a/persistence/sql/migratest/fixtures/login_flow/38caf592-b042-4551-b92f-8d5223c2a4e2.json b/persistence/sql/migratest/fixtures/login_flow/38caf592-b042-4551-b92f-8d5223c2a4e2.json
index 084b36a0c0b9..aebfc35ddcbc 100644
--- a/persistence/sql/migratest/fixtures/login_flow/38caf592-b042-4551-b92f-8d5223c2a4e2.json
+++ b/persistence/sql/migratest/fixtures/login_flow/38caf592-b042-4551-b92f-8d5223c2a4e2.json
@@ -1,5 +1,6 @@
 {
   "id": "38caf592-b042-4551-b92f-8d5223c2a4e2",
+  "oauth2_login_challenge": null,
   "type": "api",
   "expires_at": "2013-10-07T08:23:19Z",
   "issued_at": "2013-10-07T08:23:19Z",
diff --git a/persistence/sql/migratest/fixtures/login_flow/3a9ea34f-0f12-469b-9417-3ae5795a7baa.json b/persistence/sql/migratest/fixtures/login_flow/3a9ea34f-0f12-469b-9417-3ae5795a7baa.json
index 13dff119fce0..87ac8cbc5773 100644
--- a/persistence/sql/migratest/fixtures/login_flow/3a9ea34f-0f12-469b-9417-3ae5795a7baa.json
+++ b/persistence/sql/migratest/fixtures/login_flow/3a9ea34f-0f12-469b-9417-3ae5795a7baa.json
@@ -1,5 +1,6 @@
 {
   "id": "3a9ea34f-0f12-469b-9417-3ae5795a7baa",
+  "oauth2_login_challenge": null,
   "type": "browser",
   "expires_at": "2013-10-07T08:23:19Z",
   "issued_at": "2013-10-07T08:23:19Z",
diff --git a/persistence/sql/migratest/fixtures/login_flow/43c99182-bb67-47e1-b564-bb23bd8d4393.json b/persistence/sql/migratest/fixtures/login_flow/43c99182-bb67-47e1-b564-bb23bd8d4393.json
index 5f1529c393b3..cee695fcfea8 100644
--- a/persistence/sql/migratest/fixtures/login_flow/43c99182-bb67-47e1-b564-bb23bd8d4393.json
+++ b/persistence/sql/migratest/fixtures/login_flow/43c99182-bb67-47e1-b564-bb23bd8d4393.json
@@ -1,5 +1,6 @@
 {
   "id": "43c99182-bb67-47e1-b564-bb23bd8d4393",
+  "oauth2_login_challenge": null,
   "type": "browser",
   "expires_at": "2013-10-07T08:23:19Z",
   "issued_at": "2013-10-07T08:23:19Z",
diff --git a/persistence/sql/migratest/fixtures/login_flow/47edd3a8-0998-4779-9469-f4b8ee4430df.json b/persistence/sql/migratest/fixtures/login_flow/47edd3a8-0998-4779-9469-f4b8ee4430df.json
index fe46265a6d2e..698d637c4588 100644
--- a/persistence/sql/migratest/fixtures/login_flow/47edd3a8-0998-4779-9469-f4b8ee4430df.json
+++ b/persistence/sql/migratest/fixtures/login_flow/47edd3a8-0998-4779-9469-f4b8ee4430df.json
@@ -1,5 +1,6 @@
 {
   "id": "47edd3a8-0998-4779-9469-f4b8ee4430df",
+  "oauth2_login_challenge": null,
   "type": "api",
   "expires_at": "2013-10-07T08:23:19Z",
   "issued_at": "2013-10-07T08:23:19Z",
diff --git a/persistence/sql/migratest/fixtures/login_flow/56d94e8b-8a5d-4b7f-8a6e-3259d2b2903e.json b/persistence/sql/migratest/fixtures/login_flow/56d94e8b-8a5d-4b7f-8a6e-3259d2b2903e.json
index 85156c189e4d..cca989cf7d1c 100644
--- a/persistence/sql/migratest/fixtures/login_flow/56d94e8b-8a5d-4b7f-8a6e-3259d2b2903e.json
+++ b/persistence/sql/migratest/fixtures/login_flow/56d94e8b-8a5d-4b7f-8a6e-3259d2b2903e.json
@@ -1,5 +1,6 @@
 {
   "id": "56d94e8b-8a5d-4b7f-8a6e-3259d2b2903e",
+  "oauth2_login_challenge": null,
   "type": "browser",
   "expires_at": "2013-10-07T08:23:19Z",
   "issued_at": "2013-10-07T08:23:19Z",
diff --git a/persistence/sql/migratest/fixtures/login_flow/6d387820-f2f4-4f9f-9980-a90d89e7811f.json b/persistence/sql/migratest/fixtures/login_flow/6d387820-f2f4-4f9f-9980-a90d89e7811f.json
index c38727386af7..87ce37ad7964 100644
--- a/persistence/sql/migratest/fixtures/login_flow/6d387820-f2f4-4f9f-9980-a90d89e7811f.json
+++ b/persistence/sql/migratest/fixtures/login_flow/6d387820-f2f4-4f9f-9980-a90d89e7811f.json
@@ -1,5 +1,6 @@
 {
   "id": "6d387820-f2f4-4f9f-9980-a90d89e7811f",
+  "oauth2_login_challenge": null,
   "type": "browser",
   "expires_at": "2013-10-07T08:23:19Z",
   "issued_at": "2013-10-07T08:23:19Z",
diff --git a/persistence/sql/migratest/fixtures/login_flow/916ded11-aa64-4a27-b06e-96e221a509d7.json b/persistence/sql/migratest/fixtures/login_flow/916ded11-aa64-4a27-b06e-96e221a509d7.json
index eb8ec21e0e31..715afad13121 100644
--- a/persistence/sql/migratest/fixtures/login_flow/916ded11-aa64-4a27-b06e-96e221a509d7.json
+++ b/persistence/sql/migratest/fixtures/login_flow/916ded11-aa64-4a27-b06e-96e221a509d7.json
@@ -1,5 +1,6 @@
 {
   "id": "916ded11-aa64-4a27-b06e-96e221a509d7",
+  "oauth2_login_challenge": null,
   "type": "browser",
   "expires_at": "2013-10-07T08:23:19Z",
   "issued_at": "2013-10-07T08:23:19Z",
diff --git a/persistence/sql/migratest/fixtures/login_flow/99974ce6-388c-4669-a95a-7757ee724020.json b/persistence/sql/migratest/fixtures/login_flow/99974ce6-388c-4669-a95a-7757ee724020.json
index 418e16ebe69b..18ea717cf9cd 100644
--- a/persistence/sql/migratest/fixtures/login_flow/99974ce6-388c-4669-a95a-7757ee724020.json
+++ b/persistence/sql/migratest/fixtures/login_flow/99974ce6-388c-4669-a95a-7757ee724020.json
@@ -1,5 +1,6 @@
 {
   "id": "99974ce6-388c-4669-a95a-7757ee724020",
+  "oauth2_login_challenge": null,
   "type": "browser",
   "expires_at": "2013-10-07T08:23:19Z",
   "issued_at": "2013-10-07T08:23:19Z",
diff --git a/persistence/sql/migratest/fixtures/login_flow/b1fac7fb-d016-4a06-a7fe-e4eab2a0429f.json b/persistence/sql/migratest/fixtures/login_flow/b1fac7fb-d016-4a06-a7fe-e4eab2a0429f.json
index 84eda2f96615..6909c4aa6502 100644
--- a/persistence/sql/migratest/fixtures/login_flow/b1fac7fb-d016-4a06-a7fe-e4eab2a0429f.json
+++ b/persistence/sql/migratest/fixtures/login_flow/b1fac7fb-d016-4a06-a7fe-e4eab2a0429f.json
@@ -1,5 +1,6 @@
 {
   "id": "b1fac7fb-d016-4a06-a7fe-e4eab2a0429f",
+  "oauth2_login_challenge": null,
   "type": "api",
   "expires_at": "2013-10-07T08:23:19Z",
   "issued_at": "2013-10-07T08:23:19Z",
diff --git a/persistence/sql/migratest/fixtures/login_flow/d6aa1f23-88c9-4b9b-a850-392f48c7f9e8.json b/persistence/sql/migratest/fixtures/login_flow/d6aa1f23-88c9-4b9b-a850-392f48c7f9e8.json
index 87ccb1d1dcd0..d5dfa1ed1436 100644
--- a/persistence/sql/migratest/fixtures/login_flow/d6aa1f23-88c9-4b9b-a850-392f48c7f9e8.json
+++ b/persistence/sql/migratest/fixtures/login_flow/d6aa1f23-88c9-4b9b-a850-392f48c7f9e8.json
@@ -1,5 +1,6 @@
 {
   "id": "d6aa1f23-88c9-4b9b-a850-392f48c7f9e8",
+  "oauth2_login_challenge": null,
   "type": "api",
   "expires_at": "2013-10-07T08:23:19Z",
   "issued_at": "2013-10-07T08:23:19Z",
diff --git a/persistence/sql/migratest/fixtures/registration_flow/05a7f09d-4ef3-41fb-958a-6ad74584b36a.json b/persistence/sql/migratest/fixtures/registration_flow/05a7f09d-4ef3-41fb-958a-6ad74584b36a.json
index 1e649d64ad51..2434aecce32b 100644
--- a/persistence/sql/migratest/fixtures/registration_flow/05a7f09d-4ef3-41fb-958a-6ad74584b36a.json
+++ b/persistence/sql/migratest/fixtures/registration_flow/05a7f09d-4ef3-41fb-958a-6ad74584b36a.json
@@ -1,5 +1,6 @@
 {
   "id": "05a7f09d-4ef3-41fb-958a-6ad74584b36a",
+  "oauth2_login_challenge": null,
   "type": "browser",
   "expires_at": "2013-10-07T08:23:19Z",
   "issued_at": "2013-10-07T08:23:19Z",
diff --git a/persistence/sql/migratest/fixtures/registration_flow/22d58184-b97d-44a5-bbaf-0aa8b4000d81.json b/persistence/sql/migratest/fixtures/registration_flow/22d58184-b97d-44a5-bbaf-0aa8b4000d81.json
index 7f90a694387d..462728060917 100644
--- a/persistence/sql/migratest/fixtures/registration_flow/22d58184-b97d-44a5-bbaf-0aa8b4000d81.json
+++ b/persistence/sql/migratest/fixtures/registration_flow/22d58184-b97d-44a5-bbaf-0aa8b4000d81.json
@@ -1,5 +1,6 @@
 {
   "id": "22d58184-b97d-44a5-bbaf-0aa8b4000d81",
+  "oauth2_login_challenge": null,
   "type": "browser",
   "expires_at": "2013-10-07T08:23:19Z",
   "issued_at": "2013-10-07T08:23:19Z",
diff --git a/persistence/sql/migratest/fixtures/registration_flow/2bf132e0-5d40-4df9-9a11-9106e5333735.json b/persistence/sql/migratest/fixtures/registration_flow/2bf132e0-5d40-4df9-9a11-9106e5333735.json
index dbc832d2aa71..ac6f789af892 100644
--- a/persistence/sql/migratest/fixtures/registration_flow/2bf132e0-5d40-4df9-9a11-9106e5333735.json
+++ b/persistence/sql/migratest/fixtures/registration_flow/2bf132e0-5d40-4df9-9a11-9106e5333735.json
@@ -1,5 +1,6 @@
 {
   "id": "2bf132e0-5d40-4df9-9a11-9106e5333735",
+  "oauth2_login_challenge": null,
   "type": "browser",
   "expires_at": "2013-10-07T08:23:19Z",
   "issued_at": "2013-10-07T08:23:19Z",
diff --git a/persistence/sql/migratest/fixtures/registration_flow/696e7022-c466-44f6-89c6-8cf93c06a62a.json b/persistence/sql/migratest/fixtures/registration_flow/696e7022-c466-44f6-89c6-8cf93c06a62a.json
index 6b627d7541f9..76048be0f173 100644
--- a/persistence/sql/migratest/fixtures/registration_flow/696e7022-c466-44f6-89c6-8cf93c06a62a.json
+++ b/persistence/sql/migratest/fixtures/registration_flow/696e7022-c466-44f6-89c6-8cf93c06a62a.json
@@ -1,5 +1,6 @@
 {
   "id": "696e7022-c466-44f6-89c6-8cf93c06a62a",
+  "oauth2_login_challenge": null,
   "type": "api",
   "expires_at": "2013-10-07T08:23:19Z",
   "issued_at": "2013-10-07T08:23:19Z",
diff --git a/persistence/sql/migratest/fixtures/registration_flow/87fa3f43-5155-42b4-a1ad-174c2595fdaf.json b/persistence/sql/migratest/fixtures/registration_flow/87fa3f43-5155-42b4-a1ad-174c2595fdaf.json
index 6a1dcdac29dd..1a41a4488ca3 100644
--- a/persistence/sql/migratest/fixtures/registration_flow/87fa3f43-5155-42b4-a1ad-174c2595fdaf.json
+++ b/persistence/sql/migratest/fixtures/registration_flow/87fa3f43-5155-42b4-a1ad-174c2595fdaf.json
@@ -1,5 +1,6 @@
 {
   "id": "87fa3f43-5155-42b4-a1ad-174c2595fdaf",
+  "oauth2_login_challenge": null,
   "type": "browser",
   "expires_at": "2013-10-07T08:23:19Z",
   "issued_at": "2013-10-07T08:23:19Z",
diff --git a/persistence/sql/migratest/fixtures/registration_flow/8ef215a9-e8d5-43b3-9aa3-cb4333562e36.json b/persistence/sql/migratest/fixtures/registration_flow/8ef215a9-e8d5-43b3-9aa3-cb4333562e36.json
index ed2e8512fde1..91fffa409bae 100644
--- a/persistence/sql/migratest/fixtures/registration_flow/8ef215a9-e8d5-43b3-9aa3-cb4333562e36.json
+++ b/persistence/sql/migratest/fixtures/registration_flow/8ef215a9-e8d5-43b3-9aa3-cb4333562e36.json
@@ -1,5 +1,6 @@
 {
   "id": "8ef215a9-e8d5-43b3-9aa3-cb4333562e36",
+  "oauth2_login_challenge": null,
   "type": "api",
   "expires_at": "2013-10-07T08:23:19Z",
   "issued_at": "2013-10-07T08:23:19Z",
diff --git a/persistence/sql/migratest/fixtures/registration_flow/8f32efdc-f6fc-4c27-a3c2-579d109eff60.json b/persistence/sql/migratest/fixtures/registration_flow/8f32efdc-f6fc-4c27-a3c2-579d109eff60.json
index df3f9c392998..e6333958d0d4 100644
--- a/persistence/sql/migratest/fixtures/registration_flow/8f32efdc-f6fc-4c27-a3c2-579d109eff60.json
+++ b/persistence/sql/migratest/fixtures/registration_flow/8f32efdc-f6fc-4c27-a3c2-579d109eff60.json
@@ -1,5 +1,6 @@
 {
   "id": "8f32efdc-f6fc-4c27-a3c2-579d109eff60",
+  "oauth2_login_challenge": null,
   "type": "api",
   "expires_at": "2013-10-07T08:23:19Z",
   "issued_at": "2013-10-07T08:23:19Z",
diff --git a/persistence/sql/migratest/fixtures/registration_flow/9edcf051-1cd0-44cc-bd2f-6ac21f0c24dd.json b/persistence/sql/migratest/fixtures/registration_flow/9edcf051-1cd0-44cc-bd2f-6ac21f0c24dd.json
index 2195263f1574..fb0dcdcb872a 100644
--- a/persistence/sql/migratest/fixtures/registration_flow/9edcf051-1cd0-44cc-bd2f-6ac21f0c24dd.json
+++ b/persistence/sql/migratest/fixtures/registration_flow/9edcf051-1cd0-44cc-bd2f-6ac21f0c24dd.json
@@ -1,5 +1,6 @@
 {
   "id": "9edcf051-1cd0-44cc-bd2f-6ac21f0c24dd",
+  "oauth2_login_challenge": null,
   "type": "browser",
   "expires_at": "2013-10-07T08:23:19Z",
   "issued_at": "2013-10-07T08:23:19Z",
diff --git a/persistence/sql/migratest/fixtures/registration_flow/e2150cdc-23ac-4940-a240-6c79c27ab029.json b/persistence/sql/migratest/fixtures/registration_flow/e2150cdc-23ac-4940-a240-6c79c27ab029.json
index 497f88de81b2..20aad6534059 100644
--- a/persistence/sql/migratest/fixtures/registration_flow/e2150cdc-23ac-4940-a240-6c79c27ab029.json
+++ b/persistence/sql/migratest/fixtures/registration_flow/e2150cdc-23ac-4940-a240-6c79c27ab029.json
@@ -1,5 +1,6 @@
 {
   "id": "e2150cdc-23ac-4940-a240-6c79c27ab029",
+  "oauth2_login_challenge": null,
   "type": "api",
   "expires_at": "2013-10-07T08:23:19Z",
   "issued_at": "2013-10-07T08:23:19Z",
diff --git a/persistence/sql/migratest/fixtures/registration_flow/ef18b06e-4700-4021-9949-ef783cd86be8.json b/persistence/sql/migratest/fixtures/registration_flow/ef18b06e-4700-4021-9949-ef783cd86be8.json
new file mode 100644
index 000000000000..350b0c9fcd20
--- /dev/null
+++ b/persistence/sql/migratest/fixtures/registration_flow/ef18b06e-4700-4021-9949-ef783cd86be8.json
@@ -0,0 +1,14 @@
+{
+  "id": "ef18b06e-4700-4021-9949-ef783cd86be8",
+  "oauth2_login_challenge": "3caddfd5-9903-4bce-83ff-cae36f42dff7",
+  "type": "browser",
+  "expires_at": "2013-10-07T08:23:19Z",
+  "issued_at": "2013-10-07T08:23:19Z",
+  "request_url": "http://kratos:4433/self-service/browser/flows/registration?login_challenge=",
+  "active": "password",
+  "ui": {
+    "action": "",
+    "method": "",
+    "nodes": null
+  }
+}
diff --git a/persistence/sql/migratest/fixtures/registration_flow/f1b5ed18-113a-4a98-aae7-d4eba007199c.json b/persistence/sql/migratest/fixtures/registration_flow/f1b5ed18-113a-4a98-aae7-d4eba007199c.json
index d894073c5468..440430b3f825 100644
--- a/persistence/sql/migratest/fixtures/registration_flow/f1b5ed18-113a-4a98-aae7-d4eba007199c.json
+++ b/persistence/sql/migratest/fixtures/registration_flow/f1b5ed18-113a-4a98-aae7-d4eba007199c.json
@@ -1,5 +1,6 @@
 {
   "id": "f1b5ed18-113a-4a98-aae7-d4eba007199c",
+  "oauth2_login_challenge": null,
   "type": "api",
   "expires_at": "2013-10-07T08:23:19Z",
   "issued_at": "2013-10-07T08:23:19Z",
diff --git a/persistence/sql/migratest/testdata/20220607000001_testdata.sql b/persistence/sql/migratest/testdata/20220607000001_testdata.sql
new file mode 100644
index 000000000000..7093698f4bbd
--- /dev/null
+++ b/persistence/sql/migratest/testdata/20220607000001_testdata.sql
@@ -0,0 +1,11 @@
+INSERT INTO selfservice_login_flows (id, nid, request_url, issued_at, expires_at, active_method, csrf_token, created_at, updated_at, forced, type, ui, requested_aal, internal_context, oauth2_login_challenge)
+VALUES ('349c945a-60f8-436a-a301-7a42c92604f9', '884f556e-eb3a-4b9f-bee3-11345642c6c0',
+        'http://kratos:4433/self-service/browser/flows/login?login_challenge=3caddfd599034bce83ffcae36f42dff7', '2013-10-07 08:23:19', '2013-10-07 08:23:19', '',
+        'fpeVSZ9ZH7YvUkhXsOVEIssxbfauh5lcoQSYxTcN0XkMneg1L42h+HtvisjlNjBF4ElcD2jApCHoJYq2u9sVWg==',
+        '2013-10-07 08:23:19', '2013-10-07 08:23:19', false, 'browser', '{}', 'aal2', '{"foo":"bar"}', '3caddfd5-9903-4bce-83ff-cae36f42dff7');
+
+INSERT INTO selfservice_registration_flows (id, nid, request_url, issued_at, expires_at, active_method, csrf_token, created_at, updated_at, type, ui, internal_context, oauth2_login_challenge)
+VALUES ('ef18b06e-4700-4021-9949-ef783cd86be8', '884f556e-eb3a-4b9f-bee3-11345642c6c0',
+        'http://kratos:4433/self-service/browser/flows/registration?login_challenge=', '2013-10-07 08:23:19', '2013-10-07 08:23:19',
+        'password', 'vYYuhWXBfXKzBC+BlnbDmXfBKsUWY6SU/v04gHF9GYzPjFP51RXDPOc57R7Dpbf+XLkbPNAkmem33Crz/avdrw==',
+        '2013-10-07 08:23:19', '2013-10-07 08:23:19', 'browser', '{}', '{"foo":"bar"}', '3caddfd5-9903-4bce-83ff-cae36f42dff7');
diff --git a/persistence/sql/migrations/sql/20220607000001000000_hydra_login_challenge.cockroach.down.sql b/persistence/sql/migrations/sql/20220607000001000000_hydra_login_challenge.cockroach.down.sql
new file mode 100644
index 000000000000..0bf9f82d296e
--- /dev/null
+++ b/persistence/sql/migrations/sql/20220607000001000000_hydra_login_challenge.cockroach.down.sql
@@ -0,0 +1,2 @@
+ALTER TABLE "selfservice_login_flows" DROP COLUMN "oauth2_login_challenge";
+ALTER TABLE "selfservice_registration_flows" DROP COLUMN "oauth2_login_challenge";
diff --git a/persistence/sql/migrations/sql/20220607000001000000_hydra_login_challenge.cockroach.up.sql b/persistence/sql/migrations/sql/20220607000001000000_hydra_login_challenge.cockroach.up.sql
new file mode 100644
index 000000000000..8a61077cbd13
--- /dev/null
+++ b/persistence/sql/migrations/sql/20220607000001000000_hydra_login_challenge.cockroach.up.sql
@@ -0,0 +1,2 @@
+ALTER TABLE "selfservice_login_flows" ADD COLUMN "oauth2_login_challenge" UUID NULL;
+ALTER TABLE "selfservice_registration_flows" ADD COLUMN "oauth2_login_challenge" UUID NULL;
diff --git a/persistence/sql/migrations/sql/20220607000001000000_hydra_login_challenge.mysql.down.sql b/persistence/sql/migrations/sql/20220607000001000000_hydra_login_challenge.mysql.down.sql
new file mode 100644
index 000000000000..c537f4631d4e
--- /dev/null
+++ b/persistence/sql/migrations/sql/20220607000001000000_hydra_login_challenge.mysql.down.sql
@@ -0,0 +1,2 @@
+ALTER TABLE `selfservice_login_flows` DROP COLUMN `oauth2_login_challenge`;
+ALTER TABLE `selfservice_registration_flows` DROP COLUMN `oauth2_login_challenge`;
diff --git a/persistence/sql/migrations/sql/20220607000001000000_hydra_login_challenge.mysql.up.sql b/persistence/sql/migrations/sql/20220607000001000000_hydra_login_challenge.mysql.up.sql
new file mode 100644
index 000000000000..e4e79074649a
--- /dev/null
+++ b/persistence/sql/migrations/sql/20220607000001000000_hydra_login_challenge.mysql.up.sql
@@ -0,0 +1,2 @@
+ALTER TABLE `selfservice_login_flows` ADD COLUMN `oauth2_login_challenge` CHAR(36) NULL;
+ALTER TABLE `selfservice_registration_flows` ADD COLUMN `oauth2_login_challenge` CHAR(36) NULL;
diff --git a/persistence/sql/migrations/sql/20220607000001000000_hydra_login_challenge.postgres.down.sql b/persistence/sql/migrations/sql/20220607000001000000_hydra_login_challenge.postgres.down.sql
new file mode 100644
index 000000000000..0bf9f82d296e
--- /dev/null
+++ b/persistence/sql/migrations/sql/20220607000001000000_hydra_login_challenge.postgres.down.sql
@@ -0,0 +1,2 @@
+ALTER TABLE "selfservice_login_flows" DROP COLUMN "oauth2_login_challenge";
+ALTER TABLE "selfservice_registration_flows" DROP COLUMN "oauth2_login_challenge";
diff --git a/persistence/sql/migrations/sql/20220607000001000000_hydra_login_challenge.postgres.up.sql b/persistence/sql/migrations/sql/20220607000001000000_hydra_login_challenge.postgres.up.sql
new file mode 100644
index 000000000000..8a61077cbd13
--- /dev/null
+++ b/persistence/sql/migrations/sql/20220607000001000000_hydra_login_challenge.postgres.up.sql
@@ -0,0 +1,2 @@
+ALTER TABLE "selfservice_login_flows" ADD COLUMN "oauth2_login_challenge" UUID NULL;
+ALTER TABLE "selfservice_registration_flows" ADD COLUMN "oauth2_login_challenge" UUID NULL;
diff --git a/persistence/sql/migrations/sql/20220607000001000000_hydra_login_challenge.sqlite3.down.sql b/persistence/sql/migrations/sql/20220607000001000000_hydra_login_challenge.sqlite3.down.sql
new file mode 100644
index 000000000000..0bf9f82d296e
--- /dev/null
+++ b/persistence/sql/migrations/sql/20220607000001000000_hydra_login_challenge.sqlite3.down.sql
@@ -0,0 +1,2 @@
+ALTER TABLE "selfservice_login_flows" DROP COLUMN "oauth2_login_challenge";
+ALTER TABLE "selfservice_registration_flows" DROP COLUMN "oauth2_login_challenge";
diff --git a/persistence/sql/migrations/sql/20220607000001000000_hydra_login_challenge.sqlite3.up.sql b/persistence/sql/migrations/sql/20220607000001000000_hydra_login_challenge.sqlite3.up.sql
new file mode 100644
index 000000000000..be22767a2fd8
--- /dev/null
+++ b/persistence/sql/migrations/sql/20220607000001000000_hydra_login_challenge.sqlite3.up.sql
@@ -0,0 +1,2 @@
+ALTER TABLE "selfservice_login_flows" ADD COLUMN "oauth2_login_challenge" CHAR(36) NULL;
+ALTER TABLE "selfservice_registration_flows" ADD COLUMN "oauth2_login_challenge" CHAR(36) NULL;
diff --git a/request/builder_test.go b/request/builder_test.go
index 10a3dd0f8825..5b993f1f3b15 100644
--- a/request/builder_test.go
+++ b/request/builder_test.go
@@ -103,7 +103,7 @@ func TestBuildRequest(t *testing.T) {
 			rawConfig: `{
 				"url": "https://test.kratos.ory.sh/my_endpoint2",
 				"method": "POST",
-				"header": {
+				"headers": {
 					"Custom-Header": "test"
 				},
 				"body": "file://./stub/test_body.jsonnet"
@@ -194,7 +194,7 @@ func TestBuildRequest(t *testing.T) {
 				"url": "https://test.kratos.ory.sh/my_endpoint6",
 				"method": "POST",
 				"body": "file://./stub/test_body.jsonnet",
-				"header": {
+				"headers": {
 					"Content-Type": "application/x-www-form-urlencoded"
 				},
 				"auth": {
diff --git a/request/config.go b/request/config.go
index caf5061bf326..085b18a76a7f 100644
--- a/request/config.go
+++ b/request/config.go
@@ -17,7 +17,7 @@ type (
 		Method      string      `json:"method"`
 		URL         string      `json:"url"`
 		TemplateURI string      `json:"body"`
-		Header      http.Header `json:"header"`
+		Header      http.Header `json:"headers"`
 		Auth        Auth        `json:"auth,omitempty"`
 	}
 )
@@ -27,7 +27,7 @@ func parseConfig(r json.RawMessage) (*Config, error) {
 		Method      string          `json:"method"`
 		URL         string          `json:"url"`
 		TemplateURI string          `json:"body"`
-		Header      json.RawMessage `json:"header"`
+		Header      json.RawMessage `json:"headers"`
 		Auth        Auth            `json:"auth,omitempty"`
 	}
 
diff --git a/selfservice/flow/login/export_test.go b/selfservice/flow/login/export_test.go
new file mode 100644
index 000000000000..e3566e815eb2
--- /dev/null
+++ b/selfservice/flow/login/export_test.go
@@ -0,0 +1,11 @@
+package login
+
+import (
+	"net/http"
+
+	"github.com/ory/kratos/session"
+)
+
+func RequiresAAL2ForTest(e HookExecutor, r *http.Request, s *session.Session) (bool, error) {
+	return e.requiresAAL2(r, s, nil) // *login.Flow is nil to avoid an import cycle
+}
diff --git a/selfservice/flow/login/flow.go b/selfservice/flow/login/flow.go
index b25e16e9fc71..b8cfedbb8307 100644
--- a/selfservice/flow/login/flow.go
+++ b/selfservice/flow/login/flow.go
@@ -17,7 +17,10 @@ import (
 
 	"github.com/ory/x/stringsx"
 
+	hydraclientgo "github.com/ory/hydra-client-go"
+
 	"github.com/ory/kratos/driver/config"
+	"github.com/ory/kratos/hydra"
 
 	"github.com/ory/kratos/ui/container"
 
@@ -47,6 +50,18 @@ type Flow struct {
 	ID  uuid.UUID `json:"id" faker:"-" db:"id" rw:"r"`
 	NID uuid.UUID `json:"-"  faker:"-" db:"nid"`
 
+	// Ory OAuth 2.0 Login Challenge.
+	//
+	// This value is set using the `login_challenge` query parameter of the registration and login endpoints.
+	// If set will cooperate with Ory OAuth2 and OpenID to act as an OAuth2 server / OpenID Provider.
+	OAuth2LoginChallenge uuid.NullUUID `json:"oauth2_login_challenge,omitempty" faker:"-" db:"oauth2_login_challenge"`
+
+	// HydraLoginRequest is an optional field whose presence indicates that Kratos
+	// is being used as an identity provider in a Hydra OAuth2 flow. Kratos
+	// populates this field by retrieving its value from Hydra and it is used by
+	// the login and consent UIs.
+	HydraLoginRequest *hydraclientgo.LoginRequest `json:"oauth2_login_request,omitempty" faker:"-" db:"-"`
+
 	// Type represents the flow's type which can be either "api" or "browser", depending on the flow interaction.
 	//
 	// required: true
@@ -119,10 +134,16 @@ func NewFlow(conf *config.Config, exp time.Duration, csrf string, r *http.Reques
 		return nil, err
 	}
 
+	hlc, err := hydra.GetLoginChallengeID(conf, r)
+	if err != nil {
+		return nil, err
+	}
+
 	return &Flow{
-		ID:        id,
-		ExpiresAt: now.Add(exp),
-		IssuedAt:  now,
+		ID:                   id,
+		OAuth2LoginChallenge: hlc,
+		ExpiresAt:            now.Add(exp),
+		IssuedAt:             now,
 		UI: &container.Container{
 			Method: "POST",
 			Action: flow.AppendFlowTo(urlx.AppendPaths(conf.SelfPublicURL(r.Context()), RouteSubmitFlow), id).String(),
diff --git a/selfservice/flow/login/flow_test.go b/selfservice/flow/login/flow_test.go
index 5a47a2167a10..7dcee2573865 100644
--- a/selfservice/flow/login/flow_test.go
+++ b/selfservice/flow/login/flow_test.go
@@ -15,6 +15,7 @@ import (
 
 	"github.com/ory/x/jsonx"
 
+	"github.com/ory/kratos/driver/config"
 	"github.com/ory/kratos/identity"
 
 	"github.com/ory/kratos/internal"
@@ -111,6 +112,18 @@ func TestNewFlow(t *testing.T) {
 			assert.Equal(t, "http://ory.sh/", r.RequestURL)
 		})
 	})
+
+	t.Run("should parse login_challenge when Hydra is configured", func(t *testing.T) {
+		_, err := login.NewFlow(conf, 0, "csrf", &http.Request{URL: urlx.ParseOrPanic("https://ory.sh/?login_challenge=badee1"), Host: "ory.sh"}, flow.TypeBrowser)
+		require.Error(t, err)
+
+		conf.MustSet(ctx, config.ViperKeyOAuth2ProviderURL, "https://hydra")
+
+		r, err := login.NewFlow(conf, 0, "csrf", &http.Request{URL: urlx.ParseOrPanic("https://ory.sh/?login_challenge=8aadcb8fc1334186a84c4da9813356d9"), Host: "ory.sh"}, flow.TypeBrowser)
+		require.NoError(t, err)
+		assert.Equal(t, "8aadcb8f-c133-4186-a84c-4da9813356d9", r.OAuth2LoginChallenge.UUID.String())
+	})
+
 }
 
 func TestFlow(t *testing.T) {
diff --git a/selfservice/flow/login/handler.go b/selfservice/flow/login/handler.go
index 1612a30ef9c7..ae3adbe01acf 100644
--- a/selfservice/flow/login/handler.go
+++ b/selfservice/flow/login/handler.go
@@ -2,11 +2,15 @@ package login
 
 import (
 	"net/http"
+	"net/url"
 	"time"
 
 	"github.com/gofrs/uuid"
 
 	"github.com/ory/herodot"
+	hydraclientgo "github.com/ory/hydra-client-go"
+
+	"github.com/ory/kratos/hydra"
 	"github.com/ory/kratos/text"
 	"github.com/ory/x/stringsx"
 
@@ -43,6 +47,7 @@ type (
 		HookExecutorProvider
 		FlowPersistenceProvider
 		errorx.ManagementProvider
+		hydra.HydraProvider
 		StrategyProvider
 		session.HandlerProvider
 		session.ManagementProvider
@@ -94,11 +99,11 @@ func WithFlowReturnTo(returnTo string) FlowOption {
 	}
 }
 
-func (h *Handler) NewLoginFlow(w http.ResponseWriter, r *http.Request, ft flow.Type, opts ...FlowOption) (*Flow, error) {
+func (h *Handler) NewLoginFlow(w http.ResponseWriter, r *http.Request, ft flow.Type, opts ...FlowOption) (*Flow, *session.Session, error) {
 	conf := h.d.Config()
 	f, err := NewFlow(conf, conf.SelfServiceFlowLoginRequestLifespan(r.Context()), h.d.GenerateCSRFToken(r), r, ft)
 	if err != nil {
-		return nil, err
+		return nil, nil, err
 	}
 	for _, o := range opts {
 		o(f)
@@ -114,7 +119,7 @@ func (h *Handler) NewLoginFlow(w http.ResponseWriter, r *http.Request, ft flow.T
 	case cs.AddCase(string(identity.AuthenticatorAssuranceLevel2)):
 		f.RequestedAAL = identity.AuthenticatorAssuranceLevel2
 	default:
-		return nil, errors.WithStack(herodot.ErrBadRequest.WithReasonf("Unable to parse AuthenticationMethod Assurance Level (AAL): %s", cs.ToUnknownCaseErr()))
+		return nil, nil, errors.WithStack(herodot.ErrBadRequest.WithReasonf("Unable to parse AuthenticationMethod Assurance Level (AAL): %s", cs.ToUnknownCaseErr()))
 	}
 
 	// We assume an error means the user has no session
@@ -124,7 +129,7 @@ func (h *Handler) NewLoginFlow(w http.ResponseWriter, r *http.Request, ft flow.T
 
 		// We can not request an AAL > 1 because we must first verify the first factor.
 		if f.RequestedAAL > identity.AuthenticatorAssuranceLevel1 {
-			return nil, errors.WithStack(ErrSessionRequiredForHigherAAL)
+			return nil, nil, errors.WithStack(ErrSessionRequiredForHigherAAL)
 		}
 
 		// We are setting refresh to false if no session exists.
@@ -133,7 +138,7 @@ func (h *Handler) NewLoginFlow(w http.ResponseWriter, r *http.Request, ft flow.T
 		goto preLoginHook
 	} else if err != nil {
 		// Some other error happened - return that one.
-		return nil, err
+		return nil, nil, err
 	} else {
 		// A session exists already
 		if f.Refresh {
@@ -145,13 +150,13 @@ func (h *Handler) NewLoginFlow(w http.ResponseWriter, r *http.Request, ft flow.T
 
 		// If level is 1 we are not requesting AAL -> we are logged in already.
 		if f.RequestedAAL == identity.AuthenticatorAssuranceLevel1 {
-			return nil, errors.WithStack(ErrAlreadyLoggedIn)
+			return nil, sess, errors.WithStack(ErrAlreadyLoggedIn)
 		}
 
 		// We are requesting an assurance level which the session already has. So we are not upgrading the session
 		// in which case we want to return an error.
 		if f.RequestedAAL <= sess.AuthenticatorAssuranceLevel {
-			return nil, errors.WithStack(ErrAlreadyLoggedIn)
+			return nil, sess, errors.WithStack(ErrAlreadyLoggedIn)
 		}
 
 		// Looks like we are requesting an AAL which is higher than what the session has.
@@ -170,12 +175,12 @@ preLoginHook:
 	var s Strategy
 	for _, s = range h.d.LoginStrategies(r.Context()) {
 		if err := s.PopulateLoginMethod(r, f.RequestedAAL, f); err != nil {
-			return nil, err
+			return nil, nil, err
 		}
 	}
 
 	if err := sortNodes(r.Context(), f.UI.Nodes); err != nil {
-		return nil, err
+		return nil, nil, err
 	}
 
 	if f.Type == flow.TypeBrowser {
@@ -184,18 +189,18 @@ preLoginHook:
 
 	if err := h.d.LoginHookExecutor().PreLoginHook(w, r, f); err != nil {
 		h.d.LoginFlowErrorHandler().WriteFlowError(w, r, f, node.DefaultGroup, err)
-		return f, nil
+		return f, sess, nil
 	}
 
 	if err := h.d.LoginFlowPersister().CreateLoginFlow(r.Context(), f); err != nil {
-		return nil, err
+		return nil, nil, err
 	}
 
-	return f, nil
+	return f, nil, nil
 }
 
 func (h *Handler) FromOldFlow(w http.ResponseWriter, r *http.Request, of Flow) (*Flow, error) {
-	nf, err := h.NewLoginFlow(w, r, of.Type)
+	nf, _, err := h.NewLoginFlow(w, r, of.Type)
 	if err != nil {
 		return nil, err
 	}
@@ -267,7 +272,7 @@ type initializeSelfServiceLoginFlowWithoutBrowser struct {
 //	  400: jsonError
 //	  500: jsonError
 func (h *Handler) initAPIFlow(w http.ResponseWriter, r *http.Request, _ httprouter.Params) {
-	f, err := h.NewLoginFlow(w, r, flow.TypeAPI)
+	f, _, err := h.NewLoginFlow(w, r, flow.TypeAPI)
 	if err != nil {
 		h.d.Writer().WriteError(w, r, err)
 		return
@@ -279,6 +284,16 @@ func (h *Handler) initAPIFlow(w http.ResponseWriter, r *http.Request, _ httprout
 // nolint:deadcode,unused
 // swagger:parameters initializeSelfServiceLoginFlowForBrowsers
 type initializeSelfServiceLoginFlowForBrowsers struct {
+	// An optional Hydra login challenge. If present, Kratos will cooperate with
+	// Ory Hydra to act as an OAuth2 identity provider.
+	//
+	// The value for this parameter comes from `login_challenge` URL Query parameter sent to your
+	// application (e.g. `/login?login_challenge=abcde`).
+	//
+	// required: false
+	// in: query
+	HydraLoginChallenge string `json:"login_challenge"`
+
 	// Refresh a login session
 	//
 	// If set to true, this will refresh an existing login session by
@@ -333,6 +348,10 @@ type initializeSelfServiceLoginFlowForBrowsers struct {
 // - `security_csrf_violation`: Unable to fetch the flow because a CSRF violation occurred.
 // - `security_identity_mismatch`: The requested `?return_to` address is not allowed to be used. Adjust this in the configuration!
 //
+// The optional query parameter login_challenge is set when using Kratos with
+// Hydra in an OAuth2 flow. See the oauth2_provider.url configuration
+// option.
+//
 // This endpoint is NOT INTENDED for clients that do not have a browser (Chrome, Firefox, ...) as cookies are needed.
 //
 // More information can be found at [Ory Kratos User Login](https://www.ory.sh/docs/kratos/self-service/flows/user-login) and [User Registration Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-registration).
@@ -348,8 +367,52 @@ type initializeSelfServiceLoginFlowForBrowsers struct {
 //	  400: jsonError
 //	  500: jsonError
 func (h *Handler) initBrowserFlow(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
-	a, err := h.NewLoginFlow(w, r, flow.TypeBrowser)
+	var hlr *hydraclientgo.LoginRequest
+	var hlc uuid.NullUUID
+	if r.URL.Query().Has("login_challenge") {
+		var err error
+		hlc, err = hydra.GetLoginChallengeID(h.d.Config(), r)
+		if err != nil {
+			h.d.SelfServiceErrorManager().Forward(r.Context(), w, r, err)
+			return
+		}
+
+		hlr, err = h.d.Hydra().GetLoginRequest(r.Context(), hlc)
+		if err != nil {
+			h.d.SelfServiceErrorManager().Forward(r.Context(), w, r, errors.WithStack(herodot.ErrInternalServerError.WithReason("Failed to retrieve OAuth 2.0 login request.")))
+			return
+		}
+
+		if !hlr.GetSkip() {
+			q := r.URL.Query()
+			q.Set("refresh", "true")
+			r.URL.RawQuery = q.Encode()
+		}
+	}
+
+	a, sess, err := h.NewLoginFlow(w, r, flow.TypeBrowser)
 	if errors.Is(err, ErrAlreadyLoggedIn) {
+		if hlr != nil {
+			if !hlr.GetSkip() {
+				h.d.SelfServiceErrorManager().Forward(r.Context(), w, r, errors.WithStack(herodot.ErrInternalServerError.WithReason("ErrAlreadyLoggedIn indicated we can skip login, but Hydra asked us to refresh")))
+				return
+			}
+
+			rt, err := h.d.Hydra().AcceptLoginRequest(r.Context(), hlc.UUID, sess.IdentityID.String(), sess.AMR)
+
+			if err != nil {
+				h.d.SelfServiceErrorManager().Forward(r.Context(), w, r, err)
+				return
+			}
+			returnTo, err := url.Parse(rt)
+			if err != nil {
+				h.d.SelfServiceErrorManager().Forward(r.Context(), w, r, errors.WithStack(herodot.ErrInternalServerError.WithReasonf("Unable to parse URL: %s", rt)))
+				return
+			}
+			x.AcceptToRedirectOrJSON(w, r, h.d.Writer(), err, returnTo.String())
+			return
+		}
+
 		returnTo, redirErr := x.SecureRedirectTo(r, h.d.Config().SelfServiceBrowserDefaultReturnTo(r.Context()),
 			x.SecureRedirectAllowSelfServiceURLs(h.d.Config().SelfPublicURL(r.Context())),
 			x.SecureRedirectAllowURLs(h.d.Config().SelfServiceBrowserAllowedReturnToDomains(r.Context())),
@@ -461,6 +524,17 @@ func (h *Handler) fetchFlow(w http.ResponseWriter, r *http.Request, _ httprouter
 		return
 	}
 
+	if ar.OAuth2LoginChallenge.Valid {
+		hlr, err := h.d.Hydra().GetLoginRequest(r.Context(), ar.OAuth2LoginChallenge)
+		if err != nil {
+			// We don't redirect back to the third party on errors because Hydra doesn't
+			// give us the 3rd party return_uri when it redirects to the login UI.
+			h.d.SelfServiceErrorManager().Forward(r.Context(), w, r, err)
+			return
+		}
+		ar.HydraLoginRequest = hlr
+	}
+
 	h.d.Writer().Write(w, r, ar)
 }
 
diff --git a/selfservice/flow/login/handler_test.go b/selfservice/flow/login/handler_test.go
index b6c07ed858c1..2508061bbf21 100644
--- a/selfservice/flow/login/handler_test.go
+++ b/selfservice/flow/login/handler_test.go
@@ -15,6 +15,7 @@ import (
 
 	"github.com/ory/x/sqlxx"
 
+	"github.com/ory/kratos/hydra"
 	"github.com/ory/kratos/selfservice/flow"
 	"github.com/ory/kratos/ui/container"
 
@@ -46,6 +47,7 @@ func init() {
 func TestFlowLifecycle(t *testing.T) {
 	ctx := context.Background()
 	conf, reg := internal.NewFastRegistryWithMocks(t)
+	reg.WithHydra(hydra.NewFakeHydra())
 	router := x.NewRouterPublic()
 	ts, _ := testhelpers.NewKratosServerWithRouters(t, reg, router, x.NewRouterAdmin())
 	loginTS := testhelpers.NewLoginUIFlowEchoServer(t, reg)
@@ -551,6 +553,19 @@ func TestFlowLifecycle(t *testing.T) {
 				require.Equal(t, http.StatusSeeOther, res.StatusCode)
 				defer res.Body.Close()
 			})
+
+			t.Run("case=refuses to parse oauth2 login challenge when Hydra is not configured", func(t *testing.T) {
+				res, body := initAuthenticatedFlow(t, url.Values{"login_challenge": {hydra.FAKE_GET_LOGIN_REQUEST_RETURN_NIL_NIL}}, false)
+				require.Contains(t, res.Request.URL.String(), errorTS.URL)
+				require.Contains(t, string(body), "refusing to parse")
+			})
+
+			conf.MustSet(ctx, config.ViperKeyOAuth2ProviderURL, "https://fake-hydra")
+
+			t.Run("case=oauth2 flow init succeeds", func(t *testing.T) {
+				res, _ := initAuthenticatedFlow(t, url.Values{"login_challenge": {hydra.FAKE_SUCCESS}}, false)
+				require.Contains(t, res.Request.URL.String(), loginTS.URL)
+			})
 		})
 
 		t.Run("case=relative redirect when self-service login ui is a relative URL", func(t *testing.T) {
diff --git a/selfservice/flow/login/hook.go b/selfservice/flow/login/hook.go
index ff1f98d9b635..eddafe0b8030 100644
--- a/selfservice/flow/login/hook.go
+++ b/selfservice/flow/login/hook.go
@@ -9,6 +9,7 @@ import (
 	"github.com/pkg/errors"
 
 	"github.com/ory/kratos/driver/config"
+	"github.com/ory/kratos/hydra"
 	"github.com/ory/kratos/identity"
 	"github.com/ory/kratos/selfservice/flow"
 	"github.com/ory/kratos/session"
@@ -35,6 +36,7 @@ type (
 type (
 	executorDependencies interface {
 		config.Provider
+		hydra.HydraProvider
 		session.ManagementProvider
 		session.PersistenceProvider
 		x.CSRFTokenGeneratorProvider
@@ -63,18 +65,19 @@ func NewHookExecutor(d executorDependencies) *HookExecutor {
 	return &HookExecutor{d: d}
 }
 
-func (e *HookExecutor) requiresAAL2(r *http.Request, s *session.Session, a *Flow) (*session.ErrAALNotSatisfied, bool) {
-	var aalErr *session.ErrAALNotSatisfied
+func (e *HookExecutor) requiresAAL2(r *http.Request, s *session.Session, a *Flow) (bool, error) {
 	err := e.d.SessionManager().DoesSessionSatisfy(r, s, e.d.Config().SessionWhoAmIAAL(r.Context()))
-	if ok := errors.As(err, &aalErr); !ok {
-		return nil, false
-	}
 
-	if err := aalErr.PassReturnToParameter(a.RequestURL); err != nil {
-		return nil, false
+	if aalErr := new(session.ErrAALNotSatisfied); errors.As(err, &aalErr) {
+		if aalErr.PassReturnToAndLoginChallengeParameters(a.RequestURL) != nil {
+			_ = aalErr.WithDetail("pass_request_params_error", "failed to pass request parameters to aalErr.RedirectTo")
+		}
+		return true, aalErr
+	} else if err != nil {
+		return true, errors.WithStack(err)
 	}
 
-	return aalErr, true
+	return false, nil
 }
 
 func (e *HookExecutor) handleLoginError(_ http.ResponseWriter, r *http.Request, g node.UiNodeGroup, f *Flow, i *identity.Identity, flowError error) error {
@@ -162,7 +165,7 @@ func (e *HookExecutor) PostLoginHook(w http.ResponseWriter, r *http.Request, g n
 			Info("Identity authenticated successfully and was issued an Ory Kratos Session Token.")
 
 		response := &APIFlowResponse{Session: s, Token: s.Token}
-		if _, required := e.requiresAAL2(r, s, a); required {
+		if required, _ := e.requiresAAL2(r, s, a); required {
 			// If AAL is not satisfied, we omit the identity to preserve the user's privacy in case of a phishing attack.
 			response.Session.Identity = nil
 		}
@@ -186,7 +189,7 @@ func (e *HookExecutor) PostLoginHook(w http.ResponseWriter, r *http.Request, g n
 		s.Token = ""
 
 		response := &APIFlowResponse{Session: s}
-		if _, required := e.requiresAAL2(r, s, a); required {
+		if required, _ := e.requiresAAL2(r, s, a); required {
 			// If AAL is not satisfied, we omit the identity to preserve the user's privacy in case of a phishing attack.
 			response.Session.Identity = nil
 		}
@@ -195,12 +198,24 @@ func (e *HookExecutor) PostLoginHook(w http.ResponseWriter, r *http.Request, g n
 	}
 
 	// If we detect that whoami would require a higher AAL, we redirect!
-	if aalErr, required := e.requiresAAL2(r, s, a); required {
-		http.Redirect(w, r, aalErr.RedirectTo, http.StatusSeeOther)
-		return nil
+	if _, err := e.requiresAAL2(r, s, a); err != nil {
+		if aalErr := new(session.ErrAALNotSatisfied); errors.As(err, &aalErr) {
+			http.Redirect(w, r, aalErr.RedirectTo, http.StatusSeeOther)
+			return nil
+		}
+		return errors.WithStack(err)
+	}
+
+	finalReturnTo := returnTo.String()
+	if a.OAuth2LoginChallenge.Valid {
+		rt, err := e.d.Hydra().AcceptLoginRequest(r.Context(), a.OAuth2LoginChallenge.UUID, i.ID.String(), s.AMR)
+		if err != nil {
+			return err
+		}
+		finalReturnTo = rt
 	}
 
-	x.ContentNegotiationRedirection(w, r, s.Declassify(), e.d.Writer(), returnTo.String())
+	x.ContentNegotiationRedirection(w, r, s.Declassify(), e.d.Writer(), finalReturnTo)
 	return nil
 }
 
diff --git a/selfservice/flow/login/hook_test.go b/selfservice/flow/login/hook_test.go
index 3f2cf7a237a6..1821a7f29dd9 100644
--- a/selfservice/flow/login/hook_test.go
+++ b/selfservice/flow/login/hook_test.go
@@ -247,6 +247,12 @@ func TestLoginExecutor(t *testing.T) {
 					conf,
 				))
 			})
+
+			t.Run("requiresAAL2 should return true if there's an error", func(t *testing.T) {
+				requiresAAL2, err := login.RequiresAAL2ForTest(*reg.LoginHookExecutor(), &http.Request{}, &session.Session{})
+				require.NotNil(t, err)
+				require.True(t, requiresAAL2)
+			})
 		})
 	}
 }
diff --git a/selfservice/flow/registration/flow.go b/selfservice/flow/registration/flow.go
index eac408c45197..cf3f3ba7e79e 100644
--- a/selfservice/flow/registration/flow.go
+++ b/selfservice/flow/registration/flow.go
@@ -13,7 +13,10 @@ import (
 
 	"github.com/ory/x/sqlxx"
 
+	hydraclientgo "github.com/ory/hydra-client-go"
+
 	"github.com/ory/kratos/driver/config"
+	"github.com/ory/kratos/hydra"
 	"github.com/ory/kratos/ui/container"
 
 	"github.com/gofrs/uuid"
@@ -34,6 +37,18 @@ type Flow struct {
 	// required: true
 	ID uuid.UUID `json:"id" faker:"-" db:"id"`
 
+	// Ory OAuth 2.0 Login Challenge.
+	//
+	// This value is set using the `login_challenge` query parameter of the registration and login endpoints.
+	// If set will cooperate with Ory OAuth2 and OpenID to act as an OAuth2 server / OpenID Provider.
+	OAuth2LoginChallenge uuid.NullUUID `json:"oauth2_login_challenge,omitempty" faker:"-" db:"oauth2_login_challenge"`
+
+	// HydraLoginRequest is an optional field whose presence indicates that Kratos
+	// is being used as an identity provider in a Hydra OAuth2 flow. Kratos
+	// populates this field by retrieving its value from Hydra and it is used by
+	// the login and consent UIs.
+	HydraLoginRequest *hydraclientgo.LoginRequest `json:"oauth2_login_request,omitempty" faker:"-" db:"-"`
+
 	// Type represents the flow's type which can be either "api" or "browser", depending on the flow interaction.
 	//
 	// required: true
@@ -98,11 +113,17 @@ func NewFlow(conf *config.Config, exp time.Duration, csrf string, r *http.Reques
 		return nil, err
 	}
 
+	hlc, err := hydra.GetLoginChallengeID(conf, r)
+	if err != nil {
+		return nil, err
+	}
+
 	return &Flow{
-		ID:         id,
-		ExpiresAt:  now.Add(exp),
-		IssuedAt:   now,
-		RequestURL: requestURL,
+		ID:                   id,
+		OAuth2LoginChallenge: hlc,
+		ExpiresAt:            now.Add(exp),
+		IssuedAt:             now,
+		RequestURL:           requestURL,
 		UI: &container.Container{
 			Method: "POST",
 			Action: flow.AppendFlowTo(urlx.AppendPaths(conf.SelfPublicURL(r.Context()), RouteSubmitFlow), id).String(),
diff --git a/selfservice/flow/registration/flow_test.go b/selfservice/flow/registration/flow_test.go
index bb36c8516287..938c995d49d6 100644
--- a/selfservice/flow/registration/flow_test.go
+++ b/selfservice/flow/registration/flow_test.go
@@ -15,6 +15,7 @@ import (
 
 	"github.com/ory/x/jsonx"
 
+	"github.com/ory/kratos/driver/config"
 	"github.com/ory/kratos/internal"
 
 	"github.com/bxcodec/faker/v3"
@@ -78,6 +79,17 @@ func TestNewFlow(t *testing.T) {
 		require.NoError(t, err)
 		assert.Equal(t, "https://ory.sh/", r.RequestURL)
 	})
+
+	t.Run("should parse login_challenge when Hydra is configured", func(t *testing.T) {
+		_, err := registration.NewFlow(conf, 0, "csrf", &http.Request{URL: urlx.ParseOrPanic("https://ory.sh/?login_challenge=badee1"), Host: "ory.sh"}, flow.TypeBrowser)
+		require.Error(t, err)
+
+		conf.MustSet(ctx, config.ViperKeyOAuth2ProviderURL, "https://hydra")
+
+		r, err := registration.NewFlow(conf, 0, "csrf", &http.Request{URL: urlx.ParseOrPanic("https://ory.sh/?login_challenge=8aadcb8fc1334186a84c4da9813356d9"), Host: "ory.sh"}, flow.TypeBrowser)
+		require.NoError(t, err)
+		assert.Equal(t, "8aadcb8f-c133-4186-a84c-4da9813356d9", r.OAuth2LoginChallenge.UUID.String())
+	})
 }
 
 func TestFlow(t *testing.T) {
diff --git a/selfservice/flow/registration/handler.go b/selfservice/flow/registration/handler.go
index de36b755e9ca..e3199dc3429e 100644
--- a/selfservice/flow/registration/handler.go
+++ b/selfservice/flow/registration/handler.go
@@ -2,8 +2,10 @@ package registration
 
 import (
 	"net/http"
+	"net/url"
 	"time"
 
+	"github.com/ory/kratos/hydra"
 	"github.com/ory/kratos/text"
 
 	"github.com/ory/nosurf"
@@ -21,6 +23,7 @@ import (
 	"github.com/ory/kratos/driver/config"
 	"github.com/ory/kratos/selfservice/errorx"
 	"github.com/ory/kratos/selfservice/flow"
+	"github.com/ory/kratos/selfservice/flow/logout"
 	"github.com/ory/kratos/session"
 	"github.com/ory/kratos/x"
 )
@@ -38,6 +41,7 @@ type (
 	handlerDependencies interface {
 		config.Provider
 		errorx.ManagementProvider
+		hydra.HydraProvider
 		session.HandlerProvider
 		session.ManagementProvider
 		x.WriterProvider
@@ -191,6 +195,19 @@ func (h *Handler) initApiFlow(w http.ResponseWriter, r *http.Request, _ httprout
 // nolint:deadcode,unused
 // swagger:parameters initializeSelfServiceRegistrationFlowForBrowsers
 type initializeSelfServiceRegistrationFlowForBrowsers struct {
+	// Ory OAuth 2.0 Login Challenge.
+	//
+	// If set will cooperate with Ory OAuth2 and OpenID to act as an OAuth2 server / OpenID Provider.
+	//
+	// The value for this parameter comes from `login_challenge` URL Query parameter sent to your
+	// application (e.g. `/registration?login_challenge=abcde`).
+	//
+	// This feature is compatible with Ory Hydra when not running on the Ory Network.
+	//
+	// required: false
+	// in: query
+	LoginChallenge string `json:"login_challenge"`
+
 	// The URL to return the browser to after the flow was completed.
 	//
 	// in: query
@@ -243,7 +260,26 @@ func (h *Handler) initBrowserFlow(w http.ResponseWriter, r *http.Request, ps htt
 		return
 	}
 
-	if _, err := h.d.SessionManager().FetchFromRequest(r.Context(), r); err == nil {
+	if sess, err := h.d.SessionManager().FetchFromRequest(r.Context(), r); err == nil {
+		if r.URL.Query().Has("login_challenge") {
+			logoutUrl := urlx.AppendPaths(h.d.Config().SelfPublicURL(r.Context()), logout.RouteSubmitFlow)
+			self := urlx.CopyWithQuery(
+				urlx.AppendPaths(h.d.Config().SelfPublicURL(r.Context()), RouteInitBrowserFlow),
+				r.URL.Query(),
+			).String()
+
+			http.Redirect(
+				w,
+				r,
+				urlx.CopyWithQuery(logoutUrl, url.Values{
+					"token":     {sess.LogoutToken},
+					"return_to": {self},
+				}).String(),
+				http.StatusFound,
+			)
+			return
+		}
+
 		if x.IsJSONRequest(r) {
 			h.d.Writer().WriteError(w, r, errors.WithStack(ErrAlreadyLoggedIn))
 			return
@@ -354,6 +390,17 @@ func (h *Handler) fetchFlow(w http.ResponseWriter, r *http.Request, ps httproute
 		return
 	}
 
+	if ar.OAuth2LoginChallenge.Valid {
+		hlr, err := h.d.Hydra().GetLoginRequest(r.Context(), ar.OAuth2LoginChallenge)
+		if err != nil {
+			// We don't redirect back to the third party on errors because Hydra doesn't
+			// give us the 3rd party return_uri when it redirects to the login UI.
+			h.d.SelfServiceErrorManager().Forward(r.Context(), w, r, err)
+			return
+		}
+		ar.HydraLoginRequest = hlr
+	}
+
 	h.d.Writer().Write(w, r, ar)
 }
 
diff --git a/selfservice/flow/registration/hook.go b/selfservice/flow/registration/hook.go
index 3fe483a72b87..d2120480ccb5 100644
--- a/selfservice/flow/registration/hook.go
+++ b/selfservice/flow/registration/hook.go
@@ -11,6 +11,7 @@ import (
 	"github.com/ory/x/sqlcon"
 
 	"github.com/ory/kratos/driver/config"
+	"github.com/ory/kratos/hydra"
 	"github.com/ory/kratos/identity"
 	"github.com/ory/kratos/schema"
 	"github.com/ory/kratos/selfservice/flow"
@@ -69,7 +70,9 @@ type (
 		session.PersistenceProvider
 		session.ManagementProvider
 		HooksProvider
+		hydra.HydraProvider
 		x.CSRFTokenGeneratorProvider
+		x.HTTPClientProvider
 		x.LoggingProvider
 		x.WriterProvider
 	}
@@ -202,7 +205,16 @@ func (e *HookExecutor) PostRegistrationHook(w http.ResponseWriter, r *http.Reque
 		return nil
 	}
 
-	x.ContentNegotiationRedirection(w, r, s.Declassify(), e.d.Writer(), returnTo.String())
+	finalReturnTo := returnTo.String()
+	if a.OAuth2LoginChallenge.Valid {
+		cr, err := e.d.Hydra().AcceptLoginRequest(r.Context(), a.OAuth2LoginChallenge.UUID, i.ID.String(), s.AMR)
+		if err != nil {
+			return err
+		}
+		finalReturnTo = cr
+	}
+
+	x.ContentNegotiationRedirection(w, r, s.Declassify(), e.d.Writer(), finalReturnTo)
 	return nil
 }
 
diff --git a/selfservice/strategy/lookup/login_test.go b/selfservice/strategy/lookup/login_test.go
index 8964bc8098ee..34fa084620d0 100644
--- a/selfservice/strategy/lookup/login_test.go
+++ b/selfservice/strategy/lookup/login_test.go
@@ -89,7 +89,7 @@ func TestCompleteLogin(t *testing.T) {
 	}
 
 	doBrowserFlowWithClient := func(t *testing.T, spa bool, v func(url.Values), id *identity.Identity, browserClient *http.Client, forced bool) (string, *http.Response) {
-		f := testhelpers.InitializeLoginFlowViaBrowser(t, browserClient, publicTS, forced, spa, testhelpers.InitFlowWithAAL(identity.AuthenticatorAssuranceLevel2))
+		f := testhelpers.InitializeLoginFlowViaBrowser(t, browserClient, publicTS, forced, spa, false, false, testhelpers.InitFlowWithAAL(identity.AuthenticatorAssuranceLevel2))
 		values := testhelpers.SDKFormFieldsToURLValues(f.Ui.Nodes)
 		values.Set("method", identity.CredentialsTypeLookup.String())
 		v(values)
diff --git a/selfservice/strategy/oidc/strategy_helper_test.go b/selfservice/strategy/oidc/strategy_helper_test.go
index 2f072cd96d64..3d735d7ed16f 100644
--- a/selfservice/strategy/oidc/strategy_helper_test.go
+++ b/selfservice/strategy/oidc/strategy_helper_test.go
@@ -7,7 +7,6 @@ import (
 	"fmt"
 	"io"
 	"net/http"
-	"net/http/cookiejar"
 	"net/http/httptest"
 	"net/url"
 	"os"
@@ -302,29 +301,6 @@ func viperSetProviderConfig(t *testing.T, conf *config.Config, providers ...oidc
 	conf.MustSet(ctx, config.ViperKeySelfServiceStrategyConfig+"."+string(identity.CredentialsTypeOIDC)+".enabled", true)
 }
 
-func newClient(t *testing.T, jar *cookiejar.Jar) *http.Client {
-	if jar == nil {
-		j, err := cookiejar.New(nil)
-		jar = j
-		require.NoError(t, err)
-	}
-	return &http.Client{
-		Jar: jar,
-		CheckRedirect: func(req *http.Request, via []*http.Request) error {
-			if debugRedirects {
-				t.Logf("Redirect: %s", req.URL.String())
-			}
-			if len(via) >= 20 {
-				for k, v := range via {
-					t.Logf("Failed with redirect (%d): %s", k, v.URL.String())
-				}
-				return errors.New("stopped after 20 redirects")
-			}
-			return nil
-		},
-	}
-}
-
 // AssertSystemError asserts an error ui response
 func AssertSystemError(t *testing.T, errTS *httptest.Server, res *http.Response, body []byte, code int, reason string) {
 	require.Contains(t, res.Request.URL.String(), errTS.URL, "%s", body)
diff --git a/selfservice/strategy/oidc/strategy_registration.go b/selfservice/strategy/oidc/strategy_registration.go
index 05c9f624c7d3..a8c6b6ed783f 100644
--- a/selfservice/strategy/oidc/strategy_registration.go
+++ b/selfservice/strategy/oidc/strategy_registration.go
@@ -184,7 +184,7 @@ func (s *Strategy) processRegistration(w http.ResponseWriter, r *http.Request, a
 		}
 
 		// This endpoint only handles browser flow at the moment.
-		ar, err := s.d.LoginHandler().NewLoginFlow(w, r, flow.TypeBrowser, opts...)
+		ar, _, err := s.d.LoginHandler().NewLoginFlow(w, r, flow.TypeBrowser, opts...)
 		if err != nil {
 			return nil, s.handleError(w, r, a, provider.Config().ID, nil, err)
 		}
diff --git a/selfservice/strategy/oidc/strategy_test.go b/selfservice/strategy/oidc/strategy_test.go
index 91a08f00a42c..2f46b61bf62b 100644
--- a/selfservice/strategy/oidc/strategy_test.go
+++ b/selfservice/strategy/oidc/strategy_test.go
@@ -45,8 +45,6 @@ import (
 	"github.com/ory/kratos/x"
 )
 
-const debugRedirects = false
-
 func TestStrategy(t *testing.T) {
 	ctx := context.Background()
 	if testing.Short() {
@@ -138,7 +136,7 @@ func TestStrategy(t *testing.T) {
 
 	var makeRequestWithCookieJar = func(t *testing.T, provider string, action string, fv url.Values, jar *cookiejar.Jar) (*http.Response, []byte) {
 		fv.Set("provider", provider)
-		res, err := newClient(t, jar).PostForm(action, fv)
+		res, err := testhelpers.NewClientWithCookieJar(t, jar, false).PostForm(action, fv)
 		require.NoError(t, err, action)
 
 		body, err := io.ReadAll(res.Body)
@@ -185,7 +183,7 @@ func TestStrategy(t *testing.T) {
 
 	var newLoginFlow = func(t *testing.T, redirectTo string, exp time.Duration) (req *login.Flow) {
 		// Use NewLoginFlow to instantiate the request but change the things we need to control a copy of it.
-		req, err := reg.LoginHandler().NewLoginFlow(httptest.NewRecorder(),
+		req, _, err := reg.LoginHandler().NewLoginFlow(httptest.NewRecorder(),
 			&http.Request{URL: urlx.ParseOrPanic(redirectTo)}, flow.TypeBrowser)
 		require.NoError(t, err)
 		req.RequestURL = redirectTo
diff --git a/selfservice/strategy/password/login_test.go b/selfservice/strategy/password/login_test.go
index 746df44733fd..0fb66528d7ee 100644
--- a/selfservice/strategy/password/login_test.go
+++ b/selfservice/strategy/password/login_test.go
@@ -13,6 +13,7 @@ import (
 	"testing"
 	"time"
 
+	"github.com/ory/kratos/driver"
 	"github.com/ory/kratos/internal/registrationhelpers"
 
 	"github.com/ory/kratos/selfservice/flow"
@@ -45,6 +46,31 @@ import (
 //go:embed stub/login.schema.json
 var loginSchema []byte
 
+func createIdentity(ctx context.Context, reg *driver.RegistryDefault, t *testing.T, identifier, password string) {
+	p, _ := reg.Hasher(ctx).Generate(context.Background(), []byte(password))
+	iId := x.NewUUID()
+	require.NoError(t, reg.PrivilegedIdentityPool().CreateIdentity(context.Background(), &identity.Identity{
+		ID:     iId,
+		Traits: identity.Traits(fmt.Sprintf(`{"subject":"%s"}`, identifier)),
+		Credentials: map[identity.CredentialsType]identity.Credentials{
+			identity.CredentialsTypePassword: {
+				Type:        identity.CredentialsTypePassword,
+				Identifiers: []string{identifier},
+				Config:      sqlxx.JSONRawMessage(`{"hashed_password":"` + string(p) + `"}`),
+			},
+		},
+		VerifiableAddresses: []identity.VerifiableAddress{
+			{
+				ID:         x.NewUUID(),
+				Value:      identifier,
+				Verified:   false,
+				CreatedAt:  time.Now(),
+				IdentityID: iId,
+			},
+		},
+	}))
+}
+
 func TestCompleteLogin(t *testing.T) {
 	ctx := context.Background()
 	conf, reg := internal.NewFastRegistryWithMocks(t)
@@ -70,31 +96,6 @@ func TestCompleteLogin(t *testing.T) {
 			"csrf_token")
 	}
 
-	createIdentity := func(identifier, password string) {
-		p, _ := reg.Hasher(ctx).Generate(context.Background(), []byte(password))
-		iId := x.NewUUID()
-		require.NoError(t, reg.PrivilegedIdentityPool().CreateIdentity(context.Background(), &identity.Identity{
-			ID:     iId,
-			Traits: identity.Traits(fmt.Sprintf(`{"subject":"%s"}`, identifier)),
-			Credentials: map[identity.CredentialsType]identity.Credentials{
-				identity.CredentialsTypePassword: {
-					Type:        identity.CredentialsTypePassword,
-					Identifiers: []string{identifier},
-					Config:      sqlxx.JSONRawMessage(`{"hashed_password":"` + string(p) + `"}`),
-				},
-			},
-			VerifiableAddresses: []identity.VerifiableAddress{
-				{
-					ID:         x.NewUUID(),
-					Value:      identifier,
-					Verified:   false,
-					CreatedAt:  time.Now(),
-					IdentityID: iId,
-				},
-			},
-		}))
-	}
-
 	apiClient := testhelpers.NewDebugClient(t)
 
 	t.Run("case=should show the error ui because the request payload is malformed", func(t *testing.T) {
@@ -109,7 +110,7 @@ func TestCompleteLogin(t *testing.T) {
 
 		t.Run("type=browser", func(t *testing.T) {
 			browserClient := testhelpers.NewClientWithCookies(t)
-			f := testhelpers.InitializeLoginFlowViaBrowser(t, browserClient, publicTS, false, false)
+			f := testhelpers.InitializeLoginFlowViaBrowser(t, browserClient, publicTS, false, false, false, false)
 
 			body, res := testhelpers.LoginMakeRequest(t, false, false, f, browserClient, "14=)=!(%)$/ZP()GHIÖ")
 			assert.Contains(t, res.Request.URL.String(), uiTS.URL+"/login-ts")
@@ -119,7 +120,7 @@ func TestCompleteLogin(t *testing.T) {
 
 		t.Run("type=spa", func(t *testing.T) {
 			browserClient := testhelpers.NewClientWithCookies(t)
-			f := testhelpers.InitializeLoginFlowViaBrowser(t, browserClient, publicTS, false, true)
+			f := testhelpers.InitializeLoginFlowViaBrowser(t, browserClient, publicTS, false, true, false, false)
 
 			body, res := testhelpers.LoginMakeRequest(t, false, true, f, browserClient, "14=)=!(%)$/ZP()GHIÖ")
 			assert.Contains(t, res.Request.URL.String(), publicTS.URL+login.RouteSubmitFlow)
@@ -203,7 +204,7 @@ func TestCompleteLogin(t *testing.T) {
 
 		t.Run("type=browser", func(t *testing.T) {
 			browserClient := testhelpers.NewClientWithCookies(t)
-			f := testhelpers.InitializeLoginFlowViaBrowser(t, browserClient, publicTS, false, false)
+			f := testhelpers.InitializeLoginFlowViaBrowser(t, browserClient, publicTS, false, false, false, false)
 
 			time.Sleep(time.Millisecond * 60)
 			actual, res := testhelpers.LoginMakeRequest(t, false, false, f, browserClient, values.Encode())
@@ -214,7 +215,7 @@ func TestCompleteLogin(t *testing.T) {
 
 		t.Run("type=SPA", func(t *testing.T) {
 			browserClient := testhelpers.NewClientWithCookies(t)
-			f := testhelpers.InitializeLoginFlowViaBrowser(t, browserClient, publicTS, false, true)
+			f := testhelpers.InitializeLoginFlowViaBrowser(t, browserClient, publicTS, false, true, false, false)
 
 			time.Sleep(time.Millisecond * 60)
 			actual, res := testhelpers.LoginMakeRequest(t, false, true, f, apiClient, testhelpers.EncodeFormAsJSON(t, true, values))
@@ -234,7 +235,7 @@ func TestCompleteLogin(t *testing.T) {
 
 		t.Run("case=should fail because of missing CSRF token/type=browser", func(t *testing.T) {
 			browserClient := testhelpers.NewClientWithCookies(t)
-			f := testhelpers.InitializeLoginFlowViaBrowser(t, browserClient, publicTS, false, false)
+			f := testhelpers.InitializeLoginFlowViaBrowser(t, browserClient, publicTS, false, false, false, false)
 
 			actual, res := testhelpers.LoginMakeRequest(t, false, false, f, browserClient, values.Encode())
 			assert.EqualValues(t, http.StatusOK, res.StatusCode)
@@ -244,7 +245,7 @@ func TestCompleteLogin(t *testing.T) {
 
 		t.Run("case=should fail because of missing CSRF token/type=spa", func(t *testing.T) {
 			browserClient := testhelpers.NewClientWithCookies(t)
-			f := testhelpers.InitializeLoginFlowViaBrowser(t, browserClient, publicTS, false, true)
+			f := testhelpers.InitializeLoginFlowViaBrowser(t, browserClient, publicTS, false, true, false, false)
 
 			actual, res := testhelpers.LoginMakeRequest(t, false, true, f, browserClient, values.Encode())
 			assert.EqualValues(t, http.StatusForbidden, res.StatusCode)
@@ -443,7 +444,7 @@ func TestCompleteLogin(t *testing.T) {
 		}
 
 		identifier, pwd := x.NewUUID().String(), "password"
-		createIdentity(identifier, pwd)
+		createIdentity(ctx, reg, t, identifier, pwd)
 
 		var values = func(v url.Values) {
 			v.Set("identifier", identifier)
@@ -464,7 +465,7 @@ func TestCompleteLogin(t *testing.T) {
 
 	t.Run("should pass with real request", func(t *testing.T) {
 		identifier, pwd := x.NewUUID().String(), "password"
-		createIdentity(identifier, pwd)
+		createIdentity(ctx, reg, t, identifier, pwd)
 
 		var values = func(v url.Values) {
 			v.Set("identifier", identifier)
@@ -689,7 +690,7 @@ func TestCompleteLogin(t *testing.T) {
 
 		t.Run("type=browser", func(t *testing.T) {
 			browserClient := testhelpers.NewClientWithCookies(t)
-			f := testhelpers.InitializeLoginFlowViaBrowser(t, browserClient, publicTS, false, false)
+			f := testhelpers.InitializeLoginFlowViaBrowser(t, browserClient, publicTS, false, false, false, false)
 
 			actual, _ := testhelpers.LoginMakeRequest(t, false, false, f, browserClient, valuesFirst(testhelpers.SDKFormFieldsToURLValues(f.Ui.Nodes)).Encode())
 			checkFirst(t, actual)
@@ -700,10 +701,10 @@ func TestCompleteLogin(t *testing.T) {
 
 	t.Run("should be a new session with refresh flag", func(t *testing.T) {
 		identifier, pwd := x.NewUUID().String(), "password"
-		createIdentity(identifier, pwd)
+		createIdentity(ctx, reg, t, identifier, pwd)
 
 		browserClient := testhelpers.NewClientWithCookies(t)
-		f := testhelpers.InitializeLoginFlowViaBrowser(t, browserClient, publicTS, false, false)
+		f := testhelpers.InitializeLoginFlowViaBrowser(t, browserClient, publicTS, false, false, false, false)
 
 		values := url.Values{"method": {"password"}, "identifier": {identifier},
 			"password": {pwd}, "csrf_token": {x.FakeCSRFToken}}.Encode()
@@ -711,7 +712,7 @@ func TestCompleteLogin(t *testing.T) {
 		body1, res := testhelpers.LoginMakeRequest(t, false, false, f, browserClient, values)
 		assert.EqualValues(t, http.StatusOK, res.StatusCode)
 
-		f = testhelpers.InitializeLoginFlowViaBrowser(t, browserClient, publicTS, true, false)
+		f = testhelpers.InitializeLoginFlowViaBrowser(t, browserClient, publicTS, true, false, false, false)
 		body2, res := testhelpers.LoginMakeRequest(t, false, false, f, browserClient, values)
 
 		require.Contains(t, res.Request.URL.Path, "return-ts", "%s", res.Request.URL.String())
@@ -721,10 +722,10 @@ func TestCompleteLogin(t *testing.T) {
 
 	t.Run("should login same identity regardless of identifier capitalization", func(t *testing.T) {
 		identifier, pwd := x.NewUUID().String(), "password"
-		createIdentity(identifier, pwd)
+		createIdentity(ctx, reg, t, identifier, pwd)
 
 		browserClient := testhelpers.NewClientWithCookies(t)
-		f := testhelpers.InitializeLoginFlowViaBrowser(t, browserClient, publicTS, false, false)
+		f := testhelpers.InitializeLoginFlowViaBrowser(t, browserClient, publicTS, false, false, false, false)
 
 		values := url.Values{"method": {"password"}, "identifier": {strings.ToUpper(identifier)}, "password": {pwd}, "csrf_token": {x.FakeCSRFToken}}.Encode()
 
@@ -736,10 +737,10 @@ func TestCompleteLogin(t *testing.T) {
 
 	t.Run("should login even if old form field name is used", func(t *testing.T) {
 		identifier, pwd := x.NewUUID().String(), "password"
-		createIdentity(identifier, pwd)
+		createIdentity(ctx, reg, t, identifier, pwd)
 
 		browserClient := testhelpers.NewClientWithCookies(t)
-		f := testhelpers.InitializeLoginFlowViaBrowser(t, browserClient, publicTS, false, false)
+		f := testhelpers.InitializeLoginFlowViaBrowser(t, browserClient, publicTS, false, false, false, false)
 
 		values := url.Values{"method": {"password"}, "password_identifier": {strings.ToUpper(identifier)}, "password": {pwd}, "csrf_token": {x.FakeCSRFToken}}.Encode()
 
@@ -751,10 +752,10 @@ func TestCompleteLogin(t *testing.T) {
 
 	t.Run("should login same identity regardless of leading or trailing whitespace", func(t *testing.T) {
 		identifier, pwd := x.NewUUID().String(), "password"
-		createIdentity(identifier, pwd)
+		createIdentity(ctx, reg, t, identifier, pwd)
 
 		browserClient := testhelpers.NewClientWithCookies(t)
-		f := testhelpers.InitializeLoginFlowViaBrowser(t, browserClient, publicTS, false, false)
+		f := testhelpers.InitializeLoginFlowViaBrowser(t, browserClient, publicTS, false, false, false, false)
 
 		values := url.Values{"method": {"password"}, "identifier": {"  " + identifier + "  "}, "password": {pwd}, "csrf_token": {x.FakeCSRFToken}}.Encode()
 
@@ -770,7 +771,7 @@ func TestCompleteLogin(t *testing.T) {
 		})
 
 		identifier, pwd := x.NewUUID().String(), "password"
-		createIdentity(identifier, pwd)
+		createIdentity(ctx, reg, t, identifier, pwd)
 
 		var values = func(v url.Values) {
 			v.Set("method", "password")
diff --git a/selfservice/strategy/password/op_login_test.go b/selfservice/strategy/password/op_login_test.go
new file mode 100644
index 000000000000..9d5b360d973b
--- /dev/null
+++ b/selfservice/strategy/password/op_login_test.go
@@ -0,0 +1,338 @@
+package password_test
+
+import (
+	"context"
+	_ "embed"
+	"fmt"
+	"io"
+	"net/http"
+	"net/url"
+	"testing"
+	"time"
+
+	"github.com/phayes/freeport"
+	"github.com/pkg/errors"
+	"github.com/tidwall/gjson"
+	"golang.org/x/oauth2"
+
+	"github.com/ory/dockertest/v3"
+	"github.com/ory/dockertest/v3/docker"
+
+	"github.com/gofrs/uuid"
+
+	"github.com/ory/x/logrusx"
+	"github.com/ory/x/resilience"
+	"github.com/ory/x/urlx"
+
+	hydraclientgo "github.com/ory/hydra-client-go"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+
+	"github.com/ory/kratos/driver/config"
+	"github.com/ory/kratos/hydra"
+	"github.com/ory/kratos/identity"
+	"github.com/ory/kratos/internal"
+	"github.com/ory/kratos/internal/testhelpers"
+	"github.com/ory/kratos/session"
+	"github.com/ory/kratos/x"
+)
+
+func createHydraAdminApiClient(url string) hydraclientgo.AdminApi {
+	configuration := hydraclientgo.NewConfiguration()
+	configuration.Host = urlx.ParseOrPanic(url).Host
+	configuration.Servers = hydraclientgo.ServerConfigurations{{URL: url}}
+
+	return hydraclientgo.NewAPIClient(configuration).AdminApi
+}
+
+func createOAuth2Client(t *testing.T, ctx context.Context, hydraAdmin hydraclientgo.AdminApi, redirectURIs []string, scope string) string {
+	clientName := "kratos-hydra-integration-test-client-1"
+	tokenEndpointAuthMethod := "client_secret_post"
+	clientSecret := "client-secret"
+
+	c, r, err := hydraAdmin.CreateOAuth2Client(ctx).OAuth2Client(
+		hydraclientgo.OAuth2Client{
+			ClientName:              &clientName,
+			RedirectUris:            redirectURIs,
+			Scope:                   &scope,
+			TokenEndpointAuthMethod: &tokenEndpointAuthMethod,
+			ClientSecret:            &clientSecret,
+		},
+	).Execute()
+	require.NoError(t, err)
+	require.Equal(t, r.StatusCode, http.StatusCreated)
+	return *c.ClientId
+}
+
+func makeAuthCodeURL(t *testing.T, c *oauth2.Config, requestedClaims string, isForced bool) string {
+	var options []oauth2.AuthCodeOption
+
+	if isForced {
+		options = append(options, oauth2.SetAuthURLParam("prompt", "login"))
+	}
+	if requestedClaims != "" {
+		options = append(options, oauth2.SetAuthURLParam("claims", requestedClaims))
+	}
+
+	state := fmt.Sprintf("%x", uuid.Must(uuid.NewV4()))
+	return c.AuthCodeURL(state, options...)
+}
+
+func newHydra(t *testing.T, loginUI string, consentUI string) (hydraAdmin string, hydraPublic string) {
+	publicPort, err := freeport.GetFreePort()
+	require.NoError(t, err)
+	adminPort, err := freeport.GetFreePort()
+	require.NoError(t, err)
+
+	pool, err := dockertest.NewPool("")
+	require.NoError(t, err)
+
+	hydra, err := pool.RunWithOptions(&dockertest.RunOptions{
+		Repository: "oryd/hydra",
+		Tag:        "v2.0.0",
+		Env: []string{
+			"DSN=memory",
+			fmt.Sprintf("URLS_SELF_ISSUER=http://127.0.0.1:%d/", publicPort),
+			"URLS_LOGIN=" + loginUI,
+			"URLS_CONSENT=" + consentUI,
+			"LOG_LEAK_SENSITIVE_VALUES=true",
+		},
+		Cmd:          []string{"serve", "all", "--dev"},
+		ExposedPorts: []string{"4444/tcp", "4445/tcp"},
+		PortBindings: map[docker.Port][]docker.PortBinding{
+			"4444/tcp": {{HostPort: fmt.Sprintf("%d/tcp", publicPort)}},
+			"4445/tcp": {{HostPort: fmt.Sprintf("%d/tcp", adminPort)}},
+		},
+	})
+	require.NoError(t, err)
+	t.Cleanup(func() {
+		require.NoError(t, hydra.Close())
+	})
+
+	require.NoError(t, hydra.Expire(uint(60*5)))
+
+	require.NotEmpty(t, hydra.GetPort("4444/tcp"), "%+v", hydra.Container.NetworkSettings.Ports)
+	require.NotEmpty(t, hydra.GetPort("4445/tcp"), "%+v", hydra.Container)
+
+	hydraPublic = "http://127.0.0.1:" + hydra.GetPort("4444/tcp")
+	hydraAdmin = "http://127.0.0.1:" + hydra.GetPort("4445/tcp")
+
+	go pool.Client.Logs(docker.LogsOptions{ErrorStream: TestLogWriter{T: t, streamName: "hydra-stderr"}, OutputStream: TestLogWriter{T: t, streamName: "hydra-stdout"}, Stdout: true, Stderr: true, Follow: true, Container: hydra.Container.ID})
+	hl := logrusx.New("hydra-ready-check", "hydra-ready-check")
+	err = resilience.Retry(hl, time.Second*1, time.Second*5, func() error {
+		pr := hydraPublic + "/health/ready"
+		res, err := http.DefaultClient.Get(pr)
+		if err != nil || res.StatusCode != 200 {
+			return errors.Errorf("Hydra public is not ready at " + pr)
+		}
+
+		ar := hydraAdmin + "/health/ready"
+		res, err = http.DefaultClient.Get(ar)
+		if err != nil && res.StatusCode != 200 {
+			return errors.Errorf("Hydra admin is not ready at " + ar)
+		} else {
+			return nil
+		}
+	})
+	require.NoError(t, err)
+
+	t.Logf("Ory Hydra running at: %s %s", hydraPublic, hydraAdmin)
+
+	return hydraAdmin, hydraPublic
+}
+
+type TestLogWriter struct {
+	streamName string
+	*testing.T
+}
+
+func (t TestLogWriter) Write(p []byte) (int, error) {
+	t.Logf("[%d bytes @ %s]:\n\n%s\n", len(p), t.streamName, string(p))
+	return len(p), nil
+}
+
+func TestOAuth2Provider(t *testing.T) {
+	ctx := context.Background()
+	conf, reg := internal.NewFastRegistryWithMocks(t)
+	conf.MustSet(
+		ctx,
+		config.ViperKeySelfServiceStrategyConfig+"."+string(identity.CredentialsTypePassword),
+		map[string]interface{}{"enabled": true},
+	)
+	router := x.NewRouterPublic()
+	kratosPublicTS, _ := testhelpers.NewKratosServerWithRouters(t, reg, router, x.NewRouterAdmin())
+
+	browserClient := testhelpers.NewClientWithCookieJar(t, nil, true)
+
+	errTS := testhelpers.NewErrorTestServer(t, reg)
+
+	redirTS := testhelpers.NewRedirSessionEchoTS(t, reg)
+
+	oAuthSuccess := false
+	var hydraAdminClient hydraclientgo.AdminApi
+	var clientAppOAuth2Config *oauth2.Config
+
+	clientAppTS := testhelpers.NewHTTPTestServer(t, http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		t.Logf("[clientAppTS] handling a callback at client app %s", r.URL.String())
+		if r.URL.Query().Has("code") {
+			token, err := clientAppOAuth2Config.Exchange(r.Context(), r.URL.Query().Get("code"))
+			require.NoError(t, err)
+			require.NotNil(t, token)
+			require.NotEqual(t, "", token.AccessToken)
+			oAuthSuccess = true
+			t.Log("[clientAppTS] successfully exchanged code for token")
+		} else {
+			t.Error("[clientAppTS] code query parameter is missing")
+		}
+	}))
+
+	identifier, pwd := x.NewUUID().String(), "password"
+
+	testRequireLogin := true
+
+	uiTS := testhelpers.NewHTTPTestServer(t, http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		t.Logf("[uiTS] handling %s", r.URL)
+		q := r.URL.Query()
+
+		if len(q) == 1 && !q.Has("flow") && q.Has("login_challenge") {
+			t.Log("[uiTS] initializing a new OpenID Provider flow")
+			hlc := r.URL.Query().Get("login_challenge")
+			f := testhelpers.InitializeLoginFlowViaBrowser(t, browserClient, kratosPublicTS, false, false, false, !testRequireLogin, testhelpers.InitFlowWithOAuth2LoginChallenge(hlc))
+			if testRequireLogin {
+				require.NotNil(t, f)
+
+				values := url.Values{"method": {"password"}, "identifier": {identifier}, "password": {pwd}, "csrf_token": {x.FakeCSRFToken}}.Encode()
+				_, res := testhelpers.LoginMakeRequest(t, false, false, f, browserClient, values)
+
+				assert.EqualValues(t, http.StatusOK, res.StatusCode)
+			} else {
+				require.Nil(t, f, "login flow should have been skipped and invalidated, but we successfully retrieved it")
+			}
+			return
+		}
+
+		if q.Has("consent_challenge") {
+			kratosUIHandleConsent(t, r, browserClient, hydraAdminClient, clientAppTS.URL)
+			return
+		}
+
+		if q.Has("flow") {
+			t.Log("[uiTS] no operaton; the flow should be completed by the handler that initialized it")
+			return
+		}
+
+		t.Errorf("[uiTS] unexpected query %#v", q)
+	}))
+
+	conf.MustSet(ctx, config.ViperKeySecretsDefault, []string{"not-a-secure-session-key"})
+	conf.MustSet(ctx, config.ViperKeySelfServiceErrorUI, errTS.URL+"/error-ts")
+	conf.MustSet(ctx, config.ViperKeySelfServiceLoginUI, uiTS.URL+"/login-ts")
+	conf.MustSet(ctx, config.ViperKeySelfServiceBrowserDefaultReturnTo, redirTS.URL+"/return-ts")
+
+	testhelpers.SetDefaultIdentitySchemaFromRaw(conf, loginSchema)
+	createIdentity(ctx, reg, t, identifier, pwd)
+
+	hydraAdmin, hydraPublic := newHydra(t, uiTS.URL, uiTS.URL)
+	conf.MustSet(ctx, config.ViperKeyOAuth2ProviderURL, hydraAdmin+"/admin")
+	hydraAdminClient = createHydraAdminApiClient(hydraAdmin + "/admin")
+	clientID := createOAuth2Client(t, ctx, hydraAdminClient, []string{clientAppTS.URL}, "profile email")
+
+	t.Run("should sign in the user without OAuth2", func(t *testing.T) {
+		f := testhelpers.InitializeLoginFlowViaBrowser(t, browserClient, kratosPublicTS, false, false, false, false)
+
+		values := url.Values{"method": {"password"}, "identifier": {identifier}, "password": {pwd}, "csrf_token": {x.FakeCSRFToken}}.Encode()
+
+		body, res := testhelpers.LoginMakeRequest(t, false, false, f, browserClient, values)
+
+		assert.EqualValues(t, http.StatusOK, res.StatusCode)
+		assert.Equal(t, identifier, gjson.Get(body, "identity.traits.subject").String(), "%s", body)
+	})
+
+	clientAppOAuth2Config = &oauth2.Config{
+		ClientID:     clientID,
+		ClientSecret: "client-secret",
+		Endpoint: oauth2.Endpoint{
+			AuthURL:   hydraPublic + "/oauth2/auth",
+			TokenURL:  hydraPublic + "/oauth2/token",
+			AuthStyle: oauth2.AuthStyleInParams,
+		},
+		Scopes:      []string{"profile", "email"},
+		RedirectURL: clientAppTS.URL,
+	}
+
+	conf.MustSet(ctx, config.ViperKeySessionPersistentCookie, false)
+	t.Run("should prompt the user for login and consent", func(t *testing.T) {
+		authCodeURL := makeAuthCodeURL(t, clientAppOAuth2Config, "", false)
+		res, err := browserClient.Get(authCodeURL)
+
+		require.NoError(t, err, authCodeURL)
+		body, err := io.ReadAll(res.Body)
+		require.NoError(t, res.Body.Close())
+		require.NoError(t, err)
+		require.Equal(t, "", string(body))
+		require.Equal(t, http.StatusOK, res.StatusCode)
+		require.True(t, oAuthSuccess)
+		oAuthSuccess = false
+	})
+
+	conf.MustSet(ctx, config.ViperKeySessionPersistentCookie, true)
+	t.Run("should prompt the user for login and consent again", func(t *testing.T) {
+		authCodeURL := makeAuthCodeURL(t, clientAppOAuth2Config, "", false)
+		res, err := browserClient.Get(authCodeURL)
+
+		require.NoError(t, err, authCodeURL)
+		body, err := io.ReadAll(res.Body)
+		require.NoError(t, res.Body.Close())
+		require.NoError(t, err)
+		require.Equal(t, "", string(body))
+		require.Equal(t, http.StatusOK, res.StatusCode)
+		require.True(t, oAuthSuccess)
+		oAuthSuccess = false
+	})
+
+	testRequireLogin = false
+	t.Run("should prompt the user for consent, but not for login", func(t *testing.T) {
+		authCodeURL := makeAuthCodeURL(t, clientAppOAuth2Config, "", false)
+		res, err := browserClient.Get(authCodeURL)
+
+		require.NoError(t, err, authCodeURL)
+		body, err := io.ReadAll(res.Body)
+		require.NoError(t, res.Body.Close())
+		require.NoError(t, err)
+		require.Equal(t, "", string(body))
+		require.Equal(t, http.StatusOK, res.StatusCode)
+		require.True(t, oAuthSuccess)
+		oAuthSuccess = false
+	})
+
+	reg.WithHydra(&AcceptWrongSubject{h: reg.Hydra().(*hydra.DefaultHydra)})
+	t.Run("should fail when Hydra session subject doesn't match the subject authenticated by Kratos", func(t *testing.T) {
+		authCodeURL := makeAuthCodeURL(t, clientAppOAuth2Config, "", false)
+		res, err := browserClient.Get(authCodeURL)
+
+		require.NoError(t, err, authCodeURL)
+		body, err := io.ReadAll(res.Body)
+		require.NoError(t, res.Body.Close())
+		require.NoError(t, err)
+		require.Equal(t, "", string(body))
+		require.Equal(t, http.StatusOK, res.StatusCode)
+		require.False(t, oAuthSuccess)
+		oAuthSuccess = false
+	})
+}
+
+var _ hydra.Hydra = &AcceptWrongSubject{}
+
+type AcceptWrongSubject struct {
+	h *hydra.DefaultHydra
+}
+
+func (h *AcceptWrongSubject) AcceptLoginRequest(ctx context.Context, hlc uuid.UUID, sub string, amr session.AuthenticationMethods) (string, error) {
+	hackerman := uuid.Must(uuid.NewV4())
+	return h.h.AcceptLoginRequest(ctx, hlc, hackerman.String(), amr)
+}
+
+func (h *AcceptWrongSubject) GetLoginRequest(ctx context.Context, hlc uuid.NullUUID) (*hydraclientgo.LoginRequest, error) {
+	return h.h.GetLoginRequest(ctx, hlc)
+}
diff --git a/selfservice/strategy/password/op_registration_test.go b/selfservice/strategy/password/op_registration_test.go
new file mode 100644
index 000000000000..8868c6df18a2
--- /dev/null
+++ b/selfservice/strategy/password/op_registration_test.go
@@ -0,0 +1,276 @@
+package password_test
+
+import (
+	"context"
+	_ "embed"
+	"fmt"
+	"io"
+	"net/http"
+	"net/http/httptest"
+	"testing"
+
+	"golang.org/x/oauth2"
+
+	hydraclientgo "github.com/ory/hydra-client-go"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+
+	"github.com/ory/kratos/driver/config"
+	"github.com/ory/kratos/identity"
+	"github.com/ory/kratos/internal"
+	"github.com/ory/kratos/internal/testhelpers"
+	"github.com/ory/kratos/x"
+)
+
+type clientAppConfig struct {
+	client      *oauth2.Config
+	expectToken bool
+	state       clientAppState
+}
+
+type clientAppState struct {
+	visits int64
+	tokens int64
+}
+
+type kratosUIConfig struct {
+	expectLoginScreen bool
+	identifier        string
+	password          string
+	browserClient     *http.Client
+	kratosPublicTS    *httptest.Server
+	clientAppTS       *httptest.Server
+	hydraAdminClient  hydraclientgo.AdminApi
+}
+
+func newClientAppTS(t *testing.T, c *clientAppConfig) *httptest.Server {
+	return testhelpers.NewHTTPTestServer(t, http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		c.state.visits += 1
+		t.Logf("[clientAppTS] handling a callback at client app %s", r.URL.String())
+		if r.URL.Query().Has("code") {
+			token, err := c.client.Exchange(r.Context(), r.URL.Query().Get("code"))
+			require.NoError(t, err)
+			require.NotNil(t, token)
+			require.NotEqual(t, "", token.AccessToken)
+			require.True(t, c.expectToken)
+			c.state.tokens += 1
+			t.Log("[clientAppTS] successfully exchanged code for token")
+		} else {
+			t.Error("[clientAppTS] code query parameter is missing")
+			require.False(t, c.expectToken)
+		}
+	}))
+}
+
+func kratosUIHandleConsent(t *testing.T, req *http.Request, client *http.Client, haa hydraclientgo.AdminApi, clientAppURL string) {
+	q := req.URL.Query()
+	cr, resp, err := haa.GetConsentRequest(req.Context()).ConsentChallenge(q.Get("consent_challenge")).Execute()
+	require.NoError(t, err)
+	require.Equal(t, http.StatusOK, resp.StatusCode)
+	require.ElementsMatch(t, cr.RequestedScope, []string{"profile", "email"})
+
+	remember := true
+	completedAcceptRequest, resp, err := haa.AcceptConsentRequest(context.Background()).AcceptConsentRequest(hydraclientgo.AcceptConsentRequest{
+		Remember: &remember,
+	}).ConsentChallenge(q.Get("consent_challenge")).Execute()
+
+	require.NoError(t, err)
+	require.Equal(t, http.StatusOK, resp.StatusCode)
+	require.NotNil(t, completedAcceptRequest)
+
+	t.Logf("[uiTS] navigating to %s", completedAcceptRequest.RedirectTo)
+	resp, err = client.Get(completedAcceptRequest.RedirectTo)
+	require.NoError(t, err)
+	require.Equal(t, clientAppURL, fmt.Sprintf("%s://%s", resp.Request.URL.Scheme, resp.Request.URL.Host))
+	require.True(t, resp.Request.URL.Query().Has("code"))
+}
+
+func newKratosUITS(t *testing.T, c *kratosUIConfig) *httptest.Server {
+	return testhelpers.NewHTTPTestServer(t, http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		t.Logf("[uiTS] handling %s", r.URL)
+		q := r.URL.Query()
+
+		if len(q) == 1 && !q.Has("flow") && q.Has("login_challenge") {
+			t.Log("[uiTS] initializing a new OpenID Provider flow")
+			hlc := r.URL.Query().Get("login_challenge")
+			f := testhelpers.InitializeRegistrationFlowViaBrowser(t, c.browserClient, c.kratosPublicTS, false, false, !c.expectLoginScreen, testhelpers.InitFlowWithOAuth2LoginChallenge(hlc))
+			if c.expectLoginScreen {
+				require.NotNil(t, f)
+
+				values := testhelpers.SDKFormFieldsToURLValues(f.Ui.Nodes)
+				values.Set("traits.foobar", c.identifier)
+				values.Set("traits.username", c.identifier)
+				values.Set("password", c.password)
+
+				_, res := testhelpers.RegistrationMakeRequest(t, false, false, f, c.browserClient, values.Encode())
+
+				assert.EqualValues(t, http.StatusOK, res.StatusCode)
+			} else {
+				require.Nil(t, f, "registration flow should have been skipped and invalidated, but we successfully retrieved it")
+			}
+			return
+		}
+
+		if q.Has("consent_challenge") {
+			kratosUIHandleConsent(t, r, c.browserClient, c.hydraAdminClient, c.clientAppTS.URL)
+			return
+		}
+
+		if q.Has("flow") {
+			t.Log("[uiTS] no operaton; the flow should be completed by the handler that initialized it")
+			return
+		}
+
+		t.Errorf("[uiTS] unexpected query %#v", q)
+	}))
+}
+
+func TestOAuth2ProviderRegistration(t *testing.T) {
+	ctx := context.Background()
+	conf, reg := internal.NewFastRegistryWithMocks(t)
+	kratosPublicTS, _ := testhelpers.NewKratosServerWithRouters(t, reg, x.NewRouterPublic(), x.NewRouterAdmin())
+	errTS := testhelpers.NewErrorTestServer(t, reg)
+	redirTS := testhelpers.NewRedirSessionEchoTS(t, reg)
+
+	var hydraAdminClient hydraclientgo.AdminApi
+
+	cac := &clientAppConfig{}
+	clientAppTS := newClientAppTS(t, cac)
+
+	kuc := &kratosUIConfig{}
+	kratosUITS := newKratosUITS(t, kuc)
+
+	hydraAdmin, hydraPublic := newHydra(t, kratosUITS.URL, kratosUITS.URL)
+
+	hydraAdminClient = createHydraAdminApiClient(hydraAdmin + "/admin")
+	clientID := createOAuth2Client(t, ctx, hydraAdminClient, []string{clientAppTS.URL}, "profile email")
+
+	defaultClient := &oauth2.Config{
+		ClientID:     clientID,
+		ClientSecret: "client-secret",
+		Endpoint: oauth2.Endpoint{
+			AuthURL:   hydraPublic + "/oauth2/auth",
+			TokenURL:  hydraPublic + "/oauth2/token",
+			AuthStyle: oauth2.AuthStyleInParams,
+		},
+		Scopes:      []string{"profile", "email"},
+		RedirectURL: clientAppTS.URL,
+	}
+
+	conf.MustSet(ctx, config.ViperKeyOAuth2ProviderURL, hydraAdmin+"/admin")
+	conf.MustSet(ctx, config.ViperKeySelfServiceErrorUI, errTS.URL+"/error-ts")
+	conf.MustSet(ctx, config.ViperKeySelfServiceLoginUI, kratosUITS.URL+"/login-ts")
+	conf.MustSet(ctx, config.ViperKeySelfServiceRegistrationUI, kratosUITS.URL+"/login-ts")
+	conf.MustSet(ctx, config.ViperKeySelfServiceBrowserDefaultReturnTo, redirTS.URL+"/return-ts")
+	conf.MustSet(ctx, config.ViperKeySelfServiceRegistrationAfter+"."+config.DefaultBrowserReturnURL, redirTS.URL+"/registration-return-ts")
+	conf.MustSet(ctx, config.ViperKeySelfServiceStrategyConfig+"."+string(identity.CredentialsTypePassword), map[string]interface{}{"enabled": true})
+	conf.MustSet(ctx, config.ViperKeySecretsDefault, []string{"not-a-secure-session-key"})
+	conf.MustSet(ctx, config.HookStrategyKey(config.ViperKeySelfServiceRegistrationAfter, identity.CredentialsTypePassword.String()), []config.SelfServiceHook{{Name: "session"}})
+	testhelpers.SetDefaultIdentitySchema(conf, "file://./stub/registration.schema.json")
+
+	sharedBrowserClient := testhelpers.NewClientWithCookieJar(t, nil, true)
+
+	type state struct {
+		cas clientAppState
+	}
+	for _, tc := range []struct {
+		name      string
+		configure func(c *config.Config)
+		cac       clientAppConfig
+		kuc       kratosUIConfig
+		expected  state
+	}{
+		{
+			name: "should prompt the user for login and consent",
+			configure: func(c *config.Config) {
+				c.MustSet(ctx, config.ViperKeySessionPersistentCookie, false)
+			},
+			cac: clientAppConfig{
+				client:      defaultClient,
+				expectToken: true,
+			},
+			kuc: kratosUIConfig{
+				expectLoginScreen: true,
+				identifier:        x.NewUUID().String(),
+				password:          x.NewUUID().String(),
+				browserClient:     sharedBrowserClient,
+				kratosPublicTS:    kratosPublicTS,
+				clientAppTS:       clientAppTS,
+				hydraAdminClient:  hydraAdminClient,
+			},
+			expected: state{
+				cas: clientAppState{
+					visits: 1,
+					tokens: 1,
+				},
+			},
+		},
+		{
+			name: "should prompt the user for login and consent again",
+			configure: func(c *config.Config) {
+				c.MustSet(ctx, config.ViperKeySessionPersistentCookie, true)
+			},
+			cac: clientAppConfig{
+				client:      defaultClient,
+				expectToken: true,
+			},
+			kuc: kratosUIConfig{
+				expectLoginScreen: true,
+				identifier:        x.NewUUID().String(),
+				password:          x.NewUUID().String(),
+				browserClient:     sharedBrowserClient,
+				kratosPublicTS:    kratosPublicTS,
+				clientAppTS:       clientAppTS,
+				hydraAdminClient:  hydraAdminClient,
+			},
+			expected: state{
+				cas: clientAppState{
+					visits: 1,
+					tokens: 1,
+				},
+			},
+		},
+		{
+			name: "should fail because the persistent Hydra session doesn't match the new Kratos session subject",
+			configure: func(c *config.Config) {
+			},
+			cac: clientAppConfig{
+				client:      defaultClient,
+				expectToken: false,
+			},
+			kuc: kratosUIConfig{
+				expectLoginScreen: true,
+				identifier:        x.NewUUID().String(),
+				password:          x.NewUUID().String(),
+				browserClient:     sharedBrowserClient,
+				kratosPublicTS:    kratosPublicTS,
+				clientAppTS:       clientAppTS,
+				hydraAdminClient:  hydraAdminClient,
+			},
+			expected: state{
+				cas: clientAppState{
+					visits: 0,
+					tokens: 0,
+				},
+			},
+		},
+	} {
+		t.Run(tc.name, func(t *testing.T) {
+			*cac = tc.cac
+			*kuc = tc.kuc
+			tc.configure(conf)
+
+			authCodeURL := makeAuthCodeURL(t, cac.client, "", false)
+			res, err := tc.kuc.browserClient.Get(authCodeURL)
+
+			require.NoError(t, err)
+			body, err := io.ReadAll(res.Body)
+			require.NoError(t, res.Body.Close())
+			require.NoError(t, err)
+			require.Equal(t, "", string(body))
+			require.Equal(t, http.StatusOK, res.StatusCode)
+			require.EqualValues(t, tc.expected.cas, cac.state)
+		})
+	}
+}
diff --git a/selfservice/strategy/password/registration_test.go b/selfservice/strategy/password/registration_test.go
index 2a4060a02850..50e11e6a6cf1 100644
--- a/selfservice/strategy/password/registration_test.go
+++ b/selfservice/strategy/password/registration_test.go
@@ -333,7 +333,7 @@ func TestRegistration(t *testing.T) {
 
 			t.Run("type=spa", func(t *testing.T) {
 				browserClient := testhelpers.NewClientWithCookies(t)
-				f := testhelpers.InitializeRegistrationFlowViaBrowser(t, browserClient, publicTS, true)
+				f := testhelpers.InitializeRegistrationFlowViaBrowser(t, browserClient, publicTS, true, false, false)
 				c := f.Ui
 
 				actual, _ := testhelpers.RegistrationMakeRequest(t, false, true, f, browserClient, testhelpers.EncodeFormAsJSON(t, false, valuesFirst(testhelpers.SDKFormFieldsToURLValues(c.Nodes))))
@@ -344,7 +344,7 @@ func TestRegistration(t *testing.T) {
 
 			t.Run("type=browser", func(t *testing.T) {
 				browserClient := testhelpers.NewClientWithCookies(t)
-				f := testhelpers.InitializeRegistrationFlowViaBrowser(t, browserClient, publicTS, false)
+				f := testhelpers.InitializeRegistrationFlowViaBrowser(t, browserClient, publicTS, false, false, false)
 				c := f.Ui
 
 				actual, _ := testhelpers.RegistrationMakeRequest(t, false, false, f, browserClient, valuesFirst(testhelpers.SDKFormFieldsToURLValues(c.Nodes)).Encode())
@@ -413,7 +413,7 @@ func TestRegistration(t *testing.T) {
 
 			hc := testhelpers.NewClientWithCookies(t)
 			hc.Transport = testhelpers.NewTransportWithLogger(hc.Transport, t)
-			payload := testhelpers.InitializeRegistrationFlowViaBrowser(t, hc, publicTS, false)
+			payload := testhelpers.InitializeRegistrationFlowViaBrowser(t, hc, publicTS, false, false, false)
 			values := testhelpers.SDKFormFieldsToURLValues(payload.Ui.Nodes)
 			time.Sleep(time.Millisecond) // add a bit of delay to allow `1ns` to time out.
 
@@ -481,7 +481,7 @@ func TestRegistration(t *testing.T) {
 		_ = testhelpers.NewRegistrationUIFlowEchoServer(t, reg)
 
 		browserClient := testhelpers.NewClientWithCookies(t)
-		f := testhelpers.InitializeRegistrationFlowViaBrowser(t, browserClient, publicTS, false)
+		f := testhelpers.InitializeRegistrationFlowViaBrowser(t, browserClient, publicTS, false, false, false)
 
 		assertx.EqualAsJSON(t, container.Container{
 			Action: conf.SelfPublicURL(ctx).String() + registration.RouteSubmitFlow + "?flow=" + f.Id,
diff --git a/selfservice/strategy/totp/login_test.go b/selfservice/strategy/totp/login_test.go
index ab3310cc2552..d180d92b39c9 100644
--- a/selfservice/strategy/totp/login_test.go
+++ b/selfservice/strategy/totp/login_test.go
@@ -133,7 +133,7 @@ func TestCompleteLogin(t *testing.T) {
 
 		t.Run("type=browser", func(t *testing.T) {
 			browserClient := testhelpers.NewHTTPClientWithIdentitySessionCookie(t, reg, id)
-			f := testhelpers.InitializeLoginFlowViaBrowser(t, browserClient, publicTS, false, false, testhelpers.InitFlowWithAAL(identity.AuthenticatorAssuranceLevel2))
+			f := testhelpers.InitializeLoginFlowViaBrowser(t, browserClient, publicTS, false, false, false, false, testhelpers.InitFlowWithAAL(identity.AuthenticatorAssuranceLevel2))
 
 			body, res := testhelpers.LoginMakeRequest(t, false, false, f, browserClient, "14=)=!(%)$/ZP()GHIÖ")
 			assert.Contains(t, res.Request.URL.String(), uiTS.URL+"/login-ts")
@@ -143,7 +143,7 @@ func TestCompleteLogin(t *testing.T) {
 
 		t.Run("type=spa", func(t *testing.T) {
 			browserClient := testhelpers.NewHTTPClientWithIdentitySessionCookie(t, reg, id)
-			f := testhelpers.InitializeLoginFlowViaBrowser(t, browserClient, publicTS, false, true, testhelpers.InitFlowWithAAL(identity.AuthenticatorAssuranceLevel2))
+			f := testhelpers.InitializeLoginFlowViaBrowser(t, browserClient, publicTS, false, true, false, false, testhelpers.InitFlowWithAAL(identity.AuthenticatorAssuranceLevel2))
 
 			body, res := testhelpers.LoginMakeRequest(t, false, true, f, browserClient, "14=)=!(%)$/ZP()GHIÖ")
 			assert.Contains(t, res.Request.URL.String(), publicTS.URL+login.RouteSubmitFlow)
@@ -170,7 +170,7 @@ func TestCompleteLogin(t *testing.T) {
 			opts = append(opts, testhelpers.InitFlowWithReturnTo(returnTo))
 		}
 
-		f := testhelpers.InitializeLoginFlowViaBrowser(t, browserClient, publicTS, false, spa, opts...)
+		f := testhelpers.InitializeLoginFlowViaBrowser(t, browserClient, publicTS, false, spa, false, false, opts...)
 		values := testhelpers.SDKFormFieldsToURLValues(f.Ui.Nodes)
 		values.Set("method", "totp")
 		v(values)
@@ -411,7 +411,7 @@ func TestCompleteLogin(t *testing.T) {
 		t.Run("type=browser", func(t *testing.T) {
 			returnTo := "https://www.ory.sh"
 			browserClient := testhelpers.NewClientWithCookies(t)
-			f := testhelpers.InitializeLoginFlowViaBrowser(t, browserClient, publicTS, false, false, testhelpers.InitFlowWithReturnTo(returnTo))
+			f := testhelpers.InitializeLoginFlowViaBrowser(t, browserClient, publicTS, false, false, false, false, testhelpers.InitFlowWithReturnTo(returnTo))
 
 			cred, ok := id.GetCredentials(identity.CredentialsTypePassword)
 			require.True(t, ok)
diff --git a/selfservice/strategy/webauthn/.snapshots/TestCompleteLogin-flow=passwordless-case=should_fail_if_webauthn_login_is_invalid-type=browser.json b/selfservice/strategy/webauthn/.snapshots/TestCompleteLogin-flow=passwordless-case=should_fail_if_webauthn_login_is_invalid-type=browser.json
index 4ec85e234b85..025c09e3c50c 100644
--- a/selfservice/strategy/webauthn/.snapshots/TestCompleteLogin-flow=passwordless-case=should_fail_if_webauthn_login_is_invalid-type=browser.json
+++ b/selfservice/strategy/webauthn/.snapshots/TestCompleteLogin-flow=passwordless-case=should_fail_if_webauthn_login_is_invalid-type=browser.json
@@ -1,4 +1,5 @@
 {
+  "oauth2_login_challenge": null,
   "type": "browser",
   "ui": {
     "method": "POST",
diff --git a/selfservice/strategy/webauthn/.snapshots/TestCompleteLogin-flow=passwordless-case=should_fail_if_webauthn_login_is_invalid-type=spa.json b/selfservice/strategy/webauthn/.snapshots/TestCompleteLogin-flow=passwordless-case=should_fail_if_webauthn_login_is_invalid-type=spa.json
index 4ec85e234b85..025c09e3c50c 100644
--- a/selfservice/strategy/webauthn/.snapshots/TestCompleteLogin-flow=passwordless-case=should_fail_if_webauthn_login_is_invalid-type=spa.json
+++ b/selfservice/strategy/webauthn/.snapshots/TestCompleteLogin-flow=passwordless-case=should_fail_if_webauthn_login_is_invalid-type=spa.json
@@ -1,4 +1,5 @@
 {
+  "oauth2_login_challenge": null,
   "type": "browser",
   "ui": {
     "method": "POST",
diff --git a/selfservice/strategy/webauthn/login_test.go b/selfservice/strategy/webauthn/login_test.go
index 016e861226d7..736d0692af77 100644
--- a/selfservice/strategy/webauthn/login_test.go
+++ b/selfservice/strategy/webauthn/login_test.go
@@ -105,7 +105,7 @@ func TestCompleteLogin(t *testing.T) {
 	}
 
 	doBrowserFlow := func(t *testing.T, spa bool, v func(url.Values), browserClient *http.Client, opts ...testhelpers.InitFlowWithOption) (string, *http.Response) {
-		f := testhelpers.InitializeLoginFlowViaBrowser(t, browserClient, publicTS, false, spa, opts...)
+		f := testhelpers.InitializeLoginFlowViaBrowser(t, browserClient, publicTS, false, spa, false, false, opts...)
 		values := testhelpers.SDKFormFieldsToURLValues(f.Ui.Nodes)
 		v(values)
 		return testhelpers.LoginMakeRequest(t, false, spa, f, browserClient, values.Encode())
@@ -145,7 +145,7 @@ func TestCompleteLogin(t *testing.T) {
 	}
 
 	submitWebAuthnLoginWithClient := func(t *testing.T, isSPA bool, id *identity.Identity, contextFixture []byte, client *http.Client, cb func(values url.Values), opts ...testhelpers.InitFlowWithOption) (string, *http.Response, *kratos.SelfServiceLoginFlow) {
-		f := testhelpers.InitializeLoginFlowViaBrowser(t, client, publicTS, false, isSPA, opts...)
+		f := testhelpers.InitializeLoginFlowViaBrowser(t, client, publicTS, false, isSPA, false, false, opts...)
 		return submitWebAuthnLoginFlowWithClient(t, isSPA, f, contextFixture, client, cb)
 	}
 
@@ -263,7 +263,7 @@ func TestCompleteLogin(t *testing.T) {
 							id := identity.NewIdentity("")
 							client := testhelpers.NewHTTPClientWithIdentitySessionCookie(t, reg, id)
 
-							f := testhelpers.InitializeLoginFlowViaBrowser(t, client, publicTS, true, f == "spa")
+							f := testhelpers.InitializeLoginFlowViaBrowser(t, client, publicTS, true, f == "spa", false, false)
 							snapshotx.SnapshotTExcept(t, f.Ui.Nodes, []string{
 								"0.attributes.value",
 							})
@@ -286,7 +286,7 @@ func TestCompleteLogin(t *testing.T) {
 
 		t.Run("case=webauthn button exists", func(t *testing.T) {
 			client := testhelpers.NewClientWithCookies(t)
-			f := testhelpers.InitializeLoginFlowViaBrowser(t, client, publicTS, false, true)
+			f := testhelpers.InitializeLoginFlowViaBrowser(t, client, publicTS, false, true, false, false)
 			testhelpers.SnapshotTExcept(t, f.Ui.Nodes, []string{"0.attributes.value"})
 		})
 
@@ -369,7 +369,7 @@ func TestCompleteLogin(t *testing.T) {
 			_, subject := createIdentityAndReturnIdentifier(t, reg, []byte(`{"credentials":[{"id":"Zm9vZm9v","display_name":"foo","is_passwordless":true}]}`))
 
 			doBrowserFlow := func(t *testing.T, spa bool, browserClient *http.Client, opts ...testhelpers.InitFlowWithOption) {
-				f := testhelpers.InitializeLoginFlowViaBrowser(t, browserClient, publicTS, false, spa, opts...)
+				f := testhelpers.InitializeLoginFlowViaBrowser(t, browserClient, publicTS, false, spa, false, false, opts...)
 				values := testhelpers.SDKFormFieldsToURLValues(f.Ui.Nodes)
 
 				values.Set("method", identity.CredentialsTypeWebAuthn.String())
@@ -414,6 +414,7 @@ func TestCompleteLogin(t *testing.T) {
 
 		t.Run("case=succeeds with passwordless login", func(t *testing.T) {
 			run := func(t *testing.T, spa bool) {
+				conf.MustSet(ctx, config.ViperKeySessionWhoAmIAAL, "aal1")
 				// We load our identity which we will use to replay the webauth session
 				id := createIdentityWithWebAuthn(t, identity.Credentials{
 					Config:  loginFixtureSuccessV1PasswordlessCredentials,
@@ -459,7 +460,7 @@ func TestCompleteLogin(t *testing.T) {
 			id := createIdentity(t, reg)
 
 			apiClient := testhelpers.NewHTTPClientWithIdentitySessionToken(t, reg, id)
-			f := testhelpers.InitializeLoginFlowViaBrowser(t, apiClient, publicTS, false, true, testhelpers.InitFlowWithAAL(identity.AuthenticatorAssuranceLevel2))
+			f := testhelpers.InitializeLoginFlowViaBrowser(t, apiClient, publicTS, false, true, false, false, testhelpers.InitFlowWithAAL(identity.AuthenticatorAssuranceLevel2))
 			assert.Equal(t, gjson.GetBytes(id.Traits, "subject").String(), f.Ui.Nodes[1].Attributes.UiNodeInputAttributes.Value, jsonx.TestMarshalJSONString(t, f.Ui))
 			testhelpers.SnapshotTExcept(t, f.Ui.Nodes, []string{
 				"0.attributes.value",
@@ -475,7 +476,7 @@ func TestCompleteLogin(t *testing.T) {
 		t.Run("case=webauthn payload is not set when identity has no webauthn", func(t *testing.T) {
 			id := createIdentityWithoutWebAuthn(t, reg)
 			apiClient := testhelpers.NewHTTPClientWithIdentitySessionCookie(t, reg, id)
-			f := testhelpers.InitializeLoginFlowViaBrowser(t, apiClient, publicTS, false, true, testhelpers.InitFlowWithAAL(identity.AuthenticatorAssuranceLevel2))
+			f := testhelpers.InitializeLoginFlowViaBrowser(t, apiClient, publicTS, false, true, false, false, testhelpers.InitFlowWithAAL(identity.AuthenticatorAssuranceLevel2))
 
 			testhelpers.SnapshotTExcept(t, f.Ui.Nodes, []string{
 				"0.attributes.value",
diff --git a/selfservice/strategy/webauthn/registration_test.go b/selfservice/strategy/webauthn/registration_test.go
index 6a675cad0413..701ac3bf74bf 100644
--- a/selfservice/strategy/webauthn/registration_test.go
+++ b/selfservice/strategy/webauthn/registration_test.go
@@ -122,7 +122,7 @@ func TestRegistration(t *testing.T) {
 		for _, f := range flows {
 			t.Run(f, func(t *testing.T) {
 				client := testhelpers.NewClientWithCookies(t)
-				f := testhelpers.InitializeRegistrationFlowViaBrowser(t, client, publicTS, flowToIsSPA(f))
+				f := testhelpers.InitializeRegistrationFlowViaBrowser(t, client, publicTS, flowToIsSPA(f), false, false)
 				testhelpers.SnapshotTExcept(t, f.Ui.Nodes, []string{
 					"0.attributes.value",
 				})
@@ -134,7 +134,7 @@ func TestRegistration(t *testing.T) {
 		for _, f := range flows {
 			t.Run(f, func(t *testing.T) {
 				client := testhelpers.NewClientWithCookies(t)
-				f := testhelpers.InitializeRegistrationFlowViaBrowser(t, client, publicTS, flowToIsSPA(f))
+				f := testhelpers.InitializeRegistrationFlowViaBrowser(t, client, publicTS, flowToIsSPA(f), false, false)
 				testhelpers.SnapshotTExcept(t, f.Ui.Nodes, []string{
 					"2.attributes.value",
 					"5.attributes.onclick",
@@ -192,7 +192,7 @@ func TestRegistration(t *testing.T) {
 
 	submitWebAuthnRegistrationWithClient := func(t *testing.T, flow string, contextFixture []byte, client *http.Client, cb func(values url.Values), opts ...testhelpers.InitFlowWithOption) (string, *http.Response, *kratos.SelfServiceRegistrationFlow) {
 		isSPA := flow == "spa"
-		f := testhelpers.InitializeRegistrationFlowViaBrowser(t, client, publicTS, isSPA, opts...)
+		f := testhelpers.InitializeRegistrationFlowViaBrowser(t, client, publicTS, isSPA, false, false, opts...)
 
 		// We inject the session to replay
 		interim, err := reg.RegistrationFlowPersister().GetRegistrationFlow(context.Background(), uuid.FromStringOrNil(f.Id))
diff --git a/session/manager.go b/session/manager.go
index 9efe12b2ffba..52df844618d8 100644
--- a/session/manager.go
+++ b/session/manager.go
@@ -50,22 +50,28 @@ func (e *ErrAALNotSatisfied) EnhanceJSONError() interface{} {
 	return e
 }
 
-func (e *ErrAALNotSatisfied) PassReturnToParameter(requestURL string) error {
+func (e *ErrAALNotSatisfied) PassReturnToAndLoginChallengeParameters(requestURL string) error {
 	req, err := url.Parse(requestURL)
 	if err != nil {
 		return err
 	}
-	returnTo := req.Query().Get("return_to")
-	if len(returnTo) == 0 {
-		return nil
-	}
 
 	u, err := url.Parse(e.RedirectTo)
 	if err != nil {
 		return err
 	}
 	q := u.Query()
-	q.Set("return_to", returnTo)
+
+	hlc := req.Query().Get("login_challenge")
+	if len(hlc) != 0 {
+		q.Set("login_challenge", hlc)
+	}
+
+	returnTo := req.Query().Get("return_to")
+	if len(returnTo) != 0 {
+		q.Set("return_to", returnTo)
+	}
+
 	u.RawQuery = q.Encode()
 	e.RedirectTo = u.String()
 
diff --git a/session/manager_test.go b/session/manager_test.go
index 8aeb89a2fbb0..be14131a313e 100644
--- a/session/manager_test.go
+++ b/session/manager_test.go
@@ -11,7 +11,7 @@ import (
 	"github.com/ory/kratos/session"
 )
 
-func TestErrAALNotSatisfied_PassReturnToParameter(t *testing.T) {
+func TestErrAALNotSatisfied_PassReturnToAndLoginChallengeParameters(t *testing.T) {
 	cases := []struct {
 		name       string
 		instance   *session.ErrAALNotSatisfied
@@ -39,6 +39,26 @@ func TestErrAALNotSatisfied_PassReturnToParameter(t *testing.T) {
 			wantErr:    assert.NoError,
 			expected:   "https://localhost/?foo=bar&return_to=https%3A%2F%2Fory.sh",
 		},
+		{
+			name: "pass login_challenge parameter",
+			instance: &session.ErrAALNotSatisfied{
+				DefaultError: &herodot.DefaultError{},
+				RedirectTo:   "https://localhost/?foo=bar",
+			},
+			requestURL: "https://localhost:1234/?login_challenge=badee1",
+			wantErr:    assert.NoError,
+			expected:   "https://localhost/?foo=bar&login_challenge=badee1",
+		},
+		{
+			name: "pass login_challenge and return_to parameters",
+			instance: &session.ErrAALNotSatisfied{
+				DefaultError: &herodot.DefaultError{},
+				RedirectTo:   "https://localhost/?foo=bar",
+			},
+			requestURL: "https://localhost:1234/?return_to=https%3A%2F%2Fory.sh&login_challenge=badee1",
+			wantErr:    assert.NoError,
+			expected:   "https://localhost/?foo=bar&login_challenge=badee1&return_to=https%3A%2F%2Fory.sh",
+		},
 		{
 			name: "invalid RedirectTo URL",
 			instance: &session.ErrAALNotSatisfied{
@@ -60,7 +80,7 @@ func TestErrAALNotSatisfied_PassReturnToParameter(t *testing.T) {
 	}
 	for _, tc := range cases {
 		t.Run(fmt.Sprintf("case=%s", tc.name), func(t *testing.T) {
-			err := tc.instance.PassReturnToParameter(tc.requestURL)
+			err := tc.instance.PassReturnToAndLoginChallengeParameters(tc.requestURL)
 
 			tc.wantErr(t, err)
 			if err == nil {
diff --git a/spec/api.json b/spec/api.json
index ced7ae677767..779e1c754127 100755
--- a/spec/api.json
+++ b/spec/api.json
@@ -49,6 +49,270 @@
         "title": "JSONRawMessage represents a json.RawMessage that works well with JSON, SQL, and Swagger.",
         "type": "object"
       },
+      "LoginRequest": {
+        "description": "LoginRequest struct for LoginRequest",
+        "properties": {
+          "challenge": {
+            "description": "ID is the identifier (\\\"login challenge\\\") of the login request. It is used to identify the session.",
+            "type": "string"
+          },
+          "client": {
+            "$ref": "#/components/schemas/OAuth2Client"
+          },
+          "oidc_context": {
+            "$ref": "#/components/schemas/OpenIDConnectContext"
+          },
+          "request_url": {
+            "description": "RequestURL is the original OAuth 2.0 Authorization URL requested by the OAuth 2.0 client. It is the URL which initiates the OAuth 2.0 Authorization Code or OAuth 2.0 Implicit flow. This URL is typically not needed, but might come in handy if you want to deal with additional request parameters.",
+            "type": "string"
+          },
+          "requested_access_token_audience": {
+            "items": {
+              "type": "string"
+            },
+            "type": "array"
+          },
+          "requested_scope": {
+            "items": {
+              "type": "string"
+            },
+            "type": "array"
+          },
+          "session_id": {
+            "description": "SessionID is the login session ID. If the user-agent reuses a login session (via cookie / remember flag) this ID will remain the same. If the user-agent did not have an existing authentication session (e.g. remember is false) this will be a new random value. This value is used as the \\\"sid\\\" parameter in the ID Token and in OIDC Front-/Back- channel logout. It's value can generally be used to associate consecutive login requests by a certain user.",
+            "type": "string"
+          },
+          "skip": {
+            "description": "Skip, if true, implies that the client has requested the same scopes from the same user previously. If true, you can skip asking the user to grant the requested scopes, and simply forward the user to the redirect URL.  This feature allows you to update / set session information.",
+            "type": "boolean"
+          },
+          "subject": {
+            "description": "Subject is the user ID of the end-user that authenticated. Now, that end user needs to grant or deny the scope requested by the OAuth 2.0 client. If this value is set and `skip` is true, you MUST include this subject type when accepting the login request, or the request will fail.",
+            "type": "string"
+          }
+        },
+        "type": "object"
+      },
+      "NullBool": {
+        "nullable": true,
+        "type": "boolean"
+      },
+      "NullInt": {
+        "nullable": true,
+        "type": "integer"
+      },
+      "NullString": {
+        "nullable": true,
+        "type": "string"
+      },
+      "NullTime": {
+        "format": "date-time",
+        "nullable": true,
+        "type": "string"
+      },
+      "NullUUID": {
+        "format": "uuid4",
+        "nullable": true,
+        "type": "string"
+      },
+      "OAuth2Client": {
+        "description": "OAuth2Client struct for OAuth2Client",
+        "properties": {
+          "allowed_cors_origins": {
+            "items": {
+              "type": "string"
+            },
+            "type": "array"
+          },
+          "audience": {
+            "items": {
+              "type": "string"
+            },
+            "type": "array"
+          },
+          "backchannel_logout_session_required": {
+            "description": "Boolean value specifying whether the RP requires that a sid (session ID) Claim be included in the Logout Token to identify the RP session with the OP when the backchannel_logout_uri is used. If omitted, the default value is false.",
+            "type": "boolean"
+          },
+          "backchannel_logout_uri": {
+            "description": "RP URL that will cause the RP to log itself out when sent a Logout Token by the OP.",
+            "type": "string"
+          },
+          "client_id": {
+            "description": "ID  is the id for this client.",
+            "type": "string"
+          },
+          "client_name": {
+            "description": "Name is the human-readable string name of the client to be presented to the end-user during authorization.",
+            "type": "string"
+          },
+          "client_secret": {
+            "description": "Secret is the client's secret. The secret will be included in the create request as cleartext, and then never again. The secret is stored using BCrypt so it is impossible to recover it. Tell your users that they need to write the secret down as it will not be made available again.",
+            "type": "string"
+          },
+          "client_secret_expires_at": {
+            "description": "SecretExpiresAt is an integer holding the time at which the client secret will expire or 0 if it will not expire. The time is represented as the number of seconds from 1970-01-01T00:00:00Z as measured in UTC until the date/time of expiration.  This feature is currently not supported and it's value will always be set to 0.",
+            "format": "int64",
+            "type": "integer"
+          },
+          "client_uri": {
+            "description": "ClientURI is an URL string of a web page providing information about the client. If present, the server SHOULD display this URL to the end-user in a clickable fashion.",
+            "type": "string"
+          },
+          "contacts": {
+            "items": {
+              "type": "string"
+            },
+            "type": "array"
+          },
+          "created_at": {
+            "description": "CreatedAt returns the timestamp of the client's creation.",
+            "format": "date-time",
+            "type": "string"
+          },
+          "frontchannel_logout_session_required": {
+            "description": "Boolean value specifying whether the RP requires that iss (issuer) and sid (session ID) query parameters be included to identify the RP session with the OP when the frontchannel_logout_uri is used. If omitted, the default value is false.",
+            "type": "boolean"
+          },
+          "frontchannel_logout_uri": {
+            "description": "RP URL that will cause the RP to log itself out when rendered in an iframe by the OP. An iss (issuer) query parameter and a sid (session ID) query parameter MAY be included by the OP to enable the RP to validate the request and to determine which of the potentially multiple sessions is to be logged out; if either is included, both MUST be.",
+            "type": "string"
+          },
+          "grant_types": {
+            "items": {
+              "type": "string"
+            },
+            "type": "array"
+          },
+          "jwks": {
+            "additionalProperties": {},
+            "type": "object"
+          },
+          "jwks_uri": {
+            "description": "URL for the Client's JSON Web Key Set [JWK] document. If the Client signs requests to the Server, it contains the signing key(s) the Server uses to validate signatures from the Client. The JWK Set MAY also contain the Client's encryption keys(s), which are used by the Server to encrypt responses to the Client. When both signing and encryption keys are made available, a use (Key Use) parameter value is REQUIRED for all keys in the referenced JWK Set to indicate each key's intended usage. Although some algorithms allow the same key to be used for both signatures and encryption, doing so is NOT RECOMMENDED, as it is less secure. The JWK x5c parameter MAY be used to provide X.509 representations of keys provided. When used, the bare key values MUST still be present and MUST match those in the certificate.",
+            "type": "string"
+          },
+          "logo_uri": {
+            "description": "LogoURI is an URL string that references a logo for the client.",
+            "type": "string"
+          },
+          "metadata": {
+            "additionalProperties": {},
+            "type": "object"
+          },
+          "owner": {
+            "description": "Owner is a string identifying the owner of the OAuth 2.0 Client.",
+            "type": "string"
+          },
+          "policy_uri": {
+            "description": "PolicyURI is a URL string that points to a human-readable privacy policy document that describes how the deployment organization collects, uses, retains, and discloses personal data.",
+            "type": "string"
+          },
+          "post_logout_redirect_uris": {
+            "items": {
+              "type": "string"
+            },
+            "type": "array"
+          },
+          "redirect_uris": {
+            "items": {
+              "type": "string"
+            },
+            "type": "array"
+          },
+          "registration_access_token": {
+            "description": "RegistrationAccessToken can be used to update, get, or delete the OAuth2 Client.",
+            "type": "string"
+          },
+          "registration_client_uri": {
+            "description": "RegistrationClientURI is the URL used to update, get, or delete the OAuth2 Client.",
+            "type": "string"
+          },
+          "request_object_signing_alg": {
+            "description": "JWS [JWS] alg algorithm [JWA] that MUST be used for signing Request Objects sent to the OP. All Request Objects from this Client MUST be rejected, if not signed with this algorithm.",
+            "type": "string"
+          },
+          "request_uris": {
+            "items": {
+              "type": "string"
+            },
+            "type": "array"
+          },
+          "response_types": {
+            "items": {
+              "type": "string"
+            },
+            "type": "array"
+          },
+          "scope": {
+            "description": "Scope is a string containing a space-separated list of scope values (as described in Section 3.3 of OAuth 2.0 [RFC6749]) that the client can use when requesting access tokens.",
+            "type": "string"
+          },
+          "sector_identifier_uri": {
+            "description": "URL using the https scheme to be used in calculating Pseudonymous Identifiers by the OP. The URL references a file with a single JSON array of redirect_uri values.",
+            "type": "string"
+          },
+          "subject_type": {
+            "description": "SubjectType requested for responses to this Client. The subject_types_supported Discovery parameter contains a list of the supported subject_type values for this server. Valid types include `pairwise` and `public`.",
+            "type": "string"
+          },
+          "token_endpoint_auth_method": {
+            "description": "Requested Client Authentication method for the Token Endpoint. The options are client_secret_post, client_secret_basic, private_key_jwt, and none.",
+            "type": "string"
+          },
+          "token_endpoint_auth_signing_alg": {
+            "description": "Requested Client Authentication signing algorithm for the Token Endpoint.",
+            "type": "string"
+          },
+          "tos_uri": {
+            "description": "TermsOfServiceURI is a URL string that points to a human-readable terms of service document for the client that describes a contractual relationship between the end-user and the client that the end-user accepts when authorizing the client.",
+            "type": "string"
+          },
+          "updated_at": {
+            "description": "UpdatedAt returns the timestamp of the last update.",
+            "format": "date-time",
+            "type": "string"
+          },
+          "userinfo_signed_response_alg": {
+            "description": "JWS alg algorithm [JWA] REQUIRED for signing UserInfo Responses. If this is specified, the response will be JWT [JWT] serialized, and signed using JWS. The default, if omitted, is for the UserInfo Response to return the Claims as a UTF-8 encoded JSON object using the application/json content-type.",
+            "type": "string"
+          }
+        },
+        "type": "object"
+      },
+      "OpenIDConnectContext": {
+        "description": "OpenIDConnectContext struct for OpenIDConnectContext",
+        "properties": {
+          "acr_values": {
+            "description": "ACRValues is the Authentication AuthorizationContext Class Reference requested in the OAuth 2.0 Authorization request. It is a parameter defined by OpenID Connect and expresses which level of authentication (e.g. 2FA) is required.  OpenID Connect defines it as follows: \u003e Requested Authentication AuthorizationContext Class Reference values. Space-separated string that specifies the acr values that the Authorization Server is being requested to use for processing this Authentication Request, with the values appearing in order of preference. The Authentication AuthorizationContext Class satisfied by the authentication performed is returned as the acr Claim Value, as specified in Section 2. The acr Claim is requested as a Voluntary Claim by this parameter.",
+            "items": {
+              "type": "string"
+            },
+            "type": "array"
+          },
+          "display": {
+            "description": "Display is a string value that specifies how the Authorization Server displays the authentication and consent user interface pages to the End-User. The defined values are: page: The Authorization Server SHOULD display the authentication and consent UI consistent with a full User Agent page view. If the display parameter is not specified, this is the default display mode. popup: The Authorization Server SHOULD display the authentication and consent UI consistent with a popup User Agent window. The popup User Agent window should be of an appropriate size for a login-focused dialog and should not obscure the entire window that it is popping up over. touch: The Authorization Server SHOULD display the authentication and consent UI consistent with a device that leverages a touch interface. wap: The Authorization Server SHOULD display the authentication and consent UI consistent with a \\\"feature phone\\\" type display.  The Authorization Server MAY also attempt to detect the capabilities of the User Agent and present an appropriate display.",
+            "type": "string"
+          },
+          "id_token_hint_claims": {
+            "additionalProperties": true,
+            "description": "IDTokenHintClaims are the claims of the ID Token previously issued by the Authorization Server being passed as a hint about the End-User's current or past authenticated session with the Client.",
+            "type": "object"
+          },
+          "login_hint": {
+            "description": "LoginHint hints about the login identifier the End-User might use to log in (if necessary). This hint can be used by an RP if it first asks the End-User for their e-mail address (or other identifier) and then wants to pass that value as a hint to the discovered authorization service. This value MAY also be a phone number in the format specified for the phone_number Claim. The use of this parameter is optional.",
+            "type": "string"
+          },
+          "ui_locales": {
+            "description": "UILocales is the End-User'id preferred languages and scripts for the user interface, represented as a space-separated list of BCP47 [RFC5646] language tag values, ordered by preference. For instance, the value \\\"fr-CA fr en\\\" represents a preference for French as spoken in Canada, then French (without a region designation), followed by English (without a region designation). An error SHOULD NOT result if some or all of the requested locales are not supported by the OpenID Provider.",
+            "items": {
+              "type": "string"
+            },
+            "type": "array"
+          }
+        },
+        "type": "object"
+      },
       "RecoveryAddressType": {
         "title": "RecoveryAddressType must not exceed 16 characters as that is the limitation in the SQL Schema.",
         "type": "string"
@@ -56,6 +320,10 @@
       "TemplateType": {
         "type": "string"
       },
+      "Time": {
+        "format": "date-time",
+        "type": "string"
+      },
       "UUID": {
         "format": "uuid4",
         "type": "string"
@@ -726,6 +994,15 @@
         "title": "Is sent when a privileged session is required to perform the settings update.",
         "type": "object"
       },
+      "nullDuration": {
+        "nullable": true,
+        "pattern": "^[0-9]+(ns|us|ms|s|m|h)$",
+        "type": "string"
+      },
+      "nullInt64": {
+        "nullable": true,
+        "type": "integer"
+      },
       "nullJsonRawMessage": {
         "description": "NullJSONRawMessage represents a json.RawMessage that works well with JSON, SQL, and Swagger and is NULLable-"
       },
@@ -966,6 +1243,12 @@
             "format": "date-time",
             "type": "string"
           },
+          "oauth2_login_challenge": {
+            "$ref": "#/components/schemas/NullUUID"
+          },
+          "oauth2_login_request": {
+            "$ref": "#/components/schemas/LoginRequest"
+          },
           "refresh": {
             "description": "Refresh stores whether this login flow should enforce re-authentication.",
             "type": "boolean"
@@ -1142,6 +1425,12 @@
             "format": "date-time",
             "type": "string"
           },
+          "oauth2_login_challenge": {
+            "$ref": "#/components/schemas/NullUUID"
+          },
+          "oauth2_login_request": {
+            "$ref": "#/components/schemas/LoginRequest"
+          },
           "request_url": {
             "description": "RequestURL is the initial URL that was requested from Ory Kratos. It can be used\nto forward information contained in the URL's path or query for example.",
             "type": "string"
@@ -3858,9 +4147,17 @@
     },
     "/self-service/login/browser": {
       "get": {
-        "description": "This endpoint initializes a browser-based user login flow. This endpoint will set the appropriate\ncookies and anti-CSRF measures required for browser-based flows.\n\nIf this endpoint is opened as a link in the browser, it will be redirected to\n`selfservice.flows.login.ui_url` with the flow ID set as the query parameter `?flow=`. If a valid user session\nexists already, the browser will be redirected to `urls.default_redirect_url` unless the query parameter\n`?refresh=true` was set.\n\nIf this endpoint is called via an AJAX request, the response contains the flow without a redirect. In the\ncase of an error, the `error.id` of the JSON response body can be one of:\n\n`session_already_available`: The user is already signed in.\n`session_aal1_required`: Multi-factor auth (e.g. 2fa) was requested but the user has no session yet.\n`security_csrf_violation`: Unable to fetch the flow because a CSRF violation occurred.\n`security_identity_mismatch`: The requested `?return_to` address is not allowed to be used. Adjust this in the configuration!\n\nThis endpoint is NOT INTENDED for clients that do not have a browser (Chrome, Firefox, ...) as cookies are needed.\n\nMore information can be found at [Ory Kratos User Login](https://www.ory.sh/docs/kratos/self-service/flows/user-login) and [User Registration Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-registration).",
+        "description": "This endpoint initializes a browser-based user login flow. This endpoint will set the appropriate\ncookies and anti-CSRF measures required for browser-based flows.\n\nIf this endpoint is opened as a link in the browser, it will be redirected to\n`selfservice.flows.login.ui_url` with the flow ID set as the query parameter `?flow=`. If a valid user session\nexists already, the browser will be redirected to `urls.default_redirect_url` unless the query parameter\n`?refresh=true` was set.\n\nIf this endpoint is called via an AJAX request, the response contains the flow without a redirect. In the\ncase of an error, the `error.id` of the JSON response body can be one of:\n\n`session_already_available`: The user is already signed in.\n`session_aal1_required`: Multi-factor auth (e.g. 2fa) was requested but the user has no session yet.\n`security_csrf_violation`: Unable to fetch the flow because a CSRF violation occurred.\n`security_identity_mismatch`: The requested `?return_to` address is not allowed to be used. Adjust this in the configuration!\n\nThe optional query parameter `login_challenge` is set when using an Ory OAuth 2.0 OAuth2 & OpenID. See the `oauth2_provider.url` configuration\noption.\n\nThis endpoint is NOT INTENDED for clients that do not have a browser (Chrome, Firefox, ...) as cookies are needed.\n\nMore information can be found at [Ory Kratos User Login](https://www.ory.sh/docs/kratos/self-service/flows/user-login) and [User Registration Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-registration).",
         "operationId": "initializeSelfServiceLoginFlowForBrowsers",
         "parameters": [
+          {
+            "description": "An optional Hydra login challenge. If present, Kratos will cooperate with\nOry Hydra to act as an OAuth2 identity provider.\n\nThe value for this parameter comes from `login_challenge` URL Query parameter sent to your\napplication (e.g. `/login?login_challenge=abcde`).",
+            "in": "query",
+            "name": "login_challenge",
+            "schema": {
+              "type": "string"
+            }
+          },
           {
             "description": "Refresh a login session\n\nIf set to true, this will refresh an existing login session by\nasking the user to sign in again. This will reset the\nauthenticated_at time of the session.",
             "in": "query",
@@ -4583,6 +4880,14 @@
         "description": "This endpoint initializes a browser-based user registration flow. This endpoint will set the appropriate\ncookies and anti-CSRF measures required for browser-based flows.\n\n:::info\n\nThis endpoint is EXPERIMENTAL and subject to potential breaking changes in the future.\n\n:::\n\nIf this endpoint is opened as a link in the browser, it will be redirected to\n`selfservice.flows.registration.ui_url` with the flow ID set as the query parameter `?flow=`. If a valid user session\nexists already, the browser will be redirected to `urls.default_redirect_url`.\n\nIf this endpoint is called via an AJAX request, the response contains the flow without a redirect. In the\ncase of an error, the `error.id` of the JSON response body can be one of:\n\n`session_already_available`: The user is already signed in.\n`security_csrf_violation`: Unable to fetch the flow because a CSRF violation occurred.\n`security_identity_mismatch`: The requested `?return_to` address is not allowed to be used. Adjust this in the configuration!\n\nIf this endpoint is called via an AJAX request, the response contains the registration flow without a redirect.\n\nThis endpoint is NOT INTENDED for clients that do not have a browser (Chrome, Firefox, ...) as cookies are needed.\n\nMore information can be found at [Ory Kratos User Login](https://www.ory.sh/docs/kratos/self-service/flows/user-login) and [User Registration Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-registration).",
         "operationId": "initializeSelfServiceRegistrationFlowForBrowsers",
         "parameters": [
+          {
+            "description": "An optional Hydra login challenge. If present, Kratos will cooperate with\nOry Hydra to act as an OAuth2 identity provider.\n\nThe value for this parameter comes from `login_challenge` URL Query parameter sent to your\napplication (e.g. `/registration?login_challenge=abcde`).",
+            "in": "query",
+            "name": "login_challenge",
+            "schema": {
+              "type": "string"
+            }
+          },
           {
             "description": "The URL to return the browser to after the flow was completed.",
             "in": "query",
@@ -5670,4 +5975,4 @@
   },
   "x-forwarded-proto": "string",
   "x-request-id": "string"
-}
\ No newline at end of file
+}
diff --git a/spec/swagger.json b/spec/swagger.json
index 5395823b09f6..6cc035a63134 100755
--- a/spec/swagger.json
+++ b/spec/swagger.json
@@ -1132,7 +1132,7 @@
     },
     "/self-service/login/browser": {
       "get": {
-        "description": "This endpoint initializes a browser-based user login flow. This endpoint will set the appropriate\ncookies and anti-CSRF measures required for browser-based flows.\n\nIf this endpoint is opened as a link in the browser, it will be redirected to\n`selfservice.flows.login.ui_url` with the flow ID set as the query parameter `?flow=`. If a valid user session\nexists already, the browser will be redirected to `urls.default_redirect_url` unless the query parameter\n`?refresh=true` was set.\n\nIf this endpoint is called via an AJAX request, the response contains the flow without a redirect. In the\ncase of an error, the `error.id` of the JSON response body can be one of:\n\n`session_already_available`: The user is already signed in.\n`session_aal1_required`: Multi-factor auth (e.g. 2fa) was requested but the user has no session yet.\n`security_csrf_violation`: Unable to fetch the flow because a CSRF violation occurred.\n`security_identity_mismatch`: The requested `?return_to` address is not allowed to be used. Adjust this in the configuration!\n\nThis endpoint is NOT INTENDED for clients that do not have a browser (Chrome, Firefox, ...) as cookies are needed.\n\nMore information can be found at [Ory Kratos User Login](https://www.ory.sh/docs/kratos/self-service/flows/user-login) and [User Registration Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-registration).",
+        "description": "This endpoint initializes a browser-based user login flow. This endpoint will set the appropriate\ncookies and anti-CSRF measures required for browser-based flows.\n\nIf this endpoint is opened as a link in the browser, it will be redirected to\n`selfservice.flows.login.ui_url` with the flow ID set as the query parameter `?flow=`. If a valid user session\nexists already, the browser will be redirected to `urls.default_redirect_url` unless the query parameter\n`?refresh=true` was set.\n\nIf this endpoint is called via an AJAX request, the response contains the flow without a redirect. In the\ncase of an error, the `error.id` of the JSON response body can be one of:\n\n`session_already_available`: The user is already signed in.\n`session_aal1_required`: Multi-factor auth (e.g. 2fa) was requested but the user has no session yet.\n`security_csrf_violation`: Unable to fetch the flow because a CSRF violation occurred.\n`security_identity_mismatch`: The requested `?return_to` address is not allowed to be used. Adjust this in the configuration!\n\nThe optional query parameter login_challenge is set when using Kratos with\nHydra in an OAuth2 flow. See the oauth2_provider.url configuration\noption.\n\nThis endpoint is NOT INTENDED for clients that do not have a browser (Chrome, Firefox, ...) as cookies are needed.\n\nMore information can be found at [Ory Kratos User Login](https://www.ory.sh/docs/kratos/self-service/flows/user-login) and [User Registration Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-registration).",
         "produces": [
           "application/json"
         ],
@@ -1146,6 +1146,12 @@
         "summary": "Initialize Login Flow for Browsers",
         "operationId": "initializeSelfServiceLoginFlowForBrowsers",
         "parameters": [
+          {
+            "type": "string",
+            "description": "An optional Hydra login challenge. If present, Kratos will cooperate with\nOry Hydra to act as an OAuth2 identity provider.\n\nThe value for this parameter comes from `login_challenge` URL Query parameter sent to your\napplication (e.g. `/login?login_challenge=abcde`).",
+            "name": "login_challenge",
+            "in": "query"
+          },
           {
             "type": "boolean",
             "description": "Refresh a login session\n\nIf set to true, this will refresh an existing login session by\nasking the user to sign in again. This will reset the\nauthenticated_at time of the session.",
@@ -1748,6 +1754,12 @@
         "summary": "Initialize Registration Flow for Browsers",
         "operationId": "initializeSelfServiceRegistrationFlowForBrowsers",
         "parameters": [
+          {
+            "type": "string",
+            "description": "An optional Hydra login challenge. If present, Kratos will cooperate with\nOry Hydra to act as an OAuth2 identity provider.\n\nThe value for this parameter comes from `login_challenge` URL Query parameter sent to your\napplication (e.g. `/registration?login_challenge=abcde`).",
+            "name": "login_challenge",
+            "in": "query"
+          },
           {
             "type": "string",
             "description": "The URL to return the browser to after the flow was completed.",
@@ -2639,6 +2651,261 @@
       "type": "object",
       "title": "JSONRawMessage represents a json.RawMessage that works well with JSON, SQL, and Swagger."
     },
+    "LoginRequest": {
+      "description": "LoginRequest struct for LoginRequest",
+      "type": "object",
+      "properties": {
+        "challenge": {
+          "description": "ID is the identifier (\\\"login challenge\\\") of the login request. It is used to identify the session.",
+          "type": "string"
+        },
+        "client": {
+          "$ref": "#/definitions/OAuth2Client"
+        },
+        "oidc_context": {
+          "$ref": "#/definitions/OpenIDConnectContext"
+        },
+        "request_url": {
+          "description": "RequestURL is the original OAuth 2.0 Authorization URL requested by the OAuth 2.0 client. It is the URL which initiates the OAuth 2.0 Authorization Code or OAuth 2.0 Implicit flow. This URL is typically not needed, but might come in handy if you want to deal with additional request parameters.",
+          "type": "string"
+        },
+        "requested_access_token_audience": {
+          "type": "array",
+          "items": {
+            "type": "string"
+          }
+        },
+        "requested_scope": {
+          "type": "array",
+          "items": {
+            "type": "string"
+          }
+        },
+        "session_id": {
+          "description": "SessionID is the login session ID. If the user-agent reuses a login session (via cookie / remember flag) this ID will remain the same. If the user-agent did not have an existing authentication session (e.g. remember is false) this will be a new random value. This value is used as the \\\"sid\\\" parameter in the ID Token and in OIDC Front-/Back- channel logout. It's value can generally be used to associate consecutive login requests by a certain user.",
+          "type": "string"
+        },
+        "skip": {
+          "description": "Skip, if true, implies that the client has requested the same scopes from the same user previously. If true, you can skip asking the user to grant the requested scopes, and simply forward the user to the redirect URL.  This feature allows you to update / set session information.",
+          "type": "boolean"
+        },
+        "subject": {
+          "description": "Subject is the user ID of the end-user that authenticated. Now, that end user needs to grant or deny the scope requested by the OAuth 2.0 client. If this value is set and `skip` is true, you MUST include this subject type when accepting the login request, or the request will fail.",
+          "type": "string"
+        }
+      }
+    },
+    "NullUUID": {
+      "description": "NullUUID can be used with the standard sql package to represent a\nUUID value that can be NULL in the database.",
+      "type": "object",
+      "properties": {
+        "UUID": {
+          "type": "string",
+          "format": "uuid"
+        },
+        "Valid": {
+          "type": "boolean"
+        }
+      }
+    },
+    "OAuth2Client": {
+      "description": "OAuth2Client struct for OAuth2Client",
+      "type": "object",
+      "properties": {
+        "allowed_cors_origins": {
+          "type": "array",
+          "items": {
+            "type": "string"
+          }
+        },
+        "audience": {
+          "type": "array",
+          "items": {
+            "type": "string"
+          }
+        },
+        "backchannel_logout_session_required": {
+          "description": "Boolean value specifying whether the RP requires that a sid (session ID) Claim be included in the Logout Token to identify the RP session with the OP when the backchannel_logout_uri is used. If omitted, the default value is false.",
+          "type": "boolean"
+        },
+        "backchannel_logout_uri": {
+          "description": "RP URL that will cause the RP to log itself out when sent a Logout Token by the OP.",
+          "type": "string"
+        },
+        "client_id": {
+          "description": "ID  is the id for this client.",
+          "type": "string"
+        },
+        "client_name": {
+          "description": "Name is the human-readable string name of the client to be presented to the end-user during authorization.",
+          "type": "string"
+        },
+        "client_secret": {
+          "description": "Secret is the client's secret. The secret will be included in the create request as cleartext, and then never again. The secret is stored using BCrypt so it is impossible to recover it. Tell your users that they need to write the secret down as it will not be made available again.",
+          "type": "string"
+        },
+        "client_secret_expires_at": {
+          "description": "SecretExpiresAt is an integer holding the time at which the client secret will expire or 0 if it will not expire. The time is represented as the number of seconds from 1970-01-01T00:00:00Z as measured in UTC until the date/time of expiration.  This feature is currently not supported and it's value will always be set to 0.",
+          "type": "integer",
+          "format": "int64"
+        },
+        "client_uri": {
+          "description": "ClientURI is an URL string of a web page providing information about the client. If present, the server SHOULD display this URL to the end-user in a clickable fashion.",
+          "type": "string"
+        },
+        "contacts": {
+          "type": "array",
+          "items": {
+            "type": "string"
+          }
+        },
+        "created_at": {
+          "description": "CreatedAt returns the timestamp of the client's creation.",
+          "type": "string",
+          "format": "date-time"
+        },
+        "frontchannel_logout_session_required": {
+          "description": "Boolean value specifying whether the RP requires that iss (issuer) and sid (session ID) query parameters be included to identify the RP session with the OP when the frontchannel_logout_uri is used. If omitted, the default value is false.",
+          "type": "boolean"
+        },
+        "frontchannel_logout_uri": {
+          "description": "RP URL that will cause the RP to log itself out when rendered in an iframe by the OP. An iss (issuer) query parameter and a sid (session ID) query parameter MAY be included by the OP to enable the RP to validate the request and to determine which of the potentially multiple sessions is to be logged out; if either is included, both MUST be.",
+          "type": "string"
+        },
+        "grant_types": {
+          "type": "array",
+          "items": {
+            "type": "string"
+          }
+        },
+        "jwks": {
+          "type": "object",
+          "additionalProperties": {}
+        },
+        "jwks_uri": {
+          "description": "URL for the Client's JSON Web Key Set [JWK] document. If the Client signs requests to the Server, it contains the signing key(s) the Server uses to validate signatures from the Client. The JWK Set MAY also contain the Client's encryption keys(s), which are used by the Server to encrypt responses to the Client. When both signing and encryption keys are made available, a use (Key Use) parameter value is REQUIRED for all keys in the referenced JWK Set to indicate each key's intended usage. Although some algorithms allow the same key to be used for both signatures and encryption, doing so is NOT RECOMMENDED, as it is less secure. The JWK x5c parameter MAY be used to provide X.509 representations of keys provided. When used, the bare key values MUST still be present and MUST match those in the certificate.",
+          "type": "string"
+        },
+        "logo_uri": {
+          "description": "LogoURI is an URL string that references a logo for the client.",
+          "type": "string"
+        },
+        "metadata": {
+          "type": "object",
+          "additionalProperties": {}
+        },
+        "owner": {
+          "description": "Owner is a string identifying the owner of the OAuth 2.0 Client.",
+          "type": "string"
+        },
+        "policy_uri": {
+          "description": "PolicyURI is a URL string that points to a human-readable privacy policy document that describes how the deployment organization collects, uses, retains, and discloses personal data.",
+          "type": "string"
+        },
+        "post_logout_redirect_uris": {
+          "type": "array",
+          "items": {
+            "type": "string"
+          }
+        },
+        "redirect_uris": {
+          "type": "array",
+          "items": {
+            "type": "string"
+          }
+        },
+        "registration_access_token": {
+          "description": "RegistrationAccessToken can be used to update, get, or delete the OAuth2 Client.",
+          "type": "string"
+        },
+        "registration_client_uri": {
+          "description": "RegistrationClientURI is the URL used to update, get, or delete the OAuth2 Client.",
+          "type": "string"
+        },
+        "request_object_signing_alg": {
+          "description": "JWS [JWS] alg algorithm [JWA] that MUST be used for signing Request Objects sent to the OP. All Request Objects from this Client MUST be rejected, if not signed with this algorithm.",
+          "type": "string"
+        },
+        "request_uris": {
+          "type": "array",
+          "items": {
+            "type": "string"
+          }
+        },
+        "response_types": {
+          "type": "array",
+          "items": {
+            "type": "string"
+          }
+        },
+        "scope": {
+          "description": "Scope is a string containing a space-separated list of scope values (as described in Section 3.3 of OAuth 2.0 [RFC6749]) that the client can use when requesting access tokens.",
+          "type": "string"
+        },
+        "sector_identifier_uri": {
+          "description": "URL using the https scheme to be used in calculating Pseudonymous Identifiers by the OP. The URL references a file with a single JSON array of redirect_uri values.",
+          "type": "string"
+        },
+        "subject_type": {
+          "description": "SubjectType requested for responses to this Client. The subject_types_supported Discovery parameter contains a list of the supported subject_type values for this server. Valid types include `pairwise` and `public`.",
+          "type": "string"
+        },
+        "token_endpoint_auth_method": {
+          "description": "Requested Client Authentication method for the Token Endpoint. The options are client_secret_post, client_secret_basic, private_key_jwt, and none.",
+          "type": "string"
+        },
+        "token_endpoint_auth_signing_alg": {
+          "description": "Requested Client Authentication signing algorithm for the Token Endpoint.",
+          "type": "string"
+        },
+        "tos_uri": {
+          "description": "TermsOfServiceURI is a URL string that points to a human-readable terms of service document for the client that describes a contractual relationship between the end-user and the client that the end-user accepts when authorizing the client.",
+          "type": "string"
+        },
+        "updated_at": {
+          "description": "UpdatedAt returns the timestamp of the last update.",
+          "type": "string",
+          "format": "date-time"
+        },
+        "userinfo_signed_response_alg": {
+          "description": "JWS alg algorithm [JWA] REQUIRED for signing UserInfo Responses. If this is specified, the response will be JWT [JWT] serialized, and signed using JWS. The default, if omitted, is for the UserInfo Response to return the Claims as a UTF-8 encoded JSON object using the application/json content-type.",
+          "type": "string"
+        }
+      }
+    },
+    "OpenIDConnectContext": {
+      "description": "OpenIDConnectContext struct for OpenIDConnectContext",
+      "type": "object",
+      "properties": {
+        "acr_values": {
+          "description": "ACRValues is the Authentication AuthorizationContext Class Reference requested in the OAuth 2.0 Authorization request. It is a parameter defined by OpenID Connect and expresses which level of authentication (e.g. 2FA) is required.  OpenID Connect defines it as follows: \u003e Requested Authentication AuthorizationContext Class Reference values. Space-separated string that specifies the acr values that the Authorization Server is being requested to use for processing this Authentication Request, with the values appearing in order of preference. The Authentication AuthorizationContext Class satisfied by the authentication performed is returned as the acr Claim Value, as specified in Section 2. The acr Claim is requested as a Voluntary Claim by this parameter.",
+          "type": "array",
+          "items": {
+            "type": "string"
+          }
+        },
+        "display": {
+          "description": "Display is a string value that specifies how the Authorization Server displays the authentication and consent user interface pages to the End-User. The defined values are: page: The Authorization Server SHOULD display the authentication and consent UI consistent with a full User Agent page view. If the display parameter is not specified, this is the default display mode. popup: The Authorization Server SHOULD display the authentication and consent UI consistent with a popup User Agent window. The popup User Agent window should be of an appropriate size for a login-focused dialog and should not obscure the entire window that it is popping up over. touch: The Authorization Server SHOULD display the authentication and consent UI consistent with a device that leverages a touch interface. wap: The Authorization Server SHOULD display the authentication and consent UI consistent with a \\\"feature phone\\\" type display.  The Authorization Server MAY also attempt to detect the capabilities of the User Agent and present an appropriate display.",
+          "type": "string"
+        },
+        "id_token_hint_claims": {
+          "description": "IDTokenHintClaims are the claims of the ID Token previously issued by the Authorization Server being passed as a hint about the End-User's current or past authenticated session with the Client.",
+          "type": "object",
+          "additionalProperties": true
+        },
+        "login_hint": {
+          "description": "LoginHint hints about the login identifier the End-User might use to log in (if necessary). This hint can be used by an RP if it first asks the End-User for their e-mail address (or other identifier) and then wants to pass that value as a hint to the discovered authorization service. This value MAY also be a phone number in the format specified for the phone_number Claim. The use of this parameter is optional.",
+          "type": "string"
+        },
+        "ui_locales": {
+          "description": "UILocales is the End-User'id preferred languages and scripts for the user interface, represented as a space-separated list of BCP47 [RFC5646] language tag values, ordered by preference. For instance, the value \\\"fr-CA fr en\\\" represents a preference for French as spoken in Canada, then French (without a region designation), followed by English (without a region designation). An error SHOULD NOT result if some or all of the requested locales are not supported by the OpenID Provider.",
+          "type": "array",
+          "items": {
+            "type": "string"
+          }
+        }
+      }
+    },
     "RecoveryAddressType": {
       "type": "string",
       "title": "RecoveryAddressType must not exceed 16 characters as that is the limitation in the SQL Schema."
@@ -3543,6 +3810,12 @@
           "type": "string",
           "format": "date-time"
         },
+        "oauth2_login_challenge": {
+          "$ref": "#/definitions/NullUUID"
+        },
+        "oauth2_login_request": {
+          "$ref": "#/definitions/LoginRequest"
+        },
         "refresh": {
           "description": "Refresh stores whether this login flow should enforce re-authentication.",
           "type": "boolean"
@@ -3713,6 +3986,12 @@
           "type": "string",
           "format": "date-time"
         },
+        "oauth2_login_challenge": {
+          "$ref": "#/definitions/NullUUID"
+        },
+        "oauth2_login_request": {
+          "$ref": "#/definitions/LoginRequest"
+        },
         "request_url": {
           "description": "RequestURL is the initial URL that was requested from Ory Kratos. It can be used\nto forward information contained in the URL's path or query for example.",
           "type": "string"
@@ -4930,4 +5209,4 @@
   },
   "x-forwarded-proto": "string",
   "x-request-id": "string"
-}
\ No newline at end of file
+}
diff --git a/test/e2e/cypress/helpers/httpbin.ts b/test/e2e/cypress/helpers/httpbin.ts
new file mode 100644
index 000000000000..3e5ed407be2e
--- /dev/null
+++ b/test/e2e/cypress/helpers/httpbin.ts
@@ -0,0 +1,36 @@
+import * as oauth2 from "./oauth2"
+
+export function checkToken(
+  client: oauth2.oAuth2Client,
+  scope: string[],
+  check: (token: any) => void,
+) {
+  cy.location("href")
+    .should("match", new RegExp("https://httpbin.org/anything[?]code=.*"))
+    .then((body) => {
+      cy.get("body")
+        .invoke("text")
+        .then((text) => {
+          const result = JSON.parse(text)
+          const tokenParams = {
+            code: result.args.code,
+            redirect_uri: "https://httpbin.org/anything",
+            scope: scope.join(" "),
+          }
+          oauth2
+            .getToken(
+              client.token_endpoint,
+              client.id,
+              client.secret,
+              "authorization_code",
+              tokenParams.code,
+              tokenParams.redirect_uri,
+              tokenParams.scope,
+            )
+            .then((res) => {
+              const token = res.body
+              check(token)
+            })
+        })
+    })
+}
diff --git a/test/e2e/cypress/helpers/oauth2.ts b/test/e2e/cypress/helpers/oauth2.ts
new file mode 100644
index 000000000000..5ad3d6680f02
--- /dev/null
+++ b/test/e2e/cypress/helpers/oauth2.ts
@@ -0,0 +1,101 @@
+import * as uuid from "uuid"
+
+export type oAuth2Client = {
+  auth_endpoint: string
+  token_endpoint: string
+  id: string
+  secret: string
+  token_endpoint_auth_method: string
+  grant_types: string[]
+  response_types: string[]
+  scopes: string[]
+  callbacks: string[]
+}
+
+export function getDefaultAuthorizeURL(client: oAuth2Client) {
+  const state = uuid.v4()
+  const nonce = uuid.v4()
+  return getAuthorizeURL(
+    client.auth_endpoint,
+    "",
+    client.id,
+    "0",
+    nonce,
+    "https://httpbin.org/anything",
+    "code",
+    ["offline", "openid"],
+    state,
+    undefined,
+  )
+}
+
+export function getAuthorizeURL(
+  auth_endpoint: string,
+  audience: string,
+  client_id: string,
+  max_age: string,
+  nonce: string,
+  redirect_uri: string,
+  response_type:
+    | "code"
+    | "id_token"
+    | "id_token token"
+    | "code id_token"
+    | "code token"
+    | "code id_token token",
+  scopes: string[],
+  state: string,
+  code_challenge?: string,
+): string {
+  const r = new URL(auth_endpoint)
+  r.searchParams.append("audience", audience)
+  r.searchParams.append("client_id", client_id)
+  r.searchParams.append("max_age", max_age)
+  r.searchParams.append("nonce", nonce)
+  r.searchParams.append("prompt", "")
+  r.searchParams.append("redirect_uri", redirect_uri)
+  r.searchParams.append("response_type", response_type)
+  r.searchParams.append("scope", scopes.join(" "))
+  r.searchParams.append("state", state)
+
+  code_challenge && r.searchParams.append("code_challenge", code_challenge)
+  return r.toString()
+}
+
+export function getToken(
+  token_endpoint: string,
+  client_id: string,
+  client_secret: string,
+  grant_type: "authorization_code",
+  code: string,
+  redirect_uri: string,
+  scope: string,
+) {
+  let urlEncodedData = ""
+  const urlEncodedDataPairs = []
+  urlEncodedDataPairs.push(
+    encodeURIComponent("grant_type") + "=" + encodeURIComponent(grant_type),
+  )
+  urlEncodedDataPairs.push(
+    encodeURIComponent("code") + "=" + encodeURIComponent(code),
+  )
+  urlEncodedDataPairs.push(
+    encodeURIComponent("redirect_uri") + "=" + encodeURIComponent(redirect_uri),
+  )
+  urlEncodedDataPairs.push(
+    encodeURIComponent("scope") + "=" + encodeURIComponent(scope),
+  )
+
+  urlEncodedData = urlEncodedDataPairs.join("&").replace(/%20/g, "+")
+
+  return cy.request({
+    method: "POST",
+    url: token_endpoint,
+    form: true,
+    body: urlEncodedData,
+    headers: {
+      Accept: "application/json",
+      Authorization: "Basic " + btoa(client_id + ":" + client_secret),
+    },
+  })
+}
diff --git a/test/e2e/cypress/integration/profiles/oidc-provider/error.spec.ts b/test/e2e/cypress/integration/profiles/oidc-provider/error.spec.ts
new file mode 100644
index 000000000000..b7bf1b8a6bcf
--- /dev/null
+++ b/test/e2e/cypress/integration/profiles/oidc-provider/error.spec.ts
@@ -0,0 +1,34 @@
+import { routes as express } from "../../../helpers/express"
+
+context("OpenID Provider", () => {
+  before(() => {
+    cy.useConfigProfile("oidc-provider")
+    cy.proxy("express")
+  })
+  it("should fail with invalid login_challenge", () => {
+    cy.visit(express.login + "?login_challenge=not-a-uuid", {
+      failOnStatusCode: false,
+    }).then((d) => {
+      cy.get(`[data-testid="ui/error/message"]`).then((c) => {
+        cy.wrap(c[0].textContent).should(
+          "contain",
+          "the login_challenge parameter is present but invalid or zero UUID",
+        )
+      })
+    })
+  })
+
+  it("should fail with zero login_challenge", () => {
+    cy.visit(
+      express.login + "?login_challenge=00000000-0000-0000-0000-000000000000",
+      { failOnStatusCode: false },
+    ).then((d) => {
+      cy.get(`[data-testid="ui/error/message"]`).then((c) => {
+        cy.wrap(c[0].textContent).should(
+          "contain",
+          "the login_challenge parameter is present but invalid or zero UUID",
+        )
+      })
+    })
+  })
+})
diff --git a/test/e2e/cypress/integration/profiles/oidc-provider/login.spec.ts b/test/e2e/cypress/integration/profiles/oidc-provider/login.spec.ts
new file mode 100644
index 000000000000..649b2b215637
--- /dev/null
+++ b/test/e2e/cypress/integration/profiles/oidc-provider/login.spec.ts
@@ -0,0 +1,144 @@
+import { gen } from "../../../helpers"
+import * as oauth2 from "../../../helpers/oauth2"
+import * as httpbin from "../../../helpers/httpbin"
+
+context("OpenID Provider", () => {
+  before(() => {
+    cy.useConfigProfile("oidc-provider")
+    cy.proxy("express")
+  })
+  const client = {
+    auth_endpoint: "http://localhost:4744/oauth2/auth",
+    token_endpoint: "http://localhost:4744/oauth2/token",
+    id: "dummy-client",
+    secret: "secret",
+    token_endpoint_auth_method: "client_secret_basic",
+    grant_types: ["authorization_code", "refresh_token"],
+    response_types: ["code", "id_token"],
+    scopes: ["openid", "offline", "email", "website"],
+    callbacks: [
+      "http://localhost:5555/callback",
+      "https://httpbin.org/anything",
+    ],
+  }
+
+  it("login", () => {
+    const email = gen.email()
+    const password = gen.password()
+    cy.registerApi({
+      email: email,
+      password: password,
+      fields: { "traits.website": "http://t1.local" },
+    })
+
+    const url = oauth2.getDefaultAuthorizeURL(client)
+
+    cy.visit(url)
+
+    // kratos login ui
+    cy.get("[name=identifier]").type(email)
+    cy.get("[name=password]").type(password)
+    cy.get("[type=submit]").click()
+
+    // consent ui
+    cy.get("#openid").click()
+    cy.get("#offline").click()
+    cy.get("#accept").click()
+
+    const scope = ["offline", "openid"]
+    httpbin.checkToken(client, scope, (token: any) => {
+      expect(token).to.have.property("access_token")
+      expect(token).to.have.property("id_token")
+      expect(token).to.have.property("refresh_token")
+      expect(token).to.have.property("token_type")
+      expect(token).to.have.property("expires_in")
+      expect(token.scope).to.equal("offline openid")
+      let idToken = JSON.parse(
+        decodeURIComponent(escape(window.atob(token.id_token.split(".")[1]))),
+      )
+      expect(idToken).to.have.property("amr")
+      expect(idToken.amr).to.deep.equal(["password"])
+    })
+  })
+
+  it("login-without-scopes", () => {
+    const email = gen.email()
+    const password = gen.password()
+    cy.registerApi({
+      email: email,
+      password: password,
+      fields: { "traits.website": "http://t1.local" },
+    })
+
+    const url = oauth2.getDefaultAuthorizeURL(client)
+    cy.visit(url)
+
+    // kratos login ui
+    cy.get("[name=identifier]").type(email)
+    cy.get("[name=password]").type(password)
+    cy.get("[type=submit]").click()
+
+    // consent ui
+    cy.get("#accept").click()
+
+    const scope = ["offline", "openid"]
+    httpbin.checkToken(client, scope, (token: any) => {
+      expect(token).to.have.property("access_token")
+      expect(token).not.to.have.property("id_token")
+      expect(token).not.to.have.property("refresh_token")
+      expect(token).to.have.property("token_type")
+      expect(token).to.have.property("expires_in")
+      expect(token.scope).to.equal("")
+    })
+  })
+
+  it("respects-login-remember-config", () => {
+    let odicLogin = () => {
+      const email = gen.email()
+      const password = gen.password()
+      cy.registerApi({
+        email: email,
+        password: password,
+        fields: { "traits.website": "http://t1.local" },
+      })
+
+      let url = oauth2.getDefaultAuthorizeURL(client)
+      cy.visit(url)
+
+      // kratos login ui
+      cy.get("[name=identifier]").type(email)
+      cy.get("[name=password]").type(password)
+      cy.get("[type=submit]").click()
+
+      // consent ui
+      cy.get("#accept").click()
+    }
+
+    cy.clearAllCookies()
+    cy.updateConfigFile((config) => {
+      config.session.cookie = config.session.cookie || {}
+      config.session.cookie.persistent = true
+      config.session.lifespan = "1234s"
+      return config
+    })
+
+    odicLogin()
+    cy.getCookie("oauth2_authentication_session_insecure").should("not.be.null")
+    cy.getCookie("oauth2_authentication_session_insecure").then((cookie) => {
+      let expected = Date.now() / 1000 + 1234
+      let precision = 10
+      expect(cookie.expiry).to.be.lessThan(expected + precision)
+      expect(cookie.expiry).to.be.greaterThan(expected - precision)
+    })
+
+    cy.clearAllCookies()
+    cy.updateConfigFile((config) => {
+      config.session.cookie = config.session.cookie || {}
+      config.session.cookie.persistent = false
+      return config
+    })
+
+    odicLogin()
+    cy.getCookie("oauth2_authentication_session_insecure").should("be.null")
+  })
+})
diff --git a/test/e2e/cypress/integration/profiles/oidc-provider/mfa.spec.ts b/test/e2e/cypress/integration/profiles/oidc-provider/mfa.spec.ts
new file mode 100644
index 000000000000..5e7076d93271
--- /dev/null
+++ b/test/e2e/cypress/integration/profiles/oidc-provider/mfa.spec.ts
@@ -0,0 +1,155 @@
+import { authenticator } from "otplib"
+import { gen } from "../../../helpers"
+import { routes as express } from "../../../helpers/express"
+import * as oauth2 from "../../../helpers/oauth2"
+import * as httpbin from "../../../helpers/httpbin"
+
+context("OIDC Provider 2FA", () => {
+  const client = {
+    auth_endpoint: "http://localhost:4744/oauth2/auth",
+    token_endpoint: "http://localhost:4744/oauth2/token",
+    id: "dummy-client",
+    secret: "secret",
+    token_endpoint_auth_method: "client_secret_basic",
+    grant_types: ["authorization_code", "refresh_token"],
+    response_types: ["code", "id_token"],
+    scopes: ["openid", "offline", "email", "website"],
+    callbacks: [
+      "http://localhost:5555/callback",
+      "https://httpbin.org/anything",
+    ],
+  }
+
+  ;[
+    {
+      login: express.login,
+      settings: express.settings,
+      base: express.base,
+      profile: "oidc-provider-mfa",
+      app: "express" as "express",
+    },
+  ].forEach(({ settings, login, profile, app, base }) => {
+    describe(`for app ${app}`, () => {
+      let email = gen.email()
+      let password = gen.password()
+      let secret
+
+      before(() => {
+        cy.useConfigProfile(profile)
+        cy.proxy(app)
+
+        email = gen.email()
+        password = gen.password()
+
+        cy.register({
+          email,
+          password,
+          fields: { "traits.website": "http://t1.local" },
+        })
+        cy.visit(settings)
+
+        cy.get('[data-testid="node/text/totp_secret_key/text"]').then(($e) => {
+          secret = $e.text().trim()
+        })
+        cy.get('input[name="totp_code"]').then(($e) => {
+          cy.wrap($e).type(authenticator.generate(secret))
+        })
+        cy.get('*[name="method"][value="totp"]').click()
+        cy.expectSettingsSaved()
+        cy.getSession({
+          expectAal: "aal2",
+          expectMethods: ["password", "totp"],
+        })
+
+        cy.clearAllCookies()
+      })
+
+      it("should be be asked to sign in with 2fa if set up", () => {
+        let url = oauth2.getDefaultAuthorizeURL(client)
+
+        cy.get("body")
+          .then((body$) => {
+            // Credits https://github.com/suchipi, https://github.com/cypress-io/cypress/issues/944#issuecomment-444312914
+            const appWindow = body$[0].ownerDocument.defaultView
+            const appIframe = appWindow.parent.document.querySelector("iframe")
+
+            return new Promise((resolve) => {
+              appIframe.onload = () => resolve(undefined)
+              appWindow.location.href = url
+            })
+          })
+          .then(() => {
+            // kratos login ui
+            cy.get("[name=identifier]").type(email)
+            cy.get("[name=password]").type(password)
+            cy.get("[type=submit]").click()
+
+            cy.get('input[name="totp_code"]').then(($e) => {
+              cy.wrap($e).type(authenticator.generate(secret))
+            })
+            cy.get('*[name="method"][value="totp"]').click()
+
+            // consent ui
+            cy.get("#openid").click()
+            cy.get("#offline").click()
+            cy.get("#accept").click()
+
+            let scope = ["offline", "openid"]
+            httpbin.checkToken(client, scope, (token: any) => {
+              expect(token).to.have.property("access_token")
+              expect(token).to.have.property("id_token")
+              expect(token).to.have.property("refresh_token")
+              expect(token).to.have.property("token_type")
+              expect(token).to.have.property("expires_in")
+              expect(token.scope).to.equal("offline openid")
+              let idToken = JSON.parse(
+                decodeURIComponent(
+                  escape(window.atob(token.id_token.split(".")[1])),
+                ),
+              )
+              expect(idToken).to.have.property("amr")
+              expect(idToken.amr).to.deep.equal(["password", "totp"])
+            })
+
+            // We shouldn't need to authenticate again
+            url = oauth2.getDefaultAuthorizeURL(client)
+
+            cy.get("body")
+              .then((body$) => {
+                // Credits https://github.com/suchipi, https://github.com/cypress-io/cypress/issues/944#issuecomment-444312914
+                const appWindow = body$[0].ownerDocument.defaultView
+                const appIframe =
+                  appWindow.parent.document.querySelector("iframe")
+
+                return new Promise((resolve) => {
+                  appIframe.onload = () => resolve(undefined)
+                  appWindow.location.href = url
+                })
+              })
+              .then(() => {
+                // We get the consent screen instead of login
+                cy.get("#openid").click()
+                cy.get("#offline").click()
+                cy.get("#accept").click()
+
+                httpbin.checkToken(client, scope, (token: any) => {
+                  expect(token).to.have.property("access_token")
+                  expect(token).to.have.property("id_token")
+                  expect(token).to.have.property("refresh_token")
+                  expect(token).to.have.property("token_type")
+                  expect(token).to.have.property("expires_in")
+                  expect(token.scope).to.equal("offline openid")
+                  let idToken = JSON.parse(
+                    decodeURIComponent(
+                      escape(window.atob(token.id_token.split(".")[1])),
+                    ),
+                  )
+                  expect(idToken).to.have.property("amr")
+                  expect(idToken.amr).to.deep.equal(["password", "totp"])
+                })
+              })
+          })
+      })
+    })
+  })
+})
diff --git a/test/e2e/cypress/integration/profiles/oidc-provider/registration.spec.ts b/test/e2e/cypress/integration/profiles/oidc-provider/registration.spec.ts
new file mode 100644
index 000000000000..2b33b23f4a9f
--- /dev/null
+++ b/test/e2e/cypress/integration/profiles/oidc-provider/registration.spec.ts
@@ -0,0 +1,65 @@
+import { gen } from "../../../helpers"
+import * as uuid from "uuid"
+import * as oauth2 from "../../../helpers/oauth2"
+import * as httpbin from "../../../helpers/httpbin"
+
+context("OpenID Provider", () => {
+  before(() => {
+    cy.useConfigProfile("oidc-provider")
+    cy.proxy("express")
+  })
+  const client = {
+    auth_endpoint: "http://localhost:4744/oauth2/auth",
+    token_endpoint: "http://localhost:4744/oauth2/token",
+    id: "dummy-client",
+    secret: "secret",
+    token_endpoint_auth_method: "client_secret_basic",
+    grant_types: ["authorization_code", "refresh_token"],
+    response_types: ["code", "id_token"],
+    scopes: ["openid", "offline", "email", "website"],
+    callbacks: [
+      "http://localhost:5555/callback",
+      "https://httpbin.org/anything",
+    ],
+  }
+
+  it("registration", () => {
+    const url = oauth2.getDefaultAuthorizeURL(client)
+
+    cy.visit(url)
+    cy.get("[data-testid=signup-link]").click()
+
+    const email = gen.email()
+    const password = gen.password()
+
+    cy.get('[name="traits.email"]').type(email)
+    cy.get("[name=password]").type(password)
+    cy.get('[name="traits.website"]').type("http://example.com")
+    cy.get('input[type=checkbox][name="traits.tos"]').click({ force: true })
+    cy.get('[name="traits.age"]').type("199")
+    cy.get('input[type=checkbox][name="traits.consent"]').click({ force: true })
+    cy.get('input[type=checkbox][name="traits.newsletter"]').click({
+      force: true,
+    })
+    cy.get("[type=submit]").click()
+
+    cy.get("#openid").click()
+    cy.get("#offline").click()
+    cy.get("#accept").click()
+
+    const scope = ["offline", "openid"]
+    httpbin.checkToken(client, scope, (token: any) => {
+      expect(token).to.have.property("access_token")
+      expect(token).to.have.property("id_token")
+      expect(token).to.have.property("refresh_token")
+      expect(token).to.have.property("token_type")
+      expect(token).to.have.property("expires_in")
+      expect(token.scope).to.equal("offline openid")
+      let idToken = JSON.parse(
+        decodeURIComponent(escape(window.atob(token.id_token.split(".")[1]))),
+      )
+      expect(idToken).to.have.property("amr")
+      expect(idToken.amr).to.deep.equal(["password"])
+    })
+  })
+})
diff --git a/test/e2e/hydra-kratos-login-consent/.gitignore b/test/e2e/hydra-kratos-login-consent/.gitignore
new file mode 100644
index 000000000000..5176eab7c305
--- /dev/null
+++ b/test/e2e/hydra-kratos-login-consent/.gitignore
@@ -0,0 +1 @@
+hydra-kratos-login-consent
diff --git a/test/e2e/hydra-kratos-login-consent/go.mod b/test/e2e/hydra-kratos-login-consent/go.mod
new file mode 100644
index 000000000000..6c589972795e
--- /dev/null
+++ b/test/e2e/hydra-kratos-login-consent/go.mod
@@ -0,0 +1,14 @@
+module github.com/ory/kratos/test/e2e/hydra-kratos-login-consent
+
+go 1.16
+
+replace github.com/oleiade/reflections => github.com/oleiade/reflections v1.0.1
+
+replace golang.org/x/sys => golang.org/x/sys v0.0.0-20220319134239-a9b59b0215f8
+
+require (
+	github.com/julienschmidt/httprouter v1.3.0
+	github.com/ory/hydra-client-go v1.7.4
+	github.com/ory/kratos-client-go v0.10.1
+	github.com/ory/x v0.0.116
+)
diff --git a/test/e2e/hydra-kratos-login-consent/go.sum b/test/e2e/hydra-kratos-login-consent/go.sum
new file mode 100644
index 000000000000..c241b3ef328f
--- /dev/null
+++ b/test/e2e/hydra-kratos-login-consent/go.sum
@@ -0,0 +1,1249 @@
+bazil.org/fuse v0.0.0-20160811212531-371fbbdaa898/go.mod h1:Xbm+BRKSBEpa4q4hTSxohYNQpsxXPbPry4JJWOB3LB8=
+cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
+cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
+cloud.google.com/go v0.38.0/go.mod h1:990N+gfupTy94rShfmMCWGDn0LpTmnzTp2qbd1dvSRU=
+cloud.google.com/go v0.41.0/go.mod h1:OauMR7DV8fzvZIl2qg6rkaIhD/vmgk4iwEw/h6ercmg=
+cloud.google.com/go v0.44.1/go.mod h1:iSa0KzasP4Uvy3f1mN/7PiObzGgflwredwwASm/v6AU=
+cloud.google.com/go v0.44.2/go.mod h1:60680Gw3Yr4ikxnPRS/oxxkBccT6SA1yMk63TGekxKY=
+cloud.google.com/go v0.45.1/go.mod h1:RpBamKRgapWJb87xiFSdk4g1CME7QZg3uwTez+TSTjc=
+cloud.google.com/go v0.46.3/go.mod h1:a6bKKbmY7er1mI7TEI4lsAkts/mkhTSZK8w33B4RAg0=
+cloud.google.com/go v0.50.0/go.mod h1:r9sluTvynVuxRIOHXQEHMFffphuXHOMZMycpNR5e6To=
+cloud.google.com/go v0.52.0/go.mod h1:pXajvRH/6o3+F9jDHZWQ5PbGhn+o8w9qiu/CffaVdO4=
+cloud.google.com/go v0.53.0/go.mod h1:fp/UouUEsRkN6ryDKNW/Upv/JBKnv6WDthjR6+vze6M=
+cloud.google.com/go v0.54.0/go.mod h1:1rq2OEkV3YMf6n/9ZvGWI3GWw0VoqH/1x2nd8Is/bPc=
+cloud.google.com/go v0.56.0/go.mod h1:jr7tqZxxKOVYizybht9+26Z/gUq7tiRzu+ACVAMbKVk=
+cloud.google.com/go v0.57.0/go.mod h1:oXiQ6Rzq3RAkkY7N6t3TcE6jE+CIBBbA36lwQ1JyzZs=
+cloud.google.com/go v0.62.0/go.mod h1:jmCYTdRCQuc1PHIIJ/maLInMho30T/Y0M4hTdTShOYc=
+cloud.google.com/go v0.65.0/go.mod h1:O5N8zS7uWy9vkA9vayVHs65eM1ubvY4h553ofrNHObY=
+cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o=
+cloud.google.com/go/bigquery v1.3.0/go.mod h1:PjpwJnslEMmckchkHFfq+HTD2DmtT67aNFKH1/VBDHE=
+cloud.google.com/go/bigquery v1.4.0/go.mod h1:S8dzgnTigyfTmLBfrtrhyYhwRxG72rYxvftPBK2Dvzc=
+cloud.google.com/go/bigquery v1.5.0/go.mod h1:snEHRnqQbz117VIFhE8bmtwIDY80NLUZUMb4Nv6dBIg=
+cloud.google.com/go/bigquery v1.7.0/go.mod h1://okPTzCYNXSlb24MZs83e2Do+h+VXtc4gLoIoXIAPc=
+cloud.google.com/go/bigquery v1.8.0/go.mod h1:J5hqkt3O0uAFnINi6JXValWIb1v0goeZM77hZzJN/fQ=
+cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE=
+cloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1b3c64qFpCk=
+cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I=
+cloud.google.com/go/pubsub v1.1.0/go.mod h1:EwwdRX2sKPjnvnqCa270oGRyludottCI76h+R3AArQw=
+cloud.google.com/go/pubsub v1.2.0/go.mod h1:jhfEVHT8odbXTkndysNHCcx0awwzvfOlguIAii9o8iA=
+cloud.google.com/go/pubsub v1.3.1/go.mod h1:i+ucay31+CNRpDW4Lu78I4xXG+O1r/MAHgjpRVR+TSU=
+cloud.google.com/go/storage v1.0.0/go.mod h1:IhtSnM/ZTZV8YYJWCY8RULGVqBDmpoyjwiyrjsg+URw=
+cloud.google.com/go/storage v1.5.0/go.mod h1:tpKbwo567HUNpVclU5sGELwQWBDZ8gh0ZeosJ0Rtdos=
+cloud.google.com/go/storage v1.6.0/go.mod h1:N7U0C8pVQ/+NIKOBQyamJIeKQKkZ+mxpohlUTyfDhBk=
+cloud.google.com/go/storage v1.8.0/go.mod h1:Wv1Oy7z6Yz3DshWRJFhqM/UCfaWIRTdp0RXyy7KQOVs=
+cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9ullr3+Kg0=
+dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU=
+github.com/Azure/go-ansiterm v0.0.0-20170929234023-d6e3b3328b78/go.mod h1:LmzpDX56iTiv29bbRTIsUNlaFfuhWRQBWjQdVyAevI8=
+github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
+github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo=
+github.com/DATA-DOG/go-sqlmock v1.3.3/go.mod h1:f/Ixk793poVmq4qj/V1dPUg2JEAKC73Q5eFN3EC/SaM=
+github.com/Masterminds/semver v1.4.2/go.mod h1:MB6lktGJrhw8PrUyiEoblNEGEQ+RzHPF078ddwwvV3Y=
+github.com/Masterminds/semver/v3 v3.0.3/go.mod h1:VPu/7SZ7ePZ3QOrcuXROw5FAcLl4a0cBrbBpGY/8hQs=
+github.com/Microsoft/go-winio v0.4.11/go.mod h1:VhR8bwka0BXejwEJY73c50VrPtXAaKcyvVC4A4RozmA=
+github.com/Microsoft/go-winio v0.4.14/go.mod h1:qXqCSQ3Xa7+6tgxaGTIe4Kpcdsi+P8jBhyzoq1bpyYA=
+github.com/Nvveen/Gotty v0.0.0-20120604004816-cd527374f1e5/go.mod h1:lmUJ/7eu/Q8D7ML55dXQrVaamCz2vxCfdQBasLZfHKk=
+github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU=
+github.com/PuerkitoBio/purell v1.1.0/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0=
+github.com/PuerkitoBio/purell v1.1.1 h1:WEQqlqaGbrPkxLJWfBwQmfEAE1Z7ONdDLqrN38tNFfI=
+github.com/PuerkitoBio/purell v1.1.1/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0=
+github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578 h1:d+Bc7a5rLufV/sSk/8dngufqelfh6jnri85riMAaF/M=
+github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE=
+github.com/ajg/form v0.0.0-20160822230020-523a5da1a92f/go.mod h1:uL1WgH+h2mgNtvBq0339dVnzXdBETtL2LeUXaIv25UY=
+github.com/ajstarks/svgo v0.0.0-20180226025133-644b8db467af/go.mod h1:K08gAheRH3/J6wwsYMMT4xOr94bZjxIelGM0+d/wbFw=
+github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
+github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
+github.com/armon/consul-api v0.0.0-20180202201655-eb2c6b5be1b6/go.mod h1:grANhF5doyWs3UAsr3K4I6qtAmlQcZDesFNEHPZAzj8=
+github.com/asaskevich/govalidator v0.0.0-20180720115003-f9ffefc3facf/go.mod h1:lB+ZfQJz7igIIfQNfa7Ml4HSf2uFQQRzpGGRXenZAgY=
+github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a/go.mod h1:lB+ZfQJz7igIIfQNfa7Ml4HSf2uFQQRzpGGRXenZAgY=
+github.com/asaskevich/govalidator v0.0.0-20200108200545-475eaeb16496/go.mod h1:oGkLhpf+kjZl6xBf758TQhh5XrAeiJv/7FRz/2spLIg=
+github.com/asaskevich/govalidator v0.0.0-20200428143746-21a406dcc535 h1:4daAzAu0S6Vi7/lbWECcX0j45yZReDZ56BQsrVBOEEY=
+github.com/asaskevich/govalidator v0.0.0-20200428143746-21a406dcc535/go.mod h1:oGkLhpf+kjZl6xBf758TQhh5XrAeiJv/7FRz/2spLIg=
+github.com/aws/aws-sdk-go v1.23.19/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo=
+github.com/aws/aws-xray-sdk-go v0.9.4/go.mod h1:XtMKdBQfpVut+tJEwI7+dJFRxxRdxHDyVNp2tHXRq04=
+github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
+github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8=
+github.com/bmizerany/assert v0.0.0-20160611221934-b7ed37b82869/go.mod h1:Ekp36dRnpXw/yCqJaO+ZrUyxD+3VXMFFr56k5XYrpB4=
+github.com/cenkalti/backoff v2.1.1+incompatible/go.mod h1:90ReRw6GdpyfrHakVjL/QHaoyV4aDUVVkXQJJJ3NXXM=
+github.com/cenkalti/backoff v2.2.1+incompatible/go.mod h1:90ReRw6GdpyfrHakVjL/QHaoyV4aDUVVkXQJJJ3NXXM=
+github.com/cenkalti/backoff/v3 v3.0.0/go.mod h1:cIeZDE3IrqwwJl6VUwCN6trj1oXrTS4rc0ij+ULvLYs=
+github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
+github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc=
+github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI=
+github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI=
+github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU=
+github.com/cihub/seelog v0.0.0-20170130134532-f561c5e57575/go.mod h1:9d6lWj8KzO/fd/NrVaLscBKmPigpZpn5YawRPw+e3Yo=
+github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
+github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc=
+github.com/cockroachdb/apd v1.1.0/go.mod h1:8Sl8LxpKi29FqWXR16WEFZRNSz3SoPzUzeMeY4+DwBQ=
+github.com/cockroachdb/cockroach-go v0.0.0-20181001143604-e0a95dfd547c/go.mod h1:XGLbWH/ujMcbPbhZq52Nv6UrCghb1yGn//133kEsvDk=
+github.com/cockroachdb/cockroach-go v0.0.0-20190925194419-606b3d062051/go.mod h1:XGLbWH/ujMcbPbhZq52Nv6UrCghb1yGn//133kEsvDk=
+github.com/cockroachdb/cockroach-go v0.0.0-20200312223839-f565e4789405/go.mod h1:XGLbWH/ujMcbPbhZq52Nv6UrCghb1yGn//133kEsvDk=
+github.com/codahale/hdrhistogram v0.0.0-20161010025455-3a0bb77429bd/go.mod h1:sE/e/2PUdi/liOCUjSTXgM1o87ZssimdTWN964YiIeI=
+github.com/codegangsta/negroni v1.0.0/go.mod h1:v0y3T5G7Y1UlFfyxFn/QLRU4a2EuNau2iZY63YTKWo0=
+github.com/containerd/continuity v0.0.0-20181203112020-004b46473808/go.mod h1:GL3xCUCBDV3CZiTSEKksMWbLE66hEyuu9qyDOOqM47Y=
+github.com/containerd/continuity v0.0.0-20190827140505-75bee3e2ccb6/go.mod h1:GL3xCUCBDV3CZiTSEKksMWbLE66hEyuu9qyDOOqM47Y=
+github.com/containerd/continuity v0.0.0-20200107194136-26c1120b8d41/go.mod h1:Dq467ZllaHgAtVp4p1xUQWBrFXR9s/wyoTpG8zOJGkY=
+github.com/coreos/bbolt v1.3.2/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk=
+github.com/coreos/etcd v3.3.10+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE=
+github.com/coreos/go-etcd v2.0.0+incompatible/go.mod h1:Jez6KQU2B/sWsbdaef3ED8NzMklzPG4d5KIOhIy30Tk=
+github.com/coreos/go-semver v0.2.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk=
+github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4=
+github.com/coreos/go-systemd v0.0.0-20190719114852-fd7a80b32e1f/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4=
+github.com/coreos/pkg v0.0.0-20180928190104-399ea9e2e55f/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA=
+github.com/cpuguy83/go-md2man v1.0.10/go.mod h1:SmD6nW6nTyfqj6ABTjUi3V3JVMnlJmwcJI5acqYI6dE=
+github.com/cpuguy83/go-md2man/v2 v2.0.0/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU=
+github.com/creack/pty v1.1.7/go.mod h1:lj5s0c3V2DBrqTV7llrYr5NG6My20zk30Fl46Y7DoTY=
+github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
+github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
+github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/dgraph-io/ristretto v0.0.1/go.mod h1:T40EBc7CJke8TkpiYfGGKAeFjSaxuFXhuXRyumBd6RE=
+github.com/dgraph-io/ristretto v0.0.2/go.mod h1:KPxhHT9ZxKefz+PCeOGsrHpl1qZ7i70dGTu2u+Ahh6E=
+github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ=
+github.com/dgryski/go-farm v0.0.0-20190423205320-6a90982ecee2/go.mod h1:SqUrOPUnsFjfmXRMNPybcSiG0BgUW2AuFH8PAnS2iTw=
+github.com/dgryski/go-sip13 v0.0.0-20181026042036-e10d5fee7954/go.mod h1:vAd38F8PWV+bWy6jNmig1y/TA+kYO4g3RSRF0IAv0no=
+github.com/docker/go-connections v0.4.0/go.mod h1:Gbd7IOopHjR8Iph03tsViu4nIes5XhDvyHbTtUxmeec=
+github.com/docker/go-units v0.3.3/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk=
+github.com/docker/go-units v0.4.0/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk=
+github.com/dustin/go-humanize v0.0.0-20171111073723-bb3d318650d4/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk=
+github.com/dustin/go-humanize v0.0.0-20180713052910-9f541cc9db5d/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk=
+github.com/dustin/go-humanize v1.0.0/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk=
+github.com/elazarl/goproxy v0.0.0-20181003060214-f58a169a71a5/go.mod h1:/Zj4wYkgs4iZTTu3o/KG3Itv/qCCa8VVMlb3i9OVuzc=
+github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
+github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
+github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98=
+github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
+github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4=
+github.com/fatih/color v1.9.0/go.mod h1:eQcE1qtQxscV5RaZvpXrrb8Drkc3/DdQ+uUYCNjL+zU=
+github.com/fatih/structs v1.0.0/go.mod h1:9NiDSp5zOcgEDl+j00MP/WkGVPOlPRLejGD8Ga6PJ7M=
+github.com/fatih/structs v1.1.0/go.mod h1:9NiDSp5zOcgEDl+j00MP/WkGVPOlPRLejGD8Ga6PJ7M=
+github.com/fogleman/gg v1.2.1-0.20190220221249-0403632d5b90/go.mod h1:R/bRT+9gY/C5z7JzPU0zXsXHKM4/ayA+zqcVNZzPa1k=
+github.com/fogleman/gg v1.3.0/go.mod h1:R/bRT+9gY/C5z7JzPU0zXsXHKM4/ayA+zqcVNZzPa1k=
+github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo=
+github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ=
+github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
+github.com/globalsign/mgo v0.0.0-20180905125535-1ca0a4f7cbcb/go.mod h1:xkRDCp4j0OGD1HRkm4kmhM+pmpv3AKq5SU7GMg4oO/Q=
+github.com/globalsign/mgo v0.0.0-20181015135952-eeefdecb41b8/go.mod h1:xkRDCp4j0OGD1HRkm4kmhM+pmpv3AKq5SU7GMg4oO/Q=
+github.com/go-bindata/go-bindata v3.1.1+incompatible/go.mod h1:xK8Dsgwmeed+BBsSy2XTopBn/8uK2HWuGSnA11C3Joo=
+github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU=
+github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
+github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
+github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
+github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE=
+github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk=
+github.com/go-openapi/analysis v0.0.0-20180825180245-b006789cd277/go.mod h1:k70tL6pCuVxPJOHXQ+wIac1FUrvNkHolPie/cLEU6hI=
+github.com/go-openapi/analysis v0.17.0/go.mod h1:IowGgpVeD0vNm45So8nr+IcQ3pxVtpRoBWb8PVZO0ik=
+github.com/go-openapi/analysis v0.18.0/go.mod h1:IowGgpVeD0vNm45So8nr+IcQ3pxVtpRoBWb8PVZO0ik=
+github.com/go-openapi/analysis v0.19.2/go.mod h1:3P1osvZa9jKjb8ed2TPng3f0i/UY9snX6gxi44djMjk=
+github.com/go-openapi/analysis v0.19.4/go.mod h1:3P1osvZa9jKjb8ed2TPng3f0i/UY9snX6gxi44djMjk=
+github.com/go-openapi/analysis v0.19.5/go.mod h1:hkEAkxagaIvIP7VTn8ygJNkd4kAYON2rCu0v0ObL0AU=
+github.com/go-openapi/analysis v0.19.10 h1:5BHISBAXOc/aJK25irLZnx2D3s6WyYaY9D4gmuz9fdE=
+github.com/go-openapi/analysis v0.19.10/go.mod h1:qmhS3VNFxBlquFJ0RGoDtylO9y4pgTAUNE9AEEMdlJQ=
+github.com/go-openapi/errors v0.17.0/go.mod h1:LcZQpmvG4wyF5j4IhA73wkLFQg+QJXOQHVjmcZxhka0=
+github.com/go-openapi/errors v0.18.0/go.mod h1:LcZQpmvG4wyF5j4IhA73wkLFQg+QJXOQHVjmcZxhka0=
+github.com/go-openapi/errors v0.19.2/go.mod h1:qX0BLWsyaKfvhluLejVpVNwNRdXZhEbTA4kxxpKBC94=
+github.com/go-openapi/errors v0.19.3/go.mod h1:qX0BLWsyaKfvhluLejVpVNwNRdXZhEbTA4kxxpKBC94=
+github.com/go-openapi/errors v0.19.6 h1:xZMThgv5SQ7SMbWtKFkCf9bBdvR2iEyw9k3zGZONuys=
+github.com/go-openapi/errors v0.19.6/go.mod h1:cM//ZKUKyO06HSwqAelJ5NsEMMcpa6VpXe8DOa1Mi1M=
+github.com/go-openapi/jsonpointer v0.17.0/go.mod h1:cOnomiV+CVVwFLk0A/MExoFMjwdsUdVpsRhURCKh+3M=
+github.com/go-openapi/jsonpointer v0.18.0/go.mod h1:cOnomiV+CVVwFLk0A/MExoFMjwdsUdVpsRhURCKh+3M=
+github.com/go-openapi/jsonpointer v0.19.2/go.mod h1:3akKfEdA7DF1sugOqz1dVQHBcuDBPKZGEoHC/NkiQRg=
+github.com/go-openapi/jsonpointer v0.19.3 h1:gihV7YNZK1iK6Tgwwsxo2rJbD1GTbdm72325Bq8FI3w=
+github.com/go-openapi/jsonpointer v0.19.3/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg=
+github.com/go-openapi/jsonreference v0.17.0/go.mod h1:g4xxGn04lDIRh0GJb5QlpE3HfopLOL6uZrK/VgnsK9I=
+github.com/go-openapi/jsonreference v0.18.0/go.mod h1:g4xxGn04lDIRh0GJb5QlpE3HfopLOL6uZrK/VgnsK9I=
+github.com/go-openapi/jsonreference v0.19.2/go.mod h1:jMjeRr2HHw6nAVajTXJ4eiUwohSTlpa0o73RUL1owJc=
+github.com/go-openapi/jsonreference v0.19.3 h1:5cxNfTy0UVC3X8JL5ymxzyoUZmo8iZb+jeTWn7tUa8o=
+github.com/go-openapi/jsonreference v0.19.3/go.mod h1:rjx6GuL8TTa9VaixXglHmQmIL98+wF9xc8zWvFonSJ8=
+github.com/go-openapi/loads v0.17.0/go.mod h1:72tmFy5wsWx89uEVddd0RjRWPZm92WRLhf7AC+0+OOU=
+github.com/go-openapi/loads v0.18.0/go.mod h1:72tmFy5wsWx89uEVddd0RjRWPZm92WRLhf7AC+0+OOU=
+github.com/go-openapi/loads v0.19.0/go.mod h1:72tmFy5wsWx89uEVddd0RjRWPZm92WRLhf7AC+0+OOU=
+github.com/go-openapi/loads v0.19.2/go.mod h1:QAskZPMX5V0C2gvfkGZzJlINuP7Hx/4+ix5jWFxsNPs=
+github.com/go-openapi/loads v0.19.3/go.mod h1:YVfqhUCdahYwR3f3iiwQLhicVRvLlU/WO5WPaZvcvSI=
+github.com/go-openapi/loads v0.19.5 h1:jZVYWawIQiA1NBnHla28ktg6hrcfTHsCE+3QLVRBIls=
+github.com/go-openapi/loads v0.19.5/go.mod h1:dswLCAdonkRufe/gSUC3gN8nTSaB9uaS2es0x5/IbjY=
+github.com/go-openapi/runtime v0.0.0-20180920151709-4f900dc2ade9/go.mod h1:6v9a6LTXWQCdL8k1AO3cvqx5OtZY/Y9wKTgaoP6YRfA=
+github.com/go-openapi/runtime v0.19.0/go.mod h1:OwNfisksmmaZse4+gpV3Ne9AyMOlP1lt4sK4FXt0O64=
+github.com/go-openapi/runtime v0.19.4/go.mod h1:X277bwSUBxVlCYR3r7xgZZGKVvBd/29gLDlFGtJ8NL4=
+github.com/go-openapi/runtime v0.19.15/go.mod h1:dhGWCTKRXlAfGnQG0ONViOZpjfg0m2gUt9nTQPQZuoo=
+github.com/go-openapi/runtime v0.19.21 h1:81PiYus9l6fwwS4EwhJD+tQb3EPZBeWfgdAVTfFD25Q=
+github.com/go-openapi/runtime v0.19.21/go.mod h1:Lm9YGCeecBnUUkFTxPC4s1+lwrkJ0pthx8YvyjCfkgk=
+github.com/go-openapi/spec v0.17.0/go.mod h1:XkF/MOi14NmjsfZ8VtAKf8pIlbZzyoTvZsdfssdxcBI=
+github.com/go-openapi/spec v0.18.0/go.mod h1:XkF/MOi14NmjsfZ8VtAKf8pIlbZzyoTvZsdfssdxcBI=
+github.com/go-openapi/spec v0.19.2/go.mod h1:sCxk3jxKgioEJikev4fgkNmwS+3kuYdJtcsZsD5zxMY=
+github.com/go-openapi/spec v0.19.3/go.mod h1:FpwSN1ksY1eteniUU7X0N/BgJ7a4WvBFVA8Lj9mJglo=
+github.com/go-openapi/spec v0.19.6/go.mod h1:Hm2Jr4jv8G1ciIAo+frC/Ft+rR2kQDh8JHKHb3gWUSk=
+github.com/go-openapi/spec v0.19.8 h1:qAdZLh1r6QF/hI/gTq+TJTvsQUodZsM7KLqkAJdiJNg=
+github.com/go-openapi/spec v0.19.8/go.mod h1:Hm2Jr4jv8G1ciIAo+frC/Ft+rR2kQDh8JHKHb3gWUSk=
+github.com/go-openapi/strfmt v0.17.0/go.mod h1:P82hnJI0CXkErkXi8IKjPbNBM6lV6+5pLP5l494TcyU=
+github.com/go-openapi/strfmt v0.18.0/go.mod h1:P82hnJI0CXkErkXi8IKjPbNBM6lV6+5pLP5l494TcyU=
+github.com/go-openapi/strfmt v0.19.0/go.mod h1:+uW+93UVvGGq2qGaZxdDeJqSAqBqBdl+ZPMF/cC8nDY=
+github.com/go-openapi/strfmt v0.19.2/go.mod h1:0yX7dbo8mKIvc3XSKp7MNfxw4JytCfCD6+bY1AVL9LU=
+github.com/go-openapi/strfmt v0.19.3/go.mod h1:0yX7dbo8mKIvc3XSKp7MNfxw4JytCfCD6+bY1AVL9LU=
+github.com/go-openapi/strfmt v0.19.4/go.mod h1:eftuHTlB/dI8Uq8JJOyRlieZf+WkkxUuk0dgdHXr2Qk=
+github.com/go-openapi/strfmt v0.19.5 h1:0utjKrw+BAh8s57XE9Xz8DUBsVvPmRUB6styvl9wWIM=
+github.com/go-openapi/strfmt v0.19.5/go.mod h1:eftuHTlB/dI8Uq8JJOyRlieZf+WkkxUuk0dgdHXr2Qk=
+github.com/go-openapi/swag v0.17.0/go.mod h1:AByQ+nYG6gQg71GINrmuDXCPWdL640yX49/kXLo40Tg=
+github.com/go-openapi/swag v0.18.0/go.mod h1:AByQ+nYG6gQg71GINrmuDXCPWdL640yX49/kXLo40Tg=
+github.com/go-openapi/swag v0.19.2/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh66Z9tfKk=
+github.com/go-openapi/swag v0.19.5/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh66Z9tfKk=
+github.com/go-openapi/swag v0.19.7/go.mod h1:ao+8BpOPyKdpQz3AOJfbeEVpLmWAvlT1IfTe5McPyhY=
+github.com/go-openapi/swag v0.19.9 h1:1IxuqvBUU3S2Bi4YC7tlP9SJF1gVpCvqN0T2Qof4azE=
+github.com/go-openapi/swag v0.19.9/go.mod h1:ao+8BpOPyKdpQz3AOJfbeEVpLmWAvlT1IfTe5McPyhY=
+github.com/go-openapi/validate v0.18.0/go.mod h1:Uh4HdOzKt19xGIGm1qHf/ofbX1YQ4Y+MYsct2VUrAJ4=
+github.com/go-openapi/validate v0.19.2/go.mod h1:1tRCw7m3jtI8eNWEEliiAqUIcBztB2KDnRCRMUi7GTA=
+github.com/go-openapi/validate v0.19.3/go.mod h1:90Vh6jjkTn+OT1Eefm0ZixWNFjhtOH7vS9k0lo6zwJo=
+github.com/go-openapi/validate v0.19.10 h1:tG3SZ5DC5KF4cyt7nqLVcQXGj5A7mpaYkAcNPlDK+Yk=
+github.com/go-openapi/validate v0.19.10/go.mod h1:RKEZTUWDkxKQxN2jDT7ZnZi2bhZlbNMAuKvKB+IaGx8=
+github.com/go-sql-driver/mysql v1.4.0/go.mod h1:zAC/RDZ24gD3HViQzih4MyKcchzm+sOG5ZlKdlhCg5w=
+github.com/go-sql-driver/mysql v1.4.1/go.mod h1:zAC/RDZ24gD3HViQzih4MyKcchzm+sOG5ZlKdlhCg5w=
+github.com/go-sql-driver/mysql v1.5.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg=
+github.com/go-stack/stack v1.8.0 h1:5SgMzNM5HxrEjV0ww2lTmX6E2Izsfxas4+YHWRs3Lsk=
+github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY=
+github.com/gobuffalo/attrs v0.0.0-20190224210810-a9411de4debd/go.mod h1:4duuawTqi2wkkpB4ePgWMaai6/Kc6WEz83bhFwpHzj0=
+github.com/gobuffalo/attrs v0.1.0/go.mod h1:fmNpaWyHM0tRm8gCZWKx8yY9fvaNLo2PyzBNSrBZ5Hw=
+github.com/gobuffalo/buffalo v0.12.8-0.20181004233540-fac9bb505aa8/go.mod h1:sLyT7/dceRXJUxSsE813JTQtA3Eb1vjxWfo/N//vXIY=
+github.com/gobuffalo/buffalo v0.13.0/go.mod h1:Mjn1Ba9wpIbpbrD+lIDMy99pQ0H0LiddMIIDGse7qT4=
+github.com/gobuffalo/buffalo-plugins v1.0.2/go.mod h1:pOp/uF7X3IShFHyobahTkTLZaeUXwb0GrUTb9ngJWTs=
+github.com/gobuffalo/buffalo-plugins v1.0.4/go.mod h1:pWS1vjtQ6uD17MVFWf7i3zfThrEKWlI5+PYLw/NaDB4=
+github.com/gobuffalo/buffalo-plugins v1.4.3/go.mod h1:uCzTY0woez4nDMdQjkcOYKanngeUVRO2HZi7ezmAjWY=
+github.com/gobuffalo/buffalo-plugins v1.5.1/go.mod h1:jbmwSZK5+PiAP9cC09VQOrGMZFCa/P0UMlIS3O12r5w=
+github.com/gobuffalo/buffalo-plugins v1.6.4/go.mod h1:/+N1aophkA2jZ1ifB2O3Y9yGwu6gKOVMtUmJnbg+OZI=
+github.com/gobuffalo/buffalo-plugins v1.6.5/go.mod h1:0HVkbgrVs/MnPZ/FOseDMVanCTm2RNcdM0PuXcL1NNI=
+github.com/gobuffalo/buffalo-plugins v1.6.7/go.mod h1:ZGZRkzz2PiKWHs0z7QsPBOTo2EpcGRArMEym6ghKYgk=
+github.com/gobuffalo/buffalo-plugins v1.6.9/go.mod h1:yYlYTrPdMCz+6/+UaXg5Jm4gN3xhsvsQ2ygVatZV5vw=
+github.com/gobuffalo/buffalo-plugins v1.6.11/go.mod h1:eAA6xJIL8OuynJZ8amXjRmHND6YiusVAaJdHDN1Lu8Q=
+github.com/gobuffalo/buffalo-plugins v1.8.2/go.mod h1:9te6/VjEQ7pKp7lXlDIMqzxgGpjlKoAcAANdCgoR960=
+github.com/gobuffalo/buffalo-plugins v1.8.3/go.mod h1:IAWq6vjZJVXebIq2qGTLOdlXzmpyTZ5iJG5b59fza5U=
+github.com/gobuffalo/buffalo-plugins v1.9.4/go.mod h1:grCV6DGsQlVzQwk6XdgcL3ZPgLm9BVxlBmXPMF8oBHI=
+github.com/gobuffalo/buffalo-plugins v1.10.0/go.mod h1:4osg8d9s60txLuGwXnqH+RCjPHj9K466cDFRl3PErHI=
+github.com/gobuffalo/buffalo-plugins v1.11.0/go.mod h1:rtIvAYRjYibgmWhnjKmo7OadtnxuMG5ZQLr25ozAzjg=
+github.com/gobuffalo/buffalo-plugins v1.15.0/go.mod h1:BqSx01nwgKUQr/MArXzFkSD0QvdJidiky1OKgyfgrK8=
+github.com/gobuffalo/buffalo-pop v1.0.5/go.mod h1:Fw/LfFDnSmB/vvQXPvcXEjzP98Tc+AudyNWUBWKCwQ8=
+github.com/gobuffalo/depgen v0.0.0-20190329151759-d478694a28d3/go.mod h1:3STtPUQYuzV0gBVOY3vy6CfMm/ljR4pABfrTeHNLHUY=
+github.com/gobuffalo/depgen v0.1.0/go.mod h1:+ifsuy7fhi15RWncXQQKjWS9JPkdah5sZvtHc2RXGlg=
+github.com/gobuffalo/envy v1.6.4/go.mod h1:Abh+Jfw475/NWtYMEt+hnJWRiC8INKWibIMyNt1w2Mc=
+github.com/gobuffalo/envy v1.6.5/go.mod h1:N+GkhhZ/93bGZc6ZKhJLP6+m+tCNPKwgSpH9kaifseQ=
+github.com/gobuffalo/envy v1.6.6/go.mod h1:N+GkhhZ/93bGZc6ZKhJLP6+m+tCNPKwgSpH9kaifseQ=
+github.com/gobuffalo/envy v1.6.7/go.mod h1:N+GkhhZ/93bGZc6ZKhJLP6+m+tCNPKwgSpH9kaifseQ=
+github.com/gobuffalo/envy v1.6.8/go.mod h1:N+GkhhZ/93bGZc6ZKhJLP6+m+tCNPKwgSpH9kaifseQ=
+github.com/gobuffalo/envy v1.6.9/go.mod h1:N+GkhhZ/93bGZc6ZKhJLP6+m+tCNPKwgSpH9kaifseQ=
+github.com/gobuffalo/envy v1.6.10/go.mod h1:X0CFllQjTV5ogsnUrg+Oks2yTI+PU2dGYBJOEI2D1Uo=
+github.com/gobuffalo/envy v1.6.11/go.mod h1:Fiq52W7nrHGDggFPhn2ZCcHw4u/rqXkqo+i7FB6EAcg=
+github.com/gobuffalo/envy v1.6.12/go.mod h1:qJNrJhKkZpEW0glh5xP2syQHH5kgdmgsKss2Kk8PTP0=
+github.com/gobuffalo/envy v1.6.15/go.mod h1:n7DRkBerg/aorDM8kbduw5dN3oXGswK5liaSCx4T5NI=
+github.com/gobuffalo/envy v1.7.0/go.mod h1:n7DRkBerg/aorDM8kbduw5dN3oXGswK5liaSCx4T5NI=
+github.com/gobuffalo/envy v1.7.1/go.mod h1:FurDp9+EDPE4aIUS3ZLyD+7/9fpx7YRt/ukY6jIHf0w=
+github.com/gobuffalo/envy v1.8.1/go.mod h1:FurDp9+EDPE4aIUS3ZLyD+7/9fpx7YRt/ukY6jIHf0w=
+github.com/gobuffalo/envy v1.9.0/go.mod h1:FurDp9+EDPE4aIUS3ZLyD+7/9fpx7YRt/ukY6jIHf0w=
+github.com/gobuffalo/events v1.0.3/go.mod h1:Txo8WmqScapa7zimEQIwgiJBvMECMe9gJjsKNPN3uZw=
+github.com/gobuffalo/events v1.0.7/go.mod h1:z8txf6H9jWhQ5Scr7YPLWg/cgXBRj8Q4uYI+rsVCCSQ=
+github.com/gobuffalo/events v1.0.8/go.mod h1:A5KyqT1sA+3GJiBE4QKZibse9mtOcI9nw8gGrDdqYGs=
+github.com/gobuffalo/events v1.1.3/go.mod h1:9yPGWYv11GENtzrIRApwQRMYSbUgCsZ1w6R503fCfrk=
+github.com/gobuffalo/events v1.1.4/go.mod h1:09/YRRgZHEOts5Isov+g9X2xajxdvOAcUuAHIX/O//A=
+github.com/gobuffalo/events v1.1.5/go.mod h1:3YUSzgHfYctSjEjLCWbkXP6djH2M+MLaVRzb4ymbAK0=
+github.com/gobuffalo/events v1.1.7/go.mod h1:6fGqxH2ing5XMb3EYRq9LEkVlyPGs4oO/eLzh+S8CxY=
+github.com/gobuffalo/events v1.1.8/go.mod h1:UFy+W6X6VbCWS8k2iT81HYX65dMtiuVycMy04cplt/8=
+github.com/gobuffalo/events v1.1.9/go.mod h1:/0nf8lMtP5TkgNbzYxR6Bl4GzBy5s5TebgNTdRfRbPM=
+github.com/gobuffalo/events v1.3.1/go.mod h1:9JOkQVoyRtailYVE/JJ2ZQ/6i4gTjM5t2HsZK4C1cSA=
+github.com/gobuffalo/events v1.4.1/go.mod h1:SjXgWKpeSuvQDvGhgMz5IXx3Czu+IbL+XPLR41NvVQY=
+github.com/gobuffalo/fizz v1.0.12/go.mod h1:C0sltPxpYK8Ftvf64kbsQa2yiCZY4RZviurNxXdAKwc=
+github.com/gobuffalo/fizz v1.9.8/go.mod h1:w1FEn1yKNVCc49KnADGyYGRPH7jFON3ak4Bj1yUudHo=
+github.com/gobuffalo/flect v0.0.0-20180907193754-dc14d8acaf9f/go.mod h1:rCiQgmAE4axgBNl3jZWzS5rETRYTGOsrixTRaCPzNdA=
+github.com/gobuffalo/flect v0.0.0-20181002182613-4571df4b1daf/go.mod h1:rCiQgmAE4axgBNl3jZWzS5rETRYTGOsrixTRaCPzNdA=
+github.com/gobuffalo/flect v0.0.0-20181007231023-ae7ed6bfe683/go.mod h1:rCiQgmAE4axgBNl3jZWzS5rETRYTGOsrixTRaCPzNdA=
+github.com/gobuffalo/flect v0.0.0-20181018182602-fd24a256709f/go.mod h1:rCiQgmAE4axgBNl3jZWzS5rETRYTGOsrixTRaCPzNdA=
+github.com/gobuffalo/flect v0.0.0-20181019110701-3d6f0b585514/go.mod h1:rCiQgmAE4axgBNl3jZWzS5rETRYTGOsrixTRaCPzNdA=
+github.com/gobuffalo/flect v0.0.0-20181024204909-8f6be1a8c6c2/go.mod h1:rCiQgmAE4axgBNl3jZWzS5rETRYTGOsrixTRaCPzNdA=
+github.com/gobuffalo/flect v0.0.0-20181104133451-1f6e9779237a/go.mod h1:rCiQgmAE4axgBNl3jZWzS5rETRYTGOsrixTRaCPzNdA=
+github.com/gobuffalo/flect v0.0.0-20181114183036-47375f6d8328/go.mod h1:0HvNbHdfh+WOvDSIASqJOSxTOWSxCCUF++k/Y53v9rI=
+github.com/gobuffalo/flect v0.0.0-20181210151238-24a2b68e0316/go.mod h1:en58vff74S9b99Eg42Dr+/9yPu437QjlNsO/hBYPuOk=
+github.com/gobuffalo/flect v0.0.0-20190104192022-4af577e09bf2/go.mod h1:en58vff74S9b99Eg42Dr+/9yPu437QjlNsO/hBYPuOk=
+github.com/gobuffalo/flect v0.0.0-20190117212819-a62e61d96794/go.mod h1:397QT6v05LkZkn07oJXXT6y9FCfwC8Pug0WA2/2mE9k=
+github.com/gobuffalo/flect v0.1.0/go.mod h1:d2ehjJqGOH/Kjqcoz+F7jHTBbmDb38yXA598Hb50EGs=
+github.com/gobuffalo/flect v0.1.1/go.mod h1:8JCgGVbRjJhVgD6399mQr4fx5rRfGKVzFjbj6RE/9UI=
+github.com/gobuffalo/flect v0.1.3/go.mod h1:8JCgGVbRjJhVgD6399mQr4fx5rRfGKVzFjbj6RE/9UI=
+github.com/gobuffalo/flect v0.1.5/go.mod h1:W3K3X9ksuZfir8f/LrfVtWmCDQFfayuylOJ7sz/Fj80=
+github.com/gobuffalo/flect v0.2.0/go.mod h1:W3K3X9ksuZfir8f/LrfVtWmCDQFfayuylOJ7sz/Fj80=
+github.com/gobuffalo/flect v0.2.1/go.mod h1:vmkQwuZYhN5Pc4ljYQZzP+1sq+NEkK+lh20jmEmX3jc=
+github.com/gobuffalo/genny v0.0.0-20180924032338-7af3a40f2252/go.mod h1:tUTQOogrr7tAQnhajMSH6rv1BVev34H2sa1xNHMy94g=
+github.com/gobuffalo/genny v0.0.0-20181003150629-3786a0744c5d/go.mod h1:WAd8HmjMVrnkAZbmfgH5dLBUchsZfqzp/WS5sQz+uTM=
+github.com/gobuffalo/genny v0.0.0-20181005145118-318a41a134cc/go.mod h1:WAd8HmjMVrnkAZbmfgH5dLBUchsZfqzp/WS5sQz+uTM=
+github.com/gobuffalo/genny v0.0.0-20181007153042-b8de7d566757/go.mod h1:+oG5Ljrw04czAHbPXREwaFojJbpUvcIy4DiOnbEJFTA=
+github.com/gobuffalo/genny v0.0.0-20181012161047-33e5f43d83a6/go.mod h1:+oG5Ljrw04czAHbPXREwaFojJbpUvcIy4DiOnbEJFTA=
+github.com/gobuffalo/genny v0.0.0-20181017160347-90a774534246/go.mod h1:+oG5Ljrw04czAHbPXREwaFojJbpUvcIy4DiOnbEJFTA=
+github.com/gobuffalo/genny v0.0.0-20181024195656-51392254bf53/go.mod h1:o9GEH5gn5sCKLVB5rHFC4tq40rQ3VRUzmx6WwmaqISE=
+github.com/gobuffalo/genny v0.0.0-20181025145300-af3f81d526b8/go.mod h1:uZ1fFYvdcP8mu0B/Ynarf6dsGvp7QFIpk/QACUuFUVI=
+github.com/gobuffalo/genny v0.0.0-20181027191429-94d6cfb5c7fc/go.mod h1:x7SkrQQBx204Y+O9EwRXeszLJDTaWN0GnEasxgLrQTA=
+github.com/gobuffalo/genny v0.0.0-20181027195209-3887b7171c4f/go.mod h1:JbKx8HSWICu5zyqWOa0dVV1pbbXOHusrSzQUprW6g+w=
+github.com/gobuffalo/genny v0.0.0-20181106193839-7dcb0924caf1/go.mod h1:x61yHxvbDCgQ/7cOAbJCacZQuHgB0KMSzoYcw5debjU=
+github.com/gobuffalo/genny v0.0.0-20181107223128-f18346459dbe/go.mod h1:utQD3aKKEsdb03oR+Vi/6ztQb1j7pO10N3OBoowRcSU=
+github.com/gobuffalo/genny v0.0.0-20181114215459-0a4decd77f5d/go.mod h1:kN2KZ8VgXF9VIIOj/GM0Eo7YK+un4Q3tTreKOf0q1ng=
+github.com/gobuffalo/genny v0.0.0-20181119162812-e8ff4adce8bb/go.mod h1:BA9htSe4bZwBDJLe8CUkoqkypq3hn3+CkoHqVOW718E=
+github.com/gobuffalo/genny v0.0.0-20181127225641-2d959acc795b/go.mod h1:l54xLXNkteX/PdZ+HlgPk1qtcrgeOr3XUBBPDbH+7CQ=
+github.com/gobuffalo/genny v0.0.0-20181128191930-77e34f71ba2a/go.mod h1:FW/D9p7cEEOqxYA71/hnrkOWm62JZ5ZNxcNIVJEaWBU=
+github.com/gobuffalo/genny v0.0.0-20181203165245-fda8bcce96b1/go.mod h1:wpNSANu9UErftfiaAlz1pDZclrYzLtO5lALifODyjuM=
+github.com/gobuffalo/genny v0.0.0-20181203201232-849d2c9534ea/go.mod h1:wpNSANu9UErftfiaAlz1pDZclrYzLtO5lALifODyjuM=
+github.com/gobuffalo/genny v0.0.0-20181206121324-d6fb8a0dbe36/go.mod h1:wpNSANu9UErftfiaAlz1pDZclrYzLtO5lALifODyjuM=
+github.com/gobuffalo/genny v0.0.0-20181207164119-84844398a37d/go.mod h1:y0ysCHGGQf2T3vOhCrGHheYN54Y/REj0ayd0Suf4C/8=
+github.com/gobuffalo/genny v0.0.0-20181211165820-e26c8466f14d/go.mod h1:sHnK+ZSU4e2feXP3PA29ouij6PUEiN+RCwECjCTB3yM=
+github.com/gobuffalo/genny v0.0.0-20190104222617-a71664fc38e7/go.mod h1:QPsQ1FnhEsiU8f+O0qKWXz2RE4TiDqLVChWkBuh1WaY=
+github.com/gobuffalo/genny v0.0.0-20190112155932-f31a84fcacf5/go.mod h1:CIaHCrSIuJ4il6ka3Hub4DR4adDrGoXGEEt2FbBxoIo=
+github.com/gobuffalo/genny v0.0.0-20190329151137-27723ad26ef9/go.mod h1:rWs4Z12d1Zbf19rlsn0nurr75KqhYp52EAGGxTbBhNk=
+github.com/gobuffalo/genny v0.0.0-20190403191548-3ca520ef0d9e/go.mod h1:80lIj3kVJWwOrXWWMRzzdhW3DsrdjILVil/SFKBzF28=
+github.com/gobuffalo/genny v0.1.0/go.mod h1:XidbUqzak3lHdS//TPu2OgiFB+51Ur5f7CSnXZ/JDvo=
+github.com/gobuffalo/genny v0.1.1/go.mod h1:5TExbEyY48pfunL4QSXxlDOmdsD44RRq4mVZ0Ex28Xk=
+github.com/gobuffalo/genny v0.2.0/go.mod h1:rWs4Z12d1Zbf19rlsn0nurr75KqhYp52EAGGxTbBhNk=
+github.com/gobuffalo/genny v0.3.0/go.mod h1:ywJ2CoXrTZj7rbS8HTbzv7uybnLKlsNSBhEQ+yFI3E8=
+github.com/gobuffalo/genny v0.6.0/go.mod h1:Vigx9VDiNscYpa/LwrURqGXLSIbzTfapt9+K6gF1kTA=
+github.com/gobuffalo/genny/v2 v2.0.5/go.mod h1:kRkJuAw9mdI37AiEYjV4Dl+TgkBDYf8HZVjLkqe5eBg=
+github.com/gobuffalo/gitgen v0.0.0-20190315122116-cc086187d211/go.mod h1:vEHJk/E9DmhejeLeNt7UVvlSGv3ziL+djtTr3yyzcOw=
+github.com/gobuffalo/github_flavored_markdown v1.0.4/go.mod h1:uRowCdK+q8d/RF0Kt3/DSalaIXbb0De/dmTqMQdkQ4I=
+github.com/gobuffalo/github_flavored_markdown v1.0.5/go.mod h1:U0643QShPF+OF2tJvYNiYDLDGDuQmJZXsf/bHOJPsMY=
+github.com/gobuffalo/github_flavored_markdown v1.0.7/go.mod h1:w93Pd9Lz6LvyQXEG6DktTPHkOtCbr+arAD5mkwMzXLI=
+github.com/gobuffalo/github_flavored_markdown v1.1.0/go.mod h1:TSpTKWcRTI0+v7W3x8dkSKMLJSUpuVitlptCkpeY8ic=
+github.com/gobuffalo/gogen v0.0.0-20190315121717-8f38393713f5/go.mod h1:V9QVDIxsgKNZs6L2IYiGR8datgMhB577vzTDqypH360=
+github.com/gobuffalo/gogen v0.1.0/go.mod h1:8NTelM5qd8RZ15VjQTFkAW6qOMx5wBbW4dSCS3BY8gg=
+github.com/gobuffalo/gogen v0.1.1/go.mod h1:y8iBtmHmGc4qa3urIyo1shvOD8JftTtfcKi+71xfDNE=
+github.com/gobuffalo/gogen v0.2.0/go.mod h1:V9QVDIxsgKNZs6L2IYiGR8datgMhB577vzTDqypH360=
+github.com/gobuffalo/helpers v0.2.2/go.mod h1:xYbzUdCUpVzLwLnqV8HIjT6hmG0Cs7YIBCJkNM597jw=
+github.com/gobuffalo/helpers v0.2.4/go.mod h1:NX7v27yxPDOPTgUFYmJ5ow37EbxdoLraucOGvMNawyk=
+github.com/gobuffalo/helpers v0.5.0/go.mod h1:stpgxJ2C7T99NLyAxGUnYMM2zAtBk5NKQR0SIbd05j4=
+github.com/gobuffalo/helpers v0.6.0/go.mod h1:pncVrer7x/KRvnL5aJABLAuT/RhKRR9klL6dkUOhyv8=
+github.com/gobuffalo/helpers v0.6.1/go.mod h1:wInbDi0vTJKZBviURTLRMFLE4+nF2uRuuL2fnlYo7w4=
+github.com/gobuffalo/here v0.6.0/go.mod h1:wAG085dHOYqUpf+Ap+WOdrPTp5IYcDAs/x7PLa8Y5fM=
+github.com/gobuffalo/httptest v1.0.2/go.mod h1:7T1IbSrg60ankme0aDLVnEY0h056g9M1/ZvpVThtB7E=
+github.com/gobuffalo/licenser v0.0.0-20180924033006-eae28e638a42/go.mod h1:Ubo90Np8gpsSZqNScZZkVXXAo5DGhTb+WYFIjlnog8w=
+github.com/gobuffalo/licenser v0.0.0-20181025145548-437d89de4f75/go.mod h1:x3lEpYxkRG/XtGCUNkio+6RZ/dlOvLzTI9M1auIwFcw=
+github.com/gobuffalo/licenser v0.0.0-20181027200154-58051a75da95/go.mod h1:BzhaaxGd1tq1+OLKObzgdCV9kqVhbTulxOpYbvMQWS0=
+github.com/gobuffalo/licenser v0.0.0-20181109171355-91a2a7aac9a7/go.mod h1:m+Ygox92pi9bdg+gVaycvqE8RVSjZp7mWw75+K5NPHk=
+github.com/gobuffalo/licenser v0.0.0-20181128165715-cc7305f8abed/go.mod h1:oU9F9UCE+AzI/MueCKZamsezGOOHfSirltllOVeRTAE=
+github.com/gobuffalo/licenser v0.0.0-20181203160806-fe900bbede07/go.mod h1:ph6VDNvOzt1CdfaWC+9XwcBnlSTBz2j49PBwum6RFaU=
+github.com/gobuffalo/licenser v0.0.0-20181211173111-f8a311c51159/go.mod h1:ve/Ue99DRuvnTaLq2zKa6F4KtHiYf7W046tDjuGYPfM=
+github.com/gobuffalo/licenser v1.1.0/go.mod h1:ZVWE6uKUE3rGf7sedUHWVjNWrEgxaUQLVFL+pQiWpfY=
+github.com/gobuffalo/logger v0.0.0-20181022175615-46cfb361fc27/go.mod h1:8sQkgyhWipz1mIctHF4jTxmJh1Vxhp7mP8IqbljgJZo=
+github.com/gobuffalo/logger v0.0.0-20181027144941-73d08d2bb969/go.mod h1:7uGg2duHKpWnN4+YmyKBdLXfhopkAdVM6H3nKbyFbz8=
+github.com/gobuffalo/logger v0.0.0-20181027193913-9cf4dd0efe46/go.mod h1:7uGg2duHKpWnN4+YmyKBdLXfhopkAdVM6H3nKbyFbz8=
+github.com/gobuffalo/logger v0.0.0-20181109185836-3feeab578c17/go.mod h1:oNErH0xLe+utO+OW8ptXMSA5DkiSEDW1u3zGIt8F9Ew=
+github.com/gobuffalo/logger v0.0.0-20181117211126-8e9b89b7c264/go.mod h1:5etB91IE0uBlw9k756fVKZJdS+7M7ejVhmpXXiSFj0I=
+github.com/gobuffalo/logger v0.0.0-20181127160119-5b956e21995c/go.mod h1:+HxKANrR9VGw9yN3aOAppJKvhO05ctDi63w4mDnKv2U=
+github.com/gobuffalo/logger v0.0.0-20190315122211-86e12af44bc2/go.mod h1:QdxcLw541hSGtBnhUc4gaNIXRjiDppFGaDqzbrBd3v8=
+github.com/gobuffalo/logger v1.0.0/go.mod h1:2zbswyIUa45I+c+FLXuWl9zSWEiVuthsk8ze5s8JvPs=
+github.com/gobuffalo/logger v1.0.1/go.mod h1:2zbswyIUa45I+c+FLXuWl9zSWEiVuthsk8ze5s8JvPs=
+github.com/gobuffalo/logger v1.0.3/go.mod h1:SoeejUwldiS7ZsyCBphOGURmWdwUFXs0J7TCjEhjKxM=
+github.com/gobuffalo/makr v1.1.5/go.mod h1:Y+o0btAH1kYAMDJW/TX3+oAXEu0bmSLLoC9mIFxtzOw=
+github.com/gobuffalo/mapi v1.0.0/go.mod h1:4VAGh89y6rVOvm5A8fKFxYG+wIW6LO1FMTG9hnKStFc=
+github.com/gobuffalo/mapi v1.0.1/go.mod h1:4VAGh89y6rVOvm5A8fKFxYG+wIW6LO1FMTG9hnKStFc=
+github.com/gobuffalo/mapi v1.0.2/go.mod h1:4VAGh89y6rVOvm5A8fKFxYG+wIW6LO1FMTG9hnKStFc=
+github.com/gobuffalo/mapi v1.1.0/go.mod h1:pqQ1XAqvpy/JYtRwoieNps2yU8MFiMxBUpAm2FBtQ50=
+github.com/gobuffalo/mapi v1.2.1/go.mod h1:giGJ2AUESRepOFYAzWpq8Gf/s/QDryxoEHisQtFN3cY=
+github.com/gobuffalo/meta v0.0.0-20181018155829-df62557efcd3/go.mod h1:XTTOhwMNryif3x9LkTTBO/Llrveezd71u3quLd0u7CM=
+github.com/gobuffalo/meta v0.0.0-20181018192820-8c6cef77dab3/go.mod h1:E94EPzx9NERGCY69UWlcj6Hipf2uK/vnfrF4QD0plVE=
+github.com/gobuffalo/meta v0.0.0-20181025145500-3a985a084b0a/go.mod h1:YDAKBud2FP7NZdruCSlmTmDOZbVSa6bpK7LJ/A/nlKg=
+github.com/gobuffalo/meta v0.0.0-20181114191255-b130ebedd2f7/go.mod h1:K6cRZ29ozr4Btvsqkjvg5nDFTLOgTqf03KA70Ks0ypE=
+github.com/gobuffalo/meta v0.0.0-20181127070345-0d7e59dd540b/go.mod h1:RLO7tMvE0IAKAM8wny1aN12pvEKn7EtkBLkUZR00Qf8=
+github.com/gobuffalo/meta v0.0.0-20190120163247-50bbb1fa260d/go.mod h1:KKsH44nIK2gA8p0PJmRT9GvWJUdphkDUA8AJEvFWiqM=
+github.com/gobuffalo/meta v0.0.0-20190329152330-e161e8a93e3b/go.mod h1:mCRSy5F47tjK8yaIDcJad4oe9fXxY5gLrx3Xx2spK+0=
+github.com/gobuffalo/meta v0.3.0/go.mod h1:cpr6mrUX5H/B4wEP86Gdq568TK4+dKUD8oRPl698RUw=
+github.com/gobuffalo/mw-basicauth v1.0.3/go.mod h1:dg7+ilMZOKnQFHDefUzUHufNyTswVUviCBgF244C1+0=
+github.com/gobuffalo/mw-contenttype v0.0.0-20180802152300-74f5a47f4d56/go.mod h1:7EvcmzBbeCvFtQm5GqF9ys6QnCxz2UM1x0moiWLq1No=
+github.com/gobuffalo/mw-csrf v0.0.0-20180802151833-446ff26e108b/go.mod h1:sbGtb8DmDZuDUQoxjr8hG1ZbLtZboD9xsn6p77ppcHo=
+github.com/gobuffalo/mw-forcessl v0.0.0-20180802152810-73921ae7a130/go.mod h1:JvNHRj7bYNAMUr/5XMkZaDcw3jZhUZpsmzhd//FFWmQ=
+github.com/gobuffalo/mw-i18n v0.0.0-20180802152014-e3060b7e13d6/go.mod h1:91AQfukc52A6hdfIfkxzyr+kpVYDodgAeT5cjX1UIj4=
+github.com/gobuffalo/mw-paramlogger v0.0.0-20181005191442-d6ee392ec72e/go.mod h1:6OJr6VwSzgJMqWMj7TYmRUqzNe2LXu/W1rRW4MAz/ME=
+github.com/gobuffalo/mw-tokenauth v0.0.0-20181001105134-8545f626c189/go.mod h1:UqBF00IfKvd39ni5+yI5MLMjAf4gX7cDKN/26zDOD6c=
+github.com/gobuffalo/nulls v0.2.0/go.mod h1:w4q8RoSCEt87Q0K0sRIZWYeIxkxog5mh3eN3C/n+dUc=
+github.com/gobuffalo/nulls v0.3.0/go.mod h1:UP49vd/k+bcaz6m0cHMyuk8oQ7XgLnkfxeiVoPAvBSs=
+github.com/gobuffalo/packd v0.0.0-20181027182251-01ad393492c8/go.mod h1:SmdBdhj6uhOsg1Ui4SFAyrhuc7U4VCildosO5IDJ3lc=
+github.com/gobuffalo/packd v0.0.0-20181027190505-aafc0d02c411/go.mod h1:SmdBdhj6uhOsg1Ui4SFAyrhuc7U4VCildosO5IDJ3lc=
+github.com/gobuffalo/packd v0.0.0-20181027194105-7ae579e6d213/go.mod h1:SmdBdhj6uhOsg1Ui4SFAyrhuc7U4VCildosO5IDJ3lc=
+github.com/gobuffalo/packd v0.0.0-20181031195726-c82734870264/go.mod h1:Yf2toFaISlyQrr5TfO3h6DB9pl9mZRmyvBGQb/aQ/pI=
+github.com/gobuffalo/packd v0.0.0-20181104210303-d376b15f8e96/go.mod h1:Yf2toFaISlyQrr5TfO3h6DB9pl9mZRmyvBGQb/aQ/pI=
+github.com/gobuffalo/packd v0.0.0-20181111195323-b2e760a5f0ff/go.mod h1:Yf2toFaISlyQrr5TfO3h6DB9pl9mZRmyvBGQb/aQ/pI=
+github.com/gobuffalo/packd v0.0.0-20181114190715-f25c5d2471d7/go.mod h1:Yf2toFaISlyQrr5TfO3h6DB9pl9mZRmyvBGQb/aQ/pI=
+github.com/gobuffalo/packd v0.0.0-20181124090624-311c6248e5fb/go.mod h1:Foenia9ZvITEvG05ab6XpiD5EfBHPL8A6hush8SJ0o8=
+github.com/gobuffalo/packd v0.0.0-20181207120301-c49825f8f6f4/go.mod h1:LYc0TGKFBBFTRC9dg2pcRcMqGCTMD7T2BIMP7OBuQAA=
+github.com/gobuffalo/packd v0.0.0-20181212173646-eca3b8fd6687/go.mod h1:LYc0TGKFBBFTRC9dg2pcRcMqGCTMD7T2BIMP7OBuQAA=
+github.com/gobuffalo/packd v0.0.0-20190315124812-a385830c7fc0/go.mod h1:M2Juc+hhDXf/PnmBANFCqx4DM3wRbgDvnVWeG2RIxq4=
+github.com/gobuffalo/packd v0.1.0/go.mod h1:M2Juc+hhDXf/PnmBANFCqx4DM3wRbgDvnVWeG2RIxq4=
+github.com/gobuffalo/packd v0.2.0/go.mod h1:k2CkHP3bjbqL2GwxwhxUy1DgnlbW644hkLC9iIUvZwY=
+github.com/gobuffalo/packd v0.3.0/go.mod h1:zC7QkmNkYVGKPw4tHpBQ+ml7W/3tIebgeo1b36chA3Q=
+github.com/gobuffalo/packd v1.0.0/go.mod h1:6VTc4htmJRFB7u1m/4LeMTWjFoYrUiBkU9Fdec9hrhI=
+github.com/gobuffalo/packr v1.13.7/go.mod h1:KkinLIn/n6+3tVXMwg6KkNvWwVsrRAz4ph+jgpk3Z24=
+github.com/gobuffalo/packr v1.15.0/go.mod h1:t5gXzEhIviQwVlNx/+3SfS07GS+cZ2hn76WLzPp6MGI=
+github.com/gobuffalo/packr v1.15.1/go.mod h1:IeqicJ7jm8182yrVmNbM6PR4g79SjN9tZLH8KduZZwE=
+github.com/gobuffalo/packr v1.19.0/go.mod h1:MstrNkfCQhd5o+Ct4IJ0skWlxN8emOq8DsoT1G98VIU=
+github.com/gobuffalo/packr v1.20.0/go.mod h1:JDytk1t2gP+my1ig7iI4NcVaXr886+N0ecUga6884zw=
+github.com/gobuffalo/packr v1.21.0/go.mod h1:H00jGfj1qFKxscFJSw8wcL4hpQtPe1PfU2wa6sg/SR0=
+github.com/gobuffalo/packr v1.22.0/go.mod h1:Qr3Wtxr3+HuQEwWqlLnNW4t1oTvK+7Gc/Rnoi/lDFvA=
+github.com/gobuffalo/packr/v2 v2.0.0-rc.8/go.mod h1:y60QCdzwuMwO2R49fdQhsjCPv7tLQFR0ayzxxla9zes=
+github.com/gobuffalo/packr/v2 v2.0.0-rc.9/go.mod h1:fQqADRfZpEsgkc7c/K7aMew3n4aF1Kji7+lIZeR98Fc=
+github.com/gobuffalo/packr/v2 v2.0.0-rc.10/go.mod h1:4CWWn4I5T3v4c1OsJ55HbHlUEKNWMITG5iIkdr4Px4w=
+github.com/gobuffalo/packr/v2 v2.0.0-rc.11/go.mod h1:JoieH/3h3U4UmatmV93QmqyPUdf4wVM9HELaHEu+3fk=
+github.com/gobuffalo/packr/v2 v2.0.0-rc.12/go.mod h1:FV1zZTsVFi1DSCboO36Xgs4pzCZBjB/tDV9Cz/lSaR8=
+github.com/gobuffalo/packr/v2 v2.0.0-rc.13/go.mod h1:2Mp7GhBFMdJlOK8vGfl7SYtfMP3+5roE39ejlfjw0rA=
+github.com/gobuffalo/packr/v2 v2.0.0-rc.14/go.mod h1:06otbrNvDKO1eNQ3b8hst+1010UooI2MFg+B2Ze4MV8=
+github.com/gobuffalo/packr/v2 v2.0.0-rc.15/go.mod h1:IMe7H2nJvcKXSF90y4X1rjYIRlNMJYCxEhssBXNZwWs=
+github.com/gobuffalo/packr/v2 v2.0.9/go.mod h1:emmyGweYTm6Kdper+iywB6YK5YzuKchGtJQZ0Odn4pQ=
+github.com/gobuffalo/packr/v2 v2.2.0/go.mod h1:CaAwI0GPIAv+5wKLtv8Afwl+Cm78K/I/VCm/3ptBN+0=
+github.com/gobuffalo/packr/v2 v2.4.0/go.mod h1:ra341gygw9/61nSjAbfwcwh8IrYL4WmR4IsPkPBhQiY=
+github.com/gobuffalo/packr/v2 v2.5.2/go.mod h1:sgEE1xNZ6G0FNN5xn9pevVu4nywaxHvgup67xisti08=
+github.com/gobuffalo/packr/v2 v2.7.1/go.mod h1:qYEvAazPaVxy7Y7KR0W8qYEE+RymX74kETFqjFoFlOc=
+github.com/gobuffalo/plush v3.7.16+incompatible/go.mod h1:rQ4zdtUUyZNqULlc6bqd5scsPfLKfT0+TGMChgduDvI=
+github.com/gobuffalo/plush v3.7.20+incompatible/go.mod h1:rQ4zdtUUyZNqULlc6bqd5scsPfLKfT0+TGMChgduDvI=
+github.com/gobuffalo/plush v3.7.21+incompatible/go.mod h1:rQ4zdtUUyZNqULlc6bqd5scsPfLKfT0+TGMChgduDvI=
+github.com/gobuffalo/plush v3.7.22+incompatible/go.mod h1:rQ4zdtUUyZNqULlc6bqd5scsPfLKfT0+TGMChgduDvI=
+github.com/gobuffalo/plush v3.7.23+incompatible/go.mod h1:rQ4zdtUUyZNqULlc6bqd5scsPfLKfT0+TGMChgduDvI=
+github.com/gobuffalo/plush v3.7.30+incompatible/go.mod h1:rQ4zdtUUyZNqULlc6bqd5scsPfLKfT0+TGMChgduDvI=
+github.com/gobuffalo/plush v3.7.31+incompatible/go.mod h1:rQ4zdtUUyZNqULlc6bqd5scsPfLKfT0+TGMChgduDvI=
+github.com/gobuffalo/plush v3.7.32+incompatible/go.mod h1:rQ4zdtUUyZNqULlc6bqd5scsPfLKfT0+TGMChgduDvI=
+github.com/gobuffalo/plush v3.8.2+incompatible/go.mod h1:rQ4zdtUUyZNqULlc6bqd5scsPfLKfT0+TGMChgduDvI=
+github.com/gobuffalo/plush v3.8.3+incompatible/go.mod h1:rQ4zdtUUyZNqULlc6bqd5scsPfLKfT0+TGMChgduDvI=
+github.com/gobuffalo/plush/v4 v4.0.0/go.mod h1:ErFS3UxKqEb8fpFJT7lYErfN/Nw6vHGiDMTjxpk5bQ0=
+github.com/gobuffalo/plushgen v0.0.0-20181128164830-d29dcb966cb2/go.mod h1:r9QwptTFnuvSaSRjpSp4S2/4e2D3tJhARYbvEBcKSb4=
+github.com/gobuffalo/plushgen v0.0.0-20181203163832-9fc4964505c2/go.mod h1:opEdT33AA2HdrIwK1aibqnTJDVVKXC02Bar/GT1YRVs=
+github.com/gobuffalo/plushgen v0.0.0-20181207152837-eedb135bd51b/go.mod h1:Lcw7HQbEVm09sAQrCLzIxuhFbB3nAgp4c55E+UlynR0=
+github.com/gobuffalo/plushgen v0.0.0-20190104222512-177cd2b872b3/go.mod h1:tYxCozi8X62bpZyKXYHw1ncx2ZtT2nFvG42kuLwYjoc=
+github.com/gobuffalo/plushgen v0.1.2/go.mod h1:3U71v6HWZpVER1nInTXeAwdoRNsRd4W8aeIa1Lyp+Bk=
+github.com/gobuffalo/pop v4.8.2+incompatible/go.mod h1:DwBz3SD5SsHpTZiTubcsFWcVDpJWGsxjVjMPnkiThWg=
+github.com/gobuffalo/pop v4.8.3+incompatible/go.mod h1:DwBz3SD5SsHpTZiTubcsFWcVDpJWGsxjVjMPnkiThWg=
+github.com/gobuffalo/pop v4.8.4+incompatible/go.mod h1:DwBz3SD5SsHpTZiTubcsFWcVDpJWGsxjVjMPnkiThWg=
+github.com/gobuffalo/pop v4.13.1+incompatible/go.mod h1:DwBz3SD5SsHpTZiTubcsFWcVDpJWGsxjVjMPnkiThWg=
+github.com/gobuffalo/pop/v5 v5.0.11/go.mod h1:mZJHJbA3cy2V18abXYuVop2ldEJ8UZ2DK6qOekC5u5g=
+github.com/gobuffalo/release v1.0.35/go.mod h1:VtHFAKs61vO3wboCec5xr9JPTjYyWYcvaM3lclkc4x4=
+github.com/gobuffalo/release v1.0.38/go.mod h1:VtHFAKs61vO3wboCec5xr9JPTjYyWYcvaM3lclkc4x4=
+github.com/gobuffalo/release v1.0.42/go.mod h1:RPs7EtafH4oylgetOJpGP0yCZZUiO4vqHfTHJjSdpug=
+github.com/gobuffalo/release v1.0.52/go.mod h1:RPs7EtafH4oylgetOJpGP0yCZZUiO4vqHfTHJjSdpug=
+github.com/gobuffalo/release v1.0.53/go.mod h1:FdF257nd8rqhNaqtDWFGhxdJ/Ig4J7VcS3KL7n/a+aA=
+github.com/gobuffalo/release v1.0.54/go.mod h1:Pe5/RxRa/BE8whDpGfRqSI7D1a0evGK1T4JDm339tJc=
+github.com/gobuffalo/release v1.0.61/go.mod h1:mfIO38ujUNVDlBziIYqXquYfBF+8FDHUjKZgYC1Hj24=
+github.com/gobuffalo/release v1.0.72/go.mod h1:NP5NXgg/IX3M5XmHmWR99D687/3Dt9qZtTK/Lbwc1hU=
+github.com/gobuffalo/release v1.1.1/go.mod h1:Sluak1Xd6kcp6snkluR1jeXAogdJZpFFRzTYRs/2uwg=
+github.com/gobuffalo/release v1.1.3/go.mod h1:CuXc5/m+4zuq8idoDt1l4va0AXAn/OSs08uHOfMVr8E=
+github.com/gobuffalo/release v1.1.6/go.mod h1:18naWa3kBsqO0cItXZNJuefCKOENpbbUIqRL1g+p6z0=
+github.com/gobuffalo/release v1.7.0/go.mod h1:xH2NjAueVSY89XgC4qx24ojEQ4zQ9XCGVs5eXwJTkEs=
+github.com/gobuffalo/shoulders v1.0.1/go.mod h1:V33CcVmaQ4gRUmHKwq1fiTXuf8Gp/qjQBUL5tHPmvbA=
+github.com/gobuffalo/shoulders v1.0.4/go.mod h1:LqMcHhKRuBPMAYElqOe3POHiZ1x7Ry0BE8ZZ84Bx+k4=
+github.com/gobuffalo/syncx v0.0.0-20181120191700-98333ab04150/go.mod h1:HhnNqWY95UYwwW3uSASeV7vtgYkT2t16hJgV3AEPUpw=
+github.com/gobuffalo/syncx v0.0.0-20181120194010-558ac7de985f/go.mod h1:HhnNqWY95UYwwW3uSASeV7vtgYkT2t16hJgV3AEPUpw=
+github.com/gobuffalo/syncx v0.0.0-20190224160051-33c29581e754/go.mod h1:HhnNqWY95UYwwW3uSASeV7vtgYkT2t16hJgV3AEPUpw=
+github.com/gobuffalo/syncx v0.1.0/go.mod h1:Mg/s+5pv7IgxEp6sA+NFpqS4o2x+R9dQNwbwT0iuOGQ=
+github.com/gobuffalo/tags v2.0.11+incompatible/go.mod h1:9XmhOkyaB7UzvuY4UoZO4s67q8/xRMVJEaakauVQYeY=
+github.com/gobuffalo/tags v2.0.14+incompatible/go.mod h1:9XmhOkyaB7UzvuY4UoZO4s67q8/xRMVJEaakauVQYeY=
+github.com/gobuffalo/tags v2.0.15+incompatible/go.mod h1:9XmhOkyaB7UzvuY4UoZO4s67q8/xRMVJEaakauVQYeY=
+github.com/gobuffalo/tags v2.1.0+incompatible/go.mod h1:9XmhOkyaB7UzvuY4UoZO4s67q8/xRMVJEaakauVQYeY=
+github.com/gobuffalo/tags v2.1.7+incompatible/go.mod h1:9XmhOkyaB7UzvuY4UoZO4s67q8/xRMVJEaakauVQYeY=
+github.com/gobuffalo/tags/v3 v3.0.2/go.mod h1:ZQeN6TCTiwAFnS0dNcbDtSgZDwNKSpqajvVtt6mlYpA=
+github.com/gobuffalo/tags/v3 v3.1.0/go.mod h1:ZQeN6TCTiwAFnS0dNcbDtSgZDwNKSpqajvVtt6mlYpA=
+github.com/gobuffalo/uuid v2.0.3+incompatible/go.mod h1:ErhIzkRhm0FtRuiE/PeORqcw4cVi1RtSpnwYrxuvkfE=
+github.com/gobuffalo/uuid v2.0.4+incompatible/go.mod h1:ErhIzkRhm0FtRuiE/PeORqcw4cVi1RtSpnwYrxuvkfE=
+github.com/gobuffalo/uuid v2.0.5+incompatible/go.mod h1:ErhIzkRhm0FtRuiE/PeORqcw4cVi1RtSpnwYrxuvkfE=
+github.com/gobuffalo/validate v2.0.3+incompatible/go.mod h1:N+EtDe0J8252BgfzQUChBgfd6L93m9weay53EWFVsMM=
+github.com/gobuffalo/validate v2.0.4+incompatible/go.mod h1:N+EtDe0J8252BgfzQUChBgfd6L93m9weay53EWFVsMM=
+github.com/gobuffalo/validate/v3 v3.0.0/go.mod h1:HFpjq+AIiA2RHoQnQVTFKF/ZpUPXwyw82LgyDPxQ9r0=
+github.com/gobuffalo/validate/v3 v3.1.0/go.mod h1:HFpjq+AIiA2RHoQnQVTFKF/ZpUPXwyw82LgyDPxQ9r0=
+github.com/gobuffalo/validate/v3 v3.2.0/go.mod h1:PrhDOdDHxtN8KUgMvF3TDL0r1YZXV4sQnyFX/EmeETY=
+github.com/gobuffalo/x v0.0.0-20181003152136-452098b06085/go.mod h1:WevpGD+5YOreDJznWevcn8NTmQEW5STSBgIkpkjzqXc=
+github.com/gobuffalo/x v0.0.0-20181007152206-913e47c59ca7/go.mod h1:9rDPXaB3kXdKWzMc4odGQQdG2e2DIEmANy5aSJ9yesY=
+github.com/gofrs/uuid v3.1.0+incompatible/go.mod h1:b2aQJv3Z4Fp6yNu3cdSllBxTCLRxnplIgP/c0N/04lM=
+github.com/gofrs/uuid v3.2.0+incompatible/go.mod h1:b2aQJv3Z4Fp6yNu3cdSllBxTCLRxnplIgP/c0N/04lM=
+github.com/gofrs/uuid/v3 v3.1.2/go.mod h1:xPwMqoocQ1L5G6pXX5BcE7N5jlzn2o19oqAKxwZW/kI=
+github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ=
+github.com/gogo/protobuf v1.2.1/go.mod h1:hp+jE20tsWTFYpLwKvXlhS1hjn+gTNwPg2I6zVXpSg4=
+github.com/golang/freetype v0.0.0-20170609003504-e2365dfdc4a0/go.mod h1:E/TSTwGwJL78qG/PmXZO1EjYhfJinVAhrmmHX6Z8B9k=
+github.com/golang/gddo v0.0.0-20180828051604-96d2a289f41e/go.mod h1:xEhNfoBDX1hzLm2Nf80qUvZ2sVwoMZ8d6IE2SrsQfh4=
+github.com/golang/gddo v0.0.0-20190904175337-72a348e765d2/go.mod h1:xEhNfoBDX1hzLm2Nf80qUvZ2sVwoMZ8d6IE2SrsQfh4=
+github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
+github.com/golang/groupcache v0.0.0-20190129154638-5b532d6fd5ef/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
+github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
+github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
+github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
+github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
+github.com/golang/mock v1.2.0/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
+github.com/golang/mock v1.3.1/go.mod h1:sBzyDLLjw3U8JLTeZvSv8jJB+tU5PVekmnlKIyFUx0Y=
+github.com/golang/mock v1.4.0/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw=
+github.com/golang/mock v1.4.1/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw=
+github.com/golang/mock v1.4.3/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw=
+github.com/golang/mock v1.4.4/go.mod h1:l3mdAwkq5BuhzHwde/uurv3sEJeZMXNpwsxVWU71h+4=
+github.com/golang/protobuf v1.1.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
+github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
+github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
+github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
+github.com/golang/protobuf v1.3.3/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw=
+github.com/golang/protobuf v1.3.4/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw=
+github.com/golang/protobuf v1.3.5/go.mod h1:6O5/vntMXwX2lRkT1hjjk0nAC1IDOTvTlVgjlRvqsdk=
+github.com/golang/protobuf v1.4.0-rc.1/go.mod h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi5j83Wpe3EHw8=
+github.com/golang/protobuf v1.4.0-rc.1.0.20200221234624-67d41d38c208/go.mod h1:xKAWHe0F5eneWXFV3EuXVDTCmh+JuBKY0li0aMyXATA=
+github.com/golang/protobuf v1.4.0-rc.2/go.mod h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrUpVNzEA03Pprs=
+github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:WU3c8KckQ9AFe+yFwt9sWVRKCVIyN9cPHBJSNnbL67w=
+github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0=
+github.com/golang/protobuf v1.4.1/go.mod h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QDs8UjoX8=
+github.com/golang/protobuf v1.4.2 h1:+Z5KGCizgyZCbGh1KZqA0fcLLkwbsjIzS4aV2v7wJX0=
+github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
+github.com/golang/snappy v0.0.1/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
+github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
+github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
+github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M=
+github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
+github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
+github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/go-cmp v0.4.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/go-cmp v0.5.1 h1:JFrFEBb2xKufg6XkJsJr+WbKb4FQlURi5RUcBveYu9k=
+github.com/google/go-cmp v0.5.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs=
+github.com/google/martian/v3 v3.0.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0=
+github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc=
+github.com/google/pprof v0.0.0-20190515194954-54271f7e092f/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc=
+github.com/google/pprof v0.0.0-20191218002539-d4f498aebedc/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
+github.com/google/pprof v0.0.0-20200212024743-f11f1df84d12/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
+github.com/google/pprof v0.0.0-20200229191704-1ebb73c60ed3/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
+github.com/google/pprof v0.0.0-20200430221834-fc25d7d30c6d/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
+github.com/google/pprof v0.0.0-20200708004538-1a94d8640e99/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
+github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI=
+github.com/google/uuid v1.0.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
+github.com/google/uuid v1.1.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
+github.com/google/uuid v1.1.1 h1:Gkbcsh/GbpXz7lPftLA3P6TYMwjCLYm83jiFQZF/3gY=
+github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
+github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg=
+github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk=
+github.com/gopherjs/gopherjs v0.0.0-20181004151105-1babbf986f6f/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY=
+github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY=
+github.com/gorilla/context v1.1.1/go.mod h1:kBGZzfjB9CEq2AlWe17Uuf7NDRt0dE0s8S51q0aT7Yg=
+github.com/gorilla/mux v1.6.2/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs=
+github.com/gorilla/mux v1.7.0/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs=
+github.com/gorilla/pat v0.0.0-20180118222023-199c85a7f6d1/go.mod h1:YeAe0gNeiNT5hoiZRI4yiOky6jVdNvfO2N6Kav/HmxY=
+github.com/gorilla/securecookie v1.1.1/go.mod h1:ra0sb63/xPlUeL+yeDciTfxMRAA+MP+HVt/4epWDjd4=
+github.com/gorilla/sessions v1.1.2/go.mod h1:8KCfur6+4Mqcc6S0FEfKuN15Vl5MgXW92AE8ovaJD0w=
+github.com/gorilla/sessions v1.1.3/go.mod h1:8KCfur6+4Mqcc6S0FEfKuN15Vl5MgXW92AE8ovaJD0w=
+github.com/gorilla/websocket v1.4.0/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ=
+github.com/gotestyourself/gotestyourself v1.3.0/go.mod h1:zZKM6oeNM8k+FRljX1mnzVYeS8wiGgQyvST1/GafPbY=
+github.com/gotestyourself/gotestyourself v2.2.0+incompatible/go.mod h1:zZKM6oeNM8k+FRljX1mnzVYeS8wiGgQyvST1/GafPbY=
+github.com/grpc-ecosystem/go-grpc-middleware v1.0.0/go.mod h1:FiyG127CGDf3tlThmgyCl78X/SZQqEOJBCDaAfeWzPs=
+github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0/go.mod h1:8NvIoxWQoOIhqOTXgfV/d3M/q6VIi02HzZEHgUlZvzk=
+github.com/grpc-ecosystem/grpc-gateway v1.9.0/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY=
+github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
+github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
+github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ=
+github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU=
+github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
+github.com/inconshreveable/mousetrap v1.0.0 h1:Z8tu5sraLXCXIcARxBp/8cbvlwVa7Z1NHg9XEKhtSvM=
+github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8=
+github.com/jackc/chunkreader v1.0.0/go.mod h1:RT6O25fNZIuasFJRyZ4R/Y2BbhasbmZXF9QQ7T3kePo=
+github.com/jackc/chunkreader/v2 v2.0.0/go.mod h1:odVSm741yZoC3dpHEUXIqA9tQRhFrgOHwnPIn9lDKlk=
+github.com/jackc/chunkreader/v2 v2.0.1/go.mod h1:odVSm741yZoC3dpHEUXIqA9tQRhFrgOHwnPIn9lDKlk=
+github.com/jackc/fake v0.0.0-20150926172116-812a484cc733/go.mod h1:WrMFNQdiFJ80sQsxDoMokWK1W5TQtxBFNpzWTD84ibQ=
+github.com/jackc/pgconn v0.0.0-20190420214824-7e0022ef6ba3/go.mod h1:jkELnwuX+w9qN5YIfX0fl88Ehu4XC3keFuOJJk9pcnA=
+github.com/jackc/pgconn v0.0.0-20190824142844-760dd75542eb/go.mod h1:lLjNuW/+OfW9/pnVKPazfWOgNfH2aPem8YQ7ilXGvJE=
+github.com/jackc/pgconn v0.0.0-20190831204454-2fabfa3c18b7/go.mod h1:ZJKsE/KZfsUgOEh9hBm+xYTstcNHg7UPMVJqRfQxq4s=
+github.com/jackc/pgconn v1.3.2/go.mod h1:LvCquS3HbBKwgl7KbX9KyqEIumJAbm1UMcTvGaIf3bM=
+github.com/jackc/pgconn v1.5.0/go.mod h1:QeD3lBfpTFe8WUnPZWN5KY/mB8FGMIYRdd8P8Jr0fAI=
+github.com/jackc/pgio v1.0.0/go.mod h1:oP+2QK2wFfUWgr+gxjoBH9KGBb31Eio69xUb0w5bYf8=
+github.com/jackc/pgmock v0.0.0-20190831213851-13a1b77aafa2/go.mod h1:fGZlG77KXmcq05nJLRkk0+p82V8B8Dw8KN2/V9c/OAE=
+github.com/jackc/pgpassfile v1.0.0/go.mod h1:CEx0iS5ambNFdcRtxPj5JhEz+xB6uRky5eyVu/W2HEg=
+github.com/jackc/pgproto3 v1.1.0/go.mod h1:eR5FA3leWg7p9aeAqi37XOTgTIbkABlvcPB3E5rlc78=
+github.com/jackc/pgproto3/v2 v2.0.0-alpha1.0.20190420180111-c116219b62db/go.mod h1:bhq50y+xrl9n5mRYyCBFKkpRVTLYJVWeCc+mEAI3yXA=
+github.com/jackc/pgproto3/v2 v2.0.0-alpha1.0.20190609003834-432c2951c711/go.mod h1:uH0AWtUmuShn0bcesswc4aBTWGvw0cAxIJp+6OB//Wg=
+github.com/jackc/pgproto3/v2 v2.0.0-rc3/go.mod h1:ryONWYqW6dqSg1Lw6vXNMXoBJhpzvWKnT95C46ckYeM=
+github.com/jackc/pgproto3/v2 v2.0.0-rc3.0.20190831210041-4c03ce451f29/go.mod h1:ryONWYqW6dqSg1Lw6vXNMXoBJhpzvWKnT95C46ckYeM=
+github.com/jackc/pgproto3/v2 v2.0.1/go.mod h1:WfJCnwN3HIg9Ish/j3sgWXnAfK8A9Y0bwXYU5xKaEdA=
+github.com/jackc/pgservicefile v0.0.0-20200307190119-3430c5407db8/go.mod h1:vsD4gTJCa9TptPL8sPkXrLZ+hDuNrZCnj29CQpr4X1E=
+github.com/jackc/pgtype v0.0.0-20190421001408-4ed0de4755e0/go.mod h1:hdSHsc1V01CGwFsrv11mJRHWJ6aifDLfdV3aVjFF0zg=
+github.com/jackc/pgtype v0.0.0-20190824184912-ab885b375b90/go.mod h1:KcahbBH1nCMSo2DXpzsoWOAfFkdEtEJpPbVLq8eE+mc=
+github.com/jackc/pgtype v0.0.0-20190828014616-a8802b16cc59/go.mod h1:MWlu30kVJrUS8lot6TQqcg7mtthZ9T0EoIBFiJcmcyw=
+github.com/jackc/pgtype v1.2.0/go.mod h1:5m2OfMh1wTK7x+Fk952IDmI4nw3nPrvtQdM0ZT4WpC0=
+github.com/jackc/pgx v3.2.0+incompatible/go.mod h1:0ZGrqGqkRlliWnWB4zKnWtjbSWbGkVEFm4TeybAXq+I=
+github.com/jackc/pgx v3.6.2+incompatible/go.mod h1:0ZGrqGqkRlliWnWB4zKnWtjbSWbGkVEFm4TeybAXq+I=
+github.com/jackc/pgx/v4 v4.0.0-20190420224344-cc3461e65d96/go.mod h1:mdxmSJJuR08CZQyj1PVQBHy9XOp5p8/SHH6a0psbY9Y=
+github.com/jackc/pgx/v4 v4.0.0-20190421002000-1b8f0016e912/go.mod h1:no/Y67Jkk/9WuGR0JG/JseM9irFbnEPbuWV2EELPNuM=
+github.com/jackc/pgx/v4 v4.0.0-pre1.0.20190824185557-6972a5742186/go.mod h1:X+GQnOEnf1dqHGpw7JmHqHc1NxDoalibchSk9/RWuDc=
+github.com/jackc/pgx/v4 v4.4.1/go.mod h1:6iSW+JznC0YT+SgBn7rNxoEBsBgSmnC5FwyCekOGUiE=
+github.com/jackc/puddle v0.0.0-20190413234325-e4ced69a3a2b/go.mod h1:m4B5Dj62Y0fbyuIc15OsIqK0+JU8nkqQjsgx7dvjSWk=
+github.com/jackc/puddle v0.0.0-20190608224051-11cab39313c9/go.mod h1:m4B5Dj62Y0fbyuIc15OsIqK0+JU8nkqQjsgx7dvjSWk=
+github.com/jackc/puddle v1.1.0/go.mod h1:m4B5Dj62Y0fbyuIc15OsIqK0+JU8nkqQjsgx7dvjSWk=
+github.com/jmespath/go-jmespath v0.0.0-20180206201540-c2b33e8439af/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k=
+github.com/jmoiron/sqlx v0.0.0-20180614180643-0dae4fefe7c0/go.mod h1:IiEW3SEiiErVyFdH8NTuWjSifiEQKUoyK3LNqr2kCHU=
+github.com/jmoiron/sqlx v1.2.0/go.mod h1:1FEQNm3xlJgrMD+FBdI9+xvCksHtbpVBBw5dYhBSsks=
+github.com/joho/godotenv v1.2.0/go.mod h1:7hK45KPybAkOC6peb+G5yklZfMxEjkZhHbwpqxOKXbg=
+github.com/joho/godotenv v1.3.0/go.mod h1:7hK45KPybAkOC6peb+G5yklZfMxEjkZhHbwpqxOKXbg=
+github.com/jonboulle/clockwork v0.1.0/go.mod h1:Ii8DK3G1RaLaWxj9trq07+26W01tbo22gdxWY5EU2bo=
+github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU=
+github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/XSXhF0NWZEnDohbsk=
+github.com/jtolds/gls v4.2.1+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU=
+github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU=
+github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w=
+github.com/julienschmidt/httprouter v1.3.0 h1:U0609e9tgbseu3rBINet9P48AI/D3oJs4dN7jwJOQ1U=
+github.com/julienschmidt/httprouter v1.3.0/go.mod h1:JR6WtHb+2LUe8TCKY3cZOxFyyO8IZAc4RVcycCCAKdM=
+github.com/jung-kurt/gofpdf v1.0.3-0.20190309125859-24315acbbda5/go.mod h1:7Id9E/uU8ce6rXgefFLlgrJj/GYY22cpxn+r32jIOes=
+github.com/karrick/godirwalk v1.7.5/go.mod h1:2c9FRhkDxdIbgkOnCEvnSWs71Bhugbl46shStcFDJ34=
+github.com/karrick/godirwalk v1.7.7/go.mod h1:2c9FRhkDxdIbgkOnCEvnSWs71Bhugbl46shStcFDJ34=
+github.com/karrick/godirwalk v1.7.8/go.mod h1:2c9FRhkDxdIbgkOnCEvnSWs71Bhugbl46shStcFDJ34=
+github.com/karrick/godirwalk v1.8.0/go.mod h1:H5KPZjojv4lE+QYImBI8xVtrBRgYrIVsaRPx4tDPEn4=
+github.com/karrick/godirwalk v1.10.3/go.mod h1:RoGL9dQei4vP9ilrpETWE8CLOZ1kiN0LhBygSwrAsHA=
+github.com/karrick/godirwalk v1.10.9/go.mod h1:RoGL9dQei4vP9ilrpETWE8CLOZ1kiN0LhBygSwrAsHA=
+github.com/karrick/godirwalk v1.10.12/go.mod h1:RoGL9dQei4vP9ilrpETWE8CLOZ1kiN0LhBygSwrAsHA=
+github.com/karrick/godirwalk v1.15.5/go.mod h1:j4mkqPuvaLI8mp1DroR3P6ad7cyYd4c1qeJ3RV7ULlk=
+github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51/go.mod h1:CzGEWj7cYgsdH8dAjBGEr58BoE7ScuLd+fwFZ44+/x8=
+github.com/kisielk/errcheck v1.1.0/go.mod h1:EZBBE59ingxPouuu3KfxchcWSUPOHkagtvWXihfKN4Q=
+github.com/kisielk/errcheck v1.2.0/go.mod h1:/BMXB+zMLi60iA8Vv6Ksmxu/1UDYcXs4uQLJ+jE2L00=
+github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
+github.com/klauspost/compress v1.9.5/go.mod h1:RyIbtBH6LamlWaDj8nUwkbUhJ87Yi3uG0guNDohfE1A=
+github.com/konsorten/go-windows-terminal-sequences v0.0.0-20180402223658-b729f2633dfe/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
+github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
+github.com/konsorten/go-windows-terminal-sequences v1.0.2 h1:DB17ag19krx9CFsz4o3enTrPXyIXCl+2iCXH/aMAp9s=
+github.com/konsorten/go-windows-terminal-sequences v1.0.2/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
+github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc=
+github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
+github.com/kr/pretty v0.2.0/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
+github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
+github.com/kr/pty v1.1.3/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
+github.com/kr/pty v1.1.5/go.mod h1:9r2w37qlBe7rQ6e1fg1S/9xpWHSnaqNdHD3WcMdbPDA=
+github.com/kr/pty v1.1.8/go.mod h1:O1sed60cT9XZ5uDucP5qwvh+TE3NnUj51EiZO/lmSfw=
+github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
+github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
+github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
+github.com/lib/pq v0.0.0-20180327071824-d34b9ff171c2/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo=
+github.com/lib/pq v1.0.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo=
+github.com/lib/pq v1.1.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo=
+github.com/lib/pq v1.2.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo=
+github.com/lib/pq v1.3.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo=
+github.com/luna-duclos/instrumentedsql v0.0.0-20181127104832-b7d587d28109/go.mod h1:PWUIzhtavmOR965zfawVsHXbEuU1G29BPZ/CB3C7jXk=
+github.com/luna-duclos/instrumentedsql v1.1.2/go.mod h1:4LGbEqDnopzNAiyxPPDXhLspyunZxgPTMJBKtC6U0BQ=
+github.com/magiconair/properties v1.8.0/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ=
+github.com/magiconair/properties v1.8.1/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ=
+github.com/mailru/easyjson v0.0.0-20180823135443-60711f1a8329/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
+github.com/mailru/easyjson v0.0.0-20190312143242-1de009706dbe/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
+github.com/mailru/easyjson v0.0.0-20190614124828-94de47d64c63/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
+github.com/mailru/easyjson v0.0.0-20190626092158-b2ccc519800e/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
+github.com/mailru/easyjson v0.7.1 h1:mdxE1MF9o53iCb2Ghj1VfWvh7ZOwHpnVG/xwXrV90U8=
+github.com/mailru/easyjson v0.7.1/go.mod h1:KAzv3t3aY1NaHWoQz1+4F1ccyAH66Jk7yos7ldAVICs=
+github.com/markbates/deplist v1.0.4/go.mod h1:gRRbPbbuA8TmMiRvaOzUlRfzfjeCCBqX2A6arxN01MM=
+github.com/markbates/deplist v1.0.5/go.mod h1:gRRbPbbuA8TmMiRvaOzUlRfzfjeCCBqX2A6arxN01MM=
+github.com/markbates/deplist v1.1.3/go.mod h1:BF7ioVzAJYEtzQN/os4rt8H8Ti3h0T7EoN+7eyALktE=
+github.com/markbates/going v1.0.2/go.mod h1:UWCk3zm0UKefHZ7l8BNqi26UyiEMniznk8naLdTcy6c=
+github.com/markbates/grift v1.0.4/go.mod h1:wbmtW74veyx+cgfwFhlnnMWqhoz55rnHR47oMXzsyVs=
+github.com/markbates/hmax v1.0.0/go.mod h1:cOkR9dktiESxIMu+65oc/r/bdY4bE8zZw3OLhLx0X2c=
+github.com/markbates/inflect v1.0.0/go.mod h1:oTeZL2KHA7CUX6X+fovmK9OvIOFuqu0TwdQrZjLTh88=
+github.com/markbates/inflect v1.0.1/go.mod h1:uv3UVNBe5qBIfCm8O8Q+DW+S1EopeyINj+Ikhc7rnCk=
+github.com/markbates/inflect v1.0.3/go.mod h1:1fR9+pO2KHEO9ZRtto13gDwwZaAKstQzferVeWqbgNs=
+github.com/markbates/inflect v1.0.4/go.mod h1:1fR9+pO2KHEO9ZRtto13gDwwZaAKstQzferVeWqbgNs=
+github.com/markbates/oncer v0.0.0-20180924031910-e862a676800b/go.mod h1:Ld9puTsIW75CHf65OeIOkyKbteujpZVXDpWK6YGZbxE=
+github.com/markbates/oncer v0.0.0-20180924034138-723ad0170a46/go.mod h1:Ld9puTsIW75CHf65OeIOkyKbteujpZVXDpWK6YGZbxE=
+github.com/markbates/oncer v0.0.0-20181014194634-05fccaae8fc4/go.mod h1:Ld9puTsIW75CHf65OeIOkyKbteujpZVXDpWK6YGZbxE=
+github.com/markbates/oncer v0.0.0-20181203154359-bf2de49a0be2/go.mod h1:Ld9puTsIW75CHf65OeIOkyKbteujpZVXDpWK6YGZbxE=
+github.com/markbates/oncer v1.0.0/go.mod h1:Z59JA581E9GP6w96jai+TGqafHPW+cPfRxz2aSZ0mcI=
+github.com/markbates/refresh v1.4.10/go.mod h1:NDPHvotuZmTmesXxr95C9bjlw1/0frJwtME2dzcVKhc=
+github.com/markbates/safe v1.0.0/go.mod h1:nAqgmRi7cY2nqMc92/bSEeQA+R4OheNU2T1kNSCBdG0=
+github.com/markbates/safe v1.0.1/go.mod h1:nAqgmRi7cY2nqMc92/bSEeQA+R4OheNU2T1kNSCBdG0=
+github.com/markbates/sigtx v1.0.0/go.mod h1:QF1Hv6Ic6Ca6W+T+DL0Y/ypborFKyvUY9HmuCD4VeTc=
+github.com/markbates/willie v1.0.9/go.mod h1:fsrFVWl91+gXpx/6dv715j7i11fYPfZ9ZGfH0DQzY7w=
+github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU=
+github.com/mattn/go-colorable v0.1.1/go.mod h1:FuOcm+DKB9mbwrcAfNl7/TZVBZ6rcnceauSikq3lYCQ=
+github.com/mattn/go-colorable v0.1.2/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE=
+github.com/mattn/go-colorable v0.1.4/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE=
+github.com/mattn/go-colorable v0.1.6/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc=
+github.com/mattn/go-isatty v0.0.4/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4=
+github.com/mattn/go-isatty v0.0.5/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s=
+github.com/mattn/go-isatty v0.0.7/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s=
+github.com/mattn/go-isatty v0.0.8/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s=
+github.com/mattn/go-isatty v0.0.9/go.mod h1:YNRxwqDuOph6SZLI9vUUz6OYw3QyUt7WiY2yME+cCiQ=
+github.com/mattn/go-isatty v0.0.11/go.mod h1:PhnuNfih5lzO57/f3n+odYbM4JtupLOxQOAqxQCu2WE=
+github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU=
+github.com/mattn/go-sqlite3 v1.9.0/go.mod h1:FPy6KqzDD04eiIsT53CuJW3U88zkxoIYsOqkbpncsNc=
+github.com/mattn/go-sqlite3 v1.10.0/go.mod h1:FPy6KqzDD04eiIsT53CuJW3U88zkxoIYsOqkbpncsNc=
+github.com/mattn/go-sqlite3 v1.11.0/go.mod h1:FPy6KqzDD04eiIsT53CuJW3U88zkxoIYsOqkbpncsNc=
+github.com/mattn/go-sqlite3 v2.0.3+incompatible/go.mod h1:FPy6KqzDD04eiIsT53CuJW3U88zkxoIYsOqkbpncsNc=
+github.com/mattn/goveralls v0.0.2/go.mod h1:8d1ZMHsd7fW6IRPKQh46F2WRpyib5/X4FOpevwGNQEw=
+github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0=
+github.com/microcosm-cc/bluemonday v1.0.1/go.mod h1:hsXNsILzKxV+sX77C5b8FSuKF00vh2OMYv+xgHpAMF4=
+github.com/microcosm-cc/bluemonday v1.0.2/go.mod h1:iVP4YcDBq+n/5fb23BhYFvIMq/leAFZyRl6bYmGDlGc=
+github.com/mitchellh/go-homedir v1.0.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0=
+github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0=
+github.com/mitchellh/mapstructure v1.0.0/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y=
+github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y=
+github.com/mitchellh/mapstructure v1.2.2/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
+github.com/mitchellh/mapstructure v1.3.2 h1:mRS76wmkOn3KkKAyXDu42V+6ebnXWIztFSYGN7GeoRg=
+github.com/mitchellh/mapstructure v1.3.2/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
+github.com/mohae/deepcopy v0.0.0-20170929034955-c48cc78d4826/go.mod h1:TaXosZuwdSHYgviHp1DAtfrULt5eUgsSMsZf+YrPgl8=
+github.com/monoculum/formam v0.0.0-20180901015400-4e68be1d79ba/go.mod h1:RKgILGEJq24YyJ2ban8EO0RUVSJlF1pGsEvoLEACr/Q=
+github.com/montanaflynn/stats v0.0.0-20171201202039-1bf9dbcd8cbe/go.mod h1:wL8QJuTMNUDYhXwkmfOly8iTdp5TEcJFWZD2D7SIkUc=
+github.com/moul/http2curl v0.0.0-20170919181001-9ac6cf4d929b/go.mod h1:8UbvGypXm98wA/IqH45anm5Y2Z6ep6O31QGOAZ3H0fQ=
+github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
+github.com/nicksnyder/go-i18n v1.10.0/go.mod h1:HrK7VCrbOvQoUAQ7Vpy7i87N7JZZZ7R2xBGjv0j365Q=
+github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e h1:fD57ERR4JtEqsWbfPhv4DMiApHyliiK5xCTNVSPiaAs=
+github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno=
+github.com/oklog/ulid v1.3.1/go.mod h1:CirwcVhetQ6Lv90oh/F+FBtV6XMibvdAFo93nm5qn4U=
+github.com/oleiade/reflections v1.0.1/go.mod h1:rdFxbxq4QXVZWj0F+e9jqjDkc7dbp97vkRixKo2JR60=
+github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
+github.com/onsi/ginkgo v1.7.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
+github.com/onsi/ginkgo v1.8.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
+github.com/onsi/ginkgo v1.9.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
+github.com/onsi/ginkgo v1.10.1/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
+github.com/onsi/ginkgo v1.10.3/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
+github.com/onsi/gomega v1.4.1/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA=
+github.com/onsi/gomega v1.4.2/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY=
+github.com/onsi/gomega v1.4.3/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY=
+github.com/onsi/gomega v1.5.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY=
+github.com/onsi/gomega v1.6.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY=
+github.com/onsi/gomega v1.7.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY=
+github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY=
+github.com/opencontainers/go-digest v1.0.0-rc1/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s=
+github.com/opencontainers/image-spec v1.0.1/go.mod h1:BtxoFyWECRxE4U/7sNtV5W15zMzWCbyJoFRP3s7yZA0=
+github.com/opencontainers/runc v0.1.1/go.mod h1:qT5XzbpPznkRYVz/mWwUaVBUv2rmF59PVA73FjuZG0U=
+github.com/opencontainers/runc v1.0.0-rc9/go.mod h1:qT5XzbpPznkRYVz/mWwUaVBUv2rmF59PVA73FjuZG0U=
+github.com/opentracing/opentracing-go v1.0.2/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFStlNbqXla1AfSYxPUl2o=
+github.com/opentracing/opentracing-go v1.1.0/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFStlNbqXla1AfSYxPUl2o=
+github.com/ory/analytics-go/v4 v4.0.0/go.mod h1:FMx9cLRD9xN+XevPvZ5FDMfignpmcqPP6FUKnJ9/MmE=
+github.com/ory/dockertest v3.3.5+incompatible/go.mod h1:1vX4m9wsvi00u5bseYwXaSnhNrne+V0E6LAcBILJdPs=
+github.com/ory/dockertest/v3 v3.5.4/go.mod h1:J8ZUbNB2FOhm1cFZW9xBpDsODqsSWcyYgtJYVPcnF70=
+github.com/ory/fosite v0.29.0/go.mod h1:0atSZmXO7CAcs6NPMI/Qtot8tmZYj04Nddoold4S2h0=
+github.com/ory/go-acc v0.0.0-20181118080137-ddc355013f90/go.mod h1:sxnvPCxChFuSmTJGj8FdMupeq1BezCiEpDjTUXQ4hf4=
+github.com/ory/go-convenience v0.1.0/go.mod h1:uEY/a60PL5c12nYz4V5cHY03IBmwIAEm8TWB0yn9KNs=
+github.com/ory/gojsonreference v0.0.0-20190720135523-6b606c2d8ee8/go.mod h1:wsH1C4nIeeQClDtD5AH7kF1uTS6zWyqfjVDTmB0Em7A=
+github.com/ory/gojsonschema v1.1.1-0.20190919112458-f254ca73d5e9/go.mod h1:BNZpdJgB74KOLSsWFvzw6roXg1I6O51WO8roMmW+T7Y=
+github.com/ory/herodot v0.6.2/go.mod h1:3BOneqcyBsVybCPAJoi92KN2BpJHcmDqAMcAAaJiJow=
+github.com/ory/herodot v0.7.0/go.mod h1:YXKOfAXYdQojDP5sD8m0ajowq3+QXNdtxA+QiUXBwn0=
+github.com/ory/hydra-client-go v1.7.4 h1:xazbWaXCsAjRazT8EWStU6qjkT0I0EC6WtXZOGtNau4=
+github.com/ory/hydra-client-go v1.7.4/go.mod h1:g1By+kj32wbTmbtBWnFV0NWDif3YBxPvse882PU912I=
+github.com/ory/jsonschema/v3 v3.0.1/go.mod h1:jgLHekkFk0uiGdEWGleC+tOm6JSSP8cbf17PnBuGXlw=
+github.com/ory/kratos-client-go v0.10.1 h1:kSRk+0leCJ1nPMS+FPho8b9WMzrKNpgszvta0Xo32QU=
+github.com/ory/kratos-client-go v0.10.1/go.mod h1:dOQIsar76K07wMPJD/6aMhrWyY+sFGEagLDLso1CpsA=
+github.com/ory/viper v1.5.6/go.mod h1:TYmpFpKLxjQwvT4f0QPpkOn4sDXU1kDgAwJpgLYiQ28=
+github.com/ory/viper v1.7.4/go.mod h1:T6sodNZKNGPpashUOk7EtXz2isovz8oCd57GNVkkNmE=
+github.com/ory/x v0.0.84/go.mod h1:RXLPBG7B+hAViONVg0sHwK+U/ie1Y/NeXrq1JcARfoE=
+github.com/ory/x v0.0.93/go.mod h1:lfcTaGXpTZs7IEQAW00r9EtTCOxD//SiP5uWtNiz31g=
+github.com/ory/x v0.0.110/go.mod h1:DJfkE3GdakhshNhw4zlKoRaL/ozg/lcTahA9OCih2BE=
+github.com/ory/x v0.0.116 h1:gq47UBzFe9l8n4CToLFMAkjNwqTR+oq1JZYxhA0T5dM=
+github.com/ory/x v0.0.116/go.mod h1:ImFneVZHXPCeI1EYXLzRylIkOUMQnWT9Xwuasd8QHxw=
+github.com/parnurzeal/gorequest v0.2.15/go.mod h1:3Kh2QUMJoqw3icWAecsyzkpY7UzRfDhbRdTjtNwNiUE=
+github.com/pborman/uuid v1.2.0/go.mod h1:X/NO0urCmaxf9VXbdlT7C2Yzkj2IKimNn4k+gtPdI/k=
+github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic=
+github.com/pelletier/go-toml v1.4.0/go.mod h1:PN7xzY2wHTK0K9p34ErDQMlFxa51Fk0OUruD3k1mMwo=
+github.com/pelletier/go-toml v1.6.0/go.mod h1:5N711Q9dKgbdkxHL+MEfF31hpT7l0S0s/t2kKREewys=
+github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
+github.com/pkg/errors v0.8.1-0.20171018195549-f15c970de5b7/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
+github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
+github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
+github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
+github.com/pkg/profile v1.2.1/go.mod h1:hJw3o1OdXxsrSjjVksARp5W95eeEaEfptyVZyv6JUPA=
+github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
+github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw=
+github.com/prometheus/client_golang v0.9.3/go.mod h1:/TN21ttK/J9q6uSwhBd54HahCDft0ttaMvbicHlPoso=
+github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo=
+github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
+github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
+github.com/prometheus/common v0.0.0-20181113130724-41aa239b4cce/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro=
+github.com/prometheus/common v0.4.0/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4=
+github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
+github.com/prometheus/procfs v0.0.0-20190507164030-5867b95ac084/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA=
+github.com/prometheus/tsdb v0.7.1/go.mod h1:qhTCs0VvXwvX/y3TZrWD7rabWM+ijKTux40TwIPHuXU=
+github.com/remyoudompheng/bigfft v0.0.0-20190728182440-6a916e37a237/go.mod h1:qqbHyh8v60DhA7CoWK5oRCqLrMHRGoxYCSS9EjAz6Eo=
+github.com/rogpeppe/fastuuid v0.0.0-20150106093220-6724a57986af/go.mod h1:XWv6SoW27p1b0cqNHllgS5HIMJraePCO15w5zCzIWYg=
+github.com/rogpeppe/go-internal v1.0.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
+github.com/rogpeppe/go-internal v1.1.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
+github.com/rogpeppe/go-internal v1.2.2/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
+github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
+github.com/rogpeppe/go-internal v1.3.2/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc=
+github.com/rogpeppe/go-internal v1.4.0/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc=
+github.com/rogpeppe/go-internal v1.5.2/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc=
+github.com/rs/cors v1.6.0/go.mod h1:gFx+x8UowdsKA9AchylcLynDq+nNFfI8FkUZdN/jGCU=
+github.com/rs/xid v1.2.1/go.mod h1:+uKXf+4Djp6Md1KODXJxgGQPKngRmWyn10oCKFzNHOQ=
+github.com/rs/zerolog v1.13.0/go.mod h1:YbFCdg8HfsridGWAh22vktObvhZbQsZXe4/zB0OKkWU=
+github.com/rs/zerolog v1.15.0/go.mod h1:xYTKnLHcpfU2225ny5qZjxnj9NvkumZYjJHlAThCjNc=
+github.com/rubenv/sql-migrate v0.0.0-20190212093014-1007f53448d7/go.mod h1:WS0rl9eEliYI8DPnr3TOwz4439pay+qNgzJoVya/DmY=
+github.com/russross/blackfriday v1.5.2/go.mod h1:JO/DiYxRf+HjHt06OyowR9PTA263kcR/rfWxYHBV53g=
+github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
+github.com/santhosh-tekuri/jsonschema v1.2.4/go.mod h1:TEAUOeZSmIxTTuHatJzrvARHiuO9LYd+cIxzgEHCQI4=
+github.com/santhosh-tekuri/jsonschema/v2 v2.1.0/go.mod h1:yzJzKUGV4RbWqWIBBP4wSOBqavX5saE02yirLS0OTyg=
+github.com/satori/go.uuid v1.2.0/go.mod h1:dA0hQrYB0VpLJoorglMZABFdXlWrHn1NEOzdhQKdks0=
+github.com/segmentio/analytics-go v3.0.1+incompatible/go.mod h1:C7CYBtQWk4vRk2RyLu0qOcbHJ18E3F1HV2C/8JvKN48=
+github.com/segmentio/analytics-go v3.1.0+incompatible/go.mod h1:C7CYBtQWk4vRk2RyLu0qOcbHJ18E3F1HV2C/8JvKN48=
+github.com/segmentio/backo-go v0.0.0-20160424052352-204274ad699c/go.mod h1:kJ9mm9YmoWSkk+oQ+5Cj8DEoRCX2JT6As4kEtIIOp1M=
+github.com/segmentio/backo-go v0.0.0-20200129164019-23eae7c10bd3/go.mod h1:9/Rh6yILuLysoQnZ2oNooD2g7aBnvM7r/fNVxRNWfBc=
+github.com/segmentio/conf v1.2.0/go.mod h1:Y3B9O/PqqWqjyxyWWseyj/quPEtMu1zDp/kVbSWWaB0=
+github.com/segmentio/go-snakecase v1.1.0/go.mod h1:jk1miR5MS7Na32PZUykG89Arm+1BUSYhuGR6b7+hJto=
+github.com/segmentio/objconv v1.0.1/go.mod h1:auayaH5k3137Cl4SoXTgrzQcuQDmvuVtZgS0fb1Ahys=
+github.com/serenize/snaker v0.0.0-20171204205717-a683aaf2d516/go.mod h1:Yow6lPLSAXx2ifx470yD/nUe22Dv5vBvxK/UK9UUTVs=
+github.com/sergi/go-diff v1.0.0/go.mod h1:0CfEIISq7TuYL3j771MWULgwwjU+GofnZX9QAmXWZgo=
+github.com/sergi/go-diff v1.1.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNXdaHfM=
+github.com/shopspring/decimal v0.0.0-20180709203117-cd690d0c9e24/go.mod h1:M+9NzErvs504Cn4c5DxATwIqPbtswREoFCre64PpcG4=
+github.com/shurcooL/go v0.0.0-20180423040247-9e1955d9fb6e/go.mod h1:TDJrrUr11Vxrven61rcy3hJMUqaf/CLWYhHNPmT14Lk=
+github.com/shurcooL/go-goon v0.0.0-20170922171312-37c2f522c041/go.mod h1:N5mDOmsrJOB+vfqUK+7DmDyjhSLIIBnXo9lvZJj3MWQ=
+github.com/shurcooL/highlight_diff v0.0.0-20170515013008-09bb4053de1b/go.mod h1:ZpfEhSmds4ytuByIcDnOLkTHGUI6KNqRNPDLHDk+mUU=
+github.com/shurcooL/highlight_go v0.0.0-20170515013102-78fb10f4a5f8/go.mod h1:UDKB5a1T23gOMUJrI+uSuH0VRDStOiUVSjBTRDVBVag=
+github.com/shurcooL/octicon v0.0.0-20180602230221-c42b0e3b24d9/go.mod h1:eWdoE5JD4R5UVWDucdOPg1g2fqQRq78IQa9zlOV1vpQ=
+github.com/shurcooL/sanitized_anchor_name v0.0.0-20170918181015-86672fcb3f95/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc=
+github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc=
+github.com/sirupsen/logrus v1.0.4-0.20170822132746-89742aefa4b2/go.mod h1:pMByvHTf9Beacp5x1UXfOR9xyW/9antXMhjMPG0dEzc=
+github.com/sirupsen/logrus v1.0.6/go.mod h1:pMByvHTf9Beacp5x1UXfOR9xyW/9antXMhjMPG0dEzc=
+github.com/sirupsen/logrus v1.1.0/go.mod h1:zrgwTnHtNr00buQ1vSptGe8m1f/BbgsPukg8qsT7A+A=
+github.com/sirupsen/logrus v1.1.1/go.mod h1:zrgwTnHtNr00buQ1vSptGe8m1f/BbgsPukg8qsT7A+A=
+github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo=
+github.com/sirupsen/logrus v1.3.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo=
+github.com/sirupsen/logrus v1.4.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo=
+github.com/sirupsen/logrus v1.4.1/go.mod h1:ni0Sbl8bgC9z8RoU9G6nDWqqs/fq4eDPysMBDgk/93Q=
+github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE=
+github.com/sirupsen/logrus v1.5.0 h1:1N5EYkVAPEywqZRJd7cwnRtCb6xJx7NH3T3WUTF980Q=
+github.com/sirupsen/logrus v1.5.0/go.mod h1:+F7Ogzej0PZc/94MaYx/nvG9jOFMD2osvC3s+Squfpo=
+github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc=
+github.com/smartystreets/goconvey v0.0.0-20180222194500-ef6db91d284a/go.mod h1:XDJAKZRPZ1CvBcN2aX5YOUTYGHki24fSF0Iv48Ibg0s=
+github.com/smartystreets/goconvey v1.6.4/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA=
+github.com/soheilhy/cmux v0.1.4/go.mod h1:IM3LyeVVIOuxMH7sFAkER9+bJ4dT7Ms6E4xg4kGIyLM=
+github.com/sourcegraph/annotate v0.0.0-20160123013949-f4cad6c6324d/go.mod h1:UdhH50NIW0fCiwBSr0co2m7BnFLdv4fQTgdqdJTHFeE=
+github.com/sourcegraph/syntaxhighlight v0.0.0-20170531221838-bd320f5d308e/go.mod h1:HuIsMU8RRBOtsCgI77wP899iHVBQpCmg4ErYMZB+2IA=
+github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA=
+github.com/spf13/afero v1.1.2/go.mod h1:j4pytiNVoe2o6bmDsKpLACNPDBIoEAkihy7loJ1B0CQ=
+github.com/spf13/afero v1.2.0/go.mod h1:9ZxEEn6pIJ8Rxe320qSDBk6AsU0r9pR7Q4OcevTdifk=
+github.com/spf13/afero v1.2.2/go.mod h1:9ZxEEn6pIJ8Rxe320qSDBk6AsU0r9pR7Q4OcevTdifk=
+github.com/spf13/cast v1.2.0/go.mod h1:r2rcYCSwa1IExKTDiTfzaxqT2FNHs8hODu4LnUfgKEg=
+github.com/spf13/cast v1.3.0/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE=
+github.com/spf13/cast v1.3.1/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE=
+github.com/spf13/cobra v0.0.2-0.20171109065643-2da4a54c5cee/go.mod h1:1l0Ry5zgKvJasoi3XT1TypsSe7PqH0Sj9dhYf7v3XqQ=
+github.com/spf13/cobra v0.0.3/go.mod h1:1l0Ry5zgKvJasoi3XT1TypsSe7PqH0Sj9dhYf7v3XqQ=
+github.com/spf13/cobra v0.0.5/go.mod h1:3K3wKZymM7VvHMDS9+Akkh4K60UwM26emMESw8tLCHU=
+github.com/spf13/cobra v0.0.7 h1:FfTH+vuMXOas8jmfb5/M7dzEYx7LpcLb7a0LPe34uOU=
+github.com/spf13/cobra v0.0.7/go.mod h1:/6GTrnGXV9HjY+aR4k0oJ5tcvakLuG6EuKReYlHNrgE=
+github.com/spf13/jwalterweatherman v1.0.0/go.mod h1:cQK4TGJAtQXfYWX+Ddv3mKDzgVb68N+wFjFa4jdeBTo=
+github.com/spf13/jwalterweatherman v1.1.0/go.mod h1:aNWZUN0dPAAO/Ljvb5BEdw96iTZ0EXowPYD95IqWIGo=
+github.com/spf13/pflag v1.0.1-0.20171106142849-4c012f6dcd95/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4=
+github.com/spf13/pflag v1.0.2/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4=
+github.com/spf13/pflag v1.0.3/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4=
+github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA=
+github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
+github.com/spf13/viper v1.2.1/go.mod h1:P4AexN0a+C9tGAnUFNwDMYYZv3pjFuvmeiMyKRaNVlI=
+github.com/spf13/viper v1.3.1/go.mod h1:ZiWeW+zYFKm7srdB9IoDzzZXaJaI5eL9QjNiN/DMA2s=
+github.com/spf13/viper v1.3.2/go.mod h1:ZiWeW+zYFKm7srdB9IoDzzZXaJaI5eL9QjNiN/DMA2s=
+github.com/spf13/viper v1.4.0/go.mod h1:PTJ7Z/lr49W6bUbkmS1V3by4uWynFiR9p7+dSq/yZzE=
+github.com/sqs/goreturns v0.0.0-20181028201513-538ac6014518/go.mod h1:CKI4AZ4XmGV240rTHfO0hfE83S6/a3/Q1siZJ/vXf7A=
+github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
+github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
+github.com/stretchr/objx v0.2.0/go.mod h1:qt09Ya8vawLte6SNmTgCsAVtYtaKzEcn8ATUoHMkEqE=
+github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
+github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
+github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
+github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA=
+github.com/stretchr/testify v1.6.1 h1:hDPOHmpOpP40lSULcqw7IrRb/u7w6RpDC9399XyoNd0=
+github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+github.com/subosito/gotenv v1.1.1/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69rRypqCw=
+github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69rRypqCw=
+github.com/tidwall/gjson v1.3.2/go.mod h1:P256ACg0Mn+j1RXIDXoss50DeIABTYK1PULOJHhxOls=
+github.com/tidwall/match v1.0.1/go.mod h1:LujAq0jyVjBy028G1WhWfIzbpQfMO8bBZ6Tyb0+pL9E=
+github.com/tidwall/pretty v1.0.0 h1:HsD+QiTn7sK6flMKIvNmpqz1qrpP3Ps6jOKIKMooyg4=
+github.com/tidwall/pretty v1.0.0/go.mod h1:XNkn88O1ChpSDQmQeStsy+sBenx6DDtFZJxhVysOjyk=
+github.com/tidwall/sjson v1.0.4/go.mod h1:bURseu1nuBkFpIES5cz6zBtjmYeOQmEESshn7VpF15Y=
+github.com/tmc/grpc-websocket-proxy v0.0.0-20190109142713-0ad062ec5ee5/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U=
+github.com/uber-go/atomic v1.3.2/go.mod h1:/Ct5t2lcmbJ4OSe/waGBoaVvVqtO0bmtfVNex1PFV8g=
+github.com/uber/jaeger-client-go v2.15.0+incompatible/go.mod h1:WVhlPFC8FDjOFMMWRy2pZqQJSXxYSwNYOkTr/Z6d3Kk=
+github.com/uber/jaeger-client-go v2.22.1+incompatible/go.mod h1:WVhlPFC8FDjOFMMWRy2pZqQJSXxYSwNYOkTr/Z6d3Kk=
+github.com/uber/jaeger-lib v1.5.0/go.mod h1:ComeNDZlWwrWnDv8aPp0Ba6+uUTzImX/AauajbLI56U=
+github.com/uber/jaeger-lib v2.2.0+incompatible/go.mod h1:ComeNDZlWwrWnDv8aPp0Ba6+uUTzImX/AauajbLI56U=
+github.com/ugorji/go v1.1.4/go.mod h1:uQMGLiO92mf5W77hV/PUCpI3pbzQx3CRekS0kk+RGrc=
+github.com/ugorji/go/codec v0.0.0-20181204163529-d75b2dcb6bc8/go.mod h1:VFNgLljTbGfSG7qAOspJ7OScBnGdDN/yBr0sguwnwf0=
+github.com/unrolled/secure v0.0.0-20180918153822-f340ee86eb8b/go.mod h1:mnPT77IAdsi/kV7+Es7y+pXALeV3h7G6dQF6mNYjcLA=
+github.com/unrolled/secure v0.0.0-20181005190816-ff9db2ff917f/go.mod h1:mnPT77IAdsi/kV7+Es7y+pXALeV3h7G6dQF6mNYjcLA=
+github.com/urfave/negroni v1.0.0/go.mod h1:Meg73S6kFm/4PpbYdq35yYWoCZ9mS/YSx+lKnmiohz4=
+github.com/xdg/scram v0.0.0-20180814205039-7eeb5667e42c/go.mod h1:lB8K/P019DLNhemzwFU4jHLhdvlE6uDZjXFejJXr49I=
+github.com/xdg/stringprep v0.0.0-20180714160509-73f8eece6fdc/go.mod h1:Jhud4/sHMO4oL310DaZAKk9ZaJ08SJfe+sJh0HrGL1Y=
+github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU=
+github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2/go.mod h1:UETIi67q53MR2AWcXfiuqkDkRtnGDLqkBTpCHuJHxtU=
+github.com/xordataexchange/crypt v0.0.3-0.20170626215501-b2862e3d0a77/go.mod h1:aYKd//L2LvnjZzWKhF00oedf4jCCReLcmhLdhm1A27Q=
+github.com/xtgo/uuid v0.0.0-20140804021211-a0b114877d4c/go.mod h1:UrdRz5enIKZ63MEE3IF9l2/ebyx59GyGgPi+tICQdmM=
+github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
+github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
+github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
+github.com/zenazn/goji v0.9.0/go.mod h1:7S9M489iMyHBNxwZnk9/EHS098H4/F6TATF2mIxtB1Q=
+github.com/ziutek/mymysql v1.5.4/go.mod h1:LMSpPZ6DbqWFxNCHW77HeMg9I646SAhApZ/wKdgO/C0=
+go.etcd.io/bbolt v1.3.2/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU=
+go.mongodb.org/mongo-driver v1.0.3/go.mod h1:u7ryQJ+DOzQmeO7zB6MHyr8jkEQvC8vH7qLUO4lqsUM=
+go.mongodb.org/mongo-driver v1.1.1/go.mod h1:u7ryQJ+DOzQmeO7zB6MHyr8jkEQvC8vH7qLUO4lqsUM=
+go.mongodb.org/mongo-driver v1.3.0/go.mod h1:MSWZXKOynuguX+JSvwP8i+58jYCXxbia8HS3gZBapIE=
+go.mongodb.org/mongo-driver v1.3.4 h1:zs/dKNwX0gYUtzwrN9lLiR15hCO0nDwQj5xXx+vjCdE=
+go.mongodb.org/mongo-driver v1.3.4/go.mod h1:MSWZXKOynuguX+JSvwP8i+58jYCXxbia8HS3gZBapIE=
+go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU=
+go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8=
+go.opencensus.io v0.22.1/go.mod h1:Ap50jQcDJrx6rB6VgeeFPtuPIf3wMRvRfrfYDO6+BmA=
+go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
+go.opencensus.io v0.22.3/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
+go.opencensus.io v0.22.4/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
+go.uber.org/atomic v1.3.2/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE=
+go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE=
+go.uber.org/atomic v1.5.1/go.mod h1:sABNBOSYdrvTF6hTgEIbc7YasKWGhgEQZyfxyTvoXHQ=
+go.uber.org/multierr v1.1.0/go.mod h1:wR5kodmAFQ0UK8QlbwjlSNy0Z68gJhDJUG5sjR94q/0=
+go.uber.org/zap v1.9.1/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q=
+go.uber.org/zap v1.10.0/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q=
+golang.org/x/crypto v0.0.0-20171113213409-9f005a07e0d3/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
+golang.org/x/crypto v0.0.0-20180830192347-182538f80094/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
+golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
+golang.org/x/crypto v0.0.0-20180910181607-0e37d006457b/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
+golang.org/x/crypto v0.0.0-20181001203147-e3636079e1a4/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
+golang.org/x/crypto v0.0.0-20181009213950-7c1a557ab941/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
+golang.org/x/crypto v0.0.0-20181015023909-0c41d7ab0a0e/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
+golang.org/x/crypto v0.0.0-20181024171144-74cb1d3d52f4/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
+golang.org/x/crypto v0.0.0-20181025113841-85e1b3f9139a/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
+golang.org/x/crypto v0.0.0-20181025213731-e84da0312774/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
+golang.org/x/crypto v0.0.0-20181106171534-e4dc69e5b2fd/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
+golang.org/x/crypto v0.0.0-20181112202954-3d3f9f413869/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
+golang.org/x/crypto v0.0.0-20181127143415-eb0de9b17e85/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
+golang.org/x/crypto v0.0.0-20181203042331-505ab145d0a9/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
+golang.org/x/crypto v0.0.0-20190102171810-8d7daa0c54b3/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
+golang.org/x/crypto v0.0.0-20190103213133-ff983b9c42bc/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
+golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
+golang.org/x/crypto v0.0.0-20190320223903-b7391e95e576/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
+golang.org/x/crypto v0.0.0-20190411191339-88737f569e3a/go.mod h1:WFFai1msRO1wXaEeE5yQxYXgSfI8pQAWXbQop6sCtWE=
+golang.org/x/crypto v0.0.0-20190422162423-af44ce270edf/go.mod h1:WFFai1msRO1wXaEeE5yQxYXgSfI8pQAWXbQop6sCtWE=
+golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
+golang.org/x/crypto v0.0.0-20190530122614-20be4c3c3ed5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
+golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
+golang.org/x/crypto v0.0.0-20190611184440-5c40567a22f8/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
+golang.org/x/crypto v0.0.0-20190617133340-57b3e21c3d56/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
+golang.org/x/crypto v0.0.0-20190621222207-cc06ce4a13d4/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
+golang.org/x/crypto v0.0.0-20190701094942-4def268fd1a4/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
+golang.org/x/crypto v0.0.0-20190820162420-60c769a6c586/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
+golang.org/x/crypto v0.0.0-20190911031432-227b76d455e7/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
+golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
+golang.org/x/crypto v0.0.0-20191122220453-ac88ee75c92c/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
+golang.org/x/crypto v0.0.0-20200117160349-530e935923ad/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
+golang.org/x/crypto v0.0.0-20200320181102-891825fb96df/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
+golang.org/x/crypto v0.0.0-20200323165209-0ec3e9974c59/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
+golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
+golang.org/x/exp v0.0.0-20180321215751-8460e604b9de/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
+golang.org/x/exp v0.0.0-20180807140117-3d87b88a115f/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
+golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
+golang.org/x/exp v0.0.0-20190125153040-c74c464bbbf2/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
+golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
+golang.org/x/exp v0.0.0-20190312203227-4b39c73a6495/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
+golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
+golang.org/x/exp v0.0.0-20190829153037-c13cbed26979/go.mod h1:86+5VVa7VpoJ4kLfm080zCjGlMRFzhUhsZKEZO7MGek=
+golang.org/x/exp v0.0.0-20191030013958-a1ab85dbe136/go.mod h1:JXzH8nQsPlswgeRAPE3MuO9GYsAcnJvJ4vnMwN/5qkY=
+golang.org/x/exp v0.0.0-20191129062945-2f5052295587/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4=
+golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4=
+golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4=
+golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM=
+golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU=
+golang.org/x/image v0.0.0-20180708004352-c73c2afc3b81/go.mod h1:ux5Hcp/YLpHSI86hEcLt0YII63i6oz57MZXIpbrjZUs=
+golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js=
+golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0=
+golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
+golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU=
+golang.org/x/lint v0.0.0-20190301231843-5614ed5bae6f/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
+golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
+golang.org/x/lint v0.0.0-20190409202823-959b441ac422/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
+golang.org/x/lint v0.0.0-20190909230951-414d861bb4ac/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
+golang.org/x/lint v0.0.0-20190930215403-16217165b5de/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
+golang.org/x/lint v0.0.0-20191125180803-fdd1cda4f05f/go.mod h1:5qLYkcX4OjUUV8bRuDixDT3tpyyb+LUpUlRWLxfhWrs=
+golang.org/x/lint v0.0.0-20200130185559-910be7a94367/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
+golang.org/x/lint v0.0.0-20200302205851-738671d3881b/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
+golang.org/x/mobile v0.0.0-20190312151609-d3739f865fa6/go.mod h1:z+o9i4GpDbdi3rU15maQ/Ox0txvL9dWGYEHz965HBQE=
+golang.org/x/mobile v0.0.0-20190719004257-d2bd2a29d028/go.mod h1:E/iHnbuqvinMTCcRqshq8CkpyQDoeVncDDYHnLhea+o=
+golang.org/x/mod v0.0.0-20190513183733-4bf6d317e70e/go.mod h1:mXi4GBBbnImb6dmsKGUJ2LatrhH/nqhxcFungHvyanc=
+golang.org/x/mod v0.1.0/go.mod h1:0QHyrYULN0/3qlju5TqG8bIK38QM8yzMo5ekMj3DlcY=
+golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg=
+golang.org/x/mod v0.1.1-0.20191107180719-034126e5016b/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg=
+golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
+golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
+golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20180816102801-aaf60122140d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20180921000356-2f5d2388922f/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20180926154720-4dfa2610cdf3/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20181005035420-146acd28ed58/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20181011144130-49bb7cea24b1/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20181017193950-04a2e542c03f/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20181023162649-9b4f9f5ad519/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20181102091132-c10e9556a7bc/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20181106065722-10aee1819953/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20181207154023-610586996380/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20181220203305-927f97764cc3/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
+golang.org/x/net v0.0.0-20190320064053-1272bf9dcd53/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
+golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
+golang.org/x/net v0.0.0-20190501004415-9ce7a6920f09/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
+golang.org/x/net v0.0.0-20190503192946-f4e77d36d62c/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
+golang.org/x/net v0.0.0-20190522155817-f3200d17e092/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks=
+golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks=
+golang.org/x/net v0.0.0-20190613194153-d28f0bde5980/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20190628185345-da137c7871d7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20190724013045-ca1201d0de80/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20190813141303-74dc4d7220e7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20190827160401-ba9fcec4b297/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20191003171128-d98b1b443823/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20191209160850-c0dbc17a3553/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20200114155413-6afb5195e5aa/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20200202094626-16171245cfb2/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20200219183655-46282727080f/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20200222125558-5a598a2470a0/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20200301022130-244492dfa37a/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20200324143707-d3edc9973b7e/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
+golang.org/x/net v0.0.0-20200501053045-e0ff5e5a1de5/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
+golang.org/x/net v0.0.0-20200506145744-7e3656a0809f/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
+golang.org/x/net v0.0.0-20200513185701-a91f0712d120/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
+golang.org/x/net v0.0.0-20200520182314-0ba52f642ac2/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
+golang.org/x/net v0.0.0-20200602114024-627f9648deb9/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
+golang.org/x/net v0.0.0-20200625001655-4c5254603344/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
+golang.org/x/net v0.0.0-20200707034311-ab3426394381/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
+golang.org/x/net v0.0.0-20200822124328-c89045814202 h1:VvcQYSHwXgi7W+TpUR6A9g6Up98WAHf3f/ulnJ62IyA=
+golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
+golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
+golang.org/x/oauth2 v0.0.0-20181003184128-c57b0facaced/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
+golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
+golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
+golang.org/x/oauth2 v0.0.0-20191202225959-858c2ad4c8b6/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
+golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
+golang.org/x/oauth2 v0.0.0-20210323180902-22b0adad7558 h1:D7nTwh4J0i+5mW4Zjzn5omvlr6YBcWywE6KOcatyNxY=
+golang.org/x/oauth2 v0.0.0-20210323180902-22b0adad7558/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
+golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20190227155943-e225da77a7e6/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20190412183630-56d357773e84/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20200317015054-43a5402ce75a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sys v0.0.0-20220319134239-a9b59b0215f8 h1:OH54vjqzRWmbJ62fjuhxy7AxFFgoHN0/DPc/UrL8cAs=
+golang.org/x/sys v0.0.0-20220319134239-a9b59b0215f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
+golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
+golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
+golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
+golang.org/x/text v0.3.3 h1:cokOdA+Jmi5PJGXLlLllQSgYigAEfHXJAERHVMaCc2k=
+golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
+golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
+golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
+golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
+golang.org/x/tools v0.0.0-20180221164845-07fd8470d635/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
+golang.org/x/tools v0.0.0-20180525024113-a5b4c53f6e8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
+golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
+golang.org/x/tools v0.0.0-20181003024731-2f84ea8ef872/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
+golang.org/x/tools v0.0.0-20181006002542-f60d9635b16a/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
+golang.org/x/tools v0.0.0-20181008205924-a2b3f7f249e9/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
+golang.org/x/tools v0.0.0-20181013182035-5e66757b835f/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
+golang.org/x/tools v0.0.0-20181017214349-06f26fdaaa28/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
+golang.org/x/tools v0.0.0-20181024171208-a2dc47679d30/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
+golang.org/x/tools v0.0.0-20181026183834-f60e5f99f081/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
+golang.org/x/tools v0.0.0-20181030221726-6c7e314b6563/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
+golang.org/x/tools v0.0.0-20181105230042-78dc5bac0cac/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
+golang.org/x/tools v0.0.0-20181107215632-34b416bd17b3/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
+golang.org/x/tools v0.0.0-20181114190951-94339b83286c/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
+golang.org/x/tools v0.0.0-20181119130350-139d099f6620/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
+golang.org/x/tools v0.0.0-20181127195227-b4e97c0ed882/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
+golang.org/x/tools v0.0.0-20181127232545-e782529d0ddd/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
+golang.org/x/tools v0.0.0-20181203210056-e5f3ab76ea4b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
+golang.org/x/tools v0.0.0-20181205224935-3576414c54a4/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
+golang.org/x/tools v0.0.0-20181206194817-bcd4e47d0288/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
+golang.org/x/tools v0.0.0-20181207183836-8bc39b988060/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
+golang.org/x/tools v0.0.0-20181212172921-837e80568c09/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
+golang.org/x/tools v0.0.0-20190102213336-ca9055ed7d04/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
+golang.org/x/tools v0.0.0-20190104182027-498d95493402/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
+golang.org/x/tools v0.0.0-20190111214448-fc1d57b08d7b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
+golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
+golang.org/x/tools v0.0.0-20190118193359-16909d206f00/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
+golang.org/x/tools v0.0.0-20190206041539-40960b6deb8e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
+golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY=
+golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
+golang.org/x/tools v0.0.0-20190312151545-0bb0c0a6e846/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
+golang.org/x/tools v0.0.0-20190312170243-e65039ee4138/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
+golang.org/x/tools v0.0.0-20190328211700-ab21143f2384/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
+golang.org/x/tools v0.0.0-20190329151228-23e29df326fe/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
+golang.org/x/tools v0.0.0-20190416151739-9c9e1878f421/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
+golang.org/x/tools v0.0.0-20190420181800-aa740d480789/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
+golang.org/x/tools v0.0.0-20190425150028-36563e24a262/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
+golang.org/x/tools v0.0.0-20190425163242-31fd60d6bfdc/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
+golang.org/x/tools v0.0.0-20190506145303-2d16b83fe98c/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
+golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
+golang.org/x/tools v0.0.0-20190531172133-b3315ee88b7d/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
+golang.org/x/tools v0.0.0-20190606124116-d0a3d012864b/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
+golang.org/x/tools v0.0.0-20190613204242-ed0dc450797f/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
+golang.org/x/tools v0.0.0-20190614205625-5aca471b1d59/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
+golang.org/x/tools v0.0.0-20190617190820-da514acc4774/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
+golang.org/x/tools v0.0.0-20190621195816-6e04913cbbac/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
+golang.org/x/tools v0.0.0-20190624190245-7f2218787638/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
+golang.org/x/tools v0.0.0-20190628153133-6cdbf07be9d0/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
+golang.org/x/tools v0.0.0-20190711191110-9a621aea19f8/go.mod h1:jcCCGcm9btYwXyDqrUWc6MKQKKGJCWEQ3AfLSRIbEuI=
+golang.org/x/tools v0.0.0-20190816200558-6889da9d5479/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.0.0-20190823170909-c4a336ef6a2f/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.0.0-20190911174233-4f2ddba30aff/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.0.0-20191004055002-72853e10c5a3/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.0.0-20191012152004-8de300cfc20a/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.0.0-20191029041327-9cc4af7d6b2c/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.0.0-20191113191852-77e3bb0ad9e7/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.0.0-20191115202509-3a792d9c32b2/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.0.0-20191125144606-a911d9008d1f/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.0.0-20191130070609-6e064ea0cf2d/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.0.0-20191216173652-a0e659d51361/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
+golang.org/x/tools v0.0.0-20191224055732-dd894d0a8a40/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
+golang.org/x/tools v0.0.0-20191227053925-7b8e75db28f4/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
+golang.org/x/tools v0.0.0-20200117161641-43d50277825c/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
+golang.org/x/tools v0.0.0-20200117220505-0cba7a3a9ee9/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
+golang.org/x/tools v0.0.0-20200122220014-bf1340f18c4a/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
+golang.org/x/tools v0.0.0-20200130002326-2f3ba24bd6e7/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
+golang.org/x/tools v0.0.0-20200203215610-ab391d50b528/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
+golang.org/x/tools v0.0.0-20200204074204-1cc6d1ef6c74/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
+golang.org/x/tools v0.0.0-20200207183749-b753a1ba74fa/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
+golang.org/x/tools v0.0.0-20200212150539-ea181f53ac56/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
+golang.org/x/tools v0.0.0-20200224181240-023911ca70b2/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
+golang.org/x/tools v0.0.0-20200227222343-706bc42d1f0d/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
+golang.org/x/tools v0.0.0-20200304193943-95d2e580d8eb/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw=
+golang.org/x/tools v0.0.0-20200312045724-11d5b4c81c7d/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw=
+golang.org/x/tools v0.0.0-20200331025713-a30bf2db82d4/go.mod h1:Sl4aGygMT6LrqrWclx+PTx3U+LnKx/seiNR+3G19Ar8=
+golang.org/x/tools v0.0.0-20200501065659-ab2804fb9c9d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
+golang.org/x/tools v0.0.0-20200512131952-2bc93b1c0c88/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
+golang.org/x/tools v0.0.0-20200515010526-7d3b6ebf133d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
+golang.org/x/tools v0.0.0-20200618134242-20370b0cb4b2/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
+golang.org/x/tools v0.0.0-20200729194436-6467de6f59a7/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
+golang.org/x/tools v0.0.0-20200804011535-6c149bb5ef0d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
+golang.org/x/tools v0.0.0-20200825202427-b303f430e36d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
+golang.org/x/xerrors v0.0.0-20190410155217-1f06c39b4373/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+golang.org/x/xerrors v0.0.0-20190513163551-3ee3066db522/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 h1:go1bK/D/BFZV2I8cIQd1NKEZ+0owSTG1fDTci4IqFcE=
+golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+gonum.org/v1/gonum v0.0.0-20180816165407-929014505bf4/go.mod h1:Y+Yx5eoAFn32cQvJDxZx5Dpnq+c3wtXuadVZAcxbbBo=
+gonum.org/v1/gonum v0.6.2/go.mod h1:9mxDZsDKxgMAuccQkewq682L+0eCu4dCN2yonUJTCLU=
+gonum.org/v1/netlib v0.0.0-20190313105609-8cb42192e0e0/go.mod h1:wa6Ws7BG/ESfp6dHfk7C6KdzKA7wR7u/rKwOGE66zvw=
+gonum.org/v1/netlib v0.0.0-20191229114700-bbb4dff026f8/go.mod h1:2IgXn/sJaRbePPBA1wRj8OE+QLvVaH0q8SK6TSTKlnk=
+gonum.org/v1/plot v0.0.0-20190515093506-e2840ee46a6b/go.mod h1:Wt8AAjI+ypCyYX3nZBvf6cAIx93T+c/OS2HFAYskSZc=
+gonum.org/v1/plot v0.0.0-20200111075622-4abb28f724d5/go.mod h1:+HbaZVpsa73UwN7kXGCECULRHovLRJjH+t5cFPgxErs=
+google.golang.org/api v0.4.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE=
+google.golang.org/api v0.7.0/go.mod h1:WtwebWUNSVBH/HAw79HIFXZNqEvBhG+Ra+ax0hx3E3M=
+google.golang.org/api v0.8.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg=
+google.golang.org/api v0.9.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg=
+google.golang.org/api v0.13.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI=
+google.golang.org/api v0.14.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI=
+google.golang.org/api v0.15.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI=
+google.golang.org/api v0.17.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=
+google.golang.org/api v0.18.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=
+google.golang.org/api v0.19.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=
+google.golang.org/api v0.20.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=
+google.golang.org/api v0.22.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=
+google.golang.org/api v0.24.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0MncE=
+google.golang.org/api v0.28.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0MncE=
+google.golang.org/api v0.29.0/go.mod h1:Lcubydp8VUV7KeIHD9z2Bys/sm/vGKnG1UHuDBSrHWM=
+google.golang.org/api v0.30.0/go.mod h1:QGmEvQ87FHZNiUVJkT14jQNYJ4ZJjdRF23ZXz5138Fc=
+google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
+google.golang.org/appengine v1.2.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
+google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
+google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
+google.golang.org/appengine v1.6.1/go.mod h1:i06prIuMbXzDqacNJfV5OdTW448YApPu5ww/cMBSeb0=
+google.golang.org/appengine v1.6.5/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
+google.golang.org/appengine v1.6.6 h1:lMO5rYAqUxkmaj76jAkRUvt5JZgFymx/+Q5Mzfivuhc=
+google.golang.org/appengine v1.6.6/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
+google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
+google.golang.org/genproto v0.0.0-20190307195333-5fe7a883aa19/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
+google.golang.org/genproto v0.0.0-20190418145605-e7d98fc518a7/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
+google.golang.org/genproto v0.0.0-20190425155659-357c62f0e4bb/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
+google.golang.org/genproto v0.0.0-20190502173448-54afdca5d873/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
+google.golang.org/genproto v0.0.0-20190626174449-989357319d63/go.mod h1:z3L6/3dTEVtUr6QSP8miRzeRqwQOioJ9I66odjN4I7s=
+google.golang.org/genproto v0.0.0-20190708153700-3bdd9d9f5532/go.mod h1:z3L6/3dTEVtUr6QSP8miRzeRqwQOioJ9I66odjN4I7s=
+google.golang.org/genproto v0.0.0-20190801165951-fa694d86fc64/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
+google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
+google.golang.org/genproto v0.0.0-20190911173649-1774047e7e51/go.mod h1:IbNlFCBrqXvoKpeg0TB2l7cyZUmoaFKYIwrEpbDKLA8=
+google.golang.org/genproto v0.0.0-20191108220845-16a3f7862a1a/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
+google.golang.org/genproto v0.0.0-20191115194625-c23dd37a84c9/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
+google.golang.org/genproto v0.0.0-20191216164720-4f79533eabd1/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
+google.golang.org/genproto v0.0.0-20191230161307-f3c370f40bfb/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
+google.golang.org/genproto v0.0.0-20200115191322-ca5a22157cba/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
+google.golang.org/genproto v0.0.0-20200122232147-0452cf42e150/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
+google.golang.org/genproto v0.0.0-20200204135345-fa8e72b47b90/go.mod h1:GmwEX6Z4W5gMy59cAlVYjN9JhxgbQH6Gn+gFDQe2lzA=
+google.golang.org/genproto v0.0.0-20200212174721-66ed5ce911ce/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
+google.golang.org/genproto v0.0.0-20200224152610-e50cd9704f63/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
+google.golang.org/genproto v0.0.0-20200228133532-8c2c7df3a383/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
+google.golang.org/genproto v0.0.0-20200305110556-506484158171/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
+google.golang.org/genproto v0.0.0-20200312145019-da6875a35672/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
+google.golang.org/genproto v0.0.0-20200331122359-1ee6d9798940/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
+google.golang.org/genproto v0.0.0-20200430143042-b979b6f78d84/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
+google.golang.org/genproto v0.0.0-20200511104702-f5ebc3bea380/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
+google.golang.org/genproto v0.0.0-20200515170657-fc4c6c6a6587/go.mod h1:YsZOwe1myG/8QRHRsmBRE1LrgQY60beZKjly0O1fX9U=
+google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo=
+google.golang.org/genproto v0.0.0-20200618031413-b414f8b61790/go.mod h1:jDfRM7FcilCzHH/e9qn6dsT145K34l5v+OpcnNgKAAA=
+google.golang.org/genproto v0.0.0-20200729003335-053ba62fc06f/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
+google.golang.org/genproto v0.0.0-20200804131852-c06518451d9c/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
+google.golang.org/genproto v0.0.0-20200825200019-8632dd797987/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
+google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
+google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38=
+google.golang.org/grpc v1.21.0/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM=
+google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM=
+google.golang.org/grpc v1.22.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
+google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
+google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY=
+google.golang.org/grpc v1.26.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
+google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
+google.golang.org/grpc v1.27.1/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
+google.golang.org/grpc v1.28.0/go.mod h1:rpkK4SK4GF4Ach/+MFLZUBavHOvF2JJB5uozKKal+60=
+google.golang.org/grpc v1.29.1/go.mod h1:itym6AZVZYACWQqET3MqgPpjcuV5QH3BxFS3IjizoKk=
+google.golang.org/grpc v1.30.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak=
+google.golang.org/grpc v1.31.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak=
+google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
+google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=
+google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM=
+google.golang.org/protobuf v1.20.1-0.20200309200217-e05f789c0967/go.mod h1:A+miEFZTKqfCUM6K7xSMQL9OKL/b6hQv+e19PK+JZNE=
+google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzikPIcrTAo=
+google.golang.org/protobuf v1.22.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
+google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
+google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
+google.golang.org/protobuf v1.24.0/go.mod h1:r/3tXBNzIEhYS9I1OUVjXDlt8tc493IdKGjtUeSXeh4=
+google.golang.org/protobuf v1.25.0 h1:Ejskq+SyPohKW+1uil0JJMtmHCgJPJ/qWTxr8qp+R4c=
+google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c=
+gopkg.in/airbrake/gobrake.v2 v2.0.9/go.mod h1:/h5ZAUhDkGaJfjzjKLSjv6zCL6O0LLBxU4K+aSYdM/U=
+gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw=
+gopkg.in/alexcesaro/quotedprintable.v3 v3.0.0-20150716171945-2caba252f4dc/go.mod h1:m7x9LTH6d71AHyAX77c9yqWCCa3UKHcVEj9y7hAtKDk=
+gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f h1:BLraFXnmrev5lT+xlilqcH8XK9/i0At2xKjWk4p6zsU=
+gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI=
+gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys=
+gopkg.in/gemnasium/logrus-airbrake-hook.v2 v2.1.2/go.mod h1:Xk6kEKp8OKb+X14hQBKWaSkCsqBpgog8nAV2xsGOxlo=
+gopkg.in/go-playground/assert.v1 v1.2.1/go.mod h1:9RXL0bg/zibRAgZUYszZSwO/z8Y/a8bDuhia5mkpMnE=
+gopkg.in/go-playground/mold.v2 v2.2.0/go.mod h1:XMyyRsGtakkDPbxXbrA5VODo6bUXyvoDjLd5l3T0XoA=
+gopkg.in/gomail.v2 v2.0.0-20160411212932-81ebce5c23df/go.mod h1:LRQQ+SO6ZHR7tOkpBDuZnXENFzX8qRjMDMyPD6BRkCw=
+gopkg.in/gorp.v1 v1.7.2/go.mod h1:Wo3h+DBQZIxATwftsglhdD/62zRFPhGhTiu5jUJmCaw=
+gopkg.in/inconshreveable/log15.v2 v2.0.0-20180818164646-67afb5ed74ec/go.mod h1:aPpfJ7XW+gOuirDoZ8gHhLh3kZ1B08FtV2bbmy7Jv3s=
+gopkg.in/ini.v1 v1.51.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
+gopkg.in/ini.v1 v1.55.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
+gopkg.in/mail.v2 v2.0.0-20180731213649-a0242b2233b4/go.mod h1:htwXN1Qh09vZJ1NVKxQqHPBaCBbzKhp5GzuJEA4VJWw=
+gopkg.in/resty.v1 v1.12.0/go.mod h1:mDo4pnntr5jdWRML875a/NmxYqAlA73dVijT2AXvQQo=
+gopkg.in/square/go-jose.v2 v2.1.9/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI=
+gopkg.in/square/go-jose.v2 v2.2.2/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI=
+gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw=
+gopkg.in/validator.v2 v2.0.0-20180514200540-135c24b11c19/go.mod h1:o4V0GXN9/CAmCsvJ0oXYZvrZOe7syiDZSN1GWGZTGzc=
+gopkg.in/yaml.v2 v2.0.0-20170812160011-eb3733d160e7/go.mod h1:JAlM8MvJe8wmxCU4Bli9HhUf9+ttbYbLASfIpnQbh74=
+gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+gopkg.in/yaml.v2 v2.2.7/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+gopkg.in/yaml.v2 v2.3.0 h1:clyUAQHOM3G0M3f5vQj7LuJrETvjVot3Z5el9nffUtU=
+gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
+gopkg.in/yaml.v3 v3.0.0-20200605160147-a5ece683394c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
+gopkg.in/yaml.v3 v3.0.0-20200615113413-eeeca48fe776 h1:tQIYjPdBoyREyB9XMu+nnTclpTYkz2zFM+lzLJFO4gQ=
+gopkg.in/yaml.v3 v3.0.0-20200615113413-eeeca48fe776/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
+gotest.tools v2.2.0+incompatible/go.mod h1:DsYFclhRJ6vuDpmuTbkuFWG+y2sxOXAzmJt81HFBacw=
+honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
+honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
+honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
+honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
+honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg=
+honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
+honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
+modernc.org/cc v1.0.0/go.mod h1:1Sk4//wdnYJiUIxnW8ddKpaOJCF37yAdqYnkxUpaYxw=
+modernc.org/golex v1.0.0/go.mod h1:b/QX9oBD/LhixY6NDh+IdGv17hgB+51fET1i2kPSmvk=
+modernc.org/mathutil v1.0.0/go.mod h1:wU0vUrJsVWBZ4P6e7xtFJEhFSNsfRLJ8H458uRjg03k=
+modernc.org/strutil v1.1.0/go.mod h1:lstksw84oURvj9y3tn8lGvRxyRC1S2+g5uuIzNfIOBs=
+modernc.org/xc v1.0.0/go.mod h1:mRNCo0bvLjGhHO9WsyuKVU4q0ceiDDDoEeWDJHrNx8I=
+rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8=
+rsc.io/pdf v0.1.1/go.mod h1:n8OzWcQ6Sp37PL01nO98y4iUCRdTGarVfzxY20ICaU4=
+rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0=
+rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA=
diff --git a/test/e2e/hydra-kratos-login-consent/main.go b/test/e2e/hydra-kratos-login-consent/main.go
new file mode 100644
index 000000000000..f63e47ef07af
--- /dev/null
+++ b/test/e2e/hydra-kratos-login-consent/main.go
@@ -0,0 +1,183 @@
+package main
+
+import (
+	"fmt"
+	"net/http"
+
+	"github.com/julienschmidt/httprouter"
+
+	"github.com/ory/hydra-client-go/client"
+	"github.com/ory/hydra-client-go/client/admin"
+	"github.com/ory/hydra-client-go/models"
+	kratos "github.com/ory/kratos-client-go"
+	"github.com/ory/x/osx"
+	"github.com/ory/x/pointerx"
+	"github.com/ory/x/urlx"
+)
+
+func check(err error) {
+	if err != nil {
+		panic(err)
+	}
+}
+
+func checkReq(w http.ResponseWriter, err error) bool {
+	if err != nil {
+		http.Error(w, fmt.Sprintf("%+v", err), 500)
+		return false
+	}
+	return true
+}
+
+func main() {
+	router := httprouter.New()
+
+	kratosPublicURL := urlx.ParseOrPanic(osx.GetenvDefault("KRATOS_PUBLIC_URL", "http://localhost:4433"))
+	adminURL := urlx.ParseOrPanic(osx.GetenvDefault("HYDRA_ADMIN_URL", "http://localhost:4445"))
+	hc := client.NewHTTPClientWithConfig(nil, &client.TransportConfig{Schemes: []string{adminURL.Scheme}, Host: adminURL.Host, BasePath: adminURL.Path})
+
+	router.GET("/", func(w http.ResponseWriter, r *http.Request, _ httprouter.Params) {
+		w.Write([]byte(`ok`))
+	})
+	router.GET("/login", func(w http.ResponseWriter, r *http.Request, _ httprouter.Params) {
+		res, err := hc.Admin.GetLoginRequest(admin.NewGetLoginRequestParams().
+			WithLoginChallenge(r.URL.Query().Get("login_challenge")))
+		if !checkReq(w, err) {
+			return
+		}
+		if *res.Payload.Skip {
+			res, err := hc.Admin.AcceptLoginRequest(admin.NewAcceptLoginRequestParams().
+				WithLoginChallenge(r.URL.Query().Get("login_challenge")).
+				WithBody(&models.AcceptLoginRequest{Remember: true, RememberFor: 3600,
+					Subject: res.Payload.Subject}))
+			if !checkReq(w, err) {
+				return
+			}
+			http.Redirect(w, r, *res.Payload.RedirectTo, http.StatusFound)
+			return
+		}
+
+		challenge := r.URL.Query().Get("login_challenge")
+		_, _ = fmt.Fprintf(w, `
+
+	

+		
+		 Remember me
+		
+		
+	

+
+`, challenge)
+	})
+
+	router.POST("/login", func(w http.ResponseWriter, r *http.Request, _ httprouter.Params) {
+		if !checkReq(w, r.ParseForm()) {
+			return
+		}
+		if r.Form.Get("action") == "accept" {
+			res, err := hc.Admin.AcceptLoginRequest(admin.NewAcceptLoginRequestParams().
+				WithLoginChallenge(r.URL.Query().Get("login_challenge")).
+				WithBody(&models.AcceptLoginRequest{
+					RememberFor: 3600, Remember: r.Form.Get("remember") == "true",
+					Subject: pointerx.String(r.Form.Get("username"))}))
+			if !checkReq(w, err) {
+				return
+			}
+			http.Redirect(w, r, *res.Payload.RedirectTo, http.StatusFound)
+			return
+		}
+		res, err := hc.Admin.RejectLoginRequest(admin.NewRejectLoginRequestParams().
+			WithLoginChallenge(r.URL.Query().Get("login_challenge")).
+			WithBody(&models.RejectRequest{Error: "login rejected request"}))
+		if !checkReq(w, err) {
+			return
+		}
+		http.Redirect(w, r, *res.Payload.RedirectTo, http.StatusFound)
+	})
+
+	router.GET("/consent", func(w http.ResponseWriter, r *http.Request, _ httprouter.Params) {
+		res, err := hc.Admin.GetConsentRequest(admin.NewGetConsentRequestParams().
+			WithConsentChallenge(r.URL.Query().Get("consent_challenge")))
+		if !checkReq(w, err) {
+			return
+		}
+		if res.Payload.Skip {
+			res, err := hc.Admin.AcceptConsentRequest(admin.NewAcceptConsentRequestParams().
+				WithConsentChallenge(r.URL.Query().Get("consent_challenge")).
+				WithBody(&models.AcceptConsentRequest{GrantScope: res.Payload.RequestedScope}))
+			if !checkReq(w, err) {
+				return
+			}
+			http.Redirect(w, r, *res.Payload.RedirectTo, http.StatusFound)
+			return
+		}
+
+		checkoxes := ""
+		for _, s := range res.Payload.RequestedScope {
+			checkoxes += fmt.Sprintf(`
  • %s
    • `, s, s, s)
+		}
+
+		challenge := r.URL.Query().Get("consent_challenge")
+		_, _ = fmt.Fprintf(w, `
+
+	
    
+		
      
+		%s
+		
    
+		
+		 Remember me
+		
+		
+	
    
+
+`, challenge, checkoxes)
+	})
+
+	router.POST("/consent", func(w http.ResponseWriter, r *http.Request, _ httprouter.Params) {
+		_ = r.ParseForm()
+		if r.Form.Get("action") == "accept" {
+			kratosConfig := kratos.NewConfiguration()
+			kratosConfig.Servers = kratos.ServerConfigurations{{URL: kratosPublicURL.String()}}
+			kratosClient := kratos.NewAPIClient(kratosConfig)
+			session, _, err := kratosClient.V0alpha2Api.ToSession(r.Context()).Cookie(r.Header.Get("Cookie")).Execute()
+			if err != nil {
+				panic(err)
+			}
+			traitMap, ok := session.Identity.Traits.(map[string]interface{})
+			if !ok {
+				panic("type assertion failed")
+			}
+			idToken := map[string]interface{}{}
+			// Populate ID token claims with values found in the session's traits
+			for _, scope := range r.Form["scope"] {
+				if v, ok := traitMap[scope]; ok {
+					idToken[scope] = v
+				}
+			}
+
+			res, err := hc.Admin.AcceptConsentRequest(admin.NewAcceptConsentRequestParams().
+				WithConsentChallenge(r.URL.Query().Get("consent_challenge")).
+				WithBody(&models.AcceptConsentRequest{
+					Session:  &models.ConsentRequestSession{IDToken: idToken},
+					Remember: r.Form.Get("remember") == "true", RememberFor: 3600,
+					GrantScope: r.Form["scope"]}))
+			if !checkReq(w, err) {
+				return
+			}
+			http.Redirect(w, r, *res.Payload.RedirectTo, http.StatusFound)
+			return
+		}
+		res, err := hc.Admin.RejectConsentRequest(admin.NewRejectConsentRequestParams().
+			WithConsentChallenge(r.URL.Query().Get("consent_challenge")).
+			WithBody(&models.RejectRequest{Error: "consent rejected request"}))
+		if !checkReq(w, err) {
+			return
+		}
+		http.Redirect(w, r, *res.Payload.RedirectTo, http.StatusFound)
+	})
+
+	addr := ":" + osx.GetenvDefault("PORT", "4746")
+	server := &http.Server{Addr: addr, Handler: router}
+	fmt.Printf("Starting web server at %s\n", addr)
+	check(server.ListenAndServe())
+}
diff --git a/test/e2e/mock/webhook/go.mod b/test/e2e/mock/webhook/go.mod
index 9da3332be887..a12d10e7a51e 100644
--- a/test/e2e/mock/webhook/go.mod
+++ b/test/e2e/mock/webhook/go.mod
@@ -4,4 +4,4 @@ go 1.17
 
 require github.com/sirupsen/logrus v1.8.1
 
-require golang.org/x/sys v0.0.0-20220818161305-2296e01440c6 // indirect
+require golang.org/x/sys v0.0.0-20221006211917-84dc82d7e875 // indirect
diff --git a/test/e2e/mock/webhook/go.sum b/test/e2e/mock/webhook/go.sum
index 684141838b11..f5ce7ae859ef 100644
--- a/test/e2e/mock/webhook/go.sum
+++ b/test/e2e/mock/webhook/go.sum
@@ -8,5 +8,5 @@ github.com/stretchr/testify v1.2.2 h1:bSDNvY7ZPG5RlJ8otE/7V6gMiyenm9RtJ7IUVIAoJ1
 github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
 golang.org/x/sys v0.0.0-20191026070338-33540a1f6037 h1:YyJpGZS1sBuBCzLAR1VEpK193GlqGZbnPFnPV/5Rsb4=
 golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20220818161305-2296e01440c6 h1:Sx/u41w+OwrInGdEckYmEuU5gHoGSL4QbDz3S9s6j4U=
-golang.org/x/sys v0.0.0-20220818161305-2296e01440c6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20221006211917-84dc82d7e875 h1:AzgQNqF+FKwyQ5LbVrVqOcuuFB67N47F9+htZYH0wFM=
+golang.org/x/sys v0.0.0-20221006211917-84dc82d7e875/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
diff --git a/test/e2e/package-lock.json b/test/e2e/package-lock.json
index 94d57292225a..46dce8742785 100644
--- a/test/e2e/package-lock.json
+++ b/test/e2e/package-lock.json
@@ -7,6 +7,9 @@
     "": {
       "name": "@ory/kratos-e2e-suite",
       "version": "0.0.1",
+      "dependencies": {
+        "simple-oauth2": "^2.5.2"
+      },
       "devDependencies": {
         "@ory/kratos-client": "0.0.0-next.8d3b018594f7",
         "@types/node": "^16.9.6",
@@ -69,12 +72,51 @@
         "ms": "^2.1.1"
       }
     },
+    "node_modules/@hapi/address": {
+      "version": "2.1.4",
+      "resolved": "https://registry.npmjs.org/@hapi/address/-/address-2.1.4.tgz",
+      "integrity": "sha512-QD1PhQk+s31P1ixsX0H0Suoupp3VMXzIVMSwobR3F3MSUO2YCV0B7xqLcUw/Bh8yuvd3LhpyqLQWTNcRmp6IdQ==",
+      "deprecated": "Moved to 'npm install @sideway/address'"
+    },
+    "node_modules/@hapi/bourne": {
+      "version": "1.3.2",
+      "resolved": "https://registry.npmjs.org/@hapi/bourne/-/bourne-1.3.2.tgz",
+      "integrity": "sha512-1dVNHT76Uu5N3eJNTYcvxee+jzX4Z9lfciqRRHCU27ihbUcYi+iSc2iml5Ke1LXe1SyJCLA0+14Jh4tXJgOppA==",
+      "deprecated": "This version has been deprecated and is no longer supported or maintained"
+    },
     "node_modules/@hapi/hoek": {
       "version": "9.2.1",
       "resolved": "https://registry.npmjs.org/@hapi/hoek/-/hoek-9.2.1.tgz",
       "integrity": "sha512-gfta+H8aziZsm8pZa0vj04KO6biEiisppNgA1kbJvFrrWu9Vm7eaUEy76DIxsuTaWvti5fkJVhllWc6ZTE+Mdw==",
       "dev": true
     },
+    "node_modules/@hapi/joi": {
+      "version": "15.1.1",
+      "resolved": "https://registry.npmjs.org/@hapi/joi/-/joi-15.1.1.tgz",
+      "integrity": "sha512-entf8ZMOK8sc+8YfeOlM8pCfg3b5+WZIKBfUaaJT8UsjAAPjartzxIYm3TIbjvA4u+u++KbcXD38k682nVHDAQ==",
+      "deprecated": "Switch to 'npm install joi'",
+      "dependencies": {
+        "@hapi/address": "2.x.x",
+        "@hapi/bourne": "1.x.x",
+        "@hapi/hoek": "8.x.x",
+        "@hapi/topo": "3.x.x"
+      }
+    },
+    "node_modules/@hapi/joi/node_modules/@hapi/hoek": {
+      "version": "8.5.1",
+      "resolved": "https://registry.npmjs.org/@hapi/hoek/-/hoek-8.5.1.tgz",
+      "integrity": "sha512-yN7kbciD87WzLGc5539Tn0sApjyiGHAJgKvG9W8C7O+6c7qmoQMfVs0W4bX17eqz6C78QJqqFrtgdK5EWf6Qow==",
+      "deprecated": "This version has been deprecated and is no longer supported or maintained"
+    },
+    "node_modules/@hapi/joi/node_modules/@hapi/topo": {
+      "version": "3.1.6",
+      "resolved": "https://registry.npmjs.org/@hapi/topo/-/topo-3.1.6.tgz",
+      "integrity": "sha512-tAag0jEcjwH+P2quUfipd7liWCNX2F8NvYjQp2wtInsZxnMlypdw0FtAOLxtvvkO+GSRRbmNi8m/5y42PQJYCQ==",
+      "deprecated": "This version has been deprecated and is no longer supported or maintained",
+      "dependencies": {
+        "@hapi/hoek": "^8.3.0"
+      }
+    },
     "node_modules/@hapi/topo": {
       "version": "5.1.0",
       "resolved": "https://registry.npmjs.org/@hapi/topo/-/topo-5.1.0.tgz",
@@ -464,6 +506,21 @@
       "integrity": "sha512-XpNj6GDQzdfW+r2Wnn7xiSAd7TM3jzkxGXBGTtWKuSXv1xUV+azxAm8jdWZN06QTQk+2N2XB9jRDkvbmQmcRtg==",
       "dev": true
     },
+    "node_modules/boom": {
+      "version": "7.3.0",
+      "resolved": "https://registry.npmjs.org/boom/-/boom-7.3.0.tgz",
+      "integrity": "sha512-Swpoyi2t5+GhOEGw8rEsKvTxFLIDiiKoUc2gsoV6Lyr43LHBIzch3k2MvYUs8RTROrIkVJ3Al0TkaOGjnb+B6A==",
+      "deprecated": "This module has moved and is now available at @hapi/boom. Please update your dependencies as this version is no longer maintained an may contain bugs and security issues.",
+      "dependencies": {
+        "hoek": "6.x.x"
+      }
+    },
+    "node_modules/bourne": {
+      "version": "1.1.2",
+      "resolved": "https://registry.npmjs.org/bourne/-/bourne-1.1.2.tgz",
+      "integrity": "sha512-b2dgVkTZhkQirNMohgC00rWfpVqEi9y5tKM1k3JvoNx05ODtfQoPPd4js9CYFQoY0IM8LAmnJulEuWv74zjUOg==",
+      "deprecated": "This module has moved and is now available at @hapi/bourne. Please update your dependencies as this version is no longer maintained an may contain bugs and security issues."
+    },
     "node_modules/brace-expansion": {
       "version": "1.1.11",
       "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz",
@@ -837,6 +894,18 @@
         "node": ">=0.10"
       }
     },
+    "node_modules/date-fns": {
+      "version": "2.28.0",
+      "resolved": "https://registry.npmjs.org/date-fns/-/date-fns-2.28.0.tgz",
+      "integrity": "sha512-8d35hViGYx/QH0icHYCeLmsLmMUheMmTyV9Fcm6gvNwdw31yXXH+O85sOBJ+OLnLQMKZowvpKb6FgMIQjcpvQw==",
+      "engines": {
+        "node": ">=0.11"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/date-fns"
+      }
+    },
     "node_modules/dayjs": {
       "version": "1.10.8",
       "resolved": "https://registry.npmjs.org/dayjs/-/dayjs-1.10.8.tgz",
@@ -847,7 +916,6 @@
       "version": "4.3.3",
       "resolved": "https://registry.npmjs.org/debug/-/debug-4.3.3.tgz",
       "integrity": "sha512-/zxw5+vh1Tfv+4Qn7a5nsbcJKPaSvCDhojn6FEl9vupwK2VCSDtEiEtqr8DFtzYFOdz63LBkxec7DYuc2jon6Q==",
-      "dev": true,
       "dependencies": {
         "ms": "2.1.2"
       },
@@ -1223,6 +1291,12 @@
         "node": ">=8"
       }
     },
+    "node_modules/hoek": {
+      "version": "6.1.3",
+      "resolved": "https://registry.npmjs.org/hoek/-/hoek-6.1.3.tgz",
+      "integrity": "sha512-YXXAAhmF9zpQbC7LEcREFtXfGq5K1fmd+4PHkBq8NUqmzW3G+Dq10bI/i0KucLRwss3YYFQ0fSfoxBZYiGUqtQ==",
+      "deprecated": "This module has moved and is now available at @hapi/hoek. Please update your dependencies as this version is no longer maintained an may contain bugs and security issues."
+    },
     "node_modules/http-cache-semantics": {
       "version": "4.1.0",
       "resolved": "https://registry.npmjs.org/http-cache-semantics/-/http-cache-semantics-4.1.0.tgz",
@@ -1680,8 +1754,7 @@
     "node_modules/ms": {
       "version": "2.1.2",
       "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.2.tgz",
-      "integrity": "sha512-sGkPx+VjMtmA6MX27oA4FBFELFCZZ4S4XqeGOXCv68tT+jb3vk/RyaKWP0PTKyWtmLSM0b+adUTEvbs1PEaH2w==",
-      "dev": true
+      "integrity": "sha512-sGkPx+VjMtmA6MX27oA4FBFELFCZZ4S4XqeGOXCv68tT+jb3vk/RyaKWP0PTKyWtmLSM0b+adUTEvbs1PEaH2w=="
     },
     "node_modules/normalize-url": {
       "version": "6.1.0",
@@ -2010,6 +2083,18 @@
       "integrity": "sha512-wnD2ZE+l+SPC/uoS0vXeE9L1+0wuaMqKlfz9AMUo38JsyLSBWSFcHR1Rri62LZc12vLr1gb3jl7iwQhgwpAbGQ==",
       "dev": true
     },
+    "node_modules/simple-oauth2": {
+      "version": "2.5.2",
+      "resolved": "https://registry.npmjs.org/simple-oauth2/-/simple-oauth2-2.5.2.tgz",
+      "integrity": "sha512-8qjf+nHRdSUllFjjfpnonrU1oF/HNVbDle5HIbvXRYiy38C7KUvYe6w0ZZ//g4AFB6VNWuiZ80HmnycR8ZFDyQ==",
+      "deprecated": "simple-oauth2 v2 is no longer supported. Please upgrade to v3 for further support",
+      "dependencies": {
+        "@hapi/joi": "^15.1.1",
+        "date-fns": "^2.2.1",
+        "debug": "^4.1.1",
+        "wreck": "^14.0.2"
+      }
+    },
     "node_modules/slice-ansi": {
       "version": "3.0.0",
       "resolved": "https://registry.npmjs.org/slice-ansi/-/slice-ansi-3.0.0.tgz",
@@ -2316,6 +2401,17 @@
       "integrity": "sha1-tSQ9jz7BqjXxNkYFvA0QNuMKtp8=",
       "dev": true
     },
+    "node_modules/wreck": {
+      "version": "14.2.0",
+      "resolved": "https://registry.npmjs.org/wreck/-/wreck-14.2.0.tgz",
+      "integrity": "sha512-NFFft3SMgqrJbXEVfYifh+QDWFxni+98/I7ut7rLbz3F0XOypluHsdo3mdEYssGSirMobM3fGlqhyikbWKDn2Q==",
+      "deprecated": "This module has moved and is now available at @hapi/wreck. Please update your dependencies as this version is no longer maintained an may contain bugs and security issues.",
+      "dependencies": {
+        "boom": "7.x.x",
+        "bourne": "1.x.x",
+        "hoek": "6.x.x"
+      }
+    },
     "node_modules/ws": {
       "version": "7.5.7",
       "resolved": "https://registry.npmjs.org/ws/-/ws-7.5.7.tgz",
@@ -2416,12 +2512,48 @@
         }
       }
     },
+    "@hapi/address": {
+      "version": "2.1.4",
+      "resolved": "https://registry.npmjs.org/@hapi/address/-/address-2.1.4.tgz",
+      "integrity": "sha512-QD1PhQk+s31P1ixsX0H0Suoupp3VMXzIVMSwobR3F3MSUO2YCV0B7xqLcUw/Bh8yuvd3LhpyqLQWTNcRmp6IdQ=="
+    },
+    "@hapi/bourne": {
+      "version": "1.3.2",
+      "resolved": "https://registry.npmjs.org/@hapi/bourne/-/bourne-1.3.2.tgz",
+      "integrity": "sha512-1dVNHT76Uu5N3eJNTYcvxee+jzX4Z9lfciqRRHCU27ihbUcYi+iSc2iml5Ke1LXe1SyJCLA0+14Jh4tXJgOppA=="
+    },
     "@hapi/hoek": {
       "version": "9.2.1",
       "resolved": "https://registry.npmjs.org/@hapi/hoek/-/hoek-9.2.1.tgz",
       "integrity": "sha512-gfta+H8aziZsm8pZa0vj04KO6biEiisppNgA1kbJvFrrWu9Vm7eaUEy76DIxsuTaWvti5fkJVhllWc6ZTE+Mdw==",
       "dev": true
     },
+    "@hapi/joi": {
+      "version": "15.1.1",
+      "resolved": "https://registry.npmjs.org/@hapi/joi/-/joi-15.1.1.tgz",
+      "integrity": "sha512-entf8ZMOK8sc+8YfeOlM8pCfg3b5+WZIKBfUaaJT8UsjAAPjartzxIYm3TIbjvA4u+u++KbcXD38k682nVHDAQ==",
+      "requires": {
+        "@hapi/address": "2.x.x",
+        "@hapi/bourne": "1.x.x",
+        "@hapi/hoek": "8.x.x",
+        "@hapi/topo": "3.x.x"
+      },
+      "dependencies": {
+        "@hapi/hoek": {
+          "version": "8.5.1",
+          "resolved": "https://registry.npmjs.org/@hapi/hoek/-/hoek-8.5.1.tgz",
+          "integrity": "sha512-yN7kbciD87WzLGc5539Tn0sApjyiGHAJgKvG9W8C7O+6c7qmoQMfVs0W4bX17eqz6C78QJqqFrtgdK5EWf6Qow=="
+        },
+        "@hapi/topo": {
+          "version": "3.1.6",
+          "resolved": "https://registry.npmjs.org/@hapi/topo/-/topo-3.1.6.tgz",
+          "integrity": "sha512-tAag0jEcjwH+P2quUfipd7liWCNX2F8NvYjQp2wtInsZxnMlypdw0FtAOLxtvvkO+GSRRbmNi8m/5y42PQJYCQ==",
+          "requires": {
+            "@hapi/hoek": "^8.3.0"
+          }
+        }
+      }
+    },
     "@hapi/topo": {
       "version": "5.1.0",
       "resolved": "https://registry.npmjs.org/@hapi/topo/-/topo-5.1.0.tgz",
@@ -2741,6 +2873,19 @@
       "integrity": "sha512-XpNj6GDQzdfW+r2Wnn7xiSAd7TM3jzkxGXBGTtWKuSXv1xUV+azxAm8jdWZN06QTQk+2N2XB9jRDkvbmQmcRtg==",
       "dev": true
     },
+    "boom": {
+      "version": "7.3.0",
+      "resolved": "https://registry.npmjs.org/boom/-/boom-7.3.0.tgz",
+      "integrity": "sha512-Swpoyi2t5+GhOEGw8rEsKvTxFLIDiiKoUc2gsoV6Lyr43LHBIzch3k2MvYUs8RTROrIkVJ3Al0TkaOGjnb+B6A==",
+      "requires": {
+        "hoek": "6.x.x"
+      }
+    },
+    "bourne": {
+      "version": "1.1.2",
+      "resolved": "https://registry.npmjs.org/bourne/-/bourne-1.1.2.tgz",
+      "integrity": "sha512-b2dgVkTZhkQirNMohgC00rWfpVqEi9y5tKM1k3JvoNx05ODtfQoPPd4js9CYFQoY0IM8LAmnJulEuWv74zjUOg=="
+    },
     "brace-expansion": {
       "version": "1.1.11",
       "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz",
@@ -3032,6 +3177,11 @@
         "assert-plus": "^1.0.0"
       }
     },
+    "date-fns": {
+      "version": "2.28.0",
+      "resolved": "https://registry.npmjs.org/date-fns/-/date-fns-2.28.0.tgz",
+      "integrity": "sha512-8d35hViGYx/QH0icHYCeLmsLmMUheMmTyV9Fcm6gvNwdw31yXXH+O85sOBJ+OLnLQMKZowvpKb6FgMIQjcpvQw=="
+    },
     "dayjs": {
       "version": "1.10.8",
       "resolved": "https://registry.npmjs.org/dayjs/-/dayjs-1.10.8.tgz",
@@ -3042,7 +3192,6 @@
       "version": "4.3.3",
       "resolved": "https://registry.npmjs.org/debug/-/debug-4.3.3.tgz",
       "integrity": "sha512-/zxw5+vh1Tfv+4Qn7a5nsbcJKPaSvCDhojn6FEl9vupwK2VCSDtEiEtqr8DFtzYFOdz63LBkxec7DYuc2jon6Q==",
-      "dev": true,
       "requires": {
         "ms": "2.1.2"
       }
@@ -3312,6 +3461,11 @@
       "integrity": "sha512-EykJT/Q1KjTWctppgIAgfSO0tKVuZUjhgMr17kqTumMl6Afv3EISleU7qZUzoXDFTAHTDC4NOoG/ZxU3EvlMPQ==",
       "dev": true
     },
+    "hoek": {
+      "version": "6.1.3",
+      "resolved": "https://registry.npmjs.org/hoek/-/hoek-6.1.3.tgz",
+      "integrity": "sha512-YXXAAhmF9zpQbC7LEcREFtXfGq5K1fmd+4PHkBq8NUqmzW3G+Dq10bI/i0KucLRwss3YYFQ0fSfoxBZYiGUqtQ=="
+    },
     "http-cache-semantics": {
       "version": "4.1.0",
       "resolved": "https://registry.npmjs.org/http-cache-semantics/-/http-cache-semantics-4.1.0.tgz",
@@ -3654,8 +3808,7 @@
     "ms": {
       "version": "2.1.2",
       "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.2.tgz",
-      "integrity": "sha512-sGkPx+VjMtmA6MX27oA4FBFELFCZZ4S4XqeGOXCv68tT+jb3vk/RyaKWP0PTKyWtmLSM0b+adUTEvbs1PEaH2w==",
-      "dev": true
+      "integrity": "sha512-sGkPx+VjMtmA6MX27oA4FBFELFCZZ4S4XqeGOXCv68tT+jb3vk/RyaKWP0PTKyWtmLSM0b+adUTEvbs1PEaH2w=="
     },
     "normalize-url": {
       "version": "6.1.0",
@@ -3898,6 +4051,17 @@
       "integrity": "sha512-wnD2ZE+l+SPC/uoS0vXeE9L1+0wuaMqKlfz9AMUo38JsyLSBWSFcHR1Rri62LZc12vLr1gb3jl7iwQhgwpAbGQ==",
       "dev": true
     },
+    "simple-oauth2": {
+      "version": "2.5.2",
+      "resolved": "https://registry.npmjs.org/simple-oauth2/-/simple-oauth2-2.5.2.tgz",
+      "integrity": "sha512-8qjf+nHRdSUllFjjfpnonrU1oF/HNVbDle5HIbvXRYiy38C7KUvYe6w0ZZ//g4AFB6VNWuiZ80HmnycR8ZFDyQ==",
+      "requires": {
+        "@hapi/joi": "^15.1.1",
+        "date-fns": "^2.2.1",
+        "debug": "^4.1.1",
+        "wreck": "^14.0.2"
+      }
+    },
     "slice-ansi": {
       "version": "3.0.0",
       "resolved": "https://registry.npmjs.org/slice-ansi/-/slice-ansi-3.0.0.tgz",
@@ -4122,6 +4286,16 @@
       "integrity": "sha1-tSQ9jz7BqjXxNkYFvA0QNuMKtp8=",
       "dev": true
     },
+    "wreck": {
+      "version": "14.2.0",
+      "resolved": "https://registry.npmjs.org/wreck/-/wreck-14.2.0.tgz",
+      "integrity": "sha512-NFFft3SMgqrJbXEVfYifh+QDWFxni+98/I7ut7rLbz3F0XOypluHsdo3mdEYssGSirMobM3fGlqhyikbWKDn2Q==",
+      "requires": {
+        "boom": "7.x.x",
+        "bourne": "1.x.x",
+        "hoek": "6.x.x"
+      }
+    },
     "ws": {
       "version": "7.5.7",
       "resolved": "https://registry.npmjs.org/ws/-/ws-7.5.7.tgz",
diff --git a/test/e2e/package.json b/test/e2e/package.json
index 556a716ace81..a2d09d3863cf 100644
--- a/test/e2e/package.json
+++ b/test/e2e/package.json
@@ -2,7 +2,7 @@
   "name": "@ory/kratos-e2e-suite",
   "version": "0.0.1",
   "scripts": {
-    "test": "cypress run --browser chrome --e2e",
+    "test": "cypress run --browser chrome",
     "test:watch": "cypress open --browser chrome",
     "openapi-generator-cli": "openapi-generator-cli",
     "wait-on": "wait-on",
diff --git a/test/e2e/profiles/oidc-provider-mfa/.kratos.yml b/test/e2e/profiles/oidc-provider-mfa/.kratos.yml
new file mode 100644
index 000000000000..ac577ce45724
--- /dev/null
+++ b/test/e2e/profiles/oidc-provider-mfa/.kratos.yml
@@ -0,0 +1,54 @@
+clients:
+  http:
+    disallow_private_ip_ranges: false
+selfservice:
+  flows:
+    settings:
+      ui_url: http://localhost:4455/settings
+      privileged_session_max_age: 5m
+      required_aal: highest_available
+
+    logout:
+      after:
+        default_browser_return_url: http://localhost:4455/login
+
+    registration:
+      ui_url: http://localhost:4455/registration
+      after:
+        password:
+          hooks:
+            - hook: session
+
+    login:
+      ui_url: http://localhost:4455/login
+    error:
+      ui_url: http://localhost:4455/error
+    verification:
+      ui_url: http://localhost:4455/verify
+    recovery:
+      ui_url: http://localhost:4455/recovery
+
+  methods:
+    totp:
+      enabled: true
+      config:
+        issuer: issuer.ory.sh
+    webauthn:
+      enabled: true
+      config:
+        rp:
+          id: localhost
+          origin: http://localhost:4455
+          display_name: Ory
+
+oauth2_provider:
+  url: "http://localhost:4745"
+
+identity:
+  schemas:
+    - id: default
+      url: file://test/e2e/profiles/oidc-provider-mfa/identity.traits.schema.json
+
+session:
+  whoami:
+    required_aal: highest_available
diff --git a/test/e2e/profiles/oidc-provider-mfa/identity.traits.schema.json b/test/e2e/profiles/oidc-provider-mfa/identity.traits.schema.json
new file mode 100644
index 000000000000..e88020fa60ab
--- /dev/null
+++ b/test/e2e/profiles/oidc-provider-mfa/identity.traits.schema.json
@@ -0,0 +1,57 @@
+{
+  "$id": "https://schemas.ory.sh/presets/kratos/quickstart/email-password/identity.schema.json",
+  "$schema": "http://json-schema.org/draft-07/schema#",
+  "title": "Person",
+  "type": "object",
+  "properties": {
+    "traits": {
+      "type": "object",
+      "properties": {
+        "email": {
+          "type": "string",
+          "format": "email",
+          "title": "E-Mail",
+          "minLength": 3,
+          "ory.sh/kratos": {
+            "credentials": {
+              "password": {
+                "identifier": true
+              },
+              "webauthn": {
+                "identifier": true
+              }
+            }
+          }
+        },
+        "website": {
+          "title": "Website",
+          "type": "string",
+          "format": "uri",
+          "minLength": 10
+        },
+        "tos": {
+          "title": "Accept Terms of Service",
+          "type": "boolean"
+        },
+        "age": {
+          "title": "Age",
+          "type": "number",
+          "maximum": 300
+        },
+        "consent": {
+          "title": "Consent",
+          "type": "boolean"
+        },
+        "newsletter": {
+          "title": "Newsletter",
+          "type": "boolean"
+        }
+      },
+      "required": [
+        "email",
+        "website"
+      ],
+      "additionalProperties": false
+    }
+  }
+}
diff --git a/test/e2e/profiles/oidc-provider/.kratos.yml b/test/e2e/profiles/oidc-provider/.kratos.yml
new file mode 100644
index 000000000000..43d3700a1da6
--- /dev/null
+++ b/test/e2e/profiles/oidc-provider/.kratos.yml
@@ -0,0 +1,41 @@
+clients:
+  http:
+    disallow_private_ip_ranges: false
+oauth2_provider:
+  url: "http://localhost:4745"
+selfservice:
+  flows:
+    settings:
+      privileged_session_max_age: 5m
+      ui_url: http://localhost:4455/settings
+
+    logout:
+      after:
+        default_browser_return_url: http://localhost:4455/login
+
+    registration:
+      ui_url: http://localhost:4455/registration
+      after:
+        oidc:
+          hooks:
+            - hook: session
+        password:
+          hooks:
+            - hook: session
+    login:
+      ui_url: http://localhost:4455/login
+    error:
+      ui_url: http://localhost:4455/error
+    verification:
+      ui_url: http://localhost:4455/verify
+    recovery:
+      ui_url: http://localhost:4455/recovery
+
+identity:
+  schemas:
+    - id: default
+      url: file://test/e2e/profiles/oidc-provider/identity.traits.schema.json
+
+secrets:
+  cipher:
+    - secret-thirty-two-character-long
diff --git a/test/e2e/profiles/oidc-provider/identity.traits.schema.json b/test/e2e/profiles/oidc-provider/identity.traits.schema.json
new file mode 100644
index 000000000000..e88020fa60ab
--- /dev/null
+++ b/test/e2e/profiles/oidc-provider/identity.traits.schema.json
@@ -0,0 +1,57 @@
+{
+  "$id": "https://schemas.ory.sh/presets/kratos/quickstart/email-password/identity.schema.json",
+  "$schema": "http://json-schema.org/draft-07/schema#",
+  "title": "Person",
+  "type": "object",
+  "properties": {
+    "traits": {
+      "type": "object",
+      "properties": {
+        "email": {
+          "type": "string",
+          "format": "email",
+          "title": "E-Mail",
+          "minLength": 3,
+          "ory.sh/kratos": {
+            "credentials": {
+              "password": {
+                "identifier": true
+              },
+              "webauthn": {
+                "identifier": true
+              }
+            }
+          }
+        },
+        "website": {
+          "title": "Website",
+          "type": "string",
+          "format": "uri",
+          "minLength": 10
+        },
+        "tos": {
+          "title": "Accept Terms of Service",
+          "type": "boolean"
+        },
+        "age": {
+          "title": "Age",
+          "type": "number",
+          "maximum": 300
+        },
+        "consent": {
+          "title": "Consent",
+          "type": "boolean"
+        },
+        "newsletter": {
+          "title": "Newsletter",
+          "type": "boolean"
+        }
+      },
+      "required": [
+        "email",
+        "website"
+      ],
+      "additionalProperties": false
+    }
+  }
+}
diff --git a/test/e2e/run.sh b/test/e2e/run.sh
index 364a3587921c..9514a8309fdb 100755
--- a/test/e2e/run.sh
+++ b/test/e2e/run.sh
@@ -68,8 +68,11 @@ prepare() {
   if [[ "${nokill}" == "no" ]]; then
     killall node || true
     killall modd || true
+    killall webhook || true
     killall hydra || true
     killall hydra-login-consent || true
+    killall hydra-kratos-login-consent || true
+    docker kill kratos_test_hydra || true
   fi
 
   if [ -z ${TEST_DATABASE_POSTGRESQL+x} ]; then
@@ -120,11 +123,15 @@ prepare() {
   fi
 
   # Check if any ports that we need are open already
-  ! nc -zv localhost 4446
-  ! nc -zv localhost 4455
-  ! nc -zv localhost 4456
-  ! nc -zv localhost 4457
-  ! nc -zv localhost 4458
+  nc -zv localhost 4444 && exit 1
+  nc -zv localhost 4445 && exit 1
+  nc -zv localhost 4446 && exit 1
+  nc -zv localhost 4455 && exit 1
+  nc -zv localhost 4456 && exit 1
+  nc -zv localhost 4457 && exit 1
+  nc -zv localhost 4458 && exit 1
+  nc -zv localhost 4744 && exit 1
+  nc -zv localhost 4745 && exit 1
 
   (
     cd "$rn_ui_dir"
@@ -168,6 +175,39 @@ prepare() {
     --scope openid,offline \
     --callbacks http://localhost:4455/self-service/methods/oidc/callback/github
 
+  (
+    cd test/e2e/hydra-login-consent
+    go build .
+    PORT=4446 HYDRA_ADMIN_URL=http://localhost:4445 ./hydra-login-consent >"${base}/test/e2e/hydra-ui.e2e.log" 2>&1 &
+  )
+
+  # Spin up another Hydra instance with the express node app used as the login UI for kratos-hydra OIDC provider tests
+  DSN=memory SERVE_PUBLIC_PORT=4744 \
+    SERVE_ADMIN_PORT=4745 \
+    URLS_SELF_ISSUER=http://localhost:4744 \
+    LOG_LEVEL=trace \
+    URLS_LOGIN=http://localhost:4455/login \
+    URLS_CONSENT=http://localhost:4746/consent \
+    hydra serve all --dangerous-force-http >"${base}/test/e2e/hydra-kratos.e2e.log" 2>&1 &
+
+  (cd test/e2e; npm run wait-on -- -l -t 300000 http-get://127.0.0.1:4745/health/alive)
+
+  hydra clients create \
+    --endpoint http://localhost:4745 \
+    --id dummy-client \
+    --secret secret \
+    --token-endpoint-auth-method client_secret_basic \
+    --grant-types authorization_code,refresh_token \
+    --response-types code,id_token \
+    --scope openid,offline,email,website \
+    --callbacks http://localhost:5555/callback,https://httpbin.org/anything
+
+  (
+    cd test/e2e/hydra-kratos-login-consent
+    go build .
+    PORT=4746 HYDRA_ADMIN_URL=http://localhost:4745 ./hydra-kratos-login-consent >"${base}/test/e2e/hydra-kratos-ui.e2e.log" 2>&1 &
+  )
+
   if [ -z ${NODE_UI_PATH+x} ]; then
     (
       cd "$node_ui_dir"
@@ -202,12 +242,6 @@ prepare() {
     PORT=4455 npm run start \
       >"${base}/test/e2e/proxy.e2e.log" 2>&1 &
   )
-
-  (
-    cd test/e2e/hydra-login-consent
-    go build .
-    PORT=4446 HYDRA_ADMIN_URL=http://localhost:4445 ./hydra-login-consent >"${base}/test/e2e/hydra-ui.e2e.log" 2>&1 &
-  )
 }
 
 run() {
@@ -216,14 +250,14 @@ run() {
 
   export DSN=${1}
 
-  ! nc -zv localhost 4434
-  ! nc -zv localhost 4433
+  nc -zv localhost 4434 && exit 1
+  nc -zv localhost 4433 && exit 1
 
   ls -la .
-  for profile in email mobile oidc recovery verification mfa spa network passwordless webhooks; do
+  for profile in email mobile oidc recovery verification mfa spa network passwordless webhooks oidc-provider oidc-provider-mfa; do
     yq ea '. as $item ireduce ({}; . * $item )' test/e2e/profiles/kratos.base.yml "test/e2e/profiles/${profile}/.kratos.yml" > test/e2e/kratos.${profile}.yml
-    cp test/e2e/kratos.email.yml test/e2e/kratos.generated.yml
   done
+  cp test/e2e/kratos.email.yml test/e2e/kratos.generated.yml
 
   (modd -f test/e2e/modd.conf >"${base}/test/e2e/kratos.e2e.log" 2>&1 &)
 
diff --git a/test/schema/fixtures/config.schema.test.success/root.courierSMS.yaml b/test/schema/fixtures/config.schema.test.success/root.courierSMS.yaml
index 0a131356ee04..b9b73bcb10a0 100644
--- a/test/schema/fixtures/config.schema.test.success/root.courierSMS.yaml
+++ b/test/schema/fixtures/config.schema.test.success/root.courierSMS.yaml
@@ -20,5 +20,5 @@ courier:
       url: https://sms.example.com
       method: POST
       body: file://request.config.twilio.jsonnet
-      header:
+      headers:
         'Content-Type': "application/x-www-form-urlencoded"

From e03a2b394b6bd4306c63102721041868270c3673 Mon Sep 17 00:00:00 2001
From: ory-bot <60093411+ory-bot@users.noreply.github.com>
Date: Wed, 26 Oct 2022 07:57:36 +0000
Subject: [PATCH 311/411] autogen(openapi): regenerate swagger spec and
 internal client

[skip ci]
---
 internal/httpclient/api/openapi.yaml    | 7 +++++--
 internal/httpclient/docs/V0alpha2Api.md | 4 ++--
 spec/api.json                           | 6 +++---
 spec/swagger.json                       | 4 ++--
 4 files changed, 12 insertions(+), 9 deletions(-)

diff --git a/internal/httpclient/api/openapi.yaml b/internal/httpclient/api/openapi.yaml
index 7395a9740eec..9c718d36538f 100644
--- a/internal/httpclient/api/openapi.yaml
+++ b/internal/httpclient/api/openapi.yaml
@@ -1869,11 +1869,14 @@ paths:
       operationId: initializeSelfServiceRegistrationFlowForBrowsers
       parameters:
       - description: |-
-          An optional Hydra login challenge. If present, Kratos will cooperate with
-          Ory Hydra to act as an OAuth2 identity provider.
+          Ory OAuth 2.0 Login Challenge.
+
+          If set will cooperate with Ory OAuth2 and OpenID to act as an OAuth2 server / OpenID Provider.
 
           The value for this parameter comes from `login_challenge` URL Query parameter sent to your
           application (e.g. `/registration?login_challenge=abcde`).
+
+          This feature is compatible with Ory Hydra when not running on the Ory Network.
         explode: true
         in: query
         name: login_challenge
diff --git a/internal/httpclient/docs/V0alpha2Api.md b/internal/httpclient/docs/V0alpha2Api.md
index 4cc994fd84c9..14a44c40e916 100644
--- a/internal/httpclient/docs/V0alpha2Api.md
+++ b/internal/httpclient/docs/V0alpha2Api.md
@@ -1783,7 +1783,7 @@ import (
 )
 
 func main() {
-    loginChallenge := "loginChallenge_example" // string | An optional Hydra login challenge. If present, Kratos will cooperate with Ory Hydra to act as an OAuth2 identity provider.  The value for this parameter comes from `login_challenge` URL Query parameter sent to your application (e.g. `/registration?login_challenge=abcde`). (optional)
+    loginChallenge := "loginChallenge_example" // string | Ory OAuth 2.0 Login Challenge.  If set will cooperate with Ory OAuth2 and OpenID to act as an OAuth2 server / OpenID Provider.  The value for this parameter comes from `login_challenge` URL Query parameter sent to your application (e.g. `/registration?login_challenge=abcde`).  This feature is compatible with Ory Hydra when not running on the Ory Network. (optional)
     returnTo := "returnTo_example" // string | The URL to return the browser to after the flow was completed. (optional)
 
     configuration := openapiclient.NewConfiguration()
@@ -1809,7 +1809,7 @@ Other parameters are passed through a pointer to a apiInitializeSelfServiceRegis
 
 Name | Type | Description  | Notes
 ------------- | ------------- | ------------- | -------------
- **loginChallenge** | **string** | An optional Hydra login challenge. If present, Kratos will cooperate with Ory Hydra to act as an OAuth2 identity provider.  The value for this parameter comes from `login_challenge` URL Query parameter sent to your application (e.g. `/registration?login_challenge=abcde`). | 
+ **loginChallenge** | **string** | Ory OAuth 2.0 Login Challenge.  If set will cooperate with Ory OAuth2 and OpenID to act as an OAuth2 server / OpenID Provider.  The value for this parameter comes from `login_challenge` URL Query parameter sent to your application (e.g. `/registration?login_challenge=abcde`).  This feature is compatible with Ory Hydra when not running on the Ory Network. | 
  **returnTo** | **string** | The URL to return the browser to after the flow was completed. | 
 
 ### Return type
diff --git a/spec/api.json b/spec/api.json
index 779e1c754127..741da8f9fdfb 100755
--- a/spec/api.json
+++ b/spec/api.json
@@ -4147,7 +4147,7 @@
     },
     "/self-service/login/browser": {
       "get": {
-        "description": "This endpoint initializes a browser-based user login flow. This endpoint will set the appropriate\ncookies and anti-CSRF measures required for browser-based flows.\n\nIf this endpoint is opened as a link in the browser, it will be redirected to\n`selfservice.flows.login.ui_url` with the flow ID set as the query parameter `?flow=`. If a valid user session\nexists already, the browser will be redirected to `urls.default_redirect_url` unless the query parameter\n`?refresh=true` was set.\n\nIf this endpoint is called via an AJAX request, the response contains the flow without a redirect. In the\ncase of an error, the `error.id` of the JSON response body can be one of:\n\n`session_already_available`: The user is already signed in.\n`session_aal1_required`: Multi-factor auth (e.g. 2fa) was requested but the user has no session yet.\n`security_csrf_violation`: Unable to fetch the flow because a CSRF violation occurred.\n`security_identity_mismatch`: The requested `?return_to` address is not allowed to be used. Adjust this in the configuration!\n\nThe optional query parameter `login_challenge` is set when using an Ory OAuth 2.0 OAuth2 & OpenID. See the `oauth2_provider.url` configuration\noption.\n\nThis endpoint is NOT INTENDED for clients that do not have a browser (Chrome, Firefox, ...) as cookies are needed.\n\nMore information can be found at [Ory Kratos User Login](https://www.ory.sh/docs/kratos/self-service/flows/user-login) and [User Registration Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-registration).",
+        "description": "This endpoint initializes a browser-based user login flow. This endpoint will set the appropriate\ncookies and anti-CSRF measures required for browser-based flows.\n\nIf this endpoint is opened as a link in the browser, it will be redirected to\n`selfservice.flows.login.ui_url` with the flow ID set as the query parameter `?flow=`. If a valid user session\nexists already, the browser will be redirected to `urls.default_redirect_url` unless the query parameter\n`?refresh=true` was set.\n\nIf this endpoint is called via an AJAX request, the response contains the flow without a redirect. In the\ncase of an error, the `error.id` of the JSON response body can be one of:\n\n`session_already_available`: The user is already signed in.\n`session_aal1_required`: Multi-factor auth (e.g. 2fa) was requested but the user has no session yet.\n`security_csrf_violation`: Unable to fetch the flow because a CSRF violation occurred.\n`security_identity_mismatch`: The requested `?return_to` address is not allowed to be used. Adjust this in the configuration!\n\nThe optional query parameter login_challenge is set when using Kratos with\nHydra in an OAuth2 flow. See the oauth2_provider.url configuration\noption.\n\nThis endpoint is NOT INTENDED for clients that do not have a browser (Chrome, Firefox, ...) as cookies are needed.\n\nMore information can be found at [Ory Kratos User Login](https://www.ory.sh/docs/kratos/self-service/flows/user-login) and [User Registration Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-registration).",
         "operationId": "initializeSelfServiceLoginFlowForBrowsers",
         "parameters": [
           {
@@ -4881,7 +4881,7 @@
         "operationId": "initializeSelfServiceRegistrationFlowForBrowsers",
         "parameters": [
           {
-            "description": "An optional Hydra login challenge. If present, Kratos will cooperate with\nOry Hydra to act as an OAuth2 identity provider.\n\nThe value for this parameter comes from `login_challenge` URL Query parameter sent to your\napplication (e.g. `/registration?login_challenge=abcde`).",
+            "description": "Ory OAuth 2.0 Login Challenge.\n\nIf set will cooperate with Ory OAuth2 and OpenID to act as an OAuth2 server / OpenID Provider.\n\nThe value for this parameter comes from `login_challenge` URL Query parameter sent to your\napplication (e.g. `/registration?login_challenge=abcde`).\n\nThis feature is compatible with Ory Hydra when not running on the Ory Network.",
             "in": "query",
             "name": "login_challenge",
             "schema": {
@@ -5975,4 +5975,4 @@
   },
   "x-forwarded-proto": "string",
   "x-request-id": "string"
-}
+}
\ No newline at end of file
diff --git a/spec/swagger.json b/spec/swagger.json
index 6cc035a63134..3e5368fc840a 100755
--- a/spec/swagger.json
+++ b/spec/swagger.json
@@ -1756,7 +1756,7 @@
         "parameters": [
           {
             "type": "string",
-            "description": "An optional Hydra login challenge. If present, Kratos will cooperate with\nOry Hydra to act as an OAuth2 identity provider.\n\nThe value for this parameter comes from `login_challenge` URL Query parameter sent to your\napplication (e.g. `/registration?login_challenge=abcde`).",
+            "description": "Ory OAuth 2.0 Login Challenge.\n\nIf set will cooperate with Ory OAuth2 and OpenID to act as an OAuth2 server / OpenID Provider.\n\nThe value for this parameter comes from `login_challenge` URL Query parameter sent to your\napplication (e.g. `/registration?login_challenge=abcde`).\n\nThis feature is compatible with Ory Hydra when not running on the Ory Network.",
             "name": "login_challenge",
             "in": "query"
           },
@@ -5209,4 +5209,4 @@
   },
   "x-forwarded-proto": "string",
   "x-request-id": "string"
-}
+}
\ No newline at end of file

From 8f52e8b728bf8e2a99807f4d4899c2eaaca9e7e5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Miko=C5=82aj=20Meller?=
 <52668809+mmeller-wikia@users.noreply.github.com>
Date: Wed, 26 Oct 2022 10:10:58 +0200
Subject: [PATCH 312/411] docs: enable 2FA methods in docker-compose quickstart
 setup (#2828)

---
 contrib/quickstart/kratos/email-password/kratos.yml | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/contrib/quickstart/kratos/email-password/kratos.yml b/contrib/quickstart/kratos/email-password/kratos.yml
index e232bf441616..83c00d826241 100644
--- a/contrib/quickstart/kratos/email-password/kratos.yml
+++ b/contrib/quickstart/kratos/email-password/kratos.yml
@@ -18,6 +18,12 @@ selfservice:
   methods:
     password:
       enabled: true
+    totp:
+      config:
+        issuer: Kratos
+      enabled: true
+    lookup_secret:
+      enabled: true
     link:
       enabled: false
     code:
@@ -30,6 +36,7 @@ selfservice:
     settings:
       ui_url: http://127.0.0.1:4455/settings
       privileged_session_max_age: 15m
+      required_aal: highest_available
 
     recovery:
       enabled: true

From 504fb36b6e72900808666dde778906a069f3c48b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Miko=C5=82aj=20Meller?=
 <52668809+mmeller-wikia@users.noreply.github.com>
Date: Wed, 26 Oct 2022 10:31:06 +0200
Subject: [PATCH 313/411] fix: take over return_to param from unauthorized
 settings to login flow (#2787)

---
 selfservice/flow/login/handler_test.go        |  2 +-
 selfservice/flow/logout/handler_test.go       |  2 +-
 selfservice/flow/recovery/handler_test.go     |  2 +-
 selfservice/flow/registration/handler_test.go |  2 +-
 selfservice/flow/settings/handler.go          |  9 +++-
 selfservice/flow/settings/handler_test.go     | 52 +++++++++++++++++--
 selfservice/flow/verification/handler_test.go |  2 +-
 .../password/strategy_disabled_test.go        |  6 +--
 8 files changed, 63 insertions(+), 14 deletions(-)

diff --git a/selfservice/flow/login/handler_test.go b/selfservice/flow/login/handler_test.go
index 2508061bbf21..f91279f00329 100644
--- a/selfservice/flow/login/handler_test.go
+++ b/selfservice/flow/login/handler_test.go
@@ -549,9 +549,9 @@ func TestFlowLifecycle(t *testing.T) {
 
 				res, err := c.Do(req)
 				require.NoError(t, err)
+				defer res.Body.Close()
 				// here we check that the redirect status is 303
 				require.Equal(t, http.StatusSeeOther, res.StatusCode)
-				defer res.Body.Close()
 			})
 
 			t.Run("case=refuses to parse oauth2 login challenge when Hydra is not configured", func(t *testing.T) {
diff --git a/selfservice/flow/logout/handler_test.go b/selfservice/flow/logout/handler_test.go
index 27d1d62173c0..247fca82207d 100644
--- a/selfservice/flow/logout/handler_test.go
+++ b/selfservice/flow/logout/handler_test.go
@@ -239,8 +239,8 @@ func TestLogout(t *testing.T) {
 
 		res, err := hc.Do(req)
 		require.NoError(t, err)
+		defer res.Body.Close()
 		// here we check that the redirect status is 303
 		require.Equal(t, http.StatusSeeOther, res.StatusCode)
-		defer res.Body.Close()
 	})
 }
diff --git a/selfservice/flow/recovery/handler_test.go b/selfservice/flow/recovery/handler_test.go
index fa5ce08d310f..09e6aab1dba1 100644
--- a/selfservice/flow/recovery/handler_test.go
+++ b/selfservice/flow/recovery/handler_test.go
@@ -189,9 +189,9 @@ func TestInitFlow(t *testing.T) {
 
 			res, err := c.Do(req)
 			require.NoError(t, err)
+			defer res.Body.Close()
 			// here we check that the redirect status is 303
 			require.Equal(t, http.StatusSeeOther, res.StatusCode)
-			defer res.Body.Close()
 		})
 	})
 }
diff --git a/selfservice/flow/registration/handler_test.go b/selfservice/flow/registration/handler_test.go
index 75f555742849..9b69a8a0c2bf 100644
--- a/selfservice/flow/registration/handler_test.go
+++ b/selfservice/flow/registration/handler_test.go
@@ -184,9 +184,9 @@ func TestInitFlow(t *testing.T) {
 
 			res, err := c.Do(req)
 			require.NoError(t, err)
+			defer res.Body.Close()
 			// here we check that the redirect status is 303
 			require.Equal(t, http.StatusSeeOther, res.StatusCode)
-			defer res.Body.Close()
 		})
 	})
 }
diff --git a/selfservice/flow/settings/handler.go b/selfservice/flow/settings/handler.go
index 73f94986b7c9..943b8aa1c1e6 100644
--- a/selfservice/flow/settings/handler.go
+++ b/selfservice/flow/settings/handler.go
@@ -18,6 +18,7 @@ import (
 	"github.com/ory/kratos/schema"
 	"github.com/ory/kratos/selfservice/errorx"
 	"github.com/ory/kratos/selfservice/flow"
+	"github.com/ory/kratos/selfservice/flow/login"
 	"github.com/ory/kratos/session"
 	"github.com/ory/kratos/text"
 	"github.com/ory/kratos/ui/node"
@@ -85,7 +86,13 @@ func (h *Handler) RegisterPublicRoutes(public *x.RouterPublic) {
 		if x.IsJSONRequest(r) {
 			h.d.Writer().WriteError(w, r, session.NewErrNoActiveSessionFound())
 		} else {
-			http.Redirect(w, r, h.d.Config().SelfServiceFlowLoginUI(r.Context()).String(), http.StatusSeeOther)
+			loginFlowUrl := h.d.Config().SelfPublicURL(r.Context()).JoinPath(login.RouteInitBrowserFlow).String()
+			redirectUrl, err := x.TakeOverReturnToParameter(r.URL.String(), loginFlowUrl)
+			if err != nil {
+				http.Redirect(w, r, h.d.Config().SelfServiceFlowLoginUI(r.Context()).String(), http.StatusSeeOther)
+			} else {
+				http.Redirect(w, r, redirectUrl, http.StatusSeeOther)
+			}
 		}
 	}))
 
diff --git a/selfservice/flow/settings/handler_test.go b/selfservice/flow/settings/handler_test.go
index 9282ba936498..a73855b4319b 100644
--- a/selfservice/flow/settings/handler_test.go
+++ b/selfservice/flow/settings/handler_test.go
@@ -142,10 +142,43 @@ func TestHandler(t *testing.T) {
 		})
 
 		t.Run("description=init a flow as browser", func(t *testing.T) {
-			t.Run("description=without privileges", func(t *testing.T) {
-				res, body := initSPAFlow(t, new(http.Client))
-				assert.Equal(t, http.StatusUnauthorized, res.StatusCode, "%s", body)
-				assert.Equal(t, text.ErrNoActiveSession, gjson.GetBytes(body, "error.id").String(), "%s", body)
+			t.Run("case=unauthorized users are redirected to login preserving redirect_to param", func(t *testing.T) {
+				c := testhelpers.NewClientWithCookies(t)
+				// prevent the redirect
+				c.CheckRedirect = func(req *http.Request, via []*http.Request) error {
+					return http.ErrUseLastResponse
+				}
+				returnTo := "?return_to=validRedirect"
+				req, err := http.NewRequest("GET", publicTS.URL+settings.RouteInitBrowserFlow+returnTo, nil)
+				require.NoError(t, err)
+
+				res, err := c.Do(req)
+				require.NoError(t, err)
+				defer res.Body.Close()
+				// here we check that the redirect status is 303
+				require.Equal(t, http.StatusSeeOther, res.StatusCode)
+				location, err := res.Location()
+				require.NoError(t, err)
+				require.Equal(t, publicTS.URL+login.RouteInitBrowserFlow+returnTo, location.String())
+			})
+
+			t.Run("case=unauthorized users are redirected to login", func(t *testing.T) {
+				c := testhelpers.NewClientWithCookies(t)
+				// prevent the redirect
+				c.CheckRedirect = func(req *http.Request, via []*http.Request) error {
+					return http.ErrUseLastResponse
+				}
+				req, err := http.NewRequest("GET", publicTS.URL+settings.RouteInitBrowserFlow, nil)
+				require.NoError(t, err)
+
+				res, err := c.Do(req)
+				require.NoError(t, err)
+				defer res.Body.Close()
+				// here we check that the redirect status is 303
+				require.Equal(t, http.StatusSeeOther, res.StatusCode)
+				location, err := res.Location()
+				require.NoError(t, err)
+				require.Equal(t, publicTS.URL+login.RouteInitBrowserFlow, location.String())
 			})
 
 			t.Run("description=success", func(t *testing.T) {
@@ -173,13 +206,22 @@ func TestHandler(t *testing.T) {
 
 				res, err := c.Do(req)
 				require.NoError(t, err)
+				defer res.Body.Close()
 				// here we check that the redirect status is 303
 				require.Equal(t, http.StatusSeeOther, res.StatusCode)
-				defer res.Body.Close()
+				location, err := res.Location()
+				require.NoError(t, err)
+				require.Contains(t, location.String(), conf.SelfServiceFlowSettingsUI(ctx).String())
 			})
 		})
 
 		t.Run("description=init a flow as SPA", func(t *testing.T) {
+			t.Run("description=without privileges", func(t *testing.T) {
+				res, body := initSPAFlow(t, new(http.Client))
+				assert.Equal(t, http.StatusUnauthorized, res.StatusCode, "%s", body)
+				assert.Equal(t, text.ErrNoActiveSession, gjson.GetBytes(body, "error.id").String(), "%s", body)
+			})
+
 			t.Run("description=success", func(t *testing.T) {
 				user1 := testhelpers.NewHTTPClientWithArbitrarySessionToken(t, reg)
 				res, body := initSPAFlow(t, user1)
diff --git a/selfservice/flow/verification/handler_test.go b/selfservice/flow/verification/handler_test.go
index 15269d165690..9ec0ec367e95 100644
--- a/selfservice/flow/verification/handler_test.go
+++ b/selfservice/flow/verification/handler_test.go
@@ -176,8 +176,8 @@ func TestGetFlow(t *testing.T) {
 
 		res, err := c.Do(req)
 		require.NoError(t, err)
+		defer res.Body.Close()
 		// here we check that the redirect status is 303
 		require.Equal(t, http.StatusSeeOther, res.StatusCode)
-		defer res.Body.Close()
 	})
 }
diff --git a/selfservice/strategy/password/strategy_disabled_test.go b/selfservice/strategy/password/strategy_disabled_test.go
index 9cb85f39c465..91c504282bea 100644
--- a/selfservice/strategy/password/strategy_disabled_test.go
+++ b/selfservice/strategy/password/strategy_disabled_test.go
@@ -28,9 +28,9 @@ func TestDisabledEndpoint(t *testing.T) {
 
 		res, err := c.PostForm(f.Ui.Action, url.Values{"method": {"password"}, "password_identifier": []string{"identifier"}, "password": []string{"password"}})
 		require.NoError(t, err)
+		defer res.Body.Close()
 		assert.Equal(t, http.StatusNotFound, res.StatusCode)
 
-		defer res.Body.Close()
 		b, err := io.ReadAll(res.Body)
 		assert.Contains(t, string(b), "This endpoint was disabled by system administrator", "%s", b)
 	})
@@ -40,9 +40,9 @@ func TestDisabledEndpoint(t *testing.T) {
 
 		res, err := c.PostForm(f.Ui.Action, url.Values{"method": {"password"}, "password_identifier": []string{"identifier"}, "password": []string{"password"}})
 		require.NoError(t, err)
+		defer res.Body.Close()
 		assert.Equal(t, http.StatusNotFound, res.StatusCode)
 
-		defer res.Body.Close()
 		b, err := io.ReadAll(res.Body)
 		assert.Contains(t, string(b), "This endpoint was disabled by system administrator", "%s", b)
 	})
@@ -62,9 +62,9 @@ func TestDisabledEndpoint(t *testing.T) {
 				"password": {"bar"},
 			})
 			require.NoError(t, err)
+			defer res.Body.Close()
 			assert.Equal(t, http.StatusNotFound, res.StatusCode)
 
-			defer res.Body.Close()
 			b, err := io.ReadAll(res.Body)
 			assert.Contains(t, string(b), "This endpoint was disabled by system administrator", "%s", b)
 		})

From 154b61b9ff50306c540eb0904ae012195e735da4 Mon Sep 17 00:00:00 2001
From: Jonas Hungershausen 
Date: Wed, 26 Oct 2022 11:22:04 +0200
Subject: [PATCH 314/411] fix: wrong config key in admin recovery documentation
 (#2815)

---
 internal/httpclient/api/openapi.yaml                      | 8 ++++----
 .../docs/AdminCreateSelfServiceRecoveryCodeBody.md        | 2 +-
 .../docs/AdminCreateSelfServiceRecoveryLinkBody.md        | 2 +-
 .../model_admin_create_self_service_recovery_code_body.go | 2 +-
 .../model_admin_create_self_service_recovery_link_body.go | 2 +-
 selfservice/strategy/code/strategy_recovery.go            | 4 ++--
 selfservice/strategy/link/strategy_recovery.go            | 4 ++--
 spec/api.json                                             | 4 ++--
 spec/swagger.json                                         | 4 ++--
 9 files changed, 16 insertions(+), 16 deletions(-)

diff --git a/internal/httpclient/api/openapi.yaml b/internal/httpclient/api/openapi.yaml
index 9c718d36538f..5883c48fe970 100644
--- a/internal/httpclient/api/openapi.yaml
+++ b/internal/httpclient/api/openapi.yaml
@@ -3618,8 +3618,8 @@ components:
           description: |-
             Code Expires In
 
-            The recovery code will expire at that point in time. Defaults to the configuration value of
-            `selfservice.flows.recovery.request_lifespan`.
+            The recovery code will expire after that amount of time has passed. Defaults to the configuration value of
+            `selfservice.methods.code.config.lifespan`.
           pattern: ^([0-9]+(ns|us|ms|s|m|h))*$
           type: string
         identity_id:
@@ -3638,8 +3638,8 @@ components:
           description: |-
             Link Expires In
 
-            The recovery link will expire at that point in time. Defaults to the configuration value of
-            `selfservice.flows.recovery.request_lifespan`.
+            The recovery link will expire after that amount of time has passed. Defaults to the configuration value of
+            `selfservice.methods.code.config.lifespan`.
           pattern: ^[0-9]+(ns|us|ms|s|m|h)$
           type: string
         identity_id:
diff --git a/internal/httpclient/docs/AdminCreateSelfServiceRecoveryCodeBody.md b/internal/httpclient/docs/AdminCreateSelfServiceRecoveryCodeBody.md
index 7623689a81ad..8634beb21b4f 100644
--- a/internal/httpclient/docs/AdminCreateSelfServiceRecoveryCodeBody.md
+++ b/internal/httpclient/docs/AdminCreateSelfServiceRecoveryCodeBody.md
@@ -4,7 +4,7 @@
 
 Name | Type | Description | Notes
 ------------ | ------------- | ------------- | -------------
-**ExpiresIn** | Pointer to **string** | Code Expires In  The recovery code will expire at that point in time. Defaults to the configuration value of `selfservice.flows.recovery.request_lifespan`. | [optional] 
+**ExpiresIn** | Pointer to **string** | Code Expires In  The recovery code will expire after that amount of time has passed. Defaults to the configuration value of `selfservice.methods.code.config.lifespan`. | [optional] 
 **IdentityId** | **string** | Identity to Recover  The identity's ID you wish to recover. | 
 
 ## Methods
diff --git a/internal/httpclient/docs/AdminCreateSelfServiceRecoveryLinkBody.md b/internal/httpclient/docs/AdminCreateSelfServiceRecoveryLinkBody.md
index 782b1f25bbba..5a7b6709685e 100644
--- a/internal/httpclient/docs/AdminCreateSelfServiceRecoveryLinkBody.md
+++ b/internal/httpclient/docs/AdminCreateSelfServiceRecoveryLinkBody.md
@@ -4,7 +4,7 @@
 
 Name | Type | Description | Notes
 ------------ | ------------- | ------------- | -------------
-**ExpiresIn** | Pointer to **string** | Link Expires In  The recovery link will expire at that point in time. Defaults to the configuration value of `selfservice.flows.recovery.request_lifespan`. | [optional] 
+**ExpiresIn** | Pointer to **string** | Link Expires In  The recovery link will expire after that amount of time has passed. Defaults to the configuration value of `selfservice.methods.code.config.lifespan`. | [optional] 
 **IdentityId** | **string** | Identity to Recover  The identity's ID you wish to recover. | 
 
 ## Methods
diff --git a/internal/httpclient/model_admin_create_self_service_recovery_code_body.go b/internal/httpclient/model_admin_create_self_service_recovery_code_body.go
index ed6ac0c17633..5c77a5cd67b6 100644
--- a/internal/httpclient/model_admin_create_self_service_recovery_code_body.go
+++ b/internal/httpclient/model_admin_create_self_service_recovery_code_body.go
@@ -17,7 +17,7 @@ import (
 
 // AdminCreateSelfServiceRecoveryCodeBody struct for AdminCreateSelfServiceRecoveryCodeBody
 type AdminCreateSelfServiceRecoveryCodeBody struct {
-	// Code Expires In  The recovery code will expire at that point in time. Defaults to the configuration value of `selfservice.flows.recovery.request_lifespan`.
+	// Code Expires In  The recovery code will expire after that amount of time has passed. Defaults to the configuration value of `selfservice.methods.code.config.lifespan`.
 	ExpiresIn *string `json:"expires_in,omitempty"`
 	// Identity to Recover  The identity's ID you wish to recover.
 	IdentityId string `json:"identity_id"`
diff --git a/internal/httpclient/model_admin_create_self_service_recovery_link_body.go b/internal/httpclient/model_admin_create_self_service_recovery_link_body.go
index 790f7e87a548..4dc89b9516fc 100644
--- a/internal/httpclient/model_admin_create_self_service_recovery_link_body.go
+++ b/internal/httpclient/model_admin_create_self_service_recovery_link_body.go
@@ -17,7 +17,7 @@ import (
 
 // AdminCreateSelfServiceRecoveryLinkBody struct for AdminCreateSelfServiceRecoveryLinkBody
 type AdminCreateSelfServiceRecoveryLinkBody struct {
-	// Link Expires In  The recovery link will expire at that point in time. Defaults to the configuration value of `selfservice.flows.recovery.request_lifespan`.
+	// Link Expires In  The recovery link will expire after that amount of time has passed. Defaults to the configuration value of `selfservice.methods.code.config.lifespan`.
 	ExpiresIn *string `json:"expires_in,omitempty"`
 	// Identity to Recover  The identity's ID you wish to recover.
 	IdentityId string `json:"identity_id"`
diff --git a/selfservice/strategy/code/strategy_recovery.go b/selfservice/strategy/code/strategy_recovery.go
index 4e522374edaf..f4ce691984c2 100644
--- a/selfservice/strategy/code/strategy_recovery.go
+++ b/selfservice/strategy/code/strategy_recovery.go
@@ -79,8 +79,8 @@ type adminCreateSelfServiceRecoveryCodeBody struct {
 
 	// Code Expires In
 	//
-	// The recovery code will expire at that point in time. Defaults to the configuration value of
-	// `selfservice.flows.recovery.request_lifespan`.
+	// The recovery code will expire after that amount of time has passed. Defaults to the configuration value of
+	// `selfservice.methods.code.config.lifespan`.
 	//
 	//
 	// pattern: ^([0-9]+(ns|us|ms|s|m|h))*$
diff --git a/selfservice/strategy/link/strategy_recovery.go b/selfservice/strategy/link/strategy_recovery.go
index 5fd720dbff51..3abcf4b9364b 100644
--- a/selfservice/strategy/link/strategy_recovery.go
+++ b/selfservice/strategy/link/strategy_recovery.go
@@ -75,8 +75,8 @@ type adminCreateSelfServiceRecoveryLinkBody struct {
 
 	// Link Expires In
 	//
-	// The recovery link will expire at that point in time. Defaults to the configuration value of
-	// `selfservice.flows.recovery.request_lifespan`.
+	// The recovery link will expire after that amount of time has passed. Defaults to the configuration value of
+	// `selfservice.methods.code.config.lifespan`.
 	//
 	//
 	// pattern: ^[0-9]+(ns|us|ms|s|m|h)$
diff --git a/spec/api.json b/spec/api.json
index 741da8f9fdfb..b5dc960f8c02 100755
--- a/spec/api.json
+++ b/spec/api.json
@@ -435,7 +435,7 @@
       "adminCreateSelfServiceRecoveryCodeBody": {
         "properties": {
           "expires_in": {
-            "description": "Code Expires In\n\nThe recovery code will expire at that point in time. Defaults to the configuration value of\n`selfservice.flows.recovery.request_lifespan`.",
+            "description": "Code Expires In\n\nThe recovery code will expire after that amount of time has passed. Defaults to the configuration value of\n`selfservice.methods.code.config.lifespan`.",
             "pattern": "^([0-9]+(ns|us|ms|s|m|h))*$",
             "type": "string"
           },
@@ -453,7 +453,7 @@
       "adminCreateSelfServiceRecoveryLinkBody": {
         "properties": {
           "expires_in": {
-            "description": "Link Expires In\n\nThe recovery link will expire at that point in time. Defaults to the configuration value of\n`selfservice.flows.recovery.request_lifespan`.",
+            "description": "Link Expires In\n\nThe recovery link will expire after that amount of time has passed. Defaults to the configuration value of\n`selfservice.methods.code.config.lifespan`.",
             "pattern": "^[0-9]+(ns|us|ms|s|m|h)$",
             "type": "string"
           },
diff --git a/spec/swagger.json b/spec/swagger.json
index 3e5368fc840a..8c9efd5231be 100755
--- a/spec/swagger.json
+++ b/spec/swagger.json
@@ -3027,7 +3027,7 @@
       ],
       "properties": {
         "expires_in": {
-          "description": "Code Expires In\n\nThe recovery code will expire at that point in time. Defaults to the configuration value of\n`selfservice.flows.recovery.request_lifespan`.",
+          "description": "Code Expires In\n\nThe recovery code will expire after that amount of time has passed. Defaults to the configuration value of\n`selfservice.methods.code.config.lifespan`.",
           "type": "string",
           "pattern": "^([0-9]+(ns|us|ms|s|m|h))*$"
         },
@@ -3045,7 +3045,7 @@
       ],
       "properties": {
         "expires_in": {
-          "description": "Link Expires In\n\nThe recovery link will expire at that point in time. Defaults to the configuration value of\n`selfservice.flows.recovery.request_lifespan`.",
+          "description": "Link Expires In\n\nThe recovery link will expire after that amount of time has passed. Defaults to the configuration value of\n`selfservice.methods.code.config.lifespan`.",
           "type": "string",
           "pattern": "^[0-9]+(ns|us|ms|s|m|h)$"
         },

From 8102178d36d1ecc2967d05571460b18680d52ed1 Mon Sep 17 00:00:00 2001
From: hackerman <3372410+aeneasr@users.noreply.github.com>
Date: Wed, 26 Oct 2022 16:32:22 +0200
Subject: [PATCH 315/411] chore: debugf (#2842)

---
 hydra/hydra.go | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/hydra/hydra.go b/hydra/hydra.go
index cf367fb9804a..3dc3cd64c1d8 100644
--- a/hydra/hydra.go
+++ b/hydra/hydra.go
@@ -105,7 +105,7 @@ func (h *DefaultHydra) AcceptLoginRequest(ctx context.Context, hlc uuid.UUID, su
 		if r != nil {
 			innerErr = innerErr.
 				WithDetail("status_code", r.StatusCode).
-				WithDebugf("error", err.Error())
+				WithDebug(err.Error())
 		}
 		return "", errors.WithStack(innerErr)
 	}
@@ -129,7 +129,7 @@ func (h *DefaultHydra) GetLoginRequest(ctx context.Context, hlc uuid.NullUUID) (
 		if r != nil {
 			innerErr = innerErr.
 				WithDetail("status_code", r.StatusCode).
-				WithDebugf("error", err.Error())
+				WithDebug(err.Error())
 		}
 		return nil, errors.WithStack(innerErr)
 	}

From bfe46afaf28c50fd1c8cd7f8ad3a27f0793fa74d Mon Sep 17 00:00:00 2001
From: hackerman <3372410+aeneasr@users.noreply.github.com>
Date: Wed, 26 Oct 2022 16:32:42 +0200
Subject: [PATCH 316/411] chore(sdk): update order of arguments (#2840)

---
 internal/httpclient/api/openapi.yaml     | 42 ++++++++++++------------
 internal/httpclient/api_v0alpha2.go      | 32 +++++++++---------
 internal/httpclient/docs/V0alpha2Api.md  | 16 ++++-----
 selfservice/flow/login/handler.go        | 20 +++++------
 selfservice/flow/registration/handler.go | 10 +++---
 spec/api.json                            | 24 +++++++-------
 spec/swagger.json                        | 20 +++++------
 7 files changed, 82 insertions(+), 82 deletions(-)

diff --git a/internal/httpclient/api/openapi.yaml b/internal/httpclient/api/openapi.yaml
index 5883c48fe970..66de098ef798 100644
--- a/internal/httpclient/api/openapi.yaml
+++ b/internal/httpclient/api/openapi.yaml
@@ -1109,19 +1109,6 @@ paths:
         More information can be found at [Ory Kratos User Login](https://www.ory.sh/docs/kratos/self-service/flows/user-login) and [User Registration Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-registration).
       operationId: initializeSelfServiceLoginFlowForBrowsers
       parameters:
-      - description: |-
-          An optional Hydra login challenge. If present, Kratos will cooperate with
-          Ory Hydra to act as an OAuth2 identity provider.
-
-          The value for this parameter comes from `login_challenge` URL Query parameter sent to your
-          application (e.g. `/login?login_challenge=abcde`).
-        explode: true
-        in: query
-        name: login_challenge
-        required: false
-        schema:
-          type: string
-        style: form
       - description: |-
           Refresh a login session
 
@@ -1169,6 +1156,19 @@ paths:
         schema:
           type: string
         style: simple
+      - description: |-
+          An optional Hydra login challenge. If present, Kratos will cooperate with
+          Ory Hydra to act as an OAuth2 identity provider.
+
+          The value for this parameter comes from `login_challenge` URL Query parameter sent to your
+          application (e.g. `/login?login_challenge=abcde`).
+        explode: true
+        in: query
+        name: login_challenge
+        required: false
+        schema:
+          type: string
+        style: form
       responses:
         "200":
           content:
@@ -1868,6 +1868,14 @@ paths:
         More information can be found at [Ory Kratos User Login](https://www.ory.sh/docs/kratos/self-service/flows/user-login) and [User Registration Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-registration).
       operationId: initializeSelfServiceRegistrationFlowForBrowsers
       parameters:
+      - description: The URL to return the browser to after the flow was completed.
+        explode: true
+        in: query
+        name: return_to
+        required: false
+        schema:
+          type: string
+        style: form
       - description: |-
           Ory OAuth 2.0 Login Challenge.
 
@@ -1884,14 +1892,6 @@ paths:
         schema:
           type: string
         style: form
-      - description: The URL to return the browser to after the flow was completed.
-        explode: true
-        in: query
-        name: return_to
-        required: false
-        schema:
-          type: string
-        style: form
       responses:
         "200":
           content:
diff --git a/internal/httpclient/api_v0alpha2.go b/internal/httpclient/api_v0alpha2.go
index 0955abec27ff..04001b3c65be 100644
--- a/internal/httpclient/api_v0alpha2.go
+++ b/internal/httpclient/api_v0alpha2.go
@@ -4408,17 +4408,13 @@ func (a *V0alpha2ApiService) GetWebAuthnJavaScriptExecute(r V0alpha2ApiApiGetWeb
 type V0alpha2ApiApiInitializeSelfServiceLoginFlowForBrowsersRequest struct {
 	ctx            context.Context
 	ApiService     V0alpha2Api
-	loginChallenge *string
 	refresh        *bool
 	aal            *string
 	returnTo       *string
 	cookie         *string
+	loginChallenge *string
 }
 
-func (r V0alpha2ApiApiInitializeSelfServiceLoginFlowForBrowsersRequest) LoginChallenge(loginChallenge string) V0alpha2ApiApiInitializeSelfServiceLoginFlowForBrowsersRequest {
-	r.loginChallenge = &loginChallenge
-	return r
-}
 func (r V0alpha2ApiApiInitializeSelfServiceLoginFlowForBrowsersRequest) Refresh(refresh bool) V0alpha2ApiApiInitializeSelfServiceLoginFlowForBrowsersRequest {
 	r.refresh = &refresh
 	return r
@@ -4435,6 +4431,10 @@ func (r V0alpha2ApiApiInitializeSelfServiceLoginFlowForBrowsersRequest) Cookie(c
 	r.cookie = &cookie
 	return r
 }
+func (r V0alpha2ApiApiInitializeSelfServiceLoginFlowForBrowsersRequest) LoginChallenge(loginChallenge string) V0alpha2ApiApiInitializeSelfServiceLoginFlowForBrowsersRequest {
+	r.loginChallenge = &loginChallenge
+	return r
+}
 
 func (r V0alpha2ApiApiInitializeSelfServiceLoginFlowForBrowsersRequest) Execute() (*SelfServiceLoginFlow, *http.Response, error) {
 	return r.ApiService.InitializeSelfServiceLoginFlowForBrowsersExecute(r)
@@ -4501,9 +4501,6 @@ func (a *V0alpha2ApiService) InitializeSelfServiceLoginFlowForBrowsersExecute(r
 	localVarQueryParams := url.Values{}
 	localVarFormParams := url.Values{}
 
-	if r.loginChallenge != nil {
-		localVarQueryParams.Add("login_challenge", parameterToString(*r.loginChallenge, ""))
-	}
 	if r.refresh != nil {
 		localVarQueryParams.Add("refresh", parameterToString(*r.refresh, ""))
 	}
@@ -4513,6 +4510,9 @@ func (a *V0alpha2ApiService) InitializeSelfServiceLoginFlowForBrowsersExecute(r
 	if r.returnTo != nil {
 		localVarQueryParams.Add("return_to", parameterToString(*r.returnTo, ""))
 	}
+	if r.loginChallenge != nil {
+		localVarQueryParams.Add("login_challenge", parameterToString(*r.loginChallenge, ""))
+	}
 	// to determine the Content-Type header
 	localVarHTTPContentTypes := []string{}
 
@@ -5027,18 +5027,18 @@ func (a *V0alpha2ApiService) InitializeSelfServiceRecoveryFlowWithoutBrowserExec
 type V0alpha2ApiApiInitializeSelfServiceRegistrationFlowForBrowsersRequest struct {
 	ctx            context.Context
 	ApiService     V0alpha2Api
-	loginChallenge *string
 	returnTo       *string
+	loginChallenge *string
 }
 
-func (r V0alpha2ApiApiInitializeSelfServiceRegistrationFlowForBrowsersRequest) LoginChallenge(loginChallenge string) V0alpha2ApiApiInitializeSelfServiceRegistrationFlowForBrowsersRequest {
-	r.loginChallenge = &loginChallenge
-	return r
-}
 func (r V0alpha2ApiApiInitializeSelfServiceRegistrationFlowForBrowsersRequest) ReturnTo(returnTo string) V0alpha2ApiApiInitializeSelfServiceRegistrationFlowForBrowsersRequest {
 	r.returnTo = &returnTo
 	return r
 }
+func (r V0alpha2ApiApiInitializeSelfServiceRegistrationFlowForBrowsersRequest) LoginChallenge(loginChallenge string) V0alpha2ApiApiInitializeSelfServiceRegistrationFlowForBrowsersRequest {
+	r.loginChallenge = &loginChallenge
+	return r
+}
 
 func (r V0alpha2ApiApiInitializeSelfServiceRegistrationFlowForBrowsersRequest) Execute() (*SelfServiceRegistrationFlow, *http.Response, error) {
 	return r.ApiService.InitializeSelfServiceRegistrationFlowForBrowsersExecute(r)
@@ -5107,12 +5107,12 @@ func (a *V0alpha2ApiService) InitializeSelfServiceRegistrationFlowForBrowsersExe
 	localVarQueryParams := url.Values{}
 	localVarFormParams := url.Values{}
 
-	if r.loginChallenge != nil {
-		localVarQueryParams.Add("login_challenge", parameterToString(*r.loginChallenge, ""))
-	}
 	if r.returnTo != nil {
 		localVarQueryParams.Add("return_to", parameterToString(*r.returnTo, ""))
 	}
+	if r.loginChallenge != nil {
+		localVarQueryParams.Add("login_challenge", parameterToString(*r.loginChallenge, ""))
+	}
 	// to determine the Content-Type header
 	localVarHTTPContentTypes := []string{}
 
diff --git a/internal/httpclient/docs/V0alpha2Api.md b/internal/httpclient/docs/V0alpha2Api.md
index 14a44c40e916..4c909b98e761 100644
--- a/internal/httpclient/docs/V0alpha2Api.md
+++ b/internal/httpclient/docs/V0alpha2Api.md
@@ -1493,7 +1493,7 @@ No authorization required
 
 ## InitializeSelfServiceLoginFlowForBrowsers
 
-> SelfServiceLoginFlow InitializeSelfServiceLoginFlowForBrowsers(ctx).LoginChallenge(loginChallenge).Refresh(refresh).Aal(aal).ReturnTo(returnTo).Cookie(cookie).Execute()
+> SelfServiceLoginFlow InitializeSelfServiceLoginFlowForBrowsers(ctx).Refresh(refresh).Aal(aal).ReturnTo(returnTo).Cookie(cookie).LoginChallenge(loginChallenge).Execute()
 
 Initialize Login Flow for Browsers
 
@@ -1512,15 +1512,15 @@ import (
 )
 
 func main() {
-    loginChallenge := "loginChallenge_example" // string | An optional Hydra login challenge. If present, Kratos will cooperate with Ory Hydra to act as an OAuth2 identity provider.  The value for this parameter comes from `login_challenge` URL Query parameter sent to your application (e.g. `/login?login_challenge=abcde`). (optional)
     refresh := true // bool | Refresh a login session  If set to true, this will refresh an existing login session by asking the user to sign in again. This will reset the authenticated_at time of the session. (optional)
     aal := "aal_example" // string | Request a Specific AuthenticationMethod Assurance Level  Use this parameter to upgrade an existing session's authenticator assurance level (AAL). This allows you to ask for multi-factor authentication. When an identity sign in using e.g. username+password, the AAL is 1. If you wish to \"upgrade\" the session's security by asking the user to perform TOTP / WebAuth/ ... you would set this to \"aal2\". (optional)
     returnTo := "returnTo_example" // string | The URL to return the browser to after the flow was completed. (optional)
     cookie := "cookie_example" // string | HTTP Cookies  When using the SDK in a browser app, on the server side you must include the HTTP Cookie Header sent by the client to your server here. This ensures that CSRF and session cookies are respected. (optional)
+    loginChallenge := "loginChallenge_example" // string | An optional Hydra login challenge. If present, Kratos will cooperate with Ory Hydra to act as an OAuth2 identity provider.  The value for this parameter comes from `login_challenge` URL Query parameter sent to your application (e.g. `/login?login_challenge=abcde`). (optional)
 
     configuration := openapiclient.NewConfiguration()
     apiClient := openapiclient.NewAPIClient(configuration)
-    resp, r, err := apiClient.V0alpha2Api.InitializeSelfServiceLoginFlowForBrowsers(context.Background()).LoginChallenge(loginChallenge).Refresh(refresh).Aal(aal).ReturnTo(returnTo).Cookie(cookie).Execute()
+    resp, r, err := apiClient.V0alpha2Api.InitializeSelfServiceLoginFlowForBrowsers(context.Background()).Refresh(refresh).Aal(aal).ReturnTo(returnTo).Cookie(cookie).LoginChallenge(loginChallenge).Execute()
     if err != nil {
         fmt.Fprintf(os.Stderr, "Error when calling `V0alpha2Api.InitializeSelfServiceLoginFlowForBrowsers``: %v\n", err)
         fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
@@ -1541,11 +1541,11 @@ Other parameters are passed through a pointer to a apiInitializeSelfServiceLogin
 
 Name | Type | Description  | Notes
 ------------- | ------------- | ------------- | -------------
- **loginChallenge** | **string** | An optional Hydra login challenge. If present, Kratos will cooperate with Ory Hydra to act as an OAuth2 identity provider.  The value for this parameter comes from `login_challenge` URL Query parameter sent to your application (e.g. `/login?login_challenge=abcde`). | 
  **refresh** | **bool** | Refresh a login session  If set to true, this will refresh an existing login session by asking the user to sign in again. This will reset the authenticated_at time of the session. | 
  **aal** | **string** | Request a Specific AuthenticationMethod Assurance Level  Use this parameter to upgrade an existing session's authenticator assurance level (AAL). This allows you to ask for multi-factor authentication. When an identity sign in using e.g. username+password, the AAL is 1. If you wish to \"upgrade\" the session's security by asking the user to perform TOTP / WebAuth/ ... you would set this to \"aal2\". | 
  **returnTo** | **string** | The URL to return the browser to after the flow was completed. | 
  **cookie** | **string** | HTTP Cookies  When using the SDK in a browser app, on the server side you must include the HTTP Cookie Header sent by the client to your server here. This ensures that CSRF and session cookies are respected. | 
+ **loginChallenge** | **string** | An optional Hydra login challenge. If present, Kratos will cooperate with Ory Hydra to act as an OAuth2 identity provider.  The value for this parameter comes from `login_challenge` URL Query parameter sent to your application (e.g. `/login?login_challenge=abcde`). | 
 
 ### Return type
 
@@ -1764,7 +1764,7 @@ No authorization required
 
 ## InitializeSelfServiceRegistrationFlowForBrowsers
 
-> SelfServiceRegistrationFlow InitializeSelfServiceRegistrationFlowForBrowsers(ctx).LoginChallenge(loginChallenge).ReturnTo(returnTo).Execute()
+> SelfServiceRegistrationFlow InitializeSelfServiceRegistrationFlowForBrowsers(ctx).ReturnTo(returnTo).LoginChallenge(loginChallenge).Execute()
 
 Initialize Registration Flow for Browsers
 
@@ -1783,12 +1783,12 @@ import (
 )
 
 func main() {
-    loginChallenge := "loginChallenge_example" // string | Ory OAuth 2.0 Login Challenge.  If set will cooperate with Ory OAuth2 and OpenID to act as an OAuth2 server / OpenID Provider.  The value for this parameter comes from `login_challenge` URL Query parameter sent to your application (e.g. `/registration?login_challenge=abcde`).  This feature is compatible with Ory Hydra when not running on the Ory Network. (optional)
     returnTo := "returnTo_example" // string | The URL to return the browser to after the flow was completed. (optional)
+    loginChallenge := "loginChallenge_example" // string | Ory OAuth 2.0 Login Challenge.  If set will cooperate with Ory OAuth2 and OpenID to act as an OAuth2 server / OpenID Provider.  The value for this parameter comes from `login_challenge` URL Query parameter sent to your application (e.g. `/registration?login_challenge=abcde`).  This feature is compatible with Ory Hydra when not running on the Ory Network. (optional)
 
     configuration := openapiclient.NewConfiguration()
     apiClient := openapiclient.NewAPIClient(configuration)
-    resp, r, err := apiClient.V0alpha2Api.InitializeSelfServiceRegistrationFlowForBrowsers(context.Background()).LoginChallenge(loginChallenge).ReturnTo(returnTo).Execute()
+    resp, r, err := apiClient.V0alpha2Api.InitializeSelfServiceRegistrationFlowForBrowsers(context.Background()).ReturnTo(returnTo).LoginChallenge(loginChallenge).Execute()
     if err != nil {
         fmt.Fprintf(os.Stderr, "Error when calling `V0alpha2Api.InitializeSelfServiceRegistrationFlowForBrowsers``: %v\n", err)
         fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
@@ -1809,8 +1809,8 @@ Other parameters are passed through a pointer to a apiInitializeSelfServiceRegis
 
 Name | Type | Description  | Notes
 ------------- | ------------- | ------------- | -------------
- **loginChallenge** | **string** | Ory OAuth 2.0 Login Challenge.  If set will cooperate with Ory OAuth2 and OpenID to act as an OAuth2 server / OpenID Provider.  The value for this parameter comes from `login_challenge` URL Query parameter sent to your application (e.g. `/registration?login_challenge=abcde`).  This feature is compatible with Ory Hydra when not running on the Ory Network. | 
  **returnTo** | **string** | The URL to return the browser to after the flow was completed. | 
+ **loginChallenge** | **string** | Ory OAuth 2.0 Login Challenge.  If set will cooperate with Ory OAuth2 and OpenID to act as an OAuth2 server / OpenID Provider.  The value for this parameter comes from `login_challenge` URL Query parameter sent to your application (e.g. `/registration?login_challenge=abcde`).  This feature is compatible with Ory Hydra when not running on the Ory Network. | 
 
 ### Return type
 
diff --git a/selfservice/flow/login/handler.go b/selfservice/flow/login/handler.go
index ae3adbe01acf..a4abf3677d34 100644
--- a/selfservice/flow/login/handler.go
+++ b/selfservice/flow/login/handler.go
@@ -284,16 +284,6 @@ func (h *Handler) initAPIFlow(w http.ResponseWriter, r *http.Request, _ httprout
 // nolint:deadcode,unused
 // swagger:parameters initializeSelfServiceLoginFlowForBrowsers
 type initializeSelfServiceLoginFlowForBrowsers struct {
-	// An optional Hydra login challenge. If present, Kratos will cooperate with
-	// Ory Hydra to act as an OAuth2 identity provider.
-	//
-	// The value for this parameter comes from `login_challenge` URL Query parameter sent to your
-	// application (e.g. `/login?login_challenge=abcde`).
-	//
-	// required: false
-	// in: query
-	HydraLoginChallenge string `json:"login_challenge"`
-
 	// Refresh a login session
 	//
 	// If set to true, this will refresh an existing login session by
@@ -326,6 +316,16 @@ type initializeSelfServiceLoginFlowForBrowsers struct {
 	// in: header
 	// name: Cookie
 	Cookies string `json:"Cookie"`
+
+	// An optional Hydra login challenge. If present, Kratos will cooperate with
+	// Ory Hydra to act as an OAuth2 identity provider.
+	//
+	// The value for this parameter comes from `login_challenge` URL Query parameter sent to your
+	// application (e.g. `/login?login_challenge=abcde`).
+	//
+	// required: false
+	// in: query
+	HydraLoginChallenge string `json:"login_challenge"`
 }
 
 // swagger:route GET /self-service/login/browser v0alpha2 initializeSelfServiceLoginFlowForBrowsers
diff --git a/selfservice/flow/registration/handler.go b/selfservice/flow/registration/handler.go
index e3199dc3429e..0ce58345152e 100644
--- a/selfservice/flow/registration/handler.go
+++ b/selfservice/flow/registration/handler.go
@@ -195,6 +195,11 @@ func (h *Handler) initApiFlow(w http.ResponseWriter, r *http.Request, _ httprout
 // nolint:deadcode,unused
 // swagger:parameters initializeSelfServiceRegistrationFlowForBrowsers
 type initializeSelfServiceRegistrationFlowForBrowsers struct {
+	// The URL to return the browser to after the flow was completed.
+	//
+	// in: query
+	ReturnTo string `json:"return_to"`
+
 	// Ory OAuth 2.0 Login Challenge.
 	//
 	// If set will cooperate with Ory OAuth2 and OpenID to act as an OAuth2 server / OpenID Provider.
@@ -207,11 +212,6 @@ type initializeSelfServiceRegistrationFlowForBrowsers struct {
 	// required: false
 	// in: query
 	LoginChallenge string `json:"login_challenge"`
-
-	// The URL to return the browser to after the flow was completed.
-	//
-	// in: query
-	ReturnTo string `json:"return_to"`
 }
 
 // swagger:route GET /self-service/registration/browser v0alpha2 initializeSelfServiceRegistrationFlowForBrowsers
diff --git a/spec/api.json b/spec/api.json
index b5dc960f8c02..ba9b35eb2c99 100755
--- a/spec/api.json
+++ b/spec/api.json
@@ -4150,14 +4150,6 @@
         "description": "This endpoint initializes a browser-based user login flow. This endpoint will set the appropriate\ncookies and anti-CSRF measures required for browser-based flows.\n\nIf this endpoint is opened as a link in the browser, it will be redirected to\n`selfservice.flows.login.ui_url` with the flow ID set as the query parameter `?flow=`. If a valid user session\nexists already, the browser will be redirected to `urls.default_redirect_url` unless the query parameter\n`?refresh=true` was set.\n\nIf this endpoint is called via an AJAX request, the response contains the flow without a redirect. In the\ncase of an error, the `error.id` of the JSON response body can be one of:\n\n`session_already_available`: The user is already signed in.\n`session_aal1_required`: Multi-factor auth (e.g. 2fa) was requested but the user has no session yet.\n`security_csrf_violation`: Unable to fetch the flow because a CSRF violation occurred.\n`security_identity_mismatch`: The requested `?return_to` address is not allowed to be used. Adjust this in the configuration!\n\nThe optional query parameter login_challenge is set when using Kratos with\nHydra in an OAuth2 flow. See the oauth2_provider.url configuration\noption.\n\nThis endpoint is NOT INTENDED for clients that do not have a browser (Chrome, Firefox, ...) as cookies are needed.\n\nMore information can be found at [Ory Kratos User Login](https://www.ory.sh/docs/kratos/self-service/flows/user-login) and [User Registration Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-registration).",
         "operationId": "initializeSelfServiceLoginFlowForBrowsers",
         "parameters": [
-          {
-            "description": "An optional Hydra login challenge. If present, Kratos will cooperate with\nOry Hydra to act as an OAuth2 identity provider.\n\nThe value for this parameter comes from `login_challenge` URL Query parameter sent to your\napplication (e.g. `/login?login_challenge=abcde`).",
-            "in": "query",
-            "name": "login_challenge",
-            "schema": {
-              "type": "string"
-            }
-          },
           {
             "description": "Refresh a login session\n\nIf set to true, this will refresh an existing login session by\nasking the user to sign in again. This will reset the\nauthenticated_at time of the session.",
             "in": "query",
@@ -4189,6 +4181,14 @@
             "schema": {
               "type": "string"
             }
+          },
+          {
+            "description": "An optional Hydra login challenge. If present, Kratos will cooperate with\nOry Hydra to act as an OAuth2 identity provider.\n\nThe value for this parameter comes from `login_challenge` URL Query parameter sent to your\napplication (e.g. `/login?login_challenge=abcde`).",
+            "in": "query",
+            "name": "login_challenge",
+            "schema": {
+              "type": "string"
+            }
           }
         ],
         "responses": {
@@ -4881,17 +4881,17 @@
         "operationId": "initializeSelfServiceRegistrationFlowForBrowsers",
         "parameters": [
           {
-            "description": "Ory OAuth 2.0 Login Challenge.\n\nIf set will cooperate with Ory OAuth2 and OpenID to act as an OAuth2 server / OpenID Provider.\n\nThe value for this parameter comes from `login_challenge` URL Query parameter sent to your\napplication (e.g. `/registration?login_challenge=abcde`).\n\nThis feature is compatible with Ory Hydra when not running on the Ory Network.",
+            "description": "The URL to return the browser to after the flow was completed.",
             "in": "query",
-            "name": "login_challenge",
+            "name": "return_to",
             "schema": {
               "type": "string"
             }
           },
           {
-            "description": "The URL to return the browser to after the flow was completed.",
+            "description": "Ory OAuth 2.0 Login Challenge.\n\nIf set will cooperate with Ory OAuth2 and OpenID to act as an OAuth2 server / OpenID Provider.\n\nThe value for this parameter comes from `login_challenge` URL Query parameter sent to your\napplication (e.g. `/registration?login_challenge=abcde`).\n\nThis feature is compatible with Ory Hydra when not running on the Ory Network.",
             "in": "query",
-            "name": "return_to",
+            "name": "login_challenge",
             "schema": {
               "type": "string"
             }
diff --git a/spec/swagger.json b/spec/swagger.json
index 8c9efd5231be..e310ab3f7d03 100755
--- a/spec/swagger.json
+++ b/spec/swagger.json
@@ -1146,12 +1146,6 @@
         "summary": "Initialize Login Flow for Browsers",
         "operationId": "initializeSelfServiceLoginFlowForBrowsers",
         "parameters": [
-          {
-            "type": "string",
-            "description": "An optional Hydra login challenge. If present, Kratos will cooperate with\nOry Hydra to act as an OAuth2 identity provider.\n\nThe value for this parameter comes from `login_challenge` URL Query parameter sent to your\napplication (e.g. `/login?login_challenge=abcde`).",
-            "name": "login_challenge",
-            "in": "query"
-          },
           {
             "type": "boolean",
             "description": "Refresh a login session\n\nIf set to true, this will refresh an existing login session by\nasking the user to sign in again. This will reset the\nauthenticated_at time of the session.",
@@ -1175,6 +1169,12 @@
             "description": "HTTP Cookies\n\nWhen using the SDK in a browser app, on the server side you must include the HTTP Cookie Header\nsent by the client to your server here. This ensures that CSRF and session cookies are respected.",
             "name": "Cookie",
             "in": "header"
+          },
+          {
+            "type": "string",
+            "description": "An optional Hydra login challenge. If present, Kratos will cooperate with\nOry Hydra to act as an OAuth2 identity provider.\n\nThe value for this parameter comes from `login_challenge` URL Query parameter sent to your\napplication (e.g. `/login?login_challenge=abcde`).",
+            "name": "login_challenge",
+            "in": "query"
           }
         ],
         "responses": {
@@ -1756,14 +1756,14 @@
         "parameters": [
           {
             "type": "string",
-            "description": "Ory OAuth 2.0 Login Challenge.\n\nIf set will cooperate with Ory OAuth2 and OpenID to act as an OAuth2 server / OpenID Provider.\n\nThe value for this parameter comes from `login_challenge` URL Query parameter sent to your\napplication (e.g. `/registration?login_challenge=abcde`).\n\nThis feature is compatible with Ory Hydra when not running on the Ory Network.",
-            "name": "login_challenge",
+            "description": "The URL to return the browser to after the flow was completed.",
+            "name": "return_to",
             "in": "query"
           },
           {
             "type": "string",
-            "description": "The URL to return the browser to after the flow was completed.",
-            "name": "return_to",
+            "description": "Ory OAuth 2.0 Login Challenge.\n\nIf set will cooperate with Ory OAuth2 and OpenID to act as an OAuth2 server / OpenID Provider.\n\nThe value for this parameter comes from `login_challenge` URL Query parameter sent to your\napplication (e.g. `/registration?login_challenge=abcde`).\n\nThis feature is compatible with Ory Hydra when not running on the Ory Network.",
+            "name": "login_challenge",
             "in": "query"
           }
         ],

From 4c7057823b5292cb38f43bd5a96041aed178ad0a Mon Sep 17 00:00:00 2001
From: hackerman <3372410+aeneasr@users.noreply.github.com>
Date: Wed, 26 Oct 2022 16:32:56 +0200
Subject: [PATCH 317/411] fix(sdk): identity metadata is nullable (#2841)

Closes https://github.com/ory/sdk/issues/218
---
 .schema/openapi/patches/identity.yaml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/.schema/openapi/patches/identity.yaml b/.schema/openapi/patches/identity.yaml
index 0ae45623bd2e..f7d4fc2b45f0 100644
--- a/.schema/openapi/patches/identity.yaml
+++ b/.schema/openapi/patches/identity.yaml
@@ -21,3 +21,7 @@
   path: /components/schemas/adminCreateIdentityBody/properties/metadata_public/type
 - op: remove
   path: /components/schemas/nullJsonRawMessage/type
+- op: add
+  path: /components/schemas/nullJsonRawMessage/nullable
+  value: true
+

From ec70a30661c2d863c6ce83f9d5fc29d292891be4 Mon Sep 17 00:00:00 2001
From: ory-bot <60093411+ory-bot@users.noreply.github.com>
Date: Wed, 26 Oct 2022 14:35:05 +0000
Subject: [PATCH 318/411] autogen(openapi): regenerate swagger spec and
 internal client

[skip ci]
---
 internal/httpclient/api/openapi.yaml | 3 +++
 spec/api.json                        | 3 ++-
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/internal/httpclient/api/openapi.yaml b/internal/httpclient/api/openapi.yaml
index 66de098ef798..e196aa0cfa66 100644
--- a/internal/httpclient/api/openapi.yaml
+++ b/internal/httpclient/api/openapi.yaml
@@ -3904,9 +3904,11 @@ components:
         metadata_admin:
           description: NullJSONRawMessage represents a json.RawMessage that works
             well with JSON, SQL, and Swagger and is NULLable-
+          nullable: true
         metadata_public:
           description: NullJSONRawMessage represents a json.RawMessage that works
             well with JSON, SQL, and Swagger and is NULLable-
+          nullable: true
         recovery_addresses:
           description: RecoveryAddresses contains all the addresses that can be used
             to recover an identity.
@@ -4229,6 +4231,7 @@ components:
     nullJsonRawMessage:
       description: NullJSONRawMessage represents a json.RawMessage that works well
         with JSON, SQL, and Swagger and is NULLable-
+      nullable: true
     nullTime:
       format: date-time
       title: NullTime implements sql.NullTime functionality.
diff --git a/spec/api.json b/spec/api.json
index ba9b35eb2c99..cc03bcd5b0f9 100755
--- a/spec/api.json
+++ b/spec/api.json
@@ -1004,7 +1004,8 @@
         "type": "integer"
       },
       "nullJsonRawMessage": {
-        "description": "NullJSONRawMessage represents a json.RawMessage that works well with JSON, SQL, and Swagger and is NULLable-"
+        "description": "NullJSONRawMessage represents a json.RawMessage that works well with JSON, SQL, and Swagger and is NULLable-",
+        "nullable": true
       },
       "nullTime": {
         "format": "date-time",

From 93d4bf558e23d2eda5cc9b017366d6bc63c6a0f3 Mon Sep 17 00:00:00 2001
From: aeneasr <3372410+aeneasr@users.noreply.github.com>
Date: Wed, 26 Oct 2022 14:38:17 +0000
Subject: [PATCH 319/411] chore: update repository templates to
 https://github.com/ory/meta/commit/4a68ca0e3b70305c4a49a65777cb7f83a5eb9d89

---
 README.md         | 24 ++++++++++++++++++------
 package-lock.json |  3 +--
 2 files changed, 19 insertions(+), 8 deletions(-)

diff --git a/README.md b/README.md
index 3911dd3282b3..9b4b5590cded 100644
--- a/README.md
+++ b/README.md
@@ -258,7 +258,7 @@ that your company deserves a spot here, reach out to
                 
             
             unifiedglobalarchiving.com/data-detect/
-                
+        
         
             Adopter *
             Sainsbury's
@@ -291,7 +291,7 @@ that your company deserves a spot here, reach out to
                 
             
             reyah.eu
-                
+        
         
             Adopter *
             Zero
@@ -302,7 +302,7 @@ that your company deserves a spot here, reach out to
                 
             
             getzero.dev
-                
+        
         
             Adopter *
             Padis
@@ -335,7 +335,7 @@ that your company deserves a spot here, reach out to
                 
             
             securityonionsolutions.com
-                
+        
         
             Adopter *
             Factly
@@ -379,7 +379,7 @@ that your company deserves a spot here, reach out to
                 
             
             spiri.bo
-                
+        
         
             Sponsor
             Strivacity
@@ -490,7 +490,7 @@ that your company deserves a spot here, reach out to
             
             lunasec.io
         
-                
+            
             Adopter *
             Serlo
             
@@ -501,6 +501,18 @@ that your company deserves a spot here, reach out to
             
             serlo.org
         
+        
+            
+            Adopter *
+            dyrector.io
+            
+                
+                    
+                    dyrector.io
+                
+            
+            dyrector.io
+        
     
 
 
diff --git a/package-lock.json b/package-lock.json
index 27f1f71a24c1..9698d0311530 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -5787,8 +5787,7 @@
       "version": "7.5.8",
       "resolved": "https://registry.npmjs.org/ws/-/ws-7.5.8.tgz",
       "integrity": "sha512-ri1Id1WinAX5Jqn9HejiGb8crfRio0Qgu8+MtL36rlTA6RLsMdWt1Az/19A2Qij6uSHUMphEFaTKa4WG+UNHNw==",
-      "dev": true,
-      "requires": {}
+      "dev": true
     },
     "y18n": {
       "version": "5.0.8",

From 0c8263b7fcdb004df6749aa25daf224ec4cb4947 Mon Sep 17 00:00:00 2001
From: ory-bot <60093411+ory-bot@users.noreply.github.com>
Date: Wed, 26 Oct 2022 15:46:33 +0000
Subject: [PATCH 320/411] autogen(docs): regenerate and update changelog

[skip ci]
---
 CHANGELOG.md | 1020 ++++++++++++++++++++++++++++++--------------------
 1 file changed, 610 insertions(+), 410 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index de01cbadea53..97ba62414a07 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -5,7 +5,7 @@
 
 **Table of Contents**
 
-- [ (2022-09-21)](#2022-09-21)
+- [ (2022-10-26)](#2022-10-26)
   - [Breaking Changes](#breaking-changes)
     - [Bug Fixes](#bug-fixes)
     - [Code Refactoring](#code-refactoring)
@@ -43,192 +43,206 @@
     - [Features](#features-2)
     - [Tests](#tests-2)
     - [Unclassified](#unclassified-2)
-- [0.8.2-alpha.1 (2021-12-17)](#082-alpha1-2021-12-17)
-  - [Bug Fixes](#bug-fixes-6)
-  - [Code Generation](#code-generation-5)
-  - [Documentation](#documentation-4)
-- [0.8.1-alpha.1 (2021-12-13)](#081-alpha1-2021-12-13)
+- [0.8.3-alpha.1.pre.0 (2022-01-21)](#083-alpha1pre0-2022-01-21)
   - [Breaking Changes](#breaking-changes-4)
-    - [Bug Fixes](#bug-fixes-7)
-    - [Code Generation](#code-generation-6)
-    - [Documentation](#documentation-5)
+    - [Bug Fixes](#bug-fixes-6)
+    - [Code Generation](#code-generation-5)
+    - [Code Refactoring](#code-refactoring-3)
+    - [Documentation](#documentation-4)
     - [Features](#features-3)
     - [Tests](#tests-3)
-- [0.8.0-alpha.3 (2021-10-28)](#080-alpha3-2021-10-28)
+- [0.8.2-alpha.1 (2021-12-17)](#082-alpha1-2021-12-17)
+  - [Bug Fixes](#bug-fixes-7)
+  - [Code Generation](#code-generation-6)
+  - [Documentation](#documentation-5)
+- [0.8.1-alpha.1 (2021-12-13)](#081-alpha1-2021-12-13)
   - [Bug Fixes](#bug-fixes-8)
   - [Code Generation](#code-generation-7)
-- [0.8.0-alpha.2 (2021-10-28)](#080-alpha2-2021-10-28)
-  - [Code Generation](#code-generation-8)
-- [0.8.0-alpha.1 (2021-10-27)](#080-alpha1-2021-10-27)
+  - [Documentation](#documentation-6)
+  - [Features](#features-4)
+  - [Tests](#tests-4)
+- [0.8.0-alpha.4.pre.0 (2021-11-09)](#080-alpha4pre0-2021-11-09)
   - [Breaking Changes](#breaking-changes-5)
     - [Bug Fixes](#bug-fixes-9)
-    - [Code Generation](#code-generation-9)
-    - [Code Refactoring](#code-refactoring-3)
-    - [Documentation](#documentation-6)
-    - [Features](#features-4)
+    - [Code Generation](#code-generation-8)
+    - [Documentation](#documentation-7)
+    - [Features](#features-5)
+    - [Tests](#tests-5)
+- [0.8.0-alpha.3 (2021-10-28)](#080-alpha3-2021-10-28)
+  - [Bug Fixes](#bug-fixes-10)
+  - [Code Generation](#code-generation-9)
+- [0.8.0-alpha.2 (2021-10-28)](#080-alpha2-2021-10-28)
+  - [Code Generation](#code-generation-10)
+- [0.8.0-alpha.1 (2021-10-27)](#080-alpha1-2021-10-27)
+  - [Breaking Changes](#breaking-changes-6)
+    - [Bug Fixes](#bug-fixes-11)
+    - [Code Generation](#code-generation-11)
+    - [Code Refactoring](#code-refactoring-4)
+    - [Documentation](#documentation-8)
+    - [Features](#features-6)
     - [Reverts](#reverts-1)
-    - [Tests](#tests-4)
+    - [Tests](#tests-6)
     - [Unclassified](#unclassified-3)
 - [0.7.6-alpha.1 (2021-09-12)](#076-alpha1-2021-09-12)
-  - [Code Generation](#code-generation-10)
-- [0.7.5-alpha.1 (2021-09-11)](#075-alpha1-2021-09-11)
-  - [Code Generation](#code-generation-11)
-- [0.7.4-alpha.1 (2021-09-09)](#074-alpha1-2021-09-09)
-  - [Bug Fixes](#bug-fixes-10)
   - [Code Generation](#code-generation-12)
-  - [Documentation](#documentation-7)
-  - [Features](#features-5)
-  - [Tests](#tests-5)
-- [0.7.3-alpha.1 (2021-08-28)](#073-alpha1-2021-08-28)
-  - [Bug Fixes](#bug-fixes-11)
+- [0.7.5-alpha.1 (2021-09-11)](#075-alpha1-2021-09-11)
   - [Code Generation](#code-generation-13)
-  - [Documentation](#documentation-8)
-  - [Features](#features-6)
-- [0.7.1-alpha.1 (2021-07-22)](#071-alpha1-2021-07-22)
+- [0.7.4-alpha.1 (2021-09-09)](#074-alpha1-2021-09-09)
   - [Bug Fixes](#bug-fixes-12)
   - [Code Generation](#code-generation-14)
   - [Documentation](#documentation-9)
-  - [Tests](#tests-6)
+  - [Features](#features-7)
+  - [Tests](#tests-7)
+- [0.7.3-alpha.1 (2021-08-28)](#073-alpha1-2021-08-28)
+  - [Bug Fixes](#bug-fixes-13)
+  - [Code Generation](#code-generation-15)
+  - [Documentation](#documentation-10)
+  - [Features](#features-8)
+- [0.7.1-alpha.1 (2021-07-22)](#071-alpha1-2021-07-22)
+  - [Bug Fixes](#bug-fixes-14)
+  - [Code Generation](#code-generation-16)
+  - [Documentation](#documentation-11)
+  - [Tests](#tests-8)
 - [0.7.0-alpha.1 (2021-07-13)](#070-alpha1-2021-07-13)
-  - [Breaking Changes](#breaking-changes-6)
-    - [Bug Fixes](#bug-fixes-13)
-    - [Code Generation](#code-generation-15)
-    - [Code Refactoring](#code-refactoring-4)
-    - [Documentation](#documentation-10)
-    - [Features](#features-7)
-    - [Tests](#tests-7)
-    - [Unclassified](#unclassified-4)
-- [0.6.3-alpha.1 (2021-05-17)](#063-alpha1-2021-05-17)
   - [Breaking Changes](#breaking-changes-7)
-    - [Bug Fixes](#bug-fixes-14)
-    - [Code Generation](#code-generation-16)
+    - [Bug Fixes](#bug-fixes-15)
+    - [Code Generation](#code-generation-17)
     - [Code Refactoring](#code-refactoring-5)
-- [0.6.2-alpha.1 (2021-05-14)](#062-alpha1-2021-05-14)
-  - [Code Generation](#code-generation-17)
-  - [Documentation](#documentation-11)
-- [0.6.1-alpha.1 (2021-05-11)](#061-alpha1-2021-05-11)
-  - [Code Generation](#code-generation-18)
-  - [Features](#features-8)
-- [0.6.0-alpha.2 (2021-05-07)](#060-alpha2-2021-05-07)
-  - [Bug Fixes](#bug-fixes-15)
-  - [Code Generation](#code-generation-19)
-  - [Features](#features-9)
-- [0.6.0-alpha.1 (2021-05-05)](#060-alpha1-2021-05-05)
+    - [Documentation](#documentation-12)
+    - [Features](#features-9)
+    - [Tests](#tests-9)
+    - [Unclassified](#unclassified-4)
+- [0.6.3-alpha.1 (2021-05-17)](#063-alpha1-2021-05-17)
   - [Breaking Changes](#breaking-changes-8)
     - [Bug Fixes](#bug-fixes-16)
-    - [Code Generation](#code-generation-20)
+    - [Code Generation](#code-generation-18)
     - [Code Refactoring](#code-refactoring-6)
-    - [Documentation](#documentation-12)
-    - [Features](#features-10)
-    - [Tests](#tests-8)
-    - [Unclassified](#unclassified-5)
-- [0.5.5-alpha.1 (2020-12-09)](#055-alpha1-2020-12-09)
+- [0.6.2-alpha.1 (2021-05-14)](#062-alpha1-2021-05-14)
+  - [Code Generation](#code-generation-19)
+  - [Documentation](#documentation-13)
+- [0.6.1-alpha.1 (2021-05-11)](#061-alpha1-2021-05-11)
+  - [Code Generation](#code-generation-20)
+  - [Features](#features-10)
+- [0.6.0-alpha.2 (2021-05-07)](#060-alpha2-2021-05-07)
   - [Bug Fixes](#bug-fixes-17)
   - [Code Generation](#code-generation-21)
-  - [Documentation](#documentation-13)
   - [Features](#features-11)
-  - [Tests](#tests-9)
-  - [Unclassified](#unclassified-6)
-- [0.5.4-alpha.1 (2020-11-11)](#054-alpha1-2020-11-11)
-  - [Bug Fixes](#bug-fixes-18)
-  - [Code Generation](#code-generation-22)
-  - [Code Refactoring](#code-refactoring-7)
-  - [Documentation](#documentation-14)
-  - [Features](#features-12)
-- [0.5.3-alpha.1 (2020-10-27)](#053-alpha1-2020-10-27)
+- [0.6.0-alpha.1 (2021-05-05)](#060-alpha1-2021-05-05)
+  - [Breaking Changes](#breaking-changes-9)
+    - [Bug Fixes](#bug-fixes-18)
+    - [Code Generation](#code-generation-22)
+    - [Code Refactoring](#code-refactoring-7)
+    - [Documentation](#documentation-14)
+    - [Features](#features-12)
+    - [Tests](#tests-10)
+    - [Unclassified](#unclassified-5)
+- [0.5.5-alpha.1 (2020-12-09)](#055-alpha1-2020-12-09)
   - [Bug Fixes](#bug-fixes-19)
   - [Code Generation](#code-generation-23)
   - [Documentation](#documentation-15)
   - [Features](#features-13)
-  - [Tests](#tests-10)
-- [0.5.2-alpha.1 (2020-10-22)](#052-alpha1-2020-10-22)
+  - [Tests](#tests-11)
+  - [Unclassified](#unclassified-6)
+- [0.5.4-alpha.1 (2020-11-11)](#054-alpha1-2020-11-11)
   - [Bug Fixes](#bug-fixes-20)
   - [Code Generation](#code-generation-24)
+  - [Code Refactoring](#code-refactoring-8)
   - [Documentation](#documentation-16)
-  - [Tests](#tests-11)
-- [0.5.1-alpha.1 (2020-10-20)](#051-alpha1-2020-10-20)
+  - [Features](#features-14)
+- [0.5.3-alpha.1 (2020-10-27)](#053-alpha1-2020-10-27)
   - [Bug Fixes](#bug-fixes-21)
   - [Code Generation](#code-generation-25)
   - [Documentation](#documentation-17)
-  - [Features](#features-14)
+  - [Features](#features-15)
   - [Tests](#tests-12)
+- [0.5.2-alpha.1 (2020-10-22)](#052-alpha1-2020-10-22)
+  - [Bug Fixes](#bug-fixes-22)
+  - [Code Generation](#code-generation-26)
+  - [Documentation](#documentation-18)
+  - [Tests](#tests-13)
+- [0.5.1-alpha.1 (2020-10-20)](#051-alpha1-2020-10-20)
+  - [Bug Fixes](#bug-fixes-23)
+  - [Code Generation](#code-generation-27)
+  - [Documentation](#documentation-19)
+  - [Features](#features-16)
+  - [Tests](#tests-14)
   - [Unclassified](#unclassified-7)
 - [0.5.0-alpha.1 (2020-10-15)](#050-alpha1-2020-10-15)
-  - [Breaking Changes](#breaking-changes-9)
-    - [Bug Fixes](#bug-fixes-22)
-    - [Code Generation](#code-generation-26)
-    - [Code Refactoring](#code-refactoring-8)
-    - [Documentation](#documentation-18)
-    - [Features](#features-15)
-    - [Tests](#tests-13)
+  - [Breaking Changes](#breaking-changes-10)
+    - [Bug Fixes](#bug-fixes-24)
+    - [Code Generation](#code-generation-28)
+    - [Code Refactoring](#code-refactoring-9)
+    - [Documentation](#documentation-20)
+    - [Features](#features-17)
+    - [Tests](#tests-15)
     - [Unclassified](#unclassified-8)
 - [0.4.6-alpha.1 (2020-07-13)](#046-alpha1-2020-07-13)
-  - [Bug Fixes](#bug-fixes-23)
-  - [Code Generation](#code-generation-27)
-- [0.4.5-alpha.1 (2020-07-13)](#045-alpha1-2020-07-13)
-  - [Bug Fixes](#bug-fixes-24)
-  - [Code Generation](#code-generation-28)
-- [0.4.4-alpha.1 (2020-07-10)](#044-alpha1-2020-07-10)
   - [Bug Fixes](#bug-fixes-25)
   - [Code Generation](#code-generation-29)
-  - [Documentation](#documentation-19)
-- [0.4.3-alpha.1 (2020-07-08)](#043-alpha1-2020-07-08)
+- [0.4.5-alpha.1 (2020-07-13)](#045-alpha1-2020-07-13)
   - [Bug Fixes](#bug-fixes-26)
   - [Code Generation](#code-generation-30)
-- [0.4.2-alpha.1 (2020-07-08)](#042-alpha1-2020-07-08)
+- [0.4.4-alpha.1 (2020-07-10)](#044-alpha1-2020-07-10)
   - [Bug Fixes](#bug-fixes-27)
   - [Code Generation](#code-generation-31)
+  - [Documentation](#documentation-21)
+- [0.4.3-alpha.1 (2020-07-08)](#043-alpha1-2020-07-08)
+  - [Bug Fixes](#bug-fixes-28)
+  - [Code Generation](#code-generation-32)
+- [0.4.2-alpha.1 (2020-07-08)](#042-alpha1-2020-07-08)
+  - [Bug Fixes](#bug-fixes-29)
+  - [Code Generation](#code-generation-33)
 - [0.4.0-alpha.1 (2020-07-08)](#040-alpha1-2020-07-08)
-  - [Breaking Changes](#breaking-changes-10)
-    - [Bug Fixes](#bug-fixes-28)
-    - [Code Generation](#code-generation-32)
-    - [Code Refactoring](#code-refactoring-9)
-    - [Documentation](#documentation-20)
-    - [Features](#features-16)
+  - [Breaking Changes](#breaking-changes-11)
+    - [Bug Fixes](#bug-fixes-30)
+    - [Code Generation](#code-generation-34)
+    - [Code Refactoring](#code-refactoring-10)
+    - [Documentation](#documentation-22)
+    - [Features](#features-18)
     - [Unclassified](#unclassified-9)
 - [0.3.0-alpha.1 (2020-05-15)](#030-alpha1-2020-05-15)
-  - [Breaking Changes](#breaking-changes-11)
-    - [Bug Fixes](#bug-fixes-29)
+  - [Breaking Changes](#breaking-changes-12)
+    - [Bug Fixes](#bug-fixes-31)
     - [Chores](#chores)
-    - [Code Refactoring](#code-refactoring-10)
-    - [Documentation](#documentation-21)
-    - [Features](#features-17)
+    - [Code Refactoring](#code-refactoring-11)
+    - [Documentation](#documentation-23)
+    - [Features](#features-19)
     - [Unclassified](#unclassified-10)
 - [0.2.1-alpha.1 (2020-05-05)](#021-alpha1-2020-05-05)
   - [Chores](#chores-1)
-  - [Documentation](#documentation-22)
+  - [Documentation](#documentation-24)
 - [0.2.0-alpha.2 (2020-05-04)](#020-alpha2-2020-05-04)
-  - [Breaking Changes](#breaking-changes-12)
-    - [Bug Fixes](#bug-fixes-30)
+  - [Breaking Changes](#breaking-changes-13)
+    - [Bug Fixes](#bug-fixes-32)
     - [Chores](#chores-2)
-    - [Code Refactoring](#code-refactoring-11)
-    - [Documentation](#documentation-23)
-    - [Features](#features-18)
+    - [Code Refactoring](#code-refactoring-12)
+    - [Documentation](#documentation-25)
+    - [Features](#features-20)
     - [Unclassified](#unclassified-11)
 - [0.1.1-alpha.1 (2020-02-18)](#011-alpha1-2020-02-18)
-  - [Bug Fixes](#bug-fixes-31)
-  - [Code Refactoring](#code-refactoring-12)
-  - [Documentation](#documentation-24)
-- [0.1.0-alpha.6 (2020-02-16)](#010-alpha6-2020-02-16)
-  - [Bug Fixes](#bug-fixes-32)
+  - [Bug Fixes](#bug-fixes-33)
   - [Code Refactoring](#code-refactoring-13)
-  - [Documentation](#documentation-25)
-  - [Features](#features-19)
-- [0.1.0-alpha.5 (2020-02-06)](#010-alpha5-2020-02-06)
   - [Documentation](#documentation-26)
-  - [Features](#features-20)
+- [0.1.0-alpha.6 (2020-02-16)](#010-alpha6-2020-02-16)
+  - [Bug Fixes](#bug-fixes-34)
+  - [Code Refactoring](#code-refactoring-14)
+  - [Documentation](#documentation-27)
+  - [Features](#features-21)
+- [0.1.0-alpha.5 (2020-02-06)](#010-alpha5-2020-02-06)
+  - [Documentation](#documentation-28)
+  - [Features](#features-22)
 - [0.1.0-alpha.4 (2020-02-06)](#010-alpha4-2020-02-06)
   - [Continuous Integration](#continuous-integration)
-  - [Documentation](#documentation-27)
+  - [Documentation](#documentation-29)
 - [0.1.0-alpha.3 (2020-02-06)](#010-alpha3-2020-02-06)
   - [Continuous Integration](#continuous-integration-1)
 - [0.1.0-alpha.2 (2020-02-03)](#010-alpha2-2020-02-03)
-  - [Bug Fixes](#bug-fixes-33)
-  - [Documentation](#documentation-28)
-  - [Features](#features-21)
+  - [Bug Fixes](#bug-fixes-35)
+  - [Documentation](#documentation-30)
+  - [Features](#features-23)
   - [Unclassified](#unclassified-12)
 - [0.1.0-alpha.1 (2020-01-31)](#010-alpha1-2020-01-31)
-  - [Documentation](#documentation-29)
+  - [Documentation](#documentation-31)
 - [0.0.3-alpha.15 (2020-01-31)](#003-alpha15-2020-01-31)
   - [Unclassified](#unclassified-13)
 - [0.0.3-alpha.14 (2020-01-31)](#003-alpha14-2020-01-31)
@@ -261,15 +275,20 @@
   - [Unclassified](#unclassified-24)
 - [0.0.1-alpha.3 (2020-01-28)](#001-alpha3-2020-01-28)
   - [Continuous Integration](#continuous-integration-6)
-  - [Documentation](#documentation-30)
+  - [Documentation](#documentation-32)
   - [Unclassified](#unclassified-25)
 
 
 
-# [](https://github.com/ory/kratos/compare/v0.10.1...v) (2022-09-21)
+# [](https://github.com/ory/kratos/compare/v0.10.1...v) (2022-10-26)
 
 ## Breaking Changes
 
+This patch changes the behavior of the recovery flow. It introduces a new
+strategy for account recovery that sends out short "one-time passwords" (`code`)
+that a user can use to prove ownership of their account and recovery access to
+it. This PR also updates the default recovery strategy to `code`.
+
 This patch invalidates recovery flows initiated using the Admin API. Please
 re-generate any admin-generated recovery flows and tokens.
 
@@ -309,6 +328,12 @@ SDK Method `getJsonSchema` was renamed to `getIdentitySchema`.
   ([3f490a3](https://github.com/ory/kratos/commit/3f490a31cddc53ce5d9958454f41c352580904c9))
 - **cli:** Dry up code ([#2572](https://github.com/ory/kratos/issues/2572))
   ([d1b6b40](https://github.com/ory/kratos/commit/d1b6b40aa9dcc7a3ec9237eec28c4fa55f0b8627))
+- Correct name of span on recovery code deletion
+  ([#2823](https://github.com/ory/kratos/issues/2823))
+  ([44f775f](https://github.com/ory/kratos/commit/44f775f45d47eff63379d77a2339b824a6ede235))
+- Correctly calculate `expired_at` timestamp for FlowExpired errors
+  ([#2836](https://github.com/ory/kratos/issues/2836))
+  ([ddde43e](https://github.com/ory/kratos/commit/ddde43ec0d77a1214cd03e1f3e48ab4c34193779))
 - Debugging Docker setup ([#2616](https://github.com/ory/kratos/issues/2616))
   ([aaabe75](https://github.com/ory/kratos/commit/aaabe754659b96d2a5b727c4cada3ec300624434))
 - Disappearing title label on verification and recovery flow
@@ -326,6 +351,9 @@ SDK Method `getJsonSchema` was renamed to `getIdentitySchema`.
 - Duplicate messages in recovery flow
   ([#2592](https://github.com/ory/kratos/issues/2592))
   ([43fcc51](https://github.com/ory/kratos/commit/43fcc51b9bf6996fc4f7b0ef797189eb8f3978dc))
+- Express e2e tests for new account experience
+  ([#2708](https://github.com/ory/kratos/issues/2708))
+  ([84ea0cf](https://github.com/ory/kratos/commit/84ea0cf4c72b14f246835d435d22a31f96d9e644))
 - Format
   ([0934def](https://github.com/ory/kratos/commit/0934defff7a0d56e712af98c1cec87c60b3c934b))
 - Format check stage in the CI
@@ -333,6 +361,10 @@ SDK Method `getJsonSchema` was renamed to `getIdentitySchema`.
   ([bbe4463](https://github.com/ory/kratos/commit/bbe44632de77cfb3d4983b68647107d914cd4c46))
 - Gosec false positives
   ([e3e7ed0](https://github.com/ory/kratos/commit/e3e7ed08f5ce47fc794bd5c093018cee51baf689))
+- Identity sessions list response includes pagination headers
+  ([#2763](https://github.com/ory/kratos/issues/2763))
+  ([0c2efa2](https://github.com/ory/kratos/commit/0c2efa2d4345c035649208a71332a64c225313c3)),
+  closes [#2762](https://github.com/ory/kratos/issues/2762)
 - **identity:** Migrate identity_addresses to lower case
   ([#2517](https://github.com/ory/kratos/issues/2517))
   ([c058e23](https://github.com/ory/kratos/commit/c058e23599d994e12b676e87f7282c1f2b2e089c)),
@@ -356,6 +388,12 @@ SDK Method `getJsonSchema` was renamed to `getIdentitySchema`.
   This PR also adds a new enum field for `identity_recovery_tokens` to
   distinguish the two flows: admin versus self-service recovery.
 
+- Include metadata_admin in admin identity list response
+  ([#2791](https://github.com/ory/kratos/issues/2791))
+  ([aa698e0](https://github.com/ory/kratos/commit/aa698e03a3a96abf1563aea24273735bd9cc412d)),
+  closes [#2711](https://github.com/ory/kratos/issues/2711)
+- **lint:** Fixed lint error causing ci failures
+  ([4aab5e0](https://github.com/ory/kratos/commit/4aab5e0114dd02b8b0ce45376a0fe4bf11e38221))
 - Make hydra consistently localhost
   ([70211a1](https://github.com/ory/kratos/commit/70211a17a452d5ced8317822afda3f8e6185cc71))
 - Make ID field in VerifiableAddress struct optional
@@ -372,6 +410,12 @@ SDK Method `getJsonSchema` was renamed to `getIdentitySchema`.
   ([05afd68](https://github.com/ory/kratos/commit/05afd68381abe58c5e7cdd51cbf0ae409f5f0eb0))
 - Migration error detection
   ([a115486](https://github.com/ory/kratos/commit/a11548603a4c9b46ba238d2a7ee58fffb7f6d857))
+- Missing usage to recovery_code_invalid template
+  ([#2798](https://github.com/ory/kratos/issues/2798))
+  ([5ac7553](https://github.com/ory/kratos/commit/5ac7553d191885957215b5a63f3bbdc2d020f3fe))
+- Not cleared field validation message
+  ([#2800](https://github.com/ory/kratos/issues/2800))
+  ([cdaf68d](https://github.com/ory/kratos/commit/cdaf68db8e6dd7bacfdb5fc6ff28e5d960f75c2c))
 - Panic
   ([1182278](https://github.com/ory/kratos/commit/11822789c1561b27c2d769c9ea53a81835702f4a))
 - Patch invalidates credentials
@@ -381,6 +425,12 @@ SDK Method `getJsonSchema` was renamed to `getIdentitySchema`.
 - Potentially resolve tx issue in crdb
   ([#2595](https://github.com/ory/kratos/issues/2595))
   ([9d22035](https://github.com/ory/kratos/commit/9d22035695b6a793ac4bc5e2bd0a68b3aeea039c))
+- Preserve return_to param between flows
+  ([#2644](https://github.com/ory/kratos/issues/2644))
+  ([f002649](https://github.com/ory/kratos/commit/f002649d45658a1486fac551d8ca6b37b3d03026))
+- Proper annotation for patch
+  ([#2784](https://github.com/ory/kratos/issues/2784))
+  ([0cbfe41](https://github.com/ory/kratos/commit/0cbfe410c50cfe551693683881b4145d115c1aa3))
 - Re-add service to quickstart
   ([8c52c33](https://github.com/ory/kratos/commit/8c52c33cf277eda82c9b00b77cd9e03f1e5b4602))
 - Re-issue outdated cookie in /whoami
@@ -414,11 +464,20 @@ SDK Method `getJsonSchema` was renamed to `getIdentitySchema`.
 - Revert removal of required field in uiNodeInputAttributes
   ([#2623](https://github.com/ory/kratos/issues/2623))
   ([fee154b](https://github.com/ory/kratos/commit/fee154b28dfb3007f8d20a807cfd6d362c3bd9e7))
+- **sdk:** Identity metadata is nullable
+  ([#2841](https://github.com/ory/kratos/issues/2841))
+  ([4c70578](https://github.com/ory/kratos/commit/4c7057823b5292cb38f43bd5a96041aed178ad0a)):
+
+  Closes https://github.com/ory/sdk/issues/218
+
 - **sdk:** Make InputAttributes.Type an enum
   ([ff6190f](https://github.com/ory/kratos/commit/ff6190f31f538cf8ed735dfd1bb3b7afcd944c36))
 - **sdk:** Rust compile issue with required enum
   ([#2619](https://github.com/ory/kratos/issues/2619))
   ([8800085](https://github.com/ory/kratos/commit/8800085d5bde32367217170d00f7141b7ea46733))
+- Take over return_to param from unauthorized settings to login flow
+  ([#2787](https://github.com/ory/kratos/issues/2787))
+  ([504fb36](https://github.com/ory/kratos/commit/504fb36b6e72900808666dde778906a069f3c48b))
 - Unable to find JSON Schema ID: default
   ([#2393](https://github.com/ory/kratos/issues/2393))
   ([f43396b](https://github.com/ory/kratos/commit/f43396bdc03f89812f026c2a94b0b50100134c23))
@@ -431,6 +490,12 @@ SDK Method `getJsonSchema` was renamed to `getIdentitySchema`.
 - Wrap migration error in WithStack
   ([#2636](https://github.com/ory/kratos/issues/2636))
   ([4ce9f1e](https://github.com/ory/kratos/commit/4ce9f1ebb39cccfd36c4f0fb4a2ae2a17fbc18cc))
+- Wrong config key in admin recovery documentation
+  ([#2815](https://github.com/ory/kratos/issues/2815))
+  ([154b61b](https://github.com/ory/kratos/commit/154b61b9ff50306c540eb0904ae012195e735da4))
+- X-forwarded-for header parsing
+  ([#2807](https://github.com/ory/kratos/issues/2807))
+  ([4682afa](https://github.com/ory/kratos/commit/4682afaca3655dc809582b775a5a1c56205a4b4a))
 
 ### Code Refactoring
 
@@ -439,9 +504,21 @@ SDK Method `getJsonSchema` was renamed to `getIdentitySchema`.
 - **sdk:** Rename `getJsonSchema` to `getIdentitySchema`
   ([#2606](https://github.com/ory/kratos/issues/2606))
   ([8dc2ecf](https://github.com/ory/kratos/commit/8dc2ecf4919c9a14ef0bd089677de66ab3cfed92))
+- Use gotemplates for command usage
+  ([baa84c6](https://github.com/ory/kratos/commit/baa84c681b0c7fa29d653bd7226e792a5f44cb4c))
+- Use gotemplates for command usage
+  ([#2770](https://github.com/ory/kratos/issues/2770))
+  ([1d22b23](https://github.com/ory/kratos/commit/1d22b235291ce7102dd186a53a431b55780973d3))
 
 ### Documentation
 
+- Cleanup v0alpha2 endpoint summaries
+  ([db9a95b](https://github.com/ory/kratos/commit/db9a95b6d28f7db3416c9d1530be4fd63a17ac6b))
+- Cypress on arm based mac ([#2795](https://github.com/ory/kratos/issues/2795))
+  ([d8514b5](https://github.com/ory/kratos/commit/d8514b50b5df9c098c77c5cb817602657b2a02ea))
+- Enable 2FA methods in docker-compose quickstart setup
+  ([#2828](https://github.com/ory/kratos/issues/2828))
+  ([8f52e8b](https://github.com/ory/kratos/commit/8f52e8b728bf8e2a99807f4d4899c2eaaca9e7e5))
 - Fix badge
   ([dbb7506](https://github.com/ory/kratos/commit/dbb7506ec1a5a2b5bef21cb7838b6c86e755f0f9))
 - Importing credentials supported
@@ -472,6 +549,8 @@ SDK Method `getJsonSchema` was renamed to `getIdentitySchema`.
   ([#2523](https://github.com/ory/kratos/issues/2523))
   ([6284a9a](https://github.com/ory/kratos/commit/6284a9a5152924018d85f306e5758e9d8d759283)),
   closes [#2396](https://github.com/ory/kratos/issues/2396)
+- Add cache headers ([#2817](https://github.com/ory/kratos/issues/2817))
+  ([71e2449](https://github.com/ory/kratos/commit/71e2449d7038594e107f39934e4716f845be7bb7))
 - Add codecov yaml
   ([90da0bb](https://github.com/ory/kratos/commit/90da0bb4aeb50ed697c998342300cc56de5d5e1c))
 - Add DingTalk social login ([#2494](https://github.com/ory/kratos/issues/2494))
@@ -496,6 +575,19 @@ SDK Method `getJsonSchema` was renamed to `getIdentitySchema`.
   ([94a3741](https://github.com/ory/kratos/commit/94a37416011086582e309f62dc2c45ca84083a33))
 - Add pre-hooks to settings, verification, recovery
   ([c0ceaf3](https://github.com/ory/kratos/commit/c0ceaf31f9327cca903c19b77597cae4587737e6))
+- Add support for firebase scrypt hashes on identity import and login hash
+  upgrade ([#2734](https://github.com/ory/kratos/issues/2734))
+  ([3852eb4](https://github.com/ory/kratos/commit/3852eb460251a079bad68d08bee2aef23516d168)),
+  closes [#2422](https://github.com/ory/kratos/issues/2422)
+- Adding device information to the session
+  ([#2715](https://github.com/ory/kratos/issues/2715))
+  ([82bc9ce](https://github.com/ory/kratos/commit/82bc9ce00d44085287e6d8d9e3fb67e107be2503)):
+
+  Closes https://github.com/ory/kratos/issues/2091 See
+  https://github.com/ory-corp/cloud/issues/3011
+
+  Co-authored-by: Patrik 
+
 - Allow importing scrypt hashing algorithm
   ([#2689](https://github.com/ory/kratos/issues/2689))
   ([3e3b59e](https://github.com/ory/kratos/commit/3e3b59e53de8cb89e9fd01cfec75a0f8a601035b)),
@@ -507,6 +599,9 @@ SDK Method `getJsonSchema` was renamed to `getIdentitySchema`.
   ([#2569](https://github.com/ory/kratos/issues/2569))
   ([aa6eb13](https://github.com/ory/kratos/commit/aa6eb13c1c42c11354074553fac9c90ee0a8999e)),
   closes [#2552](https://github.com/ory/kratos/issues/2552)
+- Automatic TLS certificate reloading
+  ([#2744](https://github.com/ory/kratos/issues/2744))
+  ([09751e6](https://github.com/ory/kratos/commit/09751e6a03783701af60ce606633694ef67deacc))
 - **cli:** Helper for cleaning up stale records
   ([#2406](https://github.com/ory/kratos/issues/2406))
   ([29d6376](https://github.com/ory/kratos/commit/29d6376e22e4de617ec63ca0a5dcb4dbf34c7c37)),
@@ -515,13 +610,61 @@ SDK Method `getJsonSchema` was renamed to `getIdentitySchema`.
   ([#2423](https://github.com/ory/kratos/issues/2423))
   ([561187d](https://github.com/ory/kratos/commit/561187dafe2fea324d55c4efe3ffa6b65f9bed72)),
   closes [#2334](https://github.com/ory/kratos/issues/2334)
+- Immutable cookie session values
+  ([#2761](https://github.com/ory/kratos/issues/2761))
+  ([a6f2793](https://github.com/ory/kratos/commit/a6f27935ce17a7ff5b3deaa4973d72a7d83454fb)),
+  closes [#2701](https://github.com/ory/kratos/issues/2701)
 - Implement blocking webhooks
   ([#1585](https://github.com/ory/kratos/issues/1585))
   ([e48e9fa](https://github.com/ory/kratos/commit/e48e9fac7ab6a982e0e941bfea1d15569eb53582)),
   closes [#1724](https://github.com/ory/kratos/issues/1724)
   [#1483](https://github.com/ory/kratos/issues/1483)
+- Improve cache handling
+  ([6e8579b](https://github.com/ory/kratos/commit/6e8579b835d54d5ebb5371297ea60f24e915882d))
 - Improve state generation logic
   ([546ee3d](https://github.com/ory/kratos/commit/546ee3dc900874bc0614923b10697388c4e7676b))
+- OAuth2 integration ([#2804](https://github.com/ory/kratos/issues/2804))
+  ([7c6eb2a](https://github.com/ory/kratos/commit/7c6eb2a5128c6bc76ac7306edafaa54c4893ea82)):
+
+  This feature allows Ory Kratos to act as a login provider for Ory Hydra using
+  the `oauth2_provider.url` configuration value.
+
+  Closes https://github.com/ory/kratos/issues/273 Closes
+  https://github.com/ory/kratos/discussions/2293 See
+  https://github.com/ory/kratos-selfservice-ui-node/pull/50 See
+  https://github.com/ory/kratos-selfservice-ui-node/pull/68 See
+  https://github.com/ory/kratos-selfservice-ui-node/pull/108 See
+  https://github.com/ory/kratos-selfservice-ui-node/pull/111 See
+  https://github.com/ory/kratos-selfservice-ui-node/pull/149 See
+  https://github.com/ory/kratos-selfservice-ui-node/pull/170 See
+  https://github.com/ory/kratos-selfservice-ui-node/pull/198 See
+  https://github.com/ory/kratos-selfservice-ui-node/pull/207
+
+- Parse all id token claims into raw_claims
+  ([#2765](https://github.com/ory/kratos/issues/2765))
+  ([1da0cf6](https://github.com/ory/kratos/commit/1da0cf62b3f0ed8a81bca22123474baa7cf6de65)),
+  closes [#2528](https://github.com/ory/kratos/issues/2528):
+
+  All ID Token claims resulting from the Social Sign In flow are now available
+  in `raw_claims` and can be used in the Social Sign In JsonNet Mapper.
+
+- Replace magic links with one time codes in recovery flow
+  ([#2645](https://github.com/ory/kratos/issues/2645))
+  ([a1532ba](https://github.com/ory/kratos/commit/a1532ba79722ccfc9c8608ef6f51a6d9ecb24a8e)),
+  closes [#1451](https://github.com/ory/kratos/issues/1451):
+
+  This feature introduces a new `code` strategy to recover an account.
+
+  Currently, if a user needs to initiate a recovery flow to recover a lost
+  password/MFA/etc., they’ll receive an email containing a “magic link”. This
+  link contains a flow_id and a recovery_token. This is problematic because some
+  antivirus software opens links in emails to check for malicious content, etc.
+
+  Instead of the magic link, we send an 8-digit code that is clearly displayed
+  in the email or SMS. A user can now copy/paste or type it manually into the
+  text-field that is shown after the user clicks “submit” on the initiate flow
+  page.
+
 - Replace message_ttl with static max retry count
   ([#2638](https://github.com/ory/kratos/issues/2638))
   ([b341756](https://github.com/ory/kratos/commit/b341756130ee808ddcc003163884f09e3f006d0a)):
@@ -532,6 +675,9 @@ SDK Method `getJsonSchema` was renamed to `getIdentitySchema`.
 
 - Support ip exceptions
   ([de46c08](https://github.com/ory/kratos/commit/de46c08534dfae6165f6a570cc59829f367c0b57))
+- Update for the Ory Network
+  ([#2814](https://github.com/ory/kratos/issues/2814))
+  ([3e09e58](https://github.com/ory/kratos/commit/3e09e58a695cf5d9d57b9f773e0f50b1fd794915))
 
 ### Reverts
 
@@ -570,6 +716,13 @@ SDK Method `getJsonSchema` was renamed to `getIdentitySchema`.
 
 ### Unclassified
 
+- Revert "refactor: use gotemplates for command usage (#2770)" (#2778)
+  ([d612612](https://github.com/ory/kratos/commit/d612612313dc26f1ddaaa84dbca65139b967d52c)),
+  closes [#2770](https://github.com/ory/kratos/issues/2770)
+  [#2778](https://github.com/ory/kratos/issues/2778):
+
+  This reverts commit 1d22b235291ce7102dd186a53a431b55780973d3.
+
 - Remove empty script (#2739)
   ([1515b83](https://github.com/ory/kratos/commit/1515b839f52044d6c9674d4a2df43dfeda3bb15b)),
   closes [#2739](https://github.com/ory/kratos/issues/2739)
@@ -938,7 +1091,7 @@ Resolves an issue in the SDK release pipeline.
 - Pin v0.9.0-alpha.2 release commit
   ([f5501cf](https://github.com/ory/kratos/commit/f5501cf575a74884555e0e1e4cba39c552f4868f))
 
-# [0.9.0-alpha.1](https://github.com/ory/kratos/compare/v0.8.2-alpha.1...v0.9.0-alpha.1) (2022-03-21)
+# [0.9.0-alpha.1](https://github.com/ory/kratos/compare/v0.8.3-alpha.1.pre.0...v0.9.0-alpha.1) (2022-03-21)
 
 Ory Kratos v0.9 is here! We're extremely happy to announce that the new release
 is out and once again it's been made even better thanks to the incredible
@@ -1060,53 +1213,23 @@ identity:
       url: file://path/to/user_v1.json
 ```
 
-This patch removes the ability to use domain aliases, an obscure feature rarely
-used that had several issues and inconsistencies.
-
 ### Bug Fixes
 
-- Add `identity_id` index to `identity_verifiable_addresses` table
-  ([#2147](https://github.com/ory/kratos/issues/2147))
-  ([86fd942](https://github.com/ory/kratos/commit/86fd942e9a80e36dd65ef4ac57c5a5546f94995a)):
-
-  The verifiable addresses are loaded eagerly into the identity. When that
-  happens, the `identity_verifiable_addresses` table is queried by `nid` and
-  `identity_id`. This index should greatly improve performance, especially of
-  the `/sessions/whoami` endpoint.
-
-- Add ability to resume continuity sessions from several cookies
-  ([#2131](https://github.com/ory/kratos/issues/2131))
-  ([8b87bdb](https://github.com/ory/kratos/commit/8b87bdb1967654b5fbfbf9799948485b2a9a6af0)),
-  closes [#2016](https://github.com/ory/kratos/issues/2016)
-  [#1786](https://github.com/ory/kratos/issues/1786)
 - Add CourierConfig to default registry
   ([#2243](https://github.com/ory/kratos/issues/2243))
   ([2e1fba3](https://github.com/ory/kratos/commit/2e1fba3ca88e273362978fe29197fe44a879813e))
 - Add DispatchMessage to interface
   ([df2ca7a](https://github.com/ory/kratos/commit/df2ca7a7c97a28d40c6a8af082f99ff7706ee9db))
-- Add hiring notice to README
-  ([#2074](https://github.com/ory/kratos/issues/2074))
-  ([0c1e816](https://github.com/ory/kratos/commit/0c1e816693ad4a6c3fdb7206bbc95c81cdfdf3c0))
 - Add missing enum ([#2223](https://github.com/ory/kratos/issues/2223))
   ([4b7d7d0](https://github.com/ory/kratos/commit/4b7d7d0011207614ab12f52bb3a911b62581ebe9)):
 
   Closes https://github.com/ory/sdk/issues/147
 
-- Add missing version tag in quickstart.yml
-  ([#2110](https://github.com/ory/kratos/issues/2110))
-  ([1d281ea](https://github.com/ory/kratos/commit/1d281ea69e551cc3d40415f5405690f445891bb6))
 - Add output-dir input to cli-next
   ([#2230](https://github.com/ory/kratos/issues/2230))
   ([1eb3f18](https://github.com/ory/kratos/commit/1eb3f189f29cc032c44cbd9803acbf99362e5a62))
 - Added malformed config test
   ([5a3c9c1](https://github.com/ory/kratos/commit/5a3c9c162bd1da5c7bb938192a5e82789bac52cc))
-- Adjust scan configuration ([#2140](https://github.com/ory/kratos/issues/2140))
-  ([8506fcf](https://github.com/ory/kratos/commit/8506fcf59d572851b24041b48af6a04b31520a32)),
-  closes [#2083](https://github.com/ory/kratos/issues/2083)
-- Admin endpoint `/schemas` not redirecting to public endpoint
-  ([#2133](https://github.com/ory/kratos/issues/2133))
-  ([413833f](https://github.com/ory/kratos/commit/413833f128c0674f4e8dbb9e73698a9df04cfc1a)),
-  closes [#2084](https://github.com/ory/kratos/issues/2084)
 - Appropriately pass context around
   ([#2241](https://github.com/ory/kratos/issues/2241))
   ([668f6b2](https://github.com/ory/kratos/commit/668f6b246db1f61b9800f7581bedba4fa25318c4)):
@@ -1125,28 +1248,8 @@ used that had several issues and inconsistencies.
 
 - Broken links API spec
   ([e1e7516](https://github.com/ory/kratos/commit/e1e75165785f48f5a154c899e1c4168bcbb7d8c3))
-- Choose correct CSRF cookie when multiple are set
-  ([633076b](https://github.com/ory/kratos/commit/633076be008104afd50186ebe60722ef21999d5d)),
-  closes [ory/kratos#2121](https://github.com/ory/kratos/issues/2121)
-  [ory-corp/cloud#1786](https://github.com/ory-corp/cloud/issues/1786):
-
-  Resolves an issue where, when multiple CSRF cookies are set, a random one
-  would be used to verify the CSRF token. Now, regardless of how many
-  conflicting CSRF cookies exist, if one of them is valid, the request will pass
-  and clean up the cookie store.
-
 - Cloud config issue
   ([135b29c](https://github.com/ory/kratos/commit/135b29c647c87569cc85e8a72babb8d6777ebd24))
-- **continuity:** Properly reset cookies that became invalid
-  ([8e4b4fb](https://github.com/ory/kratos/commit/8e4b4fb3d6dbe668cf0166f4cff49eae753d481c)),
-  closes [#2121](https://github.com/ory/kratos/issues/2121)
-  [ory-corp/cloud#1786](https://github.com/ory-corp/cloud/issues/1786):
-
-  Resolves several reports related to incorrect handling of invalid continuity
-  issues.
-
-- **continuity:** Remove cookie on any error
-  ([428ac03](https://github.com/ory/kratos/commit/428ac03b582184dbbbc0c9c3ffd399273fd8e1a5))
 - Correct recovery hook
   ([c7682a8](https://github.com/ory/kratos/commit/c7682a8fd97fdac87d59d3e7fb798384b018c40f))
 - **courier:** Improve composability
@@ -1158,12 +1261,6 @@ used that had several issues and inconsistencies.
 - Do not remove all credentials when remove all security keys
   ([#2233](https://github.com/ory/kratos/issues/2233))
   ([ecd715a](https://github.com/ory/kratos/commit/ecd715a0437c0b068aa0c6a17cd2ba53fe034354))
-- Do not send session after registration without hook
-  ([#2094](https://github.com/ory/kratos/issues/2094))
-  ([3044229](https://github.com/ory/kratos/commit/3044229227229e81a4ba770eec241a748dd0945c)),
-  closes [#2093](https://github.com/ory/kratos/issues/2093)
-- Docker-compose standalone definition
-  ([3c7065a](https://github.com/ory/kratos/commit/3c7065ad32ff314c8cbdad8ed89fd9a9f5928f72))
 - Don't inherit flow type in recovery and verification flows
   ([#2250](https://github.com/ory/kratos/issues/2250))
   ([c5b444a](https://github.com/ory/kratos/commit/c5b444aa2bf46b3a86d08f693ab200a30bd4a609)),
@@ -1174,48 +1271,15 @@ used that had several issues and inconsistencies.
   ([dfe4140](https://github.com/ory/kratos/commit/dfe4140dda44d4b64988b94272b4776e362abde5))
 - Ensure no internal networks can be called in SMS sender
   ([65e42e5](https://github.com/ory/kratos/commit/65e42e5cb3a9a3a81e3c623fa066a7651dfb0699))
-- Explain mitigations in cookie error messages
-  ([ef4b01a](https://github.com/ory/kratos/commit/ef4b01a80ea91114b182ff26759d98cd5ba2cd02))
-- Expose network wrapper
-  ([a570607](https://github.com/ory/kratos/commit/a570607d460e7c5f9d49ce38ba7a4e06ae172359))
-- Faq ([#2101](https://github.com/ory/kratos/issues/2101))
-  ([311f906](https://github.com/ory/kratos/commit/311f9066a524308b970afc81d98d1a14b78bf63d)):
-
-  This patch
-
-  - moves the FAQ to the Debug & Help section
-  - renames it to Tips & Troubleshooting
-  - moves many of the questions to documents where they fit better, reformatted
-    and with added information where needed.
-  - also some other spelling/format fixes
-
-  See also https://github.com/ory/docusaurus-template/pull/87
-
 - **identity:** Slow query performance on MySQL
   ([731b3c7](https://github.com/ory/kratos/commit/731b3c7ba48271e2fb6bbd53b0281d5269012332)),
   closes [#2278](https://github.com/ory/kratos/issues/2278)
-- Ignore whitespace around identifier with password strategy
-  ([#2160](https://github.com/ory/kratos/issues/2160))
-  ([45335c5](https://github.com/ory/kratos/commit/45335c50f719af504974fe54e504d7653db03c78)),
-  closes [#2158](https://github.com/ory/kratos/issues/2158)
-- Improve courier test signature
-  ([b8888e3](https://github.com/ory/kratos/commit/b8888e3c93a602635b396503b7301396ce740ff8))
 - Improve password error resilience on settings flow
   ([e614f6e](https://github.com/ory/kratos/commit/e614f6e94e1d0f66f48bd058b015ab467d6b1b07))
 - Improve soundness of credential identifier normalization
   ([e475163](https://github.com/ory/kratos/commit/e475163330d06ca02cd0419e4b7216f03218e8c5))
-- Include missing type string in config schema
-  ([#2142](https://github.com/ory/kratos/issues/2142))
-  ([ec2c88a](https://github.com/ory/kratos/commit/ec2c88ac2d65ea1db1146101519cdbb709ebdbbb)):
-
-  Inside the config.schema.json under the CORS setting, add the missing type
-  (string) for the items of the allowed_origins array
-
 - Incorrect makefile rule ([#2222](https://github.com/ory/kratos/issues/2222))
   ([83a0ce7](https://github.com/ory/kratos/commit/83a0ce7d20e59c2fb1a35fa071a3d11a9280bcad))
-- **login:** Error handling when failed to prepare for an expired flow
-  ([#2120](https://github.com/ory/kratos/issues/2120))
-  ([fdad834](https://github.com/ory/kratos/commit/fdad834e7577e298887b83b693ddf20632cd7c43))
 - **login:** Put passwordless login before password
   ([df9245f](https://github.com/ory/kratos/commit/df9245fbc403e1b8f2dd1378678963cc0d71ef1a))
 - **lookup:** Resolve credentials counting regression
@@ -1230,8 +1294,6 @@ used that had several issues and inconsistencies.
 
   Closes https://github.com/ory/sdk/issues/157
 
-- Minor fixes in FAQ update ([#2130](https://github.com/ory/kratos/issues/2130))
-  ([b53eec7](https://github.com/ory/kratos/commit/b53eec721489514a80719b73bc5c758dc2adedfd))
 - Move to new post-release steps
   ([#2206](https://github.com/ory/kratos/issues/2206))
   ([10778fd](https://github.com/ory/kratos/commit/10778fdd16a116b5dc8f4c2bdc96a895728d9aec))
@@ -1259,9 +1321,6 @@ used that had several issues and inconsistencies.
 - Provide access to root path and error page
   ([#2317](https://github.com/ory/kratos/issues/2317))
   ([f360ee8](https://github.com/ory/kratos/commit/f360ee8e65dc64983181746d1059eac53588e029))
-- Quickstart standalone service definition
-  ([#2149](https://github.com/ory/kratos/issues/2149))
-  ([872b06e](https://github.com/ory/kratos/commit/872b06e1f798deacfef101edc3ab33fd75af9b29))
 - Rebase regressions
   ([d1c5085](https://github.com/ory/kratos/commit/d1c508570032c620a654b896111215a76a811517))
 - **registration:** Order for passwordless webauthn
@@ -1272,8 +1331,6 @@ used that had several issues and inconsistencies.
 
   Closes https://github.com/ory/kratos/issues/2087
 
-- Resolve configx regression
-  ([672c0ff](https://github.com/ory/kratos/commit/672c0ffc7f5edd1fd238dcdd0c5d0430b30966c6))
 - Resolve issues with the CI pipeline
   ([d15bd90](https://github.com/ory/kratos/commit/d15bd90433ed191c2eb41f119ed288906827334e))
 - Resolve merge regression
@@ -1305,19 +1362,6 @@ used that had several issues and inconsistencies.
   URL ([#2175](https://github.com/ory/kratos/issues/2175))
   ([3eaa88e](https://github.com/ory/kratos/commit/3eaa88e74e1540b14b6e41df2881346c60b92046)),
   closes [#2172](https://github.com/ory/kratos/issues/2172)
-- **selfservice:** Recovery self service flow passes on return_to URL
-  ([#1920](https://github.com/ory/kratos/issues/1920))
-  ([b925d35](https://github.com/ory/kratos/commit/b925d351dd0ce48cb6aed046dcf2698796453751)),
-  closes [#914](https://github.com/ory/kratos/issues/914)
-- Send 404 instead of null response for unknown verification flows
-  ([#2102](https://github.com/ory/kratos/issues/2102))
-  ([c9490c8](https://github.com/ory/kratos/commit/c9490c8927209b686aafe54b8a16207a8ef47ebe)),
-  closes [#2099](https://github.com/ory/kratos/issues/2099):
-
-  Fixes the verification handler to write the error, instead of nil object, when
-  the flow does not exist. Adds tests for every handler to check proper behavior
-  in that regard.
-
 - **session:** Correctly calculate aal for passwordless webauthn
   ([c7eb970](https://github.com/ory/kratos/commit/c7eb970ed252577e06d3d769d2545d5e8e98175a))
 - **session:** Properly declare session secrets
@@ -1332,13 +1376,6 @@ used that had several issues and inconsistencies.
   ([6481441](https://github.com/ory/kratos/commit/6481441fe7df1a2fc43ff153697e9bd2160c49b3))
 - Static analysis
   ([a1d3254](https://github.com/ory/kratos/commit/a1d3254346ec0bcc0a8c42bf66a8171e027f0d97))
-- Support setting complex configs from the environment
-  ([c45bf83](https://github.com/ory/kratos/commit/c45bf83a9e6744a0b3f2f24e3b07a6f0131d9a40)):
-
-  Closes https://github.com/ory/kratos/issues/1535 Closes
-  https://github.com/ory/kratos/issues/1792 Closes
-  https://github.com/ory/kratos/issues/1801
-
 - **test:** Parallelization issues
   ([dbcf3fb](https://github.com/ory/kratos/commit/dbcf3fb616db64e1b1f4cb5066113f703ca0b2ee))
 - **text:** Incorrect IDs for different messages
@@ -1354,9 +1391,6 @@ used that had several issues and inconsistencies.
   ([bee26c6](https://github.com/ory/kratos/commit/bee26c65c9511af82b9ed2051ab4f45b9570602d))
 - Unstable webauthn order
   ([6262160](https://github.com/ory/kratos/commit/626216098fcd9411c1b4b7cb3b42784146b29924))
-- Update download urls according to the new names
-  ([#2078](https://github.com/ory/kratos/issues/2078))
-  ([86ae016](https://github.com/ory/kratos/commit/86ae0166c8893b809929c7c45a2ba84416ddf228))
 - Updated oathkeeper+kratos example
   ([#2273](https://github.com/ory/kratos/issues/2273))
   ([567a3d7](https://github.com/ory/kratos/commit/567a3d765aa2115951f6af5b4ed4d2c791231de0))
@@ -1392,8 +1426,6 @@ used that had several issues and inconsistencies.
 
 - All admin endpoints are now exposed under `/admin/` on the admin port
   ([8acb4cf](https://github.com/ory/kratos/commit/8acb4cfaa61ef52619e889b8c862191c6b92e5eb))
-- Deprecate domain aliases
-  ([894a2cc](https://github.com/ory/kratos/commit/894a2cc39671fbc9d2c13b1fc1b45b217da5145d))
 - Distinguish between first and multi factor credentials
   ([8de9d01](https://github.com/ory/kratos/commit/8de9d01d9edae485f5a6ea7c68584ba4019a24d6))
 - Identity.default_schema_url is now `identity.default_schema_id`
@@ -1437,38 +1469,13 @@ used that had several issues and inconsistencies.
   ([d88c56f](https://github.com/ory/kratos/commit/d88c56fc0ebf042d1270d04a2382784e5200654d))
 - Fix broken links API doc ([#2296](https://github.com/ory/kratos/issues/2296))
   ([47eaae5](https://github.com/ory/kratos/commit/47eaae575023469834c0c3a4aac64dc6d880e164))
-- Fix incorrect port
-  ([c9a3587](https://github.com/ory/kratos/commit/c9a358717a99af436c6802f45c9c1f6edc77585f)),
-  closes [#2095](https://github.com/ory/kratos/issues/2095)
-- Fix link
-  ([c245ed4](https://github.com/ory/kratos/commit/c245ed40d443e3068bc5eee902e6b14f6ae777c6)):
-
-  Closes https://github.com/ory/kratos-selfservice-ui-node/issues/164
-
 - Fix versions
   ([7186ff3](https://github.com/ory/kratos/commit/7186ff354b9c3d0fbd3fb809546075fcfcd0c57f))
-- Ory cloud mentions + spelling
-  ([#2100](https://github.com/ory/kratos/issues/2100))
-  ([0c2fa5b](https://github.com/ory/kratos/commit/0c2fa5bdb98b95877ef740297b6d96a931a3430f))
-- Pagination ([#2143](https://github.com/ory/kratos/issues/2143))
-  ([0807a03](https://github.com/ory/kratos/commit/0807a03fba8ff9a3123cd038a472e90895502e82)),
-  closes [#2039](https://github.com/ory/kratos/issues/2039)
 - Replace all mentions of Ory Kratos SDK with Ory SDK
   ([#2187](https://github.com/ory/kratos/issues/2187))
   ([4e6897f](https://github.com/ory/kratos/commit/4e6897ff2220b5668d784a16dd1f48db30f271f0))
-- Typo ([#2073](https://github.com/ory/kratos/issues/2073))
-  ([e1a54f9](https://github.com/ory/kratos/commit/e1a54f9129d41b34cc8864c8ac38d1448e1f9372))
-- Typo ([#2114](https://github.com/ory/kratos/issues/2114))
-  ([a7a16d7](https://github.com/ory/kratos/commit/a7a16d7c91d89e274ea5fd79787cd4671d825532))
-- Update docker guide
-  ([072ca4d](https://github.com/ory/kratos/commit/072ca4d990cf4060555c8b2626f39ff18172d064)),
-  closes [#2086](https://github.com/ory/kratos/issues/2086)
 - Update readme
   ([e7d9da1](https://github.com/ory/kratos/commit/e7d9da199825fb15ae720c0496a257590b353a26))
-- Upgrade guide ([#2132](https://github.com/ory/kratos/issues/2132))
-  ([4a4ab05](https://github.com/ory/kratos/commit/4a4ab05573ebb20f82f62bfd38767de68d7708e9)):
-
-  Closes https://github.com/ory/kratos/discussions/2104
 
 ### Features
 
@@ -1490,25 +1497,12 @@ used that had several issues and inconsistencies.
   ([09e6fd1](https://github.com/ory/kratos/commit/09e6fd16bb6be0ff3ee209bbfe69e967546f70da))
 - Add npm install step
   ([3d253e5](https://github.com/ory/kratos/commit/3d253e58ec7d4464d9749efe6ecc4a5c1d9be789))
-- Add preset CSP nonce ([#2096](https://github.com/ory/kratos/issues/2096))
-  ([8913292](https://github.com/ory/kratos/commit/8913292c1193c416e5a54997e3635bef87affc01)):
-
-  Closes https://github.com/ory/kratos-selfservice-ui-node/issues/162
-
 - Add versioning and improve compatibility for credential migrations
   ([78ce668](https://github.com/ory/kratos/commit/78ce668a38c914939028be42cd30eefa566ed09a))
-- Added phone number identifier
-  ([#1938](https://github.com/ory/kratos/issues/1938))
-  ([294dfa8](https://github.com/ory/kratos/commit/294dfa85b4552b9266c44bb3376b8610c1ff5521)),
-  closes [#137](https://github.com/ory/kratos/issues/137)
 - Added sms sending support to courier
   ([687eca2](https://github.com/ory/kratos/commit/687eca24aac7a7b89cc949693271343573107898))
 - Allow empty version string
   ([419f94b](https://github.com/ory/kratos/commit/419f94bc1065771e49982faf56f8ef90a30bc306))
-- Allow registration to be disabled
-  ([#2081](https://github.com/ory/kratos/issues/2081))
-  ([864b00d](https://github.com/ory/kratos/commit/864b00d6ecddefdb06ac22fda04670bfa43f2fd5)),
-  closes [#882](https://github.com/ory/kratos/issues/882)
 - Cancelable web hooks
   ([44a5323](https://github.com/ory/kratos/commit/44a5323f835860dccd11460d666f620026e8b58d)):
 
@@ -1529,36 +1523,10 @@ used that had several issues and inconsistencies.
   It is now possible to override individual courier email templates using the
   configuration system!
 
-- Courier templates fs support
-  ([#2164](https://github.com/ory/kratos/issues/2164))
-  ([13689a7](https://github.com/ory/kratos/commit/13689a7135311a05b17383486f5fdab2e7a412d0))
 - **courier:** Expose setters again
   ([598dc3a](https://github.com/ory/kratos/commit/598dc3a4d7c27838e9058382378972a1c0330bde))
-- **courier:** Override default link base URL
-  ([cc99096](https://github.com/ory/kratos/commit/cc99096d07408c8b713ef9a7b17b8345597a9129)):
-
-  Added a new configuration value `selfservice.methods.link.config.base_url`
-  which allows to change the default base URL of recovery and verification
-  links. This is useful when the email should send a link which does not match
-  the globally configured base URL.
-
-  See https://github.com/ory-corp/cloud/issues/1766
-
-- **docker:** Add jaeger
-  ([27ec2b7](https://github.com/ory/kratos/commit/27ec2b74ee42697102c6a9a79bc5ca3c09756d94))
 - **e2e:** Add passwordless flows and fix bugs
   ([ef3871b](https://github.com/ory/kratos/commit/ef3871bd9b3e7e5f4360da8d1b7749cc005b4e19))
-- Enable Buildkit ([#2079](https://github.com/ory/kratos/issues/2079))
-  ([f40df5c](https://github.com/ory/kratos/commit/f40df5cd932aa3185b2155368db51a49b7f05991)):
-
-  Looks like this was attempted before but the magic comment was not on the
-  first line.
-
-- Expose courier template load
-  ([#2082](https://github.com/ory/kratos/issues/2082))
-  ([790716e](https://github.com/ory/kratos/commit/790716e58a4be06f04f3cbc5b974f16d873ae0d8))
-- Generalise courier tests ([#2125](https://github.com/ory/kratos/issues/2125))
-  ([75c6053](https://github.com/ory/kratos/commit/75c60537e366760fe87b7b8978e9854873b7f702))
 - **identity:** Add identity credentials helpers
   ([b7be327](https://github.com/ory/kratos/commit/b7be327a370368932ff390968acffaa1ce6d55a0))
 - **identity:** Add versioning to credentials
@@ -1572,10 +1540,6 @@ used that had several issues and inconsistencies.
 - Make sensitive log value redaction text configurable
   ([#2321](https://github.com/ory/kratos/issues/2321))
   ([9b66e43](https://github.com/ory/kratos/commit/9b66e437d0aeed61643b76aea7d49cad001dc8cf))
-- Make the password policy more configurable
-  ([#2118](https://github.com/ory/kratos/issues/2118))
-  ([70c627b](https://github.com/ory/kratos/commit/70c627b9feb3ec55765070b7c6c3fd64f2640e59)),
-  closes [#970](https://github.com/ory/kratos/issues/970)
 - **oidc:** Customizable base redirect uri
   ([fa1f234](https://github.com/ory/kratos/commit/fa1f23469f2fecfa82fa38147f601d969bd9aaa4)):
 
@@ -1602,16 +1566,8 @@ used that had several issues and inconsistencies.
 
 - **security:** Add e2e tests for various private network SSRF defenses
   ([b049bc3](https://github.com/ory/kratos/commit/b049bc304cd79568ee82f1423e583949f63d3377))
-- **security:** Add option to disallow private IP ranges in webhooks
-  ([05f1e5a](https://github.com/ory/kratos/commit/05f1e5a99426ed54cb70514554e64d851f0ba8d6)),
-  closes [#2152](https://github.com/ory/kratos/issues/2152)
 - **security:** Add SSRF defenses in OIDC
   ([d37dc5d](https://github.com/ory/kratos/commit/d37dc5d7946252783463bc9e99f7f792e2735614))
-- Selfservice and administrative session management
-  ([#2011](https://github.com/ory/kratos/issues/2011))
-  ([0fe4155](https://github.com/ory/kratos/commit/0fe4155b878102b77f7f13de5f0754ff75961498)),
-  closes [#655](https://github.com/ory/kratos/issues/655)
-  [#2007](https://github.com/ory/kratos/issues/2007)
 - **session:** Add webauthn to extension validation
   ([049fd8e](https://github.com/ory/kratos/commit/049fd8edc382f344018398027a4e0b3915116ff2))
 - **session:** Webauthn can now be a first factor as well
@@ -1700,8 +1656,6 @@ used that had several issues and inconsistencies.
   ([c6d0810](https://github.com/ory/kratos/commit/c6d08105a270fafd21a14a19e412d7081dedc754))
 - Significantly reduce persister run time
   ([647d6ef](https://github.com/ory/kratos/commit/647d6ef73797462020c2f59ece15e645561182b0))
-- Update cypress ([#2090](https://github.com/ory/kratos/issues/2090))
-  ([883a1b1](https://github.com/ory/kratos/commit/883a1b1ea33a1d3ef8b33342328382b59e4f18c3))
 - Update fixtures
   ([21462b7](https://github.com/ory/kratos/commit/21462b7eb8cbac719d8ae531969b0fd9d42b5e0c))
 - Update fixtures
@@ -1716,6 +1670,231 @@ used that had several issues and inconsistencies.
 - Move login hinting to own package
   ([1eb2604](https://github.com/ory/kratos/commit/1eb260423491af917edb1256d260ca3d3fb198dc))
 
+# [0.8.3-alpha.1.pre.0](https://github.com/ory/kratos/compare/v0.8.2-alpha.1...v0.8.3-alpha.1.pre.0) (2022-01-21)
+
+autogen: pin v0.8.3-alpha.1.pre.0 release commit
+
+## Breaking Changes
+
+This patch removes the ability to use domain aliases, an obscure feature rarely
+used that had several issues and inconsistencies.
+
+### Bug Fixes
+
+- Add `identity_id` index to `identity_verifiable_addresses` table
+  ([#2147](https://github.com/ory/kratos/issues/2147))
+  ([86fd942](https://github.com/ory/kratos/commit/86fd942e9a80e36dd65ef4ac57c5a5546f94995a)):
+
+  The verifiable addresses are loaded eagerly into the identity. When that
+  happens, the `identity_verifiable_addresses` table is queried by `nid` and
+  `identity_id`. This index should greatly improve performance, especially of
+  the `/sessions/whoami` endpoint.
+
+- Add ability to resume continuity sessions from several cookies
+  ([#2131](https://github.com/ory/kratos/issues/2131))
+  ([8b87bdb](https://github.com/ory/kratos/commit/8b87bdb1967654b5fbfbf9799948485b2a9a6af0)),
+  closes [#2016](https://github.com/ory/kratos/issues/2016)
+  [#1786](https://github.com/ory/kratos/issues/1786)
+- Add hiring notice to README
+  ([#2074](https://github.com/ory/kratos/issues/2074))
+  ([0c1e816](https://github.com/ory/kratos/commit/0c1e816693ad4a6c3fdb7206bbc95c81cdfdf3c0))
+- Add missing version tag in quickstart.yml
+  ([#2110](https://github.com/ory/kratos/issues/2110))
+  ([1d281ea](https://github.com/ory/kratos/commit/1d281ea69e551cc3d40415f5405690f445891bb6))
+- Adjust scan configuration ([#2140](https://github.com/ory/kratos/issues/2140))
+  ([8506fcf](https://github.com/ory/kratos/commit/8506fcf59d572851b24041b48af6a04b31520a32)),
+  closes [#2083](https://github.com/ory/kratos/issues/2083)
+- Admin endpoint `/schemas` not redirecting to public endpoint
+  ([#2133](https://github.com/ory/kratos/issues/2133))
+  ([413833f](https://github.com/ory/kratos/commit/413833f128c0674f4e8dbb9e73698a9df04cfc1a)),
+  closes [#2084](https://github.com/ory/kratos/issues/2084)
+- Choose correct CSRF cookie when multiple are set
+  ([633076b](https://github.com/ory/kratos/commit/633076be008104afd50186ebe60722ef21999d5d)),
+  closes [ory/kratos#2121](https://github.com/ory/kratos/issues/2121)
+  [ory-corp/cloud#1786](https://github.com/ory-corp/cloud/issues/1786):
+
+  Resolves an issue where, when multiple CSRF cookies are set, a random one
+  would be used to verify the CSRF token. Now, regardless of how many
+  conflicting CSRF cookies exist, if one of them is valid, the request will pass
+  and clean up the cookie store.
+
+- **continuity:** Properly reset cookies that became invalid
+  ([8e4b4fb](https://github.com/ory/kratos/commit/8e4b4fb3d6dbe668cf0166f4cff49eae753d481c)),
+  closes [#2121](https://github.com/ory/kratos/issues/2121)
+  [ory-corp/cloud#1786](https://github.com/ory-corp/cloud/issues/1786):
+
+  Resolves several reports related to incorrect handling of invalid continuity
+  issues.
+
+- **continuity:** Remove cookie on any error
+  ([428ac03](https://github.com/ory/kratos/commit/428ac03b582184dbbbc0c9c3ffd399273fd8e1a5))
+- Do not send session after registration without hook
+  ([#2094](https://github.com/ory/kratos/issues/2094))
+  ([3044229](https://github.com/ory/kratos/commit/3044229227229e81a4ba770eec241a748dd0945c)),
+  closes [#2093](https://github.com/ory/kratos/issues/2093)
+- Docker-compose standalone definition
+  ([3c7065a](https://github.com/ory/kratos/commit/3c7065ad32ff314c8cbdad8ed89fd9a9f5928f72))
+- Explain mitigations in cookie error messages
+  ([ef4b01a](https://github.com/ory/kratos/commit/ef4b01a80ea91114b182ff26759d98cd5ba2cd02))
+- Expose network wrapper
+  ([a570607](https://github.com/ory/kratos/commit/a570607d460e7c5f9d49ce38ba7a4e06ae172359))
+- Faq ([#2101](https://github.com/ory/kratos/issues/2101))
+  ([311f906](https://github.com/ory/kratos/commit/311f9066a524308b970afc81d98d1a14b78bf63d)):
+
+  This patch
+
+  - moves the FAQ to the Debug & Help section
+  - renames it to Tips & Troubleshooting
+  - moves many of the questions to documents where they fit better, reformatted
+    and with added information where needed.
+  - also some other spelling/format fixes
+
+  See also https://github.com/ory/docusaurus-template/pull/87
+
+- Ignore whitespace around identifier with password strategy
+  ([#2160](https://github.com/ory/kratos/issues/2160))
+  ([45335c5](https://github.com/ory/kratos/commit/45335c50f719af504974fe54e504d7653db03c78)),
+  closes [#2158](https://github.com/ory/kratos/issues/2158)
+- Improve courier test signature
+  ([b8888e3](https://github.com/ory/kratos/commit/b8888e3c93a602635b396503b7301396ce740ff8))
+- Include missing type string in config schema
+  ([#2142](https://github.com/ory/kratos/issues/2142))
+  ([ec2c88a](https://github.com/ory/kratos/commit/ec2c88ac2d65ea1db1146101519cdbb709ebdbbb)):
+
+  Inside the config.schema.json under the CORS setting, add the missing type
+  (string) for the items of the allowed_origins array
+
+- **login:** Error handling when failed to prepare for an expired flow
+  ([#2120](https://github.com/ory/kratos/issues/2120))
+  ([fdad834](https://github.com/ory/kratos/commit/fdad834e7577e298887b83b693ddf20632cd7c43))
+- Minor fixes in FAQ update ([#2130](https://github.com/ory/kratos/issues/2130))
+  ([b53eec7](https://github.com/ory/kratos/commit/b53eec721489514a80719b73bc5c758dc2adedfd))
+- Quickstart standalone service definition
+  ([#2149](https://github.com/ory/kratos/issues/2149))
+  ([872b06e](https://github.com/ory/kratos/commit/872b06e1f798deacfef101edc3ab33fd75af9b29))
+- Resolve configx regression
+  ([672c0ff](https://github.com/ory/kratos/commit/672c0ffc7f5edd1fd238dcdd0c5d0430b30966c6))
+- **selfservice:** Recovery self service flow passes on return_to URL
+  ([#1920](https://github.com/ory/kratos/issues/1920))
+  ([b925d35](https://github.com/ory/kratos/commit/b925d351dd0ce48cb6aed046dcf2698796453751)),
+  closes [#914](https://github.com/ory/kratos/issues/914)
+- Send 404 instead of null response for unknown verification flows
+  ([#2102](https://github.com/ory/kratos/issues/2102))
+  ([c9490c8](https://github.com/ory/kratos/commit/c9490c8927209b686aafe54b8a16207a8ef47ebe)),
+  closes [#2099](https://github.com/ory/kratos/issues/2099):
+
+  Fixes the verification handler to write the error, instead of nil object, when
+  the flow does not exist. Adds tests for every handler to check proper behavior
+  in that regard.
+
+- Support setting complex configs from the environment
+  ([c45bf83](https://github.com/ory/kratos/commit/c45bf83a9e6744a0b3f2f24e3b07a6f0131d9a40)):
+
+  Closes https://github.com/ory/kratos/issues/1535 Closes
+  https://github.com/ory/kratos/issues/1792 Closes
+  https://github.com/ory/kratos/issues/1801
+
+- Update download urls according to the new names
+  ([#2078](https://github.com/ory/kratos/issues/2078))
+  ([86ae016](https://github.com/ory/kratos/commit/86ae0166c8893b809929c7c45a2ba84416ddf228))
+
+### Code Generation
+
+- Pin v0.8.3-alpha.1.pre.0 release commit
+  ([b1f1da2](https://github.com/ory/kratos/commit/b1f1da2c0b4fbf6e6b4259c58b39a3e88e990142))
+
+### Code Refactoring
+
+- Deprecate domain aliases
+  ([894a2cc](https://github.com/ory/kratos/commit/894a2cc39671fbc9d2c13b1fc1b45b217da5145d))
+
+### Documentation
+
+- Fix incorrect port
+  ([c9a3587](https://github.com/ory/kratos/commit/c9a358717a99af436c6802f45c9c1f6edc77585f)),
+  closes [#2095](https://github.com/ory/kratos/issues/2095)
+- Fix link
+  ([c245ed4](https://github.com/ory/kratos/commit/c245ed40d443e3068bc5eee902e6b14f6ae777c6)):
+
+  Closes https://github.com/ory/kratos-selfservice-ui-node/issues/164
+
+- Ory cloud mentions + spelling
+  ([#2100](https://github.com/ory/kratos/issues/2100))
+  ([0c2fa5b](https://github.com/ory/kratos/commit/0c2fa5bdb98b95877ef740297b6d96a931a3430f))
+- Pagination ([#2143](https://github.com/ory/kratos/issues/2143))
+  ([0807a03](https://github.com/ory/kratos/commit/0807a03fba8ff9a3123cd038a472e90895502e82)),
+  closes [#2039](https://github.com/ory/kratos/issues/2039)
+- Typo ([#2073](https://github.com/ory/kratos/issues/2073))
+  ([e1a54f9](https://github.com/ory/kratos/commit/e1a54f9129d41b34cc8864c8ac38d1448e1f9372))
+- Typo ([#2114](https://github.com/ory/kratos/issues/2114))
+  ([a7a16d7](https://github.com/ory/kratos/commit/a7a16d7c91d89e274ea5fd79787cd4671d825532))
+- Update docker guide
+  ([072ca4d](https://github.com/ory/kratos/commit/072ca4d990cf4060555c8b2626f39ff18172d064)),
+  closes [#2086](https://github.com/ory/kratos/issues/2086)
+- Upgrade guide ([#2132](https://github.com/ory/kratos/issues/2132))
+  ([4a4ab05](https://github.com/ory/kratos/commit/4a4ab05573ebb20f82f62bfd38767de68d7708e9)):
+
+  Closes https://github.com/ory/kratos/discussions/2104
+
+### Features
+
+- Add preset CSP nonce ([#2096](https://github.com/ory/kratos/issues/2096))
+  ([8913292](https://github.com/ory/kratos/commit/8913292c1193c416e5a54997e3635bef87affc01)):
+
+  Closes https://github.com/ory/kratos-selfservice-ui-node/issues/162
+
+- Added phone number identifier
+  ([#1938](https://github.com/ory/kratos/issues/1938))
+  ([294dfa8](https://github.com/ory/kratos/commit/294dfa85b4552b9266c44bb3376b8610c1ff5521)),
+  closes [#137](https://github.com/ory/kratos/issues/137)
+- Allow registration to be disabled
+  ([#2081](https://github.com/ory/kratos/issues/2081))
+  ([864b00d](https://github.com/ory/kratos/commit/864b00d6ecddefdb06ac22fda04670bfa43f2fd5)),
+  closes [#882](https://github.com/ory/kratos/issues/882)
+- Courier templates fs support
+  ([#2164](https://github.com/ory/kratos/issues/2164))
+  ([13689a7](https://github.com/ory/kratos/commit/13689a7135311a05b17383486f5fdab2e7a412d0))
+- **courier:** Override default link base URL
+  ([cc99096](https://github.com/ory/kratos/commit/cc99096d07408c8b713ef9a7b17b8345597a9129)):
+
+  Added a new configuration value `selfservice.methods.link.config.base_url`
+  which allows to change the default base URL of recovery and verification
+  links. This is useful when the email should send a link which does not match
+  the globally configured base URL.
+
+  See https://github.com/ory-corp/cloud/issues/1766
+
+- **docker:** Add jaeger
+  ([27ec2b7](https://github.com/ory/kratos/commit/27ec2b74ee42697102c6a9a79bc5ca3c09756d94))
+- Enable Buildkit ([#2079](https://github.com/ory/kratos/issues/2079))
+  ([f40df5c](https://github.com/ory/kratos/commit/f40df5cd932aa3185b2155368db51a49b7f05991)):
+
+  Looks like this was attempted before but the magic comment was not on the
+  first line.
+
+- Expose courier template load
+  ([#2082](https://github.com/ory/kratos/issues/2082))
+  ([790716e](https://github.com/ory/kratos/commit/790716e58a4be06f04f3cbc5b974f16d873ae0d8))
+- Generalise courier tests ([#2125](https://github.com/ory/kratos/issues/2125))
+  ([75c6053](https://github.com/ory/kratos/commit/75c60537e366760fe87b7b8978e9854873b7f702))
+- Make the password policy more configurable
+  ([#2118](https://github.com/ory/kratos/issues/2118))
+  ([70c627b](https://github.com/ory/kratos/commit/70c627b9feb3ec55765070b7c6c3fd64f2640e59)),
+  closes [#970](https://github.com/ory/kratos/issues/970)
+- **security:** Add option to disallow private IP ranges in webhooks
+  ([05f1e5a](https://github.com/ory/kratos/commit/05f1e5a99426ed54cb70514554e64d851f0ba8d6)),
+  closes [#2152](https://github.com/ory/kratos/issues/2152)
+- Selfservice and administrative session management
+  ([#2011](https://github.com/ory/kratos/issues/2011))
+  ([0fe4155](https://github.com/ory/kratos/commit/0fe4155b878102b77f7f13de5f0754ff75961498)),
+  closes [#655](https://github.com/ory/kratos/issues/655)
+  [#2007](https://github.com/ory/kratos/issues/2007)
+
+### Tests
+
+- Update cypress ([#2090](https://github.com/ory/kratos/issues/2090))
+  ([883a1b1](https://github.com/ory/kratos/commit/883a1b1ea33a1d3ef8b33342328382b59e4f18c3))
+
 # [0.8.2-alpha.1](https://github.com/ory/kratos/compare/v0.8.1-alpha.1...v0.8.2-alpha.1) (2021-12-17)
 
 This release addresses further important security updates in the base Docker
@@ -1788,7 +1967,7 @@ Enjoy this release!
   closes [#2032](https://github.com/ory/kratos/issues/2032)
   [#1916](https://github.com/ory/kratos/issues/1916)
 
-# [0.8.1-alpha.1](https://github.com/ory/kratos/compare/v0.8.0-alpha.3...v0.8.1-alpha.1) (2021-12-13)
+# [0.8.1-alpha.1](https://github.com/ory/kratos/compare/v0.8.0-alpha.4.pre.0...v0.8.1-alpha.1) (2021-12-13)
 
 This maintenance release important security updates for the base Docker Images
 (e.g. Alpine). Additionally, several hiccups with the new ARM support have been
@@ -1798,59 +1977,16 @@ recommendations from Microsoft and others.
 
 Enjoy this release!
 
-## Breaking Changes
-
-To celebrate this change, we cleaned up the ways you install Ory software, and
-will roll this out to all other projects soon:
-
-There is now one central brew / bash curl repository:
-
-```patch
--brew install ory/kratos/kratos
-+brew install ory/tap/kratos
-
--bash <(curl https://raw.githubusercontent.com/ory/kratos/master/install.sh)
-+bash <(curl https://raw.githubusercontent.com/ory/meta/master/install.sh) kratos
-```
-
 ### Bug Fixes
 
-- Add base64 to ReadSchema ([#1918](https://github.com/ory/kratos/issues/1918))
-  ([8c8815b](https://github.com/ory/kratos/commit/8c8815b7ced0051eb0120198ae75b8fcf0fce2ba)),
-  closes [#1529](https://github.com/ory/kratos/issues/1529)
-- Add error.id to invalid cookie/token settings flow
-  ([#1919](https://github.com/ory/kratos/issues/1919))
-  ([73610d4](https://github.com/ory/kratos/commit/73610d4cfb16789385d2660e278419664b1ea3f3)),
-  closes [#1888](https://github.com/ory/kratos/issues/1888)
-- Adds missing webauthn authentication method
-  ([#1914](https://github.com/ory/kratos/issues/1914))
-  ([44892f3](https://github.com/ory/kratos/commit/44892f379c1aa9ffd7f5c92c9c1b32cc34a0dada))
-- Allow use of relative URLs in config
-  ([#1754](https://github.com/ory/kratos/issues/1754))
-  ([5f73bb0](https://github.com/ory/kratos/commit/5f73bb0784aeb7c4f3b1ed949926f9d9aed968d1)),
-  closes [#1446](https://github.com/ory/kratos/issues/1446)
 - Bodget docs commit
   ([f9d2f82](https://github.com/ory/kratos/commit/f9d2f8245bc94aaf21ddc9e5516b64e7887dae4b))
 - Build docs on release
   ([2cf137a](https://github.com/ory/kratos/commit/2cf137a0540b81f4e405920cafd251db71d2f9fa))
 - De-duplicate message IDs ([#1973](https://github.com/ory/kratos/issues/1973))
   ([9d8e197](https://github.com/ory/kratos/commit/9d8e19720fcc2e5b5371c2ddea4e2501304a93fd))
-- Do not use csrf for meta endpoints
-  ([#1927](https://github.com/ory/kratos/issues/1927))
-  ([fd14798](https://github.com/ory/kratos/commit/fd147989a55357248a37a30548c5d4c104bcf0f7))
 - Docs links ([#2008](https://github.com/ory/kratos/issues/2008))
   ([8515e17](https://github.com/ory/kratos/commit/8515e17938570770ca4cbf93028782925e28f431))
-- E2e test regression ([#1937](https://github.com/ory/kratos/issues/1937))
-  ([c9be009](https://github.com/ory/kratos/commit/c9be009112b03291ea76dd4de0911f495cf1e1ac))
-- Include text label for link email field
-  ([07a1dbb](https://github.com/ory/kratos/commit/07a1dbb95156ca50116219dc837ca61e3d597df1)),
-  closes [#1909](https://github.com/ory/kratos/issues/1909)
-- Panic on webhook with nil body
-  ([#1890](https://github.com/ory/kratos/issues/1890))
-  ([4bf1825](https://github.com/ory/kratos/commit/4bf18250373b7255e26e95d51a257e5280ad3148)),
-  closes [#1885](https://github.com/ory/kratos/issues/1885)
-- Paths
-  ([8c852c7](https://github.com/ory/kratos/commit/8c852c73136e130d163e2c9c5e0ca8a3449f4e26))
 - Require minimum length of 8 characters password
   ([#2009](https://github.com/ory/kratos/issues/2009))
   ([bb5846e](https://github.com/ory/kratos/commit/bb5846ecb446b9e58b2a4949c678fddac4bbac4f)):
@@ -1875,18 +2011,10 @@ There is now one central brew / bash curl repository:
   ([c860b99](https://github.com/ory/kratos/commit/c860b992aee6a63d9696377ed9047e8cdeef0098))
 - Skip docs publishing for pre releases
   ([eb6d8cd](https://github.com/ory/kratos/commit/eb6d8cdb2d3d400eb3b9398a15825ecdb10d3cf8))
-- Speed up git clone
-  ([d3e4bde](https://github.com/ory/kratos/commit/d3e4bdefd252131b6a1b84917962ff07284e3f9f))
 - Support complex lifespans ([#2050](https://github.com/ory/kratos/issues/2050))
   ([0edbebe](https://github.com/ory/kratos/commit/0edbebed896e79fd2979a54756932ea27c2ddb99))
 - Update docs after release
   ([850be90](https://github.com/ory/kratos/commit/850be9065b64bcf268b42e4018f60b25a7a73da5))
-- Update sdk orb
-  ([94e12e6](https://github.com/ory/kratos/commit/94e12e6d767ffa46d9060fdfb463adb83806990b))
-- Use bcrypt for password hashing in example
-  ([a9196f2](https://github.com/ory/kratos/commit/a9196f27791c30d32743e6b69a86595d76362f29))
-- Use new ory installation method
-  ([09cfc7e](https://github.com/ory/kratos/commit/09cfc7e2c23885270ef02193b4fdddc5550f3c23))
 - Verification error code ([#1967](https://github.com/ory/kratos/issues/1967))
   ([44411ab](https://github.com/ory/kratos/commit/44411ab4ac5f184c7f42e6ece0ccb2ae7cbdc42c)),
   closes [#1956](https://github.com/ory/kratos/issues/1956)
@@ -1901,13 +2029,6 @@ There is now one central brew / bash curl repository:
 - Add `Content-Type` to recommended CORS allowed headers
   ([#2015](https://github.com/ory/kratos/issues/2015))
   ([dd890ab](https://github.com/ory/kratos/commit/dd890ab96727d7a2c8c2f52279dc3516096213f0))
-- Add subdomain configuration in csrf page
-  ([#1896](https://github.com/ory/kratos/issues/1896))
-  ([681750f](https://github.com/ory/kratos/commit/681750f92d7fe517e7cc184cb4b65e6a21903ee9)):
-
-  Add some instructions as to how kratos can be configured to work across
-  subdomains.
-
 - **debug:** Fix typo ([#1976](https://github.com/ory/kratos/issues/1976))
   ([0647554](https://github.com/ory/kratos/commit/0647554179d7b0119ed01d353cd0ea9eb8317752))
 - Fix incorrect tag
@@ -1927,9 +2048,6 @@ There is now one central brew / bash curl repository:
 - Password-strength meter has been dropped
   ([#2041](https://github.com/ory/kratos/issues/2041))
   ([9848fb3](https://github.com/ory/kratos/commit/9848fb3b40c12799eafc73d2ec0f410bf5b22aa8))
-- Remove unintended characters in subdomain section in csrf page
-  ([#1897](https://github.com/ory/kratos/issues/1897))
-  ([dfb9007](https://github.com/ory/kratos/commit/dfb900797fc98ca7900631ccf8018858c4e43e85))
 - This has been done ([#2045](https://github.com/ory/kratos/issues/2045))
   ([7e8c91a](https://github.com/ory/kratos/commit/7e8c91ace5229fdc394461b3453acb3f01da0a6c))
 - Totp unlink image in 2fa docs
@@ -1946,6 +2064,112 @@ There is now one central brew / bash curl repository:
 
 - Add alpine dockerfile
   ([587eaee](https://github.com/ory/kratos/commit/587eaeee60cab2f539af8f309800f5a6e9cdfe6f))
+- Add x-total-count to paginated pages
+  ([b633ec3](https://github.com/ory/kratos/commit/b633ec3da6ccca196cd9d78c3c43d9797bd8d982))
+- Buildkit with multi stage build
+  ([#2025](https://github.com/ory/kratos/issues/2025))
+  ([57ab7f7](https://github.com/ory/kratos/commit/57ab7f784674c2cef2b1cef4b6922e9834213e3d))
+- **cmd:** Add OIDC credential include
+  ([#2017](https://github.com/ory/kratos/issues/2017))
+  ([1482844](https://github.com/ory/kratos/commit/148284485db8a86aa10c5aefb34373f9a8c7d95a)):
+
+  With this change, the `kratos identities get` CLI can additionally fetch OIDC
+  credentials.
+
+- Generalise courier ([#2019](https://github.com/ory/kratos/issues/2019))
+  ([1762a73](https://github.com/ory/kratos/commit/1762a730886707be3549bc6789f65c66d755e1d0))
+- **oidc:** Add spotify provider
+  ([#2024](https://github.com/ory/kratos/issues/2024))
+  ([0064e35](https://github.com/ory/kratos/commit/0064e350ccb417fefee6f48ca5895f3d75247bb3))
+
+### Tests
+
+- Add web hook test cases ([#2051](https://github.com/ory/kratos/issues/2051))
+  ([316e940](https://github.com/ory/kratos/commit/316e940a70684084c857e80a2ffaf334a64aee94))
+- **e2e:** Split e2e script into setup and test phase
+  ([#2027](https://github.com/ory/kratos/issues/2027))
+  ([1761418](https://github.com/ory/kratos/commit/176141860f3aa946519073d0e35bf3acacd6c685))
+- Fix changed message ID ([#2013](https://github.com/ory/kratos/issues/2013))
+  ([0bb66de](https://github.com/ory/kratos/commit/0bb66de582ebcb501c161655ae00e276a1d7d5d2))
+
+# [0.8.0-alpha.4.pre.0](https://github.com/ory/kratos/compare/v0.8.0-alpha.3...v0.8.0-alpha.4.pre.0) (2021-11-09)
+
+autogen: pin v0.8.0-alpha.4.pre.0 release commit
+
+## Breaking Changes
+
+To celebrate this change, we cleaned up the ways you install Ory software, and
+will roll this out to all other projects soon:
+
+There is now one central brew / bash curl repository:
+
+```patch
+-brew install ory/kratos/kratos
++brew install ory/tap/kratos
+
+-bash <(curl https://raw.githubusercontent.com/ory/kratos/master/install.sh)
++bash <(curl https://raw.githubusercontent.com/ory/meta/master/install.sh) kratos
+```
+
+### Bug Fixes
+
+- Add base64 to ReadSchema ([#1918](https://github.com/ory/kratos/issues/1918))
+  ([8c8815b](https://github.com/ory/kratos/commit/8c8815b7ced0051eb0120198ae75b8fcf0fce2ba)),
+  closes [#1529](https://github.com/ory/kratos/issues/1529)
+- Add error.id to invalid cookie/token settings flow
+  ([#1919](https://github.com/ory/kratos/issues/1919))
+  ([73610d4](https://github.com/ory/kratos/commit/73610d4cfb16789385d2660e278419664b1ea3f3)),
+  closes [#1888](https://github.com/ory/kratos/issues/1888)
+- Adds missing webauthn authentication method
+  ([#1914](https://github.com/ory/kratos/issues/1914))
+  ([44892f3](https://github.com/ory/kratos/commit/44892f379c1aa9ffd7f5c92c9c1b32cc34a0dada))
+- Allow use of relative URLs in config
+  ([#1754](https://github.com/ory/kratos/issues/1754))
+  ([5f73bb0](https://github.com/ory/kratos/commit/5f73bb0784aeb7c4f3b1ed949926f9d9aed968d1)),
+  closes [#1446](https://github.com/ory/kratos/issues/1446)
+- Do not use csrf for meta endpoints
+  ([#1927](https://github.com/ory/kratos/issues/1927))
+  ([fd14798](https://github.com/ory/kratos/commit/fd147989a55357248a37a30548c5d4c104bcf0f7))
+- E2e test regression ([#1937](https://github.com/ory/kratos/issues/1937))
+  ([c9be009](https://github.com/ory/kratos/commit/c9be009112b03291ea76dd4de0911f495cf1e1ac))
+- Include text label for link email field
+  ([07a1dbb](https://github.com/ory/kratos/commit/07a1dbb95156ca50116219dc837ca61e3d597df1)),
+  closes [#1909](https://github.com/ory/kratos/issues/1909)
+- Panic on webhook with nil body
+  ([#1890](https://github.com/ory/kratos/issues/1890))
+  ([4bf1825](https://github.com/ory/kratos/commit/4bf18250373b7255e26e95d51a257e5280ad3148)),
+  closes [#1885](https://github.com/ory/kratos/issues/1885)
+- Paths
+  ([8c852c7](https://github.com/ory/kratos/commit/8c852c73136e130d163e2c9c5e0ca8a3449f4e26))
+- Speed up git clone
+  ([d3e4bde](https://github.com/ory/kratos/commit/d3e4bdefd252131b6a1b84917962ff07284e3f9f))
+- Update sdk orb
+  ([94e12e6](https://github.com/ory/kratos/commit/94e12e6d767ffa46d9060fdfb463adb83806990b))
+- Use bcrypt for password hashing in example
+  ([a9196f2](https://github.com/ory/kratos/commit/a9196f27791c30d32743e6b69a86595d76362f29))
+- Use new ory installation method
+  ([09cfc7e](https://github.com/ory/kratos/commit/09cfc7e2c23885270ef02193b4fdddc5550f3c23))
+
+### Code Generation
+
+- Pin v0.8.0-alpha.4.pre.0 release commit
+  ([3e443b7](https://github.com/ory/kratos/commit/3e443b77ef63d72e5bf0b806790c86841a140afc))
+
+### Documentation
+
+- Add subdomain configuration in csrf page
+  ([#1896](https://github.com/ory/kratos/issues/1896))
+  ([681750f](https://github.com/ory/kratos/commit/681750f92d7fe517e7cc184cb4b65e6a21903ee9)):
+
+  Add some instructions as to how kratos can be configured to work across
+  subdomains.
+
+- Remove unintended characters in subdomain section in csrf page
+  ([#1897](https://github.com/ory/kratos/issues/1897))
+  ([dfb9007](https://github.com/ory/kratos/commit/dfb900797fc98ca7900631ccf8018858c4e43e85))
+
+### Features
+
 - Add new goreleaser build chain
   ([#1932](https://github.com/ory/kratos/issues/1932))
   ([cf1714d](https://github.com/ory/kratos/commit/cf1714dafaa0cda98640c772106620586dae7763)):
@@ -1957,8 +2181,6 @@ There is now one central brew / bash curl repository:
 
 - Add quickstart mimicking hosted ui
   ([813fb4c](https://github.com/ory/kratos/commit/813fb4cf48df1154ea334cca751cb55f7b3c77eb))
-- Add x-total-count to paginated pages
-  ([b633ec3](https://github.com/ory/kratos/commit/b633ec3da6ccca196cd9d78c3c43d9797bd8d982))
 - Advanced e-mail templating support
   ([#1859](https://github.com/ory/kratos/issues/1859))
   ([54b97b4](https://github.com/ory/kratos/commit/54b97b45506eff9cfafe338842ddf818b0c81f62)),
@@ -1971,16 +2193,6 @@ There is now one central brew / bash curl repository:
 
   Support wildcard domains in redirect_to checks.
 
-- Buildkit with multi stage build
-  ([#2025](https://github.com/ory/kratos/issues/2025))
-  ([57ab7f7](https://github.com/ory/kratos/commit/57ab7f784674c2cef2b1cef4b6922e9834213e3d))
-- **cmd:** Add OIDC credential include
-  ([#2017](https://github.com/ory/kratos/issues/2017))
-  ([1482844](https://github.com/ory/kratos/commit/148284485db8a86aa10c5aefb34373f9a8c7d95a)):
-
-  With this change, the `kratos identities get` CLI can additionally fetch OIDC
-  credentials.
-
 - Configurable health endpoints access logging
   ([#1934](https://github.com/ory/kratos/issues/1934))
   ([1301f68](https://github.com/ory/kratos/commit/1301f689bb0f1f44b66a057c8915f77ac71f30cc)):
@@ -1997,8 +2209,6 @@ There is now one central brew / bash curl repository:
 
   The default value is _false_.
 
-- Generalise courier ([#2019](https://github.com/ory/kratos/issues/2019))
-  ([1762a73](https://github.com/ory/kratos/commit/1762a730886707be3549bc6789f65c66d755e1d0))
 - Integrate sbom generation to goreleaser
   ([#1850](https://github.com/ory/kratos/issues/1850))
   ([305bb28](https://github.com/ory/kratos/commit/305bb28d689dabc4d211baac5e6babd34862af5f))
@@ -2006,22 +2216,12 @@ There is now one central brew / bash curl repository:
   [#1419](https://github.com/ory/kratos/issues/1419)
   ([#1750](https://github.com/ory/kratos/issues/1750))
   ([db00e85](https://github.com/ory/kratos/commit/db00e85e65c31b2bc497f0f4b4a28684b9f8bb9a))
-- **oidc:** Add spotify provider
-  ([#2024](https://github.com/ory/kratos/issues/2024))
-  ([0064e35](https://github.com/ory/kratos/commit/0064e350ccb417fefee6f48ca5895f3d75247bb3))
 
 ### Tests
 
-- Add web hook test cases ([#2051](https://github.com/ory/kratos/issues/2051))
-  ([316e940](https://github.com/ory/kratos/commit/316e940a70684084c857e80a2ffaf334a64aee94))
 - **e2e:** Improved SDK set up and arm fix
   ([#1933](https://github.com/ory/kratos/issues/1933))
   ([c914ba1](https://github.com/ory/kratos/commit/c914ba10a85e89c031e7acfb73bf22c53201e287))
-- **e2e:** Split e2e script into setup and test phase
-  ([#2027](https://github.com/ory/kratos/issues/2027))
-  ([1761418](https://github.com/ory/kratos/commit/176141860f3aa946519073d0e35bf3acacd6c685))
-- Fix changed message ID ([#2013](https://github.com/ory/kratos/issues/2013))
-  ([0bb66de](https://github.com/ory/kratos/commit/0bb66de582ebcb501c161655ae00e276a1d7d5d2))
 - Update snapshots
   ([a820653](https://github.com/ory/kratos/commit/a820653718475656b7ae44a1bc7235a8fb97b8b5))
 

From 59588d2e290a8b72125021fa899661622e4cd946 Mon Sep 17 00:00:00 2001
From: Ajay Kelkar 
Date: Thu, 27 Oct 2022 16:44:23 +0200
Subject: [PATCH 321/411] feat: adding admin session listing api (#2818)

---
 go.mod                               |  23 ++---
 go.sum                               |  47 ++++++----
 persistence/sql/persister_session.go |  59 +++++++++++++
 session/handler.go                   |  88 ++++++++++++++++++-
 session/handler_test.go              |  14 +++
 session/persistence.go               |   5 ++
 session/session.go                   |   4 +
 session/test/persistence.go          | 126 ++++++++++++++++++++++++++-
 8 files changed, 335 insertions(+), 31 deletions(-)

diff --git a/go.mod b/go.mod
index 617fc5141441..f36b98c2b6cc 100644
--- a/go.mod
+++ b/go.mod
@@ -31,7 +31,7 @@ require (
 	github.com/cortesi/modd v0.0.0-20210323234521-b35eddab86cc
 	github.com/davecgh/go-spew v1.1.1
 	github.com/davidrjonas/semver-cli v0.0.0-20190116233701-ee19a9a0dda6
-	github.com/dgraph-io/ristretto v0.1.0
+	github.com/dgraph-io/ristretto v0.1.1
 	github.com/duo-labs/webauthn v0.0.0-20220330035159-03696f3d4499
 	github.com/fatih/color v1.13.0
 	github.com/ghodss/yaml v1.0.0
@@ -77,14 +77,14 @@ require (
 	github.com/ory/kratos-client-go v0.6.3-alpha.1
 	github.com/ory/mail/v3 v3.0.0
 	github.com/ory/nosurf v1.2.7
-	github.com/ory/x v0.0.488
+	github.com/ory/x v0.0.496-0.20221027133513-e86fadee7d2e
 	github.com/phayes/freeport v0.0.0-20180830031419-95f893ade6f2
 	github.com/pkg/errors v0.9.1
 	github.com/pquerna/otp v1.3.0
 	github.com/rs/cors v1.8.2
 	github.com/sirupsen/logrus v1.8.1
 	github.com/slack-go/slack v0.7.4
-	github.com/spf13/cobra v1.5.0
+	github.com/spf13/cobra v1.6.1
 	github.com/spf13/pflag v1.0.5
 	github.com/sqs/goreturns v0.0.0-20181028201513-538ac6014518
 	github.com/stretchr/testify v1.8.0
@@ -94,11 +94,11 @@ require (
 	github.com/zmb3/spotify/v2 v2.0.0
 	go.opentelemetry.io/otel v1.9.0
 	go.opentelemetry.io/otel/trace v1.9.0
-	golang.org/x/crypto v0.0.0-20220829220503-c86fa9a7ed90
-	golang.org/x/net v0.0.0-20220826154423-83b083e8dc8b
+	golang.org/x/crypto v0.1.0
+	golang.org/x/net v0.1.0
 	golang.org/x/oauth2 v0.0.0-20220822191816-0ebed06d0094
 	golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4
-	golang.org/x/tools v0.1.12
+	golang.org/x/tools v0.2.0
 )
 
 require (
@@ -148,9 +148,10 @@ require (
 	github.com/fatih/structs v1.1.0 // indirect
 	github.com/felixge/httpsnoop v1.0.3 // indirect
 	github.com/form3tech-oss/jwt-go v3.2.3+incompatible // indirect
-	github.com/fsnotify/fsnotify v1.5.4 // indirect
+	github.com/fsnotify/fsnotify v1.6.0 // indirect
 	github.com/fullstorydev/grpcurl v1.8.1 // indirect
 	github.com/fxamacker/cbor/v2 v2.4.0 // indirect
+	github.com/go-bindata/go-bindata v3.1.2+incompatible // indirect
 	github.com/go-logr/logr v1.2.3 // indirect
 	github.com/go-logr/stdr v1.2.2 // indirect
 	github.com/go-openapi/analysis v0.21.4 // indirect
@@ -315,10 +316,10 @@ require (
 	go.uber.org/atomic v1.7.0 // indirect
 	go.uber.org/multierr v1.7.0 // indirect
 	go.uber.org/zap v1.17.0 // indirect
-	golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4 // indirect
-	golang.org/x/sys v0.0.0-20220919091848-fb04ddd9f9c8 // indirect
-	golang.org/x/term v0.0.0-20210927222741-03fcf44c2211 // indirect
-	golang.org/x/text v0.3.7 // indirect
+	golang.org/x/mod v0.6.0 // indirect
+	golang.org/x/sys v0.1.0 // indirect
+	golang.org/x/term v0.1.0 // indirect
+	golang.org/x/text v0.4.0 // indirect
 	golang.org/x/time v0.0.0-20211116232009-f0f3c7e86c11 // indirect
 	golang.org/x/xerrors v0.0.0-20220609144429-65e65417b02f // indirect
 	google.golang.org/appengine v1.6.7 // indirect
diff --git a/go.sum b/go.sum
index 30e8196a74ae..02aba1d90efc 100644
--- a/go.sum
+++ b/go.sum
@@ -264,6 +264,7 @@ github.com/census-instrumentation/opencensus-proto v0.3.0/go.mod h1:f6KPmirojxKA
 github.com/certifi/gocertifi v0.0.0-20191021191039-0944d244cd40/go.mod h1:sGbDF6GwGcLpkNXPUTkMRoywsNa/ol15pxFe6ERfguA=
 github.com/certifi/gocertifi v0.0.0-20210507211836-431795d63e8d h1:S2NE3iHSwP0XV47EEXL8mWmRdEfGscSJ+7EgePNgt0s=
 github.com/certifi/gocertifi v0.0.0-20210507211836-431795d63e8d/go.mod h1:sGbDF6GwGcLpkNXPUTkMRoywsNa/ol15pxFe6ERfguA=
+github.com/cespare/xxhash v1.1.0 h1:a6HrQnmkObjyL+Gs60czilIUGqrzKutQD6XZog3p+ko=
 github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc=
 github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
 github.com/cespare/xxhash/v2 v2.1.2 h1:YRXhKfTDauu4ajMg1TPgFO5jnlC2HCbmLXMcTG5cbYE=
@@ -455,8 +456,8 @@ github.com/devigned/tab v0.1.1/go.mod h1:XG9mPq0dFghrYvoBF3xdRrJzSTX1b7IQrvaL9mz
 github.com/dgraph-io/ristretto v0.0.1/go.mod h1:T40EBc7CJke8TkpiYfGGKAeFjSaxuFXhuXRyumBd6RE=
 github.com/dgraph-io/ristretto v0.0.2/go.mod h1:KPxhHT9ZxKefz+PCeOGsrHpl1qZ7i70dGTu2u+Ahh6E=
 github.com/dgraph-io/ristretto v0.0.3/go.mod h1:KPxhHT9ZxKefz+PCeOGsrHpl1qZ7i70dGTu2u+Ahh6E=
-github.com/dgraph-io/ristretto v0.1.0 h1:Jv3CGQHp9OjuMBSne1485aDpUkTKEcUqF+jm/LuerPI=
-github.com/dgraph-io/ristretto v0.1.0/go.mod h1:fux0lOrBhrVCJd3lcTHsIJhq1T2rokOu6v9Vcb3Q9ug=
+github.com/dgraph-io/ristretto v0.1.1 h1:6CWw5tJNgpegArSHpNHJKldNeq03FQCwYvfMVWajOK8=
+github.com/dgraph-io/ristretto v0.1.1/go.mod h1:S1GPSBCYCIhmVNfcth17y2zZtQT6wzkzgwUve0VDWWA=
 github.com/dgrijalva/jwt-go v0.0.0-20170104182250-a601269ab70c/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ=
 github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ=
 github.com/dgryski/go-farm v0.0.0-20190423205320-6a90982ecee2 h1:tdlZCpZ/P9DhczCTSixgIKmwPv6+wP5DGjqLYw5SUiA=
@@ -543,8 +544,8 @@ github.com/frankban/quicktest v1.11.3/go.mod h1:wRf/ReqHper53s+kmmSZizM8NamnL3IM
 github.com/frankban/quicktest v1.14.3 h1:FJKSZTDHjyhriyC81FLQ0LY93eSai0ZyR/ZIkd3ZUKE=
 github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo=
 github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ=
-github.com/fsnotify/fsnotify v1.5.4 h1:jRbGcIw6P2Meqdwuo0H1p6JVLbL5DHKAKlYndzMwVZI=
-github.com/fsnotify/fsnotify v1.5.4/go.mod h1:OVB6XrOHzAwXMpEM7uPOzcehqUV2UqJxmVXmkdnm1bU=
+github.com/fsnotify/fsnotify v1.6.0 h1:n+5WquG0fcWoWp6xPWfHdbskMCQaFnG6PfBrh1Ky4HY=
+github.com/fsnotify/fsnotify v1.6.0/go.mod h1:sl3t1tCWJFWoRz9R8WJCbQihKKwmorjAbSClcnxKAGw=
 github.com/fullsailor/pkcs7 v0.0.0-20190404230743-d7302db945fa/go.mod h1:KnogPXtdwXqoenmZCw6S+25EAm2MkxbG0deNDu4cbSA=
 github.com/fullstorydev/grpcurl v1.8.0/go.mod h1:Mn2jWbdMrQGJQ8UD62uNyMumT2acsZUCkZIqFxsQf1o=
 github.com/fullstorydev/grpcurl v1.8.1 h1:Pp648wlTTg3OKySeqxM5pzh8XF6vLqrm8wRq66+5Xo0=
@@ -558,6 +559,8 @@ github.com/ghodss/yaml v0.0.0-20150909031657-73d445a93680/go.mod h1:4dBDuWmgqj2H
 github.com/ghodss/yaml v1.0.0 h1:wQHKEahhL6wmXdzwWG11gIVCkOv05bNOh+Rxn0yngAk=
 github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
 github.com/gliderlabs/ssh v0.2.2/go.mod h1:U7qILu1NlMHj9FlMhZLlkCdDnU1DBEAqr0aevW3Awn0=
+github.com/go-bindata/go-bindata v3.1.2+incompatible h1:5vjJMVhowQdPzjE1LdxyFF7YFTXg5IgGVW4gBr5IbvE=
+github.com/go-bindata/go-bindata v3.1.2+incompatible/go.mod h1:xK8Dsgwmeed+BBsSy2XTopBn/8uK2HWuGSnA11C3Joo=
 github.com/go-errors/errors v1.0.1 h1:LUHzmkK3GUKUrL/1gfBUxAHzcev3apQlezX/+O7ma6w=
 github.com/go-errors/errors v1.0.1/go.mod h1:f4zRHt4oKfwPJE5k8C9vpYG+aDHdBFUsgrm6/TyX73Q=
 github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU=
@@ -1383,8 +1386,16 @@ github.com/ory/sessions v1.2.2-0.20220110165800-b09c17334dc2 h1:zm6sDvHy/U9XrGpi
 github.com/ory/sessions v1.2.2-0.20220110165800-b09c17334dc2/go.mod h1:dk2InVEVJ0sfLlnXv9EAgkf6ecYs/i80K/zI+bUmuGM=
 github.com/ory/viper v1.7.5 h1:+xVdq7SU3e1vNaCsk/ixsfxE4zylk1TJUiJrY647jUE=
 github.com/ory/viper v1.7.5/go.mod h1:ypOuyJmEUb3oENywQZRgeAMwqgOyDqwboO1tj3DjTaM=
-github.com/ory/x v0.0.488 h1:EQLqYLPwNfs9OW9GFrxDEO11oEmKpvveN1wuUfU8yOU=
-github.com/ory/x v0.0.488/go.mod h1:dJ800rWC2/eNECWhXMyI9kSd7lO2LTOu6R8oS0lQZ38=
+github.com/ory/x v0.0.495 h1:AwTlg6nQc9C/XwJSr70R5EViBv5O9pY96h2+Vw4i2nM=
+github.com/ory/x v0.0.495/go.mod h1:dJ800rWC2/eNECWhXMyI9kSd7lO2LTOu6R8oS0lQZ38=
+github.com/ory/x v0.0.496-0.20221027114537-490370eefcfb h1:AOqV/+3jrxISU62EWJ7n/0bf79Eeldcuij3LvTRcbYw=
+github.com/ory/x v0.0.496-0.20221027114537-490370eefcfb/go.mod h1:dJ800rWC2/eNECWhXMyI9kSd7lO2LTOu6R8oS0lQZ38=
+github.com/ory/x v0.0.496-0.20221027125254-7dff188fc6a7 h1:KRAX3igVIm1x4D6pkrsRLR23ebsvTVIvn2n2CY+m478=
+github.com/ory/x v0.0.496-0.20221027125254-7dff188fc6a7/go.mod h1:dJ800rWC2/eNECWhXMyI9kSd7lO2LTOu6R8oS0lQZ38=
+github.com/ory/x v0.0.496-0.20221027125525-9b0bf170fc8f h1:5rcqhDWQfdJpi+aSOzdeno5iU4bj7m+xMPl7D3bTcQo=
+github.com/ory/x v0.0.496-0.20221027125525-9b0bf170fc8f/go.mod h1:dJ800rWC2/eNECWhXMyI9kSd7lO2LTOu6R8oS0lQZ38=
+github.com/ory/x v0.0.496-0.20221027133513-e86fadee7d2e h1:PoCwBFFMxKPcSUrB14SxJylO/3p5tpc3fcCXZYwrCi0=
+github.com/ory/x v0.0.496-0.20221027133513-e86fadee7d2e/go.mod h1:dJ800rWC2/eNECWhXMyI9kSd7lO2LTOu6R8oS0lQZ38=
 github.com/otiai10/copy v1.2.0/go.mod h1:rrF5dJ5F0t/EWSYODDu4j9/vEeYHMkc8jt0zJChqQWw=
 github.com/otiai10/curr v0.0.0-20150429015615-9b4961190c95/go.mod h1:9qAhocn7zKJG+0mI8eUu6xqkFDYS2kb2saOteoSB3cE=
 github.com/otiai10/curr v1.0.0/go.mod h1:LskTG5wDwr8Rs+nNQ+1LlxRjAtTZZjtJW4rMXl6j4vs=
@@ -1597,8 +1608,9 @@ github.com/spf13/cobra v0.0.5/go.mod h1:3K3wKZymM7VvHMDS9+Akkh4K60UwM26emMESw8tL
 github.com/spf13/cobra v1.0.0/go.mod h1:/6GTrnGXV9HjY+aR4k0oJ5tcvakLuG6EuKReYlHNrgE=
 github.com/spf13/cobra v1.1.1/go.mod h1:WnodtKOvamDL/PwE2M4iKs8aMDBZ5Q5klgD3qfVJQMI=
 github.com/spf13/cobra v1.1.3/go.mod h1:pGADOWyqRD/YMrPZigI/zbliZ2wVD/23d+is3pSWzOo=
-github.com/spf13/cobra v1.5.0 h1:X+jTBEBqF0bHN+9cSMgmfuvv2VHJ9ezmFNf9Y/XstYU=
 github.com/spf13/cobra v1.5.0/go.mod h1:dWXEIy2H428czQCjInthrTRUg7yKbok+2Qi/yBIJoUM=
+github.com/spf13/cobra v1.6.1 h1:o94oiPyS4KD1mPy2fmcYYHHfCxLqYjJOhGsCHFZtEzA=
+github.com/spf13/cobra v1.6.1/go.mod h1:IOw/AERYS7UzyrGinqmz6HLUo219MORXGxhbaJUqzrY=
 github.com/spf13/jwalterweatherman v1.0.0/go.mod h1:cQK4TGJAtQXfYWX+Ddv3mKDzgVb68N+wFjFa4jdeBTo=
 github.com/spf13/jwalterweatherman v1.1.0 h1:ue6voC5bR5F8YxI5S67j9i582FU4Qvo2bmqnqMYADFk=
 github.com/spf13/jwalterweatherman v1.1.0/go.mod h1:aNWZUN0dPAAO/Ljvb5BEdw96iTZ0EXowPYD95IqWIGo=
@@ -1881,8 +1893,8 @@ golang.org/x/crypto v0.0.0-20210920023735-84f357641f63/go.mod h1:GvvjBRRGRdwPK5y
 golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/crypto v0.0.0-20211108221036-ceb1ce70b4fa/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/crypto v0.0.0-20220517005047-85d78b3ac167/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
-golang.org/x/crypto v0.0.0-20220829220503-c86fa9a7ed90 h1:Y/gsMcFOcR+6S6f3YeMKl5g+dZMEWqcz5Czj/GWYbkM=
-golang.org/x/crypto v0.0.0-20220829220503-c86fa9a7ed90/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
+golang.org/x/crypto v0.1.0 h1:MDRAIl0xIo9Io2xV565hzXHw3zVseKrJKodhohM5CjU=
+golang.org/x/crypto v0.1.0/go.mod h1:RecgLatLF4+eUMCP1PoPZQb+cVrJcOPbHkTkbkB9sbw=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
@@ -1920,8 +1932,9 @@ golang.org/x/mod v0.4.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.5.0/go.mod h1:5OXOZSfqPIIbmVBIIKWRFfZjPR0E5r58TLhUjH0a2Ro=
-golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4 h1:6zppjxzCulZykYSLyVDYbneBfbaBIQPYMevg0bEwv2s=
 golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
+golang.org/x/mod v0.6.0 h1:b9gGHsz9/HhJ3HF5DHQytPpuwocVTChQJK3AvoLRD5I=
+golang.org/x/mod v0.6.0/go.mod h1:4mET923SAdbXp2ki8ey+zGs1SLqsuM2Y0uvdZR/fUNI=
 golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
@@ -1998,8 +2011,8 @@ golang.org/x/net v0.0.0-20220325170049-de3da57026de/go.mod h1:CfG3xpIq0wQ8r1q4Su
 golang.org/x/net v0.0.0-20220412020605-290c469a71a5/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
 golang.org/x/net v0.0.0-20220425223048-2871e0cb64e4/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
 golang.org/x/net v0.0.0-20220607020251-c690dde0001d/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
-golang.org/x/net v0.0.0-20220826154423-83b083e8dc8b h1:ZmngSVLe/wycRns9MKikG9OWIEjGcGAkacif7oYQaUY=
-golang.org/x/net v0.0.0-20220826154423-83b083e8dc8b/go.mod h1:YDH+HFinaLZZlnHAfSS6ZXJJ9M9t4Dl22yv3iI2vPwk=
+golang.org/x/net v0.1.0 h1:hZ/3BUoy5aId7sCpA/Tc5lt8DkFgdVS2onTpJsZ/fl0=
+golang.org/x/net v0.1.0/go.mod h1:Cx3nUiGt4eDBEyega/BKRp+/AlGL8hYe7U9odMt2Cco=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20181106182150-f42d05182288/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
@@ -2050,8 +2063,9 @@ golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXR
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210220032956-6a3ed077a48d/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210317153231-de623e64d2a6/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
-golang.org/x/term v0.0.0-20210927222741-03fcf44c2211 h1:JGgROgKl9N8DuW20oFS5gxc+lE67/N3FcwmBPMe7ArY=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
+golang.org/x/term v0.1.0 h1:g6Z6vPFA9dYBAF7DWcH6sCcOntplXsDKcliusYijMlw=
+golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
@@ -2061,8 +2075,9 @@ golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/text v0.3.7 h1:olpwvP2KacW1ZWvsR7uQhoyTYvKAupfQrRGBFM352Gk=
 golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
+golang.org/x/text v0.4.0 h1:BrVqGRd7+k1DiOgtnFvAkoQEWQvBc25ouMJM6429SFg=
+golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
 golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
@@ -2153,8 +2168,8 @@ golang.org/x/tools v0.1.4/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
 golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
 golang.org/x/tools v0.1.7/go.mod h1:LGqMHiF4EqQNHR1JncWGqT5BVaXmza+X+BDGol+dOxo=
 golang.org/x/tools v0.1.11/go.mod h1:SgwaegtQh8clINPpECJMqnxLv9I09HLqnW3RMqW0CA4=
-golang.org/x/tools v0.1.12 h1:VveCTK38A2rkS8ZqFY25HIDFscX5X9OoEhJd3quQmXU=
-golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
+golang.org/x/tools v0.2.0 h1:G6AHpWxTMGY1KyEYoAQ5WTtIekUUvDNjan3ugu60JvE=
+golang.org/x/tools v0.2.0/go.mod h1:y4OqIKeOV/fWJetJ8bXPU1sEVniLMIyDAZWeHdV+NTA=
 golang.org/x/xerrors v0.0.0-20190410155217-1f06c39b4373/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20190513163551-3ee3066db522/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
diff --git a/persistence/sql/persister_session.go b/persistence/sql/persister_session.go
index 3dfed9cf455b..c35208f6b079 100644
--- a/persistence/sql/persister_session.go
+++ b/persistence/sql/persister_session.go
@@ -5,6 +5,8 @@ import (
 	"fmt"
 	"time"
 
+	"github.com/ory/x/pagination/keysetpagination"
+
 	"github.com/ory/x/stringsx"
 
 	"github.com/gobuffalo/pop/v6"
@@ -22,6 +24,8 @@ var _ session.Persister = new(Persister)
 
 const SessionDeviceUserAgentMaxLength = 512
 const SessionDeviceLocationMaxLength = 512
+const paginationMaxItemsSize = 1000
+const paginationDefaultItemsSize = 250
 
 func (p *Persister) GetSession(ctx context.Context, sid uuid.UUID, expandables session.Expandables) (*session.Session, error) {
 	ctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, "persistence.sql.GetSession")
@@ -53,6 +57,61 @@ func (p *Persister) GetSession(ctx context.Context, sid uuid.UUID, expandables s
 	return &s, nil
 }
 
+func (p *Persister) ListSessions(ctx context.Context, active *bool, paginatorOpts []keysetpagination.Option, expandables session.Expandables) ([]session.Session, int64, *keysetpagination.Paginator, error) {
+	ctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, "persistence.sql.ListSessions")
+	defer span.End()
+
+	s := make([]session.Session, 0)
+	t := int64(0)
+	nid := p.NetworkID(ctx)
+
+	paginatorOpts = append(paginatorOpts, keysetpagination.WithDefaultSize(paginationDefaultItemsSize))
+	paginatorOpts = append(paginatorOpts, keysetpagination.WithMaxSize(paginationMaxItemsSize))
+	paginatorOpts = append(paginatorOpts, keysetpagination.WithDefaultToken(uuid.Nil.String()))
+	paginator := keysetpagination.GetPaginator(paginatorOpts...)
+
+	if err := p.Transaction(ctx, func(ctx context.Context, c *pop.Connection) error {
+		q := c.Where("nid = ?", nid)
+		if active != nil {
+			q = q.Where("active = ?", *active)
+		}
+		if len(expandables) > 0 {
+			q = q.Eager(expandables.ToEager()...)
+		}
+
+		// Get the total count of matching items
+		total, err := q.Count(new(session.Session))
+		if err != nil {
+			return sqlcon.HandleError(err)
+		}
+		t = int64(total)
+
+		// Get the paginated list of matching items
+		if err := q.Scope(keysetpagination.Paginate[session.Session](paginator)).All(&s); err != nil {
+			return sqlcon.HandleError(err)
+		}
+
+		if expandables.Has(session.ExpandSessionIdentity) {
+			for index := range s {
+				sess := &(s[index])
+
+				i, err := p.GetIdentity(ctx, sess.IdentityID)
+				if err != nil {
+					return err
+				}
+
+				sess.Identity = i
+			}
+		}
+		return nil
+	}); err != nil {
+		return nil, 0, nil, err
+	}
+
+	s, nextPage := keysetpagination.Result[session.Session](s, paginator)
+	return s, t, nextPage, nil
+}
+
 // ListSessionsByIdentity retrieves sessions for an identity from the store.
 func (p *Persister) ListSessionsByIdentity(ctx context.Context, iID uuid.UUID, active *bool, page, perPage int, except uuid.UUID, expandables session.Expandables) ([]*session.Session, int64, error) {
 	ctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, "persistence.sql.ListSessionsByIdentity")
diff --git a/session/handler.go b/session/handler.go
index 5e77e6bb371e..df15f03dd0e5 100644
--- a/session/handler.go
+++ b/session/handler.go
@@ -6,6 +6,8 @@ import (
 	"strconv"
 	"time"
 
+	"github.com/ory/x/pagination/keysetpagination"
+
 	"github.com/ory/x/pointerx"
 
 	"github.com/gofrs/uuid"
@@ -61,13 +63,14 @@ const (
 )
 
 func (h *Handler) RegisterAdminRoutes(admin *x.RouterAdmin) {
+	admin.GET(RouteCollection, h.adminListSessions)
+
 	admin.GET(AdminRouteIdentitiesSessions, h.adminListIdentitySessions)
 	admin.DELETE(AdminRouteIdentitiesSessions, h.adminDeleteIdentitySessions)
 	admin.PATCH(AdminRouteSessionExtendId, h.adminSessionExtend)
 
 	admin.DELETE(RouteCollection, x.RedirectToPublicRoute(h.r))
 	admin.DELETE(RouteSession, x.RedirectToPublicRoute(h.r))
-	admin.GET(RouteCollection, x.RedirectToPublicRoute(h.r))
 
 	for _, m := range []string{http.MethodGet, http.MethodHead, http.MethodPost, http.MethodPut} {
 		// Redirect to public endpoint
@@ -263,6 +266,89 @@ func (h *Handler) adminDeleteIdentitySessions(w http.ResponseWriter, r *http.Req
 	w.WriteHeader(http.StatusNoContent)
 }
 
+// Session List Request
+//
+// The request object for listing sessions in an administrative context.
+//
+// swagger:parameters adminListSessions
+// nolint:deadcode,unused
+type adminListSessionsRequest struct {
+	keysetpagination.RequestParameters
+
+	// Active is a boolean flag that filters out sessions based on the state. If no value is provided, all sessions are returned.
+	//
+	// required: false
+	// in: query
+	Active bool `json:"active"`
+}
+
+// Session List Response
+//
+// The response given when listing sessions in an administrative context.
+//
+// swagger:response adminListSessions
+// nolint:deadcode,unused
+type adminListSessionsResponse struct {
+	// The pagination headers
+	// in: header
+	keysetpagination.ResponseHeaders
+
+	// The list of sessions found
+	// in: body
+	Sessions []Session
+}
+
+// swagger:route GET /admin/sessions v0alpha2 adminListSessions
+//
+// This endpoint returns all sessions that exist.
+//
+// This endpoint is useful for:
+//
+// - Listing all sessions that exist in an administrative context.
+//
+//	Schemes: http, https
+//
+//	Security:
+//	  oryAccessToken:
+//
+//	Responses:
+//	  200: sessionList
+//	  400: jsonError
+//	  401: jsonError
+//	  404: jsonError
+//	  500: jsonError
+func (h *Handler) adminListSessions(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
+	activeRaw := r.URL.Query().Get("active")
+	activeBool, err := strconv.ParseBool(activeRaw)
+	if activeRaw != "" && err != nil {
+		h.r.Writer().WriteError(w, r, herodot.ErrBadRequest.WithError("could not parse parameter active"))
+		return
+	}
+
+	var active *bool
+	if activeRaw != "" {
+		active = &activeBool
+	}
+
+	// Parse request pagination parameters
+	urlValues := r.URL.Query()
+	opts, err := keysetpagination.Parse(&urlValues)
+	if err != nil {
+		h.r.Writer().WriteError(w, r, herodot.ErrBadRequest.WithError("could not parse parameter page_size"))
+		return
+	}
+
+	sess, total, nextPage, err := h.r.SessionPersister().ListSessions(r.Context(), active, opts, ExpandEverything)
+	if err != nil {
+		h.r.Writer().WriteError(w, r, err)
+		return
+	}
+
+	w.Header().Set("x-total-count", fmt.Sprint(total))
+	keysetpagination.Header(w, r.URL, nextPage)
+	h.r.Writer().Write(w, r, sess)
+}
+
 // swagger:parameters adminListIdentitySessions
 // nolint:deadcode,unused
 type adminListIdentitySessions struct {
diff --git a/session/handler_test.go b/session/handler_test.go
index 672db13a3237..fe3c0050f44e 100644
--- a/session/handler_test.go
+++ b/session/handler_test.go
@@ -424,6 +424,20 @@ func TestHandlerAdminSessionManagement(t *testing.T) {
 		s := &Session{Identity: i}
 		require.NoError(t, reg.SessionPersister().UpsertSession(ctx, s))
 
+		t.Run("should list sessions", func(t *testing.T) {
+			req, _ := http.NewRequest("GET", ts.URL+"/admin/sessions/", nil)
+			res, err := client.Do(req)
+			require.NoError(t, err)
+			assert.Equal(t, http.StatusOK, res.StatusCode)
+			assert.Equal(t, "1", res.Header.Get("X-Total-Count"))
+			assert.Equal(t, "; rel=\"first\"", res.Header.Get("Link"))
+
+			var sessions []Session
+			require.NoError(t, json.NewDecoder(res.Body).Decode(&sessions))
+			require.Len(t, sessions, 1)
+			assert.Equal(t, s.ID, sessions[0].ID)
+		})
+
 		t.Run("should list session", func(t *testing.T) {
 			req, _ := http.NewRequest("GET", ts.URL+"/admin/identities/"+i.ID.String()+"/sessions", nil)
 			res, err := client.Do(req)
diff --git a/session/persistence.go b/session/persistence.go
index 256ae202abec..8561f225b8a6 100644
--- a/session/persistence.go
+++ b/session/persistence.go
@@ -4,6 +4,8 @@ import (
 	"context"
 	"time"
 
+	"github.com/ory/x/pagination/keysetpagination"
+
 	"github.com/gofrs/uuid"
 )
 
@@ -15,6 +17,9 @@ type Persister interface {
 	// GetSession retrieves a session from the store.
 	GetSession(ctx context.Context, sid uuid.UUID, expandables Expandables) (*Session, error)
 
+	// ListSessions retrieves all sessions.
+	ListSessions(ctx context.Context, active *bool, paginatorOpts []keysetpagination.Option, expandables Expandables) ([]Session, int64, *keysetpagination.Paginator, error)
+
 	// ListSessionsByIdentity retrieves sessions for an identity from the store.
 	ListSessionsByIdentity(ctx context.Context, iID uuid.UUID, active *bool, page, perPage int, except uuid.UUID, expandables Expandables) ([]*Session, int64, error)
 
diff --git a/session/session.go b/session/session.go
index 25c2c122ff0f..3220400ba6b1 100644
--- a/session/session.go
+++ b/session/session.go
@@ -137,6 +137,10 @@ type Session struct {
 	NID   uuid.UUID `json:"-"  faker:"-" db:"nid"`
 }
 
+func (s Session) PageToken() string {
+	return s.ID.String()
+}
+
 func (s Session) TableName(ctx context.Context) string {
 	return "sessions"
 }
diff --git a/session/test/persistence.go b/session/test/persistence.go
index 25896bcdb331..ec539ef3a62a 100644
--- a/session/test/persistence.go
+++ b/session/test/persistence.go
@@ -5,6 +5,8 @@ import (
 	"testing"
 	"time"
 
+	"github.com/ory/x/pagination/keysetpagination"
+
 	"github.com/ory/x/pointerx"
 
 	"github.com/ory/kratos/identity"
@@ -108,7 +110,7 @@ func TestPersister(ctx context.Context, conf *config.Config, p interface {
 				})
 			})
 
-			t.Run("method=list by identity", func(t *testing.T) {
+			t.Run("method=listing", func(t *testing.T) {
 				i := identity.NewIdentity("")
 				require.NoError(t, p.CreateIdentity(ctx, i))
 				sess := make([]session.Session, 4)
@@ -177,7 +179,7 @@ func TestPersister(ctx context.Context, conf *config.Config, p interface {
 						},
 					},
 				} {
-					t.Run("case="+tc.desc, func(t *testing.T) {
+					t.Run("case=ListSessionsByIdentity "+tc.desc, func(t *testing.T) {
 						actual, total, err := p.ListSessionsByIdentity(ctx, i.ID, tc.active, 1, 10, tc.except, session.ExpandEverything)
 						require.NoError(t, err)
 
@@ -196,13 +198,131 @@ func TestPersister(ctx context.Context, conf *config.Config, p interface {
 					})
 				}
 
-				t.Run("other network", func(t *testing.T) {
+				t.Run("case=ListSessionsByIdentity - other network", func(t *testing.T) {
 					_, other := testhelpers.NewNetwork(t, ctx, p)
 					actual, total, err := other.ListSessionsByIdentity(ctx, i.ID, nil, 1, 10, uuid.Nil, session.ExpandNothing)
 					require.NoError(t, err)
 					require.Equal(t, int64(0), total)
 					assert.Len(t, actual, 0)
 				})
+
+				for _, tc := range []struct {
+					desc     string
+					except   uuid.UUID
+					expected []session.Session
+					active   *bool
+				}{
+					{
+						desc:     "all",
+						expected: append(sess, expected),
+					},
+					{
+						desc:   "active only",
+						active: pointerx.Bool(true),
+						expected: []session.Session{
+							expected,
+							sess[0],
+							sess[2],
+						},
+					},
+					{
+						desc:   "inactive only",
+						active: pointerx.Bool(false),
+						expected: []session.Session{
+							sess[1],
+							sess[3],
+						},
+					},
+				} {
+					t.Run("case=ListSessions "+tc.desc, func(t *testing.T) {
+						paginatorOpts := make([]keysetpagination.Option, 0)
+						actual, total, nextPage, err := p.ListSessions(ctx, tc.active, paginatorOpts, session.ExpandEverything)
+						require.NoError(t, err)
+
+						require.Equal(t, len(tc.expected), len(actual))
+						require.Equal(t, int64(len(tc.expected)), total)
+						assert.Equal(t, true, nextPage.IsLast())
+						assert.Equal(t, uuid.Nil.String(), nextPage.Token())
+						assert.Equal(t, 250, nextPage.Size())
+						for _, es := range tc.expected {
+							found := false
+							for _, as := range actual {
+								if as.ID == es.ID {
+									found = true
+									assert.Equal(t, len(es.Devices), len(as.Devices))
+									assert.Equal(t, es.Identity.ID.String(), as.Identity.ID.String())
+								}
+							}
+							assert.True(t, found)
+						}
+					})
+				}
+
+				t.Run("case=ListSessions last page", func(t *testing.T) {
+					paginatorOpts := make([]keysetpagination.Option, 0)
+					actual, total, page, err := p.ListSessions(ctx, nil, paginatorOpts, session.ExpandEverything)
+					require.NoError(t, err)
+
+					require.Equal(t, 5, len(actual))
+					require.Equal(t, int64(5), total)
+					assert.Equal(t, true, page.IsLast())
+					assert.Equal(t, uuid.Nil.String(), page.Token())
+					assert.Equal(t, 250, page.Size())
+				})
+
+				t.Run("case=ListSessions page iteration", func(t *testing.T) {
+
+				})
+
+				t.Run("case=ListSessions - other network", func(t *testing.T) {
+					var identity1 identity.Identity
+					require.NoError(t, faker.FakeData(&identity1))
+
+					_, other := testhelpers.NewNetwork(t, ctx, p)
+					require.NoError(t, other.CreateIdentity(ctx, &identity1))
+
+					expectedIDs := make([]uuid.UUID, 5)
+					seedSessionsList := make([]session.Session, 5)
+					for j := range seedSessionsList {
+						require.NoError(t, faker.FakeData(&seedSessionsList[j]))
+						seedSessionsList[j].Identity = &identity1
+						seedSessionsList[j].Active = j%2 == 0
+
+						var device session.Device
+						require.NoError(t, faker.FakeData(&device))
+						seedSessionsList[j].Devices = []session.Device{
+							device,
+						}
+						require.NoError(t, other.UpsertSession(ctx, &seedSessionsList[j]))
+						expectedIDs[j] = seedSessionsList[j].ID
+					}
+
+					paginatorOpts := make([]keysetpagination.Option, 0)
+					paginatorOpts = append(paginatorOpts, keysetpagination.WithSize(3))
+					firstPageItems, total, page1, err := other.ListSessions(ctx, nil, paginatorOpts, session.ExpandEverything)
+					require.NoError(t, err)
+					require.Equal(t, int64(5), total)
+					assert.Len(t, firstPageItems, 3)
+
+					assert.Equal(t, false, page1.IsLast())
+					assert.Equal(t, firstPageItems[len(firstPageItems)-1].ID.String(), page1.Token())
+					assert.Equal(t, 3, page1.Size())
+
+					// Validate secondPageItems page
+					secondPageItems, total, page2, err := other.ListSessions(ctx, nil, page1.ToOptions(), session.ExpandEverything)
+					require.NoError(t, err)
+
+					acutalIDs := make([]uuid.UUID, 0)
+					for _, s := range append(firstPageItems, secondPageItems...) {
+						acutalIDs = append(acutalIDs, s.ID)
+					}
+					assert.ElementsMatch(t, expectedIDs, acutalIDs)
+
+					require.Equal(t, int64(5), total)
+					assert.Len(t, secondPageItems, 2)
+					assert.True(t, page2.IsLast())
+					assert.Equal(t, 3, page2.Size())
+				})
 			})
 
 			t.Run("case=update session", func(t *testing.T) {

From 02b91009abdc1d19b22663bd17d1a2290d72726c Mon Sep 17 00:00:00 2001
From: ory-bot <60093411+ory-bot@users.noreply.github.com>
Date: Thu, 27 Oct 2022 14:46:36 +0000
Subject: [PATCH 322/411] autogen(openapi): regenerate swagger spec and
 internal client

[skip ci]
---
 internal/httpclient/README.md           |   1 +
 internal/httpclient/api/openapi.yaml    |  92 +++++++++++
 internal/httpclient/api_v0alpha2.go     | 197 ++++++++++++++++++++++++
 internal/httpclient/docs/V0alpha2Api.md |  71 +++++++++
 spec/api.json                           | 110 +++++++++++++
 spec/swagger.json                       |  95 ++++++++++++
 6 files changed, 566 insertions(+)

diff --git a/internal/httpclient/README.md b/internal/httpclient/README.md
index f5b358e7fbfe..6e6da2b414b4 100644
--- a/internal/httpclient/README.md
+++ b/internal/httpclient/README.md
@@ -96,6 +96,7 @@ Class | Method | HTTP request | Description
 *V0alpha2Api* | [**AdminListCourierMessages**](docs/V0alpha2Api.md#adminlistcouriermessages) | **Get** /admin/courier/messages | List Messages
 *V0alpha2Api* | [**AdminListIdentities**](docs/V0alpha2Api.md#adminlistidentities) | **Get** /admin/identities | List Identities
 *V0alpha2Api* | [**AdminListIdentitySessions**](docs/V0alpha2Api.md#adminlistidentitysessions) | **Get** /admin/identities/{id}/sessions | List an Identity's Sessions
+*V0alpha2Api* | [**AdminListSessions**](docs/V0alpha2Api.md#adminlistsessions) | **Get** /admin/sessions | This endpoint returns all sessions that exist.
 *V0alpha2Api* | [**AdminPatchIdentity**](docs/V0alpha2Api.md#adminpatchidentity) | **Patch** /admin/identities/{id} | Patch an Identity
 *V0alpha2Api* | [**AdminUpdateIdentity**](docs/V0alpha2Api.md#adminupdateidentity) | **Put** /admin/identities/{id} | Update an Identity
 *V0alpha2Api* | [**CreateSelfServiceLogoutFlowUrlForBrowsers**](docs/V0alpha2Api.md#createselfservicelogoutflowurlforbrowsers) | **Get** /self-service/logout/browser | Create a Logout URL for Browsers
diff --git a/internal/httpclient/api/openapi.yaml b/internal/httpclient/api/openapi.yaml
index e196aa0cfa66..9b174049c4a4 100644
--- a/internal/httpclient/api/openapi.yaml
+++ b/internal/httpclient/api/openapi.yaml
@@ -645,6 +645,87 @@ paths:
       summary: Create a Recovery Link
       tags:
       - v0alpha2
+  /admin/sessions:
+    get:
+      description: |-
+        This endpoint is useful for:
+
+        Listing all sessions that exist in an administrative context.
+      operationId: adminListSessions
+      parameters:
+      - description: |-
+          Items per Page
+
+          This is the number of items per page to return.
+          For details on pagination please head over to the [pagination documentation](https://www.ory.sh/docs/ecosystem/api-design#pagination).
+        explode: true
+        in: query
+        name: page_size
+        required: false
+        schema:
+          default: 250
+          format: int64
+          maximum: 1000
+          minimum: 1
+          type: integer
+        style: form
+      - description: |-
+          Next Page Token
+
+          The next page token.
+          For details on pagination please head over to the [pagination documentation](https://www.ory.sh/docs/ecosystem/api-design#pagination).
+        explode: true
+        in: query
+        name: page_token
+        required: false
+        schema:
+          type: string
+        style: form
+      - description: Active is a boolean flag that filters out sessions based on the
+          state. If no value is provided, all sessions are returned.
+        explode: true
+        in: query
+        name: active
+        required: false
+        schema:
+          type: boolean
+        style: form
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/sessionList'
+          description: sessionList
+        "400":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/jsonError'
+          description: jsonError
+        "401":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/jsonError'
+          description: jsonError
+        "404":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/jsonError'
+          description: jsonError
+        "500":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/jsonError'
+          description: jsonError
+      security:
+      - oryAccessToken: []
+      summary: This endpoint returns all sessions that exist.
+      tags:
+      - v0alpha2
   /admin/sessions/{id}/extend:
     patch:
       description: |-
@@ -2972,6 +3053,17 @@ paths:
       - metadata
 components:
   responses:
+    adminListSessions:
+      content:
+        application/json:
+          schema:
+            items:
+              $ref: '#/components/schemas/session'
+            type: array
+      description: |-
+        Session List Response
+
+        The response given when listing sessions in an administrative context.
     emptyResponse:
       description: Empty responses are sent when, for example, resources are deleted.
         The HTTP status code for empty responses is typically 201.
diff --git a/internal/httpclient/api_v0alpha2.go b/internal/httpclient/api_v0alpha2.go
index 04001b3c65be..14300dc328c7 100644
--- a/internal/httpclient/api_v0alpha2.go
+++ b/internal/httpclient/api_v0alpha2.go
@@ -190,6 +190,22 @@ type V0alpha2Api interface {
 	 */
 	AdminListIdentitySessionsExecute(r V0alpha2ApiApiAdminListIdentitySessionsRequest) ([]Session, *http.Response, error)
 
+	/*
+			 * AdminListSessions This endpoint returns all sessions that exist.
+			 * This endpoint is useful for:
+
+		Listing all sessions that exist in an administrative context.
+			 * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+			 * @return V0alpha2ApiApiAdminListSessionsRequest
+	*/
+	AdminListSessions(ctx context.Context) V0alpha2ApiApiAdminListSessionsRequest
+
+	/*
+	 * AdminListSessionsExecute executes the request
+	 * @return []Session
+	 */
+	AdminListSessionsExecute(r V0alpha2ApiApiAdminListSessionsRequest) ([]Session, *http.Response, error)
+
 	/*
 			 * AdminPatchIdentity Patch an Identity
 			 * Partially updates an Identity's field using [JSON Patch](https://jsonpatch.com/)
@@ -2666,6 +2682,187 @@ func (a *V0alpha2ApiService) AdminListIdentitySessionsExecute(r V0alpha2ApiApiAd
 	return localVarReturnValue, localVarHTTPResponse, nil
 }
 
+type V0alpha2ApiApiAdminListSessionsRequest struct {
+	ctx        context.Context
+	ApiService V0alpha2Api
+	pageSize   *int64
+	pageToken  *string
+	active     *bool
+}
+
+func (r V0alpha2ApiApiAdminListSessionsRequest) PageSize(pageSize int64) V0alpha2ApiApiAdminListSessionsRequest {
+	r.pageSize = &pageSize
+	return r
+}
+func (r V0alpha2ApiApiAdminListSessionsRequest) PageToken(pageToken string) V0alpha2ApiApiAdminListSessionsRequest {
+	r.pageToken = &pageToken
+	return r
+}
+func (r V0alpha2ApiApiAdminListSessionsRequest) Active(active bool) V0alpha2ApiApiAdminListSessionsRequest {
+	r.active = &active
+	return r
+}
+
+func (r V0alpha2ApiApiAdminListSessionsRequest) Execute() ([]Session, *http.Response, error) {
+	return r.ApiService.AdminListSessionsExecute(r)
+}
+
+/*
+  - AdminListSessions This endpoint returns all sessions that exist.
+  - This endpoint is useful for:
+
+Listing all sessions that exist in an administrative context.
+  - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+  - @return V0alpha2ApiApiAdminListSessionsRequest
+*/
+func (a *V0alpha2ApiService) AdminListSessions(ctx context.Context) V0alpha2ApiApiAdminListSessionsRequest {
+	return V0alpha2ApiApiAdminListSessionsRequest{
+		ApiService: a,
+		ctx:        ctx,
+	}
+}
+
+/*
+ * Execute executes the request
+ * @return []Session
+ */
+func (a *V0alpha2ApiService) AdminListSessionsExecute(r V0alpha2ApiApiAdminListSessionsRequest) ([]Session, *http.Response, error) {
+	var (
+		localVarHTTPMethod   = http.MethodGet
+		localVarPostBody     interface{}
+		localVarFormFileName string
+		localVarFileName     string
+		localVarFileBytes    []byte
+		localVarReturnValue  []Session
+	)
+
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "V0alpha2ApiService.AdminListSessions")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/admin/sessions"
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	if r.pageSize != nil {
+		localVarQueryParams.Add("page_size", parameterToString(*r.pageSize, ""))
+	}
+	if r.pageToken != nil {
+		localVarQueryParams.Add("page_token", parameterToString(*r.pageToken, ""))
+	}
+	if r.active != nil {
+		localVarQueryParams.Add("active", parameterToString(*r.active, ""))
+	}
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["oryAccessToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, localVarFormFileName, localVarFileName, localVarFileBytes)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+
+	localVarHTTPResponse, err := a.client.callAPI(req)
+	if err != nil || localVarHTTPResponse == nil {
+		return localVarReturnValue, localVarHTTPResponse, err
+	}
+
+	localVarBody, err := io.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = io.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		return localVarReturnValue, localVarHTTPResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 400 {
+			var v JsonError
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				return localVarReturnValue, localVarHTTPResponse, newErr
+			}
+			newErr.model = v
+			return localVarReturnValue, localVarHTTPResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 401 {
+			var v JsonError
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				return localVarReturnValue, localVarHTTPResponse, newErr
+			}
+			newErr.model = v
+			return localVarReturnValue, localVarHTTPResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v JsonError
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				return localVarReturnValue, localVarHTTPResponse, newErr
+			}
+			newErr.model = v
+			return localVarReturnValue, localVarHTTPResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 500 {
+			var v JsonError
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				return localVarReturnValue, localVarHTTPResponse, newErr
+			}
+			newErr.model = v
+		}
+		return localVarReturnValue, localVarHTTPResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		return localVarReturnValue, localVarHTTPResponse, newErr
+	}
+
+	return localVarReturnValue, localVarHTTPResponse, nil
+}
+
 type V0alpha2ApiApiAdminPatchIdentityRequest struct {
 	ctx        context.Context
 	ApiService V0alpha2Api
diff --git a/internal/httpclient/docs/V0alpha2Api.md b/internal/httpclient/docs/V0alpha2Api.md
index 4c909b98e761..cf82a1f45559 100644
--- a/internal/httpclient/docs/V0alpha2Api.md
+++ b/internal/httpclient/docs/V0alpha2Api.md
@@ -14,6 +14,7 @@ Method | HTTP request | Description
 [**AdminListCourierMessages**](V0alpha2Api.md#AdminListCourierMessages) | **Get** /admin/courier/messages | List Messages
 [**AdminListIdentities**](V0alpha2Api.md#AdminListIdentities) | **Get** /admin/identities | List Identities
 [**AdminListIdentitySessions**](V0alpha2Api.md#AdminListIdentitySessions) | **Get** /admin/identities/{id}/sessions | List an Identity's Sessions
+[**AdminListSessions**](V0alpha2Api.md#AdminListSessions) | **Get** /admin/sessions | This endpoint returns all sessions that exist.
 [**AdminPatchIdentity**](V0alpha2Api.md#AdminPatchIdentity) | **Patch** /admin/identities/{id} | Patch an Identity
 [**AdminUpdateIdentity**](V0alpha2Api.md#AdminUpdateIdentity) | **Put** /admin/identities/{id} | Update an Identity
 [**CreateSelfServiceLogoutFlowUrlForBrowsers**](V0alpha2Api.md#CreateSelfServiceLogoutFlowUrlForBrowsers) | **Get** /self-service/logout/browser | Create a Logout URL for Browsers
@@ -742,6 +743,76 @@ Name | Type | Description  | Notes
 [[Back to README]](../README.md)
 
 
+## AdminListSessions
+
+> []Session AdminListSessions(ctx).PageSize(pageSize).PageToken(pageToken).Active(active).Execute()
+
+This endpoint returns all sessions that exist.
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    pageSize := int64(789) // int64 | Items per Page  This is the number of items per page to return. For details on pagination please head over to the [pagination documentation](https://www.ory.sh/docs/ecosystem/api-design#pagination). (optional) (default to 250)
+    pageToken := "pageToken_example" // string | Next Page Token  The next page token. For details on pagination please head over to the [pagination documentation](https://www.ory.sh/docs/ecosystem/api-design#pagination). (optional)
+    active := true // bool | Active is a boolean flag that filters out sessions based on the state. If no value is provided, all sessions are returned. (optional)
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.V0alpha2Api.AdminListSessions(context.Background()).PageSize(pageSize).PageToken(pageToken).Active(active).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `V0alpha2Api.AdminListSessions``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `AdminListSessions`: []Session
+    fmt.Fprintf(os.Stdout, "Response from `V0alpha2Api.AdminListSessions`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiAdminListSessionsRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+ **pageSize** | **int64** | Items per Page  This is the number of items per page to return. For details on pagination please head over to the [pagination documentation](https://www.ory.sh/docs/ecosystem/api-design#pagination). | [default to 250]
+ **pageToken** | **string** | Next Page Token  The next page token. For details on pagination please head over to the [pagination documentation](https://www.ory.sh/docs/ecosystem/api-design#pagination). | 
+ **active** | **bool** | Active is a boolean flag that filters out sessions based on the state. If no value is provided, all sessions are returned. | 
+
+### Return type
+
+[**[]Session**](Session.md)
+
+### Authorization
+
+[oryAccessToken](../README.md#oryAccessToken)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
 ## AdminPatchIdentity
 
 > Identity AdminPatchIdentity(ctx, id).JsonPatch(jsonPatch).Execute()
diff --git a/spec/api.json b/spec/api.json
index cc03bcd5b0f9..f5c36b5b15c5 100755
--- a/spec/api.json
+++ b/spec/api.json
@@ -1,6 +1,19 @@
 {
   "components": {
     "responses": {
+      "adminListSessions": {
+        "content": {
+          "application/json": {
+            "schema": {
+              "items": {
+                "$ref": "#/components/schemas/session"
+              },
+              "type": "array"
+            }
+          }
+        },
+        "description": "Session List Response\n\nThe response given when listing sessions in an administrative context."
+      },
       "emptyResponse": {
         "description": "Empty responses are sent when, for example, resources are deleted. The HTTP status code for empty responses is typically 201."
       }
@@ -3637,6 +3650,103 @@
         ]
       }
     },
+    "/admin/sessions": {
+      "get": {
+        "description": "This endpoint is useful for:\n\nListing all sessions that exist in an administrative context.",
+        "operationId": "adminListSessions",
+        "parameters": [
+          {
+            "description": "Items per Page\n\nThis is the number of items per page to return.\nFor details on pagination please head over to the [pagination documentation](https://www.ory.sh/docs/ecosystem/api-design#pagination).",
+            "in": "query",
+            "name": "page_size",
+            "schema": {
+              "default": 250,
+              "format": "int64",
+              "maximum": 1000,
+              "minimum": 1,
+              "type": "integer"
+            }
+          },
+          {
+            "description": "Next Page Token\n\nThe next page token.\nFor details on pagination please head over to the [pagination documentation](https://www.ory.sh/docs/ecosystem/api-design#pagination).",
+            "in": "query",
+            "name": "page_token",
+            "schema": {
+              "type": "string"
+            }
+          },
+          {
+            "description": "Active is a boolean flag that filters out sessions based on the state. If no value is provided, all sessions are returned.",
+            "in": "query",
+            "name": "active",
+            "schema": {
+              "type": "boolean"
+            }
+          }
+        ],
+        "responses": {
+          "200": {
+            "content": {
+              "application/json": {
+                "schema": {
+                  "$ref": "#/components/schemas/sessionList"
+                }
+              }
+            },
+            "description": "sessionList"
+          },
+          "400": {
+            "content": {
+              "application/json": {
+                "schema": {
+                  "$ref": "#/components/schemas/jsonError"
+                }
+              }
+            },
+            "description": "jsonError"
+          },
+          "401": {
+            "content": {
+              "application/json": {
+                "schema": {
+                  "$ref": "#/components/schemas/jsonError"
+                }
+              }
+            },
+            "description": "jsonError"
+          },
+          "404": {
+            "content": {
+              "application/json": {
+                "schema": {
+                  "$ref": "#/components/schemas/jsonError"
+                }
+              }
+            },
+            "description": "jsonError"
+          },
+          "500": {
+            "content": {
+              "application/json": {
+                "schema": {
+                  "$ref": "#/components/schemas/jsonError"
+                }
+              }
+            },
+            "description": "jsonError"
+          }
+        },
+        "security": [
+          {
+            "oryAccessToken": []
+          }
+        ],
+        "summary": "This endpoint returns all sessions that exist.",
+        "tags": [
+          "v0alpha2"
+        ]
+      }
+    },
     "/admin/sessions/{id}/extend": {
       "patch": {
         "description": "Calling this endpoint extends the given session ID. If `session.earliest_possible_extend` is set it\nwill only extend the session after the specified time has passed.\n\nRetrieve the session ID from the `/sessions/whoami` endpoint / `toSession` SDK method.",
diff --git a/spec/swagger.json b/spec/swagger.json
index e310ab3f7d03..3869bcb32849 100755
--- a/spec/swagger.json
+++ b/spec/swagger.json
@@ -730,6 +730,81 @@
         }
       }
     },
+    "/admin/sessions": {
+      "get": {
+        "security": [
+          {
+            "oryAccessToken": []
+          }
+        ],
+        "description": "This endpoint is useful for:\n\nListing all sessions that exist in an administrative context.",
+        "schemes": [
+          "http",
+          "https"
+        ],
+        "tags": [
+          "v0alpha2"
+        ],
+        "summary": "This endpoint returns all sessions that exist.",
+        "operationId": "adminListSessions",
+        "parameters": [
+          {
+            "maximum": 1000,
+            "minimum": 1,
+            "type": "integer",
+            "format": "int64",
+            "default": 250,
+            "description": "Items per Page\n\nThis is the number of items per page to return.\nFor details on pagination please head over to the [pagination documentation](https://www.ory.sh/docs/ecosystem/api-design#pagination).",
+            "name": "page_size",
+            "in": "query"
+          },
+          {
+            "type": "string",
+            "description": "Next Page Token\n\nThe next page token.\nFor details on pagination please head over to the [pagination documentation](https://www.ory.sh/docs/ecosystem/api-design#pagination).",
+            "name": "page_token",
+            "in": "query"
+          },
+          {
+            "type": "boolean",
+            "description": "Active is a boolean flag that filters out sessions based on the state. If no value is provided, all sessions are returned.",
+            "name": "active",
+            "in": "query"
+          }
+        ],
+        "responses": {
+          "200": {
+            "description": "sessionList",
+            "schema": {
+              "$ref": "#/definitions/sessionList"
+            }
+          },
+          "400": {
+            "description": "jsonError",
+            "schema": {
+              "$ref": "#/definitions/jsonError"
+            }
+          },
+          "401": {
+            "description": "jsonError",
+            "schema": {
+              "$ref": "#/definitions/jsonError"
+            }
+          },
+          "404": {
+            "description": "jsonError",
+            "schema": {
+              "$ref": "#/definitions/jsonError"
+            }
+          },
+          "500": {
+            "description": "jsonError",
+            "schema": {
+              "$ref": "#/definitions/jsonError"
+            }
+          }
+        }
+      }
+    },
     "/admin/sessions/{id}/extend": {
       "patch": {
         "security": [
@@ -5196,6 +5271,26 @@
     }
   },
   "responses": {
+    "adminListSessions": {
+      "description": "Session List Response\n\nThe response given when listing sessions in an administrative context.",
+      "schema": {
+        "type": "array",
+        "items": {
+          "$ref": "#/definitions/session"
+        }
+      },
+      "headers": {
+        "link": {
+          "type": "string",
+          "description": "The Link HTTP Header\n\nThe `Link` header contains a comma-delimited list of links to the following pages:\n\nfirst: The first page of results.\nnext: The next page of results.\n\nPages are omitted if they do not exist. For example, if there is no next page, the `next` link is omitted. Examples:\n\n\u003c/admin/sessions?page_size=250\u0026page_token={last_item_uuid}; rel=\"first\",/admin/sessions?page_size=250\u0026page_token=\u003e; rel=\"next\""
+        },
+        "x-total-count": {
+          "type": "integer",
+          "format": "int64",
+          "description": "The X-Total-Count HTTP Header\n\nThe `X-Total-Count` header contains the total number of items in the collection."
+        }
+      }
+    },
     "emptyResponse": {
       "description": "Empty responses are sent when, for example, resources are deleted. The HTTP status code for empty responses is typically 201."
     }

From 411cd79103b906f8b4150c7596fae1ba914b98a5 Mon Sep 17 00:00:00 2001
From: ory-bot <60093411+ory-bot@users.noreply.github.com>
Date: Thu, 27 Oct 2022 15:48:15 +0000
Subject: [PATCH 323/411] autogen(docs): regenerate and update changelog

[skip ci]
---
 CHANGELOG.md | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 97ba62414a07..0dc0eea91d8a 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -5,7 +5,7 @@
 
 **Table of Contents**
 
-- [ (2022-10-26)](#2022-10-26)
+- [ (2022-10-27)](#2022-10-27)
   - [Breaking Changes](#breaking-changes)
     - [Bug Fixes](#bug-fixes)
     - [Code Refactoring](#code-refactoring)
@@ -280,7 +280,7 @@
 
 
 
-# [](https://github.com/ory/kratos/compare/v0.10.1...v) (2022-10-26)
+# [](https://github.com/ory/kratos/compare/v0.10.1...v) (2022-10-27)
 
 ## Breaking Changes
 
@@ -579,6 +579,9 @@ SDK Method `getJsonSchema` was renamed to `getIdentitySchema`.
   upgrade ([#2734](https://github.com/ory/kratos/issues/2734))
   ([3852eb4](https://github.com/ory/kratos/commit/3852eb460251a079bad68d08bee2aef23516d168)),
   closes [#2422](https://github.com/ory/kratos/issues/2422)
+- Adding admin session listing api
+  ([#2818](https://github.com/ory/kratos/issues/2818))
+  ([59588d2](https://github.com/ory/kratos/commit/59588d2e290a8b72125021fa899661622e4cd946))
 - Adding device information to the session
   ([#2715](https://github.com/ory/kratos/issues/2715))
   ([82bc9ce](https://github.com/ory/kratos/commit/82bc9ce00d44085287e6d8d9e3fb67e107be2503)):

From de80b7f508afdd56f5d8396f03919bd9a98e49d3 Mon Sep 17 00:00:00 2001
From: Jonas Hungershausen 
Date: Sun, 30 Oct 2022 12:42:48 +0100
Subject: [PATCH 324/411] fix: admin recovery CSRF & duplicate form elements
 (#2846)

---
 ...ail_field_when_creating_recovery_code.json | 40 +++++++++++++++++++
 .../strategy/code/strategy_recovery.go        | 11 +++--
 .../strategy/code/strategy_recovery_test.go   | 19 +++++++--
 3 files changed, 63 insertions(+), 7 deletions(-)
 create mode 100644 selfservice/strategy/code/.snapshots/TestAdminStrategy-case=form_should_not_contain_email_field_when_creating_recovery_code.json

diff --git a/selfservice/strategy/code/.snapshots/TestAdminStrategy-case=form_should_not_contain_email_field_when_creating_recovery_code.json b/selfservice/strategy/code/.snapshots/TestAdminStrategy-case=form_should_not_contain_email_field_when_creating_recovery_code.json
new file mode 100644
index 000000000000..efbeecd4bb0a
--- /dev/null
+++ b/selfservice/strategy/code/.snapshots/TestAdminStrategy-case=form_should_not_contain_email_field_when_creating_recovery_code.json
@@ -0,0 +1,40 @@
+[
+  {
+    "type": "input",
+    "group": "code",
+    "attributes": {
+      "name": "code",
+      "type": "number",
+      "required": true,
+      "disabled": false,
+      "node_type": "input"
+    },
+    "messages": [],
+    "meta": {
+      "label": {
+        "id": 1070006,
+        "text": "Verify code",
+        "type": "info"
+      }
+    }
+  },
+  {
+    "type": "input",
+    "group": "code",
+    "attributes": {
+      "name": "method",
+      "type": "submit",
+      "value": "code",
+      "disabled": false,
+      "node_type": "input"
+    },
+    "messages": [],
+    "meta": {
+      "label": {
+        "id": 1070005,
+        "text": "Submit",
+        "type": "info"
+      }
+    }
+  }
+]
diff --git a/selfservice/strategy/code/strategy_recovery.go b/selfservice/strategy/code/strategy_recovery.go
index f4ce691984c2..afed8fddb1c7 100644
--- a/selfservice/strategy/code/strategy_recovery.go
+++ b/selfservice/strategy/code/strategy_recovery.go
@@ -168,6 +168,7 @@ func (s *Strategy) createRecoveryCode(w http.ResponseWriter, r *http.Request, _
 	}
 	flow.DangerousSkipCSRFCheck = true
 	flow.State = recovery.StateEmailSent
+	flow.UI.Nodes = node.Nodes{}
 	flow.UI.Nodes.Append(node.NewInputField("code", nil, node.CodeGroup, node.InputAttributeTypeNumber, node.WithRequiredInputAttribute).
 		WithMetaLabel(text.NewInfoNodeLabelVerifyOTP()),
 	)
@@ -270,9 +271,13 @@ func (s *Strategy) Recover(w http.ResponseWriter, r *http.Request, f *recovery.F
 	}
 	ctx := r.Context()
 
-	// If a CSRF violation occurs the flow is most likely FUBAR, as the user either lost the CSRF token, or an attack occured.
-	// In this case, we just issue a new flow and "abandon" the old flow.
-	if err := flow.EnsureCSRF(s.deps, r, f.Type, s.deps.Config().DisableAPIFlowEnforcement(ctx), s.deps.GenerateCSRFToken, body.CSRFToken); err != nil {
+	if f.DangerousSkipCSRFCheck {
+		s.deps.Logger().
+			WithRequest(r).
+			Debugf("A recovery flow with `DangerousSkipCSRFCheck` set has been submitted, skipping anti-CSRF measures.")
+	} else if err := flow.EnsureCSRF(s.deps, r, f.Type, s.deps.Config().DisableAPIFlowEnforcement(ctx), s.deps.GenerateCSRFToken, body.CSRFToken); err != nil {
+		// If a CSRF violation occurs the flow is most likely FUBAR, as the user either lost the CSRF token, or an attack occured.
+		// In this case, we just issue a new flow and "abandon" the old flow.
 		return s.retryRecoveryFlowWithError(w, r, flow.TypeBrowser, err)
 	}
 
diff --git a/selfservice/strategy/code/strategy_recovery_test.go b/selfservice/strategy/code/strategy_recovery_test.go
index f5d4086d7ee8..1a8ac53c20d7 100644
--- a/selfservice/strategy/code/strategy_recovery_test.go
+++ b/selfservice/strategy/code/strategy_recovery_test.go
@@ -134,12 +134,9 @@ func TestAdminStrategy(t *testing.T) {
 
 		action := gjson.GetBytes(body, "ui.action").String()
 		require.NotEmpty(t, action)
-		csrfToken := gjson.GetBytes(body, "ui.nodes.#(attributes.name==csrf_token).attributes.value").String()
-		require.NotEmpty(t, csrfToken)
 
 		res, err = publicTS.Client().PostForm(action, url.Values{
-			"csrf_token": {csrfToken},
-			"code":       {code},
+			"code": {code},
 		})
 		assert.Equal(t, http.StatusOK, res.StatusCode)
 
@@ -229,6 +226,20 @@ func TestAdminStrategy(t *testing.T) {
 
 		assertMessage(t, body, "The recovery code is invalid or has already been used. Please try again.")
 	})
+
+	t.Run("case=form should not contain email field when creating recovery code", func(t *testing.T) {
+		email := strings.ToLower(testhelpers.RandomEmail())
+		i := createIdentityToRecover(t, reg, email)
+
+		c1, _, err := createCode(i.ID.String(), pointerx.String("1h"))
+		require.NoError(t, err)
+
+		res, err := http.Get(c1.RecoveryLink)
+		require.NoError(t, err)
+		body := ioutilx.MustReadAll(res.Body)
+
+		snapshotx.SnapshotT(t, json.RawMessage(gjson.GetBytes(body, "ui.nodes").String()))
+	})
 }
 
 const (

From 60fed3c1e1c102d8256d139923a3b241297a62e2 Mon Sep 17 00:00:00 2001
From: ory-bot <60093411+ory-bot@users.noreply.github.com>
Date: Sun, 30 Oct 2022 12:46:25 +0000
Subject: [PATCH 325/411] autogen(docs): regenerate and update changelog

[skip ci]
---
 CHANGELOG.md | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 0dc0eea91d8a..a8e5ac97269e 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -5,7 +5,7 @@
 
 **Table of Contents**
 
-- [ (2022-10-27)](#2022-10-27)
+- [ (2022-10-30)](#2022-10-30)
   - [Breaking Changes](#breaking-changes)
     - [Bug Fixes](#bug-fixes)
     - [Code Refactoring](#code-refactoring)
@@ -280,7 +280,7 @@
 
 
 
-# [](https://github.com/ory/kratos/compare/v0.10.1...v) (2022-10-27)
+# [](https://github.com/ory/kratos/compare/v0.10.1...v) (2022-10-30)
 
 ## Breaking Changes
 
@@ -314,6 +314,9 @@ SDK Method `getJsonSchema` was renamed to `getIdentitySchema`.
 - Add support for verified Graph API calls for facebook oidc provider
   ([#2547](https://github.com/ory/kratos/issues/2547))
   ([1ba7c66](https://github.com/ory/kratos/commit/1ba7c66fc4897b676690f0ac701a0b68aee4f151))
+- Admin recovery CSRF & duplicate form elements
+  ([#2846](https://github.com/ory/kratos/issues/2846))
+  ([de80b7f](https://github.com/ory/kratos/commit/de80b7f508afdd56f5d8396f03919bd9a98e49d3))
 - Bump docker image ([#2594](https://github.com/ory/kratos/issues/2594))
   ([071c885](https://github.com/ory/kratos/commit/071c885d8231a1a66051002ecfcff5c8e5237085))
 - Bump graceful to deal with http header timeouts

From 968bf6bf3b2227c391252590d34308f91ada6be4 Mon Sep 17 00:00:00 2001
From: aeneasr <3372410+aeneasr@users.noreply.github.com>
Date: Tue, 1 Nov 2022 20:08:54 +0000
Subject: [PATCH 326/411] chore: update repository templates to
 https://github.com/ory/meta/commit/852a1aece5fefac0a03f928672538c5d8c536ad8

---
 .github/FUNDING.yml                        | 3 +++
 .github/ISSUE_TEMPLATE/BUG-REPORT.yml      | 3 +++
 .github/ISSUE_TEMPLATE/DESIGN-DOC.yml      | 3 +++
 .github/ISSUE_TEMPLATE/FEATURE-REQUEST.yml | 3 +++
 .github/ISSUE_TEMPLATE/config.yml          | 3 +++
 .github/auto_assign.yml                    | 3 +++
 .github/config.yml                         | 3 +++
 .github/pull_request_template.md           | 3 +++
 .github/workflows/closed_references.yml    | 3 +++
 .github/workflows/conventional_commits.yml | 3 +++
 .github/workflows/labels.yml               | 3 +++
 .github/workflows/milestone.yml            | 3 +++
 .github/workflows/stale.yml                | 3 +++
 CODE_OF_CONDUCT.md                         | 3 +++
 CONTRIBUTING.md                            | 3 +++
 SECURITY.md                                | 3 +++
 16 files changed, 48 insertions(+)

diff --git a/.github/FUNDING.yml b/.github/FUNDING.yml
index eacb8f4959e9..c44036054b63 100644
--- a/.github/FUNDING.yml
+++ b/.github/FUNDING.yml
@@ -1,3 +1,6 @@
+# AUTO-GENERATED, DO NOT EDIT!
+# Please edit the original at https://github.com/ory/meta/blob/master/templates/repository/common/.github/FUNDING.yml
+
 # These are supported funding model platforms
 
 # github:
diff --git a/.github/ISSUE_TEMPLATE/BUG-REPORT.yml b/.github/ISSUE_TEMPLATE/BUG-REPORT.yml
index e83bd3b6da9d..1170b41b5c4a 100644
--- a/.github/ISSUE_TEMPLATE/BUG-REPORT.yml
+++ b/.github/ISSUE_TEMPLATE/BUG-REPORT.yml
@@ -1,3 +1,6 @@
+# AUTO-GENERATED, DO NOT EDIT!
+# Please edit the original at https://github.com/ory/meta/blob/master/templates/repository/common/.github/ISSUE_TEMPLATE/BUG-REPORT.yml
+
 description: "Create a bug report"
 labels:
   - bug
diff --git a/.github/ISSUE_TEMPLATE/DESIGN-DOC.yml b/.github/ISSUE_TEMPLATE/DESIGN-DOC.yml
index b716dd23d1df..f817f4164efe 100644
--- a/.github/ISSUE_TEMPLATE/DESIGN-DOC.yml
+++ b/.github/ISSUE_TEMPLATE/DESIGN-DOC.yml
@@ -1,3 +1,6 @@
+# AUTO-GENERATED, DO NOT EDIT!
+# Please edit the original at https://github.com/ory/meta/blob/master/templates/repository/common/.github/ISSUE_TEMPLATE/DESIGN-DOC.yml
+
 description:
   "A design document is needed for non-trivial changes to the code base."
 labels:
diff --git a/.github/ISSUE_TEMPLATE/FEATURE-REQUEST.yml b/.github/ISSUE_TEMPLATE/FEATURE-REQUEST.yml
index 77ca05bacf60..0c3112cfc7d6 100644
--- a/.github/ISSUE_TEMPLATE/FEATURE-REQUEST.yml
+++ b/.github/ISSUE_TEMPLATE/FEATURE-REQUEST.yml
@@ -1,3 +1,6 @@
+# AUTO-GENERATED, DO NOT EDIT!
+# Please edit the original at https://github.com/ory/meta/blob/master/templates/repository/common/.github/ISSUE_TEMPLATE/FEATURE-REQUEST.yml
+
 description:
   "Suggest an idea for this project without a plan for implementation"
 labels:
diff --git a/.github/ISSUE_TEMPLATE/config.yml b/.github/ISSUE_TEMPLATE/config.yml
index 42353ce7faf3..abb0b696c9d9 100644
--- a/.github/ISSUE_TEMPLATE/config.yml
+++ b/.github/ISSUE_TEMPLATE/config.yml
@@ -1,3 +1,6 @@
+# AUTO-GENERATED, DO NOT EDIT!
+# Please edit the original at https://github.com/ory/meta/blob/master/templates/repository/common/.github/ISSUE_TEMPLATE/config.yml
+
 blank_issues_enabled: false
 contact_links:
   - name: Ory Kratos Forum
diff --git a/.github/auto_assign.yml b/.github/auto_assign.yml
index d10020573364..c6cf23b781f8 100644
--- a/.github/auto_assign.yml
+++ b/.github/auto_assign.yml
@@ -1,3 +1,6 @@
+# AUTO-GENERATED, DO NOT EDIT!
+# Please edit the original at https://github.com/ory/meta/blob/master/templates/repository/common/.github/auto_assign.yml
+
 # Set to true to add reviewers to pull requests
 addReviewers: true
 
diff --git a/.github/config.yml b/.github/config.yml
index ea335697979b..4fed11851b32 100644
--- a/.github/config.yml
+++ b/.github/config.yml
@@ -1,3 +1,6 @@
+# AUTO-GENERATED, DO NOT EDIT!
+# Please edit the original at https://github.com/ory/meta/blob/master/templates/repository/common/.github/config.yml
+
 todo:
   keyword: "@todo"
   label: todo
diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md
index deef18980d0f..ccaba2b4b533 100644
--- a/.github/pull_request_template.md
+++ b/.github/pull_request_template.md
@@ -1,3 +1,6 @@
+
+
+
 
+
+
 # Contributor Covenant Code of Conduct
 
 ## Our Pledge
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index fb6622916a76..5036312229bf 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -1,3 +1,6 @@
+
+
+
 
+
+
 
 
-# [](https://github.com/ory/kratos/compare/v0.10.1...v) (2022-10-30)
+# [](https://github.com/ory/kratos/compare/v0.10.1...v) (2022-11-01)
 
 ## Breaking Changes
 

From 8ef7cd5712beab2a55dce37e5432fa767d73afc2 Mon Sep 17 00:00:00 2001
From: aeneasr <3372410+aeneasr@users.noreply.github.com>
Date: Wed, 2 Nov 2022 00:39:54 +0000
Subject: [PATCH 328/411] chore: update repository templates to
 https://github.com/ory/meta/commit/b41b1ee5ed62f47bac563014929c64bff0c14163

---
 .github/pull_request_template.md | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md
index ccaba2b4b533..deef18980d0f 100644
--- a/.github/pull_request_template.md
+++ b/.github/pull_request_template.md
@@ -1,6 +1,3 @@
-
-
-
 
 
 
-
-
 # Contribute to Ory Kratos
 
 
diff --git a/SECURITY.md b/SECURITY.md
index f24b9c043342..7a05c1cfc62e 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -1,16 +1,6 @@
 
 
 
-
-
 
 
 

From 15f5b1bd647bcb8c84512fdbfd13cfad6c21c190 Mon Sep 17 00:00:00 2001
From: ory-bot <60093411+ory-bot@users.noreply.github.com>
Date: Wed, 2 Nov 2022 02:09:10 +0000
Subject: [PATCH 330/411] autogen(docs): regenerate and update changelog

[skip ci]
---
 CHANGELOG.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 4c067efd350e..7d13db276c79 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -5,7 +5,7 @@
 
 **Table of Contents**
 
-- [ (2022-11-01)](#2022-11-01)
+- [ (2022-11-02)](#2022-11-02)
   - [Breaking Changes](#breaking-changes)
     - [Bug Fixes](#bug-fixes)
     - [Code Refactoring](#code-refactoring)
@@ -280,7 +280,7 @@
 
 
 
-# [](https://github.com/ory/kratos/compare/v0.10.1...v) (2022-11-01)
+# [](https://github.com/ory/kratos/compare/v0.10.1...v) (2022-11-02)
 
 ## Breaking Changes
 

From ae6fbb8543f2fa1339e95abc907bc50c780ab904 Mon Sep 17 00:00:00 2001
From: aeneasr <3372410+aeneasr@users.noreply.github.com>
Date: Wed, 2 Nov 2022 11:37:36 +0000
Subject: [PATCH 331/411] chore: update repository templates to
 https://github.com/ory/meta/commit/d3f8710e356fb833d4bd71b4ba19d062df2ea89e

---
 .github/workflows/format.yml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/.github/workflows/format.yml b/.github/workflows/format.yml
index a7a720ebc0a7..acf5b2110981 100644
--- a/.github/workflows/format.yml
+++ b/.github/workflows/format.yml
@@ -1,3 +1,6 @@
+# AUTO-GENERATED, DO NOT EDIT!
+# Please edit the original at https://github.com/ory/meta/blob/master/templates/repository/common/.github/workflows/format.yml
+
 name: Format
 
 on:

From f3c4aba0993d4228ba40c8f2dc4ff35f7ea1ffd5 Mon Sep 17 00:00:00 2001
From: Kevin Goslar 
Date: Wed, 2 Nov 2022 08:19:17 -0400
Subject: [PATCH 332/411] chore: license checker (#2851)

---
 .github/workflows/licenses.yml |  21 +
 Makefile                       |  14 +-
 package-lock.json              | 811 ++++++++++++++++++++++++++++++++-
 package.json                   |   1 +
 4 files changed, 842 insertions(+), 5 deletions(-)
 create mode 100644 .github/workflows/licenses.yml

diff --git a/.github/workflows/licenses.yml b/.github/workflows/licenses.yml
new file mode 100644
index 000000000000..a4592c63ceda
--- /dev/null
+++ b/.github/workflows/licenses.yml
@@ -0,0 +1,21 @@
+name: Licenses
+
+on:
+  pull_request:
+  push:
+    branches:
+      - main
+      - master
+
+jobs:
+  check:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - uses: actions/setup-go@v2
+        with:
+          go-version: "1.18"
+      - uses: actions/setup-node@v2
+        with:
+          node-version: "18"
+      - run: make licenses
diff --git a/Makefile b/Makefile
index 5ebd191226d1..2d3a2ed8b7eb 100644
--- a/Makefile
+++ b/Makefile
@@ -50,10 +50,6 @@ docs/swagger:
 	bash <(curl https://raw.githubusercontent.com/ory/meta/master/install.sh) -d -b .bin ory v0.1.33
 	touch -a -m .bin/ory
 
-node_modules: package.json
-	npm ci
-	touch node_modules
-
 .bin/golangci-lint: Makefile
 	curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -d -b .bin v1.47.3
 
@@ -172,3 +168,13 @@ post-release: .bin/yq
 	cat quickstart.yml | yq '.services.kratos.image = "oryd/kratos:'$$DOCKER_TAG'"' | sponge quickstart.yml
 	cat quickstart.yml | yq '.services.kratos-migrate.image = "oryd/kratos:'$$DOCKER_TAG'"' | sponge quickstart.yml
 	cat quickstart.yml | yq '.services.kratos-selfservice-ui-node.image = "oryd/kratos-selfservice-ui-node:'$$DOCKER_TAG'"' | sponge quickstart.yml
+
+licenses: .bin/licenses node_modules  # checks open-source licenses
+	.bin/licenses
+
+.bin/licenses: Makefile
+	curl https://raw.githubusercontent.com/ory/ci/master/licenses/install | sh
+
+node_modules: package-lock.json
+	npm ci
+	touch node_modules
diff --git a/package-lock.json b/package-lock.json
index 9698d0311530..22942d45a3f8 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -17,6 +17,7 @@
         "cypress": "^9.6.0",
         "dayjs": "^1.10.4",
         "got": "^11.8.2",
+        "license-checker": "^25.0.1",
         "ory-prettier-styles": "1.3.0",
         "otplib": "^12.0.1",
         "prettier": "2.7.1",
@@ -472,6 +473,12 @@
         "@types/node": "*"
       }
     },
+    "node_modules/abbrev": {
+      "version": "1.1.1",
+      "resolved": "https://registry.npmjs.org/abbrev/-/abbrev-1.1.1.tgz",
+      "integrity": "sha512-nne9/IiQ/hzIhY6pdDnbBtz7DjPTKrY00P/zvPSm5pOFkl6xuGrGnXn/VtTNNfNtAfZ9/1RtehkszU9qcTii0Q==",
+      "dev": true
+    },
     "node_modules/aggregate-error": {
       "version": "3.1.0",
       "resolved": "https://registry.npmjs.org/aggregate-error/-/aggregate-error-3.1.0.tgz",
@@ -558,6 +565,15 @@
         "sprintf-js": "~1.0.2"
       }
     },
+    "node_modules/array-find-index": {
+      "version": "1.0.2",
+      "resolved": "https://registry.npmjs.org/array-find-index/-/array-find-index-1.0.2.tgz",
+      "integrity": "sha512-M1HQyIXcBGtVywBt8WVdim+lrNaK7VHp99Qt5pSNziXznKHViIBbXWtfRTpEFpF/c4FdfxNAsCCwPp5phBYJtw==",
+      "dev": true,
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
     "node_modules/array-union": {
       "version": "2.1.0",
       "resolved": "https://registry.npmjs.org/array-union/-/array-union-2.1.0.tgz",
@@ -567,6 +583,12 @@
         "node": ">=8"
       }
     },
+    "node_modules/asap": {
+      "version": "2.0.6",
+      "resolved": "https://registry.npmjs.org/asap/-/asap-2.0.6.tgz",
+      "integrity": "sha512-BSHWgDSAiKs50o2Re8ppvp3seVHXSRM44cdSsT9FfNEUUZLOGWVCsiWaRPWM1Znn+mqZ1OfVZ3z3DWEzSp7hRA==",
+      "dev": true
+    },
     "node_modules/asn1": {
       "version": "0.2.6",
       "resolved": "https://registry.npmjs.org/asn1/-/asn1-0.2.6.tgz",
@@ -1249,6 +1271,15 @@
         }
       }
     },
+    "node_modules/debuglog": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/debuglog/-/debuglog-1.0.1.tgz",
+      "integrity": "sha512-syBZ+rnAK3EgMsH2aYEOLUW7mZSY9Gb+0wUMCFsZvcmiz+HigA0LOcq/HoQqVuGG+EKykunc7QG2bzrponfaSw==",
+      "dev": true,
+      "engines": {
+        "node": "*"
+      }
+    },
     "node_modules/decompress-response": {
       "version": "6.0.0",
       "resolved": "https://registry.npmjs.org/decompress-response/-/decompress-response-6.0.0.tgz",
@@ -1320,6 +1351,16 @@
         "node": ">=8"
       }
     },
+    "node_modules/dezalgo": {
+      "version": "1.0.4",
+      "resolved": "https://registry.npmjs.org/dezalgo/-/dezalgo-1.0.4.tgz",
+      "integrity": "sha512-rXSP0bf+5n0Qonsb+SVVfNfIsimO4HEtmnIpPHY8Q1UCzKlQrDMfdobr8nJOOsRgWCyMRqeSBQzmWUMq7zvVig==",
+      "dev": true,
+      "dependencies": {
+        "asap": "^2.0.0",
+        "wrappy": "1"
+      }
+    },
     "node_modules/dir-glob": {
       "version": "3.0.1",
       "resolved": "https://registry.npmjs.org/dir-glob/-/dir-glob-3.0.1.tgz",
@@ -1617,6 +1658,12 @@
       "resolved": "https://registry.npmjs.org/fs.realpath/-/fs.realpath-1.0.0.tgz",
       "integrity": "sha512-OO0pH2lK6a0hZnAdau5ItzHPI6pUlvI7jMVnxUQRtw4owF2wk8lOSabtGDCTP4Ggrg2MbGnWO9X8K1t4+fGMDw=="
     },
+    "node_modules/function-bind": {
+      "version": "1.1.1",
+      "resolved": "https://registry.npmjs.org/function-bind/-/function-bind-1.1.1.tgz",
+      "integrity": "sha512-yIovAzMX49sF8Yl58fSCWJ5svSLuaibPxXQJFLmBObTuCr0Mf1KiPopGM9NiFjiYBCbfaa2Fh6breQ6ANVTI0A==",
+      "dev": true
+    },
     "node_modules/get-caller-file": {
       "version": "2.0.5",
       "resolved": "https://registry.npmjs.org/get-caller-file/-/get-caller-file-2.0.5.tgz",
@@ -1762,6 +1809,18 @@
       "resolved": "https://registry.npmjs.org/graceful-fs/-/graceful-fs-4.2.10.tgz",
       "integrity": "sha512-9ByhssR2fPVsNZj478qUUbKfmL0+t5BDVyjShtyZZLiK7ZDAArFFfopyOTj0M05wE2tJPisA4iTnnXl2YoPvOA=="
     },
+    "node_modules/has": {
+      "version": "1.0.3",
+      "resolved": "https://registry.npmjs.org/has/-/has-1.0.3.tgz",
+      "integrity": "sha512-f2dvO0VU6Oej7RkWJGrehjbzMAjFp5/VKPp5tTpWIV4JHHZK1/BxbFRtf/siA2SWTe09caDmVtYYzWEIbBS4zw==",
+      "dev": true,
+      "dependencies": {
+        "function-bind": "^1.1.1"
+      },
+      "engines": {
+        "node": ">= 0.4.0"
+      }
+    },
     "node_modules/has-flag": {
       "version": "4.0.0",
       "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-4.0.0.tgz",
@@ -1770,6 +1829,12 @@
         "node": ">=8"
       }
     },
+    "node_modules/hosted-git-info": {
+      "version": "2.8.9",
+      "resolved": "https://registry.npmjs.org/hosted-git-info/-/hosted-git-info-2.8.9.tgz",
+      "integrity": "sha512-mxIDAb9Lsm6DoOJ7xH+5+X4y1LU/4Hi50L9C5sIswK3JzULS4bwk1FvjdBgvYR4bzT4tuUQiC15FE2f5HbLvYw==",
+      "dev": true
+    },
     "node_modules/http-cache-semantics": {
       "version": "4.1.0",
       "resolved": "https://registry.npmjs.org/http-cache-semantics/-/http-cache-semantics-4.1.0.tgz",
@@ -1919,6 +1984,18 @@
         "is-ci": "bin.js"
       }
     },
+    "node_modules/is-core-module": {
+      "version": "2.11.0",
+      "resolved": "https://registry.npmjs.org/is-core-module/-/is-core-module-2.11.0.tgz",
+      "integrity": "sha512-RRjxlvLDkD1YJwDbroBHMb+cukurkDWNyHx7D3oNB5x9rb5ogcksMC5wHCadcXoo67gVr/+3GFySh3134zi6rw==",
+      "dev": true,
+      "dependencies": {
+        "has": "^1.0.3"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
     "node_modules/is-extglob": {
       "version": "2.1.1",
       "resolved": "https://registry.npmjs.org/is-extglob/-/is-extglob-2.1.1.tgz",
@@ -2073,6 +2150,12 @@
       "integrity": "sha512-4bV5BfR2mqfQTJm+V5tPPdf+ZpuhiIvTuAB5g8kcrXOZpTT/QwwVRWBywX1ozr6lEuPdbHxwaJlm9G6mI2sfSQ==",
       "dev": true
     },
+    "node_modules/json-parse-even-better-errors": {
+      "version": "2.3.1",
+      "resolved": "https://registry.npmjs.org/json-parse-even-better-errors/-/json-parse-even-better-errors-2.3.1.tgz",
+      "integrity": "sha512-xyFwyhro/JEof6Ghe2iz2NcXoj2sloNsWr/XsERDK/oiPCfaNhl5ONfp+jQdAZRQQ0IJWNzH9zIZF7li91kh2w==",
+      "dev": true
+    },
     "node_modules/json-schema": {
       "version": "0.4.0",
       "resolved": "https://registry.npmjs.org/json-schema/-/json-schema-0.4.0.tgz",
@@ -2130,6 +2213,107 @@
         "node": "> 0.8"
       }
     },
+    "node_modules/license-checker": {
+      "version": "25.0.1",
+      "resolved": "https://registry.npmjs.org/license-checker/-/license-checker-25.0.1.tgz",
+      "integrity": "sha512-mET5AIwl7MR2IAKYYoVBBpV0OnkKQ1xGj2IMMeEFIs42QAkEVjRtFZGWmQ28WeU7MP779iAgOaOy93Mn44mn6g==",
+      "dev": true,
+      "dependencies": {
+        "chalk": "^2.4.1",
+        "debug": "^3.1.0",
+        "mkdirp": "^0.5.1",
+        "nopt": "^4.0.1",
+        "read-installed": "~4.0.3",
+        "semver": "^5.5.0",
+        "spdx-correct": "^3.0.0",
+        "spdx-expression-parse": "^3.0.0",
+        "spdx-satisfies": "^4.0.0",
+        "treeify": "^1.1.0"
+      },
+      "bin": {
+        "license-checker": "bin/license-checker"
+      }
+    },
+    "node_modules/license-checker/node_modules/ansi-styles": {
+      "version": "3.2.1",
+      "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-3.2.1.tgz",
+      "integrity": "sha512-VT0ZI6kZRdTh8YyJw3SMbYm/u+NqfsAxEpWO0Pf9sq8/e94WxxOpPKx9FR1FlyCtOVDNOQ+8ntlqFxiRc+r5qA==",
+      "dev": true,
+      "dependencies": {
+        "color-convert": "^1.9.0"
+      },
+      "engines": {
+        "node": ">=4"
+      }
+    },
+    "node_modules/license-checker/node_modules/chalk": {
+      "version": "2.4.2",
+      "resolved": "https://registry.npmjs.org/chalk/-/chalk-2.4.2.tgz",
+      "integrity": "sha512-Mti+f9lpJNcwF4tWV8/OrTTtF1gZi+f8FqlyAdouralcFWFQWF2+NgCHShjkCb+IFBLq9buZwE1xckQU4peSuQ==",
+      "dev": true,
+      "dependencies": {
+        "ansi-styles": "^3.2.1",
+        "escape-string-regexp": "^1.0.5",
+        "supports-color": "^5.3.0"
+      },
+      "engines": {
+        "node": ">=4"
+      }
+    },
+    "node_modules/license-checker/node_modules/color-convert": {
+      "version": "1.9.3",
+      "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-1.9.3.tgz",
+      "integrity": "sha512-QfAUtd+vFdAtFQcC8CCyYt1fYWxSqAiK2cSD6zDB8N3cpsEBAvRxp9zOGg6G/SHHJYAT88/az/IuDGALsNVbGg==",
+      "dev": true,
+      "dependencies": {
+        "color-name": "1.1.3"
+      }
+    },
+    "node_modules/license-checker/node_modules/color-name": {
+      "version": "1.1.3",
+      "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.3.tgz",
+      "integrity": "sha512-72fSenhMw2HZMTVHeCA9KCmpEIbzWiQsjN+BHcBbS9vr1mtt+vJjPdksIBNUmKAW8TFUDPJK5SUU3QhE9NEXDw==",
+      "dev": true
+    },
+    "node_modules/license-checker/node_modules/debug": {
+      "version": "3.2.7",
+      "resolved": "https://registry.npmjs.org/debug/-/debug-3.2.7.tgz",
+      "integrity": "sha512-CFjzYYAi4ThfiQvizrFQevTTXHtnCqWfe7x1AhgEscTz6ZbLbfoLRLPugTQyBth6f8ZERVUSyWHFD/7Wu4t1XQ==",
+      "dev": true,
+      "dependencies": {
+        "ms": "^2.1.1"
+      }
+    },
+    "node_modules/license-checker/node_modules/has-flag": {
+      "version": "3.0.0",
+      "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-3.0.0.tgz",
+      "integrity": "sha512-sKJf1+ceQBr4SMkvQnBDNDtf4TXpVhVGateu0t918bl30FnbE2m4vNLX+VWe/dpjlb+HugGYzW7uQXH98HPEYw==",
+      "dev": true,
+      "engines": {
+        "node": ">=4"
+      }
+    },
+    "node_modules/license-checker/node_modules/semver": {
+      "version": "5.7.1",
+      "resolved": "https://registry.npmjs.org/semver/-/semver-5.7.1.tgz",
+      "integrity": "sha512-sauaDf/PZdVgrLTNYHRtpXa1iRiKcaebiKQ1BJdpQlWH2lCvexQdX55snPFyK7QzpudqbCI0qXFfOasHdyNDGQ==",
+      "dev": true,
+      "bin": {
+        "semver": "bin/semver"
+      }
+    },
+    "node_modules/license-checker/node_modules/supports-color": {
+      "version": "5.5.0",
+      "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-5.5.0.tgz",
+      "integrity": "sha512-QjVjwdXIt408MIiAqCX4oUKsgU2EqAGzs2Ppkm4aQYbjm+ZEWEcW4SfFNTr4uMNZma0ey4f5lgLrkB0aX0QMow==",
+      "dev": true,
+      "dependencies": {
+        "has-flag": "^3.0.0"
+      },
+      "engines": {
+        "node": ">=4"
+      }
+    },
     "node_modules/listr2": {
       "version": "3.14.0",
       "resolved": "https://registry.npmjs.org/listr2/-/listr2-3.14.0.tgz",
@@ -2336,6 +2520,18 @@
       "integrity": "sha512-Jsjnk4bw3YJqYzbdyBiNsPWHPfO++UGG749Cxs6peCu5Xg4nrena6OVxOYxrQTqww0Jmwt+Ref8rggumkTLz9Q==",
       "dev": true
     },
+    "node_modules/mkdirp": {
+      "version": "0.5.6",
+      "resolved": "https://registry.npmjs.org/mkdirp/-/mkdirp-0.5.6.tgz",
+      "integrity": "sha512-FP+p8RB8OWpF3YZBCrP5gtADmtXApB5AMLn+vdyA+PyxCjrCs00mjyUozssO33cwDeT3wNGdLxJ5M//YqtHAJw==",
+      "dev": true,
+      "dependencies": {
+        "minimist": "^1.2.6"
+      },
+      "bin": {
+        "mkdirp": "bin/cmd.js"
+      }
+    },
     "node_modules/ms": {
       "version": "2.1.2",
       "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.2.tgz",
@@ -2366,6 +2562,40 @@
         }
       }
     },
+    "node_modules/nopt": {
+      "version": "4.0.3",
+      "resolved": "https://registry.npmjs.org/nopt/-/nopt-4.0.3.tgz",
+      "integrity": "sha512-CvaGwVMztSMJLOeXPrez7fyfObdZqNUK1cPAEzLHrTybIua9pMdmmPR5YwtfNftIOMv3DPUhFaxsZMNTQO20Kg==",
+      "dev": true,
+      "dependencies": {
+        "abbrev": "1",
+        "osenv": "^0.1.4"
+      },
+      "bin": {
+        "nopt": "bin/nopt.js"
+      }
+    },
+    "node_modules/normalize-package-data": {
+      "version": "2.5.0",
+      "resolved": "https://registry.npmjs.org/normalize-package-data/-/normalize-package-data-2.5.0.tgz",
+      "integrity": "sha512-/5CMN3T0R4XTj4DcGaexo+roZSdSFW/0AOOTROrjxzCG1wrWXEsGbRKevjlIL+ZDE4sZlJr5ED4YW0yqmkK+eA==",
+      "dev": true,
+      "dependencies": {
+        "hosted-git-info": "^2.1.4",
+        "resolve": "^1.10.0",
+        "semver": "2 || 3 || 4 || 5",
+        "validate-npm-package-license": "^3.0.1"
+      }
+    },
+    "node_modules/normalize-package-data/node_modules/semver": {
+      "version": "5.7.1",
+      "resolved": "https://registry.npmjs.org/semver/-/semver-5.7.1.tgz",
+      "integrity": "sha512-sauaDf/PZdVgrLTNYHRtpXa1iRiKcaebiKQ1BJdpQlWH2lCvexQdX55snPFyK7QzpudqbCI0qXFfOasHdyNDGQ==",
+      "dev": true,
+      "bin": {
+        "semver": "bin/semver"
+      }
+    },
     "node_modules/normalize-url": {
       "version": "6.1.0",
       "resolved": "https://registry.npmjs.org/normalize-url/-/normalize-url-6.1.0.tgz",
@@ -2378,6 +2608,12 @@
         "url": "https://github.com/sponsors/sindresorhus"
       }
     },
+    "node_modules/npm-normalize-package-bin": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/npm-normalize-package-bin/-/npm-normalize-package-bin-1.0.1.tgz",
+      "integrity": "sha512-EPfafl6JL5/rU+ot6P3gRSCpPDW5VmIzX959Ob1+ySFUuuYHWHekXpwdUZcKP5C+DS4GEtdJluwBjnsNDl+fSA==",
+      "dev": true
+    },
     "node_modules/npm-run-path": {
       "version": "4.0.1",
       "resolved": "https://registry.npmjs.org/npm-run-path/-/npm-run-path-4.0.1.tgz",
@@ -2448,6 +2684,15 @@
       "integrity": "sha512-Vfn0G6CyLaadwcCamwe1SQCf37ZQfBDgMrhRI70dE/2fbE3Q43/xu7K5c32I5FGt/EliroWty5yBjmdkj0eWug==",
       "dev": true
     },
+    "node_modules/os-homedir": {
+      "version": "1.0.2",
+      "resolved": "https://registry.npmjs.org/os-homedir/-/os-homedir-1.0.2.tgz",
+      "integrity": "sha512-B5JU3cabzk8c67mRRd3ECmROafjYMXbuzlwtqdM8IbS8ktlTix8aFGb2bAGKrSRIlnfKwovGUUr72JUPyOb6kQ==",
+      "dev": true,
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
     "node_modules/os-tmpdir": {
       "version": "1.0.2",
       "resolved": "https://registry.npmjs.org/os-tmpdir/-/os-tmpdir-1.0.2.tgz",
@@ -2456,6 +2701,16 @@
         "node": ">=0.10.0"
       }
     },
+    "node_modules/osenv": {
+      "version": "0.1.5",
+      "resolved": "https://registry.npmjs.org/osenv/-/osenv-0.1.5.tgz",
+      "integrity": "sha512-0CWcCECdMVc2Rw3U5w9ZjqX6ga6ubk1xDVKxtBQPK7wis/0F2r9T6k4ydGYhecl7YUBxBVxhL5oisPsNxAPe2g==",
+      "dev": true,
+      "dependencies": {
+        "os-homedir": "^1.0.0",
+        "os-tmpdir": "^1.0.0"
+      }
+    },
     "node_modules/ospath": {
       "version": "1.2.2",
       "resolved": "https://registry.npmjs.org/ospath/-/ospath-1.2.2.tgz",
@@ -2514,6 +2769,12 @@
         "node": ">=8"
       }
     },
+    "node_modules/path-parse": {
+      "version": "1.0.7",
+      "resolved": "https://registry.npmjs.org/path-parse/-/path-parse-1.0.7.tgz",
+      "integrity": "sha512-LDJzPVEEEPR+y48z93A0Ed0yXb8pAByGWo/k5YYdYgpY2/2EsOsksJrq7lOHxryrVOn1ejG6oAp8ahvOIQD8sw==",
+      "dev": true
+    },
     "node_modules/path-to-regexp": {
       "version": "3.2.0",
       "resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-3.2.0.tgz",
@@ -2672,6 +2933,44 @@
         "url": "https://github.com/sponsors/sindresorhus"
       }
     },
+    "node_modules/read-installed": {
+      "version": "4.0.3",
+      "resolved": "https://registry.npmjs.org/read-installed/-/read-installed-4.0.3.tgz",
+      "integrity": "sha512-O03wg/IYuV/VtnK2h/KXEt9VIbMUFbk3ERG0Iu4FhLZw0EP0T9znqrYDGn6ncbEsXUFaUjiVAWXHzxwt3lhRPQ==",
+      "dev": true,
+      "dependencies": {
+        "debuglog": "^1.0.1",
+        "read-package-json": "^2.0.0",
+        "readdir-scoped-modules": "^1.0.0",
+        "semver": "2 || 3 || 4 || 5",
+        "slide": "~1.1.3",
+        "util-extend": "^1.0.1"
+      },
+      "optionalDependencies": {
+        "graceful-fs": "^4.1.2"
+      }
+    },
+    "node_modules/read-installed/node_modules/semver": {
+      "version": "5.7.1",
+      "resolved": "https://registry.npmjs.org/semver/-/semver-5.7.1.tgz",
+      "integrity": "sha512-sauaDf/PZdVgrLTNYHRtpXa1iRiKcaebiKQ1BJdpQlWH2lCvexQdX55snPFyK7QzpudqbCI0qXFfOasHdyNDGQ==",
+      "dev": true,
+      "bin": {
+        "semver": "bin/semver"
+      }
+    },
+    "node_modules/read-package-json": {
+      "version": "2.1.2",
+      "resolved": "https://registry.npmjs.org/read-package-json/-/read-package-json-2.1.2.tgz",
+      "integrity": "sha512-D1KmuLQr6ZSJS0tW8hf3WGpRlwszJOXZ3E8Yd/DNRaM5d+1wVRZdHlpGBLAuovjr28LbWvjpWkBHMxpRGGjzNA==",
+      "dev": true,
+      "dependencies": {
+        "glob": "^7.1.1",
+        "json-parse-even-better-errors": "^2.3.0",
+        "normalize-package-data": "^2.0.0",
+        "npm-normalize-package-bin": "^1.0.0"
+      }
+    },
     "node_modules/readable-stream": {
       "version": "3.6.0",
       "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-3.6.0.tgz",
@@ -2685,6 +2984,18 @@
         "node": ">= 6"
       }
     },
+    "node_modules/readdir-scoped-modules": {
+      "version": "1.1.0",
+      "resolved": "https://registry.npmjs.org/readdir-scoped-modules/-/readdir-scoped-modules-1.1.0.tgz",
+      "integrity": "sha512-asaikDeqAQg7JifRsZn1NJZXo9E+VwlyCfbkZhwyISinqk5zNS6266HS5kah6P0SaQKGF6SkNnZVHUzHFYxYDw==",
+      "dev": true,
+      "dependencies": {
+        "debuglog": "^1.0.1",
+        "dezalgo": "^1.0.0",
+        "graceful-fs": "^4.1.2",
+        "once": "^1.3.0"
+      }
+    },
     "node_modules/reflect-metadata": {
       "version": "0.1.13",
       "resolved": "https://registry.npmjs.org/reflect-metadata/-/reflect-metadata-0.1.13.tgz",
@@ -2707,6 +3018,23 @@
         "node": ">=0.10.0"
       }
     },
+    "node_modules/resolve": {
+      "version": "1.22.1",
+      "resolved": "https://registry.npmjs.org/resolve/-/resolve-1.22.1.tgz",
+      "integrity": "sha512-nBpuuYuY5jFsli/JIs1oldw6fOQCBioohqWZg/2hiaOybXOft4lonv85uDOKXdf8rhyK159cxU5cDcK/NKk8zw==",
+      "dev": true,
+      "dependencies": {
+        "is-core-module": "^2.9.0",
+        "path-parse": "^1.0.7",
+        "supports-preserve-symlinks-flag": "^1.0.0"
+      },
+      "bin": {
+        "resolve": "bin/resolve"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
     "node_modules/resolve-alpn": {
       "version": "1.2.1",
       "resolved": "https://registry.npmjs.org/resolve-alpn/-/resolve-alpn-1.2.1.tgz",
@@ -2897,6 +3225,15 @@
         "node": ">=8"
       }
     },
+    "node_modules/slide": {
+      "version": "1.1.6",
+      "resolved": "https://registry.npmjs.org/slide/-/slide-1.1.6.tgz",
+      "integrity": "sha512-NwrtjCg+lZoqhFU8fOwl4ay2ei8PaqCBOUV3/ektPY9trO1yQ1oXEfmHAhKArUVUr/hOHvy5f6AdP17dCM0zMw==",
+      "dev": true,
+      "engines": {
+        "node": "*"
+      }
+    },
     "node_modules/sort-object-keys": {
       "version": "1.1.3",
       "resolved": "https://registry.npmjs.org/sort-object-keys/-/sort-object-keys-1.1.3.tgz",
@@ -2925,6 +3262,66 @@
       "resolved": "https://registry.npmjs.org/spawn-command/-/spawn-command-0.0.2-1.tgz",
       "integrity": "sha512-n98l9E2RMSJ9ON1AKisHzz7V42VDiBQGY6PB1BwRglz99wpVsSuGzQ+jOi6lFXBGVTCrRpltvjm+/XA+tpeJrg=="
     },
+    "node_modules/spdx-compare": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/spdx-compare/-/spdx-compare-1.0.0.tgz",
+      "integrity": "sha512-C1mDZOX0hnu0ep9dfmuoi03+eOdDoz2yvK79RxbcrVEG1NO1Ph35yW102DHWKN4pk80nwCgeMmSY5L25VE4D9A==",
+      "dev": true,
+      "dependencies": {
+        "array-find-index": "^1.0.2",
+        "spdx-expression-parse": "^3.0.0",
+        "spdx-ranges": "^2.0.0"
+      }
+    },
+    "node_modules/spdx-correct": {
+      "version": "3.1.1",
+      "resolved": "https://registry.npmjs.org/spdx-correct/-/spdx-correct-3.1.1.tgz",
+      "integrity": "sha512-cOYcUWwhCuHCXi49RhFRCyJEK3iPj1Ziz9DpViV3tbZOwXD49QzIN3MpOLJNxh2qwq2lJJZaKMVw9qNi4jTC0w==",
+      "dev": true,
+      "dependencies": {
+        "spdx-expression-parse": "^3.0.0",
+        "spdx-license-ids": "^3.0.0"
+      }
+    },
+    "node_modules/spdx-exceptions": {
+      "version": "2.3.0",
+      "resolved": "https://registry.npmjs.org/spdx-exceptions/-/spdx-exceptions-2.3.0.tgz",
+      "integrity": "sha512-/tTrYOC7PPI1nUAgx34hUpqXuyJG+DTHJTnIULG4rDygi4xu/tfgmq1e1cIRwRzwZgo4NLySi+ricLkZkw4i5A==",
+      "dev": true
+    },
+    "node_modules/spdx-expression-parse": {
+      "version": "3.0.1",
+      "resolved": "https://registry.npmjs.org/spdx-expression-parse/-/spdx-expression-parse-3.0.1.tgz",
+      "integrity": "sha512-cbqHunsQWnJNE6KhVSMsMeH5H/L9EpymbzqTQ3uLwNCLZ1Q481oWaofqH7nO6V07xlXwY6PhQdQ2IedWx/ZK4Q==",
+      "dev": true,
+      "dependencies": {
+        "spdx-exceptions": "^2.1.0",
+        "spdx-license-ids": "^3.0.0"
+      }
+    },
+    "node_modules/spdx-license-ids": {
+      "version": "3.0.12",
+      "resolved": "https://registry.npmjs.org/spdx-license-ids/-/spdx-license-ids-3.0.12.tgz",
+      "integrity": "sha512-rr+VVSXtRhO4OHbXUiAF7xW3Bo9DuuF6C5jH+q/x15j2jniycgKbxU09Hr0WqlSLUs4i4ltHGXqTe7VHclYWyA==",
+      "dev": true
+    },
+    "node_modules/spdx-ranges": {
+      "version": "2.1.1",
+      "resolved": "https://registry.npmjs.org/spdx-ranges/-/spdx-ranges-2.1.1.tgz",
+      "integrity": "sha512-mcdpQFV7UDAgLpXEE/jOMqvK4LBoO0uTQg0uvXUewmEFhpiZx5yJSZITHB8w1ZahKdhfZqP5GPEOKLyEq5p8XA==",
+      "dev": true
+    },
+    "node_modules/spdx-satisfies": {
+      "version": "4.0.1",
+      "resolved": "https://registry.npmjs.org/spdx-satisfies/-/spdx-satisfies-4.0.1.tgz",
+      "integrity": "sha512-WVzZ/cXAzoNmjCWiEluEA3BjHp5tiUmmhn9MK+X0tBbR9sOqtC6UQwmgCNrAIZvNlMuBUYAaHYfb2oqlF9SwKA==",
+      "dev": true,
+      "dependencies": {
+        "spdx-compare": "^1.0.0",
+        "spdx-expression-parse": "^3.0.0",
+        "spdx-ranges": "^2.0.0"
+      }
+    },
     "node_modules/sprintf-js": {
       "version": "1.0.3",
       "resolved": "https://registry.npmjs.org/sprintf-js/-/sprintf-js-1.0.3.tgz",
@@ -3007,6 +3404,18 @@
         "node": ">=8"
       }
     },
+    "node_modules/supports-preserve-symlinks-flag": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/supports-preserve-symlinks-flag/-/supports-preserve-symlinks-flag-1.0.0.tgz",
+      "integrity": "sha512-ot0WnXS9fgdkgIcePe6RHNk1WA8+muPa6cSjeR3V8K27q9BB1rTE3R1p7Hv0z1ZyAc8s6Vvv8DIyWf681MAt0w==",
+      "dev": true,
+      "engines": {
+        "node": ">= 0.4"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
     "node_modules/thirty-two": {
       "version": "1.0.2",
       "resolved": "https://registry.npmjs.org/thirty-two/-/thirty-two-1.0.2.tgz",
@@ -3077,6 +3486,15 @@
         "tree-kill": "cli.js"
       }
     },
+    "node_modules/treeify": {
+      "version": "1.1.0",
+      "resolved": "https://registry.npmjs.org/treeify/-/treeify-1.1.0.tgz",
+      "integrity": "sha512-1m4RA7xVAJrSGrrXGs0L3YTwyvBs2S8PbRHaLZAkFw7JR8oIFwYtysxlBZhYIa7xSyiYJKZ3iGrrk55cGA3i9A==",
+      "dev": true,
+      "engines": {
+        "node": ">=0.6"
+      }
+    },
     "node_modules/tslib": {
       "version": "2.0.3",
       "resolved": "https://registry.npmjs.org/tslib/-/tslib-2.0.3.tgz",
@@ -3146,6 +3564,12 @@
       "resolved": "https://registry.npmjs.org/util-deprecate/-/util-deprecate-1.0.2.tgz",
       "integrity": "sha512-EPD5q1uXyFxJpCrLnCc1nHnq3gOa6DZBocAIiI2TaSCA7VCJ1UJDMagCzIkXNsUYfD1daK//LTEQ8xiIbrHtcw=="
     },
+    "node_modules/util-extend": {
+      "version": "1.0.3",
+      "resolved": "https://registry.npmjs.org/util-extend/-/util-extend-1.0.3.tgz",
+      "integrity": "sha512-mLs5zAK+ctllYBj+iAQvlDCwoxU/WDOUaJkcFudeiAX6OajC6BKXJUa9a+tbtkC11dz2Ufb7h0lyvIOVn4LADA==",
+      "dev": true
+    },
     "node_modules/uuid": {
       "version": "8.3.2",
       "resolved": "https://registry.npmjs.org/uuid/-/uuid-8.3.2.tgz",
@@ -3154,6 +3578,16 @@
         "uuid": "dist/bin/uuid"
       }
     },
+    "node_modules/validate-npm-package-license": {
+      "version": "3.0.4",
+      "resolved": "https://registry.npmjs.org/validate-npm-package-license/-/validate-npm-package-license-3.0.4.tgz",
+      "integrity": "sha512-DpKm2Ui/xN7/HQKCtpZxoRWBhZ9Z0kqtygG8XCgNQ8ZlDnxuQmWhj566j8fN4Cu3/JmbhsDo7fcAJq4s9h27Ew==",
+      "dev": true,
+      "dependencies": {
+        "spdx-correct": "^3.0.0",
+        "spdx-expression-parse": "^3.0.0"
+      }
+    },
     "node_modules/verror": {
       "version": "1.10.0",
       "resolved": "https://registry.npmjs.org/verror/-/verror-1.10.0.tgz",
@@ -3724,6 +4158,12 @@
         "@types/node": "*"
       }
     },
+    "abbrev": {
+      "version": "1.1.1",
+      "resolved": "https://registry.npmjs.org/abbrev/-/abbrev-1.1.1.tgz",
+      "integrity": "sha512-nne9/IiQ/hzIhY6pdDnbBtz7DjPTKrY00P/zvPSm5pOFkl6xuGrGnXn/VtTNNfNtAfZ9/1RtehkszU9qcTii0Q==",
+      "dev": true
+    },
     "aggregate-error": {
       "version": "3.1.0",
       "resolved": "https://registry.npmjs.org/aggregate-error/-/aggregate-error-3.1.0.tgz",
@@ -3775,12 +4215,24 @@
         "sprintf-js": "~1.0.2"
       }
     },
+    "array-find-index": {
+      "version": "1.0.2",
+      "resolved": "https://registry.npmjs.org/array-find-index/-/array-find-index-1.0.2.tgz",
+      "integrity": "sha512-M1HQyIXcBGtVywBt8WVdim+lrNaK7VHp99Qt5pSNziXznKHViIBbXWtfRTpEFpF/c4FdfxNAsCCwPp5phBYJtw==",
+      "dev": true
+    },
     "array-union": {
       "version": "2.1.0",
       "resolved": "https://registry.npmjs.org/array-union/-/array-union-2.1.0.tgz",
       "integrity": "sha512-HGyxoOTYUyCM6stUe6EJgnd4EoewAI7zMdfqO+kGjnlZmBDz/cR5pf8r/cR4Wq60sL/p0IkcjUEEPwS3GFrIyw==",
       "dev": true
     },
+    "asap": {
+      "version": "2.0.6",
+      "resolved": "https://registry.npmjs.org/asap/-/asap-2.0.6.tgz",
+      "integrity": "sha512-BSHWgDSAiKs50o2Re8ppvp3seVHXSRM44cdSsT9FfNEUUZLOGWVCsiWaRPWM1Znn+mqZ1OfVZ3z3DWEzSp7hRA==",
+      "dev": true
+    },
     "asn1": {
       "version": "0.2.6",
       "resolved": "https://registry.npmjs.org/asn1/-/asn1-0.2.6.tgz",
@@ -4300,6 +4752,12 @@
         "ms": "2.1.2"
       }
     },
+    "debuglog": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/debuglog/-/debuglog-1.0.1.tgz",
+      "integrity": "sha512-syBZ+rnAK3EgMsH2aYEOLUW7mZSY9Gb+0wUMCFsZvcmiz+HigA0LOcq/HoQqVuGG+EKykunc7QG2bzrponfaSw==",
+      "dev": true
+    },
     "decompress-response": {
       "version": "6.0.0",
       "resolved": "https://registry.npmjs.org/decompress-response/-/decompress-response-6.0.0.tgz",
@@ -4349,6 +4807,16 @@
       "integrity": "sha512-TLz+x/vEXm/Y7P7wn1EJFNLxYpUD4TgMosxY6fAVJUnJMbupHBOncxyWUG9OpTaH9EBD7uFI5LfEgmMOc54DsA==",
       "dev": true
     },
+    "dezalgo": {
+      "version": "1.0.4",
+      "resolved": "https://registry.npmjs.org/dezalgo/-/dezalgo-1.0.4.tgz",
+      "integrity": "sha512-rXSP0bf+5n0Qonsb+SVVfNfIsimO4HEtmnIpPHY8Q1UCzKlQrDMfdobr8nJOOsRgWCyMRqeSBQzmWUMq7zvVig==",
+      "dev": true,
+      "requires": {
+        "asap": "^2.0.0",
+        "wrappy": "1"
+      }
+    },
     "dir-glob": {
       "version": "3.0.1",
       "resolved": "https://registry.npmjs.org/dir-glob/-/dir-glob-3.0.1.tgz",
@@ -4575,6 +5043,12 @@
       "resolved": "https://registry.npmjs.org/fs.realpath/-/fs.realpath-1.0.0.tgz",
       "integrity": "sha512-OO0pH2lK6a0hZnAdau5ItzHPI6pUlvI7jMVnxUQRtw4owF2wk8lOSabtGDCTP4Ggrg2MbGnWO9X8K1t4+fGMDw=="
     },
+    "function-bind": {
+      "version": "1.1.1",
+      "resolved": "https://registry.npmjs.org/function-bind/-/function-bind-1.1.1.tgz",
+      "integrity": "sha512-yIovAzMX49sF8Yl58fSCWJ5svSLuaibPxXQJFLmBObTuCr0Mf1KiPopGM9NiFjiYBCbfaa2Fh6breQ6ANVTI0A==",
+      "dev": true
+    },
     "get-caller-file": {
       "version": "2.0.5",
       "resolved": "https://registry.npmjs.org/get-caller-file/-/get-caller-file-2.0.5.tgz",
@@ -4684,11 +5158,26 @@
       "resolved": "https://registry.npmjs.org/graceful-fs/-/graceful-fs-4.2.10.tgz",
       "integrity": "sha512-9ByhssR2fPVsNZj478qUUbKfmL0+t5BDVyjShtyZZLiK7ZDAArFFfopyOTj0M05wE2tJPisA4iTnnXl2YoPvOA=="
     },
+    "has": {
+      "version": "1.0.3",
+      "resolved": "https://registry.npmjs.org/has/-/has-1.0.3.tgz",
+      "integrity": "sha512-f2dvO0VU6Oej7RkWJGrehjbzMAjFp5/VKPp5tTpWIV4JHHZK1/BxbFRtf/siA2SWTe09caDmVtYYzWEIbBS4zw==",
+      "dev": true,
+      "requires": {
+        "function-bind": "^1.1.1"
+      }
+    },
     "has-flag": {
       "version": "4.0.0",
       "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-4.0.0.tgz",
       "integrity": "sha512-EykJT/Q1KjTWctppgIAgfSO0tKVuZUjhgMr17kqTumMl6Afv3EISleU7qZUzoXDFTAHTDC4NOoG/ZxU3EvlMPQ=="
     },
+    "hosted-git-info": {
+      "version": "2.8.9",
+      "resolved": "https://registry.npmjs.org/hosted-git-info/-/hosted-git-info-2.8.9.tgz",
+      "integrity": "sha512-mxIDAb9Lsm6DoOJ7xH+5+X4y1LU/4Hi50L9C5sIswK3JzULS4bwk1FvjdBgvYR4bzT4tuUQiC15FE2f5HbLvYw==",
+      "dev": true
+    },
     "http-cache-semantics": {
       "version": "4.1.0",
       "resolved": "https://registry.npmjs.org/http-cache-semantics/-/http-cache-semantics-4.1.0.tgz",
@@ -4797,6 +5286,15 @@
         "ci-info": "^3.2.0"
       }
     },
+    "is-core-module": {
+      "version": "2.11.0",
+      "resolved": "https://registry.npmjs.org/is-core-module/-/is-core-module-2.11.0.tgz",
+      "integrity": "sha512-RRjxlvLDkD1YJwDbroBHMb+cukurkDWNyHx7D3oNB5x9rb5ogcksMC5wHCadcXoo67gVr/+3GFySh3134zi6rw==",
+      "dev": true,
+      "requires": {
+        "has": "^1.0.3"
+      }
+    },
     "is-extglob": {
       "version": "2.1.1",
       "resolved": "https://registry.npmjs.org/is-extglob/-/is-extglob-2.1.1.tgz",
@@ -4909,6 +5407,12 @@
       "integrity": "sha512-4bV5BfR2mqfQTJm+V5tPPdf+ZpuhiIvTuAB5g8kcrXOZpTT/QwwVRWBywX1ozr6lEuPdbHxwaJlm9G6mI2sfSQ==",
       "dev": true
     },
+    "json-parse-even-better-errors": {
+      "version": "2.3.1",
+      "resolved": "https://registry.npmjs.org/json-parse-even-better-errors/-/json-parse-even-better-errors-2.3.1.tgz",
+      "integrity": "sha512-xyFwyhro/JEof6Ghe2iz2NcXoj2sloNsWr/XsERDK/oiPCfaNhl5ONfp+jQdAZRQQ0IJWNzH9zIZF7li91kh2w==",
+      "dev": true
+    },
     "json-schema": {
       "version": "0.4.0",
       "resolved": "https://registry.npmjs.org/json-schema/-/json-schema-0.4.0.tgz",
@@ -4958,6 +5462,91 @@
       "integrity": "sha512-cc8oEVoctTvsFZ/Oje/kGnHbpWHYBe8IAJe4C0QNc3t8uM/0Y8+erSz/7Y1ALuXTEZTMvxXwO6YbX1ey3ujiZw==",
       "dev": true
     },
+    "license-checker": {
+      "version": "25.0.1",
+      "resolved": "https://registry.npmjs.org/license-checker/-/license-checker-25.0.1.tgz",
+      "integrity": "sha512-mET5AIwl7MR2IAKYYoVBBpV0OnkKQ1xGj2IMMeEFIs42QAkEVjRtFZGWmQ28WeU7MP779iAgOaOy93Mn44mn6g==",
+      "dev": true,
+      "requires": {
+        "chalk": "^2.4.1",
+        "debug": "^3.1.0",
+        "mkdirp": "^0.5.1",
+        "nopt": "^4.0.1",
+        "read-installed": "~4.0.3",
+        "semver": "^5.5.0",
+        "spdx-correct": "^3.0.0",
+        "spdx-expression-parse": "^3.0.0",
+        "spdx-satisfies": "^4.0.0",
+        "treeify": "^1.1.0"
+      },
+      "dependencies": {
+        "ansi-styles": {
+          "version": "3.2.1",
+          "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-3.2.1.tgz",
+          "integrity": "sha512-VT0ZI6kZRdTh8YyJw3SMbYm/u+NqfsAxEpWO0Pf9sq8/e94WxxOpPKx9FR1FlyCtOVDNOQ+8ntlqFxiRc+r5qA==",
+          "dev": true,
+          "requires": {
+            "color-convert": "^1.9.0"
+          }
+        },
+        "chalk": {
+          "version": "2.4.2",
+          "resolved": "https://registry.npmjs.org/chalk/-/chalk-2.4.2.tgz",
+          "integrity": "sha512-Mti+f9lpJNcwF4tWV8/OrTTtF1gZi+f8FqlyAdouralcFWFQWF2+NgCHShjkCb+IFBLq9buZwE1xckQU4peSuQ==",
+          "dev": true,
+          "requires": {
+            "ansi-styles": "^3.2.1",
+            "escape-string-regexp": "^1.0.5",
+            "supports-color": "^5.3.0"
+          }
+        },
+        "color-convert": {
+          "version": "1.9.3",
+          "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-1.9.3.tgz",
+          "integrity": "sha512-QfAUtd+vFdAtFQcC8CCyYt1fYWxSqAiK2cSD6zDB8N3cpsEBAvRxp9zOGg6G/SHHJYAT88/az/IuDGALsNVbGg==",
+          "dev": true,
+          "requires": {
+            "color-name": "1.1.3"
+          }
+        },
+        "color-name": {
+          "version": "1.1.3",
+          "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.3.tgz",
+          "integrity": "sha512-72fSenhMw2HZMTVHeCA9KCmpEIbzWiQsjN+BHcBbS9vr1mtt+vJjPdksIBNUmKAW8TFUDPJK5SUU3QhE9NEXDw==",
+          "dev": true
+        },
+        "debug": {
+          "version": "3.2.7",
+          "resolved": "https://registry.npmjs.org/debug/-/debug-3.2.7.tgz",
+          "integrity": "sha512-CFjzYYAi4ThfiQvizrFQevTTXHtnCqWfe7x1AhgEscTz6ZbLbfoLRLPugTQyBth6f8ZERVUSyWHFD/7Wu4t1XQ==",
+          "dev": true,
+          "requires": {
+            "ms": "^2.1.1"
+          }
+        },
+        "has-flag": {
+          "version": "3.0.0",
+          "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-3.0.0.tgz",
+          "integrity": "sha512-sKJf1+ceQBr4SMkvQnBDNDtf4TXpVhVGateu0t918bl30FnbE2m4vNLX+VWe/dpjlb+HugGYzW7uQXH98HPEYw==",
+          "dev": true
+        },
+        "semver": {
+          "version": "5.7.1",
+          "resolved": "https://registry.npmjs.org/semver/-/semver-5.7.1.tgz",
+          "integrity": "sha512-sauaDf/PZdVgrLTNYHRtpXa1iRiKcaebiKQ1BJdpQlWH2lCvexQdX55snPFyK7QzpudqbCI0qXFfOasHdyNDGQ==",
+          "dev": true
+        },
+        "supports-color": {
+          "version": "5.5.0",
+          "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-5.5.0.tgz",
+          "integrity": "sha512-QjVjwdXIt408MIiAqCX4oUKsgU2EqAGzs2Ppkm4aQYbjm+ZEWEcW4SfFNTr4uMNZma0ey4f5lgLrkB0aX0QMow==",
+          "dev": true,
+          "requires": {
+            "has-flag": "^3.0.0"
+          }
+        }
+      }
+    },
     "listr2": {
       "version": "3.14.0",
       "resolved": "https://registry.npmjs.org/listr2/-/listr2-3.14.0.tgz",
@@ -5107,6 +5696,15 @@
       "integrity": "sha512-Jsjnk4bw3YJqYzbdyBiNsPWHPfO++UGG749Cxs6peCu5Xg4nrena6OVxOYxrQTqww0Jmwt+Ref8rggumkTLz9Q==",
       "dev": true
     },
+    "mkdirp": {
+      "version": "0.5.6",
+      "resolved": "https://registry.npmjs.org/mkdirp/-/mkdirp-0.5.6.tgz",
+      "integrity": "sha512-FP+p8RB8OWpF3YZBCrP5gtADmtXApB5AMLn+vdyA+PyxCjrCs00mjyUozssO33cwDeT3wNGdLxJ5M//YqtHAJw==",
+      "dev": true,
+      "requires": {
+        "minimist": "^1.2.6"
+      }
+    },
     "ms": {
       "version": "2.1.2",
       "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.2.tgz",
@@ -5126,12 +5724,48 @@
         "whatwg-url": "^5.0.0"
       }
     },
+    "nopt": {
+      "version": "4.0.3",
+      "resolved": "https://registry.npmjs.org/nopt/-/nopt-4.0.3.tgz",
+      "integrity": "sha512-CvaGwVMztSMJLOeXPrez7fyfObdZqNUK1cPAEzLHrTybIua9pMdmmPR5YwtfNftIOMv3DPUhFaxsZMNTQO20Kg==",
+      "dev": true,
+      "requires": {
+        "abbrev": "1",
+        "osenv": "^0.1.4"
+      }
+    },
+    "normalize-package-data": {
+      "version": "2.5.0",
+      "resolved": "https://registry.npmjs.org/normalize-package-data/-/normalize-package-data-2.5.0.tgz",
+      "integrity": "sha512-/5CMN3T0R4XTj4DcGaexo+roZSdSFW/0AOOTROrjxzCG1wrWXEsGbRKevjlIL+ZDE4sZlJr5ED4YW0yqmkK+eA==",
+      "dev": true,
+      "requires": {
+        "hosted-git-info": "^2.1.4",
+        "resolve": "^1.10.0",
+        "semver": "2 || 3 || 4 || 5",
+        "validate-npm-package-license": "^3.0.1"
+      },
+      "dependencies": {
+        "semver": {
+          "version": "5.7.1",
+          "resolved": "https://registry.npmjs.org/semver/-/semver-5.7.1.tgz",
+          "integrity": "sha512-sauaDf/PZdVgrLTNYHRtpXa1iRiKcaebiKQ1BJdpQlWH2lCvexQdX55snPFyK7QzpudqbCI0qXFfOasHdyNDGQ==",
+          "dev": true
+        }
+      }
+    },
     "normalize-url": {
       "version": "6.1.0",
       "resolved": "https://registry.npmjs.org/normalize-url/-/normalize-url-6.1.0.tgz",
       "integrity": "sha512-DlL+XwOy3NxAQ8xuC0okPgK46iuVNAK01YN7RueYBqqFeGsBjV9XmCAzAdgt+667bCl5kPh9EqKKDwnaPG1I7A==",
       "dev": true
     },
+    "npm-normalize-package-bin": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/npm-normalize-package-bin/-/npm-normalize-package-bin-1.0.1.tgz",
+      "integrity": "sha512-EPfafl6JL5/rU+ot6P3gRSCpPDW5VmIzX959Ob1+ySFUuuYHWHekXpwdUZcKP5C+DS4GEtdJluwBjnsNDl+fSA==",
+      "dev": true
+    },
     "npm-run-path": {
       "version": "4.0.1",
       "resolved": "https://registry.npmjs.org/npm-run-path/-/npm-run-path-4.0.1.tgz",
@@ -5184,11 +5818,27 @@
       "integrity": "sha512-Vfn0G6CyLaadwcCamwe1SQCf37ZQfBDgMrhRI70dE/2fbE3Q43/xu7K5c32I5FGt/EliroWty5yBjmdkj0eWug==",
       "dev": true
     },
+    "os-homedir": {
+      "version": "1.0.2",
+      "resolved": "https://registry.npmjs.org/os-homedir/-/os-homedir-1.0.2.tgz",
+      "integrity": "sha512-B5JU3cabzk8c67mRRd3ECmROafjYMXbuzlwtqdM8IbS8ktlTix8aFGb2bAGKrSRIlnfKwovGUUr72JUPyOb6kQ==",
+      "dev": true
+    },
     "os-tmpdir": {
       "version": "1.0.2",
       "resolved": "https://registry.npmjs.org/os-tmpdir/-/os-tmpdir-1.0.2.tgz",
       "integrity": "sha512-D2FR03Vir7FIu45XBY20mTb+/ZSWB00sjU9jdQXt83gDrI4Ztz5Fs7/yy74g2N5SVQY4xY1qDr4rNddwYRVX0g=="
     },
+    "osenv": {
+      "version": "0.1.5",
+      "resolved": "https://registry.npmjs.org/osenv/-/osenv-0.1.5.tgz",
+      "integrity": "sha512-0CWcCECdMVc2Rw3U5w9ZjqX6ga6ubk1xDVKxtBQPK7wis/0F2r9T6k4ydGYhecl7YUBxBVxhL5oisPsNxAPe2g==",
+      "dev": true,
+      "requires": {
+        "os-homedir": "^1.0.0",
+        "os-tmpdir": "^1.0.0"
+      }
+    },
     "ospath": {
       "version": "1.2.2",
       "resolved": "https://registry.npmjs.org/ospath/-/ospath-1.2.2.tgz",
@@ -5232,6 +5882,12 @@
       "integrity": "sha512-ojmeN0qd+y0jszEtoY48r0Peq5dwMEkIlCOu6Q5f41lfkswXuKtYrhgoTpLnyIcHm24Uhqx+5Tqm2InSwLhE6Q==",
       "dev": true
     },
+    "path-parse": {
+      "version": "1.0.7",
+      "resolved": "https://registry.npmjs.org/path-parse/-/path-parse-1.0.7.tgz",
+      "integrity": "sha512-LDJzPVEEEPR+y48z93A0Ed0yXb8pAByGWo/k5YYdYgpY2/2EsOsksJrq7lOHxryrVOn1ejG6oAp8ahvOIQD8sw==",
+      "dev": true
+    },
     "path-to-regexp": {
       "version": "3.2.0",
       "resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-3.2.0.tgz",
@@ -5334,6 +5990,41 @@
       "integrity": "sha512-WuyALRjWPDGtt/wzJiadO5AXY+8hZ80hVpe6MyivgraREW751X3SbhRvG3eLKOYN+8VEvqLcf3wdnt44Z4S4SA==",
       "dev": true
     },
+    "read-installed": {
+      "version": "4.0.3",
+      "resolved": "https://registry.npmjs.org/read-installed/-/read-installed-4.0.3.tgz",
+      "integrity": "sha512-O03wg/IYuV/VtnK2h/KXEt9VIbMUFbk3ERG0Iu4FhLZw0EP0T9znqrYDGn6ncbEsXUFaUjiVAWXHzxwt3lhRPQ==",
+      "dev": true,
+      "requires": {
+        "debuglog": "^1.0.1",
+        "graceful-fs": "^4.1.2",
+        "read-package-json": "^2.0.0",
+        "readdir-scoped-modules": "^1.0.0",
+        "semver": "2 || 3 || 4 || 5",
+        "slide": "~1.1.3",
+        "util-extend": "^1.0.1"
+      },
+      "dependencies": {
+        "semver": {
+          "version": "5.7.1",
+          "resolved": "https://registry.npmjs.org/semver/-/semver-5.7.1.tgz",
+          "integrity": "sha512-sauaDf/PZdVgrLTNYHRtpXa1iRiKcaebiKQ1BJdpQlWH2lCvexQdX55snPFyK7QzpudqbCI0qXFfOasHdyNDGQ==",
+          "dev": true
+        }
+      }
+    },
+    "read-package-json": {
+      "version": "2.1.2",
+      "resolved": "https://registry.npmjs.org/read-package-json/-/read-package-json-2.1.2.tgz",
+      "integrity": "sha512-D1KmuLQr6ZSJS0tW8hf3WGpRlwszJOXZ3E8Yd/DNRaM5d+1wVRZdHlpGBLAuovjr28LbWvjpWkBHMxpRGGjzNA==",
+      "dev": true,
+      "requires": {
+        "glob": "^7.1.1",
+        "json-parse-even-better-errors": "^2.3.0",
+        "normalize-package-data": "^2.0.0",
+        "npm-normalize-package-bin": "^1.0.0"
+      }
+    },
     "readable-stream": {
       "version": "3.6.0",
       "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-3.6.0.tgz",
@@ -5344,6 +6035,18 @@
         "util-deprecate": "^1.0.1"
       }
     },
+    "readdir-scoped-modules": {
+      "version": "1.1.0",
+      "resolved": "https://registry.npmjs.org/readdir-scoped-modules/-/readdir-scoped-modules-1.1.0.tgz",
+      "integrity": "sha512-asaikDeqAQg7JifRsZn1NJZXo9E+VwlyCfbkZhwyISinqk5zNS6266HS5kah6P0SaQKGF6SkNnZVHUzHFYxYDw==",
+      "dev": true,
+      "requires": {
+        "debuglog": "^1.0.1",
+        "dezalgo": "^1.0.0",
+        "graceful-fs": "^4.1.2",
+        "once": "^1.3.0"
+      }
+    },
     "reflect-metadata": {
       "version": "0.1.13",
       "resolved": "https://registry.npmjs.org/reflect-metadata/-/reflect-metadata-0.1.13.tgz",
@@ -5363,6 +6066,17 @@
       "resolved": "https://registry.npmjs.org/require-directory/-/require-directory-2.1.1.tgz",
       "integrity": "sha512-fGxEI7+wsG9xrvdjsrlmL22OMTTiHRwAMroiEeMgq8gzoLC/PQr7RsRDSTLUg/bZAZtF+TVIkHc6/4RIKrui+Q=="
     },
+    "resolve": {
+      "version": "1.22.1",
+      "resolved": "https://registry.npmjs.org/resolve/-/resolve-1.22.1.tgz",
+      "integrity": "sha512-nBpuuYuY5jFsli/JIs1oldw6fOQCBioohqWZg/2hiaOybXOft4lonv85uDOKXdf8rhyK159cxU5cDcK/NKk8zw==",
+      "dev": true,
+      "requires": {
+        "is-core-module": "^2.9.0",
+        "path-parse": "^1.0.7",
+        "supports-preserve-symlinks-flag": "^1.0.0"
+      }
+    },
     "resolve-alpn": {
       "version": "1.2.1",
       "resolved": "https://registry.npmjs.org/resolve-alpn/-/resolve-alpn-1.2.1.tgz",
@@ -5493,6 +6207,12 @@
         "is-fullwidth-code-point": "^3.0.0"
       }
     },
+    "slide": {
+      "version": "1.1.6",
+      "resolved": "https://registry.npmjs.org/slide/-/slide-1.1.6.tgz",
+      "integrity": "sha512-NwrtjCg+lZoqhFU8fOwl4ay2ei8PaqCBOUV3/ektPY9trO1yQ1oXEfmHAhKArUVUr/hOHvy5f6AdP17dCM0zMw==",
+      "dev": true
+    },
     "sort-object-keys": {
       "version": "1.1.3",
       "resolved": "https://registry.npmjs.org/sort-object-keys/-/sort-object-keys-1.1.3.tgz",
@@ -5518,6 +6238,66 @@
       "resolved": "https://registry.npmjs.org/spawn-command/-/spawn-command-0.0.2-1.tgz",
       "integrity": "sha512-n98l9E2RMSJ9ON1AKisHzz7V42VDiBQGY6PB1BwRglz99wpVsSuGzQ+jOi6lFXBGVTCrRpltvjm+/XA+tpeJrg=="
     },
+    "spdx-compare": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/spdx-compare/-/spdx-compare-1.0.0.tgz",
+      "integrity": "sha512-C1mDZOX0hnu0ep9dfmuoi03+eOdDoz2yvK79RxbcrVEG1NO1Ph35yW102DHWKN4pk80nwCgeMmSY5L25VE4D9A==",
+      "dev": true,
+      "requires": {
+        "array-find-index": "^1.0.2",
+        "spdx-expression-parse": "^3.0.0",
+        "spdx-ranges": "^2.0.0"
+      }
+    },
+    "spdx-correct": {
+      "version": "3.1.1",
+      "resolved": "https://registry.npmjs.org/spdx-correct/-/spdx-correct-3.1.1.tgz",
+      "integrity": "sha512-cOYcUWwhCuHCXi49RhFRCyJEK3iPj1Ziz9DpViV3tbZOwXD49QzIN3MpOLJNxh2qwq2lJJZaKMVw9qNi4jTC0w==",
+      "dev": true,
+      "requires": {
+        "spdx-expression-parse": "^3.0.0",
+        "spdx-license-ids": "^3.0.0"
+      }
+    },
+    "spdx-exceptions": {
+      "version": "2.3.0",
+      "resolved": "https://registry.npmjs.org/spdx-exceptions/-/spdx-exceptions-2.3.0.tgz",
+      "integrity": "sha512-/tTrYOC7PPI1nUAgx34hUpqXuyJG+DTHJTnIULG4rDygi4xu/tfgmq1e1cIRwRzwZgo4NLySi+ricLkZkw4i5A==",
+      "dev": true
+    },
+    "spdx-expression-parse": {
+      "version": "3.0.1",
+      "resolved": "https://registry.npmjs.org/spdx-expression-parse/-/spdx-expression-parse-3.0.1.tgz",
+      "integrity": "sha512-cbqHunsQWnJNE6KhVSMsMeH5H/L9EpymbzqTQ3uLwNCLZ1Q481oWaofqH7nO6V07xlXwY6PhQdQ2IedWx/ZK4Q==",
+      "dev": true,
+      "requires": {
+        "spdx-exceptions": "^2.1.0",
+        "spdx-license-ids": "^3.0.0"
+      }
+    },
+    "spdx-license-ids": {
+      "version": "3.0.12",
+      "resolved": "https://registry.npmjs.org/spdx-license-ids/-/spdx-license-ids-3.0.12.tgz",
+      "integrity": "sha512-rr+VVSXtRhO4OHbXUiAF7xW3Bo9DuuF6C5jH+q/x15j2jniycgKbxU09Hr0WqlSLUs4i4ltHGXqTe7VHclYWyA==",
+      "dev": true
+    },
+    "spdx-ranges": {
+      "version": "2.1.1",
+      "resolved": "https://registry.npmjs.org/spdx-ranges/-/spdx-ranges-2.1.1.tgz",
+      "integrity": "sha512-mcdpQFV7UDAgLpXEE/jOMqvK4LBoO0uTQg0uvXUewmEFhpiZx5yJSZITHB8w1ZahKdhfZqP5GPEOKLyEq5p8XA==",
+      "dev": true
+    },
+    "spdx-satisfies": {
+      "version": "4.0.1",
+      "resolved": "https://registry.npmjs.org/spdx-satisfies/-/spdx-satisfies-4.0.1.tgz",
+      "integrity": "sha512-WVzZ/cXAzoNmjCWiEluEA3BjHp5tiUmmhn9MK+X0tBbR9sOqtC6UQwmgCNrAIZvNlMuBUYAaHYfb2oqlF9SwKA==",
+      "dev": true,
+      "requires": {
+        "spdx-compare": "^1.0.0",
+        "spdx-expression-parse": "^3.0.0",
+        "spdx-ranges": "^2.0.0"
+      }
+    },
     "sprintf-js": {
       "version": "1.0.3",
       "resolved": "https://registry.npmjs.org/sprintf-js/-/sprintf-js-1.0.3.tgz",
@@ -5580,6 +6360,12 @@
         "has-flag": "^4.0.0"
       }
     },
+    "supports-preserve-symlinks-flag": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/supports-preserve-symlinks-flag/-/supports-preserve-symlinks-flag-1.0.0.tgz",
+      "integrity": "sha512-ot0WnXS9fgdkgIcePe6RHNk1WA8+muPa6cSjeR3V8K27q9BB1rTE3R1p7Hv0z1ZyAc8s6Vvv8DIyWf681MAt0w==",
+      "dev": true
+    },
     "thirty-two": {
       "version": "1.0.2",
       "resolved": "https://registry.npmjs.org/thirty-two/-/thirty-two-1.0.2.tgz",
@@ -5635,6 +6421,12 @@
       "resolved": "https://registry.npmjs.org/tree-kill/-/tree-kill-1.2.2.tgz",
       "integrity": "sha512-L0Orpi8qGpRG//Nd+H90vFB+3iHnue1zSSGmNOOCh1GLJ7rUKVwV2HvijphGQS2UmhUZewS9VgvxYIdgr+fG1A=="
     },
+    "treeify": {
+      "version": "1.1.0",
+      "resolved": "https://registry.npmjs.org/treeify/-/treeify-1.1.0.tgz",
+      "integrity": "sha512-1m4RA7xVAJrSGrrXGs0L3YTwyvBs2S8PbRHaLZAkFw7JR8oIFwYtysxlBZhYIa7xSyiYJKZ3iGrrk55cGA3i9A==",
+      "dev": true
+    },
     "tslib": {
       "version": "2.0.3",
       "resolved": "https://registry.npmjs.org/tslib/-/tslib-2.0.3.tgz",
@@ -5682,11 +6474,27 @@
       "resolved": "https://registry.npmjs.org/util-deprecate/-/util-deprecate-1.0.2.tgz",
       "integrity": "sha512-EPD5q1uXyFxJpCrLnCc1nHnq3gOa6DZBocAIiI2TaSCA7VCJ1UJDMagCzIkXNsUYfD1daK//LTEQ8xiIbrHtcw=="
     },
+    "util-extend": {
+      "version": "1.0.3",
+      "resolved": "https://registry.npmjs.org/util-extend/-/util-extend-1.0.3.tgz",
+      "integrity": "sha512-mLs5zAK+ctllYBj+iAQvlDCwoxU/WDOUaJkcFudeiAX6OajC6BKXJUa9a+tbtkC11dz2Ufb7h0lyvIOVn4LADA==",
+      "dev": true
+    },
     "uuid": {
       "version": "8.3.2",
       "resolved": "https://registry.npmjs.org/uuid/-/uuid-8.3.2.tgz",
       "integrity": "sha512-+NYs2QeMWy+GWFOEm9xnn6HCDp0l7QBD7ml8zLUmJ+93Q5NF0NocErnwkTkXVFNiX3/fpC6afS8Dhb/gz7R7eg=="
     },
+    "validate-npm-package-license": {
+      "version": "3.0.4",
+      "resolved": "https://registry.npmjs.org/validate-npm-package-license/-/validate-npm-package-license-3.0.4.tgz",
+      "integrity": "sha512-DpKm2Ui/xN7/HQKCtpZxoRWBhZ9Z0kqtygG8XCgNQ8ZlDnxuQmWhj566j8fN4Cu3/JmbhsDo7fcAJq4s9h27Ew==",
+      "dev": true,
+      "requires": {
+        "spdx-correct": "^3.0.0",
+        "spdx-expression-parse": "^3.0.0"
+      }
+    },
     "verror": {
       "version": "1.10.0",
       "resolved": "https://registry.npmjs.org/verror/-/verror-1.10.0.tgz",
@@ -5787,7 +6595,8 @@
       "version": "7.5.8",
       "resolved": "https://registry.npmjs.org/ws/-/ws-7.5.8.tgz",
       "integrity": "sha512-ri1Id1WinAX5Jqn9HejiGb8crfRio0Qgu8+MtL36rlTA6RLsMdWt1Az/19A2Qij6uSHUMphEFaTKa4WG+UNHNw==",
-      "dev": true
+      "dev": true,
+      "requires": {}
     },
     "y18n": {
       "version": "5.0.8",
diff --git a/package.json b/package.json
index 1fcc80b0a229..b0278b1aed07 100644
--- a/package.json
+++ b/package.json
@@ -21,6 +21,7 @@
     "cypress": "^9.6.0",
     "dayjs": "^1.10.4",
     "got": "^11.8.2",
+    "license-checker": "^25.0.1",
     "ory-prettier-styles": "1.3.0",
     "otplib": "^12.0.1",
     "prettier": "2.7.1",

From ddecb8911e8b60debc2cfb731b18da059dc60898 Mon Sep 17 00:00:00 2001
From: aeneasr <3372410+aeneasr@users.noreply.github.com>
Date: Wed, 2 Nov 2022 12:41:43 +0000
Subject: [PATCH 333/411] chore: update repository templates to
 https://github.com/ory/meta/commit/9f57fecccae6e37a4b7ff5863a683d27e583cd0f

---
 package-lock.json | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 22942d45a3f8..37ea379c31ec 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -6595,8 +6595,7 @@
       "version": "7.5.8",
       "resolved": "https://registry.npmjs.org/ws/-/ws-7.5.8.tgz",
       "integrity": "sha512-ri1Id1WinAX5Jqn9HejiGb8crfRio0Qgu8+MtL36rlTA6RLsMdWt1Az/19A2Qij6uSHUMphEFaTKa4WG+UNHNw==",
-      "dev": true,
-      "requires": {}
+      "dev": true
     },
     "y18n": {
       "version": "5.0.8",

From af2747bbbebf36a18592acbde673ce98f800ae3f Mon Sep 17 00:00:00 2001
From: Kevin Goslar 
Date: Wed, 2 Nov 2022 16:32:21 -0400
Subject: [PATCH 334/411] chore: remove obsolete header (#2857)

---
 .github/workflows/format.yml | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/.github/workflows/format.yml b/.github/workflows/format.yml
index acf5b2110981..a7a720ebc0a7 100644
--- a/.github/workflows/format.yml
+++ b/.github/workflows/format.yml
@@ -1,6 +1,3 @@
-# AUTO-GENERATED, DO NOT EDIT!
-# Please edit the original at https://github.com/ory/meta/blob/master/templates/repository/common/.github/workflows/format.yml
-
 name: Format
 
 on:

From 9346c183bc6052661b288bd1d392f13cfa51b1ca Mon Sep 17 00:00:00 2001
From: Kevin Goslar 
Date: Thu, 3 Nov 2022 12:45:47 -0400
Subject: [PATCH 335/411] chore: fix package-lock.json (#2861)

---
 package-lock.json | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/package-lock.json b/package-lock.json
index 37ea379c31ec..22942d45a3f8 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -6595,7 +6595,8 @@
       "version": "7.5.8",
       "resolved": "https://registry.npmjs.org/ws/-/ws-7.5.8.tgz",
       "integrity": "sha512-ri1Id1WinAX5Jqn9HejiGb8crfRio0Qgu8+MtL36rlTA6RLsMdWt1Az/19A2Qij6uSHUMphEFaTKa4WG+UNHNw==",
-      "dev": true
+      "dev": true,
+      "requires": {}
     },
     "y18n": {
       "version": "5.0.8",

From 15d72d9023621e595c1e3ea57d9fd77125183810 Mon Sep 17 00:00:00 2001
From: ory-bot <60093411+ory-bot@users.noreply.github.com>
Date: Thu, 3 Nov 2022 17:50:42 +0000
Subject: [PATCH 336/411] autogen(docs): regenerate and update changelog

[skip ci]
---
 CHANGELOG.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 7d13db276c79..1c53436e90f5 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -5,7 +5,7 @@
 
 **Table of Contents**
 
-- [ (2022-11-02)](#2022-11-02)
+- [ (2022-11-03)](#2022-11-03)
   - [Breaking Changes](#breaking-changes)
     - [Bug Fixes](#bug-fixes)
     - [Code Refactoring](#code-refactoring)
@@ -280,7 +280,7 @@
 
 
 
-# [](https://github.com/ory/kratos/compare/v0.10.1...v) (2022-11-02)
+# [](https://github.com/ory/kratos/compare/v0.10.1...v) (2022-11-03)
 
 ## Breaking Changes
 

From 1aa13211d1459e7453c2ba8fec69fee1c79aecbc Mon Sep 17 00:00:00 2001
From: Ajay Kelkar 
Date: Mon, 7 Nov 2022 11:00:24 +0100
Subject: [PATCH 337/411] feat: add admin get api for session (#2855)

Co-authored-by: hackerman <3372410+aeneasr@users.noreply.github.com>
---
 internal/httpclient/README.md           |   1 +
 internal/httpclient/api/openapi.yaml    |  72 +++++++++
 internal/httpclient/api_v0alpha2.go     | 188 ++++++++++++++++++++++++
 internal/httpclient/docs/V0alpha2Api.md |  79 +++++++++-
 persistence/sql/persister_session.go    |   7 +-
 session/expand.go                       |  25 +++-
 session/handler.go                      | 103 ++++++++++++-
 session/handler_test.go                 | 148 ++++++++++++++++++-
 spec/api.json                           |  88 +++++++++++
 spec/swagger.json                       |  74 ++++++++++
 10 files changed, 761 insertions(+), 24 deletions(-)

diff --git a/internal/httpclient/README.md b/internal/httpclient/README.md
index 6e6da2b414b4..f9e5aae57951 100644
--- a/internal/httpclient/README.md
+++ b/internal/httpclient/README.md
@@ -93,6 +93,7 @@ Class | Method | HTTP request | Description
 *V0alpha2Api* | [**AdminDeleteIdentitySessions**](docs/V0alpha2Api.md#admindeleteidentitysessions) | **Delete** /admin/identities/{id}/sessions | Delete & Invalidate an Identity's Sessions
 *V0alpha2Api* | [**AdminExtendSession**](docs/V0alpha2Api.md#adminextendsession) | **Patch** /admin/sessions/{id}/extend | Extend a Session
 *V0alpha2Api* | [**AdminGetIdentity**](docs/V0alpha2Api.md#admingetidentity) | **Get** /admin/identities/{id} | Get an Identity
+*V0alpha2Api* | [**AdminGetSession**](docs/V0alpha2Api.md#admingetsession) | **Get** /admin/sessions/{id} | This endpoint returns the session object with expandables specified.
 *V0alpha2Api* | [**AdminListCourierMessages**](docs/V0alpha2Api.md#adminlistcouriermessages) | **Get** /admin/courier/messages | List Messages
 *V0alpha2Api* | [**AdminListIdentities**](docs/V0alpha2Api.md#adminlistidentities) | **Get** /admin/identities | List Identities
 *V0alpha2Api* | [**AdminListIdentitySessions**](docs/V0alpha2Api.md#adminlistidentitysessions) | **Get** /admin/identities/{id}/sessions | List an Identity's Sessions
diff --git a/internal/httpclient/api/openapi.yaml b/internal/httpclient/api/openapi.yaml
index 9b174049c4a4..49a66cad1008 100644
--- a/internal/httpclient/api/openapi.yaml
+++ b/internal/httpclient/api/openapi.yaml
@@ -690,6 +690,22 @@ paths:
         schema:
           type: boolean
         style: form
+      - description: |-
+          ExpandOptions is a query parameter encoded list of all properties that must be expanded in the Session.
+          Example - ?expand=Identity&expand=Devices
+          If no value is provided, the expandable properties are skipped.
+        explode: true
+        in: query
+        name: expand
+        required: false
+        schema:
+          items:
+            enum:
+            - Devices
+            - Identity
+            type: string
+          type: array
+        style: form
       responses:
         "200":
           content:
@@ -726,6 +742,62 @@ paths:
       summary: This endpoint returns all sessions that exist.
       tags:
       - v0alpha2
+  /admin/sessions/{id}:
+    get:
+      description: |-
+        This endpoint is useful for:
+
+        Getting a session object with all specified expandables that exist in an administrative context.
+      operationId: adminGetSession
+      parameters:
+      - description: |-
+          ExpandOptions is a query parameter encoded list of all properties that must be expanded in the Session.
+          Example - ?expand=Identity&expand=Devices
+          If no value is provided, the expandable properties are skipped.
+        explode: true
+        in: query
+        name: expand
+        required: false
+        schema:
+          items:
+            enum:
+            - Devices
+            - Identity
+            type: string
+          type: array
+        style: form
+      - description: ID is the session's ID.
+        explode: false
+        in: path
+        name: id
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/session'
+          description: session
+        "400":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/jsonError'
+          description: jsonError
+        default:
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/jsonError'
+          description: jsonError
+      security:
+      - oryAccessToken: []
+      summary: This endpoint returns the session object with expandables specified.
+      tags:
+      - v0alpha2
   /admin/sessions/{id}/extend:
     patch:
       description: |-
diff --git a/internal/httpclient/api_v0alpha2.go b/internal/httpclient/api_v0alpha2.go
index 14300dc328c7..778b36e763ba 100644
--- a/internal/httpclient/api_v0alpha2.go
+++ b/internal/httpclient/api_v0alpha2.go
@@ -141,6 +141,23 @@ type V0alpha2Api interface {
 	 */
 	AdminGetIdentityExecute(r V0alpha2ApiApiAdminGetIdentityRequest) (*Identity, *http.Response, error)
 
+	/*
+			 * AdminGetSession This endpoint returns the session object with expandables specified.
+			 * This endpoint is useful for:
+
+		Getting a session object with all specified expandables that exist in an administrative context.
+			 * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+			 * @param id ID is the session's ID.
+			 * @return V0alpha2ApiApiAdminGetSessionRequest
+	*/
+	AdminGetSession(ctx context.Context, id string) V0alpha2ApiApiAdminGetSessionRequest
+
+	/*
+	 * AdminGetSessionExecute executes the request
+	 * @return Session
+	 */
+	AdminGetSessionExecute(r V0alpha2ApiApiAdminGetSessionRequest) (*Session, *http.Response, error)
+
 	/*
 	 * AdminListCourierMessages List Messages
 	 * Lists all messages by given status and recipient.
@@ -2199,6 +2216,161 @@ func (a *V0alpha2ApiService) AdminGetIdentityExecute(r V0alpha2ApiApiAdminGetIde
 	return localVarReturnValue, localVarHTTPResponse, nil
 }
 
+type V0alpha2ApiApiAdminGetSessionRequest struct {
+	ctx        context.Context
+	ApiService V0alpha2Api
+	id         string
+	expand     *[]string
+}
+
+func (r V0alpha2ApiApiAdminGetSessionRequest) Expand(expand []string) V0alpha2ApiApiAdminGetSessionRequest {
+	r.expand = &expand
+	return r
+}
+
+func (r V0alpha2ApiApiAdminGetSessionRequest) Execute() (*Session, *http.Response, error) {
+	return r.ApiService.AdminGetSessionExecute(r)
+}
+
+/*
+  - AdminGetSession This endpoint returns the session object with expandables specified.
+  - This endpoint is useful for:
+
+Getting a session object with all specified expandables that exist in an administrative context.
+  - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+  - @param id ID is the session's ID.
+  - @return V0alpha2ApiApiAdminGetSessionRequest
+*/
+func (a *V0alpha2ApiService) AdminGetSession(ctx context.Context, id string) V0alpha2ApiApiAdminGetSessionRequest {
+	return V0alpha2ApiApiAdminGetSessionRequest{
+		ApiService: a,
+		ctx:        ctx,
+		id:         id,
+	}
+}
+
+/*
+ * Execute executes the request
+ * @return Session
+ */
+func (a *V0alpha2ApiService) AdminGetSessionExecute(r V0alpha2ApiApiAdminGetSessionRequest) (*Session, *http.Response, error) {
+	var (
+		localVarHTTPMethod   = http.MethodGet
+		localVarPostBody     interface{}
+		localVarFormFileName string
+		localVarFileName     string
+		localVarFileBytes    []byte
+		localVarReturnValue  *Session
+	)
+
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "V0alpha2ApiService.AdminGetSession")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/admin/sessions/{id}"
+	localVarPath = strings.Replace(localVarPath, "{"+"id"+"}", url.PathEscape(parameterToString(r.id, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	if r.expand != nil {
+		t := *r.expand
+		if reflect.TypeOf(t).Kind() == reflect.Slice {
+			s := reflect.ValueOf(t)
+			for i := 0; i < s.Len(); i++ {
+				localVarQueryParams.Add("expand", parameterToString(s.Index(i), "multi"))
+			}
+		} else {
+			localVarQueryParams.Add("expand", parameterToString(t, "multi"))
+		}
+	}
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["oryAccessToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, localVarFormFileName, localVarFileName, localVarFileBytes)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+
+	localVarHTTPResponse, err := a.client.callAPI(req)
+	if err != nil || localVarHTTPResponse == nil {
+		return localVarReturnValue, localVarHTTPResponse, err
+	}
+
+	localVarBody, err := io.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = io.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		return localVarReturnValue, localVarHTTPResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 400 {
+			var v JsonError
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				return localVarReturnValue, localVarHTTPResponse, newErr
+			}
+			newErr.model = v
+			return localVarReturnValue, localVarHTTPResponse, newErr
+		}
+		var v JsonError
+		err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+		if err != nil {
+			newErr.error = err.Error()
+			return localVarReturnValue, localVarHTTPResponse, newErr
+		}
+		newErr.model = v
+		return localVarReturnValue, localVarHTTPResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		return localVarReturnValue, localVarHTTPResponse, newErr
+	}
+
+	return localVarReturnValue, localVarHTTPResponse, nil
+}
+
 type V0alpha2ApiApiAdminListCourierMessagesRequest struct {
 	ctx        context.Context
 	ApiService V0alpha2Api
@@ -2688,6 +2860,7 @@ type V0alpha2ApiApiAdminListSessionsRequest struct {
 	pageSize   *int64
 	pageToken  *string
 	active     *bool
+	expand     *[]string
 }
 
 func (r V0alpha2ApiApiAdminListSessionsRequest) PageSize(pageSize int64) V0alpha2ApiApiAdminListSessionsRequest {
@@ -2702,6 +2875,10 @@ func (r V0alpha2ApiApiAdminListSessionsRequest) Active(active bool) V0alpha2ApiA
 	r.active = &active
 	return r
 }
+func (r V0alpha2ApiApiAdminListSessionsRequest) Expand(expand []string) V0alpha2ApiApiAdminListSessionsRequest {
+	r.expand = &expand
+	return r
+}
 
 func (r V0alpha2ApiApiAdminListSessionsRequest) Execute() ([]Session, *http.Response, error) {
 	return r.ApiService.AdminListSessionsExecute(r)
@@ -2756,6 +2933,17 @@ func (a *V0alpha2ApiService) AdminListSessionsExecute(r V0alpha2ApiApiAdminListS
 	if r.active != nil {
 		localVarQueryParams.Add("active", parameterToString(*r.active, ""))
 	}
+	if r.expand != nil {
+		t := *r.expand
+		if reflect.TypeOf(t).Kind() == reflect.Slice {
+			s := reflect.ValueOf(t)
+			for i := 0; i < s.Len(); i++ {
+				localVarQueryParams.Add("expand", parameterToString(s.Index(i), "multi"))
+			}
+		} else {
+			localVarQueryParams.Add("expand", parameterToString(t, "multi"))
+		}
+	}
 	// to determine the Content-Type header
 	localVarHTTPContentTypes := []string{}
 
diff --git a/internal/httpclient/docs/V0alpha2Api.md b/internal/httpclient/docs/V0alpha2Api.md
index cf82a1f45559..1735eb70f9df 100644
--- a/internal/httpclient/docs/V0alpha2Api.md
+++ b/internal/httpclient/docs/V0alpha2Api.md
@@ -11,6 +11,7 @@ Method | HTTP request | Description
 [**AdminDeleteIdentitySessions**](V0alpha2Api.md#AdminDeleteIdentitySessions) | **Delete** /admin/identities/{id}/sessions | Delete & Invalidate an Identity's Sessions
 [**AdminExtendSession**](V0alpha2Api.md#AdminExtendSession) | **Patch** /admin/sessions/{id}/extend | Extend a Session
 [**AdminGetIdentity**](V0alpha2Api.md#AdminGetIdentity) | **Get** /admin/identities/{id} | Get an Identity
+[**AdminGetSession**](V0alpha2Api.md#AdminGetSession) | **Get** /admin/sessions/{id} | This endpoint returns the session object with expandables specified.
 [**AdminListCourierMessages**](V0alpha2Api.md#AdminListCourierMessages) | **Get** /admin/courier/messages | List Messages
 [**AdminListIdentities**](V0alpha2Api.md#AdminListIdentities) | **Get** /admin/identities | List Identities
 [**AdminListIdentitySessions**](V0alpha2Api.md#AdminListIdentitySessions) | **Get** /admin/identities/{id}/sessions | List an Identity's Sessions
@@ -527,6 +528,78 @@ Name | Type | Description  | Notes
 [[Back to README]](../README.md)
 
 
+## AdminGetSession
+
+> Session AdminGetSession(ctx, id).Expand(expand).Execute()
+
+This endpoint returns the session object with expandables specified.
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    id := "id_example" // string | ID is the session's ID.
+    expand := []string{"Expand_example"} // []string | ExpandOptions is a query parameter encoded list of all properties that must be expanded in the Session. Example - ?expand=Identity&expand=Devices If no value is provided, the expandable properties are skipped. (optional)
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.V0alpha2Api.AdminGetSession(context.Background(), id).Expand(expand).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `V0alpha2Api.AdminGetSession``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `AdminGetSession`: Session
+    fmt.Fprintf(os.Stdout, "Response from `V0alpha2Api.AdminGetSession`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**id** | **string** | ID is the session's ID. | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiAdminGetSessionRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+ **expand** | **[]string** | ExpandOptions is a query parameter encoded list of all properties that must be expanded in the Session. Example - ?expand=Identity&expand=Devices If no value is provided, the expandable properties are skipped. | 
+
+### Return type
+
+[**Session**](Session.md)
+
+### Authorization
+
+[oryAccessToken](../README.md#oryAccessToken)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
 ## AdminListCourierMessages
 
 > []Message AdminListCourierMessages(ctx).PerPage(perPage).Page(page).Status(status).Recipient(recipient).Execute()
@@ -745,7 +818,7 @@ Name | Type | Description  | Notes
 
 ## AdminListSessions
 
-> []Session AdminListSessions(ctx).PageSize(pageSize).PageToken(pageToken).Active(active).Execute()
+> []Session AdminListSessions(ctx).PageSize(pageSize).PageToken(pageToken).Active(active).Expand(expand).Execute()
 
 This endpoint returns all sessions that exist.
 
@@ -767,10 +840,11 @@ func main() {
     pageSize := int64(789) // int64 | Items per Page  This is the number of items per page to return. For details on pagination please head over to the [pagination documentation](https://www.ory.sh/docs/ecosystem/api-design#pagination). (optional) (default to 250)
     pageToken := "pageToken_example" // string | Next Page Token  The next page token. For details on pagination please head over to the [pagination documentation](https://www.ory.sh/docs/ecosystem/api-design#pagination). (optional)
     active := true // bool | Active is a boolean flag that filters out sessions based on the state. If no value is provided, all sessions are returned. (optional)
+    expand := []string{"Expand_example"} // []string | ExpandOptions is a query parameter encoded list of all properties that must be expanded in the Session. Example - ?expand=Identity&expand=Devices If no value is provided, the expandable properties are skipped. (optional)
 
     configuration := openapiclient.NewConfiguration()
     apiClient := openapiclient.NewAPIClient(configuration)
-    resp, r, err := apiClient.V0alpha2Api.AdminListSessions(context.Background()).PageSize(pageSize).PageToken(pageToken).Active(active).Execute()
+    resp, r, err := apiClient.V0alpha2Api.AdminListSessions(context.Background()).PageSize(pageSize).PageToken(pageToken).Active(active).Expand(expand).Execute()
     if err != nil {
         fmt.Fprintf(os.Stderr, "Error when calling `V0alpha2Api.AdminListSessions``: %v\n", err)
         fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
@@ -794,6 +868,7 @@ Name | Type | Description  | Notes
  **pageSize** | **int64** | Items per Page  This is the number of items per page to return. For details on pagination please head over to the [pagination documentation](https://www.ory.sh/docs/ecosystem/api-design#pagination). | [default to 250]
  **pageToken** | **string** | Next Page Token  The next page token. For details on pagination please head over to the [pagination documentation](https://www.ory.sh/docs/ecosystem/api-design#pagination). | 
  **active** | **bool** | Active is a boolean flag that filters out sessions based on the state. If no value is provided, all sessions are returned. | 
+ **expand** | **[]string** | ExpandOptions is a query parameter encoded list of all properties that must be expanded in the Session. Example - ?expand=Identity&expand=Devices If no value is provided, the expandable properties are skipped. | 
 
 ### Return type
 
diff --git a/persistence/sql/persister_session.go b/persistence/sql/persister_session.go
index c35208f6b079..cffbdeb10b9d 100644
--- a/persistence/sql/persister_session.go
+++ b/persistence/sql/persister_session.go
@@ -36,7 +36,8 @@ func (p *Persister) GetSession(ctx context.Context, sid uuid.UUID, expandables s
 	nid := p.NetworkID(ctx)
 
 	q := p.GetConnection(ctx).Q()
-	if len(expandables) > 0 {
+	// if len(expandables) > 0 {
+	if expandables.Has(session.ExpandSessionDevices) {
 		q = q.Eager(expandables.ToEager()...)
 	}
 
@@ -75,7 +76,9 @@ func (p *Persister) ListSessions(ctx context.Context, active *bool, paginatorOpt
 		if active != nil {
 			q = q.Where("active = ?", *active)
 		}
-		if len(expandables) > 0 {
+
+		// if len(expandables) > 0 {
+		if expandables.Has(session.ExpandSessionDevices) {
 			q = q.Eager(expandables.ToEager()...)
 		}
 
diff --git a/session/expand.go b/session/expand.go
index 19a257320a15..8383d3ff07c3 100644
--- a/session/expand.go
+++ b/session/expand.go
@@ -1,8 +1,23 @@
 package session
 
+import "strings"
+
 // Expandable controls what fields to expand for sessions.
+// swagger:enum Expandable
 type Expandable string
 
+const (
+	// ExpandSessionDevices expands devices related to the session
+	ExpandSessionDevices Expandable = "Devices"
+	// ExpandSessionIdentity expands Identity related to the session
+	ExpandSessionIdentity Expandable = "Identity"
+)
+
+var expandablesMap = map[string]Expandable{
+	"devices":  ExpandSessionDevices,
+	"identity": ExpandSessionIdentity,
+}
+
 // Expandables is a list of Expandable values.
 type Expandables []Expandable
 
@@ -33,12 +48,10 @@ func (e Expandables) Has(search Expandable) bool {
 	return false
 }
 
-const (
-	// ExpandSessionDevices expands devices related to the session
-	ExpandSessionDevices Expandable = "Devices"
-	// ExpandSessionIdentity expands Identity related to the session
-	ExpandSessionIdentity Expandable = "Identity"
-)
+func ParseExpandable(in string) (Expandable, bool) {
+	e, ok := expandablesMap[strings.ToLower(in)]
+	return e, ok
+}
 
 // ExpandNothing expands nothing
 var ExpandNothing []Expandable
diff --git a/session/handler.go b/session/handler.go
index df15f03dd0e5..7e585cac5fb2 100644
--- a/session/handler.go
+++ b/session/handler.go
@@ -64,6 +64,7 @@ const (
 
 func (h *Handler) RegisterAdminRoutes(admin *x.RouterAdmin) {
 	admin.GET(RouteCollection, h.adminListSessions)
+	admin.GET(RouteSession, h.adminGetSession)
 
 	admin.GET(AdminRouteIdentitiesSessions, h.adminListIdentitySessions)
 	admin.DELETE(AdminRouteIdentitiesSessions, h.adminDeleteIdentitySessions)
@@ -71,11 +72,6 @@ func (h *Handler) RegisterAdminRoutes(admin *x.RouterAdmin) {
 
 	admin.DELETE(RouteCollection, x.RedirectToPublicRoute(h.r))
 	admin.DELETE(RouteSession, x.RedirectToPublicRoute(h.r))
-
-	for _, m := range []string{http.MethodGet, http.MethodHead, http.MethodPost, http.MethodPut} {
-		// Redirect to public endpoint
-		admin.Handle(m, RouteWhoami, x.RedirectToPublicRoute(h.r))
-	}
 }
 
 func (h *Handler) RegisterPublicRoutes(public *x.RouterPublic) {
@@ -280,6 +276,14 @@ type adminListSessionsRequest struct {
 	// required: false
 	// in: query
 	Active bool `json:"active"`
+
+	// ExpandOptions is a query parameter encoded list of all properties that must be expanded in the Session.
+	// Example - ?expand=Identity&expand=Devices
+	// If no value is provided, the expandable properties are skipped.
+	//
+	// required: false
+	// in: query
+	ExpandOptions []Expandable `json:"expand"`
 }
 
 // Session List Response
@@ -338,7 +342,19 @@ func (h *Handler) adminListSessions(w http.ResponseWriter, r *http.Request, ps h
 		return
 	}
 
-	sess, total, nextPage, err := h.r.SessionPersister().ListSessions(r.Context(), active, opts, ExpandEverything)
+	var expandables Expandables
+	if es, ok := urlValues["expand"]; ok {
+		for _, e := range es {
+			expand, ok := ParseExpandable(e)
+			if !ok {
+				h.r.Writer().WriteError(w, r, errors.WithStack(herodot.ErrBadRequest.WithReasonf("Could not parse expand option: %s", e)))
+				return
+			}
+			expandables = append(expandables, expand)
+		}
+	}
+
+	sess, total, nextPage, err := h.r.SessionPersister().ListSessions(r.Context(), active, opts, expandables)
 	if err != nil {
 		h.r.Writer().WriteError(w, r, err)
 		return
@@ -349,6 +365,81 @@ func (h *Handler) adminListSessions(w http.ResponseWriter, r *http.Request, ps h
 	h.r.Writer().Write(w, r, sess)
 }
 
+// Session Get Request
+//
+// The request object for getting a session in an administrative context.
+//
+// swagger:parameters adminGetSession
+// nolint:deadcode,unused
+type adminGetSessionRequest struct {
+	// ExpandOptions is a query parameter encoded list of all properties that must be expanded in the Session.
+	// Example - ?expand=Identity&expand=Devices
+	// If no value is provided, the expandable properties are skipped.
+	//
+	// required: false
+	// in: query
+	ExpandOptions []Expandable `json:"expand"`
+
+	// ID is the session's ID.
+	//
+	// required: true
+	// in: path
+	ID string `json:"id"`
+}
+
+// swagger:route GET /admin/sessions/{id} v0alpha2 adminGetSession
+//
+// This endpoint returns the session object with expandables specified.
+//
+// This endpoint is useful for:
+//
+// - Getting a session object with all specified expandables that exist in an administrative context.
+//
+//	Schemes: http, https
+//
+//	Security:
+//	  oryAccessToken:
+//
+//	Responses:
+//	  200: session
+//	  400: jsonError
+//	  default: jsonError
+func (h *Handler) adminGetSession(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
+	if ps.ByName("id") == "whoami" {
+		// for /admin/sessions/whoami redirect to the public route
+		x.RedirectToPublicRoute(h.r)(w, r, ps)
+		return
+	}
+
+	sID, err := uuid.FromString(ps.ByName("id"))
+	if err != nil {
+		h.r.Writer().WriteError(w, r, herodot.ErrBadRequest.WithError(err.Error()).WithDebug("could not parse UUID"))
+		return
+	}
+
+	var expandables Expandables
+
+	urlValues := r.URL.Query()
+	if es, ok := urlValues["expand"]; ok {
+		for _, e := range es {
+			expand, ok := ParseExpandable(e)
+			if !ok {
+				h.r.Writer().WriteError(w, r, errors.WithStack(herodot.ErrBadRequest.WithReasonf("Could not parse expand option: %s", e)))
+				return
+			}
+			expandables = append(expandables, expand)
+		}
+	}
+
+	sess, err := h.r.SessionPersister().GetSession(r.Context(), sID, expandables)
+	if err != nil {
+		h.r.Writer().WriteError(w, r, err)
+		return
+	}
+
+	h.r.Writer().Write(w, r, sess)
+}
+
 // swagger:parameters adminListIdentitySessions
 // nolint:deadcode,unused
 type adminListIdentitySessions struct {
diff --git a/session/handler_test.go b/session/handler_test.go
index fe3c0050f44e..aee08a8d6b5a 100644
--- a/session/handler_test.go
+++ b/session/handler_test.go
@@ -419,12 +419,100 @@ func TestHandlerAdminSessionManagement(t *testing.T) {
 
 	t.Run("case=should return 202 after invalidating all sessions", func(t *testing.T) {
 		client := testhelpers.NewClientWithCookies(t)
-		i := identity.NewIdentity("")
-		require.NoError(t, reg.IdentityManager().Create(ctx, i))
-		s := &Session{Identity: i}
+		var s *Session
+		require.NoError(t, faker.FakeData(&s))
+		s.Active = true
+		s.AMR = AuthenticationMethods{
+			{Method: identity.CredentialsTypePassword, CompletedAt: time.Now().UTC().Round(time.Second)},
+			{Method: identity.CredentialsTypeOIDC, CompletedAt: time.Now().UTC().Round(time.Second)},
+		}
+		require.NoError(t, reg.Persister().CreateIdentity(ctx, s.Identity))
+
+		var expectedSessionDevice Device
+		require.NoError(t, faker.FakeData(&expectedSessionDevice))
+		s.Devices = []Device{
+			expectedSessionDevice,
+		}
+
+		assert.Equal(t, uuid.Nil, s.ID)
 		require.NoError(t, reg.SessionPersister().UpsertSession(ctx, s))
+		assert.NotEqual(t, uuid.Nil, s.ID)
+		assert.NotEqual(t, uuid.Nil, s.Identity.ID)
 
-		t.Run("should list sessions", func(t *testing.T) {
+		t.Run("get session", func(t *testing.T) {
+			req, _ := http.NewRequest("GET", ts.URL+"/admin/sessions/"+s.ID.String(), nil)
+			res, err := client.Do(req)
+			require.NoError(t, err)
+			assert.Equal(t, http.StatusOK, res.StatusCode)
+
+			var session Session
+			require.NoError(t, json.NewDecoder(res.Body).Decode(&session))
+			assert.Equal(t, s.ID, session.ID)
+			assert.Nil(t, session.Identity)
+			assert.Empty(t, session.Devices)
+		})
+
+		t.Run("get session expand", func(t *testing.T) {
+			for _, tc := range []struct {
+				description        string
+				expand             string
+				expectedIdentityId string
+				expectedDevices    int
+			}{
+				{
+					description:        "expand Identity",
+					expand:             "/?expand=Identity",
+					expectedIdentityId: s.Identity.ID.String(),
+					expectedDevices:    0,
+				},
+				{
+					description:        "expand Devices",
+					expand:             "/?expand=Devices",
+					expectedIdentityId: "",
+					expectedDevices:    1,
+				},
+				{
+					description:        "expand Identity and Devices",
+					expand:             "/?expand=Identity&expand=Devices",
+					expectedIdentityId: s.Identity.ID.String(),
+					expectedDevices:    1,
+				},
+			} {
+				t.Run(fmt.Sprintf("description=%s", tc.description), func(t *testing.T) {
+					req, _ := http.NewRequest("GET", ts.URL+"/admin/sessions/"+s.ID.String()+tc.expand, nil)
+					res, err := client.Do(req)
+					require.NoError(t, err)
+					assert.Equal(t, http.StatusOK, res.StatusCode)
+
+					body := ioutilx.MustReadAll(res.Body)
+					assert.Equal(t, s.ID.String(), gjson.GetBytes(body, "id").String())
+					assert.Equal(t, tc.expectedIdentityId, gjson.GetBytes(body, "identity.id").String())
+					assert.Equal(t, fmt.Sprint(tc.expectedDevices), gjson.GetBytes(body, "devices.#").String())
+				})
+			}
+		})
+
+		t.Run("get session expand invalid", func(t *testing.T) {
+			req, _ := http.NewRequest("GET", ts.URL+"/admin/sessions/"+s.ID.String()+"/?expand=invalid", nil)
+			res, err := client.Do(req)
+			require.NoError(t, err)
+			assert.Equal(t, http.StatusBadRequest, res.StatusCode)
+		})
+
+		t.Run("should redirect to public for whoami", func(t *testing.T) {
+			client := testhelpers.NewHTTPClientWithSessionToken(t, reg, s)
+			client.CheckRedirect = func(req *http.Request, via []*http.Request) error {
+				return http.ErrUseLastResponse
+			}
+
+			req := x.NewTestHTTPRequest(t, "GET", ts.URL+"/admin/sessions/whoami", nil)
+			res, err := client.Do(req)
+			require.NoError(t, err)
+			require.Equal(t, http.StatusTemporaryRedirect, res.StatusCode)
+			require.Equal(t, ts.URL+"/sessions/whoami", res.Header.Get("Location"))
+		})
+
+		t.Run("list sessions", func(t *testing.T) {
 			req, _ := http.NewRequest("GET", ts.URL+"/admin/sessions/", nil)
 			res, err := client.Do(req)
 			require.NoError(t, err)
@@ -436,10 +524,54 @@ func TestHandlerAdminSessionManagement(t *testing.T) {
 			require.NoError(t, json.NewDecoder(res.Body).Decode(&sessions))
 			require.Len(t, sessions, 1)
 			assert.Equal(t, s.ID, sessions[0].ID)
+			assert.Empty(t, sessions[0].Identity)
+			assert.Empty(t, sessions[0].Devices)
+		})
+
+		t.Run("list sessions expand", func(t *testing.T) {
+			for _, tc := range []struct {
+				description          string
+				expand               string
+				expectedIdentityId   string
+				expectedDevicesCount string
+			}{
+				{
+					description:          "expand Identity",
+					expand:               "?expand=Identity",
+					expectedIdentityId:   s.Identity.ID.String(),
+					expectedDevicesCount: "",
+				},
+				{
+					description:          "expand Devices",
+					expand:               "?expand=Devices",
+					expectedIdentityId:   "",
+					expectedDevicesCount: "1",
+				},
+				{
+					description:          "expand Identity and Devices",
+					expand:               "?expand=Identity&expand=Devices",
+					expectedIdentityId:   s.Identity.ID.String(),
+					expectedDevicesCount: "1",
+				},
+			} {
+				t.Run(fmt.Sprintf("description=%s", tc.description), func(t *testing.T) {
+					req, _ := http.NewRequest("GET", ts.URL+"/admin/sessions/"+tc.expand, nil)
+					res, err := client.Do(req)
+					require.NoError(t, err)
+					assert.Equal(t, http.StatusOK, res.StatusCode)
+					assert.Equal(t, "1", res.Header.Get("X-Total-Count"))
+					assert.Equal(t, "; rel=\"first\"", res.Header.Get("Link"))
+
+					body := ioutilx.MustReadAll(res.Body)
+					assert.Equal(t, s.ID.String(), gjson.GetBytes(body, "0.id").String())
+					assert.Equal(t, tc.expectedIdentityId, gjson.GetBytes(body, "0.identity.id").String())
+					assert.Equal(t, tc.expectedDevicesCount, gjson.GetBytes(body, "0.devices.#").String())
+				})
+			}
 		})
 
-		t.Run("should list session", func(t *testing.T) {
-			req, _ := http.NewRequest("GET", ts.URL+"/admin/identities/"+i.ID.String()+"/sessions", nil)
+		t.Run("should list sessions for an identity", func(t *testing.T) {
+			req, _ := http.NewRequest("GET", ts.URL+"/admin/identities/"+s.Identity.ID.String()+"/sessions", nil)
 			res, err := client.Do(req)
 			require.NoError(t, err)
 			assert.Equal(t, http.StatusOK, res.StatusCode)
@@ -450,7 +582,7 @@ func TestHandlerAdminSessionManagement(t *testing.T) {
 			assert.Equal(t, s.ID, sessions[0].ID)
 		})
 
-		req, _ := http.NewRequest("DELETE", ts.URL+"/admin/identities/"+i.ID.String()+"/sessions", nil)
+		req, _ := http.NewRequest("DELETE", ts.URL+"/admin/identities/"+s.Identity.ID.String()+"/sessions", nil)
 		res, err := client.Do(req)
 		require.NoError(t, err)
 		require.Equal(t, http.StatusNoContent, res.StatusCode)
@@ -459,7 +591,7 @@ func TestHandlerAdminSessionManagement(t *testing.T) {
 		require.True(t, errors.Is(err, sqlcon.ErrNoRows))
 
 		t.Run("should not list session", func(t *testing.T) {
-			req, _ := http.NewRequest("GET", ts.URL+"/admin/identities/"+i.ID.String()+"/sessions", nil)
+			req, _ := http.NewRequest("GET", ts.URL+"/admin/identities/"+s.Identity.ID.String()+"/sessions", nil)
 			res, err := client.Do(req)
 			require.NoError(t, err)
 			assert.Equal(t, http.StatusOK, res.StatusCode)
diff --git a/spec/api.json b/spec/api.json
index f5c36b5b15c5..f4a859096a4f 100755
--- a/spec/api.json
+++ b/spec/api.json
@@ -3682,6 +3682,21 @@
             "schema": {
               "type": "boolean"
             }
+          },
+          {
+            "description": "ExpandOptions is a query parameter encoded list of all properties that must be expanded in the Session.\nExample - ?expand=Identity\u0026expand=Devices\nIf no value is provided, the expandable properties are skipped.",
+            "in": "query",
+            "name": "expand",
+            "schema": {
+              "items": {
+                "enum": [
+                  "Devices",
+                  "Identity"
+                ],
+                "type": "string"
+              },
+              "type": "array"
+            }
           }
         ],
         "responses": {
@@ -3747,6 +3762,79 @@
         ]
       }
     },
+    "/admin/sessions/{id}": {
+      "get": {
+        "description": "This endpoint is useful for:\n\nGetting a session object with all specified expandables that exist in an administrative context.",
+        "operationId": "adminGetSession",
+        "parameters": [
+          {
+            "description": "ExpandOptions is a query parameter encoded list of all properties that must be expanded in the Session.\nExample - ?expand=Identity\u0026expand=Devices\nIf no value is provided, the expandable properties are skipped.",
+            "in": "query",
+            "name": "expand",
+            "schema": {
+              "items": {
+                "enum": [
+                  "Devices",
+                  "Identity"
+                ],
+                "type": "string"
+              },
+              "type": "array"
+            }
+          },
+          {
+            "description": "ID is the session's ID.",
+            "in": "path",
+            "name": "id",
+            "required": true,
+            "schema": {
+              "type": "string"
+            }
+          }
+        ],
+        "responses": {
+          "200": {
+            "content": {
+              "application/json": {
+                "schema": {
+                  "$ref": "#/components/schemas/session"
+                }
+              }
+            },
+            "description": "session"
+          },
+          "400": {
+            "content": {
+              "application/json": {
+                "schema": {
+                  "$ref": "#/components/schemas/jsonError"
+                }
+              }
+            },
+            "description": "jsonError"
+          },
+          "default": {
+            "content": {
+              "application/json": {
+                "schema": {
+                  "$ref": "#/components/schemas/jsonError"
+                }
+              }
+            },
+            "description": "jsonError"
+          }
+        },
+        "security": [
+          {
+            "oryAccessToken": []
+          }
+        ],
+        "summary": "This endpoint returns the session object with expandables specified.",
+        "tags": [
+          "v0alpha2"
+        ]
+      }
+    },
     "/admin/sessions/{id}/extend": {
       "patch": {
         "description": "Calling this endpoint extends the given session ID. If `session.earliest_possible_extend` is set it\nwill only extend the session after the specified time has passed.\n\nRetrieve the session ID from the `/sessions/whoami` endpoint / `toSession` SDK method.",
diff --git a/spec/swagger.json b/spec/swagger.json
index 3869bcb32849..966f7db95cf1 100755
--- a/spec/swagger.json
+++ b/spec/swagger.json
@@ -769,6 +769,19 @@
             "description": "Active is a boolean flag that filters out sessions based on the state. If no value is provided, all sessions are returned.",
             "name": "active",
             "in": "query"
+          },
+          {
+            "type": "array",
+            "items": {
+              "enum": [
+                "Devices",
+                "Identity"
+              ],
+              "type": "string"
+            },
+            "description": "ExpandOptions is a query parameter encoded list of all properties that must be expanded in the Session.\nExample - ?expand=Identity\u0026expand=Devices\nIf no value is provided, the expandable properties are skipped.",
+            "name": "expand",
+            "in": "query"
           }
         ],
         "responses": {
@@ -805,6 +818,67 @@
         }
       }
     },
+    "/admin/sessions/{id}": {
+      "get": {
+        "security": [
+          {
+            "oryAccessToken": []
+          }
+        ],
+        "description": "This endpoint is useful for:\n\nGetting a session object with all specified expandables that exist in an administrative context.",
+        "schemes": [
+          "http",
+          "https"
+        ],
+        "tags": [
+          "v0alpha2"
+        ],
+        "summary": "This endpoint returns the session object with expandables specified.",
+        "operationId": "adminGetSession",
+        "parameters": [
+          {
+            "type": "array",
+            "items": {
+              "enum": [
+                "Devices",
+                "Identity"
+              ],
+              "type": "string"
+            },
+            "description": "ExpandOptions is a query parameter encoded list of all properties that must be expanded in the Session.\nExample - ?expand=Identity\u0026expand=Devices\nIf no value is provided, the expandable properties are skipped.",
+            "name": "expand",
+            "in": "query"
+          },
+          {
+            "type": "string",
+            "description": "ID is the session's ID.",
+            "name": "id",
+            "in": "path",
+            "required": true
+          }
+        ],
+        "responses": {
+          "200": {
+            "description": "session",
+            "schema": {
+              "$ref": "#/definitions/session"
+            }
+          },
+          "400": {
+            "description": "jsonError",
+            "schema": {
+              "$ref": "#/definitions/jsonError"
+            }
+          },
+          "default": {
+            "description": "jsonError",
+            "schema": {
+              "$ref": "#/definitions/jsonError"
+            }
+          }
+        }
+      }
+    },
     "/admin/sessions/{id}/extend": {
       "patch": {
         "security": [

From 37b1a3bb0cf2ea859d672674ca0e95893e63301b Mon Sep 17 00:00:00 2001
From: Arne 
Date: Mon, 7 Nov 2022 11:29:42 +0100
Subject: [PATCH 338/411] feat: add OpenTelemetry span events (#2858)

Co-authored-by: Ajay Kelkar 
---
 cmd/courier/watch.go                          |  10 +-
 cmd/daemon/serve.go                           |  51 +-
 courier/sms_test.go                           |   2 +-
 driver/factory.go                             |   2 +-
 driver/registry.go                            |  15 +
 driver/registry_default.go                    |  40 +-
 go.mod                                        | 159 ++--
 go.sum                                        | 715 +++++-------------
 identity/validator_test.go                    |   4 +-
 selfservice/flow/login/handler_test.go        |   1 +
 selfservice/flow/login/hook.go                |  19 +
 selfservice/flow/registration/hook.go         |  11 +
 selfservice/hook/web_hook_integration_test.go |   6 +-
 .../oidc/provider_private_net_test.go         |  10 +-
 session/session.go                            |   2 +-
 .../profiles/network/errors.spec.ts           |   8 +-
 x/tracing.go                                  |  14 -
 17 files changed, 365 insertions(+), 704 deletions(-)
 delete mode 100644 x/tracing.go

diff --git a/cmd/courier/watch.go b/cmd/courier/watch.go
index faf8ebff826b..f5a5b866c25d 100644
--- a/cmd/courier/watch.go
+++ b/cmd/courier/watch.go
@@ -4,12 +4,10 @@ import (
 	cx "context"
 	"net/http"
 
-	"github.com/ory/x/servicelocatorx"
-
-	"golang.org/x/sync/errgroup"
-
 	"github.com/spf13/cobra"
 	"github.com/urfave/negroni"
+	"go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp"
+	"golang.org/x/sync/errgroup"
 
 	"github.com/ory/graceful"
 	"github.com/ory/kratos/driver"
@@ -17,6 +15,7 @@ import (
 	"github.com/ory/x/configx"
 	"github.com/ory/x/otelx"
 	"github.com/ory/x/reqlog"
+	"github.com/ory/x/servicelocatorx"
 )
 
 func NewWatchCmd(slOpts []servicelocatorx.Option, dOpts []driver.RegistryOption) *cobra.Command {
@@ -67,7 +66,8 @@ func ServeMetrics(ctx cx.Context, r driver.Registry) error {
 
 	var handler http.Handler = n
 	if tracer := r.Tracer(ctx); tracer.IsLoaded() {
-		handler = otelx.NewHandler(n, "cmd.courier.ServeMetrics")
+		tp := tracer.Provider()
+		handler = otelx.NewHandler(handler, "cmd.courier.ServeMetrics", otelhttp.WithTracerProvider(tp))
 	}
 
 	// #nosec G112 - the correct settings are set by graceful.WithDefaults
diff --git a/cmd/daemon/serve.go b/cmd/daemon/serve.go
index fa8256833295..89b8bd43b5ad 100644
--- a/cmd/daemon/serve.go
+++ b/cmd/daemon/serve.go
@@ -1,47 +1,37 @@
 package daemon
 
 import (
+	stdctx "context"
 	"crypto/tls"
 	"net/http"
 
-	"github.com/ory/x/servicelocatorx"
-
 	"github.com/pkg/errors"
-	"golang.org/x/net/context"
-
-	"golang.org/x/sync/errgroup"
-
-	"github.com/ory/kratos/schema"
-
-	"github.com/ory/kratos/selfservice/flow/recovery"
-
-	"github.com/ory/x/reqlog"
-
-	"github.com/ory/kratos/cmd/courier"
-	"github.com/ory/kratos/driver/config"
-
 	"github.com/rs/cors"
-
-	prometheus "github.com/ory/x/prometheusx"
-
-	"github.com/ory/analytics-go/v4"
-
-	"github.com/ory/x/healthx"
-	"github.com/ory/x/networkx"
-
-	stdctx "context"
-
 	"github.com/spf13/cobra"
 	"github.com/urfave/negroni"
+	"go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp"
+	"golang.org/x/net/context"
+	"golang.org/x/sync/errgroup"
 
+	"github.com/ory/analytics-go/v4"
 	"github.com/ory/graceful"
+	"github.com/ory/x/healthx"
 	"github.com/ory/x/metricsx"
+	"github.com/ory/x/networkx"
+	"github.com/ory/x/otelx"
+	prometheus "github.com/ory/x/prometheusx"
+	"github.com/ory/x/reqlog"
+	"github.com/ory/x/servicelocatorx"
 
+	"github.com/ory/kratos/cmd/courier"
 	"github.com/ory/kratos/driver"
+	"github.com/ory/kratos/driver/config"
 	"github.com/ory/kratos/identity"
+	"github.com/ory/kratos/schema"
 	"github.com/ory/kratos/selfservice/errorx"
 	"github.com/ory/kratos/selfservice/flow/login"
 	"github.com/ory/kratos/selfservice/flow/logout"
+	"github.com/ory/kratos/selfservice/flow/recovery"
 	"github.com/ory/kratos/selfservice/flow/registration"
 	"github.com/ory/kratos/selfservice/flow/settings"
 	"github.com/ory/kratos/selfservice/flow/verification"
@@ -115,16 +105,15 @@ func ServePublic(r driver.Registry, cmd *cobra.Command, args []string, slOpts *s
 	r.RegisterPublicRoutes(ctx, router)
 	r.PrometheusManager().RegisterRouter(router.Router)
 
-	var handler http.Handler = n
-	options, enabled := r.Config().CORS(ctx, "public")
-	if enabled {
-		handler = cors.New(options).Handler(handler)
+	if options, enabled := r.Config().CORS(ctx, "public"); enabled {
+		n.UseFunc(cors.New(options).ServeHTTP)
 	}
 
 	certs := c.GetTLSCertificatesForPublic(ctx)
 
+	var handler http.Handler = n
 	if tracer := r.Tracer(ctx); tracer.IsLoaded() {
-		handler = x.TraceHandler(handler)
+		handler = otelx.TraceHandler(handler, otelhttp.WithTracerProvider(tracer.Provider()))
 	}
 
 	// #nosec G112 - the correct settings are set by graceful.WithDefaults
@@ -190,7 +179,7 @@ func ServeAdmin(r driver.Registry, cmd *cobra.Command, args []string, slOpts *se
 
 	var handler http.Handler = n
 	if tracer := r.Tracer(ctx); tracer.IsLoaded() {
-		handler = x.TraceHandler(n)
+		handler = otelx.TraceHandler(handler, otelhttp.WithTracerProvider(tracer.Provider()))
 	}
 
 	// #nosec G112 - the correct settings are set by graceful.WithDefaults
diff --git a/courier/sms_test.go b/courier/sms_test.go
index ca54a953c821..9931b2e23dcc 100644
--- a/courier/sms_test.go
+++ b/courier/sms_test.go
@@ -141,5 +141,5 @@ func TestDisallowedInternalNetwork(t *testing.T) {
 
 	err = c.DispatchQueue(ctx)
 	require.Error(t, err)
-	assert.Contains(t, err.Error(), "ip 127.0.0.1 is in the 127.0.0.0/8 range")
+	assert.Contains(t, err.Error(), "ip 127.0.0.1 is in the private, loopback, or unspecified IP range")
 }
diff --git a/driver/factory.go b/driver/factory.go
index fc79e91b3edf..db536a036367 100644
--- a/driver/factory.go
+++ b/driver/factory.go
@@ -18,7 +18,7 @@ func New(ctx context.Context, stdOutOrErr io.Writer, sl *servicelocatorx.Options
 	}
 
 	ctxter := sl.Contextualizer()
-	if err := r.Init(ctx, ctxter); err != nil {
+	if err := r.Init(ctx, ctxter, dOpts...); err != nil {
 		r.Logger().WithError(err).Error("Unable to initialize service registry.")
 		return nil, err
 	}
diff --git a/driver/registry.go b/driver/registry.go
index 12f4eb652e1b..8d4b6aceb953 100644
--- a/driver/registry.go
+++ b/driver/registry.go
@@ -62,6 +62,7 @@ type Registry interface {
 	RegisterAdminRoutes(ctx context.Context, admin *x.RouterAdmin)
 	PrometheusManager() *prometheus.MetricsManager
 	Tracer(context.Context) *otelx.Tracer
+	SetTracer(*otelx.Tracer)
 
 	config.Provider
 	CourierConfig() config.CourierConfigs
@@ -156,12 +157,20 @@ func NewRegistryFromDSN(ctx context.Context, c *config.Config, l *logrusx.Logger
 		return nil, errors.Errorf("driver of type %T does not implement interface Registry", driver)
 	}
 
+	tracer, err := otelx.New("Ory Kratos", l, c.Tracing(ctx))
+	if err != nil {
+		l.WithError(err).Fatalf("failed to initialize tracer")
+		tracer = otelx.NewNoop(l, c.Tracing(ctx))
+	}
+	registry.SetTracer(tracer)
+
 	return registry.WithLogger(l).WithConfig(c), nil
 }
 
 type options struct {
 	skipNetworkInit bool
 	config          *config.Config
+	replaceTracer   func(*otelx.Tracer) *otelx.Tracer
 }
 
 type RegistryOption func(*options)
@@ -176,6 +185,12 @@ func WithConfig(config *config.Config) func(o *options) {
 	}
 }
 
+func ReplaceTracer(f func(*otelx.Tracer) *otelx.Tracer) func(o *options) {
+	return func(o *options) {
+		o.replaceTracer = f
+	}
+}
+
 func newOptions(os []RegistryOption) *options {
 	o := new(options)
 	for _, f := range os {
diff --git a/driver/registry_default.go b/driver/registry_default.go
index 2f0a7006c197..7b5ed17052af 100644
--- a/driver/registry_default.go
+++ b/driver/registry_default.go
@@ -213,7 +213,9 @@ func (m *RegistryDefault) RegisterRoutes(ctx context.Context, public *x.RouterPu
 }
 
 func NewRegistryDefault() *RegistryDefault {
-	return &RegistryDefault{}
+	return &RegistryDefault{
+		trc: otelx.NewNoop(nil, new(otelx.Config)),
+	}
 }
 
 func (m *RegistryDefault) WithLogger(l *logrusx.Logger) Registry {
@@ -497,22 +499,15 @@ func (m *RegistryDefault) ContinuityCookieManager(ctx context.Context) sessions.
 
 func (m *RegistryDefault) Tracer(ctx context.Context) *otelx.Tracer {
 	if m.trc == nil {
-		// Tracing is initialized only once so it can not be hot reloaded or context-aware.
-		t, err := otelx.New("Ory Kratos", m.l, m.Config().Tracing(ctx))
-		if err != nil {
-			m.Logger().WithError(err).Fatalf("Unable to initialize Tracer.")
-			t = otelx.NewNoop(m.l, m.Config().Tracing(ctx))
-		}
-		m.trc = t
-	}
-
-	if m.trc.Tracer() == nil {
-		m.trc = otelx.NewNoop(m.l, m.Config().Tracing(ctx))
+		return otelx.NewNoop(m.l, m.Config().Tracing(ctx)) // should never happen
 	}
-
 	return m.trc
 }
 
+func (m *RegistryDefault) SetTracer(t *otelx.Tracer) {
+	m.trc = t
+}
+
 func (m *RegistryDefault) SessionManager() session.Manager {
 	if m.sessionManager == nil {
 		m.sessionManager = session.NewManagerHTTP(m)
@@ -559,18 +554,21 @@ func (m *RegistryDefault) Init(ctx context.Context, ctxer contextx.Contextualize
 
 	o := newOptions(opts)
 
+	var instrumentedDriverOpts []instrumentedsql.Opt
+	if m.Tracer(ctx).IsLoaded() {
+		instrumentedDriverOpts = []instrumentedsql.Opt{
+			instrumentedsql.WithTracer(otelsql.NewTracer()),
+		}
+	}
+	if o.replaceTracer != nil {
+		m.trc = o.replaceTracer(m.trc)
+	}
+
 	bc := backoff.NewExponentialBackOff()
 	bc.MaxElapsedTime = time.Minute * 5
 	bc.Reset()
 	return errors.WithStack(
 		backoff.Retry(func() error {
-			var opts []instrumentedsql.Opt
-			if m.Tracer(ctx).IsLoaded() {
-				opts = []instrumentedsql.Opt{
-					instrumentedsql.WithTracer(otelsql.NewTracer()),
-				}
-			}
-
 			m.WithContextualizer(ctxer)
 
 			// Use maxIdleConnTime - see comment below for https://github.com/gobuffalo/pop/pull/637
@@ -589,7 +587,7 @@ func (m *RegistryDefault) Init(ctx context.Context, ctxer contextx.Contextualize
 				// ConnMaxIdleTime:           connMaxIdleTime,
 				Pool:                      pool,
 				UseInstrumentedDriver:     m.Tracer(ctx).IsLoaded(),
-				InstrumentedDriverOptions: opts,
+				InstrumentedDriverOptions: instrumentedDriverOpts,
 			})
 			if err != nil {
 				m.Logger().WithError(err).Warnf("Unable to connect to database, retrying.")
diff --git a/go.mod b/go.mod
index f36b98c2b6cc..89a670f6e559 100644
--- a/go.mod
+++ b/go.mod
@@ -23,7 +23,7 @@ require (
 	github.com/Masterminds/sprig/v3 v3.2.2
 	github.com/arbovm/levenshtein v0.0.0-20160628152529-48b4e1c0c4d0
 	github.com/avast/retry-go/v3 v3.1.1
-	github.com/bradleyjkemp/cupaloy/v2 v2.6.0
+	github.com/bradleyjkemp/cupaloy/v2 v2.8.0
 	github.com/bwmarrin/discordgo v0.23.0
 	github.com/bxcodec/faker/v3 v3.3.1
 	github.com/cenkalti/backoff v2.2.1+incompatible
@@ -39,35 +39,35 @@ require (
 	github.com/go-openapi/strfmt v0.21.3
 	github.com/go-playground/validator/v10 v10.4.1
 	github.com/go-swagger/go-swagger v0.30.3
-	github.com/gobuffalo/fizz v1.14.2
-	github.com/gobuffalo/httptest v1.0.2
-	github.com/gobuffalo/pop/v6 v6.0.6
-	github.com/gofrs/uuid v4.2.0+incompatible
+	github.com/gobuffalo/fizz v1.14.4
+	github.com/gobuffalo/httptest v1.5.2
+	github.com/gobuffalo/pop/v6 v6.0.8
+	github.com/gofrs/uuid v4.3.0+incompatible
 	github.com/golang-jwt/jwt/v4 v4.1.0
 	github.com/golang/gddo v0.0.0-20190904175337-72a348e765d2
 	github.com/golang/mock v1.6.0
 	github.com/google/go-github/v27 v27.0.1
 	github.com/google/go-github/v38 v38.1.0
-	github.com/google/go-jsonnet v0.18.0
+	github.com/google/go-jsonnet v0.19.0
 	github.com/google/uuid v1.3.0
 	github.com/gorilla/sessions v1.2.1
 	github.com/gtank/cryptopasta v0.0.0-20170601214702-1f550f6f2f69
 	github.com/hashicorp/consul/api v1.12.0
-	github.com/hashicorp/go-retryablehttp v0.7.0
+	github.com/hashicorp/go-retryablehttp v0.7.1
 	github.com/hashicorp/golang-lru v0.5.4
-	github.com/imdario/mergo v0.3.12
-	github.com/inhies/go-bytesize v0.0.0-20210819104631-275770b98743
+	github.com/imdario/mergo v0.3.13
+	github.com/inhies/go-bytesize v0.0.0-20220417184213-4913239db9cf
 	github.com/jarcoal/httpmock v1.0.5
 	github.com/jteeuwen/go-bindata v3.0.7+incompatible
 	github.com/julienschmidt/httprouter v1.3.0
-	github.com/knadh/koanf v1.4.0
+	github.com/knadh/koanf v1.4.4
 	github.com/luna-duclos/instrumentedsql v1.1.3
 	github.com/mattn/goveralls v0.0.7
 	github.com/mikefarah/yq/v4 v4.19.1
 	github.com/mohae/deepcopy v0.0.0-20170929034955-c48cc78d4826
 	github.com/montanaflynn/stats v0.0.0-20171201202039-1bf9dbcd8cbe
 	github.com/ory/analytics-go/v4 v4.0.3
-	github.com/ory/dockertest/v3 v3.9.0
+	github.com/ory/dockertest/v3 v3.9.1
 	github.com/ory/go-acc v0.2.8
 	github.com/ory/go-convenience v0.1.0
 	github.com/ory/graceful v0.1.3
@@ -77,27 +77,28 @@ require (
 	github.com/ory/kratos-client-go v0.6.3-alpha.1
 	github.com/ory/mail/v3 v3.0.0
 	github.com/ory/nosurf v1.2.7
-	github.com/ory/x v0.0.496-0.20221027133513-e86fadee7d2e
+	github.com/ory/x v0.0.506
 	github.com/phayes/freeport v0.0.0-20180830031419-95f893ade6f2
 	github.com/pkg/errors v0.9.1
 	github.com/pquerna/otp v1.3.0
 	github.com/rs/cors v1.8.2
-	github.com/sirupsen/logrus v1.8.1
+	github.com/sirupsen/logrus v1.9.0
 	github.com/slack-go/slack v0.7.4
 	github.com/spf13/cobra v1.6.1
 	github.com/spf13/pflag v1.0.5
 	github.com/sqs/goreturns v0.0.0-20181028201513-538ac6014518
-	github.com/stretchr/testify v1.8.0
-	github.com/tidwall/gjson v1.14.0
-	github.com/tidwall/sjson v1.2.4
+	github.com/stretchr/testify v1.8.1
+	github.com/tidwall/gjson v1.14.3
+	github.com/tidwall/sjson v1.2.5
 	github.com/urfave/negroni v1.0.0
 	github.com/zmb3/spotify/v2 v2.0.0
-	go.opentelemetry.io/otel v1.9.0
-	go.opentelemetry.io/otel/trace v1.9.0
+	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.36.4
+	go.opentelemetry.io/otel v1.11.1
+	go.opentelemetry.io/otel/trace v1.11.1
 	golang.org/x/crypto v0.1.0
 	golang.org/x/net v0.1.0
-	golang.org/x/oauth2 v0.0.0-20220822191816-0ebed06d0094
-	golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4
+	golang.org/x/oauth2 v0.0.0-20221014153046-6fdb5e3db783
+	golang.org/x/sync v0.1.0
 	golang.org/x/tools v0.2.0
 )
 
@@ -107,15 +108,14 @@ require (
 	github.com/Masterminds/goutils v1.1.1 // indirect
 	github.com/Masterminds/semver v1.5.0 // indirect
 	github.com/Masterminds/semver/v3 v3.1.1 // indirect
-	github.com/Microsoft/go-winio v0.5.2 // indirect
+	github.com/Microsoft/go-winio v0.6.0 // indirect
 	github.com/Nvveen/Gotty v0.0.0-20120604004816-cd527374f1e5 // indirect
 	github.com/a8m/envsubst v1.3.0 // indirect
-	github.com/ajg/form v0.0.0-20160822230020-523a5da1a92f // indirect
 	github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751 // indirect
 	github.com/alecthomas/units v0.0.0-20210208195552-ff826a37aa15 // indirect
 	github.com/armon/go-metrics v0.3.10 // indirect
 	github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d // indirect
-	github.com/avast/retry-go/v4 v4.0.5 // indirect
+	github.com/avast/retry-go/v4 v4.3.0 // indirect
 	github.com/aymerick/douceur v0.2.0 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/bgentry/speakeasy v0.1.0 // indirect
@@ -127,31 +127,30 @@ require (
 	github.com/cloudflare/cfssl v1.6.1 // indirect
 	github.com/cncf/udpa/go v0.0.0-20210930031921-04548b0d99d4 // indirect
 	github.com/cncf/xds/go v0.0.0-20211130200136-a8f946100490 // indirect
-	github.com/cockroachdb/cockroach-go/v2 v2.2.10 // indirect
-	github.com/containerd/containerd v1.5.7 // indirect
+	github.com/cockroachdb/cockroach-go/v2 v2.2.16 // indirect
 	github.com/containerd/continuity v0.3.0 // indirect
 	github.com/coreos/go-semver v0.3.0 // indirect
 	github.com/coreos/go-systemd/v22 v22.3.2 // indirect
 	github.com/cortesi/moddwatch v0.0.0-20210222043437-a6aaad86a36e // indirect
 	github.com/cortesi/termlog v0.0.0-20210222042314-a1eec763abec // indirect
 	github.com/cpuguy83/go-md2man/v2 v2.0.2 // indirect
-	github.com/docker/cli v20.10.14+incompatible // indirect
+	github.com/docker/cli v20.10.21+incompatible // indirect
 	github.com/docker/distribution v2.8.1+incompatible // indirect
-	github.com/docker/docker v20.10.9+incompatible // indirect
+	github.com/docker/docker v20.10.21+incompatible // indirect
 	github.com/docker/go-connections v0.4.0 // indirect
-	github.com/docker/go-units v0.4.0 // indirect
+	github.com/docker/go-units v0.5.0 // indirect
 	github.com/dustin/go-humanize v1.0.0 // indirect
 	github.com/elliotchance/orderedmap v1.4.0 // indirect
 	github.com/envoyproxy/go-control-plane v0.10.2-0.20220325020618-49ff273808a1 // indirect
 	github.com/envoyproxy/protoc-gen-validate v0.6.2 // indirect
-	github.com/evanphx/json-patch v4.11.0+incompatible // indirect
+	github.com/evanphx/json-patch v5.6.0+incompatible // indirect
 	github.com/fatih/structs v1.1.0 // indirect
+	github.com/felixge/fgprof v0.9.3 // indirect
 	github.com/felixge/httpsnoop v1.0.3 // indirect
 	github.com/form3tech-oss/jwt-go v3.2.3+incompatible // indirect
 	github.com/fsnotify/fsnotify v1.6.0 // indirect
 	github.com/fullstorydev/grpcurl v1.8.1 // indirect
 	github.com/fxamacker/cbor/v2 v2.4.0 // indirect
-	github.com/go-bindata/go-bindata v3.1.2+incompatible // indirect
 	github.com/go-logr/logr v1.2.3 // indirect
 	github.com/go-logr/stdr v1.2.2 // indirect
 	github.com/go-openapi/analysis v0.21.4 // indirect
@@ -160,7 +159,7 @@ require (
 	github.com/go-openapi/jsonpointer v0.19.5 // indirect
 	github.com/go-openapi/jsonreference v0.20.0 // indirect
 	github.com/go-openapi/loads v0.21.2 // indirect
-	github.com/go-openapi/runtime v0.24.1 // indirect
+	github.com/go-openapi/runtime v0.24.2 // indirect
 	github.com/go-openapi/spec v0.20.7 // indirect
 	github.com/go-openapi/swag v0.22.3 // indirect
 	github.com/go-openapi/validate v0.22.0 // indirect
@@ -168,15 +167,15 @@ require (
 	github.com/go-playground/universal-translator v0.17.0 // indirect
 	github.com/go-sql-driver/mysql v1.6.0 // indirect
 	github.com/go-stack/stack v1.8.1 // indirect
-	github.com/gobuffalo/envy v1.10.1 // indirect
-	github.com/gobuffalo/flect v0.2.5 // indirect
-	github.com/gobuffalo/github_flavored_markdown v1.1.1 // indirect
-	github.com/gobuffalo/helpers v0.6.5 // indirect
-	github.com/gobuffalo/nulls v0.4.1 // indirect
-	github.com/gobuffalo/plush/v4 v4.1.13 // indirect
-	github.com/gobuffalo/tags/v3 v3.1.3 // indirect
-	github.com/gobuffalo/validate/v3 v3.3.2 // indirect
-	github.com/goccy/go-yaml v1.9.5 // indirect
+	github.com/gobuffalo/envy v1.10.2 // indirect
+	github.com/gobuffalo/flect v0.3.0 // indirect
+	github.com/gobuffalo/github_flavored_markdown v1.1.3 // indirect
+	github.com/gobuffalo/helpers v0.6.7 // indirect
+	github.com/gobuffalo/nulls v0.4.2 // indirect
+	github.com/gobuffalo/plush/v4 v4.1.16 // indirect
+	github.com/gobuffalo/tags/v3 v3.1.4 // indirect
+	github.com/gobuffalo/validate/v3 v3.3.3 // indirect
+	github.com/goccy/go-yaml v1.9.6 // indirect
 	github.com/gofrs/flock v0.8.1 // indirect
 	github.com/gogo/protobuf v1.3.2 // indirect
 	github.com/golang/glog v1.0.0 // indirect
@@ -185,6 +184,7 @@ require (
 	github.com/google/btree v1.0.1 // indirect
 	github.com/google/certificate-transparency-go v1.1.2-0.20210511102531-373a877eec92 // indirect
 	github.com/google/go-querystring v1.0.0 // indirect
+	github.com/google/pprof v0.0.0-20221010195024-131d412537ea // indirect
 	github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect
 	github.com/gorilla/css v1.0.0 // indirect
 	github.com/gorilla/handlers v1.5.1 // indirect
@@ -193,7 +193,7 @@ require (
 	github.com/grpc-ecosystem/go-grpc-middleware v1.3.0 // indirect
 	github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0 // indirect
 	github.com/grpc-ecosystem/grpc-gateway v1.16.0 // indirect
-	github.com/grpc-ecosystem/grpc-gateway/v2 v2.7.0 // indirect
+	github.com/grpc-ecosystem/grpc-gateway/v2 v2.12.0 // indirect
 	github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
 	github.com/hashicorp/go-hclog v1.2.0 // indirect
 	github.com/hashicorp/go-immutable-radix v1.3.1 // indirect
@@ -203,13 +203,13 @@ require (
 	github.com/huandu/xstrings v1.3.2 // indirect
 	github.com/inconshreveable/mousetrap v1.0.1 // indirect
 	github.com/jackc/chunkreader/v2 v2.0.1 // indirect
-	github.com/jackc/pgconn v1.12.1 // indirect
+	github.com/jackc/pgconn v1.13.0 // indirect
 	github.com/jackc/pgio v1.0.0 // indirect
 	github.com/jackc/pgpassfile v1.0.0 // indirect
-	github.com/jackc/pgproto3/v2 v2.3.0 // indirect
+	github.com/jackc/pgproto3/v2 v2.3.1 // indirect
 	github.com/jackc/pgservicefile v0.0.0-20200714003250-2b9c44734f2b // indirect
-	github.com/jackc/pgtype v1.11.0 // indirect
-	github.com/jackc/pgx/v4 v4.16.1 // indirect
+	github.com/jackc/pgtype v1.12.0 // indirect
+	github.com/jackc/pgx/v4 v4.17.2 // indirect
 	github.com/jandelgado/gcov2lcov v1.0.5 // indirect
 	github.com/jessevdk/go-flags v1.5.0 // indirect
 	github.com/jhump/protoreflect v1.8.2 // indirect
@@ -223,47 +223,46 @@ require (
 	github.com/kr/pretty v0.3.0 // indirect
 	github.com/kr/text v0.2.0 // indirect
 	github.com/leodido/go-urn v1.2.0 // indirect
-	github.com/lib/pq v1.10.6 // indirect
+	github.com/lib/pq v1.10.7 // indirect
 	github.com/magiconair/properties v1.8.6 // indirect
 	github.com/mailru/easyjson v0.7.7 // indirect
-	github.com/markbates/hmax v1.0.0 // indirect
-	github.com/mattn/go-colorable v0.1.12 // indirect
-	github.com/mattn/go-isatty v0.0.14 // indirect
+	github.com/mattn/go-colorable v0.1.13 // indirect
+	github.com/mattn/go-isatty v0.0.16 // indirect
 	github.com/mattn/go-runewidth v0.0.12 // indirect
 	github.com/mattn/go-sqlite3 v2.0.3+incompatible // indirect
-	github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369 // indirect
-	github.com/microcosm-cc/bluemonday v1.0.16 // indirect
+	github.com/matttproud/golang_protobuf_extensions v1.0.4 // indirect
+	github.com/microcosm-cc/bluemonday v1.0.21 // indirect
 	github.com/mitchellh/copystructure v1.2.0 // indirect
 	github.com/mitchellh/go-homedir v1.1.0 // indirect
 	github.com/mitchellh/mapstructure v1.5.0 // indirect
 	github.com/mitchellh/reflectwalk v1.0.2 // indirect
-	github.com/moby/term v0.0.0-20210619224110-3f7ff695adc6 // indirect
+	github.com/moby/term v0.0.0-20220808134915-39b0c02b01ae // indirect
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
 	github.com/modern-go/reflect2 v1.0.2 // indirect
-	github.com/nyaruka/phonenumbers v1.0.73 // indirect
+	github.com/nyaruka/phonenumbers v1.1.1 // indirect
 	github.com/oklog/ulid v1.3.1 // indirect
 	github.com/olekukonko/tablewriter v0.0.5 // indirect
 	github.com/opencontainers/go-digest v1.0.0 // indirect
-	github.com/opencontainers/image-spec v1.0.2 // indirect
-	github.com/opencontainers/runc v1.1.1 // indirect
-	github.com/openzipkin/zipkin-go v0.4.0 // indirect
+	github.com/opencontainers/image-spec v1.1.0-rc2 // indirect
+	github.com/opencontainers/runc v1.1.4 // indirect
+	github.com/openzipkin/zipkin-go v0.4.1 // indirect
 	github.com/ory/viper v1.7.5 // indirect
 	github.com/pborman/uuid v1.2.1 // indirect
 	github.com/pelletier/go-toml v1.9.5 // indirect
 	github.com/pelletier/go-toml/v2 v2.0.1 // indirect
-	github.com/pkg/profile v1.6.0 // indirect
+	github.com/pkg/profile v1.7.0 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
 	github.com/pquerna/cachecontrol v0.1.0 // indirect
-	github.com/prometheus/client_golang v1.11.1 // indirect
-	github.com/prometheus/client_model v0.2.0 // indirect
-	github.com/prometheus/common v0.32.1 // indirect
-	github.com/prometheus/procfs v0.7.3 // indirect
+	github.com/prometheus/client_golang v1.13.0 // indirect
+	github.com/prometheus/client_model v0.3.0 // indirect
+	github.com/prometheus/common v0.37.0 // indirect
+	github.com/prometheus/procfs v0.8.0 // indirect
 	github.com/rivo/uniseg v0.2.0 // indirect
 	github.com/rjeczalik/notify v0.0.0-20181126183243-629144ba06a1 // indirect
 	github.com/rogpeppe/go-internal v1.9.0 // indirect
 	github.com/russross/blackfriday/v2 v2.1.0 // indirect
 	github.com/seatgeek/logrus-gelf-formatter v0.0.0-20210414080842-5b05eb8ff761 // indirect
-	github.com/segmentio/backo-go v0.0.0-20200129164019-23eae7c10bd3 // indirect
+	github.com/segmentio/backo-go v1.0.1 // indirect
 	github.com/sergi/go-diff v1.2.0 // indirect
 	github.com/shopspring/decimal v1.3.1 // indirect
 	github.com/soheilhy/cmux v0.1.5 // indirect
@@ -275,7 +274,7 @@ require (
 	github.com/spf13/viper v1.12.0 // indirect
 	github.com/subosito/gotenv v1.4.1 // indirect
 	github.com/tidwall/match v1.1.1 // indirect
-	github.com/tidwall/pretty v1.2.0 // indirect
+	github.com/tidwall/pretty v1.2.1 // indirect
 	github.com/timtadh/data-structures v0.5.3 // indirect
 	github.com/timtadh/lexmachine v0.2.2 // indirect
 	github.com/tmc/grpc-websocket-proxy v0.0.0-20201229170055-e5319fda7802 // indirect
@@ -298,33 +297,31 @@ require (
 	go.etcd.io/etcd/server/v3 v3.5.0-alpha.0 // indirect
 	go.etcd.io/etcd/tests/v3 v3.5.0-alpha.0 // indirect
 	go.etcd.io/etcd/v3 v3.5.0-alpha.0 // indirect
-	go.mongodb.org/mongo-driver v1.10.1 // indirect
-	go.opentelemetry.io/contrib/instrumentation/net/http/httptrace/otelhttptrace v0.25.0 // indirect
-	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.29.0 // indirect
-	go.opentelemetry.io/contrib/propagators/b3 v1.4.0 // indirect
-	go.opentelemetry.io/contrib/propagators/jaeger v1.4.0 // indirect
-	go.opentelemetry.io/contrib/samplers/jaegerremote v0.0.0-20220314184135-32895002a444 // indirect
-	go.opentelemetry.io/otel/exporters/jaeger v1.9.0 // indirect
-	go.opentelemetry.io/otel/exporters/otlp/internal/retry v1.9.0 // indirect
+	go.mongodb.org/mongo-driver v1.10.3 // indirect
+	go.opentelemetry.io/contrib/instrumentation/net/http/httptrace/otelhttptrace v0.36.4 // indirect
+	go.opentelemetry.io/contrib/propagators/b3 v1.11.1 // indirect
+	go.opentelemetry.io/contrib/propagators/jaeger v1.11.1 // indirect
+	go.opentelemetry.io/contrib/samplers/jaegerremote v0.5.2 // indirect
+	go.opentelemetry.io/otel/exporters/jaeger v1.11.1 // indirect
+	go.opentelemetry.io/otel/exporters/otlp/internal/retry v1.11.1 // indirect
 	go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.9.0 // indirect
 	go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.9.0 // indirect
-	go.opentelemetry.io/otel/exporters/zipkin v1.9.0 // indirect
-	go.opentelemetry.io/otel/internal/metric v0.27.0 // indirect
-	go.opentelemetry.io/otel/metric v0.27.0 // indirect
-	go.opentelemetry.io/otel/sdk v1.9.0 // indirect
+	go.opentelemetry.io/otel/exporters/zipkin v1.11.1 // indirect
+	go.opentelemetry.io/otel/metric v0.33.0 // indirect
+	go.opentelemetry.io/otel/sdk v1.11.1 // indirect
 	go.opentelemetry.io/proto/otlp v0.18.0 // indirect
-	go.uber.org/atomic v1.7.0 // indirect
+	go.uber.org/atomic v1.10.0 // indirect
 	go.uber.org/multierr v1.7.0 // indirect
 	go.uber.org/zap v1.17.0 // indirect
 	golang.org/x/mod v0.6.0 // indirect
 	golang.org/x/sys v0.1.0 // indirect
 	golang.org/x/term v0.1.0 // indirect
 	golang.org/x/text v0.4.0 // indirect
-	golang.org/x/time v0.0.0-20211116232009-f0f3c7e86c11 // indirect
-	golang.org/x/xerrors v0.0.0-20220609144429-65e65417b02f // indirect
+	golang.org/x/time v0.1.0 // indirect
+	golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2 // indirect
 	google.golang.org/appengine v1.6.7 // indirect
-	google.golang.org/genproto v0.0.0-20220616135557-88e70c0c3a90 // indirect
-	google.golang.org/grpc v1.47.0 // indirect
+	google.golang.org/genproto v0.0.0-20221025140454-527a21cfbd71 // indirect
+	google.golang.org/grpc v1.50.1 // indirect
 	google.golang.org/protobuf v1.28.1 // indirect
 	gopkg.in/alecthomas/kingpin.v2 v2.2.6 // indirect
 	gopkg.in/alexcesaro/quotedprintable.v3 v3.0.0-20150716171945-2caba252f4dc // indirect
@@ -335,5 +332,5 @@ require (
 	gopkg.in/yaml.v2 v2.4.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 	mvdan.cc/sh/v3 v3.3.0-0.dev.0.20210224101809-fb5052e7a010 // indirect
-	sigs.k8s.io/yaml v1.2.0 // indirect
+	sigs.k8s.io/yaml v1.3.0 // indirect
 )
diff --git a/go.sum b/go.sum
index 02aba1d90efc..976eaa0da394 100644
--- a/go.sum
+++ b/go.sum
@@ -1,4 +1,3 @@
-bazil.org/fuse v0.0.0-20160811212531-371fbbdaa898/go.mod h1:Xbm+BRKSBEpa4q4hTSxohYNQpsxXPbPry4JJWOB3LB8=
 bazil.org/fuse v0.0.0-20180421153158-65cc252bf669/go.mod h1:Xbm+BRKSBEpa4q4hTSxohYNQpsxXPbPry4JJWOB3LB8=
 bitbucket.org/creachadair/shell v0.0.6/go.mod h1:8Qqi/cYk7vPnsOePHroKXDJYmb5x7ENhtiFtfZq8K+M=
 bitbucket.org/liamstask/goose v0.0.0-20150115234039-8488cc47d90c/go.mod h1:hSVuE3qU7grINVSwrmzHfpg9k87ALBk+XaualNyUzI4=
@@ -74,25 +73,13 @@ contrib.go.opencensus.io/resource v0.1.1/go.mod h1:F361eGI91LCmW1I/Saf+rX0+OFcig
 dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU=
 github.com/Azure/azure-amqp-common-go/v2 v2.1.0/go.mod h1:R8rea+gJRuJR6QxTir/XuEd+YuKoUiazDC/N96FiDEU=
 github.com/Azure/azure-pipeline-go v0.2.1/go.mod h1:UGSo8XybXnIGZ3epmeBw7Jdz+HiUVpqIlpz/HKHylF4=
-github.com/Azure/azure-sdk-for-go v16.2.1+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc=
 github.com/Azure/azure-sdk-for-go v29.0.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc=
 github.com/Azure/azure-sdk-for-go v30.1.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc=
 github.com/Azure/azure-service-bus-go v0.9.1/go.mod h1:yzBx6/BUGfjfeqbRZny9AQIbIe3AcV9WZbAdpkoXOa0=
 github.com/Azure/azure-storage-blob-go v0.8.0/go.mod h1:lPI3aLPpuLTeUwh1sViKXFxwl2B6teiRqI0deQUvsw0=
-github.com/Azure/go-ansiterm v0.0.0-20170929234023-d6e3b3328b78/go.mod h1:LmzpDX56iTiv29bbRTIsUNlaFfuhWRQBWjQdVyAevI8=
 github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1 h1:UQHMgLO+TxOElx5B5HZ4hJQsoJ/PvUvKRhJHDQXO8P8=
 github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E=
-github.com/Azure/go-autorest v10.8.1+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24=
 github.com/Azure/go-autorest v12.0.0+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24=
-github.com/Azure/go-autorest v14.2.0+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24=
-github.com/Azure/go-autorest/autorest v0.11.1/go.mod h1:JFgpikqFJ/MleTTxwepExTKnFUKKszPS8UavbQYUMuw=
-github.com/Azure/go-autorest/autorest/adal v0.9.0/go.mod h1:/c022QCutn2P7uY+/oQWWNcK9YU+MH96NgK+jErpbcg=
-github.com/Azure/go-autorest/autorest/adal v0.9.5/go.mod h1:B7KF7jKIeC9Mct5spmyCB/A8CG/sEz1vwIRGv/bbw7A=
-github.com/Azure/go-autorest/autorest/date v0.3.0/go.mod h1:BI0uouVdmngYNUzGWeSYnokU+TrmwEsOqdt8Y6sso74=
-github.com/Azure/go-autorest/autorest/mocks v0.4.0/go.mod h1:LTp+uSrOhSkaKrUy935gNZuuIPPVsHlr9DSOxSayd+k=
-github.com/Azure/go-autorest/autorest/mocks v0.4.1/go.mod h1:LTp+uSrOhSkaKrUy935gNZuuIPPVsHlr9DSOxSayd+k=
-github.com/Azure/go-autorest/logger v0.2.0/go.mod h1:T9E3cAhj2VqvPOtCYAvby9aBXkZmbF5NWuPV8+WeEW8=
-github.com/Azure/go-autorest/tracing v0.6.0/go.mod h1:+vhtPC754Xsa23ID7GlGsrdKBpUA79WCAKPPZVC2DeU=
 github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
 github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo=
 github.com/DataDog/datadog-go v3.2.0+incompatible/go.mod h1:LButxg5PwREeZtORoXG3tL4fMGNddJ+vMq1mwgfaqoQ=
@@ -114,37 +101,15 @@ github.com/Masterminds/sprig v2.15.0+incompatible/go.mod h1:y6hNFY5UBTIWBxnzTeuN
 github.com/Masterminds/sprig v2.22.0+incompatible/go.mod h1:y6hNFY5UBTIWBxnzTeuNhlNS5hqE0NB0E6fgfo2Br3o=
 github.com/Masterminds/sprig/v3 v3.2.2 h1:17jRggJu518dr3QaafizSXOjKYp94wKfABxUmyxvxX8=
 github.com/Masterminds/sprig/v3 v3.2.2/go.mod h1:UoaO7Yp8KlPnJIYWTFkMaqPUYKTfGFPhxNuwnnxkKlk=
-github.com/Microsoft/go-winio v0.4.11/go.mod h1:VhR8bwka0BXejwEJY73c50VrPtXAaKcyvVC4A4RozmA=
-github.com/Microsoft/go-winio v0.4.14/go.mod h1:qXqCSQ3Xa7+6tgxaGTIe4Kpcdsi+P8jBhyzoq1bpyYA=
-github.com/Microsoft/go-winio v0.4.15-0.20190919025122-fc70bd9a86b5/go.mod h1:tTuCMEN+UleMWgg9dVx4Hu52b1bJo+59jBh3ajtinzw=
-github.com/Microsoft/go-winio v0.4.16-0.20201130162521-d1ffc52c7331/go.mod h1:XB6nPKklQyQ7GC9LdcBEcBl8PF76WugXOPRXwdLnMv0=
-github.com/Microsoft/go-winio v0.4.16/go.mod h1:XB6nPKklQyQ7GC9LdcBEcBl8PF76WugXOPRXwdLnMv0=
-github.com/Microsoft/go-winio v0.4.17-0.20210211115548-6eac466e5fa3/go.mod h1:JPGBdM1cNvN/6ISo+n8V5iA4v8pBzdOpzfwIujj1a84=
-github.com/Microsoft/go-winio v0.4.17-0.20210324224401-5516f17a5958/go.mod h1:JPGBdM1cNvN/6ISo+n8V5iA4v8pBzdOpzfwIujj1a84=
-github.com/Microsoft/go-winio v0.4.17/go.mod h1:JPGBdM1cNvN/6ISo+n8V5iA4v8pBzdOpzfwIujj1a84=
-github.com/Microsoft/go-winio v0.5.2 h1:a9IhgEQBCUEk6QCdml9CiJGhAws+YwffDHEMp1VMrpA=
-github.com/Microsoft/go-winio v0.5.2/go.mod h1:WpS1mjBmmwHBEWmogvA2mj8546UReBk4v8QkMxJ6pZY=
-github.com/Microsoft/hcsshim v0.8.6/go.mod h1:Op3hHsoHPAvb6lceZHDtd9OkTew38wNoXnJs8iY7rUg=
-github.com/Microsoft/hcsshim v0.8.7-0.20190325164909-8abdbb8205e4/go.mod h1:Op3hHsoHPAvb6lceZHDtd9OkTew38wNoXnJs8iY7rUg=
-github.com/Microsoft/hcsshim v0.8.7/go.mod h1:OHd7sQqRFrYd3RmSgbgji+ctCwkbq2wbEYNSzOYtcBQ=
-github.com/Microsoft/hcsshim v0.8.9/go.mod h1:5692vkUqntj1idxauYlpoINNKeqCiG6Sg38RRsjT5y8=
-github.com/Microsoft/hcsshim v0.8.14/go.mod h1:NtVKoYxQuTLx6gEq0L96c9Ju4JbRJ4nY2ow3VK6a9Lg=
-github.com/Microsoft/hcsshim v0.8.15/go.mod h1:x38A4YbHbdxJtc0sF6oIz+RG0npwSCAvn69iY6URG00=
-github.com/Microsoft/hcsshim v0.8.16/go.mod h1:o5/SZqmR7x9JNKsW3pu+nqHm0MF8vbA+VxGOoXdC600=
-github.com/Microsoft/hcsshim v0.8.21/go.mod h1:+w2gRZ5ReXQhFOrvSQeNfhrYB/dg3oDwTOcER2fw4I4=
-github.com/Microsoft/hcsshim/test v0.0.0-20201218223536-d3e5debf77da/go.mod h1:5hlzMzRKMLyo42nCZ9oml8AdTlq/0cvIaBv6tK1RehU=
-github.com/Microsoft/hcsshim/test v0.0.0-20210227013316-43a75bb4edd3/go.mod h1:mw7qgWloBUl75W/gVH3cQszUg1+gUITj7D6NY7ywVnY=
-github.com/NYTimes/gziphandler v0.0.0-20170623195520-56545f4a5d46/go.mod h1:3wb06e3pkSAbeQ52E9H9iFoQsEEwGN64994WTCIhntQ=
+github.com/Microsoft/go-winio v0.6.0 h1:slsWYD/zyx7lCXoZVlvQrj0hPTM1HI4+v1sIda2yDvg=
+github.com/Microsoft/go-winio v0.6.0/go.mod h1:cTAf44im0RAYeL23bpB+fzCyDH2MJiz2BO69KH/soAE=
 github.com/Nvveen/Gotty v0.0.0-20120604004816-cd527374f1e5 h1:TngWCqHvy9oXAN6lEVMRuU21PR1EtLVZJmdB18Gu3Rw=
 github.com/Nvveen/Gotty v0.0.0-20120604004816-cd527374f1e5/go.mod h1:lmUJ/7eu/Q8D7ML55dXQrVaamCz2vxCfdQBasLZfHKk=
 github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU=
 github.com/PuerkitoBio/purell v1.1.1/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0=
 github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE=
-github.com/Shopify/logrus-bugsnag v0.0.0-20171204204709-577dee27f20d/go.mod h1:HI8ITrYtUY+O+ZhtlqUnD8+KwNPOyugEhfP9fdUIaEQ=
 github.com/Shopify/sarama v1.19.0/go.mod h1:FVkBWblsNy7DGZRfXLU0O9RCGt5g3g3yEuWXgklEdEo=
-github.com/Shopify/sarama v1.30.0/go.mod h1:zujlQQx1kzHsh4jfV1USnptCQrHAEZ2Hk8fTKCulPVs=
 github.com/Shopify/toxiproxy v2.1.4+incompatible/go.mod h1:OXgGpZ6Cli1/URJOF1DMxUHB2q5Ap20/P/eIdh4G0pI=
-github.com/Shopify/toxiproxy/v2 v2.1.6-0.20210914104332-15ea381dcdae/go.mod h1:/cvHQkZ1fst0EmZnA5dFtiQdWCNCFYzb+uE2vqVgvx0=
 github.com/VividCortex/gohistogram v1.0.0/go.mod h1:Pf5mBqqDxYaXu3hDrrU+w6nw50o/4+TcAqDqk/vUH7g=
 github.com/a8m/envsubst v1.3.0 h1:GmXKmVssap0YtlU3E230W98RWtWCyIZzjtf1apWWyAg=
 github.com/a8m/envsubst v1.3.0/go.mod h1:MVUTQNGQ3tsjOOtKCNd+fl8RzhsXcDvvAEzkhGtlsbY=
@@ -153,8 +118,6 @@ github.com/aeneasr/cupaloy/v2 v2.6.1-0.20210924214125-3dfdd01210a3/go.mod h1:bm7
 github.com/aeneasr/koanf v0.14.1-0.20211230115640-aa3902b3267a h1:CWZu1palLlc1XlFcbEQ6i4Oqax3CJ8YEAb/mIdkPu5o=
 github.com/aeneasr/koanf v0.14.1-0.20211230115640-aa3902b3267a/go.mod h1:1cfH5223ZeZUOs8FU2UdTmaNfHpqgtjV0+NHjRO43gs=
 github.com/afex/hystrix-go v0.0.0-20180502004556-fa1af6a1f4f5/go.mod h1:SkGFH1ia65gfNATL8TAiHDNxPzPdmEL5uirI2Uyuz6c=
-github.com/ajg/form v0.0.0-20160822230020-523a5da1a92f h1:zvClvFQwU++UpIUBGC8YmDlfhUrweEy1R1Fj1gu5iIM=
-github.com/ajg/form v0.0.0-20160822230020-523a5da1a92f/go.mod h1:uL1WgH+h2mgNtvBq0339dVnzXdBETtL2LeUXaIv25UY=
 github.com/akavel/rsrc v0.8.0/go.mod h1:uLoCtb9J+EyAqh+26kdrTgmzRBFPGOolLWKpdxkKq+c=
 github.com/alcortesm/tgz v0.0.0-20161220082320-9c5fe88206d7/go.mod h1:6zEj6s6u/ghQa61ZWa/C2Aw3RkjiTBOix7dkqa1VLIs=
 github.com/alecthomas/kingpin v2.2.6+incompatible/go.mod h1:59OFYbFVLKQKq+mqrL6Rw5bR0c3ACQaawgXx0QYndlE=
@@ -166,7 +129,6 @@ github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRF
 github.com/alecthomas/units v0.0.0-20190924025748-f65c72e2690d/go.mod h1:rBZYJk541a8SKzHPHnH3zbiI+7dagKZ0cgpgrD7Fyho=
 github.com/alecthomas/units v0.0.0-20210208195552-ff826a37aa15 h1:AUNCr9CiJuwrRYS3XieqF+Z9B9gNxo/eANAJCF2eiN4=
 github.com/alecthomas/units v0.0.0-20210208195552-ff826a37aa15/go.mod h1:OMCwj8VM1Kc9e19TLln2VL61YJF0x1XFtfdL4JdbSyE=
-github.com/alexflint/go-filemutex v0.0.0-20171022225611-72bdc8eae2ae/go.mod h1:CgnQgUtFrFz9mxFNtED3jI5tLDjKlOM+oUF/sTk6ps0=
 github.com/anmitsu/go-shlex v0.0.0-20161002113705-648efa622239/go.mod h1:2FmKhYUyUczH0OGQWaF5ceTx0UBShxjsH6f8oGKYe2c=
 github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY=
 github.com/aokoli/goutils v1.0.1/go.mod h1:SijmP0QR8LtwsmDs8Yii5Z/S4trXFGFC2oO5g9DP+DQ=
@@ -188,16 +150,14 @@ github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj
 github.com/armon/go-radix v1.0.0/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8=
 github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs=
 github.com/aryann/difflib v0.0.0-20170710044230-e206f873d14a/go.mod h1:DAHtR1m6lCRdSC2Tm3DSWRPvIPr6xNKyeHdqDQSQT+A=
-github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a/go.mod h1:lB+ZfQJz7igIIfQNfa7Ml4HSf2uFQQRzpGGRXenZAgY=
 github.com/asaskevich/govalidator v0.0.0-20200907205600-7a23bdc65eef/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw=
 github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d h1:Byv0BzEl3/e6D5CLfI0j/7hiIEtvGVFPCZ7Ei2oq8iQ=
 github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw=
 github.com/avast/retry-go/v3 v3.1.1 h1:49Scxf4v8PmiQ/nY0aY3p0hDueqSmc7++cBbtiDGu2g=
 github.com/avast/retry-go/v3 v3.1.1/go.mod h1:6cXRK369RpzFL3UQGqIUp9Q7GDrams+KsYWrfNA1/nQ=
-github.com/avast/retry-go/v4 v4.0.5 h1:C0Fm9MjPCmgLW6Jb1zBTVRx0ycr+VUaaUZO5wpqYjqg=
-github.com/avast/retry-go/v4 v4.0.5/go.mod h1:HqmLvS2VLdStPCGDFjSuZ9pzlTqVRldCI4w2dO4m1Ms=
+github.com/avast/retry-go/v4 v4.3.0 h1:cqI48aXx0BExKoM7XPklDpoHAg7/srPPLAfWG5z62jo=
+github.com/avast/retry-go/v4 v4.3.0/go.mod h1:bqOlT4nxk4phk9buiQFaghzjpqdchOSwPgjdfdQBtdg=
 github.com/aws/aws-lambda-go v1.13.3/go.mod h1:4UKl9IzQMoD+QF79YdCuzCwp8VbmG4VAQwij/eHl5CU=
-github.com/aws/aws-sdk-go v1.15.11/go.mod h1:mFuSZ37Z9YOHbQEwBWztmVzqXrEkub65tZoCYDt7FT0=
 github.com/aws/aws-sdk-go v1.15.27/go.mod h1:mFuSZ37Z9YOHbQEwBWztmVzqXrEkub65tZoCYDt7FT0=
 github.com/aws/aws-sdk-go v1.19.18/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo=
 github.com/aws/aws-sdk-go v1.19.45/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo=
@@ -220,19 +180,14 @@ github.com/aws/smithy-go v1.8.0/go.mod h1:SObp3lf9smib00L/v3U2eAKG8FyQ7iLrJnQiAm
 github.com/aybabtme/rgbterm v0.0.0-20170906152045-cc83f3b3ce59/go.mod h1:q/89r3U2H7sSsE2t6Kca0lfwTK8JdoNGS/yzM/4iH5I=
 github.com/aymerick/douceur v0.2.0 h1:Mv+mAeH1Q+n9Fr+oyamOlAkUNPWPlA8PPGR0QAaYuPk=
 github.com/aymerick/douceur v0.2.0/go.mod h1:wlT5vV2O3h55X9m7iVYN0TBM0NH/MmbLnd30/FjWUq4=
-github.com/beorn7/perks v0.0.0-20160804104726-4c0e84591b9a/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
 github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
 github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8=
 github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
 github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
 github.com/bgentry/speakeasy v0.1.0 h1:ByYyxL9InA1OWqxJqqp2A5pYHUrCiAL6K3J+LKSsQkY=
 github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs=
-github.com/bitly/go-simplejson v0.5.0/go.mod h1:cXHtHw4XUPsvGaxgjIAn8PhEWG9NfngEKAMDJEczWVA=
-github.com/bits-and-blooms/bitset v1.2.0/go.mod h1:gIdJ4wp64HaoK2YrL1Q5/N7Y16edYb8uY+O0FJTyyDA=
 github.com/bketelsen/crypt v0.0.3-0.20200106085610-5cbc8cc4026c/go.mod h1:MKsuJmJgSg28kpZDP6UIiPt0e0Oz0kqKNGyRaWEPv84=
 github.com/blakesmith/ar v0.0.0-20190502131153-809d4375e1fb/go.mod h1:PkYb9DJNAwrSvRx5DYA+gUcOIgTGVMNkfSCbZM8cWpI=
-github.com/blang/semver v3.1.0+incompatible/go.mod h1:kRBLl5iJ+tD4TcOOxsy/0fnwebNt5EWlYSAyrTnjyyk=
-github.com/blang/semver v3.5.1+incompatible/go.mod h1:kRBLl5iJ+tD4TcOOxsy/0fnwebNt5EWlYSAyrTnjyyk=
 github.com/bmatcuk/doublestar v1.3.4 h1:gPypJ5xD31uhX6Tf54sDPUOBXTqKH4c9aPY66CyQrS0=
 github.com/bmatcuk/doublestar v1.3.4/go.mod h1:wiQtGV+rzVYxB7WIlirSN++5HPtPlXEo9MEoZQC/PmE=
 github.com/bmizerany/assert v0.0.0-20160611221934-b7ed37b82869 h1:DDGfHa7BWjL4YnC6+E63dPcxHo2sUxDIu8g3QgEJdRY=
@@ -240,11 +195,6 @@ github.com/bmizerany/assert v0.0.0-20160611221934-b7ed37b82869/go.mod h1:Ekp36dR
 github.com/boombuler/barcode v1.0.1-0.20190219062509-6c824513bacc/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl3JlRe0mD8=
 github.com/boombuler/barcode v1.0.1 h1:NDBbPmhS+EqABEs5Kg3n/5ZNjy73Pz7SIV+KCeqyXcs=
 github.com/boombuler/barcode v1.0.1/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl3JlRe0mD8=
-github.com/bshuster-repo/logrus-logstash-hook v0.4.1/go.mod h1:zsTqEiSzDgAa/8GZR7E1qaXrhYNDKBYy5/dWPTIflbk=
-github.com/buger/jsonparser v0.0.0-20180808090653-f4dd9f5a6b44/go.mod h1:bbYlZJ7hK1yFx9hf58LP0zeX7UjIGs20ufpu3evjr+s=
-github.com/bugsnag/bugsnag-go v0.0.0-20141110184014-b1d153021fcd/go.mod h1:2oa8nejYd4cQ/b0hMIopN0lCRxU0bueqREvZLWFrtK8=
-github.com/bugsnag/osext v0.0.0-20130617224835-0dd3f918b21b/go.mod h1:obH5gd0BsqsP2LwDJ9aOkm/6J86V6lyAXCoQWGw3K50=
-github.com/bugsnag/panicwrap v0.0.0-20151223152923-e2c28503fcd0/go.mod h1:D/8v3kj0zr8ZAKg1AQ6crr+5VwKN5eIywRkfhyM/+dE=
 github.com/bwmarrin/discordgo v0.23.0 h1://ARp8qUrRZvDGMkfAjtcC20WOvsMtTgi+KrdKnl6eY=
 github.com/bwmarrin/discordgo v0.23.0/go.mod h1:c1WtWUGN6nREDmzIpyTp/iD3VYt4Fpx+bVyfBG7JE+M=
 github.com/bxcodec/faker/v3 v3.3.1 h1:G7uldFk+iO/ES7W4v7JlI/WU9FQ6op9VJ15YZlDEhGQ=
@@ -264,22 +214,14 @@ github.com/census-instrumentation/opencensus-proto v0.3.0/go.mod h1:f6KPmirojxKA
 github.com/certifi/gocertifi v0.0.0-20191021191039-0944d244cd40/go.mod h1:sGbDF6GwGcLpkNXPUTkMRoywsNa/ol15pxFe6ERfguA=
 github.com/certifi/gocertifi v0.0.0-20210507211836-431795d63e8d h1:S2NE3iHSwP0XV47EEXL8mWmRdEfGscSJ+7EgePNgt0s=
 github.com/certifi/gocertifi v0.0.0-20210507211836-431795d63e8d/go.mod h1:sGbDF6GwGcLpkNXPUTkMRoywsNa/ol15pxFe6ERfguA=
-github.com/cespare/xxhash v1.1.0 h1:a6HrQnmkObjyL+Gs60czilIUGqrzKutQD6XZog3p+ko=
 github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc=
 github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
 github.com/cespare/xxhash/v2 v2.1.2 h1:YRXhKfTDauu4ajMg1TPgFO5jnlC2HCbmLXMcTG5cbYE=
 github.com/cespare/xxhash/v2 v2.1.2/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
-github.com/checkpoint-restore/go-criu/v4 v4.1.0/go.mod h1:xUQBLp4RLc5zJtWY++yjOoMoB5lihDt7fai+75m+rGw=
-github.com/checkpoint-restore/go-criu/v5 v5.0.0/go.mod h1:cfwC0EG7HMUenopBsUf9d89JlCLQIfgVcNsNN0t6T2M=
 github.com/checkpoint-restore/go-criu/v5 v5.3.0/go.mod h1:E/eQpaFtUKGOOSEBZgmKAcn+zUUwWxqcaKZlF54wK8E=
 github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI=
 github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI=
 github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU=
-github.com/cilium/ebpf v0.0.0-20200110133405-4032b1d8aae3/go.mod h1:MA5e5Lr8slmEg9bt0VpxxWqJlO4iwu3FBdHUzV7wQVg=
-github.com/cilium/ebpf v0.0.0-20200702112145-1c8d4c9ef775/go.mod h1:7cR51M8ViRLIdUjrmSXlK9pkrsDlLHbO8jiB8X8JnOc=
-github.com/cilium/ebpf v0.2.0/go.mod h1:To2CFviqOWL/M0gIMsvSMlqe7em/l1ALkX1PyjrX2Qs=
-github.com/cilium/ebpf v0.4.0/go.mod h1:4tRaxcgiL706VnOzHOdBlY8IEAIdxINsQBcU4xJJXRs=
-github.com/cilium/ebpf v0.6.2/go.mod h1:4tRaxcgiL706VnOzHOdBlY8IEAIdxINsQBcU4xJJXRs=
 github.com/cilium/ebpf v0.7.0/go.mod h1:/oI2+1shJiTGAMgl6/RgJr36Eo1jzrRcAWbcXO2usCA=
 github.com/circonus-labs/circonus-gometrics v2.3.1+incompatible/go.mod h1:nmEj6Dob7S7YxXgwXpfOuvO54S+tGdZdw9fuRZt25Ag=
 github.com/circonus-labs/circonusllhist v0.1.3/go.mod h1:kMXHVDlOchFAehlya5ePtbp5jckzBHf4XRpQvBOLI+I=
@@ -304,8 +246,8 @@ github.com/cncf/xds/go v0.0.0-20211130200136-a8f946100490 h1:KwaoQzs/WeUxxJqiJsZ
 github.com/cncf/xds/go v0.0.0-20211130200136-a8f946100490/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
 github.com/cockroachdb/apd v1.1.0 h1:3LFP3629v+1aKXU5Q37mxmRxX/pIu1nijXydLShEq5I=
 github.com/cockroachdb/apd v1.1.0/go.mod h1:8Sl8LxpKi29FqWXR16WEFZRNSz3SoPzUzeMeY4+DwBQ=
-github.com/cockroachdb/cockroach-go/v2 v2.2.10 h1:O7Hl8m0rs/oJNBmRr14ED3Q3+AmugMK9DtJwRDHZ2DA=
-github.com/cockroachdb/cockroach-go/v2 v2.2.10/go.mod h1:xZ2VHjUEb/cySv0scXBx7YsBnHtLHkR1+w/w73b5i3M=
+github.com/cockroachdb/cockroach-go/v2 v2.2.16 h1:t9dmZuC9J2W8IDQDSIGXmP+fBuEJSsrGXxWQz4cYqBY=
+github.com/cockroachdb/cockroach-go/v2 v2.2.16/go.mod h1:xZ2VHjUEb/cySv0scXBx7YsBnHtLHkR1+w/w73b5i3M=
 github.com/cockroachdb/datadriven v0.0.0-20190809214429-80d97fb3cbaa/go.mod h1:zn76sxSg3SzpJ0PPJaLDCu+Bu0Lg3sKTORVIj19EIF8=
 github.com/cockroachdb/datadriven v0.0.0-20200714090401-bf6692d28da5 h1:xD/lrqdvwsc+O2bjSSi3YqY73Ke3LAiSCx49aCesA0E=
 github.com/cockroachdb/datadriven v0.0.0-20200714090401-bf6692d28da5/go.mod h1:h6jFvWxBdQXxjopDMZyH2UVceIRfR84bdzbkoKrsWNo=
@@ -314,109 +256,21 @@ github.com/cockroachdb/errors v1.2.4/go.mod h1:rQD95gz6FARkaKkQXUksEje/d9a6wBJoC
 github.com/cockroachdb/logtags v0.0.0-20190617123548-eb05cc24525f h1:o/kfcElHqOiXqcou5a3rIlMc7oJbMQkeLk0VQJ7zgqY=
 github.com/cockroachdb/logtags v0.0.0-20190617123548-eb05cc24525f/go.mod h1:i/u985jwjWRlyHXQbwatDASoW0RMlZ/3i9yJHE2xLkI=
 github.com/codahale/hdrhistogram v0.0.0-20161010025455-3a0bb77429bd/go.mod h1:sE/e/2PUdi/liOCUjSTXgM1o87ZssimdTWN964YiIeI=
-github.com/containerd/aufs v0.0.0-20200908144142-dab0cbea06f4/go.mod h1:nukgQABAEopAHvB6j7cnP5zJ+/3aVcE7hCYqvIwAHyE=
-github.com/containerd/aufs v0.0.0-20201003224125-76a6863f2989/go.mod h1:AkGGQs9NM2vtYHaUen+NljV0/baGCAPELGm2q9ZXpWU=
-github.com/containerd/aufs v0.0.0-20210316121734-20793ff83c97/go.mod h1:kL5kd6KM5TzQjR79jljyi4olc1Vrx6XBlcyj3gNv2PU=
-github.com/containerd/aufs v1.0.0/go.mod h1:kL5kd6KM5TzQjR79jljyi4olc1Vrx6XBlcyj3gNv2PU=
-github.com/containerd/btrfs v0.0.0-20201111183144-404b9149801e/go.mod h1:jg2QkJcsabfHugurUvvPhS3E08Oxiuh5W/g1ybB4e0E=
-github.com/containerd/btrfs v0.0.0-20210316141732-918d888fb676/go.mod h1:zMcX3qkXTAi9GI50+0HOeuV8LU2ryCE/V2vG/ZBiTss=
-github.com/containerd/btrfs v1.0.0/go.mod h1:zMcX3qkXTAi9GI50+0HOeuV8LU2ryCE/V2vG/ZBiTss=
-github.com/containerd/cgroups v0.0.0-20190717030353-c4b9ac5c7601/go.mod h1:X9rLEHIqSf/wfK8NsPqxJmeZgW4pcfzdXITDrUSJ6uI=
-github.com/containerd/cgroups v0.0.0-20190919134610-bf292b21730f/go.mod h1:OApqhQ4XNSNC13gXIwDjhOQxjWa/NxkwZXJ1EvqT0ko=
-github.com/containerd/cgroups v0.0.0-20200531161412-0dbf7f05ba59/go.mod h1:pA0z1pT8KYB3TCXK/ocprsh7MAkoW8bZVzPdih9snmM=
-github.com/containerd/cgroups v0.0.0-20200710171044-318312a37340/go.mod h1:s5q4SojHctfxANBDvMeIaIovkq29IP48TKAxnhYRxvo=
-github.com/containerd/cgroups v0.0.0-20200824123100-0b889c03f102/go.mod h1:s5q4SojHctfxANBDvMeIaIovkq29IP48TKAxnhYRxvo=
-github.com/containerd/cgroups v0.0.0-20210114181951-8a68de567b68/go.mod h1:ZJeTFisyysqgcCdecO57Dj79RfL0LNeGiFUqLYQRYLE=
-github.com/containerd/cgroups v1.0.1/go.mod h1:0SJrPIenamHDcZhEcJMNBB85rHcUsw4f25ZfBiPYRkU=
-github.com/containerd/console v0.0.0-20180822173158-c12b1e7919c1/go.mod h1:Tj/on1eG8kiEhd0+fhSDzsPAFESxzBBvdyEgyryXffw=
-github.com/containerd/console v0.0.0-20181022165439-0650fd9eeb50/go.mod h1:Tj/on1eG8kiEhd0+fhSDzsPAFESxzBBvdyEgyryXffw=
-github.com/containerd/console v0.0.0-20191206165004-02ecf6a7291e/go.mod h1:8Pf4gM6VEbTNRIT26AyyU7hxdQU3MvAvxVI0sc00XBE=
-github.com/containerd/console v1.0.1/go.mod h1:XUsP6YE/mKtz6bxc+I8UiKKTP04qjQL4qcS3XoQ5xkw=
-github.com/containerd/console v1.0.2/go.mod h1:ytZPjGgY2oeTkAONYafi2kSj0aYggsf8acV1PGKCbzQ=
 github.com/containerd/console v1.0.3/go.mod h1:7LqA/THxQ86k76b8c/EMSiaJ3h1eZkMkXar0TQ1gf3U=
-github.com/containerd/containerd v1.2.10/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA=
-github.com/containerd/containerd v1.3.0-beta.2.0.20190828155532-0293cbd26c69/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA=
-github.com/containerd/containerd v1.3.0/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA=
-github.com/containerd/containerd v1.3.1-0.20191213020239-082f7e3aed57/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA=
-github.com/containerd/containerd v1.3.2/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA=
-github.com/containerd/containerd v1.4.0-beta.2.0.20200729163537-40b22ef07410/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA=
-github.com/containerd/containerd v1.4.1/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA=
-github.com/containerd/containerd v1.4.3/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA=
-github.com/containerd/containerd v1.5.0-beta.1/go.mod h1:5HfvG1V2FsKesEGQ17k5/T7V960Tmcumvqn8Mc+pCYQ=
-github.com/containerd/containerd v1.5.0-beta.3/go.mod h1:/wr9AVtEM7x9c+n0+stptlo/uBBoBORwEx6ardVcmKU=
-github.com/containerd/containerd v1.5.0-beta.4/go.mod h1:GmdgZd2zA2GYIBZ0w09ZvgqEq8EfBp/m3lcVZIvPHhI=
-github.com/containerd/containerd v1.5.0-rc.0/go.mod h1:V/IXoMqNGgBlabz3tHD2TWDoTJseu1FGOKuoA4nNb2s=
-github.com/containerd/containerd v1.5.1/go.mod h1:0DOxVqwDy2iZvrZp2JUx/E+hS0UNTVn7dJnIOwtYR4g=
-github.com/containerd/containerd v1.5.7 h1:rQyoYtj4KddB3bxG6SAqd4+08gePNyJjRqvOIfV3rkM=
-github.com/containerd/containerd v1.5.7/go.mod h1:gyvv6+ugqY25TiXxcZC3L5yOeYgEw0QMhscqVp1AR9c=
-github.com/containerd/continuity v0.0.0-20190426062206-aaeac12a7ffc/go.mod h1:GL3xCUCBDV3CZiTSEKksMWbLE66hEyuu9qyDOOqM47Y=
-github.com/containerd/continuity v0.0.0-20190815185530-f2a389ac0a02/go.mod h1:GL3xCUCBDV3CZiTSEKksMWbLE66hEyuu9qyDOOqM47Y=
-github.com/containerd/continuity v0.0.0-20191127005431-f65d91d395eb/go.mod h1:GL3xCUCBDV3CZiTSEKksMWbLE66hEyuu9qyDOOqM47Y=
-github.com/containerd/continuity v0.0.0-20200710164510-efbc4488d8fe/go.mod h1:cECdGN1O8G9bgKTlLhuPJimka6Xb/Gg7vYzCTNVxhvo=
-github.com/containerd/continuity v0.0.0-20201208142359-180525291bb7/go.mod h1:kR3BEg7bDFaEddKm54WSmrol1fKWDU1nKYkgrcgZT7Y=
-github.com/containerd/continuity v0.0.0-20210208174643-50096c924a4e/go.mod h1:EXlVlkqNba9rJe3j7w3Xa924itAMLgZH4UD/Q4PExuQ=
-github.com/containerd/continuity v0.1.0/go.mod h1:ICJu0PwR54nI0yPEnJ6jcS+J7CZAUXrLh8lPo2knzsM=
 github.com/containerd/continuity v0.3.0 h1:nisirsYROK15TAMVukJOUyGJjz4BNQJBVsNvAXZJ/eg=
 github.com/containerd/continuity v0.3.0/go.mod h1:wJEAIwKOm/pBZuBd0JmeTvnLquTB1Ag8espWhkykbPM=
-github.com/containerd/fifo v0.0.0-20180307165137-3d5202aec260/go.mod h1:ODA38xgv3Kuk8dQz2ZQXpnv/UZZUHUCL7pnLehbXgQI=
-github.com/containerd/fifo v0.0.0-20190226154929-a9fb20d87448/go.mod h1:ODA38xgv3Kuk8dQz2ZQXpnv/UZZUHUCL7pnLehbXgQI=
-github.com/containerd/fifo v0.0.0-20200410184934-f15a3290365b/go.mod h1:jPQ2IAeZRCYxpS/Cm1495vGFww6ecHmMk1YJH2Q5ln0=
-github.com/containerd/fifo v0.0.0-20201026212402-0724c46b320c/go.mod h1:jPQ2IAeZRCYxpS/Cm1495vGFww6ecHmMk1YJH2Q5ln0=
-github.com/containerd/fifo v0.0.0-20210316144830-115abcc95a1d/go.mod h1:ocF/ME1SX5b1AOlWi9r677YJmCPSwwWnQ9O123vzpE4=
-github.com/containerd/fifo v1.0.0/go.mod h1:ocF/ME1SX5b1AOlWi9r677YJmCPSwwWnQ9O123vzpE4=
-github.com/containerd/go-cni v1.0.1/go.mod h1:+vUpYxKvAF72G9i1WoDOiPGRtQpqsNW/ZHtSlv++smU=
-github.com/containerd/go-cni v1.0.2/go.mod h1:nrNABBHzu0ZwCug9Ije8hL2xBCYh/pjfMb1aZGrrohk=
-github.com/containerd/go-runc v0.0.0-20180907222934-5a6d9f37cfa3/go.mod h1:IV7qH3hrUgRmyYrtgEeGWJfWbgcHL9CSRruz2Vqcph0=
-github.com/containerd/go-runc v0.0.0-20190911050354-e029b79d8cda/go.mod h1:IV7qH3hrUgRmyYrtgEeGWJfWbgcHL9CSRruz2Vqcph0=
-github.com/containerd/go-runc v0.0.0-20200220073739-7016d3ce2328/go.mod h1:PpyHrqVs8FTi9vpyHwPwiNEGaACDxT/N/pLcvMSRA9g=
-github.com/containerd/go-runc v0.0.0-20201020171139-16b287bc67d0/go.mod h1:cNU0ZbCgCQVZK4lgG3P+9tn9/PaJNmoDXPpoJhDR+Ok=
-github.com/containerd/go-runc v1.0.0/go.mod h1:cNU0ZbCgCQVZK4lgG3P+9tn9/PaJNmoDXPpoJhDR+Ok=
-github.com/containerd/imgcrypt v1.0.1/go.mod h1:mdd8cEPW7TPgNG4FpuP3sGBiQ7Yi/zak9TYCG3juvb0=
-github.com/containerd/imgcrypt v1.0.4-0.20210301171431-0ae5c75f59ba/go.mod h1:6TNsg0ctmizkrOgXRNQjAPFWpMYRWuiB6dSF4Pfa5SA=
-github.com/containerd/imgcrypt v1.1.1-0.20210312161619-7ed62a527887/go.mod h1:5AZJNI6sLHJljKuI9IHnw1pWqo/F0nGDOuR9zgTs7ow=
-github.com/containerd/imgcrypt v1.1.1/go.mod h1:xpLnwiQmEUJPvQoAapeb2SNCxz7Xr6PJrXQb0Dpc4ms=
-github.com/containerd/nri v0.0.0-20201007170849-eb1350a75164/go.mod h1:+2wGSDGFYfE5+So4M5syatU0N0f0LbWpuqyMi4/BE8c=
-github.com/containerd/nri v0.0.0-20210316161719-dbaa18c31c14/go.mod h1:lmxnXF6oMkbqs39FiCt1s0R2HSMhcLel9vNL3m4AaeY=
-github.com/containerd/nri v0.1.0/go.mod h1:lmxnXF6oMkbqs39FiCt1s0R2HSMhcLel9vNL3m4AaeY=
-github.com/containerd/ttrpc v0.0.0-20190828154514-0e0f228740de/go.mod h1:PvCDdDGpgqzQIzDW1TphrGLssLDZp2GuS+X5DkEJB8o=
-github.com/containerd/ttrpc v0.0.0-20190828172938-92c8520ef9f8/go.mod h1:PvCDdDGpgqzQIzDW1TphrGLssLDZp2GuS+X5DkEJB8o=
-github.com/containerd/ttrpc v0.0.0-20191028202541-4f1b8fe65a5c/go.mod h1:LPm1u0xBw8r8NOKoOdNMeVHSawSsltak+Ihv+etqsE8=
-github.com/containerd/ttrpc v1.0.1/go.mod h1:UAxOpgT9ziI0gJrmKvgcZivgxOp8iFPSk8httJEt98Y=
-github.com/containerd/ttrpc v1.0.2/go.mod h1:UAxOpgT9ziI0gJrmKvgcZivgxOp8iFPSk8httJEt98Y=
-github.com/containerd/typeurl v0.0.0-20180627222232-a93fcdb778cd/go.mod h1:Cm3kwCdlkCfMSHURc+r6fwoGH6/F1hH3S4sg0rLFWPc=
-github.com/containerd/typeurl v0.0.0-20190911142611-5eb25027c9fd/go.mod h1:GeKYzf2pQcqv7tJ0AoCuuhtnqhva5LNU3U+OyKxxJpk=
-github.com/containerd/typeurl v1.0.1/go.mod h1:TB1hUtrpaiO88KEK56ijojHS1+NeF0izUACaJW2mdXg=
-github.com/containerd/typeurl v1.0.2/go.mod h1:9trJWW2sRlGub4wZJRTW83VtbOLS6hwcDZXTn6oPz9s=
-github.com/containerd/zfs v0.0.0-20200918131355-0a33824f23a2/go.mod h1:8IgZOBdv8fAgXddBT4dBXJPtxyRsejFIpXoklgxgEjw=
-github.com/containerd/zfs v0.0.0-20210301145711-11e8f1707f62/go.mod h1:A9zfAbMlQwE+/is6hi0Xw8ktpL+6glmqZYtevJgaB8Y=
-github.com/containerd/zfs v0.0.0-20210315114300-dde8f0fda960/go.mod h1:m+m51S1DvAP6r3FcmYCp54bQ34pyOwTieQDNRIRHsFY=
-github.com/containerd/zfs v0.0.0-20210324211415-d5c4544f0433/go.mod h1:m+m51S1DvAP6r3FcmYCp54bQ34pyOwTieQDNRIRHsFY=
-github.com/containerd/zfs v1.0.0/go.mod h1:m+m51S1DvAP6r3FcmYCp54bQ34pyOwTieQDNRIRHsFY=
-github.com/containernetworking/cni v0.7.1/go.mod h1:LGwApLUm2FpoOfxTDEeq8T9ipbpZ61X79hmU3w8FmsY=
-github.com/containernetworking/cni v0.8.0/go.mod h1:LGwApLUm2FpoOfxTDEeq8T9ipbpZ61X79hmU3w8FmsY=
-github.com/containernetworking/cni v0.8.1/go.mod h1:LGwApLUm2FpoOfxTDEeq8T9ipbpZ61X79hmU3w8FmsY=
-github.com/containernetworking/plugins v0.8.6/go.mod h1:qnw5mN19D8fIwkqW7oHHYDHVlzhJpcY6TQxn/fUyDDM=
-github.com/containernetworking/plugins v0.9.1/go.mod h1:xP/idU2ldlzN6m4p5LmGiwRDjeJr6FLK6vuiUwoH7P8=
-github.com/containers/ocicrypt v1.0.1/go.mod h1:MeJDzk1RJHv89LjsH0Sp5KTY3ZYkjXO/C+bKAeWFIrc=
-github.com/containers/ocicrypt v1.1.0/go.mod h1:b8AOe0YR67uU8OqfVNcznfFpAzu3rdgUV4GP9qXPfu4=
-github.com/containers/ocicrypt v1.1.1/go.mod h1:Dm55fwWm1YZAjYRaJ94z2mfZikIyIN4B0oB3dj3jFxY=
 github.com/coreos/bbolt v1.3.2/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk=
 github.com/coreos/etcd v3.3.10+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE=
 github.com/coreos/etcd v3.3.13+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE=
 github.com/coreos/go-etcd v2.0.0+incompatible/go.mod h1:Jez6KQU2B/sWsbdaef3ED8NzMklzPG4d5KIOhIy30Tk=
-github.com/coreos/go-iptables v0.4.5/go.mod h1:/mVI274lEDI2ns62jHCDnCyBF9Iwsmekav8Dbxlm1MU=
-github.com/coreos/go-iptables v0.5.0/go.mod h1:/mVI274lEDI2ns62jHCDnCyBF9Iwsmekav8Dbxlm1MU=
-github.com/coreos/go-oidc v2.1.0+incompatible/go.mod h1:CgnwVTmzoESiwO9qyAFEMiHoZ1nMCKZlZ9V6mm3/LKc=
 github.com/coreos/go-oidc v2.2.1+incompatible h1:mh48q/BqXqgjVHpy2ZY7WnWAbenxRjsz9N1i1YxjHAk=
 github.com/coreos/go-oidc v2.2.1+incompatible/go.mod h1:CgnwVTmzoESiwO9qyAFEMiHoZ1nMCKZlZ9V6mm3/LKc=
 github.com/coreos/go-semver v0.2.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk=
 github.com/coreos/go-semver v0.3.0 h1:wkHLiw0WNATZnSG7epLsujiMCgPAc9xhjJ4tgnAxmfM=
 github.com/coreos/go-semver v0.3.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk=
-github.com/coreos/go-systemd v0.0.0-20161114122254-48702e0da86b/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4=
 github.com/coreos/go-systemd v0.0.0-20180511133405-39ca1b05acc7/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4=
 github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4=
 github.com/coreos/go-systemd v0.0.0-20190719114852-fd7a80b32e1f/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4=
-github.com/coreos/go-systemd/v22 v22.0.0/go.mod h1:xO0FLkIi5MaZafQlIrOotqXZ90ih+1atmu1JpKERPPk=
 github.com/coreos/go-systemd/v22 v22.1.0/go.mod h1:xO0FLkIi5MaZafQlIrOotqXZ90ih+1atmu1JpKERPPk=
 github.com/coreos/go-systemd/v22 v22.3.2 h1:D9/bQk5vlXQFZ6Kwuu6zaiXJ9oTPe68++AzAJc1DzSI=
 github.com/coreos/go-systemd/v22 v22.3.2/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc=
@@ -437,12 +291,7 @@ github.com/creack/pty v1.1.7/go.mod h1:lj5s0c3V2DBrqTV7llrYr5NG6My20zk30Fl46Y7Do
 github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
 github.com/creack/pty v1.1.11 h1:07n33Z8lZxZ2qwegKbObQohDhXDQxiMMz1NOUGYlesw=
 github.com/creack/pty v1.1.11/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
-github.com/cyphar/filepath-securejoin v0.2.2/go.mod h1:FpkQEhXnPnOthhzymB7CGsFk2G9VLXONKD9G7QGMM+4=
 github.com/cyphar/filepath-securejoin v0.2.3/go.mod h1:aPGpWjXOXUn2NCNjFvBE6aRxGGx79pTxQpKOJNYHHl4=
-github.com/d2g/dhcp4 v0.0.0-20170904100407-a1d1b6c41b1c/go.mod h1:Ct2BUK8SB0YC1SMSibvLzxjeJLnrYEVLULFNiHY9YfQ=
-github.com/d2g/dhcp4client v1.0.0/go.mod h1:j0hNfjhrt2SxUOw55nL0ATM/z4Yt3t2Kd1mW34z5W5s=
-github.com/d2g/dhcp4server v0.0.0-20181031114812-7d4a0a7f59a5/go.mod h1:Eo87+Kg/IX2hfWJfwxMzLyuSZyxSoAug2nGa1G2QAi8=
-github.com/d2g/hardwareaddr v0.0.0-20190221164911-e7d9fbe030e4/go.mod h1:bMl4RjIciD2oAxI7DmWRx6gbeqrkoLqv3MV0vzNad+I=
 github.com/daaku/go.zipexe v1.0.0/go.mod h1:z8IiR6TsVLEYKwXAoE/I+8ys/sDkgTzSL0CLnGVd57E=
 github.com/daaku/go.zipexe v1.0.1/go.mod h1:5xWogtqlYnfBXkSB1o9xysukNP9GTvaNkqzUZbt3Bw8=
 github.com/davecgh/go-spew v0.0.0-20161028175848-04cdfd42973b/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
@@ -451,55 +300,39 @@ github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davidrjonas/semver-cli v0.0.0-20190116233701-ee19a9a0dda6 h1:VzPvKOw28XJ77PYwOq5gAqvFB4gk6gst0HxxiW8kfZQ=
 github.com/davidrjonas/semver-cli v0.0.0-20190116233701-ee19a9a0dda6/go.mod h1:+6FzxsSbK4oEuvdN06Jco8zKB2mQqIB6UduZdd0Zesk=
-github.com/denverdino/aliyungo v0.0.0-20190125010748-a747050bb1ba/go.mod h1:dV8lFg6daOBZbT6/BDGIz6Y3WFGn8juu6G+CQ6LHtl0=
 github.com/devigned/tab v0.1.1/go.mod h1:XG9mPq0dFghrYvoBF3xdRrJzSTX1b7IQrvaL9mzjeJY=
 github.com/dgraph-io/ristretto v0.0.1/go.mod h1:T40EBc7CJke8TkpiYfGGKAeFjSaxuFXhuXRyumBd6RE=
 github.com/dgraph-io/ristretto v0.0.2/go.mod h1:KPxhHT9ZxKefz+PCeOGsrHpl1qZ7i70dGTu2u+Ahh6E=
 github.com/dgraph-io/ristretto v0.0.3/go.mod h1:KPxhHT9ZxKefz+PCeOGsrHpl1qZ7i70dGTu2u+Ahh6E=
 github.com/dgraph-io/ristretto v0.1.1 h1:6CWw5tJNgpegArSHpNHJKldNeq03FQCwYvfMVWajOK8=
 github.com/dgraph-io/ristretto v0.1.1/go.mod h1:S1GPSBCYCIhmVNfcth17y2zZtQT6wzkzgwUve0VDWWA=
-github.com/dgrijalva/jwt-go v0.0.0-20170104182250-a601269ab70c/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ=
 github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ=
 github.com/dgryski/go-farm v0.0.0-20190423205320-6a90982ecee2 h1:tdlZCpZ/P9DhczCTSixgIKmwPv6+wP5DGjqLYw5SUiA=
 github.com/dgryski/go-farm v0.0.0-20190423205320-6a90982ecee2/go.mod h1:SqUrOPUnsFjfmXRMNPybcSiG0BgUW2AuFH8PAnS2iTw=
 github.com/dgryski/go-sip13 v0.0.0-20181026042036-e10d5fee7954/go.mod h1:vAd38F8PWV+bWy6jNmig1y/TA+kYO4g3RSRF0IAv0no=
 github.com/dimchansky/utfbom v1.1.0/go.mod h1:rO41eb7gLfo8SF1jd9F8HplJm1Fewwi4mQvIirEdv+8=
-github.com/dnaeon/go-vcr v1.0.1/go.mod h1:aBB1+wY4s93YsC3HHjMBMrwTj2R9FHDzUr9KyGc8n1E=
-github.com/docker/cli v20.10.14+incompatible h1:dSBKJOVesDgHo7rbxlYjYsXe7gPzrTT+/cKQgpDAazg=
-github.com/docker/cli v20.10.14+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
-github.com/docker/distribution v0.0.0-20190905152932-14b96e55d84c/go.mod h1:0+TTO4EOBfRPhZXAeF1Vu+W3hHZ8eLp8PgKVZlcvtFY=
-github.com/docker/distribution v2.7.1-0.20190205005809-0d3efadf0154+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
-github.com/docker/distribution v2.7.1+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
+github.com/docker/cli v20.10.21+incompatible h1:qVkgyYUnOLQ98LtXBrwd/duVqPT2X4SHndOuGsfwyhU=
+github.com/docker/cli v20.10.21+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
 github.com/docker/distribution v2.8.1+incompatible h1:Q50tZOPR6T/hjNsyc9g8/syEs6bk8XXApsHjKukMl68=
 github.com/docker/distribution v2.8.1+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
-github.com/docker/docker v20.10.9+incompatible h1:JlsVnETOjM2RLQa0Cc1XCIspUdXW3Zenq9P54uXBm6k=
-github.com/docker/docker v20.10.9+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
+github.com/docker/docker v20.10.21+incompatible h1:UTLdBmHk3bEY+w8qeO5KttOhy6OmXWsl/FEet9Uswog=
+github.com/docker/docker v20.10.21+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
 github.com/docker/go-connections v0.4.0 h1:El9xVISelRB7BuFusrZozjnkIM5YnzCViNKohAFqRJQ=
 github.com/docker/go-connections v0.4.0/go.mod h1:Gbd7IOopHjR8Iph03tsViu4nIes5XhDvyHbTtUxmeec=
-github.com/docker/go-events v0.0.0-20170721190031-9461782956ad/go.mod h1:Uw6UezgYA44ePAFQYUehOuCzmy5zmg/+nl2ZfMWGkpA=
-github.com/docker/go-events v0.0.0-20190806004212-e31b211e4f1c/go.mod h1:Uw6UezgYA44ePAFQYUehOuCzmy5zmg/+nl2ZfMWGkpA=
-github.com/docker/go-metrics v0.0.0-20180209012529-399ea8c73916/go.mod h1:/u0gXw0Gay3ceNrsHubL3BtdOL2fHf93USgMTe0W5dI=
-github.com/docker/go-metrics v0.0.1/go.mod h1:cG1hvH2utMXtqgqqYE9plW6lDxS3/5ayHzueweSI3Vw=
-github.com/docker/go-units v0.4.0 h1:3uh0PgVws3nIA0Q+MwDC8yjEPf9zjRfZZWXZYDct3Tw=
 github.com/docker/go-units v0.4.0/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk=
-github.com/docker/libtrust v0.0.0-20150114040149-fa567046d9b1/go.mod h1:cyGadeNEkKy96OOhEzfZl+yxihPEzKnqJwvfuSUqbZE=
-github.com/docker/spdystream v0.0.0-20160310174837-449fdfce4d96/go.mod h1:Qh8CwZgvJUkLughtfhJv5dyTYa91l1fOUCrgjqmcifM=
-github.com/docopt/docopt-go v0.0.0-20180111231733-ee0de3bc6815/go.mod h1:WwZ+bS3ebgob9U8Nd0kOddGdZWjyMGR8Wziv+TBNwSE=
+github.com/docker/go-units v0.5.0 h1:69rxXcBk27SvSaaxTtLh/8llcHD8vYHT7WSdRZ/jvr4=
+github.com/docker/go-units v0.5.0/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk=
 github.com/duo-labs/webauthn v0.0.0-20220330035159-03696f3d4499 h1:jaQHuGKk9NVcfu9VbA7ygslr/7utxdYs47i4osBhZP8=
 github.com/duo-labs/webauthn v0.0.0-20220330035159-03696f3d4499/go.mod h1:UMk1JMDgQDcdI2vQz+WJOIUTSjIq07qSepAVgc93rUc=
 github.com/dustin/go-humanize v0.0.0-20171111073723-bb3d318650d4/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk=
 github.com/dustin/go-humanize v1.0.0 h1:VSnTsYCnlFHaM2/igO1h6X3HA71jcobQuxemgkq4zYo=
 github.com/dustin/go-humanize v1.0.0/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk=
 github.com/eapache/go-resiliency v1.1.0/go.mod h1:kFI+JgMyC7bLPUVY133qvEBtVayf5mFgVsvEsIPBvNs=
-github.com/eapache/go-resiliency v1.2.0/go.mod h1:kFI+JgMyC7bLPUVY133qvEBtVayf5mFgVsvEsIPBvNs=
 github.com/eapache/go-xerial-snappy v0.0.0-20180814174437-776d5712da21/go.mod h1:+020luEh2TKB4/GOp8oxxtq0Daoen/Cii55CzbTV6DU=
 github.com/eapache/queue v1.1.0/go.mod h1:6eCeP0CKFpHLu8blIFXhExK/dRa7WDZfr6jVFPTqq+I=
 github.com/edsrzf/mmap-go v1.0.0/go.mod h1:YO35OhQPt3KJa3ryjFM5Bs14WD66h8eGKpfaBNrHW5M=
-github.com/elazarl/goproxy v0.0.0-20180725130230-947c36da3153/go.mod h1:/Zj4wYkgs4iZTTu3o/KG3Itv/qCCa8VVMlb3i9OVuzc=
 github.com/elliotchance/orderedmap v1.4.0 h1:wZtfeEONCbx6in1CZyE6bELEt/vFayMvsxqI5SgsR+A=
 github.com/elliotchance/orderedmap v1.4.0/go.mod h1:wsDwEaX5jEoyhbs7x93zk2H/qv0zwuhg4inXhDkYqys=
-github.com/emicklei/go-restful v0.0.0-20170410110728-ff4f55a20633/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs=
-github.com/emicklei/go-restful v2.9.5+incompatible/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs=
 github.com/emirpasic/gods v1.12.0/go.mod h1:YfzfFFoVP/catgzJb4IKIqXjX78Ha8FMSDh3ymbK86o=
 github.com/envoyproxy/go-control-plane v0.6.9/go.mod h1:SBwIajubJHhxtWwsL9s8ss4safvEdbitLhGGK48rN6g=
 github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
@@ -518,18 +351,19 @@ github.com/envoyproxy/protoc-gen-validate v0.6.1/go.mod h1:txg5va2Qkip90uYoSKH+n
 github.com/envoyproxy/protoc-gen-validate v0.6.2 h1:JiO+kJTpmYGjEodY7O1Zk8oZcNz1+f30UtwtXoFUPzE=
 github.com/envoyproxy/protoc-gen-validate v0.6.2/go.mod h1:2t7qjJNvHPx8IjnBOzl9E9/baC+qXE/TeeyBRzgJDws=
 github.com/etcd-io/gofail v0.0.0-20190801230047-ad7f989257ca/go.mod h1:49H/RkXP8pKaZy4h0d+NW16rSLhyVBt4o6VLJbmOqDE=
-github.com/evanphx/json-patch v4.9.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
-github.com/evanphx/json-patch v4.11.0+incompatible h1:glyUF9yIYtMHzn8xaKw5rMhdWcwsYV8dZHIq5567/xs=
-github.com/evanphx/json-patch v4.11.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
+github.com/evanphx/json-patch v5.6.0+incompatible h1:jBYDEEiFBPxA0v50tFdvOzQQTCvpL6mnFh5mB2/l16U=
+github.com/evanphx/json-patch v5.6.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
 github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4=
 github.com/fatih/color v1.9.0/go.mod h1:eQcE1qtQxscV5RaZvpXrrb8Drkc3/DdQ+uUYCNjL+zU=
 github.com/fatih/color v1.10.0/go.mod h1:ELkj/draVOlAH/xkhN6mQ50Qd0MPOk5AAr3maGEBuJM=
+github.com/fatih/color v1.12.0/go.mod h1:ELkj/draVOlAH/xkhN6mQ50Qd0MPOk5AAr3maGEBuJM=
 github.com/fatih/color v1.13.0 h1:8LOYc1KYPPmyKMuN8QV2DNRWNbLo6LZ0iLs8+mlH53w=
 github.com/fatih/color v1.13.0/go.mod h1:kLAiJbzzSOZDVNGyDpeOxJ47H46qBXwg5ILebYFFOfk=
 github.com/fatih/structs v1.1.0 h1:Q7juDM0QtcnhCpeyLGQKyg4TOIghuNXrkL32pHAUMxo=
 github.com/fatih/structs v1.1.0/go.mod h1:9NiDSp5zOcgEDl+j00MP/WkGVPOlPRLejGD8Ga6PJ7M=
+github.com/felixge/fgprof v0.9.3 h1:VvyZxILNuCiUCSXtPtYmmtGvb65nqXh2QFWc0Wpf2/g=
+github.com/felixge/fgprof v0.9.3/go.mod h1:RdbpDgzqYVh/T9fPELJyV7EYJuHB55UTEULNun8eiPw=
 github.com/felixge/httpsnoop v1.0.1/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U=
-github.com/felixge/httpsnoop v1.0.2/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U=
 github.com/felixge/httpsnoop v1.0.3 h1:s/nj+GCswXYzN5v2DpNMuMQYe+0DDwt5WVCU6CWBdXk=
 github.com/felixge/httpsnoop v1.0.3/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U=
 github.com/flynn/go-shlex v0.0.0-20150515145356-3f9db97f8568/go.mod h1:xEzjJPgXI435gkrCt3MPfRiAkVrwSbHsst4LCFVfpJc=
@@ -546,21 +380,16 @@ github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMo
 github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ=
 github.com/fsnotify/fsnotify v1.6.0 h1:n+5WquG0fcWoWp6xPWfHdbskMCQaFnG6PfBrh1Ky4HY=
 github.com/fsnotify/fsnotify v1.6.0/go.mod h1:sl3t1tCWJFWoRz9R8WJCbQihKKwmorjAbSClcnxKAGw=
-github.com/fullsailor/pkcs7 v0.0.0-20190404230743-d7302db945fa/go.mod h1:KnogPXtdwXqoenmZCw6S+25EAm2MkxbG0deNDu4cbSA=
 github.com/fullstorydev/grpcurl v1.8.0/go.mod h1:Mn2jWbdMrQGJQ8UD62uNyMumT2acsZUCkZIqFxsQf1o=
 github.com/fullstorydev/grpcurl v1.8.1 h1:Pp648wlTTg3OKySeqxM5pzh8XF6vLqrm8wRq66+5Xo0=
 github.com/fullstorydev/grpcurl v1.8.1/go.mod h1:3BWhvHZwNO7iLXaQlojdg5NA6SxUDePli4ecpK1N7gw=
 github.com/fxamacker/cbor/v2 v2.4.0 h1:ri0ArlOR+5XunOP8CRUowT0pSJOwhW098ZCUyskZD88=
 github.com/fxamacker/cbor/v2 v2.4.0/go.mod h1:TA1xS00nchWmaBnEIxPSE5oHLuJBAVvqrtAnWBwBCVo=
-github.com/garyburd/redigo v0.0.0-20150301180006-535138d7bcd7/go.mod h1:NR3MbYisc3/PwhQ00EMzDiPmrwpPxAn5GI05/YaO1SY=
 github.com/getsentry/raven-go v0.2.0 h1:no+xWJRb5ZI7eE8TWgIq1jLulQiIoLG0IfYxv5JYMGs=
 github.com/getsentry/raven-go v0.2.0/go.mod h1:KungGk8q33+aIAZUIVWZDr2OfAEBsO49PX4NzFV5kcQ=
-github.com/ghodss/yaml v0.0.0-20150909031657-73d445a93680/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
 github.com/ghodss/yaml v1.0.0 h1:wQHKEahhL6wmXdzwWG11gIVCkOv05bNOh+Rxn0yngAk=
 github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
 github.com/gliderlabs/ssh v0.2.2/go.mod h1:U7qILu1NlMHj9FlMhZLlkCdDnU1DBEAqr0aevW3Awn0=
-github.com/go-bindata/go-bindata v3.1.2+incompatible h1:5vjJMVhowQdPzjE1LdxyFF7YFTXg5IgGVW4gBr5IbvE=
-github.com/go-bindata/go-bindata v3.1.2+incompatible/go.mod h1:xK8Dsgwmeed+BBsSy2XTopBn/8uK2HWuGSnA11C3Joo=
 github.com/go-errors/errors v1.0.1 h1:LUHzmkK3GUKUrL/1gfBUxAHzcev3apQlezX/+O7ma6w=
 github.com/go-errors/errors v1.0.1/go.mod h1:f4zRHt4oKfwPJE5k8C9vpYG+aDHdBFUsgrm6/TyX73Q=
 github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU=
@@ -571,12 +400,12 @@ github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2
 github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
 github.com/go-kit/kit v0.10.0/go.mod h1:xUsJbQ/Fp4kEt7AFgCuvyX4a71u8h9jB8tj/ORgOZ7o=
 github.com/go-kit/log v0.1.0/go.mod h1:zbhenjAZHb184qTLMA9ZjW7ThYL0H2mk7Q6pNt4vbaY=
+github.com/go-kit/log v0.2.0/go.mod h1:NwTd00d/i8cPZ3xOwwiv2PO5MOcx78fFErGNcVmBjv0=
 github.com/go-ldap/ldap v3.0.2+incompatible/go.mod h1:qfd9rJvER9Q0/D/Sqn1DfHRoBp40uXYvFoEVrNEPqRc=
 github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE=
 github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk=
 github.com/go-logfmt/logfmt v0.5.0/go.mod h1:wCYkCAKZfumFQihp8CzCvQ3paCTfi41vtzG1KdI/P7A=
-github.com/go-logr/logr v0.1.0/go.mod h1:ixOQHD9gLJUVQQ2ZOR7zLEifBX6tGkNJF4QyIY7sIas=
-github.com/go-logr/logr v0.2.0/go.mod h1:z6/tIYblkpsD+a4lm/fGIIU9mZ+XfAiaFtq7xTgseGU=
+github.com/go-logfmt/logfmt v0.5.1/go.mod h1:WYhtIu8zTZfxdn5+rREduYbwxfcBr/Vr6KEVveWlfTs=
 github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
 github.com/go-logr/logr v1.2.3 h1:2DntVwHkVopvECVRSlL5PSo9eG+cAkDCuckLubN+rq0=
 github.com/go-logr/logr v1.2.3/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
@@ -592,21 +421,17 @@ github.com/go-openapi/errors v0.20.3 h1:rz6kiC84sqNQoqrtulzaL/VERgkoCyB6WdEkc2uj
 github.com/go-openapi/errors v0.20.3/go.mod h1:Z3FlZ4I8jEGxjUK+bugx3on2mIAk4txuAOhlsB1FSgk=
 github.com/go-openapi/inflect v0.19.0 h1:9jCH9scKIbHeV9m12SmPilScz6krDxKRasNNSNPXu/4=
 github.com/go-openapi/inflect v0.19.0/go.mod h1:lHpZVlpIQqLyKwJ4N+YSc9hchQy/i12fJykb83CRBH4=
-github.com/go-openapi/jsonpointer v0.19.2/go.mod h1:3akKfEdA7DF1sugOqz1dVQHBcuDBPKZGEoHC/NkiQRg=
 github.com/go-openapi/jsonpointer v0.19.3/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg=
 github.com/go-openapi/jsonpointer v0.19.5 h1:gZr+CIYByUqjcgeLXnQu2gHYQC9o73G2XUeOFYEICuY=
 github.com/go-openapi/jsonpointer v0.19.5/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg=
-github.com/go-openapi/jsonreference v0.19.2/go.mod h1:jMjeRr2HHw6nAVajTXJ4eiUwohSTlpa0o73RUL1owJc=
-github.com/go-openapi/jsonreference v0.19.3/go.mod h1:rjx6GuL8TTa9VaixXglHmQmIL98+wF9xc8zWvFonSJ8=
 github.com/go-openapi/jsonreference v0.19.6/go.mod h1:diGHMEHg2IqXZGKxqyvWdfWU/aim5Dprw5bqpKkTvns=
 github.com/go-openapi/jsonreference v0.20.0 h1:MYlu0sBgChmCfJxxUKZ8g1cPWFOB37YSZqewK7OKeyA=
 github.com/go-openapi/jsonreference v0.20.0/go.mod h1:Ag74Ico3lPc+zR+qjn4XBUmXymS4zJbYVCZmcgkasdo=
 github.com/go-openapi/loads v0.21.1/go.mod h1:/DtAMXXneXFjbQMGEtbamCZb+4x7eGwkvZCvBmwUG+g=
 github.com/go-openapi/loads v0.21.2 h1:r2a/xFIYeZ4Qd2TnGpWDIQNcP80dIaZgf704za8enro=
 github.com/go-openapi/loads v0.21.2/go.mod h1:Jq58Os6SSGz0rzh62ptiu8Z31I+OTHqmULx5e/gJbNw=
-github.com/go-openapi/runtime v0.24.1 h1:Sml5cgQKGYQHF+M7yYSHaH1eOjvTykrddTE/KtQVjqo=
-github.com/go-openapi/runtime v0.24.1/go.mod h1:AKurw9fNre+h3ELZfk6ILsfvPN+bvvlaU/M9q/r9hpk=
-github.com/go-openapi/spec v0.19.3/go.mod h1:FpwSN1ksY1eteniUU7X0N/BgJ7a4WvBFVA8Lj9mJglo=
+github.com/go-openapi/runtime v0.24.2 h1:yX9HMGQbz32M87ECaAhGpJjBmErO3QLcgdZj9BzGx7c=
+github.com/go-openapi/runtime v0.24.2/go.mod h1:AKurw9fNre+h3ELZfk6ILsfvPN+bvvlaU/M9q/r9hpk=
 github.com/go-openapi/spec v0.20.4/go.mod h1:faYFR1CvsJZ0mNsmsphTMSoRrNV3TEDoAM7FOEWeq8I=
 github.com/go-openapi/spec v0.20.6/go.mod h1:2OpW+JddWPrpXSCIX8eOx7lZ5iyuWj3RYR6VaaBKcWA=
 github.com/go-openapi/spec v0.20.7 h1:1Rlu/ZrOCCob0n+JKKJAWhNWMPW8bOZRg8FJaY+0SKI=
@@ -616,7 +441,6 @@ github.com/go-openapi/strfmt v0.21.1/go.mod h1:I/XVKeLc5+MM5oPNN7P6urMOpuLXEcNrC
 github.com/go-openapi/strfmt v0.21.2/go.mod h1:I/XVKeLc5+MM5oPNN7P6urMOpuLXEcNrCX/rPGuWb0k=
 github.com/go-openapi/strfmt v0.21.3 h1:xwhj5X6CjXEZZHMWy1zKJxvW9AfHC9pkyUjLvHtKG7o=
 github.com/go-openapi/strfmt v0.21.3/go.mod h1:k+RzNO0Da+k3FrrynSNN8F7n/peCmQQqbbXjtDfvmGg=
-github.com/go-openapi/swag v0.19.2/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh66Z9tfKk=
 github.com/go-openapi/swag v0.19.5/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh66Z9tfKk=
 github.com/go-openapi/swag v0.19.15/go.mod h1:QYRuS/SOXUCsnplDa677K7+DxSOj6IPNl/eQntq43wQ=
 github.com/go-openapi/swag v0.21.1/go.mod h1:QYRuS/SOXUCsnplDa677K7+DxSOj6IPNl/eQntq43wQ=
@@ -645,82 +469,75 @@ github.com/go-stack/stack v1.8.1/go.mod h1:dcoOX6HbPZSZptuspn9bctJ+N/CnF5gGygcUP
 github.com/go-swagger/go-swagger v0.30.3 h1:HuzvdMRed/9Q8vmzVcfNBQByZVtT79DNZxZ18OprdoI=
 github.com/go-swagger/go-swagger v0.30.3/go.mod h1:neDPes8r8PCz2JPvHRDj8BTULLh4VJUt7n6MpQqxhHM=
 github.com/go-swagger/scan-repo-boundary v0.0.0-20180623220736-973b3573c013 h1:l9rI6sNaZgNC0LnF3MiE+qTmyBA/tZAg1rtyrGbUMK0=
-github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0/go.mod h1:fyg7847qk6SyHyPtNmDHnmrv/HOrqktSC+C9fM+CJOE=
 github.com/go-test/deep v1.0.2-0.20181118220953-042da051cf31/go.mod h1:wGDj63lr65AM2AQyKZd/NYHGb0R+1RLqB8NKt3aSFNA=
 github.com/go-test/deep v1.0.4 h1:u2CU3YKy9I2pmu9pX0eq50wCgjfGIt539SqR7FbHiho=
 github.com/go-test/deep v1.0.4/go.mod h1:wGDj63lr65AM2AQyKZd/NYHGb0R+1RLqB8NKt3aSFNA=
 github.com/gobuffalo/attrs v0.0.0-20190224210810-a9411de4debd/go.mod h1:4duuawTqi2wkkpB4ePgWMaai6/Kc6WEz83bhFwpHzj0=
-github.com/gobuffalo/attrs v1.0.2/go.mod h1:tJ7wJj6XbMNhYwJ8fl2PFDpDcUfsG1spWdUJISvPAZQ=
+github.com/gobuffalo/attrs v1.0.3/go.mod h1:KvDJCE0avbufqS0Bw3UV7RQynESY0jjod+572ctX4t8=
 github.com/gobuffalo/depgen v0.0.0-20190329151759-d478694a28d3/go.mod h1:3STtPUQYuzV0gBVOY3vy6CfMm/ljR4pABfrTeHNLHUY=
 github.com/gobuffalo/depgen v0.1.0/go.mod h1:+ifsuy7fhi15RWncXQQKjWS9JPkdah5sZvtHc2RXGlg=
 github.com/gobuffalo/envy v1.6.15/go.mod h1:n7DRkBerg/aorDM8kbduw5dN3oXGswK5liaSCx4T5NI=
 github.com/gobuffalo/envy v1.7.0/go.mod h1:n7DRkBerg/aorDM8kbduw5dN3oXGswK5liaSCx4T5NI=
-github.com/gobuffalo/envy v1.10.1 h1:ppDLoXv2feQ5nus4IcgtyMdHQkKng2lhJCIm33cblM0=
-github.com/gobuffalo/envy v1.10.1/go.mod h1:AWx4++KnNOW3JOeEvhSaq+mvgAvnMYOY1XSIin4Mago=
-github.com/gobuffalo/fizz v1.14.2 h1:t02ZX47tLq5P9NzxbsNkpvXqqBXsYDk02O2xhw5C2Po=
-github.com/gobuffalo/fizz v1.14.2/go.mod h1:pZp2NZYEiPRoylV3lKIz0XZOOupizz+SnKq9wb1idxE=
+github.com/gobuffalo/envy v1.10.2 h1:EIi03p9c3yeuRCFPOKcSfajzkLb3hrRjEpHGI8I2Wo4=
+github.com/gobuffalo/envy v1.10.2/go.mod h1:qGAGwdvDsaEtPhfBzb3o0SfDea8ByGn9j8bKmVft9z8=
+github.com/gobuffalo/fizz v1.14.4 h1:8uume7joF6niTNWN582IQ2jhGTUoa9g1fiV/tIoGdBs=
+github.com/gobuffalo/fizz v1.14.4/go.mod h1:9/2fGNXNeIFOXEEgTPJwiK63e44RjG+Nc4hfMm1ArGM=
 github.com/gobuffalo/flect v0.1.0/go.mod h1:d2ehjJqGOH/Kjqcoz+F7jHTBbmDb38yXA598Hb50EGs=
 github.com/gobuffalo/flect v0.1.1/go.mod h1:8JCgGVbRjJhVgD6399mQr4fx5rRfGKVzFjbj6RE/9UI=
 github.com/gobuffalo/flect v0.1.3/go.mod h1:8JCgGVbRjJhVgD6399mQr4fx5rRfGKVzFjbj6RE/9UI=
-github.com/gobuffalo/flect v0.2.5 h1:H6vvsv2an0lalEaCDRThvtBfmg44W/QHXBCYUXf/6S4=
-github.com/gobuffalo/flect v0.2.5/go.mod h1:1ZyCLIbg0YD7sDkzvFdPoOydPtD8y9JQnrOROolUcM8=
+github.com/gobuffalo/flect v0.3.0 h1:erfPWM+K1rFNIQeRPdeEXxo8yFr/PO17lhRnS8FUrtk=
+github.com/gobuffalo/flect v0.3.0/go.mod h1:5pf3aGnsvqvCj50AVni7mJJF8ICxGZ8HomberC3pXLE=
 github.com/gobuffalo/genny v0.0.0-20190329151137-27723ad26ef9/go.mod h1:rWs4Z12d1Zbf19rlsn0nurr75KqhYp52EAGGxTbBhNk=
 github.com/gobuffalo/genny v0.0.0-20190403191548-3ca520ef0d9e/go.mod h1:80lIj3kVJWwOrXWWMRzzdhW3DsrdjILVil/SFKBzF28=
 github.com/gobuffalo/genny v0.1.0/go.mod h1:XidbUqzak3lHdS//TPu2OgiFB+51Ur5f7CSnXZ/JDvo=
 github.com/gobuffalo/genny v0.1.1/go.mod h1:5TExbEyY48pfunL4QSXxlDOmdsD44RRq4mVZ0Ex28Xk=
-github.com/gobuffalo/genny/v2 v2.0.12/go.mod h1:KtMtTcR/U2kHbQxhjCVA16ph6rjBnhw39f6aaxl4hMk=
+github.com/gobuffalo/genny/v2 v2.1.0/go.mod h1:4yoTNk4bYuP3BMM6uQKYPvtP6WsXFGm2w2EFYZdRls8=
 github.com/gobuffalo/gitgen v0.0.0-20190315122116-cc086187d211/go.mod h1:vEHJk/E9DmhejeLeNt7UVvlSGv3ziL+djtTr3yyzcOw=
-github.com/gobuffalo/github_flavored_markdown v1.1.1 h1:kUf8ginyBOTRXcKSTPsPAqlA25vQ80+xAspLIYaxmTU=
-github.com/gobuffalo/github_flavored_markdown v1.1.1/go.mod h1:yU32Pen+eorS58oxh/bNZx76zUOCJwmvyV5FBrvzOKQ=
+github.com/gobuffalo/github_flavored_markdown v1.1.3 h1:rSMPtx9ePkFB22vJ+dH+m/EUBS8doQ3S8LeEXcdwZHk=
+github.com/gobuffalo/github_flavored_markdown v1.1.3/go.mod h1:IzgO5xS6hqkDmUh91BW/+Qxo/qYnvfzoz3A7uLkg77I=
 github.com/gobuffalo/gogen v0.0.0-20190315121717-8f38393713f5/go.mod h1:V9QVDIxsgKNZs6L2IYiGR8datgMhB577vzTDqypH360=
 github.com/gobuffalo/gogen v0.1.0/go.mod h1:8NTelM5qd8RZ15VjQTFkAW6qOMx5wBbW4dSCS3BY8gg=
 github.com/gobuffalo/gogen v0.1.1/go.mod h1:y8iBtmHmGc4qa3urIyo1shvOD8JftTtfcKi+71xfDNE=
-github.com/gobuffalo/helpers v0.6.5 h1:Quf1KAUae97sdDmm/QP5V9P/0XYpK+HrhnYXU+nf65M=
-github.com/gobuffalo/helpers v0.6.5/go.mod h1:LA4zcc89tkZsfKpJIWsXLibiqTgZQ4EvDszfxdqr9ZA=
-github.com/gobuffalo/here v0.6.0 h1:hYrd0a6gDmWxBM4TnrGw8mQg24iSVoIkHEk7FodQcBI=
-github.com/gobuffalo/httptest v1.0.2 h1:LWp2khlgA697h4BIYWW2aRxvB93jMnBrbakQ/r2KLzs=
-github.com/gobuffalo/httptest v1.0.2/go.mod h1:7T1IbSrg60ankme0aDLVnEY0h056g9M1/ZvpVThtB7E=
+github.com/gobuffalo/helpers v0.6.7 h1:C9CedoRSfgWg2ZoIkVXgjI5kgmSpL34Z3qdnzpfNVd8=
+github.com/gobuffalo/helpers v0.6.7/go.mod h1:j0u1iC1VqlCaJEEVkZN8Ia3TEzfj/zoXANqyJExTMTA=
+github.com/gobuffalo/here v0.6.7 h1:hpfhh+kt2y9JLDfhYUxxCRxQol540jsVfKUZzjlbp8o=
+github.com/gobuffalo/httptest v1.5.2 h1:GpGy520SfY1QEmyPvaqmznTpG4gEQqQ82HtHqyNEreM=
+github.com/gobuffalo/httptest v1.5.2/go.mod h1:FA23yjsWLGj92mVV74Qtc8eqluc11VqcWr8/C1vxt4g=
 github.com/gobuffalo/logger v0.0.0-20190315122211-86e12af44bc2/go.mod h1:QdxcLw541hSGtBnhUc4gaNIXRjiDppFGaDqzbrBd3v8=
-github.com/gobuffalo/logger v1.0.6/go.mod h1:J31TBEHR1QLV2683OXTAItYIg8pv2JMHnF/quuAbMjs=
+github.com/gobuffalo/logger v1.0.7/go.mod h1:u40u6Bq3VVvaMcy5sRBclD8SXhBYPS0Qk95ubt+1xJM=
 github.com/gobuffalo/mapi v1.0.1/go.mod h1:4VAGh89y6rVOvm5A8fKFxYG+wIW6LO1FMTG9hnKStFc=
 github.com/gobuffalo/mapi v1.0.2/go.mod h1:4VAGh89y6rVOvm5A8fKFxYG+wIW6LO1FMTG9hnKStFc=
-github.com/gobuffalo/nulls v0.4.1 h1:k7QVCJfMplv9VRQQLb4N1d8tXUdGvcdMNfp4BfMnG2M=
-github.com/gobuffalo/nulls v0.4.1/go.mod h1:pp8e1hWTRJZFpMl4fj/CVbSMlaxjeGKkFq4RuBZi3w8=
+github.com/gobuffalo/nulls v0.4.2 h1:GAqBR29R3oPY+WCC7JL9KKk9erchaNuV6unsOSZGQkw=
+github.com/gobuffalo/nulls v0.4.2/go.mod h1:EElw2zmBYafU2R9W4Ii1ByIj177wA/pc0JdjtD0EsH8=
 github.com/gobuffalo/packd v0.0.0-20190315124812-a385830c7fc0/go.mod h1:M2Juc+hhDXf/PnmBANFCqx4DM3wRbgDvnVWeG2RIxq4=
 github.com/gobuffalo/packd v0.1.0/go.mod h1:M2Juc+hhDXf/PnmBANFCqx4DM3wRbgDvnVWeG2RIxq4=
-github.com/gobuffalo/packd v1.0.1/go.mod h1:PP2POP3p3RXGz7Jh6eYEf93S7vA2za6xM7QT85L4+VY=
+github.com/gobuffalo/packd v1.0.2/go.mod h1:sUc61tDqGMXON80zpKGp92lDb86Km28jfvX7IAyxFT8=
 github.com/gobuffalo/packr/v2 v2.0.9/go.mod h1:emmyGweYTm6Kdper+iywB6YK5YzuKchGtJQZ0Odn4pQ=
 github.com/gobuffalo/packr/v2 v2.2.0/go.mod h1:CaAwI0GPIAv+5wKLtv8Afwl+Cm78K/I/VCm/3ptBN+0=
-github.com/gobuffalo/plush/v4 v4.1.13 h1:tru7S39kYaefzM+dk+W1bib65ZVkS1nV+6ARB7yPWn0=
-github.com/gobuffalo/plush/v4 v4.1.13/go.mod h1:s3hUyj/JlwEiJ039OBJevojq9xT40D1pgekw0o88CVU=
-github.com/gobuffalo/pop/v6 v6.0.6 h1:M/CJ9RLibCTN0OtsgASmVtKqyEXJAreF8oamZrHscc4=
-github.com/gobuffalo/pop/v6 v6.0.6/go.mod h1:toTxNJnsSuSlyK6w0yGb4YXSNIHsi2chQYC2CjBF9Ac=
+github.com/gobuffalo/plush/v4 v4.1.16 h1:Y6jVVTLdg1BxRXDIbTJz+J8QRzEAtv5ZwYpGdIFR7VU=
+github.com/gobuffalo/plush/v4 v4.1.16/go.mod h1:6t7swVsarJ8qSLw1qyAH/KbrcSTwdun2ASEQkOznakg=
+github.com/gobuffalo/pop/v6 v6.0.8 h1:9+5ShHYh3x9NDFCITfm/gtKDDRSgOwiY7kA0Hf7N9aQ=
+github.com/gobuffalo/pop/v6 v6.0.8/go.mod h1:f4JQ4Zvkffcevz+t+XAwBLStD7IQs19DiIGIDFYw1eA=
 github.com/gobuffalo/syncx v0.0.0-20190224160051-33c29581e754/go.mod h1:HhnNqWY95UYwwW3uSASeV7vtgYkT2t16hJgV3AEPUpw=
-github.com/gobuffalo/tags/v3 v3.1.3 h1:yhq9gudiEngYtPzH1KtMUknxffQBqwNfkHKP6i4l4NE=
-github.com/gobuffalo/tags/v3 v3.1.3/go.mod h1:WAAjKdskZUmdi6EkNjP2SXBwBwRovHsjJsPJbBiPlKc=
-github.com/gobuffalo/validate/v3 v3.3.2 h1:GZdJlDy6zDRXF5BnEiY+pGvGDFx95atMIWd3N3MMseE=
-github.com/gobuffalo/validate/v3 v3.3.2/go.mod h1:jiEEw+N7KbAP2aInFxGnfitI0g7HjXqcp5hDD6TaQDU=
-github.com/goccy/go-yaml v1.9.5 h1:Eh/+3uk9kLxG4koCX6lRMAPS1OaMSAi+FJcya0INdB0=
-github.com/goccy/go-yaml v1.9.5/go.mod h1:U/jl18uSupI5rdI2jmuCswEA2htH9eXfferR3KfscvA=
-github.com/godbus/dbus v0.0.0-20151105175453-c7fdd8b5cd55/go.mod h1:/YcGZj5zSblfDWMMoOzV4fas9FZnQYTkDnsGvmh2Grw=
-github.com/godbus/dbus v0.0.0-20180201030542-885f9cc04c9c/go.mod h1:/YcGZj5zSblfDWMMoOzV4fas9FZnQYTkDnsGvmh2Grw=
-github.com/godbus/dbus v0.0.0-20190422162347-ade71ed3457e/go.mod h1:bBOAhwG1umN6/6ZUMtDFBMQR8jRg9O75tm9K00oMsK4=
+github.com/gobuffalo/tags/v3 v3.1.4 h1:X/ydLLPhgXV4h04Hp2xlbI2oc5MDaa7eub6zw8oHjsM=
+github.com/gobuffalo/tags/v3 v3.1.4/go.mod h1:ArRNo3ErlHO8BtdA0REaZxijuWnWzF6PUXngmMXd2I0=
+github.com/gobuffalo/validate/v3 v3.3.3 h1:o7wkIGSvZBYBd6ChQoLxkz2y1pfmhbI4jNJYh6PuNJ4=
+github.com/gobuffalo/validate/v3 v3.3.3/go.mod h1:YC7FsbJ/9hW/VjQdmXPvFqvRis4vrRYFxr69WiNZw6g=
+github.com/goccy/go-yaml v1.9.6 h1:KhAu1zf9JXnm3vbG49aDE0E5uEBUsM4uwD31/58ZWyI=
+github.com/goccy/go-yaml v1.9.6/go.mod h1:JubOolP3gh0HpiBc4BLRD4YmjEjHAmIIB2aaXKkTfoE=
 github.com/godbus/dbus/v5 v5.0.3/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
 github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
 github.com/godbus/dbus/v5 v5.0.6/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
 github.com/gofrs/flock v0.8.1 h1:+gYjHKf32LDeiEEFhQaotPbLuUXjY5ZqxKgXy7n59aw=
 github.com/gofrs/flock v0.8.1/go.mod h1:F1TvTiK9OcQqauNUHlbJvyl9Qa1QvF/gOUDKA14jxHU=
 github.com/gofrs/uuid v4.0.0+incompatible/go.mod h1:b2aQJv3Z4Fp6yNu3cdSllBxTCLRxnplIgP/c0N/04lM=
-github.com/gofrs/uuid v4.1.0+incompatible/go.mod h1:b2aQJv3Z4Fp6yNu3cdSllBxTCLRxnplIgP/c0N/04lM=
-github.com/gofrs/uuid v4.2.0+incompatible h1:yyYWMnhkhrKwwr8gAOcOCYxOOscHgDS9yZgBrnJfGa0=
 github.com/gofrs/uuid v4.2.0+incompatible/go.mod h1:b2aQJv3Z4Fp6yNu3cdSllBxTCLRxnplIgP/c0N/04lM=
+github.com/gofrs/uuid v4.3.0+incompatible h1:CaSVZxm5B+7o45rtab4jC2G37WGYX1zQfuU2i6DSvnc=
+github.com/gofrs/uuid v4.3.0+incompatible/go.mod h1:b2aQJv3Z4Fp6yNu3cdSllBxTCLRxnplIgP/c0N/04lM=
 github.com/gogo/googleapis v1.1.0/go.mod h1:gf4bu3Q80BeJ6H1S1vYPm8/ELATdvryBaNFGgqEef3s=
-github.com/gogo/googleapis v1.2.0/go.mod h1:Njal3psf3qN6dwBtQfUmBZh2ybovJ0tlu3o/AC7HYjU=
-github.com/gogo/googleapis v1.4.0/go.mod h1:5YRNX2z1oM5gXdAkurHa942MDgEJyk02w4OecKY87+c=
 github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ=
 github.com/gogo/protobuf v1.2.0/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ=
 github.com/gogo/protobuf v1.2.1/go.mod h1:hp+jE20tsWTFYpLwKvXlhS1hjn+gTNwPg2I6zVXpSg4=
-github.com/gogo/protobuf v1.2.2-0.20190723190241-65acae22fc9d/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXPKa29o=
 github.com/gogo/protobuf v1.3.0/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXPKa29o=
 github.com/gogo/protobuf v1.3.1/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXPKa29o=
 github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q=
@@ -771,7 +588,6 @@ github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiu
 github.com/golang/snappy v0.0.0-20180518054509-2e65f85255db/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
 github.com/golang/snappy v0.0.1/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
 github.com/golang/snappy v0.0.3/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
-github.com/golang/snappy v0.0.4/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
 github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
 github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
 github.com/google/btree v1.0.1 h1:gK4Kx5IaGY9CD5sPJ36FHiBJ6ZXl0kilRiiCj+jdYp4=
@@ -793,22 +609,21 @@ github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/
 github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.7/go.mod h1:n+brtR0CgQNWTVd5ZUFpTBC8YFBDLK/h/bpaJ8/DtOE=
-github.com/google/go-cmp v0.5.8 h1:e6P7q2lk1O+qJJb4BtCQXlK8vWEO8V1ZeuEdJNOqZyg=
 github.com/google/go-cmp v0.5.8/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
+github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38=
 github.com/google/go-github/v27 v27.0.1 h1:sSMFSShNn4VnqCqs+qhab6TS3uQc+uVR6TD1bW6MavM=
 github.com/google/go-github/v27 v27.0.1/go.mod h1:/0Gr8pJ55COkmv+S/yPKCczSkUPIM/LnFyubufRNIS0=
 github.com/google/go-github/v28 v28.1.1/go.mod h1:bsqJWQX05omyWVmc00nEUql9mhQyv38lDZ8kPZcQVoM=
 github.com/google/go-github/v38 v38.1.0 h1:C6h1FkaITcBFK7gAmq4eFzt6gbhEhk7L5z6R3Uva+po=
 github.com/google/go-github/v38 v38.1.0/go.mod h1:cStvrz/7nFr0FoENgG6GLbp53WaelXucT+BBz/3VKx4=
-github.com/google/go-jsonnet v0.18.0 h1:/6pTy6g+Jh1a1I2UMoAODkqELFiVIdOxbNwv0DDzoOg=
-github.com/google/go-jsonnet v0.18.0/go.mod h1:C3fTzyVJDslXdiTqw/bTFk7vSGyCtH3MGRbDfvEwGd0=
+github.com/google/go-jsonnet v0.19.0 h1:G7uJZhi8t1eg5NZ+PZJ3bU0GZ4suYGGy79BCtEswlbM=
+github.com/google/go-jsonnet v0.19.0/go.mod h1:5JVT33JVCoehdTj5Z2KJq1eIdt3Nb8PCmZ+W5D8U350=
 github.com/google/go-licenses v0.0.0-20210329231322-ce1d9163b77d/go.mod h1:+TYOmkVoJOpwnS0wfdsJCV9CoD5nJYsHoFk/0CrTK4M=
 github.com/google/go-querystring v1.0.0 h1:Xkwi/a1rcvNg1PPYe5vI8GbeBY/jrVuDX5ASuANWTrk=
 github.com/google/go-querystring v1.0.0/go.mod h1:odCYkC5MyYFN7vkCjXpyrEuKhc/BUO6wN/zVPAxq5ck=
 github.com/google/go-replayers/grpcreplay v0.1.0/go.mod h1:8Ig2Idjpr6gifRd6pNVggX6TC1Zw6Jx74AKp7QNH2QE=
 github.com/google/go-replayers/httpreplay v0.1.0/go.mod h1:YKZViNhiGgqdBlUbI2MwGpq4pXxNmhJLPHQ7cv2b5no=
 github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
-github.com/google/gofuzz v1.1.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
 github.com/google/licenseclassifier v0.0.0-20210325184830-bb04aff29e72/go.mod h1:qsqn2hxC+vURpyBRygGUuinTO42MFRLcsmQ/P8v94+M=
 github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs=
 github.com/google/martian v2.1.1-0.20190517191504-25dcb96d9e51+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs=
@@ -830,6 +645,9 @@ github.com/google/pprof v0.0.0-20210226084205-cbba55b83ad5/go.mod h1:kpwsk12EmLe
 github.com/google/pprof v0.0.0-20210601050228-01bbb1931b22/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
 github.com/google/pprof v0.0.0-20210609004039-a478d1d731e9/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
 github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
+github.com/google/pprof v0.0.0-20211214055906-6f57359322fd/go.mod h1:KgnwoLYCZ8IQu3XUZ8Nc/bM9CCZFOyjUNOSygVozoDg=
+github.com/google/pprof v0.0.0-20221010195024-131d412537ea h1:R3VfsTXMMK4JCWZDdxScmnTzu9n9YRsDvguLis0U/b8=
+github.com/google/pprof v0.0.0-20221010195024-131d412537ea/go.mod h1:dDKJzRmX4S37WGHujM7tX//fmj1uioxKzKxz3lo4HJo=
 github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI=
 github.com/google/rpmpack v0.0.0-20191226140753-aa36bfddb3a0/go.mod h1:RaTPr0KUf2K7fnZYLNDrr8rxAamWs3iNywJLtQ2AzBg=
 github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 h1:El6M4kTTCOh6aBiKaUGG7oYTSPP8MxqL4YI3kZKwcP4=
@@ -854,7 +672,6 @@ github.com/googleapis/gax-go/v2 v2.1.1/go.mod h1:hddJymUZASv3XPyGkUpKj8pPO47Rmb0
 github.com/googleapis/gax-go/v2 v2.2.0/go.mod h1:as02EH8zWkzwUoLbBaFeQ+arQaj/OthfcblKl4IGNaM=
 github.com/googleapis/gax-go/v2 v2.3.0/go.mod h1:b8LNqSzNabLiUpXKkY7HAR5jr6bIT99EXz9pXxye9YM=
 github.com/googleapis/gax-go/v2 v2.4.0/go.mod h1:XOTVJ59hdnfJLIP/dh8n5CGryZR2LxK9wbMD5+iXC6c=
-github.com/googleapis/gnostic v0.4.1/go.mod h1:LRhVm6pbyptWbWbuZ38d1eyptfvIytN3ir6b65WBswg=
 github.com/googleapis/go-type-adapters v1.0.0/go.mod h1:zHW75FOG2aur7gAO2B+MLby+cLsWGBF62rFAi7WjWO4=
 github.com/googleapis/google-cloud-go-testing v0.0.0-20200911160855-bcd43fbb19e8/go.mod h1:dvDLG8qkwmyD9a/MJJN3XJcT3xFxOKAvTZGvuZmac9g=
 github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY=
@@ -864,14 +681,10 @@ github.com/goreleaser/nfpm v1.2.1/go.mod h1:TtWrABZozuLOttX2uDlYyECfQX7x5XYkVxhj
 github.com/gorilla/context v1.1.1/go.mod h1:kBGZzfjB9CEq2AlWe17Uuf7NDRt0dE0s8S51q0aT7Yg=
 github.com/gorilla/css v1.0.0 h1:BQqNyPTi50JCFMTw/b67hByjMVXZRwGha6wxVGkeihY=
 github.com/gorilla/css v1.0.0/go.mod h1:Dn721qIggHpt4+EFCcTLTU/vk5ySda2ReITrtgBl60c=
-github.com/gorilla/handlers v0.0.0-20150720190736-60c7bfde3e33/go.mod h1:Qkdc/uu4tH4g6mTK6auzZ766c4CA0Ng8+o/OAirnOIQ=
 github.com/gorilla/handlers v1.5.1 h1:9lRY6j8DEeeBT10CvO9hGW0gmky0BprnvDI5vfhUHH4=
 github.com/gorilla/handlers v1.5.1/go.mod h1:t8XrUpc4KVXb7HGyJ4/cEnwQiaxrX/hz1Zv/4g96P1Q=
 github.com/gorilla/mux v1.6.2/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs=
-github.com/gorilla/mux v1.7.2/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs=
 github.com/gorilla/mux v1.7.3/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs=
-github.com/gorilla/mux v1.8.0 h1:i40aqfkR1h2SlN9hojwV5ZA91wcXFOvkdNIeFDP5koI=
-github.com/gorilla/mux v1.8.0/go.mod h1:DVbg23sWSpFRCP0SfiEN6jmj59UnW/n46BH5rLB71So=
 github.com/gorilla/securecookie v1.1.1 h1:miw7JPhV+b/lAHSXz4qd/nN9jRiAFV5FwjeKyCS8BvQ=
 github.com/gorilla/securecookie v1.1.1/go.mod h1:ra0sb63/xPlUeL+yeDciTfxMRAA+MP+HVt/4epWDjd4=
 github.com/gorilla/websocket v0.0.0-20170926233335-4201258b820c/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ=
@@ -879,7 +692,6 @@ github.com/gorilla/websocket v1.4.0/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoA
 github.com/gorilla/websocket v1.4.2/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
 github.com/gorilla/websocket v1.5.0 h1:PPwGk2jz7EePpoHN/+ClbZu8SPxiqlu12wZP/3sWmnc=
 github.com/gorilla/websocket v1.5.0/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
-github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7/go.mod h1:FecbI9+v66THATjSRHfNgh1IVFe/9kFxbXtjV0ctIMA=
 github.com/grpc-ecosystem/go-grpc-middleware v1.0.0/go.mod h1:FiyG127CGDf3tlThmgyCl78X/SZQqEOJBCDaAfeWzPs=
 github.com/grpc-ecosystem/go-grpc-middleware v1.0.1-0.20190118093823-f849b5445de4/go.mod h1:FiyG127CGDf3tlThmgyCl78X/SZQqEOJBCDaAfeWzPs=
 github.com/grpc-ecosystem/go-grpc-middleware v1.2.2/go.mod h1:EaizFBKfUKtMIF5iaDEhniwNedqGo9FuLFzppDr3uwI=
@@ -894,8 +706,9 @@ github.com/grpc-ecosystem/grpc-gateway v1.9.5/go.mod h1:vNeuVxBJEsws4ogUvrchl83t
 github.com/grpc-ecosystem/grpc-gateway v1.14.6/go.mod h1:zdiPV4Yse/1gnckTHtghG4GkDEdKCRJduHpTxT3/jcw=
 github.com/grpc-ecosystem/grpc-gateway v1.16.0 h1:gmcG1KaJ57LophUzW0Hy8NmPhnMZb4M0+kPpLofRdBo=
 github.com/grpc-ecosystem/grpc-gateway v1.16.0/go.mod h1:BDjrQk3hbvj6Nolgz8mAMFbcEtjT1g+wF4CSlocrBnw=
-github.com/grpc-ecosystem/grpc-gateway/v2 v2.7.0 h1:BZHcxBETFHIdVyhyEfOvn/RdU/QGdLI4y34qQGjGWO0=
 github.com/grpc-ecosystem/grpc-gateway/v2 v2.7.0/go.mod h1:hgWBS7lorOAVIJEQMi4ZsPv9hVvWI6+ch50m39Pf2Ks=
+github.com/grpc-ecosystem/grpc-gateway/v2 v2.12.0 h1:kr3j8iIMR4ywO/O0rvksXaJvauGGCMg2zAZIiNZ9uIQ=
+github.com/grpc-ecosystem/grpc-gateway/v2 v2.12.0/go.mod h1:ummNFgdgLhhX7aIiy35vVmQNS0rWXknfPE0qe6fmFXg=
 github.com/gtank/cryptopasta v0.0.0-20170601214702-1f550f6f2f69 h1:7xsUJsB2NrdcttQPa7JLEaGzvdbk7KvfrjgHZXOQRo0=
 github.com/gtank/cryptopasta v0.0.0-20170601214702-1f550f6f2f69/go.mod h1:YLEMZOtU+AZ7dhN9T/IpGhXVGly2bvkJQ+zxj3WeVQo=
 github.com/hashicorp/consul/api v1.1.0/go.mod h1:VmuI/Lkw1nC05EYQWNKwWGbkg+FbDBtguAZLlVdkD9Q=
@@ -906,9 +719,8 @@ github.com/hashicorp/consul/sdk v0.1.1/go.mod h1:VKf9jXwCTEY1QZP2MOLRhb5i/I/ssyN
 github.com/hashicorp/consul/sdk v0.3.0/go.mod h1:VKf9jXwCTEY1QZP2MOLRhb5i/I/ssyNV1vwHyQBF0x8=
 github.com/hashicorp/consul/sdk v0.8.0 h1:OJtKBtEjboEZvG6AOUdh4Z1Zbyu0WcxQ0qatRrZHTVU=
 github.com/hashicorp/consul/sdk v0.8.0/go.mod h1:GBvyrGALthsZObzUGsfgHZQDXjg4lOjagTIwIR1vPms=
-github.com/hashicorp/errwrap v0.0.0-20141028054710-7554cd9344ce/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
-github.com/hashicorp/errwrap v1.0.0 h1:hLrqtEDnRye3+sgx6z4qVLNuviH3MR5aQ0ykNJa/UYA=
 github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
+github.com/hashicorp/errwrap v1.1.0 h1:OxrOeh75EUXMY8TBjag2fzXGZ40LB6IKw45YeGUDY2I=
 github.com/hashicorp/go-cleanhttp v0.5.0/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80=
 github.com/hashicorp/go-cleanhttp v0.5.1/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80=
 github.com/hashicorp/go-cleanhttp v0.5.2 h1:035FKYIWjmULyFRBKPs8TBQoi0x6d9G4xc9neXJWAZQ=
@@ -924,17 +736,16 @@ github.com/hashicorp/go-immutable-radix v1.3.1 h1:DKHmCUm2hRBK510BaiZlwvpD40f8bJ
 github.com/hashicorp/go-immutable-radix v1.3.1/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60=
 github.com/hashicorp/go-msgpack v0.5.3 h1:zKjpN5BK/P5lMYrLmBHdBULWbJ0XpYR+7NGzqkZzoD4=
 github.com/hashicorp/go-msgpack v0.5.3/go.mod h1:ahLV/dePpqEmjfWmKiqvPkv/twdG7iPBM1vqhUKIvfM=
-github.com/hashicorp/go-multierror v0.0.0-20161216184304-ed905158d874/go.mod h1:JMRHfdO9jKNzS/+BTlxCjKNQHg/jZAft8U7LloJvN7I=
 github.com/hashicorp/go-multierror v1.0.0/go.mod h1:dHtQlpGsu+cZNNAkkCN/P3hoUDHhCYQXV3UM06sGGrk=
-github.com/hashicorp/go-multierror v1.1.0 h1:B9UzwGQJehnUY1yNrnwREHc3fGbC2xefo8g4TbElacI=
 github.com/hashicorp/go-multierror v1.1.0/go.mod h1:spPvp8C1qA32ftKqdAHm4hHTbPw+vmowP0z+KUhOZdA=
+github.com/hashicorp/go-multierror v1.1.1 h1:H5DkEtf6CXdFp0N0Em5UCwQpXMWke8IA0+lD48awMYo=
 github.com/hashicorp/go-plugin v1.0.1/go.mod h1:++UyYGoz3o5w9ZzAdZxtQKrWWP+iqPBn3cQptSMzBuY=
 github.com/hashicorp/go-retryablehttp v0.5.3/go.mod h1:9B5zBasrRhHXnJnui7y6sL7es7NDiJgTc6Er0maI1Xs=
 github.com/hashicorp/go-retryablehttp v0.5.4/go.mod h1:9B5zBasrRhHXnJnui7y6sL7es7NDiJgTc6Er0maI1Xs=
 github.com/hashicorp/go-retryablehttp v0.6.4/go.mod h1:vAew36LZh98gCBJNLH42IQ1ER/9wtLZZ8meHqQvEYWY=
 github.com/hashicorp/go-retryablehttp v0.6.8/go.mod h1:vAew36LZh98gCBJNLH42IQ1ER/9wtLZZ8meHqQvEYWY=
-github.com/hashicorp/go-retryablehttp v0.7.0 h1:eu1EI/mbirUgP5C8hVsTNaGZreBDlYiwC1FZWkvQPQ4=
-github.com/hashicorp/go-retryablehttp v0.7.0/go.mod h1:vAew36LZh98gCBJNLH42IQ1ER/9wtLZZ8meHqQvEYWY=
+github.com/hashicorp/go-retryablehttp v0.7.1 h1:sUiuQAnLlbvmExtFQs72iFW/HXeUn8Z1aJLQ4LJJbTQ=
+github.com/hashicorp/go-retryablehttp v0.7.1/go.mod h1:vAew36LZh98gCBJNLH42IQ1ER/9wtLZZ8meHqQvEYWY=
 github.com/hashicorp/go-rootcerts v1.0.0/go.mod h1:K6zTfqpRlCUIjkwsN4Z+hiSfzSTQa6eBIzfwKfwNnHU=
 github.com/hashicorp/go-rootcerts v1.0.1/go.mod h1:pqUvnprVnM5bf7AOirdbb01K4ccR319Vf4pU3K5EGc8=
 github.com/hashicorp/go-rootcerts v1.0.2 h1:jzhAVGtqPKbwpyCPELlgNWhE1znq+qwJtW5Oi2viEzc=
@@ -945,8 +756,7 @@ github.com/hashicorp/go-sockaddr v1.0.2/go.mod h1:rB4wwRAUzs07qva3c5SdrY/NEtAUjG
 github.com/hashicorp/go-syslog v1.0.0/go.mod h1:qPfqrKkXGihmCqbJM2mZgkZGvKG1dFdvsLplgctolz4=
 github.com/hashicorp/go-uuid v1.0.0/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro=
 github.com/hashicorp/go-uuid v1.0.1/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro=
-github.com/hashicorp/go-uuid v1.0.2 h1:cfejS+Tpcp13yd5nYHWDI6qVCny6wyX2Mt5SGur2IGE=
-github.com/hashicorp/go-uuid v1.0.2/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro=
+github.com/hashicorp/go-uuid v1.0.3 h1:2gKiV6YVmrJ1i2CKKa9obLvRieoRGviZFL26PcT/Co8=
 github.com/hashicorp/go-version v1.1.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA=
 github.com/hashicorp/go-version v1.2.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA=
 github.com/hashicorp/go.net v0.0.1/go.mod h1:hjKkEWcCURg++eb33jQU7oqQcI9XDCnUzHA0oac0k90=
@@ -981,22 +791,20 @@ github.com/iancoleman/strcase v0.0.0-20180726023541-3605ed457bf7/go.mod h1:SK73t
 github.com/iancoleman/strcase v0.2.0/go.mod h1:iwCmte+B7n89clKwxIoIXy/HfoL7AsD47ZCWhYzw7ho=
 github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
 github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
+github.com/ianlancetaylor/demangle v0.0.0-20210905161508-09a460cdf81d/go.mod h1:aYm2/VgdVmcIU8iMfdMvDMsRAQjcfZSKFby6HOFvi/w=
 github.com/imdario/mergo v0.3.4/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA=
-github.com/imdario/mergo v0.3.5/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA=
 github.com/imdario/mergo v0.3.8/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA=
 github.com/imdario/mergo v0.3.9/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA=
-github.com/imdario/mergo v0.3.10/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA=
 github.com/imdario/mergo v0.3.11/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA=
-github.com/imdario/mergo v0.3.12 h1:b6R2BslTbIEToALKP7LxUvijTsNI9TAe80pLWN2g/HU=
-github.com/imdario/mergo v0.3.12/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA=
+github.com/imdario/mergo v0.3.13 h1:lFzP57bqS/wsqKssCGmtLAb8A0wKjLGrve2q3PPVcBk=
+github.com/imdario/mergo v0.3.13/go.mod h1:4lJ1jqUDcsbIECGy0RUJAXNIhg+6ocWgb1ALK2O4oXg=
 github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8=
 github.com/inconshreveable/mousetrap v1.0.1 h1:U3uMjPSQEBMNp1lFxmllqCPM6P5u/Xq7Pgzkat/bFNc=
 github.com/inconshreveable/mousetrap v1.0.1/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw=
 github.com/influxdata/influxdb1-client v0.0.0-20191209144304-8bf82d3c094d/go.mod h1:qj24IKcXYK6Iy9ceXlo3Tc+vtHo9lIhSX5JddghvEPo=
-github.com/inhies/go-bytesize v0.0.0-20210819104631-275770b98743 h1:X3Xxno5Ji8idrNiUoFc7QyXpqhSYlDRYQmc7mlpMBzU=
-github.com/inhies/go-bytesize v0.0.0-20210819104631-275770b98743/go.mod h1:KrtyD5PFj++GKkFS/7/RRrfnRhAMGQwy75GLCHWrCNs=
+github.com/inhies/go-bytesize v0.0.0-20220417184213-4913239db9cf h1:FtEj8sfIcaaBfAKrE1Cwb61YDtYq9JxChK1c7AKce7s=
+github.com/inhies/go-bytesize v0.0.0-20220417184213-4913239db9cf/go.mod h1:yrqSXGoD/4EKfF26AOGzscPOgTTJcyAwM2rpixWT+t4=
 github.com/instana/testify v1.6.2-0.20200721153833-94b1851f4d65 h1:T25FL3WEzgmKB0m6XCJNZ65nw09/QIp3T1yXr487D+A=
-github.com/j-keck/arping v0.0.0-20160618110441-2cf9dc699c56/go.mod h1:ymszkNOg6tORTn+6F6j+Jc8TOr5osrynvN6ivFWZ2GA=
 github.com/jackc/chunkreader v1.0.0/go.mod h1:RT6O25fNZIuasFJRyZ4R/Y2BbhasbmZXF9QQ7T3kePo=
 github.com/jackc/chunkreader/v2 v2.0.0/go.mod h1:odVSm741yZoC3dpHEUXIqA9tQRhFrgOHwnPIn9lDKlk=
 github.com/jackc/chunkreader/v2 v2.0.1 h1:i+RDz65UE+mmpjTfyz0MoVTnzeYxroil2G82ki7MGG8=
@@ -1008,8 +816,9 @@ github.com/jackc/pgconn v1.8.0/go.mod h1:1C2Pb36bGIP9QHGBYCjnyhqu7Rv3sGshaQUvmfG
 github.com/jackc/pgconn v1.9.0/go.mod h1:YctiPyvzfU11JFxoXokUOOKQXQmDMoJL9vJzHH8/2JY=
 github.com/jackc/pgconn v1.9.1-0.20210724152538-d89c8390a530/go.mod h1:4z2w8XhRbP1hYxkpTuBjTS3ne3J48K83+u0zoyvg2pI=
 github.com/jackc/pgconn v1.12.0/go.mod h1:ZkhRC59Llhrq3oSfrikvwQ5NaxYExr6twkdkMLaKono=
-github.com/jackc/pgconn v1.12.1 h1:rsDFzIpRk7xT4B8FufgpCCeyjdNpKyghZeSefViE5W8=
 github.com/jackc/pgconn v1.12.1/go.mod h1:ZkhRC59Llhrq3oSfrikvwQ5NaxYExr6twkdkMLaKono=
+github.com/jackc/pgconn v1.13.0 h1:3L1XMNV2Zvca/8BYhzcRFS70Lr0WlDg16Di6SFGAbys=
+github.com/jackc/pgconn v1.13.0/go.mod h1:AnowpAqO4CMIIJNZl2VJp+KrkAZciAkhEl0W0JIobpI=
 github.com/jackc/pgio v1.0.0 h1:g12B9UwVnzGhueNavwioyEEpAmqMe1E/BN9ES+8ovkE=
 github.com/jackc/pgio v1.0.0/go.mod h1:oP+2QK2wFfUWgr+gxjoBH9KGBb31Eio69xUb0w5bYf8=
 github.com/jackc/pgmock v0.0.0-20190831213851-13a1b77aafa2/go.mod h1:fGZlG77KXmcq05nJLRkk0+p82V8B8Dw8KN2/V9c/OAE=
@@ -1025,39 +834,37 @@ github.com/jackc/pgproto3/v2 v2.0.0-rc3/go.mod h1:ryONWYqW6dqSg1Lw6vXNMXoBJhpzvW
 github.com/jackc/pgproto3/v2 v2.0.0-rc3.0.20190831210041-4c03ce451f29/go.mod h1:ryONWYqW6dqSg1Lw6vXNMXoBJhpzvWKnT95C46ckYeM=
 github.com/jackc/pgproto3/v2 v2.0.6/go.mod h1:WfJCnwN3HIg9Ish/j3sgWXnAfK8A9Y0bwXYU5xKaEdA=
 github.com/jackc/pgproto3/v2 v2.1.1/go.mod h1:WfJCnwN3HIg9Ish/j3sgWXnAfK8A9Y0bwXYU5xKaEdA=
-github.com/jackc/pgproto3/v2 v2.3.0 h1:brH0pCGBDkBW07HWlN/oSBXrmo3WB0UvZd1pIuDcL8Y=
 github.com/jackc/pgproto3/v2 v2.3.0/go.mod h1:WfJCnwN3HIg9Ish/j3sgWXnAfK8A9Y0bwXYU5xKaEdA=
+github.com/jackc/pgproto3/v2 v2.3.1 h1:nwj7qwf0S+Q7ISFfBndqeLwSwxs+4DPsbRFjECT1Y4Y=
+github.com/jackc/pgproto3/v2 v2.3.1/go.mod h1:WfJCnwN3HIg9Ish/j3sgWXnAfK8A9Y0bwXYU5xKaEdA=
 github.com/jackc/pgservicefile v0.0.0-20200714003250-2b9c44734f2b h1:C8S2+VttkHFdOOCXJe+YGfa4vHYwlt4Zx+IVXQ97jYg=
 github.com/jackc/pgservicefile v0.0.0-20200714003250-2b9c44734f2b/go.mod h1:vsD4gTJCa9TptPL8sPkXrLZ+hDuNrZCnj29CQpr4X1E=
 github.com/jackc/pgtype v0.0.0-20190421001408-4ed0de4755e0/go.mod h1:hdSHsc1V01CGwFsrv11mJRHWJ6aifDLfdV3aVjFF0zg=
 github.com/jackc/pgtype v0.0.0-20190824184912-ab885b375b90/go.mod h1:KcahbBH1nCMSo2DXpzsoWOAfFkdEtEJpPbVLq8eE+mc=
 github.com/jackc/pgtype v0.0.0-20190828014616-a8802b16cc59/go.mod h1:MWlu30kVJrUS8lot6TQqcg7mtthZ9T0EoIBFiJcmcyw=
 github.com/jackc/pgtype v1.8.1-0.20210724151600-32e20a603178/go.mod h1:C516IlIV9NKqfsMCXTdChteoXmwgUceqaLfjg2e3NlM=
-github.com/jackc/pgtype v1.11.0 h1:u4uiGPz/1hryuXzyaBhSk6dnIyyG2683olG2OV+UUgs=
 github.com/jackc/pgtype v1.11.0/go.mod h1:LUMuVrfsFfdKGLw+AFFVv6KtHOFMwRgDDzBt76IqCA4=
+github.com/jackc/pgtype v1.12.0 h1:Dlq8Qvcch7kiehm8wPGIW0W3KsCCHJnRacKW0UM8n5w=
+github.com/jackc/pgtype v1.12.0/go.mod h1:LUMuVrfsFfdKGLw+AFFVv6KtHOFMwRgDDzBt76IqCA4=
 github.com/jackc/pgx/v4 v4.0.0-20190420224344-cc3461e65d96/go.mod h1:mdxmSJJuR08CZQyj1PVQBHy9XOp5p8/SHH6a0psbY9Y=
 github.com/jackc/pgx/v4 v4.0.0-20190421002000-1b8f0016e912/go.mod h1:no/Y67Jkk/9WuGR0JG/JseM9irFbnEPbuWV2EELPNuM=
 github.com/jackc/pgx/v4 v4.0.0-pre1.0.20190824185557-6972a5742186/go.mod h1:X+GQnOEnf1dqHGpw7JmHqHc1NxDoalibchSk9/RWuDc=
 github.com/jackc/pgx/v4 v4.12.1-0.20210724153913-640aa07df17c/go.mod h1:1QD0+tgSXP7iUjYm9C1NxKhny7lq6ee99u/z+IHFcgs=
 github.com/jackc/pgx/v4 v4.16.0/go.mod h1:N0A9sFdWzkw/Jy1lwoiB64F2+ugFZi987zRxcPez/wI=
-github.com/jackc/pgx/v4 v4.16.1 h1:JzTglcal01DrghUqt+PmzWsZx/Yh7SC/CTQmSBMTd0Y=
 github.com/jackc/pgx/v4 v4.16.1/go.mod h1:SIhx0D5hoADaiXZVyv+3gSm3LCIIINTVO0PficsvWGQ=
+github.com/jackc/pgx/v4 v4.17.2 h1:0Ut0rpeKwvIVbMQ1KbMBU4h6wxehBI535LK6Flheh8E=
+github.com/jackc/pgx/v4 v4.17.2/go.mod h1:lcxIZN44yMIrWI78a5CpucdD14hX0SBDbNRvjDBItsw=
 github.com/jackc/puddle v0.0.0-20190413234325-e4ced69a3a2b/go.mod h1:m4B5Dj62Y0fbyuIc15OsIqK0+JU8nkqQjsgx7dvjSWk=
 github.com/jackc/puddle v0.0.0-20190608224051-11cab39313c9/go.mod h1:m4B5Dj62Y0fbyuIc15OsIqK0+JU8nkqQjsgx7dvjSWk=
 github.com/jackc/puddle v1.1.3/go.mod h1:m4B5Dj62Y0fbyuIc15OsIqK0+JU8nkqQjsgx7dvjSWk=
 github.com/jackc/puddle v1.2.1/go.mod h1:m4B5Dj62Y0fbyuIc15OsIqK0+JU8nkqQjsgx7dvjSWk=
+github.com/jackc/puddle v1.3.0/go.mod h1:m4B5Dj62Y0fbyuIc15OsIqK0+JU8nkqQjsgx7dvjSWk=
 github.com/jandelgado/gcov2lcov v1.0.4/go.mod h1:NnSxK6TMlg1oGDBfGelGbjgorT5/L3cchlbtgFYZSss=
 github.com/jandelgado/gcov2lcov v1.0.5 h1:rkBt40h0CVK4oCb8Dps950gvfd1rYvQ8+cWa346lVU0=
 github.com/jandelgado/gcov2lcov v1.0.5/go.mod h1:NnSxK6TMlg1oGDBfGelGbjgorT5/L3cchlbtgFYZSss=
 github.com/jarcoal/httpmock v1.0.5 h1:cHtVEcTxRSX4J0je7mWPfc9BpDpqzXSJ5HbymZmyHck=
 github.com/jarcoal/httpmock v1.0.5/go.mod h1:ATjnClrvW/3tijVmpL/va5Z3aAyGvqU3gCT8nX0Txik=
 github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99/go.mod h1:1lJo3i6rXxKeerYnT8Nvf0QmHCRC1n8sfWVwXF2Frvo=
-github.com/jcmturner/aescts/v2 v2.0.0/go.mod h1:AiaICIRyfYg35RUkr8yESTqvSy7csK90qZ5xfvvsoNs=
-github.com/jcmturner/dnsutils/v2 v2.0.0/go.mod h1:b0TnjGOvI/n42bZa+hmXL+kFJZsFT7G4t3HTlQ184QM=
-github.com/jcmturner/gofork v1.0.0/go.mod h1:MK8+TM0La+2rjBD4jE12Kj1pCCxK7d2LK/UM3ncEo0o=
-github.com/jcmturner/goidentity/v6 v6.0.1/go.mod h1:X1YW3bgtvwAXju7V3LCIMpY0Gbxyjn/mY9zx4tFonSg=
-github.com/jcmturner/gokrb5/v8 v8.4.2/go.mod h1:sb+Xq/fTY5yktf/VxLsE3wlfPqQjp0aWNYyvBVK62bc=
-github.com/jcmturner/rpc/v2 v2.0.3/go.mod h1:VUJYCIDm3PVOEHw8sgt091/20OJjskO/YJki3ELg/Hc=
 github.com/jessevdk/go-flags v1.4.0/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI=
 github.com/jessevdk/go-flags v1.5.0 h1:1jKYvbxEjfUl0fmqTCOfonvskHHXMjBySTLW4y9LFvc=
 github.com/jessevdk/go-flags v1.5.0/go.mod h1:Fw0T6WPc1dYxT4mKEZRfG5kJhaTDP9pj1c2EWnYs/m4=
@@ -1069,13 +876,11 @@ github.com/jinzhu/copier v0.3.5/go.mod h1:DfbEm0FYsaqBcKcFuvmOZb218JkPGtvSHsKg8S
 github.com/jinzhu/inflection v1.0.0/go.mod h1:h+uFLlag+Qp1Va5pdKtLDYj+kHp5pxUVkryuEj+Srlc=
 github.com/jinzhu/now v1.1.4/go.mod h1:d3SSVoowX0Lcu0IBviAWJpolVfI5UJVZZ7cO71lE/z8=
 github.com/jmespath/go-jmespath v0.0.0-20160202185014-0b12d6b521d8/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k=
-github.com/jmespath/go-jmespath v0.0.0-20160803190731-bd40a432e4c7/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k=
 github.com/jmespath/go-jmespath v0.0.0-20180206201540-c2b33e8439af/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k=
 github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo=
 github.com/jmespath/go-jmespath/internal/testify v1.5.1/go.mod h1:L3OGu8Wl2/fWfCI6z80xFu9LTZmf1ZRjMHUOPmWr69U=
 github.com/jmhodges/clock v0.0.0-20160418191101-880ee4c33548/go.mod h1:hGT6jSUVzF6no3QaDSMLGLEHtHSBSefs+MgcDWnmhmo=
 github.com/jmoiron/sqlx v1.3.3/go.mod h1:2BljVx/86SuTyjE+aPYlHCTNvZrnJXghYGpNiXLBMCQ=
-github.com/jmoiron/sqlx v1.3.4/go.mod h1:2BljVx/86SuTyjE+aPYlHCTNvZrnJXghYGpNiXLBMCQ=
 github.com/jmoiron/sqlx v1.3.5 h1:vFFPA71p1o5gAeqtEAwLU4dnX2napprKtHr7PYIcN3g=
 github.com/jmoiron/sqlx v1.3.5/go.mod h1:nRVWtLre0KfCLJvgxzCsLVMogSvQ1zNJtpYr2Ccp0mQ=
 github.com/joho/godotenv v1.3.0/go.mod h1:7hK45KPybAkOC6peb+G5yklZfMxEjkZhHbwpqxOKXbg=
@@ -1117,9 +922,6 @@ github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+o
 github.com/kisielk/sqlstruct v0.0.0-20201105191214-5f3e10d3ab46/go.mod h1:yyMNCyc/Ib3bDTKd379tNMpB/7/H5TjM2Y9QJ5THLbE=
 github.com/kisom/goutils v1.4.3/go.mod h1:Lp5qrquG7yhYnWzZCI/68Pa/GpFynw//od6EkGnWpac=
 github.com/klauspost/compress v1.9.5/go.mod h1:RyIbtBH6LamlWaDj8nUwkbUhJ87Yi3uG0guNDohfE1A=
-github.com/klauspost/compress v1.11.3/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs=
-github.com/klauspost/compress v1.11.13/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs=
-github.com/klauspost/compress v1.13.6/go.mod h1:/3/Vjq9QcHkK5uEr5lBEmyoZ1iFhe47etQ6QUkpK6sk=
 github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
 github.com/konsorten/go-windows-terminal-sequences v1.0.2/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
 github.com/konsorten/go-windows-terminal-sequences v1.0.3/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
@@ -1131,7 +933,6 @@ github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfn
 github.com/kr/pretty v0.3.0 h1:WgNl7dwNpEZ6jJ9k1snq4pZsg7DOEN8hP9Xw0Tsjwk0=
 github.com/kr/pretty v0.3.0/go.mod h1:640gp4NfQd8pI5XOwp5fnNeVWj67G7CFk/SaSQn7NBk=
 github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
-github.com/kr/pty v1.1.5/go.mod h1:9r2w37qlBe7rQ6e1fg1S/9xpWHSnaqNdHD3WcMdbPDA=
 github.com/kr/pty v1.1.8/go.mod h1:O1sed60cT9XZ5uDucP5qwvh+TE3NnUj51EiZO/lmSfw=
 github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
 github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
@@ -1147,8 +948,9 @@ github.com/lib/pq v1.1.1/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo=
 github.com/lib/pq v1.2.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo=
 github.com/lib/pq v1.10.1/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o=
 github.com/lib/pq v1.10.2/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o=
-github.com/lib/pq v1.10.6 h1:jbk+ZieJ0D7EVGJYpL9QTz7/YW6UHbmdnZWYyK5cdBs=
 github.com/lib/pq v1.10.6/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o=
+github.com/lib/pq v1.10.7 h1:p7ZhMD+KsSRozJr34udlUrhboJwWAgCg34+/ZZNvZZw=
+github.com/lib/pq v1.10.7/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o=
 github.com/lightstep/lightstep-tracer-common/golang/gogo v0.0.0-20190605223551-bc2310a04743/go.mod h1:qklhhLq1aX+mtWk9cPHPzaBjWImj5ULL6C7HFJtXQMM=
 github.com/lightstep/lightstep-tracer-go v0.18.1/go.mod h1:jlF1pusYV4pidLvZ+XD0UBX0ZE6WURAspgAczcDHrL4=
 github.com/luna-duclos/instrumentedsql v1.1.3 h1:t7mvC0z1jUt5A0UQ6I/0H31ryymuQRnJcWCiqV3lSAA=
@@ -1163,16 +965,12 @@ github.com/magiconair/properties v1.8.6 h1:5ibWZ6iY0NctNGWo87LalDlEZ6R41TqbbDamh
 github.com/magiconair/properties v1.8.6/go.mod h1:y3VJvCyxH9uVvJTWEGAELF3aiYNyPKd5NZ3oSwXrF60=
 github.com/mailru/easyjson v0.0.0-20190614124828-94de47d64c63/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
 github.com/mailru/easyjson v0.0.0-20190626092158-b2ccc519800e/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
-github.com/mailru/easyjson v0.7.0/go.mod h1:KAzv3t3aY1NaHWoQz1+4F1ccyAH66Jk7yos7ldAVICs=
 github.com/mailru/easyjson v0.7.6/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc=
 github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0=
 github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc=
-github.com/markbates/hmax v1.0.0 h1:yo2N0gBoCnUMKhV/VRLHomT6Y9wUm+oQQENuWJqCdlM=
-github.com/markbates/hmax v1.0.0/go.mod h1:cOkR9dktiESxIMu+65oc/r/bdY4bE8zZw3OLhLx0X2c=
 github.com/markbates/oncer v0.0.0-20181203154359-bf2de49a0be2/go.mod h1:Ld9puTsIW75CHf65OeIOkyKbteujpZVXDpWK6YGZbxE=
 github.com/markbates/pkger v0.17.1 h1:/MKEtWqtc0mZvu9OinB9UzVN9iYCwLWuyUv4Bw+PCno=
 github.com/markbates/safe v1.0.1/go.mod h1:nAqgmRi7cY2nqMc92/bSEeQA+R4OheNU2T1kNSCBdG0=
-github.com/marstr/guid v1.1.0/go.mod h1:74gB1z2wpxxInTG6yaqA7KrtM0NZ+RbrcqDvYHefzho=
 github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU=
 github.com/mattn/go-colorable v0.1.1/go.mod h1:FuOcm+DKB9mbwrcAfNl7/TZVBZ6rcnceauSikq3lYCQ=
 github.com/mattn/go-colorable v0.1.2/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE=
@@ -1180,8 +978,8 @@ github.com/mattn/go-colorable v0.1.4/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVc
 github.com/mattn/go-colorable v0.1.6/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc=
 github.com/mattn/go-colorable v0.1.8/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc=
 github.com/mattn/go-colorable v0.1.9/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc=
-github.com/mattn/go-colorable v0.1.12 h1:jF+Du6AlPIjs2BiUiQlKOX0rt3SujHxPnksPKZbaA40=
-github.com/mattn/go-colorable v0.1.12/go.mod h1:u5H1YNBxpqRaxsYJYSkiCWKzEfiAb1Gb520KVy5xxl4=
+github.com/mattn/go-colorable v0.1.13 h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxecdEvA=
+github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovkB8vQcUbaXHg=
 github.com/mattn/go-ieproxy v0.0.0-20190610004146-91bb50d98149/go.mod h1:31jz6HNzdxOmlERGGEc4v/dMssOfmp2p5bT/okiKFFc=
 github.com/mattn/go-isatty v0.0.3/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4=
 github.com/mattn/go-isatty v0.0.4/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4=
@@ -1191,14 +989,14 @@ github.com/mattn/go-isatty v0.0.8/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hd
 github.com/mattn/go-isatty v0.0.10/go.mod h1:qgIWMr58cqv1PHHyhnkY9lrL7etaEgOFcMEpPG5Rm84=
 github.com/mattn/go-isatty v0.0.11/go.mod h1:PhnuNfih5lzO57/f3n+odYbM4JtupLOxQOAqxQCu2WE=
 github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU=
-github.com/mattn/go-isatty v0.0.14 h1:yVuAays6BHfxijgZPzw+3Zlu5yQgKGP2/hcQbHb7S9Y=
 github.com/mattn/go-isatty v0.0.14/go.mod h1:7GGIvUiUoEMVVmxf/4nioHXj79iQHKdU27kJ6hsGG94=
+github.com/mattn/go-isatty v0.0.16 h1:bq3VjFmv/sOjHtdEhmkEV4x1AJtvUvOJ2PFAZ5+peKQ=
+github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM=
 github.com/mattn/go-runewidth v0.0.2/go.mod h1:LwmH8dsx7+W8Uxz3IHJYH5QSwggIsqBzpuz5H//U1FU=
 github.com/mattn/go-runewidth v0.0.7/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI=
 github.com/mattn/go-runewidth v0.0.9/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI=
 github.com/mattn/go-runewidth v0.0.12 h1:Y41i/hVW3Pgwr8gV+J23B9YEY0zxjptBuCWEaxmAOow=
 github.com/mattn/go-runewidth v0.0.12/go.mod h1:RAqKPSqVFrSLVXbA8x7dzmKdmGzieGRCM46jaSJTDAk=
-github.com/mattn/go-shellwords v1.0.3/go.mod h1:3xCvwCdWdlDJUrvuMn7Wuy9eWs4pE8vqg+NOMyg4B2o=
 github.com/mattn/go-shellwords v1.0.10/go.mod h1:EZzvwXDESEeg03EKmM+RmDnNOPKG4lLtQsUlTZDWQ8Y=
 github.com/mattn/go-sqlite3 v1.14.7-0.20210414154423-1157a4212dcb h1:ax2vG2unlxsjwS7PMRo4FECIfAdQLowd6ejWYwPQhBo=
 github.com/mattn/go-sqlite3 v1.14.7-0.20210414154423-1157a4212dcb/go.mod h1:NyWgC/yNuGj7Q9rpYnZvas74GogHl5/Z4A/KQRfk6bU=
@@ -1206,11 +1004,12 @@ github.com/mattn/go-zglob v0.0.1/go.mod h1:9fxibJccNxU2cnpIKLRRFA7zX7qhkJIQWBb44
 github.com/mattn/goveralls v0.0.7 h1:vzy0i4a2iDzEFMdXIxcanRadkr0FBvSBKUmj0P8SPlQ=
 github.com/mattn/goveralls v0.0.7/go.mod h1:h8b4ow6FxSPMQHF6o2ve3qsclnffZjYTNEKmLesRwqw=
 github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0=
-github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369 h1:I0XW9+e1XWDxdcEniV4rQAIOPUGDq67JSCiRCgGCZLI=
-github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369/go.mod h1:BSXmuO+STAnVfrANrmjBb36TMTDstsz7MSK+HVaYKv4=
+github.com/matttproud/golang_protobuf_extensions v1.0.4 h1:mmDVorXM7PCGKw94cs5zkfA9PSy5pEvNWRP0ET0TIVo=
+github.com/matttproud/golang_protobuf_extensions v1.0.4/go.mod h1:BSXmuO+STAnVfrANrmjBb36TMTDstsz7MSK+HVaYKv4=
 github.com/mgutz/ansi v0.0.0-20170206155736-9520e82c474b/go.mod h1:01TrycV0kFyexm33Z7vhZRXopbI8J3TDReVlkTgMUxE=
-github.com/microcosm-cc/bluemonday v1.0.16 h1:kHmAq2t7WPWLjiGvzKa5o3HzSfahUKiOq7fAPUiMNIc=
-github.com/microcosm-cc/bluemonday v1.0.16/go.mod h1:Z0r70sCuXHig8YpBzCc5eGHAap2K7e/u082ZUpDRRqM=
+github.com/microcosm-cc/bluemonday v1.0.20/go.mod h1:yfBmMi8mxvaZut3Yytv+jTXRY8mxyjJ0/kQBTElld50=
+github.com/microcosm-cc/bluemonday v1.0.21 h1:dNH3e4PSyE4vNX+KlRGHT5KrSvjeUkoNPwEORjffHJg=
+github.com/microcosm-cc/bluemonday v1.0.21/go.mod h1:ytNkv4RrDrLJ2pqlsSI46O6IVXmZOBBD4SaJyDwwTkM=
 github.com/miekg/dns v1.0.14/go.mod h1:W1PPwlIAgtquWBMBEV9nkV9Cazfe8ScdGz/Lj7v3Nrg=
 github.com/miekg/dns v1.1.26/go.mod h1:bPDLeHnStXmXAq1m/Ch/hvfNHr14JKNPMBo3VZKjuso=
 github.com/miekg/dns v1.1.41 h1:WMszZWJG0XmzbK9FEmzH2TVcqYzFesusSIB41b8KHxY=
@@ -1219,7 +1018,6 @@ github.com/miekg/pkcs11 v1.0.2/go.mod h1:XsNlhZGX73bx86s2hdc/FuaLm2CPZJemRLMA+WT
 github.com/miekg/pkcs11 v1.0.3/go.mod h1:XsNlhZGX73bx86s2hdc/FuaLm2CPZJemRLMA+WTFxgs=
 github.com/mikefarah/yq/v4 v4.19.1 h1:QrZCqjOBZ918aOZIfl/IwnHBv104SPfarhgO5MGd2W4=
 github.com/mikefarah/yq/v4 v4.19.1/go.mod h1:krTElh9V1fv3Cw7+21S8El/W/vn3f2buOOcJ4VyjsFY=
-github.com/mistifyio/go-zfs v2.1.2-0.20190413222219-f784269be439+incompatible/go.mod h1:8AuVvqP/mXw1px98n46wfvcGfQ4ci2FwoAjKYxuo3Z4=
 github.com/mitchellh/cli v1.0.0/go.mod h1:hNIlj7HEI86fIcpObd7a0FcrxTWetlwJDGcceTlRvqc=
 github.com/mitchellh/cli v1.1.0/go.mod h1:xcISNoH86gajksDmfB23e/pu+B+GeFRMYmoHXxx3xhI=
 github.com/mitchellh/copystructure v1.0.0/go.mod h1:SNtv71yrdKgLRyLFxmLdkAbkKEFWgYaq1OVrnRcwhnw=
@@ -1242,19 +1040,13 @@ github.com/mitchellh/mapstructure v1.4.1/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RR
 github.com/mitchellh/mapstructure v1.4.3/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
 github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyuac5Z2hdY=
 github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
-github.com/mitchellh/osext v0.0.0-20151018003038-5e2d6d41470f/go.mod h1:OkQIRizQZAeMln+1tSwduZz7+Af5oFlKirV/MSYes2A=
 github.com/mitchellh/reflectwalk v1.0.0/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw=
 github.com/mitchellh/reflectwalk v1.0.1/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw=
 github.com/mitchellh/reflectwalk v1.0.2 h1:G2LzWKi524PWgd3mLHV8Y5k7s6XUvT0Gef6zxSIeXaQ=
 github.com/mitchellh/reflectwalk v1.0.2/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw=
-github.com/moby/locker v1.0.1/go.mod h1:S7SDdo5zpBK84bzzVlKr2V0hz+7x9hWbYC/kq7oQppc=
-github.com/moby/sys/mountinfo v0.4.0/go.mod h1:rEr8tzG/lsIZHBtN/JjGG+LMYx9eXgW2JI+6q0qou+A=
-github.com/moby/sys/mountinfo v0.4.1/go.mod h1:rEr8tzG/lsIZHBtN/JjGG+LMYx9eXgW2JI+6q0qou+A=
 github.com/moby/sys/mountinfo v0.5.0/go.mod h1:3bMD3Rg+zkqx8MRYPi7Pyb0Ie97QEBmdxbhnCLlSvSU=
-github.com/moby/sys/symlink v0.1.0/go.mod h1:GGDODQmbFOjFsXvfLVn3+ZRxkch54RkSiGqsZeMYowQ=
-github.com/moby/term v0.0.0-20200312100748-672ec06f55cd/go.mod h1:DdlQx2hp0Ss5/fLikoLlEeIYiATotOjgB//nb973jeo=
-github.com/moby/term v0.0.0-20210619224110-3f7ff695adc6 h1:dcztxKSvZ4Id8iPpHERQBbIJfabdt4wUm5qy3wOL2Zc=
-github.com/moby/term v0.0.0-20210619224110-3f7ff695adc6/go.mod h1:E2VnQOmVuvZB6UYnnDB0qG5Nq/1tD9acaOpo6xmt0Kw=
+github.com/moby/term v0.0.0-20220808134915-39b0c02b01ae h1:O4SWKdcHVCvYqyDV+9CJA1fcDN2L11Bule0iFy3YlAI=
+github.com/moby/term v0.0.0-20220808134915-39b0c02b01ae/go.mod h1:E2VnQOmVuvZB6UYnnDB0qG5Nq/1tD9acaOpo6xmt0Kw=
 github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
 github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg=
 github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
@@ -1269,13 +1061,10 @@ github.com/montanaflynn/stats v0.0.0-20171201202039-1bf9dbcd8cbe/go.mod h1:wL8QJ
 github.com/morikuni/aec v1.0.0 h1:nP9CBfwrvYnBRgY6qfDQkygYDmYwOilePFkwzv4dU8A=
 github.com/mreiferson/go-httpclient v0.0.0-20160630210159-31f0106b4474/go.mod h1:OQA4XLvDbMgS8P0CevmM4m9Q3Jq4phKUzcocxuGJ5m8=
 github.com/mrunalp/fileutils v0.5.0/go.mod h1:M1WthSahJixYnrXQl/DFQuteStB1weuxD2QJNHXfbSQ=
-github.com/munnerz/goautoneg v0.0.0-20120707110453-a547fc61f48d/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ=
-github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ=
 github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
 github.com/mwitkow/go-conntrack v0.0.0-20190716064945-2f068394615f/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
 github.com/mwitkow/go-proto-validators v0.0.0-20180403085117-0950a7990007/go.mod h1:m2XC9Qq0AlmmVksL6FktJCdTYyLk7V3fKyp0sl1yWQo=
 github.com/mwitkow/go-proto-validators v0.2.0/go.mod h1:ZfA1hW+UH/2ZHOWvQ3HnQaU0DtnpXu850MZiy+YUgcc=
-github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f/go.mod h1:ZdcZmHo+o7JKHSa8/e818NopupXU1YMK5fe1lsApnBw=
 github.com/nats-io/jwt v0.3.0/go.mod h1:fRYCDE99xlTsqUzISS1Bi75UBJ6ljOJQOAAu5VglpSg=
 github.com/nats-io/jwt v0.3.2/go.mod h1:/euKqTS1ZD+zzjYrY7pseZrTtWQSjujC7xjPc8wL6eU=
 github.com/nats-io/nats-server/v2 v2.1.2/go.mod h1:Afk+wRZqkMQs/p45uXdrVLuab3gwv3Z8C4HTBu8GD/k=
@@ -1283,15 +1072,13 @@ github.com/nats-io/nats.go v1.9.1/go.mod h1:ZjDU1L/7fJ09jvUSRVBR2e7+RnLiiIQyqyzE
 github.com/nats-io/nkeys v0.1.0/go.mod h1:xpnFELMwJABBLVhffcfd1MZx6VsNRFpEugbxziKVo7w=
 github.com/nats-io/nkeys v0.1.3/go.mod h1:xpnFELMwJABBLVhffcfd1MZx6VsNRFpEugbxziKVo7w=
 github.com/nats-io/nuid v1.0.1/go.mod h1:19wcPz3Ph3q0Jbyiqsd0kePYG7A95tJPxeL+1OSON2c=
-github.com/ncw/swift v1.0.47/go.mod h1:23YIA4yWVnGwv2dQlN4bB7egfYX6YLn0Yo/S6zZO/ZM=
 github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno=
 github.com/nishanths/predeclared v0.0.0-20200524104333-86fad755b4d3/go.mod h1:nt3d53pc1VYcphSCIaYAJtnPYnr3Zyn8fMq2wvPGPso=
 github.com/nkovacs/streamquote v1.0.0/go.mod h1:BN+NaZ2CmdKqUuTUXUEm9j95B2TRbpOWpxbJYzzgUsc=
 github.com/npillmayer/nestext v0.1.3/go.mod h1:h2lrijH8jpicr25dFY+oAJLyzlya6jhnuG+zWp9L0Uk=
-github.com/nxadm/tail v1.4.4/go.mod h1:kenIhsEOeOJmVchQTgglprH7qJGnHDVpk1VPCcaMI8A=
-github.com/nxadm/tail v1.4.8/go.mod h1:+ncqLTQzXmGhMZNUePPaPqPvBxHAIsmXswZKocGu+AU=
-github.com/nyaruka/phonenumbers v1.0.73 h1:bP2WN8/NUP8tQebR+WCIejFaibwYMHOaB7MQVayclUo=
 github.com/nyaruka/phonenumbers v1.0.73/go.mod h1:3aiS+PS3DuYwkbK3xdcmRwMiPNECZ0oENH8qUT1lY7Q=
+github.com/nyaruka/phonenumbers v1.1.1 h1:fyoZmpLN2VCmAnc51XcrNOUVP2wT1ZzQl348ggIaXII=
+github.com/nyaruka/phonenumbers v1.1.1/go.mod h1:cGaEsOrLjIL0iKGqJR5Rfywy86dSkbApEpXuM9KySNA=
 github.com/oklog/oklog v0.3.2/go.mod h1:FCV+B7mhrz4o+ueLpx+KqkyXRGMWOYEvfiXtdGtbWGs=
 github.com/oklog/run v1.0.0/go.mod h1:dlhp/R75TPv97u0XWUtDeV/lRKWPKSdTuV0TZvrmrQA=
 github.com/oklog/ulid v1.3.1 h1:EGfNDEx6MqHz8B3uNV6QAib1UR2Lm97sHi3ocA6ESJ4=
@@ -1300,54 +1087,20 @@ github.com/olekukonko/tablewriter v0.0.0-20170122224234-a0225b3f23b5/go.mod h1:v
 github.com/olekukonko/tablewriter v0.0.4/go.mod h1:zq6QwlOf5SlnkVbMSr5EoBv3636FWnp+qbPhuoO21uA=
 github.com/olekukonko/tablewriter v0.0.5 h1:P2Ga83D34wi1o9J6Wh1mRuqd4mF/x/lgBS7N7AbDhec=
 github.com/olekukonko/tablewriter v0.0.5/go.mod h1:hPp6KlRPjbx+hW8ykQs1w3UBbZlj6HuIJcUGPhkA7kY=
-github.com/onsi/ginkgo v0.0.0-20151202141238-7f8ab55aaf3b/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
-github.com/onsi/ginkgo v0.0.0-20170829012221-11459a886d9c/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
 github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
 github.com/onsi/ginkgo v1.7.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
-github.com/onsi/ginkgo v1.10.1/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
 github.com/onsi/ginkgo v1.10.3/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
-github.com/onsi/ginkgo v1.11.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
-github.com/onsi/ginkgo v1.12.1/go.mod h1:zj2OWP4+oCPe1qIXoGWkgMRwljMUYCdkwsT2108oapk=
-github.com/onsi/ginkgo v1.16.4/go.mod h1:dX+/inL/fNMqNlz0e9LfyB9TswhZpCVdJM/Z6Vvnwo0=
-github.com/onsi/ginkgo v1.16.5/go.mod h1:+E8gABHa3K6zRBolWtd+ROzc/U5bkGt0FwiG042wbpU=
-github.com/onsi/gomega v0.0.0-20151007035656-2152b45fa28a/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA=
-github.com/onsi/gomega v0.0.0-20170829124025-dcabb60a477c/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA=
 github.com/onsi/gomega v1.4.3/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY=
 github.com/onsi/gomega v1.5.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY=
-github.com/onsi/gomega v1.7.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY=
 github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY=
-github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo=
-github.com/onsi/gomega v1.10.3/go.mod h1:V9xEwhxec5O8UDM77eCW8vLymOMltsqPVYWrpDsH8xc=
-github.com/onsi/gomega v1.16.0/go.mod h1:HnhC7FXeEQY45zxNK3PPoIUhzk/80Xly9PcubAlGdZY=
 github.com/op/go-logging v0.0.0-20160315200505-970db520ece7/go.mod h1:HzydrMdWErDVzsI23lYNej1Htcns9BCg93Dk0bBINWk=
-github.com/opencontainers/go-digest v0.0.0-20170106003457-a6d0ee40d420/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s=
-github.com/opencontainers/go-digest v0.0.0-20180430190053-c9281466c8b2/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s=
-github.com/opencontainers/go-digest v1.0.0-rc1/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s=
-github.com/opencontainers/go-digest v1.0.0-rc1.0.20180430190053-c9281466c8b2/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s=
 github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U=
 github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM=
-github.com/opencontainers/image-spec v1.0.0/go.mod h1:BtxoFyWECRxE4U/7sNtV5W15zMzWCbyJoFRP3s7yZA0=
-github.com/opencontainers/image-spec v1.0.1/go.mod h1:BtxoFyWECRxE4U/7sNtV5W15zMzWCbyJoFRP3s7yZA0=
-github.com/opencontainers/image-spec v1.0.2 h1:9yCKha/T5XdGtO0q9Q9a6T5NUCsTn/DrBg0D7ufOcFM=
-github.com/opencontainers/image-spec v1.0.2/go.mod h1:BtxoFyWECRxE4U/7sNtV5W15zMzWCbyJoFRP3s7yZA0=
-github.com/opencontainers/runc v0.0.0-20190115041553-12f6a991201f/go.mod h1:qT5XzbpPznkRYVz/mWwUaVBUv2rmF59PVA73FjuZG0U=
-github.com/opencontainers/runc v0.1.1/go.mod h1:qT5XzbpPznkRYVz/mWwUaVBUv2rmF59PVA73FjuZG0U=
-github.com/opencontainers/runc v1.0.0-rc8.0.20190926000215-3e425f80a8c9/go.mod h1:qT5XzbpPznkRYVz/mWwUaVBUv2rmF59PVA73FjuZG0U=
-github.com/opencontainers/runc v1.0.0-rc9/go.mod h1:qT5XzbpPznkRYVz/mWwUaVBUv2rmF59PVA73FjuZG0U=
-github.com/opencontainers/runc v1.0.0-rc93/go.mod h1:3NOsor4w32B2tC0Zbl8Knk4Wg84SM2ImC1fxBuqJ/H0=
-github.com/opencontainers/runc v1.0.2/go.mod h1:aTaHFFwQXuA71CiyxOdFFIorAoemI04suvGRQFzWTD0=
-github.com/opencontainers/runc v1.1.1 h1:PJ9DSs2sVwE0iVr++pAHE6QkS9tzcVWozlPifdwMgrU=
-github.com/opencontainers/runc v1.1.1/go.mod h1:Tj1hFw6eFWp/o33uxGf5yF2BX5yz2Z6iptFpuvbbKqc=
-github.com/opencontainers/runtime-spec v0.1.2-0.20190507144316-5b71a03e2700/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0=
-github.com/opencontainers/runtime-spec v1.0.1/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0=
-github.com/opencontainers/runtime-spec v1.0.2-0.20190207185410-29686dbc5559/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0=
-github.com/opencontainers/runtime-spec v1.0.2/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0=
-github.com/opencontainers/runtime-spec v1.0.3-0.20200929063507-e6143ca7d51d/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0=
+github.com/opencontainers/image-spec v1.1.0-rc2 h1:2zx/Stx4Wc5pIPDvIxHXvXtQFW/7XWJGmnM7r3wg034=
+github.com/opencontainers/image-spec v1.1.0-rc2/go.mod h1:3OVijpioIKYWTqjiG0zfF6wvoJ4fAXGbjdZuI2NgsRQ=
+github.com/opencontainers/runc v1.1.4 h1:nRCz/8sKg6K6jgYAFLDlXzPeITBZJyX28DBVhWD+5dg=
+github.com/opencontainers/runc v1.1.4/go.mod h1:1J5XiS+vdZ3wCyZybsuxXZWGrgSr8fFJHLXuG2PsnNg=
 github.com/opencontainers/runtime-spec v1.0.3-0.20210326190908-1c3f411f0417/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0=
-github.com/opencontainers/runtime-tools v0.0.0-20181011054405-1d69bd0f9c39/go.mod h1:r3f7wjNzSs2extwzU3Y+6pKfobzPh+kKFJ3ofN+3nfs=
-github.com/opencontainers/selinux v1.6.0/go.mod h1:VVGKuOLlE7v4PJyT6h7mNWvq1rzqiriPsEqVhc+svHE=
-github.com/opencontainers/selinux v1.8.0/go.mod h1:RScLhm78qiWa2gbVCcGkC7tCGdgk3ogry1nUQF8Evvo=
-github.com/opencontainers/selinux v1.8.2/go.mod h1:MUIHuUEvKB1wtJjQdOyYRgOnLD2xAPP8dBsCoU0KuF8=
 github.com/opencontainers/selinux v1.10.0/go.mod h1:2i0OySw99QjzBBQByd1Gr9gSjvuho1lHsJxIJ3gGbJI=
 github.com/opentracing-contrib/go-observer v0.0.0-20170622124052-a52f23424492/go.mod h1:Ngi6UdF0k5OKD5t5wlmGhe/EDKPoUM3BXZSSfIuJbis=
 github.com/opentracing/basictracer-go v1.0.0/go.mod h1:QfBfYuafItcjQuMwinw9GhYKwFXS9KnPs5lxoYwgW74=
@@ -1358,12 +1111,12 @@ github.com/openzipkin-contrib/zipkin-go-opentracing v0.4.5/go.mod h1:/wsWhb9smxS
 github.com/openzipkin/zipkin-go v0.1.6/go.mod h1:QgAqvLzwWbR/WpD4A3cGpPtJrZXNIiJc5AZX7/PBEpw=
 github.com/openzipkin/zipkin-go v0.2.1/go.mod h1:NaW6tEwdmWMaCDZzg8sh+IBNOxHMPnhQw8ySjnjRyN4=
 github.com/openzipkin/zipkin-go v0.2.2/go.mod h1:NaW6tEwdmWMaCDZzg8sh+IBNOxHMPnhQw8ySjnjRyN4=
-github.com/openzipkin/zipkin-go v0.4.0 h1:CtfRrOVZtbDj8rt1WXjklw0kqqJQwICrCKmlfUuBUUw=
-github.com/openzipkin/zipkin-go v0.4.0/go.mod h1:4c3sLeE8xjNqehmF5RpAFLPLJxXscc0R4l6Zg0P1tTQ=
+github.com/openzipkin/zipkin-go v0.4.1 h1:kNd/ST2yLLWhaWrkgchya40TJabe8Hioj9udfPcEO5A=
+github.com/openzipkin/zipkin-go v0.4.1/go.mod h1:qY0VqDSN1pOBN94dBc6w2GJlWLiovAyg7Qt6/I9HecM=
 github.com/ory/analytics-go/v4 v4.0.3 h1:2zNBQLlm3UiD8U7DdUGLLUBm62ZA5GtbEJ3S5U+xEOI=
 github.com/ory/analytics-go/v4 v4.0.3/go.mod h1:A3Chm/3TmM8jw4nqRss+gFhAYHRI5j/HFYH3C1FRahU=
-github.com/ory/dockertest/v3 v3.9.0 h1:U7M9FfYEwF4uqEE6WUSFs7K+Hvb31CsCX5uZUZD3olI=
-github.com/ory/dockertest/v3 v3.9.0/go.mod h1:jgm0rnguArPXsVduy+oUjzFtD0Na+DDNbUl8W5v+ez8=
+github.com/ory/dockertest/v3 v3.9.1 h1:v4dkG+dlu76goxMiTT2j8zV7s4oPPEppKT8K8p2f1kY=
+github.com/ory/dockertest/v3 v3.9.1/go.mod h1:42Ir9hmvaAPm0Mgibk6mBPi7SFvTXxEcnztDYOJ//uM=
 github.com/ory/go-acc v0.2.6/go.mod h1:4Kb/UnPcT8qRAk3IAxta+hvVapdxTLWtrr7bFLlEgpw=
 github.com/ory/go-acc v0.2.8 h1:rOHHAPQjf0u7eHFGWpiXK+gIu/e0GRSJNr9pDukdNC4=
 github.com/ory/go-acc v0.2.8/go.mod h1:iCRZUdGb/7nqvSn8xWZkhfVrtXRZ9Wru2E5rabCjFPI=
@@ -1386,16 +1139,8 @@ github.com/ory/sessions v1.2.2-0.20220110165800-b09c17334dc2 h1:zm6sDvHy/U9XrGpi
 github.com/ory/sessions v1.2.2-0.20220110165800-b09c17334dc2/go.mod h1:dk2InVEVJ0sfLlnXv9EAgkf6ecYs/i80K/zI+bUmuGM=
 github.com/ory/viper v1.7.5 h1:+xVdq7SU3e1vNaCsk/ixsfxE4zylk1TJUiJrY647jUE=
 github.com/ory/viper v1.7.5/go.mod h1:ypOuyJmEUb3oENywQZRgeAMwqgOyDqwboO1tj3DjTaM=
-github.com/ory/x v0.0.495 h1:AwTlg6nQc9C/XwJSr70R5EViBv5O9pY96h2+Vw4i2nM=
-github.com/ory/x v0.0.495/go.mod h1:dJ800rWC2/eNECWhXMyI9kSd7lO2LTOu6R8oS0lQZ38=
-github.com/ory/x v0.0.496-0.20221027114537-490370eefcfb h1:AOqV/+3jrxISU62EWJ7n/0bf79Eeldcuij3LvTRcbYw=
-github.com/ory/x v0.0.496-0.20221027114537-490370eefcfb/go.mod h1:dJ800rWC2/eNECWhXMyI9kSd7lO2LTOu6R8oS0lQZ38=
-github.com/ory/x v0.0.496-0.20221027125254-7dff188fc6a7 h1:KRAX3igVIm1x4D6pkrsRLR23ebsvTVIvn2n2CY+m478=
-github.com/ory/x v0.0.496-0.20221027125254-7dff188fc6a7/go.mod h1:dJ800rWC2/eNECWhXMyI9kSd7lO2LTOu6R8oS0lQZ38=
-github.com/ory/x v0.0.496-0.20221027125525-9b0bf170fc8f h1:5rcqhDWQfdJpi+aSOzdeno5iU4bj7m+xMPl7D3bTcQo=
-github.com/ory/x v0.0.496-0.20221027125525-9b0bf170fc8f/go.mod h1:dJ800rWC2/eNECWhXMyI9kSd7lO2LTOu6R8oS0lQZ38=
-github.com/ory/x v0.0.496-0.20221027133513-e86fadee7d2e h1:PoCwBFFMxKPcSUrB14SxJylO/3p5tpc3fcCXZYwrCi0=
-github.com/ory/x v0.0.496-0.20221027133513-e86fadee7d2e/go.mod h1:dJ800rWC2/eNECWhXMyI9kSd7lO2LTOu6R8oS0lQZ38=
+github.com/ory/x v0.0.506 h1:kqkGwRuhZsyLf2zgjIyOkuY1nRfbWu2aPOQTk03j6ZQ=
+github.com/ory/x v0.0.506/go.mod h1:xUtRpoiRARyJNPVk/fcCNKzyp25Foxt9GPlj8pd7egY=
 github.com/otiai10/copy v1.2.0/go.mod h1:rrF5dJ5F0t/EWSYODDu4j9/vEeYHMkc8jt0zJChqQWw=
 github.com/otiai10/curr v0.0.0-20150429015615-9b4961190c95/go.mod h1:9qAhocn7zKJG+0mI8eUu6xqkFDYS2kb2saOteoSB3cE=
 github.com/otiai10/curr v1.0.0/go.mod h1:LskTG5wDwr8Rs+nNQ+1LlxRjAtTZZjtJW4rMXl6j4vs=
@@ -1418,24 +1163,20 @@ github.com/pelletier/go-toml v1.9.5/go.mod h1:u1nR/EPcESfeI/szUZKdtJ0xRNbUoANCko
 github.com/pelletier/go-toml/v2 v2.0.1 h1:8e3L2cCQzLFi2CR4g7vGFuFxX7Jl1kKX8gW+iV0GUKU=
 github.com/pelletier/go-toml/v2 v2.0.1/go.mod h1:r9LEWfGN8R5k0VXJ+0BkIe7MYkRdwZOjgMj2KwnJFUo=
 github.com/performancecopilot/speed v3.0.0+incompatible/go.mod h1:/CLtqpZ5gBg1M9iaPbIdPPGyKcA8hKdoy6hAWba7Yac=
-github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR/tNboyR3/BZd58JJSHlUSCU=
 github.com/phayes/freeport v0.0.0-20180830031419-95f893ade6f2 h1:JhzVVoYvbOACxoUmOs6V/G4D5nPVUW73rKvXxP4XUJc=
 github.com/phayes/freeport v0.0.0-20180830031419-95f893ade6f2/go.mod h1:iIss55rKnNBTvrwdmkUpLnDpZoAHvWaiq5+iMmen4AE=
 github.com/pierrec/lz4 v1.0.2-0.20190131084431-473cd7ce01a1/go.mod h1:3/3N9NVKO0jef7pBehbT1qWhCMrIgbYNnFAZCqQ5LRc=
 github.com/pierrec/lz4 v2.0.5+incompatible/go.mod h1:pdkljMzZIN41W+lC3N2tnIh5sFi+IEE17M5jbnwPHcY=
-github.com/pierrec/lz4 v2.6.1+incompatible/go.mod h1:pdkljMzZIN41W+lC3N2tnIh5sFi+IEE17M5jbnwPHcY=
-github.com/pierrre/gotestcover v0.0.0-20160517101806-924dca7d15f0/go.mod h1:4xpMLz7RBWyB+ElzHu8Llua96TRCB3YwX+l5EP1wmHk=
 github.com/pkg/diff v0.0.0-20200914180035-5b29258ca4f7/go.mod h1:zO8QMzTeZd5cpnIkz/Gn6iK0jDfGicM1nynOkkPIl28=
 github.com/pkg/diff v0.0.0-20210226163009-20ebb0f2a09e h1:aoZm08cpOy4WuID//EZDgcC4zIxODThtZNPirFr42+A=
 github.com/pkg/diff v0.0.0-20210226163009-20ebb0f2a09e/go.mod h1:pJLUxLENpZxwdsKMEsNbx1VGcRFpLqf3715MtcvvzbA=
 github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
-github.com/pkg/errors v0.8.1-0.20171018195549-f15c970de5b7/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
 github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pkg/profile v1.2.1/go.mod h1:hJw3o1OdXxsrSjjVksARp5W95eeEaEfptyVZyv6JUPA=
-github.com/pkg/profile v1.6.0 h1:hUDfIISABYI59DyeB3OTay/HxSRwTQ8rB/H83k6r5dM=
-github.com/pkg/profile v1.6.0/go.mod h1:qBsxPvzyUincmltOk6iyRVxHYg4adc0OFOv72ZdLa18=
+github.com/pkg/profile v1.7.0 h1:hnbDkaNWPCLMO9wGLdBFTIZvzDrDfBM2072E1S9gJkA=
+github.com/pkg/profile v1.7.0/go.mod h1:8Uer0jas47ZQMJ7VD+OHknK4YDY07LPUC6dEvqDjvNo=
 github.com/pkg/sftp v1.10.1/go.mod h1:lYOWFsE0bwd1+KfKJaKeuokY15vzFx25BLbzYYoAxZI=
 github.com/pkg/sftp v1.13.1/go.mod h1:3HaPG6Dq1ILlpPZRO0HVMrsydcdLt6HRDccSgb87qRg=
 github.com/pmezard/go-difflib v0.0.0-20151028094244-d8ed2627bdf0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
@@ -1443,74 +1184,66 @@ github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZb
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/posener/complete v1.1.1/go.mod h1:em0nMJCgc9GFtwrmVmEMR/ZL6WyhyjMBndrE9hABlRI=
 github.com/posener/complete v1.2.3/go.mod h1:WZIdtGGp+qx0sLrYKtIRAruyNpv6hFCicSgv7Sy7s/s=
-github.com/pquerna/cachecontrol v0.0.0-20171018203845-0dec1b30a021/go.mod h1:prYjPmNq4d1NPVmpShWobRqXY3q7Vp+80DqgxxUrUIA=
 github.com/pquerna/cachecontrol v0.1.0 h1:yJMy84ti9h/+OEWa752kBTKv4XC30OtVVHYv/8cTqKc=
 github.com/pquerna/cachecontrol v0.1.0/go.mod h1:NrUG3Z7Rdu85UNR3vm7SOsl1nFIeSiQnrHV5K9mBcUI=
 github.com/pquerna/otp v1.3.0 h1:oJV/SkzR33anKXwQU3Of42rL4wbrffP4uvUf1SvS5Xs=
 github.com/pquerna/otp v1.3.0/go.mod h1:dkJfzwRKNiegxyNb54X/3fLwhCynbMspSyWKnvi1AEg=
-github.com/prometheus/client_golang v0.0.0-20180209125602-c332b6f63c06/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw=
 github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw=
 github.com/prometheus/client_golang v0.9.3-0.20190127221311-3c4408c8b829/go.mod h1:p2iRAGwDERtqlqzRXnrOVns+ignqQo//hLXqYxZYVNs=
 github.com/prometheus/client_golang v0.9.3/go.mod h1:/TN21ttK/J9q6uSwhBd54HahCDft0ttaMvbicHlPoso=
 github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo=
-github.com/prometheus/client_golang v1.1.0/go.mod h1:I1FGZT9+L76gKKOs5djB6ezCbFQP1xR9D75/vuwEF3g=
 github.com/prometheus/client_golang v1.3.0/go.mod h1:hJaj2vgQTGQmVCsAACORcieXFeDPbaTKGT+JTgUa3og=
 github.com/prometheus/client_golang v1.4.0/go.mod h1:e9GMxYsXl05ICDXkRhurwBS4Q3OK1iX/F2sw+iXX5zU=
 github.com/prometheus/client_golang v1.5.1/go.mod h1:e9GMxYsXl05ICDXkRhurwBS4Q3OK1iX/F2sw+iXX5zU=
 github.com/prometheus/client_golang v1.7.1/go.mod h1:PY5Wy2awLA44sXw4AOSfFBetzPP4j5+D6mVACh+pe2M=
 github.com/prometheus/client_golang v1.10.0/go.mod h1:WJM3cc3yu7XKBKa/I8WeZm+V3eltZnBwfENSU7mdogU=
 github.com/prometheus/client_golang v1.11.0/go.mod h1:Z6t4BnS23TR94PD6BsDNk8yVqroYurpAkEiz0P2BEV0=
-github.com/prometheus/client_golang v1.11.1 h1:+4eQaD7vAZ6DsfsxB15hbE0odUjGI5ARs9yskGu1v4s=
 github.com/prometheus/client_golang v1.11.1/go.mod h1:Z6t4BnS23TR94PD6BsDNk8yVqroYurpAkEiz0P2BEV0=
-github.com/prometheus/client_model v0.0.0-20171117100541-99fa1f4be8e5/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo=
+github.com/prometheus/client_golang v1.12.1/go.mod h1:3Z9XVyYiZYEO+YQWt3RD2R3jrbd179Rt297l4aS6nDY=
+github.com/prometheus/client_golang v1.13.0 h1:b71QUfeo5M8gq2+evJdTPfZhYMAU0uKPkyPJ7TPsloU=
+github.com/prometheus/client_golang v1.13.0/go.mod h1:vTeo+zgvILHsnnj/39Ou/1fPN5nJFOEMgftOUOmlvYQ=
 github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo=
 github.com/prometheus/client_model v0.0.0-20190115171406-56726106282f/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo=
 github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
 github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
 github.com/prometheus/client_model v0.1.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
-github.com/prometheus/client_model v0.2.0 h1:uq5h0d+GuxiXLJLNABMgp2qUWDPiLvgCzz2dUR+/W/M=
 github.com/prometheus/client_model v0.2.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
-github.com/prometheus/common v0.0.0-20180110214958-89604d197083/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro=
+github.com/prometheus/client_model v0.3.0 h1:UBgGFHqYdG/TPFD1B1ogZywDqEkwp3fBMvqdiQ7Xew4=
+github.com/prometheus/client_model v0.3.0/go.mod h1:LDGWKZIo7rky3hgvBe+caln+Dr3dPggB5dvjtD7w9+w=
 github.com/prometheus/common v0.0.0-20181113130724-41aa239b4cce/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro=
 github.com/prometheus/common v0.2.0/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4=
 github.com/prometheus/common v0.4.0/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4=
 github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4=
-github.com/prometheus/common v0.6.0/go.mod h1:eBmuwkDJBwy6iBfxCBob6t6dR6ENT/y+J+Zk0j9GMYc=
 github.com/prometheus/common v0.7.0/go.mod h1:DjGbpBbp5NYNiECxcL/VnbXCCaQpKd3tt26CguLLsqA=
 github.com/prometheus/common v0.9.1/go.mod h1:yhUN8i9wzaXS3w1O07YhxHEBxD+W35wd8bs7vj7HSQ4=
 github.com/prometheus/common v0.10.0/go.mod h1:Tlit/dnDKsSWFlCLTWaA1cyBgKHSMdTB80sz/V91rCo=
 github.com/prometheus/common v0.18.0/go.mod h1:U+gB1OBLb1lF3O42bTCL+FK18tX9Oar16Clt/msog/s=
 github.com/prometheus/common v0.24.0/go.mod h1:H6QK/N6XVT42whUeIdI3dp36w49c+/iMDk7UAI2qm7Q=
 github.com/prometheus/common v0.26.0/go.mod h1:M7rCNAaPfAosfx8veZJCuw84e35h3Cfd9VFqTh1DIvc=
-github.com/prometheus/common v0.32.1 h1:hWIdL3N2HoUx3B8j3YN9mWor0qhY/NlEKZEaXxuIRh4=
 github.com/prometheus/common v0.32.1/go.mod h1:vu+V0TpY+O6vW9J44gczi3Ap/oXXR10b+M/gUGO4Hls=
-github.com/prometheus/procfs v0.0.0-20180125133057-cb4147076ac7/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
+github.com/prometheus/common v0.37.0 h1:ccBbHCgIiT9uSoFY0vX8H3zsNR5eLt17/RQLUvn8pXE=
+github.com/prometheus/common v0.37.0/go.mod h1:phzohg0JFMnBEFGxTDbfu3QyL5GI8gTQJFhYO5B3mfA=
 github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
 github.com/prometheus/procfs v0.0.0-20190117184657-bf6a532e95b1/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
 github.com/prometheus/procfs v0.0.0-20190507164030-5867b95ac084/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA=
-github.com/prometheus/procfs v0.0.0-20190522114515-bc1a522cf7b1/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA=
 github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA=
-github.com/prometheus/procfs v0.0.3/go.mod h1:4A/X28fw3Fc593LaREMrKMqOKvUAntwMDaekg4FpcdQ=
-github.com/prometheus/procfs v0.0.5/go.mod h1:4A/X28fw3Fc593LaREMrKMqOKvUAntwMDaekg4FpcdQ=
 github.com/prometheus/procfs v0.0.8/go.mod h1:7Qr8sr6344vo1JqZ6HhLceV9o3AJ1Ff+GxbHq6oeK9A=
 github.com/prometheus/procfs v0.1.3/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4OA4YeYWdaU=
 github.com/prometheus/procfs v0.2.0/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4OA4YeYWdaU=
 github.com/prometheus/procfs v0.6.0/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA=
-github.com/prometheus/procfs v0.7.3 h1:4jVXhlkAyzOScmCkXBTOLRLTz8EeU+eyjrwB/EPq0VU=
 github.com/prometheus/procfs v0.7.3/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA=
+github.com/prometheus/procfs v0.8.0 h1:ODq8ZFEaYeCaZOJlZZdJA2AbQR98dSHSM1KW/You5mo=
+github.com/prometheus/procfs v0.8.0/go.mod h1:z7EfXMXOkbkqb9IINtpCn86r/to3BnA0uaxHdg830/4=
 github.com/prometheus/tsdb v0.7.1/go.mod h1:qhTCs0VvXwvX/y3TZrWD7rabWM+ijKTux40TwIPHuXU=
 github.com/pseudomuto/protoc-gen-doc v1.4.1/go.mod h1:exDTOVwqpp30eV/EDPFLZy3Pwr2sn6hBC1WIYH/UbIg=
 github.com/pseudomuto/protokit v0.2.0/go.mod h1:2PdH30hxVHsup8KpBTOXTBeMVhJZVio3Q8ViKSAXT0Q=
-github.com/rabbitmq/amqp091-go v1.1.0/go.mod h1:ogQDLSOACsLPsIq0NpbtiifNZi2YOz0VTJ0kHRghqbM=
 github.com/rcrowley/go-metrics v0.0.0-20181016184325-3113b8401b8a/go.mod h1:bCqnVzQkZxMG4s8nGwiZ5l3QUCyqpo9Y+/ZMZ9VjZe4=
-github.com/rcrowley/go-metrics v0.0.0-20201227073835-cf1acfcdf475/go.mod h1:bCqnVzQkZxMG4s8nGwiZ5l3QUCyqpo9Y+/ZMZ9VjZe4=
 github.com/rhnvrm/simples3 v0.6.1/go.mod h1:Y+3vYm2V7Y4VijFoJHHTrja6OgPrJ2cBti8dPGkC3sA=
 github.com/rivo/uniseg v0.1.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc=
 github.com/rivo/uniseg v0.2.0 h1:S1pD9weZBuJdFmowNwbpi7BJ8TNftyUImj/0WQi72jY=
 github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc=
 github.com/rjeczalik/notify v0.0.0-20181126183243-629144ba06a1 h1:FLWDC+iIP9BWgYKvWKKtOUZux35LIQNAuIzp/63RQJU=
 github.com/rjeczalik/notify v0.0.0-20181126183243-629144ba06a1/go.mod h1:aErll2f0sUX9PXZnVNyeiObbmTlk5jnMoCa4QEjJeqM=
-github.com/robertkrimen/godocdown v0.0.0-20130622164427-0bfa04905481/go.mod h1:C9WhFzY47SzYBIvzFqSvHIR6ROgDo4TtdTuRaOMjF/s=
 github.com/rogpeppe/fastuuid v0.0.0-20150106093220-6724a57986af/go.mod h1:XWv6SoW27p1b0cqNHllgS5HIMJraePCO15w5zCzIWYg=
 github.com/rogpeppe/fastuuid v1.1.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ=
 github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ=
@@ -1519,7 +1252,6 @@ github.com/rogpeppe/go-internal v1.2.2/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFR
 github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
 github.com/rogpeppe/go-internal v1.6.1/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc=
 github.com/rogpeppe/go-internal v1.6.2/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc=
-github.com/rogpeppe/go-internal v1.8.0/go.mod h1:WmiCO8CzOY8rg0OYDC4/i/2WRWAB6poM+XZ2dLUbcbE=
 github.com/rogpeppe/go-internal v1.9.0 h1:73kH8U+JUqXU8lRuOHeVHaa/SZPifC7BkcraZVejAe8=
 github.com/rogpeppe/go-internal v1.9.0/go.mod h1:WtVeX8xhTBvf0smdhujwtBcq4Qrzq/fJaraNFVN+nFs=
 github.com/rs/cors v1.7.0/go.mod h1:gFx+x8UowdsKA9AchylcLynDq+nNFfI8FkUZdN/jGCU=
@@ -1535,7 +1267,6 @@ github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQD
 github.com/ryanuber/columnize v0.0.0-20160712163229-9b3edd62028f/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts=
 github.com/ryanuber/columnize v2.1.0+incompatible/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts=
 github.com/ryanuber/go-glob v1.0.0/go.mod h1:807d1WSdnB0XRJzKNil9Om6lcp/3a0v4qIHxIXzX/Yc=
-github.com/safchain/ethtool v0.0.0-20190326074333-42ed695e3de8/go.mod h1:Z0q5wiBQGYcxhMZ6gUqHn6pYNLypFAvaL3UvgZLR0U4=
 github.com/samuel/go-zookeeper v0.0.0-20190923202752-2cc03de413da/go.mod h1:gi+0XIa01GRL2eRQVjQkKGqKF3SF9vZR/HnPullcV2E=
 github.com/sassoftware/go-rpmutils v0.0.0-20190420191620-a8f1baeba37b/go.mod h1:am+Fp8Bt506lA3Rk3QCmSqmYmLMnPDhdDUcosQCAx+I=
 github.com/satori/go.uuid v1.2.0/go.mod h1:dA0hQrYB0VpLJoorglMZABFdXlWrHn1NEOzdhQKdks0=
@@ -1543,11 +1274,11 @@ github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529 h1:nn5Wsu0esKSJiIVhscUt
 github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529/go.mod h1:DxrIzT+xaE7yg65j358z/aeFdxmN0P9QXhEzd20vsDc=
 github.com/seatgeek/logrus-gelf-formatter v0.0.0-20210414080842-5b05eb8ff761 h1:0b8DF5kR0PhRoRXDiEEdzrgBc8UqVY4JWLkQJCRsLME=
 github.com/seatgeek/logrus-gelf-formatter v0.0.0-20210414080842-5b05eb8ff761/go.mod h1:/THDZYi7F/BsVEcYzYPqdcWFQ+1C2InkawTKfLOAnzg=
-github.com/seccomp/libseccomp-golang v0.9.1/go.mod h1:GbW5+tmTXfcxTToHLXlScSlAvWlF4P2Ca7zGrPiEpWo=
-github.com/seccomp/libseccomp-golang v0.9.2-0.20210429002308-3879420cc921/go.mod h1:JA8cRccbGaA1s33RQf7Y1+q9gHmZX1yB/z9WDN1C6fg=
+github.com/seccomp/libseccomp-golang v0.9.2-0.20220502022130-f33da4d89646/go.mod h1:JA8cRccbGaA1s33RQf7Y1+q9gHmZX1yB/z9WDN1C6fg=
 github.com/segmentio/analytics-go v3.1.0+incompatible/go.mod h1:C7CYBtQWk4vRk2RyLu0qOcbHJ18E3F1HV2C/8JvKN48=
-github.com/segmentio/backo-go v0.0.0-20200129164019-23eae7c10bd3 h1:ZuhckGJ10ulaKkdvJtiAqsLTiPrLaXSdnVgXJKJkTxE=
 github.com/segmentio/backo-go v0.0.0-20200129164019-23eae7c10bd3/go.mod h1:9/Rh6yILuLysoQnZ2oNooD2g7aBnvM7r/fNVxRNWfBc=
+github.com/segmentio/backo-go v1.0.1 h1:68RQccglxZeyURy93ASB/2kc9QudzgIDexJ927N++y4=
+github.com/segmentio/backo-go v1.0.1/go.mod h1:9/Rh6yILuLysoQnZ2oNooD2g7aBnvM7r/fNVxRNWfBc=
 github.com/segmentio/conf v1.2.0/go.mod h1:Y3B9O/PqqWqjyxyWWseyj/quPEtMu1zDp/kVbSWWaB0=
 github.com/segmentio/go-snakecase v1.1.0/go.mod h1:jk1miR5MS7Na32PZUykG89Arm+1BUSYhuGR6b7+hJto=
 github.com/segmentio/objconv v1.0.1/go.mod h1:auayaH5k3137Cl4SoXTgrzQcuQDmvuVtZgS0fb1Ahys=
@@ -1560,8 +1291,6 @@ github.com/shopspring/decimal v1.2.0/go.mod h1:DKyhrW/HYNuLGql+MJL6WCR6knT2jwCFR
 github.com/shopspring/decimal v1.3.1 h1:2Usl1nmF/WZucqkFZhnfFYxxxu8LG21F6nPQBE5gKV8=
 github.com/shopspring/decimal v1.3.1/go.mod h1:DKyhrW/HYNuLGql+MJL6WCR6knT2jwCFRcu2hWCYk4o=
 github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc=
-github.com/sirupsen/logrus v1.0.4-0.20170822132746-89742aefa4b2/go.mod h1:pMByvHTf9Beacp5x1UXfOR9xyW/9antXMhjMPG0dEzc=
-github.com/sirupsen/logrus v1.0.6/go.mod h1:pMByvHTf9Beacp5x1UXfOR9xyW/9antXMhjMPG0dEzc=
 github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo=
 github.com/sirupsen/logrus v1.3.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo=
 github.com/sirupsen/logrus v1.4.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo=
@@ -1569,14 +1298,14 @@ github.com/sirupsen/logrus v1.4.1/go.mod h1:ni0Sbl8bgC9z8RoU9G6nDWqqs/fq4eDPysMB
 github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE=
 github.com/sirupsen/logrus v1.6.0/go.mod h1:7uNnSEd1DgxDLC74fIahvMZmmYsHGZGEOFrfsX/uA88=
 github.com/sirupsen/logrus v1.7.0/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0=
-github.com/sirupsen/logrus v1.8.1 h1:dJKuHgqk1NNQlqoA6BTlM1Wf9DOH3NBjQyu0h9+AZZE=
 github.com/sirupsen/logrus v1.8.1/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0=
+github.com/sirupsen/logrus v1.9.0 h1:trlNQbNUG3OdDrDil03MCb1H2o9nJ1x4/5LYw7byDE0=
+github.com/sirupsen/logrus v1.9.0/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
 github.com/slack-go/slack v0.7.4 h1:Z+7CmUDV+ym4lYLA4NNLFIpr3+nDgViHrx8xsuXgrYs=
 github.com/slack-go/slack v0.7.4/go.mod h1:FGqNzJBmxIsZURAxh2a8D21AnOVvvXZvGligs4npPUM=
 github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc=
 github.com/smartystreets/assertions v1.0.0/go.mod h1:kHHU4qYBaI3q23Pp3VPrmWhuIUrLW/7eUrw0BU5VaoM=
 github.com/smartystreets/go-aws-auth v0.0.0-20180515143844-0c1422d1fdb9/go.mod h1:SnhjPscd9TpLiy1LpzGSKh3bXCfxxXuqd9xmQJy3slM=
-github.com/smartystreets/goconvey v0.0.0-20190330032615-68dc04aab96a/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA=
 github.com/smartystreets/goconvey v1.6.4/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA=
 github.com/smartystreets/gunit v1.0.0/go.mod h1:qwPWnhz6pn0NnRBP++URONOVyNkPyr4SauJk4cUOwJs=
 github.com/soheilhy/cmux v0.1.4/go.mod h1:IM3LyeVVIOuxMH7sFAkER9+bJ4dT7Ms6E4xg4kGIyLM=
@@ -1602,7 +1331,6 @@ github.com/spf13/cast v1.3.1/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkU
 github.com/spf13/cast v1.3.2-0.20200723214538-8d17101741c8/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE=
 github.com/spf13/cast v1.5.0 h1:rj3WzYc11XZaIZMPKmwP96zkFEnnAmV8s6XbB2aY32w=
 github.com/spf13/cast v1.5.0/go.mod h1:SpXXQ5YoyJw6s3/6cMTQuxvgRl3PCJiyaX9p6b155UU=
-github.com/spf13/cobra v0.0.2-0.20171109065643-2da4a54c5cee/go.mod h1:1l0Ry5zgKvJasoi3XT1TypsSe7PqH0Sj9dhYf7v3XqQ=
 github.com/spf13/cobra v0.0.3/go.mod h1:1l0Ry5zgKvJasoi3XT1TypsSe7PqH0Sj9dhYf7v3XqQ=
 github.com/spf13/cobra v0.0.5/go.mod h1:3K3wKZymM7VvHMDS9+Akkh4K60UwM26emMESw8tLCHU=
 github.com/spf13/cobra v1.0.0/go.mod h1:/6GTrnGXV9HjY+aR4k0oJ5tcvakLuG6EuKReYlHNrgE=
@@ -1614,8 +1342,6 @@ github.com/spf13/cobra v1.6.1/go.mod h1:IOw/AERYS7UzyrGinqmz6HLUo219MORXGxhbaJUq
 github.com/spf13/jwalterweatherman v1.0.0/go.mod h1:cQK4TGJAtQXfYWX+Ddv3mKDzgVb68N+wFjFa4jdeBTo=
 github.com/spf13/jwalterweatherman v1.1.0 h1:ue6voC5bR5F8YxI5S67j9i582FU4Qvo2bmqnqMYADFk=
 github.com/spf13/jwalterweatherman v1.1.0/go.mod h1:aNWZUN0dPAAO/Ljvb5BEdw96iTZ0EXowPYD95IqWIGo=
-github.com/spf13/pflag v0.0.0-20170130214245-9ff6c6923cff/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4=
-github.com/spf13/pflag v1.0.1-0.20171106142849-4c012f6dcd95/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4=
 github.com/spf13/pflag v1.0.1/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4=
 github.com/spf13/pflag v1.0.3/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4=
 github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA=
@@ -1628,18 +1354,16 @@ github.com/spf13/viper v1.12.0/go.mod h1:b6COn30jlNxbm/V2IqWiNWkJ+vZNiMNksliPCiu
 github.com/sqs/goreturns v0.0.0-20181028201513-538ac6014518 h1:iD+PFTQwKEmbwSdwfvP5ld2WEI/g7qbdhmHJ2ASfYGs=
 github.com/sqs/goreturns v0.0.0-20181028201513-538ac6014518/go.mod h1:CKI4AZ4XmGV240rTHfO0hfE83S6/a3/Q1siZJ/vXf7A=
 github.com/src-d/gcfg v1.4.0/go.mod h1:p/UMsR43ujA89BJY9duynAwIpvqEujIH/jFlfL7jWoI=
-github.com/stefanberger/go-pkcs11uri v0.0.0-20201008174630-78d3cae3a980/go.mod h1:AO3tvPzVZ/ayst6UlUKUv6rcPQInYe3IknH3jYhAKu8=
 github.com/streadway/amqp v0.0.0-20190404075320-75d898a42a94/go.mod h1:AZpEONHx3DKn8O/DFsRAY58/XVQiIPMTMB1SddzLXVw=
 github.com/streadway/amqp v0.0.0-20190827072141-edfb9018d271/go.mod h1:AZpEONHx3DKn8O/DFsRAY58/XVQiIPMTMB1SddzLXVw=
 github.com/streadway/handy v0.0.0-20190108123426-d5acb3125c2a/go.mod h1:qNTQ5P5JnDBl6z3cMAg/SywNDC5ABu5ApDIw6lUbRmI=
-github.com/stretchr/objx v0.0.0-20180129172003-8a3f7159479f/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.2.0/go.mod h1:qt09Ya8vawLte6SNmTgCsAVtYtaKzEcn8ATUoHMkEqE=
-github.com/stretchr/objx v0.4.0 h1:M2gUjqZET1qApGOWNSnZ49BAIMX4F/1plDv3+l31EJ4=
 github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
+github.com/stretchr/objx v0.5.0 h1:1zr/of2m5FGMsad5YfcqgdqdWrIhu+EBEJRhR1U7z/c=
+github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=
 github.com/stretchr/testify v0.0.0-20170130113145-4d4bfba8f1d1/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
-github.com/stretchr/testify v0.0.0-20180303142811-b89eecf5ca5d/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
 github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
 github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
 github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
@@ -1647,25 +1371,24 @@ github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5
 github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
-github.com/stretchr/testify v1.8.0 h1:pSgiaMZlXftHpm5L7V1+rVB+AZJydKsMxsQBIJw4PKk=
 github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
+github.com/stretchr/testify v1.8.1 h1:w7B6lhMri9wdJUVmEZPGGhZzrYTPvgJArz7wNPgYKsk=
+github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
 github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69rRypqCw=
 github.com/subosito/gotenv v1.4.1 h1:jyEFiXpy21Wm81FBN71l9VoMMV8H8jG+qIK3GCpY6Qs=
 github.com/subosito/gotenv v1.4.1/go.mod h1:ayKnFf/c6rvx/2iiLrJUk1e6plDbT3edrFNGqEflhK0=
-github.com/syndtr/gocapability v0.0.0-20170704070218-db04d3cc01c8/go.mod h1:hkRG7XYTFWNJGYcbNJQlaLq0fg1yr4J4t/NcTQtrfww=
-github.com/syndtr/gocapability v0.0.0-20180916011248-d98352740cb2/go.mod h1:hkRG7XYTFWNJGYcbNJQlaLq0fg1yr4J4t/NcTQtrfww=
 github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635/go.mod h1:hkRG7XYTFWNJGYcbNJQlaLq0fg1yr4J4t/NcTQtrfww=
-github.com/tchap/go-patricia v2.2.6+incompatible/go.mod h1:bmLyhP68RS6kStMGxByiQ23RP/odRBOTVjwp2cDyi6I=
-github.com/tidwall/gjson v1.12.1/go.mod h1:/wbyibRr2FHMks5tjHJ5F8dMZh3AcwJEMf5vlfC0lxk=
-github.com/tidwall/gjson v1.14.0 h1:6aeJ0bzojgWLa82gDQHcx3S0Lr/O51I9bJ5nv6JFx5w=
-github.com/tidwall/gjson v1.14.0/go.mod h1:/wbyibRr2FHMks5tjHJ5F8dMZh3AcwJEMf5vlfC0lxk=
+github.com/tidwall/gjson v1.14.2/go.mod h1:/wbyibRr2FHMks5tjHJ5F8dMZh3AcwJEMf5vlfC0lxk=
+github.com/tidwall/gjson v1.14.3 h1:9jvXn7olKEHU1S9vwoMGliaT8jq1vJ7IH/n9zD9Dnlw=
+github.com/tidwall/gjson v1.14.3/go.mod h1:/wbyibRr2FHMks5tjHJ5F8dMZh3AcwJEMf5vlfC0lxk=
 github.com/tidwall/match v1.1.1 h1:+Ho715JplO36QYgwN9PGYNhgZvoUSc9X2c80KVTi+GA=
 github.com/tidwall/match v1.1.1/go.mod h1:eRSPERbgtNPcGhD8UCthc6PmLEQXEWd3PRB5JTxsfmM=
 github.com/tidwall/pretty v1.0.0/go.mod h1:XNkn88O1ChpSDQmQeStsy+sBenx6DDtFZJxhVysOjyk=
-github.com/tidwall/pretty v1.2.0 h1:RWIZEg2iJ8/g6fDDYzMpobmaoGh5OLl4AXtGUGPcqCs=
 github.com/tidwall/pretty v1.2.0/go.mod h1:ITEVvHYasfjBbM0u2Pg8T2nJnzm8xPwvNhhsoaGGjNU=
-github.com/tidwall/sjson v1.2.4 h1:cuiLzLnaMeBhRmEv00Lpk3tkYrcxpmbU81tAY4Dw0tc=
-github.com/tidwall/sjson v1.2.4/go.mod h1:098SZ494YoMWPmMO6ct4dcFnqxwj9r/gF0Etp19pSNM=
+github.com/tidwall/pretty v1.2.1 h1:qjsOFOWWQl+N3RsoF5/ssm1pHmJJwhjlSbZ51I6wMl4=
+github.com/tidwall/pretty v1.2.1/go.mod h1:ITEVvHYasfjBbM0u2Pg8T2nJnzm8xPwvNhhsoaGGjNU=
+github.com/tidwall/sjson v1.2.5 h1:kLy8mja+1c9jlljvWTlSazM7cKDRfJuR/bOJhcY5NcY=
+github.com/tidwall/sjson v1.2.5/go.mod h1:Fvgq9kS/6ociJEDnK0Fk1cpYF4FIW6ZF7LAe+6jwd28=
 github.com/timtadh/data-structures v0.5.3 h1:F2tEjoG9qWIyUjbvXVgJqEOGJPMIiYn7U5W5mE+i/vQ=
 github.com/timtadh/data-structures v0.5.3/go.mod h1:9R4XODhJ8JdWFEI8P/HJKqxuJctfBQw6fDibMQny2oU=
 github.com/timtadh/lexmachine v0.2.2 h1:g55RnjdYazm5wnKv59pwFcBJHOyvTPfDEoz21s4PHmY=
@@ -1687,35 +1410,23 @@ github.com/ugorji/go v1.1.4/go.mod h1:uQMGLiO92mf5W77hV/PUCpI3pbzQx3CRekS0kk+RGr
 github.com/ugorji/go/codec v0.0.0-20181204163529-d75b2dcb6bc8/go.mod h1:VFNgLljTbGfSG7qAOspJ7OScBnGdDN/yBr0sguwnwf0=
 github.com/ulikunitz/xz v0.5.6/go.mod h1:2bypXElzHzzJZwzH67Y6wb67pO62Rzfn7BSiF4ABRW8=
 github.com/ulikunitz/xz v0.5.7/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14=
-github.com/urfave/cli v0.0.0-20171014202726-7bc6a0acffa5/go.mod h1:70zkFmudgCuE/ngEzBv17Jvp/497gISqfk5gWijbERA=
 github.com/urfave/cli v1.20.0/go.mod h1:70zkFmudgCuE/ngEzBv17Jvp/497gISqfk5gWijbERA=
 github.com/urfave/cli v1.22.1/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0=
-github.com/urfave/cli v1.22.2/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0=
 github.com/urfave/cli v1.22.4/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0=
 github.com/urfave/cli v1.22.5 h1:lNq9sAHXK2qfdI8W+GRItjCEkI+2oR4d+MEHy1CKXoU=
 github.com/urfave/cli v1.22.5/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0=
-github.com/urfave/cli/v2 v2.3.0/go.mod h1:LJmUH05zAU44vOAcrfzZQKsZbVcdbOG8rtL3/XcUArI=
 github.com/urfave/negroni v1.0.0 h1:kIimOitoypq34K7TG7DUaJ9kq/N4Ofuwi1sjz0KipXc=
 github.com/urfave/negroni v1.0.0/go.mod h1:Meg73S6kFm/4PpbYdq35yYWoCZ9mS/YSx+lKnmiohz4=
 github.com/valyala/bytebufferpool v1.0.0/go.mod h1:6bBcMArwyJ5K/AmCkWv1jt77kVWyCJ6HpOuEn7z0Csc=
 github.com/valyala/fasttemplate v1.0.1/go.mod h1:UQGH1tvbgY+Nz5t2n7tXsz52dQxojPUpymEIMZ47gx8=
-github.com/vishvananda/netlink v0.0.0-20181108222139-023a6dafdcdf/go.mod h1:+SR5DhBJrl6ZM7CoCKvpw5BKroDKQ+PJqOg65H/2ktk=
 github.com/vishvananda/netlink v1.1.0/go.mod h1:cTgwzPIzzgDAYoQrMm0EdrjRUBkTqKYppBueQtXaqoE=
-github.com/vishvananda/netlink v1.1.1-0.20201029203352-d40f9887b852/go.mod h1:twkDnbuQxJYemMlGd4JFIcuhgX83tXhKS2B/PRMpOho=
-github.com/vishvananda/netns v0.0.0-20180720170159-13995c7128cc/go.mod h1:ZjcWmFBXmLKZu9Nxj3WKYEafiSqer2rnvPr0en9UNpI=
 github.com/vishvananda/netns v0.0.0-20191106174202-0a2b9b5464df/go.mod h1:JP3t17pCcGlemwknint6hfoeCVQrEMVwxRLRjXpq+BU=
-github.com/vishvananda/netns v0.0.0-20200728191858-db3c7e526aae/go.mod h1:DD4vA1DwXk04H54A1oHXtwZmA0grkVMdPxx/VGLCah0=
 github.com/weppos/publicsuffix-go v0.13.1-0.20210123135404-5fd73613514e/go.mod h1:HYux0V0Zi04bHNwOHy4cXJVz/TQjYonnF6aoYhj+3QE=
 github.com/weppos/publicsuffix-go v0.15.1-0.20210511084619-b1f36a2d6c0b/go.mod h1:HYux0V0Zi04bHNwOHy4cXJVz/TQjYonnF6aoYhj+3QE=
-github.com/willf/bitset v1.1.11-0.20200630133818-d5bec3311243/go.mod h1:RjeCKbqT1RxIR/KWY6phxZiaY1IyutSBfGjNPySAYV4=
-github.com/willf/bitset v1.1.11/go.mod h1:83CECat5yLh5zVOf4P1ErAgKA5UDvKtgyUABdr3+MjI=
 github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM=
 github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg=
 github.com/xanzy/go-gitlab v0.31.0/go.mod h1:sPLojNBn68fMUWSxIJtdVVIP8uSBYqesTfDUseX11Ug=
 github.com/xanzy/ssh-agent v0.2.1/go.mod h1:mLlQY/MoOhWBj+gOGMQkOeiEvkx+8pJSI+0Bx9h2kr4=
-github.com/xdg-go/pbkdf2 v1.0.0/go.mod h1:jrpuAogTd400dnrH08LKmI/xc1MbPOebTwRqcT5RDeI=
-github.com/xdg-go/scram v1.0.2/go.mod h1:1WAq6h33pAW+iRreB34OORO2Nf7qel3VV3fjBj+hCSs=
-github.com/xdg-go/stringprep v1.0.2/go.mod h1:8F9zXuvzgwmyT5DUm4GUfZGDdT3W+LCvS6+da4O5kxM=
 github.com/xdg/scram v0.0.0-20180814205039-7eeb5667e42c/go.mod h1:lB8K/P019DLNhemzwFU4jHLhdvlE6uDZjXFejJXr49I=
 github.com/xdg/stringprep v0.0.0-20180714160509-73f8eece6fdc/go.mod h1:Jhud4/sHMO4oL310DaZAKk9ZaJ08SJfe+sJh0HrGL1Y=
 github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU=
@@ -1723,7 +1434,6 @@ github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb h1:zGWFAtiMc
 github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU=
 github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 h1:EzJWgHovont7NscjpAxXsDA8S8BMYve8Y5+7cuRE7R0=
 github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415/go.mod h1:GwrjFmJcFw6At/Gs6z4yjiIwzuJ1/+UwLxMQDVQXShQ=
-github.com/xeipuuv/gojsonschema v0.0.0-20180618132009-1d523034197f/go.mod h1:5yf86TLmAcydyeJq5YvxkGPE2fm/u4myDekKRoLuqhs=
 github.com/xeipuuv/gojsonschema v1.2.0 h1:LhYJRs+L4fBtjZUfuSZIKGeVu0QRy8e5Xi7D17UxZ74=
 github.com/xeipuuv/gojsonschema v1.2.0/go.mod h1:anYRn/JVcOK2ZgGU+IjEV4nwlhoK5sQluxsYJ78Id3Y=
 github.com/xi2/xz v0.0.0-20171230120015-48954b6210f8/go.mod h1:HUYIGzjTL3rfEspMxjDjgmT5uz5wzYJKVo23qUhYTos=
@@ -1738,10 +1448,7 @@ github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9de
 github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k=
 github.com/yuin/goldmark v1.4.0/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k=
-github.com/yuin/goldmark v1.4.1/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k=
-github.com/yvasiyarov/go-metrics v0.0.0-20140926110328-57bccd1ccd43/go.mod h1:aX5oPXxHm3bOH+xeAttToC8pqch2ScQN/JoXYupl6xs=
-github.com/yvasiyarov/gorelic v0.0.0-20141212073537-a9bba5b9ab50/go.mod h1:NUSPSUX/bi6SeDMUh6brw0nXpxHnc96TguQh0+r/ssA=
-github.com/yvasiyarov/newrelic_platform_go v0.0.0-20140908184405-b21fdbd4370f/go.mod h1:GlGEuHIJweS1mbCqG+7vt2nvWLzLLnRHbXz5JKd/Qbg=
+github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
 github.com/zenazn/goji v0.9.0/go.mod h1:7S9M489iMyHBNxwZnk9/EHS098H4/F6TATF2mIxtB1Q=
 github.com/ziutek/mymysql v1.5.4/go.mod h1:LMSpPZ6DbqWFxNCHW77HeMg9I646SAhApZ/wKdgO/C0=
 github.com/zmap/rc2 v0.0.0-20131011165748-24b9757f5521/go.mod h1:3YZ9o3WnatTIZhuOtot4IcUfzoKVjUHqu6WALIyI0nE=
@@ -1756,7 +1463,6 @@ go.etcd.io/bbolt v1.3.3/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU=
 go.etcd.io/bbolt v1.3.5 h1:XAzx9gjCb0Rxj7EoqcClPD1d5ZBxZJk0jbuoPHenBt0=
 go.etcd.io/bbolt v1.3.5/go.mod h1:G5EMThwa9y8QZGBClrRx5EY+Yw9kAhnjy3bSjsnlVTQ=
 go.etcd.io/etcd v0.0.0-20191023171146-3cf2f69b5738/go.mod h1:dnLIgRNXwCJa5e+c6mIZCrds/GIG4ncV9HhK5PX7jPg=
-go.etcd.io/etcd v0.5.0-alpha.5.0.20200910180754-dd1b699fc489/go.mod h1:yVHk9ub3CSBatqGNg7GRmsnfLWtoW60w4eDYfh7vHDg=
 go.etcd.io/etcd/api/v3 v3.5.0-alpha.0/go.mod h1:mPcW6aZJukV6Aa81LSKpBjQXTWlXB5r74ymPoSWa3Sw=
 go.etcd.io/etcd/api/v3 v3.5.4 h1:OHVyt3TopwtUQ2GKdd5wu3PmmipR4FTwCqoEjSyRdIc=
 go.etcd.io/etcd/api/v3 v3.5.4/go.mod h1:5GB2vv4A4AOn3yk7MftYGHkUfGtDHnEraIjym4dYz5A=
@@ -1782,7 +1488,6 @@ go.etcd.io/etcd/v3 v3.5.0-alpha.0 h1:ZuqKJkD2HrzFUj8IB+GLkTMKZ3+7mWx172vx6F1TukM
 go.etcd.io/etcd/v3 v3.5.0-alpha.0/go.mod h1:JZ79d3LV6NUfPjUxXrpiFAYcjhT+06qqw+i28snx8To=
 go.mongodb.org/mongo-driver v1.4.6 h1:rh7GdYmDrb8AQSkF8yteAus8qYOgOASWDOv1BWqBXkU=
 go.mongodb.org/mongo-driver v1.4.6/go.mod h1:WcMNYLx/IlOxLe6JRJiv2uXuCz6zBLndR4SoGjYphSc=
-go.mozilla.org/pkcs7 v0.0.0-20200128120323-432b2356ecb1/go.mod h1:SNgMg+EgDFwmvSmLRTNKC5fegJjB7v23qTQ0XLGUNHk=
 go.opencensus.io v0.15.0/go.mod h1:UffZAU+4sDEINUGP/B7UfBBkq4fqLu9zXAX7ke6CHW0=
 go.opencensus.io v0.20.1/go.mod h1:6WKK9ahsWS3RSO+PY9ZHZUfv2irvY6gN279GOPZjmmk=
 go.opencensus.io v0.20.2/go.mod h1:6WKK9ahsWS3RSO+PY9ZHZUfv2irvY6gN279GOPZjmmk=
@@ -1793,43 +1498,34 @@ go.opencensus.io v0.22.3/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
 go.opencensus.io v0.22.4/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
 go.opencensus.io v0.22.5/go.mod h1:5pWMHQbX5EPX2/62yrJeAkowc+lfs/XD7Uxpq3pI6kk=
 go.opencensus.io v0.23.0/go.mod h1:XItmlyltB5F7CS4xOC1DcqMoFqwtC6OG2xF7mCv7P7E=
-go.opentelemetry.io/contrib/instrumentation/net/http/httptrace/otelhttptrace v0.25.0 h1:H6bZI2q89Q1RR/mQgrWIVtOTh711dJd0oA7Kxk4ujy8=
-go.opentelemetry.io/contrib/instrumentation/net/http/httptrace/otelhttptrace v0.25.0/go.mod h1:0MPbX5HgESa5d3UZXbz8pmKoWVrCZwt1N6JmmY206IQ=
-go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.29.0 h1:SLme4Porm+UwX0DdHMxlwRt7FzPSE0sys81bet2o0pU=
-go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.29.0/go.mod h1:tLYsuf2v8fZreBVwp9gVMhefZlLFZaUiNVSq8QxXRII=
-go.opentelemetry.io/contrib/propagators/b3 v1.4.0 h1:wDb2ct7xMzossYpx44w81skxkEyeT2IRnBgYKqyEork=
-go.opentelemetry.io/contrib/propagators/b3 v1.4.0/go.mod h1:K399DN23drp0RQGXCbSPOt9075HopQigMgUL99oR8hc=
-go.opentelemetry.io/contrib/propagators/jaeger v1.4.0 h1:nZZrtAz9Z0bXXJPB/p0uHIuk4am7LvkUUiuhulrhnjI=
-go.opentelemetry.io/contrib/propagators/jaeger v1.4.0/go.mod h1:C6Tffii02q1NrEzJxpawJH1pyU3ZQ1520gCrxpNg7X4=
-go.opentelemetry.io/contrib/samplers/jaegerremote v0.0.0-20220314184135-32895002a444 h1:bpPIQ4lcXFubX82lvMN/3hvu/mI/qCrQMEhQiW1glu4=
-go.opentelemetry.io/contrib/samplers/jaegerremote v0.0.0-20220314184135-32895002a444/go.mod h1:e0xV/IXUqN67FXhxQ/IEaZ1nRIxU4pML/ptX4DTqfkM=
-go.opentelemetry.io/otel v1.0.1/go.mod h1:OPEOD4jIT2SlZPMmwT6FqZz2C0ZNdQqiWcoK6M0SNFU=
-go.opentelemetry.io/otel v1.4.0/go.mod h1:jeAqMFKy2uLIxCtKxoFj0FAL5zAPKQagc3+GtBWakzk=
-go.opentelemetry.io/otel v1.4.1/go.mod h1:StM6F/0fSwpd8dKWDCdRr7uRvEPYdW0hBSlbdTiUde4=
-go.opentelemetry.io/otel v1.9.0 h1:8WZNQFIB2a71LnANS9JeyidJKKGOOremcUtb/OtHISw=
-go.opentelemetry.io/otel v1.9.0/go.mod h1:np4EoPGzoPs3O67xUVNoPPcmSvsfOxNlNA4F4AC+0Eo=
-go.opentelemetry.io/otel/exporters/jaeger v1.9.0 h1:gAEgEVGDWwFjcis9jJTOJqZNxDzoZfR12WNIxr7g9Ww=
-go.opentelemetry.io/otel/exporters/jaeger v1.9.0/go.mod h1:hquezOLVAybNW6vanIxkdLXTXvzlj2Vn3wevSP15RYs=
-go.opentelemetry.io/otel/exporters/otlp/internal/retry v1.9.0 h1:ggqApEjDKczicksfvZUCxuvoyDmR6Sbm56LwiK8DVR0=
-go.opentelemetry.io/otel/exporters/otlp/internal/retry v1.9.0/go.mod h1:78XhIg8Ht9vR4tbLNUhXsiOnE2HOuSeKAiAcoVQEpOY=
+go.opentelemetry.io/contrib/instrumentation/net/http/httptrace/otelhttptrace v0.36.4 h1:toN8e0U4RWQL4f8H+1eFtaeWe/IkSM3+81qJEDOgShs=
+go.opentelemetry.io/contrib/instrumentation/net/http/httptrace/otelhttptrace v0.36.4/go.mod h1:u4OeI4ujQmFbpZOOysLUfYrRWOmEVmvzkM2zExVorXM=
+go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.36.4 h1:aUEBEdCa6iamGzg6fuYxDA8ThxvOG240mAvWDU+XLio=
+go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.36.4/go.mod h1:l2MdsbKTocpPS5nQZscqTR9jd8u96VYZdcpF8Sye7mA=
+go.opentelemetry.io/contrib/propagators/b3 v1.11.1 h1:icQ6ttRV+r/2fnU46BIo/g/mPu6Rs5Ug8Rtohe3KqzI=
+go.opentelemetry.io/contrib/propagators/b3 v1.11.1/go.mod h1:ECIveyMXgnl4gorxFcA7RYjJY/Ql9n20ubhbfDc3QfA=
+go.opentelemetry.io/contrib/propagators/jaeger v1.11.1 h1:Gw+P9NQzw4bjNGZXsoDhwwDWLnk4Y1waF8MQZAq/eYM=
+go.opentelemetry.io/contrib/propagators/jaeger v1.11.1/go.mod h1:dP/N3ZFADH8azBcZfGXEFNBXpEmPTXYcNj9rkw1+2Oc=
+go.opentelemetry.io/contrib/samplers/jaegerremote v0.5.2 h1:Izp9RqrioK/y7J/RXy2c7zd83iKQ4N3td3AMNKNzHiI=
+go.opentelemetry.io/contrib/samplers/jaegerremote v0.5.2/go.mod h1:Z0aRlRERn9v/3J2K+ATa6ffKyb8/i+/My/gTzFr3dII=
+go.opentelemetry.io/otel v1.11.1 h1:4WLLAmcfkmDk2ukNXJyq3/kiz/3UzCaYq6PskJsaou4=
+go.opentelemetry.io/otel v1.11.1/go.mod h1:1nNhXBbWSD0nsL38H6btgnFN2k4i0sNLHNNMZMSbUGE=
+go.opentelemetry.io/otel/exporters/jaeger v1.11.1 h1:F9Io8lqWdGyIbY3/SOGki34LX/l+7OL0gXNxjqwcbuQ=
+go.opentelemetry.io/otel/exporters/jaeger v1.11.1/go.mod h1:lRa2w3bQ4R4QN6zYsDgy7tEezgoKEu7Ow2g35Y75+KI=
+go.opentelemetry.io/otel/exporters/otlp/internal/retry v1.11.1 h1:X2GndnMCsUPh6CiY2a+frAbNsXaPLbB0soHRYhAZ5Ig=
+go.opentelemetry.io/otel/exporters/otlp/internal/retry v1.11.1/go.mod h1:i8vjiSzbiUC7wOQplijSXMYUpNM93DtlS5CbUT+C6oQ=
 go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.9.0 h1:NN90Cuna0CnBg8YNu1Q0V35i2E8LDByFOwHRCq/ZP9I=
 go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.9.0/go.mod h1:0EsCXjZAiiZGnLdEUXM9YjCKuuLZMYyglh2QDXcYKVA=
 go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.9.0 h1:FAF9l8Wjxi9Ad2k/vLTfHZyzXYX72C62wBGpV3G6AIo=
 go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.9.0/go.mod h1:smUdtylgc0YQiUr2PuifS4hBXhAS5xtR6WQhxP1wiNA=
-go.opentelemetry.io/otel/exporters/zipkin v1.9.0 h1:06b/nt6xao6th00aue9WU3ZDTTe+InaMXA/vym6pLuA=
-go.opentelemetry.io/otel/exporters/zipkin v1.9.0/go.mod h1:HyIvYIu37wV4Wx5azd7e05x9k/dOz9KB4x0plw2QNvs=
-go.opentelemetry.io/otel/internal/metric v0.27.0 h1:9dAVGAfFiiEq5NVB9FUJ5et+btbDQAUIJehJ+ikyryk=
-go.opentelemetry.io/otel/internal/metric v0.27.0/go.mod h1:n1CVxRqKqYZtqyTh9U/onvKapPGv7y/rpyOTI+LFNzw=
-go.opentelemetry.io/otel/metric v0.27.0 h1:HhJPsGhJoKRSegPQILFbODU56NS/L1UE4fS1sC5kIwQ=
-go.opentelemetry.io/otel/metric v0.27.0/go.mod h1:raXDJ7uP2/Jc0nVZWQjJtzoyssOYWu/+pjZqRzfvZ7g=
-go.opentelemetry.io/otel/sdk v1.4.1/go.mod h1:NBwHDgDIBYjwK2WNu1OPgsIc2IJzmBXNnvIJxJc8BpE=
-go.opentelemetry.io/otel/sdk v1.9.0 h1:LNXp1vrr83fNXTHgU8eO89mhzxb/bbWAsHG6fNf3qWo=
-go.opentelemetry.io/otel/sdk v1.9.0/go.mod h1:AEZc8nt5bd2F7BC24J5R0mrjYnpEgYHyTcM/vrSple4=
-go.opentelemetry.io/otel/trace v1.0.1/go.mod h1:5g4i4fKLaX2BQpSBsxw8YYcgKpMMSW3x7ZTuYBr3sUk=
-go.opentelemetry.io/otel/trace v1.4.0/go.mod h1:uc3eRsqDfWs9R7b92xbQbU42/eTNz4N+gLP8qJCi4aE=
-go.opentelemetry.io/otel/trace v1.4.1/go.mod h1:iYEVbroFCNut9QkwEczV9vMRPHNKSSwYZjulEtsmhFc=
-go.opentelemetry.io/otel/trace v1.9.0 h1:oZaCNJUjWcg60VXWee8lJKlqhPbXAPB51URuR47pQYc=
-go.opentelemetry.io/otel/trace v1.9.0/go.mod h1:2737Q0MuG8q1uILYm2YYVkAyLtOofiTNGg6VODnOiPo=
+go.opentelemetry.io/otel/exporters/zipkin v1.11.1 h1:JlJ3/oQoyqlrPDCfsSVFcHgGeHvZq+hr1VPWtiYCXTo=
+go.opentelemetry.io/otel/exporters/zipkin v1.11.1/go.mod h1:T4S6aVwIS1+MHA+dJHCcPROtZe6ORwnv5vMKPRapsFw=
+go.opentelemetry.io/otel/metric v0.33.0 h1:xQAyl7uGEYvrLAiV/09iTJlp1pZnQ9Wl793qbVvED1E=
+go.opentelemetry.io/otel/metric v0.33.0/go.mod h1:QlTYc+EnYNq/M2mNk1qDDMRLpqCOj2f/r5c7Fd5FYaI=
+go.opentelemetry.io/otel/sdk v1.11.1 h1:F7KmQgoHljhUuJyA+9BiU+EkJfyX5nVVF4wyzWZpKxs=
+go.opentelemetry.io/otel/sdk v1.11.1/go.mod h1:/l3FE4SupHJ12TduVjUkZtlfFqDCQJlOlithYrdktys=
+go.opentelemetry.io/otel/trace v1.11.1 h1:ofxdnzsNrGBYXbP7t7zpUK281+go5rF7dvdIZXF8gdQ=
+go.opentelemetry.io/otel/trace v1.11.1/go.mod h1:f/Q9G7vzk5u91PhbmKbg1Qn0rzH1LJ4vbPHFGkTPtOk=
 go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqeYNgFYFoEGnI=
 go.opentelemetry.io/proto/otlp v0.18.0 h1:W5hyXNComRa23tGpKwG+FRAc4rfF6ZUg1JReK+QHS80=
 go.opentelemetry.io/proto/otlp v0.18.0/go.mod h1:H7XAot3MsfNsj7EXtrA2q5xSNQ10UqI405h3+duxN4U=
@@ -1837,8 +1533,9 @@ go.uber.org/atomic v1.3.2/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE=
 go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE=
 go.uber.org/atomic v1.5.0/go.mod h1:sABNBOSYdrvTF6hTgEIbc7YasKWGhgEQZyfxyTvoXHQ=
 go.uber.org/atomic v1.6.0/go.mod h1:sABNBOSYdrvTF6hTgEIbc7YasKWGhgEQZyfxyTvoXHQ=
-go.uber.org/atomic v1.7.0 h1:ADUqmZGgLDDfbSL9ZmPxKTybcoEYHgpYfELNoN+7hsw=
 go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc=
+go.uber.org/atomic v1.10.0 h1:9qC72Qh0+3MqyJbAn8YU5xVq1frD8bn3JtD2oXtafVQ=
+go.uber.org/atomic v1.10.0/go.mod h1:LUxbIzbOniOlMKjJjyPfpl4v+PKK2cNJn91OQbhoJI0=
 go.uber.org/multierr v1.1.0/go.mod h1:wR5kodmAFQ0UK8QlbwjlSNy0Z68gJhDJUG5sjR94q/0=
 go.uber.org/multierr v1.3.0/go.mod h1:VgVr7evmIr6uPjLBxg28wmKNXyqE9akIJ5XnfpiKl+4=
 go.uber.org/multierr v1.5.0/go.mod h1:FeouvMocqHpRaaGuG9EjoKcStLC43Zu/fmqdUMPcKYU=
@@ -1853,10 +1550,8 @@ go.uber.org/zap v1.16.0/go.mod h1:MA8QOfq0BHJwdXa996Y4dYkAqRKB8/1K1QMMZVaNZjQ=
 go.uber.org/zap v1.17.0 h1:MTjgFu6ZLKvY6Pvaqk97GlxNBuMpV4Hy/3P6tRGlI2U=
 go.uber.org/zap v1.17.0/go.mod h1:MXVU+bhUf/A7Xi2HNOnopQOrmycQ5Ih87HtOu4q5SSo=
 gocloud.dev v0.19.0/go.mod h1:SmKwiR8YwIMMJvQBKLsC3fHNyMwXLw3PMDO+VVteJMI=
-golang.org/x/crypto v0.0.0-20171113213409-9f005a07e0d3/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
 golang.org/x/crypto v0.0.0-20180501155221-613d6eafa307/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
 golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
-golang.org/x/crypto v0.0.0-20181009213950-7c1a557ab941/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
 golang.org/x/crypto v0.0.0-20181029021203-45a5f77698d3/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
 golang.org/x/crypto v0.0.0-20181030102418-4d3f4d9ffa16/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
 golang.org/x/crypto v0.0.0-20181203042331-505ab145d0a9/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
@@ -1868,7 +1563,6 @@ golang.org/x/crypto v0.0.0-20190426145343-a29dc8fdc734/go.mod h1:yigFU9vqHzYiE8U
 golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20190530122614-20be4c3c3ed5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
-golang.org/x/crypto v0.0.0-20190611184440-5c40567a22f8/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20190701094942-4def268fd1a4/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20190820162420-60c769a6c586/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20190923035154-9ee001bba392/go.mod h1:/lpIB1dKB+9EgE3H3cr1v9wB50oz8l4C4h62xy7jSTY=
@@ -1878,9 +1572,7 @@ golang.org/x/crypto v0.0.0-20191117063200-497ca9f6d64f/go.mod h1:LzIPMQfyMNhhGPh
 golang.org/x/crypto v0.0.0-20200414173820-0848c9571904/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20200510223506-06a226fb4e37/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
-golang.org/x/crypto v0.0.0-20200728195943-123391ffb6de/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20201002170205-7f63de1d35b0/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
-golang.org/x/crypto v0.0.0-20201112155050-0c6587e931a9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20201124201722-c8d3bf9c5392/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I=
 golang.org/x/crypto v0.0.0-20201203163018-be400aefbc4c/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I=
 golang.org/x/crypto v0.0.0-20210220033148-5ea612d1eb83/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I=
@@ -1889,10 +1581,10 @@ golang.org/x/crypto v0.0.0-20210421170649-83a5a9bb288b/go.mod h1:T9bdIzuCu7OtxOm
 golang.org/x/crypto v0.0.0-20210506145944-38f3c27a63bf/go.mod h1:P+XmwS30IXTQdn5tA2iutPOUgjI07+tq3H3K9MVA1s8=
 golang.org/x/crypto v0.0.0-20210616213533-5ff15b29337e/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/crypto v0.0.0-20210711020723-a769d52b0f97/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
-golang.org/x/crypto v0.0.0-20210920023735-84f357641f63/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/crypto v0.0.0-20211108221036-ceb1ce70b4fa/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/crypto v0.0.0-20220517005047-85d78b3ac167/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
+golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/crypto v0.1.0 h1:MDRAIl0xIo9Io2xV565hzXHw3zVseKrJKodhohM5CjU=
 golang.org/x/crypto v0.1.0/go.mod h1:RecgLatLF4+eUMCP1PoPZQb+cVrJcOPbHkTkbkB9sbw=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
@@ -1938,7 +1630,6 @@ golang.org/x/mod v0.6.0/go.mod h1:4mET923SAdbXp2ki8ey+zGs1SLqsuM2Y0uvdZR/fUNI=
 golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20181011144130-49bb7cea24b1/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20181023162649-9b4f9f5ad519/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20181108082009-03003ca0c849/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
@@ -1959,10 +1650,8 @@ golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLL
 golang.org/x/net v0.0.0-20190628185345-da137c7871d7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20190724013045-ca1201d0de80/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20190813141303-74dc4d7220e7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20190827160401-ba9fcec4b297/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20190923162816-aa69164e4478/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20191002035440-2ec189313ef0/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20191004110552-13f9640d40b9/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20191119073136-fc4aabc6c914/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20191209160850-c0dbc17a3553/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20200114155413-6afb5195e5aa/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
@@ -1975,12 +1664,10 @@ golang.org/x/net v0.0.0-20200421231249-e086a090c8fd/go.mod h1:qpuaurCH72eLCgpAm/
 golang.org/x/net v0.0.0-20200501053045-e0ff5e5a1de5/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
 golang.org/x/net v0.0.0-20200506145744-7e3656a0809f/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
 golang.org/x/net v0.0.0-20200513185701-a91f0712d120/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
-golang.org/x/net v0.0.0-20200520004742-59133d7f0dd7/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
 golang.org/x/net v0.0.0-20200520182314-0ba52f642ac2/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
 golang.org/x/net v0.0.0-20200625001655-4c5254603344/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
 golang.org/x/net v0.0.0-20200707034311-ab3426394381/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
 golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
-golang.org/x/net v0.0.0-20201006153459-a7d1128ccaa0/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
 golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
 golang.org/x/net v0.0.0-20201031054903-ff519b6c9102/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
 golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
@@ -1995,15 +1682,11 @@ golang.org/x/net v0.0.0-20210323141857-08027d57d8cf/go.mod h1:RBQZq4jEuRlivfhVLd
 golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM=
 golang.org/x/net v0.0.0-20210410081132-afb366fc7cd1/go.mod h1:9tjilg8BloeKEkVJvy7fQ90B1CfIiPueXVOjqfkSzI8=
 golang.org/x/net v0.0.0-20210421230115-4e50805a0758/go.mod h1:72T/g9IO56b78aLF+1Kcs5dz7/ng1VjMUvfKvpfy+jM=
-golang.org/x/net v0.0.0-20210428140749-89ef3d95e781/go.mod h1:OJAsFXCWl8Ukc7SiCT/9KSuxbyM7479/AVlXFRxuMCk=
 golang.org/x/net v0.0.0-20210503060351-7fd8e65b6420/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20210510120150-4163338589ed/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
-golang.org/x/net v0.0.0-20210614182718-04defd469f4e/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20210805182204-aaa1db679c0d/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20210813160813-60bc85c4be6d/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
-golang.org/x/net v0.0.0-20210917221730-978cfadd31cf/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
-golang.org/x/net v0.0.0-20211015210444-4f30a5c0130f/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
 golang.org/x/net v0.0.0-20220225172249-27dd8689420f/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
@@ -2011,6 +1694,9 @@ golang.org/x/net v0.0.0-20220325170049-de3da57026de/go.mod h1:CfG3xpIq0wQ8r1q4Su
 golang.org/x/net v0.0.0-20220412020605-290c469a71a5/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
 golang.org/x/net v0.0.0-20220425223048-2871e0cb64e4/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
 golang.org/x/net v0.0.0-20220607020251-c690dde0001d/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
+golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
+golang.org/x/net v0.0.0-20220826154423-83b083e8dc8b/go.mod h1:YDH+HFinaLZZlnHAfSS6ZXJJ9M9t4Dl22yv3iI2vPwk=
+golang.org/x/net v0.0.0-20221002022538-bcab6841153b/go.mod h1:YDH+HFinaLZZlnHAfSS6ZXJJ9M9t4Dl22yv3iI2vPwk=
 golang.org/x/net v0.1.0 h1:hZ/3BUoy5aId7sCpA/Tc5lt8DkFgdVS2onTpJsZ/fl0=
 golang.org/x/net v0.1.0/go.mod h1:Cx3nUiGt4eDBEyega/BKRp+/AlGL8hYe7U9odMt2Cco=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
@@ -2039,8 +1725,8 @@ golang.org/x/oauth2 v0.0.0-20220223155221-ee480838109b/go.mod h1:DAh4E804XQdzx2j
 golang.org/x/oauth2 v0.0.0-20220309155454-6242fa91716a/go.mod h1:DAh4E804XQdzx2j+YRIaUnCqCV2RuMz24cGBJ5QYIrc=
 golang.org/x/oauth2 v0.0.0-20220411215720-9780585627b5/go.mod h1:DAh4E804XQdzx2j+YRIaUnCqCV2RuMz24cGBJ5QYIrc=
 golang.org/x/oauth2 v0.0.0-20220608161450-d0670ef3b1eb/go.mod h1:jaDAt6Dkxork7LmZnYtzbRWj0W47D86a3TGe0YHBvmE=
-golang.org/x/oauth2 v0.0.0-20220822191816-0ebed06d0094 h1:2o1E+E8TpNLklK9nHiPiK1uzIYrIHt+cQx3ynCwq9V8=
-golang.org/x/oauth2 v0.0.0-20220822191816-0ebed06d0094/go.mod h1:h4gKUeWbJ4rQPri7E0u6Gs4e9Ri2zaLxzw5DI5XGrYg=
+golang.org/x/oauth2 v0.0.0-20221014153046-6fdb5e3db783 h1:nt+Q6cXKz4MosCSpnbMtqiQ8Oz0pxTef2B4Vca2lvfk=
+golang.org/x/oauth2 v0.0.0-20221014153046-6fdb5e3db783/go.mod h1:h4gKUeWbJ4rQPri7E0u6Gs4e9Ri2zaLxzw5DI5XGrYg=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@@ -2054,8 +1740,10 @@ golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJ
 golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20220601150217-0de741cfad7f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4 h1:uVc8UZUe6tr40fFVnUP5Oj+veunVezqYl9z7DYw9xzw=
 golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20220929204114-8fcdb60fdcc0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.1.0 h1:wsuoTGHzEhffawBOhz5CYhcrV4IdKZbEyZjBMuTp12o=
+golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sys v0.0.0-20220319134239-a9b59b0215f8 h1:OH54vjqzRWmbJ62fjuhxy7AxFFgoHN0/DPc/UrL8cAs=
 golang.org/x/sys v0.0.0-20220319134239-a9b59b0215f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/term v0.0.0-20191110171634-ad39bd3f0407/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw=
@@ -2064,6 +1752,7 @@ golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9sn
 golang.org/x/term v0.0.0-20210220032956-6a3ed077a48d/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210317153231-de623e64d2a6/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
+golang.org/x/term v0.0.0-20220722155259-a9ba230a4035/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.1.0 h1:g6Z6vPFA9dYBAF7DWcH6sCcOntplXsDKcliusYijMlw=
 golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
@@ -2084,8 +1773,8 @@ golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxb
 golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20200630173020-3af7569d3a1e/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20210220033141-f8bda1e9f3ba/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
-golang.org/x/time v0.0.0-20211116232009-f0f3c7e86c11 h1:GZokNIeuVkl3aZHJchRrr13WCsols02MLUcz1U9is6M=
-golang.org/x/time v0.0.0-20211116232009-f0f3c7e86c11/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
+golang.org/x/time v0.1.0 h1:xYY+Bajn2a7VBmTM5GikTmnK8ZuX8YgnQCqZpbBNtmA=
+golang.org/x/time v0.1.0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/tools v0.0.0-20180221164845-07fd8470d635/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20180828015842-6cd1fcedba52/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
@@ -2106,7 +1795,6 @@ golang.org/x/tools v0.0.0-20190506145303-2d16b83fe98c/go.mod h1:RgjU9mgBXZiqYHBn
 golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
 golang.org/x/tools v0.0.0-20190531172133-b3315ee88b7d/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
 golang.org/x/tools v0.0.0-20190606124116-d0a3d012864b/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
-golang.org/x/tools v0.0.0-20190614205625-5aca471b1d59/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
 golang.org/x/tools v0.0.0-20190621195816-6e04913cbbac/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
 golang.org/x/tools v0.0.0-20190624222133-a101b041ded4/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
 golang.org/x/tools v0.0.0-20190628153133-6cdbf07be9d0/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
@@ -2156,7 +1844,6 @@ golang.org/x/tools v0.0.0-20201014170642-d1624618ad65/go.mod h1:z6u4i615ZeAfBE4X
 golang.org/x/tools v0.0.0-20201110124207-079ba7bd75cd/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
 golang.org/x/tools v0.0.0-20201201161351-ac6f37ff4c2a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
 golang.org/x/tools v0.0.0-20201208233053-a543418bbed2/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
-golang.org/x/tools v0.0.0-20201224043029-2b0845dc783e/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
 golang.org/x/tools v0.0.0-20210105154028-b0ab187a4818/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
 golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
 golang.org/x/tools v0.0.0-20210108195828-e2f9c7f1fc8e/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
@@ -2167,7 +1854,7 @@ golang.org/x/tools v0.1.3/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
 golang.org/x/tools v0.1.4/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
 golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
 golang.org/x/tools v0.1.7/go.mod h1:LGqMHiF4EqQNHR1JncWGqT5BVaXmza+X+BDGol+dOxo=
-golang.org/x/tools v0.1.11/go.mod h1:SgwaegtQh8clINPpECJMqnxLv9I09HLqnW3RMqW0CA4=
+golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
 golang.org/x/tools v0.2.0 h1:G6AHpWxTMGY1KyEYoAQ5WTtIekUUvDNjan3ugu60JvE=
 golang.org/x/tools v0.2.0/go.mod h1:y4OqIKeOV/fWJetJ8bXPU1sEVniLMIyDAZWeHdV+NTA=
 golang.org/x/xerrors v0.0.0-20190410155217-1f06c39b4373/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
@@ -2178,9 +1865,9 @@ golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8T
 golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20220411194840-2f41105eb62f/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20220517211312-f3a8303e98df/go.mod h1:K8+ghG5WaK9qNqU5K3HdILfMLy1f3aNYFI/wnl100a8=
-golang.org/x/xerrors v0.0.0-20220609144429-65e65417b02f h1:uF6paiQQebLeSXkrTqHqz0MXhXXS1KgF41eUdBNvxK0=
 golang.org/x/xerrors v0.0.0-20220609144429-65e65417b02f/go.mod h1:K8+ghG5WaK9qNqU5K3HdILfMLy1f3aNYFI/wnl100a8=
-google.golang.org/api v0.0.0-20160322025152-9bf6e6e569ff/go.mod h1:4mhQ8q/RsB7i+udVvVy5NUi08OU8ZlA0gRVgrF7VFY0=
+golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2 h1:H2TDz8ibqkAF6YGhCdN3jS9O0/s90v0rJh3X/OLHEUk=
+golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2/go.mod h1:K8+ghG5WaK9qNqU5K3HdILfMLy1f3aNYFI/wnl100a8=
 google.golang.org/api v0.3.1/go.mod h1:6wY9I6uQWHQ8EM57III9mq/AjF+i8G65rmVagqKMtkk=
 google.golang.org/api v0.4.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE=
 google.golang.org/api v0.5.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE=
@@ -2236,7 +1923,6 @@ google.golang.org/appengine v1.6.5/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCID
 google.golang.org/appengine v1.6.6/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
 google.golang.org/appengine v1.6.7 h1:FZR1q0exgwxzPzp/aF+VccGrSfxfPpkBqjIIEq3ru6c=
 google.golang.org/appengine v1.6.7/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
-google.golang.org/cloud v0.0.0-20151119220103-975617b05ea8/go.mod h1:0H1ncTHf11KCFhTc/+EFRbzSCOZx+VUbRMk55Yv5MYk=
 google.golang.org/genproto v0.0.0-20170818010345-ee236bd376b0/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
 google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
 google.golang.org/genproto v0.0.0-20181107211654-5fc9ac540362/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
@@ -2246,7 +1932,6 @@ google.golang.org/genproto v0.0.0-20190418145605-e7d98fc518a7/go.mod h1:VzzqZJRn
 google.golang.org/genproto v0.0.0-20190425155659-357c62f0e4bb/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
 google.golang.org/genproto v0.0.0-20190502173448-54afdca5d873/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
 google.golang.org/genproto v0.0.0-20190508193815-b515fa19cec8/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
-google.golang.org/genproto v0.0.0-20190522204451-c2c4e71fbf69/go.mod h1:z3L6/3dTEVtUr6QSP8miRzeRqwQOioJ9I66odjN4I7s=
 google.golang.org/genproto v0.0.0-20190530194941-fb225487d101/go.mod h1:z3L6/3dTEVtUr6QSP8miRzeRqwQOioJ9I66odjN4I7s=
 google.golang.org/genproto v0.0.0-20190620144150-6af8c5fc6601/go.mod h1:z3L6/3dTEVtUr6QSP8miRzeRqwQOioJ9I66odjN4I7s=
 google.golang.org/genproto v0.0.0-20190801165951-fa694d86fc64/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
@@ -2257,7 +1942,6 @@ google.golang.org/genproto v0.0.0-20191115194625-c23dd37a84c9/go.mod h1:n3cpQtvx
 google.golang.org/genproto v0.0.0-20191216164720-4f79533eabd1/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
 google.golang.org/genproto v0.0.0-20191230161307-f3c370f40bfb/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
 google.golang.org/genproto v0.0.0-20200115191322-ca5a22157cba/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
-google.golang.org/genproto v0.0.0-20200117163144-32f20d992d24/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
 google.golang.org/genproto v0.0.0-20200122232147-0452cf42e150/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
 google.golang.org/genproto v0.0.0-20200204135345-fa8e72b47b90/go.mod h1:GmwEX6Z4W5gMy59cAlVYjN9JhxgbQH6Gn+gFDQe2lzA=
 google.golang.org/genproto v0.0.0-20200212174721-66ed5ce911ce/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
@@ -2279,7 +1963,6 @@ google.golang.org/genproto v0.0.0-20200806141610-86f49bd18e98/go.mod h1:FWY/as6D
 google.golang.org/genproto v0.0.0-20200825200019-8632dd797987/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
 google.golang.org/genproto v0.0.0-20200904004341-0bd0a958aa1d/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
 google.golang.org/genproto v0.0.0-20201109203340-2640f1f9cdfb/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
-google.golang.org/genproto v0.0.0-20201110150050-8816d57aaa9a/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
 google.golang.org/genproto v0.0.0-20201201144952-b05cb90ed32e/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
 google.golang.org/genproto v0.0.0-20201210142538-e3217bee35cc/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
 google.golang.org/genproto v0.0.0-20201214200347-8c77b98c765d/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
@@ -2331,9 +2014,9 @@ google.golang.org/genproto v0.0.0-20220505152158-f39f71e6c8f3/go.mod h1:RAyBrSAP
 google.golang.org/genproto v0.0.0-20220518221133-4f43b3371335/go.mod h1:RAyBrSAP7Fh3Nc84ghnVLDPuV51xc9agzmm4Ph6i0Q4=
 google.golang.org/genproto v0.0.0-20220523171625-347a074981d8/go.mod h1:RAyBrSAP7Fh3Nc84ghnVLDPuV51xc9agzmm4Ph6i0Q4=
 google.golang.org/genproto v0.0.0-20220608133413-ed9918b62aac/go.mod h1:KEWEmljWE5zPzLBa/oHl6DaEt9LmfH6WtH1OHIvleBA=
-google.golang.org/genproto v0.0.0-20220616135557-88e70c0c3a90 h1:4SPz2GL2CXJt28MTF8V6Ap/9ZiVbQlJeGSd9qtA7DLs=
 google.golang.org/genproto v0.0.0-20220616135557-88e70c0c3a90/go.mod h1:KEWEmljWE5zPzLBa/oHl6DaEt9LmfH6WtH1OHIvleBA=
-google.golang.org/grpc v0.0.0-20160317175043-d3ddb4469d5a/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw=
+google.golang.org/genproto v0.0.0-20221025140454-527a21cfbd71 h1:GEgb2jF5zxsFJpJfg9RoDDWm7tiwc/DDSTE2BtLUkXU=
+google.golang.org/genproto v0.0.0-20221025140454-527a21cfbd71/go.mod h1:9qHF0xnpdSfF6knlcsnpzUu5y+rpwgbvsyGAZPBMg4s=
 google.golang.org/grpc v1.8.0/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw=
 google.golang.org/grpc v1.14.0/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw=
 google.golang.org/grpc v1.17.0/go.mod h1:6QZJwpn2B+Zp71q/5VxRsJ6NXXVCE5NRUHRo+f3cWCs=
@@ -2346,7 +2029,6 @@ google.golang.org/grpc v1.22.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyac
 google.golang.org/grpc v1.22.1/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
 google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
 google.golang.org/grpc v1.23.1/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
-google.golang.org/grpc v1.24.0/go.mod h1:XDChyiUovWa60DnaeDeZmSW86xtLtjtZbwvSiRnRtcA=
 google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY=
 google.golang.org/grpc v1.26.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
 google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
@@ -2370,14 +2052,14 @@ google.golang.org/grpc v1.39.0/go.mod h1:PImNr+rS9TWYb2O4/emRugxiyHZ5JyHW5F+RPnD
 google.golang.org/grpc v1.39.1/go.mod h1:PImNr+rS9TWYb2O4/emRugxiyHZ5JyHW5F+RPnDzfrE=
 google.golang.org/grpc v1.40.0/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9KAK34=
 google.golang.org/grpc v1.40.1/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9KAK34=
-google.golang.org/grpc v1.41.0/go.mod h1:U3l9uK9J0sini8mHphKoXyaqDA/8VyGnDee1zzIUK6k=
 google.golang.org/grpc v1.42.0/go.mod h1:k+4IHHFw41K8+bbowsex27ge2rCb65oeWqe4jJ590SU=
 google.golang.org/grpc v1.44.0/go.mod h1:k+4IHHFw41K8+bbowsex27ge2rCb65oeWqe4jJ590SU=
 google.golang.org/grpc v1.45.0/go.mod h1:lN7owxKUQEqMfSyQikvvk5tf/6zMPsrK+ONuO11+0rQ=
 google.golang.org/grpc v1.46.0/go.mod h1:vN9eftEi1UMyUsIF80+uQXhHjbXYbm0uXoFCACuMGWk=
 google.golang.org/grpc v1.46.2/go.mod h1:vN9eftEi1UMyUsIF80+uQXhHjbXYbm0uXoFCACuMGWk=
-google.golang.org/grpc v1.47.0 h1:9n77onPX5F3qfFCqjy9dhn8PbNQsIKeVU04J9G7umt8=
 google.golang.org/grpc v1.47.0/go.mod h1:vN9eftEi1UMyUsIF80+uQXhHjbXYbm0uXoFCACuMGWk=
+google.golang.org/grpc v1.50.1 h1:DS/BukOZWp8s6p4Dt/tOaJaTQyPyOoCcrjroHuCeLzY=
+google.golang.org/grpc v1.50.1/go.mod h1:ZgQEeidpAuNRZ8iRrlBKXZQP1ghovWIVhdJRyCDK+GI=
 google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.1.0/go.mod h1:6Kw0yEErY5E/yWrBtf03jp27GLLJujG4z/JK95pnjjw=
 google.golang.org/grpc/examples v0.0.0-20210304020650-930c79186c99 h1:qA8rMbz1wQ4DOFfM2ouD29DG9aHWBm6ZOy9BGxiUMmY=
 google.golang.org/grpc/examples v0.0.0-20210304020650-930c79186c99/go.mod h1:Ly7ZA/ARzg8fnPU9TyZIxoz33sEUuWX7txiqs8lPTgE=
@@ -2398,14 +2080,12 @@ google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQ
 google.golang.org/protobuf v1.28.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
 google.golang.org/protobuf v1.28.1 h1:d0NfwRgPtno5B1Wa6L2DAG+KivqkdutMf1UhdNx175w=
 google.golang.org/protobuf v1.28.1/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
-gopkg.in/airbrake/gobrake.v2 v2.0.9/go.mod h1:/h5ZAUhDkGaJfjzjKLSjv6zCL6O0LLBxU4K+aSYdM/U=
 gopkg.in/alecthomas/kingpin.v2 v2.2.6 h1:jMFz6MfLP0/4fUyZle81rXUoxOBFi19VUFKVDOQfozc=
 gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw=
 gopkg.in/alexcesaro/quotedprintable.v3 v3.0.0-20150716171945-2caba252f4dc h1:2gGKlE2+asNV9m7xrywl36YYNnBG5ZQ0r/BOOxqPpmk=
 gopkg.in/alexcesaro/quotedprintable.v3 v3.0.0-20150716171945-2caba252f4dc/go.mod h1:m7x9LTH6d71AHyAX77c9yqWCCa3UKHcVEj9y7hAtKDk=
 gopkg.in/asn1-ber.v1 v1.0.0-20181015200546-f715ec2f112d/go.mod h1:cuepJuh7vyXfUyUwEgHQXw849cJrilpS5NeIjOWESAw=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/check.v1 v1.0.0-20141024133853-64131543e789/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
@@ -2417,24 +2097,19 @@ gopkg.in/cheggaaa/pb.v1 v1.0.28/go.mod h1:V/YB90LKu/1FcN3WVnfiiE5oMCibMjukxqG/qS
 gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI=
 gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys=
 gopkg.in/gcfg.v1 v1.2.3/go.mod h1:yesOnuUOFQAhST5vPY4nbZsb/huCgGGXlipJsBn0b3o=
-gopkg.in/gemnasium/logrus-airbrake-hook.v2 v2.1.2/go.mod h1:Xk6kEKp8OKb+X14hQBKWaSkCsqBpgog8nAV2xsGOxlo=
 gopkg.in/go-playground/assert.v1 v1.2.1/go.mod h1:9RXL0bg/zibRAgZUYszZSwO/z8Y/a8bDuhia5mkpMnE=
 gopkg.in/go-playground/mold.v2 v2.2.0/go.mod h1:XMyyRsGtakkDPbxXbrA5VODo6bUXyvoDjLd5l3T0XoA=
 gopkg.in/inconshreveable/log15.v2 v2.0.0-20180818164646-67afb5ed74ec/go.mod h1:aPpfJ7XW+gOuirDoZ8gHhLh3kZ1B08FtV2bbmy7Jv3s=
-gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw=
 gopkg.in/ini.v1 v1.51.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
 gopkg.in/ini.v1 v1.57.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
 gopkg.in/ini.v1 v1.62.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
 gopkg.in/ini.v1 v1.67.0 h1:Dgnx+6+nfE+IfzjUEISNeydPJh9AXNNsWbGP9KzCsOA=
 gopkg.in/ini.v1 v1.67.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
 gopkg.in/mail.v2 v2.3.1/go.mod h1:htwXN1Qh09vZJ1NVKxQqHPBaCBbzKhp5GzuJEA4VJWw=
-gopkg.in/natefinch/lumberjack.v2 v2.0.0/go.mod h1:l0ndWWf7gzL7RNwBG7wST/UCcT4T24xpD6X8LsfU/+k=
 gopkg.in/op/go-logging.v1 v1.0.0-20160211212156-b2cb9fa56473 h1:6D+BvnJ/j6e222UW8s2qTSe3wGBtvo0MbVQG/c5k8RE=
 gopkg.in/op/go-logging.v1 v1.0.0-20160211212156-b2cb9fa56473/go.mod h1:N1eN2tsCx0Ydtgjl4cqmbRCsY4/+z4cYDeqwZTk6zog=
 gopkg.in/resty.v1 v1.12.0/go.mod h1:mDo4pnntr5jdWRML875a/NmxYqAlA73dVijT2AXvQQo=
-gopkg.in/square/go-jose.v2 v2.2.2/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI=
 gopkg.in/square/go-jose.v2 v2.3.1/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI=
-gopkg.in/square/go-jose.v2 v2.5.1/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI=
 gopkg.in/square/go-jose.v2 v2.6.0 h1:NGk74WTnPKBNUhNzQX7PYcTLUjoq7mzKk2OKbvwk2iI=
 gopkg.in/square/go-jose.v2 v2.6.0/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI=
 gopkg.in/src-d/go-billy.v4 v4.3.2/go.mod h1:nDjArDMp+XMs1aFAESLRjfGSgfvoYN0hDfzEk0GjC98=
@@ -2458,15 +2133,13 @@ gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C
 gopkg.in/yaml.v3 v3.0.0-20200605160147-a5ece683394c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gopkg.in/yaml.v3 v3.0.0-20200615113413-eeeca48fe776/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
+gopkg.in/yaml.v3 v3.0.0/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gorm.io/driver/postgres v1.3.5/go.mod h1:EGCWefLFQSVFrHGy4J8EtiHCWX5Q8t0yz2Jt9aKkGzU=
 gorm.io/gorm v1.23.4/go.mod h1:l2lP/RyAtc1ynaTjFksBde/O8v9oOGIApu2/xRitmZk=
 gorm.io/gorm v1.23.5/go.mod h1:l2lP/RyAtc1ynaTjFksBde/O8v9oOGIApu2/xRitmZk=
-gotest.tools v2.2.0+incompatible h1:VsBPFP1AI068pPrMxtb/S8Zkgf9xEmTLJjfM+P5UIEo=
-gotest.tools v2.2.0+incompatible/go.mod h1:DsYFclhRJ6vuDpmuTbkuFWG+y2sxOXAzmJt81HFBacw=
 gotest.tools/v3 v3.0.2/go.mod h1:3SzNCllyD9/Y+b5r9JIKQ474KzkZyqLqEfYqMsX94Bk=
-gotest.tools/v3 v3.0.3/go.mod h1:Z7Lb0S5l+klDB31fvDQX8ss/FlKDxtlFlw3Oa8Ymbl8=
 gotest.tools/v3 v3.2.0 h1:I0DwBVMGAx26dttAj1BtJLAkVGncrkkUXfJLC4Flt/I=
 honnef.co/go/tools v0.0.0-20180728063816-88497007e858/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
@@ -2477,31 +2150,6 @@ honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt
 honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
 honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
 honnef.co/go/tools v0.1.4/go.mod h1:NgwopIslSNH47DimFoV78dnkksY2EFtX0ajyb3K/las=
-k8s.io/api v0.20.1/go.mod h1:KqwcCVogGxQY3nBlRpwt+wpAMF/KjaCc7RpywacvqUo=
-k8s.io/api v0.20.4/go.mod h1:++lNL1AJMkDymriNniQsWRkMDzRaX2Y/POTUi8yvqYQ=
-k8s.io/api v0.20.6/go.mod h1:X9e8Qag6JV/bL5G6bU8sdVRltWKmdHsFUGS3eVndqE8=
-k8s.io/apimachinery v0.20.1/go.mod h1:WlLqWAHZGg07AeltaI0MV5uk1Omp8xaN0JGLY6gkRpU=
-k8s.io/apimachinery v0.20.4/go.mod h1:WlLqWAHZGg07AeltaI0MV5uk1Omp8xaN0JGLY6gkRpU=
-k8s.io/apimachinery v0.20.6/go.mod h1:ejZXtW1Ra6V1O5H8xPBGz+T3+4gfkTCeExAHKU57MAc=
-k8s.io/apiserver v0.20.1/go.mod h1:ro5QHeQkgMS7ZGpvf4tSMx6bBOgPfE+f52KwvXfScaU=
-k8s.io/apiserver v0.20.4/go.mod h1:Mc80thBKOyy7tbvFtB4kJv1kbdD0eIH8k8vianJcbFM=
-k8s.io/apiserver v0.20.6/go.mod h1:QIJXNt6i6JB+0YQRNcS0hdRHJlMhflFmsBDeSgT1r8Q=
-k8s.io/client-go v0.20.1/go.mod h1:/zcHdt1TeWSd5HoUe6elJmHSQ6uLLgp4bIJHVEuy+/Y=
-k8s.io/client-go v0.20.4/go.mod h1:LiMv25ND1gLUdBeYxBIwKpkSC5IsozMMmOOeSJboP+k=
-k8s.io/client-go v0.20.6/go.mod h1:nNQMnOvEUEsOzRRFIIkdmYOjAZrC8bgq0ExboWSU1I0=
-k8s.io/component-base v0.20.1/go.mod h1:guxkoJnNoh8LNrbtiQOlyp2Y2XFCZQmrcg2n/DeYNLk=
-k8s.io/component-base v0.20.4/go.mod h1:t4p9EdiagbVCJKrQ1RsA5/V4rFQNDfRlevJajlGwgjI=
-k8s.io/component-base v0.20.6/go.mod h1:6f1MPBAeI+mvuts3sIdtpjljHWBQ2cIy38oBIWMYnrM=
-k8s.io/cri-api v0.17.3/go.mod h1:X1sbHmuXhwaHs9xxYffLqJogVsnI+f6cPRcgPel7ywM=
-k8s.io/cri-api v0.20.1/go.mod h1:2JRbKt+BFLTjtrILYVqQK5jqhI+XNdF6UiGMgczeBCI=
-k8s.io/cri-api v0.20.4/go.mod h1:2JRbKt+BFLTjtrILYVqQK5jqhI+XNdF6UiGMgczeBCI=
-k8s.io/cri-api v0.20.6/go.mod h1:ew44AjNXwyn1s0U4xCKGodU7J1HzBeZ1MpGrpa5r8Yc=
-k8s.io/gengo v0.0.0-20200413195148-3a45101e95ac/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0=
-k8s.io/klog/v2 v2.0.0/go.mod h1:PBfzABfn139FHAV07az/IF9Wp1bkk3vpT2XSJ76fSDE=
-k8s.io/klog/v2 v2.4.0/go.mod h1:Od+F08eJP+W3HUb4pSrPpgp9DGU4GzlpG/TmITuYh/Y=
-k8s.io/kube-openapi v0.0.0-20201113171705-d219536bb9fd/go.mod h1:WOJ3KddDSol4tAGcJo0Tvi+dK12EcqSLqcWsryKMpfM=
-k8s.io/kubernetes v1.13.0/go.mod h1:ocZa8+6APFNC2tX1DZASIbocyYT5jHzqFVsY5aoB7Jk=
-k8s.io/utils v0.0.0-20201110183641-67b214c5f920/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA=
 mvdan.cc/editorconfig v0.1.1-0.20200121172147-e40951bde157/go.mod h1:Ge4atmRUYqueGppvJ7JNrtqpqokoJEFxYbP0Z+WeKS8=
 mvdan.cc/sh/v3 v3.3.0-0.dev.0.20210224101809-fb5052e7a010 h1:0xJA1YM0Ppa63jEfcdPsjRHo1qxklwXWhIPr9tAQ2J4=
 mvdan.cc/sh/v3 v3.3.0-0.dev.0.20210224101809-fb5052e7a010/go.mod h1:fPQmabBpREM/XQ9YXSU5ZFZ/Sm+PmKP9/vkFHgYKJEI=
@@ -2509,11 +2157,8 @@ pack.ag/amqp v0.11.2/go.mod h1:4/cbmt4EJXSKlG6LCfWHoqmN0uFdy5i/+YFz+fTfhV4=
 rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8=
 rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0=
 rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA=
-sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.14/go.mod h1:LEScyzhFmoF5pso/YSeBstl57mOzx9xlU9n85RGrDQg=
-sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.15/go.mod h1:LEScyzhFmoF5pso/YSeBstl57mOzx9xlU9n85RGrDQg=
-sigs.k8s.io/structured-merge-diff/v4 v4.0.2/go.mod h1:bJZC9H9iH24zzfZ/41RGcq60oK1F7G282QMXDPYydCw=
-sigs.k8s.io/structured-merge-diff/v4 v4.0.3/go.mod h1:bJZC9H9iH24zzfZ/41RGcq60oK1F7G282QMXDPYydCw=
 sigs.k8s.io/yaml v1.1.0/go.mod h1:UJmg0vDUVViEyp3mgSv9WPwZCDxu4rQW1olrI1uml+o=
-sigs.k8s.io/yaml v1.2.0 h1:kr/MCeFWJWTwyaHoR9c8EjH9OumOmoF9YGiZd7lFm/Q=
 sigs.k8s.io/yaml v1.2.0/go.mod h1:yfXDCHCao9+ENCvLSE62v9VSji2MKu5jeNfTrofGhJc=
+sigs.k8s.io/yaml v1.3.0 h1:a2VclLzOGrwOHDiV8EfBGhvjHvP46CtW5j6POvhYGGo=
+sigs.k8s.io/yaml v1.3.0/go.mod h1:GeOyir5tyXNByN85N/dRIT9es5UQNerPYEKK56eTBm8=
 sourcegraph.com/sourcegraph/appdash v0.0.0-20190731080439-ebfcffb1b5c0/go.mod h1:hI742Nqp5OhwiqlzhgfbWU4mW4yO10fP+LoT9WOswdU=
diff --git a/identity/validator_test.go b/identity/validator_test.go
index f36b62d595af..57755d7dd51b 100644
--- a/identity/validator_test.go
+++ b/identity/validator_test.go
@@ -59,8 +59,8 @@ func TestSchemaValidatorDisallowsInternalNetworkRequests(t *testing.T) {
 	}
 
 	for _, tc := range [][2]string{
-		{"localhost", "ip 127.0.0.1 is in the 127.0.0.0/8 range"},
-		{"privateRef", "ip 192.168.178.1 is in the 192.168.0.0/16 range"},
+		{"localhost", "is in the private, loopback, or unspecified IP range"}, // could be 127.0.0.1 or ::1
+		{"privateRef", "ip 192.168.178.1 is in the private, loopback, or unspecified IP range"},
 	} {
 		t.Run(fmt.Sprintf("case=%s", tc[0]), func(t *testing.T) {
 			assert.Contains(t, do(t, tc[0]), tc[1])
diff --git a/selfservice/flow/login/handler_test.go b/selfservice/flow/login/handler_test.go
index f91279f00329..5d8b571f8567 100644
--- a/selfservice/flow/login/handler_test.go
+++ b/selfservice/flow/login/handler_test.go
@@ -661,6 +661,7 @@ func TestGetFlow(t *testing.T) {
 		// submit the flow but it is expired
 		u := public.URL + login.RouteSubmitFlow + "?flow=" + f.ID.String()
 		res, err := client.PostForm(u, url.Values{"password_identifier": {"email@ory.sh"}, "csrf_token": {f.CSRFToken}, "password": {"password"}, "method": {"password"}})
+		require.NoError(t, err)
 		resBody, err := io.ReadAll(res.Body)
 		require.NoError(t, err)
 		require.NoError(t, res.Body.Close())
diff --git a/selfservice/flow/login/hook.go b/selfservice/flow/login/hook.go
index eddafe0b8030..619840781d51 100644
--- a/selfservice/flow/login/hook.go
+++ b/selfservice/flow/login/hook.go
@@ -7,6 +7,8 @@ import (
 	"time"
 
 	"github.com/pkg/errors"
+	"go.opentelemetry.io/otel/attribute"
+	"go.opentelemetry.io/otel/trace"
 
 	"github.com/ory/kratos/driver/config"
 	"github.com/ory/kratos/hydra"
@@ -16,6 +18,7 @@ import (
 	"github.com/ory/kratos/ui/container"
 	"github.com/ory/kratos/ui/node"
 	"github.com/ory/kratos/x"
+	"github.com/ory/x/otelx/semconv"
 )
 
 type (
@@ -163,6 +166,14 @@ func (e *HookExecutor) PostLoginHook(w http.ResponseWriter, r *http.Request, g n
 			WithField("session_id", s.ID).
 			WithField("identity_id", i.ID).
 			Info("Identity authenticated successfully and was issued an Ory Kratos Session Token.")
+		trace.SpanFromContext(r.Context()).AddEvent(
+			semconv.EventSessionIssued,
+			trace.WithAttributes(
+				attribute.String(semconv.AttrIdentityID, i.ID.String()),
+				attribute.String(semconv.AttrNID, i.NID.String()),
+				attribute.String("flow", string(flow.TypeAPI)),
+			),
+		)
 
 		response := &APIFlowResponse{Session: s, Token: s.Token}
 		if required, _ := e.requiresAAL2(r, s, a); required {
@@ -183,6 +194,14 @@ func (e *HookExecutor) PostLoginHook(w http.ResponseWriter, r *http.Request, g n
 		WithField("identity_id", i.ID).
 		WithField("session_id", s.ID).
 		Info("Identity authenticated successfully and was issued an Ory Kratos Session Cookie.")
+	trace.SpanFromContext(r.Context()).AddEvent(
+		semconv.EventSessionIssued,
+		trace.WithAttributes(
+			attribute.String(semconv.AttrIdentityID, i.ID.String()),
+			attribute.String(semconv.AttrNID, i.NID.String()),
+			attribute.String("flow", string(flow.TypeBrowser)),
+		),
+	)
 
 	if x.IsJSONRequest(r) {
 		// Browser flows rely on cookies. Adding tokens in the mix will confuse consumers.
diff --git a/selfservice/flow/registration/hook.go b/selfservice/flow/registration/hook.go
index d2120480ccb5..5081df017f95 100644
--- a/selfservice/flow/registration/hook.go
+++ b/selfservice/flow/registration/hook.go
@@ -7,7 +7,10 @@ import (
 	"time"
 
 	"github.com/pkg/errors"
+	"go.opentelemetry.io/otel/attribute"
+	"go.opentelemetry.io/otel/trace"
 
+	"github.com/ory/x/otelx/semconv"
 	"github.com/ory/x/sqlcon"
 
 	"github.com/ory/kratos/driver/config"
@@ -153,6 +156,14 @@ func (e *HookExecutor) PostRegistrationHook(w http.ResponseWriter, r *http.Reque
 		WithRequest(r).
 		WithField("identity_id", i.ID).
 		Info("A new identity has registered using self-service registration.")
+	trace.SpanFromContext(r.Context()).AddEvent(
+		semconv.EventIdentityCreated,
+		trace.WithAttributes(
+			attribute.String(semconv.AttrIdentityID, i.ID.String()),
+			attribute.String(semconv.AttrNID, i.NID.String()),
+			attribute.String("flow", string(a.Type)),
+		),
+	)
 
 	s, err := session.NewActiveSession(r, i, e.d.Config(), time.Now().UTC(), ct, identity.AuthenticatorAssuranceLevel1)
 	if err != nil {
diff --git a/selfservice/hook/web_hook_integration_test.go b/selfservice/hook/web_hook_integration_test.go
index b48fd79d73f4..017f38c5e23c 100644
--- a/selfservice/hook/web_hook_integration_test.go
+++ b/selfservice/hook/web_hook_integration_test.go
@@ -748,7 +748,7 @@ func TestDisallowPrivateIPRanges(t *testing.T) {
 }`))
 		err := wh.ExecuteLoginPostHook(nil, req, node.DefaultGroup, f, s)
 		require.Error(t, err)
-		require.Contains(t, err.Error(), "ip 127.0.0.1 is in the 127.0.0.0/8 range")
+		require.Contains(t, err.Error(), "is in the private, loopback, or unspecified IP range")
 	})
 
 	t.Run("allowed to call exempt url", func(t *testing.T) {
@@ -759,7 +759,7 @@ func TestDisallowPrivateIPRanges(t *testing.T) {
 }`))
 		err := wh.ExecuteLoginPostHook(nil, req, node.DefaultGroup, f, s)
 		require.Error(t, err, "the target does not exist and we still receive an error")
-		require.NotContains(t, err.Error(), "ip 127.0.0.1 is in the 127.0.0.0/8 range", "but the error is not related to the IP range.")
+		require.NotContains(t, err.Error(), "is in the private, loopback, or unspecified IP range", "but the error is not related to the IP range.")
 	})
 
 	t.Run("not allowed to load from source", func(t *testing.T) {
@@ -779,6 +779,6 @@ func TestDisallowPrivateIPRanges(t *testing.T) {
 }`))
 		err := wh.ExecuteLoginPostHook(nil, req, node.DefaultGroup, f, s)
 		require.Error(t, err)
-		require.Contains(t, err.Error(), "ip 192.168.178.0 is in the 192.168.0.0/16 range")
+		require.Contains(t, err.Error(), "ip 192.168.178.0 is in the private, loopback, or unspecified IP range")
 	})
 }
diff --git a/selfservice/strategy/oidc/provider_private_net_test.go b/selfservice/strategy/oidc/provider_private_net_test.go
index 590fd6791824..c88ab9e856ca 100644
--- a/selfservice/strategy/oidc/provider_private_net_test.go
+++ b/selfservice/strategy/oidc/provider_private_net_test.go
@@ -47,16 +47,16 @@ func TestProviderPrivateIP(t *testing.T) {
 	}{
 		// Apple uses a fixed token URL and does not use the issuer.
 
-		{p: auth0, c: &oidc.Configuration{IssuerURL: "http://127.0.0.2/"}, e: "ip 127.0.0.2 is in the 127.0.0.0/8"},
+		{p: auth0, c: &oidc.Configuration{IssuerURL: "http://127.0.0.2/"}, e: "ip 127.0.0.2 is in the private, loopback, or unspecified IP range"},
 		// The TokenURL is fixed in Auth0 to {issuer_url}/token. Since the issuer is called first, any local token fails also.
 
 		// If the issuer URL is local, we fail
-		{p: generic, c: &oidc.Configuration{IssuerURL: "http://127.0.0.2/"}, e: "ip 127.0.0.2 is in the 127.0.0.0/8", id: fakeJWTJWKS},
+		{p: generic, c: &oidc.Configuration{IssuerURL: "http://127.0.0.2/"}, e: "ip 127.0.0.2 is in the private, loopback, or unspecified IP range", id: fakeJWTJWKS},
 		// If the issuer URL has a local JWKs URL, we fail
-		{p: generic, c: &oidc.Configuration{ClientID: "abcd", IssuerURL: wellknownJWKs}, e: "ip 127.0.1.0 is in the 127.0.0.0/8", id: fakeJWTJWKS},
+		{p: generic, c: &oidc.Configuration{ClientID: "abcd", IssuerURL: wellknownJWKs}, e: "ip 127.0.1.0 is in the private, loopback, or unspecified IP range", id: fakeJWTJWKS},
 		// The next call does not fail because the provider uses only the ID JSON Web Token to verify this call and does
 		// not use the TokenURL at all!
-		// {p: generic, c: &oidc.Configuration{ClientID: "abcd", IssuerURL: wellknownToken, TokenURL: "http://127.0.0.3/"}, e: "ip 127.0.0.1 is in the 127.0.0.0/8", id: fakeJWTToken},
+		// {p: generic, c: &oidc.Configuration{ClientID: "abcd", IssuerURL: wellknownToken, TokenURL: "http://127.0.0.3/"}, e: "ip 127.0.0.3 is in the private, loopback, or unspecified IP range", id: fakeJWTToken},
 
 		// Discord uses a fixed token URL and does not use the issuer.
 		// Facebook uses a fixed token URL and does not use the issuer.
@@ -64,7 +64,7 @@ func TestProviderPrivateIP(t *testing.T) {
 		// GitHub App uses a fixed token URL and does not use the issuer.
 		// GitHub App uses a fixed token URL and does not use the issuer.
 
-		{p: gitlab, c: &oidc.Configuration{IssuerURL: "http://127.0.0.2/"}, e: "ip 127.0.0.2 is in the 127.0.0.0/8"},
+		{p: gitlab, c: &oidc.Configuration{IssuerURL: "http://127.0.0.2/"}, e: "ip 127.0.0.2 is in the private, loopback, or unspecified IP range"},
 		// The TokenURL is fixed in GitLab to {issuer_url}/token. Since the issuer is called first, any local token fails also.
 
 		// Google uses a fixed token URL and does not use the issuer.
diff --git a/session/session.go b/session/session.go
index 3220400ba6b1..b40bc4a6c711 100644
--- a/session/session.go
+++ b/session/session.go
@@ -247,7 +247,7 @@ func (s *Session) SaveSessionDeviceInformation(r *http.Request) {
 	} else if realClientIP := r.Header.Get("X-Real-IP"); realClientIP != "" {
 		device.IPAddress = &realClientIP
 	} else if forwardedIP := r.Header.Get("X-Forwarded-For"); forwardedIP != "" {
-		ip, _ := httpx.GetClientIPAddress(strings.Split(forwardedIP, ","), httpx.InternalIPSet)
+		ip, _ := httpx.GetClientIPAddressesWithoutInternalIPs(strings.Split(forwardedIP, ","))
 		device.IPAddress = &ip
 	} else {
 		device.IPAddress = &r.RemoteAddr
diff --git a/test/e2e/cypress/integration/profiles/network/errors.spec.ts b/test/e2e/cypress/integration/profiles/network/errors.spec.ts
index d69615a4854c..ca79fc6de758 100644
--- a/test/e2e/cypress/integration/profiles/network/errors.spec.ts
+++ b/test/e2e/cypress/integration/profiles/network/errors.spec.ts
@@ -12,7 +12,7 @@ describe("Registration failures with email profile", () => {
     cy.visit(express.registration, { failOnStatusCode: false })
     cy.get('[data-testid="code-box"]').should(
       "contain.text",
-      "ip 127.0.0.1 is in the 127.0.0.0/8",
+      "is in the private, loopback, or unspecified IP range", // could be ::1 or 127.0.0.1
     )
   })
 
@@ -21,7 +21,7 @@ describe("Registration failures with email profile", () => {
     cy.visit(express.registration, { failOnStatusCode: false })
     cy.get('[data-testid="code-box"]').should(
       "contain.text",
-      "ip 192.168.178.1 is in the 192.168.0.0/16 range",
+      "ip 192.168.178.1 is in the private, loopback, or unspecified IP range",
     )
   })
 
@@ -30,7 +30,7 @@ describe("Registration failures with email profile", () => {
     cy.visit(express.login, { failOnStatusCode: false })
     cy.get('[data-testid="code-box"]').should(
       "contain.text",
-      "ip 192.168.178.2 is in the 192.168.0.0/16 range",
+      "ip 192.168.178.2 is in the private, loopback, or unspecified IP range",
     )
   })
 
@@ -43,7 +43,7 @@ describe("Registration failures with email profile", () => {
     cy.get('[type="submit"]').click()
     cy.get('[data-testid="code-box"]').should(
       "contain.text",
-      "ip 192.168.178.3 is in the 192.168.0.0/16 range",
+      "ip 192.168.178.3 is in the private, loopback, or unspecified IP range",
     )
   })
 })
diff --git a/x/tracing.go b/x/tracing.go
deleted file mode 100644
index 7707a982bb21..000000000000
--- a/x/tracing.go
+++ /dev/null
@@ -1,14 +0,0 @@
-package x
-
-import (
-	"net/http"
-
-	"github.com/ory/x/otelx"
-)
-
-// TraceHandler wraps otelx.NewHandler, passing the URL path as the span name.
-func TraceHandler(h http.Handler) http.Handler {
-	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		otelx.NewHandler(h, r.URL.Path).ServeHTTP(w, r)
-	})
-}

From 5d1ff109419d0b25b5fa92bf7c7663b5e88601f2 Mon Sep 17 00:00:00 2001
From: ory-bot <60093411+ory-bot@users.noreply.github.com>
Date: Mon, 7 Nov 2022 11:33:54 +0000
Subject: [PATCH 339/411] autogen(docs): regenerate and update changelog

[skip ci]
---
 CHANGELOG.md | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 1c53436e90f5..38b538cf1890 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -5,7 +5,7 @@
 
 **Table of Contents**
 
-- [ (2022-11-03)](#2022-11-03)
+- [ (2022-11-07)](#2022-11-07)
   - [Breaking Changes](#breaking-changes)
     - [Bug Fixes](#bug-fixes)
     - [Code Refactoring](#code-refactoring)
@@ -280,7 +280,7 @@
 
 
 
-# [](https://github.com/ory/kratos/compare/v0.10.1...v) (2022-11-03)
+# [](https://github.com/ory/kratos/compare/v0.10.1...v) (2022-11-07)
 
 ## Breaking Changes
 
@@ -542,6 +542,9 @@ SDK Method `getJsonSchema` was renamed to `getIdentitySchema`.
 
 ### Features
 
+- Add admin get api for session
+  ([#2855](https://github.com/ory/kratos/issues/2855))
+  ([1aa1321](https://github.com/ory/kratos/commit/1aa13211d1459e7453c2ba8fec69fee1c79aecbc))
 - Add api endpoint to fetch messages
   ([#2651](https://github.com/ory/kratos/issues/2651))
   ([5fddcbf](https://github.com/ory/kratos/commit/5fddcbf6554264766301e63ed3889ba746f0cd1a)):
@@ -572,6 +575,9 @@ SDK Method `getJsonSchema` was renamed to `getIdentitySchema`.
 
   See https://github.com/ory/kratos/discussions/2583
 
+- Add OpenTelemetry span events
+  ([#2858](https://github.com/ory/kratos/issues/2858))
+  ([37b1a3b](https://github.com/ory/kratos/commit/37b1a3bb0cf2ea859d672674ca0e95893e63301b))
 - Add PATCH to adminUpdateIdentity
   ([#2380](https://github.com/ory/kratos/issues/2380))
   ([#2471](https://github.com/ory/kratos/issues/2471))

From 2a6fd203a7e7b8363d3b4470b4f7b70a6a9eba8e Mon Sep 17 00:00:00 2001
From: aeneasr <3372410+aeneasr@users.noreply.github.com>
Date: Tue, 8 Nov 2022 01:47:10 +0000
Subject: [PATCH 340/411] chore: update repository templates to
 https://github.com/ory/meta/commit/47569d9893f0bae29676417807de790338fec9be

---
 package-lock.json | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 22942d45a3f8..37ea379c31ec 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -6595,8 +6595,7 @@
       "version": "7.5.8",
       "resolved": "https://registry.npmjs.org/ws/-/ws-7.5.8.tgz",
       "integrity": "sha512-ri1Id1WinAX5Jqn9HejiGb8crfRio0Qgu8+MtL36rlTA6RLsMdWt1Az/19A2Qij6uSHUMphEFaTKa4WG+UNHNw==",
-      "dev": true,
-      "requires": {}
+      "dev": true
     },
     "y18n": {
       "version": "5.0.8",

From ed99539b15f4a35a02c7f61e90b1a48b0ed2b4b4 Mon Sep 17 00:00:00 2001
From: ory-bot <60093411+ory-bot@users.noreply.github.com>
Date: Tue, 8 Nov 2022 02:52:15 +0000
Subject: [PATCH 341/411] autogen(docs): regenerate and update changelog

[skip ci]
---
 CHANGELOG.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 38b538cf1890..eb4cef4c398a 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -5,7 +5,7 @@
 
 **Table of Contents**
 
-- [ (2022-11-07)](#2022-11-07)
+- [ (2022-11-08)](#2022-11-08)
   - [Breaking Changes](#breaking-changes)
     - [Bug Fixes](#bug-fixes)
     - [Code Refactoring](#code-refactoring)
@@ -280,7 +280,7 @@
 
 
 
-# [](https://github.com/ory/kratos/compare/v0.10.1...v) (2022-11-07)
+# [](https://github.com/ory/kratos/compare/v0.10.1...v) (2022-11-08)
 
 ## Breaking Changes
 

From 8fceadc8b37f91f1c011fcade4a2d88961734438 Mon Sep 17 00:00:00 2001
From: Jonas Hungershausen 
Date: Tue, 8 Nov 2022 11:52:11 +0100
Subject: [PATCH 342/411] chore: update ory/x (#2871)

---
 go.mod             | 3 ++-
 go.sum             | 4 ++++
 session/handler.go | 5 ++---
 3 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/go.mod b/go.mod
index 89a670f6e559..7b025540d372 100644
--- a/go.mod
+++ b/go.mod
@@ -77,7 +77,7 @@ require (
 	github.com/ory/kratos-client-go v0.6.3-alpha.1
 	github.com/ory/mail/v3 v3.0.0
 	github.com/ory/nosurf v1.2.7
-	github.com/ory/x v0.0.506
+	github.com/ory/x v0.0.510
 	github.com/phayes/freeport v0.0.0-20180830031419-95f893ade6f2
 	github.com/pkg/errors v0.9.1
 	github.com/pquerna/otp v1.3.0
@@ -151,6 +151,7 @@ require (
 	github.com/fsnotify/fsnotify v1.6.0 // indirect
 	github.com/fullstorydev/grpcurl v1.8.1 // indirect
 	github.com/fxamacker/cbor/v2 v2.4.0 // indirect
+	github.com/go-bindata/go-bindata v3.1.2+incompatible // indirect
 	github.com/go-logr/logr v1.2.3 // indirect
 	github.com/go-logr/stdr v1.2.2 // indirect
 	github.com/go-openapi/analysis v0.21.4 // indirect
diff --git a/go.sum b/go.sum
index 976eaa0da394..299395f1cf08 100644
--- a/go.sum
+++ b/go.sum
@@ -390,6 +390,8 @@ github.com/getsentry/raven-go v0.2.0/go.mod h1:KungGk8q33+aIAZUIVWZDr2OfAEBsO49P
 github.com/ghodss/yaml v1.0.0 h1:wQHKEahhL6wmXdzwWG11gIVCkOv05bNOh+Rxn0yngAk=
 github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
 github.com/gliderlabs/ssh v0.2.2/go.mod h1:U7qILu1NlMHj9FlMhZLlkCdDnU1DBEAqr0aevW3Awn0=
+github.com/go-bindata/go-bindata v3.1.2+incompatible h1:5vjJMVhowQdPzjE1LdxyFF7YFTXg5IgGVW4gBr5IbvE=
+github.com/go-bindata/go-bindata v3.1.2+incompatible/go.mod h1:xK8Dsgwmeed+BBsSy2XTopBn/8uK2HWuGSnA11C3Joo=
 github.com/go-errors/errors v1.0.1 h1:LUHzmkK3GUKUrL/1gfBUxAHzcev3apQlezX/+O7ma6w=
 github.com/go-errors/errors v1.0.1/go.mod h1:f4zRHt4oKfwPJE5k8C9vpYG+aDHdBFUsgrm6/TyX73Q=
 github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU=
@@ -1141,6 +1143,8 @@ github.com/ory/viper v1.7.5 h1:+xVdq7SU3e1vNaCsk/ixsfxE4zylk1TJUiJrY647jUE=
 github.com/ory/viper v1.7.5/go.mod h1:ypOuyJmEUb3oENywQZRgeAMwqgOyDqwboO1tj3DjTaM=
 github.com/ory/x v0.0.506 h1:kqkGwRuhZsyLf2zgjIyOkuY1nRfbWu2aPOQTk03j6ZQ=
 github.com/ory/x v0.0.506/go.mod h1:xUtRpoiRARyJNPVk/fcCNKzyp25Foxt9GPlj8pd7egY=
+github.com/ory/x v0.0.510 h1:DksQNoq7ssdR76mhcNxzaGPKmzaQEKWg2kannGsD8+w=
+github.com/ory/x v0.0.510/go.mod h1:xUtRpoiRARyJNPVk/fcCNKzyp25Foxt9GPlj8pd7egY=
 github.com/otiai10/copy v1.2.0/go.mod h1:rrF5dJ5F0t/EWSYODDu4j9/vEeYHMkc8jt0zJChqQWw=
 github.com/otiai10/curr v0.0.0-20150429015615-9b4961190c95/go.mod h1:9qAhocn7zKJG+0mI8eUu6xqkFDYS2kb2saOteoSB3cE=
 github.com/otiai10/curr v1.0.0/go.mod h1:LskTG5wDwr8Rs+nNQ+1LlxRjAtTZZjtJW4rMXl6j4vs=
diff --git a/session/handler.go b/session/handler.go
index 7e585cac5fb2..2a99a0e0d5f4 100644
--- a/session/handler.go
+++ b/session/handler.go
@@ -335,15 +335,14 @@ func (h *Handler) adminListSessions(w http.ResponseWriter, r *http.Request, ps h
 	}
 
 	// Parse request pagination parameters
-	urlValues := r.URL.Query()
-	opts, err := keysetpagination.Parse(&urlValues)
+	opts, err := keysetpagination.Parse(r.URL.Query())
 	if err != nil {
 		h.r.Writer().WriteError(w, r, herodot.ErrBadRequest.WithError("could not parse parameter page_size"))
 		return
 	}
 
 	var expandables Expandables
-	if es, ok := urlValues["expand"]; ok {
+	if es, ok := r.URL.Query()["expand"]; ok {
 		for _, e := range es {
 			expand, ok := ParseExpandable(e)
 			if !ok {

From 9eeedc06408c447077b630fff65e9ca4ed1ec59a Mon Sep 17 00:00:00 2001
From: hackerman <3372410+aeneasr@users.noreply.github.com>
Date: Tue, 8 Nov 2022 13:16:34 +0100
Subject: [PATCH 343/411] fix: use process-isolated Jsonnet VM (#2869)

Co-authored-by: hperl <34397+hperl@users.noreply.github.com>
---
 cmd/jsonnet/lint.go                           |  3 +-
 cmd/root.go                                   |  5 +-
 courier/courier.go                            |  2 +
 courier/sms.go                                |  4 +-
 driver/registry.go                            |  3 +
 driver/registry_default.go                    | 17 +++-
 go.mod                                        |  2 +-
 go.sum                                        |  2 +
 internal/driver.go                            |  2 +
 request/builder.go                            | 75 ++++++++++-------
 request/builder_test.go                       | 84 ++++++++++++-------
 selfservice/hook/web_hook.go                  |  6 +-
 selfservice/hook/web_hook_integration_test.go | 17 +++-
 selfservice/strategy/oidc/strategy.go         |  3 +
 .../strategy/oidc/strategy_registration.go    |  8 +-
 15 files changed, 159 insertions(+), 74 deletions(-)

diff --git a/cmd/jsonnet/lint.go b/cmd/jsonnet/lint.go
index 8a2cbf56cc57..0d81fcd16ddc 100644
--- a/cmd/jsonnet/lint.go
+++ b/cmd/jsonnet/lint.go
@@ -6,6 +6,7 @@ import (
 	"path/filepath"
 	"strings"
 
+	"github.com/google/go-jsonnet"
 	"github.com/google/go-jsonnet/linter"
 	"github.com/spf13/cobra"
 
@@ -30,7 +31,7 @@ func NewJsonnetLintCmd() *cobra.Command {
 ` + GlobHelp,
 		Args: cobra.MinimumNArgs(1),
 		Run: func(cmd *cobra.Command, args []string) {
-			vm := jsonnetsecure.MakeSecureVM()
+			vm := jsonnetsecure.MakeSecureVM().(*jsonnet.VM)
 
 			for _, pattern := range args {
 				files, err := filepath.Glob(pattern)
diff --git a/cmd/root.go b/cmd/root.go
index 641f81612cc9..0b9925fd8297 100644
--- a/cmd/root.go
+++ b/cmd/root.go
@@ -6,8 +6,8 @@ import (
 	"os"
 
 	"github.com/ory/kratos/cmd/cleanup"
-
 	"github.com/ory/kratos/driver/config"
+	"github.com/ory/x/jsonnetsecure"
 
 	"github.com/ory/kratos/cmd/courier"
 	"github.com/ory/kratos/cmd/hashers"
@@ -44,6 +44,9 @@ func NewRootCmd() (cmd *cobra.Command) {
 	cmd.AddCommand(identities.NewValidateCmd())
 	cmd.AddCommand(cmdx.Version(&config.Version, &config.Commit, &config.Date))
 
+	// Registers a hidden "jsonnet" subcommand for process-isolated Jsonnet VMs.
+	cmd.AddCommand(jsonnetsecure.NewJsonnetCmd())
+
 	return cmd
 }
 
diff --git a/courier/courier.go b/courier/courier.go
index e29f1b1ce83b..e2b10fc3855d 100644
--- a/courier/courier.go
+++ b/courier/courier.go
@@ -5,6 +5,7 @@ import (
 	"time"
 
 	"github.com/ory/kratos/courier/template"
+	"github.com/ory/x/jsonnetsecure"
 
 	"github.com/cenkalti/backoff"
 	"github.com/gofrs/uuid"
@@ -21,6 +22,7 @@ type (
 		x.LoggingProvider
 		ConfigProvider
 		x.HTTPClientProvider
+		jsonnetsecure.VMProvider
 	}
 
 	Courier interface {
diff --git a/courier/sms.go b/courier/sms.go
index df2f7fdf02de..94c5f3da1982 100644
--- a/courier/sms.go
+++ b/courier/sms.go
@@ -80,12 +80,12 @@ func (c *courier) dispatchSMS(ctx context.Context, msg Message) error {
 		return err
 	}
 
-	builder, err := request.NewBuilder(c.smsClient.RequestConfig, c.deps.HTTPClient(ctx), c.deps.Logger())
+	builder, err := request.NewBuilder(c.smsClient.RequestConfig, c.deps)
 	if err != nil {
 		return err
 	}
 
-	req, err := builder.BuildRequest(&sendSMSRequestBody{
+	req, err := builder.BuildRequest(ctx, &sendSMSRequestBody{
 		To:   msg.Recipient,
 		From: c.deps.CourierConfig().CourierSMSFrom(ctx),
 		Body: body,
diff --git a/driver/registry.go b/driver/registry.go
index 8d4b6aceb953..ebe20809a2dd 100644
--- a/driver/registry.go
+++ b/driver/registry.go
@@ -4,6 +4,7 @@ import (
 	"context"
 
 	"github.com/ory/x/contextx"
+	"github.com/ory/x/jsonnetsecure"
 	"github.com/ory/x/otelx"
 	prometheus "github.com/ory/x/prometheusx"
 
@@ -48,6 +49,7 @@ type Registry interface {
 	Init(ctx context.Context, ctxer contextx.Contextualizer, opts ...RegistryOption) error
 
 	WithLogger(l *logrusx.Logger) Registry
+	WithJsonnetVMProvider(jsonnetsecure.VMProvider) Registry
 
 	WithCSRFHandler(c nosurf.Handler)
 	WithCSRFTokenGenerator(cg x.CSRFToken)
@@ -73,6 +75,7 @@ type Registry interface {
 	x.WriterProvider
 	x.LoggingProvider
 	x.HTTPClientProvider
+	jsonnetsecure.VMProvider
 
 	continuity.ManagementProvider
 	continuity.PersistenceProvider
diff --git a/driver/registry_default.go b/driver/registry_default.go
index 7b5ed17052af..648410b6cebe 100644
--- a/driver/registry_default.go
+++ b/driver/registry_default.go
@@ -9,6 +9,7 @@ import (
 	"time"
 
 	"github.com/ory/x/contextx"
+	"github.com/ory/x/jsonnetsecure"
 
 	"github.com/ory/x/popx"
 
@@ -154,6 +155,15 @@ type RegistryDefault struct {
 	buildDate    string
 
 	csrfTokenGenerator x.CSRFToken
+
+	jsonnetVMProvider jsonnetsecure.VMProvider
+}
+
+func (m *RegistryDefault) JsonnetVM(ctx context.Context) (jsonnetsecure.VM, error) {
+	if m.jsonnetVMProvider == nil {
+		m.jsonnetVMProvider = &jsonnetsecure.DefaultProvider{Subcommand: "jsonnet"}
+	}
+	return m.jsonnetVMProvider.JsonnetVM(ctx)
 }
 
 func (m *RegistryDefault) Audit() *logrusx.Logger {
@@ -223,6 +233,11 @@ func (m *RegistryDefault) WithLogger(l *logrusx.Logger) Registry {
 	return m
 }
 
+func (m *RegistryDefault) WithJsonnetVMProvider(p jsonnetsecure.VMProvider) Registry {
+	m.jsonnetVMProvider = p
+	return m
+}
+
 func (m *RegistryDefault) LogoutHandler() *logout.Handler {
 	if m.selfserviceLogoutHandler == nil {
 		m.selfserviceLogoutHandler = logout.NewHandler(m)
@@ -350,7 +365,7 @@ func (m *RegistryDefault) AllLoginStrategies() login.Strategies {
 	return loginStrategies
 }
 
-func (m *RegistryDefault) ActiveCredentialsCounterStrategies(ctx context.Context) (activeCredentialsCounterStrategies []identity.ActiveCredentialsCounter) {
+func (m *RegistryDefault) ActiveCredentialsCounterStrategies(_ context.Context) (activeCredentialsCounterStrategies []identity.ActiveCredentialsCounter) {
 	for _, strategy := range m.selfServiceStrategies() {
 		if s, ok := strategy.(identity.ActiveCredentialsCounter); ok {
 			activeCredentialsCounterStrategies = append(activeCredentialsCounterStrategies, s)
diff --git a/go.mod b/go.mod
index 7b025540d372..13725fc7974f 100644
--- a/go.mod
+++ b/go.mod
@@ -77,7 +77,7 @@ require (
 	github.com/ory/kratos-client-go v0.6.3-alpha.1
 	github.com/ory/mail/v3 v3.0.0
 	github.com/ory/nosurf v1.2.7
-	github.com/ory/x v0.0.510
+	github.com/ory/x v0.0.511-0.20221108105728-3fed9bc99daf
 	github.com/phayes/freeport v0.0.0-20180830031419-95f893ade6f2
 	github.com/pkg/errors v0.9.1
 	github.com/pquerna/otp v1.3.0
diff --git a/go.sum b/go.sum
index 299395f1cf08..8fe87daa674d 100644
--- a/go.sum
+++ b/go.sum
@@ -1145,6 +1145,8 @@ github.com/ory/x v0.0.506 h1:kqkGwRuhZsyLf2zgjIyOkuY1nRfbWu2aPOQTk03j6ZQ=
 github.com/ory/x v0.0.506/go.mod h1:xUtRpoiRARyJNPVk/fcCNKzyp25Foxt9GPlj8pd7egY=
 github.com/ory/x v0.0.510 h1:DksQNoq7ssdR76mhcNxzaGPKmzaQEKWg2kannGsD8+w=
 github.com/ory/x v0.0.510/go.mod h1:xUtRpoiRARyJNPVk/fcCNKzyp25Foxt9GPlj8pd7egY=
+github.com/ory/x v0.0.511-0.20221108105728-3fed9bc99daf h1:sPEIGYHzmEu4tPiRUYgKfXPOAqneNuB1aaKvrT6aBXE=
+github.com/ory/x v0.0.511-0.20221108105728-3fed9bc99daf/go.mod h1:xUtRpoiRARyJNPVk/fcCNKzyp25Foxt9GPlj8pd7egY=
 github.com/otiai10/copy v1.2.0/go.mod h1:rrF5dJ5F0t/EWSYODDu4j9/vEeYHMkc8jt0zJChqQWw=
 github.com/otiai10/curr v0.0.0-20150429015615-9b4961190c95/go.mod h1:9qAhocn7zKJG+0mI8eUu6xqkFDYS2kb2saOteoSB3cE=
 github.com/otiai10/curr v1.0.0/go.mod h1:LskTG5wDwr8Rs+nNQ+1LlxRjAtTZZjtJW4rMXl6j4vs=
diff --git a/internal/driver.go b/internal/driver.go
index 3ab4b4ecd309..fd7536162f30 100644
--- a/internal/driver.go
+++ b/internal/driver.go
@@ -6,6 +6,7 @@ import (
 	"testing"
 
 	"github.com/ory/x/contextx"
+	"github.com/ory/x/jsonnetsecure"
 
 	"github.com/gofrs/uuid"
 
@@ -61,6 +62,7 @@ func NewFastRegistryWithMocks(t *testing.T) (*config.Config, *driver.RegistryDef
 			return &hook.Error{Config: c.Config}
 		},
 	})
+	reg.WithJsonnetVMProvider(jsonnetsecure.NewTestProvider(t))
 
 	require.NoError(t, reg.Persister().MigrateUp(context.Background()))
 	require.NotEqual(t, uuid.Nil, reg.Persister().NetworkID(context.Background()))
diff --git a/request/builder.go b/request/builder.go
index 9771d4457263..f1df2a4cb325 100644
--- a/request/builder.go
+++ b/request/builder.go
@@ -2,6 +2,7 @@ package request
 
 import (
 	"bytes"
+	"context"
 	"encoding/json"
 	"io"
 	"net/http"
@@ -9,15 +10,13 @@ import (
 	"reflect"
 	"strings"
 
-	"github.com/ory/x/jsonnetsecure"
-
-	"github.com/pkg/errors"
-
 	"github.com/google/go-jsonnet"
 	"github.com/hashicorp/go-retryablehttp"
+	"github.com/pkg/errors"
 
+	"github.com/ory/kratos/x"
 	"github.com/ory/x/fetcher"
-	"github.com/ory/x/logrusx"
+	"github.com/ory/x/jsonnetsecure"
 )
 
 var ErrCancel = errors.New("request cancel by JsonNet")
@@ -27,14 +26,20 @@ const (
 	ContentTypeJSON = "application/json"
 )
 
-type Builder struct {
-	r           *retryablehttp.Request
-	log         *logrusx.Logger
-	conf        *Config
-	fetchClient *retryablehttp.Client
-}
+type (
+	Dependencies interface {
+		x.LoggingProvider
+		x.HTTPClientProvider
+		jsonnetsecure.VMProvider
+	}
+	Builder struct {
+		r    *retryablehttp.Request
+		conf *Config
+		Dependencies
+	}
+)
 
-func NewBuilder(config json.RawMessage, client *retryablehttp.Client, l *logrusx.Logger) (*Builder, error) {
+func NewBuilder(config json.RawMessage, deps Dependencies) (*Builder, error) {
 	c, err := parseConfig(config)
 	if err != nil {
 		return nil, err
@@ -46,10 +51,9 @@ func NewBuilder(config json.RawMessage, client *retryablehttp.Client, l *logrusx
 	}
 
 	return &Builder{
-		r:           r,
-		log:         l,
-		conf:        c,
-		fetchClient: client,
+		r:            r,
+		conf:         c,
+		Dependencies: deps,
 	}, nil
 }
 
@@ -66,7 +70,7 @@ func (b *Builder) addAuth() error {
 	return nil
 }
 
-func (b *Builder) addBody(body interface{}) error {
+func (b *Builder) addBody(ctx context.Context, body interface{}) error {
 	if isNilInterface(body) {
 		return nil
 	}
@@ -77,18 +81,18 @@ func (b *Builder) addBody(body interface{}) error {
 		return errors.New("got empty template path for request with body")
 	}
 
-	tpl, err := b.readTemplate()
+	tpl, err := b.readTemplate(ctx)
 	if err != nil {
 		return err
 	}
 
 	switch contentType {
 	case ContentTypeForm:
-		if err := b.addURLEncodedBody(tpl, body); err != nil {
+		if err := b.addURLEncodedBody(ctx, tpl, body); err != nil {
 			return err
 		}
 	case ContentTypeJSON:
-		if err := b.addJSONBody(tpl, body); err != nil {
+		if err := b.addJSONBody(ctx, tpl, body); err != nil {
 			return err
 		}
 	default:
@@ -98,7 +102,7 @@ func (b *Builder) addBody(body interface{}) error {
 	return nil
 }
 
-func (b *Builder) addJSONBody(template *bytes.Buffer, body interface{}) error {
+func (b *Builder) addJSONBody(ctx context.Context, template *bytes.Buffer, body interface{}) error {
 	buf := new(bytes.Buffer)
 	enc := json.NewEncoder(buf)
 	enc.SetEscapeHTML(false)
@@ -108,10 +112,16 @@ func (b *Builder) addJSONBody(template *bytes.Buffer, body interface{}) error {
 		return errors.WithStack(err)
 	}
 
-	vm := jsonnetsecure.MakeSecureVM()
+	vm, err := b.JsonnetVM(ctx)
+	if err != nil {
+		return errors.WithStack(err)
+	}
 	vm.TLACode("ctx", buf.String())
 
-	res, err := vm.EvaluateAnonymousSnippet(b.conf.TemplateURI, template.String())
+	res, err := vm.EvaluateAnonymousSnippet(
+		b.conf.TemplateURI,
+		template.String(),
+	)
 	if err != nil {
 		// Unfortunately we can not use errors.As / errors.Is, see:
 		// https://github.com/google/go-jsonnet/issues/592
@@ -130,7 +140,7 @@ func (b *Builder) addJSONBody(template *bytes.Buffer, body interface{}) error {
 	return nil
 }
 
-func (b *Builder) addURLEncodedBody(template *bytes.Buffer, body interface{}) error {
+func (b *Builder) addURLEncodedBody(ctx context.Context, template *bytes.Buffer, body interface{}) error {
 	buf := new(bytes.Buffer)
 	enc := json.NewEncoder(buf)
 	enc.SetEscapeHTML(false)
@@ -140,7 +150,10 @@ func (b *Builder) addURLEncodedBody(template *bytes.Buffer, body interface{}) er
 		return err
 	}
 
-	vm := jsonnetsecure.MakeSecureVM()
+	vm, err := b.JsonnetVM(ctx)
+	if err != nil {
+		return err
+	}
 	vm.TLACode("ctx", buf.String())
 
 	res, err := vm.EvaluateAnonymousSnippet(b.conf.TemplateURI, template.String())
@@ -167,7 +180,7 @@ func (b *Builder) addURLEncodedBody(template *bytes.Buffer, body interface{}) er
 	return nil
 }
 
-func (b *Builder) BuildRequest(body interface{}) (*retryablehttp.Request, error) {
+func (b *Builder) BuildRequest(ctx context.Context, body interface{}) (*retryablehttp.Request, error) {
 	b.r.Header = b.conf.Header
 	if err := b.addAuth(); err != nil {
 		return nil, err
@@ -176,7 +189,7 @@ func (b *Builder) BuildRequest(body interface{}) (*retryablehttp.Request, error)
 	// According to the HTTP spec any request method, but TRACE is allowed to
 	// have a body. Even this is a bad practice for some of them, like for GET
 	if b.conf.Method != http.MethodTrace {
-		if err := b.addBody(body); err != nil {
+		if err := b.addBody(ctx, body); err != nil {
 			return nil, err
 		}
 	}
@@ -184,20 +197,22 @@ func (b *Builder) BuildRequest(body interface{}) (*retryablehttp.Request, error)
 	return b.r, nil
 }
 
-func (b *Builder) readTemplate() (*bytes.Buffer, error) {
+func (b *Builder) readTemplate(ctx context.Context) (*bytes.Buffer, error) {
 	templateURI := b.conf.TemplateURI
 
 	if templateURI == "" {
 		return nil, nil
 	}
 
-	f := fetcher.NewFetcher(fetcher.WithClient(b.fetchClient))
+	f := fetcher.NewFetcher(fetcher.WithClient(b.HTTPClient(ctx)))
 
 	tpl, err := f.Fetch(templateURI)
 	if errors.Is(err, fetcher.ErrUnknownScheme) {
 		// legacy filepath
 		templateURI = "file://" + templateURI
-		b.log.WithError(err).Warnf("support for filepaths without a 'file://' scheme will be dropped in the next release, please use %s instead in your config", templateURI)
+		b.Logger().WithError(err).Warnf(
+			"support for filepaths without a 'file://' scheme will be dropped in the next release, please use %s instead in your config",
+			templateURI)
 
 		tpl, err = f.Fetch(templateURI)
 	}
diff --git a/request/builder_test.go b/request/builder_test.go
index 5b993f1f3b15..869a039d19d9 100644
--- a/request/builder_test.go
+++ b/request/builder_test.go
@@ -1,6 +1,7 @@
 package request
 
 import (
+	"context"
 	_ "embed"
 	"encoding/base64"
 	"encoding/json"
@@ -11,6 +12,8 @@ import (
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 
+	"github.com/ory/kratos/x"
+	"github.com/ory/x/jsonnetsecure"
 	"github.com/ory/x/logrusx"
 )
 
@@ -81,11 +84,13 @@ func TestBuildRequest(t *testing.T) {
 				Body: "test-sms-body",
 			},
 			expectedBody: "{\n   \"Body\": \"test-sms-body\",\n   \"From\": \"+12288534869\",\n   \"To\": \"+15056445993\"\n}\n",
-			rawConfig: fmt.Sprintf(`{
+			rawConfig: fmt.Sprintf(
+				`{
 				"url": "https://test.kratos.ory.sh/my_endpoint1",
 				"method": "POST",
 				"body": "base64://%s"
-			}`, base64.StdEncoding.EncodeToString(testJSONNetTemplate)),
+			}`, base64.StdEncoding.EncodeToString(testJSONNetTemplate),
+			),
 		},
 		{
 			name:            "POST request with custom header",
@@ -234,50 +239,67 @@ func TestBuildRequest(t *testing.T) {
 			}`,
 		},
 	} {
-		t.Run("request-type="+tc.name, func(t *testing.T) {
-			l := logrusx.New("kratos", "test")
+		t.Run(
+			"request-type="+tc.name, func(t *testing.T) {
+				rb, err := NewBuilder(json.RawMessage(tc.rawConfig), newTestDependencyProvider(t))
+				require.NoError(t, err)
 
-			rb, err := NewBuilder(json.RawMessage(tc.rawConfig), nil, l)
-			require.NoError(t, err)
+				assert.Equal(t, tc.bodyTemplateURI, rb.conf.TemplateURI)
+				assert.Equal(t, tc.authStrategy, rb.conf.Auth.Type)
 
-			assert.Equal(t, tc.bodyTemplateURI, rb.conf.TemplateURI)
-			assert.Equal(t, tc.authStrategy, rb.conf.Auth.Type)
+				req, err := rb.BuildRequest(context.Background(), tc.body)
+				require.NoError(t, err)
 
-			req, err := rb.BuildRequest(tc.body)
-			require.NoError(t, err)
+				assert.Equal(t, tc.url, req.URL.String())
+				assert.Equal(t, tc.method, req.Method)
 
-			assert.Equal(t, tc.url, req.URL.String())
-			assert.Equal(t, tc.method, req.Method)
+				if tc.body != nil {
+					requestBody, err := req.BodyBytes()
+					require.NoError(t, err)
 
-			if tc.body != nil {
-				requestBody, err := req.BodyBytes()
-				require.NoError(t, err)
-
-				assert.Equal(t, tc.expectedBody, string(requestBody))
-			}
+					assert.Equal(t, tc.expectedBody, string(requestBody))
+				}
 
-			if tc.expectedHeader != nil {
-				mustContainHeader(t, tc.expectedHeader, req.Header)
-			}
-		})
+				if tc.expectedHeader != nil {
+					mustContainHeader(t, tc.expectedHeader, req.Header)
+				}
+			},
+		)
 	}
 
-	t.Run("cancel request", func(t *testing.T) {
-		l := logrusx.New("kratos", "test")
-
-		rb, err := NewBuilder(json.RawMessage(`{
+	t.Run(
+		"cancel request", func(t *testing.T) {
+			rb, err := NewBuilder(json.RawMessage(
+				`{
 	"url": "https://test.kratos.ory.sh/my_endpoint6",
 	"method": "POST",
 	"body": "file://./stub/cancel_body.jsonnet"
-}`), nil, l)
-		require.NoError(t, err)
+}`,
+			), newTestDependencyProvider(t))
+			require.NoError(t, err)
+
+			_, err = rb.BuildRequest(context.Background(), json.RawMessage(`{}`))
+			require.ErrorIs(t, err, ErrCancel)
+		},
+	)
+}
 
-		_, err = rb.BuildRequest(json.RawMessage(`{}`))
-		require.ErrorIs(t, err, ErrCancel)
-	})
+type testDependencyProvider struct {
+	x.SimpleLoggerWithClient
+	*jsonnetsecure.TestProvider
+}
+
+func newTestDependencyProvider(t *testing.T) *testDependencyProvider {
+	return &testDependencyProvider{
+		SimpleLoggerWithClient: x.SimpleLoggerWithClient{
+			L: logrusx.New("kratos", "test"),
+		},
+		TestProvider: jsonnetsecure.NewTestProvider(t),
+	}
 }
 
 func mustContainHeader(t *testing.T, expected http.Header, actual http.Header) {
+	t.Helper()
 	for k := range expected {
 		require.Contains(t, actual, k)
 		assert.Equal(t, expected[k], actual[k])
diff --git a/selfservice/hook/web_hook.go b/selfservice/hook/web_hook.go
index df53cb0a6379..9e80059221eb 100644
--- a/selfservice/hook/web_hook.go
+++ b/selfservice/hook/web_hook.go
@@ -12,6 +12,7 @@ import (
 	"go.opentelemetry.io/otel/trace"
 
 	"github.com/ory/kratos/ui/node"
+	"github.com/ory/x/jsonnetsecure"
 
 	"github.com/ory/kratos/identity"
 	"github.com/ory/kratos/request"
@@ -39,6 +40,7 @@ type (
 		x.LoggingProvider
 		x.HTTPClientProvider
 		x.TracingProvider
+		jsonnetsecure.VMProvider
 	}
 
 	templateContext struct {
@@ -208,12 +210,12 @@ func (e *WebHook) execute(ctx context.Context, data *templateContext) error {
 	span.SetAttributes(otelx.StringAttrs(attrs)...)
 	defer span.End()
 
-	builder, err := request.NewBuilder(e.conf, e.deps.HTTPClient(ctx), e.deps.Logger())
+	builder, err := request.NewBuilder(e.conf, e.deps)
 	if err != nil {
 		return err
 	}
 
-	req, err := builder.BuildRequest(data)
+	req, err := builder.BuildRequest(ctx, data)
 	if errors.Is(err, request.ErrCancel) {
 		return nil
 	} else if err != nil {
diff --git a/selfservice/hook/web_hook_integration_test.go b/selfservice/hook/web_hook_integration_test.go
index 017f38c5e23c..9fd9e448c8aa 100644
--- a/selfservice/hook/web_hook_integration_test.go
+++ b/selfservice/hook/web_hook_integration_test.go
@@ -20,6 +20,7 @@ import (
 
 	"github.com/ory/kratos/schema"
 	"github.com/ory/kratos/text"
+	"github.com/ory/x/jsonnetsecure"
 	"github.com/ory/x/otelx"
 
 	"github.com/ory/kratos/driver/config"
@@ -50,7 +51,13 @@ import (
 func TestWebHooks(t *testing.T) {
 	_, reg := internal.NewFastRegistryWithMocks(t)
 	logger := logrusx.New("kratos", "test")
-	whDeps := x.SimpleLoggerWithClient{L: logger, C: reg.HTTPClient(context.Background()), T: otelx.NewNoop(logger, &otelx.Config{ServiceName: "kratos"})}
+	whDeps := struct {
+		x.SimpleLoggerWithClient
+		*jsonnetsecure.TestProvider
+	}{
+		x.SimpleLoggerWithClient{L: logger, C: reg.HTTPClient(context.Background()), T: otelx.NewNoop(logger, &otelx.Config{ServiceName: "kratos"})},
+		jsonnetsecure.NewTestProvider(t),
+	}
 	type WebHookRequest struct {
 		Body    string
 		Headers http.Header
@@ -728,7 +735,13 @@ func TestDisallowPrivateIPRanges(t *testing.T) {
 	conf.MustSet(ctx, config.ViperKeyClientHTTPNoPrivateIPRanges, true)
 	conf.MustSet(ctx, config.ViperKeyClientHTTPPrivateIPExceptionURLs, []string{"http://localhost/exception"})
 	logger := logrusx.New("kratos", "test")
-	whDeps := x.SimpleLoggerWithClient{L: logger, C: reg.HTTPClient(context.Background()), T: otelx.NewNoop(logger, conf.Tracing(ctx))}
+	whDeps := struct {
+		x.SimpleLoggerWithClient
+		*jsonnetsecure.TestProvider
+	}{
+		x.SimpleLoggerWithClient{L: logger, C: reg.HTTPClient(context.Background()), T: otelx.NewNoop(logger, &otelx.Config{ServiceName: "kratos"})},
+		jsonnetsecure.NewTestProvider(t),
+	}
 
 	req := &http.Request{
 		Header: map[string][]string{"Some-Header": {"Some-Value"}},
diff --git a/selfservice/strategy/oidc/strategy.go b/selfservice/strategy/oidc/strategy.go
index 16f914edcc5e..b27531855403 100644
--- a/selfservice/strategy/oidc/strategy.go
+++ b/selfservice/strategy/oidc/strategy.go
@@ -11,6 +11,7 @@ import (
 	"strings"
 
 	"github.com/ory/kratos/cipher"
+	"github.com/ory/x/jsonnetsecure"
 
 	"github.com/ory/kratos/text"
 
@@ -93,6 +94,8 @@ type dependencies interface {
 	continuity.ManagementProvider
 
 	cipher.Provider
+
+	jsonnetsecure.VMProvider
 }
 
 func isForced(req interface{}) bool {
diff --git a/selfservice/strategy/oidc/strategy_registration.go b/selfservice/strategy/oidc/strategy_registration.go
index a8c6b6ed783f..69609854717d 100644
--- a/selfservice/strategy/oidc/strategy_registration.go
+++ b/selfservice/strategy/oidc/strategy_registration.go
@@ -6,8 +6,6 @@ import (
 	"net/http"
 	"time"
 
-	"github.com/ory/x/jsonnetsecure"
-
 	"github.com/ory/herodot"
 
 	"github.com/ory/x/fetcher"
@@ -252,7 +250,11 @@ func (s *Strategy) createIdentity(w http.ResponseWriter, r *http.Request, a *reg
 		return nil, s.handleError(w, r, a, provider.Config().ID, nil, err)
 	}
 
-	vm := jsonnetsecure.MakeSecureVM()
+	vm, err := s.d.JsonnetVM(r.Context())
+	if err != nil {
+		return nil, s.handleError(w, r, a, provider.Config().ID, nil, err)
+	}
+
 	vm.ExtCode("claims", jsonClaims.String())
 	evaluated, err := vm.EvaluateAnonymousSnippet(provider.Config().Mapper, jn.String())
 	if err != nil {

From 5c140cec2dddc4e8b35aa35c3f111291afbb32b0 Mon Sep 17 00:00:00 2001
From: ory-bot <60093411+ory-bot@users.noreply.github.com>
Date: Tue, 8 Nov 2022 13:09:46 +0000
Subject: [PATCH 344/411] autogen(docs): regenerate and update changelog

[skip ci]
---
 CHANGELOG.md | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index eb4cef4c398a..e293842a2413 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -490,6 +490,9 @@ SDK Method `getJsonSchema` was renamed to `getIdentitySchema`.
   ([02f7e9c](https://github.com/ory/kratos/commit/02f7e9cfd17ab60c3f38aab3ae977c427b26990d))
 - Use full URL for webhook payload
   ([72595ad](https://github.com/ory/kratos/commit/72595adcb68a1a2d350c4687328653e28d888847))
+- Use process-isolated Jsonnet VM
+  ([#2869](https://github.com/ory/kratos/issues/2869))
+  ([9eeedc0](https://github.com/ory/kratos/commit/9eeedc06408c447077b630fff65e9ca4ed1ec59a))
 - Wrap migration error in WithStack
   ([#2636](https://github.com/ory/kratos/issues/2636))
   ([4ce9f1e](https://github.com/ory/kratos/commit/4ce9f1ebb39cccfd36c4f0fb4a2ae2a17fbc18cc))

From 705f7b105c98b1d68b3e35d6e6893e9cfb661548 Mon Sep 17 00:00:00 2001
From: Patrik 
Date: Tue, 8 Nov 2022 15:28:01 +0100
Subject: [PATCH 345/411] fix: distinguish credential types properly when
 collecting identifiers (#2873)

---
 go.mod                                                |  1 -
 go.sum                                                |  4 ----
 identity/extension_credentials.go                     | 10 ++++++----
 identity/extension_credentials_test.go                |  6 ++++++
 identity/stub/extension/credentials/multi.schema.json |  3 +++
 5 files changed, 15 insertions(+), 9 deletions(-)

diff --git a/go.mod b/go.mod
index 13725fc7974f..8b7561b4c6ef 100644
--- a/go.mod
+++ b/go.mod
@@ -151,7 +151,6 @@ require (
 	github.com/fsnotify/fsnotify v1.6.0 // indirect
 	github.com/fullstorydev/grpcurl v1.8.1 // indirect
 	github.com/fxamacker/cbor/v2 v2.4.0 // indirect
-	github.com/go-bindata/go-bindata v3.1.2+incompatible // indirect
 	github.com/go-logr/logr v1.2.3 // indirect
 	github.com/go-logr/stdr v1.2.2 // indirect
 	github.com/go-openapi/analysis v0.21.4 // indirect
diff --git a/go.sum b/go.sum
index 8fe87daa674d..d5f6d28729c9 100644
--- a/go.sum
+++ b/go.sum
@@ -390,8 +390,6 @@ github.com/getsentry/raven-go v0.2.0/go.mod h1:KungGk8q33+aIAZUIVWZDr2OfAEBsO49P
 github.com/ghodss/yaml v1.0.0 h1:wQHKEahhL6wmXdzwWG11gIVCkOv05bNOh+Rxn0yngAk=
 github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
 github.com/gliderlabs/ssh v0.2.2/go.mod h1:U7qILu1NlMHj9FlMhZLlkCdDnU1DBEAqr0aevW3Awn0=
-github.com/go-bindata/go-bindata v3.1.2+incompatible h1:5vjJMVhowQdPzjE1LdxyFF7YFTXg5IgGVW4gBr5IbvE=
-github.com/go-bindata/go-bindata v3.1.2+incompatible/go.mod h1:xK8Dsgwmeed+BBsSy2XTopBn/8uK2HWuGSnA11C3Joo=
 github.com/go-errors/errors v1.0.1 h1:LUHzmkK3GUKUrL/1gfBUxAHzcev3apQlezX/+O7ma6w=
 github.com/go-errors/errors v1.0.1/go.mod h1:f4zRHt4oKfwPJE5k8C9vpYG+aDHdBFUsgrm6/TyX73Q=
 github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU=
@@ -1141,8 +1139,6 @@ github.com/ory/sessions v1.2.2-0.20220110165800-b09c17334dc2 h1:zm6sDvHy/U9XrGpi
 github.com/ory/sessions v1.2.2-0.20220110165800-b09c17334dc2/go.mod h1:dk2InVEVJ0sfLlnXv9EAgkf6ecYs/i80K/zI+bUmuGM=
 github.com/ory/viper v1.7.5 h1:+xVdq7SU3e1vNaCsk/ixsfxE4zylk1TJUiJrY647jUE=
 github.com/ory/viper v1.7.5/go.mod h1:ypOuyJmEUb3oENywQZRgeAMwqgOyDqwboO1tj3DjTaM=
-github.com/ory/x v0.0.506 h1:kqkGwRuhZsyLf2zgjIyOkuY1nRfbWu2aPOQTk03j6ZQ=
-github.com/ory/x v0.0.506/go.mod h1:xUtRpoiRARyJNPVk/fcCNKzyp25Foxt9GPlj8pd7egY=
 github.com/ory/x v0.0.510 h1:DksQNoq7ssdR76mhcNxzaGPKmzaQEKWg2kannGsD8+w=
 github.com/ory/x v0.0.510/go.mod h1:xUtRpoiRARyJNPVk/fcCNKzyp25Foxt9GPlj8pd7egY=
 github.com/ory/x v0.0.511-0.20221108105728-3fed9bc99daf h1:sPEIGYHzmEu4tPiRUYgKfXPOAqneNuB1aaKvrT6aBXE=
diff --git a/identity/extension_credentials.go b/identity/extension_credentials.go
index 5fed2a959da5..79d529e9a26f 100644
--- a/identity/extension_credentials.go
+++ b/identity/extension_credentials.go
@@ -14,7 +14,7 @@ import (
 
 type SchemaExtensionCredentials struct {
 	i *Identity
-	v []string
+	v map[CredentialsType][]string
 	l sync.Mutex
 }
 
@@ -31,11 +31,13 @@ func (r *SchemaExtensionCredentials) setIdentifier(ct CredentialsType, value int
 			Config:      sqlxx.JSONRawMessage{},
 		}
 	}
+	if r.v == nil {
+		r.v = make(map[CredentialsType][]string)
+	}
 
-	r.v = stringslice.Unique(append(r.v, strings.ToLower(fmt.Sprintf("%s", value))))
-	cred.Identifiers = r.v
+	r.v[ct] = stringslice.Unique(append(r.v[ct], strings.ToLower(fmt.Sprintf("%s", value))))
+	cred.Identifiers = r.v[ct]
 	r.i.SetCredentials(ct, *cred)
-
 }
 
 func (r *SchemaExtensionCredentials) Run(_ jsonschema.ValidationContext, s schema.ExtensionConfig, value interface{}) error {
diff --git a/identity/extension_credentials_test.go b/identity/extension_credentials_test.go
index 18b652cfb3d8..a0108a9b42f3 100644
--- a/identity/extension_credentials_test.go
+++ b/identity/extension_credentials_test.go
@@ -39,6 +39,12 @@ func TestSchemaExtensionCredentials(t *testing.T) {
 			expect: []string{"foo@ory.sh", "bar@ory.sh", "foobar"},
 			ct:     identity.CredentialsTypePassword,
 		},
+		{
+			doc:    `{"emails":["foo@ory.sh","foo@ory.sh","bar@ory.sh"], "username": "foobar"}`,
+			schema: "file://./stub/extension/credentials/multi.schema.json",
+			expect: []string{"foo@ory.sh", "bar@ory.sh"},
+			ct:     identity.CredentialsTypeWebAuthn,
+		},
 		{
 			doc:    `{"emails":["FOO@ory.sh","bar@ory.sh"], "username": "foobar"}`,
 			schema: "file://./stub/extension/credentials/multi.schema.json",
diff --git a/identity/stub/extension/credentials/multi.schema.json b/identity/stub/extension/credentials/multi.schema.json
index 3a5cf2c3c363..43ba04c5a367 100644
--- a/identity/stub/extension/credentials/multi.schema.json
+++ b/identity/stub/extension/credentials/multi.schema.json
@@ -10,6 +10,9 @@
           "credentials": {
             "password": {
               "identifier": true
+            },
+            "webauthn": {
+              "identifier": true
             }
           }
         }

From 65aeb0a7fd90bfbc81f68b77141f8271aef011fe Mon Sep 17 00:00:00 2001
From: Jonas Hungershausen 
Date: Tue, 8 Nov 2022 16:16:36 +0100
Subject: [PATCH 346/411] fix: make `courier.TemplateType` an enum (#2875)

---
 courier/email_templates.go           |  7 +++++--
 internal/httpclient/api/openapi.yaml | 22 +++++++++++++++++++---
 spec/api.json                        | 16 ++++++++++++----
 spec/swagger.json                    | 16 ++++++++++++----
 4 files changed, 48 insertions(+), 13 deletions(-)

diff --git a/courier/email_templates.go b/courier/email_templates.go
index e82858636869..c175cf25f8ae 100644
--- a/courier/email_templates.go
+++ b/courier/email_templates.go
@@ -12,8 +12,6 @@ import (
 )
 
 type (
-	TemplateType string
-
 	EmailTemplate interface {
 		json.Marshaler
 		EmailSubject(context.Context) (string, error)
@@ -23,6 +21,11 @@ type (
 	}
 )
 
+// A Template's type
+//
+// swagger:enum TemplateType
+type TemplateType string
+
 const (
 	TypeRecoveryInvalid     TemplateType = "recovery_invalid"
 	TypeRecoveryValid       TemplateType = "recovery_valid"
diff --git a/internal/httpclient/api/openapi.yaml b/internal/httpclient/api/openapi.yaml
index 49a66cad1008..5110a579adfb 100644
--- a/internal/httpclient/api/openapi.yaml
+++ b/internal/httpclient/api/openapi.yaml
@@ -3649,8 +3649,6 @@ components:
       title: RecoveryAddressType must not exceed 16 characters as that is the limitation
         in the SQL Schema.
       type: string
-    TemplateType:
-      type: string
     Time:
       format: date-time
       type: string
@@ -4297,7 +4295,7 @@ components:
         recipient: recipient
         created_at: 2000-01-23T04:56:07.000+00:00
         send_count: 0
-        template_type: template_type
+        template_type: recovery_invalid
         id: 046b6c7f-0b8a-43b9-b35d-6489e6daee91
         body: body
       properties:
@@ -4320,7 +4318,25 @@ components:
         subject:
           type: string
         template_type:
+          enum:
+          - recovery_invalid
+          - recovery_valid
+          - recovery_code_invalid
+          - recovery_code_valid
+          - verification_invalid
+          - verification_valid
+          - otp
+          - stub
           type: string
+          x-go-enum-desc: |-
+            recovery_invalid TypeRecoveryInvalid
+            recovery_valid TypeRecoveryValid
+            recovery_code_invalid TypeRecoveryCodeInvalid
+            recovery_code_valid TypeRecoveryCodeValid
+            verification_invalid TypeVerificationInvalid
+            verification_valid TypeVerificationValid
+            otp TypeOTP
+            stub TypeTestStub
         type:
           $ref: '#/components/schemas/courierMessageType'
         updated_at:
diff --git a/spec/api.json b/spec/api.json
index f4a859096a4f..5a8c6af24b40 100755
--- a/spec/api.json
+++ b/spec/api.json
@@ -330,9 +330,6 @@
         "title": "RecoveryAddressType must not exceed 16 characters as that is the limitation in the SQL Schema.",
         "type": "string"
       },
-      "TemplateType": {
-        "type": "string"
-      },
       "Time": {
         "format": "date-time",
         "type": "string"
@@ -940,7 +937,18 @@
             "type": "string"
           },
           "template_type": {
-            "$ref": "#/components/schemas/TemplateType"
+            "enum": [
+              "recovery_invalid",
+              "recovery_valid",
+              "recovery_code_invalid",
+              "recovery_code_valid",
+              "verification_invalid",
+              "verification_valid",
+              "otp",
+              "stub"
+            ],
+            "type": "string",
+            "x-go-enum-desc": "recovery_invalid TypeRecoveryInvalid\nrecovery_valid TypeRecoveryValid\nrecovery_code_invalid TypeRecoveryCodeInvalid\nrecovery_code_valid TypeRecoveryCodeValid\nverification_invalid TypeVerificationInvalid\nverification_valid TypeVerificationValid\notp TypeOTP\nstub TypeTestStub"
           },
           "type": {
             "$ref": "#/components/schemas/courierMessageType"
diff --git a/spec/swagger.json b/spec/swagger.json
index 966f7db95cf1..e7d73c38305c 100755
--- a/spec/swagger.json
+++ b/spec/swagger.json
@@ -3059,9 +3059,6 @@
       "type": "string",
       "title": "RecoveryAddressType must not exceed 16 characters as that is the limitation in the SQL Schema."
     },
-    "TemplateType": {
-      "type": "string"
-    },
     "UUID": {"type": "string", "format": "uuid4"},
     "adminCreateIdentityBody": {
       "type": "object",
@@ -3641,7 +3638,18 @@
           "type": "string"
         },
         "template_type": {
-          "$ref": "#/definitions/TemplateType"
+          "type": "string",
+          "enum": [
+            "recovery_invalid",
+            "recovery_valid",
+            "recovery_code_invalid",
+            "recovery_code_valid",
+            "verification_invalid",
+            "verification_valid",
+            "otp",
+            "stub"
+          ],
+          "x-go-enum-desc": "recovery_invalid TypeRecoveryInvalid\nrecovery_valid TypeRecoveryValid\nrecovery_code_invalid TypeRecoveryCodeInvalid\nrecovery_code_valid TypeRecoveryCodeValid\nverification_invalid TypeVerificationInvalid\nverification_valid TypeVerificationValid\notp TypeOTP\nstub TypeTestStub"
         },
         "type": {
           "$ref": "#/definitions/courierMessageType"

From 2438ca0c9aed997870dcf60d41dad783838dd840 Mon Sep 17 00:00:00 2001
From: Ajay Kelkar 
Date: Tue, 8 Nov 2022 16:23:34 +0100
Subject: [PATCH 347/411] feat: add handler with openapi def for admin revoke
 session (#2867)

---
 internal/httpclient/.openapi-generator/FILES |   2 +
 internal/httpclient/README.md                |   1 +
 internal/httpclient/api/openapi.yaml         |  38 +++++
 internal/httpclient/api_identity.go          | 167 +++++++++++++++++++
 internal/httpclient/client.go                |   3 +
 internal/httpclient/docs/IdentityApi.md      |  77 +++++++++
 persistence/sql/persister_session.go         |  22 +++
 session/handler.go                           |  42 ++++-
 session/handler_test.go                      |  26 +++
 session/persistence.go                       |   3 +
 session/test/persistence.go                  |  28 ++++
 spec/api.json                                |  54 ++++++
 spec/swagger.json                            |  44 +++++
 13 files changed, 506 insertions(+), 1 deletion(-)
 create mode 100644 internal/httpclient/api_identity.go
 create mode 100644 internal/httpclient/docs/IdentityApi.md

diff --git a/internal/httpclient/.openapi-generator/FILES b/internal/httpclient/.openapi-generator/FILES
index c277bccbc12a..dbd731943d00 100644
--- a/internal/httpclient/.openapi-generator/FILES
+++ b/internal/httpclient/.openapi-generator/FILES
@@ -3,6 +3,7 @@
 .travis.yml
 README.md
 api/openapi.yaml
+api_identity.go
 api_metadata.go
 api_v0alpha2.go
 client.go
@@ -25,6 +26,7 @@ docs/GenericError.md
 docs/HealthNotReadyStatus.md
 docs/HealthStatus.md
 docs/Identity.md
+docs/IdentityApi.md
 docs/IdentityCredentials.md
 docs/IdentityCredentialsOidc.md
 docs/IdentityCredentialsOidcProvider.md
diff --git a/internal/httpclient/README.md b/internal/httpclient/README.md
index f9e5aae57951..bada358c2d9c 100644
--- a/internal/httpclient/README.md
+++ b/internal/httpclient/README.md
@@ -83,6 +83,7 @@ All URIs are relative to *http://localhost*
 
 Class | Method | HTTP request | Description
 ------------ | ------------- | ------------- | -------------
+*IdentityApi* | [**DisableSession**](docs/IdentityApi.md#disablesession) | **Delete** /admin/sessions/{id} | Deactivate a Session
 *MetadataApi* | [**GetVersion**](docs/MetadataApi.md#getversion) | **Get** /version | Return Running Software Version.
 *MetadataApi* | [**IsAlive**](docs/MetadataApi.md#isalive) | **Get** /health/alive | Check HTTP Server Status
 *MetadataApi* | [**IsReady**](docs/MetadataApi.md#isready) | **Get** /health/ready | Check HTTP Server and Database Status
diff --git a/internal/httpclient/api/openapi.yaml b/internal/httpclient/api/openapi.yaml
index 5110a579adfb..9e052215a761 100644
--- a/internal/httpclient/api/openapi.yaml
+++ b/internal/httpclient/api/openapi.yaml
@@ -743,6 +743,44 @@ paths:
       tags:
       - v0alpha2
   /admin/sessions/{id}:
+    delete:
+      description: Calling this endpoint deactivates the specified session. Session
+        data is not deleted.
+      operationId: disableSession
+      parameters:
+      - description: ID is the session's ID.
+        explode: false
+        in: path
+        name: id
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "204":
+          description: Empty responses are sent when, for example, resources are deleted.
+            The HTTP status code for empty responses is typically 201.
+        "400":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/jsonError'
+          description: jsonError
+        "401":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/jsonError'
+          description: jsonError
+        default:
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/jsonError'
+          description: jsonError
+      summary: Deactivate a Session
+      tags:
+      - identity
     get:
       description: |-
         This endpoint is useful for:
diff --git a/internal/httpclient/api_identity.go b/internal/httpclient/api_identity.go
new file mode 100644
index 000000000000..218e1f3decc0
--- /dev/null
+++ b/internal/httpclient/api_identity.go
@@ -0,0 +1,167 @@
+/*
+ * Ory Kratos API
+ *
+ * Documentation for all public and administrative Ory Kratos APIs. Public and administrative APIs are exposed on different ports. Public APIs can face the public internet without any protection while administrative APIs should never be exposed without prior authorization. To protect the administative API port you should use something like Nginx, Ory Oathkeeper, or any other technology capable of authorizing incoming requests.
+ *
+ * API version: 1.0.0
+ * Contact: hi@ory.sh
+ */
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+
+package client
+
+import (
+	"bytes"
+	"context"
+	"io"
+	"net/http"
+	"net/url"
+	"strings"
+)
+
+// Linger please
+var (
+	_ context.Context
+)
+
+type IdentityApi interface {
+
+	/*
+	 * DisableSession Deactivate a Session
+	 * Calling this endpoint deactivates the specified session. Session data is not deleted.
+	 * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	 * @param id ID is the session's ID.
+	 * @return IdentityApiApiDisableSessionRequest
+	 */
+	DisableSession(ctx context.Context, id string) IdentityApiApiDisableSessionRequest
+
+	/*
+	 * DisableSessionExecute executes the request
+	 */
+	DisableSessionExecute(r IdentityApiApiDisableSessionRequest) (*http.Response, error)
+}
+
+// IdentityApiService IdentityApi service
+type IdentityApiService service
+
+type IdentityApiApiDisableSessionRequest struct {
+	ctx        context.Context
+	ApiService IdentityApi
+	id         string
+}
+
+func (r IdentityApiApiDisableSessionRequest) Execute() (*http.Response, error) {
+	return r.ApiService.DisableSessionExecute(r)
+}
+
+/*
+ * DisableSession Deactivate a Session
+ * Calling this endpoint deactivates the specified session. Session data is not deleted.
+ * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+ * @param id ID is the session's ID.
+ * @return IdentityApiApiDisableSessionRequest
+ */
+func (a *IdentityApiService) DisableSession(ctx context.Context, id string) IdentityApiApiDisableSessionRequest {
+	return IdentityApiApiDisableSessionRequest{
+		ApiService: a,
+		ctx:        ctx,
+		id:         id,
+	}
+}
+
+/*
+ * Execute executes the request
+ */
+func (a *IdentityApiService) DisableSessionExecute(r IdentityApiApiDisableSessionRequest) (*http.Response, error) {
+	var (
+		localVarHTTPMethod   = http.MethodDelete
+		localVarPostBody     interface{}
+		localVarFormFileName string
+		localVarFileName     string
+		localVarFileBytes    []byte
+	)
+
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "IdentityApiService.DisableSession")
+	if err != nil {
+		return nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/admin/sessions/{id}"
+	localVarPath = strings.Replace(localVarPath, "{"+"id"+"}", url.PathEscape(parameterToString(r.id, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, localVarFormFileName, localVarFileName, localVarFileBytes)
+	if err != nil {
+		return nil, err
+	}
+
+	localVarHTTPResponse, err := a.client.callAPI(req)
+	if err != nil || localVarHTTPResponse == nil {
+		return localVarHTTPResponse, err
+	}
+
+	localVarBody, err := io.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = io.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		return localVarHTTPResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 400 {
+			var v JsonError
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				return localVarHTTPResponse, newErr
+			}
+			newErr.model = v
+			return localVarHTTPResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 401 {
+			var v JsonError
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				return localVarHTTPResponse, newErr
+			}
+			newErr.model = v
+			return localVarHTTPResponse, newErr
+		}
+		var v JsonError
+		err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+		if err != nil {
+			newErr.error = err.Error()
+			return localVarHTTPResponse, newErr
+		}
+		newErr.model = v
+		return localVarHTTPResponse, newErr
+	}
+
+	return localVarHTTPResponse, nil
+}
diff --git a/internal/httpclient/client.go b/internal/httpclient/client.go
index 0469d3c1468c..d99830da56fc 100644
--- a/internal/httpclient/client.go
+++ b/internal/httpclient/client.go
@@ -49,6 +49,8 @@ type APIClient struct {
 
 	// API Services
 
+	IdentityApi IdentityApi
+
 	MetadataApi MetadataApi
 
 	V0alpha2Api V0alpha2Api
@@ -70,6 +72,7 @@ func NewAPIClient(cfg *Configuration) *APIClient {
 	c.common.client = c
 
 	// API Services
+	c.IdentityApi = (*IdentityApiService)(&c.common)
 	c.MetadataApi = (*MetadataApiService)(&c.common)
 	c.V0alpha2Api = (*V0alpha2ApiService)(&c.common)
 
diff --git a/internal/httpclient/docs/IdentityApi.md b/internal/httpclient/docs/IdentityApi.md
new file mode 100644
index 000000000000..bdf4fce87495
--- /dev/null
+++ b/internal/httpclient/docs/IdentityApi.md
@@ -0,0 +1,77 @@
+# \IdentityApi
+
+All URIs are relative to *http://localhost*
+
+Method | HTTP request | Description
+------------- | ------------- | -------------
+[**DisableSession**](IdentityApi.md#DisableSession) | **Delete** /admin/sessions/{id} | Deactivate a Session
+
+
+
+## DisableSession
+
+> DisableSession(ctx, id).Execute()
+
+Deactivate a Session
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    id := "id_example" // string | ID is the session's ID.
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.IdentityApi.DisableSession(context.Background(), id).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `IdentityApi.DisableSession``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**id** | **string** | ID is the session's ID. | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiDisableSessionRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+### Return type
+
+ (empty response body)
+
+### Authorization
+
+No authorization required
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
diff --git a/persistence/sql/persister_session.go b/persistence/sql/persister_session.go
index cffbdeb10b9d..a23bb052e726 100644
--- a/persistence/sql/persister_session.go
+++ b/persistence/sql/persister_session.go
@@ -312,6 +312,28 @@ func (p *Persister) RevokeSessionByToken(ctx context.Context, token string) erro
 	return nil
 }
 
+// RevokeSessionById revokes a given session
+func (p *Persister) RevokeSessionById(ctx context.Context, sID uuid.UUID) error {
+	ctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, "persistence.sql.RevokeSessionById")
+	defer span.End()
+
+	// #nosec G201
+	count, err := p.GetConnection(ctx).RawQuery(fmt.Sprintf(
+		"UPDATE %s SET active = false WHERE id = ? AND nid = ?",
+		"sessions",
+	),
+		sID,
+		p.NetworkID(ctx),
+	).ExecWithCount()
+	if err != nil {
+		return sqlcon.HandleError(err)
+	}
+	if count == 0 {
+		return errors.WithStack(sqlcon.ErrNoRows)
+	}
+	return nil
+}
+
 // RevokeSession revokes a given session. If the session does not exist or was not modified,
 // it effectively has been revoked already, and therefore that case does not return an error.
 func (p *Persister) RevokeSession(ctx context.Context, iID, sID uuid.UUID) error {
diff --git a/session/handler.go b/session/handler.go
index 2a99a0e0d5f4..3d3a69aa0d1a 100644
--- a/session/handler.go
+++ b/session/handler.go
@@ -65,13 +65,13 @@ const (
 func (h *Handler) RegisterAdminRoutes(admin *x.RouterAdmin) {
 	admin.GET(RouteCollection, h.adminListSessions)
 	admin.GET(RouteSession, h.adminGetSession)
+	admin.DELETE(RouteSession, h.disableSession)
 
 	admin.GET(AdminRouteIdentitiesSessions, h.adminListIdentitySessions)
 	admin.DELETE(AdminRouteIdentitiesSessions, h.adminDeleteIdentitySessions)
 	admin.PATCH(AdminRouteSessionExtendId, h.adminSessionExtend)
 
 	admin.DELETE(RouteCollection, x.RedirectToPublicRoute(h.r))
-	admin.DELETE(RouteSession, x.RedirectToPublicRoute(h.r))
 }
 
 func (h *Handler) RegisterPublicRoutes(public *x.RouterPublic) {
@@ -439,6 +439,46 @@ func (h *Handler) adminGetSession(w http.ResponseWriter, r *http.Request, ps htt
 	h.r.Writer().Write(w, r, sess)
 }
 
+// Deactivate Session Parameters
+//
+// swagger:parameters disableSession
+// nolint:deadcode,unused
+type disableSession struct {
+	// ID is the session's ID.
+	//
+	// required: true
+	// in: path
+	ID string `json:"id"`
+}
+
+// swagger:route DELETE /admin/sessions/{id} identity disableSession
+//
+// # Deactivate a Session
+//
+// Calling this endpoint deactivates the specified session. Session data is not deleted.
+//
+//	Schemes: http, https
+//
+//	Responses:
+//	  204: emptyResponse
+//	  400: jsonError
+//	  401: jsonError
+//	  default: jsonError
+func (h *Handler) disableSession(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
+	sID, err := uuid.FromString(ps.ByName("id"))
+	if err != nil {
+		h.r.Writer().WriteError(w, r, herodot.ErrBadRequest.WithError(err.Error()).WithDebug("could not parse UUID"))
+		return
+	}
+
+	if err := h.r.SessionPersister().RevokeSessionById(r.Context(), sID); err != nil {
+		h.r.Writer().WriteError(w, r, err)
+		return
+	}
+
+	h.r.Writer().WriteCode(w, r, http.StatusNoContent, nil)
+}
+
 // swagger:parameters adminListIdentitySessions
 // nolint:deadcode,unused
 type adminListIdentitySessions struct {
diff --git a/session/handler_test.go b/session/handler_test.go
index aee08a8d6b5a..1105639f72b7 100644
--- a/session/handler_test.go
+++ b/session/handler_test.go
@@ -582,6 +582,32 @@ func TestHandlerAdminSessionManagement(t *testing.T) {
 			assert.Equal(t, s.ID, sessions[0].ID)
 		})
 
+		t.Run("should revoke session by id", func(t *testing.T) {
+			req, _ := http.NewRequest("GET", ts.URL+"/admin/sessions/"+s.ID.String(), nil)
+			res, err := client.Do(req)
+			require.NoError(t, err)
+			assert.Equal(t, http.StatusOK, res.StatusCode)
+
+			var session Session
+			require.NoError(t, json.NewDecoder(res.Body).Decode(&session))
+			assert.Equal(t, s.ID, session.ID)
+			assert.True(t, session.Active)
+
+			req, _ = http.NewRequest("DELETE", ts.URL+"/admin/sessions/"+s.ID.String(), nil)
+			res, err = client.Do(req)
+			require.NoError(t, err)
+			assert.Equal(t, http.StatusNoContent, res.StatusCode)
+
+			req, _ = http.NewRequest("GET", ts.URL+"/admin/sessions/"+s.ID.String(), nil)
+			res, err = client.Do(req)
+			require.NoError(t, err)
+			assert.Equal(t, http.StatusOK, res.StatusCode)
+
+			require.NoError(t, json.NewDecoder(res.Body).Decode(&session))
+			assert.Equal(t, s.ID, session.ID)
+			assert.False(t, session.Active)
+		})
+
 		req, _ := http.NewRequest("DELETE", ts.URL+"/admin/identities/"+s.Identity.ID.String()+"/sessions", nil)
 		res, err := client.Do(req)
 		require.NoError(t, err)
diff --git a/session/persistence.go b/session/persistence.go
index 8561f225b8a6..ab35498e8be8 100644
--- a/session/persistence.go
+++ b/session/persistence.go
@@ -50,6 +50,9 @@ type Persister interface {
 	// RevokeSessionByToken marks a session inactive with the given token.
 	RevokeSessionByToken(ctx context.Context, token string) error
 
+	// RevokeSessionById marks a session inactive with the specified uuid
+	RevokeSessionById(ctx context.Context, sID uuid.UUID) error
+
 	// RevokeSession marks a given session inactive.
 	RevokeSession(ctx context.Context, iID, sID uuid.UUID) error
 
diff --git a/session/test/persistence.go b/session/test/persistence.go
index ec539ef3a62a..ac562a70d10b 100644
--- a/session/test/persistence.go
+++ b/session/test/persistence.go
@@ -412,6 +412,34 @@ func TestPersister(ctx context.Context, conf *config.Config, p interface {
 			assert.False(t, actual.Active)
 		})
 
+		t.Run("case=revoke session by id", func(t *testing.T) {
+			var expected session.Session
+			require.NoError(t, faker.FakeData(&expected))
+			expected.Active = true
+			require.NoError(t, p.CreateIdentity(ctx, expected.Identity))
+			require.NoError(t, p.UpsertSession(ctx, &expected))
+
+			actual, err := p.GetSession(ctx, expected.ID, session.ExpandNothing)
+			require.NoError(t, err)
+			assert.True(t, actual.Active)
+
+			t.Run("on another network", func(t *testing.T) {
+				_, other := testhelpers.NewNetwork(t, ctx, p)
+				err := other.RevokeSessionById(ctx, expected.ID)
+				assert.ErrorIs(t, err, sqlcon.ErrNoRows)
+
+				actual, err = p.GetSession(ctx, expected.ID, session.ExpandNothing)
+				require.NoError(t, err)
+				assert.True(t, actual.Active)
+			})
+
+			require.NoError(t, p.RevokeSessionById(ctx, expected.ID))
+
+			actual, err = p.GetSession(ctx, expected.ID, session.ExpandNothing)
+			require.NoError(t, err)
+			assert.False(t, actual.Active)
+		})
+
 		t.Run("method=revoke other sessions for identity", func(t *testing.T) {
 			// here we set up 2 identities with each having 2 sessions
 			sessions := make([]session.Session, 4)
diff --git a/spec/api.json b/spec/api.json
index 5a8c6af24b40..d4793c239b89 100755
--- a/spec/api.json
+++ b/spec/api.json
@@ -3771,6 +3771,60 @@
       }
     },
     "/admin/sessions/{id}": {
+      "delete": {
+        "description": "Calling this endpoint deactivates the specified session. Session data is not deleted.",
+        "operationId": "disableSession",
+        "parameters": [
+          {
+            "description": "ID is the session's ID.",
+            "in": "path",
+            "name": "id",
+            "required": true,
+            "schema": {
+              "type": "string"
+            }
+          }
+        ],
+        "responses": {
+          "204": {
+            "$ref": "#/components/responses/emptyResponse"
+          },
+          "400": {
+            "content": {
+              "application/json": {
+                "schema": {
+                  "$ref": "#/components/schemas/jsonError"
+                }
+              }
+            },
+            "description": "jsonError"
+          },
+          "401": {
+            "content": {
+              "application/json": {
+                "schema": {
+                  "$ref": "#/components/schemas/jsonError"
+                }
+              }
+            },
+            "description": "jsonError"
+          },
+          "default": {
+            "content": {
+              "application/json": {
+                "schema": {
+                  "$ref": "#/components/schemas/jsonError"
+                }
+              }
+            },
+            "description": "jsonError"
+          }
+        },
+        "summary": "Deactivate a Session",
+        "tags": [
+          "identity"
+        ]
+      },
       "get": {
         "description": "This endpoint is useful for:\n\nGetting a session object with all specified expandables that exist in an administrative context.",
         "operationId": "adminGetSession",
diff --git a/spec/swagger.json b/spec/swagger.json
index e7d73c38305c..02a5c8858c5e 100755
--- a/spec/swagger.json
+++ b/spec/swagger.json
@@ -877,6 +877,50 @@
             }
           }
         }
+      },
+      "delete": {
+        "description": "Calling this endpoint deactivates the specified session. Session data is not deleted.",
+        "schemes": [
+          "http",
+          "https"
+        ],
+        "tags": [
+          "identity"
+        ],
+        "summary": "Deactivate a Session",
+        "operationId": "disableSession",
+        "parameters": [
+          {
+            "type": "string",
+            "description": "ID is the session's ID.",
+            "name": "id",
+            "in": "path",
+            "required": true
+          }
+        ],
+        "responses": {
+          "204": {
+            "$ref": "#/responses/emptyResponse"
+          },
+          "400": {
+            "description": "jsonError",
+            "schema": {
+              "$ref": "#/definitions/jsonError"
+            }
+          },
+          "401": {
+            "description": "jsonError",
+            "schema": {
+              "$ref": "#/definitions/jsonError"
+            }
+          },
+          "default": {
+            "description": "jsonError",
+            "schema": {
+              "$ref": "#/definitions/jsonError"
+            }
+          }
+        }
       }
     },
     "/admin/sessions/{id}/extend": {

From d9e6a7c2a9b49c328050f205614ee7897a7066dd Mon Sep 17 00:00:00 2001
From: ory-bot <60093411+ory-bot@users.noreply.github.com>
Date: Tue, 8 Nov 2022 16:27:33 +0000
Subject: [PATCH 348/411] autogen(docs): regenerate and update changelog

[skip ci]
---
 CHANGELOG.md | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index e293842a2413..c80b0254184c 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -343,6 +343,9 @@ SDK Method `getJsonSchema` was renamed to `getIdentitySchema`.
   ([#2613](https://github.com/ory/kratos/issues/2613))
   ([29aa3b6](https://github.com/ory/kratos/commit/29aa3b6c37b3a173dcfeb02fdad4abc83774bc0b)),
   closes [#2591](https://github.com/ory/kratos/issues/2591)
+- Distinguish credential types properly when collecting identifiers
+  ([#2873](https://github.com/ory/kratos/issues/2873))
+  ([705f7b1](https://github.com/ory/kratos/commit/705f7b105c98b1d68b3e35d6e6893e9cfb661548))
 - Do not invalidate recovery addr on update
   ([#2699](https://github.com/ory/kratos/issues/2699))
   ([1689bb9](https://github.com/ory/kratos/commit/1689bb9f0a52387f699568da6bc773929b1201ae))
@@ -397,6 +400,9 @@ SDK Method `getJsonSchema` was renamed to `getIdentitySchema`.
   closes [#2711](https://github.com/ory/kratos/issues/2711)
 - **lint:** Fixed lint error causing ci failures
   ([4aab5e0](https://github.com/ory/kratos/commit/4aab5e0114dd02b8b0ce45376a0fe4bf11e38221))
+- Make `courier.TemplateType` an enum
+  ([#2875](https://github.com/ory/kratos/issues/2875))
+  ([65aeb0a](https://github.com/ory/kratos/commit/65aeb0a7fd90bfbc81f68b77141f8271aef011fe))
 - Make hydra consistently localhost
   ([70211a1](https://github.com/ory/kratos/commit/70211a17a452d5ced8317822afda3f8e6185cc71))
 - Make ID field in VerifiableAddress struct optional
@@ -567,6 +573,9 @@ SDK Method `getJsonSchema` was renamed to `getIdentitySchema`.
 - Add flow id check to use verification token
   ([#2695](https://github.com/ory/kratos/issues/2695))
   ([54c64fc](https://github.com/ory/kratos/commit/54c64fcea40ede17a87253042259fd97eeb780fe))
+- Add handler with openapi def for admin revoke session
+  ([#2867](https://github.com/ory/kratos/issues/2867))
+  ([2438ca0](https://github.com/ory/kratos/commit/2438ca0c9aed997870dcf60d41dad783838dd840))
 - Add identity id to "account disabled" error
   ([#2557](https://github.com/ory/kratos/issues/2557))
   ([f09b1b3](https://github.com/ory/kratos/commit/f09b1b3701c6deda4d25cebb7ccf2e97089be32a))

From 8406eaf92006d9812108bd3ae57245f01e627bfc Mon Sep 17 00:00:00 2001
From: Kevin Goslar 
Date: Tue, 8 Nov 2022 10:41:34 -0600
Subject: [PATCH 349/411] feat: standardize license headers (#2790)

---
 .gitignore                                      |  2 +-
 Makefile                                        | 11 ++++++-----
 cipher/aes.go                                   |  3 +++
 cipher/chacha20.go                              |  3 +++
 cipher/cipher.go                                |  3 +++
 cipher/cipher_test.go                           |  3 +++
 cipher/noop.go                                  |  3 +++
 cmd/cleanup/root.go                             |  3 +++
 cmd/cleanup/sql.go                              | 17 +++--------------
 cmd/cleanup/sql_test.go                         |  3 +++
 cmd/cliclient/cleanup.go                        |  3 +++
 cmd/cliclient/client.go                         |  3 +++
 cmd/cliclient/migrate.go                        |  3 +++
 cmd/clidoc/main.go                              |  3 +++
 cmd/clidoc/main_test.go                         |  3 +++
 cmd/courier/root.go                             |  3 +++
 cmd/courier/watch.go                            |  3 +++
 cmd/courier/watch_test.go                       |  3 +++
 cmd/daemon/middleware.go                        |  3 +++
 cmd/daemon/serve.go                             |  3 +++
 cmd/hashers/argon2/calibrate.go                 |  3 +++
 cmd/hashers/argon2/hash.go                      |  3 +++
 cmd/hashers/argon2/loadtest.go                  |  3 +++
 cmd/hashers/argon2/root.go                      |  3 +++
 cmd/hashers/root.go                             |  3 +++
 cmd/identities/definitions.go                   |  3 +++
 cmd/identities/delete.go                        |  3 +++
 cmd/identities/delete_test.go                   |  3 +++
 cmd/identities/get.go                           |  3 +++
 cmd/identities/get_test.go                      |  3 +++
 cmd/identities/helpers.go                       |  3 +++
 cmd/identities/helpers_test.go                  |  3 +++
 cmd/identities/import.go                        |  3 +++
 cmd/identities/import_test.go                   |  3 +++
 cmd/identities/list.go                          |  3 +++
 cmd/identities/list_test.go                     |  3 +++
 cmd/identities/validate.go                      |  3 +++
 cmd/identities/validate_test.go                 |  3 +++
 cmd/jsonnet/format.go                           |  3 +++
 cmd/jsonnet/lint.go                             |  3 +++
 cmd/jsonnet/root.go                             |  3 +++
 cmd/migrate/root.go                             |  3 +++
 cmd/migrate/sql.go                              | 16 ++--------------
 cmd/remote/root.go                              |  3 +++
 cmd/remote/status.go                            |  3 +++
 cmd/remote/version.go                           |  3 +++
 cmd/root.go                                     |  3 +++
 cmd/root_test.go                                |  3 +++
 cmd/serve/root.go                               | 15 ++-------------
 cmd/serve/root_test.go                          |  3 +++
 continuity/container.go                         |  3 +++
 continuity/container_test.go                    |  3 +++
 continuity/manager.go                           |  3 +++
 continuity/manager_cookie.go                    |  3 +++
 continuity/manager_options_test.go              |  3 +++
 continuity/manager_test.go                      |  3 +++
 continuity/persistence.go                       |  3 +++
 continuity/test/persistence.go                  |  3 +++
 corp/context.go                                 |  3 +++
 corp/noop.go                                    |  3 +++
 corpx/faker.go                                  |  3 +++
 courier/courier.go                              |  3 +++
 courier/courier_dispatcher.go                   |  3 +++
 courier/courier_dispatcher_test.go              |  3 +++
 courier/courier_test.go                         |  3 +++
 courier/email_templates.go                      |  3 +++
 courier/email_templates_test.go                 |  3 +++
 courier/handler.go                              |  3 +++
 courier/handler_test.go                         |  3 +++
 courier/message.go                              |  3 +++
 courier/message_test.go                         |  3 +++
 courier/persistence.go                          |  3 +++
 courier/sms.go                                  |  3 +++
 courier/sms_templates.go                        |  3 +++
 courier/sms_templates_test.go                   |  3 +++
 courier/sms_test.go                             |  3 +++
 courier/smtp.go                                 |  3 +++
 courier/smtp_test.go                            |  3 +++
 courier/template/email/recovery_code_invalid.go |  3 +++
 .../email/recovery_code_invalid_test.go         |  3 +++
 courier/template/email/recovery_code_valid.go   |  3 +++
 .../template/email/recovery_code_valid_test.go  |  3 +++
 courier/template/email/recovery_invalid.go      |  3 +++
 courier/template/email/recovery_invalid_test.go |  3 +++
 courier/template/email/recovery_valid.go        |  3 +++
 courier/template/email/recovery_valid_test.go   |  3 +++
 courier/template/email/stub.go                  |  3 +++
 courier/template/email/verification_invalid.go  |  3 +++
 .../template/email/verification_invalid_test.go |  3 +++
 courier/template/email/verification_valid.go    |  3 +++
 .../template/email/verification_valid_test.go   |  3 +++
 courier/template/load_template.go               |  3 +++
 courier/template/load_template_test.go          |  3 +++
 courier/template/sms/otp.go                     |  3 +++
 courier/template/sms/otp_test.go                |  3 +++
 courier/template/sms/stub.go                    |  3 +++
 courier/template/sms/stub_test.go               |  3 +++
 courier/template/template.go                    |  3 +++
 courier/template/testhelpers/testhelpers.go     |  3 +++
 courier/test/persistence.go                     |  3 +++
 credentialmigrate/migrate.go                    |  3 +++
 credentialmigrate/migrate_test.go               |  3 +++
 driver/config/buildinfo.go                      |  3 +++
 driver/config/config.go                         |  3 +++
 driver/config/config_test.go                    |  3 +++
 driver/config/handler.go                        |  3 +++
 driver/config/handler_test.go                   |  3 +++
 driver/config/schema.go                         |  3 +++
 driver/factory.go                               |  3 +++
 driver/factory_test.go                          |  3 +++
 driver/registry.go                              |  3 +++
 driver/registry_default.go                      |  3 +++
 driver/registry_default_hooks.go                |  3 +++
 driver/registry_default_login.go                |  3 +++
 driver/registry_default_recovery.go             |  3 +++
 driver/registry_default_registration.go         |  3 +++
 driver/registry_default_schemas.go              |  3 +++
 driver/registry_default_schemas_test.go         |  3 +++
 driver/registry_default_settings.go             |  3 +++
 driver/registry_default_test.go                 |  3 +++
 driver/registry_default_verify.go               |  3 +++
 embedx/embedx.go                                |  3 +++
 embedx/embedx_test.go                           |  3 +++
 examples/go/identity/create/main.go             |  3 +++
 examples/go/identity/create/main_test.go        |  3 +++
 examples/go/identity/delete/main.go             |  3 +++
 examples/go/identity/delete/main_test.go        |  3 +++
 examples/go/identity/get/main.go                |  3 +++
 examples/go/identity/get/main_test.go           |  3 +++
 examples/go/identity/update/main.go             |  3 +++
 examples/go/identity/update/main_test.go        |  3 +++
 examples/go/pkg/common.go                       |  3 +++
 examples/go/pkg/resources.go                    |  3 +++
 examples/go/selfservice/error/main.go           |  3 +++
 examples/go/selfservice/error/main_test.go      |  3 +++
 examples/go/selfservice/login/main.go           |  3 +++
 examples/go/selfservice/login/main_test.go      |  3 +++
 examples/go/selfservice/logout/main.go          |  3 +++
 examples/go/selfservice/logout/main_test.go     |  3 +++
 examples/go/selfservice/recovery/main.go        |  3 +++
 examples/go/selfservice/recovery/main_test.go   |  3 +++
 examples/go/selfservice/registration/main.go    |  3 +++
 .../go/selfservice/registration/main_test.go    |  3 +++
 examples/go/selfservice/settings/main.go        |  3 +++
 examples/go/selfservice/settings/main_test.go   |  3 +++
 examples/go/selfservice/verification/main.go    |  3 +++
 .../go/selfservice/verification/main_test.go    |  3 +++
 examples/go/session/tosession/main.go           |  3 +++
 examples/go/session/tosession/main_test.go      |  3 +++
 go_mod_indirect_pins.go                         |  3 +++
 hash/hash_comparator.go                         |  3 +++
 hash/hasher.go                                  |  3 +++
 hash/hasher_argon2.go                           |  3 +++
 hash/hasher_bcrypt.go                           |  3 +++
 hash/hasher_pbkdf2.go                           |  3 +++
 hash/hasher_scrypt.go                           |  3 +++
 hash/hasher_test.go                             |  3 +++
 hydra/fake.go                                   |  3 +++
 hydra/hydra.go                                  |  3 +++
 hydra/hydra_test.go                             |  3 +++
 identity/address.go                             |  3 +++
 identity/credentials.go                         |  3 +++
 identity/credentials_oidc.go                    |  3 +++
 identity/credentials_password.go                |  3 +++
 identity/credentials_test.go                    |  3 +++
 identity/extension_credentials.go               |  3 +++
 identity/extension_credentials_test.go          |  3 +++
 identity/extension_recovery.go                  |  3 +++
 identity/extension_recovery_test.go             |  3 +++
 identity/extension_verify.go                    |  3 +++
 identity/extension_verify_test.go               |  3 +++
 identity/handler.go                             |  3 +++
 identity/handler_import.go                      |  3 +++
 identity/handler_test.go                        |  3 +++
 identity/identity.go                            |  3 +++
 identity/identity_recovery.go                   |  3 +++
 identity/identity_recovery_test.go              |  3 +++
 identity/identity_test.go                       |  3 +++
 identity/identity_verification.go               |  3 +++
 identity/identity_verification_test.go          |  3 +++
 identity/manager.go                             |  3 +++
 identity/manager_test.go                        |  3 +++
 identity/pool.go                                |  3 +++
 identity/registry.go                            |  3 +++
 identity/test/pool.go                           |  3 +++
 identity/validator.go                           |  3 +++
 identity/validator_test.go                      |  3 +++
 internal/clihelpers/helpers.go                  |  3 +++
 internal/driver.go                              |  3 +++
 internal/registrationhelpers/helpers.go         |  3 +++
 internal/settingshelpers/helpers.go             |  3 +++
 internal/testhelpers/config.go                  |  3 +++
 internal/testhelpers/courier.go                 |  3 +++
 internal/testhelpers/e2e_server.go              |  3 +++
 internal/testhelpers/errorx.go                  |  3 +++
 internal/testhelpers/fake.go                    |  3 +++
 internal/testhelpers/handler_mock.go            |  3 +++
 internal/testhelpers/http.go                    |  3 +++
 internal/testhelpers/httptest.go                |  3 +++
 internal/testhelpers/identity.go                |  3 +++
 internal/testhelpers/identity_schema.go         |  3 +++
 internal/testhelpers/json.go                    |  3 +++
 internal/testhelpers/network.go                 |  3 +++
 internal/testhelpers/sdk.go                     |  3 +++
 internal/testhelpers/selfservice.go             |  3 +++
 internal/testhelpers/selfservice_login.go       |  3 +++
 internal/testhelpers/selfservice_recovery.go    |  3 +++
 .../testhelpers/selfservice_registration.go     |  3 +++
 internal/testhelpers/selfservice_settings.go    |  3 +++
 .../testhelpers/selfservice_verification.go     |  3 +++
 internal/testhelpers/server.go                  |  3 +++
 internal/testhelpers/session.go                 |  3 +++
 internal/testhelpers/snapshot.go                |  3 +++
 internal/testhelpers/strategies.go              |  3 +++
 main.go                                         | 15 ++-------------
 otp/otp.go                                      |  3 +++
 persistence/aliases/http_header.go              |  3 +++
 persistence/reference.go                        |  3 +++
 persistence/sql/migratest/migration_test.go     |  3 +++
 persistence/sql/persister.go                    |  3 +++
 persistence/sql/persister_cleanup_test.go       |  3 +++
 persistence/sql/persister_continuity.go         |  3 +++
 persistence/sql/persister_courier.go            |  3 +++
 persistence/sql/persister_errorx.go             |  3 +++
 persistence/sql/persister_hmac.go               |  3 +++
 persistence/sql/persister_hmac_test.go          |  3 +++
 persistence/sql/persister_identity.go           |  3 +++
 persistence/sql/persister_login.go              |  3 +++
 persistence/sql/persister_recovery.go           |  3 +++
 persistence/sql/persister_registration.go       |  3 +++
 persistence/sql/persister_session.go            |  3 +++
 persistence/sql/persister_settings.go           |  3 +++
 persistence/sql/persister_test.go               |  3 +++
 .../sql/persister_transaction_helpers.go        |  3 +++
 persistence/sql/persister_verification.go       |  3 +++
 persistence/sql/testhelpers/network.go          |  3 +++
 request/auth.go                                 |  3 +++
 request/auth_strategy.go                        |  3 +++
 request/auth_strategy_test.go                   |  3 +++
 request/auth_test.go                            |  3 +++
 request/builder.go                              |  3 +++
 request/builder_test.go                         |  3 +++
 request/config.go                               |  3 +++
 schema/context.go                               |  3 +++
 schema/context_test.go                          |  3 +++
 schema/errors.go                                |  3 +++
 schema/errors_test.go                           |  3 +++
 schema/extension.go                             |  3 +++
 schema/extension_test.go                        |  3 +++
 schema/handler.go                               |  3 +++
 schema/handler_test.go                          |  3 +++
 schema/loader.go                                |  3 +++
 schema/schema.go                                |  3 +++
 schema/schema_test.go                           |  3 +++
 schema/validator.go                             |  3 +++
 schema/validator_test.go                        |  3 +++
 selfservice/errorx/error.go                     |  3 +++
 selfservice/errorx/handler.go                   |  3 +++
 selfservice/errorx/handler_test.go              |  3 +++
 selfservice/errorx/manager.go                   |  3 +++
 selfservice/errorx/persistence.go               |  3 +++
 selfservice/errorx/test/persistence.go          |  3 +++
 selfservice/flow/config.go                      |  3 +++
 selfservice/flow/error.go                       |  3 +++
 selfservice/flow/error_test.go                  |  3 +++
 selfservice/flow/flow.go                        |  3 +++
 selfservice/flow/flow_test.go                   |  3 +++
 selfservice/flow/internal_context.go            |  3 +++
 selfservice/flow/login/aal.go                   |  3 +++
 selfservice/flow/login/aal_test.go              |  3 +++
 selfservice/flow/login/error.go                 |  3 +++
 selfservice/flow/login/error_test.go            |  3 +++
 selfservice/flow/login/export_test.go           |  3 +++
 selfservice/flow/login/flow.go                  |  3 +++
 selfservice/flow/login/flow_test.go             |  3 +++
 selfservice/flow/login/handler.go               |  3 +++
 selfservice/flow/login/handler_test.go          |  3 +++
 selfservice/flow/login/hook.go                  |  3 +++
 selfservice/flow/login/hook_test.go             |  3 +++
 selfservice/flow/login/persistence.go           |  3 +++
 selfservice/flow/login/session.go               |  3 +++
 selfservice/flow/login/sort.go                  |  3 +++
 selfservice/flow/login/strategy.go              |  3 +++
 selfservice/flow/login/test/persistence.go      |  3 +++
 selfservice/flow/logout/handler.go              |  3 +++
 selfservice/flow/logout/handler_test.go         |  3 +++
 selfservice/flow/nosurf.go                      |  3 +++
 selfservice/flow/nosurf_test.go                 |  3 +++
 selfservice/flow/recovery/error.go              |  3 +++
 selfservice/flow/recovery/error_test.go         |  3 +++
 selfservice/flow/recovery/flow.go               |  3 +++
 selfservice/flow/recovery/flow_test.go          |  3 +++
 selfservice/flow/recovery/handler.go            |  3 +++
 selfservice/flow/recovery/handler_test.go       |  3 +++
 selfservice/flow/recovery/hook.go               |  3 +++
 selfservice/flow/recovery/hook_test.go          |  3 +++
 selfservice/flow/recovery/persistence.go        |  3 +++
 selfservice/flow/recovery/state.go              |  3 +++
 selfservice/flow/recovery/state_test.go         |  3 +++
 selfservice/flow/recovery/strategy.go           |  3 +++
 selfservice/flow/recovery/test/persistence.go   |  3 +++
 selfservice/flow/registration/decoder.go        |  3 +++
 selfservice/flow/registration/error.go          |  3 +++
 selfservice/flow/registration/error_test.go     |  3 +++
 selfservice/flow/registration/flow.go           |  3 +++
 selfservice/flow/registration/flow_test.go      |  3 +++
 selfservice/flow/registration/handler.go        |  3 +++
 selfservice/flow/registration/handler_test.go   |  3 +++
 selfservice/flow/registration/hook.go           |  3 +++
 selfservice/flow/registration/hook_test.go      |  3 +++
 selfservice/flow/registration/persistence.go    |  3 +++
 selfservice/flow/registration/session.go        |  3 +++
 selfservice/flow/registration/sort.go           |  3 +++
 selfservice/flow/registration/strategy.go       |  3 +++
 .../flow/registration/test/persistence.go       |  3 +++
 selfservice/flow/request.go                     |  3 +++
 selfservice/flow/request_test.go                |  3 +++
 selfservice/flow/settings/error.go              |  3 +++
 selfservice/flow/settings/error_test.go         |  3 +++
 selfservice/flow/settings/flow.go               |  3 +++
 selfservice/flow/settings/flow_test.go          |  3 +++
 selfservice/flow/settings/handler.go            |  3 +++
 selfservice/flow/settings/handler_test.go       |  3 +++
 selfservice/flow/settings/hook.go               |  3 +++
 selfservice/flow/settings/hook_test.go          |  3 +++
 selfservice/flow/settings/persistence.go        |  3 +++
 selfservice/flow/settings/sort.go               |  3 +++
 selfservice/flow/settings/state.go              |  3 +++
 selfservice/flow/settings/strategy.go           |  3 +++
 selfservice/flow/settings/strategy_helper.go    |  3 +++
 .../flow/settings/strategy_helper_test.go       |  3 +++
 selfservice/flow/settings/test/persistence.go   |  3 +++
 selfservice/flow/type.go                        |  3 +++
 selfservice/flow/verification/error.go          |  3 +++
 selfservice/flow/verification/error_test.go     |  3 +++
 selfservice/flow/verification/flow.go           |  3 +++
 selfservice/flow/verification/flow_test.go      |  3 +++
 selfservice/flow/verification/handler.go        |  3 +++
 selfservice/flow/verification/handler_test.go   |  3 +++
 selfservice/flow/verification/hook.go           |  3 +++
 selfservice/flow/verification/hook_test.go      |  3 +++
 selfservice/flow/verification/persistence.go    |  3 +++
 selfservice/flow/verification/state.go          |  3 +++
 selfservice/flow/verification/state_test.go     |  3 +++
 selfservice/flow/verification/strategy.go       |  3 +++
 .../flow/verification/test/persistence.go       |  3 +++
 selfservice/flowhelpers/login.go                |  3 +++
 selfservice/flowhelpers/login_test.go           |  3 +++
 selfservice/hook/address_verifier.go            |  3 +++
 selfservice/hook/address_verifier_test.go       |  3 +++
 selfservice/hook/error.go                       |  3 +++
 selfservice/hook/hooks.go                       |  3 +++
 selfservice/hook/session_destroyer.go           |  3 +++
 selfservice/hook/session_destroyer_test.go      |  3 +++
 selfservice/hook/session_issuer.go              |  3 +++
 selfservice/hook/session_issuer_test.go         |  3 +++
 selfservice/hook/verification.go                |  3 +++
 selfservice/hook/verification_test.go           |  3 +++
 selfservice/hook/web_hook.go                    |  3 +++
 selfservice/hook/web_hook_integration_test.go   |  3 +++
 selfservice/strategy/code/code_recovery.go      |  3 +++
 selfservice/strategy/code/code_recovery_test.go |  3 +++
 selfservice/strategy/code/persistence.go        |  3 +++
 selfservice/strategy/code/schema.go             |  3 +++
 selfservice/strategy/code/sender.go             |  3 +++
 selfservice/strategy/code/sender_test.go        |  3 +++
 selfservice/strategy/code/strategy.go           |  3 +++
 selfservice/strategy/code/strategy_recovery.go  |  3 +++
 .../strategy/code/strategy_recovery_test.go     |  3 +++
 selfservice/strategy/code/strategy_test.go      |  3 +++
 selfservice/strategy/code/test/persistence.go   |  3 +++
 selfservice/strategy/handler.go                 |  3 +++
 selfservice/strategy/link/persistence.go        |  3 +++
 selfservice/strategy/link/schema.go             |  3 +++
 selfservice/strategy/link/sender.go             |  3 +++
 selfservice/strategy/link/sender_test.go        |  3 +++
 selfservice/strategy/link/strategy.go           |  3 +++
 selfservice/strategy/link/strategy_recovery.go  |  3 +++
 .../strategy/link/strategy_recovery_test.go     |  3 +++
 selfservice/strategy/link/strategy_test.go      |  3 +++
 .../strategy/link/strategy_verification.go      |  3 +++
 .../strategy/link/strategy_verification_test.go |  3 +++
 selfservice/strategy/link/test/persistence.go   |  3 +++
 selfservice/strategy/link/token_recovery.go     |  3 +++
 .../strategy/link/token_recovery_test.go        |  3 +++
 selfservice/strategy/link/token_verification.go |  3 +++
 .../strategy/link/token_verification_test.go    |  3 +++
 selfservice/strategy/lookup/credentials.go      |  3 +++
 selfservice/strategy/lookup/credentials_test.go |  3 +++
 selfservice/strategy/lookup/login.go            |  3 +++
 selfservice/strategy/lookup/login_test.go       |  3 +++
 selfservice/strategy/lookup/nodes.go            |  3 +++
 selfservice/strategy/lookup/schema.go           |  3 +++
 selfservice/strategy/lookup/settings.go         |  3 +++
 selfservice/strategy/lookup/settings_test.go    |  3 +++
 selfservice/strategy/lookup/strategy.go         |  3 +++
 selfservice/strategy/lookup/strategy_test.go    |  3 +++
 selfservice/strategy/oidc/const.go              |  3 +++
 selfservice/strategy/oidc/error.go              |  3 +++
 selfservice/strategy/oidc/form.go               |  3 +++
 selfservice/strategy/oidc/form_test.go          |  3 +++
 selfservice/strategy/oidc/nodes.go              |  3 +++
 selfservice/strategy/oidc/provider.go           |  3 +++
 selfservice/strategy/oidc/provider_apple.go     |  3 +++
 .../strategy/oidc/provider_apple_test.go        |  3 +++
 selfservice/strategy/oidc/provider_auth0.go     |  3 +++
 .../strategy/oidc/provider_auth0_test.go        |  3 +++
 selfservice/strategy/oidc/provider_config.go    |  3 +++
 .../strategy/oidc/provider_config_test.go       |  3 +++
 selfservice/strategy/oidc/provider_dingtalk.go  |  3 +++
 selfservice/strategy/oidc/provider_discord.go   |  3 +++
 selfservice/strategy/oidc/provider_facebook.go  |  3 +++
 .../strategy/oidc/provider_facebook_test.go     |  3 +++
 .../strategy/oidc/provider_generic_oidc.go      |  3 +++
 .../strategy/oidc/provider_generic_test.go      |  3 +++
 selfservice/strategy/oidc/provider_github.go    |  3 +++
 .../strategy/oidc/provider_github_app.go        |  3 +++
 selfservice/strategy/oidc/provider_gitlab.go    |  3 +++
 selfservice/strategy/oidc/provider_google.go    |  3 +++
 selfservice/strategy/oidc/provider_microsoft.go |  3 +++
 selfservice/strategy/oidc/provider_netid.go     |  3 +++
 .../strategy/oidc/provider_private_net_test.go  |  3 +++
 selfservice/strategy/oidc/provider_slack.go     |  3 +++
 selfservice/strategy/oidc/provider_spotify.go   |  3 +++
 selfservice/strategy/oidc/provider_vk.go        |  3 +++
 selfservice/strategy/oidc/provider_yandex.go    |  3 +++
 selfservice/strategy/oidc/schema.go             |  3 +++
 selfservice/strategy/oidc/strategy.go           |  3 +++
 .../strategy/oidc/strategy_helper_test.go       |  3 +++
 selfservice/strategy/oidc/strategy_login.go     |  3 +++
 .../strategy/oidc/strategy_registration.go      |  3 +++
 selfservice/strategy/oidc/strategy_settings.go  |  3 +++
 .../strategy/oidc/strategy_settings_test.go     |  3 +++
 .../strategy/oidc/strategy_state_test.go        |  3 +++
 selfservice/strategy/oidc/strategy_test.go      |  3 +++
 selfservice/strategy/oidc/types.go              |  3 +++
 selfservice/strategy/password/helpers.go        |  3 +++
 selfservice/strategy/password/helpers_test.go   |  3 +++
 selfservice/strategy/password/login.go          |  3 +++
 selfservice/strategy/password/login_test.go     |  3 +++
 selfservice/strategy/password/nodes.go          |  3 +++
 selfservice/strategy/password/op_login_test.go  |  3 +++
 .../strategy/password/op_registration_test.go   |  3 +++
 selfservice/strategy/password/registration.go   |  3 +++
 .../strategy/password/registration_test.go      |  3 +++
 selfservice/strategy/password/schema.go         |  3 +++
 selfservice/strategy/password/settings.go       |  3 +++
 selfservice/strategy/password/settings_test.go  |  3 +++
 selfservice/strategy/password/strategy.go       |  3 +++
 .../strategy/password/strategy_disabled_test.go |  3 +++
 selfservice/strategy/password/strategy_test.go  |  3 +++
 selfservice/strategy/password/types.go          |  3 +++
 selfservice/strategy/password/validator.go      |  3 +++
 .../strategy/password/validator_lcs_test.go     |  3 +++
 selfservice/strategy/password/validator_test.go |  3 +++
 selfservice/strategy/profile/schema.go          |  3 +++
 selfservice/strategy/profile/strategy.go        |  3 +++
 selfservice/strategy/profile/strategy_test.go   |  3 +++
 selfservice/strategy/totp/credentials.go        |  3 +++
 selfservice/strategy/totp/generator.go          |  3 +++
 selfservice/strategy/totp/generator_test.go     |  3 +++
 selfservice/strategy/totp/login.go              |  3 +++
 selfservice/strategy/totp/login_test.go         |  3 +++
 selfservice/strategy/totp/nodes.go              |  3 +++
 selfservice/strategy/totp/schema.go             |  3 +++
 selfservice/strategy/totp/schema_extension.go   |  3 +++
 selfservice/strategy/totp/settings.go           |  3 +++
 selfservice/strategy/totp/settings_test.go      |  3 +++
 selfservice/strategy/totp/strategy.go           |  3 +++
 selfservice/strategy/totp/strategy_test.go      |  3 +++
 selfservice/strategy/webauthn/credentials.go    |  3 +++
 .../strategy/webauthn/credentials_test.go       |  3 +++
 selfservice/strategy/webauthn/errors.go         |  3 +++
 selfservice/strategy/webauthn/handler.go        |  3 +++
 selfservice/strategy/webauthn/js/webauthn.js    |  3 +++
 selfservice/strategy/webauthn/login.go          |  3 +++
 selfservice/strategy/webauthn/login_test.go     |  3 +++
 selfservice/strategy/webauthn/mock.go           |  3 +++
 selfservice/strategy/webauthn/nodes.go          |  3 +++
 selfservice/strategy/webauthn/registration.go   |  3 +++
 .../strategy/webauthn/registration_test.go      |  3 +++
 selfservice/strategy/webauthn/schema.go         |  3 +++
 selfservice/strategy/webauthn/settings.go       |  3 +++
 selfservice/strategy/webauthn/settings_test.go  |  3 +++
 selfservice/strategy/webauthn/strategy.go       |  3 +++
 selfservice/strategy/webauthn/strategy_test.go  |  3 +++
 selfservice/strategy/webauthn/types.go          |  3 +++
 selfservice/strategy/webauthn/validate.go       |  3 +++
 session/expand.go                               |  3 +++
 session/expand_test.go                          |  3 +++
 session/handler.go                              |  3 +++
 session/handler_test.go                         |  3 +++
 session/helper.go                               |  3 +++
 session/helper_test.go                          |  3 +++
 session/manager.go                              |  3 +++
 session/manager_http.go                         |  3 +++
 session/manager_http_test.go                    |  3 +++
 session/manager_test.go                         |  3 +++
 session/persistence.go                          |  3 +++
 session/session.go                              |  3 +++
 session/session_test.go                         |  3 +++
 session/test/persistence.go                     |  3 +++
 spec/api.go                                     |  3 +++
 swagger_meta.go                                 |  3 +++
 swagger_types_global.go                         |  3 +++
 swagger_types_overrides.go                      |  3 +++
 test/e2e/cypress.config.ts                      |  3 +++
 test/e2e/cypress/helpers/express.ts             |  3 +++
 test/e2e/cypress/helpers/httpbin.ts             |  3 +++
 test/e2e/cypress/helpers/index.ts               |  3 +++
 test/e2e/cypress/helpers/oauth2.ts              |  3 +++
 test/e2e/cypress/helpers/react.ts               |  3 +++
 .../integration/profiles/email/error/ui.spec.ts |  3 +++
 .../profiles/email/login/error.spec.ts          |  3 +++
 .../profiles/email/login/success.spec.ts        |  3 +++
 .../integration/profiles/email/login/ui.spec.ts |  3 +++
 .../profiles/email/logout/success.spec.ts       |  3 +++
 .../profiles/email/registration/errors.spec.ts  |  3 +++
 .../profiles/email/registration/success.spec.ts |  3 +++
 .../profiles/email/registration/ui.spec.ts      |  3 +++
 .../profiles/email/settings/errors.spec.ts      |  3 +++
 .../profiles/email/settings/success.spec.ts     |  3 +++
 .../profiles/email/settings/ui.spec.ts          |  3 +++
 .../integration/profiles/import/import.spec.ts  |  3 +++
 .../integration/profiles/mfa/lookup.spec.ts     |  3 +++
 .../integration/profiles/mfa/mix.spec.ts        |  3 +++
 .../integration/profiles/mfa/settings.spec.ts   |  3 +++
 .../integration/profiles/mfa/totp.spec.ts       |  3 +++
 .../integration/profiles/mfa/webauthn.spec.ts   |  3 +++
 .../profiles/mobile/login/errors.spec.ts        |  3 +++
 .../profiles/mobile/login/success.spec.ts       |  3 +++
 .../profiles/mobile/mfa/backup.spec.ts          |  3 +++
 .../integration/profiles/mobile/mfa/mix.spec.ts |  3 +++
 .../profiles/mobile/mfa/totp.spec.ts            |  3 +++
 .../profiles/mobile/registration/errors.spec.ts |  3 +++
 .../mobile/registration/success.spec.ts         |  3 +++
 .../profiles/mobile/settings/errors.spec.ts     |  3 +++
 .../profiles/mobile/settings/success.spec.ts    |  3 +++
 .../integration/profiles/network/errors.spec.ts |  3 +++
 .../profiles/oidc-provider/error.spec.ts        |  3 +++
 .../profiles/oidc-provider/login.spec.ts        |  3 +++
 .../profiles/oidc-provider/mfa.spec.ts          |  3 +++
 .../profiles/oidc-provider/registration.spec.ts |  3 +++
 .../profiles/oidc/login/error.spec.ts           |  3 +++
 .../profiles/oidc/login/success.spec.ts         |  3 +++
 .../profiles/oidc/logout/success.spec.ts        |  3 +++
 .../profiles/oidc/registration/error.spec.ts    |  3 +++
 .../profiles/oidc/registration/success.spec.ts  |  3 +++
 .../profiles/oidc/settings/error.spec.ts        |  3 +++
 .../profiles/oidc/settings/success.spec.ts      |  3 +++
 .../profiles/passwordless/flows.spec.ts         |  3 +++
 .../profiles/recovery/code/errors.spec.ts       |  3 +++
 .../profiles/recovery/code/success.spec.ts      |  3 +++
 .../profiles/recovery/link/errors.spec.ts       |  3 +++
 .../profiles/recovery/link/success.spec.ts      |  3 +++
 .../profiles/recovery/settings/success.spec.ts  |  3 +++
 .../profiles/verification/login/errors.spec.ts  |  3 +++
 .../profiles/verification/login/success.spec.ts |  3 +++
 .../verification/registration/errors.spec.ts    |  3 +++
 .../verification/registration/success.spec.ts   |  3 +++
 .../verification/settings/error.spec.ts         |  3 +++
 .../verification/settings/success.spec.ts       |  3 +++
 .../profiles/verification/verify/errors.spec.ts |  3 +++
 .../verification/verify/success.spec.ts         |  3 +++
 .../profiles/webhoooks/login/error.spec.ts      |  3 +++
 .../profiles/webhoooks/login/success.spec.ts    |  3 +++
 .../webhoooks/registration/errors.spec.ts       |  3 +++
 .../webhoooks/registration/success.spec.ts      |  3 +++
 test/e2e/cypress/plugins/index.js               |  3 +++
 test/e2e/cypress/support/commands.ts            |  3 +++
 test/e2e/cypress/support/index.d.ts             |  3 +++
 test/e2e/cypress/support/index.js               |  3 +++
 test/e2e/hydra-kratos-login-consent/main.go     |  3 +++
 test/e2e/hydra-login-consent/main.go            |  3 +++
 test/e2e/mock/webhook/main.go                   |  3 +++
 test/e2e/proxy/proxy.js                         |  3 +++
 test/schema/schema_test.go                      |  3 +++
 text/context.go                                 |  3 +++
 text/id.go                                      |  3 +++
 text/id_test.go                                 |  3 +++
 text/message.go                                 |  3 +++
 text/message_error.go                           |  3 +++
 text/message_login.go                           |  3 +++
 text/message_node.go                            |  3 +++
 text/message_recovery.go                        |  3 +++
 text/message_registration.go                    |  3 +++
 text/message_settings.go                        |  3 +++
 text/message_system.go                          |  3 +++
 text/message_test.go                            |  3 +++
 text/message_validation.go                      |  3 +++
 text/message_verification.go                    |  3 +++
 text/type.go                                    |  3 +++
 ui/container/container.go                       |  3 +++
 ui/container/container_test.go                  |  3 +++
 ui/container/error.go                           |  3 +++
 ui/container/types.go                           |  3 +++
 ui/node/attributes.go                           |  3 +++
 ui/node/attributes_input.go                     |  3 +++
 ui/node/attributes_input_csrf.go                |  3 +++
 ui/node/attributes_input_test.go                |  3 +++
 ui/node/attributes_test.go                      |  3 +++
 ui/node/helper.go                               |  3 +++
 ui/node/identifiers.go                          |  3 +++
 ui/node/node.go                                 |  3 +++
 ui/node/node_test.go                            |  3 +++
 x/clean_url.go                                  |  3 +++
 x/clean_url_test.go                             |  3 +++
 x/cookie.go                                     |  3 +++
 x/cookie_test.go                                |  3 +++
 x/doc.go                                        |  3 +++
 x/err.go                                        |  3 +++
 x/http.go                                       |  3 +++
 x/http_redirect_admin.go                        |  3 +++
 x/http_redirect_admin_test.go                   |  3 +++
 x/http_secure_redirect.go                       |  3 +++
 x/http_secure_redirect_test.go                  |  3 +++
 x/http_test.go                                  |  3 +++
 x/httploadermiddleware.go                       |  3 +++
 x/ider.go                                       |  3 +++
 x/isjsonrequest.go                              |  3 +++
 x/isjsonrequest_test.go                         |  3 +++
 x/json_bool.go                                  |  3 +++
 x/json_bool_test.go                             |  3 +++
 x/json_number.go                                |  3 +++
 x/mailhog.go                                    |  3 +++
 x/map_json.go                                   |  3 +++
 x/map_json_test.go                              |  3 +++
 x/maxitems.go                                   |  3 +++
 x/nocache.go                                    |  3 +++
 x/nosurf.go                                     |  3 +++
 x/nosurf_test.go                                |  3 +++
 x/pagination.go                                 |  3 +++
 x/pointer.go                                    |  3 +++
 x/provider.go                                   |  3 +++
 x/readall.go                                    |  3 +++
 x/redir.go                                      |  3 +++
 x/redir_test.go                                 |  3 +++
 x/require.go                                    |  3 +++
 x/router.go                                     |  3 +++
 x/router_test.go                                |  3 +++
 x/sdkx.go                                       |  3 +++
 x/servicelocatorx/config.go                     |  3 +++
 x/stub_fs.go                                    |  3 +++
 x/tests.go                                      |  3 +++
 x/time.go                                       |  3 +++
 x/time_test.go                                  |  3 +++
 x/uuid.go                                       |  3 +++
 x/uuid_test.go                                  |  3 +++
 x/xsql/sql.go                                   |  3 +++
 649 files changed, 1945 insertions(+), 60 deletions(-)

diff --git a/.gitignore b/.gitignore
index a9babd9e6fa7..cf9e7a7e0c5b 100644
--- a/.gitignore
+++ b/.gitignore
@@ -7,7 +7,7 @@ packrd/
 *-packr.go
 dist/
 node_modules
-.bin/*
+.bin/
 test/e2e/cypress/videos
 test/e2e/cypress/screenshots
 test/e2e/.bin
diff --git a/Makefile b/Makefile
index 2d3a2ed8b7eb..fb95ee29c96c 100644
--- a/Makefile
+++ b/Makefile
@@ -46,16 +46,16 @@ docs/api:
 docs/swagger:
 	npx @redocly/openapi-cli preview-docs spec/swagger.json
 
-.bin/ory: Makefile
-	bash <(curl https://raw.githubusercontent.com/ory/meta/master/install.sh) -d -b .bin ory v0.1.33
-	touch -a -m .bin/ory
-
 .bin/golangci-lint: Makefile
 	curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -d -b .bin v1.47.3
 
 .bin/hydra: Makefile
 	bash <(curl https://raw.githubusercontent.com/ory/meta/master/install.sh) -d -b .bin hydra v1.11.0
 
+.bin/ory: Makefile
+	curl https://raw.githubusercontent.com/ory/meta/master/install.sh | bash -s -- -b .bin ory v0.1.47
+	touch .bin/ory
+
 .PHONY: lint
 lint: .bin/golangci-lint
 	golangci-lint run -v --timeout 10m ./...
@@ -131,7 +131,8 @@ quickstart-dev:
 
 # Formats the code
 .PHONY: format
-format: .bin/goimports node_modules
+format: .bin/goimports .bin/ory node_modules
+	.bin/ory dev headers license --exclude=internal/httpclient
 	goimports -w -local github.com/ory .
 	npm exec -- prettier --write 'test/e2e/**/*{.ts,.js}'
 	npm exec -- prettier --write '.github'
diff --git a/cipher/aes.go b/cipher/aes.go
index ea2d34aaec69..4ab1b800b978 100644
--- a/cipher/aes.go
+++ b/cipher/aes.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package cipher
 
 import (
diff --git a/cipher/chacha20.go b/cipher/chacha20.go
index 51bbc4399fb2..e6b7a43ae647 100644
--- a/cipher/chacha20.go
+++ b/cipher/chacha20.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package cipher
 
 import (
diff --git a/cipher/cipher.go b/cipher/cipher.go
index 402ede523727..aa76a2254492 100644
--- a/cipher/cipher.go
+++ b/cipher/cipher.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package cipher
 
 import "context"
diff --git a/cipher/cipher_test.go b/cipher/cipher_test.go
index 844e56e4c6ae..2c7e256e80f6 100644
--- a/cipher/cipher_test.go
+++ b/cipher/cipher_test.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package cipher_test
 
 import (
diff --git a/cipher/noop.go b/cipher/noop.go
index 62e43d9998c5..822f3e8cca03 100644
--- a/cipher/noop.go
+++ b/cipher/noop.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package cipher
 
 import (
diff --git a/cmd/cleanup/root.go b/cmd/cleanup/root.go
index ac2f0b88797a..0aafd5cc883d 100644
--- a/cmd/cleanup/root.go
+++ b/cmd/cleanup/root.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package cleanup
 
 import (
diff --git a/cmd/cleanup/sql.go b/cmd/cleanup/sql.go
index c74d214fcba1..1aa310d41d4c 100644
--- a/cmd/cleanup/sql.go
+++ b/cmd/cleanup/sql.go
@@ -1,17 +1,6 @@
-/*
-Copyright © 2019 NAME HERE 
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-	http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package cleanup
 
 import (
diff --git a/cmd/cleanup/sql_test.go b/cmd/cleanup/sql_test.go
index bc09b109d90f..cd0cd56101ef 100644
--- a/cmd/cleanup/sql_test.go
+++ b/cmd/cleanup/sql_test.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package cleanup
 
 import (
diff --git a/cmd/cliclient/cleanup.go b/cmd/cliclient/cleanup.go
index 8a9e24b48d9a..ec37e1f36344 100644
--- a/cmd/cliclient/cleanup.go
+++ b/cmd/cliclient/cleanup.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package cliclient
 
 import (
diff --git a/cmd/cliclient/client.go b/cmd/cliclient/client.go
index b1361e16d890..ca0bec6b773d 100644
--- a/cmd/cliclient/client.go
+++ b/cmd/cliclient/client.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package cliclient
 
 import (
diff --git a/cmd/cliclient/migrate.go b/cmd/cliclient/migrate.go
index 4b43f1851461..aef3fa3ff1e4 100644
--- a/cmd/cliclient/migrate.go
+++ b/cmd/cliclient/migrate.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package cliclient
 
 import (
diff --git a/cmd/clidoc/main.go b/cmd/clidoc/main.go
index 4318216df143..9b7f8ac997ae 100644
--- a/cmd/clidoc/main.go
+++ b/cmd/clidoc/main.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package main
 
 import (
diff --git a/cmd/clidoc/main_test.go b/cmd/clidoc/main_test.go
index 936a049aa5d5..ae8d86949f1c 100644
--- a/cmd/clidoc/main_test.go
+++ b/cmd/clidoc/main_test.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package main
 
 import (
diff --git a/cmd/courier/root.go b/cmd/courier/root.go
index 338dd84f485d..a8dec282d876 100644
--- a/cmd/courier/root.go
+++ b/cmd/courier/root.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package courier
 
 import (
diff --git a/cmd/courier/watch.go b/cmd/courier/watch.go
index f5a5b866c25d..a59aa381b356 100644
--- a/cmd/courier/watch.go
+++ b/cmd/courier/watch.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package courier
 
 import (
diff --git a/cmd/courier/watch_test.go b/cmd/courier/watch_test.go
index 5c4d17305b23..01731cf4e886 100644
--- a/cmd/courier/watch_test.go
+++ b/cmd/courier/watch_test.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package courier
 
 import (
diff --git a/cmd/daemon/middleware.go b/cmd/daemon/middleware.go
index 329014c3f9f6..f402eca30b88 100644
--- a/cmd/daemon/middleware.go
+++ b/cmd/daemon/middleware.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package daemon
 
 import (
diff --git a/cmd/daemon/serve.go b/cmd/daemon/serve.go
index 89b8bd43b5ad..2fb55273b896 100644
--- a/cmd/daemon/serve.go
+++ b/cmd/daemon/serve.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package daemon
 
 import (
diff --git a/cmd/hashers/argon2/calibrate.go b/cmd/hashers/argon2/calibrate.go
index a3192078e623..fdd41deb628a 100644
--- a/cmd/hashers/argon2/calibrate.go
+++ b/cmd/hashers/argon2/calibrate.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package argon2
 
 import (
diff --git a/cmd/hashers/argon2/hash.go b/cmd/hashers/argon2/hash.go
index 7da1dd48eb54..8849a3b7b3eb 100644
--- a/cmd/hashers/argon2/hash.go
+++ b/cmd/hashers/argon2/hash.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package argon2
 
 import (
diff --git a/cmd/hashers/argon2/loadtest.go b/cmd/hashers/argon2/loadtest.go
index 74b06de511ea..440d404697bf 100644
--- a/cmd/hashers/argon2/loadtest.go
+++ b/cmd/hashers/argon2/loadtest.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package argon2
 
 import (
diff --git a/cmd/hashers/argon2/root.go b/cmd/hashers/argon2/root.go
index fd8392151a78..c5dbb6762acc 100644
--- a/cmd/hashers/argon2/root.go
+++ b/cmd/hashers/argon2/root.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package argon2
 
 import (
diff --git a/cmd/hashers/root.go b/cmd/hashers/root.go
index 0e72a9b19da6..2642eca4d108 100644
--- a/cmd/hashers/root.go
+++ b/cmd/hashers/root.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package hashers
 
 import (
diff --git a/cmd/identities/definitions.go b/cmd/identities/definitions.go
index d9dddedc2fb1..5897cdd5bc8a 100644
--- a/cmd/identities/definitions.go
+++ b/cmd/identities/definitions.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package identities
 
 import (
diff --git a/cmd/identities/delete.go b/cmd/identities/delete.go
index 2d73548f4609..2e30b4cfcbcd 100644
--- a/cmd/identities/delete.go
+++ b/cmd/identities/delete.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package identities
 
 import (
diff --git a/cmd/identities/delete_test.go b/cmd/identities/delete_test.go
index eec1c9aca7c1..28a8fdbfb7c2 100644
--- a/cmd/identities/delete_test.go
+++ b/cmd/identities/delete_test.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package identities_test
 
 import (
diff --git a/cmd/identities/get.go b/cmd/identities/get.go
index 8a7cdadf1f45..1e0ad9a939f9 100644
--- a/cmd/identities/get.go
+++ b/cmd/identities/get.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package identities
 
 import (
diff --git a/cmd/identities/get_test.go b/cmd/identities/get_test.go
index 1c9efc4685ad..949132ea6f36 100644
--- a/cmd/identities/get_test.go
+++ b/cmd/identities/get_test.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package identities_test
 
 import (
diff --git a/cmd/identities/helpers.go b/cmd/identities/helpers.go
index 874e0dc6a08e..8298ee6a033b 100644
--- a/cmd/identities/helpers.go
+++ b/cmd/identities/helpers.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package identities
 
 import (
diff --git a/cmd/identities/helpers_test.go b/cmd/identities/helpers_test.go
index 2947856e5787..432f3f099fc2 100644
--- a/cmd/identities/helpers_test.go
+++ b/cmd/identities/helpers_test.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package identities_test
 
 import (
diff --git a/cmd/identities/import.go b/cmd/identities/import.go
index a89ac013bd9e..e8c8b262c595 100644
--- a/cmd/identities/import.go
+++ b/cmd/identities/import.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package identities
 
 import (
diff --git a/cmd/identities/import_test.go b/cmd/identities/import_test.go
index ddccd1861e04..34021f7f661c 100644
--- a/cmd/identities/import_test.go
+++ b/cmd/identities/import_test.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package identities_test
 
 import (
diff --git a/cmd/identities/list.go b/cmd/identities/list.go
index 85eda6a73f31..c74e50f06a78 100644
--- a/cmd/identities/list.go
+++ b/cmd/identities/list.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package identities
 
 import (
diff --git a/cmd/identities/list_test.go b/cmd/identities/list_test.go
index 7eba3c0e1b97..ca2eb76da73b 100644
--- a/cmd/identities/list_test.go
+++ b/cmd/identities/list_test.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package identities_test
 
 import (
diff --git a/cmd/identities/validate.go b/cmd/identities/validate.go
index 7f14426357df..08e530d9260c 100644
--- a/cmd/identities/validate.go
+++ b/cmd/identities/validate.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package identities
 
 import (
diff --git a/cmd/identities/validate_test.go b/cmd/identities/validate_test.go
index 02a3015198a7..b39091cc0f30 100644
--- a/cmd/identities/validate_test.go
+++ b/cmd/identities/validate_test.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package identities_test
 
 import (
diff --git a/cmd/jsonnet/format.go b/cmd/jsonnet/format.go
index c44ed6791916..7f5223ba86d8 100644
--- a/cmd/jsonnet/format.go
+++ b/cmd/jsonnet/format.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package jsonnet
 
 import (
diff --git a/cmd/jsonnet/lint.go b/cmd/jsonnet/lint.go
index 0d81fcd16ddc..6625b9e7a8b8 100644
--- a/cmd/jsonnet/lint.go
+++ b/cmd/jsonnet/lint.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package jsonnet
 
 import (
diff --git a/cmd/jsonnet/root.go b/cmd/jsonnet/root.go
index e8aa847c0294..6621ebcf1f02 100644
--- a/cmd/jsonnet/root.go
+++ b/cmd/jsonnet/root.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package jsonnet
 
 const GlobHelp = `Glob Syntax:
diff --git a/cmd/migrate/root.go b/cmd/migrate/root.go
index 03f6199f2e85..14aea1de1b37 100644
--- a/cmd/migrate/root.go
+++ b/cmd/migrate/root.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package migrate
 
 import (
diff --git a/cmd/migrate/sql.go b/cmd/migrate/sql.go
index 0e065c997807..7c1366bfbba1 100644
--- a/cmd/migrate/sql.go
+++ b/cmd/migrate/sql.go
@@ -1,18 +1,6 @@
-/*
-Copyright © 2019 NAME HERE 
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
 
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-	http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
 package migrate
 
 import (
diff --git a/cmd/remote/root.go b/cmd/remote/root.go
index 38458cf9f74f..31a062a1862b 100644
--- a/cmd/remote/root.go
+++ b/cmd/remote/root.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package remote
 
 import (
diff --git a/cmd/remote/status.go b/cmd/remote/status.go
index 0674dd51fc59..b484829e61ec 100644
--- a/cmd/remote/status.go
+++ b/cmd/remote/status.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package remote
 
 import (
diff --git a/cmd/remote/version.go b/cmd/remote/version.go
index b8de4856eb85..b62e38052a53 100644
--- a/cmd/remote/version.go
+++ b/cmd/remote/version.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package remote
 
 import (
diff --git a/cmd/root.go b/cmd/root.go
index 0b9925fd8297..b1cd2d25afeb 100644
--- a/cmd/root.go
+++ b/cmd/root.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package cmd
 
 import (
diff --git a/cmd/root_test.go b/cmd/root_test.go
index ec9e100dd110..06877ca0f793 100644
--- a/cmd/root_test.go
+++ b/cmd/root_test.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package cmd
 
 import (
diff --git a/cmd/serve/root.go b/cmd/serve/root.go
index 3aadce77c93a..adcf3b78ee75 100644
--- a/cmd/serve/root.go
+++ b/cmd/serve/root.go
@@ -1,16 +1,5 @@
-// Copyright © 2018 NAME HERE 
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
 
 package serve
 
diff --git a/cmd/serve/root_test.go b/cmd/serve/root_test.go
index bd1f2f805dee..30a23e825f59 100644
--- a/cmd/serve/root_test.go
+++ b/cmd/serve/root_test.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package serve_test
 
 import (
diff --git a/continuity/container.go b/continuity/container.go
index ac1890abcbd2..e70a141f3947 100644
--- a/continuity/container.go
+++ b/continuity/container.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package continuity
 
 import (
diff --git a/continuity/container_test.go b/continuity/container_test.go
index d045105cd0f3..5ead610167d3 100644
--- a/continuity/container_test.go
+++ b/continuity/container_test.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package continuity
 
 import (
diff --git a/continuity/manager.go b/continuity/manager.go
index c3f50a4798ef..7a7ebd3fb680 100644
--- a/continuity/manager.go
+++ b/continuity/manager.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package continuity
 
 import (
diff --git a/continuity/manager_cookie.go b/continuity/manager_cookie.go
index 45b24c9a0c49..e54c5479ab5f 100644
--- a/continuity/manager_cookie.go
+++ b/continuity/manager_cookie.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package continuity
 
 import (
diff --git a/continuity/manager_options_test.go b/continuity/manager_options_test.go
index e5d2ebe18a94..89829e2ef9de 100644
--- a/continuity/manager_options_test.go
+++ b/continuity/manager_options_test.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package continuity
 
 import (
diff --git a/continuity/manager_test.go b/continuity/manager_test.go
index 462f829ae820..5c34034d194f 100644
--- a/continuity/manager_test.go
+++ b/continuity/manager_test.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package continuity_test
 
 import (
diff --git a/continuity/persistence.go b/continuity/persistence.go
index eff0e9f46e6e..a4016c9c99ed 100644
--- a/continuity/persistence.go
+++ b/continuity/persistence.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package continuity
 
 import (
diff --git a/continuity/test/persistence.go b/continuity/test/persistence.go
index d48623462e93..bfe2d156cce0 100644
--- a/continuity/test/persistence.go
+++ b/continuity/test/persistence.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package test
 
 import (
diff --git a/corp/context.go b/corp/context.go
index 44780f3152e6..2cbdaf4e41c6 100644
--- a/corp/context.go
+++ b/corp/context.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package corp
 
 import (
diff --git a/corp/noop.go b/corp/noop.go
index 791ccd752537..074d0dd631cd 100644
--- a/corp/noop.go
+++ b/corp/noop.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package corp
 
 import (
diff --git a/corpx/faker.go b/corpx/faker.go
index bbfe80f6b1d8..db0e653bacee 100644
--- a/corpx/faker.go
+++ b/corpx/faker.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package corpx
 
 import (
diff --git a/courier/courier.go b/courier/courier.go
index e2b10fc3855d..d8cb816e01d3 100644
--- a/courier/courier.go
+++ b/courier/courier.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package courier
 
 import (
diff --git a/courier/courier_dispatcher.go b/courier/courier_dispatcher.go
index 4f88884ce83c..938772c923db 100644
--- a/courier/courier_dispatcher.go
+++ b/courier/courier_dispatcher.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package courier
 
 import (
diff --git a/courier/courier_dispatcher_test.go b/courier/courier_dispatcher_test.go
index afe4c35fcf3b..6b1963542d1e 100644
--- a/courier/courier_dispatcher_test.go
+++ b/courier/courier_dispatcher_test.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package courier_test
 
 import (
diff --git a/courier/courier_test.go b/courier/courier_test.go
index b871e19fbe54..d56ebf86c116 100644
--- a/courier/courier_test.go
+++ b/courier/courier_test.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package courier_test
 
 import (
diff --git a/courier/email_templates.go b/courier/email_templates.go
index c175cf25f8ae..4280ea19ac65 100644
--- a/courier/email_templates.go
+++ b/courier/email_templates.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package courier
 
 import (
diff --git a/courier/email_templates_test.go b/courier/email_templates_test.go
index 6261f0a32b85..fcdc12827a3f 100644
--- a/courier/email_templates_test.go
+++ b/courier/email_templates_test.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package courier_test
 
 import (
diff --git a/courier/handler.go b/courier/handler.go
index 86db0106d2fa..ae715953510c 100644
--- a/courier/handler.go
+++ b/courier/handler.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package courier
 
 import (
diff --git a/courier/handler_test.go b/courier/handler_test.go
index beb7aa12891f..b42e0d53788c 100644
--- a/courier/handler_test.go
+++ b/courier/handler_test.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package courier_test
 
 import (
diff --git a/courier/message.go b/courier/message.go
index fda1437c4a2c..c7362415f241 100644
--- a/courier/message.go
+++ b/courier/message.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package courier
 
 import (
diff --git a/courier/message_test.go b/courier/message_test.go
index 6d5ac1c8cdd3..d12bd97bfa37 100644
--- a/courier/message_test.go
+++ b/courier/message_test.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package courier_test
 
 import (
diff --git a/courier/persistence.go b/courier/persistence.go
index 2555c1b4f420..4d99672771f2 100644
--- a/courier/persistence.go
+++ b/courier/persistence.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package courier
 
 import (
diff --git a/courier/sms.go b/courier/sms.go
index 94c5f3da1982..cbe28b09e81c 100644
--- a/courier/sms.go
+++ b/courier/sms.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package courier
 
 import (
diff --git a/courier/sms_templates.go b/courier/sms_templates.go
index 079268bd8e1a..995361d5f91d 100644
--- a/courier/sms_templates.go
+++ b/courier/sms_templates.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package courier
 
 import (
diff --git a/courier/sms_templates_test.go b/courier/sms_templates_test.go
index 760f89a21e04..a6bf806be953 100644
--- a/courier/sms_templates_test.go
+++ b/courier/sms_templates_test.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package courier_test
 
 import (
diff --git a/courier/sms_test.go b/courier/sms_test.go
index 9931b2e23dcc..fe0897144c6b 100644
--- a/courier/sms_test.go
+++ b/courier/sms_test.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package courier_test
 
 import (
diff --git a/courier/smtp.go b/courier/smtp.go
index fbcb838009cb..64e610fd5669 100644
--- a/courier/smtp.go
+++ b/courier/smtp.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package courier
 
 import (
diff --git a/courier/smtp_test.go b/courier/smtp_test.go
index ab7229398e20..92d3d939ed88 100644
--- a/courier/smtp_test.go
+++ b/courier/smtp_test.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package courier_test
 
 import (
diff --git a/courier/template/email/recovery_code_invalid.go b/courier/template/email/recovery_code_invalid.go
index af127cc97256..0748d2dd9073 100644
--- a/courier/template/email/recovery_code_invalid.go
+++ b/courier/template/email/recovery_code_invalid.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package email
 
 import (
diff --git a/courier/template/email/recovery_code_invalid_test.go b/courier/template/email/recovery_code_invalid_test.go
index b41c4fd64c8e..c1ddc5b054ca 100644
--- a/courier/template/email/recovery_code_invalid_test.go
+++ b/courier/template/email/recovery_code_invalid_test.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package email_test
 
 import (
diff --git a/courier/template/email/recovery_code_valid.go b/courier/template/email/recovery_code_valid.go
index 9094c5247deb..82f52037409e 100644
--- a/courier/template/email/recovery_code_valid.go
+++ b/courier/template/email/recovery_code_valid.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package email
 
 import (
diff --git a/courier/template/email/recovery_code_valid_test.go b/courier/template/email/recovery_code_valid_test.go
index 6afd5665c89e..c81af2b4c1e4 100644
--- a/courier/template/email/recovery_code_valid_test.go
+++ b/courier/template/email/recovery_code_valid_test.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package email_test
 
 import (
diff --git a/courier/template/email/recovery_invalid.go b/courier/template/email/recovery_invalid.go
index 408e51972558..ec1f33bbb34a 100644
--- a/courier/template/email/recovery_invalid.go
+++ b/courier/template/email/recovery_invalid.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package email
 
 import (
diff --git a/courier/template/email/recovery_invalid_test.go b/courier/template/email/recovery_invalid_test.go
index d3d533ab53af..0006468aedc6 100644
--- a/courier/template/email/recovery_invalid_test.go
+++ b/courier/template/email/recovery_invalid_test.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package email_test
 
 import (
diff --git a/courier/template/email/recovery_valid.go b/courier/template/email/recovery_valid.go
index 4cb60373f0a7..4b4c8c9da7b0 100644
--- a/courier/template/email/recovery_valid.go
+++ b/courier/template/email/recovery_valid.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package email
 
 import (
diff --git a/courier/template/email/recovery_valid_test.go b/courier/template/email/recovery_valid_test.go
index 0264fba9a4df..e4dc0a796719 100644
--- a/courier/template/email/recovery_valid_test.go
+++ b/courier/template/email/recovery_valid_test.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package email_test
 
 import (
diff --git a/courier/template/email/stub.go b/courier/template/email/stub.go
index dbd86f51462f..8b2da288a040 100644
--- a/courier/template/email/stub.go
+++ b/courier/template/email/stub.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package email
 
 import (
diff --git a/courier/template/email/verification_invalid.go b/courier/template/email/verification_invalid.go
index 1aaac47165d2..39a9bd8e6e98 100644
--- a/courier/template/email/verification_invalid.go
+++ b/courier/template/email/verification_invalid.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package email
 
 import (
diff --git a/courier/template/email/verification_invalid_test.go b/courier/template/email/verification_invalid_test.go
index 15a837e09968..8b510c635534 100644
--- a/courier/template/email/verification_invalid_test.go
+++ b/courier/template/email/verification_invalid_test.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package email_test
 
 import (
diff --git a/courier/template/email/verification_valid.go b/courier/template/email/verification_valid.go
index e8836c3a9431..009fcf3b64d8 100644
--- a/courier/template/email/verification_valid.go
+++ b/courier/template/email/verification_valid.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package email
 
 import (
diff --git a/courier/template/email/verification_valid_test.go b/courier/template/email/verification_valid_test.go
index 1ce209445fea..c595210a77c0 100644
--- a/courier/template/email/verification_valid_test.go
+++ b/courier/template/email/verification_valid_test.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package email_test
 
 import (
diff --git a/courier/template/load_template.go b/courier/template/load_template.go
index d3e3194cbd38..4d6a7b0ab070 100644
--- a/courier/template/load_template.go
+++ b/courier/template/load_template.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package template
 
 import (
diff --git a/courier/template/load_template_test.go b/courier/template/load_template_test.go
index caa4410e17b1..aaa0d9ffb2b6 100644
--- a/courier/template/load_template_test.go
+++ b/courier/template/load_template_test.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package template_test
 
 import (
diff --git a/courier/template/sms/otp.go b/courier/template/sms/otp.go
index ffa6b6ab356c..6f59be4cfcb1 100644
--- a/courier/template/sms/otp.go
+++ b/courier/template/sms/otp.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package sms
 
 import (
diff --git a/courier/template/sms/otp_test.go b/courier/template/sms/otp_test.go
index 01f4dcbbacb9..6f23680fd24e 100644
--- a/courier/template/sms/otp_test.go
+++ b/courier/template/sms/otp_test.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package sms_test
 
 import (
diff --git a/courier/template/sms/stub.go b/courier/template/sms/stub.go
index 5d9932e45ec3..316a105544f9 100644
--- a/courier/template/sms/stub.go
+++ b/courier/template/sms/stub.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package sms
 
 import (
diff --git a/courier/template/sms/stub_test.go b/courier/template/sms/stub_test.go
index 9b170a5532e4..e62bf4e3beac 100644
--- a/courier/template/sms/stub_test.go
+++ b/courier/template/sms/stub_test.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package sms_test
 
 import (
diff --git a/courier/template/template.go b/courier/template/template.go
index 465975c0a9e7..ee8cacb6b7b7 100644
--- a/courier/template/template.go
+++ b/courier/template/template.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package template
 
 import (
diff --git a/courier/template/testhelpers/testhelpers.go b/courier/template/testhelpers/testhelpers.go
index 08049d77e961..49ea79a53acc 100644
--- a/courier/template/testhelpers/testhelpers.go
+++ b/courier/template/testhelpers/testhelpers.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package testhelpers
 
 import (
diff --git a/courier/test/persistence.go b/courier/test/persistence.go
index 98183fd295ac..69223721175f 100644
--- a/courier/test/persistence.go
+++ b/courier/test/persistence.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package test
 
 import (
diff --git a/credentialmigrate/migrate.go b/credentialmigrate/migrate.go
index fee4fe6a20e8..331fb4559904 100644
--- a/credentialmigrate/migrate.go
+++ b/credentialmigrate/migrate.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package credentialmigrate
 
 import (
diff --git a/credentialmigrate/migrate_test.go b/credentialmigrate/migrate_test.go
index 2d490eb5705e..3ba8bef915a3 100644
--- a/credentialmigrate/migrate_test.go
+++ b/credentialmigrate/migrate_test.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package credentialmigrate
 
 import (
diff --git a/driver/config/buildinfo.go b/driver/config/buildinfo.go
index bd26334403b6..54a894387833 100644
--- a/driver/config/buildinfo.go
+++ b/driver/config/buildinfo.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package config
 
 var (
diff --git a/driver/config/config.go b/driver/config/config.go
index d70ec3113d27..938135f069a2 100644
--- a/driver/config/config.go
+++ b/driver/config/config.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package config
 
 import (
diff --git a/driver/config/config_test.go b/driver/config/config_test.go
index 89e904f39f9f..4fc029752b58 100644
--- a/driver/config/config_test.go
+++ b/driver/config/config_test.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package config_test
 
 import (
diff --git a/driver/config/handler.go b/driver/config/handler.go
index 9230f3e09b62..5e3ca99a1502 100644
--- a/driver/config/handler.go
+++ b/driver/config/handler.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package config
 
 import (
diff --git a/driver/config/handler_test.go b/driver/config/handler_test.go
index f32d8c7e78d9..5126bba851d8 100644
--- a/driver/config/handler_test.go
+++ b/driver/config/handler_test.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package config_test
 
 import (
diff --git a/driver/config/schema.go b/driver/config/schema.go
index d912156bec00..c7fed8060d36 100644
--- a/driver/config/schema.go
+++ b/driver/config/schema.go
@@ -1 +1,4 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package config
diff --git a/driver/factory.go b/driver/factory.go
index db536a036367..616b7df651ce 100644
--- a/driver/factory.go
+++ b/driver/factory.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package driver
 
 import (
diff --git a/driver/factory_test.go b/driver/factory_test.go
index 40565e32b7ba..75963c6d32c6 100644
--- a/driver/factory_test.go
+++ b/driver/factory_test.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package driver_test
 
 import (
diff --git a/driver/registry.go b/driver/registry.go
index ebe20809a2dd..49232acc688b 100644
--- a/driver/registry.go
+++ b/driver/registry.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package driver
 
 import (
diff --git a/driver/registry_default.go b/driver/registry_default.go
index 648410b6cebe..8e08807b49a1 100644
--- a/driver/registry_default.go
+++ b/driver/registry_default.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package driver
 
 import (
diff --git a/driver/registry_default_hooks.go b/driver/registry_default_hooks.go
index 1f85d8a596b4..e8b4eccc9d4d 100644
--- a/driver/registry_default_hooks.go
+++ b/driver/registry_default_hooks.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package driver
 
 import (
diff --git a/driver/registry_default_login.go b/driver/registry_default_login.go
index 8ba903aa6f29..594c0a9775e8 100644
--- a/driver/registry_default_login.go
+++ b/driver/registry_default_login.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package driver
 
 import (
diff --git a/driver/registry_default_recovery.go b/driver/registry_default_recovery.go
index cff44385b456..aa2059b5707d 100644
--- a/driver/registry_default_recovery.go
+++ b/driver/registry_default_recovery.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package driver
 
 import (
diff --git a/driver/registry_default_registration.go b/driver/registry_default_registration.go
index d9ca11e4bcc8..f23a0c17dce8 100644
--- a/driver/registry_default_registration.go
+++ b/driver/registry_default_registration.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package driver
 
 import (
diff --git a/driver/registry_default_schemas.go b/driver/registry_default_schemas.go
index d4550434fa21..6bb5ef9edc7c 100644
--- a/driver/registry_default_schemas.go
+++ b/driver/registry_default_schemas.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package driver
 
 import (
diff --git a/driver/registry_default_schemas_test.go b/driver/registry_default_schemas_test.go
index 734a474ab0ae..ff413532de7c 100644
--- a/driver/registry_default_schemas_test.go
+++ b/driver/registry_default_schemas_test.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package driver_test
 
 import (
diff --git a/driver/registry_default_settings.go b/driver/registry_default_settings.go
index 22e6ad509fd4..e38ccd7009e1 100644
--- a/driver/registry_default_settings.go
+++ b/driver/registry_default_settings.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package driver
 
 import (
diff --git a/driver/registry_default_test.go b/driver/registry_default_test.go
index 4e256fb4ea20..515feb2eaf84 100644
--- a/driver/registry_default_test.go
+++ b/driver/registry_default_test.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package driver_test
 
 import (
diff --git a/driver/registry_default_verify.go b/driver/registry_default_verify.go
index 0cb1a8ab2e8e..dd84e2ed93f9 100644
--- a/driver/registry_default_verify.go
+++ b/driver/registry_default_verify.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package driver
 
 import (
diff --git a/embedx/embedx.go b/embedx/embedx.go
index 74bab20a93a4..7519c29f8c68 100644
--- a/embedx/embedx.go
+++ b/embedx/embedx.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package embedx
 
 import (
diff --git a/embedx/embedx_test.go b/embedx/embedx_test.go
index a9ff60cdf4e5..2a6d3b6f9d1e 100644
--- a/embedx/embedx_test.go
+++ b/embedx/embedx_test.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package embedx
 
 import (
diff --git a/examples/go/identity/create/main.go b/examples/go/identity/create/main.go
index debe6caf1511..911da8d67dd0 100644
--- a/examples/go/identity/create/main.go
+++ b/examples/go/identity/create/main.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package main
 
 import (
diff --git a/examples/go/identity/create/main_test.go b/examples/go/identity/create/main_test.go
index 9098f8724883..be8c95f2991d 100644
--- a/examples/go/identity/create/main_test.go
+++ b/examples/go/identity/create/main_test.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package main
 
 import (
diff --git a/examples/go/identity/delete/main.go b/examples/go/identity/delete/main.go
index 2cae2f98355a..4419aca4b025 100644
--- a/examples/go/identity/delete/main.go
+++ b/examples/go/identity/delete/main.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package main
 
 import (
diff --git a/examples/go/identity/delete/main_test.go b/examples/go/identity/delete/main_test.go
index 33970df4bae7..fab0da5332de 100644
--- a/examples/go/identity/delete/main_test.go
+++ b/examples/go/identity/delete/main_test.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package main
 
 import (
diff --git a/examples/go/identity/get/main.go b/examples/go/identity/get/main.go
index 45bc97c68a3d..d4e8fefc89c4 100644
--- a/examples/go/identity/get/main.go
+++ b/examples/go/identity/get/main.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package main
 
 import (
diff --git a/examples/go/identity/get/main_test.go b/examples/go/identity/get/main_test.go
index 08e659e27c2a..044a4438aac3 100644
--- a/examples/go/identity/get/main_test.go
+++ b/examples/go/identity/get/main_test.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package main
 
 import (
diff --git a/examples/go/identity/update/main.go b/examples/go/identity/update/main.go
index fd75aaf607b1..ea840c899a10 100644
--- a/examples/go/identity/update/main.go
+++ b/examples/go/identity/update/main.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package main
 
 import (
diff --git a/examples/go/identity/update/main_test.go b/examples/go/identity/update/main_test.go
index d40999185ad5..7aced26dd920 100644
--- a/examples/go/identity/update/main_test.go
+++ b/examples/go/identity/update/main_test.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package main
 
 import (
diff --git a/examples/go/pkg/common.go b/examples/go/pkg/common.go
index edc94f450ff4..37fe3d0a2ab3 100644
--- a/examples/go/pkg/common.go
+++ b/examples/go/pkg/common.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package pkg
 
 import (
diff --git a/examples/go/pkg/resources.go b/examples/go/pkg/resources.go
index 6fd03f2ecc01..8ded1e1c6658 100644
--- a/examples/go/pkg/resources.go
+++ b/examples/go/pkg/resources.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package pkg
 
 import (
diff --git a/examples/go/selfservice/error/main.go b/examples/go/selfservice/error/main.go
index 05ebe2c46a2e..f06840017efe 100644
--- a/examples/go/selfservice/error/main.go
+++ b/examples/go/selfservice/error/main.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package main
 
 import (
diff --git a/examples/go/selfservice/error/main_test.go b/examples/go/selfservice/error/main_test.go
index 49bf82d8bf41..252958e6b1cb 100644
--- a/examples/go/selfservice/error/main_test.go
+++ b/examples/go/selfservice/error/main_test.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package main
 
 import (
diff --git a/examples/go/selfservice/login/main.go b/examples/go/selfservice/login/main.go
index ec8829003e85..e7bd868600c7 100644
--- a/examples/go/selfservice/login/main.go
+++ b/examples/go/selfservice/login/main.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package main
 
 import (
diff --git a/examples/go/selfservice/login/main_test.go b/examples/go/selfservice/login/main_test.go
index 1916f614f322..a2ea2e198112 100644
--- a/examples/go/selfservice/login/main_test.go
+++ b/examples/go/selfservice/login/main_test.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package main
 
 import (
diff --git a/examples/go/selfservice/logout/main.go b/examples/go/selfservice/logout/main.go
index 81897596a34f..aad0ca255dbf 100644
--- a/examples/go/selfservice/logout/main.go
+++ b/examples/go/selfservice/logout/main.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package main
 
 import (
diff --git a/examples/go/selfservice/logout/main_test.go b/examples/go/selfservice/logout/main_test.go
index d6fa1c803e1f..ff136bde0527 100644
--- a/examples/go/selfservice/logout/main_test.go
+++ b/examples/go/selfservice/logout/main_test.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package main
 
 import (
diff --git a/examples/go/selfservice/recovery/main.go b/examples/go/selfservice/recovery/main.go
index aa051ab088f2..1986bba60771 100644
--- a/examples/go/selfservice/recovery/main.go
+++ b/examples/go/selfservice/recovery/main.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package main
 
 import (
diff --git a/examples/go/selfservice/recovery/main_test.go b/examples/go/selfservice/recovery/main_test.go
index ab97402aacf1..0324a4e432a1 100644
--- a/examples/go/selfservice/recovery/main_test.go
+++ b/examples/go/selfservice/recovery/main_test.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package main
 
 import (
diff --git a/examples/go/selfservice/registration/main.go b/examples/go/selfservice/registration/main.go
index a0e6b2b04d63..74b44c479d28 100644
--- a/examples/go/selfservice/registration/main.go
+++ b/examples/go/selfservice/registration/main.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package main
 
 import (
diff --git a/examples/go/selfservice/registration/main_test.go b/examples/go/selfservice/registration/main_test.go
index 3a9776633765..5b8bf276dbe0 100644
--- a/examples/go/selfservice/registration/main_test.go
+++ b/examples/go/selfservice/registration/main_test.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package main
 
 import (
diff --git a/examples/go/selfservice/settings/main.go b/examples/go/selfservice/settings/main.go
index 5f570233c192..af979aa3337f 100644
--- a/examples/go/selfservice/settings/main.go
+++ b/examples/go/selfservice/settings/main.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package main
 
 import (
diff --git a/examples/go/selfservice/settings/main_test.go b/examples/go/selfservice/settings/main_test.go
index 7fe79d3d04ba..7e49b1bb9c7b 100644
--- a/examples/go/selfservice/settings/main_test.go
+++ b/examples/go/selfservice/settings/main_test.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package main
 
 import (
diff --git a/examples/go/selfservice/verification/main.go b/examples/go/selfservice/verification/main.go
index f8462bf880b9..c6eba8114159 100644
--- a/examples/go/selfservice/verification/main.go
+++ b/examples/go/selfservice/verification/main.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package main
 
 import (
diff --git a/examples/go/selfservice/verification/main_test.go b/examples/go/selfservice/verification/main_test.go
index 96ba7198cfb3..88be9b79e2af 100644
--- a/examples/go/selfservice/verification/main_test.go
+++ b/examples/go/selfservice/verification/main_test.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package main
 
 import (
diff --git a/examples/go/session/tosession/main.go b/examples/go/session/tosession/main.go
index 629dd2e5b2c7..61e3a81d1d8d 100644
--- a/examples/go/session/tosession/main.go
+++ b/examples/go/session/tosession/main.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package main
 
 import (
diff --git a/examples/go/session/tosession/main_test.go b/examples/go/session/tosession/main_test.go
index 707acac06730..d5cf235dd37f 100644
--- a/examples/go/session/tosession/main_test.go
+++ b/examples/go/session/tosession/main_test.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package main
 
 import (
diff --git a/go_mod_indirect_pins.go b/go_mod_indirect_pins.go
index 80db14c9d02f..959ff32eb63a 100644
--- a/go_mod_indirect_pins.go
+++ b/go_mod_indirect_pins.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 //go:build tools
 // +build tools
 
diff --git a/hash/hash_comparator.go b/hash/hash_comparator.go
index 246d7204edf5..e1a78309d1f1 100644
--- a/hash/hash_comparator.go
+++ b/hash/hash_comparator.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package hash
 
 import (
diff --git a/hash/hasher.go b/hash/hasher.go
index f78d355d556b..c986f6729d80 100644
--- a/hash/hasher.go
+++ b/hash/hasher.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package hash
 
 import (
diff --git a/hash/hasher_argon2.go b/hash/hasher_argon2.go
index 3bb7c142434e..642bba6220a1 100644
--- a/hash/hasher_argon2.go
+++ b/hash/hasher_argon2.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package hash
 
 import (
diff --git a/hash/hasher_bcrypt.go b/hash/hasher_bcrypt.go
index 55e457f12a8e..3685f2296b54 100644
--- a/hash/hasher_bcrypt.go
+++ b/hash/hasher_bcrypt.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package hash
 
 import (
diff --git a/hash/hasher_pbkdf2.go b/hash/hasher_pbkdf2.go
index c8ca2463cc94..87a8ccc1d126 100644
--- a/hash/hasher_pbkdf2.go
+++ b/hash/hasher_pbkdf2.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package hash
 
 import (
diff --git a/hash/hasher_scrypt.go b/hash/hasher_scrypt.go
index 9075c6b9e07d..85f73c491868 100644
--- a/hash/hasher_scrypt.go
+++ b/hash/hasher_scrypt.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package hash
 
 type Scrypt struct {
diff --git a/hash/hasher_test.go b/hash/hasher_test.go
index 9d8bea0e9eb2..46dae9d56295 100644
--- a/hash/hasher_test.go
+++ b/hash/hasher_test.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package hash_test
 
 import (
diff --git a/hydra/fake.go b/hydra/fake.go
index be9b19958ebe..293261556d50 100644
--- a/hydra/fake.go
+++ b/hydra/fake.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package hydra
 
 import (
diff --git a/hydra/hydra.go b/hydra/hydra.go
index 3dc3cd64c1d8..fcda69d25aa3 100644
--- a/hydra/hydra.go
+++ b/hydra/hydra.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package hydra
 
 import (
diff --git a/hydra/hydra_test.go b/hydra/hydra_test.go
index 9fccdc9adf52..ed73709eb0fc 100644
--- a/hydra/hydra_test.go
+++ b/hydra/hydra_test.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package hydra_test
 
 import (
diff --git a/identity/address.go b/identity/address.go
index d4b4713ecebb..7ea4925fb43f 100644
--- a/identity/address.go
+++ b/identity/address.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package identity
 
 const (
diff --git a/identity/credentials.go b/identity/credentials.go
index 8b78232aa36a..cc317a94763c 100644
--- a/identity/credentials.go
+++ b/identity/credentials.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package identity
 
 import (
diff --git a/identity/credentials_oidc.go b/identity/credentials_oidc.go
index 406643fac636..04d1c69d888c 100644
--- a/identity/credentials_oidc.go
+++ b/identity/credentials_oidc.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package identity
 
 import (
diff --git a/identity/credentials_password.go b/identity/credentials_password.go
index 9a9783e56ddb..d3a2cb5dcaf4 100644
--- a/identity/credentials_password.go
+++ b/identity/credentials_password.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package identity
 
 // CredentialsPassword is contains the configuration for credentials of the type password.
diff --git a/identity/credentials_test.go b/identity/credentials_test.go
index e3cc5b64f954..59d02608b8eb 100644
--- a/identity/credentials_test.go
+++ b/identity/credentials_test.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package identity
 
 import (
diff --git a/identity/extension_credentials.go b/identity/extension_credentials.go
index 79d529e9a26f..a31202b62812 100644
--- a/identity/extension_credentials.go
+++ b/identity/extension_credentials.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package identity
 
 import (
diff --git a/identity/extension_credentials_test.go b/identity/extension_credentials_test.go
index a0108a9b42f3..f1eaee54bab6 100644
--- a/identity/extension_credentials_test.go
+++ b/identity/extension_credentials_test.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package identity_test
 
 import (
diff --git a/identity/extension_recovery.go b/identity/extension_recovery.go
index 80c03e911f82..880470af668e 100644
--- a/identity/extension_recovery.go
+++ b/identity/extension_recovery.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package identity
 
 import (
diff --git a/identity/extension_recovery_test.go b/identity/extension_recovery_test.go
index 2802818a2342..8879672f66d4 100644
--- a/identity/extension_recovery_test.go
+++ b/identity/extension_recovery_test.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package identity
 
 import (
diff --git a/identity/extension_verify.go b/identity/extension_verify.go
index b900e7d030db..949c221006fd 100644
--- a/identity/extension_verify.go
+++ b/identity/extension_verify.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package identity
 
 import (
diff --git a/identity/extension_verify_test.go b/identity/extension_verify_test.go
index 3068ed2f9c64..3790c4f6486b 100644
--- a/identity/extension_verify_test.go
+++ b/identity/extension_verify_test.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package identity
 
 import (
diff --git a/identity/handler.go b/identity/handler.go
index 787181cbc847..2497b5823e26 100644
--- a/identity/handler.go
+++ b/identity/handler.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package identity
 
 import (
diff --git a/identity/handler_import.go b/identity/handler_import.go
index 75cff06a834b..c00d5941d145 100644
--- a/identity/handler_import.go
+++ b/identity/handler_import.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package identity
 
 import (
diff --git a/identity/handler_test.go b/identity/handler_test.go
index 0dad86c21409..8d356e99b0bd 100644
--- a/identity/handler_test.go
+++ b/identity/handler_test.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package identity_test
 
 import (
diff --git a/identity/identity.go b/identity/identity.go
index 8677833f53fc..c364c7c87b47 100644
--- a/identity/identity.go
+++ b/identity/identity.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package identity
 
 import (
diff --git a/identity/identity_recovery.go b/identity/identity_recovery.go
index 234b0341d460..5703e56f1d6b 100644
--- a/identity/identity_recovery.go
+++ b/identity/identity_recovery.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package identity
 
 import (
diff --git a/identity/identity_recovery_test.go b/identity/identity_recovery_test.go
index b96fac0f9ed9..513abc7e4494 100644
--- a/identity/identity_recovery_test.go
+++ b/identity/identity_recovery_test.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package identity
 
 import (
diff --git a/identity/identity_test.go b/identity/identity_test.go
index 8727a4631c1d..6565dde7a39b 100644
--- a/identity/identity_test.go
+++ b/identity/identity_test.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package identity
 
 import (
diff --git a/identity/identity_verification.go b/identity/identity_verification.go
index d1e6e55c3a43..7a4ff42b4515 100644
--- a/identity/identity_verification.go
+++ b/identity/identity_verification.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package identity
 
 import (
diff --git a/identity/identity_verification_test.go b/identity/identity_verification_test.go
index 5750c225d5be..6b1d01e69625 100644
--- a/identity/identity_verification_test.go
+++ b/identity/identity_verification_test.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package identity
 
 import (
diff --git a/identity/manager.go b/identity/manager.go
index 93cb4755d949..4b56b9dc5a99 100644
--- a/identity/manager.go
+++ b/identity/manager.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package identity
 
 import (
diff --git a/identity/manager_test.go b/identity/manager_test.go
index bf4a8054ae2e..74bc789febb1 100644
--- a/identity/manager_test.go
+++ b/identity/manager_test.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package identity_test
 
 import (
diff --git a/identity/pool.go b/identity/pool.go
index e3e1c8bd84e9..7f5b71696f88 100644
--- a/identity/pool.go
+++ b/identity/pool.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package identity
 
 import (
diff --git a/identity/registry.go b/identity/registry.go
index 4cee6a8045eb..785d2f2e9ed6 100644
--- a/identity/registry.go
+++ b/identity/registry.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package identity
 
 import (
diff --git a/identity/test/pool.go b/identity/test/pool.go
index 88c7205816c9..eb2a82dc3da4 100644
--- a/identity/test/pool.go
+++ b/identity/test/pool.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package test
 
 import (
diff --git a/identity/validator.go b/identity/validator.go
index df2e13ac6396..010bbefb739b 100644
--- a/identity/validator.go
+++ b/identity/validator.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package identity
 
 import (
diff --git a/identity/validator_test.go b/identity/validator_test.go
index 57755d7dd51b..26ef4ce17ff6 100644
--- a/identity/validator_test.go
+++ b/identity/validator_test.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package identity_test
 
 import (
diff --git a/internal/clihelpers/helpers.go b/internal/clihelpers/helpers.go
index 870c67a9871f..70f610cb9063 100644
--- a/internal/clihelpers/helpers.go
+++ b/internal/clihelpers/helpers.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package clihelpers
 
 const (
diff --git a/internal/driver.go b/internal/driver.go
index fd7536162f30..cb51226f3995 100644
--- a/internal/driver.go
+++ b/internal/driver.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package internal
 
 import (
diff --git a/internal/registrationhelpers/helpers.go b/internal/registrationhelpers/helpers.go
index a5d284089d5b..ffbd50d089ed 100644
--- a/internal/registrationhelpers/helpers.go
+++ b/internal/registrationhelpers/helpers.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package registrationhelpers
 
 import (
diff --git a/internal/settingshelpers/helpers.go b/internal/settingshelpers/helpers.go
index e78d25a6af50..0f4e3287a1af 100644
--- a/internal/settingshelpers/helpers.go
+++ b/internal/settingshelpers/helpers.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package settingshelpers
 
 import (
diff --git a/internal/testhelpers/config.go b/internal/testhelpers/config.go
index 30e330374cb0..c36f5a7a9bf3 100644
--- a/internal/testhelpers/config.go
+++ b/internal/testhelpers/config.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package testhelpers
 
 import (
diff --git a/internal/testhelpers/courier.go b/internal/testhelpers/courier.go
index 0996c25a374e..1a6da413ebdd 100644
--- a/internal/testhelpers/courier.go
+++ b/internal/testhelpers/courier.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package testhelpers
 
 import (
diff --git a/internal/testhelpers/e2e_server.go b/internal/testhelpers/e2e_server.go
index 9a645841ebb4..23f6df019582 100644
--- a/internal/testhelpers/e2e_server.go
+++ b/internal/testhelpers/e2e_server.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package testhelpers
 
 import (
diff --git a/internal/testhelpers/errorx.go b/internal/testhelpers/errorx.go
index 31eb321afe28..8b9d138b7539 100644
--- a/internal/testhelpers/errorx.go
+++ b/internal/testhelpers/errorx.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package testhelpers
 
 import (
diff --git a/internal/testhelpers/fake.go b/internal/testhelpers/fake.go
index 4a2d15f6deb0..b40f6b794b3b 100644
--- a/internal/testhelpers/fake.go
+++ b/internal/testhelpers/fake.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package testhelpers
 
 import "github.com/ory/x/randx"
diff --git a/internal/testhelpers/handler_mock.go b/internal/testhelpers/handler_mock.go
index dab6a68d283a..43bcfb3a905a 100644
--- a/internal/testhelpers/handler_mock.go
+++ b/internal/testhelpers/handler_mock.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package testhelpers
 
 import (
diff --git a/internal/testhelpers/http.go b/internal/testhelpers/http.go
index 6907fe0d7f04..267fa05583c3 100644
--- a/internal/testhelpers/http.go
+++ b/internal/testhelpers/http.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package testhelpers
 
 import (
diff --git a/internal/testhelpers/httptest.go b/internal/testhelpers/httptest.go
index 9408ab91fb5c..3226d04d4e7b 100644
--- a/internal/testhelpers/httptest.go
+++ b/internal/testhelpers/httptest.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package testhelpers
 
 import (
diff --git a/internal/testhelpers/identity.go b/internal/testhelpers/identity.go
index c80dca9274a3..53826a1f19f5 100644
--- a/internal/testhelpers/identity.go
+++ b/internal/testhelpers/identity.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package testhelpers
 
 import (
diff --git a/internal/testhelpers/identity_schema.go b/internal/testhelpers/identity_schema.go
index 7f8e597e6c57..2c55514418b1 100644
--- a/internal/testhelpers/identity_schema.go
+++ b/internal/testhelpers/identity_schema.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package testhelpers
 
 import (
diff --git a/internal/testhelpers/json.go b/internal/testhelpers/json.go
index dc1b8d88551c..5681c43f66ec 100644
--- a/internal/testhelpers/json.go
+++ b/internal/testhelpers/json.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package testhelpers
 
 import (
diff --git a/internal/testhelpers/network.go b/internal/testhelpers/network.go
index dee97673c72c..f922bec4e4ba 100644
--- a/internal/testhelpers/network.go
+++ b/internal/testhelpers/network.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package testhelpers
 
 import (
diff --git a/internal/testhelpers/sdk.go b/internal/testhelpers/sdk.go
index bb8350d73c3b..4a87776571f6 100644
--- a/internal/testhelpers/sdk.go
+++ b/internal/testhelpers/sdk.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package testhelpers
 
 import (
diff --git a/internal/testhelpers/selfservice.go b/internal/testhelpers/selfservice.go
index b55be5557b2a..cf5156107ade 100644
--- a/internal/testhelpers/selfservice.go
+++ b/internal/testhelpers/selfservice.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package testhelpers
 
 import (
diff --git a/internal/testhelpers/selfservice_login.go b/internal/testhelpers/selfservice_login.go
index d91bcf7dd6af..ce493df9e596 100644
--- a/internal/testhelpers/selfservice_login.go
+++ b/internal/testhelpers/selfservice_login.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package testhelpers
 
 import (
diff --git a/internal/testhelpers/selfservice_recovery.go b/internal/testhelpers/selfservice_recovery.go
index d600931203cb..2afe9f2be195 100644
--- a/internal/testhelpers/selfservice_recovery.go
+++ b/internal/testhelpers/selfservice_recovery.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 // nolint
 package testhelpers
 
diff --git a/internal/testhelpers/selfservice_registration.go b/internal/testhelpers/selfservice_registration.go
index 1c04a522b6ca..5e5e3b432e2f 100644
--- a/internal/testhelpers/selfservice_registration.go
+++ b/internal/testhelpers/selfservice_registration.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package testhelpers
 
 import (
diff --git a/internal/testhelpers/selfservice_settings.go b/internal/testhelpers/selfservice_settings.go
index f9524bb60872..7ad39a5d2b92 100644
--- a/internal/testhelpers/selfservice_settings.go
+++ b/internal/testhelpers/selfservice_settings.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 // nolint
 package testhelpers
 
diff --git a/internal/testhelpers/selfservice_verification.go b/internal/testhelpers/selfservice_verification.go
index 9d4b56a8f78b..50fb17f90324 100644
--- a/internal/testhelpers/selfservice_verification.go
+++ b/internal/testhelpers/selfservice_verification.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 // nolint
 package testhelpers
 
diff --git a/internal/testhelpers/server.go b/internal/testhelpers/server.go
index 86045417c481..bad015705bf0 100644
--- a/internal/testhelpers/server.go
+++ b/internal/testhelpers/server.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package testhelpers
 
 import (
diff --git a/internal/testhelpers/session.go b/internal/testhelpers/session.go
index b9282e573316..84e856b00246 100644
--- a/internal/testhelpers/session.go
+++ b/internal/testhelpers/session.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package testhelpers
 
 import (
diff --git a/internal/testhelpers/snapshot.go b/internal/testhelpers/snapshot.go
index 7d0b7f318978..350127c9f427 100644
--- a/internal/testhelpers/snapshot.go
+++ b/internal/testhelpers/snapshot.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package testhelpers
 
 import (
diff --git a/internal/testhelpers/strategies.go b/internal/testhelpers/strategies.go
index fb83dc475735..46c98720dafa 100644
--- a/internal/testhelpers/strategies.go
+++ b/internal/testhelpers/strategies.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package testhelpers
 
 import (
diff --git a/main.go b/main.go
index e077c318c005..9870d2ab736e 100644
--- a/main.go
+++ b/main.go
@@ -1,16 +1,5 @@
-// Copyright © 2018 NAME HERE 
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
 
 // package main is the entry point for kratos.
 package main
diff --git a/otp/otp.go b/otp/otp.go
index f218356b1683..565ff489d840 100644
--- a/otp/otp.go
+++ b/otp/otp.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package otp
 
 import (
diff --git a/persistence/aliases/http_header.go b/persistence/aliases/http_header.go
index 892c9fc25638..dba6cb21461a 100644
--- a/persistence/aliases/http_header.go
+++ b/persistence/aliases/http_header.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package aliases
 
 import (
diff --git a/persistence/reference.go b/persistence/reference.go
index 336d89ee218f..0aa201622eae 100644
--- a/persistence/reference.go
+++ b/persistence/reference.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package persistence
 
 import (
diff --git a/persistence/sql/migratest/migration_test.go b/persistence/sql/migratest/migration_test.go
index 8e3c1350664c..9ca86b7ee7a3 100644
--- a/persistence/sql/migratest/migration_test.go
+++ b/persistence/sql/migratest/migration_test.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package migratest
 
 import (
diff --git a/persistence/sql/persister.go b/persistence/sql/persister.go
index 0b43dd4b4987..f28ce1a44ccb 100644
--- a/persistence/sql/persister.go
+++ b/persistence/sql/persister.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package sql
 
 import (
diff --git a/persistence/sql/persister_cleanup_test.go b/persistence/sql/persister_cleanup_test.go
index 8232660649d3..c7ec1e84e0ef 100644
--- a/persistence/sql/persister_cleanup_test.go
+++ b/persistence/sql/persister_cleanup_test.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package sql_test
 
 import (
diff --git a/persistence/sql/persister_continuity.go b/persistence/sql/persister_continuity.go
index cc69644bceb1..05cd2e0c3bed 100644
--- a/persistence/sql/persister_continuity.go
+++ b/persistence/sql/persister_continuity.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package sql
 
 import (
diff --git a/persistence/sql/persister_courier.go b/persistence/sql/persister_courier.go
index 9530e7aff7b0..0ae706b5ab9e 100644
--- a/persistence/sql/persister_courier.go
+++ b/persistence/sql/persister_courier.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package sql
 
 import (
diff --git a/persistence/sql/persister_errorx.go b/persistence/sql/persister_errorx.go
index ba7adcb54a45..808edfbc5d99 100644
--- a/persistence/sql/persister_errorx.go
+++ b/persistence/sql/persister_errorx.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package sql
 
 import (
diff --git a/persistence/sql/persister_hmac.go b/persistence/sql/persister_hmac.go
index 25025118389d..6faf7a80ca4c 100644
--- a/persistence/sql/persister_hmac.go
+++ b/persistence/sql/persister_hmac.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package sql
 
 import (
diff --git a/persistence/sql/persister_hmac_test.go b/persistence/sql/persister_hmac_test.go
index 8e9bfa16388b..27ed36aea75c 100644
--- a/persistence/sql/persister_hmac_test.go
+++ b/persistence/sql/persister_hmac_test.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package sql
 
 import (
diff --git a/persistence/sql/persister_identity.go b/persistence/sql/persister_identity.go
index d6bdba318cca..625b6df80b68 100644
--- a/persistence/sql/persister_identity.go
+++ b/persistence/sql/persister_identity.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package sql
 
 import (
diff --git a/persistence/sql/persister_login.go b/persistence/sql/persister_login.go
index 47c74f88fabd..9c541734f19c 100644
--- a/persistence/sql/persister_login.go
+++ b/persistence/sql/persister_login.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package sql
 
 import (
diff --git a/persistence/sql/persister_recovery.go b/persistence/sql/persister_recovery.go
index 164a1f507c1d..5b6f0741ff57 100644
--- a/persistence/sql/persister_recovery.go
+++ b/persistence/sql/persister_recovery.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package sql
 
 import (
diff --git a/persistence/sql/persister_registration.go b/persistence/sql/persister_registration.go
index d504c2f7e914..45054975cfc3 100644
--- a/persistence/sql/persister_registration.go
+++ b/persistence/sql/persister_registration.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package sql
 
 import (
diff --git a/persistence/sql/persister_session.go b/persistence/sql/persister_session.go
index a23bb052e726..4ee12c5a483d 100644
--- a/persistence/sql/persister_session.go
+++ b/persistence/sql/persister_session.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package sql
 
 import (
diff --git a/persistence/sql/persister_settings.go b/persistence/sql/persister_settings.go
index ac035e551261..1d91268c9801 100644
--- a/persistence/sql/persister_settings.go
+++ b/persistence/sql/persister_settings.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package sql
 
 import (
diff --git a/persistence/sql/persister_test.go b/persistence/sql/persister_test.go
index f4849c3b5f84..3b245d025204 100644
--- a/persistence/sql/persister_test.go
+++ b/persistence/sql/persister_test.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package sql_test
 
 import (
diff --git a/persistence/sql/persister_transaction_helpers.go b/persistence/sql/persister_transaction_helpers.go
index 81e16c5e538f..f6aa0a57d1f1 100644
--- a/persistence/sql/persister_transaction_helpers.go
+++ b/persistence/sql/persister_transaction_helpers.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package sql
 
 import (
diff --git a/persistence/sql/persister_verification.go b/persistence/sql/persister_verification.go
index 8ea41836d451..a56f15554a61 100644
--- a/persistence/sql/persister_verification.go
+++ b/persistence/sql/persister_verification.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package sql
 
 import (
diff --git a/persistence/sql/testhelpers/network.go b/persistence/sql/testhelpers/network.go
index eb530f1d4c8d..9439a596d1c4 100644
--- a/persistence/sql/testhelpers/network.go
+++ b/persistence/sql/testhelpers/network.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package testhelpers
 
 import (
diff --git a/request/auth.go b/request/auth.go
index 398aa0aef910..2f0364eb4bb4 100644
--- a/request/auth.go
+++ b/request/auth.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package request
 
 import (
diff --git a/request/auth_strategy.go b/request/auth_strategy.go
index f280a5b92e70..e7a5db67e810 100644
--- a/request/auth_strategy.go
+++ b/request/auth_strategy.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package request
 
 import (
diff --git a/request/auth_strategy_test.go b/request/auth_strategy_test.go
index e2422fb40425..519c423814c1 100644
--- a/request/auth_strategy_test.go
+++ b/request/auth_strategy_test.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package request
 
 import (
diff --git a/request/auth_test.go b/request/auth_test.go
index c0df79336905..299ba4d25e33 100644
--- a/request/auth_test.go
+++ b/request/auth_test.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package request
 
 import (
diff --git a/request/builder.go b/request/builder.go
index f1df2a4cb325..cfd8b41fba56 100644
--- a/request/builder.go
+++ b/request/builder.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package request
 
 import (
diff --git a/request/builder_test.go b/request/builder_test.go
index 869a039d19d9..112daea16134 100644
--- a/request/builder_test.go
+++ b/request/builder_test.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package request
 
 import (
diff --git a/request/config.go b/request/config.go
index 085b18a76a7f..6489109b4c77 100644
--- a/request/config.go
+++ b/request/config.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package request
 
 import (
diff --git a/schema/context.go b/schema/context.go
index 5d89936d78ce..f71a6dc8854b 100644
--- a/schema/context.go
+++ b/schema/context.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package schema
 
 import (
diff --git a/schema/context_test.go b/schema/context_test.go
index 8576475af417..4ca0653c0f2a 100644
--- a/schema/context_test.go
+++ b/schema/context_test.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package schema
 
 import (
diff --git a/schema/errors.go b/schema/errors.go
index acdae891d67b..83513df8badc 100644
--- a/schema/errors.go
+++ b/schema/errors.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package schema
 
 import (
diff --git a/schema/errors_test.go b/schema/errors_test.go
index 6607dc39cca2..ec77126fb823 100644
--- a/schema/errors_test.go
+++ b/schema/errors_test.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package schema
 
 import (
diff --git a/schema/extension.go b/schema/extension.go
index d4a7770ec1b9..226772a385ae 100644
--- a/schema/extension.go
+++ b/schema/extension.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package schema
 
 import (
diff --git a/schema/extension_test.go b/schema/extension_test.go
index ee13203323ff..ef8fcb90f62a 100644
--- a/schema/extension_test.go
+++ b/schema/extension_test.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package schema
 
 import (
diff --git a/schema/handler.go b/schema/handler.go
index 88df15d0c6af..c24bbb4bf18f 100644
--- a/schema/handler.go
+++ b/schema/handler.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package schema
 
 import (
diff --git a/schema/handler_test.go b/schema/handler_test.go
index d5951a8e887a..127d585b91c4 100644
--- a/schema/handler_test.go
+++ b/schema/handler_test.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package schema_test
 
 import (
diff --git a/schema/loader.go b/schema/loader.go
index 4f6a8604374d..4b23e08e2f47 100644
--- a/schema/loader.go
+++ b/schema/loader.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package schema
 
 import (
diff --git a/schema/schema.go b/schema/schema.go
index c1306e380466..96cd6cc8e563 100644
--- a/schema/schema.go
+++ b/schema/schema.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package schema
 
 import (
diff --git a/schema/schema_test.go b/schema/schema_test.go
index fb395aa8c4c3..bb5fc3106479 100644
--- a/schema/schema_test.go
+++ b/schema/schema_test.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package schema
 
 import (
diff --git a/schema/validator.go b/schema/validator.go
index 72129e21463b..144f04c5bfc0 100644
--- a/schema/validator.go
+++ b/schema/validator.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package schema
 
 import (
diff --git a/schema/validator_test.go b/schema/validator_test.go
index 7e5b9bd1890a..2ef474afae05 100644
--- a/schema/validator_test.go
+++ b/schema/validator_test.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package schema
 
 import (
diff --git a/selfservice/errorx/error.go b/selfservice/errorx/error.go
index 3be943418499..4cbe9b7b2058 100644
--- a/selfservice/errorx/error.go
+++ b/selfservice/errorx/error.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package errorx
 
 import (
diff --git a/selfservice/errorx/handler.go b/selfservice/errorx/handler.go
index b34341d29998..c2446e5ce2d0 100644
--- a/selfservice/errorx/handler.go
+++ b/selfservice/errorx/handler.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package errorx
 
 import (
diff --git a/selfservice/errorx/handler_test.go b/selfservice/errorx/handler_test.go
index da6fc56909e3..10427745299e 100644
--- a/selfservice/errorx/handler_test.go
+++ b/selfservice/errorx/handler_test.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package errorx_test
 
 import (
diff --git a/selfservice/errorx/manager.go b/selfservice/errorx/manager.go
index 498db3963778..4749fb4bc251 100644
--- a/selfservice/errorx/manager.go
+++ b/selfservice/errorx/manager.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package errorx
 
 import (
diff --git a/selfservice/errorx/persistence.go b/selfservice/errorx/persistence.go
index d8438aba9179..61bafab724d2 100644
--- a/selfservice/errorx/persistence.go
+++ b/selfservice/errorx/persistence.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package errorx
 
 import (
diff --git a/selfservice/errorx/test/persistence.go b/selfservice/errorx/test/persistence.go
index ed62a7479d72..8ef404833e83 100644
--- a/selfservice/errorx/test/persistence.go
+++ b/selfservice/errorx/test/persistence.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package errorx
 
 import (
diff --git a/selfservice/flow/config.go b/selfservice/flow/config.go
index 6f69a6d648f9..effd030d9d92 100644
--- a/selfservice/flow/config.go
+++ b/selfservice/flow/config.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package flow
 
 import (
diff --git a/selfservice/flow/error.go b/selfservice/flow/error.go
index 98747388ac10..2a43a7ef2b80 100644
--- a/selfservice/flow/error.go
+++ b/selfservice/flow/error.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package flow
 
 import (
diff --git a/selfservice/flow/error_test.go b/selfservice/flow/error_test.go
index 559cdbad2da4..38f45011ef40 100644
--- a/selfservice/flow/error_test.go
+++ b/selfservice/flow/error_test.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package flow
 
 import (
diff --git a/selfservice/flow/flow.go b/selfservice/flow/flow.go
index d1e1916271fe..59ef84ce0649 100644
--- a/selfservice/flow/flow.go
+++ b/selfservice/flow/flow.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package flow
 
 import (
diff --git a/selfservice/flow/flow_test.go b/selfservice/flow/flow_test.go
index 0e703c9fb971..62be88f1c14c 100644
--- a/selfservice/flow/flow_test.go
+++ b/selfservice/flow/flow_test.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package flow
 
 import (
diff --git a/selfservice/flow/internal_context.go b/selfservice/flow/internal_context.go
index f62952d1c871..6c886b26ad21 100644
--- a/selfservice/flow/internal_context.go
+++ b/selfservice/flow/internal_context.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package flow
 
 import "github.com/ory/kratos/identity"
diff --git a/selfservice/flow/login/aal.go b/selfservice/flow/login/aal.go
index 6676a83751ff..f84ed6e4a65f 100644
--- a/selfservice/flow/login/aal.go
+++ b/selfservice/flow/login/aal.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package login
 
 import (
diff --git a/selfservice/flow/login/aal_test.go b/selfservice/flow/login/aal_test.go
index 5de202c3907d..a973c055cab6 100644
--- a/selfservice/flow/login/aal_test.go
+++ b/selfservice/flow/login/aal_test.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package login_test
 
 import (
diff --git a/selfservice/flow/login/error.go b/selfservice/flow/login/error.go
index 6a2447fc065f..39046ec52b54 100644
--- a/selfservice/flow/login/error.go
+++ b/selfservice/flow/login/error.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package login
 
 import (
diff --git a/selfservice/flow/login/error_test.go b/selfservice/flow/login/error_test.go
index da11f6caaa44..2665d8818e4c 100644
--- a/selfservice/flow/login/error_test.go
+++ b/selfservice/flow/login/error_test.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package login_test
 
 import (
diff --git a/selfservice/flow/login/export_test.go b/selfservice/flow/login/export_test.go
index e3566e815eb2..9c80719082e8 100644
--- a/selfservice/flow/login/export_test.go
+++ b/selfservice/flow/login/export_test.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package login
 
 import (
diff --git a/selfservice/flow/login/flow.go b/selfservice/flow/login/flow.go
index b8cfedbb8307..2a6a70d51077 100644
--- a/selfservice/flow/login/flow.go
+++ b/selfservice/flow/login/flow.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package login
 
 import (
diff --git a/selfservice/flow/login/flow_test.go b/selfservice/flow/login/flow_test.go
index 7dcee2573865..73293d22226c 100644
--- a/selfservice/flow/login/flow_test.go
+++ b/selfservice/flow/login/flow_test.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package login_test
 
 import (
diff --git a/selfservice/flow/login/handler.go b/selfservice/flow/login/handler.go
index a4abf3677d34..7bb9c703e105 100644
--- a/selfservice/flow/login/handler.go
+++ b/selfservice/flow/login/handler.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package login
 
 import (
diff --git a/selfservice/flow/login/handler_test.go b/selfservice/flow/login/handler_test.go
index 5d8b571f8567..8b1d1f673ee1 100644
--- a/selfservice/flow/login/handler_test.go
+++ b/selfservice/flow/login/handler_test.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package login_test
 
 import (
diff --git a/selfservice/flow/login/hook.go b/selfservice/flow/login/hook.go
index 619840781d51..9e98cb922f81 100644
--- a/selfservice/flow/login/hook.go
+++ b/selfservice/flow/login/hook.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package login
 
 import (
diff --git a/selfservice/flow/login/hook_test.go b/selfservice/flow/login/hook_test.go
index 1821a7f29dd9..2ff154e3650e 100644
--- a/selfservice/flow/login/hook_test.go
+++ b/selfservice/flow/login/hook_test.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package login_test
 
 import (
diff --git a/selfservice/flow/login/persistence.go b/selfservice/flow/login/persistence.go
index fac9daab56ed..7e35ed7cb42a 100644
--- a/selfservice/flow/login/persistence.go
+++ b/selfservice/flow/login/persistence.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package login
 
 import (
diff --git a/selfservice/flow/login/session.go b/selfservice/flow/login/session.go
index 78e3d04c93ac..e9213cca839c 100644
--- a/selfservice/flow/login/session.go
+++ b/selfservice/flow/login/session.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package login
 
 import "github.com/ory/kratos/session"
diff --git a/selfservice/flow/login/sort.go b/selfservice/flow/login/sort.go
index 816f6a53a3c0..89b2b381b855 100644
--- a/selfservice/flow/login/sort.go
+++ b/selfservice/flow/login/sort.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package login
 
 import (
diff --git a/selfservice/flow/login/strategy.go b/selfservice/flow/login/strategy.go
index ff7fd8c242de..017829eb5fa3 100644
--- a/selfservice/flow/login/strategy.go
+++ b/selfservice/flow/login/strategy.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package login
 
 import (
diff --git a/selfservice/flow/login/test/persistence.go b/selfservice/flow/login/test/persistence.go
index 13ec82f67caa..13f1d98e045d 100644
--- a/selfservice/flow/login/test/persistence.go
+++ b/selfservice/flow/login/test/persistence.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package test
 
 import (
diff --git a/selfservice/flow/logout/handler.go b/selfservice/flow/logout/handler.go
index 724d53560bef..72ec9623b48d 100644
--- a/selfservice/flow/logout/handler.go
+++ b/selfservice/flow/logout/handler.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package logout
 
 import (
diff --git a/selfservice/flow/logout/handler_test.go b/selfservice/flow/logout/handler_test.go
index 247fca82207d..91b0244547e9 100644
--- a/selfservice/flow/logout/handler_test.go
+++ b/selfservice/flow/logout/handler_test.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package logout_test
 
 import (
diff --git a/selfservice/flow/nosurf.go b/selfservice/flow/nosurf.go
index b3d5f714dbb8..207f45d928a9 100644
--- a/selfservice/flow/nosurf.go
+++ b/selfservice/flow/nosurf.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package flow
 
 import (
diff --git a/selfservice/flow/nosurf_test.go b/selfservice/flow/nosurf_test.go
index 31d2d7af99ee..2ed583f44096 100644
--- a/selfservice/flow/nosurf_test.go
+++ b/selfservice/flow/nosurf_test.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package flow
 
 import (
diff --git a/selfservice/flow/recovery/error.go b/selfservice/flow/recovery/error.go
index 4f57384238cc..45932465a239 100644
--- a/selfservice/flow/recovery/error.go
+++ b/selfservice/flow/recovery/error.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package recovery
 
 import (
diff --git a/selfservice/flow/recovery/error_test.go b/selfservice/flow/recovery/error_test.go
index a60b956189a7..549615df3e6d 100644
--- a/selfservice/flow/recovery/error_test.go
+++ b/selfservice/flow/recovery/error_test.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package recovery_test
 
 import (
diff --git a/selfservice/flow/recovery/flow.go b/selfservice/flow/recovery/flow.go
index ead70f9b8e5d..39c70070fd8d 100644
--- a/selfservice/flow/recovery/flow.go
+++ b/selfservice/flow/recovery/flow.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package recovery
 
 import (
diff --git a/selfservice/flow/recovery/flow_test.go b/selfservice/flow/recovery/flow_test.go
index 2cd478b79bce..6d7585c659c7 100644
--- a/selfservice/flow/recovery/flow_test.go
+++ b/selfservice/flow/recovery/flow_test.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package recovery_test
 
 import (
diff --git a/selfservice/flow/recovery/handler.go b/selfservice/flow/recovery/handler.go
index 7f133291dc9b..9b9e375692fe 100644
--- a/selfservice/flow/recovery/handler.go
+++ b/selfservice/flow/recovery/handler.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package recovery
 
 import (
diff --git a/selfservice/flow/recovery/handler_test.go b/selfservice/flow/recovery/handler_test.go
index 09e6aab1dba1..7e91a450b605 100644
--- a/selfservice/flow/recovery/handler_test.go
+++ b/selfservice/flow/recovery/handler_test.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package recovery_test
 
 import (
diff --git a/selfservice/flow/recovery/hook.go b/selfservice/flow/recovery/hook.go
index 7c75f2f4b333..ae69739737ca 100644
--- a/selfservice/flow/recovery/hook.go
+++ b/selfservice/flow/recovery/hook.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package recovery
 
 import (
diff --git a/selfservice/flow/recovery/hook_test.go b/selfservice/flow/recovery/hook_test.go
index 894e604621f4..698b19f80563 100644
--- a/selfservice/flow/recovery/hook_test.go
+++ b/selfservice/flow/recovery/hook_test.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package recovery_test
 
 import (
diff --git a/selfservice/flow/recovery/persistence.go b/selfservice/flow/recovery/persistence.go
index 35f482cc329f..ec16dc6c2f36 100644
--- a/selfservice/flow/recovery/persistence.go
+++ b/selfservice/flow/recovery/persistence.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package recovery
 
 import (
diff --git a/selfservice/flow/recovery/state.go b/selfservice/flow/recovery/state.go
index 35b0a7856b74..8b41c8286c76 100644
--- a/selfservice/flow/recovery/state.go
+++ b/selfservice/flow/recovery/state.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package recovery
 
 // Recovery Flow State
diff --git a/selfservice/flow/recovery/state_test.go b/selfservice/flow/recovery/state_test.go
index 4ec1f8174388..8a67f4c52085 100644
--- a/selfservice/flow/recovery/state_test.go
+++ b/selfservice/flow/recovery/state_test.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package recovery
 
 import (
diff --git a/selfservice/flow/recovery/strategy.go b/selfservice/flow/recovery/strategy.go
index 6239358c2151..a3e7ff6bb0b9 100644
--- a/selfservice/flow/recovery/strategy.go
+++ b/selfservice/flow/recovery/strategy.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package recovery
 
 import (
diff --git a/selfservice/flow/recovery/test/persistence.go b/selfservice/flow/recovery/test/persistence.go
index 394e8b0444af..0a7665c7eb51 100644
--- a/selfservice/flow/recovery/test/persistence.go
+++ b/selfservice/flow/recovery/test/persistence.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package test
 
 import (
diff --git a/selfservice/flow/registration/decoder.go b/selfservice/flow/registration/decoder.go
index b072152db20e..b94104746097 100644
--- a/selfservice/flow/registration/decoder.go
+++ b/selfservice/flow/registration/decoder.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package registration
 
 import (
diff --git a/selfservice/flow/registration/error.go b/selfservice/flow/registration/error.go
index 43d1f45bf66a..a8db5091db82 100644
--- a/selfservice/flow/registration/error.go
+++ b/selfservice/flow/registration/error.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package registration
 
 import (
diff --git a/selfservice/flow/registration/error_test.go b/selfservice/flow/registration/error_test.go
index 5767607c6b65..4de29cce9718 100644
--- a/selfservice/flow/registration/error_test.go
+++ b/selfservice/flow/registration/error_test.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package registration_test
 
 import (
diff --git a/selfservice/flow/registration/flow.go b/selfservice/flow/registration/flow.go
index cf3f3ba7e79e..da6bd89e1068 100644
--- a/selfservice/flow/registration/flow.go
+++ b/selfservice/flow/registration/flow.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package registration
 
 import (
diff --git a/selfservice/flow/registration/flow_test.go b/selfservice/flow/registration/flow_test.go
index 938c995d49d6..8a37e53cd15e 100644
--- a/selfservice/flow/registration/flow_test.go
+++ b/selfservice/flow/registration/flow_test.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package registration_test
 
 import (
diff --git a/selfservice/flow/registration/handler.go b/selfservice/flow/registration/handler.go
index 0ce58345152e..dee1e6f80c58 100644
--- a/selfservice/flow/registration/handler.go
+++ b/selfservice/flow/registration/handler.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package registration
 
 import (
diff --git a/selfservice/flow/registration/handler_test.go b/selfservice/flow/registration/handler_test.go
index 9b69a8a0c2bf..9eaee55b561e 100644
--- a/selfservice/flow/registration/handler_test.go
+++ b/selfservice/flow/registration/handler_test.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package registration_test
 
 import (
diff --git a/selfservice/flow/registration/hook.go b/selfservice/flow/registration/hook.go
index 5081df017f95..5ac8a82a2d01 100644
--- a/selfservice/flow/registration/hook.go
+++ b/selfservice/flow/registration/hook.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package registration
 
 import (
diff --git a/selfservice/flow/registration/hook_test.go b/selfservice/flow/registration/hook_test.go
index cbe439df48b8..7d55d9c23dc1 100644
--- a/selfservice/flow/registration/hook_test.go
+++ b/selfservice/flow/registration/hook_test.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package registration_test
 
 import (
diff --git a/selfservice/flow/registration/persistence.go b/selfservice/flow/registration/persistence.go
index f19965789a23..c52c34173a9f 100644
--- a/selfservice/flow/registration/persistence.go
+++ b/selfservice/flow/registration/persistence.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package registration
 
 import (
diff --git a/selfservice/flow/registration/session.go b/selfservice/flow/registration/session.go
index fa61c7af686e..0185c38ac3aa 100644
--- a/selfservice/flow/registration/session.go
+++ b/selfservice/flow/registration/session.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package registration
 
 import (
diff --git a/selfservice/flow/registration/sort.go b/selfservice/flow/registration/sort.go
index f22f085c0be0..547d173047ab 100644
--- a/selfservice/flow/registration/sort.go
+++ b/selfservice/flow/registration/sort.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package registration
 
 import (
diff --git a/selfservice/flow/registration/strategy.go b/selfservice/flow/registration/strategy.go
index 1085ee544b3d..53097c45cb80 100644
--- a/selfservice/flow/registration/strategy.go
+++ b/selfservice/flow/registration/strategy.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package registration
 
 import (
diff --git a/selfservice/flow/registration/test/persistence.go b/selfservice/flow/registration/test/persistence.go
index 80407613cac5..33af7718fa59 100644
--- a/selfservice/flow/registration/test/persistence.go
+++ b/selfservice/flow/registration/test/persistence.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package test
 
 import (
diff --git a/selfservice/flow/request.go b/selfservice/flow/request.go
index 33f72614610a..083890df387b 100644
--- a/selfservice/flow/request.go
+++ b/selfservice/flow/request.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package flow
 
 import (
diff --git a/selfservice/flow/request_test.go b/selfservice/flow/request_test.go
index 5afe63016416..91bdd0572b95 100644
--- a/selfservice/flow/request_test.go
+++ b/selfservice/flow/request_test.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package flow_test
 
 import (
diff --git a/selfservice/flow/settings/error.go b/selfservice/flow/settings/error.go
index 168b0ee857a7..0eb1589acb43 100644
--- a/selfservice/flow/settings/error.go
+++ b/selfservice/flow/settings/error.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package settings
 
 import (
diff --git a/selfservice/flow/settings/error_test.go b/selfservice/flow/settings/error_test.go
index 658a57e064dc..b4fa2ca0ff8e 100644
--- a/selfservice/flow/settings/error_test.go
+++ b/selfservice/flow/settings/error_test.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package settings_test
 
 import (
diff --git a/selfservice/flow/settings/flow.go b/selfservice/flow/settings/flow.go
index eeae6de19799..0feccc8a8349 100644
--- a/selfservice/flow/settings/flow.go
+++ b/selfservice/flow/settings/flow.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package settings
 
 import (
diff --git a/selfservice/flow/settings/flow_test.go b/selfservice/flow/settings/flow_test.go
index 4bffc506145c..2d16de80a251 100644
--- a/selfservice/flow/settings/flow_test.go
+++ b/selfservice/flow/settings/flow_test.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package settings_test
 
 import (
diff --git a/selfservice/flow/settings/handler.go b/selfservice/flow/settings/handler.go
index 943b8aa1c1e6..5d051b16cc24 100644
--- a/selfservice/flow/settings/handler.go
+++ b/selfservice/flow/settings/handler.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package settings
 
 import (
diff --git a/selfservice/flow/settings/handler_test.go b/selfservice/flow/settings/handler_test.go
index a73855b4319b..faf020c8e3a6 100644
--- a/selfservice/flow/settings/handler_test.go
+++ b/selfservice/flow/settings/handler_test.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package settings_test
 
 import (
diff --git a/selfservice/flow/settings/hook.go b/selfservice/flow/settings/hook.go
index 7ce7ee8431af..dce0e07d84da 100644
--- a/selfservice/flow/settings/hook.go
+++ b/selfservice/flow/settings/hook.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package settings
 
 import (
diff --git a/selfservice/flow/settings/hook_test.go b/selfservice/flow/settings/hook_test.go
index 0f8ae0e0eb4e..c757293930d5 100644
--- a/selfservice/flow/settings/hook_test.go
+++ b/selfservice/flow/settings/hook_test.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package settings_test
 
 import (
diff --git a/selfservice/flow/settings/persistence.go b/selfservice/flow/settings/persistence.go
index fe7d78108f6d..9043c431d01a 100644
--- a/selfservice/flow/settings/persistence.go
+++ b/selfservice/flow/settings/persistence.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package settings
 
 import (
diff --git a/selfservice/flow/settings/sort.go b/selfservice/flow/settings/sort.go
index 2cc7798989da..4e4b28b5f76a 100644
--- a/selfservice/flow/settings/sort.go
+++ b/selfservice/flow/settings/sort.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package settings
 
 import (
diff --git a/selfservice/flow/settings/state.go b/selfservice/flow/settings/state.go
index 96d4d3869c09..5b1ad4dda9cc 100644
--- a/selfservice/flow/settings/state.go
+++ b/selfservice/flow/settings/state.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package settings
 
 // State represents the state of this flow. It knows two states:
diff --git a/selfservice/flow/settings/strategy.go b/selfservice/flow/settings/strategy.go
index 3e199457a7c6..9295e1575793 100644
--- a/selfservice/flow/settings/strategy.go
+++ b/selfservice/flow/settings/strategy.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package settings
 
 import (
diff --git a/selfservice/flow/settings/strategy_helper.go b/selfservice/flow/settings/strategy_helper.go
index 3659480997a7..f0a331f749a3 100644
--- a/selfservice/flow/settings/strategy_helper.go
+++ b/selfservice/flow/settings/strategy_helper.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package settings
 
 import (
diff --git a/selfservice/flow/settings/strategy_helper_test.go b/selfservice/flow/settings/strategy_helper_test.go
index 9bd1ab759744..70b8f359239e 100644
--- a/selfservice/flow/settings/strategy_helper_test.go
+++ b/selfservice/flow/settings/strategy_helper_test.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package settings
 
 import (
diff --git a/selfservice/flow/settings/test/persistence.go b/selfservice/flow/settings/test/persistence.go
index 3e6b001bf192..7bef025314e7 100644
--- a/selfservice/flow/settings/test/persistence.go
+++ b/selfservice/flow/settings/test/persistence.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package test
 
 import (
diff --git a/selfservice/flow/type.go b/selfservice/flow/type.go
index 95b99bbeb711..befc74ec82e3 100644
--- a/selfservice/flow/type.go
+++ b/selfservice/flow/type.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package flow
 
 // Type is the flow type.
diff --git a/selfservice/flow/verification/error.go b/selfservice/flow/verification/error.go
index 85470b19b235..d8cb444da92c 100644
--- a/selfservice/flow/verification/error.go
+++ b/selfservice/flow/verification/error.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package verification
 
 import (
diff --git a/selfservice/flow/verification/error_test.go b/selfservice/flow/verification/error_test.go
index 73835ac104dc..bb331b0f1b90 100644
--- a/selfservice/flow/verification/error_test.go
+++ b/selfservice/flow/verification/error_test.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package verification_test
 
 import (
diff --git a/selfservice/flow/verification/flow.go b/selfservice/flow/verification/flow.go
index f680edafaca8..df85dc1b0ec5 100644
--- a/selfservice/flow/verification/flow.go
+++ b/selfservice/flow/verification/flow.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package verification
 
 import (
diff --git a/selfservice/flow/verification/flow_test.go b/selfservice/flow/verification/flow_test.go
index 4bf0de8f08d2..a0ae6c8bbb03 100644
--- a/selfservice/flow/verification/flow_test.go
+++ b/selfservice/flow/verification/flow_test.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package verification_test
 
 import (
diff --git a/selfservice/flow/verification/handler.go b/selfservice/flow/verification/handler.go
index e9efc3a37678..cc2a6cb6e50b 100644
--- a/selfservice/flow/verification/handler.go
+++ b/selfservice/flow/verification/handler.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package verification
 
 import (
diff --git a/selfservice/flow/verification/handler_test.go b/selfservice/flow/verification/handler_test.go
index 9ec0ec367e95..0ab69f3abc34 100644
--- a/selfservice/flow/verification/handler_test.go
+++ b/selfservice/flow/verification/handler_test.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package verification_test
 
 import (
diff --git a/selfservice/flow/verification/hook.go b/selfservice/flow/verification/hook.go
index 39eaa0395b54..a4b447e83a70 100644
--- a/selfservice/flow/verification/hook.go
+++ b/selfservice/flow/verification/hook.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package verification
 
 import (
diff --git a/selfservice/flow/verification/hook_test.go b/selfservice/flow/verification/hook_test.go
index d84bfb14d6f4..d6a934d36c77 100644
--- a/selfservice/flow/verification/hook_test.go
+++ b/selfservice/flow/verification/hook_test.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package verification_test
 
 import (
diff --git a/selfservice/flow/verification/persistence.go b/selfservice/flow/verification/persistence.go
index f8898a1d71a4..c08cf8eb8f63 100644
--- a/selfservice/flow/verification/persistence.go
+++ b/selfservice/flow/verification/persistence.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package verification
 
 import (
diff --git a/selfservice/flow/verification/state.go b/selfservice/flow/verification/state.go
index cb640c1db159..bb2f4356d407 100644
--- a/selfservice/flow/verification/state.go
+++ b/selfservice/flow/verification/state.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package verification
 
 // Verification Flow State
diff --git a/selfservice/flow/verification/state_test.go b/selfservice/flow/verification/state_test.go
index 4e4aca1cbfd3..52b07fbbbd08 100644
--- a/selfservice/flow/verification/state_test.go
+++ b/selfservice/flow/verification/state_test.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package verification
 
 import (
diff --git a/selfservice/flow/verification/strategy.go b/selfservice/flow/verification/strategy.go
index 96d958940683..f9b0a729dd9f 100644
--- a/selfservice/flow/verification/strategy.go
+++ b/selfservice/flow/verification/strategy.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package verification
 
 import (
diff --git a/selfservice/flow/verification/test/persistence.go b/selfservice/flow/verification/test/persistence.go
index 16d9c8e8c42b..d378e1bfef3f 100644
--- a/selfservice/flow/verification/test/persistence.go
+++ b/selfservice/flow/verification/test/persistence.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package test
 
 import (
diff --git a/selfservice/flowhelpers/login.go b/selfservice/flowhelpers/login.go
index b549bbb20e6f..1073c2e04f25 100644
--- a/selfservice/flowhelpers/login.go
+++ b/selfservice/flowhelpers/login.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package flowhelpers
 
 import (
diff --git a/selfservice/flowhelpers/login_test.go b/selfservice/flowhelpers/login_test.go
index 5a0c8084e04a..a956b5ea3112 100644
--- a/selfservice/flowhelpers/login_test.go
+++ b/selfservice/flowhelpers/login_test.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package flowhelpers_test
 
 import (
diff --git a/selfservice/hook/address_verifier.go b/selfservice/hook/address_verifier.go
index 3ec3b7b578bd..ce6ae3b645d2 100644
--- a/selfservice/hook/address_verifier.go
+++ b/selfservice/hook/address_verifier.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package hook
 
 import (
diff --git a/selfservice/hook/address_verifier_test.go b/selfservice/hook/address_verifier_test.go
index 1dd007ead68e..bbe38f0b69a6 100644
--- a/selfservice/hook/address_verifier_test.go
+++ b/selfservice/hook/address_verifier_test.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package hook
 
 import (
diff --git a/selfservice/hook/error.go b/selfservice/hook/error.go
index 0f8c6046ec13..e9f13b402f5d 100644
--- a/selfservice/hook/error.go
+++ b/selfservice/hook/error.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package hook
 
 import (
diff --git a/selfservice/hook/hooks.go b/selfservice/hook/hooks.go
index 5f3c4ea8cd56..43d2a299b010 100644
--- a/selfservice/hook/hooks.go
+++ b/selfservice/hook/hooks.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package hook
 
 const (
diff --git a/selfservice/hook/session_destroyer.go b/selfservice/hook/session_destroyer.go
index 0b7fd6df013f..b03a53483183 100644
--- a/selfservice/hook/session_destroyer.go
+++ b/selfservice/hook/session_destroyer.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package hook
 
 import (
diff --git a/selfservice/hook/session_destroyer_test.go b/selfservice/hook/session_destroyer_test.go
index 91a8d4f878f7..a5f4c8cde189 100644
--- a/selfservice/hook/session_destroyer_test.go
+++ b/selfservice/hook/session_destroyer_test.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package hook_test
 
 import (
diff --git a/selfservice/hook/session_issuer.go b/selfservice/hook/session_issuer.go
index 2c738a24be5b..5a1a3738eb8a 100644
--- a/selfservice/hook/session_issuer.go
+++ b/selfservice/hook/session_issuer.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package hook
 
 import (
diff --git a/selfservice/hook/session_issuer_test.go b/selfservice/hook/session_issuer_test.go
index c7cedc3d8886..799169aac6b2 100644
--- a/selfservice/hook/session_issuer_test.go
+++ b/selfservice/hook/session_issuer_test.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package hook_test
 
 import (
diff --git a/selfservice/hook/verification.go b/selfservice/hook/verification.go
index ff6445f19f98..a068dedf6c2b 100644
--- a/selfservice/hook/verification.go
+++ b/selfservice/hook/verification.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package hook
 
 import (
diff --git a/selfservice/hook/verification_test.go b/selfservice/hook/verification_test.go
index a2db93435982..91ca8beece2c 100644
--- a/selfservice/hook/verification_test.go
+++ b/selfservice/hook/verification_test.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package hook_test
 
 import (
diff --git a/selfservice/hook/web_hook.go b/selfservice/hook/web_hook.go
index 9e80059221eb..d5260500397e 100644
--- a/selfservice/hook/web_hook.go
+++ b/selfservice/hook/web_hook.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package hook
 
 import (
diff --git a/selfservice/hook/web_hook_integration_test.go b/selfservice/hook/web_hook_integration_test.go
index 9fd9e448c8aa..48ac931c6459 100644
--- a/selfservice/hook/web_hook_integration_test.go
+++ b/selfservice/hook/web_hook_integration_test.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package hook_test
 
 import (
diff --git a/selfservice/strategy/code/code_recovery.go b/selfservice/strategy/code/code_recovery.go
index a4491d90c3f3..4936197c1860 100644
--- a/selfservice/strategy/code/code_recovery.go
+++ b/selfservice/strategy/code/code_recovery.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package code
 
 import (
diff --git a/selfservice/strategy/code/code_recovery_test.go b/selfservice/strategy/code/code_recovery_test.go
index 74534e2e33e9..3792da0e7efc 100644
--- a/selfservice/strategy/code/code_recovery_test.go
+++ b/selfservice/strategy/code/code_recovery_test.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package code_test
 
 import (
diff --git a/selfservice/strategy/code/persistence.go b/selfservice/strategy/code/persistence.go
index 45ce5338959f..e3467b455e05 100644
--- a/selfservice/strategy/code/persistence.go
+++ b/selfservice/strategy/code/persistence.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package code
 
 import (
diff --git a/selfservice/strategy/code/schema.go b/selfservice/strategy/code/schema.go
index cb2f412b0371..76ee7b7b9b51 100644
--- a/selfservice/strategy/code/schema.go
+++ b/selfservice/strategy/code/schema.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package code
 
 import (
diff --git a/selfservice/strategy/code/sender.go b/selfservice/strategy/code/sender.go
index e1aa07ed9b32..1b2d569df3f2 100644
--- a/selfservice/strategy/code/sender.go
+++ b/selfservice/strategy/code/sender.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package code
 
 import (
diff --git a/selfservice/strategy/code/sender_test.go b/selfservice/strategy/code/sender_test.go
index 1cf5043d18e6..e0ada69e2c32 100644
--- a/selfservice/strategy/code/sender_test.go
+++ b/selfservice/strategy/code/sender_test.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package code_test
 
 import (
diff --git a/selfservice/strategy/code/strategy.go b/selfservice/strategy/code/strategy.go
index d755db629e1f..fa039501a371 100644
--- a/selfservice/strategy/code/strategy.go
+++ b/selfservice/strategy/code/strategy.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package code
 
 import (
diff --git a/selfservice/strategy/code/strategy_recovery.go b/selfservice/strategy/code/strategy_recovery.go
index afed8fddb1c7..18aaf8757824 100644
--- a/selfservice/strategy/code/strategy_recovery.go
+++ b/selfservice/strategy/code/strategy_recovery.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package code
 
 import (
diff --git a/selfservice/strategy/code/strategy_recovery_test.go b/selfservice/strategy/code/strategy_recovery_test.go
index 1a8ac53c20d7..03f7d343f8a7 100644
--- a/selfservice/strategy/code/strategy_recovery_test.go
+++ b/selfservice/strategy/code/strategy_recovery_test.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package code_test
 
 import (
diff --git a/selfservice/strategy/code/strategy_test.go b/selfservice/strategy/code/strategy_test.go
index 0d870724af6f..888fb2eb04bc 100644
--- a/selfservice/strategy/code/strategy_test.go
+++ b/selfservice/strategy/code/strategy_test.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package code_test
 
 import (
diff --git a/selfservice/strategy/code/test/persistence.go b/selfservice/strategy/code/test/persistence.go
index 579ef41e980f..cde431b1034c 100644
--- a/selfservice/strategy/code/test/persistence.go
+++ b/selfservice/strategy/code/test/persistence.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package code
 
 import (
diff --git a/selfservice/strategy/handler.go b/selfservice/strategy/handler.go
index c87c0d65c833..719153ddbd8d 100644
--- a/selfservice/strategy/handler.go
+++ b/selfservice/strategy/handler.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package strategy
 
 import (
diff --git a/selfservice/strategy/link/persistence.go b/selfservice/strategy/link/persistence.go
index 930b6750dc28..dc1a9da65d72 100644
--- a/selfservice/strategy/link/persistence.go
+++ b/selfservice/strategy/link/persistence.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package link
 
 import (
diff --git a/selfservice/strategy/link/schema.go b/selfservice/strategy/link/schema.go
index 1658015e4b00..a6fa82630870 100644
--- a/selfservice/strategy/link/schema.go
+++ b/selfservice/strategy/link/schema.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package link
 
 import (
diff --git a/selfservice/strategy/link/sender.go b/selfservice/strategy/link/sender.go
index a63e197ba882..a70f9abdd85a 100644
--- a/selfservice/strategy/link/sender.go
+++ b/selfservice/strategy/link/sender.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package link
 
 import (
diff --git a/selfservice/strategy/link/sender_test.go b/selfservice/strategy/link/sender_test.go
index 779acba21d00..5cefa7cb797f 100644
--- a/selfservice/strategy/link/sender_test.go
+++ b/selfservice/strategy/link/sender_test.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package link_test
 
 import (
diff --git a/selfservice/strategy/link/strategy.go b/selfservice/strategy/link/strategy.go
index 9514e80a805f..adc16011e529 100644
--- a/selfservice/strategy/link/strategy.go
+++ b/selfservice/strategy/link/strategy.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package link
 
 import (
diff --git a/selfservice/strategy/link/strategy_recovery.go b/selfservice/strategy/link/strategy_recovery.go
index 3abcf4b9364b..2f5d0f6307cd 100644
--- a/selfservice/strategy/link/strategy_recovery.go
+++ b/selfservice/strategy/link/strategy_recovery.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package link
 
 import (
diff --git a/selfservice/strategy/link/strategy_recovery_test.go b/selfservice/strategy/link/strategy_recovery_test.go
index 1d9eef1a57cd..e0081db0ea4c 100644
--- a/selfservice/strategy/link/strategy_recovery_test.go
+++ b/selfservice/strategy/link/strategy_recovery_test.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package link_test
 
 import (
diff --git a/selfservice/strategy/link/strategy_test.go b/selfservice/strategy/link/strategy_test.go
index 7dead07c7907..4f681a8ae7d3 100644
--- a/selfservice/strategy/link/strategy_test.go
+++ b/selfservice/strategy/link/strategy_test.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package link_test
 
 import (
diff --git a/selfservice/strategy/link/strategy_verification.go b/selfservice/strategy/link/strategy_verification.go
index 3dab75f92613..0918d03e790b 100644
--- a/selfservice/strategy/link/strategy_verification.go
+++ b/selfservice/strategy/link/strategy_verification.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package link
 
 import (
diff --git a/selfservice/strategy/link/strategy_verification_test.go b/selfservice/strategy/link/strategy_verification_test.go
index 420f688664d9..efa437b8e3aa 100644
--- a/selfservice/strategy/link/strategy_verification_test.go
+++ b/selfservice/strategy/link/strategy_verification_test.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package link_test
 
 import (
diff --git a/selfservice/strategy/link/test/persistence.go b/selfservice/strategy/link/test/persistence.go
index a2d3375eec2e..fd0b9d4fd7bb 100644
--- a/selfservice/strategy/link/test/persistence.go
+++ b/selfservice/strategy/link/test/persistence.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package link
 
 import (
diff --git a/selfservice/strategy/link/token_recovery.go b/selfservice/strategy/link/token_recovery.go
index 2d5e06690315..fd60464bd13f 100644
--- a/selfservice/strategy/link/token_recovery.go
+++ b/selfservice/strategy/link/token_recovery.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package link
 
 import (
diff --git a/selfservice/strategy/link/token_recovery_test.go b/selfservice/strategy/link/token_recovery_test.go
index 969f457e540d..3b3f806cf319 100644
--- a/selfservice/strategy/link/token_recovery_test.go
+++ b/selfservice/strategy/link/token_recovery_test.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package link_test
 
 import (
diff --git a/selfservice/strategy/link/token_verification.go b/selfservice/strategy/link/token_verification.go
index b7c8fe3bd5c6..5dfd0cffb5a2 100644
--- a/selfservice/strategy/link/token_verification.go
+++ b/selfservice/strategy/link/token_verification.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package link
 
 import (
diff --git a/selfservice/strategy/link/token_verification_test.go b/selfservice/strategy/link/token_verification_test.go
index eed29c2907df..56f4e2a17af0 100644
--- a/selfservice/strategy/link/token_verification_test.go
+++ b/selfservice/strategy/link/token_verification_test.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package link_test
 
 import (
diff --git a/selfservice/strategy/lookup/credentials.go b/selfservice/strategy/lookup/credentials.go
index d7f9c65f160f..49f6e9d802f6 100644
--- a/selfservice/strategy/lookup/credentials.go
+++ b/selfservice/strategy/lookup/credentials.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package lookup
 
 import (
diff --git a/selfservice/strategy/lookup/credentials_test.go b/selfservice/strategy/lookup/credentials_test.go
index c555314d82f4..ddddd0ea8d44 100644
--- a/selfservice/strategy/lookup/credentials_test.go
+++ b/selfservice/strategy/lookup/credentials_test.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package lookup_test
 
 import (
diff --git a/selfservice/strategy/lookup/login.go b/selfservice/strategy/lookup/login.go
index 610256a8fdec..61a2caedf80b 100644
--- a/selfservice/strategy/lookup/login.go
+++ b/selfservice/strategy/lookup/login.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package lookup
 
 import (
diff --git a/selfservice/strategy/lookup/login_test.go b/selfservice/strategy/lookup/login_test.go
index 34fa084620d0..1414dcdcd6b3 100644
--- a/selfservice/strategy/lookup/login_test.go
+++ b/selfservice/strategy/lookup/login_test.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package lookup_test
 
 import (
diff --git a/selfservice/strategy/lookup/nodes.go b/selfservice/strategy/lookup/nodes.go
index 307858b23eba..79833a06ca32 100644
--- a/selfservice/strategy/lookup/nodes.go
+++ b/selfservice/strategy/lookup/nodes.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package lookup
 
 import (
diff --git a/selfservice/strategy/lookup/schema.go b/selfservice/strategy/lookup/schema.go
index e85925e9ea20..f6305b96986c 100644
--- a/selfservice/strategy/lookup/schema.go
+++ b/selfservice/strategy/lookup/schema.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package lookup
 
 import (
diff --git a/selfservice/strategy/lookup/settings.go b/selfservice/strategy/lookup/settings.go
index c67c092d0b88..144e74d01450 100644
--- a/selfservice/strategy/lookup/settings.go
+++ b/selfservice/strategy/lookup/settings.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package lookup
 
 import (
diff --git a/selfservice/strategy/lookup/settings_test.go b/selfservice/strategy/lookup/settings_test.go
index 3e39bd4a3c00..812cf9b76c9c 100644
--- a/selfservice/strategy/lookup/settings_test.go
+++ b/selfservice/strategy/lookup/settings_test.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package lookup_test
 
 import (
diff --git a/selfservice/strategy/lookup/strategy.go b/selfservice/strategy/lookup/strategy.go
index ed6ac05fe22d..8661aef6cca6 100644
--- a/selfservice/strategy/lookup/strategy.go
+++ b/selfservice/strategy/lookup/strategy.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package lookup
 
 import (
diff --git a/selfservice/strategy/lookup/strategy_test.go b/selfservice/strategy/lookup/strategy_test.go
index 8faa19966608..bff2f5a5aa7b 100644
--- a/selfservice/strategy/lookup/strategy_test.go
+++ b/selfservice/strategy/lookup/strategy_test.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package lookup_test
 
 import (
diff --git a/selfservice/strategy/oidc/const.go b/selfservice/strategy/oidc/const.go
index d2ef3944a4dd..12afd4df748b 100644
--- a/selfservice/strategy/oidc/const.go
+++ b/selfservice/strategy/oidc/const.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package oidc
 
 const (
diff --git a/selfservice/strategy/oidc/error.go b/selfservice/strategy/oidc/error.go
index 8b4a42f9dad5..a9829d4077ee 100644
--- a/selfservice/strategy/oidc/error.go
+++ b/selfservice/strategy/oidc/error.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package oidc
 
 import "github.com/ory/herodot"
diff --git a/selfservice/strategy/oidc/form.go b/selfservice/strategy/oidc/form.go
index 183e71c3335c..380314785599 100644
--- a/selfservice/strategy/oidc/form.go
+++ b/selfservice/strategy/oidc/form.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package oidc
 
 import (
diff --git a/selfservice/strategy/oidc/form_test.go b/selfservice/strategy/oidc/form_test.go
index aca318566fdc..243adbc88659 100644
--- a/selfservice/strategy/oidc/form_test.go
+++ b/selfservice/strategy/oidc/form_test.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package oidc
 
 import (
diff --git a/selfservice/strategy/oidc/nodes.go b/selfservice/strategy/oidc/nodes.go
index f0e281fdb146..3c99d9617d05 100644
--- a/selfservice/strategy/oidc/nodes.go
+++ b/selfservice/strategy/oidc/nodes.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package oidc
 
 import (
diff --git a/selfservice/strategy/oidc/provider.go b/selfservice/strategy/oidc/provider.go
index 99282893a3a2..2b973877f23c 100644
--- a/selfservice/strategy/oidc/provider.go
+++ b/selfservice/strategy/oidc/provider.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package oidc
 
 import (
diff --git a/selfservice/strategy/oidc/provider_apple.go b/selfservice/strategy/oidc/provider_apple.go
index 4ea727516e47..a1ab982ea486 100644
--- a/selfservice/strategy/oidc/provider_apple.go
+++ b/selfservice/strategy/oidc/provider_apple.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package oidc
 
 import (
diff --git a/selfservice/strategy/oidc/provider_apple_test.go b/selfservice/strategy/oidc/provider_apple_test.go
index 2cfbf7547846..f0b3b5c6678a 100644
--- a/selfservice/strategy/oidc/provider_apple_test.go
+++ b/selfservice/strategy/oidc/provider_apple_test.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package oidc
 
 import (
diff --git a/selfservice/strategy/oidc/provider_auth0.go b/selfservice/strategy/oidc/provider_auth0.go
index ad6c95286844..347444e903b8 100644
--- a/selfservice/strategy/oidc/provider_auth0.go
+++ b/selfservice/strategy/oidc/provider_auth0.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package oidc
 
 import (
diff --git a/selfservice/strategy/oidc/provider_auth0_test.go b/selfservice/strategy/oidc/provider_auth0_test.go
index f52d3fb59cf9..859ed4334f03 100644
--- a/selfservice/strategy/oidc/provider_auth0_test.go
+++ b/selfservice/strategy/oidc/provider_auth0_test.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package oidc
 
 import (
diff --git a/selfservice/strategy/oidc/provider_config.go b/selfservice/strategy/oidc/provider_config.go
index d9db2b61d714..0dfa7b2020e9 100644
--- a/selfservice/strategy/oidc/provider_config.go
+++ b/selfservice/strategy/oidc/provider_config.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package oidc
 
 import (
diff --git a/selfservice/strategy/oidc/provider_config_test.go b/selfservice/strategy/oidc/provider_config_test.go
index c56053c388fd..7fd61337dca7 100644
--- a/selfservice/strategy/oidc/provider_config_test.go
+++ b/selfservice/strategy/oidc/provider_config_test.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package oidc_test
 
 import (
diff --git a/selfservice/strategy/oidc/provider_dingtalk.go b/selfservice/strategy/oidc/provider_dingtalk.go
index 4f39eba019c3..5b735af4639c 100644
--- a/selfservice/strategy/oidc/provider_dingtalk.go
+++ b/selfservice/strategy/oidc/provider_dingtalk.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package oidc
 
 import (
diff --git a/selfservice/strategy/oidc/provider_discord.go b/selfservice/strategy/oidc/provider_discord.go
index 3ede5c4c5ed3..770a0283408b 100644
--- a/selfservice/strategy/oidc/provider_discord.go
+++ b/selfservice/strategy/oidc/provider_discord.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package oidc
 
 import (
diff --git a/selfservice/strategy/oidc/provider_facebook.go b/selfservice/strategy/oidc/provider_facebook.go
index 7dd133087348..f875e592c97a 100644
--- a/selfservice/strategy/oidc/provider_facebook.go
+++ b/selfservice/strategy/oidc/provider_facebook.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package oidc
 
 import (
diff --git a/selfservice/strategy/oidc/provider_facebook_test.go b/selfservice/strategy/oidc/provider_facebook_test.go
index b7f00921a3c7..72bcb5e10826 100644
--- a/selfservice/strategy/oidc/provider_facebook_test.go
+++ b/selfservice/strategy/oidc/provider_facebook_test.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package oidc_test
 
 import (
diff --git a/selfservice/strategy/oidc/provider_generic_oidc.go b/selfservice/strategy/oidc/provider_generic_oidc.go
index 983e6031c504..2399cd4c1664 100644
--- a/selfservice/strategy/oidc/provider_generic_oidc.go
+++ b/selfservice/strategy/oidc/provider_generic_oidc.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package oidc
 
 import (
diff --git a/selfservice/strategy/oidc/provider_generic_test.go b/selfservice/strategy/oidc/provider_generic_test.go
index f9da7bda48a5..769ff91f8371 100644
--- a/selfservice/strategy/oidc/provider_generic_test.go
+++ b/selfservice/strategy/oidc/provider_generic_test.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package oidc_test
 
 import (
diff --git a/selfservice/strategy/oidc/provider_github.go b/selfservice/strategy/oidc/provider_github.go
index 62d9b3b16457..e2a6f0641213 100644
--- a/selfservice/strategy/oidc/provider_github.go
+++ b/selfservice/strategy/oidc/provider_github.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package oidc
 
 import (
diff --git a/selfservice/strategy/oidc/provider_github_app.go b/selfservice/strategy/oidc/provider_github_app.go
index ef69cb9cf047..270718a8041e 100644
--- a/selfservice/strategy/oidc/provider_github_app.go
+++ b/selfservice/strategy/oidc/provider_github_app.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package oidc
 
 import (
diff --git a/selfservice/strategy/oidc/provider_gitlab.go b/selfservice/strategy/oidc/provider_gitlab.go
index 0170ecc79212..2a131651b3e0 100644
--- a/selfservice/strategy/oidc/provider_gitlab.go
+++ b/selfservice/strategy/oidc/provider_gitlab.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package oidc
 
 import (
diff --git a/selfservice/strategy/oidc/provider_google.go b/selfservice/strategy/oidc/provider_google.go
index 3a8433454254..d691caaf9e5b 100644
--- a/selfservice/strategy/oidc/provider_google.go
+++ b/selfservice/strategy/oidc/provider_google.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package oidc
 
 type ProviderGoogle struct {
diff --git a/selfservice/strategy/oidc/provider_microsoft.go b/selfservice/strategy/oidc/provider_microsoft.go
index 57fe21647342..d73ab3c3ff4b 100644
--- a/selfservice/strategy/oidc/provider_microsoft.go
+++ b/selfservice/strategy/oidc/provider_microsoft.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package oidc
 
 import (
diff --git a/selfservice/strategy/oidc/provider_netid.go b/selfservice/strategy/oidc/provider_netid.go
index 83e6b0151d84..040a3914b2ac 100644
--- a/selfservice/strategy/oidc/provider_netid.go
+++ b/selfservice/strategy/oidc/provider_netid.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package oidc
 
 import (
diff --git a/selfservice/strategy/oidc/provider_private_net_test.go b/selfservice/strategy/oidc/provider_private_net_test.go
index c88ab9e856ca..06527980c3c1 100644
--- a/selfservice/strategy/oidc/provider_private_net_test.go
+++ b/selfservice/strategy/oidc/provider_private_net_test.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package oidc_test
 
 import (
diff --git a/selfservice/strategy/oidc/provider_slack.go b/selfservice/strategy/oidc/provider_slack.go
index 41ac179d30e0..bcb99303233e 100644
--- a/selfservice/strategy/oidc/provider_slack.go
+++ b/selfservice/strategy/oidc/provider_slack.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package oidc
 
 import (
diff --git a/selfservice/strategy/oidc/provider_spotify.go b/selfservice/strategy/oidc/provider_spotify.go
index bacce52cee5a..10fa520fae46 100644
--- a/selfservice/strategy/oidc/provider_spotify.go
+++ b/selfservice/strategy/oidc/provider_spotify.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package oidc
 
 import (
diff --git a/selfservice/strategy/oidc/provider_vk.go b/selfservice/strategy/oidc/provider_vk.go
index a2fea4b3bf3f..aa220a0e13b2 100644
--- a/selfservice/strategy/oidc/provider_vk.go
+++ b/selfservice/strategy/oidc/provider_vk.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package oidc
 
 import (
diff --git a/selfservice/strategy/oidc/provider_yandex.go b/selfservice/strategy/oidc/provider_yandex.go
index d5c084b016bc..28459fc0f065 100644
--- a/selfservice/strategy/oidc/provider_yandex.go
+++ b/selfservice/strategy/oidc/provider_yandex.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package oidc
 
 import (
diff --git a/selfservice/strategy/oidc/schema.go b/selfservice/strategy/oidc/schema.go
index df2e0685c201..55e79dcefdc7 100644
--- a/selfservice/strategy/oidc/schema.go
+++ b/selfservice/strategy/oidc/schema.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package oidc
 
 import (
diff --git a/selfservice/strategy/oidc/strategy.go b/selfservice/strategy/oidc/strategy.go
index b27531855403..efba09d971d3 100644
--- a/selfservice/strategy/oidc/strategy.go
+++ b/selfservice/strategy/oidc/strategy.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package oidc
 
 import (
diff --git a/selfservice/strategy/oidc/strategy_helper_test.go b/selfservice/strategy/oidc/strategy_helper_test.go
index 3d735d7ed16f..53b9d46384d0 100644
--- a/selfservice/strategy/oidc/strategy_helper_test.go
+++ b/selfservice/strategy/oidc/strategy_helper_test.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package oidc_test
 
 import (
diff --git a/selfservice/strategy/oidc/strategy_login.go b/selfservice/strategy/oidc/strategy_login.go
index 92b1a9e3183a..ff379320d606 100644
--- a/selfservice/strategy/oidc/strategy_login.go
+++ b/selfservice/strategy/oidc/strategy_login.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package oidc
 
 import (
diff --git a/selfservice/strategy/oidc/strategy_registration.go b/selfservice/strategy/oidc/strategy_registration.go
index 69609854717d..2a76abf6c1fa 100644
--- a/selfservice/strategy/oidc/strategy_registration.go
+++ b/selfservice/strategy/oidc/strategy_registration.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package oidc
 
 import (
diff --git a/selfservice/strategy/oidc/strategy_settings.go b/selfservice/strategy/oidc/strategy_settings.go
index 37deb3e81066..dae592b24824 100644
--- a/selfservice/strategy/oidc/strategy_settings.go
+++ b/selfservice/strategy/oidc/strategy_settings.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package oidc
 
 import (
diff --git a/selfservice/strategy/oidc/strategy_settings_test.go b/selfservice/strategy/oidc/strategy_settings_test.go
index c30f7d0fbb98..b7b5373b4d3a 100644
--- a/selfservice/strategy/oidc/strategy_settings_test.go
+++ b/selfservice/strategy/oidc/strategy_settings_test.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package oidc_test
 
 import (
diff --git a/selfservice/strategy/oidc/strategy_state_test.go b/selfservice/strategy/oidc/strategy_state_test.go
index 1a4268353754..b4b3d83d2c4e 100644
--- a/selfservice/strategy/oidc/strategy_state_test.go
+++ b/selfservice/strategy/oidc/strategy_state_test.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package oidc
 
 import (
diff --git a/selfservice/strategy/oidc/strategy_test.go b/selfservice/strategy/oidc/strategy_test.go
index 2f46b61bf62b..7aa7e22606db 100644
--- a/selfservice/strategy/oidc/strategy_test.go
+++ b/selfservice/strategy/oidc/strategy_test.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package oidc_test
 
 import (
diff --git a/selfservice/strategy/oidc/types.go b/selfservice/strategy/oidc/types.go
index 12c17c23c946..7073340048f1 100644
--- a/selfservice/strategy/oidc/types.go
+++ b/selfservice/strategy/oidc/types.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package oidc
 
 import (
diff --git a/selfservice/strategy/password/helpers.go b/selfservice/strategy/password/helpers.go
index 365bf442217c..12c49f44390a 100644
--- a/selfservice/strategy/password/helpers.go
+++ b/selfservice/strategy/password/helpers.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package password
 
 import "net/url"
diff --git a/selfservice/strategy/password/helpers_test.go b/selfservice/strategy/password/helpers_test.go
index 107d3be72c66..7d6893d47e3a 100644
--- a/selfservice/strategy/password/helpers_test.go
+++ b/selfservice/strategy/password/helpers_test.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package password
 
 import (
diff --git a/selfservice/strategy/password/login.go b/selfservice/strategy/password/login.go
index cb84fef8b41b..97d43d7e62e3 100644
--- a/selfservice/strategy/password/login.go
+++ b/selfservice/strategy/password/login.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package password
 
 import (
diff --git a/selfservice/strategy/password/login_test.go b/selfservice/strategy/password/login_test.go
index 0fb66528d7ee..01e0036f4f0e 100644
--- a/selfservice/strategy/password/login_test.go
+++ b/selfservice/strategy/password/login_test.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package password_test
 
 import (
diff --git a/selfservice/strategy/password/nodes.go b/selfservice/strategy/password/nodes.go
index 1cca69e87efa..3a4c5b2d7f57 100644
--- a/selfservice/strategy/password/nodes.go
+++ b/selfservice/strategy/password/nodes.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package password
 
 import (
diff --git a/selfservice/strategy/password/op_login_test.go b/selfservice/strategy/password/op_login_test.go
index 9d5b360d973b..9d42942f2e7d 100644
--- a/selfservice/strategy/password/op_login_test.go
+++ b/selfservice/strategy/password/op_login_test.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package password_test
 
 import (
diff --git a/selfservice/strategy/password/op_registration_test.go b/selfservice/strategy/password/op_registration_test.go
index 8868c6df18a2..7c820680c117 100644
--- a/selfservice/strategy/password/op_registration_test.go
+++ b/selfservice/strategy/password/op_registration_test.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package password_test
 
 import (
diff --git a/selfservice/strategy/password/registration.go b/selfservice/strategy/password/registration.go
index cdb899528a92..d7084360533e 100644
--- a/selfservice/strategy/password/registration.go
+++ b/selfservice/strategy/password/registration.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package password
 
 import (
diff --git a/selfservice/strategy/password/registration_test.go b/selfservice/strategy/password/registration_test.go
index 50e11e6a6cf1..fbb74c25c47d 100644
--- a/selfservice/strategy/password/registration_test.go
+++ b/selfservice/strategy/password/registration_test.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package password_test
 
 import (
diff --git a/selfservice/strategy/password/schema.go b/selfservice/strategy/password/schema.go
index 11ef1165d67e..eae1adb2058b 100644
--- a/selfservice/strategy/password/schema.go
+++ b/selfservice/strategy/password/schema.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package password
 
 import (
diff --git a/selfservice/strategy/password/settings.go b/selfservice/strategy/password/settings.go
index 950b91df3e75..0f9d972ca370 100644
--- a/selfservice/strategy/password/settings.go
+++ b/selfservice/strategy/password/settings.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package password
 
 import (
diff --git a/selfservice/strategy/password/settings_test.go b/selfservice/strategy/password/settings_test.go
index 969a0e4d1ae7..7bc54cabbaf3 100644
--- a/selfservice/strategy/password/settings_test.go
+++ b/selfservice/strategy/password/settings_test.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package password_test
 
 import (
diff --git a/selfservice/strategy/password/strategy.go b/selfservice/strategy/password/strategy.go
index 866d72793164..b9e3f5700878 100644
--- a/selfservice/strategy/password/strategy.go
+++ b/selfservice/strategy/password/strategy.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package password
 
 import (
diff --git a/selfservice/strategy/password/strategy_disabled_test.go b/selfservice/strategy/password/strategy_disabled_test.go
index 91c504282bea..eea9fa4b380b 100644
--- a/selfservice/strategy/password/strategy_disabled_test.go
+++ b/selfservice/strategy/password/strategy_disabled_test.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package password_test
 
 import (
diff --git a/selfservice/strategy/password/strategy_test.go b/selfservice/strategy/password/strategy_test.go
index 3c6185551d6f..816a5ce54c7e 100644
--- a/selfservice/strategy/password/strategy_test.go
+++ b/selfservice/strategy/password/strategy_test.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package password_test
 
 import (
diff --git a/selfservice/strategy/password/types.go b/selfservice/strategy/password/types.go
index 69e7606ca0c3..78bc375936d9 100644
--- a/selfservice/strategy/password/types.go
+++ b/selfservice/strategy/password/types.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package password
 
 import (
diff --git a/selfservice/strategy/password/validator.go b/selfservice/strategy/password/validator.go
index 23b8ffa0b1e1..775046b856e1 100644
--- a/selfservice/strategy/password/validator.go
+++ b/selfservice/strategy/password/validator.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package password
 
 import (
diff --git a/selfservice/strategy/password/validator_lcs_test.go b/selfservice/strategy/password/validator_lcs_test.go
index 10ed7810ddcd..190ca766d0be 100644
--- a/selfservice/strategy/password/validator_lcs_test.go
+++ b/selfservice/strategy/password/validator_lcs_test.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package password
 
 import (
diff --git a/selfservice/strategy/password/validator_test.go b/selfservice/strategy/password/validator_test.go
index 36d0e28b296a..25678a99cee1 100644
--- a/selfservice/strategy/password/validator_test.go
+++ b/selfservice/strategy/password/validator_test.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package password_test
 
 import (
diff --git a/selfservice/strategy/profile/schema.go b/selfservice/strategy/profile/schema.go
index d31dc8276bd3..a0e093150067 100644
--- a/selfservice/strategy/profile/schema.go
+++ b/selfservice/strategy/profile/schema.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package profile
 
 import (
diff --git a/selfservice/strategy/profile/strategy.go b/selfservice/strategy/profile/strategy.go
index ed60299dce55..c3223aa4f399 100644
--- a/selfservice/strategy/profile/strategy.go
+++ b/selfservice/strategy/profile/strategy.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package profile
 
 import (
diff --git a/selfservice/strategy/profile/strategy_test.go b/selfservice/strategy/profile/strategy_test.go
index 39a8801fb94f..b2a1feda4d66 100644
--- a/selfservice/strategy/profile/strategy_test.go
+++ b/selfservice/strategy/profile/strategy_test.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package profile_test
 
 import (
diff --git a/selfservice/strategy/totp/credentials.go b/selfservice/strategy/totp/credentials.go
index a5f1b887db7a..977775d11e65 100644
--- a/selfservice/strategy/totp/credentials.go
+++ b/selfservice/strategy/totp/credentials.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package totp
 
 // CredentialsConfig is the struct that is being used as part of the identity credentials.
diff --git a/selfservice/strategy/totp/generator.go b/selfservice/strategy/totp/generator.go
index f1a337e43d0f..f4750f76c0f9 100644
--- a/selfservice/strategy/totp/generator.go
+++ b/selfservice/strategy/totp/generator.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package totp
 
 import (
diff --git a/selfservice/strategy/totp/generator_test.go b/selfservice/strategy/totp/generator_test.go
index c303cb81212a..50dbf2f5969c 100644
--- a/selfservice/strategy/totp/generator_test.go
+++ b/selfservice/strategy/totp/generator_test.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package totp_test
 
 import (
diff --git a/selfservice/strategy/totp/login.go b/selfservice/strategy/totp/login.go
index ab8b4060d7fe..265bbf2eed3c 100644
--- a/selfservice/strategy/totp/login.go
+++ b/selfservice/strategy/totp/login.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package totp
 
 import (
diff --git a/selfservice/strategy/totp/login_test.go b/selfservice/strategy/totp/login_test.go
index d180d92b39c9..f0d64809dbdc 100644
--- a/selfservice/strategy/totp/login_test.go
+++ b/selfservice/strategy/totp/login_test.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package totp_test
 
 import (
diff --git a/selfservice/strategy/totp/nodes.go b/selfservice/strategy/totp/nodes.go
index db64c1834982..5d01c127889a 100644
--- a/selfservice/strategy/totp/nodes.go
+++ b/selfservice/strategy/totp/nodes.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package totp
 
 import (
diff --git a/selfservice/strategy/totp/schema.go b/selfservice/strategy/totp/schema.go
index 9c57e80db389..dc9353b81e82 100644
--- a/selfservice/strategy/totp/schema.go
+++ b/selfservice/strategy/totp/schema.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package totp
 
 import (
diff --git a/selfservice/strategy/totp/schema_extension.go b/selfservice/strategy/totp/schema_extension.go
index afde19d50ad1..6703e3fa7246 100644
--- a/selfservice/strategy/totp/schema_extension.go
+++ b/selfservice/strategy/totp/schema_extension.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package totp
 
 import (
diff --git a/selfservice/strategy/totp/settings.go b/selfservice/strategy/totp/settings.go
index 815e978dee36..98c9728325a0 100644
--- a/selfservice/strategy/totp/settings.go
+++ b/selfservice/strategy/totp/settings.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package totp
 
 import (
diff --git a/selfservice/strategy/totp/settings_test.go b/selfservice/strategy/totp/settings_test.go
index 802e47ed3265..03690121f97c 100644
--- a/selfservice/strategy/totp/settings_test.go
+++ b/selfservice/strategy/totp/settings_test.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package totp_test
 
 import (
diff --git a/selfservice/strategy/totp/strategy.go b/selfservice/strategy/totp/strategy.go
index ebc47ead85a8..f6ddb1cba736 100644
--- a/selfservice/strategy/totp/strategy.go
+++ b/selfservice/strategy/totp/strategy.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package totp
 
 import (
diff --git a/selfservice/strategy/totp/strategy_test.go b/selfservice/strategy/totp/strategy_test.go
index df92c28ff90b..422d23647f17 100644
--- a/selfservice/strategy/totp/strategy_test.go
+++ b/selfservice/strategy/totp/strategy_test.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package totp_test
 
 import (
diff --git a/selfservice/strategy/webauthn/credentials.go b/selfservice/strategy/webauthn/credentials.go
index 063543bfa124..37a50f38dcb3 100644
--- a/selfservice/strategy/webauthn/credentials.go
+++ b/selfservice/strategy/webauthn/credentials.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package webauthn
 
 import (
diff --git a/selfservice/strategy/webauthn/credentials_test.go b/selfservice/strategy/webauthn/credentials_test.go
index 493d162044e9..a92451bba36e 100644
--- a/selfservice/strategy/webauthn/credentials_test.go
+++ b/selfservice/strategy/webauthn/credentials_test.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package webauthn
 
 import (
diff --git a/selfservice/strategy/webauthn/errors.go b/selfservice/strategy/webauthn/errors.go
index ef1819ed40ac..08d73303085a 100644
--- a/selfservice/strategy/webauthn/errors.go
+++ b/selfservice/strategy/webauthn/errors.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package webauthn
 
 import (
diff --git a/selfservice/strategy/webauthn/handler.go b/selfservice/strategy/webauthn/handler.go
index 98d0203b90ca..f5a44de0978d 100644
--- a/selfservice/strategy/webauthn/handler.go
+++ b/selfservice/strategy/webauthn/handler.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package webauthn
 
 import (
diff --git a/selfservice/strategy/webauthn/js/webauthn.js b/selfservice/strategy/webauthn/js/webauthn.js
index 0465d9487e61..ed9622cfaaf2 100644
--- a/selfservice/strategy/webauthn/js/webauthn.js
+++ b/selfservice/strategy/webauthn/js/webauthn.js
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 (function () {
   if (!window) {
     return
diff --git a/selfservice/strategy/webauthn/login.go b/selfservice/strategy/webauthn/login.go
index 3408a1192c35..fb1ba03f4acf 100644
--- a/selfservice/strategy/webauthn/login.go
+++ b/selfservice/strategy/webauthn/login.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package webauthn
 
 import (
diff --git a/selfservice/strategy/webauthn/login_test.go b/selfservice/strategy/webauthn/login_test.go
index 736d0692af77..1b17887171dd 100644
--- a/selfservice/strategy/webauthn/login_test.go
+++ b/selfservice/strategy/webauthn/login_test.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package webauthn_test
 
 import (
diff --git a/selfservice/strategy/webauthn/mock.go b/selfservice/strategy/webauthn/mock.go
index aba60aa47c3f..f960f49f33ce 100644
--- a/selfservice/strategy/webauthn/mock.go
+++ b/selfservice/strategy/webauthn/mock.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package webauthn
 
 import (
diff --git a/selfservice/strategy/webauthn/nodes.go b/selfservice/strategy/webauthn/nodes.go
index c112a9da6661..1019d9b40fd1 100644
--- a/selfservice/strategy/webauthn/nodes.go
+++ b/selfservice/strategy/webauthn/nodes.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package webauthn
 
 import (
diff --git a/selfservice/strategy/webauthn/registration.go b/selfservice/strategy/webauthn/registration.go
index e410af655ab2..45e993c6f0f4 100644
--- a/selfservice/strategy/webauthn/registration.go
+++ b/selfservice/strategy/webauthn/registration.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package webauthn
 
 import (
diff --git a/selfservice/strategy/webauthn/registration_test.go b/selfservice/strategy/webauthn/registration_test.go
index 701ac3bf74bf..edff7a98fbf0 100644
--- a/selfservice/strategy/webauthn/registration_test.go
+++ b/selfservice/strategy/webauthn/registration_test.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package webauthn_test
 
 import (
diff --git a/selfservice/strategy/webauthn/schema.go b/selfservice/strategy/webauthn/schema.go
index c1496cc3785b..b1a0cc40f73a 100644
--- a/selfservice/strategy/webauthn/schema.go
+++ b/selfservice/strategy/webauthn/schema.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package webauthn
 
 import (
diff --git a/selfservice/strategy/webauthn/settings.go b/selfservice/strategy/webauthn/settings.go
index 3cf41d3bc9fb..3380d5360424 100644
--- a/selfservice/strategy/webauthn/settings.go
+++ b/selfservice/strategy/webauthn/settings.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package webauthn
 
 import (
diff --git a/selfservice/strategy/webauthn/settings_test.go b/selfservice/strategy/webauthn/settings_test.go
index 0094997a4d0f..9ad8a52d9b66 100644
--- a/selfservice/strategy/webauthn/settings_test.go
+++ b/selfservice/strategy/webauthn/settings_test.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package webauthn_test
 
 import (
diff --git a/selfservice/strategy/webauthn/strategy.go b/selfservice/strategy/webauthn/strategy.go
index f2cd9a704a4b..14b675e82745 100644
--- a/selfservice/strategy/webauthn/strategy.go
+++ b/selfservice/strategy/webauthn/strategy.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package webauthn
 
 import (
diff --git a/selfservice/strategy/webauthn/strategy_test.go b/selfservice/strategy/webauthn/strategy_test.go
index 5dcc30c6f799..9af226f3e28e 100644
--- a/selfservice/strategy/webauthn/strategy_test.go
+++ b/selfservice/strategy/webauthn/strategy_test.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package webauthn_test
 
 import (
diff --git a/selfservice/strategy/webauthn/types.go b/selfservice/strategy/webauthn/types.go
index 06aad3e7d847..2e26babe2f68 100644
--- a/selfservice/strategy/webauthn/types.go
+++ b/selfservice/strategy/webauthn/types.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package webauthn
 
 // swagger:model submitSelfServiceFlowWithWebAuthnRegistrationMethod
diff --git a/selfservice/strategy/webauthn/validate.go b/selfservice/strategy/webauthn/validate.go
index 90829c05ab81..4cc5198fb204 100644
--- a/selfservice/strategy/webauthn/validate.go
+++ b/selfservice/strategy/webauthn/validate.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package webauthn
 
 import (
diff --git a/session/expand.go b/session/expand.go
index 8383d3ff07c3..2687b31320b9 100644
--- a/session/expand.go
+++ b/session/expand.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package session
 
 import "strings"
diff --git a/session/expand_test.go b/session/expand_test.go
index 4525a8f76f26..cb4fbb78889d 100644
--- a/session/expand_test.go
+++ b/session/expand_test.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package session
 
 import (
diff --git a/session/handler.go b/session/handler.go
index 3d3a69aa0d1a..17133ad058ae 100644
--- a/session/handler.go
+++ b/session/handler.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package session
 
 import (
diff --git a/session/handler_test.go b/session/handler_test.go
index 1105639f72b7..677e65dedd34 100644
--- a/session/handler_test.go
+++ b/session/handler_test.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package session_test
 
 import (
diff --git a/session/helper.go b/session/helper.go
index 5a4bfe6cef32..7347f19d66f6 100644
--- a/session/helper.go
+++ b/session/helper.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package session
 
 import (
diff --git a/session/helper_test.go b/session/helper_test.go
index 54ac42a79e1c..063d340c29a0 100644
--- a/session/helper_test.go
+++ b/session/helper_test.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package session
 
 import (
diff --git a/session/manager.go b/session/manager.go
index 52df844618d8..c4b53687ca31 100644
--- a/session/manager.go
+++ b/session/manager.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package session
 
 import (
diff --git a/session/manager_http.go b/session/manager_http.go
index b93881b10f8e..305b6b35468d 100644
--- a/session/manager_http.go
+++ b/session/manager_http.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package session
 
 import (
diff --git a/session/manager_http_test.go b/session/manager_http_test.go
index e544e25a05b7..b4816fdc0d29 100644
--- a/session/manager_http_test.go
+++ b/session/manager_http_test.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package session_test
 
 import (
diff --git a/session/manager_test.go b/session/manager_test.go
index be14131a313e..049cca5d9e21 100644
--- a/session/manager_test.go
+++ b/session/manager_test.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package session_test
 
 import (
diff --git a/session/persistence.go b/session/persistence.go
index ab35498e8be8..bca54295f25c 100644
--- a/session/persistence.go
+++ b/session/persistence.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package session
 
 import (
diff --git a/session/session.go b/session/session.go
index b40bc4a6c711..4a8bd655321e 100644
--- a/session/session.go
+++ b/session/session.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package session
 
 import (
diff --git a/session/session_test.go b/session/session_test.go
index 0d6cd7152c89..559a52c4a3ac 100644
--- a/session/session_test.go
+++ b/session/session_test.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package session_test
 
 import (
diff --git a/session/test/persistence.go b/session/test/persistence.go
index ac562a70d10b..cf401b715327 100644
--- a/session/test/persistence.go
+++ b/session/test/persistence.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package test
 
 import (
diff --git a/spec/api.go b/spec/api.go
index 27b9cb385815..d1bbbdad6717 100644
--- a/spec/api.go
+++ b/spec/api.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package spec
 
 import _ "embed"
diff --git a/swagger_meta.go b/swagger_meta.go
index bd9a2d4917ba..b0c086de4708 100644
--- a/swagger_meta.go
+++ b/swagger_meta.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 // Ory Kratos
 //
 // Welcome to the Ory Kratos HTTP API documentation!
diff --git a/swagger_types_global.go b/swagger_types_global.go
index 19d2d0c16cf5..e4cfdd000197 100644
--- a/swagger_types_global.go
+++ b/swagger_types_global.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 // nolint:deadcode,unused
 package main
 
diff --git a/swagger_types_overrides.go b/swagger_types_overrides.go
index 54b166d9d5be..ba3231ab9e71 100644
--- a/swagger_types_overrides.go
+++ b/swagger_types_overrides.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package main
 
 import "github.com/go-openapi/strfmt"
diff --git a/test/e2e/cypress.config.ts b/test/e2e/cypress.config.ts
index 1e2c0e612114..74443f74f32b 100644
--- a/test/e2e/cypress.config.ts
+++ b/test/e2e/cypress.config.ts
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 import { defineConfig } from "cypress"
 import got from "got"
 const CRI = require("chrome-remote-interface")
diff --git a/test/e2e/cypress/helpers/express.ts b/test/e2e/cypress/helpers/express.ts
index 51bd49f35439..c0301dadb031 100644
--- a/test/e2e/cypress/helpers/express.ts
+++ b/test/e2e/cypress/helpers/express.ts
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 import { APP_URL, SPA_URL } from "./index"
 
 export const routes = {
diff --git a/test/e2e/cypress/helpers/httpbin.ts b/test/e2e/cypress/helpers/httpbin.ts
index 3e5ed407be2e..d8f396097390 100644
--- a/test/e2e/cypress/helpers/httpbin.ts
+++ b/test/e2e/cypress/helpers/httpbin.ts
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 import * as oauth2 from "./oauth2"
 
 export function checkToken(
diff --git a/test/e2e/cypress/helpers/index.ts b/test/e2e/cypress/helpers/index.ts
index bc01da3725cc..92408f36b7ee 100644
--- a/test/e2e/cypress/helpers/index.ts
+++ b/test/e2e/cypress/helpers/index.ts
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 export const email = () => Math.random().toString(36) + "@ory.sh"
 export const blockedEmail = () =>
   Math.random().toString(36) + "_blocked" + "@ory.sh"
diff --git a/test/e2e/cypress/helpers/oauth2.ts b/test/e2e/cypress/helpers/oauth2.ts
index 5ad3d6680f02..c47fda55b4cb 100644
--- a/test/e2e/cypress/helpers/oauth2.ts
+++ b/test/e2e/cypress/helpers/oauth2.ts
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 import * as uuid from "uuid"
 
 export type oAuth2Client = {
diff --git a/test/e2e/cypress/helpers/react.ts b/test/e2e/cypress/helpers/react.ts
index e5a3fd4e5d61..88a69f3a4539 100644
--- a/test/e2e/cypress/helpers/react.ts
+++ b/test/e2e/cypress/helpers/react.ts
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 import { SPA_URL } from "./index"
 
 export const routes = {
diff --git a/test/e2e/cypress/integration/profiles/email/error/ui.spec.ts b/test/e2e/cypress/integration/profiles/email/error/ui.spec.ts
index 8712f8f4b22a..b213beb63d3e 100644
--- a/test/e2e/cypress/integration/profiles/email/error/ui.spec.ts
+++ b/test/e2e/cypress/integration/profiles/email/error/ui.spec.ts
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 import { routes as express } from "../../../../helpers/express"
 import { routes as react } from "../../../../helpers/react"
 import { appPrefix } from "../../../../helpers"
diff --git a/test/e2e/cypress/integration/profiles/email/login/error.spec.ts b/test/e2e/cypress/integration/profiles/email/login/error.spec.ts
index 10ea62bd6af6..0c7aa92b783f 100644
--- a/test/e2e/cypress/integration/profiles/email/login/error.spec.ts
+++ b/test/e2e/cypress/integration/profiles/email/login/error.spec.ts
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 import { appPrefix, gen } from "../../../../helpers"
 import { routes as express } from "../../../../helpers/express"
 import { routes as react } from "../../../../helpers/react"
diff --git a/test/e2e/cypress/integration/profiles/email/login/success.spec.ts b/test/e2e/cypress/integration/profiles/email/login/success.spec.ts
index d3244366b63f..c7f2cbfabce1 100644
--- a/test/e2e/cypress/integration/profiles/email/login/success.spec.ts
+++ b/test/e2e/cypress/integration/profiles/email/login/success.spec.ts
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 import { APP_URL, appPrefix, gen, website } from "../../../../helpers"
 import { routes as express } from "../../../../helpers/express"
 import { routes as react } from "../../../../helpers/react"
diff --git a/test/e2e/cypress/integration/profiles/email/login/ui.spec.ts b/test/e2e/cypress/integration/profiles/email/login/ui.spec.ts
index b8293fc01889..9156ca49ecda 100644
--- a/test/e2e/cypress/integration/profiles/email/login/ui.spec.ts
+++ b/test/e2e/cypress/integration/profiles/email/login/ui.spec.ts
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 import { routes as express } from "../../../../helpers/express"
 import { routes as react } from "../../../../helpers/react"
 import { appPrefix } from "../../../../helpers"
diff --git a/test/e2e/cypress/integration/profiles/email/logout/success.spec.ts b/test/e2e/cypress/integration/profiles/email/logout/success.spec.ts
index 942105472145..bd44e557fd6b 100644
--- a/test/e2e/cypress/integration/profiles/email/logout/success.spec.ts
+++ b/test/e2e/cypress/integration/profiles/email/logout/success.spec.ts
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 import { appPrefix, gen, website } from "../../../../helpers"
 import { routes as express } from "../../../../helpers/express"
 import { routes as react } from "../../../../helpers/react"
diff --git a/test/e2e/cypress/integration/profiles/email/registration/errors.spec.ts b/test/e2e/cypress/integration/profiles/email/registration/errors.spec.ts
index a6f7c24878f0..442fbabdd297 100644
--- a/test/e2e/cypress/integration/profiles/email/registration/errors.spec.ts
+++ b/test/e2e/cypress/integration/profiles/email/registration/errors.spec.ts
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 import { appPrefix, gen } from "../../../../helpers"
 import { routes as express } from "../../../../helpers/express"
 import { routes as react } from "../../../../helpers/react"
diff --git a/test/e2e/cypress/integration/profiles/email/registration/success.spec.ts b/test/e2e/cypress/integration/profiles/email/registration/success.spec.ts
index 702f2a905760..6bb0084372a1 100644
--- a/test/e2e/cypress/integration/profiles/email/registration/success.spec.ts
+++ b/test/e2e/cypress/integration/profiles/email/registration/success.spec.ts
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 import { APP_URL, appPrefix, gen } from "../../../../helpers"
 import { routes as express } from "../../../../helpers/express"
 import { routes as react } from "../../../../helpers/react"
diff --git a/test/e2e/cypress/integration/profiles/email/registration/ui.spec.ts b/test/e2e/cypress/integration/profiles/email/registration/ui.spec.ts
index 122adfc974bc..73e806a3ec03 100644
--- a/test/e2e/cypress/integration/profiles/email/registration/ui.spec.ts
+++ b/test/e2e/cypress/integration/profiles/email/registration/ui.spec.ts
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 import { routes as express } from "../../../../helpers/express"
 import { routes as react } from "../../../../helpers/react"
 import { appPrefix } from "../../../../helpers"
diff --git a/test/e2e/cypress/integration/profiles/email/settings/errors.spec.ts b/test/e2e/cypress/integration/profiles/email/settings/errors.spec.ts
index 68880c25eb4f..b13fbdae4f1c 100644
--- a/test/e2e/cypress/integration/profiles/email/settings/errors.spec.ts
+++ b/test/e2e/cypress/integration/profiles/email/settings/errors.spec.ts
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 import { appPrefix, gen, website } from "../../../../helpers"
 import { routes as react } from "../../../../helpers/react"
 import { routes as express } from "../../../../helpers/express"
diff --git a/test/e2e/cypress/integration/profiles/email/settings/success.spec.ts b/test/e2e/cypress/integration/profiles/email/settings/success.spec.ts
index 183279abbb9e..a4c180c1a48e 100644
--- a/test/e2e/cypress/integration/profiles/email/settings/success.spec.ts
+++ b/test/e2e/cypress/integration/profiles/email/settings/success.spec.ts
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 import { APP_URL, appPrefix, gen, website } from "../../../../helpers"
 import { routes as express } from "../../../../helpers/express"
 import { routes as react } from "../../../../helpers/react"
diff --git a/test/e2e/cypress/integration/profiles/email/settings/ui.spec.ts b/test/e2e/cypress/integration/profiles/email/settings/ui.spec.ts
index f2987b24b7c0..2521de72cdeb 100644
--- a/test/e2e/cypress/integration/profiles/email/settings/ui.spec.ts
+++ b/test/e2e/cypress/integration/profiles/email/settings/ui.spec.ts
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 import { appPrefix, gen } from "../../../../helpers"
 import { routes as express } from "../../../../helpers/express"
 import { routes as react } from "../../../../helpers/react"
diff --git a/test/e2e/cypress/integration/profiles/import/import.spec.ts b/test/e2e/cypress/integration/profiles/import/import.spec.ts
index b9e8ec93cfe6..a209a9501076 100644
--- a/test/e2e/cypress/integration/profiles/import/import.spec.ts
+++ b/test/e2e/cypress/integration/profiles/import/import.spec.ts
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 import { routes as express } from "../../../helpers/express"
 import { gen, KRATOS_ADMIN, website } from "../../../helpers"
 
diff --git a/test/e2e/cypress/integration/profiles/mfa/lookup.spec.ts b/test/e2e/cypress/integration/profiles/mfa/lookup.spec.ts
index e2cc66e84db1..394fdcce0f4a 100644
--- a/test/e2e/cypress/integration/profiles/mfa/lookup.spec.ts
+++ b/test/e2e/cypress/integration/profiles/mfa/lookup.spec.ts
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 import { appPrefix, gen, website } from "../../../helpers"
 import { routes as express } from "../../../helpers/express"
 import { routes as react } from "../../../helpers/react"
diff --git a/test/e2e/cypress/integration/profiles/mfa/mix.spec.ts b/test/e2e/cypress/integration/profiles/mfa/mix.spec.ts
index 4f49f9bc719b..96d3759eae4c 100644
--- a/test/e2e/cypress/integration/profiles/mfa/mix.spec.ts
+++ b/test/e2e/cypress/integration/profiles/mfa/mix.spec.ts
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 import { APP_URL, appPrefix, gen, website } from "../../../helpers"
 import { authenticator } from "otplib"
 import { routes as react } from "../../../helpers/react"
diff --git a/test/e2e/cypress/integration/profiles/mfa/settings.spec.ts b/test/e2e/cypress/integration/profiles/mfa/settings.spec.ts
index 0947f574de05..d14c0881f8b4 100644
--- a/test/e2e/cypress/integration/profiles/mfa/settings.spec.ts
+++ b/test/e2e/cypress/integration/profiles/mfa/settings.spec.ts
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 import { appPrefix, gen, website } from "../../../helpers"
 import { routes as express } from "../../../helpers/express"
 import { routes as react } from "../../../helpers/react"
diff --git a/test/e2e/cypress/integration/profiles/mfa/totp.spec.ts b/test/e2e/cypress/integration/profiles/mfa/totp.spec.ts
index 9f759525311f..78e320c786f7 100644
--- a/test/e2e/cypress/integration/profiles/mfa/totp.spec.ts
+++ b/test/e2e/cypress/integration/profiles/mfa/totp.spec.ts
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 import { gen, website } from "../../../helpers"
 import { authenticator } from "otplib"
 import { routes as react } from "../../../helpers/react"
diff --git a/test/e2e/cypress/integration/profiles/mfa/webauthn.spec.ts b/test/e2e/cypress/integration/profiles/mfa/webauthn.spec.ts
index bbacd55498a7..f5b25e58c948 100644
--- a/test/e2e/cypress/integration/profiles/mfa/webauthn.spec.ts
+++ b/test/e2e/cypress/integration/profiles/mfa/webauthn.spec.ts
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 import { appPrefix, gen, website } from "../../../helpers"
 import { routes as react } from "../../../helpers/react"
 import { routes as express } from "../../../helpers/express"
diff --git a/test/e2e/cypress/integration/profiles/mobile/login/errors.spec.ts b/test/e2e/cypress/integration/profiles/mobile/login/errors.spec.ts
index a16be43ff03f..ebf2786cf408 100644
--- a/test/e2e/cypress/integration/profiles/mobile/login/errors.spec.ts
+++ b/test/e2e/cypress/integration/profiles/mobile/login/errors.spec.ts
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 import { gen, MOBILE_URL } from "../../../../helpers"
 
 context("Mobile Profile", () => {
diff --git a/test/e2e/cypress/integration/profiles/mobile/login/success.spec.ts b/test/e2e/cypress/integration/profiles/mobile/login/success.spec.ts
index 94552b6eb3ff..2d6b7979d24a 100644
--- a/test/e2e/cypress/integration/profiles/mobile/login/success.spec.ts
+++ b/test/e2e/cypress/integration/profiles/mobile/login/success.spec.ts
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 import { gen, MOBILE_URL, website } from "../../../../helpers"
 
 context("Mobile Profile", () => {
diff --git a/test/e2e/cypress/integration/profiles/mobile/mfa/backup.spec.ts b/test/e2e/cypress/integration/profiles/mobile/mfa/backup.spec.ts
index e92637552ad9..79bfeb24fb54 100644
--- a/test/e2e/cypress/integration/profiles/mobile/mfa/backup.spec.ts
+++ b/test/e2e/cypress/integration/profiles/mobile/mfa/backup.spec.ts
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 import { gen, MOBILE_URL, website } from "../../../../helpers"
 
 context("Mobile Profile", () => {
diff --git a/test/e2e/cypress/integration/profiles/mobile/mfa/mix.spec.ts b/test/e2e/cypress/integration/profiles/mobile/mfa/mix.spec.ts
index 93b288467d64..0cc063814ed9 100644
--- a/test/e2e/cypress/integration/profiles/mobile/mfa/mix.spec.ts
+++ b/test/e2e/cypress/integration/profiles/mobile/mfa/mix.spec.ts
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 import { APP_URL, gen, MOBILE_URL, website } from "../../../../helpers"
 import { authenticator } from "otplib"
 
diff --git a/test/e2e/cypress/integration/profiles/mobile/mfa/totp.spec.ts b/test/e2e/cypress/integration/profiles/mobile/mfa/totp.spec.ts
index 2fcdb937676b..1672de3426c7 100644
--- a/test/e2e/cypress/integration/profiles/mobile/mfa/totp.spec.ts
+++ b/test/e2e/cypress/integration/profiles/mobile/mfa/totp.spec.ts
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 import { APP_URL, gen, MOBILE_URL, website } from "../../../../helpers"
 import { authenticator } from "otplib"
 
diff --git a/test/e2e/cypress/integration/profiles/mobile/registration/errors.spec.ts b/test/e2e/cypress/integration/profiles/mobile/registration/errors.spec.ts
index 180a7b8da224..1ffac1766578 100644
--- a/test/e2e/cypress/integration/profiles/mobile/registration/errors.spec.ts
+++ b/test/e2e/cypress/integration/profiles/mobile/registration/errors.spec.ts
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 import { gen, MOBILE_URL, website } from "../../../../helpers"
 
 context("Mobile Profile", () => {
diff --git a/test/e2e/cypress/integration/profiles/mobile/registration/success.spec.ts b/test/e2e/cypress/integration/profiles/mobile/registration/success.spec.ts
index 06b1c842080b..4c07e2a5d48b 100644
--- a/test/e2e/cypress/integration/profiles/mobile/registration/success.spec.ts
+++ b/test/e2e/cypress/integration/profiles/mobile/registration/success.spec.ts
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 import { MOBILE_URL, gen, website } from "../../../../helpers"
 
 context("Mobile Profile", () => {
diff --git a/test/e2e/cypress/integration/profiles/mobile/settings/errors.spec.ts b/test/e2e/cypress/integration/profiles/mobile/settings/errors.spec.ts
index d159dff2eeaa..f472290bd824 100644
--- a/test/e2e/cypress/integration/profiles/mobile/settings/errors.spec.ts
+++ b/test/e2e/cypress/integration/profiles/mobile/settings/errors.spec.ts
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 import { gen, MOBILE_URL, website } from "../../../../helpers"
 
 context("Mobile Profile", () => {
diff --git a/test/e2e/cypress/integration/profiles/mobile/settings/success.spec.ts b/test/e2e/cypress/integration/profiles/mobile/settings/success.spec.ts
index 193ce29475fa..d6bad67de7ff 100644
--- a/test/e2e/cypress/integration/profiles/mobile/settings/success.spec.ts
+++ b/test/e2e/cypress/integration/profiles/mobile/settings/success.spec.ts
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 import { gen, MOBILE_URL, website } from "../../../../helpers"
 
 context("Mobile Profile", () => {
diff --git a/test/e2e/cypress/integration/profiles/network/errors.spec.ts b/test/e2e/cypress/integration/profiles/network/errors.spec.ts
index ca79fc6de758..6274356ee8c1 100644
--- a/test/e2e/cypress/integration/profiles/network/errors.spec.ts
+++ b/test/e2e/cypress/integration/profiles/network/errors.spec.ts
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 import { routes as express } from "../../../helpers/express"
 import { gen } from "../../../helpers"
 
diff --git a/test/e2e/cypress/integration/profiles/oidc-provider/error.spec.ts b/test/e2e/cypress/integration/profiles/oidc-provider/error.spec.ts
index b7bf1b8a6bcf..6dec95879046 100644
--- a/test/e2e/cypress/integration/profiles/oidc-provider/error.spec.ts
+++ b/test/e2e/cypress/integration/profiles/oidc-provider/error.spec.ts
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 import { routes as express } from "../../../helpers/express"
 
 context("OpenID Provider", () => {
diff --git a/test/e2e/cypress/integration/profiles/oidc-provider/login.spec.ts b/test/e2e/cypress/integration/profiles/oidc-provider/login.spec.ts
index 649b2b215637..1ead87791984 100644
--- a/test/e2e/cypress/integration/profiles/oidc-provider/login.spec.ts
+++ b/test/e2e/cypress/integration/profiles/oidc-provider/login.spec.ts
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 import { gen } from "../../../helpers"
 import * as oauth2 from "../../../helpers/oauth2"
 import * as httpbin from "../../../helpers/httpbin"
diff --git a/test/e2e/cypress/integration/profiles/oidc-provider/mfa.spec.ts b/test/e2e/cypress/integration/profiles/oidc-provider/mfa.spec.ts
index 5e7076d93271..69ff2890950b 100644
--- a/test/e2e/cypress/integration/profiles/oidc-provider/mfa.spec.ts
+++ b/test/e2e/cypress/integration/profiles/oidc-provider/mfa.spec.ts
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 import { authenticator } from "otplib"
 import { gen } from "../../../helpers"
 import { routes as express } from "../../../helpers/express"
diff --git a/test/e2e/cypress/integration/profiles/oidc-provider/registration.spec.ts b/test/e2e/cypress/integration/profiles/oidc-provider/registration.spec.ts
index 2b33b23f4a9f..7ae072fb02a8 100644
--- a/test/e2e/cypress/integration/profiles/oidc-provider/registration.spec.ts
+++ b/test/e2e/cypress/integration/profiles/oidc-provider/registration.spec.ts
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 import { gen } from "../../../helpers"
 import * as uuid from "uuid"
 import * as oauth2 from "../../../helpers/oauth2"
diff --git a/test/e2e/cypress/integration/profiles/oidc/login/error.spec.ts b/test/e2e/cypress/integration/profiles/oidc/login/error.spec.ts
index 83d84c157e54..53687f0b439b 100644
--- a/test/e2e/cypress/integration/profiles/oidc/login/error.spec.ts
+++ b/test/e2e/cypress/integration/profiles/oidc/login/error.spec.ts
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 import { appPrefix, gen, website } from "../../../../helpers"
 import { routes as react } from "../../../../helpers/react"
 import { routes as express } from "../../../../helpers/express"
diff --git a/test/e2e/cypress/integration/profiles/oidc/login/success.spec.ts b/test/e2e/cypress/integration/profiles/oidc/login/success.spec.ts
index 1c7e11f62ec9..ef2cf9f54bbe 100644
--- a/test/e2e/cypress/integration/profiles/oidc/login/success.spec.ts
+++ b/test/e2e/cypress/integration/profiles/oidc/login/success.spec.ts
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 import { gen, website } from "../../../../helpers"
 import { routes as react } from "../../../../helpers/react"
 import { routes as express } from "../../../../helpers/express"
diff --git a/test/e2e/cypress/integration/profiles/oidc/logout/success.spec.ts b/test/e2e/cypress/integration/profiles/oidc/logout/success.spec.ts
index 6e425561ace2..b808178589a6 100644
--- a/test/e2e/cypress/integration/profiles/oidc/logout/success.spec.ts
+++ b/test/e2e/cypress/integration/profiles/oidc/logout/success.spec.ts
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 import { appPrefix, gen, website } from "../../../../helpers"
 import { routes as react } from "../../../../helpers/react"
 import { routes as express } from "../../../../helpers/express"
diff --git a/test/e2e/cypress/integration/profiles/oidc/registration/error.spec.ts b/test/e2e/cypress/integration/profiles/oidc/registration/error.spec.ts
index 793c67d0c760..8694f4d3cbb7 100644
--- a/test/e2e/cypress/integration/profiles/oidc/registration/error.spec.ts
+++ b/test/e2e/cypress/integration/profiles/oidc/registration/error.spec.ts
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 import { appPrefix, gen, website } from "../../../../helpers"
 import { routes as react } from "../../../../helpers/react"
 import { routes as express } from "../../../../helpers/express"
diff --git a/test/e2e/cypress/integration/profiles/oidc/registration/success.spec.ts b/test/e2e/cypress/integration/profiles/oidc/registration/success.spec.ts
index 222c34eb3e38..19f8c7f240a5 100644
--- a/test/e2e/cypress/integration/profiles/oidc/registration/success.spec.ts
+++ b/test/e2e/cypress/integration/profiles/oidc/registration/success.spec.ts
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 import { appPrefix, gen, website } from "../../../../helpers"
 import { routes as react } from "../../../../helpers/react"
 import { routes as express } from "../../../../helpers/express"
diff --git a/test/e2e/cypress/integration/profiles/oidc/settings/error.spec.ts b/test/e2e/cypress/integration/profiles/oidc/settings/error.spec.ts
index 6f85d846cf34..c96669abbbe2 100644
--- a/test/e2e/cypress/integration/profiles/oidc/settings/error.spec.ts
+++ b/test/e2e/cypress/integration/profiles/oidc/settings/error.spec.ts
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 import { APP_URL, appPrefix, gen, website } from "../../../../helpers"
 import { routes as react } from "../../../../helpers/react"
 import { routes as express } from "../../../../helpers/express"
diff --git a/test/e2e/cypress/integration/profiles/oidc/settings/success.spec.ts b/test/e2e/cypress/integration/profiles/oidc/settings/success.spec.ts
index 84869e32d271..fdb2ded3d5f3 100644
--- a/test/e2e/cypress/integration/profiles/oidc/settings/success.spec.ts
+++ b/test/e2e/cypress/integration/profiles/oidc/settings/success.spec.ts
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 import { appPrefix, gen, website } from "../../../../helpers"
 import { routes as react } from "../../../../helpers/react"
 import { routes as express } from "../../../../helpers/express"
diff --git a/test/e2e/cypress/integration/profiles/passwordless/flows.spec.ts b/test/e2e/cypress/integration/profiles/passwordless/flows.spec.ts
index efc704c449ff..1989d9237066 100644
--- a/test/e2e/cypress/integration/profiles/passwordless/flows.spec.ts
+++ b/test/e2e/cypress/integration/profiles/passwordless/flows.spec.ts
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 import { appPrefix, gen, website } from "../../../helpers"
 import { routes as express } from "../../../helpers/express"
 import { routes as react } from "../../../helpers/react"
diff --git a/test/e2e/cypress/integration/profiles/recovery/code/errors.spec.ts b/test/e2e/cypress/integration/profiles/recovery/code/errors.spec.ts
index 7eaa984fbd29..5abb312c238e 100644
--- a/test/e2e/cypress/integration/profiles/recovery/code/errors.spec.ts
+++ b/test/e2e/cypress/integration/profiles/recovery/code/errors.spec.ts
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 import { extractRecoveryCode, appPrefix, gen, email } from "../../../../helpers"
 import { routes as react } from "../../../../helpers/react"
 import { routes as express } from "../../../../helpers/express"
diff --git a/test/e2e/cypress/integration/profiles/recovery/code/success.spec.ts b/test/e2e/cypress/integration/profiles/recovery/code/success.spec.ts
index d41affdc5496..8e034d48ee1f 100644
--- a/test/e2e/cypress/integration/profiles/recovery/code/success.spec.ts
+++ b/test/e2e/cypress/integration/profiles/recovery/code/success.spec.ts
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 import { appPrefix, assertRecoveryAddress, gen } from "../../../../helpers"
 import { routes as react } from "../../../../helpers/react"
 import { routes as express } from "../../../../helpers/express"
diff --git a/test/e2e/cypress/integration/profiles/recovery/link/errors.spec.ts b/test/e2e/cypress/integration/profiles/recovery/link/errors.spec.ts
index c2295d4952df..72b88efdffdf 100644
--- a/test/e2e/cypress/integration/profiles/recovery/link/errors.spec.ts
+++ b/test/e2e/cypress/integration/profiles/recovery/link/errors.spec.ts
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 import { APP_URL, appPrefix, gen, parseHtml } from "../../../../helpers"
 import { routes as react } from "../../../../helpers/react"
 import { routes as express } from "../../../../helpers/express"
diff --git a/test/e2e/cypress/integration/profiles/recovery/link/success.spec.ts b/test/e2e/cypress/integration/profiles/recovery/link/success.spec.ts
index 7e43dd4cec1b..2a55b0006924 100644
--- a/test/e2e/cypress/integration/profiles/recovery/link/success.spec.ts
+++ b/test/e2e/cypress/integration/profiles/recovery/link/success.spec.ts
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 import { appPrefix, assertRecoveryAddress, gen } from "../../../../helpers"
 import { routes as react } from "../../../../helpers/react"
 import { routes as express } from "../../../../helpers/express"
diff --git a/test/e2e/cypress/integration/profiles/recovery/settings/success.spec.ts b/test/e2e/cypress/integration/profiles/recovery/settings/success.spec.ts
index e6cfd2103324..d13c0f5bbaf7 100644
--- a/test/e2e/cypress/integration/profiles/recovery/settings/success.spec.ts
+++ b/test/e2e/cypress/integration/profiles/recovery/settings/success.spec.ts
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 import { appPrefix, assertRecoveryAddress, gen } from "../../../../helpers"
 import { routes as react } from "../../../../helpers/react"
 import { routes as express } from "../../../../helpers/express"
diff --git a/test/e2e/cypress/integration/profiles/verification/login/errors.spec.ts b/test/e2e/cypress/integration/profiles/verification/login/errors.spec.ts
index 708de14430d4..50e1292542e9 100644
--- a/test/e2e/cypress/integration/profiles/verification/login/errors.spec.ts
+++ b/test/e2e/cypress/integration/profiles/verification/login/errors.spec.ts
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 import { appPrefix, gen } from "../../../../helpers"
 import { routes as react } from "../../../../helpers/react"
 import { routes as express } from "../../../../helpers/express"
diff --git a/test/e2e/cypress/integration/profiles/verification/login/success.spec.ts b/test/e2e/cypress/integration/profiles/verification/login/success.spec.ts
index 58247bdda0b0..a2f50e3a39cb 100644
--- a/test/e2e/cypress/integration/profiles/verification/login/success.spec.ts
+++ b/test/e2e/cypress/integration/profiles/verification/login/success.spec.ts
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 import { appPrefix, gen } from "../../../../helpers"
 import { routes as react } from "../../../../helpers/react"
 import { routes as express } from "../../../../helpers/express"
diff --git a/test/e2e/cypress/integration/profiles/verification/registration/errors.spec.ts b/test/e2e/cypress/integration/profiles/verification/registration/errors.spec.ts
index 948b0c029b0a..4540674c46bd 100644
--- a/test/e2e/cypress/integration/profiles/verification/registration/errors.spec.ts
+++ b/test/e2e/cypress/integration/profiles/verification/registration/errors.spec.ts
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 import {
   appPrefix,
   assertVerifiableAddress,
diff --git a/test/e2e/cypress/integration/profiles/verification/registration/success.spec.ts b/test/e2e/cypress/integration/profiles/verification/registration/success.spec.ts
index f3064b3df286..61b5b123c2da 100644
--- a/test/e2e/cypress/integration/profiles/verification/registration/success.spec.ts
+++ b/test/e2e/cypress/integration/profiles/verification/registration/success.spec.ts
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 import { assertVerifiableAddress, gen } from "../../../../helpers"
 
 import { routes as react } from "../../../../helpers/react"
diff --git a/test/e2e/cypress/integration/profiles/verification/settings/error.spec.ts b/test/e2e/cypress/integration/profiles/verification/settings/error.spec.ts
index 8967b9bd1250..ae24f8c3cd0a 100644
--- a/test/e2e/cypress/integration/profiles/verification/settings/error.spec.ts
+++ b/test/e2e/cypress/integration/profiles/verification/settings/error.spec.ts
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 import {
   appPrefix,
   assertVerifiableAddress,
diff --git a/test/e2e/cypress/integration/profiles/verification/settings/success.spec.ts b/test/e2e/cypress/integration/profiles/verification/settings/success.spec.ts
index cbd78400b5c2..8b21f0c3ecc1 100644
--- a/test/e2e/cypress/integration/profiles/verification/settings/success.spec.ts
+++ b/test/e2e/cypress/integration/profiles/verification/settings/success.spec.ts
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 import {
   APP_URL,
   appPrefix,
diff --git a/test/e2e/cypress/integration/profiles/verification/verify/errors.spec.ts b/test/e2e/cypress/integration/profiles/verification/verify/errors.spec.ts
index 586f2da9390d..63333d00f458 100644
--- a/test/e2e/cypress/integration/profiles/verification/verify/errors.spec.ts
+++ b/test/e2e/cypress/integration/profiles/verification/verify/errors.spec.ts
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 import {
   APP_URL,
   assertVerifiableAddress,
diff --git a/test/e2e/cypress/integration/profiles/verification/verify/success.spec.ts b/test/e2e/cypress/integration/profiles/verification/verify/success.spec.ts
index 367e144f4e64..49257239047b 100644
--- a/test/e2e/cypress/integration/profiles/verification/verify/success.spec.ts
+++ b/test/e2e/cypress/integration/profiles/verification/verify/success.spec.ts
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 import { APP_URL, assertVerifiableAddress, gen } from "../../../../helpers"
 import { routes as react } from "../../../../helpers/react"
 import { routes as express } from "../../../../helpers/express"
diff --git a/test/e2e/cypress/integration/profiles/webhoooks/login/error.spec.ts b/test/e2e/cypress/integration/profiles/webhoooks/login/error.spec.ts
index 6a30594b70fd..1cf2b09e7dea 100644
--- a/test/e2e/cypress/integration/profiles/webhoooks/login/error.spec.ts
+++ b/test/e2e/cypress/integration/profiles/webhoooks/login/error.spec.ts
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 import { gen } from "../../../../helpers"
 import { routes as express } from "../../../../helpers/express"
 
diff --git a/test/e2e/cypress/integration/profiles/webhoooks/login/success.spec.ts b/test/e2e/cypress/integration/profiles/webhoooks/login/success.spec.ts
index 99f950e8d84d..ddb1e8cc65a2 100644
--- a/test/e2e/cypress/integration/profiles/webhoooks/login/success.spec.ts
+++ b/test/e2e/cypress/integration/profiles/webhoooks/login/success.spec.ts
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 import { APP_URL, appPrefix, gen, website } from "../../../../helpers"
 import { routes as express } from "../../../../helpers/express"
 
diff --git a/test/e2e/cypress/integration/profiles/webhoooks/registration/errors.spec.ts b/test/e2e/cypress/integration/profiles/webhoooks/registration/errors.spec.ts
index 98a6704c4eb1..a33f6f40e0f6 100644
--- a/test/e2e/cypress/integration/profiles/webhoooks/registration/errors.spec.ts
+++ b/test/e2e/cypress/integration/profiles/webhoooks/registration/errors.spec.ts
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 import { gen } from "../../../../helpers"
 import { routes as express } from "../../../../helpers/express"
 
diff --git a/test/e2e/cypress/integration/profiles/webhoooks/registration/success.spec.ts b/test/e2e/cypress/integration/profiles/webhoooks/registration/success.spec.ts
index c0514110e3de..624143e3c625 100644
--- a/test/e2e/cypress/integration/profiles/webhoooks/registration/success.spec.ts
+++ b/test/e2e/cypress/integration/profiles/webhoooks/registration/success.spec.ts
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 import { APP_URL, appPrefix, gen } from "../../../../helpers"
 import { routes as express } from "../../../../helpers/express"
 
diff --git a/test/e2e/cypress/plugins/index.js b/test/e2e/cypress/plugins/index.js
index c62ffbe0b5ff..27274a3dc22e 100644
--- a/test/e2e/cypress/plugins/index.js
+++ b/test/e2e/cypress/plugins/index.js
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 /// 
 
 const got = require("got")
diff --git a/test/e2e/cypress/support/commands.ts b/test/e2e/cypress/support/commands.ts
index 317106396845..c3be3741e8fe 100644
--- a/test/e2e/cypress/support/commands.ts
+++ b/test/e2e/cypress/support/commands.ts
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 import {
   appPrefix,
   APP_URL,
diff --git a/test/e2e/cypress/support/index.d.ts b/test/e2e/cypress/support/index.d.ts
index 999d45de81db..ec1b15bd488c 100644
--- a/test/e2e/cypress/support/index.d.ts
+++ b/test/e2e/cypress/support/index.d.ts
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 import { Session } from "@ory/kratos-client"
 
 export interface MailMessage {
diff --git a/test/e2e/cypress/support/index.js b/test/e2e/cypress/support/index.js
index a010c9a5b2ed..4fa450ed9e44 100644
--- a/test/e2e/cypress/support/index.js
+++ b/test/e2e/cypress/support/index.js
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 import "./commands"
 
 Cypress.Cookies.debug(true)
diff --git a/test/e2e/hydra-kratos-login-consent/main.go b/test/e2e/hydra-kratos-login-consent/main.go
index f63e47ef07af..6e0c71c40ead 100644
--- a/test/e2e/hydra-kratos-login-consent/main.go
+++ b/test/e2e/hydra-kratos-login-consent/main.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package main
 
 import (
diff --git a/test/e2e/hydra-login-consent/main.go b/test/e2e/hydra-login-consent/main.go
index facc10efadf7..b7aa0588e32a 100644
--- a/test/e2e/hydra-login-consent/main.go
+++ b/test/e2e/hydra-login-consent/main.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package main
 
 import (
diff --git a/test/e2e/mock/webhook/main.go b/test/e2e/mock/webhook/main.go
index e56a39099a45..ac9c9d30011f 100644
--- a/test/e2e/mock/webhook/main.go
+++ b/test/e2e/mock/webhook/main.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package main
 
 import (
diff --git a/test/e2e/proxy/proxy.js b/test/e2e/proxy/proxy.js
index 31150db4b332..b033f3d231f4 100644
--- a/test/e2e/proxy/proxy.js
+++ b/test/e2e/proxy/proxy.js
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 const request = require("request")
 const urljoin = require("url-join")
 const express = require("express")
diff --git a/test/schema/schema_test.go b/test/schema/schema_test.go
index d1c8dc72d468..5948f03dc50c 100644
--- a/test/schema/schema_test.go
+++ b/test/schema/schema_test.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package schema
 
 import (
diff --git a/text/context.go b/text/context.go
index 34baee9ca766..8b7947c26658 100644
--- a/text/context.go
+++ b/text/context.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package text
 
 import (
diff --git a/text/id.go b/text/id.go
index 8e9cc4494145..66f88bb9d013 100644
--- a/text/id.go
+++ b/text/id.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package text
 
 // This file MUST not have any imports to modules that are not in the standard library.
diff --git a/text/id_test.go b/text/id_test.go
index 7213787ce0cb..ee4b9941f8cd 100644
--- a/text/id_test.go
+++ b/text/id_test.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package text
 
 import (
diff --git a/text/message.go b/text/message.go
index 43a07658504e..20f18b64998b 100644
--- a/text/message.go
+++ b/text/message.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package text
 
 import (
diff --git a/text/message_error.go b/text/message_error.go
index 36a63c5aaae4..c72d0d354f07 100644
--- a/text/message_error.go
+++ b/text/message_error.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package text
 
 // This file contains error IDs for all system errors / JSON errors
diff --git a/text/message_login.go b/text/message_login.go
index 3f268afd95e2..b1cda917989d 100644
--- a/text/message_login.go
+++ b/text/message_login.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package text
 
 import (
diff --git a/text/message_node.go b/text/message_node.go
index 95b85141b93a..11062d1a8441 100644
--- a/text/message_node.go
+++ b/text/message_node.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package text
 
 func NewInfoNodeLabelVerifyOTP() *Message {
diff --git a/text/message_recovery.go b/text/message_recovery.go
index fb565a4c5cec..cdcd3b59fe15 100644
--- a/text/message_recovery.go
+++ b/text/message_recovery.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package text
 
 import (
diff --git a/text/message_registration.go b/text/message_registration.go
index 53820640d91b..dc3ebf5b24c9 100644
--- a/text/message_registration.go
+++ b/text/message_registration.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package text
 
 import (
diff --git a/text/message_settings.go b/text/message_settings.go
index 08611c95fe7f..5a3631065967 100644
--- a/text/message_settings.go
+++ b/text/message_settings.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package text
 
 import (
diff --git a/text/message_system.go b/text/message_system.go
index b6024a89c1f8..96a57a56748d 100644
--- a/text/message_system.go
+++ b/text/message_system.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package text
 
 func NewErrorSystemGeneric(reason string) *Message {
diff --git a/text/message_test.go b/text/message_test.go
index d58e70a335ca..feace3147b30 100644
--- a/text/message_test.go
+++ b/text/message_test.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package text
 
 import (
diff --git a/text/message_validation.go b/text/message_validation.go
index 9be91320a5ac..93a5082304a2 100644
--- a/text/message_validation.go
+++ b/text/message_validation.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package text
 
 import (
diff --git a/text/message_verification.go b/text/message_verification.go
index 4c7885392ab6..6ebb1b21e501 100644
--- a/text/message_verification.go
+++ b/text/message_verification.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package text
 
 import (
diff --git a/text/type.go b/text/type.go
index 3bc3bd5d3cd0..7de883a95a48 100644
--- a/text/type.go
+++ b/text/type.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package text
 
 import "time"
diff --git a/ui/container/container.go b/ui/container/container.go
index 8dfa31db119b..3cf0c847639e 100644
--- a/ui/container/container.go
+++ b/ui/container/container.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package container
 
 import (
diff --git a/ui/container/container_test.go b/ui/container/container_test.go
index 0721503248dd..d743d78895c7 100644
--- a/ui/container/container_test.go
+++ b/ui/container/container_test.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package container
 
 import (
diff --git a/ui/container/error.go b/ui/container/error.go
index b7f029588ef9..233992a29ef8 100644
--- a/ui/container/error.go
+++ b/ui/container/error.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package container
 
 type (
diff --git a/ui/container/types.go b/ui/container/types.go
index 593ba66560d9..a9b088bf54cc 100644
--- a/ui/container/types.go
+++ b/ui/container/types.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package container
 
 import (
diff --git a/ui/node/attributes.go b/ui/node/attributes.go
index a26b13c88f1b..7ab68eaa4039 100644
--- a/ui/node/attributes.go
+++ b/ui/node/attributes.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package node
 
 import "github.com/ory/kratos/text"
diff --git a/ui/node/attributes_input.go b/ui/node/attributes_input.go
index 27729897cf9e..81330b60e35b 100644
--- a/ui/node/attributes_input.go
+++ b/ui/node/attributes_input.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package node
 
 import (
diff --git a/ui/node/attributes_input_csrf.go b/ui/node/attributes_input_csrf.go
index f79f3288c8c2..3067fdf6c67f 100644
--- a/ui/node/attributes_input_csrf.go
+++ b/ui/node/attributes_input_csrf.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package node
 
 import "github.com/ory/kratos/x"
diff --git a/ui/node/attributes_input_test.go b/ui/node/attributes_input_test.go
index 72b0416d7dda..68317fb0e230 100644
--- a/ui/node/attributes_input_test.go
+++ b/ui/node/attributes_input_test.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package node
 
 import (
diff --git a/ui/node/attributes_test.go b/ui/node/attributes_test.go
index a158cdccabc7..d25bd1eba2a4 100644
--- a/ui/node/attributes_test.go
+++ b/ui/node/attributes_test.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package node
 
 import (
diff --git a/ui/node/helper.go b/ui/node/helper.go
index 6eec64f25cd4..d96320fecd93 100644
--- a/ui/node/helper.go
+++ b/ui/node/helper.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package node
 
 func PasswordLoginOrder(in []string) []string {
diff --git a/ui/node/identifiers.go b/ui/node/identifiers.go
index 591dcea60679..15385b5f84b6 100644
--- a/ui/node/identifiers.go
+++ b/ui/node/identifiers.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package node
 
 const (
diff --git a/ui/node/node.go b/ui/node/node.go
index 8025cb175691..7ee94da70c48 100644
--- a/ui/node/node.go
+++ b/ui/node/node.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package node
 
 import (
diff --git a/ui/node/node_test.go b/ui/node/node_test.go
index 2a26eced911b..30e113be60b0 100644
--- a/ui/node/node_test.go
+++ b/ui/node/node_test.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package node_test
 
 import (
diff --git a/x/clean_url.go b/x/clean_url.go
index f367c18d67e7..75ea469687b5 100644
--- a/x/clean_url.go
+++ b/x/clean_url.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package x
 
 import (
diff --git a/x/clean_url_test.go b/x/clean_url_test.go
index 8d5a70d720d6..cf06f0b0f531 100644
--- a/x/clean_url_test.go
+++ b/x/clean_url_test.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package x
 
 import (
diff --git a/x/cookie.go b/x/cookie.go
index ec1c0d3417cd..c2c387c519ba 100644
--- a/x/cookie.go
+++ b/x/cookie.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package x
 
 import (
diff --git a/x/cookie_test.go b/x/cookie_test.go
index 5b1b05cd238c..f5692c89d0c0 100644
--- a/x/cookie_test.go
+++ b/x/cookie_test.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package x
 
 import (
diff --git a/x/doc.go b/x/doc.go
index 64aa08a21794..740d5f92b776 100644
--- a/x/doc.go
+++ b/x/doc.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 /*
 Package x provides various helpers that do not have an obvious home elsewhere.
 
diff --git a/x/err.go b/x/err.go
index 46b503897824..300be17670c0 100644
--- a/x/err.go
+++ b/x/err.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package x
 
 import (
diff --git a/x/http.go b/x/http.go
index 656570a915a0..97fef05cfa83 100644
--- a/x/http.go
+++ b/x/http.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package x
 
 import (
diff --git a/x/http_redirect_admin.go b/x/http_redirect_admin.go
index 328e3047095d..b816cd0c8397 100644
--- a/x/http_redirect_admin.go
+++ b/x/http_redirect_admin.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package x
 
 import (
diff --git a/x/http_redirect_admin_test.go b/x/http_redirect_admin_test.go
index 1045fa675ae8..28df94b5fe28 100644
--- a/x/http_redirect_admin_test.go
+++ b/x/http_redirect_admin_test.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package x
 
 import (
diff --git a/x/http_secure_redirect.go b/x/http_secure_redirect.go
index 2f79035f7e7b..a6cfb5b5f029 100644
--- a/x/http_secure_redirect.go
+++ b/x/http_secure_redirect.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package x
 
 import (
diff --git a/x/http_secure_redirect_test.go b/x/http_secure_redirect_test.go
index aa1293804fcc..912534e7ae85 100644
--- a/x/http_secure_redirect_test.go
+++ b/x/http_secure_redirect_test.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package x_test
 
 import (
diff --git a/x/http_test.go b/x/http_test.go
index b3dcb7bf421f..beb382d2cd81 100644
--- a/x/http_test.go
+++ b/x/http_test.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package x
 
 import (
diff --git a/x/httploadermiddleware.go b/x/httploadermiddleware.go
index 731f54d002e6..4479fe220658 100644
--- a/x/httploadermiddleware.go
+++ b/x/httploadermiddleware.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package x
 
 import (
diff --git a/x/ider.go b/x/ider.go
index d7a3405be3b4..7f054138b28a 100644
--- a/x/ider.go
+++ b/x/ider.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package x
 
 type Ider interface {
diff --git a/x/isjsonrequest.go b/x/isjsonrequest.go
index 6481b3f05d8e..bbea9cb523b0 100644
--- a/x/isjsonrequest.go
+++ b/x/isjsonrequest.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package x
 
 import (
diff --git a/x/isjsonrequest_test.go b/x/isjsonrequest_test.go
index af93294bafad..6f9214f8bf08 100644
--- a/x/isjsonrequest_test.go
+++ b/x/isjsonrequest_test.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package x
 
 import (
diff --git a/x/json_bool.go b/x/json_bool.go
index d9d7b7a2597c..c236d559e575 100644
--- a/x/json_bool.go
+++ b/x/json_bool.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package x
 
 import (
diff --git a/x/json_bool_test.go b/x/json_bool_test.go
index 96d44899f6bf..1f7f6c8e4384 100644
--- a/x/json_bool_test.go
+++ b/x/json_bool_test.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package x
 
 import (
diff --git a/x/json_number.go b/x/json_number.go
index 485d9cd0a22f..30976190af72 100644
--- a/x/json_number.go
+++ b/x/json_number.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package x
 
 // IsValidNumber reports whether s is a valid JSON number literal.
diff --git a/x/mailhog.go b/x/mailhog.go
index 279dad5b7e1e..39ddc27a4757 100644
--- a/x/mailhog.go
+++ b/x/mailhog.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package x
 
 import (
diff --git a/x/map_json.go b/x/map_json.go
index 8a97f033047c..34c74837b7c0 100644
--- a/x/map_json.go
+++ b/x/map_json.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package x
 
 import (
diff --git a/x/map_json_test.go b/x/map_json_test.go
index 0475ba458f82..94d84f82d04e 100644
--- a/x/map_json_test.go
+++ b/x/map_json_test.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package x
 
 import (
diff --git a/x/maxitems.go b/x/maxitems.go
index f777c45de0fe..209271caff74 100644
--- a/x/maxitems.go
+++ b/x/maxitems.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package x
 
 // MaxItemsPerPage is used to prevent DoS attacks against large lists by limiting the items per page to 500.
diff --git a/x/nocache.go b/x/nocache.go
index fe385c6ac353..a9af9f827447 100644
--- a/x/nocache.go
+++ b/x/nocache.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package x
 
 import (
diff --git a/x/nosurf.go b/x/nosurf.go
index 1a35998428fd..3867f03d06ba 100644
--- a/x/nosurf.go
+++ b/x/nosurf.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package x
 
 import (
diff --git a/x/nosurf_test.go b/x/nosurf_test.go
index 5dcdc2f86dda..7a2e543f6f78 100644
--- a/x/nosurf_test.go
+++ b/x/nosurf_test.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package x_test
 
 import (
diff --git a/x/pagination.go b/x/pagination.go
index a0ccab0b01ec..7ef591eb1b83 100644
--- a/x/pagination.go
+++ b/x/pagination.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package x
 
 import (
diff --git a/x/pointer.go b/x/pointer.go
index bb22ef2c525b..1d16a3fdab73 100644
--- a/x/pointer.go
+++ b/x/pointer.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package x
 
 import "github.com/gofrs/uuid"
diff --git a/x/provider.go b/x/provider.go
index d6311c54adf3..eee5291e00d0 100644
--- a/x/provider.go
+++ b/x/provider.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package x
 
 import (
diff --git a/x/readall.go b/x/readall.go
index 588b1c574319..12f71b61c5c9 100644
--- a/x/readall.go
+++ b/x/readall.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package x
 
 import (
diff --git a/x/redir.go b/x/redir.go
index cb310936418b..e59597f13b1f 100644
--- a/x/redir.go
+++ b/x/redir.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package x
 
 import (
diff --git a/x/redir_test.go b/x/redir_test.go
index 2cb1abb156f3..dc58f03bd6a8 100644
--- a/x/redir_test.go
+++ b/x/redir_test.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package x_test
 
 import (
diff --git a/x/require.go b/x/require.go
index 17154b1593f6..5e27cb72f3f3 100644
--- a/x/require.go
+++ b/x/require.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package x
 
 import (
diff --git a/x/router.go b/x/router.go
index 638084865a3c..8a03048d8510 100644
--- a/x/router.go
+++ b/x/router.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package x
 
 import (
diff --git a/x/router_test.go b/x/router_test.go
index 019c4ef6bf7e..074e7149d9f6 100644
--- a/x/router_test.go
+++ b/x/router_test.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package x
 
 import (
diff --git a/x/sdkx.go b/x/sdkx.go
index 92d0abbb71da..8cd508b27d08 100644
--- a/x/sdkx.go
+++ b/x/sdkx.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package x
 
 func SDKError(err error) error {
diff --git a/x/servicelocatorx/config.go b/x/servicelocatorx/config.go
index a81c12bcde99..045f668d0281 100644
--- a/x/servicelocatorx/config.go
+++ b/x/servicelocatorx/config.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package servicelocatorx
 
 import (
diff --git a/x/stub_fs.go b/x/stub_fs.go
index 3a39de875582..5c2d703eb2d6 100644
--- a/x/stub_fs.go
+++ b/x/stub_fs.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package x
 
 import (
diff --git a/x/tests.go b/x/tests.go
index d35b24af9a11..938d7ef8ef3e 100644
--- a/x/tests.go
+++ b/x/tests.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package x
 
 import (
diff --git a/x/time.go b/x/time.go
index 950cb93953e9..76a5480592f7 100644
--- a/x/time.go
+++ b/x/time.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package x
 
 import (
diff --git a/x/time_test.go b/x/time_test.go
index 93d00a49f8ef..6a1d40e77d65 100644
--- a/x/time_test.go
+++ b/x/time_test.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package x
 
 import (
diff --git a/x/uuid.go b/x/uuid.go
index 1394058b9bdf..15fc20b70426 100644
--- a/x/uuid.go
+++ b/x/uuid.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package x
 
 import (
diff --git a/x/uuid_test.go b/x/uuid_test.go
index 806cef5c4ba8..8159696e3097 100644
--- a/x/uuid_test.go
+++ b/x/uuid_test.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package x
 
 import (
diff --git a/x/xsql/sql.go b/x/xsql/sql.go
index ec6344a954c2..0b0284efc731 100644
--- a/x/xsql/sql.go
+++ b/x/xsql/sql.go
@@ -1,3 +1,6 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package xsql
 
 import (

From cbaaceb9ef73a91e1b4ce5e4f7b9d7bac04d4c03 Mon Sep 17 00:00:00 2001
From: Kevin Goslar 
Date: Tue, 8 Nov 2022 12:05:18 -0600
Subject: [PATCH 350/411] test: update snapshots (#2877)

---
 ...case=webauthn_payload_is_set_when_identity_has_webauthn.json | 2 +-
 ...e=should_fail_if_webauthn_login_is_invalid-type=browser.json | 2 +-
 ...-case=should_fail_if_webauthn_login_is_invalid-type=spa.json | 2 +-
 ...fa_v0_credentials-passwordless_enabled=false#01-browser.json | 2 +-
 ...se=mfa_v0_credentials-passwordless_enabled=false#01-spa.json | 2 +-
 ...fa_v0_credentials-passwordless_enabled=false#02-browser.json | 2 +-
 ...se=mfa_v0_credentials-passwordless_enabled=false#02-spa.json | 2 +-
 ...e=mfa_v0_credentials-passwordless_enabled=false-browser.json | 2 +-
 ...-case=mfa_v0_credentials-passwordless_enabled=false-spa.json | 2 +-
 ...mfa_v0_credentials-passwordless_enabled=true#01-browser.json | 2 +-
 ...ase=mfa_v0_credentials-passwordless_enabled=true#01-spa.json | 2 +-
 ...mfa_v0_credentials-passwordless_enabled=true#02-browser.json | 2 +-
 ...ase=mfa_v0_credentials-passwordless_enabled=true#02-spa.json | 2 +-
 ...se=mfa_v0_credentials-passwordless_enabled=true-browser.json | 2 +-
 ...s-case=mfa_v0_credentials-passwordless_enabled=true-spa.json | 2 +-
 ...teSettings-case=a_device_is_shown_which_can_be_unlinked.json | 2 +-
 ...stCompleteSettings-case=one_activation_element_is_shown.json | 2 +-
 .../TestRegistration-case=webauthn_button_exists-browser.json   | 2 +-
 .../TestRegistration-case=webauthn_button_exists-spa.json       | 2 +-
 19 files changed, 19 insertions(+), 19 deletions(-)

diff --git a/selfservice/strategy/webauthn/.snapshots/TestCompleteLogin-flow=mfa-case=webauthn_payload_is_set_when_identity_has_webauthn.json b/selfservice/strategy/webauthn/.snapshots/TestCompleteLogin-flow=mfa-case=webauthn_payload_is_set_when_identity_has_webauthn.json
index 530c0805e504..2531387ea39f 100644
--- a/selfservice/strategy/webauthn/.snapshots/TestCompleteLogin-flow=mfa-case=webauthn_payload_is_set_when_identity_has_webauthn.json
+++ b/selfservice/strategy/webauthn/.snapshots/TestCompleteLogin-flow=mfa-case=webauthn_payload_is_set_when_identity_has_webauthn.json
@@ -61,7 +61,7 @@
       "async": true,
       "crossorigin": "anonymous",
       "id": "webauthn_script",
-      "integrity": "sha512-E3ctShTQEYTkfWrjztRCbP77lN7L0jJC2IOd6j8vqUKslvqhX/Ho3QxlQJIeTI78krzAWUQlDXd9JQ0PZlKhzQ==",
+      "integrity": "sha512-6d2k8XpeAYNDz5RfwurtCutxAc9R76e1RPFQdtz6gggMOBeVzh4af2UdH3cM8YCrfa2w2boW+JjtsZR3o2IbKQ==",
       "node_type": "script",
       "referrerpolicy": "no-referrer",
       "type": "text/javascript"
diff --git a/selfservice/strategy/webauthn/.snapshots/TestCompleteLogin-flow=passwordless-case=should_fail_if_webauthn_login_is_invalid-type=browser.json b/selfservice/strategy/webauthn/.snapshots/TestCompleteLogin-flow=passwordless-case=should_fail_if_webauthn_login_is_invalid-type=browser.json
index 025c09e3c50c..5d1533f121c9 100644
--- a/selfservice/strategy/webauthn/.snapshots/TestCompleteLogin-flow=passwordless-case=should_fail_if_webauthn_login_is_invalid-type=browser.json
+++ b/selfservice/strategy/webauthn/.snapshots/TestCompleteLogin-flow=passwordless-case=should_fail_if_webauthn_login_is_invalid-type=browser.json
@@ -37,7 +37,7 @@
           "async": true,
           "referrerpolicy": "no-referrer",
           "crossorigin": "anonymous",
-          "integrity": "sha512-E3ctShTQEYTkfWrjztRCbP77lN7L0jJC2IOd6j8vqUKslvqhX/Ho3QxlQJIeTI78krzAWUQlDXd9JQ0PZlKhzQ==",
+          "integrity": "sha512-6d2k8XpeAYNDz5RfwurtCutxAc9R76e1RPFQdtz6gggMOBeVzh4af2UdH3cM8YCrfa2w2boW+JjtsZR3o2IbKQ==",
           "type": "text/javascript",
           "node_type": "script"
         },
diff --git a/selfservice/strategy/webauthn/.snapshots/TestCompleteLogin-flow=passwordless-case=should_fail_if_webauthn_login_is_invalid-type=spa.json b/selfservice/strategy/webauthn/.snapshots/TestCompleteLogin-flow=passwordless-case=should_fail_if_webauthn_login_is_invalid-type=spa.json
index 025c09e3c50c..5d1533f121c9 100644
--- a/selfservice/strategy/webauthn/.snapshots/TestCompleteLogin-flow=passwordless-case=should_fail_if_webauthn_login_is_invalid-type=spa.json
+++ b/selfservice/strategy/webauthn/.snapshots/TestCompleteLogin-flow=passwordless-case=should_fail_if_webauthn_login_is_invalid-type=spa.json
@@ -37,7 +37,7 @@
           "async": true,
           "referrerpolicy": "no-referrer",
           "crossorigin": "anonymous",
-          "integrity": "sha512-E3ctShTQEYTkfWrjztRCbP77lN7L0jJC2IOd6j8vqUKslvqhX/Ho3QxlQJIeTI78krzAWUQlDXd9JQ0PZlKhzQ==",
+          "integrity": "sha512-6d2k8XpeAYNDz5RfwurtCutxAc9R76e1RPFQdtz6gggMOBeVzh4af2UdH3cM8YCrfa2w2boW+JjtsZR3o2IbKQ==",
           "type": "text/javascript",
           "node_type": "script"
         },
diff --git a/selfservice/strategy/webauthn/.snapshots/TestCompleteLogin-flow=refresh-case=passwordless-case=mfa_v0_credentials-passwordless_enabled=false#01-browser.json b/selfservice/strategy/webauthn/.snapshots/TestCompleteLogin-flow=refresh-case=passwordless-case=mfa_v0_credentials-passwordless_enabled=false#01-browser.json
index 0ea51fccfedd..1c4b16c2c7d3 100644
--- a/selfservice/strategy/webauthn/.snapshots/TestCompleteLogin-flow=refresh-case=passwordless-case=mfa_v0_credentials-passwordless_enabled=false#01-browser.json
+++ b/selfservice/strategy/webauthn/.snapshots/TestCompleteLogin-flow=refresh-case=passwordless-case=mfa_v0_credentials-passwordless_enabled=false#01-browser.json
@@ -62,7 +62,7 @@
       "async": true,
       "crossorigin": "anonymous",
       "id": "webauthn_script",
-      "integrity": "sha512-E3ctShTQEYTkfWrjztRCbP77lN7L0jJC2IOd6j8vqUKslvqhX/Ho3QxlQJIeTI78krzAWUQlDXd9JQ0PZlKhzQ==",
+      "integrity": "sha512-6d2k8XpeAYNDz5RfwurtCutxAc9R76e1RPFQdtz6gggMOBeVzh4af2UdH3cM8YCrfa2w2boW+JjtsZR3o2IbKQ==",
       "node_type": "script",
       "referrerpolicy": "no-referrer",
       "type": "text/javascript"
diff --git a/selfservice/strategy/webauthn/.snapshots/TestCompleteLogin-flow=refresh-case=passwordless-case=mfa_v0_credentials-passwordless_enabled=false#01-spa.json b/selfservice/strategy/webauthn/.snapshots/TestCompleteLogin-flow=refresh-case=passwordless-case=mfa_v0_credentials-passwordless_enabled=false#01-spa.json
index 0ea51fccfedd..1c4b16c2c7d3 100644
--- a/selfservice/strategy/webauthn/.snapshots/TestCompleteLogin-flow=refresh-case=passwordless-case=mfa_v0_credentials-passwordless_enabled=false#01-spa.json
+++ b/selfservice/strategy/webauthn/.snapshots/TestCompleteLogin-flow=refresh-case=passwordless-case=mfa_v0_credentials-passwordless_enabled=false#01-spa.json
@@ -62,7 +62,7 @@
       "async": true,
       "crossorigin": "anonymous",
       "id": "webauthn_script",
-      "integrity": "sha512-E3ctShTQEYTkfWrjztRCbP77lN7L0jJC2IOd6j8vqUKslvqhX/Ho3QxlQJIeTI78krzAWUQlDXd9JQ0PZlKhzQ==",
+      "integrity": "sha512-6d2k8XpeAYNDz5RfwurtCutxAc9R76e1RPFQdtz6gggMOBeVzh4af2UdH3cM8YCrfa2w2boW+JjtsZR3o2IbKQ==",
       "node_type": "script",
       "referrerpolicy": "no-referrer",
       "type": "text/javascript"
diff --git a/selfservice/strategy/webauthn/.snapshots/TestCompleteLogin-flow=refresh-case=passwordless-case=mfa_v0_credentials-passwordless_enabled=false#02-browser.json b/selfservice/strategy/webauthn/.snapshots/TestCompleteLogin-flow=refresh-case=passwordless-case=mfa_v0_credentials-passwordless_enabled=false#02-browser.json
index 0ea51fccfedd..1c4b16c2c7d3 100644
--- a/selfservice/strategy/webauthn/.snapshots/TestCompleteLogin-flow=refresh-case=passwordless-case=mfa_v0_credentials-passwordless_enabled=false#02-browser.json
+++ b/selfservice/strategy/webauthn/.snapshots/TestCompleteLogin-flow=refresh-case=passwordless-case=mfa_v0_credentials-passwordless_enabled=false#02-browser.json
@@ -62,7 +62,7 @@
       "async": true,
       "crossorigin": "anonymous",
       "id": "webauthn_script",
-      "integrity": "sha512-E3ctShTQEYTkfWrjztRCbP77lN7L0jJC2IOd6j8vqUKslvqhX/Ho3QxlQJIeTI78krzAWUQlDXd9JQ0PZlKhzQ==",
+      "integrity": "sha512-6d2k8XpeAYNDz5RfwurtCutxAc9R76e1RPFQdtz6gggMOBeVzh4af2UdH3cM8YCrfa2w2boW+JjtsZR3o2IbKQ==",
       "node_type": "script",
       "referrerpolicy": "no-referrer",
       "type": "text/javascript"
diff --git a/selfservice/strategy/webauthn/.snapshots/TestCompleteLogin-flow=refresh-case=passwordless-case=mfa_v0_credentials-passwordless_enabled=false#02-spa.json b/selfservice/strategy/webauthn/.snapshots/TestCompleteLogin-flow=refresh-case=passwordless-case=mfa_v0_credentials-passwordless_enabled=false#02-spa.json
index 0ea51fccfedd..1c4b16c2c7d3 100644
--- a/selfservice/strategy/webauthn/.snapshots/TestCompleteLogin-flow=refresh-case=passwordless-case=mfa_v0_credentials-passwordless_enabled=false#02-spa.json
+++ b/selfservice/strategy/webauthn/.snapshots/TestCompleteLogin-flow=refresh-case=passwordless-case=mfa_v0_credentials-passwordless_enabled=false#02-spa.json
@@ -62,7 +62,7 @@
       "async": true,
       "crossorigin": "anonymous",
       "id": "webauthn_script",
-      "integrity": "sha512-E3ctShTQEYTkfWrjztRCbP77lN7L0jJC2IOd6j8vqUKslvqhX/Ho3QxlQJIeTI78krzAWUQlDXd9JQ0PZlKhzQ==",
+      "integrity": "sha512-6d2k8XpeAYNDz5RfwurtCutxAc9R76e1RPFQdtz6gggMOBeVzh4af2UdH3cM8YCrfa2w2boW+JjtsZR3o2IbKQ==",
       "node_type": "script",
       "referrerpolicy": "no-referrer",
       "type": "text/javascript"
diff --git a/selfservice/strategy/webauthn/.snapshots/TestCompleteLogin-flow=refresh-case=passwordless-case=mfa_v0_credentials-passwordless_enabled=false-browser.json b/selfservice/strategy/webauthn/.snapshots/TestCompleteLogin-flow=refresh-case=passwordless-case=mfa_v0_credentials-passwordless_enabled=false-browser.json
index 0ea51fccfedd..1c4b16c2c7d3 100644
--- a/selfservice/strategy/webauthn/.snapshots/TestCompleteLogin-flow=refresh-case=passwordless-case=mfa_v0_credentials-passwordless_enabled=false-browser.json
+++ b/selfservice/strategy/webauthn/.snapshots/TestCompleteLogin-flow=refresh-case=passwordless-case=mfa_v0_credentials-passwordless_enabled=false-browser.json
@@ -62,7 +62,7 @@
       "async": true,
       "crossorigin": "anonymous",
       "id": "webauthn_script",
-      "integrity": "sha512-E3ctShTQEYTkfWrjztRCbP77lN7L0jJC2IOd6j8vqUKslvqhX/Ho3QxlQJIeTI78krzAWUQlDXd9JQ0PZlKhzQ==",
+      "integrity": "sha512-6d2k8XpeAYNDz5RfwurtCutxAc9R76e1RPFQdtz6gggMOBeVzh4af2UdH3cM8YCrfa2w2boW+JjtsZR3o2IbKQ==",
       "node_type": "script",
       "referrerpolicy": "no-referrer",
       "type": "text/javascript"
diff --git a/selfservice/strategy/webauthn/.snapshots/TestCompleteLogin-flow=refresh-case=passwordless-case=mfa_v0_credentials-passwordless_enabled=false-spa.json b/selfservice/strategy/webauthn/.snapshots/TestCompleteLogin-flow=refresh-case=passwordless-case=mfa_v0_credentials-passwordless_enabled=false-spa.json
index 0ea51fccfedd..1c4b16c2c7d3 100644
--- a/selfservice/strategy/webauthn/.snapshots/TestCompleteLogin-flow=refresh-case=passwordless-case=mfa_v0_credentials-passwordless_enabled=false-spa.json
+++ b/selfservice/strategy/webauthn/.snapshots/TestCompleteLogin-flow=refresh-case=passwordless-case=mfa_v0_credentials-passwordless_enabled=false-spa.json
@@ -62,7 +62,7 @@
       "async": true,
       "crossorigin": "anonymous",
       "id": "webauthn_script",
-      "integrity": "sha512-E3ctShTQEYTkfWrjztRCbP77lN7L0jJC2IOd6j8vqUKslvqhX/Ho3QxlQJIeTI78krzAWUQlDXd9JQ0PZlKhzQ==",
+      "integrity": "sha512-6d2k8XpeAYNDz5RfwurtCutxAc9R76e1RPFQdtz6gggMOBeVzh4af2UdH3cM8YCrfa2w2boW+JjtsZR3o2IbKQ==",
       "node_type": "script",
       "referrerpolicy": "no-referrer",
       "type": "text/javascript"
diff --git a/selfservice/strategy/webauthn/.snapshots/TestCompleteLogin-flow=refresh-case=passwordless-case=mfa_v0_credentials-passwordless_enabled=true#01-browser.json b/selfservice/strategy/webauthn/.snapshots/TestCompleteLogin-flow=refresh-case=passwordless-case=mfa_v0_credentials-passwordless_enabled=true#01-browser.json
index 0ea51fccfedd..1c4b16c2c7d3 100644
--- a/selfservice/strategy/webauthn/.snapshots/TestCompleteLogin-flow=refresh-case=passwordless-case=mfa_v0_credentials-passwordless_enabled=true#01-browser.json
+++ b/selfservice/strategy/webauthn/.snapshots/TestCompleteLogin-flow=refresh-case=passwordless-case=mfa_v0_credentials-passwordless_enabled=true#01-browser.json
@@ -62,7 +62,7 @@
       "async": true,
       "crossorigin": "anonymous",
       "id": "webauthn_script",
-      "integrity": "sha512-E3ctShTQEYTkfWrjztRCbP77lN7L0jJC2IOd6j8vqUKslvqhX/Ho3QxlQJIeTI78krzAWUQlDXd9JQ0PZlKhzQ==",
+      "integrity": "sha512-6d2k8XpeAYNDz5RfwurtCutxAc9R76e1RPFQdtz6gggMOBeVzh4af2UdH3cM8YCrfa2w2boW+JjtsZR3o2IbKQ==",
       "node_type": "script",
       "referrerpolicy": "no-referrer",
       "type": "text/javascript"
diff --git a/selfservice/strategy/webauthn/.snapshots/TestCompleteLogin-flow=refresh-case=passwordless-case=mfa_v0_credentials-passwordless_enabled=true#01-spa.json b/selfservice/strategy/webauthn/.snapshots/TestCompleteLogin-flow=refresh-case=passwordless-case=mfa_v0_credentials-passwordless_enabled=true#01-spa.json
index 0ea51fccfedd..1c4b16c2c7d3 100644
--- a/selfservice/strategy/webauthn/.snapshots/TestCompleteLogin-flow=refresh-case=passwordless-case=mfa_v0_credentials-passwordless_enabled=true#01-spa.json
+++ b/selfservice/strategy/webauthn/.snapshots/TestCompleteLogin-flow=refresh-case=passwordless-case=mfa_v0_credentials-passwordless_enabled=true#01-spa.json
@@ -62,7 +62,7 @@
       "async": true,
       "crossorigin": "anonymous",
       "id": "webauthn_script",
-      "integrity": "sha512-E3ctShTQEYTkfWrjztRCbP77lN7L0jJC2IOd6j8vqUKslvqhX/Ho3QxlQJIeTI78krzAWUQlDXd9JQ0PZlKhzQ==",
+      "integrity": "sha512-6d2k8XpeAYNDz5RfwurtCutxAc9R76e1RPFQdtz6gggMOBeVzh4af2UdH3cM8YCrfa2w2boW+JjtsZR3o2IbKQ==",
       "node_type": "script",
       "referrerpolicy": "no-referrer",
       "type": "text/javascript"
diff --git a/selfservice/strategy/webauthn/.snapshots/TestCompleteLogin-flow=refresh-case=passwordless-case=mfa_v0_credentials-passwordless_enabled=true#02-browser.json b/selfservice/strategy/webauthn/.snapshots/TestCompleteLogin-flow=refresh-case=passwordless-case=mfa_v0_credentials-passwordless_enabled=true#02-browser.json
index 0ea51fccfedd..1c4b16c2c7d3 100644
--- a/selfservice/strategy/webauthn/.snapshots/TestCompleteLogin-flow=refresh-case=passwordless-case=mfa_v0_credentials-passwordless_enabled=true#02-browser.json
+++ b/selfservice/strategy/webauthn/.snapshots/TestCompleteLogin-flow=refresh-case=passwordless-case=mfa_v0_credentials-passwordless_enabled=true#02-browser.json
@@ -62,7 +62,7 @@
       "async": true,
       "crossorigin": "anonymous",
       "id": "webauthn_script",
-      "integrity": "sha512-E3ctShTQEYTkfWrjztRCbP77lN7L0jJC2IOd6j8vqUKslvqhX/Ho3QxlQJIeTI78krzAWUQlDXd9JQ0PZlKhzQ==",
+      "integrity": "sha512-6d2k8XpeAYNDz5RfwurtCutxAc9R76e1RPFQdtz6gggMOBeVzh4af2UdH3cM8YCrfa2w2boW+JjtsZR3o2IbKQ==",
       "node_type": "script",
       "referrerpolicy": "no-referrer",
       "type": "text/javascript"
diff --git a/selfservice/strategy/webauthn/.snapshots/TestCompleteLogin-flow=refresh-case=passwordless-case=mfa_v0_credentials-passwordless_enabled=true#02-spa.json b/selfservice/strategy/webauthn/.snapshots/TestCompleteLogin-flow=refresh-case=passwordless-case=mfa_v0_credentials-passwordless_enabled=true#02-spa.json
index 0ea51fccfedd..1c4b16c2c7d3 100644
--- a/selfservice/strategy/webauthn/.snapshots/TestCompleteLogin-flow=refresh-case=passwordless-case=mfa_v0_credentials-passwordless_enabled=true#02-spa.json
+++ b/selfservice/strategy/webauthn/.snapshots/TestCompleteLogin-flow=refresh-case=passwordless-case=mfa_v0_credentials-passwordless_enabled=true#02-spa.json
@@ -62,7 +62,7 @@
       "async": true,
       "crossorigin": "anonymous",
       "id": "webauthn_script",
-      "integrity": "sha512-E3ctShTQEYTkfWrjztRCbP77lN7L0jJC2IOd6j8vqUKslvqhX/Ho3QxlQJIeTI78krzAWUQlDXd9JQ0PZlKhzQ==",
+      "integrity": "sha512-6d2k8XpeAYNDz5RfwurtCutxAc9R76e1RPFQdtz6gggMOBeVzh4af2UdH3cM8YCrfa2w2boW+JjtsZR3o2IbKQ==",
       "node_type": "script",
       "referrerpolicy": "no-referrer",
       "type": "text/javascript"
diff --git a/selfservice/strategy/webauthn/.snapshots/TestCompleteLogin-flow=refresh-case=passwordless-case=mfa_v0_credentials-passwordless_enabled=true-browser.json b/selfservice/strategy/webauthn/.snapshots/TestCompleteLogin-flow=refresh-case=passwordless-case=mfa_v0_credentials-passwordless_enabled=true-browser.json
index 0ea51fccfedd..1c4b16c2c7d3 100644
--- a/selfservice/strategy/webauthn/.snapshots/TestCompleteLogin-flow=refresh-case=passwordless-case=mfa_v0_credentials-passwordless_enabled=true-browser.json
+++ b/selfservice/strategy/webauthn/.snapshots/TestCompleteLogin-flow=refresh-case=passwordless-case=mfa_v0_credentials-passwordless_enabled=true-browser.json
@@ -62,7 +62,7 @@
       "async": true,
       "crossorigin": "anonymous",
       "id": "webauthn_script",
-      "integrity": "sha512-E3ctShTQEYTkfWrjztRCbP77lN7L0jJC2IOd6j8vqUKslvqhX/Ho3QxlQJIeTI78krzAWUQlDXd9JQ0PZlKhzQ==",
+      "integrity": "sha512-6d2k8XpeAYNDz5RfwurtCutxAc9R76e1RPFQdtz6gggMOBeVzh4af2UdH3cM8YCrfa2w2boW+JjtsZR3o2IbKQ==",
       "node_type": "script",
       "referrerpolicy": "no-referrer",
       "type": "text/javascript"
diff --git a/selfservice/strategy/webauthn/.snapshots/TestCompleteLogin-flow=refresh-case=passwordless-case=mfa_v0_credentials-passwordless_enabled=true-spa.json b/selfservice/strategy/webauthn/.snapshots/TestCompleteLogin-flow=refresh-case=passwordless-case=mfa_v0_credentials-passwordless_enabled=true-spa.json
index 0ea51fccfedd..1c4b16c2c7d3 100644
--- a/selfservice/strategy/webauthn/.snapshots/TestCompleteLogin-flow=refresh-case=passwordless-case=mfa_v0_credentials-passwordless_enabled=true-spa.json
+++ b/selfservice/strategy/webauthn/.snapshots/TestCompleteLogin-flow=refresh-case=passwordless-case=mfa_v0_credentials-passwordless_enabled=true-spa.json
@@ -62,7 +62,7 @@
       "async": true,
       "crossorigin": "anonymous",
       "id": "webauthn_script",
-      "integrity": "sha512-E3ctShTQEYTkfWrjztRCbP77lN7L0jJC2IOd6j8vqUKslvqhX/Ho3QxlQJIeTI78krzAWUQlDXd9JQ0PZlKhzQ==",
+      "integrity": "sha512-6d2k8XpeAYNDz5RfwurtCutxAc9R76e1RPFQdtz6gggMOBeVzh4af2UdH3cM8YCrfa2w2boW+JjtsZR3o2IbKQ==",
       "node_type": "script",
       "referrerpolicy": "no-referrer",
       "type": "text/javascript"
diff --git a/selfservice/strategy/webauthn/.snapshots/TestCompleteSettings-case=a_device_is_shown_which_can_be_unlinked.json b/selfservice/strategy/webauthn/.snapshots/TestCompleteSettings-case=a_device_is_shown_which_can_be_unlinked.json
index fe90e9c18093..20bbae3382ca 100644
--- a/selfservice/strategy/webauthn/.snapshots/TestCompleteSettings-case=a_device_is_shown_which_can_be_unlinked.json
+++ b/selfservice/strategy/webauthn/.snapshots/TestCompleteSettings-case=a_device_is_shown_which_can_be_unlinked.json
@@ -114,7 +114,7 @@
       "async": true,
       "crossorigin": "anonymous",
       "id": "webauthn_script",
-      "integrity": "sha512-E3ctShTQEYTkfWrjztRCbP77lN7L0jJC2IOd6j8vqUKslvqhX/Ho3QxlQJIeTI78krzAWUQlDXd9JQ0PZlKhzQ==",
+      "integrity": "sha512-6d2k8XpeAYNDz5RfwurtCutxAc9R76e1RPFQdtz6gggMOBeVzh4af2UdH3cM8YCrfa2w2boW+JjtsZR3o2IbKQ==",
       "node_type": "script",
       "referrerpolicy": "no-referrer",
       "type": "text/javascript"
diff --git a/selfservice/strategy/webauthn/.snapshots/TestCompleteSettings-case=one_activation_element_is_shown.json b/selfservice/strategy/webauthn/.snapshots/TestCompleteSettings-case=one_activation_element_is_shown.json
index 444806932039..1e78b7644b4e 100644
--- a/selfservice/strategy/webauthn/.snapshots/TestCompleteSettings-case=one_activation_element_is_shown.json
+++ b/selfservice/strategy/webauthn/.snapshots/TestCompleteSettings-case=one_activation_element_is_shown.json
@@ -68,7 +68,7 @@
       "async": true,
       "crossorigin": "anonymous",
       "id": "webauthn_script",
-      "integrity": "sha512-E3ctShTQEYTkfWrjztRCbP77lN7L0jJC2IOd6j8vqUKslvqhX/Ho3QxlQJIeTI78krzAWUQlDXd9JQ0PZlKhzQ==",
+      "integrity": "sha512-6d2k8XpeAYNDz5RfwurtCutxAc9R76e1RPFQdtz6gggMOBeVzh4af2UdH3cM8YCrfa2w2boW+JjtsZR3o2IbKQ==",
       "node_type": "script",
       "referrerpolicy": "no-referrer",
       "type": "text/javascript"
diff --git a/selfservice/strategy/webauthn/.snapshots/TestRegistration-case=webauthn_button_exists-browser.json b/selfservice/strategy/webauthn/.snapshots/TestRegistration-case=webauthn_button_exists-browser.json
index f2f9e1cffe0d..d4b63e98f0e7 100644
--- a/selfservice/strategy/webauthn/.snapshots/TestRegistration-case=webauthn_button_exists-browser.json
+++ b/selfservice/strategy/webauthn/.snapshots/TestRegistration-case=webauthn_button_exists-browser.json
@@ -94,7 +94,7 @@
       "async": true,
       "crossorigin": "anonymous",
       "id": "webauthn_script",
-      "integrity": "sha512-E3ctShTQEYTkfWrjztRCbP77lN7L0jJC2IOd6j8vqUKslvqhX/Ho3QxlQJIeTI78krzAWUQlDXd9JQ0PZlKhzQ==",
+      "integrity": "sha512-6d2k8XpeAYNDz5RfwurtCutxAc9R76e1RPFQdtz6gggMOBeVzh4af2UdH3cM8YCrfa2w2boW+JjtsZR3o2IbKQ==",
       "node_type": "script",
       "referrerpolicy": "no-referrer",
       "type": "text/javascript"
diff --git a/selfservice/strategy/webauthn/.snapshots/TestRegistration-case=webauthn_button_exists-spa.json b/selfservice/strategy/webauthn/.snapshots/TestRegistration-case=webauthn_button_exists-spa.json
index f2f9e1cffe0d..d4b63e98f0e7 100644
--- a/selfservice/strategy/webauthn/.snapshots/TestRegistration-case=webauthn_button_exists-spa.json
+++ b/selfservice/strategy/webauthn/.snapshots/TestRegistration-case=webauthn_button_exists-spa.json
@@ -94,7 +94,7 @@
       "async": true,
       "crossorigin": "anonymous",
       "id": "webauthn_script",
-      "integrity": "sha512-E3ctShTQEYTkfWrjztRCbP77lN7L0jJC2IOd6j8vqUKslvqhX/Ho3QxlQJIeTI78krzAWUQlDXd9JQ0PZlKhzQ==",
+      "integrity": "sha512-6d2k8XpeAYNDz5RfwurtCutxAc9R76e1RPFQdtz6gggMOBeVzh4af2UdH3cM8YCrfa2w2boW+JjtsZR3o2IbKQ==",
       "node_type": "script",
       "referrerpolicy": "no-referrer",
       "type": "text/javascript"

From 7299c86eacb32b80a71e4c08eda5a37d84788cb4 Mon Sep 17 00:00:00 2001
From: ory-bot <60093411+ory-bot@users.noreply.github.com>
Date: Tue, 8 Nov 2022 19:09:44 +0000
Subject: [PATCH 351/411] autogen(docs): regenerate and update changelog

[skip ci]
---
 CHANGELOG.md | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index c80b0254184c..ef78d67668ae 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -697,6 +697,9 @@ SDK Method `getJsonSchema` was renamed to `getIdentitySchema`.
   `courier.message_retries` option to limit how often the sending of a message
   is retried before it is marked as `abandoned`.
 
+- Standardize license headers
+  ([#2790](https://github.com/ory/kratos/issues/2790))
+  ([8406eaf](https://github.com/ory/kratos/commit/8406eaf92006d9812108bd3ae57245f01e627bfc))
 - Support ip exceptions
   ([de46c08](https://github.com/ory/kratos/commit/de46c08534dfae6165f6a570cc59829f367c0b57))
 - Update for the Ory Network
@@ -737,6 +740,8 @@ SDK Method `getJsonSchema` was renamed to `getIdentitySchema`.
   ([934c30d](https://github.com/ory/kratos/commit/934c30d6064d1e7dfc59f4eef43d096e977c113e))
 - Try and recover from allocated port error
   ([3b5ac5f](https://github.com/ory/kratos/commit/3b5ac5ff03b653191c1979fe1e4e9a4ea3ed7d36))
+- Update snapshots ([#2877](https://github.com/ory/kratos/issues/2877))
+  ([cbaaceb](https://github.com/ory/kratos/commit/cbaaceb9ef73a91e1b4ce5e4f7b9d7bac04d4c03))
 
 ### Unclassified
 

From e446c5a53dbe9963e8047a3e9ca443fa6a7e64eb Mon Sep 17 00:00:00 2001
From: hackerman <3372410+aeneasr@users.noreply.github.com>
Date: Wed, 9 Nov 2022 09:27:25 +0100
Subject: [PATCH 352/411] fix: codecov (#2879)

---
 codecov.yml | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/codecov.yml b/codecov.yml
index 6cff703b7547..920fd382283f 100644
--- a/codecov.yml
+++ b/codecov.yml
@@ -2,7 +2,10 @@ coverage:
   status:
     project:
       default:
-        threshold: 1%
+        target: 70%
+        threshold: 5%
+        only_pulls: true
+        base: auto
 ignore:
   - "test"
   - "internal"

From 6bf5d93eb9fe293bfd3a1015de2edb7d698a890a Mon Sep 17 00:00:00 2001
From: ory-bot <60093411+ory-bot@users.noreply.github.com>
Date: Wed, 9 Nov 2022 09:30:28 +0000
Subject: [PATCH 353/411] autogen(docs): regenerate and update changelog

[skip ci]
---
 CHANGELOG.md | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index ef78d67668ae..6c2699053e56 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -5,7 +5,7 @@
 
 **Table of Contents**
 
-- [ (2022-11-08)](#2022-11-08)
+- [ (2022-11-09)](#2022-11-09)
   - [Breaking Changes](#breaking-changes)
     - [Bug Fixes](#bug-fixes)
     - [Code Refactoring](#code-refactoring)
@@ -280,7 +280,7 @@
 
 
 
-# [](https://github.com/ory/kratos/compare/v0.10.1...v) (2022-11-08)
+# [](https://github.com/ory/kratos/compare/v0.10.1...v) (2022-11-09)
 
 ## Breaking Changes
 
@@ -331,6 +331,8 @@ SDK Method `getJsonSchema` was renamed to `getIdentitySchema`.
   ([3f490a3](https://github.com/ory/kratos/commit/3f490a31cddc53ce5d9958454f41c352580904c9))
 - **cli:** Dry up code ([#2572](https://github.com/ory/kratos/issues/2572))
   ([d1b6b40](https://github.com/ory/kratos/commit/d1b6b40aa9dcc7a3ec9237eec28c4fa55f0b8627))
+- Codecov ([#2879](https://github.com/ory/kratos/issues/2879))
+  ([e446c5a](https://github.com/ory/kratos/commit/e446c5a53dbe9963e8047a3e9ca443fa6a7e64eb))
 - Correct name of span on recovery code deletion
   ([#2823](https://github.com/ory/kratos/issues/2823))
   ([44f775f](https://github.com/ory/kratos/commit/44f775f45d47eff63379d77a2339b824a6ede235))

From b1ff2208fbd206fddf9ee83ebc7ad557e19dcbbc Mon Sep 17 00:00:00 2001
From: Arne 
Date: Thu, 10 Nov 2022 12:17:26 +0100
Subject: [PATCH 354/411] chore: bump ory/x (#2882)

---
 go.mod | 2 +-
 go.sum | 6 ++----
 2 files changed, 3 insertions(+), 5 deletions(-)

diff --git a/go.mod b/go.mod
index 8b7561b4c6ef..ed09ccc2166c 100644
--- a/go.mod
+++ b/go.mod
@@ -77,7 +77,7 @@ require (
 	github.com/ory/kratos-client-go v0.6.3-alpha.1
 	github.com/ory/mail/v3 v3.0.0
 	github.com/ory/nosurf v1.2.7
-	github.com/ory/x v0.0.511-0.20221108105728-3fed9bc99daf
+	github.com/ory/x v0.0.513
 	github.com/phayes/freeport v0.0.0-20180830031419-95f893ade6f2
 	github.com/pkg/errors v0.9.1
 	github.com/pquerna/otp v1.3.0
diff --git a/go.sum b/go.sum
index d5f6d28729c9..e44f8edc9a22 100644
--- a/go.sum
+++ b/go.sum
@@ -1139,10 +1139,8 @@ github.com/ory/sessions v1.2.2-0.20220110165800-b09c17334dc2 h1:zm6sDvHy/U9XrGpi
 github.com/ory/sessions v1.2.2-0.20220110165800-b09c17334dc2/go.mod h1:dk2InVEVJ0sfLlnXv9EAgkf6ecYs/i80K/zI+bUmuGM=
 github.com/ory/viper v1.7.5 h1:+xVdq7SU3e1vNaCsk/ixsfxE4zylk1TJUiJrY647jUE=
 github.com/ory/viper v1.7.5/go.mod h1:ypOuyJmEUb3oENywQZRgeAMwqgOyDqwboO1tj3DjTaM=
-github.com/ory/x v0.0.510 h1:DksQNoq7ssdR76mhcNxzaGPKmzaQEKWg2kannGsD8+w=
-github.com/ory/x v0.0.510/go.mod h1:xUtRpoiRARyJNPVk/fcCNKzyp25Foxt9GPlj8pd7egY=
-github.com/ory/x v0.0.511-0.20221108105728-3fed9bc99daf h1:sPEIGYHzmEu4tPiRUYgKfXPOAqneNuB1aaKvrT6aBXE=
-github.com/ory/x v0.0.511-0.20221108105728-3fed9bc99daf/go.mod h1:xUtRpoiRARyJNPVk/fcCNKzyp25Foxt9GPlj8pd7egY=
+github.com/ory/x v0.0.513 h1:45AruNHDwqhTvNtMnQy2/wYooMv+raVhuOP454mV/Os=
+github.com/ory/x v0.0.513/go.mod h1:xUtRpoiRARyJNPVk/fcCNKzyp25Foxt9GPlj8pd7egY=
 github.com/otiai10/copy v1.2.0/go.mod h1:rrF5dJ5F0t/EWSYODDu4j9/vEeYHMkc8jt0zJChqQWw=
 github.com/otiai10/curr v0.0.0-20150429015615-9b4961190c95/go.mod h1:9qAhocn7zKJG+0mI8eUu6xqkFDYS2kb2saOteoSB3cE=
 github.com/otiai10/curr v1.0.0/go.mod h1:LskTG5wDwr8Rs+nNQ+1LlxRjAtTZZjtJW4rMXl6j4vs=

From bc2dfd300c6e5bd4604e5a2730d3389ce001ba6d Mon Sep 17 00:00:00 2001
From: ory-bot <60093411+ory-bot@users.noreply.github.com>
Date: Thu, 10 Nov 2022 14:26:36 +0000
Subject: [PATCH 355/411] autogen(docs): regenerate and update changelog

[skip ci]
---
 CHANGELOG.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 6c2699053e56..04a0dce48057 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -5,7 +5,7 @@
 
 **Table of Contents**
 
-- [ (2022-11-09)](#2022-11-09)
+- [ (2022-11-10)](#2022-11-10)
   - [Breaking Changes](#breaking-changes)
     - [Bug Fixes](#bug-fixes)
     - [Code Refactoring](#code-refactoring)
@@ -280,7 +280,7 @@
 
 
 
-# [](https://github.com/ory/kratos/compare/v0.10.1...v) (2022-11-09)
+# [](https://github.com/ory/kratos/compare/v0.10.1...v) (2022-11-10)
 
 ## Breaking Changes
 

From e314968bf649ac7d4a8293298427dbb9ebf0437c Mon Sep 17 00:00:00 2001
From: Kevin Goslar 
Date: Thu, 10 Nov 2022 14:41:37 -0600
Subject: [PATCH 356/411] chore: consolidate .gitignore files (#2881)

---
 .gitignore                                    | 38 ++++++++++++++++++-
 internal/httpclient/.gitignore                | 24 ------------
 persistence/sql/migrations/sql/.gitignore     |  1 -
 test/e2e/.gitignore                           |  4 --
 .../e2e/hydra-kratos-login-consent/.gitignore |  1 -
 test/e2e/hydra-login-consent/.gitignore       |  1 -
 6 files changed, 37 insertions(+), 32 deletions(-)
 delete mode 100644 internal/httpclient/.gitignore
 delete mode 100644 persistence/sql/migrations/sql/.gitignore
 delete mode 100644 test/e2e/.gitignore
 delete mode 100644 test/e2e/hydra-kratos-login-consent/.gitignore
 delete mode 100644 test/e2e/hydra-login-consent/.gitignore

diff --git a/.gitignore b/.gitignore
index cf9e7a7e0c5b..21e3c996590a 100644
--- a/.gitignore
+++ b/.gitignore
@@ -18,4 +18,40 @@ heap_profiler/
 goroutine_dump/
 inflight_trace_dump/
 
-.vscode
\ No newline at end of file
+.vscode
+
+e2e/*.log
+e2e/kratos.*.yml
+e2e/proxy.json
+e2e/cypress/downloads
+
+# Compiled Object files, Static and Dynamic libs (Shared Objects)
+internal/httpclient/*.o
+internal/httpclient/*.a
+internal/httpclient/*.so
+
+# Folders
+internal/httpclient/_obj
+internal/httpclient/_test
+
+# Architecture specific extensions/prefixes
+internal/httpclient/*.[568vq]
+internal/httpclient/[568vq].out
+
+internal/httpclient/*.cgo1.go
+internal/httpclient/*.cgo2.c
+internal/httpclient/_cgo_defun.c
+internal/httpclient/_cgo_gotypes.go
+internal/httpclient/_cgo_export.*
+
+internal/httpclient/_testmain.go
+
+internal/httpclient/*.exe
+internal/httpclient/*.test
+internal/httpclient/*.prof
+
+test/e2e/hydra-login-consent/hydra-login-consent
+
+persistence/sql/migrations/sql/schema.sql
+
+test/e2e/hydra-kratos-login-consent/hydra-kratos-login-consent
diff --git a/internal/httpclient/.gitignore b/internal/httpclient/.gitignore
deleted file mode 100644
index daf913b1b347..000000000000
--- a/internal/httpclient/.gitignore
+++ /dev/null
@@ -1,24 +0,0 @@
-# Compiled Object files, Static and Dynamic libs (Shared Objects)
-*.o
-*.a
-*.so
-
-# Folders
-_obj
-_test
-
-# Architecture specific extensions/prefixes
-*.[568vq]
-[568vq].out
-
-*.cgo1.go
-*.cgo2.c
-_cgo_defun.c
-_cgo_gotypes.go
-_cgo_export.*
-
-_testmain.go
-
-*.exe
-*.test
-*.prof
diff --git a/persistence/sql/migrations/sql/.gitignore b/persistence/sql/migrations/sql/.gitignore
deleted file mode 100644
index 7c3fae710f01..000000000000
--- a/persistence/sql/migrations/sql/.gitignore
+++ /dev/null
@@ -1 +0,0 @@
-schema.sql
diff --git a/test/e2e/.gitignore b/test/e2e/.gitignore
deleted file mode 100644
index 3e945f3243ca..000000000000
--- a/test/e2e/.gitignore
+++ /dev/null
@@ -1,4 +0,0 @@
-*.log
-kratos.*.yml
-proxy.json
-cypress/downloads
diff --git a/test/e2e/hydra-kratos-login-consent/.gitignore b/test/e2e/hydra-kratos-login-consent/.gitignore
deleted file mode 100644
index 5176eab7c305..000000000000
--- a/test/e2e/hydra-kratos-login-consent/.gitignore
+++ /dev/null
@@ -1 +0,0 @@
-hydra-kratos-login-consent
diff --git a/test/e2e/hydra-login-consent/.gitignore b/test/e2e/hydra-login-consent/.gitignore
deleted file mode 100644
index e9855d6c13ca..000000000000
--- a/test/e2e/hydra-login-consent/.gitignore
+++ /dev/null
@@ -1 +0,0 @@
-hydra-login-consent

From 30262cbe14a7df7303d51fc70fac9f6110aaa540 Mon Sep 17 00:00:00 2001
From: Kevin Goslar 
Date: Thu, 10 Nov 2022 14:42:35 -0600
Subject: [PATCH 357/411] chore: list contributors in file (#2878)

---
 .mailmap |  13 ++++
 AUTHORS  | 198 +++++++++++++++++++++++++++++++++++++++++++++++++++++++
 Makefile |   3 +
 3 files changed, 214 insertions(+)
 create mode 100644 .mailmap
 create mode 100644 AUTHORS

diff --git a/.mailmap b/.mailmap
new file mode 100644
index 000000000000..5c231ee9ad07
--- /dev/null
+++ b/.mailmap
@@ -0,0 +1,13 @@
+Aeneas Rekkas  
+Aeneas Rekkas  <3372410+aeneasr@users.noreply.github.com>
+Aeneas Rekkas  
+Aeneas Rekkas  
+Ajay Kelkar  
+Alano Terblanche  <18033717+Benehiko@users.noreply.github.com>
+Alano Terblanche  
+Jonas Hungershausen  
+Matt Bonnell  <64976795+mbonnell-wish@users.noreply.github.com>
+Nick Ufer  
+Nick Ufer  
+Patrik Neu  
+Patrik Neu  
diff --git a/AUTHORS b/AUTHORS
new file mode 100644
index 000000000000..704329d3c740
--- /dev/null
+++ b/AUTHORS
@@ -0,0 +1,198 @@
+# This is the official list of Kratos authors.
+# If you don't want to be on this list, please contact Ory.
+
+Adam Schepis 
+Addison Snelling 
+adrian5 
+Aeneas Rekkas 
+aenoralanar <38026322+aenoralanar@users.noreply.github.com>
+Aidan Holland 
+Ajay Kelkar 
+Alano Terblanche 
+Alexander Probst 
+Alexandre Burgoni 
+Alexandre Gagneux <46828169+alexGNX@users.noreply.github.com>
+Alexey Reshetnik 
+Andreas 
+Andreas Bucksteeg 
+Andrew Banchich <13824577+andrewbanchich@users.noreply.github.com>
+Andrew Minkin 
+Andrew Tan 
+Andrey 
+Andy Steele 
+angryPopcorn 
+Anirudh Oppiliappan 
+Antoine Beyet 
+Anuar Ustayev 
+Arne 
+Arne 
+aspeteRakete 
+Atreya <44151328+atreya2011@users.noreply.github.com>
+AVA Monitoring <56961522+avamonitoring@users.noreply.github.com>
+Avinash Dwarapu 
+b3j0f 
+Bengt Hagemeister <30391176+BengtHagemeister@users.noreply.github.com>
+Bengt Hagemeister 
+Benjamin Freeman 
+BIKI DAS 
+Bill Monkman 
+Bipin Paul Bedi 
+Brahm Lower 
+Brahm Lower 
+BrentChesny 
+CaptainStandby <18215579+CaptainStandby@users.noreply.github.com>
+Carlos Chida 
+chlasch <72044019+chlasch@users.noreply.github.com>
+cwei-wish 
+Cλctysman 
+Daniel Hobbs 
+David ALEXANDRE <9482408+david972@users.noreply.github.com>
+David Cheung 
+David Laban 
+David Laban 
+David San 
+David van der Sluijs 
+debrutal 
+Dejan Filipovic 
+Dejan Filipovic 
+Denis Palnitsky 
+Dibyajyoti Behera 
+Dimitrij Drus 
+Dimitrij Drus 
+Eifoen <35534229+Eifoen@users.noreply.github.com>
+emrah 
+emtammaru 
+Eric B 
+ernax78 <65963237+ernax78@users.noreply.github.com>
+Erol Keskin 
+Erol Keskin 
+Fabian Meyer <3982806+meyfa@users.noreply.github.com>
+Felix Beuke 
+Ferdi 
+Florian Kramer 
+Florian Nagel 
+Florian Wiech 
+frederikhors <41120635+frederikhors@users.noreply.github.com>
+Gajewski Dmitriy 
+Geoff Lawler 
+Giacomo Mazzamuto 
+Gibheer 
+goughjo02 
+Grant Zvolský 
+Harsimran Singh Maan 
+Henning Perl 
+Jacob Lehr 
+Jakob Høgenes <1014990+jakhog@users.noreply.github.com>
+Jakob Sinclair 
+Jakub Błaszczyk 
+James D. Nurmi 
+James D. Nurmi 
+Jason Ertel 
+JeffreyThijs 
+Jelle Besseling 
+Jhonatan Hulse 
+JiggyDown <84430646+JiggyDown@users.noreply.github.com>
+jingkai 
+jld3103 
+Joe Krill 
+Johan Forssell 
+John Binstead <67282336+Bin-fluence@users.noreply.github.com>
+John 
+Jonas Hungershausen 
+Jonathon Sheffield 
+Jordan 
+Jordan May 
+Juri <1773075+2mol@users.noreply.github.com>
+Kevin Goslar 
+Kim Neunert 
+Klaus Herrmann <106238709+kmherrmann@users.noreply.github.com>
+koenmtb1 
+Koen van Marrewijk 
+kszafran 
+Kun Chong 
+Landon Pattison <67596936+LandonPattison@users.noreply.github.com>
+Lan Phan 
+Li Ming 
+Lorenzo Baldassarri 
+Łukasz Harasimowicz 
+Łukasz Szcześniak 
+Márk Bartos 
+Mart Aarma 
+Martin Eigenbrodt 
+Martin Eigenbrodt 
+Martin 
+Mathias Polligkeit <13847569+woylie@users.noreply.github.com>
+Matt Bonnell 
+Matthieu Jacquot 
+Matúš Múčka 
+Maurice Freitag 
+Mike Milano 
+Mike 
+Mikołaj Meller <52668809+mmeller-wikia@users.noreply.github.com>
+Miłosz <12242002+mszekiel@users.noreply.github.com>
+MiniDigger | Martin 
+Mitar 
+Mitsuo Heijo <25817501+johejo@users.noreply.github.com>
+Nanik 
+Natanael Oliva 
+Neil Rutherford <374275+nrutherford@users.noreply.github.com>
+Nichlas Lendal <62498670+pr1ze@users.noreply.github.com>
+Nicholas Bush 
+Nick Campbell 
+Nick Malcev <41836660+nmlc@users.noreply.github.com>
+Nick Ufer 
+Nikita Puzankov 
+nipsufn <17983323+nipsufn@users.noreply.github.com>
+Ole Petersen <56505957+peteole@users.noreply.github.com>
+oliverpool <3864879+oliverpool@users.noreply.github.com>
+Omar A. Hachach 
+Patrik Neu 
+Paweł Hemperek 
+Piotr Mścichowski 
+Przemysław Czaus 
+Quentin Gliech 
+qvamatel 
+Radek Gruchalski 
+RamiBerm <54766858+RamiBerm@users.noreply.github.com>
+Rauno Viskus 
+reshetnik-alexey 
+Rodrigo Queiro 
+rvo 
+sawadashota 
+sawadashota 
+Seb 
+seremenko-wish <60801091+seremenko-wish@users.noreply.github.com>
+Sergey Plaunov 
+sherbang 
+shivam <86538330+shivam-909@users.noreply.github.com>
+Simon Lipp 
+Simon-Pierre Gingras <892367+spg@users.noreply.github.com>
+Steffen Heidel 
+TannerGabriel <40315960+TannerGabriel@users.noreply.github.com>
+Theodor Brandt 
+theotherian 
+Thomas Aidan Curran <2030403+tacurran@users.noreply.github.com>
+Thomas Guillet 
+Thomas Ruiz 
+Tomasz Tomalak <12939493+t-tomalak@users.noreply.github.com>
+Tom Fenech 
+Toon van Strijp 
+Tsirkin Evgeny 
+ttimonen 
+Tyler Battle 
+VeenaInd <104088519+VeenaInd@users.noreply.github.com>
+Victor Duarte 
+Vincent 
+vinckr 
+Viz 
+WeiQi <17816875364@163.com>
+wezzle 
+Yagiz Nizipli 
+yon <38630464+yonbh@users.noreply.github.com>
+Yorick Holkamp 
+you1996 <45292366+you1996@users.noreply.github.com>
+Yuvraj <10830562+evalsocket@users.noreply.github.com>
+Zageron 
+Zhiming Guo 
+znerol 
+好风 
diff --git a/Makefile b/Makefile
index fb95ee29c96c..eec7fcabf0ff 100644
--- a/Makefile
+++ b/Makefile
@@ -129,6 +129,9 @@ quickstart-dev:
 	docker build -f .docker/Dockerfile-build -t oryd/kratos:latest .
 	docker-compose -f quickstart.yml -f quickstart-standalone.yml -f quickstart-latest.yml $(QUICKSTART_OPTIONS) up --build --force-recreate
 
+authors:  # updates the AUTHORS file
+	curl https://raw.githubusercontent.com/ory/ci/master/authors/authors.sh | env PRODUCT="Ory Kratos" bash
+
 # Formats the code
 .PHONY: format
 format: .bin/goimports .bin/ory node_modules

From a9f6b7f6addfa3001c4cb9b2753c0ca355c2cce5 Mon Sep 17 00:00:00 2001
From: ory-bot <60093411+ory-bot@users.noreply.github.com>
Date: Thu, 10 Nov 2022 20:45:11 +0000
Subject: [PATCH 358/411] autogen(openapi): regenerate swagger spec and
 internal client

[skip ci]
---
 internal/httpclient/.gitignore | 24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)
 create mode 100644 internal/httpclient/.gitignore

diff --git a/internal/httpclient/.gitignore b/internal/httpclient/.gitignore
new file mode 100644
index 000000000000..daf913b1b347
--- /dev/null
+++ b/internal/httpclient/.gitignore
@@ -0,0 +1,24 @@
+# Compiled Object files, Static and Dynamic libs (Shared Objects)
+*.o
+*.a
+*.so
+
+# Folders
+_obj
+_test
+
+# Architecture specific extensions/prefixes
+*.[568vq]
+[568vq].out
+
+*.cgo1.go
+*.cgo2.c
+_cgo_defun.c
+_cgo_gotypes.go
+_cgo_export.*
+
+_testmain.go
+
+*.exe
+*.test
+*.prof

From e9aa21f02b4bb7b09e268197334beb9c5772d13d Mon Sep 17 00:00:00 2001
From: aeneasr <3372410+aeneasr@users.noreply.github.com>
Date: Tue, 8 Nov 2022 17:34:48 +0100
Subject: [PATCH 359/411] refactor: make embedding easier with internal sdk

---
 Makefile                                      |   19 +-
 cmd/cliclient/client.go                       |   20 +-
 cmd/identities/definitions.go                 |    2 +-
 cmd/identities/get.go                         |    2 +-
 cmd/identities/import.go                      |    2 +-
 cmd/identities/import_test.go                 |    2 +-
 examples/go/identity/create/main.go           |    2 +-
 examples/go/identity/get/main.go              |    2 +-
 examples/go/identity/update/main.go           |    2 +-
 examples/go/pkg/common.go                     |    2 +-
 examples/go/pkg/resources.go                  |    2 +-
 examples/go/selfservice/error/main.go         |    2 +-
 examples/go/selfservice/login/main.go         |    2 +-
 examples/go/selfservice/logout/main.go        |    2 +-
 examples/go/selfservice/recovery/main.go      |    2 +-
 examples/go/selfservice/recovery/main_test.go |   14 +-
 examples/go/selfservice/registration/main.go  |    2 +-
 examples/go/selfservice/settings/main.go      |    2 +-
 examples/go/selfservice/settings/main_test.go |    6 +-
 examples/go/selfservice/verification/main.go  |    2 +-
 .../go/selfservice/verification/main_test.go  |   14 +-
 examples/go/session/tosession/main.go         |    2 +-
 go.mod                                        |   12 +-
 go.sum                                        |    8 +-
 hydra/fake.go                                 |    6 +-
 hydra/hydra.go                                |   14 +-
 internal/client-go/.gitignore                 |   24 +
 internal/client-go/.openapi-generator-ignore  |   23 +
 internal/client-go/.openapi-generator/FILES   |  210 +
 internal/client-go/.openapi-generator/VERSION |    1 +
 internal/client-go/.travis.yml                |    8 +
 internal/client-go/README.md                  |  268 +
 internal/client-go/api/openapi.yaml           | 7074 ++++++++++++++
 internal/client-go/api_metadata.go            |  439 +
 internal/client-go/api_v0alpha2.go            | 8361 +++++++++++++++++
 internal/client-go/client.go                  |  547 ++
 internal/client-go/configuration.go           |  233 +
 .../client-go/docs/AdminCreateIdentityBody.md |  248 +
 ...dminCreateIdentityImportCredentialsOidc.md |   56 +
 ...eateIdentityImportCredentialsOidcConfig.md |   82 +
 ...teIdentityImportCredentialsOidcProvider.md |   72 +
 ...CreateIdentityImportCredentialsPassword.md |   56 +
 ...IdentityImportCredentialsPasswordConfig.md |   82 +
 .../AdminCreateSelfServiceRecoveryCodeBody.md |   77 +
 .../AdminCreateSelfServiceRecoveryLinkBody.md |   77 +
 .../docs/AdminIdentityImportCredentials.md    |   82 +
 .../client-go/docs/AdminUpdateIdentityBody.md |  191 +
 .../docs/AuthenticatorAssuranceLevel.md       |   17 +
 .../client-go/docs/CourierMessageStatus.md    |   17 +
 internal/client-go/docs/CourierMessageType.md |   13 +
 ...AuthenticatorAssuranceLevelNotSatisfied.md |  259 +
 internal/client-go/docs/GenericError.md       |  233 +
 .../docs/GetVersion200Response.md}            |   20 +-
 .../client-go/docs/HealthNotReadyStatus.md    |   56 +
 internal/client-go/docs/HealthStatus.md       |   56 +
 internal/client-go/docs/Identity.md           |  378 +
 .../client-go/docs/IdentityCredentials.md     |  186 +
 .../client-go/docs/IdentityCredentialsOidc.md |   56 +
 .../docs/IdentityCredentialsOidcProvider.md   |  160 +
 .../docs/IdentityCredentialsPassword.md       |   56 +
 .../client-go/docs/IdentityCredentialsType.md |   19 +
 .../client-go/docs/IdentitySchemaContainer.md |   82 +
 internal/client-go/docs/IdentityState.md      |   13 +
 .../docs/IsAlive200Response.md}               |   20 +-
 .../docs/IsReady503Response.md}               |   20 +-
 internal/client-go/docs/JsonError.md          |   51 +
 internal/client-go/docs/JsonPatch.md          |  134 +
 internal/client-go/docs/LoginRequest.md       |  264 +
 internal/client-go/docs/Message.md            |  290 +
 internal/client-go/docs/MetadataApi.md        |  194 +
 .../docs/NeedsPrivilegedSessionError.md       |  254 +
 internal/client-go/docs/OAuth2Client.md       |  940 ++
 .../client-go/docs/OpenIDConnectContext.md    |  160 +
 internal/client-go/docs/Pagination.md         |   82 +
 .../client-go/docs/RecoveryIdentityAddress.md |  145 +
 internal/client-go/docs/RevokedSessions.md    |   56 +
 ...rviceBrowserLocationChangeRequiredError.md |  259 +
 internal/client-go/docs/SelfServiceError.md   |  129 +
 .../docs/SelfServiceFlowExpiredError.md       |  311 +
 .../client-go/docs/SelfServiceLoginFlow.md    |  374 +
 .../client-go/docs/SelfServiceLogoutUrl.md    |   72 +
 .../client-go/docs/SelfServiceRecoveryCode.md |   98 +
 .../client-go/docs/SelfServiceRecoveryFlow.md |  229 +
 .../docs/SelfServiceRecoveryFlowState.md      |   15 +
 .../client-go/docs/SelfServiceRecoveryLink.md |   77 +
 .../docs/SelfServiceRegistrationFlow.md       |  270 +
 .../client-go/docs/SelfServiceSettingsFlow.md |  250 +
 .../docs/SelfServiceSettingsFlowState.md      |   13 +
 .../docs/SelfServiceVerificationFlow.md       |  244 +
 .../docs/SelfServiceVerificationFlowState.md  |   15 +
 internal/client-go/docs/Session.md            |  254 +
 .../docs/SessionAuthenticationMethod.md       |  108 +
 internal/client-go/docs/SessionDevice.md      |  129 +
 .../docs/SettingsProfileFormConfig.md         |  119 +
 ...rviceFlowWithWebAuthnRegistrationMethod.md |   82 +
 .../docs/SubmitSelfServiceLoginFlowBody.md    |  260 +
 ...viceLoginFlowWithLookupSecretMethodBody.md |   98 +
 ...tSelfServiceLoginFlowWithOidcMethodBody.md |  124 +
 ...fServiceLoginFlowWithPasswordMethodBody.md |  145 +
 ...tSelfServiceLoginFlowWithTotpMethodBody.md |   98 +
 ...fServiceLoginFlowWithWebAuthnMethodBody.md |  124 +
 ...SelfServiceLogoutFlowWithoutBrowserBody.md |   51 +
 .../docs/SubmitSelfServiceRecoveryFlowBody.md |  124 +
 ...lfServiceRecoveryFlowWithCodeMethodBody.md |  129 +
 ...lfServiceRecoveryFlowWithLinkMethodBody.md |   98 +
 .../SubmitSelfServiceRegistrationFlowBody.md  |  192 +
 ...rviceRegistrationFlowWithOidcMethodBody.md |  124 +
 ...eRegistrationFlowWithPasswordMethodBody.md |  119 +
 ...eRegistrationFlowWithWebAuthnMethodBody.md |  150 +
 .../docs/SubmitSelfServiceSettingsFlowBody.md |  431 +
 ...ServiceSettingsFlowWithLookupMethodBody.md |  181 +
 ...lfServiceSettingsFlowWithOidcMethodBody.md |  155 +
 ...rviceSettingsFlowWithPasswordMethodBody.md |   98 +
 ...erviceSettingsFlowWithProfileMethodBody.md |   98 +
 ...lfServiceSettingsFlowWithTotpMethodBody.md |  129 +
 ...rviceSettingsFlowWithWebAuthnMethodBody.md |  155 +
 .../SubmitSelfServiceVerificationFlowBody.md  |   98 +
 ...rviceVerificationFlowWithLinkMethodBody.md |   98 +
 ...uccessfulSelfServiceLoginWithoutBrowser.md |   77 +
 ...ulSelfServiceRegistrationWithoutBrowser.md |  103 +
 internal/client-go/docs/TokenPagination.md    |   82 +
 .../client-go/docs/TokenPaginationHeaders.md  |   82 +
 internal/client-go/docs/UiContainer.md        |  119 +
 internal/client-go/docs/UiNode.md             |  135 +
 .../client-go/docs/UiNodeAnchorAttributes.md  |  114 +
 internal/client-go/docs/UiNodeAttributes.md   |  532 ++
 .../client-go/docs/UiNodeImageAttributes.md   |  135 +
 .../client-go/docs/UiNodeInputAttributes.md   |  280 +
 internal/client-go/docs/UiNodeMeta.md         |   56 +
 .../client-go/docs/UiNodeScriptAttributes.md  |  219 +
 .../client-go/docs/UiNodeTextAttributes.md    |   93 +
 internal/client-go/docs/UiText.md             |  119 +
 internal/client-go/docs/V0alpha2Api.md        | 3131 ++++++
 .../docs/VerifiableIdentityAddress.md         |  218 +
 internal/client-go/docs/Version.md            |   56 +
 internal/client-go/git_push.sh                |   58 +
 internal/client-go/go.mod                     |    5 +
 internal/{httpclient => client-go}/go.sum     |    0
 .../model_admin_create_identity_body.go       |  363 +
 ...create_identity_import_credentials_oidc.go |  117 +
 ...identity_import_credentials_oidc_config.go |  154 +
 ...entity_import_credentials_oidc_provider.go |  141 +
 ...te_identity_import_credentials_password.go |  117 +
 ...tity_import_credentials_password_config.go |  155 +
 ..._create_self_service_recovery_code_body.go |  148 +
 ..._create_self_service_recovery_link_body.go |  148 +
 ...model_admin_identity_import_credentials.go |  153 +
 .../model_admin_update_identity_body.go       |  282 +
 .../model_authenticator_assurance_level.go    |   89 +
 .../client-go/model_courier_message_status.go |   89 +
 .../client-go/model_courier_message_type.go   |   87 +
 ...enticator_assurance_level_not_satisfied.go |  406 +
 internal/client-go/model_generic_error.go     |  370 +
 .../model_get_version_200_response.go         |  111 +
 .../model_health_not_ready_status.go          |  118 +
 internal/client-go/model_health_status.go     |  118 +
 internal/client-go/model_identity.go          |  537 ++
 .../client-go/model_identity_credentials.go   |  302 +
 .../model_identity_credentials_oidc.go        |  117 +
 ...odel_identity_credentials_oidc_provider.go |  261 +
 .../model_identity_credentials_password.go    |  118 +
 .../model_identity_credentials_type.go        |   90 +
 .../model_identity_schema_container.go        |  155 +
 internal/client-go/model_identity_state.go    |   87 +
 .../client-go/model_is_alive_200_response.go  |  111 +
 .../client-go/model_is_ready_503_response.go  |  111 +
 internal/client-go/model_json_error.go        |  110 +
 internal/client-go/model_json_patch.go        |  216 +
 internal/client-go/model_login_request.go     |  410 +
 internal/client-go/model_message.go           |  444 +
 .../model_needs_privileged_session_error.go   |  400 +
 internal/client-go/model_o_auth2_client.go    | 1367 +++
 .../model_open_id_connect_context.go          |  266 +
 internal/client-go/model_pagination.go        |  163 +
 .../model_recovery_identity_address.go        |  243 +
 internal/client-go/model_revoked_sessions.go  |  118 +
 ..._browser_location_change_required_error.go |  407 +
 .../client-go/model_self_service_error.go     |  222 +
 .../model_self_service_flow_expired_error.go  |  482 +
 .../model_self_service_login_flow.go          |  564 ++
 .../model_self_service_logout_url.go          |  141 +
 .../model_self_service_recovery_code.go       |  179 +
 .../model_self_service_recovery_flow.go       |  364 +
 .../model_self_service_recovery_flow_state.go |   88 +
 .../model_self_service_recovery_link.go       |  149 +
 .../model_self_service_registration_flow.go   |  417 +
 .../model_self_service_settings_flow.go       |  393 +
 .../model_self_service_settings_flow_state.go |   87 +
 .../model_self_service_verification_flow.go   |  385 +
 ...el_self_service_verification_flow_state.go |   88 +
 internal/client-go/model_session.go           |  399 +
 .../model_session_authentication_method.go    |  191 +
 internal/client-go/model_session_device.go    |  222 +
 .../model_settings_profile_form_config.go     |  206 +
 ...flow_with_web_authn_registration_method.go |  155 +
 ...del_submit_self_service_login_flow_body.go |  239 +
 ...gin_flow_with_lookup_secret_method_body.go |  178 +
 ...ervice_login_flow_with_oidc_method_body.go |  215 +
 ...ce_login_flow_with_password_method_body.go |  245 +
 ...ervice_login_flow_with_totp_method_body.go |  178 +
 ...e_login_flow_with_web_authn_method_body.go |  215 +
 ...ervice_logout_flow_without_browser_body.go |  111 +
 ..._submit_self_service_recovery_flow_body.go |  149 +
 ...ice_recovery_flow_with_code_method_body.go |  222 +
 ...ice_recovery_flow_with_link_method_body.go |  178 +
 ...mit_self_service_registration_flow_body.go |  179 +
 ...registration_flow_with_oidc_method_body.go |  215 +
 ...stration_flow_with_password_method_body.go |  208 +
 ...tration_flow_with_web_authn_method_body.go |  252 +
 ..._submit_self_service_settings_flow_body.go |  269 +
 ...e_settings_flow_with_lookup_method_body.go |  296 +
 ...ice_settings_flow_with_oidc_method_body.go |  259 +
 ...settings_flow_with_password_method_body.go |  178 +
 ..._settings_flow_with_profile_method_body.go |  178 +
 ...ice_settings_flow_with_totp_method_body.go |  222 +
 ...ettings_flow_with_web_authn_method_body.go |  259 +
 ...mit_self_service_verification_flow_body.go |  119 +
 ...verification_flow_with_link_method_body.go |  178 +
 ...sful_self_service_login_without_browser.go |  147 +
 ...lf_service_registration_without_browser.go |  183 +
 internal/client-go/model_token_pagination.go  |  163 +
 .../model_token_pagination_headers.go         |  155 +
 internal/client-go/model_ui_container.go      |  206 +
 internal/client-go/model_ui_node.go           |  228 +
 .../model_ui_node_anchor_attributes.go        |  200 +
 .../client-go/model_ui_node_attributes.go     |  239 +
 .../model_ui_node_image_attributes.go         |  231 +
 .../model_ui_node_input_attributes.go         |  423 +
 internal/client-go/model_ui_node_meta.go      |  117 +
 .../model_ui_node_script_attributes.go        |  351 +
 .../model_ui_node_text_attributes.go          |  170 +
 internal/client-go/model_ui_text.go           |  206 +
 .../model_verifiable_identity_address.go      |  349 +
 internal/client-go/model_version.go           |  118 +
 internal/client-go/response.go                |   51 +
 internal/client-go/test/api_metadata_test.go  |   65 +
 internal/client-go/test/api_v0alpha2_test.go  |  589 ++
 internal/client-go/utils.go                   |  332 +
 internal/httpclient-ory/.gitignore            |   24 +
 .../httpclient-ory/.openapi-generator-ignore  |   23 +
 .../httpclient-ory/.openapi-generator/FILES   |  210 +
 .../httpclient-ory/.openapi-generator/VERSION |    1 +
 internal/httpclient-ory/.travis.yml           |    8 +
 internal/httpclient-ory/README.md             |  268 +
 internal/httpclient-ory/api/openapi.yaml      | 7074 ++++++++++++++
 internal/httpclient-ory/api_metadata.go       |  436 +
 internal/httpclient-ory/api_v0alpha2.go       | 8358 ++++++++++++++++
 internal/httpclient-ory/client.go             |  544 ++
 internal/httpclient-ory/configuration.go      |  230 +
 .../docs/AdminCreateIdentityBody.md           |  248 +
 ...dminCreateIdentityImportCredentialsOidc.md |   56 +
 ...eateIdentityImportCredentialsOidcConfig.md |   82 +
 ...teIdentityImportCredentialsOidcProvider.md |   72 +
 ...CreateIdentityImportCredentialsPassword.md |   56 +
 ...IdentityImportCredentialsPasswordConfig.md |   82 +
 .../AdminCreateSelfServiceRecoveryCodeBody.md |   77 +
 .../AdminCreateSelfServiceRecoveryLinkBody.md |   77 +
 .../docs/AdminIdentityImportCredentials.md    |   82 +
 .../docs/AdminUpdateIdentityBody.md           |  191 +
 .../docs/AuthenticatorAssuranceLevel.md       |   17 +
 .../docs/CourierMessageStatus.md              |   17 +
 .../httpclient-ory/docs/CourierMessageType.md |   13 +
 ...AuthenticatorAssuranceLevelNotSatisfied.md |  259 +
 internal/httpclient-ory/docs/GenericError.md  |  233 +
 .../docs/GetVersion200Response.md             |   51 +
 .../docs/HealthNotReadyStatus.md              |   56 +
 internal/httpclient-ory/docs/HealthStatus.md  |   56 +
 internal/httpclient-ory/docs/Identity.md      |  378 +
 .../docs/IdentityCredentials.md               |  186 +
 .../docs/IdentityCredentialsOidc.md           |   56 +
 .../docs/IdentityCredentialsOidcProvider.md   |  160 +
 .../docs/IdentityCredentialsPassword.md       |   56 +
 .../docs/IdentityCredentialsType.md           |   19 +
 .../docs/IdentitySchemaContainer.md           |   82 +
 internal/httpclient-ory/docs/IdentityState.md |   13 +
 .../httpclient-ory/docs/IsAlive200Response.md |   51 +
 .../httpclient-ory/docs/IsReady503Response.md |   51 +
 internal/httpclient-ory/docs/JsonError.md     |   51 +
 internal/httpclient-ory/docs/JsonPatch.md     |  134 +
 internal/httpclient-ory/docs/LoginRequest.md  |  264 +
 internal/httpclient-ory/docs/Message.md       |  290 +
 internal/httpclient-ory/docs/MetadataApi.md   |  194 +
 .../docs/NeedsPrivilegedSessionError.md       |  254 +
 internal/httpclient-ory/docs/OAuth2Client.md  |  940 ++
 .../docs/OpenIDConnectContext.md              |  160 +
 internal/httpclient-ory/docs/Pagination.md    |   82 +
 .../docs/RecoveryIdentityAddress.md           |  145 +
 .../httpclient-ory/docs/RevokedSessions.md    |   56 +
 ...rviceBrowserLocationChangeRequiredError.md |  259 +
 .../httpclient-ory/docs/SelfServiceError.md   |  129 +
 .../docs/SelfServiceFlowExpiredError.md       |  311 +
 .../docs/SelfServiceLoginFlow.md              |  374 +
 .../docs/SelfServiceLogoutUrl.md              |   72 +
 .../docs/SelfServiceRecoveryCode.md           |   98 +
 .../docs/SelfServiceRecoveryFlow.md           |  229 +
 .../docs/SelfServiceRecoveryFlowState.md      |   15 +
 .../docs/SelfServiceRecoveryLink.md           |   77 +
 .../docs/SelfServiceRegistrationFlow.md       |  270 +
 .../docs/SelfServiceSettingsFlow.md           |  250 +
 .../docs/SelfServiceSettingsFlowState.md      |   13 +
 .../docs/SelfServiceVerificationFlow.md       |  244 +
 .../docs/SelfServiceVerificationFlowState.md  |   15 +
 internal/httpclient-ory/docs/Session.md       |  254 +
 .../docs/SessionAuthenticationMethod.md       |  108 +
 internal/httpclient-ory/docs/SessionDevice.md |  129 +
 .../docs/SettingsProfileFormConfig.md         |  119 +
 ...rviceFlowWithWebAuthnRegistrationMethod.md |   82 +
 .../docs/SubmitSelfServiceLoginFlowBody.md    |  260 +
 ...viceLoginFlowWithLookupSecretMethodBody.md |   98 +
 ...tSelfServiceLoginFlowWithOidcMethodBody.md |  124 +
 ...fServiceLoginFlowWithPasswordMethodBody.md |  145 +
 ...tSelfServiceLoginFlowWithTotpMethodBody.md |   98 +
 ...fServiceLoginFlowWithWebAuthnMethodBody.md |  124 +
 ...SelfServiceLogoutFlowWithoutBrowserBody.md |   51 +
 .../docs/SubmitSelfServiceRecoveryFlowBody.md |  124 +
 ...lfServiceRecoveryFlowWithCodeMethodBody.md |  129 +
 ...lfServiceRecoveryFlowWithLinkMethodBody.md |   98 +
 .../SubmitSelfServiceRegistrationFlowBody.md  |  192 +
 ...rviceRegistrationFlowWithOidcMethodBody.md |  124 +
 ...eRegistrationFlowWithPasswordMethodBody.md |  119 +
 ...eRegistrationFlowWithWebAuthnMethodBody.md |  150 +
 .../docs/SubmitSelfServiceSettingsFlowBody.md |  431 +
 ...ServiceSettingsFlowWithLookupMethodBody.md |  181 +
 ...lfServiceSettingsFlowWithOidcMethodBody.md |  155 +
 ...rviceSettingsFlowWithPasswordMethodBody.md |   98 +
 ...erviceSettingsFlowWithProfileMethodBody.md |   98 +
 ...lfServiceSettingsFlowWithTotpMethodBody.md |  129 +
 ...rviceSettingsFlowWithWebAuthnMethodBody.md |  155 +
 .../SubmitSelfServiceVerificationFlowBody.md  |   98 +
 ...rviceVerificationFlowWithLinkMethodBody.md |   98 +
 ...uccessfulSelfServiceLoginWithoutBrowser.md |   77 +
 ...ulSelfServiceRegistrationWithoutBrowser.md |  103 +
 .../httpclient-ory/docs/TokenPagination.md    |   82 +
 .../docs/TokenPaginationHeaders.md            |   82 +
 internal/httpclient-ory/docs/UiContainer.md   |  119 +
 internal/httpclient-ory/docs/UiNode.md        |  135 +
 .../docs/UiNodeAnchorAttributes.md            |  114 +
 .../httpclient-ory/docs/UiNodeAttributes.md   |  532 ++
 .../docs/UiNodeImageAttributes.md             |  135 +
 .../docs/UiNodeInputAttributes.md             |  280 +
 internal/httpclient-ory/docs/UiNodeMeta.md    |   56 +
 .../docs/UiNodeScriptAttributes.md            |  219 +
 .../docs/UiNodeTextAttributes.md              |   93 +
 internal/httpclient-ory/docs/UiText.md        |  119 +
 internal/httpclient-ory/docs/V0alpha2Api.md   | 3131 ++++++
 .../docs/VerifiableIdentityAddress.md         |  218 +
 internal/httpclient-ory/docs/Version.md       |   56 +
 internal/httpclient-ory/git_push.sh           |   58 +
 .../{httpclient => httpclient-ory}/go.mod     |    2 +-
 internal/httpclient-ory/go.sum                |   13 +
 .../model_admin_create_identity_body.go       |  360 +
 ...create_identity_import_credentials_oidc.go |  114 +
 ...identity_import_credentials_oidc_config.go |  151 +
 ...entity_import_credentials_oidc_provider.go |  138 +
 ...te_identity_import_credentials_password.go |  114 +
 ...tity_import_credentials_password_config.go |  152 +
 ..._create_self_service_recovery_code_body.go |  145 +
 ..._create_self_service_recovery_link_body.go |  145 +
 ...model_admin_identity_import_credentials.go |  150 +
 .../model_admin_update_identity_body.go       |  279 +
 .../model_authenticator_assurance_level.go    |   86 +
 .../model_courier_message_status.go           |   86 +
 .../model_courier_message_type.go             |   84 +
 ...enticator_assurance_level_not_satisfied.go |  403 +
 .../httpclient-ory/model_generic_error.go     |  367 +
 .../model_get_version_200_response.go}        |   46 +-
 .../model_health_not_ready_status.go          |  115 +
 .../httpclient-ory/model_health_status.go     |  115 +
 internal/httpclient-ory/model_identity.go     |  534 ++
 .../model_identity_credentials.go             |  299 +
 .../model_identity_credentials_oidc.go        |  114 +
 ...odel_identity_credentials_oidc_provider.go |  258 +
 .../model_identity_credentials_password.go    |  115 +
 .../model_identity_credentials_type.go        |   87 +
 .../model_identity_schema_container.go        |  152 +
 .../httpclient-ory/model_identity_state.go    |   84 +
 .../model_is_alive_200_response.go}           |   46 +-
 .../model_is_ready_503_response.go}           |   46 +-
 internal/httpclient-ory/model_json_error.go   |  107 +
 internal/httpclient-ory/model_json_patch.go   |  213 +
 .../httpclient-ory/model_login_request.go     |  407 +
 internal/httpclient-ory/model_message.go      |  441 +
 .../model_needs_privileged_session_error.go   |  397 +
 .../httpclient-ory/model_o_auth2_client.go    | 1364 +++
 .../model_open_id_connect_context.go          |  263 +
 internal/httpclient-ory/model_pagination.go   |  160 +
 .../model_recovery_identity_address.go        |  240 +
 .../httpclient-ory/model_revoked_sessions.go  |  115 +
 ..._browser_location_change_required_error.go |  404 +
 .../model_self_service_error.go               |  219 +
 .../model_self_service_flow_expired_error.go  |  479 +
 .../model_self_service_login_flow.go          |  561 ++
 .../model_self_service_logout_url.go          |  138 +
 .../model_self_service_recovery_code.go       |  176 +
 .../model_self_service_recovery_flow.go       |  361 +
 .../model_self_service_recovery_flow_state.go |   85 +
 .../model_self_service_recovery_link.go       |  146 +
 .../model_self_service_registration_flow.go   |  414 +
 .../model_self_service_settings_flow.go       |  390 +
 .../model_self_service_settings_flow_state.go |   84 +
 .../model_self_service_verification_flow.go   |  382 +
 ...el_self_service_verification_flow_state.go |   85 +
 internal/httpclient-ory/model_session.go      |  396 +
 .../model_session_authentication_method.go    |  188 +
 .../httpclient-ory/model_session_device.go    |  219 +
 .../model_settings_profile_form_config.go     |  203 +
 ...flow_with_web_authn_registration_method.go |  152 +
 ...del_submit_self_service_login_flow_body.go |  236 +
 ...gin_flow_with_lookup_secret_method_body.go |  175 +
 ...ervice_login_flow_with_oidc_method_body.go |  212 +
 ...ce_login_flow_with_password_method_body.go |  242 +
 ...ervice_login_flow_with_totp_method_body.go |  175 +
 ...e_login_flow_with_web_authn_method_body.go |  212 +
 ...ervice_logout_flow_without_browser_body.go |  108 +
 ..._submit_self_service_recovery_flow_body.go |  146 +
 ...ice_recovery_flow_with_code_method_body.go |  219 +
 ...ice_recovery_flow_with_link_method_body.go |  175 +
 ...mit_self_service_registration_flow_body.go |  176 +
 ...registration_flow_with_oidc_method_body.go |  212 +
 ...stration_flow_with_password_method_body.go |  205 +
 ...tration_flow_with_web_authn_method_body.go |  249 +
 ..._submit_self_service_settings_flow_body.go |  266 +
 ...e_settings_flow_with_lookup_method_body.go |  293 +
 ...ice_settings_flow_with_oidc_method_body.go |  256 +
 ...settings_flow_with_password_method_body.go |  175 +
 ..._settings_flow_with_profile_method_body.go |  175 +
 ...ice_settings_flow_with_totp_method_body.go |  219 +
 ...ettings_flow_with_web_authn_method_body.go |  256 +
 ...mit_self_service_verification_flow_body.go |  116 +
 ...verification_flow_with_link_method_body.go |  175 +
 ...sful_self_service_login_without_browser.go |  144 +
 ...lf_service_registration_without_browser.go |  180 +
 .../httpclient-ory/model_token_pagination.go  |  160 +
 .../model_token_pagination_headers.go         |  152 +
 internal/httpclient-ory/model_ui_container.go |  203 +
 internal/httpclient-ory/model_ui_node.go      |  225 +
 .../model_ui_node_anchor_attributes.go        |  197 +
 .../model_ui_node_attributes.go               |  236 +
 .../model_ui_node_image_attributes.go         |  228 +
 .../model_ui_node_input_attributes.go         |  420 +
 internal/httpclient-ory/model_ui_node_meta.go |  114 +
 .../model_ui_node_script_attributes.go        |  348 +
 .../model_ui_node_text_attributes.go          |  167 +
 internal/httpclient-ory/model_ui_text.go      |  203 +
 .../model_verifiable_identity_address.go      |  346 +
 internal/httpclient-ory/model_version.go      |  115 +
 internal/httpclient-ory/response.go           |   48 +
 internal/httpclient-ory/utils.go              |  329 +
 internal/httpclient/.openapi-generator/FILES  |   14 +-
 .../httpclient/.openapi-generator/VERSION     |    2 +-
 internal/httpclient/README.md                 |   10 +-
 internal/httpclient/api/openapi.yaml          |  543 +-
 internal/httpclient/api_metadata.go           |   40 +-
 internal/httpclient/api_v0alpha2.go           |    2 +-
 internal/httpclient/client.go                 |    4 +-
 internal/httpclient/configuration.go          |    2 +-
 .../httpclient/docs/GetVersion200Response.md  |   51 +
 .../httpclient/docs/IsAlive200Response.md     |   51 +
 .../httpclient/docs/IsReady503Response.md     |   51 +
 internal/httpclient/docs/MetadataApi.md       |   18 +-
 .../httpclient/docs/OpenIDConnectContext.md   |    8 +-
 internal/httpclient/git_push.sh               |    2 +-
 .../model_admin_create_identity_body.go       |    2 +-
 ...create_identity_import_credentials_oidc.go |    2 +-
 ...identity_import_credentials_oidc_config.go |    2 +-
 ...entity_import_credentials_oidc_provider.go |    2 +-
 ...te_identity_import_credentials_password.go |    2 +-
 ...tity_import_credentials_password_config.go |    2 +-
 ..._create_self_service_recovery_code_body.go |    2 +-
 ..._create_self_service_recovery_link_body.go |    2 +-
 ...model_admin_identity_import_credentials.go |    2 +-
 .../model_admin_update_identity_body.go       |    2 +-
 .../model_authenticator_assurance_level.go    |    2 +-
 .../model_courier_message_status.go           |    2 +-
 .../httpclient/model_courier_message_type.go  |    2 +-
 ...enticator_assurance_level_not_satisfied.go |    2 +-
 internal/httpclient/model_generic_error.go    |    2 +-
 .../model_get_version_200_response.go         |  108 +
 .../model_health_not_ready_status.go          |    2 +-
 internal/httpclient/model_health_status.go    |    2 +-
 internal/httpclient/model_identity.go         |    2 +-
 .../httpclient/model_identity_credentials.go  |    2 +-
 .../model_identity_credentials_oidc.go        |    2 +-
 ...odel_identity_credentials_oidc_provider.go |    2 +-
 .../model_identity_credentials_password.go    |    2 +-
 .../model_identity_credentials_type.go        |    2 +-
 .../model_identity_schema_container.go        |    2 +-
 internal/httpclient/model_identity_state.go   |    2 +-
 .../httpclient/model_is_alive_200_response.go |  108 +
 .../httpclient/model_is_ready_503_response.go |  108 +
 internal/httpclient/model_json_error.go       |    2 +-
 internal/httpclient/model_json_patch.go       |    2 +-
 internal/httpclient/model_login_request.go    |    2 +-
 internal/httpclient/model_message.go          |    2 +-
 .../model_needs_privileged_session_error.go   |    2 +-
 internal/httpclient/model_o_auth2_client.go   |    2 +-
 .../model_open_id_connect_context.go          |   14 +-
 internal/httpclient/model_pagination.go       |    2 +-
 .../model_recovery_identity_address.go        |    2 +-
 internal/httpclient/model_revoked_sessions.go |    2 +-
 ..._browser_location_change_required_error.go |    2 +-
 .../httpclient/model_self_service_error.go    |    2 +-
 .../model_self_service_flow_expired_error.go  |    2 +-
 .../model_self_service_login_flow.go          |    2 +-
 .../model_self_service_logout_url.go          |    2 +-
 .../model_self_service_recovery_code.go       |    2 +-
 .../model_self_service_recovery_flow.go       |    2 +-
 .../model_self_service_recovery_flow_state.go |    2 +-
 .../model_self_service_recovery_link.go       |    2 +-
 .../model_self_service_registration_flow.go   |    2 +-
 .../model_self_service_settings_flow.go       |    2 +-
 .../model_self_service_settings_flow_state.go |    2 +-
 .../model_self_service_verification_flow.go   |    2 +-
 ...el_self_service_verification_flow_state.go |    2 +-
 internal/httpclient/model_session.go          |    2 +-
 .../model_session_authentication_method.go    |    2 +-
 internal/httpclient/model_session_device.go   |    2 +-
 .../model_settings_profile_form_config.go     |    2 +-
 ...flow_with_web_authn_registration_method.go |    2 +-
 ...del_submit_self_service_login_flow_body.go |    2 +-
 ...gin_flow_with_lookup_secret_method_body.go |    2 +-
 ...ervice_login_flow_with_oidc_method_body.go |    2 +-
 ...ce_login_flow_with_password_method_body.go |    2 +-
 ...ervice_login_flow_with_totp_method_body.go |    2 +-
 ...e_login_flow_with_web_authn_method_body.go |    2 +-
 ...ervice_logout_flow_without_browser_body.go |    2 +-
 ..._submit_self_service_recovery_flow_body.go |    2 +-
 ...ice_recovery_flow_with_code_method_body.go |    2 +-
 ...ice_recovery_flow_with_link_method_body.go |    2 +-
 ...mit_self_service_registration_flow_body.go |    2 +-
 ...registration_flow_with_oidc_method_body.go |    2 +-
 ...stration_flow_with_password_method_body.go |    2 +-
 ...tration_flow_with_web_authn_method_body.go |    2 +-
 ..._submit_self_service_settings_flow_body.go |    2 +-
 ...e_settings_flow_with_lookup_method_body.go |    2 +-
 ...ice_settings_flow_with_oidc_method_body.go |    2 +-
 ...settings_flow_with_password_method_body.go |    2 +-
 ..._settings_flow_with_profile_method_body.go |    2 +-
 ...ice_settings_flow_with_totp_method_body.go |    2 +-
 ...ettings_flow_with_web_authn_method_body.go |    2 +-
 ...mit_self_service_verification_flow_body.go |    2 +-
 ...verification_flow_with_link_method_body.go |    2 +-
 ...sful_self_service_login_without_browser.go |    2 +-
 ...lf_service_registration_without_browser.go |    2 +-
 internal/httpclient/model_token_pagination.go |    2 +-
 .../model_token_pagination_headers.go         |    2 +-
 internal/httpclient/model_ui_container.go     |    2 +-
 internal/httpclient/model_ui_node.go          |    2 +-
 .../model_ui_node_anchor_attributes.go        |    2 +-
 .../httpclient/model_ui_node_attributes.go    |    2 +-
 .../model_ui_node_image_attributes.go         |    2 +-
 .../model_ui_node_input_attributes.go         |    2 +-
 internal/httpclient/model_ui_node_meta.go     |    2 +-
 .../model_ui_node_script_attributes.go        |    2 +-
 .../model_ui_node_text_attributes.go          |    2 +-
 internal/httpclient/model_ui_text.go          |    2 +-
 .../model_verifiable_identity_address.go      |    2 +-
 internal/httpclient/model_version.go          |    2 +-
 internal/httpclient/response.go               |    2 +-
 internal/httpclient/utils.go                  |    2 +-
 internal/registrationhelpers/helpers.go       |    2 +-
 internal/testhelpers/sdk.go                   |    2 +-
 internal/testhelpers/selfservice_login.go     |    2 +-
 internal/testhelpers/selfservice_recovery.go  |    2 +-
 .../testhelpers/selfservice_registration.go   |    2 +-
 internal/testhelpers/selfservice_settings.go  |    2 +-
 .../testhelpers/selfservice_verification.go   |    2 +-
 openapitools.json                             |    2 +-
 selfservice/flow/login/flow.go                |    2 +-
 selfservice/flow/login/handler.go             |    2 +-
 selfservice/flow/registration/flow.go         |    2 +-
 selfservice/flow/settings/handler_test.go     |    2 +-
 .../strategy/code/strategy_recovery_test.go   |    2 +-
 .../strategy/link/strategy_recovery_test.go   |    2 +-
 selfservice/strategy/lookup/settings_test.go  |    2 +-
 .../strategy/oidc/strategy_settings_test.go   |    2 +-
 selfservice/strategy/password/login_test.go   |    2 +-
 .../strategy/password/op_login_test.go        |   12 +-
 .../strategy/password/op_registration_test.go |   12 +-
 .../strategy/password/settings_test.go        |    2 +-
 selfservice/strategy/profile/strategy_test.go |    2 +-
 selfservice/strategy/totp/settings_test.go    |    2 +-
 selfservice/strategy/webauthn/login_test.go   |    2 +-
 .../strategy/webauthn/registration_test.go    |    2 +-
 .../strategy/webauthn/settings_test.go        |    2 +-
 585 files changed, 115060 insertions(+), 596 deletions(-)
 create mode 100644 internal/client-go/.gitignore
 create mode 100644 internal/client-go/.openapi-generator-ignore
 create mode 100644 internal/client-go/.openapi-generator/FILES
 create mode 100644 internal/client-go/.openapi-generator/VERSION
 create mode 100644 internal/client-go/.travis.yml
 create mode 100644 internal/client-go/README.md
 create mode 100644 internal/client-go/api/openapi.yaml
 create mode 100644 internal/client-go/api_metadata.go
 create mode 100644 internal/client-go/api_v0alpha2.go
 create mode 100644 internal/client-go/client.go
 create mode 100644 internal/client-go/configuration.go
 create mode 100644 internal/client-go/docs/AdminCreateIdentityBody.md
 create mode 100644 internal/client-go/docs/AdminCreateIdentityImportCredentialsOidc.md
 create mode 100644 internal/client-go/docs/AdminCreateIdentityImportCredentialsOidcConfig.md
 create mode 100644 internal/client-go/docs/AdminCreateIdentityImportCredentialsOidcProvider.md
 create mode 100644 internal/client-go/docs/AdminCreateIdentityImportCredentialsPassword.md
 create mode 100644 internal/client-go/docs/AdminCreateIdentityImportCredentialsPasswordConfig.md
 create mode 100644 internal/client-go/docs/AdminCreateSelfServiceRecoveryCodeBody.md
 create mode 100644 internal/client-go/docs/AdminCreateSelfServiceRecoveryLinkBody.md
 create mode 100644 internal/client-go/docs/AdminIdentityImportCredentials.md
 create mode 100644 internal/client-go/docs/AdminUpdateIdentityBody.md
 create mode 100644 internal/client-go/docs/AuthenticatorAssuranceLevel.md
 create mode 100644 internal/client-go/docs/CourierMessageStatus.md
 create mode 100644 internal/client-go/docs/CourierMessageType.md
 create mode 100644 internal/client-go/docs/ErrorAuthenticatorAssuranceLevelNotSatisfied.md
 create mode 100644 internal/client-go/docs/GenericError.md
 rename internal/{httpclient/docs/InlineResponse2001.md => client-go/docs/GetVersion200Response.md} (64%)
 create mode 100644 internal/client-go/docs/HealthNotReadyStatus.md
 create mode 100644 internal/client-go/docs/HealthStatus.md
 create mode 100644 internal/client-go/docs/Identity.md
 create mode 100644 internal/client-go/docs/IdentityCredentials.md
 create mode 100644 internal/client-go/docs/IdentityCredentialsOidc.md
 create mode 100644 internal/client-go/docs/IdentityCredentialsOidcProvider.md
 create mode 100644 internal/client-go/docs/IdentityCredentialsPassword.md
 create mode 100644 internal/client-go/docs/IdentityCredentialsType.md
 create mode 100644 internal/client-go/docs/IdentitySchemaContainer.md
 create mode 100644 internal/client-go/docs/IdentityState.md
 rename internal/{httpclient/docs/InlineResponse200.md => client-go/docs/IsAlive200Response.md} (66%)
 rename internal/{httpclient/docs/InlineResponse503.md => client-go/docs/IsReady503Response.md} (65%)
 create mode 100644 internal/client-go/docs/JsonError.md
 create mode 100644 internal/client-go/docs/JsonPatch.md
 create mode 100644 internal/client-go/docs/LoginRequest.md
 create mode 100644 internal/client-go/docs/Message.md
 create mode 100644 internal/client-go/docs/MetadataApi.md
 create mode 100644 internal/client-go/docs/NeedsPrivilegedSessionError.md
 create mode 100644 internal/client-go/docs/OAuth2Client.md
 create mode 100644 internal/client-go/docs/OpenIDConnectContext.md
 create mode 100644 internal/client-go/docs/Pagination.md
 create mode 100644 internal/client-go/docs/RecoveryIdentityAddress.md
 create mode 100644 internal/client-go/docs/RevokedSessions.md
 create mode 100644 internal/client-go/docs/SelfServiceBrowserLocationChangeRequiredError.md
 create mode 100644 internal/client-go/docs/SelfServiceError.md
 create mode 100644 internal/client-go/docs/SelfServiceFlowExpiredError.md
 create mode 100644 internal/client-go/docs/SelfServiceLoginFlow.md
 create mode 100644 internal/client-go/docs/SelfServiceLogoutUrl.md
 create mode 100644 internal/client-go/docs/SelfServiceRecoveryCode.md
 create mode 100644 internal/client-go/docs/SelfServiceRecoveryFlow.md
 create mode 100644 internal/client-go/docs/SelfServiceRecoveryFlowState.md
 create mode 100644 internal/client-go/docs/SelfServiceRecoveryLink.md
 create mode 100644 internal/client-go/docs/SelfServiceRegistrationFlow.md
 create mode 100644 internal/client-go/docs/SelfServiceSettingsFlow.md
 create mode 100644 internal/client-go/docs/SelfServiceSettingsFlowState.md
 create mode 100644 internal/client-go/docs/SelfServiceVerificationFlow.md
 create mode 100644 internal/client-go/docs/SelfServiceVerificationFlowState.md
 create mode 100644 internal/client-go/docs/Session.md
 create mode 100644 internal/client-go/docs/SessionAuthenticationMethod.md
 create mode 100644 internal/client-go/docs/SessionDevice.md
 create mode 100644 internal/client-go/docs/SettingsProfileFormConfig.md
 create mode 100644 internal/client-go/docs/SubmitSelfServiceFlowWithWebAuthnRegistrationMethod.md
 create mode 100644 internal/client-go/docs/SubmitSelfServiceLoginFlowBody.md
 create mode 100644 internal/client-go/docs/SubmitSelfServiceLoginFlowWithLookupSecretMethodBody.md
 create mode 100644 internal/client-go/docs/SubmitSelfServiceLoginFlowWithOidcMethodBody.md
 create mode 100644 internal/client-go/docs/SubmitSelfServiceLoginFlowWithPasswordMethodBody.md
 create mode 100644 internal/client-go/docs/SubmitSelfServiceLoginFlowWithTotpMethodBody.md
 create mode 100644 internal/client-go/docs/SubmitSelfServiceLoginFlowWithWebAuthnMethodBody.md
 create mode 100644 internal/client-go/docs/SubmitSelfServiceLogoutFlowWithoutBrowserBody.md
 create mode 100644 internal/client-go/docs/SubmitSelfServiceRecoveryFlowBody.md
 create mode 100644 internal/client-go/docs/SubmitSelfServiceRecoveryFlowWithCodeMethodBody.md
 create mode 100644 internal/client-go/docs/SubmitSelfServiceRecoveryFlowWithLinkMethodBody.md
 create mode 100644 internal/client-go/docs/SubmitSelfServiceRegistrationFlowBody.md
 create mode 100644 internal/client-go/docs/SubmitSelfServiceRegistrationFlowWithOidcMethodBody.md
 create mode 100644 internal/client-go/docs/SubmitSelfServiceRegistrationFlowWithPasswordMethodBody.md
 create mode 100644 internal/client-go/docs/SubmitSelfServiceRegistrationFlowWithWebAuthnMethodBody.md
 create mode 100644 internal/client-go/docs/SubmitSelfServiceSettingsFlowBody.md
 create mode 100644 internal/client-go/docs/SubmitSelfServiceSettingsFlowWithLookupMethodBody.md
 create mode 100644 internal/client-go/docs/SubmitSelfServiceSettingsFlowWithOidcMethodBody.md
 create mode 100644 internal/client-go/docs/SubmitSelfServiceSettingsFlowWithPasswordMethodBody.md
 create mode 100644 internal/client-go/docs/SubmitSelfServiceSettingsFlowWithProfileMethodBody.md
 create mode 100644 internal/client-go/docs/SubmitSelfServiceSettingsFlowWithTotpMethodBody.md
 create mode 100644 internal/client-go/docs/SubmitSelfServiceSettingsFlowWithWebAuthnMethodBody.md
 create mode 100644 internal/client-go/docs/SubmitSelfServiceVerificationFlowBody.md
 create mode 100644 internal/client-go/docs/SubmitSelfServiceVerificationFlowWithLinkMethodBody.md
 create mode 100644 internal/client-go/docs/SuccessfulSelfServiceLoginWithoutBrowser.md
 create mode 100644 internal/client-go/docs/SuccessfulSelfServiceRegistrationWithoutBrowser.md
 create mode 100644 internal/client-go/docs/TokenPagination.md
 create mode 100644 internal/client-go/docs/TokenPaginationHeaders.md
 create mode 100644 internal/client-go/docs/UiContainer.md
 create mode 100644 internal/client-go/docs/UiNode.md
 create mode 100644 internal/client-go/docs/UiNodeAnchorAttributes.md
 create mode 100644 internal/client-go/docs/UiNodeAttributes.md
 create mode 100644 internal/client-go/docs/UiNodeImageAttributes.md
 create mode 100644 internal/client-go/docs/UiNodeInputAttributes.md
 create mode 100644 internal/client-go/docs/UiNodeMeta.md
 create mode 100644 internal/client-go/docs/UiNodeScriptAttributes.md
 create mode 100644 internal/client-go/docs/UiNodeTextAttributes.md
 create mode 100644 internal/client-go/docs/UiText.md
 create mode 100644 internal/client-go/docs/V0alpha2Api.md
 create mode 100644 internal/client-go/docs/VerifiableIdentityAddress.md
 create mode 100644 internal/client-go/docs/Version.md
 create mode 100644 internal/client-go/git_push.sh
 create mode 100644 internal/client-go/go.mod
 rename internal/{httpclient => client-go}/go.sum (100%)
 create mode 100644 internal/client-go/model_admin_create_identity_body.go
 create mode 100644 internal/client-go/model_admin_create_identity_import_credentials_oidc.go
 create mode 100644 internal/client-go/model_admin_create_identity_import_credentials_oidc_config.go
 create mode 100644 internal/client-go/model_admin_create_identity_import_credentials_oidc_provider.go
 create mode 100644 internal/client-go/model_admin_create_identity_import_credentials_password.go
 create mode 100644 internal/client-go/model_admin_create_identity_import_credentials_password_config.go
 create mode 100644 internal/client-go/model_admin_create_self_service_recovery_code_body.go
 create mode 100644 internal/client-go/model_admin_create_self_service_recovery_link_body.go
 create mode 100644 internal/client-go/model_admin_identity_import_credentials.go
 create mode 100644 internal/client-go/model_admin_update_identity_body.go
 create mode 100644 internal/client-go/model_authenticator_assurance_level.go
 create mode 100644 internal/client-go/model_courier_message_status.go
 create mode 100644 internal/client-go/model_courier_message_type.go
 create mode 100644 internal/client-go/model_error_authenticator_assurance_level_not_satisfied.go
 create mode 100644 internal/client-go/model_generic_error.go
 create mode 100644 internal/client-go/model_get_version_200_response.go
 create mode 100644 internal/client-go/model_health_not_ready_status.go
 create mode 100644 internal/client-go/model_health_status.go
 create mode 100644 internal/client-go/model_identity.go
 create mode 100644 internal/client-go/model_identity_credentials.go
 create mode 100644 internal/client-go/model_identity_credentials_oidc.go
 create mode 100644 internal/client-go/model_identity_credentials_oidc_provider.go
 create mode 100644 internal/client-go/model_identity_credentials_password.go
 create mode 100644 internal/client-go/model_identity_credentials_type.go
 create mode 100644 internal/client-go/model_identity_schema_container.go
 create mode 100644 internal/client-go/model_identity_state.go
 create mode 100644 internal/client-go/model_is_alive_200_response.go
 create mode 100644 internal/client-go/model_is_ready_503_response.go
 create mode 100644 internal/client-go/model_json_error.go
 create mode 100644 internal/client-go/model_json_patch.go
 create mode 100644 internal/client-go/model_login_request.go
 create mode 100644 internal/client-go/model_message.go
 create mode 100644 internal/client-go/model_needs_privileged_session_error.go
 create mode 100644 internal/client-go/model_o_auth2_client.go
 create mode 100644 internal/client-go/model_open_id_connect_context.go
 create mode 100644 internal/client-go/model_pagination.go
 create mode 100644 internal/client-go/model_recovery_identity_address.go
 create mode 100644 internal/client-go/model_revoked_sessions.go
 create mode 100644 internal/client-go/model_self_service_browser_location_change_required_error.go
 create mode 100644 internal/client-go/model_self_service_error.go
 create mode 100644 internal/client-go/model_self_service_flow_expired_error.go
 create mode 100644 internal/client-go/model_self_service_login_flow.go
 create mode 100644 internal/client-go/model_self_service_logout_url.go
 create mode 100644 internal/client-go/model_self_service_recovery_code.go
 create mode 100644 internal/client-go/model_self_service_recovery_flow.go
 create mode 100644 internal/client-go/model_self_service_recovery_flow_state.go
 create mode 100644 internal/client-go/model_self_service_recovery_link.go
 create mode 100644 internal/client-go/model_self_service_registration_flow.go
 create mode 100644 internal/client-go/model_self_service_settings_flow.go
 create mode 100644 internal/client-go/model_self_service_settings_flow_state.go
 create mode 100644 internal/client-go/model_self_service_verification_flow.go
 create mode 100644 internal/client-go/model_self_service_verification_flow_state.go
 create mode 100644 internal/client-go/model_session.go
 create mode 100644 internal/client-go/model_session_authentication_method.go
 create mode 100644 internal/client-go/model_session_device.go
 create mode 100644 internal/client-go/model_settings_profile_form_config.go
 create mode 100644 internal/client-go/model_submit_self_service_flow_with_web_authn_registration_method.go
 create mode 100644 internal/client-go/model_submit_self_service_login_flow_body.go
 create mode 100644 internal/client-go/model_submit_self_service_login_flow_with_lookup_secret_method_body.go
 create mode 100644 internal/client-go/model_submit_self_service_login_flow_with_oidc_method_body.go
 create mode 100644 internal/client-go/model_submit_self_service_login_flow_with_password_method_body.go
 create mode 100644 internal/client-go/model_submit_self_service_login_flow_with_totp_method_body.go
 create mode 100644 internal/client-go/model_submit_self_service_login_flow_with_web_authn_method_body.go
 create mode 100644 internal/client-go/model_submit_self_service_logout_flow_without_browser_body.go
 create mode 100644 internal/client-go/model_submit_self_service_recovery_flow_body.go
 create mode 100644 internal/client-go/model_submit_self_service_recovery_flow_with_code_method_body.go
 create mode 100644 internal/client-go/model_submit_self_service_recovery_flow_with_link_method_body.go
 create mode 100644 internal/client-go/model_submit_self_service_registration_flow_body.go
 create mode 100644 internal/client-go/model_submit_self_service_registration_flow_with_oidc_method_body.go
 create mode 100644 internal/client-go/model_submit_self_service_registration_flow_with_password_method_body.go
 create mode 100644 internal/client-go/model_submit_self_service_registration_flow_with_web_authn_method_body.go
 create mode 100644 internal/client-go/model_submit_self_service_settings_flow_body.go
 create mode 100644 internal/client-go/model_submit_self_service_settings_flow_with_lookup_method_body.go
 create mode 100644 internal/client-go/model_submit_self_service_settings_flow_with_oidc_method_body.go
 create mode 100644 internal/client-go/model_submit_self_service_settings_flow_with_password_method_body.go
 create mode 100644 internal/client-go/model_submit_self_service_settings_flow_with_profile_method_body.go
 create mode 100644 internal/client-go/model_submit_self_service_settings_flow_with_totp_method_body.go
 create mode 100644 internal/client-go/model_submit_self_service_settings_flow_with_web_authn_method_body.go
 create mode 100644 internal/client-go/model_submit_self_service_verification_flow_body.go
 create mode 100644 internal/client-go/model_submit_self_service_verification_flow_with_link_method_body.go
 create mode 100644 internal/client-go/model_successful_self_service_login_without_browser.go
 create mode 100644 internal/client-go/model_successful_self_service_registration_without_browser.go
 create mode 100644 internal/client-go/model_token_pagination.go
 create mode 100644 internal/client-go/model_token_pagination_headers.go
 create mode 100644 internal/client-go/model_ui_container.go
 create mode 100644 internal/client-go/model_ui_node.go
 create mode 100644 internal/client-go/model_ui_node_anchor_attributes.go
 create mode 100644 internal/client-go/model_ui_node_attributes.go
 create mode 100644 internal/client-go/model_ui_node_image_attributes.go
 create mode 100644 internal/client-go/model_ui_node_input_attributes.go
 create mode 100644 internal/client-go/model_ui_node_meta.go
 create mode 100644 internal/client-go/model_ui_node_script_attributes.go
 create mode 100644 internal/client-go/model_ui_node_text_attributes.go
 create mode 100644 internal/client-go/model_ui_text.go
 create mode 100644 internal/client-go/model_verifiable_identity_address.go
 create mode 100644 internal/client-go/model_version.go
 create mode 100644 internal/client-go/response.go
 create mode 100644 internal/client-go/test/api_metadata_test.go
 create mode 100644 internal/client-go/test/api_v0alpha2_test.go
 create mode 100644 internal/client-go/utils.go
 create mode 100644 internal/httpclient-ory/.gitignore
 create mode 100644 internal/httpclient-ory/.openapi-generator-ignore
 create mode 100644 internal/httpclient-ory/.openapi-generator/FILES
 create mode 100644 internal/httpclient-ory/.openapi-generator/VERSION
 create mode 100644 internal/httpclient-ory/.travis.yml
 create mode 100644 internal/httpclient-ory/README.md
 create mode 100644 internal/httpclient-ory/api/openapi.yaml
 create mode 100644 internal/httpclient-ory/api_metadata.go
 create mode 100644 internal/httpclient-ory/api_v0alpha2.go
 create mode 100644 internal/httpclient-ory/client.go
 create mode 100644 internal/httpclient-ory/configuration.go
 create mode 100644 internal/httpclient-ory/docs/AdminCreateIdentityBody.md
 create mode 100644 internal/httpclient-ory/docs/AdminCreateIdentityImportCredentialsOidc.md
 create mode 100644 internal/httpclient-ory/docs/AdminCreateIdentityImportCredentialsOidcConfig.md
 create mode 100644 internal/httpclient-ory/docs/AdminCreateIdentityImportCredentialsOidcProvider.md
 create mode 100644 internal/httpclient-ory/docs/AdminCreateIdentityImportCredentialsPassword.md
 create mode 100644 internal/httpclient-ory/docs/AdminCreateIdentityImportCredentialsPasswordConfig.md
 create mode 100644 internal/httpclient-ory/docs/AdminCreateSelfServiceRecoveryCodeBody.md
 create mode 100644 internal/httpclient-ory/docs/AdminCreateSelfServiceRecoveryLinkBody.md
 create mode 100644 internal/httpclient-ory/docs/AdminIdentityImportCredentials.md
 create mode 100644 internal/httpclient-ory/docs/AdminUpdateIdentityBody.md
 create mode 100644 internal/httpclient-ory/docs/AuthenticatorAssuranceLevel.md
 create mode 100644 internal/httpclient-ory/docs/CourierMessageStatus.md
 create mode 100644 internal/httpclient-ory/docs/CourierMessageType.md
 create mode 100644 internal/httpclient-ory/docs/ErrorAuthenticatorAssuranceLevelNotSatisfied.md
 create mode 100644 internal/httpclient-ory/docs/GenericError.md
 create mode 100644 internal/httpclient-ory/docs/GetVersion200Response.md
 create mode 100644 internal/httpclient-ory/docs/HealthNotReadyStatus.md
 create mode 100644 internal/httpclient-ory/docs/HealthStatus.md
 create mode 100644 internal/httpclient-ory/docs/Identity.md
 create mode 100644 internal/httpclient-ory/docs/IdentityCredentials.md
 create mode 100644 internal/httpclient-ory/docs/IdentityCredentialsOidc.md
 create mode 100644 internal/httpclient-ory/docs/IdentityCredentialsOidcProvider.md
 create mode 100644 internal/httpclient-ory/docs/IdentityCredentialsPassword.md
 create mode 100644 internal/httpclient-ory/docs/IdentityCredentialsType.md
 create mode 100644 internal/httpclient-ory/docs/IdentitySchemaContainer.md
 create mode 100644 internal/httpclient-ory/docs/IdentityState.md
 create mode 100644 internal/httpclient-ory/docs/IsAlive200Response.md
 create mode 100644 internal/httpclient-ory/docs/IsReady503Response.md
 create mode 100644 internal/httpclient-ory/docs/JsonError.md
 create mode 100644 internal/httpclient-ory/docs/JsonPatch.md
 create mode 100644 internal/httpclient-ory/docs/LoginRequest.md
 create mode 100644 internal/httpclient-ory/docs/Message.md
 create mode 100644 internal/httpclient-ory/docs/MetadataApi.md
 create mode 100644 internal/httpclient-ory/docs/NeedsPrivilegedSessionError.md
 create mode 100644 internal/httpclient-ory/docs/OAuth2Client.md
 create mode 100644 internal/httpclient-ory/docs/OpenIDConnectContext.md
 create mode 100644 internal/httpclient-ory/docs/Pagination.md
 create mode 100644 internal/httpclient-ory/docs/RecoveryIdentityAddress.md
 create mode 100644 internal/httpclient-ory/docs/RevokedSessions.md
 create mode 100644 internal/httpclient-ory/docs/SelfServiceBrowserLocationChangeRequiredError.md
 create mode 100644 internal/httpclient-ory/docs/SelfServiceError.md
 create mode 100644 internal/httpclient-ory/docs/SelfServiceFlowExpiredError.md
 create mode 100644 internal/httpclient-ory/docs/SelfServiceLoginFlow.md
 create mode 100644 internal/httpclient-ory/docs/SelfServiceLogoutUrl.md
 create mode 100644 internal/httpclient-ory/docs/SelfServiceRecoveryCode.md
 create mode 100644 internal/httpclient-ory/docs/SelfServiceRecoveryFlow.md
 create mode 100644 internal/httpclient-ory/docs/SelfServiceRecoveryFlowState.md
 create mode 100644 internal/httpclient-ory/docs/SelfServiceRecoveryLink.md
 create mode 100644 internal/httpclient-ory/docs/SelfServiceRegistrationFlow.md
 create mode 100644 internal/httpclient-ory/docs/SelfServiceSettingsFlow.md
 create mode 100644 internal/httpclient-ory/docs/SelfServiceSettingsFlowState.md
 create mode 100644 internal/httpclient-ory/docs/SelfServiceVerificationFlow.md
 create mode 100644 internal/httpclient-ory/docs/SelfServiceVerificationFlowState.md
 create mode 100644 internal/httpclient-ory/docs/Session.md
 create mode 100644 internal/httpclient-ory/docs/SessionAuthenticationMethod.md
 create mode 100644 internal/httpclient-ory/docs/SessionDevice.md
 create mode 100644 internal/httpclient-ory/docs/SettingsProfileFormConfig.md
 create mode 100644 internal/httpclient-ory/docs/SubmitSelfServiceFlowWithWebAuthnRegistrationMethod.md
 create mode 100644 internal/httpclient-ory/docs/SubmitSelfServiceLoginFlowBody.md
 create mode 100644 internal/httpclient-ory/docs/SubmitSelfServiceLoginFlowWithLookupSecretMethodBody.md
 create mode 100644 internal/httpclient-ory/docs/SubmitSelfServiceLoginFlowWithOidcMethodBody.md
 create mode 100644 internal/httpclient-ory/docs/SubmitSelfServiceLoginFlowWithPasswordMethodBody.md
 create mode 100644 internal/httpclient-ory/docs/SubmitSelfServiceLoginFlowWithTotpMethodBody.md
 create mode 100644 internal/httpclient-ory/docs/SubmitSelfServiceLoginFlowWithWebAuthnMethodBody.md
 create mode 100644 internal/httpclient-ory/docs/SubmitSelfServiceLogoutFlowWithoutBrowserBody.md
 create mode 100644 internal/httpclient-ory/docs/SubmitSelfServiceRecoveryFlowBody.md
 create mode 100644 internal/httpclient-ory/docs/SubmitSelfServiceRecoveryFlowWithCodeMethodBody.md
 create mode 100644 internal/httpclient-ory/docs/SubmitSelfServiceRecoveryFlowWithLinkMethodBody.md
 create mode 100644 internal/httpclient-ory/docs/SubmitSelfServiceRegistrationFlowBody.md
 create mode 100644 internal/httpclient-ory/docs/SubmitSelfServiceRegistrationFlowWithOidcMethodBody.md
 create mode 100644 internal/httpclient-ory/docs/SubmitSelfServiceRegistrationFlowWithPasswordMethodBody.md
 create mode 100644 internal/httpclient-ory/docs/SubmitSelfServiceRegistrationFlowWithWebAuthnMethodBody.md
 create mode 100644 internal/httpclient-ory/docs/SubmitSelfServiceSettingsFlowBody.md
 create mode 100644 internal/httpclient-ory/docs/SubmitSelfServiceSettingsFlowWithLookupMethodBody.md
 create mode 100644 internal/httpclient-ory/docs/SubmitSelfServiceSettingsFlowWithOidcMethodBody.md
 create mode 100644 internal/httpclient-ory/docs/SubmitSelfServiceSettingsFlowWithPasswordMethodBody.md
 create mode 100644 internal/httpclient-ory/docs/SubmitSelfServiceSettingsFlowWithProfileMethodBody.md
 create mode 100644 internal/httpclient-ory/docs/SubmitSelfServiceSettingsFlowWithTotpMethodBody.md
 create mode 100644 internal/httpclient-ory/docs/SubmitSelfServiceSettingsFlowWithWebAuthnMethodBody.md
 create mode 100644 internal/httpclient-ory/docs/SubmitSelfServiceVerificationFlowBody.md
 create mode 100644 internal/httpclient-ory/docs/SubmitSelfServiceVerificationFlowWithLinkMethodBody.md
 create mode 100644 internal/httpclient-ory/docs/SuccessfulSelfServiceLoginWithoutBrowser.md
 create mode 100644 internal/httpclient-ory/docs/SuccessfulSelfServiceRegistrationWithoutBrowser.md
 create mode 100644 internal/httpclient-ory/docs/TokenPagination.md
 create mode 100644 internal/httpclient-ory/docs/TokenPaginationHeaders.md
 create mode 100644 internal/httpclient-ory/docs/UiContainer.md
 create mode 100644 internal/httpclient-ory/docs/UiNode.md
 create mode 100644 internal/httpclient-ory/docs/UiNodeAnchorAttributes.md
 create mode 100644 internal/httpclient-ory/docs/UiNodeAttributes.md
 create mode 100644 internal/httpclient-ory/docs/UiNodeImageAttributes.md
 create mode 100644 internal/httpclient-ory/docs/UiNodeInputAttributes.md
 create mode 100644 internal/httpclient-ory/docs/UiNodeMeta.md
 create mode 100644 internal/httpclient-ory/docs/UiNodeScriptAttributes.md
 create mode 100644 internal/httpclient-ory/docs/UiNodeTextAttributes.md
 create mode 100644 internal/httpclient-ory/docs/UiText.md
 create mode 100644 internal/httpclient-ory/docs/V0alpha2Api.md
 create mode 100644 internal/httpclient-ory/docs/VerifiableIdentityAddress.md
 create mode 100644 internal/httpclient-ory/docs/Version.md
 create mode 100644 internal/httpclient-ory/git_push.sh
 rename internal/{httpclient => httpclient-ory}/go.mod (66%)
 create mode 100644 internal/httpclient-ory/go.sum
 create mode 100644 internal/httpclient-ory/model_admin_create_identity_body.go
 create mode 100644 internal/httpclient-ory/model_admin_create_identity_import_credentials_oidc.go
 create mode 100644 internal/httpclient-ory/model_admin_create_identity_import_credentials_oidc_config.go
 create mode 100644 internal/httpclient-ory/model_admin_create_identity_import_credentials_oidc_provider.go
 create mode 100644 internal/httpclient-ory/model_admin_create_identity_import_credentials_password.go
 create mode 100644 internal/httpclient-ory/model_admin_create_identity_import_credentials_password_config.go
 create mode 100644 internal/httpclient-ory/model_admin_create_self_service_recovery_code_body.go
 create mode 100644 internal/httpclient-ory/model_admin_create_self_service_recovery_link_body.go
 create mode 100644 internal/httpclient-ory/model_admin_identity_import_credentials.go
 create mode 100644 internal/httpclient-ory/model_admin_update_identity_body.go
 create mode 100644 internal/httpclient-ory/model_authenticator_assurance_level.go
 create mode 100644 internal/httpclient-ory/model_courier_message_status.go
 create mode 100644 internal/httpclient-ory/model_courier_message_type.go
 create mode 100644 internal/httpclient-ory/model_error_authenticator_assurance_level_not_satisfied.go
 create mode 100644 internal/httpclient-ory/model_generic_error.go
 rename internal/{httpclient/model_inline_response_200_1.go => httpclient-ory/model_get_version_200_response.go} (57%)
 create mode 100644 internal/httpclient-ory/model_health_not_ready_status.go
 create mode 100644 internal/httpclient-ory/model_health_status.go
 create mode 100644 internal/httpclient-ory/model_identity.go
 create mode 100644 internal/httpclient-ory/model_identity_credentials.go
 create mode 100644 internal/httpclient-ory/model_identity_credentials_oidc.go
 create mode 100644 internal/httpclient-ory/model_identity_credentials_oidc_provider.go
 create mode 100644 internal/httpclient-ory/model_identity_credentials_password.go
 create mode 100644 internal/httpclient-ory/model_identity_credentials_type.go
 create mode 100644 internal/httpclient-ory/model_identity_schema_container.go
 create mode 100644 internal/httpclient-ory/model_identity_state.go
 rename internal/{httpclient/model_inline_response_200.go => httpclient-ory/model_is_alive_200_response.go} (58%)
 rename internal/{httpclient/model_inline_response_503.go => httpclient-ory/model_is_ready_503_response.go} (58%)
 create mode 100644 internal/httpclient-ory/model_json_error.go
 create mode 100644 internal/httpclient-ory/model_json_patch.go
 create mode 100644 internal/httpclient-ory/model_login_request.go
 create mode 100644 internal/httpclient-ory/model_message.go
 create mode 100644 internal/httpclient-ory/model_needs_privileged_session_error.go
 create mode 100644 internal/httpclient-ory/model_o_auth2_client.go
 create mode 100644 internal/httpclient-ory/model_open_id_connect_context.go
 create mode 100644 internal/httpclient-ory/model_pagination.go
 create mode 100644 internal/httpclient-ory/model_recovery_identity_address.go
 create mode 100644 internal/httpclient-ory/model_revoked_sessions.go
 create mode 100644 internal/httpclient-ory/model_self_service_browser_location_change_required_error.go
 create mode 100644 internal/httpclient-ory/model_self_service_error.go
 create mode 100644 internal/httpclient-ory/model_self_service_flow_expired_error.go
 create mode 100644 internal/httpclient-ory/model_self_service_login_flow.go
 create mode 100644 internal/httpclient-ory/model_self_service_logout_url.go
 create mode 100644 internal/httpclient-ory/model_self_service_recovery_code.go
 create mode 100644 internal/httpclient-ory/model_self_service_recovery_flow.go
 create mode 100644 internal/httpclient-ory/model_self_service_recovery_flow_state.go
 create mode 100644 internal/httpclient-ory/model_self_service_recovery_link.go
 create mode 100644 internal/httpclient-ory/model_self_service_registration_flow.go
 create mode 100644 internal/httpclient-ory/model_self_service_settings_flow.go
 create mode 100644 internal/httpclient-ory/model_self_service_settings_flow_state.go
 create mode 100644 internal/httpclient-ory/model_self_service_verification_flow.go
 create mode 100644 internal/httpclient-ory/model_self_service_verification_flow_state.go
 create mode 100644 internal/httpclient-ory/model_session.go
 create mode 100644 internal/httpclient-ory/model_session_authentication_method.go
 create mode 100644 internal/httpclient-ory/model_session_device.go
 create mode 100644 internal/httpclient-ory/model_settings_profile_form_config.go
 create mode 100644 internal/httpclient-ory/model_submit_self_service_flow_with_web_authn_registration_method.go
 create mode 100644 internal/httpclient-ory/model_submit_self_service_login_flow_body.go
 create mode 100644 internal/httpclient-ory/model_submit_self_service_login_flow_with_lookup_secret_method_body.go
 create mode 100644 internal/httpclient-ory/model_submit_self_service_login_flow_with_oidc_method_body.go
 create mode 100644 internal/httpclient-ory/model_submit_self_service_login_flow_with_password_method_body.go
 create mode 100644 internal/httpclient-ory/model_submit_self_service_login_flow_with_totp_method_body.go
 create mode 100644 internal/httpclient-ory/model_submit_self_service_login_flow_with_web_authn_method_body.go
 create mode 100644 internal/httpclient-ory/model_submit_self_service_logout_flow_without_browser_body.go
 create mode 100644 internal/httpclient-ory/model_submit_self_service_recovery_flow_body.go
 create mode 100644 internal/httpclient-ory/model_submit_self_service_recovery_flow_with_code_method_body.go
 create mode 100644 internal/httpclient-ory/model_submit_self_service_recovery_flow_with_link_method_body.go
 create mode 100644 internal/httpclient-ory/model_submit_self_service_registration_flow_body.go
 create mode 100644 internal/httpclient-ory/model_submit_self_service_registration_flow_with_oidc_method_body.go
 create mode 100644 internal/httpclient-ory/model_submit_self_service_registration_flow_with_password_method_body.go
 create mode 100644 internal/httpclient-ory/model_submit_self_service_registration_flow_with_web_authn_method_body.go
 create mode 100644 internal/httpclient-ory/model_submit_self_service_settings_flow_body.go
 create mode 100644 internal/httpclient-ory/model_submit_self_service_settings_flow_with_lookup_method_body.go
 create mode 100644 internal/httpclient-ory/model_submit_self_service_settings_flow_with_oidc_method_body.go
 create mode 100644 internal/httpclient-ory/model_submit_self_service_settings_flow_with_password_method_body.go
 create mode 100644 internal/httpclient-ory/model_submit_self_service_settings_flow_with_profile_method_body.go
 create mode 100644 internal/httpclient-ory/model_submit_self_service_settings_flow_with_totp_method_body.go
 create mode 100644 internal/httpclient-ory/model_submit_self_service_settings_flow_with_web_authn_method_body.go
 create mode 100644 internal/httpclient-ory/model_submit_self_service_verification_flow_body.go
 create mode 100644 internal/httpclient-ory/model_submit_self_service_verification_flow_with_link_method_body.go
 create mode 100644 internal/httpclient-ory/model_successful_self_service_login_without_browser.go
 create mode 100644 internal/httpclient-ory/model_successful_self_service_registration_without_browser.go
 create mode 100644 internal/httpclient-ory/model_token_pagination.go
 create mode 100644 internal/httpclient-ory/model_token_pagination_headers.go
 create mode 100644 internal/httpclient-ory/model_ui_container.go
 create mode 100644 internal/httpclient-ory/model_ui_node.go
 create mode 100644 internal/httpclient-ory/model_ui_node_anchor_attributes.go
 create mode 100644 internal/httpclient-ory/model_ui_node_attributes.go
 create mode 100644 internal/httpclient-ory/model_ui_node_image_attributes.go
 create mode 100644 internal/httpclient-ory/model_ui_node_input_attributes.go
 create mode 100644 internal/httpclient-ory/model_ui_node_meta.go
 create mode 100644 internal/httpclient-ory/model_ui_node_script_attributes.go
 create mode 100644 internal/httpclient-ory/model_ui_node_text_attributes.go
 create mode 100644 internal/httpclient-ory/model_ui_text.go
 create mode 100644 internal/httpclient-ory/model_verifiable_identity_address.go
 create mode 100644 internal/httpclient-ory/model_version.go
 create mode 100644 internal/httpclient-ory/response.go
 create mode 100644 internal/httpclient-ory/utils.go
 create mode 100644 internal/httpclient/docs/GetVersion200Response.md
 create mode 100644 internal/httpclient/docs/IsAlive200Response.md
 create mode 100644 internal/httpclient/docs/IsReady503Response.md
 create mode 100644 internal/httpclient/model_get_version_200_response.go
 create mode 100644 internal/httpclient/model_is_alive_200_response.go
 create mode 100644 internal/httpclient/model_is_ready_503_response.go

diff --git a/Makefile b/Makefile
index eec7fcabf0ff..49d4cae2379f 100644
--- a/Makefile
+++ b/Makefile
@@ -111,11 +111,26 @@ sdk: .bin/swagger .bin/ory node_modules
 		-g go \
 		-o "internal/httpclient" \
 		--git-user-id ory \
-		--git-repo-id kratos-client-go \
+		--git-repo-id client-go \
 		--git-host github.com \
 		-t .schema/openapi/templates/go \
 		-c .schema/openapi/gen.go.yml
 
+	(cd internal/httpclient; rm -rf go.mod go.sum test api docs)
+
+	rm -rf internal/httpclient-central
+	mkdir -p internal/httpclient-central/
+	npm run openapi-generator-cli -- generate -i "spec/api.json" \
+		-g go \
+		-o "internal/client-go" \
+		--git-user-id ory \
+		--git-repo-id client-go \
+		--git-host github.com \
+		-t .schema/openapi/templates/go \
+		-c .schema/openapi/gen.go.yml
+
+	(cd internal/client-go; go mod edit -module github.com/ory/client-go go.mod; rm -rf test api docs)
+
 	make format
 
 .PHONY: quickstart
@@ -135,7 +150,7 @@ authors:  # updates the AUTHORS file
 # Formats the code
 .PHONY: format
 format: .bin/goimports .bin/ory node_modules
-	.bin/ory dev headers license --exclude=internal/httpclient
+	.bin/ory dev headers license --exclude=internal/httpclient --exclude=internal/httpclient-ory
 	goimports -w -local github.com/ory .
 	npm exec -- prettier --write 'test/e2e/**/*{.ts,.js}'
 	npm exec -- prettier --write '.github'
diff --git a/cmd/cliclient/client.go b/cmd/cliclient/client.go
index ca0bec6b773d..9c8ea40db76b 100644
--- a/cmd/cliclient/client.go
+++ b/cmd/cliclient/client.go
@@ -5,6 +5,7 @@ package cliclient
 
 import (
 	"fmt"
+	"net/http"
 	"net/url"
 	"os"
 	"time"
@@ -17,7 +18,7 @@ import (
 
 	"github.com/spf13/pflag"
 
-	kratos "github.com/ory/kratos-client-go"
+	kratos "github.com/ory/kratos/internal/httpclient"
 )
 
 const (
@@ -31,9 +32,22 @@ const (
 	ClientContextKey ContextKey = iota + 1
 )
 
+type ClientContext struct {
+	Endpoint   string
+	HTTPClient *http.Client
+}
+
 func NewClient(cmd *cobra.Command) (*kratos.APIClient, error) {
-	if f, ok := cmd.Context().Value(ClientContextKey).(func(cmd *cobra.Command) (*kratos.APIClient, error)); ok {
-		return f(cmd)
+	if f, ok := cmd.Context().Value(ClientContextKey).(func(cmd *cobra.Command) (*ClientContext, error)); ok {
+		cc, err := f(cmd)
+		if err != nil {
+			return nil, err
+		}
+
+		conf := kratos.NewConfiguration()
+		conf.HTTPClient = cc.HTTPClient
+		conf.Servers = kratos.ServerConfigurations{{URL: cc.Endpoint}}
+		return kratos.NewAPIClient(conf), nil
 	} else if f != nil {
 		return nil, errors.Errorf("ClientContextKey was expected to be *client.OryKratos but it contained an invalid type %T ", f)
 	}
diff --git a/cmd/identities/definitions.go b/cmd/identities/definitions.go
index 5897cdd5bc8a..12b98b9540fc 100644
--- a/cmd/identities/definitions.go
+++ b/cmd/identities/definitions.go
@@ -6,7 +6,7 @@ package identities
 import (
 	"strings"
 
-	kratos "github.com/ory/kratos-client-go"
+	kratos "github.com/ory/kratos/internal/httpclient"
 
 	"github.com/ory/x/cmdx"
 )
diff --git a/cmd/identities/get.go b/cmd/identities/get.go
index 1e0ad9a939f9..474067e13eac 100644
--- a/cmd/identities/get.go
+++ b/cmd/identities/get.go
@@ -6,7 +6,7 @@ package identities
 import (
 	"fmt"
 
-	kratos "github.com/ory/kratos-client-go"
+	kratos "github.com/ory/kratos/internal/httpclient"
 	"github.com/ory/kratos/x"
 	"github.com/ory/x/cmdx"
 	"github.com/ory/x/stringsx"
diff --git a/cmd/identities/import.go b/cmd/identities/import.go
index e8c8b262c595..53a8bb87dea4 100644
--- a/cmd/identities/import.go
+++ b/cmd/identities/import.go
@@ -7,7 +7,7 @@ import (
 	"encoding/json"
 	"fmt"
 
-	kratos "github.com/ory/kratos-client-go"
+	kratos "github.com/ory/kratos/internal/httpclient"
 
 	"github.com/ory/x/cmdx"
 
diff --git a/cmd/identities/import_test.go b/cmd/identities/import_test.go
index 34021f7f661c..f8d91186482a 100644
--- a/cmd/identities/import_test.go
+++ b/cmd/identities/import_test.go
@@ -17,8 +17,8 @@ import (
 	"github.com/stretchr/testify/require"
 	"github.com/tidwall/gjson"
 
-	kratos "github.com/ory/kratos-client-go"
 	"github.com/ory/kratos/driver/config"
+	kratos "github.com/ory/kratos/internal/httpclient"
 )
 
 func TestImportCmd(t *testing.T) {
diff --git a/examples/go/identity/create/main.go b/examples/go/identity/create/main.go
index 911da8d67dd0..4a46856b3cab 100644
--- a/examples/go/identity/create/main.go
+++ b/examples/go/identity/create/main.go
@@ -6,7 +6,7 @@ package main
 import (
 	"context"
 
-	ory "github.com/ory/kratos-client-go"
+	ory "github.com/ory/client-go"
 	"github.com/ory/kratos/examples/go/pkg"
 	"github.com/ory/kratos/x"
 )
diff --git a/examples/go/identity/get/main.go b/examples/go/identity/get/main.go
index d4e8fefc89c4..b36cf8a30176 100644
--- a/examples/go/identity/get/main.go
+++ b/examples/go/identity/get/main.go
@@ -6,7 +6,7 @@ package main
 import (
 	"context"
 
-	ory "github.com/ory/kratos-client-go"
+	ory "github.com/ory/client-go"
 	"github.com/ory/kratos/examples/go/pkg"
 )
 
diff --git a/examples/go/identity/update/main.go b/examples/go/identity/update/main.go
index ea840c899a10..c976e87ff799 100644
--- a/examples/go/identity/update/main.go
+++ b/examples/go/identity/update/main.go
@@ -6,7 +6,7 @@ package main
 import (
 	"context"
 
-	ory "github.com/ory/kratos-client-go"
+	ory "github.com/ory/client-go"
 	"github.com/ory/kratos/examples/go/pkg"
 	"github.com/ory/kratos/x"
 )
diff --git a/examples/go/pkg/common.go b/examples/go/pkg/common.go
index 37fe3d0a2ab3..d2edd7f14521 100644
--- a/examples/go/pkg/common.go
+++ b/examples/go/pkg/common.go
@@ -15,7 +15,7 @@ import (
 
 	"github.com/ory/kratos/internal/testhelpers"
 
-	ory "github.com/ory/kratos-client-go"
+	ory "github.com/ory/client-go"
 )
 
 func PrintJSONPretty(v interface{}) {
diff --git a/examples/go/pkg/resources.go b/examples/go/pkg/resources.go
index 8ded1e1c6658..556b18c82ad7 100644
--- a/examples/go/pkg/resources.go
+++ b/examples/go/pkg/resources.go
@@ -10,7 +10,7 @@ import (
 
 	"github.com/google/uuid"
 
-	ory "github.com/ory/kratos-client-go"
+	ory "github.com/ory/client-go"
 )
 
 func RandomCredentials() (email, password string) {
diff --git a/examples/go/selfservice/error/main.go b/examples/go/selfservice/error/main.go
index f06840017efe..1c2516f1cb25 100644
--- a/examples/go/selfservice/error/main.go
+++ b/examples/go/selfservice/error/main.go
@@ -6,7 +6,7 @@ package main
 import (
 	"github.com/ory/kratos/examples/go/pkg"
 
-	ory "github.com/ory/kratos-client-go"
+	ory "github.com/ory/client-go"
 )
 
 // If you use Open Source this would be:
diff --git a/examples/go/selfservice/login/main.go b/examples/go/selfservice/login/main.go
index e7bd868600c7..72c8dc657271 100644
--- a/examples/go/selfservice/login/main.go
+++ b/examples/go/selfservice/login/main.go
@@ -8,7 +8,7 @@ import (
 
 	"github.com/ory/kratos/examples/go/pkg"
 
-	ory "github.com/ory/kratos-client-go"
+	ory "github.com/ory/client-go"
 )
 
 // If you use Open Source this would be:
diff --git a/examples/go/selfservice/logout/main.go b/examples/go/selfservice/logout/main.go
index aad0ca255dbf..9842abcdc51c 100644
--- a/examples/go/selfservice/logout/main.go
+++ b/examples/go/selfservice/logout/main.go
@@ -8,7 +8,7 @@ import (
 
 	"github.com/ory/kratos/examples/go/pkg"
 
-	ory "github.com/ory/kratos-client-go"
+	ory "github.com/ory/client-go"
 )
 
 // If you use Open Source this would be:
diff --git a/examples/go/selfservice/recovery/main.go b/examples/go/selfservice/recovery/main.go
index 1986bba60771..c39c7845e886 100644
--- a/examples/go/selfservice/recovery/main.go
+++ b/examples/go/selfservice/recovery/main.go
@@ -8,7 +8,7 @@ import (
 
 	"github.com/ory/kratos/examples/go/pkg"
 
-	ory "github.com/ory/kratos-client-go"
+	ory "github.com/ory/client-go"
 )
 
 // If you use Open Source this would be:
diff --git a/examples/go/selfservice/recovery/main_test.go b/examples/go/selfservice/recovery/main_test.go
index 0324a4e432a1..0878735f4f66 100644
--- a/examples/go/selfservice/recovery/main_test.go
+++ b/examples/go/selfservice/recovery/main_test.go
@@ -6,17 +6,13 @@ package main
 import (
 	"testing"
 
-	ory "github.com/ory/kratos-client-go"
-
-	"github.com/stretchr/testify/assert"
-
 	"github.com/google/uuid"
-
-	"github.com/ory/kratos/internal/testhelpers"
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
 
 	"github.com/ory/kratos/examples/go/pkg"
-
-	"github.com/stretchr/testify/require"
+	ory "github.com/ory/kratos/internal/httpclient"
+	"github.com/ory/kratos/internal/testhelpers"
 )
 
 func TestFunc(t *testing.T) {
@@ -25,5 +21,5 @@ func TestFunc(t *testing.T) {
 
 	flow := performRecovery("dev+" + uuid.New().String() + "@ory.sh")
 	require.NotEmpty(t, flow.Id)
-	assert.Equal(t, ory.SELFSERVICERECOVERYFLOWSTATE_SENT_EMAIL, flow.State)
+	assert.EqualValues(t, ory.SELFSERVICERECOVERYFLOWSTATE_SENT_EMAIL, flow.State)
 }
diff --git a/examples/go/selfservice/registration/main.go b/examples/go/selfservice/registration/main.go
index 74b44c479d28..8270237c0677 100644
--- a/examples/go/selfservice/registration/main.go
+++ b/examples/go/selfservice/registration/main.go
@@ -8,7 +8,7 @@ import (
 
 	"github.com/ory/kratos/examples/go/pkg"
 
-	ory "github.com/ory/kratos-client-go"
+	ory "github.com/ory/client-go"
 )
 
 // If you use Open Source this would be:
diff --git a/examples/go/selfservice/settings/main.go b/examples/go/selfservice/settings/main.go
index af979aa3337f..d4f4eef74f59 100644
--- a/examples/go/selfservice/settings/main.go
+++ b/examples/go/selfservice/settings/main.go
@@ -8,7 +8,7 @@ import (
 
 	"github.com/ory/kratos/examples/go/pkg"
 
-	ory "github.com/ory/kratos-client-go"
+	ory "github.com/ory/client-go"
 )
 
 // If you use Open Source this would be:
diff --git a/examples/go/selfservice/settings/main_test.go b/examples/go/selfservice/settings/main_test.go
index 7e49b1bb9c7b..ef4865972a3c 100644
--- a/examples/go/selfservice/settings/main_test.go
+++ b/examples/go/selfservice/settings/main_test.go
@@ -6,7 +6,7 @@ package main
 import (
 	"testing"
 
-	ory "github.com/ory/kratos-client-go"
+	ory "github.com/ory/kratos/internal/httpclient"
 
 	"github.com/stretchr/testify/assert"
 
@@ -24,11 +24,11 @@ func TestSettings(t *testing.T) {
 	email, password := pkg.RandomCredentials()
 	result := changePassword(email, password)
 	require.NotEmpty(t, result.Id)
-	assert.Equal(t, ory.SELFSERVICESETTINGSFLOWSTATE_SUCCESS, result.State)
+	assert.EqualValues(t, ory.SELFSERVICESETTINGSFLOWSTATE_SUCCESS, result.State)
 
 	email, password = pkg.RandomCredentials()
 	result = changeTraits(email, password)
 	require.NotEmpty(t, result.Id)
-	assert.Equal(t, ory.SELFSERVICESETTINGSFLOWSTATE_SUCCESS, result.State)
+	assert.EqualValues(t, ory.SELFSERVICESETTINGSFLOWSTATE_SUCCESS, result.State)
 	assert.Equal(t, "not-"+email, result.Identity.Traits.(map[string]interface{})["email"].(string))
 }
diff --git a/examples/go/selfservice/verification/main.go b/examples/go/selfservice/verification/main.go
index c6eba8114159..39229494eb4b 100644
--- a/examples/go/selfservice/verification/main.go
+++ b/examples/go/selfservice/verification/main.go
@@ -8,7 +8,7 @@ import (
 
 	"github.com/ory/kratos/examples/go/pkg"
 
-	ory "github.com/ory/kratos-client-go"
+	ory "github.com/ory/client-go"
 )
 
 // If you use Open Source this would be:
diff --git a/examples/go/selfservice/verification/main_test.go b/examples/go/selfservice/verification/main_test.go
index 88be9b79e2af..8439c1468e71 100644
--- a/examples/go/selfservice/verification/main_test.go
+++ b/examples/go/selfservice/verification/main_test.go
@@ -6,17 +6,13 @@ package main
 import (
 	"testing"
 
-	ory "github.com/ory/kratos-client-go"
-
-	"github.com/stretchr/testify/assert"
-
 	"github.com/google/uuid"
-
-	"github.com/ory/kratos/internal/testhelpers"
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
 
 	"github.com/ory/kratos/examples/go/pkg"
-
-	"github.com/stretchr/testify/require"
+	ory "github.com/ory/kratos/internal/httpclient"
+	"github.com/ory/kratos/internal/testhelpers"
 )
 
 func TestFunc(t *testing.T) {
@@ -25,5 +21,5 @@ func TestFunc(t *testing.T) {
 
 	flow := performVerification("dev+" + uuid.New().String() + "@ory.sh")
 	require.NotEmpty(t, flow.Id)
-	assert.Equal(t, ory.SELFSERVICEVERIFICATIONFLOWSTATE_SENT_EMAIL, flow.State)
+	assert.EqualValues(t, ory.SELFSERVICEVERIFICATIONFLOWSTATE_SENT_EMAIL, flow.State)
 }
diff --git a/examples/go/session/tosession/main.go b/examples/go/session/tosession/main.go
index 61e3a81d1d8d..ab3682567914 100644
--- a/examples/go/session/tosession/main.go
+++ b/examples/go/session/tosession/main.go
@@ -6,7 +6,7 @@ package main
 import (
 	"github.com/ory/kratos/examples/go/pkg"
 
-	ory "github.com/ory/kratos-client-go"
+	ory "github.com/ory/client-go"
 )
 
 // If you use Open Source this would be:
diff --git a/go.mod b/go.mod
index ed09ccc2166c..70efcf1b3a53 100644
--- a/go.mod
+++ b/go.mod
@@ -6,14 +6,14 @@ replace (
 	github.com/bradleyjkemp/cupaloy/v2 => github.com/aeneasr/cupaloy/v2 v2.6.1-0.20210924214125-3dfdd01210a3
 	github.com/gorilla/sessions => github.com/ory/sessions v1.2.2-0.20220110165800-b09c17334dc2
 	github.com/knadh/koanf => github.com/aeneasr/koanf v0.14.1-0.20211230115640-aa3902b3267a
-	// github.com/luna-duclos/instrumentedsql => github.com/ory/instrumentedsql v1.2.0
-	// github.com/luna-duclos/instrumentedsql/opentracing => github.com/ory/instrumentedsql/opentracing v0.0.0-20210903114257-c8963b546c5c
+
 	github.com/mattn/go-sqlite3 => github.com/mattn/go-sqlite3 v1.14.7-0.20210414154423-1157a4212dcb
 	github.com/oleiade/reflections => github.com/oleiade/reflections v1.0.1
+
+	github.com/ory/client-go => ./internal/httpclient-ory
+
 	// Use the internal httpclient which can be generated in this codebase but mark it as the
 	// official SDK, allowing for the Ory CLI to consume Ory Kratos' CLI commands.
-	github.com/ory/kratos-client-go => ./internal/httpclient
-
 	go.mongodb.org/mongo-driver => go.mongodb.org/mongo-driver v1.4.6
 	golang.org/x/sys => golang.org/x/sys v0.0.0-20220319134239-a9b59b0215f8
 	gopkg.in/DataDog/dd-trace-go.v1 => gopkg.in/DataDog/dd-trace-go.v1 v1.27.1-0.20201005154917-54b73b3e126a
@@ -67,14 +67,14 @@ require (
 	github.com/mohae/deepcopy v0.0.0-20170929034955-c48cc78d4826
 	github.com/montanaflynn/stats v0.0.0-20171201202039-1bf9dbcd8cbe
 	github.com/ory/analytics-go/v4 v4.0.3
+	github.com/ory/client-go v0.2.0-alpha.60
 	github.com/ory/dockertest/v3 v3.9.1
 	github.com/ory/go-acc v0.2.8
 	github.com/ory/go-convenience v0.1.0
 	github.com/ory/graceful v0.1.3
 	github.com/ory/herodot v0.9.13
-	github.com/ory/hydra-client-go v1.11.8
+	github.com/ory/hydra-client-go v1.11.9-0.20221102130300-f558e85344c8
 	github.com/ory/jsonschema/v3 v3.0.7
-	github.com/ory/kratos-client-go v0.6.3-alpha.1
 	github.com/ory/mail/v3 v3.0.0
 	github.com/ory/nosurf v1.2.7
 	github.com/ory/x v0.0.513
diff --git a/go.sum b/go.sum
index e44f8edc9a22..b526ba6abcee 100644
--- a/go.sum
+++ b/go.sum
@@ -1126,8 +1126,8 @@ github.com/ory/graceful v0.1.3 h1:FaeXcHZh168WzS+bqruqWEw/HgXWLdNv2nJ+fbhxbhc=
 github.com/ory/graceful v0.1.3/go.mod h1:4zFz687IAF7oNHHiB586U4iL+/4aV09o/PYLE34t2bA=
 github.com/ory/herodot v0.9.13 h1:cN/Z4eOkErl/9W7hDIDLb79IO/bfsH+8yscBjRpB4IU=
 github.com/ory/herodot v0.9.13/go.mod h1:IWDs9kSvFQqw/cQ8zi5ksyYvITiUU4dI7glUrhZcJYo=
-github.com/ory/hydra-client-go v1.11.8 h1:GwJjvH/DBcfYzoST4vUpi4pIRzDGH5oODKpIVuhwVyc=
-github.com/ory/hydra-client-go v1.11.8/go.mod h1:4YuBuwUEC4yiyDrnKjGYc1tB3gUXan4ZiUYMjXJbfxA=
+github.com/ory/hydra-client-go v1.11.9-0.20221102130300-f558e85344c8 h1:lxE11nBH6k0DvE1GMhWnZewGLAqVMSDj7cUhdHr9BHI=
+github.com/ory/hydra-client-go v1.11.9-0.20221102130300-f558e85344c8/go.mod h1:4YuBuwUEC4yiyDrnKjGYc1tB3gUXan4ZiUYMjXJbfxA=
 github.com/ory/jsonschema/v3 v3.0.7 h1:GQ9qfZDiJqs4l2d3p56dozCChvejQFZyLKGHYzDzOSo=
 github.com/ory/jsonschema/v3 v3.0.7/go.mod h1:g8c8YOtN4TrR2wYeMdT02GDmzJDI0fEW2nI26BECafY=
 github.com/ory/mail v2.3.1+incompatible/go.mod h1:87D9/1gB6ewElQoN0lXJ0ayfqcj3cW3qCTXh+5E9mfU=
@@ -1139,8 +1139,8 @@ github.com/ory/sessions v1.2.2-0.20220110165800-b09c17334dc2 h1:zm6sDvHy/U9XrGpi
 github.com/ory/sessions v1.2.2-0.20220110165800-b09c17334dc2/go.mod h1:dk2InVEVJ0sfLlnXv9EAgkf6ecYs/i80K/zI+bUmuGM=
 github.com/ory/viper v1.7.5 h1:+xVdq7SU3e1vNaCsk/ixsfxE4zylk1TJUiJrY647jUE=
 github.com/ory/viper v1.7.5/go.mod h1:ypOuyJmEUb3oENywQZRgeAMwqgOyDqwboO1tj3DjTaM=
-github.com/ory/x v0.0.513 h1:45AruNHDwqhTvNtMnQy2/wYooMv+raVhuOP454mV/Os=
-github.com/ory/x v0.0.513/go.mod h1:xUtRpoiRARyJNPVk/fcCNKzyp25Foxt9GPlj8pd7egY=
+github.com/ory/x v0.0.511-0.20221108105728-3fed9bc99daf h1:sPEIGYHzmEu4tPiRUYgKfXPOAqneNuB1aaKvrT6aBXE=
+github.com/ory/x v0.0.511-0.20221108105728-3fed9bc99daf/go.mod h1:xUtRpoiRARyJNPVk/fcCNKzyp25Foxt9GPlj8pd7egY=
 github.com/otiai10/copy v1.2.0/go.mod h1:rrF5dJ5F0t/EWSYODDu4j9/vEeYHMkc8jt0zJChqQWw=
 github.com/otiai10/curr v0.0.0-20150429015615-9b4961190c95/go.mod h1:9qAhocn7zKJG+0mI8eUu6xqkFDYS2kb2saOteoSB3cE=
 github.com/otiai10/curr v1.0.0/go.mod h1:LskTG5wDwr8Rs+nNQ+1LlxRjAtTZZjtJW4rMXl6j4vs=
diff --git a/hydra/fake.go b/hydra/fake.go
index 293261556d50..35d15d38643c 100644
--- a/hydra/fake.go
+++ b/hydra/fake.go
@@ -36,12 +36,12 @@ func (h *FakeHydra) AcceptLoginRequest(ctx context.Context, hlc uuid.UUID, sub s
 	}
 }
 
-func (h *FakeHydra) GetLoginRequest(ctx context.Context, hlc uuid.NullUUID) (*hydraclientgo.LoginRequest, error) {
+func (h *FakeHydra) GetLoginRequest(ctx context.Context, hlc uuid.NullUUID) (*hydraclientgo.OAuth2LoginRequest, error) {
 	switch hlc.UUID.String() {
 	case FAKE_ACCEPT_REQUEST_FAIL:
-		return &hydraclientgo.LoginRequest{}, nil
+		return &hydraclientgo.OAuth2LoginRequest{}, nil
 	case FAKE_SUCCESS:
-		return &hydraclientgo.LoginRequest{}, nil
+		return &hydraclientgo.OAuth2LoginRequest{}, nil
 	default:
 		panic("unknown fake login_challenge " + hlc.UUID.String())
 	}
diff --git a/hydra/hydra.go b/hydra/hydra.go
index fcda69d25aa3..bc8455ac8026 100644
--- a/hydra/hydra.go
+++ b/hydra/hydra.go
@@ -31,7 +31,7 @@ type (
 	}
 	Hydra interface {
 		AcceptLoginRequest(ctx context.Context, hlc uuid.UUID, sub string, amr session.AuthenticationMethods) (string, error)
-		GetLoginRequest(ctx context.Context, hlc uuid.NullUUID) (*hydraclientgo.LoginRequest, error)
+		GetLoginRequest(ctx context.Context, hlc uuid.NullUUID) (*hydraclientgo.OAuth2LoginRequest, error)
 	}
 	DefaultHydra struct {
 		d hydraDependencies
@@ -67,7 +67,7 @@ func (h *DefaultHydra) getAdminURL(ctx context.Context) (string, error) {
 	return u.String(), nil
 }
 
-func (h *DefaultHydra) getAdminAPIClient(ctx context.Context) (hydraclientgo.AdminApi, error) {
+func (h *DefaultHydra) getAdminAPIClient(ctx context.Context) (hydraclientgo.OAuth2Api, error) {
 	url, err := h.getAdminURL(ctx)
 	if err != nil {
 		return nil, err
@@ -82,14 +82,14 @@ func (h *DefaultHydra) getAdminAPIClient(ctx context.Context) (hydraclientgo.Adm
 	}
 
 	configuration.HTTPClient = client
-	return hydraclientgo.NewAPIClient(configuration).AdminApi, nil
+	return hydraclientgo.NewAPIClient(configuration).OAuth2Api, nil
 }
 
 func (h *DefaultHydra) AcceptLoginRequest(ctx context.Context, hlc uuid.UUID, sub string, amr session.AuthenticationMethods) (string, error) {
 	remember := h.d.Config().SessionPersistentCookie(ctx)
 	rememberFor := int64(h.d.Config().SessionLifespan(ctx) / time.Second)
 
-	alr := hydraclientgo.NewAcceptLoginRequest(sub)
+	alr := hydraclientgo.NewAcceptOAuth2LoginRequest(sub)
 	alr.Remember = &remember
 	alr.RememberFor = &rememberFor
 	alr.Amr = []string{}
@@ -102,7 +102,7 @@ func (h *DefaultHydra) AcceptLoginRequest(ctx context.Context, hlc uuid.UUID, su
 		return "", err
 	}
 
-	resp, r, err := aa.AcceptLoginRequest(ctx).LoginChallenge(fmt.Sprintf("%x", hlc)).AcceptLoginRequest(*alr).Execute()
+	resp, r, err := aa.AcceptOAuth2LoginRequest(ctx).LoginChallenge(fmt.Sprintf("%x", hlc)).AcceptOAuth2LoginRequest(*alr).Execute()
 	if err != nil {
 		innerErr := herodot.ErrInternalServerError.WithWrap(err).WithReasonf("Unable to accept OAuth 2.0 Login Challenge.")
 		if r != nil {
@@ -116,7 +116,7 @@ func (h *DefaultHydra) AcceptLoginRequest(ctx context.Context, hlc uuid.UUID, su
 	return resp.RedirectTo, nil
 }
 
-func (h *DefaultHydra) GetLoginRequest(ctx context.Context, hlc uuid.NullUUID) (*hydraclientgo.LoginRequest, error) {
+func (h *DefaultHydra) GetLoginRequest(ctx context.Context, hlc uuid.NullUUID) (*hydraclientgo.OAuth2LoginRequest, error) {
 	if !hlc.Valid {
 		return nil, errors.WithStack(herodot.ErrBadRequest.WithReason("invalid login_challenge"))
 	}
@@ -126,7 +126,7 @@ func (h *DefaultHydra) GetLoginRequest(ctx context.Context, hlc uuid.NullUUID) (
 		return nil, err
 	}
 
-	hlr, r, err := aa.GetLoginRequest(ctx).LoginChallenge(fmt.Sprintf("%x", hlc.UUID)).Execute()
+	hlr, r, err := aa.GetOAuth2LoginRequest(ctx).LoginChallenge(fmt.Sprintf("%x", hlc.UUID)).Execute()
 	if err != nil {
 		innerErr := herodot.ErrInternalServerError.WithWrap(err).WithReasonf("Unable to get OAuth 2.0 Login Challenge.")
 		if r != nil {
diff --git a/internal/client-go/.gitignore b/internal/client-go/.gitignore
new file mode 100644
index 000000000000..daf913b1b347
--- /dev/null
+++ b/internal/client-go/.gitignore
@@ -0,0 +1,24 @@
+# Compiled Object files, Static and Dynamic libs (Shared Objects)
+*.o
+*.a
+*.so
+
+# Folders
+_obj
+_test
+
+# Architecture specific extensions/prefixes
+*.[568vq]
+[568vq].out
+
+*.cgo1.go
+*.cgo2.c
+_cgo_defun.c
+_cgo_gotypes.go
+_cgo_export.*
+
+_testmain.go
+
+*.exe
+*.test
+*.prof
diff --git a/internal/client-go/.openapi-generator-ignore b/internal/client-go/.openapi-generator-ignore
new file mode 100644
index 000000000000..7484ee590a38
--- /dev/null
+++ b/internal/client-go/.openapi-generator-ignore
@@ -0,0 +1,23 @@
+# OpenAPI Generator Ignore
+# Generated by openapi-generator https://github.com/openapitools/openapi-generator
+
+# Use this file to prevent files from being overwritten by the generator.
+# The patterns follow closely to .gitignore or .dockerignore.
+
+# As an example, the C# client generator defines ApiClient.cs.
+# You can make changes and tell OpenAPI Generator to ignore just this file by uncommenting the following line:
+#ApiClient.cs
+
+# You can match any string of characters against a directory, file or extension with a single asterisk (*):
+#foo/*/qux
+# The above matches foo/bar/qux and foo/baz/qux, but not foo/bar/baz/qux
+
+# You can recursively match patterns against a directory, file or extension with a double asterisk (**):
+#foo/**/qux
+# This matches foo/bar/qux, foo/baz/qux, and foo/bar/baz/qux
+
+# You can also negate patterns with an exclamation (!).
+# For example, you can ignore all files in a docs folder with the file extension .md:
+#docs/*.md
+# Then explicitly reverse the ignore rule for a single file:
+#!docs/README.md
diff --git a/internal/client-go/.openapi-generator/FILES b/internal/client-go/.openapi-generator/FILES
new file mode 100644
index 000000000000..26dab1ea383a
--- /dev/null
+++ b/internal/client-go/.openapi-generator/FILES
@@ -0,0 +1,210 @@
+.gitignore
+.openapi-generator-ignore
+.travis.yml
+README.md
+api/openapi.yaml
+api_metadata.go
+api_v0alpha2.go
+client.go
+configuration.go
+docs/AdminCreateIdentityBody.md
+docs/AdminCreateIdentityImportCredentialsOidc.md
+docs/AdminCreateIdentityImportCredentialsOidcConfig.md
+docs/AdminCreateIdentityImportCredentialsOidcProvider.md
+docs/AdminCreateIdentityImportCredentialsPassword.md
+docs/AdminCreateIdentityImportCredentialsPasswordConfig.md
+docs/AdminCreateSelfServiceRecoveryCodeBody.md
+docs/AdminCreateSelfServiceRecoveryLinkBody.md
+docs/AdminIdentityImportCredentials.md
+docs/AdminUpdateIdentityBody.md
+docs/AuthenticatorAssuranceLevel.md
+docs/CourierMessageStatus.md
+docs/CourierMessageType.md
+docs/ErrorAuthenticatorAssuranceLevelNotSatisfied.md
+docs/GenericError.md
+docs/GetVersion200Response.md
+docs/HealthNotReadyStatus.md
+docs/HealthStatus.md
+docs/Identity.md
+docs/IdentityCredentials.md
+docs/IdentityCredentialsOidc.md
+docs/IdentityCredentialsOidcProvider.md
+docs/IdentityCredentialsPassword.md
+docs/IdentityCredentialsType.md
+docs/IdentitySchemaContainer.md
+docs/IdentityState.md
+docs/IsAlive200Response.md
+docs/IsReady503Response.md
+docs/JsonError.md
+docs/JsonPatch.md
+docs/LoginRequest.md
+docs/Message.md
+docs/MetadataApi.md
+docs/NeedsPrivilegedSessionError.md
+docs/OAuth2Client.md
+docs/OpenIDConnectContext.md
+docs/Pagination.md
+docs/RecoveryIdentityAddress.md
+docs/RevokedSessions.md
+docs/SelfServiceBrowserLocationChangeRequiredError.md
+docs/SelfServiceError.md
+docs/SelfServiceFlowExpiredError.md
+docs/SelfServiceLoginFlow.md
+docs/SelfServiceLogoutUrl.md
+docs/SelfServiceRecoveryCode.md
+docs/SelfServiceRecoveryFlow.md
+docs/SelfServiceRecoveryFlowState.md
+docs/SelfServiceRecoveryLink.md
+docs/SelfServiceRegistrationFlow.md
+docs/SelfServiceSettingsFlow.md
+docs/SelfServiceSettingsFlowState.md
+docs/SelfServiceVerificationFlow.md
+docs/SelfServiceVerificationFlowState.md
+docs/Session.md
+docs/SessionAuthenticationMethod.md
+docs/SessionDevice.md
+docs/SettingsProfileFormConfig.md
+docs/SubmitSelfServiceFlowWithWebAuthnRegistrationMethod.md
+docs/SubmitSelfServiceLoginFlowBody.md
+docs/SubmitSelfServiceLoginFlowWithLookupSecretMethodBody.md
+docs/SubmitSelfServiceLoginFlowWithOidcMethodBody.md
+docs/SubmitSelfServiceLoginFlowWithPasswordMethodBody.md
+docs/SubmitSelfServiceLoginFlowWithTotpMethodBody.md
+docs/SubmitSelfServiceLoginFlowWithWebAuthnMethodBody.md
+docs/SubmitSelfServiceLogoutFlowWithoutBrowserBody.md
+docs/SubmitSelfServiceRecoveryFlowBody.md
+docs/SubmitSelfServiceRecoveryFlowWithCodeMethodBody.md
+docs/SubmitSelfServiceRecoveryFlowWithLinkMethodBody.md
+docs/SubmitSelfServiceRegistrationFlowBody.md
+docs/SubmitSelfServiceRegistrationFlowWithOidcMethodBody.md
+docs/SubmitSelfServiceRegistrationFlowWithPasswordMethodBody.md
+docs/SubmitSelfServiceRegistrationFlowWithWebAuthnMethodBody.md
+docs/SubmitSelfServiceSettingsFlowBody.md
+docs/SubmitSelfServiceSettingsFlowWithLookupMethodBody.md
+docs/SubmitSelfServiceSettingsFlowWithOidcMethodBody.md
+docs/SubmitSelfServiceSettingsFlowWithPasswordMethodBody.md
+docs/SubmitSelfServiceSettingsFlowWithProfileMethodBody.md
+docs/SubmitSelfServiceSettingsFlowWithTotpMethodBody.md
+docs/SubmitSelfServiceSettingsFlowWithWebAuthnMethodBody.md
+docs/SubmitSelfServiceVerificationFlowBody.md
+docs/SubmitSelfServiceVerificationFlowWithLinkMethodBody.md
+docs/SuccessfulSelfServiceLoginWithoutBrowser.md
+docs/SuccessfulSelfServiceRegistrationWithoutBrowser.md
+docs/TokenPagination.md
+docs/TokenPaginationHeaders.md
+docs/UiContainer.md
+docs/UiNode.md
+docs/UiNodeAnchorAttributes.md
+docs/UiNodeAttributes.md
+docs/UiNodeImageAttributes.md
+docs/UiNodeInputAttributes.md
+docs/UiNodeMeta.md
+docs/UiNodeScriptAttributes.md
+docs/UiNodeTextAttributes.md
+docs/UiText.md
+docs/V0alpha2Api.md
+docs/VerifiableIdentityAddress.md
+docs/Version.md
+git_push.sh
+go.mod
+go.sum
+model_admin_create_identity_body.go
+model_admin_create_identity_import_credentials_oidc.go
+model_admin_create_identity_import_credentials_oidc_config.go
+model_admin_create_identity_import_credentials_oidc_provider.go
+model_admin_create_identity_import_credentials_password.go
+model_admin_create_identity_import_credentials_password_config.go
+model_admin_create_self_service_recovery_code_body.go
+model_admin_create_self_service_recovery_link_body.go
+model_admin_identity_import_credentials.go
+model_admin_update_identity_body.go
+model_authenticator_assurance_level.go
+model_courier_message_status.go
+model_courier_message_type.go
+model_error_authenticator_assurance_level_not_satisfied.go
+model_generic_error.go
+model_get_version_200_response.go
+model_health_not_ready_status.go
+model_health_status.go
+model_identity.go
+model_identity_credentials.go
+model_identity_credentials_oidc.go
+model_identity_credentials_oidc_provider.go
+model_identity_credentials_password.go
+model_identity_credentials_type.go
+model_identity_schema_container.go
+model_identity_state.go
+model_is_alive_200_response.go
+model_is_ready_503_response.go
+model_json_error.go
+model_json_patch.go
+model_login_request.go
+model_message.go
+model_needs_privileged_session_error.go
+model_o_auth2_client.go
+model_open_id_connect_context.go
+model_pagination.go
+model_recovery_identity_address.go
+model_revoked_sessions.go
+model_self_service_browser_location_change_required_error.go
+model_self_service_error.go
+model_self_service_flow_expired_error.go
+model_self_service_login_flow.go
+model_self_service_logout_url.go
+model_self_service_recovery_code.go
+model_self_service_recovery_flow.go
+model_self_service_recovery_flow_state.go
+model_self_service_recovery_link.go
+model_self_service_registration_flow.go
+model_self_service_settings_flow.go
+model_self_service_settings_flow_state.go
+model_self_service_verification_flow.go
+model_self_service_verification_flow_state.go
+model_session.go
+model_session_authentication_method.go
+model_session_device.go
+model_settings_profile_form_config.go
+model_submit_self_service_flow_with_web_authn_registration_method.go
+model_submit_self_service_login_flow_body.go
+model_submit_self_service_login_flow_with_lookup_secret_method_body.go
+model_submit_self_service_login_flow_with_oidc_method_body.go
+model_submit_self_service_login_flow_with_password_method_body.go
+model_submit_self_service_login_flow_with_totp_method_body.go
+model_submit_self_service_login_flow_with_web_authn_method_body.go
+model_submit_self_service_logout_flow_without_browser_body.go
+model_submit_self_service_recovery_flow_body.go
+model_submit_self_service_recovery_flow_with_code_method_body.go
+model_submit_self_service_recovery_flow_with_link_method_body.go
+model_submit_self_service_registration_flow_body.go
+model_submit_self_service_registration_flow_with_oidc_method_body.go
+model_submit_self_service_registration_flow_with_password_method_body.go
+model_submit_self_service_registration_flow_with_web_authn_method_body.go
+model_submit_self_service_settings_flow_body.go
+model_submit_self_service_settings_flow_with_lookup_method_body.go
+model_submit_self_service_settings_flow_with_oidc_method_body.go
+model_submit_self_service_settings_flow_with_password_method_body.go
+model_submit_self_service_settings_flow_with_profile_method_body.go
+model_submit_self_service_settings_flow_with_totp_method_body.go
+model_submit_self_service_settings_flow_with_web_authn_method_body.go
+model_submit_self_service_verification_flow_body.go
+model_submit_self_service_verification_flow_with_link_method_body.go
+model_successful_self_service_login_without_browser.go
+model_successful_self_service_registration_without_browser.go
+model_token_pagination.go
+model_token_pagination_headers.go
+model_ui_container.go
+model_ui_node.go
+model_ui_node_anchor_attributes.go
+model_ui_node_attributes.go
+model_ui_node_image_attributes.go
+model_ui_node_input_attributes.go
+model_ui_node_meta.go
+model_ui_node_script_attributes.go
+model_ui_node_text_attributes.go
+model_ui_text.go
+model_verifiable_identity_address.go
+model_version.go
+response.go
+test/api_metadata_test.go
+test/api_v0alpha2_test.go
+utils.go
diff --git a/internal/client-go/.openapi-generator/VERSION b/internal/client-go/.openapi-generator/VERSION
new file mode 100644
index 000000000000..0df17dd0f6a3
--- /dev/null
+++ b/internal/client-go/.openapi-generator/VERSION
@@ -0,0 +1 @@
+6.2.1
\ No newline at end of file
diff --git a/internal/client-go/.travis.yml b/internal/client-go/.travis.yml
new file mode 100644
index 000000000000..f5cb2ce9a5aa
--- /dev/null
+++ b/internal/client-go/.travis.yml
@@ -0,0 +1,8 @@
+language: go
+
+install:
+  - go get -d -v .
+
+script:
+  - go build -v ./
+
diff --git a/internal/client-go/README.md b/internal/client-go/README.md
new file mode 100644
index 000000000000..193b41ff05c6
--- /dev/null
+++ b/internal/client-go/README.md
@@ -0,0 +1,268 @@
+# Go API client for client
+
+Documentation for all public and administrative Ory Kratos APIs. Public and administrative APIs
+are exposed on different ports. Public APIs can face the public internet without any protection
+while administrative APIs should never be exposed without prior authorization. To protect
+the administative API port you should use something like Nginx, Ory Oathkeeper, or any other
+technology capable of authorizing incoming requests.
+
+
+## Overview
+This API client was generated by the [OpenAPI Generator](https://openapi-generator.tech) project.  By using the [OpenAPI-spec](https://www.openapis.org/) from a remote server, you can easily generate an API client.
+
+- API version: 
+- Package version: 1.0.0
+- Build package: org.openapitools.codegen.languages.GoClientCodegen
+
+## Installation
+
+Install the following dependencies:
+
+```shell
+go get github.com/stretchr/testify/assert
+go get golang.org/x/oauth2
+go get golang.org/x/net/context
+```
+
+Put the package under your project folder and add the following in import:
+
+```golang
+import client "github.com/ory/client-go"
+```
+
+To use a proxy, set the environment variable `HTTP_PROXY`:
+
+```golang
+os.Setenv("HTTP_PROXY", "http://proxy_name:proxy_port")
+```
+
+## Configuration of Server URL
+
+Default configuration comes with `Servers` field that contains server objects as defined in the OpenAPI specification.
+
+### Select Server Configuration
+
+For using other server than the one defined on index 0 set context value `sw.ContextServerIndex` of type `int`.
+
+```golang
+ctx := context.WithValue(context.Background(), client.ContextServerIndex, 1)
+```
+
+### Templated Server URL
+
+Templated server URL is formatted using default variables from configuration or from context value `sw.ContextServerVariables` of type `map[string]string`.
+
+```golang
+ctx := context.WithValue(context.Background(), client.ContextServerVariables, map[string]string{
+	"basePath": "v2",
+})
+```
+
+Note, enum values are always validated and all unused variables are silently ignored.
+
+### URLs Configuration per Operation
+
+Each operation can use different server URL defined using `OperationServers` map in the `Configuration`.
+An operation is uniquely identifield by `"{classname}Service.{nickname}"` string.
+Similar rules for overriding default operation server index and variables applies by using `sw.ContextOperationServerIndices` and `sw.ContextOperationServerVariables` context maps.
+
+```
+ctx := context.WithValue(context.Background(), client.ContextOperationServerIndices, map[string]int{
+	"{classname}Service.{nickname}": 2,
+})
+ctx = context.WithValue(context.Background(), client.ContextOperationServerVariables, map[string]map[string]string{
+	"{classname}Service.{nickname}": {
+		"port": "8443",
+	},
+})
+```
+
+## Documentation for API Endpoints
+
+All URIs are relative to *http://localhost*
+
+Class | Method | HTTP request | Description
+------------ | ------------- | ------------- | -------------
+*MetadataApi* | [**GetVersion**](docs/MetadataApi.md#getversion) | **Get** /version | Return Running Software Version.
+*MetadataApi* | [**IsAlive**](docs/MetadataApi.md#isalive) | **Get** /health/alive | Check HTTP Server Status
+*MetadataApi* | [**IsReady**](docs/MetadataApi.md#isready) | **Get** /health/ready | Check HTTP Server and Database Status
+*V0alpha2Api* | [**AdminCreateIdentity**](docs/V0alpha2Api.md#admincreateidentity) | **Post** /admin/identities | Create an Identity
+*V0alpha2Api* | [**AdminCreateSelfServiceRecoveryCode**](docs/V0alpha2Api.md#admincreateselfservicerecoverycode) | **Post** /admin/recovery/code | Create a Recovery Code
+*V0alpha2Api* | [**AdminCreateSelfServiceRecoveryLink**](docs/V0alpha2Api.md#admincreateselfservicerecoverylink) | **Post** /admin/recovery/link | Create a Recovery Link
+*V0alpha2Api* | [**AdminDeleteIdentity**](docs/V0alpha2Api.md#admindeleteidentity) | **Delete** /admin/identities/{id} | Delete an Identity
+*V0alpha2Api* | [**AdminDeleteIdentitySessions**](docs/V0alpha2Api.md#admindeleteidentitysessions) | **Delete** /admin/identities/{id}/sessions | Delete & Invalidate an Identity's Sessions
+*V0alpha2Api* | [**AdminExtendSession**](docs/V0alpha2Api.md#adminextendsession) | **Patch** /admin/sessions/{id}/extend | Extend a Session
+*V0alpha2Api* | [**AdminGetIdentity**](docs/V0alpha2Api.md#admingetidentity) | **Get** /admin/identities/{id} | Get an Identity
+*V0alpha2Api* | [**AdminGetSession**](docs/V0alpha2Api.md#admingetsession) | **Get** /admin/sessions/{id} | This endpoint returns the session object with expandables specified.
+*V0alpha2Api* | [**AdminListCourierMessages**](docs/V0alpha2Api.md#adminlistcouriermessages) | **Get** /admin/courier/messages | List Messages
+*V0alpha2Api* | [**AdminListIdentities**](docs/V0alpha2Api.md#adminlistidentities) | **Get** /admin/identities | List Identities
+*V0alpha2Api* | [**AdminListIdentitySessions**](docs/V0alpha2Api.md#adminlistidentitysessions) | **Get** /admin/identities/{id}/sessions | List an Identity's Sessions
+*V0alpha2Api* | [**AdminListSessions**](docs/V0alpha2Api.md#adminlistsessions) | **Get** /admin/sessions | This endpoint returns all sessions that exist.
+*V0alpha2Api* | [**AdminPatchIdentity**](docs/V0alpha2Api.md#adminpatchidentity) | **Patch** /admin/identities/{id} | Patch an Identity
+*V0alpha2Api* | [**AdminUpdateIdentity**](docs/V0alpha2Api.md#adminupdateidentity) | **Put** /admin/identities/{id} | Update an Identity
+*V0alpha2Api* | [**CreateSelfServiceLogoutFlowUrlForBrowsers**](docs/V0alpha2Api.md#createselfservicelogoutflowurlforbrowsers) | **Get** /self-service/logout/browser | Create a Logout URL for Browsers
+*V0alpha2Api* | [**GetIdentitySchema**](docs/V0alpha2Api.md#getidentityschema) | **Get** /schemas/{id} | 
+*V0alpha2Api* | [**GetSelfServiceError**](docs/V0alpha2Api.md#getselfserviceerror) | **Get** /self-service/errors | Get Self-Service Errors
+*V0alpha2Api* | [**GetSelfServiceLoginFlow**](docs/V0alpha2Api.md#getselfserviceloginflow) | **Get** /self-service/login/flows | Get Login Flow
+*V0alpha2Api* | [**GetSelfServiceRecoveryFlow**](docs/V0alpha2Api.md#getselfservicerecoveryflow) | **Get** /self-service/recovery/flows | Get Recovery Flow
+*V0alpha2Api* | [**GetSelfServiceRegistrationFlow**](docs/V0alpha2Api.md#getselfserviceregistrationflow) | **Get** /self-service/registration/flows | Get Registration Flow
+*V0alpha2Api* | [**GetSelfServiceSettingsFlow**](docs/V0alpha2Api.md#getselfservicesettingsflow) | **Get** /self-service/settings/flows | Get Settings Flow
+*V0alpha2Api* | [**GetSelfServiceVerificationFlow**](docs/V0alpha2Api.md#getselfserviceverificationflow) | **Get** /self-service/verification/flows | Get Verification Flow
+*V0alpha2Api* | [**GetWebAuthnJavaScript**](docs/V0alpha2Api.md#getwebauthnjavascript) | **Get** /.well-known/ory/webauthn.js | Get WebAuthn JavaScript
+*V0alpha2Api* | [**InitializeSelfServiceLoginFlowForBrowsers**](docs/V0alpha2Api.md#initializeselfserviceloginflowforbrowsers) | **Get** /self-service/login/browser | Initialize Login Flow for Browsers
+*V0alpha2Api* | [**InitializeSelfServiceLoginFlowWithoutBrowser**](docs/V0alpha2Api.md#initializeselfserviceloginflowwithoutbrowser) | **Get** /self-service/login/api | Initialize Login Flow for APIs, Services, Apps, ...
+*V0alpha2Api* | [**InitializeSelfServiceRecoveryFlowForBrowsers**](docs/V0alpha2Api.md#initializeselfservicerecoveryflowforbrowsers) | **Get** /self-service/recovery/browser | Initialize Recovery Flow for Browsers
+*V0alpha2Api* | [**InitializeSelfServiceRecoveryFlowWithoutBrowser**](docs/V0alpha2Api.md#initializeselfservicerecoveryflowwithoutbrowser) | **Get** /self-service/recovery/api | Initialize Recovery Flow for APIs, Services, Apps, ...
+*V0alpha2Api* | [**InitializeSelfServiceRegistrationFlowForBrowsers**](docs/V0alpha2Api.md#initializeselfserviceregistrationflowforbrowsers) | **Get** /self-service/registration/browser | Initialize Registration Flow for Browsers
+*V0alpha2Api* | [**InitializeSelfServiceRegistrationFlowWithoutBrowser**](docs/V0alpha2Api.md#initializeselfserviceregistrationflowwithoutbrowser) | **Get** /self-service/registration/api | Initialize Registration Flow for APIs, Services, Apps, ...
+*V0alpha2Api* | [**InitializeSelfServiceSettingsFlowForBrowsers**](docs/V0alpha2Api.md#initializeselfservicesettingsflowforbrowsers) | **Get** /self-service/settings/browser | Initialize Settings Flow for Browsers
+*V0alpha2Api* | [**InitializeSelfServiceSettingsFlowWithoutBrowser**](docs/V0alpha2Api.md#initializeselfservicesettingsflowwithoutbrowser) | **Get** /self-service/settings/api | Initialize Settings Flow for APIs, Services, Apps, ...
+*V0alpha2Api* | [**InitializeSelfServiceVerificationFlowForBrowsers**](docs/V0alpha2Api.md#initializeselfserviceverificationflowforbrowsers) | **Get** /self-service/verification/browser | Initialize Verification Flow for Browser Clients
+*V0alpha2Api* | [**InitializeSelfServiceVerificationFlowWithoutBrowser**](docs/V0alpha2Api.md#initializeselfserviceverificationflowwithoutbrowser) | **Get** /self-service/verification/api | Initialize Verification Flow for APIs, Services, Apps, ...
+*V0alpha2Api* | [**ListIdentitySchemas**](docs/V0alpha2Api.md#listidentityschemas) | **Get** /schemas | 
+*V0alpha2Api* | [**ListSessions**](docs/V0alpha2Api.md#listsessions) | **Get** /sessions | Get Active Sessions
+*V0alpha2Api* | [**RevokeSession**](docs/V0alpha2Api.md#revokesession) | **Delete** /sessions/{id} | Invalidate a Session
+*V0alpha2Api* | [**RevokeSessions**](docs/V0alpha2Api.md#revokesessions) | **Delete** /sessions | Invalidate all Other Sessions
+*V0alpha2Api* | [**SubmitSelfServiceLoginFlow**](docs/V0alpha2Api.md#submitselfserviceloginflow) | **Post** /self-service/login | Submit a Login Flow
+*V0alpha2Api* | [**SubmitSelfServiceLogoutFlow**](docs/V0alpha2Api.md#submitselfservicelogoutflow) | **Get** /self-service/logout | Complete Self-Service Logout
+*V0alpha2Api* | [**SubmitSelfServiceLogoutFlowWithoutBrowser**](docs/V0alpha2Api.md#submitselfservicelogoutflowwithoutbrowser) | **Delete** /self-service/logout/api | Perform Logout for APIs, Services, Apps, ...
+*V0alpha2Api* | [**SubmitSelfServiceRecoveryFlow**](docs/V0alpha2Api.md#submitselfservicerecoveryflow) | **Post** /self-service/recovery | Complete Recovery Flow
+*V0alpha2Api* | [**SubmitSelfServiceRegistrationFlow**](docs/V0alpha2Api.md#submitselfserviceregistrationflow) | **Post** /self-service/registration | Submit a Registration Flow
+*V0alpha2Api* | [**SubmitSelfServiceSettingsFlow**](docs/V0alpha2Api.md#submitselfservicesettingsflow) | **Post** /self-service/settings | Complete Settings Flow
+*V0alpha2Api* | [**SubmitSelfServiceVerificationFlow**](docs/V0alpha2Api.md#submitselfserviceverificationflow) | **Post** /self-service/verification | Complete Verification Flow
+*V0alpha2Api* | [**ToSession**](docs/V0alpha2Api.md#tosession) | **Get** /sessions/whoami | Check Who the Current HTTP Session Belongs To
+
+
+## Documentation For Models
+
+ - [AdminCreateIdentityBody](docs/AdminCreateIdentityBody.md)
+ - [AdminCreateIdentityImportCredentialsOidc](docs/AdminCreateIdentityImportCredentialsOidc.md)
+ - [AdminCreateIdentityImportCredentialsOidcConfig](docs/AdminCreateIdentityImportCredentialsOidcConfig.md)
+ - [AdminCreateIdentityImportCredentialsOidcProvider](docs/AdminCreateIdentityImportCredentialsOidcProvider.md)
+ - [AdminCreateIdentityImportCredentialsPassword](docs/AdminCreateIdentityImportCredentialsPassword.md)
+ - [AdminCreateIdentityImportCredentialsPasswordConfig](docs/AdminCreateIdentityImportCredentialsPasswordConfig.md)
+ - [AdminCreateSelfServiceRecoveryCodeBody](docs/AdminCreateSelfServiceRecoveryCodeBody.md)
+ - [AdminCreateSelfServiceRecoveryLinkBody](docs/AdminCreateSelfServiceRecoveryLinkBody.md)
+ - [AdminIdentityImportCredentials](docs/AdminIdentityImportCredentials.md)
+ - [AdminUpdateIdentityBody](docs/AdminUpdateIdentityBody.md)
+ - [AuthenticatorAssuranceLevel](docs/AuthenticatorAssuranceLevel.md)
+ - [CourierMessageStatus](docs/CourierMessageStatus.md)
+ - [CourierMessageType](docs/CourierMessageType.md)
+ - [ErrorAuthenticatorAssuranceLevelNotSatisfied](docs/ErrorAuthenticatorAssuranceLevelNotSatisfied.md)
+ - [GenericError](docs/GenericError.md)
+ - [GetVersion200Response](docs/GetVersion200Response.md)
+ - [HealthNotReadyStatus](docs/HealthNotReadyStatus.md)
+ - [HealthStatus](docs/HealthStatus.md)
+ - [Identity](docs/Identity.md)
+ - [IdentityCredentials](docs/IdentityCredentials.md)
+ - [IdentityCredentialsOidc](docs/IdentityCredentialsOidc.md)
+ - [IdentityCredentialsOidcProvider](docs/IdentityCredentialsOidcProvider.md)
+ - [IdentityCredentialsPassword](docs/IdentityCredentialsPassword.md)
+ - [IdentityCredentialsType](docs/IdentityCredentialsType.md)
+ - [IdentitySchemaContainer](docs/IdentitySchemaContainer.md)
+ - [IdentityState](docs/IdentityState.md)
+ - [IsAlive200Response](docs/IsAlive200Response.md)
+ - [IsReady503Response](docs/IsReady503Response.md)
+ - [JsonError](docs/JsonError.md)
+ - [JsonPatch](docs/JsonPatch.md)
+ - [LoginRequest](docs/LoginRequest.md)
+ - [Message](docs/Message.md)
+ - [NeedsPrivilegedSessionError](docs/NeedsPrivilegedSessionError.md)
+ - [OAuth2Client](docs/OAuth2Client.md)
+ - [OpenIDConnectContext](docs/OpenIDConnectContext.md)
+ - [Pagination](docs/Pagination.md)
+ - [RecoveryIdentityAddress](docs/RecoveryIdentityAddress.md)
+ - [RevokedSessions](docs/RevokedSessions.md)
+ - [SelfServiceBrowserLocationChangeRequiredError](docs/SelfServiceBrowserLocationChangeRequiredError.md)
+ - [SelfServiceError](docs/SelfServiceError.md)
+ - [SelfServiceFlowExpiredError](docs/SelfServiceFlowExpiredError.md)
+ - [SelfServiceLoginFlow](docs/SelfServiceLoginFlow.md)
+ - [SelfServiceLogoutUrl](docs/SelfServiceLogoutUrl.md)
+ - [SelfServiceRecoveryCode](docs/SelfServiceRecoveryCode.md)
+ - [SelfServiceRecoveryFlow](docs/SelfServiceRecoveryFlow.md)
+ - [SelfServiceRecoveryFlowState](docs/SelfServiceRecoveryFlowState.md)
+ - [SelfServiceRecoveryLink](docs/SelfServiceRecoveryLink.md)
+ - [SelfServiceRegistrationFlow](docs/SelfServiceRegistrationFlow.md)
+ - [SelfServiceSettingsFlow](docs/SelfServiceSettingsFlow.md)
+ - [SelfServiceSettingsFlowState](docs/SelfServiceSettingsFlowState.md)
+ - [SelfServiceVerificationFlow](docs/SelfServiceVerificationFlow.md)
+ - [SelfServiceVerificationFlowState](docs/SelfServiceVerificationFlowState.md)
+ - [Session](docs/Session.md)
+ - [SessionAuthenticationMethod](docs/SessionAuthenticationMethod.md)
+ - [SessionDevice](docs/SessionDevice.md)
+ - [SettingsProfileFormConfig](docs/SettingsProfileFormConfig.md)
+ - [SubmitSelfServiceFlowWithWebAuthnRegistrationMethod](docs/SubmitSelfServiceFlowWithWebAuthnRegistrationMethod.md)
+ - [SubmitSelfServiceLoginFlowBody](docs/SubmitSelfServiceLoginFlowBody.md)
+ - [SubmitSelfServiceLoginFlowWithLookupSecretMethodBody](docs/SubmitSelfServiceLoginFlowWithLookupSecretMethodBody.md)
+ - [SubmitSelfServiceLoginFlowWithOidcMethodBody](docs/SubmitSelfServiceLoginFlowWithOidcMethodBody.md)
+ - [SubmitSelfServiceLoginFlowWithPasswordMethodBody](docs/SubmitSelfServiceLoginFlowWithPasswordMethodBody.md)
+ - [SubmitSelfServiceLoginFlowWithTotpMethodBody](docs/SubmitSelfServiceLoginFlowWithTotpMethodBody.md)
+ - [SubmitSelfServiceLoginFlowWithWebAuthnMethodBody](docs/SubmitSelfServiceLoginFlowWithWebAuthnMethodBody.md)
+ - [SubmitSelfServiceLogoutFlowWithoutBrowserBody](docs/SubmitSelfServiceLogoutFlowWithoutBrowserBody.md)
+ - [SubmitSelfServiceRecoveryFlowBody](docs/SubmitSelfServiceRecoveryFlowBody.md)
+ - [SubmitSelfServiceRecoveryFlowWithCodeMethodBody](docs/SubmitSelfServiceRecoveryFlowWithCodeMethodBody.md)
+ - [SubmitSelfServiceRecoveryFlowWithLinkMethodBody](docs/SubmitSelfServiceRecoveryFlowWithLinkMethodBody.md)
+ - [SubmitSelfServiceRegistrationFlowBody](docs/SubmitSelfServiceRegistrationFlowBody.md)
+ - [SubmitSelfServiceRegistrationFlowWithOidcMethodBody](docs/SubmitSelfServiceRegistrationFlowWithOidcMethodBody.md)
+ - [SubmitSelfServiceRegistrationFlowWithPasswordMethodBody](docs/SubmitSelfServiceRegistrationFlowWithPasswordMethodBody.md)
+ - [SubmitSelfServiceRegistrationFlowWithWebAuthnMethodBody](docs/SubmitSelfServiceRegistrationFlowWithWebAuthnMethodBody.md)
+ - [SubmitSelfServiceSettingsFlowBody](docs/SubmitSelfServiceSettingsFlowBody.md)
+ - [SubmitSelfServiceSettingsFlowWithLookupMethodBody](docs/SubmitSelfServiceSettingsFlowWithLookupMethodBody.md)
+ - [SubmitSelfServiceSettingsFlowWithOidcMethodBody](docs/SubmitSelfServiceSettingsFlowWithOidcMethodBody.md)
+ - [SubmitSelfServiceSettingsFlowWithPasswordMethodBody](docs/SubmitSelfServiceSettingsFlowWithPasswordMethodBody.md)
+ - [SubmitSelfServiceSettingsFlowWithProfileMethodBody](docs/SubmitSelfServiceSettingsFlowWithProfileMethodBody.md)
+ - [SubmitSelfServiceSettingsFlowWithTotpMethodBody](docs/SubmitSelfServiceSettingsFlowWithTotpMethodBody.md)
+ - [SubmitSelfServiceSettingsFlowWithWebAuthnMethodBody](docs/SubmitSelfServiceSettingsFlowWithWebAuthnMethodBody.md)
+ - [SubmitSelfServiceVerificationFlowBody](docs/SubmitSelfServiceVerificationFlowBody.md)
+ - [SubmitSelfServiceVerificationFlowWithLinkMethodBody](docs/SubmitSelfServiceVerificationFlowWithLinkMethodBody.md)
+ - [SuccessfulSelfServiceLoginWithoutBrowser](docs/SuccessfulSelfServiceLoginWithoutBrowser.md)
+ - [SuccessfulSelfServiceRegistrationWithoutBrowser](docs/SuccessfulSelfServiceRegistrationWithoutBrowser.md)
+ - [TokenPagination](docs/TokenPagination.md)
+ - [TokenPaginationHeaders](docs/TokenPaginationHeaders.md)
+ - [UiContainer](docs/UiContainer.md)
+ - [UiNode](docs/UiNode.md)
+ - [UiNodeAnchorAttributes](docs/UiNodeAnchorAttributes.md)
+ - [UiNodeAttributes](docs/UiNodeAttributes.md)
+ - [UiNodeImageAttributes](docs/UiNodeImageAttributes.md)
+ - [UiNodeInputAttributes](docs/UiNodeInputAttributes.md)
+ - [UiNodeMeta](docs/UiNodeMeta.md)
+ - [UiNodeScriptAttributes](docs/UiNodeScriptAttributes.md)
+ - [UiNodeTextAttributes](docs/UiNodeTextAttributes.md)
+ - [UiText](docs/UiText.md)
+ - [VerifiableIdentityAddress](docs/VerifiableIdentityAddress.md)
+ - [Version](docs/Version.md)
+
+
+## Documentation For Authorization
+
+
+
+### oryAccessToken
+
+- **Type**: API key
+- **API key parameter name**: Authorization
+- **Location**: HTTP header
+
+Note, each API key must be added to a map of `map[string]APIKey` where the key is: Authorization and passed in as the auth context for each request.
+
+
+## Documentation for Utility Methods
+
+Due to the fact that model structure members are all pointers, this package contains
+a number of utility functions to easily obtain pointers to values of basic types.
+Each of these functions takes a value of the given basic type and returns a pointer to it:
+
+* `PtrBool`
+* `PtrInt`
+* `PtrInt32`
+* `PtrInt64`
+* `PtrFloat`
+* `PtrFloat32`
+* `PtrFloat64`
+* `PtrString`
+* `PtrTime`
+
+## Author
+
+hi@ory.sh
+
diff --git a/internal/client-go/api/openapi.yaml b/internal/client-go/api/openapi.yaml
new file mode 100644
index 000000000000..57b2cffbf9a7
--- /dev/null
+++ b/internal/client-go/api/openapi.yaml
@@ -0,0 +1,7074 @@
+openapi: 3.0.3
+info:
+  contact:
+    email: hi@ory.sh
+  description: |
+    Documentation for all public and administrative Ory Kratos APIs. Public and administrative APIs
+    are exposed on different ports. Public APIs can face the public internet without any protection
+    while administrative APIs should never be exposed without prior authorization. To protect
+    the administative API port you should use something like Nginx, Ory Oathkeeper, or any other
+    technology capable of authorizing incoming requests.
+  license:
+    name: Apache 2.0
+  title: Ory Kratos API
+  version: ""
+servers:
+- url: /
+paths:
+  /.well-known/ory/webauthn.js:
+    get:
+      description: |-
+        This endpoint provides JavaScript which is needed in order to perform WebAuthn login and registration.
+
+        If you are building a JavaScript Browser App (e.g. in ReactJS or AngularJS) you will need to load this file:
+
+        ```html
+